projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: timer check sk is not owned before freeing
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
1da177e4
LT		 48/* Handle HCI Event packets */
49
a9de9248 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 51{
a9de9248 52 __u8 status = *((__u8 *) skb->data);
1da177e4 53
a9de9248 54 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 55
a9de9248
MH		 56 if (status)
57 return;
1da177e4 58
a9de9248 59 clear_bit(HCI_INQUIRY, &hdev->flags);
6bd57416 60
a9de9248
MH		 61 hci_req_complete(hdev, status);
62
63 hci_conn_check_pending(hdev);
64}
6bd57416 65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
a9de9248 70 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
a9de9248
MH		 75 clear_bit(HCI_INQUIRY, &hdev->flags);
76
77 hci_conn_check_pending(hdev);
78}
79
80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
81{
82 BT_DBG("%s", hdev->name);
83}
84
85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
89
90 BT_DBG("%s status 0x%x", hdev->name, rp->status);
91
92 if (rp->status)
93 return;
94
95 hci_dev_lock(hdev);
96
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98 if (conn) {
99 if (rp->role)
100 conn->link_mode &= ~HCI_LM_MASTER;
101 else
102 conn->link_mode |= HCI_LM_MASTER;
1da177e4 103 }
a9de9248
MH		 104
105 hci_dev_unlock(hdev);
1da177e4
LT		 106}
107
e4e8e37c
MH		 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109{
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
112
113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
114
115 if (rp->status)
116 return;
117
118 hci_dev_lock(hdev);
119
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121 if (conn)
122 conn->link_policy = __le16_to_cpu(rp->policy);
123
124 hci_dev_unlock(hdev);
125}
126
a9de9248 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 128{
a9de9248 129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 130 struct hci_conn *conn;
04837f64 131 void *sent;
1da177e4 132
a9de9248 133 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 134
a9de9248
MH		 135 if (rp->status)
136 return;
1da177e4 137
a9de9248
MH		 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139 if (!sent)
140 return;
1da177e4 141
a9de9248 142 hci_dev_lock(hdev);
1da177e4 143
a9de9248 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 145 if (conn)
83985319 146 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 147
a9de9248
MH		 148 hci_dev_unlock(hdev);
149}
1da177e4 150
e4e8e37c
MH		 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
152{
153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
154
155 BT_DBG("%s status 0x%x", hdev->name, rp->status);
156
157 if (rp->status)
158 return;
159
160 hdev->link_policy = __le16_to_cpu(rp->policy);
161}
162
163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
164{
165 __u8 status = *((__u8 *) skb->data);
166 void *sent;
167
168 BT_DBG("%s status 0x%x", hdev->name, status);
169
170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
171 if (!sent)
172 return;
173
174 if (!status)
175 hdev->link_policy = get_unaligned_le16(sent);
176
177 hci_req_complete(hdev, status);
178}
179
a9de9248
MH		 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181{
182 __u8 status = *((__u8 *) skb->data);
04837f64 183
a9de9248 184 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 185
a9de9248
MH		 186 hci_req_complete(hdev, status);
187}
04837f64 188
a9de9248
MH		 189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
190{
191 __u8 status = *((__u8 *) skb->data);
192 void *sent;
04837f64 193
a9de9248 194 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 195
f383f275
MH		 196 if (status)
197 return;
198
a9de9248
MH		 199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200 if (!sent)
201 return;
04837f64 202
f383f275 203 memcpy(hdev->dev_name, sent, 248);
a9de9248
MH		 204}
205
206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207{
208 struct hci_rp_read_local_name *rp = (void *) skb->data;
209
210 BT_DBG("%s status 0x%x", hdev->name, rp->status);
211
212 if (rp->status)
213 return;
214
215 memcpy(hdev->dev_name, rp->name, 248);
216}
217
218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
219{
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
222
223 BT_DBG("%s status 0x%x", hdev->name, status);
224
225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
226 if (!sent)
227 return;
228
229 if (!status) {
230 __u8 param = *((__u8 *) sent);
231
232 if (param == AUTH_ENABLED)
233 set_bit(HCI_AUTH, &hdev->flags);
234 else
235 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 236 }
a9de9248
MH		 237
238 hci_req_complete(hdev, status);
1da177e4
LT		 239}
240
a9de9248 241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 242{
a9de9248 243 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 244 void *sent;
245
a9de9248 246 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 247
a9de9248
MH		 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
249 if (!sent)
250 return;
1da177e4 251
a9de9248
MH		 252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param)
256 set_bit(HCI_ENCRYPT, &hdev->flags);
257 else
258 clear_bit(HCI_ENCRYPT, &hdev->flags);
259 }
1da177e4 260
a9de9248
MH		 261 hci_req_complete(hdev, status);
262}
1da177e4 263
a9de9248
MH		 264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
265{
266 __u8 status = *((__u8 *) skb->data);
267 void *sent;
1da177e4 268
a9de9248 269 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 270
a9de9248
MH		 271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
272 if (!sent)
273 return;
1da177e4 274
a9de9248
MH		 275 if (!status) {
276 __u8 param = *((__u8 *) sent);
1da177e4 277
a9de9248
MH		 278 clear_bit(HCI_PSCAN, &hdev->flags);
279 clear_bit(HCI_ISCAN, &hdev->flags);
1da177e4 280
a9de9248
MH		 281 if (param & SCAN_INQUIRY)
282 set_bit(HCI_ISCAN, &hdev->flags);
1da177e4 283
a9de9248
MH		 284 if (param & SCAN_PAGE)
285 set_bit(HCI_PSCAN, &hdev->flags);
286 }
1da177e4 287
a9de9248
MH		 288 hci_req_complete(hdev, status);
289}
1da177e4 290
a9de9248
MH		 291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
292{
293 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 294
a9de9248 295 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 296
a9de9248
MH		 297 if (rp->status)
298 return;
1da177e4 299
a9de9248 300 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 301
a9de9248
MH		 302 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
303 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
304}
1da177e4 305
a9de9248
MH		 306static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
307{
308 __u8 status = *((__u8 *) skb->data);
309 void *sent;
1da177e4 310
a9de9248 311 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 312
f383f275
MH		 313 if (status)
314 return;
315
a9de9248
MH		 316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
317 if (!sent)
318 return;
1da177e4 319
