search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mmc: convert to idr_alloc()
[linux-2.6.git] / net / bluetooth / hci_event.c
blob477726a63512e0160fb550f7c83861266ad585b7
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39 __u8 status = *((__u8 *) skb->data);
40
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
47 return;
48 }
49
50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
57
58 hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63 __u8 status = *((__u8 *) skb->data);
64
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75 __u8 status = *((__u8 *) skb->data);
76
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79 if (status)
80 return;
81
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84 hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
89 {
90 BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
111 }
112
113 hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
139 void *sent;
140
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143 if (rp->status)
144 return;
145
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
149
150 hci_dev_lock(hdev);
151
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 if (conn)
154 conn->link_policy = get_unaligned_le16(sent + 2);
155
156 hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
161 {
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
174 {
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 }
189
190 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191 {
192 __u8 status = *((__u8 *) skb->data);
193
194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
195
196 clear_bit(HCI_RESET, &hdev->flags);
197
198 hci_req_complete(hdev, HCI_OP_RESET, status);
199
200 /* Reset all non-persistent flags */
201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
203
204 hdev->discovery.state = DISCOVERY_STOPPED;
205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
207
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
210 }
211
212 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213 {
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
216
217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
218
219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
222
223 hci_dev_lock(hdev);
224
225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
229
230 hci_dev_unlock(hdev);
231
232 if (!status && !test_bit(HCI_INIT, &hdev->flags))
233 hci_update_ad(hdev);
234
235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
236 }
237
238 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
239 {
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
241
242 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
243
244 if (rp->status)
245 return;
246
247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
249 }
250
251 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252 {
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
255
256 BT_DBG("%s status 0x%2.2x", hdev->name, status);
257
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
259 if (!sent)
260 return;
261
262 if (!status) {
263 __u8 param = *((__u8 *) sent);
264
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
267 else
268 clear_bit(HCI_AUTH, &hdev->flags);
269 }
270
271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
273
274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
275 }
276
277 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
278 {
279 __u8 status = *((__u8 *) skb->data);
280 void *sent;
281
282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
283
284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
285 if (!sent)
286 return;
287
288 if (!status) {
289 __u8 param = *((__u8 *) sent);
290
291 if (param)
292 set_bit(HCI_ENCRYPT, &hdev->flags);
293 else
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
295 }
296
297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
298 }
299
300 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
301 {
302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
304 void *sent;
305
306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
307
308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
309 if (!sent)
310 return;
311
312 param = *((__u8 *) sent);
313
314 hci_dev_lock(hdev);
315
316 if (status) {
317 mgmt_write_scan_failed(hdev, param, status);
318 hdev->discov_timeout = 0;
319 goto done;
320 }
321
322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
324
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
327 if (!old_iscan)
328 mgmt_discoverable(hdev, 1);
329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
332 to);
333 }
334 } else if (old_iscan)
335 mgmt_discoverable(hdev, 0);
336
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
339 if (!old_pscan)
340 mgmt_connectable(hdev, 1);
341 } else if (old_pscan)
342 mgmt_connectable(hdev, 0);
343
344 done:
345 hci_dev_unlock(hdev);
346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
347 }
348
349 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350 {
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
352
353 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
354
355 if (rp->status)
356 return;
357
358 memcpy(hdev->dev_class, rp->dev_class, 3);
359
360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
362 }
363
364 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
365 {
366 __u8 status = *((__u8 *) skb->data);
367 void *sent;
368
369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
370
371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
372 if (!sent)
373 return;
374
375 hci_dev_lock(hdev);
376
377 if (status == 0)
378 memcpy(hdev->dev_class, sent, 3);
379
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
382
383 hci_dev_unlock(hdev);
384 }
385
386 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387 {
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
389 __u16 setting;
390
391 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
392
393 if (rp->status)
394 return;
395
396 setting = __le16_to_cpu(rp->voice_setting);
397
398 if (hdev->voice_setting == setting)
399 return;
400
401 hdev->voice_setting = setting;
402
403 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
404
405 if (hdev->notify)
406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
407 }
408
409 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
410 struct sk_buff *skb)
411 {
412 __u8 status = *((__u8 *) skb->data);
413 __u16 setting;
414 void *sent;
415
416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
417
418 if (status)
419 return;
420
421 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
422 if (!sent)
423 return;
424
425 setting = get_unaligned_le16(sent);
426
427 if (hdev->voice_setting == setting)
428 return;
429
430 hdev->voice_setting = setting;
431
432 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
433
434 if (hdev->notify)
435 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
436 }
437
438 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
439 {
440 __u8 status = *((__u8 *) skb->data);
441
442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443
444 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
445 }
446
447 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
448 {
449 __u8 status = *((__u8 *) skb->data);
450 struct hci_cp_write_ssp_mode *sent;
451
452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
453
454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
455 if (!sent)
456 return;
457
458 if (!status) {
459 if (sent->mode)
460 hdev->host_features[0] |= LMP_HOST_SSP;
461 else
462 hdev->host_features[0] &= ~LMP_HOST_SSP;
463 }
464
465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
466 mgmt_ssp_enable_complete(hdev, sent->mode, status);
467 else if (!status) {
468 if (sent->mode)
469 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 else
471 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
472 }
473 }
474
475 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
476 {
477 if (lmp_ext_inq_capable(hdev))
478 return 2;
479
480 if (lmp_inq_rssi_capable(hdev))
481 return 1;
482
483 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
484 hdev->lmp_subver == 0x0757)
485 return 1;
486
487 if (hdev->manufacturer == 15) {
488 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
489 return 1;
490 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
491 return 1;
492 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
493 return 1;
494 }
495
496 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
497 hdev->lmp_subver == 0x1805)
498 return 1;
499
500 return 0;
501 }
502
503 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
504 {
505 u8 mode;
506
507 mode = hci_get_inquiry_mode(hdev);
508
509 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
510 }
511
512 static void hci_setup_event_mask(struct hci_dev *hdev)
513 {
514 /* The second byte is 0xff instead of 0x9f (two reserved bits
515 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
516 * command otherwise */
517 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
518
519 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
520 * any event mask for pre 1.2 devices */
521 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
522 return;
523
524 if (lmp_bredr_capable(hdev)) {
525 events[4] |= 0x01; /* Flow Specification Complete */
526 events[4] |= 0x02; /* Inquiry Result with RSSI */
527 events[4] |= 0x04; /* Read Remote Extended Features Complete */
528 events[5] |= 0x08; /* Synchronous Connection Complete */
529 events[5] |= 0x10; /* Synchronous Connection Changed */
530 }
531
532 if (lmp_inq_rssi_capable(hdev))
533 events[4] |= 0x02; /* Inquiry Result with RSSI */
534
535 if (lmp_sniffsubr_capable(hdev))
536 events[5] |= 0x20; /* Sniff Subrating */
537
538 if (lmp_pause_enc_capable(hdev))
539 events[5] |= 0x80; /* Encryption Key Refresh Complete */
540
541 if (lmp_ext_inq_capable(hdev))
542 events[5] |= 0x40; /* Extended Inquiry Result */
543
544 if (lmp_no_flush_capable(hdev))
545 events[7] |= 0x01; /* Enhanced Flush Complete */
546
547 if (lmp_lsto_capable(hdev))
548 events[6] |= 0x80; /* Link Supervision Timeout Changed */
549
550 if (lmp_ssp_capable(hdev)) {
551 events[6] |= 0x01; /* IO Capability Request */
552 events[6] |= 0x02; /* IO Capability Response */
553 events[6] |= 0x04; /* User Confirmation Request */
554 events[6] |= 0x08; /* User Passkey Request */
555 events[6] |= 0x10; /* Remote OOB Data Request */
556 events[6] |= 0x20; /* Simple Pairing Complete */
557 events[7] |= 0x04; /* User Passkey Notification */
558 events[7] |= 0x08; /* Keypress Notification */
559 events[7] |= 0x10; /* Remote Host Supported
560 * Features Notification */
561 }
562
563 if (lmp_le_capable(hdev))
564 events[7] |= 0x20; /* LE Meta-Event */
565
566 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
567
568 if (lmp_le_capable(hdev)) {
569 memset(events, 0, sizeof(events));
570 events[0] = 0x1f;
571 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
572 sizeof(events), events);
573 }
574 }
575
576 static void bredr_setup(struct hci_dev *hdev)
577 {
578 struct hci_cp_delete_stored_link_key cp;
579 __le16 param;
580 __u8 flt_type;
581
582 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
583 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
584
585 /* Read Class of Device */
586 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
587
588 /* Read Local Name */
589 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
590
591 /* Read Voice Setting */
592 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
593
594 /* Clear Event Filters */
595 flt_type = HCI_FLT_CLEAR_ALL;
596 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
597
598 /* Connection accept timeout ~20 secs */
599 param = __constant_cpu_to_le16(0x7d00);
600 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
601
602 bacpy(&cp.bdaddr, BDADDR_ANY);
603 cp.delete_all = 1;
604 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
605 }
606
607 static void le_setup(struct hci_dev *hdev)
608 {
609 /* Read LE Buffer Size */
610 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
611
612 /* Read LE Local Supported Features */
613 hci_send_cmd(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
614
615 /* Read LE Advertising Channel TX Power */
616 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
617
618 /* Read LE White List Size */
619 hci_send_cmd(hdev, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
620
621 /* Read LE Supported States */
622 hci_send_cmd(hdev, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
623 }
624
625 static void hci_setup(struct hci_dev *hdev)
626 {
627 if (hdev->dev_type != HCI_BREDR)
628 return;
629
630 /* Read BD Address */
631 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
632
633 if (lmp_bredr_capable(hdev))
634 bredr_setup(hdev);
635
636 if (lmp_le_capable(hdev))
637 le_setup(hdev);
638
639 hci_setup_event_mask(hdev);
640
641 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
642 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
643
644 if (lmp_ssp_capable(hdev)) {
645 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
646 u8 mode = 0x01;
647 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
648 sizeof(mode), &mode);
649 } else {
650 struct hci_cp_write_eir cp;
651
652 memset(hdev->eir, 0, sizeof(hdev->eir));
653 memset(&cp, 0, sizeof(cp));
654
655 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
656 }
657 }
658
659 if (lmp_inq_rssi_capable(hdev))
660 hci_setup_inquiry_mode(hdev);
661
662 if (lmp_inq_tx_pwr_capable(hdev))
663 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
664
