1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI event handling. */ 26 27 #include <asm/unaligned.h> 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/mgmt.h> 32 33 #include "a2mp.h" 34 #include "amp.h" 35 36 /* Handle HCI Event packets */ 37 38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 39 { 40 __u8 status = *((__u8 *) skb->data); 41 42 BT_DBG("%s status 0x%2.2x", hdev->name, status); 43 44 if (status) 45 return; 46 47 clear_bit(HCI_INQUIRY, &hdev->flags); 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ 49 wake_up_bit(&hdev->flags, HCI_INQUIRY); 50 51 hci_conn_check_pending(hdev); 52 } 53 54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 55 { 56 __u8 status = *((__u8 *) skb->data); 57 58 BT_DBG("%s status 0x%2.2x", hdev->name, status); 59 60 if (status) 61 return; 62 63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags); 64 } 65 66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 67 { 68 __u8 status = *((__u8 *) skb->data); 69 70 BT_DBG("%s status 0x%2.2x", hdev->name, status); 71 72 if (status) 73 return; 74 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags); 76 77 hci_conn_check_pending(hdev); 78 } 79 80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, 81 struct sk_buff *skb) 82 { 83 BT_DBG("%s", hdev->name); 84 } 85 86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 87 { 88 struct hci_rp_role_discovery *rp = (void *) skb->data; 89 struct hci_conn *conn; 90 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 92 93 if (rp->status) 94 return; 95 96 hci_dev_lock(hdev); 97 98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 99 if (conn) { 100 if (rp->role) 101 conn->link_mode &= ~HCI_LM_MASTER; 102 else 103 conn->link_mode |= HCI_LM_MASTER; 104 } 105 106 hci_dev_unlock(hdev); 107 } 108 109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 110 { 111 struct hci_rp_read_link_policy *rp = (void *) skb->data; 112 struct hci_conn *conn; 113 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 115 116 if (rp->status) 117 return; 118 119 hci_dev_lock(hdev); 120 121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 122 if (conn) 123 conn->link_policy = __le16_to_cpu(rp->policy); 124 125 hci_dev_unlock(hdev); 126 } 127 128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 129 { 130 struct hci_rp_write_link_policy *rp = (void *) skb->data; 131 struct hci_conn *conn; 132 void *sent; 133 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 135 136 if (rp->status) 137 return; 138 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 140 if (!sent) 141 return; 142 143 hci_dev_lock(hdev); 144 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 146 if (conn) 147 conn->link_policy = get_unaligned_le16(sent + 2); 148 149 hci_dev_unlock(hdev); 150 } 151 152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, 153 struct sk_buff *skb) 154 { 155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 156 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 158 159 if (rp->status) 160 return; 161 162 hdev->link_policy = __le16_to_cpu(rp->policy); 163 } 164 165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, 166 struct sk_buff *skb) 167 { 168 __u8 status = *((__u8 *) skb->data); 169 void *sent; 170 171 BT_DBG("%s status 0x%2.2x", hdev->name, status); 172 173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 174 if (!sent) 175 return; 176 177 if (!status) 178 hdev->link_policy = get_unaligned_le16(sent); 179 } 180 181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 182 { 183 __u8 status = *((__u8 *) skb->data); 184 185 BT_DBG("%s status 0x%2.2x", hdev->name, status); 186 187 clear_bit(HCI_RESET, &hdev->flags); 188 189 /* Reset all non-persistent flags */ 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 191 192 hdev->discovery.state = DISCOVERY_STOPPED; 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID; 194 hdev->adv_tx_power = HCI_TX_POWER_INVALID; 195 196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data)); 197 hdev->adv_data_len = 0; 198 199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data)); 200 hdev->scan_rsp_data_len = 0; 201 202 hdev->le_scan_type = LE_SCAN_PASSIVE; 203 204 hdev->ssp_debug_mode = 0; 205 } 206 207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 208 { 209 __u8 status = *((__u8 *) skb->data); 210 void *sent; 211 212 BT_DBG("%s status 0x%2.2x", hdev->name, status); 213 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 215 if (!sent) 216 return; 217 218 hci_dev_lock(hdev); 219 220 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 221 mgmt_set_local_name_complete(hdev, sent, status); 222 else if (!status) 223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); 224 225 hci_dev_unlock(hdev); 226 } 227 228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 229 { 230 struct hci_rp_read_local_name *rp = (void *) skb->data; 231 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 233 234 if (rp->status) 235 return; 236 237 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 239 } 240 241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 242 { 243 __u8 status = *((__u8 *) skb->data); 244 void *sent; 245 246 BT_DBG("%s status 0x%2.2x", hdev->name, status); 247 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 249 if (!sent) 250 return; 251 252 if (!status) { 253 __u8 param = *((__u8 *) sent); 254 255 if (param == AUTH_ENABLED) 256 set_bit(HCI_AUTH, &hdev->flags); 257 else 258 clear_bit(HCI_AUTH, &hdev->flags); 259 } 260 261 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 262 mgmt_auth_enable_complete(hdev, status); 263 } 264 265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 266 { 267 __u8 status = *((__u8 *) skb->data); 268 void *sent; 269 270 BT_DBG("%s status 0x%2.2x", hdev->name, status); 271 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 273 if (!sent) 274 return; 275 276 if (!status) { 277 __u8 param = *((__u8 *) sent); 278 279 if (param) 280 set_bit(HCI_ENCRYPT, &hdev->flags); 281 else 282 clear_bit(HCI_ENCRYPT, &hdev->flags); 283 } 284 } 285 286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 287 { 288 __u8 param, status = *((__u8 *) skb->data); 289 int old_pscan, old_iscan; 290 void *sent; 291 292 BT_DBG("%s status 0x%2.2x", hdev->name, status); 293 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 295 if (!sent) 296 return; 297 298 param = *((__u8 *) sent); 299 300 hci_dev_lock(hdev); 301 302 if (status) { 303 mgmt_write_scan_failed(hdev, param, status); 304 hdev->discov_timeout = 0; 305 goto done; 306 } 307 308 /* We need to ensure that we set this back on if someone changed 309 * the scan mode through a raw HCI socket. 310 */ 311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 312 313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 315 316 if (param & SCAN_INQUIRY) { 317 set_bit(HCI_ISCAN, &hdev->flags); 318 if (!old_iscan) 319 mgmt_discoverable(hdev, 1); 320 } else if (old_iscan) 321 mgmt_discoverable(hdev, 0); 322 323 if (param & SCAN_PAGE) { 324 set_bit(HCI_PSCAN, &hdev->flags); 325 if (!old_pscan) 326 mgmt_connectable(hdev, 1); 327 } else if (old_pscan) 328 mgmt_connectable(hdev, 0); 329 330 done: 331 hci_dev_unlock(hdev); 332 } 333 334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 335 { 336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 337 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 339 340 if (rp->status) 341 return; 342 343 memcpy(hdev->dev_class, rp->dev_class, 3); 344 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 347 } 348 349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 350 { 351 __u8 status = *((__u8 *) skb->data); 352 void *sent; 353 354 BT_DBG("%s status 0x%2.2x", hdev->name, status); 355 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 357 if (!sent) 358 return; 359 360 hci_dev_lock(hdev); 361 362 if (status == 0) 363 memcpy(hdev->dev_class, sent, 3); 364 365 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 366 mgmt_set_class_of_dev_complete(hdev, sent, status); 367 368 hci_dev_unlock(hdev); 369 } 370 371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 372 { 373 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 374 __u16 setting; 375 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 377 378 if (rp->status) 379 return; 380 381 setting = __le16_to_cpu(rp->voice_setting); 382 383 if (hdev->voice_setting == setting) 384 return; 385 386 hdev->voice_setting = setting; 387 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting); 389 390 if (hdev->notify) 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 392 } 393 394 static void hci_cc_write_voice_setting(struct hci_dev *hdev, 395 struct sk_buff *skb) 396 { 397 __u8 status = *((__u8 *) skb->data); 398 __u16 setting; 399 void *sent; 400 401 BT_DBG("%s status 0x%2.2x", hdev->name, status); 402 403 if (status) 404 return; 405 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 407 if (!sent) 408 return; 409 410 setting = get_unaligned_le16(sent); 411 412 if (hdev->voice_setting == setting) 413 return; 414 415 hdev->voice_setting = setting; 416 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting); 418 419 if (hdev->notify) 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 421 } 422 423 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev, 424 struct sk_buff *skb) 425 { 426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data; 427 428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 429 430 if (rp->status) 431 return; 432 433 hdev->num_iac = rp->num_iac; 434 435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac); 436 } 437 438 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 439 { 440 __u8 status = *((__u8 *) skb->data); 441 struct hci_cp_write_ssp_mode *sent; 442 443 BT_DBG("%s status 0x%2.2x", hdev->name, status); 444 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 446 if (!sent) 447 return; 448 449 if (!status) { 450 if (sent->mode) 451 hdev->features[1][0] |= LMP_HOST_SSP; 452 else 453 hdev->features[1][0] &= ~LMP_HOST_SSP; 454 } 455 456 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 457 mgmt_ssp_enable_complete(hdev, sent->mode, status); 458 else if (!status) { 459 if (sent->mode) 460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 461 else 462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 463 } 464 } 465 466 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) 467 { 468 u8 status = *((u8 *) skb->data); 469 struct hci_cp_write_sc_support *sent; 470 471 BT_DBG("%s status 0x%2.2x", hdev->name, status); 472 473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT); 474 if (!sent) 475 return; 476 477 if (!status) { 478 if (sent->support) 479 hdev->features[1][0] |= LMP_HOST_SC; 480 else 481 hdev->features[1][0] &= ~LMP_HOST_SC; 482 } 483 484 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 485 mgmt_sc_enable_complete(hdev, sent->support, status); 486 else if (!status) { 487 if (sent->support) 488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags); 489 else 490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); 491 } 492 } 493 494 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 495 { 496 struct hci_rp_read_local_version *rp = (void *) skb->data; 497 498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 499 500 if (rp->status) 501 return; 502 503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) { 504 hdev->hci_ver = rp->hci_ver; 505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 506 hdev->lmp_ver = rp->lmp_ver; 507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 509 } 510 } 511 512 static void hci_cc_read_local_commands(struct hci_dev *hdev, 513 struct sk_buff *skb) 514 { 515 struct hci_rp_read_local_commands *rp = (void *) skb->data; 516 517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 518 519 if (rp->status) 520 return; 521 522 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 524 } 525 526 static void hci_cc_read_local_features(struct hci_dev *hdev, 527 struct sk_buff *skb) 528 { 529 struct hci_rp_read_local_features *rp = (void *) skb->data; 530 531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 532 533 if (rp->status) 534 return; 535 536 memcpy(hdev->features, rp->features, 8); 537 538 /* Adjust default settings according to features 539 * supported by device. */ 540 541 if (hdev->features[0][0] & LMP_3SLOT) 542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 543 544 if (hdev->features[0][0] & LMP_5SLOT) 545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 546 547 if (hdev->features[0][1] & LMP_HV2) { 548 hdev->pkt_type |= (HCI_HV2); 549 hdev->esco_type |= (ESCO_HV2); 550 } 551 552 if (hdev->features[0][1] & LMP_HV3) { 553 hdev->pkt_type |= (HCI_HV3); 554 hdev->esco_type |= (ESCO_HV3); 555 } 556 557 if (lmp_esco_capable(hdev)) 558 hdev->esco_type |= (ESCO_EV3); 559 560 if (hdev->features[0][4] & LMP_EV4) 561 hdev->esco_type |= (ESCO_EV4); 562 563 if (hdev->features[0][4] & LMP_EV5) 564 hdev->esco_type |= (ESCO_EV5); 565 566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M) 567 hdev->esco_type |= (ESCO_2EV3); 568 569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M) 570 hdev->esco_type |= (ESCO_3EV3); 571 572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO) 573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 574 } 575 576 static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 577 struct sk_buff *skb) 578 { 579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data; 580 581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 582 583 if (rp->status) 584 return; 585 586 if (hdev->max_page < rp->max_page) 587 hdev->max_page = rp->max_page; 588 589 if (rp->page < HCI_MAX_PAGES) 590 memcpy(hdev->features[rp->page], rp->features, 8); 591 } 592 593 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, 594 struct sk_buff *skb) 595 { 596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data; 597 598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 599 600 if (!rp->status) 601 hdev->flow_ctl_mode = rp->mode; 602 } 603 604 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 605 { 606 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 607 608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 