Merge branch 'devel' of master.kernel.org:/home/rmk/linux-2.6-arm
[linux-2.6] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
49 #undef  BT_DBG
50 #define BT_DBG(D...)
51 #endif
52
53 /* Handle HCI Event packets */
54
55 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
56 {
57         __u8 status = *((__u8 *) skb->data);
58
59         BT_DBG("%s status 0x%x", hdev->name, status);
60
61         if (status)
62                 return;
63
64         clear_bit(HCI_INQUIRY, &hdev->flags);
65
66         hci_req_complete(hdev, status);
67
68         hci_conn_check_pending(hdev);
69 }
70
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 {
73         __u8 status = *((__u8 *) skb->data);
74
75         BT_DBG("%s status 0x%x", hdev->name, status);
76
77         if (status)
78                 return;
79
80         clear_bit(HCI_INQUIRY, &hdev->flags);
81
82         hci_conn_check_pending(hdev);
83 }
84
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 {
87         BT_DBG("%s", hdev->name);
88 }
89
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 {
92         struct hci_rp_role_discovery *rp = (void *) skb->data;
93         struct hci_conn *conn;
94
95         BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97         if (rp->status)
98                 return;
99
100         hci_dev_lock(hdev);
101
102         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103         if (conn) {
104                 if (rp->role)
105                         conn->link_mode &= ~HCI_LM_MASTER;
106                 else
107                         conn->link_mode |= HCI_LM_MASTER;
108         }
109
110         hci_dev_unlock(hdev);
111 }
112
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 {
115         struct hci_rp_read_link_policy *rp = (void *) skb->data;
116         struct hci_conn *conn;
117
118         BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120         if (rp->status)
121                 return;
122
123         hci_dev_lock(hdev);
124
125         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126         if (conn)
127                 conn->link_policy = __le16_to_cpu(rp->policy);
128
129         hci_dev_unlock(hdev);
130 }
131
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 {
134         struct hci_rp_write_link_policy *rp = (void *) skb->data;
135         struct hci_conn *conn;
136         void *sent;
137
138         BT_DBG("%s status 0x%x", hdev->name, rp->status);
139
140         if (rp->status)
141                 return;
142
143         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144         if (!sent)
145                 return;
146
147         hci_dev_lock(hdev);
148
149         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150         if (conn)
151                 conn->link_policy = get_unaligned_le16(sent + 2);
152
153         hci_dev_unlock(hdev);
154 }
155
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 {
158         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160         BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162         if (rp->status)
163                 return;
164
165         hdev->link_policy = __le16_to_cpu(rp->policy);
166 }
167
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 {
170         __u8 status = *((__u8 *) skb->data);
171         void *sent;
172
173         BT_DBG("%s status 0x%x", hdev->name, status);
174
175         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176         if (!sent)
177                 return;
178
179         if (!status)
180                 hdev->link_policy = get_unaligned_le16(sent);
181
182         hci_req_complete(hdev, status);
183 }
184
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 {
187         __u8 status = *((__u8 *) skb->data);
188
189         BT_DBG("%s status 0x%x", hdev->name, status);
190
191         hci_req_complete(hdev, status);
192 }
193
194 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
195 {
196         __u8 status = *((__u8 *) skb->data);
197         void *sent;
198
199         BT_DBG("%s status 0x%x", hdev->name, status);
200
201         if (status)
202                 return;
203
204         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
205         if (!sent)
206                 return;
207
208         memcpy(hdev->dev_name, sent, 248);
209 }
210
211 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
212 {
213         struct hci_rp_read_local_name *rp = (void *) skb->data;
214
215         BT_DBG("%s status 0x%x", hdev->name, rp->status);
216
217         if (rp->status)
218                 return;
219
220         memcpy(hdev->dev_name, rp->name, 248);
221 }
222
223 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
224 {
225         __u8 status = *((__u8 *) skb->data);
226         void *sent;
227
228         BT_DBG("%s status 0x%x", hdev->name, status);
229
230         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
231         if (!sent)
232                 return;
233
234         if (!status) {
235                 __u8 param = *((__u8 *) sent);
236
237                 if (param == AUTH_ENABLED)
238                         set_bit(HCI_AUTH, &hdev->flags);
239                 else
240                         clear_bit(HCI_AUTH, &hdev->flags);
241         }
242
243         hci_req_complete(hdev, status);
244 }
245
246 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
247 {
248         __u8 status = *((__u8 *) skb->data);
249         void *sent;
250
251         BT_DBG("%s status 0x%x", hdev->name, status);
252
253         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
254         if (!sent)
255                 return;
256
257         if (!status) {
258                 __u8 param = *((__u8 *) sent);
259
260                 if (param)
261                         set_bit(HCI_ENCRYPT, &hdev->flags);
262                 else
263                         clear_bit(HCI_ENCRYPT, &hdev->flags);
264         }
265
266         hci_req_complete(hdev, status);
267 }
268
269 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
270 {
271         __u8 status = *((__u8 *) skb->data);
272         void *sent;
273
274         BT_DBG("%s status 0x%x", hdev->name, status);
275
276         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
277         if (!sent)
278                 return;
279
280         if (!status) {
281                 __u8 param = *((__u8 *) sent);
282
283                 clear_bit(HCI_PSCAN, &hdev->flags);
284                 clear_bit(HCI_ISCAN, &hdev->flags);
285
286                 if (param & SCAN_INQUIRY)
287                         set_bit(HCI_ISCAN, &hdev->flags);
288
289                 if (param & SCAN_PAGE)
290                         set_bit(HCI_PSCAN, &hdev->flags);
291         }
292
293         hci_req_complete(hdev, status);
294 }
295
296 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
297 {
298         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
299
300         BT_DBG("%s status 0x%x", hdev->name, rp->status);
301
302         if (rp->status)
303                 return;
304
305         memcpy(hdev->dev_class, rp->dev_class, 3);
306
307         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
308                 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
309 }
310
311 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
312 {
313         __u8 status = *((__u8 *) skb->data);
314         void *sent;
315
316         BT_DBG("%s status 0x%x", hdev->name, status);
317
318         if (status)
319                 return;
320
321         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
322         if (!sent)
323                 return;
324
325         memcpy(hdev->dev_class, sent, 3);
326 }
327
328 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
