projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add set_io_capability management command
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 /* Handle HCI Event packets */
49
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 {
52 __u8 status = *((__u8 *) skb->data);
53
54 BT_DBG("%s status 0x%x", hdev->name, status);
55
56 if (status)
57 return;
58
59 clear_bit(HCI_INQUIRY, &hdev->flags);
60
61 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
62
63 hci_conn_check_pending(hdev);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68 __u8 status = *((__u8 *) skb->data);
69
70 BT_DBG("%s status 0x%x", hdev->name, status);
71
72 if (status)
73 return;
74
75 clear_bit(HCI_INQUIRY, &hdev->flags);
76
77 hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
81 {
82 BT_DBG("%s", hdev->name);
83 }
84
85 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86 {
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
89
90 BT_DBG("%s status 0x%x", hdev->name, rp->status);
91
92 if (rp->status)
93 return;
94
95 hci_dev_lock(hdev);
96
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98 if (conn) {
99 if (rp->role)
100 conn->link_mode &= ~HCI_LM_MASTER;
101 else
102 conn->link_mode |= HCI_LM_MASTER;
103 }
104
105 hci_dev_unlock(hdev);
106 }
107
108 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109 {
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
112
113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
114
115 if (rp->status)
116 return;
117
118 hci_dev_lock(hdev);
119
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121 if (conn)
122 conn->link_policy = __le16_to_cpu(rp->policy);
123
124 hci_dev_unlock(hdev);
125 }
126
127 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128 {
129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
131 void *sent;
132
133 BT_DBG("%s status 0x%x", hdev->name, rp->status);
134
135 if (rp->status)
136 return;
137
138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139 if (!sent)
140 return;
141
142 hci_dev_lock(hdev);
143
144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
145 if (conn)
146 conn->link_policy = get_unaligned_le16(sent + 2);
147
148 hci_dev_unlock(hdev);
149 }
150
151 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
152 {
153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
154
155 BT_DBG("%s status 0x%x", hdev->name, rp->status);
156
157 if (rp->status)
158 return;
159
160 hdev->link_policy = __le16_to_cpu(rp->policy);
161 }
162
163 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
164 {
165 __u8 status = *((__u8 *) skb->data);
166 void *sent;
167
168 BT_DBG("%s status 0x%x", hdev->name, status);
169
170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
171 if (!sent)
172 return;
173
174 if (!status)
175 hdev->link_policy = get_unaligned_le16(sent);
176
177 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
178 }
179
180 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181 {
182 __u8 status = *((__u8 *) skb->data);
183
184 BT_DBG("%s status 0x%x", hdev->name, status);
185
186 hci_req_complete(hdev, HCI_OP_RESET, status);
187 }
188
189 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
190 {
191 __u8 status = *((__u8 *) skb->data);
192 void *sent;
193
194 BT_DBG("%s status 0x%x", hdev->name, status);
195
196 if (status)
197 return;
198
199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200 if (!sent)
201 return;
202
203 memcpy(hdev->dev_name, sent, 248);
204 }
205
206 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 {
208 struct hci_rp_read_local_name *rp = (void *) skb->data;
209
210 BT_DBG("%s status 0x%x", hdev->name, rp->status);
211
212 if (rp->status)
213 return;
214
215 memcpy(hdev->dev_name, rp->name, 248);
216 }
217
218 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
219 {
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
222
223 BT_DBG("%s status 0x%x", hdev->name, status);
224
225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
226 if (!sent)
227 return;
228
229 if (!status) {
230 __u8 param = *((__u8 *) sent);
231
232 if (param == AUTH_ENABLED)
233 set_bit(HCI_AUTH, &hdev->flags);
234 else
235 clear_bit(HCI_AUTH, &hdev->flags);
236 }
237
238 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
239 }
240
241 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
242 {
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
246 BT_DBG("%s status 0x%x", hdev->name, status);
247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param)
256 set_bit(HCI_ENCRYPT, &hdev->flags);
257 else
258 clear_bit(HCI_ENCRYPT, &hdev->flags);
259 }
260
261 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
262 }
263
264 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
265 {
266 __u8 status = *((__u8 *) skb->data);
267 void *sent;
268
269 BT_DBG("%s status 0x%x", hdev->name, status);
270
271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
272 if (!sent)
273 return;
274
275 if (!status) {
276 __u8 param = *((__u8 *) sent);
277 int old_pscan, old_iscan;
278
279 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
280 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
281
282 if (param & SCAN_INQUIRY) {
283 set_bit(HCI_ISCAN, &hdev->flags);
284 if (!old_iscan)
285 mgmt_discoverable(hdev->id, 1);
286 } else if (old_iscan)
287 mgmt_discoverable(hdev->id, 0);
288
289 if (param & SCAN_PAGE) {
290 set_bit(HCI_PSCAN, &hdev->flags);
291 if (!old_pscan)
292 mgmt_connectable(hdev->id, 1);
293 } else if (old_pscan)
294 mgmt_connectable(hdev->id, 0);
295 }
296
297 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
298 }
299
300 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
301 {
302 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
303
304 BT_DBG("%s status 0x%x", hdev->name, rp->status);
305
306 if (rp->status)
307 return;
308
309 memcpy(hdev->dev_class, rp->dev_class, 3);
310
311 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
312 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
313 }
314
315 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
316 {
317 __u8 status = *((__u8 *) skb->data);
318 void *sent;
319
320 BT_DBG("%s status 0x%x", hdev->name, status);
321
322 if (status)
323 return;
324
325 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
326 if (!sent)
327 return;
328
329 memcpy(hdev->dev_class, sent, 3);
330 }
331
332 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
335 __u16 setting;
336
337 BT_DBG("%s status 0x%x", hdev->name, rp->status);
338
339 if (rp->status)
340 return;
341
342 setting = __le16_to_cpu(rp->voice_setting);
343
344 if (hdev->voice_setting == setting)
345 return;
346
347 hdev->voice_setting = setting;
348
349 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
350
351 if (hdev->notify) {
352 tasklet_disable(&hdev->tx_task);
353 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
354 tasklet_enable(&hdev->tx_task);
355 }
356 }
357
358 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
359 {
360 __u8 status = *((__u8 *) skb->data);
361 __u16 setting;
362 void *sent;
363
364 BT_DBG("%s status 0x%x", hdev->name, status);
365
366 if (status)
367 return;
368
369 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
370 if (!sent)
371 return;
372
373 setting = get_unaligned_le16(sent);
374
375 if (hdev->voice_setting == setting)
376 return;
377
378 hdev->voice_setting = setting;
379
380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
381
382 if (hdev->notify) {
383 tasklet_disable(&hdev->tx_task);
384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 tasklet_enable(&hdev->tx_task);
386 }
387 }
388
389 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
390 {
391 __u8 status = *((__u8 *) skb->data);
392
393 BT_DBG("%s status 0x%x", hdev->name, status);
394
395 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
396 }
397
398 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
399 {
400 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
401
402 BT_DBG("%s status 0x%x", hdev->name, rp->status);
403
404 if (rp->status)
405 return;
406
407 hdev->ssp_mode = rp->mode;
408 }
409
410 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
411 {
412 __u8 status = *((__u8 *) skb->data);
413 void *sent;
414
415 BT_DBG("%s status 0x%x", hdev->name, status);
416
417 if (status)
418 return;
419
420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
421 if (!sent)
422 return;
423
424 hdev->ssp_mode = *((__u8 *) sent);
425 }
426
427 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
428 {
429 if (hdev->features[6] & LMP_EXT_INQ)
430 return 2;
431
432 if (hdev->features[3] & LMP_RSSI_INQ)
433 return 1;
434
435 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
436 hdev->lmp_subver == 0x0757)
437 return 1;
438
439 if (hdev->manufacturer == 15) {
440 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
441 return 1;
442 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
443 return 1;
444 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
445 return 1;
446 }
447
448 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
449 hdev->lmp_subver == 0x1805)
450 return 1;
451
452 return 0;
453 }
454
455 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
456 {
457 u8 mode;
458
459 mode = hci_get_inquiry_mode(hdev);
460
461 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
462 }
463
464 static void hci_setup_event_mask(struct hci_dev *hdev)
465 {
466 /* The second byte is 0xff instead of 0x9f (two reserved bits
467 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
468 * command otherwise */
469 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
470
471 /* Events for 1.2 and newer controllers */
472 if (hdev->lmp_ver > 1) {
473 events[4] |= 0x01; /* Flow Specification Complete */
474 events[4] |= 0x02; /* Inquiry Result with RSSI */
475 events[4] |= 0x04; /* Read Remote Extended Features Complete */
476 events[5] |= 0x08; /* Synchronous Connection Complete */
477 events[5] |= 0x10; /* Synchronous Connection Changed */
478 }
479
480 if (hdev->features[3] & LMP_RSSI_INQ)
481 events[4] |= 0x04; /* Inquiry Result with RSSI */
482
483 if (hdev->features[5] & LMP_SNIFF_SUBR)
484 events[5] |= 0x20; /* Sniff Subrating */
485
486 if (hdev->features[5] & LMP_PAUSE_ENC)
487 events[5] |= 0x80; /* Encryption Key Refresh Complete */
488
489 if (hdev->features[6] & LMP_EXT_INQ)
490 events[5] |= 0x40; /* Extended Inquiry Result */
491
492 if (hdev->features[6] & LMP_NO_FLUSH)
493 events[7] |= 0x01; /* Enhanced Flush Complete */
494
495 if (hdev->features[7] & LMP_LSTO)
496 events[6] |= 0x80; /* Link Supervision Timeout Changed */
497
498 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
499 events[6] |= 0x01; /* IO Capability Request */
500 events[6] |= 0x02; /* IO Capability Response */
501 events[6] |= 0x04; /* User Confirmation Request */
502 events[6] |= 0x08; /* User Passkey Request */
503 events[6] |= 0x10; /* Remote OOB Data Request */
504 events[6] |= 0x20; /* Simple Pairing Complete */
505 events[7] |= 0x04; /* User Passkey Notification */
506 events[7] |= 0x08; /* Keypress Notification */
507 events[7] |= 0x10; /* Remote Host Supported
508 * Features Notification */
509 }
510
511 if (hdev->features[4] & LMP_LE)
512 events[7] |= 0x20; /* LE Meta-Event */
513
514 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
515 }
516
517 static void hci_setup(struct hci_dev *hdev)
518 {
519 hci_setup_event_mask(hdev);
520
521 if (hdev->lmp_ver > 1)
522 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
523
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 u8 mode = 0x01;
526 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
527 }
528
529 if (hdev->features[3] & LMP_RSSI_INQ)
530 hci_setup_inquiry_mode(hdev);
531
532 if (hdev->features[7] & LMP_INQ_TX_PWR)
533 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
534 }
535
536 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
537 {
538 struct hci_rp_read_local_version *rp = (void *) skb->data;
539
540 BT_DBG("%s status 0x%x", hdev->name, rp->status);
541
542 if (rp->status)
543 return;
544
545 hdev->hci_ver = rp->hci_ver;
546 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
547 hdev->lmp_ver = rp->lmp_ver;
548 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
549 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
550
551 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
552 hdev->manufacturer,
553 hdev->hci_ver, hdev->hci_rev);
554
555 if (test_bit(HCI_INIT, &hdev->flags))
556 hci_setup(hdev);
557 }
558
559 static void hci_setup_link_policy(struct hci_dev *hdev)
560 {
561 u16 link_policy = 0;
562
563 if (hdev->features[0] & LMP_RSWITCH)
564 link_policy |= HCI_LP_RSWITCH;
565 if (hdev->features[0] & LMP_HOLD)
566 link_policy |= HCI_LP_HOLD;
567 if (hdev->features[0] & LMP_SNIFF)
568 link_policy |= HCI_LP_SNIFF;
569 if (hdev->features[1] & LMP_PARK)
570 link_policy |= HCI_LP_PARK;
571
572 link_policy = cpu_to_le16(link_policy);
573 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
574 sizeof(link_policy), &link_policy);
575 }
576
577 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
578 {
579 struct hci_rp_read_local_commands *rp = (void *) skb->data;
580
581 BT_DBG("%s status 0x%x", hdev->name, rp->status);
582
583 if (rp->status)
584 goto done;
585
586 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
587
588 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
589 hci_setup_link_policy(hdev);
590
591 done:
592 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
593 }
594
595 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
596 {
597 struct hci_rp_read_local_features *rp = (void *) skb->data;
598
599 BT_DBG("%s status 0x%x", hdev->name, rp->status);
600
601 if (rp->status)
602 return;
603
604 memcpy(hdev->features, rp->features, 8);
605
606 /* Adjust default settings according to features
607 * supported by device. */
608
609 if (hdev->features[0] & LMP_3SLOT)
610 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
611
612 if (hdev->features[0] & LMP_5SLOT)
613 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
614
615 if (hdev->features[1] & LMP_HV2) {
616 hdev->pkt_type |= (HCI_HV2);
617 hdev->esco_type |= (ESCO_HV2);
618 }
619
620 if (hdev->features[1] & LMP_HV3) {
621 hdev->pkt_type |= (HCI_HV3);
622 hdev->esco_type |= (ESCO_HV3);
623 }
624
625 if (hdev->features[3] & LMP_ESCO)
626 hdev->esco_type |= (ESCO_EV3);
627
628 if (hdev->features[4] & LMP_EV4)
629 hdev->esco_type |= (ESCO_EV4);
630
631 if (hdev->features[4] & LMP_EV5)
632 hdev->esco_type |= (ESCO_EV5);
633
634 if (hdev->features[5] & LMP_EDR_ESCO_2M)
635 hdev->esco_type |= (ESCO_2EV3);
636
637 if (hdev->features[5] & LMP_EDR_ESCO_3M)
638 hdev->esco_type |= (ESCO_3EV3);
639
640 if (hdev->features[5] & LMP_EDR_3S_ESCO)
641 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
642
643 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
644 hdev->features[0], hdev->features[1],
645 hdev->features[2], hdev->features[3],
646 hdev->features[4], hdev->features[5],
647 hdev->features[6], hdev->features[7]);
648 }
649
650 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
651 {
652 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
653
654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
655
656 if (rp->status)
657 return;
658
659 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
660 hdev->sco_mtu = rp->sco_mtu;
661 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
662 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
663
664 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
665 hdev->sco_mtu = 64;
666 hdev->sco_pkts = 8;
667 }
668
669 hdev->acl_cnt = hdev->acl_pkts;
670 hdev->sco_cnt = hdev->sco_pkts;
671
672 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
673 hdev->acl_mtu, hdev->acl_pkts,
674 hdev->sco_mtu, hdev->sco_pkts);
675 }
676
677 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
678 {
679 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
680
681 BT_DBG("%s status 0x%x", hdev->name, rp->status);
682
683 if (!rp->status)
684 bacpy(&hdev->bdaddr, &rp->bdaddr);
685
686 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
687 }
688
689 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
690 {
691 __u8 status = *((__u8 *) skb->data);
692
693 BT_DBG("%s status 0x%x", hdev->name, status);
694
695 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
696 }
697
698 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
699 struct sk_buff *skb)
700 {
701 __u8 status = *((__u8 *) skb->data);
702
703 BT_DBG("%s status 0x%x", hdev->name, status);
704
705 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
706 }
707
708 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
709 {
710 __u8 status = *((__u8 *) skb->data);
711
712 BT_DBG("%s status 0x%x", hdev->name, status);
713
714 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
715 }
716
717 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
718 struct sk_buff *skb)
719 {
720 __u8 status = *((__u8 *) skb->data);
721
722 BT_DBG("%s status 0x%x", hdev->name, status);
723
724 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
725 }
726
727 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
728 struct sk_buff *skb)
729 {
730 __u8 status = *((__u8 *) skb->data);
731
732 BT_DBG("%s status 0x%x", hdev->name, status);
733
734 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
735 }
736
737 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
738 {
739 __u8 status = *((__u8 *) skb->data);
740
741 BT_DBG("%s status 0x%x", hdev->name, status);
742
743 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
744 }
745
746 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
747 {
748 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
749 struct hci_cp_pin_code_reply *cp;
750 struct hci_conn *conn;
751
752 BT_DBG("%s status 0x%x", hdev->name, rp->status);
753
754 if (test_bit(HCI_MGMT, &hdev->flags))
755 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
756
757 if (rp->status != 0)
758 return;
759
760 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
761 if (!cp)
762 return;
763
764 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
765 if (conn)
766 conn->pin_length = cp->pin_len;
767 }
768
769 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
770 {
771 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
772
773 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774
775 if (test_bit(HCI_MGMT, &hdev->flags))
776 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
777 rp->status);
778 }
779
780 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
781 {
782 BT_DBG("%s status 0x%x", hdev->name, status);
783
784 if (status) {
785 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
786
787 hci_conn_check_pending(hdev);
788 } else
789 set_bit(HCI_INQUIRY, &hdev->flags);
790 }
791
792 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
793 {
794 struct hci_cp_create_conn *cp;
795 struct hci_conn *conn;
796
797 BT_DBG("%s status 0x%x", hdev->name, status);
798
799 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
800 if (!cp)
801 return;
802
803 hci_dev_lock(hdev);
804
805 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
806
807 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
808
809 if (status) {
810 if (conn && conn->state == BT_CONNECT) {
811 if (status != 0x0c || conn->attempt > 2) {
812 conn->state = BT_CLOSED;
813 hci_proto_connect_cfm(conn, status);
814 hci_conn_del(conn);
815 } else
816 conn->state = BT_CONNECT2;
817 }
818 } else {
819 if (!conn) {
820 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
821 if (conn) {
822 conn->out = 1;
823 conn->link_mode |= HCI_LM_MASTER;
824 } else
825 BT_ERR("No memory for new connection");
826 }
827 }
828
829 hci_dev_unlock(hdev);
830 }
831
832 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
833 {
834 struct hci_cp_add_sco *cp;
835 struct hci_conn *acl, *sco;
836 __u16 handle;
837
838 BT_DBG("%s status 0x%x", hdev->name, status);
839
840 if (!status)
841 return;
842
843 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
844 if (!cp)
845 return;
846
847 handle = __le16_to_cpu(cp->handle);
848
849 BT_DBG("%s handle %d", hdev->name, handle);
850
851 hci_dev_lock(hdev);
852
853 acl = hci_conn_hash_lookup_handle(hdev, handle);
854 if (acl && (sco = acl->link)) {
855 sco->state = BT_CLOSED;
856
857 hci_proto_connect_cfm(sco, status);
858 hci_conn_del(sco);
859 }
860
861 hci_dev_unlock(hdev);
862 }
863
864 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
865 {
866 struct hci_cp_auth_requested *cp;
867 struct hci_conn *conn;
868
869 BT_DBG("%s status 0x%x", hdev->name, status);
870
871 if (!status)
872 return;
873
874 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
875 if (!cp)
876 return;
877
878 hci_dev_lock(hdev);
879
880 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
881 if (conn) {
882 if (conn->state == BT_CONFIG) {
883 hci_proto_connect_cfm(conn, status);
884 hci_conn_put(conn);
885 }
886 }
887
888 hci_dev_unlock(hdev);
889 }
890
891 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
892 {
893 struct hci_cp_set_conn_encrypt *cp;
894 struct hci_conn *conn;
895
896 BT_DBG("%s status 0x%x", hdev->name, status);
897
898 if (!status)
899 return;
900
901 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
902 if (!cp)
903 return;
904
905 hci_dev_lock(hdev);
906
907 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
908 if (conn) {
909 if (conn->state == BT_CONFIG) {
910 hci_proto_connect_cfm(conn, status);
911 hci_conn_put(conn);
912 }
913 }
914
915 hci_dev_unlock(hdev);
916 }
917
918 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
919 struct hci_conn *conn)
920 {
921 if (conn->state != BT_CONFIG || !conn->out)
922 return 0;
923
924 if (conn->pending_sec_level == BT_SECURITY_SDP)
925 return 0;
926
927 /* Only request authentication for SSP connections or non-SSP
928 * devices with sec_level HIGH */
929 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
930 conn->pending_sec_level != BT_SECURITY_HIGH)
931 return 0;
932
933 return 1;
934 }
935
936 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
937 {
938 struct hci_cp_remote_name_req *cp;
939 struct hci_conn *conn;
940
941 BT_DBG("%s status 0x%x", hdev->name, status);
942
943 /* If successful wait for the name req complete event before
944 * checking for the need to do authentication */
945 if (!status)
946 return;
947
948 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
949 if (!cp)
950 return;
951
952 hci_dev_lock(hdev);
953
954 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
955 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
956 struct hci_cp_auth_requested cp;
957 cp.handle = __cpu_to_le16(conn->handle);
958 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
959 }
960
961 hci_dev_unlock(hdev);
962 }
963
964 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
965 {
966 struct hci_cp_read_remote_features *cp;
967 struct hci_conn *conn;
968
969 BT_DBG("%s status 0x%x", hdev->name, status);
970
971 if (!status)
972 return;
973
974 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
975 if (!cp)
976 return;
977
978 hci_dev_lock(hdev);
979
980 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
981 if (conn) {
982 if (conn->state == BT_CONFIG) {
983 hci_proto_connect_cfm(conn, status);
984 hci_conn_put(conn);
985 }
986 }
987
988 hci_dev_unlock(hdev);
989 }
990
991 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
992 {
993 struct hci_cp_read_remote_ext_features *cp;
994 struct hci_conn *conn;
995
996 BT_DBG("%s status 0x%x", hdev->name, status);
997
998 if (!status)
999 return;
1000
1001 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1002 if (!cp)
1003 return;
1004
1005 hci_dev_lock(hdev);
1006
1007 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1008 if (conn) {
1009 if (conn->state == BT_CONFIG) {
1010 hci_proto_connect_cfm(conn, status);
1011 hci_conn_put(conn);
1012 }
1013 }
1014
1015 hci_dev_unlock(hdev);
1016 }
1017
1018 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1019 {
1020 struct hci_cp_setup_sync_conn *cp;
1021 struct hci_conn *acl, *sco;
1022 __u16 handle;
1023
1024 BT_DBG("%s status 0x%x", hdev->name, status);
1025
1026 if (!status)
1027 return;
1028
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1030 if (!cp)
1031 return;
1032
1033 handle = __le16_to_cpu(cp->handle);
1034
1035 BT_DBG("%s handle %d", hdev->name, handle);
1036
1037 hci_dev_lock(hdev);
1038
1039 acl = hci_conn_hash_lookup_handle(hdev, handle);
1040 if (acl && (sco = acl->link)) {
1041 sco->state = BT_CLOSED;
1042
1043 hci_proto_connect_cfm(sco, status);
1044 hci_conn_del(sco);
1045 }
1046
1047 hci_dev_unlock(hdev);
1048 }
1049
1050 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1051 {
1052 struct hci_cp_sniff_mode *cp;
1053 struct hci_conn *conn;
1054
1055 BT_DBG("%s status 0x%x", hdev->name, status);
1056
1057 if (!status)
1058 return;
1059
1060 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1061 if (!cp)
1062 return;
1063
1064 hci_dev_lock(hdev);
1065
1066 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1067 if (conn) {
1068 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1069
1070 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1071 hci_sco_setup(conn, status);
1072 }
1073
1074 hci_dev_unlock(hdev);
1075 }
1076
1077 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1078 {
1079 struct hci_cp_exit_sniff_mode *cp;
1080 struct hci_conn *conn;
1081
1082 BT_DBG("%s status 0x%x", hdev->name, status);
1083
1084 if (!status)
1085 return;
1086
1087 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1088 if (!cp)
1089 return;
1090
1091 hci_dev_lock(hdev);
1092
1093 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1094 if (conn) {
1095 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1096
1097 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1098 hci_sco_setup(conn, status);
1099 }
1100
1101 hci_dev_unlock(hdev);
1102 }
1103
1104 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1105 {
1106 __u8 status = *((__u8 *) skb->data);
1107
1108 BT_DBG("%s status %d", hdev->name, status);
1109
1110 clear_bit(HCI_INQUIRY, &hdev->flags);
1111
1112 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1113
1114 hci_conn_check_pending(hdev);
1115 }
1116
1117 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1118 {
1119 struct inquiry_data data;
1120 struct inquiry_info *info = (void *) (skb->data + 1);
1121 int num_rsp = *((__u8 *) skb->data);
1122
1123 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1124
1125 if (!num_rsp)
1126 return;
1127
1128 hci_dev_lock(hdev);
1129
1130 for (; num_rsp; num_rsp--) {
1131 bacpy(&data.bdaddr, &info->bdaddr);
1132 data.pscan_rep_mode = info->pscan_rep_mode;
1133 data.pscan_period_mode = info->pscan_period_mode;
1134 data.pscan_mode = info->pscan_mode;
1135 memcpy(data.dev_class, info->dev_class, 3);
1136 data.clock_offset = info->clock_offset;
1137 data.rssi = 0x00;
1138 data.ssp_mode = 0x00;
1139 info++;
1140 hci_inquiry_cache_update(hdev, &data);
1141 }
1142
1143 hci_dev_unlock(hdev);
1144 }
1145
1146 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1147 {
1148 struct hci_ev_conn_complete *ev = (void *) skb->data;
1149 struct hci_conn *conn;
1150
1151 BT_DBG("%s", hdev->name);
1152
1153 hci_dev_lock(hdev);
1154
1155 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1156 if (!conn) {
1157 if (ev->link_type != SCO_LINK)
1158 goto unlock;
1159
1160 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1161 if (!conn)
1162 goto unlock;
1163
1164 conn->type = SCO_LINK;
1165 }
1166
1167 if (!ev->status) {
1168 conn->handle = __le16_to_cpu(ev->handle);
1169
1170 if (conn->type == ACL_LINK) {
1171 conn->state = BT_CONFIG;
1172 hci_conn_hold(conn);
1173 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1174 mgmt_connected(hdev->id, &ev->bdaddr);
1175 } else
1176 conn->state = BT_CONNECTED;
1177
1178 hci_conn_hold_device(conn);
1179 hci_conn_add_sysfs(conn);
1180
1181 if (test_bit(HCI_AUTH, &hdev->flags))
1182 conn->link_mode |= HCI_LM_AUTH;
1183
1184 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1185 conn->link_mode |= HCI_LM_ENCRYPT;
1186
1187 /* Get remote features */
1188 if (conn->type == ACL_LINK) {
1189 struct hci_cp_read_remote_features cp;
1190 cp.handle = ev->handle;
1191 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1192 sizeof(cp), &cp);
1193 }
1194
1195 /* Set packet type for incoming connection */
1196 if (!conn->out && hdev->hci_ver < 3) {
1197 struct hci_cp_change_conn_ptype cp;
1198 cp.handle = ev->handle;
1199 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1200 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1201 sizeof(cp), &cp);
1202 }
1203 } else {
1204 conn->state = BT_CLOSED;
1205 if (conn->type == ACL_LINK)
1206 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1207 }
1208
1209 if (conn->type == ACL_LINK)
1210 hci_sco_setup(conn, ev->status);
1211
1212 if (ev->status) {
1213 hci_proto_connect_cfm(conn, ev->status);
1214 hci_conn_del(conn);
1215 } else if (ev->link_type != ACL_LINK)
1216 hci_proto_connect_cfm(conn, ev->status);
1217
1218 unlock:
1219 hci_dev_unlock(hdev);
1220
1221 hci_conn_check_pending(hdev);
1222 }
1223
1224 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1225 {
1226 struct hci_ev_conn_request *ev = (void *) skb->data;
1227 int mask = hdev->link_mode;
1228
1229 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1230 batostr(&ev->bdaddr), ev->link_type);
1231
1232 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1233
1234 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1235 /* Connection accepted */
1236 struct inquiry_entry *ie;
1237 struct hci_conn *conn;
1238
1239 hci_dev_lock(hdev);
1240
1241 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1242 if (ie)
1243 memcpy(ie->data.dev_class, ev->dev_class, 3);
1244
1245 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1246 if (!conn) {
1247 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1248 if (!conn) {
1249 BT_ERR("No memory for new connection");
1250 hci_dev_unlock(hdev);
1251 return;
1252 }
1253 }
1254
1255 memcpy(conn->dev_class, ev->dev_class, 3);
1256 conn->state = BT_CONNECT;
1257
1258 hci_dev_unlock(hdev);
1259
1260 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1261 struct hci_cp_accept_conn_req cp;
1262
1263 bacpy(&cp.bdaddr, &ev->bdaddr);
1264
1265 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1266 cp.role = 0x00; /* Become master */
1267 else
1268 cp.role = 0x01; /* Remain slave */
1269
1270 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1271 sizeof(cp), &cp);
1272 } else {
1273 struct hci_cp_accept_sync_conn_req cp;
1274
1275 bacpy(&cp.bdaddr, &ev->bdaddr);
1276 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1277
1278 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1279 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1280 cp.max_latency = cpu_to_le16(0xffff);
1281 cp.content_format = cpu_to_le16(hdev->voice_setting);
1282 cp.retrans_effort = 0xff;
1283
1284 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1285 sizeof(cp), &cp);
1286 }
1287 } else {
1288 /* Connection rejected */
1289 struct hci_cp_reject_conn_req cp;
1290
1291 bacpy(&cp.bdaddr, &ev->bdaddr);
1292 cp.reason = 0x0f;
1293 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1294 }
1295 }
1296
1297 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1298 {
1299 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1300 struct hci_conn *conn;
1301
1302 BT_DBG("%s status %d", hdev->name, ev->status);
1303
1304 if (ev->status) {
1305 mgmt_disconnect_failed(hdev->id);
1306 return;
1307 }
1308
1309 hci_dev_lock(hdev);
1310
1311 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1312 if (!conn)
1313 goto unlock;
1314
1315 conn->state = BT_CLOSED;
1316
1317 if (conn->type == ACL_LINK)
1318 mgmt_disconnected(hdev->id, &conn->dst);
1319
1320 hci_proto_disconn_cfm(conn, ev->reason);
1321 hci_conn_del(conn);
1322
1323 unlock:
1324 hci_dev_unlock(hdev);
1325 }
1326
1327 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1328 {
1329 struct hci_ev_auth_complete *ev = (void *) skb->data;
1330 struct hci_conn *conn;
1331
1332 BT_DBG("%s status %d", hdev->name, ev->status);
1333
1334 hci_dev_lock(hdev);
1335
1336 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1337 if (conn) {
1338 if (!ev->status) {
1339 conn->link_mode |= HCI_LM_AUTH;
1340 conn->sec_level = conn->pending_sec_level;
1341 } else
1342 conn->sec_level = BT_SECURITY_LOW;
1343
1344 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1345
1346 if (conn->state == BT_CONFIG) {
1347 if (!ev->status && hdev->ssp_mode > 0 &&
1348 conn->ssp_mode > 0) {
1349 struct hci_cp_set_conn_encrypt cp;
1350 cp.handle = ev->handle;
1351 cp.encrypt = 0x01;
1352 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1353 sizeof(cp), &cp);
1354 } else {
1355 conn->state = BT_CONNECTED;
1356 hci_proto_connect_cfm(conn, ev->status);
1357 hci_conn_put(conn);
1358 }
1359 } else {
1360 hci_auth_cfm(conn, ev->status);
1361
1362 hci_conn_hold(conn);
1363 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1364 hci_conn_put(conn);
1365 }
1366
1367 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1368 if (!ev->status) {
1369 struct hci_cp_set_conn_encrypt cp;
1370 cp.handle = ev->handle;
1371 cp.encrypt = 0x01;
1372 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1373 sizeof(cp), &cp);
1374 } else {
1375 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1376 hci_encrypt_cfm(conn, ev->status, 0x00);
1377 }
1378 }
1379 }
1380
1381 hci_dev_unlock(hdev);
1382 }
1383
1384 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1385 {
1386 struct hci_ev_remote_name *ev = (void *) skb->data;
1387 struct hci_conn *conn;
1388
1389 BT_DBG("%s", hdev->name);
1390
1391 hci_conn_check_pending(hdev);
1392
1393 hci_dev_lock(hdev);
1394
1395 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1396 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1397 struct hci_cp_auth_requested cp;
1398 cp.handle = __cpu_to_le16(conn->handle);
1399 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1400 }
1401
1402 hci_dev_unlock(hdev);
1403 }
1404
1405 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1406 {
1407 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1408 struct hci_conn *conn;
1409
1410 BT_DBG("%s status %d", hdev->name, ev->status);
1411
1412 hci_dev_lock(hdev);
1413
1414 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1415 if (conn) {
1416 if (!ev->status) {
1417 if (ev->encrypt) {
1418 /* Encryption implies authentication */
1419 conn->link_mode |= HCI_LM_AUTH;
1420 conn->link_mode |= HCI_LM_ENCRYPT;
1421 } else
1422 conn->link_mode &= ~HCI_LM_ENCRYPT;
1423 }
1424
1425 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1426
1427 if (conn->state == BT_CONFIG) {
1428 if (!ev->status)
1429 conn->state = BT_CONNECTED;
1430
1431 hci_proto_connect_cfm(conn, ev->status);
1432 hci_conn_put(conn);
1433 } else
1434 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1435 }
1436
1437 hci_dev_unlock(hdev);
1438 }
1439
1440 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1441 {
1442 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1443 struct hci_conn *conn;
1444
1445 BT_DBG("%s status %d", hdev->name, ev->status);
1446
1447 hci_dev_lock(hdev);
1448
1449 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1450 if (conn) {
1451 if (!ev->status)
1452 conn->link_mode |= HCI_LM_SECURE;
1453
1454 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1455
1456 hci_key_change_cfm(conn, ev->status);
1457 }
1458
1459 hci_dev_unlock(hdev);
1460 }
1461
1462 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1463 {
1464 struct hci_ev_remote_features *ev = (void *) skb->data;
1465 struct hci_conn *conn;
1466
1467 BT_DBG("%s status %d", hdev->name, ev->status);
1468
1469 hci_dev_lock(hdev);
1470
1471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1472 if (!conn)
1473 goto unlock;
1474
1475 if (!ev->status)
1476 memcpy(conn->features, ev->features, 8);
1477
1478 if (conn->state != BT_CONFIG)
1479 goto unlock;
1480
1481 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1482 struct hci_cp_read_remote_ext_features cp;
1483 cp.handle = ev->handle;
1484 cp.page = 0x01;
1485 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1486 sizeof(cp), &cp);
1487 goto unlock;
1488 }
1489
1490 if (!ev->status) {
1491 struct hci_cp_remote_name_req cp;
1492 memset(&cp, 0, sizeof(cp));
1493 bacpy(&cp.bdaddr, &conn->dst);
1494 cp.pscan_rep_mode = 0x02;
1495 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1496 }
1497
1498 if (!hci_outgoing_auth_needed(hdev, conn)) {
1499 conn->state = BT_CONNECTED;
1500 hci_proto_connect_cfm(conn, ev->status);
1501 hci_conn_put(conn);
1502 }
1503
1504 unlock:
1505 hci_dev_unlock(hdev);
1506 }
1507
1508 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1509 {
1510 BT_DBG("%s", hdev->name);
1511 }
1512
1513 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1514 {
1515 BT_DBG("%s", hdev->name);
1516 }
1517
1518 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1519 {
1520 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1521 __u16 opcode;
1522
1523 skb_pull(skb, sizeof(*ev));
1524
1525 opcode = __le16_to_cpu(ev->opcode);
1526
1527 switch (opcode) {
1528 case HCI_OP_INQUIRY_CANCEL:
1529 hci_cc_inquiry_cancel(hdev, skb);
1530 break;
1531
1532 case HCI_OP_EXIT_PERIODIC_INQ:
1533 hci_cc_exit_periodic_inq(hdev, skb);
1534 break;
1535
1536 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1537 hci_cc_remote_name_req_cancel(hdev, skb);
1538 break;
1539
1540 case HCI_OP_ROLE_DISCOVERY:
1541 hci_cc_role_discovery(hdev, skb);
1542 break;
1543
1544 case HCI_OP_READ_LINK_POLICY:
1545 hci_cc_read_link_policy(hdev, skb);
1546 break;
1547
1548 case HCI_OP_WRITE_LINK_POLICY:
1549 hci_cc_write_link_policy(hdev, skb);
1550 break;
1551
1552 case HCI_OP_READ_DEF_LINK_POLICY:
1553 hci_cc_read_def_link_policy(hdev, skb);
1554 break;
1555
1556 case HCI_OP_WRITE_DEF_LINK_POLICY:
1557 hci_cc_write_def_link_policy(hdev, skb);
1558 break;
1559
1560 case HCI_OP_RESET:
1561 hci_cc_reset(hdev, skb);
1562 break;
1563
1564 case HCI_OP_WRITE_LOCAL_NAME:
1565 hci_cc_write_local_name(hdev, skb);
1566 break;
1567
1568 case HCI_OP_READ_LOCAL_NAME:
1569 hci_cc_read_local_name(hdev, skb);
1570 break;
1571
1572 case HCI_OP_WRITE_AUTH_ENABLE:
1573 hci_cc_write_auth_enable(hdev, skb);
1574 break;
1575
1576 case HCI_OP_WRITE_ENCRYPT_MODE:
1577 hci_cc_write_encrypt_mode(hdev, skb);
1578 break;
1579
1580 case HCI_OP_WRITE_SCAN_ENABLE:
1581 hci_cc_write_scan_enable(hdev, skb);
1582 break;
1583
1584 case HCI_OP_READ_CLASS_OF_DEV:
1585 hci_cc_read_class_of_dev(hdev, skb);
1586 break;
1587
1588 case HCI_OP_WRITE_CLASS_OF_DEV:
1589 hci_cc_write_class_of_dev(hdev, skb);
1590 break;
1591
1592 case HCI_OP_READ_VOICE_SETTING:
1593 hci_cc_read_voice_setting(hdev, skb);
1594 break;
1595
1596 case HCI_OP_WRITE_VOICE_SETTING:
1597 hci_cc_write_voice_setting(hdev, skb);
1598 break;
1599
1600 case HCI_OP_HOST_BUFFER_SIZE:
1601 hci_cc_host_buffer_size(hdev, skb);
1602 break;
1603
1604 case HCI_OP_READ_SSP_MODE:
1605 hci_cc_read_ssp_mode(hdev, skb);
1606 break;
1607
1608 case HCI_OP_WRITE_SSP_MODE:
1609 hci_cc_write_ssp_mode(hdev, skb);
1610 break;
1611
1612 case HCI_OP_READ_LOCAL_VERSION:
1613 hci_cc_read_local_version(hdev, skb);
1614 break;
1615
1616 case HCI_OP_READ_LOCAL_COMMANDS:
1617 hci_cc_read_local_commands(hdev, skb);
1618 break;
1619
1620 case HCI_OP_READ_LOCAL_FEATURES:
1621 hci_cc_read_local_features(hdev, skb);
1622 break;
1623
1624 case HCI_OP_READ_BUFFER_SIZE:
1625 hci_cc_read_buffer_size(hdev, skb);
1626 break;
1627
1628 case HCI_OP_READ_BD_ADDR:
1629 hci_cc_read_bd_addr(hdev, skb);
1630 break;
1631
1632 case HCI_OP_WRITE_CA_TIMEOUT:
1633 hci_cc_write_ca_timeout(hdev, skb);
1634 break;
1635
1636 case HCI_OP_DELETE_STORED_LINK_KEY:
1637 hci_cc_delete_stored_link_key(hdev, skb);
1638 break;
1639
1640 case HCI_OP_SET_EVENT_MASK:
1641 hci_cc_set_event_mask(hdev, skb);
1642 break;
1643
1644 case HCI_OP_WRITE_INQUIRY_MODE:
1645 hci_cc_write_inquiry_mode(hdev, skb);
1646 break;
1647
1648 case HCI_OP_READ_INQ_RSP_TX_POWER:
1649 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1650 break;
1651
1652 case HCI_OP_SET_EVENT_FLT:
1653 hci_cc_set_event_flt(hdev, skb);
1654 break;
1655
1656 case HCI_OP_PIN_CODE_REPLY:
1657 hci_cc_pin_code_reply(hdev, skb);
1658 break;
1659
1660 case HCI_OP_PIN_CODE_NEG_REPLY:
1661 hci_cc_pin_code_neg_reply(hdev, skb);
1662 break;
1663
1664 default:
1665 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1666 break;
1667 }
1668
1669 if (ev->ncmd) {
1670 atomic_set(&hdev->cmd_cnt, 1);
1671 if (!skb_queue_empty(&hdev->cmd_q))
1672 tasklet_schedule(&hdev->cmd_task);
1673 }
1674 }
1675
1676 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1677 {
1678 struct hci_ev_cmd_status *ev = (void *) skb->data;
1679 __u16 opcode;
1680
1681 skb_pull(skb, sizeof(*ev));
1682
1683 opcode = __le16_to_cpu(ev->opcode);
1684
1685 switch (opcode) {
1686 case HCI_OP_INQUIRY:
1687 hci_cs_inquiry(hdev, ev->status);
1688 break;
1689
1690 case HCI_OP_CREATE_CONN:
1691 hci_cs_create_conn(hdev, ev->status);
1692 break;
1693
1694 case HCI_OP_ADD_SCO:
1695 hci_cs_add_sco(hdev, ev->status);
1696 break;
1697
1698 case HCI_OP_AUTH_REQUESTED:
1699 hci_cs_auth_requested(hdev, ev->status);
1700 break;
1701
1702 case HCI_OP_SET_CONN_ENCRYPT:
1703 hci_cs_set_conn_encrypt(hdev, ev->status);
1704 break;
1705
1706 case HCI_OP_REMOTE_NAME_REQ:
1707 hci_cs_remote_name_req(hdev, ev->status);
1708 break;
1709
1710 case HCI_OP_READ_REMOTE_FEATURES:
1711 hci_cs_read_remote_features(hdev, ev->status);
1712 break;
1713
1714 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1715 hci_cs_read_remote_ext_features(hdev, ev->status);
1716 break;
1717
1718 case HCI_OP_SETUP_SYNC_CONN:
1719 hci_cs_setup_sync_conn(hdev, ev->status);
1720 break;
1721
1722 case HCI_OP_SNIFF_MODE:
1723 hci_cs_sniff_mode(hdev, ev->status);
1724 break;
1725
1726 case HCI_OP_EXIT_SNIFF_MODE:
1727 hci_cs_exit_sniff_mode(hdev, ev->status);
1728 break;
1729
1730 case HCI_OP_DISCONNECT:
1731 if (ev->status != 0)
1732 mgmt_disconnect_failed(hdev->id);
1733 break;
1734
1735 default:
1736 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1737 break;
1738 }
1739
1740 if (ev->ncmd) {
1741 atomic_set(&hdev->cmd_cnt, 1);
1742 if (!skb_queue_empty(&hdev->cmd_q))
1743 tasklet_schedule(&hdev->cmd_task);
1744 }
1745 }
1746
1747 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1748 {
1749 struct hci_ev_role_change *ev = (void *) skb->data;
1750 struct hci_conn *conn;
1751
1752 BT_DBG("%s status %d", hdev->name, ev->status);
1753
1754 hci_dev_lock(hdev);
1755
1756 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1757 if (conn) {
1758 if (!ev->status) {
1759 if (ev->role)
1760 conn->link_mode &= ~HCI_LM_MASTER;
1761 else
1762 conn->link_mode |= HCI_LM_MASTER;
1763 }
1764
1765 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1766
1767 hci_role_switch_cfm(conn, ev->status, ev->role);
1768 }
1769
1770 hci_dev_unlock(hdev);
1771 }
1772
1773 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1774 {
1775 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1776 __le16 *ptr;
1777 int i;
1778
1779 skb_pull(skb, sizeof(*ev));
1780
1781 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1782
1783 if (skb->len < ev->num_hndl * 4) {
1784 BT_DBG("%s bad parameters", hdev->name);
1785 return;
1786 }
1787
1788 tasklet_disable(&hdev->tx_task);
1789
1790 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1791 struct hci_conn *conn;
1792 __u16 handle, count;
1793
1794 handle = get_unaligned_le16(ptr++);
1795 count = get_unaligned_le16(ptr++);
1796
1797 conn = hci_conn_hash_lookup_handle(hdev, handle);
1798 if (conn) {
1799 conn->sent -= count;
1800
1801 if (conn->type == ACL_LINK) {
1802 hdev->acl_cnt += count;
1803 if (hdev->acl_cnt > hdev->acl_pkts)
1804 hdev->acl_cnt = hdev->acl_pkts;
1805 } else {
1806 hdev->sco_cnt += count;
1807 if (hdev->sco_cnt > hdev->sco_pkts)
1808 hdev->sco_cnt = hdev->sco_pkts;
1809 }
1810 }
1811 }
1812
1813 tasklet_schedule(&hdev->tx_task);
1814
1815 tasklet_enable(&hdev->tx_task);
1816 }
1817
1818 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1819 {
1820 struct hci_ev_mode_change *ev = (void *) skb->data;
1821 struct hci_conn *conn;
1822
1823 BT_DBG("%s status %d", hdev->name, ev->status);
1824
1825 hci_dev_lock(hdev);
1826
1827 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1828 if (conn) {
1829 conn->mode = ev->mode;
1830 conn->interval = __le16_to_cpu(ev->interval);
1831
1832 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1833 if (conn->mode == HCI_CM_ACTIVE)
1834 conn->power_save = 1;
1835 else
1836 conn->power_save = 0;
1837 }
1838
1839 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1840 hci_sco_setup(conn, ev->status);
1841 }
1842
1843 hci_dev_unlock(hdev);
1844 }
1845
1846 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1847 {
1848 struct hci_ev_pin_code_req *ev = (void *) skb->data;
1849 struct hci_conn *conn;
1850
1851 BT_DBG("%s", hdev->name);
1852
1853 hci_dev_lock(hdev);
1854
1855 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1856 if (conn && conn->state == BT_CONNECTED) {
1857 hci_conn_hold(conn);
1858 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1859 hci_conn_put(conn);
1860 }
1861
1862 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
1863 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1864 sizeof(ev->bdaddr), &ev->bdaddr);
1865
1866 if (test_bit(HCI_MGMT, &hdev->flags))
1867 mgmt_pin_code_request(hdev->id, &ev->bdaddr);
1868
1869 hci_dev_unlock(hdev);
1870 }
1871
1872 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1873 {
1874 struct hci_ev_link_key_req *ev = (void *) skb->data;
1875 struct hci_cp_link_key_reply cp;
1876 struct hci_conn *conn;
1877 struct link_key *key;
1878
1879 BT_DBG("%s", hdev->name);
1880
1881 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
1882 return;
1883
1884 hci_dev_lock(hdev);
1885
1886 key = hci_find_link_key(hdev, &ev->bdaddr);
1887 if (!key) {
1888 BT_DBG("%s link key not found for %s", hdev->name,
1889 batostr(&ev->bdaddr));
1890 goto not_found;
1891 }
1892
