search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: wl12xx: care for optional operations
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / hci_event.c
blobac2c5e89617ca15f4adc5c2902af282566035039
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 /* Handle HCI Event packets */
49
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 {
52 __u8 status = *((__u8 *) skb->data);
53
54 BT_DBG("%s status 0x%x", hdev->name, status);
55
56 if (status)
57 return;
58
59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
62
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
64
65 hci_conn_check_pending(hdev);
66 }
67
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
69 {
70 __u8 status = *((__u8 *) skb->data);
71
72 BT_DBG("%s status 0x%x", hdev->name, status);
73
74 if (status)
75 return;
76
77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
80
81 hci_conn_check_pending(hdev);
82 }
83
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85 {
86 BT_DBG("%s", hdev->name);
87 }
88
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90 {
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
107 }
108
109 hci_dev_unlock(hdev);
110 }
111
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113 {
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129 }
130
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
132 {
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
135 void *sent;
136
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
138
139 if (rp->status)
140 return;
141
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = get_unaligned_le16(sent + 2);
151
152 hci_dev_unlock(hdev);
153 }
154
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156 {
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165 }
166
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168 {
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 }
183
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185 {
186 __u8 status = *((__u8 *) skb->data);
187
188 BT_DBG("%s status 0x%x", hdev->name, status);
189
190 clear_bit(HCI_RESET, &hdev->flags);
191
192 hci_req_complete(hdev, HCI_OP_RESET, status);
193 }
194
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196 {
197 __u8 status = *((__u8 *) skb->data);
198 void *sent;
199
200 BT_DBG("%s status 0x%x", hdev->name, status);
201
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
203 if (!sent)
204 return;
205
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 }
214
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216 {
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
218
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
220
221 if (rp->status)
222 return;
223
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 }
226
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
228 {
229 __u8 status = *((__u8 *) skb->data);
230 void *sent;
231
232 BT_DBG("%s status 0x%x", hdev->name, status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
235 if (!sent)
236 return;
237
238 if (!status) {
239 __u8 param = *((__u8 *) sent);
240
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
243 else
244 clear_bit(HCI_AUTH, &hdev->flags);
245 }
246
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 }
249
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
251 {
252 __u8 status = *((__u8 *) skb->data);
253 void *sent;
254
255 BT_DBG("%s status 0x%x", hdev->name, status);
256
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
258 if (!sent)
259 return;
260
261 if (!status) {
262 __u8 param = *((__u8 *) sent);
263
264 if (param)
265 set_bit(HCI_ENCRYPT, &hdev->flags);
266 else
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 }
269
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 }
272
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274 {
275 __u8 status = *((__u8 *) skb->data);
276 void *sent;
277
278 BT_DBG("%s status 0x%x", hdev->name, status);
279
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
281 if (!sent)
282 return;
283
284 if (!status) {
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
287
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
290
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
297
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
304 }
305
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
307 }
308
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310 {
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
312
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
314
315 if (rp->status)
316 return;
317
318 memcpy(hdev->dev_class, rp->dev_class, 3);
319
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322 }
323
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325 {
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
328
329 BT_DBG("%s status 0x%x", hdev->name, status);
330
331 if (status)
332 return;
333
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
337
338 memcpy(hdev->dev_class, sent, 3);
339 }
340
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342 {
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
353 if (hdev->voice_setting == setting)
354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365 }
366
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368 {
369 __u8 status = *((__u8 *) skb->data);
370 __u16 setting;
371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
374
375 if (status)
376 return;
377
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
381
382 setting = get_unaligned_le16(sent);
383
384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
388
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
395 }
396 }
397
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
399 {
400 __u8 status = *((__u8 *) skb->data);
401
402 BT_DBG("%s status 0x%x", hdev->name, status);
403
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
405 }
406
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408 {
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417 }
418
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420 {
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434 }
435
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437 {
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462 }
463
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465 {
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471 }
472
473 static void hci_setup_event_mask(struct hci_dev *hdev)
474 {
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526 }
527
528 static void hci_setup(struct hci_dev *hdev)
529 {
530 hci_setup_event_mask(hdev);
531
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 u8 mode = 0x01;
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 }
539
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
542
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545 }
546
547 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
548 {
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
550
551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
552
553 if (rp->status)
554 return;
555
556 hdev->hci_ver = rp->hci_ver;
557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
558 hdev->lmp_ver = rp->lmp_ver;
559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
561
562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
563 hdev->manufacturer,
564 hdev->hci_ver, hdev->hci_rev);
565
566 if (test_bit(HCI_INIT, &hdev->flags))
567 hci_setup(hdev);
568 }
569
570 static void hci_setup_link_policy(struct hci_dev *hdev)
571 {
572 u16 link_policy = 0;
573
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
582
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
586 }
587
588 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
589 {
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
591
592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
593
594 if (rp->status)
595 goto done;
596
597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
598
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
601
602 done:
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
604 }
605
606 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
607 {
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
609
610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
611
612 if (rp->status)
613 return;
614
615 memcpy(hdev->features, rp->features, 8);
616
617 /* Adjust default settings according to features
618 * supported by device. */
619
620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
622
623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
625