665 if (lmp_ext_feat_capable(hdev)) {
666 struct hci_cp_read_local_ext_features cp;
667
668 cp.page = 0x01;
669 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
670 &cp);
671 }
672
673 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
674 u8 enable = 1;
675 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
676 &enable);
677 }
678 }
679
680 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
681 {
682 struct hci_rp_read_local_version *rp = (void *) skb->data;
683
684 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
685
686 if (rp->status)
687 goto done;
688
689 hdev->hci_ver = rp->hci_ver;
690 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
691 hdev->lmp_ver = rp->lmp_ver;
692 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
693 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
694
695 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
696 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
697
698 if (test_bit(HCI_INIT, &hdev->flags))
699 hci_setup(hdev);
700
701 done:
702 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
703 }
704
705 static void hci_setup_link_policy(struct hci_dev *hdev)
706 {
707 struct hci_cp_write_def_link_policy cp;
708 u16 link_policy = 0;
709
710 if (lmp_rswitch_capable(hdev))
711 link_policy |= HCI_LP_RSWITCH;
712 if (lmp_hold_capable(hdev))
713 link_policy |= HCI_LP_HOLD;
714 if (lmp_sniff_capable(hdev))
715 link_policy |= HCI_LP_SNIFF;
716 if (lmp_park_capable(hdev))
717 link_policy |= HCI_LP_PARK;
718
719 cp.policy = cpu_to_le16(link_policy);
720 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
721 }
722
723 static void hci_cc_read_local_commands(struct hci_dev *hdev,
724 struct sk_buff *skb)
725 {
726 struct hci_rp_read_local_commands *rp = (void *) skb->data;
727
728 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729
730 if (rp->status)
731 goto done;
732
733 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
734
735 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
736 hci_setup_link_policy(hdev);
737
738 done:
739 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
740 }
741
742 static void hci_cc_read_local_features(struct hci_dev *hdev,
743 struct sk_buff *skb)
744 {
745 struct hci_rp_read_local_features *rp = (void *) skb->data;
746
747 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
748
749 if (rp->status)
750 return;
751
752 memcpy(hdev->features, rp->features, 8);
753
754 /* Adjust default settings according to features
755 * supported by device. */
756
757 if (hdev->features[0] & LMP_3SLOT)
758 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
759
760 if (hdev->features[0] & LMP_5SLOT)
761 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
762
763 if (hdev->features[1] & LMP_HV2) {
764 hdev->pkt_type |= (HCI_HV2);
765 hdev->esco_type |= (ESCO_HV2);
766 }
767
768 if (hdev->features[1] & LMP_HV3) {
769 hdev->pkt_type |= (HCI_HV3);
770 hdev->esco_type |= (ESCO_HV3);
771 }
772
773 if (lmp_esco_capable(hdev))
774 hdev->esco_type |= (ESCO_EV3);
775
776 if (hdev->features[4] & LMP_EV4)
777 hdev->esco_type |= (ESCO_EV4);
778
779 if (hdev->features[4] & LMP_EV5)
780 hdev->esco_type |= (ESCO_EV5);
781
782 if (hdev->features[5] & LMP_EDR_ESCO_2M)
783 hdev->esco_type |= (ESCO_2EV3);
784
785 if (hdev->features[5] & LMP_EDR_ESCO_3M)
786 hdev->esco_type |= (ESCO_3EV3);
787
788 if (hdev->features[5] & LMP_EDR_3S_ESCO)
789 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
790
791 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
792 hdev->features[0], hdev->features[1],
793 hdev->features[2], hdev->features[3],
794 hdev->features[4], hdev->features[5],
795 hdev->features[6], hdev->features[7]);
796 }
797
798 static void hci_set_le_support(struct hci_dev *hdev)
799 {
800 struct hci_cp_write_le_host_supported cp;
801
802 memset(&cp, 0, sizeof(cp));
803
804 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
805 cp.le = 1;
806 cp.simul = lmp_le_br_capable(hdev);
807 }
808
809 if (cp.le != lmp_host_le_capable(hdev))
810 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
811 &cp);
812 }
813
814 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
815 struct sk_buff *skb)
816 {
817 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
818
819 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
820
821 if (rp->status)
822 goto done;
823
824 switch (rp->page) {
825 case 0:
826 memcpy(hdev->features, rp->features, 8);
827 break;
828 case 1:
829 memcpy(hdev->host_features, rp->features, 8);
830 break;
831 }
832
833 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
834 hci_set_le_support(hdev);
835
836 done:
837 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
838 }
839
840 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
841 struct sk_buff *skb)
842 {
843 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
844
845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
846
847 if (rp->status)
848 return;
849
850 hdev->flow_ctl_mode = rp->mode;
851
852 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
853 }
854
855 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
856 {
857 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
858
859 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
860
861 if (rp->status)
862 return;
863
864 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
865 hdev->sco_mtu = rp->sco_mtu;
866 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
867 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
868
869 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
870 hdev->sco_mtu = 64;
871 hdev->sco_pkts = 8;
872 }
873
874 hdev->acl_cnt = hdev->acl_pkts;
875 hdev->sco_cnt = hdev->sco_pkts;
876
877 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
878 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
879 }
880
881 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
882 {
883 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
884
885 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
886
887 if (!rp->status)
888 bacpy(&hdev->bdaddr, &rp->bdaddr);
889
890 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
891 }
892
893 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
894 struct sk_buff *skb)
895 {
896 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
897
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899
900 if (rp->status)
901 return;
902
903 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
904 hdev->block_len = __le16_to_cpu(rp->block_len);
905 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
906
907 hdev->block_cnt = hdev->num_blocks;
908
909 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
910 hdev->block_cnt, hdev->block_len);
911
912 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
913 }
914
915 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
916 {
917 __u8 status = *((__u8 *) skb->data);
918
919 BT_DBG("%s status 0x%2.2x", hdev->name, status);
920
921 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
922 }
923
924 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
925 struct sk_buff *skb)
926 {
927 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
928
929 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930
931 if (rp->status)
932 goto a2mp_rsp;
933
934 hdev->amp_status = rp->amp_status;
935 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
936 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
937 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
938 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
939 hdev->amp_type = rp->amp_type;
940 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
941 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
942 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
943 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
944
945 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
946
947 a2mp_rsp:
948 a2mp_send_getinfo_rsp(hdev);
949 }
950
951 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
952 struct sk_buff *skb)
953 {
954 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
955 struct amp_assoc *assoc = &hdev->loc_assoc;
956 size_t rem_len, frag_len;
957
958 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
959
960 if (rp->status)
961 goto a2mp_rsp;
962
963 frag_len = skb->len - sizeof(*rp);
964 rem_len = __le16_to_cpu(rp->rem_len);
965
966 if (rem_len > frag_len) {
967 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
968
969 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
970 assoc->offset += frag_len;
971
972 /* Read other fragments */
973 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
974
975 return;
976 }
977
978 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
979 assoc->len = assoc->offset + rem_len;
980 assoc->offset = 0;
981
982 a2mp_rsp:
983 /* Send A2MP Rsp when all fragments are received */
984 a2mp_send_getampassoc_rsp(hdev, rp->status);
985 a2mp_send_create_phy_link_req(hdev, rp->status);
986 }
987
988 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
989 struct sk_buff *skb)
990 {
991 __u8 status = *((__u8 *) skb->data);
992
993 BT_DBG("%s status 0x%2.2x", hdev->name, status);
994
995 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
996 }
997
998 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
999 {
1000 __u8 status = *((__u8 *) skb->data);
1001
1002 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1003
1004 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
1005 }
1006
1007 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
1008 struct sk_buff *skb)
1009 {
1010 __u8 status = *((__u8 *) skb->data);
1011
1012 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1013
1014 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
1015 }
1016
1017 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
1018 struct sk_buff *skb)
1019 {
1020 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
1021
1022 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1023
1024 if (!rp->status)
1025 hdev->inq_tx_power = rp->tx_power;
1026
1027 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
1028 }
1029
1030 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1031 {
1032 __u8 status = *((__u8 *) skb->data);
1033
1034 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1035
1036 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1037 }
1038
1039 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1040 {
1041 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1042 struct hci_cp_pin_code_reply *cp;
1043 struct hci_conn *conn;
1044
1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1046
1047 hci_dev_lock(hdev);
1048
1049 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1050 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
1051
1052 if (rp->status)
1053 goto unlock;
1054
1055 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1056 if (!cp)
1057 goto unlock;
1058
1059 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1060 if (conn)
1061 conn->pin_length = cp->pin_len;
1062
1063 unlock:
1064 hci_dev_unlock(hdev);
1065 }
1066
1067 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1068 {
1069 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1070
1071 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1072
1073 hci_dev_lock(hdev);
1074
1075 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1076 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
1077 rp->status);
1078
1079 hci_dev_unlock(hdev);
1080 }
1081
1082 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1083 struct sk_buff *skb)
1084 {
1085 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1086
1087 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1088
1089 if (rp->status)
1090 return;
1091
1092 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1093 hdev->le_pkts = rp->le_max_pkt;
1094
1095 hdev->le_cnt = hdev->le_pkts;
1096
1097 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1098
1099 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1100 }
1101
1102 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1103 struct sk_buff *skb)
1104 {
1105 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1106
1107 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1108
1109 if (!rp->status)
1110 memcpy(hdev->le_features, rp->features, 8);
1111
1112 hci_req_complete(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, rp->status);
1113 }
1114
1115 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1116 struct sk_buff *skb)
1117 {
1118 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1119
1120 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1121
1122 if (!rp->status) {
1123 hdev->adv_tx_power = rp->tx_power;
1124 if (!test_bit(HCI_INIT, &hdev->flags))
1125 hci_update_ad(hdev);
1126 }
1127
1128 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1129 }
1130
1131 static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1132 {
1133 __u8 status = *((__u8 *) skb->data);
1134
1135 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136
1137 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1138 }
1139
1140 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1141 {
1142 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1143
1144 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1145
1146 hci_dev_lock(hdev);
1147
1148 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1149 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1150 rp->status);
1151
1152 hci_dev_unlock(hdev);
1153 }
1154
1155 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1156 struct sk_buff *skb)
1157 {
1158 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1159