1893 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
1894 batostr(&ev->bdaddr));
1895
1896 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) {
1897 BT_DBG("%s ignoring debug key", hdev->name);
1898 goto not_found;
1899 }
1900
1901 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1902
1903 if (key->type == 0x04 && conn && conn->auth_type != 0xff &&
1904 (conn->auth_type & 0x01)) {
1905 BT_DBG("%s ignoring unauthenticated key", hdev->name);
1906 goto not_found;
1907 }
1908
1909 bacpy(&cp.bdaddr, &ev->bdaddr);
1910 memcpy(cp.link_key, key->val, 16);
1911
1912 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
1913
1914 hci_dev_unlock(hdev);
1915
1916 return;
1917
1918 not_found:
1919 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
1920 hci_dev_unlock(hdev);
1921 }
1922
1923 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1924 {
1925 struct hci_ev_link_key_notify *ev = (void *) skb->data;
1926 struct hci_conn *conn;
1927 u8 pin_len = 0;
1928
1929 BT_DBG("%s", hdev->name);
1930
1931 hci_dev_lock(hdev);
1932
1933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1934 if (conn) {
1935 hci_conn_hold(conn);
1936 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1937 pin_len = conn->pin_length;
1938 hci_conn_put(conn);
1939 }
1940
1941 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
1942 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
1943 ev->key_type, pin_len);
1944
1945 hci_dev_unlock(hdev);
1946 }
1947
1948 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1949 {
1950 struct hci_ev_clock_offset *ev = (void *) skb->data;
1951 struct hci_conn *conn;
1952
1953 BT_DBG("%s status %d", hdev->name, ev->status);
1954
1955 hci_dev_lock(hdev);
1956
1957 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1958 if (conn && !ev->status) {
1959 struct inquiry_entry *ie;
1960
1961 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
1962 if (ie) {
1963 ie->data.clock_offset = ev->clock_offset;
1964 ie->timestamp = jiffies;
1965 }
1966 }
1967
1968 hci_dev_unlock(hdev);
1969 }
1970
1971 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1972 {
1973 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1974 struct hci_conn *conn;
1975
1976 BT_DBG("%s status %d", hdev->name, ev->status);
1977
1978 hci_dev_lock(hdev);
1979
1980 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1981 if (conn && !ev->status)
1982 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1983
1984 hci_dev_unlock(hdev);
1985 }
1986
1987 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1988 {
1989 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1990 struct inquiry_entry *ie;
1991
1992 BT_DBG("%s", hdev->name);
1993
1994 hci_dev_lock(hdev);
1995
1996 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1997 if (ie) {
1998 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1999 ie->timestamp = jiffies;
2000 }
2001
2002 hci_dev_unlock(hdev);
2003 }
2004
2005 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2006 {
2007 struct inquiry_data data;
2008 int num_rsp = *((__u8 *) skb->data);
2009
2010 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2011
2012 if (!num_rsp)
2013 return;
2014
2015 hci_dev_lock(hdev);
2016
2017 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2018 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
2019
2020 for (; num_rsp; num_rsp--) {
2021 bacpy(&data.bdaddr, &info->bdaddr);
2022 data.pscan_rep_mode = info->pscan_rep_mode;
2023 data.pscan_period_mode = info->pscan_period_mode;
2024 data.pscan_mode = info->pscan_mode;
2025 memcpy(data.dev_class, info->dev_class, 3);
2026 data.clock_offset = info->clock_offset;
2027 data.rssi = info->rssi;
2028 data.ssp_mode = 0x00;
2029 info++;
2030 hci_inquiry_cache_update(hdev, &data);
2031 }
2032 } else {
2033 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2034
2035 for (; num_rsp; num_rsp--) {
2036 bacpy(&data.bdaddr, &info->bdaddr);
2037 data.pscan_rep_mode = info->pscan_rep_mode;
2038 data.pscan_period_mode = info->pscan_period_mode;
2039 data.pscan_mode = 0x00;
2040 memcpy(data.dev_class, info->dev_class, 3);
2041 data.clock_offset = info->clock_offset;
2042 data.rssi = info->rssi;
2043 data.ssp_mode = 0x00;
2044 info++;
2045 hci_inquiry_cache_update(hdev, &data);
2046 }
2047 }
2048
2049 hci_dev_unlock(hdev);
2050 }
2051
2052 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2053 {
2054 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2055 struct hci_conn *conn;
2056
2057 BT_DBG("%s", hdev->name);
2058
2059 hci_dev_lock(hdev);
2060
2061 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2062 if (!conn)
2063 goto unlock;
2064
2065 if (!ev->status && ev->page == 0x01) {
2066 struct inquiry_entry *ie;
2067
2068 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2069 if (ie)
2070 ie->data.ssp_mode = (ev->features[0] & 0x01);
2071
2072 conn->ssp_mode = (ev->features[0] & 0x01);
2073 }
2074
2075 if (conn->state != BT_CONFIG)
2076 goto unlock;
2077
2078 if (!ev->status) {
2079 struct hci_cp_remote_name_req cp;
2080 memset(&cp, 0, sizeof(cp));
2081 bacpy(&cp.bdaddr, &conn->dst);
2082 cp.pscan_rep_mode = 0x02;
2083 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2084 }
2085
2086 if (!hci_outgoing_auth_needed(hdev, conn)) {
2087 conn->state = BT_CONNECTED;
2088 hci_proto_connect_cfm(conn, ev->status);
2089 hci_conn_put(conn);
2090 }
2091
2092 unlock:
2093 hci_dev_unlock(hdev);
2094 }
2095
2096 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2097 {
2098 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2099 struct hci_conn *conn;
2100
2101 BT_DBG("%s status %d", hdev->name, ev->status);
2102
2103 hci_dev_lock(hdev);
2104
2105 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2106 if (!conn) {
2107 if (ev->link_type == ESCO_LINK)
2108 goto unlock;
2109
2110 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2111 if (!conn)
2112 goto unlock;
2113
2114 conn->type = SCO_LINK;
2115 }
2116
2117 switch (ev->status) {
2118 case 0x00:
2119 conn->handle = __le16_to_cpu(ev->handle);
2120 conn->state = BT_CONNECTED;
2121
2122 hci_conn_hold_device(conn);
2123 hci_conn_add_sysfs(conn);
2124 break;
2125
2126 case 0x11: /* Unsupported Feature or Parameter Value */
2127 case 0x1c: /* SCO interval rejected */
2128 case 0x1a: /* Unsupported Remote Feature */
2129 case 0x1f: /* Unspecified error */
2130 if (conn->out && conn->attempt < 2) {
2131 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2132 (hdev->esco_type & EDR_ESCO_MASK);
2133 hci_setup_sync(conn, conn->link->handle);
2134 goto unlock;
2135 }
2136 /* fall through */
2137
2138 default:
2139 conn->state = BT_CLOSED;
2140 break;
2141 }
2142
2143 hci_proto_connect_cfm(conn, ev->status);
2144 if (ev->status)
2145 hci_conn_del(conn);
2146
2147 unlock:
2148 hci_dev_unlock(hdev);
2149 }
2150
2151 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2152 {
2153 BT_DBG("%s", hdev->name);
2154 }
2155
2156 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2157 {
2158 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2159 struct hci_conn *conn;
2160
2161 BT_DBG("%s status %d", hdev->name, ev->status);
2162
2163 hci_dev_lock(hdev);
2164
2165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2166 if (conn) {
2167 }
2168
2169 hci_dev_unlock(hdev);
2170 }
2171
2172 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2173 {
2174 struct inquiry_data data;
2175 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2176 int num_rsp = *((__u8 *) skb->data);
2177
2178 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2179
2180 if (!num_rsp)
2181 return;
2182
2183 hci_dev_lock(hdev);
2184
2185 for (; num_rsp; num_rsp--) {
2186 bacpy(&data.bdaddr, &info->bdaddr);
2187 data.pscan_rep_mode = info->pscan_rep_mode;
