projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'mvebu-fixes-6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/gcleme...
[linux-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
0fe8c8d0 4 Copyright 2023 NXP
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI connection handling. */
27
8c520a59 28#include <linux/export.h>
23b9ceb7 29#include <linux/debugfs.h>
1da177e4
LT		 30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
eca0ae4a
LAD		 34#include <net/bluetooth/iso.h>
35#include <net/bluetooth/mgmt.h>
1da177e4 36
0857dd3b 37#include "hci_request.h"
ac4b7236 38#include "smp.h"
7024728e 39#include "a2mp.h"
eca0ae4a 40#include "eir.h"
7024728e 41
2dea632f
FD		 42struct sco_param {
43 u16 pkt_type;
44 u16 max_latency;
c7da5797 45 u8 retrans_effort;
2dea632f
FD		 46};
47
e07a06b4
BG		 48struct conn_handle_t {
49 struct hci_conn *conn;
50 __u16 handle;
51};
52
48e68ff5 53static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
55 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
56 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
57 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
58 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 59};
60
48e68ff5 61static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 62 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
63 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 64};
65
565766b0 66static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 67 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
68 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 69};
70
f75113a2 71/* This function requires the caller holds hdev->lock */
19cf60bf 72static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
f75113a2
JP		 73{
74 struct hci_conn_params *params;
b5c2b621 75 struct hci_dev *hdev = conn->hdev;
f75113a2
JP		 76 struct smp_irk *irk;
77 bdaddr_t *bdaddr;
78 u8 bdaddr_type;
79
80 bdaddr = &conn->dst;
81 bdaddr_type = conn->dst_type;
82
83 /* Check if we need to convert to identity address */
b5c2b621 84 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
f75113a2
JP		 85 if (irk) {
86 bdaddr = &irk->bdaddr;
87 bdaddr_type = irk->addr_type;
88 }
89
17bc08f0
JH		 90 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
91 bdaddr_type);
19cf60bf 92 if (!params)
f75113a2
JP		 93 return;
94
19cf60bf
LAD		 95 if (params->conn) {
96 hci_conn_drop(params->conn);
97 hci_conn_put(params->conn);
98 params->conn = NULL;
99 }
100
101 if (!params->explicit_connect)
102 return;
103
104 /* If the status indicates successful cancellation of
105 * the attempt (i.e. Unknown Connection Id) there's no point of
106 * notifying failure since we'll go back to keep trying to
107 * connect. The only exception is explicit connect requests
108 * where a timeout + cancel does indicate an actual failure.
109 */
110 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
111 mgmt_connect_failed(hdev, &conn->dst, conn->type,
112 conn->dst_type, status);
113
f75113a2
JP		 114 /* The connection attempt was doing scan for new RPA, and is
115 * in scan phase. If params are not associated with any other
116 * autoconnect action, remove them completely. If they are, just unmark
117 * them as waiting for connection, by clearing explicit_connect field.
118 */
9ad3e6ff
JH		 119 params->explicit_connect = false;
120
195ef75e 121 hci_pend_le_list_del_init(params);
9ad3e6ff
JH		 122
123 switch (params->auto_connect) {
124 case HCI_AUTO_CONN_EXPLICIT:
b5c2b621 125 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
9ad3e6ff
JH		 126 /* return instead of break to avoid duplicate scan update */
127 return;
128 case HCI_AUTO_CONN_DIRECT:
129 case HCI_AUTO_CONN_ALWAYS:
195ef75e 130 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9ad3e6ff
JH		 131 break;
132 case HCI_AUTO_CONN_REPORT:
195ef75e 133 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9ad3e6ff
JH		 134 break;
135 default:
136 break;
168b8a25 137 }
9ad3e6ff 138
5bee2fd6 139 hci_update_passive_scan(hdev);
f75113a2
JP		 140}
141
b958f9a3
JH		 142static void hci_conn_cleanup(struct hci_conn *conn)
143{
144 struct hci_dev *hdev = conn->hdev;
145
146 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
147 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
148
629f66aa
AM		 149 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
150 hci_remove_link_key(hdev, &conn->dst);
151
b958f9a3
JH		 152 hci_chan_list_flush(conn);
153
154 hci_conn_hash_del(hdev, conn);
155
26afbd82
LAD		 156 if (conn->cleanup)
157 conn->cleanup(conn);
158
1f8330ea
SN		 159 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
160 switch (conn->setting & SCO_AIRMODE_MASK) {
161 case SCO_AIRMODE_CVSD:
162 case SCO_AIRMODE_TRANSP:
163 if (hdev->notify)
164 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
165 break;
166 }
167 } else {
168 if (hdev->notify)
169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
170 }
b958f9a3
JH		 171
172 hci_conn_del_sysfs(conn);
173
174 debugfs_remove_recursive(conn->debugfs);
175
176 hci_dev_put(hdev);
177
178 hci_conn_put(conn);
179}
180
1aef8669 181static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 182{
183 struct hci_dev *hdev = conn->hdev;
184 struct inquiry_entry *ie;
185 struct hci_cp_create_conn cp;
186
42d2d87c 187 BT_DBG("hcon %p", conn);
1da177e4 188
89e65975
SS		 189 /* Many controllers disallow HCI Create Connection while it is doing
190 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
191 * Connection. This may cause the MGMT discovering state to become false
192 * without user space's request but it is okay since the MGMT Discovery
193 * APIs do not promise that discovery should be done forever. Instead,
194 * the user space monitors the status of MGMT discovering and it may
195 * request for discovery again when this flag becomes false.
196 */
197 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
198 /* Put this connection to "pending" state so that it will be
199 * executed after the inquiry cancel command complete event.
200 */
201 conn->state = BT_CONNECT2;
202 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
203 return;
204 }
205
1da177e4 206 conn->state = BT_CONNECT;
a0c808b3 207 conn->out = true;
40bef302 208 conn->role = HCI_ROLE_MASTER;
1da177e4 209
4c67bc74
MH		 210 conn->attempt++;
211
e4e8e37c
MH		 212 conn->link_policy = hdev->link_policy;
213
1da177e4
LT		 214 memset(&cp, 0, sizeof(cp));
215 bacpy(&cp.bdaddr, &conn->dst);
216 cp.pscan_rep_mode = 0x02;
217
70f23020
AE		 218 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
219 if (ie) {
41a96212
MH		 220 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
221 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
222 cp.pscan_mode = ie->data.pscan_mode;
223 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 224 cpu_to_le16(0x8000);
41a96212
MH		 225 }
226
1da177e4
LT		 227 memcpy(conn->dev_class, ie->data.dev_class, 3);
228 }
229
a8746417 230 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 231 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 232 cp.role_switch = 0x01;
1da177e4 233 else
b6a0dc82 234 cp.role_switch = 0x00;
4c67bc74 235
a9de9248 236 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 237}
238
e3b679d5 239int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4 240{
38b3fef1 241 BT_DBG("hcon %p", conn);
1da177e4 242
74be523c 243 /* When we are central of an established connection and it enters
839035a7
JH		 244 * the disconnect timeout, then go ahead and try to read the
245 * current clock offset. Processing of the result is done
246 * within the event handling and hci_clock_offset_evt function.
247 */
88d07feb
JH		 248 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
249 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
839035a7 250 struct hci_dev *hdev = conn->hdev;
4f639ede 251 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 252
4f639ede
FF		 253 clkoff_cp.handle = cpu_to_le16(conn->handle);
254 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
255 &clkoff_cp);
839035a7
JH		 256 }
257
88d07feb 258 return hci_abort_conn(conn, reason);
1da177e4
LT		 259}
260
57f5d0d1 261static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 262{
263 struct hci_dev *hdev = conn->hdev;
264 struct hci_cp_add_sco cp;
265
38b3fef1 266 BT_DBG("hcon %p", conn);
1da177e4
LT		 267
268 conn->state = BT_CONNECT;
a0c808b3 269 conn->out = true;
1da177e4 270
efc7688b
MH		 271 conn->attempt++;
272
aca3192c 273 cp.handle = cpu_to_le16(handle);
a8746417 274 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 275
a9de9248 276 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 277}
278
8b1c324c
YL		 279static bool find_next_esco_param(struct hci_conn *conn,
280 const struct sco_param *esco_param, int size)
281{
06149746
LAD		 282 if (!conn->parent)
283 return false;
284
8b1c324c 285 for (; conn->attempt <= size; conn->attempt++) {
06149746 286 if (lmp_esco_2m_capable(conn->parent) ||
8b1c324c
YL		 287 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
288 break;
289 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
290 conn, conn->attempt);
291 }
292
293 return conn->attempt <= size;
294}
295
e07a06b4 296static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
b2af264a 297{
e07a06b4
BG		 298 int err;
299 __u8 vnd_len, *vnd_data = NULL;
300 struct hci_op_configure_data_path *cmd = NULL;
301
302 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
303 &vnd_data);
304 if (err < 0)
305 goto error;
306
307 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
308 if (!cmd) {
309 err = -ENOMEM;
310 goto error;
311 }
312
313 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
314 if (err < 0)
315 goto error;
316
317 cmd->vnd_len = vnd_len;
318 memcpy(cmd->vnd_data, vnd_data, vnd_len);
319
320 cmd->direction = 0x00;
321 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
322 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
323
324 cmd->direction = 0x01;
325 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
326 sizeof(*cmd) + vnd_len, cmd,
327 HCI_CMD_TIMEOUT);
328error:
329
330 kfree(cmd);
331 kfree(vnd_data);
332 return err;
333}
334
335static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
336{
337 struct conn_handle_t *conn_handle = data;
338 struct hci_conn *conn = conn_handle->conn;
339 __u16 handle = conn_handle->handle;
b2af264a
K		 340 struct hci_cp_enhanced_setup_sync_conn cp;
341 const struct sco_param *param;
342
e07a06b4
BG		 343 kfree(conn_handle);
344
b2af264a
K		 345 bt_dev_dbg(hdev, "hcon %p", conn);
346
9798fbde
K		 347 /* for offload use case, codec needs to configured before opening SCO */
348 if (conn->codec.data_path)
e07a06b4 349 configure_datapath_sync(hdev, &conn->codec);
9798fbde 350
b2af264a
K		 351 conn->state = BT_CONNECT;
352 conn->out = true;
353
354 conn->attempt++;
355
356 memset(&cp, 0x00, sizeof(cp));
357
358 cp.handle = cpu_to_le16(handle);
359
360 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
361 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
362
363 switch (conn->codec.id) {
904c139a
K		 364 case BT_CODEC_MSBC:
365 if (!find_next_esco_param(conn, esco_param_msbc,
366 ARRAY_SIZE(esco_param_msbc)))
e07a06b4 367 return -EINVAL;
904c139a
K		 368
369 param = &esco_param_msbc[conn->attempt - 1];
370 cp.tx_coding_format.id = 0x05;
371 cp.rx_coding_format.id = 0x05;
372 cp.tx_codec_frame_size = __cpu_to_le16(60);
373 cp.rx_codec_frame_size = __cpu_to_le16(60);
374 cp.in_bandwidth = __cpu_to_le32(32000);
375 cp.out_bandwidth = __cpu_to_le32(32000);
376 cp.in_coding_format.id = 0x04;
377 cp.out_coding_format.id = 0x04;
378 cp.in_coded_data_size = __cpu_to_le16(16);
379 cp.out_coded_data_size = __cpu_to_le16(16);
380 cp.in_pcm_data_format = 2;
381 cp.out_pcm_data_format = 2;
382 cp.in_pcm_sample_payload_msb_pos = 0;
383 cp.out_pcm_sample_payload_msb_pos = 0;
384 cp.in_data_path = conn->codec.data_path;
385 cp.out_data_path = conn->codec.data_path;
386 cp.in_transport_unit_size = 1;
387 cp.out_transport_unit_size = 1;
388 break;
389
b2af264a
K		 390 case BT_CODEC_TRANSPARENT:
391 if (!find_next_esco_param(conn, esco_param_msbc,
392 ARRAY_SIZE(esco_param_msbc)))
393 return false;
394 param = &esco_param_msbc[conn->attempt - 1];
395 cp.tx_coding_format.id = 0x03;
396 cp.rx_coding_format.id = 0x03;
397 cp.tx_codec_frame_size = __cpu_to_le16(60);
398 cp.rx_codec_frame_size = __cpu_to_le16(60);
399 cp.in_bandwidth = __cpu_to_le32(0x1f40);
400 cp.out_bandwidth = __cpu_to_le32(0x1f40);
401 cp.in_coding_format.id = 0x03;
402 cp.out_coding_format.id = 0x03;
403 cp.in_coded_data_size = __cpu_to_le16(16);
404 cp.out_coded_data_size = __cpu_to_le16(16);
405 cp.in_pcm_data_format = 2;
406 cp.out_pcm_data_format = 2;
407 cp.in_pcm_sample_payload_msb_pos = 0;
408 cp.out_pcm_sample_payload_msb_pos = 0;
409 cp.in_data_path = conn->codec.data_path;
410 cp.out_data_path = conn->codec.data_path;
411 cp.in_transport_unit_size = 1;
412 cp.out_transport_unit_size = 1;
413 break;
414
415 case BT_CODEC_CVSD:
06149746 416 if (conn->parent && lmp_esco_capable(conn->parent)) {
b2af264a
K		 417 if (!find_next_esco_param(conn, esco_param_cvsd,
418 ARRAY_SIZE(esco_param_cvsd)))
e07a06b4 419 return -EINVAL;
b2af264a
K		 420 param = &esco_param_cvsd[conn->attempt - 1];
421 } else {
422 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
e07a06b4 423 return -EINVAL;
b2af264a
K		 424 param = &sco_param_cvsd[conn->attempt - 1];
425 }
426 cp.tx_coding_format.id = 2;
427 cp.rx_coding_format.id = 2;
428 cp.tx_codec_frame_size = __cpu_to_le16(60);
429 cp.rx_codec_frame_size = __cpu_to_le16(60);
430 cp.in_bandwidth = __cpu_to_le32(16000);
431 cp.out_bandwidth = __cpu_to_le32(16000);
432 cp.in_coding_format.id = 4;
433 cp.out_coding_format.id = 4;
434 cp.in_coded_data_size = __cpu_to_le16(16);
435 cp.out_coded_data_size = __cpu_to_le16(16);
436 cp.in_pcm_data_format = 2;
437 cp.out_pcm_data_format = 2;
438 cp.in_pcm_sample_payload_msb_pos = 0;
439 cp.out_pcm_sample_payload_msb_pos = 0;
440 cp.in_data_path = conn->codec.data_path;
441 cp.out_data_path = conn->codec.data_path;
442 cp.in_transport_unit_size = 16;
443 cp.out_transport_unit_size = 16;
444 break;
445 default:
e07a06b4 446 return -EINVAL;
b2af264a
K		 447 }
448
449 cp.retrans_effort = param->retrans_effort;
450 cp.pkt_type = __cpu_to_le16(param->pkt_type);
451 cp.max_latency = __cpu_to_le16(param->max_latency);
452
453 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
e07a06b4 454 return -EIO;
b2af264a 455
e07a06b4 456 return 0;
b2af264a
K		 457}
458
459static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 460{
461 struct hci_dev *hdev = conn->hdev;
462 struct hci_cp_setup_sync_conn cp;
2dea632f 463 const struct sco_param *param;
b6a0dc82 464
b2af264a 465 bt_dev_dbg(hdev, "hcon %p", conn);
b6a0dc82
MH		 466
467 conn->state = BT_CONNECT;
a0c808b3 468 conn->out = true;
b6a0dc82 469
efc7688b
MH		 470 conn->attempt++;
471
b6a0dc82 472 cp.handle = cpu_to_le16(handle);
b6a0dc82 473
dcf4adbf
JP		 474 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
475 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 476 cp.voice_setting = cpu_to_le16(conn->setting);
477
478 switch (conn->setting & SCO_AIRMODE_MASK) {
479 case SCO_AIRMODE_TRANSP:
8b1c324c
YL		 480 if (!find_next_esco_param(conn, esco_param_msbc,
481 ARRAY_SIZE(esco_param_msbc)))
2dea632f 482 return false;
565766b0 483 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 484 break;
485 case SCO_AIRMODE_CVSD:
06149746 486 if (conn->parent && lmp_esco_capable(conn->parent)) {
8b1c324c
YL		 487 if (!find_next_esco_param(conn, esco_param_cvsd,
488 ARRAY_SIZE(esco_param_cvsd)))
48e68ff5 489 return false;
48e68ff5
BT		 490 param = &esco_param_cvsd[conn->attempt - 1];
491 } else {
492 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
493 return false;
48e68ff5
BT		 494 param = &sco_param_cvsd[conn->attempt - 1];
495 }
10c62ddc 496 break;
2dea632f
FD		 497 default:
498 return false;
10c62ddc 499 }
b6a0dc82 500
c7da5797 501 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 502 cp.pkt_type = __cpu_to_le16(param->pkt_type);
503 cp.max_latency = __cpu_to_le16(param->max_latency);
504
505 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
506 return false;
507
508 return true;
b6a0dc82
MH		 509}
510
b2af264a
K		 511bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
512{
e07a06b4
BG		 513 int result;
514 struct conn_handle_t *conn_handle;
515
516 if (enhanced_sync_conn_capable(conn->hdev)) {
517 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
518
519 if (!conn_handle)
520 return false;
521
522 conn_handle->conn = conn;
523 conn_handle->handle = handle;
524 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
525 conn_handle, NULL);
526 if (result < 0)
527 kfree(conn_handle);
528
529 return result == 0;
530 }
b2af264a
K		 531
532 return hci_setup_sync_conn(conn, handle);
533}
534
7d6ca693
JH		 535u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
536 u16 to_multiplier)
2ce603eb 537{
2ce603eb 538 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 539 struct hci_conn_params *params;
540 struct hci_cp_le_conn_update cp;
2ce603eb 541
f044eb05 542 hci_dev_lock(hdev);
2ce603eb 543
f044eb05
MH		 544 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
545 if (params) {
546 params->conn_min_interval = min;
547 params->conn_max_interval = max;
548 params->conn_latency = latency;
549 params->supervision_timeout = to_multiplier;
550 }
551
552 hci_dev_unlock(hdev);
553
554 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 555 cp.handle = cpu_to_le16(conn->handle);
556 cp.conn_interval_min = cpu_to_le16(min);
557 cp.conn_interval_max = cpu_to_le16(max);
558 cp.conn_latency = cpu_to_le16(latency);
559 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 560 cp.min_ce_len = cpu_to_le16(0x0000);
561 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 562
563 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 564
565 if (params)
566 return 0x01;
567
568 return 0x00;
2ce603eb 569}
2ce603eb 570
fe39c7b2 571void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
8b76ce34 572 __u8 ltk[16], __u8 key_size)
a7a595f6
VCG		 573{
574 struct hci_dev *hdev = conn->hdev;
575 struct hci_cp_le_start_enc cp;
576
38b3fef1 577 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 578
579 memset(&cp, 0, sizeof(cp));
580
581 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 582 cp.rand = rand;
a7a595f6 583 cp.ediv = ediv;
8b76ce34 584 memcpy(cp.ltk, ltk, key_size);
a7a595f6
VCG		 585
586 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
587}
a7a595f6 588
e73439d8
MH		 589/* Device _must_ be locked */
590void hci_sco_setup(struct hci_conn *conn, __u8 status)
591{
06149746 592 struct hci_link *link;
e73439d8 593
06149746
LAD		 594 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
595 if (!link || !link->conn)
e73439d8
MH		 596 return;
597
38b3fef1
AE		 598 BT_DBG("hcon %p", conn);
599
e73439d8
MH		 600 if (!status) {
601 if (lmp_esco_capable(conn->hdev))
06149746 602 hci_setup_sync(link->conn, conn->handle);
e73439d8 603 else
06149746 604 hci_add_sco(link->conn, conn->handle);
e73439d8 605 } else {
06149746
LAD		 606 hci_connect_cfm(link->conn, status);
607 hci_conn_del(link->conn);
e73439d8
MH		 608 }
609}
610
19c40e3b 611static void hci_conn_timeout(struct work_struct *work)
1da177e4 612{
19c40e3b 613 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 614 disc_work.work);
1d56dc4f 615 int refcnt = atomic_read(&conn->refcnt);
1da177e4 616
38b3fef1 617 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 618
1d56dc4f
LR		 619 WARN_ON(refcnt < 0);
620
621 /* FIXME: It was observed that in pairing failed scenario, refcnt
622 * drops below 0. Probably this is because l2cap_conn_del calls
623 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
624 * dropped. After that loop hci_chan_del is called which also drops
625 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
626 * otherwise drop it.
627 */
628 if (refcnt > 0)
1da177e4
LT		 629 return;
630
89e0ccc8 631 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
1da177e4
LT		 632}
633
416dc94b 634/* Enter sniff mode */
a74a84f6 635static void hci_conn_idle(struct work_struct *work)
416dc94b 636{
a74a84f6
JH		 637 struct hci_conn *conn = container_of(work, struct hci_conn,
638 idle_work.work);
416dc94b
GP		 639 struct hci_dev *hdev = conn->hdev;
640
38b3fef1 641 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 642
416dc94b
GP		 643 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
644 return;
645
646 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
647 return;
648
649 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
650 struct hci_cp_sniff_subrate cp;
651 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 652 cp.max_latency = cpu_to_le16(0);
653 cp.min_remote_timeout = cpu_to_le16(0);
654 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 655 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
656 }
657
51a8efd7 658 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 659 struct hci_cp_sniff_mode cp;
660 cp.handle = cpu_to_le16(conn->handle);
661 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
662 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 663 cp.attempt = cpu_to_le16(4);
664 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 665 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
666 }
667}
668
7bc18d9d 669static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 670{
7bc18d9d
JH		 671 struct hci_conn *conn = container_of(work, struct hci_conn,
672 auto_accept_work.work);
9f61656a 673
7bc18d9d 674 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 675 &conn->dst);
9f61656a
JH		 676}
677
c3bed4de
SN		 678static void le_disable_advertising(struct hci_dev *hdev)
679{
680 if (ext_adv_capable(hdev)) {
681 struct hci_cp_le_set_ext_adv_enable cp;
682
683 cp.enable = 0x00;
684 cp.num_of_sets = 0x00;
685
686 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
687 &cp);
688 } else {
689 u8 enable = 0x00;
690 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
691 &enable);
692 }
693}
694
9489eca4
JH		 695static void le_conn_timeout(struct work_struct *work)
696{
697 struct hci_conn *conn = container_of(work, struct hci_conn,
698 le_conn_timeout.work);
3c857757 699 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 700
701 BT_DBG("");
702
3c857757
JH		 703 /* We could end up here due to having done directed advertising,
704 * so clean up the state if necessary. This should however only
705 * happen with broken hardware or if low duty cycle was used
706 * (which doesn't have a timeout of its own).
707 */
0b1db38c 708 if (conn->role == HCI_ROLE_SLAVE) {
c3bed4de
SN		 709 /* Disable LE Advertising */
710 le_disable_advertising(hdev);
9fa6b4cd 711 hci_dev_lock(hdev);
9b3628d7 712 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
9fa6b4cd 713 hci_dev_unlock(hdev);
3c857757
JH		 714 return;
715 }
716
89e0ccc8 717 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
9489eca4
JH		 718}
719
6b9545dc
PV		 720struct iso_cig_params {
721 struct hci_cp_le_set_cig_params cp;
722 struct hci_cis_params cis[0x1f];
723};
724
eca0ae4a
LAD		 725struct iso_list_data {
726 union {
727 u8 cig;
728 u8 big;
729 };
730 union {
731 u8 cis;
732 u8 bis;
733 u16 sync_handle;
734 };
735 int count;
a0bfde16 736 bool big_term;
fbdc4bc4 737 bool pa_sync_term;
f777d882 738 bool big_sync_term;
eca0ae4a
LAD		 739};
740
741static void bis_list(struct hci_conn *conn, void *data)
742{
743 struct iso_list_data *d = data;
744
745 /* Skip if not broadcast/ANY address */
746 if (bacmp(&conn->dst, BDADDR_ANY))
747 return;
748
0fe8c8d0
IT		 749 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
750 d->bis != conn->iso_qos.bcast.bis)
eca0ae4a
LAD		 751 return;
752
753 d->count++;
754}
755
eca0ae4a
LAD		 756static int terminate_big_sync(struct hci_dev *hdev, void *data)
757{
758 struct iso_list_data *d = data;
759
760 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
761
762 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
763
a0bfde16
IT		 764 /* Only terminate BIG if it has been created */
765 if (!d->big_term)
eca0ae4a
LAD		 766 return 0;
767
768 return hci_le_terminate_big_sync(hdev, d->big,
769 HCI_ERROR_LOCAL_HOST_TERM);
770}
771
772static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
773{
774 kfree(data);
775}
776
a0bfde16 777static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
eca0ae4a
LAD		 778{
779 struct iso_list_data *d;
3aa21311 780 int ret;
eca0ae4a 781
a0bfde16
IT		 782 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
783 conn->iso_qos.bcast.bis);
eca0ae4a 784
3958e877 785 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 786 if (!d)
787 return -ENOMEM;
788
a0bfde16
IT		 789 d->big = conn->iso_qos.bcast.big;
790 d->bis = conn->iso_qos.bcast.bis;
791 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
eca0ae4a 792
3aa21311
ZS		 793 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
794 terminate_big_destroy);
795 if (ret)
796 kfree(d);
797
798 return ret;
eca0ae4a
LAD		 799}
800
801static int big_terminate_sync(struct hci_dev *hdev, void *data)
802{
803 struct iso_list_data *d = data;
804
805 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
806 d->sync_handle);
807
f777d882
IT		 808 if (d->big_sync_term)
809 hci_le_big_terminate_sync(hdev, d->big);
eca0ae4a 810
fbdc4bc4
IT		 811 if (d->pa_sync_term)
812 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
813
814 return 0;
eca0ae4a
LAD		 815}
816
f777d882 817static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
eca0ae4a
LAD		 818{
819 struct iso_list_data *d;
3aa21311 820 int ret;
eca0ae4a 821
f777d882 822 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
eca0ae4a 823
3958e877 824 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 825 if (!d)
826 return -ENOMEM;
827
eca0ae4a 828 d->big = big;
f777d882 829 d->sync_handle = conn->sync_handle;
fbdc4bc4 830 d->pa_sync_term = test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags);
f777d882 831 d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags);
eca0ae4a 832
3aa21311
ZS		 833 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
834 terminate_big_destroy);
835 if (ret)
836 kfree(d);
837
838 return ret;
eca0ae4a
LAD		 839}
840
841/* Cleanup BIS connection
842 *
843 * Detects if there any BIS left connected in a BIG
844 * broadcaster: Remove advertising instance and terminate BIG.
845 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
846 */
847static void bis_cleanup(struct hci_conn *conn)
848{
849 struct hci_dev *hdev = conn->hdev;
a0bfde16 850 struct hci_conn *bis;
eca0ae4a
LAD		 851
852 bt_dev_dbg(hdev, "conn %p", conn);
853
854 if (conn->role == HCI_ROLE_MASTER) {
855 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
856 return;
857
a0bfde16
IT		 858 /* Check if ISO connection is a BIS and terminate advertising
859 * set and BIG if there are no other connections using it.
860 */
6a42e9bf 861 bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
a0bfde16
IT		 862 if (bis)
863 return;
864
865 hci_le_terminate_big(hdev, conn);
eca0ae4a 866 } else {
f777d882
IT		 867 bis = hci_conn_hash_lookup_big_any_dst(hdev,
868 conn->iso_qos.bcast.big);
869
870 if (bis)
871 return;
872
0fe8c8d0 873 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
f777d882 874 conn);
eca0ae4a
LAD		 875 }
876}
877
878static int remove_cig_sync(struct hci_dev *hdev, void *data)
879{
a1f6c3ae 880 u8 handle = PTR_UINT(data);
eca0ae4a
LAD		 881
882 return hci_le_remove_cig_sync(hdev, handle);
883}
884
885static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
886{
887 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
888
a1f6c3ae
LAD		 889 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
890 NULL);
eca0ae4a
LAD		 891}
892
893static void find_cis(struct hci_conn *conn, void *data)
894{
895 struct iso_list_data *d = data;
896
31c5f916
PV		 897 /* Ignore broadcast or if CIG don't match */
898 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
eca0ae4a
LAD		 899 return;
900
901 d->count++;
902}
903
904/* Cleanup CIS connection:
905 *
906 * Detects if there any CIS left connected in a CIG and remove it.
907 */
908static void cis_cleanup(struct hci_conn *conn)
909{
910 struct hci_dev *hdev = conn->hdev;
911 struct iso_list_data d;
912
31c5f916
PV		 913 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
914 return;
915
eca0ae4a 916 memset(&d, 0, sizeof(d));
0fe8c8d0 917 d.cig = conn->iso_qos.ucast.cig;
eca0ae4a
LAD		 918
919 /* Check if ISO connection is a CIS and remove CIG if there are
920 * no other connections using it.
921 */
6c242c64
PV		 922 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
923 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
eca0ae4a
LAD		 924 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
925 if (d.count)
926 return;
927
0fe8c8d0 928 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
eca0ae4a
LAD		 929}
930
9f78191c
LAD		 931static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev)
932{
933 struct hci_conn_hash *h = &hdev->conn_hash;
934 struct hci_conn *c;
935 u16 handle = HCI_CONN_HANDLE_MAX + 1;
936
937 rcu_read_lock();
938
939 list_for_each_entry_rcu(c, &h->list, list) {
940 /* Find the first unused handle */
941 if (handle == 0xffff || c->handle != handle)
942 break;
943 handle++;
944 }
945 rcu_read_unlock();
946
947 return handle;
948}
949
a5c4e309
JH		 950struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
951 u8 role)
1da177e4
LT		 952{
953 struct hci_conn *conn;
954
6ed93dc6 955 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 956
27f70f3e 957 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 958 if (!conn)
1da177e4 959 return NULL;
1da177e4
LT		 960
961 bacpy(&conn->dst, dst);
662e8820 962 bacpy(&conn->src, &hdev->bdaddr);
9f78191c 963 conn->handle = hci_conn_hash_alloc_unset(hdev);
a8746417
MH		 964 conn->hdev = hdev;
965 conn->type = type;
a5c4e309 966 conn->role = role;
a8746417
MH		 967 conn->mode = HCI_CM_ACTIVE;
968 conn->state = BT_OPEN;
93f19c9f 969 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 970 conn->io_capability = hdev->io_capability;
a9583556 971 conn->remote_auth = 0xff;
13d39315 972 conn->key_type = 0xff;
ebf86aa3 973 conn->rssi = HCI_RSSI_INVALID;
5a134fae 974 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 975 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 976
58a681ef 977 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 978 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 979
302975cb
SRK		 980 /* Set Default Authenticated payload timeout to 30s */
981 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
982
a5c4e309
JH		 983 if (conn->role == HCI_ROLE_MASTER)
984 conn->out = true;
985
a8746417
MH		 986 switch (type) {
987 case ACL_LINK:
988 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
989 break;
9c84d1da 990 case LE_LINK:
eca0ae4a
LAD		 991 /* conn->src should reflect the local identity address */
992 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
993 break;
26afbd82 994 case ISO_LINK:
9c84d1da
JH		 995 /* conn->src should reflect the local identity address */
996 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
eca0ae4a
LAD		 997
998 /* set proper cleanup function */
999 if (!bacmp(dst, BDADDR_ANY))
1000 conn->cleanup = bis_cleanup;
1001 else if (conn->role == HCI_ROLE_MASTER)
1002 conn->cleanup = cis_cleanup;
1003
9c84d1da 1004 break;
a8746417
MH		 1005 case SCO_LINK:
1006 if (lmp_esco_capable(hdev))
efc7688b
MH		 1007 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1008 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 1009 else
1010 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1011 break;
1012 case ESCO_LINK:
efc7688b 1013 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 1014 break;
1015 }
1016
1da177e4 1017 skb_queue_head_init(&conn->data_q);
04837f64 1018
70c1f20b 1019 INIT_LIST_HEAD(&conn->chan_list);
06149746 1020 INIT_LIST_HEAD(&conn->link_list);
73d80deb 1021
19c40e3b 1022 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 1023 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 1024 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 1025 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 1026
1027 atomic_set(&conn->refcnt, 0);
1028
1029 hci_dev_hold(hdev);
1030
1da177e4 1031 hci_conn_hash_add(hdev, conn);
1f8330ea
SN		 1032
1033 /* The SCO and eSCO connections will only be notified when their
1034 * setup has been completed. This is different to ACL links which
1035 * can be notified right away.
1036 */
1037 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1038 if (hdev->notify)
1039 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1040 }
1da177e4 1041
a67e899c
MH		 1042 hci_conn_init_sysfs(conn);
1043
1da177e4
LT		 1044 return conn;
1045}
1046
3344d318
PV		 1047static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason)
1048{
1049 if (!reason)
1050 reason = HCI_ERROR_REMOTE_USER_TERM;
1051
1052 /* Due to race, SCO/ISO conn might be not established yet at this point,
1053 * and nothing else will clean it up. In other cases it is done via HCI
1054 * events.
1055 */
1056 switch (conn->type) {
1057 case SCO_LINK:
1058 case ESCO_LINK:
1059 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1060 hci_conn_failed(conn, reason);
1061 break;
1062 case ISO_LINK:
1063 if (conn->state != BT_CONNECTED &&
1064 !test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
1065 hci_conn_failed(conn, reason);
1066 break;
1067 }
1068}
1069
06149746 1070static void hci_conn_unlink(struct hci_conn *conn)
5dc7d23e 1071{
06149746
LAD		 1072 struct hci_dev *hdev = conn->hdev;
1073
1074 bt_dev_dbg(hdev, "hcon %p", conn);
1075
1076 if (!conn->parent) {
1077 struct hci_link *link, *t;
1078
ca1fd42e
RL		 1079 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1080 struct hci_conn *child = link->conn;
1081
1082 hci_conn_unlink(child);
1083
a2ac591c
RL		 1084 /* If hdev is down it means
1085 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1086 * and links don't need to be cleanup as all connections
1087 * would be cleanup.
1088 */
1089 if (!test_bit(HCI_UP, &hdev->flags))
1090 continue;
1091
3344d318 1092 hci_conn_cleanup_child(child, conn->abort_reason);
ca1fd42e 1093 }
06149746
LAD		 1094
1095 return;
1096 }
1097
5dc7d23e 1098 if (!conn->link)
06149746 1099 return;
5dc7d23e 1100
06149746
LAD		 1101 list_del_rcu(&conn->link->list);
1102 synchronize_rcu();
1103
a2904d28 1104 hci_conn_drop(conn->parent);
2910431a
RL		 1105 hci_conn_put(conn->parent);
1106 conn->parent = NULL;
1107
06149746 1108 kfree(conn->link);
5dc7d23e 1109 conn->link = NULL;
5dc7d23e
LAD		 1110}
1111
a2ac591c 1112void hci_conn_del(struct hci_conn *conn)
1da177e4
LT		 1113{
1114 struct hci_dev *hdev = conn->hdev;
1115
38b3fef1 1116 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 1117
a2904d28
RL		 1118 hci_conn_unlink(conn);
1119
19c40e3b 1120 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 1121 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 1122 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 1123
5b7f9909 1124 if (conn->type == ACL_LINK) {
1da177e4
LT		 1125 /* Unacked frames */
1126 hdev->acl_cnt += conn->sent;
6ed58ec5 1127 } else if (conn->type == LE_LINK) {
980ffc0a 1128 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 1129
6ed58ec5
VT		 1130 if (hdev->le_pkts)
1131 hdev->le_cnt += conn->sent;
1132 else
1133 hdev->acl_cnt += conn->sent;
5b7f9909 1134 } else {
5638d9ea
LAD		 1135 /* Unacked ISO frames */
1136 if (conn->type == ISO_LINK) {
1137 if (hdev->iso_pkts)
1138 hdev->iso_cnt += conn->sent;
1139 else if (hdev->le_pkts)
1140 hdev->le_cnt += conn->sent;
1141 else
1142 hdev->acl_cnt += conn->sent;
1143 }
1da177e4
LT		 1144 }
1145
9740e49d
AE		 1146 if (conn->amp_mgr)
1147 amp_mgr_put(conn->amp_mgr);
1148
1da177e4 1149 skb_queue_purge(&conn->data_q);
1da177e4 1150
b958f9a3
JH		 1151 /* Remove the connection from the list and cleanup its remaining
1152 * state. This is a separate function since for some cases like
1153 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1154 * rest of hci_conn_del.
1155 */
1156 hci_conn_cleanup(conn);
1da177e4
LT		 1157}
1158
39385cb5 1159struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1da177e4
LT		 1160{
1161 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 1162 struct hci_dev *hdev = NULL, *d;
1da177e4 1163
6ed93dc6 1164 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 1165
f20d09d5 1166 read_lock(&hci_dev_list_lock);
1da177e4 1167
8035ded4 1168 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 1169 if (!test_bit(HCI_UP, &d->flags) ||
d7a5a11d 1170 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
ca8bee5d 1171 d->dev_type != HCI_PRIMARY)
1da177e4
LT		 1172 continue;
1173
8e87d142 1174 /* Simple routing:
1da177e4
LT		 1175 * No source address - find interface with bdaddr != dst
1176 * Source address - find interface with bdaddr == src
1177 */
1178
1179 if (use_src) {
39385cb5
JH		 1180 bdaddr_t id_addr;
1181 u8 id_addr_type;
1182
1183 if (src_type == BDADDR_BREDR) {
1184 if (!lmp_bredr_capable(d))
1185 continue;
1186 bacpy(&id_addr, &d->bdaddr);
1187 id_addr_type = BDADDR_BREDR;
1188 } else {
1189 if (!lmp_le_capable(d))
1190 continue;
1191
1192 hci_copy_identity_address(d, &id_addr,
1193 &id_addr_type);
1194
1195 /* Convert from HCI to three-value type */
1196 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1197 id_addr_type = BDADDR_LE_PUBLIC;
1198 else
1199 id_addr_type = BDADDR_LE_RANDOM;
1200 }
1201
1202 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1da177e4
LT		 1203 hdev = d; break;
1204 }
1205 } else {
1206 if (bacmp(&d->bdaddr, dst)) {
1207 hdev = d; break;
1208 }
1209 }
1210 }
1211
1212 if (hdev)
1213 hdev = hci_dev_hold(hdev);
1214
f20d09d5 1215 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 1216 return hdev;
1217}
1218EXPORT_SYMBOL(hci_get_route);
1219
9bb3c01f 1220/* This function requires the caller holds hdev->lock */
9b3628d7 1221static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 1222{
1223 struct hci_dev *hdev = conn->hdev;
f161dd41 1224
19cf60bf 1225 hci_connect_le_scan_cleanup(conn, status);
3c857757 1226
abfeea47 1227 /* Enable advertising in case this was a failed connection
3c857757
JH		 1228 * attempt as a peripheral.
1229 */
abfeea47 1230 hci_enable_advertising(hdev);
9bb3c01f
AG		 1231}
1232
9b3628d7
LAD		 1233/* This function requires the caller holds hdev->lock */
1234void hci_conn_failed(struct hci_conn *conn, u8 status)
1235{
1236 struct hci_dev *hdev = conn->hdev;
1237
1238 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1239
1240 switch (conn->type) {
1241 case LE_LINK:
1242 hci_le_conn_failed(conn, status);
1243 break;
1244 case ACL_LINK:
1245 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1246 conn->dst_type, status);
1247 break;
1248 }
1249
1250 conn->state = BT_CLOSED;
1251 hci_connect_cfm(conn, status);
1252 hci_conn_del(conn);
1253}
1254
16e3b642
LAD		 1255/* This function requires the caller holds hdev->lock */
1256u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1257{
1258 struct hci_dev *hdev = conn->hdev;
1259
1260 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1261
1262 if (conn->handle == handle)
1263 return 0;
1264
1265 if (handle > HCI_CONN_HANDLE_MAX) {
1266 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1267 handle, HCI_CONN_HANDLE_MAX);
1268 return HCI_ERROR_INVALID_PARAMETERS;
1269 }
1270
1271 /* If abort_reason has been sent it means the connection is being
1272 * aborted and the handle shall not be changed.
1273 */
1274 if (conn->abort_reason)
1275 return conn->abort_reason;
1276
1277 conn->handle = handle;
1278
1279 return 0;
1280}
1281
8e8b92ee 1282static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1d399ae5 1283{
04a51d61 1284 struct hci_conn *conn;
a1f6c3ae 1285 u16 handle = PTR_UINT(data);
04a51d61
LAD		 1286
1287 conn = hci_conn_hash_lookup_handle(hdev, handle);
1288 if (!conn)
1289 return;
1d399ae5 1290
b62e7220
LAD		 1291 bt_dev_dbg(hdev, "err %d", err);
1292
28a667c9
JP		 1293 hci_dev_lock(hdev);
1294
8e8b92ee 1295 if (!err) {
19cf60bf 1296 hci_connect_le_scan_cleanup(conn, 0x00);
28a667c9
JP		 1297 goto done;
1298 }
1d399ae5 1299
c9f73a21
LAD		 1300 /* Check if connection is still pending */
1301 if (conn != hci_lookup_le_connect(hdev))
1d399ae5
AG		 1302 goto done;
1303
5cd39700
AP		 1304 /* Flush to make sure we send create conn cancel command if needed */
1305 flush_delayed_work(&conn->le_conn_timeout);
a86ddbff 1306 hci_conn_failed(conn, bt_status(err));
1d399ae5
AG		 1307
1308done:
1309 hci_dev_unlock(hdev);
1310}
1311
8e8b92ee 1312static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
3c857757 1313{
04a51d61 1314 struct hci_conn *conn;
a1f6c3ae 1315 u16 handle = PTR_UINT(data);
04a51d61
LAD		 1316
1317 conn = hci_conn_hash_lookup_handle(hdev, handle);
1318 if (!conn)
1319 return 0;
075e40b7 1320
8e8b92ee 1321 bt_dev_dbg(hdev, "conn %p", conn);
3c857757 1322
3a15324f 1323 clear_bit(HCI_CONN_SCANNING, &conn->flags);
04a51d61
LAD		 1324 conn->state = BT_CONNECT;
1325
8e8b92ee 1326 return hci_le_create_conn_sync(hdev, conn);
3c857757
JH		 1327}
1328
04a6c589 1329struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
d850bf08 1330 u8 dst_type, bool dst_resolved, u8 sec_level,
8e8b92ee 1331 u16 conn_timeout, u8 role)
1da177e4 1332{
e2caced4 1333 struct hci_conn *conn;
1ebfcc1f 1334 struct smp_irk *irk;
1d399ae5 1335 int err;
1da177e4 1336
152d386e 1337 /* Let's make sure that le is enabled.*/
d7a5a11d 1338 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
152d386e
LR		 1339 if (lmp_le_capable(hdev))
1340 return ERR_PTR(-ECONNREFUSED);
1341
1342 return ERR_PTR(-EOPNOTSUPP);
1343 }
1344
658aead9
JH		 1345 /* Since the controller supports only one LE connection attempt at a
1346 * time, we return -EBUSY if there is any connection attempt running.
1347 */
1348 if (hci_lookup_le_connect(hdev))
1349 return ERR_PTR(-EBUSY);
1350
e2caced4
JH		 1351 /* If there's already a connection object but it's not in
1352 * scanning state it means it must already be established, in
1353 * which case we can't do anything else except report a failure
1354 * to connect.
620ad521 1355 */
9d4c1cc1 1356 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
e2caced4
JH		 1357 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1358 return ERR_PTR(-EBUSY);
620ad521 1359 }
dfc94dbd 1360
d850bf08
LAD		 1361 /* Check if the destination address has been resolved by the controller
1362 * since if it did then the identity address shall be used.
edb4b466 1363 */
d850bf08
LAD		 1364 if (!dst_resolved) {
1365 /* When given an identity address with existing identity
1366 * resolving key, the connection needs to be established
1367 * to a resolvable random address.
1368 *
1369 * Storing the resolvable random address is required here
1370 * to handle connection failures. The address will later
1371 * be resolved back into the original identity address
1372 * from the connect request.
1373 */
1374 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1375 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1376 dst = &irk->rpa;
1377 dst_type = ADDR_LE_DEV_RANDOM;
1378 }
1ebfcc1f
JH		 1379 }
1380
e2caced4 1381 if (conn) {
28a667c9
JP		 1382 bacpy(&conn->dst, dst);
1383 } else {
1384 conn = hci_conn_add(hdev, LE_LINK, dst, role);
e2caced4
JH		 1385 if (!conn)
1386 return ERR_PTR(-ENOMEM);
1387 hci_conn_hold(conn);
1388 conn->pending_sec_level = sec_level;
28a667c9
JP		 1389 }
1390
1ebfcc1f 1391 conn->dst_type = dst_type;
620ad521 1392 conn->sec_level = BT_SECURITY_LOW;
09ae260b 1393 conn->conn_timeout = conn_timeout;
4292f1f3 1394
04a51d61 1395 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync,
a1f6c3ae 1396 UINT_PTR(conn->handle),
8e8b92ee 1397 create_le_conn_complete);
2acf3d90
AG		 1398 if (err) {
1399 hci_conn_del(conn);
620ad521 1400 return ERR_PTR(err);
2acf3d90 1401 }
fcd89c09 1402
f1e5d547 1403 return conn;
d04aef4c 1404}
fcd89c09 1405
f75113a2
JP		 1406static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1407{
1408 struct hci_conn *conn;
1409
9d4c1cc1 1410 conn = hci_conn_hash_lookup_le(hdev, addr, type);
f75113a2
JP		 1411 if (!conn)
1412 return false;
1413
f75113a2
JP		 1414 if (conn->state != BT_CONNECTED)
1415 return false;
1416
1417 return true;
1418}
1419
1420/* This function requires the caller holds hdev->lock */
84235d22 1421static int hci_explicit_conn_params_set(struct hci_dev *hdev,
f75113a2
JP		 1422 bdaddr_t *addr, u8 addr_type)
1423{
f75113a2
JP		 1424 struct hci_conn_params *params;
1425
1426 if (is_connected(hdev, addr, addr_type))
1427 return -EISCONN;
1428
5157b8a5
JP		 1429 params = hci_conn_params_lookup(hdev, addr, addr_type);
1430 if (!params) {
1431 params = hci_conn_params_add(hdev, addr, addr_type);
1432 if (!params)
1433 return -ENOMEM;
1434
1435 /* If we created new params, mark them to be deleted in
1436 * hci_connect_le_scan_cleanup. It's different case than
1437 * existing disabled params, those will stay after cleanup.
1438 */
1439 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1440 }
f75113a2 1441
5157b8a5 1442 /* We're trying to connect, so make sure params are at pend_le_conns */
49c50922 1443 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5157b8a5
JP		 1444 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1445 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
195ef75e
PV		 1446 hci_pend_le_list_del_init(params);
1447 hci_pend_le_list_add(params, &hdev->pend_le_conns);
f75113a2
JP		 1448 }
1449
1450 params->explicit_connect = true;
f75113a2
JP		 1451
1452 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1453 params->auto_connect);
1454
1455 return 0;
1456}
1457
eca0ae4a
LAD		 1458static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1459{
6a42e9bf
IT		 1460 struct hci_conn *conn;
1461 u8 big;
eca0ae4a
LAD		 1462
1463 /* Allocate a BIG if not set */
0fe8c8d0 1464 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
6a42e9bf 1465 for (big = 0x00; big < 0xef; big++) {
eca0ae4a 1466
6a42e9bf
IT		 1467 conn = hci_conn_hash_lookup_big(hdev, big);
1468 if (!conn)
eca0ae4a
LAD		 1469 break;
1470 }
1471
6a42e9bf 1472 if (big == 0xef)
eca0ae4a
LAD		 1473 return -EADDRNOTAVAIL;
1474
1475 /* Update BIG */
6a42e9bf 1476 qos->bcast.big = big;
eca0ae4a
LAD		 1477 }
1478
1479 return 0;
1480}
1481
1482static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1483{
6a42e9bf
IT		 1484 struct hci_conn *conn;
1485 u8 bis;
eca0ae4a
LAD		 1486
1487 /* Allocate BIS if not set */
0fe8c8d0 1488 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
eca0ae4a
LAD		 1489 /* Find an unused adv set to advertise BIS, skip instance 0x00
1490 * since it is reserved as general purpose set.
1491 */
6a42e9bf
IT		 1492 for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1493 bis++) {
eca0ae4a 1494
6a42e9bf
IT		 1495 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1496 if (!conn)
eca0ae4a
LAD		 1497 break;
1498 }
1499
6a42e9bf 1500 if (bis == hdev->le_num_of_adv_sets)
eca0ae4a
LAD		 1501 return -EADDRNOTAVAIL;
1502
1503 /* Update BIS */
6a42e9bf 1504 qos->bcast.bis = bis;
eca0ae4a
LAD		 1505 }
1506
1507 return 0;
1508}
1509
1510/* This function requires the caller holds hdev->lock */
1511static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
a0bfde16
IT		 1512 struct bt_iso_qos *qos, __u8 base_len,
1513 __u8 *base)
eca0ae4a
LAD		 1514{
1515 struct hci_conn *conn;
eca0ae4a
LAD		 1516 int err;
1517
1518 /* Let's make sure that le is enabled.*/
1519 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1520 if (lmp_le_capable(hdev))
1521 return ERR_PTR(-ECONNREFUSED);
1522 return ERR_PTR(-EOPNOTSUPP);
1523 }
1524
1525 err = qos_set_big(hdev, qos);
1526 if (err)
1527 return ERR_PTR(err);
1528
1529 err = qos_set_bis(hdev, qos);
1530 if (err)
1531 return ERR_PTR(err);
1532
a0bfde16
IT		 1533 /* Check if the LE Create BIG command has already been sent */
1534 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1535 qos->bcast.big);
1536 if (conn)
eca0ae4a
LAD		 1537 return ERR_PTR(-EADDRINUSE);
1538
a0bfde16
IT		 1539 /* Check BIS settings against other bound BISes, since all
1540 * BISes in a BIG must have the same value for all parameters
1541 */
6a42e9bf 1542 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
a0bfde16
IT		 1543
1544 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1545 base_len != conn->le_per_adv_data_len ||
1546 memcmp(conn->le_per_adv_data, base, base_len)))
eca0ae4a
LAD		 1547 return ERR_PTR(-EADDRINUSE);
1548
1549 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1550 if (!conn)
1551 return ERR_PTR(-ENOMEM);
1552
eca0ae4a
LAD		 1553 conn->state = BT_CONNECT;
1554
1555 hci_conn_hold(conn);
1556 return conn;
1557}
1558
f75113a2
JP		 1559/* This function requires the caller holds hdev->lock */
1560struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1561 u8 dst_type, u8 sec_level,
76b13996
MM		 1562 u16 conn_timeout,
1563 enum conn_reasons conn_reason)
f75113a2
JP		 1564{
1565 struct hci_conn *conn;
f75113a2
JP		 1566
1567 /* Let's make sure that le is enabled.*/
1568 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1569 if (lmp_le_capable(hdev))
1570 return ERR_PTR(-ECONNREFUSED);
1571
1572 return ERR_PTR(-EOPNOTSUPP);
1573 }
1574
1575 /* Some devices send ATT messages as soon as the physical link is
1576 * established. To be able to handle these ATT messages, the user-
1577 * space first establishes the connection and then starts the pairing
1578 * process.
1579 *
1580 * So if a hci_conn object already exists for the following connection
1581 * attempt, we simply update pending_sec_level and auth_type fields
1582 * and return the object found.
1583 */
9d4c1cc1 1584 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
f75113a2
JP		 1585 if (conn) {
1586 if (conn->pending_sec_level < sec_level)
1587 conn->pending_sec_level = sec_level;
1588 goto done;
1589 }
1590
1591 BT_DBG("requesting refresh of dst_addr");
1592
0ad06aa6 1593 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
f75113a2
JP		 1594 if (!conn)
1595 return ERR_PTR(-ENOMEM);
1596
d088337c
NE		 1597 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1598 hci_conn_del(conn);
f75113a2 1599 return ERR_PTR(-EBUSY);
d088337c 1600 }
f75113a2
JP		 1601
1602 conn->state = BT_CONNECT;
1603 set_bit(HCI_CONN_SCANNING, &conn->flags);
f75113a2
JP		 1604 conn->dst_type = dst_type;
1605 conn->sec_level = BT_SECURITY_LOW;
1606 conn->pending_sec_level = sec_level;
1607 conn->conn_timeout = conn_timeout;
76b13996 1608 conn->conn_reason = conn_reason;
f75113a2 1609
5bee2fd6 1610 hci_update_passive_scan(hdev);
84235d22 1611
f75113a2
JP		 1612done:
1613 hci_conn_hold(conn);
1614 return conn;
1615}
1616
04a6c589 1617struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
76b13996
MM		 1618 u8 sec_level, u8 auth_type,
1619 enum conn_reasons conn_reason)
1da177e4
LT		 1620{
1621 struct hci_conn *acl;
fcd89c09 1622
d7a5a11d 1623 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
c411110e
LR		 1624 if (lmp_bredr_capable(hdev))
1625 return ERR_PTR(-ECONNREFUSED);
1626
beb19e4c 1627 return ERR_PTR(-EOPNOTSUPP);
c411110e 1628 }
56f87901 1629
70f23020
AE		 1630 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1631 if (!acl) {
a5c4e309 1632 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 1633 if (!acl)
48c7aba9 1634 return ERR_PTR(-ENOMEM);
1da177e4
LT		 1635 }
1636
1637 hci_conn_hold(acl);
1638
76b13996 1639 acl->conn_reason = conn_reason;
09ab6f4c 1640 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 1641 acl->sec_level = BT_SECURITY_LOW;
1642 acl->pending_sec_level = sec_level;
09ab6f4c 1643 acl->auth_type = auth_type;
1aef8669 1644 hci_acl_create_connection(acl);
09ab6f4c 1645 }
1da177e4 1646
db474275
VCG		 1647 return acl;
1648}
1649
06149746
LAD		 1650static struct hci_link *hci_conn_link(struct hci_conn *parent,
1651 struct hci_conn *conn)
1652{
1653 struct hci_dev *hdev = parent->hdev;
1654 struct hci_link *link;
1655
1656 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1657
1658 if (conn->link)
1659 return conn->link;
1660
1661 if (conn->parent)
1662 return NULL;
1663
1664 link = kzalloc(sizeof(*link), GFP_KERNEL);
1665 if (!link)
1666 return NULL;
1667
1668 link->conn = hci_conn_hold(conn);
1669 conn->link = link;
1670 conn->parent = hci_conn_get(parent);
1671
1672 /* Use list_add_tail_rcu append to the list */
1673 list_add_tail_rcu(&link->list, &parent->link_list);
1674
1675 return link;
1676}
1677
10c62ddc 1678struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
b2af264a 1679 __u16 setting, struct bt_codec *codec)
db474275
VCG		 1680{
1681 struct hci_conn *acl;
1682 struct hci_conn *sco;
06149746 1683 struct hci_link *link;
db474275 1684
76b13996
MM		 1685 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1686 CONN_REASON_SCO_CONNECT);
db474275 1687 if (IS_ERR(acl))
5b7f9909 1688 return acl;
1da177e4 1689
70f23020
AE		 1690 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1691 if (!sco) {
a5c4e309 1692 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 1693 if (!sco) {
76a68ba0 1694 hci_conn_drop(acl);
48c7aba9 1695 return ERR_PTR(-ENOMEM);
1da177e4 1696 }
5b7f9909 1697 }
1da177e4 1698
06149746
LAD		 1699 link = hci_conn_link(acl, sco);
1700 if (!link) {
1701 hci_conn_drop(acl);
1702 hci_conn_drop(sco);
b4066eb0 1703 return ERR_PTR(-ENOLINK);
06149746 1704 }
1da177e4 1705
10c62ddc 1706 sco->setting = setting;
b2af264a 1707 sco->codec = *codec;
10c62ddc 1708
5b7f9909 1709 if (acl->state == BT_CONNECTED &&
5974e4c4 1710 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 1711 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 1712 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 1713
51a8efd7 1714 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 1715 /* defer SCO setup until mode change completed */
51a8efd7 1716 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 1717 return sco;
1718 }
1719
1720 hci_sco_setup(acl, 0x00);
b6a0dc82 1721 }
5b7f9909
MH		 1722
1723 return sco;
1da177e4 1724}
1da177e4 1725
eca0ae4a
LAD		 1726static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1727{
1728 struct hci_dev *hdev = conn->hdev;
1729 struct hci_cp_le_create_big cp;
a0bfde16 1730 struct iso_list_data data;
eca0ae4a
LAD		 1731
1732 memset(&cp, 0, sizeof(cp));
1733
a0bfde16
IT		 1734 data.big = qos->bcast.big;
1735 data.bis = qos->bcast.bis;
1736 data.count = 0;
1737
1738 /* Create a BIS for each bound connection */
1739 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1740 BT_BOUND, &data);
1741
0fe8c8d0
IT		 1742 cp.handle = qos->bcast.big;
1743 cp.adv_handle = qos->bcast.bis;
a0bfde16 1744 cp.num_bis = data.count;
0fe8c8d0
IT		 1745 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1746 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1747 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1748 cp.bis.rtn = qos->bcast.out.rtn;
1749 cp.bis.phy = qos->bcast.out.phy;
1750 cp.bis.packing = qos->bcast.packing;
1751 cp.bis.framing = qos->bcast.framing;
1752 cp.bis.encryption = qos->bcast.encryption;
1753 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
eca0ae4a
LAD		 1754
1755 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1756}
1757
a0912892 1758static int set_cig_params_sync(struct hci_dev *hdev, void *data)
6b9545dc 1759{
a1f6c3ae 1760 u8 cig_id = PTR_UINT(data);
a0912892
LAD		 1761 struct hci_conn *conn;
1762 struct bt_iso_qos *qos;
1763 struct iso_cig_params pdu;
1764 u8 cis_id;
6b9545dc 1765
a0912892
LAD		 1766 conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1767 if (!conn)
1768 return 0;
6b9545dc 1769
a0912892 1770 memset(&pdu, 0, sizeof(pdu));
6b9545dc 1771
a0912892
LAD		 1772 qos = &conn->iso_qos;
1773 pdu.cp.cig_id = cig_id;
1774 hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1775 hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1776 pdu.cp.sca = qos->ucast.sca;
1777 pdu.cp.packing = qos->ucast.packing;
1778 pdu.cp.framing = qos->ucast.framing;
1779 pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1780 pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
6b9545dc 1781
a0912892
LAD		 1782 /* Reprogram all CIS(s) with the same CIG, valid range are:
1783 * num_cis: 0x00 to 0x1F
1784 * cis_id: 0x00 to 0xEF
1785 */
1786 for (cis_id = 0x00; cis_id < 0xf0 &&
1787 pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1788 struct hci_cis_params *cis;
1789
1790 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1791 if (!conn)
1792 continue;
6b9545dc 1793
a0912892
LAD		 1794 qos = &conn->iso_qos;
1795
1796 cis = &pdu.cis[pdu.cp.num_cis++];
1797 cis->cis_id = cis_id;
1798 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1799 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1800 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1801 qos->ucast.in.phy;
1802 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1803 qos->ucast.out.phy;
1804 cis->c_rtn = qos->ucast.out.rtn;
1805 cis->p_rtn = qos->ucast.in.rtn;
1806 }
1807
1808 if (!pdu.cp.num_cis)
1809 return 0;
1810
1811 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1812 sizeof(pdu.cp) +
1813 pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
6b9545dc
PV		 1814 HCI_CMD_TIMEOUT);
1815}
1816
26afbd82
LAD		 1817static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1818{
1819 struct hci_dev *hdev = conn->hdev;
1820 struct iso_list_data data;
1821
1822 memset(&data, 0, sizeof(data));
1823
e6a7a46b 1824 /* Allocate first still reconfigurable CIG if not set */
0fe8c8d0 1825 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
e6a7a46b 1826 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
26afbd82 1827 data.count = 0;
26afbd82 1828
e6a7a46b
PV		 1829 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1830 BT_CONNECT, &data);
26afbd82
LAD		 1831 if (data.count)
1832 continue;
1833
e6a7a46b 1834 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
26afbd82
LAD		 1835 BT_CONNECTED, &data);
1836 if (!data.count)
1837 break;
1838 }
1839
e6a7a46b 1840 if (data.cig == 0xf0)
26afbd82
LAD		 1841 return false;
1842
1843 /* Update CIG */
0fe8c8d0 1844 qos->ucast.cig = data.cig;
26afbd82
LAD		 1845 }
1846
0fe8c8d0 1847 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
a0912892
LAD		 1848 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1849 qos->ucast.cis))
26afbd82 1850 return false;
a0912892 1851 goto done;
26afbd82
LAD		 1852 }
1853
a0912892
LAD		 1854 /* Allocate first available CIS if not set */
1855 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1856 data.cis++) {
1857 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1858 data.cis)) {
26afbd82 1859 /* Update CIS */
0fe8c8d0 1860 qos->ucast.cis = data.cis;
a0912892 1861 break;
26afbd82
LAD		 1862 }
1863 }
1864
a0912892 1865 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
26afbd82
LAD		 1866 return false;
1867
a0912892
LAD		 1868done:
1869 if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
a1f6c3ae 1870 UINT_PTR(qos->ucast.cig), NULL) < 0)
6b9545dc 1871 return false;
6b9545dc 1872
26afbd82
LAD		 1873 return true;
1874}
1875
26afbd82
LAD		 1876struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1877 __u8 dst_type, struct bt_iso_qos *qos)
1878{
1879 struct hci_conn *cis;
1880
c14516fa
LAD		 1881 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1882 qos->ucast.cis);
26afbd82
LAD		 1883 if (!cis) {
1884 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1885 if (!cis)
1886 return ERR_PTR(-ENOMEM);
1887 cis->cleanup = cis_cleanup;
b36a234d 1888 cis->dst_type = dst_type;
b5793de3
PV		 1889 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1890 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
26afbd82
LAD		 1891 }
1892
1893 if (cis->state == BT_CONNECTED)
1894 return cis;
1895
1896 /* Check if CIS has been set and the settings matches */
1897 if (cis->state == BT_BOUND &&
1898 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1899 return cis;
1900
1901 /* Update LINK PHYs according to QoS preference */
0fe8c8d0
IT		 1902 cis->le_tx_phy = qos->ucast.out.phy;
1903 cis->le_rx_phy = qos->ucast.in.phy;
26afbd82
LAD		 1904
1905 /* If output interval is not set use the input interval as it cannot be
1906 * 0x000000.
1907 */
0fe8c8d0
IT		 1908 if (!qos->ucast.out.interval)
1909 qos->ucast.out.interval = qos->ucast.in.interval;
26afbd82
LAD		 1910
1911 /* If input interval is not set use the output interval as it cannot be
1912 * 0x000000.
1913 */
0fe8c8d0
IT		 1914 if (!qos->ucast.in.interval)
1915 qos->ucast.in.interval = qos->ucast.out.interval;
26afbd82
LAD		 1916
1917 /* If output latency is not set use the input latency as it cannot be
1918 * 0x0000.
1919 */
0fe8c8d0
IT		 1920 if (!qos->ucast.out.latency)
1921 qos->ucast.out.latency = qos->ucast.in.latency;
26afbd82
LAD		 1922
1923 /* If input latency is not set use the output latency as it cannot be
1924 * 0x0000.
1925 */
0fe8c8d0
IT		 1926 if (!qos->ucast.in.latency)
1927 qos->ucast.in.latency = qos->ucast.out.latency;
26afbd82 1928
26afbd82
LAD		 1929 if (!hci_le_set_cig_params(cis, qos)) {
1930 hci_conn_drop(cis);
1931 return ERR_PTR(-EINVAL);
1932 }
1933
69997d50
PV		 1934 hci_conn_hold(cis);
1935
26afbd82
LAD		 1936 cis->iso_qos = *qos;
1937 cis->state = BT_BOUND;
1938
1939 return cis;
1940}
1941
1942bool hci_iso_setup_path(struct hci_conn *conn)
1943{
1944 struct hci_dev *hdev = conn->hdev;
1945 struct hci_cp_le_setup_iso_path cmd;
1946
1947 memset(&cmd, 0, sizeof(cmd));
1948
0fe8c8d0 1949 if (conn->iso_qos.ucast.out.sdu) {
26afbd82
LAD		 1950 cmd.handle = cpu_to_le16(conn->handle);
1951 cmd.direction = 0x00; /* Input (Host to Controller) */
1952 cmd.path = 0x00; /* HCI path if enabled */
1953 cmd.codec = 0x03; /* Transparent Data */
1954
1955 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1956 &cmd) < 0)
1957 return false;
1958 }
1959
0fe8c8d0 1960 if (conn->iso_qos.ucast.in.sdu) {
26afbd82
LAD		 1961 cmd.handle = cpu_to_le16(conn->handle);
1962 cmd.direction = 0x01; /* Output (Controller to Host) */
1963 cmd.path = 0x00; /* HCI path if enabled */
1964 cmd.codec = 0x03; /* Transparent Data */
1965
1966 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1967 &cmd) < 0)
1968 return false;
1969 }
1970
1971 return true;
1972}
1973
7f74563e 1974int hci_conn_check_create_cis(struct hci_conn *conn)
26afbd82 1975{
7f74563e
PV		 1976 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1977 return -EINVAL;
26afbd82 1978
7f74563e 1979 if (!conn->parent || conn->parent->state != BT_CONNECTED ||
9f78191c 1980 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
7f74563e 1981 return 1;
26afbd82 1982
7f74563e
PV		 1983 return 0;
1984}
06149746 1985
7f74563e
PV		 1986static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1987{
1988 return hci_le_create_cis_sync(hdev);
1989}
06149746 1990
7f74563e
PV		 1991int hci_le_create_cis_pending(struct hci_dev *hdev)
1992{
1993 struct hci_conn *conn;
1994 bool pending = false;
06149746 1995
7f74563e 1996 rcu_read_lock();
06149746 1997
7f74563e
PV		 1998 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1999 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
2000 rcu_read_unlock();
2001 return -EBUSY;
06149746
LAD		 2002 }
2003
7f74563e
PV		 2004 if (!hci_conn_check_create_cis(conn))
2005 pending = true;
26afbd82
LAD		 2006 }
2007
7f74563e
PV		 2008 rcu_read_unlock();
2009
2010 if (!pending)
26afbd82
LAD		 2011 return 0;
2012
2013 /* Queue Create CIS */
7f74563e 2014 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
26afbd82
LAD		 2015}
2016
2017static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
2018 struct bt_iso_io_qos *qos, __u8 phy)
2019{
2020 /* Only set MTU if PHY is enabled */
2021 if (!qos->sdu && qos->phy) {
2022 if (hdev->iso_mtu > 0)
2023 qos->sdu = hdev->iso_mtu;
2024 else if (hdev->le_mtu > 0)
2025 qos->sdu = hdev->le_mtu;
2026 else
2027 qos->sdu = hdev->acl_mtu;
2028 }
2029
2030 /* Use the same PHY as ACL if set to any */
2031 if (qos->phy == BT_ISO_PHY_ANY)
2032 qos->phy = phy;
2033
2034 /* Use LE ACL connection interval if not set */
2035 if (!qos->interval)
2036 /* ACL interval unit in 1.25 ms to us */
2037 qos->interval = conn->le_conn_interval * 1250;
2038
2039 /* Use LE ACL connection latency if not set */
2040 if (!qos->latency)
2041 qos->latency = conn->le_conn_latency;
2042}
2043
eca0ae4a
LAD		 2044static int create_big_sync(struct hci_dev *hdev, void *data)
2045{
2046 struct hci_conn *conn = data;
2047 struct bt_iso_qos *qos = &conn->iso_qos;
2048 u16 interval, sync_interval = 0;
2049 u32 flags = 0;
2050 int err;
2051
0fe8c8d0 2052 if (qos->bcast.out.phy == 0x02)
eca0ae4a
LAD		 2053 flags |= MGMT_ADV_FLAG_SEC_2M;
2054
2055 /* Align intervals */
14f0dcec 2056 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
eca0ae4a 2057
0fe8c8d0 2058 if (qos->bcast.bis)
14f0dcec 2059 sync_interval = interval * 4;
eca0ae4a 2060
0fe8c8d0 2061 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
eca0ae4a
LAD		 2062 conn->le_per_adv_data, flags, interval,
2063 interval, sync_interval);
2064 if (err)
2065 return err;
2066
2067 return hci_le_create_big(conn, &conn->iso_qos);
2068}
2069
2070static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2071{
2072 struct hci_cp_le_pa_create_sync *cp = data;
2073
2074 bt_dev_dbg(hdev, "");
2075
2076 if (err)
2077 bt_dev_err(hdev, "Unable to create PA: %d", err);
2078
2079 kfree(cp);
2080}
2081
2082static int create_pa_sync(struct hci_dev *hdev, void *data)
2083{
2084 struct hci_cp_le_pa_create_sync *cp = data;
2085 int err;
2086
2087 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2088 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2089 if (err) {
2090 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2091 return err;
2092 }
2093
2094 return hci_update_passive_scan_sync(hdev);
2095}
2096
2097int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
0fe8c8d0 2098 __u8 sid, struct bt_iso_qos *qos)
eca0ae4a
LAD		 2099{
2100 struct hci_cp_le_pa_create_sync *cp;
2101
2102 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2103 return -EBUSY;
2104
37224a29 2105 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
eca0ae4a
LAD		 2106 if (!cp) {
2107 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2108 return -ENOMEM;
2109 }
2110
0fe8c8d0 2111 cp->options = qos->bcast.options;
eca0ae4a
LAD		 2112 cp->sid = sid;
2113 cp->addr_type = dst_type;
2114 bacpy(&cp->addr, dst);
0fe8c8d0
IT		 2115 cp->skip = cpu_to_le16(qos->bcast.skip);
2116 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2117 cp->sync_cte_type = qos->bcast.sync_cte_type;
eca0ae4a
LAD		 2118
2119 /* Queue start pa_create_sync and scan */
2120 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2121}
2122
fbdc4bc4
IT		 2123int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
2124 struct bt_iso_qos *qos,
eca0ae4a
LAD		 2125 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2126{
2127 struct _packed {
2128 struct hci_cp_le_big_create_sync cp;
2129 __u8 bis[0x11];
2130 } pdu;
2131 int err;
2132
2133 if (num_bis > sizeof(pdu.bis))
2134 return -EINVAL;
2135
2136 err = qos_set_big(hdev, qos);
2137 if (err)
2138 return err;
2139
fbdc4bc4
IT		 2140 if (hcon)
2141 hcon->iso_qos.bcast.big = qos->bcast.big;
2142
eca0ae4a 2143 memset(&pdu, 0, sizeof(pdu));
0fe8c8d0 2144 pdu.cp.handle = qos->bcast.big;
eca0ae4a 2145 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
0fe8c8d0
IT		 2146 pdu.cp.encryption = qos->bcast.encryption;
2147 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2148 pdu.cp.mse = qos->bcast.mse;
2149 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
eca0ae4a
LAD		 2150 pdu.cp.num_bis = num_bis;
2151 memcpy(pdu.bis, bis, num_bis);
2152
2153 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2154 sizeof(pdu.cp) + num_bis, &pdu);
2155}
2156
2157static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2158{
2159 struct hci_conn *conn = data;
2160
2161 bt_dev_dbg(hdev, "conn %p", conn);
2162
2163 if (err) {
2164 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2165 hci_connect_cfm(conn, err);
2166 hci_conn_del(conn);
2167 }
2168}
2169
a0bfde16
IT		 2170struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2171 struct bt_iso_qos *qos,
2172 __u8 base_len, __u8 *base)
eca0ae4a
LAD		 2173{
2174 struct hci_conn *conn;
a0bfde16
IT		 2175 __u8 eir[HCI_MAX_PER_AD_LENGTH];
2176
2177 if (base_len && base)
2178 base_len = eir_append_service_data(eir, 0, 0x1851,
2179 base, base_len);
eca0ae4a
LAD		 2180
2181 /* We need hci_conn object using the BDADDR_ANY as dst */
a0bfde16 2182 conn = hci_add_bis(hdev, dst, qos, base_len, eir);
eca0ae4a
LAD		 2183 if (IS_ERR(conn))
2184 return conn;
2185
a0bfde16
IT		 2186 /* Update LINK PHYs according to QoS preference */
2187 conn->le_tx_phy = qos->bcast.out.phy;
2188 conn->le_tx_phy = qos->bcast.out.phy;
eca0ae4a
LAD		 2189
2190 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2191 if (base_len && base) {
a0bfde16 2192 memcpy(conn->le_per_adv_data, eir, sizeof(eir));
eca0ae4a
LAD		 2193 conn->le_per_adv_data_len = base_len;
2194 }
2195
a0bfde16
IT		 2196 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2197 conn->le_tx_phy ? conn->le_tx_phy :
2198 hdev->le_tx_def_phys);
2199
2200 conn->iso_qos = *qos;
2201 conn->state = BT_BOUND;
2202
2203 return conn;
2204}
2205
2206static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2207{
2208 struct iso_list_data *d = data;
2209
2210 /* Skip if not broadcast/ANY address */
2211 if (bacmp(&conn->dst, BDADDR_ANY))
2212 return;
2213
2214 if (d->big != conn->iso_qos.bcast.big ||
2215 d->bis == BT_ISO_QOS_BIS_UNSET ||
2216 d->bis != conn->iso_qos.bcast.bis)
2217 return;
2218
2219 set_bit(HCI_CONN_PER_ADV, &conn->flags);
2220}
2221
2222struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2223 __u8 dst_type, struct bt_iso_qos *qos,
2224 __u8 base_len, __u8 *base)
2225{
2226 struct hci_conn *conn;
2227 int err;
2228 struct iso_list_data data;
2229
2230 conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2231 if (IS_ERR(conn))
2232 return conn;
2233
2234 data.big = qos->bcast.big;
2235 data.bis = qos->bcast.bis;
2236
2237 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2238 * the start periodic advertising and create BIG commands have
2239 * been queued
2240 */
2241 hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2242 BT_BOUND, &data);
2243
eca0ae4a
LAD		 2244 /* Queue start periodic advertising and create BIG */
2245 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2246 create_big_complete);
2247 if (err < 0) {
2248 hci_conn_drop(conn);
2249 return ERR_PTR(err);
2250 }
2251
eca0ae4a
LAD		 2252 return conn;
2253}
2254
26afbd82
LAD		 2255struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2256 __u8 dst_type, struct bt_iso_qos *qos)
2257{
2258 struct hci_conn *le;
2259 struct hci_conn *cis;
06149746 2260 struct hci_link *link;
26afbd82 2261
26afbd82
LAD		 2262 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2263 le = hci_connect_le(hdev, dst, dst_type, false,
2264 BT_SECURITY_LOW,
2265 HCI_LE_CONN_TIMEOUT,
2266 HCI_ROLE_SLAVE);
2267 else
2268 le = hci_connect_le_scan(hdev, dst, dst_type,
2269 BT_SECURITY_LOW,
2270 HCI_LE_CONN_TIMEOUT,
2271 CONN_REASON_ISO_CONNECT);
2272 if (IS_ERR(le))
2273 return le;
2274
0fe8c8d0 2275 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
26afbd82 2276 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
0fe8c8d0 2277 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
26afbd82
LAD		 2278 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2279
2280 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2281 if (IS_ERR(cis)) {
2282 hci_conn_drop(le);
2283 return cis;
2284 }
2285
06149746
LAD		 2286 link = hci_conn_link(le, cis);
2287 if (!link) {
2288 hci_conn_drop(le);
2289 hci_conn_drop(cis);
b4066eb0 2290 return ERR_PTR(-ENOLINK);
06149746 2291 }
26afbd82 2292
69997d50
PV		 2293 /* Link takes the refcount */
2294 hci_conn_drop(cis);
2295
7f74563e
PV		 2296 cis->state = BT_CONNECT;
2297
2298 hci_le_create_cis_pending(hdev);
26afbd82
LAD		 2299
2300 return cis;
2301}
2302
e7c29cb1
MH		 2303/* Check link security requirement */
2304int hci_conn_check_link_mode(struct hci_conn *conn)
2305{
38b3fef1 2306 BT_DBG("hcon %p", conn);
e7c29cb1 2307
40b552aa
MH		 2308 /* In Secure Connections Only mode, it is required that Secure
2309 * Connections is used and the link is encrypted with AES-CCM
2310 * using a P-256 authenticated combination key.
2311 */
d7a5a11d 2312 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
40b552aa
MH		 2313 if (!hci_conn_sc_enabled(conn) ||
2314 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2315 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2316 return 0;
2317 }
2318
8746f135
LAD		 2319 /* AES encryption is required for Level 4:
2320 *
2321 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2322 * page 1319:
2323 *
2324 * 128-bit equivalent strength for link and encryption keys
2325 * required using FIPS approved algorithms (E0 not allowed,
2326 * SAFER+ not allowed, and P-192 not allowed; encryption key
2327 * not shortened)
2328 */
2329 if (conn->sec_level == BT_SECURITY_FIPS &&
2330 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2331 bt_dev_err(conn->hdev,
2332 "Invalid security: Missing AES-CCM usage");
2333 return 0;
2334 }
2335
4dae2798
JH		 2336 if (hci_conn_ssp_enabled(conn) &&
2337 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 2338 return 0;
2339
2340 return 1;
2341}
e7c29cb1 2342
1da177e4 2343/* Authenticate remote device */
0684e5f9 2344static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 2345{
38b3fef1 2346 BT_DBG("hcon %p", conn);
1da177e4 2347
765c2a96
JH		 2348 if (conn->pending_sec_level > sec_level)
2349 sec_level = conn->pending_sec_level;
2350
96a31833 2351 if (sec_level > conn->sec_level)
765c2a96 2352 conn->pending_sec_level = sec_level;
4dae2798 2353 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 2354 return 1;
2355
65cf686e
JH		 2356 /* Make sure we preserve an existing MITM requirement*/
2357 auth_type |= (conn->auth_type & 0x01);
2358
96a31833
MH		 2359 conn->auth_type = auth_type;
2360
51a8efd7 2361 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 2362 struct hci_cp_auth_requested cp;
b7d05bad 2363
aca3192c 2364 cp.handle = cpu_to_le16(conn->handle);
40be492f 2365 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 2366 sizeof(cp), &cp);
09da1f34
JH		 2367
2368 /* If we're already encrypted set the REAUTH_PEND flag,
2369 * otherwise set the ENCRYPT_PEND.
2370 */
4dae2798 2371 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 2372 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 2373 else
2374 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2375 }
8c1b2355 2376
1da177e4
LT		 2377 return 0;
2378}
1da177e4 2379
bb6d6895 2380/* Encrypt the link */
13d39315
WR		 2381static void hci_conn_encrypt(struct hci_conn *conn)
2382{
38b3fef1 2383 BT_DBG("hcon %p", conn);
13d39315 2384
51a8efd7 2385 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 2386 struct hci_cp_set_conn_encrypt cp;
2387 cp.handle = cpu_to_le16(conn->handle);
2388 cp.encrypt = 0x01;
2389 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 2390 &cp);
13d39315
WR		 2391 }
2392}
2393
8c1b2355 2394/* Enable security */
e7cafc45
JH		 2395int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2396 bool initiator)
1da177e4 2397{
38b3fef1 2398 BT_DBG("hcon %p", conn);
1da177e4 2399
d8343f12
VCG		 2400 if (conn->type == LE_LINK)
2401 return smp_conn_security(conn, sec_level);
2402
13d39315 2403 /* For sdp we don't need the link key. */
8c1b2355
MH		 2404 if (sec_level == BT_SECURITY_SDP)
2405 return 1;
2406
13d39315
WR		 2407 /* For non 2.1 devices and low security level we don't need the link
2408 key. */
aa64a8b5 2409 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 2410 return 1;
8c1b2355 2411
13d39315 2412 /* For other security levels we need the link key. */
4dae2798 2413 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 2414 goto auth;
2415
1d8e8014
YH		 2416 switch (conn->key_type) {
2417 case HCI_LK_AUTH_COMBINATION_P256:
2418 /* An authenticated FIPS approved combination key has
2419 * sufficient security for security level 4 or lower.
2420 */
2421 if (sec_level <= BT_SECURITY_FIPS)
2422 goto encrypt;
2423 break;
2424 case HCI_LK_AUTH_COMBINATION_P192:
2425 /* An authenticated combination key has sufficient security for
2426 * security level 3 or lower.
2427 */
2428 if (sec_level <= BT_SECURITY_HIGH)
2429 goto encrypt;
2430 break;
2431 case HCI_LK_UNAUTH_COMBINATION_P192:
2432 case HCI_LK_UNAUTH_COMBINATION_P256:
2433 /* An unauthenticated combination key has sufficient security
2434 * for security level 2 or lower.
2435 */
2436 if (sec_level <= BT_SECURITY_MEDIUM)
2437 goto encrypt;
2438 break;
2439 case HCI_LK_COMBINATION:
2440 /* A combination key has always sufficient security for the
2441 * security levels 2 or lower. High security level requires the
2442 * combination key is generated using maximum PIN code length
2443 * (16). For pre 2.1 units.
2444 */
2445 if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16)
2446 goto encrypt;
2447 break;
2448 default:
2449 break;
2450 }
13d39315
WR		 2451
2452auth:
51a8efd7 2453 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 2454 return 0;
2455
977f8fce
JH		 2456 if (initiator)
2457 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2458
6fdf658c
LAD		 2459 if (!hci_conn_auth(conn, sec_level, auth_type))
2460 return 0;
13d39315
WR		 2461
2462encrypt:
693cd8ce
MH		 2463 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2464 /* Ensure that the encryption key size has been read,
2465 * otherwise stall the upper layer responses.
2466 */
2467 if (!conn->enc_key_size)
2468 return 0;
2469
2470 /* Nothing else needed, all requirements are met */
13d39315 2471 return 1;
693cd8ce 2472 }
8c1b2355 2473
13d39315 2474 hci_conn_encrypt(conn);
1da177e4
LT		 2475 return 0;
2476}
8c1b2355 2477EXPORT_SYMBOL(hci_conn_security);
1da177e4 2478
b3b1b061
WR		 2479/* Check secure link requirement */
2480int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2481{
38b3fef1 2482 BT_DBG("hcon %p", conn);
b3b1b061 2483
9cb2e030
MH		 2484 /* Accept if non-secure or higher security level is required */
2485 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2486 return 1;
b3b1b061 2487
9cb2e030
MH		 2488 /* Accept if secure or higher security level is already present */
2489 if (conn->sec_level == BT_SECURITY_HIGH ||
2490 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 2491 return 1;
2492
9cb2e030
MH		 2493 /* Reject not secure link */
2494 return 0;
b3b1b061
WR		 2495}
2496EXPORT_SYMBOL(hci_conn_check_secure);
2497
1da177e4 2498/* Switch role */
8c1b2355 2499int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 2500{
38b3fef1 2501 BT_DBG("hcon %p", conn);
1da177e4 2502
40bef302 2503 if (role == conn->role)
1da177e4
LT		 2504 return 1;
2505
51a8efd7 2506 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 2507 struct hci_cp_switch_role cp;
2508 bacpy(&cp.bdaddr, &conn->dst);
2509 cp.role = role;
a9de9248 2510 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 2511 }
8c1b2355 2512
1da177e4
LT		 2513 return 0;
2514}
2515EXPORT_SYMBOL(hci_conn_switch_role);
2516
04837f64 2517/* Enter active mode */
14b12d0b 2518void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 2519{
2520 struct hci_dev *hdev = conn->hdev;
2521
38b3fef1 2522 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 2523
14b12d0b
JG		 2524 if (conn->mode != HCI_CM_SNIFF)
2525 goto timer;
2526
58a681ef 2527 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 2528 goto timer;
2529
51a8efd7 2530 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 2531 struct hci_cp_exit_sniff_mode cp;
aca3192c 2532 cp.handle = cpu_to_le16(conn->handle);
a9de9248 2533 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 2534 }
2535
2536timer:
2537 if (hdev->idle_timeout > 0)
a74a84f6
JH		 2538 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2539 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 2540}
2541
1da177e4
LT		 2542/* Drop all connection on the device */
2543void hci_conn_hash_flush(struct hci_dev *hdev)
2544{
a2ac591c
RL		 2545 struct list_head *head = &hdev->conn_hash.list;
2546 struct hci_conn *conn;
1da177e4
LT		 2547
2548 BT_DBG("hdev %s", hdev->name);
2549
a2ac591c
RL		 2550 /* We should not traverse the list here, because hci_conn_del
2551 * can remove extra links, which may cause the list traversal
2552 * to hit items that have already been released.
2553 */
2554 while ((conn = list_first_entry_or_null(head,
2555 struct hci_conn,
2556 list)) != NULL) {
2557 conn->state = BT_CLOSED;
2558 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
a2ac591c 2559 hci_conn_del(conn);
1da177e4
LT		 2560 }
2561}
2562
a9de9248
MH		 2563/* Check pending connect attempts */
2564void hci_conn_check_pending(struct hci_dev *hdev)
2565{
2566 struct hci_conn *conn;
2567
2568 BT_DBG("hdev %s", hdev->name);
2569
2570 hci_dev_lock(hdev);
2571
2572 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2573 if (conn)
1aef8669 2574 hci_acl_create_connection(conn);
a9de9248
MH		 2575
2576 hci_dev_unlock(hdev);
2577}
2578
4dae2798
JH		 2579static u32 get_link_mode(struct hci_conn *conn)
2580{
2581 u32 link_mode = 0;
2582
40bef302 2583 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 2584 link_mode |= HCI_LM_MASTER;
2585
2586 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2587 link_mode |= HCI_LM_ENCRYPT;
2588
2589 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2590 link_mode |= HCI_LM_AUTH;
2591
2592 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2593 link_mode |= HCI_LM_SECURE;
2594
2595 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2596 link_mode |= HCI_LM_FIPS;
2597
2598 return link_mode;
2599}
2600
1da177e4
LT		 2601int hci_get_conn_list(void __user *arg)
2602{
fc5fef61 2603 struct hci_conn *c;
1da177e4
LT		 2604 struct hci_conn_list_req req, *cl;
2605 struct hci_conn_info *ci;
2606 struct hci_dev *hdev;
1da177e4
LT		 2607 int n = 0, size, err;
2608
2609 if (copy_from_user(&req, arg, sizeof(req)))
2610 return -EFAULT;
2611
2612 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2613 return -EINVAL;
2614
2615 size = sizeof(req) + req.conn_num * sizeof(*ci);
2616
70f23020
AE		 2617 cl = kmalloc(size, GFP_KERNEL);
2618 if (!cl)
1da177e4
LT		 2619 return -ENOMEM;
2620
70f23020
AE		 2621 hdev = hci_dev_get(req.dev_id);
2622 if (!hdev) {
1da177e4
LT		 2623 kfree(cl);
2624 return -ENODEV;
2625 }
2626
2627 ci = cl->conn_info;
2628
09fd0de5 2629 hci_dev_lock(hdev);
8035ded4 2630 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 2631 bacpy(&(ci + n)->bdaddr, &c->dst);
2632 (ci + n)->handle = c->handle;
2633 (ci + n)->type = c->type;
2634 (ci + n)->out = c->out;
2635 (ci + n)->state = c->state;
4dae2798 2636 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 2637 if (++n >= req.conn_num)
2638 break;
2639 }
09fd0de5 2640 hci_dev_unlock(hdev);
1da177e4
LT		 2641
2642 cl->dev_id = hdev->id;
2643 cl->conn_num = n;
2644 size = sizeof(req) + n * sizeof(*ci);
2645
2646 hci_dev_put(hdev);
2647
2648 err = copy_to_user(arg, cl, size);
2649 kfree(cl);
2650
2651 return err ? -EFAULT : 0;
2652}
2653
2654int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2655{
2656 struct hci_conn_info_req req;
2657 struct hci_conn_info ci;
2658 struct hci_conn *conn;
2659 char __user *ptr = arg + sizeof(req);
2660
2661 if (copy_from_user(&req, arg, sizeof(req)))
2662 return -EFAULT;
2663
09fd0de5 2664 hci_dev_lock(hdev);
1da177e4
LT		 2665 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2666 if (conn) {
2667 bacpy(&ci.bdaddr, &conn->dst);
2668 ci.handle = conn->handle;
2669 ci.type = conn->type;
2670 ci.out = conn->out;
2671 ci.state = conn->state;
4dae2798 2672 ci.link_mode = get_link_mode(conn);
1da177e4 2673 }
09fd0de5 2674 hci_dev_unlock(hdev);
1da177e4
LT		 2675
2676 if (!conn)
2677 return -ENOENT;
2678
2679 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2680}
40be492f
MH		 2681
2682int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2683{
2684 struct hci_auth_info_req req;
2685 struct hci_conn *conn;
2686
2687 if (copy_from_user(&req, arg, sizeof(req)))
2688 return -EFAULT;
2689
09fd0de5 2690 hci_dev_lock(hdev);
40be492f
MH		 2691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2692 if (conn)
2693 req.type = conn->auth_type;
09fd0de5 2694 hci_dev_unlock(hdev);
40be492f
MH		 2695
2696 if (!conn)
2697 return -ENOENT;
2698
2699 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2700}
73d80deb
LAD		 2701
2702struct hci_chan *hci_chan_create(struct hci_conn *conn)
2703{
2704 struct hci_dev *hdev = conn->hdev;
2705 struct hci_chan *chan;
2706
38b3fef1 2707 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 2708
f94b665d
JH		 2709 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2710 BT_DBG("Refusing to create new hci_chan");
2711 return NULL;
2712 }
2713
27f70f3e 2714 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 2715 if (!chan)
2716 return NULL;
2717
6c388d32 2718 chan->conn = hci_conn_get(conn);
73d80deb 2719 skb_queue_head_init(&chan->data_q);
168df8e5 2720 chan->state = BT_CONNECTED;
73d80deb 2721
8192edef 2722 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 2723
2724 return chan;
2725}
2726
9472007c 2727void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 2728{
2729 struct hci_conn *conn = chan->conn;
2730 struct hci_dev *hdev = conn->hdev;
2731
38b3fef1 2732 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 2733
8192edef
GP		 2734 list_del_rcu(&chan->list);
2735
2736 synchronize_rcu();
73d80deb 2737
bcbb655a 2738 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 2739 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 2740
6c388d32 2741 hci_conn_put(conn);
e9b02748 2742
73d80deb
LAD		 2743 skb_queue_purge(&chan->data_q);
2744 kfree(chan);
73d80deb
LAD		 2745}
2746
2c33c06a 2747void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 2748{
2a5a5ec6 2749 struct hci_chan *chan, *n;
73d80deb 2750
38b3fef1 2751 BT_DBG("hcon %p", conn);
73d80deb 2752
2a5a5ec6 2753 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 2754 hci_chan_del(chan);
2755}
42c4e53e
AE		 2756
2757static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2758 __u16 handle)
2759{
2760 struct hci_chan *hchan;
2761
2762 list_for_each_entry(hchan, &hcon->chan_list, list) {
2763 if (hchan->handle == handle)
2764 return hchan;
2765 }
2766
2767 return NULL;
2768}
2769
2770struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2771{
2772 struct hci_conn_hash *h = &hdev->conn_hash;
2773 struct hci_conn *hcon;
2774 struct hci_chan *hchan = NULL;
2775
2776 rcu_read_lock();
2777
2778 list_for_each_entry_rcu(hcon, &h->list, list) {
2779 hchan = __hci_chan_lookup_handle(hcon, handle);
2780 if (hchan)
2781 break;
2782 }
2783
2784 rcu_read_unlock();
2785
2786 return hchan;
2787}
eab2404b
LAD		 2788
2789u32 hci_conn_get_phy(struct hci_conn *conn)
2790{
2791 u32 phys = 0;
2792
eab2404b
LAD		 2793 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2794 * Table 6.2: Packets defined for synchronous, asynchronous, and
6397729b 2795 * CPB logical transport types.
eab2404b
LAD		 2796 */
2797 switch (conn->type) {
2798 case SCO_LINK:
2799 /* SCO logical transport (1 Mb/s):
2800 * HV1, HV2, HV3 and DV.
2801 */
2802 phys |= BT_PHY_BR_1M_1SLOT;
2803
2804 break;
2805
2806 case ACL_LINK:
2807 /* ACL logical transport (1 Mb/s) ptt=0:
2808 * DH1, DM3, DH3, DM5 and DH5.
2809 */
2810 phys |= BT_PHY_BR_1M_1SLOT;
2811
2812 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2813 phys |= BT_PHY_BR_1M_3SLOT;
2814
2815 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2816 phys |= BT_PHY_BR_1M_5SLOT;
2817
2818 /* ACL logical transport (2 Mb/s) ptt=1:
2819 * 2-DH1, 2-DH3 and 2-DH5.
2820 */
2821 if (!(conn->pkt_type & HCI_2DH1))
2822 phys |= BT_PHY_EDR_2M_1SLOT;
2823
2824 if (!(conn->pkt_type & HCI_2DH3))
2825 phys |= BT_PHY_EDR_2M_3SLOT;
2826
2827 if (!(conn->pkt_type & HCI_2DH5))
2828 phys |= BT_PHY_EDR_2M_5SLOT;
2829
2830 /* ACL logical transport (3 Mb/s) ptt=1:
2831 * 3-DH1, 3-DH3 and 3-DH5.
2832 */
2833 if (!(conn->pkt_type & HCI_3DH1))
2834 phys |= BT_PHY_EDR_3M_1SLOT;
2835
2836 if (!(conn->pkt_type & HCI_3DH3))
2837 phys |= BT_PHY_EDR_3M_3SLOT;
2838
2839 if (!(conn->pkt_type & HCI_3DH5))
2840 phys |= BT_PHY_EDR_3M_5SLOT;
2841
2842 break;
2843
2844 case ESCO_LINK:
2845 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2846 phys |= BT_PHY_BR_1M_1SLOT;
2847
2848 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2849 phys |= BT_PHY_BR_1M_3SLOT;
2850
2851 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2852 if (!(conn->pkt_type & ESCO_2EV3))
2853 phys |= BT_PHY_EDR_2M_1SLOT;
2854
2855 if (!(conn->pkt_type & ESCO_2EV5))
2856 phys |= BT_PHY_EDR_2M_3SLOT;
2857
2858 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2859 if (!(conn->pkt_type & ESCO_3EV3))
2860 phys |= BT_PHY_EDR_3M_1SLOT;
2861
2862 if (!(conn->pkt_type & ESCO_3EV5))
2863 phys |= BT_PHY_EDR_3M_3SLOT;
2864
2865 break;
2866
2867 case LE_LINK:
2868 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2869 phys |= BT_PHY_LE_1M_TX;
2870
2871 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2872 phys |= BT_PHY_LE_1M_RX;
2873
2874 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2875 phys |= BT_PHY_LE_2M_TX;
2876
2877 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2878 phys |= BT_PHY_LE_2M_RX;
2879
2880 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2881 phys |= BT_PHY_LE_CODED_TX;
2882
2883 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2884 phys |= BT_PHY_LE_CODED_RX;
2885
2886 break;
2887 }
2888
eab2404b
LAD		 2889 return phys;
2890}
1a942de0 2891
a13f316e 2892static int abort_conn_sync(struct hci_dev *hdev, void *data)
1a942de0 2893{
a13f316e 2894 struct hci_conn *conn;
a1f6c3ae 2895 u16 handle = PTR_UINT(data);
1a942de0 2896
a13f316e
LAD		 2897 conn = hci_conn_hash_lookup_handle(hdev, handle);
2898 if (!conn)
b62e7220
LAD		 2899 return 0;
2900
a13f316e
LAD		 2901 return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2902}
1a942de0 2903
a13f316e
LAD		 2904int hci_abort_conn(struct hci_conn *conn, u8 reason)
2905{
2906 struct hci_dev *hdev = conn->hdev;
1a942de0 2907
a13f316e
LAD		 2908 /* If abort_reason has already been set it means the connection is
2909 * already being aborted so don't attempt to overwrite it.
2910 */
2911 if (conn->abort_reason)
2912 return 0;
1a942de0 2913
a13f316e 2914 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
1a942de0 2915
a13f316e 2916 conn->abort_reason = reason;
1a942de0 2917
a13f316e
LAD		 2918 /* If the connection is pending check the command opcode since that
2919 * might be blocking on hci_cmd_sync_work while waiting its respective
2920 * event so we need to hci_cmd_sync_cancel to cancel it.
04a51d61
LAD		 2921 *
2922 * hci_connect_le serializes the connection attempts so only one
2923 * connection can be in BT_CONNECT at time.
a13f316e
LAD		 2924 */
2925 if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2926 switch (hci_skb_event(hdev->sent_cmd)) {
2927 case HCI_EV_LE_CONN_COMPLETE:
2928 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2929 case HCI_EVT_LE_CIS_ESTABLISHED:
2930 hci_cmd_sync_cancel(hdev, -ECANCELED);
2931 break;
1a942de0 2932 }
1a942de0
BG		 2933 }
2934
a1f6c3ae 2935 return hci_cmd_sync_queue(hdev, abort_conn_sync, UINT_PTR(conn->handle),
a13f316e 2936 NULL);
1a942de0 2937}
Linux 6.x block layer and io_uring tree(s)