aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/hci_event.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/hci_event.c')
-rw-r--r--net/bluetooth/hci_event.c693
1 files changed, 649 insertions, 44 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index a290854fdaa6..b2570159a044 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -183,6 +183,8 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 183
184 BT_DBG("%s status 0x%x", hdev->name, status); 184 BT_DBG("%s status 0x%x", hdev->name, status);
185 185
186 clear_bit(HCI_RESET, &hdev->flags);
187
186 hci_req_complete(hdev, HCI_OP_RESET, status); 188 hci_req_complete(hdev, HCI_OP_RESET, status);
187} 189}
188 190
@@ -274,15 +276,24 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274 276
275 if (!status) { 277 if (!status) {
276 __u8 param = *((__u8 *) sent); 278 __u8 param = *((__u8 *) sent);
279 int old_pscan, old_iscan;
277 280
278 clear_bit(HCI_PSCAN, &hdev->flags); 281 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
279 clear_bit(HCI_ISCAN, &hdev->flags); 282 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
280 283
281 if (param & SCAN_INQUIRY) 284 if (param & SCAN_INQUIRY) {
282 set_bit(HCI_ISCAN, &hdev->flags); 285 set_bit(HCI_ISCAN, &hdev->flags);
286 if (!old_iscan)
287 mgmt_discoverable(hdev->id, 1);
288 } else if (old_iscan)
289 mgmt_discoverable(hdev->id, 0);
283 290
284 if (param & SCAN_PAGE) 291 if (param & SCAN_PAGE) {
285 set_bit(HCI_PSCAN, &hdev->flags); 292 set_bit(HCI_PSCAN, &hdev->flags);
293 if (!old_pscan)
294 mgmt_connectable(hdev->id, 1);
295 } else if (old_pscan)
296 mgmt_connectable(hdev->id, 0);
286 } 297 }
287 298
288 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status); 299 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
@@ -415,6 +426,115 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
415 hdev->ssp_mode = *((__u8 *) sent); 426 hdev->ssp_mode = *((__u8 *) sent);
416} 427}
417 428
429static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
430{
431 if (hdev->features[6] & LMP_EXT_INQ)
432 return 2;
433
434 if (hdev->features[3] & LMP_RSSI_INQ)
435 return 1;
436
437 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
438 hdev->lmp_subver == 0x0757)
439 return 1;
440
441 if (hdev->manufacturer == 15) {
442 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
443 return 1;
444 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
445 return 1;
446 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
447 return 1;
448 }
449
450 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
451 hdev->lmp_subver == 0x1805)
452 return 1;
453
454 return 0;
455}
456
457static void hci_setup_inquiry_mode(struct hci_dev *hdev)
458{
459 u8 mode;
460
461 mode = hci_get_inquiry_mode(hdev);
462
463 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
464}
465
466static void hci_setup_event_mask(struct hci_dev *hdev)
467{
468 /* The second byte is 0xff instead of 0x9f (two reserved bits
469 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
470 * command otherwise */
471 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
472
473 /* Events for 1.2 and newer controllers */
474 if (hdev->lmp_ver > 1) {
475 events[4] |= 0x01; /* Flow Specification Complete */
476 events[4] |= 0x02; /* Inquiry Result with RSSI */
477 events[4] |= 0x04; /* Read Remote Extended Features Complete */
478 events[5] |= 0x08; /* Synchronous Connection Complete */
479 events[5] |= 0x10; /* Synchronous Connection Changed */
480 }
481
482 if (hdev->features[3] & LMP_RSSI_INQ)
483 events[4] |= 0x04; /* Inquiry Result with RSSI */
484
485 if (hdev->features[5] & LMP_SNIFF_SUBR)
486 events[5] |= 0x20; /* Sniff Subrating */
487
488 if (hdev->features[5] & LMP_PAUSE_ENC)
489 events[5] |= 0x80; /* Encryption Key Refresh Complete */
490
491 if (hdev->features[6] & LMP_EXT_INQ)
492 events[5] |= 0x40; /* Extended Inquiry Result */
493
494 if (hdev->features[6] & LMP_NO_FLUSH)
495 events[7] |= 0x01; /* Enhanced Flush Complete */
496
497 if (hdev->features[7] & LMP_LSTO)
498 events[6] |= 0x80; /* Link Supervision Timeout Changed */
499
500 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
501 events[6] |= 0x01; /* IO Capability Request */
502 events[6] |= 0x02; /* IO Capability Response */
503 events[6] |= 0x04; /* User Confirmation Request */
504 events[6] |= 0x08; /* User Passkey Request */
505 events[6] |= 0x10; /* Remote OOB Data Request */
506 events[6] |= 0x20; /* Simple Pairing Complete */
507 events[7] |= 0x04; /* User Passkey Notification */
508 events[7] |= 0x08; /* Keypress Notification */
509 events[7] |= 0x10; /* Remote Host Supported
510 * Features Notification */
511 }
512
513 if (hdev->features[4] & LMP_LE)
514 events[7] |= 0x20; /* LE Meta-Event */
515
516 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
517}
518
519static void hci_setup(struct hci_dev *hdev)
520{
521 hci_setup_event_mask(hdev);
522
523 if (hdev->lmp_ver > 1)
524 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
525
526 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
527 u8 mode = 0x01;
528 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
529 }
530
531 if (hdev->features[3] & LMP_RSSI_INQ)
532 hci_setup_inquiry_mode(hdev);
533
534 if (hdev->features[7] & LMP_INQ_TX_PWR)
535 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
536}
537
418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 538static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
419{ 539{
420 struct hci_rp_read_local_version *rp = (void *) skb->data; 540 struct hci_rp_read_local_version *rp = (void *) skb->data;
@@ -426,11 +546,34 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
426 546
427 hdev->hci_ver = rp->hci_ver; 547 hdev->hci_ver = rp->hci_ver;
428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 548 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
549 hdev->lmp_ver = rp->lmp_ver;
429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 550 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
551 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
430 552
431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 553 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
432 hdev->manufacturer, 554 hdev->manufacturer,
433 hdev->hci_ver, hdev->hci_rev); 555 hdev->hci_ver, hdev->hci_rev);
556
557 if (test_bit(HCI_INIT, &hdev->flags))
558 hci_setup(hdev);
559}
560
561static void hci_setup_link_policy(struct hci_dev *hdev)
562{
563 u16 link_policy = 0;
564
565 if (hdev->features[0] & LMP_RSWITCH)
566 link_policy |= HCI_LP_RSWITCH;
567 if (hdev->features[0] & LMP_HOLD)
568 link_policy |= HCI_LP_HOLD;
569 if (hdev->features[0] & LMP_SNIFF)
570 link_policy |= HCI_LP_SNIFF;
571 if (hdev->features[1] & LMP_PARK)
572 link_policy |= HCI_LP_PARK;
573
574 link_policy = cpu_to_le16(link_policy);
575 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
576 sizeof(link_policy), &link_policy);
434} 577}
435 578
436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 579static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
@@ -440,9 +583,15 @@ static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb
440 BT_DBG("%s status 0x%x", hdev->name, rp->status); 583 BT_DBG("%s status 0x%x", hdev->name, rp->status);
441 584
442 if (rp->status) 585 if (rp->status)
443 return; 586 goto done;
444 587
445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 588 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
589
590 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
591 hci_setup_link_policy(hdev);
592
593done:
594 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
446} 595}
447 596
448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 597static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
@@ -548,6 +697,130 @@ static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
548 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 697 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
549} 698}
550 699
700static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
701 struct sk_buff *skb)
702{
703 __u8 status = *((__u8 *) skb->data);
704
705 BT_DBG("%s status 0x%x", hdev->name, status);
706
707 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
708}
709
710static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
711{
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
717}
718
719static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
720 struct sk_buff *skb)
721{
722 __u8 status = *((__u8 *) skb->data);
723
724 BT_DBG("%s status 0x%x", hdev->name, status);
725
726 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
727}
728
729static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
730 struct sk_buff *skb)
731{
732 __u8 status = *((__u8 *) skb->data);
733
734 BT_DBG("%s status 0x%x", hdev->name, status);
735
736 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
737}
738
739static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
740{
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
746}
747
748static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
749{
750 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
751 struct hci_cp_pin_code_reply *cp;
752 struct hci_conn *conn;
753
754 BT_DBG("%s status 0x%x", hdev->name, rp->status);
755
756 if (test_bit(HCI_MGMT, &hdev->flags))
757 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
758
759 if (rp->status != 0)
760 return;
761
762 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
763 if (!cp)
764 return;
765
766 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
767 if (conn)
768 conn->pin_length = cp->pin_len;
769}
770
771static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
774
775 BT_DBG("%s status 0x%x", hdev->name, rp->status);
776
777 if (test_bit(HCI_MGMT, &hdev->flags))
778 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
779 rp->status);
780}
781static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
782 struct sk_buff *skb)
783{
784 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
785
786 BT_DBG("%s status 0x%x", hdev->name, rp->status);
787
788 if (rp->status)
789 return;
790
791 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
792 hdev->le_pkts = rp->le_max_pkt;
793
794 hdev->le_cnt = hdev->le_pkts;
795
796 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
797
798 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
799}
800
801static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
802{
803 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
804
805 BT_DBG("%s status 0x%x", hdev->name, rp->status);
806
807 if (test_bit(HCI_MGMT, &hdev->flags))
808 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
809 rp->status);
810}
811
812static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
813 struct sk_buff *skb)
814{
815 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
816
817 BT_DBG("%s status 0x%x", hdev->name, rp->status);
818
819 if (test_bit(HCI_MGMT, &hdev->flags))
820 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
821 rp->status);
822}
823
551static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 824static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
552{ 825{
553 BT_DBG("%s status 0x%x", hdev->name, status); 826 BT_DBG("%s status 0x%x", hdev->name, status);
@@ -622,11 +895,14 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
622 hci_dev_lock(hdev); 895 hci_dev_lock(hdev);
623 896
624 acl = hci_conn_hash_lookup_handle(hdev, handle); 897 acl = hci_conn_hash_lookup_handle(hdev, handle);
625 if (acl && (sco = acl->link)) { 898 if (acl) {
626 sco->state = BT_CLOSED; 899 sco = acl->link;
900 if (sco) {
901 sco->state = BT_CLOSED;
627 902
628 hci_proto_connect_cfm(sco, status); 903 hci_proto_connect_cfm(sco, status);
629 hci_conn_del(sco); 904 hci_conn_del(sco);
905 }
630 } 906 }
631 907
632 hci_dev_unlock(hdev); 908 hci_dev_unlock(hdev);
@@ -687,7 +963,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
687} 963}
688 964
689static int hci_outgoing_auth_needed(struct hci_dev *hdev, 965static int hci_outgoing_auth_needed(struct hci_dev *hdev,
690 struct hci_conn *conn) 966 struct hci_conn *conn)
691{ 967{
692 if (conn->state != BT_CONFIG || !conn->out) 968 if (conn->state != BT_CONFIG || !conn->out)
693 return 0; 969 return 0;
@@ -808,11 +1084,14 @@ static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
808 hci_dev_lock(hdev); 1084 hci_dev_lock(hdev);
809 1085
810 acl = hci_conn_hash_lookup_handle(hdev, handle); 1086 acl = hci_conn_hash_lookup_handle(hdev, handle);
811 if (acl && (sco = acl->link)) { 1087 if (acl) {
812 sco->state = BT_CLOSED; 1088 sco = acl->link;
1089 if (sco) {
1090 sco->state = BT_CLOSED;
813 1091
814 hci_proto_connect_cfm(sco, status); 1092 hci_proto_connect_cfm(sco, status);
815 hci_conn_del(sco); 1093 hci_conn_del(sco);
1094 }
816 } 1095 }
817 1096
818 hci_dev_unlock(hdev); 1097 hci_dev_unlock(hdev);
@@ -872,6 +1151,43 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
872 hci_dev_unlock(hdev); 1151 hci_dev_unlock(hdev);
873} 1152}
874 1153
1154static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1155{
1156 struct hci_cp_le_create_conn *cp;
1157 struct hci_conn *conn;
1158
1159 BT_DBG("%s status 0x%x", hdev->name, status);
1160
1161 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1162 if (!cp)
1163 return;
1164
1165 hci_dev_lock(hdev);
1166
1167 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1168
1169 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1170 conn);
1171
1172 if (status) {
1173 if (conn && conn->state == BT_CONNECT) {
1174 conn->state = BT_CLOSED;
1175 hci_proto_connect_cfm(conn, status);
1176 hci_conn_del(conn);
1177 }
1178 } else {
1179 if (!conn) {
1180 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1181 if (conn)
1182 conn->out = 1;
1183 else
1184 BT_ERR("No memory for new connection");
1185 }
1186 }
1187
1188 hci_dev_unlock(hdev);
1189}
1190
875static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1191static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
876{ 1192{
877 __u8 status = *((__u8 *) skb->data); 1193 __u8 status = *((__u8 *) skb->data);
@@ -942,6 +1258,7 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
942 conn->state = BT_CONFIG; 1258 conn->state = BT_CONFIG;
943 hci_conn_hold(conn); 1259 hci_conn_hold(conn);
944 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1260 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1261 mgmt_connected(hdev->id, &ev->bdaddr);
945 } else 1262 } else
946 conn->state = BT_CONNECTED; 1263 conn->state = BT_CONNECTED;
947 1264
@@ -970,8 +1287,11 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
970 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 1287 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
971 sizeof(cp), &cp); 1288 sizeof(cp), &cp);
972 } 1289 }
973 } else 1290 } else {
974 conn->state = BT_CLOSED; 1291 conn->state = BT_CLOSED;
1292 if (conn->type == ACL_LINK)
1293 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1294 }
975 1295
976 if (conn->type == ACL_LINK) 1296 if (conn->type == ACL_LINK)
977 hci_sco_setup(conn, ev->status); 1297 hci_sco_setup(conn, ev->status);
@@ -998,7 +1318,8 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
998 1318
999 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1319 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1000 1320
1001 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 1321 if ((mask & HCI_LM_ACCEPT) &&
1322 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1002 /* Connection accepted */ 1323 /* Connection accepted */
1003 struct inquiry_entry *ie; 1324 struct inquiry_entry *ie;
1004 struct hci_conn *conn; 1325 struct hci_conn *conn;
@@ -1068,19 +1389,26 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff
1068 1389
1069 BT_DBG("%s status %d", hdev->name, ev->status); 1390 BT_DBG("%s status %d", hdev->name, ev->status);
1070 1391
1071 if (ev->status) 1392 if (ev->status) {
1393 mgmt_disconnect_failed(hdev->id);
1072 return; 1394 return;
1395 }
1073 1396
1074 hci_dev_lock(hdev); 1397 hci_dev_lock(hdev);
1075 1398
1076 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1399 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1077 if (conn) { 1400 if (!conn)
1078 conn->state = BT_CLOSED; 1401 goto unlock;
1079 1402
1080 hci_proto_disconn_cfm(conn, ev->reason); 1403 conn->state = BT_CLOSED;
1081 hci_conn_del(conn); 1404
1082 } 1405 if (conn->type == ACL_LINK)
1406 mgmt_disconnected(hdev->id, &conn->dst);
1407
1408 hci_proto_disconn_cfm(conn, ev->reason);
1409 hci_conn_del(conn);
1083 1410
1411unlock:
1084 hci_dev_unlock(hdev); 1412 hci_dev_unlock(hdev);
1085} 1413}
1086 1414
@@ -1098,8 +1426,10 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1098 if (!ev->status) { 1426 if (!ev->status) {
1099 conn->link_mode |= HCI_LM_AUTH; 1427 conn->link_mode |= HCI_LM_AUTH;
1100 conn->sec_level = conn->pending_sec_level; 1428 conn->sec_level = conn->pending_sec_level;
1101 } else 1429 } else {
1430 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1102 conn->sec_level = BT_SECURITY_LOW; 1431 conn->sec_level = BT_SECURITY_LOW;
1432 }
1103 1433
1104 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1434 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1105 1435
@@ -1393,11 +1723,54 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
1393 hci_cc_write_ca_timeout(hdev, skb); 1723 hci_cc_write_ca_timeout(hdev, skb);
1394 break; 1724 break;
1395 1725
1726 case HCI_OP_DELETE_STORED_LINK_KEY:
1727 hci_cc_delete_stored_link_key(hdev, skb);
1728 break;
1729
1730 case HCI_OP_SET_EVENT_MASK:
1731 hci_cc_set_event_mask(hdev, skb);
1732 break;
1733
1734 case HCI_OP_WRITE_INQUIRY_MODE:
1735 hci_cc_write_inquiry_mode(hdev, skb);
1736 break;
1737
1738 case HCI_OP_READ_INQ_RSP_TX_POWER:
1739 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1740 break;
1741
1742 case HCI_OP_SET_EVENT_FLT:
1743 hci_cc_set_event_flt(hdev, skb);
1744 break;
1745
1746 case HCI_OP_PIN_CODE_REPLY:
1747 hci_cc_pin_code_reply(hdev, skb);
1748 break;
1749
1750 case HCI_OP_PIN_CODE_NEG_REPLY:
1751 hci_cc_pin_code_neg_reply(hdev, skb);
1752 break;
1753
1754 case HCI_OP_LE_READ_BUFFER_SIZE:
1755 hci_cc_le_read_buffer_size(hdev, skb);
1756 break;
1757
1758 case HCI_OP_USER_CONFIRM_REPLY:
1759 hci_cc_user_confirm_reply(hdev, skb);
1760 break;
1761
1762 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1763 hci_cc_user_confirm_neg_reply(hdev, skb);
1764 break;
1765
1396 default: 1766 default:
1397 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1767 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1398 break; 1768 break;
1399 } 1769 }
1400 1770
1771 if (ev->opcode != HCI_OP_NOP)
1772 del_timer(&hdev->cmd_timer);
1773
1401 if (ev->ncmd) { 1774 if (ev->ncmd) {
1402 atomic_set(&hdev->cmd_cnt, 1); 1775 atomic_set(&hdev->cmd_cnt, 1);
1403 if (!skb_queue_empty(&hdev->cmd_q)) 1776 if (!skb_queue_empty(&hdev->cmd_q))
@@ -1459,12 +1832,24 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1459 hci_cs_exit_sniff_mode(hdev, ev->status); 1832 hci_cs_exit_sniff_mode(hdev, ev->status);
1460 break; 1833 break;
1461 1834
1835 case HCI_OP_DISCONNECT:
1836 if (ev->status != 0)
1837 mgmt_disconnect_failed(hdev->id);
1838 break;
1839
1840 case HCI_OP_LE_CREATE_CONN:
1841 hci_cs_le_create_conn(hdev, ev->status);
1842 break;
1843
1462 default: 1844 default:
1463 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1845 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1464 break; 1846 break;
1465 } 1847 }
1466 1848
1467 if (ev->ncmd) { 1849 if (ev->opcode != HCI_OP_NOP)
1850 del_timer(&hdev->cmd_timer);
1851
1852 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1468 atomic_set(&hdev->cmd_cnt, 1); 1853 atomic_set(&hdev->cmd_cnt, 1);
1469 if (!skb_queue_empty(&hdev->cmd_q)) 1854 if (!skb_queue_empty(&hdev->cmd_q))
1470 tasklet_schedule(&hdev->cmd_task); 1855 tasklet_schedule(&hdev->cmd_task);
@@ -1529,6 +1914,16 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
1529 hdev->acl_cnt += count; 1914 hdev->acl_cnt += count;
1530 if (hdev->acl_cnt > hdev->acl_pkts) 1915 if (hdev->acl_cnt > hdev->acl_pkts)
1531 hdev->acl_cnt = hdev->acl_pkts; 1916 hdev->acl_cnt = hdev->acl_pkts;
1917 } else if (conn->type == LE_LINK) {
1918 if (hdev->le_pkts) {
1919 hdev->le_cnt += count;
1920 if (hdev->le_cnt > hdev->le_pkts)
1921 hdev->le_cnt = hdev->le_pkts;
1922 } else {
1923 hdev->acl_cnt += count;
1924 if (hdev->acl_cnt > hdev->acl_pkts)
1925 hdev->acl_cnt = hdev->acl_pkts;
1926 }
1532 } else { 1927 } else {
1533 hdev->sco_cnt += count; 1928 hdev->sco_cnt += count;
1534 if (hdev->sco_cnt > hdev->sco_pkts) 1929 if (hdev->sco_cnt > hdev->sco_pkts)
@@ -1586,18 +1981,72 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
1586 hci_conn_put(conn); 1981 hci_conn_put(conn);
1587 } 1982 }
1588 1983
1984 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
1985 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1986 sizeof(ev->bdaddr), &ev->bdaddr);
1987
1988 if (test_bit(HCI_MGMT, &hdev->flags))
1989 mgmt_pin_code_request(hdev->id, &ev->bdaddr);
1990
1589 hci_dev_unlock(hdev); 1991 hci_dev_unlock(hdev);
1590} 1992}
1591 1993
1592static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1994static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1593{ 1995{
1996 struct hci_ev_link_key_req *ev = (void *) skb->data;
1997 struct hci_cp_link_key_reply cp;
1998 struct hci_conn *conn;
1999 struct link_key *key;
2000
1594 BT_DBG("%s", hdev->name); 2001 BT_DBG("%s", hdev->name);
2002
2003 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2004 return;
2005
2006 hci_dev_lock(hdev);
2007
2008 key = hci_find_link_key(hdev, &ev->bdaddr);
2009 if (!key) {
2010 BT_DBG("%s link key not found for %s", hdev->name,
2011 batostr(&ev->bdaddr));
2012 goto not_found;
2013 }
2014
2015 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2016 batostr(&ev->bdaddr));
2017
2018 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) {
2019 BT_DBG("%s ignoring debug key", hdev->name);
2020 goto not_found;
2021 }
2022
2023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2024
2025 if (key->type == 0x04 && conn && conn->auth_type != 0xff &&
2026 (conn->auth_type & 0x01)) {
2027 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2028 goto not_found;
2029 }
2030
2031 bacpy(&cp.bdaddr, &ev->bdaddr);
2032 memcpy(cp.link_key, key->val, 16);
2033
2034 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2035
2036 hci_dev_unlock(hdev);
2037
2038 return;
2039
2040not_found:
2041 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2042 hci_dev_unlock(hdev);
1595} 2043}
1596 2044
1597static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2045static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598{ 2046{
1599 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2047 struct hci_ev_link_key_notify *ev = (void *) skb->data;
1600 struct hci_conn *conn; 2048 struct hci_conn *conn;
2049 u8 pin_len = 0;
1601 2050
1602 BT_DBG("%s", hdev->name); 2051 BT_DBG("%s", hdev->name);
1603 2052
@@ -1607,9 +2056,14 @@ static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff
1607 if (conn) { 2056 if (conn) {
1608 hci_conn_hold(conn); 2057 hci_conn_hold(conn);
1609 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2058 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2059 pin_len = conn->pin_length;
1610 hci_conn_put(conn); 2060 hci_conn_put(conn);
1611 } 2061 }
1612 2062
2063 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2064 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
2065 ev->key_type, pin_len);
2066
1613 hci_dev_unlock(hdev); 2067 hci_dev_unlock(hdev);
1614} 2068}
1615 2069
@@ -1683,7 +2137,8 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1683 hci_dev_lock(hdev); 2137 hci_dev_lock(hdev);
1684 2138
1685 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2139 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1686 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 2140 struct inquiry_info_with_rssi_and_pscan_mode *info;
2141 info = (void *) (skb->data + 1);
1687 2142
1688 for (; num_rsp; num_rsp--) { 2143 for (; num_rsp; num_rsp--) {
1689 bacpy(&data.bdaddr, &info->bdaddr); 2144 bacpy(&data.bdaddr, &info->bdaddr);
@@ -1824,17 +2279,8 @@ static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buf
1824static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 2279static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1825{ 2280{
1826 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2281 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1827 struct hci_conn *conn;
1828 2282
1829 BT_DBG("%s status %d", hdev->name, ev->status); 2283 BT_DBG("%s status %d", hdev->name, ev->status);
1830
1831 hci_dev_lock(hdev);
1832
1833 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1834 if (conn) {
1835 }
1836
1837 hci_dev_unlock(hdev);
1838} 2284}
1839 2285
1840static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 2286static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1852,12 +2298,12 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1852 2298
1853 for (; num_rsp; num_rsp--) { 2299 for (; num_rsp; num_rsp--) {
1854 bacpy(&data.bdaddr, &info->bdaddr); 2300 bacpy(&data.bdaddr, &info->bdaddr);
1855 data.pscan_rep_mode = info->pscan_rep_mode; 2301 data.pscan_rep_mode = info->pscan_rep_mode;
1856 data.pscan_period_mode = info->pscan_period_mode; 2302 data.pscan_period_mode = info->pscan_period_mode;
1857 data.pscan_mode = 0x00; 2303 data.pscan_mode = 0x00;
1858 memcpy(data.dev_class, info->dev_class, 3); 2304 memcpy(data.dev_class, info->dev_class, 3);
1859 data.clock_offset = info->clock_offset; 2305 data.clock_offset = info->clock_offset;
1860 data.rssi = info->rssi; 2306 data.rssi = info->rssi;
1861 data.ssp_mode = 0x01; 2307 data.ssp_mode = 0x01;
1862 info++; 2308 info++;
1863 hci_inquiry_cache_update(hdev, &data); 2309 hci_inquiry_cache_update(hdev, &data);
@@ -1866,6 +2312,25 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1866 hci_dev_unlock(hdev); 2312 hci_dev_unlock(hdev);
1867} 2313}
1868 2314
2315static inline u8 hci_get_auth_req(struct hci_conn *conn)
2316{
2317 /* If remote requests dedicated bonding follow that lead */
2318 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2319 /* If both remote and local IO capabilities allow MITM
2320 * protection then require it, otherwise don't */
2321 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2322 return 0x02;
2323 else
2324 return 0x03;
2325 }
2326
2327 /* If remote requests no-bonding follow that lead */
2328 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2329 return 0x00;
2330
2331 return conn->auth_type;
2332}
2333
1869static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2334static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1870{ 2335{
1871 struct hci_ev_io_capa_request *ev = (void *) skb->data; 2336 struct hci_ev_io_capa_request *ev = (void *) skb->data;
@@ -1876,8 +2341,71 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
1876 hci_dev_lock(hdev); 2341 hci_dev_lock(hdev);
1877 2342
1878 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2343 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1879 if (conn) 2344 if (!conn)
1880 hci_conn_hold(conn); 2345 goto unlock;
2346
2347 hci_conn_hold(conn);
2348
2349 if (!test_bit(HCI_MGMT, &hdev->flags))
2350 goto unlock;
2351
2352 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2353 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2354 struct hci_cp_io_capability_reply cp;
2355
2356 bacpy(&cp.bdaddr, &ev->bdaddr);
2357 cp.capability = conn->io_capability;
2358 cp.oob_data = 0;
2359 cp.authentication = hci_get_auth_req(conn);
2360
2361 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2362 sizeof(cp), &cp);
2363 } else {
2364 struct hci_cp_io_capability_neg_reply cp;
2365
2366 bacpy(&cp.bdaddr, &ev->bdaddr);
2367 cp.reason = 0x16; /* Pairing not allowed */
2368
2369 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2370 sizeof(cp), &cp);
2371 }
2372
2373unlock:
2374 hci_dev_unlock(hdev);
2375}
2376
2377static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2378{
2379 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2380 struct hci_conn *conn;
2381
2382 BT_DBG("%s", hdev->name);
2383
2384 hci_dev_lock(hdev);
2385
2386 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2387 if (!conn)
2388 goto unlock;
2389
2390 conn->remote_cap = ev->capability;
2391 conn->remote_oob = ev->oob_data;
2392 conn->remote_auth = ev->authentication;
2393
2394unlock:
2395 hci_dev_unlock(hdev);
2396}
2397
2398static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2399 struct sk_buff *skb)
2400{
2401 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2402
2403 BT_DBG("%s", hdev->name);
2404
2405 hci_dev_lock(hdev);
2406
2407 if (test_bit(HCI_MGMT, &hdev->flags))
2408 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey);
1881 2409
1882 hci_dev_unlock(hdev); 2410 hci_dev_unlock(hdev);
1883} 2411}
@@ -1892,9 +2420,20 @@ static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_
1892 hci_dev_lock(hdev); 2420 hci_dev_lock(hdev);
1893 2421
1894 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1895 if (conn) 2423 if (!conn)
1896 hci_conn_put(conn); 2424 goto unlock;
2425
2426 /* To avoid duplicate auth_failed events to user space we check
2427 * the HCI_CONN_AUTH_PEND flag which will be set if we
2428 * initiated the authentication. A traditional auth_complete
2429 * event gets always produced as initiator and is also mapped to
2430 * the mgmt_auth_failed event */
2431 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2432 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2433
2434 hci_conn_put(conn);
1897 2435
2436unlock:
1898 hci_dev_unlock(hdev); 2437 hci_dev_unlock(hdev);
1899} 2438}
1900 2439
@@ -1914,6 +2453,60 @@ static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_
1914 hci_dev_unlock(hdev); 2453 hci_dev_unlock(hdev);
1915} 2454}
1916 2455
2456static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2457{
2458 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2459 struct hci_conn *conn;
2460
2461 BT_DBG("%s status %d", hdev->name, ev->status);
2462
2463 hci_dev_lock(hdev);
2464
2465 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2466 if (!conn) {
2467 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2468 if (!conn) {
2469 BT_ERR("No memory for new connection");
2470 hci_dev_unlock(hdev);
2471 return;
2472 }
2473 }
2474
2475 if (ev->status) {
2476 hci_proto_connect_cfm(conn, ev->status);
2477 conn->state = BT_CLOSED;
2478 hci_conn_del(conn);
2479 goto unlock;
2480 }
2481
2482 conn->handle = __le16_to_cpu(ev->handle);
2483 conn->state = BT_CONNECTED;
2484
2485 hci_conn_hold_device(conn);
2486 hci_conn_add_sysfs(conn);
2487
2488 hci_proto_connect_cfm(conn, ev->status);
2489
2490unlock:
2491 hci_dev_unlock(hdev);
2492}
2493
2494static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2495{
2496 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2497
2498 skb_pull(skb, sizeof(*le_ev));
2499
2500 switch (le_ev->subevent) {
2501 case HCI_EV_LE_CONN_COMPLETE:
2502 hci_le_conn_complete_evt(hdev, skb);
2503 break;
2504
2505 default:
2506 break;
2507 }
2508}
2509
1917void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 2510void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1918{ 2511{
1919 struct hci_event_hdr *hdr = (void *) skb->data; 2512 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -2042,6 +2635,14 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2042 hci_io_capa_request_evt(hdev, skb); 2635 hci_io_capa_request_evt(hdev, skb);
2043 break; 2636 break;
2044 2637
2638 case HCI_EV_IO_CAPA_REPLY:
2639 hci_io_capa_reply_evt(hdev, skb);
2640 break;
2641
2642 case HCI_EV_USER_CONFIRM_REQUEST:
2643 hci_user_confirm_request_evt(hdev, skb);
2644 break;
2645
2045 case HCI_EV_SIMPLE_PAIR_COMPLETE: 2646 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2046 hci_simple_pair_complete_evt(hdev, skb); 2647 hci_simple_pair_complete_evt(hdev, skb);
2047 break; 2648 break;
@@ -2050,6 +2651,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2050 hci_remote_host_features_evt(hdev, skb); 2651 hci_remote_host_features_evt(hdev, skb);
2051 break; 2652 break;
2052 2653
2654 case HCI_EV_LE_META:
2655 hci_le_meta_evt(hdev, skb);
2656 break;
2657
2053 default: 2658 default:
2054 BT_DBG("%s event 0x%x", hdev->name, event); 2659 BT_DBG("%s event 0x%x", hdev->name, event);
2055 break; 2660 break;
@@ -2083,6 +2688,6 @@ void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2083 2688
2084 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 2689 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2085 skb->dev = (void *) hdev; 2690 skb->dev = (void *) hdev;
2086 hci_send_to_sock(hdev, skb); 2691 hci_send_to_sock(hdev, skb, NULL);
2087 kfree_skb(skb); 2692 kfree_skb(skb);
2088} 2693}
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-02 08:43:44 -0400