aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/hci_event.c
diff options
context:
space:
mode:
authorGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
committerGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
commitc71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch)
treeecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /net/bluetooth/hci_event.c
parentea53c912f8a86a8567697115b6a0d8152beee5c8 (diff)
parent6a00f206debf8a5c8899055726ad127dbeeed098 (diff)
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts: litmus/sched_cedf.c
Diffstat (limited to 'net/bluetooth/hci_event.c')
-rw-r--r--net/bluetooth/hci_event.c1133
1 files changed, 1013 insertions, 120 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index bfef5bae0b3a..77930aa522e3 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -39,7 +39,7 @@
39#include <net/sock.h> 39#include <net/sock.h>
40 40
41#include <asm/system.h> 41#include <asm/system.h>
42#include <asm/uaccess.h> 42#include <linux/uaccess.h>
43#include <asm/unaligned.h> 43#include <asm/unaligned.h>
44 44
45#include <net/bluetooth/bluetooth.h> 45#include <net/bluetooth/bluetooth.h>
@@ -56,9 +56,11 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
56 if (status) 56 if (status)
57 return; 57 return;
58 58
59 clear_bit(HCI_INQUIRY, &hdev->flags); 59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
60 62
61 hci_req_complete(hdev, status); 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
62 64
63 hci_conn_check_pending(hdev); 65 hci_conn_check_pending(hdev);
64} 66}
@@ -72,7 +74,9 @@ static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 if (status) 74 if (status)
73 return; 75 return;
74 76
75 clear_bit(HCI_INQUIRY, &hdev->flags); 77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
76 80
77 hci_conn_check_pending(hdev); 81 hci_conn_check_pending(hdev);
78} 82}
@@ -174,7 +178,7 @@ static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *s
174 if (!status) 178 if (!status)
175 hdev->link_policy = get_unaligned_le16(sent); 179 hdev->link_policy = get_unaligned_le16(sent);
176 180
177 hci_req_complete(hdev, status); 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
178} 182}
179 183
180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
@@ -183,7 +187,9 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 187
184 BT_DBG("%s status 0x%x", hdev->name, status); 188 BT_DBG("%s status 0x%x", hdev->name, status);
185 189
186 hci_req_complete(hdev, status); 190 clear_bit(HCI_RESET, &hdev->flags);
191
192 hci_req_complete(hdev, HCI_OP_RESET, status);
187} 193}
188 194
189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 195static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -193,14 +199,17 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
193 199
194 BT_DBG("%s status 0x%x", hdev->name, status); 200 BT_DBG("%s status 0x%x", hdev->name, status);
195 201
196 if (status)
197 return;
198
199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200 if (!sent) 203 if (!sent)
201 return; 204 return;
202 205
203 memcpy(hdev->dev_name, sent, 248); 206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
204} 213}
205 214
206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 215static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -212,7 +221,7 @@ static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
212 if (rp->status) 221 if (rp->status)
213 return; 222 return;
214 223
215 memcpy(hdev->dev_name, rp->name, 248); 224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
216} 225}
217 226
218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 227static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
@@ -235,7 +244,7 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
235 clear_bit(HCI_AUTH, &hdev->flags); 244 clear_bit(HCI_AUTH, &hdev->flags);
236 } 245 }
237 246
238 hci_req_complete(hdev, status); 247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
239} 248}
240 249
241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 250static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
@@ -258,7 +267,7 @@ static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
258 clear_bit(HCI_ENCRYPT, &hdev->flags); 267 clear_bit(HCI_ENCRYPT, &hdev->flags);
259 } 268 }
260 269
261 hci_req_complete(hdev, status); 270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
262} 271}
263 272
264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 273static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
@@ -274,18 +283,27 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274 283
275 if (!status) { 284 if (!status) {
276 __u8 param = *((__u8 *) sent); 285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
277 287
278 clear_bit(HCI_PSCAN, &hdev->flags); 288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
279 clear_bit(HCI_ISCAN, &hdev->flags); 289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
280 290
281 if (param & SCAN_INQUIRY) 291 if (param & SCAN_INQUIRY) {
282 set_bit(HCI_ISCAN, &hdev->flags); 292 set_bit(HCI_ISCAN, &hdev->flags);
293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
283 297
284 if (param & SCAN_PAGE) 298 if (param & SCAN_PAGE) {
285 set_bit(HCI_PSCAN, &hdev->flags); 299 set_bit(HCI_PSCAN, &hdev->flags);
300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
286 } 304 }
287 305
288 hci_req_complete(hdev, status); 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
289} 307}
290 308
291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
@@ -383,7 +401,7 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
383 401
384 BT_DBG("%s status 0x%x", hdev->name, status); 402 BT_DBG("%s status 0x%x", hdev->name, status);
385 403
386 hci_req_complete(hdev, status); 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
387} 405}
388 406
389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
@@ -415,6 +433,117 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
415 hdev->ssp_mode = *((__u8 *) sent); 433 hdev->ssp_mode = *((__u8 *) sent);
416} 434}
417 435
436static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437{
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462}
463
464static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465{
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471}
