1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI event handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 #ifndef CONFIG_BT_HCI_CORE_DEBUG 49 #undef BT_DBG 50 #define BT_DBG(D...) 51 #endif 52 53 /* Handle HCI Event packets */ 54 55 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 56 { 57 __u8 status = *((__u8 *) skb->data); 58 59 BT_DBG("%s status 0x%x", hdev->name, status); 60 61 if (status) 62 return; 63 64 clear_bit(HCI_INQUIRY, &hdev->flags); 65 66 hci_req_complete(hdev, status); 67 68 hci_conn_check_pending(hdev); 69 } 70 71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 72 { 73 __u8 status = *((__u8 *) skb->data); 74 75 BT_DBG("%s status 0x%x", hdev->name, status); 76 77 if (status) 78 return; 79 80 clear_bit(HCI_INQUIRY, &hdev->flags); 81 82 hci_conn_check_pending(hdev); 83 } 84 85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 86 { 87 BT_DBG("%s", hdev->name); 88 } 89 90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 91 { 92 struct hci_rp_role_discovery *rp = (void *) skb->data; 93 struct hci_conn *conn; 94 95 BT_DBG("%s status 0x%x", hdev->name, rp->status); 96 97 if (rp->status) 98 return; 99 100 hci_dev_lock(hdev); 101 102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 103 if (conn) { 104 if (rp->role) 105 conn->link_mode &= ~HCI_LM_MASTER; 106 else 107 conn->link_mode |= HCI_LM_MASTER; 108 } 109 110 hci_dev_unlock(hdev); 111 } 112 113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 114 { 115 struct hci_rp_read_link_policy *rp = (void *) skb->data; 116 struct hci_conn *conn; 117 118 BT_DBG("%s status 0x%x", hdev->name, rp->status); 119 120 if (rp->status) 121 return; 122 123 hci_dev_lock(hdev); 124 125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 126 if (conn) 127 conn->link_policy = __le16_to_cpu(rp->policy); 128 129 hci_dev_unlock(hdev); 130 } 131 132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 133 { 134 struct hci_rp_write_link_policy *rp = (void *) skb->data; 135 struct hci_conn *conn; 136 void *sent; 137 138 BT_DBG("%s status 0x%x", hdev->name, rp->status); 139 140 if (rp->status) 141 return; 142 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 144 if (!sent) 145 return; 146 147 hci_dev_lock(hdev); 148 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 150 if (conn) 151 conn->link_policy = get_unaligned_le16(sent + 2); 152 153 hci_dev_unlock(hdev); 154 } 155 156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 157 { 158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 159 160 BT_DBG("%s status 0x%x", hdev->name, rp->status); 161 162 if (rp->status) 163 return; 164 165 hdev->link_policy = __le16_to_cpu(rp->policy); 166 } 167 168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 169 { 170 __u8 status = *((__u8 *) skb->data); 171 void *sent; 172 173 BT_DBG("%s status 0x%x", hdev->name, status); 174 175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 176 if (!sent) 177 return; 178 179 if (!status) 180 hdev->link_policy = get_unaligned_le16(sent); 181 182 hci_req_complete(hdev, status); 183 } 184 185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 186 { 187 __u8 status = *((__u8 *) skb->data); 188 189 BT_DBG("%s status 0x%x", hdev->name, status); 190 191 hci_req_complete(hdev, status); 192 } 193 194 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 195 { 196 __u8 status = *((__u8 *) skb->data); 197 void *sent; 198 199 BT_DBG("%s status 0x%x", hdev->name, status); 200 201 if (status) 202 return; 203 204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 205 if (!sent) 206 return; 207 208 memcpy(hdev->dev_name, sent, 248); 209 } 210 211 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 212 { 213 struct hci_rp_read_local_name *rp = (void *) skb->data; 214 215 BT_DBG("%s status 0x%x", hdev->name, rp->status); 216 217 if (rp->status) 218 return; 219 220 memcpy(hdev->dev_name, rp->name, 248); 221 } 222 223 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 224 { 225 __u8 status = *((__u8 *) skb->data); 226 void *sent; 227 228 BT_DBG("%s status 0x%x", hdev->name, status); 229 230 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 231 if (!sent) 232 return; 233 234 if (!status) { 235 __u8 param = *((__u8 *) sent); 236 237 if (param == AUTH_ENABLED) 238 set_bit(HCI_AUTH, &hdev->flags); 239 else 240 clear_bit(HCI_AUTH, &hdev->flags); 241 } 242 243 hci_req_complete(hdev, status); 244 } 245 246 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 247 { 248 __u8 status = *((__u8 *) skb->data); 249 void *sent; 250 251 BT_DBG("%s status 0x%x", hdev->name, status); 252 253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 254 if (!sent) 255 return; 256 257 if (!status) { 258 __u8 param = *((__u8 *) sent); 259 260 if (param) 261 set_bit(HCI_ENCRYPT, &hdev->flags); 262 else 263 clear_bit(HCI_ENCRYPT, &hdev->flags); 264 } 265 266 hci_req_complete(hdev, status); 267 } 268 269 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 270 { 271 __u8 status = *((__u8 *) skb->data); 272 void *sent; 273 274 BT_DBG("%s status 0x%x", hdev->name, status); 275 276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 277 if (!sent) 278 return; 279 280 if (!status) { 281 __u8 param = *((__u8 *) sent); 282 283 clear_bit(HCI_PSCAN, &hdev->flags); 284 clear_bit(HCI_ISCAN, &hdev->flags); 285 286 if (param & SCAN_INQUIRY) 287 set_bit(HCI_ISCAN, &hdev->flags); 288 289 if (param & SCAN_PAGE) 290 set_bit(HCI_PSCAN, &hdev->flags); 291 } 292 293 hci_req_complete(hdev, status); 294 } 295 296 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 297 { 298 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 299 300 BT_DBG("%s status 0x%x", hdev->name, rp->status); 301 302 if (rp->status) 303 return; 304 305 memcpy(hdev->dev_class, rp->dev_class, 3); 306 307 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 308 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 309 } 310 311 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 312 { 313 __u8 status = *((__u8 *) skb->data); 314 void *sent; 315 316 BT_DBG("%s status 0x%x", hdev->name, status); 317 318 if (status) 319 return; 320 321 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 322 if (!sent) 323 return; 324 325 memcpy(hdev->dev_class, sent, 3); 326 } 327 328 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 329 { 330 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 331 __u16 setting; 332 333 BT_DBG("%s status 0x%x", hdev->name, rp->status); 334 335 if (rp->status) 336 return; 337 338 setting = __le16_to_cpu(rp->voice_setting); 339 340 if (hdev->voice_setting == setting) 341 return; 342 343 hdev->voice_setting = setting; 344 345 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 346 347 if (hdev->notify) { 348 tasklet_disable(&hdev->tx_task); 349 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 350 tasklet_enable(&hdev->tx_task); 351 } 352 } 353 354 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 355 { 356 __u8 status = *((__u8 *) skb->data); 357 __u16 setting; 358 void *sent; 359 360 BT_DBG("%s status 0x%x", hdev->name, status); 361 362 if (status) 363 return; 364 365 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 366 if (!sent) 367 return; 368 369 setting = get_unaligned_le16(sent); 370 371 if (hdev->voice_setting == setting) 372 return; 373 374 hdev->voice_setting = setting; 375 376 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 377 378 if (hdev->notify) { 379 tasklet_disable(&hdev->tx_task); 380 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 381 tasklet_enable(&hdev->tx_task); 382 } 383 } 384 385 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 386 { 387 __u8 status = *((__u8 *) skb->data); 388 389 BT_DBG("%s status 0x%x", hdev->name, status); 390 391 hci_req_complete(hdev, status); 392 } 393 394 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 395 { 396 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 397 398 BT_DBG("%s status 0x%x", hdev->name, rp->status); 399 400 if (rp->status) 401 return; 402 403 hdev->ssp_mode = rp->mode; 404 } 405 406 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 407 { 408 __u8 status = *((__u8 *) skb->data); 409 void *sent; 410 411 BT_DBG("%s status 0x%x", hdev->name, status); 412 413 if (status) 414 return; 415 416 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 417 if (!sent) 418 return; 419 420 hdev->ssp_mode = *((__u8 *) sent); 421 } 422 423 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 424 { 425 struct hci_rp_read_local_version *rp = (void *) skb->data; 426 427 BT_DBG("%s status 0x%x", hdev->name, rp->status); 428 429 if (rp->status) 430 return; 431 432 hdev->hci_ver = rp->hci_ver; 433 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 434 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 435 436 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 437 hdev->manufacturer, 438 hdev->hci_ver, hdev->hci_rev); 439 } 440 441 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 442 { 443 struct hci_rp_read_local_commands *rp = (void *) skb->data; 444 445 BT_DBG("%s status 0x%x", hdev->name, rp->status); 446 447 if (rp->status) 448 return; 449 450 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 451 } 452 453 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 454 { 455 struct hci_rp_read_local_features *rp = (void *) skb->data; 456 457 BT_DBG("%s status 0x%x", hdev->name, rp->status); 458 459 if (rp->status) 460 return; 461 462 memcpy(hdev->features, rp->features, 8); 463 464 /* Adjust default settings according to features 465 * supported by device. */ 466 467 if (hdev->features[0] & LMP_3SLOT) 468 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 469 470 if (hdev->features[0] & LMP_5SLOT) 471 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 472 473 if (hdev->features[1] & LMP_HV2) { 474 hdev->pkt_type |= (HCI_HV2); 475 hdev->esco_type |= (ESCO_HV2); 476 } 477 478 if (hdev->features[1] & LMP_HV3) { 479 hdev->pkt_type |= (HCI_HV3); 480 hdev->esco_type |= (ESCO_HV3); 481 } 482 483 if (hdev->features[3] & LMP_ESCO) 484 hdev->esco_type |= (ESCO_EV3); 485 486 if (hdev->features[4] & LMP_EV4) 487 hdev->esco_type |= (ESCO_EV4); 488 489 if (hdev->features[4] & LMP_EV5) 490 hdev->esco_type |= (ESCO_EV5); 491 492 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 493 hdev->features[0], hdev->features[1], 494 hdev->features[2], hdev->features[3], 495 hdev->features[4], hdev->features[5], 496 hdev->features[6], hdev->features[7]); 497 } 498 499 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 500 { 501 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 502 503 BT_DBG("%s status 0x%x", hdev->name, rp->status); 504 505 if (rp->status) 506 return; 507 508 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 509 hdev->sco_mtu = rp->sco_mtu; 510 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 511 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 512 513 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 514 hdev->sco_mtu = 64; 515 hdev->sco_pkts = 8; 516 } 517 518 hdev->acl_cnt = hdev->acl_pkts; 519 hdev->sco_cnt = hdev->sco_pkts; 520 521 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 522 hdev->acl_mtu, hdev->acl_pkts, 523 hdev->sco_mtu, hdev->sco_pkts); 524 } 525 526 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 527 { 528 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 529 530 BT_DBG("%s status 