329 {
330         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
331         __u16 setting;
332
333         BT_DBG("%s status 0x%x", hdev->name, rp->status);
334
335         if (rp->status)
336                 return;
337
338         setting = __le16_to_cpu(rp->voice_setting);
339
340         if (hdev->voice_setting == setting)
341                 return;
342
343         hdev->voice_setting = setting;
344
345         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
346
347         if (hdev->notify) {
348                 tasklet_disable(&hdev->tx_task);
349                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
350                 tasklet_enable(&hdev->tx_task);
351         }
352 }
353
354 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
355 {
356         __u8 status = *((__u8 *) skb->data);
357         __u16 setting;
358         void *sent;
359
360         BT_DBG("%s status 0x%x", hdev->name, status);
361
362         if (status)
363                 return;
364
365         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
366         if (!sent)
367                 return;
368
369         setting = get_unaligned_le16(sent);
370
371         if (hdev->voice_setting == setting)
372                 return;
373
374         hdev->voice_setting = setting;
375
376         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
377
378         if (hdev->notify) {
379                 tasklet_disable(&hdev->tx_task);
380                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
381                 tasklet_enable(&hdev->tx_task);
382         }
383 }
384
385 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
386 {
387         __u8 status = *((__u8 *) skb->data);
388
389         BT_DBG("%s status 0x%x", hdev->name, status);
390
391         hci_req_complete(hdev, status);
392 }
393
394 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
395 {
396         struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
397
398         BT_DBG("%s status 0x%x", hdev->name, rp->status);
399
400         if (rp->status)
401                 return;
402
403         hdev->ssp_mode = rp->mode;
404 }
405
406 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
407 {
408         __u8 status = *((__u8 *) skb->data);
409         void *sent;
410
411         BT_DBG("%s status 0x%x", hdev->name, status);
412
413         if (status)
414                 return;
415
416         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
417         if (!sent)
418                 return;
419
420         hdev->ssp_mode = *((__u8 *) sent);
421 }
422
423 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
424 {
425         struct hci_rp_read_local_version *rp = (void *) skb->data;
426
427         BT_DBG("%s status 0x%x", hdev->name, rp->status);
428
429         if (rp->status)
430                 return;
431
432         hdev->hci_ver = rp->hci_ver;
433         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
434         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
435
436         BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
437                                         hdev->manufacturer,
438                                         hdev->hci_ver, hdev->hci_rev);
439 }
440
441 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
442 {
443         struct hci_rp_read_local_commands *rp = (void *) skb->data;
444
445         BT_DBG("%s status 0x%x", hdev->name, rp->status);
446
447         if (rp->status)
448                 return;
449
450         memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
451 }
452
453 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
454 {
455         struct hci_rp_read_local_features *rp = (void *) skb->data;
456
457         BT_DBG("%s status 0x%x", hdev->name, rp->status);
458
459         if (rp->status)
460                 return;
461
462         memcpy(hdev->features, rp->features, 8);
463
464         /* Adjust default settings according to features
465          * supported by device. */
466
467         if (hdev->features[0] & LMP_3SLOT)
468                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
469
470         if (hdev->features[0] & LMP_5SLOT)
471                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
472
473         if (hdev->features[1] & LMP_HV2) {
474                 hdev->pkt_type  |= (HCI_HV2);
475                 hdev->esco_type |= (ESCO_HV2);
476         }
477
478         if (hdev->features[1] & LMP_HV3) {
479                 hdev->pkt_type  |= (HCI_HV3);
480                 hdev->esco_type |= (ESCO_HV3);
481         }
482
483         if (hdev->features[3] & LMP_ESCO)
484                 hdev->esco_type |= (ESCO_EV3);
485
486         if (hdev->features[4] & LMP_EV4)
487                 hdev->esco_type |= (ESCO_EV4);
488
489         if (hdev->features[4] & LMP_EV5)
490                 hdev->esco_type |= (ESCO_EV5);
491
492         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
493                                         hdev->features[0], hdev->features[1],
494                                         hdev->features[2], hdev->features[3],
495                                         hdev->features[4], hdev->features[5],
496                                         hdev->features[6], hdev->features[7]);
497 }
498
499 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
500 {
501         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
502
503         BT_DBG("%s status 0x%x", hdev->name, rp->status);
504
505         if (rp->status)
506                 return;
507
508         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
509         hdev->sco_mtu  = rp->sco_mtu;
510         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
511         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
512
513         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
514                 hdev->sco_mtu  = 64;
515                 hdev->sco_pkts = 8;
516         }
517
518         hdev->acl_cnt = hdev->acl_pkts;
519         hdev->sco_cnt = hdev->sco_pkts;
520
521         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
522                                         hdev->acl_mtu, hdev->acl_pkts,
523                                         hdev->sco_mtu, hdev->sco_pkts);
524 }
525
526 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
527 {
528         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
529
530         BT_DBG("%s status 0x%x", hdev->name, rp->status);
531
532         if (!rp->status)
533                 bacpy(&hdev->bdaddr, &rp->bdaddr);
534
535         hci_req_complete(hdev, rp->status);
536 }
537
538 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
539 {
540         BT_DBG("%s status 0x%x", hdev->name, status);
541
542         if (status) {
543                 hci_req_complete(hdev, status);
544
545                 hci_conn_check_pending(hdev);
546         } else
547                 set_bit(HCI_INQUIRY, &hdev->flags);
548 }
549
550 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
551 {
552         struct hci_cp_create_conn *cp;
553         struct hci_conn *conn;
554
555         BT_DBG("%s status 0x%x", hdev->name, status);
556
557         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
558         if (!cp)
559                 return;
560
561         hci_dev_lock(hdev);
562
563         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
564
565         BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
566
567         if (status) {
568                 if (conn && conn->state == BT_CONNECT) {
569                         if (status != 0x0c || conn->attempt > 2) {
570                                 conn->state = BT_CLOSED;
