Lines Matching +full:x +full:- +full:rp
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
57 bt_dev_err(hdev, "Malformed Event: 0x%2.2x", ev);
69 bt_dev_err(hdev, "Malformed Command Complete: 0x%4.4x", op);
81 bt_dev_err(hdev, "Malformed LE Event: 0x%2.2x", ev);
89 struct hci_ev_status *rp = data;
91 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
100 if (rp->status == HCI_ERROR_COMMAND_DISALLOWED && !test_bit(HCI_INQUIRY, &hdev->flags)) {
102 rp->status = 0x00;
105 if (rp->status)
106 return rp->status;
108 clear_bit(HCI_INQUIRY, &hdev->flags);
110 wake_up_bit(&hdev->flags, HCI_INQUIRY);
117 hdev->le_scan_type != LE_SCAN_ACTIVE)
121 return rp->status;
127 struct hci_ev_status *rp = data;
129 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
131 if (rp->status)
132 return rp->status;
136 return rp->status;
142 struct hci_ev_status *rp = data;
144 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
146 if (rp->status)
147 return rp->status;
151 return rp->status;
157 struct hci_ev_status *rp = data;
159 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
161 return rp->status;
167 struct hci_rp_role_discovery *rp = data;
170 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
172 if (rp->status)
173 return rp->status;
177 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
179 conn->role = rp->role;
183 return rp->status;
189 struct hci_rp_read_link_policy *rp = data;
192 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
194 if (rp->status)
195 return rp->status;
199 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
201 conn->link_policy = __le16_to_cpu(rp->policy);
205 return rp->status;
211 struct hci_rp_write_link_policy *rp = data;
215 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
217 if (rp->status)
218 return rp->status;
222 return rp->status;
226 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
228 conn->link_policy = get_unaligned_le16(sent + 2);
232 return rp->status;
238 struct hci_rp_read_def_link_policy *rp = data;
240 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
242 if (rp->status)
243 return rp->status;
245 hdev->link_policy = __le16_to_cpu(rp->policy);
247 return rp->status;
253 struct hci_ev_status *rp = data;
256 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
258 if (rp->status)
259 return rp->status;
263 return rp->status;
265 hdev->link_policy = get_unaligned_le16(sent);
267 return rp->status;
272 struct hci_ev_status *rp = data;
274 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
276 clear_bit(HCI_RESET, &hdev->flags);
278 if (rp->status)
279 return rp->status;
281 /* Reset all non-persistent flags */
286 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
287 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
289 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
290 hdev->adv_data_len = 0;
292 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
293 hdev->scan_rsp_data_len = 0;
295 hdev->le_scan_type = LE_SCAN_PASSIVE;
297 hdev->ssp_debug_mode = 0;
299 hci_bdaddr_list_clear(&hdev->le_accept_list);
300 hci_bdaddr_list_clear(&hdev->le_resolv_list);
302 return rp->status;
308 struct hci_rp_read_stored_link_key *rp = data;
311 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
315 return rp->status;
317 if (!rp->status && sent->read_all == 0x01) {
318 hdev->stored_max_keys = le16_to_cpu(rp->max_keys);
319 hdev->stored_num_keys = le16_to_cpu(rp->num_keys);
322 return rp->status;
328 struct hci_rp_delete_stored_link_key *rp = data;
331 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
333 if (rp->status)
334 return rp->status;
336 num_keys = le16_to_cpu(rp->num_keys);
338 if (num_keys <= hdev->stored_num_keys)
339 hdev->stored_num_keys -= num_keys;
341 hdev->stored_num_keys = 0;
343 return rp->status;
349 struct hci_ev_status *rp = data;
352 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
356 return rp->status;
361 mgmt_set_local_name_complete(hdev, sent, rp->status);
362 else if (!rp->status)
363 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
367 return rp->status;
373 struct hci_rp_read_local_name *rp = data;
375 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
377 if (rp->status)
378 return rp->status;
382 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
384 return rp->status;
390 struct hci_ev_status *rp = data;
393 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
397 return rp->status;
401 if (!rp->status) {
405 set_bit(HCI_AUTH, &hdev->flags);
407 clear_bit(HCI_AUTH, &hdev->flags);
411 mgmt_auth_enable_complete(hdev, rp->status);
415 return rp->status;
421 struct hci_ev_status *rp = data;
425 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
427 if (rp->status)
428 return rp->status;
432 return rp->status;
437 set_bit(HCI_ENCRYPT, &hdev->flags);
439 clear_bit(HCI_ENCRYPT, &hdev->flags);
441 return rp->status;
447 struct hci_ev_status *rp = data;
451 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
455 return rp->status;
461 if (rp->status) {
462 hdev->discov_timeout = 0;
467 set_bit(HCI_ISCAN, &hdev->flags);
469 clear_bit(HCI_ISCAN, &hdev->flags);
472 set_bit(HCI_PSCAN, &hdev->flags);
474 clear_bit(HCI_PSCAN, &hdev->flags);
479 return rp->status;
485 struct hci_ev_status *rp = data;
489 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
491 if (rp->status)
492 return rp->status;
496 return rp->status;
500 if (cp->flt_type == HCI_FLT_CLEAR_ALL)
505 return rp->status;
511 struct hci_rp_read_class_of_dev *rp = data;
516 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
518 if (rp->status)
519 return rp->status;
521 memcpy(hdev->dev_class, rp->dev_class, 3);
523 bt_dev_dbg(hdev, "class 0x%.2x%.2x%.2x", hdev->dev_class[2],
524 hdev->dev_class[1], hdev->dev_class[0]);
526 return rp->status;
532 struct hci_ev_status *rp = data;
535 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
539 return rp->status;
543 if (!rp->status)
544 memcpy(hdev->dev_class, sent, 3);
547 mgmt_set_class_of_dev_complete(hdev, sent, rp->status);
551 return rp->status;
557 struct hci_rp_read_voice_setting *rp = data;
560 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
562 if (rp->status)
563 return rp->status;
565 setting = __le16_to_cpu(rp->voice_setting);
567 if (hdev->voice_setting == setting)
568 return rp->status;
570 hdev->voice_setting = setting;
572 bt_dev_dbg(hdev, "voice setting 0x%4.4x", setting);
574 if (hdev->notify)
575 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
577 return rp->status;
583 struct hci_ev_status *rp = data;
587 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
589 if (rp->status)
590 return rp->status;
594 return rp->status;
598 if (hdev->voice_setting == setting)
599 return rp->status;
601 hdev->voice_setting = setting;
603 bt_dev_dbg(hdev, "voice setting 0x%4.4x", setting);
605 if (hdev->notify)
606 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
608 return rp->status;
614 struct hci_rp_read_num_supported_iac *rp = data;
616 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
618 if (rp->status)
619 return rp->status;
621 hdev->num_iac = rp->num_iac;
623 bt_dev_dbg(hdev, "num iac %d", hdev->num_iac);
625 return rp->status;
631 struct hci_ev_status *rp = data;
634 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
638 return rp->status;
642 if (!rp->status) {
643 if (sent->mode)
644 hdev->features[1][0] |= LMP_HOST_SSP;
646 hdev->features[1][0] &= ~LMP_HOST_SSP;
649 if (!rp->status) {
650 if (sent->mode)
658 return rp->status;
664 struct hci_ev_status *rp = data;
667 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
671 return rp->status;
675 if (!rp->status) {
676 if (sent->support)
677 hdev->features[1][0] |= LMP_HOST_SC;
679 hdev->features[1][0] &= ~LMP_HOST_SC;
682 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !rp->status) {
683 if (sent->support)
691 return rp->status;
697 struct hci_rp_read_local_version *rp = data;
699 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
701 if (rp->status)
702 return rp->status;
706 hdev->hci_ver = rp->hci_ver;
707 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
708 hdev->lmp_ver = rp->lmp_ver;
709 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
710 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
713 return rp->status;
719 struct hci_rp_read_enc_key_size *rp = data;
722 u8 status = rp->status;
724 bt_dev_dbg(hdev, "status 0x%2.2x", status);
726 handle = le16_to_cpu(rp->handle);
743 conn->enc_key_size = 0;
745 conn->enc_key_size = rp->key_size;
748 if (conn->enc_key_size < hdev->min_enc_key_size) {
749 /* As slave role, the conn->state has been set to
752 * nothing with the non-zero status.
758 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
759 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
774 struct hci_rp_read_local_commands *rp = data;
776 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
778 if (rp->status)
779 return rp->status;
783 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
785 return rp->status;
791 struct hci_rp_read_auth_payload_to *rp = data;
794 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
796 if (rp->status)
797 return rp->status;
801 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
803 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
807 return rp->status;
813 struct hci_rp_write_auth_payload_to *rp = data;
817 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
821 return rp->status;
825 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
827 rp->status = 0xff;
831 if (!rp->status)
832 conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
837 return rp->status;
843 struct hci_rp_read_local_features *rp = data;
845 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
847 if (rp->status)
848 return rp->status;
850 memcpy(hdev->features, rp->features, 8);
855 if (hdev->features[0][0] & LMP_3SLOT)
856 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
858 if (hdev->features[0][0] & LMP_5SLOT)
859 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
861 if (hdev->features[0][1] & LMP_HV2) {
862 hdev->pkt_type |= (HCI_HV2);
863 hdev->esco_type |= (ESCO_HV2);
866 if (hdev->features[0][1] & LMP_HV3) {
867 hdev->pkt_type |= (HCI_HV3);
868 hdev->esco_type |= (ESCO_HV3);
872 hdev->esco_type |= (ESCO_EV3);
874 if (hdev->features[0][4] & LMP_EV4)
875 hdev->esco_type |= (ESCO_EV4);
877 if (hdev->features[0][4] & LMP_EV5)
878 hdev->esco_type |= (ESCO_EV5);
880 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
881 hdev->esco_type |= (ESCO_2EV3);
883 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
884 hdev->esco_type |= (ESCO_3EV3);
886 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
887 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
889 return rp->status;
895 struct hci_rp_read_local_ext_features *rp = data;
897 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
899 if (rp->status)
900 return rp->status;
902 if (hdev->max_page < rp->max_page) {
904 &hdev->quirks))
907 hdev->max_page = rp->max_page;
910 if (rp->page < HCI_MAX_PAGES)
911 memcpy(hdev->features[rp->page], rp->features, 8);
913 return rp->status;
919 struct hci_rp_read_buffer_size *rp = data;
921 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
923 if (rp->status)
924 return rp->status;
926 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
927 hdev->sco_mtu = rp->sco_mtu;
928 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
929 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
931 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
932 hdev->sco_mtu = 64;
933 hdev->sco_pkts = 8;
936 hdev->acl_cnt = hdev->acl_pkts;
937 hdev->sco_cnt = hdev->sco_pkts;
939 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
940 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
942 if (!hdev->acl_mtu || !hdev->acl_pkts)
945 return rp->status;
951 struct hci_rp_read_bd_addr *rp = data;
953 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
955 if (rp->status)
956 return rp->status;
958 if (test_bit(HCI_INIT, &hdev->flags))
959 bacpy(&hdev->bdaddr, &rp->bdaddr);
962 bacpy(&hdev->setup_addr, &rp->bdaddr);
964 return rp->status;
970 struct hci_rp_read_local_pairing_opts *rp = data;
972 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
974 if (rp->status)
975 return rp->status;
979 hdev->pairing_opts = rp->pairing_opts;
980 hdev->max_enc_key_size = rp->max_key_size;
983 return rp->status;
989 struct hci_rp_read_page_scan_activity *rp = data;
991 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
993 if (rp->status)
994 return rp->status;
996 if (test_bit(HCI_INIT, &hdev->flags)) {
997 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
998 hdev->page_scan_window = __le16_to_cpu(rp->window);
1001 return rp->status;
1007 struct hci_ev_status *rp = data;
1010 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1012 if (rp->status)
1013 return rp->status;
1017 return rp->status;
1019 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
1020 hdev->page_scan_window = __le16_to_cpu(sent->window);
1022 return rp->status;
1028 struct hci_rp_read_page_scan_type *rp = data;
1030 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1032 if (rp->status)
1033 return rp->status;
1035 if (test_bit(HCI_INIT, &hdev->flags))
1036 hdev->page_scan_type = rp->type;
1038 return rp->status;
1044 struct hci_ev_status *rp = data;
1047 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1049 if (rp->status)
1050 return rp->status;
1054 hdev->page_scan_type = *type;
1056 return rp->status;
1062 struct hci_rp_read_clock *rp = data;
1066 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1068 if (rp->status)
1069 return rp->status;
1077 if (cp->which == 0x00) {
1078 hdev->clock = le32_to_cpu(rp->clock);
1082 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1084 conn->clock = le32_to_cpu(rp->clock);
1085 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
1090 return rp->status;
1096 struct hci_rp_read_inq_rsp_tx_power *rp = data;
1098 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1100 if (rp->status)
1101 return rp->status;
1103 hdev->inq_tx_power = rp->tx_power;
1105 return rp->status;
1111 struct hci_rp_read_def_err_data_reporting *rp = data;
1113 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1115 if (rp->status)
1116 return rp->status;
1118 hdev->err_data_reporting = rp->err_data_reporting;
1120 return rp->status;
1126 struct hci_ev_status *rp = data;
1129 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1131 if (rp->status)
1132 return rp->status;
1136 return rp->status;
1138 hdev->err_data_reporting = cp->err_data_reporting;
1140 return rp->status;
1146 struct hci_rp_pin_code_reply *rp = data;
1150 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1155 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
1157 if (rp->status)
1164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1166 conn->pin_length = cp->pin_len;
1170 return rp->status;
1176 struct hci_rp_pin_code_neg_reply *rp = data;
1178 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1183 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
1184 rp->status);
1188 return rp->status;
1194 struct hci_rp_le_read_buffer_size *rp = data;
1196 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1198 if (rp->status)
1199 return rp->status;
1201 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1202 hdev->le_pkts = rp->le_max_pkt;
1204 hdev->le_cnt = hdev->le_pkts;
1206 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1208 if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU)
1211 return rp->status;
1217 struct hci_rp_le_read_local_features *rp = data;
1219 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1221 if (rp->status)
1222 return rp->status;
1224 memcpy(hdev->le_features, rp->features, 8);
1226 return rp->status;
1232 struct hci_rp_le_read_adv_tx_power *rp = data;
1234 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1236 if (rp->status)
1237 return rp->status;
1239 hdev->adv_tx_power = rp->tx_power;
1241 return rp->status;
1247 struct hci_rp_user_confirm_reply *rp = data;
1249 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1254 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1255 rp->status);
1259 return rp->status;
1265 struct hci_rp_user_confirm_reply *rp = data;
1267 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1272 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1273 ACL_LINK, 0, rp->status);
1277 return rp->status;
1283 struct hci_rp_user_confirm_reply *rp = data;
1285 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1290 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1291 0, rp->status);
1295 return rp->status;
1301 struct hci_rp_user_confirm_reply *rp = data;
1303 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1308 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1309 ACL_LINK, 0, rp->status);
1313 return rp->status;
1319 struct hci_rp_read_local_oob_data *rp = data;
1321 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1323 return rp->status;
1329 struct hci_rp_read_local_oob_ext_data *rp = data;
1331 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1333 return rp->status;
1339 struct hci_ev_status *rp = data;
1342 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1344 if (rp->status)
1345 return rp->status;
1349 return rp->status;
1353 bacpy(&hdev->random_addr, sent);
1355 if (!bacmp(&hdev->rpa, sent)) {
1357 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired,
1358 secs_to_jiffies(hdev->rpa_timeout));
1363 return rp->status;
1369 struct hci_ev_status *rp = data;
1372 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1374 if (rp->status)
1375 return rp->status;
1379 return rp->status;
1383 hdev->le_tx_def_phys = cp->tx_phys;
1384 hdev->le_rx_def_phys = cp->rx_phys;
1388 return rp->status;
1394 struct hci_ev_status *rp = data;
1398 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1400 if (rp->status)
1401 return rp->status;
1406 * non-extended adverting.
1408 if (!cp || !cp->handle)
1409 return rp->status;
1413 adv = hci_find_adv_instance(hdev, cp->handle);
1415 bacpy(&adv->random_addr, &cp->bdaddr);
1416 if (!bacmp(&hdev->rpa, &cp->bdaddr)) {
1417 adv->rpa_expired = false;
1418 queue_delayed_work(hdev->workqueue,
1419 &adv->rpa_expired_cb,
1420 secs_to_jiffies(hdev->rpa_timeout));
1426 return rp->status;
1432 struct hci_ev_status *rp = data;
1436 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1438 if (rp->status)
1439 return rp->status;
1443 return rp->status;
1449 mgmt_advertising_removed(hci_skb_sk(hdev->sent_cmd), hdev,
1454 return rp->status;
1460 struct hci_ev_status *rp = data;
1464 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1466 if (rp->status)
1467 return rp->status;
1470 return rp->status;
1474 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
1475 u8 instance = adv->instance;
1479 mgmt_advertising_removed(hci_skb_sk(hdev->sent_cmd),
1485 return rp->status;
1491 struct hci_rp_le_read_transmit_power *rp = data;
1493 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1495 if (rp->status)
1496 return rp->status;
1498 hdev->min_le_tx_power = rp->min_le_tx_power;
1499 hdev->max_le_tx_power = rp->max_le_tx_power;
1501 return rp->status;
1507 struct hci_ev_status *rp = data;
1511 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1513 if (rp->status)
1514 return rp->status;
1518 return rp->status;
1522 params = hci_conn_params_lookup(hdev, &cp->bdaddr, cp->bdaddr_type);
1524 WRITE_ONCE(params->privacy_mode, cp->mode);
1528 return rp->status;
1534 struct hci_ev_status *rp = data;
1537 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1539 if (rp->status)
1540 return rp->status;
1544 return rp->status;
1558 queue_delayed_work(hdev->workqueue,
1559 &conn->le_conn_timeout,
1560 conn->conn_timeout);
1567 return rp->status;
1576 struct hci_ev_status *rp = data;
1578 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1580 if (rp->status)
1581 return rp->status;
1585 return rp->status;
1587 set = (void *)cp->data;
1591 if (cp->num_of_sets)
1592 adv = hci_find_adv_instance(hdev, set->handle);
1594 if (cp->enable) {
1599 if (adv && !adv->periodic)
1600 adv->enabled = true;
1604 queue_delayed_work(hdev->workqueue,
1605 &conn->le_conn_timeout,
1606 conn->conn_timeout);
1608 if (cp->num_of_sets) {
1610 adv->enabled = false;
1615 list_for_each_entry_safe(adv, n, &hdev->adv_instances,
1617 if (adv->enabled)
1622 list_for_each_entry_safe(adv, n, &hdev->adv_instances,
1624 adv->enabled = false;
1632 return rp->status;
1639 struct hci_ev_status *rp = data;
1641 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1643 if (rp->status)
1644 return rp->status;
1648 return rp->status;
1652 hdev->le_scan_type = cp->type;
1656 return rp->status;
1663 struct hci_ev_status *rp = data;
1666 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1668 if (rp->status)
1669 return rp->status;
1673 return rp->status;
1675 phy_param = (void *)cp->data;
1679 hdev->le_scan_type = phy_param->type;
1683 return rp->status;
1688 struct discovery_state *d = &hdev->discovery;
1690 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1695 struct discovery_state *d = &hdev->discovery;
1697 bacpy(&d->last_adv_addr, BDADDR_ANY);
1698 d->last_adv_data_len = 0;
1705 struct discovery_state *d = &hdev->discovery;
1710 bacpy(&d->last_adv_addr, bdaddr);
1711 d->last_adv_addr_type = bdaddr_type;
1712 d->last_adv_rssi = rssi;
1713 d->last_adv_flags = flags;
1714 memcpy(d->last_adv_data, data, len);
1715 d->last_adv_data_len = len;
1725 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1737 struct discovery_state *d = &hdev->discovery;
1739 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1740 d->last_adv_addr_type, NULL,
1741 d->last_adv_rssi, d->last_adv_flags,
1742 d->last_adv_data,
1743 d->last_adv_data_len, NULL, 0, 0);
1749 cancel_delayed_work(&hdev->le_scan_disable);
1760 hdev->discovery.state == DISCOVERY_FINDING)
1761 queue_work(hdev->workqueue, &hdev->reenable_adv_work);
1778 struct hci_ev_status *rp = data;
1780 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1782 if (rp->status)
1783 return rp->status;
1787 return rp->status;
1789 le_set_scan_enable_complete(hdev, cp->enable);
1791 return rp->status;
1798 struct hci_ev_status *rp = data;
1800 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1802 if (rp->status)
1803 return rp->status;
1807 return rp->status;
1809 le_set_scan_enable_complete(hdev, cp->enable);
1811 return rp->status;
1817 struct hci_rp_le_read_num_supported_adv_sets *rp = data;
1819 bt_dev_dbg(hdev, "status 0x%2.2x No of Adv sets %u", rp->status,
1820 rp->num_of_sets);
1822 if (rp->status)
1823 return rp->status;
1825 hdev->le_num_of_adv_sets = rp->num_of_sets;
1827 return rp->status;
1833 struct hci_rp_le_read_accept_list_size *rp = data;
1835 bt_dev_dbg(hdev, "status 0x%2.2x size %u", rp->status, rp->size);
1837 if (rp->status)
1838 return rp->status;
1840 hdev->le_accept_list_size = rp->size;
1842 return rp->status;
1848 struct hci_ev_status *rp = data;
1850 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1852 if (rp->status)
1853 return rp->status;
1856 hci_bdaddr_list_clear(&hdev->le_accept_list);
1859 return rp->status;
1866 struct hci_ev_status *rp = data;
1868 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1870 if (rp->status)
1871 return rp->status;
1875 return rp->status;
1878 hci_bdaddr_list_add(&hdev->le_accept_list, &sent->bdaddr,
1879 sent->bdaddr_type);
1882 return rp->status;
1889 struct hci_ev_status *rp = data;
1891 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1893 if (rp->status)
1894 return rp->status;
1898 return rp->status;
1901 hci_bdaddr_list_del(&hdev->le_accept_list, &sent->bdaddr,
1902 sent->bdaddr_type);
1905 return rp->status;
1911 struct hci_rp_le_read_supported_states *rp = data;
1913 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1915 if (rp->status)
1916 return rp->status;
1918 memcpy(hdev->le_states, rp->le_states, 8);
1920 return rp->status;
1926 struct hci_rp_le_read_def_data_len *rp = data;
1928 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1930 if (rp->status)
1931 return rp->status;
1933 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1934 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1936 return rp->status;
1943 struct hci_ev_status *rp = data;
1945 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1947 if (rp->status)
1948 return rp->status;
1952 return rp->status;
1954 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1955 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1957 return rp->status;
1964 struct hci_ev_status *rp = data;
1966 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1968 if (rp->status)
1969 return rp->status;
1973 return rp->status;
1976 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1977 sent->bdaddr_type, sent->peer_irk,
1978 sent->local_irk);
1981 return rp->status;
1988 struct hci_ev_status *rp = data;
1990 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
1992 if (rp->status)
1993 return rp->status;
1997 return rp->status;
2000 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
2001 sent->bdaddr_type);
2004 return rp->status;
2010 struct hci_ev_status *rp = data;
2012 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2014 if (rp->status)
2015 return rp->status;
2018 hci_bdaddr_list_clear(&hdev->le_resolv_list);
2021 return rp->status;
2027 struct hci_rp_le_read_resolv_list_size *rp = data;
2029 bt_dev_dbg(hdev, "status 0x%2.2x size %u", rp->status, rp->size);
2031 if (rp->status)
2032 return rp->status;
2034 hdev->le_resolv_list_size = rp->size;
2036 return rp->status;
2042 struct hci_ev_status *rp = data;
2045 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2047 if (rp->status)
2048 return rp->status;
2052 return rp->status;
2063 return rp->status;
2069 struct hci_rp_le_read_max_data_len *rp = data;
2071 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2073 if (rp->status)
2074 return rp->status;
2076 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
2077 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
2078 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
2079 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
2081 return rp->status;
2088 struct hci_ev_status *rp = data;
2090 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2092 if (rp->status)
2093 return rp->status;
2097 return rp->status;
2101 if (sent->le) {
2102 hdev->features[1][0] |= LMP_HOST_LE;
2105 hdev->features[1][0] &= ~LMP_HOST_LE;
2110 if (sent->simul)
2111 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
2113 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
2117 return rp->status;
2124 struct hci_ev_status *rp = data;
2126 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2128 if (rp->status)
2129 return rp->status;
2133 return rp->status;
2136 hdev->adv_addr_type = cp->own_address_type;
2139 return rp->status;
2145 struct hci_rp_le_set_ext_adv_params *rp = data;
2149 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2151 if (rp->status)
2152 return rp->status;
2156 return rp->status;
2159 hdev->adv_addr_type = cp->own_addr_type;
2160 if (!cp->handle) {
2162 hdev->adv_tx_power = rp->tx_power;
2164 adv_instance = hci_find_adv_instance(hdev, cp->handle);
2166 adv_instance->tx_power = rp->tx_power;
2169 hci_update_adv_data(hdev, cp->handle);
2173 return rp->status;
2179 struct hci_rp_read_rssi *rp = data;
2182 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2184 if (rp->status)
2185 return rp->status;
2189 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
2191 conn->rssi = rp->rssi;
2195 return rp->status;
2202 struct hci_rp_read_tx_power *rp = data;
2205 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2207 if (rp->status)
2208 return rp->status;
2212 return rp->status;
2216 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
2220 switch (sent->type) {
2222 conn->tx_power = rp->tx_power;
2225 conn->max_tx_power = rp->tx_power;
2231 return rp->status;
2237 struct hci_ev_status *rp = data;
2240 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
2242 if (rp->status)
2243 return rp->status;
2247 hdev->ssp_debug_mode = *mode;
2249 return rp->status;
2254 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2260 set_bit(HCI_INQUIRY, &hdev->flags);
2268 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2278 bt_dev_dbg(hdev, "bdaddr %pMR hcon %p", &cp->bdaddr, conn);
2281 if (conn && conn->state == BT_CONNECT) {
2282 conn->state = BT_CLOSED;
2288 conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr,
2305 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2314 handle = __le16_to_cpu(cp->handle);
2316 bt_dev_dbg(hdev, "handle 0x%4.4x", handle);
2322 link = list_first_entry_or_null(&acl->link_list,
2324 if (link && link->conn) {
2325 link->conn->state = BT_CLOSED;
2327 hci_connect_cfm(link->conn, status);
2328 hci_conn_del(link->conn);
2340 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2351 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2353 if (conn->state == BT_CONFIG) {
2367 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2378 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2380 if (conn->state == BT_CONFIG) {
2392 if (conn->state != BT_CONFIG || !conn->out)
2395 if (conn->pending_sec_level == BT_SECURITY_SDP)
2398 /* Only request authentication for SSP connections or non-SSP
2402 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
2403 conn->pending_sec_level != BT_SECURITY_FIPS &&
2404 conn->pending_sec_level != BT_SECURITY_HIGH &&
2405 conn->pending_sec_level != BT_SECURITY_MEDIUM)
2418 bacpy(&cp.bdaddr, &e->data.bdaddr);
2419 cp.pscan_rep_mode = e->data.pscan_rep_mode;
2420 cp.pscan_mode = e->data.pscan_mode;
2421 cp.clock_offset = e->data.clock_offset;
2428 struct discovery_state *discov = &hdev->discovery;
2431 if (list_empty(&discov->resolve))
2435 if (time_after(jiffies, discov->name_resolve_timeout)) {
2445 e->name_state = NAME_PENDING;
2455 struct discovery_state *discov = &hdev->discovery;
2463 if (conn && (conn->state == BT_CONFIG || conn->state == BT_CONNECTED))
2466 if (discov->state == DISCOVERY_STOPPED)
2469 if (discov->state == DISCOVERY_STOPPING)
2472 if (discov->state != DISCOVERY_RESOLVING)
2483 list_del(&e->list);
2485 e->name_state = name ? NAME_KNOWN : NAME_NOT_KNOWN;
2486 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, e->data.rssi,
2501 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2514 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2517 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
2525 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2528 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2530 auth_cp.handle = __cpu_to_le16(conn->handle);
2544 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2557 if (conn->state == BT_CONFIG) {
2571 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2584 if (conn->state == BT_CONFIG) {
2599 bt_dev_dbg(hdev, "handle 0x%4.4x status 0x%2.2x", handle, status);
2605 link = list_first_entry_or_null(&acl->link_list,
2607 if (link && link->conn) {
2608 link->conn->state = BT_CLOSED;
2610 hci_connect_cfm(link->conn, status);
2611 hci_conn_del(link->conn);
2622 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2631 hci_setup_sync_conn_status(hdev, __le16_to_cpu(cp->handle), status);
2638 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2647 hci_setup_sync_conn_status(hdev, __le16_to_cpu(cp->handle), status);
2655 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2666 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2668 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2670 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2682 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2695 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2697 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2711 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2716 if (!status && !hdev->suspended)
2725 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2730 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2731 conn->dst_type, status);
2733 if (conn->type == LE_LINK && conn->role == HCI_ROLE_SLAVE) {
2734 hdev->cur_adv_instance = conn->adv_instance;
2744 mgmt_conn = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2746 if (conn->type == ACL_LINK) {
2747 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2748 hci_remove_link_key(hdev, &conn->dst);
2751 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2753 switch (params->auto_connect) {
2755 if (cp->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2762 hci_pend_le_list_add(params, &hdev->pend_le_conns);
2770 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2771 cp->reason, mgmt_conn);
2773 hci_disconn_cfm(conn, cp->reason);
2778 * Hence, we need to do some basic cleanup here and re-enable
2825 conn->init_addr_type = own_address_type;
2827 bacpy(&conn->init_addr, &hdev->random_addr);
2829 bacpy(&conn->init_addr, &hdev->bdaddr);
2831 conn->resp_addr_type = peer_addr_type;
2832 bacpy(&conn->resp_addr, peer_addr);
2839 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2854 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2855 cp->own_address_type, cp->filter_policy);
2864 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2879 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2880 cp->own_addr_type, cp->filter_policy);
2890 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2901 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2903 if (conn->state == BT_CONFIG) {
2917 bt_dev_dbg(hdev, "status 0x%2.2x", status);
2928 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2932 if (conn->state != BT_CONNECTED)
2947 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2958 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2960 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2969 struct discovery_state *discov = &hdev->discovery;
2972 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
2974 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2978 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2985 if (discov->state != DISCOVERY_FINDING)
2988 if (list_empty(&discov->resolve)) {
2997 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
3004 e->name_state = NAME_PENDING;
3006 discov->name_resolve_timeout = jiffies + NAME_RESOLVE_DURATION;
3016 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
3032 flex_array_size(ev, info, ev->num)))
3035 bt_dev_dbg(hdev, "num %d", ev->num);
3037 if (!ev->num)
3045 for (i = 0; i < ev->num; i++) {
3046 struct inquiry_info *info = &ev->info[i];
3049 bacpy(&data.bdaddr, &info->bdaddr);
3050 data.pscan_rep_mode = info->pscan_rep_mode;
3051 data.pscan_period_mode = info->pscan_period_mode;
3052 data.pscan_mode = info->pscan_mode;
3053 memcpy(data.dev_class, info->dev_class, 3);
3054 data.clock_offset = info->clock_offset;
3060 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3061 info->dev_class, HCI_RSSI_INVALID,
3073 u8 status = ev->status;
3075 bt_dev_dbg(hdev, "status 0x%2.2x", status);
3079 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3084 if (ev->status)
3087 /* Connection may not exist if auto-connected. Check the bredr
3092 * Auto-connect will only occur if the event filter is
3096 if (ev->link_type == ACL_LINK &&
3097 hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
3098 &ev->bdaddr,
3100 conn = hci_conn_add_unset(hdev, ev->link_type,
3101 &ev->bdaddr, HCI_ROLE_SLAVE);
3107 if (ev->link_type != SCO_LINK)
3111 &ev->bdaddr);
3115 conn->type = SCO_LINK;
3125 if (!HCI_CONN_HANDLE_UNSET(conn->handle)) {
3131 status = hci_conn_set_handle(conn, __le16_to_cpu(ev->handle));
3135 if (conn->type == ACL_LINK) {
3136 conn->state = BT_CONFIG;
3139 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
3140 !hci_find_link_key(hdev, &ev->bdaddr))
3141 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3143 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3145 conn->state = BT_CONNECTED;
3150 if (test_bit(HCI_AUTH, &hdev->flags))
3151 set_bit(HCI_CONN_AUTH, &conn->flags);
3153 if (test_bit(HCI_ENCRYPT, &hdev->flags))
3154 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
3157 if (ev->encr_mode == 1 && !test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3158 ev->link_type == ACL_LINK) {
3162 key = hci_find_link_key(hdev, &ev->bdaddr);
3164 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
3167 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3169 cp.handle = cpu_to_le16(conn->handle);
3173 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3177 hci_encrypt_cfm(conn, ev->status);
3182 if (conn->type == ACL_LINK) {
3184 cp.handle = ev->handle;
3192 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
3194 cp.handle = ev->handle;
3195 cp.pkt_type = cpu_to_le16(conn->pkt_type);
3201 if (conn->type == ACL_LINK)
3202 hci_sco_setup(conn, ev->status);
3207 } else if (ev->link_type == SCO_LINK) {
3208 switch (conn->setting & SCO_AIRMODE_MASK) {
3210 if (hdev->notify)
3211 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
3235 int mask = hdev->link_mode;
3240 bt_dev_dbg(hdev, "bdaddr %pMR type 0x%x", &ev->bdaddr, ev->link_type);
3243 * CVE-2020-26555
3245 if (hdev && !bacmp(&hdev->bdaddr, &ev->bdaddr)) {
3247 &ev->bdaddr);
3248 hci_reject_conn(hdev, &ev->bdaddr);
3252 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
3256 hci_reject_conn(hdev, &ev->bdaddr);
3262 if (hci_bdaddr_list_lookup(&hdev->reject_list, &ev->bdaddr,
3264 hci_reject_conn(hdev, &ev->bdaddr);
3274 !hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, &ev->bdaddr,
3276 hci_reject_conn(hdev, &ev->bdaddr);
3282 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3284 memcpy(ie->data.dev_class, ev->dev_class, 3);
3286 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
3287 &ev->bdaddr);
3289 conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr,
3297 memcpy(conn->dev_class, ev->dev_class, 3);
3301 if (ev->link_type == ACL_LINK ||
3304 conn->state = BT_CONNECT;
3306 bacpy(&cp.bdaddr, &ev->bdaddr);
3316 conn->state = BT_CONNECT;
3318 bacpy(&cp.bdaddr, &ev->bdaddr);
3319 cp.pkt_type = cpu_to_le16(conn->pkt_type);
3324 cp.content_format = cpu_to_le16(hdev->voice_setting);
3330 conn->state = BT_CONNECT2;
3364 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
3368 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3372 if (ev->status) {
3373 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
3374 conn->dst_type, ev->status);
3378 conn->state = BT_CLOSED;
3380 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
3382 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
3385 reason = hci_to_mgmt_reason(ev->reason);
3387 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
3390 if (conn->type == ACL_LINK) {
3391 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
3392 hci_remove_link_key(hdev, &conn->dst);
3397 /* Re-enable passive scanning if disconnected device is marked
3398 * as auto-connectable.
3400 if (conn->type == LE_LINK) {
3401 params = hci_conn_params_lookup(hdev, &conn->dst,
3402 conn->dst_type);
3404 switch (params->auto_connect) {
3406 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
3414 &hdev->pend_le_conns);
3424 hci_disconn_cfm(conn, ev->reason);
3426 /* Re-enable advertising if necessary, since it might
3436 if (conn->type == LE_LINK && conn->role == HCI_ROLE_SLAVE) {
3437 hdev->cur_adv_instance = conn->adv_instance;
3453 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
3457 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3461 if (!ev->status) {
3462 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3463 set_bit(HCI_CONN_AUTH, &conn->flags);
3464 conn->sec_level = conn->pending_sec_level;
3466 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
3467 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3469 mgmt_auth_failed(conn, ev->status);
3472 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
3474 if (conn->state == BT_CONFIG) {
3475 if (!ev->status && hci_conn_ssp_enabled(conn)) {
3477 cp.handle = ev->handle;
3482 conn->state = BT_CONNECTED;
3483 hci_connect_cfm(conn, ev->status);
3487 hci_auth_cfm(conn, ev->status);
3490 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3494 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
3495 if (!ev->status) {
3497 cp.handle = ev->handle;
3502 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3503 hci_encrypt_cfm(conn, ev->status);
3517 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
3521 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3526 if (ev->status == 0)
3527 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
3528 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
3530 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
3539 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3542 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
3544 cp.handle = __cpu_to_le16(conn->handle);
3558 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
3562 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3566 if (!ev->status) {
3567 if (ev->encrypt) {
3569 set_bit(HCI_CONN_AUTH, &conn->flags);
3570 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
3571 conn->sec_level = conn->pending_sec_level;
3573 /* P-256 authentication key implies FIPS */
3574 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
3575 set_bit(HCI_CONN_FIPS, &conn->flags);
3577 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
3578 conn->type == LE_LINK)
3579 set_bit(HCI_CONN_AES_CCM, &conn->flags);
3581 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
3582 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
3589 if (ev->status && conn->type == LE_LINK) {
3594 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3598 ev->status = HCI_ERROR_AUTH_FAILURE;
3600 if (ev->status && conn->state == BT_CONNECTED) {
3601 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
3602 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3607 hci_encrypt_cfm(conn, ev->status);
3614 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
3622 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3626 cp.handle = cpu_to_le16(conn->handle);
3630 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3641 &hdev->quirks))
3649 * Ensure for AES-CCM encryption as well.
3651 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3652 test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3653 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3654 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3657 cp.handle = cpu_to_le16(conn->handle);
3658 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3659 if (hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3665 hci_encrypt_cfm(conn, ev->status);
3677 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
3681 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3683 if (!ev->status)
3684 set_bit(HCI_CONN_SECURE, &conn->flags);
3686 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
3688 hci_key_change_cfm(conn, ev->status);
3700 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
3704 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3708 if (!ev->status)
3709 memcpy(conn->features[0], ev->features, 8);
3711 if (conn->state != BT_CONFIG)
3714 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3717 cp.handle = ev->handle;
3724 if (!ev->status) {
3727 bacpy(&cp.bdaddr, &conn->dst);
3735 conn->state = BT_CONNECTED;
3736 hci_connect_cfm(conn, ev->status);
3746 cancel_delayed_work(&hdev->cmd_timer);
3749 if (!test_bit(HCI_RESET, &hdev->flags)) {
3751 cancel_delayed_work(&hdev->ncmd_timer);
3752 atomic_set(&hdev->cmd_cnt, 1);
3755 queue_delayed_work(hdev->workqueue, &hdev->ncmd_timer,
3765 struct hci_rp_le_read_buffer_size_v2 *rp = data;
3767 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
3769 if (rp->status)
3770 return rp->status;
3772 hdev->le_mtu = __le16_to_cpu(rp->acl_mtu);
3773 hdev->le_pkts = rp->acl_max_pkt;
3774 hdev->iso_mtu = __le16_to_cpu(rp->iso_mtu);
3775 hdev->iso_pkts = rp->iso_max_pkt;
3777 hdev->le_cnt = hdev->le_pkts;
3778 hdev->iso_cnt = hdev->iso_pkts;
3780 BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu,
3781 hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts);
3783 if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU)
3786 return rp->status;
3793 lockdep_assert_held(&hdev->lock);
3795 list_for_each_entry_safe(conn, tmp, &hdev->conn_hash.list, list) {
3796 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY) ||
3797 conn->state == BT_OPEN || conn->iso_qos.ucast.cig != cig)
3800 if (HCI_CONN_HANDLE_UNSET(conn->handle))
3808 struct hci_rp_le_set_cig_params *rp = data;
3811 u8 status = rp->status;
3815 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
3818 if (!rp->status && (!cp || rp->num_handles != cp->num_cis ||
3819 rp->cig_id != cp->cig_id)) {
3828 * If the Status return parameter is non-zero, then the state of the CIG
3834 hci_unbound_cis_failed(hdev, rp->cig_id, status);
3845 for (i = 0; i < rp->num_handles; ++i) {
3846 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, rp->cig_id,
3847 cp->cis[i].cis_id);
3848 if (!conn || !bacmp(&conn->dst, BDADDR_ANY))
3851 if (conn->state != BT_BOUND && conn->state != BT_CONNECT)
3854 if (hci_conn_set_handle(conn, __le16_to_cpu(rp->handle[i])))
3857 if (conn->state == BT_CONNECT)
3867 return rp->status;
3873 struct hci_rp_le_setup_iso_path *rp = data;
3877 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
3881 return rp->status;
3885 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
3889 if (rp->status) {
3890 hci_connect_cfm(conn, rp->status);
3895 switch (cp->direction) {
3899 if (conn->iso_qos.ucast.out.sdu && !conn->iso_qos.ucast.in.sdu)
3900 hci_connect_cfm(conn, rp->status);
3904 /* Confirm connection since conn->iso_qos is always configured
3907 hci_connect_cfm(conn, rp->status);
3910 if (!rp->status && test_bit(HCI_CONN_BIG_SYNC, &conn->flags))
3918 return rp->status;
3923 bt_dev_dbg(hdev, "status 0x%2.2x", status);
3929 struct hci_ev_status *rp = data;
3932 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
3934 if (rp->status)
3935 return rp->status;
3939 return rp->status;
3942 return rp->status;
3948 struct hci_ev_status *rp = data;
3953 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
3955 if (rp->status)
3956 return rp->status;
3960 return rp->status;
3964 adv = hci_find_adv_instance(hdev, cp->handle);
3966 if (cp->enable) {
3970 adv->enabled = true;
3977 list_for_each_entry_safe(adv, n, &hdev->adv_instances,
3979 if (adv->periodic && adv->enabled)
3992 return rp->status;
4183 if (skb->len < cc->min_len) {
4184 bt_dev_err(hdev, "unexpected cc 0x%4.4x length: %u < %u",
4185 cc->op, skb->len, cc->min_len);
4193 if (skb->len > cc->max_len)
4194 bt_dev_warn(hdev, "unexpected cc 0x%4.4x length: %u > %u",
4195 cc->op, skb->len, cc->max_len);
4197 data = hci_cc_skb_pull(hdev, skb, cc->op, cc->min_len);
4201 return cc->func(hdev, data, skb);
4212 *opcode = __le16_to_cpu(ev->opcode);
4214 bt_dev_dbg(hdev, "opcode 0x%4.4x", *opcode);
4231 *status = skb->data[0];
4234 handle_cmd_cnt_and_timer(hdev, ev->ncmd);
4241 "unexpected event for opcode 0x%4.4x", *opcode);
4245 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
4246 queue_work(hdev->workqueue, &hdev->cmd_work);
4255 bt_dev_dbg(hdev, "status 0x%2.2x", status);
4267 for (i = 0; cp->num_cis; cp->num_cis--, i++) {
4271 handle = __le16_to_cpu(cp->cis[i].cis_handle);
4276 &conn->flags))
4278 conn->state = BT_CLOSED;
4332 *opcode = __le16_to_cpu(ev->opcode);
4333 *status = ev->status;
4335 bt_dev_dbg(hdev, "opcode 0x%4.4x", *opcode);
4339 hci_cs_table[i].func(hdev, ev->status);
4344 handle_cmd_cnt_and_timer(hdev, ev->ncmd);
4352 if (ev->status || (hdev->req_skb && !hci_skb_event(hdev->req_skb))) {
4353 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
4356 bt_dev_err(hdev, "unexpected event for opcode 0x%4.4x",
4362 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
4363 queue_work(hdev->workqueue, &hdev->cmd_work);
4371 bt_dev_dbg(hdev, "code 0x%2.2x", ev->code);
4373 hdev->hw_error_code = ev->code;
4375 queue_work(hdev->req_workqueue, &hdev->error_reset);
4384 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
4388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4390 if (!ev->status)
4391 conn->role = ev->role;
4393 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
4395 hci_role_switch_cfm(conn, ev->status, ev->role);
4408 flex_array_size(ev, handles, ev->num)))
4411 bt_dev_dbg(hdev, "num %d", ev->num);
4413 for (i = 0; i < ev->num; i++) {
4414 struct hci_comp_pkts_info *info = &ev->handles[i];
4418 handle = __le16_to_cpu(info->handle);
4419 count = __le16_to_cpu(info->count);
4425 conn->sent -= count;
4427 switch (conn->type) {
4429 hdev->acl_cnt += count;
4430 if (hdev->acl_cnt > hdev->acl_pkts)
4431 hdev->acl_cnt = hdev->acl_pkts;
4435 if (hdev->le_pkts) {
4436 hdev->le_cnt += count;
4437 if (hdev->le_cnt > hdev->le_pkts)
4438 hdev->le_cnt = hdev->le_pkts;
4440 hdev->acl_cnt += count;
4441 if (hdev->acl_cnt > hdev->acl_pkts)
4442 hdev->acl_cnt = hdev->acl_pkts;
4447 hdev->sco_cnt += count;
4448 if (hdev->sco_cnt > hdev->sco_pkts)
4449 hdev->sco_cnt = hdev->sco_pkts;
4453 if (hdev->iso_pkts) {
4454 hdev->iso_cnt += count;
4455 if (hdev->iso_cnt > hdev->iso_pkts)
4456 hdev->iso_cnt = hdev->iso_pkts;
4457 } else if (hdev->le_pkts) {
4458 hdev->le_cnt += count;
4459 if (hdev->le_cnt > hdev->le_pkts)
4460 hdev->le_cnt = hdev->le_pkts;
4462 hdev->acl_cnt += count;
4463 if (hdev->acl_cnt > hdev->acl_pkts)
4464 hdev->acl_cnt = hdev->acl_pkts;
4470 conn->type, conn);
4475 queue_work(hdev->workqueue, &hdev->tx_work);
4484 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
4488 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4490 conn->mode = ev->mode;
4493 &conn->flags)) {
4494 if (conn->mode == HCI_CM_ACTIVE)
4495 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
4497 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
4500 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
4501 hci_sco_setup(conn, ev->status);
4517 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4521 if (conn->state == BT_CONNECTED) {
4523 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
4528 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
4530 sizeof(ev->bdaddr), &ev->bdaddr);
4534 if (conn->pending_sec_level == BT_SECURITY_HIGH)
4539 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
4551 conn->pin_length = pin_len;
4552 conn->key_type = key_type;
4561 conn->pending_sec_level = BT_SECURITY_HIGH;
4563 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4567 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4570 conn->pending_sec_level = BT_SECURITY_HIGH;
4573 conn->pending_sec_level = BT_SECURITY_FIPS;
4593 key = hci_find_link_key(hdev, &ev->bdaddr);
4595 bt_dev_dbg(hdev, "link key not found for %pMR", &ev->bdaddr);
4599 bt_dev_dbg(hdev, "found key type %u for %pMR", key->type, &ev->bdaddr);
4601 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4603 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
4605 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
4606 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
4607 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
4612 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
4613 (conn->pending_sec_level == BT_SECURITY_HIGH ||
4614 conn->pending_sec_level == BT_SECURITY_FIPS)) {
4619 conn_set_key(conn, key->type, key->pin_len);
4622 bacpy(&cp.bdaddr, &ev->bdaddr);
4623 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
4632 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
4649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4653 /* Ignore NULL link key against CVE-2020-26555 */
4654 if (!crypto_memneq(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) {
4656 &ev->bdaddr);
4663 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4666 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
4667 conn_set_key(conn, ev->key_type, conn->pin_length);
4672 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
4673 ev->key_type, pin_len, &persistent);
4680 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
4681 conn_set_key(conn, key->type, key->pin_len);
4690 if (key->type == HCI_LK_DEBUG_COMBINATION &&
4692 list_del_rcu(&key->list);
4698 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4700 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4712 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
4716 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4717 if (conn && !ev->status) {
4720 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4722 ie->data.clock_offset = ev->clock_offset;
4723 ie->timestamp = jiffies;
4736 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
4740 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4741 if (conn && !ev->status)
4742 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
4757 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4759 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
4760 ie->timestamp = jiffies;
4773 bt_dev_dbg(hdev, "num_rsp %d", ev->num);
4775 if (!ev->num)
4783 if (skb->len == array_size(ev->num,
4787 for (i = 0; i < ev->num; i++) {
4794 bt_dev_err(hdev, "Malformed HCI Event: 0x%2.2x",
4799 bacpy(&data.bdaddr, &info->bdaddr);
4800 data.pscan_rep_mode = info->pscan_rep_mode;
4801 data.pscan_period_mode = info->pscan_period_mode;
4802 data.pscan_mode = info->pscan_mode;
4803 memcpy(data.dev_class, info->dev_class, 3);
4804 data.clock_offset = info->clock_offset;
4805 data.rssi = info->rssi;
4810 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4811 info->dev_class, info->rssi,
4814 } else if (skb->len == array_size(ev->num,
4818 for (i = 0; i < ev->num; i++) {
4825 bt_dev_err(hdev, "Malformed HCI Event: 0x%2.2x",
4830 bacpy(&data.bdaddr, &info->bdaddr);
4831 data.pscan_rep_mode = info->pscan_rep_mode;
4832 data.pscan_period_mode = info->pscan_period_mode;
4834 memcpy(data.dev_class, info->dev_class, 3);
4835 data.clock_offset = info->clock_offset;
4836 data.rssi = info->rssi;
4841 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4842 info->dev_class, info->rssi,
4846 bt_dev_err(hdev, "Malformed HCI Event: 0x%2.2x",
4859 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
4863 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4867 if (ev->page < HCI_MAX_PAGES)
4868 memcpy(conn->features[ev->page], ev->features, 8);
4870 if (!ev->status && ev->page == 0x01) {
4873 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4875 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4877 if (ev->features[0] & LMP_HOST_SSP) {
4878 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4888 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4891 if (ev->features[0] & LMP_HOST_SC)
4892 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
4895 if (conn->state != BT_CONFIG)
4898 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
4901 bacpy(&cp.bdaddr, &conn->dst);
4909 conn->state = BT_CONNECTED;
4910 hci_connect_cfm(conn, ev->status);
4923 u8 status = ev->status;
4925 switch (ev->link_type) {
4938 bt_dev_dbg(hdev, "status 0x%2.2x", status);
4942 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
4944 if (ev->link_type == ESCO_LINK)
4956 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4967 if (!HCI_CONN_HANDLE_UNSET(conn->handle)) {
4974 status = hci_conn_set_handle(conn, __le16_to_cpu(ev->handle));
4976 conn->state = BT_CLOSED;
4980 conn->state = BT_CONNECTED;
4981 conn->type = ev->link_type;
4995 if (conn->out) {
4996 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4997 (hdev->esco_type & EDR_ESCO_MASK);
4998 if (hci_setup_sync(conn, conn->parent->handle))
5004 conn->state = BT_CLOSED;
5008 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
5010 * is zero and non-zero value shall be non-HCI transport data path
5012 if (conn->codec.data_path == 0 && hdev->notify) {
5013 switch (ev->air_mode) {
5015 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
5018 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP);
5057 flex_array_size(ev, info, ev->num)))
5060 bt_dev_dbg(hdev, "num %d", ev->num);
5062 if (!ev->num)
5070 for (i = 0; i < ev->num; i++) {
5071 struct extended_inquiry_info *info = &ev->info[i];
5075 bacpy(&data.bdaddr, &info->bdaddr);
5076 data.pscan_rep_mode = info->pscan_rep_mode;
5077 data.pscan_period_mode = info->pscan_period_mode;
5079 memcpy(data.dev_class, info->dev_class, 3);
5080 data.clock_offset = info->clock_offset;
5081 data.rssi = info->rssi;
5085 name_known = eir_get_data(info->data,
5086 sizeof(info->data),
5093 eir_len = eir_get_length(info->data, sizeof(info->data));
5095 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
5096 info->dev_class, info->rssi,
5097 flags, info->data, eir_len, NULL, 0, 0);
5109 bt_dev_dbg(hdev, "status 0x%2.2x handle 0x%4.4x", ev->status,
5110 __le16_to_cpu(ev->handle));
5114 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5121 if (conn->type != LE_LINK)
5124 if (!ev->status)
5125 conn->sec_level = conn->pending_sec_level;
5127 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
5129 if (ev->status && conn->state == BT_CONNECTED) {
5135 if (conn->state == BT_CONFIG) {
5136 if (!ev->status)
5137 conn->state = BT_CONNECTED;
5139 hci_connect_cfm(conn, ev->status);
5142 hci_auth_cfm(conn, ev->status);
5145 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
5155 /* If remote requests no-bonding follow that lead */
5156 if (conn->remote_auth == HCI_AT_NO_BONDING ||
5157 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
5158 return conn->remote_auth | (conn->auth_type & 0x01);
5163 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
5164 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
5165 return conn->remote_auth | 0x01;
5168 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
5173 struct hci_dev *hdev = conn->hdev;
5176 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
5188 return data->present;
5191 * the P-256 values are required. If they are not
5195 if (!crypto_memneq(data->rand256, ZERO_KEY, 16) ||
5196 !crypto_memneq(data->hash256, ZERO_KEY, 16))
5204 * P-192 data values are present.
5206 if (!crypto_memneq(data->rand192, ZERO_KEY, 16) ||
5207 !crypto_memneq(data->hash192, ZERO_KEY, 16))
5223 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5228 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
5239 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
5240 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
5243 bacpy(&cp.bdaddr, &ev->bdaddr);
5246 cp.capability = (conn->io_capability == 0x04) ?
5247 HCI_IO_DISPLAY_YESNO : conn->io_capability;
5250 if (conn->remote_auth == 0xff) {
5252 * except for the no-bonding case.
5254 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
5255 conn->auth_type != HCI_AT_NO_BONDING)
5256 conn->auth_type |= 0x01;
5258 conn->auth_type = hci_get_auth_req(conn);
5261 /* If we're not bondable, force one of the non-bondable
5265 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
5267 cp.authentication = conn->auth_type;
5275 bacpy(&cp.bdaddr, &ev->bdaddr);
5296 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5300 conn->remote_cap = ev->capability;
5301 conn->remote_auth = ev->authentication;
5321 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5325 loc_mitm = (conn->auth_type & 0x01);
5326 rem_mitm = (conn->remote_auth & 0x01);
5331 * necessarily match conn->auth_type.
5333 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
5334 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
5337 sizeof(ev->bdaddr), &ev->bdaddr);
5342 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
5343 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
5349 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
5350 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) {
5351 bt_dev_dbg(hdev, "Confirming auto-accept as acceptor");
5360 if (hci_find_link_key(hdev, &ev->bdaddr)) {
5366 BT_DBG("Auto-accept of user confirmation with %ums delay",
5367 hdev->auto_accept_delay);
5369 if (hdev->auto_accept_delay > 0) {
5370 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
5371 queue_delayed_work(conn->hdev->workqueue,
5372 &conn->auto_accept_work, delay);
5377 sizeof(ev->bdaddr), &ev->bdaddr);
5382 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
5383 le32_to_cpu(ev->passkey), confirm_hint);
5397 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
5408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5412 conn->passkey_notify = __le32_to_cpu(ev->passkey);
5413 conn->passkey_entered = 0;
5416 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
5417 conn->dst_type, conn->passkey_notify,
5418 conn->passkey_entered);
5429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5433 switch (ev->type) {
5435 conn->passkey_entered = 0;
5439 conn->passkey_entered++;
5443 conn->passkey_entered--;
5447 conn->passkey_entered = 0;
5455 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
5456 conn->dst_type, conn->passkey_notify,
5457 conn->passkey_entered);
5470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5475 conn->remote_auth = 0xff;
5482 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
5483 mgmt_auth_failed(conn, ev->status);
5502 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
5504 memcpy(conn->features[1], ev->features, 8);
5506 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
5508 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
5526 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
5530 bacpy(&cp.bdaddr, &ev->bdaddr);
5539 bacpy(&cp.bdaddr, &ev->bdaddr);
5544 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
5545 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
5547 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
5548 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
5555 bacpy(&cp.bdaddr, &ev->bdaddr);
5556 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
5557 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
5570 if (conn->out) {
5571 conn->dst_type = bdaddr_type;
5572 conn->resp_addr_type = bdaddr_type;
5573 bacpy(&conn->resp_addr, bdaddr);
5576 * used instead or hdev->rpa.
5579 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5580 bacpy(&conn->init_addr, local_rpa);
5581 } else if (hci_dev_test_flag(conn->hdev, HCI_PRIVACY)) {
5582 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5583 bacpy(&conn->init_addr, &conn->hdev->rpa);
5585 hci_copy_identity_address(conn->hdev, &conn->init_addr,
5586 &conn->init_addr_type);
5589 conn->resp_addr_type = conn->hdev->adv_addr_type;
5591 * used instead or hdev->rpa.
5594 conn->resp_addr_type = ADDR_LE_DEV_RANDOM;
5595 bacpy(&conn->resp_addr, local_rpa);
5596 } else if (conn->hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
5600 if (!ext_adv_capable(conn->hdev))
5601 bacpy(&conn->resp_addr,
5602 &conn->hdev->random_addr);
5604 bacpy(&conn->resp_addr, &conn->hdev->bdaddr);
5607 conn->init_addr_type = bdaddr_type;
5608 bacpy(&conn->init_addr, bdaddr);
5615 conn->le_conn_min_interval = conn->hdev->le_conn_min_interval;
5616 conn->le_conn_max_interval = conn->hdev->le_conn_max_interval;
5652 conn->dst_type = bdaddr_type;
5662 if (conn->out) {
5663 conn->resp_addr_type = bdaddr_type;
5664 bacpy(&conn->resp_addr, bdaddr);
5666 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5667 bacpy(&conn->init_addr, &hdev->rpa);
5670 &conn->init_addr,
5671 &conn->init_addr_type);
5675 cancel_delayed_work(&conn->le_conn_timeout);
5684 if (!HCI_CONN_HANDLE_UNSET(conn->handle)) {
5700 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
5702 bacpy(&conn->dst, &irk->bdaddr);
5703 conn->dst_type = irk->addr_type;
5706 conn->dst_type = ev_bdaddr_type(hdev, conn->dst_type, NULL);
5716 if (test_bit(HCI_CONN_CANCEL, &conn->flags)) {
5721 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
5727 if (hci_bdaddr_list_lookup(&hdev->reject_list, &conn->dst, addr_type)) {
5734 conn->sec_level = BT_SECURITY_LOW;
5735 conn->state = BT_CONFIG;
5738 * when sotfware rotation is in use so it can be re-enabled when
5742 conn->adv_instance = hdev->cur_adv_instance;
5744 conn->le_conn_interval = interval;
5745 conn->le_conn_latency = latency;
5746 conn->le_supv_timeout = supervision_timeout;
5755 * If the local controller supports peripheral-initiated features
5760 if (conn->out ||
5761 (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) {
5764 cp.handle = __cpu_to_le16(conn->handle);
5771 conn->state = BT_CONNECTED;
5775 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
5776 conn->dst_type);
5779 if (params->conn) {
5780 hci_conn_drop(params->conn);
5781 hci_conn_put(params->conn);
5782 params->conn = NULL;
5796 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
5798 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5799 NULL, ev->role, le16_to_cpu(ev->handle),
5800 le16_to_cpu(ev->interval),
5801 le16_to_cpu(ev->latency),
5802 le16_to_cpu(ev->supervision_timeout));
5810 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
5812 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5813 &ev->local_rpa, ev->role, le16_to_cpu(ev->handle),
5814 le16_to_cpu(ev->interval),
5815 le16_to_cpu(ev->latency),
5816 le16_to_cpu(ev->supervision_timeout));
5826 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
5835 if (ev->status == HCI_ERROR_CANCELLED_BY_HOST) {
5842 adv = hci_find_adv_instance(hdev, ev->handle);
5844 if (ev->status) {
5849 hci_remove_adv_instance(hdev, ev->handle);
5850 mgmt_advertising_removed(NULL, hdev, ev->handle);
5852 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
5853 if (adv->enabled)
5863 adv->enabled = false;
5865 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5868 * instance can be re-enabled when disconnected.
5870 conn->adv_instance = ev->handle;
5872 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM ||
5873 bacmp(&conn->resp_addr, BDADDR_ANY))
5876 if (!ev->handle) {
5877 bacpy(&conn->resp_addr, &hdev->random_addr);
5882 bacpy(&conn->resp_addr, &adv->random_addr);
5895 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
5897 if (ev->status)
5902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5904 conn->le_conn_interval = le16_to_cpu(ev->interval);
5905 conn->le_conn_latency = le16_to_cpu(ev->latency);
5906 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5912 /* This function requires the caller holds hdev->lock */
5926 if (hci_bdaddr_list_lookup(&hdev->reject_list, addr, addr_type) ||
5927 hdev->suspended)
5933 if (hdev->conn_hash.le_num_peripheral > 0 &&
5934 (!test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) ||
5935 !(hdev->le_states[3] & 0x10)))
5941 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5946 if (!params->explicit_connect) {
5947 switch (params->auto_connect) {
5970 BT_SECURITY_LOW, hdev->def_le_autoconnect_timeout,
5982 if (!params->explicit_connect)
5983 params->conn = hci_conn_get(conn);
5989 case -EBUSY:
5990 /* If hci_connect() returns -EBUSY it means there is already
6009 struct discovery_state *d = &hdev->discovery;
6025 "type: 0x%02x", type);
6049 len = ptr - data;
6076 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
6083 bdaddr = &irk->bdaddr;
6084 bdaddr_type = irk->addr_type;
6101 memcpy(conn->le_adv_data, data, len);
6102 conn->le_adv_data_len = len;
6121 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
6125 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
6127 idr_is_empty(&hdev->adv_monitors_idr))
6168 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
6169 bdaddr_type == d->last_adv_addr_type);
6178 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
6179 d->last_adv_addr_type, NULL,
6180 d->last_adv_rssi, d->last_adv_flags,
6181 d->last_adv_data,
6182 d->last_adv_data_len, NULL, 0, 0);
6207 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
6208 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
6209 d->last_adv_data, d->last_adv_data_len, data, len, 0);
6219 if (!ev->num)
6224 while (ev->num--) {
6235 info->length + 1))
6238 if (info->length <= max_adv_len(hdev)) {
6239 rssi = info->data[info->length];
6240 process_adv_report(hdev, info->type, &info->bdaddr,
6241 info->bdaddr_type, NULL, 0, rssi,
6242 info->data, info->length, false,
6290 bt_dev_err_ratelimited(hdev, "Unknown advertising packet type: 0x%02x",
6302 if (!ev->num)
6307 while (ev->num--) {
6318 info->length))
6321 evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK;
6324 process_adv_report(hdev, legacy_evt_type, &info->bdaddr,
6325 info->bdaddr_type, NULL, 0,
6326 info->rssi, info->data, info->length,
6349 int mask = hdev->link_mode;
6353 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6359 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ISO_LINK, &flags);
6361 hci_le_pa_term_sync(hdev, ev->handle);
6368 if (ev->status) {
6376 set_bit(HCI_CONN_PA_SYNC_FAILED, &pa_sync->flags);
6379 hci_connect_cfm(pa_sync, ev->status);
6390 int mask = hdev->link_mode;
6393 bt_dev_dbg(hdev, "sync_handle 0x%4.4x", le16_to_cpu(ev->sync_handle));
6399 hci_le_pa_term_sync(hdev, ev->sync_handle);
6410 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6414 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
6416 if (!ev->status)
6417 memcpy(conn->features[0], ev->features, 8);
6419 if (conn->state == BT_CONFIG) {
6422 /* If the local controller supports peripheral-initiated
6431 if (!conn->out && ev->status == HCI_ERROR_UNSUPPORTED_REMOTE_FEATURE &&
6432 (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES))
6435 status = ev->status;
6437 conn->state = BT_CONNECTED;
6455 bt_dev_dbg(hdev, "handle 0x%4.4x", __le16_to_cpu(ev->handle));
6459 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
6463 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
6469 if (ev->ediv || ev->rand)
6472 /* For non-SC keys check that EDiv and Rand match */
6473 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
6477 memcpy(cp.ltk, ltk->val, ltk->enc_size);
6478 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
6479 cp.handle = cpu_to_le16(conn->handle);
6481 conn->pending_sec_level = smp_ltk_sec_level(ltk);
6483 conn->enc_key_size = ltk->enc_size;
6490 * distribute the keys. Later, security can be re-established
6493 if (ltk->type == SMP_STK) {
6494 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
6495 list_del_rcu(<k->list);
6498 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
6506 neg.handle = ev->handle;
6531 bt_dev_dbg(hdev, "handle 0x%4.4x", __le16_to_cpu(ev->handle));
6533 handle = le16_to_cpu(ev->handle);
6534 min = le16_to_cpu(ev->interval_min);
6535 max = le16_to_cpu(ev->interval_max);
6536 latency = le16_to_cpu(ev->latency);
6537 timeout = le16_to_cpu(ev->timeout);
6540 if (!hcon || hcon->state != BT_CONNECTED)
6544 if (max > hcon->le_conn_max_interval)
6552 if (hcon->role == HCI_ROLE_MASTER) {
6558 params = hci_conn_params_lookup(hdev, &hcon->dst,
6559 hcon->dst_type);
6561 params->conn_min_interval = min;
6562 params->conn_max_interval = max;
6563 params->conn_latency = latency;
6564 params->supervision_timeout = timeout;
6572 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
6576 cp.handle = ev->handle;
6577 cp.interval_min = ev->interval_min;
6578 cp.interval_max = ev->interval_max;
6579 cp.latency = ev->latency;
6580 cp.timeout = ev->timeout;
6595 flex_array_size(ev, info, ev->num)))
6598 if (!ev->num)
6603 for (i = 0; i < ev->num; i++) {
6604 struct hci_ev_le_direct_adv_info *info = &ev->info[i];
6606 process_adv_report(hdev, info->type, &info->bdaddr,
6607 info->bdaddr_type, &info->direct_addr,
6608 info->direct_addr_type, info->rssi, NULL, 0,
6621 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6623 if (ev->status)
6628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
6632 conn->le_tx_phy = ev->tx_phy;
6633 conn->le_rx_phy = ev->rx_phy;
6646 u16 handle = __le16_to_cpu(ev->handle);
6649 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6656 "Unable to find connection with handle 0x%4.4x",
6661 if (conn->type != ISO_LINK) {
6663 "Invalid connection link type handle 0x%4.4x",
6668 qos = &conn->iso_qos;
6670 pending = test_and_clear_bit(HCI_CONN_CREATE_CIS, &conn->flags);
6677 * SDU_Interval = (CIG_Sync_Delay + (FT) x ISO_Interval) -
6680 c_sdu_interval = (get_unaligned_le24(ev->cig_sync_delay) +
6681 (ev->c_ft * le16_to_cpu(ev->interval) * 1250)) -
6682 get_unaligned_le24(ev->c_latency);
6683 p_sdu_interval = (get_unaligned_le24(ev->cig_sync_delay) +
6684 (ev->p_ft * le16_to_cpu(ev->interval) * 1250)) -
6685 get_unaligned_le24(ev->p_latency);
6687 switch (conn->role) {
6689 qos->ucast.in.interval = c_sdu_interval;
6690 qos->ucast.out.interval = p_sdu_interval;
6692 qos->ucast.in.latency =
6693 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->c_latency),
6695 qos->ucast.out.latency =
6696 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->p_latency),
6698 qos->ucast.in.sdu = le16_to_cpu(ev->c_mtu);
6699 qos->ucast.out.sdu = le16_to_cpu(ev->p_mtu);
6700 qos->ucast.in.phy = ev->c_phy;
6701 qos->ucast.out.phy = ev->p_phy;
6704 qos->ucast.in.interval = p_sdu_interval;
6705 qos->ucast.out.interval = c_sdu_interval;
6707 qos->ucast.out.latency =
6708 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->c_latency),
6710 qos->ucast.in.latency =
6711 DIV_ROUND_CLOSEST(get_unaligned_le24(ev->p_latency),
6713 qos->ucast.out.sdu = le16_to_cpu(ev->c_mtu);
6714 qos->ucast.in.sdu = le16_to_cpu(ev->p_mtu);
6715 qos->ucast.out.phy = ev->c_phy;
6716 qos->ucast.in.phy = ev->p_phy;
6720 if (!ev->status) {
6721 conn->state = BT_CONNECTED;
6728 conn->state = BT_CLOSED;
6729 hci_connect_cfm(conn, ev->status);
6767 acl_handle = __le16_to_cpu(ev->acl_handle);
6768 cis_handle = __le16_to_cpu(ev->cis_handle);
6770 bt_dev_dbg(hdev, "acl 0x%4.4x handle 0x%4.4x cig 0x%2.2x cis 0x%2.2x",
6771 acl_handle, cis_handle, ev->cig_id, ev->cis_id);
6779 mask = hci_proto_connect_ind(hdev, &acl->dst, ISO_LINK, &flags);
6781 hci_le_reject_cis(hdev, ev->cis_handle);
6787 cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE,
6790 hci_le_reject_cis(hdev, ev->cis_handle);
6795 cis->iso_qos.ucast.cig = ev->cig_id;
6796 cis->iso_qos.ucast.cis = ev->cis_id;
6799 hci_le_accept_cis(hdev, ev->cis_handle);
6801 cis->state = BT_CONNECT2;
6824 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
6827 flex_array_size(ev, bis_handle, ev->num_bis)))
6833 while ((conn = hci_conn_hash_lookup_big_state(hdev, ev->handle,
6835 if (ev->status) {
6836 hci_connect_cfm(conn, ev->status);
6842 __le16_to_cpu(ev->bis_handle[i++])))
6845 conn->state = BT_CONNECTED;
6846 set_bit(HCI_CONN_BIG_CREATED, &conn->flags);
6852 if (!ev->status && !i)
6859 UINT_PTR(ev->handle), NULL);
6872 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6875 flex_array_size(ev, bis, ev->num_bis)))
6880 if (!ev->status) {
6881 pa_sync = hci_conn_hash_lookup_pa_sync_big_handle(hdev, ev->handle);
6886 set_bit(HCI_CONN_BIG_SYNC, &pa_sync->flags);
6889 for (i = 0; i < ev->num_bis; i++) {
6890 u16 handle = le16_to_cpu(ev->bis[i]);
6905 if (ev->status != 0x42)
6907 set_bit(HCI_CONN_PA_SYNC, &bis->flags);
6909 bis->iso_qos.bcast.big = ev->handle;
6911 memcpy(&interval, ev->latency, sizeof(ev->latency));
6912 bis->iso_qos.bcast.in.interval = le32_to_cpu(interval);
6914 bis->iso_qos.bcast.in.latency = le16_to_cpu(ev->interval) * 125 / 100;
6915 bis->iso_qos.bcast.in.sdu = le16_to_cpu(ev->max_pdu);
6917 if (!ev->status) {
6918 set_bit(HCI_CONN_BIG_SYNC, &bis->flags);
6926 if (ev->status)
6927 for (i = 0; i < ev->num_bis; i++) {
6928 u16 handle = le16_to_cpu(ev->bis[i]);
6934 set_bit(HCI_CONN_BIG_SYNC_FAILED, &bis->flags);
6935 hci_connect_cfm(bis, ev->status);
6945 int mask = hdev->link_mode;
6949 bt_dev_dbg(hdev, "sync_handle 0x%4.4x", le16_to_cpu(ev->sync_handle));
6955 hci_le_pa_term_sync(hdev, ev->sync_handle);
6964 le16_to_cpu(ev->sync_handle));
6976 pa_sync->sync_handle = le16_to_cpu(ev->sync_handle);
6977 set_bit(HCI_CONN_PA_SYNC, &pa_sync->flags);
7092 bt_dev_dbg(hdev, "subevent 0x%2.2x", ev->subevent);
7095 if (hdev->req_skb &&
7096 hci_opcode_ogf(hci_skb_opcode(hdev->req_skb)) == 0x08 &&
7097 hci_skb_event(hdev->req_skb) == ev->subevent) {
7098 *opcode = hci_skb_opcode(hdev->req_skb);
7103 subev = &hci_le_ev_table[ev->subevent];
7104 if (!subev->func)
7107 if (skb->len < subev->min_len) {
7108 bt_dev_err(hdev, "unexpected subevent 0x%2.2x length: %u < %u",
7109 ev->subevent, skb->len, subev->min_len);
7117 if (skb->len > subev->max_len)
7118 bt_dev_warn(hdev, "unexpected subevent 0x%2.2x length: %u > %u",
7119 ev->subevent, skb->len, subev->max_len);
7120 data = hci_le_ev_skb_pull(hdev, skb, ev->subevent, subev->min_len);
7124 subev->func(hdev, data, skb);
7141 if (hdr->evt != event)
7146 /* Check if request ended in Command Status - no way to retrieve
7149 if (hdr->evt == HCI_EV_CMD_STATUS)
7152 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
7153 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
7154 hdr->evt);
7162 if (opcode != __le16_to_cpu(ev->opcode)) {
7163 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
7164 __le16_to_cpu(ev->opcode));
7177 const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
7178 const struct hci_ev_conn_request *conn_request = (void *)skb->data;
7185 if (!hdev->suspended || hdev->wake_reason)
7191 hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
7198 bacpy(&hdev->wake_addr, &conn_request->bdaddr);
7199 hdev->wake_addr_type = BDADDR_BREDR;
7201 bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
7202 hdev->wake_addr_type = BDADDR_BREDR;
7204 struct hci_ev_le_meta *le_ev = (void *)skb->data;
7205 u8 subevent = le_ev->subevent;
7206 u8 *ptr = &skb->data[sizeof(*le_ev)];
7219 bacpy(&hdev->wake_addr, &adv->bdaddr);
7220 hdev->wake_addr_type = adv->bdaddr_type;
7223 bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
7224 hdev->wake_addr_type = direct_adv->bdaddr_type;
7227 bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
7228 hdev->wake_addr_type = ext_adv->bdaddr_type;
7233 hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
7409 if (!ev->func)
7412 if (skb->len < ev->min_len) {
7413 bt_dev_err(hdev, "unexpected event 0x%2.2x length: %u < %u",
7414 event, skb->len, ev->min_len);
7422 if (skb->len > ev->max_len)
7424 "unexpected event 0x%2.2x length: %u > %u",
7425 event, skb->len, ev->max_len);
7427 data = hci_ev_skb_pull(hdev, skb, event, ev->min_len);
7431 if (ev->req)
7432 ev->func_req(hdev, data, skb, opcode, status, req_complete,
7435 ev->func(hdev, data, skb);
7440 struct hci_event_hdr *hdr = (void *) skb->data;
7447 if (skb->len < sizeof(*hdr)) {
7452 kfree_skb(hdev->recv_event);
7453 hdev->recv_event = skb_clone(skb, GFP_KERNEL);
7455 event = hdr->evt;
7457 bt_dev_warn(hdev, "Received unexpected HCI Event 0x%2.2x",
7463 if (hdev->req_skb &&
7464 hci_opcode_ogf(hci_skb_opcode(hdev->req_skb)) != 0x08 &&
7465 hci_skb_event(hdev->req_skb) == event) {
7466 hci_req_cmd_complete(hdev, hci_skb_opcode(hdev->req_skb),
7485 bt_dev_dbg(hdev, "event 0x%2.2x", event);
7503 hdev->stat.evt_rx++;