1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48
49
50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51{
52 __u8 status = *((__u8 *) skb->data);
53
54 BT_DBG("%s status 0x%x", hdev->name, status);
55
56 if (status)
57 return;
58
59 clear_bit(HCI_INQUIRY, &hdev->flags);
60
61 hci_req_complete(hdev, status);
62
63 hci_conn_check_pending(hdev);
64}
65
66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
69
70 BT_DBG("%s status 0x%x", hdev->name, status);
71
72 if (status)
73 return;
74
75 clear_bit(HCI_INQUIRY, &hdev->flags);
76
77 hci_conn_check_pending(hdev);
78}
79
80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
81{
82 BT_DBG("%s", hdev->name);
83}
84
85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
89
90 BT_DBG("%s status 0x%x", hdev->name, rp->status);
91
92 if (rp->status)
93 return;
94
95 hci_dev_lock(hdev);
96
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98 if (conn) {
99 if (rp->role)
100 conn->link_mode &= ~HCI_LM_MASTER;
101 else
102 conn->link_mode |= HCI_LM_MASTER;
103 }
104
105 hci_dev_unlock(hdev);
106}
107
108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109{
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
112
113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
114
115 if (rp->status)
116 return;
117
118 hci_dev_lock(hdev);
119
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121 if (conn)
122 conn->link_policy = __le16_to_cpu(rp->policy);
123
124 hci_dev_unlock(hdev);
125}
126
127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128{
129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
131 void *sent;
132
133 BT_DBG("%s status 0x%x", hdev->name, rp->status);
134
135 if (rp->status)
136 return;
137
138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139 if (!sent)
140 return;
141
142 hci_dev_lock(hdev);
143
144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
145 if (conn)
146 conn->link_policy = get_unaligned_le16(sent + 2);
147
148 hci_dev_unlock(hdev);
149}
150
151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
152{
153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
154
155 BT_DBG("%s status 0x%x", hdev->name, rp->status);
156
157 if (rp->status)
158 return;
159
160 hdev->link_policy = __le16_to_cpu(rp->policy);
161}
162
163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
164{
165 __u8 status = *((__u8 *) skb->data);
166 void *sent;
167
168 BT_DBG("%s status 0x%x", hdev->name, status);
169
170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
171 if (!sent)
172 return;
173
174 if (!status)
175 hdev->link_policy = get_unaligned_le16(sent);
176
177 hci_req_complete(hdev, status);
178}
179
180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181{
182 __u8 status = *((__u8 *) skb->data);
183
184 BT_DBG("%s status 0x%x", hdev->name, status);
185
186 hci_req_complete(hdev, status);
187}
188
189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
190{
191 __u8 status = *((__u8 *) skb->data);
192 void *sent;
193
194 BT_DBG("%s status 0x%x", hdev->name, status);
195
196 if (status)
197 return;
198
199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200 if (!sent)
201 return;
202
203 memcpy(hdev->dev_name, sent, 248);
204}
205
206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207{
208 struct hci_rp_read_local_name *rp = (void *) skb->data;
209
210 BT_DBG("%s status 0x%x", hdev->name, rp->status);
211
212 if (rp->status)
213 return;
214
215 memcpy(hdev->dev_name, rp->name, 248);
216}
217
218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
219{
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
222
223 BT_DBG("%s status 0x%x", hdev->name, status);
224
225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
226 if (!sent)
227 return;
228
229 if (!status) {
230 __u8 param = *((__u8 *) sent);
231
232 if (param == AUTH_ENABLED)
233 set_bit(HCI_AUTH, &hdev->flags);
234 else
235 clear_bit(HCI_AUTH, &hdev->flags);
236 }
237
238 hci_req_complete(hdev, status);
239}
240
241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
246 BT_DBG("%s status 0x%x", hdev->name, status);
247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param)
256 set_bit(HCI_ENCRYPT, &hdev->flags);
257 else
258 clear_bit(HCI_ENCRYPT, &hdev->flags);
259 }
260
261 hci_req_complete(hdev, status);
262}
263
264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
265{
266 __u8 status = *((__u8 *) skb->data);
267 void *sent;
268
269 BT_DBG("%s status 0x%x", hdev->name, status);
270
271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
272 if (!sent)
273 return;
274
275 if (!status) {
276 __u8 param = *((__u8 *) sent);
277
278 clear_bit(HCI_PSCAN, &hdev->flags);
279 clear_bit(HCI_ISCAN, &hdev->flags);
280
281 if (param & SCAN_INQUIRY)
282 set_bit(HCI_ISCAN, &hdev->flags);
283
284 if (param & SCAN_PAGE)
285 set_bit(HCI_PSCAN, &hdev->flags);
286 }
287
288 hci_req_complete(hdev, status);
289}
290
291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
292{
293 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
294
295 BT_DBG("%s status 0x%x", hdev->name, rp->status);
296
297 if (rp->status)
298 return;
299
300 memcpy(hdev->dev_class, rp->dev_class, 3);
301
302 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
303 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
304}
305
306static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
307{
308 __u8 status = *((__u8 *) skb->data);
309 void *sent;
310
311 BT_DBG("%s status 0x%x", hdev->name, status);
312
313 if (status)
314 return;
315
316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
317 if (!sent)
318 return;
319
320 memcpy(hdev->dev_class, sent, 3);
321}
322
323static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
324{
325 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
326 __u16 setting;
