Merge tag 'for-net-2022-04-27' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

#define HCI_ERROR_CONNECTION_TIMEOUT	0x08

#define HCI_ERROR_REJ_LIMITED_RESOURCES	0x0d

#define HCI_ERROR_REJ_BAD_ADDR		0x0f

#define HCI_ERROR_INVALID_PARAMETERS	0x12

#define HCI_ERROR_REMOTE_USER_TERM	0x13

#define HCI_ERROR_REMOTE_LOW_RESOURCES	0x14

#define HCI_ERROR_REMOTE_POWER_OFF	0x15

void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active);

void hci_le_conn_failed(struct hci_conn *conn, u8 status);

void hci_conn_failed(struct hci_conn *conn, u8 status);

/*

 * hci_conn_get() and hci_conn_put() are used to control the life-time of an

		/* Disable LE Advertising */

		le_disable_advertising(hdev);

		hci_dev_lock(hdev);

		hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);

		hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);

		hci_dev_unlock(hdev);

		return;

	}

EXPORT_SYMBOL(hci_get_route);

/* This function requires the caller holds hdev->lock */

void hci_le_conn_failed(struct hci_conn *conn, u8 status)

static void hci_le_conn_failed(struct hci_conn *conn, u8 status)

{

	struct hci_dev *hdev = conn->hdev;

	struct hci_conn_params *params;

		params->conn = NULL;

	}

	conn->state = BT_CLOSED;

	/* If the status indicates successful cancellation of

	 * the attempt (i.e. Unknown Connection Id) there's no point of

	 * notifying failure since we'll go back to keep trying to

		mgmt_connect_failed(hdev, &conn->dst, conn->type,

				    conn->dst_type, status);

	hci_connect_cfm(conn, status);

	hci_conn_del(conn);

	/* Since we may have temporarily stopped the background scanning in

	 * favor of connection establishment, we should restart it.

	 */

	hci_enable_advertising(hdev);

}

/* This function requires the caller holds hdev->lock */

void hci_conn_failed(struct hci_conn *conn, u8 status)

{

	struct hci_dev *hdev = conn->hdev;

	bt_dev_dbg(hdev, "status 0x%2.2x", status);

	switch (conn->type) {

	case LE_LINK:

		hci_le_conn_failed(conn, status);

		break;

	case ACL_LINK:

		mgmt_connect_failed(hdev, &conn->dst, conn->type,

				    conn->dst_type, status);

		break;

	}

	conn->state = BT_CLOSED;

	hci_connect_cfm(conn, status);

	hci_conn_del(conn);

}

static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)

{

	struct hci_conn *conn = data;

	bt_dev_dbg(hdev, "status 0x%2.2x", status);

	/* All connection failure handling is taken care of by the

	 * hci_le_conn_failed function which is triggered by the HCI

	 * hci_conn_failed function which is triggered by the HCI

	 * request completion callbacks used for connecting.

	 */

	if (status)

	bt_dev_dbg(hdev, "status 0x%2.2x", status);

	/* All connection failure handling is taken care of by the

	 * hci_le_conn_failed function which is triggered by the HCI

	 * hci_conn_failed function which is triggered by the HCI

	 * request completion callbacks used for connecting.

	 */

	if (status)

{

	struct hci_ev_conn_complete *ev = data;

	struct hci_conn *conn;

	u8 status = ev->status;

	if (__le16_to_cpu(ev->handle) > HCI_CONN_HANDLE_MAX) {

		bt_dev_err(hdev, "Ignoring HCI_Connection_Complete for invalid handle");

		return;

	}

	bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);

	bt_dev_dbg(hdev, "status 0x%2.2x", status);

	hci_dev_lock(hdev);

	conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);

	if (!conn) {

		/* In case of error status and there is no connection pending

		 * just unlock as there is nothing to cleanup.

		 */

		if (ev->status)

			goto unlock;

		/* Connection may not exist if auto-connected. Check the bredr

		 * allowlist to see if this device is allowed to auto connect.

