projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'for-3.19/drivers' of git://git.kernel.dk/linux-block
[linux-2.6-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
4bc58f51 31#include <net/bluetooth/l2cap.h>
1da177e4 32
ac4b7236 33#include "smp.h"
7024728e
MH		 34#include "a2mp.h"
35
2dea632f
FD		 36struct sco_param {
37 u16 pkt_type;
38 u16 max_latency;
c7da5797 39 u8 retrans_effort;
2dea632f
FD		 40};
41
48e68ff5 42static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
44 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
45 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
46 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
47 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 48};
49
48e68ff5 50static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 51 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
52 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 53};
54
565766b0 55static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 56 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
57 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 58};
59
1aef8669 60static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 61{
62 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
63}
64
1aef8669 65static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 66{
67 struct hci_dev *hdev = conn->hdev;
68 struct inquiry_entry *ie;
69 struct hci_cp_create_conn cp;
70
42d2d87c 71 BT_DBG("hcon %p", conn);
1da177e4
LT		 72
73 conn->state = BT_CONNECT;
a0c808b3 74 conn->out = true;
40bef302 75 conn->role = HCI_ROLE_MASTER;
1da177e4 76
4c67bc74
MH		 77 conn->attempt++;
78
e4e8e37c
MH		 79 conn->link_policy = hdev->link_policy;
80
1da177e4
LT		 81 memset(&cp, 0, sizeof(cp));
82 bacpy(&cp.bdaddr, &conn->dst);
83 cp.pscan_rep_mode = 0x02;
84
70f23020
AE		 85 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
86 if (ie) {
41a96212
MH		 87 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
88 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
89 cp.pscan_mode = ie->data.pscan_mode;
90 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 91 cpu_to_le16(0x8000);
41a96212
MH		 92 }
93
1da177e4 94 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 95 if (ie->data.ssp_mode > 0)
96 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 97 }
98
a8746417 99 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 100 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 101 cp.role_switch = 0x01;
1da177e4 102 else
b6a0dc82 103 cp.role_switch = 0x00;
4c67bc74 104
a9de9248 105 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 106}
107
1aef8669 108static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 109{
110 struct hci_cp_create_conn_cancel cp;
111
38b3fef1 112 BT_DBG("hcon %p", conn);
6ac59344 113
d095c1eb 114 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 115 return;
116
117 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 118 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 119}
120
93796fa6
CT		 121static void hci_reject_sco(struct hci_conn *conn)
122{
123 struct hci_cp_reject_sync_conn_req cp;
124
d41c15cf 125 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
93796fa6
CT		 126 bacpy(&cp.bdaddr, &conn->dst);
127
128 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
129}
130
e3b679d5 131int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 132{
133 struct hci_cp_disconnect cp;
134
38b3fef1 135 BT_DBG("hcon %p", conn);
1da177e4 136
839035a7
JH		 137 /* When we are master of an established connection and it enters
138 * the disconnect timeout, then go ahead and try to read the
139 * current clock offset. Processing of the result is done
140 * within the event handling and hci_clock_offset_evt function.
141 */
142 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) {
143 struct hci_dev *hdev = conn->hdev;
4f639ede 144 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 145
4f639ede
FF		 146 clkoff_cp.handle = cpu_to_le16(conn->handle);
147 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
148 &clkoff_cp);
839035a7
JH		 149 }
150
1da177e4
LT		 151 conn->state = BT_DISCONN;
152
aca3192c 153 cp.handle = cpu_to_le16(conn->handle);
1da177e4 154 cp.reason = reason;
e3b679d5 155 return hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 156}
157
a2b1976b 158static void hci_amp_disconn(struct hci_conn *conn)
53502d69
AE		 159{
160 struct hci_cp_disconn_phy_link cp;
161
162 BT_DBG("hcon %p", conn);
163
164 conn->state = BT_DISCONN;
165
166 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
a2b1976b 167 cp.reason = hci_proto_disconn_ind(conn);
53502d69
AE		 168 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
169 sizeof(cp), &cp);
170}
171
57f5d0d1 172static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 173{
174 struct hci_dev *hdev = conn->hdev;
175 struct hci_cp_add_sco cp;
176
38b3fef1 177 BT_DBG("hcon %p", conn);
1da177e4
LT		 178
179 conn->state = BT_CONNECT;
a0c808b3 180 conn->out = true;
1da177e4 181
efc7688b
MH		 182 conn->attempt++;
183
aca3192c 184 cp.handle = cpu_to_le16(handle);
a8746417 185 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 186
a9de9248 187 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 188}
189
2dea632f 190bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 191{
192 struct hci_dev *hdev = conn->hdev;
193 struct hci_cp_setup_sync_conn cp;
2dea632f 194 const struct sco_param *param;
b6a0dc82 195
38b3fef1 196 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 197
198 conn->state = BT_CONNECT;
a0c808b3 199 conn->out = true;
b6a0dc82 200
efc7688b
MH		 201 conn->attempt++;
202
b6a0dc82 203 cp.handle = cpu_to_le16(handle);
b6a0dc82 204
dcf4adbf
JP		 205 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
206 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 207 cp.voice_setting = cpu_to_le16(conn->setting);
208
209 switch (conn->setting & SCO_AIRMODE_MASK) {
210 case SCO_AIRMODE_TRANSP:
565766b0 211 if (conn->attempt > ARRAY_SIZE(esco_param_msbc))
2dea632f 212 return false;
565766b0 213 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 214 break;
215 case SCO_AIRMODE_CVSD:
48e68ff5
BT		 216 if (lmp_esco_capable(conn->link)) {
217 if (conn->attempt > ARRAY_SIZE(esco_param_cvsd))
218 return false;
48e68ff5
BT		 219 param = &esco_param_cvsd[conn->attempt - 1];
220 } else {
221 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