571                                 hci_proto_connect_cfm(conn, status);
572                                 hci_conn_del(conn);
573                         } else
574                                 conn->state = BT_CONNECT2;
575                 }
576         } else {
577                 if (!conn) {
578                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
579                         if (conn) {
580                                 conn->out = 1;
581                                 conn->link_mode |= HCI_LM_MASTER;
582                         } else
583                                 BT_ERR("No memmory for new connection");
584                 }
585         }
586
587         hci_dev_unlock(hdev);
588 }
589
590 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
591 {
592         struct hci_cp_add_sco *cp;
593         struct hci_conn *acl, *sco;
594         __u16 handle;
595
596         BT_DBG("%s status 0x%x", hdev->name, status);
597
598         if (!status)
599                 return;
600
601         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
602         if (!cp)
603                 return;
604
605         handle = __le16_to_cpu(cp->handle);
606
607         BT_DBG("%s handle %d", hdev->name, handle);
608
609         hci_dev_lock(hdev);
610
611         acl = hci_conn_hash_lookup_handle(hdev, handle);
612         if (acl && (sco = acl->link)) {
613                 sco->state = BT_CLOSED;
614
615                 hci_proto_connect_cfm(sco, status);
616                 hci_conn_del(sco);
617         }
618
619         hci_dev_unlock(hdev);
620 }
621
622 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
623 {
624         struct hci_cp_auth_requested *cp;
625         struct hci_conn *conn;
626
627         BT_DBG("%s status 0x%x", hdev->name, status);
628
629         if (!status)
630                 return;
631
632         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
633         if (!cp)
634                 return;
635
636         hci_dev_lock(hdev);
637
638         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
639         if (conn) {
640                 if (conn->state == BT_CONFIG) {
641                         hci_proto_connect_cfm(conn, status);
642                         hci_conn_put(conn);
643                 }
644         }
645
646         hci_dev_unlock(hdev);
647 }
648
649 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
650 {
651         struct hci_cp_set_conn_encrypt *cp;
652         struct hci_conn *conn;
653
654         BT_DBG("%s status 0x%x", hdev->name, status);
655
656         if (!status)
657                 return;
658
659         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
660         if (!cp)
661                 return;
662
663         hci_dev_lock(hdev);
664
665         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
666         if (conn) {
667                 if (conn->state == BT_CONFIG) {
668                         hci_proto_connect_cfm(conn, status);
669                         hci_conn_put(conn);
670                 }
671         }
672
673         hci_dev_unlock(hdev);
674 }
675
676 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
677 {
678         BT_DBG("%s status 0x%x", hdev->name, status);
679 }
680
681 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
682 {
683         struct hci_cp_read_remote_features *cp;
684         struct hci_conn *conn;
685
686         BT_DBG("%s status 0x%x", hdev->name, status);
687
688         if (!status)
689                 return;
690
691         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
692         if (!cp)
693                 return;
694
695         hci_dev_lock(hdev);
696
697         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
698         if (conn) {
699                 if (conn->state == BT_CONFIG) {
700                         hci_proto_connect_cfm(conn, status);
701                         hci_conn_put(conn);
702                 }
703         }
704
705         hci_dev_unlock(hdev);
706 }
707
708 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
709 {
710         struct hci_cp_read_remote_ext_features *cp;
711         struct hci_conn *conn;
712
713         BT_DBG("%s status 0x%x", hdev->name, status);
714
715         if (!status)
716                 return;
717
718         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
719         if (!cp)
720                 return;
721
722         hci_dev_lock(hdev);
723
724         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
725         if (conn) {
726                 if (conn->state == BT_CONFIG) {
727                         hci_proto_connect_cfm(conn, status);
728                         hci_conn_put(conn);
729                 }
730         }
731
732         hci_dev_unlock(hdev);
733 }
734
735 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
736 {
737         struct hci_cp_setup_sync_conn *cp;
738         struct hci_conn *acl, *sco;
739         __u16 handle;
740
741         BT_DBG("%s status 0x%x", hdev->name, status);
742
743         if (!status)
744                 return;
745
746         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
747         if (!cp)
748                 return;
749
750         handle = __le16_to_cpu(cp->handle);
751
752         BT_DBG("%s handle %d", hdev->name, handle);
753
754         hci_dev_lock(hdev);
755
756         acl = hci_conn_hash_lookup_handle(hdev, handle);
757         if (acl && (sco = acl->link)) {
758                 sco->state = BT_CLOSED;
759
760                 hci_proto_connect_cfm(sco, status);
761                 hci_conn_del(sco);
762         }
763
764         hci_dev_unlock(hdev);
765 }
766
767 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
768 {
769         struct hci_cp_sniff_mode *cp;
770         struct hci_conn *conn;
771
772         BT_DBG("%s status 0x%x", hdev->name, status);
773
774         if (!status)
775                 return;
776
777         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
778         if (!cp)
779                 return;
780
781         hci_dev_lock(hdev);
782
783         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
784         if (conn)
785                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
786
787         hci_dev_unlock(hdev);
788 }
789
790 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
791 {
792         struct hci_cp_exit_sniff_mode *cp;
793         struct hci_conn *conn;
794
795         BT_DBG("%s status 0x%x", hdev->name, status);
796
797         if (!status)
798                 return;
799
800         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
801         if (!cp)
802                 return;
803
804         hci_dev_lock(hdev);
805
806         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
807         if (conn)
808                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
809
810         hci_dev_unlock(hdev);
811 }
812
813 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
814 {
815         __u8 status = *((__u8 *) skb->data);
816
817         BT_DBG("%s status %d", hdev->name, status);
818
819         clear_bit(HCI_INQUIRY, &hdev->flags);
820
821         hci_req_complete(hdev, status);
822
823         hci_conn_check_pending(hdev);
824 }
825
826 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
827 {
828         struct inquiry_data data;
829         struct inquiry_info *info = (void *) (skb->data + 1);
830         int num_rsp = *((__u8 *) skb->data);
831
832         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
833
834         if (!num_rsp)
835                 return;
836
837         hci_dev_lock(hdev);
838
839         for (; num_rsp; num_rsp--) {
840                 bacpy(&data.bdaddr, &info->bdaddr);
841                 data.pscan_rep_mode     = info->pscan_rep_mode;
842                 data.pscan_period_mode  = info->pscan_period_mode;
843                 data.pscan_mode         = info->pscan_mode;
844                 memcpy(data.dev_class, info->dev_class, 3);
845                 data.clock_offset       = info->clock_offset;
846                 data.rssi               = 0x00;
847                 data.ssp_mode           = 0x00;
848                 info++;
849                 hci_inquiry_cache_update(hdev, &data);
850         }
851
852         hci_dev_unlock(hdev);
853 }
854
855 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
856 {
857         struct hci_ev_conn_complete *ev = (void *) skb->data;
858         struct hci_conn *conn;
859
860         BT_DBG("%s", hdev->name);
861
862         hci_dev_lock(hdev);
863
864         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
865         if (!conn)
866                 goto unlock;
867
868         if (!ev->status) {
869                 conn->handle = __le16_to_cpu(ev->handle);
870
871                 if (conn->type == ACL_LINK) {
872                         conn->state = BT_CONFIG;
873                         hci_conn_hold(conn);
874                 } else
875                         conn->state = BT_CONNECTED;
876
877                 hci_conn_add_sysfs(conn);
878
879                 if (test_bit(HCI_AUTH, &hdev->flags))
880                         conn->link_mode |= HCI_LM_AUTH;
881
882                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
883                         conn->link_mode |= HCI_LM_ENCRYPT;
884
885                 /* Get remote features */
886                 if (conn->type == ACL_LINK) {
887                         struct hci_cp_read_remote_features cp;
888                         cp.handle = ev->handle;
889                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
890                                                         sizeof(cp), &cp);
891                 }
892
893                 /* Set packet type for incoming connection */
894                 if (!conn->out && hdev->hci_ver < 3) {
895                         struct hci_cp_change_conn_ptype cp;
896                         cp.handle = ev->handle;
897                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
898                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
899                                                         sizeof(cp), &cp);
900                 }
901         } else
902                 conn->state = BT_CLOSED;
903
904         if (conn->type == ACL_LINK) {
905                 struct hci_conn *sco = conn->link;
906                 if (sco) {
907                         if (!ev->status) {
908                                 if (lmp_esco_capable(hdev))
909                                         hci_setup_sync(sco, conn->handle);
910                                 else
911                                         hci_add_sco(sco, conn->handle);
912                         } else {
913                                 hci_proto_connect_cfm(sco, ev->status);
914                                 hci_conn_del(sco);
915                         }
916                 }
917         }
918
919         if (ev->status) {
920                 hci_proto_connect_cfm(conn, ev->status);
921                 hci_conn_del(conn);
922         }
923
924 unlock:
925         hci_dev_unlock(hdev);
926
927         hci_conn_check_pending(hdev);
928 }
929
930 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
931 {
932         struct hci_ev_conn_request *ev = (void *) skb->data;
933         int mask = hdev->link_mode;
934
935         BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
936                                         batostr(&ev->bdaddr), ev->link_type);
937
938         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
939
940         if (mask & HCI_LM_ACCEPT) {
941                 /* Connection accepted */
942                 struct inquiry_entry *ie;
943                 struct hci_conn *conn;
944
945                 hci_dev_lock(hdev);
946
947                 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
948                         memcpy(ie->data.dev_class, ev->dev_class, 3);
949
950                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
951                 if (!conn) {
952                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
953                                 BT_ERR("No memmory for new connection");
954                                 hci_dev_unlock(hdev);
955                                 return;
956                         }
957                 }
958
959                 memcpy(conn->dev_class, ev->dev_class, 3);
960                 conn->state = BT_CONNECT;
961
962                 hci_dev_unlock(hdev);
963
964                 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
965                         struct hci_cp_accept_conn_req cp;
966
967                         bacpy(&cp.bdaddr, &ev->bdaddr);
968
969                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
970                                 cp.role = 0x00; /* Become master */
971                         else
972                                 cp.role = 0x01; /* Remain slave */
973
974                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
975                                                         sizeof(cp), &cp);
976                 } else {
977                         struct hci_cp_accept_sync_conn_req cp;
978
979                         bacpy(&cp.bdaddr, &ev->bdaddr);
980                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
981
982                         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
983                         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
984                         cp.max_latency    = cpu_to_le16(0xffff);
985                         cp.content_format = cpu_to_le16(hdev->voice_setting);
986                         cp.retrans_effort = 0xff;
987
988                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
989                                                         sizeof(cp), &cp);
990                 }
991         } else {
992                 /* Connection rejected */
993                 struct hci_cp_reject_conn_req cp;
994
995                 bacpy(&cp.bdaddr, &ev->bdaddr);
996                 cp.reason = 0x0f;
997                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
998         }
999 }
1000
1001 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1002 {
1003         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1004         struct hci_conn *conn;
1005
1006         BT_DBG("%s status %d", hdev->name, ev->status);
1007
1008         if (ev->status)
1009                 return;
1010
1011         hci_dev_lock(hdev);
1012
1013         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1014         if (conn) {
1015                 conn->state = BT_CLOSED;
1016
1017                 hci_conn_del_sysfs(conn);
1018
1019                 hci_proto_disconn_ind(conn, ev->reason);
1020                 hci_conn_del(conn);
1021         }
1022
1023         hci_dev_unlock(hdev);
1024 }
1025
1026 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1027 {
1028         struct hci_ev_auth_complete *ev = (void *) skb->data;
1029         struct hci_conn *conn;
1030
1031         BT_DBG("%s status %d", hdev->name, ev->status);
1032
1033         hci_dev_lock(hdev);
1034
1035         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1036         if (conn) {
1037                 if (!ev->status)
1038                         conn->link_mode |= HCI_LM_AUTH;
1039
1040                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1041
1042                 if (conn->state == BT_CONFIG) {
1043                         if (!ev->status && hdev->ssp_mode > 0 &&
1044                                                         conn->ssp_mode > 0) {
1045                                 struct hci_cp_set_conn_encrypt cp;
1046                                 cp.handle  = ev->handle;
1047                                 cp.encrypt = 0x01;
1048                                 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1049                                                         sizeof(cp), &cp);
1050                         } else {
1051                                 conn->state = BT_CONNECTED;
1052                                 hci_proto_connect_cfm(conn, ev->status);
1053                                 hci_conn_put(conn);
1054                         }
1055                 } else
1056                         hci_auth_cfm(conn, ev->status);
1057
1058                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1059                         if (!ev->status) {
1060                                 struct hci_cp_set_conn_encrypt cp;
1061                                 cp.handle  = ev->handle;
1062                                 cp.encrypt = 0x01;
1063                                 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1064                                                         sizeof(cp), &cp);
1065                         } else {
1066                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1067                                 hci_encrypt_cfm(conn, ev->status, 0x00);
1068                         }
1069                 }
1070         }
1071
1072         hci_dev_unlock(hdev);
1073 }
1074
1075 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1076 {
1077         BT_DBG("%s", hdev->name);
1078
1079         hci_conn_check_pending(hdev);
1080 }
1081
1082 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1083 {
1084         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1085         struct hci_conn *conn;
1086
1087         BT_DBG("%s status %d", hdev->name, ev->status);
1088
1089         hci_dev_lock(hdev);
1090
1091         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1092         if (conn) {
1093                 if (!ev->status) {
1094                         if (ev->encrypt) {
1095                                 /* Encryption implies authentication */
1096                                 conn->link_mode |= HCI_LM_AUTH;
1097                                 conn->link_mode |= HCI_LM_ENCRYPT;
1098                         } else
1099                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
1100                 }
1101
1102                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1103
1104                 if (conn->state == BT_CONFIG) {
1105                         if (!ev->status)
1106                                 conn->state = BT_CONNECTED;
1107
1108                         hci_proto_connect_cfm(conn, ev->status);
1109                         hci_conn_put(conn);
1110                 } else
1111                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1112         }
1113
1114         hci_dev_unlock(hdev);
1115 }
1116
1117 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1118 {
1119         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1120         struct hci_conn *conn;
1121
1122         BT_DBG("%s status %d", hdev->name, ev->status);
1123
1124         hci_dev_lock(hdev);
1125
1126         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1127         if (conn) {
1128                 if (!ev->status)
1129                         conn->link_mode |= HCI_LM_SECURE;
1130
1131                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1132
1133                 hci_key_change_cfm(conn, ev->status);
1134         }
1135
1136         hci_dev_unlock(hdev);
1137 }
1138
1139 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1140 {
1141         struct hci_ev_remote_features *ev = (void *) skb->data;
1142         struct hci_conn *conn;
1143
1144         BT_DBG("%s status %d", hdev->name, ev->status);
1145
1146         hci_dev_lock(hdev);
1147
1148         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1149         if (conn) {
1150                 if (!ev->status)
1151                         memcpy(conn->features, ev->features, 8);
1152
1153                 if (conn->state == BT_CONFIG) {
1154                         if (!ev->status && lmp_ssp_capable(hdev) &&
1155                                                 lmp_ssp_capable(conn)) {
1156                                 struct hci_cp_read_remote_ext_features cp;
1157                                 cp.handle = ev->handle;
1158                                 cp.page = 0x01;
1159                                 hci_send_cmd(hdev,
1160                                         HCI_OP_READ_REMOTE_EXT_FEATURES,
1161                                                         sizeof(cp), &cp);
1162                         } else {
1163                                 conn->state = BT_CONNECTED;
1164                                 hci_proto_connect_cfm(conn, ev->status);
1165                                 hci_conn_put(conn);
1166                         }
1167                 }
1168         }
1169
1170         hci_dev_unlock(hdev);
1171 }
1172
1173 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1174 {
1175         BT_DBG("%s", hdev->name);
1176 }
1177
1178 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1179 {
1180         BT_DBG("%s", hdev->name);
1181 }
1182
1183 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1184 {
1185         struct hci_ev_cmd_complete *ev = (void *) skb->data;
1186         __u16 opcode;
1187
1188         skb_pull(skb, sizeof(*ev));
1189
1190         opcode = __le16_to_cpu(ev->opcode);
1191
1192         switch (opcode) {
1193         case HCI_OP_INQUIRY_CANCEL:
1194                 hci_cc_inquiry_cancel(hdev, skb);
1195                 break;
1196
1197         case HCI_OP_EXIT_PERIODIC_INQ:
1198                 hci_cc_exit_periodic_inq(hdev, skb);
1199                 break;
1200
1201         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1202                 hci_cc_remote_name_req_cancel(hdev, skb);
1203                 break;
1204
1205         case HCI_OP_ROLE_DISCOVERY:
1206                 hci_cc_role_discovery(hdev, skb);
1207                 break;
1208
1209         case HCI_OP_READ_LINK_POLICY:
1210                 hci_cc_read_link_policy(hdev, skb);
1211                 break;
1212
1213         case HCI_OP_WRITE_LINK_POLICY:
1214                 hci_cc_write_link_policy(hdev, skb);
1215                 break;
1216
1217         case HCI_OP_READ_DEF_LINK_POLICY:
1218                 hci_cc_read_def_link_policy(hdev, skb);
1219                 break;
1220
1221         case HCI_OP_WRITE_DEF_LINK_POLICY:
1222                 hci_cc_write_def_link_policy(hdev, skb);
1223                 break;
1224
1225         case HCI_OP_RESET:
1226                 hci_cc_reset(hdev, skb);
1227                 break;
1228
1229         case HCI_OP_WRITE_LOCAL_NAME:
1230                 hci_cc_write_local_name(hdev, skb);
1231                 break;
1232
1233         case HCI_OP_READ_LOCAL_NAME:
1234                 hci_cc_read_local_name(hdev, skb);
1235                 break;
1236
1237         case HCI_OP_WRITE_AUTH_ENABLE:
1238                 hci_cc_write_auth_enable(hdev, skb);
1239                 break;
1240
1241         case HCI_OP_WRITE_ENCRYPT_MODE:
1242                 hci_cc_write_encrypt_mode(hdev, skb);
1243                 break;
1244
1245         case HCI_OP_WRITE_SCAN_ENABLE:
1246                 hci_cc_write_scan_enable(hdev, skb);
1247                 break;
1248
1249         case HCI_OP_READ_CLASS_OF_DEV:
1250                 hci_cc_read_class_of_dev(hdev, skb);
1251                 break;
1252
1253         case HCI_OP_WRITE_CLASS_OF_DEV:
1254                 hci_cc_write_class_of_dev(hdev, skb);
1255                 break;
1256
1257         case HCI_OP_READ_VOICE_SETTING:
1258                 hci_cc_read_voice_setting(hdev, skb);
1259                 break;
1260
1261         case HCI_OP_WRITE_VOICE_SETTING:
1262                 hci_cc_write_voice_setting(hdev, skb);
1263                 break;
1264
1265         case HCI_OP_HOST_BUFFER_SIZE:
1266                 hci_cc_host_buffer_size(hdev, skb);
1267                 break;
1268
1269         case HCI_OP_READ_SSP_MODE:
1270                 hci_cc_read_ssp_mode(hdev, skb);
1271                 break;
1272
1273         case HCI_OP_WRITE_SSP_MODE:
1274                 hci_cc_write_ssp_mode(hdev, skb);
1275                 break;
1276
1277         case HCI_OP_READ_LOCAL_VERSION:
1278                 hci_cc_read_local_version(hdev, skb);
1279                 break;
1280
1281         case HCI_OP_READ_LOCAL_COMMANDS:
1282                 hci_cc_read_local_commands(hdev, skb);
1283                 break;
1284
1285         case HCI_OP_READ_LOCAL_FEATURES:
1286                 hci_cc_read_local_features(hdev, skb);
1287                 break;
1288
1289         case HCI_OP_READ_BUFFER_SIZE:
1290                 hci_cc_read_buffer_size(hdev, skb);
1291                 break;
1292
1293         case HCI_OP_READ_BD_ADDR:
1294                 hci_cc_read_bd_addr(hdev, skb);
1295                 break;
1296
1297         default:
1298                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1299                 break;
1300         }
1301
1302         if (ev->ncmd) {
1303                 atomic_set(&hdev->cmd_cnt, 1);
1304                 if (!skb_queue_empty(&hdev->cmd_q))
1305                         hci_sched_cmd(hdev);
1306         }
1307 }
1308
1309 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1310 {
1311         struct hci_ev_cmd_status *ev = (void *) skb->data;
1312         __u16 opcode;
1313
1314         skb_pull(skb, sizeof(*ev));
1315
1316         opcode = __le16_to_cpu(ev->opcode);
1317
1318         switch (opcode) {
1319         case HCI_OP_INQUIRY:
1320                 hci_cs_inquiry(hdev, ev->status);
1321                 break;
1322
1323         case HCI_OP_CREATE_CONN:
1324                 hci_cs_create_conn(hdev, ev->status);
1325                 break;
1326
1327         case HCI_OP_ADD_SCO:
1328                 hci_cs_add_sco(hdev, ev->status);
1329                 break;
1330
1331         case HCI_OP_AUTH_REQUESTED:
1332                 hci_cs_auth_requested(hdev, ev->status);
1333                 break;
1334
1335         case HCI_OP_SET_CONN_ENCRYPT:
1336                 hci_cs_set_conn_encrypt(hdev, ev->status);
1337                 break;
1338
1339         case HCI_OP_REMOTE_NAME_REQ:
1340                 hci_cs_remote_name_req(hdev, ev->status);
1341                 break;
1342
1343         case HCI_OP_READ_REMOTE_FEATURES:
1344                 hci_cs_read_remote_features(hdev, ev->status);
1345                 break;
1346
1347         case HCI_OP_READ_REMOTE_EXT_FEATURES:
1348                 hci_cs_read_remote_ext_features(hdev, ev->status);
1349                 break;
1350
1351         case HCI_OP_SETUP_SYNC_CONN:
1352                 hci_cs_setup_sync_conn(hdev, ev->status);
1353                 break;
1354
1355         case HCI_OP_SNIFF_MODE:
1356                 hci_cs_sniff_mode(hdev, ev->status);
1357                 break;
1358
1359         case HCI_OP_EXIT_SNIFF_MODE:
1360                 hci_cs_exit_sniff_mode(hdev, ev->status);
1361                 break;
1362
1363         default:
1364                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1365                 break;
1366         }
1367
1368         if (ev->ncmd) {
1369                 atomic_set(&hdev->cmd_cnt, 1);
1370                 if (!skb_queue_empty(&hdev->cmd_q))
1371                         hci_sched_cmd(hdev);
1372         }
1373 }
1374
1375 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1376 {
1377         struct hci_ev_role_change *ev = (void *) skb->data;
1378         struct hci_conn *conn;
1379
1380         BT_DBG("%s status %d", hdev->name, ev->status);
1381
1382         hci_dev_lock(hdev);
1383
1384         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1385         if (conn) {
1386                 if (!ev->status) {
1387                         if (ev->role)
1388                                 conn->link_mode &= ~HCI_LM_MASTER;
1389                         else
1390                                 conn->link_mode |= HCI_LM_MASTER;
1391                 }
1392
1393                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1394
1395                 hci_role_switch_cfm(conn, ev->status, ev->role);
1396         }
1397
1398         hci_dev_unlock(hdev);
1399 }
1400
1401 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1402 {
1403         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1404         __le16 *ptr;
1405         int i;
1406
1407         skb_pull(skb, sizeof(*ev));
1408
1409         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1410
1411         if (skb->len < ev->num_hndl * 4) {
1412                 BT_DBG("%s bad parameters", hdev->name);
1413                 return;
1414         }
1415
1416         tasklet_disable(&hdev->tx_task);
1417
1418         for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1419                 struct hci_conn *conn;
1420                 __u16  handle, count;
1421
1422                 handle = get_unaligned_le16(ptr++);
1423                 count  = get_unaligned_le16(ptr++);
1424
1425                 conn = hci_conn_hash_lookup_handle(hdev, handle);
1426                 if (conn) {
1427                         conn->sent -= count;
1428
1429                         if (conn->type == ACL_LINK) {
1430                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1431                                         hdev->acl_cnt = hdev->acl_pkts;
1432                         } else {
1433                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1434                                         hdev->sco_cnt = hdev->sco_pkts;
1435                         }
1436                 }
1437         }
1438
1439         hci_sched_tx(hdev);
1440
1441         tasklet_enable(&hdev->tx_task);
1442 }
1443
1444 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1445 {
1446         struct hci_ev_mode_change *ev = (void *) skb->data;
1447         struct hci_conn *conn;
1448
1449         BT_DBG("%s status %d", hdev->name, ev->status);
1450
1451         hci_dev_lock(hdev);
1452
1453         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1454         if (conn) {
1455                 conn->mode = ev->mode;
1456                 conn->interval = __le16_to_cpu(ev->interval);
1457
1458                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1459                         if (conn->mode == HCI_CM_ACTIVE)
1460                                 conn->power_save = 1;
1461                         else
1462                                 conn->power_save = 0;
1463                 }
1464         }
1465
1466         hci_dev_unlock(hdev);
1467 }
1468
1469 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1470 {
1471         BT_DBG("%s", hdev->name);
1472 }
1473
1474 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1475 {
1476         BT_DBG("%s", hdev->name);
1477 }
1478
1479 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1480 {
1481         BT_DBG("%s", hdev->name);
1482 }
1483
1484 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1485 {
1486         struct hci_ev_clock_offset *ev = (void *) skb->data;
1487         struct hci_conn *conn;
1488
1489         BT_DBG("%s status %d", hdev->name, ev->status);
1490
1491         hci_dev_lock(hdev);
1492
1493         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1494         if (conn && !ev->status) {
1495                 struct inquiry_entry *ie;
1496
1497                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1498                         ie->data.clock_offset = ev->clock_offset;
1499                         ie->timestamp = jiffies;
1500                 }
1501         }
1502
1503         hci_dev_unlock(hdev);
1504 }
1505
1506 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1507 {
1508         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1509         struct hci_conn *conn;
1510
1511         BT_DBG("%s status %d", hdev->name, ev->status);
1512
1513         hci_dev_lock(hdev);
1514
1515         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1516         if (conn && !ev->status)
1517                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1518
1519         hci_dev_unlock(hdev);
1520 }
1521
1522 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1523 {
1524         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1525         struct inquiry_entry *ie;
1526
1527         BT_DBG("%s", hdev->name);
1528
1529         hci_dev_lock(hdev);
1530
1531         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1532                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1533                 ie->timestamp = jiffies;
1534         }
1535
1536         hci_dev_unlock(hdev);
1537 }
1538
1539 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1540 {
1541         struct inquiry_data data;
1542         int num_rsp = *((__u8 *) skb->data);
1543
1544         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1545
1546         if (!num_rsp)
1547                 return;
1548
1549         hci_dev_lock(hdev);
1550
1551         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1552                 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1553
1554                 for (; num_rsp; num_rsp--) {
1555                         bacpy(&data.bdaddr, &info->bdaddr);
1556                         data.pscan_rep_mode     = info->pscan_rep_mode;
1557                         data.pscan_period_mode  = info->pscan_period_mode;
1558                         data.pscan_mode         = info->pscan_mode;
1559                         memcpy(data.dev_class, info->dev_class, 3);
1560                         data.clock_offset       = info->clock_offset;
1561                         data.rssi               = info->rssi;
1562                         data.ssp_mode           = 0x00;
1563                         info++;
1564                         hci_inquiry_cache_update(hdev, &data);
1565                 }
1566         } else {
1567                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1568
1569                 for (; num_rsp; num_rsp--) {
1570                         bacpy(&data.bdaddr, &info->bdaddr);
1571                         data.pscan_rep_mode     = info->pscan_rep_mode;
1572                         data.pscan_period_mode  = info->pscan_period_mode;
1573                         data.pscan_mode         = 0x00;
1574                         memcpy(data.dev_class, info->dev_class, 3);
1575                         data.clock_offset       = info->clock_offset;
1576                         data.rssi               = info->rssi;
1577                         data.ssp_mode           = 0x00;
1578                         info++;
1579                         hci_inquiry_cache_update(hdev, &data);
1580                 }
1581         }
1582
1583         hci_dev_unlock(hdev);
1584 }
1585
1586 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1587 {
1588         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1589         struct hci_conn *conn;
1590
1591         BT_DBG("%s", hdev->name);
1592
1593         hci_dev_lock(hdev);
1594
1595         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1596         if (conn) {
1597                 if (!ev->status && ev->page == 0x01) {
1598                         struct inquiry_entry *ie;
1599
1600                         if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1601                                 ie->data.ssp_mode = (ev->features[0] & 0x01);
1602
1603                         conn->ssp_mode = (ev->features[0] & 0x01);
1604                 }
1605
1606                 if (conn->state == BT_CONFIG) {
1607                         if (!ev->status && hdev->ssp_mode > 0 &&
1608                                                         conn->ssp_mode > 0) {
1609                                 if (conn->out) {
1610                                         struct hci_cp_auth_requested cp;
1611                                         cp.handle = ev->handle;
1612                                         hci_send_cmd(hdev,
1613                                                 HCI_OP_AUTH_REQUESTED,
1614                                                         sizeof(cp), &cp);
1615                                 }
1616                         } else {
1617                                 conn->state = BT_CONNECTED;
1618                                 hci_proto_connect_cfm(conn, ev->status);
1619                                 hci_conn_put(conn);
1620                         }
1621                 }
1622         }
1623
1624         hci_dev_unlock(hdev);
1625 }
1626
1627 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1628 {
1629         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1630         struct hci_conn *conn;
1631
1632         BT_DBG("%s status %d", hdev->name, ev->status);
1633
1634         hci_dev_lock(hdev);
1635
1636         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1637         if (!conn) {
1638                 if (ev->link_type == ESCO_LINK)
1639                         goto unlock;
1640
1641                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1642                 if (!conn)
1643                         goto unlock;
1644
1645                 conn->type = SCO_LINK;
1646         }
1647
1648         if (!ev->status) {
1649                 conn->handle = __le16_to_cpu(ev->handle);
1650                 conn->state  = BT_CONNECTED;
1651
1652                 hci_conn_add_sysfs(conn);
1653         } else
1654                 conn->state = BT_CLOSED;
1655
1656         hci_proto_connect_cfm(conn, ev->status);
1657         if (ev->status)
1658                 hci_conn_del(conn);
1659
1660 unlock:
1661         hci_dev_unlock(hdev);
1662 }
1663
1664 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1665 {
1666         BT_DBG("%s", hdev->name);
1667 }
1668
1669 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1670 {
1671         struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1672         struct hci_conn *conn;
1673
1674         BT_DBG("%s status %d", hdev->name, ev->status);
1675
1676         hci_dev_lock(hdev);
1677
1678         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1679         if (conn) {
1680         }
1681
1682         hci_dev_unlock(hdev);
1683 }
1684
1685 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1686 {
1687         struct inquiry_data data;
1688         struct extended_inquiry_info *info = (void *) (skb->data + 1);
1689         int num_rsp = *((__u8 *) skb->data);
1690
1691         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1692
1693         if (!num_rsp)
1694                 return;
1695
1696         hci_dev_lock(hdev);
1697
1698         for (; num_rsp; num_rsp--) {
1699                 bacpy(&data.bdaddr, &info->bdaddr);
1700                 data.pscan_rep_mode     = info->pscan_rep_mode;
1701                 data.pscan_period_mode  = info->pscan_period_mode;
1702                 data.pscan_mode         = 0x00;
1703                 memcpy(data.dev_class, info->dev_class, 3);
1704                 data.clock_offset       = info->clock_offset;
1705                 data.rssi               = info->rssi;
1706                 data.ssp_mode           = 0x01;
1707                 info++;
1708                 hci_inquiry_cache_update(hdev, &data);
1709         }
1710
1711         hci_dev_unlock(hdev);
1712 }
1713
1714 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1715 {
1716         struct hci_ev_io_capa_request *ev = (void *) skb->data;
1717         struct hci_conn *conn;
1718
1719         BT_DBG("%s", hdev->name);
1720
1721         hci_dev_lock(hdev);
1722
1723         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1724         if (conn)
1725                 hci_conn_hold(conn);
1726
1727         hci_dev_unlock(hdev);
1728 }
1729
1730 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1731 {
1732         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1733         struct hci_conn *conn;
1734
1735         BT_DBG("%s", hdev->name);
1736
1737         hci_dev_lock(hdev);
1738
1739         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1740         if (conn)
1741                 hci_conn_put(conn);
1742
1743         hci_dev_unlock(hdev);
1744 }
1745
1746 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1747 {
1748         struct hci_ev_remote_host_features *ev = (void *) skb->data;
1749         struct inquiry_entry *ie;
1750
1751         BT_DBG("%s", hdev->name);
1752
1753         hci_dev_lock(hdev);
1754
1755         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1756                 ie->data.ssp_mode = (ev->features[0] & 0x01);
1757
1758         hci_dev_unlock(hdev);
1759 }
1760
1761 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1762 {
1763         struct hci_event_hdr *hdr = (void *) skb->data;
1764         __u8 event = hdr->evt;
1765
1766         skb_pull(skb, HCI_EVENT_HDR_SIZE);
1767
1768         switch (event) {
1769         case HCI_EV_INQUIRY_COMPLETE:
1770                 hci_inquiry_complete_evt(hdev, skb);
1771                 break;
1772
1773         case HCI_EV_INQUIRY_RESULT:
1774                 hci_inquiry_result_evt(hdev, skb);
1775                 break;
1776
1777         case HCI_EV_CONN_COMPLETE:
1778                 hci_conn_complete_evt(hdev, skb);
1779                 break;
1780
1781         case HCI_EV_CONN_REQUEST:
1782                 hci_conn_request_evt(hdev, skb);
1783                 break;
1784
1785         case HCI_EV_DISCONN_COMPLETE:
1786                 hci_disconn_complete_evt(hdev, skb);
1787                 break;
1788
1789         case HCI_EV_AUTH_COMPLETE:
1790                 hci_auth_complete_evt(hdev, skb);
1791                 break;
1792
1793         case HCI_EV_REMOTE_NAME:
1794                 hci_remote_name_evt(hdev, skb);
1795                 break;
1796
1797         case HCI_EV_ENCRYPT_CHANGE:
1798                 hci_encrypt_change_evt(hdev, skb);
1799                 break;
1800
1801         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1802                 hci_change_link_key_complete_evt(hdev, skb);
1803                 break;
1804
1805         case HCI_EV_REMOTE_FEATURES:
1806                 hci_remote_features_evt(hdev, skb);
1807                 break;
1808
1809         case HCI_EV_REMOTE_VERSION:
1810                 hci_remote_version_evt(hdev, skb);
1811                 break;
1812
1813         case HCI_EV_QOS_SETUP_COMPLETE:
1814                 hci_qos_setup_complete_evt(hdev, skb);
1815                 break;
1816
1817         case HCI_EV_CMD_COMPLETE:
1818                 hci_cmd_complete_evt(hdev, skb);
1819                 break;
1820
1821         case HCI_EV_CMD_STATUS:
1822                 hci_cmd_status_evt(hdev, skb);
1823                 break;
1824
1825         case HCI_EV_ROLE_CHANGE:
1826                 hci_role_change_evt(hdev, skb);
1827                 break;
1828
1829         case HCI_EV_NUM_COMP_PKTS:
1830                 hci_num_comp_pkts_evt(hdev, skb);
1831                 break;
1832
1833         case HCI_EV_MODE_CHANGE:
1834                 hci_mode_change_evt(hdev, skb);
1835                 break;
1836
1837         case HCI_EV_PIN_CODE_REQ:
1838                 hci_pin_code_request_evt(hdev, skb);
1839                 break;
1840
1841         case HCI_EV_LINK_KEY_REQ:
1842                 hci_link_key_request_evt(hdev, skb);
1843                 break;
1844
1845         case HCI_EV_LINK_KEY_NOTIFY:
1846                 hci_link_key_notify_evt(hdev, skb);
1847                 break;
1848
1849         case HCI_EV_CLOCK_OFFSET:
1850                 hci_clock_offset_evt(hdev, skb);
1851                 break;
1852
1853         case HCI_EV_PKT_TYPE_CHANGE:
1854                 hci_pkt_type_change_evt(hdev, skb);
1855                 break;
1856
1857         case HCI_EV_PSCAN_REP_MODE:
1858                 hci_pscan_rep_mode_evt(hdev, skb);
1859                 break;
1860
1861         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1862                 hci_inquiry_result_with_rssi_evt(hdev, skb);
1863                 break;
1864
1865         case HCI_EV_REMOTE_EXT_FEATURES:
1866                 hci_remote_ext_features_evt(hdev, skb);
1867                 break;
1868
1869         case HCI_EV_SYNC_CONN_COMPLETE:
1870                 hci_sync_conn_complete_evt(hdev, skb);
1871                 break;
1872
1873         case HCI_EV_SYNC_CONN_CHANGED:
1874                 hci_sync_conn_changed_evt(hdev, skb);
1875                 break;
1876
1877         case HCI_EV_SNIFF_SUBRATE:
1878                 hci_sniff_subrate_evt(hdev, skb);
1879                 break;
1880
1881         case HCI_EV_EXTENDED_INQUIRY_RESULT:
1882                 hci_extended_inquiry_result_evt(hdev, skb);
1883                 break;
1884
1885         case HCI_EV_IO_CAPA_REQUEST:
1886                 hci_io_capa_request_evt(hdev, skb);
1887                 break;
1888
1889         case HCI_EV_SIMPLE_PAIR_COMPLETE:
1890                 hci_simple_pair_complete_evt(hdev, skb);
1891                 break;
1892
1893         case HCI_EV_REMOTE_HOST_FEATURES:
1894                 hci_remote_host_features_evt(hdev, skb);
1895                 break;
1896
1897         default:
1898                 BT_DBG("%s event 0x%x", hdev->name, event);
1899                 break;
1900         }
1901
1902         kfree_skb(skb);
1903         hdev->stat.evt_rx++;
1904 }
1905
1906 /* Generate internal stack event */
1907 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1908 {
1909         struct hci_event_hdr *hdr;
1910         struct hci_ev_stack_internal *ev;
1911         struct sk_buff *skb;
1912
1913         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1914         if (!skb)
1915                 return;
1916
1917         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1918         hdr->evt  = HCI_EV_STACK_INTERNAL;
1919         hdr->plen = sizeof(*ev) + dlen;
1920
1921         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1922         ev->type = type;
1923         memcpy(ev->data, data, dlen);
1924
1925         bt_cb(skb)->incoming = 1;
1926         __net_timestamp(skb);
1927
1928         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1929         skb->dev = (void *) hdev;
1930         hci_send_to_sock(hdev, skb);
1931         kfree_skb(skb);
1932 }