1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48
49
50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51{
52 __u8 status = *((__u8 *) skb->data);
53
54 BT_DBG("%s status 0x%x", hdev->name, status);
55
56 if (status)
57 return;
58
59 clear_bit(HCI_INQUIRY, &hdev->flags);
60
61 hci_req_complete(hdev, status);
62
63 hci_conn_check_pending(hdev);
64}
65
66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
69
70 BT_DBG("%s status 0x%x", hdev->name, status);
71
72 if (status)
73 return;
74
75 clear_bit(HCI_INQUIRY, &hdev->flags);
76
77 hci_conn_check_pending(hdev);
78}
79
80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
81{
82 BT_DBG("%s", hdev->name);
83}
84
85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
89
90 BT_DBG("%s status 0x%x", hdev->name, rp->status);
91
92 if (rp->status)
93 return;
94
95 hci_dev_lock(hdev);
96
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98 if (conn) {
99 if (rp->role)
100 conn->link_mode &= ~HCI_LM_MASTER;
101 else
102 conn->link_mode |= HCI_LM_MASTER;
103 }
104
105 hci_dev_unlock(hdev);
106}
107
108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109{
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
112
113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
114
115 if (rp->status)
116 return;
117
118 hci_dev_lock(hdev);
119
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121 if (conn)
122 conn->link_policy = __le16_to_cpu(rp->policy);
123
124 hci_dev_unlock(hdev);
125}
126
127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128{
129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
131 void *sent;
132
133 BT_DBG("%s status 0x%x", hdev->name, rp->status);
134
135 if (rp->status)
136 return;
137
138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139 if (!sent)
140 return;
141
142 hci_dev_lock(hdev);
143
144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
145 if (conn)
146 conn->link_policy = get_unaligned_le16(sent + 2);
147
148 hci_dev_unlock(hdev);
149}
150
151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
152{
153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
154
155 BT_DBG("%s status 0x%x", hdev->name, rp->status);
156
157 if (rp->status)
158 return;
159
160 hdev->link_policy = __le16_to_cpu(rp->policy);
161}
162
163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
164{
165 __u8 status = *((__u8 *) skb->data);
166 void *sent;
167
168 BT_DBG("%s status 0x%x", hdev->name, status);
169
170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
171 if (!sent)
172 return;
173
174 if (!status)
175 hdev->link_policy = get_unaligned_le16(sent);
176
177 hci_req_complete(hdev, status);
178}
179
180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181{
182 __u8 status = *((__u8 *) skb->data);
183
184 BT_DBG("%s status 0x%x", hdev->name, status);
185
186 hci_req_complete(hdev, status);
187}
188
189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
190{
191 __u8 status = *((__u8 *) skb->data);
192 void *sent;
193
194 BT_DBG("%s status 0x%x", hdev->name, status);
195
196 if (status)
197 return;
198
199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200 if (!sent)
201 return;
202
203 memcpy(hdev->dev_name, sent, 248);
204}
205
206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207{
208 struct hci_rp_read_local_name *rp = (void *) skb->data;
209
210 BT_DBG("%s status 0x%x", hdev->name, rp->status);
211
212 if (rp->status)
213 return;
214
215 memcpy(hdev->dev_name, rp->name, 248);
216}
217
218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
219{
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
222
223 BT_DBG("%s status 0x%x", hdev->name, status);
224
225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
226 if (!sent)
227 return;
228
229 if (!status) {
230 __u8 param = *((__u8 *) sent);
231
232 if (param == AUTH_ENABLED)
233 set_bit(HCI_AUTH, &hdev->flags);
234 else
235 clear_bit(HCI_AUTH, &hdev->flags);
236 }
237
238 hci_req_complete(hdev, status);
239}
240
241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
246 BT_DBG("%s status 0x%x", hdev->name, status);
247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param)
256 set_bit(HCI_ENCRYPT, &hdev->flags);
257 else
258 clear_bit(HCI_ENCRYPT, &hdev->flags);
259 }
260
261 hci_req_complete(hdev, status);
262}
263
264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
265{
266 __u8 status = *((__u8 *) skb->data);
267 void *sent;
268
269 BT_DBG("%s status 0x%x", hdev->name, status);
270
271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
272 if (!sent)
273 return;
274
275 if (!status) {
276 __u8 param = *((__u8 *) sent);
277
278 clear_bit(HCI_PSCAN, &hdev->flags);
279 clear_bit(HCI_ISCAN, &hdev->flags);
280
281 if (param & SCAN_INQUIRY)
282 set_bit(HCI_ISCAN, &hdev->flags);
283
284 if (param & SCAN_PAGE)
285 set_bit(HCI_PSCAN, &hdev->flags);
286 }
287
288 hci_req_complete(hdev, status);
289}
290
291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
292{
293 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
294
295 BT_DBG("%s status 0x%x", hdev->name, rp->status);
296
297 if (rp->status)
298 return;
299
300 memcpy(hdev->dev_class, rp->dev_class, 3);
301
302 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
303 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
304}
305
306static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
307{
308 __u8 status = *((__u8 *) skb->data);
309 void *sent;
310
311 BT_DBG("%s status 0x%x", hdev->name, status);
312
313 if (status)
314 return;
315
316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
317 if (!sent)
318 return;
319
320 memcpy(hdev->dev_class, sent, 3);
321}
322
323static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
324{
325 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
326 __u16 setting;
327
328 BT_DBG("%s status 0x%x", hdev->name, rp->status);
329
330 if (rp->status)
331 return;
332
333 setting = __le16_to_cpu(rp->voice_setting);
334
335 if (hdev->voice_setting == setting)
336 return;
337
338 hdev->voice_setting = setting;
339
340 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
341
342 if (hdev->notify) {
343 tasklet_disable(&hdev->tx_task);
344 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
345 tasklet_enable(&hdev->tx_task);
346 }
347}
348
349static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 __u16 setting;
353 void *sent;
354
355 BT_DBG("%s status 0x%x", hdev->name, status);
356
357 if (status)
358 return;
359
360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
361 if (!sent)
362 return;
363
364 setting = get_unaligned_le16(sent);
365
366 if (hdev->voice_setting == setting)
367 return;
368
369 hdev->voice_setting = setting;
370
371 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
372
373 if (hdev->notify) {
374 tasklet_disable(&hdev->tx_task);
375 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
376 tasklet_enable(&hdev->tx_task);
377 }
378}
379
380static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
381{
382 __u8 status = *((__u8 *) skb->data);
383
384 BT_DBG("%s status 0x%x", hdev->name, status);
385
386 hci_req_complete(hdev, status);
387}
388
389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
390{
391 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
392
393 BT_DBG("%s status 0x%x", hdev->name, rp->status);
394
395 if (rp->status)
396 return;
397
398 hdev->ssp_mode = rp->mode;
399}
400
401static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
402{
403 __u8 status = *((__u8 *) skb->data);
404 void *sent;
405
406 BT_DBG("%s status 0x%x", hdev->name, status);
407
408 if (status)
409 return;
410
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
412 if (!sent)
413 return;
414
415 hdev->ssp_mode = *((__u8 *) sent);
416}
417
418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
419{
420 struct hci_rp_read_local_version *rp = (void *) skb->data;
421
422 BT_DBG("%s status 0x%x", hdev->name, rp->status);
423
424 if (rp->status)
425 return;
426
427 hdev->hci_ver = rp->hci_ver;
428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
430
431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
432 hdev->manufacturer,
433 hdev->hci_ver, hdev->hci_rev);
434}
435
436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 struct hci_rp_read_local_commands *rp = (void *) skb->data;
439
440 BT_DBG("%s status 0x%x", hdev->name, rp->status);
441
442 if (rp->status)
443 return;
444
445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
446}
447
448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
449{
450 struct hci_rp_read_local_features *rp = (void *) skb->data;
451
452 BT_DBG("%s status 0x%x", hdev->name, rp->status);
453
454 if (rp->status)
455 return;
456
457 memcpy(hdev->features, rp->features, 8);
458
459
460
461
462 if (hdev->features[0] & LMP_3SLOT)
463 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
464
465 if (hdev->features[0] & LMP_5SLOT)
466 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
467
468 if (hdev->features[1] & LMP_HV2) {
469 hdev->pkt_type |= (HCI_HV2);
470 hdev->esco_type |= (ESCO_HV2);
471 }
472
473 if (hdev->features[1] & LMP_HV3) {
474 hdev->pkt_type |= (HCI_HV3);
475 hdev->esco_type |= (ESCO_HV3);
476 }
477
478 if (hdev->features[3] & LMP_ESCO)
479 hdev->esco_type |= (ESCO_EV3);
480
481 if (hdev->features[4] & LMP_EV4)
482 hdev->esco_type |= (ESCO_EV4);
483
484 if (hdev->features[4] & LMP_EV5)
485 hdev->esco_type |= (ESCO_EV5);
486
487 if (hdev->features[5] & LMP_EDR_ESCO_2M)
488 hdev->esco_type |= (ESCO_2EV3);
489
490 if (hdev->features[5] & LMP_EDR_ESCO_3M)
491 hdev->esco_type |= (ESCO_3EV3);
492
493 if (hdev->features[5] & LMP_EDR_3S_ESCO)
494 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
495
496 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
497 hdev->features[0], hdev->features[1],
498 hdev->features[2], hdev->features[3],
499 hdev->features[4], hdev->features[5],
500 hdev->features[6], hdev->features[7]);
501}
502
503static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
504{
505 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
506
507 BT_DBG("%s status 0x%x", hdev->name, rp->status);
508
509 if (rp->status)
510 return;
511
512 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
513 hdev->sco_mtu = rp->sco_mtu;
514 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
515 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
516
517 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
518 hdev->sco_mtu = 64;
519 hdev->sco_pkts = 8;
520 }
521
522 hdev->acl_cnt = hdev->acl_pkts;
523 hdev->sco_cnt = hdev->sco_pkts;
524
525 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
526 hdev->acl_mtu, hdev->acl_pkts,
527 hdev->sco_mtu, hdev->sco_pkts);
528}
529
530static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
531{
532 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
533
534 BT_DBG("%s status 0x%x", hdev->name, rp->status);
535
536 if (!rp->status)
537 bacpy(&hdev->bdaddr, &rp->bdaddr);
538
539 hci_req_complete(hdev, rp->status);
540}
541
542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
543{
544 BT_DBG("%s status 0x%x", hdev->name, status);
545
546 if (status) {
547 hci_req_complete(hdev, status);
548
549 hci_conn_check_pending(hdev);
550 } else
551 set_bit(HCI_INQUIRY, &hdev->flags);
552}
553
554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
555{
556 struct hci_cp_create_conn *cp;
557 struct hci_conn *conn;
558
559 BT_DBG("%s status 0x%x", hdev->name, status);
560
561 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
562 if (!cp)
563 return;
564
565 hci_dev_lock(hdev);
566