472
473static void hci_setup_event_mask(struct hci_dev *hdev)
474{
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526}
527
528static void hci_setup(struct hci_dev *hdev)
529{
530 hci_setup_event_mask(hdev);
531
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 u8 mode = 0x01;
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 }
539
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
542
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545}
546
418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 547static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
419{ 548{
420 struct hci_rp_read_local_version *rp = (void *) skb->data; 549 struct hci_rp_read_local_version *rp = (void *) skb->data;
@@ -426,11 +555,34 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
426 555
427 hdev->hci_ver = rp->hci_ver; 556 hdev->hci_ver = rp->hci_ver;
428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
558 hdev->lmp_ver = rp->lmp_ver;
429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
430 561
431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
432 hdev->manufacturer, 563 hdev->manufacturer,
433 hdev->hci_ver, hdev->hci_rev); 564 hdev->hci_ver, hdev->hci_rev);
565
566 if (test_bit(HCI_INIT, &hdev->flags))
567 hci_setup(hdev);
568}
569
570static void hci_setup_link_policy(struct hci_dev *hdev)
571{
572 u16 link_policy = 0;
573
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
582
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
434} 586}
435 587
436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 588static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
@@ -440,9 +592,15 @@ static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb
440 BT_DBG("%s status 0x%x", hdev->name, rp->status); 592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
441 593
442 if (rp->status) 594 if (rp->status)
443 return; 595 goto done;
444 596
445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
598
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
601
602done:
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
446} 604}
447 605
448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 606static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
@@ -536,7 +694,151 @@ static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
536 if (!rp->status) 694 if (!rp->status)
537 bacpy(&hdev->bdaddr, &rp->bdaddr); 695 bacpy(&hdev->bdaddr, &rp->bdaddr);
538 696
539 hci_req_complete(hdev, rp->status); 697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698}
699
700static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
701{
702 __u8 status = *((__u8 *) skb->data);
703
704 BT_DBG("%s status 0x%x", hdev->name, status);
705
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
707}
708
709static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 struct sk_buff *skb)
711{
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717}
718
719static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
720{
721 __u8 status = *((__u8 *) skb->data);
722
723 BT_DBG("%s status 0x%x", hdev->name, status);
724
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726}
727
728static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 struct sk_buff *skb)
730{
731 __u8 status = *((__u8 *) skb->data);
732
733 BT_DBG("%s status 0x%x", hdev->name, status);
734
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736}
737
738static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 struct sk_buff *skb)
740{
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746}
747
748static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
749{
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755}
756
757static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
758{
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
767
768 if (rp->status != 0)
769 return;
770
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
772 if (!cp)
773 return;
774
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
776 if (conn)
777 conn->pin_length = cp->pin_len;
778}
779
780static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781{
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 rp->status);
789}
790static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct sk_buff *skb)
792{
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (rp->status)
798 return;
799
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
802
803 hdev->le_cnt = hdev->le_pkts;
804
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808}
809
810static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
811{
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
818 rp->status);
819}
820
821static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct sk_buff *skb)
823{
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831}
832
833static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
540} 842}
541 843
542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 844static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
@@ -544,11 +846,15 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
544 BT_DBG("%s status 0x%x", hdev->name, status); 846 BT_DBG("%s status 0x%x", hdev->name, status);
545 847
546 if (status) { 848 if (status) {
547 hci_req_complete(hdev, status); 849 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
548
549 hci_conn_check_pending(hdev); 850 hci_conn_check_pending(hdev);
550 } else 851 return;
551 set_bit(HCI_INQUIRY, &hdev->flags); 852 }
853
854 if (test_bit(HCI_MGMT, &hdev->flags) &&
855 !test_and_set_bit(HCI_INQUIRY,
856 &hdev->flags))
857 mgmt_discovering(hdev->id, 1);
552} 858}
553 859
554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 860static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
@@ -613,11 +919,14 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
613 hci_dev_lock(hdev); 919 hci_dev_lock(hdev);
614 920
615 acl = hci_conn_hash_lookup_handle(hdev, handle); 921 acl = hci_conn_hash_lookup_handle(hdev, handle);
616 if (acl && (sco = acl->link)) { 922 if (acl) {
617 sco->state = BT_CLOSED; 923 sco = acl->link;
924 if (sco) {
925 sco->state = BT_CLOSED;
618 926
619 hci_proto_connect_cfm(sco, status); 927 hci_proto_connect_cfm(sco, status);
620 hci_conn_del(sco); 928 hci_conn_del(sco);
929 }
621 } 930 }
622 931
623 hci_dev_unlock(hdev); 932 hci_dev_unlock(hdev);
@@ -677,9 +986,57 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
677 hci_dev_unlock(hdev); 986 hci_dev_unlock(hdev);
678} 987}
679 988
989static int hci_outgoing_auth_needed(struct hci_dev *hdev,
990 struct hci_conn *conn)
991{
992 if (conn->state != BT_CONFIG || !conn->out)
993 return 0;
994
995 if (conn->pending_sec_level == BT_SECURITY_SDP)
996 return 0;
997
998 /* Only request authentication for SSP connections or non-SSP
999 * devices with sec_level HIGH */
1000 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1001 conn->pending_sec_level != BT_SECURITY_HIGH)
1002 return 0;
1003
1004 return 1;
1005}
1006
680static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1007static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
681{ 1008{
1009 struct hci_cp_remote_name_req *cp;
1010 struct hci_conn *conn;
1011
682 BT_DBG("%s status 0x%x", hdev->name, status); 1012 BT_DBG("%s status 0x%x", hdev->name, status);
1013
1014 /* If successful wait for the name req complete event before
1015 * checking for the need to do authentication */
1016 if (!status)
1017 return;
1018
1019 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1020 if (!cp)
1021 return;
1022
1023 hci_dev_lock(hdev);
1024
1025 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1026 if (!conn)
1027 goto unlock;
1028
1029 if (!hci_outgoing_auth_needed(hdev, conn))
1030 goto unlock;
1031
1032 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1033 struct hci_cp_auth_requested cp;
1034 cp.handle = __cpu_to_le16(conn->handle);
1035 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1036 }
1037
1038unlock:
1039 hci_dev_unlock(hdev);
683} 1040}
684 1041
685static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 1042static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
@@ -758,11 +1115,14 @@ static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
758 hci_dev_lock(hdev); 1115 hci_dev_lock(hdev);
759 1116
760 acl = hci_conn_hash_lookup_handle(hdev, handle); 1117 acl = hci_conn_hash_lookup_handle(hdev, handle);
761 if (acl && (sco = acl->link)) { 1118 if (acl) {
762 sco->state = BT_CLOSED; 1119 sco = acl->link;
1120 if (sco) {
1121 sco->state = BT_CLOSED;
763 1122
764 hci_proto_connect_cfm(sco, status); 1123 hci_proto_connect_cfm(sco, status);
765 hci_conn_del(sco); 1124 hci_conn_del(sco);
1125 }
766 } 1126 }
767 1127
768 hci_dev_unlock(hdev); 1128 hci_dev_unlock(hdev);
@@ -822,15 +1182,54 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
822 hci_dev_unlock(hdev); 1182 hci_dev_unlock(hdev);
823} 1183}
824 1184
1185static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1186{
1187 struct hci_cp_le_create_conn *cp;
1188 struct hci_conn *conn;
1189
1190 BT_DBG("%s status 0x%x", hdev->name, status);
1191
1192 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1193 if (!cp)
1194 return;
1195
1196 hci_dev_lock(hdev);
1197
1198 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1199
1200 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1201 conn);
1202
1203 if (status) {
1204 if (conn && conn->state == BT_CONNECT) {
1205 conn->state = BT_CLOSED;
1206 hci_proto_connect_cfm(conn, status);
1207 hci_conn_del(conn);
1208 }
1209 } else {
1210 if (!conn) {
1211 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1212 if (conn)
1213 conn->out = 1;
1214 else
1215 BT_ERR("No memory for new connection");
1216 }
1217 }
1218
1219 hci_dev_unlock(hdev);
1220}
1221
825static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1222static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
826{ 1223{
827 __u8 status = *((__u8 *) skb->data); 1224 __u8 status = *((__u8 *) skb->data);
828 1225
829 BT_DBG("%s status %d", hdev->name, status); 1226 BT_DBG("%s status %d", hdev->name, status);
830 1227
831 clear_bit(HCI_INQUIRY, &hdev->flags); 1228 if (test_bit(HCI_MGMT, &hdev->flags) &&
1229 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1230 mgmt_discovering(hdev->id, 0);
832 1231
833 hci_req_complete(hdev, status); 1232 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
834 1233
835 hci_conn_check_pending(hdev); 1234 hci_conn_check_pending(hdev);
836} 1235}
@@ -848,7 +1247,13 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
848 1247
849 hci_dev_lock(hdev); 1248 hci_dev_lock(hdev);
850 1249
851 for (; num_rsp; num_rsp--) { 1250 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1251
1252 if (test_bit(HCI_MGMT, &hdev->flags))
1253 mgmt_discovering(hdev->id, 1);
1254 }
1255
1256 for (; num_rsp; num_rsp--, info++) {
852 bacpy(&data.bdaddr, &info->bdaddr); 1257 bacpy(&data.bdaddr, &info->bdaddr);
853 data.pscan_rep_mode = info->pscan_rep_mode; 1258 data.pscan_rep_mode = info->pscan_rep_mode;
854 data.pscan_period_mode = info->pscan_period_mode; 1259 data.pscan_period_mode = info->pscan_period_mode;
@@ -857,8 +1262,9 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
857 data.clock_offset = info->clock_offset; 1262 data.clock_offset = info->clock_offset;
858 data.rssi = 0x00; 1263 data.rssi = 0x00;
859 data.ssp_mode = 0x00; 1264 data.ssp_mode = 0x00;
860 info++;
861 hci_inquiry_cache_update(hdev, &data); 1265 hci_inquiry_cache_update(hdev, &data);
1266 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1267 NULL);
862 } 1268 }
863 1269
864 hci_dev_unlock(hdev); 1270 hci_dev_unlock(hdev);
@@ -892,6 +1298,7 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
892 conn->state = BT_CONFIG; 1298 conn->state = BT_CONFIG;
893 hci_conn_hold(conn); 1299 hci_conn_hold(conn);
894 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1300 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1301 mgmt_connected(hdev->id, &ev->bdaddr);
895 } else 1302 } else
896 conn->state = BT_CONNECTED; 1303 conn->state = BT_CONNECTED;
897 1304
@@ -920,8 +1327,11 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
920 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 1327 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
921 sizeof(cp), &cp); 1328 sizeof(cp), &cp);
922 } 1329 }
923 } else 1330 } else {
924 conn->state = BT_CLOSED; 1331 conn->state = BT_CLOSED;
1332 if (conn->type == ACL_LINK)
1333 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1334 }
925 1335
926 if (conn->type == ACL_LINK) 1336 if (conn->type == ACL_LINK)
927 hci_sco_setup(conn, ev->status); 1337 hci_sco_setup(conn, ev->status);
@@ -948,19 +1358,22 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
948 1358
949 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1359 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
950 1360
951 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 1361 if ((mask & HCI_LM_ACCEPT) &&
1362 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
952 /* Connection accepted */ 1363 /* Connection accepted */
953 struct inquiry_entry *ie; 1364 struct inquiry_entry *ie;
954 struct hci_conn *conn; 1365 struct hci_conn *conn;
955 1366
956 hci_dev_lock(hdev); 1367 hci_dev_lock(hdev);
957 1368
958 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 1369 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1370 if (ie)
959 memcpy(ie->data.dev_class, ev->dev_class, 3); 1371 memcpy(ie->data.dev_class, ev->dev_class, 3);
960 1372
961 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1373 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
962 if (!conn) { 1374 if (!conn) {
963 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 1375 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1376 if (!conn) {
964 BT_ERR("No memory for new connection"); 1377 BT_ERR("No memory for new connection");
965 hci_dev_unlock(hdev); 1378 hci_dev_unlock(hdev);
966 return; 1379 return;
@@ -1016,19 +1429,26 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff
1016 1429
1017 BT_DBG("%s status %d", hdev->name, ev->status); 1430 BT_DBG("%s status %d", hdev->name, ev->status);
1018 1431
1019 if (ev->status) 1432 if (ev->status) {
1433 mgmt_disconnect_failed(hdev->id);
1020 return; 1434 return;
1435 }
1021 1436
1022 hci_dev_lock(hdev); 1437 hci_dev_lock(hdev);
1023 1438
1024 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1439 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1025 if (conn) { 1440 if (!conn)
1026 conn->state = BT_CLOSED; 1441 goto unlock;
1027 1442
1028 hci_proto_disconn_cfm(conn, ev->reason); 1443 conn->state = BT_CLOSED;
1029 hci_conn_del(conn); 1444
1030 } 1445 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1446 mgmt_disconnected(hdev->id, &conn->dst);
1031 1447
1448 hci_proto_disconn_cfm(conn, ev->reason);
1449 hci_conn_del(conn);
1450
1451unlock:
1032 hci_dev_unlock(hdev); 1452 hci_dev_unlock(hdev);
1033} 1453}
1034 1454
@@ -1043,10 +1463,12 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1043 1463
1044 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1464 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1045 if (conn) { 1465 if (conn) {
1046 if (!ev->status) 1466 if (!ev->status) {
1047 conn->link_mode |= HCI_LM_AUTH; 1467 conn->link_mode |= HCI_LM_AUTH;
1048 else 1468 conn->sec_level = conn->pending_sec_level;
1049 conn->sec_level = BT_SECURITY_LOW; 1469 } else {
1470 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1471 }
1050 1472
1051 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1473 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1052 1474
@@ -1090,9 +1512,33 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1090 1512
1091static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1513static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1092{ 1514{
1515 struct hci_ev_remote_name *ev = (void *) skb->data;
1516 struct hci_conn *conn;
1517
1093 BT_DBG("%s", hdev->name); 1518 BT_DBG("%s", hdev->name);
1094 1519
1095 hci_conn_check_pending(hdev); 1520 hci_conn_check_pending(hdev);
1521
1522 hci_dev_lock(hdev);
1523
1524 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1525 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1526
1527 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1528 if (!conn)
1529 goto unlock;
1530
1531 if (!hci_outgoing_auth_needed(hdev, conn))
1532 goto unlock;
1533
1534 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1535 struct hci_cp_auth_requested cp;
1536 cp.handle = __cpu_to_le16(conn->handle);
1537 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1538 }
1539
1540unlock:
1541 hci_dev_unlock(hdev);
1096} 1542}
1097 1543
1098static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1544static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1162,27 +1608,39 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
1162 hci_dev_lock(hdev); 1608 hci_dev_lock(hdev);
1163 1609
1164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1165 if (conn) { 1611 if (!conn)
1166 if (!ev->status) 1612 goto unlock;
1167 memcpy(conn->features, ev->features, 8);
1168 1613
1169 if (conn->state == BT_CONFIG) { 1614 if (!ev->status)
1170 if (!ev->status && lmp_ssp_capable(hdev) && 1615 memcpy(conn->features, ev->features, 8);
1171 lmp_ssp_capable(conn)) { 1616
1172 struct hci_cp_read_remote_ext_features cp; 1617 if (conn->state != BT_CONFIG)
1173 cp.handle = ev->handle; 1618 goto unlock;
1174 cp.page = 0x01; 1619
1175 hci_send_cmd(hdev, 1620 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1176 HCI_OP_READ_REMOTE_EXT_FEATURES, 1621 struct hci_cp_read_remote_ext_features cp;
1622 cp.handle = ev->handle;
1623 cp.page = 0x01;
1624 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1177 sizeof(cp), &cp); 1625 sizeof(cp), &cp);
1178 } else { 1626 goto unlock;
1179 conn->state = BT_CONNECTED;
1180 hci_proto_connect_cfm(conn, ev->status);
1181 hci_conn_put(conn);
1182 }
1183 }
1184 } 1627 }
1185 1628
1629 if (!ev->status) {
1630 struct hci_cp_remote_name_req cp;
1631 memset(&cp, 0, sizeof(cp));
1632 bacpy(&cp.bdaddr, &conn->dst);
1633 cp.pscan_rep_mode = 0x02;
1634 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1635 }
1636
1637 if (!hci_outgoing_auth_needed(hdev, conn)) {
1638 conn->state = BT_CONNECTED;
1639 hci_proto_connect_cfm(conn, ev->status);
1640 hci_conn_put(conn);
1641 }
1642
1643unlock:
1186 hci_dev_unlock(hdev); 1644 hci_dev_unlock(hdev);
1187} 1645}
1188 1646
@@ -1310,11 +1768,62 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
1310 hci_cc_read_bd_addr(hdev, skb); 1768 hci_cc_read_bd_addr(hdev, skb);
1311 break; 1769 break;
1312 1770
1771 case HCI_OP_WRITE_CA_TIMEOUT:
1772 hci_cc_write_ca_timeout(hdev, skb);
1773 break;
1774
1775 case HCI_OP_DELETE_STORED_LINK_KEY:
1776 hci_cc_delete_stored_link_key(hdev, skb);
1777 break;
1778
1779 case HCI_OP_SET_EVENT_MASK:
1780 hci_cc_set_event_mask(hdev, skb);
1781 break;
1782
1783 case HCI_OP_WRITE_INQUIRY_MODE:
1784 hci_cc_write_inquiry_mode(hdev, skb);
1785 break;
1786
1787 case HCI_OP_READ_INQ_RSP_TX_POWER:
1788 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1789 break;
1790
1791 case HCI_OP_SET_EVENT_FLT:
1792 hci_cc_set_event_flt(hdev, skb);
1793 break;
1794
1795 case HCI_OP_PIN_CODE_REPLY:
1796 hci_cc_pin_code_reply(hdev, skb);
1797 break;
1798
1799 case HCI_OP_PIN_CODE_NEG_REPLY:
1800 hci_cc_pin_code_neg_reply(hdev, skb);
1801 break;
1802
1803 case HCI_OP_READ_LOCAL_OOB_DATA:
1804 hci_cc_read_local_oob_data_reply(hdev, skb);
1805 break;
1806
1807 case HCI_OP_LE_READ_BUFFER_SIZE:
1808 hci_cc_le_read_buffer_size(hdev, skb);
1809 break;
1810
1811 case HCI_OP_USER_CONFIRM_REPLY:
1812 hci_cc_user_confirm_reply(hdev, skb);
1813 break;
1814
1815 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1816 hci_cc_user_confirm_neg_reply(hdev, skb);
1817 break;
1818
1313 default: 1819 default:
1314 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1820 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1315 break; 1821 break;
1316 } 1822 }
1317 1823
1824 if (ev->opcode != HCI_OP_NOP)
1825 del_timer(&hdev->cmd_timer);
1826
1318 if (ev->ncmd) { 1827 if (ev->ncmd) {
1319 atomic_set(&hdev->cmd_cnt, 1); 1828 atomic_set(&hdev->cmd_cnt, 1);
1320 if (!skb_queue_empty(&hdev->cmd_q)) 1829 if (!skb_queue_empty(&hdev->cmd_q))
@@ -1376,12 +1885,24 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1376 hci_cs_exit_sniff_mode(hdev, ev->status); 1885 hci_cs_exit_sniff_mode(hdev, ev->status);
1377 break; 1886 break;
1378 1887
1888 case HCI_OP_DISCONNECT:
1889 if (ev->status != 0)
1890 mgmt_disconnect_failed(hdev->id);
1891 break;
1892
1893 case HCI_OP_LE_CREATE_CONN:
1894 hci_cs_le_create_conn(hdev, ev->status);
1895 break;
1896
1379 default: 1897 default:
1380 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1898 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1381 break; 1899 break;
1382 } 1900 }
1383 1901
1384 if (ev->ncmd) { 1902 if (ev->opcode != HCI_OP_NOP)
1903 del_timer(&hdev->cmd_timer);
1904
1905 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1385 atomic_set(&hdev->cmd_cnt, 1); 1906 atomic_set(&hdev->cmd_cnt, 1);
1386 if (!skb_queue_empty(&hdev->cmd_q)) 1907 if (!skb_queue_empty(&hdev->cmd_q))
1387 tasklet_schedule(&hdev->cmd_task); 1908 tasklet_schedule(&hdev->cmd_task);
@@ -1443,10 +1964,22 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
1443 conn->sent -= count; 1964 conn->sent -= count;
1444 1965
1445 if (conn->type == ACL_LINK) { 1966 if (conn->type == ACL_LINK) {
1446 if ((hdev->acl_cnt += count) > hdev->acl_pkts) 1967 hdev->acl_cnt += count;
1968 if (hdev->acl_cnt > hdev->acl_pkts)
1447 hdev->acl_cnt = hdev->acl_pkts; 1969 hdev->acl_cnt = hdev->acl_pkts;
1970 } else if (conn->type == LE_LINK) {
1971 if (hdev->le_pkts) {
1972 hdev->le_cnt += count;
1973 if (hdev->le_cnt > hdev->le_pkts)
1974 hdev->le_cnt = hdev->le_pkts;
1975 } else {
1976 hdev->acl_cnt += count;
1977 if (hdev->acl_cnt > hdev->acl_pkts)
1978 hdev->acl_cnt = hdev->acl_pkts;
1979 }
1448 } else { 1980 } else {
1449 if ((hdev->sco_cnt += count) > hdev->sco_pkts) 1981 hdev->sco_cnt += count;
1982 if (hdev->sco_cnt > hdev->sco_pkts)
1450 hdev->sco_cnt = hdev->sco_pkts; 1983 hdev->sco_cnt = hdev->sco_pkts;
1451 } 1984 }
1452 } 1985 }
@@ -1501,18 +2034,92 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
1501 hci_conn_put(conn); 2034 hci_conn_put(conn);
1502 } 2035 }
1503 2036
2037 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2038 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2039 sizeof(ev->bdaddr), &ev->bdaddr);
2040 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2041 u8 secure;
2042
2043 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2044 secure = 1;
2045 else
2046 secure = 0;
2047
2048 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2049 }
2050
1504 hci_dev_unlock(hdev); 2051 hci_dev_unlock(hdev);
1505} 2052}
1506 2053
1507static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2054static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1508{ 2055{
2056 struct hci_ev_link_key_req *ev = (void *) skb->data;
2057 struct hci_cp_link_key_reply cp;
2058 struct hci_conn *conn;
2059 struct link_key *key;
2060
1509 BT_DBG("%s", hdev->name); 2061 BT_DBG("%s", hdev->name);
2062
2063 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2064 return;
2065
2066 hci_dev_lock(hdev);
2067
2068 key = hci_find_link_key(hdev, &ev->bdaddr);
2069 if (!key) {
2070 BT_DBG("%s link key not found for %s", hdev->name,
2071 batostr(&ev->bdaddr));
2072 goto not_found;
2073 }
2074
2075 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2076 batostr(&ev->bdaddr));
2077
2078 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2079 key->type == HCI_LK_DEBUG_COMBINATION) {
2080 BT_DBG("%s ignoring debug key", hdev->name);
2081 goto not_found;
2082 }
2083
2084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2085 if (conn) {
2086 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2087 conn->auth_type != 0xff &&
2088 (conn->auth_type & 0x01)) {
2089 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2090 goto not_found;
2091 }
2092
2093 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2094 conn->pending_sec_level == BT_SECURITY_HIGH) {
2095 BT_DBG("%s ignoring key unauthenticated for high \
2096 security", hdev->name);
2097 goto not_found;
2098 }
2099
2100 conn->key_type = key->type;
2101 conn->pin_length = key->pin_len;
2102 }
2103
2104 bacpy(&cp.bdaddr, &ev->bdaddr);
2105 memcpy(cp.link_key, key->val, 16);
2106
2107 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2108
2109 hci_dev_unlock(hdev);
2110
2111 return;
2112
2113not_found:
2114 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2115 hci_dev_unlock(hdev);
1510} 2116}
1511 2117
1512static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2118static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1513{ 2119{
1514 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2120 struct hci_ev_link_key_notify *ev = (void *) skb->data;
