2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
53 /* Handle HCI Event packets */
55 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
57 __u8 status = *((__u8 *) skb->data);
59 BT_DBG("%s status 0x%x", hdev->name, status);
64 clear_bit(HCI_INQUIRY, &hdev->flags);
66 hci_req_complete(hdev, status);
68 hci_conn_check_pending(hdev);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%x", hdev->name, status);
80 clear_bit(HCI_INQUIRY, &hdev->flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
87 BT_DBG("%s", hdev->name);
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->link_mode &= ~HCI_LM_MASTER;
107 conn->link_mode |= HCI_LM_MASTER;
110 hci_dev_unlock(hdev);
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 conn->link_policy = __le16_to_cpu(rp->policy);
129 hci_dev_unlock(hdev);
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
135 struct hci_conn *conn;
138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
151 conn->link_policy = get_unaligned_le16(sent + 2);
153 hci_dev_unlock(hdev);
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
165 hdev->link_policy = __le16_to_cpu(rp->policy);
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170 __u8 status = *((__u8 *) skb->data);
173 BT_DBG("%s status 0x%x", hdev->name, status);
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
180 hdev->link_policy = get_unaligned_le16(sent);
182 hci_req_complete(hdev, status);
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187 __u8 status = *((__u8 *) skb->data);
189 BT_DBG("%s status 0x%x", hdev->name, status);
191 hci_req_complete(hdev, status);
194 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196 __u8 status = *((__u8 *) skb->data);
199 BT_DBG("%s status 0x%x", hdev->name, status);
201 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
206 memcpy(hdev->dev_name, sent, 248);
209 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
211 struct hci_rp_read_local_name *rp = (void *) skb->data;
213 BT_DBG("%s status 0x%x", hdev->name, rp->status);
218 memcpy(hdev->dev_name, rp->name, 248);
221 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
223 __u8 status = *((__u8 *) skb->data);
226 BT_DBG("%s status 0x%x", hdev->name, status);
228 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
233 __u8 param = *((__u8 *) sent);
235 if (param == AUTH_ENABLED)
236 set_bit(HCI_AUTH, &hdev->flags);
238 clear_bit(HCI_AUTH, &hdev->flags);
241 hci_req_complete(hdev, status);
244 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
246 __u8 status = *((__u8 *) skb->data);
249 BT_DBG("%s status 0x%x", hdev->name, status);
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
256 __u8 param = *((__u8 *) sent);
259 set_bit(HCI_ENCRYPT, &hdev->flags);
261 clear_bit(HCI_ENCRYPT, &hdev->flags);
264 hci_req_complete(hdev, status);
267 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
269 __u8 status = *((__u8 *) skb->data);
272 BT_DBG("%s status 0x%x", hdev->name, status);
274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
279 __u8 param = *((__u8 *) sent);
281 clear_bit(HCI_PSCAN, &hdev->flags);
282 clear_bit(HCI_ISCAN, &hdev->flags);
284 if (param & SCAN_INQUIRY)
285 set_bit(HCI_ISCAN, &hdev->flags);
287 if (param & SCAN_PAGE)
288 set_bit(HCI_PSCAN, &hdev->flags);
291 hci_req_complete(hdev, status);
294 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
296 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
298 BT_DBG("%s status 0x%x", hdev->name, rp->status);
303 memcpy(hdev->dev_class, rp->dev_class, 3);
305 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
306 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
309 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
311 __u8 status = *((__u8 *) skb->data);
314 BT_DBG("%s status 0x%x", hdev->name, status);
316 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
321 memcpy(hdev->dev_class, sent, 3);
324 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
326 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
329 BT_DBG("%s status 0x%x", hdev->name, rp->status);
334 setting = __le16_to_cpu(rp->voice_setting);
336 if (hdev->voice_setting == setting )
339 hdev->voice_setting = setting;
341 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
344 tasklet_disable(&hdev->tx_task);
345 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
346 tasklet_enable(&hdev->tx_task);
350 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
352 __u8 status = *((__u8 *) skb->data);
355 BT_DBG("%s status 0x%x", hdev->name, status);
357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
362 __u16 setting = get_unaligned_le16(sent);
364 if (hdev->voice_setting != setting) {
365 hdev->voice_setting = setting;
367 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
370 tasklet_disable(&hdev->tx_task);
371 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
372 tasklet_enable(&hdev->tx_task);
378 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
380 __u8 status = *((__u8 *) skb->data);
382 BT_DBG("%s status 0x%x", hdev->name, status);
384 hci_req_complete(hdev, status);
387 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
389 struct hci_rp_read_local_version *rp = (void *) skb->data;
391 BT_DBG("%s status 0x%x", hdev->name, rp->status);
396 hdev->hci_ver = rp->hci_ver;
397 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
398 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
400 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
402 hdev->hci_ver, hdev->hci_rev);
405 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
407 struct hci_rp_read_local_commands *rp = (void *) skb->data;
409 BT_DBG("%s status 0x%x", hdev->name, rp->status);
414 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
417 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
419 struct hci_rp_read_local_features *rp = (void *) skb->data;
421 BT_DBG("%s status 0x%x", hdev->name, rp->status);
426 memcpy(hdev->features, rp->features, 8);
428 /* Adjust default settings according to features
429 * supported by device. */
431 if (hdev->features[0] & LMP_3SLOT)
432 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
434 if (hdev->features[0] & LMP_5SLOT)
435 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
437 if (hdev->features[1] & LMP_HV2) {
438 hdev->pkt_type |= (HCI_HV2);
439 hdev->esco_type |= (ESCO_HV2);
442 if (hdev->features[1] & LMP_HV3) {
443 hdev->pkt_type |= (HCI_HV3);
444 hdev->esco_type |= (ESCO_HV3);
447 if (hdev->features[3] & LMP_ESCO)
448 hdev->esco_type |= (ESCO_EV3);
450 if (hdev->features[4] & LMP_EV4)
451 hdev->esco_type |= (ESCO_EV4);
453 if (hdev->features[4] & LMP_EV5)
454 hdev->esco_type |= (ESCO_EV5);
456 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
457 hdev->features[0], hdev->features[1],
458 hdev->features[2], hdev->features[3],
459 hdev->features[4], hdev->features[5],
460 hdev->features[6], hdev->features[7]);
463 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
465 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
467 BT_DBG("%s status 0x%x", hdev->name, rp->status);
472 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
473 hdev->sco_mtu = rp->sco_mtu;
474 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
475 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
477 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
482 hdev->acl_cnt = hdev->acl_pkts;
483 hdev->sco_cnt = hdev->sco_pkts;
485 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
486 hdev->acl_mtu, hdev->acl_pkts,
487 hdev->sco_mtu, hdev->sco_pkts);
490 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
492 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
494 BT_DBG("%s status 0x%x", hdev->name, rp->status);
497 bacpy(&hdev->bdaddr, &rp->bdaddr);
499 hci_req_complete(hdev, rp->status);
502 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
504 BT_DBG("%s status 0x%x", hdev->name, status);
507 hci_req_complete(hdev, status);
509 hci_conn_check_pending(hdev);
511 set_bit(HCI_INQUIRY, &hdev->flags);
514 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
516 struct hci_cp_create_conn *cp;
517 struct hci_conn *conn;
519 BT_DBG("%s status 0x%x", hdev->name, status);
521 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
527 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
529 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
532 if (conn && conn->state == BT_CONNECT) {
533 if (status != 0x0c || conn->attempt > 2) {
534 conn->state = BT_CLOSED;
535 hci_proto_connect_cfm(conn, status);
538 conn->state = BT_CONNECT2;
542 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
545 conn->link_mode |= HCI_LM_MASTER;
547 BT_ERR("No memmory for new connection");
551 hci_dev_unlock(hdev);
554 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
556 struct hci_cp_add_sco *cp;
557 struct hci_conn *acl, *sco;
560 BT_DBG("%s status 0x%x", hdev->name, status);
565 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
569 handle = __le16_to_cpu(cp->handle);
571 BT_DBG("%s handle %d", hdev->name, handle);
575 acl = hci_conn_hash_lookup_handle(hdev, handle);
576 if (acl && (sco = acl->link)) {
577 sco->state = BT_CLOSED;
579 hci_proto_connect_cfm(sco, status);
583 hci_dev_unlock(hdev);
586 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
588 BT_DBG("%s status 0x%x", hdev->name, status);
591 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
593 struct hci_cp_setup_sync_conn *cp;
594 struct hci_conn *acl, *sco;
597 BT_DBG("%s status 0x%x", hdev->name, status);
602 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
606 handle = __le16_to_cpu(cp->handle);
608 BT_DBG("%s handle %d", hdev->name, handle);
612 acl = hci_conn_hash_lookup_handle(hdev, handle);
613 if (acl && (sco = acl->link)) {
614 sco->state = BT_CLOSED;
616 hci_proto_connect_cfm(sco, status);
620 hci_dev_unlock(hdev);
623 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
625 struct hci_cp_sniff_mode *cp;
626 struct hci_conn *conn;
628 BT_DBG("%s status 0x%x", hdev->name, status);
633 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
639 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
641 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
643 hci_dev_unlock(hdev);
646 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
648 struct hci_cp_exit_sniff_mode *cp;
649 struct hci_conn *conn;
651 BT_DBG("%s status 0x%x", hdev->name, status);
656 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
662 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
664 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
666 hci_dev_unlock(hdev);
669 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
671 __u8 status = *((__u8 *) skb->data);
673 BT_DBG("%s status %d", hdev->name, status);
675 clear_bit(HCI_INQUIRY, &hdev->flags);
677 hci_req_complete(hdev, status);
679 hci_conn_check_pending(hdev);
682 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
684 struct inquiry_data data;
685 struct inquiry_info *info = (void *) (skb->data + 1);
686 int num_rsp = *((__u8 *) skb->data);
688 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
695 for (; num_rsp; num_rsp--) {
696 bacpy(&data.bdaddr, &info->bdaddr);
697 data.pscan_rep_mode = info->pscan_rep_mode;
698 data.pscan_period_mode = info->pscan_period_mode;
699 data.pscan_mode = info->pscan_mode;
700 memcpy(data.dev_class, info->dev_class, 3);
701 data.clock_offset = info->clock_offset;
704 hci_inquiry_cache_update(hdev, &data);
707 hci_dev_unlock(hdev);
710 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
712 struct hci_ev_conn_complete *ev = (void *) skb->data;
713 struct hci_conn *conn;
715 BT_DBG("%s", hdev->name);
719 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
724 conn->handle = __le16_to_cpu(ev->handle);
725 conn->state = BT_CONNECTED;
727 if (test_bit(HCI_AUTH, &hdev->flags))
728 conn->link_mode |= HCI_LM_AUTH;
730 if (test_bit(HCI_ENCRYPT, &hdev->flags))
731 conn->link_mode |= HCI_LM_ENCRYPT;
733 /* Get remote features */
734 if (conn->type == ACL_LINK) {
735 struct hci_cp_read_remote_features cp;
736 cp.handle = ev->handle;
737 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, sizeof(cp), &cp);
740 /* Set packet type for incoming connection */
741 if (!conn->out && hdev->hci_ver < 3) {
742 struct hci_cp_change_conn_ptype cp;
743 cp.handle = ev->handle;
744 cp.pkt_type = cpu_to_le16(conn->pkt_type);
745 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
748 /* Update disconnect timer */
753 conn->state = BT_CLOSED;
755 if (conn->type == ACL_LINK) {
756 struct hci_conn *sco = conn->link;
759 if (lmp_esco_capable(hdev))
760 hci_setup_sync(sco, conn->handle);
762 hci_add_sco(sco, conn->handle);
764 hci_proto_connect_cfm(sco, ev->status);
770 hci_proto_connect_cfm(conn, ev->status);
775 hci_dev_unlock(hdev);
777 hci_conn_check_pending(hdev);
780 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
782 struct hci_ev_conn_request *ev = (void *) skb->data;
783 int mask = hdev->link_mode;
785 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
786 batostr(&ev->bdaddr), ev->link_type);
788 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
790 if (mask & HCI_LM_ACCEPT) {
791 /* Connection accepted */
792 struct hci_conn *conn;
796 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
798 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
799 BT_ERR("No memmory for new connection");
800 hci_dev_unlock(hdev);
805 memcpy(conn->dev_class, ev->dev_class, 3);
806 conn->state = BT_CONNECT;
808 hci_dev_unlock(hdev);
810 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
811 struct hci_cp_accept_conn_req cp;
813 bacpy(&cp.bdaddr, &ev->bdaddr);
815 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
816 cp.role = 0x00; /* Become master */
818 cp.role = 0x01; /* Remain slave */
820 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
823 struct hci_cp_accept_sync_conn_req cp;
825 bacpy(&cp.bdaddr, &ev->bdaddr);
826 cp.pkt_type = cpu_to_le16(conn->pkt_type);
828 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
829 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
830 cp.max_latency = cpu_to_le16(0xffff);
831 cp.content_format = cpu_to_le16(hdev->voice_setting);
832 cp.retrans_effort = 0xff;
834 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
838 /* Connection rejected */
839 struct hci_cp_reject_conn_req cp;
841 bacpy(&cp.bdaddr, &ev->bdaddr);
843 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
847 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
849 struct hci_ev_disconn_complete *ev = (void *) skb->data;
850 struct hci_conn *conn;
852 BT_DBG("%s status %d", hdev->name, ev->status);
859 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
861 conn->state = BT_CLOSED;
862 hci_proto_disconn_ind(conn, ev->reason);
866 hci_dev_unlock(hdev);
869 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
871 struct hci_ev_auth_complete *ev = (void *) skb->data;
872 struct hci_conn *conn;
874 BT_DBG("%s status %d", hdev->name, ev->status);
878 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
881 conn->link_mode |= HCI_LM_AUTH;
883 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
885 hci_auth_cfm(conn, ev->status);
887 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
889 struct hci_cp_set_conn_encrypt cp;
890 cp.handle = cpu_to_le16(conn->handle);
892 hci_send_cmd(conn->hdev,
893 HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
895 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
896 hci_encrypt_cfm(conn, ev->status, 0x00);
901 hci_dev_unlock(hdev);
904 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
906 BT_DBG("%s", hdev->name);
908 hci_conn_check_pending(hdev);
911 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
913 struct hci_ev_encrypt_change *ev = (void *) skb->data;
914 struct hci_conn *conn;
916 BT_DBG("%s status %d", hdev->name, ev->status);
920 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
924 /* Encryption implies authentication */
925 conn->link_mode |= HCI_LM_AUTH;
926 conn->link_mode |= HCI_LM_ENCRYPT;
928 conn->link_mode &= ~HCI_LM_ENCRYPT;
931 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
933 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
936 hci_dev_unlock(hdev);
939 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
941 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
942 struct hci_conn *conn;
944 BT_DBG("%s status %d", hdev->name, ev->status);
948 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
951 conn->link_mode |= HCI_LM_SECURE;
953 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
955 hci_key_change_cfm(conn, ev->status);
958 hci_dev_unlock(hdev);
961 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
963 struct hci_ev_remote_features *ev = (void *) skb->data;
964 struct hci_conn *conn;
966 BT_DBG("%s status %d", hdev->name, ev->status);
973 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
975 memcpy(conn->features, ev->features, 8);
977 hci_dev_unlock(hdev);
980 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
982 BT_DBG("%s", hdev->name);
985 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
987 BT_DBG("%s", hdev->name);
990 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
992 struct hci_ev_cmd_complete *ev = (void *) skb->data;
995 skb_pull(skb, sizeof(*ev));
997 opcode = __le16_to_cpu(ev->opcode);
1000 case HCI_OP_INQUIRY_CANCEL:
1001 hci_cc_inquiry_cancel(hdev, skb);
1004 case HCI_OP_EXIT_PERIODIC_INQ:
1005 hci_cc_exit_periodic_inq(hdev, skb);
1008 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1009 hci_cc_remote_name_req_cancel(hdev, skb);
1012 case HCI_OP_ROLE_DISCOVERY:
1013 hci_cc_role_discovery(hdev, skb);
1016 case HCI_OP_READ_LINK_POLICY:
1017 hci_cc_read_link_policy(hdev, skb);
1020 case HCI_OP_WRITE_LINK_POLICY:
1021 hci_cc_write_link_policy(hdev, skb);
1024 case HCI_OP_READ_DEF_LINK_POLICY:
1025 hci_cc_read_def_link_policy(hdev, skb);
1028 case HCI_OP_WRITE_DEF_LINK_POLICY:
1029 hci_cc_write_def_link_policy(hdev, skb);
1033 hci_cc_reset(hdev, skb);
1036 case HCI_OP_WRITE_LOCAL_NAME:
1037 hci_cc_write_local_name(hdev, skb);
1040 case HCI_OP_READ_LOCAL_NAME:
1041 hci_cc_read_local_name(hdev, skb);
1044 case HCI_OP_WRITE_AUTH_ENABLE:
1045 hci_cc_write_auth_enable(hdev, skb);
1048 case HCI_OP_WRITE_ENCRYPT_MODE:
1049 hci_cc_write_encrypt_mode(hdev, skb);
1052 case HCI_OP_WRITE_SCAN_ENABLE:
1053 hci_cc_write_scan_enable(hdev, skb);
1056 case HCI_OP_READ_CLASS_OF_DEV:
1057 hci_cc_read_class_of_dev(hdev, skb);
1060 case HCI_OP_WRITE_CLASS_OF_DEV:
1061 hci_cc_write_class_of_dev(hdev, skb);
1064 case HCI_OP_READ_VOICE_SETTING:
1065 hci_cc_read_voice_setting(hdev, skb);
1068 case HCI_OP_WRITE_VOICE_SETTING:
1069 hci_cc_write_voice_setting(hdev, skb);
1072 case HCI_OP_HOST_BUFFER_SIZE:
1073 hci_cc_host_buffer_size(hdev, skb);
1076 case HCI_OP_READ_LOCAL_VERSION:
1077 hci_cc_read_local_version(hdev, skb);
1080 case HCI_OP_READ_LOCAL_COMMANDS:
1081 hci_cc_read_local_commands(hdev, skb);
1084 case HCI_OP_READ_LOCAL_FEATURES:
1085 hci_cc_read_local_features(hdev, skb);
1088 case HCI_OP_READ_BUFFER_SIZE:
1089 hci_cc_read_buffer_size(hdev, skb);
1092 case HCI_OP_READ_BD_ADDR:
1093 hci_cc_read_bd_addr(hdev, skb);
1097 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1102 atomic_set(&hdev->cmd_cnt, 1);
1103 if (!skb_queue_empty(&hdev->cmd_q))
1104 hci_sched_cmd(hdev);
1108 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1110 struct hci_ev_cmd_status *ev = (void *) skb->data;
1113 skb_pull(skb, sizeof(*ev));
1115 opcode = __le16_to_cpu(ev->opcode);
1118 case HCI_OP_INQUIRY:
1119 hci_cs_inquiry(hdev, ev->status);
1122 case HCI_OP_CREATE_CONN:
1123 hci_cs_create_conn(hdev, ev->status);
1126 case HCI_OP_ADD_SCO:
1127 hci_cs_add_sco(hdev, ev->status);
1130 case HCI_OP_REMOTE_NAME_REQ:
1131 hci_cs_remote_name_req(hdev, ev->status);
1134 case HCI_OP_SETUP_SYNC_CONN:
1135 hci_cs_setup_sync_conn(hdev, ev->status);
1138 case HCI_OP_SNIFF_MODE:
1139 hci_cs_sniff_mode(hdev, ev->status);
1142 case HCI_OP_EXIT_SNIFF_MODE:
1143 hci_cs_exit_sniff_mode(hdev, ev->status);
1147 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1152 atomic_set(&hdev->cmd_cnt, 1);
1153 if (!skb_queue_empty(&hdev->cmd_q))
1154 hci_sched_cmd(hdev);
1158 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1160 struct hci_ev_role_change *ev = (void *) skb->data;
1161 struct hci_conn *conn;
1163 BT_DBG("%s status %d", hdev->name, ev->status);
1167 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1171 conn->link_mode &= ~HCI_LM_MASTER;
1173 conn->link_mode |= HCI_LM_MASTER;
1176 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1178 hci_role_switch_cfm(conn, ev->status, ev->role);
1181 hci_dev_unlock(hdev);
1184 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1186 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1190 skb_pull(skb, sizeof(*ev));
1192 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1194 if (skb->len < ev->num_hndl * 4) {
1195 BT_DBG("%s bad parameters", hdev->name);
1199 tasklet_disable(&hdev->tx_task);
1201 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1202 struct hci_conn *conn;