567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
568
569 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
570
571 if (status) {
572 if (conn && conn->state == BT_CONNECT) {
573 if (status != 0x0c || conn->attempt > 2) {
574 conn->state = BT_CLOSED;
575 hci_proto_connect_cfm(conn, status);
576 hci_conn_del(conn);
577 } else
578 conn->state = BT_CONNECT2;
579 }
580 } else {
581 if (!conn) {
582 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
583 if (conn) {
584 conn->out = 1;
585 conn->link_mode |= HCI_LM_MASTER;
586 } else
587 BT_ERR("No memmory for new connection");
588 }
589 }
590
591 hci_dev_unlock(hdev);
592}
593
594static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
595{
596 struct hci_cp_add_sco *cp;
597 struct hci_conn *acl, *sco;
598 __u16 handle;
599
600 BT_DBG("%s status 0x%x", hdev->name, status);
601
602 if (!status)
603 return;
604
605 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
606 if (!cp)
607 return;
608
609 handle = __le16_to_cpu(cp->handle);
610
611 BT_DBG("%s handle %d", hdev->name, handle);
612
613 hci_dev_lock(hdev);
614
615 acl = hci_conn_hash_lookup_handle(hdev, handle);
616 if (acl && (sco = acl->link)) {
617 sco->state = BT_CLOSED;
618
619 hci_proto_connect_cfm(sco, status);
620 hci_conn_del(sco);
621 }
622
623 hci_dev_unlock(hdev);
624}
625
626static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
627{
628 struct hci_cp_auth_requested *cp;
629 struct hci_conn *conn;
630
631 BT_DBG("%s status 0x%x", hdev->name, status);
632
633 if (!status)
634 return;
635
636 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
637 if (!cp)
638 return;
639
640 hci_dev_lock(hdev);
641
642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
643 if (conn) {
644 if (conn->state == BT_CONFIG) {
645 hci_proto_connect_cfm(conn, status);
646 hci_conn_put(conn);
647 }
648 }
649
650 hci_dev_unlock(hdev);
651}
652
653static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
654{
655 struct hci_cp_set_conn_encrypt *cp;
656 struct hci_conn *conn;
657
658 BT_DBG("%s status 0x%x", hdev->name, status);
659
660 if (!status)
661 return;
662
663 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
664 if (!cp)
665 return;
666
667 hci_dev_lock(hdev);
668
669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
670 if (conn) {
671 if (conn->state == BT_CONFIG) {
672 hci_proto_connect_cfm(conn, status);
673 hci_conn_put(conn);
674 }
675 }
676
677 hci_dev_unlock(hdev);
678}
679
680static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
681{
682 BT_DBG("%s status 0x%x", hdev->name, status);
683}
684
685static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
686{
687 struct hci_cp_read_remote_features *cp;
688 struct hci_conn *conn;
689
690 BT_DBG("%s status 0x%x", hdev->name, status);
691
692 if (!status)
693 return;
694
695 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
696 if (!cp)
697 return;
698
699 hci_dev_lock(hdev);
700
701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
702 if (conn) {
703 if (conn->state == BT_CONFIG) {
704 hci_proto_connect_cfm(conn, status);
705 hci_conn_put(conn);
706 }
707 }
708
709 hci_dev_unlock(hdev);
710}
711
712static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
713{
714 struct hci_cp_read_remote_ext_features *cp;
715 struct hci_conn *conn;
716
717 BT_DBG("%s status 0x%x", hdev->name, status);
718
719 if (!status)
720 return;
721
722 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
723 if (!cp)
724 return;
725
726 hci_dev_lock(hdev);
727
728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
729 if (conn) {
730 if (conn->state == BT_CONFIG) {
731 hci_proto_connect_cfm(conn, status);
732 hci_conn_put(conn);
733 }
734 }
735
736 hci_dev_unlock(hdev);
737}
738
739static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
740{
741 struct hci_cp_setup_sync_conn *cp;
742 struct hci_conn *acl, *sco;
743 __u16 handle;
744
745 BT_DBG("%s status 0x%x", hdev->name, status);
746
747 if (!status)
748 return;
749
750 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
751 if (!cp)
752 return;
753
754 handle = __le16_to_cpu(cp->handle);
755
756 BT_DBG("%s handle %d", hdev->name, handle);
757
758 hci_dev_lock(hdev);
759
760 acl = hci_conn_hash_lookup_handle(hdev, handle);
761 if (acl && (sco = acl->link)) {
762 sco->state = BT_CLOSED;
763
764 hci_proto_connect_cfm(sco, status);
765 hci_conn_del(sco);
766 }
767
768 hci_dev_unlock(hdev);
769}
770
771static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
772{
773 struct hci_cp_sniff_mode *cp;
774 struct hci_conn *conn;
775
776 BT_DBG("%s status 0x%x", hdev->name, status);
777
778 if (!status)
779 return;
780
781 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
782 if (!cp)
783 return;
784
785 hci_dev_lock(hdev);
786
787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
788 if (conn)
789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
790
791 hci_dev_unlock(hdev);
792}
793
794static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
795{
796 struct hci_cp_exit_sniff_mode *cp;
797 struct hci_conn *conn;
798
799 BT_DBG("%s status 0x%x", hdev->name, status);
800
801 if (!status)
802 return;
803
804 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
805 if (!cp)
806 return;
807
808 hci_dev_lock(hdev);
809
810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
811 if (conn)
812 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
813
814 hci_dev_unlock(hdev);
815}
816
817static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 __u8 status = *((__u8 *) skb->data);
820
821 BT_DBG("%s status %d", hdev->name, status);
822
823 clear_bit(HCI_INQUIRY, &hdev->flags);
824
825 hci_req_complete(hdev, status);
826
827 hci_conn_check_pending(hdev);
828}
829
830static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
831{
832 struct inquiry_data data;