1160 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1161
1162 hci_dev_lock(hdev);
1163
1164 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1165 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1166 ACL_LINK, 0, rp->status);
1167
1168 hci_dev_unlock(hdev);
1169 }
1170
1171 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1172 {
1173 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1174
1175 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1176
1177 hci_dev_lock(hdev);
1178
1179 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1180 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1181 0, rp->status);
1182
1183 hci_dev_unlock(hdev);
1184 }
1185
1186 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1187 struct sk_buff *skb)
1188 {
1189 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1190
1191 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1192
1193 hci_dev_lock(hdev);
1194
1195 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1196 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1197 ACL_LINK, 0, rp->status);
1198
1199 hci_dev_unlock(hdev);
1200 }
1201
1202 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1203 struct sk_buff *skb)
1204 {
1205 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1206
1207 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1208
1209 hci_dev_lock(hdev);
1210 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1211 rp->randomizer, rp->status);
1212 hci_dev_unlock(hdev);
1213 }
1214
1215 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1216 {
1217 __u8 *sent, status = *((__u8 *) skb->data);
1218
1219 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1220
1221 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1222 if (!sent)
1223 return;
1224
1225 hci_dev_lock(hdev);
1226
1227 if (!status) {
1228 if (*sent)
1229 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1230 else
1231 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1232 }
1233
1234 hci_dev_unlock(hdev);
1235
1236 if (!test_bit(HCI_INIT, &hdev->flags))
1237 hci_update_ad(hdev);
1238
1239 hci_req_complete(hdev, HCI_OP_LE_SET_ADV_ENABLE, status);
1240 }
1241
1242 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1243 {
1244 __u8 status = *((__u8 *) skb->data);
1245
1246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1247
1248 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1249
1250 if (status) {
1251 hci_dev_lock(hdev);
1252 mgmt_start_discovery_failed(hdev, status);
1253 hci_dev_unlock(hdev);
1254 return;
1255 }
1256 }
1257
1258 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1259 struct sk_buff *skb)
1260 {
1261 struct hci_cp_le_set_scan_enable *cp;
1262 __u8 status = *((__u8 *) skb->data);
1263
1264 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1265
1266 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1267 if (!cp)
1268 return;
1269
1270 switch (cp->enable) {
1271 case LE_SCANNING_ENABLED:
1272 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1273
1274 if (status) {
1275 hci_dev_lock(hdev);
1276 mgmt_start_discovery_failed(hdev, status);
1277 hci_dev_unlock(hdev);
1278 return;
1279 }
1280
1281 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1282
1283 hci_dev_lock(hdev);
1284 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1285 hci_dev_unlock(hdev);
1286 break;
1287
1288 case LE_SCANNING_DISABLED:
1289 if (status) {
1290 hci_dev_lock(hdev);
1291 mgmt_stop_discovery_failed(hdev, status);
1292 hci_dev_unlock(hdev);
1293 return;
1294 }
1295
1296 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1297
1298 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1299 hdev->discovery.state == DISCOVERY_FINDING) {
1300 mgmt_interleaved_discovery(hdev);
1301 } else {
1302 hci_dev_lock(hdev);
1303 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1304 hci_dev_unlock(hdev);
1305 }
1306
1307 break;
1308
1309 default:
1310 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1311 break;
1312 }
1313 }
1314
1315 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1316 struct sk_buff *skb)
1317 {
1318 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1319
1320 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1321
1322 if (!rp->status)
1323 hdev->le_white_list_size = rp->size;
1324
1325 hci_req_complete(hdev, HCI_OP_LE_READ_WHITE_LIST_SIZE, rp->status);
1326 }
1327
1328 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1329 {
1330 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1331
1332 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1333
1334 if (rp->status)
1335 return;
1336
1337 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1338 }
1339
1340 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1341 {
1342 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1343
1344 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1345
1346 if (rp->status)
1347 return;
1348
1349 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1350 }
1351
1352 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1353 struct sk_buff *skb)
1354 {
1355 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1356
1357 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1358
1359 if (!rp->status)
1360 memcpy(hdev->le_states, rp->le_states, 8);
1361
1362 hci_req_complete(hdev, HCI_OP_LE_READ_SUPPORTED_STATES, rp->status);
1363 }
1364
1365 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1366 struct sk_buff *skb)
1367 {
1368 struct hci_cp_write_le_host_supported *sent;
1369 __u8 status = *((__u8 *) skb->data);
1370
1371 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1372
1373 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1374 if (!sent)
1375 return;
1376
1377 if (!status) {
1378 if (sent->le)
1379 hdev->host_features[0] |= LMP_HOST_LE;
1380 else
1381 hdev->host_features[0] &= ~LMP_HOST_LE;
1382
1383 if (sent->simul)
1384 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1385 else
1386 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1387 }
1388
1389 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1390 !test_bit(HCI_INIT, &hdev->flags))
1391 mgmt_le_enable_complete(hdev, sent->le, status);
1392
1393 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1394 }
1395
1396 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1397 struct sk_buff *skb)
1398 {
1399 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1400
1401 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1402 hdev->name, rp->status, rp->phy_handle);
1403
1404 if (rp->status)
1405 return;
1406
1407 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1408 }
1409
1410 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1411 {
1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1413
1414 if (status) {
1415 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1416 hci_conn_check_pending(hdev);
1417 hci_dev_lock(hdev);
1418 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1419 mgmt_start_discovery_failed(hdev, status);
1420 hci_dev_unlock(hdev);
1421 return;
1422 }
1423
1424 set_bit(HCI_INQUIRY, &hdev->flags);
1425
1426 hci_dev_lock(hdev);
1427 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1428 hci_dev_unlock(hdev);
1429 }
1430
1431 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1432 {
1433 struct hci_cp_create_conn *cp;
1434 struct hci_conn *conn;
1435
1436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1437
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1439 if (!cp)
1440 return;
1441
1442 hci_dev_lock(hdev);
1443
1444 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1445
1446 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1447
1448 if (status) {
1449 if (conn && conn->state == BT_CONNECT) {
1450 if (status != 0x0c || conn->attempt > 2) {
1451 conn->state = BT_CLOSED;
1452 hci_proto_connect_cfm(conn, status);
1453 hci_conn_del(conn);
1454 } else
1455 conn->state = BT_CONNECT2;
1456 }
1457 } else {
1458 if (!conn) {
1459 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1460 if (conn) {
1461 conn->out = true;
1462 conn->link_mode |= HCI_LM_MASTER;
1463 } else
1464 BT_ERR("No memory for new connection");
1465 }
1466 }
1467
1468 hci_dev_unlock(hdev);
1469 }
1470
1471 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1472 {
1473 struct hci_cp_add_sco *cp;
1474 struct hci_conn *acl, *sco;
1475 __u16 handle;
1476
1477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1478
1479 if (!status)
1480 return;
1481
1482 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1483 if (!cp)
1484 return;
1485
1486 handle = __le16_to_cpu(cp->handle);
1487
1488 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1489
1490 hci_dev_lock(hdev);
1491
1492 acl = hci_conn_hash_lookup_handle(hdev, handle);
1493 if (acl) {
1494 sco = acl->link;
1495 if (sco) {
1496 sco->state = BT_CLOSED;
1497
1498 hci_proto_connect_cfm(sco, status);
1499 hci_conn_del(sco);
1500 }
1501 }
1502
1503 hci_dev_unlock(hdev);
1504 }
1505
1506 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1507 {
1508 struct hci_cp_auth_requested *cp;
1509 struct hci_conn *conn;
1510
1511 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1512
1513 if (!status)
1514 return;
1515
1516 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1517 if (!cp)
1518 return;
1519
1520 hci_dev_lock(hdev);
1521
1522 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1523 if (conn) {
1524 if (conn->state == BT_CONFIG) {
1525 hci_proto_connect_cfm(conn, status);
1526 hci_conn_put(conn);
1527 }
1528 }
1529
1530 hci_dev_unlock(hdev);
1531 }
1532
1533 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1534 {
1535 struct hci_cp_set_conn_encrypt *cp;
1536 struct hci_conn *conn;
1537
1538 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1539
1540 if (!status)
1541 return;
1542
1543 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1544 if (!cp)
1545 return;
1546
1547 hci_dev_lock(hdev);
1548
1549 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1550 if (conn) {
1551 if (conn->state == BT_CONFIG) {
1552 hci_proto_connect_cfm(conn, status);
1553 hci_conn_put(conn);
1554 }
1555 }
1556
1557 hci_dev_unlock(hdev);
1558 }
1559
1560 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1561 struct hci_conn *conn)
1562 {
1563 if (conn->state != BT_CONFIG || !conn->out)
1564 return 0;
1565
1566 if (conn->pending_sec_level == BT_SECURITY_SDP)
1567 return 0;
1568
1569 /* Only request authentication for SSP connections or non-SSP
1570 * devices with sec_level HIGH or if MITM protection is requested */
1571 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1572 conn->pending_sec_level != BT_SECURITY_HIGH)
1573 return 0;
1574
1575 return 1;
1576 }
1577
1578 static int hci_resolve_name(struct hci_dev *hdev,
1579 struct inquiry_entry *e)
1580 {
1581 struct hci_cp_remote_name_req cp;
1582
1583 memset(&cp, 0, sizeof(cp));
1584
1585 bacpy(&cp.bdaddr, &e->data.bdaddr);
1586 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1587 cp.pscan_mode = e->data.pscan_mode;
1588 cp.clock_offset = e->data.clock_offset;
1589
1590 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1591 }
1592
1593 static bool hci_resolve_next_name(struct hci_dev *hdev)
1594 {
1595 struct discovery_state *discov = &hdev->discovery;
1596 struct inquiry_entry *e;
1597
1598 if (list_empty(&discov->resolve))
1599 return false;
1600
1601 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1602 if (!e)
1603 return false;
1604
1605 if (hci_resolve_name(hdev, e) == 0) {
1606 e->name_state = NAME_PENDING;
1607 return true;
1608 }
1609
1610 return false;
1611 }
1612
1613 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1614 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1615 {
1616 struct discovery_state *discov = &hdev->discovery;
1617 struct inquiry_entry *e;
1618
1619 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1620 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1621 name_len, conn->dev_class);
1622
1623 if (discov->state == DISCOVERY_STOPPED)
1624 return;
1625
1626 if (discov->state == DISCOVERY_STOPPING)
1627 goto discov_complete;
1628
1629 if (discov->state != DISCOVERY_RESOLVING)
1630 return;
1631
1632 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1633 /* If the device was not found in a list of found devices names of which
1634 * are pending. there is no need to continue resolving a next name as it
1635 * will be done upon receiving another Remote Name Request Complete
1636 * Event */
1637 if (!e)
1638 return;
1639
1640 list_del(&e->list);
1641 if (name) {
1642 e->name_state = NAME_KNOWN;
1643 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1644 e->data.rssi, name, name_len);
1645 } else {
1646 e->name_state = NAME_NOT_KNOWN;
1647 }
1648
1649 if (hci_resolve_next_name(hdev))
1650 return;
1651
1652 discov_complete:
1653 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1654 }
1655
1656 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1657 {
1658 struct hci_cp_remote_name_req *cp;
1659 struct hci_conn *conn;
1660
1661 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1662
1663 /* If successful wait for the name req complete event before
1664 * checking for the need to do authentication */
1665 if (!status)
1666 return;
1667
1668 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1669 if (!cp)
1670 return;
1671
1672 hci_dev_lock(hdev);
1673
1674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1675
1676 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1677 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1678
1679 if (!conn)
1680 goto unlock;
1681
1682 if (!hci_outgoing_auth_needed(hdev, conn))
1683 goto unlock;