		 * If link is an ACL type, create a connection class

		goto unlock;

	}

	if (!ev->status) {

	if (!status) {

		conn->handle = __le16_to_cpu(ev->handle);

		if (conn->handle > HCI_CONN_HANDLE_MAX) {

			bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",

				   conn->handle, HCI_CONN_HANDLE_MAX);

			status = HCI_ERROR_INVALID_PARAMETERS;

			goto done;

		}

		if (conn->type == ACL_LINK) {

			conn->state = BT_CONFIG;

			hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),

				     &cp);

		}

	} else {

		conn->state = BT_CLOSED;

		if (conn->type == ACL_LINK)

			mgmt_connect_failed(hdev, &conn->dst, conn->type,

					    conn->dst_type, ev->status);

	}

	if (conn->type == ACL_LINK)

		hci_sco_setup(conn, ev->status);

	if (ev->status) {

		hci_connect_cfm(conn, ev->status);

		hci_conn_del(conn);

done:

	if (status) {

		hci_conn_failed(conn, status);

	} else if (ev->link_type == SCO_LINK) {

		switch (conn->setting & SCO_AIRMODE_MASK) {

		case SCO_AIRMODE_CVSD:

			break;

		}

		hci_connect_cfm(conn, ev->status);

		hci_connect_cfm(conn, status);

	}

unlock:

{

	struct hci_ev_sync_conn_complete *ev = data;

	struct hci_conn *conn;

	u8 status = ev->status;

	switch (ev->link_type) {

	case SCO_LINK:

		return;

	}

	if (__le16_to_cpu(ev->handle) > HCI_CONN_HANDLE_MAX) {

		bt_dev_err(hdev, "Ignoring HCI_Sync_Conn_Complete for invalid handle");

		return;

	}

	bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);

	bt_dev_dbg(hdev, "status 0x%2.2x", status);

	hci_dev_lock(hdev);

		goto unlock;

	}

	switch (ev->status) {

	switch (status) {

	case 0x00:

		conn->handle = __le16_to_cpu(ev->handle);

		if (conn->handle > HCI_CONN_HANDLE_MAX) {

			bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",

				   conn->handle, HCI_CONN_HANDLE_MAX);

			status = HCI_ERROR_INVALID_PARAMETERS;

			conn->state = BT_CLOSED;

			break;

		}

		conn->state  = BT_CONNECTED;

		conn->type   = ev->link_type;

		}

	}

	hci_connect_cfm(conn, ev->status);

	if (ev->status)

	hci_connect_cfm(conn, status);

	if (status)

		hci_conn_del(conn);

unlock:

	struct smp_irk *irk;

	u8 addr_type;

	if (handle > HCI_CONN_HANDLE_MAX) {

		bt_dev_err(hdev, "Ignoring HCI_LE_Connection_Complete for invalid handle");

		return;

	}

	hci_dev_lock(hdev);

	/* All controllers implicitly stop advertising in the event of a

	conn = hci_lookup_le_connect(hdev);

	if (!conn) {

		/* In case of error status and there is no connection pending

		 * just unlock as there is nothing to cleanup.

		 */

		if (status)

			goto unlock;

		conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);

		if (!conn) {

			bt_dev_err(hdev, "no memory for new connection");

	conn->dst_type = ev_bdaddr_type(hdev, conn->dst_type, NULL);

	if (handle > HCI_CONN_HANDLE_MAX) {

		bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x", handle,

			   HCI_CONN_HANDLE_MAX);

		status = HCI_ERROR_INVALID_PARAMETERS;

	}

	if (status) {

		hci_le_conn_failed(conn, status);

		hci_conn_failed(conn, status);

		goto unlock;

	}

static int hci_abort_conn_sync(struct hci_dev *hdev, struct hci_conn *conn,

			       u8 reason)

{

	int err;

	switch (conn->state) {

	case BT_CONNECTED:

	case BT_CONFIG:

		return hci_disconnect_sync(hdev, conn, reason);

	case BT_CONNECT:

		return hci_connect_cancel_sync(hdev, conn);

		err = hci_connect_cancel_sync(hdev, conn);

		/* Cleanup hci_conn object if it cannot be cancelled as it

		 * likelly means the controller and host stack are out of sync.

		 */

		if (err)

			hci_conn_failed(conn, err);

		return err;

	case BT_CONNECT2:

		return hci_reject_conn_sync(hdev, conn, reason);

	default: