linux/net/bluetooth/hci_event.c
<<
>>
Prefs
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3   Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7   This program is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU General Public License version 2 as
   9   published by the Free Software Foundation;
  10
  11   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22   SOFTWARE IS DISCLAIMED.
  23*/
  24
  25/* Bluetooth HCI event handling. */
  26
  27#include <linux/module.h>
  28
  29#include <linux/types.h>
  30#include <linux/errno.h>
  31#include <linux/kernel.h>
  32#include <linux/slab.h>
  33#include <linux/poll.h>
  34#include <linux/fcntl.h>
  35#include <linux/init.h>
  36#include <linux/skbuff.h>
  37#include <linux/interrupt.h>
  38#include <linux/notifier.h>
  39#include <net/sock.h>
  40
  41#include <asm/system.h>
  42#include <asm/uaccess.h>
  43#include <asm/unaligned.h>
  44
  45#include <net/bluetooth/bluetooth.h>
  46#include <net/bluetooth/hci_core.h>
  47
  48/* Handle HCI Event packets */
  49
  50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
  51{
  52        __u8 status = *((__u8 *) skb->data);
  53
  54        BT_DBG("%s status 0x%x", hdev->name, status);
  55
  56        if (status)
  57                return;
  58
  59        clear_bit(HCI_INQUIRY, &hdev->flags);
  60
  61        hci_req_complete(hdev, status);
  62
  63        hci_conn_check_pending(hdev);
  64}
  65
  66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
  67{
  68        __u8 status = *((__u8 *) skb->data);
  69
  70        BT_DBG("%s status 0x%x", hdev->name, status);
  71
  72        if (status)
  73                return;
  74
  75        clear_bit(HCI_INQUIRY, &hdev->flags);
  76
  77        hci_conn_check_pending(hdev);
  78}
  79
  80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
  81{
  82        BT_DBG("%s", hdev->name);
  83}
  84
  85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
  86{
  87        struct hci_rp_role_discovery *rp = (void *) skb->data;
  88        struct hci_conn *conn;
  89
  90        BT_DBG("%s status 0x%x", hdev->name, rp->status);
  91
  92        if (rp->status)
  93                return;
  94
  95        hci_dev_lock(hdev);
  96
  97        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
  98        if (conn) {
  99                if (rp->role)
 100                        conn->link_mode &= ~HCI_LM_MASTER;
 101                else
 102                        conn->link_mode |= HCI_LM_MASTER;
 103        }
 104
 105        hci_dev_unlock(hdev);
 106}
 107
 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
 109{
 110        struct hci_rp_read_link_policy *rp = (void *) skb->data;
 111        struct hci_conn *conn;
 112
 113        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 114
 115        if (rp->status)
 116                return;
 117
 118        hci_dev_lock(hdev);
 119
 120        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
 121        if (conn)
 122                conn->link_policy = __le16_to_cpu(rp->policy);
 123
 124        hci_dev_unlock(hdev);
 125}
 126
 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
 128{
 129        struct hci_rp_write_link_policy *rp = (void *) skb->data;
 130        struct hci_conn *conn;
 131        void *sent;
 132
 133        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 134
 135        if (rp->status)
 136                return;
 137
 138        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
 139        if (!sent)
 140                return;
 141
 142        hci_dev_lock(hdev);
 143
 144        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
 145        if (conn)
 146                conn->link_policy = get_unaligned_le16(sent + 2);
 147
 148        hci_dev_unlock(hdev);
 149}
 150
 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
 152{
 153        struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
 154
 155        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 156
 157        if (rp->status)
 158                return;
 159
 160        hdev->link_policy = __le16_to_cpu(rp->policy);
 161}
 162
 163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
 164{
 165        __u8 status = *((__u8 *) skb->data);
 166        void *sent;
 167
 168        BT_DBG("%s status 0x%x", hdev->name, status);
 169
 170        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
 171        if (!sent)
 172                return;
 173
 174        if (!status)
 175                hdev->link_policy = get_unaligned_le16(sent);
 176
 177        hci_req_complete(hdev, status);
 178}
 179
 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
 181{
 182        __u8 status = *((__u8 *) skb->data);
 183
 184        BT_DBG("%s status 0x%x", hdev->name, status);
 185
 186        hci_req_complete(hdev, status);
 187}
 188
 189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
 190{
 191        __u8 status = *((__u8 *) skb->data);
 192        void *sent;
 193
 194        BT_DBG("%s status 0x%x", hdev->name, status);
 195
 196        if (status)
 197                return;
 198
 199        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
 200        if (!sent)
 201                return;
 202
 203        memcpy(hdev->dev_name, sent, 248);
 204}
 205
 206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
 207{
 208        struct hci_rp_read_local_name *rp = (void *) skb->data;
 209
 210        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 211
 212        if (rp->status)
 213                return;
 214
 215        memcpy(hdev->dev_name, rp->name, 248);
 216}
 217
 218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
 219{
 220        __u8 status = *((__u8 *) skb->data);
 221        void *sent;
 222
 223        BT_DBG("%s status 0x%x", hdev->name, status);
 224
 225        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
 226        if (!sent)
 227                return;
 228
 229        if (!status) {
 230                __u8 param = *((__u8 *) sent);
 231
 232                if (param == AUTH_ENABLED)
 233                        set_bit(HCI_AUTH, &hdev->flags);
 234                else
 235                        clear_bit(HCI_AUTH, &hdev->flags);
 236        }
 237
 238        hci_req_complete(hdev, status);
 239}
 240
 241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
 242{
 243        __u8 status = *((__u8 *) skb->data);
 244        void *sent;
 245
 246        BT_DBG("%s status 0x%x", hdev->name, status);
 247
 248        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
 249        if (!sent)
 250                return;
 251
 252        if (!status) {
 253                __u8 param = *((__u8 *) sent);
 254
 255                if (param)
 256                        set_bit(HCI_ENCRYPT, &hdev->flags);
 257                else
 258                        clear_bit(HCI_ENCRYPT, &hdev->flags);
 259        }
 260
 261        hci_req_complete(hdev, status);
 262}
 263
 264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
 265{
 266        __u8 status = *((__u8 *) skb->data);
 267        void *sent;
 268
 269        BT_DBG("%s status 0x%x", hdev->name, status);
 270
 271        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
 272        if (!sent)
 273                return;
 274
 275        if (!status) {
 276                __u8 param = *((__u8 *) sent);
 277
 278                clear_bit(HCI_PSCAN, &hdev->flags);
 279                clear_bit(HCI_ISCAN, &hdev->flags);
 280
 281                if (param & SCAN_INQUIRY)
 282                        set_bit(HCI_ISCAN, &hdev->flags);
 283
 284                if (param & SCAN_PAGE)
 285                        set_bit(HCI_PSCAN, &hdev->flags);
 286        }
 287
 288        hci_req_complete(hdev, status);
 289}
 290
 291static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
 292{
 293        struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
 294
 295        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 296
 297        if (rp->status)
 298                return;
 299
 300        memcpy(hdev->dev_class, rp->dev_class, 3);
 301
 302        BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
 303                hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
 304}
 305
 306static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
 307{
 308        __u8 status = *((__u8 *) skb->data);
 309        void *sent;
 310
 311        BT_DBG("%s status 0x%x", hdev->name, status);
 312
 313        if (status)
 314                return;
 315
 316        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
 317        if (!sent)
 318                return;
 319
 320        memcpy(hdev->dev_class, sent, 3);
 321}
 322
 323static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
 324{
 325        struct hci_rp_read_voice_setting *rp = (void *) skb->data;
 326        __u16 setting;
 327
 328        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 329
 330        if (rp->status)
 331                return;
 332
 333        setting = __le16_to_cpu(rp->voice_setting);
 334
 335        if (hdev->voice_setting == setting)
 336                return;
 337
 338        hdev->voice_setting = setting;
 339
 340        BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
 341
 342        if (hdev->notify) {
 343                tasklet_disable(&hdev->tx_task);
 344                hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
 345                tasklet_enable(&hdev->tx_task);
 346        }
 347}
 348
 349static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
 350{
 351        __u8 status = *((__u8 *) skb->data);
 352        __u16 setting;
 353        void *sent;
 354
 355        BT_DBG("%s status 0x%x", hdev->name, status);
 356
 357        if (status)
 358                return;
 359
 360        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
 361        if (!sent)
 362                return;
 363
 364        setting = get_unaligned_le16(sent);
 365
 366        if (hdev->voice_setting == setting)
 367                return;
 368
 369        hdev->voice_setting = setting;
 370
 371        BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
 372
 373        if (hdev->notify) {
 374                tasklet_disable(&hdev->tx_task);
 375                hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
 376                tasklet_enable(&hdev->tx_task);
 377        }
 378}
 379
 380static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
 381{
 382        __u8 status = *((__u8 *) skb->data);
 383
 384        BT_DBG("%s status 0x%x", hdev->name, status);
 385
 386        hci_req_complete(hdev, status);
 387}
 388
 389static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
 390{
 391        struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
 392
 393        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 394
 395        if (rp->status)
 396                return;
 397
 398        hdev->ssp_mode = rp->mode;
 399}
 400
 401static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
 402{
 403        __u8 status = *((__u8 *) skb->data);
 404        void *sent;
 405
 406        BT_DBG("%s status 0x%x", hdev->name, status);
 407
 408        if (status)
 409                return;
 410
 411        sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
 412        if (!sent)
 413                return;
 414
 415        hdev->ssp_mode = *((__u8 *) sent);
 416}
 417
 418static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
 419{
 420        struct hci_rp_read_local_version *rp = (void *) skb->data;
 421
 422        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 423
 424        if (rp->status)
 425                return;
 426
 427        hdev->hci_ver = rp->hci_ver;
 428        hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
 429        hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
 430
 431        BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
 432                                        hdev->manufacturer,
 433                                        hdev->hci_ver, hdev->hci_rev);
 434}
 435
 436static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
 437{
 438        struct hci_rp_read_local_commands *rp = (void *) skb->data;
 439
 440        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 441
 442        if (rp->status)
 443                return;
 444
 445        memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
 446}
 447
 448static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
 449{
 450        struct hci_rp_read_local_features *rp = (void *) skb->data;
 451
 452        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 453
 454        if (rp->status)
 455                return;
 456
 457        memcpy(hdev->features, rp->features, 8);
 458
 459        /* Adjust default settings according to features
 460         * supported by device. */
 461
 462        if (hdev->features[0] & LMP_3SLOT)
 463                hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
 464
 465        if (hdev->features[0] & LMP_5SLOT)
 466                hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
 467
 468        if (hdev->features[1] & LMP_HV2) {
 469                hdev->pkt_type  |= (HCI_HV2);
 470                hdev->esco_type |= (ESCO_HV2);
 471        }
 472
 473        if (hdev->features[1] & LMP_HV3) {
 474                hdev->pkt_type  |= (HCI_HV3);
 475                hdev->esco_type |= (ESCO_HV3);
 476        }
 477
 478        if (hdev->features[3] & LMP_ESCO)
 479                hdev->esco_type |= (ESCO_EV3);
 480
 481        if (hdev->features[4] & LMP_EV4)
 482                hdev->esco_type |= (ESCO_EV4);
 483
 484        if (hdev->features[4] & LMP_EV5)
 485                hdev->esco_type |= (ESCO_EV5);
 486
 487        if (hdev->features[5] & LMP_EDR_ESCO_2M)
 488                hdev->esco_type |= (ESCO_2EV3);
 489
 490        if (hdev->features[5] & LMP_EDR_ESCO_3M)
 491                hdev->esco_type |= (ESCO_3EV3);
 492
 493        if (hdev->features[5] & LMP_EDR_3S_ESCO)
 494                hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
 495
 496        BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
 497                                        hdev->features[0], hdev->features[1],
 498                                        hdev->features[2], hdev->features[3],
 499                                        hdev->features[4], hdev->features[5],
 500                                        hdev->features[6], hdev->features[7]);
 501}
 502
 503static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
 504{
 505        struct hci_rp_read_buffer_size *rp = (void *) skb->data;
 506
 507        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 508
 509        if (rp->status)
 510                return;
 511
 512        hdev->acl_mtu  = __le16_to_cpu(rp->acl_mtu);
 513        hdev->sco_mtu  = rp->sco_mtu;
 514        hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
 515        hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
 516
 517        if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
 518                hdev->sco_mtu  = 64;
 519                hdev->sco_pkts = 8;
 520        }
 521
 522        hdev->acl_cnt = hdev->acl_pkts;
 523        hdev->sco_cnt = hdev->sco_pkts;
 524
 525        BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
 526                                        hdev->acl_mtu, hdev->acl_pkts,
 527                                        hdev->sco_mtu, hdev->sco_pkts);
 528}
 529
 530static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
 531{
 532        struct hci_rp_read_bd_addr *rp = (void *) skb->data;
 533
 534        BT_DBG("%s status 0x%x", hdev->name, rp->status);
 535
 536        if (!rp->status)
 537                bacpy(&hdev->bdaddr, &rp->bdaddr);
 538
 539        hci_req_complete(hdev, rp->status);
 540}
 541
 542static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
 543{
 544        BT_DBG("%s status 0x%x", hdev->name, status);
 545
 546        if (status) {
 547                hci_req_complete(hdev, status);
 548
 549                hci_conn_check_pending(hdev);
 550        } else
 551                set_bit(HCI_INQUIRY, &hdev->flags);
 552}
 553
 554static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
 555{
 556        struct hci_cp_create_conn *cp;
 557        struct hci_conn *conn;
 558
 559        BT_DBG("%s status 0x%x", hdev->name, status);
 560
 561        cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
 562        if (!cp)
 563                return;
 564
 565        hci_dev_lock(hdev);
 566
 567        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
 568
 569        BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
 570
 571        if (status) {
 572                if (conn && conn->state == BT_CONNECT) {
 573                        if (status != 0x0c || conn->attempt > 2) {
 574                                conn->state = BT_CLOSED;
 575                                hci_proto_connect_cfm(conn, status);
 576                                hci_conn_del(conn);
 577                        } else
 578                                conn->state = BT_CONNECT2;
 579                }
 580        } else {
 581                if (!conn) {
 582                        conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
 583                        if (conn) {
 584                                conn->out = 1;
 585                                conn->link_mode |= HCI_LM_MASTER;
 586                        } else
 587                                BT_ERR("No memmory for new connection");
 588                }
 589        }
 590
 591        hci_dev_unlock(hdev);
 592}
 593
 594static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
 595{
 596        struct hci_cp_add_sco *cp;
 597        struct hci_conn *acl, *sco;
 598        __u16 handle;
 599
 600        BT_DBG("%s status 0x%x", hdev->name, status);
 601
 602        if (!status)
 603                return;
 604
 605        cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
 606        if (!cp)
 607                return;
 608
 609        handle = __le16_to_cpu(cp->handle);
 610
 611        BT_DBG("%s handle %d", hdev->name, handle);
 612
 613        hci_dev_lock(hdev);
 614
 615        acl = hci_conn_hash_lookup_handle(hdev, handle);
 616        if (acl && (sco = acl->link)) {
 617                sco->state = BT_CLOSED;
 618
 619                hci_proto_connect_cfm(sco, status);
 620                hci_conn_del(sco);
 621        }
 622
 623        hci_dev_unlock(hdev);
 624}
 625
 626static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
 627{
 628        struct hci_cp_auth_requested *cp;
 629        struct hci_conn *conn;
 630
 631        BT_DBG("%s status 0x%x", hdev->name, status);
 632
 633        if (!status)
 634                return;
 635
 636        cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
 637        if (!cp)
 638                return;
 639
 640        hci_dev_lock(hdev);
 641
 642        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
 643        if (conn) {
 644                if (conn->state == BT_CONFIG) {
 645                        hci_proto_connect_cfm(conn, status);
 646                        hci_conn_put(conn);
 647                }
 648        }
 649
 650        hci_dev_unlock(hdev);
 651}
 652
 653static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
 654{
 655        struct hci_cp_set_conn_encrypt *cp;
 656        struct hci_conn *conn;
 657
 658        BT_DBG("%s status 0x%x", hdev->name, status);
 659
 660        if (!status)
 661                return;
 662
 663        cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
 664        if (!cp)
 665                return;
 666
 667        hci_dev_lock(hdev);
 668
 669        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
 670        if (conn) {
 671                if (conn->state == BT_CONFIG) {
 672                        hci_proto_connect_cfm(conn, status);
 673                        hci_conn_put(conn);
 674                }
 675        }
 676
 677        hci_dev_unlock(hdev);
 678}
 679
 680static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
 681{
 682        BT_DBG("%s status 0x%x", hdev->name, status);
 683}
 684
 685static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
 686{
 687        struct hci_cp_read_remote_features *cp;
 688        struct hci_conn *conn;
 689
 690        BT_DBG("%s status 0x%x", hdev->name, status);
 691
 692        if (!status)
 693                return;
 694
 695        cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
 696        if (!cp)
 697                return;
 698
 699        hci_dev_lock(hdev);
 700
 701        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
 702        if (conn) {
 703                if (conn->state == BT_CONFIG) {
 704                        hci_proto_connect_cfm(conn, status);
 705                        hci_conn_put(conn);
 706                }
 707        }
 708
 709        hci_dev_unlock(hdev);
 710}
 711
 712static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
 713{
 714        struct hci_cp_read_remote_ext_features *cp;
 715        struct hci_conn *conn;
 716
 717        BT_DBG("%s status 0x%x", hdev->name, status);
 718
 719        if (!status)
 720                return;
 721
 722        cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
 723        if (!cp)
 724                return;
 725
 726        hci_dev_lock(hdev);
 727
 728        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
 729        if (conn) {
 730                if (conn->state == BT_CONFIG) {
 731                        hci_proto_connect_cfm(conn, status);
 732                        hci_conn_put(conn);
 733                }
 734        }
 735
 736        hci_dev_unlock(hdev);
 737}
 738
 739static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
 740{
 741        struct hci_cp_setup_sync_conn *cp;
 742        struct hci_conn *acl, *sco;
 743        __u16 handle;
 744
 745        BT_DBG("%s status 0x%x", hdev->name, status);
 746
 747        if (!status)
 748                return;
 749
 750        cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
 751        if (!cp)
 752                return;
 753
 754        handle = __le16_to_cpu(cp->handle);
 755
 756        BT_DBG("%s handle %d", hdev->name, handle);
 757
 758        hci_dev_lock(hdev);
 759
 760        acl = hci_conn_hash_lookup_handle(hdev, handle);
 761        if (acl && (sco = acl->link)) {
 762                sco->state = BT_CLOSED;
 763
 764                hci_proto_connect_cfm(sco, status);
 765                hci_conn_del(sco);
 766        }
 767
 768        hci_dev_unlock(hdev);
 769}
 770
 771static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
 772{
 773        struct hci_cp_sniff_mode *cp;
 774        struct hci_conn *conn;
 775
 776        BT_DBG("%s status 0x%x", hdev->name, status);
 777
 778        if (!status)
 779                return;
 780
 781        cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
 782        if (!cp)
 783                return;
 784
 785        hci_dev_lock(hdev);
 786
 787        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
 788        if (conn)
 789                clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
 790
 791        hci_dev_unlock(hdev);
 792}
 793
 794static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
 795{
 796        struct hci_cp_exit_sniff_mode *cp;
 797        struct hci_conn *conn;
 798
 799        BT_DBG("%s status 0x%x", hdev->name, status);
 800
 801        if (!status)
 802                return;
 803
 804        cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
 805        if (!cp)
 806                return;
 807
 808        hci_dev_lock(hdev);
 809
 810        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
 811        if (conn)
 812                clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
 813
 814        hci_dev_unlock(hdev);
 815}
 816
 817static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
 818{
 819        __u8 status = *((__u8 *) skb->data);
 820
 821        BT_DBG("%s status %d", hdev->name, status);
 822
 823        clear_bit(HCI_INQUIRY, &hdev->flags);
 824
 825        hci_req_complete(hdev, status);
 826
 827        hci_conn_check_pending(hdev);
 828}
 829
 830static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
 831{
 832        struct inquiry_data data;
 833        struct inquiry_info *info = (void *) (skb->data + 1);
 834        int num_rsp = *((__u8 *) skb->data);
 835
 836        BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
 837
 838        if (!num_rsp)
 839                return;
 840
 841        hci_dev_lock(hdev);
 842
 843        for (; num_rsp; num_rsp--) {
 844                bacpy(&data.bdaddr, &info->bdaddr);
 845                data.pscan_rep_mode     = info->pscan_rep_mode;
 846                data.pscan_period_mode  = info->pscan_period_mode;
 847                data.pscan_mode         = info->pscan_mode;
 848                memcpy(data.dev_class, info->dev_class, 3);
 849                data.clock_offset       = info->clock_offset;
 850                data.rssi               = 0x00;
 851                data.ssp_mode           = 0x00;
 852                info++;
 853                hci_inquiry_cache_update(hdev, &data);
 854        }
 855
 856        hci_dev_unlock(hdev);
 857}
 858
 859static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
 860{
 861        struct hci_ev_conn_complete *ev = (void *) skb->data;
 862        struct hci_conn *conn;
 863
 864        BT_DBG("%s", hdev->name);
 865
 866        hci_dev_lock(hdev);
 867
 868        conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
 869        if (!conn) {
 870                if (ev->link_type != SCO_LINK)
 871                        goto unlock;
 872
 873                conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
 874                if (!conn)
 875                        goto unlock;
 876
 877                conn->type = SCO_LINK;
 878        }
 879
 880        if (!ev->status) {
 881                conn->handle = __le16_to_cpu(ev->handle);
 882
 883                if (conn->type == ACL_LINK) {
 884                        conn->state = BT_CONFIG;
 885                        hci_conn_hold(conn);
 886                        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
 887                } else
 888                        conn->state = BT_CONNECTED;
 889
 890                hci_conn_add_sysfs(conn);
 891
 892                if (test_bit(HCI_AUTH, &hdev->flags))
 893                        conn->link_mode |= HCI_LM_AUTH;
 894
 895                if (test_bit(HCI_ENCRYPT, &hdev->flags))
 896                        conn->link_mode |= HCI_LM_ENCRYPT;
 897
 898                /* Get remote features */
 899                if (conn->type == ACL_LINK) {
 900                        struct hci_cp_read_remote_features cp;
 901                        cp.handle = ev->handle;
 902                        hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
 903                                                        sizeof(cp), &cp);
 904                }
 905
 906                /* Set packet type for incoming connection */
 907                if (!conn->out && hdev->hci_ver < 3) {
 908                        struct hci_cp_change_conn_ptype cp;
 909                        cp.handle = ev->handle;
 910                        cp.pkt_type = cpu_to_le16(conn->pkt_type);
 911                        hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
 912                                                        sizeof(cp), &cp);
 913                }
 914        } else
 915                conn->state = BT_CLOSED;
 916
 917        if (conn->type == ACL_LINK) {
 918                struct hci_conn *sco = conn->link;
 919                if (sco) {
 920                        if (!ev->status) {
 921                                if (lmp_esco_capable(hdev))
 922                                        hci_setup_sync(sco, conn->handle);
 923                                else
 924                                        hci_add_sco(sco, conn->handle);
 925                        } else {
 926                                hci_proto_connect_cfm(sco, ev->status);
 927                                hci_conn_del(sco);
 928                        }
 929                }
 930        }
 931
 932        if (ev->status) {
 933                hci_proto_connect_cfm(conn, ev->status);
 934                hci_conn_del(conn);
 935        } else if (ev->link_type != ACL_LINK)
 936                hci_proto_connect_cfm(conn, ev->status);
 937
 938unlock:
 939        hci_dev_unlock(hdev);
 940
 941        hci_conn_check_pending(hdev);
 942}
 943
 944static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
 945{
 946        struct hci_ev_conn_request *ev = (void *) skb->data;
 947        int mask = hdev->link_mode;
 948
 949        BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
 950                                        batostr(&ev->bdaddr), ev->link_type);
 951
 952        mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
 953
 954        if (mask & HCI_LM_ACCEPT) {
 955                /* Connection accepted */
 956                struct inquiry_entry *ie;
 957                struct hci_conn *conn;
 958
 959                hci_dev_lock(hdev);
 960
 961                if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
 962                        memcpy(ie->data.dev_class, ev->dev_class, 3);
 963
 964                conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
 965                if (!conn) {
 966                        if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
 967                                BT_ERR("No memmory for new connection");
 968                                hci_dev_unlock(hdev);
 969                                return;
 970                        }
 971                }
 972
 973                memcpy(conn->dev_class, ev->dev_class, 3);
 974                conn->state = BT_CONNECT;
 975
 976                hci_dev_unlock(hdev);
 977
 978                if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
 979                        struct hci_cp_accept_conn_req cp;
 980
 981                        bacpy(&cp.bdaddr, &ev->bdaddr);
 982
 983                        if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
 984                                cp.role = 0x00; /* Become master */
 985                        else
 986                                cp.role = 0x01; /* Remain slave */
 987
 988                        hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
 989                                                        sizeof(cp), &cp);
 990                } else {
 991                        struct hci_cp_accept_sync_conn_req cp;
 992
 993                        bacpy(&cp.bdaddr, &ev->bdaddr);
 994                        cp.pkt_type = cpu_to_le16(conn->pkt_type);
 995
 996                        cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
 997                        cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
 998                        cp.max_latency    = cpu_to_le16(0xffff);
 999                        cp.content_format = cpu_to_le16(hdev->voice_setting);
1000                        cp.retrans_effort = 0xff;
1001
1002                        hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1003                                                        sizeof(cp), &cp);
1004                }
1005        } else {
1006                /* Connection rejected */
1007                struct hci_cp_reject_conn_req cp;
1008
1009                bacpy(&cp.bdaddr, &ev->bdaddr);
1010                cp.reason = 0x0f;
1011                hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1012        }
1013}
1014
1015static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1016{
1017        struct hci_ev_disconn_complete *ev = (void *) skb->data;
1018        struct hci_conn *conn;
1019
1020        BT_DBG("%s status %d", hdev->name, ev->status);
1021
1022        if (ev->status)
1023                return;
1024
1025        hci_dev_lock(hdev);
1026
1027        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1028        if (conn) {
1029                conn->state = BT_CLOSED;
1030
1031                hci_proto_disconn_cfm(conn, ev->reason);
1032                hci_conn_del(conn);
1033        }
1034
1035        hci_dev_unlock(hdev);
1036}
1037
1038static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1039{
1040        struct hci_ev_auth_complete *ev = (void *) skb->data;
1041        struct hci_conn *conn;
1042
1043        BT_DBG("%s status %d", hdev->name, ev->status);
1044
1045        hci_dev_lock(hdev);
1046
1047        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1048        if (conn) {
1049                if (!ev->status)
1050                        conn->link_mode |= HCI_LM_AUTH;
1051
1052                clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1053
1054                if (conn->state == BT_CONFIG) {
1055                        if (!ev->status && hdev->ssp_mode > 0 &&
1056                                                        conn->ssp_mode > 0) {
1057                                struct hci_cp_set_conn_encrypt cp;
1058                                cp.handle  = ev->handle;
1059                                cp.encrypt = 0x01;
1060                                hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1061                                                        sizeof(cp), &cp);
1062                        } else {
1063                                conn->state = BT_CONNECTED;
1064                                hci_proto_connect_cfm(conn, ev->status);
1065                                hci_conn_put(conn);
1066                        }
1067                } else {
1068                        hci_auth_cfm(conn, ev->status);
1069
1070                        hci_conn_hold(conn);
1071                        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1072                        hci_conn_put(conn);
1073                }
1074
1075                if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1076                        if (!ev->status) {
1077                                struct hci_cp_set_conn_encrypt cp;
1078                                cp.handle  = ev->handle;
1079                                cp.encrypt = 0x01;
1080                                hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1081                                                        sizeof(cp), &cp);
1082                        } else {
1083                                clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1084                                hci_encrypt_cfm(conn, ev->status, 0x00);
1085                        }
1086                }
1087        }
1088
1089        hci_dev_unlock(hdev);
1090}
1091
1092static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1093{
1094        BT_DBG("%s", hdev->name);
1095
1096        hci_conn_check_pending(hdev);
1097}
1098
1099static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1100{
1101        struct hci_ev_encrypt_change *ev = (void *) skb->data;
1102        struct hci_conn *conn;
1103
1104        BT_DBG("%s status %d", hdev->name, ev->status);
1105
1106        hci_dev_lock(hdev);
1107
1108        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1109        if (conn) {
1110                if (!ev->status) {
1111                        if (ev->encrypt) {
1112                                /* Encryption implies authentication */
1113                                conn->link_mode |= HCI_LM_AUTH;
1114                                conn->link_mode |= HCI_LM_ENCRYPT;
1115                        } else
1116                                conn->link_mode &= ~HCI_LM_ENCRYPT;
1117                }
1118
1119                clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1120
1121                if (conn->state == BT_CONFIG) {
1122                        if (!ev->status)
1123                                conn->state = BT_CONNECTED;
1124
1125                        hci_proto_connect_cfm(conn, ev->status);
1126                        hci_conn_put(conn);
1127                } else
1128                        hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1129        }
1130
1131        hci_dev_unlock(hdev);
1132}
1133
1134static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1135{
1136        struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1137        struct hci_conn *conn;
1138
1139        BT_DBG("%s status %d", hdev->name, ev->status);
1140
1141        hci_dev_lock(hdev);
1142
1143        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1144        if (conn) {
1145                if (!ev->status)
1146                        conn->link_mode |= HCI_LM_SECURE;
1147
1148                clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1149
1150                hci_key_change_cfm(conn, ev->status);
1151        }
1152
1153        hci_dev_unlock(hdev);
1154}
1155
1156static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1157{
1158        struct hci_ev_remote_features *ev = (void *) skb->data;
1159        struct hci_conn *conn;
1160
1161        BT_DBG("%s status %d", hdev->name, ev->status);
1162
1163        hci_dev_lock(hdev);
1164
1165        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1166        if (conn) {
1167                if (!ev->status)
1168                        memcpy(conn->features, ev->features, 8);
1169
1170                if (conn->state == BT_CONFIG) {
1171                        if (!ev->status && lmp_ssp_capable(hdev) &&
1172                                                lmp_ssp_capable(conn)) {
1173                                struct hci_cp_read_remote_ext_features cp;
1174                                cp.handle = ev->handle;
1175                                cp.page = 0x01;
1176                                hci_send_cmd(hdev,
1177                                        HCI_OP_READ_REMOTE_EXT_FEATURES,
1178                                                        sizeof(cp), &cp);
1179                        } else {
1180                                conn->state = BT_CONNECTED;
1181                                hci_proto_connect_cfm(conn, ev->status);
1182                                hci_conn_put(conn);
1183                        }
1184                }
1185        }
1186
1187        hci_dev_unlock(hdev);
1188}
1189
1190static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1191{
1192        BT_DBG("%s", hdev->name);
1193}
1194
1195static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1196{
1197        BT_DBG("%s", hdev->name);
1198}
1199
1200static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1201{
1202        struct hci_ev_cmd_complete *ev = (void *) skb->data;
1203        __u16 opcode;
1204
1205        skb_pull(skb, sizeof(*ev));
1206
1207        opcode = __le16_to_cpu(ev->opcode);
1208
1209        switch (opcode) {
1210        case HCI_OP_INQUIRY_CANCEL:
1211                hci_cc_inquiry_cancel(hdev, skb);
1212                break;
1213
1214        case HCI_OP_EXIT_PERIODIC_INQ:
1215                hci_cc_exit_periodic_inq(hdev, skb);
1216                break;
1217
1218        case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1219                hci_cc_remote_name_req_cancel(hdev, skb);
1220                break;
1221
1222        case HCI_OP_ROLE_DISCOVERY:
1223                hci_cc_role_discovery(hdev, skb);
1224                break;
1225
1226        case HCI_OP_READ_LINK_POLICY:
1227                hci_cc_read_link_policy(hdev, skb);
1228                break;
1229
1230        case HCI_OP_WRITE_LINK_POLICY:
1231                hci_cc_write_link_policy(hdev, skb);
1232                break;
1233
1234        case HCI_OP_READ_DEF_LINK_POLICY:
1235                hci_cc_read_def_link_policy(hdev, skb);
1236                break;
1237
1238        case HCI_OP_WRITE_DEF_LINK_POLICY:
1239                hci_cc_write_def_link_policy(hdev, skb);
1240                break;
1241
1242        case HCI_OP_RESET:
1243                hci_cc_reset(hdev, skb);
1244                break;
1245
1246        case HCI_OP_WRITE_LOCAL_NAME:
1247                hci_cc_write_local_name(hdev, skb);
1248                break;
1249
1250        case HCI_OP_READ_LOCAL_NAME:
1251                hci_cc_read_local_name(hdev, skb);
1252                break;
1253
1254        case HCI_OP_WRITE_AUTH_ENABLE:
1255                hci_cc_write_auth_enable(hdev, skb);
1256                break;
1257
1258        case HCI_OP_WRITE_ENCRYPT_MODE:
1259                hci_cc_write_encrypt_mode(hdev, skb);
1260                break;
1261
1262        case HCI_OP_WRITE_SCAN_ENABLE:
1263                hci_cc_write_scan_enable(hdev, skb);
1264                break;
1265
1266        case HCI_OP_READ_CLASS_OF_DEV:
1267                hci_cc_read_class_of_dev(hdev, skb);
1268                break;
1269
1270        case HCI_OP_WRITE_CLASS_OF_DEV:
1271                hci_cc_write_class_of_dev(hdev, skb);
1272                break;
1273
1274        case HCI_OP_READ_VOICE_SETTING:
1275                hci_cc_read_voice_setting(hdev, skb);
1276                break;
1277
1278        case HCI_OP_WRITE_VOICE_SETTING:
1279                hci_cc_write_voice_setting(hdev, skb);
1280                break;
1281
1282        case HCI_OP_HOST_BUFFER_SIZE:
1283                hci_cc_host_buffer_size(hdev, skb);
1284                break;
1285
1286        case HCI_OP_READ_SSP_MODE:
1287                hci_cc_read_ssp_mode(hdev, skb);
1288                break;
1289
1290        case HCI_OP_WRITE_SSP_MODE:
1291                hci_cc_write_ssp_mode(hdev, skb);
1292                break;
1293
1294        case HCI_OP_READ_LOCAL_VERSION:
1295                hci_cc_read_local_version(hdev, skb);
1296                break;
1297
1298        case HCI_OP_READ_LOCAL_COMMANDS:
1299                hci_cc_read_local_commands(hdev, skb);
1300                break;
1301
1302        case HCI_OP_READ_LOCAL_FEATURES:
1303                hci_cc_read_local_features(hdev, skb);
1304                break;
1305
1306        case HCI_OP_READ_BUFFER_SIZE:
1307                hci_cc_read_buffer_size(hdev, skb);
1308                break;
1309
1310        case HCI_OP_READ_BD_ADDR:
1311                hci_cc_read_bd_addr(hdev, skb);
1312                break;
1313
1314        default:
1315                BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1316                break;
1317        }
1318
1319        if (ev->ncmd) {
1320                atomic_set(&hdev->cmd_cnt, 1);
1321                if (!skb_queue_empty(&hdev->cmd_q))
1322                        hci_sched_cmd(hdev);
1323        }
1324}
1325
1326static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1327{
1328        struct hci_ev_cmd_status *ev = (void *) skb->data;
1329        __u16 opcode;
1330
1331        skb_pull(skb, sizeof(*ev));
1332
1333        opcode = __le16_to_cpu(ev->opcode);
1334
1335        switch (opcode) {
1336        case HCI_OP_INQUIRY:
1337                hci_cs_inquiry(hdev, ev->status);
1338                break;
1339
1340        case HCI_OP_CREATE_CONN:
1341                hci_cs_create_conn(hdev, ev->status);
1342                break;
1343
1344        case HCI_OP_ADD_SCO:
1345                hci_cs_add_sco(hdev, ev->status);
1346                break;
1347
1348        case HCI_OP_AUTH_REQUESTED:
1349                hci_cs_auth_requested(hdev, ev->status);
1350                break;
1351
1352        case HCI_OP_SET_CONN_ENCRYPT:
1353                hci_cs_set_conn_encrypt(hdev, ev->status);
1354                break;
1355
1356        case HCI_OP_REMOTE_NAME_REQ:
1357                hci_cs_remote_name_req(hdev, ev->status);
1358                break;
1359
1360        case HCI_OP_READ_REMOTE_FEATURES:
1361                hci_cs_read_remote_features(hdev, ev->status);
1362                break;
1363
1364        case HCI_OP_READ_REMOTE_EXT_FEATURES:
1365                hci_cs_read_remote_ext_features(hdev, ev->status);
1366                break;
1367
1368        case HCI_OP_SETUP_SYNC_CONN:
1369                hci_cs_setup_sync_conn(hdev, ev->status);
1370                break;
1371
1372        case HCI_OP_SNIFF_MODE:
1373                hci_cs_sniff_mode(hdev, ev->status);
1374                break;
1375
1376        case HCI_OP_EXIT_SNIFF_MODE:
1377                hci_cs_exit_sniff_mode(hdev, ev->status);
1378                break;
1379
1380        default:
1381                BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1382                break;
1383        }
1384
1385        if (ev->ncmd) {
1386                atomic_set(&hdev->cmd_cnt, 1);
1387                if (!skb_queue_empty(&hdev->cmd_q))
1388                        hci_sched_cmd(hdev);
1389        }
1390}
1391
1392static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1393{
1394        struct hci_ev_role_change *ev = (void *) skb->data;
1395        struct hci_conn *conn;
1396
1397        BT_DBG("%s status %d", hdev->name, ev->status);
1398
1399        hci_dev_lock(hdev);
1400
1401        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1402        if (conn) {
1403                if (!ev->status) {
1404                        if (ev->role)
1405                                conn->link_mode &= ~HCI_LM_MASTER;
1406                        else
1407                                conn->link_mode |= HCI_LM_MASTER;
1408                }
1409
1410                clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1411
1412                hci_role_switch_cfm(conn, ev->status, ev->role);
1413        }
1414
1415        hci_dev_unlock(hdev);
1416}
1417
1418static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1419{
1420        struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1421        __le16 *ptr;
1422        int i;
1423
1424        skb_pull(skb, sizeof(*ev));
1425
1426        BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1427
1428        if (skb->len < ev->num_hndl * 4) {
1429                BT_DBG("%s bad parameters", hdev->name);
1430                return;
1431        }
1432
1433        tasklet_disable(&hdev->tx_task);
1434
1435        for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1436                struct hci_conn *conn;
1437                __u16  handle, count;
1438
1439                handle = get_unaligned_le16(ptr++);
1440                count  = get_unaligned_le16(ptr++);
1441
1442                conn = hci_conn_hash_lookup_handle(hdev, handle);
1443                if (conn) {
1444                        conn->sent -= count;
1445
1446                        if (conn->type == ACL_LINK) {
1447                                if ((hdev->acl_cnt += count) > hdev->acl_pkts)
1448                                        hdev->acl_cnt = hdev->acl_pkts;
1449                        } else {
1450                                if ((hdev->sco_cnt += count) > hdev->sco_pkts)
1451                                        hdev->sco_cnt = hdev->sco_pkts;
1452                        }
1453                }
1454        }
1455
1456        hci_sched_tx(hdev);
1457
1458        tasklet_enable(&hdev->tx_task);
1459}
1460
1461static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1462{
1463        struct hci_ev_mode_change *ev = (void *) skb->data;
1464        struct hci_conn *conn;
1465
1466        BT_DBG("%s status %d", hdev->name, ev->status);
1467
1468        hci_dev_lock(hdev);
1469
1470        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1471        if (conn) {
1472                conn->mode = ev->mode;
1473                conn->interval = __le16_to_cpu(ev->interval);
1474
1475                if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1476                        if (conn->mode == HCI_CM_ACTIVE)
1477                                conn->power_save = 1;
1478                        else
1479                                conn->power_save = 0;
1480                }
1481        }
1482
1483        hci_dev_unlock(hdev);
1484}
1485
1486static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1487{
1488        struct hci_ev_pin_code_req *ev = (void *) skb->data;
1489        struct hci_conn *conn;
1490
1491        BT_DBG("%s", hdev->name);
1492
1493        hci_dev_lock(hdev);
1494
1495        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1496        if (conn && conn->state == BT_CONNECTED) {
1497                hci_conn_hold(conn);
1498                conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1499                hci_conn_put(conn);
1500        }
1501
1502        hci_dev_unlock(hdev);
1503}
1504
1505static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1506{
1507        BT_DBG("%s", hdev->name);
1508}
1509
1510static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1511{
1512        struct hci_ev_link_key_notify *ev = (void *) skb->data;
1513        struct hci_conn *conn;
1514
1515        BT_DBG("%s", hdev->name);
1516
1517        hci_dev_lock(hdev);
1518
1519        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1520        if (conn) {
1521                hci_conn_hold(conn);
1522                conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1523                hci_conn_put(conn);
1524        }
1525
1526        hci_dev_unlock(hdev);
1527}
1528
1529static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1530{
1531        struct hci_ev_clock_offset *ev = (void *) skb->data;
1532        struct hci_conn *conn;
1533
1534        BT_DBG("%s status %d", hdev->name, ev->status);
1535
1536        hci_dev_lock(hdev);
1537
1538        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1539        if (conn && !ev->status) {
1540                struct inquiry_entry *ie;
1541
1542                if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1543                        ie->data.clock_offset = ev->clock_offset;
1544                        ie->timestamp = jiffies;
1545                }
1546        }
1547
1548        hci_dev_unlock(hdev);
1549}
1550
1551static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1552{
1553        struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1554        struct hci_conn *conn;
1555
1556        BT_DBG("%s status %d", hdev->name, ev->status);
1557
1558        hci_dev_lock(hdev);
1559
1560        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1561        if (conn && !ev->status)
1562                conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1563
1564        hci_dev_unlock(hdev);
1565}
1566
1567static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1568{
1569        struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
1570        struct inquiry_entry *ie;
1571
1572        BT_DBG("%s", hdev->name);
1573
1574        hci_dev_lock(hdev);
1575
1576        if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1577                ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1578                ie->timestamp = jiffies;
1579        }
1580
1581        hci_dev_unlock(hdev);
1582}
1583
1584static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
1585{
1586        struct inquiry_data data;
1587        int num_rsp = *((__u8 *) skb->data);
1588
1589        BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1590
1591        if (!num_rsp)
1592                return;
1593
1594        hci_dev_lock(hdev);
1595
1596        if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
1597                struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
1598
1599                for (; num_rsp; num_rsp--) {
1600                        bacpy(&data.bdaddr, &info->bdaddr);
1601                        data.pscan_rep_mode     = info->pscan_rep_mode;
1602                        data.pscan_period_mode  = info->pscan_period_mode;
1603                        data.pscan_mode         = info->pscan_mode;
1604                        memcpy(data.dev_class, info->dev_class, 3);
1605                        data.clock_offset       = info->clock_offset;
1606                        data.rssi               = info->rssi;
1607                        data.ssp_mode           = 0x00;
1608                        info++;
1609                        hci_inquiry_cache_update(hdev, &data);
1610                }
1611        } else {
1612                struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
1613
1614                for (; num_rsp; num_rsp--) {
1615                        bacpy(&data.bdaddr, &info->bdaddr);
1616                        data.pscan_rep_mode     = info->pscan_rep_mode;
1617                        data.pscan_period_mode  = info->pscan_period_mode;
1618                        data.pscan_mode         = 0x00;
1619                        memcpy(data.dev_class, info->dev_class, 3);
1620                        data.clock_offset       = info->clock_offset;
1621                        data.rssi               = info->rssi;
1622                        data.ssp_mode           = 0x00;
1623                        info++;
1624                        hci_inquiry_cache_update(hdev, &data);
1625                }
1626        }
1627
1628        hci_dev_unlock(hdev);
1629}
1630
1631static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1632{
1633        struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1634        struct hci_conn *conn;
1635
1636        BT_DBG("%s", hdev->name);
1637
1638        hci_dev_lock(hdev);
1639
1640        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1641        if (conn) {
1642                if (!ev->status && ev->page == 0x01) {
1643                        struct inquiry_entry *ie;
1644
1645                        if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1646                                ie->data.ssp_mode = (ev->features[0] & 0x01);
1647
1648                        conn->ssp_mode = (ev->features[0] & 0x01);
1649                }
1650
1651                if (conn->state == BT_CONFIG) {
1652                        if (!ev->status && hdev->ssp_mode > 0 &&
1653                                        conn->ssp_mode > 0 && conn->out &&
1654                                        conn->sec_level != BT_SECURITY_SDP) {
1655                                struct hci_cp_auth_requested cp;
1656                                cp.handle = ev->handle;
1657                                hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1658                                                        sizeof(cp), &cp);
1659                        } else {
1660                                conn->state = BT_CONNECTED;
1661                                hci_proto_connect_cfm(conn, ev->status);
1662                                hci_conn_put(conn);
1663                        }
1664                }
1665        }
1666
1667        hci_dev_unlock(hdev);
1668}
1669
1670static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1671{
1672        struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
1673        struct hci_conn *conn;
1674
1675        BT_DBG("%s status %d", hdev->name, ev->status);
1676
1677        hci_dev_lock(hdev);
1678
1679        conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1680        if (!conn) {
1681                if (ev->link_type == ESCO_LINK)
1682                        goto unlock;
1683
1684                conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1685                if (!conn)
1686                        goto unlock;
1687
1688                conn->type = SCO_LINK;
1689        }
1690
1691        switch (ev->status) {
1692        case 0x00:
1693                conn->handle = __le16_to_cpu(ev->handle);
1694                conn->state  = BT_CONNECTED;
1695
1696                hci_conn_add_sysfs(conn);
1697                break;
1698
1699        case 0x1c:      /* SCO interval rejected */
1700        case 0x1f:      /* Unspecified error */
1701                if (conn->out && conn->attempt < 2) {
1702                        conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1703                                        (hdev->esco_type & EDR_ESCO_MASK);
1704                        hci_setup_sync(conn, conn->link->handle);
1705                        goto unlock;
1706                }
1707                /* fall through */
1708
1709        default:
1710                conn->state = BT_CLOSED;
1711                break;
1712        }
1713
1714        hci_proto_connect_cfm(conn, ev->status);
1715        if (ev->status)
1716                hci_conn_del(conn);
1717
1718unlock:
1719        hci_dev_unlock(hdev);
1720}
1721
1722static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
1723{
1724        BT_DBG("%s", hdev->name);
1725}
1726
1727static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1728{
1729        struct hci_ev_sniff_subrate *ev = (void *) skb->data;
1730        struct hci_conn *conn;
1731
1732        BT_DBG("%s status %d", hdev->name, ev->status);
1733
1734        hci_dev_lock(hdev);
1735
1736        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1737        if (conn) {
1738        }
1739
1740        hci_dev_unlock(hdev);
1741}
1742
1743static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1744{
1745        struct inquiry_data data;
1746        struct extended_inquiry_info *info = (void *) (skb->data + 1);
1747        int num_rsp = *((__u8 *) skb->data);
1748
1749        BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1750
1751        if (!num_rsp)
1752                return;
1753
1754        hci_dev_lock(hdev);
1755
1756        for (; num_rsp; num_rsp--) {
1757                bacpy(&data.bdaddr, &info->bdaddr);
1758                data.pscan_rep_mode     = info->pscan_rep_mode;
1759                data.pscan_period_mode  = info->pscan_period_mode;
1760                data.pscan_mode         = 0x00;
1761                memcpy(data.dev_class, info->dev_class, 3);
1762                data.clock_offset       = info->clock_offset;
1763                data.rssi               = info->rssi;
1764                data.ssp_mode           = 0x01;
1765                info++;
1766                hci_inquiry_cache_update(hdev, &data);
1767        }
1768
1769        hci_dev_unlock(hdev);
1770}
1771
1772static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1773{
1774        struct hci_ev_io_capa_request *ev = (void *) skb->data;
1775        struct hci_conn *conn;
1776
1777        BT_DBG("%s", hdev->name);
1778
1779        hci_dev_lock(hdev);
1780
1781        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1782        if (conn)
1783                hci_conn_hold(conn);
1784
1785        hci_dev_unlock(hdev);
1786}
1787
1788static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1789{
1790        struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1791        struct hci_conn *conn;
1792
1793        BT_DBG("%s", hdev->name);
1794
1795        hci_dev_lock(hdev);
1796
1797        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1798        if (conn)
1799                hci_conn_put(conn);
1800
1801        hci_dev_unlock(hdev);
1802}
1803
1804static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1805{
1806        struct hci_ev_remote_host_features *ev = (void *) skb->data;
1807        struct inquiry_entry *ie;
1808
1809        BT_DBG("%s", hdev->name);
1810
1811        hci_dev_lock(hdev);
1812
1813        if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1814                ie->data.ssp_mode = (ev->features[0] & 0x01);
1815
1816        hci_dev_unlock(hdev);
1817}
1818
1819void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1820{
1821        struct hci_event_hdr *hdr = (void *) skb->data;
1822        __u8 event = hdr->evt;
1823
1824        skb_pull(skb, HCI_EVENT_HDR_SIZE);
1825
1826        switch (event) {
1827        case HCI_EV_INQUIRY_COMPLETE:
1828                hci_inquiry_complete_evt(hdev, skb);
1829                break;
1830
1831        case HCI_EV_INQUIRY_RESULT:
1832                hci_inquiry_result_evt(hdev, skb);
1833                break;
1834
1835        case HCI_EV_CONN_COMPLETE:
1836                hci_conn_complete_evt(hdev, skb);
1837                break;
1838
1839        case HCI_EV_CONN_REQUEST:
1840                hci_conn_request_evt(hdev, skb);
1841                break;
1842
1843        case HCI_EV_DISCONN_COMPLETE:
1844                hci_disconn_complete_evt(hdev, skb);
1845                break;
1846
1847        case HCI_EV_AUTH_COMPLETE:
1848                hci_auth_complete_evt(hdev, skb);
1849                break;
1850
1851        case HCI_EV_REMOTE_NAME:
1852                hci_remote_name_evt(hdev, skb);
1853                break;
1854
1855        case HCI_EV_ENCRYPT_CHANGE:
1856                hci_encrypt_change_evt(hdev, skb);
1857                break;
1858
1859        case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
1860                hci_change_link_key_complete_evt(hdev, skb);
1861                break;
1862
1863        case HCI_EV_REMOTE_FEATURES:
1864                hci_remote_features_evt(hdev, skb);
1865                break;
1866
1867        case HCI_EV_REMOTE_VERSION:
1868                hci_remote_version_evt(hdev, skb);
1869                break;
1870
1871        case HCI_EV_QOS_SETUP_COMPLETE:
1872                hci_qos_setup_complete_evt(hdev, skb);
1873                break;
1874
1875        case HCI_EV_CMD_COMPLETE:
1876                hci_cmd_complete_evt(hdev, skb);
1877                break;
1878
1879        case HCI_EV_CMD_STATUS:
1880                hci_cmd_status_evt(hdev, skb);
1881                break;
1882
1883        case HCI_EV_ROLE_CHANGE:
1884                hci_role_change_evt(hdev, skb);
1885                break;
1886
1887        case HCI_EV_NUM_COMP_PKTS:
1888                hci_num_comp_pkts_evt(hdev, skb);
1889                break;
1890
1891        case HCI_EV_MODE_CHANGE:
1892                hci_mode_change_evt(hdev, skb);
1893                break;
1894
1895        case HCI_EV_PIN_CODE_REQ:
1896                hci_pin_code_request_evt(hdev, skb);
1897                break;
1898
1899        case HCI_EV_LINK_KEY_REQ:
1900                hci_link_key_request_evt(hdev, skb);
1901                break;
1902
1903        case HCI_EV_LINK_KEY_NOTIFY:
1904                hci_link_key_notify_evt(hdev, skb);
1905                break;
1906
1907        case HCI_EV_CLOCK_OFFSET:
1908                hci_clock_offset_evt(hdev, skb);
1909                break;
1910
1911        case HCI_EV_PKT_TYPE_CHANGE:
1912                hci_pkt_type_change_evt(hdev, skb);
1913                break;
1914
1915        case HCI_EV_PSCAN_REP_MODE:
1916                hci_pscan_rep_mode_evt(hdev, skb);
1917                break;
1918
1919        case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1920                hci_inquiry_result_with_rssi_evt(hdev, skb);
1921                break;
1922
1923        case HCI_EV_REMOTE_EXT_FEATURES:
1924                hci_remote_ext_features_evt(hdev, skb);
1925                break;
1926
1927        case HCI_EV_SYNC_CONN_COMPLETE:
1928                hci_sync_conn_complete_evt(hdev, skb);
1929                break;
1930
1931        case HCI_EV_SYNC_CONN_CHANGED:
1932                hci_sync_conn_changed_evt(hdev, skb);
1933                break;
1934
1935        case HCI_EV_SNIFF_SUBRATE:
1936                hci_sniff_subrate_evt(hdev, skb);
1937                break;
1938
1939        case HCI_EV_EXTENDED_INQUIRY_RESULT:
1940                hci_extended_inquiry_result_evt(hdev, skb);
1941                break;
1942
1943        case HCI_EV_IO_CAPA_REQUEST:
1944                hci_io_capa_request_evt(hdev, skb);
1945                break;
1946
1947        case HCI_EV_SIMPLE_PAIR_COMPLETE:
1948                hci_simple_pair_complete_evt(hdev, skb);
1949                break;
1950
1951        case HCI_EV_REMOTE_HOST_FEATURES:
1952                hci_remote_host_features_evt(hdev, skb);
1953                break;
1954
1955        default:
1956                BT_DBG("%s event 0x%x", hdev->name, event);
1957                break;
1958        }
1959
1960        kfree_skb(skb);
1961        hdev->stat.evt_rx++;
1962}
1963
1964/* Generate internal stack event */
1965void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1966{
1967        struct hci_event_hdr *hdr;
1968        struct hci_ev_stack_internal *ev;
1969        struct sk_buff *skb;
1970
1971        skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1972        if (!skb)
1973                return;
1974
1975        hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1976        hdr->evt  = HCI_EV_STACK_INTERNAL;
1977        hdr->plen = sizeof(*ev) + dlen;
1978
1979        ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1980        ev->type = type;
1981        memcpy(ev->data, data, dlen);
1982
1983        bt_cb(skb)->incoming = 1;
1984        __net_timestamp(skb);
1985
1986        bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1987        skb->dev = (void *) hdev;
1988        hci_send_to_sock(hdev, skb);
1989        kfree_skb(skb);
1990}
1991