833 struct inquiry_info *info = (void *) (skb->data + 1);
834 int num_rsp = *((__u8 *) skb->data);
835
836 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
837
838 if (!num_rsp)
839 return;
840
841 hci_dev_lock(hdev);
842
843 for (; num_rsp; num_rsp--) {
844 bacpy(&data.bdaddr, &info->bdaddr);
845 data.pscan_rep_mode = info->pscan_rep_mode;
846 data.pscan_period_mode = info->pscan_period_mode;
847 data.pscan_mode = info->pscan_mode;
848 memcpy(data.dev_class, info->dev_class, 3);
849 data.clock_offset = info->clock_offset;
850 data.rssi = 0x00;
851 data.ssp_mode = 0x00;
852 info++;
853 hci_inquiry_cache_update(hdev, &data);
854 }
855
856 hci_dev_unlock(hdev);
857}
858
859static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
860{
861 struct hci_ev_conn_complete *ev = (void *) skb->data;
862 struct hci_conn *conn;
863
864 BT_DBG("%s", hdev->name);
865
866 hci_dev_lock(hdev);
867
868 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
869 if (!conn) {
870 if (ev->link_type != SCO_LINK)
871 goto unlock;
872
873 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
874 if (!conn)
875 goto unlock;
876
877 conn->type = SCO_LINK;
878 }
879
880 if (!ev->status) {
881 conn->handle = __le16_to_cpu(ev->handle);
882
883 if (conn->type == ACL_LINK) {
884 conn->state = BT_CONFIG;
885 hci_conn_hold(conn);
886 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
887 } else
888 conn->state = BT_CONNECTED;
889
890 hci_conn_hold_device(conn);
891 hci_conn_add_sysfs(conn);
892
893 if (test_bit(HCI_AUTH, &hdev->flags))
894 conn->link_mode |= HCI_LM_AUTH;
895
896 if (test_bit(HCI_ENCRYPT, &hdev->flags))
897 conn->link_mode |= HCI_LM_ENCRYPT;
898
899
900 if (conn->type == ACL_LINK) {
901 struct hci_cp_read_remote_features cp;
902 cp.handle = ev->handle;
903 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
904 sizeof(cp), &cp);
905 }
906
907
908 if (!conn->out && hdev->hci_ver < 3) {
909 struct hci_cp_change_conn_ptype cp;
910 cp.handle = ev->handle;
911 cp.pkt_type = cpu_to_le16(conn->pkt_type);
912 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
913 sizeof(cp), &cp);
914 }
915 } else
916 conn->state = BT_CLOSED;
917
918 if (conn->type == ACL_LINK) {
919 struct hci_conn *sco = conn->link;
920 if (sco) {
921 if (!ev->status) {
922 if (lmp_esco_capable(hdev))
923 hci_setup_sync(sco, conn->handle);
924 else
925 hci_add_sco(sco, conn->handle);
926 } else {
927 hci_proto_connect_cfm(sco, ev->status);
928 hci_conn_del(sco);
929 }
930 }
931 }
932
933 if (ev->status) {
934 hci_proto_connect_cfm(conn, ev->status);
935 hci_conn_del(conn);
936 } else if (ev->link_type != ACL_LINK)
937 hci_proto_connect_cfm(conn, ev->status);
938
939unlock:
940 hci_dev_unlock(hdev);
941
942 hci_conn_check_pending(hdev);
943}
944
945static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
946{
947 struct hci_ev_conn_request *ev = (void *) skb->data;
948 int mask = hdev->link_mode;
949
950 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
951 batostr(&ev->bdaddr), ev->link_type);
952
953 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
954
955 if (mask & HCI_LM_ACCEPT) {
956
957 struct inquiry_entry *ie;
958 struct hci_conn *conn;
959
960 hci_dev_lock(hdev);
961
962 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
963 memcpy(ie->data.dev_class, ev->dev_class, 3);
964
965 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
966 if (!conn) {
967 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
968 BT_ERR("No memmory for new connection");
969 hci_dev_unlock(hdev);
970 return;
971 }
972 }
973
974 memcpy(conn->dev_class, ev->dev_class, 3);
975 conn->state = BT_CONNECT;
976
977 hci_dev_unlock(hdev);
978
979 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
980 struct hci_cp_accept_conn_req cp;
981
982 bacpy(&cp.bdaddr, &ev->bdaddr);
983
984 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
985 cp.role = 0x00;
986 else
987 cp.role = 0x01;
988
989 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
990 sizeof(cp), &cp);
991 } else {
992 struct hci_cp_accept_sync_conn_req cp;
993
994 bacpy(&cp.bdaddr, &ev->bdaddr);
995 cp.pkt_type = cpu_to_le16(conn->pkt_type);
996
997 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
998 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
999 cp.max_latency = cpu_to_le16(0xffff);
1000 cp.content_format = cpu_to_le16(hdev->voice_setting);
1001 cp.retrans_effort = 0xff;
1002
1003 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1004 sizeof(cp), &cp);
1005 }
1006 } else {
1007
1008 struct hci_cp_reject_conn_req cp;
1009
1010 bacpy(&cp.bdaddr, &ev->bdaddr);
1011 cp.reason = 0x0f;
1012 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1013 }
1014}
1015
1016static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1017{
1018 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1019 struct hci_conn *conn;
1020
1021 BT_DBG("%s status %d", hdev->name, ev->status);
1022
1023 if (ev->status)
1024 return;
1025
1026 hci_dev_lock(hdev);
1027
1028 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1029 if (conn) {
1030 conn->state = BT_CLOSED;
1031
1032 hci_proto_disconn_cfm(conn, ev->reason);
1033 hci_conn_del(conn);
1034 }
1035
1036 hci_dev_unlock(hdev);
1037}
1038
1039static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1040{
1041 struct hci_ev_auth_complete *ev = (void *) skb->data;
1042 struct hci_conn *conn;
1043
1044 BT_DBG("%s status %d", hdev->name, ev->status);
1045
1046 hci_dev_lock(hdev);
1047
1048 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1049 if (conn) {
1050 if (!ev->status)
1051 conn->link_mode |= HCI_LM_AUTH;
1052
1053 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1054
1055 if (conn->state == BT_CONFIG) {
1056 if (!ev->status && hdev->ssp_mode > 0 &&
1057 conn->ssp_mode > 0) {
1058 struct hci_cp_set_conn_encrypt cp;
1059 cp.handle = ev->handle;
1060 cp.encrypt = 0x01;
1061 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1062 sizeof(cp), &cp);
1063 } else {
1064 conn->state = BT_CONNECTED;
1065 hci_proto_connect_cfm(conn, ev->status);
1066 hci_conn_put(conn);
1067 }
1068 } else {
1069 hci_auth_cfm(conn, ev->status);
1070
1071 hci_conn_hold(conn);
1072 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1073 hci_conn_put(conn);
1074 }
1075
1076 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1077 if (!ev->status) {
1078 struct hci_cp_set_conn_encrypt cp;
1079 cp.handle = ev->handle;
1080 cp.encrypt = 0x01;
1081 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1082 sizeof(cp), &cp);
1083 } else {
1084 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1085 hci_encrypt_cfm(conn, ev->status, 0x00);
1086 }
1087 }
1088 }
1089
1090 hci_dev_unlock(hdev);
1091}
1092
1093static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1094{
1095 BT_DBG("%s", hdev->name);
1096
1097 hci_conn_check_pending(hdev);
1098}
1099
1100static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1101{
1102 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1103 struct hci_conn *conn;
1104
1105 BT_DBG("%s status %d", hdev->name, ev->status);
1106
1107 hci_dev_lock(hdev);
1108
1109 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1110 if (conn) {
1111 if (!ev->status) {
1112 if (ev->encrypt) {
1113
1114 conn->link_mode |= HCI_LM_AUTH;
1115 conn->link_mode |= HCI_LM_ENCRYPT;
1116 } else
1117 conn->link_mode &= ~HCI_LM_ENCRYPT;
1118 }
1119
1120 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1121
1122 if (conn->state == BT_CONFIG) {
1123 if (!ev->status)
1124 conn->state = BT_CONNECTED;
1125
1126 hci_proto_connect_cfm(conn, ev->status);
1127 hci_conn_put(conn);
1128 } else
1129 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1130 }
1131
1132 hci_dev_unlock(hdev);
1133}
1134
1135static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1136{
1137 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1138 struct hci_conn *conn;
1139
1140 BT_DBG("%s status %d", hdev->name, ev->status);
1141
1142 hci_dev_lock(hdev);
1143
1144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1145 if (conn) {
1146 if (!ev->status)
1147 conn->link_mode |= HCI_LM_SECURE;
1148
1149 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1150
1151 hci_key_change_cfm(conn, ev->status);
1152 }
1153
1154 hci_dev_unlock(hdev);
1155}
1156
1157static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1158{
1159 struct hci_ev_remote_features *ev = (void *) skb->data;
1160 struct hci_conn *conn;
1161
1162 BT_DBG("%s status %d", hdev->name, ev->status);
1163
1164 hci_dev_lock(hdev);
1165
1166 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1167 if (conn) {
1168 if (!ev->status)
1169 memcpy(conn->features, ev->features, 8);
1170
1171 if (conn->state == BT_CONFIG) {
1172 if (!ev->status && lmp_ssp_capable(hdev) &&
1173 lmp_ssp_capable(conn)) {
1174 struct hci_cp_read_remote_ext_features cp;
1175 cp.handle = ev->handle;
1176 cp.page = 0x01;
1177 hci_send_cmd(hdev,
1178 HCI_OP_READ_REMOTE_EXT_FEATURES,
1179 sizeof(cp), &cp);
1180 } else {
1181 conn->state = BT_CONNECTED;
1182 hci_proto_connect_cfm(conn, ev->status);
1183 hci_conn_put(conn);
1184 }
1185 }
1186 }
1187
1188 hci_dev_unlock(hdev);
1189}
1190
1191static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1192{
1193 BT_DBG("%s", hdev->name);
1194}
1195
1196static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1197{
1198 BT_DBG("%s", hdev->name);
1199}
1200
1201static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1202{
1203 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1204 __u16 opcode;
1205
1206 skb_pull(skb, sizeof(*ev));
1207
1208 opcode = __le16_to_cpu(ev->opcode);
1209
1210 switch (opcode) {
1211 case HCI_OP_INQUIRY_CANCEL:
1212 hci_cc_inquiry_cancel(hdev, skb);
1213 break;
1214
1215 case HCI_OP_EXIT_PERIODIC_INQ:
1216 hci_cc_exit_periodic_inq(hdev, skb);
1217 break;
1218
1219 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1220 hci_cc_remote_name_req_cancel(hdev, skb);
1221 break;
1222
1223 case HCI_OP_ROLE_DISCOVERY:
1224 hci_cc_role_discovery(hdev, skb);
1225 break;
1226
1227 case HCI_OP_READ_LINK_POLICY:
1228 hci_cc_read_link_policy(hdev, skb);
1229 break;
1230
1231 case HCI_OP_WRITE_LINK_POLICY:
1232 hci_cc_write_link_policy(hdev, skb);
1233 break;
1234
1235 case HCI_OP_READ_DEF_LINK_POLICY:
1236 hci_cc_read_def_link_policy(hdev, skb);
1237 break;
1238
1239 case HCI_OP_WRITE_DEF_LINK_POLICY:
1240 hci_cc_write_def_link_policy(hdev, skb);
1241 break;
1242
1243 case HCI_OP_RESET:
1244 hci_cc_reset(hdev, skb);
1245 break;
1246
1247 case HCI_OP_WRITE_LOCAL_NAME:
1248 hci_cc_write_local_name(hdev, skb);
1249 break;
1250
1251 case HCI_OP_READ_LOCAL_NAME:
1252 hci_cc_read_local_name(hdev, skb);
1253 break;
1254
1255 case HCI_OP_WRITE_AUTH_ENABLE:
1256 hci_cc_write_auth_enable(hdev, skb);
1257 break;
1258
1259 case HCI_OP_WRITE_ENCRYPT_MODE:
1260 hci_cc_write_encrypt_mode(hdev, skb);
1261 break;
1262
1263 case HCI_OP_WRITE_SCAN_ENABLE:
1264 hci_cc_write_scan_enable(hdev, skb);
1265 break;
1266
1267 case HCI_OP_READ_CLASS_OF_DEV:
1268 hci_cc_read_class_of_dev(hdev, skb);
1269 break;
1270
1271 case HCI_OP_WRITE_CLASS_OF_DEV:
1272 hci_cc_write_class_of_dev(hdev, skb);
1273 break;
1274
1275 case HCI_OP_READ_VOICE_SETTING:
1276 hci_cc_read_voice_setting(hdev, skb);
1277 break;
1278
1279 case HCI_OP_WRITE_VOICE_SETTING:
1280 hci_cc_write_voice_setting(hdev, skb);
1281 break;
1282
1283 case HCI_OP_HOST_BUFFER_SIZE:
1284 hci_cc_host_buffer_size(hdev, skb);
1285 break;
1286
1287 case HCI_OP_READ_SSP_MODE:
1288 hci_cc_read_ssp_mode(hdev, skb);
1289 break;
1290
1291 case HCI_OP_WRITE_SSP_MODE:
1292 hci_cc_write_ssp_mode(hdev, skb);
1293 break;
1294
1295 case HCI_OP_READ_LOCAL_VERSION:
1296 hci_cc_read_local_version(hdev, skb);
1297 break;
1298
1299 case HCI_OP_READ_LOCAL_COMMANDS:
1300 hci_cc_read_local_commands(hdev, skb);
1301 break;
1302
1303 case HCI_OP_READ_LOCAL_FEATURES:
1304 hci_cc_read_local_features(hdev, skb);
1305 break;
1306
1307 case HCI_OP_READ_BUFFER_SIZE:
1308 hci_cc_read_buffer_size(hdev, skb);
1309 break;
1310
1311 case HCI_OP_READ_BD_ADDR:
1312 hci_cc_read_bd_addr(hdev, skb);
1313 break;
1314
1315 default:
1316 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1317 break;
1318 }
1319
1320 if (ev->ncmd) {
1321 atomic_set(&hdev->cmd_cnt, 1);
1322 if (!skb_queue_empty(&hdev->cmd_q))
1323 hci_sched_cmd(hdev);
1324 }
1325}
1326
1327static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1328{
1329 struct hci_ev_cmd_status *ev = (void *) skb->data;
1330 __u16 opcode;
1331
1332 skb_pull(skb, sizeof(*ev));
1333
1334 opcode = __le16_to_cpu(ev->opcode);
1335
1336 switch (opcode) {
1337 case HCI_OP_INQUIRY:
1338 hci_cs_inquiry(hdev, ev->status);
1339 break;
1340
1341 case HCI_OP_CREATE_CONN:
1342 hci_cs_create_conn(hdev, ev->status);
1343 break;
1344
1345 case HCI_OP_ADD_SCO:
1346 hci_cs_add_sco(hdev, ev->status);
1347 break;
1348
1349 case HCI_OP_AUTH_REQUESTED:
1350 hci_cs_auth_requested(hdev, ev->status);
1351 break;
1352
1353 case HCI_OP_SET_CONN_ENCRYPT:
1354 hci_cs_set_conn_encrypt(hdev, ev->status);
1355 break;
1356
1357 case HCI_OP_REMOTE_NAME_REQ:
1358 hci_cs_remote_name_req(hdev, ev->status);
1359 break;
1360
1361 case HCI_OP_READ_REMOTE_FEATURES:
1362 hci_cs_read_remote_features(hdev, ev->status);
1363 break;
1364
1365 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1366 hci_cs_read_remote_ext_features(hdev, ev->status);
1367 break;
1368
1369 case HCI_OP_SETUP_SYNC_CONN:
1370 hci_cs_setup_sync_conn(hdev, ev->status);
1371 break;
1372
1373 case HCI_OP_SNIFF_MODE:
1374 hci_cs_sniff_mode(hdev, ev->status);
1375 break;
1376
1377 case HCI_OP_EXIT_SNIFF_MODE:
1378 hci_cs_exit_sniff_mode(hdev, ev->status);
1379 break;
1380
1381 default:
1382 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1383 break;
1384 }
1385
1386 if (ev->ncmd) {
1387 atomic_set(&hdev->cmd_cnt, 1);
1388 if (!skb_queue_empty(&hdev->cmd_q))
1389 hci_sched_cmd(hdev);
1390 }
1391}
1392
1393static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1394{
1395 struct hci_ev_role_change *ev = (void *) skb->data;
1396 struct hci_conn *conn;
1397
1398 BT_DBG("%s status %d", hdev->name, ev->status);
1399
1400 hci_dev_lock(hdev);
1401
1402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1403 if (conn) {
1404 if (!ev->status) {
1405 if (ev->role)
1406 conn->link_mode &= ~HCI_LM_MASTER;
1407 else
1408 conn->link_mode |= HCI_LM_MASTER;
1409 }
1410
1411 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1412
1413 hci_role_switch_cfm(conn, ev->status, ev->role);
1414 }
1415
1416 hci_dev_unlock(hdev);
1417}
1418
1419static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1420{
1421 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1422 __le16 *ptr;
1423 int i;
1424
1425 skb_pull(skb, sizeof(*ev));
1426
1427 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1428
1429 if (skb->len < ev->num_hndl * 4) {
1430 BT_DBG("%s bad parameters", hdev->name);
1431 return;
1432 }
1433
1434 tasklet_disable(&hdev->tx_task);
1435
1436 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1437 struct hci_conn *conn;
1438 __u16 handle, count;
1439
1440 handle = get_unaligned_le16(ptr++);
1441 count = get_unaligned_le16(ptr++);
1442
1443 conn = hci_conn_hash_lookup_handle(hdev, handle);
1444 if (conn) {
1445 conn->sent -= count;
1446
1447 if (conn->type == ACL_LINK) {
1448 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1449 hdev->acl_cnt = hdev->acl_pkts;
1450 } else {
1451 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1452 hdev->sco_cnt = hdev->sco_pkts;
1453 }
1454 }
1455 }
1456
1457 hci_sched_tx(hdev);
1458
1459 tasklet_enable(&hdev->tx_task);
1460}
1461
1462static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1463{
1464 struct hci_ev_mode_change *ev = (void *) skb->data;
1465 struct hci_conn *conn;
1466
1467 BT_DBG("%s status %d", hdev->name, ev->status);
1468
1469 hci_dev_lock(hdev);
1470
1471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1472 if (conn) {
1473 conn->mode = ev->mode;
1474 conn->interval = __le16_to_cpu(ev->interval);
1475
1476 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1477 if (conn->mode == HCI_CM_ACTIVE)
1478 conn->power_save = 1;
1479 else
1480 conn->power_save = 0;
1481 }
1482 }
1483
1484 hci_dev_unlock(hdev);
1485}
1486
1487static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1488{
1489 struct hci_ev_pin_code_req *ev = (void *) skb->data;
1490 struct hci_conn *conn;
1491
1492 BT_DBG("%s", hdev->name);
1493
1494 hci_dev_lock(hdev);
1495
1496 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1497 if (conn && conn->state == BT_CONNECTED) {
1498 hci_conn_hold(conn);
1499 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1500 hci_conn_put(conn);
1501 }
1502
1503 hci_dev_unlock(hdev);
1504}
1505
1506static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1507{
1508 BT_DBG("%s", hdev->name);
1509}
1510
1511static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1512{
1513 struct hci_ev_link_key_notify *ev = (void *) skb->data;
1514 struct hci_conn *conn;
1515
1516 BT_DBG("%s", hdev->name);
1517
1518 hci_dev_lock(hdev);
1519
1520 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1521 if (conn) {
1522 hci_conn_hold(conn);
1523 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1524 hci_conn_put(conn);
1525 }
1526
1527 hci_dev_unlock(hdev);
1528}
1529
1530static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1531{
1532 struct hci_ev_clock_offset *ev = (void *) skb->data;
1533 struct hci_conn *conn;
1534
1535 BT_DBG("%s status %d", hdev->name, ev->status);
1536
1537 hci_dev_lock(hdev);
1538
1539 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1540 if (conn && !ev->status) {
1541 struct inquiry_entry *ie;
1542
1543 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1544 ie->data.clock_offset = ev->clock_offset;
1545 ie->timestamp = jiffies;
1546 }
1547 }
1548
1549 hci_dev_unlock(hdev);
1550}
1551
1552static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1553{
1554 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1555 struct hci_conn *conn;
1556
1557 BT_DBG("%s status %d", hdev->name, ev->status);
1558
1559 hci_dev_lock(hdev);
1560
1561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1562 if (conn && !ev->status)
1563 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1564
1565 hci_dev_unlock(hdev);
1566}
1567
1568static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1569{
1570 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1571 struct inquiry_entry *ie;
1572
1573 BT_DBG("%s", hdev->name);
1574
1575 hci_dev_lock(hdev);
1576
1577 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1578 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1579 ie->timestamp = jiffies;
1580 }
1581
1582 hci_dev_unlock(hdev);
1583}
1584
1585static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1586{
1587 struct inquiry_data data;
1588 int num_rsp = *((__u8 *) skb->data);
1589
1590 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1591
1592 if (!num_rsp)
1593 return;
1594
1595 hci_dev_lock(hdev);
1596
1597 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1598 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1599
1600 for (; num_rsp; num_rsp--) {
1601 bacpy(&data.bdaddr, &info->bdaddr);
1602 data.pscan_rep_mode = info->pscan_rep_mode;
1603 data.pscan_period_mode = info->pscan_period_mode;
1604 data.pscan_mode = info->pscan_mode;
1605 memcpy(data.dev_class, info->dev_class, 3);
1606 data.clock_offset = info->clock_offset;
1607 data.rssi = info->rssi;
1608 data.ssp_mode = 0x00;
1609 info++;
1610 hci_inquiry_cache_update(hdev, &data);
1611 }
1612 } else {
1613 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1614
1615 for (; num_rsp; num_rsp--) {
1616 bacpy(&data.bdaddr, &info->bdaddr);
1617 data.pscan_rep_mode = info->pscan_rep_mode;
1618 data.pscan_period_mode = info->pscan_period_mode;
1619 data.pscan_mode = 0x00;
1620 memcpy(data.dev_class, info->dev_class, 3);
1621 data.clock_offset = info->clock_offset;
1622 data.rssi = info->rssi;
1623 data.ssp_mode = 0x00;
1624 info++;
1625 hci_inquiry_cache_update(hdev, &data);
1626 }
1627 }
1628
1629 hci_dev_unlock(hdev);
1630}
1631
1632static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1633{
1634 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1635 struct hci_conn *conn;
1636
1637 BT_DBG("%s", hdev->name);
1638
1639 hci_dev_lock(hdev);
1640
1641 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1642 if (conn) {
1643 if (!ev->status && ev->page == 0x01) {
1644 struct inquiry_entry *ie;
1645
1646 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1647 ie->data.ssp_mode = (ev->features[0] & 0x01);
1648
1649 conn->ssp_mode = (ev->features[0] & 0x01);
1650 }
1651
1652 if (conn->state == BT_CONFIG) {
1653 if (!ev->status && hdev->ssp_mode > 0 &&
1654 conn->ssp_mode > 0 && conn->out &&
1655 conn->sec_level != BT_SECURITY_SDP) {
1656 struct hci_cp_auth_requested cp;
1657 cp.handle = ev->handle;
1658 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1659 sizeof(cp), &cp);
1660 } else {
1661 conn->state = BT_CONNECTED;
1662 hci_proto_connect_cfm(conn, ev->status);
1663 hci_conn_put(conn);
1664 }
1665 }
1666 }
1667
1668 hci_dev_unlock(hdev);
1669}
1670
1671static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1672{
1673 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1674 struct hci_conn *conn;
1675
1676 BT_DBG("%s status %d", hdev->name, ev->status);
1677
1678 hci_dev_lock(hdev);
1679
1680 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1681 if (!conn) {
1682 if (ev->link_type == ESCO_LINK)
1683 goto unlock;
1684
1685 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1686 if (!conn)
1687 goto unlock;
1688
1689 conn->type = SCO_LINK;
1690 }
1691
1692 switch (ev->status) {
1693 case 0x00:
1694 conn->handle = __le16_to_cpu(ev->handle);
1695 conn->state = BT_CONNECTED;
1696
1697 hci_conn_hold_device(conn);
1698 hci_conn_add_sysfs(conn);
1699 break;
1700
1701 case 0x1c:
1702 case 0x1f:
1703 if (conn->out && conn->attempt < 2) {
1704 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1705 (hdev->esco_type & EDR_ESCO_MASK);
1706 hci_setup_sync(conn, conn->link->handle);
1707 goto unlock;
1708 }
1709
1710
1711 default:
1712 conn->state = BT_CLOSED;
1713 break;
1714 }
1715
1716 hci_proto_connect_cfm(conn, ev->status);
1717 if (ev->status)
1718 hci_conn_del(conn);
1719
1720unlock:
1721 hci_dev_unlock(hdev);
1722}
1723
1724static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1725{
1726 BT_DBG("%s", hdev->name);
1727}
1728
1729static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1730{
1731 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1732 struct hci_conn *conn;
1733
1734 BT_DBG("%s status %d", hdev->name, ev->status);
1735
1736 hci_dev_lock(hdev);
1737
1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1739 if (conn) {
1740 }
1741
1742 hci_dev_unlock(hdev);
1743}
1744
1745static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1746{
1747 struct inquiry_data data;
1748 struct extended_inquiry_info *info = (void *) (skb->data + 1);
1749 int num_rsp = *((__u8 *) skb->data);
1750
1751 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1752
1753 if (!num_rsp)
1754 return;
1755
1756 hci_dev_lock(hdev);
1757
1758 for (; num_rsp; num_rsp--) {
1759 bacpy(&data.bdaddr, &info->bdaddr);
1760 data.pscan_rep_mode = info->pscan_rep_mode;
1761 data.pscan_period_mode = info->pscan_period_mode;
1762 data.pscan_mode = 0x00;
1763 memcpy(data.dev_class, info->dev_class, 3);
1764 data.clock_offset = info->clock_offset;
1765 data.rssi = info->rssi;
1766 data.ssp_mode = 0x01;
1767 info++;
1768 hci_inquiry_cache_update(hdev, &data);
1769 }
1770
1771 hci_dev_unlock(hdev);
1772}
1773
1774static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1775{
1776 struct hci_ev_io_capa_request *ev = (void *) skb->data;
1777 struct hci_conn *conn;
1778
1779 BT_DBG("%s", hdev->name);
1780
1781 hci_dev_lock(hdev);
1782
1783 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1784 if (conn)
1785 hci_conn_hold(conn);
1786
1787 hci_dev_unlock(hdev);
1788}
1789
1790static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1791{
1792 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1793 struct hci_conn *conn;
1794
1795 BT_DBG("%s", hdev->name);
1796
1797 hci_dev_lock(hdev);
1798
1799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1800 if (conn)
1801 hci_conn_put(conn);
1802
1803 hci_dev_unlock(hdev);
1804}
1805
1806static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1807{
1808 struct hci_ev_remote_host_features *ev = (void *) skb->data;
1809 struct inquiry_entry *ie;
1810
1811 BT_DBG("%s", hdev->name);
1812
1813 hci_dev_lock(hdev);
1814
1815 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1816 ie->data.ssp_mode = (ev->features[0] & 0x01);
1817
1818 hci_dev_unlock(hdev);
1819}
1820
1821void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1822{
1823 struct hci_event_hdr *hdr = (void *) skb->data;
1824 __u8 event = hdr->evt;
1825
1826 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1827
1828 switch (event) {
1829 case HCI_EV_INQUIRY_COMPLETE:
1830 hci_inquiry_complete_evt(hdev, skb);
1831 break;
1832
1833 case HCI_EV_INQUIRY_RESULT:
1834 hci_inquiry_result_evt(hdev, skb);
1835 break;
1836
1837 case HCI_EV_CONN_COMPLETE:
1838 hci_conn_complete_evt(hdev, skb);
1839 break;
1840
1841 case HCI_EV_CONN_REQUEST:
1842 hci_conn_request_evt(hdev, skb);
1843 break;
1844
1845 case HCI_EV_DISCONN_COMPLETE:
1846 hci_disconn_complete_evt(hdev, skb);
1847 break;
1848
1849 case HCI_EV_AUTH_COMPLETE:
1850 hci_auth_complete_evt(hdev, skb);
1851 break;
1852
1853 case HCI_EV_REMOTE_NAME:
1854 hci_remote_name_evt(hdev, skb);
1855 break;
1856
1857 case HCI_EV_ENCRYPT_CHANGE:
1858 hci_encrypt_change_evt(hdev, skb);
1859 break;
1860
1861 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1862 hci_change_link_key_complete_evt(hdev, skb);
1863 break;
1864
1865 case HCI_EV_REMOTE_FEATURES:
1866 hci_remote_features_evt(hdev, skb);
1867 break;
1868
1869 case HCI_EV_REMOTE_VERSION:
1870 hci_remote_version_evt(hdev, skb);
1871 break;
1872
1873 case HCI_EV_QOS_SETUP_COMPLETE:
1874 hci_qos_setup_complete_evt(hdev, skb);
1875 break;
1876
1877 case HCI_EV_CMD_COMPLETE:
1878 hci_cmd_complete_evt(hdev, skb);
1879 break;
1880
1881 case HCI_EV_CMD_STATUS:
1882 hci_cmd_status_evt(hdev, skb);
1883 break;
1884
1885 case HCI_EV_ROLE_CHANGE:
1886 hci_role_change_evt(hdev, skb);
1887 break;
1888
1889 case HCI_EV_NUM_COMP_PKTS:
1890 hci_num_comp_pkts_evt(hdev, skb);
1891 break;
1892
1893 case HCI_EV_MODE_CHANGE:
1894 hci_mode_change_evt(hdev, skb);
1895 break;
1896
1897 case HCI_EV_PIN_CODE_REQ:
1898 hci_pin_code_request_evt(hdev, skb);
1899 break;
1900
1901 case HCI_EV_LINK_KEY_REQ:
1902 hci_link_key_request_evt(hdev, skb);
1903 break;
1904
1905 case HCI_EV_LINK_KEY_NOTIFY:
1906 hci_link_key_notify_evt(hdev, skb);
1907 break;
1908
1909 case HCI_EV_CLOCK_OFFSET:
1910 hci_clock_offset_evt(hdev, skb);
1911 break;
1912
1913 case HCI_EV_PKT_TYPE_CHANGE:
1914 hci_pkt_type_change_evt(hdev, skb);
1915 break;
1916
1917 case HCI_EV_PSCAN_REP_MODE:
1918 hci_pscan_rep_mode_evt(hdev, skb);
1919 break;
1920
1921 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1922 hci_inquiry_result_with_rssi_evt(hdev, skb);
1923 break;
1924
1925 case HCI_EV_REMOTE_EXT_FEATURES:
1926 hci_remote_ext_features_evt(hdev, skb);
1927 break;
1928
1929 case HCI_EV_SYNC_CONN_COMPLETE:
1930 hci_sync_conn_complete_evt(hdev, skb);
1931 break;
1932
1933 case HCI_EV_SYNC_CONN_CHANGED:
1934 hci_sync_conn_changed_evt(hdev, skb);
1935 break;
1936
1937 case HCI_EV_SNIFF_SUBRATE:
1938 hci_sniff_subrate_evt(hdev, skb);
1939 break;
1940
1941 case HCI_EV_EXTENDED_INQUIRY_RESULT:
1942 hci_extended_inquiry_result_evt(hdev, skb);
1943 break;
1944
1945 case HCI_EV_IO_CAPA_REQUEST:
1946 hci_io_capa_request_evt(hdev, skb);
1947 break;
1948
1949 case HCI_EV_SIMPLE_PAIR_COMPLETE:
1950 hci_simple_pair_complete_evt(hdev, skb);
1951 break;
1952
1953 case HCI_EV_REMOTE_HOST_FEATURES:
1954 hci_remote_host_features_evt(hdev, skb);
1955 break;
1956
1957 default:
1958 BT_DBG("%s event 0x%x", hdev->name, event);
1959 break;
1960 }
1961
1962 kfree_skb(skb);
1963 hdev->stat.evt_rx++;
1964}
1965
1966
1967void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1968{
1969 struct hci_event_hdr *hdr;
1970 struct hci_ev_stack_internal *ev;
1971 struct sk_buff *skb;
1972
1973 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1974 if (!skb)
1975 return;
1976
1977 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1978 hdr->evt = HCI_EV_STACK_INTERNAL;
1979 hdr->plen = sizeof(*ev) + dlen;
1980
1981 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
1982 ev->type = type;
1983 memcpy(ev->data, data, dlen);
1984
1985 bt_cb(skb)->incoming = 1;
1986 __net_timestamp(skb);
1987
1988 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1989 skb->dev = (void *) hdev;
1990 hci_send_to_sock(hdev, skb);
1991 kfree_skb(skb);
1992}
1993
