1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI event handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 /* Handle HCI Event packets */ 49 50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 51 { 52 __u8 status = *((__u8 *) skb->data); 53 54 BT_DBG("%s status 0x%x", hdev->name, status); 55 56 if (status) 57 return; 58 59 clear_bit(HCI_INQUIRY, &hdev->flags); 60 61 hci_req_complete(hdev, status); 62 63 hci_conn_check_pending(hdev); 64 } 65 66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 67 { 68 __u8 status = *((__u8 *) skb->data); 69 70 BT_DBG("%s status 0x%x", hdev->name, status); 71 72 if (status) 73 return; 74 75 clear_bit(HCI_INQUIRY, &hdev->flags); 76 77 hci_conn_check_pending(hdev); 78 } 79 80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 81 { 82 BT_DBG("%s", hdev->name); 83 } 84 85 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 86 { 87 struct hci_rp_role_discovery *rp = (void *) skb->data; 88 struct hci_conn *conn; 89 90 BT_DBG("%s status 0x%x", hdev->name, rp->status); 91 92 if (rp->status) 93 return; 94 95 hci_dev_lock(hdev); 96 97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 98 if (conn) { 99 if (rp->role) 100 conn->link_mode &= ~HCI_LM_MASTER; 101 else 102 conn->link_mode |= HCI_LM_MASTER; 103 } 104 105 hci_dev_unlock(hdev); 106 } 107 108 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 109 { 110 struct hci_rp_read_link_policy *rp = (void *) skb->data; 111 struct hci_conn *conn; 112 113 BT_DBG("%s status 0x%x", hdev->name, rp->status); 114 115 if (rp->status) 116 return; 117 118 hci_dev_lock(hdev); 119 120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 121 if (conn) 122 conn->link_policy = __le16_to_cpu(rp->policy); 123 124 hci_dev_unlock(hdev); 125 } 126 127 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 128 { 129 struct hci_rp_write_link_policy *rp = (void *) skb->data; 130 struct hci_conn *conn; 131 void *sent; 132 133 BT_DBG("%s status 0x%x", hdev->name, rp->status); 134 135 if (rp->status) 136 return; 137 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 139 if (!sent) 140 return; 141 142 hci_dev_lock(hdev); 143 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 145 if (conn) 146 conn->link_policy = get_unaligned_le16(sent + 2); 147 148 hci_dev_unlock(hdev); 149 } 150 151 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 152 { 153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 154 155 BT_DBG("%s status 0x%x", hdev->name, rp->status); 156 157 if (rp->status) 158 return; 159 160 hdev->link_policy = __le16_to_cpu(rp->policy); 161 } 162 163 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 164 { 165 __u8 status = *((__u8 *) skb->data); 166 void *sent; 167 168 BT_DBG("%s status 0x%x", hdev->name, status); 169 170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 171 if (!sent) 172 return; 173 174 if (!status) 175 hdev->link_policy = get_unaligned_le16(sent); 176 177 hci_req_complete(hdev, status); 178 } 179 180 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 181 { 182 __u8 status = *((__u8 *) skb->data); 183 184 BT_DBG("%s status 0x%x", hdev->name, status); 185 186 hci_req_complete(hdev, status); 187 } 188 189 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 190 { 191 __u8 status = *((__u8 *) skb->data); 192 void *sent; 193 194 BT_DBG("%s status 0x%x", hdev->name, status); 195 196 if (status) 197 return; 198 199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 200 if (!sent) 201 return; 202 203 memcpy(hdev->dev_name, sent, 248); 204 } 205 206 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 207 { 208 struct hci_rp_read_local_name *rp = (void *) skb->data; 209 210 BT_DBG("%s status 0x%x", hdev->name, rp->status); 211 212 if (rp->status) 213 return; 214 215 memcpy(hdev->dev_name, rp->name, 248); 216 } 217 218 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 219 { 220 __u8 status = *((__u8 *) skb->data); 221 void *sent; 222 223 BT_DBG("%s status 0x%x", hdev->name, status); 224 225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 226 if (!sent) 227 return; 228 229 if (!status) { 230 __u8 param = *((__u8 *) sent); 231 232 if (param == AUTH_ENABLED) 233 set_bit(HCI_AUTH, &hdev->flags); 234 else 235 clear_bit(HCI_AUTH, &hdev->flags); 236 } 237 238 hci_req_complete(hdev, status); 239 } 240 241 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 242 { 243 __u8 status = *((__u8 *) skb->data); 244 void *sent; 245 246 BT_DBG("%s status 0x%x", hdev->name, status); 247 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 249 if (!sent) 250 return; 251 252 if (!status) { 253 __u8 param = *((__u8 *) sent); 254 255 if (param) 256 set_bit(HCI_ENCRYPT, &hdev->flags); 257 else 258 clear_bit(HCI_ENCRYPT, &hdev->flags); 259 } 260 261 hci_req_complete(hdev, status); 262 } 263 264 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 265 { 266 __u8 status = *((__u8 *) skb->data); 267 void *sent; 268 269 BT_DBG("%s status 0x%x", hdev->name, status); 270 271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 272 if (!sent) 273 return; 274 275 if (!status) { 276 __u8 param = *((__u8 *) sent); 277 278 clear_bit(HCI_PSCAN, &hdev->flags); 279 clear_bit(HCI_ISCAN, &hdev->flags); 280 281 if (param & SCAN_INQUIRY) 282 set_bit(HCI_ISCAN, &hdev->flags); 283 284 if (param & SCAN_PAGE) 285 set_bit(HCI_PSCAN, &hdev->flags); 286 } 287 288 hci_req_complete(hdev, status); 289 } 290 291 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 292 { 293 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 294 295 BT_DBG("%s status 0x%x", hdev->name, rp->status); 296 297 if (rp->status) 298 return; 299 300 memcpy(hdev->dev_class, rp->dev_class, 3); 301 302 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 303 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 304 } 305 306 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 307 { 308 __u8 status = *((__u8 *) skb->data); 309 void *sent; 310 311 BT_DBG("%s status 0x%x", hdev->name, status); 312 313 if (status) 314 return; 315 316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 317 if (!sent) 318 return; 319 320 memcpy(hdev->dev_class, sent, 3); 321 } 322 323 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 324 { 325 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 326 __u16 setting; 327 328 BT_DBG("%s status 0x%x", hdev->name, rp->status); 329 330 if (rp->status) 331 return; 332 333 setting = __le16_to_cpu(rp->voice_setting); 334 335 if (hdev->voice_setting == setting) 336 return; 337 338 hdev->voice_setting = setting; 339 340 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 341 342 if (hdev->notify) { 343 tasklet_disable(&hdev->tx_task); 344 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 345 tasklet_enable(&hdev->tx_task); 346 } 347 } 348 349 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 350 { 351 __u8 status = *((__u8 *) skb->data); 352 __u16 setting; 353 void *sent; 354 355 BT_DBG("%s status 0x%x", hdev->name, status); 356 357 if (status) 358 return; 359 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 361 if (!sent) 362 return; 363 364 setting = get_unaligned_le16(sent); 365 366 if (hdev->voice_setting == setting) 367 return; 368 369 hdev->voice_setting = setting; 370 371 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 372 373 if (hdev->notify) { 374 tasklet_disable(&hdev->tx_task); 375 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 376 tasklet_enable(&hdev->tx_task); 377 } 378 } 379 380 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 381 { 382 __u8 status = *((__u8 *) skb->data); 383 384 BT_DBG("%s status 0x%x", hdev->name, status); 385 386 hci_req_complete(hdev, status); 387 } 388 389 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 390 { 391 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 392 393 BT_DBG("%s status 0x%x", hdev->name, rp->status); 394 395 if (rp->status) 396 return; 397 398 hdev->ssp_mode = rp->mode; 399 } 400 401 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 402 { 403 __u8 status = *((__u8 *) skb->data); 404 void *sent; 405 406 BT_DBG("%s status 0x%x", hdev->name, status); 407 408 if (status) 409 return; 410 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 412 if (!sent) 413 return; 414 415 hdev->ssp_mode = *((__u8 *) sent); 416 } 417 418 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 419 { 420 struct hci_rp_read_local_version *rp = (void *) skb->data; 421 422 BT_DBG("%s status 0x%x", hdev->name, rp->status); 423 424 if (rp->status) 425 return; 426 427 hdev->hci_ver = rp->hci_ver; 428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 430 431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 432 hdev->manufacturer, 433 hdev->hci_ver, hdev->hci_rev); 434 } 435 436 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 437 { 438 struct hci_rp_read_local_commands *rp = (void *) skb->data; 439 440 BT_DBG("%s status 0x%x", hdev->name, rp->status); 441 442 if (rp->status) 443 return; 444 445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 446 } 447 448 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 449 { 450 struct hci_rp_read_local_features *rp = (void *) skb->data; 451 452 BT_DBG("%s status 0x%x", hdev->name, rp->status); 453 454 if (rp->status) 455 return; 456 457 memcpy(hdev->features, rp->features, 8); 458 459 /* Adjust default settings according to features 460 * supported by device. */ 461 462 if (hdev->features[0] & LMP_3SLOT) 463 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 464 465 if (hdev->features[0] & LMP_5SLOT) 466 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 467 468 if (hdev->features[1] & LMP_HV2) { 469 hdev->pkt_type |= (HCI_HV2); 470 hdev->esco_type |= (ESCO_HV2); 471 } 472 473 if (hdev->features[1] & LMP_HV3) { 474 hdev->pkt_type |= (HCI_HV3); 475 hdev->esco_type |= (ESCO_HV3); 476 } 477 478 if (hdev->features[3] & LMP_ESCO) 479 hdev->esco_type |= (ESCO_EV3); 480 481 if (hdev->features[4] & LMP_EV4) 482 hdev->esco_type |= (ESCO_EV4); 483 484 if (hdev->features[4] & LMP_EV5) 485 hdev->esco_type |= (ESCO_EV5); 486 487 if (hdev->features[5] & LMP_EDR_ESCO_2M) 488 hdev->esco_type |= (ESCO_2EV3); 489 490 if (hdev->features[5] & LMP_EDR_ESCO_3M) 491 hdev->esco_type |= (ESCO_3EV3); 492 493 if (hdev->features[5] & LMP_EDR_3S_ESCO) 494 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 495 496 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 497 hdev->features[0], hdev->features[1], 498 hdev->features[2], hdev->features[3], 499 hdev->features[4], hdev->features[5], 500 hdev->features[6], hdev->features[7]); 501 } 502 503 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 504 { 505 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 506 507 BT_DBG("%s status 0x%x", hdev->name, rp->status); 508 509 if (rp->status) 510 return; 511 512 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 513 hdev->sco_mtu = rp->sco_mtu; 514 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 515 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 516 517 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 518 hdev->sco_mtu = 64; 519 hdev->sco_pkts = 8; 520 } 521 522 hdev->acl_cnt = hdev->acl_pkts; 523 hdev->sco_cnt = hdev->sco_pkts; 524 525 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 526 hdev->acl_mtu, hdev->acl_pkts, 527 hdev->sco_mtu, hdev->sco_pkts); 528 } 529 530 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 531 { 532 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 533 534 BT_DBG("%s status 0x%x", hdev->name, rp->status); 535 536 if (!rp->status) 537 bacpy(&hdev->bdaddr, &rp->bdaddr); 538 539 hci_req_complete(hdev, rp->status); 540 } 541 542 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 543 { 544 BT_DBG("%s status 0x%x", hdev->name, status); 545 546 if (status) { 547 hci_req_complete(hdev, status); 548 549 hci_conn_check_pending(hdev); 550 } else 551 set_bit(HCI_INQUIRY, &hdev->flags); 552 } 553 554 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 555 { 556 struct hci_cp_create_conn *cp; 557 struct hci_conn *conn; 558 559 BT_DBG("%s status 0x%x", hdev->name, status); 560 561 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 562 if (!cp) 563 return; 564 565 hci_dev_lock(hdev); 566 567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 568 569 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 570 571 if (status) { 572 if (conn && conn->state == BT_CONNECT) { 573 if (status != 0x0c || conn->attempt > 2) { 574 conn->state = BT_CLOSED; 575 hci_proto_connect_cfm(conn, status); 576 hci_conn_del(conn); 577 } else 578 conn->state = BT_CONNECT2; 579 } 580 } else { 581 if (!conn) { 582 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 583 if (conn) { 584 conn->out = 1; 585 conn->link_mode |= HCI_LM_MASTER; 586 } else 587 BT_ERR("No memmory for new connection"); 588 } 589 } 590 591 hci_dev_unlock(hdev); 592 } 593 594 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 595 { 596 struct hci_cp_add_sco *cp; 597 struct hci_conn *acl, *sco; 598 __u16 handle; 599 600 BT_DBG("%s status 0x%x", hdev->name, status); 601 602 if (!status) 603 return; 604 605 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 606 if (!cp) 607 return; 608 609 handle = __le16_to_cpu(cp->handle); 610 611 BT_DBG("%s handle %d", hdev->name, handle); 612 613 hci_dev_lock(hdev); 614 615 acl = hci_conn_hash_lookup_handle(hdev, handle); 616 if (acl && (sco = acl->link)) { 617 sco->state = BT_CLOSED; 618 619 hci_proto_connect_cfm(sco, status); 620 hci_conn_del(sco); 621 } 622 623 hci_dev_unlock(hdev); 624 } 625 626 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 627 { 628 struct hci_cp_auth_requested *cp; 629 struct hci_conn *conn; 630 631 BT_DBG("%s status 0x%x", hdev->name, status); 632 633 if (!status) 634 return; 635 636 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 637 if (!cp) 638 return; 639 640 hci_dev_lock(hdev); 641 642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 643 if (conn) { 644 if (conn->state == BT_CONFIG) { 645 hci_proto_connect_cfm(conn, status); 646 hci_conn_put(conn); 647 } 648 } 649 650 hci_dev_unlock(hdev); 651 } 652 653 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 654 { 655 struct hci_cp_set_conn_encrypt *cp; 656 struct hci_conn *conn; 657 658 BT_DBG("%s status 0x%x", hdev->name, status); 659 660 if (!status) 661 return; 662 663 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 664 if (!cp) 665 return; 666 667 hci_dev_lock(hdev); 668 669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 670 if (conn) { 671 if (conn->state == BT_CONFIG) { 672 hci_proto_connect_cfm(conn, status); 673 hci_conn_put(conn); 674 } 675 } 676 677 hci_dev_unlock(hdev); 678 } 679 680 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 681 { 682 BT_DBG("%s status 0x%x", hdev->name, status); 683 } 684 685 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 686 { 687 struct hci_cp_read_remote_features *cp; 688 struct hci_conn *conn; 689 690 BT_DBG("%s status 0x%x", hdev->name, status); 691 692 if (!status) 693 return; 694 695 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 696 if (!cp) 697 return; 698 699 hci_dev_lock(hdev); 700 701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 702 if (conn) { 703 if (conn->state == BT_CONFIG) { 704 hci_proto_connect_cfm(conn, status); 705 hci_conn_put(conn); 706 } 707 } 708 709 hci_dev_unlock(hdev); 710 } 711 712 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 713 { 714 struct hci_cp_read_remote_ext_features *cp; 715 struct hci_conn *conn; 716 717 BT_DBG("%s status 0x%x", hdev->name, status); 718 719 if (!status) 720 return; 721 722 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 723 if (!cp) 724 return; 725 726 hci_dev_lock(hdev); 727 728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 729 if (conn) { 730 if (conn->state == BT_CONFIG) { 731 hci_proto_connect_cfm(conn, status); 732 hci_conn_put(conn); 733 } 734 } 735 736 hci_dev_unlock(hdev); 737 } 738 739 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 740 { 741 struct hci_cp_setup_sync_conn *cp; 742 struct hci_conn *acl, *sco; 743 __u16 handle; 744 745 BT_DBG("%s status 0x%x", hdev->name, status); 746 747 if (!status) 748 return; 749 750 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 751 if (!cp) 752 return; 753 754 handle = __le16_to_cpu(cp->handle); 755 756 BT_DBG("%s handle %d", hdev->name, handle); 757 758 hci_dev_lock(hdev); 759 760 acl = hci_conn_hash_lookup_handle(hdev, handle); 761 if (acl && (sco = acl->link)) { 762 sco->state = BT_CLOSED; 763 764 hci_proto_connect_cfm(sco, status); 765 hci_conn_del(sco); 766 } 767 768 hci_dev_unlock(hdev); 769 } 770 771 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 772 { 773 struct hci_cp_sniff_mode *cp; 774 struct hci_conn *conn; 775 776 BT_DBG("%s status 0x%x", hdev->name, status); 777 778 if (!status) 779 return; 780 781 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 782 if (!cp) 783 return; 784 785 hci_dev_lock(hdev); 786 787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 788 if (conn) 789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 790 791 hci_dev_unlock(hdev); 792 } 793 794 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 795 { 796 struct hci_cp_exit_sniff_mode *cp; 