0x%x", hdev->name, rp->status); 531 532 if (!rp->status) 533 bacpy(&hdev->bdaddr, &rp->bdaddr); 534 535 hci_req_complete(hdev, rp->status); 536 } 537 538 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 539 { 540 BT_DBG("%s status 0x%x", hdev->name, status); 541 542 if (status) { 543 hci_req_complete(hdev, status); 544 545 hci_conn_check_pending(hdev); 546 } else 547 set_bit(HCI_INQUIRY, &hdev->flags); 548 } 549 550 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 551 { 552 struct hci_cp_create_conn *cp; 553 struct hci_conn *conn; 554 555 BT_DBG("%s status 0x%x", hdev->name, status); 556 557 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 558 if (!cp) 559 return; 560 561 hci_dev_lock(hdev); 562 563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 564 565 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 566 567 if (status) { 568 if (conn && conn->state == BT_CONNECT) { 569 if (status != 0x0c || conn->attempt > 2) { 570 conn->state = BT_CLOSED; 571 hci_proto_connect_cfm(conn, status); 572 hci_conn_del(conn); 573 } else 574 conn->state = BT_CONNECT2; 575 } 576 } else { 577 if (!conn) { 578 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 579 if (conn) { 580 conn->out = 1; 581 conn->link_mode |= HCI_LM_MASTER; 582 } else 583 BT_ERR("No memmory for new connection"); 584 } 585 } 586 587 hci_dev_unlock(hdev); 588 } 589 590 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 591 { 592 struct hci_cp_add_sco *cp; 593 struct hci_conn *acl, *sco; 594 __u16 handle; 595 596 BT_DBG("%s status 0x%x", hdev->name, status); 597 598 if (!status) 599 return; 600 601 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 602 if (!cp) 603 return; 604 605 handle = __le16_to_cpu(cp->handle); 606 607 BT_DBG("%s handle %d", hdev->name, handle); 608 609 hci_dev_lock(hdev); 610 611 acl = hci_conn_hash_lookup_handle(hdev, handle); 612 if (acl && (sco = acl->link)) { 613 sco->state = BT_CLOSED; 614 615 hci_proto_connect_cfm(sco, status); 616 hci_conn_del(sco); 617 } 618 619 hci_dev_unlock(hdev); 620 } 621 622 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 623 { 624 struct hci_cp_auth_requested *cp; 625 struct hci_conn *conn; 626 627 BT_DBG("%s status 0x%x", hdev->name, status); 628 629 if (!status) 630 return; 631 632 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 633 if (!cp) 634 return; 635 636 hci_dev_lock(hdev); 637 638 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 639 if (conn) { 640 if (conn->state == BT_CONFIG) { 641 hci_proto_connect_cfm(conn, status); 642 hci_conn_put(conn); 643 } 644 } 645 646 hci_dev_unlock(hdev); 647 } 648 649 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 650 { 651 struct hci_cp_set_conn_encrypt *cp; 652 struct hci_conn *conn; 653 654 BT_DBG("%s status 0x%x", hdev->name, status); 655 656 if (!status) 657 return; 658 659 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 660 if (!cp) 661 return; 662 663 hci_dev_lock(hdev); 664 665 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 666 if (conn) { 667 if (conn->state == BT_CONFIG) { 668 hci_proto_connect_cfm(conn, status); 669 hci_conn_put(conn); 670 } 671 } 672 673 hci_dev_unlock(hdev); 674 } 675 676 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 677 { 678 BT_DBG("%s status 0x%x", hdev->name, status); 679 } 680 681 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 682 { 683 struct hci_cp_read_remote_features *cp; 684 struct hci_conn *conn; 685 686 BT_DBG("%s status 0x%x", hdev->name, status); 687 688 if (!status) 689 return; 690 691 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 692 if (!cp) 693 return; 694 695 hci_dev_lock(hdev); 696 697 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 698 if (conn) { 699 if (conn->state == BT_CONFIG) { 700 hci_proto_connect_cfm(conn, status); 701 hci_conn_put(conn); 702 } 703 } 704 705 hci_dev_unlock(hdev); 706 } 707 708 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 709 { 710 struct hci_cp_read_remote_ext_features *cp; 711 struct hci_conn *conn; 712 713 BT_DBG("%s status 0x%x", hdev->name, status); 714 715 if (!status) 716 return; 717 718 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 719 if (!cp) 720 return; 721 722 hci_dev_lock(hdev); 723 724 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 725 if (conn) { 726 if (conn->state == BT_CONFIG) { 727 hci_proto_connect_cfm(conn, status); 728 hci_conn_put(conn); 729 } 730 } 731 732 hci_dev_unlock(hdev); 733 } 734 735 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 736 { 737 struct hci_cp_setup_sync_conn *cp; 738 struct hci_conn *acl, *sco; 739 __u16 handle; 740 741 BT_DBG("%s status 0x%x", hdev->name, status); 742 743 if (!status) 744 return; 745 746 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 747 if (!cp) 748 return; 749 750 handle = __le16_to_cpu(cp->handle); 751 752 BT_DBG("%s handle %d", hdev->name, handle); 753 754 hci_dev_lock(hdev); 755 756 acl = hci_conn_hash_lookup_handle(hdev, handle); 757 if (acl && (sco = acl->link)) { 758 sco->state = BT_CLOSED; 759 760 hci_proto_connect_cfm(sco, status); 761 hci_conn_del(sco); 762 } 763 764 hci_dev_unlock(hdev); 765 } 766 767 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 768 { 769 struct hci_cp_sniff_mode *cp; 770 struct hci_conn *conn; 771 772 BT_DBG("%s status 0x%x", hdev->name, status); 773 774 if (!status) 775 return; 776 777 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 778 if (!cp) 779 return; 780 781 hci_dev_lock(hdev); 782 783 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 784 if (conn) 785 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 786 787 hci_dev_unlock(hdev); 788 } 789 790 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 