626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
629 }
630
631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
634 }
635
636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
638
639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
641
642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
644
645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
647
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
650
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
653
654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
659 }
660
661 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
662 {
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
664
665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666
667 if (rp->status)
668 return;
669
670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
674
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
676 hdev->sco_mtu = 64;
677 hdev->sco_pkts = 8;
678 }
679
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
682
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
686 }
687
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
689 {
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
691
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693
694 if (!rp->status)
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
696
697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698 }
699
700 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
701 {
702 __u8 status = *((__u8 *) skb->data);
703
704 BT_DBG("%s status 0x%x", hdev->name, status);
705
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
707 }
708
709 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 struct sk_buff *skb)
711 {
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717 }
718
719 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
720 {
721 __u8 status = *((__u8 *) skb->data);
722
723 BT_DBG("%s status 0x%x", hdev->name, status);
724
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726 }
727
728 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 struct sk_buff *skb)
730 {
731 __u8 status = *((__u8 *) skb->data);
732
733 BT_DBG("%s status 0x%x", hdev->name, status);
734
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736 }
737
738 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 struct sk_buff *skb)
740 {
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746 }
747
748 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
749 {
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755 }
756
757 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
758 {
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
767
768 if (rp->status != 0)
769 return;
770
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
772 if (!cp)
773 return;
774
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
776 if (conn)
777 conn->pin_length = cp->pin_len;
778 }
779
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781 {
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 rp->status);
789 }
790 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct sk_buff *skb)
792 {
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (rp->status)
798 return;
799
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
802
803 hdev->le_cnt = hdev->le_pkts;
804
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808 }
809
810 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
811 {
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
818 rp->status);
819 }
820
821 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct sk_buff *skb)
823 {
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831 }
832
833 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct sk_buff *skb)
835 {
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
842 }
843
844 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
845 struct sk_buff *skb)
846 {
847 struct hci_cp_le_set_scan_enable *cp;
848 __u8 status = *((__u8 *) skb->data);
849
850 BT_DBG("%s status 0x%x", hdev->name, status);
851
852 if (status)
853 return;
854
855 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
856 if (!cp)
857 return;
858
859 hci_dev_lock(hdev);
860
861 if (cp->enable == 0x01) {
862 del_timer(&hdev->adv_timer);
863 hci_adv_entries_clear(hdev);
864 } else if (cp->enable == 0x00) {
865 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
866 }
867
868 hci_dev_unlock(hdev);
869 }
870
871 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
872 {
873 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
874
875 BT_DBG("%s status 0x%x", hdev->name, rp->status);
876
877 if (rp->status)
878 return;
879
880 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
881 }
882
883 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
884 {
885 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
886
887 BT_DBG("%s status 0x%x", hdev->name, rp->status);
888
889 if (rp->status)
890 return;
891
892 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
893 }
894
895 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
896 {
897 BT_DBG("%s status 0x%x", hdev->name, status);
898
899 if (status) {
900 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
901 hci_conn_check_pending(hdev);
902 return;
903 }
904
905 if (test_bit(HCI_MGMT, &hdev->flags) &&
906 !test_and_set_bit(HCI_INQUIRY,
907 &hdev->flags))
908 mgmt_discovering(hdev->id, 1);
909 }
910
911 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
912 {
913 struct hci_cp_create_conn *cp;
914 struct hci_conn *conn;
915
916 BT_DBG("%s status 0x%x", hdev->name, status);
917
918 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
919 if (!cp)
920 return;
921
922 hci_dev_lock(hdev);
923
924 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
925
926 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
927
928 if (status) {
929 if (conn && conn->state == BT_CONNECT) {
930 if (status != 0x0c || conn->attempt > 2) {
931 conn->state = BT_CLOSED;
932 hci_proto_connect_cfm(conn, status);
933 hci_conn_del(conn);
934 } else
935 conn->state = BT_CONNECT2;
936 }
937 } else {
938 if (!conn) {
939 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
940 if (conn) {
941 conn->out = 1;
942 conn->link_mode |= HCI_LM_MASTER;
943 } else
944 BT_ERR("No memory for new connection");
945 }
946 }
947
948 hci_dev_unlock(hdev);
949 }
950
951 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
952 {
953 struct hci_cp_add_sco *cp;
954 struct hci_conn *acl, *sco;
955 __u16 handle;
956
957 BT_DBG("%s status 0x%x", hdev->name, status);
958
959 if (!status)
960 return;
961
962 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
963 if (!cp)
964 return;
965
966 handle = __le16_to_cpu(cp->handle);
967
968 BT_DBG("%s handle %d", hdev->name, handle);
969
970 hci_dev_lock(hdev);
971
972 acl = hci_conn_hash_lookup_handle(hdev, handle);
973 if (acl) {
974 sco = acl->link;
975 if (sco) {
976 sco->state = BT_CLOSED;
977
978 hci_proto_connect_cfm(sco, status);
979 hci_conn_del(sco);
980 }
981 }
982
983 hci_dev_unlock(hdev);
984 }
985
986 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
987 {
988 struct hci_cp_auth_requested *cp;
989 struct hci_conn *conn;
990
991 BT_DBG("%s status 0x%x", hdev->name, status);
992
993 if (!status)
994 return;
995
996 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
997 if (!cp)
998 return;
999
1000 hci_dev_lock(hdev);
1001
1002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1003 if (conn) {
1004 if (conn->state == BT_CONFIG) {
1005 hci_proto_connect_cfm(conn, status);
1006 hci_conn_put(conn);
1007 }
1008 }
1009
1010 hci_dev_unlock(hdev);
1011 }
1012
1013 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1014 {
1015 struct hci_cp_set_conn_encrypt *cp;
1016 struct hci_conn *conn;
1017
1018 BT_DBG("%s status 0x%x", hdev->name, status);
1019
1020 if (!status)
1021 return;
1022
1023 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1024 if (!cp)
1025 return;
1026
1027 hci_dev_lock(hdev);
1028
1029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1030 if (conn) {
1031 if (conn->state == BT_CONFIG) {
1032 hci_proto_connect_cfm(conn, status);
1033 hci_conn_put(conn);
1034 }
1035 }
1036
1037 hci_dev_unlock(hdev);
1038 }
1039
1040 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1041 struct hci_conn *conn)
1042 {
1043 if (conn->state != BT_CONFIG || !conn->out)
1044 return 0;
1045
1046 if (conn->pending_sec_level == BT_SECURITY_SDP)
1047 return 0;
1048
1049 /* Only request authentication for SSP connections or non-SSP
1050 * devices with sec_level HIGH */
1051 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1052 conn->pending_sec_level != BT_SECURITY_HIGH)
1053 return 0;
1054
1055 return 1;
1056 }
1057
1058 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1059 {
1060 struct hci_cp_remote_name_req *cp;
1061 struct hci_conn *conn;
1062
1063 BT_DBG("%s status 0x%x", hdev->name, status);
1064
1065 /* If successful wait for the name req complete event before
1066 * checking for the need to do authentication */
1067 if (!status)
1068 return;
1069
1070 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1071 if (!cp)
1072 return;
1073
1074 hci_dev_lock(hdev);
1075
1076 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1077 if (!conn)
1078 goto unlock;
1079
1080 if (!hci_outgoing_auth_needed(hdev, conn))
1081 goto unlock;
1082
1083 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1084 struct hci_cp_auth_requested cp;
1085 cp.handle = __cpu_to_le16(conn->handle);
1086 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1087 }
1088
1089 unlock:
1090 hci_dev_unlock(hdev);
1091 }
1092
1093 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1094 {
1095 struct hci_cp_read_remote_features *cp;
1096 struct hci_conn *conn;
1097
1098 BT_DBG("%s status 0x%x", hdev->name, status);
1099
1100 if (!status)
1101 return;
1102
1103 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1104 if (!cp)
1105 return;
1106
1107 hci_dev_lock(hdev);
1108
1109 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1110 if (conn) {
1111 if (conn->state == BT_CONFIG) {
1112 hci_proto_connect_cfm(conn, status);
1113 hci_conn_put(conn);
1114 }
1115 }
1116
1117 hci_dev_unlock(hdev);
1118 }
1119
1120 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1121 {
1122 struct hci_cp_read_remote_ext_features *cp;
1123 struct hci_conn *conn;
1124
1125 BT_DBG("%s status 0x%x", hdev->name, status);
1126
1127 if (!status)
1128 return;
1129
1130 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1131 if (!cp)
1132 return;
1133
1134 hci_dev_lock(hdev);
1135
1136 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1137 if (conn) {
1138 if (conn->state == BT_CONFIG) {
1139 hci_proto_connect_cfm(conn, status);
1140 hci_conn_put(conn);
1141 }
1142 }
1143
1144 hci_dev_unlock(hdev);
1145 }
1146
1147 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1148 {
1149 struct hci_cp_setup_sync_conn *cp;
1150 struct hci_conn *acl, *sco;
1151 __u16 handle;
1152
1153 BT_DBG("%s status 0x%x", hdev->name, status);
1154
1155 if (!status)
1156 return;
1157
1158 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1159 if (!cp)
1160 return;
1161
1162 handle = __le16_to_cpu(cp->handle);
1163
1164 BT_DBG("%s handle %d", hdev->name, handle);
1165
1166 hci_dev_lock(hdev);
1167
1168 acl = hci_conn_hash_lookup_handle(hdev, handle);
1169 if (acl) {
1170 sco = acl->link;
1171 if (sco) {
1172 sco->state = BT_CLOSED;
1173
1174 hci_proto_connect_cfm(sco, status);
1175 hci_conn_del(sco);
1176 }
1177 }
1178
1179 hci_dev_unlock(hdev);
1180 }
1181
1182 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1183 {
1184 struct hci_cp_sniff_mode *cp;
1185 struct hci_conn *conn;
1186
1187 BT_DBG("%s status 0x%x", hdev->name, status);
1188
1189 if (!status)
1190 return;
1191
1192 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1193 if (!cp)
1194 return;
1195
1196 hci_dev_lock(hdev);
1197
1198 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1199 if (conn) {
1200 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1201
1202 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1203 hci_sco_setup(conn, status);
1204 }
1205
1206 hci_dev_unlock(hdev);
1207 }
1208
1209 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1210 {
1211 struct hci_cp_exit_sniff_mode *cp;
1212 struct hci_conn *conn;
1213
1214 BT_DBG("%s status 0x%x", hdev->name, status);
1215
1216 if (!status)
1217 return;
1218
1219 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1220 if (!cp)
1221 return;
1222
1223 hci_dev_lock(hdev);
1224
1225 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1226 if (conn) {
1227 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1228
1229 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1230 hci_sco_setup(conn, status);
1231 }
1232
1233 hci_dev_unlock(hdev);
1234 }
1235
1236 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1237 {
1238 struct hci_cp_le_create_conn *cp;
1239 struct hci_conn *conn;
1240
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1242
1243 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1244 if (!cp)
1245 return;
1246
1247 hci_dev_lock(hdev);
1248
1249 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1250
1251 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1252 conn);
1253
1254 if (status) {
1255 if (conn && conn->state == BT_CONNECT) {
1256 conn->state = BT_CLOSED;
1257 hci_proto_connect_cfm(conn, status);
1258 hci_conn_del(conn);
1259 }
1260 } else {
1261 if (!conn) {
1262 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1263 if (conn) {
1264 conn->dst_type = cp->peer_addr_type;
1265 conn->out = 1;
1266 } else {
1267 BT_ERR("No memory for new connection");
1268 }
1269 }
1270 }
1271
1272 hci_dev_unlock(hdev);
1273 }
1274
1275 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1276 {
1277 BT_DBG("%s status 0x%x", hdev->name, status);
1278 }
1279
1280 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1281 {
1282 __u8 status = *((__u8 *) skb->data);
1283
1284 BT_DBG("%s status %d", hdev->name, status);
1285
1286 if (test_bit(HCI_MGMT, &hdev->flags) &&
1287 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1288 mgmt_discovering(hdev->id, 0);
1289
1290 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1291
1292 hci_conn_check_pending(hdev);
1293 }
1294
1295 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1296 {
1297 struct inquiry_data data;
1298 struct inquiry_info *info = (void *) (skb->data + 1);
1299 int num_rsp = *((__u8 *) skb->data);
1300
1301 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1302
1303 if (!num_rsp)
1304 return;
1305
1306 hci_dev_lock(hdev);
1307
1308 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1309
1310 if (test_bit(HCI_MGMT, &hdev->flags))
1311 mgmt_discovering(hdev->id, 1);
1312 }
1313
1314 for (; num_rsp; num_rsp--, info++) {
1315 bacpy(&data.bdaddr, &info->bdaddr);
1316 data.pscan_rep_mode = info->pscan_rep_mode;
1317 data.pscan_period_mode = info->pscan_period_mode;
1318 data.pscan_mode = info->pscan_mode;
1319 memcpy(data.dev_class, info->dev_class, 3);
1320 data.clock_offset = info->clock_offset;
1321 data.rssi = 0x00;
1322 data.ssp_mode = 0x00;
1323 hci_inquiry_cache_update(hdev, &data);
1324 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1325 NULL);
1326 }
1327
1328 hci_dev_unlock(hdev);
1329 }
1330
1331 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1332 {
1333 struct hci_ev_conn_complete *ev = (void *) skb->data;
1334 struct hci_conn *conn;
1335
1336 BT_DBG("%s", hdev->name);
1337
1338 hci_dev_lock(hdev);
1339
1340 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1341 if (!conn) {
1342 if (ev->link_type != SCO_LINK)
1343 goto unlock;
1344
1345 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1346 if (!conn)
1347 goto unlock;
1348
1349 conn->type = SCO_LINK;
1350 }
1351
1352 if (!ev->status) {
1353 conn->handle = __le16_to_cpu(ev->handle);
1354
1355 if (conn->type == ACL_LINK) {
1356 conn->state = BT_CONFIG;
1357 hci_conn_hold(conn);
1358 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1359 mgmt_connected(hdev->id, &ev->bdaddr);
1360 } else
1361 conn->state = BT_CONNECTED;
1362
1363 hci_conn_hold_device(conn);
1364 hci_conn_add_sysfs(conn);
1365
1366 if (test_bit(HCI_AUTH, &hdev->flags))
1367 conn->link_mode |= HCI_LM_AUTH;
1368
1369 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1370 conn->link_mode |= HCI_LM_ENCRYPT;
1371
1372 /* Get remote features */
1373 if (conn->type == ACL_LINK) {
1374 struct hci_cp_read_remote_features cp;
1375 cp.handle = ev->handle;
1376 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1377 sizeof(cp), &cp);
1378 }
1379
1380 /* Set packet type for incoming connection */
1381 if (!conn->out && hdev->hci_ver < 3) {
1382 struct hci_cp_change_conn_ptype cp;
1383 cp.handle = ev->handle;
1384 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1385 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1386 sizeof(cp), &cp);
1387 }
1388 } else {
1389 conn->state = BT_CLOSED;
1390 if (conn->type == ACL_LINK)
1391 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1392 }
1393
1394 if (conn->type == ACL_LINK)
1395 hci_sco_setup(conn, ev->status);
1396
1397 if (ev->status) {
1398 hci_proto_connect_cfm(conn, ev->status);
1399 hci_conn_del(conn);
1400 } else if (ev->link_type != ACL_LINK)
1401 hci_proto_connect_cfm(conn, ev->status);
1402
1403 unlock:
1404 hci_dev_unlock(hdev);
1405
1406 hci_conn_check_pending(hdev);
1407 }
1408
1409 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1410 {
1411 struct hci_ev_conn_request *ev = (void *) skb->data;
1412 int mask = hdev->link_mode;
1413
1414 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1415 batostr(&ev->bdaddr), ev->link_type);
1416
1417 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1418
1419 if ((mask & HCI_LM_ACCEPT) &&
1420 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1421 /* Connection accepted */
1422 struct inquiry_entry *ie;
1423 struct hci_conn *conn;
1424
1425 hci_dev_lock(hdev);
1426
1427 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1428 if (ie)
1429 memcpy(ie->data.dev_class, ev->dev_class, 3);
1430
1431 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1432 if (!conn) {
1433 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1434 if (!conn) {
1435 BT_ERR("No memory for new connection");
1436 hci_dev_unlock(hdev);
1437 return;
1438 }
1439 }
1440
1441 memcpy(conn->dev_class, ev->dev_class, 3);
1442 conn->state = BT_CONNECT;
1443
1444 hci_dev_unlock(hdev);
1445
1446 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1447 struct hci_cp_accept_conn_req cp;
1448
1449 bacpy(&cp.bdaddr, &ev->bdaddr);
1450
1451 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1452 cp.role = 0x00; /* Become master */
1453 else
1454 cp.role = 0x01; /* Remain slave */
1455
1456 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1457 sizeof(cp), &cp);
1458 } else {
1459 struct hci_cp_accept_sync_conn_req cp;
1460
1461 bacpy(&cp.bdaddr, &ev->bdaddr);
1462 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1463
1464 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1465 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1466 cp.max_latency = cpu_to_le16(0xffff);
1467 cp.content_format = cpu_to_le16(hdev->voice_setting);
1468 cp.retrans_effort = 0xff;
1469
1470 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1471 sizeof(cp), &cp);
1472 }
1473 } else {
1474 /* Connection rejected */
1475 struct hci_cp_reject_conn_req cp;
1476
1477 bacpy(&cp.bdaddr, &ev->bdaddr);
1478 cp.reason = 0x0f;
1479 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1480 }
1481 }
1482
1483 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1484 {
1485 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1486 struct hci_conn *conn;
1487
1488 BT_DBG("%s status %d", hdev->name, ev->status);
1489
1490 if (ev->status) {
1491 mgmt_disconnect_failed(hdev->id);
1492 return;
1493 }
1494
1495 hci_dev_lock(hdev);
1496
1497 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1498 if (!conn)
1499 goto unlock;
1500
1501 conn->state = BT_CLOSED;
1502
1503 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1504 mgmt_disconnected(hdev->id, &conn->dst);
1505
1506 hci_proto_disconn_cfm(conn, ev->reason);
1507 hci_conn_del(conn);
1508
1509 unlock:
1510 hci_dev_unlock(hdev);
1511 }
1512
1513 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1514 {
1515 struct hci_ev_auth_complete *ev = (void *) skb->data;
1516 struct hci_conn *conn;
1517
1518 BT_DBG("%s status %d", hdev->name, ev->status);
1519
1520 hci_dev_lock(hdev);
1521
1522 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1523 if (!conn)
1524 goto unlock;
1525
1526 if (!ev->status) {
1527 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1528 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1529 BT_INFO("re-auth of legacy device is not possible.");
1530 } else {
1531 conn->link_mode |= HCI_LM_AUTH;
1532 conn->sec_level = conn->pending_sec_level;
1533 }
1534 } else {
1535 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1536 }
1537
1538 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1539 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1540
1541 if (conn->state == BT_CONFIG) {
1542 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1543 struct hci_cp_set_conn_encrypt cp;
1544 cp.handle = ev->handle;
1545 cp.encrypt = 0x01;
1546 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1547 &cp);
1548 } else {
1549 conn->state = BT_CONNECTED;
1550 hci_proto_connect_cfm(conn, ev->status);
1551 hci_conn_put(conn);
1552 }
1553 } else {
1554 hci_auth_cfm(conn, ev->status);
1555
1556 hci_conn_hold(conn);
1557 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1558 hci_conn_put(conn);
1559 }
1560
1561 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1562 if (!ev->status) {
1563 struct hci_cp_set_conn_encrypt cp;
1564 cp.handle = ev->handle;
1565 cp.encrypt = 0x01;
1566 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1567 &cp);
1568 } else {
1569 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1570 hci_encrypt_cfm(conn, ev->status, 0x00);
1571 }
1572 }
1573
1574 unlock:
1575 hci_dev_unlock(hdev);
1576 }
1577
1578 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1579 {
1580 struct hci_ev_remote_name *ev = (void *) skb->data;
1581 struct hci_conn *conn;
1582
1583 BT_DBG("%s", hdev->name);
1584
1585 hci_conn_check_pending(hdev);
1586
1587 hci_dev_lock(hdev);
1588
1589 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1590 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1591
1592 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1593 if (!conn)
1594 goto unlock;
1595
1596 if (!hci_outgoing_auth_needed(hdev, conn))
1597 goto unlock;
1598
1599 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1600 struct hci_cp_auth_requested cp;
1601 cp.handle = __cpu_to_le16(conn->handle);
1602 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1603 }
1604
1605 unlock:
1606 hci_dev_unlock(hdev);
1607 }
1608
1609 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1610 {
1611 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1612 struct hci_conn *conn;
1613
1614 BT_DBG("%s status %d", hdev->name, ev->status);
1615
1616 hci_dev_lock(hdev);
1617
1618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1619 if (conn) {
1620 if (!ev->status) {
1621 if (ev->encrypt) {
1622 /* Encryption implies authentication */
1623 conn->link_mode |= HCI_LM_AUTH;
1624 conn->link_mode |= HCI_LM_ENCRYPT;
1625 conn->sec_level = conn->pending_sec_level;
1626 } else
1627 conn->link_mode &= ~HCI_LM_ENCRYPT;
1628 }
1629
1630 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1631
1632 if (conn->state == BT_CONFIG) {
1633 if (!ev->status)
1634 conn->state = BT_CONNECTED;
1635
1636 hci_proto_connect_cfm(conn, ev->status);
1637 hci_conn_put(conn);
1638 } else
1639 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1640 }
1641
1642 hci_dev_unlock(hdev);
1643 }
1644
1645 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1646 {
1647 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1648 struct hci_conn *conn;
1649
1650 BT_DBG("%s status %d", hdev->name, ev->status);
1651
1652 hci_dev_lock(hdev);
1653
1654 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1655 if (conn) {
1656 if (!ev->status)
1657 conn->link_mode |= HCI_LM_SECURE;
1658
1659 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1660
1661 hci_key_change_cfm(conn, ev->status);
1662 }
1663
1664 hci_dev_unlock(hdev);
1665 }
1666
1667 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1668 {
1669 struct hci_ev_remote_features *ev = (void *) skb->data;
1670 struct hci_conn *conn;
1671
1672 BT_DBG("%s status %d", hdev->name, ev->status);
1673
1674 hci_dev_lock(hdev);
1675
1676 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1677 if (!conn)
1678 goto unlock;
1679
1680 if (!ev->status)
1681 memcpy(conn->features, ev->features, 8);
1682
1683 if (conn->state != BT_CONFIG)
1684 goto unlock;
1685
1686 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1687 struct hci_cp_read_remote_ext_features cp;
1688 cp.handle = ev->handle;
1689 cp.page = 0x01;
1690 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1691 sizeof(cp), &cp);
1692 goto unlock;
1693 }
1694
1695 if (!ev->status) {
1696 struct hci_cp_remote_name_req cp;
1697 memset(&cp, 0, sizeof(cp));
1698 bacpy(&cp.bdaddr, &conn->dst);
1699 cp.pscan_rep_mode = 0x02;
1700 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1701 }
1702
1703 if (!hci_outgoing_auth_needed(hdev, conn)) {
1704 conn->state = BT_CONNECTED;
1705 hci_proto_connect_cfm(conn, ev->status);
1706 hci_conn_put(conn);
1707 }
1708
1709 unlock:
1710 hci_dev_unlock(hdev);
1711 }
1712
1713 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1714 {
1715 BT_DBG("%s", hdev->name);
1716 }
1717
1718 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1719 {
1720 BT_DBG("%s", hdev->name);
1721 }
1722
1723 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1724 {
1725 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1726 __u16 opcode;
1727
1728 skb_pull(skb, sizeof(*ev));
1729
1730 opcode = __le16_to_cpu(ev->opcode);
1731
1732 switch (opcode) {
1733 case HCI_OP_INQUIRY_CANCEL:
1734 hci_cc_inquiry_cancel(hdev, skb);
1735 break;
1736
1737 case HCI_OP_EXIT_PERIODIC_INQ:
1738 hci_cc_exit_periodic_inq(hdev, skb);
1739 break;
1740
1741 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1742 hci_cc_remote_name_req_cancel(hdev, skb);
1743 break;
1744
1745 case HCI_OP_ROLE_DISCOVERY:
1746 hci_cc_role_discovery(hdev, skb);
1747 break;
1748
1749 case HCI_OP_READ_LINK_POLICY:
1750 hci_cc_read_link_policy(hdev, skb);
1751 break;
1752
1753 case HCI_OP_WRITE_LINK_POLICY:
1754 hci_cc_write_link_policy(hdev, skb);
1755 break;
1756
1757 case HCI_OP_READ_DEF_LINK_POLICY:
1758 hci_cc_read_def_link_policy(hdev, skb);
1759 break;
1760
1761 case HCI_OP_WRITE_DEF_LINK_POLICY:
1762 hci_cc_write_def_link_policy(hdev, skb);
1763 break;
1764
1765 case HCI_OP_RESET:
1766 hci_cc_reset(hdev, skb);
1767 break;
1768
1769 case HCI_OP_WRITE_LOCAL_NAME:
1770 hci_cc_write_local_name(hdev, skb);
1771 break;
1772
1773 case HCI_OP_READ_LOCAL_NAME:
1774 hci_cc_read_local_name(hdev, skb);
1775 break;
1776
1777 case HCI_OP_WRITE_AUTH_ENABLE:
1778 hci_cc_write_auth_enable(hdev, skb);
1779 break;
1780
1781 case HCI_OP_WRITE_ENCRYPT_MODE:
1782 hci_cc_write_encrypt_mode(hdev, skb);
1783 break;
1784
1785 case HCI_OP_WRITE_SCAN_ENABLE:
1786 hci_cc_write_scan_enable(hdev, skb);
1787 break;
1788
1789 case HCI_OP_READ_CLASS_OF_DEV:
1790 hci_cc_read_class_of_dev(hdev, skb);
1791 break;
1792
1793 case HCI_OP_WRITE_CLASS_OF_DEV:
1794 hci_cc_write_class_of_dev(hdev, skb);
1795 break;
1796
1797 case HCI_OP_READ_VOICE_SETTING:
1798 hci_cc_read_voice_setting(hdev, skb);
1799 break;
1800
1801 case HCI_OP_WRITE_VOICE_SETTING:
1802 hci_cc_write_voice_setting(hdev, skb);
1803 break;
1804
1805 case HCI_OP_HOST_BUFFER_SIZE:
1806 hci_cc_host_buffer_size(hdev, skb);
1807 break;
1808
1809 case HCI_OP_READ_SSP_MODE:
1810 hci_cc_read_ssp_mode(hdev, skb);
1811 break;
1812
1813 case HCI_OP_WRITE_SSP_MODE:
1814 hci_cc_write_ssp_mode(hdev, skb);
1815 break;
1816
1817 case HCI_OP_READ_LOCAL_VERSION:
1818 hci_cc_read_local_version(hdev, skb);
1819 break;
1820
1821 case HCI_OP_READ_LOCAL_COMMANDS:
1822 hci_cc_read_local_commands(hdev, skb);
1823 break;
1824
1825 case HCI_OP_READ_LOCAL_FEATURES:
1826 hci_cc_read_local_features(hdev, skb);
1827 break;
1828
1829 case HCI_OP_READ_BUFFER_SIZE:
1830 hci_cc_read_buffer_size(hdev, skb);
1831 break;
1832
1833 case HCI_OP_READ_BD_ADDR:
1834 hci_cc_read_bd_addr(hdev, skb);
1835 break;
1836
1837 case HCI_OP_WRITE_CA_TIMEOUT:
1838 hci_cc_write_ca_timeout(hdev, skb);
1839 break;
1840
1841 case HCI_OP_DELETE_STORED_LINK_KEY:
1842 hci_cc_delete_stored_link_key(hdev, skb);
1843 break;
1844
1845 case HCI_OP_SET_EVENT_MASK:
1846 hci_cc_set_event_mask(hdev, skb);
1847 break;
1848
1849 case HCI_OP_WRITE_INQUIRY_MODE:
1850 hci_cc_write_inquiry_mode(hdev, skb);
1851 break;
1852
1853 case HCI_OP_READ_INQ_RSP_TX_POWER:
1854 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1855 break;
1856
1857 case HCI_OP_SET_EVENT_FLT:
1858 hci_cc_set_event_flt(hdev, skb);
1859 break;
1860
1861 case HCI_OP_PIN_CODE_REPLY:
1862 hci_cc_pin_code_reply(hdev, skb);
1863 break;
1864
1865 case HCI_OP_PIN_CODE_NEG_REPLY:
1866 hci_cc_pin_code_neg_reply(hdev, skb);
1867 break;
1868
1869 case HCI_OP_READ_LOCAL_OOB_DATA:
1870 hci_cc_read_local_oob_data_reply(hdev, skb);
1871 break;
1872
1873 case HCI_OP_LE_READ_BUFFER_SIZE:
1874 hci_cc_le_read_buffer_size(hdev, skb);
1875 break;
1876
1877 case HCI_OP_USER_CONFIRM_REPLY:
1878 hci_cc_user_confirm_reply(hdev, skb);
1879 break;
1880
1881 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1882 hci_cc_user_confirm_neg_reply(hdev, skb);
1883 break;
1884
1885 case HCI_OP_LE_SET_SCAN_ENABLE:
1886 hci_cc_le_set_scan_enable(hdev, skb);
1887 break;
1888
1889 case HCI_OP_LE_LTK_REPLY:
1890 hci_cc_le_ltk_reply(hdev, skb);
1891 break;
1892
1893 case HCI_OP_LE_LTK_NEG_REPLY:
1894 hci_cc_le_ltk_neg_reply(hdev, skb);
1895 break;
1896
1897 default:
1898 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1899 break;
1900 }
1901
1902 if (ev->opcode != HCI_OP_NOP)
1903 del_timer(&hdev->cmd_timer);
1904
1905 if (ev->ncmd) {
1906 atomic_set(&hdev->cmd_cnt, 1);
1907 if (!skb_queue_empty(&hdev->cmd_q))
1908 tasklet_schedule(&hdev->cmd_task);
1909 }
1910 }
1911
1912 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1913 {
1914 struct hci_ev_cmd_status *ev = (void *) skb->data;
1915 __u16 opcode;
1916
1917 skb_pull(skb, sizeof(*ev));
1918
1919 opcode = __le16_to_cpu(ev->opcode);
1920
1921 switch (opcode) {
1922 case HCI_OP_INQUIRY:
1923 hci_cs_inquiry(hdev, ev->status);
1924 break;
1925
1926 case HCI_OP_CREATE_CONN:
1927 hci_cs_create_conn(hdev, ev->status);
1928 break;
1929
1930 case HCI_OP_ADD_SCO:
1931 hci_cs_add_sco(hdev, ev->status);
1932 break;
1933
1934 case HCI_OP_AUTH_REQUESTED:
1935 hci_cs_auth_requested(hdev, ev->status);
1936 break;
1937
1938 case HCI_OP_SET_CONN_ENCRYPT:
1939 hci_cs_set_conn_encrypt(hdev, ev->status);
1940 break;
1941
1942 case HCI_OP_REMOTE_NAME_REQ:
1943 hci_cs_remote_name_req(hdev, ev->status);
1944 break;
1945
1946 case HCI_OP_READ_REMOTE_FEATURES:
1947 hci_cs_read_remote_features(hdev, ev->status);
1948 break;
1949
1950 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1951 hci_cs_read_remote_ext_features(hdev, ev->status);
1952 break;
1953
1954 case HCI_OP_SETUP_SYNC_CONN:
1955 hci_cs_setup_sync_conn(hdev, ev->status);
1956 break;
1957
1958 case HCI_OP_SNIFF_MODE:
1959 hci_cs_sniff_mode(hdev, ev->status);
1960 break;
1961
1962 case HCI_OP_EXIT_SNIFF_MODE:
1963 hci_cs_exit_sniff_mode(hdev, ev->status);
1964 break;
1965
1966 case HCI_OP_DISCONNECT:
1967 if (ev->status != 0)
1968 mgmt_disconnect_failed(hdev->id);
1969 break;
1970
1971 case HCI_OP_LE_CREATE_CONN:
1972 hci_cs_le_create_conn(hdev, ev->status);
1973 break;
1974
1975 case HCI_OP_LE_START_ENC:
1976 hci_cs_le_start_enc(hdev, ev->status);
1977 break;
1978
1979 default:
1980 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1981 break;
1982 }
1983
1984 if (ev->opcode != HCI_OP_NOP)
1985 del_timer(&hdev->cmd_timer);
1986
1987 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1988 atomic_set(&hdev->cmd_cnt, 1);
1989 if (!skb_queue_empty(&hdev->cmd_q))
1990 tasklet_schedule(&hdev->cmd_task);
1991 }
1992 }
1993
1994 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1995 {
1996 struct hci_ev_role_change *ev = (void *) skb->data;
1997 struct hci_conn *conn;
1998
1999 BT_DBG("%s status %d", hdev->name, ev->status);
2000
2001 hci_dev_lock(hdev);
2002
2003 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2004 if (conn) {
2005 if (!ev->status) {
2006 if (ev->role)
2007 conn->link_mode &= ~HCI_LM_MASTER;
2008 else
2009 conn->link_mode |= HCI_LM_MASTER;
2010 }
2011
2012 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2013
2014 hci_role_switch_cfm(conn, ev->status, ev->role);
2015 }
2016
2017 hci_dev_unlock(hdev);
2018 }
2019
2020 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021 {
2022 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2023 __le16 *ptr;
2024 int i;
2025
2026 skb_pull(skb, sizeof(*ev));
2027
2028 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2029
2030 if (skb->len < ev->num_hndl * 4) {
2031 BT_DBG("%s bad parameters", hdev->name);
2032 return;
2033 }
2034
2035 tasklet_disable(&hdev->tx_task);
2036
2037 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2038 struct hci_conn *conn;
2039 __u16 handle, count;
2040
2041 handle = get_unaligned_le16(ptr++);
2042 count = get_unaligned_le16(ptr++);
2043
2044 conn = hci_conn_hash_lookup_handle(hdev, handle);
2045 if (conn) {
2046 conn->sent -= count;
2047
2048 if (conn->type == ACL_LINK) {
2049 hdev->acl_cnt += count;
2050 if (hdev->acl_cnt > hdev->acl_pkts)
2051 hdev->acl_cnt = hdev->acl_pkts;
2052 } else if (conn->type == LE_LINK) {
2053 if (hdev->le_pkts) {
2054 hdev->le_cnt += count;
2055 if (hdev->le_cnt > hdev->le_pkts)
2056 hdev->le_cnt = hdev->le_pkts;
2057 } else {
2058 hdev->acl_cnt += count;