797 struct hci_conn *conn; 798 799 BT_DBG("%s status 0x%x", hdev->name, status); 800 801 if (!status) 802 return; 803 804 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 805 if (!cp) 806 return; 807 808 hci_dev_lock(hdev); 809 810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 811 if (conn) 812 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 813 814 hci_dev_unlock(hdev); 815 } 816 817 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 818 { 819 __u8 status = *((__u8 *) skb->data); 820 821 BT_DBG("%s status %d", hdev->name, status); 822 823 clear_bit(HCI_INQUIRY, &hdev->flags); 824 825 hci_req_complete(hdev, status); 826 827 hci_conn_check_pending(hdev); 828 } 829 830 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 831 { 832 struct inquiry_data data; 833 struct inquiry_info *info = (void *) (skb->data + 1); 834 int num_rsp = *((__u8 *) skb->data); 835 836 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 837 838 if (!num_rsp) 839 return; 840 841 hci_dev_lock(hdev); 842 843 for (; num_rsp; num_rsp--) { 844 bacpy(&data.bdaddr, &info->bdaddr); 845 data.pscan_rep_mode = info->pscan_rep_mode; 846 data.pscan_period_mode = info->pscan_period_mode; 847 data.pscan_mode = info->pscan_mode; 848 memcpy(data.dev_class, info->dev_class, 3); 849 data.clock_offset = info->clock_offset; 850 data.rssi = 0x00; 851 data.ssp_mode = 0x00; 852 info++; 853 hci_inquiry_cache_update(hdev, &data); 854 } 855 856 hci_dev_unlock(hdev); 857 } 858 859 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 860 { 861 struct hci_ev_conn_complete *ev = (void *) skb->data; 862 struct hci_conn *conn; 863 864 BT_DBG("%s", hdev->name); 865 866 hci_dev_lock(hdev); 867 868 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 869 if (!conn) 870 goto unlock; 871 872 if (!ev->status) { 873 conn->handle = __le16_to_cpu(ev->handle); 874 875 if (conn->type == ACL_LINK) { 876 conn->state = BT_CONFIG; 877 hci_conn_hold(conn); 878 } else 879 conn->state = BT_CONNECTED; 880 881 hci_conn_add_sysfs(conn); 882 883 if (test_bit(HCI_AUTH, &hdev->flags)) 884 conn->link_mode |= HCI_LM_AUTH; 885 886 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 887 conn->link_mode |= HCI_LM_ENCRYPT; 888 889 /* Get remote features */ 890 if (conn->type == ACL_LINK) { 891 struct hci_cp_read_remote_features cp; 892 cp.handle = ev->handle; 893 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 894 sizeof(cp), &cp); 895 } 896 897 /* Set packet type for incoming connection */ 898 if (!conn->out && hdev->hci_ver < 3) { 899 struct hci_cp_change_conn_ptype cp; 900 cp.handle = ev->handle; 901 cp.pkt_type = cpu_to_le16(conn->pkt_type); 902 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 903 sizeof(cp), &cp); 904 } 905 } else 906 conn->state = BT_CLOSED; 907 908 if (conn->type == ACL_LINK) { 909 struct hci_conn *sco = conn->link; 910 if (sco) { 911 if (!ev->status) { 912 if (lmp_esco_capable(hdev)) 913 hci_setup_sync(sco, conn->handle); 914 else 915 hci_add_sco(sco, conn->handle); 916 } else { 917 hci_proto_connect_cfm(sco, ev->status); 918 hci_conn_del(sco); 919 } 920 } 921 } 922 923 if (ev->status) { 924 hci_proto_connect_cfm(conn, ev->status); 925 hci_conn_del(conn); 926 } else if (ev->link_type != ACL_LINK) 927 hci_proto_connect_cfm(conn, ev->status); 928 929 unlock: 930 hci_dev_unlock(hdev); 931 932 hci_conn_check_pending(hdev); 933 } 934 935 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 936 { 937 struct hci_ev_conn_request *ev = (void *) skb->data; 938 int mask = hdev->link_mode; 939 940 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 941 batostr(&ev->bdaddr), ev->link_type); 942 943 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 944 945 if (mask & HCI_LM_ACCEPT) { 946 /* Connection accepted */ 947 struct inquiry_entry *ie; 948 struct hci_conn *conn; 949 950 hci_dev_lock(hdev); 951 952 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 953 memcpy(ie->data.dev_class, ev->dev_class, 3); 954 955 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 956 if (!conn) { 957 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 958 BT_ERR("No memmory for new connection"); 959 hci_dev_unlock(hdev); 960 return; 961 } 962 } 963 964 memcpy(conn->dev_class, ev->dev_class, 3); 965 conn->state = BT_CONNECT; 966 967 hci_dev_unlock(hdev); 968 969 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 970 struct hci_cp_accept_conn_req cp; 971 972 bacpy(&cp.bdaddr, &ev->bdaddr); 973 974 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 975 cp.role = 0x00; /* Become master */ 976 else 977 cp.role = 0x01; /* Remain slave */ 978 979 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 980 sizeof(cp), &cp); 981 } else { 982 struct hci_cp_accept_sync_conn_req cp; 983 984 bacpy(&cp.bdaddr, &ev->bdaddr); 985 cp.pkt_type = cpu_to_le16(conn->pkt_type); 986 987 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 988 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 989 cp.max_latency = cpu_to_le16(0xffff); 990 cp.content_format = cpu_to_le16(hdev->voice_setting); 991 cp.retrans_effort = 0xff; 992 993 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 994 sizeof(cp), &cp); 995 } 996 } else { 997 /* Connection rejected */ 998 struct hci_cp_reject_conn_req cp; 999 1000 bacpy(&cp.bdaddr, &ev->bdaddr); 1001 cp.reason = 0x0f; 1002 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1003 } 1004 } 1005 1006 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1007 { 1008 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1009 struct hci_conn *conn; 1010 1011 BT_DBG("%s status %d", hdev->name, ev->status); 1012 1013 if (ev->status) 1014 return; 1015 1016 hci_dev_lock(hdev); 1017 1018 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1019 if (conn) { 1020 conn->state = BT_CLOSED; 1021 1022 hci_proto_disconn_cfm(conn, ev->reason); 1023 hci_conn_del(conn); 1024 } 1025 1026 hci_dev_unlock(hdev); 1027 } 1028 1029 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1030 { 1031 struct hci_ev_auth_complete *ev = (void *) skb->data; 1032 struct hci_conn *conn; 1033 1034 BT_DBG("%s status %d", hdev->name, ev->status); 1035 1036 hci_dev_lock(hdev); 1037 1038 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1039 if (conn) { 1040 if (!ev->status) 1041 conn->link_mode |= HCI_LM_AUTH; 1042 1043 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1044 1045 if (conn->state == BT_CONFIG) { 1046 if (!ev->status && hdev->ssp_mode > 0 && 1047 conn->ssp_mode > 0) { 1048 struct hci_cp_set_conn_encrypt cp; 1049 cp.handle = ev->handle; 1050 cp.encrypt = 0x01; 1051 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1052 sizeof(cp), &cp); 1053 } else { 1054 conn->state = BT_CONNECTED; 1055 hci_proto_connect_cfm(conn, ev->status); 1056 hci_conn_put(conn); 1057 } 1058 } else 1059 hci_auth_cfm(conn, ev->status); 1060 1061 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1062 if (!ev->status) { 1063 struct hci_cp_set_conn_encrypt cp; 1064 cp.handle = ev->handle; 1065 cp.encrypt = 0x01; 1066 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1067 sizeof(cp), &cp); 1068 } else { 1069 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1070 hci_encrypt_cfm(conn, ev->status, 0x00); 1071 } 1072 } 1073 } 1074 1075 hci_dev_unlock(hdev); 1076 } 1077 1078 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1079 { 1080 BT_DBG("%s", hdev->name); 1081 1082 hci_conn_check_pending(hdev); 1083 } 1084 1085 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1086 { 1087 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1088 struct hci_conn *conn; 1089 1090 BT_DBG("%s status %d", hdev->name, ev->status); 1091 1092 hci_dev_lock(hdev); 1093 1094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1095 if (conn) { 1096 if (!ev->status) { 1097 if (ev->encrypt) { 1098 /* Encryption implies authentication */ 1099 conn->link_mode |= HCI_LM_AUTH; 1100 conn->link_mode |= HCI_LM_ENCRYPT; 1101 } else 1102 conn->link_mode &= ~HCI_LM_ENCRYPT; 1103 } 1104 1105 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1106 1107 if (conn->state == BT_CONFIG) { 1108 if (!ev->status) 1109 conn->state = BT_CONNECTED; 1110 1111 hci_proto_connect_cfm(conn, ev->status); 1112 hci_conn_put(conn); 1113 } else 1114 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1115 } 1116 1117 hci_dev_unlock(hdev); 1118 } 1119 1120 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1121 { 1122 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1123 struct hci_conn *conn; 1124 1125 BT_DBG("%s status %d", hdev->name, ev->status); 1126 1127 hci_dev_lock(hdev); 1128 1129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1130 if (conn) { 1131 if (!ev->status) 1132 conn->link_mode |= HCI_LM_SECURE; 1133 1134 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1135 1136 hci_key_change_cfm(conn, ev->status); 1137 } 1138 1139 hci_dev_unlock(hdev); 1140 } 1141 1142 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1143 { 1144 struct hci_ev_remote_features *ev = (void *) skb->data; 1145 struct hci_conn *conn; 1146 1147 BT_DBG("%s status %d", hdev->name, ev->status); 1148 1149 hci_dev_lock(hdev); 1150 1151 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1152 if (conn) { 1153 if (!ev->status) 1154 memcpy(conn->features, ev->features, 8); 1155 1156 if (conn->state == BT_CONFIG) { 1157 if (!ev->status && lmp_ssp_capable(hdev) && 1158 lmp_ssp_capable(conn)) { 1159 struct hci_cp_read_remote_ext_features cp; 1160 cp.handle = ev->handle; 1161 cp.page = 0x01; 1162 hci_send_cmd(hdev, 1163 HCI_OP_READ_REMOTE_EXT_FEATURES, 1164 sizeof(cp), &cp); 1165 } else { 1166 conn->state = BT_CONNECTED; 1167 hci_proto_connect_cfm(conn, ev->status); 1168 hci_conn_put(conn); 1169 } 1170 } 1171 } 1172 1173 hci_dev_unlock(hdev); 1174 } 1175 1176 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1177 { 1178 BT_DBG("%s", hdev->name); 1179 } 1180 1181 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1182 { 1183 BT_DBG("%s", hdev->name); 1184 } 1185 1186 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1187 { 1188 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1189 __u16 opcode; 1190 1191 skb_pull(skb, sizeof(*ev)); 1192 1193 opcode = __le16_to_cpu(ev->opcode); 1194 1195 switch (opcode) { 1196 case HCI_OP_INQUIRY_CANCEL: 1197 hci_cc_inquiry_cancel(hdev, skb); 1198 break; 1199 1200 case HCI_OP_EXIT_PERIODIC_INQ: 1201 hci_cc_exit_periodic_inq(hdev, skb); 1202 break; 1203 1204 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1205 hci_cc_remote_name_req_cancel(hdev, skb); 1206 break; 1207 1208 case HCI_OP_ROLE_DISCOVERY: 1209 hci_cc_role_discovery(hdev, skb); 1210 break; 1211 1212 case HCI_OP_READ_LINK_POLICY: 1213 hci_cc_read_link_policy(hdev, skb); 1214 break; 1215 1216 case HCI_OP_WRITE_LINK_POLICY: 1217 hci_cc_write_link_policy(hdev, skb); 1218 break; 1219 1220 case HCI_OP_READ_DEF_LINK_POLICY: 1221 hci_cc_read_def_link_policy(hdev, skb); 1222 break; 1223 1224 case HCI_OP_WRITE_DEF_LINK_POLICY: 1225 hci_cc_write_def_link_policy(hdev, skb); 1226 break; 1227 1228 case HCI_OP_RESET: 1229 hci_cc_reset(hdev, skb); 1230 break; 1231 1232 case HCI_OP_WRITE_LOCAL_NAME: 1233 hci_cc_write_local_name(hdev, skb); 1234 break; 1235 1236 case HCI_OP_READ_LOCAL_NAME: 1237 hci_cc_read_local_name(hdev, skb); 1238 break; 1239 1240 case HCI_OP_WRITE_AUTH_ENABLE: 1241 hci_cc_write_auth_enable(hdev, skb); 1242 break; 1243 1244 case HCI_OP_WRITE_ENCRYPT_MODE: 1245 hci_cc_write_encrypt_mode(hdev, skb); 1246 break; 1247 1248 case