222 return false;
48e68ff5
BT		 223 param = &sco_param_cvsd[conn->attempt - 1];
224 }
10c62ddc 225 break;
2dea632f
FD		 226 default:
227 return false;
10c62ddc 228 }
b6a0dc82 229
c7da5797 230 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 231 cp.pkt_type = __cpu_to_le16(param->pkt_type);
232 cp.max_latency = __cpu_to_le16(param->max_latency);
233
234 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
235 return false;
236
237 return true;
b6a0dc82
MH		 238}
239
7d6ca693
JH		 240u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
241 u16 to_multiplier)
2ce603eb 242{
2ce603eb 243 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 244 struct hci_conn_params *params;
245 struct hci_cp_le_conn_update cp;
2ce603eb 246
f044eb05 247 hci_dev_lock(hdev);
2ce603eb 248
f044eb05
MH		 249 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
250 if (params) {
251 params->conn_min_interval = min;
252 params->conn_max_interval = max;
253 params->conn_latency = latency;
254 params->supervision_timeout = to_multiplier;
255 }
256
257 hci_dev_unlock(hdev);
258
259 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 260 cp.handle = cpu_to_le16(conn->handle);
261 cp.conn_interval_min = cpu_to_le16(min);
262 cp.conn_interval_max = cpu_to_le16(max);
263 cp.conn_latency = cpu_to_le16(latency);
264 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 265 cp.min_ce_len = cpu_to_le16(0x0000);
266 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 267
268 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 269
270 if (params)
271 return 0x01;
272
273 return 0x00;
2ce603eb 274}
2ce603eb 275
fe39c7b2 276void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 277 __u8 ltk[16])
a7a595f6
VCG		 278{
279 struct hci_dev *hdev = conn->hdev;
280 struct hci_cp_le_start_enc cp;
281
38b3fef1 282 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 283
284 memset(&cp, 0, sizeof(cp));
285
286 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 287 cp.rand = rand;
a7a595f6 288 cp.ediv = ediv;
fe39c7b2 289 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG		 290
291 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
292}
a7a595f6 293
e73439d8
MH		 294/* Device _must_ be locked */
295void hci_sco_setup(struct hci_conn *conn, __u8 status)
296{
297 struct hci_conn *sco = conn->link;
298
e73439d8
MH		 299 if (!sco)
300 return;
301
38b3fef1
AE		 302 BT_DBG("hcon %p", conn);
303
e73439d8
MH		 304 if (!status) {
305 if (lmp_esco_capable(conn->hdev))
306 hci_setup_sync(sco, conn->handle);
307 else
308 hci_add_sco(sco, conn->handle);
309 } else {
310 hci_proto_connect_cfm(sco, status);
311 hci_conn_del(sco);
312 }
313}
314
19c40e3b 315static void hci_conn_timeout(struct work_struct *work)
1da177e4 316{
19c40e3b 317 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 318 disc_work.work);
1d56dc4f 319 int refcnt = atomic_read(&conn->refcnt);
1da177e4 320
38b3fef1 321 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 322
1d56dc4f
LR		 323 WARN_ON(refcnt < 0);
324
325 /* FIXME: It was observed that in pairing failed scenario, refcnt
326 * drops below 0. Probably this is because l2cap_conn_del calls
327 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
328 * dropped. After that loop hci_chan_del is called which also drops
329 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
330 * otherwise drop it.
331 */
332 if (refcnt > 0)
1da177e4
LT		 333 return;
334
6ac59344
MH		 335 switch (conn->state) {
336 case BT_CONNECT:
769be974 337 case BT_CONNECT2:
fcd89c09
VT		 338 if (conn->out) {
339 if (conn->type == ACL_LINK)
1aef8669 340 hci_acl_create_connection_cancel(conn);
fcd89c09 341 else if (conn->type == LE_LINK)
1aef8669 342 hci_le_create_connection_cancel(conn);
93796fa6
CT		 343 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
344 hci_reject_sco(conn);
fcd89c09 345 }
6ac59344 346 break;
769be974 347 case BT_CONFIG:
8e87d142 348 case BT_CONNECTED:
40051e46
MH		 349 if (conn->type == AMP_LINK) {
350 hci_amp_disconn(conn);
351 } else {
352 __u8 reason = hci_proto_disconn_ind(conn);
353 hci_disconnect(conn, reason);
354 }
6ac59344
MH		 355 break;
356 default:
1da177e4 357 conn->state = BT_CLOSED;
6ac59344
MH		 358 break;
359 }
1da177e4
LT		 360}
361
416dc94b 362/* Enter sniff mode */
a74a84f6 363static void hci_conn_idle(struct work_struct *work)
416dc94b 364{
a74a84f6
JH		 365 struct hci_conn *conn = container_of(work, struct hci_conn,
366 idle_work.work);
416dc94b
GP		 367 struct hci_dev *hdev = conn->hdev;
368
38b3fef1 369 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 370
416dc94b
GP		 371 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
372 return;
373
374 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
375 return;
376
377 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
378 struct hci_cp_sniff_subrate cp;
379 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 380 cp.max_latency = cpu_to_le16(0);
381 cp.min_remote_timeout = cpu_to_le16(0);
382 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 383 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
384 }
385
51a8efd7 386 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 387 struct hci_cp_sniff_mode cp;
388 cp.handle = cpu_to_le16(conn->handle);
389 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
390 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 391 cp.attempt = cpu_to_le16(4);
392 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 393 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
394 }
395}
396
7bc18d9d 397static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 398{
7bc18d9d
JH		 399 struct hci_conn *conn = container_of(work, struct hci_conn,
400 auto_accept_work.work);
9f61656a 401
7bc18d9d 402 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 403 &conn->dst);
9f61656a
JH		 404}
405
9489eca4
JH		 406static void le_conn_timeout(struct work_struct *work)
407{
408 struct hci_conn *conn = container_of(work, struct hci_conn,
409 le_conn_timeout.work);
3c857757 410 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 411
412 BT_DBG("");
413
3c857757
JH		 414 /* We could end up here due to having done directed advertising,
415 * so clean up the state if necessary. This should however only
416 * happen with broken hardware or if low duty cycle was used
417 * (which doesn't have a timeout of its own).
418 */
0b1db38c 419 if (conn->role == HCI_ROLE_SLAVE) {
3c857757
JH		 420 u8 enable = 0x00;
421 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
422 &enable);
423 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
424 return;
425 }
426
9489eca4
JH		 427 hci_le_create_connection_cancel(conn);
428}
429
a5c4e309
JH		 430struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
431 u8 role)
1da177e4
LT		 432{
433 struct hci_conn *conn;
434
6ed93dc6 435 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 436
27f70f3e 437 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 438 if (!conn)
1da177e4 439 return NULL;
1da177e4
LT		 440
441 bacpy(&conn->dst, dst);
662e8820 442 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 443 conn->hdev = hdev;
444 conn->type = type;
a5c4e309 445 conn->role = role;
a8746417
MH		 446 conn->mode = HCI_CM_ACTIVE;
447 conn->state = BT_OPEN;
93f19c9f 448 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 449 conn->io_capability = hdev->io_capability;
a9583556 450 conn->remote_auth = 0xff;
13d39315 451 conn->key_type = 0xff;
ebf86aa3 452 conn->rssi = HCI_RSSI_INVALID;
5a134fae 453 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 454 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 455
58a681ef 456 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 457 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 458
a5c4e309
JH		 459 if (conn->role == HCI_ROLE_MASTER)
460 conn->out = true;
461
a8746417
MH		 462 switch (type) {
463 case ACL_LINK:
464 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
465 break;
9c84d1da
JH		 466 case LE_LINK:
467 /* conn->src should reflect the local identity address */
468 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
469 break;
a8746417
MH		 470 case SCO_LINK:
471 if (lmp_esco_capable(hdev))
efc7688b
MH		 472 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
473 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 474 else
475 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
476 break;
477 case ESCO_LINK:
efc7688b 478 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 479 break;
480 }
481
1da177e4 482 skb_queue_head_init(&conn->data_q);
04837f64 483
70c1f20b 484 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 485
19c40e3b 486 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 487 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 488 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 489 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 490
491 atomic_set(&conn->refcnt, 0);
492
493 hci_dev_hold(hdev);
494
1da177e4 495 hci_conn_hash_add(hdev, conn);
3c54711c 496 if (hdev->notify)
1da177e4
LT		 497 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
498
a67e899c
MH		 499 hci_conn_init_sysfs(conn);
500
1da177e4
LT		 501 return conn;
502}
503
504int hci_conn_del(struct hci_conn *conn)
505{
506 struct hci_dev *hdev = conn->hdev;
507
38b3fef1 508 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 509
19c40e3b 510 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 511 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 512 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 513
5b7f9909 514 if (conn->type == ACL_LINK) {
1da177e4
LT		 515 struct hci_conn *sco = conn->link;
516 if (sco)
517 sco->link = NULL;
518
519 /* Unacked frames */
520 hdev->acl_cnt += conn->sent;
6ed58ec5 521 } else if (conn->type == LE_LINK) {
980ffc0a 522 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 523
6ed58ec5
VT		 524 if (hdev->le_pkts)
525 hdev->le_cnt += conn->sent;
526 else
527 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 528 } else {
529 struct hci_conn *acl = conn->link;
530 if (acl) {
531 acl->link = NULL;
76a68ba0 532 hci_conn_drop(acl);
5b7f9909 533 }
1da177e4
LT		 534 }
535
2c33c06a 536 hci_chan_list_flush(conn);
73d80deb 537
9740e49d
AE		 538 if (conn->amp_mgr)
539 amp_mgr_put(conn->amp_mgr);
540
1da177e4 541 hci_conn_hash_del(hdev, conn);
3c54711c 542 if (hdev->notify)
1da177e4 543 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 544
1da177e4 545 skb_queue_purge(&conn->data_q);
1da177e4 546
fc225c3f 547 hci_conn_del_sysfs(conn);
2ae9a6be 548
89cbb063
AA		 549 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
550 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
551
384943ec
MH		 552 hci_dev_put(hdev);
553
8d12356f 554 hci_conn_put(conn);
163f4dab 555
1da177e4
LT		 556 return 0;
557}
558
559struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
560{
561 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 562 struct hci_dev *hdev = NULL, *d;
1da177e4 563
6ed93dc6 564 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 565
f20d09d5 566 read_lock(&hci_dev_list_lock);
1da177e4 567
8035ded4 568 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 569 if (!test_bit(HCI_UP, &d->flags) ||
af750e94 570 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 571 d->dev_type != HCI_BREDR)
1da177e4
LT		 572 continue;
573
8e87d142 574 /* Simple routing:
1da177e4
LT		 575 * No source address - find interface with bdaddr != dst
576 * Source address - find interface with bdaddr == src
577 */
578
579 if (use_src) {
580 if (!bacmp(&d->bdaddr, src)) {
581 hdev = d; break;
582 }
583 } else {
584 if (bacmp(&d->bdaddr, dst)) {
585 hdev = d; break;
586 }
587 }
588 }
589
590 if (hdev)
591 hdev = hci_dev_hold(hdev);
592
f20d09d5 593 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 594 return hdev;
595}
596EXPORT_SYMBOL(hci_get_route);
597
9bb3c01f 598/* This function requires the caller holds hdev->lock */
06c053fb 599void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 600{
601 struct hci_dev *hdev = conn->hdev;
f161dd41
JH		 602 struct hci_conn_params *params;
603
604 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
605 conn->dst_type);
606 if (params && params->conn) {
607 hci_conn_drop(params->conn);
f8aaf9b6 608 hci_conn_put(params->conn);
f161dd41
JH		 609 params->conn = NULL;
610 }
9bb3c01f
AG		 611
612 conn->state = BT_CLOSED;
613
614 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
615 status);
616
617 hci_proto_connect_cfm(conn, status);
618
619 hci_conn_del(conn);
a4790dbd
AG		 620
621 /* Since we may have temporarily stopped the background scanning in
622 * favor of connection establishment, we should restart it.
623 */
624 hci_update_background_scan(hdev);
3c857757
JH		 625
626 /* Re-enable advertising in case this was a failed connection
627 * attempt as a peripheral.
628 */
629 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 630}
631
1d399ae5
AG		 632static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
633{
634 struct hci_conn *conn;
635
636 if (status == 0)
637 return;
638
639 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
640 status);
641
642 hci_dev_lock(hdev);
643
644 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
645 if (!conn)
646 goto done;
647
06c053fb 648 hci_le_conn_failed(conn, status);
1d399ae5
AG		 649
650done:
651 hci_dev_unlock(hdev);
652}
653
2acf3d90
AG		 654static void hci_req_add_le_create_conn(struct hci_request *req,
655 struct hci_conn *conn)
656{
657 struct hci_cp_le_create_conn cp;
658 struct hci_dev *hdev = conn->hdev;
659 u8 own_addr_type;
660
661 memset(&cp, 0, sizeof(cp));
662
663 /* Update random address, but set require_privacy to false so
664 * that we never connect with an unresolvable address.
665 */
666 if (hci_update_random_address(req, false, &own_addr_type))
667 return;
668
2acf3d90
AG		 669 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
670 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
671 bacpy(&cp.peer_addr, &conn->dst);
672 cp.peer_addr_type = conn->dst_type;
673 cp.own_address_type = own_addr_type;
674 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
675 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
037fc415
MH		 676 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
677 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
dcf4adbf
JP		 678 cp.min_ce_len = cpu_to_le16(0x0000);
679 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 680
681 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 682
683 conn->state = BT_CONNECT;
2acf3d90
AG		 684}
685
3c857757
JH		 686static void hci_req_directed_advertising(struct hci_request *req,
687 struct hci_conn *conn)
688{
689 struct hci_dev *hdev = req->hdev;
690 struct hci_cp_le_set_adv_param cp;
691 u8 own_addr_type;
692 u8 enable;
693
5ce194c4 694 /* Clear the HCI_LE_ADV bit temporarily so that the
3c857757
JH		 695 * hci_update_random_address knows that it's safe to go ahead
696 * and write a new random address. The flag will be set back on
697 * as soon as the SET_ADV_ENABLE HCI command completes.
698 */
5ce194c4 699 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 700
701 /* Set require_privacy to false so that the remote device has a
702 * chance of identifying us.
703 */
704 if (hci_update_random_address(req, false, &own_addr_type) < 0)
705 return;
706
707 memset(&cp, 0, sizeof(cp));
708 cp.type = LE_ADV_DIRECT_IND;
709 cp.own_address_type = own_addr_type;
710 cp.direct_addr_type = conn->dst_type;
711 bacpy(&cp.direct_addr, &conn->dst);
712 cp.channel_map = hdev->le_adv_channel_map;
713
714 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
715
716 enable = 0x01;
717 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
718
719 conn->state = BT_CONNECT;
720}
721
04a6c589 722struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
cdd6275e 723 u8 dst_type, u8 sec_level, u16 conn_timeout,
e804d25d 724 u8 role)
1da177e4 725{
4292f1f3 726 struct hci_conn_params *params;
f1e5d547 727 struct hci_conn *conn;
1ebfcc1f 728 struct smp_irk *irk;
2acf3d90 729 struct hci_request req;
1d399ae5 730 int err;
1da177e4 731
620ad521
AG		 732 /* Some devices send ATT messages as soon as the physical link is
733 * established. To be able to handle these ATT messages, the user-
734 * space first establishes the connection and then starts the pairing
735 * process.
736 *
737 * So if a hci_conn object already exists for the following connection
738 * attempt, we simply update pending_sec_level and auth_type fields
739 * and return the object found.
740 */
f1e5d547 741 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 742 if (conn) {
743 conn->pending_sec_level = sec_level;
620ad521
AG		 744 goto done;
745 }
dfc94dbd 746
620ad521
AG		 747 /* Since the controller supports only one LE connection attempt at a
748 * time, we return -EBUSY if there is any connection attempt running.
749 */
750 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
751 if (conn)
752 return ERR_PTR(-EBUSY);
46a190cb 753
edb4b466
MH		 754 /* When given an identity address with existing identity
755 * resolving key, the connection needs to be established
756 * to a resolvable random address.
757 *
758 * This uses the cached random resolvable address from
759 * a previous scan. When no cached address is available,
760 * try connecting to the identity address instead.
761 *
762 * Storing the resolvable random address is required here
763 * to handle connection failures. The address will later
764 * be resolved back into the original identity address
765 * from the connect request.
766 */
1ebfcc1f
JH		 767 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
768 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
769 dst = &irk->rpa;
770 dst_type = ADDR_LE_DEV_RANDOM;
771 }
772
a5c4e309 773 conn = hci_conn_add(hdev, LE_LINK, dst, role);
620ad521
AG		 774 if (!conn)
775 return ERR_PTR(-ENOMEM);
9f0caeb1 776
1ebfcc1f 777 conn->dst_type = dst_type;
620ad521 778 conn->sec_level = BT_SECURITY_LOW;
f1e5d547 779 conn->pending_sec_level = sec_level;
09ae260b 780 conn->conn_timeout = conn_timeout;
4292f1f3 781
3c857757
JH		 782 hci_req_init(&req, hdev);
783
376f54c1
JH		 784 /* Disable advertising if we're active. For master role
785 * connections most controllers will refuse to connect if
786 * advertising is enabled, and for slave role connections we
787 * anyway have to disable it in order to start directed
788 * advertising.
789 */
790 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
791 u8 enable = 0x00;
792 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
793 &enable);
794 }
795
cdd6275e 796 /* If requested to connect as slave use directed advertising */
e804d25d 797 if (conn->role == HCI_ROLE_SLAVE) {
e8bb6b97
JH		 798 /* If we're active scanning most controllers are unable
799 * to initiate advertising. Simply reject the attempt.
800 */
801 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
802 hdev->le_scan_type == LE_SCAN_ACTIVE) {
803 skb_queue_purge(&req.cmd_q);
804 hci_conn_del(conn);
805 return ERR_PTR(-EBUSY);
806 }
807
3c857757
JH		 808 hci_req_directed_advertising(&req, conn);
809 goto create_conn;
810 }
811
4292f1f3
AG		 812 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
813 if (params) {
814 conn->le_conn_min_interval = params->conn_min_interval;
815 conn->le_conn_max_interval = params->conn_max_interval;
037fc415
MH		 816 conn->le_conn_latency = params->conn_latency;
817 conn->le_supv_timeout = params->supervision_timeout;
4292f1f3
AG		 818 } else {
819 conn->le_conn_min_interval = hdev->le_conn_min_interval;
820 conn->le_conn_max_interval = hdev->le_conn_max_interval;
04fb7d90
MH		 821 conn->le_conn_latency = hdev->le_conn_latency;
822 conn->le_supv_timeout = hdev->le_supv_timeout;
4292f1f3 823 }
eda42b50 824
2acf3d90 825 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 826 * not able to scan and connect at the same time. Also set the
827 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
828 * handler for scan disabling knows to set the correct discovery
829 * state.
2acf3d90
AG		 830 */
831 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
832 hci_req_add_le_scan_disable(&req);
81ad6fd9 833 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG		 834 }
835
81ad6fd9
JH		 836 hci_req_add_le_create_conn(&req, conn);
837
3c857757 838create_conn:
81ad6fd9 839 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 840 if (err) {
841 hci_conn_del(conn);
620ad521 842 return ERR_PTR(err);
2acf3d90 843 }
fcd89c09 844
620ad521
AG		 845done:
846 hci_conn_hold(conn);
f1e5d547 847 return conn;
d04aef4c 848}
fcd89c09 849
04a6c589
AG		 850struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
851 u8 sec_level, u8 auth_type)
1da177e4
LT		 852{
853 struct hci_conn *acl;
fcd89c09 854
56f87901 855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
beb19e4c 856 return ERR_PTR(-EOPNOTSUPP);
56f87901 857
70f23020
AE		 858 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
859 if (!acl) {
a5c4e309 860 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 861 if (!acl)
48c7aba9 862 return ERR_PTR(-ENOMEM);
1da177e4
LT		 863 }
864
865 hci_conn_hold(acl);
866
09ab6f4c 867 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 868 acl->sec_level = BT_SECURITY_LOW;
869 acl->pending_sec_level = sec_level;
09ab6f4c 870 acl->auth_type = auth_type;
1aef8669 871 hci_acl_create_connection(acl);
09ab6f4c 872 }
1da177e4 873
db474275
VCG		 874 return acl;
875}
876
10c62ddc
FD		 877struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
878 __u16 setting)
db474275
VCG		 879{
880 struct hci_conn *acl;
881 struct hci_conn *sco;
882
e660ed6c 883 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 884 if (IS_ERR(acl))
5b7f9909 885 return acl;
1da177e4 886
70f23020
AE		 887 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
888 if (!sco) {
a5c4e309 889 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 890 if (!sco) {
76a68ba0 891 hci_conn_drop(acl);
48c7aba9 892 return ERR_PTR(-ENOMEM);
1da177e4 893 }
5b7f9909 894 }
1da177e4 895
5b7f9909
MH		 896 acl->link = sco;
897 sco->link = acl;
1da177e4 898
5b7f9909 899 hci_conn_hold(sco);
1da177e4 900
10c62ddc
FD		 901 sco->setting = setting;
902
5b7f9909 903 if (acl->state == BT_CONNECTED &&
5974e4c4 904 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 905 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 906 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 907
51a8efd7 908 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 909 /* defer SCO setup until mode change completed */
51a8efd7 910 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 911 return sco;
912 }
913
914 hci_sco_setup(acl, 0x00);
b6a0dc82 915 }
5b7f9909
MH		 916
917 return sco;
1da177e4 918}
1da177e4 919
e7c29cb1
MH		 920/* Check link security requirement */
921int hci_conn_check_link_mode(struct hci_conn *conn)
922{
38b3fef1 923 BT_DBG("hcon %p", conn);
e7c29cb1 924
40b552aa
MH		 925 /* In Secure Connections Only mode, it is required that Secure
926 * Connections is used and the link is encrypted with AES-CCM
927 * using a P-256 authenticated combination key.
928 */
929 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
930 if (!hci_conn_sc_enabled(conn) ||
931 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
932 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
933 return 0;
934 }
935
4dae2798
JH		 936 if (hci_conn_ssp_enabled(conn) &&
937 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 938 return 0;
939
940 return 1;
941}
e7c29cb1 942
1da177e4 943/* Authenticate remote device */
0684e5f9 944static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 945{
38b3fef1 946 BT_DBG("hcon %p", conn);
1da177e4 947
765c2a96
JH		 948 if (conn->pending_sec_level > sec_level)
949 sec_level = conn->pending_sec_level;
950
96a31833 951 if (sec_level > conn->sec_level)
765c2a96 952 conn->pending_sec_level = sec_level;
4dae2798 953 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 954 return 1;
955
65cf686e
JH		 956 /* Make sure we preserve an existing MITM requirement*/
957 auth_type |= (conn->auth_type & 0x01);
958
96a31833
MH		 959 conn->auth_type = auth_type;
960
51a8efd7 961 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 962 struct hci_cp_auth_requested cp;
b7d05bad 963
aca3192c 964 cp.handle = cpu_to_le16(conn->handle);
40be492f 965 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 966 sizeof(cp), &cp);
09da1f34
JH		 967
968 /* If we're already encrypted set the REAUTH_PEND flag,
969 * otherwise set the ENCRYPT_PEND.
970 */
4dae2798 971 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 972 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 973 else
974 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 975 }
8c1b2355 976
1da177e4
LT		 977 return 0;
978}
1da177e4 979
13d39315
WR		 980/* Encrypt the the link */
981static void hci_conn_encrypt(struct hci_conn *conn)
982{
38b3fef1 983 BT_DBG("hcon %p", conn);
13d39315 984
51a8efd7 985 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 986 struct hci_cp_set_conn_encrypt cp;
987 cp.handle = cpu_to_le16(conn->handle);
988 cp.encrypt = 0x01;
989 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 990 &cp);
13d39315
WR		 991 }
992}
993
8c1b2355 994/* Enable security */
e7cafc45
JH		 995int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
996 bool initiator)
1da177e4 997{
38b3fef1 998 BT_DBG("hcon %p", conn);
1da177e4 999
d8343f12
VCG		 1000 if (conn->type == LE_LINK)
1001 return smp_conn_security(conn, sec_level);
1002
13d39315 1003 /* For sdp we don't need the link key. */
8c1b2355
MH		 1004 if (sec_level == BT_SECURITY_SDP)
1005 return 1;
1006
13d39315
WR		 1007 /* For non 2.1 devices and low security level we don't need the link
1008 key. */
aa64a8b5 1009 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 1010 return 1;
8c1b2355 1011
13d39315 1012 /* For other security levels we need the link key. */
4dae2798 1013 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 1014 goto auth;
1015
7b5a9241
MH		 1016 /* An authenticated FIPS approved combination key has sufficient
1017 * security for security level 4. */
1018 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1019 sec_level == BT_SECURITY_FIPS)
1020 goto encrypt;
1021
1022 /* An authenticated combination key has sufficient security for
1023 security level 3. */
1024 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1025 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1026 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 1027 goto encrypt;
1028
1029 /* An unauthenticated combination key has sufficient security for
1030 security level 1 and 2. */
66138ce8
MH		 1031 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1032 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 1033 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 1034 goto encrypt;
1035
1036 /* A combination key has always sufficient security for the security
1037 levels 1 or 2. High security level requires the combination key
1038 is generated using maximum PIN code length (16).
1039 For pre 2.1 units. */
1040 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 1041 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1042 conn->pin_length == 16))
13d39315
WR		 1043 goto encrypt;
1044
1045auth:
51a8efd7 1046 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 1047 return 0;
1048
977f8fce
JH		 1049 if (initiator)
1050 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1051
6fdf658c
LAD		 1052 if (!hci_conn_auth(conn, sec_level, auth_type))
1053 return 0;
13d39315
WR		 1054
1055encrypt:
4dae2798 1056 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 1057 return 1;
8c1b2355 1058
13d39315 1059 hci_conn_encrypt(conn);
1da177e4
LT		 1060 return 0;
1061}
8c1b2355 1062EXPORT_SYMBOL(hci_conn_security);
1da177e4 1063
b3b1b061
WR		 1064/* Check secure link requirement */
1065int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1066{
38b3fef1 1067 BT_DBG("hcon %p", conn);
b3b1b061 1068
9cb2e030
MH		 1069 /* Accept if non-secure or higher security level is required */
1070 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1071 return 1;
b3b1b061 1072
9cb2e030
MH		 1073 /* Accept if secure or higher security level is already present */
1074 if (conn->sec_level == BT_SECURITY_HIGH ||
1075 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 1076 return 1;
1077
9cb2e030
MH		 1078 /* Reject not secure link */
1079 return 0;
b3b1b061
WR		 1080}
1081EXPORT_SYMBOL(hci_conn_check_secure);
1082
1da177e4
LT		 1083/* Change link key */
1084int hci_conn_change_link_key(struct hci_conn *conn)
1085{
38b3fef1 1086 BT_DBG("hcon %p", conn);
1da177e4 1087
51a8efd7 1088 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1089 struct hci_cp_change_conn_link_key cp;
aca3192c 1090 cp.handle = cpu_to_le16(conn->handle);
40be492f 1091 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1092 sizeof(cp), &cp);
1da177e4 1093 }
8c1b2355 1094
1da177e4
LT		 1095 return 0;
1096}
1da177e4
LT		 1097
1098/* Switch role */
8c1b2355 1099int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1100{
38b3fef1 1101 BT_DBG("hcon %p", conn);
1da177e4 1102
40bef302 1103 if (role == conn->role)
1da177e4
LT		 1104 return 1;
1105
51a8efd7 1106 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1107 struct hci_cp_switch_role cp;
1108 bacpy(&cp.bdaddr, &conn->dst);
1109 cp.role = role;
a9de9248 1110 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1111 }
8c1b2355 1112
1da177e4
LT		 1113 return 0;
1114}
1115EXPORT_SYMBOL(hci_conn_switch_role);
1116
04837f64 1117/* Enter active mode */
14b12d0b 1118void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1119{
1120 struct hci_dev *hdev = conn->hdev;
1121
38b3fef1 1122 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 1123
14b12d0b
JG		 1124 if (conn->mode != HCI_CM_SNIFF)
1125 goto timer;
1126
58a681ef 1127 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1128 goto timer;
1129
51a8efd7 1130 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1131 struct hci_cp_exit_sniff_mode cp;
aca3192c 1132 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1133 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1134 }
1135
1136timer:
1137 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1138 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1139 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1140}
1141
1da177e4
LT		 1142/* Drop all connection on the device */
1143void hci_conn_hash_flush(struct hci_dev *hdev)
1144{
1145 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1146 struct hci_conn *c, *n;
1da177e4
LT		 1147
1148 BT_DBG("hdev %s", hdev->name);
1149
3c4e0df0 1150 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1151 c->state = BT_CLOSED;
1152
9f5a0d7b 1153 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1154 hci_conn_del(c);
1155 }
1156}
1157
a9de9248
MH		 1158/* Check pending connect attempts */
1159void hci_conn_check_pending(struct hci_dev *hdev)
1160{
1161 struct hci_conn *conn;
1162
1163 BT_DBG("hdev %s", hdev->name);
1164
1165 hci_dev_lock(hdev);
1166
1167 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1168 if (conn)
1aef8669 1169 hci_acl_create_connection(conn);
a9de9248
MH		 1170
1171 hci_dev_unlock(hdev);
1172}
1173
4dae2798
JH		 1174static u32 get_link_mode(struct hci_conn *conn)
1175{
1176 u32 link_mode = 0;
1177
40bef302 1178 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 1179 link_mode |= HCI_LM_MASTER;
1180
1181 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1182 link_mode |= HCI_LM_ENCRYPT;
1183
1184 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1185 link_mode |= HCI_LM_AUTH;
1186
1187 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1188 link_mode |= HCI_LM_SECURE;
1189
1190 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1191 link_mode |= HCI_LM_FIPS;
1192
1193 return link_mode;
1194}
1195
1da177e4
LT		 1196int hci_get_conn_list(void __user *arg)
1197{
fc5fef61 1198 struct hci_conn *c;
1da177e4
LT		 1199 struct hci_conn_list_req req, *cl;
1200 struct hci_conn_info *ci;
1201 struct hci_dev *hdev;
1da177e4
LT		 1202 int n = 0, size, err;
1203
1204 if (copy_from_user(&req, arg, sizeof(req)))
1205 return -EFAULT;
1206
1207 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1208 return -EINVAL;
1209
1210 size = sizeof(req) + req.conn_num * sizeof(*ci);
1211
70f23020
AE		 1212 cl = kmalloc(size, GFP_KERNEL);
1213 if (!cl)
1da177e4
LT		 1214 return -ENOMEM;
1215
70f23020
AE		 1216 hdev = hci_dev_get(req.dev_id);
1217 if (!hdev) {
1da177e4
LT		 1218 kfree(cl);
1219 return -ENODEV;
1220 }
1221
1222 ci = cl->conn_info;
1223
09fd0de5 1224 hci_dev_lock(hdev);
8035ded4 1225 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1226 bacpy(&(ci + n)->bdaddr, &c->dst);
1227 (ci + n)->handle = c->handle;
1228 (ci + n)->type = c->type;
1229 (ci + n)->out = c->out;
1230 (ci + n)->state = c->state;
4dae2798 1231 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 1232 if (++n >= req.conn_num)
1233 break;
1234 }
09fd0de5 1235 hci_dev_unlock(hdev);
1da177e4
LT		 1236
1237 cl->dev_id = hdev->id;
1238 cl->conn_num = n;
1239 size = sizeof(req) + n * sizeof(*ci);
1240
1241 hci_dev_put(hdev);
1242
1243 err = copy_to_user(arg, cl, size);
1244 kfree(cl);
1245
1246 return err ? -EFAULT : 0;
1247}
1248
1249int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1250{
1251 struct hci_conn_info_req req;
1252 struct hci_conn_info ci;
1253 struct hci_conn *conn;
1254 char __user *ptr = arg + sizeof(req);
1255
1256 if (copy_from_user(&req, arg, sizeof(req)))
1257 return -EFAULT;
1258
09fd0de5 1259 hci_dev_lock(hdev);
1da177e4
LT		 1260 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1261 if (conn) {
1262 bacpy(&ci.bdaddr, &conn->dst);
1263 ci.handle = conn->handle;
1264 ci.type = conn->type;
1265 ci.out = conn->out;
1266 ci.state = conn->state;
4dae2798 1267 ci.link_mode = get_link_mode(conn);
1da177e4 1268 }
09fd0de5 1269 hci_dev_unlock(hdev);
1da177e4
LT		 1270
1271 if (!conn)
1272 return -ENOENT;
1273
1274 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1275}
40be492f
MH		 1276
1277int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1278{
1279 struct hci_auth_info_req req;
1280 struct hci_conn *conn;
1281
1282 if (copy_from_user(&req, arg, sizeof(req)))
1283 return -EFAULT;
1284
09fd0de5 1285 hci_dev_lock(hdev);
40be492f
MH		 1286 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1287 if (conn)
1288 req.type = conn->auth_type;
09fd0de5 1289 hci_dev_unlock(hdev);
40be492f
MH		 1290
1291 if (!conn)
1292 return -ENOENT;
1293
1294 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1295}
73d80deb
LAD		 1296
1297struct hci_chan *hci_chan_create(struct hci_conn *conn)
1298{
1299 struct hci_dev *hdev = conn->hdev;
1300 struct hci_chan *chan;
1301
38b3fef1 1302 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1303
f94b665d
JH		 1304 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
1305 BT_DBG("Refusing to create new hci_chan");
1306 return NULL;
1307 }
1308
27f70f3e 1309 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 1310 if (!chan)
1311 return NULL;
1312
6c388d32 1313 chan->conn = hci_conn_get(conn);
73d80deb 1314 skb_queue_head_init(&chan->data_q);
168df8e5 1315 chan->state = BT_CONNECTED;
73d80deb 1316
8192edef 1317 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1318
1319 return chan;
1320}
1321
9472007c 1322void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1323{
1324 struct hci_conn *conn = chan->conn;
1325 struct hci_dev *hdev = conn->hdev;
1326
38b3fef1 1327 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1328
8192edef
GP		 1329 list_del_rcu(&chan->list);
1330
1331 synchronize_rcu();
73d80deb 1332
bcbb655a 1333 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 1334 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 1335
6c388d32 1336 hci_conn_put(conn);
e9b02748 1337
73d80deb
LAD		 1338 skb_queue_purge(&chan->data_q);
1339 kfree(chan);
73d80deb
LAD		 1340}
1341
2c33c06a 1342void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1343{
2a5a5ec6 1344 struct hci_chan *chan, *n;
73d80deb 1345
38b3fef1 1346 BT_DBG("hcon %p", conn);
73d80deb 1347
2a5a5ec6 1348 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1349 hci_chan_del(chan);
1350}
42c4e53e
AE		 1351
1352static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1353 __u16 handle)
1354{
1355 struct hci_chan *hchan;
1356
1357 list_for_each_entry(hchan, &hcon->chan_list, list) {
1358 if (hchan->handle == handle)
1359 return hchan;
1360 }
1361
1362 return NULL;
1363}
1364
1365struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1366{
1367 struct hci_conn_hash *h = &hdev->conn_hash;
1368 struct hci_conn *hcon;
1369 struct hci_chan *hchan = NULL;
1370
1371 rcu_read_lock();
1372
1373 list_for_each_entry_rcu(hcon, &h->list, list) {
1374 hchan = __hci_chan_lookup_handle(hcon, handle);
1375 if (hchan)
1376 break;
1377 }
1378
1379 rcu_read_unlock();
1380
1381 return hchan;
1382}
Linux 6.x block layer and io_uring tree(s)