2059 if (hdev->acl_cnt > hdev->acl_pkts)
2060 hdev->acl_cnt = hdev->acl_pkts;
2061 }
2062 } else {
2063 hdev->sco_cnt += count;
2064 if (hdev->sco_cnt > hdev->sco_pkts)
2065 hdev->sco_cnt = hdev->sco_pkts;
2066 }
2067 }
2068 }
2069
2070 tasklet_schedule(&hdev->tx_task);
2071
2072 tasklet_enable(&hdev->tx_task);
2073 }
2074
2075 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2076 {
2077 struct hci_ev_mode_change *ev = (void *) skb->data;
2078 struct hci_conn *conn;
2079
2080 BT_DBG("%s status %d", hdev->name, ev->status);
2081
2082 hci_dev_lock(hdev);
2083
2084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2085 if (conn) {
2086 conn->mode = ev->mode;
2087 conn->interval = __le16_to_cpu(ev->interval);
2088
2089 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2090 if (conn->mode == HCI_CM_ACTIVE)
2091 conn->power_save = 1;
2092 else
2093 conn->power_save = 0;
2094 }
2095
2096 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2097 hci_sco_setup(conn, ev->status);
2098 }
2099
2100 hci_dev_unlock(hdev);
2101 }
2102
2103 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2104 {
2105 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2106 struct hci_conn *conn;
2107
2108 BT_DBG("%s", hdev->name);
2109
2110 hci_dev_lock(hdev);
2111
2112 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2113 if (conn && conn->state == BT_CONNECTED) {
2114 hci_conn_hold(conn);
2115 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2116 hci_conn_put(conn);
2117 }
2118
2119 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2120 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2121 sizeof(ev->bdaddr), &ev->bdaddr);
2122 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2123 u8 secure;
2124
2125 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2126 secure = 1;
2127 else
2128 secure = 0;
2129
2130 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2131 }
2132
2133 hci_dev_unlock(hdev);
2134 }
2135
2136 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2137 {
2138 struct hci_ev_link_key_req *ev = (void *) skb->data;
2139 struct hci_cp_link_key_reply cp;
2140 struct hci_conn *conn;
2141 struct link_key *key;
2142
2143 BT_DBG("%s", hdev->name);
2144
2145 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2146 return;
2147
2148 hci_dev_lock(hdev);
2149
2150 key = hci_find_link_key(hdev, &ev->bdaddr);
2151 if (!key) {
2152 BT_DBG("%s link key not found for %s", hdev->name,
2153 batostr(&ev->bdaddr));
2154 goto not_found;
2155 }
2156
2157 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2158 batostr(&ev->bdaddr));
2159
2160 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2161 key->type == HCI_LK_DEBUG_COMBINATION) {
2162 BT_DBG("%s ignoring debug key", hdev->name);
2163 goto not_found;
2164 }
2165
2166 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2167 if (conn) {
2168 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2169 conn->auth_type != 0xff &&
2170 (conn->auth_type & 0x01)) {
2171 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2172 goto not_found;
2173 }
2174
2175 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2176 conn->pending_sec_level == BT_SECURITY_HIGH) {
2177 BT_DBG("%s ignoring key unauthenticated for high \
2178 security", hdev->name);
2179 goto not_found;
2180 }
2181
2182 conn->key_type = key->type;
2183 conn->pin_length = key->pin_len;
2184 }
2185
2186 bacpy(&cp.bdaddr, &ev->bdaddr);
2187 memcpy(cp.link_key, key->val, 16);
2188
2189 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2190
2191 hci_dev_unlock(hdev);
2192
2193 return;
2194
2195 not_found:
2196 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2197 hci_dev_unlock(hdev);
2198 }
2199
2200 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2201 {
2202 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2203 struct hci_conn *conn;
2204 u8 pin_len = 0;
2205
2206 BT_DBG("%s", hdev->name);
2207
2208 hci_dev_lock(hdev);
2209
2210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2211 if (conn) {
2212 hci_conn_hold(conn);
2213 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2214 pin_len = conn->pin_length;
2215
2216 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2217 conn->key_type = ev->key_type;
2218
2219 hci_conn_put(conn);
2220 }
2221
2222 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2223 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2224 ev->key_type, pin_len);
2225
2226 hci_dev_unlock(hdev);
2227 }
2228
2229 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2230 {
2231 struct hci_ev_clock_offset *ev = (void *) skb->data;
2232 struct hci_conn *conn;
2233
2234 BT_DBG("%s status %d", hdev->name, ev->status);
2235
2236 hci_dev_lock(hdev);
2237
2238 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2239 if (conn && !ev->status) {
2240 struct inquiry_entry *ie;
2241
2242 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2243 if (ie) {
2244 ie->data.clock_offset = ev->clock_offset;
2245 ie->timestamp = jiffies;
2246 }
2247 }
2248
2249 hci_dev_unlock(hdev);
2250 }
2251
2252 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2253 {
2254 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2255 struct hci_conn *conn;
2256
2257 BT_DBG("%s status %d", hdev->name, ev->status);
2258
2259 hci_dev_lock(hdev);
2260
2261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2262 if (conn && !ev->status)
2263 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2264
2265 hci_dev_unlock(hdev);
2266 }
2267
2268 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2269 {
2270 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2271 struct inquiry_entry *ie;
2272
2273 BT_DBG("%s", hdev->name);
2274
2275 hci_dev_lock(hdev);
2276
2277 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2278 if (ie) {
2279 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2280 ie->timestamp = jiffies;
2281 }
2282
2283 hci_dev_unlock(hdev);
2284 }
2285
2286 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2287 {
2288 struct inquiry_data data;
2289 int num_rsp = *((__u8 *) skb->data);
2290
2291 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2292
2293 if (!num_rsp)
2294 return;
2295
2296 hci_dev_lock(hdev);
2297
2298 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2299
2300 if (test_bit(HCI_MGMT, &hdev->flags))
2301 mgmt_discovering(hdev->id, 1);
2302 }
2303
2304 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2305 struct inquiry_info_with_rssi_and_pscan_mode *info;
2306 info = (void *) (skb->data + 1);
2307
2308 for (; num_rsp; num_rsp--, info++) {
2309 bacpy(&data.bdaddr, &info->bdaddr);
2310 data.pscan_rep_mode = info->pscan_rep_mode;
2311 data.pscan_period_mode = info->pscan_period_mode;
2312 data.pscan_mode = info->pscan_mode;
2313 memcpy(data.dev_class, info->dev_class, 3);
2314 data.clock_offset = info->clock_offset;
2315 data.rssi = info->rssi;
2316 data.ssp_mode = 0x00;
2317 hci_inquiry_cache_update(hdev, &data);
2318 mgmt_device_found(hdev->id, &info->bdaddr,
2319 info->dev_class, info->rssi,
2320 NULL);
2321 }
2322 } else {
2323 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2324
2325 for (; num_rsp; num_rsp--, info++) {
2326 bacpy(&data.bdaddr, &info->bdaddr);
2327 data.pscan_rep_mode = info->pscan_rep_mode;
2328 data.pscan_period_mode = info->pscan_period_mode;
2329 data.pscan_mode = 0x00;
2330 memcpy(data.dev_class, info->dev_class, 3);
2331 data.clock_offset = info->clock_offset;
2332 data.rssi = info->rssi;
2333 data.ssp_mode = 0x00;
2334 hci_inquiry_cache_update(hdev, &data);
2335 mgmt_device_found(hdev->id, &info->bdaddr,
2336 info->dev_class, info->rssi,
2337 NULL);
2338 }
2339 }
2340
2341 hci_dev_unlock(hdev);
2342 }
2343
2344 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2345 {
2346 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2347 struct hci_conn *conn;
2348
2349 BT_DBG("%s", hdev->name);
2350
2351 hci_dev_lock(hdev);
2352
2353 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2354 if (!conn)
2355 goto unlock;
2356
2357 if (!ev->status && ev->page == 0x01) {
2358 struct inquiry_entry *ie;
2359
2360 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2361 if (ie)
2362 ie->data.ssp_mode = (ev->features[0] & 0x01);
2363
2364 conn->ssp_mode = (ev->features[0] & 0x01);
2365 }
2366
2367 if (conn->state != BT_CONFIG)
2368 goto unlock;
2369
2370 if (!ev->status) {
2371 struct hci_cp_remote_name_req cp;
2372 memset(&cp, 0, sizeof(cp));
2373 bacpy(&cp.bdaddr, &conn->dst);
2374 cp.pscan_rep_mode = 0x02;
2375 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2376 }
2377
2378 if (!hci_outgoing_auth_needed(hdev, conn)) {
2379 conn->state = BT_CONNECTED;
2380 hci_proto_connect_cfm(conn, ev->status);
2381 hci_conn_put(conn);
2382 }
2383
2384 unlock:
2385 hci_dev_unlock(hdev);
2386 }
2387
2388 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2389 {
2390 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2391 struct hci_conn *conn;
2392
2393 BT_DBG("%s status %d", hdev->name, ev->status);
2394
2395 hci_dev_lock(hdev);
2396
2397 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2398 if (!conn) {
2399 if (ev->link_type == ESCO_LINK)
2400 goto unlock;
2401
2402 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2403 if (!conn)
2404 goto unlock;
2405
2406 conn->type = SCO_LINK;
2407 }
2408
2409 switch (ev->status) {
2410 case 0x00:
2411 conn->handle = __le16_to_cpu(ev->handle);
2412 conn->state = BT_CONNECTED;
2413
2414 hci_conn_hold_device(conn);
2415 hci_conn_add_sysfs(conn);
2416 break;
2417
2418 case 0x11: /* Unsupported Feature or Parameter Value */
2419 case 0x1c: /* SCO interval rejected */
2420 case 0x1a: /* Unsupported Remote Feature */
2421 case 0x1f: /* Unspecified error */
2422 if (conn->out && conn->attempt < 2) {
2423 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2424 (hdev->esco_type & EDR_ESCO_MASK);
2425 hci_setup_sync(conn, conn->link->handle);
2426 goto unlock;
2427 }
2428 /* fall through */
2429
2430 default:
2431 conn->state = BT_CLOSED;
2432 break;
2433 }
2434
2435 hci_proto_connect_cfm(conn, ev->status);
2436 if (ev->status)
2437 hci_conn_del(conn);
2438
2439 unlock:
2440 hci_dev_unlock(hdev);
2441 }
2442
2443 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2444 {
2445 BT_DBG("%s", hdev->name);
2446 }
2447
2448 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2449 {
2450 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2451
2452 BT_DBG("%s status %d", hdev->name, ev->status);
2453 }
2454
2455 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2456 {
2457 struct inquiry_data data;
2458 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2459 int num_rsp = *((__u8 *) skb->data);
2460
2461 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2462
2463 if (!num_rsp)
2464 return;
2465
2466 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2467
2468 if (test_bit(HCI_MGMT, &hdev->flags))
2469 mgmt_discovering(hdev->id, 1);
2470 }
2471
2472 hci_dev_lock(hdev);
2473
2474 for (; num_rsp; num_rsp--, info++) {
2475 bacpy(&data.bdaddr, &info->bdaddr);
2476 data.pscan_rep_mode = info->pscan_rep_mode;
2477 data.pscan_period_mode = info->pscan_period_mode;
2478 data.pscan_mode = 0x00;
2479 memcpy(data.dev_class, info->dev_class, 3);
2480 data.clock_offset = info->clock_offset;
2481 data.rssi = info->rssi;
2482 data.ssp_mode = 0x01;
2483 hci_inquiry_cache_update(hdev, &data);
2484 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2485 info->rssi, info->data);
2486 }
2487
2488 hci_dev_unlock(hdev);
2489 }
2490
2491 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2492 {
2493 /* If remote requests dedicated bonding follow that lead */
2494 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2495 /* If both remote and local IO capabilities allow MITM
2496 * protection then require it, otherwise don't */
2497 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2498 return 0x02;
2499 else
2500 return 0x03;
2501 }
2502
2503 /* If remote requests no-bonding follow that lead */
2504 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2505 return conn->remote_auth | (conn->auth_type & 0x01);
2506
2507 return conn->auth_type;
2508 }
2509
2510 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2511 {
2512 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2513 struct hci_conn *conn;
2514
2515 BT_DBG("%s", hdev->name);
2516
2517 hci_dev_lock(hdev);
2518
2519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2520 if (!conn)
2521 goto unlock;
2522
2523 hci_conn_hold(conn);
2524
2525 if (!test_bit(HCI_MGMT, &hdev->flags))
2526 goto unlock;
2527
2528 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2529 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2530 struct hci_cp_io_capability_reply cp;
2531
2532 bacpy(&cp.bdaddr, &ev->bdaddr);
2533 cp.capability = conn->io_capability;
2534 conn->auth_type = hci_get_auth_req(conn);
2535 cp.authentication = conn->auth_type;
2536
2537 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2538 hci_find_remote_oob_data(hdev, &conn->dst))
2539 cp.oob_data = 0x01;
2540 else
2541 cp.oob_data = 0x00;
2542
2543 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2544 sizeof(cp), &cp);
2545 } else {
2546 struct hci_cp_io_capability_neg_reply cp;
2547
2548 bacpy(&cp.bdaddr, &ev->bdaddr);
2549 cp.reason = 0x18; /* Pairing not allowed */
2550
2551 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2552 sizeof(cp), &cp);
2553 }
2554
2555 unlock:
2556 hci_dev_unlock(hdev);
2557 }
2558
2559 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2560 {
2561 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2562 struct hci_conn *conn;
2563
2564 BT_DBG("%s", hdev->name);
2565
2566 hci_dev_lock(hdev);
2567
2568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2569 if (!conn)
2570 goto unlock;
2571
2572 conn->remote_cap = ev->capability;
2573 conn->remote_oob = ev->oob_data;
2574 conn->remote_auth = ev->authentication;
2575
2576 unlock:
2577 hci_dev_unlock(hdev);
2578 }
2579
2580 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2581 struct sk_buff *skb)
2582 {
2583 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2584 int loc_mitm, rem_mitm, confirm_hint = 0;
2585 struct hci_conn *conn;
2586
2587 BT_DBG("%s", hdev->name);
2588
2589 hci_dev_lock(hdev);
2590
2591 if (!test_bit(HCI_MGMT, &hdev->flags))
2592 goto unlock;
2593
2594 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2595 if (!conn)
2596 goto unlock;
2597
2598 loc_mitm = (conn->auth_type & 0x01);
2599 rem_mitm = (conn->remote_auth & 0x01);
2600
2601 /* If we require MITM but the remote device can't provide that
2602 * (it has NoInputNoOutput) then reject the confirmation
2603 * request. The only exception is when we're dedicated bonding
2604 * initiators (connect_cfm_cb set) since then we always have the MITM
2605 * bit set. */
2606 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2607 BT_DBG("Rejecting request: remote device can't provide MITM");
2608 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2609 sizeof(ev->bdaddr), &ev->bdaddr);
2610 goto unlock;
2611 }
2612
2613 /* If no side requires MITM protection; auto-accept */
2614 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2615 (!rem_mitm || conn->io_capability == 0x03)) {
2616
2617 /* If we're not the initiators request authorization to
2618 * proceed from user space (mgmt_user_confirm with
2619 * confirm_hint set to 1). */
2620 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2621 BT_DBG("Confirming auto-accept as acceptor");
2622 confirm_hint = 1;
2623 goto confirm;
2624 }
2625
2626 BT_DBG("Auto-accept of user confirmation with %ums delay",
2627 hdev->auto_accept_delay);
2628
2629 if (hdev->auto_accept_delay > 0) {
2630 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2631 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2632 goto unlock;
2633 }
2634
2635 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2636 sizeof(ev->bdaddr), &ev->bdaddr);
2637 goto unlock;
2638 }
2639
2640 confirm:
2641 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2642 confirm_hint);
2643
2644 unlock:
2645 hci_dev_unlock(hdev);
2646 }
2647
2648 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2649 {
2650 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2651 struct hci_conn *conn;
2652
2653 BT_DBG("%s", hdev->name);
2654
2655 hci_dev_lock(hdev);
2656
2657 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2658 if (!conn)
2659 goto unlock;
2660
2661 /* To avoid duplicate auth_failed events to user space we check
2662 * the HCI_CONN_AUTH_PEND flag which will be set if we
2663 * initiated the authentication. A traditional auth_complete
2664 * event gets always produced as initiator and is also mapped to
2665 * the mgmt_auth_failed event */
2666 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2667 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2668
2669 hci_conn_put(conn);
2670
2671 unlock:
2672 hci_dev_unlock(hdev);
2673 }
2674
2675 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2676 {
2677 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2678 struct inquiry_entry *ie;
2679
2680 BT_DBG("%s", hdev->name);
2681
2682 hci_dev_lock(hdev);
2683
2684 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2685 if (ie)
2686 ie->data.ssp_mode = (ev->features[0] & 0x01);
2687
2688 hci_dev_unlock(hdev);
2689 }
2690
2691 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2692 struct sk_buff *skb)
2693 {
2694 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2695 struct oob_data *data;
2696
2697 BT_DBG("%s", hdev->name);
2698
2699 hci_dev_lock(hdev);
2700
2701 if (!test_bit(HCI_MGMT, &hdev->flags))
2702 goto unlock;
2703
2704 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2705 if (data) {
2706 struct hci_cp_remote_oob_data_reply cp;
2707
2708 bacpy(&cp.bdaddr, &ev->bdaddr);
2709 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2710 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2711
2712 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2713 &cp);
2714 } else {
2715 struct hci_cp_remote_oob_data_neg_reply cp;
2716
2717 bacpy(&cp.bdaddr, &ev->bdaddr);
2718 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2719 &cp);
2720 }
2721
2722 unlock:
2723 hci_dev_unlock(hdev);
2724 }
2725
2726 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2727 {
2728 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2729 struct hci_conn *conn;
2730
2731 BT_DBG("%s status %d", hdev->name, ev->status);
2732
2733 hci_dev_lock(hdev);
2734
2735 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2736 if (!conn) {
2737 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2738 if (!conn) {
2739 BT_ERR("No memory for new connection");
2740 hci_dev_unlock(hdev);
2741 return;
2742 }
2743
2744 conn->dst_type = ev->bdaddr_type;
2745 }
2746
2747 if (ev->status) {
2748 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2749 hci_proto_connect_cfm(conn, ev->status);
2750 conn->state = BT_CLOSED;
2751 hci_conn_del(conn);
2752 goto unlock;
2753 }
2754
2755 mgmt_connected(hdev->id, &ev->bdaddr);
2756
2757 conn->sec_level = BT_SECURITY_LOW;
2758 conn->handle = __le16_to_cpu(ev->handle);
2759 conn->state = BT_CONNECTED;
2760
2761 hci_conn_hold_device(conn);
2762 hci_conn_add_sysfs(conn);
2763
2764 hci_proto_connect_cfm(conn, ev->status);
2765
2766 unlock:
2767 hci_dev_unlock(hdev);
2768 }
2769
2770 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2771 struct sk_buff *skb)
2772 {
2773 struct hci_ev_le_advertising_info *ev;
2774 u8 num_reports;
2775
2776 num_reports = skb->data[0];
2777 ev = (void *) &skb->data[1];
2778
2779 hci_dev_lock(hdev);
2780
2781 hci_add_adv_entry(hdev, ev);
2782
2783 while (--num_reports) {
2784 ev = (void *) (ev->data + ev->length + 1);
2785 hci_add_adv_entry(hdev, ev);
2786 }
2787
2788 hci_dev_unlock(hdev);
2789 }
2790
2791 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2792 struct sk_buff *skb)
2793 {
2794 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2795 struct hci_cp_le_ltk_reply cp;
2796 struct hci_conn *conn;
2797
2798 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2799
2800 hci_dev_lock(hdev);
2801
2802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2803
2804 memset(&cp, 0, sizeof(cp));
2805 cp.handle = cpu_to_le16(conn->handle);
2806 memcpy(cp.ltk, conn->ltk, sizeof(conn->ltk));
2807
2808 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2809
2810 hci_dev_unlock(hdev);
2811 }
2812
2813 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2814 {
2815 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2816
2817 skb_pull(skb, sizeof(*le_ev));
2818
2819 switch (le_ev->subevent) {
2820 case HCI_EV_LE_CONN_COMPLETE:
2821 hci_le_conn_complete_evt(hdev, skb);
2822 break;
2823
2824 case HCI_EV_LE_ADVERTISING_REPORT:
2825 hci_le_adv_report_evt(hdev, skb);
2826 break;
2827
2828 case HCI_EV_LE_LTK_REQ:
2829 hci_le_ltk_request_evt(hdev, skb);
2830 break;
2831
2832 default:
2833 break;
2834 }
2835 }
2836
2837 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2838 {
2839 struct hci_event_hdr *hdr = (void *) skb->data;
2840 __u8 event = hdr->evt;
2841
2842 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2843
2844 switch (event) {
2845 case HCI_EV_INQUIRY_COMPLETE:
2846 hci_inquiry_complete_evt(hdev, skb);
2847 break;
2848
2849 case HCI_EV_INQUIRY_RESULT:
2850 hci_inquiry_result_evt(hdev, skb);
2851 break;
2852
2853 case HCI_EV_CONN_COMPLETE:
2854 hci_conn_complete_evt(hdev, skb);
2855 break;
2856
2857 case HCI_EV_CONN_REQUEST:
2858 hci_conn_request_evt(hdev, skb);
2859 break;
2860
2861 case HCI_EV_DISCONN_COMPLETE:
2862 hci_disconn_complete_evt(hdev, skb);
2863 break;
2864
2865 case HCI_EV_AUTH_COMPLETE:
2866 hci_auth_complete_evt(hdev, skb);
2867 break;
2868
2869 case HCI_EV_REMOTE_NAME:
2870 hci_remote_name_evt(hdev, skb);
2871 break;
2872
2873 case HCI_EV_ENCRYPT_CHANGE:
2874 hci_encrypt_change_evt(hdev, skb);
2875 break;
2876
2877 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2878 hci_change_link_key_complete_evt(hdev, skb);
2879 break;
2880
2881 case HCI_EV_REMOTE_FEATURES:
2882 hci_remote_features_evt(hdev, skb);
2883 break;
2884
2885 case HCI_EV_REMOTE_VERSION:
2886 hci_remote_version_evt(hdev, skb);
2887 break;
2888
2889 case HCI_EV_QOS_SETUP_COMPLETE:
2890 hci_qos_setup_complete_evt(hdev, skb);
2891 break;
2892
2893 case HCI_EV_CMD_COMPLETE:
2894 hci_cmd_complete_evt(hdev, skb);
2895 break;
2896
2897 case HCI_EV_CMD_STATUS:
2898 hci_cmd_status_evt(hdev, skb);
2899 break;
2900
2901 case HCI_EV_ROLE_CHANGE:
2902 hci_role_change_evt(hdev, skb);
2903 break;
2904
2905 case HCI_EV_NUM_COMP_PKTS:
2906 hci_num_comp_pkts_evt(hdev, skb);
2907 break;
2908
2909 case HCI_EV_MODE_CHANGE:
2910 hci_mode_change_evt(hdev, skb);
2911 break;
2912
2913 case HCI_EV_PIN_CODE_REQ:
2914 hci_pin_code_request_evt(hdev, skb);
2915 break;
2916
2917 case HCI_EV_LINK_KEY_REQ:
2918 hci_link_key_request_evt(hdev, skb);
2919 break;
2920
2921 case HCI_EV_LINK_KEY_NOTIFY:
2922 hci_link_key_notify_evt(hdev, skb);
2923 break;
2924
2925 case HCI_EV_CLOCK_OFFSET:
2926 hci_clock_offset_evt(hdev, skb);
2927 break;
2928
2929 case HCI_EV_PKT_TYPE_CHANGE:
2930 hci_pkt_type_change_evt(hdev, skb);
2931 break;
2932
2933 case HCI_EV_PSCAN_REP_MODE:
2934 hci_pscan_rep_mode_evt(hdev, skb);
2935 break;
2936
2937 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2938 hci_inquiry_result_with_rssi_evt(hdev, skb);
2939 break;
2940
2941 case HCI_EV_REMOTE_EXT_FEATURES:
2942 hci_remote_ext_features_evt(hdev, skb);
2943 break;
2944
2945 case HCI_EV_SYNC_CONN_COMPLETE:
2946 hci_sync_conn_complete_evt(hdev, skb);
2947 break;
2948
2949 case HCI_EV_SYNC_CONN_CHANGED:
2950 hci_sync_conn_changed_evt(hdev, skb);
2951 break;
2952
2953 case HCI_EV_SNIFF_SUBRATE:
2954 hci_sniff_subrate_evt(hdev, skb);
2955 break;
2956
2957 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2958 hci_extended_inquiry_result_evt(hdev, skb);
2959 break;
2960
2961 case HCI_EV_IO_CAPA_REQUEST:
2962 hci_io_capa_request_evt(hdev, skb);
2963 break;
2964
2965 case HCI_EV_IO_CAPA_REPLY:
2966 hci_io_capa_reply_evt(hdev, skb);
2967 break;
2968
2969 case HCI_EV_USER_CONFIRM_REQUEST:
2970 hci_user_confirm_request_evt(hdev, skb);
2971 break;
2972
2973 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2974 hci_simple_pair_complete_evt(hdev, skb);
2975 break;
2976
2977 case HCI_EV_REMOTE_HOST_FEATURES:
2978 hci_remote_host_features_evt(hdev, skb);
2979 break;
2980
2981 case HCI_EV_LE_META:
2982 hci_le_meta_evt(hdev, skb);
2983 break;
2984
2985 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2986 hci_remote_oob_data_request_evt(hdev, skb);
2987 break;
2988
2989 default:
2990 BT_DBG("%s event 0x%x", hdev->name, event);
2991 break;
2992 }
2993
2994 kfree_skb(skb);
2995 hdev->stat.evt_rx++;
2996 }
2997
2998 /* Generate internal stack event */
2999 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3000 {
3001 struct hci_event_hdr *hdr;
3002 struct hci_ev_stack_internal *ev;
3003 struct sk_buff *skb;
3004
3005 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3006 if (!skb)
3007 return;
3008
3009 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3010 hdr->evt = HCI_EV_STACK_INTERNAL;
3011 hdr->plen = sizeof(*ev) + dlen;
3012
3013 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3014 ev->type = type;
3015 memcpy(ev->data, data, dlen);
3016
3017 bt_cb(skb)->incoming = 1;
3018 __net_timestamp(skb);
3019
3020 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3021 skb->dev = (void *) hdev;
3022 hci_send_to_sock(hdev, skb, NULL);
3023 kfree_skb(skb);
3024 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree