From a3fa743e8f4d9e4fda0186e3f7709711a70be961 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 7 Apr 2021 11:00:37 -0700
Subject: [PATCH] btdev: Fix invalid BIG Complete event

Fields were not being initialized properly and no connection was
created so other commands using the same handle wouldn't work.
---
 emulator/btdev.c | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/emulator/btdev.c b/emulator/btdev.c
index 99fe3a13c..b4ed0e909 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -982,11 +982,16 @@ static struct btdev_conn *conn_add_sco(struct btdev_conn *acl)
 	return conn_link(acl->dev, acl->link->dev, SCO_HANDLE, HCI_SCODATA_PKT);
 }
 
-static struct btdev_conn *conn_add_iso(struct btdev_conn *acl, uint16_t handle)
+static struct btdev_conn *conn_add_cis(struct btdev_conn *acl, uint16_t handle)
 {
 	return conn_link(acl->dev, acl->link->dev, handle, HCI_ISODATA_PKT);
 }
 
+static struct btdev_conn *conn_add_bis(struct btdev *dev, uint16_t handle)
+{
+	return conn_new(dev, handle, HCI_ISODATA_PKT);
+}
+
 static void conn_complete(struct btdev *btdev,
 					const uint8_t *bdaddr, uint8_t status)
 {
@@ -4437,7 +4442,7 @@ static int cmd_create_cis_complete(struct btdev *dev, const void *data,
 		iso = queue_find(dev->conns, match_handle,
 				UINT_TO_PTR(cpu_to_le16(cis->cis_handle)));
 		if (!iso) {
-			iso = conn_add_iso(acl, cpu_to_le16(cis->cis_handle));
+			iso = conn_add_cis(acl, cpu_to_le16(cis->cis_handle));
 			if (!iso) {
 				le_cis_estabilished(dev, NULL,
 						BT_HCI_ERR_UNKNOWN_CONN_ID);
@@ -4524,17 +4529,30 @@ static int cmd_create_big_complete(struct btdev *dev, const void *data,
 
 	for (i = 0; i < cmd->num_bis; i++) {
 		const struct bt_hci_bis *bis = &cmd->bis[i];
+		struct btdev_conn *conn;
 		struct {
 			struct bt_hci_evt_le_big_complete evt;
 			uint16_t handle;
 		} pdu;
 
+		memset(&pdu, 0, sizeof(pdu));
+
+		conn = conn_add_bis(dev, ISO_HANDLE);
+		if (!conn) {
+			pdu.evt.status = BT_HCI_ERR_MEM_CAPACITY_EXCEEDED;
+			goto done;
+		}
+
 		pdu.evt.handle = cmd->handle;
-		pdu.evt.num_bis = cmd->num_bis;
+		pdu.evt.num_bis = 0x01;
 		pdu.evt.phy = bis->phy;
-		memcpy(&pdu.evt.latency, &(bis->latency), 3);
-		pdu.evt.handle = cpu_to_le16(ISO_HANDLE + i);
+		pdu.evt.max_pdu = bis->sdu;
+		memcpy(pdu.evt.sync_delay, bis->sdu_interval, 3);
+		memcpy(pdu.evt.latency, bis->sdu_interval, 3);
+		pdu.evt.interval = bis->latency / 1.25;
+		pdu.handle = cpu_to_le16(conn->handle);
 
+done:
 		le_meta_event(dev, BT_HCI_EVT_LE_BIG_COMPLETE, &pdu,
 					sizeof(pdu));
 	}
-- 
2.47.3