Merge branch 'kvm-updates/2.6.30' of git://git.kernel.org/pub/scm/virt/kvm/kvm
[linux-2.6] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 /* Handle HCI Event packets */
49
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 {
52         __u8 status = *((__u8 *) skb->data);
53
54         BT_DBG("%s status 0x%x", hdev->name, status);
55
56         if (status)
57                 return;
58
59         clear_bit(HCI_INQUIRY, &hdev->flags);
60
61         hci_req_complete(hdev, status);
62
63         hci_conn_check_pending(hdev);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68         __u8 status = *((__u8 *) skb->data);
69
70         BT_DBG("%s status 0x%x", hdev->name, status);
71
72         if (status)
73                 return;
74
75         clear_bit(HCI_INQUIRY, &hdev->flags);
76
77         hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
81 {
82         BT_DBG("%s", hdev->name);
83 }
84
85 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86 {
87         struct hci_rp_role_discovery *rp = (void *) skb->data;
88         struct hci_conn *conn;
89
90         BT_DBG("%s status 0x%x", hdev->name, rp->status);
91
92         if (rp->status)
93                 return;
94
95         hci_dev_lock(hdev);
96
97         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98         if (conn) {
99                 if (rp->role)
100                         conn->link_mode &= ~HCI_LM_MASTER;
101                 else
102                         conn->link_mode |= HCI_LM_MASTER;
103         }
104
105         hci_dev_unlock(hdev);
106 }
107
108 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109 {
110         struct hci_rp_read_link_policy *rp = (void *) skb->data;
111         struct hci_conn *conn;
112
113         BT_DBG("%s status 0x%x", hdev->name, rp->status);
114
115         if (rp->status)
116                 return;
117
118         hci_dev_lock(hdev);
119
120         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121         if (conn)
122                 conn->link_policy = __le16_to_cpu(rp->policy);
123
124         hci_dev_unlock(hdev);
125 }
126
127 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128 {
129         struct hci_rp_write_link_policy *rp = (void *) skb->data;
130         struct hci_conn *conn;
131         void *sent;
132
133         BT_DBG("%s status 0x%x", hdev->name, rp->status);
134
135         if (rp->status)
136                 return;
137
138         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139         if (!sent)
140                 return;
141
142         hci_dev_lock(hdev);
143
144         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
145         if (conn)
146                 conn->link_policy = get_unaligned_le16(sent + 2);
147
148         hci_dev_unlock(hdev);
149 }
150
151 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
152 {
153         struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
154
155         BT_DBG("%s status 0x%x", hdev->name, rp->status);
156
157         if (rp->status)
158                 return;
159
160         hdev->link_policy = __le16_to_cpu(rp->policy);
161 }
162
163 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
164 {
165         __u8 status = *((__u8 *) skb->data);
166         void *sent;
167
168         BT_DBG("%s status 0x%x", hdev->name, status);
169
170         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
171         if (!sent)
172                 return;
173
174         if (!status)
175                 hdev->link_policy = get_unaligned_le16(sent);
176
177         hci_req_complete(hdev, status);
178 }
179
180 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181 {
182         __u8 status = *((__u8 *) skb->data);
183
184         BT_DBG("%s status 0x%x", hdev->name, status);
185
186         hci_req_complete(hdev, status);
187 }
188
189 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
190 {
191         __u8 status = *((__u8 *) skb->data);
192         void *sent;
193
194         BT_DBG("%s status 0x%x", hdev->name, status);
195
196         if (status)
197                 return;
198
199         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200         if (!sent)
201                 return;
202
203         memcpy(hdev->dev_name, sent, 248);
204 }
205
206 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 {
208         struct hci_rp_read_local_name *rp = (void *) skb->data;
209
210         BT_DBG("%s status 0x%x", hdev->name, rp->status);
211
212         if (rp->status)
213                 return;
214
215         memcpy(hdev->dev_name, rp->name, 248);
216 }
217
218 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
219 {
220         __u8 status = *((__u8 *) skb->data);
221         void *sent;
222
223         BT_DBG("%s status 0x%x", hdev->name, status);
224
225         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
226         if (!sent)
227                 return;
228
229         if (!status) {
230                 __u8 param = *((__u8 *) sent);
231
232                 if (param == AUTH_ENABLED)
233                         set_bit(HCI_AUTH, &hdev->flags);
234                 else
235                         clear_bit(HCI_AUTH, &hdev->flags);
236         }
237
238         hci_req_complete(hdev, status);
239 }
240
241 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
242 {
243         __u8 status = *((__u8 *) skb->data);
244         void *sent;
245
246         BT_DBG("%s status 0x%x", hdev->name, status);
247
248         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
249         if (!sent)
250                 return;
251
252         if (!status) {
253                 __u8 param = *((__u8 *) sent);
254
255                 if (param)
256                         set_bit(HCI_ENCRYPT, &hdev->flags);
257                 else
258                         clear_bit(HCI_ENCRYPT, &hdev->flags);
259         }
260
261         hci_req_complete(hdev, status);
262 }
263
264 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
265 {
266         __u8 status = *((__u8 *) skb->data);
267         void *sent;
268
269         BT_DBG("%s status 0x%x", hdev->name, status);
270
271         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
272         if (!sent)
273                 return;
274
275         if (!status) {
276                 __u8 param = *((__u8 *) sent);
277
278                 clear_bit(HCI_PSCAN, &hdev->flags);
279                 clear_bit(HCI_ISCAN, &hdev->flags);
280
281                 if (param & SCAN_INQUIRY)
282                         set_bit(HCI_ISCAN, &hdev->flags);
283
284                 if (param & SCAN_PAGE)
285                         set_bit(HCI_PSCAN, &hdev->flags);
286         }
287
288         hci_req_complete(hdev, status);
289 }
290
291 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
292 {
293         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
294
295         BT_DBG("%s status 0x%x", hdev->name, rp->status);
296
297         if (rp->status)
298                 return;
299
300         memcpy(hdev->dev_class, rp->dev_class, 3);
301
302         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
303                 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
304 }
305
306 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
307 {
308         __u8 status = *((__u8 *) skb->data);
309         void *sent;
310
311         BT_DBG("%s status 0x%x", hdev->name, status);
312
313         if (status)
314                 return;
315
316         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
317         if (!sent)
318                 return;
319
320         memcpy(hdev->dev_class, sent, 3);
321 }
322
323 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
324 {
325         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
326         __u16 setting;
327
328         BT_DBG("%s status 0x%x", hdev->name, rp->status);
329
330         if (rp->status)