791 { 792 struct hci_cp_exit_sniff_mode *cp; 793 struct hci_conn *conn; 794 795 BT_DBG("%s status 0x%x", hdev->name, status); 796 797 if (!status) 798 return; 799 800 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 801 if (!cp) 802 return; 803 804 hci_dev_lock(hdev); 805 806 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 807 if (conn) 808 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 809 810 hci_dev_unlock(hdev); 811 } 812 813 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 814 { 815 __u8 status = *((__u8 *) skb->data); 816 817 BT_DBG("%s status %d", hdev->name, status); 818 819 clear_bit(HCI_INQUIRY, &hdev->flags); 820 821 hci_req_complete(hdev, status); 822 823 hci_conn_check_pending(hdev); 824 } 825 826 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 827 { 828 struct inquiry_data data; 829 struct inquiry_info *info = (void *) (skb->data + 1); 830 int num_rsp = *((__u8 *) skb->data); 831 832 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 833 834 if (!num_rsp) 835 return; 836 837 hci_dev_lock(hdev); 838 839 for (; num_rsp; num_rsp--) { 840 bacpy(&data.bdaddr, &info->bdaddr); 841 data.pscan_rep_mode = info->pscan_rep_mode; 842 data.pscan_period_mode = info->pscan_period_mode; 843 data.pscan_mode = info->pscan_mode; 844 memcpy(data.dev_class, info->dev_class, 3); 845 data.clock_offset = info->clock_offset; 846 data.rssi = 0x00; 847 data.ssp_mode = 0x00; 848 info++; 849 hci_inquiry_cache_update(hdev, &data); 850 } 851 852 hci_dev_unlock(hdev); 853 } 854 855 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 856 { 857 struct hci_ev_conn_complete *ev = (void *) skb->data; 858 struct hci_conn *conn; 859 860 BT_DBG("%s", hdev->name); 861 862 hci_dev_lock(hdev); 863 864 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 865 if (!conn) 866 goto unlock; 867 868 if (!ev->status) { 869 conn->handle = __le16_to_cpu(ev->handle); 870 871 if (conn->type == ACL_LINK) { 872 conn->state = BT_CONFIG; 873 hci_conn_hold(conn); 874 } else 875 conn->state = BT_CONNECTED; 876 877 hci_conn_add_sysfs(conn); 878 879 if (test_bit(HCI_AUTH, &hdev->flags)) 880 conn->link_mode |= HCI_LM_AUTH; 881 882 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 883 conn->link_mode |= HCI_LM_ENCRYPT; 884 885 /* Get remote features */ 886 if (conn->type == ACL_LINK) { 887 struct hci_cp_read_remote_features cp; 888 cp.handle = ev->handle; 889 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 890 sizeof(cp), &cp); 891 } 892 893 /* Set packet type for incoming connection */ 894 if (!conn->out && hdev->hci_ver < 3) { 895 struct hci_cp_change_conn_ptype cp; 896 cp.handle = ev->handle; 897 cp.pkt_type = cpu_to_le16(conn->pkt_type); 898 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 899 sizeof(cp), &cp); 900 } 901 } else 902 conn->state = BT_CLOSED; 903 904 if (conn->type == ACL_LINK) { 905 struct hci_conn *sco = conn->link; 906 if (sco) { 907 if (!ev->status) { 908 if (lmp_esco_capable(hdev)) 909 hci_setup_sync(sco, conn->handle); 910 else 911 hci_add_sco(sco, conn->handle); 912 } else { 913 hci_proto_connect_cfm(sco, ev->status); 914 hci_conn_del(sco); 915 } 916 } 917 } 918 919 if (ev->status) { 920 hci_proto_connect_cfm(conn, ev->status); 921 hci_conn_del(conn); 922 } 923 924 unlock: 925 hci_dev_unlock(hdev); 926 927 hci_conn_check_pending(hdev); 928 } 929 930 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 931 { 932 struct hci_ev_conn_request *ev = (void *) skb->data; 933 int mask = hdev->link_mode; 934 935 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 936 batostr(&ev->bdaddr), ev->link_type); 937 938 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 939 940 if (mask & HCI_LM_ACCEPT) { 941 /* Connection accepted */ 942 struct inquiry_entry *ie; 943 struct hci_conn *conn; 944 945 hci_dev_lock(hdev); 946 947 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 948 memcpy(ie->data.dev_class, ev->dev_class, 3); 949 950 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 951 if (!conn) { 952 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 953 BT_ERR("No memmory for new connection"); 954 hci_dev_unlock(hdev); 955 return; 956 } 957 } 958 959 memcpy(conn->dev_class, ev->dev_class, 3); 960 conn->state = BT_CONNECT; 961 962 hci_dev_unlock(hdev); 963 964 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 965 struct hci_cp_accept_conn_req cp; 966 967 bacpy(&cp.bdaddr, &ev->bdaddr); 968 969 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 970 cp.role = 0x00; /* Become master */ 971 else 972 cp.role = 0x01; /* Remain slave */ 973 974 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 975 sizeof(cp), &cp); 976 } else { 977 struct hci_cp_accept_sync_conn_req cp; 978 979 bacpy(&cp.bdaddr, &ev->bdaddr); 980 cp.pkt_type = cpu_to_le16(conn->pkt_type); 981 982 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 983 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 984 cp.max_latency = cpu_to_le16(0xffff); 985 cp.content_format = cpu_to_le16(hdev->voice_setting); 986 cp.retrans_effort = 0xff; 987 988 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 989 sizeof(cp), &cp); 990 } 991 } else { 992 /* Connection rejected */ 993 struct hci_cp_reject_conn_req cp; 994 995 bacpy(&cp.bdaddr, &ev->bdaddr); 996 cp.reason = 0x0f; 997 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 998 } 999 } 1000 1001 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1002 { 1003 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1004 struct hci_conn *conn; 1005 1006 BT_DBG("%s status %d", hdev->name, ev->status); 1007 1008 if (ev->status) 1009 return; 1010 1011 hci_dev_lock(hdev); 1012 1013 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1014 if (conn) { 1015 conn->state = BT_CLOSED; 1016 1017 hci_conn_del_sysfs(conn); 1018 1019 hci_proto_disconn_ind(conn, ev->reason); 1020 hci_conn_del(conn); 1021 } 1022 1023 hci_dev_unlock(hdev); 1024 } 1025 1026 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1027 { 1028 struct hci_ev_auth_complete *ev = (void *) skb->data; 1029 struct hci_conn *conn; 1030 1031 BT_DBG("%s status %d", hdev->name, ev->status); 1032 1033 hci_dev_lock(hdev); 1034 1035 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1036 if (conn) { 1037 if (!ev->status) 1038 conn->link_mode |= HCI_LM_AUTH; 1039 1040 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1041 1042 if (conn->state == BT_CONFIG) { 1043 if (!ev->status && hdev->ssp_mode > 0 && 1044 conn->ssp_mode > 0) { 1045 struct hci_cp_set_conn_encrypt cp; 1046 cp.handle = ev->handle; 1047 cp.encrypt = 0x01; 1048 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1049 sizeof(cp), &cp); 1050 } else { 1051 conn->state = BT_CONNECTED; 1052 hci_proto_connect_cfm(conn, ev->status); 1053 hci_conn_put(conn); 1054 } 1055 } else 1056 hci_auth_cfm(conn, ev->status); 1057 1058 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1059 if (!ev->status) { 1060 struct hci_cp_set_conn_encrypt cp; 1061 cp.handle = ev->handle; 1062 cp.encrypt = 0x01; 1063 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1064 sizeof(cp), &cp); 1065 } else { 1066 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1067 hci_encrypt_cfm(conn, ev->status, 0x00); 1068 } 1069 } 1070 } 1071 1072 hci_dev_unlock(hdev); 1073 } 1074 1075 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1076 { 1077 BT_DBG("%s", hdev->name); 1078 1079 hci_conn_check_pending(hdev); 1080 } 1081 1082 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1083 { 1084 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1085 struct hci_conn *conn; 1086 1087 BT_DBG("%s status %d", hdev->name, ev->status); 1088 1089 hci_dev_lock(hdev); 1090 1091 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1092 if (conn) { 1093 if (!ev->status) { 1094 if (ev->encrypt) { 1095 /* Encryption implies authentication */ 1096 conn->link_mode |= HCI_LM_AUTH; 1097 conn->link_mode |= HCI_LM_ENCRYPT; 1098 } else 1099 conn->link_mode &= ~HCI_LM_ENCRYPT; 1100 } 1101 1102 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1103 1104 if (conn->state == BT_CONFIG) { 1105 if (!ev->status) 1106 conn->state = BT_CONNECTED; 1107 1108 hci_proto_connect_cfm(conn, ev->status); 1109 hci_conn_put(conn); 1110 } else 1111 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1112 } 1113 1114 hci_dev_unlock(hdev); 1115 } 1116 1117 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1118 { 1119 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1120 struct hci_conn *conn; 1121 1122 BT_DBG("%s status %d", hdev->name, ev->status); 1123 1124 hci_dev_lock(hdev); 1125 1126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1127 if (conn) { 1128 if (!ev->status) 1129 conn->link_mode |= HCI_LM_SECURE; 1130 1131 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1132 1133 hci_key_change_cfm(conn, ev->status); 1134 } 1135 1136 hci_dev_unlock(hdev); 1137 } 1138 1139 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1140 { 1141 struct hci_ev_remote_features *ev = (void *) skb->data; 1142 struct hci_conn *conn; 1143 1144 BT_DBG("%s status %d", hdev->name, ev->status); 1145 1146 hci_dev_lock(hdev); 1147 1148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1149 if (conn) { 1150 if (!ev->status) 1151 memcpy(conn->features, ev->features, 8); 1152 1153 if (conn->state == BT_CONFIG) { 1154 if (!ev->status && lmp_ssp_capable(hdev) && 1155 lmp_ssp_capable(conn)) { 1156 struct hci_cp_read_remote_ext_features cp; 1157 cp.handle = ev->handle; 1158 cp.page = 0x01; 1159 hci_send_cmd(hdev, 1160 HCI_OP_READ_REMOTE_EXT_FEATURES, 1161 sizeof(cp), &cp); 1162 } else { 1163 conn->state = BT_CONNECTED; 1164 hci_proto_connect_cfm(conn, ev->status); 1165 hci_conn_put(conn); 1166 } 1167 } 1168 } 1169 1170 hci_dev_unlock(hdev); 1171 } 1172 1173 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1174 { 1175 BT_DBG("%s", hdev->name); 1176 } 1177 1178 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1179 { 1180 BT_DBG("%s", hdev->name); 1181 } 1182 1183 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1184 { 1185 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1186 __u16 opcode; 1187 1188 skb_pull(skb, sizeof(*ev)); 1189 1190 opcode = __le16_to_cpu(ev->opcode); 1191 1192 switch (opcode) { 1193 case HCI_OP_INQUIRY_CANCEL: 1194 hci_cc_inquiry_cancel(hdev, skb); 1195 break; 1196 1197 case HCI_OP_EXIT_PERIODIC_INQ: 1198 hci_cc_exit_periodic_inq(hdev, skb); 1199 break; 1200 1201 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1202 hci_cc_remote_name_req_cancel(hdev, skb); 1203 break; 1204 1205 case HCI_OP_ROLE_DISCOVERY: 1206 hci_cc_role_discovery(hdev, skb); 1207 break; 1208 1209 case HCI_OP_READ_LINK_POLICY: 1210 hci_cc_read_link_policy(hdev, skb); 1211 break; 1212 1213 case HCI_OP_WRITE_LINK_POLICY: 1214 hci_cc_write_link_policy(hdev, skb); 1215 break; 1216 1217 case HCI_OP_READ_DEF_LINK_POLICY: 1218 hci_cc_read_def_link_policy(hdev, skb); 1219 break; 1220 1221 case HCI_OP_WRITE_DEF_LINK_POLICY: 1222 hci_cc_write_def_link_policy(hdev, skb); 1223 break; 1224 1225 case HCI_OP_RESET: 1226 hci_cc_reset(hdev, skb); 1227 break; 1228 1229 case HCI_OP_WRITE_LOCAL_NAME: 1230 hci_cc_write_local_name(hdev, skb); 1231 break; 1232 1233 case HCI_OP_READ_LOCAL_NAME: 1234 hci_cc_read_local_name(hdev, skb); 1235 break; 1236 1237 case HCI_OP_WRITE_AUTH_ENABLE: 1238 hci_cc_write_auth_enable(hdev, skb); 1239 break; 1240 1241 case HCI_OP_WRITE_ENCRYPT_MODE: 1242 hci_cc_write_encrypt_mode(hdev, skb); 1243 break; 1244 1245 case HCI_OP_WRITE_SCAN_ENABLE: 1246 hci_cc_write_scan_enable(hdev, skb); 1247 break; 1248 1249 case HCI_OP_READ_CLASS_OF_DEV: 1250 hci_cc_read_class_of_dev(hdev, skb); 1251 break; 1252 1253 case HCI_OP_WRITE_CLASS_OF_DEV: 1254 hci_cc_write_class_of_dev(hdev, skb); 1255 break; 1256 1257 case HCI_OP_READ_VOICE_SETTING: 1258 hci_cc_read_voice_setting(hdev, skb); 1259 break; 1260 1261 case HCI_OP_WRITE_VOICE_SETTING: 1262 hci_cc_write_voice_setting(hdev, skb); 1263 break; 1264 1265 case HCI_OP_HOST_BUFFER_SIZE: 1266 hci_cc_host_buffer_size(hdev, skb); 1267 break; 1268 1269 case HCI_OP_READ_SSP_MODE: 1270 hci_cc_read_ssp_mode(hdev, skb); 1271 break; 1272 1273 case HCI_OP_WRITE_SSP_MODE: 1274 hci_cc_write_ssp_mode(hdev, skb); 1275 break; 1276 1277 case HCI_OP_READ_LOCAL_VERSION: 1278 hci_cc_read_local_version(hdev, skb); 1279 break; 1280 1281 case HCI_OP_READ_LOCAL_COMMANDS: 1282 hci_cc_read_local_commands(hdev, skb); 1283 break; 1284 1285 case HCI_OP_READ_LOCAL_FEATURES: 1286 hci_cc_read_local_features(hdev, skb); 1287 break; 1288 1289 case HCI_OP_READ_BUFFER_SIZE: 1290 hci_cc_read_buffer_size(hdev, skb); 1291 break; 1292 1293 case HCI_OP_READ_BD_ADDR: 1294 hci_cc_read_bd_addr(hdev, skb); 1295 break; 1296 1297 default: 1298 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1299 break; 1300 } 1301 1302 if (ev->ncmd) { 1303 atomic_set(&hdev->cmd_cnt, 1); 1304 if (!skb_queue_empty(&hdev->cmd_q)) 1305 hci_sched_cmd(hdev); 1306 } 1307 } 1308 1309 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1310 { 1311 struct hci_ev_cmd_status *ev = (void *) skb->data; 1312 __u16 opcode; 1313 1314 skb_pull(skb, sizeof(*ev)); 1315 1316 opcode = __le16_to_cpu(ev->opcode); 1317 1318 switch (opcode) { 1319 case HCI_OP_INQUIRY: 1320 hci_cs_inquiry(hdev, ev->status); 1321 break; 1322 1323 case HCI_OP_CREATE_CONN: 1324 hci_cs_create_conn(hdev, ev->status); 1325 break; 1326 1327 case HCI_OP_ADD_SCO: 1328 hci_cs_add_sco(hdev, ev->status); 1329 break; 1330 1331 case HCI_OP_AUTH_REQUESTED: 1332 hci_cs_auth_requested(hdev, ev->status); 1333 break; 1334 1335 case HCI_OP_SET_CONN_ENCRYPT: 1336 hci_cs_set_conn_encrypt(hdev, ev->status); 1337 break; 1338 1339 case HCI_OP_REMOTE_NAME_REQ: 1340 hci_cs_remote_name_req(hdev, ev->status); 1341 break; 1342 1343 case HCI_OP_READ_REMOTE_FEATURES: 1344 hci_cs_read_remote_features(hdev, ev->status); 1345 break; 1346 1347 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1348 hci_cs_read_remote_ext_features(hdev, ev->status); 1349 break; 1350 1351 case HCI_OP_SETUP_SYNC_CONN: 1352 hci_cs_setup_sync_conn(hdev, ev->status); 1353 break; 1354 1355 case HCI_OP_SNIFF_MODE: 1356 hci_cs_sniff_mode(hdev, ev->status); 1357 break; 1358 1359 case HCI_OP_EXIT_SNIFF_MODE: 1360 hci_cs_exit_sniff_mode(hdev, ev->status); 1361 break; 1362 1363 default: 1364 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1365 break; 1366 } 1367 1368 if (ev->ncmd) { 1369 atomic_set(&hdev->cmd_cnt, 1); 1370 if (!skb_queue_empty(&hdev->cmd_q)) 1371 hci_sched_cmd(hdev); 1372 } 1373 } 1374 1375 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1376 { 1377 struct hci_ev_role_change *ev = (void *) skb->data; 1378 struct hci_conn *conn; 1379 1380 BT_DBG("%s status %d", hdev->name, ev->status); 1381 1382 hci_dev_lock(hdev); 1383 1384 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1385 if (conn) { 1386 if (!ev->status) { 1387 if (ev->role) 1388 conn->link_mode &= ~HCI_LM_MASTER; 1389 else 1390 conn->link_mode |= HCI_LM_MASTER; 1391 } 1392 1393 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1394 1395 hci_role_switch_cfm(conn, ev->status, ev->role); 1396 } 1397 1398 hci_dev_unlock(hdev); 1399 } 1400 1401 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1402 { 1403 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1404 __le16 *ptr; 1405 int i; 1406 1407 skb_pull(skb, sizeof(*ev)); 1408 1409 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1410 1411 if (skb->len < ev->num_hndl * 4) { 1412 BT_DBG("%s bad parameters", hdev->name); 1413 return; 1414 } 1415 1416 tasklet_disable(&hdev->tx_task); 1417 1418 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1419 struct hci_conn *conn; 1420 __u16 handle, count; 1421 1422 handle = get_unaligned_le16(ptr++); 1423 count = get_unaligned_le16(ptr++); 1424 1425 conn = hci_conn_hash_lookup_handle(hdev, handle); 1426 if (conn) { 1427 conn->sent -= count; 1428 1429 if (conn->type == ACL_LINK) { 1430 if ((hdev->acl_cnt += count) > hdev->acl_pkts) 1431 hdev->acl_cnt = hdev->acl_pkts; 1432 } else { 1433 if ((hdev->sco_cnt += count) > hdev->sco_pkts) 1434 hdev->sco_cnt = hdev->sco_pkts; 1435 } 1436 } 1437 } 1438 1439 hci_sched_tx(hdev); 1440 1441 tasklet_enable(&hdev->tx_task); 1442 } 1443 1444 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1445 { 1446 struct hci_ev_mode_change *ev = (void *) skb->data; 1447 struct hci_conn *conn; 1448 1449 BT_DBG("%s status %d", hdev->name, ev->status); 1450 1451 hci_dev_lock(hdev); 1452 1453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1454 if (conn) { 1455 conn->mode = ev->mode; 1456 conn->interval = __le16_to_cpu(ev->interval); 1457 1458 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 1459 if (conn->mode == HCI_CM_ACTIVE) 1460 conn->power_save = 1; 1461 else 1462 conn->power_save = 0; 1463 } 1464 } 1465 1466 hci_dev_unlock(hdev); 1467 } 1468 1469 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1470 { 1471 BT_DBG("%s", hdev->name); 1472 } 1473 1474 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1475 { 1476 BT_DBG("%s", hdev->name); 1477 } 1478 1479 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 1480 { 1481 BT_DBG("%s", hdev->name); 1482 } 1483 1484 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 1485 { 1486 struct hci_ev_clock_offset *ev = (void *) skb->data; 1487 struct hci_conn *conn; 1488 1489 BT_DBG("%s status %d", hdev->name, ev->status); 1490 1491 hci_dev_lock(hdev); 1492 1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1494 if (conn && !ev->status) { 1495 struct inquiry_entry *ie; 1496 1497 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 1498 ie->data.clock_offset = ev->clock_offset; 1499 ie->timestamp = jiffies; 1500 } 1501 } 1502 1503 hci_dev_unlock(hdev); 1504 } 1505 1506 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1507 { 1508 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 1509 struct hci_conn *conn; 1510 1511 BT_DBG("%s status %d", hdev->name, ev->status); 1512 1513 hci_dev_lock(hdev); 1514 1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1516 if (conn && !ev->status) 1517 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 1518 1519 hci_dev_unlock(hdev); 1520 } 1521 1522 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1523 { 1524 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1525 struct inquiry_entry *ie; 1526 1527 BT_DBG("%s", hdev->name); 1528 1529 hci_dev_lock(hdev); 1530 1531 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) { 1532 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 1533 ie->timestamp = jiffies; 1534 } 1535 1536 hci_dev_unlock(hdev); 1537 } 1538 1539 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 1540 { 1541 struct inquiry_data data; 1542 int num_rsp = *((__u8 *) skb->data); 1543 1544 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1545 1546 if (!num_rsp) 1547 return; 1548 1549 hci_dev_lock(hdev); 1550 1551 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 1552 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 1553 1554 for (; num_rsp; num_rsp--) { 1555 bacpy(&data.bdaddr, &info->bdaddr); 1556 data.pscan_rep_mode = info->pscan_rep_mode; 1557 data.pscan_period_mode = info->pscan_period_mode; 1558 data.pscan_mode = info->pscan_mode; 1559 memcpy(data.dev_class, info->dev_class, 3); 1560 data.clock_offset = info->clock_offset; 1561 data.rssi = info->rssi; 1562 data.ssp_mode = 0x00; 1563 info++; 1564 hci_inquiry_cache_update(hdev, &data); 1565 } 1566 } else { 1567 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 1568 1569 for (; num_rsp; num_rsp--) { 1570 bacpy(&data.bdaddr, &info->bdaddr); 1571 data.pscan_rep_mode = info->pscan_rep_mode; 1572 data.pscan_period_mode = info->pscan_period_mode; 1573 data.pscan_mode = 0x00; 1574 memcpy(data.dev_class, info->dev_class, 3); 1575 data.clock_offset = info->clock_offset; 1576 data.rssi = info->rssi; 1577 data.ssp_mode = 0x00; 1578 info++; 1579 hci_inquiry_cache_update(hdev, &data); 1580 } 1581 } 1582 1583 hci_dev_unlock(hdev); 1584 } 1585 1586 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1587 { 1588 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 1589 struct hci_conn *conn; 1590 1591 BT_DBG("%s", hdev->name); 1592 1593 hci_dev_lock(hdev); 1594 1595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1596 if (conn) { 1597 if (!ev->status && ev->page == 0x01) { 1598 struct inquiry_entry *ie; 1599 1600 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) 1601 ie->data.ssp_mode = (ev->features[0] & 0x01); 1602 1603 conn->ssp_mode = (ev->features[0] & 0x01); 1604 } 1605 1606 if (conn->state == BT_CONFIG) { 1607 if (!ev->status && hdev->ssp_mode > 0 && 1608 conn->ssp_mode > 0) { 1609 if (conn->out) { 1610 struct hci_cp_auth_requested cp; 1611 cp.handle = ev->handle; 1612 hci_send_cmd(hdev, 1613 HCI_OP_AUTH_REQUESTED, 1614 sizeof(cp), &cp); 1615 } 1616 } else { 1617 conn->state = BT_CONNECTED; 1618 hci_proto_connect_cfm(conn, ev->status); 1619 hci_conn_put(conn); 1620 } 1621 } 1622 } 1623 1624 hci_dev_unlock(hdev); 1625 } 1626 1627 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1628 { 1629 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 1630 struct hci_conn *conn; 1631 1632 BT_DBG("%s status %d", hdev->name, ev->status); 1633 1634 hci_dev_lock(hdev); 1635 1636 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1637 if (!conn) { 1638 if (ev->link_type == ESCO_LINK) 1639 goto unlock; 1640 1641 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1642 if (!conn) 1643 goto unlock; 1644 1645 conn->type = SCO_LINK; 1646 } 1647 1648 if (!ev->status) { 1649 conn->handle = __le16_to_cpu(ev->handle); 1650 conn->state = BT_CONNECTED; 1651 1652 hci_conn_add_sysfs(conn); 1653 } else 1654 conn->state = BT_CLOSED; 1655 1656 hci_proto_connect_cfm(conn, ev->status); 1657 if (ev->status) 1658 hci_conn_del(conn); 1659 1660 unlock: 1661 hci_dev_unlock(hdev); 1662 } 1663 1664 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 1665 { 1666 BT_DBG("%s", hdev->name); 1667 } 1668 1669 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 1670 { 1671 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 1672 struct hci_conn *conn; 1673 1674 BT_DBG("%s status %d", hdev->name, ev->status); 1675 1676 hci_dev_lock(hdev); 1677 1678 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1679 if (conn) { 1680 } 1681 1682 hci_dev_unlock(hdev); 1683 } 1684 1685 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1686 { 1687 struct inquiry_data data; 1688 struct extended_inquiry_info *info = (void *) (skb->data + 1); 1689 int num_rsp = *((__u8 *) skb->data); 1690 1691 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1692 1693 if (!num_rsp) 1694 return; 1695 1696 hci_dev_lock(hdev); 1697 1698 for (; num_rsp; num_rsp--) { 1699 bacpy(&data.bdaddr, &info->bdaddr); 