/spare/repo/netdev-2.6 branch 'ieee80211'
[linux-2.6] / net / bluetooth / hci_event.c
1 /* 
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/config.h>
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/skbuff.h>
39 #include <linux/interrupt.h>
40 #include <linux/notifier.h>
41 #include <net/sock.h>
42
43 #include <asm/system.h>
44 #include <asm/uaccess.h>
45 #include <asm/unaligned.h>
46
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49
50 #ifndef CONFIG_BT_HCI_CORE_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 /* Handle HCI Event packets */
56
57 /* Command Complete OGF LINK_CTL  */
58 static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
59 {
60         __u8 status;
61
62         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
63
64         switch (ocf) {
65         case OCF_INQUIRY_CANCEL:
66                 status = *((__u8 *) skb->data);
67
68                 if (status) {
69                         BT_DBG("%s Inquiry cancel error: status 0x%x", hdev->name, status);
70                 } else {
71                         clear_bit(HCI_INQUIRY, &hdev->flags);
72                         hci_req_complete(hdev, status);
73                 }
74                 break;
75
76         default:
77                 BT_DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
78                 break;
79         }
80 }
81
82 /* Command Complete OGF LINK_POLICY  */
83 static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
84 {
85         struct hci_conn *conn;
86         struct hci_rp_role_discovery *rd;
87
88         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
89
90         switch (ocf) {
91         case OCF_ROLE_DISCOVERY: 
92                 rd = (void *) skb->data;
93
94                 if (rd->status)
95                         break;
96
97                 hci_dev_lock(hdev);
98
99                 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rd->handle));
100                 if (conn) {
101                         if (rd->role)
102                                 conn->link_mode &= ~HCI_LM_MASTER;
103                         else
104                                 conn->link_mode |= HCI_LM_MASTER;
105                 }
106
107                 hci_dev_unlock(hdev);
108                 break;
109
110         default:
111                 BT_DBG("%s: Command complete: ogf LINK_POLICY ocf %x", 
112                                 hdev->name, ocf);
113                 break;
114         }
115 }
116
117 /* Command Complete OGF HOST_CTL  */
118 static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
119 {
120         __u8 status, param;
121         __u16 setting;
122         struct hci_rp_read_voice_setting *vs;
123         void *sent;
124
125         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
126
127         switch (ocf) {
128         case OCF_RESET:
129                 status = *((__u8 *) skb->data);
130                 hci_req_complete(hdev, status);
131                 break;
132
133         case OCF_SET_EVENT_FLT:
134                 status = *((__u8 *) skb->data);
135                 if (status) {
136                         BT_DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
137                 } else {
138                         BT_DBG("%s SET_EVENT_FLT succeseful", hdev->name);
139                 }
140                 break;
141
142         case OCF_WRITE_AUTH_ENABLE:
143                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE);
144                 if (!sent)
145                         break;
146
147                 status = *((__u8 *) skb->data);
148                 param  = *((__u8 *) sent);
149
150                 if (!status) {
151                         if (param == AUTH_ENABLED)
152                                 set_bit(HCI_AUTH, &hdev->flags);
153                         else
154                                 clear_bit(HCI_AUTH, &hdev->flags);
155                 }
156                 hci_req_complete(hdev, status);
157                 break;
158
159         case OCF_WRITE_ENCRYPT_MODE:
160                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE);
161                 if (!sent)
162                         break;
163
164                 status = *((__u8 *) skb->data);
165                 param  = *((__u8 *) sent);
166
167                 if (!status) {
168                         if (param)
169                                 set_bit(HCI_ENCRYPT, &hdev->flags);
170                         else
171                                 clear_bit(HCI_ENCRYPT, &hdev->flags);
172                 }
173                 hci_req_complete(hdev, status);
174                 break;
175
176         case OCF_WRITE_CA_TIMEOUT:
177                 status = *((__u8 *) skb->data);
178                 if (status) {
179                         BT_DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
180                 } else {
181                         BT_DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
182                 }
183                 break;
184
185         case OCF_WRITE_PG_TIMEOUT:
186                 status = *((__u8 *) skb->data);
187                 if (status) {
188                         BT_DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
189                 } else {
190                         BT_DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
191                 }
192                 break;
193
194         case OCF_WRITE_SCAN_ENABLE:
195                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE);
196                 if (!sent)
197                         break;
198
199                 status = *((__u8 *) skb->data);
200                 param  = *((__u8 *) sent);
201
202                 BT_DBG("param 0x%x", param);
203
204                 if (!status) {
205                         clear_bit(HCI_PSCAN, &hdev->flags);
206                         clear_bit(HCI_ISCAN, &hdev->flags);
207                         if (param & SCAN_INQUIRY) 
208                                 set_bit(HCI_ISCAN, &hdev->flags);
209
210                         if (param & SCAN_PAGE) 
211                                 set_bit(HCI_PSCAN, &hdev->flags);
212                 }
213                 hci_req_complete(hdev, status);
214                 break;
215
216         case OCF_READ_VOICE_SETTING:
217                 vs = (struct hci_rp_read_voice_setting *) skb->data;
218
219                 if (vs->status) {
220                         BT_DBG("%s READ_VOICE_SETTING failed %d", hdev->name, vs->status);
221                         break;
222                 }
223
224                 setting = __le16_to_cpu(vs->voice_setting);
225
226                 if (hdev->voice_setting != setting ) {
227                         hdev->voice_setting = setting;
228
229                         BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
230
231                         if (hdev->notify) {
232                                 tasklet_disable(&hdev->tx_task);
233                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
234                                 tasklet_enable(&hdev->tx_task);
235                         }
236                 }
237                 break;
238
239         case OCF_WRITE_VOICE_SETTING:
240                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING);
241                 if (!sent)
242                         break;
243
244                 status = *((__u8 *) skb->data);
245                 setting = __le16_to_cpu(get_unaligned((__u16 *) sent));
246
247                 if (!status && hdev->voice_setting != setting) {
248                         hdev->voice_setting = setting;
249
250                         BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
251
252                         if (hdev->notify) {
253                                 tasklet_disable(&hdev->tx_task);
254                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
255                                 tasklet_enable(&hdev->tx_task);
256                         }
257                 }
258                 hci_req_complete(hdev, status);
259                 break;
260
261         case OCF_HOST_BUFFER_SIZE:
262                 status = *((__u8 *) skb->data);
263                 if (status) {
264                         BT_DBG("%s OCF_BUFFER_SIZE failed %d", hdev->name, status);
265                         hci_req_complete(hdev, status);
266                 }
267                 break;
268
269         default:
270                 BT_DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
271                 break;
272         }
273 }
274
275 /* Command Complete OGF INFO_PARAM  */
276 static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
277 {
278         struct hci_rp_read_loc_features *lf;
279         struct hci_rp_read_buffer_size *bs;
280         struct hci_rp_read_bd_addr *ba;
281
282         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
283
284         switch (ocf) {
285         case OCF_READ_LOCAL_FEATURES:
286                 lf = (struct hci_rp_read_loc_features *) skb->data;
287
288                 if (lf->status) {
289                         BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
290                         break;
291                 }
292
293                 memcpy(hdev->features, lf->features, sizeof(hdev->features));
294
295                 /* Adjust default settings according to features 
296                  * supported by device. */
297                 if (hdev->features[0] & LMP_3SLOT)
298                         hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
299
300                 if (hdev->features[0] & LMP_5SLOT)
301                         hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
302
303                 if (hdev->features[1] & LMP_HV2)
304                         hdev->pkt_type |= (HCI_HV2);
305
306                 if (hdev->features[1] & LMP_HV3)
307                         hdev->pkt_type |= (HCI_HV3);
308
309                 BT_DBG("%s: features 0x%x 0x%x 0x%x", hdev->name, lf->features[0], lf->features[1], lf->features[2]);
310
311                 break;
312
313         case OCF_READ_BUFFER_SIZE:
314                 bs = (struct hci_rp_read_buffer_size *) skb->data;
315
316                 if (bs->status) {
317                         BT_DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
318                         hci_req_complete(hdev, bs->status);
319                         break;
320                 }
321
322                 hdev->acl_mtu  = __le16_to_cpu(bs->acl_mtu);
323                 hdev->sco_mtu  = bs->sco_mtu ? bs->sco_mtu : 64;
324                 hdev->acl_pkts = hdev->acl_cnt = __le16_to_cpu(bs->acl_max_pkt);
325                 hdev->sco_pkts = hdev->sco_cnt = __le16_to_cpu(bs->sco_max_pkt);
326
327                 BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
328                         hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts);
329                 break;
330
331         case OCF_READ_BD_ADDR:
332                 ba = (struct hci_rp_read_bd_addr *) skb->data;
333
334                 if (!ba->status) {
335                         bacpy(&hdev->bdaddr, &ba->bdaddr);
336                 } else {
337                         BT_DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
338                 }
339
340                 hci_req_complete(hdev, ba->status);
341                 break;
342
343         default:
344                 BT_DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
345                 break;
346         }
347 }
348
349 /* Command Status OGF LINK_CTL  */
350 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
351 {
352         struct hci_conn *conn;
353         struct hci_cp_create_conn *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
354
355         if (!cp)
356                 return;
357
358         hci_dev_lock(hdev);
359
360         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
361
362         BT_DBG("%s status 0x%x bdaddr %s conn %p", hdev->name,
363                         status, batostr(&cp->bdaddr), conn);
364
365         if (status) {
366                 if (conn && conn->state == BT_CONNECT) {
367                         conn->state = BT_CLOSED;
368                         hci_proto_connect_cfm(conn, status);
369                         hci_conn_del(conn);
370                 }
371         } else {
372                 if (!conn) {
373                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
374                         if (conn) {
375                                 conn->out = 1;
376                                 conn->link_mode |= HCI_LM_MASTER;
377                         } else
378                                 BT_ERR("No memmory for new connection");
379                 }
380         }
381
382         hci_dev_unlock(hdev);
383 }
384
385 static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
386 {
387         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
388
389         switch (ocf) {
390         case OCF_CREATE_CONN:
391                 hci_cs_create_conn(hdev, status);
392                 break;
393
394         case OCF_ADD_SCO:
395                 if (status) {
396                         struct hci_conn *acl, *sco;
397                         struct hci_cp_add_sco *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_ADD_SCO);
398                         __u16 handle;
399
400                         if (!cp)
401                                 break;
402
403                         handle = __le16_to_cpu(cp->handle);
404
405                         BT_DBG("%s Add SCO error: handle %d status 0x%x", hdev->name, handle, status);
406
407                         hci_dev_lock(hdev);
408
409                         acl = hci_conn_hash_lookup_handle(hdev, handle);
410                         if (acl && (sco = acl->link)) {
411                                 sco->state = BT_CLOSED;
412
413                                 hci_proto_connect_cfm(sco, status);
414                                 hci_conn_del(sco);
415                         }
416
417                         hci_dev_unlock(hdev);
418                 }
419                 break;
420
421         case OCF_INQUIRY:
422                 if (status) {
423                         BT_DBG("%s Inquiry error: status 0x%x", hdev->name, status);
424                         hci_req_complete(hdev, status);
425                 } else {
426                         set_bit(HCI_INQUIRY, &hdev->flags);
427                 }
428                 break;
429
430         default:
431                 BT_DBG("%s Command status: ogf LINK_CTL ocf %x status %d", 
432                         hdev->name, ocf, status);
433                 break;
434         }
435 }
436
437 /* Command Status OGF LINK_POLICY */
438 static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
439 {
440         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
441
442         switch (ocf) {
443         default:
444                 BT_DBG("%s Command status: ogf HOST_POLICY ocf %x", hdev->name, ocf);
445                 break;
446         }
447 }
448
449 /* Command Status OGF HOST_CTL */
450 static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
451 {
452         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
453
454         switch (ocf) {
455         default:
456                 BT_DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
457                 break;
458         }
459 }
460
461 /* Command Status OGF INFO_PARAM  */
462 static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
463 {
464         BT_DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
465
466         switch (ocf) {
467         default:
468                 BT_DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
469                 break;
470         }
471 }
472
473 /* Inquiry Complete */
474 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
475 {
476         __u8 status = *((__u8 *) skb->data);
477
478         BT_DBG("%s status %d", hdev->name, status);
479
480         clear_bit(HCI_INQUIRY, &hdev->flags);
481         hci_req_complete(hdev, status);
482 }
483
484 /* Inquiry Result */
485 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
486 {
487         struct inquiry_info *info = (struct inquiry_info *) (skb->data + 1);
488         int num_rsp = *((__u8 *) skb->data);
489
490         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
491
492         hci_dev_lock(hdev);
493         for (; num_rsp; num_rsp--) {
494                 struct inquiry_data data;
495                 bacpy(&data.bdaddr, &info->bdaddr);
496                 data.pscan_rep_mode     = info->pscan_rep_mode;
497                 data.pscan_period_mode  = info->pscan_period_mode;
498                 data.pscan_mode         = info->pscan_mode;
499                 memcpy(data.dev_class, info->dev_class, 3);
500                 data.clock_offset       = info->clock_offset;
501                 data.rssi               = 0x00;
502                 info++;
503                 hci_inquiry_cache_update(hdev, &data);
504         }
505         hci_dev_unlock(hdev);
506 }
507
508 /* Inquiry Result With RSSI */
509 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
510 {
511         struct inquiry_info_with_rssi *info = (struct inquiry_info_with_rssi *) (skb->data + 1);
512         int num_rsp = *((__u8 *) skb->data);
513
514         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
515
516         hci_dev_lock(hdev);
517         for (; num_rsp; num_rsp--) {
518                 struct inquiry_data data;
519                 bacpy(&data.bdaddr, &info->bdaddr);
520                 data.pscan_rep_mode     = info->pscan_rep_mode;
521                 data.pscan_period_mode  = info->pscan_period_mode;
522                 data.pscan_mode         = 0x00;
523                 memcpy(data.dev_class, info->dev_class, 3);
524                 data.clock_offset       = info->clock_offset;
525                 data.rssi               = info->rssi;
526                 info++;
527                 hci_inquiry_cache_update(hdev, &data);
528         }
529         hci_dev_unlock(hdev);
530 }
531
532 /* Connect Request */
533 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
534 {
535         struct hci_ev_conn_request *ev = (struct hci_ev_conn_request *) skb->data;
536         int mask = hdev->link_mode;
537
538         BT_DBG("%s Connection request: %s type 0x%x", hdev->name,
539                         batostr(&ev->bdaddr), ev->link_type);
540
541         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
542
543         if (mask & HCI_LM_ACCEPT) {
544                 /* Connection accepted */
545                 struct hci_conn *conn;
546                 struct hci_cp_accept_conn_req cp;
547
548                 hci_dev_lock(hdev);
549                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
550                 if (!conn) {
551                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
552                                 BT_ERR("No memmory for new connection");
553                                 hci_dev_unlock(hdev);
554                                 return;
555                         }
556                 }
557                 memcpy(conn->dev_class, ev->dev_class, 3);
558                 conn->state = BT_CONNECT;
559                 hci_dev_unlock(hdev);
560
561                 bacpy(&cp.bdaddr, &ev->bdaddr);
562
563                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
564                         cp.role = 0x00; /* Become master */
565                 else
566                         cp.role = 0x01; /* Remain slave */
567
568                 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp);
569         } else {
570                 /* Connection rejected */
571                 struct hci_cp_reject_conn_req cp;
572
573                 bacpy(&cp.bdaddr, &ev->bdaddr);
574                 cp.reason = 0x0f;
575                 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_REJECT_CONN_REQ, sizeof(cp), &cp);
576         }
577 }
578
579 /* Connect Complete */
580 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
581 {
582         struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
583         struct hci_conn *conn = NULL;
584
585         BT_DBG("%s", hdev->name);
586
587         hci_dev_lock(hdev);
588
589         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
590         if (!conn) {
591                 hci_dev_unlock(hdev);
592                 return;
593         }
594
595         if (!ev->status) {
596                 conn->handle = __le16_to_cpu(ev->handle);
597                 conn->state  = BT_CONNECTED;
598
599                 if (test_bit(HCI_AUTH, &hdev->flags))
600                         conn->link_mode |= HCI_LM_AUTH;
601
602                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
603                         conn->link_mode |= HCI_LM_ENCRYPT;
604
605                 /* Set link policy */
606                 if (conn->type == ACL_LINK && hdev->link_policy) {
607                         struct hci_cp_write_link_policy cp;
608                         cp.handle = ev->handle;
609                         cp.policy = __cpu_to_le16(hdev->link_policy);
610                         hci_send_cmd(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY, sizeof(cp), &cp);
611                 }
612
613                 /* Set packet type for incoming connection */
614                 if (!conn->out) {
615                         struct hci_cp_change_conn_ptype cp;
616                         cp.handle = ev->handle;
617                         cp.pkt_type = (conn->type == ACL_LINK) ? 
618                                 __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
619                                 __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
620
621                         hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
622                 }
623         } else
624                 conn->state = BT_CLOSED;
625
626         if (conn->type == ACL_LINK) {
627                 struct hci_conn *sco = conn->link;
628                 if (sco) {
629                         if (!ev->status)
630                                 hci_add_sco(sco, conn->handle);
631                         else {
632                                 hci_proto_connect_cfm(sco, ev->status);
633                                 hci_conn_del(sco);
634                         }
635                 }
636         }
637
638         hci_proto_connect_cfm(conn, ev->status);
639         if (ev->status)
640                 hci_conn_del(conn);
641
642         hci_dev_unlock(hdev);
643 }
644
645 /* Disconnect Complete */
646 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
647 {
648         struct hci_ev_disconn_complete *ev = (struct hci_ev_disconn_complete *) skb->data;
649         struct hci_conn *conn = NULL;
650         __u16 handle = __le16_to_cpu(ev->handle);
651
652         BT_DBG("%s status %d", hdev->name, ev->status);
653
654         if (ev->status)
655                 return;
656
657         hci_dev_lock(hdev);
658
659         conn = hci_conn_hash_lookup_handle(hdev, handle);
660         if (conn) {
661                 conn->state = BT_CLOSED;
662                 hci_proto_disconn_ind(conn, ev->reason);
663                 hci_conn_del(conn);
664         }
665
666         hci_dev_unlock(hdev);
667 }
668
669 /* Number of completed packets */
670 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
671 {
672         struct hci_ev_num_comp_pkts *ev = (struct hci_ev_num_comp_pkts *) skb->data;
673         __u16 *ptr;
674         int i;
675
676         skb_pull(skb, sizeof(*ev));
677
678         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
679
680         if (skb->len < ev->num_hndl * 4) {
681                 BT_DBG("%s bad parameters", hdev->name);
682                 return;
683         }
684
685         tasklet_disable(&hdev->tx_task);
686
687         for (i = 0, ptr = (__u16 *) skb->data; i < ev->num_hndl; i++) {
688                 struct hci_conn *conn;
689                 __u16  handle, count;
690
691                 handle = __le16_to_cpu(get_unaligned(ptr++));
692                 count  = __le16_to_cpu(get_unaligned(ptr++));
693
694                 conn = hci_conn_hash_lookup_handle(hdev, handle);
695                 if (conn) {
696                         conn->sent -= count;
697
698                         if (conn->type == SCO_LINK) {
699                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
700                                         hdev->sco_cnt = hdev->sco_pkts;
701                         } else {
702                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
703                                         hdev->acl_cnt = hdev->acl_pkts;
704                         }
705                 }
706         }
707         hci_sched_tx(hdev);
708
709         tasklet_enable(&hdev->tx_task);
710 }
711
712 /* Role Change */
713 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
714 {
715         struct hci_ev_role_change *ev = (struct hci_ev_role_change *) skb->data;
716         struct hci_conn *conn = NULL;
717
718         BT_DBG("%s status %d", hdev->name, ev->status);
719
720         hci_dev_lock(hdev);
721
722         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
723         if (conn) {
724                 if (!ev->status) {
725                         if (ev->role)
726                                 conn->link_mode &= ~HCI_LM_MASTER;
727                         else
728                                 conn->link_mode |= HCI_LM_MASTER;
729                 }
730
731                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
732
733                 hci_role_switch_cfm(conn, ev->status, ev->role);
734         }
735
736         hci_dev_unlock(hdev);
737 }
738
739 /* Authentication Complete */
740 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
741 {
742         struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data;
743         struct hci_conn *conn = NULL;
744         __u16 handle = __le16_to_cpu(ev->handle);
745
746         BT_DBG("%s status %d", hdev->name, ev->status);
747
748         hci_dev_lock(hdev);
749
750         conn = hci_conn_hash_lookup_handle(hdev, handle);
751         if (conn) {
752                 if (!ev->status)
753                         conn->link_mode |= HCI_LM_AUTH;
754
755                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
756
757                 hci_auth_cfm(conn, ev->status);
758
759                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
760                         if (!ev->status) {
761                                 struct hci_cp_set_conn_encrypt cp;
762                                 cp.handle  = __cpu_to_le16(conn->handle);
763                                 cp.encrypt = 1;
764                                 hci_send_cmd(conn->hdev, OGF_LINK_CTL,
765                                                 OCF_SET_CONN_ENCRYPT,
766                                                 sizeof(cp), &cp);
767                         } else {
768                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
769                                 hci_encrypt_cfm(conn, ev->status, 0x00);
770                         }
771                 }
772         }
773
774         hci_dev_unlock(hdev);
775 }
776
777 /* Encryption Change */
778 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
779 {
780         struct hci_ev_encrypt_change *ev = (struct hci_ev_encrypt_change *) skb->data;
781         struct hci_conn *conn = NULL;
782         __u16 handle = __le16_to_cpu(ev->handle);
783
784         BT_DBG("%s status %d", hdev->name, ev->status);
785
786         hci_dev_lock(hdev);
787
788         conn = hci_conn_hash_lookup_handle(hdev, handle);
789         if (conn) {
790                 if (!ev->status) {
791                         if (ev->encrypt)
792                                 conn->link_mode |= HCI_LM_ENCRYPT;
793                         else
794                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
795                 }
796
797                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
798
799                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
800         }
801
802         hci_dev_unlock(hdev);
803 }
804
805 /* Change Connection Link Key Complete */
806 static inline void hci_change_conn_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
807 {
808         struct hci_ev_change_conn_link_key_complete *ev = (struct hci_ev_change_conn_link_key_complete *) skb->data;
809         struct hci_conn *conn = NULL;
810         __u16 handle = __le16_to_cpu(ev->handle);
811
812         BT_DBG("%s status %d", hdev->name, ev->status);
813
814         hci_dev_lock(hdev);
815
816         conn = hci_conn_hash_lookup_handle(hdev, handle);
817         if (conn) {
818                 if (!ev->status)
819                         conn->link_mode |= HCI_LM_SECURE;
820
821                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
822
823                 hci_key_change_cfm(conn, ev->status);
824         }
825
826         hci_dev_unlock(hdev);
827 }
828
829 /* Pin Code Request*/
830 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
831 {
832 }
833
834 /* Link Key Request */
835 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
836 {
837 }
838
839 /* Link Key Notification */
840 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
841 {
842 }
843
844 /* Clock Offset */
845 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
846 {
847         struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data;
848         struct hci_conn *conn = NULL;
849         __u16 handle = __le16_to_cpu(ev->handle);
850
851         BT_DBG("%s status %d", hdev->name, ev->status);
852
853         hci_dev_lock(hdev);
854
855         conn = hci_conn_hash_lookup_handle(hdev, handle);
856         if (conn && !ev->status) {
857                 struct inquiry_entry *ie;
858
859                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
860                         ie->data.clock_offset = ev->clock_offset;
861                         ie->timestamp = jiffies;
862                 }
863         }
864
865         hci_dev_unlock(hdev);
866 }
867
868 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
869 {
870         struct hci_event_hdr *hdr = (struct hci_event_hdr *) skb->data;
871         struct hci_ev_cmd_complete *ec;
872         struct hci_ev_cmd_status *cs;
873         u16 opcode, ocf, ogf;
874
875         skb_pull(skb, HCI_EVENT_HDR_SIZE);
876
877         BT_DBG("%s evt 0x%x", hdev->name, hdr->evt);
878
879         switch (hdr->evt) {
880         case HCI_EV_NUM_COMP_PKTS:
881                 hci_num_comp_pkts_evt(hdev, skb);
882                 break;
883
884         case HCI_EV_INQUIRY_COMPLETE:
885                 hci_inquiry_complete_evt(hdev, skb);
886                 break;
887
888         case HCI_EV_INQUIRY_RESULT:
889                 hci_inquiry_result_evt(hdev, skb);
890                 break;
891
892         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
893                 hci_inquiry_result_with_rssi_evt(hdev, skb);
894                 break;
895
896         case HCI_EV_CONN_REQUEST:
897                 hci_conn_request_evt(hdev, skb);
898                 break;
899
900         case HCI_EV_CONN_COMPLETE:
901                 hci_conn_complete_evt(hdev, skb);
902                 break;
903
904         case HCI_EV_DISCONN_COMPLETE:
905                 hci_disconn_complete_evt(hdev, skb);
906                 break;
907
908         case HCI_EV_ROLE_CHANGE:
909                 hci_role_change_evt(hdev, skb);
910                 break;
911
912         case HCI_EV_AUTH_COMPLETE:
913                 hci_auth_complete_evt(hdev, skb);
914                 break;
915
916         case HCI_EV_ENCRYPT_CHANGE:
917                 hci_encrypt_change_evt(hdev, skb);
918                 break;
919
920         case HCI_EV_CHANGE_CONN_LINK_KEY_COMPLETE:
921                 hci_change_conn_link_key_complete_evt(hdev, skb);
922                 break;
923
924         case HCI_EV_PIN_CODE_REQ:
925                 hci_pin_code_request_evt(hdev, skb);
926                 break;
927
928         case HCI_EV_LINK_KEY_REQ:
929                 hci_link_key_request_evt(hdev, skb);
930                 break;
931
932         case HCI_EV_LINK_KEY_NOTIFY:
933                 hci_link_key_notify_evt(hdev, skb);
934                 break;
935
936         case HCI_EV_CLOCK_OFFSET:
937                 hci_clock_offset_evt(hdev, skb);
938                 break;
939
940         case HCI_EV_CMD_STATUS:
941                 cs = (struct hci_ev_cmd_status *) skb->data;
942                 skb_pull(skb, sizeof(cs));
943
944                 opcode = __le16_to_cpu(cs->opcode);
945                 ogf = hci_opcode_ogf(opcode);
946                 ocf = hci_opcode_ocf(opcode);
947
948                 switch (ogf) {
949                 case OGF_INFO_PARAM:
950                         hci_cs_info_param(hdev, ocf, cs->status);
951                         break;
952
953                 case OGF_HOST_CTL:
954                         hci_cs_host_ctl(hdev, ocf, cs->status);
955                         break;
956
957                 case OGF_LINK_CTL:
958                         hci_cs_link_ctl(hdev, ocf, cs->status);
959                         break;
960
961                 case OGF_LINK_POLICY:
962                         hci_cs_link_policy(hdev, ocf, cs->status);
963                         break;
964
965                 default:
966                         BT_DBG("%s Command Status OGF %x", hdev->name, ogf);
967                         break;
968                 }
969
970                 if (cs->ncmd) {
971                         atomic_set(&hdev->cmd_cnt, 1);
972                         if (!skb_queue_empty(&hdev->cmd_q))
973                                 hci_sched_cmd(hdev);
974                 }
975                 break;
976
977         case HCI_EV_CMD_COMPLETE:
978                 ec = (struct hci_ev_cmd_complete *) skb->data;
979                 skb_pull(skb, sizeof(*ec));
980
981                 opcode = __le16_to_cpu(ec->opcode);
982                 ogf = hci_opcode_ogf(opcode);
983                 ocf = hci_opcode_ocf(opcode);
984
985                 switch (ogf) {
986                 case OGF_INFO_PARAM:
987                         hci_cc_info_param(hdev, ocf, skb);
988                         break;
989
990                 case OGF_HOST_CTL:
991                         hci_cc_host_ctl(hdev, ocf, skb);
992                         break;
993
994                 case OGF_LINK_CTL:
995                         hci_cc_link_ctl(hdev, ocf, skb);
996                         break;
997
998                 case OGF_LINK_POLICY:
999                         hci_cc_link_policy(hdev, ocf, skb);
1000                         break;
1001
1002                 default:
1003                         BT_DBG("%s Command Completed OGF %x", hdev->name, ogf);
1004                         break;
1005                 }
1006
1007                 if (ec->ncmd) {
1008                         atomic_set(&hdev->cmd_cnt, 1);
1009                         if (!skb_queue_empty(&hdev->cmd_q))
1010                                 hci_sched_cmd(hdev);
1011                 }
1012                 break;
1013         }
1014
1015         kfree_skb(skb);
1016         hdev->stat.evt_rx++;
1017 }
1018
1019 /* Generate internal stack event */
1020 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1021 {
1022         struct hci_event_hdr *hdr;
1023         struct hci_ev_stack_internal *ev;
1024         struct sk_buff *skb;
1025
1026         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1027         if (!skb)
1028                 return;
1029
1030         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1031         hdr->evt  = HCI_EV_STACK_INTERNAL;
1032         hdr->plen = sizeof(*ev) + dlen;
1033
1034         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1035         ev->type = type;
1036         memcpy(ev->data, data, dlen);
1037
1038         bt_cb(skb)->incoming = 1;
1039         do_gettimeofday(&skb->stamp);
1040
1041         skb->pkt_type = HCI_EVENT_PKT;
1042         skb->dev = (void *) hdev;
1043         hci_send_to_sock(hdev, skb);
1044         kfree_skb(skb);
1045 }