search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
xfs: fix acl count validation in xfs_acl_from_disk()
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / hci_event.c
blob01aa7e73d9bf0adca379f5654b77b71605b1b81c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 /* Handle HCI Event packets */
49
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 {
52 __u8 status = *((__u8 *) skb->data);
53
54 BT_DBG("%s status 0x%x", hdev->name, status);
55
56 if (status)
57 return;
58
59 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
60 test_bit(HCI_MGMT, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
62
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
64
65 hci_conn_check_pending(hdev);
66 }
67
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
69 {
70 __u8 status = *((__u8 *) skb->data);
71
72 BT_DBG("%s status 0x%x", hdev->name, status);
73
74 if (status)
75 return;
76
77 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
78 test_bit(HCI_MGMT, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
80
81 hci_conn_check_pending(hdev);
82 }
83
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85 {
86 BT_DBG("%s", hdev->name);
87 }
88
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90 {
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
107 }
108
109 hci_dev_unlock(hdev);
110 }
111
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113 {
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129 }
130
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
132 {
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
135 void *sent;
136
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
138
139 if (rp->status)
140 return;
141
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = get_unaligned_le16(sent + 2);
151
152 hci_dev_unlock(hdev);
153 }
154
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156 {
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165 }
166
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168 {
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 }
183
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185 {
186 __u8 status = *((__u8 *) skb->data);
187
188 BT_DBG("%s status 0x%x", hdev->name, status);
189
190 clear_bit(HCI_RESET, &hdev->flags);
191
192 hci_req_complete(hdev, HCI_OP_RESET, status);
193 }
194
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196 {
197 __u8 status = *((__u8 *) skb->data);
198 void *sent;
199
200 BT_DBG("%s status 0x%x", hdev->name, status);
201
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
203 if (!sent)
204 return;
205
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 }
214
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216 {
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
218
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
220
221 if (rp->status)
222 return;
223
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 }
226
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
228 {
229 __u8 status = *((__u8 *) skb->data);
230 void *sent;
231
232 BT_DBG("%s status 0x%x", hdev->name, status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
235 if (!sent)
236 return;
237
238 if (!status) {
239 __u8 param = *((__u8 *) sent);
240
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
243 else
244 clear_bit(HCI_AUTH, &hdev->flags);
245 }
246
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 }
249
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
251 {
252 __u8 status = *((__u8 *) skb->data);
253 void *sent;
254
255 BT_DBG("%s status 0x%x", hdev->name, status);
256
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
258 if (!sent)
259 return;
260
261 if (!status) {
262 __u8 param = *((__u8 *) sent);
263
264 if (param)
265 set_bit(HCI_ENCRYPT, &hdev->flags);
266 else
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 }
269
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 }
272
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274 {
275 __u8 status = *((__u8 *) skb->data);
276 void *sent;
277
278 BT_DBG("%s status 0x%x", hdev->name, status);
279
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
281 if (!sent)
282 return;
283
284 if (!status) {
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
287
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
290
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
297
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
304 }
305
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
307 }
308
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310 {
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
312
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
314
315 if (rp->status)
316 return;
317
318 memcpy(hdev->dev_class, rp->dev_class, 3);
319
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322 }
323
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325 {
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
328
329 BT_DBG("%s status 0x%x", hdev->name, status);
330
331 if (status)
332 return;
333
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
337
338 memcpy(hdev->dev_class, sent, 3);
339 }
340
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342 {
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
353 if (hdev->voice_setting == setting)
354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365 }
366
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368 {
369 __u8 status = *((__u8 *) skb->data);
370 __u16 setting;
371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
374
375 if (status)
376 return;
377
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
381
382 setting = get_unaligned_le16(sent);
383
384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
388
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
395 }
396 }
397
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
399 {
400 __u8 status = *((__u8 *) skb->data);
401
402 BT_DBG("%s status 0x%x", hdev->name, status);
403
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
405 }
406
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408 {
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417 }
418
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420 {
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434 }
435
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437 {
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462 }
463
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465 {
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471 }
472
473 static void hci_setup_event_mask(struct hci_dev *hdev)
474 {
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526 }
527
528 static void hci_setup(struct hci_dev *hdev)
529 {
530 hci_setup_event_mask(hdev);
531
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 u8 mode = 0x01;
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 }
539
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
542
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545 }
546
547 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
548 {
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
550
551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
552
553 if (rp->status)
554 return;
555
556 hdev->hci_ver = rp->hci_ver;
557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
558 hdev->lmp_ver = rp->lmp_ver;
559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
561
562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
563 hdev->manufacturer,
564 hdev->hci_ver, hdev->hci_rev);
565
566 if (test_bit(HCI_INIT, &hdev->flags))
567 hci_setup(hdev);
568 }
569
570 static void hci_setup_link_policy(struct hci_dev *hdev)
571 {
572 u16 link_policy = 0;
573
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
582
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
586 }
587
588 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
589 {
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
591
592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
593
594 if (rp->status)
595 goto done;
596
597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
598
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
601
602 done:
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
604 }
605
606 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
607 {
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
609
610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
611
612 if (rp->status)
613 return;
614
615 memcpy(hdev->features, rp->features, 8);
616
617 /* Adjust default settings according to features
618 * supported by device. */
619
620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
622
623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
625
626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
629 }
630
631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
634 }
635
636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
638
639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
641
642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
644
645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
647
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
650
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
653
654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
659 }
660
661 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
662 {
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
664
665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666
667 if (rp->status)
668 return;
669
670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
674
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
676 hdev->sco_mtu = 64;
677 hdev->sco_pkts = 8;
678 }
679
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
682
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
686 }
687
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
689 {
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
691
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693
694 if (!rp->status)
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
696
697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698 }
699
700 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
701 {
702 __u8 status = *((__u8 *) skb->data);
703
704 BT_DBG("%s status 0x%x", hdev->name, status);
705
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
707 }
708
709 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 struct sk_buff *skb)
711 {
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717 }
718
719 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
720 {
721 __u8 status = *((__u8 *) skb->data);
722
723 BT_DBG("%s status 0x%x", hdev->name, status);
724
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726 }
727
728 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 struct sk_buff *skb)
730 {
731 __u8 status = *((__u8 *) skb->data);
732
733 BT_DBG("%s status 0x%x", hdev->name, status);
734
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736 }
737
738 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 struct sk_buff *skb)
740 {
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746 }
747
748 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
749 {
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755 }
756
757 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
758 {
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
767
768 if (rp->status != 0)
769 return;
770
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
772 if (!cp)
773 return;
774
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
776 if (conn)
777 conn->pin_length = cp->pin_len;
778 }
779
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781 {
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 rp->status);
789 }
790 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct sk_buff *skb)
792 {
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (rp->status)
798 return;
799
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
802
803 hdev->le_cnt = hdev->le_pkts;
804
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808 }
809
810 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
811 {
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
818 rp->status);
819 }
820
821 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct sk_buff *skb)
823 {
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831 }
832
833 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct sk_buff *skb)
835 {
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
842 }
843
844 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
845 {
846 BT_DBG("%s status 0x%x", hdev->name, status);
847
848 if (status) {
849 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
850 hci_conn_check_pending(hdev);
851 return;
852 }
853
854 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags) &&
855 test_bit(HCI_MGMT, &hdev->flags))
856 mgmt_discovering(hdev->id, 1);
857 }
858
859 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
860 {
861 struct hci_cp_create_conn *cp;
862 struct hci_conn *conn;
863
864 BT_DBG("%s status 0x%x", hdev->name, status);
865
866 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
867 if (!cp)
868 return;
869
870 hci_dev_lock(hdev);
871
872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
873
874 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
875
876 if (status) {
877 if (conn && conn->state == BT_CONNECT) {
878 if (status != 0x0c || conn->attempt > 2) {
879 conn->state = BT_CLOSED;
880 hci_proto_connect_cfm(conn, status);
881 hci_conn_del(conn);
882 } else
883 conn->state = BT_CONNECT2;
884 }
885 } else {
886 if (!conn) {
887 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
888 if (conn) {
889 conn->out = 1;
890 conn->link_mode |= HCI_LM_MASTER;
891 } else
892 BT_ERR("No memory for new connection");
893 }
894 }
895
896 hci_dev_unlock(hdev);
897 }
898
899 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
900 {
901 struct hci_cp_add_sco *cp;
902 struct hci_conn *acl, *sco;
903 __u16 handle;
904
905 BT_DBG("%s status 0x%x", hdev->name, status);
906
907 if (!status)
908 return;
909
910 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
911 if (!cp)
912 return;
913
914 handle = __le16_to_cpu(cp->handle);
915
916 BT_DBG("%s handle %d", hdev->name, handle);
917
918 hci_dev_lock(hdev);
919
920 acl = hci_conn_hash_lookup_handle(hdev, handle);
921 if (acl) {
922 sco = acl->link;
923 if (sco) {
924 sco->state = BT_CLOSED;
925
926 hci_proto_connect_cfm(sco, status);
927 hci_conn_del(sco);
928 }
929 }
930
931 hci_dev_unlock(hdev);
932 }
933
934 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
935 {
936 struct hci_cp_auth_requested *cp;
937 struct hci_conn *conn;
938
939 BT_DBG("%s status 0x%x", hdev->name, status);
940
941 if (!status)
942 return;
943
944 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
945 if (!cp)
946 return;
947
948 hci_dev_lock(hdev);
949
950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
951 if (conn) {
952 if (conn->state == BT_CONFIG) {
953 hci_proto_connect_cfm(conn, status);
954 hci_conn_put(conn);
955 }
956 }
957
958 hci_dev_unlock(hdev);
959 }
960
961 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
962 {
963 struct hci_cp_set_conn_encrypt *cp;
964 struct hci_conn *conn;
965
966 BT_DBG("%s status 0x%x", hdev->name, status);
967
968 if (!status)
969 return;
970
971 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
972 if (!cp)
973 return;
974
975 hci_dev_lock(hdev);
976
977 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
978 if (conn) {
979 if (conn->state == BT_CONFIG) {
980 hci_proto_connect_cfm(conn, status);
981 hci_conn_put(conn);
982 }
983 }
984
985 hci_dev_unlock(hdev);
986 }
987
988 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
989 struct hci_conn *conn)
990 {
991 if (conn->state != BT_CONFIG || !conn->out)
992 return 0;
993
994 if (conn->pending_sec_level == BT_SECURITY_SDP)
995 return 0;
996
997 /* Only request authentication for SSP connections or non-SSP
998 * devices with sec_level HIGH */
999 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1000 conn->pending_sec_level != BT_SECURITY_HIGH)
1001 return 0;
1002
1003 return 1;
1004 }
1005
1006 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1007 {
1008 struct hci_cp_remote_name_req *cp;
