Lines Matching +full:local +full:- +full:bd +full:- +full:address +full:- +full:broken
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4 Copyright 2023-2024 NXP
88 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_inquiry_cancel()
97 if (rp->status == HCI_ERROR_COMMAND_DISALLOWED && !test_bit(HCI_INQUIRY, &hdev->flags)) { in hci_cc_inquiry_cancel()
99 rp->status = 0x00; in hci_cc_inquiry_cancel()
102 if (rp->status) in hci_cc_inquiry_cancel()
103 return rp->status; in hci_cc_inquiry_cancel()
105 clear_bit(HCI_INQUIRY, &hdev->flags); in hci_cc_inquiry_cancel()
107 wake_up_bit(&hdev->flags, HCI_INQUIRY); in hci_cc_inquiry_cancel()
114 hdev->le_scan_type != LE_SCAN_ACTIVE) in hci_cc_inquiry_cancel()
118 return rp->status; in hci_cc_inquiry_cancel()
126 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_periodic_inq()
128 if (rp->status) in hci_cc_periodic_inq()
129 return rp->status; in hci_cc_periodic_inq()
133 return rp->status; in hci_cc_periodic_inq()
141 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_exit_periodic_inq()
143 if (rp->status) in hci_cc_exit_periodic_inq()
144 return rp->status; in hci_cc_exit_periodic_inq()
148 return rp->status; in hci_cc_exit_periodic_inq()
156 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_remote_name_req_cancel()
158 return rp->status; in hci_cc_remote_name_req_cancel()
167 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_role_discovery()
169 if (rp->status) in hci_cc_role_discovery()
170 return rp->status; in hci_cc_role_discovery()
174 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_role_discovery()
176 conn->role = rp->role; in hci_cc_role_discovery()
180 return rp->status; in hci_cc_role_discovery()
189 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_link_policy()
191 if (rp->status) in hci_cc_read_link_policy()
192 return rp->status; in hci_cc_read_link_policy()
196 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_read_link_policy()
198 conn->link_policy = __le16_to_cpu(rp->policy); in hci_cc_read_link_policy()
202 return rp->status; in hci_cc_read_link_policy()
212 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_link_policy()
214 if (rp->status) in hci_cc_write_link_policy()
215 return rp->status; in hci_cc_write_link_policy()
219 return rp->status; in hci_cc_write_link_policy()
223 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_write_link_policy()
225 conn->link_policy = get_unaligned_le16(sent + 2); in hci_cc_write_link_policy()
229 return rp->status; in hci_cc_write_link_policy()
237 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_def_link_policy()
239 if (rp->status) in hci_cc_read_def_link_policy()
240 return rp->status; in hci_cc_read_def_link_policy()
242 hdev->link_policy = __le16_to_cpu(rp->policy); in hci_cc_read_def_link_policy()
244 return rp->status; in hci_cc_read_def_link_policy()
253 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_def_link_policy()
255 if (rp->status) in hci_cc_write_def_link_policy()
256 return rp->status; in hci_cc_write_def_link_policy()
260 return rp->status; in hci_cc_write_def_link_policy()
262 hdev->link_policy = get_unaligned_le16(sent); in hci_cc_write_def_link_policy()
264 return rp->status; in hci_cc_write_def_link_policy()
271 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_reset()
273 clear_bit(HCI_RESET, &hdev->flags); in hci_cc_reset()
275 if (rp->status) in hci_cc_reset()
276 return rp->status; in hci_cc_reset()
278 /* Reset all non-persistent flags */ in hci_cc_reset()
283 hdev->inq_tx_power = HCI_TX_POWER_INVALID; in hci_cc_reset()
284 hdev->adv_tx_power = HCI_TX_POWER_INVALID; in hci_cc_reset()
286 memset(hdev->adv_data, 0, sizeof(hdev->adv_data)); in hci_cc_reset()
287 hdev->adv_data_len = 0; in hci_cc_reset()
289 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data)); in hci_cc_reset()
290 hdev->scan_rsp_data_len = 0; in hci_cc_reset()
292 hdev->le_scan_type = LE_SCAN_PASSIVE; in hci_cc_reset()
294 hdev->ssp_debug_mode = 0; in hci_cc_reset()
296 hci_bdaddr_list_clear(&hdev->le_accept_list); in hci_cc_reset()
297 hci_bdaddr_list_clear(&hdev->le_resolv_list); in hci_cc_reset()
299 return rp->status; in hci_cc_reset()
308 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_stored_link_key()
312 return rp->status; in hci_cc_read_stored_link_key()
314 if (!rp->status && sent->read_all == 0x01) { in hci_cc_read_stored_link_key()
315 hdev->stored_max_keys = le16_to_cpu(rp->max_keys); in hci_cc_read_stored_link_key()
316 hdev->stored_num_keys = le16_to_cpu(rp->num_keys); in hci_cc_read_stored_link_key()
319 return rp->status; in hci_cc_read_stored_link_key()
328 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_delete_stored_link_key()
330 if (rp->status) in hci_cc_delete_stored_link_key()
331 return rp->status; in hci_cc_delete_stored_link_key()
333 num_keys = le16_to_cpu(rp->num_keys); in hci_cc_delete_stored_link_key()
335 if (num_keys <= hdev->stored_num_keys) in hci_cc_delete_stored_link_key()
336 hdev->stored_num_keys -= num_keys; in hci_cc_delete_stored_link_key()
338 hdev->stored_num_keys = 0; in hci_cc_delete_stored_link_key()
340 return rp->status; in hci_cc_delete_stored_link_key()
349 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_local_name()
353 return rp->status; in hci_cc_write_local_name()
358 mgmt_set_local_name_complete(hdev, sent, rp->status); in hci_cc_write_local_name()
359 else if (!rp->status) in hci_cc_write_local_name()
360 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); in hci_cc_write_local_name()
364 return rp->status; in hci_cc_write_local_name()
372 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_name()
374 if (rp->status) in hci_cc_read_local_name()
375 return rp->status; in hci_cc_read_local_name()
379 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); in hci_cc_read_local_name()
381 return rp->status; in hci_cc_read_local_name()
390 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_auth_enable()
394 return rp->status; in hci_cc_write_auth_enable()
398 if (!rp->status) { in hci_cc_write_auth_enable()
402 set_bit(HCI_AUTH, &hdev->flags); in hci_cc_write_auth_enable()
404 clear_bit(HCI_AUTH, &hdev->flags); in hci_cc_write_auth_enable()
408 mgmt_auth_enable_complete(hdev, rp->status); in hci_cc_write_auth_enable()
412 return rp->status; in hci_cc_write_auth_enable()
422 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_encrypt_mode()
424 if (rp->status) in hci_cc_write_encrypt_mode()
425 return rp->status; in hci_cc_write_encrypt_mode()
429 return rp->status; in hci_cc_write_encrypt_mode()
434 set_bit(HCI_ENCRYPT, &hdev->flags); in hci_cc_write_encrypt_mode()
436 clear_bit(HCI_ENCRYPT, &hdev->flags); in hci_cc_write_encrypt_mode()
438 return rp->status; in hci_cc_write_encrypt_mode()
448 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_scan_enable()
452 return rp->status; in hci_cc_write_scan_enable()
458 if (rp->status) { in hci_cc_write_scan_enable()
459 hdev->discov_timeout = 0; in hci_cc_write_scan_enable()
464 set_bit(HCI_ISCAN, &hdev->flags); in hci_cc_write_scan_enable()
466 clear_bit(HCI_ISCAN, &hdev->flags); in hci_cc_write_scan_enable()
469 set_bit(HCI_PSCAN, &hdev->flags); in hci_cc_write_scan_enable()
471 clear_bit(HCI_PSCAN, &hdev->flags); in hci_cc_write_scan_enable()
476 return rp->status; in hci_cc_write_scan_enable()
486 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_set_event_filter()
488 if (rp->status) in hci_cc_set_event_filter()
489 return rp->status; in hci_cc_set_event_filter()
493 return rp->status; in hci_cc_set_event_filter()
497 if (cp->flt_type == HCI_FLT_CLEAR_ALL) in hci_cc_set_event_filter()
502 return rp->status; in hci_cc_set_event_filter()
513 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_class_of_dev()
515 if (rp->status) in hci_cc_read_class_of_dev()
516 return rp->status; in hci_cc_read_class_of_dev()
518 memcpy(hdev->dev_class, rp->dev_class, 3); in hci_cc_read_class_of_dev()
520 bt_dev_dbg(hdev, "class 0x%.2x%.2x%.2x", hdev->dev_class[2], in hci_cc_read_class_of_dev()
521 hdev->dev_class[1], hdev->dev_class[0]); in hci_cc_read_class_of_dev()
523 return rp->status; in hci_cc_read_class_of_dev()
532 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_class_of_dev()
536 return rp->status; in hci_cc_write_class_of_dev()
540 if (!rp->status) in hci_cc_write_class_of_dev()
541 memcpy(hdev->dev_class, sent, 3); in hci_cc_write_class_of_dev()
544 mgmt_set_class_of_dev_complete(hdev, sent, rp->status); in hci_cc_write_class_of_dev()
548 return rp->status; in hci_cc_write_class_of_dev()
557 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_voice_setting()
559 if (rp->status) in hci_cc_read_voice_setting()
560 return rp->status; in hci_cc_read_voice_setting()
562 setting = __le16_to_cpu(rp->voice_setting); in hci_cc_read_voice_setting()
564 if (hdev->voice_setting == setting) in hci_cc_read_voice_setting()
565 return rp->status; in hci_cc_read_voice_setting()
567 hdev->voice_setting = setting; in hci_cc_read_voice_setting()
571 if (hdev->notify) in hci_cc_read_voice_setting()
572 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); in hci_cc_read_voice_setting()
574 return rp->status; in hci_cc_read_voice_setting()
584 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_voice_setting()
586 if (rp->status) in hci_cc_write_voice_setting()
587 return rp->status; in hci_cc_write_voice_setting()
591 return rp->status; in hci_cc_write_voice_setting()
595 if (hdev->voice_setting == setting) in hci_cc_write_voice_setting()
596 return rp->status; in hci_cc_write_voice_setting()
598 hdev->voice_setting = setting; in hci_cc_write_voice_setting()
602 if (hdev->notify) in hci_cc_write_voice_setting()
603 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); in hci_cc_write_voice_setting()
605 return rp->status; in hci_cc_write_voice_setting()
613 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_num_supported_iac()
615 if (rp->status) in hci_cc_read_num_supported_iac()
616 return rp->status; in hci_cc_read_num_supported_iac()
618 hdev->num_iac = rp->num_iac; in hci_cc_read_num_supported_iac()
620 bt_dev_dbg(hdev, "num iac %d", hdev->num_iac); in hci_cc_read_num_supported_iac()
622 return rp->status; in hci_cc_read_num_supported_iac()
631 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_ssp_mode()
635 return rp->status; in hci_cc_write_ssp_mode()
639 if (!rp->status) { in hci_cc_write_ssp_mode()
640 if (sent->mode) in hci_cc_write_ssp_mode()
641 hdev->features[1][0] |= LMP_HOST_SSP; in hci_cc_write_ssp_mode()
643 hdev->features[1][0] &= ~LMP_HOST_SSP; in hci_cc_write_ssp_mode()
646 if (!rp->status) { in hci_cc_write_ssp_mode()
647 if (sent->mode) in hci_cc_write_ssp_mode()
655 return rp->status; in hci_cc_write_ssp_mode()
664 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_sc_support()
668 return rp->status; in hci_cc_write_sc_support()
672 if (!rp->status) { in hci_cc_write_sc_support()
673 if (sent->support) in hci_cc_write_sc_support()
674 hdev->features[1][0] |= LMP_HOST_SC; in hci_cc_write_sc_support()
676 hdev->features[1][0] &= ~LMP_HOST_SC; in hci_cc_write_sc_support()
679 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !rp->status) { in hci_cc_write_sc_support()
680 if (sent->support) in hci_cc_write_sc_support()
688 return rp->status; in hci_cc_write_sc_support()
696 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_version()
698 if (rp->status) in hci_cc_read_local_version()
699 return rp->status; in hci_cc_read_local_version()
703 hdev->hci_ver = rp->hci_ver; in hci_cc_read_local_version()
704 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); in hci_cc_read_local_version()
705 hdev->lmp_ver = rp->lmp_ver; in hci_cc_read_local_version()
706 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); in hci_cc_read_local_version()
707 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); in hci_cc_read_local_version()
710 return rp->status; in hci_cc_read_local_version()
719 u8 status = rp->status; in hci_cc_read_enc_key_size()
723 handle = le16_to_cpu(rp->handle); in hci_cc_read_enc_key_size()
740 conn->enc_key_size = 0; in hci_cc_read_enc_key_size()
742 conn->enc_key_size = rp->key_size; in hci_cc_read_enc_key_size()
745 if (conn->enc_key_size < hdev->min_enc_key_size) { in hci_cc_read_enc_key_size()
746 /* As slave role, the conn->state has been set to in hci_cc_read_enc_key_size()
749 * nothing with the non-zero status. in hci_cc_read_enc_key_size()
755 clear_bit(HCI_CONN_ENCRYPT, &conn->flags); in hci_cc_read_enc_key_size()
756 clear_bit(HCI_CONN_AES_CCM, &conn->flags); in hci_cc_read_enc_key_size()
773 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_commands()
775 if (rp->status) in hci_cc_read_local_commands()
776 return rp->status; in hci_cc_read_local_commands()
780 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); in hci_cc_read_local_commands()
782 return rp->status; in hci_cc_read_local_commands()
791 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_auth_payload_timeout()
793 if (rp->status) in hci_cc_read_auth_payload_timeout()
794 return rp->status; in hci_cc_read_auth_payload_timeout()
798 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_read_auth_payload_timeout()
800 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout); in hci_cc_read_auth_payload_timeout()
804 return rp->status; in hci_cc_read_auth_payload_timeout()
814 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_auth_payload_timeout()
818 return rp->status; in hci_cc_write_auth_payload_timeout()
822 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_write_auth_payload_timeout()
824 rp->status = 0xff; in hci_cc_write_auth_payload_timeout()
828 if (!rp->status) in hci_cc_write_auth_payload_timeout()
829 conn->auth_payload_timeout = get_unaligned_le16(sent + 2); in hci_cc_write_auth_payload_timeout()
834 return rp->status; in hci_cc_write_auth_payload_timeout()
842 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_features()
844 if (rp->status) in hci_cc_read_local_features()
845 return rp->status; in hci_cc_read_local_features()
847 memcpy(hdev->features, rp->features, 8); in hci_cc_read_local_features()
852 if (hdev->features[0][0] & LMP_3SLOT) in hci_cc_read_local_features()
853 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); in hci_cc_read_local_features()
855 if (hdev->features[0][0] & LMP_5SLOT) in hci_cc_read_local_features()
856 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); in hci_cc_read_local_features()
858 if (hdev->features[0][1] & LMP_HV2) { in hci_cc_read_local_features()
859 hdev->pkt_type |= (HCI_HV2); in hci_cc_read_local_features()
860 hdev->esco_type |= (ESCO_HV2); in hci_cc_read_local_features()
863 if (hdev->features[0][1] & LMP_HV3) { in hci_cc_read_local_features()
864 hdev->pkt_type |= (HCI_HV3); in hci_cc_read_local_features()
865 hdev->esco_type |= (ESCO_HV3); in hci_cc_read_local_features()
869 hdev->esco_type |= (ESCO_EV3); in hci_cc_read_local_features()
871 if (hdev->features[0][4] & LMP_EV4) in hci_cc_read_local_features()
872 hdev->esco_type |= (ESCO_EV4); in hci_cc_read_local_features()
874 if (hdev->features[0][4] & LMP_EV5) in hci_cc_read_local_features()
875 hdev->esco_type |= (ESCO_EV5); in hci_cc_read_local_features()
877 if (hdev->features[0][5] & LMP_EDR_ESCO_2M) in hci_cc_read_local_features()
878 hdev->esco_type |= (ESCO_2EV3); in hci_cc_read_local_features()
880 if (hdev->features[0][5] & LMP_EDR_ESCO_3M) in hci_cc_read_local_features()
881 hdev->esco_type |= (ESCO_3EV3); in hci_cc_read_local_features()
883 if (hdev->features[0][5] & LMP_EDR_3S_ESCO) in hci_cc_read_local_features()
884 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); in hci_cc_read_local_features()
886 return rp->status; in hci_cc_read_local_features()
894 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_ext_features()
896 if (rp->status) in hci_cc_read_local_ext_features()
897 return rp->status; in hci_cc_read_local_ext_features()
899 if (hdev->max_page < rp->max_page) { in hci_cc_read_local_ext_features()
901 &hdev->quirks)) in hci_cc_read_local_ext_features()
902 bt_dev_warn(hdev, "broken local ext features page 2"); in hci_cc_read_local_ext_features()
904 hdev->max_page = rp->max_page; in hci_cc_read_local_ext_features()
907 if (rp->page < HCI_MAX_PAGES) in hci_cc_read_local_ext_features()
908 memcpy(hdev->features[rp->page], rp->features, 8); in hci_cc_read_local_ext_features()
910 return rp->status; in hci_cc_read_local_ext_features()
918 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_buffer_size()
920 if (rp->status) in hci_cc_read_buffer_size()
921 return rp->status; in hci_cc_read_buffer_size()
923 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); in hci_cc_read_buffer_size()
924 hdev->sco_mtu = rp->sco_mtu; in hci_cc_read_buffer_size()
925 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); in hci_cc_read_buffer_size()
926 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); in hci_cc_read_buffer_size()
928 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { in hci_cc_read_buffer_size()
929 hdev->sco_mtu = 64; in hci_cc_read_buffer_size()
930 hdev->sco_pkts = 8; in hci_cc_read_buffer_size()
933 hdev->acl_cnt = hdev->acl_pkts; in hci_cc_read_buffer_size()
934 hdev->sco_cnt = hdev->sco_pkts; in hci_cc_read_buffer_size()
936 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, in hci_cc_read_buffer_size()
937 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); in hci_cc_read_buffer_size()
939 if (!hdev->acl_mtu || !hdev->acl_pkts) in hci_cc_read_buffer_size()
942 return rp->status; in hci_cc_read_buffer_size()
950 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_bd_addr()
952 if (rp->status) in hci_cc_read_bd_addr()
953 return rp->status; in hci_cc_read_bd_addr()
955 if (test_bit(HCI_INIT, &hdev->flags)) in hci_cc_read_bd_addr()
956 bacpy(&hdev->bdaddr, &rp->bdaddr); in hci_cc_read_bd_addr()
959 bacpy(&hdev->setup_addr, &rp->bdaddr); in hci_cc_read_bd_addr()
961 return rp->status; in hci_cc_read_bd_addr()
969 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_pairing_opts()
971 if (rp->status) in hci_cc_read_local_pairing_opts()
972 return rp->status; in hci_cc_read_local_pairing_opts()
976 hdev->pairing_opts = rp->pairing_opts; in hci_cc_read_local_pairing_opts()
977 hdev->max_enc_key_size = rp->max_key_size; in hci_cc_read_local_pairing_opts()
980 return rp->status; in hci_cc_read_local_pairing_opts()
988 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_page_scan_activity()
990 if (rp->status) in hci_cc_read_page_scan_activity()
991 return rp->status; in hci_cc_read_page_scan_activity()
993 if (test_bit(HCI_INIT, &hdev->flags)) { in hci_cc_read_page_scan_activity()
994 hdev->page_scan_interval = __le16_to_cpu(rp->interval); in hci_cc_read_page_scan_activity()
995 hdev->page_scan_window = __le16_to_cpu(rp->window); in hci_cc_read_page_scan_activity()
998 return rp->status; in hci_cc_read_page_scan_activity()
1007 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_page_scan_activity()
1009 if (rp->status) in hci_cc_write_page_scan_activity()
1010 return rp->status; in hci_cc_write_page_scan_activity()
1014 return rp->status; in hci_cc_write_page_scan_activity()
1016 hdev->page_scan_interval = __le16_to_cpu(sent->interval); in hci_cc_write_page_scan_activity()
1017 hdev->page_scan_window = __le16_to_cpu(sent->window); in hci_cc_write_page_scan_activity()
1019 return rp->status; in hci_cc_write_page_scan_activity()
1027 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_page_scan_type()
1029 if (rp->status) in hci_cc_read_page_scan_type()
1030 return rp->status; in hci_cc_read_page_scan_type()
1032 if (test_bit(HCI_INIT, &hdev->flags)) in hci_cc_read_page_scan_type()
1033 hdev->page_scan_type = rp->type; in hci_cc_read_page_scan_type()
1035 return rp->status; in hci_cc_read_page_scan_type()
1044 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_page_scan_type()
1046 if (rp->status) in hci_cc_write_page_scan_type()
1047 return rp->status; in hci_cc_write_page_scan_type()
1051 hdev->page_scan_type = *type; in hci_cc_write_page_scan_type()
1053 return rp->status; in hci_cc_write_page_scan_type()
1063 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_clock()
1065 if (rp->status) in hci_cc_read_clock()
1066 return rp->status; in hci_cc_read_clock()
1074 if (cp->which == 0x00) { in hci_cc_read_clock()
1075 hdev->clock = le32_to_cpu(rp->clock); in hci_cc_read_clock()
1079 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_read_clock()
1081 conn->clock = le32_to_cpu(rp->clock); in hci_cc_read_clock()
1082 conn->clock_accuracy = le16_to_cpu(rp->accuracy); in hci_cc_read_clock()
1087 return rp->status; in hci_cc_read_clock()
1095 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_inq_rsp_tx_power()
1097 if (rp->status) in hci_cc_read_inq_rsp_tx_power()
1098 return rp->status; in hci_cc_read_inq_rsp_tx_power()
1100 hdev->inq_tx_power = rp->tx_power; in hci_cc_read_inq_rsp_tx_power()
1102 return rp->status; in hci_cc_read_inq_rsp_tx_power()
1110 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_def_err_data_reporting()
1112 if (rp->status) in hci_cc_read_def_err_data_reporting()
1113 return rp->status; in hci_cc_read_def_err_data_reporting()
1115 hdev->err_data_reporting = rp->err_data_reporting; in hci_cc_read_def_err_data_reporting()
1117 return rp->status; in hci_cc_read_def_err_data_reporting()
1126 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_def_err_data_reporting()
1128 if (rp->status) in hci_cc_write_def_err_data_reporting()
1129 return rp->status; in hci_cc_write_def_err_data_reporting()
1133 return rp->status; in hci_cc_write_def_err_data_reporting()
1135 hdev->err_data_reporting = cp->err_data_reporting; in hci_cc_write_def_err_data_reporting()
1137 return rp->status; in hci_cc_write_def_err_data_reporting()
1147 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_pin_code_reply()
1152 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status); in hci_cc_pin_code_reply()
1154 if (rp->status) in hci_cc_pin_code_reply()
1161 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); in hci_cc_pin_code_reply()
1163 conn->pin_length = cp->pin_len; in hci_cc_pin_code_reply()
1167 return rp->status; in hci_cc_pin_code_reply()
1175 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_pin_code_neg_reply()
1180 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr, in hci_cc_pin_code_neg_reply()
1181 rp->status); in hci_cc_pin_code_neg_reply()
1185 return rp->status; in hci_cc_pin_code_neg_reply()
1193 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_buffer_size()
1195 if (rp->status) in hci_cc_le_read_buffer_size()
1196 return rp->status; in hci_cc_le_read_buffer_size()
1198 hdev->le_mtu = __le16_to_cpu(rp->le_mtu); in hci_cc_le_read_buffer_size()
1199 hdev->le_pkts = rp->le_max_pkt; in hci_cc_le_read_buffer_size()
1201 hdev->le_cnt = hdev->le_pkts; in hci_cc_le_read_buffer_size()
1203 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); in hci_cc_le_read_buffer_size()
1205 if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) in hci_cc_le_read_buffer_size()
1208 return rp->status; in hci_cc_le_read_buffer_size()
1216 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); in hci_cc_le_read_local_features()
1218 if (rp->status) in hci_cc_le_read_local_features()
1219 return rp->status; in hci_cc_le_read_local_features()
1221 memcpy(hdev->le_features, rp->features, 8); in hci_cc_le_read_local_features()
1223 return rp->status; in hci_cc_le_read_local_features()
1231 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_adv_tx_power()
1233 if (rp->status) in hci_cc_le_read_adv_tx_power()
1234 return rp->status; in hci_cc_le_read_adv_tx_power()
1236 hdev->adv_tx_power = rp->tx_power; in hci_cc_le_read_adv_tx_power()
1238 return rp->status; in hci_cc_le_read_adv_tx_power()
1246 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_user_confirm_reply()
1251 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0, in hci_cc_user_confirm_reply()
1252 rp->status); in hci_cc_user_confirm_reply()
1256 return rp->status; in hci_cc_user_confirm_reply()
1264 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_user_confirm_neg_reply()
1269 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr, in hci_cc_user_confirm_neg_reply()
1270 ACL_LINK, 0, rp->status); in hci_cc_user_confirm_neg_reply()
1274 return rp->status; in hci_cc_user_confirm_neg_reply()
1282 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_user_passkey_reply()
1287 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK, in hci_cc_user_passkey_reply()
1288 0, rp->status); in hci_cc_user_passkey_reply()
1292 return rp->status; in hci_cc_user_passkey_reply()
1300 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_user_passkey_neg_reply()
1305 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr, in hci_cc_user_passkey_neg_reply()
1306 ACL_LINK, 0, rp->status); in hci_cc_user_passkey_neg_reply()
1310 return rp->status; in hci_cc_user_passkey_neg_reply()
1318 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_oob_data()
1320 return rp->status; in hci_cc_read_local_oob_data()
1328 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_local_oob_ext_data()
1330 return rp->status; in hci_cc_read_local_oob_ext_data()
1339 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_random_addr()
1341 if (rp->status) in hci_cc_le_set_random_addr()
1342 return rp->status; in hci_cc_le_set_random_addr()
1346 return rp->status; in hci_cc_le_set_random_addr()
1350 bacpy(&hdev->random_addr, sent); in hci_cc_le_set_random_addr()
1352 if (!bacmp(&hdev->rpa, sent)) { in hci_cc_le_set_random_addr()
1354 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, in hci_cc_le_set_random_addr()
1355 secs_to_jiffies(hdev->rpa_timeout)); in hci_cc_le_set_random_addr()
1360 return rp->status; in hci_cc_le_set_random_addr()
1369 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_default_phy()
1371 if (rp->status) in hci_cc_le_set_default_phy()
1372 return rp->status; in hci_cc_le_set_default_phy()
1376 return rp->status; in hci_cc_le_set_default_phy()
1380 hdev->le_tx_def_phys = cp->tx_phys; in hci_cc_le_set_default_phy()
1381 hdev->le_rx_def_phys = cp->rx_phys; in hci_cc_le_set_default_phy()
1385 return rp->status; in hci_cc_le_set_default_phy()
1395 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_adv_set_random_addr()
1397 if (rp->status) in hci_cc_le_set_adv_set_random_addr()
1398 return rp->status; in hci_cc_le_set_adv_set_random_addr()
1403 * non-extended adverting. in hci_cc_le_set_adv_set_random_addr()
1405 if (!cp || !cp->handle) in hci_cc_le_set_adv_set_random_addr()
1406 return rp->status; in hci_cc_le_set_adv_set_random_addr()
1410 adv = hci_find_adv_instance(hdev, cp->handle); in hci_cc_le_set_adv_set_random_addr()
1412 bacpy(&adv->random_addr, &cp->bdaddr); in hci_cc_le_set_adv_set_random_addr()
1413 if (!bacmp(&hdev->rpa, &cp->bdaddr)) { in hci_cc_le_set_adv_set_random_addr()
1414 adv->rpa_expired = false; in hci_cc_le_set_adv_set_random_addr()
1415 queue_delayed_work(hdev->workqueue, in hci_cc_le_set_adv_set_random_addr()
1416 &adv->rpa_expired_cb, in hci_cc_le_set_adv_set_random_addr()
1417 secs_to_jiffies(hdev->rpa_timeout)); in hci_cc_le_set_adv_set_random_addr()
1423 return rp->status; in hci_cc_le_set_adv_set_random_addr()
1433 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_remove_adv_set()
1435 if (rp->status) in hci_cc_le_remove_adv_set()
1436 return rp->status; in hci_cc_le_remove_adv_set()
1440 return rp->status; in hci_cc_le_remove_adv_set()
1446 mgmt_advertising_removed(hci_skb_sk(hdev->sent_cmd), hdev, in hci_cc_le_remove_adv_set()
1451 return rp->status; in hci_cc_le_remove_adv_set()
1461 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_clear_adv_sets()
1463 if (rp->status) in hci_cc_le_clear_adv_sets()
1464 return rp->status; in hci_cc_le_clear_adv_sets()
1467 return rp->status; in hci_cc_le_clear_adv_sets()
1471 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { in hci_cc_le_clear_adv_sets()
1472 u8 instance = adv->instance; in hci_cc_le_clear_adv_sets()
1476 mgmt_advertising_removed(hci_skb_sk(hdev->sent_cmd), in hci_cc_le_clear_adv_sets()
1482 return rp->status; in hci_cc_le_clear_adv_sets()
1490 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_transmit_power()
1492 if (rp->status) in hci_cc_le_read_transmit_power()
1493 return rp->status; in hci_cc_le_read_transmit_power()
1495 hdev->min_le_tx_power = rp->min_le_tx_power; in hci_cc_le_read_transmit_power()
1496 hdev->max_le_tx_power = rp->max_le_tx_power; in hci_cc_le_read_transmit_power()
1498 return rp->status; in hci_cc_le_read_transmit_power()
1508 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_privacy_mode()
1510 if (rp->status) in hci_cc_le_set_privacy_mode()
1511 return rp->status; in hci_cc_le_set_privacy_mode()
1515 return rp->status; in hci_cc_le_set_privacy_mode()
1519 params = hci_conn_params_lookup(hdev, &cp->bdaddr, cp->bdaddr_type); in hci_cc_le_set_privacy_mode()
1521 WRITE_ONCE(params->privacy_mode, cp->mode); in hci_cc_le_set_privacy_mode()
1525 return rp->status; in hci_cc_le_set_privacy_mode()
1534 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_adv_enable()
1536 if (rp->status) in hci_cc_le_set_adv_enable()
1537 return rp->status; in hci_cc_le_set_adv_enable()
1541 return rp->status; in hci_cc_le_set_adv_enable()
1555 queue_delayed_work(hdev->workqueue, in hci_cc_le_set_adv_enable()
1556 &conn->le_conn_timeout, in hci_cc_le_set_adv_enable()
1557 conn->conn_timeout); in hci_cc_le_set_adv_enable()
1564 return rp->status; in hci_cc_le_set_adv_enable()
1575 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_ext_adv_enable()
1577 if (rp->status) in hci_cc_le_set_ext_adv_enable()
1578 return rp->status; in hci_cc_le_set_ext_adv_enable()
1582 return rp->status; in hci_cc_le_set_ext_adv_enable()
1584 set = (void *)cp->data; in hci_cc_le_set_ext_adv_enable()
1588 if (cp->num_of_sets) in hci_cc_le_set_ext_adv_enable()
1589 adv = hci_find_adv_instance(hdev, set->handle); in hci_cc_le_set_ext_adv_enable()
1591 if (cp->enable) { in hci_cc_le_set_ext_adv_enable()
1596 if (adv && !adv->periodic) in hci_cc_le_set_ext_adv_enable()
1597 adv->enabled = true; in hci_cc_le_set_ext_adv_enable()
1601 queue_delayed_work(hdev->workqueue, in hci_cc_le_set_ext_adv_enable()
1602 &conn->le_conn_timeout, in hci_cc_le_set_ext_adv_enable()
1603 conn->conn_timeout); in hci_cc_le_set_ext_adv_enable()
1605 if (cp->num_of_sets) { in hci_cc_le_set_ext_adv_enable()
1607 adv->enabled = false; in hci_cc_le_set_ext_adv_enable()
1612 list_for_each_entry_safe(adv, n, &hdev->adv_instances, in hci_cc_le_set_ext_adv_enable()
1614 if (adv->enabled) in hci_cc_le_set_ext_adv_enable()
1619 list_for_each_entry_safe(adv, n, &hdev->adv_instances, in hci_cc_le_set_ext_adv_enable()
1621 adv->enabled = false; in hci_cc_le_set_ext_adv_enable()
1629 return rp->status; in hci_cc_le_set_ext_adv_enable()
1638 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_scan_param()
1640 if (rp->status) in hci_cc_le_set_scan_param()
1641 return rp->status; in hci_cc_le_set_scan_param()
1645 return rp->status; in hci_cc_le_set_scan_param()
1649 hdev->le_scan_type = cp->type; in hci_cc_le_set_scan_param()
1653 return rp->status; in hci_cc_le_set_scan_param()
1663 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_ext_scan_param()
1665 if (rp->status) in hci_cc_le_set_ext_scan_param()
1666 return rp->status; in hci_cc_le_set_ext_scan_param()
1670 return rp->status; in hci_cc_le_set_ext_scan_param()
1672 phy_param = (void *)cp->data; in hci_cc_le_set_ext_scan_param()
1676 hdev->le_scan_type = phy_param->type; in hci_cc_le_set_ext_scan_param()
1680 return rp->status; in hci_cc_le_set_ext_scan_param()
1685 struct discovery_state *d = &hdev->discovery; in has_pending_adv_report()
1687 return bacmp(&d->last_adv_addr, BDADDR_ANY); in has_pending_adv_report()
1692 struct discovery_state *d = &hdev->discovery; in clear_pending_adv_report()
1694 bacpy(&d->last_adv_addr, BDADDR_ANY); in clear_pending_adv_report()
1695 d->last_adv_data_len = 0; in clear_pending_adv_report()
1702 struct discovery_state *d = &hdev->discovery; in store_pending_adv_report()
1707 bacpy(&d->last_adv_addr, bdaddr); in store_pending_adv_report()
1708 d->last_adv_addr_type = bdaddr_type; in store_pending_adv_report()
1709 d->last_adv_rssi = rssi; in store_pending_adv_report()
1710 d->last_adv_flags = flags; in store_pending_adv_report()
1711 memcpy(d->last_adv_data, data, len); in store_pending_adv_report()
1712 d->last_adv_data_len = len; in store_pending_adv_report()
1722 if (hdev->le_scan_type == LE_SCAN_ACTIVE) { in le_set_scan_enable_complete()
1734 struct discovery_state *d = &hdev->discovery; in le_set_scan_enable_complete()
1736 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK, in le_set_scan_enable_complete()
1737 d->last_adv_addr_type, NULL, in le_set_scan_enable_complete()
1738 d->last_adv_rssi, d->last_adv_flags, in le_set_scan_enable_complete()
1739 d->last_adv_data, in le_set_scan_enable_complete()
1740 d->last_adv_data_len, NULL, 0, 0); in le_set_scan_enable_complete()
1746 cancel_delayed_work(&hdev->le_scan_disable); in le_set_scan_enable_complete()
1757 hdev->discovery.state == DISCOVERY_FINDING) in le_set_scan_enable_complete()
1758 queue_work(hdev->workqueue, &hdev->reenable_adv_work); in le_set_scan_enable_complete()
1777 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_scan_enable()
1779 if (rp->status) in hci_cc_le_set_scan_enable()
1780 return rp->status; in hci_cc_le_set_scan_enable()
1784 return rp->status; in hci_cc_le_set_scan_enable()
1786 le_set_scan_enable_complete(hdev, cp->enable); in hci_cc_le_set_scan_enable()
1788 return rp->status; in hci_cc_le_set_scan_enable()
1797 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_ext_scan_enable()
1799 if (rp->status) in hci_cc_le_set_ext_scan_enable()
1800 return rp->status; in hci_cc_le_set_ext_scan_enable()
1804 return rp->status; in hci_cc_le_set_ext_scan_enable()
1806 le_set_scan_enable_complete(hdev, cp->enable); in hci_cc_le_set_ext_scan_enable()
1808 return rp->status; in hci_cc_le_set_ext_scan_enable()
1816 bt_dev_dbg(hdev, "status 0x%2.2x No of Adv sets %u", rp->status, in hci_cc_le_read_num_adv_sets()
1817 rp->num_of_sets); in hci_cc_le_read_num_adv_sets()
1819 if (rp->status) in hci_cc_le_read_num_adv_sets()
1820 return rp->status; in hci_cc_le_read_num_adv_sets()
1822 hdev->le_num_of_adv_sets = rp->num_of_sets; in hci_cc_le_read_num_adv_sets()
1824 return rp->status; in hci_cc_le_read_num_adv_sets()
1832 bt_dev_dbg(hdev, "status 0x%2.2x size %u", rp->status, rp->size); in hci_cc_le_read_accept_list_size()
1834 if (rp->status) in hci_cc_le_read_accept_list_size()
1835 return rp->status; in hci_cc_le_read_accept_list_size()
1837 hdev->le_accept_list_size = rp->size; in hci_cc_le_read_accept_list_size()
1839 return rp->status; in hci_cc_le_read_accept_list_size()
1847 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_clear_accept_list()
1849 if (rp->status) in hci_cc_le_clear_accept_list()
1850 return rp->status; in hci_cc_le_clear_accept_list()
1853 hci_bdaddr_list_clear(&hdev->le_accept_list); in hci_cc_le_clear_accept_list()
1856 return rp->status; in hci_cc_le_clear_accept_list()
1865 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_add_to_accept_list()
1867 if (rp->status) in hci_cc_le_add_to_accept_list()
1868 return rp->status; in hci_cc_le_add_to_accept_list()
1872 return rp->status; in hci_cc_le_add_to_accept_list()
1875 hci_bdaddr_list_add(&hdev->le_accept_list, &sent->bdaddr, in hci_cc_le_add_to_accept_list()
1876 sent->bdaddr_type); in hci_cc_le_add_to_accept_list()
1879 return rp->status; in hci_cc_le_add_to_accept_list()
1888 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_del_from_accept_list()
1890 if (rp->status) in hci_cc_le_del_from_accept_list()
1891 return rp->status; in hci_cc_le_del_from_accept_list()
1895 return rp->status; in hci_cc_le_del_from_accept_list()
1898 hci_bdaddr_list_del(&hdev->le_accept_list, &sent->bdaddr, in hci_cc_le_del_from_accept_list()
1899 sent->bdaddr_type); in hci_cc_le_del_from_accept_list()
1902 return rp->status; in hci_cc_le_del_from_accept_list()
1910 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_supported_states()
1912 if (rp->status) in hci_cc_le_read_supported_states()
1913 return rp->status; in hci_cc_le_read_supported_states()
1915 memcpy(hdev->le_states, rp->le_states, 8); in hci_cc_le_read_supported_states()
1917 return rp->status; in hci_cc_le_read_supported_states()
1925 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_def_data_len()
1927 if (rp->status) in hci_cc_le_read_def_data_len()
1928 return rp->status; in hci_cc_le_read_def_data_len()
1930 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len); in hci_cc_le_read_def_data_len()
1931 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time); in hci_cc_le_read_def_data_len()
1933 return rp->status; in hci_cc_le_read_def_data_len()
1942 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_write_def_data_len()
1944 if (rp->status) in hci_cc_le_write_def_data_len()
1945 return rp->status; in hci_cc_le_write_def_data_len()
1949 return rp->status; in hci_cc_le_write_def_data_len()
1951 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len); in hci_cc_le_write_def_data_len()
1952 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time); in hci_cc_le_write_def_data_len()
1954 return rp->status; in hci_cc_le_write_def_data_len()
1963 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_add_to_resolv_list()
1965 if (rp->status) in hci_cc_le_add_to_resolv_list()
1966 return rp->status; in hci_cc_le_add_to_resolv_list()
1970 return rp->status; in hci_cc_le_add_to_resolv_list()
1973 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr, in hci_cc_le_add_to_resolv_list()
1974 sent->bdaddr_type, sent->peer_irk, in hci_cc_le_add_to_resolv_list()
1975 sent->local_irk); in hci_cc_le_add_to_resolv_list()
1978 return rp->status; in hci_cc_le_add_to_resolv_list()
1987 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_del_from_resolv_list()
1989 if (rp->status) in hci_cc_le_del_from_resolv_list()
1990 return rp->status; in hci_cc_le_del_from_resolv_list()
1994 return rp->status; in hci_cc_le_del_from_resolv_list()
1997 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr, in hci_cc_le_del_from_resolv_list()
1998 sent->bdaddr_type); in hci_cc_le_del_from_resolv_list()
2001 return rp->status; in hci_cc_le_del_from_resolv_list()
2009 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_clear_resolv_list()
2011 if (rp->status) in hci_cc_le_clear_resolv_list()
2012 return rp->status; in hci_cc_le_clear_resolv_list()
2015 hci_bdaddr_list_clear(&hdev->le_resolv_list); in hci_cc_le_clear_resolv_list()
2018 return rp->status; in hci_cc_le_clear_resolv_list()
2026 bt_dev_dbg(hdev, "status 0x%2.2x size %u", rp->status, rp->size); in hci_cc_le_read_resolv_list_size()
2028 if (rp->status) in hci_cc_le_read_resolv_list_size()
2029 return rp->status; in hci_cc_le_read_resolv_list_size()
2031 hdev->le_resolv_list_size = rp->size; in hci_cc_le_read_resolv_list_size()
2033 return rp->status; in hci_cc_le_read_resolv_list_size()
2042 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_addr_resolution_enable()
2044 if (rp->status) in hci_cc_le_set_addr_resolution_enable()
2045 return rp->status; in hci_cc_le_set_addr_resolution_enable()
2049 return rp->status; in hci_cc_le_set_addr_resolution_enable()
2060 return rp->status; in hci_cc_le_set_addr_resolution_enable()
2068 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_max_data_len()
2070 if (rp->status) in hci_cc_le_read_max_data_len()
2071 return rp->status; in hci_cc_le_read_max_data_len()
2073 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len); in hci_cc_le_read_max_data_len()
2074 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time); in hci_cc_le_read_max_data_len()
2075 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len); in hci_cc_le_read_max_data_len()
2076 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time); in hci_cc_le_read_max_data_len()
2078 return rp->status; in hci_cc_le_read_max_data_len()
2087 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_le_host_supported()
2089 if (rp->status) in hci_cc_write_le_host_supported()
2090 return rp->status; in hci_cc_write_le_host_supported()
2094 return rp->status; in hci_cc_write_le_host_supported()
2098 if (sent->le) { in hci_cc_write_le_host_supported()
2099 hdev->features[1][0] |= LMP_HOST_LE; in hci_cc_write_le_host_supported()
2102 hdev->features[1][0] &= ~LMP_HOST_LE; in hci_cc_write_le_host_supported()
2107 if (sent->simul) in hci_cc_write_le_host_supported()
2108 hdev->features[1][0] |= LMP_HOST_LE_BREDR; in hci_cc_write_le_host_supported()
2110 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; in hci_cc_write_le_host_supported()
2114 return rp->status; in hci_cc_write_le_host_supported()
2123 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_set_adv_param()
2125 if (rp->status) in hci_cc_set_adv_param()
2126 return rp->status; in hci_cc_set_adv_param()
2130 return rp->status; in hci_cc_set_adv_param()
2133 hdev->adv_addr_type = cp->own_address_type; in hci_cc_set_adv_param()
2136 return rp->status; in hci_cc_set_adv_param()
2146 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_set_ext_adv_param()
2148 if (rp->status) in hci_cc_set_ext_adv_param()
2149 return rp->status; in hci_cc_set_ext_adv_param()
2153 return rp->status; in hci_cc_set_ext_adv_param()
2156 hdev->adv_addr_type = cp->own_addr_type; in hci_cc_set_ext_adv_param()
2157 if (!cp->handle) { in hci_cc_set_ext_adv_param()
2159 hdev->adv_tx_power = rp->tx_power; in hci_cc_set_ext_adv_param()
2161 adv_instance = hci_find_adv_instance(hdev, cp->handle); in hci_cc_set_ext_adv_param()
2163 adv_instance->tx_power = rp->tx_power; in hci_cc_set_ext_adv_param()
2166 hci_update_adv_data(hdev, cp->handle); in hci_cc_set_ext_adv_param()
2170 return rp->status; in hci_cc_set_ext_adv_param()
2179 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_rssi()
2181 if (rp->status) in hci_cc_read_rssi()
2182 return rp->status; in hci_cc_read_rssi()
2186 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_read_rssi()
2188 conn->rssi = rp->rssi; in hci_cc_read_rssi()
2192 return rp->status; in hci_cc_read_rssi()
2202 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_read_tx_power()
2204 if (rp->status) in hci_cc_read_tx_power()
2205 return rp->status; in hci_cc_read_tx_power()
2209 return rp->status; in hci_cc_read_tx_power()
2213 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); in hci_cc_read_tx_power()
2217 switch (sent->type) { in hci_cc_read_tx_power()
2219 conn->tx_power = rp->tx_power; in hci_cc_read_tx_power()
2222 conn->max_tx_power = rp->tx_power; in hci_cc_read_tx_power()
2228 return rp->status; in hci_cc_read_tx_power()
2237 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_write_ssp_debug_mode()
2239 if (rp->status) in hci_cc_write_ssp_debug_mode()
2240 return rp->status; in hci_cc_write_ssp_debug_mode()
2244 hdev->ssp_debug_mode = *mode; in hci_cc_write_ssp_debug_mode()
2246 return rp->status; in hci_cc_write_ssp_debug_mode()
2257 set_bit(HCI_INQUIRY, &hdev->flags); in hci_cs_inquiry()
2273 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); in hci_cs_create_conn()
2275 bt_dev_dbg(hdev, "bdaddr %pMR hcon %p", &cp->bdaddr, conn); in hci_cs_create_conn()
2278 if (conn && conn->state == BT_CONNECT) { in hci_cs_create_conn()
2279 conn->state = BT_CLOSED; in hci_cs_create_conn()
2285 conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, in hci_cs_create_conn()
2311 handle = __le16_to_cpu(cp->handle); in hci_cs_add_sco()
2319 link = list_first_entry_or_null(&acl->link_list, in hci_cs_add_sco()
2321 if (link && link->conn) { in hci_cs_add_sco()
2322 link->conn->state = BT_CLOSED; in hci_cs_add_sco()
2324 hci_connect_cfm(link->conn, status); in hci_cs_add_sco()
2325 hci_conn_del(link->conn); in hci_cs_add_sco()
2348 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_auth_requested()
2350 if (conn->state == BT_CONFIG) { in hci_cs_auth_requested()
2375 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_set_conn_encrypt()
2377 if (conn->state == BT_CONFIG) { in hci_cs_set_conn_encrypt()
2389 if (conn->state != BT_CONFIG || !conn->out) in hci_outgoing_auth_needed()
2392 if (conn->pending_sec_level == BT_SECURITY_SDP) in hci_outgoing_auth_needed()
2395 /* Only request authentication for SSP connections or non-SSP in hci_outgoing_auth_needed()
2399 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) && in hci_outgoing_auth_needed()
2400 conn->pending_sec_level != BT_SECURITY_FIPS && in hci_outgoing_auth_needed()
2401 conn->pending_sec_level != BT_SECURITY_HIGH && in hci_outgoing_auth_needed()
2402 conn->pending_sec_level != BT_SECURITY_MEDIUM) in hci_outgoing_auth_needed()
2415 bacpy(&cp.bdaddr, &e->data.bdaddr); in hci_resolve_name()
2416 cp.pscan_rep_mode = e->data.pscan_rep_mode; in hci_resolve_name()
2417 cp.pscan_mode = e->data.pscan_mode; in hci_resolve_name()
2418 cp.clock_offset = e->data.clock_offset; in hci_resolve_name()
2425 struct discovery_state *discov = &hdev->discovery; in hci_resolve_next_name()
2428 if (list_empty(&discov->resolve)) in hci_resolve_next_name()
2432 if (time_after(jiffies, discov->name_resolve_timeout)) { in hci_resolve_next_name()
2442 e->name_state = NAME_PENDING; in hci_resolve_next_name()
2452 struct discovery_state *discov = &hdev->discovery; in hci_check_pending_name()
2460 if (conn && (conn->state == BT_CONFIG || conn->state == BT_CONNECTED)) in hci_check_pending_name()
2463 if (discov->state == DISCOVERY_STOPPED) in hci_check_pending_name()
2466 if (discov->state == DISCOVERY_STOPPING) in hci_check_pending_name()
2469 if (discov->state != DISCOVERY_RESOLVING) in hci_check_pending_name()
2480 list_del(&e->list); in hci_check_pending_name()
2482 e->name_state = name ? NAME_KNOWN : NAME_NOT_KNOWN; in hci_check_pending_name()
2483 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, e->data.rssi, in hci_check_pending_name()
2511 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); in hci_cs_remote_name_req()
2514 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0); in hci_cs_remote_name_req()
2522 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { in hci_cs_remote_name_req()
2525 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); in hci_cs_remote_name_req()
2527 auth_cp.handle = __cpu_to_le16(conn->handle); in hci_cs_remote_name_req()
2552 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_read_remote_features()
2554 if (conn->state == BT_CONFIG) { in hci_cs_read_remote_features()
2579 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_read_remote_ext_features()
2581 if (conn->state == BT_CONFIG) { in hci_cs_read_remote_ext_features()
2602 link = list_first_entry_or_null(&acl->link_list, in hci_setup_sync_conn_status()
2604 if (link && link->conn) { in hci_setup_sync_conn_status()
2605 link->conn->state = BT_CLOSED; in hci_setup_sync_conn_status()
2607 hci_connect_cfm(link->conn, status); in hci_setup_sync_conn_status()
2608 hci_conn_del(link->conn); in hci_setup_sync_conn_status()
2628 hci_setup_sync_conn_status(hdev, __le16_to_cpu(cp->handle), status); in hci_cs_setup_sync_conn()
2644 hci_setup_sync_conn_status(hdev, __le16_to_cpu(cp->handle), status); in hci_cs_enhanced_setup_sync_conn()
2663 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_sniff_mode()
2665 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); in hci_cs_sniff_mode()
2667 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) in hci_cs_sniff_mode()
2690 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_exit_sniff_mode()
2692 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); in hci_cs_exit_sniff_mode()
2694 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) in hci_cs_exit_sniff_mode()
2713 if (!status && !hdev->suspended) in hci_cs_disconnect()
2722 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_disconnect()
2727 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, in hci_cs_disconnect()
2728 conn->dst_type, status); in hci_cs_disconnect()
2730 if (conn->type == LE_LINK && conn->role == HCI_ROLE_SLAVE) { in hci_cs_disconnect()
2731 hdev->cur_adv_instance = conn->adv_instance; in hci_cs_disconnect()
2741 mgmt_conn = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags); in hci_cs_disconnect()
2743 if (conn->type == ACL_LINK) { in hci_cs_disconnect()
2744 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) in hci_cs_disconnect()
2745 hci_remove_link_key(hdev, &conn->dst); in hci_cs_disconnect()
2748 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); in hci_cs_disconnect()
2750 switch (params->auto_connect) { in hci_cs_disconnect()
2752 if (cp->reason != HCI_ERROR_CONNECTION_TIMEOUT) in hci_cs_disconnect()
2759 hci_pend_le_list_add(params, &hdev->pend_le_conns); in hci_cs_disconnect()
2767 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type, in hci_cs_disconnect()
2768 cp->reason, mgmt_conn); in hci_cs_disconnect()
2770 hci_disconn_cfm(conn, cp->reason); in hci_cs_disconnect()
2775 * Hence, we need to do some basic cleanup here and re-enable in hci_cs_disconnect()
2785 /* When using controller based address resolution, then the new in ev_bdaddr_type()
2786 * address types 0x02 and 0x03 are used. These types need to be in ev_bdaddr_type()
2787 * converted back into either public address or random address type in ev_bdaddr_type()
2818 /* Store the initiator and responder address information which in cs_le_create_conn()
2822 conn->init_addr_type = own_address_type; in cs_le_create_conn()
2824 bacpy(&conn->init_addr, &hdev->random_addr); in cs_le_create_conn()
2826 bacpy(&conn->init_addr, &hdev->bdaddr); in cs_le_create_conn()
2828 conn->resp_addr_type = peer_addr_type; in cs_le_create_conn()
2829 bacpy(&conn->resp_addr, peer_addr); in cs_le_create_conn()
2851 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type, in hci_cs_le_create_conn()
2852 cp->own_address_type, cp->filter_policy); in hci_cs_le_create_conn()
2876 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type, in hci_cs_le_ext_create_conn()
2877 cp->own_addr_type, cp->filter_policy); in hci_cs_le_ext_create_conn()
2898 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_le_read_remote_features()
2900 if (conn->state == BT_CONFIG) { in hci_cs_le_read_remote_features()
2925 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cs_le_start_enc()
2929 if (conn->state != BT_CONNECTED) in hci_cs_le_start_enc()
2944 BT_DBG("%s status 0x%2.2x", hdev->name, status); in hci_cs_switch_role()
2955 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); in hci_cs_switch_role()
2957 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags); in hci_cs_switch_role()
2966 struct discovery_state *discov = &hdev->discovery; in hci_inquiry_complete_evt()
2969 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_inquiry_complete_evt()
2971 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) in hci_inquiry_complete_evt()
2975 wake_up_bit(&hdev->flags, HCI_INQUIRY); in hci_inquiry_complete_evt()
2982 if (discov->state != DISCOVERY_FINDING) in hci_inquiry_complete_evt()
2985 if (list_empty(&discov->resolve)) { in hci_inquiry_complete_evt()
2994 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) in hci_inquiry_complete_evt()
3001 e->name_state = NAME_PENDING; in hci_inquiry_complete_evt()
3003 discov->name_resolve_timeout = jiffies + NAME_RESOLVE_DURATION; in hci_inquiry_complete_evt()
3013 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks)) in hci_inquiry_complete_evt()
3029 flex_array_size(ev, info, ev->num))) in hci_inquiry_result_evt()
3032 bt_dev_dbg(hdev, "num %d", ev->num); in hci_inquiry_result_evt()
3034 if (!ev->num) in hci_inquiry_result_evt()
3042 for (i = 0; i < ev->num; i++) { in hci_inquiry_result_evt()
3043 struct inquiry_info *info = &ev->info[i]; in hci_inquiry_result_evt()
3046 bacpy(&data.bdaddr, &info->bdaddr); in hci_inquiry_result_evt()
3047 data.pscan_rep_mode = info->pscan_rep_mode; in hci_inquiry_result_evt()
3048 data.pscan_period_mode = info->pscan_period_mode; in hci_inquiry_result_evt()
3049 data.pscan_mode = info->pscan_mode; in hci_inquiry_result_evt()
3050 memcpy(data.dev_class, info->dev_class, 3); in hci_inquiry_result_evt()
3051 data.clock_offset = info->clock_offset; in hci_inquiry_result_evt()
3057 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, in hci_inquiry_result_evt()
3058 info->dev_class, HCI_RSSI_INVALID, in hci_inquiry_result_evt()
3070 u8 status = ev->status; in hci_conn_complete_evt()
3076 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); in hci_conn_complete_evt()
3081 if (ev->status) in hci_conn_complete_evt()
3084 /* Connection may not exist if auto-connected. Check the bredr in hci_conn_complete_evt()
3089 * Auto-connect will only occur if the event filter is in hci_conn_complete_evt()
3090 * programmed with a given address. Right now, event filter is in hci_conn_complete_evt()
3093 if (ev->link_type == ACL_LINK && in hci_conn_complete_evt()
3094 hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, in hci_conn_complete_evt()
3095 &ev->bdaddr, in hci_conn_complete_evt()
3097 conn = hci_conn_add_unset(hdev, ev->link_type, in hci_conn_complete_evt()
3098 &ev->bdaddr, HCI_ROLE_SLAVE); in hci_conn_complete_evt()
3104 if (ev->link_type != SCO_LINK) in hci_conn_complete_evt()
3108 &ev->bdaddr); in hci_conn_complete_evt()
3112 conn->type = SCO_LINK; in hci_conn_complete_evt()
3122 if (!HCI_CONN_HANDLE_UNSET(conn->handle)) { in hci_conn_complete_evt()
3128 status = hci_conn_set_handle(conn, __le16_to_cpu(ev->handle)); in hci_conn_complete_evt()
3132 if (conn->type == ACL_LINK) { in hci_conn_complete_evt()
3133 conn->state = BT_CONFIG; in hci_conn_complete_evt()
3136 if (!conn->out && !hci_conn_ssp_enabled(conn) && in hci_conn_complete_evt()
3137 !hci_find_link_key(hdev, &ev->bdaddr)) in hci_conn_complete_evt()
3138 conn->disc_timeout = HCI_PAIRING_TIMEOUT; in hci_conn_complete_evt()
3140 conn->disc_timeout = HCI_DISCONN_TIMEOUT; in hci_conn_complete_evt()
3142 conn->state = BT_CONNECTED; in hci_conn_complete_evt()
3147 if (test_bit(HCI_AUTH, &hdev->flags)) in hci_conn_complete_evt()
3148 set_bit(HCI_CONN_AUTH, &conn->flags); in hci_conn_complete_evt()
3150 if (test_bit(HCI_ENCRYPT, &hdev->flags)) in hci_conn_complete_evt()
3151 set_bit(HCI_CONN_ENCRYPT, &conn->flags); in hci_conn_complete_evt()
3154 if (ev->encr_mode == 1 && !test_bit(HCI_CONN_ENCRYPT, &conn->flags) && in hci_conn_complete_evt()
3155 ev->link_type == ACL_LINK) { in hci_conn_complete_evt()
3159 key = hci_find_link_key(hdev, &ev->bdaddr); in hci_conn_complete_evt()
3161 set_bit(HCI_CONN_ENCRYPT, &conn->flags); in hci_conn_complete_evt()
3164 conn->enc_key_size = HCI_LINK_KEY_SIZE; in hci_conn_complete_evt()
3166 cp.handle = cpu_to_le16(conn->handle); in hci_conn_complete_evt()
3170 conn->enc_key_size = HCI_LINK_KEY_SIZE; in hci_conn_complete_evt()
3174 hci_encrypt_cfm(conn, ev->status); in hci_conn_complete_evt()
3179 if (conn->type == ACL_LINK) { in hci_conn_complete_evt()
3181 cp.handle = ev->handle; in hci_conn_complete_evt()
3189 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) { in hci_conn_complete_evt()
3191 cp.handle = ev->handle; in hci_conn_complete_evt()
3192 cp.pkt_type = cpu_to_le16(conn->pkt_type); in hci_conn_complete_evt()
3198 if (conn->type == ACL_LINK) in hci_conn_complete_evt()
3199 hci_sco_setup(conn, ev->status); in hci_conn_complete_evt()
3204 } else if (ev->link_type == SCO_LINK) { in hci_conn_complete_evt()
3205 switch (conn->setting & SCO_AIRMODE_MASK) { in hci_conn_complete_evt()
3207 if (hdev->notify) in hci_conn_complete_evt()
3208 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD); in hci_conn_complete_evt()
3232 int mask = hdev->link_mode; in hci_conn_request_evt()
3237 bt_dev_dbg(hdev, "bdaddr %pMR type 0x%x", &ev->bdaddr, ev->link_type); in hci_conn_request_evt()
3239 /* Reject incoming connection from device with same BD ADDR against in hci_conn_request_evt()
3240 * CVE-2020-26555 in hci_conn_request_evt()
3242 if (hdev && !bacmp(&hdev->bdaddr, &ev->bdaddr)) { in hci_conn_request_evt()
3244 &ev->bdaddr); in hci_conn_request_evt()
3245 hci_reject_conn(hdev, &ev->bdaddr); in hci_conn_request_evt()
3249 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type, in hci_conn_request_evt()
3253 hci_reject_conn(hdev, &ev->bdaddr); in hci_conn_request_evt()
3259 if (hci_bdaddr_list_lookup(&hdev->reject_list, &ev->bdaddr, in hci_conn_request_evt()
3261 hci_reject_conn(hdev, &ev->bdaddr); in hci_conn_request_evt()
3271 !hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, &ev->bdaddr, in hci_conn_request_evt()
3273 hci_reject_conn(hdev, &ev->bdaddr); in hci_conn_request_evt()
3279 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); in hci_conn_request_evt()
3281 memcpy(ie->data.dev_class, ev->dev_class, 3); in hci_conn_request_evt()
3283 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, in hci_conn_request_evt()
3284 &ev->bdaddr); in hci_conn_request_evt()
3286 conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, in hci_conn_request_evt()
3294 memcpy(conn->dev_class, ev->dev_class, 3); in hci_conn_request_evt()
3298 if (ev->link_type == ACL_LINK || in hci_conn_request_evt()
3301 conn->state = BT_CONNECT; in hci_conn_request_evt()
3303 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_conn_request_evt()
3313 conn->state = BT_CONNECT; in hci_conn_request_evt()
3315 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_conn_request_evt()
3316 cp.pkt_type = cpu_to_le16(conn->pkt_type); in hci_conn_request_evt()
3321 cp.content_format = cpu_to_le16(hdev->voice_setting); in hci_conn_request_evt()
3327 conn->state = BT_CONNECT2; in hci_conn_request_evt()
3361 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_disconn_complete_evt()
3365 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_disconn_complete_evt()
3369 if (ev->status) { in hci_disconn_complete_evt()
3370 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, in hci_disconn_complete_evt()
3371 conn->dst_type, ev->status); in hci_disconn_complete_evt()
3375 conn->state = BT_CLOSED; in hci_disconn_complete_evt()
3377 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags); in hci_disconn_complete_evt()
3379 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags)) in hci_disconn_complete_evt()
3382 reason = hci_to_mgmt_reason(ev->reason); in hci_disconn_complete_evt()
3384 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type, in hci_disconn_complete_evt()
3387 if (conn->type == ACL_LINK) { in hci_disconn_complete_evt()
3388 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) in hci_disconn_complete_evt()
3389 hci_remove_link_key(hdev, &conn->dst); in hci_disconn_complete_evt()
3394 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); in hci_disconn_complete_evt()
3396 switch (params->auto_connect) { in hci_disconn_complete_evt()
3398 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT) in hci_disconn_complete_evt()
3405 hci_pend_le_list_add(params, &hdev->pend_le_conns); in hci_disconn_complete_evt()
3414 hci_disconn_cfm(conn, ev->reason); in hci_disconn_complete_evt()
3416 /* Re-enable advertising if necessary, since it might in hci_disconn_complete_evt()
3426 if (conn->type == LE_LINK && conn->role == HCI_ROLE_SLAVE) { in hci_disconn_complete_evt()
3427 hdev->cur_adv_instance = conn->adv_instance; in hci_disconn_complete_evt()
3443 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_auth_complete_evt()
3447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_auth_complete_evt()
3451 if (!ev->status) { in hci_auth_complete_evt()
3452 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); in hci_auth_complete_evt()
3453 set_bit(HCI_CONN_AUTH, &conn->flags); in hci_auth_complete_evt()
3454 conn->sec_level = conn->pending_sec_level; in hci_auth_complete_evt()
3456 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING) in hci_auth_complete_evt()
3457 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); in hci_auth_complete_evt()
3459 mgmt_auth_failed(conn, ev->status); in hci_auth_complete_evt()
3462 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); in hci_auth_complete_evt()
3464 if (conn->state == BT_CONFIG) { in hci_auth_complete_evt()
3465 if (!ev->status && hci_conn_ssp_enabled(conn)) { in hci_auth_complete_evt()
3467 cp.handle = ev->handle; in hci_auth_complete_evt()
3472 conn->state = BT_CONNECTED; in hci_auth_complete_evt()
3473 hci_connect_cfm(conn, ev->status); in hci_auth_complete_evt()
3477 hci_auth_cfm(conn, ev->status); in hci_auth_complete_evt()
3480 conn->disc_timeout = HCI_DISCONN_TIMEOUT; in hci_auth_complete_evt()
3484 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { in hci_auth_complete_evt()
3485 if (!ev->status) { in hci_auth_complete_evt()
3487 cp.handle = ev->handle; in hci_auth_complete_evt()
3492 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); in hci_auth_complete_evt()
3493 hci_encrypt_cfm(conn, ev->status); in hci_auth_complete_evt()
3507 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_remote_name_evt()
3511 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_remote_name_evt()
3516 if (ev->status == 0) in hci_remote_name_evt()
3517 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name, in hci_remote_name_evt()
3518 strnlen(ev->name, HCI_MAX_NAME_LENGTH)); in hci_remote_name_evt()
3520 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0); in hci_remote_name_evt()
3529 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { in hci_remote_name_evt()
3532 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); in hci_remote_name_evt()
3534 cp.handle = __cpu_to_le16(conn->handle); in hci_remote_name_evt()
3548 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_encrypt_change_evt()
3552 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_encrypt_change_evt()
3556 if (!ev->status) { in hci_encrypt_change_evt()
3557 if (ev->encrypt) { in hci_encrypt_change_evt()
3559 set_bit(HCI_CONN_AUTH, &conn->flags); in hci_encrypt_change_evt()
3560 set_bit(HCI_CONN_ENCRYPT, &conn->flags); in hci_encrypt_change_evt()
3561 conn->sec_level = conn->pending_sec_level; in hci_encrypt_change_evt()
3563 /* P-256 authentication key implies FIPS */ in hci_encrypt_change_evt()
3564 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256) in hci_encrypt_change_evt()
3565 set_bit(HCI_CONN_FIPS, &conn->flags); in hci_encrypt_change_evt()
3567 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) || in hci_encrypt_change_evt()
3568 conn->type == LE_LINK) in hci_encrypt_change_evt()
3569 set_bit(HCI_CONN_AES_CCM, &conn->flags); in hci_encrypt_change_evt()
3571 clear_bit(HCI_CONN_ENCRYPT, &conn->flags); in hci_encrypt_change_evt()
3572 clear_bit(HCI_CONN_AES_CCM, &conn->flags); in hci_encrypt_change_evt()
3579 if (ev->status && conn->type == LE_LINK) { in hci_encrypt_change_evt()
3584 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); in hci_encrypt_change_evt()
3588 ev->status = HCI_ERROR_AUTH_FAILURE; in hci_encrypt_change_evt()
3590 if (ev->status && conn->state == BT_CONNECTED) { in hci_encrypt_change_evt()
3591 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING) in hci_encrypt_change_evt()
3592 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); in hci_encrypt_change_evt()
3597 hci_encrypt_cfm(conn, ev->status); in hci_encrypt_change_evt()
3604 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) { in hci_encrypt_change_evt()
3612 conn->enc_key_size = HCI_LINK_KEY_SIZE; in hci_encrypt_change_evt()
3616 cp.handle = cpu_to_le16(conn->handle); in hci_encrypt_change_evt()
3620 conn->enc_key_size = HCI_LINK_KEY_SIZE; in hci_encrypt_change_evt()
3631 &hdev->quirks)) in hci_encrypt_change_evt()
3639 * Ensure for AES-CCM encryption as well. in hci_encrypt_change_evt()
3641 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) && in hci_encrypt_change_evt()
3642 test_bit(HCI_CONN_AES_CCM, &conn->flags) && in hci_encrypt_change_evt()
3643 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) || in hci_encrypt_change_evt()
3644 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) { in hci_encrypt_change_evt()
3647 cp.handle = cpu_to_le16(conn->handle); in hci_encrypt_change_evt()
3648 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout); in hci_encrypt_change_evt()
3649 if (hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO, in hci_encrypt_change_evt()
3655 hci_encrypt_cfm(conn, ev->status); in hci_encrypt_change_evt()
3667 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_change_link_key_complete_evt()
3671 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_change_link_key_complete_evt()
3673 if (!ev->status) in hci_change_link_key_complete_evt()
3674 set_bit(HCI_CONN_SECURE, &conn->flags); in hci_change_link_key_complete_evt()
3676 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); in hci_change_link_key_complete_evt()
3678 hci_key_change_cfm(conn, ev->status); in hci_change_link_key_complete_evt()
3690 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_remote_features_evt()
3694 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_remote_features_evt()
3698 if (!ev->status) in hci_remote_features_evt()
3699 memcpy(conn->features[0], ev->features, 8); in hci_remote_features_evt()
3701 if (conn->state != BT_CONFIG) in hci_remote_features_evt()
3704 if (!ev->status && lmp_ext_feat_capable(hdev) && in hci_remote_features_evt()
3707 cp.handle = ev->handle; in hci_remote_features_evt()
3714 if (!ev->status) { in hci_remote_features_evt()
3717 bacpy(&cp.bdaddr, &conn->dst); in hci_remote_features_evt()
3725 conn->state = BT_CONNECTED; in hci_remote_features_evt()
3726 hci_connect_cfm(conn, ev->status); in hci_remote_features_evt()
3736 cancel_delayed_work(&hdev->cmd_timer); in handle_cmd_cnt_and_timer()
3739 if (!test_bit(HCI_RESET, &hdev->flags)) { in handle_cmd_cnt_and_timer()
3741 cancel_delayed_work(&hdev->ncmd_timer); in handle_cmd_cnt_and_timer()
3742 atomic_set(&hdev->cmd_cnt, 1); in handle_cmd_cnt_and_timer()
3745 queue_delayed_work(hdev->workqueue, &hdev->ncmd_timer, in handle_cmd_cnt_and_timer()
3757 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_read_buffer_size_v2()
3759 if (rp->status) in hci_cc_le_read_buffer_size_v2()
3760 return rp->status; in hci_cc_le_read_buffer_size_v2()
3762 hdev->le_mtu = __le16_to_cpu(rp->acl_mtu); in hci_cc_le_read_buffer_size_v2()
3763 hdev->le_pkts = rp->acl_max_pkt; in hci_cc_le_read_buffer_size_v2()
3764 hdev->iso_mtu = __le16_to_cpu(rp->iso_mtu); in hci_cc_le_read_buffer_size_v2()
3765 hdev->iso_pkts = rp->iso_max_pkt; in hci_cc_le_read_buffer_size_v2()
3767 hdev->le_cnt = hdev->le_pkts; in hci_cc_le_read_buffer_size_v2()
3768 hdev->iso_cnt = hdev->iso_pkts; in hci_cc_le_read_buffer_size_v2()
3770 BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu, in hci_cc_le_read_buffer_size_v2()
3771 hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts); in hci_cc_le_read_buffer_size_v2()
3773 if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) in hci_cc_le_read_buffer_size_v2()
3776 return rp->status; in hci_cc_le_read_buffer_size_v2()
3783 lockdep_assert_held(&hdev->lock); in hci_unbound_cis_failed()
3785 list_for_each_entry_safe(conn, tmp, &hdev->conn_hash.list, list) { in hci_unbound_cis_failed()
3786 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY) || in hci_unbound_cis_failed()
3787 conn->state == BT_OPEN || conn->iso_qos.ucast.cig != cig) in hci_unbound_cis_failed()
3790 if (HCI_CONN_HANDLE_UNSET(conn->handle)) in hci_unbound_cis_failed()
3801 u8 status = rp->status; in hci_cc_le_set_cig_params()
3805 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_cig_params()
3808 if (!rp->status && (!cp || rp->num_handles != cp->num_cis || in hci_cc_le_set_cig_params()
3809 rp->cig_id != cp->cig_id)) { in hci_cc_le_set_cig_params()
3818 * If the Status return parameter is non-zero, then the state of the CIG in hci_cc_le_set_cig_params()
3824 hci_unbound_cis_failed(hdev, rp->cig_id, status); in hci_cc_le_set_cig_params()
3835 for (i = 0; i < rp->num_handles; ++i) { in hci_cc_le_set_cig_params()
3836 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, rp->cig_id, in hci_cc_le_set_cig_params()
3837 cp->cis[i].cis_id); in hci_cc_le_set_cig_params()
3838 if (!conn || !bacmp(&conn->dst, BDADDR_ANY)) in hci_cc_le_set_cig_params()
3841 if (conn->state != BT_BOUND && conn->state != BT_CONNECT) in hci_cc_le_set_cig_params()
3844 if (hci_conn_set_handle(conn, __le16_to_cpu(rp->handle[i]))) in hci_cc_le_set_cig_params()
3847 if (conn->state == BT_CONNECT) in hci_cc_le_set_cig_params()
3857 return rp->status; in hci_cc_le_set_cig_params()
3867 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_setup_iso_path()
3871 return rp->status; in hci_cc_le_setup_iso_path()
3875 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); in hci_cc_le_setup_iso_path()
3879 if (rp->status) { in hci_cc_le_setup_iso_path()
3880 hci_connect_cfm(conn, rp->status); in hci_cc_le_setup_iso_path()
3885 switch (cp->direction) { in hci_cc_le_setup_iso_path()
3889 if (conn->iso_qos.ucast.out.sdu && !conn->iso_qos.ucast.in.sdu) in hci_cc_le_setup_iso_path()
3890 hci_connect_cfm(conn, rp->status); in hci_cc_le_setup_iso_path()
3894 /* Confirm connection since conn->iso_qos is always configured in hci_cc_le_setup_iso_path()
3897 hci_connect_cfm(conn, rp->status); in hci_cc_le_setup_iso_path()
3900 if (!rp->status && test_bit(HCI_CONN_BIG_SYNC, &conn->flags)) in hci_cc_le_setup_iso_path()
3908 return rp->status; in hci_cc_le_setup_iso_path()
3922 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_set_per_adv_param()
3924 if (rp->status) in hci_cc_set_per_adv_param()
3925 return rp->status; in hci_cc_set_per_adv_param()
3929 return rp->status; in hci_cc_set_per_adv_param()
3932 return rp->status; in hci_cc_set_per_adv_param()
3943 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); in hci_cc_le_set_per_adv_enable()
3945 if (rp->status) in hci_cc_le_set_per_adv_enable()
3946 return rp->status; in hci_cc_le_set_per_adv_enable()
3950 return rp->status; in hci_cc_le_set_per_adv_enable()
3954 adv = hci_find_adv_instance(hdev, cp->handle); in hci_cc_le_set_per_adv_enable()
3956 if (cp->enable) { in hci_cc_le_set_per_adv_enable()
3960 adv->enabled = true; in hci_cc_le_set_per_adv_enable()
3967 list_for_each_entry_safe(adv, n, &hdev->adv_instances, in hci_cc_le_set_per_adv_enable()
3969 if (adv->periodic && adv->enabled) in hci_cc_le_set_per_adv_enable()
3982 return rp->status; in hci_cc_le_set_per_adv_enable()
4173 if (skb->len < cc->min_len) { in hci_cc_func()
4175 cc->op, skb->len, cc->min_len); in hci_cc_func()
4183 if (skb->len > cc->max_len) in hci_cc_func()
4185 cc->op, skb->len, cc->max_len); in hci_cc_func()
4187 data = hci_cc_skb_pull(hdev, skb, cc->op, cc->min_len); in hci_cc_func()
4191 return cc->func(hdev, data, skb); in hci_cc_func()
4202 *opcode = __le16_to_cpu(ev->opcode); in hci_cmd_complete_evt()
4221 *status = skb->data[0]; in hci_cmd_complete_evt()
4224 handle_cmd_cnt_and_timer(hdev, ev->ncmd); in hci_cmd_complete_evt()
4235 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q)) in hci_cmd_complete_evt()
4236 queue_work(hdev->workqueue, &hdev->cmd_work); in hci_cmd_complete_evt()
4257 for (i = 0; i < cp->num_cis; i++) { in hci_cs_le_create_cis()
4261 handle = __le16_to_cpu(cp->cis[i].cis_handle); in hci_cs_le_create_cis()
4266 &conn->flags)) in hci_cs_le_create_cis()
4268 conn->state = BT_CLOSED; in hci_cs_le_create_cis()
4273 cp->num_cis = 0; in hci_cs_le_create_cis()
4323 *opcode = __le16_to_cpu(ev->opcode); in hci_cmd_status_evt()
4324 *status = ev->status; in hci_cmd_status_evt()
4330 hci_cs_table[i].func(hdev, ev->status); in hci_cmd_status_evt()
4335 handle_cmd_cnt_and_timer(hdev, ev->ncmd); in hci_cmd_status_evt()
4343 if (ev->status || (hdev->req_skb && !hci_skb_event(hdev->req_skb))) { in hci_cmd_status_evt()
4344 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete, in hci_cmd_status_evt()
4353 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q)) in hci_cmd_status_evt()
4354 queue_work(hdev->workqueue, &hdev->cmd_work); in hci_cmd_status_evt()
4362 bt_dev_dbg(hdev, "code 0x%2.2x", ev->code); in hci_hardware_error_evt()
4364 hdev->hw_error_code = ev->code; in hci_hardware_error_evt()
4366 queue_work(hdev->req_workqueue, &hdev->error_reset); in hci_hardware_error_evt()
4375 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_role_change_evt()
4379 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_role_change_evt()
4381 if (!ev->status) in hci_role_change_evt()
4382 conn->role = ev->role; in hci_role_change_evt()
4384 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags); in hci_role_change_evt()
4386 hci_role_switch_cfm(conn, ev->status, ev->role); in hci_role_change_evt()
4399 flex_array_size(ev, handles, ev->num))) in hci_num_comp_pkts_evt()
4402 bt_dev_dbg(hdev, "num %d", ev->num); in hci_num_comp_pkts_evt()
4404 for (i = 0; i < ev->num; i++) { in hci_num_comp_pkts_evt()
4405 struct hci_comp_pkts_info *info = &ev->handles[i]; in hci_num_comp_pkts_evt()
4409 handle = __le16_to_cpu(info->handle); in hci_num_comp_pkts_evt()
4410 count = __le16_to_cpu(info->count); in hci_num_comp_pkts_evt()
4416 conn->sent -= count; in hci_num_comp_pkts_evt()
4418 switch (conn->type) { in hci_num_comp_pkts_evt()
4420 hdev->acl_cnt += count; in hci_num_comp_pkts_evt()
4421 if (hdev->acl_cnt > hdev->acl_pkts) in hci_num_comp_pkts_evt()
4422 hdev->acl_cnt = hdev->acl_pkts; in hci_num_comp_pkts_evt()
4426 if (hdev->le_pkts) { in hci_num_comp_pkts_evt()
4427 hdev->le_cnt += count; in hci_num_comp_pkts_evt()
4428 if (hdev->le_cnt > hdev->le_pkts) in hci_num_comp_pkts_evt()
4429 hdev->le_cnt = hdev->le_pkts; in hci_num_comp_pkts_evt()
4431 hdev->acl_cnt += count; in hci_num_comp_pkts_evt()
4432 if (hdev->acl_cnt > hdev->acl_pkts) in hci_num_comp_pkts_evt()
4433 hdev->acl_cnt = hdev->acl_pkts; in hci_num_comp_pkts_evt()
4438 hdev->sco_cnt += count; in hci_num_comp_pkts_evt()
4439 if (hdev->sco_cnt > hdev->sco_pkts) in hci_num_comp_pkts_evt()
4440 hdev->sco_cnt = hdev->sco_pkts; in hci_num_comp_pkts_evt()
4444 if (hdev->iso_pkts) { in hci_num_comp_pkts_evt()
4445 hdev->iso_cnt += count; in hci_num_comp_pkts_evt()
4446 if (hdev->iso_cnt > hdev->iso_pkts) in hci_num_comp_pkts_evt()
4447 hdev->iso_cnt = hdev->iso_pkts; in hci_num_comp_pkts_evt()
4448 } else if (hdev->le_pkts) { in hci_num_comp_pkts_evt()
4449 hdev->le_cnt += count; in hci_num_comp_pkts_evt()
4450 if (hdev->le_cnt > hdev->le_pkts) in hci_num_comp_pkts_evt()
4451 hdev->le_cnt = hdev->le_pkts; in hci_num_comp_pkts_evt()
4453 hdev->acl_cnt += count; in hci_num_comp_pkts_evt()
4454 if (hdev->acl_cnt > hdev->acl_pkts) in hci_num_comp_pkts_evt()
4455 hdev->acl_cnt = hdev->acl_pkts; in hci_num_comp_pkts_evt()
4461 conn->type, conn); in hci_num_comp_pkts_evt()
4466 queue_work(hdev->workqueue, &hdev->tx_work); in hci_num_comp_pkts_evt()
4475 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_mode_change_evt()
4479 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_mode_change_evt()
4481 conn->mode = ev->mode; in hci_mode_change_evt()
4484 &conn->flags)) { in hci_mode_change_evt()
4485 if (conn->mode == HCI_CM_ACTIVE) in hci_mode_change_evt()
4486 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); in hci_mode_change_evt()
4488 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags); in hci_mode_change_evt()
4491 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) in hci_mode_change_evt()
4492 hci_sco_setup(conn, ev->status); in hci_mode_change_evt()
4508 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_pin_code_request_evt()
4512 if (conn->state == BT_CONNECTED) { in hci_pin_code_request_evt()
4514 conn->disc_timeout = HCI_PAIRING_TIMEOUT; in hci_pin_code_request_evt()
4519 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) { in hci_pin_code_request_evt()
4521 sizeof(ev->bdaddr), &ev->bdaddr); in hci_pin_code_request_evt()
4525 if (conn->pending_sec_level == BT_SECURITY_HIGH) in hci_pin_code_request_evt()
4530 mgmt_pin_code_request(hdev, &ev->bdaddr, secure); in hci_pin_code_request_evt()
4542 conn->pin_length = pin_len; in conn_set_key()
4543 conn->key_type = key_type; in conn_set_key()
4552 conn->pending_sec_level = BT_SECURITY_HIGH; in conn_set_key()
4554 conn->pending_sec_level = BT_SECURITY_MEDIUM; in conn_set_key()
4558 conn->pending_sec_level = BT_SECURITY_MEDIUM; in conn_set_key()
4561 conn->pending_sec_level = BT_SECURITY_HIGH; in conn_set_key()
4564 conn->pending_sec_level = BT_SECURITY_FIPS; in conn_set_key()
4584 key = hci_find_link_key(hdev, &ev->bdaddr); in hci_link_key_request_evt()
4586 bt_dev_dbg(hdev, "link key not found for %pMR", &ev->bdaddr); in hci_link_key_request_evt()
4590 bt_dev_dbg(hdev, "found key type %u for %pMR", key->type, &ev->bdaddr); in hci_link_key_request_evt()
4592 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_link_key_request_evt()
4594 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags); in hci_link_key_request_evt()
4596 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 || in hci_link_key_request_evt()
4597 key->type == HCI_LK_UNAUTH_COMBINATION_P256) && in hci_link_key_request_evt()
4598 conn->auth_type != 0xff && (conn->auth_type & 0x01)) { in hci_link_key_request_evt()
4603 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 && in hci_link_key_request_evt()
4604 (conn->pending_sec_level == BT_SECURITY_HIGH || in hci_link_key_request_evt()
4605 conn->pending_sec_level == BT_SECURITY_FIPS)) { in hci_link_key_request_evt()
4610 conn_set_key(conn, key->type, key->pin_len); in hci_link_key_request_evt()
4613 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_link_key_request_evt()
4614 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE); in hci_link_key_request_evt()
4623 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); in hci_link_key_request_evt()
4640 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_link_key_notify_evt()
4644 /* Ignore NULL link key against CVE-2020-26555 */ in hci_link_key_notify_evt()
4645 if (!crypto_memneq(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) { in hci_link_key_notify_evt()
4647 &ev->bdaddr); in hci_link_key_notify_evt()
4654 conn->disc_timeout = HCI_DISCONN_TIMEOUT; in hci_link_key_notify_evt()
4657 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags); in hci_link_key_notify_evt()
4658 conn_set_key(conn, ev->key_type, conn->pin_length); in hci_link_key_notify_evt()
4663 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key, in hci_link_key_notify_evt()
4664 ev->key_type, pin_len, &persistent); in hci_link_key_notify_evt()
4671 if (ev->key_type == HCI_LK_CHANGED_COMBINATION) in hci_link_key_notify_evt()
4672 conn_set_key(conn, key->type, key->pin_len); in hci_link_key_notify_evt()
4681 if (key->type == HCI_LK_DEBUG_COMBINATION && in hci_link_key_notify_evt()
4683 list_del_rcu(&key->list); in hci_link_key_notify_evt()
4689 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags); in hci_link_key_notify_evt()
4691 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags); in hci_link_key_notify_evt()
4703 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_clock_offset_evt()
4707 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_clock_offset_evt()
4708 if (conn && !ev->status) { in hci_clock_offset_evt()
4711 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); in hci_clock_offset_evt()
4713 ie->data.clock_offset = ev->clock_offset; in hci_clock_offset_evt()
4714 ie->timestamp = jiffies; in hci_clock_offset_evt()
4727 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_pkt_type_change_evt()
4731 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_pkt_type_change_evt()
4732 if (conn && !ev->status) in hci_pkt_type_change_evt()
4733 conn->pkt_type = __le16_to_cpu(ev->pkt_type); in hci_pkt_type_change_evt()
4748 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); in hci_pscan_rep_mode_evt()
4750 ie->data.pscan_rep_mode = ev->pscan_rep_mode; in hci_pscan_rep_mode_evt()
4751 ie->timestamp = jiffies; in hci_pscan_rep_mode_evt()
4764 bt_dev_dbg(hdev, "num_rsp %d", ev->num); in hci_inquiry_result_with_rssi_evt()
4766 if (!ev->num) in hci_inquiry_result_with_rssi_evt()
4774 if (skb->len == array_size(ev->num, in hci_inquiry_result_with_rssi_evt()
4778 for (i = 0; i < ev->num; i++) { in hci_inquiry_result_with_rssi_evt()
4790 bacpy(&data.bdaddr, &info->bdaddr); in hci_inquiry_result_with_rssi_evt()
4791 data.pscan_rep_mode = info->pscan_rep_mode; in hci_inquiry_result_with_rssi_evt()
4792 data.pscan_period_mode = info->pscan_period_mode; in hci_inquiry_result_with_rssi_evt()
4793 data.pscan_mode = info->pscan_mode; in hci_inquiry_result_with_rssi_evt()
4794 memcpy(data.dev_class, info->dev_class, 3); in hci_inquiry_result_with_rssi_evt()
4795 data.clock_offset = info->clock_offset; in hci_inquiry_result_with_rssi_evt()
4796 data.rssi = info->rssi; in hci_inquiry_result_with_rssi_evt()
4801 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, in hci_inquiry_result_with_rssi_evt()
4802 info->dev_class, info->rssi, in hci_inquiry_result_with_rssi_evt()
4805 } else if (skb->len == array_size(ev->num, in hci_inquiry_result_with_rssi_evt()
4809 for (i = 0; i < ev->num; i++) { in hci_inquiry_result_with_rssi_evt()
4821 bacpy(&data.bdaddr, &info->bdaddr); in hci_inquiry_result_with_rssi_evt()
4822 data.pscan_rep_mode = info->pscan_rep_mode; in hci_inquiry_result_with_rssi_evt()
4823 data.pscan_period_mode = info->pscan_period_mode; in hci_inquiry_result_with_rssi_evt()
4825 memcpy(data.dev_class, info->dev_class, 3); in hci_inquiry_result_with_rssi_evt()
4826 data.clock_offset = info->clock_offset; in hci_inquiry_result_with_rssi_evt()
4827 data.rssi = info->rssi; in hci_inquiry_result_with_rssi_evt()
4832 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, in hci_inquiry_result_with_rssi_evt()
4833 info->dev_class, info->rssi, in hci_inquiry_result_with_rssi_evt()
4850 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_remote_ext_features_evt()
4854 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_remote_ext_features_evt()
4858 if (ev->page < HCI_MAX_PAGES) in hci_remote_ext_features_evt()
4859 memcpy(conn->features[ev->page], ev->features, 8); in hci_remote_ext_features_evt()
4861 if (!ev->status && ev->page == 0x01) { in hci_remote_ext_features_evt()
4864 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); in hci_remote_ext_features_evt()
4866 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); in hci_remote_ext_features_evt()
4868 if (ev->features[0] & LMP_HOST_SSP) { in hci_remote_ext_features_evt()
4869 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); in hci_remote_ext_features_evt()
4879 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); in hci_remote_ext_features_evt()
4882 if (ev->features[0] & LMP_HOST_SC) in hci_remote_ext_features_evt()
4883 set_bit(HCI_CONN_SC_ENABLED, &conn->flags); in hci_remote_ext_features_evt()
4886 if (conn->state != BT_CONFIG) in hci_remote_ext_features_evt()
4889 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { in hci_remote_ext_features_evt()
4892 bacpy(&cp.bdaddr, &conn->dst); in hci_remote_ext_features_evt()
4900 conn->state = BT_CONNECTED; in hci_remote_ext_features_evt()
4901 hci_connect_cfm(conn, ev->status); in hci_remote_ext_features_evt()
4914 u8 status = ev->status; in hci_sync_conn_complete_evt()
4916 switch (ev->link_type) { in hci_sync_conn_complete_evt()
4933 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); in hci_sync_conn_complete_evt()
4935 if (ev->link_type == ESCO_LINK) in hci_sync_conn_complete_evt()
4947 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); in hci_sync_conn_complete_evt()
4958 if (!HCI_CONN_HANDLE_UNSET(conn->handle)) { in hci_sync_conn_complete_evt()
4965 status = hci_conn_set_handle(conn, __le16_to_cpu(ev->handle)); in hci_sync_conn_complete_evt()
4967 conn->state = BT_CLOSED; in hci_sync_conn_complete_evt()
4971 conn->state = BT_CONNECTED; in hci_sync_conn_complete_evt()
4972 conn->type = ev->link_type; in hci_sync_conn_complete_evt()
4986 if (conn->out) { in hci_sync_conn_complete_evt()
4987 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | in hci_sync_conn_complete_evt()
4988 (hdev->esco_type & EDR_ESCO_MASK); in hci_sync_conn_complete_evt()
4989 if (hci_setup_sync(conn, conn->parent->handle)) in hci_sync_conn_complete_evt()
4995 conn->state = BT_CLOSED; in hci_sync_conn_complete_evt()
4999 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode); in hci_sync_conn_complete_evt()
5001 * is zero and non-zero value shall be non-HCI transport data path in hci_sync_conn_complete_evt()
5003 if (conn->codec.data_path == 0 && hdev->notify) { in hci_sync_conn_complete_evt()
5004 switch (ev->air_mode) { in hci_sync_conn_complete_evt()
5006 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD); in hci_sync_conn_complete_evt()
5009 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP); in hci_sync_conn_complete_evt()
5048 flex_array_size(ev, info, ev->num))) in hci_extended_inquiry_result_evt()
5051 bt_dev_dbg(hdev, "num %d", ev->num); in hci_extended_inquiry_result_evt()
5053 if (!ev->num) in hci_extended_inquiry_result_evt()
5061 for (i = 0; i < ev->num; i++) { in hci_extended_inquiry_result_evt()
5062 struct extended_inquiry_info *info = &ev->info[i]; in hci_extended_inquiry_result_evt()
5066 bacpy(&data.bdaddr, &info->bdaddr); in hci_extended_inquiry_result_evt()
5067 data.pscan_rep_mode = info->pscan_rep_mode; in hci_extended_inquiry_result_evt()
5068 data.pscan_period_mode = info->pscan_period_mode; in hci_extended_inquiry_result_evt()
5070 memcpy(data.dev_class, info->dev_class, 3); in hci_extended_inquiry_result_evt()
5071 data.clock_offset = info->clock_offset; in hci_extended_inquiry_result_evt()
5072 data.rssi = info->rssi; in hci_extended_inquiry_result_evt()
5076 name_known = eir_get_data(info->data, in hci_extended_inquiry_result_evt()
5077 sizeof(info->data), in hci_extended_inquiry_result_evt()
5084 eir_len = eir_get_length(info->data, sizeof(info->data)); in hci_extended_inquiry_result_evt()
5086 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, in hci_extended_inquiry_result_evt()
5087 info->dev_class, info->rssi, in hci_extended_inquiry_result_evt()
5088 flags, info->data, eir_len, NULL, 0, 0); in hci_extended_inquiry_result_evt()
5100 bt_dev_dbg(hdev, "status 0x%2.2x handle 0x%4.4x", ev->status, in hci_key_refresh_complete_evt()
5101 __le16_to_cpu(ev->handle)); in hci_key_refresh_complete_evt()
5105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_key_refresh_complete_evt()
5112 if (conn->type != LE_LINK) in hci_key_refresh_complete_evt()
5115 if (!ev->status) in hci_key_refresh_complete_evt()
5116 conn->sec_level = conn->pending_sec_level; in hci_key_refresh_complete_evt()
5118 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); in hci_key_refresh_complete_evt()
5120 if (ev->status && conn->state == BT_CONNECTED) { in hci_key_refresh_complete_evt()
5126 if (conn->state == BT_CONFIG) { in hci_key_refresh_complete_evt()
5127 if (!ev->status) in hci_key_refresh_complete_evt()
5128 conn->state = BT_CONNECTED; in hci_key_refresh_complete_evt()
5130 hci_connect_cfm(conn, ev->status); in hci_key_refresh_complete_evt()
5133 hci_auth_cfm(conn, ev->status); in hci_key_refresh_complete_evt()
5136 conn->disc_timeout = HCI_DISCONN_TIMEOUT; in hci_key_refresh_complete_evt()
5146 /* If remote requests no-bonding follow that lead */ in hci_get_auth_req()
5147 if (conn->remote_auth == HCI_AT_NO_BONDING || in hci_get_auth_req()
5148 conn->remote_auth == HCI_AT_NO_BONDING_MITM) in hci_get_auth_req()
5149 return conn->remote_auth | (conn->auth_type & 0x01); in hci_get_auth_req()
5151 /* If both remote and local have enough IO capabilities, require in hci_get_auth_req()
5154 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT && in hci_get_auth_req()
5155 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) in hci_get_auth_req()
5156 return conn->remote_auth | 0x01; in hci_get_auth_req()
5159 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01); in hci_get_auth_req()
5164 struct hci_dev *hdev = conn->hdev; in bredr_oob_data_present()
5167 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR); in bredr_oob_data_present()
5179 return data->present; in bredr_oob_data_present()
5182 * the P-256 values are required. If they are not in bredr_oob_data_present()
5186 if (!crypto_memneq(data->rand256, ZERO_KEY, 16) || in bredr_oob_data_present()
5187 !crypto_memneq(data->hash256, ZERO_KEY, 16)) in bredr_oob_data_present()
5195 * P-192 data values are present. in bredr_oob_data_present()
5197 if (!crypto_memneq(data->rand192, ZERO_KEY, 16) || in bredr_oob_data_present()
5198 !crypto_memneq(data->hash192, ZERO_KEY, 16)) in bredr_oob_data_present()
5214 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_io_capa_request_evt()
5219 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); in hci_io_capa_request_evt()
5230 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) || in hci_io_capa_request_evt()
5231 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { in hci_io_capa_request_evt()
5234 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_io_capa_request_evt()
5237 cp.capability = (conn->io_capability == 0x04) ? in hci_io_capa_request_evt()
5238 HCI_IO_DISPLAY_YESNO : conn->io_capability; in hci_io_capa_request_evt()
5241 if (conn->remote_auth == 0xff) { in hci_io_capa_request_evt()
5243 * except for the no-bonding case. in hci_io_capa_request_evt()
5245 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && in hci_io_capa_request_evt()
5246 conn->auth_type != HCI_AT_NO_BONDING) in hci_io_capa_request_evt()
5247 conn->auth_type |= 0x01; in hci_io_capa_request_evt()
5249 conn->auth_type = hci_get_auth_req(conn); in hci_io_capa_request_evt()
5252 /* If we're not bondable, force one of the non-bondable in hci_io_capa_request_evt()
5256 conn->auth_type &= HCI_AT_NO_BONDING_MITM; in hci_io_capa_request_evt()
5258 cp.authentication = conn->auth_type; in hci_io_capa_request_evt()
5266 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_io_capa_request_evt()
5287 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_io_capa_reply_evt()
5291 conn->remote_cap = ev->capability; in hci_io_capa_reply_evt()
5292 conn->remote_auth = ev->authentication; in hci_io_capa_reply_evt()
5312 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_user_confirm_request_evt()
5316 loc_mitm = (conn->auth_type & 0x01); in hci_user_confirm_request_evt()
5317 rem_mitm = (conn->remote_auth & 0x01); in hci_user_confirm_request_evt()
5322 * necessarily match conn->auth_type. in hci_user_confirm_request_evt()
5324 if (conn->pending_sec_level > BT_SECURITY_MEDIUM && in hci_user_confirm_request_evt()
5325 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) { in hci_user_confirm_request_evt()
5328 sizeof(ev->bdaddr), &ev->bdaddr); in hci_user_confirm_request_evt()
5333 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && in hci_user_confirm_request_evt()
5334 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { in hci_user_confirm_request_evt()
5337 * local IO capability is not NoInputNoOutput, use JUST_WORKS in hci_user_confirm_request_evt()
5340 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && in hci_user_confirm_request_evt()
5341 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { in hci_user_confirm_request_evt()
5342 bt_dev_dbg(hdev, "Confirming auto-accept as acceptor"); in hci_user_confirm_request_evt()
5347 /* If there already exists link key in local host, leave the in hci_user_confirm_request_evt()
5351 if (hci_find_link_key(hdev, &ev->bdaddr)) { in hci_user_confirm_request_evt()
5352 bt_dev_dbg(hdev, "Local host already has link key"); in hci_user_confirm_request_evt()
5357 BT_DBG("Auto-accept of user confirmation with %ums delay", in hci_user_confirm_request_evt()
5358 hdev->auto_accept_delay); in hci_user_confirm_request_evt()
5360 if (hdev->auto_accept_delay > 0) { in hci_user_confirm_request_evt()
5361 int delay = msecs_to_jiffies(hdev->auto_accept_delay); in hci_user_confirm_request_evt()
5362 queue_delayed_work(conn->hdev->workqueue, in hci_user_confirm_request_evt()
5363 &conn->auto_accept_work, delay); in hci_user_confirm_request_evt()
5368 sizeof(ev->bdaddr), &ev->bdaddr); in hci_user_confirm_request_evt()
5373 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, in hci_user_confirm_request_evt()
5374 le32_to_cpu(ev->passkey), confirm_hint); in hci_user_confirm_request_evt()
5388 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0); in hci_user_passkey_request_evt()
5399 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_user_passkey_notify_evt()
5403 conn->passkey_notify = __le32_to_cpu(ev->passkey); in hci_user_passkey_notify_evt()
5404 conn->passkey_entered = 0; in hci_user_passkey_notify_evt()
5407 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type, in hci_user_passkey_notify_evt()
5408 conn->dst_type, conn->passkey_notify, in hci_user_passkey_notify_evt()
5409 conn->passkey_entered); in hci_user_passkey_notify_evt()
5420 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_keypress_notify_evt()
5424 switch (ev->type) { in hci_keypress_notify_evt()
5426 conn->passkey_entered = 0; in hci_keypress_notify_evt()
5430 conn->passkey_entered++; in hci_keypress_notify_evt()
5434 conn->passkey_entered--; in hci_keypress_notify_evt()
5438 conn->passkey_entered = 0; in hci_keypress_notify_evt()
5446 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type, in hci_keypress_notify_evt()
5447 conn->dst_type, conn->passkey_notify, in hci_keypress_notify_evt()
5448 conn->passkey_entered); in hci_keypress_notify_evt()
5461 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_simple_pair_complete_evt()
5466 conn->remote_auth = 0xff; in hci_simple_pair_complete_evt()
5473 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status) in hci_simple_pair_complete_evt()
5474 mgmt_auth_failed(conn, ev->status); in hci_simple_pair_complete_evt()
5493 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); in hci_remote_host_features_evt()
5495 memcpy(conn->features[1], ev->features, 8); in hci_remote_host_features_evt()
5497 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); in hci_remote_host_features_evt()
5499 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); in hci_remote_host_features_evt()
5517 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR); in hci_remote_oob_data_request_evt()
5521 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_remote_oob_data_request_evt()
5530 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_remote_oob_data_request_evt()
5535 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192)); in hci_remote_oob_data_request_evt()
5536 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192)); in hci_remote_oob_data_request_evt()
5538 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256)); in hci_remote_oob_data_request_evt()
5539 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256)); in hci_remote_oob_data_request_evt()
5546 bacpy(&cp.bdaddr, &ev->bdaddr); in hci_remote_oob_data_request_evt()
5547 memcpy(cp.hash, data->hash192, sizeof(cp.hash)); in hci_remote_oob_data_request_evt()
5548 memcpy(cp.rand, data->rand192, sizeof(cp.rand)); in hci_remote_oob_data_request_evt()
5561 if (conn->out) { in le_conn_update_addr()
5562 conn->dst_type = bdaddr_type; in le_conn_update_addr()
5563 conn->resp_addr_type = bdaddr_type; in le_conn_update_addr()
5564 bacpy(&conn->resp_addr, bdaddr); in le_conn_update_addr()
5566 /* Check if the controller has set a Local RPA then it must be in le_conn_update_addr()
5567 * used instead or hdev->rpa. in le_conn_update_addr()
5570 conn->init_addr_type = ADDR_LE_DEV_RANDOM; in le_conn_update_addr()
5571 bacpy(&conn->init_addr, local_rpa); in le_conn_update_addr()
5572 } else if (hci_dev_test_flag(conn->hdev, HCI_PRIVACY)) { in le_conn_update_addr()
5573 conn->init_addr_type = ADDR_LE_DEV_RANDOM; in le_conn_update_addr()
5574 bacpy(&conn->init_addr, &conn->hdev->rpa); in le_conn_update_addr()
5576 hci_copy_identity_address(conn->hdev, &conn->init_addr, in le_conn_update_addr()
5577 &conn->init_addr_type); in le_conn_update_addr()
5580 conn->resp_addr_type = conn->hdev->adv_addr_type; in le_conn_update_addr()
5581 /* Check if the controller has set a Local RPA then it must be in le_conn_update_addr()
5582 * used instead or hdev->rpa. in le_conn_update_addr()
5585 conn->resp_addr_type = ADDR_LE_DEV_RANDOM; in le_conn_update_addr()
5586 bacpy(&conn->resp_addr, local_rpa); in le_conn_update_addr()
5587 } else if (conn->hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) { in le_conn_update_addr()
5591 if (!ext_adv_capable(conn->hdev)) in le_conn_update_addr()
5592 bacpy(&conn->resp_addr, in le_conn_update_addr()
5593 &conn->hdev->random_addr); in le_conn_update_addr()
5595 bacpy(&conn->resp_addr, &conn->hdev->bdaddr); in le_conn_update_addr()
5598 conn->init_addr_type = bdaddr_type; in le_conn_update_addr()
5599 bacpy(&conn->init_addr, bdaddr); in le_conn_update_addr()
5606 conn->le_conn_min_interval = conn->hdev->le_conn_min_interval; in le_conn_update_addr()
5607 conn->le_conn_max_interval = conn->hdev->le_conn_max_interval; in le_conn_update_addr()
5643 conn->dst_type = bdaddr_type; in le_conn_complete_evt()
5651 * initiator address based on the HCI_PRIVACY flag. in le_conn_complete_evt()
5653 if (conn->out) { in le_conn_complete_evt()
5654 conn->resp_addr_type = bdaddr_type; in le_conn_complete_evt()
5655 bacpy(&conn->resp_addr, bdaddr); in le_conn_complete_evt()
5657 conn->init_addr_type = ADDR_LE_DEV_RANDOM; in le_conn_complete_evt()
5658 bacpy(&conn->init_addr, &hdev->rpa); in le_conn_complete_evt()
5661 &conn->init_addr, in le_conn_complete_evt()
5662 &conn->init_addr_type); in le_conn_complete_evt()
5666 cancel_delayed_work(&conn->le_conn_timeout); in le_conn_complete_evt()
5675 if (!HCI_CONN_HANDLE_UNSET(conn->handle)) { in le_conn_complete_evt()
5682 /* Lookup the identity address from the stored connection in le_conn_complete_evt()
5683 * address and address type. in le_conn_complete_evt()
5685 * When establishing connections to an identity address, the in le_conn_complete_evt()
5687 * address first. Now if it can be converted back into the in le_conn_complete_evt()
5688 * identity address, start using the identity address from in le_conn_complete_evt()
5691 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type); in le_conn_complete_evt()
5693 bacpy(&conn->dst, &irk->bdaddr); in le_conn_complete_evt()
5694 conn->dst_type = irk->addr_type; in le_conn_complete_evt()
5697 conn->dst_type = ev_bdaddr_type(hdev, conn->dst_type, NULL); in le_conn_complete_evt()
5707 if (test_bit(HCI_CONN_CANCEL, &conn->flags)) { in le_conn_complete_evt()
5712 if (conn->dst_type == ADDR_LE_DEV_PUBLIC) in le_conn_complete_evt()
5718 if (hci_bdaddr_list_lookup(&hdev->reject_list, &conn->dst, addr_type)) { in le_conn_complete_evt()
5725 conn->sec_level = BT_SECURITY_LOW; in le_conn_complete_evt()
5726 conn->state = BT_CONFIG; in le_conn_complete_evt()
5729 * when sotfware rotation is in use so it can be re-enabled when in le_conn_complete_evt()
5733 conn->adv_instance = hdev->cur_adv_instance; in le_conn_complete_evt()
5735 conn->le_conn_interval = interval; in le_conn_complete_evt()
5736 conn->le_conn_latency = latency; in le_conn_complete_evt()
5737 conn->le_supv_timeout = supervision_timeout; in le_conn_complete_evt()
5746 * If the local controller supports peripheral-initiated features in le_conn_complete_evt()
5751 if (conn->out || in le_conn_complete_evt()
5752 (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) { in le_conn_complete_evt()
5755 cp.handle = __cpu_to_le16(conn->handle); in le_conn_complete_evt()
5762 conn->state = BT_CONNECTED; in le_conn_complete_evt()
5766 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst, in le_conn_complete_evt()
5767 conn->dst_type); in le_conn_complete_evt()
5770 if (params->conn) { in le_conn_complete_evt()
5771 hci_conn_drop(params->conn); in le_conn_complete_evt()
5772 hci_conn_put(params->conn); in le_conn_complete_evt()
5773 params->conn = NULL; in le_conn_complete_evt()
5787 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_conn_complete_evt()
5789 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type, in hci_le_conn_complete_evt()
5790 NULL, ev->role, le16_to_cpu(ev->handle), in hci_le_conn_complete_evt()
5791 le16_to_cpu(ev->interval), in hci_le_conn_complete_evt()
5792 le16_to_cpu(ev->latency), in hci_le_conn_complete_evt()
5793 le16_to_cpu(ev->supervision_timeout)); in hci_le_conn_complete_evt()
5801 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_enh_conn_complete_evt()
5803 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type, in hci_le_enh_conn_complete_evt()
5804 &ev->local_rpa, ev->role, le16_to_cpu(ev->handle), in hci_le_enh_conn_complete_evt()
5805 le16_to_cpu(ev->interval), in hci_le_enh_conn_complete_evt()
5806 le16_to_cpu(ev->latency), in hci_le_enh_conn_complete_evt()
5807 le16_to_cpu(ev->supervision_timeout)); in hci_le_enh_conn_complete_evt()
5817 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_ext_adv_term_evt()
5826 if (ev->status == HCI_ERROR_CANCELLED_BY_HOST) { in hci_le_ext_adv_term_evt()
5833 adv = hci_find_adv_instance(hdev, ev->handle); in hci_le_ext_adv_term_evt()
5835 if (ev->status) { in hci_le_ext_adv_term_evt()
5840 hci_remove_adv_instance(hdev, ev->handle); in hci_le_ext_adv_term_evt()
5841 mgmt_advertising_removed(NULL, hdev, ev->handle); in hci_le_ext_adv_term_evt()
5843 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { in hci_le_ext_adv_term_evt()
5844 if (adv->enabled) in hci_le_ext_adv_term_evt()
5854 adv->enabled = false; in hci_le_ext_adv_term_evt()
5856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle)); in hci_le_ext_adv_term_evt()
5859 * instance can be re-enabled when disconnected. in hci_le_ext_adv_term_evt()
5861 conn->adv_instance = ev->handle; in hci_le_ext_adv_term_evt()
5863 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM || in hci_le_ext_adv_term_evt()
5864 bacmp(&conn->resp_addr, BDADDR_ANY)) in hci_le_ext_adv_term_evt()
5867 if (!ev->handle) { in hci_le_ext_adv_term_evt()
5868 bacpy(&conn->resp_addr, &hdev->random_addr); in hci_le_ext_adv_term_evt()
5873 bacpy(&conn->resp_addr, &adv->random_addr); in hci_le_ext_adv_term_evt()
5886 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_conn_update_complete_evt()
5888 if (ev->status) in hci_le_conn_update_complete_evt()
5893 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_le_conn_update_complete_evt()
5895 conn->le_conn_interval = le16_to_cpu(ev->interval); in hci_le_conn_update_complete_evt()
5896 conn->le_conn_latency = le16_to_cpu(ev->latency); in hci_le_conn_update_complete_evt()
5897 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout); in hci_le_conn_update_complete_evt()
5903 /* This function requires the caller holds hdev->lock */
5917 if (hci_bdaddr_list_lookup(&hdev->reject_list, addr, addr_type) || in check_pending_le_conn()
5918 hdev->suspended) in check_pending_le_conn()
5924 if (hdev->conn_hash.le_num_peripheral > 0 && in check_pending_le_conn()
5925 (test_bit(HCI_QUIRK_BROKEN_LE_STATES, &hdev->quirks) || in check_pending_le_conn()
5926 !(hdev->le_states[3] & 0x10))) in check_pending_le_conn()
5932 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, in check_pending_le_conn()
5937 if (!params->explicit_connect) { in check_pending_le_conn()
5938 switch (params->auto_connect) { in check_pending_le_conn()
5961 BT_SECURITY_LOW, hdev->def_le_autoconnect_timeout, in check_pending_le_conn()
5973 if (!params->explicit_connect) in check_pending_le_conn()
5974 params->conn = hci_conn_get(conn); in check_pending_le_conn()
5980 case -EBUSY: in check_pending_le_conn()
5981 /* If hci_connect() returns -EBUSY it means there is already in check_pending_le_conn()
6001 struct discovery_state *d = &hdev->discovery; in process_adv_report()
6041 len = ptr - data; in process_adv_report()
6043 /* If the direct address is present, then this report is from in process_adv_report()
6045 * important to see if the address is matching the local in process_adv_report()
6046 * controller address. in process_adv_report()
6064 /* If the local IRK of the controller does not match in process_adv_report()
6065 * with the resolvable random address provided, then in process_adv_report()
6068 if (!smp_irk_matches(hdev, hdev->irk, direct_addr)) in process_adv_report()
6072 /* Check if we need to convert to identity address */ in process_adv_report()
6075 bdaddr = &irk->bdaddr; in process_adv_report()
6076 bdaddr_type = irk->addr_type; in process_adv_report()
6093 memcpy(conn->le_adv_data, data, len); in process_adv_report()
6094 conn->le_adv_data_len = len; in process_adv_report()
6113 if (hdev->le_scan_type == LE_SCAN_PASSIVE) { in process_adv_report()
6117 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports, in process_adv_report()
6119 idr_is_empty(&hdev->adv_monitors_idr)) in process_adv_report()
6160 match = (!bacmp(bdaddr, &d->last_adv_addr) && in process_adv_report()
6161 bdaddr_type == d->last_adv_addr_type); in process_adv_report()
6170 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK, in process_adv_report()
6171 d->last_adv_addr_type, NULL, in process_adv_report()
6172 d->last_adv_rssi, d->last_adv_flags, in process_adv_report()
6173 d->last_adv_data, in process_adv_report()
6174 d->last_adv_data_len, NULL, 0, 0); in process_adv_report()
6199 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK, in process_adv_report()
6200 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags, in process_adv_report()
6201 d->last_adv_data, d->last_adv_data_len, data, len, 0); in process_adv_report()
6211 if (!ev->num) in hci_le_adv_report_evt()
6216 while (ev->num--) { in hci_le_adv_report_evt()
6227 info->length + 1)) in hci_le_adv_report_evt()
6230 if (info->length <= max_adv_len(hdev)) { in hci_le_adv_report_evt()
6231 rssi = info->data[info->length]; in hci_le_adv_report_evt()
6232 process_adv_report(hdev, info->type, &info->bdaddr, in hci_le_adv_report_evt()
6233 info->bdaddr_type, NULL, 0, in hci_le_adv_report_evt()
6235 info->data, info->length, false, in hci_le_adv_report_evt()
6295 if (!ev->num) in hci_le_ext_adv_report_evt()
6300 while (ev->num--) { in hci_le_ext_adv_report_evt()
6311 info->length)) in hci_le_ext_adv_report_evt()
6314 evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK; in hci_le_ext_adv_report_evt()
6318 &hdev->quirks)) { in hci_le_ext_adv_report_evt()
6319 info->primary_phy &= 0x1f; in hci_le_ext_adv_report_evt()
6320 info->secondary_phy &= 0x1f; in hci_le_ext_adv_report_evt()
6324 process_adv_report(hdev, legacy_evt_type, &info->bdaddr, in hci_le_ext_adv_report_evt()
6325 info->bdaddr_type, NULL, 0, in hci_le_ext_adv_report_evt()
6326 info->primary_phy, in hci_le_ext_adv_report_evt()
6327 info->secondary_phy, in hci_le_ext_adv_report_evt()
6328 info->rssi, info->data, info->length, in hci_le_ext_adv_report_evt()
6351 int mask = hdev->link_mode; in hci_le_pa_sync_estabilished_evt()
6355 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_pa_sync_estabilished_evt()
6361 conn = hci_conn_hash_lookup_sid(hdev, ev->sid, &ev->bdaddr, in hci_le_pa_sync_estabilished_evt()
6362 ev->bdaddr_type); in hci_le_pa_sync_estabilished_evt()
6366 &ev->bdaddr, ev->sid); in hci_le_pa_sync_estabilished_evt()
6370 clear_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags); in hci_le_pa_sync_estabilished_evt()
6372 conn->sync_handle = le16_to_cpu(ev->handle); in hci_le_pa_sync_estabilished_evt()
6373 conn->sid = HCI_SID_INVALID; in hci_le_pa_sync_estabilished_evt()
6375 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ISO_LINK, &flags); in hci_le_pa_sync_estabilished_evt()
6377 hci_le_pa_term_sync(hdev, ev->handle); in hci_le_pa_sync_estabilished_evt()
6391 pa_sync->sync_handle = le16_to_cpu(ev->handle); in hci_le_pa_sync_estabilished_evt()
6393 if (ev->status) { in hci_le_pa_sync_estabilished_evt()
6394 set_bit(HCI_CONN_PA_SYNC_FAILED, &pa_sync->flags); in hci_le_pa_sync_estabilished_evt()
6397 hci_connect_cfm(pa_sync, ev->status); in hci_le_pa_sync_estabilished_evt()
6411 int mask = hdev->link_mode; in hci_le_per_adv_report_evt()
6415 bt_dev_dbg(hdev, "sync_handle 0x%4.4x", le16_to_cpu(ev->sync_handle)); in hci_le_per_adv_report_evt()
6428 le16_to_cpu(ev->sync_handle)); in hci_le_per_adv_report_evt()
6433 if (ev->data_status == LE_PA_DATA_COMPLETE && in hci_le_per_adv_report_evt()
6434 !test_and_set_bit(HCI_CONN_PA_SYNC, &pa_sync->flags)) { in hci_le_per_adv_report_evt()
6452 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_remote_feat_complete_evt()
6456 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_le_remote_feat_complete_evt()
6458 if (!ev->status) in hci_le_remote_feat_complete_evt()
6459 memcpy(conn->features[0], ev->features, 8); in hci_le_remote_feat_complete_evt()
6461 if (conn->state == BT_CONFIG) { in hci_le_remote_feat_complete_evt()
6464 /* If the local controller supports peripheral-initiated in hci_le_remote_feat_complete_evt()
6473 if (!conn->out && ev->status == HCI_ERROR_UNSUPPORTED_REMOTE_FEATURE && in hci_le_remote_feat_complete_evt()
6474 (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) in hci_le_remote_feat_complete_evt()
6477 status = ev->status; in hci_le_remote_feat_complete_evt()
6479 conn->state = BT_CONNECTED; in hci_le_remote_feat_complete_evt()
6497 bt_dev_dbg(hdev, "handle 0x%4.4x", __le16_to_cpu(ev->handle)); in hci_le_ltk_request_evt()
6501 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_le_ltk_request_evt()
6505 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role); in hci_le_ltk_request_evt()
6511 if (ev->ediv || ev->rand) in hci_le_ltk_request_evt()
6514 /* For non-SC keys check that EDiv and Rand match */ in hci_le_ltk_request_evt()
6515 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand) in hci_le_ltk_request_evt()
6519 memcpy(cp.ltk, ltk->val, ltk->enc_size); in hci_le_ltk_request_evt()
6520 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size); in hci_le_ltk_request_evt()
6521 cp.handle = cpu_to_le16(conn->handle); in hci_le_ltk_request_evt()
6523 conn->pending_sec_level = smp_ltk_sec_level(ltk); in hci_le_ltk_request_evt()
6525 conn->enc_key_size = ltk->enc_size; in hci_le_ltk_request_evt()
6532 * distribute the keys. Later, security can be re-established in hci_le_ltk_request_evt()
6535 if (ltk->type == SMP_STK) { in hci_le_ltk_request_evt()
6536 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags); in hci_le_ltk_request_evt()
6537 list_del_rcu(<k->list); in hci_le_ltk_request_evt()
6540 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags); in hci_le_ltk_request_evt()
6548 neg.handle = ev->handle; in hci_le_ltk_request_evt()
6573 bt_dev_dbg(hdev, "handle 0x%4.4x", __le16_to_cpu(ev->handle)); in hci_le_remote_conn_param_req_evt()
6575 handle = le16_to_cpu(ev->handle); in hci_le_remote_conn_param_req_evt()
6576 min = le16_to_cpu(ev->interval_min); in hci_le_remote_conn_param_req_evt()
6577 max = le16_to_cpu(ev->interval_max); in hci_le_remote_conn_param_req_evt()
6578 latency = le16_to_cpu(ev->latency); in hci_le_remote_conn_param_req_evt()
6579 timeout = le16_to_cpu(ev->timeout); in hci_le_remote_conn_param_req_evt()
6582 if (!hcon || hcon->state != BT_CONNECTED) in hci_le_remote_conn_param_req_evt()
6586 if (max > hcon->le_conn_max_interval) in hci_le_remote_conn_param_req_evt()
6594 if (hcon->role == HCI_ROLE_MASTER) { in hci_le_remote_conn_param_req_evt()
6600 params = hci_conn_params_lookup(hdev, &hcon->dst, in hci_le_remote_conn_param_req_evt()
6601 hcon->dst_type); in hci_le_remote_conn_param_req_evt()
6603 params->conn_min_interval = min; in hci_le_remote_conn_param_req_evt()
6604 params->conn_max_interval = max; in hci_le_remote_conn_param_req_evt()
6605 params->conn_latency = latency; in hci_le_remote_conn_param_req_evt()
6606 params->supervision_timeout = timeout; in hci_le_remote_conn_param_req_evt()
6614 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type, in hci_le_remote_conn_param_req_evt()
6618 cp.handle = ev->handle; in hci_le_remote_conn_param_req_evt()
6619 cp.interval_min = ev->interval_min; in hci_le_remote_conn_param_req_evt()
6620 cp.interval_max = ev->interval_max; in hci_le_remote_conn_param_req_evt()
6621 cp.latency = ev->latency; in hci_le_remote_conn_param_req_evt()
6622 cp.timeout = ev->timeout; in hci_le_remote_conn_param_req_evt()
6637 flex_array_size(ev, info, ev->num))) in hci_le_direct_adv_report_evt()
6640 if (!ev->num) in hci_le_direct_adv_report_evt()
6645 for (i = 0; i < ev->num; i++) { in hci_le_direct_adv_report_evt()
6646 struct hci_ev_le_direct_adv_info *info = &ev->info[i]; in hci_le_direct_adv_report_evt()
6648 process_adv_report(hdev, info->type, &info->bdaddr, in hci_le_direct_adv_report_evt()
6649 info->bdaddr_type, &info->direct_addr, in hci_le_direct_adv_report_evt()
6650 info->direct_addr_type, HCI_ADV_PHY_1M, 0, in hci_le_direct_adv_report_evt()
6651 info->rssi, NULL, 0, false, false, instant); in hci_le_direct_adv_report_evt()
6663 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_phy_update_evt()
6665 if (ev->status) in hci_le_phy_update_evt()
6670 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); in hci_le_phy_update_evt()
6674 conn->le_tx_phy = ev->tx_phy; in hci_le_phy_update_evt()
6675 conn->le_rx_phy = ev->rx_phy; in hci_le_phy_update_evt()
6688 u16 handle = __le16_to_cpu(ev->handle); in hci_le_cis_estabilished_evt()
6691 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_cis_estabilished_evt()
6703 if (conn->type != ISO_LINK) { in hci_le_cis_estabilished_evt()
6710 qos = &conn->iso_qos; in hci_le_cis_estabilished_evt()
6712 pending = test_and_clear_bit(HCI_CONN_CREATE_CIS, &conn->flags); in hci_le_cis_estabilished_evt()
6719 * SDU_Interval = (CIG_Sync_Delay + (FT) x ISO_Interval) - in hci_le_cis_estabilished_evt()
6722 c_sdu_interval = (get_unaligned_le24(ev->cig_sync_delay) + in hci_le_cis_estabilished_evt()
6723 (ev->c_ft * le16_to_cpu(ev->interval) * 1250)) - in hci_le_cis_estabilished_evt()
6724 get_unaligned_le24(ev->c_latency); in hci_le_cis_estabilished_evt()
6725 p_sdu_interval = (get_unaligned_le24(ev->cig_sync_delay) + in hci_le_cis_estabilished_evt()
6726 (ev->p_ft * le16_to_cpu(ev->interval) * 1250)) - in hci_le_cis_estabilished_evt()
6727 get_unaligned_le24(ev->p_latency); in hci_le_cis_estabilished_evt()
6729 switch (conn->role) { in hci_le_cis_estabilished_evt()
6731 qos->ucast.in.interval = c_sdu_interval; in hci_le_cis_estabilished_evt()
6732 qos->ucast.out.interval = p_sdu_interval; in hci_le_cis_estabilished_evt()
6734 qos->ucast.in.latency = in hci_le_cis_estabilished_evt()
6735 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->c_latency), in hci_le_cis_estabilished_evt()
6737 qos->ucast.out.latency = in hci_le_cis_estabilished_evt()
6738 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->p_latency), in hci_le_cis_estabilished_evt()
6740 qos->ucast.in.sdu = le16_to_cpu(ev->c_mtu); in hci_le_cis_estabilished_evt()
6741 qos->ucast.out.sdu = le16_to_cpu(ev->p_mtu); in hci_le_cis_estabilished_evt()
6742 qos->ucast.in.phy = ev->c_phy; in hci_le_cis_estabilished_evt()
6743 qos->ucast.out.phy = ev->p_phy; in hci_le_cis_estabilished_evt()
6746 qos->ucast.in.interval = p_sdu_interval; in hci_le_cis_estabilished_evt()
6747 qos->ucast.out.interval = c_sdu_interval; in hci_le_cis_estabilished_evt()
6749 qos->ucast.out.latency = in hci_le_cis_estabilished_evt()
6750 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->c_latency), in hci_le_cis_estabilished_evt()
6752 qos->ucast.in.latency = in hci_le_cis_estabilished_evt()
6753 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->p_latency), in hci_le_cis_estabilished_evt()
6755 qos->ucast.out.sdu = le16_to_cpu(ev->c_mtu); in hci_le_cis_estabilished_evt()
6756 qos->ucast.in.sdu = le16_to_cpu(ev->p_mtu); in hci_le_cis_estabilished_evt()
6757 qos->ucast.out.phy = ev->c_phy; in hci_le_cis_estabilished_evt()
6758 qos->ucast.in.phy = ev->p_phy; in hci_le_cis_estabilished_evt()
6762 if (!ev->status) { in hci_le_cis_estabilished_evt()
6763 conn->state = BT_CONNECTED; in hci_le_cis_estabilished_evt()
6770 conn->state = BT_CLOSED; in hci_le_cis_estabilished_evt()
6771 hci_connect_cfm(conn, ev->status); in hci_le_cis_estabilished_evt()
6809 acl_handle = __le16_to_cpu(ev->acl_handle); in hci_le_cis_req_evt()
6810 cis_handle = __le16_to_cpu(ev->cis_handle); in hci_le_cis_req_evt()
6813 acl_handle, cis_handle, ev->cig_id, ev->cis_id); in hci_le_cis_req_evt()
6821 mask = hci_proto_connect_ind(hdev, &acl->dst, ISO_LINK, &flags); in hci_le_cis_req_evt()
6823 hci_le_reject_cis(hdev, ev->cis_handle); in hci_le_cis_req_evt()
6829 cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, in hci_le_cis_req_evt()
6832 hci_le_reject_cis(hdev, ev->cis_handle); in hci_le_cis_req_evt()
6837 cis->iso_qos.ucast.cig = ev->cig_id; in hci_le_cis_req_evt()
6838 cis->iso_qos.ucast.cis = ev->cis_id; in hci_le_cis_req_evt()
6841 hci_le_accept_cis(hdev, ev->cis_handle); in hci_le_cis_req_evt()
6843 cis->state = BT_CONNECT2; in hci_le_cis_req_evt()
6866 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); in hci_le_create_big_complete_evt()
6869 flex_array_size(ev, bis_handle, ev->num_bis))) in hci_le_create_big_complete_evt()
6875 while ((conn = hci_conn_hash_lookup_big_state(hdev, ev->handle, in hci_le_create_big_complete_evt()
6877 if (ev->status) { in hci_le_create_big_complete_evt()
6878 hci_connect_cfm(conn, ev->status); in hci_le_create_big_complete_evt()
6884 __le16_to_cpu(ev->bis_handle[i++]))) in hci_le_create_big_complete_evt()
6887 conn->state = BT_CONNECTED; in hci_le_create_big_complete_evt()
6888 set_bit(HCI_CONN_BIG_CREATED, &conn->flags); in hci_le_create_big_complete_evt()
6894 if (!ev->status && !i) in hci_le_create_big_complete_evt()
6901 UINT_PTR(ev->handle), NULL); in hci_le_create_big_complete_evt()
6913 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); in hci_le_big_sync_established_evt()
6916 flex_array_size(ev, bis, ev->num_bis))) in hci_le_big_sync_established_evt()
6921 conn = hci_conn_hash_lookup_big_sync_pend(hdev, ev->handle, in hci_le_big_sync_established_evt()
6922 ev->num_bis); in hci_le_big_sync_established_evt()
6926 ev->handle); in hci_le_big_sync_established_evt()
6930 clear_bit(HCI_CONN_CREATE_BIG_SYNC, &conn->flags); in hci_le_big_sync_established_evt()
6932 conn->num_bis = 0; in hci_le_big_sync_established_evt()
6933 memset(conn->bis, 0, sizeof(conn->num_bis)); in hci_le_big_sync_established_evt()
6935 for (i = 0; i < ev->num_bis; i++) { in hci_le_big_sync_established_evt()
6936 u16 handle = le16_to_cpu(ev->bis[i]); in hci_le_big_sync_established_evt()
6951 if (ev->status != 0x42) in hci_le_big_sync_established_evt()
6953 set_bit(HCI_CONN_PA_SYNC, &bis->flags); in hci_le_big_sync_established_evt()
6955 bis->sync_handle = conn->sync_handle; in hci_le_big_sync_established_evt()
6956 bis->iso_qos.bcast.big = ev->handle; in hci_le_big_sync_established_evt()
6958 memcpy(&interval, ev->latency, sizeof(ev->latency)); in hci_le_big_sync_established_evt()
6959 bis->iso_qos.bcast.in.interval = le32_to_cpu(interval); in hci_le_big_sync_established_evt()
6961 bis->iso_qos.bcast.in.latency = le16_to_cpu(ev->interval) * 125 / 100; in hci_le_big_sync_established_evt()
6962 bis->iso_qos.bcast.in.sdu = le16_to_cpu(ev->max_pdu); in hci_le_big_sync_established_evt()
6964 if (!ev->status) { in hci_le_big_sync_established_evt()
6965 set_bit(HCI_CONN_BIG_SYNC, &bis->flags); in hci_le_big_sync_established_evt()
6973 if (ev->status) in hci_le_big_sync_established_evt()
6974 for (i = 0; i < ev->num_bis; i++) { in hci_le_big_sync_established_evt()
6975 u16 handle = le16_to_cpu(ev->bis[i]); in hci_le_big_sync_established_evt()
6981 set_bit(HCI_CONN_BIG_SYNC_FAILED, &bis->flags); in hci_le_big_sync_established_evt()
6982 hci_connect_cfm(bis, ev->status); in hci_le_big_sync_established_evt()
6996 int mask = hdev->link_mode; in hci_le_big_info_adv_report_evt()
7000 bt_dev_dbg(hdev, "sync_handle 0x%4.4x", le16_to_cpu(ev->sync_handle)); in hci_le_big_info_adv_report_evt()
7013 le16_to_cpu(ev->sync_handle)); in hci_le_big_info_adv_report_evt()
7018 pa_sync->iso_qos.bcast.encryption = ev->encryption; in hci_le_big_info_adv_report_evt()
7130 bt_dev_dbg(hdev, "subevent 0x%2.2x", ev->subevent); in hci_le_meta_evt()
7133 if (hdev->req_skb && in hci_le_meta_evt()
7134 hci_opcode_ogf(hci_skb_opcode(hdev->req_skb)) == 0x08 && in hci_le_meta_evt()
7135 hci_skb_event(hdev->req_skb) == ev->subevent) { in hci_le_meta_evt()
7136 *opcode = hci_skb_opcode(hdev->req_skb); in hci_le_meta_evt()
7141 subev = &hci_le_ev_table[ev->subevent]; in hci_le_meta_evt()
7142 if (!subev->func) in hci_le_meta_evt()
7145 if (skb->len < subev->min_len) { in hci_le_meta_evt()
7147 ev->subevent, skb->len, subev->min_len); in hci_le_meta_evt()
7155 if (skb->len > subev->max_len) in hci_le_meta_evt()
7157 ev->subevent, skb->len, subev->max_len); in hci_le_meta_evt()
7158 data = hci_le_ev_skb_pull(hdev, skb, ev->subevent, subev->min_len); in hci_le_meta_evt()
7162 subev->func(hdev, data, skb); in hci_le_meta_evt()
7179 if (hdr->evt != event) in hci_get_cmd_complete()
7184 /* Check if request ended in Command Status - no way to retrieve in hci_get_cmd_complete()
7187 if (hdr->evt == HCI_EV_CMD_STATUS) in hci_get_cmd_complete()
7190 if (hdr->evt != HCI_EV_CMD_COMPLETE) { in hci_get_cmd_complete()
7192 hdr->evt); in hci_get_cmd_complete()
7200 if (opcode != __le16_to_cpu(ev->opcode)) { in hci_get_cmd_complete()
7202 __le16_to_cpu(ev->opcode)); in hci_get_cmd_complete()
7215 const struct hci_ev_conn_complete *conn_complete = (void *)skb->data; in hci_store_wake_reason()
7216 const struct hci_ev_conn_request *conn_request = (void *)skb->data; in hci_store_wake_reason()
7223 if (!hdev->suspended || hdev->wake_reason) in hci_store_wake_reason()
7229 hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE; in hci_store_wake_reason()
7236 bacpy(&hdev->wake_addr, &conn_request->bdaddr); in hci_store_wake_reason()
7237 hdev->wake_addr_type = BDADDR_BREDR; in hci_store_wake_reason()
7239 bacpy(&hdev->wake_addr, &conn_complete->bdaddr); in hci_store_wake_reason()
7240 hdev->wake_addr_type = BDADDR_BREDR; in hci_store_wake_reason()
7242 struct hci_ev_le_meta *le_ev = (void *)skb->data; in hci_store_wake_reason()
7243 u8 subevent = le_ev->subevent; in hci_store_wake_reason()
7244 u8 *ptr = &skb->data[sizeof(*le_ev)]; in hci_store_wake_reason()
7257 bacpy(&hdev->wake_addr, &adv->bdaddr); in hci_store_wake_reason()
7258 hdev->wake_addr_type = adv->bdaddr_type; in hci_store_wake_reason()
7261 bacpy(&hdev->wake_addr, &direct_adv->bdaddr); in hci_store_wake_reason()
7262 hdev->wake_addr_type = direct_adv->bdaddr_type; in hci_store_wake_reason()
7265 bacpy(&hdev->wake_addr, &ext_adv->bdaddr); in hci_store_wake_reason()
7266 hdev->wake_addr_type = ext_adv->bdaddr_type; in hci_store_wake_reason()
7271 hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED; in hci_store_wake_reason()
7447 if (!ev->func) in hci_event_func()
7450 if (skb->len < ev->min_len) { in hci_event_func()
7452 event, skb->len, ev->min_len); in hci_event_func()
7460 if (skb->len > ev->max_len) in hci_event_func()
7463 event, skb->len, ev->max_len); in hci_event_func()
7465 data = hci_ev_skb_pull(hdev, skb, event, ev->min_len); in hci_event_func()
7469 if (ev->req) in hci_event_func()
7470 ev->func_req(hdev, data, skb, opcode, status, req_complete, in hci_event_func()
7473 ev->func(hdev, data, skb); in hci_event_func()
7478 struct hci_event_hdr *hdr = (void *) skb->data; in hci_event_packet()
7485 if (skb->len < sizeof(*hdr)) { in hci_event_packet()
7490 kfree_skb(hdev->recv_event); in hci_event_packet()
7491 hdev->recv_event = skb_clone(skb, GFP_KERNEL); in hci_event_packet()
7493 event = hdr->evt; in hci_event_packet()
7501 if (hdev->req_skb && in hci_event_packet()
7502 hci_opcode_ogf(hci_skb_opcode(hdev->req_skb)) != 0x08 && in hci_event_packet()
7503 hci_skb_event(hdev->req_skb) == event) { in hci_event_packet()
7504 hci_req_cmd_complete(hdev, hci_skb_opcode(hdev->req_skb), in hci_event_packet()
7541 hdev->stat.evt_rx++; in hci_event_packet()