HCI_OP_WRITE_SCAN_ENABLE: 1249 hci_cc_write_scan_enable(hdev, skb); 1250 break; 1251 1252 case HCI_OP_READ_CLASS_OF_DEV: 1253 hci_cc_read_class_of_dev(hdev, skb); 1254 break; 1255 1256 case HCI_OP_WRITE_CLASS_OF_DEV: 1257 hci_cc_write_class_of_dev(hdev, skb); 1258 break; 1259 1260 case HCI_OP_READ_VOICE_SETTING: 1261 hci_cc_read_voice_setting(hdev, skb); 1262 break; 1263 1264 case HCI_OP_WRITE_VOICE_SETTING: 1265 hci_cc_write_voice_setting(hdev, skb); 1266 break; 1267 1268 case HCI_OP_HOST_BUFFER_SIZE: 1269 hci_cc_host_buffer_size(hdev, skb); 1270 break; 1271 1272 case HCI_OP_READ_SSP_MODE: 1273 hci_cc_read_ssp_mode(hdev, skb); 1274 break; 1275 1276 case HCI_OP_WRITE_SSP_MODE: 1277 hci_cc_write_ssp_mode(hdev, skb); 1278 break; 1279 1280 case HCI_OP_READ_LOCAL_VERSION: 1281 hci_cc_read_local_version(hdev, skb); 1282 break; 1283 1284 case HCI_OP_READ_LOCAL_COMMANDS: 1285 hci_cc_read_local_commands(hdev, skb); 1286 break; 1287 1288 case HCI_OP_READ_LOCAL_FEATURES: 1289 hci_cc_read_local_features(hdev, skb); 1290 break; 1291 1292 case HCI_OP_READ_BUFFER_SIZE: 1293 hci_cc_read_buffer_size(hdev, skb); 1294 break; 1295 1296 case HCI_OP_READ_BD_ADDR: 1297 hci_cc_read_bd_addr(hdev, skb); 1298 break; 1299 1300 default: 1301 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1302 break; 1303 } 1304 1305 if (ev->ncmd) { 1306 atomic_set(&hdev->cmd_cnt, 1); 1307 if (!skb_queue_empty(&hdev->cmd_q)) 1308 hci_sched_cmd(hdev); 1309 } 1310 } 1311 1312 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1313 { 1314 struct hci_ev_cmd_status *ev = (void *) skb->data; 1315 __u16 opcode; 1316 1317 skb_pull(skb, sizeof(*ev)); 1318 1319 opcode = __le16_to_cpu(ev->opcode); 1320 1321 switch (opcode) { 1322 case HCI_OP_INQUIRY: 1323 hci_cs_inquiry(hdev, ev->status); 1324 break; 1325 1326 case HCI_OP_CREATE_CONN: 1327 hci_cs_create_conn(hdev, ev->status); 1328 break; 1329 1330 case HCI_OP_ADD_SCO: 1331 hci_cs_add_sco(hdev, ev->status); 1332 break; 1333 1334 case HCI_OP_AUTH_REQUESTED: 1335 hci_cs_auth_requested(hdev, ev->status); 1336 break; 1337 1338 case HCI_OP_SET_CONN_ENCRYPT: 1339 hci_cs_set_conn_encrypt(hdev, ev->status); 1340 break; 1341 1342 case HCI_OP_REMOTE_NAME_REQ: 1343 hci_cs_remote_name_req(hdev, ev->status); 1344 break; 1345 1346 case HCI_OP_READ_REMOTE_FEATURES: 1347 hci_cs_read_remote_features(hdev, ev->status); 1348 break; 1349 1350 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1351 hci_cs_read_remote_ext_features(hdev, ev->status); 1352 break; 1353 1354 case HCI_OP_SETUP_SYNC_CONN: 1355 hci_cs_setup_sync_conn(hdev, ev->status); 1356 break; 1357 1358 case HCI_OP_SNIFF_MODE: 1359 hci_cs_sniff_mode(hdev, ev->status); 1360 break; 1361 1362 case HCI_OP_EXIT_SNIFF_MODE: 1363 hci_cs_exit_sniff_mode(hdev, ev->status); 1364 break; 1365 1366 default: 1367 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1368 break; 1369 } 1370 1371 if (ev->ncmd) { 1372 atomic_set(&hdev->cmd_cnt, 1); 1373 if (!skb_queue_empty(&hdev->cmd_q)) 1374 hci_sched_cmd(hdev); 1375 } 1376 } 1377 1378 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1379 { 1380 struct hci_ev_role_change *ev = (void *) skb->data; 1381 struct hci_conn *conn; 1382 1383 BT_DBG("%s status %d", hdev->name, ev->status); 1384 1385 hci_dev_lock(hdev); 1386 1387 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1388 if (conn) { 1389 if (!ev->status) { 1390 if (ev->role) 1391 conn->link_mode &= ~HCI_LM_MASTER; 1392 else 1393 conn->link_mode |= HCI_LM_MASTER; 1394 } 1395 1396 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1397 1398 hci_role_switch_cfm(conn, ev->status, ev->role); 1399 } 1400 1401 hci_dev_unlock(hdev); 1402 } 1403 1404 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1405 { 1406 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1407 __le16 *ptr; 1408 int i; 1409 1410 skb_pull(skb, sizeof(*ev)); 1411 1412 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1413 1414 if (skb->len < ev->num_hndl * 4) { 1415 BT_DBG("%s bad parameters", hdev->name); 1416 return; 1417 } 1418 1419 tasklet_disable(&hdev->tx_task); 1420 1421 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1422 struct hci_conn *conn; 1423 __u16 handle, count; 1424 1425 handle = get_unaligned_le16(ptr++); 1426 count = get_unaligned_le16(ptr++); 1427 1428 conn = hci_conn_hash_lookup_handle(hdev, handle); 1429 if (conn) { 1430 conn->sent -= count; 1431 1432 if (conn->type == ACL_LINK) { 1433 if ((hdev->acl_cnt += count) > hdev->acl_pkts) 1434 hdev->acl_cnt = hdev->acl_pkts; 1435 } else { 1436 if ((hdev->sco_cnt += count) > hdev->sco_pkts) 1437 hdev->sco_cnt = hdev->sco_pkts; 1438 } 1439 } 1440 } 1441 1442 hci_sched_tx(hdev); 1443 1444 tasklet_enable(&hdev->tx_task); 1445 } 1446 1447 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1448 { 1449 struct hci_ev_mode_change *ev = (void *) skb->data; 1450 struct hci_conn *conn; 1451 1452 BT_DBG("%s status %d", hdev->name, ev->status); 1453 1454 hci_dev_lock(hdev); 1455 1456 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1457 if (conn) { 1458 conn->mode = ev->mode; 1459 conn->interval = __le16_to_cpu(ev->interval); 1460 1461 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 1462 if (conn->mode == HCI_CM_ACTIVE) 1463 conn->power_save = 1; 1464 else 1465 conn->power_save = 0; 1466 } 1467 } 1468 1469 hci_dev_unlock(hdev); 1470 } 1471 1472 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1473 { 1474 BT_DBG("%s", hdev->name); 1475 } 1476 1477 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1478 { 1479 BT_DBG("%s", hdev->name); 1480 } 1481 1482 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 1483 { 1484 BT_DBG("%s", hdev->name); 1485 } 1486 1487 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 1488 { 1489 struct