f383f275 320 memcpy(hdev->dev_class, sent, 3);
a9de9248 321}
1da177e4 322
a9de9248
MH		 323static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
324{
325 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
326 __u16 setting;
327
328 BT_DBG("%s status 0x%x", hdev->name, rp->status);
329
330 if (rp->status)
331 return;
332
333 setting = __le16_to_cpu(rp->voice_setting);
334
f383f275 335 if (hdev->voice_setting == setting)
a9de9248
MH		 336 return;
337
338 hdev->voice_setting = setting;
339
340 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
341
342 if (hdev->notify) {
343 tasklet_disable(&hdev->tx_task);
344 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
345 tasklet_enable(&hdev->tx_task);
346 }
347}
348
349static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
f383f275 352 __u16 setting;
a9de9248
MH		 353 void *sent;
354
355 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 356
f383f275
MH		 357 if (status)
358 return;
359
a9de9248
MH		 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
361 if (!sent)
362 return;
1da177e4 363
f383f275 364 setting = get_unaligned_le16(sent);
1da177e4 365
f383f275
MH		 366 if (hdev->voice_setting == setting)
367 return;
368
369 hdev->voice_setting = setting;
1da177e4 370
f383f275 371 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 372
f383f275
MH		 373 if (hdev->notify) {
374 tasklet_disable(&hdev->tx_task);
375 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
376 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 377 }
378}
379
a9de9248 380static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 381{
a9de9248 382 __u8 status = *((__u8 *) skb->data);
1da177e4 383
a9de9248 384 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 385
a9de9248
MH		 386 hci_req_complete(hdev, status);
387}
1143e5a6 388
333140b5
MH		 389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
390{
391 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
392
393 BT_DBG("%s status 0x%x", hdev->name, rp->status);
394
395 if (rp->status)
396 return;
397
398 hdev->ssp_mode = rp->mode;
399}
400
401static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
402{
403 __u8 status = *((__u8 *) skb->data);
404 void *sent;
405
406 BT_DBG("%s status 0x%x", hdev->name, status);
407
408 if (status)
409 return;
410
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
412 if (!sent)
413 return;
414
415 hdev->ssp_mode = *((__u8 *) sent);
416}
417
a9de9248
MH		 418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
419{
420 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 421
a9de9248 422 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 423
a9de9248
MH		 424 if (rp->status)
425 return;
1143e5a6 426
a9de9248 427 hdev->hci_ver = rp->hci_ver;
e4e8e37c
MH		 428 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
429 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
1143e5a6 430
a9de9248
MH		 431 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
432 hdev->manufacturer,
433 hdev->hci_ver, hdev->hci_rev);
434}
1da177e4 435
a9de9248
MH		 436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
437{
438 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 439
a9de9248 440 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 441
a9de9248
MH		 442 if (rp->status)
443 return;
1da177e4 444
a9de9248
MH		 445 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
446}
1da177e4 447
a9de9248
MH		 448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
449{
450 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 451
a9de9248 452 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 453
a9de9248
MH		 454 if (rp->status)
455 return;
5b7f9909 456
a9de9248 457 memcpy(hdev->features, rp->features, 8);
5b7f9909 458
a9de9248
MH		 459 /* Adjust default settings according to features
460 * supported by device. */
1da177e4 461
a9de9248
MH		 462 if (hdev->features[0] & LMP_3SLOT)
463 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 464
a9de9248
MH		 465 if (hdev->features[0] & LMP_5SLOT)
466 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 467
a9de9248
MH		 468 if (hdev->features[1] & LMP_HV2) {
469 hdev->pkt_type |= (HCI_HV2);
470 hdev->esco_type |= (ESCO_HV2);
471 }
1da177e4 472
a9de9248
MH		 473 if (hdev->features[1] & LMP_HV3) {
474 hdev->pkt_type |= (HCI_HV3);
475 hdev->esco_type |= (ESCO_HV3);
476 }
1da177e4 477
a9de9248
MH		 478 if (hdev->features[3] & LMP_ESCO)
479 hdev->esco_type |= (ESCO_EV3);
da1f5198 480
a9de9248
MH		 481 if (hdev->features[4] & LMP_EV4)
482 hdev->esco_type |= (ESCO_EV4);
da1f5198 483
a9de9248
MH		 484 if (hdev->features[4] & LMP_EV5)
485 hdev->esco_type |= (ESCO_EV5);
1da177e4 486
efc7688b
MH		 487 if (hdev->features[5] & LMP_EDR_ESCO_2M)
488 hdev->esco_type |= (ESCO_2EV3);
489
490 if (hdev->features[5] & LMP_EDR_ESCO_3M)
491 hdev->esco_type |= (ESCO_3EV3);
492
493 if (hdev->features[5] & LMP_EDR_3S_ESCO)
494 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
495
a9de9248
MH		 496 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
497 hdev->features[0], hdev->features[1],
498 hdev->features[2], hdev->features[3],
499 hdev->features[4], hdev->features[5],
500 hdev->features[6], hdev->features[7]);
501}
1da177e4 502
a9de9248
MH		 503static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
504{
505 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 506
a9de9248 507 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 508
a9de9248
MH		 509 if (rp->status)
510 return;
1da177e4 511
a9de9248
MH		 512 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
513 hdev->sco_mtu = rp->sco_mtu;
514 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
515 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
516
517 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
518 hdev->sco_mtu = 64;
519 hdev->sco_pkts = 8;
1da177e4 520 }
a9de9248
MH		 521
522 hdev->acl_cnt = hdev->acl_pkts;
523 hdev->sco_cnt = hdev->sco_pkts;
524
525 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
526 hdev->acl_mtu, hdev->acl_pkts,
527 hdev->sco_mtu, hdev->sco_pkts);
528}
529
530static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
531{
532 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
533
534 BT_DBG("%s status 0x%x", hdev->name, rp->status);
535
536 if (!rp->status)
537 bacpy(&hdev->bdaddr, &rp->bdaddr);
538
539 hci_req_complete(hdev, rp->status);
540}
541
542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
543{
544 BT_DBG("%s status 0x%x", hdev->name, status);
545
546 if (status) {
547 hci_req_complete(hdev, status);
548
549 hci_conn_check_pending(hdev);
550 } else
551 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 552}
553
1da177e4
LT		 554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
555{
a9de9248 556 struct hci_cp_create_conn *cp;
1da177e4 557 struct hci_conn *conn;
1da177e4 558
a9de9248
MH		 559 BT_DBG("%s status 0x%x", hdev->name, status);
560
561 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 562 if (!cp)
563 return;
564
565 hci_dev_lock(hdev);
566
567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
568
a9de9248 569 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 570
571 if (status) {
572 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 573 if (status != 0x0c || conn->attempt > 2) {
574 conn->state = BT_CLOSED;
575 hci_proto_connect_cfm(conn, status);
576 hci_conn_del(conn);
577 } else
578 conn->state = BT_CONNECT2;
1da177e4
LT		 579 }
580 } else {
581 if (!conn) {
582 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
583 if (conn) {
584 conn->out = 1;
585 conn->link_mode |= HCI_LM_MASTER;
586 } else
893ef971 587 BT_ERR("No memory for new connection");
1da177e4
LT		 588 }
589 }
590
591 hci_dev_unlock(hdev);
592}
593
a9de9248 594static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 595{
a9de9248
MH		 596 struct hci_cp_add_sco *cp;
597 struct hci_conn *acl, *sco;
598 __u16 handle;
1da177e4 599
b6a0dc82
MH		 600 BT_DBG("%s status 0x%x", hdev->name, status);
601
a9de9248
MH		 602 if (!status)
603 return;
1da177e4 604
a9de9248
MH		 605 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
606 if (!cp)
607 return;
1da177e4 608
a9de9248 609 handle = __le16_to_cpu(cp->handle);
1da177e4 610
a9de9248 611 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 612
a9de9248 613 hci_dev_lock(hdev);
1da177e4 614
a9de9248
MH		 615 acl = hci_conn_hash_lookup_handle(hdev, handle);
616 if (acl && (sco = acl->link)) {
617 sco->state = BT_CLOSED;
1da177e4 618
a9de9248
MH		 619 hci_proto_connect_cfm(sco, status);
620 hci_conn_del(sco);
621 }
1da177e4 622
a9de9248
MH		 623 hci_dev_unlock(hdev);
624}
1da177e4 625
f8558555
MH		 626static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
627{
628 struct hci_cp_auth_requested *cp;
629 struct hci_conn *conn;
630
631 BT_DBG("%s status 0x%x", hdev->name, status);
632
633 if (!status)
634 return;
635
636 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
637 if (!cp)
638 return;
639
640 hci_dev_lock(hdev);
641
642 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
643 if (conn) {
644 if (conn->state == BT_CONFIG) {
645 hci_proto_connect_cfm(conn, status);
646 hci_conn_put(conn);
647 }
648 }
649
650 hci_dev_unlock(hdev);
651}
652
653static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
654{
655 struct hci_cp_set_conn_encrypt *cp;
656 struct hci_conn *conn;
657
658 BT_DBG("%s status 0x%x", hdev->name, status);
659
660 if (!status)
661 return;
662
663 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
664 if (!cp)
665 return;
666
667 hci_dev_lock(hdev);
668
669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
670 if (conn) {
671 if (conn->state == BT_CONFIG) {
672 hci_proto_connect_cfm(conn, status);
673 hci_conn_put(conn);
674 }
675 }
676
677 hci_dev_unlock(hdev);
678}
679
127178d2 680static int hci_outgoing_auth_needed(struct hci_dev *hdev,
392599b9
JH		 681 struct hci_conn *conn)
682{
392599b9
JH		 683 if (conn->state != BT_CONFIG || !conn->out)
684 return 0;
685
686 if (conn->sec_level == BT_SECURITY_SDP)
687 return 0;
688
689 /* Only request authentication for SSP connections or non-SSP
690 * devices with sec_level HIGH */
691 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
692 conn->sec_level != BT_SECURITY_HIGH)
693 return 0;
694
392599b9
JH		 695 return 1;
696}
697
a9de9248
MH		 698static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
699{
127178d2
JH		 700 struct hci_cp_remote_name_req *cp;
701 struct hci_conn *conn;
702
a9de9248 703 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 704
705 /* If successful wait for the name req complete event before
706 * checking for the need to do authentication */
707 if (!status)
708 return;
709
710 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
711 if (!cp)
712 return;
713
714 hci_dev_lock(hdev);
715
716 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
717 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
718 struct hci_cp_auth_requested cp;
719 cp.handle = __cpu_to_le16(conn->handle);
720 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
721 }
722
723 hci_dev_unlock(hdev);
a9de9248 724}
1da177e4 725
769be974
MH		 726static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
727{
728 struct hci_cp_read_remote_features *cp;
729 struct hci_conn *conn;
730
731 BT_DBG("%s status 0x%x", hdev->name, status);
732
733 if (!status)
734 return;
735
736 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
737 if (!cp)
738 return;
739
740 hci_dev_lock(hdev);
741
742 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
743 if (conn) {
744 if (conn->state == BT_CONFIG) {
769be974
MH		 745 hci_proto_connect_cfm(conn, status);
746 hci_conn_put(conn);
747 }
748 }
749
750 hci_dev_unlock(hdev);
751}
752
753static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
754{
755 struct hci_cp_read_remote_ext_features *cp;
756 struct hci_conn *conn;
757
758 BT_DBG("%s status 0x%x", hdev->name, status);
759
760 if (!status)
761 return;
762
763 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
764 if (!cp)
765 return;
766
767 hci_dev_lock(hdev);
768
769 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
770 if (conn) {
771 if (conn->state == BT_CONFIG) {
769be974
MH		 772 hci_proto_connect_cfm(conn, status);
773 hci_conn_put(conn);
774 }
775 }
776
777 hci_dev_unlock(hdev);
778}
779
a9de9248
MH		 780static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
781{
b6a0dc82
MH		 782 struct hci_cp_setup_sync_conn *cp;
783 struct hci_conn *acl, *sco;
784 __u16 handle;
785
a9de9248 786 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 787
788 if (!status)
789 return;
790
791 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
792 if (!cp)
793 return;
794
795 handle = __le16_to_cpu(cp->handle);
796
797 BT_DBG("%s handle %d", hdev->name, handle);
798
799 hci_dev_lock(hdev);
800
801 acl = hci_conn_hash_lookup_handle(hdev, handle);
802 if (acl && (sco = acl->link)) {
803 sco->state = BT_CLOSED;
804
805 hci_proto_connect_cfm(sco, status);
806 hci_conn_del(sco);
807 }
808
809 hci_dev_unlock(hdev);
1da177e4
LT		 810}
811
a9de9248 812static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 813{
a9de9248
MH		 814 struct hci_cp_sniff_mode *cp;
815 struct hci_conn *conn;
1da177e4 816
a9de9248 817 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 818
a9de9248
MH		 819 if (!status)
820 return;
04837f64 821
a9de9248
MH		 822 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
823 if (!cp)
824 return;
04837f64 825
a9de9248 826 hci_dev_lock(hdev);
04837f64 827
a9de9248 828 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 829 if (conn) {
a9de9248 830 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 831
e73439d8
MH		 832 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
833 hci_sco_setup(conn, status);
834 }
835
a9de9248
MH		 836 hci_dev_unlock(hdev);
837}
04837f64 838
a9de9248
