修改4g拨号为QMI,需要在系统里后台执行quectel-CM

hc

2024-10-22 8ac6c7a54ed1b98d142dce24b11c6de6a1e239a5

 kernel/net/bluetooth/hci_event.c
..
..
@@ -35,6 +35,7 @@
35
35
 #include "a2mp.h"
36
36
 #include "amp.h"
37
37
 #include "smp.h"
38
+#include "msft.h"
38
39
 
39
40
 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40
41
 		 "\x00\x00\x00\x00\x00\x00\x00\x00"
..
..
@@ -594,6 +595,51 @@
594
595
 		memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
595
596
 }
596
597
 
598
+static void hci_cc_read_auth_payload_timeout(struct hci_dev *hdev,
599
+					     struct sk_buff *skb)
600
+{
601
+	struct hci_rp_read_auth_payload_to *rp = (void *)skb->data;
602
+	struct hci_conn *conn;
603
+
604
+	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605
+
606
+	if (rp->status)
607
+		return;
608
+
609
+	hci_dev_lock(hdev);
610
+
611
+	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
612
+	if (conn)
613
+		conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
614
+
615
+	hci_dev_unlock(hdev);
616
+}
617
+
618
+static void hci_cc_write_auth_payload_timeout(struct hci_dev *hdev,
619
+					      struct sk_buff *skb)
620
+{
621
+	struct hci_rp_write_auth_payload_to *rp = (void *)skb->data;
622
+	struct hci_conn *conn;
623
+	void *sent;
624
+
625
+	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
626
+
627
+	if (rp->status)
628
+		return;
629
+
630
+	sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
631
+	if (!sent)
632
+		return;
633
+
634
+	hci_dev_lock(hdev);
635
+
636
+	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
637
+	if (conn)
638
+		conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
639
+
640
+	hci_dev_unlock(hdev);
641
+}
642
+
597
643
 static void hci_cc_read_local_features(struct hci_dev *hdev,
598
644
 				       struct sk_buff *skb)
599
645
 {
..
..
@@ -714,6 +760,23 @@
714
760
 
715
761
 	if (hci_dev_test_flag(hdev, HCI_SETUP))
716
762
 		bacpy(&hdev->setup_addr, &rp->bdaddr);
763
+}
764
+
765
+static void hci_cc_read_local_pairing_opts(struct hci_dev *hdev,
766
+					   struct sk_buff *skb)
767
+{
768
+	struct hci_rp_read_local_pairing_opts *rp = (void *) skb->data;
769
+
770
+	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
771
+
772
+	if (rp->status)
773
+		return;
774
+
775
+	if (hci_dev_test_flag(hdev, HCI_SETUP) ||
776
+	    hci_dev_test_flag(hdev, HCI_CONFIG)) {
777
+		hdev->pairing_opts = rp->pairing_opts;
778
+		hdev->max_enc_key_size = rp->max_key_size;
779
+	}
717
780
 }
718
781
 
719
782
 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
..
..
@@ -869,6 +932,37 @@
869
932
 		return;
870
933
 
871
934
 	hdev->inq_tx_power = rp->tx_power;
935
+}
936
+
937
+static void hci_cc_read_def_err_data_reporting(struct hci_dev *hdev,
938
+					       struct sk_buff *skb)
939
+{
940
+	struct hci_rp_read_def_err_data_reporting *rp = (void *)skb->data;
941
+
942
+	BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943
+
944
+	if (rp->status)
945
+		return;
946
+
947
+	hdev->err_data_reporting = rp->err_data_reporting;
948
+}
949
+
950
+static void hci_cc_write_def_err_data_reporting(struct hci_dev *hdev,
951
+						struct sk_buff *skb)
952
+{
953
+	__u8 status = *((__u8 *)skb->data);
954
+	struct hci_cp_write_def_err_data_reporting *cp;
955
+
956
+	BT_DBG("%s status 0x%2.2x", hdev->name, status);
957
+
958
+	if (status)
959
+		return;
960
+
961
+	cp = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING);
962
+	if (!cp)
963
+		return;
964
+
965
+	hdev->err_data_reporting = cp->err_data_reporting;
872
966
 }
873
967
 
874
968
 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
..
..
@@ -1470,6 +1564,45 @@
1470
1564
 
1471
1565
 	hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1472
1566
 	hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1567
+}
1568
+
1569
+static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1570
+					 struct sk_buff *skb)
1571
+{
1572
+	struct hci_cp_le_add_to_resolv_list *sent;
1573
+	__u8 status = *((__u8 *) skb->data);
1574
+
1575
+	BT_DBG("%s status 0x%2.2x", hdev->name, status);
1576
+
1577
+	if (status)
1578
+		return;
1579
+
1580
+	sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1581
+	if (!sent)
1582
+		return;
1583
+
1584
+	hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1585
+				sent->bdaddr_type, sent->peer_irk,
1586
+				sent->local_irk);
1587
+}
1588
+
1589
+static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1590
+					  struct sk_buff *skb)
1591
+{
1592
+	struct hci_cp_le_del_from_resolv_list *sent;
1593
+	__u8 status = *((__u8 *) skb->data);
1594
+
1595
+	BT_DBG("%s status 0x%2.2x", hdev->name, status);
1596
+
1597
+	if (status)
1598
+		return;
1599
+
1600
+	sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1601
+	if (!sent)
1602
+		return;
1603
+
1604
+	hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1605
+			    sent->bdaddr_type);
1473
1606
 }
1474
1607
 
1475
1608
 static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
..
..
@@ -2136,9 +2269,21 @@
2136
2269
 	hci_dev_lock(hdev);
2137
2270
 
2138
2271
 	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2139
-	if (conn)
2272
+	if (conn) {
2273
+		u8 type = conn->type;
2274
+
2140
2275
 		mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2141
2276
 				       conn->dst_type, status);
2277
+
2278
+		/* If the disconnection failed for any reason, the upper layer
2279
+		 * does not retry to disconnect in current implementation.
2280
+		 * Hence, we need to do some basic cleanup here and re-enable
2281
+		 * advertising if necessary.
2282
+		 */
2283
+		hci_conn_del(conn);
2284
+		if (type == LE_LINK)
2285
+			hci_req_reenable_advertising(hdev);
2286
+	}
2142
2287
 
2143
2288
 	hci_dev_unlock(hdev);
2144
2289
 }
..
..
@@ -2153,6 +2298,22 @@
2153
2298
 				       peer_addr_type);
2154
2299
 	if (!conn)
2155
2300
 		return;
2301
+
2302
+	/* When using controller based address resolution, then the new
2303
+	 * address types 0x02 and 0x03 are used. These types need to be
2304
+	 * converted back into either public address or random address type
2305
+	 */
2306
+	if (use_ll_privacy(hdev) &&
2307
+	    hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) {
2308
+		switch (own_address_type) {
2309
+		case ADDR_LE_DEV_PUBLIC_RESOLVED:
2310
+			own_address_type = ADDR_LE_DEV_PUBLIC;
2311
+			break;
2312
+		case ADDR_LE_DEV_RANDOM_RESOLVED:
2313
+			own_address_type = ADDR_LE_DEV_RANDOM;
2314
+			break;
2315
+		}
2316
+	}
2156
2317
 
2157
2318
 	/* Store the initiator and responder address information which
2158
2319
 	 * is needed for SMP. These values will not change during the
..
..
@@ -2416,14 +2577,36 @@
2416
2577
 
2417
2578
 	conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2418
2579
 	if (!conn) {
2419
-		if (ev->link_type != SCO_LINK)
2420
-			goto unlock;
2580
+		/* Connection may not exist if auto-connected. Check the bredr
2581
+		 * allowlist to see if this device is allowed to auto connect.
2582
+		 * If link is an ACL type, create a connection class
2583
+		 * automatically.
2584
+		 *
2585
+		 * Auto-connect will only occur if the event filter is
2586
+		 * programmed with a given address. Right now, event filter is
2587
+		 * only used during suspend.
2588
+		 */
2589
+		if (ev->link_type == ACL_LINK &&
2590
+		    hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
2591
+						      &ev->bdaddr,
2592
+						      BDADDR_BREDR)) {
2593
+			conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2594
+					    HCI_ROLE_SLAVE);
2595
+			if (!conn) {
2596
+				bt_dev_err(hdev, "no memory for new conn");
2597
+				goto unlock;
2598
+			}
2599
+		} else {
2600
+			if (ev->link_type != SCO_LINK)
2601
+				goto unlock;
2421
2602
 
2422
-		conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2423
-		if (!conn)
2424
-			goto unlock;
2603
+			conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK,
2604
+						       &ev->bdaddr);
2605
+			if (!conn)
2606
+				goto unlock;
2425
2607
 
2426
-		conn->type = SCO_LINK;
2608
+			conn->type = SCO_LINK;
2609
+		}
2427
2610
 	}
2428
2611
 
2429
2612
 	if (!ev->status) {
..
..
@@ -2481,8 +2664,16 @@
2481
2664
 	if (ev->status) {
2482
2665
 		hci_connect_cfm(conn, ev->status);
2483
2666
 		hci_conn_del(conn);
2484
-	} else if (ev->link_type != ACL_LINK)
2667
+	} else if (ev->link_type == SCO_LINK) {
2668
+		switch (conn->setting & SCO_AIRMODE_MASK) {
2669
+		case SCO_AIRMODE_CVSD:
2670
+			if (hdev->notify)
2671
+				hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
2672
+			break;
2673
+		}
2674
+
2485
2675
 		hci_connect_cfm(conn, ev->status);
2676
+	}
2486
2677
 
2487
2678
 unlock:
2488
2679
 	hci_dev_unlock(hdev);
..
..
@@ -2530,10 +2721,10 @@
2530
2721
 	 */
2531
2722
 	if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2532
2723
 	    !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2533
-	    !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2534
-				    BDADDR_BREDR)) {
2535
-		    hci_reject_conn(hdev, &ev->bdaddr);
2536
-		    return;
2724
+	    !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr,
2725
+					       BDADDR_BREDR)) {
2726
+		hci_reject_conn(hdev, &ev->bdaddr);
2727
+		return;
2537
2728
 	}
2538
2729
 
2539
2730
 	/* Connection accepted */
..
..
@@ -2568,9 +2759,9 @@
2568
2759
 		bacpy(&cp.bdaddr, &ev->bdaddr);
2569
2760
 
2570
2761
 		if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2571
-			cp.role = 0x00; /* Become master */
2762
+			cp.role = 0x00; /* Become central */
2572
2763
 		else
2573
-			cp.role = 0x01; /* Remain slave */
2764
+			cp.role = 0x01; /* Remain peripheral */
2574
2765
 
2575
2766
 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2576
2767
 	} else if (!(flags & HCI_PROTO_DEFER)) {
..
..
@@ -2658,7 +2849,7 @@
2658
2849
 		case HCI_AUTO_CONN_LINK_LOSS:
2659
2850
 			if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2660
2851
 				break;
2661
-			/* Fall through */
2852
+			fallthrough;
2662
2853
 
2663
2854
 		case HCI_AUTO_CONN_DIRECT:
2664
2855
 		case HCI_AUTO_CONN_ALWAYS:
..
..
@@ -2676,6 +2867,14 @@
2676
2867
 
2677
2868
 	hci_disconn_cfm(conn, ev->reason);
2678
2869
 	hci_conn_del(conn);
2870
+
2871
+	/* The suspend notifier is waiting for all devices to disconnect so
2872
+	 * clear the bit from pending tasks and inform the wait queue.
2873
+	 */
2874
+	if (list_empty(&hdev->conn_hash.list) &&
2875
+	    test_and_clear_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks)) {
2876
+		wake_up(&hdev->suspend_wait_q);
2877
+	}
2679
2878
 
2680
2879
 	/* Re-enable advertising if necessary, since it might
2681
2880
 	 * have been disabled by the connection. From the
..
..
@@ -2829,14 +3028,14 @@
2829
3028
 	if (!conn)
2830
3029
 		goto unlock;
2831
3030
 
2832
-	/* If we fail to read the encryption key size, assume maximum
2833
-	 * (which is the same we do also when this HCI command isn't
2834
-	 * supported.
3031
+	/* While unexpected, the read_enc_key_size command may fail. The most
3032
+	 * secure approach is to then assume the key size is 0 to force a
3033
+	 * disconnection.
2835
3034
 	 */
2836
3035
 	if (rp->status) {
2837
3036
 		bt_dev_err(hdev, "failed to read key size for handle %u",
2838
3037
 			   handle);
2839
-		conn->enc_key_size = HCI_LINK_KEY_SIZE;
3038
+		conn->enc_key_size = 0;
2840
3039
 	} else {
2841
3040
 		conn->enc_key_size = rp->key_size;
2842
3041
 	}
..
..
@@ -2933,6 +3132,25 @@
2933
3132
 		}
2934
3133
 
2935
3134
 		goto unlock;
3135
+	}
3136
+
3137
+	/* Set the default Authenticated Payload Timeout after
3138
+	 * an LE Link is established. As per Core Spec v5.0, Vol 2, Part B
3139
+	 * Section 3.3, the HCI command WRITE_AUTH_PAYLOAD_TIMEOUT should be
3140
+	 * sent when the link is active and Encryption is enabled, the conn
3141
+	 * type can be either LE or ACL and controller must support LMP Ping.
3142
+	 * Ensure for AES-CCM encryption as well.
3143
+	 */
3144
+	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3145
+	    test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3146
+	    ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3147
+	     (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3148
+		struct hci_cp_write_auth_payload_to cp;
3149
+
3150
+		cp.handle = cpu_to_le16(conn->handle);
3151
+		cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3152
+		hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3153
+			     sizeof(cp), &cp);
2936
3154
 	}
2937
3155
 
2938
3156
 notify:
..
..
@@ -3123,6 +3341,14 @@
3123
3341
 		hci_cc_write_sc_support(hdev, skb);
3124
3342
 		break;
3125
3343
 
3344
+	case HCI_OP_READ_AUTH_PAYLOAD_TO:
3345
+		hci_cc_read_auth_payload_timeout(hdev, skb);
3346
+		break;
3347
+
3348
+	case HCI_OP_WRITE_AUTH_PAYLOAD_TO:
3349
+		hci_cc_write_auth_payload_timeout(hdev, skb);
3350
+		break;
3351
+
3126
3352
 	case HCI_OP_READ_LOCAL_VERSION:
3127
3353
 		hci_cc_read_local_version(hdev, skb);
3128
3354
 		break;
..
..
@@ -3145,6 +3371,10 @@
3145
3371
 
3146
3372
 	case HCI_OP_READ_BD_ADDR:
3147
3373
 		hci_cc_read_bd_addr(hdev, skb);
3374
+		break;
3375
+
3376
+	case HCI_OP_READ_LOCAL_PAIRING_OPTS:
3377
+		hci_cc_read_local_pairing_opts(hdev, skb);
3148
3378
 		break;
3149
3379
 
3150
3380
 	case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
..
..
@@ -3181,6 +3411,14 @@
3181
3411
 
3182
3412
 	case HCI_OP_READ_INQ_RSP_TX_POWER:
3183
3413
 		hci_cc_read_inq_rsp_tx_power(hdev, skb);
3414
+		break;
3415
+
3416
+	case HCI_OP_READ_DEF_ERR_DATA_REPORTING:
3417
+		hci_cc_read_def_err_data_reporting(hdev, skb);
3418
+		break;
3419
+
3420
+	case HCI_OP_WRITE_DEF_ERR_DATA_REPORTING:
3421
+		hci_cc_write_def_err_data_reporting(hdev, skb);
3184
3422
 		break;
3185
3423
 
3186
3424
 	case HCI_OP_PIN_CODE_REPLY:
..
..
@@ -3269,6 +3507,14 @@
3269
3507
 
3270
3508
 	case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3271
3509
 		hci_cc_le_write_def_data_len(hdev, skb);
3510
+		break;
3511
+
3512
+	case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3513
+		hci_cc_le_add_to_resolv_list(hdev, skb);
3514
+		break;
3515
+
3516
+	case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3517
+		hci_cc_le_del_from_resolv_list(hdev, skb);
3272
3518
 		break;
3273
3519
 
3274
3520
 	case HCI_OP_LE_CLEAR_RESOLV_LIST:
..
..
@@ -3513,8 +3759,8 @@
3513
3759
 		return;
3514
3760
 	}
3515
3761
 
3516
-	if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3517
-	    ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3762
+	if (skb->len < sizeof(*ev) ||
3763
+	    skb->len < struct_size(ev, handles, ev->num_hndl)) {
3518
3764
 		BT_DBG("%s bad parameters", hdev->name);
3519
3765
 		return;
3520
3766
 	}
..
..
@@ -3601,8 +3847,8 @@
3601
3847
 		return;
3602
3848
 	}
3603
3849
 
3604
-	if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3605
-	    ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3850
+	if (skb->len < sizeof(*ev) ||
3851
+	    skb->len < struct_size(ev, handles, ev->num_hndl)) {
3606
3852
 		BT_DBG("%s bad parameters", hdev->name);
3607
3853
 		return;
3608
3854
 	}
..
..
@@ -4058,6 +4304,19 @@
4058
4304
 	struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4059
4305
 	struct hci_conn *conn;
4060
4306
 
4307
+	switch (ev->link_type) {
4308
+	case SCO_LINK:
4309
+	case ESCO_LINK:
4310
+		break;
4311
+	default:
4312
+		/* As per Core 5.3 Vol 4 Part E 7.7.35 (p.2219), Link_Type
4313
+		 * for HCI_Synchronous_Connection_Complete is limited to
4314
+		 * either SCO or eSCO
4315
+		 */
4316
+		bt_dev_err(hdev, "Ignoring connect complete event for invalid link type");
4317
+		return;
4318
+	}
4319
+
4061
4320
 	BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4062
4321
 
4063
4322
 	hci_dev_lock(hdev);
..
..
@@ -4120,10 +4379,23 @@
4120
4379
 			if (hci_setup_sync(conn, conn->link->handle))
4121
4380
 				goto unlock;
4122
4381
 		}
4123
-		/* fall through */
4382
+		fallthrough;
4124
4383
 
4125
4384
 	default:
4126
4385
 		conn->state = BT_CLOSED;
4386
+		break;
4387
+	}
4388
+
4389
+	bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
4390
+
4391
+	switch (ev->air_mode) {
4392
+	case 0x02:
4393
+		if (hdev->notify)
4394
+			hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
4395
+		break;
4396
+	case 0x03:
4397
+		if (hdev->notify)
4398
+			hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP);
4127
4399
 		break;
4128
4400
 	}
4129
4401
 
..
..
@@ -4449,6 +4721,16 @@
4449
4721
 		    conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4450
4722
 		    (loc_mitm || rem_mitm)) {
4451
4723
 			BT_DBG("Confirming auto-accept as acceptor");
4724
+			confirm_hint = 1;
4725
+			goto confirm;
4726
+		}
4727
+
4728
+		/* If there already exists link key in local host, leave the
4729
+		 * decision to user space since the remote device could be
4730
+		 * legitimate or malicious.
4731
+		 */
4732
+		if (hci_find_link_key(hdev, &ev->bdaddr)) {
4733
+			bt_dev_dbg(hdev, "Local host already has link key");
4452
4734
 			confirm_hint = 1;
4453
4735
 			goto confirm;
4454
4736
 		}
..
..
@@ -4792,8 +5074,9 @@
4792
5074
 	hci_dev_lock(hdev);
4793
5075
 
4794
5076
 	hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4795
-	if (hcon) {
5077
+	if (hcon && hcon->type == AMP_LINK) {
4796
5078
 		hcon->state = BT_CLOSED;
5079
+		hci_disconn_cfm(hcon, ev->reason);
4797
5080
 		hci_conn_del(hcon);
4798
5081
 	}
4799
5082
 
..
..
@@ -4883,7 +5166,7 @@
4883
5166
 		conn->dst_type = bdaddr_type;
4884
5167
 
4885
5168
 		/* If we didn't have a hci_conn object previously
4886
-		 * but we're in master role this must be something
5169
+		 * but we're in central role this must be something
4887
5170
 		 * initiated using a white list. Since white list based
4888
5171
 		 * connections are not "first class citizens" we don't
4889
5172
 		 * have full tracking of them. Therefore, we go ahead
..
..
@@ -4953,31 +5236,27 @@
4953
5236
 	hci_debugfs_create_conn(conn);
4954
5237
 	hci_conn_add_sysfs(conn);
4955
5238
 
4956
-	if (!status) {
4957
-		/* The remote features procedure is defined for master
4958
-		 * role only. So only in case of an initiated connection
4959
-		 * request the remote features.
4960
-		 *
4961
-		 * If the local controller supports slave-initiated features
4962
-		 * exchange, then requesting the remote features in slave
4963
-		 * role is possible. Otherwise just transition into the
4964
-		 * connected state without requesting the remote features.
4965
-		 */
4966
-		if (conn->out ||
4967
-		    (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
4968
-			struct hci_cp_le_read_remote_features cp;
5239
+	/* The remote features procedure is defined for master
5240
+	 * role only. So only in case of an initiated connection
5241
+	 * request the remote features.
5242
+	 *
5243
+	 * If the local controller supports slave-initiated features
5244
+	 * exchange, then requesting the remote features in slave
5245
+	 * role is possible. Otherwise just transition into the
5246
+	 * connected state without requesting the remote features.
5247
+	 */
5248
+	if (conn->out ||
5249
+	    (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
5250
+		struct hci_cp_le_read_remote_features cp;
4969
5251
 
4970
-			cp.handle = __cpu_to_le16(conn->handle);
5252
+		cp.handle = __cpu_to_le16(conn->handle);
4971
5253
 
4972
-			hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
4973
-				     sizeof(cp), &cp);
5254
+		hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
5255
+			     sizeof(cp), &cp);
4974
5256
 
4975
-			hci_conn_hold(conn);
4976
-		} else {
4977
-			conn->state = BT_CONNECTED;
4978
-			hci_connect_cfm(conn, status);
4979
-		}
5257
+		hci_conn_hold(conn);
4980
5258
 	} else {
5259
+		conn->state = BT_CONNECTED;
4981
5260
 		hci_connect_cfm(conn, status);
4982
5261
 	}
4983
5262
 
..
..
@@ -5022,6 +5301,11 @@
5022
5301
 			     le16_to_cpu(ev->interval),
5023
5302
 			     le16_to_cpu(ev->latency),
5024
5303
 			     le16_to_cpu(ev->supervision_timeout));
5304
+
5305
+	if (use_ll_privacy(hdev) &&
5306
+	    hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
5307
+	    hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
5308
+		hci_req_disable_address_resolution(hdev);
5025
5309
 }
5026
5310
 
5027
5311
 static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
..
..
@@ -5107,7 +5391,9 @@
5107
5391
 	/* Most controller will fail if we try to create new connections
5108
5392
 	 * while we have an existing one in slave role.
5109
5393
 	 */
5110
-	if (hdev->conn_hash.le_num_slave > 0)
5394
+	if (hdev->conn_hash.le_num_slave > 0 &&
5395
+	    (!test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) ||
5396
+	     !(hdev->le_states[3] & 0x10)))
5111
5397
 		return NULL;
5112
5398
 
5113
5399
 	/* If we're not connectable only connect devices that we have in
..
..
@@ -5131,7 +5417,7 @@
5131
5417
 		case HCI_AUTO_CONN_ALWAYS:
5132
5418
 			/* Devices advertising with ADV_IND or ADV_DIRECT_IND
5133
5419
 			 * are triggering a connection attempt. This means
5134
-			 * that incoming connectioms from slave device are
5420
+			 * that incoming connections from slave device are
5135
5421
 			 * accepted and also outgoing connections to slave
5136
5422
 			 * devices are established when found.
5137
5423
 			 */
..
..
@@ -5142,7 +5428,7 @@
5142
5428
 	}
5143
5429
 
5144
5430
 	conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
5145
-			      HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER,
5431
+			      hdev->def_le_autoconnect_timeout, HCI_ROLE_MASTER,
5146
5432
 			      direct_rpa);
5147
5433
 	if (!IS_ERR(conn)) {
5148
5434
 		/* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
..
..
@@ -5186,7 +5472,7 @@
5186
5472
 	struct hci_conn *conn;
5187
5473
 	bool match;
5188
5474
 	u32 flags;
5189
-	u8 *ptr, real_len;
5475
+	u8 *ptr;
5190
5476
 
5191
5477
 	switch (type) {
5192
5478
 	case LE_ADV_IND:
..
..
@@ -5217,13 +5503,10 @@
5217
5503
 			break;
5218
5504
 	}
5219
5505
 
5220
-	real_len = ptr - data;
5221
-
5222
-	/* Adjust for actual length */
5223
-	if (len != real_len) {
5224
-		bt_dev_err_ratelimited(hdev, "advertising data len corrected");
5225
-		len = real_len;
5226
-	}
5506
+	/* Adjust for actual length. This handles the case when remote
5507
+	 * device is advertising with incorrect data length.
5508
+	 */
5509
+	len = ptr - data;
5227
5510
 
5228
5511
 	/* If the direct address is present, then this report is from
5229
5512
 	 * a LE Direct Advertising Report event. In that case it is
..
..
@@ -5275,14 +5558,15 @@
5275
5558
 
5276
5559
 	/* Passive scanning shouldn't trigger any device found events,
5277
5560
 	 * except for devices marked as CONN_REPORT for which we do send
5278
-	 * device found events.
5561
+	 * device found events, or advertisement monitoring requested.
5279
5562
 	 */
5280
5563
 	if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
5281
5564
 		if (type == LE_ADV_DIRECT_IND)
5282
5565
 			return;
5283
5566
 
5284
5567
 		if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
5285
-					       bdaddr, bdaddr_type))
5568
+					       bdaddr, bdaddr_type) &&
5569
+		    idr_is_empty(&hdev->adv_monitors_idr))
5286
5570
 			return;
5287
5571
 
5288
5572
 		if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
..
..
@@ -5412,7 +5696,7 @@
5412
5696
 	hci_dev_unlock(hdev);
5413
5697
 }
5414
5698
 
5415
-static u8 ext_evt_type_to_legacy(u16 evt_type)
5699
+static u8 ext_evt_type_to_legacy(struct hci_dev *hdev, u16 evt_type)
5416
5700
 {
5417
5701
 	if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5418
5702
 		switch (evt_type) {
..
..
@@ -5429,10 +5713,7 @@
5429
5713
 			return LE_ADV_SCAN_RSP;
5430
5714
 		}
5431
5715
 
5432
-		BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5433
-				   evt_type);
5434
-
5435
-		return LE_ADV_INVALID;
5716
+		goto invalid;
5436
5717
 	}
5437
5718
 
5438
5719
 	if (evt_type & LE_EXT_ADV_CONN_IND) {
..
..
@@ -5452,8 +5733,9 @@
5452
5733
 	    evt_type & LE_EXT_ADV_DIRECT_IND)
5453
5734
 		return LE_ADV_NONCONN_IND;
5454
5735
 
5455
-	BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5456
-				   evt_type);
5736
+invalid:
5737
+	bt_dev_err_ratelimited(hdev, "Unknown advertising packet type: 0x%02x",
5738
+			       evt_type);
5457
5739
 
5458
5740
 	return LE_ADV_INVALID;
5459
5741
 }
..
..
@@ -5471,7 +5753,7 @@
5471
5753
 		u16 evt_type;
5472
5754
 
5473
5755
 		evt_type = __le16_to_cpu(ev->evt_type);
5474
-		legacy_evt_type = ext_evt_type_to_legacy(evt_type);
5756
+		legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
5475
5757
 		if (legacy_evt_type != LE_ADV_INVALID) {
5476
5758
 			process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5477
5759
 					   ev->bdaddr_type, NULL, 0, ev->rssi,
..
..
@@ -5479,7 +5761,7 @@
5479
5761
 					   !(evt_type & LE_EXT_ADV_LEGACY_PDU));
5480
5762
 		}
5481
5763
 
5482
-		ptr += sizeof(*ev) + ev->length + 1;
5764
+		ptr += sizeof(*ev) + ev->length;
5483
5765
 	}
5484
5766
 
5485
5767
 	hci_dev_unlock(hdev);
..
..
@@ -5681,6 +5963,29 @@
5681
5963
 	hci_dev_unlock(hdev);
5682
5964
 }
5683
5965
 
5966
+static void hci_le_phy_update_evt(struct hci_dev *hdev, struct sk_buff *skb)
5967
+{
5968
+	struct hci_ev_le_phy_update_complete *ev = (void *) skb->data;
5969
+	struct hci_conn *conn;
5970
+
5971
+	BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5972
+
5973
+	if (ev->status)
5974
+		return;
5975
+
5976
+	hci_dev_lock(hdev);
5977
+
5978
+	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5979
+	if (!conn)
5980
+		goto unlock;
5981
+
5982
+	conn->le_tx_phy = ev->tx_phy;
5983
+	conn->le_rx_phy = ev->rx_phy;
5984
+
5985
+unlock:
5986
+	hci_dev_unlock(hdev);
5987
+}
5988
+
5684
5989
 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5685
5990
 {
5686
5991
 	struct hci_ev_le_meta *le_ev = (void *) skb->data;
..
..
@@ -5714,6 +6019,10 @@
5714
6019
 
5715
6020
 	case HCI_EV_LE_DIRECT_ADV_REPORT:
5716
6021
 		hci_le_direct_adv_report_evt(hdev, skb);
6022
+		break;
6023
+
6024
+	case HCI_EV_LE_PHY_UPDATE_COMPLETE:
6025
+		hci_le_phy_update_evt(hdev, skb);
5717
6026
 		break;
5718
6027
 
5719
6028
 	case HCI_EV_LE_EXT_ADV_REPORT:
..
..
@@ -5785,6 +6094,75 @@
5785
6094
 	return true;
5786
6095
 }
5787
6096
 
6097
+static void hci_store_wake_reason(struct hci_dev *hdev, u8 event,
6098
+				  struct sk_buff *skb)
6099
+{
6100
+	struct hci_ev_le_advertising_info *adv;
6101
+	struct hci_ev_le_direct_adv_info *direct_adv;
6102
+	struct hci_ev_le_ext_adv_report *ext_adv;
6103
+	const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
6104
+	const struct hci_ev_conn_request *conn_request = (void *)skb->data;
6105
+
6106
+	hci_dev_lock(hdev);
6107
+
6108
+	/* If we are currently suspended and this is the first BT event seen,
6109
+	 * save the wake reason associated with the event.
6110
+	 */
6111
+	if (!hdev->suspended || hdev->wake_reason)
6112
+		goto unlock;
6113
+
6114
+	/* Default to remote wake. Values for wake_reason are documented in the
6115
+	 * Bluez mgmt api docs.
6116
+	 */
6117
+	hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
6118
+
6119
+	/* Once configured for remote wakeup, we should only wake up for
6120
+	 * reconnections. It's useful to see which device is waking us up so
6121
+	 * keep track of the bdaddr of the connection event that woke us up.
6122
+	 */
6123
+	if (event == HCI_EV_CONN_REQUEST) {
6124
+		bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
6125
+		hdev->wake_addr_type = BDADDR_BREDR;
6126
+	} else if (event == HCI_EV_CONN_COMPLETE) {
6127
+		bacpy(&hdev->wake_addr, &conn_request->bdaddr);
6128
+		hdev->wake_addr_type = BDADDR_BREDR;
6129
+	} else if (event == HCI_EV_LE_META) {
6130
+		struct hci_ev_le_meta *le_ev = (void *)skb->data;
6131
+		u8 subevent = le_ev->subevent;
6132
+		u8 *ptr = &skb->data[sizeof(*le_ev)];
6133
+		u8 num_reports = *ptr;
6134
+
6135
+		if ((subevent == HCI_EV_LE_ADVERTISING_REPORT ||
6136
+		     subevent == HCI_EV_LE_DIRECT_ADV_REPORT ||
6137
+		     subevent == HCI_EV_LE_EXT_ADV_REPORT) &&
6138
+		    num_reports) {
6139
+			adv = (void *)(ptr + 1);
6140
+			direct_adv = (void *)(ptr + 1);
6141
+			ext_adv = (void *)(ptr + 1);
6142
+
6143
+			switch (subevent) {
6144
+			case HCI_EV_LE_ADVERTISING_REPORT:
6145
+				bacpy(&hdev->wake_addr, &adv->bdaddr);
6146
+				hdev->wake_addr_type = adv->bdaddr_type;
6147
+				break;
6148
+			case HCI_EV_LE_DIRECT_ADV_REPORT:
6149
+				bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
6150
+				hdev->wake_addr_type = direct_adv->bdaddr_type;
6151
+				break;
6152
+			case HCI_EV_LE_EXT_ADV_REPORT:
6153
+				bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
6154
+				hdev->wake_addr_type = ext_adv->bdaddr_type;
6155
+				break;
6156
+			}
6157
+		}
6158
+	} else {
6159
+		hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
6160
+	}
6161
+
6162
+unlock:
6163
+	hci_dev_unlock(hdev);
6164
+}
6165
+
5788
6166
 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5789
6167
 {
5790
6168
 	struct hci_event_hdr *hdr = (void *) skb->data;
..
..
@@ -5817,6 +6195,9 @@
5817
6195
 		orig_skb = skb_clone(skb, GFP_KERNEL);
5818
6196
 
5819
6197
 	skb_pull(skb, HCI_EVENT_HDR_SIZE);
6198
+
6199
+	/* Store wake reason if we're suspended */
6200
+	hci_store_wake_reason(hdev, event, skb);
5820
6201
 
5821
6202
 	switch (event) {
5822
6203
 	case HCI_EV_INQUIRY_COMPLETE:
..
..
@@ -5995,6 +6376,10 @@
5995
6376
 		hci_num_comp_blocks_evt(hdev, skb);
5996
6377
 		break;
5997
6378
 
6379
+	case HCI_EV_VENDOR:
6380
+		msft_vendor_evt(hdev, skb);
6381
+		break;
6382
+
5998
6383
 	default:
5999
6384
 		BT_DBG("%s event 0x%2.2x", hdev->name, event);
6000
6385
 		break;