327
328 BT_DBG("%s status 0x%x", hdev->name, rp->status);
329
330 if (rp->status)
331 return;
332
333 setting = __le16_to_cpu(rp->voice_setting);
334
335 if (hdev->voice_setting == setting)
336 return;
337
338 hdev->voice_setting = setting;
339
340 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
341
342 if (hdev->notify) {
343 tasklet_disable(&hdev->tx_task);
344 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
345 tasklet_enable(&hdev->tx_task);
346 }
347}
348
349static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 __u16 setting;
353 void *sent;
354
355 BT_DBG("%s status 0x%x", hdev->name, status);
356
357 if (status)
358 return;
359
360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
361 if (!sent)
362 return;
363
364 setting = get_unaligned_le16(sent);
365
366 if (hdev->voice_setting == setting)
367 return;
368
369 hdev->voice_setting = setting;
370
371 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
372
373 if (hdev->notify) {
374 tasklet_disable(&hdev->tx_task);
375 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
376 tasklet_enable(&hdev->tx_task);
377 }
378}
379
380static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
381{
382 __u8 status = *((__u8 *) skb->data);
383
384 BT_DBG("%s status 0x%x", hdev->name, status);
385
386 hci_req_complete(hdev, status);
387}
388
389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
390{
391 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
392
393 BT_DBG("%s status 0x%x", hdev->name, rp->status);
394
395 if (rp->status)
396 return;
397
398 hdev->ssp_mode = rp->mode;
399}
400
401static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
402{
403 __u8 status = *((__u8 *) skb->data);
404 void *sent;
405
406 BT_DBG("%s status 0x%x", hdev->name, status);
407
408 if (status)
409 return;
410
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
412 if (!sent)
413 return;
414
415 hdev->ssp_mode = *((__u8 *) sent);
416}
417
418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
419{
420 struct hci_rp_read_local_version *rp = (void *) skb->data;
421
422 BT_DBG("%s status 0x%x", hdev->name, rp->status);
423
424 if (rp->status)
425 return;
426
427 hdev->hci_ver = rp->hci_ver;
428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
430
431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
432 hdev->manufacturer,
433 hdev->hci_ver, hdev->hci_rev);
434}
435
436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 struct hci_rp_read_local_commands *rp = (void *) skb->data;
439
440 BT_DBG("%s status 0x%x", hdev->name, rp->status);
441
442 if (rp->status)
443 return;
444
445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
446}
447
448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
449{
450 struct hci_rp_read_local_features *rp = (void *) skb->data;
451
452 BT_DBG("%s status 0x%x", hdev->name, rp->status);
453
454 if (rp->status)
455 return;
456
457 memcpy(hdev->features, rp->features, 8);
458
459
460
461
462 if (hdev->features[0] & LMP_3SLOT)
463 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
464
465 if (hdev->features[0] & LMP_5SLOT)
466 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
467
468 if (hdev->features[1] & LMP_HV2) {
469 hdev->pkt_type |= (HCI_HV2);
470 hdev->esco_type |= (ESCO_HV2);
471 }
472
473 if (hdev->features[1] & LMP_HV3) {
474 hdev->pkt_type |= (HCI_HV3);
475 hdev->esco_type |= (ESCO_HV3);
476 }
477
478 if (hdev->features[3] & LMP_ESCO)
479 hdev->esco_type |= (ESCO_EV3);
480
481 if (hdev->features[4] & LMP_EV4)
482 hdev->esco_type |= (ESCO_EV4);
483
484 if (hdev->features[4] & LMP_EV5)
485 hdev->esco_type |= (ESCO_EV5);
486
487 if (hdev->features[5] & LMP_EDR_ESCO_2M)
488 hdev->esco_type |= (ESCO_2EV3);
489
490 if (hdev->features[5] & LMP_EDR_ESCO_3M)
491 hdev->esco_type |= (ESCO_3EV3);
492
493 if (hdev->features[5] & LMP_EDR_3S_ESCO)
494 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
495
496 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
497 hdev->features[0], hdev->features[1],
498 hdev->features[2], hdev->features[3],
499 hdev->features[4], hdev->features[5],
500 hdev->features[6], hdev->features[7]);
501}
502
503static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
504{
505 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
506
507 BT_DBG("%s status 0x%x", hdev->name, rp->status);
508
509 if (rp->status)
510 return;
511
512 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
513 hdev->sco_mtu = rp->sco_mtu;
514 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
515 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
516
517 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
518 hdev->sco_mtu = 64;
519 hdev->sco_pkts = 8;
520 }
521
522 hdev->acl_cnt = hdev->acl_pkts;
523 hdev->sco_cnt = hdev->sco_pkts;
524
525 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
526 hdev->acl_mtu, hdev->acl_pkts,
527 hdev->sco_mtu, hdev->sco_pkts);
528}
529
530static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
531{
532 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
533
534 BT_DBG("%s status 0x%x", hdev->name, rp->status);
535
536 if (!rp->status)
537 bacpy(&hdev->bdaddr, &rp->bdaddr);
538
539 hci_req_complete(hdev, rp->status);
540}
541
542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
543{
544 BT_DBG("%s status 0x%x", hdev->name, status);
545
546 if (status) {
547 hci_req_complete(hdev, status);
548
549 hci_conn_check_pending(hdev);
550 } else
551 set_bit(HCI_INQUIRY, &hdev->flags);
552}
553
554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
555{
556 struct hci_cp_create_conn *cp;
557 struct hci_conn *conn;
558
559 BT_DBG("%s status 0x%x", hdev->name, status);
560
561 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
562 if (!cp)
563 return;
564
565 hci_dev_lock(hdev);
566
567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
568
569 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
570
571 if (status) {
572 if (conn && conn->state == BT_CONNECT) {
573 if (status != 0x0c || conn->attempt > 2) {
574 conn->state = BT_CLOSED;
575 hci_proto_connect_cfm(conn, status);
576 hci_conn_del(conn);
577 } else
578 conn->state = BT_CONNECT2;
579 }
580 } else {
581 if (!conn) {
582 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
583 if (conn) {
584 conn->out = 1;
585 conn->link_mode |= HCI_LM_MASTER;
586 } else
587 BT_ERR("No memmory for new connection");
588 }
589 }
590
591 hci_dev_unlock(hdev);
592}
593
594static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
595{
596 struct hci_cp_add_sco *cp;
597 struct hci_conn *acl, *sco;
598 __u16 handle;
599
600 BT_DBG("%s status 0x%x", hdev->name, status);
601
602 if (!status)
603 return;
604
605 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
606 if (!cp)
607 return;
608
609 handle = __le16_to_cpu(cp->handle);
610
611 BT_DBG("%s handle %d", hdev->name, handle);
612
613 hci_dev_lock(hdev);
614
615 acl = hci_conn_hash_lookup_handle(hdev, handle);
616 if (acl && (sco = acl->link)) {
617 sco->state = BT_CLOSED;
618
619 hci_proto_connect_cfm(sco, status);
620 hci_conn_del(sco);
621 }
622
623 hci_dev_unlock(hdev);
624}
625
626static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
627{
628 struct hci_cp_auth_requested *cp;
629 struct hci_conn *conn;
630
631 BT_DBG("%s status 0x%x", hdev->name, status);
632
633 if (!status)
634 return;
635
636 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
637 if (!cp)
638 return;
639
640 hci_dev_lock(hdev);
641
642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
643 if (conn) {
644 if (conn->state == BT_CONFIG) {
645 hci_proto_connect_cfm(conn, status);
646 hci_conn_put(conn);
647 }
648 }
649
650 hci_dev_unlock(hdev);
651}
652
653static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
654{
655 struct hci_cp_set_conn_encrypt *cp;
656 struct hci_conn *conn;
657
658 BT_DBG("%s status 0x%x", hdev->name, status);
659
660 if (!status)
661 return;
662
663 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
664 if (!cp)
665 return;
666
667 hci_dev_lock(hdev);
668
669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
670 if (conn) {
671 if (conn->state == BT_CONFIG) {
672 hci_proto_connect_cfm(conn, status);
673 hci_conn_put(conn);
674 }
675 }
676
677 hci_dev_unlock(hdev);
678}
679
680static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
681{
682 BT_DBG("%s status 0x%x", hdev->name, status);
683}
684
685static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
686{
687 struct hci_cp_read_remote_features *cp;
688 struct hci_conn *conn;
689
690 BT_DBG("%s status 0x%x", hdev->name, status);
691
692 if (!status)
693 return;
694
695 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
696 if (!cp)
697 return;
698
699 hci_dev_lock(hdev);
700
701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
702 if (conn) {
703 if (conn->state == BT_CONFIG) {
704 hci_proto_connect_cfm(conn, status);
705 hci_conn_put(conn);
706 }
707 }
708
709 hci_dev_unlock(hdev);
710}
711
712static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
713{
714 struct hci_cp_read_remote_ext_features *cp;
715 struct hci_conn *conn;
716
717 BT_DBG("%s status 0x%x", hdev->name, status);
718
719 if (!status)
720 return;
721
722 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
723 if (!cp)
724 return;
725
726 hci_dev_lock(hdev);
727
728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
729 if (conn) {
730 if (conn->state == BT_CONFIG) {
731 hci_proto_connect_cfm(conn, status);
732 hci_conn_put(conn);
733 }
734 }
735
736 hci_dev_unlock(hdev);
737}
738
739static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
740{
741 struct hci_cp_setup_sync_conn *cp;
742 struct hci_conn *acl, *sco;
743 __u16 handle;
744
745 BT_DBG("%s status 0x%x", hdev->name, status);
746
747 if (!status)
748 return;
749
750 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
751 if (!cp)
752 return;
753
754 handle = __le16_to_cpu(cp->handle);
755
756 BT_DBG("%s handle %d", hdev->name, handle);
757
758 hci_dev_lock(hdev);
759
760 acl = hci_conn_hash_lookup_handle(hdev, handle);
761 if (acl && (sco = acl->link)) {
762 sco->state = BT_CLOSED;
763
764 hci_proto_connect_cfm(sco, status);
765 hci_conn_del(sco);
766 }
767
768 hci_dev_unlock(hdev);
769}
770
771static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
772{
773 struct hci_cp_sniff_mode *cp;
774 struct hci_conn *conn;
775
776 BT_DBG("%s status 0x%x", hdev->name, status);
777
778 if (!status)
779 return;
780
781 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
782 if (!cp)
783 return;
784
785 hci_dev_lock(hdev);
786
787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
788 if (conn)
789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
790
791 hci_dev_unlock(hdev);
792}
793
794static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
795{
796 struct hci_cp_exit_sniff_mode *cp;
797 struct hci_conn *conn;
798
799 BT_DBG("%s status 0x%x", hdev->name, status);
800
801 if (!status)
802 return;
803
804 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
805 if (!cp)
806 return;
807
808 hci_dev_lock(hdev);
809
810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
811 if (conn)
812 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
813
814 hci_dev_unlock(hdev);
815}
816
817static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 __u8 status = *((__u8 *) skb->data);
820
821 BT_DBG("%s status %d", hdev->name, status);
822
823 clear_bit(HCI_INQUIRY, &hdev->flags);
824
825 hci_req_complete(hdev, status);
826
827 hci_conn_check_pending(hdev);
828}
829
830static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
831{
832 struct inquiry_data data;
833 struct inquiry_info *info = (void *) (skb->data + 1);
834 int num_rsp = *((__u8 *) skb->data);
835
836 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
837
838 if (!num_rsp)
839 return;
840
841 hci_dev_lock(hdev);
842
843 for (; num_rsp; num_rsp--) {
844 bacpy(&data.bdaddr, &info->bdaddr);
845 data.pscan_rep_mode = info->pscan_rep_mode;
846 data.pscan_period_mode = info->pscan_period_mode;
847 data.pscan_mode = info->pscan_mode;
848 memcpy(data.dev_class, info->dev_class, 3);
849 data.clock_offset = info->clock_offset;
850 data.rssi = 0x00;
851 data.ssp_mode = 0x00;
852 info++;
853 hci_inquiry_cache_update(hdev, &data);
854 }
855
856 hci_dev_unlock(hdev);
857}
858
859static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
860{
861 struct hci_ev_conn_complete *ev = (void *) skb->data;
862 struct hci_conn *conn;
863
864 BT_DBG("%s", hdev->name);
865
866 hci_dev_lock(hdev);
867
868 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
869 if (!conn) {
870 if (ev->link_type != SCO_LINK)
871 goto unlock;
872
873 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
874 if (!conn)
875 goto unlock;
876
877 conn->type = SCO_LINK;
878 }
879
880 if (!ev->status) {
881 conn->handle = __le16_to_cpu(ev->handle);
882
883 if (conn->type == ACL_LINK) {
884 conn->state = BT_CONFIG;
885 hci_conn_hold(conn);
886 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
887 } else
888 conn->state = BT_CONNECTED;
889
890 hci_conn_add_sysfs(conn);
891
892 if (test_bit(HCI_AUTH, &hdev->flags))
893 conn->link_mode |= HCI_LM_AUTH;
894
895 if (test_bit(HCI_ENCRYPT, &hdev->flags))
896 conn->link_mode |= HCI_LM_ENCRYPT;
897
898
899 if (conn->type == ACL_LINK) {
900 struct hci_cp_read_remote_features cp;
901 cp.handle = ev->handle;
902 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
903 sizeof(cp), &cp);
904 }
905
906
907 if (!conn->out && hdev->hci_ver < 3) {
908 struct hci_cp_change_conn_ptype cp;
909 cp.handle = ev->handle;
910 cp.pkt_type = cpu_to_le16(conn->pkt_type);
911 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
912 sizeof(cp), &cp);
913 }
914 } else
915 conn->state = BT_CLOSED;
916
917 if (conn->type == ACL_LINK) {
918 struct hci_conn *sco = conn->link;
919 if (sco) {
920 if (!ev->status) {
921 if (lmp_esco_capable(hdev))
922 hci_setup_sync(sco, conn->handle);
923 else
924 hci_add_sco(sco, conn->handle);
925 } else {
926 hci_proto_connect_cfm(sco, ev->status);
927 hci_conn_del(sco);
928 }
929 }
930 }
931
932 if (ev->status) {
933 hci_proto_connect_cfm(conn, ev->status);
934 hci_conn_del(conn);
935 } else if (ev->link_type != ACL_LINK)
936 hci_proto_connect_cfm(conn, ev->status);
937
938unlock:
939 hci_dev_unlock(hdev);
940
941 hci_conn_check_pending(hdev);
942}
943
944static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
945{
946 struct hci_ev_conn_request *ev = (void *) skb->data;
947 int mask = hdev->link_mode;
948
949 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
950 batostr(&ev->bdaddr), ev->link_type);
951
952 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
953
954 if (mask & HCI_LM_ACCEPT) {
955
956 struct inquiry_entry *ie;
957 struct hci_conn *conn;
958
959 hci_dev_lock(hdev);
960
961 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
962 memcpy(ie->data.dev_class, ev->dev_class, 3);
963
964 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
965 if (!conn) {
966 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
967 BT_ERR("No memmory for new connection");
968 hci_dev_unlock(hdev);
969 return;
970 }
971 }
972
973 memcpy(conn->dev_class, ev->dev_class, 3);
974 conn->state = BT_CONNECT;
975
976 hci_dev_unlock(hdev);
977
978 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
979 struct hci_cp_accept_conn_req cp;
980
981 bacpy(&cp.bdaddr, &ev->bdaddr);
982
983 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
984 cp.role = 0x00;
985 else
986 cp.role = 0x01;
987
988 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
989 sizeof(cp), &cp);
990 } else {
991 struct hci_cp_accept_sync_conn_req cp;
992
993 bacpy(&cp.bdaddr, &ev->bdaddr);
994 cp.pkt_type = cpu_to_le16(conn->pkt_type);
995
996 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
997 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
998 cp.max_latency = cpu_to_le16(0xffff);
999 cp.content_format = cpu_to_le16(hdev->voice_setting);
1000 cp.retrans_effort = 0xff;
1001
1002 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1003 sizeof(cp), &cp);
1004 }
1005 } else {
1006
1007 struct hci_cp_reject_conn_req cp;
1008
1009 bacpy(&cp.bdaddr, &ev->bdaddr);
1010 cp.reason = 0x0f;
1011 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1012 }
1013}
1014
1015static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1016{
1017 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1018 struct hci_conn *conn;
1019
1020 BT_DBG("%s status %d", hdev->name, ev->status);
1021
1022 if (ev->status)
1023 return;
1024
1025 hci_dev_lock(hdev);
1026
1027 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1028 if (conn) {
1029 conn->state = BT_CLOSED;
1030
1031 hci_proto_disconn_cfm(conn, ev->reason);
1032 hci_conn_del(conn);
1033 }
1034
1035 hci_dev_unlock(hdev);
1036}
1037
1038static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1039{
1040 struct hci_ev_auth_complete *ev = (void *) skb->data;
1041 struct hci_conn *conn;
1042
1043 BT_DBG("%s status %d", hdev->name, ev->status);
1044
1045 hci_dev_lock(hdev);
1046
1047 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1048 if (conn) {
1049 if (!ev->status)
1050 conn->link_mode |= HCI_LM_AUTH;
1051
1052 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1053
1054 if (conn->state == BT_CONFIG) {
1055 if (!ev->status && hdev->ssp_mode > 0 &&
1056 conn->ssp_mode > 0) {
1057 struct hci_cp_set_conn_encrypt cp;
1058 cp.handle = ev->handle;
1059 cp.encrypt = 0x01;
1060 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1061 sizeof(cp), &cp);
1062 } else {
1063 conn->state = BT_CONNECTED;
1064 hci_proto_connect_cfm(conn, ev->status);
1065 hci_conn_put(conn);
1066 }
1067 } else {
1068 hci_auth_cfm(conn, ev->status);
1069
1070 hci_conn_hold(conn);
1071 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1072 hci_conn_put(conn);
1073 }
1074
1075 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1076 if (!ev->status) {
1077 struct hci_cp_set_conn_encrypt cp;
1078 cp.handle = ev->handle;
1079 cp.encrypt = 0x01;
1080 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1081 sizeof(cp), &cp);
1082 } else {
1083 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1084 hci_encrypt_cfm(conn, ev->status, 0x00);
1085 }
1086 }
1087 }
1088
1089 hci_dev_unlock(hdev);
1090}
1091
1092static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1093{
1094 BT_DBG("%s", hdev->name);
1095
1096 hci_conn_check_pending(hdev);
1097}
1098
1099static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1100{
1101 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1102 struct hci_conn *conn;
1103
1104 BT_DBG("%s status %d", hdev->name, ev->status);
1105
1106 hci_dev_lock(hdev);
1107
1108 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1109 if (conn) {
1110 if (!ev->status) {
1111 if (ev->encrypt) {
1112
1113 conn->link_mode |= HCI_LM_AUTH;
1114 conn->link_mode |= HCI_LM_ENCRYPT;
1115 } else
1116 conn->link_mode &= ~HCI_LM_ENCRYPT;
1117 }
1118
1119 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1120
1121 if (conn->state == BT_CONFIG) {
1122 if (!ev->status)
1123 conn->state = BT_CONNECTED;
1124
1125 hci_proto_connect_cfm(conn, ev->status);
1126 hci_conn_put(conn);
1127 } else
1128 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1129 }
1130
1131 hci_dev_unlock(hdev);
1132}
1133
1134static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1135{
1136 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1137 struct hci_conn *conn;
1138
1139 BT_DBG("%s status %d", hdev->name, ev->status);
1140
1141 hci_dev_lock(hdev);
1142
1143 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1144 if (conn) {
1145 if (!ev->status)
1146 conn->link_mode |= HCI_LM_SECURE;
1147
1148 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1149
1150 hci_key_change_cfm(conn, ev->status);
1151 }
1152
1153 hci_dev_unlock(hdev);
1154}
1155
1156static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1157{
1158 struct hci_ev_remote_features *ev = (void *) skb->data;
1159 struct hci_conn *conn;
1160
1161 BT_DBG("%s status %d", hdev->name, ev->status);
1162
1163 hci_dev_lock(hdev);
1164
1165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1166 if (conn) {
1167 if (!ev->status)
1168 memcpy(conn->features, ev->features, 8);
1169
1170 if (conn->state == BT_CONFIG) {
1171 if (!ev->status && lmp_ssp_capable(hdev) &&
1172 lmp_ssp_capable(conn)) {
1173 struct hci_cp_read_remote_ext_features cp;
1174 cp.handle = ev->handle;
1175 cp.page = 0x01;
1176 hci_send_cmd(hdev,
1177 HCI_OP_READ_REMOTE_EXT_FEATURES,
1178 sizeof(cp), &cp);
1179 } else {
1180 conn->state = BT_CONNECTED;
1181 hci_proto_connect_cfm(conn, ev->status);
1182 hci_conn_put(conn);
1183 }
1184 }
1185 }
1186
1187 hci_dev_unlock(hdev);
1188}
1189
1190static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1191{
1192 BT_DBG("%s", hdev->name);
1193}
1194
1195static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1196{
1197 BT_DBG("%s", hdev->name);
1198}
1199
1200static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1201{
1202 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1203 __u16 opcode;
1204
1205 skb_pull(skb, sizeof(*ev));
1206
1207 opcode = __le16_to_cpu(ev->opcode);
1208
1209 switch (opcode) {
1210 case HCI_OP_INQUIRY_CANCEL:
1211 hci_cc_inquiry_cancel(hdev, skb);
1212 break;
1213
1214 case HCI_OP_EXIT_PERIODIC_INQ:
1215 hci_cc_exit_periodic_inq(hdev, skb);
1216 break;
1217
1218 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1219 hci_cc_remote_name_req_cancel(hdev, skb);
1220 break;
1221
1222 case HCI_OP_ROLE_DISCOVERY:
1223 hci_cc_role_discovery(hdev, skb);
1224 break;
1225
1226 case HCI_OP_READ_LINK_POLICY:
1227 hci_cc_read_link_policy(hdev, skb);
1228 break;
1229
1230 case HCI_OP_WRITE_LINK_POLICY:
1231 hci_cc_write_link_policy(hdev, skb);
1232 break;
1233
1234 case HCI_OP_READ_DEF_LINK_POLICY:
1235 hci_cc_read_def_link_policy(hdev, skb);
1236 break;
1237
1238 case HCI_OP_WRITE_DEF_LINK_POLICY:
1239 hci_cc_write_def_link_policy(hdev, skb);
1240 break;
1241
1242 case HCI_OP_RESET:
1243 hci_cc_reset(hdev, skb);
1244 break;
1245
1246 case HCI_OP_WRITE_LOCAL_NAME:
1247 hci_cc_write_local_name(hdev, skb);
1248 break;
1249
1250 case HCI_OP_READ_LOCAL_NAME:
1251 hci_cc_read_local_name(hdev, skb);
1252 break;
1253
1254 case HCI_OP_WRITE_AUTH_ENABLE:
1255 hci_cc_write_auth_enable(hdev, skb);
1256 break;
1257
1258 case HCI_OP_WRITE_ENCRYPT_MODE:
1259 hci_cc_write_encrypt_mode(hdev, skb);
1260 break;
1261
1262 case HCI_OP_WRITE_SCAN_ENABLE:
1263 hci_cc_write_scan_enable(hdev, skb);
1264 break;
1265
1266 case HCI_OP_READ_CLASS_OF_DEV:
1267 hci_cc_read_class_of_dev(hdev, skb);
1268 break;
1269
1270 case HCI_OP_WRITE_CLASS_OF_DEV:
1271 hci_cc_write_class_of_dev(hdev, skb);
1272 break;
1273
1274 case HCI_OP_READ_VOICE_SETTING:
1275 hci_cc_read_voice_setting(hdev, skb);
1276 break;
1277
1278 case HCI_OP_WRITE_VOICE_SETTING:
1279 hci_cc_write_voice_setting(hdev, skb);
1280 break;
1281
1282 case HCI_OP_HOST_BUFFER_SIZE:
1283 hci_cc_host_buffer_size(hdev, skb);
1284 break;
1285
1286 case HCI_OP_READ_SSP_MODE:
1287 hci_cc_read_ssp_mode(hdev, skb);
1288 break;
1289
1290 case HCI_OP_WRITE_SSP_MODE:
1291 hci_cc_write_ssp_mode(hdev, skb);
1292 break;
1293
1294 case HCI_OP_READ_LOCAL_VERSION:
1295 hci_cc_read_local_version(hdev, skb);
1296 break;
1297
1298 case HCI_OP_READ_LOCAL_COMMANDS:
1299 hci_cc_read_local_commands(hdev, skb);
1300 break;
1301
1302 case HCI_OP_READ_LOCAL_FEATURES:
1303 hci_cc_read_local_features(hdev, skb);
1304 break;
1305
1306 case HCI_OP_READ_BUFFER_SIZE:
1307 hci_cc_read_buffer_size(hdev, skb);
1308 break;
1309
1310 case HCI_OP_READ_BD_ADDR:
1311 hci_cc_read_bd_addr(hdev, skb);
1312 break;
1313
1314 default:
1315 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1316 break;
1317 }
1318
1319 if (ev->ncmd) {
1320 atomic_set(&hdev->cmd_cnt, 1);
1321 if (!skb_queue_empty(&hdev->cmd_q))
1322 hci_sched_cmd(hdev);
1323 }
1324}
1325
1326static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1327{
1328 struct hci_ev_cmd_status *ev = (void *) skb->data;
1329 __u16 opcode;
1330
1331 skb_pull(skb, sizeof(*ev));
1332
1333 opcode = __le16_to_cpu(ev->opcode);
1334
1335 switch (opcode) {
1336 case HCI_OP_INQUIRY:
1337 hci_cs_inquiry(hdev, ev->status);
1338 break;
1339
1340 case HCI_OP_CREATE_CONN:
1341 hci_cs_create_conn(hdev, ev->status);
1342 break;
1343
1344 case HCI_OP_ADD_SCO:
1345 hci_cs_add_sco(hdev, ev->status);
1346 break;
1347
1348 case HCI_OP_AUTH_REQUESTED:
1349 hci_cs_auth_requested(hdev, ev->status);
1350 break;
1351
1352 case HCI_OP_SET_CONN_ENCRYPT:
1353 hci_cs_set_conn_encrypt(hdev, ev->status);
1354 break;
1355
1356 case HCI_OP_REMOTE_NAME_REQ:
1357 hci_cs_remote_name_req(hdev, ev->status);
1358 break;
1359
1360 case HCI_OP_READ_REMOTE_FEATURES:
1361 hci_cs_read_remote_features(hdev, ev->status);
1362 break;
1363
1364 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1365 hci_cs_read_remote_ext_features(hdev, ev->status);
1366 break;
1367
1368 case HCI_OP_SETUP_SYNC_CONN:
1369 hci_cs_setup_sync_conn(hdev, ev->status);
1370 break;
1371
1372 case HCI_OP_SNIFF_MODE:
1373 hci_cs_sniff_mode(hdev, ev->status);
1374 break;
1375
1376 case HCI_OP_EXIT_SNIFF_MODE:
1377 hci_cs_exit_sniff_mode(hdev, ev->status);
1378 break;
1379
1380 default:
1381 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1382 break;
1383 }
1384
1385 if (ev->ncmd) {
1386 atomic_set(&hdev->cmd_cnt, 1);
1387 if (!skb_queue_empty(&hdev->cmd_q))
1388 hci_sched_cmd(hdev);
1389 }
1390}
1391
1392static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1393{
1394 struct hci_ev_role_change *ev = (void *) skb->data;
1395 struct hci_conn *conn;
1396
1397 BT_DBG("%s status %d", hdev->name, ev->status);
1398
1399 hci_dev_lock(hdev);
1400
1401 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1402 if (conn) {
1403 if (!ev->status) {
1404 if (ev->role)
1405 conn->link_mode &= ~HCI_LM_MASTER;
1406 else
1407 conn->link_mode |= HCI_LM_MASTER;
1408 }
1409
1410 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1411
1412 hci_role_switch_cfm(conn, ev->status, ev->role);
1413 }
1414
1415 hci_dev_unlock(hdev);
1416}
1417
1418static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1419{
1420 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1421 __le16 *ptr;
1422 int i;
1423
1424 skb_pull(skb, sizeof(*ev));
1425
1426 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1427
1428 if (skb->len < ev->num_hndl * 4) {
1429 BT_DBG("%s bad parameters", hdev->name);
1430 return;
1431 }
1432
1433 tasklet_disable(&hdev->tx_task);
1434
1435 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1436 struct hci_conn *conn;
1437 __u16 handle, count;
1438
1439 handle = get_unaligned_le16(ptr++);
1440 count = get_unaligned_le16(ptr++);
1441
1442 conn = hci_conn_hash_lookup_handle(hdev, handle);
1443 if (conn) {
1444 conn->sent -= count;
1445
1446 if (conn->type == ACL_LINK) {
1447 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1448 hdev->acl_cnt = hdev->acl_pkts;
1449 } else {
1450 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1451 hdev->sco_cnt = hdev->sco_pkts;
1452 }
1453 }
1454 }
1455
1456 hci_sched_tx(hdev);
1457
1458 tasklet_enable(&hdev->tx_task);
1459}
1460
1461static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1462{
1463 struct hci_ev_mode_change *ev = (void *) skb->data;
1464 struct hci_conn *conn;
1465
1466 BT_DBG("%s status %d", hdev->name, ev->status);
1467
1468 hci_dev_lock(hdev);
1469
1470 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1471 if (conn) {
1472 conn->mode = ev->mode;
1473 conn->interval = __le16_to_cpu(ev->interval);
1474
1475 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1476 if (conn->mode == HCI_CM_ACTIVE)
1477 conn->power_save = 1;
1478 else
1479 conn->power_save = 0;
1480 }
1481 }
1482
1483 hci_dev_unlock(hdev);
1484}
1485
1486static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1487{
1488 struct hci_ev_pin_code_req *ev = (void *) skb->data;
1489 struct hci_conn *conn;
1490
1491 BT_DBG("%s", hdev->name);
1492
1493 hci_dev_lock(hdev);
1494
1495 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1496 if (conn && conn->state == BT_CONNECTED) {
1497 hci_conn_hold(conn);
1498 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1499 hci_conn_put(conn);
1500 }
1501
1502 hci_dev_unlock(hdev);
1503}
1504
1505static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1506{
1507 BT_DBG("%s", hdev->name);
1508}
1509
1510static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1511{
1512 struct hci_ev_link_key_notify *ev = (void *) skb->data;
1513 struct hci_conn *conn;
1514
1515 BT_DBG("%s", hdev->name);
1516
1517 hci_dev_lock(hdev);
1518
1519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1520 if (conn) {
1521 hci_conn_hold(conn);
1522 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1523 hci_conn_put(conn);
1524 }
1525
1526 hci_dev_unlock(hdev);
1527}
1528
1529static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1530{
