[Bluetooth] Correct SCO buffer size on request
[linux-2.6.git] / net / bluetooth / hci_event.c
1 /* 
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/interrupt.h>
39 #include <linux/notifier.h>
40 #include <net/sock.h>
41
42 #include <asm/system.h>
43 #include <asm/uaccess.h>
44 #include <asm/unaligned.h>
45
46 #include <net/bluetooth/bluetooth.h>
47 #include <net/bluetooth/hci_core.h>
48
49 #ifndef CONFIG_BT_HCI_CORE_DEBUG
50 #undef  BT_DBG
51 #define BT_DBG(D...)
52 #endif
53
54 /* Handle HCI Event packets */
55
56 /* Command Complete OGF LINK_CTL  */
57 static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
58 {
59         __u8 status;
60
61         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
62
63         switch (ocf) {
64         case OCF_INQUIRY_CANCEL:
65                 status = *((__u8 *) skb->data);
66
67                 if (status) {
68                         BT_DBG("%s Inquiry cancel error: status 0x%x", hdev->name, status);
69                 } else {
70                         clear_bit(HCI_INQUIRY, &hdev->flags);
71                         hci_req_complete(hdev, status);
72                 }
73                 break;
74
75         default:
76                 BT_DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
77                 break;
78         }
79 }
80
81 /* Command Complete OGF LINK_POLICY  */
82 static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
83 {
84         struct hci_conn *conn;
85         struct hci_rp_role_discovery *rd;
86
87         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
88
89         switch (ocf) {
90         case OCF_ROLE_DISCOVERY: 
91                 rd = (void *) skb->data;
92
93                 if (rd->status)
94                         break;
95
96                 hci_dev_lock(hdev);
97
98                 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rd->handle));
99                 if (conn) {
100                         if (rd->role)
101                                 conn->link_mode &= ~HCI_LM_MASTER;
102                         else
103                                 conn->link_mode |= HCI_LM_MASTER;
104                 }
105
106                 hci_dev_unlock(hdev);
107                 break;
108
109         default:
110                 BT_DBG("%s: Command complete: ogf LINK_POLICY ocf %x", 
111                                 hdev->name, ocf);
112                 break;
113         }
114 }
115
116 /* Command Complete OGF HOST_CTL  */
117 static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
118 {
119         __u8 status, param;
120         __u16 setting;
121         struct hci_rp_read_voice_setting *vs;
122         void *sent;
123
124         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
125
126         switch (ocf) {
127         case OCF_RESET:
128                 status = *((__u8 *) skb->data);
129                 hci_req_complete(hdev, status);
130                 break;
131
132         case OCF_SET_EVENT_FLT:
133                 status = *((__u8 *) skb->data);
134                 if (status) {
135                         BT_DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
136                 } else {
137                         BT_DBG("%s SET_EVENT_FLT succeseful", hdev->name);
138                 }
139                 break;
140
141         case OCF_WRITE_AUTH_ENABLE:
142                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE);
143                 if (!sent)
144                         break;
145
146                 status = *((__u8 *) skb->data);
147                 param  = *((__u8 *) sent);
148
149                 if (!status) {
150                         if (param == AUTH_ENABLED)
151                                 set_bit(HCI_AUTH, &hdev->flags);
152                         else
153                                 clear_bit(HCI_AUTH, &hdev->flags);
154                 }
155                 hci_req_complete(hdev, status);
156                 break;
157
158         case OCF_WRITE_ENCRYPT_MODE:
159                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE);
160                 if (!sent)
161                         break;
162
163                 status = *((__u8 *) skb->data);
164                 param  = *((__u8 *) sent);
165
166                 if (!status) {
167                         if (param)
168                                 set_bit(HCI_ENCRYPT, &hdev->flags);
169                         else
170                                 clear_bit(HCI_ENCRYPT, &hdev->flags);
171                 }
172                 hci_req_complete(hdev, status);
173                 break;
174
175         case OCF_WRITE_CA_TIMEOUT:
176                 status = *((__u8 *) skb->data);
177                 if (status) {
178                         BT_DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
179                 } else {
180                         BT_DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
181                 }
182                 break;
183
184         case OCF_WRITE_PG_TIMEOUT:
185                 status = *((__u8 *) skb->data);
186                 if (status) {
187                         BT_DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
188                 } else {
189                         BT_DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
190                 }
191                 break;
192
193         case OCF_WRITE_SCAN_ENABLE:
194                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE);
195                 if (!sent)
196                         break;
197
198                 status = *((__u8 *) skb->data);
199                 param  = *((__u8 *) sent);
200
201                 BT_DBG("param 0x%x", param);
202
203                 if (!status) {
204                         clear_bit(HCI_PSCAN, &hdev->flags);
205                         clear_bit(HCI_ISCAN, &hdev->flags);
206                         if (param & SCAN_INQUIRY) 
207                                 set_bit(HCI_ISCAN, &hdev->flags);
208
209                         if (param & SCAN_PAGE) 
210                                 set_bit(HCI_PSCAN, &hdev->flags);
211                 }
212                 hci_req_complete(hdev, status);
213                 break;
214
215         case OCF_READ_VOICE_SETTING:
216                 vs = (struct hci_rp_read_voice_setting *) skb->data;
217
218                 if (vs->status) {
219                         BT_DBG("%s READ_VOICE_SETTING failed %d", hdev->name, vs->status);
220                         break;
221                 }
222
223                 setting = __le16_to_cpu(vs->voice_setting);
224
225                 if (hdev->voice_setting != setting ) {
226                         hdev->voice_setting = setting;
227
228                         BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
229
230                         if (hdev->notify) {
231                                 tasklet_disable(&hdev->tx_task);
232                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
233                                 tasklet_enable(&hdev->tx_task);
234                         }
235                 }
236                 break;
237
238         case OCF_WRITE_VOICE_SETTING:
239                 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING);
240                 if (!sent)
241                         break;
242
243                 status = *((__u8 *) skb->data);
244                 setting = __le16_to_cpu(get_unaligned((__le16 *) sent));
245
246                 if (!status && hdev->voice_setting != setting) {
247                         hdev->voice_setting = setting;
248
249                         BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
250
251                         if (hdev->notify) {
252                                 tasklet_disable(&hdev->tx_task);
253                                 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
254                                 tasklet_enable(&hdev->tx_task);
255                         }
256                 }
257                 hci_req_complete(hdev, status);
258                 break;
259
260         case OCF_HOST_BUFFER_SIZE:
261                 status = *((__u8 *) skb->data);
262                 if (status) {
263                         BT_DBG("%s OCF_BUFFER_SIZE failed %d", hdev->name, status);
264                         hci_req_complete(hdev, status);
265                 }
266                 break;
267
268         default:
269                 BT_DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
270                 break;
271         }
272 }
273
274 /* Command Complete OGF INFO_PARAM  */
275 static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
276 {
277         struct hci_rp_read_loc_features *lf;
278         struct hci_rp_read_buffer_size *bs;
279         struct hci_rp_read_bd_addr *ba;
280
281         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
282
283         switch (ocf) {
284         case OCF_READ_LOCAL_FEATURES:
285                 lf = (struct hci_rp_read_loc_features *) skb->data;
286
287                 if (lf->status) {
288                         BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
289                         break;
290                 }
291
292                 memcpy(hdev->features, lf->features, sizeof(hdev->features));
293
294                 /* Adjust default settings according to features 
295                  * supported by device. */
296                 if (hdev->features[0] & LMP_3SLOT)
297                         hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
298
299                 if (hdev->features[0] & LMP_5SLOT)
300                         hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
301
302                 if (hdev->features[1] & LMP_HV2)
303                         hdev->pkt_type |= (HCI_HV2);
304
305                 if (hdev->features[1] & LMP_HV3)
306                         hdev->pkt_type |= (HCI_HV3);
307
308                 BT_DBG("%s: features 0x%x 0x%x 0x%x", hdev->name, lf->features[0], lf->features[1], lf->features[2]);
309
310                 break;
311
312         case OCF_READ_BUFFER_SIZE:
313                 bs = (struct hci_rp_read_buffer_size *) skb->data;
314
315                 if (bs->status) {
316                         BT_DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
317                         hci_req_complete(hdev, bs->status);
318                         break;
319                 }
320
321                 hdev->acl_mtu  = __le16_to_cpu(bs->acl_mtu);
322                 hdev->sco_mtu  = bs->sco_mtu;
323                 hdev->acl_pkts = __le16_to_cpu(bs->acl_max_pkt);
324                 hdev->sco_pkts = __le16_to_cpu(bs->sco_max_pkt);
325
326                 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
327                         hdev->sco_mtu  = 64;
328                         hdev->sco_pkts = 8;
329                 }
330
331                 hdev->acl_cnt = hdev->acl_pkts;
332                 hdev->sco_cnt = hdev->sco_pkts;
333
334                 BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
335                         hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts);
336                 break;
337
338         case OCF_READ_BD_ADDR:
339                 ba = (struct hci_rp_read_bd_addr *) skb->data;
340
341                 if (!ba->status) {
342                         bacpy(&hdev->bdaddr, &ba->bdaddr);
343                 } else {
344                         BT_DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
345                 }
346
347                 hci_req_complete(hdev, ba->status);
348                 break;
349
350         default:
351                 BT_DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
352                 break;
353         }
354 }
355
356 /* Command Status OGF LINK_CTL  */
357 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
358 {
359         struct hci_conn *conn;
360         struct hci_cp_create_conn *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
361
362         if (!cp)
363                 return;
364
365         hci_dev_lock(hdev);
366
367         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
368
369         BT_DBG("%s status 0x%x bdaddr %s conn %p", hdev->name,
370                         status, batostr(&cp->bdaddr), conn);
371
372         if (status) {
373                 if (conn && conn->state == BT_CONNECT) {
374                         conn->state = BT_CLOSED;
375                         hci_proto_connect_cfm(conn, status);
376                         hci_conn_del(conn);
377                 }
378         } else {
379                 if (!conn) {
380                         conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
381                         if (conn) {
382                                 conn->out = 1;
383                                 conn->link_mode |= HCI_LM_MASTER;
384                         } else
385                                 BT_ERR("No memmory for new connection");
386                 }
387         }
388
389         hci_dev_unlock(hdev);
390 }
391
392 static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
393 {
394         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
395
396         switch (ocf) {
397         case OCF_CREATE_CONN:
398                 hci_cs_create_conn(hdev, status);
399                 break;
400
401         case OCF_ADD_SCO:
402                 if (status) {
403                         struct hci_conn *acl, *sco;
404                         struct hci_cp_add_sco *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_ADD_SCO);
405                         __u16 handle;
406
407                         if (!cp)
408                                 break;
409
410                         handle = __le16_to_cpu(cp->handle);
411
412                         BT_DBG("%s Add SCO error: handle %d status 0x%x", hdev->name, handle, status);
413
414                         hci_dev_lock(hdev);
415
416                         acl = hci_conn_hash_lookup_handle(hdev, handle);
417                         if (acl && (sco = acl->link)) {
418                                 sco->state = BT_CLOSED;
419
420                                 hci_proto_connect_cfm(sco, status);
421                                 hci_conn_del(sco);
422                         }
423
424                         hci_dev_unlock(hdev);
425                 }
426                 break;
427
428         case OCF_INQUIRY:
429                 if (status) {
430                         BT_DBG("%s Inquiry error: status 0x%x", hdev->name, status);
431                         hci_req_complete(hdev, status);
432                 } else {
433                         set_bit(HCI_INQUIRY, &hdev->flags);
434                 }
435                 break;
436
437         default:
438                 BT_DBG("%s Command status: ogf LINK_CTL ocf %x status %d", 
439                         hdev->name, ocf, status);
440                 break;
441         }
442 }
443
444 /* Command Status OGF LINK_POLICY */
445 static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
446 {
447         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
448
449         switch (ocf) {
450         default:
451                 BT_DBG("%s Command status: ogf HOST_POLICY ocf %x", hdev->name, ocf);
452                 break;
453         }
454 }
455
456 /* Command Status OGF HOST_CTL */
457 static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
458 {
459         BT_DBG("%s ocf 0x%x", hdev->name, ocf);
460
461         switch (ocf) {
462         default:
463                 BT_DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
464                 break;
465         }
466 }
467
468 /* Command Status OGF INFO_PARAM  */
469 static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
470 {
471         BT_DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
472
473         switch (ocf) {
474         default:
475                 BT_DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
476                 break;
477         }
478 }
479
480 /* Inquiry Complete */
481 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
482 {
483         __u8 status = *((__u8 *) skb->data);
484
485         BT_DBG("%s status %d", hdev->name, status);
486
487         clear_bit(HCI_INQUIRY, &hdev->flags);
488         hci_req_complete(hdev, status);
489 }
490
491 /* Inquiry Result */
492 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
493 {
494         struct inquiry_data data;
495         struct inquiry_info *info = (struct inquiry_info *) (skb->data + 1);
496         int num_rsp = *((__u8 *) skb->data);
497
498         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
499
500         if (!num_rsp)
501                 return;
502
503         hci_dev_lock(hdev);
504
505         for (; num_rsp; num_rsp--) {
506                 bacpy(&data.bdaddr, &info->bdaddr);
507                 data.pscan_rep_mode     = info->pscan_rep_mode;
508                 data.pscan_period_mode  = info->pscan_period_mode;
509                 data.pscan_mode         = info->pscan_mode;
510                 memcpy(data.dev_class, info->dev_class, 3);
511                 data.clock_offset       = info->clock_offset;
512                 data.rssi               = 0x00;
513                 info++;
514                 hci_inquiry_cache_update(hdev, &data);
515         }
516
517         hci_dev_unlock(hdev);
518 }
519
520 /* Inquiry Result With RSSI */
521 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
522 {
523         struct inquiry_data data;
524         int num_rsp = *((__u8 *) skb->data);
525
526         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
527
528         if (!num_rsp)
529                 return;
530
531         hci_dev_lock(hdev);
532
533         if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
534                 struct inquiry_info_with_rssi_and_pscan_mode *info =
535                         (struct inquiry_info_with_rssi_and_pscan_mode *) (skb->data + 1);
536
537                 for (; num_rsp; num_rsp--) {
538                         bacpy(&data.bdaddr, &info->bdaddr);
539                         data.pscan_rep_mode     = info->pscan_rep_mode;
540                         data.pscan_period_mode  = info->pscan_period_mode;
541                         data.pscan_mode         = info->pscan_mode;
542                         memcpy(data.dev_class, info->dev_class, 3);
543                         data.clock_offset       = info->clock_offset;
544                         data.rssi               = info->rssi;
545                         info++;
546                         hci_inquiry_cache_update(hdev, &data);
547                 }
548         } else {
549                 struct inquiry_info_with_rssi *info =
550                         (struct inquiry_info_with_rssi *) (skb->data + 1);
551
552                 for (; num_rsp; num_rsp--) {
553                         bacpy(&data.bdaddr, &info->bdaddr);
554                         data.pscan_rep_mode     = info->pscan_rep_mode;
555                         data.pscan_period_mode  = info->pscan_period_mode;
556                         data.pscan_mode         = 0x00;
557                         memcpy(data.dev_class, info->dev_class, 3);
558                         data.clock_offset       = info->clock_offset;
559                         data.rssi               = info->rssi;
560                         info++;
561                         hci_inquiry_cache_update(hdev, &data);
562                 }
563         }
564
565         hci_dev_unlock(hdev);
566 }
567
568 /* Extended Inquiry Result */
569 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
570 {
571         struct inquiry_data data;
572         struct extended_inquiry_info *info = (struct extended_inquiry_info *) (skb->data + 1);
573         int num_rsp = *((__u8 *) skb->data);
574
575         BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
576
577         if (!num_rsp)
578                 return;
579
580         hci_dev_lock(hdev);
581
582         for (; num_rsp; num_rsp--) {
583                 bacpy(&data.bdaddr, &info->bdaddr);
584                 data.pscan_rep_mode     = info->pscan_rep_mode;
585                 data.pscan_period_mode  = info->pscan_period_mode;
586                 data.pscan_mode         = 0x00;
587                 memcpy(data.dev_class, info->dev_class, 3);
588                 data.clock_offset       = info->clock_offset;
589                 data.rssi               = info->rssi;
590                 info++;
591                 hci_inquiry_cache_update(hdev, &data);
592         }
593
594         hci_dev_unlock(hdev);
595 }
596
597 /* Connect Request */
598 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
599 {
600         struct hci_ev_conn_request *ev = (struct hci_ev_conn_request *) skb->data;
601         int mask = hdev->link_mode;
602
603         BT_DBG("%s Connection request: %s type 0x%x", hdev->name,
604                         batostr(&ev->bdaddr), ev->link_type);
605
606         mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
607
608         if (mask & HCI_LM_ACCEPT) {
609                 /* Connection accepted */
610                 struct hci_conn *conn;
611                 struct hci_cp_accept_conn_req cp;
612
613                 hci_dev_lock(hdev);
614                 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
615                 if (!conn) {
616                         if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
617                                 BT_ERR("No memmory for new connection");
618                                 hci_dev_unlock(hdev);
619                                 return;
620                         }
621                 }
622                 memcpy(conn->dev_class, ev->dev_class, 3);
623                 conn->state = BT_CONNECT;
624                 hci_dev_unlock(hdev);
625
626                 bacpy(&cp.bdaddr, &ev->bdaddr);
627
628                 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
629                         cp.role = 0x00; /* Become master */
630                 else
631                         cp.role = 0x01; /* Remain slave */
632
633                 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp);
634         } else {
635                 /* Connection rejected */
636                 struct hci_cp_reject_conn_req cp;
637
638                 bacpy(&cp.bdaddr, &ev->bdaddr);
639                 cp.reason = 0x0f;
640                 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_REJECT_CONN_REQ, sizeof(cp), &cp);
641         }
642 }
643
644 /* Connect Complete */
645 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
646 {
647         struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
648         struct hci_conn *conn = NULL;
649
650         BT_DBG("%s", hdev->name);
651
652         hci_dev_lock(hdev);
653
654         conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
655         if (!conn) {
656                 hci_dev_unlock(hdev);
657                 return;
658         }
659
660         if (!ev->status) {
661                 conn->handle = __le16_to_cpu(ev->handle);
662                 conn->state  = BT_CONNECTED;
663
664                 if (test_bit(HCI_AUTH, &hdev->flags))
665                         conn->link_mode |= HCI_LM_AUTH;
666
667                 if (test_bit(HCI_ENCRYPT, &hdev->flags))
668                         conn->link_mode |= HCI_LM_ENCRYPT;
669
670                 /* Set link policy */
671                 if (conn->type == ACL_LINK && hdev->link_policy) {
672                         struct hci_cp_write_link_policy cp;
673                         cp.handle = ev->handle;
674                         cp.policy = __cpu_to_le16(hdev->link_policy);
675                         hci_send_cmd(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY, sizeof(cp), &cp);
676                 }
677
678                 /* Set packet type for incoming connection */
679                 if (!conn->out) {
680                         struct hci_cp_change_conn_ptype cp;
681                         cp.handle = ev->handle;
682                         cp.pkt_type = (conn->type == ACL_LINK) ? 
683                                 __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
684                                 __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
685
686                         hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
687                 }
688         } else
689                 conn->state = BT_CLOSED;
690
691         if (conn->type == ACL_LINK) {
692                 struct hci_conn *sco = conn->link;
693                 if (sco) {
694                         if (!ev->status)
695                                 hci_add_sco(sco, conn->handle);
696                         else {
697                                 hci_proto_connect_cfm(sco, ev->status);
698                                 hci_conn_del(sco);
699                         }
700                 }
701         }
702
703         hci_proto_connect_cfm(conn, ev->status);
704         if (ev->status)
705                 hci_conn_del(conn);
706
707         hci_dev_unlock(hdev);
708 }
709
710 /* Disconnect Complete */
711 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
712 {
713         struct hci_ev_disconn_complete *ev = (struct hci_ev_disconn_complete *) skb->data;
714         struct hci_conn *conn = NULL;
715         __u16 handle = __le16_to_cpu(ev->handle);
716
717         BT_DBG("%s status %d", hdev->name, ev->status);
718
719         if (ev->status)
720                 return;
721
722         hci_dev_lock(hdev);
723
724         conn = hci_conn_hash_lookup_handle(hdev, handle);
725         if (conn) {
726                 conn->state = BT_CLOSED;
727                 hci_proto_disconn_ind(conn, ev->reason);
728                 hci_conn_del(conn);
729         }
730
731         hci_dev_unlock(hdev);
732 }
733
734 /* Number of completed packets */
735 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
736 {
737         struct hci_ev_num_comp_pkts *ev = (struct hci_ev_num_comp_pkts *) skb->data;
738         __le16 *ptr;
739         int i;
740
741         skb_pull(skb, sizeof(*ev));
742
743         BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
744
745         if (skb->len < ev->num_hndl * 4) {
746                 BT_DBG("%s bad parameters", hdev->name);
747                 return;
748         }
749
750         tasklet_disable(&hdev->tx_task);
751
752         for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
753                 struct hci_conn *conn;
754                 __u16  handle, count;
755
756                 handle = __le16_to_cpu(get_unaligned(ptr++));
757                 count  = __le16_to_cpu(get_unaligned(ptr++));
758
759                 conn = hci_conn_hash_lookup_handle(hdev, handle);
760                 if (conn) {
761                         conn->sent -= count;
762
763                         if (conn->type == SCO_LINK) {
764                                 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
765                                         hdev->sco_cnt = hdev->sco_pkts;
766                         } else {
767                                 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
768                                         hdev->acl_cnt = hdev->acl_pkts;
769                         }
770                 }
771         }
772         hci_sched_tx(hdev);
773
774         tasklet_enable(&hdev->tx_task);
775 }
776
777 /* Role Change */
778 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
779 {
780         struct hci_ev_role_change *ev = (struct hci_ev_role_change *) skb->data;
781         struct hci_conn *conn = NULL;
782
783         BT_DBG("%s status %d", hdev->name, ev->status);
784
785         hci_dev_lock(hdev);
786
787         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
788         if (conn) {
789                 if (!ev->status) {
790                         if (ev->role)
791                                 conn->link_mode &= ~HCI_LM_MASTER;
792                         else
793                                 conn->link_mode |= HCI_LM_MASTER;
794                 }
795
796                 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
797
798                 hci_role_switch_cfm(conn, ev->status, ev->role);
799         }
800
801         hci_dev_unlock(hdev);
802 }
803
804 /* Authentication Complete */
805 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
806 {
807         struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data;
808         struct hci_conn *conn = NULL;
809         __u16 handle = __le16_to_cpu(ev->handle);
810
811         BT_DBG("%s status %d", hdev->name, ev->status);
812
813         hci_dev_lock(hdev);
814
815         conn = hci_conn_hash_lookup_handle(hdev, handle);
816         if (conn) {
817                 if (!ev->status)
818                         conn->link_mode |= HCI_LM_AUTH;
819
820                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
821
822                 hci_auth_cfm(conn, ev->status);
823
824                 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
825                         if (!ev->status) {
826                                 struct hci_cp_set_conn_encrypt cp;
827                                 cp.handle  = __cpu_to_le16(conn->handle);
828                                 cp.encrypt = 1;
829                                 hci_send_cmd(conn->hdev, OGF_LINK_CTL,
830                                                 OCF_SET_CONN_ENCRYPT,
831                                                 sizeof(cp), &cp);
832                         } else {
833                                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
834                                 hci_encrypt_cfm(conn, ev->status, 0x00);
835                         }
836                 }
837         }
838
839         hci_dev_unlock(hdev);
840 }
841
842 /* Encryption Change */
843 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
844 {
845         struct hci_ev_encrypt_change *ev = (struct hci_ev_encrypt_change *) skb->data;
846         struct hci_conn *conn = NULL;
847         __u16 handle = __le16_to_cpu(ev->handle);
848
849         BT_DBG("%s status %d", hdev->name, ev->status);
850
851         hci_dev_lock(hdev);
852
853         conn = hci_conn_hash_lookup_handle(hdev, handle);
854         if (conn) {
855                 if (!ev->status) {
856                         if (ev->encrypt)
857                                 conn->link_mode |= HCI_LM_ENCRYPT;
858                         else
859                                 conn->link_mode &= ~HCI_LM_ENCRYPT;
860                 }
861
862                 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
863
864                 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
865         }
866
867         hci_dev_unlock(hdev);
868 }
869
870 /* Change Connection Link Key Complete */
871 static inline void hci_change_conn_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
872 {
873         struct hci_ev_change_conn_link_key_complete *ev = (struct hci_ev_change_conn_link_key_complete *) skb->data;
874         struct hci_conn *conn = NULL;
875         __u16 handle = __le16_to_cpu(ev->handle);
876
877         BT_DBG("%s status %d", hdev->name, ev->status);
878
879         hci_dev_lock(hdev);
880
881         conn = hci_conn_hash_lookup_handle(hdev, handle);
882         if (conn) {
883                 if (!ev->status)
884                         conn->link_mode |= HCI_LM_SECURE;
885
886                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
887
888                 hci_key_change_cfm(conn, ev->status);
889         }
890
891         hci_dev_unlock(hdev);
892 }
893
894 /* Pin Code Request*/
895 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
896 {
897 }
898
899 /* Link Key Request */
900 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
901 {
902 }
903
904 /* Link Key Notification */
905 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
906 {
907 }
908
909 /* Clock Offset */
910 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
911 {
912         struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data;
913         struct hci_conn *conn = NULL;
914         __u16 handle = __le16_to_cpu(ev->handle);
915
916         BT_DBG("%s status %d", hdev->name, ev->status);
917
918         hci_dev_lock(hdev);
919
920         conn = hci_conn_hash_lookup_handle(hdev, handle);
921         if (conn && !ev->status) {
922                 struct inquiry_entry *ie;
923
924                 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
925                         ie->data.clock_offset = ev->clock_offset;
926                         ie->timestamp = jiffies;
927                 }
928         }
929
930         hci_dev_unlock(hdev);
931 }
932
933 /* Page Scan Repetition Mode */
934 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
935 {
936         struct hci_ev_pscan_rep_mode *ev = (struct hci_ev_pscan_rep_mode *) skb->data;
937         struct inquiry_entry *ie;
938
939         BT_DBG("%s", hdev->name);
940
941         hci_dev_lock(hdev);
942
943         if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
944                 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
945                 ie->timestamp = jiffies;
946         }
947
948         hci_dev_unlock(hdev);
949 }
950
951 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
952 {
953         struct hci_event_hdr *hdr = (struct hci_event_hdr *) skb->data;
954         struct hci_ev_cmd_complete *ec;
955         struct hci_ev_cmd_status *cs;
956         u16 opcode, ocf, ogf;
957
958         skb_pull(skb, HCI_EVENT_HDR_SIZE);
959
960         BT_DBG("%s evt 0x%x", hdev->name, hdr->evt);
961
962         switch (hdr->evt) {
963         case HCI_EV_NUM_COMP_PKTS:
964                 hci_num_comp_pkts_evt(hdev, skb);
965                 break;
966
967         case HCI_EV_INQUIRY_COMPLETE:
968                 hci_inquiry_complete_evt(hdev, skb);
969                 break;
970
971         case HCI_EV_INQUIRY_RESULT:
972                 hci_inquiry_result_evt(hdev, skb);
973                 break;
974
975         case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
976                 hci_inquiry_result_with_rssi_evt(hdev, skb);
977                 break;
978
979         case HCI_EV_EXTENDED_INQUIRY_RESULT:
980                 hci_extended_inquiry_result_evt(hdev, skb);
981                 break;
982
983         case HCI_EV_CONN_REQUEST:
984                 hci_conn_request_evt(hdev, skb);
985                 break;
986
987         case HCI_EV_CONN_COMPLETE:
988                 hci_conn_complete_evt(hdev, skb);
989                 break;
990
991         case HCI_EV_DISCONN_COMPLETE:
992                 hci_disconn_complete_evt(hdev, skb);
993                 break;
994
995         case HCI_EV_ROLE_CHANGE:
996                 hci_role_change_evt(hdev, skb);
997                 break;
998
999         case HCI_EV_AUTH_COMPLETE:
1000                 hci_auth_complete_evt(hdev, skb);
1001                 break;
1002
1003         case HCI_EV_ENCRYPT_CHANGE:
1004                 hci_encrypt_change_evt(hdev, skb);
1005                 break;
1006
1007         case HCI_EV_CHANGE_CONN_LINK_KEY_COMPLETE:
1008                 hci_change_conn_link_key_complete_evt(hdev, skb);
1009                 break;
1010
1011         case HCI_EV_PIN_CODE_REQ:
1012                 hci_pin_code_request_evt(hdev, skb);
1013                 break;
1014
1015         case HCI_EV_LINK_KEY_REQ:
1016                 hci_link_key_request_evt(hdev, skb);
1017                 break;
1018
1019         case HCI_EV_LINK_KEY_NOTIFY:
1020                 hci_link_key_notify_evt(hdev, skb);
1021                 break;
1022
1023         case HCI_EV_CLOCK_OFFSET:
1024                 hci_clock_offset_evt(hdev, skb);
1025                 break;
1026
1027         case HCI_EV_PSCAN_REP_MODE:
1028                 hci_pscan_rep_mode_evt(hdev, skb);
1029                 break;
1030
1031         case HCI_EV_CMD_STATUS:
1032                 cs = (struct hci_ev_cmd_status *) skb->data;
1033                 skb_pull(skb, sizeof(cs));
1034
1035                 opcode = __le16_to_cpu(cs->opcode);
1036                 ogf = hci_opcode_ogf(opcode);
1037                 ocf = hci_opcode_ocf(opcode);
1038
1039                 switch (ogf) {
1040                 case OGF_INFO_PARAM:
1041                         hci_cs_info_param(hdev, ocf, cs->status);
1042                         break;
1043
1044                 case OGF_HOST_CTL:
1045                         hci_cs_host_ctl(hdev, ocf, cs->status);
1046                         break;
1047
1048                 case OGF_LINK_CTL:
1049                         hci_cs_link_ctl(hdev, ocf, cs->status);
1050                         break;
1051
1052                 case OGF_LINK_POLICY:
1053                         hci_cs_link_policy(hdev, ocf, cs->status);
1054                         break;
1055
1056                 default:
1057                         BT_DBG("%s Command Status OGF %x", hdev->name, ogf);
1058                         break;
1059                 }
1060
1061                 if (cs->ncmd) {
1062                         atomic_set(&hdev->cmd_cnt, 1);
1063                         if (!skb_queue_empty(&hdev->cmd_q))
1064                                 hci_sched_cmd(hdev);
1065                 }
1066                 break;
1067
1068         case HCI_EV_CMD_COMPLETE:
1069                 ec = (struct hci_ev_cmd_complete *) skb->data;
1070                 skb_pull(skb, sizeof(*ec));
1071
1072                 opcode = __le16_to_cpu(ec->opcode);
1073                 ogf = hci_opcode_ogf(opcode);
1074                 ocf = hci_opcode_ocf(opcode);
1075
1076                 switch (ogf) {
1077                 case OGF_INFO_PARAM:
1078                         hci_cc_info_param(hdev, ocf, skb);
1079                         break;
1080
1081                 case OGF_HOST_CTL:
1082                         hci_cc_host_ctl(hdev, ocf, skb);
1083                         break;
1084
1085                 case OGF_LINK_CTL:
1086                         hci_cc_link_ctl(hdev, ocf, skb);
1087                         break;
1088
1089                 case OGF_LINK_POLICY:
1090                         hci_cc_link_policy(hdev, ocf, skb);
1091                         break;
1092
1093                 default:
1094                         BT_DBG("%s Command Completed OGF %x", hdev->name, ogf);
1095                         break;
1096                 }
1097
1098                 if (ec->ncmd) {
1099                         atomic_set(&hdev->cmd_cnt, 1);
1100                         if (!skb_queue_empty(&hdev->cmd_q))
1101                                 hci_sched_cmd(hdev);
1102                 }
1103                 break;
1104         }
1105
1106         kfree_skb(skb);
1107         hdev->stat.evt_rx++;
1108 }
1109
1110 /* Generate internal stack event */
1111 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1112 {
1113         struct hci_event_hdr *hdr;
1114         struct hci_ev_stack_internal *ev;
1115         struct sk_buff *skb;
1116
1117         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1118         if (!skb)
1119                 return;
1120
1121         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1122         hdr->evt  = HCI_EV_STACK_INTERNAL;
1123         hdr->plen = sizeof(*ev) + dlen;
1124
1125         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
1126         ev->type = type;
1127         memcpy(ev->data, data, dlen);
1128
1129         bt_cb(skb)->incoming = 1;
1130         __net_timestamp(skb);
1131
1132         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1133         skb->dev = (void *) hdev;
1134         hci_send_to_sock(hdev, skb);
1135         kfree_skb(skb);
1136 }