1203 __u16 handle, count;
1205 handle = get_unaligned_le16(ptr++);
1206 count = get_unaligned_le16(ptr++);
1208 conn = hci_conn_hash_lookup_handle(hdev, handle);
1210 conn->sent -= count;
1212 if (conn->type == ACL_LINK) {
1213 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1214 hdev->acl_cnt = hdev->acl_pkts;
1216 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1217 hdev->sco_cnt = hdev->sco_pkts;
1224 tasklet_enable(&hdev->tx_task);
1227 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1229 struct hci_ev_mode_change *ev = (void *) skb->data;
1230 struct hci_conn *conn;
1232 BT_DBG("%s status %d", hdev->name, ev->status);
1236 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1238 conn->mode = ev->mode;
1239 conn->interval = __le16_to_cpu(ev->interval);
1241 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1242 if (conn->mode == HCI_CM_ACTIVE)
1243 conn->power_save = 1;
1245 conn->power_save = 0;
1249 hci_dev_unlock(hdev);
1252 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1254 BT_DBG("%s", hdev->name);
1257 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1259 BT_DBG("%s", hdev->name);
1262 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1264 BT_DBG("%s", hdev->name);
1267 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1269 struct hci_ev_clock_offset *ev = (void *) skb->data;
1270 struct hci_conn *conn;
1272 BT_DBG("%s status %d", hdev->name, ev->status);
1276 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1277 if (conn && !ev->status) {
1278 struct inquiry_entry *ie;
1280 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1281 ie->data.clock_offset = ev->clock_offset;
1282 ie->timestamp = jiffies;
1286 hci_dev_unlock(hdev);
1289 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1291 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1292 struct hci_conn *conn;
1294 BT_DBG("%s status %d", hdev->name, ev->status);
1298 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1299 if (conn && !ev->status)
1300 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1302 hci_dev_unlock(hdev);
1305 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1307 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1308 struct inquiry_entry *ie;
1310 BT_DBG("%s", hdev->name);
1314 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1315 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1316 ie->timestamp = jiffies;
1319 hci_dev_unlock(hdev);
1322 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1324 struct inquiry_data data;
1325 int num_rsp = *((__u8 *) skb->data);
1327 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1334 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1335 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1337 for (; num_rsp; num_rsp--) {
1338 bacpy(&data.bdaddr, &info->bdaddr);
1339 data.pscan_rep_mode = info->pscan_rep_mode;
1340 data.pscan_period_mode = info->pscan_period_mode;
1341 data.pscan_mode = info->pscan_mode;
1342 memcpy(data.dev_class, info->dev_class, 3);
1343 data.clock_offset = info->clock_offset;
1344 data.rssi = info->rssi;
1346 hci_inquiry_cache_update(hdev, &data);
1349 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1351 for (; num_rsp; num_rsp--) {
1352 bacpy(&data.bdaddr, &info->bdaddr);
1353 data.pscan_rep_mode = info->pscan_rep_mode;
1354 data.pscan_period_mode = info->pscan_period_mode;
1355 data.pscan_mode = 0x00;
1356 memcpy(data.dev_class, info->dev_class, 3);
1357 data.clock_offset = info->clock_offset;
1358 data.rssi = info->rssi;
1360 hci_inquiry_cache_update(hdev, &data);
1364 hci_dev_unlock(hdev);
1367 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1369 BT_DBG("%s", hdev->name);
1372 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1374 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1375 struct hci_conn *conn;
1377 BT_DBG("%s status %d", hdev->name, ev->status);
1381 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1383 if (ev->link_type == ESCO_LINK)
1386 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1390 conn->type = SCO_LINK;
1394 conn->handle = __le16_to_cpu(ev->handle);
1395 conn->state = BT_CONNECTED;
1397 conn->state = BT_CLOSED;
1399 hci_proto_connect_cfm(conn, ev->status);