1009 struct hci_conn *conn;
1010
1011 BT_DBG("%s status 0x%x", hdev->name, status);
1012
1013 /* If successful wait for the name req complete event before
1014 * checking for the need to do authentication */
1015 if (!status)
1016 return;
1017
1018 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1019 if (!cp)
1020 return;
1021
1022 hci_dev_lock(hdev);
1023
1024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1025 if (!conn)
1026 goto unlock;
1027
1028 if (!hci_outgoing_auth_needed(hdev, conn))
1029 goto unlock;
1030
1031 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1032 struct hci_cp_auth_requested cp;
1033 cp.handle = __cpu_to_le16(conn->handle);
1034 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1035 }
1036
1037 unlock:
1038 hci_dev_unlock(hdev);
1039 }
1040
1041 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1042 {
1043 struct hci_cp_read_remote_features *cp;
1044 struct hci_conn *conn;
1045
1046 BT_DBG("%s status 0x%x", hdev->name, status);
1047
1048 if (!status)
1049 return;
1050
1051 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1052 if (!cp)
1053 return;
1054
1055 hci_dev_lock(hdev);
1056
1057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1058 if (conn) {
1059 if (conn->state == BT_CONFIG) {
1060 hci_proto_connect_cfm(conn, status);
1061 hci_conn_put(conn);
1062 }
1063 }
1064
1065 hci_dev_unlock(hdev);
1066 }
1067
1068 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1069 {
1070 struct hci_cp_read_remote_ext_features *cp;
1071 struct hci_conn *conn;
1072
1073 BT_DBG("%s status 0x%x", hdev->name, status);
1074
1075 if (!status)
1076 return;
1077
1078 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1079 if (!cp)
1080 return;
1081
1082 hci_dev_lock(hdev);
1083
1084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1085 if (conn) {
1086 if (conn->state == BT_CONFIG) {
1087 hci_proto_connect_cfm(conn, status);
1088 hci_conn_put(conn);
1089 }
1090 }
1091
1092 hci_dev_unlock(hdev);
1093 }
1094
1095 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1096 {
1097 struct hci_cp_setup_sync_conn *cp;
1098 struct hci_conn *acl, *sco;
1099 __u16 handle;
1100
1101 BT_DBG("%s status 0x%x", hdev->name, status);
1102
1103 if (!status)
1104 return;
1105
1106 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1107 if (!cp)
1108 return;
1109
1110 handle = __le16_to_cpu(cp->handle);
1111
1112 BT_DBG("%s handle %d", hdev->name, handle);
1113
1114 hci_dev_lock(hdev);
1115
1116 acl = hci_conn_hash_lookup_handle(hdev, handle);
1117 if (acl) {
1118 sco = acl->link;
1119 if (sco) {
1120 sco->state = BT_CLOSED;
1121
1122 hci_proto_connect_cfm(sco, status);
1123 hci_conn_del(sco);
1124 }
1125 }
1126
1127 hci_dev_unlock(hdev);
1128 }
1129
1130 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1131 {
1132 struct hci_cp_sniff_mode *cp;
1133 struct hci_conn *conn;
1134
1135 BT_DBG("%s status 0x%x", hdev->name, status);
1136
1137 if (!status)
1138 return;
1139
1140 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1141 if (!cp)
1142 return;
1143
1144 hci_dev_lock(hdev);
1145
1146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1147 if (conn) {
1148 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1149
1150 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1151 hci_sco_setup(conn, status);
1152 }
1153
1154 hci_dev_unlock(hdev);
1155 }
1156
1157 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1158 {
1159 struct hci_cp_exit_sniff_mode *cp;
1160 struct hci_conn *conn;
1161
1162 BT_DBG("%s status 0x%x", hdev->name, status);
1163
1164 if (!status)
1165 return;
1166
1167 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1168 if (!cp)
1169 return;
1170
1171 hci_dev_lock(hdev);
1172
1173 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1174 if (conn) {
1175 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1176
1177 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1178 hci_sco_setup(conn, status);
1179 }
1180
1181 hci_dev_unlock(hdev);
1182 }
1183
1184 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1185 {
1186 struct hci_cp_le_create_conn *cp;
1187 struct hci_conn *conn;
1188
1189 BT_DBG("%s status 0x%x", hdev->name, status);
1190
1191 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1192 if (!cp)
1193 return;
1194
1195 hci_dev_lock(hdev);
1196
1197 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1198
1199 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1200 conn);
1201
1202 if (status) {
1203 if (conn && conn->state == BT_CONNECT) {
1204 conn->state = BT_CLOSED;
1205 hci_proto_connect_cfm(conn, status);
1206 hci_conn_del(conn);
1207 }
1208 } else {
1209 if (!conn) {
1210 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1211 if (conn)
1212 conn->out = 1;
1213 else
1214 BT_ERR("No memory for new connection");
1215 }
1216 }
1217
1218 hci_dev_unlock(hdev);
1219 }
1220
1221 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1222 {
1223 __u8 status = *((__u8 *) skb->data);
1224
1225 BT_DBG("%s status %d", hdev->name, status);
1226
1227 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
1228 test_bit(HCI_MGMT, &hdev->flags))
1229 mgmt_discovering(hdev->id, 0);
1230
1231 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1232
1233 hci_conn_check_pending(hdev);
1234 }
1235
1236 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1237 {
1238 struct inquiry_data data;
1239 struct inquiry_info *info = (void *) (skb->data + 1);
1240 int num_rsp = *((__u8 *) skb->data);
1241
1242 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1243
1244 if (!num_rsp)
1245 return;
1246
1247 hci_dev_lock(hdev);
1248
1249 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1250
1251 if (test_bit(HCI_MGMT, &hdev->flags))
1252 mgmt_discovering(hdev->id, 1);
1253 }
1254
1255 for (; num_rsp; num_rsp--, info++) {
1256 bacpy(&data.bdaddr, &info->bdaddr);
1257 data.pscan_rep_mode = info->pscan_rep_mode;
1258 data.pscan_period_mode = info->pscan_period_mode;
1259 data.pscan_mode = info->pscan_mode;
1260 memcpy(data.dev_class, info->dev_class, 3);
1261 data.clock_offset = info->clock_offset;
1262 data.rssi = 0x00;
1263 data.ssp_mode = 0x00;
1264 hci_inquiry_cache_update(hdev, &data);
1265 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1266 NULL);
1267 }
1268
1269 hci_dev_unlock(hdev);
1270 }
1271
1272 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1273 {
1274 struct hci_ev_conn_complete *ev = (void *) skb->data;
1275 struct hci_conn *conn;
1276
1277 BT_DBG("%s", hdev->name);
1278
1279 hci_dev_lock(hdev);
1280
1281 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1282 if (!conn) {
1283 if (ev->link_type != SCO_LINK)
1284 goto unlock;
1285
1286 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1287 if (!conn)
1288 goto unlock;
1289
1290 conn->type = SCO_LINK;
1291 }
1292
1293 if (!ev->status) {
1294 conn->handle = __le16_to_cpu(ev->handle);
1295
1296 if (conn->type == ACL_LINK) {
1297 conn->state = BT_CONFIG;
1298 hci_conn_hold(conn);
1299 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1300 mgmt_connected(hdev->id, &ev->bdaddr);
1301 } else
1302 conn->state = BT_CONNECTED;
1303
1304 hci_conn_hold_device(conn);
1305 hci_conn_add_sysfs(conn);
1306
1307 if (test_bit(HCI_AUTH, &hdev->flags))
1308 conn->link_mode |= HCI_LM_AUTH;
1309
1310 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1311 conn->link_mode |= HCI_LM_ENCRYPT;
1312
1313 /* Get remote features */
1314 if (conn->type == ACL_LINK) {
1315 struct hci_cp_read_remote_features cp;
1316 cp.handle = ev->handle;
1317 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1318 sizeof(cp), &cp);
1319 }
1320
1321 /* Set packet type for incoming connection */
1322 if (!conn->out && hdev->hci_ver < 3) {
1323 struct hci_cp_change_conn_ptype cp;
1324 cp.handle = ev->handle;
1325 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1326 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1327 sizeof(cp), &cp);
1328 }
1329 } else {
1330 conn->state = BT_CLOSED;
1331 if (conn->type == ACL_LINK)
1332 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1333 }
1334
1335 if (conn->type == ACL_LINK)
1336 hci_sco_setup(conn, ev->status);
1337
1338 if (ev->status) {
1339 hci_proto_connect_cfm(conn, ev->status);
1340 hci_conn_del(conn);
1341 } else if (ev->link_type != ACL_LINK)
1342 hci_proto_connect_cfm(conn, ev->status);
1343
1344 unlock:
1345 hci_dev_unlock(hdev);
1346
1347 hci_conn_check_pending(hdev);
1348 }
1349
1350 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1351 {
1352 struct hci_ev_conn_request *ev = (void *) skb->data;
1353 int mask = hdev->link_mode;
1354
1355 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1356 batostr(&ev->bdaddr), ev->link_type);
1357
1358 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1359
1360 if ((mask & HCI_LM_ACCEPT) &&
1361 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1362 /* Connection accepted */
1363 struct inquiry_entry *ie;
1364 struct hci_conn *conn;
1365
1366 hci_dev_lock(hdev);
1367
1368 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1369 if (ie)
1370 memcpy(ie->data.dev_class, ev->dev_class, 3);
1371
1372 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1373 if (!conn) {
1374 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1375 if (!conn) {
1376 BT_ERR("No memory for new connection");
1377 hci_dev_unlock(hdev);
1378 return;
1379 }
1380 }
1381
1382 memcpy(conn->dev_class, ev->dev_class, 3);
1383 conn->state = BT_CONNECT;
1384
1385 hci_dev_unlock(hdev);
1386
1387 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1388 struct hci_cp_accept_conn_req cp;
1389
1390 bacpy(&cp.bdaddr, &ev->bdaddr);
1391
1392 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1393 cp.role = 0x00; /* Become master */
1394 else
1395 cp.role = 0x01; /* Remain slave */
1396
1397 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1398 sizeof(cp), &cp);
1399 } else {
1400 struct hci_cp_accept_sync_conn_req cp;
1401
1402 bacpy(&cp.bdaddr, &ev->bdaddr);
1403 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1404
1405 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1406 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1407 cp.max_latency = cpu_to_le16(0xffff);
1408 cp.content_format = cpu_to_le16(hdev->voice_setting);
1409 cp.retrans_effort = 0xff;
1410
1411 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1412 sizeof(cp), &cp);
1413 }
1414 } else {
1415 /* Connection rejected */
1416 struct hci_cp_reject_conn_req cp;
1417
1418 bacpy(&cp.bdaddr, &ev->bdaddr);
1419 cp.reason = 0x0f;
1420 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1421 }
1422 }
1423
1424 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1425 {
1426 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1427 struct hci_conn *conn;
1428
1429 BT_DBG("%s status %d", hdev->name, ev->status);
1430
1431 if (ev->status) {
1432 mgmt_disconnect_failed(hdev->id);
1433 return;
1434 }
1435
1436 hci_dev_lock(hdev);
1437
1438 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1439 if (!conn)
1440 goto unlock;
1441
1442 conn->state = BT_CLOSED;
1443
1444 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1445 mgmt_disconnected(hdev->id, &conn->dst);
1446
1447 hci_proto_disconn_cfm(conn, ev->reason);
1448 hci_conn_del(conn);
1449
1450 unlock:
1451 hci_dev_unlock(hdev);
1452 }
1453
1454 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1455 {
1456 struct hci_ev_auth_complete *ev = (void *) skb->data;
1457 struct hci_conn *conn;
1458
1459 BT_DBG("%s status %d", hdev->name, ev->status);
1460
1461 hci_dev_lock(hdev);
1462
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1464 if (conn) {
1465 if (!ev->status) {
1466 conn->link_mode |= HCI_LM_AUTH;
1467 conn->sec_level = conn->pending_sec_level;
1468 } else {
1469 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1470 }
1471
1472 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1473
1474 if (conn->state == BT_CONFIG) {
1475 if (!ev->status && hdev->ssp_mode > 0 &&
1476 conn->ssp_mode > 0) {
1477 struct hci_cp_set_conn_encrypt cp;
1478 cp.handle = ev->handle;
1479 cp.encrypt = 0x01;
1480 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1481 sizeof(cp), &cp);
1482 } else {
1483 conn->state = BT_CONNECTED;
1484 hci_proto_connect_cfm(conn, ev->status);
1485 hci_conn_put(conn);
1486 }
1487 } else {
1488 hci_auth_cfm(conn, ev->status);
1489
1490 hci_conn_hold(conn);
1491 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1492 hci_conn_put(conn);
1493 }
1494
1495 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1496 if (!ev->status) {
1497 struct hci_cp_set_conn_encrypt cp;
1498 cp.handle = ev->handle;
1499 cp.encrypt = 0x01;
1500 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1501 sizeof(cp), &cp);
1502 } else {
1503 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1504 hci_encrypt_cfm(conn, ev->status, 0x00);
1505 }
1506 }
1507 }
1508
1509 hci_dev_unlock(hdev);
1510 }
1511
1512 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1513 {
1514 struct hci_ev_remote_name *ev = (void *) skb->data;
1515 struct hci_conn *conn;
1516
1517 BT_DBG("%s", hdev->name);
1518
1519 hci_conn_check_pending(hdev);
1520
1521 hci_dev_lock(hdev);
1522
1523 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1524 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1525
1526 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1527 if (!conn)
1528 goto unlock;
1529
1530 if (!hci_outgoing_auth_needed(hdev, conn))
1531 goto unlock;
1532
1533 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1534 struct hci_cp_auth_requested cp;
1535 cp.handle = __cpu_to_le16(conn->handle);
1536 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1537 }
1538
1539 unlock:
1540 hci_dev_unlock(hdev);
1541 }
1542
1543 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1544 {
1545 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1546 struct hci_conn *conn;
1547
1548 BT_DBG("%s status %d", hdev->name, ev->status);
1549
1550 hci_dev_lock(hdev);
1551
1552 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1553 if (conn) {
1554 if (!ev->status) {
1555 if (ev->encrypt) {
1556 /* Encryption implies authentication */
1557 conn->link_mode |= HCI_LM_AUTH;
1558 conn->link_mode |= HCI_LM_ENCRYPT;
1559 } else
1560 conn->link_mode &= ~HCI_LM_ENCRYPT;
1561 }
1562
1563 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1564
1565 if (conn->state == BT_CONFIG) {
1566 if (!ev->status)
1567 conn->state = BT_CONNECTED;
1568
1569 hci_proto_connect_cfm(conn, ev->status);
1570 hci_conn_put(conn);
1571 } else
1572 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1573 }
1574
1575 hci_dev_unlock(hdev);
1576 }
1577
1578 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1579 {
1580 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1581 struct hci_conn *conn;
1582
1583 BT_DBG("%s status %d", hdev->name, ev->status);
1584
1585 hci_dev_lock(hdev);
1586
1587 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1588 if (conn) {
1589 if (!ev->status)
1590 conn->link_mode |= HCI_LM_SECURE;
1591
1592 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1593
1594 hci_key_change_cfm(conn, ev->status);
1595 }
1596
1597 hci_dev_unlock(hdev);
1598 }
1599
1600 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1601 {
1602 struct hci_ev_remote_features *ev = (void *) skb->data;
1603 struct hci_conn *conn;
1604
1605 BT_DBG("%s status %d", hdev->name, ev->status);
1606
1607 hci_dev_lock(hdev);
1608
1609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1610 if (!conn)
1611 goto unlock;
1612
1613 if (!ev->status)
1614 memcpy(conn->features, ev->features, 8);
1615
1616 if (conn->state != BT_CONFIG)
1617 goto unlock;
1618
1619 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1620 struct hci_cp_read_remote_ext_features cp;
1621 cp.handle = ev->handle;
1622 cp.page = 0x01;
1623 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1624 sizeof(cp), &cp);
1625 goto unlock;
1626 }
1627
1628 if (!ev->status) {
1629 struct hci_cp_remote_name_req cp;
1630 memset(&cp, 0, sizeof(cp));
1631 bacpy(&cp.bdaddr, &conn->dst);
1632 cp.pscan_rep_mode = 0x02;
1633 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1634 }
1635
1636 if (!hci_outgoing_auth_needed(hdev, conn)) {
1637 conn->state = BT_CONNECTED;
1638 hci_proto_connect_cfm(conn, ev->status);
1639 hci_conn_put(conn);
1640 }
1641
1642 unlock:
1643 hci_dev_unlock(hdev);
1644 }
1645
1646 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1647 {
1648 BT_DBG("%s", hdev->name);
1649 }
1650
1651 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1652 {
1653 BT_DBG("%s", hdev->name);
1654 }
1655
1656 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1657 {
1658 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1659 __u16 opcode;
1660
1661 skb_pull(skb, sizeof(*ev));
1662
1663 opcode = __le16_to_cpu(ev->opcode);
1664
1665 switch (opcode) {
1666 case HCI_OP_INQUIRY_CANCEL:
1667 hci_cc_inquiry_cancel(hdev, skb);
1668 break;
1669
1670 case HCI_OP_EXIT_PERIODIC_INQ:
1671 hci_cc_exit_periodic_inq(hdev, skb);
1672 break;
1673
1674 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1675 hci_cc_remote_name_req_cancel(hdev, skb);
1676 break;
1677
1678 case HCI_OP_ROLE_DISCOVERY:
1679 hci_cc_role_discovery(hdev, skb);
1680 break;
1681
1682 case HCI_OP_READ_LINK_POLICY:
1683 hci_cc_read_link_policy(hdev, skb);
1684 break;
1685
1686 case HCI_OP_WRITE_LINK_POLICY:
1687 hci_cc_write_link_policy(hdev, skb);
1688 break;
1689
1690 case HCI_OP_READ_DEF_LINK_POLICY:
1691 hci_cc_read_def_link_policy(hdev, skb);
1692 break;
1693
1694 case HCI_OP_WRITE_DEF_LINK_POLICY:
1695 hci_cc_write_def_link_policy(hdev, skb);
1696 break;
1697
1698 case HCI_OP_RESET:
1699 hci_cc_reset(hdev, skb);
1700 break;
1701
1702 case HCI_OP_WRITE_LOCAL_NAME:
1703 hci_cc_write_local_name(hdev, skb);
1704 break;
1705
1706 case HCI_OP_READ_LOCAL_NAME:
1707 hci_cc_read_local_name(hdev, skb);
1708 break;
1709
1710 case HCI_OP_WRITE_AUTH_ENABLE:
1711 hci_cc_write_auth_enable(hdev, skb);
1712 break;
1713
1714 case HCI_OP_WRITE_ENCRYPT_MODE:
1715 hci_cc_write_encrypt_mode(hdev, skb);
1716 break;
1717
1718 case HCI_OP_WRITE_SCAN_ENABLE:
1719 hci_cc_write_scan_enable(hdev, skb);
1720 break;
1721
1722 case HCI_OP_READ_CLASS_OF_DEV:
1723 hci_cc_read_class_of_dev(hdev, skb);
1724 break;
1725
1726 case HCI_OP_WRITE_CLASS_OF_DEV:
1727 hci_cc_write_class_of_dev(hdev, skb);
1728 break;
1729
1730 case HCI_OP_READ_VOICE_SETTING:
1731 hci_cc_read_voice_setting(hdev, skb);
1732 break;
1733
1734 case HCI_OP_WRITE_VOICE_SETTING:
1735 hci_cc_write_voice_setting(hdev, skb);
1736 break;
1737
1738 case HCI_OP_HOST_BUFFER_SIZE:
1739 hci_cc_host_buffer_size(hdev, skb);
1740 break;
1741
1742 case HCI_OP_READ_SSP_MODE:
1743 hci_cc_read_ssp_mode(hdev, skb);
1744 break;
1745
1746 case HCI_OP_WRITE_SSP_MODE:
1747 hci_cc_write_ssp_mode(hdev, skb);
1748 break;
1749
1750 case HCI_OP_READ_LOCAL_VERSION:
1751 hci_cc_read_local_version(hdev, skb);
1752 break;
1753
1754 case HCI_OP_READ_LOCAL_COMMANDS:
1755 hci_cc_read_local_commands(hdev, skb);
1756 break;
1757
1758 case HCI_OP_READ_LOCAL_FEATURES:
1759 hci_cc_read_local_features(hdev, skb);
1760 break;
1761
1762 case HCI_OP_READ_BUFFER_SIZE:
1763 hci_cc_read_buffer_size(hdev, skb);
1764 break;
1765
1766 case HCI_OP_READ_BD_ADDR:
1767 hci_cc_read_bd_addr(hdev, skb);
1768 break;
1769
1770 case HCI_OP_WRITE_CA_TIMEOUT:
1771 hci_cc_write_ca_timeout(hdev, skb);
1772 break;
1773
1774 case HCI_OP_DELETE_STORED_LINK_KEY:
1775 hci_cc_delete_stored_link_key(hdev, skb);
1776 break;
1777
1778 case HCI_OP_SET_EVENT_MASK:
1779 hci_cc_set_event_mask(hdev, skb);
1780 break;
1781
1782 case HCI_OP_WRITE_INQUIRY_MODE:
1783 hci_cc_write_inquiry_mode(hdev, skb);
1784 break;
1785
1786 case HCI_OP_READ_INQ_RSP_TX_POWER:
1787 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1788 break;
1789
1790 case HCI_OP_SET_EVENT_FLT:
1791 hci_cc_set_event_flt(hdev, skb);
1792 break;
1793
1794 case HCI_OP_PIN_CODE_REPLY:
1795 hci_cc_pin_code_reply(hdev, skb);
1796 break;
1797
1798 case HCI_OP_PIN_CODE_NEG_REPLY:
1799 hci_cc_pin_code_neg_reply(hdev, skb);
1800 break;
1801
1802 case HCI_OP_READ_LOCAL_OOB_DATA:
1803 hci_cc_read_local_oob_data_reply(hdev, skb);
1804 break;
1805
1806 case HCI_OP_LE_READ_BUFFER_SIZE:
1807 hci_cc_le_read_buffer_size(hdev, skb);
1808 break;
1809
1810 case HCI_OP_USER_CONFIRM_REPLY:
1811 hci_cc_user_confirm_reply(hdev, skb);
1812 break;
1813
1814 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1815 hci_cc_user_confirm_neg_reply(hdev, skb);
1816 break;
1817
1818 default:
1819 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1820 break;
1821 }
1822
1823 if (ev->opcode != HCI_OP_NOP)
1824 del_timer(&hdev->cmd_timer);
1825
1826 if (ev->ncmd) {
1827 atomic_set(&hdev->cmd_cnt, 1);
1828 if (!skb_queue_empty(&hdev->cmd_q))
1829 tasklet_schedule(&hdev->cmd_task);
1830 }
1831 }
1832
1833 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1834 {
1835 struct hci_ev_cmd_status *ev = (void *) skb->data;
1836 __u16 opcode;
1837
1838 skb_pull(skb, sizeof(*ev));
1839
1840 opcode = __le16_to_cpu(ev->opcode);
1841
1842 switch (opcode) {
1843 case HCI_OP_INQUIRY:
1844 hci_cs_inquiry(hdev, ev->status);
1845 break;
1846
1847 case HCI_OP_CREATE_CONN:
1848 hci_cs_create_conn(hdev, ev->status);
1849 break;
1850
1851 case HCI_OP_ADD_SCO:
1852 hci_cs_add_sco(hdev, ev->status);
1853 break;
1854
1855 case HCI_OP_AUTH_REQUESTED:
1856 hci_cs_auth_requested(hdev, ev->status);
1857 break;
1858
1859 case HCI_OP_SET_CONN_ENCRYPT:
1860 hci_cs_set_conn_encrypt(hdev, ev->status);
1861 break;
1862
1863 case HCI_OP_REMOTE_NAME_REQ:
1864 hci_cs_remote_name_req(hdev, ev->status);
1865 break;
1866
1867 case HCI_OP_READ_REMOTE_FEATURES:
1868 hci_cs_read_remote_features(hdev, ev->status);
1869 break;
1870
1871 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1872 hci_cs_read_remote_ext_features(hdev, ev->status);
1873 break;
1874
1875 case HCI_OP_SETUP_SYNC_CONN:
1876 hci_cs_setup_sync_conn(hdev, ev->status);
1877 break;
1878
1879 case HCI_OP_SNIFF_MODE:
1880 hci_cs_sniff_mode(hdev, ev->status);
1881 break;
1882
1883 case HCI_OP_EXIT_SNIFF_MODE:
1884 hci_cs_exit_sniff_mode(hdev, ev->status);
1885 break;
1886
1887 case HCI_OP_DISCONNECT:
1888 if (ev->status != 0)
1889 mgmt_disconnect_failed(hdev->id);
1890 break;
1891
1892 case HCI_OP_LE_CREATE_CONN:
1893 hci_cs_le_create_conn(hdev, ev->status);
1894 break;
1895
1896 default:
1897 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1898 break;
1899 }
1900
1901 if (ev->opcode != HCI_OP_NOP)
1902 del_timer(&hdev->cmd_timer);
1903
1904 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1905 atomic_set(&hdev->cmd_cnt, 1);
1906 if (!skb_queue_empty(&hdev->cmd_q))
1907 tasklet_schedule(&hdev->cmd_task);
1908 }
1909 }
1910
1911 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1912 {
1913 struct hci_ev_role_change *ev = (void *) skb->data;
1914 struct hci_conn *conn;
1915
1916 BT_DBG("%s status %d", hdev->name, ev->status);
1917
1918 hci_dev_lock(hdev);
1919
1920 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1921 if (conn) {
1922 if (!ev->status) {
1923 if (ev->role)
1924 conn->link_mode &= ~HCI_LM_MASTER;
1925 else
1926 conn->link_mode |= HCI_LM_MASTER;
1927 }
1928
1929 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1930
1931 hci_role_switch_cfm(conn, ev->status, ev->role);
1932 }
1933
1934 hci_dev_unlock(hdev);
1935 }
1936
1937 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1938 {
1939 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1940 __le16 *ptr;
1941 int i;
1942
1943 skb_pull(skb, sizeof(*ev));
1944
1945 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1946
1947 if (skb->len < ev->num_hndl * 4) {
1948 BT_DBG("%s bad parameters", hdev->name);
1949 return;
1950 }
1951
1952 tasklet_disable(&hdev->tx_task);
1953
1954 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1955 struct hci_conn *conn;
1956 __u16 handle, count;
1957
1958 handle = get_unaligned_le16(ptr++);
1959 count = get_unaligned_le16(ptr++);
1960
1961 conn = hci_conn_hash_lookup_handle(hdev, handle);
1962 if (conn) {
1963 conn->sent -= count;
1964
1965 if (conn->type == ACL_LINK) {
1966 hdev->acl_cnt += count;
1967 if (hdev->acl_cnt > hdev->acl_pkts)
1968 hdev->acl_cnt = hdev->acl_pkts;
1969 } else if (conn->type == LE_LINK) {
1970 if (hdev->le_pkts) {
1971 hdev->le_cnt += count;
