d4d2dcc40fc7bdaf521f581b48ade1b10e8e9e59
[pandora-kernel.git] / net / bluetooth / hci_event.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
49 #undef  BT_DBG
50 #define BT_DBG(D...)
51 #endif
52
53 /* Handle HCI Event packets */
54
55 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
56 {
57         __u8 status = *((__u8 *) skb->data);
58
59         BT_DBG("%s status 0x%x", hdev->name, status);
60
61         if (status)
62                 return;
63
64         clear_bit(HCI_INQUIRY, &hdev->flags);
65
66         hci_req_complete(hdev, status);
67
68         hci_conn_check_pending(hdev);
69 }
70
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 {
73         __u8 status = *((__u8 *) skb->data);
74
75         BT_DBG("%s status 0x%x", hdev->name, status);
76
77         if (status)
78                 return;
79
80         clear_bit(HCI_INQUIRY, &hdev->flags);
81
82         hci_conn_check_pending(hdev);
83 }
84
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 {
87         BT_DBG("%s", hdev->name);
88 }
89
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 {
92         struct hci_rp_role_discovery *rp = (void *) skb->data;
93         struct hci_conn *conn;
94
95         BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97         if (rp->status)
98                 return;
99
100         hci_dev_lock(hdev);
101
102         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103         if (conn) {
104                 if (rp->role)
105                         conn->link_mode &= ~HCI_LM_MASTER;
106                 else
107                         conn->link_mode |= HCI_LM_MASTER;
108         }
109
110         hci_dev_unlock(hdev);
111 }
112
113 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 {
115         struct hci_rp_write_link_policy *rp = (void *) skb->data;
116         struct hci_conn *conn;
117         void *sent;
118
119         BT_DBG("%s status 0x%x", hdev->name, rp->status);
120
121         if (rp->status)
122                 return;
123
124         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
125         if (!sent)
126                 return;
127
128         hci_dev_lock(hdev);
129
130         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131         if (conn) {
132                 conn->link_policy = get_unaligned_le16(sent + 2);
133         }
134
135         hci_dev_unlock(hdev);
136 }
137
138 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
139 {
140         __u8 status = *((__u8 *) skb->data);
141
142         BT_DBG("%s status 0x%x", hdev->name, status);
143
144         hci_req_complete(hdev, status);
145 }
146
147 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
148 {
149         __u8 status = *((__u8 *) skb->data);
150         void *sent;
151
152         BT_DBG("%s status 0x%x", hdev->name, status);
153
154         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
155         if (!sent)
156                 return;
157
158         if (!status)
159                 memcpy(hdev->dev_name, sent, 248);
160 }
161
162 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
163 {
164         struct hci_rp_read_local_name *rp = (void *) skb->data;
165
166         BT_DBG("%s status 0x%x", hdev->name, rp->status);
167
168         if (rp->status)
169                 return;
170
171         memcpy(hdev->dev_name, rp->name, 248);
172 }
173
174 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
175 {
176         __u8 status = *((__u8 *) skb->data);
177         void *sent;
178
179         BT_DBG("%s status 0x%x", hdev->name, status);
180
181         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
182         if (!sent)
183                 return;
184
185         if (!status) {
186                 __u8 param = *((__u8 *) sent);
187
188                 if (param == AUTH_ENABLED)
189                         set_bit(HCI_AUTH, &hdev->flags);
190                 else
191                         clear_bit(HCI_AUTH, &hdev->flags);
192         }
193
194         hci_req_complete(hdev, status);
195 }
196
197 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
198 {
199         __u8 status = *((__u8 *) skb->data);
200         void *sent;
201
202         BT_DBG("%s status 0x%x", hdev->name, status);
203
204         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
205         if (!sent)
206                 return;
207
208         if (!status) {
209                 __u8 param = *((__u8 *) sent);
210
211                 if (param)
212                         set_bit(HCI_ENCRYPT, &hdev->flags);
213                 else
214                         clear_bit(HCI_ENCRYPT, &hdev->flags);
215         }
216
217         hci_req_complete(hdev, status);
218 }
219
220 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
221 {
222         __u8 status = *((__u8 *) skb->data);
223         void *sent;
224
225         BT_DBG("%s status 0x%x", hdev->name, status);
226
227         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
228         if (!sent)
229                 return;
230
231         if (!status) {
232                 __u8 param = *((__u8 *) sent);
233
234                 clear_bit(HCI_PSCAN, &hdev->flags);
235                 clear_bit(HCI_ISCAN, &hdev->flags);
236
237                 if (param & SCAN_INQUIRY)
238                         set_bit(HCI_ISCAN, &hdev->flags);
239
240                 if (param & SCAN_PAGE)
241                         set_bit(HCI_PSCAN, &hdev->flags);
242         }
243
244         hci_req_complete(hdev, status);
245 }
246
247 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
248 {
249         struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
250
251         BT_DBG("%s status 0x%x", hdev->name, rp->status);
252
253         if (rp->status)
254                 return;
255
256         memcpy(hdev->dev_class, rp->dev_class, 3);
257
258         BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
259                 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
260 }
261
262 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
263 {
264         __u8 status = *((__u8 *) skb->data);
265         void *sent;
266
267         BT_DBG("%s status 0x%x", hdev->name, status);
268
269         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
270         if (!sent)
271                 return;
272
273         if (!status)
274                 memcpy(hdev->dev_class, sent, 3);
275 }
276
277 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
278 {
279         struct hci_rp_read_voice_setting *rp = (void *) skb->data;
280         __u16 setting;
281
282         BT_DBG("%s status 0x%x", hdev->name, rp->status);
283
284         if (rp->status)
285                 return;
286
287         setting = __le16_to_cpu(rp->voice_setting);
288
289         if (hdev->voice_setting == setting )
290                 return;
291
292         hdev->voice_setting = setting;
293
294         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
295
296         if (hdev->notify) {
297                 tasklet_disable(&hdev->tx_task);
298                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
299                 tasklet_enable(&hdev->tx_task);
300         }
301 }
302
303 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
304 {
305         __u8 status = *((__u8 *) skb->data);
306         void *sent;
307
308         BT_DBG("%s status 0x%x", hdev->name, status);
309
310         sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
311         if (!sent)
312                 return;
313
314         if (!status) {
315                 __u16 setting = get_unaligned_le16(sent);
316
317                 if (hdev->voice_setting != setting) {
318                         hdev->voice_setting = setting;
319
320                         BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
321
322                         if (hdev->notify) {
323                                 tasklet_disable(&hdev->tx_task);
324                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
325                                 tasklet_enable(&hdev->tx_task);
326                         }
327                 }
328         }
329 }
330
331 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
332 {
333         __u8 status = *((__u8 *) skb->data);
334
335         BT_DBG("%s status 0x%x", hdev->name, status);
336
337         hci_req_complete(hdev, status);
338 }
339
340 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
341 {
342         struct hci_rp_read_local_version *rp = (void *) skb->data;
343
344         BT_DBG("%s status 0x%x", hdev->name, rp->status);
345
346         if (rp->status)
347                 return;
348
349         hdev->hci_ver = rp->hci_ver;
350         hdev->hci_rev = btohs(rp->hci_rev);
351         hdev->manufacturer = btohs(rp->manufacturer);
352
353         BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
354                                         hdev->manufacturer,
355                                         hdev->hci_ver, hdev->hci_rev);
356 }
357
358 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
359 {
360         struct hci_rp_read_local_commands *rp = (void *) skb->data;
361
362         BT_DBG("%s status 0x%x", hdev->name, rp->status);
363
364         if (rp->status)
365                 return;
366
367         memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
368 }
369
370 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
371 {
372         struct hci_rp_read_local_features *rp = (void *) skb->data;
373
374         BT_DBG("%s status 0x%x", hdev->name, rp->status);
375
376         if (rp->status)
377                 return;
378
379         memcpy(hdev->features, rp->features, 8);
380
381         /* Adjust default settings according to features
382          * supported by device. */
383
384         if (hdev->features[0] & LMP_3SLOT)
385                 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
386
387         if (hdev->features[0] & LMP_5SLOT)
388                 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
389
390         if (hdev->features[1] & LMP_HV2) {
391                 hdev->pkt_type  |= (HCI_HV2);
392                 hdev->esco_type |= (ESCO_HV2);
393         }
394
395         if (hdev->features[1] & LMP_HV3) {
396                 hdev->pkt_type  |= (HCI_HV3);
397                 hdev->esco_type |= (ESCO_HV3);
398         }
399
400         if (hdev->features[3] & LMP_ESCO)
401                 hdev->esco_type |= (ESCO_EV3);
402
403         if (hdev->features[4] & LMP_EV4)
404                 hdev->esco_type |= (ESCO_EV4);
405
406         if (hdev->features[4] & LMP_EV5)
407                 hdev->esco_type |= (ESCO_EV5);
408
409         BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
410                                         hdev->features[0], hdev->features[1],
411                                         hdev->features[2], hdev->features[3],
412                                         hdev->features[4], hdev->features[5],
413                                         hdev->features[6], hdev->features[7]);
414 }
415
416 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
417 {
418         struct hci_rp_read_buffer_size *rp = (void *) skb->data;
419
420         BT_DBG("%s status 0x%x", hdev->name, rp->status);
421
422         if (rp->status)
423                 return;
424
425         hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
426         hdev->sco_mtu  = rp->sco_mtu;
427         hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
428         hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
429
430         if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
431                 hdev->sco_mtu  = 64;
432                 hdev->sco_pkts = 8;
433         }
434
435         hdev->acl_cnt = hdev->acl_pkts;
436         hdev->sco_cnt = hdev->sco_pkts;
437
438         BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
439                                         hdev->acl_mtu, hdev->acl_pkts,
440                                         hdev->sco_mtu, hdev->sco_pkts);
441 }
442
443 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
444 {
445         struct hci_rp_read_bd_addr *rp = (void *) skb->data;
446
447         BT_DBG("%s status 0x%x", hdev->name, rp->status);
448
449         if (!rp->status)
450                 bacpy(&hdev->bdaddr, &rp->bdaddr);
451
452         hci_req_complete(hdev, rp->status);
453 }
454
455 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
456 {
457         BT_DBG("%s status 0x%x", hdev->name, status);
458
459         if (status) {
460                 hci_req_complete(hdev, status);
461
462                 hci_conn_check_pending(hdev);
463         } else
464                 set_bit(HCI_INQUIRY, &hdev->flags);
465 }
466
467 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
468 {
469         struct hci_cp_create_conn *cp;
470         struct hci_conn *conn;
471
472         BT_DBG("%s status 0x%x", hdev->name, status);
473
474         cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
475         if (!cp)
476                 return;
477
478         hci_dev_lock(hdev);
479
480         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
481
482         BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
483
484         if (status) {
485                 if (conn && conn->state == BT_CONNECT) {
486                         if (status != 0x0c || conn->attempt > 2) {
487                                 conn->state = BT_CLOSED;
488                                 hci_proto_connect_cfm(conn, status);
489                                 hci_conn_del(conn);
490                         } else
491                                 conn->state = BT_CONNECT2;
492                 }
493         } else {
494                 if (!conn) {
495                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
496                         if (conn) {
497                                 conn->out = 1;
498                                 conn->link_mode |= HCI_LM_MASTER;
499                         } else
500                                 BT_ERR("No memmory for new connection");
501                 }
502         }
503
504         hci_dev_unlock(hdev);
505 }
506
507 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
508 {
509         struct hci_cp_add_sco *cp;
510         struct hci_conn *acl, *sco;
511         __u16 handle;
512
513         BT_DBG("%s status 0x%x", hdev->name, status);
514
515         if (!status)
516                 return;
517
518         cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
519         if (!cp)
520                 return;
521
522         handle = __le16_to_cpu(cp->handle);
523
524         BT_DBG("%s handle %d", hdev->name, handle);
525
526         hci_dev_lock(hdev);
527
528         acl = hci_conn_hash_lookup_handle(hdev, handle);
529         if (acl && (sco = acl->link)) {
530                 sco->state = BT_CLOSED;
531
532                 hci_proto_connect_cfm(sco, status);
533                 hci_conn_del(sco);
534         }
535
536         hci_dev_unlock(hdev);
537 }
538
539 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
540 {
541         BT_DBG("%s status 0x%x", hdev->name, status);
542 }
543
544 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
545 {
546         struct hci_cp_setup_sync_conn *cp;
547         struct hci_conn *acl, *sco;
548         __u16 handle;
549
550         BT_DBG("%s status 0x%x", hdev->name, status);
551
552         if (!status)
553                 return;
554
555         cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
556         if (!cp)
557                 return;
558
559         handle = __le16_to_cpu(cp->handle);
560
561         BT_DBG("%s handle %d", hdev->name, handle);
562
563         hci_dev_lock(hdev);
564
565         acl = hci_conn_hash_lookup_handle(hdev, handle);
566         if (acl && (sco = acl->link)) {
567                 sco->state = BT_CLOSED;
568
569                 hci_proto_connect_cfm(sco, status);
570                 hci_conn_del(sco);
571         }
572
573         hci_dev_unlock(hdev);
574 }
575
576 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
577 {
578         struct hci_cp_sniff_mode *cp;
579         struct hci_conn *conn;
580
581         BT_DBG("%s status 0x%x", hdev->name, status);
582
583         if (!status)
584                 return;
585
586         cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
587         if (!cp)
588                 return;
589
590         hci_dev_lock(hdev);
591
592         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
593         if (conn)
594                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
595
596         hci_dev_unlock(hdev);
597 }
598
599 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
600 {
601         struct hci_cp_exit_sniff_mode *cp;
602         struct hci_conn *conn;
603
604         BT_DBG("%s status 0x%x", hdev->name, status);
605
606         if (!status)
607                 return;
608
609         cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
610         if (!cp)
611                 return;
612
613         hci_dev_lock(hdev);
614
615         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
616         if (conn)
617                 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
618
619         hci_dev_unlock(hdev);
620 }
621
622 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
623 {
624         __u8 status = *((__u8 *) skb->data);
625
626         BT_DBG("%s status %d", hdev->name, status);
627
628         clear_bit(HCI_INQUIRY, &hdev->flags);
629
630         hci_req_complete(hdev, status);
631
632         hci_conn_check_pending(hdev);
633 }
634
635 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
636 {
637         struct inquiry_data data;
638         struct inquiry_info *info = (void *) (skb->data + 1);
639         int num_rsp = *((__u8 *) skb->data);
640
641         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
642
643         if (!num_rsp)
644                 return;
645
646         hci_dev_lock(hdev);
647
648         for (; num_rsp; num_rsp--) {
649                 bacpy(&data.bdaddr, &info->bdaddr);
650                 data.pscan_rep_mode     = info->pscan_rep_mode;
651                 data.pscan_period_mode  = info->pscan_period_mode;
652                 data.pscan_mode         = info->pscan_mode;
653                 memcpy(data.dev_class, info->dev_class, 3);
654                 data.clock_offset       = info->clock_offset;
655                 data.rssi               = 0x00;
656                 info++;
657                 hci_inquiry_cache_update(hdev, &data);
658         }
659
660         hci_dev_unlock(hdev);
661 }
662
663 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
664 {
665         struct hci_ev_conn_complete *ev = (void *) skb->data;
666         struct hci_conn *conn;
667
668         BT_DBG("%s", hdev->name);
669
670         hci_dev_lock(hdev);
671
672         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
673         if (!conn)
674                 goto unlock;
675
676         if (!ev->status) {
677                 conn->handle = __le16_to_cpu(ev->handle);
678                 conn->state  = BT_CONNECTED;
679
680                 if (test_bit(HCI_AUTH, &hdev->flags))
681                         conn->link_mode |= HCI_LM_AUTH;
682
683                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
684                         conn->link_mode |= HCI_LM_ENCRYPT;
685
686                 /* Get remote features */
687                 if (conn->type == ACL_LINK) {
688                         struct hci_cp_read_remote_features cp;
689                         cp.handle = ev->handle;
690                         hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, sizeof(cp), &cp);
691                 }
692
693                 /* Set link policy */
694                 if (conn->type == ACL_LINK && hdev->link_policy) {
695                         struct hci_cp_write_link_policy cp;
696                         cp.handle = ev->handle;
697                         cp.policy = cpu_to_le16(hdev->link_policy);
698                         hci_send_cmd(hdev, HCI_OP_WRITE_LINK_POLICY, sizeof(cp), &cp);
699                 }
700
701                 /* Set packet type for incoming connection */
702                 if (!conn->out && hdev->hci_ver < 3) {
703                         struct hci_cp_change_conn_ptype cp;
704                         cp.handle = ev->handle;
705                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
706                         hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
707                                                         sizeof(cp), &cp);
708                 } else {
709                         /* Update disconnect timer */
710                         hci_conn_hold(conn);
711                         hci_conn_put(conn);
712                 }
713         } else
714                 conn->state = BT_CLOSED;
715
716         if (conn->type == ACL_LINK) {
717                 struct hci_conn *sco = conn->link;
718                 if (sco) {
719                         if (!ev->status) {
720                                 if (lmp_esco_capable(hdev))
721                                         hci_setup_sync(sco, conn->handle);
722                                 else
723                                         hci_add_sco(sco, conn->handle);
724                         } else {
725                                 hci_proto_connect_cfm(sco, ev->status);
726                                 hci_conn_del(sco);
727                         }
728                 }
729         }
730
731         hci_proto_connect_cfm(conn, ev->status);
732         if (ev->status)
733                 hci_conn_del(conn);
734
735 unlock:
736         hci_dev_unlock(hdev);
737
738         hci_conn_check_pending(hdev);
739 }
740
741 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
742 {
743         struct hci_ev_conn_request *ev = (void *) skb->data;
744         int mask = hdev->link_mode;
745
746         BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
747                                         batostr(&ev->bdaddr), ev->link_type);
748
749         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
750
751         if (mask & HCI_LM_ACCEPT) {
752                 /* Connection accepted */
753                 struct hci_conn *conn;
754
755                 hci_dev_lock(hdev);
756
757                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
758                 if (!conn) {
759                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
760                                 BT_ERR("No memmory for new connection");
761                                 hci_dev_unlock(hdev);
762                                 return;
763                         }
764                 }
765
766                 memcpy(conn->dev_class, ev->dev_class, 3);
767                 conn->state = BT_CONNECT;
768
769                 hci_dev_unlock(hdev);
770
771                 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
772                         struct hci_cp_accept_conn_req cp;
773
774                         bacpy(&cp.bdaddr, &ev->bdaddr);
775
776                         if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
777                                 cp.role = 0x00; /* Become master */
778                         else
779                                 cp.role = 0x01; /* Remain slave */
780
781                         hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
782                                                         sizeof(cp), &cp);
783                 } else {
784                         struct hci_cp_accept_sync_conn_req cp;
785
786                         bacpy(&cp.bdaddr, &ev->bdaddr);
787                         cp.pkt_type = cpu_to_le16(conn->pkt_type);
788
789                         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
790                         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
791                         cp.max_latency    = cpu_to_le16(0xffff);
792                         cp.content_format = cpu_to_le16(hdev->voice_setting);
793                         cp.retrans_effort = 0xff;
794
795                         hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
796                                                         sizeof(cp), &cp);
797                 }
798         } else {
799                 /* Connection rejected */
800                 struct hci_cp_reject_conn_req cp;
801
802                 bacpy(&cp.bdaddr, &ev->bdaddr);
803                 cp.reason = 0x0f;
804                 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
805         }
806 }
807
808 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
809 {
810         struct hci_ev_disconn_complete *ev = (void *) skb->data;
811         struct hci_conn *conn;
812
813         BT_DBG("%s status %d", hdev->name, ev->status);
814
815         if (ev->status)
816                 return;
817
818         hci_dev_lock(hdev);
819
820         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
821         if (conn) {
822                 conn->state = BT_CLOSED;
823                 hci_proto_disconn_ind(conn, ev->reason);
824                 hci_conn_del(conn);
825         }
826
827         hci_dev_unlock(hdev);
828 }
829
830 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
831 {
832         struct hci_ev_auth_complete *ev = (void *) skb->data;
833         struct hci_conn *conn;
834
835         BT_DBG("%s status %d", hdev->name, ev->status);
836
837         hci_dev_lock(hdev);
838
839         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
840         if (conn) {
841                 if (!ev->status)
842                         conn->link_mode |= HCI_LM_AUTH;
843
844                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
845
846                 hci_auth_cfm(conn, ev->status);
847
848                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
849                         if (!ev->status) {
850                                 struct hci_cp_set_conn_encrypt cp;
851                                 cp.handle  = cpu_to_le16(conn->handle);
852                                 cp.encrypt = 1;
853                                 hci_send_cmd(conn->hdev,
854                                         HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
855                         } else {
856                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
857                                 hci_encrypt_cfm(conn, ev->status, 0x00);
858                         }
859                 }
860         }
861
862         hci_dev_unlock(hdev);
863 }
864
865 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
866 {
867         BT_DBG("%s", hdev->name);
868
869         hci_conn_check_pending(hdev);
870 }
871
872 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
873 {
874         struct hci_ev_encrypt_change *ev = (void *) skb->data;
875         struct hci_conn *conn;
876
877         BT_DBG("%s status %d", hdev->name, ev->status);
878
879         hci_dev_lock(hdev);
880
881         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
882         if (conn) {
883                 if (!ev->status) {
884                         if (ev->encrypt) {
885                                 /* Encryption implies authentication */
886                                 conn->link_mode |= HCI_LM_AUTH;
887                                 conn->link_mode |= HCI_LM_ENCRYPT;
888                         } else
889                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
890                 }
891
892                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
893
894                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
895         }
896
897         hci_dev_unlock(hdev);
898 }
899
900 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
901 {
902         struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
903         struct hci_conn *conn;
904
905         BT_DBG("%s status %d", hdev->name, ev->status);
906
907         hci_dev_lock(hdev);
908
909         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
910         if (conn) {
911                 if (!ev->status)
912                         conn->link_mode |= HCI_LM_SECURE;
913
914                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
915
916                 hci_key_change_cfm(conn, ev->status);
917         }
918
919         hci_dev_unlock(hdev);
920 }
921
922 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
923 {
924         struct hci_ev_remote_features *ev = (void *) skb->data;
925         struct hci_conn *conn;
926
927         BT_DBG("%s status %d", hdev->name, ev->status);
928
929         if (ev->status)
930                 return;
931
932         hci_dev_lock(hdev);
933
934         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
935         if (conn)
936                 memcpy(conn->features, ev->features, 8);
937
938         hci_dev_unlock(hdev);
939 }
940
941 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
942 {
943         BT_DBG("%s", hdev->name);
944 }
945
946 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
947 {
948         BT_DBG("%s", hdev->name);
949 }
950
951 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
952 {
953         struct hci_ev_cmd_complete *ev = (void *) skb->data;
954         __u16 opcode;
955
956         skb_pull(skb, sizeof(*ev));
957
958         opcode = __le16_to_cpu(ev->opcode);
959
960         switch (opcode) {
961         case HCI_OP_INQUIRY_CANCEL:
962                 hci_cc_inquiry_cancel(hdev, skb);
963                 break;
964
965         case HCI_OP_EXIT_PERIODIC_INQ:
966                 hci_cc_exit_periodic_inq(hdev, skb);
967                 break;
968
969         case HCI_OP_REMOTE_NAME_REQ_CANCEL:
970                 hci_cc_remote_name_req_cancel(hdev, skb);
971                 break;
972
973         case HCI_OP_ROLE_DISCOVERY:
974                 hci_cc_role_discovery(hdev, skb);
975                 break;
976
977         case HCI_OP_WRITE_LINK_POLICY:
978                 hci_cc_write_link_policy(hdev, skb);
979                 break;
980
981         case HCI_OP_RESET:
982                 hci_cc_reset(hdev, skb);
983                 break;
984
985         case HCI_OP_WRITE_LOCAL_NAME:
986                 hci_cc_write_local_name(hdev, skb);
987                 break;
988
989         case HCI_OP_READ_LOCAL_NAME:
990                 hci_cc_read_local_name(hdev, skb);
991                 break;
992
993         case HCI_OP_WRITE_AUTH_ENABLE:
994                 hci_cc_write_auth_enable(hdev, skb);
995                 break;
996
997         case HCI_OP_WRITE_ENCRYPT_MODE:
998                 hci_cc_write_encrypt_mode(hdev, skb);
999                 break;
1000
1001         case HCI_OP_WRITE_SCAN_ENABLE:
1002                 hci_cc_write_scan_enable(hdev, skb);
1003                 break;
1004
1005         case HCI_OP_READ_CLASS_OF_DEV:
1006                 hci_cc_read_class_of_dev(hdev, skb);
1007                 break;
1008
1009         case HCI_OP_WRITE_CLASS_OF_DEV:
1010                 hci_cc_write_class_of_dev(hdev, skb);
1011                 break;
1012
1013         case HCI_OP_READ_VOICE_SETTING:
1014                 hci_cc_read_voice_setting(hdev, skb);
1015                 break;
1016
1017         case HCI_OP_WRITE_VOICE_SETTING:
1018                 hci_cc_write_voice_setting(hdev, skb);
1019                 break;
1020
1021         case HCI_OP_HOST_BUFFER_SIZE:
1022                 hci_cc_host_buffer_size(hdev, skb);
1023                 break;
1024
1025         case HCI_OP_READ_LOCAL_VERSION:
1026                 hci_cc_read_local_version(hdev, skb);
1027                 break;
1028
1029         case HCI_OP_READ_LOCAL_COMMANDS:
1030                 hci_cc_read_local_commands(hdev, skb);
1031                 break;
1032
1033         case HCI_OP_READ_LOCAL_FEATURES:
1034                 hci_cc_read_local_features(hdev, skb);
1035                 break;
1036
1037         case HCI_OP_READ_BUFFER_SIZE:
1038                 hci_cc_read_buffer_size(hdev, skb);
1039                 break;
1040
1041         case HCI_OP_READ_BD_ADDR:
1042                 hci_cc_read_bd_addr(hdev, skb);
1043                 break;
1044
1045         default:
1046                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1047                 break;
1048         }
1049
1050         if (ev->ncmd) {
1051                 atomic_set(&hdev->cmd_cnt, 1);
1052                 if (!skb_queue_empty(&hdev->cmd_q))
1053                         hci_sched_cmd(hdev);
1054         }
1055 }
1056
1057 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1058 {
1059         struct hci_ev_cmd_status *ev = (void *) skb->data;
1060         __u16 opcode;
1061
1062         skb_pull(skb, sizeof(*ev));
1063
1064         opcode = __le16_to_cpu(ev->opcode);
1065
1066         switch (opcode) {
1067         case HCI_OP_INQUIRY:
1068                 hci_cs_inquiry(hdev, ev->status);
1069                 break;
1070
1071         case HCI_OP_CREATE_CONN:
1072                 hci_cs_create_conn(hdev, ev->status);
1073                 break;
1074
1075         case HCI_OP_ADD_SCO:
1076                 hci_cs_add_sco(hdev, ev->status);
1077                 break;
1078
1079         case HCI_OP_REMOTE_NAME_REQ:
1080                 hci_cs_remote_name_req(hdev, ev->status);
1081                 break;
1082
1083         case HCI_OP_SETUP_SYNC_CONN:
1084                 hci_cs_setup_sync_conn(hdev, ev->status);
1085                 break;
1086
1087         case HCI_OP_SNIFF_MODE:
1088                 hci_cs_sniff_mode(hdev, ev->status);
1089                 break;
1090
1091         case HCI_OP_EXIT_SNIFF_MODE:
1092                 hci_cs_exit_sniff_mode(hdev, ev->status);
1093                 break;
1094
1095         default:
1096                 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1097                 break;
1098         }
1099
1100         if (ev->ncmd) {
1101                 atomic_set(&hdev->cmd_cnt, 1);
1102                 if (!skb_queue_empty(&hdev->cmd_q))
1103                         hci_sched_cmd(hdev);
1104         }
1105 }
1106
1107 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1108 {
1109         struct hci_ev_role_change *ev = (void *) skb->data;
1110         struct hci_conn *conn;
1111
1112         BT_DBG("%s status %d", hdev->name, ev->status);
1113
1114         hci_dev_lock(hdev);
1115
1116         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1117         if (conn) {
1118                 if (!ev->status) {
1119                         if (ev->role)
1120                                 conn->link_mode &= ~HCI_LM_MASTER;
1121                         else
1122                                 conn->link_mode |= HCI_LM_MASTER;
1123                 }
1124
1125                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1126
1127                 hci_role_switch_cfm(conn, ev->status, ev->role);
1128         }
1129
1130         hci_dev_unlock(hdev);
1131 }
1132
1133 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1134 {
1135         struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1136         __le16 *ptr;
1137         int i;
1138
1139         skb_pull(skb, sizeof(*ev));
1140
1141         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1142
1143         if (skb->len < ev->num_hndl * 4) {
1144                 BT_DBG("%s bad parameters", hdev->name);
1145                 return;
1146         }
1147
1148         tasklet_disable(&hdev->tx_task);
1149
1150         for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1151                 struct hci_conn *conn;
1152                 __u16  handle, count;
1153
1154                 handle = get_unaligned_le16(ptr++);
1155                 count  = get_unaligned_le16(ptr++);
1156
1157                 conn = hci_conn_hash_lookup_handle(hdev, handle);
1158                 if (conn) {
1159                         conn->sent -= count;
1160
1161                         if (conn->type == ACL_LINK) {
1162                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1163                                         hdev->acl_cnt = hdev->acl_pkts;
1164                         } else {
1165                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1166                                         hdev->sco_cnt = hdev->sco_pkts;
1167                         }
1168                 }
1169         }
1170
1171         hci_sched_tx(hdev);
1172
1173         tasklet_enable(&hdev->tx_task);
1174 }
1175
1176 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1177 {
1178         struct hci_ev_mode_change *ev = (void *) skb->data;
1179         struct hci_conn *conn;
1180
1181         BT_DBG("%s status %d", hdev->name, ev->status);
1182
1183         hci_dev_lock(hdev);
1184
1185         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1186         if (conn) {
1187                 conn->mode = ev->mode;
1188                 conn->interval = __le16_to_cpu(ev->interval);
1189
1190                 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1191                         if (conn->mode == HCI_CM_ACTIVE)
1192                                 conn->power_save = 1;
1193                         else
1194                                 conn->power_save = 0;
1195                 }
1196         }
1197
1198         hci_dev_unlock(hdev);
1199 }
1200
1201 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1202 {
1203         BT_DBG("%s", hdev->name);
1204 }
1205
1206 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1207 {
1208         BT_DBG("%s", hdev->name);
1209 }
1210
1211 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1212 {
1213         BT_DBG("%s", hdev->name);
1214 }
1215
1216 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1217 {
1218         struct hci_ev_clock_offset *ev = (void *) skb->data;
1219         struct hci_conn *conn;
1220
1221         BT_DBG("%s status %d", hdev->name, ev->status);
1222
1223         hci_dev_lock(hdev);
1224
1225         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1226         if (conn && !ev->status) {
1227                 struct inquiry_entry *ie;
1228
1229                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1230                         ie->data.clock_offset = ev->clock_offset;
1231                         ie->timestamp = jiffies;
1232                 }
1233         }
1234
1235         hci_dev_unlock(hdev);
1236 }
1237
1238 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1239 {
1240         struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1241         struct hci_conn *conn;
1242
1243         BT_DBG("%s status %d", hdev->name, ev->status);
1244
1245         hci_dev_lock(hdev);
1246
1247         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1248         if (conn && !ev->status)
1249                 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1250
1251         hci_dev_unlock(hdev);
1252 }
1253
1254 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1255 {
1256         struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1257         struct inquiry_entry *ie;
1258
1259         BT_DBG("%s", hdev->name);
1260
1261         hci_dev_lock(hdev);
1262
1263         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1264                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1265                 ie->timestamp = jiffies;
1266         }
1267
1268         hci_dev_unlock(hdev);
1269 }
1270
1271 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1272 {
1273         struct inquiry_data data;
1274         int num_rsp = *((__u8 *) skb->data);
1275
1276         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1277
1278         if (!num_rsp)
1279                 return;
1280
1281         hci_dev_lock(hdev);
1282
1283         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1284                 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1285
1286                 for (; num_rsp; num_rsp--) {
1287                         bacpy(&data.bdaddr, &info->bdaddr);
1288                         data.pscan_rep_mode     = info->pscan_rep_mode;
1289                         data.pscan_period_mode  = info->pscan_period_mode;
1290                         data.pscan_mode         = info->pscan_mode;
1291                         memcpy(data.dev_class, info->dev_class, 3);
1292                         data.clock_offset       = info->clock_offset;
1293                         data.rssi               = info->rssi;
1294                         info++;
1295                         hci_inquiry_cache_update(hdev, &data);
1296                 }
1297         } else {
1298                 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1299
1300                 for (; num_rsp; num_rsp--) {
1301                         bacpy(&data.bdaddr, &info->bdaddr);
1302                         data.pscan_rep_mode     = info->pscan_rep_mode;
1303                         data.pscan_period_mode  = info->pscan_period_mode;
1304                         data.pscan_mode         = 0x00;
1305                         memcpy(data.dev_class, info->dev_class, 3);
1306                         data.clock_offset       = info->clock_offset;
1307                         data.rssi               = info->rssi;
1308                         info++;
1309                         hci_inquiry_cache_update(hdev, &data);
1310                 }
1311         }
1312
1313         hci_dev_unlock(hdev);
1314 }
1315
1316 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1317 {
1318         BT_DBG("%s", hdev->name);
1319 }
1320
1321 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1322 {
1323         struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1324         struct hci_conn *conn;
1325
1326         BT_DBG("%s status %d", hdev->name, ev->status);
1327
1328         hci_dev_lock(hdev);
1329
1330         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1331         if (!conn) {
1332                 if (ev->link_type == ESCO_LINK)
1333                         goto unlock;
1334
1335                 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1336                 if (!conn)
1337                         goto unlock;
1338
1339                 conn->type = SCO_LINK;
1340         }
1341
1342         if (!ev->status) {
1343                 conn->handle = __le16_to_cpu(ev->handle);
1344                 conn->state  = BT_CONNECTED;
1345         } else
1346                 conn->state = BT_CLOSED;
1347
1348         hci_proto_connect_cfm(conn, ev->status);
1349         if (ev->status)
1350                 hci_conn_del(conn);
1351
1352 unlock:
1353         hci_dev_unlock(hdev);
1354 }
1355
1356 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1357 {
1358         BT_DBG("%s", hdev->name);
1359 }
1360
1361 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1362 {
1363         struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1364         struct hci_conn *conn;
1365
1366         BT_DBG("%s status %d", hdev->name, ev->status);
1367
1368         hci_dev_lock(hdev);
1369
1370         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1371         if (conn) {
1372         }
1373
1374         hci_dev_unlock(hdev);
1375 }
1376
1377 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1378 {
1379         struct inquiry_data data;
1380         struct extended_inquiry_info *info = (void *) (skb->data + 1);
1381         int num_rsp = *((__u8 *) skb->data);
1382
1383         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1384
1385         if (!num_rsp)
1386                 return;
1387
1388         hci_dev_lock(hdev);
1389
1390         for (; num_rsp; num_rsp--) {
1391                 bacpy(&data.bdaddr, &info->bdaddr);
1392                 data.pscan_rep_mode     = info->pscan_rep_mode;
1393                 data.pscan_period_mode  = info->pscan_period_mode;
1394                 data.pscan_mode         = 0x00;
1395                 memcpy(data.dev_class, info->dev_class, 3);
1396                 data.clock_offset       = info->clock_offset;
1397                 data.rssi               = info->rssi;
1398                 info++;
1399                 hci_inquiry_cache_update(hdev, &data);
1400         }
1401
1402         hci_dev_unlock(hdev);
1403 }
1404
1405 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1406 {
1407         struct hci_event_hdr *hdr = (void *) skb->data;
1408         __u8 event = hdr->evt;
1409
1410         skb_pull(skb, HCI_EVENT_HDR_SIZE);
1411
1412         switch (event) {
1413         case HCI_EV_INQUIRY_COMPLETE:
1414                 hci_inquiry_complete_evt(hdev, skb);
1415                 break;
1416
1417         case HCI_EV_INQUIRY_RESULT:
1418                 hci_inquiry_result_evt(hdev, skb);
1419                 break;
1420
1421         case HCI_EV_CONN_COMPLETE:
1422                 hci_conn_complete_evt(hdev, skb);
1423                 break;
1424
1425         case HCI_EV_CONN_REQUEST:
1426                 hci_conn_request_evt(hdev, skb);
1427                 break;
1428
1429         case HCI_EV_DISCONN_COMPLETE:
1430                 hci_disconn_complete_evt(hdev, skb);
1431                 break;
1432
1433         case HCI_EV_AUTH_COMPLETE:
1434                 hci_auth_complete_evt(hdev, skb);
1435                 break;
1436
1437         case HCI_EV_REMOTE_NAME:
1438                 hci_remote_name_evt(hdev, skb);
1439                 break;
1440
1441         case HCI_EV_ENCRYPT_CHANGE:
1442                 hci_encrypt_change_evt(hdev, skb);
1443                 break;
1444
1445         case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1446                 hci_change_link_key_complete_evt(hdev, skb);
1447                 break;
1448
1449         case HCI_EV_REMOTE_FEATURES:
1450                 hci_remote_features_evt(hdev, skb);
1451                 break;
1452
1453         case HCI_EV_REMOTE_VERSION:
1454                 hci_remote_version_evt(hdev, skb);
1455                 break;
1456
1457         case HCI_EV_QOS_SETUP_COMPLETE:
1458                 hci_qos_setup_complete_evt(hdev, skb);
1459                 break;
1460
1461         case HCI_EV_CMD_COMPLETE:
1462                 hci_cmd_complete_evt(hdev, skb);
1463                 break;
1464
1465         case HCI_EV_CMD_STATUS:
1466                 hci_cmd_status_evt(hdev, skb);
1467                 break;
1468
1469         case HCI_EV_ROLE_CHANGE:
1470                 hci_role_change_evt(hdev, skb);
1471                 break;
1472
1473         case HCI_EV_NUM_COMP_PKTS:
1474                 hci_num_comp_pkts_evt(hdev, skb);
1475                 break;
1476
1477         case HCI_EV_MODE_CHANGE:
1478                 hci_mode_change_evt(hdev, skb);
1479                 break;
1480
1481         case HCI_EV_PIN_CODE_REQ:
1482                 hci_pin_code_request_evt(hdev, skb);
1483                 break;
1484
1485         case HCI_EV_LINK_KEY_REQ:
1486                 hci_link_key_request_evt(hdev, skb);
1487                 break;
1488
1489         case HCI_EV_LINK_KEY_NOTIFY:
1490                 hci_link_key_notify_evt(hdev, skb);
1491                 break;
1492
1493         case HCI_EV_CLOCK_OFFSET:
1494                 hci_clock_offset_evt(hdev, skb);
1495                 break;
1496
1497         case HCI_EV_PKT_TYPE_CHANGE:
1498                 hci_pkt_type_change_evt(hdev, skb);
1499                 break;
1500
1501         case HCI_EV_PSCAN_REP_MODE:
1502                 hci_pscan_rep_mode_evt(hdev, skb);
1503                 break;
1504
1505         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1506                 hci_inquiry_result_with_rssi_evt(hdev, skb);
1507                 break;
1508
1509         case HCI_EV_REMOTE_EXT_FEATURES:
1510                 hci_remote_ext_features_evt(hdev, skb);
1511                 break;
1512
1513         case HCI_EV_SYNC_CONN_COMPLETE:
1514                 hci_sync_conn_complete_evt(hdev, skb);
1515                 break;
1516
1517         case HCI_EV_SYNC_CONN_CHANGED:
1518                 hci_sync_conn_changed_evt(hdev, skb);
1519                 break;
1520
1521         case HCI_EV_SNIFF_SUBRATE:
1522                 hci_sniff_subrate_evt(hdev, skb);
1523                 break;
1524
1525         case HCI_EV_EXTENDED_INQUIRY_RESULT:
1526                 hci_extended_inquiry_result_evt(hdev, skb);
1527                 break;
1528
1529         default:
1530                 BT_DBG("%s event 0x%x", hdev->name, event);
1531                 break;
1532         }
1533
1534         kfree_skb(skb);
1535         hdev->stat.evt_rx++;
1536 }
1537
1538 /* Generate internal stack event */
1539 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1540 {
1541         struct hci_event_hdr *hdr;
1542         struct hci_ev_stack_internal *ev;
1543         struct sk_buff *skb;
1544
1545         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1546         if (!skb)
1547                 return;
1548
1549         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1550         hdr->evt  = HCI_EV_STACK_INTERNAL;
1551         hdr->plen = sizeof(*ev) + dlen;
1552
1553         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1554         ev->type = type;
1555         memcpy(ev->data, data, dlen);
1556
1557         bt_cb(skb)->incoming = 1;
1558         __net_timestamp(skb);
1559
1560         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1561         skb->dev = (void *) hdev;
1562         hci_send_to_sock(hdev, skb);
1563         kfree_skb(skb);
1564 }