609 610 if (rp->status) 611 return; 612 613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 614 hdev->sco_mtu = rp->sco_mtu; 615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 617 618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 619 hdev->sco_mtu = 64; 620 hdev->sco_pkts = 8; 621 } 622 623 hdev->acl_cnt = hdev->acl_pkts; 624 hdev->sco_cnt = hdev->sco_pkts; 625 626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, 627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); 628 } 629 630 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 631 { 632 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 633 634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 635 636 if (!rp->status) 637 bacpy(&hdev->bdaddr, &rp->bdaddr); 638 } 639 640 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev, 641 struct sk_buff *skb) 642 { 643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data; 644 645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 646 647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) { 648 hdev->page_scan_interval = __le16_to_cpu(rp->interval); 649 hdev->page_scan_window = __le16_to_cpu(rp->window); 650 } 651 } 652 653 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev, 654 struct sk_buff *skb) 655 { 656 u8 status = *((u8 *) skb->data); 657 struct hci_cp_write_page_scan_activity *sent; 658 659 BT_DBG("%s status 0x%2.2x", hdev->name, status); 660 661 if (status) 662 return; 663 664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY); 665 if (!sent) 666 return; 667 668 hdev->page_scan_interval = __le16_to_cpu(sent->interval); 669 hdev->page_scan_window = __le16_to_cpu(sent->window); 670 } 671 672 static void hci_cc_read_page_scan_type(struct hci_dev *hdev, 673 struct sk_buff *skb) 674 { 675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data; 676 677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 678 679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) 680 hdev->page_scan_type = rp->type; 681 } 682 683 static void hci_cc_write_page_scan_type(struct hci_dev *hdev, 684 struct sk_buff *skb) 685 { 686 u8 status = *((u8 *) skb->data); 687 u8 *type; 688 689 BT_DBG("%s status 0x%2.2x", hdev->name, status); 690 691 if (status) 692 return; 693 694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE); 695 if (type) 696 hdev->page_scan_type = *type; 697 } 698 699 static void hci_cc_read_data_block_size(struct hci_dev *hdev, 700 struct sk_buff *skb) 701 { 702 struct hci_rp_read_data_block_size *rp = (void *) skb->data; 703 704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 705 706 if (rp->status) 707 return; 708 709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len); 710 hdev->block_len = __le16_to_cpu(rp->block_len); 711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks); 712 713 hdev->block_cnt = hdev->num_blocks; 714 715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu, 716 hdev->block_cnt, hdev->block_len); 717 } 718 719 static void hci_cc_read_local_amp_info(struct hci_dev *hdev, 720 struct sk_buff *skb) 721 { 722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data; 723 724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 725 726 if (rp->status) 727 goto a2mp_rsp; 728 729 hdev->amp_status = rp->amp_status; 730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw); 731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw); 732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency); 733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu); 734 hdev->amp_type = rp->amp_type; 735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap); 736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size); 737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to); 738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to); 739 740 a2mp_rsp: 741 a2mp_send_getinfo_rsp(hdev); 742 } 743 744 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev, 745 struct sk_buff *skb) 746 { 747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data; 748 struct amp_assoc *assoc = &hdev->loc_assoc; 749 size_t rem_len, frag_len; 750 751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 752 753 if (rp->status) 754 goto a2mp_rsp; 755 756 frag_len = skb->len - sizeof(*rp); 757 rem_len = __le16_to_cpu(rp->rem_len); 758 759 if (rem_len > frag_len) { 760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len); 761 762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len); 763 assoc->offset += frag_len; 764 765 /* Read other fragments */ 766 amp_read_loc_assoc_frag(hdev, rp->phy_handle); 767 768 return; 769 } 770 771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len); 772 assoc->len = assoc->offset + rem_len; 773 assoc->offset = 0; 774 775 a2mp_rsp: 776 /* Send A2MP Rsp when all fragments are received */ 777 a2mp_send_getampassoc_rsp(hdev, rp->status); 778 a2mp_send_create_phy_link_req(hdev, rp->status); 779 } 780 781 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev, 782 struct sk_buff *skb) 783 { 784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data; 785 786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 787 788 if (!rp->status) 789 hdev->inq_tx_power = rp->tx_power; 790 } 791 792 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb) 793 { 794 struct hci_rp_pin_code_reply *rp = (void *) skb->data; 795 struct hci_cp_pin_code_reply *cp; 796 struct hci_conn *conn; 797 798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 799 800 hci_dev_lock(hdev); 801 802 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status); 804 805 if (rp->status) 806 goto unlock; 807 808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY); 809 if (!cp) 810 goto unlock; 811 812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 813 if (conn) 814 conn->pin_length = cp->pin_len; 815 816 unlock: 817 hci_dev_unlock(hdev); 818 } 819 820 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) 821 { 822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 823 824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 825 826 hci_dev_lock(hdev); 827 828 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr, 830 rp->status); 831 832 hci_dev_unlock(hdev); 833 } 834 835 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev, 836 struct sk_buff *skb) 837 { 838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 839 840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 841 842 if (rp->status) 843 return; 844 845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu); 846 hdev->le_pkts = rp->le_max_pkt; 847 848 hdev->le_cnt = hdev->le_pkts; 849 850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); 851 } 852 853 static void hci_cc_le_read_local_features(struct hci_dev *hdev, 854 struct sk_buff *skb) 855 { 856 struct hci_rp_le_read_local_features *rp = (void *) skb->data; 857 858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 859 860 if (!rp->status) 861 memcpy(hdev->le_features, rp->features, 8); 862 } 863 864 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev, 865 struct sk_buff *skb) 866 { 867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data; 868 869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 870 871 if (!rp->status) 872 hdev->adv_tx_power = rp->tx_power; 873 } 874 875 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb) 876 { 877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 878 879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 880 881 hci_dev_lock(hdev); 882 883 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0, 885 rp->status); 886 887 hci_dev_unlock(hdev); 888 } 889 890 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev, 891 struct sk_buff *skb) 892 { 893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 894 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 896 897 hci_dev_lock(hdev); 898 899 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr, 901 ACL_LINK, 0, rp->status); 902 903 hci_dev_unlock(hdev); 904 } 905 906 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb) 907 { 908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 909 910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 911 912 hci_dev_lock(hdev); 913 914 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 916 0, rp->status); 917 918 hci_dev_unlock(hdev); 919 } 920 921 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev, 922 struct sk_buff *skb) 923 { 924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 925 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 927 928 hci_dev_lock(hdev); 929 930 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr, 932 ACL_LINK, 0, rp->status); 933 934 hci_dev_unlock(hdev); 935 } 936 937 static void hci_cc_read_local_oob_data(struct hci_dev *hdev, 938 struct sk_buff *skb) 939 { 940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 941 942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 943 944 hci_dev_lock(hdev); 945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer, 946 NULL, NULL, rp->status); 947 hci_dev_unlock(hdev); 948 } 949 950 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev, 951 struct sk_buff *skb) 952 { 953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 954 955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 956 957 hci_dev_lock(hdev); 958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192, 959 rp->hash256, rp->randomizer256, 960 rp->status); 961 hci_dev_unlock(hdev); 962 } 963 964 965 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb) 966 { 967 __u8 status = *((__u8 *) skb->data); 968 bdaddr_t *sent; 969 970 BT_DBG("%s status 0x%2.2x", hdev->name, status); 971 972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR); 973 if (!sent) 974 return; 975 976 hci_dev_lock(hdev); 977 978 if (!status) 979 bacpy(&hdev->random_addr, sent); 980 981 hci_dev_unlock(hdev); 982 } 983 984 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb) 985 { 986 __u8 *sent, status = *((__u8 *) skb->data); 987 988 BT_DBG("%s status 0x%2.2x", hdev->name, status); 989 990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE); 991 if (!sent) 992 return; 993 994 hci_dev_lock(hdev); 995 996 if (!status) 997 mgmt_advertising(hdev, *sent); 998 999 hci_dev_unlock(hdev); 1000 } 1001 1002 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb) 1003 { 1004 struct hci_cp_le_set_scan_param *cp; 1005 __u8 status = *((__u8 *) skb->data); 1006 1007 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1008 1009 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM); 1010 if (!cp) 1011 return; 1012 1013 hci_dev_lock(hdev); 1014 1015 if (!status) 1016 hdev->le_scan_type = cp->type; 1017 1018 hci_dev_unlock(hdev); 1019 } 1020 1021 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, 1022 struct sk_buff *skb) 1023 { 1024 struct hci_cp_le_set_scan_enable *cp; 1025 __u8 status = *((__u8 *) skb->data); 1026 1027 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1028 1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); 1030 if (!cp) 1031 return; 1032 1033 if (status) 1034 return; 1035 1036 switch (cp->enable) { 1037 case LE_SCAN_ENABLE: 1038 set_bit(HCI_LE_SCAN, &hdev->dev_flags); 1039 break; 1040 1041 case LE_SCAN_DISABLE: 1042 /* Cancel this timer so that we don't try to disable scanning 1043 * when it's already disabled. 1044 */ 1045 cancel_delayed_work(&hdev->le_scan_disable); 1046 1047 clear_bit(HCI_LE_SCAN, &hdev->dev_flags); 1048 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we 1049 * interrupted scanning due to a connect request. Mark 1050 * therefore discovery as stopped. 1051 */ 1052 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED, 1053 &hdev->dev_flags)) 1054 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1055 break; 1056 1057 default: 1058 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable); 1059 break; 1060 } 1061 } 1062 1063 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, 1064 struct sk_buff *skb) 1065 { 1066 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data; 1067 1068 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size); 1069 1070 if (!rp->status) 1071 hdev->le_white_list_size = rp->size; 1072 } 1073 1074 static void hci_cc_le_clear_white_list(struct hci_dev *hdev, 1075 struct sk_buff *skb) 1076 { 1077 __u8 status = *((__u8 *) skb->data); 1078 1079 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1080 1081 if (!status) 1082 hci_white_list_clear(hdev); 1083 } 1084 1085 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev, 1086 struct sk_buff *skb) 1087 { 1088 struct hci_cp_le_add_to_white_list *sent; 1089 __u8 status = *((__u8 *) skb->data); 1090 1091 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1092 1093 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST); 1094 if (!sent) 1095 return; 1096 1097 if (!status) 1098 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type); 1099 } 1100 1101 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev, 1102 struct sk_buff *skb) 1103 { 1104 struct hci_cp_le_del_from_white_list *sent; 1105 __u8 status = *((__u8 *) skb->data); 1106 1107 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1108 1109 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST); 1110 if (!sent) 1111 return; 1112 1113 if (!status) 1114 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type); 1115 } 1116 1117 static void hci_cc_le_read_supported_states(struct hci_dev *hdev, 1118 struct sk_buff *skb) 1119 { 1120 struct hci_rp_le_read_supported_states *rp = (void *) skb->data; 1121 1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1123 1124 if (!rp->status) 1125 memcpy(hdev->le_states, rp->le_states, 8); 1126 } 1127 1128 static void hci_cc_write_le_host_supported(struct hci_dev *hdev, 1129 struct sk_buff *skb) 1130 { 1131 struct hci_cp_write_le_host_supported *sent; 1132 __u8 status = *((__u8 *) skb->data); 1133 1134 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1135 1136 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED); 1137 if (!sent) 1138 return; 1139 1140 if (!status) { 1141 if (sent->le) { 1142 hdev->features[1][0] |= LMP_HOST_LE; 1143 set_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1144 } else { 1145 hdev->features[1][0] &= ~LMP_HOST_LE; 1146 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1147 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 1148 } 1149 1150 if (sent->simul) 1151 hdev->features[1][0] |= LMP_HOST_LE_BREDR; 1152 else 1153 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; 1154 } 1155 } 1156 1157 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb) 1158 { 1159 struct hci_cp_le_set_adv_param *cp; 1160 u8 status = *((u8 *) skb->data); 1161 1162 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1163 1164 if (status) 1165 return; 1166 1167 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM); 1168 if (!cp) 1169 return; 1170 1171 hci_dev_lock(hdev); 1172 hdev->adv_addr_type = cp->own_address_type; 1173 hci_dev_unlock(hdev); 1174 } 1175 1176 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev, 1177 struct sk_buff *skb) 1178 { 1179 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data; 1180 1181 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x", 1182 hdev->name, rp->status, rp->phy_handle); 1183 1184 if (rp->status) 1185 return; 1186 1187 amp_write_rem_assoc_continue(hdev, rp->phy_handle); 1188 } 1189 1190 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1191 { 1192 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1193 1194 if (status) { 1195 hci_conn_check_pending(hdev); 1196 return; 1197 } 1198 1199 set_bit(HCI_INQUIRY, &hdev->flags); 1200 } 1201 1202 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 1203 { 1204 struct hci_cp_create_conn *cp; 1205 struct hci_conn *conn; 1206 1207 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1208 1209 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 1210 if (!cp) 1211 return; 1212 1213 hci_dev_lock(hdev); 1214 1215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1216 1217 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn); 1218 1219 if (status) { 1220 if (conn && conn->state == BT_CONNECT) { 1221 if (status != 0x0c || conn->attempt > 2) { 1222 conn->state = BT_CLOSED; 1223 hci_proto_connect_cfm(conn, status); 1224 hci_conn_del(conn); 1225 } else 1226 conn->state = BT_CONNECT2; 1227 } 1228 } else { 1229 if (!conn) { 1230 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 1231 if (conn) { 1232 conn->out = true; 1233 conn->link_mode |= HCI_LM_MASTER; 1234 } else 1235 BT_ERR("No memory for new connection"); 1236 } 1237 } 1238 1239 hci_dev_unlock(hdev); 1240 } 1241 1242 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 1243 { 1244 struct hci_cp_add_sco *cp; 1245 struct hci_conn *acl, *sco; 1246 __u16 handle; 1247 1248 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1249 1250 if (!status) 1251 return; 1252 1253 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 1254 if (!cp) 1255 return; 1256 1257 handle = __le16_to_cpu(cp->handle); 1258 1259 BT_DBG("%s handle 0x%4.4x", hdev->name, handle); 1260 1261 hci_dev_lock(hdev); 1262 1263 acl = hci_conn_hash_lookup_handle(hdev, handle); 1264 if (acl) { 1265 sco = acl->link; 1266 if (sco) { 1267 sco->state = BT_CLOSED; 1268 1269 hci_proto_connect_cfm(sco, status); 1270 hci_conn_del(sco); 1271 } 1272 } 1273 1274 hci_dev_unlock(hdev); 1275 } 1276 1277 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 1278 { 1279 struct hci_cp_auth_requested *cp; 1280 struct hci_conn *conn; 1281 1282 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1283 1284 if (!status) 1285 return; 1286 1287 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 1288 if (!cp) 1289 return; 1290 1291 hci_dev_lock(hdev); 1292 1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1294 if (conn) { 1295 if (conn->state == BT_CONFIG) { 1296 hci_proto_connect_cfm(conn, status); 1297 hci_conn_drop(conn); 1298 } 1299 } 1300 1301 hci_dev_unlock(hdev); 1302 } 1303 1304 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 1305 { 1306 struct hci_cp_set_conn_encrypt *cp; 1307 struct hci_conn *conn; 1308 1309 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1310 1311 if (!status) 1312 return; 1313 1314 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 1315 if (!cp) 1316 return; 1317 1318 hci_dev_lock(hdev); 1319 1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1321 if (conn) { 1322 if (conn->state == BT_CONFIG) { 1323 hci_proto_connect_cfm(conn, status); 1324 hci_conn_drop(conn); 1325 } 1326 } 1327 1328 hci_dev_unlock(hdev); 1329 } 1330 1331 static int hci_outgoing_auth_needed(struct hci_dev *hdev, 1332 struct hci_conn *conn) 1333 { 1334 if (conn->state != BT_CONFIG || !conn->out) 1335 return 0; 1336 1337 if (conn->pending_sec_level == BT_SECURITY_SDP) 1338 return 0; 1339 1340 /* Only request authentication for SSP connections or non-SSP 1341 * devices with sec_level MEDIUM or HIGH or if MITM protection 1342 * is requested. 1343 */ 1344 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) && 1345 conn->pending_sec_level != BT_SECURITY_HIGH && 1346 conn->pending_sec_level != BT_SECURITY_MEDIUM) 1347 return 0; 1348 1349 return 1; 1350 } 1351 1352 static int hci_resolve_name(struct hci_dev *hdev, 1353 struct inquiry_entry *e) 1354 { 1355 struct hci_cp_remote_name_req cp; 1356 1357 memset(&cp, 0, sizeof(cp)); 1358 1359 bacpy(&cp.bdaddr, &e->data.bdaddr); 1360 cp.pscan_rep_mode = e->data.pscan_rep_mode; 1361 cp.pscan_mode = e->data.pscan_mode; 1362 cp.clock_offset = e->data.clock_offset; 1363 1364 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 1365 } 1366 1367 static bool hci_resolve_next_name(struct hci_dev *hdev) 1368 { 1369 struct discovery_state *discov = &hdev->discovery; 1370 struct inquiry_entry *e; 1371 1372 if (list_empty(&discov->resolve)) 1373 return false; 1374 1375 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED); 1376 if (!e) 1377 return false; 1378 1379 if (hci_resolve_name(hdev, e) == 0) { 1380 e->name_state = NAME_PENDING; 1381 return true; 1382 } 1383 1384 return false; 1385 } 1386 1387 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn, 1388 bdaddr_t *bdaddr, u8 *name, u8 name_len) 1389 { 1390 struct discovery_state *discov = &hdev->discovery; 1391 struct inquiry_entry *e; 1392 1393 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 1394 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name, 1395 name_len, conn->dev_class); 1396 1397 if (discov->state == DISCOVERY_STOPPED) 1398 return; 1399 1400 if (discov->state == DISCOVERY_STOPPING) 1401 goto discov_complete; 1402 1403 if (discov->state != DISCOVERY_RESOLVING) 1404 return; 1405 1406 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); 1407 /* If the device was not found in a list of found devices names of which 1408 * are pending. there is no need to continue resolving a next name as it 1409 * will be done upon receiving another Remote Name Request Complete 1410 * Event */ 1411 if (!e) 1412 return; 1413 1414 list_del(&e->list); 1415 if (name) { 1416 e->name_state = NAME_KNOWN; 1417 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, 1418 e->data.rssi, name, name_len); 1419 } else { 1420 e->name_state = NAME_NOT_KNOWN; 1421 } 1422 1423 if (hci_resolve_next_name(hdev)) 1424 return; 1425 1426 discov_complete: 1427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1428 } 1429 1430 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1431 { 1432 struct hci_cp_remote_name_req *cp; 1433 struct hci_conn *conn; 1434 1435 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1436 1437 /* If successful wait for the name req complete event before 1438 * checking for the need to do authentication */ 1439 if (!status) 1440 return; 1441 1442 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ); 1443 if (!cp) 1444 return; 1445 1446 hci_dev_lock(hdev); 1447 1448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1449 1450 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1451 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0); 1452 1453 if (!conn) 1454 goto unlock; 1455 1456 if (!hci_outgoing_auth_needed(hdev, conn)) 1457 goto unlock; 1458 1459 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 1460 struct hci_cp_auth_requested auth_cp; 1461 1462 auth_cp.handle = __cpu_to_le16(conn->handle); 1463 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1464 sizeof(auth_cp), &auth_cp); 1465 } 1466 1467 unlock: 1468 hci_dev_unlock(hdev); 1469 } 1470 1471 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 1472 { 1473 struct hci_cp_read_remote_features *cp; 1474 struct hci_conn *conn; 1475 1476 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1477 1478 if (!status) 1479 return; 1480 1481 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 1482 if (!cp) 1483 return; 1484 1485 hci_dev_lock(hdev); 1486 1487 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1488 if (conn) { 1489 if (conn->state == BT_CONFIG) { 1490 hci_proto_connect_cfm(conn, status); 1491 hci_conn_drop(conn); 1492 } 1493 } 1494 1495 hci_dev_unlock(hdev); 1496 } 1497 1498 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 1499 { 1500 struct hci_cp_read_remote_ext_features *cp; 1501 struct hci_conn *conn; 1502 1503 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1504 1505 if (!status) 1506 return; 1507 1508 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 1509 if (!cp) 1510 return; 1511 1512 hci_dev_lock(hdev); 1513 1514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1515 if (conn) { 1516 if (conn->state == BT_CONFIG) { 1517 hci_proto_connect_cfm(conn, status); 1518 hci_conn_drop(conn); 1519 } 1520 } 1521 1522 hci_dev_unlock(hdev); 1523 } 1524 1525 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 1526 { 1527 struct hci_cp_setup_sync_conn *cp; 1528 struct hci_conn *acl, *sco; 1529 __u16 handle; 1530 1531 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1532 1533 if (!status) 1534 return; 1535 1536 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 1537 if (!cp) 1538 return; 1539 1540 handle = __le16_to_cpu(cp->handle); 1541 1542 BT_DBG("%s handle 0x%4.4x", hdev->name, handle); 1543 1544 hci_dev_lock(hdev); 1545 1546 acl = hci_conn_hash_lookup_handle(hdev, handle); 1547 if (acl) { 1548 sco = acl->link; 1549 if (sco) { 1550 sco->state = BT_CLOSED; 1551 1552 hci_proto_connect_cfm(sco, status); 1553 hci_conn_del(sco); 1554 } 1555 } 1556 1557 hci_dev_unlock(hdev); 1558 } 1559 1560 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 1561 { 1562 struct hci_cp_sniff_mode *cp; 1563 struct hci_conn *conn; 1564 1565 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1566 1567 if (!status) 1568 return; 1569 1570 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 1571 if (!cp) 1572 return; 1573 1574 hci_dev_lock(hdev); 1575 1576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1577 if (conn) { 1578 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); 1579 1580 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 1581 hci_sco_setup(conn, status); 1582 } 1583 1584 hci_dev_unlock(hdev); 1585 } 1586 1587 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 1588 { 1589 struct hci_cp_exit_sniff_mode *cp; 1590 struct hci_conn *conn; 1591 1592 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1593 1594 if (!status) 1595 return; 1596 1597 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 1598 if (!cp) 1599 return; 1600 1601 hci_dev_lock(hdev); 1602 1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1604 if (conn) { 1605 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); 1606 1607 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 1608 hci_sco_setup(conn, status); 1609 } 1610 1611 hci_dev_unlock(hdev); 1612 } 1613 1614 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status) 1615 { 1616 struct hci_cp_disconnect *cp; 1617 struct hci_conn *conn; 1618 1619 if (!status) 1620 return; 1621 1622 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT); 1623 if (!cp) 1624 return; 1625 1626 hci_dev_lock(hdev); 1627 1628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1629 if (conn) 1630 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, 1631 conn->dst_type, status); 1632 1633 hci_dev_unlock(hdev); 1634 } 1635 1636 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status) 1637 { 1638 struct hci_cp_create_phy_link *cp; 1639 1640 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1641 1642 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK); 1643 if (!cp) 1644 return; 1645 1646 hci_dev_lock(hdev); 1647 1648 if (status) { 1649 struct hci_conn *hcon; 1650 1651 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle); 1652 if (hcon) 1653 hci_conn_del(hcon); 1654 } else { 1655 amp_write_remote_assoc(hdev, cp->phy_handle); 1656 } 1657 1658 hci_dev_unlock(hdev); 1659 } 1660 1661 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status) 1662 { 1663 struct hci_cp_accept_phy_link *cp; 1664 1665 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1666 1667 if (status) 1668 return; 1669 1670 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK); 1671 if (!cp) 1672 return; 1673 1674 amp_write_remote_assoc(hdev, cp->phy_handle); 1675 } 1676 1677 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status) 1678 { 1679 struct hci_cp_le_create_conn *cp; 1680 struct hci_conn *conn; 1681 1682 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1683 1684 /* All connection failure handling is taken care of by the 1685 * hci_le_conn_failed function which is triggered by the HCI 1686 * request completion callbacks used for connecting. 1687 */ 1688 if (status) 1689 return; 1690 1691 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); 1692 if (!cp) 1693 return; 1694 1695 hci_dev_lock(hdev); 1696 1697 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr); 1698 if (!conn) 1699 goto unlock; 1700 1701 /* Store the initiator and responder address information which 1702 * is needed for SMP. These values will not change during the 1703 * lifetime of the connection. 1704 */ 1705 conn->init_addr_type = cp->own_address_type; 1706 if (cp->own_address_type == ADDR_LE_DEV_RANDOM) 1707 bacpy(&conn->init_addr, &hdev->random_addr); 1708 else 1709 bacpy(&conn->init_addr, &hdev->bdaddr); 1710 1711 conn->resp_addr_type = cp->peer_addr_type; 1712 bacpy(&conn->resp_addr, &cp->peer_addr); 1713 1714 /* We don't want the connection attempt to stick around 1715 * indefinitely since LE doesn't have a page timeout concept 1716 * like BR/EDR. Set a timer for any connection that doesn't use 1717 * the white list for connecting. 