1515 struct hci_conn *conn; 2121 struct hci_conn *conn;
2122 u8 pin_len = 0;
1516 2123
1517 BT_DBG("%s", hdev->name); 2124 BT_DBG("%s", hdev->name);
1518 2125
@@ -1522,9 +2129,18 @@ static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff
1522 if (conn) { 2129 if (conn) {
1523 hci_conn_hold(conn); 2130 hci_conn_hold(conn);
1524 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2131 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2132 pin_len = conn->pin_length;
2133
2134 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2135 conn->key_type = ev->key_type;
2136
1525 hci_conn_put(conn); 2137 hci_conn_put(conn);
1526 } 2138 }
1527 2139
2140 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2141 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2142 ev->key_type, pin_len);
2143
1528 hci_dev_unlock(hdev); 2144 hci_dev_unlock(hdev);
1529} 2145}
1530 2146
@@ -1541,7 +2157,8 @@ static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *sk
1541 if (conn && !ev->status) { 2157 if (conn && !ev->status) {
1542 struct inquiry_entry *ie; 2158 struct inquiry_entry *ie;
1543 2159
1544 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 2160 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2161 if (ie) {
1545 ie->data.clock_offset = ev->clock_offset; 2162 ie->data.clock_offset = ev->clock_offset;
1546 ie->timestamp = jiffies; 2163 ie->timestamp = jiffies;
1547 } 2164 }
@@ -1575,7 +2192,8 @@ static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *
1575 2192
1576 hci_dev_lock(hdev); 2193 hci_dev_lock(hdev);
1577 2194
1578 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) { 2195 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2196 if (ie) {
1579 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 2197 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1580 ie->timestamp = jiffies; 2198 ie->timestamp = jiffies;
1581 } 2199 }
@@ -1595,10 +2213,17 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1595 2213
1596 hci_dev_lock(hdev); 2214 hci_dev_lock(hdev);
1597 2215
2216 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2217
2218 if (test_bit(HCI_MGMT, &hdev->flags))
2219 mgmt_discovering(hdev->id, 1);
2220 }
2221
1598 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2222 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1599 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 2223 struct inquiry_info_with_rssi_and_pscan_mode *info;
2224 info = (void *) (skb->data + 1);
1600 2225
1601 for (; num_rsp; num_rsp--) { 2226 for (; num_rsp; num_rsp--, info++) {
1602 bacpy(&data.bdaddr, &info->bdaddr); 2227 bacpy(&data.bdaddr, &info->bdaddr);
1603 data.pscan_rep_mode = info->pscan_rep_mode; 2228 data.pscan_rep_mode = info->pscan_rep_mode;
1604 data.pscan_period_mode = info->pscan_period_mode; 2229 data.pscan_period_mode = info->pscan_period_mode;
@@ -1607,13 +2232,15 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1607 data.clock_offset = info->clock_offset; 2232 data.clock_offset = info->clock_offset;
1608 data.rssi = info->rssi; 2233 data.rssi = info->rssi;
1609 data.ssp_mode = 0x00; 2234 data.ssp_mode = 0x00;
1610 info++;
1611 hci_inquiry_cache_update(hdev, &data); 2235 hci_inquiry_cache_update(hdev, &data);
2236 mgmt_device_found(hdev->id, &info->bdaddr,
2237 info->dev_class, info->rssi,
2238 NULL);
1612 } 2239 }
1613 } else { 2240 } else {
1614 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 2241 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1615 2242
1616 for (; num_rsp; num_rsp--) { 2243 for (; num_rsp; num_rsp--, info++) {
1617 bacpy(&data.bdaddr, &info->bdaddr); 2244 bacpy(&data.bdaddr, &info->bdaddr);
1618 data.pscan_rep_mode = info->pscan_rep_mode; 2245 data.pscan_rep_mode = info->pscan_rep_mode;
1619 data.pscan_period_mode = info->pscan_period_mode; 2246 data.pscan_period_mode = info->pscan_period_mode;
@@ -1622,8 +2249,10 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1622 data.clock_offset = info->clock_offset; 2249 data.clock_offset = info->clock_offset;
1623 data.rssi = info->rssi; 2250 data.rssi = info->rssi;
1624 data.ssp_mode = 0x00; 2251 data.ssp_mode = 0x00;
1625 info++;
1626 hci_inquiry_cache_update(hdev, &data); 2252 hci_inquiry_cache_update(hdev, &data);
2253 mgmt_device_found(hdev->id, &info->bdaddr,
2254 info->dev_class, info->rssi,
2255 NULL);
1627 } 2256 }
1628 } 2257 }
1629 2258
@@ -1640,32 +2269,37 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
1640 hci_dev_lock(hdev); 2269 hci_dev_lock(hdev);
1641 2270
1642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2271 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1643 if (conn) { 2272 if (!conn)
1644 if (!ev->status && ev->page == 0x01) { 2273 goto unlock;
1645 struct inquiry_entry *ie; 2274
2275 if (!ev->status && ev->page == 0x01) {
2276 struct inquiry_entry *ie;
1646 2277
1647 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) 2278 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
1648 ie->data.ssp_mode = (ev->features[0] & 0x01); 2279 if (ie)
2280 ie->data.ssp_mode = (ev->features[0] & 0x01);
1649 2281
1650 conn->ssp_mode = (ev->features[0] & 0x01); 2282 conn->ssp_mode = (ev->features[0] & 0x01);
1651 } 2283 }
1652 2284
1653 if (conn->state == BT_CONFIG) { 2285 if (conn->state != BT_CONFIG)
1654 if (!ev->status && hdev->ssp_mode > 0 && 2286 goto unlock;
1655 conn->ssp_mode > 0 && conn->out && 2287
1656 conn->sec_level != BT_SECURITY_SDP) { 2288 if (!ev->status) {
1657 struct hci_cp_auth_requested cp; 2289 struct hci_cp_remote_name_req cp;
1658 cp.handle = ev->handle; 2290 memset(&cp, 0, sizeof(cp));
1659 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 2291 bacpy(&cp.bdaddr, &conn->dst);
1660 sizeof(cp), &cp); 2292 cp.pscan_rep_mode = 0x02;
1661 } else { 2293 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1662 conn->state = BT_CONNECTED; 2294 }
1663 hci_proto_connect_cfm(conn, ev->status); 2295
1664 hci_conn_put(conn); 2296 if (!hci_outgoing_auth_needed(hdev, conn)) {
1665 } 2297 conn->state = BT_CONNECTED;
1666 } 2298 hci_proto_connect_cfm(conn, ev->status);
2299 hci_conn_put(conn);
1667 } 2300 }
1668 2301
2302unlock:
1669 hci_dev_unlock(hdev); 2303 hci_dev_unlock(hdev);
1670} 2304}
1671 2305
@@ -1732,17 +2366,8 @@ static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buf