1404 hci_dev_unlock(hdev);
1407 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1409 BT_DBG("%s", hdev->name);
1412 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1414 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1415 struct hci_conn *conn;
1417 BT_DBG("%s status %d", hdev->name, ev->status);
1421 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1425 hci_dev_unlock(hdev);
1428 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1430 struct inquiry_data data;
1431 struct extended_inquiry_info *info = (void *) (skb->data + 1);
1432 int num_rsp = *((__u8 *) skb->data);
1434 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1441 for (; num_rsp; num_rsp--) {
1442 bacpy(&data.bdaddr, &info->bdaddr);
1443 data.pscan_rep_mode = info->pscan_rep_mode;
1444 data.pscan_period_mode = info->pscan_period_mode;
1445 data.pscan_mode = 0x00;
1446 memcpy(data.dev_class, info->dev_class, 3);
1447 data.clock_offset = info->clock_offset;
1448 data.rssi = info->rssi;
1450 hci_inquiry_cache_update(hdev, &data);
1453 hci_dev_unlock(hdev);
1456 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1458 struct hci_event_hdr *hdr = (void *) skb->data;
1459 __u8 event = hdr->evt;
1461 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1464 case HCI_EV_INQUIRY_COMPLETE:
1465 hci_inquiry_complete_evt(hdev, skb);
1468 case HCI_EV_INQUIRY_RESULT:
1469 hci_inquiry_result_evt(hdev, skb);
1472 case HCI_EV_CONN_COMPLETE:
1473 hci_conn_complete_evt(hdev, skb);
1476 case HCI_EV_CONN_REQUEST:
1477 hci_conn_request_evt(hdev, skb);
1480 case HCI_EV_DISCONN_COMPLETE:
1481 hci_disconn_complete_evt(hdev, skb);
1484 case HCI_EV_AUTH_COMPLETE:
1485 hci_auth_complete_evt(hdev, skb);
1488 case HCI_EV_REMOTE_NAME:
1489 hci_remote_name_evt(hdev, skb);
1492 case HCI_EV_ENCRYPT_CHANGE:
1493 hci_encrypt_change_evt(hdev, skb);
1496 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1497 hci_change_link_key_complete_evt(hdev, skb);
1500 case HCI_EV_REMOTE_FEATURES:
1501 hci_remote_features_evt(hdev, skb);
1504 case HCI_EV_REMOTE_VERSION:
1505 hci_remote_version_evt(hdev, skb);
1508 case HCI_EV_QOS_SETUP_COMPLETE:
1509 hci_qos_setup_complete_evt(hdev, skb);
1512 case HCI_EV_CMD_COMPLETE:
1513 hci_cmd_complete_evt(hdev, skb);
1516 case HCI_EV_CMD_STATUS:
1517 hci_cmd_status_evt(hdev, skb);
1520 case HCI_EV_ROLE_CHANGE:
1521 hci_role_change_evt(hdev, skb);
1524 case HCI_EV_NUM_COMP_PKTS:
1525 hci_num_comp_pkts_evt(hdev, skb);
1528 case HCI_EV_MODE_CHANGE:
1529 hci_mode_change_evt(hdev, skb);
1532 case HCI_EV_PIN_CODE_REQ:
1533 hci_pin_code_request_evt(hdev, skb);
1536 case HCI_EV_LINK_KEY_REQ:
1537 hci_link_key_request_evt(hdev, skb);
1540 case HCI_EV_LINK_KEY_NOTIFY:
1541 hci_link_key_notify_evt(hdev, skb);
1544 case HCI_EV_CLOCK_OFFSET:
1545 hci_clock_offset_evt(hdev, skb);
1548 case HCI_EV_PKT_TYPE_CHANGE:
1549 hci_pkt_type_change_evt(hdev, skb);
1552 case HCI_EV_PSCAN_REP_MODE:
1553 hci_pscan_rep_mode_evt(hdev, skb);
1556 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1557 hci_inquiry_result_with_rssi_evt(hdev, skb);
1560 case HCI_EV_REMOTE_EXT_FEATURES:
1561 hci_remote_ext_features_evt(hdev, skb);
1564 case HCI_EV_SYNC_CONN_COMPLETE:
1565 hci_sync_conn_complete_evt(hdev, skb);
1568 case HCI_EV_SYNC_CONN_CHANGED:
1569 hci_sync_conn_changed_evt(hdev, skb);
1572 case HCI_EV_SNIFF_SUBRATE:
1573 hci_sniff_subrate_evt(hdev, skb);
1576 case HCI_EV_EXTENDED_INQUIRY_RESULT:
1577 hci_extended_inquiry_result_evt(hdev, skb);
1581 BT_DBG("%s event 0x%x", hdev->name, event);
1586 hdev->stat.evt_rx++;
1589 /* Generate internal stack event */
1590 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1592 struct hci_event_hdr *hdr;
1593 struct hci_ev_stack_internal *ev;
1594 struct sk_buff *skb;
1596 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1600 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1601 hdr->evt = HCI_EV_STACK_INTERNAL;
1602 hdr->plen = sizeof(*ev) + dlen;
1604 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
1606 memcpy(ev->data, data, dlen);
1608 bt_cb(skb)->incoming = 1;
1609 __net_timestamp(skb);
1611 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1612 skb->dev = (void *) hdev;
1613 hci_send_to_sock(hdev, skb);