hci_event.c revision 60b83f571cf17a7a8ca9ddf2090db63e6a594571
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI event handling. */ 26 27#include <linux/module.h> 28 29#include <linux/types.h> 30#include <linux/errno.h> 31#include <linux/kernel.h> 32#include <linux/slab.h> 33#include <linux/poll.h> 34#include <linux/fcntl.h> 35#include <linux/init.h> 36#include <linux/skbuff.h> 37#include <linux/interrupt.h> 38#include <linux/notifier.h> 39#include <net/sock.h> 40 41#include <asm/system.h> 42#include <linux/uaccess.h> 43#include <asm/unaligned.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47 48/* Handle HCI Event packets */ 49 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 51{ 52 __u8 status = *((__u8 *) skb->data); 53 54 BT_DBG("%s status 0x%x", hdev->name, status); 55 56 if (status) 57 return; 58 59 if (test_bit(HCI_MGMT, &hdev->flags) && 60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 61 mgmt_discovering(hdev->id, 0); 62 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 64 65 hci_conn_check_pending(hdev); 66} 67 68static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 69{ 70 __u8 status = *((__u8 *) skb->data); 71 72 BT_DBG("%s status 0x%x", hdev->name, status); 73 74 if (status) 75 return; 76 77 if (test_bit(HCI_MGMT, &hdev->flags) && 78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 79 mgmt_discovering(hdev->id, 0); 80 81 hci_conn_check_pending(hdev); 82} 83 84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 85{ 86 BT_DBG("%s", hdev->name); 87} 88 89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 90{ 91 struct hci_rp_role_discovery *rp = (void *) skb->data; 92 struct hci_conn *conn; 93 94 BT_DBG("%s status 0x%x", hdev->name, rp->status); 95 96 if (rp->status) 97 return; 98 99 hci_dev_lock(hdev); 100 101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 102 if (conn) { 103 if (rp->role) 104 conn->link_mode &= ~HCI_LM_MASTER; 105 else 106 conn->link_mode |= HCI_LM_MASTER; 107 } 108 109 hci_dev_unlock(hdev); 110} 111 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 113{ 114 struct hci_rp_read_link_policy *rp = (void *) skb->data; 115 struct hci_conn *conn; 116 117 BT_DBG("%s status 0x%x", hdev->name, rp->status); 118 119 if (rp->status) 120 return; 121 122 hci_dev_lock(hdev); 123 124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 125 if (conn) 126 conn->link_policy = __le16_to_cpu(rp->policy); 127 128 hci_dev_unlock(hdev); 129} 130 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 132{ 133 struct hci_rp_write_link_policy *rp = (void *) skb->data; 134 struct hci_conn *conn; 135 void *sent; 136 137 BT_DBG("%s status 0x%x", hdev->name, rp->status); 138 139 if (rp->status) 140 return; 141 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 143 if (!sent) 144 return; 145 146 hci_dev_lock(hdev); 147 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 149 if (conn) 150 conn->link_policy = get_unaligned_le16(sent + 2); 151 152 hci_dev_unlock(hdev); 153} 154 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 156{ 157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 158 159 BT_DBG("%s status 0x%x", hdev->name, rp->status); 160 161 if (rp->status) 162 return; 163 164 hdev->link_policy = __le16_to_cpu(rp->policy); 165} 166 167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 168{ 169 __u8 status = *((__u8 *) skb->data); 170 void *sent; 171 172 BT_DBG("%s status 0x%x", hdev->name, status); 173 174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 175 if (!sent) 176 return; 177 178 if (!status) 179 hdev->link_policy = get_unaligned_le16(sent); 180 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status); 182} 183 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 185{ 186 __u8 status = *((__u8 *) skb->data); 187 188 BT_DBG("%s status 0x%x", hdev->name, status); 189 190 clear_bit(HCI_RESET, &hdev->flags); 191 192 hci_req_complete(hdev, HCI_OP_RESET, status); 193} 194 195static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 196{ 197 __u8 status = *((__u8 *) skb->data); 198 void *sent; 199 200 BT_DBG("%s status 0x%x", hdev->name, status); 201 202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 203 if (!sent) 204 return; 205 206 if (test_bit(HCI_MGMT, &hdev->flags)) 207 mgmt_set_local_name_complete(hdev->id, sent, status); 208 209 if (status) 210 return; 211 212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); 213} 214 215static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 216{ 217 struct hci_rp_read_local_name *rp = (void *) skb->data; 218 219 BT_DBG("%s status 0x%x", hdev->name, rp->status); 220 221 if (rp->status) 222 return; 223 224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 225} 226 227static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 228{ 229 __u8 status = *((__u8 *) skb->data); 230 void *sent; 231 232 BT_DBG("%s status 0x%x", hdev->name, status); 233 234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 235 if (!sent) 236 return; 237 238 if (!status) { 239 __u8 param = *((__u8 *) sent); 240 241 if (param == AUTH_ENABLED) 242 set_bit(HCI_AUTH, &hdev->flags); 243 else 244 clear_bit(HCI_AUTH, &hdev->flags); 245 } 246 247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status); 248} 249 250static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 251{ 252 __u8 status = *((__u8 *) skb->data); 253 void *sent; 254 255 BT_DBG("%s status 0x%x", hdev->name, status); 256 257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 258 if (!sent) 259 return; 260 261 if (!status) { 262 __u8 param = *((__u8 *) sent); 263 264 if (param) 265 set_bit(HCI_ENCRYPT, &hdev->flags); 266 else 267 clear_bit(HCI_ENCRYPT, &hdev->flags); 268 } 269 270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status); 271} 272 273static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 274{ 275 __u8 status = *((__u8 *) skb->data); 276 void *sent; 277 278 BT_DBG("%s status 0x%x", hdev->name, status); 279 280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 281 if (!sent) 282 return; 283 284 if (!status) { 285 __u8 param = *((__u8 *) sent); 286 int old_pscan, old_iscan; 287 288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 290 291 if (param & SCAN_INQUIRY) { 292 set_bit(HCI_ISCAN, &hdev->flags); 293 if (!old_iscan) 294 mgmt_discoverable(hdev->id, 1); 295 } else if (old_iscan) 296 mgmt_discoverable(hdev->id, 0); 297 298 if (param & SCAN_PAGE) { 299 set_bit(HCI_PSCAN, &hdev->flags); 300 if (!old_pscan) 301 mgmt_connectable(hdev->id, 1); 302 } else if (old_pscan) 303 mgmt_connectable(hdev->id, 0); 304 } 305 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status); 307} 308 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 310{ 311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 312 313 BT_DBG("%s status 0x%x", hdev->name, rp->status); 314 315 if (rp->status) 316 return; 317 318 memcpy(hdev->dev_class, rp->dev_class, 3); 319 320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 322} 323 324static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 325{ 326 __u8 status = *((__u8 *) skb->data); 327 void *sent; 328 329 BT_DBG("%s status 0x%x", hdev->name, status); 330 331 if (status) 332 return; 333 334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 335 if (!sent) 336 return; 337 338 memcpy(hdev->dev_class, sent, 3); 339} 340 341static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 342{ 343 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 344 __u16 setting; 345 346 BT_DBG("%s status 0x%x", hdev->name, rp->status); 347 348 if (rp->status) 349 return; 350 351 setting = __le16_to_cpu(rp->voice_setting); 352 353 if (hdev->voice_setting == setting) 354 return; 355 356 hdev->voice_setting = setting; 357 358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 359 360 if (hdev->notify) { 361 tasklet_disable(&hdev->tx_task); 362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 363 tasklet_enable(&hdev->tx_task); 364 } 365} 366 367static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 368{ 369 __u8 status = *((__u8 *) skb->data); 370 __u16 setting; 371 void *sent; 372 373 BT_DBG("%s status 0x%x", hdev->name, status); 374 375 if (status) 376 return; 377 378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 379 if (!sent) 380 return; 381 382 setting = get_unaligned_le16(sent); 383 384 if (hdev->voice_setting == setting) 385 return; 386 387 hdev->voice_setting = setting; 388 389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 390 391 if (hdev->notify) { 392 tasklet_disable(&hdev->tx_task); 393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 394 tasklet_enable(&hdev->tx_task); 395 } 396} 397 398static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 399{ 400 __u8 status = *((__u8 *) skb->data); 401 402 BT_DBG("%s status 0x%x", hdev->name, status); 403 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 405} 406 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 408{ 409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 410 411 BT_DBG("%s status 0x%x", hdev->name, rp->status); 412 413 if (rp->status) 414 return; 415 416 hdev->ssp_mode = rp->mode; 417} 418 419static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 420{ 421 __u8 status = *((__u8 *) skb->data); 422 void *sent; 423 424 BT_DBG("%s status 0x%x", hdev->name, status); 425 426 if (status) 427 return; 428 429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 430 if (!sent) 431 return; 432 433 hdev->ssp_mode = *((__u8 *) sent); 434} 435 436static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 437{ 438 if (hdev->features[6] & LMP_EXT_INQ) 439 return 2; 440 441 if (hdev->features[3] & LMP_RSSI_INQ) 442 return 1; 443 444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 445 hdev->lmp_subver == 0x0757) 446 return 1; 447 448 if (hdev->manufacturer == 15) { 449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963) 450 return 1; 451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963) 452 return 1; 453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965) 454 return 1; 455 } 456 457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 && 458 hdev->lmp_subver == 0x1805) 459 return 1; 460 461 return 0; 462} 463 464static void hci_setup_inquiry_mode(struct hci_dev *hdev) 465{ 466 u8 mode; 467 468 mode = hci_get_inquiry_mode(hdev); 469 470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode); 471} 472 473static void hci_setup_event_mask(struct hci_dev *hdev) 474{ 475 /* The second byte is 0xff instead of 0x9f (two reserved bits 476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 477 * command otherwise */ 478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 479 480 /* Events for 1.2 and newer controllers */ 481 if (hdev->lmp_ver > 1) { 482 events[4] |= 0x01; /* Flow Specification Complete */ 483 events[4] |= 0x02; /* Inquiry Result with RSSI */ 484 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 485 events[5] |= 0x08; /* Synchronous Connection Complete */ 486 events[5] |= 0x10; /* Synchronous Connection Changed */ 487 } 488 489 if (hdev->features[3] & LMP_RSSI_INQ) 490 events[4] |= 0x04; /* Inquiry Result with RSSI */ 491 492 if (hdev->features[5] & LMP_SNIFF_SUBR) 493 events[5] |= 0x20; /* Sniff Subrating */ 494 495 if (hdev->features[5] & LMP_PAUSE_ENC) 496 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 497 498 if (hdev->features[6] & LMP_EXT_INQ) 499 events[5] |= 0x40; /* Extended Inquiry Result */ 500 501 if (hdev->features[6] & LMP_NO_FLUSH) 502 events[7] |= 0x01; /* Enhanced Flush Complete */ 503 504 if (hdev->features[7] & LMP_LSTO) 505 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 506 507 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 508 events[6] |= 0x01; /* IO Capability Request */ 509 events[6] |= 0x02; /* IO Capability Response */ 510 events[6] |= 0x04; /* User Confirmation Request */ 511 events[6] |= 0x08; /* User Passkey Request */ 512 events[6] |= 0x10; /* Remote OOB Data Request */ 513 events[6] |= 0x20; /* Simple Pairing Complete */ 514 events[7] |= 0x04; /* User Passkey Notification */ 515 events[7] |= 0x08; /* Keypress Notification */ 516 events[7] |= 0x10; /* Remote Host Supported 517 * Features Notification */ 518 } 519 520 if (hdev->features[4] & LMP_LE) 521 events[7] |= 0x20; /* LE Meta-Event */ 522 523 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 524} 525 526static void hci_setup(struct hci_dev *hdev) 527{ 528 hci_setup_event_mask(hdev); 529 530 if (hdev->lmp_ver > 1) 531 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 532 533 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 534 u8 mode = 0x01; 535 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 536 } 537 538 if (hdev->features[3] & LMP_RSSI_INQ) 539 hci_setup_inquiry_mode(hdev); 540 541 if (hdev->features[7] & LMP_INQ_TX_PWR) 542 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 543} 544 545static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 546{ 547 struct hci_rp_read_local_version *rp = (void *) skb->data; 548 549 BT_DBG("%s status 0x%x", hdev->name, rp->status); 550 551 if (rp->status) 552 return; 553 554 hdev->hci_ver = rp->hci_ver; 555 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 556 hdev->lmp_ver = rp->lmp_ver; 557 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 558 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 559 560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 561 hdev->manufacturer, 562 hdev->hci_ver, hdev->hci_rev); 563 564 if (test_bit(HCI_INIT, &hdev->flags)) 565 hci_setup(hdev); 566} 567 568static void hci_setup_link_policy(struct hci_dev *hdev) 569{ 570 u16 link_policy = 0; 571 572 if (hdev->features[0] & LMP_RSWITCH) 573 link_policy |= HCI_LP_RSWITCH; 574 if (hdev->features[0] & LMP_HOLD) 575 link_policy |= HCI_LP_HOLD; 576 if (hdev->features[0] & LMP_SNIFF) 577 link_policy |= HCI_LP_SNIFF; 578 if (hdev->features[1] & LMP_PARK) 579 link_policy |= HCI_LP_PARK; 580 581 link_policy = cpu_to_le16(link_policy); 582 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 583 sizeof(link_policy), &link_policy); 584} 585 586static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 587{ 588 struct hci_rp_read_local_commands *rp = (void *) skb->data; 589 590 BT_DBG("%s status 0x%x", hdev->name, rp->status); 591 592 if (rp->status) 593 goto done; 594 595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 596 597 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10)) 598 hci_setup_link_policy(hdev); 599 600done: 601 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status); 602} 603 604static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 605{ 606 struct hci_rp_read_local_features *rp = (void *) skb->data; 607 608 BT_DBG("%s status 0x%x", hdev->name, rp->status); 609 610 if (rp->status) 611 return; 612 613 memcpy(hdev->features, rp->features, 8); 614 615 /* Adjust default settings according to features 616 * supported by device. */ 617 618 if (hdev->features[0] & LMP_3SLOT) 619 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 620 621 if (hdev->features[0] & LMP_5SLOT) 622 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 623 624 if (hdev->features[1] & LMP_HV2) { 625 hdev->pkt_type |= (HCI_HV2); 626 hdev->esco_type |= (ESCO_HV2); 627 } 628 629 if (hdev->features[1] & LMP_HV3) { 630 hdev->pkt_type |= (HCI_HV3); 631 hdev->esco_type |= (ESCO_HV3); 632 } 633 634 if (hdev->features[3] & LMP_ESCO) 635 hdev->esco_type |= (ESCO_EV3); 636 637 if (hdev->features[4] & LMP_EV4) 638 hdev->esco_type |= (ESCO_EV4); 639 640 if (hdev->features[4] & LMP_EV5) 641 hdev->esco_type |= (ESCO_EV5); 642 643 if (hdev->features[5] & LMP_EDR_ESCO_2M) 644 hdev->esco_type |= (ESCO_2EV3); 645 646 if (hdev->features[5] & LMP_EDR_ESCO_3M) 647 hdev->esco_type |= (ESCO_3EV3); 648 649 if (hdev->features[5] & LMP_EDR_3S_ESCO) 650 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 651 652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 653 hdev->features[0], hdev->features[1], 654 hdev->features[2], hdev->features[3], 655 hdev->features[4], hdev->features[5], 656 hdev->features[6], hdev->features[7]); 657} 658 659static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 660{ 661 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 662 663 BT_DBG("%s status 0x%x", hdev->name, rp->status); 664 665 if (rp->status) 666 return; 667 668 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 669 hdev->sco_mtu = rp->sco_mtu; 670 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 671 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 672 673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 674 hdev->sco_mtu = 64; 675 hdev->sco_pkts = 8; 676 } 677 678 hdev->acl_cnt = hdev->acl_pkts; 679 hdev->sco_cnt = hdev->sco_pkts; 680 681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 682 hdev->acl_mtu, hdev->acl_pkts, 683 hdev->sco_mtu, hdev->sco_pkts); 684} 685 686static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 687{ 688 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 689 690 BT_DBG("%s status 0x%x", hdev->name, rp->status); 691 692 if (!rp->status) 693 bacpy(&hdev->bdaddr, &rp->bdaddr); 694 695 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status); 696} 697 698static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb) 699{ 700 __u8 status = *((__u8 *) skb->data); 701 702 BT_DBG("%s status 0x%x", hdev->name, status); 703 704 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 705} 706 707static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 708 struct sk_buff *skb) 709{ 710 __u8 status = *((__u8 *) skb->data); 711 712 BT_DBG("%s status 0x%x", hdev->name, status); 713 714 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status); 715} 716 717static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb) 718{ 719 __u8 status = *((__u8 *) skb->data); 720 721 BT_DBG("%s status 0x%x", hdev->name, status); 722 723 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status); 724} 725 726static void hci_cc_write_inquiry_mode(struct hci_dev *hdev, 727 struct sk_buff *skb) 728{ 729 __u8 status = *((__u8 *) skb->data); 730 731 BT_DBG("%s status 0x%x", hdev->name, status); 732 733 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status); 734} 735 736static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev, 737 struct sk_buff *skb) 738{ 739 __u8 status = *((__u8 *) skb->data); 740 741 BT_DBG("%s status 0x%x", hdev->name, status); 742 743 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status); 744} 745 746static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb) 747{ 748 __u8 status = *((__u8 *) skb->data); 749 750 BT_DBG("%s status 0x%x", hdev->name, status); 751 752 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status); 753} 754 755static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb) 756{ 757 struct hci_rp_pin_code_reply *rp = (void *) skb->data; 758 struct hci_cp_pin_code_reply *cp; 759 struct hci_conn *conn; 760 761 BT_DBG("%s status 0x%x", hdev->name, rp->status); 762 763 if (test_bit(HCI_MGMT, &hdev->flags)) 764 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status); 765 766 if (rp->status != 0) 767 return; 768 769 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY); 770 if (!cp) 771 return; 772 773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 774 if (conn) 775 conn->pin_length = cp->pin_len; 776} 777 778static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) 779{ 780 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 781 782 BT_DBG("%s status 0x%x", hdev->name, rp->status); 783 784 if (test_bit(HCI_MGMT, &hdev->flags)) 785 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr, 786 rp->status); 787} 788static void hci_cc_le_read_buffer_size(struct hci_dev *hdev, 789 struct sk_buff *skb) 790{ 791 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 792 793 BT_DBG("%s status 0x%x", hdev->name, rp->status); 794 795 if (rp->status) 796 return; 797 798 hdev->le_mtu = __le16_to_cpu(rp->le_mtu); 799 hdev->le_pkts = rp->le_max_pkt; 800 801 hdev->le_cnt = hdev->le_pkts; 802 803 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); 804 805 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status); 806} 807 808static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb) 809{ 810 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 811 812 BT_DBG("%s status 0x%x", hdev->name, rp->status); 813 814 if (test_bit(HCI_MGMT, &hdev->flags)) 815 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr, 816 rp->status); 817} 818 819static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev, 820 struct sk_buff *skb) 821{ 822 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 823 824 BT_DBG("%s status 0x%x", hdev->name, rp->status); 825 826 if (test_bit(HCI_MGMT, &hdev->flags)) 827 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr, 828 rp->status); 829} 830 831static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev, 832 struct sk_buff *skb) 833{ 834 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 835 836 BT_DBG("%s status 0x%x", hdev->name, rp->status); 837 838 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash, 839 rp->randomizer, rp->status); 840} 841 842static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 843{ 844 BT_DBG("%s status 0x%x", hdev->name, status); 845 846 if (status) { 847 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 848 hci_conn_check_pending(hdev); 849 return; 850 } 851 852 if (test_bit(HCI_MGMT, &hdev->flags) && 853 !test_and_set_bit(HCI_INQUIRY, 854 &hdev->flags)) 855 mgmt_discovering(hdev->id, 1); 856} 857 858static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 859{ 860 struct hci_cp_create_conn *cp; 861 struct hci_conn *conn; 862 863 BT_DBG("%s status 0x%x", hdev->name, status); 864 865 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 866 if (!cp) 867 return; 868 869 hci_dev_lock(hdev); 870 871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 872 873 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 874 875 if (status) { 876 if (conn && conn->state == BT_CONNECT) { 877 if (status != 0x0c || conn->attempt > 2) { 878 conn->state = BT_CLOSED; 879 hci_proto_connect_cfm(conn, status); 880 hci_conn_del(conn); 881 } else 882 conn->state = BT_CONNECT2; 883 } 884 } else { 885 if (!conn) { 886 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 887 if (conn) { 888 conn->out = 1; 889 conn->link_mode |= HCI_LM_MASTER; 890 } else 891 BT_ERR("No memory for new connection"); 892 } 893 } 894 895 hci_dev_unlock(hdev); 896} 897 898static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 899{ 900 struct hci_cp_add_sco *cp; 901 struct hci_conn *acl, *sco; 902 __u16 handle; 903 904 BT_DBG("%s status 0x%x", hdev->name, status); 905 906 if (!status) 907 return; 908 909 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 910 if (!cp) 911 return; 912 913 handle = __le16_to_cpu(cp->handle); 914 915 BT_DBG("%s handle %d", hdev->name, handle); 916 917 hci_dev_lock(hdev); 918 919 acl = hci_conn_hash_lookup_handle(hdev, handle); 920 if (acl) { 921 sco = acl->link; 922 if (sco) { 923 sco->state = BT_CLOSED; 924 925 hci_proto_connect_cfm(sco, status); 926 hci_conn_del(sco); 927 } 928 } 929 930 hci_dev_unlock(hdev); 931} 932 933static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 934{ 935 struct hci_cp_auth_requested *cp; 936 struct hci_conn *conn; 937 938 BT_DBG("%s status 0x%x", hdev->name, status); 939 940 if (!status) 941 return; 942 943 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 944 if (!cp) 945 return; 946 947 hci_dev_lock(hdev); 948 949 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 950 if (conn) { 951 if (conn->state == BT_CONFIG) { 952 hci_proto_connect_cfm(conn, status); 953 hci_conn_put(conn); 954 } 955 } 956 957 hci_dev_unlock(hdev); 958} 959 960static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 961{ 962 struct hci_cp_set_conn_encrypt *cp; 963 struct hci_conn *conn; 964 965 BT_DBG("%s status 0x%x", hdev->name, status); 966 967 if (!status) 968 return; 969 970 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 971 if (!cp) 972 return; 973 974 hci_dev_lock(hdev); 975 976 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 977 if (conn) { 978 if (conn->state == BT_CONFIG) { 979 hci_proto_connect_cfm(conn, status); 980 hci_conn_put(conn); 981 } 982 } 983 984 hci_dev_unlock(hdev); 985} 986 987static int hci_outgoing_auth_needed(struct hci_dev *hdev, 988 struct hci_conn *conn) 989{ 990 if (conn->state != BT_CONFIG || !conn->out) 991 return 0; 992 993 if (conn->pending_sec_level == BT_SECURITY_SDP) 994 return 0; 995 996 /* Only request authentication for SSP connections or non-SSP 997 * devices with sec_level HIGH */ 998 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 999 conn->pending_sec_level != BT_SECURITY_HIGH) 1000 return 0; 1001 1002 return 1; 1003} 1004 1005static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1006{ 1007 struct hci_cp_remote_name_req *cp; 1008 struct hci_conn *conn; 1009 1010 BT_DBG("%s status 0x%x", hdev->name, status); 1011 1012 /* If successful wait for the name req complete event before 1013 * checking for the need to do authentication */ 1014 if (!status) 1015 return; 1016 1017 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ); 1018 if (!cp) 1019 return; 1020 1021 hci_dev_lock(hdev); 1022 1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1024 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1025 struct hci_cp_auth_requested cp; 1026 cp.handle = __cpu_to_le16(conn->handle); 1027 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1028 } 1029 1030 hci_dev_unlock(hdev); 1031} 1032 1033static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 1034{ 1035 struct hci_cp_read_remote_features *cp; 1036 struct hci_conn *conn; 1037 1038 BT_DBG("%s status 0x%x", hdev->name, status); 1039 1040 if (!status) 1041 return; 1042 1043 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 1044 if (!cp) 1045 return; 1046 1047 hci_dev_lock(hdev); 1048 1049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1050 if (conn) { 1051 if (conn->state == BT_CONFIG) { 1052 hci_proto_connect_cfm(conn, status); 1053 hci_conn_put(conn); 1054 } 1055 } 1056 1057 hci_dev_unlock(hdev); 1058} 1059 1060static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 1061{ 1062 struct hci_cp_read_remote_ext_features *cp; 1063 struct hci_conn *conn; 1064 1065 BT_DBG("%s status 0x%x", hdev->name, status); 1066 1067 if (!status) 1068 return; 1069 1070 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 1071 if (!cp) 1072 return; 1073 1074 hci_dev_lock(hdev); 1075 1076 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1077 if (conn) { 1078 if (conn->state == BT_CONFIG) { 1079 hci_proto_connect_cfm(conn, status); 1080 hci_conn_put(conn); 1081 } 1082 } 1083 1084 hci_dev_unlock(hdev); 1085} 1086 1087static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 1088{ 1089 struct hci_cp_setup_sync_conn *cp; 1090 struct hci_conn *acl, *sco; 1091 __u16 handle; 1092 1093 BT_DBG("%s status 0x%x", hdev->name, status); 1094 1095 if (!status) 1096 return; 1097 1098 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 1099 if (!cp) 1100 return; 1101 1102 handle = __le16_to_cpu(cp->handle); 1103 1104 BT_DBG("%s handle %d", hdev->name, handle); 1105 1106 hci_dev_lock(hdev); 1107 1108 acl = hci_conn_hash_lookup_handle(hdev, handle); 1109 if (acl) { 1110 sco = acl->link; 1111 if (sco) { 1112 sco->state = BT_CLOSED; 1113 1114 hci_proto_connect_cfm(sco, status); 1115 hci_conn_del(sco); 1116 } 1117 } 1118 1119 hci_dev_unlock(hdev); 1120} 1121 1122static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 1123{ 1124 struct hci_cp_sniff_mode *cp; 1125 struct hci_conn *conn; 1126 1127 BT_DBG("%s status 0x%x", hdev->name, status); 1128 1129 if (!status) 1130 return; 1131 1132 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 1133 if (!cp) 1134 return; 1135 1136 hci_dev_lock(hdev); 1137 1138 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1139 if (conn) { 1140 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1141 1142 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1143 hci_sco_setup(conn, status); 1144 } 1145 1146 hci_dev_unlock(hdev); 1147} 1148 1149static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 1150{ 1151 struct hci_cp_exit_sniff_mode *cp; 1152 struct hci_conn *conn; 1153 1154 BT_DBG("%s status 0x%x", hdev->name, status); 1155 1156 if (!status) 1157 return; 1158 1159 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 1160 if (!cp) 1161 return; 1162 1163 hci_dev_lock(hdev); 1164 1165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1166 if (conn) { 1167 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1168 1169 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1170 hci_sco_setup(conn, status); 1171 } 1172 1173 hci_dev_unlock(hdev); 1174} 1175 1176static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status) 1177{ 1178 struct hci_cp_le_create_conn *cp; 1179 struct hci_conn *conn; 1180 1181 BT_DBG("%s status 0x%x", hdev->name, status); 1182 1183 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); 1184 if (!cp) 1185 return; 1186 1187 hci_dev_lock(hdev); 1188 1189 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr); 1190 1191 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr), 1192 conn); 1193 1194 if (status) { 1195 if (conn && conn->state == BT_CONNECT) { 1196 conn->state = BT_CLOSED; 1197 hci_proto_connect_cfm(conn, status); 1198 hci_conn_del(conn); 1199 } 1200 } else { 1201 if (!conn) { 1202 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr); 1203 if (conn) 1204 conn->out = 1; 1205 else 1206 BT_ERR("No memory for new connection"); 1207 } 1208 } 1209 1210 hci_dev_unlock(hdev); 1211} 1212 1213static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1214{ 1215 __u8 status = *((__u8 *) skb->data); 1216 1217 BT_DBG("%s status %d", hdev->name, status); 1218 1219 if (test_bit(HCI_MGMT, &hdev->flags) && 1220 test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1221 mgmt_discovering(hdev->id, 0); 1222 1223 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1224 1225 hci_conn_check_pending(hdev); 1226} 1227 1228static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1229{ 1230 struct inquiry_data data; 1231 struct inquiry_info *info = (void *) (skb->data + 1); 1232 int num_rsp = *((__u8 *) skb->data); 1233 1234 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1235 1236 if (!num_rsp) 1237 return; 1238 1239 hci_dev_lock(hdev); 1240 1241 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) { 1242 1243 if (test_bit(HCI_MGMT, &hdev->flags)) 1244 mgmt_discovering(hdev->id, 1); 1245 } 1246 1247 for (; num_rsp; num_rsp--, info++) { 1248 bacpy(&data.bdaddr, &info->bdaddr); 1249 data.pscan_rep_mode = info->pscan_rep_mode; 1250 data.pscan_period_mode = info->pscan_period_mode; 1251 data.pscan_mode = info->pscan_mode; 1252 memcpy(data.dev_class, info->dev_class, 3); 1253 data.clock_offset = info->clock_offset; 1254 data.rssi = 0x00; 1255 data.ssp_mode = 0x00; 1256 hci_inquiry_cache_update(hdev, &data); 1257 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0, 1258 NULL); 1259 } 1260 1261 hci_dev_unlock(hdev); 1262} 1263 1264static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1265{ 1266 struct hci_ev_conn_complete *ev = (void *) skb->data; 1267 struct hci_conn *conn; 1268 1269 BT_DBG("%s", hdev->name); 1270 1271 hci_dev_lock(hdev); 1272 1273 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1274 if (!conn) { 1275 if (ev->link_type != SCO_LINK) 1276 goto unlock; 1277 1278 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1279 if (!conn) 1280 goto unlock; 1281 1282 conn->type = SCO_LINK; 1283 } 1284 1285 if (!ev->status) { 1286 conn->handle = __le16_to_cpu(ev->handle); 1287 1288 if (conn->type == ACL_LINK) { 1289 conn->state = BT_CONFIG; 1290 hci_conn_hold(conn); 1291 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1292 mgmt_connected(hdev->id, &ev->bdaddr); 1293 } else 1294 conn->state = BT_CONNECTED; 1295 1296 hci_conn_hold_device(conn); 1297 hci_conn_add_sysfs(conn); 1298 1299 if (test_bit(HCI_AUTH, &hdev->flags)) 1300 conn->link_mode |= HCI_LM_AUTH; 1301 1302 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 1303 conn->link_mode |= HCI_LM_ENCRYPT; 1304 1305 /* Get remote features */ 1306 if (conn->type == ACL_LINK) { 1307 struct hci_cp_read_remote_features cp; 1308 cp.handle = ev->handle; 1309 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1310 sizeof(cp), &cp); 1311 } 1312 1313 /* Set packet type for incoming connection */ 1314 if (!conn->out && hdev->hci_ver < 3) { 1315 struct hci_cp_change_conn_ptype cp; 1316 cp.handle = ev->handle; 1317 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1318 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 1319 sizeof(cp), &cp); 1320 } 1321 } else { 1322 conn->state = BT_CLOSED; 1323 if (conn->type == ACL_LINK) 1324 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status); 1325 } 1326 1327 if (conn->type == ACL_LINK) 1328 hci_sco_setup(conn, ev->status); 1329 1330 if (ev->status) { 1331 hci_proto_connect_cfm(conn, ev->status); 1332 hci_conn_del(conn); 1333 } else if (ev->link_type != ACL_LINK) 1334 hci_proto_connect_cfm(conn, ev->status); 1335 1336unlock: 1337 hci_dev_unlock(hdev); 1338 1339 hci_conn_check_pending(hdev); 1340} 1341 1342static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1343{ 1344 struct hci_ev_conn_request *ev = (void *) skb->data; 1345 int mask = hdev->link_mode; 1346 1347 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 1348 batostr(&ev->bdaddr), ev->link_type); 1349 1350 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1351 1352 if ((mask & HCI_LM_ACCEPT) && 1353 !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 1354 /* Connection accepted */ 1355 struct inquiry_entry *ie; 1356 struct hci_conn *conn; 1357 1358 hci_dev_lock(hdev); 1359 1360 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1361 if (ie) 1362 memcpy(ie->data.dev_class, ev->dev_class, 3); 1363 1364 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1365 if (!conn) { 1366 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr); 1367 if (!conn) { 1368 BT_ERR("No memory for new connection"); 1369 hci_dev_unlock(hdev); 1370 return; 1371 } 1372 } 1373 1374 memcpy(conn->dev_class, ev->dev_class, 3); 1375 conn->state = BT_CONNECT; 1376 1377 hci_dev_unlock(hdev); 1378 1379 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 1380 struct hci_cp_accept_conn_req cp; 1381 1382 bacpy(&cp.bdaddr, &ev->bdaddr); 1383 1384 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 1385 cp.role = 0x00; /* Become master */ 1386 else 1387 cp.role = 0x01; /* Remain slave */ 1388 1389 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 1390 sizeof(cp), &cp); 1391 } else { 1392 struct hci_cp_accept_sync_conn_req cp; 1393 1394 bacpy(&cp.bdaddr, &ev->bdaddr); 1395 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1396 1397 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 1398 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 1399 cp.max_latency = cpu_to_le16(0xffff); 1400 cp.content_format = cpu_to_le16(hdev->voice_setting); 1401 cp.retrans_effort = 0xff; 1402 1403 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1404 sizeof(cp), &cp); 1405 } 1406 } else { 1407 /* Connection rejected */ 1408 struct hci_cp_reject_conn_req cp; 1409 1410 bacpy(&cp.bdaddr, &ev->bdaddr); 1411 cp.reason = 0x0f; 1412 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1413 } 1414} 1415 1416static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1417{ 1418 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1419 struct hci_conn *conn; 1420 1421 BT_DBG("%s status %d", hdev->name, ev->status); 1422 1423 if (ev->status) { 1424 mgmt_disconnect_failed(hdev->id); 1425 return; 1426 } 1427 1428 hci_dev_lock(hdev); 1429 1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1431 if (!conn) 1432 goto unlock; 1433 1434 conn->state = BT_CLOSED; 1435 1436 if (conn->type == ACL_LINK) 1437 mgmt_disconnected(hdev->id, &conn->dst); 1438 1439 hci_proto_disconn_cfm(conn, ev->reason); 1440 hci_conn_del(conn); 1441 1442unlock: 1443 hci_dev_unlock(hdev); 1444} 1445 1446static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1447{ 1448 struct hci_ev_auth_complete *ev = (void *) skb->data; 1449 struct hci_conn *conn; 1450 1451 BT_DBG("%s status %d", hdev->name, ev->status); 1452 1453 hci_dev_lock(hdev); 1454 1455 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1456 if (conn) { 1457 if (!ev->status) { 1458 conn->link_mode |= HCI_LM_AUTH; 1459 conn->sec_level = conn->pending_sec_level; 1460 } else { 1461 mgmt_auth_failed(hdev->id, &conn->dst, ev->status); 1462 } 1463 1464 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1465 1466 if (conn->state == BT_CONFIG) { 1467 if (!ev->status && hdev->ssp_mode > 0 && 1468 conn->ssp_mode > 0) { 1469 struct hci_cp_set_conn_encrypt cp; 1470 cp.handle = ev->handle; 1471 cp.encrypt = 0x01; 1472 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1473 sizeof(cp), &cp); 1474 } else { 1475 conn->state = BT_CONNECTED; 1476 hci_proto_connect_cfm(conn, ev->status); 1477 hci_conn_put(conn); 1478 } 1479 } else { 1480 hci_auth_cfm(conn, ev->status); 1481 1482 hci_conn_hold(conn); 1483 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1484 hci_conn_put(conn); 1485 } 1486 1487 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1488 if (!ev->status) { 1489 struct hci_cp_set_conn_encrypt cp; 1490 cp.handle = ev->handle; 1491 cp.encrypt = 0x01; 1492 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1493 sizeof(cp), &cp); 1494 } else { 1495 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1496 hci_encrypt_cfm(conn, ev->status, 0x00); 1497 } 1498 } 1499 } 1500 1501 hci_dev_unlock(hdev); 1502} 1503 1504static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1505{ 1506 struct hci_ev_remote_name *ev = (void *) skb->data; 1507 struct hci_conn *conn; 1508 1509 BT_DBG("%s", hdev->name); 1510 1511 hci_conn_check_pending(hdev); 1512 1513 hci_dev_lock(hdev); 1514 1515 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags)) 1516 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name); 1517 1518 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1519 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1520 struct hci_cp_auth_requested cp; 1521 cp.handle = __cpu_to_le16(conn->handle); 1522 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1523 } 1524 1525 hci_dev_unlock(hdev); 1526} 1527 1528static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1529{ 1530 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1531 struct hci_conn *conn; 1532 1533 BT_DBG("%s status %d", hdev->name, ev->status); 1534 1535 hci_dev_lock(hdev); 1536 1537 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1538 if (conn) { 1539 if (!ev->status) { 1540 if (ev->encrypt) { 1541 /* Encryption implies authentication */ 1542 conn->link_mode |= HCI_LM_AUTH; 1543 conn->link_mode |= HCI_LM_ENCRYPT; 1544 } else 1545 conn->link_mode &= ~HCI_LM_ENCRYPT; 1546 } 1547 1548 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1549 1550 if (conn->state == BT_CONFIG) { 1551 if (!ev->status) 1552 conn->state = BT_CONNECTED; 1553 1554 hci_proto_connect_cfm(conn, ev->status); 1555 hci_conn_put(conn); 1556 } else 1557 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1558 } 1559 1560 hci_dev_unlock(hdev); 1561} 1562 1563static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1564{ 1565 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1566 struct hci_conn *conn; 1567 1568 BT_DBG("%s status %d", hdev->name, ev->status); 1569 1570 hci_dev_lock(hdev); 1571 1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1573 if (conn) { 1574 if (!ev->status) 1575 conn->link_mode |= HCI_LM_SECURE; 1576 1577 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1578 1579 hci_key_change_cfm(conn, ev->status); 1580 } 1581 1582 hci_dev_unlock(hdev); 1583} 1584 1585static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1586{ 1587 struct hci_ev_remote_features *ev = (void *) skb->data; 1588 struct hci_conn *conn; 1589 1590 BT_DBG("%s status %d", hdev->name, ev->status); 1591 1592 hci_dev_lock(hdev); 1593 1594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1595 if (!conn) 1596 goto unlock; 1597 1598 if (!ev->status) 1599 memcpy(conn->features, ev->features, 8); 1600 1601 if (conn->state != BT_CONFIG) 1602 goto unlock; 1603 1604 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) { 1605 struct hci_cp_read_remote_ext_features cp; 1606 cp.handle = ev->handle; 1607 cp.page = 0x01; 1608 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES, 1609 sizeof(cp), &cp); 1610 goto unlock; 1611 } 1612 1613 if (!ev->status) { 1614 struct hci_cp_remote_name_req cp; 1615 memset(&cp, 0, sizeof(cp)); 1616 bacpy(&cp.bdaddr, &conn->dst); 1617 cp.pscan_rep_mode = 0x02; 1618 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 1619 } 1620 1621 if (!hci_outgoing_auth_needed(hdev, conn)) { 1622 conn->state = BT_CONNECTED; 1623 hci_proto_connect_cfm(conn, ev->status); 1624 hci_conn_put(conn); 1625 } 1626 1627unlock: 1628 hci_dev_unlock(hdev); 1629} 1630 1631static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1632{ 1633 BT_DBG("%s", hdev->name); 1634} 1635 1636static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1637{ 1638 BT_DBG("%s", hdev->name); 1639} 1640 1641static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1642{ 1643 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1644 __u16 opcode; 1645 1646 skb_pull(skb, sizeof(*ev)); 1647 1648 opcode = __le16_to_cpu(ev->opcode); 1649 1650 switch (opcode) { 1651 case HCI_OP_INQUIRY_CANCEL: 1652 hci_cc_inquiry_cancel(hdev, skb); 1653 break; 1654 1655 case HCI_OP_EXIT_PERIODIC_INQ: 1656 hci_cc_exit_periodic_inq(hdev, skb); 1657 break; 1658 1659 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1660 hci_cc_remote_name_req_cancel(hdev, skb); 1661 break; 1662 1663 case HCI_OP_ROLE_DISCOVERY: 1664 hci_cc_role_discovery(hdev, skb); 1665 break; 1666 1667 case HCI_OP_READ_LINK_POLICY: 1668 hci_cc_read_link_policy(hdev, skb); 1669 break; 1670 1671 case HCI_OP_WRITE_LINK_POLICY: 1672 hci_cc_write_link_policy(hdev, skb); 1673 break; 1674 1675 case HCI_OP_READ_DEF_LINK_POLICY: 1676 hci_cc_read_def_link_policy(hdev, skb); 1677 break; 1678 1679 case HCI_OP_WRITE_DEF_LINK_POLICY: 1680 hci_cc_write_def_link_policy(hdev, skb); 1681 break; 1682 1683 case HCI_OP_RESET: 1684 hci_cc_reset(hdev, skb); 1685 break; 1686 1687 case HCI_OP_WRITE_LOCAL_NAME: 1688 hci_cc_write_local_name(hdev, skb); 1689 break; 1690 1691 case HCI_OP_READ_LOCAL_NAME: 1692 hci_cc_read_local_name(hdev, skb); 1693 break; 1694 1695 case HCI_OP_WRITE_AUTH_ENABLE: 1696 hci_cc_write_auth_enable(hdev, skb); 1697 break; 1698 1699 case HCI_OP_WRITE_ENCRYPT_MODE: 1700 hci_cc_write_encrypt_mode(hdev, skb); 1701 break; 1702 1703 case HCI_OP_WRITE_SCAN_ENABLE: 1704 hci_cc_write_scan_enable(hdev, skb); 1705 break; 1706 1707 case HCI_OP_READ_CLASS_OF_DEV: 1708 hci_cc_read_class_of_dev(hdev, skb); 1709 break; 1710 1711 case HCI_OP_WRITE_CLASS_OF_DEV: 1712 hci_cc_write_class_of_dev(hdev, skb); 1713 break; 1714 1715 case HCI_OP_READ_VOICE_SETTING: 1716 hci_cc_read_voice_setting(hdev, skb); 1717 break; 1718 1719 case HCI_OP_WRITE_VOICE_SETTING: 1720 hci_cc_write_voice_setting(hdev, skb); 1721 break; 1722 1723 case HCI_OP_HOST_BUFFER_SIZE: 1724 hci_cc_host_buffer_size(hdev, skb); 1725 break; 1726 1727 case HCI_OP_READ_SSP_MODE: 1728 hci_cc_read_ssp_mode(hdev, skb); 1729 break; 1730 1731 case HCI_OP_WRITE_SSP_MODE: 1732 hci_cc_write_ssp_mode(hdev, skb); 1733 break; 1734 1735 case HCI_OP_READ_LOCAL_VERSION: 1736 hci_cc_read_local_version(hdev, skb); 1737 break; 1738 1739 case HCI_OP_READ_LOCAL_COMMANDS: 1740 hci_cc_read_local_commands(hdev, skb); 1741 break; 1742 1743 case HCI_OP_READ_LOCAL_FEATURES: 1744 hci_cc_read_local_features(hdev, skb); 1745 break; 1746 1747 case HCI_OP_READ_BUFFER_SIZE: 1748 hci_cc_read_buffer_size(hdev, skb); 1749 break; 1750 1751 case HCI_OP_READ_BD_ADDR: 1752 hci_cc_read_bd_addr(hdev, skb); 1753 break; 1754 1755 case HCI_OP_WRITE_CA_TIMEOUT: 1756 hci_cc_write_ca_timeout(hdev, skb); 1757 break; 1758 1759 case HCI_OP_DELETE_STORED_LINK_KEY: 1760 hci_cc_delete_stored_link_key(hdev, skb); 1761 break; 1762 1763 case HCI_OP_SET_EVENT_MASK: 1764 hci_cc_set_event_mask(hdev, skb); 1765 break; 1766 1767 case HCI_OP_WRITE_INQUIRY_MODE: 1768 hci_cc_write_inquiry_mode(hdev, skb); 1769 break; 1770 1771 case HCI_OP_READ_INQ_RSP_TX_POWER: 1772 hci_cc_read_inq_rsp_tx_power(hdev, skb); 1773 break; 1774 1775 case HCI_OP_SET_EVENT_FLT: 1776 hci_cc_set_event_flt(hdev, skb); 1777 break; 1778 1779 case HCI_OP_PIN_CODE_REPLY: 1780 hci_cc_pin_code_reply(hdev, skb); 1781 break; 1782 1783 case HCI_OP_PIN_CODE_NEG_REPLY: 1784 hci_cc_pin_code_neg_reply(hdev, skb); 1785 break; 1786 1787 case HCI_OP_READ_LOCAL_OOB_DATA: 1788 hci_cc_read_local_oob_data_reply(hdev, skb); 1789 break; 1790 1791 case HCI_OP_LE_READ_BUFFER_SIZE: 1792 hci_cc_le_read_buffer_size(hdev, skb); 1793 break; 1794 1795 case HCI_OP_USER_CONFIRM_REPLY: 1796 hci_cc_user_confirm_reply(hdev, skb); 1797 break; 1798 1799 case HCI_OP_USER_CONFIRM_NEG_REPLY: 1800 hci_cc_user_confirm_neg_reply(hdev, skb); 1801 break; 1802 1803 default: 1804 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1805 break; 1806 } 1807 1808 if (ev->opcode != HCI_OP_NOP) 1809 del_timer(&hdev->cmd_timer); 1810 1811 if (ev->ncmd) { 1812 atomic_set(&hdev->cmd_cnt, 1); 1813 if (!skb_queue_empty(&hdev->cmd_q)) 1814 tasklet_schedule(&hdev->cmd_task); 1815 } 1816} 1817 1818static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1819{ 1820 struct hci_ev_cmd_status *ev = (void *) skb->data; 1821 __u16 opcode; 1822 1823 skb_pull(skb, sizeof(*ev)); 1824 1825 opcode = __le16_to_cpu(ev->opcode); 1826 1827 switch (opcode) { 1828 case HCI_OP_INQUIRY: 1829 hci_cs_inquiry(hdev, ev->status); 1830 break; 1831 1832 case HCI_OP_CREATE_CONN: 1833 hci_cs_create_conn(hdev, ev->status); 1834 break; 1835 1836 case HCI_OP_ADD_SCO: 1837 hci_cs_add_sco(hdev, ev->status); 1838 break; 1839 1840 case HCI_OP_AUTH_REQUESTED: 1841 hci_cs_auth_requested(hdev, ev->status); 1842 break; 1843 1844 case HCI_OP_SET_CONN_ENCRYPT: 1845 hci_cs_set_conn_encrypt(hdev, ev->status); 1846 break; 1847 1848 case HCI_OP_REMOTE_NAME_REQ: 1849 hci_cs_remote_name_req(hdev, ev->status); 1850 break; 1851 1852 case HCI_OP_READ_REMOTE_FEATURES: 1853 hci_cs_read_remote_features(hdev, ev->status); 1854 break; 1855 1856 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1857 hci_cs_read_remote_ext_features(hdev, ev->status); 1858 break; 1859 1860 case HCI_OP_SETUP_SYNC_CONN: 1861 hci_cs_setup_sync_conn(hdev, ev->status); 1862 break; 1863 1864 case HCI_OP_SNIFF_MODE: 1865 hci_cs_sniff_mode(hdev, ev->status); 1866 break; 1867 1868 case HCI_OP_EXIT_SNIFF_MODE: 1869 hci_cs_exit_sniff_mode(hdev, ev->status); 1870 break; 1871 1872 case HCI_OP_DISCONNECT: 1873 if (ev->status != 0) 1874 mgmt_disconnect_failed(hdev->id); 1875 break; 1876 1877 case HCI_OP_LE_CREATE_CONN: 1878 hci_cs_le_create_conn(hdev, ev->status); 1879 break; 1880 1881 default: 1882 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1883 break; 1884 } 1885 1886 if (ev->opcode != HCI_OP_NOP) 1887 del_timer(&hdev->cmd_timer); 1888 1889 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 1890 atomic_set(&hdev->cmd_cnt, 1); 1891 if (!skb_queue_empty(&hdev->cmd_q)) 1892 tasklet_schedule(&hdev->cmd_task); 1893 } 1894} 1895 1896static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1897{ 1898 struct hci_ev_role_change *ev = (void *) skb->data; 1899 struct hci_conn *conn; 1900 1901 BT_DBG("%s status %d", hdev->name, ev->status); 1902 1903 hci_dev_lock(hdev); 1904 1905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1906 if (conn) { 1907 if (!ev->status) { 1908 if (ev->role) 1909 conn->link_mode &= ~HCI_LM_MASTER; 1910 else 1911 conn->link_mode |= HCI_LM_MASTER; 1912 } 1913 1914 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1915 1916 hci_role_switch_cfm(conn, ev->status, ev->role); 1917 } 1918 1919 hci_dev_unlock(hdev); 1920} 1921 1922static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1923{ 1924 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1925 __le16 *ptr; 1926 int i; 1927 1928 skb_pull(skb, sizeof(*ev)); 1929 1930 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1931 1932 if (skb->len < ev->num_hndl * 4) { 1933 BT_DBG("%s bad parameters", hdev->name); 1934 return; 1935 } 1936 1937 tasklet_disable(&hdev->tx_task); 1938 1939 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1940 struct hci_conn *conn; 1941 __u16 handle, count; 1942 1943 handle = get_unaligned_le16(ptr++); 1944 count = get_unaligned_le16(ptr++); 1945 1946 conn = hci_conn_hash_lookup_handle(hdev, handle); 1947 if (conn) { 1948 conn->sent -= count; 1949 1950 if (conn->type == ACL_LINK) { 1951 hdev->acl_cnt += count; 1952 if (hdev->acl_cnt > hdev->acl_pkts) 1953 hdev->acl_cnt = hdev->acl_pkts; 1954 } else if (conn->type == LE_LINK) { 1955 if (hdev->le_pkts) { 1956 hdev->le_cnt += count; 1957 if (hdev->le_cnt > hdev->le_pkts) 1958 hdev->le_cnt = hdev->le_pkts; 1959 } else { 1960 hdev->acl_cnt += count; 1961 if (hdev->acl_cnt > hdev->acl_pkts) 1962 hdev->acl_cnt = hdev->acl_pkts; 1963 } 1964 } else { 1965 hdev->sco_cnt += count; 1966 if (hdev->sco_cnt > hdev->sco_pkts) 1967 hdev->sco_cnt = hdev->sco_pkts; 1968 } 1969 } 1970 } 1971 1972 tasklet_schedule(&hdev->tx_task); 1973 1974 tasklet_enable(&hdev->tx_task); 1975} 1976 1977static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1978{ 1979 struct hci_ev_mode_change *ev = (void *) skb->data; 1980 struct hci_conn *conn; 1981 1982 BT_DBG("%s status %d", hdev->name, ev->status); 1983 1984 hci_dev_lock(hdev); 1985 1986 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1987 if (conn) { 1988 conn->mode = ev->mode; 1989 conn->interval = __le16_to_cpu(ev->interval); 1990 1991 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 1992 if (conn->mode == HCI_CM_ACTIVE) 1993 conn->power_save = 1; 1994 else 1995 conn->power_save = 0; 1996 } 1997 1998 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1999 hci_sco_setup(conn, ev->status); 2000 } 2001 2002 hci_dev_unlock(hdev); 2003} 2004 2005static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2006{ 2007 struct hci_ev_pin_code_req *ev = (void *) skb->data; 2008 struct hci_conn *conn; 2009 2010 BT_DBG("%s", hdev->name); 2011 2012 hci_dev_lock(hdev); 2013 2014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2015 if (conn && conn->state == BT_CONNECTED) { 2016 hci_conn_hold(conn); 2017 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2018 hci_conn_put(conn); 2019 } 2020 2021 if (!test_bit(HCI_PAIRABLE, &hdev->flags)) 2022 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2023 sizeof(ev->bdaddr), &ev->bdaddr); 2024 2025 if (test_bit(HCI_MGMT, &hdev->flags)) 2026 mgmt_pin_code_request(hdev->id, &ev->bdaddr); 2027 2028 hci_dev_unlock(hdev); 2029} 2030 2031static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2032{ 2033 struct hci_ev_link_key_req *ev = (void *) skb->data; 2034 struct hci_cp_link_key_reply cp; 2035 struct hci_conn *conn; 2036 struct link_key *key; 2037 2038 BT_DBG("%s", hdev->name); 2039 2040 if (!test_bit(HCI_LINK_KEYS, &hdev->flags)) 2041 return; 2042 2043 hci_dev_lock(hdev); 2044 2045 key = hci_find_link_key(hdev, &ev->bdaddr); 2046 if (!key) { 2047 BT_DBG("%s link key not found for %s", hdev->name, 2048 batostr(&ev->bdaddr)); 2049 goto not_found; 2050 } 2051 2052 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2053 batostr(&ev->bdaddr)); 2054 2055 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && 2056 key->type == HCI_LK_DEBUG_COMBINATION) { 2057 BT_DBG("%s ignoring debug key", hdev->name); 2058 goto not_found; 2059 } 2060 2061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2062 if (conn) { 2063 if (key->type == HCI_LK_UNAUTH_COMBINATION && 2064 conn->auth_type != 0xff && 2065 (conn->auth_type & 0x01)) { 2066 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2067 goto not_found; 2068 } 2069 2070 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 && 2071 conn->pending_sec_level == BT_SECURITY_HIGH) { 2072 BT_DBG("%s ignoring key unauthenticated for high \ 2073 security", hdev->name); 2074 goto not_found; 2075 } 2076 2077 conn->key_type = key->type; 2078 conn->pin_length = key->pin_len; 2079 } 2080 2081 bacpy(&cp.bdaddr, &ev->bdaddr); 2082 memcpy(cp.link_key, key->val, 16); 2083 2084 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp); 2085 2086 hci_dev_unlock(hdev); 2087 2088 return; 2089 2090not_found: 2091 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); 2092 hci_dev_unlock(hdev); 2093} 2094 2095static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2096{ 2097 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2098 struct hci_conn *conn; 2099 u8 pin_len = 0; 2100 2101 BT_DBG("%s", hdev->name); 2102 2103 hci_dev_lock(hdev); 2104 2105 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2106 if (conn) { 2107 hci_conn_hold(conn); 2108 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2109 pin_len = conn->pin_length; 2110 2111 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 2112 conn->key_type = ev->key_type; 2113 2114 hci_conn_put(conn); 2115 } 2116 2117 if (test_bit(HCI_LINK_KEYS, &hdev->flags)) 2118 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key, 2119 ev->key_type, pin_len); 2120 2121 hci_dev_unlock(hdev); 2122} 2123 2124static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 2125{ 2126 struct hci_ev_clock_offset *ev = (void *) skb->data; 2127 struct hci_conn *conn; 2128 2129 BT_DBG("%s status %d", hdev->name, ev->status); 2130 2131 hci_dev_lock(hdev); 2132 2133 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2134 if (conn && !ev->status) { 2135 struct inquiry_entry *ie; 2136 2137 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2138 if (ie) { 2139 ie->data.clock_offset = ev->clock_offset; 2140 ie->timestamp = jiffies; 2141 } 2142 } 2143 2144 hci_dev_unlock(hdev); 2145} 2146 2147static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2148{ 2149 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 2150 struct hci_conn *conn; 2151 2152 BT_DBG("%s status %d", hdev->name, ev->status); 2153 2154 hci_dev_lock(hdev); 2155 2156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2157 if (conn && !ev->status) 2158 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 2159 2160 hci_dev_unlock(hdev); 2161} 2162 2163static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 2164{ 2165 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 2166 struct inquiry_entry *ie; 2167 2168 BT_DBG("%s", hdev->name); 2169 2170 hci_dev_lock(hdev); 2171 2172 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2173 if (ie) { 2174 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 2175 ie->timestamp = jiffies; 2176 } 2177 2178 hci_dev_unlock(hdev); 2179} 2180 2181static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 2182{ 2183 struct inquiry_data data; 2184 int num_rsp = *((__u8 *) skb->data); 2185 2186 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2187 2188 if (!num_rsp) 2189 return; 2190 2191 hci_dev_lock(hdev); 2192 2193 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) { 2194 2195 if (test_bit(HCI_MGMT, &hdev->flags)) 2196 mgmt_discovering(hdev->id, 1); 2197 } 2198 2199 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2200 struct inquiry_info_with_rssi_and_pscan_mode *info; 2201 info = (void *) (skb->data + 1); 2202 2203 for (; num_rsp; num_rsp--, info++) { 2204 bacpy(&data.bdaddr, &info->bdaddr); 2205 data.pscan_rep_mode = info->pscan_rep_mode; 2206 data.pscan_period_mode = info->pscan_period_mode; 2207 data.pscan_mode = info->pscan_mode; 2208 memcpy(data.dev_class, info->dev_class, 3); 2209 data.clock_offset = info->clock_offset; 2210 data.rssi = info->rssi; 2211 data.ssp_mode = 0x00; 2212 hci_inquiry_cache_update(hdev, &data); 2213 mgmt_device_found(hdev->id, &info->bdaddr, 2214 info->dev_class, info->rssi, 2215 NULL); 2216 } 2217 } else { 2218 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 2219 2220 for (; num_rsp; num_rsp--, info++) { 2221 bacpy(&data.bdaddr, &info->bdaddr); 2222 data.pscan_rep_mode = info->pscan_rep_mode; 2223 data.pscan_period_mode = info->pscan_period_mode; 2224 data.pscan_mode = 0x00; 2225 memcpy(data.dev_class, info->dev_class, 3); 2226 data.clock_offset = info->clock_offset; 2227 data.rssi = info->rssi; 2228 data.ssp_mode = 0x00; 2229 hci_inquiry_cache_update(hdev, &data); 2230 mgmt_device_found(hdev->id, &info->bdaddr, 2231 info->dev_class, info->rssi, 2232 NULL); 2233 } 2234 } 2235 2236 hci_dev_unlock(hdev); 2237} 2238 2239static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 2240{ 2241 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 2242 struct hci_conn *conn; 2243 2244 BT_DBG("%s", hdev->name); 2245 2246 hci_dev_lock(hdev); 2247 2248 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2249 if (!conn) 2250 goto unlock; 2251 2252 if (!ev->status && ev->page == 0x01) { 2253 struct inquiry_entry *ie; 2254 2255 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2256 if (ie) 2257 ie->data.ssp_mode = (ev->features[0] & 0x01); 2258 2259 conn->ssp_mode = (ev->features[0] & 0x01); 2260 } 2261 2262 if (conn->state != BT_CONFIG) 2263 goto unlock; 2264 2265 if (!ev->status) { 2266 struct hci_cp_remote_name_req cp; 2267 memset(&cp, 0, sizeof(cp)); 2268 bacpy(&cp.bdaddr, &conn->dst); 2269 cp.pscan_rep_mode = 0x02; 2270 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2271 } 2272 2273 if (!hci_outgoing_auth_needed(hdev, conn)) { 2274 conn->state = BT_CONNECTED; 2275 hci_proto_connect_cfm(conn, ev->status); 2276 hci_conn_put(conn); 2277 } 2278 2279unlock: 2280 hci_dev_unlock(hdev); 2281} 2282 2283static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2284{ 2285 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2286 struct hci_conn *conn; 2287 2288 BT_DBG("%s status %d", hdev->name, ev->status); 2289 2290 hci_dev_lock(hdev); 2291 2292 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 2293 if (!conn) { 2294 if (ev->link_type == ESCO_LINK) 2295 goto unlock; 2296 2297 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 2298 if (!conn) 2299 goto unlock; 2300 2301 conn->type = SCO_LINK; 2302 } 2303 2304 switch (ev->status) { 2305 case 0x00: 2306 conn->handle = __le16_to_cpu(ev->handle); 2307 conn->state = BT_CONNECTED; 2308 2309 hci_conn_hold_device(conn); 2310 hci_conn_add_sysfs(conn); 2311 break; 2312 2313 case 0x11: /* Unsupported Feature or Parameter Value */ 2314 case 0x1c: /* SCO interval rejected */ 2315 case 0x1a: /* Unsupported Remote Feature */ 2316 case 0x1f: /* Unspecified error */ 2317 if (conn->out && conn->attempt < 2) { 2318 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 2319 (hdev->esco_type & EDR_ESCO_MASK); 2320 hci_setup_sync(conn, conn->link->handle); 2321 goto unlock; 2322 } 2323 /* fall through */ 2324 2325 default: 2326 conn->state = BT_CLOSED; 2327 break; 2328 } 2329 2330 hci_proto_connect_cfm(conn, ev->status); 2331 if (ev->status) 2332 hci_conn_del(conn); 2333 2334unlock: 2335 hci_dev_unlock(hdev); 2336} 2337 2338static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 2339{ 2340 BT_DBG("%s", hdev->name); 2341} 2342 2343static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 2344{ 2345 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2346 2347 BT_DBG("%s status %d", hdev->name, ev->status); 2348} 2349 2350static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 2351{ 2352 struct inquiry_data data; 2353 struct extended_inquiry_info *info = (void *) (skb->data + 1); 2354 int num_rsp = *((__u8 *) skb->data); 2355 2356 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2357 2358 if (!num_rsp) 2359 return; 2360 2361 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) { 2362 2363 if (test_bit(HCI_MGMT, &hdev->flags)) 2364 mgmt_discovering(hdev->id, 1); 2365 } 2366 2367 hci_dev_lock(hdev); 2368 2369 for (; num_rsp; num_rsp--, info++) { 2370 bacpy(&data.bdaddr, &info->bdaddr); 2371 data.pscan_rep_mode = info->pscan_rep_mode; 2372 data.pscan_period_mode = info->pscan_period_mode; 2373 data.pscan_mode = 0x00; 2374 memcpy(data.dev_class, info->dev_class, 3); 2375 data.clock_offset = info->clock_offset; 2376 data.rssi = info->rssi; 2377 data.ssp_mode = 0x01; 2378 hci_inquiry_cache_update(hdev, &data); 2379 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 2380 info->rssi, info->data); 2381 } 2382 2383 hci_dev_unlock(hdev); 2384} 2385 2386static inline u8 hci_get_auth_req(struct hci_conn *conn) 2387{ 2388 /* If remote requests dedicated bonding follow that lead */ 2389 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) { 2390 /* If both remote and local IO capabilities allow MITM 2391 * protection then require it, otherwise don't */ 2392 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03) 2393 return 0x02; 2394 else 2395 return 0x03; 2396 } 2397 2398 /* If remote requests no-bonding follow that lead */ 2399 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01) 2400 return 0x00; 2401 2402 return conn->auth_type; 2403} 2404 2405static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2406{ 2407 struct hci_ev_io_capa_request *ev = (void *) skb->data; 2408 struct hci_conn *conn; 2409 2410 BT_DBG("%s", hdev->name); 2411 2412 hci_dev_lock(hdev); 2413 2414 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2415 if (!conn) 2416 goto unlock; 2417 2418 hci_conn_hold(conn); 2419 2420 if (!test_bit(HCI_MGMT, &hdev->flags)) 2421 goto unlock; 2422 2423 if (test_bit(HCI_PAIRABLE, &hdev->flags) || 2424 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 2425 struct hci_cp_io_capability_reply cp; 2426 2427 bacpy(&cp.bdaddr, &ev->bdaddr); 2428 cp.capability = conn->io_capability; 2429 cp.authentication = hci_get_auth_req(conn); 2430 2431 if ((conn->out == 0x01 || conn->remote_oob == 0x01) && 2432 hci_find_remote_oob_data(hdev, &conn->dst)) 2433 cp.oob_data = 0x01; 2434 else 2435 cp.oob_data = 0x00; 2436 2437 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY, 2438 sizeof(cp), &cp); 2439 } else { 2440 struct hci_cp_io_capability_neg_reply cp; 2441 2442 bacpy(&cp.bdaddr, &ev->bdaddr); 2443 cp.reason = 0x16; /* Pairing not allowed */ 2444 2445 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 2446 sizeof(cp), &cp); 2447 } 2448 2449unlock: 2450 hci_dev_unlock(hdev); 2451} 2452 2453static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb) 2454{ 2455 struct hci_ev_io_capa_reply *ev = (void *) skb->data; 2456 struct hci_conn *conn; 2457 2458 BT_DBG("%s", hdev->name); 2459 2460 hci_dev_lock(hdev); 2461 2462 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2463 if (!conn) 2464 goto unlock; 2465 2466 conn->remote_cap = ev->capability; 2467 conn->remote_oob = ev->oob_data; 2468 conn->remote_auth = ev->authentication; 2469 2470unlock: 2471 hci_dev_unlock(hdev); 2472} 2473 2474static inline void hci_user_confirm_request_evt(struct hci_dev *hdev, 2475 struct sk_buff *skb) 2476{ 2477 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 2478 2479 BT_DBG("%s", hdev->name); 2480 2481 hci_dev_lock(hdev); 2482 2483 if (test_bit(HCI_MGMT, &hdev->flags)) 2484 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey); 2485 2486 hci_dev_unlock(hdev); 2487} 2488 2489static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2490{ 2491 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 2492 struct hci_conn *conn; 2493 2494 BT_DBG("%s", hdev->name); 2495 2496 hci_dev_lock(hdev); 2497 2498 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2499 if (!conn) 2500 goto unlock; 2501 2502 /* To avoid duplicate auth_failed events to user space we check 2503 * the HCI_CONN_AUTH_PEND flag which will be set if we 2504 * initiated the authentication. A traditional auth_complete 2505 * event gets always produced as initiator and is also mapped to 2506 * the mgmt_auth_failed event */ 2507 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0) 2508 mgmt_auth_failed(hdev->id, &conn->dst, ev->status); 2509 2510 hci_conn_put(conn); 2511 2512unlock: 2513 hci_dev_unlock(hdev); 2514} 2515 2516static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 2517{ 2518 struct hci_ev_remote_host_features *ev = (void *) skb->data; 2519 struct inquiry_entry *ie; 2520 2521 BT_DBG("%s", hdev->name); 2522 2523 hci_dev_lock(hdev); 2524 2525 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2526 if (ie) 2527 ie->data.ssp_mode = (ev->features[0] & 0x01); 2528 2529 hci_dev_unlock(hdev); 2530} 2531 2532static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev, 2533 struct sk_buff *skb) 2534{ 2535 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data; 2536 struct oob_data *data; 2537 2538 BT_DBG("%s", hdev->name); 2539 2540 hci_dev_lock(hdev); 2541 2542 if (!test_bit(HCI_MGMT, &hdev->flags)) 2543 goto unlock; 2544 2545 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 2546 if (data) { 2547 struct hci_cp_remote_oob_data_reply cp; 2548 2549 bacpy(&cp.bdaddr, &ev->bdaddr); 2550 memcpy(cp.hash, data->hash, sizeof(cp.hash)); 2551 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); 2552 2553 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp), 2554 &cp); 2555 } else { 2556 struct hci_cp_remote_oob_data_neg_reply cp; 2557 2558 bacpy(&cp.bdaddr, &ev->bdaddr); 2559 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp), 2560 &cp); 2561 } 2562 2563unlock: 2564 hci_dev_unlock(hdev); 2565} 2566 2567static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2568{ 2569 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 2570 struct hci_conn *conn; 2571 2572 BT_DBG("%s status %d", hdev->name, ev->status); 2573 2574 hci_dev_lock(hdev); 2575 2576 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr); 2577 if (!conn) { 2578 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr); 2579 if (!conn) { 2580 BT_ERR("No memory for new connection"); 2581 hci_dev_unlock(hdev); 2582 return; 2583 } 2584 } 2585 2586 if (ev->status) { 2587 hci_proto_connect_cfm(conn, ev->status); 2588 conn->state = BT_CLOSED; 2589 hci_conn_del(conn); 2590 goto unlock; 2591 } 2592 2593 conn->handle = __le16_to_cpu(ev->handle); 2594 conn->state = BT_CONNECTED; 2595 2596 hci_conn_hold_device(conn); 2597 hci_conn_add_sysfs(conn); 2598 2599 hci_proto_connect_cfm(conn, ev->status); 2600 2601unlock: 2602 hci_dev_unlock(hdev); 2603} 2604 2605static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) 2606{ 2607 struct hci_ev_le_meta *le_ev = (void *) skb->data; 2608 2609 skb_pull(skb, sizeof(*le_ev)); 2610 2611 switch (le_ev->subevent) { 2612 case HCI_EV_LE_CONN_COMPLETE: 2613 hci_le_conn_complete_evt(hdev, skb); 2614 break; 2615 2616 default: 2617 break; 2618 } 2619} 2620 2621void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 2622{ 2623 struct hci_event_hdr *hdr = (void *) skb->data; 2624 __u8 event = hdr->evt; 2625 2626 skb_pull(skb, HCI_EVENT_HDR_SIZE); 2627 2628 switch (event) { 2629 case HCI_EV_INQUIRY_COMPLETE: 2630 hci_inquiry_complete_evt(hdev, skb); 2631 break; 2632 2633 case HCI_EV_INQUIRY_RESULT: 2634 hci_inquiry_result_evt(hdev, skb); 2635 break; 2636 2637 case HCI_EV_CONN_COMPLETE: 2638 hci_conn_complete_evt(hdev, skb); 2639 break; 2640 2641 case HCI_EV_CONN_REQUEST: 2642 hci_conn_request_evt(hdev, skb); 2643 break; 2644 2645 case HCI_EV_DISCONN_COMPLETE: 2646 hci_disconn_complete_evt(hdev, skb); 2647 break; 2648 2649 case HCI_EV_AUTH_COMPLETE: 2650 hci_auth_complete_evt(hdev, skb); 2651 break; 2652 2653 case HCI_EV_REMOTE_NAME: 2654 hci_remote_name_evt(hdev, skb); 2655 break; 2656 2657 case HCI_EV_ENCRYPT_CHANGE: 2658 hci_encrypt_change_evt(hdev, skb); 2659 break; 2660 2661 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 2662 hci_change_link_key_complete_evt(hdev, skb); 2663 break; 2664 2665 case HCI_EV_REMOTE_FEATURES: 2666 hci_remote_features_evt(hdev, skb); 2667 break; 2668 2669 case HCI_EV_REMOTE_VERSION: 2670 hci_remote_version_evt(hdev, skb); 2671 break; 2672 2673 case HCI_EV_QOS_SETUP_COMPLETE: 2674 hci_qos_setup_complete_evt(hdev, skb); 2675 break; 2676 2677 case HCI_EV_CMD_COMPLETE: 2678 hci_cmd_complete_evt(hdev, skb); 2679 break; 2680 2681 case HCI_EV_CMD_STATUS: 2682 hci_cmd_status_evt(hdev, skb); 2683 break; 2684 2685 case HCI_EV_ROLE_CHANGE: 2686 hci_role_change_evt(hdev, skb); 2687 break; 2688 2689 case HCI_EV_NUM_COMP_PKTS: 2690 hci_num_comp_pkts_evt(hdev, skb); 2691 break; 2692 2693 case HCI_EV_MODE_CHANGE: 2694 hci_mode_change_evt(hdev, skb); 2695 break; 2696 2697 case HCI_EV_PIN_CODE_REQ: 2698 hci_pin_code_request_evt(hdev, skb); 2699 break; 2700 2701 case HCI_EV_LINK_KEY_REQ: 2702 hci_link_key_request_evt(hdev, skb); 2703 break; 2704 2705 case HCI_EV_LINK_KEY_NOTIFY: 2706 hci_link_key_notify_evt(hdev, skb); 2707 break; 2708 2709 case HCI_EV_CLOCK_OFFSET: 2710 hci_clock_offset_evt(hdev, skb); 2711 break; 2712 2713 case HCI_EV_PKT_TYPE_CHANGE: 2714 hci_pkt_type_change_evt(hdev, skb); 2715 break; 2716 2717 case HCI_EV_PSCAN_REP_MODE: 2718 hci_pscan_rep_mode_evt(hdev, skb); 2719 break; 2720 2721 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 2722 hci_inquiry_result_with_rssi_evt(hdev, skb); 2723 break; 2724 2725 case HCI_EV_REMOTE_EXT_FEATURES: 2726 hci_remote_ext_features_evt(hdev, skb); 2727 break; 2728 2729 case HCI_EV_SYNC_CONN_COMPLETE: 2730 hci_sync_conn_complete_evt(hdev, skb); 2731 break; 2732 2733 case HCI_EV_SYNC_CONN_CHANGED: 2734 hci_sync_conn_changed_evt(hdev, skb); 2735 break; 2736 2737 case HCI_EV_SNIFF_SUBRATE: 2738 hci_sniff_subrate_evt(hdev, skb); 2739 break; 2740 2741 case HCI_EV_EXTENDED_INQUIRY_RESULT: 2742 hci_extended_inquiry_result_evt(hdev, skb); 2743 break; 2744 2745 case HCI_EV_IO_CAPA_REQUEST: 2746 hci_io_capa_request_evt(hdev, skb); 2747 break; 2748 2749 case HCI_EV_IO_CAPA_REPLY: 2750 hci_io_capa_reply_evt(hdev, skb); 2751 break; 2752 2753 case HCI_EV_USER_CONFIRM_REQUEST: 2754 hci_user_confirm_request_evt(hdev, skb); 2755 break; 2756 2757 case HCI_EV_SIMPLE_PAIR_COMPLETE: 2758 hci_simple_pair_complete_evt(hdev, skb); 2759 break; 2760 2761 case HCI_EV_REMOTE_HOST_FEATURES: 2762 hci_remote_host_features_evt(hdev, skb); 2763 break; 2764 2765 case HCI_EV_LE_META: 2766 hci_le_meta_evt(hdev, skb); 2767 break; 2768 2769 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 2770 hci_remote_oob_data_request_evt(hdev, skb); 2771 break; 2772 2773 default: 2774 BT_DBG("%s event 0x%x", hdev->name, event); 2775 break; 2776 } 2777 2778 kfree_skb(skb); 2779 hdev->stat.evt_rx++; 2780} 2781 2782/* Generate internal stack event */ 2783void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 2784{ 2785 struct hci_event_hdr *hdr; 2786 struct hci_ev_stack_internal *ev; 2787 struct sk_buff *skb; 2788 2789 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 2790 if (!skb) 2791 return; 2792 2793 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 2794 hdr->evt = HCI_EV_STACK_INTERNAL; 2795 hdr->plen = sizeof(*ev) + dlen; 2796 2797 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 2798 ev->type = type; 2799 memcpy(ev->data, data, dlen); 2800 2801 bt_cb(skb)->incoming = 1; 2802 __net_timestamp(skb); 2803 2804 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 2805 skb->dev = (void *) hdev; 2806 hci_send_to_sock(hdev, skb, NULL); 2807 kfree_skb(skb); 2808} 2809