MH		 839static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
840{
841 struct hci_cp_exit_sniff_mode *cp;
842 struct hci_conn *conn;
04837f64 843
a9de9248 844 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 845
a9de9248
MH		 846 if (!status)
847 return;
04837f64 848
a9de9248
MH		 849 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
850 if (!cp)
851 return;
04837f64 852
a9de9248 853 hci_dev_lock(hdev);
1da177e4 854
a9de9248 855 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 856 if (conn) {
a9de9248 857 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 858
e73439d8
MH		 859 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
860 hci_sco_setup(conn, status);
861 }
862
a9de9248 863 hci_dev_unlock(hdev);
1da177e4
LT		 864}
865
1da177e4
LT		 866static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
867{
868 __u8 status = *((__u8 *) skb->data);
869
870 BT_DBG("%s status %d", hdev->name, status);
871
872 clear_bit(HCI_INQUIRY, &hdev->flags);
6bd57416 873
a9de9248 874 hci_req_complete(hdev, status);
6bd57416 875
a9de9248 876 hci_conn_check_pending(hdev);
1da177e4
LT		 877}
878
1da177e4
LT		 879static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
880{
45bb4bf0 881 struct inquiry_data data;
a9de9248 882 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 883 int num_rsp = *((__u8 *) skb->data);
884
885 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
886
45bb4bf0
MH		 887 if (!num_rsp)
888 return;
889
1da177e4 890 hci_dev_lock(hdev);
45bb4bf0 891
1da177e4 892 for (; num_rsp; num_rsp--) {
1da177e4
LT		 893 bacpy(&data.bdaddr, &info->bdaddr);
894 data.pscan_rep_mode = info->pscan_rep_mode;
895 data.pscan_period_mode = info->pscan_period_mode;
896 data.pscan_mode = info->pscan_mode;
897 memcpy(data.dev_class, info->dev_class, 3);
898 data.clock_offset = info->clock_offset;
899 data.rssi = 0x00;
41a96212 900 data.ssp_mode = 0x00;
1da177e4
LT		 901 info++;
902 hci_inquiry_cache_update(hdev, &data);
903 }
45bb4bf0 904
1da177e4
LT		 905 hci_dev_unlock(hdev);
906}
907
1da177e4
LT		 908static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
909{
a9de9248
MH		 910 struct hci_ev_conn_complete *ev = (void *) skb->data;
911 struct hci_conn *conn;
1da177e4
LT		 912
913 BT_DBG("%s", hdev->name);
914
915 hci_dev_lock(hdev);
916
917 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 918 if (!conn) {
919 if (ev->link_type != SCO_LINK)
920 goto unlock;
921
922 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
923 if (!conn)
924 goto unlock;
925
926 conn->type = SCO_LINK;
927 }
1da177e4
LT		 928
929 if (!ev->status) {
930 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 931
932 if (conn->type == ACL_LINK) {
933 conn->state = BT_CONFIG;
934 hci_conn_hold(conn);
052b30b0 935 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 936 } else
937 conn->state = BT_CONNECTED;
1da177e4 938
9eba32b8 939 hci_conn_hold_device(conn);
7d0db0a3
MH		 940 hci_conn_add_sysfs(conn);
941
1da177e4
LT		 942 if (test_bit(HCI_AUTH, &hdev->flags))
943 conn->link_mode |= HCI_LM_AUTH;
944
945 if (test_bit(HCI_ENCRYPT, &hdev->flags))
946 conn->link_mode |= HCI_LM_ENCRYPT;
947
04837f64
MH		 948 /* Get remote features */
949 if (conn->type == ACL_LINK) {
950 struct hci_cp_read_remote_features cp;
951 cp.handle = ev->handle;
769be974
MH		 952 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
953 sizeof(cp), &cp);
04837f64
MH		 954 }
955
1da177e4 956 /* Set packet type for incoming connection */
a8746417 957 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 958 struct hci_cp_change_conn_ptype cp;
959 cp.handle = ev->handle;
a8746417
MH		 960 cp.pkt_type = cpu_to_le16(conn->pkt_type);
961 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
962 sizeof(cp), &cp);
1da177e4
LT		 963 }
964 } else
965 conn->state = BT_CLOSED;
966
e73439d8
MH		 967 if (conn->type == ACL_LINK)
968 hci_sco_setup(conn, ev->status);
1da177e4 969
769be974
MH		 970 if (ev->status) {
971 hci_proto_connect_cfm(conn, ev->status);
1da177e4 972 hci_conn_del(conn);
c89b6e6b
MH		 973 } else if (ev->link_type != ACL_LINK)
974 hci_proto_connect_cfm(conn, ev->status);
1da177e4 975
a9de9248 976unlock:
1da177e4 977 hci_dev_unlock(hdev);
1da177e4 978
a9de9248 979 hci_conn_check_pending(hdev);
1da177e4
LT		 980}
981
a9de9248 982static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 983{
a9de9248
MH		 984 struct hci_ev_conn_request *ev = (void *) skb->data;
985 int mask = hdev->link_mode;
1da177e4 986
a9de9248
MH		 987 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
988 batostr(&ev->bdaddr), ev->link_type);
1da177e4 989
a9de9248 990 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 991
f0358568 992 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 993 /* Connection accepted */
c7bdd502 994 struct inquiry_entry *ie;
1da177e4 995 struct hci_conn *conn;
1da177e4 996
a9de9248 997 hci_dev_lock(hdev);
b6a0dc82 998
c7bdd502
MH		 999 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1000 memcpy(ie->data.dev_class, ev->dev_class, 3);
1001
a9de9248
MH		 1002 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1003 if (!conn) {
1004 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
893ef971 1005 BT_ERR("No memory for new connection");
a9de9248
MH		 1006 hci_dev_unlock(hdev);
1007 return;
1da177e4
LT		 1008 }
1009 }
b6a0dc82 1010
a9de9248
MH		 1011 memcpy(conn->dev_class, ev->dev_class, 3);
1012 conn->state = BT_CONNECT;
b6a0dc82 1013
a9de9248 1014 hci_dev_unlock(hdev);
1da177e4 1015
b6a0dc82
MH		 1016 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1017 struct hci_cp_accept_conn_req cp;
1da177e4 1018
b6a0dc82
MH		 1019 bacpy(&cp.bdaddr, &ev->bdaddr);
1020
1021 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1022 cp.role = 0x00; /* Become master */
1023 else
1024 cp.role = 0x01; /* Remain slave */
1025
1026 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1027 sizeof(cp), &cp);
1028 } else {
1029 struct hci_cp_accept_sync_conn_req cp;
1030
1031 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1032 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1033
1034 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1035 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1036 cp.max_latency = cpu_to_le16(0xffff);
1037 cp.content_format = cpu_to_le16(hdev->voice_setting);
1038 cp.retrans_effort = 0xff;
1da177e4 1039
b6a0dc82
MH		 1040 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1041 sizeof(cp), &cp);
1042 }
a9de9248
MH		 1043 } else {
1044 /* Connection rejected */
1045 struct hci_cp_reject_conn_req cp;
1da177e4 1046
a9de9248
MH		 1047 bacpy(&cp.bdaddr, &ev->bdaddr);
1048 cp.reason = 0x0f;
1049 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1050 }
1da177e4
LT		 1051}
1052
a9de9248 1053static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1054{
a9de9248 1055 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1056 struct hci_conn *conn;
1057