1684
1685 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1686 struct hci_cp_auth_requested cp;
1687 cp.handle = __cpu_to_le16(conn->handle);
1688 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1689 }
1690
1691 unlock:
1692 hci_dev_unlock(hdev);
1693 }
1694
1695 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1696 {
1697 struct hci_cp_read_remote_features *cp;
1698 struct hci_conn *conn;
1699
1700 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1701
1702 if (!status)
1703 return;
1704
1705 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1706 if (!cp)
1707 return;
1708
1709 hci_dev_lock(hdev);
1710
1711 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1712 if (conn) {
1713 if (conn->state == BT_CONFIG) {
1714 hci_proto_connect_cfm(conn, status);
1715 hci_conn_put(conn);
1716 }
1717 }
1718
1719 hci_dev_unlock(hdev);
1720 }
1721
1722 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1723 {
1724 struct hci_cp_read_remote_ext_features *cp;
1725 struct hci_conn *conn;
1726
1727 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1728
1729 if (!status)
1730 return;
1731
1732 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1733 if (!cp)
1734 return;
1735
1736 hci_dev_lock(hdev);
1737
1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1739 if (conn) {
1740 if (conn->state == BT_CONFIG) {
1741 hci_proto_connect_cfm(conn, status);
1742 hci_conn_put(conn);
1743 }
1744 }
1745
1746 hci_dev_unlock(hdev);
1747 }
1748
1749 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1750 {
1751 struct hci_cp_setup_sync_conn *cp;
1752 struct hci_conn *acl, *sco;
1753 __u16 handle;
1754
1755 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1756
1757 if (!status)
1758 return;
1759
1760 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1761 if (!cp)
1762 return;
1763
1764 handle = __le16_to_cpu(cp->handle);
1765
1766 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1767
1768 hci_dev_lock(hdev);
1769
1770 acl = hci_conn_hash_lookup_handle(hdev, handle);
1771 if (acl) {
1772 sco = acl->link;
1773 if (sco) {
1774 sco->state = BT_CLOSED;
1775
1776 hci_proto_connect_cfm(sco, status);
1777 hci_conn_del(sco);
1778 }
1779 }
1780
1781 hci_dev_unlock(hdev);
1782 }
1783
1784 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1785 {
1786 struct hci_cp_sniff_mode *cp;
1787 struct hci_conn *conn;
1788
1789 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1790
1791 if (!status)
1792 return;
1793
1794 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1795 if (!cp)
1796 return;
1797
1798 hci_dev_lock(hdev);
1799
1800 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1801 if (conn) {
1802 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1803
1804 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1805 hci_sco_setup(conn, status);
1806 }
1807
1808 hci_dev_unlock(hdev);
1809 }
1810
1811 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1812 {
1813 struct hci_cp_exit_sniff_mode *cp;
1814 struct hci_conn *conn;
1815
1816 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1817
1818 if (!status)
1819 return;
1820
1821 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1822 if (!cp)
1823 return;
1824
1825 hci_dev_lock(hdev);
1826
1827 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1828 if (conn) {
1829 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1830
1831 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1832 hci_sco_setup(conn, status);
1833 }
1834
1835 hci_dev_unlock(hdev);
1836 }
1837
1838 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1839 {
1840 struct hci_cp_disconnect *cp;
1841 struct hci_conn *conn;
1842
1843 if (!status)
1844 return;
1845
1846 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1847 if (!cp)
1848 return;
1849
1850 hci_dev_lock(hdev);
1851
1852 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1853 if (conn)
1854 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1855 conn->dst_type, status);
1856
1857 hci_dev_unlock(hdev);
1858 }
1859
1860 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1861 {
1862 struct hci_conn *conn;
1863
1864 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1865
1866 if (status) {
1867 hci_dev_lock(hdev);
1868
1869 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1870 if (!conn) {
1871 hci_dev_unlock(hdev);
1872 return;
1873 }
1874
1875 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1876
1877 conn->state = BT_CLOSED;
1878 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1879 conn->dst_type, status);
1880 hci_proto_connect_cfm(conn, status);
1881 hci_conn_del(conn);
1882
1883 hci_dev_unlock(hdev);
1884 }
1885 }
1886
1887 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1888 {
1889 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1890 }
1891
1892 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1893 {
1894 struct hci_cp_create_phy_link *cp;
1895
1896 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1897
1898 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1899 if (!cp)
1900 return;
1901
1902 hci_dev_lock(hdev);
1903
1904 if (status) {
1905 struct hci_conn *hcon;
1906
1907 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1908 if (hcon)
1909 hci_conn_del(hcon);
1910 } else {
1911 amp_write_remote_assoc(hdev, cp->phy_handle);
1912 }
1913
1914 hci_dev_unlock(hdev);
1915 }
1916
1917 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1918 {
1919 struct hci_cp_accept_phy_link *cp;
1920
1921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1922
1923 if (status)
1924 return;
1925
1926 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1927 if (!cp)
1928 return;
1929
1930 amp_write_remote_assoc(hdev, cp->phy_handle);
1931 }
1932
1933 static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1934 {
1935 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1936 }
1937
1938 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1939 {
1940 __u8 status = *((__u8 *) skb->data);
1941 struct discovery_state *discov = &hdev->discovery;
1942 struct inquiry_entry *e;
1943
1944 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1945
1946 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1947
1948 hci_conn_check_pending(hdev);
1949
1950 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1951 return;
1952
1953 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1954 return;
1955
1956 hci_dev_lock(hdev);
1957
1958 if (discov->state != DISCOVERY_FINDING)
1959 goto unlock;
1960
1961 if (list_empty(&discov->resolve)) {
1962 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1963 goto unlock;
1964 }
1965
1966 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1967 if (e && hci_resolve_name(hdev, e) == 0) {
1968 e->name_state = NAME_PENDING;
1969 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1970 } else {
1971 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1972 }
1973
1974 unlock:
1975 hci_dev_unlock(hdev);
1976 }
1977
1978 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1979 {
1980 struct inquiry_data data;
1981 struct inquiry_info *info = (void *) (skb->data + 1);
1982 int num_rsp = *((__u8 *) skb->data);
1983
1984 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1985
1986 if (!num_rsp)
1987 return;
1988
1989 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1990 return;
1991
1992 hci_dev_lock(hdev);
1993
1994 for (; num_rsp; num_rsp--, info++) {
1995 bool name_known, ssp;
1996
1997 bacpy(&data.bdaddr, &info->bdaddr);
1998 data.pscan_rep_mode = info->pscan_rep_mode;
1999 data.pscan_period_mode = info->pscan_period_mode;
2000 data.pscan_mode = info->pscan_mode;
2001 memcpy(data.dev_class, info->dev_class, 3);
2002 data.clock_offset = info->clock_offset;
2003 data.rssi = 0x00;
2004 data.ssp_mode = 0x00;
2005
2006 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
2007 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2008 info->dev_class, 0, !name_known, ssp, NULL,
2009 0);
2010 }
2011
2012 hci_dev_unlock(hdev);
2013 }
2014
2015 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2016 {
2017 struct hci_ev_conn_complete *ev = (void *) skb->data;
2018 struct hci_conn *conn;
2019
2020 BT_DBG("%s", hdev->name);
2021
2022 hci_dev_lock(hdev);
2023
2024 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2025 if (!conn) {
2026 if (ev->link_type != SCO_LINK)
2027 goto unlock;
2028
2029 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2030 if (!conn)
2031 goto unlock;
2032
2033 conn->type = SCO_LINK;
2034 }
2035
2036 if (!ev->status) {
2037 conn->handle = __le16_to_cpu(ev->handle);
2038
2039 if (conn->type == ACL_LINK) {
2040 conn->state = BT_CONFIG;
2041 hci_conn_hold(conn);
2042
2043 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2044 !hci_find_link_key(hdev, &ev->bdaddr))
2045 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2046 else
2047 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2048 } else
2049 conn->state = BT_CONNECTED;
2050
2051 hci_conn_hold_device(conn);
2052 hci_conn_add_sysfs(conn);
2053
2054 if (test_bit(HCI_AUTH, &hdev->flags))
2055 conn->link_mode |= HCI_LM_AUTH;
2056
2057 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2058 conn->link_mode |= HCI_LM_ENCRYPT;
2059
2060 /* Get remote features */
2061 if (conn->type == ACL_LINK) {
2062 struct hci_cp_read_remote_features cp;
2063 cp.handle = ev->handle;
2064 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2065 sizeof(cp), &cp);
2066 }
2067
2068 /* Set packet type for incoming connection */
2069 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2070 struct hci_cp_change_conn_ptype cp;
2071 cp.handle = ev->handle;
2072 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2073 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2074 &cp);
2075 }
2076 } else {
2077 conn->state = BT_CLOSED;
2078 if (conn->type == ACL_LINK)
2079 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2080 conn->dst_type, ev->status);
2081 }
2082
2083 if (conn->type == ACL_LINK)
2084 hci_sco_setup(conn, ev->status);
2085
2086 if (ev->status) {
2087 hci_proto_connect_cfm(conn, ev->status);
2088 hci_conn_del(conn);
2089 } else if (ev->link_type != ACL_LINK)
2090 hci_proto_connect_cfm(conn, ev->status);
2091
2092 unlock:
2093 hci_dev_unlock(hdev);
2094
2095 hci_conn_check_pending(hdev);
2096 }
2097
2098 void hci_conn_accept(struct hci_conn *conn, int mask)
2099 {
2100 struct hci_dev *hdev = conn->hdev;
2101
2102 BT_DBG("conn %p", conn);
2103
2104 conn->state = BT_CONFIG;
2105
2106 if (!lmp_esco_capable(hdev)) {
2107 struct hci_cp_accept_conn_req cp;
2108
2109 bacpy(&cp.bdaddr, &conn->dst);
2110
2111 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2112 cp.role = 0x00; /* Become master */
2113 else
2114 cp.role = 0x01; /* Remain slave */
2115
2116 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2117 } else /* lmp_esco_capable(hdev)) */ {
2118 struct hci_cp_accept_sync_conn_req cp;
2119
2120 bacpy(&cp.bdaddr, &conn->dst);
2121 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2122
2123 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2124 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2125 cp.max_latency = __constant_cpu_to_le16(0xffff);
2126 cp.content_format = cpu_to_le16(hdev->voice_setting);
2127 cp.retrans_effort = 0xff;
2128
2129 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2130 sizeof(cp), &cp);
2131 }
2132 }
2133
2134 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2135 {
2136 struct hci_ev_conn_request *ev = (void *) skb->data;
2137 int mask = hdev->link_mode;
2138 __u8 flags = 0;
2139
2140 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2141 ev->link_type);
2142
2143 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2144 &flags);
2145
2146 if ((mask & HCI_LM_ACCEPT) &&
2147 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
2148 /* Connection accepted */
2149 struct inquiry_entry *ie;
2150 struct hci_conn *conn;
2151
2152 hci_dev_lock(hdev);
2153
2154 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2155 if (ie)
2156 memcpy(ie->data.dev_class, ev->dev_class, 3);
2157
2158 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2159 &ev->bdaddr);
2160 if (!conn) {
2161 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2162 if (!conn) {
2163 BT_ERR("No memory for new connection");
2164 hci_dev_unlock(hdev);
2165 return;
2166 }
2167 }
2168
2169 memcpy(conn->dev_class, ev->dev_class, 3);
2170
2171 hci_dev_unlock(hdev);
2172
2173 if (ev->link_type == ACL_LINK ||
2174 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2175 struct hci_cp_accept_conn_req cp;
2176 conn->state = BT_CONNECT;
2177
2178 bacpy(&cp.bdaddr, &ev->bdaddr);
2179
2180 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2181 cp.role = 0x00; /* Become master */
2182 else
2183 cp.role = 0x01; /* Remain slave */
2184
2185 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2186 &cp);
2187 } else if (!(flags & HCI_PROTO_DEFER)) {
2188 struct hci_cp_accept_sync_conn_req cp;
2189 conn->state = BT_CONNECT;
2190
2191 bacpy(&cp.bdaddr, &ev->bdaddr);
2192 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2193
2194 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2195 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2196 cp.max_latency = __constant_cpu_to_le16(0xffff);
2197 cp.content_format = cpu_to_le16(hdev->voice_setting);
2198 cp.retrans_effort = 0xff;
2199
2200 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2201 sizeof(cp), &cp);
2202 } else {
2203 conn->state = BT_CONNECT2;
2204 hci_proto_connect_cfm(conn, 0);
2205 hci_conn_put(conn);
2206 }
2207 } else {
2208 /* Connection rejected */
2209 struct hci_cp_reject_conn_req cp;
