1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI event handling. */ 26 27#include <linux/module.h> 28 29#include <linux/types.h> 30#include <linux/errno.h> 31#include <linux/kernel.h> 32#include <linux/slab.h> 33#include <linux/poll.h> 34#include <linux/fcntl.h> 35#include <linux/init.h> 36#include <linux/skbuff.h> 37#include <linux/interrupt.h> 38#include <linux/notifier.h> 39#include <net/sock.h> 40 41#include <asm/system.h> 42#include <asm/uaccess.h> 43#include <asm/unaligned.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47 48/* Handle HCI Event packets */ 49 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 51{ 52 __u8 status = *((__u8 *) skb->data); 53 54 BT_DBG("%s status 0x%x", hdev->name, status); 55 56 if (status) 57 return; 58 59 clear_bit(HCI_INQUIRY, &hdev->flags); 60 61 hci_req_complete(hdev, status); 62 63 hci_conn_check_pending(hdev); 64} 65 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 67{ 68 __u8 status = *((__u8 *) skb->data); 69 70 BT_DBG("%s status 0x%x", hdev->name, status); 71 72 if (status) 73 return; 74 75 clear_bit(HCI_INQUIRY, &hdev->flags); 76 77 hci_conn_check_pending(hdev); 78} 79 80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 81{ 82 BT_DBG("%s", hdev->name); 83} 84 85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 86{ 87 struct hci_rp_role_discovery *rp = (void *) skb->data; 88 struct hci_conn *conn; 89 90 BT_DBG("%s status 0x%x", hdev->name, rp->status); 91 92 if (rp->status) 93 return; 94 95 hci_dev_lock(hdev); 96 97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 98 if (conn) { 99 if (rp->role) 100 conn->link_mode &= ~HCI_LM_MASTER; 101 else 102 conn->link_mode |= HCI_LM_MASTER; 103 } 104 105 hci_dev_unlock(hdev); 106} 107 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 109{ 110 struct hci_rp_read_link_policy *rp = (void *) skb->data; 111 struct hci_conn *conn; 112 113 BT_DBG("%s status 0x%x", hdev->name, rp->status); 114 115 if (rp->status) 116 return; 117 118 hci_dev_lock(hdev); 119 120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 121 if (conn) 122 conn->link_policy = __le16_to_cpu(rp->policy); 123 124 hci_dev_unlock(hdev); 125} 126 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 128{ 129 struct hci_rp_write_link_policy *rp = (void *) skb->data; 130 struct hci_conn *conn; 131 void *sent; 132 133 BT_DBG("%s status 0x%x", hdev->name, rp->status); 134 135 if (rp->status) 136 return; 137 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 139 if (!sent) 140 return; 141 142 hci_dev_lock(hdev); 143 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 145 if (conn) 146 conn->link_policy = get_unaligned_le16(sent + 2); 147 148 hci_dev_unlock(hdev); 149} 150 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 152{ 153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 154 155 BT_DBG("%s status 0x%x", hdev->name, rp->status); 156 157 if (rp->status) 158 return; 159 160 hdev->link_policy = __le16_to_cpu(rp->policy); 161} 162 163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 164{ 165 __u8 status = *((__u8 *) skb->data); 166 void *sent; 167 168 BT_DBG("%s status 0x%x", hdev->name, status); 169 170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 171 if (!sent) 172 return; 173 174 if (!status) 175 hdev->link_policy = get_unaligned_le16(sent); 176 177 hci_req_complete(hdev, status); 178} 179 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 181{ 182 __u8 status = *((__u8 *) skb->data); 183 184 BT_DBG("%s status 0x%x", hdev->name, status); 185 186 hci_req_complete(hdev, status); 187} 188 189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 190{ 191 __u8 status = *((__u8 *) skb->data); 192 void *sent; 193 194 BT_DBG("%s status 0x%x", hdev->name, status); 195 196 if (status) 197 return; 198 199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 200 if (!sent) 201 return; 202 203 memcpy(hdev->dev_name, sent, 248); 204} 205 206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 207{ 208 struct hci_rp_read_local_name *rp = (void *) skb->data; 209 210 BT_DBG("%s status 0x%x", hdev->name, rp->status); 211 212 if (rp->status) 213 return; 214 215 memcpy(hdev->dev_name, rp->name, 248); 216} 217 218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 219{ 220 __u8 status = *((__u8 *) skb->data); 221 void *sent; 222 223 BT_DBG("%s status 0x%x", hdev->name, status); 224 225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 226 if (!sent) 227 return; 228 229 if (!status) { 230 __u8 param = *((__u8 *) sent); 231 232 if (param == AUTH_ENABLED) 233 set_bit(HCI_AUTH, &hdev->flags); 234 else 235 clear_bit(HCI_AUTH, &hdev->flags); 236 } 237 238 hci_req_complete(hdev, status); 239} 240 241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 242{ 243 __u8 status = *((__u8 *) skb->data); 244 void *sent; 245 246 BT_DBG("%s status 0x%x", hdev->name, status); 247 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 249 if (!sent) 250 return; 251 252 if (!status) { 253 __u8 param = *((__u8 *) sent); 254 255 if (param) 256 set_bit(HCI_ENCRYPT, &hdev->flags); 257 else 258 clear_bit(HCI_ENCRYPT, &hdev->flags); 259 } 260 261 hci_req_complete(hdev, status); 262} 263 264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 265{ 266 __u8 status = *((__u8 *) skb->data); 267 void *sent; 268 269 BT_DBG("%s status 0x%x", hdev->name, status); 270 271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 272 if (!sent) 273 return; 274 275 if (!status) { 276 __u8 param = *((__u8 *) sent); 277 278 clear_bit(HCI_PSCAN, &hdev->flags); 279 clear_bit(HCI_ISCAN, &hdev->flags); 280 281 if (param & SCAN_INQUIRY) 282 set_bit(HCI_ISCAN, &hdev->flags); 283 284 if (param & SCAN_PAGE) 285 set_bit(HCI_PSCAN, &hdev->flags); 286 } 287 288 hci_req_complete(hdev, status); 289} 290 291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 292{ 293 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 294 295 BT_DBG("%s status 0x%x", hdev->name, rp->status); 296 297 if (rp->status) 298 return; 299 300 memcpy(hdev->dev_class, rp->dev_class, 3); 301 302 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 303 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 304} 305 306static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 307{ 308 __u8 status = *((__u8 *) skb->data); 309 void *sent; 310 311 BT_DBG("%s status 0x%x", hdev->name, status); 312 313 if (status) 314 return; 315 316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 317 if (!sent) 318 return; 319 320 memcpy(hdev->dev_class, sent, 3); 321} 322 323static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 324{ 325 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 326 __u16 setting; 327 328 BT_DBG("%s status 0x%x", hdev->name, rp->status); 329 330 if (rp->status) 331 return; 332 333 setting = __le16_to_cpu(rp->voice_setting); 334 335 if (hdev->voice_setting == setting) 336 return; 337 338 hdev->voice_setting = setting; 339 340 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 341 342 if (hdev->notify) { 343 tasklet_disable(&hdev->tx_task); 344 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 345 tasklet_enable(&hdev->tx_task); 346 } 347} 348 349static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 350{ 351 __u8 status = *((__u8 *) skb->data); 352 __u16 setting; 353 void *sent; 354 355 BT_DBG("%s status 0x%x", hdev->name, status); 356 357 if (status) 358 return; 359 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 361 if (!sent) 362 return; 363 364 setting = get_unaligned_le16(sent); 365 366 if (hdev->voice_setting == setting) 367 return; 368 369 hdev->voice_setting = setting; 370 371 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 372 373 if (hdev->notify) { 374 tasklet_disable(&hdev->tx_task); 375 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 376 tasklet_enable(&hdev->tx_task); 377 } 378} 379 380static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 381{ 382 __u8 status = *((__u8 *) skb->data); 383 384 BT_DBG("%s status 0x%x", hdev->name, status); 385 386 hci_req_complete(hdev, status); 387} 388 389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 390{ 391 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 392 393 BT_DBG("%s status 0x%x", hdev->name, rp->status); 394 395 if (rp->status) 396 return; 397 398 hdev->ssp_mode = rp->mode; 399} 400 401static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 402{ 403 __u8 status = *((__u8 *) skb->data); 404 void *sent; 405 406 BT_DBG("%s status 0x%x", hdev->name, status); 407 408 if (status) 409 return; 410 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 412 if (!sent) 413 return; 414 415 hdev->ssp_mode = *((__u8 *) sent); 416} 417 418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 419{ 420 struct hci_rp_read_local_version *rp = (void *) skb->data; 421 422 BT_DBG("%s status 0x%x", hdev->name, rp->status); 423 424 if (rp->status) 425 return; 426 427 hdev->hci_ver = rp->hci_ver; 428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 430 431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 432 hdev->manufacturer, 433 hdev->hci_ver, hdev->hci_rev); 434} 435 436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 437{ 438 struct hci_rp_read_local_commands *rp = (void *) skb->data; 439 440 BT_DBG("%s status 0x%x", hdev->name, rp->status); 441 442 if (rp->status) 443 return; 444 445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 446} 447 448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 449{ 450 struct hci_rp_read_local_features *rp = (void *) skb->data; 451 452 BT_DBG("%s status 0x%x", hdev->name, rp->status); 453 454 if (rp->status) 455 return; 456 457 memcpy(hdev->features, rp->features, 8); 458 459 /* Adjust default settings according to features 460 * supported by device. */ 461 462 if (hdev->features[0] & LMP_3SLOT) 463 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 464 465 if (hdev->features[0] & LMP_5SLOT) 466 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 467 468 if (hdev->features[1] & LMP_HV2) { 469 hdev->pkt_type |= (HCI_HV2); 470 hdev->esco_type |= (ESCO_HV2); 471 } 472 473 if (hdev->features[1] & LMP_HV3) { 474 hdev->pkt_type |= (HCI_HV3); 475 hdev->esco_type |= (ESCO_HV3); 476 } 477 478 if (hdev->features[3] & LMP_ESCO) 479 hdev->esco_type |= (ESCO_EV3); 480 481 if (hdev->features[4] & LMP_EV4) 482 hdev->esco_type |= (ESCO_EV4); 483 484 if (hdev->features[4] & LMP_EV5) 485 hdev->esco_type |= (ESCO_EV5); 486 487 if (hdev->features[5] & LMP_EDR_ESCO_2M) 488 hdev->esco_type |= (ESCO_2EV3); 489 490 if (hdev->features[5] & LMP_EDR_ESCO_3M) 491 hdev->esco_type |= (ESCO_3EV3); 492 493 if (hdev->features[5] & LMP_EDR_3S_ESCO) 494 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 495 496 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 497 hdev->features[0], hdev->features[1], 498 hdev->features[2], hdev->features[3], 499 hdev->features[4], hdev->features[5], 500 hdev->features[6], hdev->features[7]); 501} 502 503static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 504{ 505 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 506 507 BT_DBG("%s status 0x%x", hdev->name, rp->status); 508 509 if (rp->status) 510 return; 511 512 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 513 hdev->sco_mtu = rp->sco_mtu; 514 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 515 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 516 517 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 518 hdev->sco_mtu = 64; 519 hdev->sco_pkts = 8; 520 } 521 522 hdev->acl_cnt = hdev->acl_pkts; 523 hdev->sco_cnt = hdev->sco_pkts; 524 525 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 526 hdev->acl_mtu, hdev->acl_pkts, 527 hdev->sco_mtu, hdev->sco_pkts); 528} 529 530static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 531{ 532 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 533 534 BT_DBG("%s status 0x%x", hdev->name, rp->status); 535 536 if (!rp->status) 537 bacpy(&hdev->bdaddr, &rp->bdaddr); 538 539 hci_req_complete(hdev, rp->status); 540} 541 542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 543{ 544 BT_DBG("%s status 0x%x", hdev->name, status); 545 546 if (status) { 547 hci_req_complete(hdev, status); 548 549 hci_conn_check_pending(hdev); 550 } else 551 set_bit(HCI_INQUIRY, &hdev->flags); 552} 553 554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 555{ 556 struct hci_cp_create_conn *cp; 557 struct hci_conn *conn; 558 559 BT_DBG("%s status 0x%x", hdev->name, status); 560 561 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 562 if (!cp) 563 return; 564 565 hci_dev_lock(hdev); 566 567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 568 569 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 570 571 if (status) { 572 if (conn && conn->state == BT_CONNECT) { 573 if (status != 0x0c || conn->attempt > 2) { 574 conn->state = BT_CLOSED; 575 hci_proto_connect_cfm(conn, status); 576 hci_conn_del(conn); 577 } else 578 conn->state = BT_CONNECT2; 579 } 580 } else { 581 if (!conn) { 582 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 583 if (conn) { 584 conn->out = 1; 585 conn->link_mode |= HCI_LM_MASTER; 586 } else 587 BT_ERR("No memory for new connection"); 588 } 589 } 590 591 hci_dev_unlock(hdev); 592} 593 594static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 595{ 596 struct hci_cp_add_sco *cp; 597 struct hci_conn *acl, *sco; 598 __u16 handle; 599 600 BT_DBG("%s status 0x%x", hdev->name, status); 601 602 if (!status) 603 return; 604 605 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 606 if (!cp) 607 return; 608 609 handle = __le16_to_cpu(cp->handle); 610 611 BT_DBG("%s handle %d", hdev->name, handle); 612 613 hci_dev_lock(hdev); 614 615 acl = hci_conn_hash_lookup_handle(hdev, handle); 616 if (acl && (sco = acl->link)) { 617 sco->state = BT_CLOSED; 618 619 hci_proto_connect_cfm(sco, status); 620 hci_conn_del(sco); 621 } 622 623 hci_dev_unlock(hdev); 624} 625 626static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 627{ 628 struct hci_cp_auth_requested *cp; 629 struct hci_conn *conn; 630 631 BT_DBG("%s status 0x%x", hdev->name, status); 632 633 if (!status) 634 return; 635 636 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 637 if (!cp) 638 return; 639 640 hci_dev_lock(hdev); 641 642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 643 if (conn) { 644 if (conn->state == BT_CONFIG) { 645 hci_proto_connect_cfm(conn, status); 646 hci_conn_put(conn); 647 } 648 } 649 650 hci_dev_unlock(hdev); 651} 652 653static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 654{ 655 struct hci_cp_set_conn_encrypt *cp; 656 struct hci_conn *conn; 657 658 BT_DBG("%s status 0x%x", hdev->name, status); 659 660 if (!status) 661 return; 662 663 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 664 if (!cp) 665 return; 666 667 hci_dev_lock(hdev); 668 669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 670 if (conn) { 671 if (conn->state == BT_CONFIG) { 672 hci_proto_connect_cfm(conn, status); 673 hci_conn_put(conn); 674 } 675 } 676 677 hci_dev_unlock(hdev); 678} 679 680static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 681{ 682 BT_DBG("%s status 0x%x", hdev->name, status); 683} 684 685static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 686{ 687 struct hci_cp_read_remote_features *cp; 688 struct hci_conn *conn; 689 690 BT_DBG("%s status 0x%x", hdev->name, status); 691 692 if (!status) 693 return; 694 695 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 696 if (!cp) 697 return; 698 699 hci_dev_lock(hdev); 700 701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 702 if (conn) { 703 if (conn->state == BT_CONFIG) { 704 hci_proto_connect_cfm(conn, status); 705 hci_conn_put(conn); 706 } 707 } 708 709 hci_dev_unlock(hdev); 710} 711 712static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 713{ 714 struct hci_cp_read_remote_ext_features *cp; 715 struct hci_conn *conn; 716 717 BT_DBG("%s status 0x%x", hdev->name, status); 718 719 if (!status) 720 return; 721 722 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 723 if (!cp) 724 return; 725 726 hci_dev_lock(hdev); 727 728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 729 if (conn) { 730 if (conn->state == BT_CONFIG) { 731 hci_proto_connect_cfm(conn, status); 732 hci_conn_put(conn); 733 } 734 } 735 736 hci_dev_unlock(hdev); 737} 738 739static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 740{ 741 struct hci_cp_setup_sync_conn *cp; 742 struct hci_conn *acl, *sco; 743 __u16 handle; 744 745 BT_DBG("%s status 0x%x", hdev->name, status); 746 747 if (!status) 748 return; 749 750 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 751 if (!cp) 752 return; 753 754 handle = __le16_to_cpu(cp->handle); 755 756 BT_DBG("%s handle %d", hdev->name, handle); 757 758 hci_dev_lock(hdev); 759 760 acl = hci_conn_hash_lookup_handle(hdev, handle); 761 if (acl && (sco = acl->link)) { 762 sco->state = BT_CLOSED; 763 764 hci_proto_connect_cfm(sco, status); 765 hci_conn_del(sco); 766 } 767 768 hci_dev_unlock(hdev); 769} 770 771static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 772{ 773 struct hci_cp_sniff_mode *cp; 774 struct hci_conn *conn; 775 776 BT_DBG("%s status 0x%x", hdev->name, status); 777 778 if (!status) 779 return; 780 781 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 782 if (!cp) 783 return; 784 785 hci_dev_lock(hdev); 786 787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 788 if (conn) { 789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 790 791 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 792 hci_sco_setup(conn, status); 793 } 794 795 hci_dev_unlock(hdev); 796} 797 798static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 799{ 800 struct hci_cp_exit_sniff_mode *cp; 801 struct hci_conn *conn; 802 803 BT_DBG("%s status 0x%x", hdev->name, status); 804 805 if (!status) 806 return; 807 808 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 809 if (!cp) 810 return; 811 812 hci_dev_lock(hdev); 813 814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 815 if (conn) { 816 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 817 818 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 819 hci_sco_setup(conn, status); 820 } 821 822 hci_dev_unlock(hdev); 823} 824 825static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 826{ 827 __u8 status = *((__u8 *) skb->data); 828 829 BT_DBG("%s status %d", hdev->name, status); 830 831 clear_bit(HCI_INQUIRY, &hdev->flags); 832 833 hci_req_complete(hdev, status); 834 835 hci_conn_check_pending(hdev); 836} 837 838static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 839{ 840 struct inquiry_data data; 841 struct inquiry_info *info = (void *) (skb->data + 1); 842 int num_rsp = *((__u8 *) skb->data); 843 844 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 845 846 if (!num_rsp) 847 return; 848 849 hci_dev_lock(hdev); 850 851 for (; num_rsp; num_rsp--) { 852 bacpy(&data.bdaddr, &info->bdaddr); 853 data.pscan_rep_mode = info->pscan_rep_mode; 854 data.pscan_period_mode = info->pscan_period_mode; 855 data.pscan_mode = info->pscan_mode; 856 memcpy(data.dev_class, info->dev_class, 3); 857 data.clock_offset = info->clock_offset; 858 data.rssi = 0x00; 859 data.ssp_mode = 0x00; 860 info++; 861 hci_inquiry_cache_update(hdev, &data); 862 } 863 864 hci_dev_unlock(hdev); 865} 866 867static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 868{ 869 struct hci_ev_conn_complete *ev = (void *) skb->data; 870 struct hci_conn *conn; 871 872 BT_DBG("%s", hdev->name); 873 874 hci_dev_lock(hdev); 875 876 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 877 if (!conn) { 878 if (ev->link_type != SCO_LINK) 879 goto unlock; 880 881 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 882 if (!conn) 883 goto unlock; 884 885 conn->type = SCO_LINK; 886 } 887 888 if (!ev->status) { 889 conn->handle = __le16_to_cpu(ev->handle); 890 891 if (conn->type == ACL_LINK) { 892 conn->state = BT_CONFIG; 893 hci_conn_hold(conn); 894 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 895 } else 896 conn->state = BT_CONNECTED; 897 898 hci_conn_hold_device(conn); 899 hci_conn_add_sysfs(conn); 900 901 if (test_bit(HCI_AUTH, &hdev->flags)) 902 conn->link_mode |= HCI_LM_AUTH; 903 904 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 905 conn->link_mode |= HCI_LM_ENCRYPT; 906 907 /* Get remote features */ 908 if (conn->type == ACL_LINK) { 909 struct hci_cp_read_remote_features cp; 910 cp.handle = ev->handle; 911 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 912 sizeof(cp), &cp); 913 } 914 915 /* Set packet type for incoming connection */ 916 if (!conn->out && hdev->hci_ver < 3) { 917 struct hci_cp_change_conn_ptype cp; 918 cp.handle = ev->handle; 919 cp.pkt_type = cpu_to_le16(conn->pkt_type); 920 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 921 sizeof(cp), &cp); 922 } 923 } else 924 conn->state = BT_CLOSED; 925 926 if (conn->type == ACL_LINK) 927 hci_sco_setup(conn, ev->status); 928 929 if (ev->status) { 930 hci_proto_connect_cfm(conn, ev->status); 931 hci_conn_del(conn); 932 } else if (ev->link_type != ACL_LINK) 933 hci_proto_connect_cfm(conn, ev->status); 934 935unlock: 936 hci_dev_unlock(hdev); 937 938 hci_conn_check_pending(hdev); 939} 940 941static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 942{ 943 struct hci_ev_conn_request *ev = (void *) skb->data; 944 int mask = hdev->link_mode; 945 946 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 947 batostr(&ev->bdaddr), ev->link_type); 948 949 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 950 951 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 952 /* Connection accepted */ 953 struct inquiry_entry *ie; 954 struct hci_conn *conn; 955 956 hci_dev_lock(hdev); 957 958 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 959 memcpy(ie->data.dev_class, ev->dev_class, 3); 960 961 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 962 if (!conn) { 963 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 964 BT_ERR("No memory for new connection"); 965 hci_dev_unlock(hdev); 966 return; 967 } 968 } 969 970 memcpy(conn->dev_class, ev->dev_class, 3); 971 conn->state = BT_CONNECT; 972 973 hci_dev_unlock(hdev); 974 975 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 976 struct hci_cp_accept_conn_req cp; 977 978 bacpy(&cp.bdaddr, &ev->bdaddr); 979 980 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 981 cp.role = 0x00; /* Become master */ 982 else 983 cp.role = 0x01; /* Remain slave */ 984 985 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 986 sizeof(cp), &cp); 987 } else { 988 struct hci_cp_accept_sync_conn_req cp; 989 990 bacpy(&cp.bdaddr, &ev->bdaddr); 991 cp.pkt_type = cpu_to_le16(conn->pkt_type); 992 993 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 994 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 995 cp.max_latency = cpu_to_le16(0xffff); 996 cp.content_format = cpu_to_le16(hdev->voice_setting); 997 cp.retrans_effort = 0xff; 998 999 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1000 sizeof(cp), &cp); 1001 } 1002 } else { 1003 /* Connection rejected */ 1004 struct hci_cp_reject_conn_req cp; 1005 1006 bacpy(&cp.bdaddr, &ev->bdaddr); 1007 cp.reason = 0x0f; 1008 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1009 } 1010} 1011 1012static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1013{ 1014 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1015 struct hci_conn *conn; 1016 1017 BT_DBG("%s status %d", hdev->name, ev->status); 1018 1019 if (ev->status) 1020 return; 1021 1022 hci_dev_lock(hdev); 1023 1024 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1025 if (conn) { 1026 conn->state = BT_CLOSED; 1027 1028 hci_proto_disconn_cfm(conn, ev->reason); 1029 hci_conn_del(conn); 1030 } 1031 1032 hci_dev_unlock(hdev); 1033} 1034 1035static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1036{ 1037 struct hci_ev_auth_complete *ev = (void *) skb->data; 1038 struct hci_conn *conn; 1039 1040 BT_DBG("%s status %d", hdev->name, ev->status); 1041 1042 hci_dev_lock(hdev); 1043 1044 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1045 if (conn) { 1046 if (!ev->status) 1047 conn->link_mode |= HCI_LM_AUTH; 1048 else 1049 conn->sec_level = BT_SECURITY_LOW; 1050 1051 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1052 1053 if (conn->state == BT_CONFIG) { 1054 if (!ev->status && hdev->ssp_mode > 0 && 1055 conn->ssp_mode > 0) { 1056 struct hci_cp_set_conn_encrypt cp; 1057 cp.handle = ev->handle; 1058 cp.encrypt = 0x01; 1059 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1060 sizeof(cp), &cp); 1061 } else { 1062 conn->state = BT_CONNECTED; 1063 hci_proto_connect_cfm(conn, ev->status); 1064 hci_conn_put(conn); 1065 } 1066 } else { 1067 hci_auth_cfm(conn, ev->status); 1068 1069 hci_conn_hold(conn); 1070 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1071 hci_conn_put(conn); 1072 } 1073 1074 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1075 if (!ev->status) { 1076 struct hci_cp_set_conn_encrypt cp; 1077 cp.handle = ev->handle; 1078 cp.encrypt = 0x01; 1079 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1080 sizeof(cp), &cp); 1081 } else { 1082 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1083 hci_encrypt_cfm(conn, ev->status, 0x00); 1084 } 1085 } 1086 } 1087 1088 hci_dev_unlock(hdev); 1089} 1090 1091static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1092{ 1093 BT_DBG("%s", hdev->name); 1094 1095 hci_conn_check_pending(hdev); 1096} 1097 1098static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1099{ 1100 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1101 struct hci_conn *conn; 1102 1103 BT_DBG("%s status %d", hdev->name, ev->status); 1104 1105 hci_dev_lock(hdev); 1106 1107 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1108 if (conn) { 1109 if (!ev->status) { 1110 if (ev->encrypt) { 1111 /* Encryption implies authentication */ 1112 conn->link_mode |= HCI_LM_AUTH; 1113 conn->link_mode |= HCI_LM_ENCRYPT; 1114 } else 1115 conn->link_mode &= ~HCI_LM_ENCRYPT; 1116 } 1117 1118 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1119 1120 if (conn->state == BT_CONFIG) { 1121 if (!ev->status) 1122 conn->state = BT_CONNECTED; 1123 1124 hci_proto_connect_cfm(conn, ev->status); 1125 hci_conn_put(conn); 1126 } else 1127 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1128 } 1129 1130 hci_dev_unlock(hdev); 1131} 1132 1133static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1134{ 1135 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1136 struct hci_conn *conn; 1137 1138 BT_DBG("%s status %d", hdev->name, ev->status); 1139 1140 hci_dev_lock(hdev); 1141 1142 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1143 if (conn) { 1144 if (!ev->status) 1145 conn->link_mode |= HCI_LM_SECURE; 1146 1147 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1148 1149 hci_key_change_cfm(conn, ev->status); 1150 } 1151 1152 hci_dev_unlock(hdev); 1153} 1154 1155static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1156{ 1157 struct hci_ev_remote_features *ev = (void *) skb->data; 1158 struct hci_conn *conn; 1159 1160 BT_DBG("%s status %d", hdev->name, ev->status); 1161 1162 hci_dev_lock(hdev); 1163 1164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1165 if (conn) { 1166 if (!ev->status) 1167 memcpy(conn->features, ev->features, 8); 1168 1169 if (conn->state == BT_CONFIG) { 1170 if (!ev->status && lmp_ssp_capable(hdev) && 1171 lmp_ssp_capable(conn)) { 1172 struct hci_cp_read_remote_ext_features cp; 1173 cp.handle = ev->handle; 1174 cp.page = 0x01; 1175 hci_send_cmd(hdev, 1176 HCI_OP_READ_REMOTE_EXT_FEATURES, 1177 sizeof(cp), &cp); 1178 } else { 1179 conn->state = BT_CONNECTED; 1180 hci_proto_connect_cfm(conn, ev->status); 1181 hci_conn_put(conn); 1182 } 1183 } 1184 } 1185 1186 hci_dev_unlock(hdev); 1187} 1188 1189static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1190{ 1191 BT_DBG("%s", hdev->name); 1192} 1193 1194static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1195{ 1196 BT_DBG("%s", hdev->name); 1197} 1198 1199static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1200{ 1201 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1202 __u16 opcode; 1203 1204 skb_pull(skb, sizeof(*ev)); 1205 1206 opcode = __le16_to_cpu(ev->opcode); 1207 1208 switch (opcode) { 1209 case HCI_OP_INQUIRY_CANCEL: 1210 hci_cc_inquiry_cancel(hdev, skb); 1211 break; 1212 1213 case HCI_OP_EXIT_PERIODIC_INQ: 1214 hci_cc_exit_periodic_inq(hdev, skb); 1215 break; 1216 1217 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1218 hci_cc_remote_name_req_cancel(hdev, skb); 1219 break; 1220 1221 case HCI_OP_ROLE_DISCOVERY: 1222 hci_cc_role_discovery(hdev, skb); 1223 break; 1224 1225 case HCI_OP_READ_LINK_POLICY: 1226 hci_cc_read_link_policy(hdev, skb); 1227 break; 1228 1229 case HCI_OP_WRITE_LINK_POLICY: 1230 hci_cc_write_link_policy(hdev, skb); 1231 break; 1232 1233 case HCI_OP_READ_DEF_LINK_POLICY: 1234 hci_cc_read_def_link_policy(hdev, skb); 1235 break; 1236 1237 case HCI_OP_WRITE_DEF_LINK_POLICY: 1238 hci_cc_write_def_link_policy(hdev, skb); 1239 break; 1240 1241 case HCI_OP_RESET: 1242 hci_cc_reset(hdev, skb); 1243 break; 1244 1245 case HCI_OP_WRITE_LOCAL_NAME: 1246 hci_cc_write_local_name(hdev, skb); 1247 break; 1248 1249 case HCI_OP_READ_LOCAL_NAME: 1250 hci_cc_read_local_name(hdev, skb); 1251 break; 1252 1253 case HCI_OP_WRITE_AUTH_ENABLE: 1254 hci_cc_write_auth_enable(hdev, skb); 1255 break; 1256 1257 case HCI_OP_WRITE_ENCRYPT_MODE: 1258 hci_cc_write_encrypt_mode(hdev, skb); 1259 break; 1260 1261 case HCI_OP_WRITE_SCAN_ENABLE: 1262 hci_cc_write_scan_enable(hdev, skb); 1263 break; 1264 1265 case HCI_OP_READ_CLASS_OF_DEV: 1266 hci_cc_read_class_of_dev(hdev, skb); 1267 break; 1268 1269 case HCI_OP_WRITE_CLASS_OF_DEV: 1270 hci_cc_write_class_of_dev(hdev, skb); 1271 break; 1272 1273 case HCI_OP_READ_VOICE_SETTING: 1274 hci_cc_read_voice_setting(hdev, skb); 1275 break; 1276 1277 case HCI_OP_WRITE_VOICE_SETTING: 1278 hci_cc_write_voice_setting(hdev, skb); 1279 break; 1280 1281 case HCI_OP_HOST_BUFFER_SIZE: 1282 hci_cc_host_buffer_size(hdev, skb); 1283 break; 1284 1285 case HCI_OP_READ_SSP_MODE: 1286 hci_cc_read_ssp_mode(hdev, skb); 1287 break; 1288 1289 case HCI_OP_WRITE_SSP_MODE: 1290 hci_cc_write_ssp_mode(hdev, skb); 1291 break; 1292 1293 case HCI_OP_READ_LOCAL_VERSION: 1294 hci_cc_read_local_version(hdev, skb); 1295 break; 1296 1297 case HCI_OP_READ_LOCAL_COMMANDS: 1298 hci_cc_read_local_commands(hdev, skb); 1299 break; 1300 1301 case HCI_OP_READ_LOCAL_FEATURES: 1302 hci_cc_read_local_features(hdev, skb); 1303 break; 1304 1305 case HCI_OP_READ_BUFFER_SIZE: 1306 hci_cc_read_buffer_size(hdev, skb); 1307 break; 1308 1309 case HCI_OP_READ_BD_ADDR: 1310 hci_cc_read_bd_addr(hdev, skb); 1311 break; 1312 1313 default: 1314 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1315 break; 1316 } 1317 1318 if (ev->ncmd) { 1319 atomic_set(&hdev->cmd_cnt, 1); 1320 if (!skb_queue_empty(&hdev->cmd_q)) 1321 tasklet_schedule(&hdev->cmd_task); 1322 } 1323} 1324 1325static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1326{ 1327 struct hci_ev_cmd_status *ev = (void *) skb->data; 1328 __u16 opcode; 1329 1330 skb_pull(skb, sizeof(*ev)); 1331 1332 opcode = __le16_to_cpu(ev->opcode); 1333 1334 switch (opcode) { 1335 case HCI_OP_INQUIRY: 1336 hci_cs_inquiry(hdev, ev->status); 1337 break; 1338 1339 case HCI_OP_CREATE_CONN: 1340 hci_cs_create_conn(hdev, ev->status); 1341 break; 1342 1343 case HCI_OP_ADD_SCO: 1344 hci_cs_add_sco(hdev, ev->status); 1345 break; 1346 1347 case HCI_OP_AUTH_REQUESTED: 1348 hci_cs_auth_requested(hdev, ev->status); 1349 break; 1350 1351 case HCI_OP_SET_CONN_ENCRYPT: 1352 hci_cs_set_conn_encrypt(hdev, ev->status); 1353 break; 1354 1355 case HCI_OP_REMOTE_NAME_REQ: 1356 hci_cs_remote_name_req(hdev, ev->status); 1357 break; 1358 1359 case HCI_OP_READ_REMOTE_FEATURES: 1360 hci_cs_read_remote_features(hdev, ev->status); 1361 break; 1362 1363 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1364 hci_cs_read_remote_ext_features(hdev, ev->status); 1365 break; 1366 1367 case HCI_OP_SETUP_SYNC_CONN: 1368 hci_cs_setup_sync_conn(hdev, ev->status); 1369 break; 1370 1371 case HCI_OP_SNIFF_MODE: 1372 hci_cs_sniff_mode(hdev, ev->status); 1373 break; 1374 1375 case HCI_OP_EXIT_SNIFF_MODE: 1376 hci_cs_exit_sniff_mode(hdev, ev->status); 1377 break; 1378 1379 default: 1380 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1381 break; 1382 } 1383 1384 if (ev->ncmd) { 1385 atomic_set(&hdev->cmd_cnt, 1); 1386 if (!skb_queue_empty(&hdev->cmd_q)) 1387 tasklet_schedule(&hdev->cmd_task); 1388 } 1389} 1390 1391static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1392{ 1393 struct hci_ev_role_change *ev = (void *) skb->data; 1394 struct hci_conn *conn; 1395 1396 BT_DBG("%s status %d", hdev->name, ev->status); 1397 1398 hci_dev_lock(hdev); 1399 1400 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1401 if (conn) { 1402 if (!ev->status) { 1403 if (ev->role) 1404 conn->link_mode &= ~HCI_LM_MASTER; 1405 else 1406 conn->link_mode |= HCI_LM_MASTER; 1407 } 1408 1409 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1410 1411 hci_role_switch_cfm(conn, ev->status, ev->role); 1412 } 1413 1414 hci_dev_unlock(hdev); 1415} 1416 1417static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1418{ 1419 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1420 __le16 *ptr; 1421 int i; 1422 1423 skb_pull(skb, sizeof(*ev)); 1424 1425 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1426 1427 if (skb->len < ev->num_hndl * 4) { 1428 BT_DBG("%s bad parameters", hdev->name); 1429 return; 1430 } 1431 1432 tasklet_disable(&hdev->tx_task); 1433 1434 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1435 struct hci_conn *conn; 1436 __u16 handle, count; 1437 1438 handle = get_unaligned_le16(ptr++); 1439 count = get_unaligned_le16(ptr++); 1440 1441 conn = hci_conn_hash_lookup_handle(hdev, handle); 1442 if (conn) { 1443 conn->sent -= count; 1444 1445 if (conn->type == ACL_LINK) { 1446 if ((hdev->acl_cnt += count) > hdev->acl_pkts) 1447 hdev->acl_cnt = hdev->acl_pkts; 1448 } else { 1449 if ((hdev->sco_cnt += count) > hdev->sco_pkts) 1450 hdev->sco_cnt = hdev->sco_pkts; 1451 } 1452 } 1453 } 1454 1455 tasklet_schedule(&hdev->tx_task); 1456 1457 tasklet_enable(&hdev->tx_task); 1458} 1459 1460static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1461{ 1462 struct hci_ev_mode_change *ev = (void *) skb->data; 1463 struct hci_conn *conn; 1464 1465 BT_DBG("%s status %d", hdev->name, ev->status); 1466 1467 hci_dev_lock(hdev); 1468 1469 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1470 if (conn) { 1471 conn->mode = ev->mode; 1472 conn->interval = __le16_to_cpu(ev->interval); 1473 1474 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 1475 if (conn->mode == HCI_CM_ACTIVE) 1476 conn->power_save = 1; 1477 else 1478 conn->power_save = 0; 1479 } 1480 1481 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1482 hci_sco_setup(conn, ev->status); 1483 } 1484 1485 hci_dev_unlock(hdev); 1486} 1487 1488static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1489{ 1490 struct hci_ev_pin_code_req *ev = (void *) skb->data; 1491 struct hci_conn *conn; 1492 1493 BT_DBG("%s", hdev->name); 1494 1495 hci_dev_lock(hdev); 1496 1497 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1498 if (conn && conn->state == BT_CONNECTED) { 1499 hci_conn_hold(conn); 1500 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 1501 hci_conn_put(conn); 1502 } 1503 1504 hci_dev_unlock(hdev); 1505} 1506 1507static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1508{ 1509 BT_DBG("%s", hdev->name); 1510} 1511 1512static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 1513{ 1514 struct hci_ev_link_key_notify *ev = (void *) skb->data; 1515 struct hci_conn *conn; 1516 1517 BT_DBG("%s", hdev->name); 1518 1519 hci_dev_lock(hdev); 1520 1521 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1522 if (conn) { 1523 hci_conn_hold(conn); 1524 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1525 hci_conn_put(conn); 1526 } 1527 1528 hci_dev_unlock(hdev); 1529} 1530 1531static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 1532{ 1533 struct hci_ev_clock_offset *ev = (void *) skb->data; 1534 struct hci_conn *conn; 1535 1536 BT_DBG("%s status %d", hdev->name, ev->status); 1537 1538 hci_dev_lock(hdev); 1539 1540 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1541 if (conn && !ev->status) { 1542 struct inquiry_entry *ie; 1543 1544 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 1545 ie->data.clock_offset = ev->clock_offset; 1546 ie->timestamp = jiffies; 1547 } 1548 } 1549 1550 hci_dev_unlock(hdev); 1551} 1552 1553static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1554{ 1555 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 1556 struct hci_conn *conn; 1557 1558 BT_DBG("%s status %d", hdev->name, ev->status); 1559 1560 hci_dev_lock(hdev); 1561 1562 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1563 if (conn && !ev->status) 1564 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 1565 1566 hci_dev_unlock(hdev); 1567} 1568 1569static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1570{ 1571 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1572 struct inquiry_entry *ie; 1573 1574 BT_DBG("%s", hdev->name); 1575 1576 hci_dev_lock(hdev); 1577 1578 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) { 1579 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 1580 ie->timestamp = jiffies; 1581 } 1582 1583 hci_dev_unlock(hdev); 1584} 1585 1586static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 1587{ 1588 struct inquiry_data data; 1589 int num_rsp = *((__u8 *) skb->data); 1590 1591 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1592 1593 if (!num_rsp) 1594 return; 1595 1596 hci_dev_lock(hdev); 1597 1598 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 1599 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 1600 1601 for (; num_rsp; num_rsp--) { 1602 bacpy(&data.bdaddr, &info->bdaddr); 1603 data.pscan_rep_mode = info->pscan_rep_mode; 1604 data.pscan_period_mode = info->pscan_period_mode; 1605 data.pscan_mode = info->pscan_mode; 1606 memcpy(data.dev_class, info->dev_class, 3); 1607 data.clock_offset = info->clock_offset; 1608 data.rssi = info->rssi; 1609 data.ssp_mode = 0x00; 1610 info++; 1611 hci_inquiry_cache_update(hdev, &data); 1612 } 1613 } else { 1614 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 1615 1616 for (; num_rsp; num_rsp--) { 1617 bacpy(&data.bdaddr, &info->bdaddr); 1618 data.pscan_rep_mode = info->pscan_rep_mode; 1619 data.pscan_period_mode = info->pscan_period_mode; 1620 data.pscan_mode = 0x00; 1621 memcpy(data.dev_class, info->dev_class, 3); 1622 data.clock_offset = info->clock_offset; 1623 data.rssi = info->rssi; 1624 data.ssp_mode = 0x00; 1625 info++; 1626 hci_inquiry_cache_update(hdev, &data); 1627 } 1628 } 1629 1630 hci_dev_unlock(hdev); 1631} 1632 1633static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1634{ 1635 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 1636 struct hci_conn *conn; 1637 1638 BT_DBG("%s", hdev->name); 1639 1640 hci_dev_lock(hdev); 1641 1642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1643 if (conn) { 1644 if (!ev->status && ev->page == 0x01) { 1645 struct inquiry_entry *ie; 1646 1647 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) 1648 ie->data.ssp_mode = (ev->features[0] & 0x01); 1649 1650 conn->ssp_mode = (ev->features[0] & 0x01); 1651 } 1652 1653 if (conn->state == BT_CONFIG) { 1654 if (!ev->status && hdev->ssp_mode > 0 && 1655 conn->ssp_mode > 0 && conn->out && 1656 conn->sec_level != BT_SECURITY_SDP) { 1657 struct hci_cp_auth_requested cp; 1658 cp.handle = ev->handle; 1659 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1660 sizeof(cp), &cp); 1661 } else { 1662 conn->state = BT_CONNECTED; 1663 hci_proto_connect_cfm(conn, ev->status); 1664 hci_conn_put(conn); 1665 } 1666 } 1667 } 1668 1669 hci_dev_unlock(hdev); 1670} 1671 1672static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1673{ 1674 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 1675 struct hci_conn *conn; 1676 1677 BT_DBG("%s status %d", hdev->name, ev->status); 1678 1679 hci_dev_lock(hdev); 1680 1681 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1682 if (!conn) { 1683 if (ev->link_type == ESCO_LINK) 1684 goto unlock; 1685 1686 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1687 if (!conn) 1688 goto unlock; 1689 1690 conn->type = SCO_LINK; 1691 } 1692 1693 switch (ev->status) { 1694 case 0x00: 1695 conn->handle = __le16_to_cpu(ev->handle); 1696 conn->state = BT_CONNECTED; 1697 1698 hci_conn_hold_device(conn); 1699 hci_conn_add_sysfs(conn); 1700 break; 1701 1702 case 0x11: /* Unsupported Feature or Parameter Value */ 1703 case 0x1c: /* SCO interval rejected */ 1704 case 0x1a: /* Unsupported Remote Feature */ 1705 case 0x1f: /* Unspecified error */ 1706 if (conn->out && conn->attempt < 2) { 1707 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1708 (hdev->esco_type & EDR_ESCO_MASK); 1709 hci_setup_sync(conn, conn->link->handle); 1710 goto unlock; 1711 } 1712 /* fall through */ 1713 1714 default: 1715 conn->state = BT_CLOSED; 1716 break; 1717 } 1718 1719 hci_proto_connect_cfm(conn, ev->status); 1720 if (ev->status) 1721 hci_conn_del(conn); 1722 1723unlock: 1724 hci_dev_unlock(hdev); 1725} 1726 1727static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 1728{ 1729 BT_DBG("%s", hdev->name); 1730} 1731 1732static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 1733{ 1734 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 1735 struct hci_conn *conn; 1736 1737 BT_DBG("%s status %d", hdev->name, ev->status); 1738 1739 hci_dev_lock(hdev); 1740 1741 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1742 if (conn) { 1743 } 1744 1745 hci_dev_unlock(hdev); 1746} 1747 1748static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1749{ 1750 struct inquiry_data data; 1751 struct extended_inquiry_info *info = (void *) (skb->data + 1); 1752 int num_rsp = *((__u8 *) skb->data); 1753 1754 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1755 1756 if (!num_rsp) 1757 return; 1758 1759 hci_dev_lock(hdev); 1760 1761 for (; num_rsp; num_rsp--) { 1762 bacpy(&data.bdaddr, &info->bdaddr); 1763 data.pscan_rep_mode = info->pscan_rep_mode; 1764 data.pscan_period_mode = info->pscan_period_mode; 1765 data.pscan_mode = 0x00; 1766 memcpy(data.dev_class, info->dev_class, 3); 1767 data.clock_offset = info->clock_offset; 1768 data.rssi = info->rssi; 1769 data.ssp_mode = 0x01; 1770 info++; 1771 hci_inquiry_cache_update(hdev, &data); 1772 } 1773 1774 hci_dev_unlock(hdev); 1775} 1776 1777static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1778{ 1779 struct hci_ev_io_capa_request *ev = (void *) skb->data; 1780 struct hci_conn *conn; 1781 1782 BT_DBG("%s", hdev->name); 1783 1784 hci_dev_lock(hdev); 1785 1786 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1787 if (conn) 1788 hci_conn_hold(conn); 1789 1790 hci_dev_unlock(hdev); 1791} 1792 1793static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1794{ 1795 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 1796 struct hci_conn *conn; 1797 1798 BT_DBG("%s", hdev->name); 1799 1800 hci_dev_lock(hdev); 1801 1802 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1803 if (conn) 1804 hci_conn_put(conn); 1805 1806 hci_dev_unlock(hdev); 1807} 1808 1809static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1810{ 1811 struct hci_ev_remote_host_features *ev = (void *) skb->data; 1812 struct inquiry_entry *ie; 1813 1814 BT_DBG("%s", hdev->name); 1815 1816 hci_dev_lock(hdev); 1817 1818 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 1819 ie->data.ssp_mode = (ev->features[0] & 0x01); 1820 1821 hci_dev_unlock(hdev); 1822} 1823 1824void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 1825{ 1826 struct hci_event_hdr *hdr = (void *) skb->data; 1827 __u8 event = hdr->evt; 1828 1829 skb_pull(skb, HCI_EVENT_HDR_SIZE); 1830 1831 switch (event) { 1832 case HCI_EV_INQUIRY_COMPLETE: 1833 hci_inquiry_complete_evt(hdev, skb); 1834 break; 1835 1836 case HCI_EV_INQUIRY_RESULT: 1837 hci_inquiry_result_evt(hdev, skb); 1838 break; 1839 1840 case HCI_EV_CONN_COMPLETE: 1841 hci_conn_complete_evt(hdev, skb); 1842 break; 1843 1844 case HCI_EV_CONN_REQUEST: 1845 hci_conn_request_evt(hdev, skb); 1846 break; 1847 1848 case HCI_EV_DISCONN_COMPLETE: 1849 hci_disconn_complete_evt(hdev, skb); 1850 break; 1851 1852 case HCI_EV_AUTH_COMPLETE: 1853 hci_auth_complete_evt(hdev, skb); 1854 break; 1855 1856 case HCI_EV_REMOTE_NAME: 1857 hci_remote_name_evt(hdev, skb); 1858 break; 1859 1860 case HCI_EV_ENCRYPT_CHANGE: 1861 hci_encrypt_change_evt(hdev, skb); 1862 break; 1863 1864 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 1865 hci_change_link_key_complete_evt(hdev, skb); 1866 break; 1867 1868 case HCI_EV_REMOTE_FEATURES: 1869 hci_remote_features_evt(hdev, skb); 1870 break; 1871 1872 case HCI_EV_REMOTE_VERSION: 1873 hci_remote_version_evt(hdev, skb); 1874 break; 1875 1876 case HCI_EV_QOS_SETUP_COMPLETE: 1877 hci_qos_setup_complete_evt(hdev, skb); 1878 break; 1879 1880 case HCI_EV_CMD_COMPLETE: 1881 hci_cmd_complete_evt(hdev, skb); 1882 break; 1883 1884 case HCI_EV_CMD_STATUS: 1885 hci_cmd_status_evt(hdev, skb); 1886 break; 1887 1888 case HCI_EV_ROLE_CHANGE: 1889 hci_role_change_evt(hdev, skb); 1890 break; 1891 1892 case HCI_EV_NUM_COMP_PKTS: 1893 hci_num_comp_pkts_evt(hdev, skb); 1894 break; 1895 1896 case HCI_EV_MODE_CHANGE: 1897 hci_mode_change_evt(hdev, skb); 1898 break; 1899 1900 case HCI_EV_PIN_CODE_REQ: 1901 hci_pin_code_request_evt(hdev, skb); 1902 break; 1903 1904 case HCI_EV_LINK_KEY_REQ: 1905 hci_link_key_request_evt(hdev, skb); 1906 break; 1907 1908 case HCI_EV_LINK_KEY_NOTIFY: 1909 hci_link_key_notify_evt(hdev, skb); 1910 break; 1911 1912 case HCI_EV_CLOCK_OFFSET: 1913 hci_clock_offset_evt(hdev, skb); 1914 break; 1915 1916 case HCI_EV_PKT_TYPE_CHANGE: 1917 hci_pkt_type_change_evt(hdev, skb); 1918 break; 1919 1920 case HCI_EV_PSCAN_REP_MODE: 1921 hci_pscan_rep_mode_evt(hdev, skb); 1922 break; 1923 1924 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 1925 hci_inquiry_result_with_rssi_evt(hdev, skb); 1926 break; 1927 1928 case HCI_EV_REMOTE_EXT_FEATURES: 1929 hci_remote_ext_features_evt(hdev, skb); 1930 break; 1931 1932 case HCI_EV_SYNC_CONN_COMPLETE: 1933 hci_sync_conn_complete_evt(hdev, skb); 1934 break; 1935 1936 case HCI_EV_SYNC_CONN_CHANGED: 1937 hci_sync_conn_changed_evt(hdev, skb); 1938 break; 1939 1940 case HCI_EV_SNIFF_SUBRATE: 1941 hci_sniff_subrate_evt(hdev, skb); 1942 break; 1943 1944 case HCI_EV_EXTENDED_INQUIRY_RESULT: 1945 hci_extended_inquiry_result_evt(hdev, skb); 1946 break; 1947 1948 case HCI_EV_IO_CAPA_REQUEST: 1949 hci_io_capa_request_evt(hdev, skb); 1950 break; 1951 1952 case HCI_EV_SIMPLE_PAIR_COMPLETE: 1953 hci_simple_pair_complete_evt(hdev, skb); 1954 break; 1955 1956 case HCI_EV_REMOTE_HOST_FEATURES: 1957 hci_remote_host_features_evt(hdev, skb); 1958 break; 1959 1960 default: 1961 BT_DBG("%s event 0x%x", hdev->name, event); 1962 break; 1963 } 1964 1965 kfree_skb(skb); 1966 hdev->stat.evt_rx++; 1967} 1968 1969/* Generate internal stack event */ 1970void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 1971{ 1972 struct hci_event_hdr *hdr; 1973 struct hci_ev_stack_internal *ev; 1974 struct sk_buff *skb; 1975 1976 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 1977 if (!skb) 1978 return; 1979 1980 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 1981 hdr->evt = HCI_EV_STACK_INTERNAL; 1982 hdr->plen = sizeof(*ev) + dlen; 1983 1984 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 1985 ev->type = type; 1986 memcpy(ev->data, data, dlen); 1987 1988 bt_cb(skb)->incoming = 1; 1989 __net_timestamp(skb); 1990 1991 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 1992 skb->dev = (void *) hdev; 1993 hci_send_to_sock(hdev, skb); 1994 kfree_skb(skb); 1995} 1996