1058 BT_DBG("%s status %d", hdev->name, ev->status);
1059
a9de9248
MH		 1060 if (ev->status)
1061 return;
1062
04837f64
MH		 1063 hci_dev_lock(hdev);
1064
1065 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1066 if (conn) {
a9de9248 1067 conn->state = BT_CLOSED;
7d0db0a3 1068
2950f21a 1069 hci_proto_disconn_cfm(conn, ev->reason);
a9de9248 1070 hci_conn_del(conn);
04837f64
MH		 1071 }
1072
1073 hci_dev_unlock(hdev);
1074}
1075
1da177e4
LT		 1076static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1077{
a9de9248 1078 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1079 struct hci_conn *conn;
1da177e4
LT		 1080
1081 BT_DBG("%s status %d", hdev->name, ev->status);
1082
1083 hci_dev_lock(hdev);
1084
04837f64 1085 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1086 if (conn) {
1087 if (!ev->status)
1088 conn->link_mode |= HCI_LM_AUTH;
da213f41
JH		 1089 else
1090 conn->sec_level = BT_SECURITY_LOW;
1da177e4
LT		 1091
1092 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1093
f8558555
MH		 1094 if (conn->state == BT_CONFIG) {
1095 if (!ev->status && hdev->ssp_mode > 0 &&
1096 conn->ssp_mode > 0) {
1097 struct hci_cp_set_conn_encrypt cp;
1098 cp.handle = ev->handle;
1099 cp.encrypt = 0x01;
1100 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1101 sizeof(cp), &cp);
1102 } else {
1103 conn->state = BT_CONNECTED;
1104 hci_proto_connect_cfm(conn, ev->status);
1105 hci_conn_put(conn);
1106 }
052b30b0 1107 } else {
f8558555 1108 hci_auth_cfm(conn, ev->status);
1da177e4 1109
052b30b0
MH		 1110 hci_conn_hold(conn);
1111 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1112 hci_conn_put(conn);
1113 }
1114
1da177e4
LT		 1115 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1116 if (!ev->status) {
1117 struct hci_cp_set_conn_encrypt cp;
f8558555
MH		 1118 cp.handle = ev->handle;
1119 cp.encrypt = 0x01;
1120 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1121 sizeof(cp), &cp);
1da177e4
LT		 1122 } else {
1123 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1124 hci_encrypt_cfm(conn, ev->status, 0x00);
1125 }
1126 }
1127 }
1128
1129 hci_dev_unlock(hdev);
1130}
1131
a9de9248 1132static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1133{
127178d2
JH		 1134 struct hci_ev_remote_name *ev = (void *) skb->data;
1135 struct hci_conn *conn;
1136
a9de9248 1137 BT_DBG("%s", hdev->name);
1da177e4 1138
a9de9248 1139 hci_conn_check_pending(hdev);
127178d2
JH		 1140
1141 hci_dev_lock(hdev);
1142
1143 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1144 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1145 struct hci_cp_auth_requested cp;
1146 cp.handle = __cpu_to_le16(conn->handle);
1147 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1148 }
1149
1150 hci_dev_unlock(hdev);
a9de9248
MH		 1151}
1152
1153static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1154{
1155 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1156 struct hci_conn *conn;
1157
1158 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1159
1160 hci_dev_lock(hdev);
1161
04837f64 1162 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1163 if (conn) {
1164 if (!ev->status) {
ae293196
MH		 1165 if (ev->encrypt) {
1166 /* Encryption implies authentication */
1167 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1168 conn->link_mode |= HCI_LM_ENCRYPT;
ae293196 1169 } else
1da177e4
LT		 1170 conn->link_mode &= ~HCI_LM_ENCRYPT;
1171 }
1172
1173 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1174
f8558555
MH		 1175 if (conn->state == BT_CONFIG) {
1176 if (!ev->status)
1177 conn->state = BT_CONNECTED;
1178
1179 hci_proto_connect_cfm(conn, ev->status);
1180 hci_conn_put(conn);
1181 } else
1182 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1183 }
1184
1185 hci_dev_unlock(hdev);
1186}
1187
a9de9248 1188static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1189{
a9de9248 1190 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1191 struct hci_conn *conn;
1da177e4
LT		 1192
1193 BT_DBG("%s status %d", hdev->name, ev->status);
1194
1195 hci_dev_lock(hdev);
1196
04837f64 1197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1198 if (conn) {
1199 if (!ev->status)
1200 conn->link_mode |= HCI_LM_SECURE;
1201
1202 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1203
1204 hci_key_change_cfm(conn, ev->status);
1205 }
1206
1207 hci_dev_unlock(hdev);
1208}
1209
a9de9248 1210static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1211{
a9de9248
MH		 1212 struct hci_ev_remote_features *ev = (void *) skb->data;
1213 struct hci_conn *conn;
1214
1215 BT_DBG("%s status %d", hdev->name, ev->status);
1216
a9de9248
MH		 1217 hci_dev_lock(hdev);
1218
1219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1220 if (!conn)
1221 goto unlock;
769be974 1222
ccd556fe
JH		 1223 if (!ev->status)
1224 memcpy(conn->features, ev->features, 8);
1225
1226 if (conn->state != BT_CONFIG)
1227 goto unlock;
1228
1229 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1230 struct hci_cp_read_remote_ext_features cp;
1231 cp.handle = ev->handle;
1232 cp.page = 0x01;
1233 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1234 sizeof(cp), &cp);
392599b9
JH		 1235 goto unlock;
1236 }
1237
127178d2
JH		 1238 if (!ev->status) {
1239 struct hci_cp_remote_name_req cp;
1240 memset(&cp, 0, sizeof(cp));
1241 bacpy(&cp.bdaddr, &conn->dst);
1242 cp.pscan_rep_mode = 0x02;
1243 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1244 }
392599b9 1245
127178d2 1246 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1247 conn->state = BT_CONNECTED;
1248 hci_proto_connect_cfm(conn, ev->status);
1249 hci_conn_put(conn);
769be974 1250 }
a9de9248 1251
ccd556fe 1252unlock:
a9de9248 1253 hci_dev_unlock(hdev);
1da177e4
LT		 1254}
1255
a9de9248 1256static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1257{
a9de9248 1258 BT_DBG("%s", hdev->name);
1da177e4
LT		 1259}
1260
a9de9248 1261static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1262{
a9de9248 1263 BT_DBG("%s", hdev->name);
1da177e4
LT		 1264}
1265
a9de9248
MH		 1266static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1267{
1268 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1269 __u16 opcode;
1270
1271 skb_pull(skb, sizeof(*ev));
1272
1273 opcode = __le16_to_cpu(ev->opcode);
1274
1275 switch (opcode) {
1276 case HCI_OP_INQUIRY_CANCEL:
1277 hci_cc_inquiry_cancel(hdev, skb);
1278 break;
1279
1280 case HCI_OP_EXIT_PERIODIC_INQ:
1281 hci_cc_exit_periodic_inq(hdev, skb);
1282 break;
1283
1284 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1285 hci_cc_remote_name_req_cancel(hdev, skb);
1286 break;
1287
1288 case HCI_OP_ROLE_DISCOVERY:
1289 hci_cc_role_discovery(hdev, skb);
1290 break;
1291
e4e8e37c
MH		 1292 case HCI_OP_READ_LINK_POLICY:
1293 hci_cc_read_link_policy(hdev, skb);
1294 break;
1295
a9de9248
MH		 1296 case HCI_OP_WRITE_LINK_POLICY:
1297 hci_cc_write_link_policy(hdev, skb);
1298 break;
1299
e4e8e37c
MH		 1300 case HCI_OP_READ_DEF_LINK_POLICY:
1301 hci_cc_read_def_link_policy(hdev, skb);
1302 break;
1303
1304 case HCI_OP_WRITE_DEF_LINK_POLICY:
1305 hci_cc_write_def_link_policy(hdev, skb);
1306 break;
1307
a9de9248
MH		 1308 case HCI_OP_RESET:
1309 hci_cc_reset(hdev, skb);
1310 break;
1311
1312 case HCI_OP_WRITE_LOCAL_NAME:
1313 hci_cc_write_local_name(hdev, skb);
1314 break;
1315
1316 case HCI_OP_READ_LOCAL_NAME:
1317 hci_cc_read_local_name(hdev, skb);
1318 break;
1319
1320 case HCI_OP_WRITE_AUTH_ENABLE:
1321 hci_cc_write_auth_enable(hdev, skb);
1322 break;
1323
1324 case HCI_OP_WRITE_ENCRYPT_MODE:
1325 hci_cc_write_encrypt_mode(hdev, skb);
1326 break;
1327
1328 case HCI_OP_WRITE_SCAN_ENABLE:
1329 hci_cc_write_scan_enable(hdev, skb);
1330 break;
1331
1332 case HCI_OP_READ_CLASS_OF_DEV:
1333 hci_cc_read_class_of_dev(hdev, skb);
1334 break;
1335
1336 case HCI_OP_WRITE_CLASS_OF_DEV:
1337 hci_cc_write_class_of_dev(hdev, skb);
1338 break;
1339
1340 case HCI_OP_READ_VOICE_SETTING:
1341 hci_cc_read_voice_setting(hdev, skb);
1342 break;
1343
1344 case HCI_OP_WRITE_VOICE_SETTING:
1345 hci_cc_write_voice_setting(hdev, skb);
1346 break;
1347
1348 case HCI_OP_HOST_BUFFER_SIZE:
1349 hci_cc_host_buffer_size(hdev, skb);
1350 break;
1351
333140b5
MH		 1352 case HCI_OP_READ_SSP_MODE:
1353 hci_cc_read_ssp_mode(hdev, skb);
1354 break;
1355
1356 case HCI_OP_WRITE_SSP_MODE:
1357 hci_cc_write_ssp_mode(hdev, skb);
1358 break;
1359
a9de9248
MH		 1360 case HCI_OP_READ_LOCAL_VERSION:
1361 hci_cc_read_local_version(hdev, skb);
1362 break;
1363
1364 case HCI_OP_READ_LOCAL_COMMANDS:
1365 hci_cc_read_local_commands(hdev, skb);
1366 break;
1367
1368 case HCI_OP_READ_LOCAL_FEATURES:
1369 hci_cc_read_local_features(hdev, skb);
1370 break;
1371
1372 case HCI_OP_READ_BUFFER_SIZE:
1373 hci_cc_read_buffer_size(hdev, skb);
1374 break;
1375
1376 case HCI_OP_READ_BD_ADDR:
1377 hci_cc_read_bd_addr(hdev, skb);
1378 break;
1379
1380 default:
1381 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1382 break;
1383 }
1384
1385 if (ev->ncmd) {
1386 atomic_set(&hdev->cmd_cnt, 1);
1387 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1388 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1389 }
1390}
1391
1392static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1393{
1394 struct hci_ev_cmd_status *ev = (void *) skb->data;
1395 __u16 opcode;
1396
1397 skb_pull(skb, sizeof(*ev));
1398
1399 opcode = __le16_to_cpu(ev->opcode);
1400
1401 switch (opcode) {
1402 case HCI_OP_INQUIRY:
1403 hci_cs_inquiry(hdev, ev->status);
1404 break;
1405
1406 case HCI_OP_CREATE_CONN:
1407 hci_cs_create_conn(hdev, ev->status);
1408 break;
1409
1410 case HCI_OP_ADD_SCO:
1411 hci_cs_add_sco(hdev, ev->status);
1412 break;
1413
f8558555
MH		 1414 case HCI_OP_AUTH_REQUESTED:
1415 hci_cs_auth_requested(hdev, ev->status);
1416 break;
1417
1418 case HCI_OP_SET_CONN_ENCRYPT:
1419 hci_cs_set_conn_encrypt(hdev, ev->status);
1420 break;
1421
a9de9248
MH		 1422 case HCI_OP_REMOTE_NAME_REQ:
1423 hci_cs_remote_name_req(hdev, ev->status);
1424 break;
1425
769be974
MH		 1426 case HCI_OP_READ_REMOTE_FEATURES:
1427 hci_cs_read_remote_features(hdev, ev->status);
1428 break;
1429
1430 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1431 hci_cs_read_remote_ext_features(hdev, ev->status);
1432 break;
1433
a9de9248
MH		 1434 case HCI_OP_SETUP_SYNC_CONN:
1435 hci_cs_setup_sync_conn(hdev, ev->status);
1436 break;
1437
1438 case HCI_OP_SNIFF_MODE:
1439 hci_cs_sniff_mode(hdev, ev->status);
1440 break;
1441
1442 case HCI_OP_EXIT_SNIFF_MODE:
1443 hci_cs_exit_sniff_mode(hdev, ev->status);
1444 break;
1445
1446 default:
1447 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1448 break;
1449 }
1450
1451 if (ev->ncmd) {
1452 atomic_set(&hdev->cmd_cnt, 1);
1453 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1454 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1455 }
1456}
1457
1458static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1459{
1460 struct hci_ev_role_change *ev = (void *) skb->data;
1461 struct hci_conn *conn;
1462
1463 BT_DBG("%s status %d", hdev->name, ev->status);
1464
1465 hci_dev_lock(hdev);
1466
1467 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1468 if (conn) {
1469 if (!ev->status) {
1470 if (ev->role)
1471 conn->link_mode &= ~HCI_LM_MASTER;
1472 else
1473 conn->link_mode |= HCI_LM_MASTER;
1474 }
1475
1476 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1477
1478 hci_role_switch_cfm(conn, ev->status, ev->role);
1479 }
1480
1481 hci_dev_unlock(hdev);
1482}
1483
1484static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1485{
1486 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1487 __le16 *ptr;
1488 int i;
1489
1490 skb_pull(skb, sizeof(*ev));
1491
1492 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1493
1494 if (skb->len < ev->num_hndl * 4) {
1495 BT_DBG("%s bad parameters", hdev->name);
1496 return;
1497 }
1498
1499 tasklet_disable(&hdev->tx_task);
1500
1501 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1502 struct hci_conn *conn;
1503 __u16 handle, count;
1504
83985319
HH		 1505 handle = get_unaligned_le16(ptr++);
1506 count = get_unaligned_le16(ptr++);
a9de9248
MH		 1507
1508 conn = hci_conn_hash_lookup_handle(hdev, handle);
1509 if (conn) {
1510 conn->sent -= count;
1511
1512 if (conn->type == ACL_LINK) {
1513 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1514 hdev->acl_cnt = hdev->acl_pkts;
1515 } else {
1516 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1517 hdev->sco_cnt = hdev->sco_pkts;
1518 }
1519 }
1520 }
1521
c78ae283 1522 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 1523
1524 tasklet_enable(&hdev->tx_task);
1525}
1526
1527static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1528{
a9de9248 1529 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 1530 struct hci_conn *conn;
1531
1532 BT_DBG("%s status %d", hdev->name, ev->status);
1533
1534 hci_dev_lock(hdev);
1535
1536 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 1537 if (conn) {
1538 conn->mode = ev->mode;
1539 conn->interval = __le16_to_cpu(ev->interval);
1540
1541 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1542 if (conn->mode == HCI_CM_ACTIVE)
1543 conn->power_save = 1;
1544 else
1545 conn->power_save = 0;
1546 }
e73439d8
MH		 1547
1548 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1549 hci_sco_setup(conn, ev->status);
04837f64
MH		 1550 }
1551
1552 hci_dev_unlock(hdev);
1553}
1554
a9de9248
MH		 1555static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1556{
052b30b0
MH		 1557 struct hci_ev_pin_code_req *ev = (void *) skb->data;
1558 struct hci_conn *conn;
1559
a9de9248 1560 BT_DBG("%s", hdev->name);
052b30b0
MH		 1561
1562 hci_dev_lock(hdev);
1563
1564 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3d7a9d1c 1565 if (conn && conn->state == BT_CONNECTED) {
052b30b0
MH		 1566 hci_conn_hold(conn);
1567 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1568 hci_conn_put(conn);
1569 }
1570
1571 hci_dev_unlock(hdev);
a9de9248
MH		 1572}
1573
1574static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1575{
1576 BT_DBG("%s", hdev->name);
1577}
1578
1579static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1580{
052b30b0
MH		 1581 struct hci_ev_link_key_notify *ev = (void *) skb->data;
1582 struct hci_conn *conn;
1583
a9de9248 1584 BT_DBG("%s", hdev->name);
052b30b0
MH		 1585
1586 hci_dev_lock(hdev);
1587
1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1589 if (conn) {
1590 hci_conn_hold(conn);
1591 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1592 hci_conn_put(conn);
1593 }
1594
1595 hci_dev_unlock(hdev);
a9de9248
MH		 1596}
1597
1da177e4
LT		 1598static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1599{
a9de9248 1600 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 1601 struct hci_conn *conn;
1da177e4
LT		 1602
1603 BT_DBG("%s status %d", hdev->name, ev->status);
1604
1605 hci_dev_lock(hdev);
1606
04837f64 1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1608 if (conn && !ev->status) {
1609 struct inquiry_entry *ie;
1610
1611 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1612 ie->data.clock_offset = ev->clock_offset;
1613 ie->timestamp = jiffies;
1614 }
1615 }
1616
1617 hci_dev_unlock(hdev);
1618}
1619
a8746417
MH		 1620static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1621{
1622 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1623 struct hci_conn *conn;
1624
1625 BT_DBG("%s status %d", hdev->name, ev->status);
1626
1627 hci_dev_lock(hdev);
1628
1629 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1630 if (conn && !ev->status)
1631 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1632
1633 hci_dev_unlock(hdev);
1634}
1635
85a1e930
MH		 1636static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1637{
a9de9248 1638 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 1639 struct inquiry_entry *ie;
1640
1641 BT_DBG("%s", hdev->name);
1642
1643 hci_dev_lock(hdev);
1644
1645 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1646 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1647 ie->timestamp = jiffies;
1648 }
1649
1650 hci_dev_unlock(hdev);
1651}
1652
a9de9248
MH		 1653static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1654{
1655 struct inquiry_data data;
1656 int num_rsp = *((__u8 *) skb->data);
1657
1658 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1659
1660 if (!num_rsp)
1661 return;
1662
1663 hci_dev_lock(hdev);
1664
1665 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1666 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1667
1668 for (; num_rsp; num_rsp--) {
1669 bacpy(&data.bdaddr, &info->bdaddr);
1670 data.pscan_rep_mode = info->pscan_rep_mode;
1671 data.pscan_period_mode = info->pscan_period_mode;
1672 data.pscan_mode = info->pscan_mode;
1673 memcpy(data.dev_class, info->dev_class, 3);
1674 data.clock_offset = info->clock_offset;
1675 data.rssi = info->rssi;
41a96212 1676 data.ssp_mode = 0x00;
a9de9248
MH		 1677 info++;
1678 hci_inquiry_cache_update(hdev, &data);
1679 }
1680 } else {
1681 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1682
1683 for (; num_rsp; num_rsp--) {
1684 bacpy(&data.bdaddr, &info->bdaddr);
1685 data.pscan_rep_mode = info->pscan_rep_mode;
1686 data.pscan_period_mode = info->pscan_period_mode;
1687 data.pscan_mode = 0x00;
1688 memcpy(data.dev_class, info->dev_class, 3);
1689 data.clock_offset = info->clock_offset;
1690 data.rssi = info->rssi;
41a96212 1691 data.ssp_mode = 0x00;
a9de9248
MH		 1692 info++;
1693 hci_inquiry_cache_update(hdev, &data);
1694 }
1695 }
1696
1697 hci_dev_unlock(hdev);
1698}
1699
1700static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1701{
41a96212
MH		 1702 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1703 struct hci_conn *conn;
1704
a9de9248 1705 BT_DBG("%s", hdev->name);
41a96212 1706
41a96212
MH		 1707 hci_dev_lock(hdev);
1708
1709 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1710 if (!conn)
1711 goto unlock;
41a96212 1712
ccd556fe
JH		 1713 if (!ev->status && ev->page == 0x01) {
1714 struct inquiry_entry *ie;
41a96212 1715
ccd556fe
JH		 1716 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1717 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 1718
ccd556fe
JH		 1719 conn->ssp_mode = (ev->features[0] & 0x01);
1720 }
1721
1722 if (conn->state != BT_CONFIG)
1723 goto unlock;
1724
127178d2
JH		 1725 if (!ev->status) {
1726 struct hci_cp_remote_name_req cp;
1727 memset(&cp, 0, sizeof(cp));
1728 bacpy(&cp.bdaddr, &conn->dst);
1729 cp.pscan_rep_mode = 0x02;
1730 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1731 }
392599b9 1732
127178d2 1733 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1734 conn->state = BT_CONNECTED;
1735 hci_proto_connect_cfm(conn, ev->status);
1736 hci_conn_put(conn);
41a96212
MH		 1737 }
1738
ccd556fe 1739unlock:
41a96212 1740 hci_dev_unlock(hdev);
a9de9248
MH		 1741}
1742
1743static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1744{
b6a0dc82
MH		 1745 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1746 struct hci_conn *conn;
1747
1748 BT_DBG("%s status %d", hdev->name, ev->status);
1749
1750 hci_dev_lock(hdev);
1751
1752 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 1753 if (!conn) {
1754 if (ev->link_type == ESCO_LINK)
1755 goto unlock;
1756
1757 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1758 if (!conn)
1759 goto unlock;
1760
1761 conn->type = SCO_LINK;
1762 }
b6a0dc82 1763
732547f9
MH		 1764 switch (ev->status) {
1765 case 0x00:
b6a0dc82
MH		 1766 conn->handle = __le16_to_cpu(ev->handle);
1767 conn->state = BT_CONNECTED;
7d0db0a3 1768
9eba32b8 1769 hci_conn_hold_device(conn);
7d0db0a3 1770 hci_conn_add_sysfs(conn);
732547f9
MH		 1771 break;
1772
705e5711 1773 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 1774 case 0x1c: /* SCO interval rejected */
1038a00b 1775 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 1776 case 0x1f: /* Unspecified error */
1777 if (conn->out && conn->attempt < 2) {
1778 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1779 (hdev->esco_type & EDR_ESCO_MASK);
1780 hci_setup_sync(conn, conn->link->handle);
1781 goto unlock;
1782 }
1783 /* fall through */
1784
1785 default:
b6a0dc82 1786 conn->state = BT_CLOSED;
732547f9
MH		 1787 break;
1788 }
b6a0dc82
MH		 1789
1790 hci_proto_connect_cfm(conn, ev->status);
1791 if (ev->status)
1792 hci_conn_del(conn);
1793
1794unlock:
1795 hci_dev_unlock(hdev);
a9de9248
MH		 1796}
1797
1798static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1799{
1800 BT_DBG("%s", hdev->name);
1801}
1802
04837f64
MH		 1803static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1804{
a9de9248 1805 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 1806 struct hci_conn *conn;
1807
1808 BT_DBG("%s status %d", hdev->name, ev->status);
1809
1810 hci_dev_lock(hdev);
1811
1812 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1813 if (conn) {
1814 }
1815
1816 hci_dev_unlock(hdev);
1817}
1818
a9de9248 1819static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1820{
a9de9248
MH		 1821 struct inquiry_data data;
1822 struct extended_inquiry_info *info = (void *) (skb->data + 1);
1823 int num_rsp = *((__u8 *) skb->data);
1da177e4 1824
a9de9248 1825 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 1826
a9de9248
MH		 1827 if (!num_rsp)
1828 return;
1da177e4 1829
a9de9248
MH		 1830 hci_dev_lock(hdev);
1831
1832 for (; num_rsp; num_rsp--) {
1833 bacpy(&data.bdaddr, &info->bdaddr);
1834 data.pscan_rep_mode = info->pscan_rep_mode;
1835 data.pscan_period_mode = info->pscan_period_mode;
1836 data.pscan_mode = 0x00;
1837 memcpy(data.dev_class, info->dev_class, 3);
1838 data.clock_offset = info->clock_offset;
1839 data.rssi = info->rssi;
41a96212 1840 data.ssp_mode = 0x01;
a9de9248
MH		 1841 info++;
1842 hci_inquiry_cache_update(hdev, &data);
1843 }
1844
1845 hci_dev_unlock(hdev);
1846}
1da177e4 1847
0493684e
MH		 1848static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1849{
1850 struct hci_ev_io_capa_request *ev = (void *) skb->data;
1851 struct hci_conn *conn;
1852
1853 BT_DBG("%s", hdev->name);
1854
1855 hci_dev_lock(hdev);
1856
1857 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1858 if (conn)
1859 hci_conn_hold(conn);
1860
1861 hci_dev_unlock(hdev);
1862}
1863
1864static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1865{
1866 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1867 struct hci_conn *conn;
1868
1869 BT_DBG("%s", hdev->name);
1870
1871 hci_dev_lock(hdev);
1872
1873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1874 if (conn)
1875 hci_conn_put(conn);
1876
1877 hci_dev_unlock(hdev);
1878}
1879
41a96212
MH		 1880static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1881{
1882 struct hci_ev_remote_host_features *ev = (void *) skb->data;
1883 struct inquiry_entry *ie;
1884
1885 BT_DBG("%s", hdev->name);
1886
1887 hci_dev_lock(hdev);
1888
1889 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1890 ie->data.ssp_mode = (ev->features[0] & 0x01);
1891
1892 hci_dev_unlock(hdev);
1893}
1894
a9de9248
MH		 1895void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1896{
1897 struct hci_event_hdr *hdr = (void *) skb->data;
1898 __u8 event = hdr->evt;
1899
1900 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1901
1902 switch (event) {
1da177e4
LT		 1903 case HCI_EV_INQUIRY_COMPLETE:
1904 hci_inquiry_complete_evt(hdev, skb);
1905 break;
1906
1907 case HCI_EV_INQUIRY_RESULT:
1908 hci_inquiry_result_evt(hdev, skb);
1909 break;
1910
a9de9248
MH		 1911 case HCI_EV_CONN_COMPLETE:
1912 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 1913 break;
1914
1da177e4
LT		 1915 case HCI_EV_CONN_REQUEST:
1916 hci_conn_request_evt(hdev, skb);
1917 break;
1918
1da177e4
LT		 1919 case HCI_EV_DISCONN_COMPLETE:
1920 hci_disconn_complete_evt(hdev, skb);
1921 break;
1922
1da177e4
LT		 1923 case HCI_EV_AUTH_COMPLETE:
1924 hci_auth_complete_evt(hdev, skb);
1925 break;
1926
a9de9248
MH		 1927 case HCI_EV_REMOTE_NAME:
1928 hci_remote_name_evt(hdev, skb);
1929 break;
1930
1da177e4
LT		 1931 case HCI_EV_ENCRYPT_CHANGE:
1932 hci_encrypt_change_evt(hdev, skb);
1933 break;
1934
a9de9248
MH		 1935 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1936 hci_change_link_key_complete_evt(hdev, skb);
1937 break;
1938
1939 case HCI_EV_REMOTE_FEATURES:
1940 hci_remote_features_evt(hdev, skb);
1941 break;
1942
1943 case HCI_EV_REMOTE_VERSION:
1944 hci_remote_version_evt(hdev, skb);
1945 break;
1946
1947 case HCI_EV_QOS_SETUP_COMPLETE:
1948 hci_qos_setup_complete_evt(hdev, skb);
1949 break;
1950
1951 case HCI_EV_CMD_COMPLETE:
1952 hci_cmd_complete_evt(hdev, skb);
1953 break;
1954
1955 case HCI_EV_CMD_STATUS:
1956 hci_cmd_status_evt(hdev, skb);
1957 break;
1958
1959 case HCI_EV_ROLE_CHANGE:
1960 hci_role_change_evt(hdev, skb);
1961 break;
1962
1963 case HCI_EV_NUM_COMP_PKTS:
1964 hci_num_comp_pkts_evt(hdev, skb);
1965 break;
1966
1967 case HCI_EV_MODE_CHANGE:
1968 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 1969 break;
1970
1971 case HCI_EV_PIN_CODE_REQ:
1972 hci_pin_code_request_evt(hdev, skb);
1973 break;
1974
1975 case HCI_EV_LINK_KEY_REQ:
1976 hci_link_key_request_evt(hdev, skb);
1977 break;
1978
1979 case HCI_EV_LINK_KEY_NOTIFY:
1980 hci_link_key_notify_evt(hdev, skb);
1981 break;
1982
1983 case HCI_EV_CLOCK_OFFSET:
1984 hci_clock_offset_evt(hdev, skb);
1985 break;
1986
a8746417
MH		 1987 case HCI_EV_PKT_TYPE_CHANGE:
1988 hci_pkt_type_change_evt(hdev, skb);
1989 break;
1990
85a1e930
MH		 1991 case HCI_EV_PSCAN_REP_MODE:
1992 hci_pscan_rep_mode_evt(hdev, skb);
1993 break;
1994
a9de9248
MH		 1995 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1996 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 1997 break;
1998
a9de9248
MH		 1999 case HCI_EV_REMOTE_EXT_FEATURES:
2000 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 2001 break;
2002
a9de9248
MH		 2003 case HCI_EV_SYNC_CONN_COMPLETE:
2004 hci_sync_conn_complete_evt(hdev, skb);
2005 break;
1da177e4 2006
a9de9248
MH		 2007 case HCI_EV_SYNC_CONN_CHANGED:
2008 hci_sync_conn_changed_evt(hdev, skb);
2009 break;
1da177e4 2010
a9de9248
MH		 2011 case HCI_EV_SNIFF_SUBRATE:
2012 hci_sniff_subrate_evt(hdev, skb);
2013 break;
1da177e4 2014
a9de9248
MH		 2015 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2016 hci_extended_inquiry_result_evt(hdev, skb);
2017 break;
1da177e4 2018
0493684e
MH		 2019 case HCI_EV_IO_CAPA_REQUEST:
2020 hci_io_capa_request_evt(hdev, skb);
2021 break;
2022
2023 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2024 hci_simple_pair_complete_evt(hdev, skb);
2025 break;
2026
41a96212
MH		 2027 case HCI_EV_REMOTE_HOST_FEATURES:
2028 hci_remote_host_features_evt(hdev, skb);
2029 break;
2030
a9de9248
MH		 2031 default:
2032 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 2033 break;
2034 }
2035
2036 kfree_skb(skb);
2037 hdev->stat.evt_rx++;
2038}
2039
2040/* Generate internal stack event */
2041void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2042{
2043 struct hci_event_hdr *hdr;
2044 struct hci_ev_stack_internal *ev;
2045 struct sk_buff *skb;
2046
2047 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2048 if (!skb)
2049 return;
2050
2051 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2052 hdr->evt = HCI_EV_STACK_INTERNAL;
2053 hdr->plen = sizeof(*ev) + dlen;
2054
2055 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2056 ev->type = type;
2057 memcpy(ev->data, data, dlen);
2058
576c7d85 2059 bt_cb(skb)->incoming = 1;
a61bbcf2 2060 __net_timestamp(skb);
576c7d85 2061
0d48d939 2062 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4
LT		 2063 skb->dev = (void *) hdev;
2064 hci_send_to_sock(hdev, skb);
2065 kfree_skb(skb);
2066}
kernel source for telekom puls (alcatel/mediatek)