c6cd243939e611519fc3ef418a5f1e2da2974a60
[pandora-kernel.git] / net / bluetooth / hci_event.c
1 /* 
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/interrupt.h>
39 #include <linux/notifier.h>
40 #include <net/sock.h>
41
42 #include <asm/system.h>
43 #include <asm/uaccess.h>
44 #include <asm/unaligned.h>
45
46 #include <net/bluetooth/bluetooth.h>
47 #include <net/bluetooth/hci_core.h>
48
49 #ifndef CONFIG_BT_HCI_CORE_DEBUG
50 #undef  BT_DBG
51 #define BT_DBG(D...)
52 #endif
53
54 /* Handle HCI Event packets */
55
56 /* Command Complete OGF LINK_CTL  */
57 static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
58 {
59         __u8 status;
60
61         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
62
63         switch (ocf) {
64         case OCF_INQUIRY_CANCEL:
65         case OCF_EXIT_PERIODIC_INQ:
66                 status = *((__u8 *) skb->data);
67
68                 if (status) {
69                         BT_DBG("%s Inquiry cancel error: status 0x%x", hdev->name, status);
70                 } else {
71                         clear_bit(HCI_INQUIRY, &hdev->flags);
72                         hci_req_complete(hdev, status);
73                 }
74                 break;
75
76         default:
77                 BT_DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
78                 break;
79         }
80 }
81
82 /* Command Complete OGF LINK_POLICY  */
83 static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
84 {
85         struct hci_conn *conn;
86         struct hci_rp_role_discovery *rd;
87         struct hci_rp_write_link_policy *lp;
88         void *sent;
89
90         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
91
92         switch (ocf) {
93         case OCF_ROLE_DISCOVERY: 
94                 rd = (void *) skb->data;
95
96                 if (rd->status)
97                         break;
98
99                 hci_dev_lock(hdev);
100
101                 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rd->handle));
102                 if (conn) {
103                         if (rd->role)
104                                 conn->link_mode &= ~HCI_LM_MASTER;
105                         else
106                                 conn->link_mode |= HCI_LM_MASTER;
107                 }
108
109                 hci_dev_unlock(hdev);
110                 break;
111
112         case OCF_WRITE_LINK_POLICY:
113                 sent = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY);
114                 if (!sent)
115                         break;
116
117                 lp = (struct hci_rp_write_link_policy *) skb->data;
118
119                 if (lp->status)
120                         break;
121
122                 hci_dev_lock(hdev);
123
124                 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(lp->handle));
125                 if (conn) {
126                         __le16 policy = get_unaligned((__le16 *) (sent + 2));
127                         conn->link_policy = __le16_to_cpu(policy);
128                 }
129
130                 hci_dev_unlock(hdev);
131                 break;
132
133         default:
134                 BT_DBG("%s: Command complete: ogf LINK_POLICY ocf %x", 
135                                 hdev->name, ocf);
136                 break;
137         }
138 }
139
140 /* Command Complete OGF HOST_CTL  */
141 static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
142 {
143         __u8 status, param;
144         __u16 setting;
145         struct hci_rp_read_voice_setting *vs;
146         void *sent;
147
148         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
149
150         switch (ocf) {
151         case OCF_RESET:
152                 status = *((__u8 *) skb->data);
153                 hci_req_complete(hdev, status);
154                 break;
155
156         case OCF_SET_EVENT_FLT:
157                 status = *((__u8 *) skb->data);
158                 if (status) {
159                         BT_DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
160                 } else {
161                         BT_DBG("%s SET_EVENT_FLT succeseful", hdev->name);
162                 }
163                 break;
164
165         case OCF_WRITE_AUTH_ENABLE:
166                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE);
167                 if (!sent)
168                         break;
169
170                 status = *((__u8 *) skb->data);
171                 param  = *((__u8 *) sent);
172
173                 if (!status) {
174                         if (param == AUTH_ENABLED)
175                                 set_bit(HCI_AUTH, &hdev->flags);
176                         else
177                                 clear_bit(HCI_AUTH, &hdev->flags);
178                 }
179                 hci_req_complete(hdev, status);
180                 break;
181
182         case OCF_WRITE_ENCRYPT_MODE:
183                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE);
184                 if (!sent)
185                         break;
186
187                 status = *((__u8 *) skb->data);
188                 param  = *((__u8 *) sent);
189
190                 if (!status) {
191                         if (param)
192                                 set_bit(HCI_ENCRYPT, &hdev->flags);
193                         else
194                                 clear_bit(HCI_ENCRYPT, &hdev->flags);
195                 }
196                 hci_req_complete(hdev, status);
197                 break;
198
199         case OCF_WRITE_CA_TIMEOUT:
200                 status = *((__u8 *) skb->data);
201                 if (status) {
202                         BT_DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
203                 } else {
204                         BT_DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
205                 }
206                 break;
207
208         case OCF_WRITE_PG_TIMEOUT:
209                 status = *((__u8 *) skb->data);
210                 if (status) {
211                         BT_DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
212                 } else {
213                         BT_DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
214                 }
215                 break;
216
217         case OCF_WRITE_SCAN_ENABLE:
218                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE);
219                 if (!sent)
220                         break;
221
222                 status = *((__u8 *) skb->data);
223                 param  = *((__u8 *) sent);
224
225                 BT_DBG("param 0x%x", param);
226
227                 if (!status) {
228                         clear_bit(HCI_PSCAN, &hdev->flags);
229                         clear_bit(HCI_ISCAN, &hdev->flags);
230                         if (param & SCAN_INQUIRY) 
231                                 set_bit(HCI_ISCAN, &hdev->flags);
232
233                         if (param & SCAN_PAGE) 
234                                 set_bit(HCI_PSCAN, &hdev->flags);
235                 }
236                 hci_req_complete(hdev, status);
237                 break;
238
239         case OCF_READ_VOICE_SETTING:
240                 vs = (struct hci_rp_read_voice_setting *) skb->data;
241
242                 if (vs->status) {
243                         BT_DBG("%s READ_VOICE_SETTING failed %d", hdev->name, vs->status);
244                         break;
245                 }
246
247                 setting = __le16_to_cpu(vs->voice_setting);
248
249                 if (hdev->voice_setting != setting ) {
250                         hdev->voice_setting = setting;
251
252                         BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
253
254                         if (hdev->notify) {
255                                 tasklet_disable(&hdev->tx_task);
256                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
257                                 tasklet_enable(&hdev->tx_task);
258                         }
259                 }
260                 break;
261
262         case OCF_WRITE_VOICE_SETTING:
263                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING);
264                 if (!sent)
265                         break;
266
267                 status = *((__u8 *) skb->data);
268                 setting = __le16_to_cpu(get_unaligned((__le16 *) sent));
269
270                 if (!status && hdev->voice_setting != setting) {
271                         hdev->voice_setting = setting;
272
273                         BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
274
275                         if (hdev->notify) {
276                                 tasklet_disable(&hdev->tx_task);
277                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
278                                 tasklet_enable(&hdev->tx_task);
279                         }
280                 }
281                 hci_req_complete(hdev, status);
282                 break;
283
284         case OCF_HOST_BUFFER_SIZE:
285                 status = *((__u8 *) skb->data);
286                 if (status) {
287                         BT_DBG("%s OCF_BUFFER_SIZE failed %d", hdev->name, status);
288                         hci_req_complete(hdev, status);
289                 }
290                 break;
291
292         default:
293                 BT_DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
294                 break;
295         }
296 }
297
298 /* Command Complete OGF INFO_PARAM  */
299 static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
300 {
301         struct hci_rp_read_local_features *lf;
302         struct hci_rp_read_buffer_size *bs;
303         struct hci_rp_read_bd_addr *ba;
304
305         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
306
307         switch (ocf) {
308         case OCF_READ_LOCAL_FEATURES:
309                 lf = (struct hci_rp_read_local_features *) skb->data;
310
311                 if (lf->status) {
312                         BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
313                         break;
314                 }
315
316                 memcpy(hdev->features, lf->features, sizeof(hdev->features));
317
318                 /* Adjust default settings according to features 
319                  * supported by device. */
320                 if (hdev->features[0] & LMP_3SLOT)
321                         hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
322
323                 if (hdev->features[0] & LMP_5SLOT)
324                         hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
325
326                 if (hdev->features[1] & LMP_HV2)
327                         hdev->pkt_type |= (HCI_HV2);
328
329                 if (hdev->features[1] & LMP_HV3)
330                         hdev->pkt_type |= (HCI_HV3);
331
332                 BT_DBG("%s: features 0x%x 0x%x 0x%x", hdev->name, lf->features[0], lf->features[1], lf->features[2]);
333
334                 break;
335
336         case OCF_READ_BUFFER_SIZE:
337                 bs = (struct hci_rp_read_buffer_size *) skb->data;
338
339                 if (bs->status) {
340                         BT_DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
341                         hci_req_complete(hdev, bs->status);
342                         break;
343                 }
344
345                 hdev->acl_mtu  = __le16_to_cpu(bs->acl_mtu);
346                 hdev->sco_mtu  = bs->sco_mtu;
347                 hdev->acl_pkts = __le16_to_cpu(bs->acl_max_pkt);
348                 hdev->sco_pkts = __le16_to_cpu(bs->sco_max_pkt);
349
350                 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
351                         hdev->sco_mtu  = 64;
352                         hdev->sco_pkts = 8;
353                 }
354
355                 hdev->acl_cnt = hdev->acl_pkts;
356                 hdev->sco_cnt = hdev->sco_pkts;
357
358                 BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
359                         hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts);
360                 break;
361
362         case OCF_READ_BD_ADDR:
363                 ba = (struct hci_rp_read_bd_addr *) skb->data;
364
365                 if (!ba->status) {
366                         bacpy(&hdev->bdaddr, &ba->bdaddr);
367                 } else {
368                         BT_DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
369                 }
370
371                 hci_req_complete(hdev, ba->status);
372                 break;
373
374         default:
375                 BT_DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
376                 break;
377         }
378 }
379
380 /* Command Status OGF LINK_CTL  */
381 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
382 {
383         struct hci_conn *conn;
384         struct hci_cp_create_conn *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
385
386         if (!cp)
387                 return;
388
389         hci_dev_lock(hdev);
390
391         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
392
393         BT_DBG("%s status 0x%x bdaddr %s conn %p", hdev->name,
394                         status, batostr(&cp->bdaddr), conn);
395
396         if (status) {
397                 if (conn && conn->state == BT_CONNECT) {
398                         conn->state = BT_CLOSED;
399                         hci_proto_connect_cfm(conn, status);
400                         hci_conn_del(conn);
401                 }
402         } else {
403                 if (!conn) {
404                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
405                         if (conn) {
406                                 conn->out = 1;
407                                 conn->link_mode |= HCI_LM_MASTER;
408                         } else
409                                 BT_ERR("No memmory for new connection");
410                 }
411         }
412
413         hci_dev_unlock(hdev);
414 }
415
416 static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
417 {
418         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
419
420         switch (ocf) {
421         case OCF_CREATE_CONN:
422                 hci_cs_create_conn(hdev, status);
423                 break;
424
425         case OCF_ADD_SCO:
426                 if (status) {
427                         struct hci_conn *acl, *sco;
428                         struct hci_cp_add_sco *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_ADD_SCO);
429                         __u16 handle;
430
431                         if (!cp)
432                                 break;
433
434                         handle = __le16_to_cpu(cp->handle);
435
436                         BT_DBG("%s Add SCO error: handle %d status 0x%x", hdev->name, handle, status);
437
438                         hci_dev_lock(hdev);
439
440                         acl = hci_conn_hash_lookup_handle(hdev, handle);
441                         if (acl && (sco = acl->link)) {
442                                 sco->state = BT_CLOSED;
443
444                                 hci_proto_connect_cfm(sco, status);
445                                 hci_conn_del(sco);
446                         }
447
448                         hci_dev_unlock(hdev);
449                 }
450                 break;
451
452         case OCF_INQUIRY:
453                 if (status) {
454                         BT_DBG("%s Inquiry error: status 0x%x", hdev->name, status);
455                         hci_req_complete(hdev, status);
456                 } else {
457                         set_bit(HCI_INQUIRY, &hdev->flags);
458                 }
459                 break;
460
461         default:
462                 BT_DBG("%s Command status: ogf LINK_CTL ocf %x status %d", 
463                         hdev->name, ocf, status);
464                 break;
465         }
466 }
467
468 /* Command Status OGF LINK_POLICY */
469 static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
470 {
471         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
472
473         switch (ocf) {
474         case OCF_SNIFF_MODE:
475                 if (status) {
476                         struct hci_conn *conn;
477                         struct hci_cp_sniff_mode *cp = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_SNIFF_MODE);
478
479                         if (!cp)
480                                 break;
481
482                         hci_dev_lock(hdev);
483
484                         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
485                         if (conn) {
486                                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
487                         }
488
489                         hci_dev_unlock(hdev);
490                 }
491                 break;
492
493         case OCF_EXIT_SNIFF_MODE:
494                 if (status) {
495                         struct hci_conn *conn;
496                         struct hci_cp_exit_sniff_mode *cp = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_EXIT_SNIFF_MODE);
497
498                         if (!cp)
499                                 break;
500
501                         hci_dev_lock(hdev);
502
503                         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
504                         if (conn) {
505                                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
506                         }
507
508                         hci_dev_unlock(hdev);
509                 }
510                 break;
511
512         default:
513                 BT_DBG("%s Command status: ogf LINK_POLICY ocf %x", hdev->name, ocf);
514                 break;
515         }
516 }
517
518 /* Command Status OGF HOST_CTL */
519 static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
520 {
521         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
522
523         switch (ocf) {
524         default:
525                 BT_DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
526                 break;
527         }
528 }
529
530 /* Command Status OGF INFO_PARAM  */
531 static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
532 {
533         BT_DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
534
535         switch (ocf) {
536         default:
537                 BT_DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
538                 break;
539         }
540 }
541
542 /* Inquiry Complete */
543 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
544 {
545         __u8 status = *((__u8 *) skb->data);
546
547         BT_DBG("%s status %d", hdev->name, status);
548
549         clear_bit(HCI_INQUIRY, &hdev->flags);
550         hci_req_complete(hdev, status);
551 }
552
553 /* Inquiry Result */
554 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
555 {
556         struct inquiry_data data;
557         struct inquiry_info *info = (struct inquiry_info *) (skb->data + 1);
558         int num_rsp = *((__u8 *) skb->data);
559
560         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
561
562         if (!num_rsp)
563                 return;
564
565         hci_dev_lock(hdev);
566
567         for (; num_rsp; num_rsp--) {
568                 bacpy(&data.bdaddr, &info->bdaddr);
569                 data.pscan_rep_mode     = info->pscan_rep_mode;
570                 data.pscan_period_mode  = info->pscan_period_mode;
571                 data.pscan_mode         = info->pscan_mode;
572                 memcpy(data.dev_class, info->dev_class, 3);
573                 data.clock_offset       = info->clock_offset;
574                 data.rssi               = 0x00;
575                 info++;
576                 hci_inquiry_cache_update(hdev, &data);
577         }
578
579         hci_dev_unlock(hdev);
580 }
581
582 /* Inquiry Result With RSSI */
583 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
584 {
585         struct inquiry_data data;
586         int num_rsp = *((__u8 *) skb->data);
587
588         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
589
590         if (!num_rsp)
591                 return;
592
593         hci_dev_lock(hdev);
594
595         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
596                 struct inquiry_info_with_rssi_and_pscan_mode *info =
597                         (struct inquiry_info_with_rssi_and_pscan_mode *) (skb->data + 1);
598
599                 for (; num_rsp; num_rsp--) {
600                         bacpy(&data.bdaddr, &info->bdaddr);
601                         data.pscan_rep_mode     = info->pscan_rep_mode;
602                         data.pscan_period_mode  = info->pscan_period_mode;
603                         data.pscan_mode         = info->pscan_mode;
604                         memcpy(data.dev_class, info->dev_class, 3);
605                         data.clock_offset       = info->clock_offset;
606                         data.rssi               = info->rssi;
607                         info++;
608                         hci_inquiry_cache_update(hdev, &data);
609                 }
610         } else {
611                 struct inquiry_info_with_rssi *info =
612                         (struct inquiry_info_with_rssi *) (skb->data + 1);
613
614                 for (; num_rsp; num_rsp--) {
615                         bacpy(&data.bdaddr, &info->bdaddr);
616                         data.pscan_rep_mode     = info->pscan_rep_mode;
617                         data.pscan_period_mode  = info->pscan_period_mode;
618                         data.pscan_mode         = 0x00;
619                         memcpy(data.dev_class, info->dev_class, 3);
620                         data.clock_offset       = info->clock_offset;
621                         data.rssi               = info->rssi;
622                         info++;
623                         hci_inquiry_cache_update(hdev, &data);
624                 }
625         }
626
627         hci_dev_unlock(hdev);
628 }
629
630 /* Extended Inquiry Result */
631 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
632 {
633         struct inquiry_data data;
634         struct extended_inquiry_info *info = (struct extended_inquiry_info *) (skb->data + 1);
635         int num_rsp = *((__u8 *) skb->data);
636
637         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
638
639         if (!num_rsp)
640                 return;
641
642         hci_dev_lock(hdev);
643
644         for (; num_rsp; num_rsp--) {
645                 bacpy(&data.bdaddr, &info->bdaddr);
646                 data.pscan_rep_mode     = info->pscan_rep_mode;
647                 data.pscan_period_mode  = info->pscan_period_mode;
648                 data.pscan_mode         = 0x00;
649                 memcpy(data.dev_class, info->dev_class, 3);
650                 data.clock_offset       = info->clock_offset;
651                 data.rssi               = info->rssi;
652                 info++;
653                 hci_inquiry_cache_update(hdev, &data);
654         }
655
656         hci_dev_unlock(hdev);
657 }
658
659 /* Connect Request */
660 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
661 {
662         struct hci_ev_conn_request *ev = (struct hci_ev_conn_request *) skb->data;
663         int mask = hdev->link_mode;
664
665         BT_DBG("%s Connection request: %s type 0x%x", hdev->name,
666                         batostr(&ev->bdaddr), ev->link_type);
667
668         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
669
670         if (mask & HCI_LM_ACCEPT) {
671                 /* Connection accepted */
672                 struct hci_conn *conn;
673                 struct hci_cp_accept_conn_req cp;
674
675                 hci_dev_lock(hdev);
676                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
677                 if (!conn) {
678                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
679                                 BT_ERR("No memmory for new connection");
680                                 hci_dev_unlock(hdev);
681                                 return;
682                         }
683                 }
684                 memcpy(conn->dev_class, ev->dev_class, 3);
685                 conn->state = BT_CONNECT;
686                 hci_dev_unlock(hdev);
687
688                 bacpy(&cp.bdaddr, &ev->bdaddr);
689
690                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
691                         cp.role = 0x00; /* Become master */
692                 else
693                         cp.role = 0x01; /* Remain slave */
694
695                 hci_send_cmd(hdev, OGF_LINK_CTL,
696                                 OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp);
697         } else {
698                 /* Connection rejected */
699                 struct hci_cp_reject_conn_req cp;
700
701                 bacpy(&cp.bdaddr, &ev->bdaddr);
702                 cp.reason = 0x0f;
703                 hci_send_cmd(hdev, OGF_LINK_CTL,
704                                 OCF_REJECT_CONN_REQ, sizeof(cp), &cp);
705         }
706 }
707
708 /* Connect Complete */
709 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
710 {
711         struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
712         struct hci_conn *conn;
713
714         BT_DBG("%s", hdev->name);
715
716         hci_dev_lock(hdev);
717
718         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
719         if (!conn) {
720                 hci_dev_unlock(hdev);
721                 return;
722         }
723
724         if (!ev->status) {
725                 conn->handle = __le16_to_cpu(ev->handle);
726                 conn->state  = BT_CONNECTED;
727
728                 if (test_bit(HCI_AUTH, &hdev->flags))
729                         conn->link_mode |= HCI_LM_AUTH;
730
731                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
732                         conn->link_mode |= HCI_LM_ENCRYPT;
733
734                 /* Get remote features */
735                 if (conn->type == ACL_LINK) {
736                         struct hci_cp_read_remote_features cp;
737                         cp.handle = ev->handle;
738                         hci_send_cmd(hdev, OGF_LINK_CTL,
739                                 OCF_READ_REMOTE_FEATURES, sizeof(cp), &cp);
740                 }
741
742                 /* Set link policy */
743                 if (conn->type == ACL_LINK && hdev->link_policy) {
744                         struct hci_cp_write_link_policy cp;
745                         cp.handle = ev->handle;
746                         cp.policy = __cpu_to_le16(hdev->link_policy);
747                         hci_send_cmd(hdev, OGF_LINK_POLICY,
748                                 OCF_WRITE_LINK_POLICY, sizeof(cp), &cp);
749                 }
750
751                 /* Set packet type for incoming connection */
752                 if (!conn->out) {
753                         struct hci_cp_change_conn_ptype cp;
754                         cp.handle = ev->handle;
755                         cp.pkt_type = (conn->type == ACL_LINK) ? 
756                                 __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
757                                 __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
758
759                         hci_send_cmd(hdev, OGF_LINK_CTL,
760                                 OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
761                 }
762         } else
763                 conn->state = BT_CLOSED;
764
765         if (conn->type == ACL_LINK) {
766                 struct hci_conn *sco = conn->link;
767                 if (sco) {
768                         if (!ev->status)
769                                 hci_add_sco(sco, conn->handle);
770                         else {
771                                 hci_proto_connect_cfm(sco, ev->status);
772                                 hci_conn_del(sco);
773                         }
774                 }
775         }
776
777         hci_proto_connect_cfm(conn, ev->status);
778         if (ev->status)
779                 hci_conn_del(conn);
780
781         hci_dev_unlock(hdev);
782 }
783
784 /* Disconnect Complete */
785 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
786 {
787         struct hci_ev_disconn_complete *ev = (struct hci_ev_disconn_complete *) skb->data;
788         struct hci_conn *conn;
789
790         BT_DBG("%s status %d", hdev->name, ev->status);
791
792         if (ev->status)
793                 return;
794
795         hci_dev_lock(hdev);
796
797         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
798         if (conn) {
799                 conn->state = BT_CLOSED;
800                 hci_proto_disconn_ind(conn, ev->reason);
801                 hci_conn_del(conn);
802         }
803
804         hci_dev_unlock(hdev);
805 }
806
807 /* Number of completed packets */
808 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
809 {
810         struct hci_ev_num_comp_pkts *ev = (struct hci_ev_num_comp_pkts *) skb->data;
811         __le16 *ptr;
812         int i;
813
814         skb_pull(skb, sizeof(*ev));
815
816         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
817
818         if (skb->len < ev->num_hndl * 4) {
819                 BT_DBG("%s bad parameters", hdev->name);
820                 return;
821         }
822
823         tasklet_disable(&hdev->tx_task);
824
825         for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
826                 struct hci_conn *conn;
827                 __u16  handle, count;
828
829                 handle = __le16_to_cpu(get_unaligned(ptr++));
830                 count  = __le16_to_cpu(get_unaligned(ptr++));
831
832                 conn = hci_conn_hash_lookup_handle(hdev, handle);
833                 if (conn) {
834                         conn->sent -= count;
835
836                         if (conn->type == SCO_LINK) {
837                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
838                                         hdev->sco_cnt = hdev->sco_pkts;
839                         } else {
840                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
841                                         hdev->acl_cnt = hdev->acl_pkts;
842                         }
843                 }
844         }
845         hci_sched_tx(hdev);
846
847         tasklet_enable(&hdev->tx_task);
848 }
849
850 /* Role Change */
851 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
852 {
853         struct hci_ev_role_change *ev = (struct hci_ev_role_change *) skb->data;
854         struct hci_conn *conn;
855
856         BT_DBG("%s status %d", hdev->name, ev->status);
857
858         hci_dev_lock(hdev);
859
860         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
861         if (conn) {
862                 if (!ev->status) {
863                         if (ev->role)
864                                 conn->link_mode &= ~HCI_LM_MASTER;
865                         else
866                                 conn->link_mode |= HCI_LM_MASTER;
867                 }
868
869                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
870
871                 hci_role_switch_cfm(conn, ev->status, ev->role);
872         }
873
874         hci_dev_unlock(hdev);
875 }
876
877 /* Mode Change */
878 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
879 {
880         struct hci_ev_mode_change *ev = (struct hci_ev_mode_change *) skb->data;
881         struct hci_conn *conn;
882
883         BT_DBG("%s status %d", hdev->name, ev->status);
884
885         hci_dev_lock(hdev);
886
887         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
888         if (conn) {
889                 conn->mode = ev->mode;
890                 conn->interval = __le16_to_cpu(ev->interval);
891
892                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
893                         if (conn->mode == HCI_CM_ACTIVE)
894                                 conn->power_save = 1;
895                         else
896                                 conn->power_save = 0;
897                 }
898         }
899
900         hci_dev_unlock(hdev);
901 }
902
903 /* Authentication Complete */
904 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
905 {
906         struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data;
907         struct hci_conn *conn;
908
909         BT_DBG("%s status %d", hdev->name, ev->status);
910
911         hci_dev_lock(hdev);
912
913         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
914         if (conn) {
915                 if (!ev->status)
916                         conn->link_mode |= HCI_LM_AUTH;
917
918                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
919
920                 hci_auth_cfm(conn, ev->status);
921
922                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
923                         if (!ev->status) {
924                                 struct hci_cp_set_conn_encrypt cp;
925                                 cp.handle  = __cpu_to_le16(conn->handle);
926                                 cp.encrypt = 1;
927                                 hci_send_cmd(conn->hdev, OGF_LINK_CTL,
928                                         OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
929                         } else {
930                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
931                                 hci_encrypt_cfm(conn, ev->status, 0x00);
932                         }
933                 }
934         }
935
936         hci_dev_unlock(hdev);
937 }
938
939 /* Encryption Change */
940 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
941 {
942         struct hci_ev_encrypt_change *ev = (struct hci_ev_encrypt_change *) skb->data;
943         struct hci_conn *conn;
944
945         BT_DBG("%s status %d", hdev->name, ev->status);
946
947         hci_dev_lock(hdev);
948
949         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
950         if (conn) {
951                 if (!ev->status) {
952                         if (ev->encrypt)
953                                 conn->link_mode |= HCI_LM_ENCRYPT;
954                         else
955                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
956                 }
957
958                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
959
960                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
961         }
962
963         hci_dev_unlock(hdev);
964 }
965
966 /* Change Connection Link Key Complete */
967 static inline void hci_change_conn_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
968 {
969         struct hci_ev_change_conn_link_key_complete *ev = (struct hci_ev_change_conn_link_key_complete *) skb->data;
970         struct hci_conn *conn;
971
972         BT_DBG("%s status %d", hdev->name, ev->status);
973
974         hci_dev_lock(hdev);
975
976         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
977         if (conn) {
978                 if (!ev->status)
979                         conn->link_mode |= HCI_LM_SECURE;
980
981                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
982
983                 hci_key_change_cfm(conn, ev->status);
984         }
985
986         hci_dev_unlock(hdev);
987 }
988
989 /* Pin Code Request*/
990 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
991 {
992 }
993
994 /* Link Key Request */
995 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
996 {
997 }
998
999 /* Link Key Notification */
1000 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1001 {
1002 }
1003
1004 /* Remote Features */
1005 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1006 {
1007         struct hci_ev_remote_features *ev = (struct hci_ev_remote_features *) skb->data;
1008         struct hci_conn *conn;
1009
1010         BT_DBG("%s status %d", hdev->name, ev->status);
1011
1012         hci_dev_lock(hdev);
1013
1014         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1015         if (conn && !ev->status) {
1016                 memcpy(conn->features, ev->features, sizeof(conn->features));
1017         }
1018
1019         hci_dev_unlock(hdev);
1020 }
1021
1022 /* Clock Offset */
1023 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1024 {
1025         struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data;
1026         struct hci_conn *conn;
1027
1028         BT_DBG("%s status %d", hdev->name, ev->status);
1029
1030         hci_dev_lock(hdev);
1031
1032         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1033         if (conn && !ev->status) {
1034                 struct inquiry_entry *ie;
1035
1036                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1037                         ie->data.clock_offset = ev->clock_offset;
1038                         ie->timestamp = jiffies;
1039                 }
1040         }
1041
1042         hci_dev_unlock(hdev);
1043 }
1044
1045 /* Page Scan Repetition Mode */
1046 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1047 {
1048         struct hci_ev_pscan_rep_mode *ev = (struct hci_ev_pscan_rep_mode *) skb->data;
1049         struct inquiry_entry *ie;
1050
1051         BT_DBG("%s", hdev->name);
1052
1053         hci_dev_lock(hdev);
1054
1055         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1056                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1057                 ie->timestamp = jiffies;
1058         }
1059
1060         hci_dev_unlock(hdev);
1061 }
1062
1063 /* Sniff Subrate */
1064 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1065 {
1066         struct hci_ev_sniff_subrate *ev = (struct hci_ev_sniff_subrate *) skb->data;
1067         struct hci_conn *conn;
1068
1069         BT_DBG("%s status %d", hdev->name, ev->status);
1070
1071         hci_dev_lock(hdev);
1072
1073         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1074         if (conn) {
1075         }
1076
1077         hci_dev_unlock(hdev);
1078 }
1079
1080 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1081 {
1082         struct hci_event_hdr *hdr = (struct hci_event_hdr *) skb->data;
1083         struct hci_ev_cmd_complete *ec;
1084         struct hci_ev_cmd_status *cs;
1085         u16 opcode, ocf, ogf;
1086
1087         skb_pull(skb, HCI_EVENT_HDR_SIZE);
1088
1089         BT_DBG("%s evt 0x%x", hdev->name, hdr->evt);
1090
1091         switch (hdr->evt) {
1092         case HCI_EV_NUM_COMP_PKTS:
1093                 hci_num_comp_pkts_evt(hdev, skb);
1094                 break;
1095
1096         case HCI_EV_INQUIRY_COMPLETE:
1097                 hci_inquiry_complete_evt(hdev, skb);
1098                 break;
1099
1100         case HCI_EV_INQUIRY_RESULT:
1101                 hci_inquiry_result_evt(hdev, skb);
1102                 break;
1103
1104         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1105                 hci_inquiry_result_with_rssi_evt(hdev, skb);
1106                 break;
1107
1108         case HCI_EV_EXTENDED_INQUIRY_RESULT:
1109                 hci_extended_inquiry_result_evt(hdev, skb);
1110                 break;
1111
1112         case HCI_EV_CONN_REQUEST:
1113                 hci_conn_request_evt(hdev, skb);
1114                 break;
1115
1116         case HCI_EV_CONN_COMPLETE:
1117                 hci_conn_complete_evt(hdev, skb);
1118                 break;
1119
1120         case HCI_EV_DISCONN_COMPLETE:
1121                 hci_disconn_complete_evt(hdev, skb);
1122                 break;
1123
1124         case HCI_EV_ROLE_CHANGE:
1125                 hci_role_change_evt(hdev, skb);
1126                 break;
1127
1128         case HCI_EV_MODE_CHANGE:
1129                 hci_mode_change_evt(hdev, skb);
1130                 break;
1131
1132         case HCI_EV_AUTH_COMPLETE:
1133                 hci_auth_complete_evt(hdev, skb);
1134                 break;
1135
1136         case HCI_EV_ENCRYPT_CHANGE:
1137                 hci_encrypt_change_evt(hdev, skb);
1138                 break;
1139
1140         case HCI_EV_CHANGE_CONN_LINK_KEY_COMPLETE:
1141                 hci_change_conn_link_key_complete_evt(hdev, skb);
1142                 break;
1143
1144         case HCI_EV_PIN_CODE_REQ:
1145                 hci_pin_code_request_evt(hdev, skb);
1146                 break;
1147
1148         case HCI_EV_LINK_KEY_REQ:
1149                 hci_link_key_request_evt(hdev, skb);
1150                 break;
1151
1152         case HCI_EV_LINK_KEY_NOTIFY:
1153                 hci_link_key_notify_evt(hdev, skb);
1154                 break;
1155
1156         case HCI_EV_REMOTE_FEATURES:
1157                 hci_remote_features_evt(hdev, skb);
1158                 break;
1159
1160         case HCI_EV_CLOCK_OFFSET:
1161                 hci_clock_offset_evt(hdev, skb);
1162                 break;
1163
1164         case HCI_EV_PSCAN_REP_MODE:
1165                 hci_pscan_rep_mode_evt(hdev, skb);
1166                 break;
1167
1168         case HCI_EV_SNIFF_SUBRATE:
1169                 hci_sniff_subrate_evt(hdev, skb);
1170                 break;
1171
1172         case HCI_EV_CMD_STATUS:
1173                 cs = (struct hci_ev_cmd_status *) skb->data;
1174                 skb_pull(skb, sizeof(cs));
1175
1176                 opcode = __le16_to_cpu(cs->opcode);
1177                 ogf = hci_opcode_ogf(opcode);
1178                 ocf = hci_opcode_ocf(opcode);
1179
1180                 switch (ogf) {
1181                 case OGF_INFO_PARAM:
1182                         hci_cs_info_param(hdev, ocf, cs->status);
1183                         break;
1184
1185                 case OGF_HOST_CTL:
1186                         hci_cs_host_ctl(hdev, ocf, cs->status);
1187                         break;
1188
1189                 case OGF_LINK_CTL:
1190                         hci_cs_link_ctl(hdev, ocf, cs->status);
1191                         break;
1192
1193                 case OGF_LINK_POLICY:
1194                         hci_cs_link_policy(hdev, ocf, cs->status);
1195                         break;
1196
1197                 default:
1198                         BT_DBG("%s Command Status OGF %x", hdev->name, ogf);
1199                         break;
1200                 }
1201
1202                 if (cs->ncmd) {
1203                         atomic_set(&hdev->cmd_cnt, 1);
1204                         if (!skb_queue_empty(&hdev->cmd_q))
1205                                 hci_sched_cmd(hdev);
1206                 }
1207                 break;
1208
1209         case HCI_EV_CMD_COMPLETE:
1210                 ec = (struct hci_ev_cmd_complete *) skb->data;
1211                 skb_pull(skb, sizeof(*ec));
1212
1213                 opcode = __le16_to_cpu(ec->opcode);
1214                 ogf = hci_opcode_ogf(opcode);
1215                 ocf = hci_opcode_ocf(opcode);
1216
1217                 switch (ogf) {
1218                 case OGF_INFO_PARAM:
1219                         hci_cc_info_param(hdev, ocf, skb);
1220                         break;
1221
1222                 case OGF_HOST_CTL:
1223                         hci_cc_host_ctl(hdev, ocf, skb);
1224                         break;
1225
1226                 case OGF_LINK_CTL:
1227                         hci_cc_link_ctl(hdev, ocf, skb);
1228                         break;
1229
1230                 case OGF_LINK_POLICY:
1231                         hci_cc_link_policy(hdev, ocf, skb);
1232                         break;
1233
1234                 default:
1235                         BT_DBG("%s Command Completed OGF %x", hdev->name, ogf);
1236                         break;
1237                 }
1238
1239                 if (ec->ncmd) {
1240                         atomic_set(&hdev->cmd_cnt, 1);
1241                         if (!skb_queue_empty(&hdev->cmd_q))
1242                                 hci_sched_cmd(hdev);
1243                 }
1244                 break;
1245         }
1246
1247         kfree_skb(skb);
1248         hdev->stat.evt_rx++;
1249 }
1250
1251 /* Generate internal stack event */
1252 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1253 {
1254         struct hci_event_hdr *hdr;
1255         struct hci_ev_stack_internal *ev;
1256         struct sk_buff *skb;
1257
1258         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1259         if (!skb)
1260                 return;
1261
1262         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1263         hdr->evt  = HCI_EV_STACK_INTERNAL;
1264         hdr->plen = sizeof(*ev) + dlen;
1265
1266         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1267         ev->type = type;
1268         memcpy(ev->data, data, dlen);
1269
1270         bt_cb(skb)->incoming = 1;
1271         __net_timestamp(skb);
1272
1273         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1274         skb->dev = (void *) hdev;
1275         hci_send_to_sock(hdev, skb);
1276         kfree_skb(skb);
1277 }