2188 data.pscan_period_mode = info->pscan_period_mode;
2189 data.pscan_mode = 0x00;
2190 memcpy(data.dev_class, info->dev_class, 3);
2191 data.clock_offset = info->clock_offset;
2192 data.rssi = info->rssi;
2193 data.ssp_mode = 0x01;
2194 info++;
2195 hci_inquiry_cache_update(hdev, &data);
2196 }
2197
2198 hci_dev_unlock(hdev);
2199 }
2200
2201 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2202 {
2203 /* If remote requests dedicated bonding follow that lead */
2204 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2205 /* If both remote and local IO capabilities allow MITM
2206 * protection then require it, otherwise don't */
2207 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2208 return 0x02;
2209 else
2210 return 0x03;
2211 }
2212
2213 /* If remote requests no-bonding follow that lead */
2214 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2215 return 0x00;
2216
2217 return conn->auth_type;
2218 }
2219
2220 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2221 {
2222 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2223 struct hci_conn *conn;
2224
2225 BT_DBG("%s", hdev->name);
2226
2227 hci_dev_lock(hdev);
2228
2229 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2230 if (!conn)
2231 goto unlock;
2232
2233 hci_conn_hold(conn);
2234
2235 if (!test_bit(HCI_MGMT, &hdev->flags))
2236 goto unlock;
2237
2238 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2239 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2240 struct hci_cp_io_capability_reply cp;
2241
2242 bacpy(&cp.bdaddr, &ev->bdaddr);
2243 cp.capability = conn->io_capability;
2244 cp.oob_data = 0;
2245 cp.authentication = hci_get_auth_req(conn);
2246
2247 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2248 sizeof(cp), &cp);
2249 } else {
2250 struct hci_cp_io_capability_neg_reply cp;
2251
2252 bacpy(&cp.bdaddr, &ev->bdaddr);
2253 cp.reason = 0x16; /* Pairing not allowed */
2254
2255 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2256 sizeof(cp), &cp);
2257 }
2258
2259 unlock:
2260 hci_dev_unlock(hdev);
2261 }
2262
2263 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2264 {
2265 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2266 struct hci_conn *conn;
2267
2268 BT_DBG("%s", hdev->name);
2269
2270 hci_dev_lock(hdev);
2271
2272 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2273 if (!conn)
2274 goto unlock;
2275
2276 hci_conn_hold(conn);
2277
2278 conn->remote_cap = ev->capability;
2279 conn->remote_oob = ev->oob_data;
2280 conn->remote_auth = ev->authentication;
2281
2282 unlock:
2283 hci_dev_unlock(hdev);
2284 }
2285
2286 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2287 {
2288 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2289 struct hci_conn *conn;
2290
2291 BT_DBG("%s", hdev->name);
2292
2293 hci_dev_lock(hdev);
2294
2295 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2296 if (conn)
2297 hci_conn_put(conn);
2298
2299 hci_dev_unlock(hdev);
2300 }
2301
2302 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2303 {
2304 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2305 struct inquiry_entry *ie;
2306
2307 BT_DBG("%s", hdev->name);
2308
2309 hci_dev_lock(hdev);
2310
2311 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2312 if (ie)
2313 ie->data.ssp_mode = (ev->features[0] & 0x01);
2314
2315 hci_dev_unlock(hdev);
2316 }
2317
2318 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2319 {
2320 struct hci_event_hdr *hdr = (void *) skb->data;
2321 __u8 event = hdr->evt;
2322
2323 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2324
2325 switch (event) {
2326 case HCI_EV_INQUIRY_COMPLETE:
2327 hci_inquiry_complete_evt(hdev, skb);
2328 break;
2329
2330 case HCI_EV_INQUIRY_RESULT:
2331 hci_inquiry_result_evt(hdev, skb);
2332 break;
2333
2334 case HCI_EV_CONN_COMPLETE:
2335 hci_conn_complete_evt(hdev, skb);
2336 break;
2337
2338 case HCI_EV_CONN_REQUEST:
2339 hci_conn_request_evt(hdev, skb);
2340 break;
2341
2342 case HCI_EV_DISCONN_COMPLETE:
2343 hci_disconn_complete_evt(hdev, skb);
2344 break;
2345
2346 case HCI_EV_AUTH_COMPLETE:
2347 hci_auth_complete_evt(hdev, skb);
2348 break;
2349
2350 case HCI_EV_REMOTE_NAME:
2351 hci_remote_name_evt(hdev, skb);
2352 break;
2353
2354 case HCI_EV_ENCRYPT_CHANGE:
2355 hci_encrypt_change_evt(hdev, skb);
2356 break;
2357
2358 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2359 hci_change_link_key_complete_evt(hdev, skb);
2360 break;
2361
2362 case HCI_EV_REMOTE_FEATURES:
2363 hci_remote_features_evt(hdev, skb);
2364 break;
2365
2366 case HCI_EV_REMOTE_VERSION:
2367 hci_remote_version_evt(hdev, skb);
2368 break;
2369
2370 case HCI_EV_QOS_SETUP_COMPLETE:
2371 hci_qos_setup_complete_evt(hdev, skb);
2372 break;
2373
2374 case HCI_EV_CMD_COMPLETE:
2375 hci_cmd_complete_evt(hdev, skb);
2376 break;
2377
2378 case HCI_EV_CMD_STATUS:
2379 hci_cmd_status_evt(hdev, skb);
2380 break;
2381
2382 case HCI_EV_ROLE_CHANGE:
2383 hci_role_change_evt(hdev, skb);
2384 break;
2385
2386 case HCI_EV_NUM_COMP_PKTS:
2387 hci_num_comp_pkts_evt(hdev, skb);
2388 break;
2389
2390 case HCI_EV_MODE_CHANGE:
2391 hci_mode_change_evt(hdev, skb);
2392 break;
2393
2394 case HCI_EV_PIN_CODE_REQ:
2395 hci_pin_code_request_evt(hdev, skb);
2396 break;
2397
2398 case HCI_EV_LINK_KEY_REQ:
2399 hci_link_key_request_evt(hdev, skb);
2400 break;
2401
2402 case HCI_EV_LINK_KEY_NOTIFY:
2403 hci_link_key_notify_evt(hdev, skb);
2404 break;
2405
2406 case HCI_EV_CLOCK_OFFSET:
2407 hci_clock_offset_evt(hdev, skb);
2408 break;
2409
2410 case HCI_EV_PKT_TYPE_CHANGE:
2411 hci_pkt_type_change_evt(hdev, skb);
2412 break;
2413
2414 case HCI_EV_PSCAN_REP_MODE:
2415 hci_pscan_rep_mode_evt(hdev, skb);
2416 break;
2417
2418 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2419 hci_inquiry_result_with_rssi_evt(hdev, skb);
2420 break;
2421
2422 case HCI_EV_REMOTE_EXT_FEATURES:
2423 hci_remote_ext_features_evt(hdev, skb);
2424 break;
2425
2426 case HCI_EV_SYNC_CONN_COMPLETE:
2427 hci_sync_conn_complete_evt(hdev, skb);
2428 break;
2429
2430 case HCI_EV_SYNC_CONN_CHANGED:
2431 hci_sync_conn_changed_evt(hdev, skb);
2432 break;
2433
2434 case HCI_EV_SNIFF_SUBRATE:
2435 hci_sniff_subrate_evt(hdev, skb);
2436 break;
2437
2438 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2439 hci_extended_inquiry_result_evt(hdev, skb);
2440 break;
2441
2442 case HCI_EV_IO_CAPA_REQUEST:
2443 hci_io_capa_request_evt(hdev, skb);
2444 break;
2445
2446 case HCI_EV_IO_CAPA_REPLY:
2447 hci_io_capa_reply_evt(hdev, skb);
2448 break;
2449
2450 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2451 hci_simple_pair_complete_evt(hdev, skb);
2452 break;
2453
2454 case HCI_EV_REMOTE_HOST_FEATURES:
2455 hci_remote_host_features_evt(hdev, skb);
2456 break;
2457
2458 default:
2459 BT_DBG("%s event 0x%x", hdev->name, event);
2460 break;
2461 }
2462
2463 kfree_skb(skb);
2464 hdev->stat.evt_rx++;
2465 }
2466
2467 /* Generate internal stack event */
2468 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2469 {
2470 struct hci_event_hdr *hdr;
2471 struct hci_ev_stack_internal *ev;
2472 struct sk_buff *skb;
2473
2474 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2475 if (!skb)
2476 return;
2477
2478 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2479 hdr->evt = HCI_EV_STACK_INTERNAL;
2480 hdr->plen = sizeof(*ev) + dlen;
2481
2482 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2483 ev->type = type;
2484 memcpy(ev->data, data, dlen);
2485
2486 bt_cb(skb)->incoming = 1;
2487 __net_timestamp(skb);
2488
2489 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2490 skb->dev = (void *) hdev;
2491 hci_send_to_sock(hdev, skb, NULL);
2492 kfree_skb(skb);
2493 }
kernel source for telekom puls (alcatel/mediatek)