1718 */ 1719 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR) 1720 queue_delayed_work(conn->hdev->workqueue, 1721 &conn->le_conn_timeout, 1722 HCI_LE_CONN_TIMEOUT); 1723 1724 unlock: 1725 hci_dev_unlock(hdev); 1726 } 1727 1728 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) 1729 { 1730 struct hci_cp_le_start_enc *cp; 1731 struct hci_conn *conn; 1732 1733 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1734 1735 if (!status) 1736 return; 1737 1738 hci_dev_lock(hdev); 1739 1740 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC); 1741 if (!cp) 1742 goto unlock; 1743 1744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1745 if (!conn) 1746 goto unlock; 1747 1748 if (conn->state != BT_CONNECTED) 1749 goto unlock; 1750 1751 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 1752 hci_conn_drop(conn); 1753 1754 unlock: 1755 hci_dev_unlock(hdev); 1756 } 1757 1758 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1759 { 1760 __u8 status = *((__u8 *) skb->data); 1761 struct discovery_state *discov = &hdev->discovery; 1762 struct inquiry_entry *e; 1763 1764 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1765 1766 hci_conn_check_pending(hdev); 1767 1768 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1769 return; 1770 1771 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ 1772 wake_up_bit(&hdev->flags, HCI_INQUIRY); 1773 1774 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1775 return; 1776 1777 hci_dev_lock(hdev); 1778 1779 if (discov->state != DISCOVERY_FINDING) 1780 goto unlock; 1781 1782 if (list_empty(&discov->resolve)) { 1783 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1784 goto unlock; 1785 } 1786 1787 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED); 1788 if (e && hci_resolve_name(hdev, e) == 0) { 1789 e->name_state = NAME_PENDING; 1790 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING); 1791 } else { 1792 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1793 } 1794 1795 unlock: 1796 hci_dev_unlock(hdev); 1797 } 1798 1799 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1800 { 1801 struct inquiry_data data; 1802 struct inquiry_info *info = (void *) (skb->data + 1); 1803 int num_rsp = *((__u8 *) skb->data); 1804 1805 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1806 1807 if (!num_rsp) 1808 return; 1809 1810 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 1811 return; 1812 1813 hci_dev_lock(hdev); 1814 1815 for (; num_rsp; num_rsp--, info++) { 1816 bool name_known, ssp; 1817 1818 bacpy(&data.bdaddr, &info->bdaddr); 1819 data.pscan_rep_mode = info->pscan_rep_mode; 1820 data.pscan_period_mode = info->pscan_period_mode; 1821 data.pscan_mode = info->pscan_mode; 1822 memcpy(data.dev_class, info->dev_class, 3); 1823 data.clock_offset = info->clock_offset; 1824 data.rssi = 0x00; 1825 data.ssp_mode = 0x00; 1826 1827 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp); 1828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 1829 info->dev_class, 0, !name_known, ssp, NULL, 1830 0); 1831 } 1832 1833 hci_dev_unlock(hdev); 1834 } 1835 1836 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1837 { 1838 struct hci_ev_conn_complete *ev = (void *) skb->data; 1839 struct hci_conn *conn; 1840 1841 BT_DBG("%s", hdev->name); 1842 1843 hci_dev_lock(hdev); 1844 1845 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1846 if (!conn) { 1847 if (ev->link_type != SCO_LINK) 1848 goto unlock; 1849 1850 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1851 if (!conn) 1852 goto unlock; 1853 1854 conn->type = SCO_LINK; 1855 } 1856 1857 if (!ev->status) { 1858 conn->handle = __le16_to_cpu(ev->handle); 1859 1860 if (conn->type == ACL_LINK) { 1861 conn->state = BT_CONFIG; 1862 hci_conn_hold(conn); 1863 1864 if (!conn->out && !hci_conn_ssp_enabled(conn) && 1865 !hci_find_link_key(hdev, &ev->bdaddr)) 1866 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 1867 else 1868 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1869 } else 1870 conn->state = BT_CONNECTED; 1871 1872 hci_conn_add_sysfs(conn); 1873 1874 if (test_bit(HCI_AUTH, &hdev->flags)) 1875 conn->link_mode |= HCI_LM_AUTH; 1876 1877 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 1878 conn->link_mode |= HCI_LM_ENCRYPT; 1879 1880 /* Get remote features */ 1881 if (conn->type == ACL_LINK) { 1882 struct hci_cp_read_remote_features cp; 1883 cp.handle = ev->handle; 1884 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1885 sizeof(cp), &cp); 1886 } 1887 1888 /* Set packet type for incoming connection */ 1889 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) { 1890 struct hci_cp_change_conn_ptype cp; 1891 cp.handle = ev->handle; 1892 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1893 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), 1894 &cp); 1895 } 1896 } else { 1897 conn->state = BT_CLOSED; 1898 if (conn->type == ACL_LINK) 1899 mgmt_connect_failed(hdev, &conn->dst, conn->type, 1900 conn->dst_type, ev->status); 1901 } 1902 1903 if (conn->type == ACL_LINK) 1904 hci_sco_setup(conn, ev->status); 1905 1906 if (ev->status) { 1907 hci_proto_connect_cfm(conn, ev->status); 1908 hci_conn_del(conn); 1909 } else if (ev->link_type != ACL_LINK) 1910 hci_proto_connect_cfm(conn, ev->status); 1911 1912 unlock: 1913 hci_dev_unlock(hdev); 1914 1915 hci_conn_check_pending(hdev); 1916 } 1917 1918 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1919 { 1920 struct hci_ev_conn_request *ev = (void *) skb->data; 1921 int mask = hdev->link_mode; 1922 __u8 flags = 0; 1923 1924 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr, 1925 ev->link_type); 1926 1927 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type, 1928 &flags); 1929 1930 if ((mask & HCI_LM_ACCEPT) && 1931 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) { 1932 /* Connection accepted */ 1933 struct inquiry_entry *ie; 1934 struct hci_conn *conn; 1935 1936 hci_dev_lock(hdev); 1937 1938 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1939 if (ie) 1940 memcpy(ie->data.dev_class, ev->dev_class, 3); 1941 1942 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, 1943 &ev->bdaddr); 1944 if (!conn) { 1945 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr); 1946 if (!conn) { 1947 BT_ERR("No memory for new connection"); 1948 hci_dev_unlock(hdev); 1949 return; 1950 } 1951 } 1952 1953 memcpy(conn->dev_class, ev->dev_class, 3); 1954 1955 hci_dev_unlock(hdev); 1956 1957 if (ev->link_type == ACL_LINK || 1958 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) { 1959 struct hci_cp_accept_conn_req cp; 1960 conn->state = BT_CONNECT; 1961 1962 bacpy(&cp.bdaddr, &ev->bdaddr); 1963 1964 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 1965 cp.role = 0x00; /* Become master */ 1966 else 1967 cp.role = 0x01; /* Remain slave */ 1968 1969 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), 1970 &cp); 1971 } else if (!(flags & HCI_PROTO_DEFER)) { 1972 struct hci_cp_accept_sync_conn_req cp; 1973 conn->state = BT_CONNECT; 1974 1975 bacpy(&cp.bdaddr, &ev->bdaddr); 1976 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1977 1978 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 1979 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 1980 cp.max_latency = cpu_to_le16(0xffff); 1981 cp.content_format = cpu_to_le16(hdev->voice_setting); 1982 cp.retrans_effort = 0xff; 1983 1984 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1985 sizeof(cp), &cp); 1986 } else { 1987 conn->state = BT_CONNECT2; 1988 hci_proto_connect_cfm(conn, 0); 1989 } 1990 } else { 1991 /* Connection rejected */ 1992 struct hci_cp_reject_conn_req cp; 1993 1994 bacpy(&cp.bdaddr, &ev->bdaddr); 1995 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 1996 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1997 } 1998 } 1999 2000 static u8 hci_to_mgmt_reason(u8 err) 2001 { 2002 switch (err) { 2003 case HCI_ERROR_CONNECTION_TIMEOUT: 2004 return MGMT_DEV_DISCONN_TIMEOUT; 2005 case HCI_ERROR_REMOTE_USER_TERM: 2006 case HCI_ERROR_REMOTE_LOW_RESOURCES: 2007 case HCI_ERROR_REMOTE_POWER_OFF: 2008 return MGMT_DEV_DISCONN_REMOTE; 2009 case HCI_ERROR_LOCAL_HOST_TERM: 2010 return MGMT_DEV_DISCONN_LOCAL_HOST; 2011 default: 2012 return MGMT_DEV_DISCONN_UNKNOWN; 2013 } 2014 } 2015 2016 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2017 { 2018 struct hci_ev_disconn_complete *ev = (void *) skb->data; 2019 u8 reason = hci_to_mgmt_reason(ev->reason); 2020 struct hci_conn_params *params; 2021 struct hci_conn *conn; 2022 bool mgmt_connected; 2023 u8 type; 2024 2025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2026 2027 hci_dev_lock(hdev); 2028 2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2030 if (!conn) 2031 goto unlock; 2032 2033 if (ev->status) { 2034 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, 2035 conn->dst_type, ev->status); 2036 goto unlock; 2037 } 2038 2039 conn->state = BT_CLOSED; 2040 2041 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags); 2042 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type, 2043 reason, mgmt_connected); 2044 2045 if (conn->type == ACL_LINK && conn->flush_key) 2046 hci_remove_link_key(hdev, &conn->dst); 2047 2048 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); 2049 if (params) { 2050 switch (params->auto_connect) { 2051 case HCI_AUTO_CONN_LINK_LOSS: 2052 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT) 2053 break; 2054 /* Fall through */ 2055 2056 case HCI_AUTO_CONN_ALWAYS: 2057 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type); 2058 break; 2059 2060 default: 2061 break; 2062 } 2063 } 2064 2065 type = conn->type; 2066 2067 hci_proto_disconn_cfm(conn, ev->reason); 2068 hci_conn_del(conn); 2069 2070 /* Re-enable advertising if necessary, since it might 2071 * have been disabled by the connection. From the 2072 * HCI_LE_Set_Advertise_Enable command description in 2073 * the core specification (v4.0): 2074 * "The Controller shall continue advertising until the Host 2075 * issues an LE_Set_Advertise_Enable command with 2076 * Advertising_Enable set to 0x00 (Advertising is disabled) 2077 * or until a connection is created or until the Advertising 2078 * is timed out due to Directed Advertising." 2079 */ 2080 if (type == LE_LINK) 2081 mgmt_reenable_advertising(hdev); 2082 2083 unlock: 2084 hci_dev_unlock(hdev); 2085 } 2086 2087 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2088 { 2089 struct hci_ev_auth_complete *ev = (void *) skb->data; 2090 struct hci_conn *conn; 2091 2092 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2093 2094 hci_dev_lock(hdev); 2095 2096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2097 if (!conn) 2098 goto unlock; 2099 2100 if (!ev->status) { 2101 if (!hci_conn_ssp_enabled(conn) && 2102 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) { 2103 BT_INFO("re-auth of legacy device is not possible."); 2104 } else { 2105 conn->link_mode |= HCI_LM_AUTH; 2106 conn->sec_level = conn->pending_sec_level; 2107 } 2108 } else { 2109 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 2110 ev->status); 2111 } 2112 2113 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 2114 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 2115 2116 if (conn->state == BT_CONFIG) { 2117 if (!ev->status && hci_conn_ssp_enabled(conn)) { 2118 struct hci_cp_set_conn_encrypt cp; 2119 cp.handle = ev->handle; 2120 cp.encrypt = 0x01; 2121 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 2122 &cp); 2123 } else { 2124 conn->state = BT_CONNECTED; 2125 hci_proto_connect_cfm(conn, ev->status); 2126 hci_conn_drop(conn); 2127 } 2128 } else { 2129 hci_auth_cfm(conn, ev->status); 2130 2131 hci_conn_hold(conn); 2132 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2133 hci_conn_drop(conn); 2134 } 2135 2136 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 2137 if (!ev->status) { 2138 struct hci_cp_set_conn_encrypt cp; 2139 cp.handle = ev->handle; 2140 cp.encrypt = 0x01; 2141 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 2142 &cp); 2143 } else { 2144 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2145 hci_encrypt_cfm(conn, ev->status, 0x00); 2146 } 2147 } 2148 2149 unlock: 2150 hci_dev_unlock(hdev); 2151 } 2152 2153 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 2154 { 2155 struct hci_ev_remote_name *ev = (void *) skb->data; 2156 struct hci_conn *conn; 2157 2158 BT_DBG("%s", hdev->name); 2159 2160 hci_conn_check_pending(hdev); 2161 2162 hci_dev_lock(hdev); 2163 2164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2165 2166 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2167 goto check_auth; 2168 2169 if (ev->status == 0) 2170 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name, 2171 strnlen(ev->name, HCI_MAX_NAME_LENGTH)); 2172 else 2173 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0); 2174 2175 check_auth: 2176 if (!conn) 2177 goto unlock; 2178 2179 if (!hci_outgoing_auth_needed(hdev, conn)) 2180 goto unlock; 2181 2182 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 2183 struct hci_cp_auth_requested cp; 2184 cp.handle = __cpu_to_le16(conn->handle); 2185 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 2186 } 2187 2188 unlock: 2189 hci_dev_unlock(hdev); 2190 } 2191 2192 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2193 { 2194 struct hci_ev_encrypt_change *ev = (void *) skb->data; 2195 struct hci_conn *conn; 2196 2197 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2198 2199 hci_dev_lock(hdev); 2200 2201 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2202 if (!conn) 2203 goto unlock; 2204 2205 if (!ev->status) { 2206 if (ev->encrypt) { 2207 /* Encryption implies authentication */ 2208 conn->link_mode |= HCI_LM_AUTH; 2209 conn->link_mode |= HCI_LM_ENCRYPT; 2210 conn->sec_level = conn->pending_sec_level; 2211 2212 /* P-256 authentication key implies FIPS */ 2213 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256) 2214 conn->link_mode |= HCI_LM_FIPS; 2215 2216 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) || 2217 conn->type == LE_LINK) 2218 