1972 if (hdev->le_cnt > hdev->le_pkts)
1973 hdev->le_cnt = hdev->le_pkts;
1974 } else {
1975 hdev->acl_cnt += count;
1976 if (hdev->acl_cnt > hdev->acl_pkts)
1977 hdev->acl_cnt = hdev->acl_pkts;
1978 }
1979 } else {
1980 hdev->sco_cnt += count;
1981 if (hdev->sco_cnt > hdev->sco_pkts)
1982 hdev->sco_cnt = hdev->sco_pkts;
1983 }
1984 }
1985 }
1986
1987 tasklet_schedule(&hdev->tx_task);
1988
1989 tasklet_enable(&hdev->tx_task);
1990 }
1991
1992 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1993 {
1994 struct hci_ev_mode_change *ev = (void *) skb->data;
1995 struct hci_conn *conn;
1996
1997 BT_DBG("%s status %d", hdev->name, ev->status);
1998
1999 hci_dev_lock(hdev);
2000
2001 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2002 if (conn) {
2003 conn->mode = ev->mode;
2004 conn->interval = __le16_to_cpu(ev->interval);
2005
2006 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2007 if (conn->mode == HCI_CM_ACTIVE)
2008 conn->power_save = 1;
2009 else
2010 conn->power_save = 0;
2011 }
2012
2013 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2014 hci_sco_setup(conn, ev->status);
2015 }
2016
2017 hci_dev_unlock(hdev);
2018 }
2019
2020 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021 {
2022 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2023 struct hci_conn *conn;
2024
2025 BT_DBG("%s", hdev->name);
2026
2027 hci_dev_lock(hdev);
2028
2029 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2030 if (conn && conn->state == BT_CONNECTED) {
2031 hci_conn_hold(conn);
2032 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2033 hci_conn_put(conn);
2034 }
2035
2036 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2037 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2038 sizeof(ev->bdaddr), &ev->bdaddr);
2039 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2040 u8 secure;
2041
2042 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2043 secure = 1;
2044 else
2045 secure = 0;
2046
2047 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2048 }
2049
2050 hci_dev_unlock(hdev);
2051 }
2052
2053 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2054 {
2055 struct hci_ev_link_key_req *ev = (void *) skb->data;
2056 struct hci_cp_link_key_reply cp;
2057 struct hci_conn *conn;
2058 struct link_key *key;
2059
2060 BT_DBG("%s", hdev->name);
2061
2062 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2063 return;
2064
2065 hci_dev_lock(hdev);
2066
2067 key = hci_find_link_key(hdev, &ev->bdaddr);
2068 if (!key) {
2069 BT_DBG("%s link key not found for %s", hdev->name,
2070 batostr(&ev->bdaddr));
2071 goto not_found;
2072 }
2073
2074 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2075 batostr(&ev->bdaddr));
2076
2077 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2078 key->type == HCI_LK_DEBUG_COMBINATION) {
2079 BT_DBG("%s ignoring debug key", hdev->name);
2080 goto not_found;
2081 }
2082
2083 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2084 if (conn) {
2085 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2086 conn->auth_type != 0xff &&
2087 (conn->auth_type & 0x01)) {
2088 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2089 goto not_found;
2090 }
2091
2092 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2093 conn->pending_sec_level == BT_SECURITY_HIGH) {
2094 BT_DBG("%s ignoring key unauthenticated for high \
2095 security", hdev->name);
2096 goto not_found;
2097 }
2098
2099 conn->key_type = key->type;
2100 conn->pin_length = key->pin_len;
2101 }
2102
2103 bacpy(&cp.bdaddr, &ev->bdaddr);
2104 memcpy(cp.link_key, key->val, 16);
2105
2106 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2107
2108 hci_dev_unlock(hdev);
2109
2110 return;
2111
2112 not_found:
2113 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2114 hci_dev_unlock(hdev);
2115 }
2116
2117 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2118 {
2119 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2120 struct hci_conn *conn;
2121 u8 pin_len = 0;
2122
2123 BT_DBG("%s", hdev->name);
2124
2125 hci_dev_lock(hdev);
2126
2127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2128 if (conn) {
2129 hci_conn_hold(conn);
2130 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2131 pin_len = conn->pin_length;
2132
2133 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2134 conn->key_type = ev->key_type;
2135
2136 hci_conn_put(conn);
2137 }
2138
2139 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2140 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2141 ev->key_type, pin_len);
2142
2143 hci_dev_unlock(hdev);
2144 }
2145
2146 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2147 {
2148 struct hci_ev_clock_offset *ev = (void *) skb->data;
2149 struct hci_conn *conn;
2150
2151 BT_DBG("%s status %d", hdev->name, ev->status);
2152
2153 hci_dev_lock(hdev);
2154
2155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2156 if (conn && !ev->status) {
2157 struct inquiry_entry *ie;
2158
2159 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2160 if (ie) {
2161 ie->data.clock_offset = ev->clock_offset;
2162 ie->timestamp = jiffies;
2163 }
2164 }
2165
2166 hci_dev_unlock(hdev);
2167 }
2168
2169 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2170 {
2171 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2172 struct hci_conn *conn;
2173
2174 BT_DBG("%s status %d", hdev->name, ev->status);
2175
2176 hci_dev_lock(hdev);
2177
2178 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2179 if (conn && !ev->status)
2180 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2181
2182 hci_dev_unlock(hdev);
2183 }
2184
2185 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2186 {
2187 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2188 struct inquiry_entry *ie;
2189
2190 BT_DBG("%s", hdev->name);
2191
2192 hci_dev_lock(hdev);
2193
2194 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2195 if (ie) {
2196 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2197 ie->timestamp = jiffies;
2198 }
2199
2200 hci_dev_unlock(hdev);
2201 }
2202
2203 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2204 {
2205 struct inquiry_data data;
2206 int num_rsp = *((__u8 *) skb->data);
2207
2208 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2209
2210 if (!num_rsp)
2211 return;
2212
2213 hci_dev_lock(hdev);
2214
2215 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2216
2217 if (test_bit(HCI_MGMT, &hdev->flags))
2218 mgmt_discovering(hdev->id, 1);
2219 }
2220
2221 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2222 struct inquiry_info_with_rssi_and_pscan_mode *info;
2223 info = (void *) (skb->data + 1);
2224
2225 for (; num_rsp; num_rsp--, info++) {
2226 bacpy(&data.bdaddr, &info->bdaddr);
2227 data.pscan_rep_mode = info->pscan_rep_mode;
2228 data.pscan_period_mode = info->pscan_period_mode;
2229 data.pscan_mode = info->pscan_mode;
2230 memcpy(data.dev_class, info->dev_class, 3);
2231 data.clock_offset = info->clock_offset;
2232 data.rssi = info->rssi;
2233 data.ssp_mode = 0x00;
2234 hci_inquiry_cache_update(hdev, &data);
2235 mgmt_device_found(hdev->id, &info->bdaddr,
2236 info->dev_class, info->rssi,
2237 NULL);
2238 }
2239 } else {
2240 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2241
2242 for (; num_rsp; num_rsp--, info++) {
2243 bacpy(&data.bdaddr, &info->bdaddr);
2244 data.pscan_rep_mode = info->pscan_rep_mode;
2245 data.pscan_period_mode = info->pscan_period_mode;
2246 data.pscan_mode = 0x00;
2247 memcpy(data.dev_class, info->dev_class, 3);
2248 data.clock_offset = info->clock_offset;
2249 data.rssi = info->rssi;
2250 data.ssp_mode = 0x00;
2251 hci_inquiry_cache_update(hdev, &data);
2252 mgmt_device_found(hdev->id, &info->bdaddr,
2253 info->dev_class, info->rssi,
2254 NULL);
2255 }
2256 }
2257
2258 hci_dev_unlock(hdev);
2259 }
2260
2261 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2262 {
2263 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2264 struct hci_conn *conn;
2265
2266 BT_DBG("%s", hdev->name);
2267
2268 hci_dev_lock(hdev);
2269
2270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2271 if (!conn)
2272 goto unlock;
2273
2274 if (!ev->status && ev->page == 0x01) {
2275 struct inquiry_entry *ie;
2276
2277 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2278 if (ie)
2279 ie->data.ssp_mode = (ev->features[0] & 0x01);
2280
2281 conn->ssp_mode = (ev->features[0] & 0x01);
2282 }
2283
2284 if (conn->state != BT_CONFIG)
2285 goto unlock;
2286
2287 if (!ev->status) {
2288 struct hci_cp_remote_name_req cp;
2289 memset(&cp, 0, sizeof(cp));
2290 bacpy(&cp.bdaddr, &conn->dst);
2291 cp.pscan_rep_mode = 0x02;
2292 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2293 }
2294
2295 if (!hci_outgoing_auth_needed(hdev, conn)) {
2296 conn->state = BT_CONNECTED;
2297 hci_proto_connect_cfm(conn, ev->status);
2298 hci_conn_put(conn);
2299 }
2300
2301 unlock:
2302 hci_dev_unlock(hdev);
2303 }
2304
2305 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2306 {
2307 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2308 struct hci_conn *conn;
2309
2310 BT_DBG("%s status %d", hdev->name, ev->status);
2311
2312 hci_dev_lock(hdev);
2313
2314 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2315 if (!conn) {
2316 if (ev->link_type == ESCO_LINK)
2317 goto unlock;
2318
2319 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2320 if (!conn)
2321 goto unlock;
2322
2323 conn->type = SCO_LINK;
2324 }
2325
2326 switch (ev->status) {
2327 case 0x00:
2328 conn->handle = __le16_to_cpu(ev->handle);
2329 conn->state = BT_CONNECTED;
2330
2331 hci_conn_hold_device(conn);
2332 hci_conn_add_sysfs(conn);
2333 break;
2334
2335 case 0x11: /* Unsupported Feature or Parameter Value */
2336 case 0x1c: /* SCO interval rejected */
2337 case 0x1a: /* Unsupported Remote Feature */
2338 case 0x1f: /* Unspecified error */
2339 if (conn->out && conn->attempt < 2) {
2340 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2341 (hdev->esco_type & EDR_ESCO_MASK);
2342 hci_setup_sync(conn, conn->link->handle);
2343 goto unlock;
2344 }
2345 /* fall through */
2346
2347 default:
2348 conn->state = BT_CLOSED;
2349 break;
2350 }
2351
2352 hci_proto_connect_cfm(conn, ev->status);
2353 if (ev->status)
2354 hci_conn_del(conn);
2355
2356 unlock:
2357 hci_dev_unlock(hdev);
2358 }
2359
2360 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2361 {
2362 BT_DBG("%s", hdev->name);
2363 }
2364
2365 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2366 {
2367 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2368
2369 BT_DBG("%s status %d", hdev->name, ev->status);
2370 }
2371
2372 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2373 {
2374 struct inquiry_data data;
2375 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2376 int num_rsp = *((__u8 *) skb->data);
2377
2378 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2379
2380 if (!num_rsp)
2381 return;
2382
2383 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2384
2385 if (test_bit(HCI_MGMT, &hdev->flags))
2386 mgmt_discovering(hdev->id, 1);
2387 }
2388
2389 hci_dev_lock(hdev);
2390
2391 for (; num_rsp; num_rsp--, info++) {
2392 bacpy(&data.bdaddr, &info->bdaddr);
2393 data.pscan_rep_mode = info->pscan_rep_mode;
2394 data.pscan_period_mode = info->pscan_period_mode;
2395 data.pscan_mode = 0x00;
2396 memcpy(data.dev_class, info->dev_class, 3);
2397 data.clock_offset = info->clock_offset;
2398 data.rssi = info->rssi;
2399 data.ssp_mode = 0x01;
2400 hci_inquiry_cache_update(hdev, &data);
2401 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2402 info->rssi, info->data);
2403 }
2404
2405 hci_dev_unlock(hdev);
2406 }
2407
2408 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2409 {
2410 /* If remote requests dedicated bonding follow that lead */
2411 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2412 /* If both remote and local IO capabilities allow MITM
2413 * protection then require it, otherwise don't */
2414 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2415 return 0x02;
2416 else
2417 return 0x03;
2418 }
2419
2420 /* If remote requests no-bonding follow that lead */
2421 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2422 return conn->remote_auth | (conn->auth_type & 0x01);
2423
2424 return conn->auth_type;
2425 }
2426
2427 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2428 {
2429 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2430 struct hci_conn *conn;
2431
2432 BT_DBG("%s", hdev->name);
2433
2434 hci_dev_lock(hdev);
2435
2436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2437 if (!conn)
2438 goto unlock;
2439
2440 hci_conn_hold(conn);
2441
2442 if (!test_bit(HCI_MGMT, &hdev->flags))
2443 goto unlock;
2444
2445 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2446 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2447 struct hci_cp_io_capability_reply cp;
2448
2449 bacpy(&cp.bdaddr, &ev->bdaddr);
2450 cp.capability = conn->io_capability;
2451 conn->auth_type = hci_get_auth_req(conn);
2452 cp.authentication = conn->auth_type;
2453
2454 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2455 hci_find_remote_oob_data(hdev, &conn->dst))
2456 cp.oob_data = 0x01;
2457 else
2458 cp.oob_data = 0x00;
2459
2460 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2461 sizeof(cp), &cp);
2462 } else {
2463 struct hci_cp_io_capability_neg_reply cp;
2464
2465 bacpy(&cp.bdaddr, &ev->bdaddr);
2466 cp.reason = 0x18; /* Pairing not allowed */
2467
2468 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2469 sizeof(cp), &cp);
2470 }
2471
2472 unlock:
2473 hci_dev_unlock(hdev);
2474 }
2475
2476 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2477 {
2478 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2479 struct hci_conn *conn;
2480
2481 BT_DBG("%s", hdev->name);
2482
2483 hci_dev_lock(hdev);
2484
2485 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2486 if (!conn)
2487 goto unlock;
2488
2489 conn->remote_cap = ev->capability;
2490 conn->remote_oob = ev->oob_data;
2491 conn->remote_auth = ev->authentication;
2492
2493 unlock:
2494 hci_dev_unlock(hdev);
2495 }
2496
2497 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2498 struct sk_buff *skb)
2499 {
2500 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2501 int loc_mitm, rem_mitm, confirm_hint = 0;
2502 struct hci_conn *conn;
2503
2504 BT_DBG("%s", hdev->name);
2505
2506 hci_dev_lock(hdev);
2507
2508 if (!test_bit(HCI_MGMT, &hdev->flags))
2509 goto unlock;
2510
2511 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2512 if (!conn)
2513 goto unlock;
2514
2515 loc_mitm = (conn->auth_type & 0x01);
2516 rem_mitm = (conn->remote_auth & 0x01);
2517
2518 /* If we require MITM but the remote device can't provide that
2519 * (it has NoInputNoOutput) then reject the confirmation
2520 * request. The only exception is when we're dedicated bonding
2521 * initiators (connect_cfm_cb set) since then we always have the MITM
2522 * bit set. */
2523 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2524 BT_DBG("Rejecting request: remote device can't provide MITM");
2525 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2526 sizeof(ev->bdaddr), &ev->bdaddr);
2527 goto unlock;
2528 }
2529
2530 /* If no side requires MITM protection; auto-accept */
2531 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2532 (!rem_mitm || conn->io_capability == 0x03)) {
2533
2534 /* If we're not the initiators request authorization to
2535 * proceed from user space (mgmt_user_confirm with
2536 * confirm_hint set to 1). */
2537 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2538 BT_DBG("Confirming auto-accept as acceptor");
2539 confirm_hint = 1;
2540 goto confirm;
2541 }
2542
2543 BT_DBG("Auto-accept of user confirmation with %ums delay",
2544 hdev->auto_accept_delay);
2545
2546 if (hdev->auto_accept_delay > 0) {
2547 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2548 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2549 goto unlock;
2550 }
2551
2552 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2553 sizeof(ev->bdaddr), &ev->bdaddr);
2554 goto unlock;
2555 }
2556
2557 confirm:
2558 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2559 confirm_hint);
2560
2561 unlock:
2562 hci_dev_unlock(hdev);
2563 }
2564
2565 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2566 {
2567 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2568 struct hci_conn *conn;
2569
2570 BT_DBG("%s", hdev->name);
2571
2572 hci_dev_lock(hdev);
2573
2574 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2575 if (!conn)
2576 goto unlock;
2577
2578 /* To avoid duplicate auth_failed events to user space we check
2579 * the HCI_CONN_AUTH_PEND flag which will be set if we
2580 * initiated the authentication. A traditional auth_complete
2581 * event gets always produced as initiator and is also mapped to
2582 * the mgmt_auth_failed event */
2583 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2584 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2585
2586 hci_conn_put(conn);
2587
2588 unlock:
2589 hci_dev_unlock(hdev);
2590 }
2591
2592 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2593 {
2594 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2595 struct inquiry_entry *ie;
2596
2597 BT_DBG("%s", hdev->name);
2598
2599 hci_dev_lock(hdev);
2600
2601 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2602 if (ie)
2603 ie->data.ssp_mode = (ev->features[0] & 0x01);
2604
2605 hci_dev_unlock(hdev);
2606 }
2607
2608 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2609 struct sk_buff *skb)
2610 {
2611 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2612 struct oob_data *data;
2613
2614 BT_DBG("%s", hdev->name);
2615
2616 hci_dev_lock(hdev);
2617
2618 if (!test_bit(HCI_MGMT, &hdev->flags))
2619 goto unlock;
2620
2621 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2622 if (data) {
2623 struct hci_cp_remote_oob_data_reply cp;
2624
2625 bacpy(&cp.bdaddr, &ev->bdaddr);
2626 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2627 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2628
2629 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2630 &cp);
2631 } else {
2632 struct hci_cp_remote_oob_data_neg_reply cp;
2633
2634 bacpy(&cp.bdaddr, &ev->bdaddr);
2635 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2636 &cp);
2637 }
2638
2639 unlock:
2640 hci_dev_unlock(hdev);
2641 }
2642
2643 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2644 {
2645 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2646 struct hci_conn *conn;
2647
2648 BT_DBG("%s status %d", hdev->name, ev->status);
2649
2650 hci_dev_lock(hdev);
2651
2652 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2653 if (!conn) {
2654 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2655 if (!conn) {
2656 BT_ERR("No memory for new connection");
2657 hci_dev_unlock(hdev);
2658 return;
2659 }
2660 }
2661
2662 if (ev->status) {
2663 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2664 hci_proto_connect_cfm(conn, ev->status);
2665 conn->state = BT_CLOSED;
2666 hci_conn_del(conn);
2667 goto unlock;
2668 }
2669
2670 mgmt_connected(hdev->id, &ev->bdaddr);
2671
2672 conn->handle = __le16_to_cpu(ev->handle);
2673 conn->state = BT_CONNECTED;
2674
2675 hci_conn_hold_device(conn);
2676 hci_conn_add_sysfs(conn);
2677
2678 hci_proto_connect_cfm(conn, ev->status);
2679
2680 unlock:
2681 hci_dev_unlock(hdev);
2682 }
2683
2684 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2685 {
2686 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2687
2688 skb_pull(skb, sizeof(*le_ev));
2689
2690 switch (le_ev->subevent) {
2691 case HCI_EV_LE_CONN_COMPLETE:
2692 hci_le_conn_complete_evt(hdev, skb);
2693 break;
2694
2695 default:
2696 break;
2697 }
2698 }
2699
2700 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2701 {
2702 struct hci_event_hdr *hdr = (void *) skb->data;
2703 __u8 event = hdr->evt;
2704
2705 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2706
2707 switch (event) {
2708 case HCI_EV_INQUIRY_COMPLETE:
2709 hci_inquiry_complete_evt(hdev, skb);
2710 break;
2711
2712 case HCI_EV_INQUIRY_RESULT:
2713 hci_inquiry_result_evt(hdev, skb);
2714 break;
2715
2716 case HCI_EV_CONN_COMPLETE:
2717 hci_conn_complete_evt(hdev, skb);
2718 break;
2719
2720 case HCI_EV_CONN_REQUEST:
2721 hci_conn_request_evt(hdev, skb);
2722 break;
2723
2724 case HCI_EV_DISCONN_COMPLETE:
2725 hci_disconn_complete_evt(hdev, skb);
2726 break;
2727
2728 case HCI_EV_AUTH_COMPLETE:
2729 hci_auth_complete_evt(hdev, skb);
2730 break;
2731
2732 case HCI_EV_REMOTE_NAME:
2733 hci_remote_name_evt(hdev, skb);
2734 break;
2735
2736 case HCI_EV_ENCRYPT_CHANGE:
2737 hci_encrypt_change_evt(hdev, skb);
2738 break;
2739
2740 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2741 hci_change_link_key_complete_evt(hdev, skb);
2742 break;
2743
2744 case HCI_EV_REMOTE_FEATURES:
2745 hci_remote_features_evt(hdev, skb);
2746 break;
2747
2748 case HCI_EV_REMOTE_VERSION:
2749 hci_remote_version_evt(hdev, skb);
2750 break;
2751
2752 case HCI_EV_QOS_SETUP_COMPLETE:
2753 hci_qos_setup_complete_evt(hdev, skb);
2754 break;
2755
2756 case HCI_EV_CMD_COMPLETE:
2757 hci_cmd_complete_evt(hdev, skb);
2758 break;
2759
2760 case HCI_EV_CMD_STATUS:
2761 hci_cmd_status_evt(hdev, skb);
2762 break;
2763
2764 case HCI_EV_ROLE_CHANGE:
2765 hci_role_change_evt(hdev, skb);
2766 break;
2767
2768 case HCI_EV_NUM_COMP_PKTS:
2769 hci_num_comp_pkts_evt(hdev, skb);
2770 break;
2771
2772 case HCI_EV_MODE_CHANGE:
2773 hci_mode_change_evt(hdev, skb);
2774 break;
2775
2776 case HCI_EV_PIN_CODE_REQ:
2777 hci_pin_code_request_evt(hdev, skb);
2778 break;
2779
2780 case HCI_EV_LINK_KEY_REQ:
2781 hci_link_key_request_evt(hdev, skb);
2782 break;
2783
2784 case HCI_EV_LINK_KEY_NOTIFY:
2785 hci_link_key_notify_evt(hdev, skb);
2786 break;
2787
2788 case HCI_EV_CLOCK_OFFSET:
2789 hci_clock_offset_evt(hdev, skb);
2790 break;
2791
2792 case HCI_EV_PKT_TYPE_CHANGE:
2793 hci_pkt_type_change_evt(hdev, skb);
2794 break;
2795
2796 case HCI_EV_PSCAN_REP_MODE:
2797 hci_pscan_rep_mode_evt(hdev, skb);
2798 break;
2799
2800 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2801 hci_inquiry_result_with_rssi_evt(hdev, skb);
2802 break;
2803
2804 case HCI_EV_REMOTE_EXT_FEATURES:
2805 hci_remote_ext_features_evt(hdev, skb);
2806 break;
2807
2808 case HCI_EV_SYNC_CONN_COMPLETE:
2809 hci_sync_conn_complete_evt(hdev, skb);
2810 break;
2811
2812 case HCI_EV_SYNC_CONN_CHANGED:
2813 hci_sync_conn_changed_evt(hdev, skb);
2814 break;
2815
2816 case HCI_EV_SNIFF_SUBRATE:
2817 hci_sniff_subrate_evt(hdev, skb);
2818 break;
2819
2820 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2821 hci_extended_inquiry_result_evt(hdev, skb);
2822 break;
2823
2824 case HCI_EV_IO_CAPA_REQUEST:
2825 hci_io_capa_request_evt(hdev, skb);
2826 break;
2827
2828 case HCI_EV_IO_CAPA_REPLY:
2829 hci_io_capa_reply_evt(hdev, skb);
2830 break;
2831
2832 case HCI_EV_USER_CONFIRM_REQUEST:
2833 hci_user_confirm_request_evt(hdev, skb);
2834 break;
2835
2836 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2837 hci_simple_pair_complete_evt(hdev, skb);
2838 break;
2839
2840 case HCI_EV_REMOTE_HOST_FEATURES:
2841 hci_remote_host_features_evt(hdev, skb);
2842 break;
2843
2844 case HCI_EV_LE_META:
2845 hci_le_meta_evt(hdev, skb);
2846 break;
2847
2848 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2849 hci_remote_oob_data_request_evt(hdev, skb);
2850 break;
2851
2852 default:
2853 BT_DBG("%s event 0x%x", hdev->name, event);
2854 break;
2855 }
2856
2857 kfree_skb(skb);
2858 hdev->stat.evt_rx++;
2859 }
2860
2861 /* Generate internal stack event */
2862 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2863 {
2864 struct hci_event_hdr *hdr;
2865 struct hci_ev_stack_internal *ev;
2866 struct sk_buff *skb;
2867
2868 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2869 if (!skb)
2870 return;
2871
2872 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2873 hdr->evt = HCI_EV_STACK_INTERNAL;
2874 hdr->plen = sizeof(*ev) + dlen;
2875
2876 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2877 ev->type = type;
2878 memcpy(ev->data, data, dlen);
2879
2880 bt_cb(skb)->incoming = 1;
2881 __net_timestamp(skb);
2882
2883 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2884 skb->dev = (void *) hdev;
2885 hci_send_to_sock(hdev, skb, NULL);
2886 kfree_skb(skb);
2887 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree