hci_event.c revision 2d0a03460a8a0c611843500735096ff799aa8510
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI event handling. */ 26 27#include <linux/module.h> 28 29#include <linux/types.h> 30#include <linux/errno.h> 31#include <linux/kernel.h> 32#include <linux/slab.h> 33#include <linux/poll.h> 34#include <linux/fcntl.h> 35#include <linux/init.h> 36#include <linux/skbuff.h> 37#include <linux/interrupt.h> 38#include <linux/notifier.h> 39#include <net/sock.h> 40 41#include <asm/system.h> 42#include <asm/uaccess.h> 43#include <asm/unaligned.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47 48/* Handle HCI Event packets */ 49 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 51{ 52 __u8 status = *((__u8 *) skb->data); 53 54 BT_DBG("%s status 0x%x", hdev->name, status); 55 56 if (status) 57 return; 58 59 clear_bit(HCI_INQUIRY, &hdev->flags); 60 61 hci_req_complete(hdev, status); 62 63 hci_conn_check_pending(hdev); 64} 65 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 67{ 68 __u8 status = *((__u8 *) skb->data); 69 70 BT_DBG("%s status 0x%x", hdev->name, status); 71 72 if (status) 73 return; 74 75 clear_bit(HCI_INQUIRY, &hdev->flags); 76 77 hci_conn_check_pending(hdev); 78} 79 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 81{ 82 BT_DBG("%s", hdev->name); 83} 84 85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 86{ 87 struct hci_rp_role_discovery *rp = (void *) skb->data; 88 struct hci_conn *conn; 89 90 BT_DBG("%s status 0x%x", hdev->name, rp->status); 91 92 if (rp->status) 93 return; 94 95 hci_dev_lock(hdev); 96 97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 98 if (conn) { 99 if (rp->role) 100 conn->link_mode &= ~HCI_LM_MASTER; 101 else 102 conn->link_mode |= HCI_LM_MASTER; 103 } 104 105 hci_dev_unlock(hdev); 106} 107 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 109{ 110 struct hci_rp_read_link_policy *rp = (void *) skb->data; 111 struct hci_conn *conn; 112 113 BT_DBG("%s status 0x%x", hdev->name, rp->status); 114 115 if (rp->status) 116 return; 117 118 hci_dev_lock(hdev); 119 120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 121 if (conn) 122 conn->link_policy = __le16_to_cpu(rp->policy); 123 124 hci_dev_unlock(hdev); 125} 126 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 128{ 129 struct hci_rp_write_link_policy *rp = (void *) skb->data; 130 struct hci_conn *conn; 131 void *sent; 132 133 BT_DBG("%s status 0x%x", hdev->name, rp->status); 134 135 if (rp->status) 136 return; 137 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 139 if (!sent) 140 return; 141 142 hci_dev_lock(hdev); 143 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 145 if (conn) 146 conn->link_policy = get_unaligned_le16(sent + 2); 147 148 hci_dev_unlock(hdev); 149} 150 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 152{ 153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 154 155 BT_DBG("%s status 0x%x", hdev->name, rp->status); 156 157 if (rp->status) 158 return; 159 160 hdev->link_policy = __le16_to_cpu(rp->policy); 161} 162 163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 164{ 165 __u8 status = *((__u8 *) skb->data); 166 void *sent; 167 168 BT_DBG("%s status 0x%x", hdev->name, status); 169 170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 171 if (!sent) 172 return; 173 174 if (!status) 175 hdev->link_policy = get_unaligned_le16(sent); 176 177 hci_req_complete(hdev, status); 178} 179 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 181{ 182 __u8 status = *((__u8 *) skb->data); 183 184 BT_DBG("%s status 0x%x", hdev->name, status); 185 186 hci_req_complete(hdev, status); 187} 188 189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 190{ 191 __u8 status = *((__u8 *) skb->data); 192 void *sent; 193 194 BT_DBG("%s status 0x%x", hdev->name, status); 195 196 if (status) 197 return; 198 199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 200 if (!sent) 201 return; 202 203 memcpy(hdev->dev_name, sent, 248); 204} 205 206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 207{ 208 struct hci_rp_read_local_name *rp = (void *) skb->data; 209 210 BT_DBG("%s status 0x%x", hdev->name, rp->status); 211 212 if (rp->status) 213 return; 214 215 memcpy(hdev->dev_name, rp->name, 248); 216} 217 218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 219{ 220 __u8 status = *((__u8 *) skb->data); 221 void *sent; 222 223 BT_DBG("%s status 0x%x", hdev->name, status); 224 225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 226 if (!sent) 227 return; 228 229 if (!status) { 230 __u8 param = *((__u8 *) sent); 231 232 if (param == AUTH_ENABLED) 233 set_bit(HCI_AUTH, &hdev->flags); 234 else 235 clear_bit(HCI_AUTH, &hdev->flags); 236 } 237 238 hci_req_complete(hdev, status); 239} 240 241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 242{ 243 __u8 status = *((__u8 *) skb->data); 244 void *sent; 245 246 BT_DBG("%s status 0x%x", hdev->name, status); 247 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 249 if (!sent) 250 return; 251 252 if (!status) { 253 __u8 param = *((__u8 *) sent); 254 255 if (param) 256 set_bit(HCI_ENCRYPT, &hdev->flags); 257 else 258 clear_bit(HCI_ENCRYPT, &hdev->flags); 259 } 260 261 hci_req_complete(hdev, status); 262} 263 264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 265{ 266 __u8 status = *((__u8 *) skb->data); 267 void *sent; 268 269 BT_DBG("%s status 0x%x", hdev->name, status); 270 271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 272 if (!sent) 273 return; 274 275 if (!status) { 276 __u8 param = *((__u8 *) sent); 277 278 clear_bit(HCI_PSCAN, &hdev->flags); 279 clear_bit(HCI_ISCAN, &hdev->flags); 280 281 if (param & SCAN_INQUIRY) 282 set_bit(HCI_ISCAN, &hdev->flags); 283 284 if (param & SCAN_PAGE) 285 set_bit(HCI_PSCAN, &hdev->flags); 286 } 287 288 hci_req_complete(hdev, status); 289} 290 291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 292{ 293 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 294 295 BT_DBG("%s status 0x%x", hdev->name, rp->status); 296 297 if (rp->status) 298 return; 299 300 memcpy(hdev->dev_class, rp->dev_class, 3); 301 302 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 303 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 304} 305 306static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 307{ 308 __u8 status = *((__u8 *) skb->data); 309 void *sent; 310 311 BT_DBG("%s status 0x%x", hdev->name, status); 312 313 if (status) 314 return; 315 316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 317 if (!sent) 318 return; 319 320 memcpy(hdev->dev_class, sent, 3); 321} 322 323static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 324{ 325 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 326 __u16 setting; 327 328 BT_DBG("%s status 0x%x", hdev->name, rp->status); 329 330 if (rp->status) 331 return; 332 333 setting = __le16_to_cpu(rp->voice_setting); 334 335 if (hdev->voice_setting == setting) 336 return; 337 338 hdev->voice_setting = setting; 339 340 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 341 342 if (hdev->notify) { 343 tasklet_disable(&hdev->tx_task); 344 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 345 tasklet_enable(&hdev->tx_task); 346 } 347} 348 349static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 350{ 351 __u8 status = *((__u8 *) skb->data); 352 __u16 setting; 353 void *sent; 354 355 BT_DBG("%s status 0x%x", hdev->name, status); 356 357 if (status) 358 return; 359 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 361 if (!sent) 362 return; 363 364 setting = get_unaligned_le16(sent); 365 366 if (hdev->voice_setting == setting) 367 return; 368 369 hdev->voice_setting = setting; 370 371 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 372 373 if (hdev->notify) { 374 tasklet_disable(&hdev->tx_task); 375 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 376 tasklet_enable(&hdev->tx_task); 377 } 378} 379 380static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 381{ 382 __u8 status = *((__u8 *) skb->data); 383 384 BT_DBG("%s status 0x%x", hdev->name, status); 385 386 hci_req_complete(hdev, status); 387} 388 389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 390{ 391 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 392 393 BT_DBG("%s status 0x%x", hdev->name, rp->status); 394 395 if (rp->status) 396 return; 397 398 hdev->ssp_mode = rp->mode; 399} 400 401static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 402{ 403 __u8 status = *((__u8 *) skb->data); 404 void *sent; 405 406 BT_DBG("%s status 0x%x", hdev->name, status); 407 408 if (status) 409 return; 410 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 412 if (!sent) 413 return; 414 415 hdev->ssp_mode = *((__u8 *) sent); 416} 417 418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 419{ 420 struct hci_rp_read_local_version *rp = (void *) skb->data; 421 422 BT_DBG("%s status 0x%x", hdev->name, rp->status); 423 424 if (rp->status) 425 return; 426 427 hdev->hci_ver = rp->hci_ver; 428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 430 431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 432 hdev->manufacturer, 433 hdev->hci_ver, hdev->hci_rev); 434} 435 436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 437{ 438 struct hci_rp_read_local_commands *rp = (void *) skb->data; 439 440 BT_DBG("%s status 0x%x", hdev->name, rp->status); 441 442 if (rp->status) 443 return; 444 445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 446} 447 448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 449{ 450 struct hci_rp_read_local_features *rp = (void *) skb->data; 451 452 BT_DBG("%s status 0x%x", hdev->name, rp->status); 453 454 if (rp->status) 455 return; 456 457 memcpy(hdev->features, rp->features, 8); 458 459 /* Adjust default settings according to features 460 * supported by device. */ 461 462 if (hdev->features[0] & LMP_3SLOT) 463 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 464 465 if (hdev->features[0] & LMP_5SLOT) 466 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 467 468 if (hdev->features[1] & LMP_HV2) { 469 hdev->pkt_type |= (HCI_HV2); 470 hdev->esco_type |= (ESCO_HV2); 471 } 472 473 if (hdev->features[1] & LMP_HV3) { 474 hdev->pkt_type |= (HCI_HV3); 475 hdev->esco_type |= (ESCO_HV3); 476 } 477 478 if (hdev->features[3] & LMP_ESCO) 479 hdev->esco_type |= (ESCO_EV3); 480 481 if (hdev->features[4] & LMP_EV4) 482 hdev->esco_type |= (ESCO_EV4); 483 484 if (hdev->features[4] & LMP_EV5) 485 hdev->esco_type |= (ESCO_EV5); 486 487 if (hdev->features[5] & LMP_EDR_ESCO_2M) 488 hdev->esco_type |= (ESCO_2EV3); 489 490 if (hdev->features[5] & LMP_EDR_ESCO_3M) 491 hdev->esco_type |= (ESCO_3EV3); 492 493 if (hdev->features[5] & LMP_EDR_3S_ESCO) 494 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 495 496 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 497 hdev->features[0], hdev->features[1], 498 hdev->features[2], hdev->features[3], 499 hdev->features[4], hdev->features[5], 500 hdev->features[6], hdev->features[7]); 501} 502 503static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 504{ 505 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 506 507 BT_DBG("%s status 0x%x", hdev->name, rp->status); 508 509 if (rp->status) 510 return; 511 512 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 513 hdev->sco_mtu = rp->sco_mtu; 514 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 515 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 516 517 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 518 hdev->sco_mtu = 64; 519 hdev->sco_pkts = 8; 520 } 521 522 hdev->acl_cnt = hdev->acl_pkts; 523 hdev->sco_cnt = hdev->sco_pkts; 524 525 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 526 hdev->acl_mtu, hdev->acl_pkts, 527 hdev->sco_mtu, hdev->sco_pkts); 528} 529 530static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 531{ 532 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 533 534 BT_DBG("%s status 0x%x", hdev->name, rp->status); 535 536 if (!rp->status) 537 bacpy(&hdev->bdaddr, &rp->bdaddr); 538 539 hci_req_complete(hdev, rp->status); 540} 541 542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 543{ 544 BT_DBG("%s status 0x%x", hdev->name, status); 545 546 if (status) { 547 hci_req_complete(hdev, status); 548 549 hci_conn_check_pending(hdev); 550 } else 551 set_bit(HCI_INQUIRY, &hdev->flags); 552} 553 554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 555{ 556 struct hci_cp_create_conn *cp; 557 struct hci_conn *conn; 558 559 BT_DBG("%s status 0x%x", hdev->name, status); 560 561 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 562 if (!cp) 563 return; 564 565 hci_dev_lock(hdev); 566 567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 568 569 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 570 571 if (status) { 572 if (conn && conn->state == BT_CONNECT) { 573 if (status != 0x0c || conn->attempt > 2) { 574 conn->state = BT_CLOSED; 575 hci_proto_connect_cfm(conn, status); 576 hci_conn_del(conn); 577 } else 578 conn->state = BT_CONNECT2; 579 } 580 } else { 581 if (!conn) { 582 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 583 if (conn) { 584 conn->out = 1; 585 conn->link_mode |= HCI_LM_MASTER; 586 } else 587 BT_ERR("No memmory for new connection"); 588 } 589 } 590 591 hci_dev_unlock(hdev); 592} 593 594static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 595{ 596 struct hci_cp_add_sco *cp; 597 struct hci_conn *acl, *sco; 598 __u16 handle; 599 600 BT_DBG("%s status 0x%x", hdev->name, status); 601 602 if (!status) 603 return; 604 605 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 606 if (!cp) 607 return; 608 609 handle = __le16_to_cpu(cp->handle); 610 611 BT_DBG("%s handle %d", hdev->name, handle); 612 613 hci_dev_lock(hdev); 614 615 acl = hci_conn_hash_lookup_handle(hdev, handle); 616 if (acl && (sco = acl->link)) { 617 sco->state = BT_CLOSED; 618 619 hci_proto_connect_cfm(sco, status); 620 hci_conn_del(sco); 621 } 622 623 hci_dev_unlock(hdev); 624} 625 626static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 627{ 628 struct hci_cp_auth_requested *cp; 629 struct hci_conn *conn; 630 631 BT_DBG("%s status 0x%x", hdev->name, status); 632 633 if (!status) 634 return; 635 636 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 637 if (!cp) 638 return; 639 640 hci_dev_lock(hdev); 641 642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 643 if (conn) { 644 if (conn->state == BT_CONFIG) { 645 hci_proto_connect_cfm(conn, status); 646 hci_conn_put(conn); 647 } 648 } 649 650 hci_dev_unlock(hdev); 651} 652 653static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 654{ 655 struct hci_cp_set_conn_encrypt *cp; 656 struct hci_conn *conn; 657 658 BT_DBG("%s status 0x%x", hdev->name, status); 659 660 if (!status) 661 return; 662 663 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 664 if (!cp) 665 return; 666 667 hci_dev_lock(hdev); 668 669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 670 if (conn) { 671 if (conn->state == BT_CONFIG) { 672 hci_proto_connect_cfm(conn, status); 673 hci_conn_put(conn); 674 } 675 } 676 677 hci_dev_unlock(hdev); 678} 679 680static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 681{ 682 BT_DBG("%s status 0x%x", hdev->name, status); 683} 684 685static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 686{ 687 struct hci_cp_read_remote_features *cp; 688 struct hci_conn *conn; 689 690 BT_DBG("%s status 0x%x", hdev->name, status); 691 692 if (!status) 693 return; 694 695 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 696 if (!cp) 697 return; 698 699 hci_dev_lock(hdev); 700 701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 702 if (conn) { 703 if (conn->state == BT_CONFIG) { 704 hci_proto_connect_cfm(conn, status); 705 hci_conn_put(conn); 706 } 707 } 708 709 hci_dev_unlock(hdev); 710} 711 712static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 713{ 714 struct hci_cp_read_remote_ext_features *cp; 715 struct hci_conn *conn; 716 717 BT_DBG("%s status 0x%x", hdev->name, status); 718 719 if (!status) 720 return; 721 722 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 723 if (!cp) 724 return; 725 726 hci_dev_lock(hdev); 727 728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 729 if (conn) { 730 if (conn->state == BT_CONFIG) { 731 hci_proto_connect_cfm(conn, status); 732 hci_conn_put(conn); 733 } 734 } 735 736 hci_dev_unlock(hdev); 737} 738 739static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 740{ 741 struct hci_cp_setup_sync_conn *cp; 742 struct hci_conn *acl, *sco; 743 __u16 handle; 744 745 BT_DBG("%s status 0x%x", hdev->name, status); 746 747 if (!status) 748 return; 749 750 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 751 if (!cp) 752 return; 753 754 handle = __le16_to_cpu(cp->handle); 755 756 BT_DBG("%s handle %d", hdev->name, handle); 757 758 hci_dev_lock(hdev); 759 760 acl = hci_conn_hash_lookup_handle(hdev, handle); 761 if (acl && (sco = acl->link)) { 762 sco->state = BT_CLOSED; 763 764 hci_proto_connect_cfm(sco, status); 765 hci_conn_del(sco); 766 } 767 768 hci_dev_unlock(hdev); 769} 770 771static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 772{ 773 struct hci_cp_sniff_mode *cp; 774 struct hci_conn *conn; 775 776 BT_DBG("%s status 0x%x", hdev->name, status); 777 778 if (!status) 779 return; 780 781 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 782 if (!cp) 783 return; 784 785 hci_dev_lock(hdev); 786 787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 788 if (conn) 789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 790 791 hci_dev_unlock(hdev); 792} 793 794static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 795{ 796 struct hci_cp_exit_sniff_mode *cp; 797 struct hci_conn *conn; 798 799 BT_DBG("%s status 0x%x", hdev->name, status); 800 801 if (!status) 802 return; 803 804 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 805 if (!cp) 806 return; 807 808 hci_dev_lock(hdev); 809 810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 811 if (conn) 812 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 813 814 hci_dev_unlock(hdev); 815} 816 817static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 818{ 819 __u8 status = *((__u8 *) skb->data); 820 821 BT_DBG("%s status %d", hdev->name, status); 822 823 clear_bit(HCI_INQUIRY, &hdev->flags); 824 825 hci_req_complete(hdev, status); 826 827 hci_conn_check_pending(hdev); 828} 829 830static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 831{ 832 struct inquiry_data data; 833 struct inquiry_info *info = (void *) (skb->data + 1); 834 int num_rsp = *((__u8 *) skb->data); 835 836 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 837 838 if (!num_rsp) 839 return; 840 841 hci_dev_lock(hdev); 842 843 for (; num_rsp; num_rsp--) { 844 bacpy(&data.bdaddr, &info->bdaddr); 845 data.pscan_rep_mode = info->pscan_rep_mode; 846 data.pscan_period_mode = info->pscan_period_mode; 847 data.pscan_mode = info->pscan_mode; 848 memcpy(data.dev_class, info->dev_class, 3); 849 data.clock_offset = info->clock_offset; 850 data.rssi = 0x00; 851 data.ssp_mode = 0x00; 852 info++; 853 hci_inquiry_cache_update(hdev, &data); 854 } 855 856 hci_dev_unlock(hdev); 857} 858 859static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 860{ 861 struct hci_ev_conn_complete *ev = (void *) skb->data; 862 struct hci_conn *conn; 863 864 BT_DBG("%s", hdev->name); 865 866 hci_dev_lock(hdev); 867 868 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 869 if (!conn) { 870 if (ev->link_type != SCO_LINK) 871 goto unlock; 872 873 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 874 if (!conn) 875 goto unlock; 876 877 conn->type = SCO_LINK; 878 } 879 880 if (!ev->status) { 881 conn->handle = __le16_to_cpu(ev->handle); 882 883 if (conn->type == ACL_LINK) { 884 conn->state = BT_CONFIG; 885 hci_conn_hold(conn); 886 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 887 } else 888 conn->state = BT_CONNECTED; 889 890 hci_conn_hold_device(conn); 891 hci_conn_add_sysfs(conn); 892 893 if (test_bit(HCI_AUTH, &hdev->flags)) 894 conn->link_mode |= HCI_LM_AUTH; 895 896 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 897 conn->link_mode |= HCI_LM_ENCRYPT; 898 899 /* Get remote features */ 900 if (conn->type == ACL_LINK) { 901 struct hci_cp_read_remote_features cp; 902 cp.handle = ev->handle; 903 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 904 sizeof(cp), &cp); 905 } 906 907 /* Set packet type for incoming connection */ 908 if (!conn->out && hdev->hci_ver < 3) { 909 struct hci_cp_change_conn_ptype cp; 910 cp.handle = ev->handle; 911 cp.pkt_type = cpu_to_le16(conn->pkt_type); 912 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 913 sizeof(cp), &cp); 914 } 915 } else 916 conn->state = BT_CLOSED; 917 918 if (conn->type == ACL_LINK) { 919 struct hci_conn *sco = conn->link; 920 if (sco) { 921 if (!ev->status) { 922 if (lmp_esco_capable(hdev)) 923 hci_setup_sync(sco, conn->handle); 924 else 925 hci_add_sco(sco, conn->handle); 926 } else { 927 hci_proto_connect_cfm(sco, ev->status); 928 hci_conn_del(sco); 929 } 930 } 931 } 932 933 if (ev->status) { 934 hci_proto_connect_cfm(conn, ev->status); 935 hci_conn_del(conn); 936 } else if (ev->link_type != ACL_LINK) 937 hci_proto_connect_cfm(conn, ev->status); 938 939unlock: 940 hci_dev_unlock(hdev); 941 942 hci_conn_check_pending(hdev); 943} 944 945static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 946{ 947 struct hci_ev_conn_request *ev = (void *) skb->data; 948 int mask = hdev->link_mode; 949 950 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 951 batostr(&ev->bdaddr), ev->link_type); 952 953 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 954 955 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 956 /* Connection accepted */ 957 struct inquiry_entry *ie; 958 struct hci_conn *conn; 959 960 hci_dev_lock(hdev); 961 962 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 963 memcpy(ie->data.dev_class, ev->dev_class, 3); 964 965 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 966 if (!conn) { 967 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 968 BT_ERR("No memmory for new connection"); 969 hci_dev_unlock(hdev); 970 return; 971 } 972 } 973 974 memcpy(conn->dev_class, ev->dev_class, 3); 975 conn->state = BT_CONNECT; 976 977 hci_dev_unlock(hdev); 978 979 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 980 struct hci_cp_accept_conn_req cp; 981 982 bacpy(&cp.bdaddr, &ev->bdaddr); 983 984 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 985 cp.role = 0x00; /* Become master */ 986 else 987 cp.role = 0x01; /* Remain slave */ 988 989 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 990 sizeof(cp), &cp); 991 } else { 992 struct hci_cp_accept_sync_conn_req cp; 993 994 bacpy(&cp.bdaddr, &ev->bdaddr); 995 cp.pkt_type = cpu_to_le16(conn->pkt_type); 996 997 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 998 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 999 cp.max_latency = cpu_to_le16(0xffff); 1000 cp.content_format = cpu_to_le16(hdev->voice_setting); 1001 cp.retrans_effort = 0xff; 1002 1003 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1004 sizeof(cp), &cp); 1005 } 1006 } else { 1007 /* Connection rejected */ 1008 struct hci_cp_reject_conn_req cp; 1009 1010 bacpy(&cp.bdaddr, &ev->bdaddr); 1011 cp.reason = 0x0f; 1012 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1013 } 1014} 1015 1016static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1017{ 1018 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1019 struct hci_conn *conn; 1020 1021 BT_DBG("%s status %d", hdev->name, ev->status); 1022 1023 if (ev->status) 1024 return; 1025 1026 hci_dev_lock(hdev); 1027 1028 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1029 if (conn) { 1030 conn->state = BT_CLOSED; 1031 1032 hci_proto_disconn_cfm(conn, ev->reason); 1033 hci_conn_del(conn); 1034 } 1035 1036 hci_dev_unlock(hdev); 1037} 1038 1039static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1040{ 1041 struct hci_ev_auth_complete *ev = (void *) skb->data; 1042 struct hci_conn *conn; 1043 1044 BT_DBG("%s status %d", hdev->name, ev->status); 1045 1046 hci_dev_lock(hdev); 1047 1048 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1049 if (conn) { 1050 if (!ev->status) 1051 conn->link_mode |= HCI_LM_AUTH; 1052 else 1053 conn->sec_level = BT_SECURITY_LOW; 1054 1055 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1056 1057 if (conn->state == BT_CONFIG) { 1058 if (!ev->status && hdev->ssp_mode > 0 && 1059 conn->ssp_mode > 0) { 1060 struct hci_cp_set_conn_encrypt cp; 1061 cp.handle = ev->handle; 1062 cp.encrypt = 0x01; 1063 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1064 sizeof(cp), &cp); 1065 } else { 1066 conn->state = BT_CONNECTED; 1067 hci_proto_connect_cfm(conn, ev->status); 1068 hci_conn_put(conn); 1069 } 1070 } else { 1071 hci_auth_cfm(conn, ev->status); 1072 1073 hci_conn_hold(conn); 1074 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1075 hci_conn_put(conn); 1076 } 1077 1078 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1079 if (!ev->status) { 1080 struct hci_cp_set_conn_encrypt cp; 1081 cp.handle = ev->handle; 1082 cp.encrypt = 0x01; 1083 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1084 sizeof(cp), &cp); 1085 } else { 1086 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1087 hci_encrypt_cfm(conn, ev->status, 0x00); 1088 } 1089 } 1090 } 1091 1092 hci_dev_unlock(hdev); 1093} 1094 1095static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1096{ 1097 BT_DBG("%s", hdev->name); 1098 1099 hci_conn_check_pending(hdev); 1100} 1101 1102static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1103{ 1104 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1105 struct hci_conn *conn; 1106 1107 BT_DBG("%s status %d", hdev->name, ev->status); 1108 1109 hci_dev_lock(hdev); 1110 1111 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1112 if (conn) { 1113 if (!ev->status) { 1114 if (ev->encrypt) { 1115 /* Encryption implies authentication */ 1116 conn->link_mode |= HCI_LM_AUTH; 1117 conn->link_mode |= HCI_LM_ENCRYPT; 1118 } else 1119 conn->link_mode &= ~HCI_LM_ENCRYPT; 1120 } 1121 1122 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1123 1124 if (conn->state == BT_CONFIG) { 1125 if (!ev->status) 1126 conn->state = BT_CONNECTED; 1127 1128 hci_proto_connect_cfm(conn, ev->status); 1129 hci_conn_put(conn); 1130 } else 1131 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1132 } 1133 1134 hci_dev_unlock(hdev); 1135} 1136 1137static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1138{ 1139 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1140 struct hci_conn *conn; 1141 1142 BT_DBG("%s status %d", hdev->name, ev->status); 1143 1144 hci_dev_lock(hdev); 1145 1146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1147 if (conn) { 1148 if (!ev->status) 1149 conn->link_mode |= HCI_LM_SECURE; 1150 1151 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1152 1153 hci_key_change_cfm(conn, ev->status); 1154 } 1155 1156 hci_dev_unlock(hdev); 1157} 1158 1159static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1160{ 1161 struct hci_ev_remote_features *ev = (void *) skb->data; 1162 struct hci_conn *conn; 1163 1164 BT_DBG("%s status %d", hdev->name, ev->status); 1165 1166 hci_dev_lock(hdev); 1167 1168 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1169 if (conn) { 1170 if (!ev->status) 1171 memcpy(conn->features, ev->features, 8); 1172 1173 if (conn->state == BT_CONFIG) { 1174 if (!ev->status && lmp_ssp_capable(hdev) && 1175 lmp_ssp_capable(conn)) { 1176 struct hci_cp_read_remote_ext_features cp; 1177 cp.handle = ev->handle; 1178 cp.page = 0x01; 1179 hci_send_cmd(hdev, 1180 HCI_OP_READ_REMOTE_EXT_FEATURES, 1181 sizeof(cp), &cp); 1182 } else { 1183 conn->state = BT_CONNECTED; 1184 hci_proto_connect_cfm(conn, ev->status); 1185 hci_conn_put(conn); 1186 } 1187 } 1188 } 1189 1190 hci_dev_unlock(hdev); 1191} 1192 1193static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1194{ 1195 BT_DBG("%s", hdev->name); 1196} 1197 1198static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1199{ 1200 BT_DBG("%s", hdev->name); 1201} 1202 1203static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1204{ 1205 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1206 __u16 opcode; 1207 1208 skb_pull(skb, sizeof(*ev)); 1209 1210 opcode = __le16_to_cpu(ev->opcode); 1211 1212 switch (opcode) { 1213 case HCI_OP_INQUIRY_CANCEL: 1214 hci_cc_inquiry_cancel(hdev, skb); 1215 break; 1216 1217 case HCI_OP_EXIT_PERIODIC_INQ: 1218 hci_cc_exit_periodic_inq(hdev, skb); 1219 break; 1220 1221 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1222 hci_cc_remote_name_req_cancel(hdev, skb); 1223 break; 1224 1225 case HCI_OP_ROLE_DISCOVERY: 1226 hci_cc_role_discovery(hdev, skb); 1227 break; 1228 1229 case HCI_OP_READ_LINK_POLICY: 1230 hci_cc_read_link_policy(hdev, skb); 1231 break; 1232 1233 case HCI_OP_WRITE_LINK_POLICY: 1234 hci_cc_write_link_policy(hdev, skb); 1235 break; 1236 1237 case HCI_OP_READ_DEF_LINK_POLICY: 1238 hci_cc_read_def_link_policy(hdev, skb); 1239 break; 1240 1241 case HCI_OP_WRITE_DEF_LINK_POLICY: 1242 hci_cc_write_def_link_policy(hdev, skb); 1243 break; 1244 1245 case HCI_OP_RESET: 1246 hci_cc_reset(hdev, skb); 1247 break; 1248 1249 case HCI_OP_WRITE_LOCAL_NAME: 1250 hci_cc_write_local_name(hdev, skb); 1251 break; 1252 1253 case HCI_OP_READ_LOCAL_NAME: 1254 hci_cc_read_local_name(hdev, skb); 1255 break; 1256 1257 case HCI_OP_WRITE_AUTH_ENABLE: 1258 hci_cc_write_auth_enable(hdev, skb); 1259 break; 1260 1261 case HCI_OP_WRITE_ENCRYPT_MODE: 1262 hci_cc_write_encrypt_mode(hdev, skb); 1263 break; 1264 1265 case HCI_OP_WRITE_SCAN_ENABLE: 1266 hci_cc_write_scan_enable(hdev, skb); 1267 break; 1268 1269 case HCI_OP_READ_CLASS_OF_DEV: 1270 hci_cc_read_class_of_dev(hdev, skb); 1271 break; 1272 1273 case HCI_OP_WRITE_CLASS_OF_DEV: 1274 hci_cc_write_class_of_dev(hdev, skb); 1275 break; 1276 1277 case HCI_OP_READ_VOICE_SETTING: 1278 hci_cc_read_voice_setting(hdev, skb); 1279 break; 1280 1281 case HCI_OP_WRITE_VOICE_SETTING: 1282 hci_cc_write_voice_setting(hdev, skb); 1283 break; 1284 1285 case HCI_OP_HOST_BUFFER_SIZE: 1286 hci_cc_host_buffer_size(hdev, skb); 1287 break; 1288 1289 case HCI_OP_READ_SSP_MODE: 1290 hci_cc_read_ssp_mode(hdev, skb); 1291 break; 1292 1293 case HCI_OP_WRITE_SSP_MODE: 1294 hci_cc_write_ssp_mode(hdev, skb); 1295 break; 1296 1297 case HCI_OP_READ_LOCAL_VERSION: 1298 hci_cc_read_local_version(hdev, skb); 1299 break; 1300 1301 case HCI_OP_READ_LOCAL_COMMANDS: 1302 hci_cc_read_local_commands(hdev, skb); 1303 break; 1304 1305 case HCI_OP_READ_LOCAL_FEATURES: 1306 hci_cc_read_local_features(hdev, skb); 1307 break; 1308 1309 case HCI_OP_READ_BUFFER_SIZE: 1310 hci_cc_read_buffer_size(hdev, skb); 1311 break; 1312 1313 case HCI_OP_READ_BD_ADDR: 1314 hci_cc_read_bd_addr(hdev, skb); 1315 break; 1316 1317 default: 1318 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1319 break; 1320 } 1321 1322 if (ev->ncmd) { 1323 atomic_set(&hdev->cmd_cnt, 1); 1324 if (!skb_queue_empty(&hdev->cmd_q)) 1325 tasklet_schedule(&hdev->cmd_task); 1326 } 1327} 1328 1329static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1330{ 1331 struct hci_ev_cmd_status *ev = (void *) skb->data; 1332 __u16 opcode; 1333 1334 skb_pull(skb, sizeof(*ev)); 1335 1336 opcode = __le16_to_cpu(ev->opcode); 1337 1338 switch (opcode) { 1339 case HCI_OP_INQUIRY: 1340 hci_cs_inquiry(hdev, ev->status); 1341 break; 1342 1343 case HCI_OP_CREATE_CONN: 1344 hci_cs_create_conn(hdev, ev->status); 1345 break; 1346 1347 case HCI_OP_ADD_SCO: 1348 hci_cs_add_sco(hdev, ev->status); 1349 break; 1350 1351 case HCI_OP_AUTH_REQUESTED: 1352 hci_cs_auth_requested(hdev, ev->status); 1353 break; 1354 1355 case HCI_OP_SET_CONN_ENCRYPT: 1356 hci_cs_set_conn_encrypt(hdev, ev->status); 1357 break; 1358 1359 case HCI_OP_REMOTE_NAME_REQ: 1360 hci_cs_remote_name_req(hdev, ev->status); 1361 break; 1362 1363 case HCI_OP_READ_REMOTE_FEATURES: 1364 hci_cs_read_remote_features(hdev, ev->status); 1365 break; 1366 1367 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1368 hci_cs_read_remote_ext_features(hdev, ev->status); 1369 break; 1370 1371 case HCI_OP_SETUP_SYNC_CONN: 1372 hci_cs_setup_sync_conn(hdev, ev->status); 1373 break; 1374 1375 case HCI_OP_SNIFF_MODE: 1376 hci_cs_sniff_mode(hdev, ev->status); 1377 break; 1378 1379 case HCI_OP_EXIT_SNIFF_MODE: 1380 hci_cs_exit_sniff_mode(hdev, ev->status); 1381 break; 1382 1383 default: 1384 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1385 break; 1386 } 1387 1388 if (ev->ncmd) { 1389 atomic_set(&hdev->cmd_cnt, 1); 1390 if (!skb_queue_empty(&hdev->cmd_q)) 1391 tasklet_schedule(&hdev->cmd_task); 1392 } 1393} 1394 1395static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1396{ 1397 struct hci_ev_role_change *ev = (void *) skb->data; 1398 struct hci_conn *conn; 1399 1400 BT_DBG("%s status %d", hdev->name, ev->status); 1401 1402 hci_dev_lock(hdev); 1403 1404 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1405 if (conn) { 1406 if (!ev->status) { 1407 if (ev->role) 1408 conn->link_mode &= ~HCI_LM_MASTER; 1409 else 1410 conn->link_mode |= HCI_LM_MASTER; 1411 } 1412 1413 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1414 1415 hci_role_switch_cfm(conn, ev->status, ev->role); 1416 } 1417 1418 hci_dev_unlock(hdev); 1419} 1420 1421static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1422{ 1423 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1424 __le16 *ptr; 1425 int i; 1426 1427 skb_pull(skb, sizeof(*ev)); 1428 1429 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1430 1431 if (skb->len < ev->num_hndl * 4) { 1432 BT_DBG("%s bad parameters", hdev->name); 1433 return; 1434 } 1435 1436 tasklet_disable(&hdev->tx_task); 1437 1438 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1439 struct hci_conn *conn; 1440 __u16 handle, count; 1441 1442 handle = get_unaligned_le16(ptr++); 1443 count = get_unaligned_le16(ptr++); 1444 1445 conn = hci_conn_hash_lookup_handle(hdev, handle); 1446 if (conn) { 1447 conn->sent -= count; 1448 1449 if (conn->type == ACL_LINK) { 1450 if ((hdev->acl_cnt += count) > hdev->acl_pkts) 1451 hdev->acl_cnt = hdev->acl_pkts; 1452 } else { 1453 if ((hdev->sco_cnt += count) > hdev->sco_pkts) 1454 hdev->sco_cnt = hdev->sco_pkts; 1455 } 1456 } 1457 } 1458 1459 tasklet_schedule(&hdev->tx_task); 1460 1461 tasklet_enable(&hdev->tx_task); 1462} 1463 1464static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1465{ 1466 struct hci_ev_mode_change *ev = (void *) skb->data; 1467 struct hci_conn *conn; 1468 1469 BT_DBG("%s status %d", hdev->name, ev->status); 1470 1471 hci_dev_lock(hdev); 1472 1473 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1474 if (conn) { 1475 conn->mode = ev->mode; 1476 conn->interval = __le16_to_cpu(ev->interval); 1477 1478 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 1479 if (conn->mode == HCI_CM_ACTIVE) 1480 conn->power_save = 1; 1481 else 1482 conn->power_save = 0; 1483 } 1484 } 1485 1486 hci_dev_unlock(hdev); 1487} 1488 1489static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1490{ 1491 struct hci_ev_pin_code_req *ev = (void *) skb->data; 1492 struct hci_conn *conn; 1493 1494 BT_DBG("%s", hdev->name); 1495 1496 hci_dev_lock(hdev); 1497 1498 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1499 if (conn && conn->state == BT_CONNECTED) { 1500 hci_conn_hold(conn); 1501 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 1502 hci_conn_put(conn); 1503 } 1504 1505 hci_dev_unlock(hdev); 1506} 1507 1508static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1509{ 1510 BT_DBG("%s", hdev->name); 1511} 1512 1513static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 1514{ 1515 struct hci_ev_link_key_notify *ev = (void *) skb->data; 1516 struct hci_conn *conn; 1517 1518 BT_DBG("%s", hdev->name); 1519 1520 hci_dev_lock(hdev); 1521 1522 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1523 if (conn) { 1524 hci_conn_hold(conn); 1525 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1526 hci_conn_put(conn); 1527 } 1528 1529 hci_dev_unlock(hdev); 1530} 1531 1532static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 1533{ 1534 struct hci_ev_clock_offset *ev = (void *) skb->data; 1535 struct hci_conn *conn; 1536 1537 BT_DBG("%s status %d", hdev->name, ev->status); 1538 1539 hci_dev_lock(hdev); 1540 1541 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1542 if (conn && !ev->status) { 1543 struct inquiry_entry *ie; 1544 1545 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 1546 ie->data.clock_offset = ev->clock_offset; 1547 ie->timestamp = jiffies; 1548 } 1549 } 1550 1551 hci_dev_unlock(hdev); 1552} 1553 1554static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1555{ 1556 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 1557 struct hci_conn *conn; 1558 1559 BT_DBG("%s status %d", hdev->name, ev->status); 1560 1561 hci_dev_lock(hdev); 1562 1563 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1564 if (conn && !ev->status) 1565 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 1566 1567 hci_dev_unlock(hdev); 1568} 1569 1570static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1571{ 1572 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1573 struct inquiry_entry *ie; 1574 1575 BT_DBG("%s", hdev->name); 1576 1577 hci_dev_lock(hdev); 1578 1579 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) { 1580 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 1581 ie->timestamp = jiffies; 1582 } 1583 1584 hci_dev_unlock(hdev); 1585} 1586 1587static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 1588{ 1589 struct inquiry_data data; 1590 int num_rsp = *((__u8 *) skb->data); 1591 1592 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1593 1594 if (!num_rsp) 1595 return; 1596 1597 hci_dev_lock(hdev); 1598 1599 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 1600 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 1601 1602 for (; num_rsp; num_rsp--) { 1603 bacpy(&data.bdaddr, &info->bdaddr); 1604 data.pscan_rep_mode = info->pscan_rep_mode; 1605 data.pscan_period_mode = info->pscan_period_mode; 1606 data.pscan_mode = info->pscan_mode; 1607 memcpy(data.dev_class, info->dev_class, 3); 1608 data.clock_offset = info->clock_offset; 1609 data.rssi = info->rssi; 1610 data.ssp_mode = 0x00; 1611 info++; 1612 hci_inquiry_cache_update(hdev, &data); 1613 } 1614 } else { 1615 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 1616 1617 for (; num_rsp; num_rsp--) { 1618 bacpy(&data.bdaddr, &info->bdaddr); 1619 data.pscan_rep_mode = info->pscan_rep_mode; 1620 data.pscan_period_mode = info->pscan_period_mode; 1621 data.pscan_mode = 0x00; 1622 memcpy(data.dev_class, info->dev_class, 3); 1623 data.clock_offset = info->clock_offset; 1624 data.rssi = info->rssi; 1625 data.ssp_mode = 0x00; 1626 info++; 1627 hci_inquiry_cache_update(hdev, &data); 1628 } 1629 } 1630 1631 hci_dev_unlock(hdev); 1632} 1633 1634static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1635{ 1636 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 1637 struct hci_conn *conn; 1638 1639 BT_DBG("%s", hdev->name); 1640 1641 hci_dev_lock(hdev); 1642 1643 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1644 if (conn) { 1645 if (!ev->status && ev->page == 0x01) { 1646 struct inquiry_entry *ie; 1647 1648 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) 1649 ie->data.ssp_mode = (ev->features[0] & 0x01); 1650 1651 conn->ssp_mode = (ev->features[0] & 0x01); 1652 } 1653 1654 if (conn->state == BT_CONFIG) { 1655 if (!ev->status && hdev->ssp_mode > 0 && 1656 conn->ssp_mode > 0 && conn->out && 1657 conn->sec_level != BT_SECURITY_SDP) { 1658 struct hci_cp_auth_requested cp; 1659 cp.handle = ev->handle; 1660 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1661 sizeof(cp), &cp); 1662 } else { 1663 conn->state = BT_CONNECTED; 1664 hci_proto_connect_cfm(conn, ev->status); 1665 hci_conn_put(conn); 1666 } 1667 } 1668 } 1669 1670 hci_dev_unlock(hdev); 1671} 1672 1673static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1674{ 1675 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 1676 struct hci_conn *conn; 1677 1678 BT_DBG("%s status %d", hdev->name, ev->status); 1679 1680 hci_dev_lock(hdev); 1681 1682 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1683 if (!conn) { 1684 if (ev->link_type == ESCO_LINK) 1685 goto unlock; 1686 1687 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1688 if (!conn) 1689 goto unlock; 1690 1691 conn->type = SCO_LINK; 1692 } 1693 1694 switch (ev->status) { 1695 case 0x00: 1696 conn->handle = __le16_to_cpu(ev->handle); 1697 conn->state = BT_CONNECTED; 1698 1699 hci_conn_hold_device(conn); 1700 hci_conn_add_sysfs(conn); 1701 break; 1702 1703 case 0x11: /* Unsupported Feature or Parameter Value */ 1704 case 0x1c: /* SCO interval rejected */ 1705 case 0x1a: /* Unsupported Remote Feature */ 1706 case 0x1f: /* Unspecified error */ 1707 if (conn->out && conn->attempt < 2) { 1708 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1709 (hdev->esco_type & EDR_ESCO_MASK); 1710 hci_setup_sync(conn, conn->link->handle); 1711 goto unlock; 1712 } 1713 /* fall through */ 1714 1715 default: 1716 conn->state = BT_CLOSED; 1717 break; 1718 } 1719 1720 hci_proto_connect_cfm(conn, ev->status); 1721 if (ev->status) 1722 hci_conn_del(conn); 1723 1724unlock: 1725 hci_dev_unlock(hdev); 1726} 1727 1728static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 1729{ 1730 BT_DBG("%s", hdev->name); 1731} 1732 1733static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 1734{ 1735 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 1736 struct hci_conn *conn; 1737 1738 BT_DBG("%s status %d", hdev->name, ev->status); 1739 1740 hci_dev_lock(hdev); 1741 1742 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1743 if (conn) { 1744 } 1745 1746 hci_dev_unlock(hdev); 1747} 1748 1749static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1750{ 1751 struct inquiry_data data; 1752 struct extended_inquiry_info *info = (void *) (skb->data + 1); 1753 int num_rsp = *((__u8 *) skb->data); 1754 1755 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1756 1757 if (!num_rsp) 1758 return; 1759 1760 hci_dev_lock(hdev); 1761 1762 for (; num_rsp; num_rsp--) { 1763 bacpy(&data.bdaddr, &info->bdaddr); 1764 data.pscan_rep_mode = info->pscan_rep_mode; 1765 data.pscan_period_mode = info->pscan_period_mode; 1766 data.pscan_mode = 0x00; 1767 memcpy(data.dev_class, info->dev_class, 3); 1768 data.clock_offset = info->clock_offset; 1769 data.rssi = info->rssi; 1770 data.ssp_mode = 0x01; 1771 info++; 1772 hci_inquiry_cache_update(hdev, &data); 1773 } 1774 1775 hci_dev_unlock(hdev); 1776} 1777 1778static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1779{ 1780 struct hci_ev_io_capa_request *ev = (void *) skb->data; 1781 struct hci_conn *conn; 1782 1783 BT_DBG("%s", hdev->name); 1784 1785 hci_dev_lock(hdev); 1786 1787 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1788 if (conn) 1789 hci_conn_hold(conn); 1790 1791 hci_dev_unlock(hdev); 1792} 1793 1794static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1795{ 1796 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 1797 struct hci_conn *conn; 1798 1799 BT_DBG("%s", hdev->name); 1800 1801 hci_dev_lock(hdev); 1802 1803 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1804 if (conn) 1805 hci_conn_put(conn); 1806 1807 hci_dev_unlock(hdev); 1808} 1809 1810static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1811{ 1812 struct hci_ev_remote_host_features *ev = (void *) skb->data; 1813 struct inquiry_entry *ie; 1814 1815 BT_DBG("%s", hdev->name); 1816 1817 hci_dev_lock(hdev); 1818 1819 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 1820 ie->data.ssp_mode = (ev->features[0] & 0x01); 1821 1822 hci_dev_unlock(hdev); 1823} 1824 1825void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 1826{ 1827 struct hci_event_hdr *hdr = (void *) skb->data; 1828 __u8 event = hdr->evt; 1829 1830 skb_pull(skb, HCI_EVENT_HDR_SIZE); 1831 1832 switch (event) { 1833 case HCI_EV_INQUIRY_COMPLETE: 1834 hci_inquiry_complete_evt(hdev, skb); 1835 break; 1836 1837 case HCI_EV_INQUIRY_RESULT: 1838 hci_inquiry_result_evt(hdev, skb); 1839 break; 1840 1841 case HCI_EV_CONN_COMPLETE: 1842 hci_conn_complete_evt(hdev, skb); 1843 break; 1844 1845 case HCI_EV_CONN_REQUEST: 1846 hci_conn_request_evt(hdev, skb); 1847 break; 1848 1849 case HCI_EV_DISCONN_COMPLETE: 1850 hci_disconn_complete_evt(hdev, skb); 1851 break; 1852 1853 case HCI_EV_AUTH_COMPLETE: 1854 hci_auth_complete_evt(hdev, skb); 1855 break; 1856 1857 case HCI_EV_REMOTE_NAME: 1858 hci_remote_name_evt(hdev, skb); 1859 break; 1860 1861 case HCI_EV_ENCRYPT_CHANGE: 1862 hci_encrypt_change_evt(hdev, skb); 1863 break; 1864 1865 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 1866 hci_change_link_key_complete_evt(hdev, skb); 1867 break; 1868 1869 case HCI_EV_REMOTE_FEATURES: 1870 hci_remote_features_evt(hdev, skb); 1871 break; 1872 1873 case HCI_EV_REMOTE_VERSION: 1874 hci_remote_version_evt(hdev, skb); 1875 break; 1876 1877 case HCI_EV_QOS_SETUP_COMPLETE: 1878 hci_qos_setup_complete_evt(hdev, skb); 1879 break; 1880 1881 case HCI_EV_CMD_COMPLETE: 1882 hci_cmd_complete_evt(hdev, skb); 1883 break; 1884 1885 case HCI_EV_CMD_STATUS: 1886 hci_cmd_status_evt(hdev, skb); 1887 break; 1888 1889 case HCI_EV_ROLE_CHANGE: 1890 hci_role_change_evt(hdev, skb); 1891 break; 1892 1893 case HCI_EV_NUM_COMP_PKTS: 1894 hci_num_comp_pkts_evt(hdev, skb); 1895 break; 1896 1897 case HCI_EV_MODE_CHANGE: 1898 hci_mode_change_evt(hdev, skb); 1899 break; 1900 1901 case HCI_EV_PIN_CODE_REQ: 1902 hci_pin_code_request_evt(hdev, skb); 1903 break; 1904 1905 case HCI_EV_LINK_KEY_REQ: 1906 hci_link_key_request_evt(hdev, skb); 1907 break; 1908 1909 case HCI_EV_LINK_KEY_NOTIFY: 1910 hci_link_key_notify_evt(hdev, skb); 1911 break; 1912 1913 case HCI_EV_CLOCK_OFFSET: 1914 hci_clock_offset_evt(hdev, skb); 1915 break; 1916 1917 case HCI_EV_PKT_TYPE_CHANGE: 1918 hci_pkt_type_change_evt(hdev, skb); 1919 break; 1920 1921 case HCI_EV_PSCAN_REP_MODE: 1922 hci_pscan_rep_mode_evt(hdev, skb); 1923 break; 1924 1925 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 1926 hci_inquiry_result_with_rssi_evt(hdev, skb); 1927 break; 1928 1929 case HCI_EV_REMOTE_EXT_FEATURES: 1930 hci_remote_ext_features_evt(hdev, skb); 1931 break; 1932 1933 case HCI_EV_SYNC_CONN_COMPLETE: 1934 hci_sync_conn_complete_evt(hdev, skb); 1935 break; 1936 1937 case HCI_EV_SYNC_CONN_CHANGED: 1938 hci_sync_conn_changed_evt(hdev, skb); 1939 break; 1940 1941 case HCI_EV_SNIFF_SUBRATE: 1942 hci_sniff_subrate_evt(hdev, skb); 1943 break; 1944 1945 case HCI_EV_EXTENDED_INQUIRY_RESULT: 1946 hci_extended_inquiry_result_evt(hdev, skb); 1947 break; 1948 1949 case HCI_EV_IO_CAPA_REQUEST: 1950 hci_io_capa_request_evt(hdev, skb); 1951 break; 1952 1953 case HCI_EV_SIMPLE_PAIR_COMPLETE: 1954 hci_simple_pair_complete_evt(hdev, skb); 1955 break; 1956 1957 case HCI_EV_REMOTE_HOST_FEATURES: 1958 hci_remote_host_features_evt(hdev, skb); 1959 break; 1960 1961 default: 1962 BT_DBG("%s event 0x%x", hdev->name, event); 1963 break; 1964 } 1965 1966 kfree_skb(skb); 1967 hdev->stat.evt_rx++; 1968} 1969 1970/* Generate internal stack event */ 1971void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 1972{ 1973 struct hci_event_hdr *hdr; 1974 struct hci_ev_stack_internal *ev; 1975 struct sk_buff *skb; 1976 1977 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 1978 if (!skb) 1979 return; 1980 1981 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 1982 hdr->evt = HCI_EV_STACK_INTERNAL; 1983 hdr->plen = sizeof(*ev) + dlen; 1984 1985 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 1986 ev->type = type; 1987 memcpy(ev->data, data, dlen); 1988 1989 bt_cb(skb)->incoming = 1; 1990 __net_timestamp(skb); 1991 1992 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 1993 skb->dev = (void *) hdev; 1994 hci_send_to_sock(hdev, skb); 1995 kfree_skb(skb); 1996} 1997