hci_event.c revision f7520543ab40341edbc2aeee7fef68218be19a0a
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI event handling. */ 26 27#include <linux/module.h> 28 29#include <linux/types.h> 30#include <linux/errno.h> 31#include <linux/kernel.h> 32#include <linux/slab.h> 33#include <linux/poll.h> 34#include <linux/fcntl.h> 35#include <linux/init.h> 36#include <linux/skbuff.h> 37#include <linux/interrupt.h> 38#include <linux/notifier.h> 39#include <net/sock.h> 40 41#include <asm/system.h> 42#include <linux/uaccess.h> 43#include <asm/unaligned.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47 48/* Handle HCI Event packets */ 49 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 51{ 52 __u8 status = *((__u8 *) skb->data); 53 54 BT_DBG("%s status 0x%x", hdev->name, status); 55 56 if (status) 57 return; 58 59 clear_bit(HCI_INQUIRY, &hdev->flags); 60 61 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 62 63 hci_conn_check_pending(hdev); 64} 65 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 67{ 68 __u8 status = *((__u8 *) skb->data); 69 70 BT_DBG("%s status 0x%x", hdev->name, status); 71 72 if (status) 73 return; 74 75 clear_bit(HCI_INQUIRY, &hdev->flags); 76 77 hci_conn_check_pending(hdev); 78} 79 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 81{ 82 BT_DBG("%s", hdev->name); 83} 84 85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 86{ 87 struct hci_rp_role_discovery *rp = (void *) skb->data; 88 struct hci_conn *conn; 89 90 BT_DBG("%s status 0x%x", hdev->name, rp->status); 91 92 if (rp->status) 93 return; 94 95 hci_dev_lock(hdev); 96 97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 98 if (conn) { 99 if (rp->role) 100 conn->link_mode &= ~HCI_LM_MASTER; 101 else 102 conn->link_mode |= HCI_LM_MASTER; 103 } 104 105 hci_dev_unlock(hdev); 106} 107 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 109{ 110 struct hci_rp_read_link_policy *rp = (void *) skb->data; 111 struct hci_conn *conn; 112 113 BT_DBG("%s status 0x%x", hdev->name, rp->status); 114 115 if (rp->status) 116 return; 117 118 hci_dev_lock(hdev); 119 120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 121 if (conn) 122 conn->link_policy = __le16_to_cpu(rp->policy); 123 124 hci_dev_unlock(hdev); 125} 126 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 128{ 129 struct hci_rp_write_link_policy *rp = (void *) skb->data; 130 struct hci_conn *conn; 131 void *sent; 132 133 BT_DBG("%s status 0x%x", hdev->name, rp->status); 134 135 if (rp->status) 136 return; 137 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 139 if (!sent) 140 return; 141 142 hci_dev_lock(hdev); 143 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 145 if (conn) 146 conn->link_policy = get_unaligned_le16(sent + 2); 147 148 hci_dev_unlock(hdev); 149} 150 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 152{ 153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 154 155 BT_DBG("%s status 0x%x", hdev->name, rp->status); 156 157 if (rp->status) 158 return; 159 160 hdev->link_policy = __le16_to_cpu(rp->policy); 161} 162 163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 164{ 165 __u8 status = *((__u8 *) skb->data); 166 void *sent; 167 168 BT_DBG("%s status 0x%x", hdev->name, status); 169 170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 171 if (!sent) 172 return; 173 174 if (!status) 175 hdev->link_policy = get_unaligned_le16(sent); 176 177 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status); 178} 179 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 181{ 182 __u8 status = *((__u8 *) skb->data); 183 184 BT_DBG("%s status 0x%x", hdev->name, status); 185 186 hci_req_complete(hdev, HCI_OP_RESET, status); 187} 188 189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 190{ 191 __u8 status = *((__u8 *) skb->data); 192 void *sent; 193 194 BT_DBG("%s status 0x%x", hdev->name, status); 195 196 if (status) 197 return; 198 199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 200 if (!sent) 201 return; 202 203 memcpy(hdev->dev_name, sent, 248); 204} 205 206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 207{ 208 struct hci_rp_read_local_name *rp = (void *) skb->data; 209 210 BT_DBG("%s status 0x%x", hdev->name, rp->status); 211 212 if (rp->status) 213 return; 214 215 memcpy(hdev->dev_name, rp->name, 248); 216} 217 218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 219{ 220 __u8 status = *((__u8 *) skb->data); 221 void *sent; 222 223 BT_DBG("%s status 0x%x", hdev->name, status); 224 225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 226 if (!sent) 227 return; 228 229 if (!status) { 230 __u8 param = *((__u8 *) sent); 231 232 if (param == AUTH_ENABLED) 233 set_bit(HCI_AUTH, &hdev->flags); 234 else 235 clear_bit(HCI_AUTH, &hdev->flags); 236 } 237 238 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status); 239} 240 241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 242{ 243 __u8 status = *((__u8 *) skb->data); 244 void *sent; 245 246 BT_DBG("%s status 0x%x", hdev->name, status); 247 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 249 if (!sent) 250 return; 251 252 if (!status) { 253 __u8 param = *((__u8 *) sent); 254 255 if (param) 256 set_bit(HCI_ENCRYPT, &hdev->flags); 257 else 258 clear_bit(HCI_ENCRYPT, &hdev->flags); 259 } 260 261 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status); 262} 263 264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 265{ 266 __u8 status = *((__u8 *) skb->data); 267 void *sent; 268 269 BT_DBG("%s status 0x%x", hdev->name, status); 270 271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 272 if (!sent) 273 return; 274 275 if (!status) { 276 __u8 param = *((__u8 *) sent); 277 int old_pscan, old_iscan; 278 279 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 280 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 281 282 if (param & SCAN_INQUIRY) { 283 set_bit(HCI_ISCAN, &hdev->flags); 284 if (!old_iscan) 285 mgmt_discoverable(hdev->id, 1); 286 } else if (old_iscan) 287 mgmt_discoverable(hdev->id, 0); 288 289 if (param & SCAN_PAGE) { 290 set_bit(HCI_PSCAN, &hdev->flags); 291 if (!old_pscan) 292 mgmt_connectable(hdev->id, 1); 293 } else if (old_pscan) 294 mgmt_connectable(hdev->id, 0); 295 } 296 297 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status); 298} 299 300static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 301{ 302 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 303 304 BT_DBG("%s status 0x%x", hdev->name, rp->status); 305 306 if (rp->status) 307 return; 308 309 memcpy(hdev->dev_class, rp->dev_class, 3); 310 311 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 312 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 313} 314 315static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 316{ 317 __u8 status = *((__u8 *) skb->data); 318 void *sent; 319 320 BT_DBG("%s status 0x%x", hdev->name, status); 321 322 if (status) 323 return; 324 325 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 326 if (!sent) 327 return; 328 329 memcpy(hdev->dev_class, sent, 3); 330} 331 332static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 333{ 334 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 335 __u16 setting; 336 337 BT_DBG("%s status 0x%x", hdev->name, rp->status); 338 339 if (rp->status) 340 return; 341 342 setting = __le16_to_cpu(rp->voice_setting); 343 344 if (hdev->voice_setting == setting) 345 return; 346 347 hdev->voice_setting = setting; 348 349 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 350 351 if (hdev->notify) { 352 tasklet_disable(&hdev->tx_task); 353 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 354 tasklet_enable(&hdev->tx_task); 355 } 356} 357 358static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 359{ 360 __u8 status = *((__u8 *) skb->data); 361 __u16 setting; 362 void *sent; 363 364 BT_DBG("%s status 0x%x", hdev->name, status); 365 366 if (status) 367 return; 368 369 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 370 if (!sent) 371 return; 372 373 setting = get_unaligned_le16(sent); 374 375 if (hdev->voice_setting == setting) 376 return; 377 378 hdev->voice_setting = setting; 379 380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 381 382 if (hdev->notify) { 383 tasklet_disable(&hdev->tx_task); 384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 385 tasklet_enable(&hdev->tx_task); 386 } 387} 388 389static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 390{ 391 __u8 status = *((__u8 *) skb->data); 392 393 BT_DBG("%s status 0x%x", hdev->name, status); 394 395 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 396} 397 398static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 399{ 400 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 401 402 BT_DBG("%s status 0x%x", hdev->name, rp->status); 403 404 if (rp->status) 405 return; 406 407 hdev->ssp_mode = rp->mode; 408} 409 410static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 411{ 412 __u8 status = *((__u8 *) skb->data); 413 void *sent; 414 415 BT_DBG("%s status 0x%x", hdev->name, status); 416 417 if (status) 418 return; 419 420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 421 if (!sent) 422 return; 423 424 hdev->ssp_mode = *((__u8 *) sent); 425} 426 427static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 428{ 429 if (hdev->features[6] & LMP_EXT_INQ) 430 return 2; 431 432 if (hdev->features[3] & LMP_RSSI_INQ) 433 return 1; 434 435 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 436 hdev->lmp_subver == 0x0757) 437 return 1; 438 439 if (hdev->manufacturer == 15) { 440 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963) 441 return 1; 442 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963) 443 return 1; 444 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965) 445 return 1; 446 } 447 448 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 && 449 hdev->lmp_subver == 0x1805) 450 return 1; 451 452 return 0; 453} 454 455static void hci_setup_inquiry_mode(struct hci_dev *hdev) 456{ 457 u8 mode; 458 459 mode = hci_get_inquiry_mode(hdev); 460 461 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode); 462} 463 464static void hci_setup_event_mask(struct hci_dev *hdev) 465{ 466 /* The second byte is 0xff instead of 0x9f (two reserved bits 467 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 468 * command otherwise */ 469 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 470 471 /* Events for 1.2 and newer controllers */ 472 if (hdev->lmp_ver > 1) { 473 events[4] |= 0x01; /* Flow Specification Complete */ 474 events[4] |= 0x02; /* Inquiry Result with RSSI */ 475 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 476 events[5] |= 0x08; /* Synchronous Connection Complete */ 477 events[5] |= 0x10; /* Synchronous Connection Changed */ 478 } 479 480 if (hdev->features[3] & LMP_RSSI_INQ) 481 events[4] |= 0x04; /* Inquiry Result with RSSI */ 482 483 if (hdev->features[5] & LMP_SNIFF_SUBR) 484 events[5] |= 0x20; /* Sniff Subrating */ 485 486 if (hdev->features[5] & LMP_PAUSE_ENC) 487 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 488 489 if (hdev->features[6] & LMP_EXT_INQ) 490 events[5] |= 0x40; /* Extended Inquiry Result */ 491 492 if (hdev->features[6] & LMP_NO_FLUSH) 493 events[7] |= 0x01; /* Enhanced Flush Complete */ 494 495 if (hdev->features[7] & LMP_LSTO) 496 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 497 498 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 499 events[6] |= 0x01; /* IO Capability Request */ 500 events[6] |= 0x02; /* IO Capability Response */ 501 events[6] |= 0x04; /* User Confirmation Request */ 502 events[6] |= 0x08; /* User Passkey Request */ 503 events[6] |= 0x10; /* Remote OOB Data Request */ 504 events[6] |= 0x20; /* Simple Pairing Complete */ 505 events[7] |= 0x04; /* User Passkey Notification */ 506 events[7] |= 0x08; /* Keypress Notification */ 507 events[7] |= 0x10; /* Remote Host Supported 508 * Features Notification */ 509 } 510 511 if (hdev->features[4] & LMP_LE) 512 events[7] |= 0x20; /* LE Meta-Event */ 513 514 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 515} 516 517static void hci_setup(struct hci_dev *hdev) 518{ 519 hci_setup_event_mask(hdev); 520 521 if (hdev->lmp_ver > 1) 522 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 523 524 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 525 u8 mode = 0x01; 526 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 527 } 528 529 if (hdev->features[3] & LMP_RSSI_INQ) 530 hci_setup_inquiry_mode(hdev); 531 532 if (hdev->features[7] & LMP_INQ_TX_PWR) 533 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 534} 535 536static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 537{ 538 struct hci_rp_read_local_version *rp = (void *) skb->data; 539 540 BT_DBG("%s status 0x%x", hdev->name, rp->status); 541 542 if (rp->status) 543 return; 544 545 hdev->hci_ver = rp->hci_ver; 546 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 547 hdev->lmp_ver = rp->lmp_ver; 548 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 549 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 550 551 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 552 hdev->manufacturer, 553 hdev->hci_ver, hdev->hci_rev); 554 555 if (test_bit(HCI_INIT, &hdev->flags)) 556 hci_setup(hdev); 557} 558 559static void hci_setup_link_policy(struct hci_dev *hdev) 560{ 561 u16 link_policy = 0; 562 563 if (hdev->features[0] & LMP_RSWITCH) 564 link_policy |= HCI_LP_RSWITCH; 565 if (hdev->features[0] & LMP_HOLD) 566 link_policy |= HCI_LP_HOLD; 567 if (hdev->features[0] & LMP_SNIFF) 568 link_policy |= HCI_LP_SNIFF; 569 if (hdev->features[1] & LMP_PARK) 570 link_policy |= HCI_LP_PARK; 571 572 link_policy = cpu_to_le16(link_policy); 573 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 574 sizeof(link_policy), &link_policy); 575} 576 577static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 578{ 579 struct hci_rp_read_local_commands *rp = (void *) skb->data; 580 581 BT_DBG("%s status 0x%x", hdev->name, rp->status); 582 583 if (rp->status) 584 goto done; 585 586 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 587 588 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10)) 589 hci_setup_link_policy(hdev); 590 591done: 592 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status); 593} 594 595static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 596{ 597 struct hci_rp_read_local_features *rp = (void *) skb->data; 598 599 BT_DBG("%s status 0x%x", hdev->name, rp->status); 600 601 if (rp->status) 602 return; 603 604 memcpy(hdev->features, rp->features, 8); 605 606 /* Adjust default settings according to features 607 * supported by device. */ 608 609 if (hdev->features[0] & LMP_3SLOT) 610 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 611 612 if (hdev->features[0] & LMP_5SLOT) 613 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 614 615 if (hdev->features[1] & LMP_HV2) { 616 hdev->pkt_type |= (HCI_HV2); 617 hdev->esco_type |= (ESCO_HV2); 618 } 619 620 if (hdev->features[1] & LMP_HV3) { 621 hdev->pkt_type |= (HCI_HV3); 622 hdev->esco_type |= (ESCO_HV3); 623 } 624 625 if (hdev->features[3] & LMP_ESCO) 626 hdev->esco_type |= (ESCO_EV3); 627 628 if (hdev->features[4] & LMP_EV4) 629 hdev->esco_type |= (ESCO_EV4); 630 631 if (hdev->features[4] & LMP_EV5) 632 hdev->esco_type |= (ESCO_EV5); 633 634 if (hdev->features[5] & LMP_EDR_ESCO_2M) 635 hdev->esco_type |= (ESCO_2EV3); 636 637 if (hdev->features[5] & LMP_EDR_ESCO_3M) 638 hdev->esco_type |= (ESCO_3EV3); 639 640 if (hdev->features[5] & LMP_EDR_3S_ESCO) 641 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 642 643 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 644 hdev->features[0], hdev->features[1], 645 hdev->features[2], hdev->features[3], 646 hdev->features[4], hdev->features[5], 647 hdev->features[6], hdev->features[7]); 648} 649 650static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 651{ 652 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 653 654 BT_DBG("%s status 0x%x", hdev->name, rp->status); 655 656 if (rp->status) 657 return; 658 659 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 660 hdev->sco_mtu = rp->sco_mtu; 661 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 662 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 663 664 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 665 hdev->sco_mtu = 64; 666 hdev->sco_pkts = 8; 667 } 668 669 hdev->acl_cnt = hdev->acl_pkts; 670 hdev->sco_cnt = hdev->sco_pkts; 671 672 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 673 hdev->acl_mtu, hdev->acl_pkts, 674 hdev->sco_mtu, hdev->sco_pkts); 675} 676 677static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 678{ 679 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 680 681 BT_DBG("%s status 0x%x", hdev->name, rp->status); 682 683 if (!rp->status) 684 bacpy(&hdev->bdaddr, &rp->bdaddr); 685 686 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status); 687} 688 689static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb) 690{ 691 __u8 status = *((__u8 *) skb->data); 692 693 BT_DBG("%s status 0x%x", hdev->name, status); 694 695 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 696} 697 698static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 699 struct sk_buff *skb) 700{ 701 __u8 status = *((__u8 *) skb->data); 702 703 BT_DBG("%s status 0x%x", hdev->name, status); 704 705 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status); 706} 707 708static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb) 709{ 710 __u8 status = *((__u8 *) skb->data); 711 712 BT_DBG("%s status 0x%x", hdev->name, status); 713 714 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status); 715} 716 717static void hci_cc_write_inquiry_mode(struct hci_dev *hdev, 718 struct sk_buff *skb) 719{ 720 __u8 status = *((__u8 *) skb->data); 721 722 BT_DBG("%s status 0x%x", hdev->name, status); 723 724 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status); 725} 726 727static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev, 728 struct sk_buff *skb) 729{ 730 __u8 status = *((__u8 *) skb->data); 731 732 BT_DBG("%s status 0x%x", hdev->name, status); 733 734 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status); 735} 736 737static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb) 738{ 739 __u8 status = *((__u8 *) skb->data); 740 741 BT_DBG("%s status 0x%x", hdev->name, status); 742 743 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status); 744} 745 746static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 747{ 748 BT_DBG("%s status 0x%x", hdev->name, status); 749 750 if (status) { 751 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 752 753 hci_conn_check_pending(hdev); 754 } else 755 set_bit(HCI_INQUIRY, &hdev->flags); 756} 757 758static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 759{ 760 struct hci_cp_create_conn *cp; 761 struct hci_conn *conn; 762 763 BT_DBG("%s status 0x%x", hdev->name, status); 764 765 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 766 if (!cp) 767 return; 768 769 hci_dev_lock(hdev); 770 771 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 772 773 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 774 775 if (status) { 776 if (conn && conn->state == BT_CONNECT) { 777 if (status != 0x0c || conn->attempt > 2) { 778 conn->state = BT_CLOSED; 779 hci_proto_connect_cfm(conn, status); 780 hci_conn_del(conn); 781 } else 782 conn->state = BT_CONNECT2; 783 } 784 } else { 785 if (!conn) { 786 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 787 if (conn) { 788 conn->out = 1; 789 conn->link_mode |= HCI_LM_MASTER; 790 } else 791 BT_ERR("No memory for new connection"); 792 } 793 } 794 795 hci_dev_unlock(hdev); 796} 797 798static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 799{ 800 struct hci_cp_add_sco *cp; 801 struct hci_conn *acl, *sco; 802 __u16 handle; 803 804 BT_DBG("%s status 0x%x", hdev->name, status); 805 806 if (!status) 807 return; 808 809 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 810 if (!cp) 811 return; 812 813 handle = __le16_to_cpu(cp->handle); 814 815 BT_DBG("%s handle %d", hdev->name, handle); 816 817 hci_dev_lock(hdev); 818 819 acl = hci_conn_hash_lookup_handle(hdev, handle); 820 if (acl && (sco = acl->link)) { 821 sco->state = BT_CLOSED; 822 823 hci_proto_connect_cfm(sco, status); 824 hci_conn_del(sco); 825 } 826 827 hci_dev_unlock(hdev); 828} 829 830static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 831{ 832 struct hci_cp_auth_requested *cp; 833 struct hci_conn *conn; 834 835 BT_DBG("%s status 0x%x", hdev->name, status); 836 837 if (!status) 838 return; 839 840 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 841 if (!cp) 842 return; 843 844 hci_dev_lock(hdev); 845 846 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 847 if (conn) { 848 if (conn->state == BT_CONFIG) { 849 hci_proto_connect_cfm(conn, status); 850 hci_conn_put(conn); 851 } 852 } 853 854 hci_dev_unlock(hdev); 855} 856 857static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 858{ 859 struct hci_cp_set_conn_encrypt *cp; 860 struct hci_conn *conn; 861 862 BT_DBG("%s status 0x%x", hdev->name, status); 863 864 if (!status) 865 return; 866 867 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 868 if (!cp) 869 return; 870 871 hci_dev_lock(hdev); 872 873 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 874 if (conn) { 875 if (conn->state == BT_CONFIG) { 876 hci_proto_connect_cfm(conn, status); 877 hci_conn_put(conn); 878 } 879 } 880 881 hci_dev_unlock(hdev); 882} 883 884static int hci_outgoing_auth_needed(struct hci_dev *hdev, 885 struct hci_conn *conn) 886{ 887 if (conn->state != BT_CONFIG || !conn->out) 888 return 0; 889 890 if (conn->pending_sec_level == BT_SECURITY_SDP) 891 return 0; 892 893 /* Only request authentication for SSP connections or non-SSP 894 * devices with sec_level HIGH */ 895 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 896 conn->pending_sec_level != BT_SECURITY_HIGH) 897 return 0; 898 899 return 1; 900} 901 902static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 903{ 904 struct hci_cp_remote_name_req *cp; 905 struct hci_conn *conn; 906 907 BT_DBG("%s status 0x%x", hdev->name, status); 908 909 /* If successful wait for the name req complete event before 910 * checking for the need to do authentication */ 911 if (!status) 912 return; 913 914 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ); 915 if (!cp) 916 return; 917 918 hci_dev_lock(hdev); 919 920 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 921 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 922 struct hci_cp_auth_requested cp; 923 cp.handle = __cpu_to_le16(conn->handle); 924 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 925 } 926 927 hci_dev_unlock(hdev); 928} 929 930static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 931{ 932 struct hci_cp_read_remote_features *cp; 933 struct hci_conn *conn; 934 935 BT_DBG("%s status 0x%x", hdev->name, status); 936 937 if (!status) 938 return; 939 940 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 941 if (!cp) 942 return; 943 944 hci_dev_lock(hdev); 945 946 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 947 if (conn) { 948 if (conn->state == BT_CONFIG) { 949 hci_proto_connect_cfm(conn, status); 950 hci_conn_put(conn); 951 } 952 } 953 954 hci_dev_unlock(hdev); 955} 956 957static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 958{ 959 struct hci_cp_read_remote_ext_features *cp; 960 struct hci_conn *conn; 961 962 BT_DBG("%s status 0x%x", hdev->name, status); 963 964 if (!status) 965 return; 966 967 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 968 if (!cp) 969 return; 970 971 hci_dev_lock(hdev); 972 973 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 974 if (conn) { 975 if (conn->state == BT_CONFIG) { 976 hci_proto_connect_cfm(conn, status); 977 hci_conn_put(conn); 978 } 979 } 980 981 hci_dev_unlock(hdev); 982} 983 984static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 985{ 986 struct hci_cp_setup_sync_conn *cp; 987 struct hci_conn *acl, *sco; 988 __u16 handle; 989 990 BT_DBG("%s status 0x%x", hdev->name, status); 991 992 if (!status) 993 return; 994 995 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 996 if (!cp) 997 return; 998 999 handle = __le16_to_cpu(cp->handle); 1000 1001 BT_DBG("%s handle %d", hdev->name, handle); 1002 1003 hci_dev_lock(hdev); 1004 1005 acl = hci_conn_hash_lookup_handle(hdev, handle); 1006 if (acl && (sco = acl->link)) { 1007 sco->state = BT_CLOSED; 1008 1009 hci_proto_connect_cfm(sco, status); 1010 hci_conn_del(sco); 1011 } 1012 1013 hci_dev_unlock(hdev); 1014} 1015 1016static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 1017{ 1018 struct hci_cp_sniff_mode *cp; 1019 struct hci_conn *conn; 1020 1021 BT_DBG("%s status 0x%x", hdev->name, status); 1022 1023 if (!status) 1024 return; 1025 1026 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 1027 if (!cp) 1028 return; 1029 1030 hci_dev_lock(hdev); 1031 1032 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1033 if (conn) { 1034 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1035 1036 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1037 hci_sco_setup(conn, status); 1038 } 1039 1040 hci_dev_unlock(hdev); 1041} 1042 1043static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 1044{ 1045 struct hci_cp_exit_sniff_mode *cp; 1046 struct hci_conn *conn; 1047 1048 BT_DBG("%s status 0x%x", hdev->name, status); 1049 1050 if (!status) 1051 return; 1052 1053 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 1054 if (!cp) 1055 return; 1056 1057 hci_dev_lock(hdev); 1058 1059 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1060 if (conn) { 1061 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1062 1063 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1064 hci_sco_setup(conn, status); 1065 } 1066 1067 hci_dev_unlock(hdev); 1068} 1069 1070static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1071{ 1072 __u8 status = *((__u8 *) skb->data); 1073 1074 BT_DBG("%s status %d", hdev->name, status); 1075 1076 clear_bit(HCI_INQUIRY, &hdev->flags); 1077 1078 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1079 1080 hci_conn_check_pending(hdev); 1081} 1082 1083static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1084{ 1085 struct inquiry_data data; 1086 struct inquiry_info *info = (void *) (skb->data + 1); 1087 int num_rsp = *((__u8 *) skb->data); 1088 1089 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1090 1091 if (!num_rsp) 1092 return; 1093 1094 hci_dev_lock(hdev); 1095 1096 for (; num_rsp; num_rsp--) { 1097 bacpy(&data.bdaddr, &info->bdaddr); 1098 data.pscan_rep_mode = info->pscan_rep_mode; 1099 data.pscan_period_mode = info->pscan_period_mode; 1100 data.pscan_mode = info->pscan_mode; 1101 memcpy(data.dev_class, info->dev_class, 3); 1102 data.clock_offset = info->clock_offset; 1103 data.rssi = 0x00; 1104 data.ssp_mode = 0x00; 1105 info++; 1106 hci_inquiry_cache_update(hdev, &data); 1107 } 1108 1109 hci_dev_unlock(hdev); 1110} 1111 1112static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1113{ 1114 struct hci_ev_conn_complete *ev = (void *) skb->data; 1115 struct hci_conn *conn; 1116 1117 BT_DBG("%s", hdev->name); 1118 1119 hci_dev_lock(hdev); 1120 1121 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1122 if (!conn) { 1123 if (ev->link_type != SCO_LINK) 1124 goto unlock; 1125 1126 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1127 if (!conn) 1128 goto unlock; 1129 1130 conn->type = SCO_LINK; 1131 } 1132 1133 if (!ev->status) { 1134 conn->handle = __le16_to_cpu(ev->handle); 1135 1136 if (conn->type == ACL_LINK) { 1137 conn->state = BT_CONFIG; 1138 hci_conn_hold(conn); 1139 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1140 mgmt_connected(hdev->id, &ev->bdaddr); 1141 } else 1142 conn->state = BT_CONNECTED; 1143 1144 hci_conn_hold_device(conn); 1145 hci_conn_add_sysfs(conn); 1146 1147 if (test_bit(HCI_AUTH, &hdev->flags)) 1148 conn->link_mode |= HCI_LM_AUTH; 1149 1150 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 1151 conn->link_mode |= HCI_LM_ENCRYPT; 1152 1153 /* Get remote features */ 1154 if (conn->type == ACL_LINK) { 1155 struct hci_cp_read_remote_features cp; 1156 cp.handle = ev->handle; 1157 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1158 sizeof(cp), &cp); 1159 } 1160 1161 /* Set packet type for incoming connection */ 1162 if (!conn->out && hdev->hci_ver < 3) { 1163 struct hci_cp_change_conn_ptype cp; 1164 cp.handle = ev->handle; 1165 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1166 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 1167 sizeof(cp), &cp); 1168 } 1169 } else 1170 conn->state = BT_CLOSED; 1171 1172 if (conn->type == ACL_LINK) 1173 hci_sco_setup(conn, ev->status); 1174 1175 if (ev->status) { 1176 hci_proto_connect_cfm(conn, ev->status); 1177 hci_conn_del(conn); 1178 } else if (ev->link_type != ACL_LINK) 1179 hci_proto_connect_cfm(conn, ev->status); 1180 1181unlock: 1182 hci_dev_unlock(hdev); 1183 1184 hci_conn_check_pending(hdev); 1185} 1186 1187static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1188{ 1189 struct hci_ev_conn_request *ev = (void *) skb->data; 1190 int mask = hdev->link_mode; 1191 1192 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 1193 batostr(&ev->bdaddr), ev->link_type); 1194 1195 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1196 1197 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 1198 /* Connection accepted */ 1199 struct inquiry_entry *ie; 1200 struct hci_conn *conn; 1201 1202 hci_dev_lock(hdev); 1203 1204 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1205 if (ie) 1206 memcpy(ie->data.dev_class, ev->dev_class, 3); 1207 1208 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1209 if (!conn) { 1210 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr); 1211 if (!conn) { 1212 BT_ERR("No memory for new connection"); 1213 hci_dev_unlock(hdev); 1214 return; 1215 } 1216 } 1217 1218 memcpy(conn->dev_class, ev->dev_class, 3); 1219 conn->state = BT_CONNECT; 1220 1221 hci_dev_unlock(hdev); 1222 1223 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 1224 struct hci_cp_accept_conn_req cp; 1225 1226 bacpy(&cp.bdaddr, &ev->bdaddr); 1227 1228 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 1229 cp.role = 0x00; /* Become master */ 1230 else 1231 cp.role = 0x01; /* Remain slave */ 1232 1233 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 1234 sizeof(cp), &cp); 1235 } else { 1236 struct hci_cp_accept_sync_conn_req cp; 1237 1238 bacpy(&cp.bdaddr, &ev->bdaddr); 1239 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1240 1241 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 1242 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 1243 cp.max_latency = cpu_to_le16(0xffff); 1244 cp.content_format = cpu_to_le16(hdev->voice_setting); 1245 cp.retrans_effort = 0xff; 1246 1247 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1248 sizeof(cp), &cp); 1249 } 1250 } else { 1251 /* Connection rejected */ 1252 struct hci_cp_reject_conn_req cp; 1253 1254 bacpy(&cp.bdaddr, &ev->bdaddr); 1255 cp.reason = 0x0f; 1256 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1257 } 1258} 1259 1260static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1261{ 1262 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1263 struct hci_conn *conn; 1264 1265 BT_DBG("%s status %d", hdev->name, ev->status); 1266 1267 if (ev->status) 1268 return; 1269 1270 hci_dev_lock(hdev); 1271 1272 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1273 if (!conn) 1274 goto unlock; 1275 1276 conn->state = BT_CLOSED; 1277 1278 if (conn->type == ACL_LINK) 1279 mgmt_disconnected(hdev->id, &conn->dst); 1280 1281 hci_proto_disconn_cfm(conn, ev->reason); 1282 hci_conn_del(conn); 1283 1284unlock: 1285 hci_dev_unlock(hdev); 1286} 1287 1288static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1289{ 1290 struct hci_ev_auth_complete *ev = (void *) skb->data; 1291 struct hci_conn *conn; 1292 1293 BT_DBG("%s status %d", hdev->name, ev->status); 1294 1295 hci_dev_lock(hdev); 1296 1297 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1298 if (conn) { 1299 if (!ev->status) { 1300 conn->link_mode |= HCI_LM_AUTH; 1301 conn->sec_level = conn->pending_sec_level; 1302 } else 1303 conn->sec_level = BT_SECURITY_LOW; 1304 1305 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1306 1307 if (conn->state == BT_CONFIG) { 1308 if (!ev->status && hdev->ssp_mode > 0 && 1309 conn->ssp_mode > 0) { 1310 struct hci_cp_set_conn_encrypt cp; 1311 cp.handle = ev->handle; 1312 cp.encrypt = 0x01; 1313 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1314 sizeof(cp), &cp); 1315 } else { 1316 conn->state = BT_CONNECTED; 1317 hci_proto_connect_cfm(conn, ev->status); 1318 hci_conn_put(conn); 1319 } 1320 } else { 1321 hci_auth_cfm(conn, ev->status); 1322 1323 hci_conn_hold(conn); 1324 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1325 hci_conn_put(conn); 1326 } 1327 1328 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1329 if (!ev->status) { 1330 struct hci_cp_set_conn_encrypt cp; 1331 cp.handle = ev->handle; 1332 cp.encrypt = 0x01; 1333 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1334 sizeof(cp), &cp); 1335 } else { 1336 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1337 hci_encrypt_cfm(conn, ev->status, 0x00); 1338 } 1339 } 1340 } 1341 1342 hci_dev_unlock(hdev); 1343} 1344 1345static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1346{ 1347 struct hci_ev_remote_name *ev = (void *) skb->data; 1348 struct hci_conn *conn; 1349 1350 BT_DBG("%s", hdev->name); 1351 1352 hci_conn_check_pending(hdev); 1353 1354 hci_dev_lock(hdev); 1355 1356 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1357 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1358 struct hci_cp_auth_requested cp; 1359 cp.handle = __cpu_to_le16(conn->handle); 1360 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1361 } 1362 1363 hci_dev_unlock(hdev); 1364} 1365 1366static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1367{ 1368 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1369 struct hci_conn *conn; 1370 1371 BT_DBG("%s status %d", hdev->name, ev->status); 1372 1373 hci_dev_lock(hdev); 1374 1375 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1376 if (conn) { 1377 if (!ev->status) { 1378 if (ev->encrypt) { 1379 /* Encryption implies authentication */ 1380 conn->link_mode |= HCI_LM_AUTH; 1381 conn->link_mode |= HCI_LM_ENCRYPT; 1382 } else 1383 conn->link_mode &= ~HCI_LM_ENCRYPT; 1384 } 1385 1386 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1387 1388 if (conn->state == BT_CONFIG) { 1389 if (!ev->status) 1390 conn->state = BT_CONNECTED; 1391 1392 hci_proto_connect_cfm(conn, ev->status); 1393 hci_conn_put(conn); 1394 } else 1395 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1396 } 1397 1398 hci_dev_unlock(hdev); 1399} 1400 1401static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1402{ 1403 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1404 struct hci_conn *conn; 1405 1406 BT_DBG("%s status %d", hdev->name, ev->status); 1407 1408 hci_dev_lock(hdev); 1409 1410 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1411 if (conn) { 1412 if (!ev->status) 1413 conn->link_mode |= HCI_LM_SECURE; 1414 1415 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1416 1417 hci_key_change_cfm(conn, ev->status); 1418 } 1419 1420 hci_dev_unlock(hdev); 1421} 1422 1423static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1424{ 1425 struct hci_ev_remote_features *ev = (void *) skb->data; 1426 struct hci_conn *conn; 1427 1428 BT_DBG("%s status %d", hdev->name, ev->status); 1429 1430 hci_dev_lock(hdev); 1431 1432 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1433 if (!conn) 1434 goto unlock; 1435 1436 if (!ev->status) 1437 memcpy(conn->features, ev->features, 8); 1438 1439 if (conn->state != BT_CONFIG) 1440 goto unlock; 1441 1442 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) { 1443 struct hci_cp_read_remote_ext_features cp; 1444 cp.handle = ev->handle; 1445 cp.page = 0x01; 1446 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES, 1447 sizeof(cp), &cp); 1448 goto unlock; 1449 } 1450 1451 if (!ev->status) { 1452 struct hci_cp_remote_name_req cp; 1453 memset(&cp, 0, sizeof(cp)); 1454 bacpy(&cp.bdaddr, &conn->dst); 1455 cp.pscan_rep_mode = 0x02; 1456 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 1457 } 1458 1459 if (!hci_outgoing_auth_needed(hdev, conn)) { 1460 conn->state = BT_CONNECTED; 1461 hci_proto_connect_cfm(conn, ev->status); 1462 hci_conn_put(conn); 1463 } 1464 1465unlock: 1466 hci_dev_unlock(hdev); 1467} 1468 1469static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1470{ 1471 BT_DBG("%s", hdev->name); 1472} 1473 1474static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1475{ 1476 BT_DBG("%s", hdev->name); 1477} 1478 1479static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1480{ 1481 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1482 __u16 opcode; 1483 1484 skb_pull(skb, sizeof(*ev)); 1485 1486 opcode = __le16_to_cpu(ev->opcode); 1487 1488 switch (opcode) { 1489 case HCI_OP_INQUIRY_CANCEL: 1490 hci_cc_inquiry_cancel(hdev, skb); 1491 break; 1492 1493 case HCI_OP_EXIT_PERIODIC_INQ: 1494 hci_cc_exit_periodic_inq(hdev, skb); 1495 break; 1496 1497 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1498 hci_cc_remote_name_req_cancel(hdev, skb); 1499 break; 1500 1501 case HCI_OP_ROLE_DISCOVERY: 1502 hci_cc_role_discovery(hdev, skb); 1503 break; 1504 1505 case HCI_OP_READ_LINK_POLICY: 1506 hci_cc_read_link_policy(hdev, skb); 1507 break; 1508 1509 case HCI_OP_WRITE_LINK_POLICY: 1510 hci_cc_write_link_policy(hdev, skb); 1511 break; 1512 1513 case HCI_OP_READ_DEF_LINK_POLICY: 1514 hci_cc_read_def_link_policy(hdev, skb); 1515 break; 1516 1517 case HCI_OP_WRITE_DEF_LINK_POLICY: 1518 hci_cc_write_def_link_policy(hdev, skb); 1519 break; 1520 1521 case HCI_OP_RESET: 1522 hci_cc_reset(hdev, skb); 1523 break; 1524 1525 case HCI_OP_WRITE_LOCAL_NAME: 1526 hci_cc_write_local_name(hdev, skb); 1527 break; 1528 1529 case HCI_OP_READ_LOCAL_NAME: 1530 hci_cc_read_local_name(hdev, skb); 1531 break; 1532 1533 case HCI_OP_WRITE_AUTH_ENABLE: 1534 hci_cc_write_auth_enable(hdev, skb); 1535 break; 1536 1537 case HCI_OP_WRITE_ENCRYPT_MODE: 1538 hci_cc_write_encrypt_mode(hdev, skb); 1539 break; 1540 1541 case HCI_OP_WRITE_SCAN_ENABLE: 1542 hci_cc_write_scan_enable(hdev, skb); 1543 break; 1544 1545 case HCI_OP_READ_CLASS_OF_DEV: 1546 hci_cc_read_class_of_dev(hdev, skb); 1547 break; 1548 1549 case HCI_OP_WRITE_CLASS_OF_DEV: 1550 hci_cc_write_class_of_dev(hdev, skb); 1551 break; 1552 1553 case HCI_OP_READ_VOICE_SETTING: 1554 hci_cc_read_voice_setting(hdev, skb); 1555 break; 1556 1557 case HCI_OP_WRITE_VOICE_SETTING: 1558 hci_cc_write_voice_setting(hdev, skb); 1559 break; 1560 1561 case HCI_OP_HOST_BUFFER_SIZE: 1562 hci_cc_host_buffer_size(hdev, skb); 1563 break; 1564 1565 case HCI_OP_READ_SSP_MODE: 1566 hci_cc_read_ssp_mode(hdev, skb); 1567 break; 1568 1569 case HCI_OP_WRITE_SSP_MODE: 1570 hci_cc_write_ssp_mode(hdev, skb); 1571 break; 1572 1573 case HCI_OP_READ_LOCAL_VERSION: 1574 hci_cc_read_local_version(hdev, skb); 1575 break; 1576 1577 case HCI_OP_READ_LOCAL_COMMANDS: 1578 hci_cc_read_local_commands(hdev, skb); 1579 break; 1580 1581 case HCI_OP_READ_LOCAL_FEATURES: 1582 hci_cc_read_local_features(hdev, skb); 1583 break; 1584 1585 case HCI_OP_READ_BUFFER_SIZE: 1586 hci_cc_read_buffer_size(hdev, skb); 1587 break; 1588 1589 case HCI_OP_READ_BD_ADDR: 1590 hci_cc_read_bd_addr(hdev, skb); 1591 break; 1592 1593 case HCI_OP_WRITE_CA_TIMEOUT: 1594 hci_cc_write_ca_timeout(hdev, skb); 1595 break; 1596 1597 case HCI_OP_DELETE_STORED_LINK_KEY: 1598 hci_cc_delete_stored_link_key(hdev, skb); 1599 break; 1600 1601 case HCI_OP_SET_EVENT_MASK: 1602 hci_cc_set_event_mask(hdev, skb); 1603 break; 1604 1605 case HCI_OP_WRITE_INQUIRY_MODE: 1606 hci_cc_write_inquiry_mode(hdev, skb); 1607 break; 1608 1609 case HCI_OP_READ_INQ_RSP_TX_POWER: 1610 hci_cc_read_inq_rsp_tx_power(hdev, skb); 1611 break; 1612 1613 case HCI_OP_SET_EVENT_FLT: 1614 hci_cc_set_event_flt(hdev, skb); 1615 break; 1616 1617 default: 1618 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1619 break; 1620 } 1621 1622 if (ev->ncmd) { 1623 atomic_set(&hdev->cmd_cnt, 1); 1624 if (!skb_queue_empty(&hdev->cmd_q)) 1625 tasklet_schedule(&hdev->cmd_task); 1626 } 1627} 1628 1629static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1630{ 1631 struct hci_ev_cmd_status *ev = (void *) skb->data; 1632 __u16 opcode; 1633 1634 skb_pull(skb, sizeof(*ev)); 1635 1636 opcode = __le16_to_cpu(ev->opcode); 1637 1638 switch (opcode) { 1639 case HCI_OP_INQUIRY: 1640 hci_cs_inquiry(hdev, ev->status); 1641 break; 1642 1643 case HCI_OP_CREATE_CONN: 1644 hci_cs_create_conn(hdev, ev->status); 1645 break; 1646 1647 case HCI_OP_ADD_SCO: 1648 hci_cs_add_sco(hdev, ev->status); 1649 break; 1650 1651 case HCI_OP_AUTH_REQUESTED: 1652 hci_cs_auth_requested(hdev, ev->status); 1653 break; 1654 1655 case HCI_OP_SET_CONN_ENCRYPT: 1656 hci_cs_set_conn_encrypt(hdev, ev->status); 1657 break; 1658 1659 case HCI_OP_REMOTE_NAME_REQ: 1660 hci_cs_remote_name_req(hdev, ev->status); 1661 break; 1662 1663 case HCI_OP_READ_REMOTE_FEATURES: 1664 hci_cs_read_remote_features(hdev, ev->status); 1665 break; 1666 1667 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1668 hci_cs_read_remote_ext_features(hdev, ev->status); 1669 break; 1670 1671 case HCI_OP_SETUP_SYNC_CONN: 1672 hci_cs_setup_sync_conn(hdev, ev->status); 1673 break; 1674 1675 case HCI_OP_SNIFF_MODE: 1676 hci_cs_sniff_mode(hdev, ev->status); 1677 break; 1678 1679 case HCI_OP_EXIT_SNIFF_MODE: 1680 hci_cs_exit_sniff_mode(hdev, ev->status); 1681 break; 1682 1683 default: 1684 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1685 break; 1686 } 1687 1688 if (ev->ncmd) { 1689 atomic_set(&hdev->cmd_cnt, 1); 1690 if (!skb_queue_empty(&hdev->cmd_q)) 1691 tasklet_schedule(&hdev->cmd_task); 1692 } 1693} 1694 1695static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1696{ 1697 struct hci_ev_role_change *ev = (void *) skb->data; 1698 struct hci_conn *conn; 1699 1700 BT_DBG("%s status %d", hdev->name, ev->status); 1701 1702 hci_dev_lock(hdev); 1703 1704 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1705 if (conn) { 1706 if (!ev->status) { 1707 if (ev->role) 1708 conn->link_mode &= ~HCI_LM_MASTER; 1709 else 1710 conn->link_mode |= HCI_LM_MASTER; 1711 } 1712 1713 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1714 1715 hci_role_switch_cfm(conn, ev->status, ev->role); 1716 } 1717 1718 hci_dev_unlock(hdev); 1719} 1720 1721static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1722{ 1723 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1724 __le16 *ptr; 1725 int i; 1726 1727 skb_pull(skb, sizeof(*ev)); 1728 1729 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1730 1731 if (skb->len < ev->num_hndl * 4) { 1732 BT_DBG("%s bad parameters", hdev->name); 1733 return; 1734 } 1735 1736 tasklet_disable(&hdev->tx_task); 1737 1738 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1739 struct hci_conn *conn; 1740 __u16 handle, count; 1741 1742 handle = get_unaligned_le16(ptr++); 1743 count = get_unaligned_le16(ptr++); 1744 1745 conn = hci_conn_hash_lookup_handle(hdev, handle); 1746 if (conn) { 1747 conn->sent -= count; 1748 1749 if (conn->type == ACL_LINK) { 1750 hdev->acl_cnt += count; 1751 if (hdev->acl_cnt > hdev->acl_pkts) 1752 hdev->acl_cnt = hdev->acl_pkts; 1753 } else { 1754 hdev->sco_cnt += count; 1755 if (hdev->sco_cnt > hdev->sco_pkts) 1756 hdev->sco_cnt = hdev->sco_pkts; 1757 } 1758 } 1759 } 1760 1761 tasklet_schedule(&hdev->tx_task); 1762 1763 tasklet_enable(&hdev->tx_task); 1764} 1765 1766static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1767{ 1768 struct hci_ev_mode_change *ev = (void *) skb->data; 1769 struct hci_conn *conn; 1770 1771 BT_DBG("%s status %d", hdev->name, ev->status); 1772 1773 hci_dev_lock(hdev); 1774 1775 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1776 if (conn) { 1777 conn->mode = ev->mode; 1778 conn->interval = __le16_to_cpu(ev->interval); 1779 1780 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 1781 if (conn->mode == HCI_CM_ACTIVE) 1782 conn->power_save = 1; 1783 else 1784 conn->power_save = 0; 1785 } 1786 1787 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1788 hci_sco_setup(conn, ev->status); 1789 } 1790 1791 hci_dev_unlock(hdev); 1792} 1793 1794static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1795{ 1796 struct hci_ev_pin_code_req *ev = (void *) skb->data; 1797 struct hci_conn *conn; 1798 1799 BT_DBG("%s", hdev->name); 1800 1801 hci_dev_lock(hdev); 1802 1803 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1804 if (conn && conn->state == BT_CONNECTED) { 1805 hci_conn_hold(conn); 1806 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 1807 hci_conn_put(conn); 1808 } 1809 1810 if (!test_bit(HCI_PAIRABLE, &hdev->flags)) 1811 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 1812 sizeof(ev->bdaddr), &ev->bdaddr); 1813 1814 hci_dev_unlock(hdev); 1815} 1816 1817static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1818{ 1819 struct hci_ev_link_key_req *ev = (void *) skb->data; 1820 struct hci_cp_link_key_reply cp; 1821 struct hci_conn *conn; 1822 struct link_key *key; 1823 1824 BT_DBG("%s", hdev->name); 1825 1826 if (!test_bit(HCI_LINK_KEYS, &hdev->flags)) 1827 return; 1828 1829 hci_dev_lock(hdev); 1830 1831 key = hci_find_link_key(hdev, &ev->bdaddr); 1832 if (!key) { 1833 BT_DBG("%s link key not found for %s", hdev->name, 1834 batostr(&ev->bdaddr)); 1835 goto not_found; 1836 } 1837 1838 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 1839 batostr(&ev->bdaddr)); 1840 1841 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) { 1842 BT_DBG("%s ignoring debug key", hdev->name); 1843 goto not_found; 1844 } 1845 1846 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1847 1848 if (key->type == 0x04 && conn && conn->auth_type != 0xff && 1849 (conn->auth_type & 0x01)) { 1850 BT_DBG("%s ignoring unauthenticated key", hdev->name); 1851 goto not_found; 1852 } 1853 1854 bacpy(&cp.bdaddr, &ev->bdaddr); 1855 memcpy(cp.link_key, key->val, 16); 1856 1857 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp); 1858 1859 hci_dev_unlock(hdev); 1860 1861 return; 1862 1863not_found: 1864 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); 1865 hci_dev_unlock(hdev); 1866} 1867 1868static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 1869{ 1870 struct hci_ev_link_key_notify *ev = (void *) skb->data; 1871 struct hci_conn *conn; 1872 u8 pin_len = 0; 1873 1874 BT_DBG("%s", hdev->name); 1875 1876 hci_dev_lock(hdev); 1877 1878 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1879 if (conn) { 1880 hci_conn_hold(conn); 1881 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1882 hci_conn_put(conn); 1883 } 1884 1885 if (test_bit(HCI_LINK_KEYS, &hdev->flags)) 1886 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key, 1887 ev->key_type, pin_len); 1888 1889 hci_dev_unlock(hdev); 1890} 1891 1892static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 1893{ 1894 struct hci_ev_clock_offset *ev = (void *) skb->data; 1895 struct hci_conn *conn; 1896 1897 BT_DBG("%s status %d", hdev->name, ev->status); 1898 1899 hci_dev_lock(hdev); 1900 1901 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1902 if (conn && !ev->status) { 1903 struct inquiry_entry *ie; 1904 1905 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 1906 if (ie) { 1907 ie->data.clock_offset = ev->clock_offset; 1908 ie->timestamp = jiffies; 1909 } 1910 } 1911 1912 hci_dev_unlock(hdev); 1913} 1914 1915static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1916{ 1917 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 1918 struct hci_conn *conn; 1919 1920 BT_DBG("%s status %d", hdev->name, ev->status); 1921 1922 hci_dev_lock(hdev); 1923 1924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1925 if (conn && !ev->status) 1926 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 1927 1928 hci_dev_unlock(hdev); 1929} 1930 1931static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1932{ 1933 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1934 struct inquiry_entry *ie; 1935 1936 BT_DBG("%s", hdev->name); 1937 1938 hci_dev_lock(hdev); 1939 1940 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1941 if (ie) { 1942 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 1943 ie->timestamp = jiffies; 1944 } 1945 1946 hci_dev_unlock(hdev); 1947} 1948 1949static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 1950{ 1951 struct inquiry_data data; 1952 int num_rsp = *((__u8 *) skb->data); 1953 1954 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1955 1956 if (!num_rsp) 1957 return; 1958 1959 hci_dev_lock(hdev); 1960 1961 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 1962 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 1963 1964 for (; num_rsp; num_rsp--) { 1965 bacpy(&data.bdaddr, &info->bdaddr); 1966 data.pscan_rep_mode = info->pscan_rep_mode; 1967 data.pscan_period_mode = info->pscan_period_mode; 1968 data.pscan_mode = info->pscan_mode; 1969 memcpy(data.dev_class, info->dev_class, 3); 1970 data.clock_offset = info->clock_offset; 1971 data.rssi = info->rssi; 1972 data.ssp_mode = 0x00; 1973 info++; 1974 hci_inquiry_cache_update(hdev, &data); 1975 } 1976 } else { 1977 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 1978 1979 for (; num_rsp; num_rsp--) { 1980 bacpy(&data.bdaddr, &info->bdaddr); 1981 data.pscan_rep_mode = info->pscan_rep_mode; 1982 data.pscan_period_mode = info->pscan_period_mode; 1983 data.pscan_mode = 0x00; 1984 memcpy(data.dev_class, info->dev_class, 3); 1985 data.clock_offset = info->clock_offset; 1986 data.rssi = info->rssi; 1987 data.ssp_mode = 0x00; 1988 info++; 1989 hci_inquiry_cache_update(hdev, &data); 1990 } 1991 } 1992 1993 hci_dev_unlock(hdev); 1994} 1995 1996static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1997{ 1998 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 1999 struct hci_conn *conn; 2000 2001 BT_DBG("%s", hdev->name); 2002 2003 hci_dev_lock(hdev); 2004 2005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2006 if (!conn) 2007 goto unlock; 2008 2009 if (!ev->status && ev->page == 0x01) { 2010 struct inquiry_entry *ie; 2011 2012 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2013 if (ie) 2014 ie->data.ssp_mode = (ev->features[0] & 0x01); 2015 2016 conn->ssp_mode = (ev->features[0] & 0x01); 2017 } 2018 2019 if (conn->state != BT_CONFIG) 2020 goto unlock; 2021 2022 if (!ev->status) { 2023 struct hci_cp_remote_name_req cp; 2024 memset(&cp, 0, sizeof(cp)); 2025 bacpy(&cp.bdaddr, &conn->dst); 2026 cp.pscan_rep_mode = 0x02; 2027 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2028 } 2029 2030 if (!hci_outgoing_auth_needed(hdev, conn)) { 2031 conn->state = BT_CONNECTED; 2032 hci_proto_connect_cfm(conn, ev->status); 2033 hci_conn_put(conn); 2034 } 2035 2036unlock: 2037 hci_dev_unlock(hdev); 2038} 2039 2040static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2041{ 2042 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2043 struct hci_conn *conn; 2044 2045 BT_DBG("%s status %d", hdev->name, ev->status); 2046 2047 hci_dev_lock(hdev); 2048 2049 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 2050 if (!conn) { 2051 if (ev->link_type == ESCO_LINK) 2052 goto unlock; 2053 2054 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 2055 if (!conn) 2056 goto unlock; 2057 2058 conn->type = SCO_LINK; 2059 } 2060 2061 switch (ev->status) { 2062 case 0x00: 2063 conn->handle = __le16_to_cpu(ev->handle); 2064 conn->state = BT_CONNECTED; 2065 2066 hci_conn_hold_device(conn); 2067 hci_conn_add_sysfs(conn); 2068 break; 2069 2070 case 0x11: /* Unsupported Feature or Parameter Value */ 2071 case 0x1c: /* SCO interval rejected */ 2072 case 0x1a: /* Unsupported Remote Feature */ 2073 case 0x1f: /* Unspecified error */ 2074 if (conn->out && conn->attempt < 2) { 2075 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 2076 (hdev->esco_type & EDR_ESCO_MASK); 2077 hci_setup_sync(conn, conn->link->handle); 2078 goto unlock; 2079 } 2080 /* fall through */ 2081 2082 default: 2083 conn->state = BT_CLOSED; 2084 break; 2085 } 2086 2087 hci_proto_connect_cfm(conn, ev->status); 2088 if (ev->status) 2089 hci_conn_del(conn); 2090 2091unlock: 2092 hci_dev_unlock(hdev); 2093} 2094 2095static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 2096{ 2097 BT_DBG("%s", hdev->name); 2098} 2099 2100static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 2101{ 2102 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2103 struct hci_conn *conn; 2104 2105 BT_DBG("%s status %d", hdev->name, ev->status); 2106 2107 hci_dev_lock(hdev); 2108 2109 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2110 if (conn) { 2111 } 2112 2113 hci_dev_unlock(hdev); 2114} 2115 2116static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 2117{ 2118 struct inquiry_data data; 2119 struct extended_inquiry_info *info = (void *) (skb->data + 1); 2120 int num_rsp = *((__u8 *) skb->data); 2121 2122 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2123 2124 if (!num_rsp) 2125 return; 2126 2127 hci_dev_lock(hdev); 2128 2129 for (; num_rsp; num_rsp--) { 2130 bacpy(&data.bdaddr, &info->bdaddr); 2131 data.pscan_rep_mode = info->pscan_rep_mode; 2132 data.pscan_period_mode = info->pscan_period_mode; 2133 data.pscan_mode = 0x00; 2134 memcpy(data.dev_class, info->dev_class, 3); 2135 data.clock_offset = info->clock_offset; 2136 data.rssi = info->rssi; 2137 data.ssp_mode = 0x01; 2138 info++; 2139 hci_inquiry_cache_update(hdev, &data); 2140 } 2141 2142 hci_dev_unlock(hdev); 2143} 2144 2145static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2146{ 2147 struct hci_ev_io_capa_request *ev = (void *) skb->data; 2148 struct hci_conn *conn; 2149 2150 BT_DBG("%s", hdev->name); 2151 2152 hci_dev_lock(hdev); 2153 2154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2155 if (!conn) 2156 goto unlock; 2157 2158 hci_conn_hold(conn); 2159 2160 if (!test_bit(HCI_MGMT, &hdev->flags)) 2161 goto unlock; 2162 2163 if (test_bit(HCI_PAIRABLE, &hdev->flags) || 2164 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 2165 /* FIXME: Do IO capa response based on information 2166 * provided through the management interface */ 2167 } else { 2168 struct hci_cp_io_capability_neg_reply cp; 2169 2170 bacpy(&cp.bdaddr, &ev->bdaddr); 2171 cp.reason = 0x16; /* Pairing not allowed */ 2172 2173 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 2174 sizeof(cp), &cp); 2175 } 2176 2177unlock: 2178 hci_dev_unlock(hdev); 2179} 2180 2181static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb) 2182{ 2183 struct hci_ev_io_capa_reply *ev = (void *) skb->data; 2184 struct hci_conn *conn; 2185 2186 BT_DBG("%s", hdev->name); 2187 2188 hci_dev_lock(hdev); 2189 2190 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2191 if (!conn) 2192 goto unlock; 2193 2194 hci_conn_hold(conn); 2195 2196 conn->remote_cap = ev->capability; 2197 conn->remote_oob = ev->oob_data; 2198 conn->remote_auth = ev->authentication; 2199 2200unlock: 2201 hci_dev_unlock(hdev); 2202} 2203 2204static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2205{ 2206 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 2207 struct hci_conn *conn; 2208 2209 BT_DBG("%s", hdev->name); 2210 2211 hci_dev_lock(hdev); 2212 2213 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2214 if (conn) 2215 hci_conn_put(conn); 2216 2217 hci_dev_unlock(hdev); 2218} 2219 2220static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 2221{ 2222 struct hci_ev_remote_host_features *ev = (void *) skb->data; 2223 struct inquiry_entry *ie; 2224 2225 BT_DBG("%s", hdev->name); 2226 2227 hci_dev_lock(hdev); 2228 2229 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2230 if (ie) 2231 ie->data.ssp_mode = (ev->features[0] & 0x01); 2232 2233 hci_dev_unlock(hdev); 2234} 2235 2236void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 2237{ 2238 struct hci_event_hdr *hdr = (void *) skb->data; 2239 __u8 event = hdr->evt; 2240 2241 skb_pull(skb, HCI_EVENT_HDR_SIZE); 2242 2243 switch (event) { 2244 case HCI_EV_INQUIRY_COMPLETE: 2245 hci_inquiry_complete_evt(hdev, skb); 2246 break; 2247 2248 case HCI_EV_INQUIRY_RESULT: 2249 hci_inquiry_result_evt(hdev, skb); 2250 break; 2251 2252 case HCI_EV_CONN_COMPLETE: 2253 hci_conn_complete_evt(hdev, skb); 2254 break; 2255 2256 case HCI_EV_CONN_REQUEST: 2257 hci_conn_request_evt(hdev, skb); 2258 break; 2259 2260 case HCI_EV_DISCONN_COMPLETE: 2261 hci_disconn_complete_evt(hdev, skb); 2262 break; 2263 2264 case HCI_EV_AUTH_COMPLETE: 2265 hci_auth_complete_evt(hdev, skb); 2266 break; 2267 2268 case HCI_EV_REMOTE_NAME: 2269 hci_remote_name_evt(hdev, skb); 2270 break; 2271 2272 case HCI_EV_ENCRYPT_CHANGE: 2273 hci_encrypt_change_evt(hdev, skb); 2274 break; 2275 2276 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 2277 hci_change_link_key_complete_evt(hdev, skb); 2278 break; 2279 2280 case HCI_EV_REMOTE_FEATURES: 2281 hci_remote_features_evt(hdev, skb); 2282 break; 2283 2284 case HCI_EV_REMOTE_VERSION: 2285 hci_remote_version_evt(hdev, skb); 2286 break; 2287 2288 case HCI_EV_QOS_SETUP_COMPLETE: 2289 hci_qos_setup_complete_evt(hdev, skb); 2290 break; 2291 2292 case HCI_EV_CMD_COMPLETE: 2293 hci_cmd_complete_evt(hdev, skb); 2294 break; 2295 2296 case HCI_EV_CMD_STATUS: 2297 hci_cmd_status_evt(hdev, skb); 2298 break; 2299 2300 case HCI_EV_ROLE_CHANGE: 2301 hci_role_change_evt(hdev, skb); 2302 break; 2303 2304 case HCI_EV_NUM_COMP_PKTS: 2305 hci_num_comp_pkts_evt(hdev, skb); 2306 break; 2307 2308 case HCI_EV_MODE_CHANGE: 2309 hci_mode_change_evt(hdev, skb); 2310 break; 2311 2312 case HCI_EV_PIN_CODE_REQ: 2313 hci_pin_code_request_evt(hdev, skb); 2314 break; 2315 2316 case HCI_EV_LINK_KEY_REQ: 2317 hci_link_key_request_evt(hdev, skb); 2318 break; 2319 2320 case HCI_EV_LINK_KEY_NOTIFY: 2321 hci_link_key_notify_evt(hdev, skb); 2322 break; 2323 2324 case HCI_EV_CLOCK_OFFSET: 2325 hci_clock_offset_evt(hdev, skb); 2326 break; 2327 2328 case HCI_EV_PKT_TYPE_CHANGE: 2329 hci_pkt_type_change_evt(hdev, skb); 2330 break; 2331 2332 case HCI_EV_PSCAN_REP_MODE: 2333 hci_pscan_rep_mode_evt(hdev, skb); 2334 break; 2335 2336 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 2337 hci_inquiry_result_with_rssi_evt(hdev, skb); 2338 break; 2339 2340 case HCI_EV_REMOTE_EXT_FEATURES: 2341 hci_remote_ext_features_evt(hdev, skb); 2342 break; 2343 2344 case HCI_EV_SYNC_CONN_COMPLETE: 2345 hci_sync_conn_complete_evt(hdev, skb); 2346 break; 2347 2348 case HCI_EV_SYNC_CONN_CHANGED: 2349 hci_sync_conn_changed_evt(hdev, skb); 2350 break; 2351 2352 case HCI_EV_SNIFF_SUBRATE: 2353 hci_sniff_subrate_evt(hdev, skb); 2354 break; 2355 2356 case HCI_EV_EXTENDED_INQUIRY_RESULT: 2357 hci_extended_inquiry_result_evt(hdev, skb); 2358 break; 2359 2360 case HCI_EV_IO_CAPA_REQUEST: 2361 hci_io_capa_request_evt(hdev, skb); 2362 break; 2363 2364 case HCI_EV_IO_CAPA_REPLY: 2365 hci_io_capa_reply_evt(hdev, skb); 2366 break; 2367 2368 case HCI_EV_SIMPLE_PAIR_COMPLETE: 2369 hci_simple_pair_complete_evt(hdev, skb); 2370 break; 2371 2372 case HCI_EV_REMOTE_HOST_FEATURES: 2373 hci_remote_host_features_evt(hdev, skb); 2374 break; 2375 2376 default: 2377 BT_DBG("%s event 0x%x", hdev->name, event); 2378 break; 2379 } 2380 2381 kfree_skb(skb); 2382 hdev->stat.evt_rx++; 2383} 2384 2385/* Generate internal stack event */ 2386void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 2387{ 2388 struct hci_event_hdr *hdr; 2389 struct hci_ev_stack_internal *ev; 2390 struct sk_buff *skb; 2391 2392 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 2393 if (!skb) 2394 return; 2395 2396 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 2397 hdr->evt = HCI_EV_STACK_INTERNAL; 2398 hdr->plen = sizeof(*ev) + dlen; 2399 2400 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 2401 ev->type = type; 2402 memcpy(ev->data, data, dlen); 2403 2404 bt_cb(skb)->incoming = 1; 2405 __net_timestamp(skb); 2406 2407 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 2408 skb->dev = (void *) hdev; 2409 hci_send_to_sock(hdev, skb, NULL); 2410 kfree_skb(skb); 2411} 2412