1732static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 2366static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1733{ 2367{
1734 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2368 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1735 struct hci_conn *conn;
1736 2369
1737 BT_DBG("%s status %d", hdev->name, ev->status); 2370 BT_DBG("%s status %d", hdev->name, ev->status);
1738
1739 hci_dev_lock(hdev);
1740
1741 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1742 if (conn) {
1743 }
1744
1745 hci_dev_unlock(hdev);
1746} 2371}
1747 2372
1748static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 2373static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1756,24 +2381,50 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1756 if (!num_rsp) 2381 if (!num_rsp)
1757 return; 2382 return;
1758 2383
2384 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2385
2386 if (test_bit(HCI_MGMT, &hdev->flags))
2387 mgmt_discovering(hdev->id, 1);
2388 }
2389
1759 hci_dev_lock(hdev); 2390 hci_dev_lock(hdev);
1760 2391
1761 for (; num_rsp; num_rsp--) { 2392 for (; num_rsp; num_rsp--, info++) {
1762 bacpy(&data.bdaddr, &info->bdaddr); 2393 bacpy(&data.bdaddr, &info->bdaddr);
1763 data.pscan_rep_mode = info->pscan_rep_mode; 2394 data.pscan_rep_mode = info->pscan_rep_mode;
1764 data.pscan_period_mode = info->pscan_period_mode; 2395 data.pscan_period_mode = info->pscan_period_mode;
1765 data.pscan_mode = 0x00; 2396 data.pscan_mode = 0x00;
1766 memcpy(data.dev_class, info->dev_class, 3); 2397 memcpy(data.dev_class, info->dev_class, 3);
1767 data.clock_offset = info->clock_offset; 2398 data.clock_offset = info->clock_offset;
1768 data.rssi = info->rssi; 2399 data.rssi = info->rssi;
1769 data.ssp_mode = 0x01; 2400 data.ssp_mode = 0x01;
1770 info++;
1771 hci_inquiry_cache_update(hdev, &data); 2401 hci_inquiry_cache_update(hdev, &data);
2402 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2403 info->rssi, info->data);
1772 } 2404 }
1773 2405
1774 hci_dev_unlock(hdev); 2406 hci_dev_unlock(hdev);
1775} 2407}
1776 2408
2409static inline u8 hci_get_auth_req(struct hci_conn *conn)
2410{
2411 /* If remote requests dedicated bonding follow that lead */
2412 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2413 /* If both remote and local IO capabilities allow MITM
2414 * protection then require it, otherwise don't */
2415 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2416 return 0x02;
2417 else
2418 return 0x03;
2419 }
2420
2421 /* If remote requests no-bonding follow that lead */
2422 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2423 return conn->remote_auth | (conn->auth_type & 0x01);
2424
2425 return conn->auth_type;
2426}
2427
1777static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2428static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1778{ 2429{
1779 struct hci_ev_io_capa_request *ev = (void *) skb->data; 2430 struct hci_ev_io_capa_request *ev = (void *) skb->data;
@@ -1784,9 +2435,131 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
1784 hci_dev_lock(hdev); 2435 hci_dev_lock(hdev);
1785 2436
1786 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2437 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1787 if (conn) 2438 if (!conn)
1788 hci_conn_hold(conn); 2439 goto unlock;
2440
2441 hci_conn_hold(conn);
2442
2443 if (!test_bit(HCI_MGMT, &hdev->flags))
2444 goto unlock;
1789 2445
2446 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2447 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2448 struct hci_cp_io_capability_reply cp;
2449
2450 bacpy(&cp.bdaddr, &ev->bdaddr);
2451 cp.capability = conn->io_capability;
2452 conn->auth_type = hci_get_auth_req(conn);
2453 cp.authentication = conn->auth_type;
2454
2455 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2456 hci_find_remote_oob_data(hdev, &conn->dst))
2457 cp.oob_data = 0x01;
2458 else
2459 cp.oob_data = 0x00;
2460
2461 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2462 sizeof(cp), &cp);
2463 } else {
2464 struct hci_cp_io_capability_neg_reply cp;
2465
2466 bacpy(&cp.bdaddr, &ev->bdaddr);
2467 cp.reason = 0x18; /* Pairing not allowed */
2468
2469 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2470 sizeof(cp), &cp);
2471 }
2472
2473unlock:
2474 hci_dev_unlock(hdev);
2475}
2476
2477static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2478{
2479 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2480 struct hci_conn *conn;
2481
2482 BT_DBG("%s", hdev->name);
2483
2484 hci_dev_lock(hdev);
2485
2486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2487 if (!conn)
2488 goto unlock;
2489
2490 conn->remote_cap = ev->capability;
2491 conn->remote_oob = ev->oob_data;
2492 conn->remote_auth = ev->authentication;
2493
2494unlock:
2495 hci_dev_unlock(hdev);
2496}
2497
2498static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2499 struct sk_buff *skb)
2500{
2501 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2502 int loc_mitm, rem_mitm, confirm_hint = 0;
2503 struct hci_conn *conn;
2504
2505 BT_DBG("%s", hdev->name);
2506
2507 hci_dev_lock(hdev);
2508
2509 if (!test_bit(HCI_MGMT, &hdev->flags))
2510 goto unlock;
2511
2512 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2513 if (!conn)
2514 goto unlock;
2515
2516 loc_mitm = (conn->auth_type & 0x01);
2517 rem_mitm = (conn->remote_auth & 0x01);
2518
2519 /* If we require MITM but the remote device can't provide that
2520 * (it has NoInputNoOutput) then reject the confirmation
2521 * request. The only exception is when we're dedicated bonding
2522 * initiators (connect_cfm_cb set) since then we always have the MITM
2523 * bit set. */
2524 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2525 BT_DBG("Rejecting request: remote device can't provide MITM");
2526 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2527 sizeof(ev->bdaddr), &ev->bdaddr);
2528 goto unlock;
2529 }
2530
2531 /* If no side requires MITM protection; auto-accept */
2532 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2533 (!rem_mitm || conn->io_capability == 0x03)) {
2534
2535 /* If we're not the initiators request authorization to
2536 * proceed from user space (mgmt_user_confirm with
2537 * confirm_hint set to 1). */
2538 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2539 BT_DBG("Confirming auto-accept as acceptor");
2540 confirm_hint = 1;
2541 goto confirm;
2542 }
2543
2544 BT_DBG("Auto-accept of user confirmation with %ums delay",
2545 hdev->auto_accept_delay);
2546
2547 if (hdev->auto_accept_delay > 0) {
2548 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2549 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2550 goto unlock;
2551 }
2552
2553 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2554 sizeof(ev->bdaddr), &ev->bdaddr);
2555 goto unlock;
2556 }
2557
2558confirm:
2559 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2560 confirm_hint);
2561
2562unlock:
1790 hci_dev_unlock(hdev); 2563 hci_dev_unlock(hdev);
1791} 2564}
1792 2565
@@ -1800,9 +2573,20 @@ static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_
1800 hci_dev_lock(hdev); 2573 hci_dev_lock(hdev);
1801 2574
1802 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2575 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1803 if (conn) 2576 if (!conn)
1804 hci_conn_put(conn); 2577 goto unlock;
1805 2578
2579 /* To avoid duplicate auth_failed events to user space we check
2580 * the HCI_CONN_AUTH_PEND flag which will be set if we
2581 * initiated the authentication. A traditional auth_complete
2582 * event gets always produced as initiator and is also mapped to
2583 * the mgmt_auth_failed event */
2584 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2585 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2586
2587 hci_conn_put(conn);
2588
2589unlock:
1806 hci_dev_unlock(hdev); 2590 hci_dev_unlock(hdev);
1807} 2591}
1808 2592
@@ -1815,12 +2599,105 @@ static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_
1815 2599
1816 hci_dev_lock(hdev); 2600 hci_dev_lock(hdev);
1817 2601
1818 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 2602 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2603 if (ie)
1819 ie->data.ssp_mode = (ev->features[0] & 0x01); 2604 ie->data.ssp_mode = (ev->features[0] & 0x01);
1820 2605
1821 hci_dev_unlock(hdev); 2606 hci_dev_unlock(hdev);
1822} 2607}
1823 2608
2609static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2610 struct sk_buff *skb)
2611{
2612 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2613 struct oob_data *data;
2614
2615 BT_DBG("%s", hdev->name);
2616
2617 hci_dev_lock(hdev);
2618
2619 if (!test_bit(HCI_MGMT, &hdev->flags))
2620 goto unlock;
2621
2622 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2623 if (data) {
2624 struct hci_cp_remote_oob_data_reply cp;
2625
2626 bacpy(&cp.bdaddr, &ev->bdaddr);
2627 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2628 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2629
2630 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2631 &cp);
2632 } else {
2633 struct hci_cp_remote_oob_data_neg_reply cp;
2634
2635 bacpy(&cp.bdaddr, &ev->bdaddr);
2636 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2637 &cp);
2638 }
2639
2640unlock:
2641 hci_dev_unlock(hdev);
2642}
2643
2644static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2645{
2646 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2647 struct hci_conn *conn;
2648
2649 BT_DBG("%s status %d", hdev->name, ev->status);
2650
2651 hci_dev_lock(hdev);
2652
2653 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2654 if (!conn) {
2655 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2656 if (!conn) {
2657 BT_ERR("No memory for new connection");
2658 hci_dev_unlock(hdev);
2659 return;
2660 }
2661 }
2662
2663 if (ev->status) {
2664 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2665 hci_proto_connect_cfm(conn, ev->status);
2666 conn->state = BT_CLOSED;
2667 hci_conn_del(conn);
2668 goto unlock;
2669 }
2670
2671 mgmt_connected(hdev->id, &ev->bdaddr);
2672
2673 conn->handle = __le16_to_cpu(ev->handle);
2674 conn->state = BT_CONNECTED;
2675
2676 hci_conn_hold_device(conn);
2677 hci_conn_add_sysfs(conn);
2678
2679 hci_proto_connect_cfm(conn, ev->status);
2680
2681unlock:
2682 hci_dev_unlock(hdev);
2683}
2684
2685static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686{
2687 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2688
2689 skb_pull(skb, sizeof(*le_ev));
2690
2691 switch (le_ev->subevent) {
2692 case HCI_EV_LE_CONN_COMPLETE:
2693 hci_le_conn_complete_evt(hdev, skb);
2694 break;
2695
2696 default:
2697 break;
2698 }
2699}
2700
1824void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 2701void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1825{ 2702{
1826 struct hci_event_hdr *hdr = (void *) skb->data; 2703 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -1949,6 +2826,14 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1949 hci_io_capa_request_evt(hdev, skb); 2826 hci_io_capa_request_evt(hdev, skb);
1950 break; 2827 break;
1951 2828
2829 case HCI_EV_IO_CAPA_REPLY:
2830 hci_io_capa_reply_evt(hdev, skb);
2831 break;
2832
2833 case HCI_EV_USER_CONFIRM_REQUEST:
2834 hci_user_confirm_request_evt(hdev, skb);
2835 break;
2836
1952 case HCI_EV_SIMPLE_PAIR_COMPLETE: 2837 case HCI_EV_SIMPLE_PAIR_COMPLETE:
1953 hci_simple_pair_complete_evt(hdev, skb); 2838 hci_simple_pair_complete_evt(hdev, skb);
1954 break; 2839 break;
@@ -1957,6 +2842,14 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1957 hci_remote_host_features_evt(hdev, skb); 2842 hci_remote_host_features_evt(hdev, skb);
1958 break; 2843 break;
1959 2844
2845 case HCI_EV_LE_META:
2846 hci_le_meta_evt(hdev, skb);
2847 break;
2848
2849 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2850 hci_remote_oob_data_request_evt(hdev, skb);
2851 break;
2852
1960 default: 2853 default:
1961 BT_DBG("%s event 0x%x", hdev->name, event); 2854 BT_DBG("%s event 0x%x", hdev->name, event);
1962 break; 2855 break;
@@ -1990,6 +2883,6 @@ void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1990 2883
1991 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 2884 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1992 skb->dev = (void *) hdev; 2885 skb->dev = (void *) hdev;
1993 hci_send_to_sock(hdev, skb); 2886 hci_send_to_sock(hdev, skb, NULL);
1994 kfree_skb(skb); 2887 kfree_skb(skb);
1995} 2888}
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-16 01:05:34 -0400