2210
2211 bacpy(&cp.bdaddr, &ev->bdaddr);
2212 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2213 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2214 }
2215 }
2216
2217 static u8 hci_to_mgmt_reason(u8 err)
2218 {
2219 switch (err) {
2220 case HCI_ERROR_CONNECTION_TIMEOUT:
2221 return MGMT_DEV_DISCONN_TIMEOUT;
2222 case HCI_ERROR_REMOTE_USER_TERM:
2223 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2224 case HCI_ERROR_REMOTE_POWER_OFF:
2225 return MGMT_DEV_DISCONN_REMOTE;
2226 case HCI_ERROR_LOCAL_HOST_TERM:
2227 return MGMT_DEV_DISCONN_LOCAL_HOST;
2228 default:
2229 return MGMT_DEV_DISCONN_UNKNOWN;
2230 }
2231 }
2232
2233 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2234 {
2235 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2236 struct hci_conn *conn;
2237
2238 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2239
2240 hci_dev_lock(hdev);
2241
2242 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2243 if (!conn)
2244 goto unlock;
2245
2246 if (ev->status == 0)
2247 conn->state = BT_CLOSED;
2248
2249 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
2250 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
2251 if (ev->status) {
2252 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2253 conn->dst_type, ev->status);
2254 } else {
2255 u8 reason = hci_to_mgmt_reason(ev->reason);
2256
2257 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
2258 conn->dst_type, reason);
2259 }
2260 }
2261
2262 if (ev->status == 0) {
2263 if (conn->type == ACL_LINK && conn->flush_key)
2264 hci_remove_link_key(hdev, &conn->dst);
2265 hci_proto_disconn_cfm(conn, ev->reason);
2266 hci_conn_del(conn);
2267 }
2268
2269 unlock:
2270 hci_dev_unlock(hdev);
2271 }
2272
2273 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2274 {
2275 struct hci_ev_auth_complete *ev = (void *) skb->data;
2276 struct hci_conn *conn;
2277
2278 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2279
2280 hci_dev_lock(hdev);
2281
2282 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2283 if (!conn)
2284 goto unlock;
2285
2286 if (!ev->status) {
2287 if (!hci_conn_ssp_enabled(conn) &&
2288 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2289 BT_INFO("re-auth of legacy device is not possible.");
2290 } else {
2291 conn->link_mode |= HCI_LM_AUTH;
2292 conn->sec_level = conn->pending_sec_level;
2293 }
2294 } else {
2295 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2296 ev->status);
2297 }
2298
2299 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2300 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2301
2302 if (conn->state == BT_CONFIG) {
2303 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2304 struct hci_cp_set_conn_encrypt cp;
2305 cp.handle = ev->handle;
2306 cp.encrypt = 0x01;
2307 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2308 &cp);
2309 } else {
2310 conn->state = BT_CONNECTED;
2311 hci_proto_connect_cfm(conn, ev->status);
2312 hci_conn_put(conn);
2313 }
2314 } else {
2315 hci_auth_cfm(conn, ev->status);
2316
2317 hci_conn_hold(conn);
2318 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2319 hci_conn_put(conn);
2320 }
2321
2322 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2323 if (!ev->status) {
2324 struct hci_cp_set_conn_encrypt cp;
2325 cp.handle = ev->handle;
2326 cp.encrypt = 0x01;
2327 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2328 &cp);
2329 } else {
2330 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2331 hci_encrypt_cfm(conn, ev->status, 0x00);
2332 }
2333 }
2334
2335 unlock:
2336 hci_dev_unlock(hdev);
2337 }
2338
2339 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2340 {
2341 struct hci_ev_remote_name *ev = (void *) skb->data;
2342 struct hci_conn *conn;
2343
2344 BT_DBG("%s", hdev->name);
2345
2346 hci_conn_check_pending(hdev);
2347
2348 hci_dev_lock(hdev);
2349
2350 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2351
2352 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2353 goto check_auth;
2354
2355 if (ev->status == 0)
2356 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2357 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2358 else
2359 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2360
2361 check_auth:
2362 if (!conn)
2363 goto unlock;
2364
2365 if (!hci_outgoing_auth_needed(hdev, conn))
2366 goto unlock;
2367
2368 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2369 struct hci_cp_auth_requested cp;
2370 cp.handle = __cpu_to_le16(conn->handle);
2371 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2372 }
2373
2374 unlock:
2375 hci_dev_unlock(hdev);
2376 }
2377
2378 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2379 {
2380 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2381 struct hci_conn *conn;
2382
2383 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2384
2385 hci_dev_lock(hdev);
2386
2387 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2388 if (conn) {
2389 if (!ev->status) {
2390 if (ev->encrypt) {
2391 /* Encryption implies authentication */
2392 conn->link_mode |= HCI_LM_AUTH;
2393 conn->link_mode |= HCI_LM_ENCRYPT;
2394 conn->sec_level = conn->pending_sec_level;
2395 } else
2396 conn->link_mode &= ~HCI_LM_ENCRYPT;
2397 }
2398
2399 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2400
2401 if (ev->status && conn->state == BT_CONNECTED) {
2402 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2403 hci_conn_put(conn);
2404 goto unlock;
2405 }
2406
2407 if (conn->state == BT_CONFIG) {
2408 if (!ev->status)
2409 conn->state = BT_CONNECTED;
2410
2411 hci_proto_connect_cfm(conn, ev->status);
2412 hci_conn_put(conn);
2413 } else
2414 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2415 }
2416
2417 unlock:
2418 hci_dev_unlock(hdev);
2419 }
2420
2421 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2422 struct sk_buff *skb)
2423 {
2424 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2425 struct hci_conn *conn;
2426
2427 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2428
2429 hci_dev_lock(hdev);
2430
2431 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2432 if (conn) {
2433 if (!ev->status)
2434 conn->link_mode |= HCI_LM_SECURE;
2435
2436 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2437
2438 hci_key_change_cfm(conn, ev->status);
2439 }
2440
2441 hci_dev_unlock(hdev);
2442 }
2443
2444 static void hci_remote_features_evt(struct hci_dev *hdev,
2445 struct sk_buff *skb)
2446 {
2447 struct hci_ev_remote_features *ev = (void *) skb->data;
2448 struct hci_conn *conn;
2449
2450 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2451
2452 hci_dev_lock(hdev);
2453
2454 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2455 if (!conn)
2456 goto unlock;
2457
2458 if (!ev->status)
2459 memcpy(conn->features, ev->features, 8);
2460
2461 if (conn->state != BT_CONFIG)
2462 goto unlock;
2463
2464 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2465 struct hci_cp_read_remote_ext_features cp;
2466 cp.handle = ev->handle;
2467 cp.page = 0x01;
2468 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2469 sizeof(cp), &cp);
2470 goto unlock;
2471 }
2472
2473 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2474 struct hci_cp_remote_name_req cp;
2475 memset(&cp, 0, sizeof(cp));
2476 bacpy(&cp.bdaddr, &conn->dst);
2477 cp.pscan_rep_mode = 0x02;
2478 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2479 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2480 mgmt_device_connected(hdev, &conn->dst, conn->type,
2481 conn->dst_type, 0, NULL, 0,
2482 conn->dev_class);
2483
2484 if (!hci_outgoing_auth_needed(hdev, conn)) {
2485 conn->state = BT_CONNECTED;
2486 hci_proto_connect_cfm(conn, ev->status);
2487 hci_conn_put(conn);
2488 }
2489
2490 unlock:
2491 hci_dev_unlock(hdev);
2492 }
2493
2494 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2495 {
2496 BT_DBG("%s", hdev->name);
2497 }
2498
2499 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2500 struct sk_buff *skb)
2501 {
2502 BT_DBG("%s", hdev->name);
2503 }
2504
2505 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2506 {
2507 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2508 __u16 opcode;
2509
2510 skb_pull(skb, sizeof(*ev));
2511
2512 opcode = __le16_to_cpu(ev->opcode);
2513
2514 switch (opcode) {
2515 case HCI_OP_INQUIRY_CANCEL:
2516 hci_cc_inquiry_cancel(hdev, skb);
2517 break;
2518
2519 case HCI_OP_PERIODIC_INQ:
2520 hci_cc_periodic_inq(hdev, skb);
2521 break;
2522
2523 case HCI_OP_EXIT_PERIODIC_INQ:
2524 hci_cc_exit_periodic_inq(hdev, skb);
2525 break;
2526
2527 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2528 hci_cc_remote_name_req_cancel(hdev, skb);
2529 break;
2530
2531 case HCI_OP_ROLE_DISCOVERY:
2532 hci_cc_role_discovery(hdev, skb);
2533 break;
2534
2535 case HCI_OP_READ_LINK_POLICY:
2536 hci_cc_read_link_policy(hdev, skb);
2537 break;
2538
2539 case HCI_OP_WRITE_LINK_POLICY:
2540 hci_cc_write_link_policy(hdev, skb);
2541 break;
2542
2543 case HCI_OP_READ_DEF_LINK_POLICY:
2544 hci_cc_read_def_link_policy(hdev, skb);
2545 break;
2546
2547 case HCI_OP_WRITE_DEF_LINK_POLICY:
2548 hci_cc_write_def_link_policy(hdev, skb);
2549 break;
2550
2551 case HCI_OP_RESET:
2552 hci_cc_reset(hdev, skb);
2553 break;
2554
2555 case HCI_OP_WRITE_LOCAL_NAME:
2556 hci_cc_write_local_name(hdev, skb);
2557 break;
2558
2559 case HCI_OP_READ_LOCAL_NAME:
2560 hci_cc_read_local_name(hdev, skb);
2561 break;
2562
2563 case HCI_OP_WRITE_AUTH_ENABLE:
2564 hci_cc_write_auth_enable(hdev, skb);
2565 break;
2566
2567 case HCI_OP_WRITE_ENCRYPT_MODE:
2568 hci_cc_write_encrypt_mode(hdev, skb);
2569 break;
2570
2571 case HCI_OP_WRITE_SCAN_ENABLE:
2572 hci_cc_write_scan_enable(hdev, skb);
2573 break;
2574
2575 case HCI_OP_READ_CLASS_OF_DEV:
2576 hci_cc_read_class_of_dev(hdev, skb);
2577 break;
2578
2579 case HCI_OP_WRITE_CLASS_OF_DEV:
2580 hci_cc_write_class_of_dev(hdev, skb);
2581 break;
2582
2583 case HCI_OP_READ_VOICE_SETTING:
2584 hci_cc_read_voice_setting(hdev, skb);
2585 break;
2586
2587 case HCI_OP_WRITE_VOICE_SETTING:
2588 hci_cc_write_voice_setting(hdev, skb);
2589 break;
2590
2591 case HCI_OP_HOST_BUFFER_SIZE:
2592 hci_cc_host_buffer_size(hdev, skb);
2593 break;
2594
2595 case HCI_OP_WRITE_SSP_MODE:
2596 hci_cc_write_ssp_mode(hdev, skb);
2597 break;
2598
2599 case HCI_OP_READ_LOCAL_VERSION:
2600 hci_cc_read_local_version(hdev, skb);
2601 break;
2602
2603 case HCI_OP_READ_LOCAL_COMMANDS:
2604 hci_cc_read_local_commands(hdev, skb);
2605 break;
2606
2607 case HCI_OP_READ_LOCAL_FEATURES:
2608 hci_cc_read_local_features(hdev, skb);
2609 break;
2610
2611 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2612 hci_cc_read_local_ext_features(hdev, skb);
2613 break;
2614
2615 case HCI_OP_READ_BUFFER_SIZE:
2616 hci_cc_read_buffer_size(hdev, skb);
2617 break;
2618
2619 case HCI_OP_READ_BD_ADDR:
2620 hci_cc_read_bd_addr(hdev, skb);
2621 break;
2622
2623 case HCI_OP_READ_DATA_BLOCK_SIZE:
2624 hci_cc_read_data_block_size(hdev, skb);
2625 break;
2626
2627 case HCI_OP_WRITE_CA_TIMEOUT:
2628 hci_cc_write_ca_timeout(hdev, skb);
2629 break;
2630
2631 case HCI_OP_READ_FLOW_CONTROL_MODE:
2632 hci_cc_read_flow_control_mode(hdev, skb);
2633 break;
2634
2635 case HCI_OP_READ_LOCAL_AMP_INFO:
2636 hci_cc_read_local_amp_info(hdev, skb);
2637 break;
2638
2639 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2640 hci_cc_read_local_amp_assoc(hdev, skb);
2641 break;
2642
2643 case HCI_OP_DELETE_STORED_LINK_KEY:
2644 hci_cc_delete_stored_link_key(hdev, skb);
2645 break;
2646
2647 case HCI_OP_SET_EVENT_MASK:
2648 hci_cc_set_event_mask(hdev, skb);
2649 break;
2650
2651 case HCI_OP_WRITE_INQUIRY_MODE:
2652 hci_cc_write_inquiry_mode(hdev, skb);
2653 break;
2654
2655 case HCI_OP_READ_INQ_RSP_TX_POWER:
2656 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2657 break;
2658
2659 case HCI_OP_SET_EVENT_FLT:
2660 hci_cc_set_event_flt(hdev, skb);
2661 break;
2662
2663 case HCI_OP_PIN_CODE_REPLY:
2664 hci_cc_pin_code_reply(hdev, skb);
2665 break;
2666
2667 case HCI_OP_PIN_CODE_NEG_REPLY:
2668 hci_cc_pin_code_neg_reply(hdev, skb);
2669 break;
2670
2671 case HCI_OP_READ_LOCAL_OOB_DATA:
2672 hci_cc_read_local_oob_data_reply(hdev, skb);
2673 break;
2674
2675 case HCI_OP_LE_READ_BUFFER_SIZE:
2676 hci_cc_le_read_buffer_size(hdev, skb);
2677 break;
2678
2679 case HCI_OP_LE_READ_LOCAL_FEATURES:
2680 hci_cc_le_read_local_features(hdev, skb);
2681 break;
2682
2683 case HCI_OP_LE_READ_ADV_TX_POWER:
2684 hci_cc_le_read_adv_tx_power(hdev, skb);
2685 break;
2686
2687 case HCI_OP_LE_SET_EVENT_MASK:
2688 hci_cc_le_set_event_mask(hdev, skb);
2689 break;
2690
2691 case HCI_OP_USER_CONFIRM_REPLY:
2692 hci_cc_user_confirm_reply(hdev, skb);
2693 break;
2694
2695 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2696 hci_cc_user_confirm_neg_reply(hdev, skb);
2697 break;
2698
2699 case HCI_OP_USER_PASSKEY_REPLY:
2700 hci_cc_user_passkey_reply(hdev, skb);
2701 break;
2702
2703 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2704 hci_cc_user_passkey_neg_reply(hdev, skb);
2705 break;
2706
2707 case HCI_OP_LE_SET_SCAN_PARAM:
2708 hci_cc_le_set_scan_param(hdev, skb);
2709 break;
2710
2711 case HCI_OP_LE_SET_ADV_ENABLE:
2712 hci_cc_le_set_adv_enable(hdev, skb);
2713 break;
2714
2715 case HCI_OP_LE_SET_SCAN_ENABLE:
2716 hci_cc_le_set_scan_enable(hdev, skb);
2717 break;
2718
2719 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2720 hci_cc_le_read_white_list_size(hdev, skb);
2721 break;
2722
2723 case HCI_OP_LE_LTK_REPLY:
2724 hci_cc_le_ltk_reply(hdev, skb);
2725 break;
2726
2727 case HCI_OP_LE_LTK_NEG_REPLY:
2728 hci_cc_le_ltk_neg_reply(hdev, skb);
2729 break;
2730
2731 case HCI_OP_LE_READ_SUPPORTED_STATES:
2732 hci_cc_le_read_supported_states(hdev, skb);
2733 break;
2734
2735 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2736 hci_cc_write_le_host_supported(hdev, skb);
2737 break;
2738
2739 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2740 hci_cc_write_remote_amp_assoc(hdev, skb);
2741 break;
2742
2743 default:
2744 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2745 break;
2746 }
2747
2748 if (ev->opcode != HCI_OP_NOP)
2749 del_timer(&hdev->cmd_timer);
2750
2751 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2752 atomic_set(&hdev->cmd_cnt, 1);
2753 if (!skb_queue_empty(&hdev->cmd_q))
2754 queue_work(hdev->workqueue, &hdev->cmd_work);
2755 }
2756 }
2757
2758 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2759 {
2760 struct hci_ev_cmd_status *ev = (void *) skb->data;
2761 __u16 opcode;
2762
2763 skb_pull(skb, sizeof(*ev));
2764
2765 opcode = __le16_to_cpu(ev->opcode);
2766
2767 switch (opcode) {
2768 case HCI_OP_INQUIRY:
2769 hci_cs_inquiry(hdev, ev->status);
2770 break;
2771
2772 case HCI_OP_CREATE_CONN:
2773 hci_cs_create_conn(hdev, ev->status);
2774 break;
2775
2776 case HCI_OP_ADD_SCO:
2777 hci_cs_add_sco(hdev, ev->status);
2778 break;
2779
2780 case HCI_OP_AUTH_REQUESTED:
2781 hci_cs_auth_requested(hdev, ev->status);
2782 break;
2783
2784 case HCI_OP_SET_CONN_ENCRYPT:
2785 hci_cs_set_conn_encrypt(hdev, ev->status);
2786 break;
2787
2788 case HCI_OP_REMOTE_NAME_REQ:
2789 hci_cs_remote_name_req(hdev, ev->status);
2790 break;
2791
2792 case HCI_OP_READ_REMOTE_FEATURES:
2793 hci_cs_read_remote_features(hdev, ev->status);
2794 break;
2795
2796 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2797 hci_cs_read_remote_ext_features(hdev, ev->status);
2798 break;
2799
2800 case HCI_OP_SETUP_SYNC_CONN:
2801 hci_cs_setup_sync_conn(hdev, ev->status);
2802 break;
2803
2804 case HCI_OP_SNIFF_MODE:
2805 hci_cs_sniff_mode(hdev, ev->status);
2806 break;
2807
2808 case HCI_OP_EXIT_SNIFF_MODE:
2809 hci_cs_exit_sniff_mode(hdev, ev->status);
2810 break;
2811
2812 case HCI_OP_DISCONNECT:
2813 hci_cs_disconnect(hdev, ev->status);
2814 break;
2815
2816 case HCI_OP_LE_CREATE_CONN:
2817 hci_cs_le_create_conn(hdev, ev->status);
2818 break;
2819
2820 case HCI_OP_LE_START_ENC:
2821 hci_cs_le_start_enc(hdev, ev->status);
2822 break;
2823
2824 case HCI_OP_CREATE_PHY_LINK:
2825 hci_cs_create_phylink(hdev, ev->status);
2826 break;
2827
2828 case HCI_OP_ACCEPT_PHY_LINK:
2829 hci_cs_accept_phylink(hdev, ev->status);
2830 break;
2831
2832 case HCI_OP_CREATE_LOGICAL_LINK:
2833 hci_cs_create_logical_link(hdev, ev->status);
2834 break;
2835
2836 default:
2837 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2838 break;
2839 }
2840
2841 if (ev->opcode != HCI_OP_NOP)
2842 del_timer(&hdev->cmd_timer);
2843
2844 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2845 atomic_set(&hdev->cmd_cnt, 1);
2846 if (!skb_queue_empty(&hdev->cmd_q))
2847 queue_work(hdev->workqueue, &hdev->cmd_work);
2848 }
2849 }
2850
2851 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2852 {
2853 struct hci_ev_role_change *ev = (void *) skb->data;
2854 struct hci_conn *conn;
2855
2856 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2857
2858 hci_dev_lock(hdev);
2859
2860 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2861 if (conn) {
2862 if (!ev->status) {
2863 if (ev->role)
2864 conn->link_mode &= ~HCI_LM_MASTER;
2865 else
2866 conn->link_mode |= HCI_LM_MASTER;
2867 }
2868
2869 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2870
2871 hci_role_switch_cfm(conn, ev->status, ev->role);
2872 }
2873
2874 hci_dev_unlock(hdev);
2875 }
2876
2877 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2878 {
2879 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2880 int i;
2881
2882 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2883 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2884 return;
2885 }
2886
2887 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2888 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2889 BT_DBG("%s bad parameters", hdev->name);
2890 return;
2891 }
2892
2893 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2894
2895 for (i = 0; i < ev->num_hndl; i++) {
2896 struct hci_comp_pkts_info *info = &ev->handles[i];
2897 struct hci_conn *conn;
2898 __u16 handle, count;
2899
2900 handle = __le16_to_cpu(info->handle);
2901 count = __le16_to_cpu(info->count);
2902
2903 conn = hci_conn_hash_lookup_handle(hdev, handle);
2904 if (!conn)
2905 continue;
2906
2907 conn->sent -= count;
2908
2909 switch (conn->type) {
2910 case ACL_LINK:
2911 hdev->acl_cnt += count;
2912 if (hdev->acl_cnt > hdev->acl_pkts)
2913 hdev->acl_cnt = hdev->acl_pkts;
2914 break;
2915
2916 case LE_LINK:
2917 if (hdev->le_pkts) {
2918 hdev->le_cnt += count;
2919 if (hdev->le_cnt > hdev->le_pkts)
2920 hdev->le_cnt = hdev->le_pkts;
2921 } else {
2922 hdev->acl_cnt += count;
2923 if (hdev->acl_cnt > hdev->acl_pkts)
2924 hdev->acl_cnt = hdev->acl_pkts;
2925 }
2926 break;
2927
2928 case SCO_LINK:
2929 hdev->sco_cnt += count;
2930 if (hdev->sco_cnt > hdev->sco_pkts)
2931 hdev->sco_cnt = hdev->sco_pkts;
2932 break;
2933
2934 default:
2935 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2936 break;
2937 }
2938 }
2939
2940 queue_work(hdev->workqueue, &hdev->tx_work);
2941 }
2942
2943 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2944 __u16 handle)
2945 {
2946 struct hci_chan *chan;
2947
2948 switch (hdev->dev_type) {
2949 case HCI_BREDR:
2950 return hci_conn_hash_lookup_handle(hdev, handle);
2951 case HCI_AMP:
2952 chan = hci_chan_lookup_handle(hdev, handle);
2953 if (chan)
2954 return chan->conn;
2955 break;
2956 default:
2957 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2958 break;
2959 }
2960
2961 return NULL;
2962 }
2963
2964 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2965 {
2966 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2967 int i;
2968
2969 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2970 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2971 return;
2972 }
2973
2974 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2975 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2976 BT_DBG("%s bad parameters", hdev->name);
2977 return;
2978 }
2979
2980 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2981 ev->num_hndl);
2982
2983 for (i = 0; i < ev->num_hndl; i++) {
2984 struct hci_comp_blocks_info *info = &ev->handles[i];
2985 struct hci_conn *conn = NULL;
2986 __u16 handle, block_count;
2987
2988 handle = __le16_to_cpu(info->handle);
2989 block_count = __le16_to_cpu(info->blocks);
2990
2991 conn = __hci_conn_lookup_handle(hdev, handle);
2992 if (!conn)
2993 continue;
2994
2995 conn->sent -= block_count;
2996
2997 switch (conn->type) {
2998 case ACL_LINK:
2999 case AMP_LINK:
3000 hdev->block_cnt += block_count;
3001 if (hdev->block_cnt > hdev->num_blocks)
3002 hdev->block_cnt = hdev->num_blocks;
3003 break;
3004
3005 default:
3006 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3007 break;
3008 }
3009 }
3010
3011 queue_work(hdev->workqueue, &hdev->tx_work);
3012 }
3013
3014 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3015 {
3016 struct hci_ev_mode_change *ev = (void *) skb->data;
3017 struct hci_conn *conn;
3018
3019 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3020
3021 hci_dev_lock(hdev);
3022
3023 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3024 if (conn) {
3025 conn->mode = ev->mode;
3026 conn->interval = __le16_to_cpu(ev->interval);
3027
3028 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3029 &conn->flags)) {
3030 if (conn->mode == HCI_CM_ACTIVE)
3031 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3032 else
3033 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3034 }
3035
3036 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3037 hci_sco_setup(conn, ev->status);
3038 }
3039
3040 hci_dev_unlock(hdev);
3041 }
3042
3043 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3044 {
3045 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3046 struct hci_conn *conn;
3047
3048 BT_DBG("%s", hdev->name);
3049
3050 hci_dev_lock(hdev);
3051
3052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3053 if (!conn)
3054 goto unlock;
3055
3056 if (conn->state == BT_CONNECTED) {
3057 hci_conn_hold(conn);
3058 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3059 hci_conn_put(conn);
3060 }
3061
3062 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3063 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3064 sizeof(ev->bdaddr), &ev->bdaddr);
3065 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3066 u8 secure;
3067
3068 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3069 secure = 1;
3070 else
3071 secure = 0;
3072
3073 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3074 }
3075
3076 unlock:
3077 hci_dev_unlock(hdev);
3078 }
3079
3080 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3081 {
3082 struct hci_ev_link_key_req *ev = (void *) skb->data;
3083 struct hci_cp_link_key_reply cp;
3084 struct hci_conn *conn;
3085 struct link_key *key;
3086
3087 BT_DBG("%s", hdev->name);
3088
3089 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
3090 return;
3091
3092 hci_dev_lock(hdev);
3093
3094 key = hci_find_link_key(hdev, &ev->bdaddr);
3095 if (!key) {
3096 BT_DBG("%s link key not found for %pMR", hdev->name,
3097 &ev->bdaddr);
3098 goto not_found;
3099 }
3100
3101 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3102 &ev->bdaddr);
3103
3104 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
3105 key->type == HCI_LK_DEBUG_COMBINATION) {
3106 BT_DBG("%s ignoring debug key", hdev->name);
3107 goto not_found;
3108 }
3109
3110 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3111 if (conn) {
3112 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
3113 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3114 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3115 goto not_found;
3116 }
3117
3118 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3119 conn->pending_sec_level == BT_SECURITY_HIGH) {
3120 BT_DBG("%s ignoring key unauthenticated for high security",
3121 hdev->name);
3122 goto not_found;
3123 }
3124
3125 conn->key_type = key->type;
3126 conn->pin_length = key->pin_len;
3127 }
3128
3129 bacpy(&cp.bdaddr, &ev->bdaddr);
3130 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3131
3132 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3133
3134 hci_dev_unlock(hdev);
3135
3136 return;
3137
3138 not_found:
3139 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3140 hci_dev_unlock(hdev);
3141 }
3142
3143 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3144 {
3145 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3146 struct hci_conn *conn;
3147 u8 pin_len = 0;
3148
3149 BT_DBG("%s", hdev->name);
3150
3151 hci_dev_lock(hdev);
3152
3153 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3154 if (conn) {
3155 hci_conn_hold(conn);
3156 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3157 pin_len = conn->pin_length;
3158
3159 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3160 conn->key_type = ev->key_type;
3161
3162 hci_conn_put(conn);
3163 }
3164
3165 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
3166 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
3167 ev->key_type, pin_len);
3168
3169 hci_dev_unlock(hdev);
3170 }
3171
3172 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3173 {
3174 struct hci_ev_clock_offset *ev = (void *) skb->data;
3175 struct hci_conn *conn;
3176
3177 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3182 if (conn && !ev->status) {
3183 struct inquiry_entry *ie;
3184
3185 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3186 if (ie) {
3187 ie->data.clock_offset = ev->clock_offset;
3188 ie->timestamp = jiffies;
3189 }
3190 }
3191
3192 hci_dev_unlock(hdev);
3193 }
3194
3195 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3196 {
3197 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3198 struct hci_conn *conn;
3199
3200 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3201
3202 hci_dev_lock(hdev);
3203
3204 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3205 if (conn && !ev->status)
3206 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3207
3208 hci_dev_unlock(hdev);
3209 }
3210
3211 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3212 {
3213 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3214 struct inquiry_entry *ie;
3215
3216 BT_DBG("%s", hdev->name);
3217
3218 hci_dev_lock(hdev);
3219
3220 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3221 if (ie) {
3222 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3223 ie->timestamp = jiffies;
3224 }
3225
3226 hci_dev_unlock(hdev);
3227 }
3228
3229 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3230 struct sk_buff *skb)
3231 {
3232 struct inquiry_data data;
3233 int num_rsp = *((__u8 *) skb->data);
3234 bool name_known, ssp;
3235
3236 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3237
3238 if (!num_rsp)
3239 return;
3240
3241 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3242 return;
3243
3244 hci_dev_lock(hdev);
3245
3246 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3247 struct inquiry_info_with_rssi_and_pscan_mode *info;
3248 info = (void *) (skb->data + 1);
3249
3250 for (; num_rsp; num_rsp--, info++) {
3251 bacpy(&data.bdaddr, &info->bdaddr);
3252 data.pscan_rep_mode = info->pscan_rep_mode;
3253 data.pscan_period_mode = info->pscan_period_mode;
3254 data.pscan_mode = info->pscan_mode;
3255 memcpy(data.dev_class, info->dev_class, 3);
3256 data.clock_offset = info->clock_offset;
3257 data.rssi = info->rssi;
3258 data.ssp_mode = 0x00;
3259
3260 name_known = hci_inquiry_cache_update(hdev, &data,
3261 false, &ssp);
3262 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3263 info->dev_class, info->rssi,
3264 !name_known, ssp, NULL, 0);
3265 }
3266 } else {
3267 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3268
3269 for (; num_rsp; num_rsp--, info++) {
3270 bacpy(&data.bdaddr, &info->bdaddr);
3271 data.pscan_rep_mode = info->pscan_rep_mode;
3272 data.pscan_period_mode = info->pscan_period_mode;
3273 data.pscan_mode = 0x00;
3274 memcpy(data.dev_class, info->dev_class, 3);
3275 data.clock_offset = info->clock_offset;
3276 data.rssi = info->rssi;
3277 data.ssp_mode = 0x00;
3278 name_known = hci_inquiry_cache_update(hdev, &data,
3279 false, &ssp);
3280 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3281 info->dev_class, info->rssi,
3282 !name_known, ssp, NULL, 0);
3283 }
3284 }
3285
3286 hci_dev_unlock(hdev);
3287 }
3288
3289 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3290 struct sk_buff *skb)
3291 {
3292 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3293 struct hci_conn *conn;
3294
3295 BT_DBG("%s", hdev->name);
3296
3297 hci_dev_lock(hdev);
3298
3299 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3300 if (!conn)
3301 goto unlock;
3302
3303 if (!ev->status && ev->page == 0x01) {
3304 struct inquiry_entry *ie;
3305
3306 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3307 if (ie)
3308 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3309
3310 if (ev->features[0] & LMP_HOST_SSP)
3311 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3312 }
3313
3314 if (conn->state != BT_CONFIG)
3315 goto unlock;
3316
3317 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3318 struct hci_cp_remote_name_req cp;
3319 memset(&cp, 0, sizeof(cp));
3320 bacpy(&cp.bdaddr, &conn->dst);
3321 cp.pscan_rep_mode = 0x02;
3322 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3323 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3324 mgmt_device_connected(hdev, &conn->dst, conn->type,
3325 conn->dst_type, 0, NULL, 0,
3326 conn->dev_class);
3327
3328 if (!hci_outgoing_auth_needed(hdev, conn)) {
3329 conn->state = BT_CONNECTED;
3330 hci_proto_connect_cfm(conn, ev->status);
3331 hci_conn_put(conn);
3332 }
3333
3334 unlock:
3335 hci_dev_unlock(hdev);
3336 }
3337
3338 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3339 struct sk_buff *skb)
3340 {
3341 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3342 struct hci_conn *conn;
3343
3344 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3345
3346 hci_dev_lock(hdev);
3347
3348 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3349 if (!conn) {
3350 if (ev->link_type == ESCO_LINK)
3351 goto unlock;
3352
3353 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3354 if (!conn)
3355 goto unlock;
3356
3357 conn->type = SCO_LINK;
3358 }
3359
3360 switch (ev->status) {
3361 case 0x00:
3362 conn->handle = __le16_to_cpu(ev->handle);
3363 conn->state = BT_CONNECTED;
3364
3365 hci_conn_hold_device(conn);
3366 hci_conn_add_sysfs(conn);
3367 break;
3368
3369 case 0x11: /* Unsupported Feature or Parameter Value */
3370 case 0x1c: /* SCO interval rejected */
3371 case 0x1a: /* Unsupported Remote Feature */
3372 case 0x1f: /* Unspecified error */
3373 if (conn->out && conn->attempt < 2) {
3374 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3375 (hdev->esco_type & EDR_ESCO_MASK);
3376 hci_setup_sync(conn, conn->link->handle);
3377 goto unlock;
3378 }
3379 /* fall through */
3380
3381 default:
3382 conn->state = BT_CLOSED;
3383 break;
3384 }
3385
3386 hci_proto_connect_cfm(conn, ev->status);
3387 if (ev->status)
3388 hci_conn_del(conn);
3389
3390 unlock:
3391 hci_dev_unlock(hdev);
3392 }
3393
3394 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3395 {
3396 BT_DBG("%s", hdev->name);
3397 }
3398
3399 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3400 {
3401 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3402
3403 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3404 }
3405
3406 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3407 struct sk_buff *skb)
3408 {
3409 struct inquiry_data data;
3410 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3411 int num_rsp = *((__u8 *) skb->data);
3412 size_t eir_len;
3413
3414 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3415
3416 if (!num_rsp)
3417 return;
3418
3419 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3420 return;
3421
3422 hci_dev_lock(hdev);
3423
3424 for (; num_rsp; num_rsp--, info++) {
3425 bool name_known, ssp;
3426
3427 bacpy(&data.bdaddr, &info->bdaddr);
3428 data.pscan_rep_mode = info->pscan_rep_mode;
3429 data.pscan_period_mode = info->pscan_period_mode;
3430 data.pscan_mode = 0x00;
3431 memcpy(data.dev_class, info->dev_class, 3);
3432 data.clock_offset = info->clock_offset;
3433 data.rssi = info->rssi;
3434 data.ssp_mode = 0x01;
3435
3436 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3437 name_known = eir_has_data_type(info->data,
3438 sizeof(info->data),
3439 EIR_NAME_COMPLETE);
3440 else
3441 name_known = true;
3442
3443 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3444 &ssp);
3445 eir_len = eir_get_length(info->data, sizeof(info->data));
3446 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3447 info->dev_class, info->rssi, !name_known,
3448 ssp, info->data, eir_len);
3449 }
3450
3451 hci_dev_unlock(hdev);
3452 }
3453
3454 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3455 struct sk_buff *skb)
3456 {
3457 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3458 struct hci_conn *conn;
3459
3460 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3461 __le16_to_cpu(ev->handle));
3462
3463 hci_dev_lock(hdev);
3464
3465 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3466 if (!conn)
3467 goto unlock;
3468
3469 if (!ev->status)
3470 conn->sec_level = conn->pending_sec_level;
3471
3472 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3473
3474 if (ev->status && conn->state == BT_CONNECTED) {
3475 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3476 hci_conn_put(conn);
3477 goto unlock;
3478 }
3479
3480 if (conn->state == BT_CONFIG) {
3481 if (!ev->status)
3482 conn->state = BT_CONNECTED;
3483
3484 hci_proto_connect_cfm(conn, ev->status);
3485 hci_conn_put(conn);
3486 } else {
3487 hci_auth_cfm(conn, ev->status);
3488
3489 hci_conn_hold(conn);
3490 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3491 hci_conn_put(conn);
3492 }
3493
3494 unlock:
3495 hci_dev_unlock(hdev);
3496 }
3497
3498 static u8 hci_get_auth_req(struct hci_conn *conn)
3499 {
3500 /* If remote requests dedicated bonding follow that lead */
3501 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3502 /* If both remote and local IO capabilities allow MITM
3503 * protection then require it, otherwise don't */
3504 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3505 return 0x02;
3506 else
3507 return 0x03;
3508 }
3509
3510 /* If remote requests no-bonding follow that lead */
3511 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3512 return conn->remote_auth | (conn->auth_type & 0x01);
3513
3514 return conn->auth_type;
3515 }
3516
3517 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3518 {
3519 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3520 struct hci_conn *conn;
3521
3522 BT_DBG("%s", hdev->name);
3523
3524 hci_dev_lock(hdev);
3525
3526 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3527 if (!conn)
3528 goto unlock;
3529
3530 hci_conn_hold(conn);
3531
3532 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3533 goto unlock;
3534
3535 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3536 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3537 struct hci_cp_io_capability_reply cp;
3538
3539 bacpy(&cp.bdaddr, &ev->bdaddr);
3540 /* Change the IO capability from KeyboardDisplay
3541 * to DisplayYesNo as it is not supported by BT spec. */
3542 cp.capability = (conn->io_capability == 0x04) ?
3543 0x01 : conn->io_capability;
3544 conn->auth_type = hci_get_auth_req(conn);
3545 cp.authentication = conn->auth_type;
3546
3547 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3548 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3549 cp.oob_data = 0x01;
3550 else
3551 cp.oob_data = 0x00;
3552
3553 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3554 sizeof(cp), &cp);
3555 } else {
3556 struct hci_cp_io_capability_neg_reply cp;
3557
3558 bacpy(&cp.bdaddr, &ev->bdaddr);
3559 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3560
3561 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3562 sizeof(cp), &cp);
3563 }
3564
3565 unlock:
3566 hci_dev_unlock(hdev);
3567 }
3568
3569 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3570 {
3571 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3572 struct hci_conn *conn;
3573
3574 BT_DBG("%s", hdev->name);
3575
3576 hci_dev_lock(hdev);
3577
3578 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3579 if (!conn)
3580 goto unlock;
3581
3582 conn->remote_cap = ev->capability;
3583 conn->remote_auth = ev->authentication;
3584 if (ev->oob_data)
3585 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3586
3587 unlock:
3588 hci_dev_unlock(hdev);
3589 }
3590
3591 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3592 struct sk_buff *skb)
3593 {
3594 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3595 int loc_mitm, rem_mitm, confirm_hint = 0;
3596 struct hci_conn *conn;
3597
3598 BT_DBG("%s", hdev->name);
3599
3600 hci_dev_lock(hdev);
3601
3602 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3603 goto unlock;
3604
3605 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3606 if (!conn)
3607 goto unlock;
3608
3609 loc_mitm = (conn->auth_type & 0x01);
3610 rem_mitm = (conn->remote_auth & 0x01);
3611
3612 /* If we require MITM but the remote device can't provide that
3613 * (it has NoInputNoOutput) then reject the confirmation
3614 * request. The only exception is when we're dedicated bonding
3615 * initiators (connect_cfm_cb set) since then we always have the MITM
3616 * bit set. */
3617 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3618 BT_DBG("Rejecting request: remote device can't provide MITM");
3619 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3620 sizeof(ev->bdaddr), &ev->bdaddr);
3621 goto unlock;
3622 }
3623
3624 /* If no side requires MITM protection; auto-accept */
3625 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3626 (!rem_mitm || conn->io_capability == 0x03)) {
3627
3628 /* If we're not the initiators request authorization to
3629 * proceed from user space (mgmt_user_confirm with
3630 * confirm_hint set to 1). */
3631 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3632 BT_DBG("Confirming auto-accept as acceptor");
3633 confirm_hint = 1;
3634 goto confirm;
3635 }
3636
3637 BT_DBG("Auto-accept of user confirmation with %ums delay",
3638 hdev->auto_accept_delay);
3639
3640 if (hdev->auto_accept_delay > 0) {
3641 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3642 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3643 goto unlock;
3644 }
3645
3646 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3647 sizeof(ev->bdaddr), &ev->bdaddr);
3648 goto unlock;
3649 }
3650
3651 confirm:
3652 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3653 confirm_hint);
3654
3655 unlock:
3656 hci_dev_unlock(hdev);
3657 }
3658
3659 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3660 struct sk_buff *skb)
3661 {
3662 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3663
3664 BT_DBG("%s", hdev->name);
3665
3666 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3667 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3668 }
3669
3670 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3671 struct sk_buff *skb)
3672 {
3673 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3674 struct hci_conn *conn;
3675
3676 BT_DBG("%s", hdev->name);
3677
3678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3679 if (!conn)
3680 return;
3681
3682 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3683 conn->passkey_entered = 0;
3684
3685 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3686 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3687 conn->dst_type, conn->passkey_notify,
3688 conn->passkey_entered);
3689 }
3690
3691 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3692 {
3693 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3694 struct hci_conn *conn;
3695
3696 BT_DBG("%s", hdev->name);
3697
3698 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3699 if (!conn)
3700 return;
3701
3702 switch (ev->type) {
3703 case HCI_KEYPRESS_STARTED:
3704 conn->passkey_entered = 0;
3705 return;
3706
3707 case HCI_KEYPRESS_ENTERED:
3708 conn->passkey_entered++;
3709 break;
3710
3711 case HCI_KEYPRESS_ERASED:
3712 conn->passkey_entered--;
3713 break;
3714
3715 case HCI_KEYPRESS_CLEARED:
3716 conn->passkey_entered = 0;
3717 break;
3718
3719 case HCI_KEYPRESS_COMPLETED:
3720 return;
3721 }
3722
3723 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3724 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3725 conn->dst_type, conn->passkey_notify,
3726 conn->passkey_entered);
3727 }
3728
3729 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3730 struct sk_buff *skb)
3731 {
3732 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3733 struct hci_conn *conn;
3734
3735 BT_DBG("%s", hdev->name);
3736
3737 hci_dev_lock(hdev);
3738
3739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3740 if (!conn)
3741 goto unlock;
3742
3743 /* To avoid duplicate auth_failed events to user space we check
3744 * the HCI_CONN_AUTH_PEND flag which will be set if we
3745 * initiated the authentication. A traditional auth_complete
3746 * event gets always produced as initiator and is also mapped to
3747 * the mgmt_auth_failed event */
3748 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3749 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3750 ev->status);
3751
3752 hci_conn_put(conn);
3753
3754 unlock:
3755 hci_dev_unlock(hdev);
3756 }
3757
3758 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3759 struct sk_buff *skb)
3760 {
3761 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3762 struct inquiry_entry *ie;
3763
3764 BT_DBG("%s", hdev->name);
3765
3766 hci_dev_lock(hdev);
3767
3768 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3769 if (ie)
3770 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3771
3772 hci_dev_unlock(hdev);
3773 }
3774
3775 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3776 struct sk_buff *skb)
3777 {
3778 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3779 struct oob_data *data;
3780
3781 BT_DBG("%s", hdev->name);
3782
3783 hci_dev_lock(hdev);
3784
3785 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3786 goto unlock;
3787
3788 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3789 if (data) {
3790 struct hci_cp_remote_oob_data_reply cp;
3791
3792 bacpy(&cp.bdaddr, &ev->bdaddr);
3793 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3794 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3795
3796 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3797 &cp);
3798 } else {
3799 struct hci_cp_remote_oob_data_neg_reply cp;
3800
3801 bacpy(&cp.bdaddr, &ev->bdaddr);
3802 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3803 &cp);
3804 }
3805
3806 unlock:
3807 hci_dev_unlock(hdev);
3808 }
3809
3810 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3811 struct sk_buff *skb)
3812 {
3813 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3814 struct hci_conn *hcon, *bredr_hcon;
3815
3816 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3817 ev->status);
3818
3819 hci_dev_lock(hdev);
3820
3821 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3822 if (!hcon) {
3823 hci_dev_unlock(hdev);
3824 return;
3825 }
3826
3827 if (ev->status) {
3828 hci_conn_del(hcon);
3829 hci_dev_unlock(hdev);
3830 return;
3831 }
3832
3833 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3834
3835 hcon->state = BT_CONNECTED;
3836 bacpy(&hcon->dst, &bredr_hcon->dst);
3837
3838 hci_conn_hold(hcon);
3839 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3840 hci_conn_put(hcon);
3841
3842 hci_conn_hold_device(hcon);
3843 hci_conn_add_sysfs(hcon);
3844
3845 amp_physical_cfm(bredr_hcon, hcon);
3846
3847 hci_dev_unlock(hdev);
3848 }
3849
3850 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3851 {
3852 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3853 struct hci_conn *hcon;
3854 struct hci_chan *hchan;
3855 struct amp_mgr *mgr;
3856
3857 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3858 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3859 ev->status);
3860
3861 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3862 if (!hcon)
3863 return;
3864
3865 /* Create AMP hchan */
3866 hchan = hci_chan_create(hcon);
3867 if (!hchan)
3868 return;
3869
3870 hchan->handle = le16_to_cpu(ev->handle);
3871
3872 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3873
3874 mgr = hcon->amp_mgr;
3875 if (mgr && mgr->bredr_chan) {
3876 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3877
3878 l2cap_chan_lock(bredr_chan);
3879
3880 bredr_chan->conn->mtu = hdev->block_mtu;
3881 l2cap_logical_cfm(bredr_chan, hchan, 0);
3882 hci_conn_hold(hcon);
3883
3884 l2cap_chan_unlock(bredr_chan);
3885 }
3886 }
3887
3888 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3889 struct sk_buff *skb)
3890 {
3891 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3892 struct hci_chan *hchan;
3893
3894 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3895 le16_to_cpu(ev->handle), ev->status);
3896
3897 if (ev->status)
3898 return;
3899
3900 hci_dev_lock(hdev);
3901
3902 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3903 if (!hchan)
3904 goto unlock;
3905
3906 amp_destroy_logical_link(hchan, ev->reason);
3907
3908 unlock:
3909 hci_dev_unlock(hdev);
3910 }
3911
3912 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3913 struct sk_buff *skb)
3914 {
3915 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3916 struct hci_conn *hcon;
3917
3918 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3919
3920 if (ev->status)
3921 return;
3922
3923 hci_dev_lock(hdev);
3924
3925 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3926 if (hcon) {
3927 hcon->state = BT_CLOSED;
3928 hci_conn_del(hcon);
3929 }
3930
3931 hci_dev_unlock(hdev);
3932 }
3933
3934 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3935 {
3936 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3937 struct hci_conn *conn;
3938
3939 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3940
3941 hci_dev_lock(hdev);
3942
3943 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3944 if (!conn) {
3945 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3946 if (!conn) {
3947 BT_ERR("No memory for new connection");
3948 goto unlock;
3949 }
3950
3951 conn->dst_type = ev->bdaddr_type;
3952
3953 if (ev->role == LE_CONN_ROLE_MASTER) {
3954 conn->out = true;
3955 conn->link_mode |= HCI_LM_MASTER;
3956 }
3957 }
3958
3959 if (ev->status) {
3960 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3961 conn->dst_type, ev->status);
3962 hci_proto_connect_cfm(conn, ev->status);
3963 conn->state = BT_CLOSED;
3964 hci_conn_del(conn);
3965 goto unlock;
3966 }
3967
3968 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3969 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3970 conn->dst_type, 0, NULL, 0, NULL);
3971
3972 conn->sec_level = BT_SECURITY_LOW;
3973 conn->handle = __le16_to_cpu(ev->handle);
3974 conn->state = BT_CONNECTED;
3975
3976 hci_conn_hold_device(conn);
3977 hci_conn_add_sysfs(conn);
3978
3979 hci_proto_connect_cfm(conn, ev->status);
3980
3981 unlock:
3982 hci_dev_unlock(hdev);
3983 }
3984
3985 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3986 {
3987 u8 num_reports = skb->data[0];
3988 void *ptr = &skb->data[1];
3989 s8 rssi;
3990
3991 while (num_reports--) {
3992 struct hci_ev_le_advertising_info *ev = ptr;
3993
3994 rssi = ev->data[ev->length];
3995 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3996 NULL, rssi, 0, 1, ev->data, ev->length);
3997
3998 ptr += sizeof(*ev) + ev->length + 1;
3999 }
4000 }
4001
4002 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4003 {
4004 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4005 struct hci_cp_le_ltk_reply cp;
4006 struct hci_cp_le_ltk_neg_reply neg;
4007 struct hci_conn *conn;
4008 struct smp_ltk *ltk;
4009
4010 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4011
4012 hci_dev_lock(hdev);
4013
4014 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4015 if (conn == NULL)
4016 goto not_found;
4017
4018 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
4019 if (ltk == NULL)
4020 goto not_found;
4021
4022 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4023 cp.handle = cpu_to_le16(conn->handle);
4024
4025 if (ltk->authenticated)
4026 conn->sec_level = BT_SECURITY_HIGH;
4027
4028 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4029
4030 if (ltk->type & HCI_SMP_STK) {
4031 list_del(&ltk->list);
4032 kfree(ltk);
4033 }
4034
4035 hci_dev_unlock(hdev);
4036
4037 return;
4038
4039 not_found:
4040 neg.handle = ev->handle;
4041 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4042 hci_dev_unlock(hdev);
4043 }
4044
4045 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4046 {
4047 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4048
4049 skb_pull(skb, sizeof(*le_ev));
4050
4051 switch (le_ev->subevent) {
4052 case HCI_EV_LE_CONN_COMPLETE:
4053 hci_le_conn_complete_evt(hdev, skb);
4054 break;
4055
4056 case HCI_EV_LE_ADVERTISING_REPORT:
4057 hci_le_adv_report_evt(hdev, skb);
4058 break;
4059
4060 case HCI_EV_LE_LTK_REQ:
4061 hci_le_ltk_request_evt(hdev, skb);
4062 break;
4063
4064 default:
4065 break;
4066 }
4067 }
4068
4069 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4070 {
4071 struct hci_ev_channel_selected *ev = (void *) skb->data;
4072 struct hci_conn *hcon;
4073
4074 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4075
4076 skb_pull(skb, sizeof(*ev));
4077
4078 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4079 if (!hcon)
4080 return;
4081
4082 amp_read_loc_assoc_final_data(hdev, hcon);
4083 }
4084
4085 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4086 {
4087 struct hci_event_hdr *hdr = (void *) skb->data;
4088 __u8 event = hdr->evt;
4089
4090 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4091
4092 switch (event) {
4093 case HCI_EV_INQUIRY_COMPLETE:
4094 hci_inquiry_complete_evt(hdev, skb);
4095 break;
4096
4097 case HCI_EV_INQUIRY_RESULT:
4098 hci_inquiry_result_evt(hdev, skb);
4099 break;
4100
4101 case HCI_EV_CONN_COMPLETE:
4102 hci_conn_complete_evt(hdev, skb);
4103 break;
4104
4105 case HCI_EV_CONN_REQUEST:
4106 hci_conn_request_evt(hdev, skb);
4107 break;
4108
4109 case HCI_EV_DISCONN_COMPLETE:
4110 hci_disconn_complete_evt(hdev, skb);
4111 break;
4112
4113 case HCI_EV_AUTH_COMPLETE:
4114 hci_auth_complete_evt(hdev, skb);
4115 break;
4116
4117 case HCI_EV_REMOTE_NAME:
4118 hci_remote_name_evt(hdev, skb);
4119 break;
4120
4121 case HCI_EV_ENCRYPT_CHANGE:
4122 hci_encrypt_change_evt(hdev, skb);
4123 break;
4124
4125 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4126 hci_change_link_key_complete_evt(hdev, skb);
4127 break;
4128
4129 case HCI_EV_REMOTE_FEATURES:
4130 hci_remote_features_evt(hdev, skb);
4131 break;
4132
4133 case HCI_EV_REMOTE_VERSION:
4134 hci_remote_version_evt(hdev, skb);
4135 break;
4136
4137 case HCI_EV_QOS_SETUP_COMPLETE:
4138 hci_qos_setup_complete_evt(hdev, skb);
4139 break;
4140
4141 case HCI_EV_CMD_COMPLETE:
4142 hci_cmd_complete_evt(hdev, skb);
4143 break;
4144
4145 case HCI_EV_CMD_STATUS:
4146 hci_cmd_status_evt(hdev, skb);
4147 break;
4148
4149 case HCI_EV_ROLE_CHANGE:
4150 hci_role_change_evt(hdev, skb);
4151 break;
4152
4153 case HCI_EV_NUM_COMP_PKTS:
4154 hci_num_comp_pkts_evt(hdev, skb);
4155 break;
4156
4157 case HCI_EV_MODE_CHANGE:
4158 hci_mode_change_evt(hdev, skb);
4159 break;
4160
4161 case HCI_EV_PIN_CODE_REQ:
4162 hci_pin_code_request_evt(hdev, skb);
4163 break;
4164
4165 case HCI_EV_LINK_KEY_REQ:
4166 hci_link_key_request_evt(hdev, skb);
4167 break;
4168
4169 case HCI_EV_LINK_KEY_NOTIFY:
4170 hci_link_key_notify_evt(hdev, skb);
4171 break;
4172
4173 case HCI_EV_CLOCK_OFFSET:
4174 hci_clock_offset_evt(hdev, skb);
4175 break;
4176
4177 case HCI_EV_PKT_TYPE_CHANGE:
4178 hci_pkt_type_change_evt(hdev, skb);
4179 break;
4180
4181 case HCI_EV_PSCAN_REP_MODE:
4182 hci_pscan_rep_mode_evt(hdev, skb);
4183 break;
4184
4185 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4186 hci_inquiry_result_with_rssi_evt(hdev, skb);
4187 break;
4188
4189 case HCI_EV_REMOTE_EXT_FEATURES:
4190 hci_remote_ext_features_evt(hdev, skb);
4191 break;
4192
4193 case HCI_EV_SYNC_CONN_COMPLETE:
4194 hci_sync_conn_complete_evt(hdev, skb);
4195 break;
4196
4197 case HCI_EV_SYNC_CONN_CHANGED:
4198 hci_sync_conn_changed_evt(hdev, skb);
4199 break;
4200
4201 case HCI_EV_SNIFF_SUBRATE:
4202 hci_sniff_subrate_evt(hdev, skb);
4203 break;
4204
4205 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4206 hci_extended_inquiry_result_evt(hdev, skb);
4207 break;
4208
4209 case HCI_EV_KEY_REFRESH_COMPLETE:
4210 hci_key_refresh_complete_evt(hdev, skb);
4211 break;
4212
4213 case HCI_EV_IO_CAPA_REQUEST:
4214 hci_io_capa_request_evt(hdev, skb);
4215 break;
4216
4217 case HCI_EV_IO_CAPA_REPLY:
4218 hci_io_capa_reply_evt(hdev, skb);
4219 break;
4220
4221 case HCI_EV_USER_CONFIRM_REQUEST:
4222 hci_user_confirm_request_evt(hdev, skb);
4223 break;
4224
4225 case HCI_EV_USER_PASSKEY_REQUEST:
4226 hci_user_passkey_request_evt(hdev, skb);
4227 break;
4228
4229 case HCI_EV_USER_PASSKEY_NOTIFY:
4230 hci_user_passkey_notify_evt(hdev, skb);
4231 break;
4232
4233 case HCI_EV_KEYPRESS_NOTIFY:
4234 hci_keypress_notify_evt(hdev, skb);
4235 break;
4236
4237 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4238 hci_simple_pair_complete_evt(hdev, skb);
4239 break;
4240
4241 case HCI_EV_REMOTE_HOST_FEATURES:
4242 hci_remote_host_features_evt(hdev, skb);
4243 break;
4244
4245 case HCI_EV_LE_META:
4246 hci_le_meta_evt(hdev, skb);
4247 break;
4248
4249 case HCI_EV_CHANNEL_SELECTED:
4250 hci_chan_selected_evt(hdev, skb);
4251 break;
4252
4253 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4254 hci_remote_oob_data_request_evt(hdev, skb);
4255 break;
4256
4257 case HCI_EV_PHY_LINK_COMPLETE:
4258 hci_phy_link_complete_evt(hdev, skb);
4259 break;
4260
4261 case HCI_EV_LOGICAL_LINK_COMPLETE:
4262 hci_loglink_complete_evt(hdev, skb);
4263 break;
4264
4265 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4266 hci_disconn_loglink_complete_evt(hdev, skb);
4267 break;
4268
4269 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4270 hci_disconn_phylink_complete_evt(hdev, skb);
4271 break;
4272
4273 case HCI_EV_NUM_COMP_BLOCKS:
4274 hci_num_comp_blocks_evt(hdev, skb);
4275 break;
4276
4277 default:
4278 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4279 break;
4280 }
4281
4282 kfree_skb(skb);
4283 hdev->stat.evt_rx++;
4284 }
Linus' kernel tree