1531 struct hci_ev_clock_offset *ev = (void *) skb->data;
1532 struct hci_conn *conn;
1533
1534 BT_DBG("%s status %d", hdev->name, ev->status);
1535
1536 hci_dev_lock(hdev);
1537
1538 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1539 if (conn && !ev->status) {
1540 struct inquiry_entry *ie;
1541
1542 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1543 ie->data.clock_offset = ev->clock_offset;
1544 ie->timestamp = jiffies;
1545 }
1546 }
1547
1548 hci_dev_unlock(hdev);
1549}
1550
1551static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1552{
1553 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1554 struct hci_conn *conn;
1555
1556 BT_DBG("%s status %d", hdev->name, ev->status);
1557
1558 hci_dev_lock(hdev);
1559
1560 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1561 if (conn && !ev->status)
1562 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1563
1564 hci_dev_unlock(hdev);
1565}
1566
1567static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1568{
1569 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1570 struct inquiry_entry *ie;
1571
1572 BT_DBG("%s", hdev->name);
1573
1574 hci_dev_lock(hdev);
1575
1576 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1577 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1578 ie->timestamp = jiffies;
1579 }
1580
1581 hci_dev_unlock(hdev);
1582}
1583
1584static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1585{
1586 struct inquiry_data data;
1587 int num_rsp = *((__u8 *) skb->data);
1588
1589 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1590
1591 if (!num_rsp)
1592 return;
1593
1594 hci_dev_lock(hdev);
1595
1596 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1597 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1598
1599 for (; num_rsp; num_rsp--) {
1600 bacpy(&data.bdaddr, &info->bdaddr);
1601 data.pscan_rep_mode = info->pscan_rep_mode;
1602 data.pscan_period_mode = info->pscan_period_mode;
1603 data.pscan_mode = info->pscan_mode;
1604 memcpy(data.dev_class, info->dev_class, 3);
1605 data.clock_offset = info->clock_offset;
1606 data.rssi = info->rssi;
1607 data.ssp_mode = 0x00;
1608 info++;
1609 hci_inquiry_cache_update(hdev, &data);
1610 }
1611 } else {
1612 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1613
1614 for (; num_rsp; num_rsp--) {
1615 bacpy(&data.bdaddr, &info->bdaddr);
1616 data.pscan_rep_mode = info->pscan_rep_mode;
1617 data.pscan_period_mode = info->pscan_period_mode;
1618 data.pscan_mode = 0x00;
1619 memcpy(data.dev_class, info->dev_class, 3);
1620 data.clock_offset = info->clock_offset;
1621 data.rssi = info->rssi;
1622 data.ssp_mode = 0x00;
1623 info++;
1624 hci_inquiry_cache_update(hdev, &data);
1625 }
1626 }
1627
1628 hci_dev_unlock(hdev);
1629}
1630
1631static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1632{
1633 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1634 struct hci_conn *conn;
1635
1636 BT_DBG("%s", hdev->name);
1637
1638 hci_dev_lock(hdev);
1639
1640 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1641 if (conn) {
1642 if (!ev->status && ev->page == 0x01) {
1643 struct inquiry_entry *ie;
1644
1645 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1646 ie->data.ssp_mode = (ev->features[0] & 0x01);
1647
1648 conn->ssp_mode = (ev->features[0] & 0x01);
1649 }
1650
1651 if (conn->state == BT_CONFIG) {
1652 if (!ev->status && hdev->ssp_mode > 0 &&
1653 conn->ssp_mode > 0 && conn->out &&
1654 conn->sec_level != BT_SECURITY_SDP) {
1655 struct hci_cp_auth_requested cp;
1656 cp.handle = ev->handle;
1657 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1658 sizeof(cp), &cp);
1659 } else {
1660 conn->state = BT_CONNECTED;
1661 hci_proto_connect_cfm(conn, ev->status);
1662 hci_conn_put(conn);
1663 }
1664 }
1665 }
1666
1667 hci_dev_unlock(hdev);
1668}
1669
1670static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1671{
1672 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1673 struct hci_conn *conn;
1674
1675 BT_DBG("%s status %d", hdev->name, ev->status);
1676
1677 hci_dev_lock(hdev);
1678
1679 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1680 if (!conn) {
1681 if (ev->link_type == ESCO_LINK)
1682 goto unlock;
1683
1684 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1685 if (!conn)
1686 goto unlock;
1687
1688 conn->type = SCO_LINK;
1689 }
1690
1691 switch (ev->status) {
1692 case 0x00:
1693 conn->handle = __le16_to_cpu(ev->handle);
1694 conn->state = BT_CONNECTED;
1695
1696 hci_conn_add_sysfs(conn);
1697 break;
1698
1699 case 0x1c:
1700 case 0x1f:
1701 if (conn->out && conn->attempt < 2) {
1702 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1703 (hdev->esco_type & EDR_ESCO_MASK);
1704 hci_setup_sync(conn, conn->link->handle);
1705 goto unlock;
1706 }
1707
1708
1709 default:
1710 conn->state = BT_CLOSED;
1711 break;
1712 }
1713
1714 hci_proto_connect_cfm(conn, ev->status);
1715 if (ev->status)
1716 hci_conn_del(conn);
1717
1718unlock:
1719 hci_dev_unlock(hdev);
1720}
1721
1722static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1723{
1724 BT_DBG("%s", hdev->name);
1725}
1726
1727static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1728{
1729 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1730 struct hci_conn *conn;
1731
1732 BT_DBG("%s status %d", hdev->name, ev->status);
1733
1734 hci_dev_lock(hdev);
1735
1736 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1737 if (conn) {
1738 }
1739
1740 hci_dev_unlock(hdev);
1741}
1742
1743static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1744{
1745 struct inquiry_data data;
1746 struct extended_inquiry_info *info = (void *) (skb->data + 1);
1747 int num_rsp = *((__u8 *) skb->data);
1748
1749 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1750
1751 if (!num_rsp)
1752 return;
1753
1754 hci_dev_lock(hdev);
1755
1756 for (; num_rsp; num_rsp--) {
1757 bacpy(&data.bdaddr, &info->bdaddr);
1758 data.pscan_rep_mode = info->pscan_rep_mode;
1759 data.pscan_period_mode = info->pscan_period_mode;
1760 data.pscan_mode = 0x00;
1761 memcpy(data.dev_class, info->dev_class, 3);
1762 data.clock_offset = info->clock_offset;
1763 data.rssi = info->rssi;
1764 data.ssp_mode = 0x01;
1765 info++;
1766 hci_inquiry_cache_update(hdev, &data);
1767 }
1768
1769 hci_dev_unlock(hdev);
1770}
1771
1772static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1773{
1774 struct hci_ev_io_capa_request *ev = (void *) skb->data;
1775 struct hci_conn *conn;
1776
1777 BT_DBG("%s", hdev->name);
1778
1779 hci_dev_lock(hdev);
1780
1781 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1782 if (conn)
1783 hci_conn_hold(conn);
1784
1785 hci_dev_unlock(hdev);
1786}
1787
1788static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1789{
1790 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1791 struct hci_conn *conn;
1792
1793 BT_DBG("%s", hdev->name);
1794
1795 hci_dev_lock(hdev);
1796
1797 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1798 if (conn)
1799 hci_conn_put(conn);
1800
1801 hci_dev_unlock(hdev);
1802}
1803
1804static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1805{
1806 struct hci_ev_remote_host_features *ev = (void *) skb->data;
1807 struct inquiry_entry *ie;
1808
1809 BT_DBG("%s", hdev->name);
1810
1811 hci_dev_lock(hdev);
1812
1813 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1814 ie->data.ssp_mode = (ev->features[0] & 0x01);
1815
1816 hci_dev_unlock(hdev);
1817}
1818
1819void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1820{
1821 struct hci_event_hdr *hdr = (void *) skb->data;
1822 __u8 event = hdr->evt;
1823
1824 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1825
1826 switch (event) {
1827 case HCI_EV_INQUIRY_COMPLETE:
1828 hci_inquiry_complete_evt(hdev, skb);
1829 break;
1830
1831 case HCI_EV_INQUIRY_RESULT:
1832 hci_inquiry_result_evt(hdev, skb);
1833 break;
1834
1835 case HCI_EV_CONN_COMPLETE:
1836 hci_conn_complete_evt(hdev, skb);
1837 break;
1838
1839 case HCI_EV_CONN_REQUEST:
1840 hci_conn_request_evt(hdev, skb);
1841 break;
1842
1843 case HCI_EV_DISCONN_COMPLETE:
1844 hci_disconn_complete_evt(hdev, skb);
1845 break;
1846
1847 case HCI_EV_AUTH_COMPLETE:
1848 hci_auth_complete_evt(hdev, skb);
1849 break;
1850
1851 case HCI_EV_REMOTE_NAME:
1852 hci_remote_name_evt(hdev, skb);
1853 break;
1854
1855 case HCI_EV_ENCRYPT_CHANGE:
1856 hci_encrypt_change_evt(hdev, skb);
1857 break;
1858
1859 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1860 hci_change_link_key_complete_evt(hdev, skb);
1861 break;
1862
1863 case HCI_EV_REMOTE_FEATURES:
1864 hci_remote_features_evt(hdev, skb);
1865 break;
1866
1867 case HCI_EV_REMOTE_VERSION:
1868 hci_remote_version_evt(hdev, skb);
1869 break;
1870
1871 case HCI_EV_QOS_SETUP_COMPLETE:
1872 hci_qos_setup_complete_evt(hdev, skb);
1873 break;
1874
1875 case HCI_EV_CMD_COMPLETE:
1876 hci_cmd_complete_evt(hdev, skb);
1877 break;
1878
1879 case HCI_EV_CMD_STATUS:
1880 hci_cmd_status_evt(hdev, skb);
1881 break;
1882
1883 case HCI_EV_ROLE_CHANGE:
1884 hci_role_change_evt(hdev, skb);
1885 break;
1886
1887 case HCI_EV_NUM_COMP_PKTS:
1888 hci_num_comp_pkts_evt(hdev, skb);
1889 break;
1890
1891 case HCI_EV_MODE_CHANGE:
1892 hci_mode_change_evt(hdev, skb);
1893 break;
1894
1895 case HCI_EV_PIN_CODE_REQ:
1896 hci_pin_code_request_evt(hdev, skb);
1897 break;
1898
1899 case HCI_EV_LINK_KEY_REQ:
1900 hci_link_key_request_evt(hdev, skb);
1901 break;
1902
1903 case HCI_EV_LINK_KEY_NOTIFY:
1904 hci_link_key_notify_evt(hdev, skb);
1905 break;
1906
1907 case HCI_EV_CLOCK_OFFSET:
1908 hci_clock_offset_evt(hdev, skb);
1909 break;
1910
1911 case HCI_EV_PKT_TYPE_CHANGE:
1912 hci_pkt_type_change_evt(hdev, skb);
1913 break;
1914
1915 case HCI_EV_PSCAN_REP_MODE:
1916 hci_pscan_rep_mode_evt(hdev, skb);
1917 break;
1918
1919 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1920 hci_inquiry_result_with_rssi_evt(hdev, skb);
1921 break;
1922
1923 case HCI_EV_REMOTE_EXT_FEATURES:
1924 hci_remote_ext_features_evt(hdev, skb);
1925 break;
1926
1927 case HCI_EV_SYNC_CONN_COMPLETE:
1928 hci_sync_conn_complete_evt(hdev, skb);
1929 break;
1930
1931 case HCI_EV_SYNC_CONN_CHANGED:
1932 hci_sync_conn_changed_evt(hdev, skb);
1933 break;
1934
1935 case HCI_EV_SNIFF_SUBRATE:
1936 hci_sniff_subrate_evt(hdev, skb);
1937 break;
1938
1939 case HCI_EV_EXTENDED_INQUIRY_RESULT:
1940 hci_extended_inquiry_result_evt(hdev, skb);
1941 break;
1942
1943 case HCI_EV_IO_CAPA_REQUEST:
1944 hci_io_capa_request_evt(hdev, skb);
1945 break;
1946
1947 case HCI_EV_SIMPLE_PAIR_COMPLETE:
1948 hci_simple_pair_complete_evt(hdev, skb);
1949 break;
1950
1951 case HCI_EV_REMOTE_HOST_FEATURES:
1952 hci_remote_host_features_evt(hdev, skb);
1953 break;
1954
1955 default:
1956 BT_DBG("%s event 0x%x", hdev->name, event);
1957 break;
1958 }
1959
1960 kfree_skb(skb);
1961 hdev->stat.evt_rx++;
1962}
1963
1964
1965void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1966{
1967 struct hci_event_hdr *hdr;
1968 struct hci_ev_stack_internal *ev;
1969 struct sk_buff *skb;
1970
1971 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1972 if (!skb)
1973 return;
1974
1975 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1976 hdr->evt = HCI_EV_STACK_INTERNAL;
1977 hdr->plen = sizeof(*ev) + dlen;
1978
1979 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
1980 ev->type = type;
1981 memcpy(ev->data, data, dlen);
1982
1983 bt_cb(skb)->incoming = 1;
1984 __net_timestamp(skb);
1985
1986 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1987 skb->dev = (void *) hdev;
1988 hci_send_to_sock(hdev, skb);
1989 kfree_skb(skb);
1990}
1991