set_bit(HCI_CONN_AES_CCM, &conn->flags); 2219 } else { 2220 conn->link_mode &= ~HCI_LM_ENCRYPT; 2221 clear_bit(HCI_CONN_AES_CCM, &conn->flags); 2222 } 2223 } 2224 2225 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2226 2227 if (ev->status && conn->state == BT_CONNECTED) { 2228 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 2229 hci_conn_drop(conn); 2230 goto unlock; 2231 } 2232 2233 if (conn->state == BT_CONFIG) { 2234 if (!ev->status) 2235 conn->state = BT_CONNECTED; 2236 2237 /* In Secure Connections Only mode, do not allow any 2238 * connections that are not encrypted with AES-CCM 2239 * using a P-256 authenticated combination key. 2240 */ 2241 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) && 2242 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) || 2243 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) { 2244 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE); 2245 hci_conn_drop(conn); 2246 goto unlock; 2247 } 2248 2249 hci_proto_connect_cfm(conn, ev->status); 2250 hci_conn_drop(conn); 2251 } else 2252 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 2253 2254 unlock: 2255 hci_dev_unlock(hdev); 2256 } 2257 2258 static void hci_change_link_key_complete_evt(struct hci_dev *hdev, 2259 struct sk_buff *skb) 2260 { 2261 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 2262 struct hci_conn *conn; 2263 2264 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2265 2266 hci_dev_lock(hdev); 2267 2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2269 if (conn) { 2270 if (!ev->status) 2271 conn->link_mode |= HCI_LM_SECURE; 2272 2273 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 2274 2275 hci_key_change_cfm(conn, ev->status); 2276 } 2277 2278 hci_dev_unlock(hdev); 2279 } 2280 2281 static void hci_remote_features_evt(struct hci_dev *hdev, 2282 struct sk_buff *skb) 2283 { 2284 struct hci_ev_remote_features *ev = (void *) skb->data; 2285 struct hci_conn *conn; 2286 2287 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2288 2289 hci_dev_lock(hdev); 2290 2291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2292 if (!conn) 2293 goto unlock; 2294 2295 if (!ev->status) 2296 memcpy(conn->features[0], ev->features, 8); 2297 2298 if (conn->state != BT_CONFIG) 2299 goto unlock; 2300 2301 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) { 2302 struct hci_cp_read_remote_ext_features cp; 2303 cp.handle = ev->handle; 2304 cp.page = 0x01; 2305 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES, 2306 sizeof(cp), &cp); 2307 goto unlock; 2308 } 2309 2310 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 2311 struct hci_cp_remote_name_req cp; 2312 memset(&cp, 0, sizeof(cp)); 2313 bacpy(&cp.bdaddr, &conn->dst); 2314 cp.pscan_rep_mode = 0x02; 2315 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2316 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 2317 mgmt_device_connected(hdev, &conn->dst, conn->type, 2318 conn->dst_type, 0, NULL, 0, 2319 conn->dev_class); 2320 2321 if (!hci_outgoing_auth_needed(hdev, conn)) { 2322 conn->state = BT_CONNECTED; 2323 hci_proto_connect_cfm(conn, ev->status); 2324 hci_conn_drop(conn); 2325 } 2326 2327 unlock: 2328 hci_dev_unlock(hdev); 2329 } 2330 2331 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2332 { 2333 struct hci_ev_cmd_complete *ev = (void *) skb->data; 2334 u8 status = skb->data[sizeof(*ev)]; 2335 __u16 opcode; 2336 2337 skb_pull(skb, sizeof(*ev)); 2338 2339 opcode = __le16_to_cpu(ev->opcode); 2340 2341 switch (opcode) { 2342 case HCI_OP_INQUIRY_CANCEL: 2343 hci_cc_inquiry_cancel(hdev, skb); 2344 break; 2345 2346 case HCI_OP_PERIODIC_INQ: 2347 hci_cc_periodic_inq(hdev, skb); 2348 break; 2349 2350 case HCI_OP_EXIT_PERIODIC_INQ: 2351 hci_cc_exit_periodic_inq(hdev, skb); 2352 break; 2353 2354 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 2355 hci_cc_remote_name_req_cancel(hdev, skb); 2356 break; 2357 2358 case HCI_OP_ROLE_DISCOVERY: 2359 hci_cc_role_discovery(hdev, skb); 2360 break; 2361 2362 case HCI_OP_READ_LINK_POLICY: 2363 hci_cc_read_link_policy(hdev, skb); 2364 break; 2365 2366 case HCI_OP_WRITE_LINK_POLICY: 2367 hci_cc_write_link_policy(hdev, skb); 2368 break; 2369 2370 case HCI_OP_READ_DEF_LINK_POLICY: 2371 hci_cc_read_def_link_policy(hdev, skb); 2372 break; 2373 2374 case HCI_OP_WRITE_DEF_LINK_POLICY: 2375 hci_cc_write_def_link_policy(hdev, skb); 2376 break; 2377 2378 case HCI_OP_RESET: 2379 hci_cc_reset(hdev, skb); 2380 break; 2381 2382 case HCI_OP_WRITE_LOCAL_NAME: 2383 hci_cc_write_local_name(hdev, skb); 2384 break; 2385 2386 case HCI_OP_READ_LOCAL_NAME: 2387 hci_cc_read_local_name(hdev, skb); 2388 break; 2389 2390 case HCI_OP_WRITE_AUTH_ENABLE: 2391 hci_cc_write_auth_enable(hdev, skb); 2392 break; 2393 2394 case HCI_OP_WRITE_ENCRYPT_MODE: 2395 hci_cc_write_encrypt_mode(hdev, skb); 2396 break; 2397 2398 case HCI_OP_WRITE_SCAN_ENABLE: 2399 hci_cc_write_scan_enable(hdev, skb); 2400 break; 2401 2402 case HCI_OP_READ_CLASS_OF_DEV: 2403 hci_cc_read_class_of_dev(hdev, skb); 2404 break; 2405 2406 case HCI_OP_WRITE_CLASS_OF_DEV: 2407 hci_cc_write_class_of_dev(hdev, skb); 2408 break; 2409 2410 case HCI_OP_READ_VOICE_SETTING: 2411 hci_cc_read_voice_setting(hdev, skb); 2412 break; 2413 2414 case HCI_OP_WRITE_VOICE_SETTING: 2415 hci_cc_write_voice_setting(hdev, skb); 2416 break; 2417 2418 case HCI_OP_READ_NUM_SUPPORTED_IAC: 2419 hci_cc_read_num_supported_iac(hdev, skb); 2420 break; 2421 2422 case HCI_OP_WRITE_SSP_MODE: 2423 hci_cc_write_ssp_mode(hdev, skb); 2424 break; 2425 2426 case HCI_OP_WRITE_SC_SUPPORT: 2427 hci_cc_write_sc_support(hdev, skb); 2428 break; 2429 2430 case HCI_OP_READ_LOCAL_VERSION: 2431 hci_cc_read_local_version(hdev, skb); 2432 break; 2433 2434 case HCI_OP_READ_LOCAL_COMMANDS: 2435 hci_cc_read_local_commands(hdev, skb); 2436 break; 2437 2438 case HCI_OP_READ_LOCAL_FEATURES: 2439 hci_cc_read_local_features(hdev, skb); 2440 break; 2441 2442 case HCI_OP_READ_LOCAL_EXT_FEATURES: 2443 hci_cc_read_local_ext_features(hdev, skb); 2444 break; 2445 2446 case HCI_OP_READ_BUFFER_SIZE: 2447 hci_cc_read_buffer_size(hdev, skb); 2448 break; 2449 2450 case HCI_OP_READ_BD_ADDR: 2451 hci_cc_read_bd_addr(hdev, skb); 2452 break; 2453 2454 case HCI_OP_READ_PAGE_SCAN_ACTIVITY: 2455 hci_cc_read_page_scan_activity(hdev, skb); 2456 break; 2457 2458 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY: 2459 hci_cc_write_page_scan_activity(hdev, skb); 2460 break; 2461 2462 case HCI_OP_READ_PAGE_SCAN_TYPE: 2463 hci_cc_read_page_scan_type(hdev, skb); 2464 break; 2465 2466 case HCI_OP_WRITE_PAGE_SCAN_TYPE: 2467 hci_cc_write_page_scan_type(hdev, skb); 2468 break; 2469 2470 case HCI_OP_READ_DATA_BLOCK_SIZE: 2471 hci_cc_read_data_block_size(hdev, skb); 2472 break; 2473 2474 case HCI_OP_READ_FLOW_CONTROL_MODE: 2475 hci_cc_read_flow_control_mode(hdev, skb); 2476 break; 2477 2478 case HCI_OP_READ_LOCAL_AMP_INFO: 2479 hci_cc_read_local_amp_info(hdev, skb); 2480 break; 2481 2482 case HCI_OP_READ_LOCAL_AMP_ASSOC: 2483 hci_cc_read_local_amp_assoc(hdev, skb); 2484 break; 2485 2486 case HCI_OP_READ_INQ_RSP_TX_POWER: 2487 hci_cc_read_inq_rsp_tx_power(hdev, skb); 2488 break; 2489 2490 case HCI_OP_PIN_CODE_REPLY: 2491 hci_cc_pin_code_reply(hdev, skb); 2492 break; 2493 2494 case HCI_OP_PIN_CODE_NEG_REPLY: 2495 hci_cc_pin_code_neg_reply(hdev, skb); 2496 break; 2497 2498 case HCI_OP_READ_LOCAL_OOB_DATA: 2499 hci_cc_read_local_oob_data(hdev, skb); 2500 break; 2501 2502 case HCI_OP_READ_LOCAL_OOB_EXT_DATA: 2503 hci_cc_read_local_oob_ext_data(hdev, skb); 2504 break; 2505 2506 case HCI_OP_LE_READ_BUFFER_SIZE: 2507 hci_cc_le_read_buffer_size(hdev, skb); 2508 break; 2509 2510 case HCI_OP_LE_READ_LOCAL_FEATURES: 2511 hci_cc_le_read_local_features(hdev, skb); 2512 break; 2513 2514 case HCI_OP_LE_READ_ADV_TX_POWER: 2515 hci_cc_le_read_adv_tx_power(hdev, skb); 2516 break; 2517 2518 case HCI_OP_USER_CONFIRM_REPLY: 2519 hci_cc_user_confirm_reply(hdev, skb); 2520 break; 2521 2522 case HCI_OP_USER_CONFIRM_NEG_REPLY: 2523 hci_cc_user_confirm_neg_reply(hdev, skb); 2524 break; 2525 2526 case HCI_OP_USER_PASSKEY_REPLY: 2527 hci_cc_user_passkey_reply(hdev, skb); 2528 break; 2529 2530 case HCI_OP_USER_PASSKEY_NEG_REPLY: 2531 hci_cc_user_passkey_neg_reply(hdev, skb); 2532 break; 2533 2534 case HCI_OP_LE_SET_RANDOM_ADDR: 2535 hci_cc_le_set_random_addr(hdev, skb); 2536 break; 2537 2538 case HCI_OP_LE_SET_ADV_ENABLE: 2539 hci_cc_le_set_adv_enable(hdev, skb); 2540 break; 2541 2542 case HCI_OP_LE_SET_SCAN_PARAM: 2543 hci_cc_le_set_scan_param(hdev, skb); 2544 break; 2545 2546 case HCI_OP_LE_SET_SCAN_ENABLE: 2547 hci_cc_le_set_scan_enable(hdev, skb); 2548 break; 2549 2550 case HCI_OP_LE_READ_WHITE_LIST_SIZE: 2551 hci_cc_le_read_white_list_size(hdev, skb); 2552 break; 2553 2554 case HCI_OP_LE_CLEAR_WHITE_LIST: 2555 hci_cc_le_clear_white_list(hdev, skb); 2556 break; 2557 2558 case HCI_OP_LE_ADD_TO_WHITE_LIST: 2559 hci_cc_le_add_to_white_list(hdev, skb); 2560 break; 2561 2562 case HCI_OP_LE_DEL_FROM_WHITE_LIST: 2563 hci_cc_le_del_from_white_list(hdev, skb); 2564 break; 2565 2566 case HCI_OP_LE_READ_SUPPORTED_STATES: 2567 hci_cc_le_read_supported_states(hdev, skb); 2568 break; 2569 2570 case HCI_OP_WRITE_LE_HOST_SUPPORTED: 2571 hci_cc_write_le_host_supported(hdev, skb); 2572 break; 2573 2574 case HCI_OP_LE_SET_ADV_PARAM: 2575 hci_cc_set_adv_param(hdev, skb); 2576 break; 2577 2578 case HCI_OP_WRITE_REMOTE_AMP_ASSOC: 2579 hci_cc_write_remote_amp_assoc(hdev, skb); 2580 break; 2581 2582 default: 2583 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2584 break; 2585 } 2586 2587 if (opcode != HCI_OP_NOP) 2588 del_timer(&hdev->cmd_timer); 2589 2590 hci_req_cmd_complete(hdev, opcode, status); 2591 2592 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2593 atomic_set(&hdev->cmd_cnt, 1); 2594 if (!skb_queue_empty(&hdev->cmd_q)) 2595 queue_work(hdev->workqueue, &hdev->cmd_work); 2596 } 2597 } 2598 2599 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 2600 { 2601 struct hci_ev_cmd_status *ev = (void *) skb->data; 2602 __u16 opcode; 2603 2604 skb_pull(skb, sizeof(*ev)); 2605 2606 opcode = __le16_to_cpu(ev->opcode); 2607 2608 switch (opcode) { 2609 case HCI_OP_INQUIRY: 2610 hci_cs_inquiry(hdev, ev->status); 2611 break; 2612 2613 case HCI_OP_CREATE_CONN: 2614 hci_cs_create_conn(hdev, ev->status); 2615 break; 2616 2617 case HCI_OP_ADD_SCO: 2618 hci_cs_add_sco(hdev, ev->status); 2619 break; 2620 2621 case HCI_OP_AUTH_REQUESTED: 2622 hci_cs_auth_requested(hdev, ev->status); 2623 break; 2624 2625 case HCI_OP_SET_CONN_ENCRYPT: 2626 hci_cs_set_conn_encrypt(hdev, ev->status); 2627 break; 2628 2629 case HCI_OP_REMOTE_NAME_REQ: 2630 hci_cs_remote_name_req(hdev, ev->status); 2631 break; 2632 2633 case HCI_OP_READ_REMOTE_FEATURES: 2634 hci_cs_read_remote_features(hdev, ev->status); 2635 break; 2636 2637 case HCI_OP_READ_REMOTE_EXT_FEATURES: 2638 hci_cs_read_remote_ext_features(hdev, ev->status); 2639 break; 2640 2641 case HCI_OP_SETUP_SYNC_CONN: 2642 hci_cs_setup_sync_conn(hdev, ev->status); 2643 break; 2644 2645 case HCI_OP_SNIFF_MODE: 2646 hci_cs_sniff_mode(hdev, ev->status); 2647 break; 2648 2649 case HCI_OP_EXIT_SNIFF_MODE: 2650 hci_cs_exit_sniff_mode(hdev, ev->status); 2651 break; 2652 2653 case HCI_OP_DISCONNECT: 2654 hci_cs_disconnect(hdev, ev->status); 2655 break; 2656 2657 case HCI_OP_CREATE_PHY_LINK: 2658 hci_cs_create_phylink(hdev, ev->status); 2659 break; 2660 2661 case HCI_OP_ACCEPT_PHY_LINK: 2662 hci_cs_accept_phylink(hdev, ev->status); 2663 break; 2664 2665 case HCI_OP_LE_CREATE_CONN: 2666 hci_cs_le_create_conn(hdev, ev->status); 2667 break; 2668 2669 case HCI_OP_LE_START_ENC: 2670 hci_cs_le_start_enc(hdev, ev->status); 2671 break; 2672 2673 default: 2674 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2675 break; 2676 } 2677 2678 if (opcode != HCI_OP_NOP) 2679 del_timer(&hdev->cmd_timer); 2680 2681 if (ev->status || 2682 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event)) 2683 hci_req_cmd_complete(hdev, opcode, ev->status); 2684 2685 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2686 atomic_set(&hdev->cmd_cnt, 1); 2687 if (!skb_queue_empty(&hdev->cmd_q)) 2688 queue_work(hdev->workqueue, &hdev->cmd_work); 2689 } 2690 } 2691 2692 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2693 { 2694 struct hci_ev_role_change *ev = (void *) skb->data; 2695 struct hci_conn *conn; 2696 2697 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2698 2699 hci_dev_lock(hdev); 2700 2701 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2702 if (conn) { 2703 if (!ev->status) { 2704 if (ev->role) 2705 conn->link_mode &= ~HCI_LM_MASTER; 2706 else 2707 conn->link_mode |= HCI_LM_MASTER; 2708 } 2709 2710 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags); 2711 2712 hci_role_switch_cfm(conn, ev->status, ev->role); 2713 } 2714 2715 hci_dev_unlock(hdev); 2716 } 2717 2718 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 2719 { 2720 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 2721 int i; 2722 2723 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { 2724 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); 2725 return; 2726 } 2727 2728 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + 2729 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) { 2730 BT_DBG("%s bad parameters", hdev->name); 2731 return; 2732 } 2733 2734 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 2735 2736 for (i = 0; i < ev->num_hndl; i++) { 2737 struct hci_comp_pkts_info *info = &ev->handles[i]; 2738 struct hci_conn *conn; 2739 __u16 handle, count; 2740 2741 handle = __le16_to_cpu(info->handle); 2742 count = __le16_to_cpu(info->count); 2743 2744 conn = hci_conn_hash_lookup_handle(hdev, handle); 2745 if (!conn) 2746 continue; 2747 2748 conn->sent -= count; 2749 2750 switch (conn->type) { 2751 case ACL_LINK: 2752 hdev->acl_cnt += count; 2753 if (hdev->acl_cnt > hdev->acl_pkts) 2754 hdev->acl_cnt = hdev->acl_pkts; 2755 break; 2756 2757 case LE_LINK: 2758 if (hdev->le_pkts) { 2759 hdev->le_cnt += count; 2760 if (hdev->le_cnt > hdev->le_pkts) 2761 hdev->le_cnt = hdev->le_pkts; 2762 } else { 2763 hdev->acl_cnt += count; 2764 if (hdev->acl_cnt > hdev->acl_pkts) 2765 hdev->acl_cnt = hdev->acl_pkts; 2766 } 2767 break; 2768 2769 case SCO_LINK: 2770 hdev->sco_cnt += count; 2771 if (hdev->sco_cnt > hdev->sco_pkts) 2772 hdev->sco_cnt = hdev->sco_pkts; 2773 break; 2774 2775 default: 2776 BT_ERR("Unknown type %d conn %p", conn->type, conn); 2777 break; 2778 } 2779 } 2780 2781 queue_work(hdev->workqueue, &hdev->tx_work); 2782 } 2783 2784 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev, 2785 __u16 handle) 2786 { 2787 struct hci_chan *chan; 2788 2789 switch (hdev->dev_type) { 2790 case HCI_BREDR: 2791 return hci_conn_hash_lookup_handle(hdev, handle); 2792 case HCI_AMP: 2793 chan = hci_chan_lookup_handle(hdev, handle); 2794 if (chan) 2795 return chan->conn; 2796 break; 2797 default: 2798 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type); 2799 break; 2800 } 2801 2802 return NULL; 2803 } 2804 2805 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb) 2806 { 2807 struct hci_ev_num_comp_blocks *ev = (void *) skb->data; 2808 int i; 2809 2810 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) { 2811 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); 2812 return; 2813 } 2814 2815 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + 2816 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) { 2817 BT_DBG("%s bad parameters", hdev->name); 2818 return; 2819 } 2820 2821 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks, 2822 ev->num_hndl); 2823 2824 for (i = 0; i < ev->num_hndl; i++) { 2825 struct hci_comp_blocks_info *info = &ev->handles[i]; 2826 struct hci_conn *conn = NULL; 2827 __u16 handle, block_count; 2828 2829 handle = __le16_to_cpu(info->handle); 2830 block_count = __le16_to_cpu(info->blocks); 2831 2832 conn = __hci_conn_lookup_handle(hdev, handle); 2833 if (!conn) 2834 continue; 2835 2836 conn->sent -= block_count; 2837 2838 switch (conn->type) { 2839 case ACL_LINK: 2840 case AMP_LINK: 2841 hdev->block_cnt += block_count; 2842 if (hdev->block_cnt > hdev->num_blocks) 2843 hdev->block_cnt = hdev->num_blocks; 2844 break; 2845 2846 default: 2847 BT_ERR("Unknown type %d conn %p", conn->type, conn); 2848 break; 2849 } 2850 } 2851 2852 queue_work(hdev->workqueue, &hdev->tx_work); 2853 } 2854 2855 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2856 { 2857 struct hci_ev_mode_change *ev = (void *) skb->data; 2858 struct hci_conn *conn; 2859 2860 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2861 2862 hci_dev_lock(hdev); 2863 2864 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2865 if (conn) { 2866 conn->mode = ev->mode; 2867 2868 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, 2869 &conn->flags)) { 2870 if (conn->mode == HCI_CM_ACTIVE) 2871 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 2872 else 2873 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags); 2874 } 2875 2876 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 2877 hci_sco_setup(conn, ev->status); 2878 } 2879 2880 hci_dev_unlock(hdev); 2881 } 2882 2883 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2884 { 2885 struct hci_ev_pin_code_req *ev = (void *) skb->data; 2886 struct hci_conn *conn; 2887 2888 BT_DBG("%s", hdev->name); 2889 2890 hci_dev_lock(hdev); 2891 2892 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2893 if (!conn) 2894 goto unlock; 2895 2896 if (conn->state == BT_CONNECTED) { 2897 hci_conn_hold(conn); 2898 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2899 hci_conn_drop(conn); 2900 } 2901 2902 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 2903 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2904 sizeof(ev->bdaddr), &ev->bdaddr); 2905 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) { 2906 u8 secure; 2907 2908 if (conn->pending_sec_level == BT_SECURITY_HIGH) 2909 secure = 1; 2910 else 2911 secure = 0; 2912 2913 mgmt_pin_code_request(hdev, &ev->bdaddr, secure); 2914 } 2915 2916 unlock: 2917 hci_dev_unlock(hdev); 2918 } 2919 2920 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2921 { 2922 struct hci_ev_link_key_req *ev = (void *) skb->data; 2923 struct hci_cp_link_key_reply cp; 2924 struct hci_conn *conn; 2925 struct link_key *key; 2926 2927 BT_DBG("%s", hdev->name); 2928 2929 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2930 return; 2931 2932 hci_dev_lock(hdev); 2933 2934 key = hci_find_link_key(hdev, &ev->bdaddr); 2935 if (!key) { 2936 BT_DBG("%s link key not found for %pMR", hdev->name, 2937 &ev->bdaddr); 2938 goto not_found; 2939 } 2940 2941 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type, 2942 &ev->bdaddr); 2943 2944 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) && 2945 key->type == HCI_LK_DEBUG_COMBINATION) { 2946 BT_DBG("%s ignoring debug key", hdev->name); 2947 goto not_found; 2948 } 2949 2950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2951 if (conn) { 2952 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 || 2953 key->type == HCI_LK_UNAUTH_COMBINATION_P256) && 2954 conn->auth_type != 0xff && (conn->auth_type & 0x01)) { 2955 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2956 goto not_found; 2957 } 2958 2959 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 && 2960 conn->pending_sec_level == BT_SECURITY_HIGH) { 2961 BT_DBG("%s ignoring key unauthenticated for high security", 2962 hdev->name); 2963 goto not_found; 2964 } 2965 2966 conn->key_type = key->type; 2967 conn->pin_length = key->pin_len; 2968 } 2969 2970 bacpy(&cp.bdaddr, &ev->bdaddr); 2971 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE); 2972 2973 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp); 2974 2975 hci_dev_unlock(hdev); 2976 2977 return; 2978 2979 not_found: 2980 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); 2981 hci_dev_unlock(hdev); 2982 } 2983 2984 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2985 { 2986 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2987 struct hci_conn *conn; 2988 u8 pin_len = 0; 2989 2990 BT_DBG("%s", hdev->name); 2991 2992 hci_dev_lock(hdev); 2993 2994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2995 if (conn) { 2996 hci_conn_hold(conn); 2997 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2998 pin_len = conn->pin_length; 2999 3000 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 3001 conn->key_type = ev->key_type; 3002 3003 hci_conn_drop(conn); 3004 } 3005 3006 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3007 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key, 3008 ev->key_type, pin_len); 3009 3010 hci_dev_unlock(hdev); 3011 } 3012 3013 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 3014 { 3015 struct hci_ev_clock_offset *ev = (void *) skb->data; 3016 struct hci_conn *conn; 3017 3018 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3019 3020 hci_dev_lock(hdev); 3021 3022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3023 if (conn && !ev->status) { 3024 struct inquiry_entry *ie; 3025 3026 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 3027 if (ie) { 3028 ie->data.clock_offset = ev->clock_offset; 3029 ie->timestamp = jiffies; 3030 } 3031 } 3032 3033 hci_dev_unlock(hdev); 3034 } 3035 3036 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 3037 { 3038 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 3039 struct hci_conn *conn; 3040 3041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3042 3043 hci_dev_lock(hdev); 3044 3045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3046 if (conn && !ev->status) 3047 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 3048 3049 hci_dev_unlock(hdev); 3050 } 3051 3052 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 3053 { 3054 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 3055 struct inquiry_entry *ie; 3056 3057 BT_DBG("%s", hdev->name); 3058 3059 hci_dev_lock(hdev); 3060 3061 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3062 if (ie) { 3063 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 3064 ie->timestamp = jiffies; 3065 } 3066 3067 hci_dev_unlock(hdev); 3068 } 3069 3070 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, 3071 struct sk_buff *skb) 3072 { 3073 struct inquiry_data data; 3074 int num_rsp = *((__u8 *) skb->data); 3075 bool name_known, ssp; 3076 3077 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 3078 3079 if (!num_rsp) 3080 return; 3081 3082 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 3083 return; 3084 3085 hci_dev_lock(hdev); 3086 3087 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 3088 struct inquiry_info_with_rssi_and_pscan_mode *info; 3089 info = (void *) (skb->data + 1); 3090 3091 for (; num_rsp; num_rsp--, info++) { 3092 bacpy(&data.bdaddr, &info->bdaddr); 3093 data.pscan_rep_mode = info->pscan_rep_mode; 3094 data.pscan_period_mode = info->pscan_period_mode; 3095 data.pscan_mode = info->pscan_mode; 3096 memcpy(data.dev_class, info->dev_class, 3); 3097 data.clock_offset = info->clock_offset; 3098 data.rssi = info->rssi; 3099 data.ssp_mode = 0x00; 3100 3101 name_known = hci_inquiry_cache_update(hdev, &data, 3102 false, &ssp); 3103 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3104 info->dev_class, info->rssi, 3105 !name_known, ssp, NULL, 0); 3106 } 3107 } else { 3108 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 3109 3110 for (; num_rsp; num_rsp--, info++) { 3111 bacpy(&data.bdaddr, &info->bdaddr); 3112 data.pscan_rep_mode = info->pscan_rep_mode; 3113 data.pscan_period_mode = info->pscan_period_mode; 3114 data.pscan_mode = 0x00; 3115 memcpy(data.dev_class, info->dev_class, 3); 3116 data.clock_offset = info->clock_offset; 3117 data.rssi = info->rssi; 3118 data.ssp_mode = 0x00; 3119 name_known = hci_inquiry_cache_update(hdev, &data, 3120 false, &ssp); 3121 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3122 info->dev_class, info->rssi, 3123 !name_known, ssp, NULL, 0); 3124 } 3125 } 3126 3127 hci_dev_unlock(hdev); 3128 } 3129 3130 static void hci_remote_ext_features_evt(struct hci_dev *hdev, 3131 struct sk_buff *skb) 3132 { 3133 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 3134 struct hci_conn *conn; 3135 3136 BT_DBG("%s", hdev->name); 3137 3138 hci_dev_lock(hdev); 3139 3140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3141 if (!conn) 3142 goto unlock; 3143 3144 if (ev->page < HCI_MAX_PAGES) 3145 memcpy(conn->features[ev->page], ev->features, 8); 3146 3147 if (!ev->status && ev->page == 0x01) { 3148 struct inquiry_entry *ie; 3149 3150 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 3151 if (ie) 3152 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 3153 3154 if (ev->features[0] & LMP_HOST_SSP) { 3155 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 3156 } else { 3157 /* It is mandatory by the Bluetooth specification that 3158 * Extended Inquiry Results are only used when Secure 3159 * Simple Pairing is enabled, but some devices violate 3160 * this. 3161 * 3162 * To make these devices work, the internal SSP 3163 * enabled flag needs to be cleared if the remote host 3164 * features do not indicate SSP support */ 3165 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 3166 } 3167 3168 if (ev->features[0] & LMP_HOST_SC) 3169 set_bit(HCI_CONN_SC_ENABLED, &conn->flags); 3170 } 3171 3172 if (conn->state != BT_CONFIG) 3173 goto unlock; 3174 3175 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 3176 struct hci_cp_remote_name_req cp; 3177 memset(&cp, 0, sizeof(cp)); 3178 bacpy(&cp.bdaddr, &conn->dst); 3179 cp.pscan_rep_mode = 0x02; 3180 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 3181 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 3182 mgmt_device_connected(hdev, &conn->dst, conn->type, 3183 conn->dst_type, 0, NULL, 0, 3184 conn->dev_class); 3185 3186 if (!hci_outgoing_auth_needed(hdev, conn)) { 3187 conn->state = BT_CONNECTED; 3188 hci_proto_connect_cfm(conn, ev->status); 3189 hci_conn_drop(conn); 3190 } 3191 3192 unlock: 3193 hci_dev_unlock(hdev); 3194 } 3195 3196 static void hci_sync_conn_complete_evt(struct hci_dev *hdev, 3197 struct sk_buff *skb) 3198 { 3199 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 3200 struct hci_conn *conn; 3201 3202 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3203 3204 hci_dev_lock(hdev); 3205 3206 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 3207 if (!conn) { 3208 if (ev->link_type == ESCO_LINK) 3209 goto unlock; 3210 3211 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 3212 if (!conn) 3213 goto unlock; 3214 3215 conn->type = SCO_LINK; 3216 } 3217 3218 switch (ev->status) { 3219 case 0x00: 3220 conn->handle = __le16_to_cpu(ev->handle); 3221 conn->state = BT_CONNECTED; 3222 3223 hci_conn_add_sysfs(conn); 3224 break; 3225 3226 case 0x0d: /* Connection Rejected due to Limited Resources */ 3227 case 0x11: /* Unsupported Feature or Parameter Value */ 3228 case 0x1c: /* SCO interval rejected */ 3229 case 0x1a: /* Unsupported Remote Feature */ 3230 case 0x1f: /* Unspecified error */ 3231 case 0x20: /* Unsupported LMP Parameter value */ 3232 if (conn->out) { 3233 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 3234 (hdev->esco_type & EDR_ESCO_MASK); 3235 if (hci_setup_sync(conn, conn->link->handle)) 3236 goto unlock; 3237 } 3238 /* fall through */ 3239 3240 default: 3241 conn->state = BT_CLOSED; 3242 break; 3243 } 3244 3245 hci_proto_connect_cfm(conn, ev->status); 3246 if (ev->status) 3247 hci_conn_del(conn); 3248 3249 unlock: 3250 hci_dev_unlock(hdev); 3251 } 3252 3253 static inline size_t eir_get_length(u8 *eir, size_t eir_len) 3254 { 3255 size_t parsed = 0; 3256 3257 while (parsed < eir_len) { 3258 u8 field_len = eir[0]; 3259 3260 if (field_len == 0) 3261 return parsed; 3262 3263 parsed += field_len + 1; 3264 eir += field_len + 1; 3265 } 3266 3267 return eir_len; 3268 } 3269 3270 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev, 3271 struct sk_buff *skb) 3272 { 3273 struct inquiry_data data; 3274 struct extended_inquiry_info *info = (void *) (skb->data + 1); 3275 int num_rsp = *((__u8 *) skb->data); 3276 size_t eir_len; 3277 3278 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 3279 3280 if (!num_rsp) 3281 return; 3282 3283 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 3284 return; 3285 3286 hci_dev_lock(hdev); 3287 3288 for (; num_rsp; num_rsp--, info++) { 3289 bool name_known, ssp; 3290 3291 bacpy(&data.bdaddr, &info->bdaddr); 3292 data.pscan_rep_mode = info->pscan_rep_mode; 3293 data.pscan_period_mode = info->pscan_period_mode; 3294 data.pscan_mode = 0x00; 3295 memcpy(data.dev_class, info->dev_class, 3); 3296 data.clock_offset = info->clock_offset; 3297 data.rssi = info->rssi; 3298 data.ssp_mode = 0x01; 3299 3300 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3301 name_known = eir_has_data_type(info->data, 3302 sizeof(info->data), 3303 EIR_NAME_COMPLETE); 3304 else 3305 name_known = true; 3306 3307 name_known = hci_inquiry_cache_update(hdev, &data, name_known, 3308 &ssp); 3309 eir_len = eir_get_length(info->data, sizeof(info->data)); 3310 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3311 info->dev_class, info->rssi, !name_known, 3312 ssp, info->data, eir_len); 3313 } 3314 3315 hci_dev_unlock(hdev); 3316 } 3317 3318 static void hci_key_refresh_complete_evt(struct hci_dev *hdev, 3319 struct sk_buff *skb) 3320 { 3321 struct hci_ev_key_refresh_complete *ev = (void *) skb->data; 3322 struct hci_conn *conn; 3323 3324 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status, 3325 __le16_to_cpu(ev->handle)); 3326 3327 hci_dev_lock(hdev); 3328 3329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3330 if (!conn) 3331 goto unlock; 3332 3333 /* For BR/EDR the necessary steps are taken through the 3334 * auth_complete event. 