hci_ev_clock_offset *ev = (void *) skb->data; 1490 struct hci_conn *conn; 1491 1492 BT_DBG("%s status %d", hdev->name, ev->status); 1493 1494 hci_dev_lock(hdev); 1495 1496 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1497 if (conn && !ev->status) { 1498 struct inquiry_entry *ie; 1499 1500 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 1501 ie->data.clock_offset = ev->clock_offset; 1502 ie->timestamp = jiffies; 1503 } 1504 } 1505 1506 hci_dev_unlock(hdev); 1507 } 1508 1509 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1510 { 1511 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 1512 struct hci_conn *conn; 1513 1514 BT_DBG("%s status %d", hdev->name, ev->status); 1515 1516 hci_dev_lock(hdev); 1517 1518 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1519 if (conn && !ev->status) 1520 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 1521 1522 hci_dev_unlock(hdev); 1523 } 1524 1525 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1526 { 1527 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1528 struct inquiry_entry *ie; 1529 1530 BT_DBG("%s", hdev->name); 1531 1532 hci_dev_lock(hdev); 1533 1534 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) { 1535 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 1536 ie->timestamp = jiffies; 1537 } 1538 1539 hci_dev_unlock(hdev); 1540 } 1541 1542 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 1543 { 1544 struct inquiry_data data; 1545 int num_rsp = *((__u8 *) skb->data); 1546 1547 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1548 1549 if (!num_rsp) 1550 return; 1551 1552 hci_dev_lock(hdev); 1553 1554 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 1555 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1); 1556 1557 for (; num_rsp; num_rsp--) { 1558 bacpy(&data.bdaddr, &info->bdaddr); 1559 data.pscan_rep_mode = info->pscan_rep_mode; 1560 data.pscan_period_mode = info->pscan_period_mode; 1561 data.pscan_mode = info->pscan_mode; 1562 memcpy(data.dev_class, info->dev_class, 3); 1563 data.clock_offset = info->clock_offset; 1564 data.rssi = info->rssi; 1565 data.ssp_mode = 0x00; 1566 info++; 1567 hci_inquiry_cache_update(hdev, &data); 1568 } 1569 } else { 1570 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 1571 1572 for (; num_rsp; num_rsp--) { 1573 bacpy(&data.bdaddr, &info->bdaddr); 1574 data.pscan_rep_mode = info->pscan_rep_mode; 1575 data.pscan_period_mode = info->pscan_period_mode; 1576 data.pscan_mode = 0x00; 1577 memcpy(data.dev_class, info->dev_class, 3); 1578 data.clock_offset = info->clock_offset; 1579 data.rssi = info->rssi; 1580 data.ssp_mode = 0x00; 1581 info++; 1582 hci_inquiry_cache_update(hdev, &data); 1583 } 1584 } 1585 1586 hci_dev_unlock(hdev); 1587 } 1588 1589 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1590 { 1591 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 1592 struct hci_conn *conn; 1593 1594 BT_DBG("%s", hdev->name); 1595 1596 hci_dev_lock(hdev); 1597 1598 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1599 if (conn) { 1600 if (!ev->status && ev->page == 0x01) { 1601 struct inquiry_entry *ie; 1602 1603 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) 1604 ie->data.ssp_mode = (ev->features[0] & 0x01); 1605 1606 conn->ssp_mode = (ev->features[0] & 0x01); 1607 } 1608 1609 if (conn->state == BT_CONFIG) { 1610 if (!ev->status && hdev->ssp_mode > 0 && 1611 conn->ssp_mode > 0 && conn->out && 1612 conn->sec_level != BT_SECURITY_SDP) { 1613 struct hci_cp_auth_requested cp; 1614 cp.handle = ev->handle; 1615 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1616 sizeof(cp), &cp); 1617 } else { 1618 conn->state = BT_CONNECTED; 1619 hci_proto_connect_cfm(conn, ev->status); 1620 hci_conn_put(conn); 1621 } 1622 } 1623 } 1624 1625 hci_dev_unlock(hdev); 1626 } 1627 1628 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1629 { 1630 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 1631 struct hci_conn *conn; 1632 1633 BT_DBG("%s status %d", hdev->name, ev->status); 1634 1635 hci_dev_lock(hdev); 1636 1637 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1638 if (!conn) { 1639 if (ev->link_type == ESCO_LINK) 1640 goto unlock; 1641 1642 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1643 if (!conn) 1644 goto unlock; 1645 1646 conn->type = SCO_LINK; 1647 } 1648 1649 if (conn->out && ev->status == 0x1c && conn->attempt < 2) { 1650 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1651 (hdev->esco_type & EDR_ESCO_MASK); 1652 hci_setup_sync(conn, conn->link->handle); 1653 goto unlock; 1654 } 1655 1656 if (!ev->status) { 1657 conn->handle = __le16_to_cpu(ev->handle); 1658 conn->state = BT_CONNECTED; 1659 1660 hci_conn_add_sysfs(conn); 1661 } else 1662 conn->state = BT_CLOSED; 1663 1664 hci_proto_connect_cfm(conn, ev->status); 1665 if (ev->status) 1666 hci_conn_del(conn); 1667 1668 unlock: 1669 hci_dev_unlock(hdev); 1670 } 1671 1672 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 1673 { 1674 BT_DBG("%s", hdev->name); 1675 } 1676 1677 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 1678 { 1679 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 1680 struct hci_conn *conn; 1681 1682 BT_DBG("%s status %d", hdev->name, ev->status); 1683 1684 hci_dev_lock(hdev); 1685 1686 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1687 if (conn) { 1688 } 1689 1690 hci_dev_unlock(hdev); 1691 } 1692 1693 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1694 { 1695 struct inquiry_data data; 1696 struct extended_inquiry_info *info = (void *) (skb->data + 1); 1697 int num_rsp = *((__u8 *) skb->data); 1698 1699 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1700 1701 if (!num_rsp) 1702 return; 1703 1704 hci_dev_lock(hdev); 1705 1706 for (; num_rsp; num_rsp--) { 1707 bacpy(&data.bdaddr, &info->bdaddr); 1708 data.pscan_rep_mode = info->pscan_rep_mode; 1709 data.pscan_period_mode = info->pscan_period_mode; 1710 data.pscan_mode = 0x00; 1711 memcpy(data.dev_class, info->dev_class, 3); 1712 data.clock_offset = info->clock_offset; 1713 data.rssi = info->rssi; 1714 data.ssp_mode = 0x01; 1715 info++; 1716 hci_inquiry_cache_update(hdev, &data); 1717 } 1718 1719 hci_dev_unlock(hdev); 1720 } 1721 1722 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1723 { 1724 struct hci_ev_io_capa_request *ev = (void *) skb->data; 1725 struct hci_conn *conn; 1726 1727 BT_DBG("%s", hdev->name); 1728 1729 hci_dev_lock(hdev); 1730 1731 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1732 if (conn) 1733 hci_conn_hold(conn); 1734 1735 hci_dev_unlock(hdev); 1736 } 1737 1738 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1739 { 1740 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 1741 struct hci_conn *conn; 1742 1743 BT_DBG("%s", hdev->name); 1744 1745 hci_dev_lock(hdev); 1746 1747 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1748 if (conn) 1749 hci_conn_put(conn); 1750 1751 hci_dev_unlock(hdev); 1752 } 1753 1754 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1755 { 1756 struct hci_ev_remote_host_features *ev = (void *) skb->data; 1757 struct inquiry_entry *ie; 1758 1759 BT_DBG("%s", hdev->name); 1760 1761 hci_dev_lock(hdev); 1762 1763 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) 1764 ie->data.ssp_mode = (ev->features[0] & 0x01); 1765 1766 hci_dev_unlock(hdev); 1767 } 1768 1769 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 1770 { 1771 struct hci_event_hdr *hdr = (void *) skb->data; 1772 __u8 event = hdr->evt; 1773 1774 skb_pull(skb, HCI_EVENT_HDR_SIZE); 1775 1776 switch (event) { 1777 case HCI_EV_INQUIRY_COMPLETE: 1778 hci_inquiry_complete_evt(hdev, skb); 1779 break; 1780 1781 case HCI_EV_INQUIRY_RESULT: 1782 hci_inquiry_result_evt(hdev, skb); 1783 break; 1784 1785 case HCI_EV_CONN_COMPLETE: 1786 hci_conn_complete_evt(hdev, skb); 1787 break; 1788 1789 case HCI_EV_CONN_REQUEST: 1790 hci_conn_request_evt(hdev, skb); 1791 break; 1792 1793 case HCI_EV_DISCONN_COMPLETE: 1794 hci_disconn_complete_evt(hdev, skb); 1795 break; 1796 1797 case HCI_EV_AUTH_COMPLETE: 1798 hci_auth_complete_evt(hdev, skb); 1799 break; 1800 1801 case HCI_EV_REMOTE_NAME: 1802 hci_remote_name_evt(hdev, skb); 1803 break; 1804 1805 case HCI_EV_ENCRYPT_CHANGE: 1806 hci_encrypt_change_evt(hdev, skb); 1807 break; 1808 1809 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 1810 hci_change_link_key_complete_evt(hdev, skb); 1811 break; 1812 1813 case HCI_EV_REMOTE_FEATURES: 1814 hci_remote_features_evt(hdev, skb); 1815 break; 1816 1817 case HCI_EV_REMOTE_VERSION: 1818 hci_remote_version_evt(hdev, skb); 1819 break; 1820 1821 case HCI_EV_QOS_SETUP_COMPLETE: 1822 hci_qos_setup_complete_evt(hdev, skb); 1823 break; 1824 1825 case HCI_EV_CMD_COMPLETE: 1826 hci_cmd_complete_evt(hdev, skb); 1827 break; 1828 1829 case HCI_EV_CMD_STATUS: 1830 hci_cmd_status_evt(hdev, skb); 1831 break; 1832 1833 case HCI_EV_ROLE_CHANGE: 1834 hci_role_change_evt(hdev, skb); 1835 break; 1836 1837 case HCI_EV_NUM_COMP_PKTS: 1838 hci_num_comp_pkts_evt(hdev, skb); 1839 break; 1840 1841 case HCI_EV_MODE_CHANGE: 1842 hci_mode_change_evt(hdev, skb); 1843 break; 1844 1845 case HCI_EV_PIN_CODE_REQ: 1846 hci_pin_code_request_evt(hdev, skb); 1847 break; 1848 1849 case HCI_EV_LINK_KEY_REQ: 1850 hci_link_key_request_evt(hdev, skb); 1851 break; 1852 1853 case HCI_EV_LINK_KEY_NOTIFY: 1854 hci_link_key_notify_evt(hdev, skb); 1855 break; 1856 1857 case HCI_EV_CLOCK_OFFSET: 1858 hci_clock_offset_evt(hdev, skb); 1859 break; 1860 1861 case HCI_EV_PKT_TYPE_CHANGE: 1862 hci_pkt_type_change_evt(hdev, skb); 1863 break; 1864 1865 case HCI_EV_PSCAN_REP_MODE: 1866 hci_pscan_rep_mode_evt(hdev, skb); 1867 break; 1868 1869 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 1870 hci_inquiry_result_with_rssi_evt(hdev, skb); 1871 break; 1872 1873 case HCI_EV_REMOTE_EXT_FEATURES: 1874 hci_remote_ext_features_evt(hdev, skb); 1875 break; 1876 1877 case HCI_EV_SYNC_CONN_COMPLETE: 1878 hci_sync_conn_complete_evt(hdev, skb); 1879 break; 1880 1881 case HCI_EV_SYNC_CONN_CHANGED: 1882 hci_sync_conn_changed_evt(hdev, skb); 1883 break; 1884 1885 case HCI_EV_SNIFF_SUBRATE: 1886 hci_sniff_subrate_evt(hdev, skb); 1887 break; 1888 1889 case HCI_EV_EXTENDED_INQUIRY_RESULT: 1890 hci_extended_inquiry_result_evt(hdev, skb); 1891 break; 1892 1893 case HCI_EV_IO_CAPA_REQUEST: 1894 hci_io_capa_request_evt(hdev, skb); 1895 break; 1896 1897 case HCI_EV_SIMPLE_PAIR_COMPLETE: 1898 hci_simple_pair_complete_evt(hdev, skb); 1899 break; 1900 1901 case HCI_EV_REMOTE_HOST_FEATURES: 1902 hci_remote_host_features_evt(hdev, skb); 1903 break; 1904 1905 default: 1906 BT_DBG("%s event 0x%x", hdev->name, event); 1907 break; 1908 } 1909 1910 kfree_skb(skb); 1911 hdev->stat.evt_rx++; 1912 } 1913 1914 /* Generate internal stack event */ 1915 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 1916 { 1917 struct hci_event_hdr *hdr; 1918 struct hci_ev_stack_internal *ev; 1919 struct sk_buff *skb; 1920 1921 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 1922 if (!skb) 1923 return; 1924 1925 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 1926 hdr->evt = HCI_EV_STACK_INTERNAL; 1927 hdr->plen = sizeof(*ev) + dlen; 1928 1929 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 1930 ev->type = type; 1931 memcpy(ev->data, data, dlen); 1932 1933 bt_cb(skb)->incoming = 1; 1934 __net_timestamp(skb); 1935 1936 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 1937 skb->dev = (void *) hdev; 1938 hci_send_to_sock(hdev, skb); 1939 kfree_skb(skb); 1940 } 1941