Pull bugzilla-9535 into release branch
[linux-2.6] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
49 #undef  BT_DBG
50 #define BT_DBG(D...)
51 #endif
52
53 /* Handle HCI Event packets */
54
55 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
56 {
57         __u8 status = *((__u8 *) skb->data);
58
59         BT_DBG("%s status 0x%x", hdev->name, status);
60
61         if (status)
62                 return;
63
64         clear_bit(HCI_INQUIRY, &hdev->flags);
65
66         hci_req_complete(hdev, status);
67
68         hci_conn_check_pending(hdev);
69 }
70
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 {
73         __u8 status = *((__u8 *) skb->data);
74
75         BT_DBG("%s status 0x%x", hdev->name, status);
76
77         if (status)
78                 return;
79
80         clear_bit(HCI_INQUIRY, &hdev->flags);
81
82         hci_conn_check_pending(hdev);
83 }
84
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 {
87         BT_DBG("%s", hdev->name);
88 }
89
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 {
92         struct hci_rp_role_discovery *rp = (void *) skb->data;
93         struct hci_conn *conn;
94
95         BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97         if (rp->status)
98                 return;
99
100         hci_dev_lock(hdev);
101
102         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103         if (conn) {
104                 if (rp->role)
105                         conn->link_mode &= ~HCI_LM_MASTER;
106                 else
107                         conn->link_mode |= HCI_LM_MASTER;
108         }
109
110         hci_dev_unlock(hdev);
111 }
112
113 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 {
115         struct hci_rp_write_link_policy *rp = (void *) skb->data;
116         struct hci_conn *conn;
117         void *sent;
118
119         BT_DBG("%s status 0x%x", hdev->name, rp->status);
120
121         if (rp->status)
122                 return;
123
124         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
125         if (!sent)
126                 return;
127
128         hci_dev_lock(hdev);
129
130         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131         if (conn) {
132                 __le16 policy = get_unaligned((__le16 *) (sent + 2));
133                 conn->link_policy = __le16_to_cpu(policy);
134         }
135
136         hci_dev_unlock(hdev);
137 }
138
139 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
140 {
141         __u8 status = *((__u8 *) skb->data);
142
143         BT_DBG("%s status 0x%x", hdev->name, status);
144
145         hci_req_complete(hdev, status);
146 }
147
148 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
149 {
150         __u8 status = *((__u8 *) skb->data);
151         void *sent;
152
153         BT_DBG("%s status 0x%x", hdev->name, status);
154
155         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
156         if (!sent)
157                 return;
158
159         if (!status)
160                 memcpy(hdev->dev_name, sent, 248);
161 }
162
163 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
164 {
165         struct hci_rp_read_local_name *rp = (void *) skb->data;
166
167         BT_DBG("%s status 0x%x", hdev->name, rp->status);
168
169         if (rp->status)
170                 return;
171
172         memcpy(hdev->dev_name, rp->name, 248);
173 }
174
175 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
176 {
177         __u8 status = *((__u8 *) skb->data);
178         void *sent;
179
180         BT_DBG("%s status 0x%x", hdev->name, status);
181
182         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
183         if (!sent)
184                 return;
185
186         if (!status) {
187                 __u8 param = *((__u8 *) sent);
188
189                 if (param == AUTH_ENABLED)
190                         set_bit(HCI_AUTH, &hdev->flags);
191                 else
192                         clear_bit(HCI_AUTH, &hdev->flags);
193         }
194
195         hci_req_complete(hdev, status);
196 }
197
198 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
199 {
200         __u8 status = *((__u8 *) skb->data);
201         void *sent;
202
203         BT_DBG("%s status 0x%x", hdev->name, status);
204
205         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
206         if (!sent)
207                 return;
208
209         if (!status) {
210                 __u8 param = *((__u8 *) sent);
211
212                 if (param)
213                         set_bit(HCI_ENCRYPT, &hdev->flags);
214                 else
215                         clear_bit(HCI_ENCRYPT, &hdev->flags);
216         }
217
218         hci_req_complete(hdev, status);
219 }
220
221 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
222 {
223         __u8 status = *((__u8 *) skb->data);
224         void *sent;
225
226         BT_DBG("%s status 0x%x", hdev->name, status);
227
228         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
229         if (!sent)
230                 return;
231
232         if (!status) {
233                 __u8 param = *((__u8 *) sent);
234
235                 clear_bit(HCI_PSCAN, &hdev->flags);
236                 clear_bit(HCI_ISCAN, &hdev->flags);
237
238                 if (param & SCAN_INQUIRY)
239                         set_bit(HCI_ISCAN, &hdev->flags);
240
241                 if (param & SCAN_PAGE)
242                         set_bit(HCI_PSCAN, &hdev->flags);
243         }
244
245         hci_req_complete(hdev, status);
246 }
247
248 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
249 {
250         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
251
252         BT_DBG("%s status 0x%x", hdev->name, rp->status);
253
254         if (rp->status)
255                 return;
256
257         memcpy(hdev->dev_class, rp->dev_class, 3);
258
259         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
260                 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
261 }
262
263 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265         __u8 status = *((__u8 *) skb->data);
266         void *sent;
267
268         BT_DBG("%s status 0x%x", hdev->name, status);
269
270         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
271         if (!sent)
272                 return;
273
274         if (!status)
275                 memcpy(hdev->dev_class, sent, 3);
276 }
277
278 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
279 {
280         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
281         __u16 setting;
282
283         BT_DBG("%s status 0x%x", hdev->name, rp->status);
284
285         if (rp->status)
286                 return;
287
288         setting = __le16_to_cpu(rp->voice_setting);
289
290         if (hdev->voice_setting == setting )
291                 return;
292
293         hdev->voice_setting = setting;
294
295         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
296
297         if (hdev->notify) {
298                 tasklet_disable(&hdev->tx_task);
299                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
300                 tasklet_enable(&hdev->tx_task);
301         }
302 }
303
304 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
305 {
306         __u8 status = *((__u8 *) skb->data);
307         void *sent;
308
309         BT_DBG("%s status 0x%x", hdev->name, status);
310
311         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
312         if (!sent)
313                 return;
314
315         if (!status) {
316                 __u16 setting = __le16_to_cpu(get_unaligned((__le16 *) sent));
317
318                 if (hdev->voice_setting != setting) {
319                         hdev->voice_setting = setting;
320
321                         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
322
323                         if (hdev->notify) {
324                                 tasklet_disable(&hdev->tx_task);
325                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
326                                 tasklet_enable(&hdev->tx_task);
327                         }
328                 }
329         }
330 }
331
332 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334         __u8 status = *((__u8 *) skb->data);
335
336         BT_DBG("%s status 0x%x", hdev->name, status);
337
338         hci_req_complete(hdev, status);
339 }
340
341 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
342 {
343         struct hci_rp_read_local_version *rp = (void *) skb->data;
344
345         BT_DBG("%s status 0x%x", hdev->name, rp->status);
346
347         if (rp->status)
348                 return;
349
350         hdev->hci_ver = rp->hci_ver;
351         hdev->hci_rev = btohs(rp->hci_rev);
352         hdev->manufacturer = btohs(rp->manufacturer);
353
354         BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
355                                         hdev->manufacturer,
356                                         hdev->hci_ver, hdev->hci_rev);
357 }
358
359 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
360 {
361         struct hci_rp_read_local_commands *rp = (void *) skb->data;
362
363         BT_DBG("%s status 0x%x", hdev->name, rp->status);
364
365         if (rp->status)
366                 return;
367
368         memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
369 }
370
371 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
372 {
373         struct hci_rp_read_local_features *rp = (void *) skb->data;
374
375         BT_DBG("%s status 0x%x", hdev->name, rp->status);
376
377         if (rp->status)
378                 return;
379
380         memcpy(hdev->features, rp->features, 8);
381
382         /* Adjust default settings according to features
383          * supported by device. */
384
385         if (hdev->features[0] & LMP_3SLOT)
386                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
387
388         if (hdev->features[0] & LMP_5SLOT)
389                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
390
391         if (hdev->features[1] & LMP_HV2) {
392                 hdev->pkt_type  |= (HCI_HV2);
393                 hdev->esco_type |= (ESCO_HV2);
394         }
395
396         if (hdev->features[1] & LMP_HV3) {
397                 hdev->pkt_type  |= (HCI_HV3);
398                 hdev->esco_type |= (ESCO_HV3);
399         }
400
401         if (hdev->features[3] & LMP_ESCO)
402                 hdev->esco_type |= (ESCO_EV3);
403
404         if (hdev->features[4] & LMP_EV4)
405                 hdev->esco_type |= (ESCO_EV4);
406
407         if (hdev->features[4] & LMP_EV5)
408                 hdev->esco_type |= (ESCO_EV5);
409
410         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
411                                         hdev->features[0], hdev->features[1],
412                                         hdev->features[2], hdev->features[3],
413                                         hdev->features[4], hdev->features[5],
414                                         hdev->features[6], hdev->features[7]);
415 }
416
417 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
418 {
419         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
420
421         BT_DBG("%s status 0x%x", hdev->name, rp->status);
422
423         if (rp->status)
424                 return;
425
426         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
427         hdev->sco_mtu  = rp->sco_mtu;
428         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
429         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
430
431         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
432                 hdev->sco_mtu  = 64;
433                 hdev->sco_pkts = 8;
434         }
435
436         hdev->acl_cnt = hdev->acl_pkts;
437         hdev->sco_cnt = hdev->sco_pkts;
438
439         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
440                                         hdev->acl_mtu, hdev->acl_pkts,
441                                         hdev->sco_mtu, hdev->sco_pkts);
442 }
443
444 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
445 {
446         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
447
448         BT_DBG("%s status 0x%x", hdev->name, rp->status);
449
450         if (!rp->status)
451                 bacpy(&hdev->bdaddr, &rp->bdaddr);
452
453         hci_req_complete(hdev, rp->status);
454 }
455
456 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
457 {
458         BT_DBG("%s status 0x%x", hdev->name, status);
459
460         if (status) {
461                 hci_req_complete(hdev, status);
462
463                 hci_conn_check_pending(hdev);
464         } else
465                 set_bit(HCI_INQUIRY, &hdev->flags);
466 }
467
468 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
469 {
470         struct hci_cp_create_conn *cp;
471         struct hci_conn *conn;
472
473         BT_DBG("%s status 0x%x", hdev->name, status);
474
475         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
476         if (!cp)
477                 return;
478
479         hci_dev_lock(hdev);
480
481         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
482
483         BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
484
485         if (status) {
486                 if (conn && conn->state == BT_CONNECT) {
487                         if (status != 0x0c || conn->attempt > 2) {
488                                 conn->state = BT_CLOSED;
489                                 hci_proto_connect_cfm(conn, status);
490                                 hci_conn_del(conn);
491                         } else
492                                 conn->state = BT_CONNECT2;
493                 }
494         } else {
495                 if (!conn) {
496                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
497                         if (conn) {
498                                 conn->out = 1;
499                                 conn->link_mode |= HCI_LM_MASTER;
500                         } else
501                                 BT_ERR("No memmory for new connection");
502                 }
503         }
504
505         hci_dev_unlock(hdev);
506 }
507
508 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
509 {
510         struct hci_cp_add_sco *cp;
511         struct hci_conn *acl, *sco;
512         __u16 handle;
513
514         BT_DBG("%s status 0x%x", hdev->name, status);
515
516         if (!status)
517                 return;
518
519         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
520         if (!cp)
521                 return;
522
523         handle = __le16_to_cpu(cp->handle);
524
525         BT_DBG("%s handle %d", hdev->name, handle);
526
527         hci_dev_lock(hdev);
528
529         acl = hci_conn_hash_lookup_handle(hdev, handle);
530         if (acl && (sco = acl->link)) {
531                 sco->state = BT_CLOSED;
532
533                 hci_proto_connect_cfm(sco, status);
534                 hci_conn_del(sco);
535         }
536
537         hci_dev_unlock(hdev);
538 }
539
540 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
541 {
542         BT_DBG("%s status 0x%x", hdev->name, status);
543 }
544
545 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
546 {
547         struct hci_cp_setup_sync_conn *cp;
548         struct hci_conn *acl, *sco;
549         __u16 handle;
550
551         BT_DBG("%s status 0x%x", hdev->name, status);
552
553         if (!status)
554                 return;
555
556         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
557         if (!cp)
558                 return;
559
560         handle = __le16_to_cpu(cp->handle);
561
562         BT_DBG("%s handle %d", hdev->name, handle);
563
564         hci_dev_lock(hdev);
565
566         acl = hci_conn_hash_lookup_handle(hdev, handle);
567         if (acl && (sco = acl->link)) {
568                 sco->state = BT_CLOSED;
569
570                 hci_proto_connect_cfm(sco, status);
571                 hci_conn_del(sco);
572         }
573
574         hci_dev_unlock(hdev);
575 }
576
577 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
578 {
579         struct hci_cp_sniff_mode *cp;
580         struct hci_conn *conn;
581
582         BT_DBG("%s status 0x%x", hdev->name, status);
583
584         if (!status)
585                 return;
586
587         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
588         if (!cp)
589                 return;
590
591         hci_dev_lock(hdev);
592
593         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
594         if (conn)
595                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
596
597         hci_dev_unlock(hdev);
598 }
599
600 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
601 {
602         struct hci_cp_exit_sniff_mode *cp;
603         struct hci_conn *conn;
604
605         BT_DBG("%s status 0x%x", hdev->name, status);
606
607         if (!status)
608                 return;
609
610         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
611         if (!cp)
612                 return;
613
614         hci_dev_lock(hdev);
615
616         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
617         if (conn)
618                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
619
620         hci_dev_unlock(hdev);
621 }
622
623 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
624 {
625         __u8 status = *((__u8 *) skb->data);
626
627         BT_DBG("%s status %d", hdev->name, status);
628
629         clear_bit(HCI_INQUIRY, &hdev->flags);
630
631         hci_req_complete(hdev, status);
632
633         hci_conn_check_pending(hdev);
634 }
635
636 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
637 {
638         struct inquiry_data data;
639         struct inquiry_info *info = (void *) (skb->data + 1);
640         int num_rsp = *((__u8 *) skb->data);
641
642         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
643
644         if (!num_rsp)
645                 return;
646
647         hci_dev_lock(hdev);
648
649         for (; num_rsp; num_rsp--) {
650                 bacpy(&data.bdaddr, &info->bdaddr);
651                 data.pscan_rep_mode     = info->pscan_rep_mode;
652                 data.pscan_period_mode  = info->pscan_period_mode;
653                 data.pscan_mode         = info->pscan_mode;
654                 memcpy(data.dev_class, info->dev_class, 3);
655                 data.clock_offset       = info->clock_offset;
656                 data.rssi               = 0x00;
657                 info++;
658                 hci_inquiry_cache_update(hdev, &data);
659         }
660
661         hci_dev_unlock(hdev);
662 }
663
664 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
665 {
666         struct hci_ev_conn_complete *ev = (void *) skb->data;
667         struct hci_conn *conn;
668
669         BT_DBG("%s", hdev->name);
670
671         hci_dev_lock(hdev);
672
673         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
674         if (!conn)
675                 goto unlock;
676
677         if (!ev->status) {
678                 conn->handle = __le16_to_cpu(ev->handle);
679                 conn->state  = BT_CONNECTED;
680
681                 if (test_bit(HCI_AUTH, &hdev->flags))
682                         conn->link_mode |= HCI_LM_AUTH;
683
684                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
685                         conn->link_mode |= HCI_LM_ENCRYPT;
686
687                 /* Get remote features */
688                 if (conn->type == ACL_LINK) {
689                         struct hci_cp_read_remote_features cp;
690                         cp.handle = ev->handle;
691                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, sizeof(cp), &cp);
692                 }
693
694                 /* Set link policy */
695                 if (conn->type == ACL_LINK && hdev->link_policy) {
696                         struct hci_cp_write_link_policy cp;
697                         cp.handle = ev->handle;
698                         cp.policy = cpu_to_le16(hdev->link_policy);
699                         hci_send_cmd(hdev, HCI_OP_WRITE_LINK_POLICY, sizeof(cp), &cp);
700                 }
701
702                 /* Set packet type for incoming connection */
703                 if (!conn->out) {
704                         struct hci_cp_change_conn_ptype cp;
705                         cp.handle = ev->handle;
706                         cp.pkt_type = (conn->type == ACL_LINK) ?
707                                 cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
708                                 cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
709
710                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
711                 } else {
712                         /* Update disconnect timer */
713                         hci_conn_hold(conn);
714                         hci_conn_put(conn);
715                 }
716         } else
717                 conn->state = BT_CLOSED;
718
719         if (conn->type == ACL_LINK) {
720                 struct hci_conn *sco = conn->link;
721                 if (sco) {
722                         if (!ev->status) {
723                                 if (lmp_esco_capable(hdev))
724                                         hci_setup_sync(sco, conn->handle);
725                                 else
726                                         hci_add_sco(sco, conn->handle);
727                         } else {
728                                 hci_proto_connect_cfm(sco, ev->status);
729                                 hci_conn_del(sco);
730                         }
731                 }
732         }
733
734         hci_proto_connect_cfm(conn, ev->status);
735         if (ev->status)
736                 hci_conn_del(conn);
737
738 unlock:
739         hci_dev_unlock(hdev);
740
741         hci_conn_check_pending(hdev);
742 }
743
744 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
745 {
746         struct hci_ev_conn_request *ev = (void *) skb->data;
747         int mask = hdev->link_mode;
748
749         BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
750                                         batostr(&ev->bdaddr), ev->link_type);
751
752         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
753
754         if (mask & HCI_LM_ACCEPT) {
755                 /* Connection accepted */
756                 struct hci_conn *conn;
757
758                 hci_dev_lock(hdev);
759
760                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
761                 if (!conn) {
762                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
763                                 BT_ERR("No memmory for new connection");
764                                 hci_dev_unlock(hdev);
765                                 return;
766                         }
767                 }
768
769                 memcpy(conn->dev_class, ev->dev_class, 3);
770                 conn->state = BT_CONNECT;
771
772                 hci_dev_unlock(hdev);
773
774                 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
775                         struct hci_cp_accept_conn_req cp;
776
777                         bacpy(&cp.bdaddr, &ev->bdaddr);
778
779                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
780                                 cp.role = 0x00; /* Become master */
781                         else
782                                 cp.role = 0x01; /* Remain slave */
783
784                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
785                                                         sizeof(cp), &cp);
786                 } else {
787                         struct hci_cp_accept_sync_conn_req cp;
788
789                         bacpy(&cp.bdaddr, &ev->bdaddr);
790                         cp.pkt_type = cpu_to_le16(hdev->esco_type);
791
792                         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
793                         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
794                         cp.max_latency    = cpu_to_le16(0xffff);
795                         cp.content_format = cpu_to_le16(hdev->voice_setting);
796                         cp.retrans_effort = 0xff;
797
798                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
799                                                         sizeof(cp), &cp);
800                 }
801         } else {
802                 /* Connection rejected */
803                 struct hci_cp_reject_conn_req cp;
804
805                 bacpy(&cp.bdaddr, &ev->bdaddr);
806                 cp.reason = 0x0f;
807                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
808         }
809 }
810
811 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
812 {
813         struct hci_ev_disconn_complete *ev = (void *) skb->data;
814         struct hci_conn *conn;
815
816         BT_DBG("%s status %d", hdev->name, ev->status);
817
818         if (ev->status)
819                 return;
820
821         hci_dev_lock(hdev);
822
823         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
824         if (conn) {
825                 conn->state = BT_CLOSED;
826                 hci_proto_disconn_ind(conn, ev->reason);
827                 hci_conn_del(conn);
828         }
829
830         hci_dev_unlock(hdev);
831 }
832
833 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
834 {
835         struct hci_ev_auth_complete *ev = (void *) skb->data;
836         struct hci_conn *conn;
837
838         BT_DBG("%s status %d", hdev->name, ev->status);
839
840         hci_dev_lock(hdev);
841
842         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
843         if (conn) {
844                 if (!ev->status)
845                         conn->link_mode |= HCI_LM_AUTH;
846
847                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
848
849                 hci_auth_cfm(conn, ev->status);
850
851                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
852                         if (!ev->status) {