3335 */ 3336 if (conn->type != LE_LINK) 3337 goto unlock; 3338 3339 if (!ev->status) 3340 conn->sec_level = conn->pending_sec_level; 3341 3342 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 3343 3344 if (ev->status && conn->state == BT_CONNECTED) { 3345 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 3346 hci_conn_drop(conn); 3347 goto unlock; 3348 } 3349 3350 if (conn->state == BT_CONFIG) { 3351 if (!ev->status) 3352 conn->state = BT_CONNECTED; 3353 3354 hci_proto_connect_cfm(conn, ev->status); 3355 hci_conn_drop(conn); 3356 } else { 3357 hci_auth_cfm(conn, ev->status); 3358 3359 hci_conn_hold(conn); 3360 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 3361 hci_conn_drop(conn); 3362 } 3363 3364 unlock: 3365 hci_dev_unlock(hdev); 3366 } 3367 3368 static u8 hci_get_auth_req(struct hci_conn *conn) 3369 { 3370 /* If remote requests dedicated bonding follow that lead */ 3371 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING || 3372 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) { 3373 /* If both remote and local IO capabilities allow MITM 3374 * protection then require it, otherwise don't */ 3375 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT || 3376 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT) 3377 return HCI_AT_DEDICATED_BONDING; 3378 else 3379 return HCI_AT_DEDICATED_BONDING_MITM; 3380 } 3381 3382 /* If remote requests no-bonding follow that lead */ 3383 if (conn->remote_auth == HCI_AT_NO_BONDING || 3384 conn->remote_auth == HCI_AT_NO_BONDING_MITM) 3385 return conn->remote_auth | (conn->auth_type & 0x01); 3386 3387 return conn->auth_type; 3388 } 3389 3390 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 3391 { 3392 struct hci_ev_io_capa_request *ev = (void *) skb->data; 3393 struct hci_conn *conn; 3394 3395 BT_DBG("%s", hdev->name); 3396 3397 hci_dev_lock(hdev); 3398 3399 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3400 if (!conn) 3401 goto unlock; 3402 3403 hci_conn_hold(conn); 3404 3405 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3406 goto unlock; 3407 3408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) || 3409 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 3410 struct hci_cp_io_capability_reply cp; 3411 3412 bacpy(&cp.bdaddr, &ev->bdaddr); 3413 /* Change the IO capability from KeyboardDisplay 3414 * to DisplayYesNo as it is not supported by BT spec. */ 3415 cp.capability = (conn->io_capability == 0x04) ? 3416 HCI_IO_DISPLAY_YESNO : conn->io_capability; 3417 conn->auth_type = hci_get_auth_req(conn); 3418 cp.authentication = conn->auth_type; 3419 3420 if (hci_find_remote_oob_data(hdev, &conn->dst) && 3421 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) 3422 cp.oob_data = 0x01; 3423 else 3424 cp.oob_data = 0x00; 3425 3426 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY, 3427 sizeof(cp), &cp); 3428 } else { 3429 struct hci_cp_io_capability_neg_reply cp; 3430 3431 bacpy(&cp.bdaddr, &ev->bdaddr); 3432 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED; 3433 3434 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 3435 sizeof(cp), &cp); 3436 } 3437 3438 unlock: 3439 hci_dev_unlock(hdev); 3440 } 3441 3442 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb) 3443 { 3444 struct hci_ev_io_capa_reply *ev = (void *) skb->data; 3445 struct hci_conn *conn; 3446 3447 BT_DBG("%s", hdev->name); 3448 3449 hci_dev_lock(hdev); 3450 3451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3452 if (!conn) 3453 goto unlock; 3454 3455 conn->remote_cap = ev->capability; 3456 conn->remote_auth = ev->authentication; 3457 if (ev->oob_data) 3458 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags); 3459 3460 unlock: 3461 hci_dev_unlock(hdev); 3462 } 3463 3464 static void hci_user_confirm_request_evt(struct hci_dev *hdev, 3465 struct sk_buff *skb) 3466 { 3467 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 3468 int loc_mitm, rem_mitm, confirm_hint = 0; 3469 struct hci_conn *conn; 3470 3471 BT_DBG("%s", hdev->name); 3472 3473 hci_dev_lock(hdev); 3474 3475 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3476 goto unlock; 3477 3478 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3479 if (!conn) 3480 goto unlock; 3481 3482 loc_mitm = (conn->auth_type & 0x01); 3483 rem_mitm = (conn->remote_auth & 0x01); 3484 3485 /* If we require MITM but the remote device can't provide that 3486 * (it has NoInputNoOutput) then reject the confirmation 3487 * request. The only exception is when we're dedicated bonding 3488 * initiators (connect_cfm_cb set) since then we always have the MITM 3489 * bit set. */ 3490 if (!conn->connect_cfm_cb && loc_mitm && 3491 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) { 3492 BT_DBG("Rejecting request: remote device can't provide MITM"); 3493 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, 3494 sizeof(ev->bdaddr), &ev->bdaddr); 3495 goto unlock; 3496 } 3497 3498 /* If no side requires MITM protection; auto-accept */ 3499 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && 3500 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { 3501 3502 /* If we're not the initiators request authorization to 3503 * proceed from user space (mgmt_user_confirm with 3504 * confirm_hint set to 1). */ 3505 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 3506 BT_DBG("Confirming auto-accept as acceptor"); 3507 confirm_hint = 1; 3508 goto confirm; 3509 } 3510 3511 BT_DBG("Auto-accept of user confirmation with %ums delay", 3512 hdev->auto_accept_delay); 3513 3514 if (hdev->auto_accept_delay > 0) { 3515 int delay = msecs_to_jiffies(hdev->auto_accept_delay); 3516 queue_delayed_work(conn->hdev->workqueue, 3517 &conn->auto_accept_work, delay); 3518 goto unlock; 3519 } 3520 3521 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, 3522 sizeof(ev->bdaddr), &ev->bdaddr); 3523 goto unlock; 3524 } 3525 3526 confirm: 3527 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, 3528 le32_to_cpu(ev->passkey), confirm_hint); 3529 3530 unlock: 3531 hci_dev_unlock(hdev); 3532 } 3533 3534 static void hci_user_passkey_request_evt(struct hci_dev *hdev, 3535 struct sk_buff *skb) 3536 { 3537 struct hci_ev_user_passkey_req *ev = (void *) skb->data; 3538 3539 BT_DBG("%s", hdev->name); 3540 3541 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3542 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0); 3543 } 3544 3545 static void hci_user_passkey_notify_evt(struct hci_dev *hdev, 3546 struct sk_buff *skb) 3547 { 3548 struct hci_ev_user_passkey_notify *ev = (void *) skb->data; 3549 struct hci_conn *conn; 3550 3551 BT_DBG("%s", hdev->name); 3552 3553 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3554 if (!conn) 3555 return; 3556 3557 conn->passkey_notify = __le32_to_cpu(ev->passkey); 3558 conn->passkey_entered = 0; 3559 3560 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3561 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type, 3562 conn->dst_type, conn->passkey_notify, 3563 conn->passkey_entered); 3564 } 3565 3566 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 3567 { 3568 struct hci_ev_keypress_notify *ev = (void *) skb->data; 3569 struct hci_conn *conn; 3570 3571 BT_DBG("%s", hdev->name); 3572 3573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3574 if (!conn) 3575 return; 3576 3577 switch (ev->type) { 3578 case HCI_KEYPRESS_STARTED: 3579 conn->passkey_entered = 0; 3580 return; 3581 3582 case HCI_KEYPRESS_ENTERED: 3583 conn->passkey_entered++; 3584 break; 3585 3586 case HCI_KEYPRESS_ERASED: 3587 conn->passkey_entered--; 3588 break; 3589 3590 case HCI_KEYPRESS_CLEARED: 3591 conn->passkey_entered = 0; 3592 break; 3593 3594 case HCI_KEYPRESS_COMPLETED: 3595 return; 3596 } 3597 3598 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3599 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type, 3600 conn->dst_type, conn->passkey_notify, 3601 conn->passkey_entered); 3602 } 3603 3604 static void hci_simple_pair_complete_evt(struct hci_dev *hdev, 3605 struct sk_buff *skb) 3606 { 3607 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 3608 struct hci_conn *conn; 3609 3610 BT_DBG("%s", hdev->name); 3611 3612 hci_dev_lock(hdev); 3613 3614 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3615 if (!conn) 3616 goto unlock; 3617 3618 /* To avoid duplicate auth_failed events to user space we check 3619 * the HCI_CONN_AUTH_PEND flag which will be set if we 3620 * initiated the authentication. A traditional auth_complete 3621 * event gets always produced as initiator and is also mapped to 3622 * the mgmt_auth_failed event */ 3623 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status) 3624 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 3625 ev->status); 3626 3627 hci_conn_drop(conn); 3628 3629 unlock: 3630 hci_dev_unlock(hdev); 3631 } 3632 3633 static void hci_remote_host_features_evt(struct hci_dev *hdev, 3634 struct sk_buff *skb) 3635 { 3636 struct hci_ev_remote_host_features *ev = (void *) skb->data; 3637 struct inquiry_entry *ie; 3638 struct hci_conn *conn; 3639 3640 BT_DBG("%s", hdev->name); 3641 3642 hci_dev_lock(hdev); 3643 3644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3645 if (conn) 3646 memcpy(conn->features[1], ev->features, 8); 3647 3648 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3649 if (ie) 3650 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 3651 3652 hci_dev_unlock(hdev); 3653 } 3654 3655 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev, 3656 struct sk_buff *skb) 3657 { 3658 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data; 3659 struct oob_data *data; 3660 3661 BT_DBG("%s", hdev->name); 3662 3663 hci_dev_lock(hdev); 3664 3665 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3666 goto unlock; 3667 3668 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 3669 if (data) { 3670 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) { 3671 struct hci_cp_remote_oob_ext_data_reply cp; 3672 3673 bacpy(&cp.bdaddr, &ev->bdaddr); 3674 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192)); 3675 memcpy(cp.randomizer192, data->randomizer192, 3676 sizeof(cp.randomizer192)); 3677 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256)); 3678 memcpy(cp.randomizer256, data->randomizer256, 3679 sizeof(cp.randomizer256)); 3680 3681 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY, 3682 sizeof(cp), &cp); 3683 } else { 3684 struct hci_cp_remote_oob_data_reply cp; 3685 3686 bacpy(&cp.bdaddr, &ev->bdaddr); 3687 memcpy(cp.hash, data->hash192, sizeof(cp.hash)); 3688 memcpy(cp.randomizer, data->randomizer192, 3689 sizeof(cp.randomizer)); 3690 3691 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, 3692 sizeof(cp), &cp); 3693 } 3694 } else { 3695 struct hci_cp_remote_oob_data_neg_reply cp; 3696 3697 bacpy(&cp.bdaddr, &ev->bdaddr); 3698 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, 3699 sizeof(cp), &cp); 3700 } 3701 3702 unlock: 3703 hci_dev_unlock(hdev); 3704 } 3705 3706 static void hci_phy_link_complete_evt(struct hci_dev *hdev, 3707 struct sk_buff *skb) 3708 { 3709 struct hci_ev_phy_link_complete *ev = (void *) skb->data; 3710 struct hci_conn *hcon, *bredr_hcon; 3711 3712 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle, 3713 ev->status); 3714 3715 hci_dev_lock(hdev); 3716 3717 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3718 if (!hcon) { 3719 hci_dev_unlock(hdev); 3720 return; 3721 } 3722 3723 if (ev->status) { 3724 hci_conn_del(hcon); 3725 hci_dev_unlock(hdev); 3726 return; 3727 } 3728 3729 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon; 3730 3731 hcon->state = BT_CONNECTED; 3732 bacpy(&hcon->dst, &bredr_hcon->dst); 3733 3734 hci_conn_hold(hcon); 3735 hcon->disc_timeout = HCI_DISCONN_TIMEOUT; 3736 hci_conn_drop(hcon); 3737 3738 hci_conn_add_sysfs(hcon); 3739 3740 amp_physical_cfm(bredr_hcon, hcon); 3741 3742 hci_dev_unlock(hdev); 3743 } 3744 3745 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 3746 { 3747 struct hci_ev_logical_link_complete *ev = (void *) skb->data; 3748 struct hci_conn *hcon; 3749 struct hci_chan *hchan; 3750 struct amp_mgr *mgr; 3751 3752 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x", 3753 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle, 3754 ev->status); 3755 3756 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3757 if (!hcon) 3758 return; 3759 3760 /* Create AMP hchan */ 3761 hchan = hci_chan_create(hcon); 3762 if (!hchan) 3763 return; 3764 3765 hchan->handle = le16_to_cpu(ev->handle); 3766 3767 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan); 3768 3769 mgr = hcon->amp_mgr; 3770 if (mgr && mgr->bredr_chan) { 3771 struct l2cap_chan *bredr_chan = mgr->bredr_chan; 3772 3773 l2cap_chan_lock(bredr_chan); 3774 3775 bredr_chan->conn->mtu = hdev->block_mtu; 3776 l2cap_logical_cfm(bredr_chan, hchan, 0); 3777 hci_conn_hold(hcon); 3778 3779 l2cap_chan_unlock(bredr_chan); 3780 } 3781 } 3782 3783 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev, 3784 struct sk_buff *skb) 3785 { 3786 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data; 3787 struct hci_chan *hchan; 3788 3789 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name, 3790 le16_to_cpu(ev->handle), ev->status); 3791 3792 if (ev->status) 3793 return; 3794 3795 hci_dev_lock(hdev); 3796 3797 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle)); 3798 if (!hchan) 3799 goto unlock; 3800 3801 amp_destroy_logical_link(hchan, ev->reason); 3802 3803 unlock: 3804 hci_dev_unlock(hdev); 3805 } 3806 3807 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev, 3808 struct sk_buff *skb) 3809 { 3810 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data; 3811 struct hci_conn *hcon; 3812 3813 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3814 3815 if (ev->status) 3816 return; 3817 3818 hci_dev_lock(hdev); 3819 3820 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3821 if (hcon) { 3822 hcon->state = BT_CLOSED; 3823 hci_conn_del(hcon); 3824 } 3825 3826 hci_dev_unlock(hdev); 3827 } 3828 3829 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 3830 { 3831 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 3832 struct hci_conn *conn; 3833 struct smp_irk *irk; 3834 3835 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3836 3837 hci_dev_lock(hdev); 3838 3839 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 3840 if (!conn) { 3841 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr); 3842 if (!conn) { 3843 BT_ERR("No memory for new connection"); 3844 goto unlock; 3845 } 3846 3847 conn->dst_type = ev->bdaddr_type; 3848 3849 /* The advertising parameters for own address type 3850 * define which source address and source address 3851 * type this connections has. 3852 */ 3853 if (bacmp(&conn->src, BDADDR_ANY)) { 3854 conn->src_type = ADDR_LE_DEV_PUBLIC; 3855 } else { 3856 bacpy(&conn->src, &hdev->static_addr); 3857 conn->src_type = ADDR_LE_DEV_RANDOM; 3858 } 3859 3860 if (ev->role == LE_CONN_ROLE_MASTER) { 3861 conn->out = true; 3862 conn->link_mode |= HCI_LM_MASTER; 3863 } 3864 3865 /* If we didn't have a hci_conn object previously 3866 * but we're in master role this must be something 3867 * initiated using a white list. Since white list based 3868 * connections are not "first class citizens" we don't 3869 * have full tracking of them. Therefore, we go ahead 3870 * with a "best effort" approach of determining the 3871 * initiator address based on the HCI_PRIVACY flag. 3872 */ 3873 if (conn->out) { 3874 conn->resp_addr_type = ev->bdaddr_type; 3875 bacpy(&conn->resp_addr, &ev->bdaddr); 3876 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) { 3877 conn->init_addr_type = ADDR_LE_DEV_RANDOM; 3878 bacpy(&conn->init_addr, &hdev->rpa); 3879 } else { 3880 hci_copy_identity_address(hdev, 3881 &conn->init_addr, 3882 &conn->init_addr_type); 3883 } 3884 } else { 3885 /* Set the responder (our side) address type based on 3886 * the advertising address type. 3887 */ 3888 conn->resp_addr_type = hdev->adv_addr_type; 3889 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) 3890 bacpy(&conn->resp_addr, &hdev->random_addr); 3891 else 3892 bacpy(&conn->resp_addr, &hdev->bdaddr); 3893 3894 conn->init_addr_type = ev->bdaddr_type; 3895 bacpy(&conn->init_addr, &ev->bdaddr); 3896 } 3897 } else { 3898 cancel_delayed_work(&conn->le_conn_timeout); 3899 } 3900 3901 /* Ensure that the hci_conn contains the identity address type 3902 * regardless of which address the connection was made with. 3903 */ 3904 hci_copy_identity_address(hdev, &conn->src, &conn->src_type); 3905 3906 /* Lookup the identity address from the stored connection 3907 * address and address type. 3908 * 3909 * When establishing connections to an identity address, the 3910 * connection procedure will store the resolvable random 3911 * address first. Now if it can be converted back into the 3912 * identity address, start using the identity address from 3913 * now on. 3914 */ 3915 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type); 3916 if (irk) { 3917 bacpy(&conn->dst, &irk->bdaddr); 3918 conn->dst_type = irk->addr_type; 3919 } 3920 3921 if (ev->status) { 3922 hci_le_conn_failed(conn, ev->status); 3923 goto unlock; 3924 } 3925 3926 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 3927 mgmt_device_connected(hdev, &conn->dst, conn->type, 3928 conn->dst_type, 0, NULL, 0, NULL); 3929 3930 conn->sec_level = BT_SECURITY_LOW; 3931 conn->handle = __le16_to_cpu(ev->handle); 3932 conn->state = BT_CONNECTED; 3933 3934 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags)) 3935 set_bit(HCI_CONN_6LOWPAN, &conn->flags); 3936 3937 hci_conn_add_sysfs(conn); 3938 3939 hci_proto_connect_cfm(conn, ev->status); 3940 3941 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type); 3942 3943 unlock: 3944 hci_dev_unlock(hdev); 3945 } 3946 3947 /* This function requires the caller holds hdev->lock */ 3948 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, 3949 u8 addr_type) 3950 { 3951 struct hci_conn *conn; 3952 struct smp_irk *irk; 3953 3954 /* If this is a resolvable address, we should resolve it and then 3955 * update address and address type variables. 3956 */ 3957 irk = hci_get_irk(hdev, addr, addr_type); 3958 if (irk) { 3959 addr = &irk->bdaddr; 3960 addr_type = irk->addr_type; 3961 } 3962 3963 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type)) 3964 return; 3965 3966 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, 3967 HCI_AT_NO_BONDING); 3968 if (!IS_ERR(conn)) 3969 return; 3970 3971 switch (PTR_ERR(conn)) { 3972 case -EBUSY: 3973 /* If hci_connect() returns -EBUSY it means there is already 3974 * an LE connection attempt going on. Since controllers don't 3975 * support more than one connection attempt at the time, we 3976 * don't consider this an error case. 3977 */ 3978 break; 3979 default: 3980 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn)); 3981 } 3982 } 3983 3984 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) 3985 { 3986 u8 num_reports = skb->data[0]; 3987 void *ptr = &skb->data[1]; 3988 s8 rssi; 3989 3990 hci_dev_lock(hdev); 3991 3992 while (num_reports--) { 3993 struct hci_ev_le_advertising_info *ev = ptr; 3994 3995 if (ev->evt_type == LE_ADV_IND || 3996 ev->evt_type == LE_ADV_DIRECT_IND) 3997 check_pending_le_conn(hdev, &ev->bdaddr, 3998 ev->bdaddr_type); 3999 4000 rssi = ev->data[ev->length]; 4001 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type, 4002 NULL, rssi, 0, 1, ev->data, ev->length); 4003 4004 ptr += sizeof(*ev) + ev->length + 1; 4005 } 4006 4007 hci_dev_unlock(hdev); 4008 } 4009 4010 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 4011 { 4012 struct hci_ev_le_ltk_req *ev = (void *) skb->data; 4013 struct hci_cp_le_ltk_reply cp; 4014 struct hci_cp_le_ltk_neg_reply neg; 4015 struct hci_conn *conn; 4016 struct smp_ltk *ltk; 4017 4018 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle)); 4019 4020 hci_dev_lock(hdev); 4021 4022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 4023 if (conn == NULL) 4024 goto not_found; 4025 4026 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out); 4027 if (ltk == NULL) 4028 goto not_found; 4029 4030 memcpy(cp.ltk, ltk->val, sizeof(ltk->val)); 4031 cp.handle = cpu_to_le16(conn->handle); 4032 4033 if (ltk->authenticated) 4034 conn->pending_sec_level = BT_SECURITY_HIGH; 4035 else 4036 conn->pending_sec_level = BT_SECURITY_MEDIUM; 4037 4038 conn->enc_key_size = ltk->enc_size; 4039 4040 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 4041 4042 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a 4043 * temporary key used to encrypt a connection following 4044 * pairing. It is used during the Encrypted Session Setup to 4045 * distribute the keys. Later, security can be re-established 4046 * using a distributed LTK. 4047 */ 4048 if (ltk->type == HCI_SMP_STK_SLAVE) { 4049 list_del(<k->list); 4050 kfree(ltk); 4051 } 4052 4053 hci_dev_unlock(hdev); 4054 4055 return; 4056 4057 not_found: 4058 neg.handle = ev->handle; 4059 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg); 4060 hci_dev_unlock(hdev); 4061 } 4062 4063 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) 4064 { 4065 struct hci_ev_le_meta *le_ev = (void *) skb->data; 4066 4067 skb_pull(skb, sizeof(*le_ev)); 4068 4069 switch (le_ev->subevent) { 4070 case HCI_EV_LE_CONN_COMPLETE: 4071 hci_le_conn_complete_evt(hdev, skb); 4072 break; 4073 4074 case HCI_EV_LE_ADVERTISING_REPORT: 4075 hci_le_adv_report_evt(hdev, skb); 4076 break; 4077 4078 case HCI_EV_LE_LTK_REQ: 4079 hci_le_ltk_request_evt(hdev, skb); 4080 break; 4081 4082 default: 4083 break; 4084 } 4085 } 4086 4087 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb) 4088 { 4089 struct hci_ev_channel_selected *ev = (void *) skb->data; 4090 struct hci_conn *hcon; 4091 4092 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle); 4093 4094 skb_pull(skb, sizeof(*ev)); 4095 4096 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 4097 if (!hcon) 4098 return; 4099 4100 amp_read_loc_assoc_final_data(hdev, hcon); 4101 } 4102 4103 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 4104 { 4105 struct hci_event_hdr *hdr = (void *) skb->data; 4106 __u8 event = hdr->evt; 4107 4108 hci_dev_lock(hdev); 4109 4110 /* Received events are (currently) only needed when a request is 4111 * ongoing so avoid unnecessary memory allocation. 4112 */ 4113 if (hdev->req_status == HCI_REQ_PEND) { 4114 kfree_skb(hdev->recv_evt); 4115 hdev->recv_evt = skb_clone(skb, GFP_KERNEL); 4116 } 4117 4118 hci_dev_unlock(hdev); 4119 4120 skb_pull(skb, HCI_EVENT_HDR_SIZE); 4121 4122 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) { 4123 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; 4124 u16 opcode = __le16_to_cpu(cmd_hdr->opcode); 4125 4126 hci_req_cmd_complete(hdev, opcode, 0); 4127 } 4128 4129 switch (event) { 4130 case HCI_EV_INQUIRY_COMPLETE: 4131 hci_inquiry_complete_evt(hdev, skb); 4132 break; 4133 4134 case HCI_EV_INQUIRY_RESULT: 4135 hci_inquiry_result_evt(hdev, skb); 4136 break; 4137 4138 case HCI_EV_CONN_COMPLETE: 4139 hci_conn_complete_evt(hdev, skb); 4140 break; 4141 4142 case HCI_EV_CONN_REQUEST: 4143 hci_conn_request_evt(hdev, skb); 4144 break; 4145 4146 case HCI_EV_DISCONN_COMPLETE: 4147 hci_disconn_complete_evt(hdev, skb); 4148 break; 4149 4150 case HCI_EV_AUTH_COMPLETE: 4151 hci_auth_complete_evt(hdev, skb); 4152 break; 4153 4154 case HCI_EV_REMOTE_NAME: 4155 hci_remote_name_evt(hdev, skb); 4156 break; 4157 4158 case HCI_EV_ENCRYPT_CHANGE: 4159 hci_encrypt_change_evt(hdev, skb); 4160 break; 4161 4162 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 4163 hci_change_link_key_complete_evt(hdev, skb); 4164 break; 4165 4166 case HCI_EV_REMOTE_FEATURES: 4167 hci_remote_features_evt(hdev, skb); 4168 break; 4169 4170 case HCI_EV_CMD_COMPLETE: 4171 hci_cmd_complete_evt(hdev, skb); 4172 break; 4173 4174 case HCI_EV_CMD_STATUS: 4175 hci_cmd_status_evt(hdev, skb); 4176 break; 4177 4178 case HCI_EV_ROLE_CHANGE: 4179 hci_role_change_evt(hdev, skb); 4180 break; 4181 4182 case HCI_EV_NUM_COMP_PKTS: 4183 hci_num_comp_pkts_evt(hdev, skb); 4184 break; 4185 4186 case HCI_EV_MODE_CHANGE: 4187 hci_mode_change_evt(hdev, skb); 4188 break; 4189 4190 case HCI_EV_PIN_CODE_REQ: 4191 hci_pin_code_request_evt(hdev, skb); 4192 break; 4193 4194 case HCI_EV_LINK_KEY_REQ: 4195 hci_link_key_request_evt(hdev, skb); 4196 break; 4197 4198 case HCI_EV_LINK_KEY_NOTIFY: 4199 hci_link_key_notify_evt(hdev, skb); 4200 break; 4201 4202 case HCI_EV_CLOCK_OFFSET: 4203 hci_clock_offset_evt(hdev, skb); 4204 break; 4205 4206 case HCI_EV_PKT_TYPE_CHANGE: 4207 hci_pkt_type_change_evt(hdev, skb); 4208 break; 4209 4210 case HCI_EV_PSCAN_REP_MODE: 4211 hci_pscan_rep_mode_evt(hdev, skb); 4212 break; 4213 4214 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 4215 hci_inquiry_result_with_rssi_evt(hdev, skb); 4216 break; 4217 4218 case HCI_EV_REMOTE_EXT_FEATURES: 4219 hci_remote_ext_features_evt(hdev, skb); 4220 break; 4221 4222 case HCI_EV_SYNC_CONN_COMPLETE: 4223 hci_sync_conn_complete_evt(hdev, skb); 4224 break; 4225 4226 case HCI_EV_EXTENDED_INQUIRY_RESULT: 4227 hci_extended_inquiry_result_evt(hdev, skb); 4228 break; 4229 4230 case HCI_EV_KEY_REFRESH_COMPLETE: 4231 hci_key_refresh_complete_evt(hdev, skb); 4232 break; 4233 4234 case HCI_EV_IO_CAPA_REQUEST: 4235 hci_io_capa_request_evt(hdev, skb); 4236 break; 4237 4238 case HCI_EV_IO_CAPA_REPLY: 4239 hci_io_capa_reply_evt(hdev, skb); 4240 break; 4241 4242 case HCI_EV_USER_CONFIRM_REQUEST: 4243 hci_user_confirm_request_evt(hdev, skb); 4244 break; 4245 4246 case HCI_EV_USER_PASSKEY_REQUEST: 4247 hci_user_passkey_request_evt(hdev, skb); 4248 break; 4249 4250 case HCI_EV_USER_PASSKEY_NOTIFY: 4251 hci_user_passkey_notify_evt(hdev, skb); 4252 break; 4253 4254 case HCI_EV_KEYPRESS_NOTIFY: 4255 hci_keypress_notify_evt(hdev, skb); 4256 break; 4257 4258 case HCI_EV_SIMPLE_PAIR_COMPLETE: 4259 hci_simple_pair_complete_evt(hdev, skb); 4260 break; 4261 4262 case HCI_EV_REMOTE_HOST_FEATURES: 4263 hci_remote_host_features_evt(hdev, skb); 4264 break; 4265 4266 case HCI_EV_LE_META: 4267 hci_le_meta_evt(hdev, skb); 4268 break; 4269 4270 case HCI_EV_CHANNEL_SELECTED: 4271 hci_chan_selected_evt(hdev, skb); 4272 break; 4273 4274 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 4275 hci_remote_oob_data_request_evt(hdev, skb); 4276 break; 4277 4278 case HCI_EV_PHY_LINK_COMPLETE: 4279 hci_phy_link_complete_evt(hdev, skb); 4280 break; 4281 4282 case HCI_EV_LOGICAL_LINK_COMPLETE: 4283 hci_loglink_complete_evt(hdev, skb); 4284 break; 4285 4286 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE: 4287 hci_disconn_loglink_complete_evt(hdev, skb); 4288 break; 4289 4290 case HCI_EV_DISCONN_PHY_LINK_COMPLETE: 4291 hci_disconn_phylink_complete_evt(hdev, skb); 4292 break; 4293 4294 case HCI_EV_NUM_COMP_BLOCKS: 4295 hci_num_comp_blocks_evt(hdev, skb); 4296 break; 4297 4298 default: 4299 BT_DBG("%s event 0x%2.2x", hdev->name, event); 4300 break; 4301 } 4302 4303 kfree_skb(skb); 4304 hdev->stat.evt_rx++; 4305 } 4306