1700 data.pscan_rep_mode = info->pscan_rep_mode; 1701 data.pscan_period_mode = info->pscan_period_mode; 1702 data.pscan_mode = 0x00; 1703 memcpy(data.dev_class, info->dev_class, 3); 1704 data.clock_offset = info->clock_offset; 1705 data.rssi = info->rssi; 1706 data.ssp_mode = 0x01; 1707 info++; 1708 hci_inquiry_cache_update(hdev, &data); 1709 } 1710 1711 hci_dev_unlock(hdev); 1712 } 1713 1714 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1715 { 1716 struct hci_ev_io_capa_request *ev = (void *) skb->data; 1717 struct hci_conn *conn; 1718 1719 BT_DBG("%s", hdev->name); 1720 1721 hci_dev_lock(hdev); 1722 1723 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1724 if (conn) 1725 hci_conn_hold(conn); 1726 1727 hci_dev_unlock(hdev); 1728 } 1729 1730 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1731 { 1732 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 1733 struct hci_conn *conn; 1734 1735 BT_DBG("%s", hdev->name); 1736 1737 hci_dev_lock(hdev); 1738 1739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1740 if (conn) 1741 hci_conn_put(conn); 1742 1743 hci_dev_unlock(hdev); 1744 } 1745 1746 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1747 { 1748 struct hci_ev_remote_host_features *ev = (void *) skb->data; 1749 struct inquiry_entry *ie; 1750 1751 BT_DBG("%s", hdev->name); 1752 1753 hci_dev_lock(hdev); 1754 1755 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 1756 ie->data.ssp_mode = (ev->features[0] & 0x01); 1757 1758 hci_dev_unlock(hdev); 1759 } 1760 1761 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 1762 { 1763 struct hci_event_hdr *hdr = (void *) skb->data; 1764 __u8 event = hdr->evt; 1765 1766 skb_pull(skb, HCI_EVENT_HDR_SIZE); 1767 1768 switch (event) { 1769 case HCI_EV_INQUIRY_COMPLETE: 1770 hci_inquiry_complete_evt(hdev, skb); 1771 break; 1772 1773 case HCI_EV_INQUIRY_RESULT: 1774 hci_inquiry_result_evt(hdev, skb); 1775 break; 1776 1777 case HCI_EV_CONN_COMPLETE: 1778 hci_conn_complete_evt(hdev, skb); 1779 break; 1780 1781 case HCI_EV_CONN_REQUEST: 1782 hci_conn_request_evt(hdev, skb); 1783 break; 1784 1785 case HCI_EV_DISCONN_COMPLETE: 1786 hci_disconn_complete_evt(hdev, skb); 1787 break; 1788 1789 case HCI_EV_AUTH_COMPLETE: 1790 hci_auth_complete_evt(hdev, skb); 1791 break; 1792 1793 case HCI_EV_REMOTE_NAME: 1794 hci_remote_name_evt(hdev, skb); 1795 break; 1796 1797 case HCI_EV_ENCRYPT_CHANGE: 1798 hci_encrypt_change_evt(hdev, skb); 1799 break; 1800 1801 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 1802 hci_change_link_key_complete_evt(hdev, skb); 1803 break; 1804 1805 case HCI_EV_REMOTE_FEATURES: 1806 hci_remote_features_evt(hdev, skb); 1807 break; 1808 1809 case HCI_EV_REMOTE_VERSION: 1810 hci_remote_version_evt(hdev, skb); 1811 break; 1812 1813 case HCI_EV_QOS_SETUP_COMPLETE: 1814 hci_qos_setup_complete_evt(hdev, skb); 1815 break; 1816 1817 case HCI_EV_CMD_COMPLETE: 1818 hci_cmd_complete_evt(hdev, skb); 1819 break; 1820 1821 case HCI_EV_CMD_STATUS: 1822 hci_cmd_status_evt(hdev, skb); 1823 break; 1824 1825 case HCI_EV_ROLE_CHANGE: 1826 hci_role_change_evt(hdev, skb); 1827 break; 1828 1829 case HCI_EV_NUM_COMP_PKTS: 1830 hci_num_comp_pkts_evt(hdev, skb); 1831 break; 1832 1833 case HCI_EV_MODE_CHANGE: 1834 hci_mode_change_evt(hdev, skb); 1835 break; 1836 1837 case HCI_EV_PIN_CODE_REQ: 1838 hci_pin_code_request_evt(hdev, skb); 1839 break; 1840 1841 case HCI_EV_LINK_KEY_REQ: 1842 hci_link_key_request_evt(hdev, skb); 1843 break; 1844 1845 case HCI_EV_LINK_KEY_NOTIFY: 1846 hci_link_key_notify_evt(hdev, skb); 1847 break; 1848 1849 case HCI_EV_CLOCK_OFFSET: 1850 hci_clock_offset_evt(hdev, skb); 1851 break; 1852 1853 case HCI_EV_PKT_TYPE_CHANGE: 1854 hci_pkt_type_change_evt(hdev, skb); 1855 break; 1856 1857 case HCI_EV_PSCAN_REP_MODE: 1858 hci_pscan_rep_mode_evt(hdev, skb); 1859 break; 1860 1861 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 1862 hci_inquiry_result_with_rssi_evt(hdev, skb); 1863 break; 1864 1865 case HCI_EV_REMOTE_EXT_FEATURES: 1866 hci_remote_ext_features_evt(hdev, skb); 1867 break; 1868 1869 case HCI_EV_SYNC_CONN_COMPLETE: 1870 hci_sync_conn_complete_evt(hdev, skb); 1871 break; 1872 1873 case HCI_EV_SYNC_CONN_CHANGED: 1874 hci_sync_conn_changed_evt(hdev, skb); 1875 break; 1876 1877 case HCI_EV_SNIFF_SUBRATE: 1878 hci_sniff_subrate_evt(hdev, skb); 1879 break; 1880 1881 case HCI_EV_EXTENDED_INQUIRY_RESULT: 1882 hci_extended_inquiry_result_evt(hdev, skb); 1883 break; 1884 1885 case HCI_EV_IO_CAPA_REQUEST: 1886 hci_io_capa_request_evt(hdev, skb); 1887 break; 1888 1889 case HCI_EV_SIMPLE_PAIR_COMPLETE: 1890 hci_simple_pair_complete_evt(hdev, skb); 1891 break; 1892 1893 case HCI_EV_REMOTE_HOST_FEATURES: 1894 hci_remote_host_features_evt(hdev, skb); 1895 break; 1896 1897 default: 1898 BT_DBG("%s event 0x%x", hdev->name, event); 1899 break; 1900 } 1901 1902 kfree_skb(skb); 1903 hdev->stat.evt_rx++; 1904 } 1905 1906 /* Generate internal stack event */ 1907 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 1908 { 1909 struct hci_event_hdr *hdr; 1910 struct hci_ev_stack_internal *ev; 1911 struct sk_buff *skb; 1912 1913 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 1914 if (!skb) 1915 return; 1916 1917 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 1918 hdr->evt = HCI_EV_STACK_INTERNAL; 1919 hdr->plen = sizeof(*ev) + dlen; 1920 1921 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 1922 ev->type = type; 1923 memcpy(ev->data, data, dlen); 1924 1925 bt_cb(skb)->incoming = 1; 1926 __net_timestamp(skb); 1927 1928 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 1929 skb->dev = (void *) hdev; 1930 hci_send_to_sock(hdev, skb); 1931 kfree_skb(skb); 1932 } 1933