331                 return;
332
333         setting = __le16_to_cpu(rp->voice_setting);
334
335         if (hdev->voice_setting == setting)
336                 return;
337
338         hdev->voice_setting = setting;
339
340         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
341
342         if (hdev->notify) {
343                 tasklet_disable(&hdev->tx_task);
344                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
345                 tasklet_enable(&hdev->tx_task);
346         }
347 }
348
349 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
350 {
351         __u8 status = *((__u8 *) skb->data);
352         __u16 setting;
353         void *sent;
354
355         BT_DBG("%s status 0x%x", hdev->name, status);
356
357         if (status)
358                 return;
359
360         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
361         if (!sent)
362                 return;
363
364         setting = get_unaligned_le16(sent);
365
366         if (hdev->voice_setting == setting)
367                 return;
368
369         hdev->voice_setting = setting;
370
371         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
372
373         if (hdev->notify) {
374                 tasklet_disable(&hdev->tx_task);
375                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
376                 tasklet_enable(&hdev->tx_task);
377         }
378 }
379
380 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
381 {
382         __u8 status = *((__u8 *) skb->data);
383
384         BT_DBG("%s status 0x%x", hdev->name, status);
385
386         hci_req_complete(hdev, status);
387 }
388
389 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
390 {
391         struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
392
393         BT_DBG("%s status 0x%x", hdev->name, rp->status);
394
395         if (rp->status)
396                 return;
397
398         hdev->ssp_mode = rp->mode;
399 }
400
401 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
402 {
403         __u8 status = *((__u8 *) skb->data);
404         void *sent;
405
406         BT_DBG("%s status 0x%x", hdev->name, status);
407
408         if (status)
409                 return;
410
411         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
412         if (!sent)
413                 return;
414
415         hdev->ssp_mode = *((__u8 *) sent);
416 }
417
418 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
419 {
420         struct hci_rp_read_local_version *rp = (void *) skb->data;
421
422         BT_DBG("%s status 0x%x", hdev->name, rp->status);
423
424         if (rp->status)
425                 return;
426
427         hdev->hci_ver = rp->hci_ver;
428         hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
429         hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
430
431         BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
432                                         hdev->manufacturer,
433                                         hdev->hci_ver, hdev->hci_rev);
434 }
435
436 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
437 {
438         struct hci_rp_read_local_commands *rp = (void *) skb->data;
439
440         BT_DBG("%s status 0x%x", hdev->name, rp->status);
441
442         if (rp->status)
443                 return;
444
445         memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
446 }
447
448 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
449 {
450         struct hci_rp_read_local_features *rp = (void *) skb->data;
451
452         BT_DBG("%s status 0x%x", hdev->name, rp->status);
453
454         if (rp->status)
455                 return;
456
457         memcpy(hdev->features, rp->features, 8);
458
459         /* Adjust default settings according to features
460          * supported by device. */
461
462         if (hdev->features[0] & LMP_3SLOT)
463                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
464
465         if (hdev->features[0] & LMP_5SLOT)
466                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
467
468         if (hdev->features[1] & LMP_HV2) {
469                 hdev->pkt_type  |= (HCI_HV2);
470                 hdev->esco_type |= (ESCO_HV2);
471         }
472
473         if (hdev->features[1] & LMP_HV3) {
474                 hdev->pkt_type  |= (HCI_HV3);
475                 hdev->esco_type |= (ESCO_HV3);
476         }
477
478         if (hdev->features[3] & LMP_ESCO)
479                 hdev->esco_type |= (ESCO_EV3);
480
481         if (hdev->features[4] & LMP_EV4)
482                 hdev->esco_type |= (ESCO_EV4);
483
484         if (hdev->features[4] & LMP_EV5)
485                 hdev->esco_type |= (ESCO_EV5);
486
487         if (hdev->features[5] & LMP_EDR_ESCO_2M)
488                 hdev->esco_type |= (ESCO_2EV3);
489
490         if (hdev->features[5] & LMP_EDR_ESCO_3M)
491                 hdev->esco_type |= (ESCO_3EV3);
492
493         if (hdev->features[5] & LMP_EDR_3S_ESCO)
494                 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
495
496         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
497                                         hdev->features[0], hdev->features[1],
498                                         hdev->features[2], hdev->features[3],
499                                         hdev->features[4], hdev->features[5],
500                                         hdev->features[6], hdev->features[7]);
501 }
502
503 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
504 {
505         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
506
507         BT_DBG("%s status 0x%x", hdev->name, rp->status);
508
509         if (rp->status)
510                 return;
511
512         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
513         hdev->sco_mtu  = rp->sco_mtu;
514         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
515         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
516
517         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
518                 hdev->sco_mtu  = 64;
519                 hdev->sco_pkts = 8;
520         }
521
522         hdev->acl_cnt = hdev->acl_pkts;
523         hdev->sco_cnt = hdev->sco_pkts;
524
525         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
526                                         hdev->acl_mtu, hdev->acl_pkts,
527                                         hdev->sco_mtu, hdev->sco_pkts);
528 }
529
530 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
531 {
532         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
533
534         BT_DBG("%s status 0x%x", hdev->name, rp->status);
535
536         if (!rp->status)
537                 bacpy(&hdev->bdaddr, &rp->bdaddr);
538
539         hci_req_complete(hdev, rp->status);
540 }
541
542 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
543 {
544         BT_DBG("%s status 0x%x", hdev->name, status);
545
546         if (status) {
547                 hci_req_complete(hdev, status);
548
549                 hci_conn_check_pending(hdev);
550         } else
551                 set_bit(HCI_INQUIRY, &hdev->flags);
552 }
553
554 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
555 {
556         struct hci_cp_create_conn *cp;
557         struct hci_conn *conn;
558
559         BT_DBG("%s status 0x%x", hdev->name, status);
560
561         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
562         if (!cp)
563                 return;
564
565         hci_dev_lock(hdev);
566
567         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
568
569         BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
570
571         if (status) {
572                 if (conn && conn->state == BT_CONNECT) {
573                         if (status != 0x0c || conn->attempt > 2) {
574                                 conn->state = BT_CLOSED;
575                                 hci_proto_connect_cfm(conn, status);
576                                 hci_conn_del(conn);
577                         } else
578                                 conn->state = BT_CONNECT2;
579                 }
580         } else {
581                 if (!conn) {
582                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
583                         if (conn) {
584                                 conn->out = 1;
585                                 conn->link_mode |= HCI_LM_MASTER;
586                         } else
587                                 BT_ERR("No memmory for new connection");
588                 }
589         }
590
591         hci_dev_unlock(hdev);
592 }
593
594 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
595 {
596         struct hci_cp_add_sco *cp;
597         struct hci_conn *acl, *sco;
598         __u16 handle;
599
600         BT_DBG("%s status 0x%x", hdev->name, status);
601
602         if (!status)
603                 return;
604
605         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
606         if (!cp)
607                 return;
608
609         handle = __le16_to_cpu(cp->handle);
610
611         BT_DBG("%s handle %d", hdev->name, handle);
612
613         hci_dev_lock(hdev);
614
615         acl = hci_conn_hash_lookup_handle(hdev, handle);
616         if (acl && (sco = acl->link)) {
617                 sco->state = BT_CLOSED;
618
619                 hci_proto_connect_cfm(sco, status);
620                 hci_conn_del(sco);
621         }
622
623         hci_dev_unlock(hdev);
624 }
625
626 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
627 {
628         struct hci_cp_auth_requested *cp;
629         struct hci_conn *conn;
630
631         BT_DBG("%s status 0x%x", hdev->name, status);
632
633         if (!status)
634                 return;
635
636         cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
637         if (!cp)
638                 return;
639
640         hci_dev_lock(hdev);
641
642         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
643         if (conn) {
644                 if (conn->state == BT_CONFIG) {
645                         hci_proto_connect_cfm(conn, status);
646                         hci_conn_put(conn);
647                 }
648         }
649
650         hci_dev_unlock(hdev);
651 }
652
653 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
654 {
655         struct hci_cp_set_conn_encrypt *cp;
656         struct hci_conn *conn;
657
658         BT_DBG("%s status 0x%x", hdev->name, status);
659
660         if (!status)
661                 return;
662
663         cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
664         if (!cp)
665                 return;
666
667         hci_dev_lock(hdev);
668
669         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
670         if (conn) {
671                 if (conn->state == BT_CONFIG) {
672                         hci_proto_connect_cfm(conn, status);
673                         hci_conn_put(conn);
674                 }
675         }
676
677         hci_dev_unlock(hdev);
678 }
679
680 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
681 {
682         BT_DBG("%s status 0x%x", hdev->name, status);
683 }
684
685 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
686 {
687         struct hci_cp_read_remote_features *cp;
688         struct hci_conn *conn;
689
690         BT_DBG("%s status 0x%x", hdev->name, status);
691
692         if (!status)
693                 return;
694
695         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
696         if (!cp)
697                 return;
698
699         hci_dev_lock(hdev);
700
701         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
702         if (conn) {
703                 if (conn->state == BT_CONFIG) {
704                         hci_proto_connect_cfm(conn, status);
705                         hci_conn_put(conn);
706                 }
707         }
708
709         hci_dev_unlock(hdev);
710 }
711
712 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
713 {
714         struct hci_cp_read_remote_ext_features *cp;
715         struct hci_conn *conn;
716
717         BT_DBG("%s status 0x%x", hdev->name, status);
718
719         if (!status)
720                 return;
721
722         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
723         if (!cp)
724                 return;
725
726         hci_dev_lock(hdev);
727
728         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
729         if (conn) {
730                 if (conn->state == BT_CONFIG) {
731                         hci_proto_connect_cfm(conn, status);
732                         hci_conn_put(conn);
733                 }
734         }
735
736         hci_dev_unlock(hdev);
737 }
738
739 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
740 {
741         struct hci_cp_setup_sync_conn *cp;
742         struct hci_conn *acl, *sco;
743         __u16 handle;
744
745         BT_DBG("%s status 0x%x", hdev->name, status);
746
747         if (!status)
748                 return;
749
750         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
751         if (!cp)
752                 return;
753
754         handle = __le16_to_cpu(cp->handle);
755
756         BT_DBG("%s handle %d", hdev->name, handle);
757
758         hci_dev_lock(hdev);
759
760         acl = hci_conn_hash_lookup_handle(hdev, handle);
761         if (acl && (sco = acl->link)) {
762                 sco->state = BT_CLOSED;
763
764                 hci_proto_connect_cfm(sco, status);
765                 hci_conn_del(sco);
766         }
767
768         hci_dev_unlock(hdev);
769 }
770
771 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
772 {
773         struct hci_cp_sniff_mode *cp;
774         struct hci_conn *conn;
775
776         BT_DBG("%s status 0x%x", hdev->name, status);
777
778         if (!status)
779                 return;
780
781         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
782         if (!cp)
783                 return;
784
785         hci_dev_lock(hdev);
786
787         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
788         if (conn)
789                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
790
791         hci_dev_unlock(hdev);
792 }
793
794 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
795 {
796         struct hci_cp_exit_sniff_mode *cp;
797         struct hci_conn *conn;
798
799         BT_DBG("%s status 0x%x", hdev->name, status);
800
801         if (!status)
802                 return;
803
804         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
805         if (!cp)
806                 return;
807
808         hci_dev_lock(hdev);
809
810         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
811         if (conn)
812                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
813
814         hci_dev_unlock(hdev);
815 }
816
817 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
818 {
819         __u8 status = *((__u8 *) skb->data);
820
821         BT_DBG("%s status %d", hdev->name, status);
822
823         clear_bit(HCI_INQUIRY, &hdev->flags);
824
825         hci_req_complete(hdev, status);
826
827         hci_conn_check_pending(hdev);
828 }
829
830 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
831 {
832         struct inquiry_data data;
833         struct inquiry_info *info = (void *) (skb->data + 1);
834         int num_rsp = *((__u8 *) skb->data);
835
836         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
837
838         if (!num_rsp)
839                 return;
840
841         hci_dev_lock(hdev);
842
843         for (; num_rsp; num_rsp--) {
844                 bacpy(&data.bdaddr, &info->bdaddr);
845                 data.pscan_rep_mode     = info->pscan_rep_mode;
846                 data.pscan_period_mode  = info->pscan_period_mode;
847                 data.pscan_mode         = info->pscan_mode;
848                 memcpy(data.dev_class, info->dev_class, 3);
849                 data.clock_offset       = info->clock_offset;
850                 data.rssi               = 0x00;
851                 data.ssp_mode           = 0x00;
852                 info++;
853                 hci_inquiry_cache_update(hdev, &data);
854         }
855
856         hci_dev_unlock(hdev);
857 }
858
859 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
860 {
861         struct hci_ev_conn_complete *ev = (void *) skb->data;
862         struct hci_conn *conn;
863
864         BT_DBG("%s", hdev->name);
865
866         hci_dev_lock(hdev);
867
868         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
869         if (!conn) {
870                 if (ev->link_type != SCO_LINK)
871                         goto unlock;
872
873                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
874                 if (!conn)
875                         goto unlock;
876
877                 conn->type = SCO_LINK;
878         }
879
880         if (!ev->status) {
881                 conn->handle = __le16_to_cpu(ev->handle);
882
883                 if (conn->type == ACL_LINK) {
884                         conn->state = BT_CONFIG;
885                         hci_conn_hold(conn);
886                 } else
887                         conn->state = BT_CONNECTED;
888
889                 hci_conn_add_sysfs(conn);
890
891                 if (test_bit(HCI_AUTH, &hdev->flags))
892                         conn->link_mode |= HCI_LM_AUTH;
893
894                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
895                         conn->link_mode |= HCI_LM_ENCRYPT;
896
897                 /* Get remote features */
898                 if (conn->type == ACL_LINK) {
899                         struct hci_cp_read_remote_features cp;
900                         cp.handle = ev->handle;
901                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
902                                                         sizeof(cp), &cp);
903                 }
904
905                 /* Set packet type for incoming connection */
906                 if (!conn->out && hdev->hci_ver < 3) {
907                         struct hci_cp_change_conn_ptype cp;
908                         cp.handle = ev->handle;
909                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
910                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
911                                                         sizeof(cp), &cp);
912                 }
913         } else
914                 conn->state = BT_CLOSED;
915
916         if (conn->type == ACL_LINK) {
917                 struct hci_conn *sco = conn->link;
918                 if (sco) {
919                         if (!ev->status) {
920                                 if (lmp_esco_capable(hdev))
921                                         hci_setup_sync(sco, conn->handle);
922                                 else
923                                         hci_add_sco(sco, conn->handle);
924                         } else {
925                                 hci_proto_connect_cfm(sco, ev->status);
926                                 hci_conn_del(sco);
927                         }
928                 }
929         }
930
931         if (ev->status) {
932                 hci_proto_connect_cfm(conn, ev->status);
933                 hci_conn_del(conn);
934         } else if (ev->link_type != ACL_LINK)
935                 hci_proto_connect_cfm(conn, ev->status);
936
937 unlock:
938         hci_dev_unlock(hdev);
939
940         hci_conn_check_pending(hdev);
941 }
942
943 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
944 {
945         struct hci_ev_conn_request *ev = (void *) skb->data;
946         int mask = hdev->link_mode;
947
948         BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
949                                         batostr(&ev->bdaddr), ev->link_type);
950
951         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
952
953         if (mask & HCI_LM_ACCEPT) {
954                 /* Connection accepted */
955                 struct inquiry_entry *ie;
956                 struct hci_conn *conn;
957
958                 hci_dev_lock(hdev);
959
960                 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
961                         memcpy(ie->data.dev_class, ev->dev_class, 3);
962
963                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
964                 if (!conn) {
965                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
966                                 BT_ERR("No memmory for new connection");
967                                 hci_dev_unlock(hdev);
968                                 return;
969                         }
970                 }
971
972                 memcpy(conn->dev_class, ev->dev_class, 3);
973                 conn->state = BT_CONNECT;
974
975                 hci_dev_unlock(hdev);
976
977                 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
978                         struct hci_cp_accept_conn_req cp;
979
980                         bacpy(&cp.bdaddr, &ev->bdaddr);
981
982                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
983                                 cp.role = 0x00; /* Become master */
984                         else
985                                 cp.role = 0x01; /* Remain slave */
986
987                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
988                                                         sizeof(cp), &cp);
989                 } else {
990                         struct hci_cp_accept_sync_conn_req cp;
991
992                         bacpy(&cp.bdaddr, &ev->bdaddr);
993                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
994
995                         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
996                         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
997                         cp.max_latency    = cpu_to_le16(0xffff);
998                         cp.content_format = cpu_to_le16(hdev->voice_setting);
999                         cp.retrans_effort = 0xff;
1000
1001                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1002                                                         sizeof(cp), &cp);
1003                 }
1004         } else {
1005                 /* Connection rejected */
1006                 struct hci_cp_reject_conn_req cp;
1007
1008                 bacpy(&cp.bdaddr, &ev->bdaddr);
1009                 cp.reason = 0x0f;
1010                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1011         }
1012 }
1013
1014 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1015 {
1016         struct hci_ev_disconn_complete *ev = (void *) skb->data;
1017         struct hci_conn *conn;
1018
1019         BT_DBG("%s status %d", hdev->name, ev->status);
1020
1021         if (ev->status)
1022                 return;
1023
1024         hci_dev_lock(hdev);
1025
1026         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1027         if (conn) {
1028                 conn->state = BT_CLOSED;
1029
1030                 hci_proto_disconn_cfm(conn, ev->reason);
1031                 hci_conn_del(conn);
1032         }
1033
1034         hci_dev_unlock(hdev);
1035 }
1036
1037 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1038 {
1039         struct hci_ev_auth_complete *ev = (void *) skb->data;
1040         struct hci_conn *conn;
1041
1042         BT_DBG("%s status %d", hdev->name, ev->status);
1043
1044         hci_dev_lock(hdev);
1045
1046         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1047         if (conn) {
1048                 if (!ev->status)
1049                         conn->link_mode |= HCI_LM_AUTH;
1050
1051                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1052
1053                 if (conn->state == BT_CONFIG) {
1054                         if (!ev->status && hdev->ssp_mode > 0 &&
1055                                                         conn->ssp_mode > 0) {
1056                                 struct hci_cp_set_conn_encrypt cp;
1057                                 cp.handle  = ev->handle;
1058                                 cp.encrypt = 0x01;
1059                                 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1060                                                         sizeof(cp), &cp);
1061                         } else {
1062                                 conn->state = BT_CONNECTED;
1063                                 hci_proto_connect_cfm(conn, ev->status);
1064                                 hci_conn_put(conn);
1065                         }
1066                 } else
1067                         hci_auth_cfm(conn, ev->status);
1068
1069                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1070                         if (!ev->status) {
1071                                 struct hci_cp_set_conn_encrypt cp;
1072                                 cp.handle  = ev->handle;
1073                                 cp.encrypt = 0x01;
1074                                 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1075                                                         sizeof(cp), &cp);
1076                         } else {
1077                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1078                                 hci_encrypt_cfm(conn, ev->status, 0x00);
1079                         }
1080                 }
1081         }
1082
1083         hci_dev_unlock(hdev);
1084 }
1085
1086 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1087 {
1088         BT_DBG("%s", hdev->name);
1089
1090         hci_conn_check_pending(hdev);
1091 }
1092
1093 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1094 {
1095         struct hci_ev_encrypt_change *ev = (void *) skb->data;
1096         struct hci_conn *conn;
1097
1098         BT_DBG("%s status %d", hdev->name, ev->status);
1099
1100         hci_dev_lock(hdev);
1101
1102         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1103         if (conn) {
1104                 if (!ev->status) {
1105                         if (ev->encrypt) {
1106                                 /* Encryption implies authentication */
1107                                 conn->link_mode |= HCI_LM_AUTH;
1108                                 conn->link_mode |= HCI_LM_ENCRYPT;
1109                         } else
1110                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
1111                 }
1112
1113                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1114
1115                 if (conn->state == BT_CONFIG) {
1116                         if (!ev->status)
1117                                 conn->state = BT_CONNECTED;
1118
1119                         hci_proto_connect_cfm(conn, ev->status);
1120                         hci_conn_put(conn);
1121                 } else
1122                         hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1123         }
1124
1125         hci_dev_unlock(hdev);
1126 }
1127
1128 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1129 {
1130         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1131         struct hci_conn *conn;
1132
1133         BT_DBG("%s status %d", hdev->name, ev->status);
1134
1135         hci_dev_lock(hdev);
1136
1137         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1138         if (conn) {
1139                 if (!ev->status)
1140                         conn->link_mode |= HCI_LM_SECURE;
1141
1142                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1143
1144                 hci_key_change_cfm(conn, ev->status);
1145         }
1146
1147         hci_dev_unlock(hdev);
1148 }
1149
1150 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1151 {
1152         struct hci_ev_remote_features *ev = (void *) skb->data;
1153         struct hci_conn *conn;
1154
1155         BT_DBG("%s status %d", hdev->name, ev->status);
1156
1157         hci_dev_lock(hdev);
1158
1159         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1160         if (conn) {
1161                 if (!ev->status)
1162                         memcpy(conn->features, ev->features, 8);
1163
1164                 if (conn->state == BT_CONFIG) {
1165                         if (!ev->status && lmp_ssp_capable(hdev) &&
1166                                                 lmp_ssp_capable(conn)) {
1167                                 struct hci_cp_read_remote_ext_features cp;
1168                                 cp.handle = ev->handle;
1169                                 cp.page = 0x01;
1170                                 hci_send_cmd(hdev,
1171                                         HCI_OP_READ_REMOTE_EXT_FEATURES,
1172                                                         sizeof(cp), &cp);
1173                         } else {
1174                                 conn->state = BT_CONNECTED;
1175                                 hci_proto_connect_cfm(conn, ev->status);
1176                                 hci_conn_put(conn);
1177                         }
1178                 }
1179         }
1180
1181         hci_dev_unlock(hdev);
1182 }
1183
1184 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1185 {
1186         BT_DBG("%s", hdev->name);
1187 }
1188
1189 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1190 {
1191         BT_DBG("%s", hdev->name);
1192 }
1193
1194 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1195 {
1196         struct hci_ev_cmd_complete *ev = (void *) skb->data;
1197         __u16 opcode;
1198
1199         skb_pull(skb, sizeof(*ev));
1200
1201         opcode = __le16_to_cpu(ev->opcode);
1202
1203         switch (opcode) {
1204         case HCI_OP_INQUIRY_CANCEL:
1205                 hci_cc_inquiry_cancel(hdev, skb);
1206                 break;
1207
1208         case HCI_OP_EXIT_PERIODIC_INQ:
1209                 hci_cc_exit_periodic_inq(hdev, skb);
1210                 break;
1211
1212         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1213                 hci_cc_remote_name_req_cancel(hdev, skb);
1214                 break;
1215
1216         case HCI_OP_ROLE_DISCOVERY:
1217                 hci_cc_role_discovery(hdev, skb);
1218                 break;
1219
1220         case HCI_OP_READ_LINK_POLICY:
1221                 hci_cc_read_link_policy(hdev, skb);
1222                 break;
1223
1224         case HCI_OP_WRITE_LINK_POLICY:
1225                 hci_cc_write_link_policy(hdev, skb);
1226                 break;
1227
1228         case HCI_OP_READ_DEF_LINK_POLICY:
1229                 hci_cc_read_def_link_policy(hdev, skb);
1230                 break;
1231
1232         case HCI_OP_WRITE_DEF_LINK_POLICY:
1233                 hci_cc_write_def_link_policy(hdev, skb);
1234                 break;
1235
1236         case HCI_OP_RESET:
1237                 hci_cc_reset(hdev, skb);
1238                 break;
1239
1240         case HCI_OP_WRITE_LOCAL_NAME:
1241                 hci_cc_write_local_name(hdev, skb);
1242                 break;
1243
1244         case HCI_OP_READ_LOCAL_NAME:
1245                 hci_cc_read_local_name(hdev, skb);
1246                 break;
1247
1248         case HCI_OP_WRITE_AUTH_ENABLE:
1249                 hci_cc_write_auth_enable(hdev, skb);
1250                 break;
1251
1252         case HCI_OP_WRITE_ENCRYPT_MODE:
1253                 hci_cc_write_encrypt_mode(hdev, skb);
1254                 break;
1255
1256         case HCI_OP_WRITE_SCAN_ENABLE:
1257                 hci_cc_write_scan_enable(hdev, skb);
1258                 break;
1259
1260         case HCI_OP_READ_CLASS_OF_DEV:
1261                 hci_cc_read_class_of_dev(hdev, skb);
1262                 break;
1263
1264         case HCI_OP_WRITE_CLASS_OF_DEV:
1265                 hci_cc_write_class_of_dev(hdev, skb);
1266                 break;
1267
1268         case HCI_OP_READ_VOICE_SETTING:
1269                 hci_cc_read_voice_setting(hdev, skb);
1270                 break;
1271
1272         case HCI_OP_WRITE_VOICE_SETTING:
1273                 hci_cc_write_voice_setting(hdev, skb);
1274                 break;
1275
1276         case HCI_OP_HOST_BUFFER_SIZE:
1277                 hci_cc_host_buffer_size(hdev, skb);
1278                 break;
1279
1280         case HCI_OP_READ_SSP_MODE:
1281                 hci_cc_read_ssp_mode(hdev, skb);
1282                 break;
1283
1284         case HCI_OP_WRITE_SSP_MODE:
1285                 hci_cc_write_ssp_mode(hdev, skb);
1286                 break;
1287
1288         case HCI_OP_READ_LOCAL_VERSION:
1289                 hci_cc_read_local_version(hdev, skb);
1290                 break;
1291
1292         case HCI_OP_READ_LOCAL_COMMANDS:
1293                 hci_cc_read_local_commands(hdev, skb);
1294                 break;
1295
1296         case HCI_OP_READ_LOCAL_FEATURES:
1297                 hci_cc_read_local_features(hdev, skb);
1298                 break;
1299
1300         case HCI_OP_READ_BUFFER_SIZE:
1301                 hci_cc_read_buffer_size(hdev, skb);
1302                 break;
1303
1304         case HCI_OP_READ_BD_ADDR:
1305                 hci_cc_read_bd_addr(hdev, skb);
1306                 break;
1307
1308         default:
1309                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1310                 break;
1311         }
1312
1313         if (ev->ncmd) {
1314                 atomic_set(&hdev->cmd_cnt, 1);
1315                 if (!skb_queue_empty(&hdev->cmd_q))
1316                         hci_sched_cmd(hdev);
1317         }
1318 }
1319
1320 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1321 {
1322         struct hci_ev_cmd_status *ev = (void *) skb->data;
1323         __u16 opcode;
1324
1325         skb_pull(skb, sizeof(*ev));
1326
1327         opcode = __le16_to_cpu(ev->opcode);
1328
1329         switch (opcode) {
1330         case HCI_OP_INQUIRY:
1331                 hci_cs_inquiry(hdev, ev->status);
1332                 break;
1333
1334         case HCI_OP_CREATE_CONN:
1335                 hci_cs_create_conn(hdev, ev->status);
1336                 break;
1337
1338         case HCI_OP_ADD_SCO:
1339                 hci_cs_add_sco(hdev, ev->status);
1340                 break;
1341
1342         case HCI_OP_AUTH_REQUESTED:
1343                 hci_cs_auth_requested(hdev, ev->status);
1344                 break;
1345
1346         case HCI_OP_SET_CONN_ENCRYPT:
1347                 hci_cs_set_conn_encrypt(hdev, ev->status);
1348                 break;
1349
1350         case HCI_OP_REMOTE_NAME_REQ:
1351                 hci_cs_remote_name_req(hdev, ev->status);
1352                 break;
1353
1354         case HCI_OP_READ_REMOTE_FEATURES:
1355                 hci_cs_read_remote_features(hdev, ev->status);
1356                 break;
1357
1358         case HCI_OP_READ_REMOTE_EXT_FEATURES:
1359                 hci_cs_read_remote_ext_features(hdev, ev->status);
1360                 break;
1361
1362         case HCI_OP_SETUP_SYNC_CONN:
1363                 hci_cs_setup_sync_conn(hdev, ev->status);
1364                 break;
1365
1366         case HCI_OP_SNIFF_MODE:
1367                 hci_cs_sniff_mode(hdev, ev->status);
1368                 break;
1369
1370         case HCI_OP_EXIT_SNIFF_MODE:
1371                 hci_cs_exit_sniff_mode(hdev, ev->status);
1372                 break;
1373
1374         default:
1375                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1376                 break;
1377         }
1378
1379         if (ev->ncmd) {
1380                 atomic_set(&hdev->cmd_cnt, 1);
1381                 if (!skb_queue_empty(&hdev->cmd_q))
1382                         hci_sched_cmd(hdev);
1383         }
1384 }
1385
1386 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1387 {
1388         struct hci_ev_role_change *ev = (void *) skb->data;
1389         struct hci_conn *conn;
1390
1391         BT_DBG("%s status %d", hdev->name, ev->status);
1392
1393         hci_dev_lock(hdev);
1394
1395         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1396         if (conn) {
1397                 if (!ev->status) {
1398                         if (ev->role)
1399                                 conn->link_mode &= ~HCI_LM_MASTER;
1400                         else
1401                                 conn->link_mode |= HCI_LM_MASTER;
1402                 }
1403
1404                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1405
1406                 hci_role_switch_cfm(conn, ev->status, ev->role);
1407         }
1408
1409         hci_dev_unlock(hdev);
1410 }
1411
1412 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1413 {
1414         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1415         __le16 *ptr;
1416         int i;
1417
1418         skb_pull(skb, sizeof(*ev));
1419
1420         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1421
1422         if (skb->len < ev->num_hndl * 4) {
1423                 BT_DBG("%s bad parameters", hdev->name);
1424                 return;
1425         }
1426
1427         tasklet_disable(&hdev->tx_task);
1428
1429         for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1430                 struct hci_conn *conn;
1431                 __u16  handle, count;
1432
1433                 handle = get_unaligned_le16(ptr++);
1434                 count  = get_unaligned_le16(ptr++);
1435
1436                 conn = hci_conn_hash_lookup_handle(hdev, handle);
1437                 if (conn) {
1438                         conn->sent -= count;
1439
1440                         if (conn->type == ACL_LINK) {
1441                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1442                                         hdev->acl_cnt = hdev->acl_pkts;
1443                         } else {
1444                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1445                                         hdev->sco_cnt = hdev->sco_pkts;
1446                         }
1447                 }
1448         }
1449
1450         hci_sched_tx(hdev);
1451
1452         tasklet_enable(&hdev->tx_task);
1453 }
1454
1455 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1456 {
1457         struct hci_ev_mode_change *ev = (void *) skb->data;
1458         struct hci_conn *conn;
1459
1460         BT_DBG("%s status %d", hdev->name, ev->status);
1461
1462         hci_dev_lock(hdev);
1463
1464         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1465         if (conn) {
1466                 conn->mode = ev->mode;
1467                 conn->interval = __le16_to_cpu(ev->interval);
1468
1469                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1470                         if (conn->mode == HCI_CM_ACTIVE)
1471                                 conn->power_save = 1;
1472                         else
1473                                 conn->power_save = 0;
1474                 }
1475         }
1476
1477         hci_dev_unlock(hdev);
1478 }
1479
1480 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1481 {
1482         BT_DBG("%s", hdev->name);
1483 }
1484
1485 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1486 {
1487         BT_DBG("%s", hdev->name);
1488 }
1489
1490 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1491 {
1492         BT_DBG("%s", hdev->name);
1493 }
1494
1495 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1496 {
1497         struct hci_ev_clock_offset *ev = (void *) skb->data;
1498         struct hci_conn *conn;
1499
1500         BT_DBG("%s status %d", hdev->name, ev->status);
1501
1502         hci_dev_lock(hdev);
1503
1504         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1505         if (conn && !ev->status) {
1506                 struct inquiry_entry *ie;
1507
1508                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1509                         ie->data.clock_offset = ev->clock_offset;
1510                         ie->timestamp = jiffies;
1511                 }
1512         }
1513
1514         hci_dev_unlock(hdev);
1515 }
1516
1517 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1518 {
1519         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1520         struct hci_conn *conn;
1521
1522         BT_DBG("%s status %d", hdev->name, ev->status);
1523
1524         hci_dev_lock(hdev);
1525
1526         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1527         if (conn && !ev->status)
1528                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1529
1530         hci_dev_unlock(hdev);
1531 }
1532
1533 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1534 {
1535         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1536         struct inquiry_entry *ie;
1537
1538         BT_DBG("%s", hdev->name);
1539
1540         hci_dev_lock(hdev);
1541
1542         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1543                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1544                 ie->timestamp = jiffies;
1545         }
1546
1547         hci_dev_unlock(hdev);
1548 }
1549
1550 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1551 {
1552         struct inquiry_data data;
1553         int num_rsp = *((__u8 *) skb->data);
1554
1555         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1556
1557         if (!num_rsp)
1558                 return;
1559
1560         hci_dev_lock(hdev);
1561
1562         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1563                 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1564
1565                 for (; num_rsp; num_rsp--) {
1566                         bacpy(&data.bdaddr, &info->bdaddr);
1567                         data.pscan_rep_mode     = info->pscan_rep_mode;
1568                         data.pscan_period_mode  = info->pscan_period_mode;
1569                         data.pscan_mode         = info->pscan_mode;
1570                         memcpy(data.dev_class, info->dev_class, 3);
1571                         data.clock_offset       = info->clock_offset;
1572                         data.rssi               = info->rssi;
1573                         data.ssp_mode           = 0x00;
1574                         info++;
1575                         hci_inquiry_cache_update(hdev, &data);
1576                 }
1577         } else {
1578                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1579
1580                 for (; num_rsp; num_rsp--) {
1581                         bacpy(&data.bdaddr, &info->bdaddr);
1582                         data.pscan_rep_mode     = info->pscan_rep_mode;
1583                         data.pscan_period_mode  = info->pscan_period_mode;
1584                         data.pscan_mode         = 0x00;
1585                         memcpy(data.dev_class, info->dev_class, 3);
1586                         data.clock_offset       = info->clock_offset;
1587                         data.rssi               = info->rssi;
1588                         data.ssp_mode           = 0x00;
1589                         info++;
1590                         hci_inquiry_cache_update(hdev, &data);
1591                 }
1592         }
1593
1594         hci_dev_unlock(hdev);
1595 }
1596
1597 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598 {
1599         struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1600         struct hci_conn *conn;
1601
1602         BT_DBG("%s", hdev->name);
1603
1604         hci_dev_lock(hdev);
1605
1606         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1607         if (conn) {
1608                 if (!ev->status && ev->page == 0x01) {
1609                         struct inquiry_entry *ie;
1610
1611                         if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1612                                 ie->data.ssp_mode = (ev->features[0] & 0x01);
1613
1614                         conn->ssp_mode = (ev->features[0] & 0x01);
1615                 }
1616
1617                 if (conn->state == BT_CONFIG) {
1618                         if (!ev->status && hdev->ssp_mode > 0 &&
1619                                         conn->ssp_mode > 0 && conn->out &&
1620                                         conn->sec_level != BT_SECURITY_SDP) {
1621                                 struct hci_cp_auth_requested cp;
1622                                 cp.handle = ev->handle;
1623                                 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1624                                                         sizeof(cp), &cp);
1625                         } else {
1626                                 conn->state = BT_CONNECTED;
1627                                 hci_proto_connect_cfm(conn, ev->status);
1628                                 hci_conn_put(conn);
1629                         }
1630                 }
1631         }
1632
1633         hci_dev_unlock(hdev);
1634 }
1635
1636 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1637 {
1638         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1639         struct hci_conn *conn;
1640
1641         BT_DBG("%s status %d", hdev->name, ev->status);
1642
1643         hci_dev_lock(hdev);
1644
1645         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1646         if (!conn) {
1647                 if (ev->link_type == ESCO_LINK)
1648                         goto unlock;
1649
1650                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1651                 if (!conn)
1652                         goto unlock;
1653
1654                 conn->type = SCO_LINK;
1655         }
1656
1657         switch (ev->status) {
1658         case 0x00:
1659                 conn->handle = __le16_to_cpu(ev->handle);
1660                 conn->state  = BT_CONNECTED;
1661
1662                 hci_conn_add_sysfs(conn);
1663                 break;
1664
1665         case 0x1c:      /* SCO interval rejected */
1666         case 0x1f:      /* Unspecified error */
1667                 if (conn->out && conn->attempt < 2) {
1668                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1669                                         (hdev->esco_type & EDR_ESCO_MASK);
1670                         hci_setup_sync(conn, conn->link->handle);
1671                         goto unlock;
1672                 }
1673                 /* fall through */
1674
1675         default:
1676                 conn->state = BT_CLOSED;
1677                 break;
1678         }
1679
1680         hci_proto_connect_cfm(conn, ev->status);
1681         if (ev->status)
1682                 hci_conn_del(conn);
1683
1684 unlock:
1685         hci_dev_unlock(hdev);
1686 }
1687
1688 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1689 {
1690         BT_DBG("%s", hdev->name);
1691 }
1692
1693 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1694 {
1695         struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1696         struct hci_conn *conn;
1697
1698         BT_DBG("%s status %d", hdev->name, ev->status);
1699
1700         hci_dev_lock(hdev);
1701
1702         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1703         if (conn) {
1704         }
1705
1706         hci_dev_unlock(hdev);
1707 }
1708
1709 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1710 {
1711         struct inquiry_data data;
1712         struct extended_inquiry_info *info = (void *) (skb->data + 1);
1713         int num_rsp = *((__u8 *) skb->data);
1714
1715         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1716
1717         if (!num_rsp)
1718                 return;
1719
1720         hci_dev_lock(hdev);
1721
1722         for (; num_rsp; num_rsp--) {
1723                 bacpy(&data.bdaddr, &info->bdaddr);
1724                 data.pscan_rep_mode     = info->pscan_rep_mode;
1725                 data.pscan_period_mode  = info->pscan_period_mode;
1726                 data.pscan_mode         = 0x00;
1727                 memcpy(data.dev_class, info->dev_class, 3);
1728                 data.clock_offset       = info->clock_offset;
1729                 data.rssi               = info->rssi;
1730                 data.ssp_mode           = 0x01;
1731                 info++;
1732                 hci_inquiry_cache_update(hdev, &data);
1733         }
1734
1735         hci_dev_unlock(hdev);
1736 }
1737
1738 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1739 {
1740         struct hci_ev_io_capa_request *ev = (void *) skb->data;
1741         struct hci_conn *conn;
1742
1743         BT_DBG("%s", hdev->name);
1744
1745         hci_dev_lock(hdev);
1746
1747         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1748         if (conn)
1749                 hci_conn_hold(conn);
1750
1751         hci_dev_unlock(hdev);
1752 }
1753
1754 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1755 {
1756         struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1757         struct hci_conn *conn;
1758
1759         BT_DBG("%s", hdev->name);
1760
1761         hci_dev_lock(hdev);
1762
1763         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1764         if (conn)
1765                 hci_conn_put(conn);
1766
1767         hci_dev_unlock(hdev);
1768 }
1769
1770 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1771 {
1772         struct hci_ev_remote_host_features *ev = (void *) skb->data;
1773         struct inquiry_entry *ie;
1774
1775         BT_DBG("%s", hdev->name);
1776
1777         hci_dev_lock(hdev);
1778
1779         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1780                 ie->data.ssp_mode = (ev->features[0] & 0x01);
1781
1782         hci_dev_unlock(hdev);
1783 }
1784
1785 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1786 {
1787         struct hci_event_hdr *hdr = (void *) skb->data;
1788         __u8 event = hdr->evt;
1789
1790         skb_pull(skb, HCI_EVENT_HDR_SIZE);
1791
1792         switch (event) {
1793         case HCI_EV_INQUIRY_COMPLETE:
1794                 hci_inquiry_complete_evt(hdev, skb);
1795                 break;
1796
1797         case HCI_EV_INQUIRY_RESULT:
1798                 hci_inquiry_result_evt(hdev, skb);
1799                 break;
1800
1801         case HCI_EV_CONN_COMPLETE:
1802                 hci_conn_complete_evt(hdev, skb);
1803                 break;
1804
1805         case HCI_EV_CONN_REQUEST:
1806                 hci_conn_request_evt(hdev, skb);
1807                 break;
1808
1809         case HCI_EV_DISCONN_COMPLETE:
1810                 hci_disconn_complete_evt(hdev, skb);
1811                 break;
1812
1813         case HCI_EV_AUTH_COMPLETE:
1814                 hci_auth_complete_evt(hdev, skb);
1815                 break;
1816
1817         case HCI_EV_REMOTE_NAME:
1818                 hci_remote_name_evt(hdev, skb);
1819                 break;
1820
1821         case HCI_EV_ENCRYPT_CHANGE:
1822                 hci_encrypt_change_evt(hdev, skb);
1823                 break;
1824
1825         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1826                 hci_change_link_key_complete_evt(hdev, skb);
1827                 break;
1828
1829         case HCI_EV_REMOTE_FEATURES:
1830                 hci_remote_features_evt(hdev, skb);
1831                 break;
1832
1833         case HCI_EV_REMOTE_VERSION:
1834                 hci_remote_version_evt(hdev, skb);
1835                 break;
1836
1837         case HCI_EV_QOS_SETUP_COMPLETE:
1838                 hci_qos_setup_complete_evt(hdev, skb);
1839                 break;
1840
1841         case HCI_EV_CMD_COMPLETE:
1842                 hci_cmd_complete_evt(hdev, skb);
1843                 break;
1844
1845         case HCI_EV_CMD_STATUS:
1846                 hci_cmd_status_evt(hdev, skb);
1847                 break;
1848
1849         case HCI_EV_ROLE_CHANGE:
1850                 hci_role_change_evt(hdev, skb);
1851                 break;
1852
1853         case HCI_EV_NUM_COMP_PKTS:
1854                 hci_num_comp_pkts_evt(hdev, skb);
1855                 break;
1856
1857         case HCI_EV_MODE_CHANGE:
1858                 hci_mode_change_evt(hdev, skb);
1859                 break;
1860
1861         case HCI_EV_PIN_CODE_REQ:
1862                 hci_pin_code_request_evt(hdev, skb);
1863                 break;
1864
1865         case HCI_EV_LINK_KEY_REQ:
1866                 hci_link_key_request_evt(hdev, skb);
1867                 break;
1868
1869         case HCI_EV_LINK_KEY_NOTIFY:
1870                 hci_link_key_notify_evt(hdev, skb);
1871                 break;
1872
1873         case HCI_EV_CLOCK_OFFSET:
1874                 hci_clock_offset_evt(hdev, skb);
1875                 break;
1876
1877         case HCI_EV_PKT_TYPE_CHANGE:
1878                 hci_pkt_type_change_evt(hdev, skb);
1879                 break;
1880
1881         case HCI_EV_PSCAN_REP_MODE:
1882                 hci_pscan_rep_mode_evt(hdev, skb);
1883                 break;
1884
1885         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1886                 hci_inquiry_result_with_rssi_evt(hdev, skb);
1887                 break;
1888
1889         case HCI_EV_REMOTE_EXT_FEATURES:
1890                 hci_remote_ext_features_evt(hdev, skb);
1891                 break;
1892
1893         case HCI_EV_SYNC_CONN_COMPLETE:
1894                 hci_sync_conn_complete_evt(hdev, skb);
1895                 break;
1896
1897         case HCI_EV_SYNC_CONN_CHANGED:
1898                 hci_sync_conn_changed_evt(hdev, skb);
1899                 break;
1900
1901         case HCI_EV_SNIFF_SUBRATE:
1902                 hci_sniff_subrate_evt(hdev, skb);
1903                 break;
1904
1905         case HCI_EV_EXTENDED_INQUIRY_RESULT:
1906                 hci_extended_inquiry_result_evt(hdev, skb);
1907                 break;
1908
1909         case HCI_EV_IO_CAPA_REQUEST:
1910                 hci_io_capa_request_evt(hdev, skb);
1911                 break;
1912
1913         case HCI_EV_SIMPLE_PAIR_COMPLETE:
1914                 hci_simple_pair_complete_evt(hdev, skb);
1915                 break;
1916
1917         case HCI_EV_REMOTE_HOST_FEATURES:
1918                 hci_remote_host_features_evt(hdev, skb);
1919                 break;
1920
1921         default:
1922                 BT_DBG("%s event 0x%x", hdev->name, event);
1923                 break;
1924         }
1925
1926         kfree_skb(skb);
1927         hdev->stat.evt_rx++;
1928 }
1929
1930 /* Generate internal stack event */
1931 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1932 {
1933         struct hci_event_hdr *hdr;
1934         struct hci_ev_stack_internal *ev;
1935         struct sk_buff *skb;
1936
1937         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1938         if (!skb)
1939                 return;
1940
1941         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1942         hdr->evt  = HCI_EV_STACK_INTERNAL;
1943         hdr->plen = sizeof(*ev) + dlen;
1944
1945         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1946         ev->type = type;
1947         memcpy(ev->data, data, dlen);
1948
1949         bt_cb(skb)->incoming = 1;
1950         __net_timestamp(skb);
1951
1952         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1953         skb->dev = (void *) hdev;
1954         hci_send_to_sock(hdev, skb);
1955         kfree_skb(skb);
1956 }