Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 | 2 | BlueZ - Bluetooth protocol stack for Linux |
2d0a0346 | 3 | Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. |
1da177e4 LT |
4 | |
5 | Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> | |
6 | ||
7 | This program is free software; you can redistribute it and/or modify | |
8 | it under the terms of the GNU General Public License version 2 as | |
9 | published by the Free Software Foundation; | |
10 | ||
11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
12 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
13 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
14 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
15 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
16 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
17 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
18 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
19 | ||
8e87d142 YH |
20 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
21 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
22 | SOFTWARE IS DISCLAIMED. |
23 | */ | |
24 | ||
25 | /* Bluetooth HCI connection handling. */ | |
26 | ||
8c520a59 | 27 | #include <linux/export.h> |
23b9ceb7 | 28 | #include <linux/debugfs.h> |
1da177e4 LT |
29 | |
30 | #include <net/bluetooth/bluetooth.h> | |
31 | #include <net/bluetooth/hci_core.h> | |
4bc58f51 | 32 | #include <net/bluetooth/l2cap.h> |
1da177e4 | 33 | |
0857dd3b | 34 | #include "hci_request.h" |
ac4b7236 | 35 | #include "smp.h" |
7024728e MH |
36 | #include "a2mp.h" |
37 | ||
2dea632f FD |
38 | struct sco_param { |
39 | u16 pkt_type; | |
40 | u16 max_latency; | |
c7da5797 | 41 | u8 retrans_effort; |
2dea632f FD |
42 | }; |
43 | ||
48e68ff5 | 44 | static const struct sco_param esco_param_cvsd[] = { |
c7da5797 JH |
45 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */ |
46 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */ | |
47 | { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */ | |
48 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */ | |
49 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */ | |
2dea632f FD |
50 | }; |
51 | ||
48e68ff5 | 52 | static const struct sco_param sco_param_cvsd[] = { |
c7da5797 JH |
53 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */ |
54 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */ | |
48e68ff5 BT |
55 | }; |
56 | ||
565766b0 | 57 | static const struct sco_param esco_param_msbc[] = { |
c7da5797 JH |
58 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */ |
59 | { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */ | |
2dea632f FD |
60 | }; |
61 | ||
1aef8669 | 62 | static void hci_le_create_connection_cancel(struct hci_conn *conn) |
fcd89c09 VT |
63 | { |
64 | hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL); | |
65 | } | |
66 | ||
f75113a2 JP |
67 | /* This function requires the caller holds hdev->lock */ |
68 | static void hci_connect_le_scan_cleanup(struct hci_conn *conn) | |
69 | { | |
70 | struct hci_conn_params *params; | |
71 | struct smp_irk *irk; | |
72 | bdaddr_t *bdaddr; | |
73 | u8 bdaddr_type; | |
74 | ||
75 | bdaddr = &conn->dst; | |
76 | bdaddr_type = conn->dst_type; | |
77 | ||
78 | /* Check if we need to convert to identity address */ | |
79 | irk = hci_get_irk(conn->hdev, bdaddr, bdaddr_type); | |
80 | if (irk) { | |
81 | bdaddr = &irk->bdaddr; | |
82 | bdaddr_type = irk->addr_type; | |
83 | } | |
84 | ||
85 | params = hci_explicit_connect_lookup(conn->hdev, bdaddr, bdaddr_type); | |
86 | if (!params) | |
87 | return; | |
88 | ||
89 | /* The connection attempt was doing scan for new RPA, and is | |
90 | * in scan phase. If params are not associated with any other | |
91 | * autoconnect action, remove them completely. If they are, just unmark | |
92 | * them as waiting for connection, by clearing explicit_connect field. | |
93 | */ | |
168b8a25 | 94 | if (params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { |
f75113a2 | 95 | hci_conn_params_del(conn->hdev, bdaddr, bdaddr_type); |
168b8a25 | 96 | } else { |
f75113a2 | 97 | params->explicit_connect = false; |
168b8a25 JP |
98 | hci_update_background_scan(conn->hdev); |
99 | } | |
f75113a2 JP |
100 | } |
101 | ||
102 | /* This function requires the caller holds hdev->lock */ | |
103 | static void hci_connect_le_scan_remove(struct hci_conn *conn) | |
104 | { | |
105 | hci_connect_le_scan_cleanup(conn); | |
106 | ||
107 | hci_conn_hash_del(conn->hdev, conn); | |
f75113a2 JP |
108 | } |
109 | ||
1aef8669 | 110 | static void hci_acl_create_connection(struct hci_conn *conn) |
1da177e4 LT |
111 | { |
112 | struct hci_dev *hdev = conn->hdev; | |
113 | struct inquiry_entry *ie; | |
114 | struct hci_cp_create_conn cp; | |
115 | ||
42d2d87c | 116 | BT_DBG("hcon %p", conn); |
1da177e4 LT |
117 | |
118 | conn->state = BT_CONNECT; | |
a0c808b3 | 119 | conn->out = true; |
40bef302 | 120 | conn->role = HCI_ROLE_MASTER; |
1da177e4 | 121 | |
4c67bc74 MH |
122 | conn->attempt++; |
123 | ||
e4e8e37c MH |
124 | conn->link_policy = hdev->link_policy; |
125 | ||
1da177e4 LT |
126 | memset(&cp, 0, sizeof(cp)); |
127 | bacpy(&cp.bdaddr, &conn->dst); | |
128 | cp.pscan_rep_mode = 0x02; | |
129 | ||
70f23020 AE |
130 | ie = hci_inquiry_cache_lookup(hdev, &conn->dst); |
131 | if (ie) { | |
41a96212 MH |
132 | if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { |
133 | cp.pscan_rep_mode = ie->data.pscan_rep_mode; | |
134 | cp.pscan_mode = ie->data.pscan_mode; | |
135 | cp.clock_offset = ie->data.clock_offset | | |
dcf4adbf | 136 | cpu_to_le16(0x8000); |
41a96212 MH |
137 | } |
138 | ||
1da177e4 | 139 | memcpy(conn->dev_class, ie->data.dev_class, 3); |
58a681ef JH |
140 | if (ie->data.ssp_mode > 0) |
141 | set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); | |
1da177e4 LT |
142 | } |
143 | ||
a8746417 | 144 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
1da177e4 | 145 | if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) |
b6a0dc82 | 146 | cp.role_switch = 0x01; |
1da177e4 | 147 | else |
b6a0dc82 | 148 | cp.role_switch = 0x00; |
4c67bc74 | 149 | |
a9de9248 | 150 | hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); |
1da177e4 LT |
151 | } |
152 | ||
1aef8669 | 153 | static void hci_acl_create_connection_cancel(struct hci_conn *conn) |
6ac59344 MH |
154 | { |
155 | struct hci_cp_create_conn_cancel cp; | |
156 | ||
38b3fef1 | 157 | BT_DBG("hcon %p", conn); |
6ac59344 | 158 | |
d095c1eb | 159 | if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2) |
6ac59344 MH |
160 | return; |
161 | ||
162 | bacpy(&cp.bdaddr, &conn->dst); | |
a9de9248 | 163 | hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); |
6ac59344 MH |
164 | } |
165 | ||
93796fa6 CT |
166 | static void hci_reject_sco(struct hci_conn *conn) |
167 | { | |
168 | struct hci_cp_reject_sync_conn_req cp; | |
169 | ||
d41c15cf | 170 | cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES; |
93796fa6 CT |
171 | bacpy(&cp.bdaddr, &conn->dst); |
172 | ||
173 | hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp); | |
174 | } | |
175 | ||
e3b679d5 | 176 | int hci_disconnect(struct hci_conn *conn, __u8 reason) |
1da177e4 LT |
177 | { |
178 | struct hci_cp_disconnect cp; | |
179 | ||
38b3fef1 | 180 | BT_DBG("hcon %p", conn); |
1da177e4 | 181 | |
839035a7 JH |
182 | /* When we are master of an established connection and it enters |
183 | * the disconnect timeout, then go ahead and try to read the | |
184 | * current clock offset. Processing of the result is done | |
185 | * within the event handling and hci_clock_offset_evt function. | |
186 | */ | |
187 | if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) { | |
188 | struct hci_dev *hdev = conn->hdev; | |
4f639ede | 189 | struct hci_cp_read_clock_offset clkoff_cp; |
839035a7 | 190 | |
4f639ede FF |
191 | clkoff_cp.handle = cpu_to_le16(conn->handle); |
192 | hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp), | |
193 | &clkoff_cp); | |
839035a7 JH |
194 | } |
195 | ||
1da177e4 LT |
196 | conn->state = BT_DISCONN; |
197 | ||
aca3192c | 198 | cp.handle = cpu_to_le16(conn->handle); |
1da177e4 | 199 | cp.reason = reason; |
e3b679d5 | 200 | return hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); |
1da177e4 LT |
201 | } |
202 | ||
a2b1976b | 203 | static void hci_amp_disconn(struct hci_conn *conn) |
53502d69 AE |
204 | { |
205 | struct hci_cp_disconn_phy_link cp; | |
206 | ||
207 | BT_DBG("hcon %p", conn); | |
208 | ||
209 | conn->state = BT_DISCONN; | |
210 | ||
211 | cp.phy_handle = HCI_PHY_HANDLE(conn->handle); | |
a2b1976b | 212 | cp.reason = hci_proto_disconn_ind(conn); |
53502d69 AE |
213 | hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK, |
214 | sizeof(cp), &cp); | |
215 | } | |
216 | ||
57f5d0d1 | 217 | static void hci_add_sco(struct hci_conn *conn, __u16 handle) |
1da177e4 LT |
218 | { |
219 | struct hci_dev *hdev = conn->hdev; | |
220 | struct hci_cp_add_sco cp; | |
221 | ||
38b3fef1 | 222 | BT_DBG("hcon %p", conn); |
1da177e4 LT |
223 | |
224 | conn->state = BT_CONNECT; | |
a0c808b3 | 225 | conn->out = true; |
1da177e4 | 226 | |
efc7688b MH |
227 | conn->attempt++; |
228 | ||
aca3192c | 229 | cp.handle = cpu_to_le16(handle); |
a8746417 | 230 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
1da177e4 | 231 | |
a9de9248 | 232 | hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); |
1da177e4 LT |
233 | } |
234 | ||
2dea632f | 235 | bool hci_setup_sync(struct hci_conn *conn, __u16 handle) |
b6a0dc82 MH |
236 | { |
237 | struct hci_dev *hdev = conn->hdev; | |
238 | struct hci_cp_setup_sync_conn cp; | |
2dea632f | 239 | const struct sco_param *param; |
b6a0dc82 | 240 | |
38b3fef1 | 241 | BT_DBG("hcon %p", conn); |
b6a0dc82 MH |
242 | |
243 | conn->state = BT_CONNECT; | |
a0c808b3 | 244 | conn->out = true; |
b6a0dc82 | 245 | |
efc7688b MH |
246 | conn->attempt++; |
247 | ||
b6a0dc82 | 248 | cp.handle = cpu_to_le16(handle); |
b6a0dc82 | 249 | |
dcf4adbf JP |
250 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); |
251 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
10c62ddc FD |
252 | cp.voice_setting = cpu_to_le16(conn->setting); |
253 | ||
254 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
255 | case SCO_AIRMODE_TRANSP: | |
565766b0 | 256 | if (conn->attempt > ARRAY_SIZE(esco_param_msbc)) |
2dea632f | 257 | return false; |
565766b0 | 258 | param = &esco_param_msbc[conn->attempt - 1]; |
10c62ddc FD |
259 | break; |
260 | case SCO_AIRMODE_CVSD: | |
48e68ff5 BT |
261 | if (lmp_esco_capable(conn->link)) { |
262 | if (conn->attempt > ARRAY_SIZE(esco_param_cvsd)) | |
263 | return false; | |
48e68ff5 BT |
264 | param = &esco_param_cvsd[conn->attempt - 1]; |
265 | } else { | |
266 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
267 | return false; | |
48e68ff5 BT |
268 | param = &sco_param_cvsd[conn->attempt - 1]; |
269 | } | |
10c62ddc | 270 | break; |
2dea632f FD |
271 | default: |
272 | return false; | |
10c62ddc | 273 | } |
b6a0dc82 | 274 | |
c7da5797 | 275 | cp.retrans_effort = param->retrans_effort; |
2dea632f FD |
276 | cp.pkt_type = __cpu_to_le16(param->pkt_type); |
277 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
278 | ||
279 | if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
280 | return false; | |
281 | ||
282 | return true; | |
b6a0dc82 MH |
283 | } |
284 | ||
7d6ca693 JH |
285 | u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, |
286 | u16 to_multiplier) | |
2ce603eb | 287 | { |
2ce603eb | 288 | struct hci_dev *hdev = conn->hdev; |
f044eb05 MH |
289 | struct hci_conn_params *params; |
290 | struct hci_cp_le_conn_update cp; | |
2ce603eb | 291 | |
f044eb05 | 292 | hci_dev_lock(hdev); |
2ce603eb | 293 | |
f044eb05 MH |
294 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
295 | if (params) { | |
296 | params->conn_min_interval = min; | |
297 | params->conn_max_interval = max; | |
298 | params->conn_latency = latency; | |
299 | params->supervision_timeout = to_multiplier; | |
300 | } | |
301 | ||
302 | hci_dev_unlock(hdev); | |
303 | ||
304 | memset(&cp, 0, sizeof(cp)); | |
2ce603eb CT |
305 | cp.handle = cpu_to_le16(conn->handle); |
306 | cp.conn_interval_min = cpu_to_le16(min); | |
307 | cp.conn_interval_max = cpu_to_le16(max); | |
308 | cp.conn_latency = cpu_to_le16(latency); | |
309 | cp.supervision_timeout = cpu_to_le16(to_multiplier); | |
dcf4adbf JP |
310 | cp.min_ce_len = cpu_to_le16(0x0000); |
311 | cp.max_ce_len = cpu_to_le16(0x0000); | |
2ce603eb CT |
312 | |
313 | hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); | |
7d6ca693 JH |
314 | |
315 | if (params) | |
316 | return 0x01; | |
317 | ||
318 | return 0x00; | |
2ce603eb | 319 | } |
2ce603eb | 320 | |
fe39c7b2 | 321 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, |
8b76ce34 | 322 | __u8 ltk[16], __u8 key_size) |
a7a595f6 VCG |
323 | { |
324 | struct hci_dev *hdev = conn->hdev; | |
325 | struct hci_cp_le_start_enc cp; | |
326 | ||
38b3fef1 | 327 | BT_DBG("hcon %p", conn); |
a7a595f6 VCG |
328 | |
329 | memset(&cp, 0, sizeof(cp)); | |
330 | ||
331 | cp.handle = cpu_to_le16(conn->handle); | |
fe39c7b2 | 332 | cp.rand = rand; |
a7a595f6 | 333 | cp.ediv = ediv; |
8b76ce34 | 334 | memcpy(cp.ltk, ltk, key_size); |
a7a595f6 VCG |
335 | |
336 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); | |
337 | } | |
a7a595f6 | 338 | |
e73439d8 MH |
339 | /* Device _must_ be locked */ |
340 | void hci_sco_setup(struct hci_conn *conn, __u8 status) | |
341 | { | |
342 | struct hci_conn *sco = conn->link; | |
343 | ||
e73439d8 MH |
344 | if (!sco) |
345 | return; | |
346 | ||
38b3fef1 AE |
347 | BT_DBG("hcon %p", conn); |
348 | ||
e73439d8 MH |
349 | if (!status) { |
350 | if (lmp_esco_capable(conn->hdev)) | |
351 | hci_setup_sync(sco, conn->handle); | |
352 | else | |
353 | hci_add_sco(sco, conn->handle); | |
354 | } else { | |
539c496d | 355 | hci_connect_cfm(sco, status); |
e73439d8 MH |
356 | hci_conn_del(sco); |
357 | } | |
358 | } | |
359 | ||
19c40e3b | 360 | static void hci_conn_timeout(struct work_struct *work) |
1da177e4 | 361 | { |
19c40e3b | 362 | struct hci_conn *conn = container_of(work, struct hci_conn, |
5974e4c4 | 363 | disc_work.work); |
1d56dc4f | 364 | int refcnt = atomic_read(&conn->refcnt); |
1da177e4 | 365 | |
38b3fef1 | 366 | BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); |
1da177e4 | 367 | |
1d56dc4f LR |
368 | WARN_ON(refcnt < 0); |
369 | ||
370 | /* FIXME: It was observed that in pairing failed scenario, refcnt | |
371 | * drops below 0. Probably this is because l2cap_conn_del calls | |
372 | * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is | |
373 | * dropped. After that loop hci_chan_del is called which also drops | |
374 | * conn. For now make sure that ACL is alive if refcnt is higher then 0, | |
375 | * otherwise drop it. | |
376 | */ | |
377 | if (refcnt > 0) | |
1da177e4 LT |
378 | return; |
379 | ||
6ac59344 MH |
380 | switch (conn->state) { |
381 | case BT_CONNECT: | |
769be974 | 382 | case BT_CONNECT2: |
fcd89c09 VT |
383 | if (conn->out) { |
384 | if (conn->type == ACL_LINK) | |
1aef8669 | 385 | hci_acl_create_connection_cancel(conn); |
cc2b6911 JP |
386 | else if (conn->type == LE_LINK) { |
387 | if (test_bit(HCI_CONN_SCANNING, &conn->flags)) | |
388 | hci_connect_le_scan_remove(conn); | |
389 | else | |
390 | hci_le_create_connection_cancel(conn); | |
391 | } | |
93796fa6 CT |
392 | } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { |
393 | hci_reject_sco(conn); | |
fcd89c09 | 394 | } |
6ac59344 | 395 | break; |
769be974 | 396 | case BT_CONFIG: |
8e87d142 | 397 | case BT_CONNECTED: |
40051e46 MH |
398 | if (conn->type == AMP_LINK) { |
399 | hci_amp_disconn(conn); | |
400 | } else { | |
401 | __u8 reason = hci_proto_disconn_ind(conn); | |
402 | hci_disconnect(conn, reason); | |
403 | } | |
6ac59344 MH |
404 | break; |
405 | default: | |
1da177e4 | 406 | conn->state = BT_CLOSED; |
6ac59344 MH |
407 | break; |
408 | } | |
1da177e4 LT |
409 | } |
410 | ||
416dc94b | 411 | /* Enter sniff mode */ |
a74a84f6 | 412 | static void hci_conn_idle(struct work_struct *work) |
416dc94b | 413 | { |
a74a84f6 JH |
414 | struct hci_conn *conn = container_of(work, struct hci_conn, |
415 | idle_work.work); | |
416dc94b GP |
416 | struct hci_dev *hdev = conn->hdev; |
417 | ||
38b3fef1 | 418 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
416dc94b | 419 | |
416dc94b GP |
420 | if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) |
421 | return; | |
422 | ||
423 | if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) | |
424 | return; | |
425 | ||
426 | if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { | |
427 | struct hci_cp_sniff_subrate cp; | |
428 | cp.handle = cpu_to_le16(conn->handle); | |
dcf4adbf JP |
429 | cp.max_latency = cpu_to_le16(0); |
430 | cp.min_remote_timeout = cpu_to_le16(0); | |
431 | cp.min_local_timeout = cpu_to_le16(0); | |
416dc94b GP |
432 | hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); |
433 | } | |
434 | ||
51a8efd7 | 435 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
416dc94b GP |
436 | struct hci_cp_sniff_mode cp; |
437 | cp.handle = cpu_to_le16(conn->handle); | |
438 | cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); | |
439 | cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); | |
dcf4adbf JP |
440 | cp.attempt = cpu_to_le16(4); |
441 | cp.timeout = cpu_to_le16(1); | |
416dc94b GP |
442 | hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); |
443 | } | |
444 | } | |
445 | ||
7bc18d9d | 446 | static void hci_conn_auto_accept(struct work_struct *work) |
9f61656a | 447 | { |
7bc18d9d JH |
448 | struct hci_conn *conn = container_of(work, struct hci_conn, |
449 | auto_accept_work.work); | |
9f61656a | 450 | |
7bc18d9d | 451 | hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), |
5974e4c4 | 452 | &conn->dst); |
9f61656a JH |
453 | } |
454 | ||
9489eca4 JH |
455 | static void le_conn_timeout(struct work_struct *work) |
456 | { | |
457 | struct hci_conn *conn = container_of(work, struct hci_conn, | |
458 | le_conn_timeout.work); | |
3c857757 | 459 | struct hci_dev *hdev = conn->hdev; |
9489eca4 JH |
460 | |
461 | BT_DBG(""); | |
462 | ||
3c857757 JH |
463 | /* We could end up here due to having done directed advertising, |
464 | * so clean up the state if necessary. This should however only | |
465 | * happen with broken hardware or if low duty cycle was used | |
466 | * (which doesn't have a timeout of its own). | |
467 | */ | |
0b1db38c | 468 | if (conn->role == HCI_ROLE_SLAVE) { |
3c857757 JH |
469 | u8 enable = 0x00; |
470 | hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), | |
471 | &enable); | |
472 | hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); | |
473 | return; | |
474 | } | |
475 | ||
9489eca4 JH |
476 | hci_le_create_connection_cancel(conn); |
477 | } | |
478 | ||
a5c4e309 JH |
479 | struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, |
480 | u8 role) | |
1da177e4 LT |
481 | { |
482 | struct hci_conn *conn; | |
483 | ||
6ed93dc6 | 484 | BT_DBG("%s dst %pMR", hdev->name, dst); |
1da177e4 | 485 | |
27f70f3e | 486 | conn = kzalloc(sizeof(*conn), GFP_KERNEL); |
04837f64 | 487 | if (!conn) |
1da177e4 | 488 | return NULL; |
1da177e4 LT |
489 | |
490 | bacpy(&conn->dst, dst); | |
662e8820 | 491 | bacpy(&conn->src, &hdev->bdaddr); |
a8746417 MH |
492 | conn->hdev = hdev; |
493 | conn->type = type; | |
a5c4e309 | 494 | conn->role = role; |
a8746417 MH |
495 | conn->mode = HCI_CM_ACTIVE; |
496 | conn->state = BT_OPEN; | |
93f19c9f | 497 | conn->auth_type = HCI_AT_GENERAL_BONDING; |
17fa4b9d | 498 | conn->io_capability = hdev->io_capability; |
a9583556 | 499 | conn->remote_auth = 0xff; |
13d39315 | 500 | conn->key_type = 0xff; |
ebf86aa3 | 501 | conn->rssi = HCI_RSSI_INVALID; |
5a134fae | 502 | conn->tx_power = HCI_TX_POWER_INVALID; |
d0455ed9 | 503 | conn->max_tx_power = HCI_TX_POWER_INVALID; |
1da177e4 | 504 | |
58a681ef | 505 | set_bit(HCI_CONN_POWER_SAVE, &conn->flags); |
052b30b0 | 506 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
04837f64 | 507 | |
a5c4e309 JH |
508 | if (conn->role == HCI_ROLE_MASTER) |
509 | conn->out = true; | |
510 | ||
a8746417 MH |
511 | switch (type) { |
512 | case ACL_LINK: | |
513 | conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; | |
514 | break; | |
9c84d1da JH |
515 | case LE_LINK: |
516 | /* conn->src should reflect the local identity address */ | |
517 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
518 | break; | |
a8746417 MH |
519 | case SCO_LINK: |
520 | if (lmp_esco_capable(hdev)) | |
efc7688b MH |
521 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
522 | (hdev->esco_type & EDR_ESCO_MASK); | |
a8746417 MH |
523 | else |
524 | conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; | |
525 | break; | |
526 | case ESCO_LINK: | |
efc7688b | 527 | conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; |
a8746417 MH |
528 | break; |
529 | } | |
530 | ||
1da177e4 | 531 | skb_queue_head_init(&conn->data_q); |
04837f64 | 532 | |
70c1f20b | 533 | INIT_LIST_HEAD(&conn->chan_list); |
73d80deb | 534 | |
19c40e3b | 535 | INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); |
7bc18d9d | 536 | INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); |
a74a84f6 | 537 | INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); |
9489eca4 | 538 | INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); |
1da177e4 LT |
539 | |
540 | atomic_set(&conn->refcnt, 0); | |
541 | ||
542 | hci_dev_hold(hdev); | |
543 | ||
1da177e4 | 544 | hci_conn_hash_add(hdev, conn); |
3c54711c | 545 | if (hdev->notify) |
1da177e4 LT |
546 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); |
547 | ||
a67e899c MH |
548 | hci_conn_init_sysfs(conn); |
549 | ||
1da177e4 LT |
550 | return conn; |
551 | } | |
552 | ||
553 | int hci_conn_del(struct hci_conn *conn) | |
554 | { | |
555 | struct hci_dev *hdev = conn->hdev; | |
556 | ||
38b3fef1 | 557 | BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle); |
1da177e4 | 558 | |
19c40e3b | 559 | cancel_delayed_work_sync(&conn->disc_work); |
7bc18d9d | 560 | cancel_delayed_work_sync(&conn->auto_accept_work); |
a74a84f6 | 561 | cancel_delayed_work_sync(&conn->idle_work); |
9f61656a | 562 | |
5b7f9909 | 563 | if (conn->type == ACL_LINK) { |
1da177e4 LT |
564 | struct hci_conn *sco = conn->link; |
565 | if (sco) | |
566 | sco->link = NULL; | |
567 | ||
568 | /* Unacked frames */ | |
569 | hdev->acl_cnt += conn->sent; | |
6ed58ec5 | 570 | } else if (conn->type == LE_LINK) { |
980ffc0a | 571 | cancel_delayed_work(&conn->le_conn_timeout); |
9489eca4 | 572 | |
6ed58ec5 VT |
573 | if (hdev->le_pkts) |
574 | hdev->le_cnt += conn->sent; | |
575 | else | |
576 | hdev->acl_cnt += conn->sent; | |
5b7f9909 MH |
577 | } else { |
578 | struct hci_conn *acl = conn->link; | |
579 | if (acl) { | |
580 | acl->link = NULL; | |
76a68ba0 | 581 | hci_conn_drop(acl); |
5b7f9909 | 582 | } |
1da177e4 LT |
583 | } |
584 | ||
2c33c06a | 585 | hci_chan_list_flush(conn); |
73d80deb | 586 | |
9740e49d AE |
587 | if (conn->amp_mgr) |
588 | amp_mgr_put(conn->amp_mgr); | |
589 | ||
1da177e4 | 590 | hci_conn_hash_del(hdev, conn); |
3c54711c | 591 | if (hdev->notify) |
1da177e4 | 592 | hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); |
7d0db0a3 | 593 | |
1da177e4 | 594 | skb_queue_purge(&conn->data_q); |
1da177e4 | 595 | |
fc225c3f | 596 | hci_conn_del_sysfs(conn); |
2ae9a6be | 597 | |
23b9ceb7 MH |
598 | debugfs_remove_recursive(conn->debugfs); |
599 | ||
89cbb063 AA |
600 | if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags)) |
601 | hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type); | |
602 | ||
384943ec MH |
603 | hci_dev_put(hdev); |
604 | ||
8d12356f | 605 | hci_conn_put(conn); |
163f4dab | 606 | |
1da177e4 LT |
607 | return 0; |
608 | } | |
609 | ||
610 | struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) | |
611 | { | |
612 | int use_src = bacmp(src, BDADDR_ANY); | |
8035ded4 | 613 | struct hci_dev *hdev = NULL, *d; |
1da177e4 | 614 | |
6ed93dc6 | 615 | BT_DBG("%pMR -> %pMR", src, dst); |
1da177e4 | 616 | |
f20d09d5 | 617 | read_lock(&hci_dev_list_lock); |
1da177e4 | 618 | |
8035ded4 | 619 | list_for_each_entry(d, &hci_dev_list, list) { |
8fc9ced3 | 620 | if (!test_bit(HCI_UP, &d->flags) || |
d7a5a11d | 621 | hci_dev_test_flag(d, HCI_USER_CHANNEL) || |
d300fa9b | 622 | d->dev_type != HCI_BREDR) |
1da177e4 LT |
623 | continue; |
624 | ||
8e87d142 | 625 | /* Simple routing: |
1da177e4 LT |
626 | * No source address - find interface with bdaddr != dst |
627 | * Source address - find interface with bdaddr == src | |
628 | */ | |
629 | ||
630 | if (use_src) { | |
631 | if (!bacmp(&d->bdaddr, src)) { | |
632 | hdev = d; break; | |
633 | } | |
634 | } else { | |
635 | if (bacmp(&d->bdaddr, dst)) { | |
636 | hdev = d; break; | |
637 | } | |
638 | } | |
639 | } | |
640 | ||
641 | if (hdev) | |
642 | hdev = hci_dev_hold(hdev); | |
643 | ||
f20d09d5 | 644 | read_unlock(&hci_dev_list_lock); |
1da177e4 LT |
645 | return hdev; |
646 | } | |
647 | EXPORT_SYMBOL(hci_get_route); | |
648 | ||
9bb3c01f | 649 | /* This function requires the caller holds hdev->lock */ |
06c053fb | 650 | void hci_le_conn_failed(struct hci_conn *conn, u8 status) |
9bb3c01f AG |
651 | { |
652 | struct hci_dev *hdev = conn->hdev; | |
f161dd41 JH |
653 | struct hci_conn_params *params; |
654 | ||
655 | params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst, | |
656 | conn->dst_type); | |
657 | if (params && params->conn) { | |
658 | hci_conn_drop(params->conn); | |
f8aaf9b6 | 659 | hci_conn_put(params->conn); |
f161dd41 JH |
660 | params->conn = NULL; |
661 | } | |
9bb3c01f AG |
662 | |
663 | conn->state = BT_CLOSED; | |
664 | ||
665 | mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type, | |
666 | status); | |
667 | ||
539c496d | 668 | hci_connect_cfm(conn, status); |
9bb3c01f AG |
669 | |
670 | hci_conn_del(conn); | |
a4790dbd AG |
671 | |
672 | /* Since we may have temporarily stopped the background scanning in | |
673 | * favor of connection establishment, we should restart it. | |
674 | */ | |
675 | hci_update_background_scan(hdev); | |
3c857757 JH |
676 | |
677 | /* Re-enable advertising in case this was a failed connection | |
678 | * attempt as a peripheral. | |
679 | */ | |
680 | mgmt_reenable_advertising(hdev); | |
9bb3c01f AG |
681 | } |
682 | ||
1904a853 | 683 | static void create_le_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode) |
1d399ae5 AG |
684 | { |
685 | struct hci_conn *conn; | |
686 | ||
28a667c9 JP |
687 | hci_dev_lock(hdev); |
688 | ||
689 | conn = hci_lookup_le_connect(hdev); | |
690 | ||
691 | if (!status) { | |
692 | hci_connect_le_scan_cleanup(conn); | |
693 | goto done; | |
694 | } | |
1d399ae5 AG |
695 | |
696 | BT_ERR("HCI request failed to create LE connection: status 0x%2.2x", | |
697 | status); | |
698 | ||
1d399ae5 AG |
699 | if (!conn) |
700 | goto done; | |
701 | ||
06c053fb | 702 | hci_le_conn_failed(conn, status); |
1d399ae5 AG |
703 | |
704 | done: | |
705 | hci_dev_unlock(hdev); | |
706 | } | |
707 | ||
2acf3d90 AG |
708 | static void hci_req_add_le_create_conn(struct hci_request *req, |
709 | struct hci_conn *conn) | |
710 | { | |
711 | struct hci_cp_le_create_conn cp; | |
712 | struct hci_dev *hdev = conn->hdev; | |
713 | u8 own_addr_type; | |
714 | ||
715 | memset(&cp, 0, sizeof(cp)); | |
716 | ||
717 | /* Update random address, but set require_privacy to false so | |
9437d2ed | 718 | * that we never connect with an non-resolvable address. |
2acf3d90 AG |
719 | */ |
720 | if (hci_update_random_address(req, false, &own_addr_type)) | |
721 | return; | |
722 | ||
2acf3d90 AG |
723 | cp.scan_interval = cpu_to_le16(hdev->le_scan_interval); |
724 | cp.scan_window = cpu_to_le16(hdev->le_scan_window); | |
725 | bacpy(&cp.peer_addr, &conn->dst); | |
726 | cp.peer_addr_type = conn->dst_type; | |
727 | cp.own_address_type = own_addr_type; | |
728 | cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval); | |
729 | cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval); | |
037fc415 MH |
730 | cp.conn_latency = cpu_to_le16(conn->le_conn_latency); |
731 | cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout); | |
dcf4adbf JP |
732 | cp.min_ce_len = cpu_to_le16(0x0000); |
733 | cp.max_ce_len = cpu_to_le16(0x0000); | |
2acf3d90 AG |
734 | |
735 | hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); | |
b46e0030 JH |
736 | |
737 | conn->state = BT_CONNECT; | |
28a667c9 | 738 | clear_bit(HCI_CONN_SCANNING, &conn->flags); |
2acf3d90 AG |
739 | } |
740 | ||
3c857757 JH |
741 | static void hci_req_directed_advertising(struct hci_request *req, |
742 | struct hci_conn *conn) | |
743 | { | |
744 | struct hci_dev *hdev = req->hdev; | |
745 | struct hci_cp_le_set_adv_param cp; | |
746 | u8 own_addr_type; | |
747 | u8 enable; | |
748 | ||
5ce194c4 | 749 | /* Clear the HCI_LE_ADV bit temporarily so that the |
3c857757 JH |
750 | * hci_update_random_address knows that it's safe to go ahead |
751 | * and write a new random address. The flag will be set back on | |
752 | * as soon as the SET_ADV_ENABLE HCI command completes. | |
753 | */ | |
a358dc11 | 754 | hci_dev_clear_flag(hdev, HCI_LE_ADV); |
3c857757 JH |
755 | |
756 | /* Set require_privacy to false so that the remote device has a | |
757 | * chance of identifying us. | |
758 | */ | |
759 | if (hci_update_random_address(req, false, &own_addr_type) < 0) | |
760 | return; | |
761 | ||
762 | memset(&cp, 0, sizeof(cp)); | |
763 | cp.type = LE_ADV_DIRECT_IND; | |
764 | cp.own_address_type = own_addr_type; | |
765 | cp.direct_addr_type = conn->dst_type; | |
766 | bacpy(&cp.direct_addr, &conn->dst); | |
767 | cp.channel_map = hdev->le_adv_channel_map; | |
768 | ||
769 | hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); | |
770 | ||
771 | enable = 0x01; | |
772 | hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); | |
773 | ||
774 | conn->state = BT_CONNECT; | |
775 | } | |
776 | ||
04a6c589 | 777 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, |
cdd6275e | 778 | u8 dst_type, u8 sec_level, u16 conn_timeout, |
e804d25d | 779 | u8 role) |
1da177e4 | 780 | { |
4292f1f3 | 781 | struct hci_conn_params *params; |
28a667c9 | 782 | struct hci_conn *conn, *conn_unfinished; |
1ebfcc1f | 783 | struct smp_irk *irk; |
2acf3d90 | 784 | struct hci_request req; |
1d399ae5 | 785 | int err; |
1da177e4 | 786 | |
152d386e | 787 | /* Let's make sure that le is enabled.*/ |
d7a5a11d | 788 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { |
152d386e LR |
789 | if (lmp_le_capable(hdev)) |
790 | return ERR_PTR(-ECONNREFUSED); | |
791 | ||
792 | return ERR_PTR(-EOPNOTSUPP); | |
793 | } | |
794 | ||
620ad521 AG |
795 | /* Some devices send ATT messages as soon as the physical link is |
796 | * established. To be able to handle these ATT messages, the user- | |
797 | * space first establishes the connection and then starts the pairing | |
798 | * process. | |
799 | * | |
800 | * So if a hci_conn object already exists for the following connection | |
801 | * attempt, we simply update pending_sec_level and auth_type fields | |
802 | * and return the object found. | |
803 | */ | |
f1e5d547 | 804 | conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); |
28a667c9 | 805 | conn_unfinished = NULL; |
620ad521 | 806 | if (conn) { |
28a667c9 JP |
807 | if (conn->state == BT_CONNECT && |
808 | test_bit(HCI_CONN_SCANNING, &conn->flags)) { | |
809 | BT_DBG("will continue unfinished conn %pMR", dst); | |
810 | conn_unfinished = conn; | |
811 | } else { | |
812 | if (conn->pending_sec_level < sec_level) | |
813 | conn->pending_sec_level = sec_level; | |
814 | goto done; | |
815 | } | |
620ad521 | 816 | } |
dfc94dbd | 817 | |
620ad521 AG |
818 | /* Since the controller supports only one LE connection attempt at a |
819 | * time, we return -EBUSY if there is any connection attempt running. | |
820 | */ | |
e7d9ab73 | 821 | if (hci_lookup_le_connect(hdev)) |
620ad521 | 822 | return ERR_PTR(-EBUSY); |
46a190cb | 823 | |
edb4b466 MH |
824 | /* When given an identity address with existing identity |
825 | * resolving key, the connection needs to be established | |
826 | * to a resolvable random address. | |
827 | * | |
edb4b466 MH |
828 | * Storing the resolvable random address is required here |
829 | * to handle connection failures. The address will later | |
830 | * be resolved back into the original identity address | |
831 | * from the connect request. | |
832 | */ | |
1ebfcc1f JH |
833 | irk = hci_find_irk_by_addr(hdev, dst, dst_type); |
834 | if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { | |
835 | dst = &irk->rpa; | |
836 | dst_type = ADDR_LE_DEV_RANDOM; | |
837 | } | |
838 | ||
28a667c9 JP |
839 | if (conn_unfinished) { |
840 | conn = conn_unfinished; | |
841 | bacpy(&conn->dst, dst); | |
842 | } else { | |
843 | conn = hci_conn_add(hdev, LE_LINK, dst, role); | |
844 | } | |
845 | ||
620ad521 AG |
846 | if (!conn) |
847 | return ERR_PTR(-ENOMEM); | |
9f0caeb1 | 848 | |
1ebfcc1f | 849 | conn->dst_type = dst_type; |
620ad521 | 850 | conn->sec_level = BT_SECURITY_LOW; |
09ae260b | 851 | conn->conn_timeout = conn_timeout; |
4292f1f3 | 852 | |
28a667c9 JP |
853 | if (!conn_unfinished) |
854 | conn->pending_sec_level = sec_level; | |
855 | ||
3c857757 JH |
856 | hci_req_init(&req, hdev); |
857 | ||
376f54c1 JH |
858 | /* Disable advertising if we're active. For master role |
859 | * connections most controllers will refuse to connect if | |
860 | * advertising is enabled, and for slave role connections we | |
861 | * anyway have to disable it in order to start directed | |
862 | * advertising. | |
863 | */ | |
d7a5a11d | 864 | if (hci_dev_test_flag(hdev, HCI_LE_ADV)) { |
376f54c1 JH |
865 | u8 enable = 0x00; |
866 | hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), | |
867 | &enable); | |
868 | } | |
869 | ||
cdd6275e | 870 | /* If requested to connect as slave use directed advertising */ |
e804d25d | 871 | if (conn->role == HCI_ROLE_SLAVE) { |
e8bb6b97 JH |
872 | /* If we're active scanning most controllers are unable |
873 | * to initiate advertising. Simply reject the attempt. | |
874 | */ | |
d7a5a11d | 875 | if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && |
e8bb6b97 JH |
876 | hdev->le_scan_type == LE_SCAN_ACTIVE) { |
877 | skb_queue_purge(&req.cmd_q); | |
878 | hci_conn_del(conn); | |
879 | return ERR_PTR(-EBUSY); | |
880 | } | |
881 | ||
3c857757 JH |
882 | hci_req_directed_advertising(&req, conn); |
883 | goto create_conn; | |
884 | } | |
885 | ||
4292f1f3 AG |
886 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
887 | if (params) { | |
888 | conn->le_conn_min_interval = params->conn_min_interval; | |
889 | conn->le_conn_max_interval = params->conn_max_interval; | |
037fc415 MH |
890 | conn->le_conn_latency = params->conn_latency; |
891 | conn->le_supv_timeout = params->supervision_timeout; | |
4292f1f3 AG |
892 | } else { |
893 | conn->le_conn_min_interval = hdev->le_conn_min_interval; | |
894 | conn->le_conn_max_interval = hdev->le_conn_max_interval; | |
04fb7d90 MH |
895 | conn->le_conn_latency = hdev->le_conn_latency; |
896 | conn->le_supv_timeout = hdev->le_supv_timeout; | |
4292f1f3 | 897 | } |
eda42b50 | 898 | |
2acf3d90 | 899 | /* If controller is scanning, we stop it since some controllers are |
81ad6fd9 JH |
900 | * not able to scan and connect at the same time. Also set the |
901 | * HCI_LE_SCAN_INTERRUPTED flag so that the command complete | |
902 | * handler for scan disabling knows to set the correct discovery | |
903 | * state. | |
2acf3d90 | 904 | */ |
d7a5a11d | 905 | if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { |
2acf3d90 | 906 | hci_req_add_le_scan_disable(&req); |
a1536da2 | 907 | hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); |
2acf3d90 AG |
908 | } |
909 | ||
81ad6fd9 JH |
910 | hci_req_add_le_create_conn(&req, conn); |
911 | ||
3c857757 | 912 | create_conn: |
81ad6fd9 | 913 | err = hci_req_run(&req, create_le_conn_complete); |
2acf3d90 AG |
914 | if (err) { |
915 | hci_conn_del(conn); | |
620ad521 | 916 | return ERR_PTR(err); |
2acf3d90 | 917 | } |
fcd89c09 | 918 | |
620ad521 | 919 | done: |
28a667c9 JP |
920 | /* If this is continuation of connect started by hci_connect_le_scan, |
921 | * it already called hci_conn_hold and calling it again would mess the | |
922 | * counter. | |
923 | */ | |
924 | if (!conn_unfinished) | |
925 | hci_conn_hold(conn); | |
926 | ||
f1e5d547 | 927 | return conn; |
d04aef4c | 928 | } |
fcd89c09 | 929 | |
f75113a2 JP |
930 | static void hci_connect_le_scan_complete(struct hci_dev *hdev, u8 status, |
931 | u16 opcode) | |
932 | { | |
933 | struct hci_conn *conn; | |
934 | ||
935 | if (!status) | |
936 | return; | |
937 | ||
938 | BT_ERR("Failed to add device to auto conn whitelist: status 0x%2.2x", | |
939 | status); | |
940 | ||
941 | hci_dev_lock(hdev); | |
942 | ||
943 | conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); | |
944 | if (conn) | |
945 | hci_le_conn_failed(conn, status); | |
946 | ||
947 | hci_dev_unlock(hdev); | |
948 | } | |
949 | ||
950 | static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) | |
951 | { | |
952 | struct hci_conn *conn; | |
953 | ||
954 | conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); | |
955 | if (!conn) | |
956 | return false; | |
957 | ||
958 | if (conn->dst_type != type) | |
959 | return false; | |
960 | ||
961 | if (conn->state != BT_CONNECTED) | |
962 | return false; | |
963 | ||
964 | return true; | |
965 | } | |
966 | ||
967 | /* This function requires the caller holds hdev->lock */ | |
968 | static int hci_explicit_conn_params_set(struct hci_request *req, | |
969 | bdaddr_t *addr, u8 addr_type) | |
970 | { | |
971 | struct hci_dev *hdev = req->hdev; | |
972 | struct hci_conn_params *params; | |
973 | ||
974 | if (is_connected(hdev, addr, addr_type)) | |
975 | return -EISCONN; | |
976 | ||
977 | params = hci_conn_params_add(hdev, addr, addr_type); | |
978 | if (!params) | |
979 | return -EIO; | |
980 | ||
981 | /* If we created new params, or existing params were marked as disabled, | |
982 | * mark them to be used just once to connect. | |
983 | */ | |
984 | if (params->auto_connect == HCI_AUTO_CONN_DISABLED) { | |
985 | params->auto_connect = HCI_AUTO_CONN_EXPLICIT; | |
986 | list_del_init(¶ms->action); | |
987 | list_add(¶ms->action, &hdev->pend_le_conns); | |
988 | } | |
989 | ||
990 | params->explicit_connect = true; | |
991 | __hci_update_background_scan(req); | |
992 | ||
993 | BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, | |
994 | params->auto_connect); | |
995 | ||
996 | return 0; | |
997 | } | |
998 | ||
999 | /* This function requires the caller holds hdev->lock */ | |
1000 | struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, | |
1001 | u8 dst_type, u8 sec_level, | |
1002 | u16 conn_timeout, u8 role) | |
1003 | { | |
1004 | struct hci_conn *conn; | |
1005 | struct hci_request req; | |
1006 | int err; | |
1007 | ||
1008 | /* Let's make sure that le is enabled.*/ | |
1009 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1010 | if (lmp_le_capable(hdev)) | |
1011 | return ERR_PTR(-ECONNREFUSED); | |
1012 | ||
1013 | return ERR_PTR(-EOPNOTSUPP); | |
1014 | } | |
1015 | ||
1016 | /* Some devices send ATT messages as soon as the physical link is | |
1017 | * established. To be able to handle these ATT messages, the user- | |
1018 | * space first establishes the connection and then starts the pairing | |
1019 | * process. | |
1020 | * | |
1021 | * So if a hci_conn object already exists for the following connection | |
1022 | * attempt, we simply update pending_sec_level and auth_type fields | |
1023 | * and return the object found. | |
1024 | */ | |
1025 | conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); | |
1026 | if (conn) { | |
1027 | if (conn->pending_sec_level < sec_level) | |
1028 | conn->pending_sec_level = sec_level; | |
1029 | goto done; | |
1030 | } | |
1031 | ||
1032 | BT_DBG("requesting refresh of dst_addr"); | |
1033 | ||
1034 | conn = hci_conn_add(hdev, LE_LINK, dst, role); | |
1035 | if (!conn) | |
1036 | return ERR_PTR(-ENOMEM); | |
1037 | ||
1038 | hci_req_init(&req, hdev); | |
1039 | ||
1040 | if (hci_explicit_conn_params_set(&req, dst, dst_type) < 0) | |
1041 | return ERR_PTR(-EBUSY); | |
1042 | ||
1043 | conn->state = BT_CONNECT; | |
1044 | set_bit(HCI_CONN_SCANNING, &conn->flags); | |
1045 | ||
1046 | err = hci_req_run(&req, hci_connect_le_scan_complete); | |
1047 | if (err && err != -ENODATA) { | |
1048 | hci_conn_del(conn); | |
1049 | return ERR_PTR(err); | |
1050 | } | |
1051 | ||
1052 | conn->dst_type = dst_type; | |
1053 | conn->sec_level = BT_SECURITY_LOW; | |
1054 | conn->pending_sec_level = sec_level; | |
1055 | conn->conn_timeout = conn_timeout; | |
1056 | ||
1057 | done: | |
1058 | hci_conn_hold(conn); | |
1059 | return conn; | |
1060 | } | |
1061 | ||
04a6c589 AG |
1062 | struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, |
1063 | u8 sec_level, u8 auth_type) | |
1da177e4 LT |
1064 | { |
1065 | struct hci_conn *acl; | |
fcd89c09 | 1066 | |
d7a5a11d | 1067 | if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { |
c411110e LR |
1068 | if (lmp_bredr_capable(hdev)) |
1069 | return ERR_PTR(-ECONNREFUSED); | |
1070 | ||
beb19e4c | 1071 | return ERR_PTR(-EOPNOTSUPP); |
c411110e | 1072 | } |
56f87901 | 1073 | |
70f23020 AE |
1074 | acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); |
1075 | if (!acl) { | |
a5c4e309 | 1076 | acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); |
70f23020 | 1077 | if (!acl) |
48c7aba9 | 1078 | return ERR_PTR(-ENOMEM); |
1da177e4 LT |
1079 | } |
1080 | ||
1081 | hci_conn_hold(acl); | |
1082 | ||
09ab6f4c | 1083 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
765c2a96 JH |
1084 | acl->sec_level = BT_SECURITY_LOW; |
1085 | acl->pending_sec_level = sec_level; | |
09ab6f4c | 1086 | acl->auth_type = auth_type; |
1aef8669 | 1087 | hci_acl_create_connection(acl); |
09ab6f4c | 1088 | } |
1da177e4 | 1089 | |
db474275 VCG |
1090 | return acl; |
1091 | } | |
1092 | ||
10c62ddc FD |
1093 | struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, |
1094 | __u16 setting) | |
db474275 VCG |
1095 | { |
1096 | struct hci_conn *acl; | |
1097 | struct hci_conn *sco; | |
1098 | ||
e660ed6c | 1099 | acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING); |
db474275 | 1100 | if (IS_ERR(acl)) |
5b7f9909 | 1101 | return acl; |
1da177e4 | 1102 | |
70f23020 AE |
1103 | sco = hci_conn_hash_lookup_ba(hdev, type, dst); |
1104 | if (!sco) { | |
a5c4e309 | 1105 | sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER); |
70f23020 | 1106 | if (!sco) { |
76a68ba0 | 1107 | hci_conn_drop(acl); |
48c7aba9 | 1108 | return ERR_PTR(-ENOMEM); |
1da177e4 | 1109 | } |
5b7f9909 | 1110 | } |
1da177e4 | 1111 | |
5b7f9909 MH |
1112 | acl->link = sco; |
1113 | sco->link = acl; | |
1da177e4 | 1114 | |
5b7f9909 | 1115 | hci_conn_hold(sco); |
1da177e4 | 1116 | |
10c62ddc FD |
1117 | sco->setting = setting; |
1118 | ||
5b7f9909 | 1119 | if (acl->state == BT_CONNECTED && |
5974e4c4 | 1120 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
58a681ef | 1121 | set_bit(HCI_CONN_POWER_SAVE, &acl->flags); |
14b12d0b | 1122 | hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); |
c390216b | 1123 | |
51a8efd7 | 1124 | if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) { |
e73439d8 | 1125 | /* defer SCO setup until mode change completed */ |
51a8efd7 | 1126 | set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags); |
e73439d8 MH |
1127 | return sco; |
1128 | } | |
1129 | ||
1130 | hci_sco_setup(acl, 0x00); | |
b6a0dc82 | 1131 | } |
5b7f9909 MH |
1132 | |
1133 | return sco; | |
1da177e4 | 1134 | } |
1da177e4 | 1135 | |
e7c29cb1 MH |
1136 | /* Check link security requirement */ |
1137 | int hci_conn_check_link_mode(struct hci_conn *conn) | |
1138 | { | |
38b3fef1 | 1139 | BT_DBG("hcon %p", conn); |
e7c29cb1 | 1140 | |
40b552aa MH |
1141 | /* In Secure Connections Only mode, it is required that Secure |
1142 | * Connections is used and the link is encrypted with AES-CCM | |
1143 | * using a P-256 authenticated combination key. | |
1144 | */ | |
d7a5a11d | 1145 | if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) { |
40b552aa MH |
1146 | if (!hci_conn_sc_enabled(conn) || |
1147 | !test_bit(HCI_CONN_AES_CCM, &conn->flags) || | |
1148 | conn->key_type != HCI_LK_AUTH_COMBINATION_P256) | |
1149 | return 0; | |
1150 | } | |
1151 | ||
4dae2798 JH |
1152 | if (hci_conn_ssp_enabled(conn) && |
1153 | !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
e7c29cb1 MH |
1154 | return 0; |
1155 | ||
1156 | return 1; | |
1157 | } | |
e7c29cb1 | 1158 | |
1da177e4 | 1159 | /* Authenticate remote device */ |
0684e5f9 | 1160 | static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) |
1da177e4 | 1161 | { |
38b3fef1 | 1162 | BT_DBG("hcon %p", conn); |
1da177e4 | 1163 | |
765c2a96 JH |
1164 | if (conn->pending_sec_level > sec_level) |
1165 | sec_level = conn->pending_sec_level; | |
1166 | ||
96a31833 | 1167 | if (sec_level > conn->sec_level) |
765c2a96 | 1168 | conn->pending_sec_level = sec_level; |
4dae2798 | 1169 | else if (test_bit(HCI_CONN_AUTH, &conn->flags)) |
1da177e4 LT |
1170 | return 1; |
1171 | ||
65cf686e JH |
1172 | /* Make sure we preserve an existing MITM requirement*/ |
1173 | auth_type |= (conn->auth_type & 0x01); | |
1174 | ||
96a31833 MH |
1175 | conn->auth_type = auth_type; |
1176 | ||
51a8efd7 | 1177 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { |
1da177e4 | 1178 | struct hci_cp_auth_requested cp; |
b7d05bad | 1179 | |
aca3192c | 1180 | cp.handle = cpu_to_le16(conn->handle); |
40be492f | 1181 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, |
5974e4c4 | 1182 | sizeof(cp), &cp); |
09da1f34 JH |
1183 | |
1184 | /* If we're already encrypted set the REAUTH_PEND flag, | |
1185 | * otherwise set the ENCRYPT_PEND. | |
1186 | */ | |
4dae2798 | 1187 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) |
51a8efd7 | 1188 | set_bit(HCI_CONN_REAUTH_PEND, &conn->flags); |
09da1f34 JH |
1189 | else |
1190 | set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); | |
1da177e4 | 1191 | } |
8c1b2355 | 1192 | |
1da177e4 LT |
1193 | return 0; |
1194 | } | |
1da177e4 | 1195 | |
13d39315 WR |
1196 | /* Encrypt the the link */ |
1197 | static void hci_conn_encrypt(struct hci_conn *conn) | |
1198 | { | |
38b3fef1 | 1199 | BT_DBG("hcon %p", conn); |
13d39315 | 1200 | |
51a8efd7 | 1201 | if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { |
13d39315 WR |
1202 | struct hci_cp_set_conn_encrypt cp; |
1203 | cp.handle = cpu_to_le16(conn->handle); | |
1204 | cp.encrypt = 0x01; | |
1205 | hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), | |
5974e4c4 | 1206 | &cp); |
13d39315 WR |
1207 | } |
1208 | } | |
1209 | ||
8c1b2355 | 1210 | /* Enable security */ |
e7cafc45 JH |
1211 | int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, |
1212 | bool initiator) | |
1da177e4 | 1213 | { |
38b3fef1 | 1214 | BT_DBG("hcon %p", conn); |
1da177e4 | 1215 | |
d8343f12 VCG |
1216 | if (conn->type == LE_LINK) |
1217 | return smp_conn_security(conn, sec_level); | |
1218 | ||
13d39315 | 1219 | /* For sdp we don't need the link key. */ |
8c1b2355 MH |
1220 | if (sec_level == BT_SECURITY_SDP) |
1221 | return 1; | |
1222 | ||
13d39315 WR |
1223 | /* For non 2.1 devices and low security level we don't need the link |
1224 | key. */ | |
aa64a8b5 | 1225 | if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn)) |
3fdca1e1 | 1226 | return 1; |
8c1b2355 | 1227 | |
13d39315 | 1228 | /* For other security levels we need the link key. */ |
4dae2798 | 1229 | if (!test_bit(HCI_CONN_AUTH, &conn->flags)) |
13d39315 WR |
1230 | goto auth; |
1231 | ||
7b5a9241 MH |
1232 | /* An authenticated FIPS approved combination key has sufficient |
1233 | * security for security level 4. */ | |
1234 | if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 && | |
1235 | sec_level == BT_SECURITY_FIPS) | |
1236 | goto encrypt; | |
1237 | ||
1238 | /* An authenticated combination key has sufficient security for | |
1239 | security level 3. */ | |
1240 | if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 || | |
1241 | conn->key_type == HCI_LK_AUTH_COMBINATION_P256) && | |
1242 | sec_level == BT_SECURITY_HIGH) | |
13d39315 WR |
1243 | goto encrypt; |
1244 | ||
1245 | /* An unauthenticated combination key has sufficient security for | |
1246 | security level 1 and 2. */ | |
66138ce8 MH |
1247 | if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 || |
1248 | conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) && | |
5974e4c4 | 1249 | (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW)) |
13d39315 WR |
1250 | goto encrypt; |
1251 | ||
1252 | /* A combination key has always sufficient security for the security | |
1253 | levels 1 or 2. High security level requires the combination key | |
1254 | is generated using maximum PIN code length (16). | |
1255 | For pre 2.1 units. */ | |
1256 | if (conn->key_type == HCI_LK_COMBINATION && | |
7b5a9241 MH |
1257 | (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW || |
1258 | conn->pin_length == 16)) | |
13d39315 WR |
1259 | goto encrypt; |
1260 | ||
1261 | auth: | |
51a8efd7 | 1262 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) |
1da177e4 LT |
1263 | return 0; |
1264 | ||
977f8fce JH |
1265 | if (initiator) |
1266 | set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); | |
1267 | ||
6fdf658c LAD |
1268 | if (!hci_conn_auth(conn, sec_level, auth_type)) |
1269 | return 0; | |
13d39315 WR |
1270 | |
1271 | encrypt: | |
4dae2798 | 1272 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) |
13d39315 | 1273 | return 1; |
8c1b2355 | 1274 | |
13d39315 | 1275 | hci_conn_encrypt(conn); |
1da177e4 LT |
1276 | return 0; |
1277 | } | |
8c1b2355 | 1278 | EXPORT_SYMBOL(hci_conn_security); |
1da177e4 | 1279 | |
b3b1b061 WR |
1280 | /* Check secure link requirement */ |
1281 | int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) | |
1282 | { | |
38b3fef1 | 1283 | BT_DBG("hcon %p", conn); |
b3b1b061 | 1284 | |
9cb2e030 MH |
1285 | /* Accept if non-secure or higher security level is required */ |
1286 | if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) | |
1287 | return 1; | |
b3b1b061 | 1288 | |
9cb2e030 MH |
1289 | /* Accept if secure or higher security level is already present */ |
1290 | if (conn->sec_level == BT_SECURITY_HIGH || | |
1291 | conn->sec_level == BT_SECURITY_FIPS) | |
b3b1b061 WR |
1292 | return 1; |
1293 | ||
9cb2e030 MH |
1294 | /* Reject not secure link */ |
1295 | return 0; | |
b3b1b061 WR |
1296 | } |
1297 | EXPORT_SYMBOL(hci_conn_check_secure); | |
1298 | ||
1da177e4 | 1299 | /* Switch role */ |
8c1b2355 | 1300 | int hci_conn_switch_role(struct hci_conn *conn, __u8 role) |
1da177e4 | 1301 | { |
38b3fef1 | 1302 | BT_DBG("hcon %p", conn); |
1da177e4 | 1303 | |
40bef302 | 1304 | if (role == conn->role) |
1da177e4 LT |
1305 | return 1; |
1306 | ||
51a8efd7 | 1307 | if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) { |
1da177e4 LT |
1308 | struct hci_cp_switch_role cp; |
1309 | bacpy(&cp.bdaddr, &conn->dst); | |
1310 | cp.role = role; | |
a9de9248 | 1311 | hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); |
1da177e4 | 1312 | } |
8c1b2355 | 1313 | |
1da177e4 LT |
1314 | return 0; |
1315 | } | |
1316 | EXPORT_SYMBOL(hci_conn_switch_role); | |
1317 | ||
04837f64 | 1318 | /* Enter active mode */ |
14b12d0b | 1319 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) |
04837f64 MH |
1320 | { |
1321 | struct hci_dev *hdev = conn->hdev; | |
1322 | ||
38b3fef1 | 1323 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
04837f64 | 1324 | |
14b12d0b JG |
1325 | if (conn->mode != HCI_CM_SNIFF) |
1326 | goto timer; | |
1327 | ||
58a681ef | 1328 | if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active) |
04837f64 MH |
1329 | goto timer; |
1330 | ||
51a8efd7 | 1331 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
04837f64 | 1332 | struct hci_cp_exit_sniff_mode cp; |
aca3192c | 1333 | cp.handle = cpu_to_le16(conn->handle); |
a9de9248 | 1334 | hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); |
04837f64 MH |
1335 | } |
1336 | ||
1337 | timer: | |
1338 | if (hdev->idle_timeout > 0) | |
a74a84f6 JH |
1339 | queue_delayed_work(hdev->workqueue, &conn->idle_work, |
1340 | msecs_to_jiffies(hdev->idle_timeout)); | |
04837f64 MH |
1341 | } |
1342 | ||
1da177e4 LT |
1343 | /* Drop all connection on the device */ |
1344 | void hci_conn_hash_flush(struct hci_dev *hdev) | |
1345 | { | |
1346 | struct hci_conn_hash *h = &hdev->conn_hash; | |
3c4e0df0 | 1347 | struct hci_conn *c, *n; |
1da177e4 LT |
1348 | |
1349 | BT_DBG("hdev %s", hdev->name); | |
1350 | ||
3c4e0df0 | 1351 | list_for_each_entry_safe(c, n, &h->list, list) { |
1da177e4 LT |
1352 | c->state = BT_CLOSED; |
1353 | ||
3a6d576b | 1354 | hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM); |
1da177e4 LT |
1355 | hci_conn_del(c); |
1356 | } | |
1357 | } | |
1358 | ||
a9de9248 MH |
1359 | /* Check pending connect attempts */ |
1360 | void hci_conn_check_pending(struct hci_dev *hdev) | |
1361 | { | |
1362 | struct hci_conn *conn; | |
1363 | ||
1364 | BT_DBG("hdev %s", hdev->name); | |
1365 | ||
1366 | hci_dev_lock(hdev); | |
1367 | ||
1368 | conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); | |
1369 | if (conn) | |
1aef8669 | 1370 | hci_acl_create_connection(conn); |
a9de9248 MH |
1371 | |
1372 | hci_dev_unlock(hdev); | |
1373 | } | |
1374 | ||
4dae2798 JH |
1375 | static u32 get_link_mode(struct hci_conn *conn) |
1376 | { | |
1377 | u32 link_mode = 0; | |
1378 | ||
40bef302 | 1379 | if (conn->role == HCI_ROLE_MASTER) |
4dae2798 JH |
1380 | link_mode |= HCI_LM_MASTER; |
1381 | ||
1382 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
1383 | link_mode |= HCI_LM_ENCRYPT; | |
1384 | ||
1385 | if (test_bit(HCI_CONN_AUTH, &conn->flags)) | |
1386 | link_mode |= HCI_LM_AUTH; | |
1387 | ||
1388 | if (test_bit(HCI_CONN_SECURE, &conn->flags)) | |
1389 | link_mode |= HCI_LM_SECURE; | |
1390 | ||
1391 | if (test_bit(HCI_CONN_FIPS, &conn->flags)) | |
1392 | link_mode |= HCI_LM_FIPS; | |
1393 | ||
1394 | return link_mode; | |
1395 | } | |
1396 | ||
1da177e4 LT |
1397 | int hci_get_conn_list(void __user *arg) |
1398 | { | |
fc5fef61 | 1399 | struct hci_conn *c; |
1da177e4 LT |
1400 | struct hci_conn_list_req req, *cl; |
1401 | struct hci_conn_info *ci; | |
1402 | struct hci_dev *hdev; | |
1da177e4 LT |
1403 | int n = 0, size, err; |
1404 | ||
1405 | if (copy_from_user(&req, arg, sizeof(req))) | |
1406 | return -EFAULT; | |
1407 | ||
1408 | if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) | |
1409 | return -EINVAL; | |
1410 | ||
1411 | size = sizeof(req) + req.conn_num * sizeof(*ci); | |
1412 | ||
70f23020 AE |
1413 | cl = kmalloc(size, GFP_KERNEL); |
1414 | if (!cl) | |
1da177e4 LT |
1415 | return -ENOMEM; |
1416 | ||
70f23020 AE |
1417 | hdev = hci_dev_get(req.dev_id); |
1418 | if (!hdev) { | |
1da177e4 LT |
1419 | kfree(cl); |
1420 | return -ENODEV; | |
1421 | } | |
1422 | ||
1423 | ci = cl->conn_info; | |
1424 | ||
09fd0de5 | 1425 | hci_dev_lock(hdev); |
8035ded4 | 1426 | list_for_each_entry(c, &hdev->conn_hash.list, list) { |
1da177e4 LT |
1427 | bacpy(&(ci + n)->bdaddr, &c->dst); |
1428 | (ci + n)->handle = c->handle; | |
1429 | (ci + n)->type = c->type; | |
1430 | (ci + n)->out = c->out; | |
1431 | (ci + n)->state = c->state; | |
4dae2798 | 1432 | (ci + n)->link_mode = get_link_mode(c); |
1da177e4 LT |
1433 | if (++n >= req.conn_num) |
1434 | break; | |
1435 | } | |
09fd0de5 | 1436 | hci_dev_unlock(hdev); |
1da177e4 LT |
1437 | |
1438 | cl->dev_id = hdev->id; | |
1439 | cl->conn_num = n; | |
1440 | size = sizeof(req) + n * sizeof(*ci); | |
1441 | ||
1442 | hci_dev_put(hdev); | |
1443 | ||
1444 | err = copy_to_user(arg, cl, size); | |
1445 | kfree(cl); | |
1446 | ||
1447 | return err ? -EFAULT : 0; | |
1448 | } | |
1449 | ||
1450 | int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) | |
1451 | { | |
1452 | struct hci_conn_info_req req; | |
1453 | struct hci_conn_info ci; | |
1454 | struct hci_conn *conn; | |
1455 | char __user *ptr = arg + sizeof(req); | |
1456 | ||
1457 | if (copy_from_user(&req, arg, sizeof(req))) | |
1458 | return -EFAULT; | |
1459 | ||
09fd0de5 | 1460 | hci_dev_lock(hdev); |
1da177e4 LT |
1461 | conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); |
1462 | if (conn) { | |
1463 | bacpy(&ci.bdaddr, &conn->dst); | |
1464 | ci.handle = conn->handle; | |
1465 | ci.type = conn->type; | |
1466 | ci.out = conn->out; | |
1467 | ci.state = conn->state; | |
4dae2798 | 1468 | ci.link_mode = get_link_mode(conn); |
1da177e4 | 1469 | } |
09fd0de5 | 1470 | hci_dev_unlock(hdev); |
1da177e4 LT |
1471 | |
1472 | if (!conn) | |
1473 | return -ENOENT; | |
1474 | ||
1475 | return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; | |
1476 | } | |
40be492f MH |
1477 | |
1478 | int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) | |
1479 | { | |
1480 | struct hci_auth_info_req req; | |
1481 | struct hci_conn *conn; | |
1482 | ||
1483 | if (copy_from_user(&req, arg, sizeof(req))) | |
1484 | return -EFAULT; | |
1485 | ||
09fd0de5 | 1486 | hci_dev_lock(hdev); |
40be492f MH |
1487 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); |
1488 | if (conn) | |
1489 | req.type = conn->auth_type; | |
09fd0de5 | 1490 | hci_dev_unlock(hdev); |
40be492f MH |
1491 | |
1492 | if (!conn) | |
1493 | return -ENOENT; | |
1494 | ||
1495 | return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; | |
1496 | } | |
73d80deb LAD |
1497 | |
1498 | struct hci_chan *hci_chan_create(struct hci_conn *conn) | |
1499 | { | |
1500 | struct hci_dev *hdev = conn->hdev; | |
1501 | struct hci_chan *chan; | |
1502 | ||
38b3fef1 | 1503 | BT_DBG("%s hcon %p", hdev->name, conn); |
73d80deb | 1504 | |
f94b665d JH |
1505 | if (test_bit(HCI_CONN_DROP, &conn->flags)) { |
1506 | BT_DBG("Refusing to create new hci_chan"); | |
1507 | return NULL; | |
1508 | } | |
1509 | ||
27f70f3e | 1510 | chan = kzalloc(sizeof(*chan), GFP_KERNEL); |
73d80deb LAD |
1511 | if (!chan) |
1512 | return NULL; | |
1513 | ||
6c388d32 | 1514 | chan->conn = hci_conn_get(conn); |
73d80deb | 1515 | skb_queue_head_init(&chan->data_q); |
168df8e5 | 1516 | chan->state = BT_CONNECTED; |
73d80deb | 1517 | |
8192edef | 1518 | list_add_rcu(&chan->list, &conn->chan_list); |
73d80deb LAD |
1519 | |
1520 | return chan; | |
1521 | } | |
1522 | ||
9472007c | 1523 | void hci_chan_del(struct hci_chan *chan) |
73d80deb LAD |
1524 | { |
1525 | struct hci_conn *conn = chan->conn; | |
1526 | struct hci_dev *hdev = conn->hdev; | |
1527 | ||
38b3fef1 | 1528 | BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan); |
73d80deb | 1529 | |
8192edef GP |
1530 | list_del_rcu(&chan->list); |
1531 | ||
1532 | synchronize_rcu(); | |
73d80deb | 1533 | |
bcbb655a | 1534 | /* Prevent new hci_chan's to be created for this hci_conn */ |
f94b665d | 1535 | set_bit(HCI_CONN_DROP, &conn->flags); |
b3ff670a | 1536 | |
6c388d32 | 1537 | hci_conn_put(conn); |
e9b02748 | 1538 | |
73d80deb LAD |
1539 | skb_queue_purge(&chan->data_q); |
1540 | kfree(chan); | |
73d80deb LAD |
1541 | } |
1542 | ||
2c33c06a | 1543 | void hci_chan_list_flush(struct hci_conn *conn) |
73d80deb | 1544 | { |
2a5a5ec6 | 1545 | struct hci_chan *chan, *n; |
73d80deb | 1546 | |
38b3fef1 | 1547 | BT_DBG("hcon %p", conn); |
73d80deb | 1548 | |
2a5a5ec6 | 1549 | list_for_each_entry_safe(chan, n, &conn->chan_list, list) |
73d80deb LAD |
1550 | hci_chan_del(chan); |
1551 | } | |
42c4e53e AE |
1552 | |
1553 | static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, | |
1554 | __u16 handle) | |
1555 | { | |
1556 | struct hci_chan *hchan; | |
1557 | ||
1558 | list_for_each_entry(hchan, &hcon->chan_list, list) { | |
1559 | if (hchan->handle == handle) | |
1560 | return hchan; | |
1561 | } | |
1562 | ||
1563 | return NULL; | |
1564 | } | |
1565 | ||
1566 | struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle) | |
1567 | { | |
1568 | struct hci_conn_hash *h = &hdev->conn_hash; | |
1569 | struct hci_conn *hcon; | |
1570 | struct hci_chan *hchan = NULL; | |
1571 | ||
1572 | rcu_read_lock(); | |
1573 | ||
1574 | list_for_each_entry_rcu(hcon, &h->list, list) { | |
1575 | hchan = __hci_chan_lookup_handle(hcon, handle); | |
1576 | if (hchan) | |
1577 | break; | |
1578 | } | |
1579 | ||
1580 | rcu_read_unlock(); | |
1581 | ||
1582 | return hchan; | |
1583 | } |