853                                 struct hci_cp_set_conn_encrypt cp;
854                                 cp.handle  = cpu_to_le16(conn->handle);
855                                 cp.encrypt = 1;
856                                 hci_send_cmd(conn->hdev,
857                                         HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
858                         } else {
859                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
860                                 hci_encrypt_cfm(conn, ev->status, 0x00);
861                         }
862                 }
863         }
864
865         hci_dev_unlock(hdev);
866 }
867
868 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
869 {
870         BT_DBG("%s", hdev->name);
871
872         hci_conn_check_pending(hdev);
873 }
874
875 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
876 {
877         struct hci_ev_encrypt_change *ev = (void *) skb->data;
878         struct hci_conn *conn;
879
880         BT_DBG("%s status %d", hdev->name, ev->status);
881
882         hci_dev_lock(hdev);
883
884         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
885         if (conn) {
886                 if (!ev->status) {
887                         if (ev->encrypt)
888                                 conn->link_mode |= HCI_LM_ENCRYPT;
889                         else
890                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
891                 }
892
893                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
894
895                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
896         }
897
898         hci_dev_unlock(hdev);
899 }
900
901 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
902 {
903         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
904         struct hci_conn *conn;
905
906         BT_DBG("%s status %d", hdev->name, ev->status);
907
908         hci_dev_lock(hdev);
909
910         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
911         if (conn) {
912                 if (!ev->status)
913                         conn->link_mode |= HCI_LM_SECURE;
914
915                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
916
917                 hci_key_change_cfm(conn, ev->status);
918         }
919
920         hci_dev_unlock(hdev);
921 }
922
923 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
924 {
925         struct hci_ev_remote_features *ev = (void *) skb->data;
926         struct hci_conn *conn;
927
928         BT_DBG("%s status %d", hdev->name, ev->status);
929
930         if (ev->status)
931                 return;
932
933         hci_dev_lock(hdev);
934
935         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
936         if (conn)
937                 memcpy(conn->features, ev->features, 8);
938
939         hci_dev_unlock(hdev);
940 }
941
942 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
943 {
944         BT_DBG("%s", hdev->name);
945 }
946
947 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
948 {
949         BT_DBG("%s", hdev->name);
950 }
951
952 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
953 {
954         struct hci_ev_cmd_complete *ev = (void *) skb->data;
955         __u16 opcode;
956
957         skb_pull(skb, sizeof(*ev));
958
959         opcode = __le16_to_cpu(ev->opcode);
960
961         switch (opcode) {
962         case HCI_OP_INQUIRY_CANCEL:
963                 hci_cc_inquiry_cancel(hdev, skb);
964                 break;
965
966         case HCI_OP_EXIT_PERIODIC_INQ:
967                 hci_cc_exit_periodic_inq(hdev, skb);
968                 break;
969
970         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
971                 hci_cc_remote_name_req_cancel(hdev, skb);
972                 break;
973
974         case HCI_OP_ROLE_DISCOVERY:
975                 hci_cc_role_discovery(hdev, skb);
976                 break;
977
978         case HCI_OP_WRITE_LINK_POLICY:
979                 hci_cc_write_link_policy(hdev, skb);
980                 break;
981
982         case HCI_OP_RESET:
983                 hci_cc_reset(hdev, skb);
984                 break;
985
986         case HCI_OP_WRITE_LOCAL_NAME:
987                 hci_cc_write_local_name(hdev, skb);
988                 break;
989
990         case HCI_OP_READ_LOCAL_NAME:
991                 hci_cc_read_local_name(hdev, skb);
992                 break;
993
994         case HCI_OP_WRITE_AUTH_ENABLE:
995                 hci_cc_write_auth_enable(hdev, skb);
996                 break;
997
998         case HCI_OP_WRITE_ENCRYPT_MODE:
999                 hci_cc_write_encrypt_mode(hdev, skb);
1000                 break;
1001
1002         case HCI_OP_WRITE_SCAN_ENABLE:
1003                 hci_cc_write_scan_enable(hdev, skb);
1004                 break;
1005
1006         case HCI_OP_READ_CLASS_OF_DEV:
1007                 hci_cc_read_class_of_dev(hdev, skb);
1008                 break;
1009
1010         case HCI_OP_WRITE_CLASS_OF_DEV:
1011                 hci_cc_write_class_of_dev(hdev, skb);
1012                 break;
1013
1014         case HCI_OP_READ_VOICE_SETTING:
1015                 hci_cc_read_voice_setting(hdev, skb);
1016                 break;
1017
1018         case HCI_OP_WRITE_VOICE_SETTING:
1019                 hci_cc_write_voice_setting(hdev, skb);
1020                 break;
1021
1022         case HCI_OP_HOST_BUFFER_SIZE:
1023                 hci_cc_host_buffer_size(hdev, skb);
1024                 break;
1025
1026         case HCI_OP_READ_LOCAL_VERSION:
1027                 hci_cc_read_local_version(hdev, skb);
1028                 break;
1029
1030         case HCI_OP_READ_LOCAL_COMMANDS:
1031                 hci_cc_read_local_commands(hdev, skb);
1032                 break;
1033
1034         case HCI_OP_READ_LOCAL_FEATURES:
1035                 hci_cc_read_local_features(hdev, skb);
1036                 break;
1037
1038         case HCI_OP_READ_BUFFER_SIZE:
1039                 hci_cc_read_buffer_size(hdev, skb);
1040                 break;
1041
1042         case HCI_OP_READ_BD_ADDR:
1043                 hci_cc_read_bd_addr(hdev, skb);
1044                 break;
1045
1046         default:
1047                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1048                 break;
1049         }
1050
1051         if (ev->ncmd) {
1052                 atomic_set(&hdev->cmd_cnt, 1);
1053                 if (!skb_queue_empty(&hdev->cmd_q))
1054                         hci_sched_cmd(hdev);
1055         }
1056 }
1057
1058 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1059 {
1060         struct hci_ev_cmd_status *ev = (void *) skb->data;
1061         __u16 opcode;
1062
1063         skb_pull(skb, sizeof(*ev));
1064
1065         opcode = __le16_to_cpu(ev->opcode);
1066
1067         switch (opcode) {
1068         case HCI_OP_INQUIRY:
1069                 hci_cs_inquiry(hdev, ev->status);
1070                 break;
1071
1072         case HCI_OP_CREATE_CONN:
1073                 hci_cs_create_conn(hdev, ev->status);
1074                 break;
1075
1076         case HCI_OP_ADD_SCO:
1077                 hci_cs_add_sco(hdev, ev->status);
1078                 break;
1079
1080         case HCI_OP_REMOTE_NAME_REQ:
1081                 hci_cs_remote_name_req(hdev, ev->status);
1082                 break;
1083
1084         case HCI_OP_SETUP_SYNC_CONN:
1085                 hci_cs_setup_sync_conn(hdev, ev->status);
1086                 break;
1087
1088         case HCI_OP_SNIFF_MODE:
1089                 hci_cs_sniff_mode(hdev, ev->status);
1090                 break;
1091
1092         case HCI_OP_EXIT_SNIFF_MODE:
1093                 hci_cs_exit_sniff_mode(hdev, ev->status);
1094                 break;
1095
1096         default:
1097                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1098                 break;
1099         }
1100
1101         if (ev->ncmd) {
1102                 atomic_set(&hdev->cmd_cnt, 1);
1103                 if (!skb_queue_empty(&hdev->cmd_q))
1104                         hci_sched_cmd(hdev);
1105         }
1106 }
1107
1108 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1109 {
1110         struct hci_ev_role_change *ev = (void *) skb->data;
1111         struct hci_conn *conn;
1112
1113         BT_DBG("%s status %d", hdev->name, ev->status);
1114
1115         hci_dev_lock(hdev);
1116
1117         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1118         if (conn) {
1119                 if (!ev->status) {
1120                         if (ev->role)
1121                                 conn->link_mode &= ~HCI_LM_MASTER;
1122                         else
1123                                 conn->link_mode |= HCI_LM_MASTER;
1124                 }
1125
1126                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1127
1128                 hci_role_switch_cfm(conn, ev->status, ev->role);
1129         }
1130
1131         hci_dev_unlock(hdev);
1132 }
1133
1134 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1135 {
1136         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1137         __le16 *ptr;
1138         int i;
1139
1140         skb_pull(skb, sizeof(*ev));
1141
1142         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1143
1144         if (skb->len < ev->num_hndl * 4) {
1145                 BT_DBG("%s bad parameters", hdev->name);
1146                 return;
1147         }
1148
1149         tasklet_disable(&hdev->tx_task);
1150
1151         for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1152                 struct hci_conn *conn;
1153                 __u16  handle, count;
1154
1155                 handle = __le16_to_cpu(get_unaligned(ptr++));
1156                 count  = __le16_to_cpu(get_unaligned(ptr++));
1157
1158                 conn = hci_conn_hash_lookup_handle(hdev, handle);
1159                 if (conn) {
1160                         conn->sent -= count;
1161
1162                         if (conn->type == ACL_LINK) {
1163                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1164                                         hdev->acl_cnt = hdev->acl_pkts;
1165                         } else {
1166                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1167                                         hdev->sco_cnt = hdev->sco_pkts;
1168                         }
1169                 }
1170         }
1171
1172         hci_sched_tx(hdev);
1173
1174         tasklet_enable(&hdev->tx_task);
1175 }
1176
1177 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1178 {
1179         struct hci_ev_mode_change *ev = (void *) skb->data;
1180         struct hci_conn *conn;
1181
1182         BT_DBG("%s status %d", hdev->name, ev->status);
1183
1184         hci_dev_lock(hdev);
1185
1186         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1187         if (conn) {
1188                 conn->mode = ev->mode;
1189                 conn->interval = __le16_to_cpu(ev->interval);
1190
1191                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1192                         if (conn->mode == HCI_CM_ACTIVE)
1193                                 conn->power_save = 1;
1194                         else
1195                                 conn->power_save = 0;
1196                 }
1197         }
1198
1199         hci_dev_unlock(hdev);
1200 }
1201
1202 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1203 {
1204         BT_DBG("%s", hdev->name);
1205 }
1206
1207 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1208 {
1209         BT_DBG("%s", hdev->name);
1210 }
1211
1212 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1213 {
1214         BT_DBG("%s", hdev->name);
1215 }
1216
1217 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1218 {
1219         struct hci_ev_clock_offset *ev = (void *) skb->data;
1220         struct hci_conn *conn;
1221
1222         BT_DBG("%s status %d", hdev->name, ev->status);
1223
1224         hci_dev_lock(hdev);
1225
1226         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1227         if (conn && !ev->status) {
1228                 struct inquiry_entry *ie;
1229
1230                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1231                         ie->data.clock_offset = ev->clock_offset;
1232                         ie->timestamp = jiffies;
1233                 }
1234         }
1235
1236         hci_dev_unlock(hdev);
1237 }
1238
1239 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1240 {
1241         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1242         struct inquiry_entry *ie;
1243
1244         BT_DBG("%s", hdev->name);
1245
1246         hci_dev_lock(hdev);
1247
1248         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1249                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1250                 ie->timestamp = jiffies;
1251         }
1252
1253         hci_dev_unlock(hdev);
1254 }
1255
1256 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1257 {
1258         struct inquiry_data data;
1259         int num_rsp = *((__u8 *) skb->data);
1260
1261         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1262
1263         if (!num_rsp)
1264                 return;
1265
1266         hci_dev_lock(hdev);
1267
1268         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1269                 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1270
1271                 for (; num_rsp; num_rsp--) {
1272                         bacpy(&data.bdaddr, &info->bdaddr);
1273                         data.pscan_rep_mode     = info->pscan_rep_mode;
1274                         data.pscan_period_mode  = info->pscan_period_mode;
1275                         data.pscan_mode         = info->pscan_mode;
1276                         memcpy(data.dev_class, info->dev_class, 3);
1277                         data.clock_offset       = info->clock_offset;
1278                         data.rssi               = info->rssi;
1279                         info++;
1280                         hci_inquiry_cache_update(hdev, &data);
1281                 }
1282         } else {
1283                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1284
1285                 for (; num_rsp; num_rsp--) {
1286                         bacpy(&data.bdaddr, &info->bdaddr);
1287                         data.pscan_rep_mode     = info->pscan_rep_mode;
1288                         data.pscan_period_mode  = info->pscan_period_mode;
1289                         data.pscan_mode         = 0x00;
1290                         memcpy(data.dev_class, info->dev_class, 3);
1291                         data.clock_offset       = info->clock_offset;
1292                         data.rssi               = info->rssi;
1293                         info++;
1294                         hci_inquiry_cache_update(hdev, &data);
1295                 }
1296         }
1297
1298         hci_dev_unlock(hdev);
1299 }
1300
1301 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1302 {
1303         BT_DBG("%s", hdev->name);
1304 }
1305
1306 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1307 {
1308         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1309         struct hci_conn *conn;
1310
1311         BT_DBG("%s status %d", hdev->name, ev->status);
1312
1313         hci_dev_lock(hdev);
1314
1315         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1316         if (!conn)
1317                 goto unlock;
1318
1319         if (!ev->status) {
1320                 conn->handle = __le16_to_cpu(ev->handle);
1321                 conn->state  = BT_CONNECTED;
1322         } else
1323                 conn->state = BT_CLOSED;
1324
1325         hci_proto_connect_cfm(conn, ev->status);
1326         if (ev->status)
1327                 hci_conn_del(conn);
1328
1329 unlock:
1330         hci_dev_unlock(hdev);
1331 }
1332
1333 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1334 {
1335         BT_DBG("%s", hdev->name);
1336 }
1337
1338 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1339 {
1340         struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1341         struct hci_conn *conn;
1342
1343         BT_DBG("%s status %d", hdev->name, ev->status);
1344
1345         hci_dev_lock(hdev);
1346
1347         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1348         if (conn) {
1349         }
1350
1351         hci_dev_unlock(hdev);
1352 }
1353
1354 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1355 {
1356         struct inquiry_data data;
1357         struct extended_inquiry_info *info = (void *) (skb->data + 1);
1358         int num_rsp = *((__u8 *) skb->data);
1359
1360         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1361
1362         if (!num_rsp)
1363                 return;
1364
1365         hci_dev_lock(hdev);
1366
1367         for (; num_rsp; num_rsp--) {
1368                 bacpy(&data.bdaddr, &info->bdaddr);
1369                 data.pscan_rep_mode     = info->pscan_rep_mode;
1370                 data.pscan_period_mode  = info->pscan_period_mode;
1371                 data.pscan_mode         = 0x00;
1372                 memcpy(data.dev_class, info->dev_class, 3);
1373                 data.clock_offset       = info->clock_offset;
1374                 data.rssi               = info->rssi;
1375                 info++;
1376                 hci_inquiry_cache_update(hdev, &data);
1377         }
1378
1379         hci_dev_unlock(hdev);
1380 }
1381
1382 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1383 {
1384         struct hci_event_hdr *hdr = (void *) skb->data;
1385         __u8 event = hdr->evt;
1386
1387         skb_pull(skb, HCI_EVENT_HDR_SIZE);
1388
1389         switch (event) {
1390         case HCI_EV_INQUIRY_COMPLETE:
1391                 hci_inquiry_complete_evt(hdev, skb);
1392                 break;
1393
1394         case HCI_EV_INQUIRY_RESULT:
1395                 hci_inquiry_result_evt(hdev, skb);
1396                 break;
1397
1398         case HCI_EV_CONN_COMPLETE:
1399                 hci_conn_complete_evt(hdev, skb);
1400                 break;
1401
1402         case HCI_EV_CONN_REQUEST:
1403                 hci_conn_request_evt(hdev, skb);
1404                 break;
1405
1406         case HCI_EV_DISCONN_COMPLETE:
1407                 hci_disconn_complete_evt(hdev, skb);
1408                 break;
1409
1410         case HCI_EV_AUTH_COMPLETE:
1411                 hci_auth_complete_evt(hdev, skb);
1412                 break;
1413
1414         case HCI_EV_REMOTE_NAME:
1415                 hci_remote_name_evt(hdev, skb);
1416                 break;
1417
1418         case HCI_EV_ENCRYPT_CHANGE:
1419                 hci_encrypt_change_evt(hdev, skb);
1420                 break;
1421
1422         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1423                 hci_change_link_key_complete_evt(hdev, skb);
1424                 break;
1425
1426         case HCI_EV_REMOTE_FEATURES:
1427                 hci_remote_features_evt(hdev, skb);
1428                 break;
1429
1430         case HCI_EV_REMOTE_VERSION:
1431                 hci_remote_version_evt(hdev, skb);
1432                 break;
1433
1434         case HCI_EV_QOS_SETUP_COMPLETE:
1435                 hci_qos_setup_complete_evt(hdev, skb);
1436                 break;
1437
1438         case HCI_EV_CMD_COMPLETE:
1439                 hci_cmd_complete_evt(hdev, skb);
1440                 break;
1441
1442         case HCI_EV_CMD_STATUS:
1443                 hci_cmd_status_evt(hdev, skb);
1444                 break;
1445
1446         case HCI_EV_ROLE_CHANGE:
1447                 hci_role_change_evt(hdev, skb);
1448                 break;
1449
1450         case HCI_EV_NUM_COMP_PKTS:
1451                 hci_num_comp_pkts_evt(hdev, skb);
1452                 break;
1453
1454         case HCI_EV_MODE_CHANGE:
1455                 hci_mode_change_evt(hdev, skb);
1456                 break;
1457
1458         case HCI_EV_PIN_CODE_REQ:
1459                 hci_pin_code_request_evt(hdev, skb);
1460                 break;
1461
1462         case HCI_EV_LINK_KEY_REQ:
1463                 hci_link_key_request_evt(hdev, skb);
1464                 break;
1465
1466         case HCI_EV_LINK_KEY_NOTIFY:
1467                 hci_link_key_notify_evt(hdev, skb);
1468                 break;
1469
1470         case HCI_EV_CLOCK_OFFSET:
1471                 hci_clock_offset_evt(hdev, skb);
1472                 break;
1473
1474         case HCI_EV_PSCAN_REP_MODE:
1475                 hci_pscan_rep_mode_evt(hdev, skb);
1476                 break;
1477
1478         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1479                 hci_inquiry_result_with_rssi_evt(hdev, skb);
1480                 break;
1481
1482         case HCI_EV_REMOTE_EXT_FEATURES:
1483                 hci_remote_ext_features_evt(hdev, skb);
1484                 break;
1485
1486         case HCI_EV_SYNC_CONN_COMPLETE:
1487                 hci_sync_conn_complete_evt(hdev, skb);
1488                 break;
1489
1490         case HCI_EV_SYNC_CONN_CHANGED:
1491                 hci_sync_conn_changed_evt(hdev, skb);
1492                 break;
1493
1494         case HCI_EV_SNIFF_SUBRATE:
1495                 hci_sniff_subrate_evt(hdev, skb);
1496                 break;
1497
1498         case HCI_EV_EXTENDED_INQUIRY_RESULT:
1499                 hci_extended_inquiry_result_evt(hdev, skb);
1500                 break;
1501
1502         default:
1503                 BT_DBG("%s event 0x%x", hdev->name, event);
1504                 break;
1505         }
1506
1507         kfree_skb(skb);
1508         hdev->stat.evt_rx++;
1509 }
1510
1511 /* Generate internal stack event */
1512 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1513 {
1514         struct hci_event_hdr *hdr;
1515         struct hci_ev_stack_internal *ev;
1516         struct sk_buff *skb;
1517
1518         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1519         if (!skb)
1520                 return;
1521
1522         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1523         hdr->evt  = HCI_EV_STACK_INTERNAL;
1524         hdr->plen = sizeof(*ev) + dlen;
1525
1526         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1527         ev->type = type;
1528         memcpy(ev->data, data, dlen);
1529
1530         bt_cb(skb)->incoming = 1;
1531         __net_timestamp(skb);
1532
1533         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1534         skb->dev = (void *) hdev;
1535         hci_send_to_sock(hdev, skb);
1536         kfree_skb(skb);
1537 }