Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 | 2 | BlueZ - Bluetooth protocol stack for Linux |
2d0a0346 | 3 | Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. |
0fe8c8d0 | 4 | Copyright 2023 NXP |
1da177e4 LT |
5 | |
6 | Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> | |
7 | ||
8 | This program is free software; you can redistribute it and/or modify | |
9 | it under the terms of the GNU General Public License version 2 as | |
10 | published by the Free Software Foundation; | |
11 | ||
12 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
13 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
14 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
15 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
16 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
17 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
18 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
19 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
20 | ||
8e87d142 YH |
21 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
22 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
23 | SOFTWARE IS DISCLAIMED. |
24 | */ | |
25 | ||
26 | /* Bluetooth HCI connection handling. */ | |
27 | ||
8c520a59 | 28 | #include <linux/export.h> |
23b9ceb7 | 29 | #include <linux/debugfs.h> |
1da177e4 LT |
30 | |
31 | #include <net/bluetooth/bluetooth.h> | |
32 | #include <net/bluetooth/hci_core.h> | |
4bc58f51 | 33 | #include <net/bluetooth/l2cap.h> |
eca0ae4a LAD |
34 | #include <net/bluetooth/iso.h> |
35 | #include <net/bluetooth/mgmt.h> | |
1da177e4 | 36 | |
0857dd3b | 37 | #include "hci_request.h" |
ac4b7236 | 38 | #include "smp.h" |
7024728e | 39 | #include "a2mp.h" |
eca0ae4a | 40 | #include "eir.h" |
7024728e | 41 | |
2dea632f FD |
42 | struct sco_param { |
43 | u16 pkt_type; | |
44 | u16 max_latency; | |
c7da5797 | 45 | u8 retrans_effort; |
2dea632f FD |
46 | }; |
47 | ||
e07a06b4 BG |
48 | struct conn_handle_t { |
49 | struct hci_conn *conn; | |
50 | __u16 handle; | |
51 | }; | |
52 | ||
48e68ff5 | 53 | static const struct sco_param esco_param_cvsd[] = { |
c7da5797 JH |
54 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */ |
55 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */ | |
56 | { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */ | |
57 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */ | |
58 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */ | |
2dea632f FD |
59 | }; |
60 | ||
48e68ff5 | 61 | static const struct sco_param sco_param_cvsd[] = { |
c7da5797 JH |
62 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */ |
63 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */ | |
48e68ff5 BT |
64 | }; |
65 | ||
565766b0 | 66 | static const struct sco_param esco_param_msbc[] = { |
c7da5797 JH |
67 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */ |
68 | { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */ | |
2dea632f FD |
69 | }; |
70 | ||
f75113a2 | 71 | /* This function requires the caller holds hdev->lock */ |
19cf60bf | 72 | static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) |
f75113a2 JP |
73 | { |
74 | struct hci_conn_params *params; | |
b5c2b621 | 75 | struct hci_dev *hdev = conn->hdev; |
f75113a2 JP |
76 | struct smp_irk *irk; |
77 | bdaddr_t *bdaddr; | |
78 | u8 bdaddr_type; | |
79 | ||
80 | bdaddr = &conn->dst; | |
81 | bdaddr_type = conn->dst_type; | |
82 | ||
83 | /* Check if we need to convert to identity address */ | |
b5c2b621 | 84 | irk = hci_get_irk(hdev, bdaddr, bdaddr_type); |
f75113a2 JP |
85 | if (irk) { |
86 | bdaddr = &irk->bdaddr; | |
87 | bdaddr_type = irk->addr_type; | |
88 | } | |
89 | ||
17bc08f0 JH |
90 | params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr, |
91 | bdaddr_type); | |
19cf60bf | 92 | if (!params) |
f75113a2 JP |
93 | return; |
94 | ||
19cf60bf LAD |
95 | if (params->conn) { |
96 | hci_conn_drop(params->conn); | |
97 | hci_conn_put(params->conn); | |
98 | params->conn = NULL; | |
99 | } | |
100 | ||
101 | if (!params->explicit_connect) | |
102 | return; | |
103 | ||
104 | /* If the status indicates successful cancellation of | |
105 | * the attempt (i.e. Unknown Connection Id) there's no point of | |
106 | * notifying failure since we'll go back to keep trying to | |
107 | * connect. The only exception is explicit connect requests | |
108 | * where a timeout + cancel does indicate an actual failure. | |
109 | */ | |
110 | if (status && status != HCI_ERROR_UNKNOWN_CONN_ID) | |
111 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | |
112 | conn->dst_type, status); | |
113 | ||
f75113a2 JP |
114 | /* The connection attempt was doing scan for new RPA, and is |
115 | * in scan phase. If params are not associated with any other | |
116 | * autoconnect action, remove them completely. If they are, just unmark | |
117 | * them as waiting for connection, by clearing explicit_connect field. | |
118 | */ | |
9ad3e6ff JH |
119 | params->explicit_connect = false; |
120 | ||
195ef75e | 121 | hci_pend_le_list_del_init(params); |
9ad3e6ff JH |
122 | |
123 | switch (params->auto_connect) { | |
124 | case HCI_AUTO_CONN_EXPLICIT: | |
b5c2b621 | 125 | hci_conn_params_del(hdev, bdaddr, bdaddr_type); |
9ad3e6ff JH |
126 | /* return instead of break to avoid duplicate scan update */ |
127 | return; | |
128 | case HCI_AUTO_CONN_DIRECT: | |
129 | case HCI_AUTO_CONN_ALWAYS: | |
195ef75e | 130 | hci_pend_le_list_add(params, &hdev->pend_le_conns); |
9ad3e6ff JH |
131 | break; |
132 | case HCI_AUTO_CONN_REPORT: | |
195ef75e | 133 | hci_pend_le_list_add(params, &hdev->pend_le_reports); |
9ad3e6ff JH |
134 | break; |
135 | default: | |
136 | break; | |
168b8a25 | 137 | } |
9ad3e6ff | 138 | |
5bee2fd6 | 139 | hci_update_passive_scan(hdev); |
f75113a2 JP |
140 | } |
141 | ||
b958f9a3 JH |
142 | static void hci_conn_cleanup(struct hci_conn *conn) |
143 | { | |
144 | struct hci_dev *hdev = conn->hdev; | |
145 | ||
146 | if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags)) | |
147 | hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type); | |
148 | ||
629f66aa AM |
149 | if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) |
150 | hci_remove_link_key(hdev, &conn->dst); | |
151 | ||
b958f9a3 JH |
152 | hci_chan_list_flush(conn); |
153 | ||
154 | hci_conn_hash_del(hdev, conn); | |
155 | ||
26afbd82 LAD |
156 | if (conn->cleanup) |
157 | conn->cleanup(conn); | |
158 | ||
1f8330ea SN |
159 | if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { |
160 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
161 | case SCO_AIRMODE_CVSD: | |
162 | case SCO_AIRMODE_TRANSP: | |
163 | if (hdev->notify) | |
164 | hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO); | |
165 | break; | |
166 | } | |
167 | } else { | |
168 | if (hdev->notify) | |
169 | hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); | |
170 | } | |
b958f9a3 JH |
171 | |
172 | hci_conn_del_sysfs(conn); | |
173 | ||
174 | debugfs_remove_recursive(conn->debugfs); | |
175 | ||
176 | hci_dev_put(hdev); | |
177 | ||
178 | hci_conn_put(conn); | |
179 | } | |
180 | ||
1aef8669 | 181 | static void hci_acl_create_connection(struct hci_conn *conn) |
1da177e4 LT |
182 | { |
183 | struct hci_dev *hdev = conn->hdev; | |
184 | struct inquiry_entry *ie; | |
185 | struct hci_cp_create_conn cp; | |
186 | ||
42d2d87c | 187 | BT_DBG("hcon %p", conn); |
1da177e4 | 188 | |
89e65975 SS |
189 | /* Many controllers disallow HCI Create Connection while it is doing |
190 | * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create | |
191 | * Connection. This may cause the MGMT discovering state to become false | |
192 | * without user space's request but it is okay since the MGMT Discovery | |
193 | * APIs do not promise that discovery should be done forever. Instead, | |
194 | * the user space monitors the status of MGMT discovering and it may | |
195 | * request for discovery again when this flag becomes false. | |
196 | */ | |
197 | if (test_bit(HCI_INQUIRY, &hdev->flags)) { | |
198 | /* Put this connection to "pending" state so that it will be | |
199 | * executed after the inquiry cancel command complete event. | |
200 | */ | |
201 | conn->state = BT_CONNECT2; | |
202 | hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); | |
203 | return; | |
204 | } | |
205 | ||
1da177e4 | 206 | conn->state = BT_CONNECT; |
a0c808b3 | 207 | conn->out = true; |
40bef302 | 208 | conn->role = HCI_ROLE_MASTER; |
1da177e4 | 209 | |
4c67bc74 MH |
210 | conn->attempt++; |
211 | ||
e4e8e37c MH |
212 | conn->link_policy = hdev->link_policy; |
213 | ||
1da177e4 LT |
214 | memset(&cp, 0, sizeof(cp)); |
215 | bacpy(&cp.bdaddr, &conn->dst); | |
216 | cp.pscan_rep_mode = 0x02; | |
217 | ||
70f23020 AE |
218 | ie = hci_inquiry_cache_lookup(hdev, &conn->dst); |
219 | if (ie) { | |
41a96212 MH |
220 | if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { |
221 | cp.pscan_rep_mode = ie->data.pscan_rep_mode; | |
222 | cp.pscan_mode = ie->data.pscan_mode; | |
223 | cp.clock_offset = ie->data.clock_offset | | |
dcf4adbf | 224 | cpu_to_le16(0x8000); |
41a96212 MH |
225 | } |
226 | ||
1da177e4 LT |
227 | memcpy(conn->dev_class, ie->data.dev_class, 3); |
228 | } | |
229 | ||
a8746417 | 230 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
1da177e4 | 231 | if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) |
b6a0dc82 | 232 | cp.role_switch = 0x01; |
1da177e4 | 233 | else |
b6a0dc82 | 234 | cp.role_switch = 0x00; |
4c67bc74 | 235 | |
a9de9248 | 236 | hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); |
1da177e4 LT |
237 | } |
238 | ||
e3b679d5 | 239 | int hci_disconnect(struct hci_conn *conn, __u8 reason) |
1da177e4 | 240 | { |
38b3fef1 | 241 | BT_DBG("hcon %p", conn); |
1da177e4 | 242 | |
74be523c | 243 | /* When we are central of an established connection and it enters |
839035a7 JH |
244 | * the disconnect timeout, then go ahead and try to read the |
245 | * current clock offset. Processing of the result is done | |
246 | * within the event handling and hci_clock_offset_evt function. | |
247 | */ | |
88d07feb JH |
248 | if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER && |
249 | (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) { | |
839035a7 | 250 | struct hci_dev *hdev = conn->hdev; |
4f639ede | 251 | struct hci_cp_read_clock_offset clkoff_cp; |
839035a7 | 252 | |
4f639ede FF |
253 | clkoff_cp.handle = cpu_to_le16(conn->handle); |
254 | hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp), | |
255 | &clkoff_cp); | |
839035a7 JH |
256 | } |
257 | ||
88d07feb | 258 | return hci_abort_conn(conn, reason); |
1da177e4 LT |
259 | } |
260 | ||
57f5d0d1 | 261 | static void hci_add_sco(struct hci_conn *conn, __u16 handle) |
1da177e4 LT |
262 | { |
263 | struct hci_dev *hdev = conn->hdev; | |
264 | struct hci_cp_add_sco cp; | |
265 | ||
38b3fef1 | 266 | BT_DBG("hcon %p", conn); |
1da177e4 LT |
267 | |
268 | conn->state = BT_CONNECT; | |
a0c808b3 | 269 | conn->out = true; |
1da177e4 | 270 | |
efc7688b MH |
271 | conn->attempt++; |
272 | ||
aca3192c | 273 | cp.handle = cpu_to_le16(handle); |
a8746417 | 274 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
1da177e4 | 275 | |
a9de9248 | 276 | hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); |
1da177e4 LT |
277 | } |
278 | ||
8b1c324c YL |
279 | static bool find_next_esco_param(struct hci_conn *conn, |
280 | const struct sco_param *esco_param, int size) | |
281 | { | |
06149746 LAD |
282 | if (!conn->parent) |
283 | return false; | |
284 | ||
8b1c324c | 285 | for (; conn->attempt <= size; conn->attempt++) { |
06149746 | 286 | if (lmp_esco_2m_capable(conn->parent) || |
8b1c324c YL |
287 | (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3)) |
288 | break; | |
289 | BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported", | |
290 | conn, conn->attempt); | |
291 | } | |
292 | ||
293 | return conn->attempt <= size; | |
294 | } | |
295 | ||
e07a06b4 | 296 | static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec) |
b2af264a | 297 | { |
e07a06b4 BG |
298 | int err; |
299 | __u8 vnd_len, *vnd_data = NULL; | |
300 | struct hci_op_configure_data_path *cmd = NULL; | |
301 | ||
302 | err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len, | |
303 | &vnd_data); | |
304 | if (err < 0) | |
305 | goto error; | |
306 | ||
307 | cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL); | |
308 | if (!cmd) { | |
309 | err = -ENOMEM; | |
310 | goto error; | |
311 | } | |
312 | ||
313 | err = hdev->get_data_path_id(hdev, &cmd->data_path_id); | |
314 | if (err < 0) | |
315 | goto error; | |
316 | ||
317 | cmd->vnd_len = vnd_len; | |
318 | memcpy(cmd->vnd_data, vnd_data, vnd_len); | |
319 | ||
320 | cmd->direction = 0x00; | |
321 | __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, | |
322 | sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT); | |
323 | ||
324 | cmd->direction = 0x01; | |
325 | err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, | |
326 | sizeof(*cmd) + vnd_len, cmd, | |
327 | HCI_CMD_TIMEOUT); | |
328 | error: | |
329 | ||
330 | kfree(cmd); | |
331 | kfree(vnd_data); | |
332 | return err; | |
333 | } | |
334 | ||
335 | static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data) | |
336 | { | |
337 | struct conn_handle_t *conn_handle = data; | |
338 | struct hci_conn *conn = conn_handle->conn; | |
339 | __u16 handle = conn_handle->handle; | |
b2af264a K |
340 | struct hci_cp_enhanced_setup_sync_conn cp; |
341 | const struct sco_param *param; | |
342 | ||
e07a06b4 BG |
343 | kfree(conn_handle); |
344 | ||
b2af264a K |
345 | bt_dev_dbg(hdev, "hcon %p", conn); |
346 | ||
9798fbde K |
347 | /* for offload use case, codec needs to configured before opening SCO */ |
348 | if (conn->codec.data_path) | |
e07a06b4 | 349 | configure_datapath_sync(hdev, &conn->codec); |
9798fbde | 350 | |
b2af264a K |
351 | conn->state = BT_CONNECT; |
352 | conn->out = true; | |
353 | ||
354 | conn->attempt++; | |
355 | ||
356 | memset(&cp, 0x00, sizeof(cp)); | |
357 | ||
358 | cp.handle = cpu_to_le16(handle); | |
359 | ||
360 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); | |
361 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
362 | ||
363 | switch (conn->codec.id) { | |
904c139a K |
364 | case BT_CODEC_MSBC: |
365 | if (!find_next_esco_param(conn, esco_param_msbc, | |
366 | ARRAY_SIZE(esco_param_msbc))) | |
e07a06b4 | 367 | return -EINVAL; |
904c139a K |
368 | |
369 | param = &esco_param_msbc[conn->attempt - 1]; | |
370 | cp.tx_coding_format.id = 0x05; | |
371 | cp.rx_coding_format.id = 0x05; | |
372 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
373 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
374 | cp.in_bandwidth = __cpu_to_le32(32000); | |
375 | cp.out_bandwidth = __cpu_to_le32(32000); | |
376 | cp.in_coding_format.id = 0x04; | |
377 | cp.out_coding_format.id = 0x04; | |
378 | cp.in_coded_data_size = __cpu_to_le16(16); | |
379 | cp.out_coded_data_size = __cpu_to_le16(16); | |
380 | cp.in_pcm_data_format = 2; | |
381 | cp.out_pcm_data_format = 2; | |
382 | cp.in_pcm_sample_payload_msb_pos = 0; | |
383 | cp.out_pcm_sample_payload_msb_pos = 0; | |
384 | cp.in_data_path = conn->codec.data_path; | |
385 | cp.out_data_path = conn->codec.data_path; | |
386 | cp.in_transport_unit_size = 1; | |
387 | cp.out_transport_unit_size = 1; | |
388 | break; | |
389 | ||
b2af264a K |
390 | case BT_CODEC_TRANSPARENT: |
391 | if (!find_next_esco_param(conn, esco_param_msbc, | |
392 | ARRAY_SIZE(esco_param_msbc))) | |
393 | return false; | |
394 | param = &esco_param_msbc[conn->attempt - 1]; | |
395 | cp.tx_coding_format.id = 0x03; | |
396 | cp.rx_coding_format.id = 0x03; | |
397 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
398 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
399 | cp.in_bandwidth = __cpu_to_le32(0x1f40); | |
400 | cp.out_bandwidth = __cpu_to_le32(0x1f40); | |
401 | cp.in_coding_format.id = 0x03; | |
402 | cp.out_coding_format.id = 0x03; | |
403 | cp.in_coded_data_size = __cpu_to_le16(16); | |
404 | cp.out_coded_data_size = __cpu_to_le16(16); | |
405 | cp.in_pcm_data_format = 2; | |
406 | cp.out_pcm_data_format = 2; | |
407 | cp.in_pcm_sample_payload_msb_pos = 0; | |
408 | cp.out_pcm_sample_payload_msb_pos = 0; | |
409 | cp.in_data_path = conn->codec.data_path; | |
410 | cp.out_data_path = conn->codec.data_path; | |
411 | cp.in_transport_unit_size = 1; | |
412 | cp.out_transport_unit_size = 1; | |
413 | break; | |
414 | ||
415 | case BT_CODEC_CVSD: | |
06149746 | 416 | if (conn->parent && lmp_esco_capable(conn->parent)) { |
b2af264a K |
417 | if (!find_next_esco_param(conn, esco_param_cvsd, |
418 | ARRAY_SIZE(esco_param_cvsd))) | |
e07a06b4 | 419 | return -EINVAL; |
b2af264a K |
420 | param = &esco_param_cvsd[conn->attempt - 1]; |
421 | } else { | |
422 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
e07a06b4 | 423 | return -EINVAL; |
b2af264a K |
424 | param = &sco_param_cvsd[conn->attempt - 1]; |
425 | } | |
426 | cp.tx_coding_format.id = 2; | |
427 | cp.rx_coding_format.id = 2; | |
428 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
429 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
430 | cp.in_bandwidth = __cpu_to_le32(16000); | |
431 | cp.out_bandwidth = __cpu_to_le32(16000); | |
432 | cp.in_coding_format.id = 4; | |
433 | cp.out_coding_format.id = 4; | |
434 | cp.in_coded_data_size = __cpu_to_le16(16); | |
435 | cp.out_coded_data_size = __cpu_to_le16(16); | |
436 | cp.in_pcm_data_format = 2; | |
437 | cp.out_pcm_data_format = 2; | |
438 | cp.in_pcm_sample_payload_msb_pos = 0; | |
439 | cp.out_pcm_sample_payload_msb_pos = 0; | |
440 | cp.in_data_path = conn->codec.data_path; | |
441 | cp.out_data_path = conn->codec.data_path; | |
442 | cp.in_transport_unit_size = 16; | |
443 | cp.out_transport_unit_size = 16; | |
444 | break; | |
445 | default: | |
e07a06b4 | 446 | return -EINVAL; |
b2af264a K |
447 | } |
448 | ||
449 | cp.retrans_effort = param->retrans_effort; | |
450 | cp.pkt_type = __cpu_to_le16(param->pkt_type); | |
451 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
452 | ||
453 | if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
e07a06b4 | 454 | return -EIO; |
b2af264a | 455 | |
e07a06b4 | 456 | return 0; |
b2af264a K |
457 | } |
458 | ||
459 | static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle) | |
b6a0dc82 MH |
460 | { |
461 | struct hci_dev *hdev = conn->hdev; | |
462 | struct hci_cp_setup_sync_conn cp; | |
2dea632f | 463 | const struct sco_param *param; |
b6a0dc82 | 464 | |
b2af264a | 465 | bt_dev_dbg(hdev, "hcon %p", conn); |
b6a0dc82 MH |
466 | |
467 | conn->state = BT_CONNECT; | |
a0c808b3 | 468 | conn->out = true; |
b6a0dc82 | 469 | |
efc7688b MH |
470 | conn->attempt++; |
471 | ||
b6a0dc82 | 472 | cp.handle = cpu_to_le16(handle); |
b6a0dc82 | 473 | |
dcf4adbf JP |
474 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); |
475 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
10c62ddc FD |
476 | cp.voice_setting = cpu_to_le16(conn->setting); |
477 | ||
478 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
479 | case SCO_AIRMODE_TRANSP: | |
8b1c324c YL |
480 | if (!find_next_esco_param(conn, esco_param_msbc, |
481 | ARRAY_SIZE(esco_param_msbc))) | |
2dea632f | 482 | return false; |
565766b0 | 483 | param = &esco_param_msbc[conn->attempt - 1]; |
10c62ddc FD |
484 | break; |
485 | case SCO_AIRMODE_CVSD: | |
06149746 | 486 | if (conn->parent && lmp_esco_capable(conn->parent)) { |
8b1c324c YL |
487 | if (!find_next_esco_param(conn, esco_param_cvsd, |
488 | ARRAY_SIZE(esco_param_cvsd))) | |
48e68ff5 | 489 | return false; |
48e68ff5 BT |
490 | param = &esco_param_cvsd[conn->attempt - 1]; |
491 | } else { | |
492 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
493 | return false; | |
48e68ff5 BT |
494 | param = &sco_param_cvsd[conn->attempt - 1]; |
495 | } | |
10c62ddc | 496 | break; |
2dea632f FD |
497 | default: |
498 | return false; | |
10c62ddc | 499 | } |
b6a0dc82 | 500 | |
c7da5797 | 501 | cp.retrans_effort = param->retrans_effort; |
2dea632f FD |
502 | cp.pkt_type = __cpu_to_le16(param->pkt_type); |
503 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
504 | ||
505 | if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
506 | return false; | |
507 | ||
508 | return true; | |
b6a0dc82 MH |
509 | } |
510 | ||
b2af264a K |
511 | bool hci_setup_sync(struct hci_conn *conn, __u16 handle) |
512 | { | |
e07a06b4 BG |
513 | int result; |
514 | struct conn_handle_t *conn_handle; | |
515 | ||
516 | if (enhanced_sync_conn_capable(conn->hdev)) { | |
517 | conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL); | |
518 | ||
519 | if (!conn_handle) | |
520 | return false; | |
521 | ||
522 | conn_handle->conn = conn; | |
523 | conn_handle->handle = handle; | |
524 | result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync, | |
525 | conn_handle, NULL); | |
526 | if (result < 0) | |
527 | kfree(conn_handle); | |
528 | ||
529 | return result == 0; | |
530 | } | |
b2af264a K |
531 | |
532 | return hci_setup_sync_conn(conn, handle); | |
533 | } | |
534 | ||
7d6ca693 JH |
535 | u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, |
536 | u16 to_multiplier) | |
2ce603eb | 537 | { |
2ce603eb | 538 | struct hci_dev *hdev = conn->hdev; |
f044eb05 MH |
539 | struct hci_conn_params *params; |
540 | struct hci_cp_le_conn_update cp; | |
2ce603eb | 541 | |
f044eb05 | 542 | hci_dev_lock(hdev); |
2ce603eb | 543 | |
f044eb05 MH |
544 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
545 | if (params) { | |
546 | params->conn_min_interval = min; | |
547 | params->conn_max_interval = max; | |
548 | params->conn_latency = latency; | |
549 | params->supervision_timeout = to_multiplier; | |
550 | } | |
551 | ||
552 | hci_dev_unlock(hdev); | |
553 | ||
554 | memset(&cp, 0, sizeof(cp)); | |
2ce603eb CT |
555 | cp.handle = cpu_to_le16(conn->handle); |
556 | cp.conn_interval_min = cpu_to_le16(min); | |
557 | cp.conn_interval_max = cpu_to_le16(max); | |
558 | cp.conn_latency = cpu_to_le16(latency); | |
559 | cp.supervision_timeout = cpu_to_le16(to_multiplier); | |
dcf4adbf JP |
560 | cp.min_ce_len = cpu_to_le16(0x0000); |
561 | cp.max_ce_len = cpu_to_le16(0x0000); | |
2ce603eb CT |
562 | |
563 | hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); | |
7d6ca693 JH |
564 | |
565 | if (params) | |
566 | return 0x01; | |
567 | ||
568 | return 0x00; | |
2ce603eb | 569 | } |
2ce603eb | 570 | |
fe39c7b2 | 571 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, |
8b76ce34 | 572 | __u8 ltk[16], __u8 key_size) |
a7a595f6 VCG |
573 | { |
574 | struct hci_dev *hdev = conn->hdev; | |
575 | struct hci_cp_le_start_enc cp; | |
576 | ||
38b3fef1 | 577 | BT_DBG("hcon %p", conn); |
a7a595f6 VCG |
578 | |
579 | memset(&cp, 0, sizeof(cp)); | |
580 | ||
581 | cp.handle = cpu_to_le16(conn->handle); | |
fe39c7b2 | 582 | cp.rand = rand; |
a7a595f6 | 583 | cp.ediv = ediv; |
8b76ce34 | 584 | memcpy(cp.ltk, ltk, key_size); |
a7a595f6 VCG |
585 | |
586 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); | |
587 | } | |
a7a595f6 | 588 | |
e73439d8 MH |
589 | /* Device _must_ be locked */ |
590 | void hci_sco_setup(struct hci_conn *conn, __u8 status) | |
591 | { | |
06149746 | 592 | struct hci_link *link; |
e73439d8 | 593 | |
06149746 LAD |
594 | link = list_first_entry_or_null(&conn->link_list, struct hci_link, list); |
595 | if (!link || !link->conn) | |
e73439d8 MH |
596 | return; |
597 | ||
38b3fef1 AE |
598 | BT_DBG("hcon %p", conn); |
599 | ||
e73439d8 MH |
600 | if (!status) { |
601 | if (lmp_esco_capable(conn->hdev)) | |
06149746 | 602 | hci_setup_sync(link->conn, conn->handle); |
e73439d8 | 603 | else |
06149746 | 604 | hci_add_sco(link->conn, conn->handle); |
e73439d8 | 605 | } else { |
06149746 LAD |
606 | hci_connect_cfm(link->conn, status); |
607 | hci_conn_del(link->conn); | |
e73439d8 MH |
608 | } |
609 | } | |
610 | ||
19c40e3b | 611 | static void hci_conn_timeout(struct work_struct *work) |
1da177e4 | 612 | { |
19c40e3b | 613 | struct hci_conn *conn = container_of(work, struct hci_conn, |
5974e4c4 | 614 | disc_work.work); |
1d56dc4f | 615 | int refcnt = atomic_read(&conn->refcnt); |
1da177e4 | 616 | |
38b3fef1 | 617 | BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); |
1da177e4 | 618 | |
1d56dc4f LR |
619 | WARN_ON(refcnt < 0); |
620 | ||
621 | /* FIXME: It was observed that in pairing failed scenario, refcnt | |
622 | * drops below 0. Probably this is because l2cap_conn_del calls | |
623 | * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is | |
624 | * dropped. After that loop hci_chan_del is called which also drops | |
625 | * conn. For now make sure that ACL is alive if refcnt is higher then 0, | |
626 | * otherwise drop it. | |
627 | */ | |
628 | if (refcnt > 0) | |
1da177e4 LT |
629 | return; |
630 | ||
89e0ccc8 | 631 | hci_abort_conn(conn, hci_proto_disconn_ind(conn)); |
1da177e4 LT |
632 | } |
633 | ||
416dc94b | 634 | /* Enter sniff mode */ |
a74a84f6 | 635 | static void hci_conn_idle(struct work_struct *work) |
416dc94b | 636 | { |
a74a84f6 JH |
637 | struct hci_conn *conn = container_of(work, struct hci_conn, |
638 | idle_work.work); | |
416dc94b GP |
639 | struct hci_dev *hdev = conn->hdev; |
640 | ||
38b3fef1 | 641 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
416dc94b | 642 | |
416dc94b GP |
643 | if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) |
644 | return; | |
645 | ||
646 | if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) | |
647 | return; | |
648 | ||
649 | if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { | |
650 | struct hci_cp_sniff_subrate cp; | |
651 | cp.handle = cpu_to_le16(conn->handle); | |
dcf4adbf JP |
652 | cp.max_latency = cpu_to_le16(0); |
653 | cp.min_remote_timeout = cpu_to_le16(0); | |
654 | cp.min_local_timeout = cpu_to_le16(0); | |
416dc94b GP |
655 | hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); |
656 | } | |
657 | ||
51a8efd7 | 658 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
416dc94b GP |
659 | struct hci_cp_sniff_mode cp; |
660 | cp.handle = cpu_to_le16(conn->handle); | |
661 | cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); | |
662 | cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); | |
dcf4adbf JP |
663 | cp.attempt = cpu_to_le16(4); |
664 | cp.timeout = cpu_to_le16(1); | |
416dc94b GP |
665 | hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); |
666 | } | |
667 | } | |
668 | ||
7bc18d9d | 669 | static void hci_conn_auto_accept(struct work_struct *work) |
9f61656a | 670 | { |
7bc18d9d JH |
671 | struct hci_conn *conn = container_of(work, struct hci_conn, |
672 | auto_accept_work.work); | |
9f61656a | 673 | |
7bc18d9d | 674 | hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), |
5974e4c4 | 675 | &conn->dst); |
9f61656a JH |
676 | } |
677 | ||
c3bed4de SN |
678 | static void le_disable_advertising(struct hci_dev *hdev) |
679 | { | |
680 | if (ext_adv_capable(hdev)) { | |
681 | struct hci_cp_le_set_ext_adv_enable cp; | |
682 | ||
683 | cp.enable = 0x00; | |
684 | cp.num_of_sets = 0x00; | |
685 | ||
686 | hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), | |
687 | &cp); | |
688 | } else { | |
689 | u8 enable = 0x00; | |
690 | hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), | |
691 | &enable); | |
692 | } | |
693 | } | |
694 | ||
9489eca4 JH |
695 | static void le_conn_timeout(struct work_struct *work) |
696 | { | |
697 | struct hci_conn *conn = container_of(work, struct hci_conn, | |
698 | le_conn_timeout.work); | |
3c857757 | 699 | struct hci_dev *hdev = conn->hdev; |
9489eca4 JH |
700 | |
701 | BT_DBG(""); | |
702 | ||
3c857757 JH |
703 | /* We could end up here due to having done directed advertising, |
704 | * so clean up the state if necessary. This should however only | |
705 | * happen with broken hardware or if low duty cycle was used | |
706 | * (which doesn't have a timeout of its own). | |
707 | */ | |
0b1db38c | 708 | if (conn->role == HCI_ROLE_SLAVE) { |
c3bed4de SN |
709 | /* Disable LE Advertising */ |
710 | le_disable_advertising(hdev); | |
9fa6b4cd | 711 | hci_dev_lock(hdev); |
9b3628d7 | 712 | hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); |
9fa6b4cd | 713 | hci_dev_unlock(hdev); |
3c857757 JH |
714 | return; |
715 | } | |
716 | ||
89e0ccc8 | 717 | hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); |
9489eca4 JH |
718 | } |
719 | ||
6b9545dc PV |
720 | struct iso_cig_params { |
721 | struct hci_cp_le_set_cig_params cp; | |
722 | struct hci_cis_params cis[0x1f]; | |
723 | }; | |
724 | ||
eca0ae4a LAD |
725 | struct iso_list_data { |
726 | union { | |
727 | u8 cig; | |
728 | u8 big; | |
729 | }; | |
730 | union { | |
731 | u8 cis; | |
732 | u8 bis; | |
733 | u16 sync_handle; | |
734 | }; | |
735 | int count; | |
a0bfde16 | 736 | bool big_term; |
fbdc4bc4 | 737 | bool pa_sync_term; |
f777d882 | 738 | bool big_sync_term; |
eca0ae4a LAD |
739 | }; |
740 | ||
741 | static void bis_list(struct hci_conn *conn, void *data) | |
742 | { | |
743 | struct iso_list_data *d = data; | |
744 | ||
745 | /* Skip if not broadcast/ANY address */ | |
746 | if (bacmp(&conn->dst, BDADDR_ANY)) | |
747 | return; | |
748 | ||
0fe8c8d0 IT |
749 | if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET || |
750 | d->bis != conn->iso_qos.bcast.bis) | |
eca0ae4a LAD |
751 | return; |
752 | ||
753 | d->count++; | |
754 | } | |
755 | ||
eca0ae4a LAD |
756 | static int terminate_big_sync(struct hci_dev *hdev, void *data) |
757 | { | |
758 | struct iso_list_data *d = data; | |
759 | ||
760 | bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis); | |
761 | ||
a254b90c | 762 | hci_disable_per_advertising_sync(hdev, d->bis); |
eca0ae4a LAD |
763 | hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL); |
764 | ||
a0bfde16 IT |
765 | /* Only terminate BIG if it has been created */ |
766 | if (!d->big_term) | |
eca0ae4a LAD |
767 | return 0; |
768 | ||
769 | return hci_le_terminate_big_sync(hdev, d->big, | |
770 | HCI_ERROR_LOCAL_HOST_TERM); | |
771 | } | |
772 | ||
773 | static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err) | |
774 | { | |
775 | kfree(data); | |
776 | } | |
777 | ||
a0bfde16 | 778 | static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn) |
eca0ae4a LAD |
779 | { |
780 | struct iso_list_data *d; | |
3aa21311 | 781 | int ret; |
eca0ae4a | 782 | |
a0bfde16 IT |
783 | bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big, |
784 | conn->iso_qos.bcast.bis); | |
eca0ae4a | 785 | |
3958e877 | 786 | d = kzalloc(sizeof(*d), GFP_KERNEL); |
eca0ae4a LAD |
787 | if (!d) |
788 | return -ENOMEM; | |
789 | ||
a0bfde16 IT |
790 | d->big = conn->iso_qos.bcast.big; |
791 | d->bis = conn->iso_qos.bcast.bis; | |
792 | d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags); | |
eca0ae4a | 793 | |
3aa21311 ZS |
794 | ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d, |
795 | terminate_big_destroy); | |
796 | if (ret) | |
797 | kfree(d); | |
798 | ||
799 | return ret; | |
eca0ae4a LAD |
800 | } |
801 | ||
802 | static int big_terminate_sync(struct hci_dev *hdev, void *data) | |
803 | { | |
804 | struct iso_list_data *d = data; | |
805 | ||
806 | bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big, | |
807 | d->sync_handle); | |
808 | ||
f777d882 IT |
809 | if (d->big_sync_term) |
810 | hci_le_big_terminate_sync(hdev, d->big); | |
eca0ae4a | 811 | |
fbdc4bc4 IT |
812 | if (d->pa_sync_term) |
813 | return hci_le_pa_terminate_sync(hdev, d->sync_handle); | |
814 | ||
815 | return 0; | |
eca0ae4a LAD |
816 | } |
817 | ||
f777d882 | 818 | static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn) |
eca0ae4a LAD |
819 | { |
820 | struct iso_list_data *d; | |
3aa21311 | 821 | int ret; |
eca0ae4a | 822 | |
f777d882 | 823 | bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle); |
eca0ae4a | 824 | |
3958e877 | 825 | d = kzalloc(sizeof(*d), GFP_KERNEL); |
eca0ae4a LAD |
826 | if (!d) |
827 | return -ENOMEM; | |
828 | ||
eca0ae4a | 829 | d->big = big; |
f777d882 | 830 | d->sync_handle = conn->sync_handle; |
fbdc4bc4 | 831 | d->pa_sync_term = test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags); |
f777d882 | 832 | d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags); |
eca0ae4a | 833 | |
3aa21311 ZS |
834 | ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d, |
835 | terminate_big_destroy); | |
836 | if (ret) | |
837 | kfree(d); | |
838 | ||
839 | return ret; | |
eca0ae4a LAD |
840 | } |
841 | ||
842 | /* Cleanup BIS connection | |
843 | * | |
844 | * Detects if there any BIS left connected in a BIG | |
845 | * broadcaster: Remove advertising instance and terminate BIG. | |
846 | * broadcaster receiver: Teminate BIG sync and terminate PA sync. | |
847 | */ | |
848 | static void bis_cleanup(struct hci_conn *conn) | |
849 | { | |
850 | struct hci_dev *hdev = conn->hdev; | |
a0bfde16 | 851 | struct hci_conn *bis; |
eca0ae4a LAD |
852 | |
853 | bt_dev_dbg(hdev, "conn %p", conn); | |
854 | ||
855 | if (conn->role == HCI_ROLE_MASTER) { | |
856 | if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags)) | |
857 | return; | |
858 | ||
a0bfde16 IT |
859 | /* Check if ISO connection is a BIS and terminate advertising |
860 | * set and BIG if there are no other connections using it. | |
861 | */ | |
6a42e9bf | 862 | bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big); |
a0bfde16 IT |
863 | if (bis) |
864 | return; | |
865 | ||
866 | hci_le_terminate_big(hdev, conn); | |
eca0ae4a | 867 | } else { |
f777d882 IT |
868 | bis = hci_conn_hash_lookup_big_any_dst(hdev, |
869 | conn->iso_qos.bcast.big); | |
870 | ||
871 | if (bis) | |
872 | return; | |
873 | ||
0fe8c8d0 | 874 | hci_le_big_terminate(hdev, conn->iso_qos.bcast.big, |
f777d882 | 875 | conn); |
eca0ae4a LAD |
876 | } |
877 | } | |
878 | ||
879 | static int remove_cig_sync(struct hci_dev *hdev, void *data) | |
880 | { | |
a1f6c3ae | 881 | u8 handle = PTR_UINT(data); |
eca0ae4a LAD |
882 | |
883 | return hci_le_remove_cig_sync(hdev, handle); | |
884 | } | |
885 | ||
886 | static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle) | |
887 | { | |
888 | bt_dev_dbg(hdev, "handle 0x%2.2x", handle); | |
889 | ||
a1f6c3ae LAD |
890 | return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle), |
891 | NULL); | |
eca0ae4a LAD |
892 | } |
893 | ||
894 | static void find_cis(struct hci_conn *conn, void *data) | |
895 | { | |
896 | struct iso_list_data *d = data; | |
897 | ||
31c5f916 PV |
898 | /* Ignore broadcast or if CIG don't match */ |
899 | if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig) | |
eca0ae4a LAD |
900 | return; |
901 | ||
902 | d->count++; | |
903 | } | |
904 | ||
905 | /* Cleanup CIS connection: | |
906 | * | |
907 | * Detects if there any CIS left connected in a CIG and remove it. | |
908 | */ | |
909 | static void cis_cleanup(struct hci_conn *conn) | |
910 | { | |
911 | struct hci_dev *hdev = conn->hdev; | |
912 | struct iso_list_data d; | |
913 | ||
31c5f916 PV |
914 | if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET) |
915 | return; | |
916 | ||
eca0ae4a | 917 | memset(&d, 0, sizeof(d)); |
0fe8c8d0 | 918 | d.cig = conn->iso_qos.ucast.cig; |
eca0ae4a LAD |
919 | |
920 | /* Check if ISO connection is a CIS and remove CIG if there are | |
921 | * no other connections using it. | |
922 | */ | |
6c242c64 PV |
923 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d); |
924 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d); | |
eca0ae4a LAD |
925 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d); |
926 | if (d.count) | |
927 | return; | |
928 | ||
0fe8c8d0 | 929 | hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig); |
eca0ae4a LAD |
930 | } |
931 | ||
9f78191c LAD |
932 | static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev) |
933 | { | |
934 | struct hci_conn_hash *h = &hdev->conn_hash; | |
935 | struct hci_conn *c; | |
936 | u16 handle = HCI_CONN_HANDLE_MAX + 1; | |
937 | ||
938 | rcu_read_lock(); | |
939 | ||
940 | list_for_each_entry_rcu(c, &h->list, list) { | |
941 | /* Find the first unused handle */ | |
942 | if (handle == 0xffff || c->handle != handle) | |
943 | break; | |
944 | handle++; | |
945 | } | |
946 | rcu_read_unlock(); | |
947 | ||
948 | return handle; | |
949 | } | |
950 | ||
a5c4e309 JH |
951 | struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, |
952 | u8 role) | |
1da177e4 LT |
953 | { |
954 | struct hci_conn *conn; | |
955 | ||
6ed93dc6 | 956 | BT_DBG("%s dst %pMR", hdev->name, dst); |
1da177e4 | 957 | |
27f70f3e | 958 | conn = kzalloc(sizeof(*conn), GFP_KERNEL); |
04837f64 | 959 | if (!conn) |
1da177e4 | 960 | return NULL; |
1da177e4 LT |
961 | |
962 | bacpy(&conn->dst, dst); | |
662e8820 | 963 | bacpy(&conn->src, &hdev->bdaddr); |
9f78191c | 964 | conn->handle = hci_conn_hash_alloc_unset(hdev); |
a8746417 MH |
965 | conn->hdev = hdev; |
966 | conn->type = type; | |
a5c4e309 | 967 | conn->role = role; |
a8746417 MH |
968 | conn->mode = HCI_CM_ACTIVE; |
969 | conn->state = BT_OPEN; | |
93f19c9f | 970 | conn->auth_type = HCI_AT_GENERAL_BONDING; |
17fa4b9d | 971 | conn->io_capability = hdev->io_capability; |
a9583556 | 972 | conn->remote_auth = 0xff; |
13d39315 | 973 | conn->key_type = 0xff; |
ebf86aa3 | 974 | conn->rssi = HCI_RSSI_INVALID; |
5a134fae | 975 | conn->tx_power = HCI_TX_POWER_INVALID; |
d0455ed9 | 976 | conn->max_tx_power = HCI_TX_POWER_INVALID; |
1d11d70d | 977 | conn->sync_handle = HCI_SYNC_HANDLE_INVALID; |
1da177e4 | 978 | |
58a681ef | 979 | set_bit(HCI_CONN_POWER_SAVE, &conn->flags); |
052b30b0 | 980 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
04837f64 | 981 | |
302975cb SRK |
982 | /* Set Default Authenticated payload timeout to 30s */ |
983 | conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; | |
984 | ||
a5c4e309 JH |
985 | if (conn->role == HCI_ROLE_MASTER) |
986 | conn->out = true; | |
987 | ||
a8746417 MH |
988 | switch (type) { |
989 | case ACL_LINK: | |
990 | conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; | |
991 | break; | |
9c84d1da | 992 | case LE_LINK: |
eca0ae4a LAD |
993 | /* conn->src should reflect the local identity address */ |
994 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
995 | break; | |
26afbd82 | 996 | case ISO_LINK: |
9c84d1da JH |
997 | /* conn->src should reflect the local identity address */ |
998 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
eca0ae4a LAD |
999 | |
1000 | /* set proper cleanup function */ | |
1001 | if (!bacmp(dst, BDADDR_ANY)) | |
1002 | conn->cleanup = bis_cleanup; | |
1003 | else if (conn->role == HCI_ROLE_MASTER) | |
1004 | conn->cleanup = cis_cleanup; | |
1005 | ||
9c84d1da | 1006 | break; |
a8746417 MH |
1007 | case SCO_LINK: |
1008 | if (lmp_esco_capable(hdev)) | |
efc7688b MH |
1009 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
1010 | (hdev->esco_type & EDR_ESCO_MASK); | |
a8746417 MH |
1011 | else |
1012 | conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; | |
1013 | break; | |
1014 | case ESCO_LINK: | |
efc7688b | 1015 | conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; |
a8746417 MH |
1016 | break; |
1017 | } | |
1018 | ||
1da177e4 | 1019 | skb_queue_head_init(&conn->data_q); |
04837f64 | 1020 | |
70c1f20b | 1021 | INIT_LIST_HEAD(&conn->chan_list); |
06149746 | 1022 | INIT_LIST_HEAD(&conn->link_list); |
73d80deb | 1023 | |
19c40e3b | 1024 | INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); |
7bc18d9d | 1025 | INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); |
a74a84f6 | 1026 | INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); |
9489eca4 | 1027 | INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); |
1da177e4 LT |
1028 | |
1029 | atomic_set(&conn->refcnt, 0); | |
1030 | ||
1031 | hci_dev_hold(hdev); | |
1032 | ||
1da177e4 | 1033 | hci_conn_hash_add(hdev, conn); |
1f8330ea SN |
1034 | |
1035 | /* The SCO and eSCO connections will only be notified when their | |
1036 | * setup has been completed. This is different to ACL links which | |
1037 | * can be notified right away. | |
1038 | */ | |
1039 | if (conn->type != SCO_LINK && conn->type != ESCO_LINK) { | |
1040 | if (hdev->notify) | |
1041 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); | |
1042 | } | |
1da177e4 | 1043 | |
a67e899c MH |
1044 | hci_conn_init_sysfs(conn); |
1045 | ||
1da177e4 LT |
1046 | return conn; |
1047 | } | |
1048 | ||
3344d318 PV |
1049 | static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason) |
1050 | { | |
1051 | if (!reason) | |
1052 | reason = HCI_ERROR_REMOTE_USER_TERM; | |
1053 | ||
1054 | /* Due to race, SCO/ISO conn might be not established yet at this point, | |
1055 | * and nothing else will clean it up. In other cases it is done via HCI | |
1056 | * events. | |
1057 | */ | |
1058 | switch (conn->type) { | |
1059 | case SCO_LINK: | |
1060 | case ESCO_LINK: | |
1061 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) | |
1062 | hci_conn_failed(conn, reason); | |
1063 | break; | |
1064 | case ISO_LINK: | |
1065 | if (conn->state != BT_CONNECTED && | |
1066 | !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) | |
1067 | hci_conn_failed(conn, reason); | |
1068 | break; | |
1069 | } | |
1070 | } | |
1071 | ||
06149746 | 1072 | static void hci_conn_unlink(struct hci_conn *conn) |
5dc7d23e | 1073 | { |
06149746 LAD |
1074 | struct hci_dev *hdev = conn->hdev; |
1075 | ||
1076 | bt_dev_dbg(hdev, "hcon %p", conn); | |
1077 | ||
1078 | if (!conn->parent) { | |
1079 | struct hci_link *link, *t; | |
1080 | ||
ca1fd42e RL |
1081 | list_for_each_entry_safe(link, t, &conn->link_list, list) { |
1082 | struct hci_conn *child = link->conn; | |
1083 | ||
1084 | hci_conn_unlink(child); | |
1085 | ||
a2ac591c RL |
1086 | /* If hdev is down it means |
1087 | * hci_dev_close_sync/hci_conn_hash_flush is in progress | |
1088 | * and links don't need to be cleanup as all connections | |
1089 | * would be cleanup. | |
1090 | */ | |
1091 | if (!test_bit(HCI_UP, &hdev->flags)) | |
1092 | continue; | |
1093 | ||
3344d318 | 1094 | hci_conn_cleanup_child(child, conn->abort_reason); |
ca1fd42e | 1095 | } |
06149746 LAD |
1096 | |
1097 | return; | |
1098 | } | |
1099 | ||
5dc7d23e | 1100 | if (!conn->link) |
06149746 | 1101 | return; |
5dc7d23e | 1102 | |
06149746 LAD |
1103 | list_del_rcu(&conn->link->list); |
1104 | synchronize_rcu(); | |
1105 | ||
a2904d28 | 1106 | hci_conn_drop(conn->parent); |
2910431a RL |
1107 | hci_conn_put(conn->parent); |
1108 | conn->parent = NULL; | |
1109 | ||
06149746 | 1110 | kfree(conn->link); |
5dc7d23e | 1111 | conn->link = NULL; |
5dc7d23e LAD |
1112 | } |
1113 | ||
a2ac591c | 1114 | void hci_conn_del(struct hci_conn *conn) |
1da177e4 LT |
1115 | { |
1116 | struct hci_dev *hdev = conn->hdev; | |
1117 | ||
38b3fef1 | 1118 | BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle); |
1da177e4 | 1119 | |
a2904d28 RL |
1120 | hci_conn_unlink(conn); |
1121 | ||
19c40e3b | 1122 | cancel_delayed_work_sync(&conn->disc_work); |
7bc18d9d | 1123 | cancel_delayed_work_sync(&conn->auto_accept_work); |
a74a84f6 | 1124 | cancel_delayed_work_sync(&conn->idle_work); |
9f61656a | 1125 | |
5b7f9909 | 1126 | if (conn->type == ACL_LINK) { |
1da177e4 LT |
1127 | /* Unacked frames */ |
1128 | hdev->acl_cnt += conn->sent; | |
6ed58ec5 | 1129 | } else if (conn->type == LE_LINK) { |
980ffc0a | 1130 | cancel_delayed_work(&conn->le_conn_timeout); |
9489eca4 | 1131 | |
6ed58ec5 VT |
1132 | if (hdev->le_pkts) |
1133 | hdev->le_cnt += conn->sent; | |
1134 | else | |
1135 | hdev->acl_cnt += conn->sent; | |
5b7f9909 | 1136 | } else { |
5638d9ea LAD |
1137 | /* Unacked ISO frames */ |
1138 | if (conn->type == ISO_LINK) { | |
1139 | if (hdev->iso_pkts) | |
1140 | hdev->iso_cnt += conn->sent; | |
1141 | else if (hdev->le_pkts) | |
1142 | hdev->le_cnt += conn->sent; | |
1143 | else | |
1144 | hdev->acl_cnt += conn->sent; | |
1145 | } | |
1da177e4 LT |
1146 | } |
1147 | ||
9740e49d AE |
1148 | if (conn->amp_mgr) |
1149 | amp_mgr_put(conn->amp_mgr); | |
1150 | ||
1da177e4 | 1151 | skb_queue_purge(&conn->data_q); |
1da177e4 | 1152 | |
b958f9a3 JH |
1153 | /* Remove the connection from the list and cleanup its remaining |
1154 | * state. This is a separate function since for some cases like | |
1155 | * BT_CONNECT_SCAN we *only* want the cleanup part without the | |
1156 | * rest of hci_conn_del. | |
1157 | */ | |
1158 | hci_conn_cleanup(conn); | |
1da177e4 LT |
1159 | } |
1160 | ||
39385cb5 | 1161 | struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type) |
1da177e4 LT |
1162 | { |
1163 | int use_src = bacmp(src, BDADDR_ANY); | |
8035ded4 | 1164 | struct hci_dev *hdev = NULL, *d; |
1da177e4 | 1165 | |
6ed93dc6 | 1166 | BT_DBG("%pMR -> %pMR", src, dst); |
1da177e4 | 1167 | |
f20d09d5 | 1168 | read_lock(&hci_dev_list_lock); |
1da177e4 | 1169 | |
8035ded4 | 1170 | list_for_each_entry(d, &hci_dev_list, list) { |
8fc9ced3 | 1171 | if (!test_bit(HCI_UP, &d->flags) || |
d7a5a11d | 1172 | hci_dev_test_flag(d, HCI_USER_CHANNEL) || |
ca8bee5d | 1173 | d->dev_type != HCI_PRIMARY) |
1da177e4 LT |
1174 | continue; |
1175 | ||
8e87d142 | 1176 | /* Simple routing: |
1da177e4 LT |
1177 | * No source address - find interface with bdaddr != dst |
1178 | * Source address - find interface with bdaddr == src | |
1179 | */ | |
1180 | ||
1181 | if (use_src) { | |
39385cb5 JH |
1182 | bdaddr_t id_addr; |
1183 | u8 id_addr_type; | |
1184 | ||
1185 | if (src_type == BDADDR_BREDR) { | |
1186 | if (!lmp_bredr_capable(d)) | |
1187 | continue; | |
1188 | bacpy(&id_addr, &d->bdaddr); | |
1189 | id_addr_type = BDADDR_BREDR; | |
1190 | } else { | |
1191 | if (!lmp_le_capable(d)) | |
1192 | continue; | |
1193 | ||
1194 | hci_copy_identity_address(d, &id_addr, | |
1195 | &id_addr_type); | |
1196 | ||
1197 | /* Convert from HCI to three-value type */ | |
1198 | if (id_addr_type == ADDR_LE_DEV_PUBLIC) | |
1199 | id_addr_type = BDADDR_LE_PUBLIC; | |
1200 | else | |
1201 | id_addr_type = BDADDR_LE_RANDOM; | |
1202 | } | |
1203 | ||
1204 | if (!bacmp(&id_addr, src) && id_addr_type == src_type) { | |
1da177e4 LT |
1205 | hdev = d; break; |
1206 | } | |
1207 | } else { | |
1208 | if (bacmp(&d->bdaddr, dst)) { | |
1209 | hdev = d; break; | |
1210 | } | |
1211 | } | |
1212 | } | |
1213 | ||
1214 | if (hdev) | |
1215 | hdev = hci_dev_hold(hdev); | |
1216 | ||
f20d09d5 | 1217 | read_unlock(&hci_dev_list_lock); |
1da177e4 LT |
1218 | return hdev; |
1219 | } | |
1220 | EXPORT_SYMBOL(hci_get_route); | |
1221 | ||
9bb3c01f | 1222 | /* This function requires the caller holds hdev->lock */ |
9b3628d7 | 1223 | static void hci_le_conn_failed(struct hci_conn *conn, u8 status) |
9bb3c01f AG |
1224 | { |
1225 | struct hci_dev *hdev = conn->hdev; | |
f161dd41 | 1226 | |
19cf60bf | 1227 | hci_connect_le_scan_cleanup(conn, status); |
3c857757 | 1228 | |
abfeea47 | 1229 | /* Enable advertising in case this was a failed connection |
3c857757 JH |
1230 | * attempt as a peripheral. |
1231 | */ | |
abfeea47 | 1232 | hci_enable_advertising(hdev); |
9bb3c01f AG |
1233 | } |
1234 | ||
9b3628d7 LAD |
1235 | /* This function requires the caller holds hdev->lock */ |
1236 | void hci_conn_failed(struct hci_conn *conn, u8 status) | |
1237 | { | |
1238 | struct hci_dev *hdev = conn->hdev; | |
1239 | ||
1240 | bt_dev_dbg(hdev, "status 0x%2.2x", status); | |
1241 | ||
1242 | switch (conn->type) { | |
1243 | case LE_LINK: | |
1244 | hci_le_conn_failed(conn, status); | |
1245 | break; | |
1246 | case ACL_LINK: | |
1247 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | |
1248 | conn->dst_type, status); | |
1249 | break; | |
1250 | } | |
1251 | ||
a254b90c IT |
1252 | /* In case of BIG/PA sync failed, clear conn flags so that |
1253 | * the conns will be correctly cleaned up by ISO layer | |
1254 | */ | |
1255 | test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags); | |
1256 | test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags); | |
1257 | ||
9b3628d7 LAD |
1258 | conn->state = BT_CLOSED; |
1259 | hci_connect_cfm(conn, status); | |
1260 | hci_conn_del(conn); | |
1261 | } | |
1262 | ||
16e3b642 LAD |
1263 | /* This function requires the caller holds hdev->lock */ |
1264 | u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle) | |
1265 | { | |
1266 | struct hci_dev *hdev = conn->hdev; | |
1267 | ||
1268 | bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle); | |
1269 | ||
1270 | if (conn->handle == handle) | |
1271 | return 0; | |
1272 | ||
1273 | if (handle > HCI_CONN_HANDLE_MAX) { | |
1274 | bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x", | |
1275 | handle, HCI_CONN_HANDLE_MAX); | |
1276 | return HCI_ERROR_INVALID_PARAMETERS; | |
1277 | } | |
1278 | ||
1279 | /* If abort_reason has been sent it means the connection is being | |
1280 | * aborted and the handle shall not be changed. | |
1281 | */ | |
1282 | if (conn->abort_reason) | |
1283 | return conn->abort_reason; | |
1284 | ||
1285 | conn->handle = handle; | |
1286 | ||
1287 | return 0; | |
1288 | } | |
1289 | ||
8e8b92ee | 1290 | static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err) |
1d399ae5 | 1291 | { |
04a51d61 | 1292 | struct hci_conn *conn; |
a1f6c3ae | 1293 | u16 handle = PTR_UINT(data); |
04a51d61 LAD |
1294 | |
1295 | conn = hci_conn_hash_lookup_handle(hdev, handle); | |
1296 | if (!conn) | |
1297 | return; | |
1d399ae5 | 1298 | |
b62e7220 LAD |
1299 | bt_dev_dbg(hdev, "err %d", err); |
1300 | ||
28a667c9 JP |
1301 | hci_dev_lock(hdev); |
1302 | ||
8e8b92ee | 1303 | if (!err) { |
19cf60bf | 1304 | hci_connect_le_scan_cleanup(conn, 0x00); |
28a667c9 JP |
1305 | goto done; |
1306 | } | |
1d399ae5 | 1307 | |
c9f73a21 LAD |
1308 | /* Check if connection is still pending */ |
1309 | if (conn != hci_lookup_le_connect(hdev)) | |
1d399ae5 AG |
1310 | goto done; |
1311 | ||
5cd39700 AP |
1312 | /* Flush to make sure we send create conn cancel command if needed */ |
1313 | flush_delayed_work(&conn->le_conn_timeout); | |
a86ddbff | 1314 | hci_conn_failed(conn, bt_status(err)); |
1d399ae5 AG |
1315 | |
1316 | done: | |
1317 | hci_dev_unlock(hdev); | |
1318 | } | |
1319 | ||
8e8b92ee | 1320 | static int hci_connect_le_sync(struct hci_dev *hdev, void *data) |
3c857757 | 1321 | { |
04a51d61 | 1322 | struct hci_conn *conn; |
a1f6c3ae | 1323 | u16 handle = PTR_UINT(data); |
04a51d61 LAD |
1324 | |
1325 | conn = hci_conn_hash_lookup_handle(hdev, handle); | |
1326 | if (!conn) | |
1327 | return 0; | |
075e40b7 | 1328 | |
8e8b92ee | 1329 | bt_dev_dbg(hdev, "conn %p", conn); |
3c857757 | 1330 | |
3a15324f | 1331 | clear_bit(HCI_CONN_SCANNING, &conn->flags); |
04a51d61 LAD |
1332 | conn->state = BT_CONNECT; |
1333 | ||
8e8b92ee | 1334 | return hci_le_create_conn_sync(hdev, conn); |
3c857757 JH |
1335 | } |
1336 | ||
04a6c589 | 1337 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, |
d850bf08 | 1338 | u8 dst_type, bool dst_resolved, u8 sec_level, |
8e8b92ee | 1339 | u16 conn_timeout, u8 role) |
1da177e4 | 1340 | { |
e2caced4 | 1341 | struct hci_conn *conn; |
1ebfcc1f | 1342 | struct smp_irk *irk; |
1d399ae5 | 1343 | int err; |
1da177e4 | 1344 | |
152d386e | 1345 | /* Let's make sure that le is enabled.*/ |
d7a5a11d | 1346 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { |
152d386e LR |
1347 | if (lmp_le_capable(hdev)) |
1348 | return ERR_PTR(-ECONNREFUSED); | |
1349 | ||
1350 | return ERR_PTR(-EOPNOTSUPP); | |
1351 | } | |
1352 | ||
658aead9 JH |
1353 | /* Since the controller supports only one LE connection attempt at a |
1354 | * time, we return -EBUSY if there is any connection attempt running. | |
1355 | */ | |
1356 | if (hci_lookup_le_connect(hdev)) | |
1357 | return ERR_PTR(-EBUSY); | |
1358 | ||
e2caced4 JH |
1359 | /* If there's already a connection object but it's not in |
1360 | * scanning state it means it must already be established, in | |
1361 | * which case we can't do anything else except report a failure | |
1362 | * to connect. | |
620ad521 | 1363 | */ |
9d4c1cc1 | 1364 | conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); |
e2caced4 JH |
1365 | if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) { |
1366 | return ERR_PTR(-EBUSY); | |
620ad521 | 1367 | } |
dfc94dbd | 1368 | |
d850bf08 LAD |
1369 | /* Check if the destination address has been resolved by the controller |
1370 | * since if it did then the identity address shall be used. | |
edb4b466 | 1371 | */ |
d850bf08 LAD |
1372 | if (!dst_resolved) { |
1373 | /* When given an identity address with existing identity | |
1374 | * resolving key, the connection needs to be established | |
1375 | * to a resolvable random address. | |
1376 | * | |
1377 | * Storing the resolvable random address is required here | |
1378 | * to handle connection failures. The address will later | |
1379 | * be resolved back into the original identity address | |
1380 | * from the connect request. | |
1381 | */ | |
1382 | irk = hci_find_irk_by_addr(hdev, dst, dst_type); | |
1383 | if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { | |
1384 | dst = &irk->rpa; | |
1385 | dst_type = ADDR_LE_DEV_RANDOM; | |
1386 | } | |
1ebfcc1f JH |
1387 | } |
1388 | ||
e2caced4 | 1389 | if (conn) { |
28a667c9 JP |
1390 | bacpy(&conn->dst, dst); |
1391 | } else { | |
1392 | conn = hci_conn_add(hdev, LE_LINK, dst, role); | |
e2caced4 JH |
1393 | if (!conn) |
1394 | return ERR_PTR(-ENOMEM); | |
1395 | hci_conn_hold(conn); | |
1396 | conn->pending_sec_level = sec_level; | |
28a667c9 JP |
1397 | } |
1398 | ||
1ebfcc1f | 1399 | conn->dst_type = dst_type; |
620ad521 | 1400 | conn->sec_level = BT_SECURITY_LOW; |
09ae260b | 1401 | conn->conn_timeout = conn_timeout; |
4292f1f3 | 1402 | |
04a51d61 | 1403 | err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, |
a1f6c3ae | 1404 | UINT_PTR(conn->handle), |
8e8b92ee | 1405 | create_le_conn_complete); |
2acf3d90 AG |
1406 | if (err) { |
1407 | hci_conn_del(conn); | |
620ad521 | 1408 | return ERR_PTR(err); |
2acf3d90 | 1409 | } |
fcd89c09 | 1410 | |
f1e5d547 | 1411 | return conn; |
d04aef4c | 1412 | } |
fcd89c09 | 1413 | |
f75113a2 JP |
1414 | static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) |
1415 | { | |
1416 | struct hci_conn *conn; | |
1417 | ||
9d4c1cc1 | 1418 | conn = hci_conn_hash_lookup_le(hdev, addr, type); |
f75113a2 JP |
1419 | if (!conn) |
1420 | return false; | |
1421 | ||
f75113a2 JP |
1422 | if (conn->state != BT_CONNECTED) |
1423 | return false; | |
1424 | ||
1425 | return true; | |
1426 | } | |
1427 | ||
1428 | /* This function requires the caller holds hdev->lock */ | |
84235d22 | 1429 | static int hci_explicit_conn_params_set(struct hci_dev *hdev, |
f75113a2 JP |
1430 | bdaddr_t *addr, u8 addr_type) |
1431 | { | |
f75113a2 JP |
1432 | struct hci_conn_params *params; |
1433 | ||
1434 | if (is_connected(hdev, addr, addr_type)) | |
1435 | return -EISCONN; | |
1436 | ||
5157b8a5 JP |
1437 | params = hci_conn_params_lookup(hdev, addr, addr_type); |
1438 | if (!params) { | |
1439 | params = hci_conn_params_add(hdev, addr, addr_type); | |
1440 | if (!params) | |
1441 | return -ENOMEM; | |
1442 | ||
1443 | /* If we created new params, mark them to be deleted in | |
1444 | * hci_connect_le_scan_cleanup. It's different case than | |
1445 | * existing disabled params, those will stay after cleanup. | |
1446 | */ | |
1447 | params->auto_connect = HCI_AUTO_CONN_EXPLICIT; | |
1448 | } | |
f75113a2 | 1449 | |
5157b8a5 | 1450 | /* We're trying to connect, so make sure params are at pend_le_conns */ |
49c50922 | 1451 | if (params->auto_connect == HCI_AUTO_CONN_DISABLED || |
5157b8a5 JP |
1452 | params->auto_connect == HCI_AUTO_CONN_REPORT || |
1453 | params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { | |
195ef75e PV |
1454 | hci_pend_le_list_del_init(params); |
1455 | hci_pend_le_list_add(params, &hdev->pend_le_conns); | |
f75113a2 JP |
1456 | } |
1457 | ||
1458 | params->explicit_connect = true; | |
f75113a2 JP |
1459 | |
1460 | BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, | |
1461 | params->auto_connect); | |
1462 | ||
1463 | return 0; | |
1464 | } | |
1465 | ||
eca0ae4a LAD |
1466 | static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos) |
1467 | { | |
6a42e9bf IT |
1468 | struct hci_conn *conn; |
1469 | u8 big; | |
eca0ae4a LAD |
1470 | |
1471 | /* Allocate a BIG if not set */ | |
0fe8c8d0 | 1472 | if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) { |
6a42e9bf | 1473 | for (big = 0x00; big < 0xef; big++) { |
eca0ae4a | 1474 | |
6a42e9bf IT |
1475 | conn = hci_conn_hash_lookup_big(hdev, big); |
1476 | if (!conn) | |
eca0ae4a LAD |
1477 | break; |
1478 | } | |
1479 | ||
6a42e9bf | 1480 | if (big == 0xef) |
eca0ae4a LAD |
1481 | return -EADDRNOTAVAIL; |
1482 | ||
1483 | /* Update BIG */ | |
6a42e9bf | 1484 | qos->bcast.big = big; |
eca0ae4a LAD |
1485 | } |
1486 | ||
1487 | return 0; | |
1488 | } | |
1489 | ||
1490 | static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos) | |
1491 | { | |
6a42e9bf IT |
1492 | struct hci_conn *conn; |
1493 | u8 bis; | |
eca0ae4a LAD |
1494 | |
1495 | /* Allocate BIS if not set */ | |
0fe8c8d0 | 1496 | if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) { |
eca0ae4a LAD |
1497 | /* Find an unused adv set to advertise BIS, skip instance 0x00 |
1498 | * since it is reserved as general purpose set. | |
1499 | */ | |
6a42e9bf IT |
1500 | for (bis = 0x01; bis < hdev->le_num_of_adv_sets; |
1501 | bis++) { | |
eca0ae4a | 1502 | |
6a42e9bf IT |
1503 | conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis); |
1504 | if (!conn) | |
eca0ae4a LAD |
1505 | break; |
1506 | } | |
1507 | ||
6a42e9bf | 1508 | if (bis == hdev->le_num_of_adv_sets) |
eca0ae4a LAD |
1509 | return -EADDRNOTAVAIL; |
1510 | ||
1511 | /* Update BIS */ | |
6a42e9bf | 1512 | qos->bcast.bis = bis; |
eca0ae4a LAD |
1513 | } |
1514 | ||
1515 | return 0; | |
1516 | } | |
1517 | ||
1518 | /* This function requires the caller holds hdev->lock */ | |
1519 | static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, | |
a0bfde16 IT |
1520 | struct bt_iso_qos *qos, __u8 base_len, |
1521 | __u8 *base) | |
eca0ae4a LAD |
1522 | { |
1523 | struct hci_conn *conn; | |
eca0ae4a LAD |
1524 | int err; |
1525 | ||
1526 | /* Let's make sure that le is enabled.*/ | |
1527 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1528 | if (lmp_le_capable(hdev)) | |
1529 | return ERR_PTR(-ECONNREFUSED); | |
1530 | return ERR_PTR(-EOPNOTSUPP); | |
1531 | } | |
1532 | ||
1533 | err = qos_set_big(hdev, qos); | |
1534 | if (err) | |
1535 | return ERR_PTR(err); | |
1536 | ||
1537 | err = qos_set_bis(hdev, qos); | |
1538 | if (err) | |
1539 | return ERR_PTR(err); | |
1540 | ||
a0bfde16 IT |
1541 | /* Check if the LE Create BIG command has already been sent */ |
1542 | conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big, | |
1543 | qos->bcast.big); | |
1544 | if (conn) | |
eca0ae4a LAD |
1545 | return ERR_PTR(-EADDRINUSE); |
1546 | ||
a0bfde16 IT |
1547 | /* Check BIS settings against other bound BISes, since all |
1548 | * BISes in a BIG must have the same value for all parameters | |
1549 | */ | |
6a42e9bf | 1550 | conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); |
a0bfde16 IT |
1551 | |
1552 | if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) || | |
1553 | base_len != conn->le_per_adv_data_len || | |
1554 | memcmp(conn->le_per_adv_data, base, base_len))) | |
eca0ae4a LAD |
1555 | return ERR_PTR(-EADDRINUSE); |
1556 | ||
1557 | conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); | |
1558 | if (!conn) | |
1559 | return ERR_PTR(-ENOMEM); | |
1560 | ||
eca0ae4a LAD |
1561 | conn->state = BT_CONNECT; |
1562 | ||
1563 | hci_conn_hold(conn); | |
1564 | return conn; | |
1565 | } | |
1566 | ||
f75113a2 JP |
1567 | /* This function requires the caller holds hdev->lock */ |
1568 | struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, | |
1569 | u8 dst_type, u8 sec_level, | |
76b13996 MM |
1570 | u16 conn_timeout, |
1571 | enum conn_reasons conn_reason) | |
f75113a2 JP |
1572 | { |
1573 | struct hci_conn *conn; | |
f75113a2 JP |
1574 | |
1575 | /* Let's make sure that le is enabled.*/ | |
1576 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1577 | if (lmp_le_capable(hdev)) | |
1578 | return ERR_PTR(-ECONNREFUSED); | |
1579 | ||
1580 | return ERR_PTR(-EOPNOTSUPP); | |
1581 | } | |
1582 | ||
1583 | /* Some devices send ATT messages as soon as the physical link is | |
1584 | * established. To be able to handle these ATT messages, the user- | |
1585 | * space first establishes the connection and then starts the pairing | |
1586 | * process. | |
1587 | * | |
1588 | * So if a hci_conn object already exists for the following connection | |
1589 | * attempt, we simply update pending_sec_level and auth_type fields | |
1590 | * and return the object found. | |
1591 | */ | |
9d4c1cc1 | 1592 | conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); |
f75113a2 JP |
1593 | if (conn) { |
1594 | if (conn->pending_sec_level < sec_level) | |
1595 | conn->pending_sec_level = sec_level; | |
1596 | goto done; | |
1597 | } | |
1598 | ||
1599 | BT_DBG("requesting refresh of dst_addr"); | |
1600 | ||
0ad06aa6 | 1601 | conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER); |
f75113a2 JP |
1602 | if (!conn) |
1603 | return ERR_PTR(-ENOMEM); | |
1604 | ||
d088337c NE |
1605 | if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { |
1606 | hci_conn_del(conn); | |
f75113a2 | 1607 | return ERR_PTR(-EBUSY); |
d088337c | 1608 | } |
f75113a2 JP |
1609 | |
1610 | conn->state = BT_CONNECT; | |
1611 | set_bit(HCI_CONN_SCANNING, &conn->flags); | |
f75113a2 JP |
1612 | conn->dst_type = dst_type; |
1613 | conn->sec_level = BT_SECURITY_LOW; | |
1614 | conn->pending_sec_level = sec_level; | |
1615 | conn->conn_timeout = conn_timeout; | |
76b13996 | 1616 | conn->conn_reason = conn_reason; |
f75113a2 | 1617 | |
5bee2fd6 | 1618 | hci_update_passive_scan(hdev); |
84235d22 | 1619 | |
f75113a2 JP |
1620 | done: |
1621 | hci_conn_hold(conn); | |
1622 | return conn; | |
1623 | } | |
1624 | ||
04a6c589 | 1625 | struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, |
76b13996 MM |
1626 | u8 sec_level, u8 auth_type, |
1627 | enum conn_reasons conn_reason) | |
1da177e4 LT |
1628 | { |
1629 | struct hci_conn *acl; | |
fcd89c09 | 1630 | |
d7a5a11d | 1631 | if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { |
c411110e LR |
1632 | if (lmp_bredr_capable(hdev)) |
1633 | return ERR_PTR(-ECONNREFUSED); | |
1634 | ||
beb19e4c | 1635 | return ERR_PTR(-EOPNOTSUPP); |
c411110e | 1636 | } |
56f87901 | 1637 | |
1ffc6f8c LCY |
1638 | /* Reject outgoing connection to device with same BD ADDR against |
1639 | * CVE-2020-26555 | |
1640 | */ | |
1641 | if (!bacmp(&hdev->bdaddr, dst)) { | |
1642 | bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n", | |
1643 | dst); | |
1644 | return ERR_PTR(-ECONNREFUSED); | |
1645 | } | |
1646 | ||
70f23020 AE |
1647 | acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); |
1648 | if (!acl) { | |
a5c4e309 | 1649 | acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); |
70f23020 | 1650 | if (!acl) |
48c7aba9 | 1651 | return ERR_PTR(-ENOMEM); |
1da177e4 LT |
1652 | } |
1653 | ||
1654 | hci_conn_hold(acl); | |
1655 | ||
76b13996 | 1656 | acl->conn_reason = conn_reason; |
09ab6f4c | 1657 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
765c2a96 JH |
1658 | acl->sec_level = BT_SECURITY_LOW; |
1659 | acl->pending_sec_level = sec_level; | |
09ab6f4c | 1660 | acl->auth_type = auth_type; |
1aef8669 | 1661 | hci_acl_create_connection(acl); |
09ab6f4c | 1662 | } |
1da177e4 | 1663 | |
db474275 VCG |
1664 | return acl; |
1665 | } | |
1666 | ||
06149746 LAD |
1667 | static struct hci_link *hci_conn_link(struct hci_conn *parent, |
1668 | struct hci_conn *conn) | |
1669 | { | |
1670 | struct hci_dev *hdev = parent->hdev; | |
1671 | struct hci_link *link; | |
1672 | ||
1673 | bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn); | |
1674 | ||
1675 | if (conn->link) | |
1676 | return conn->link; | |
1677 | ||
1678 | if (conn->parent) | |
1679 | return NULL; | |
1680 | ||
1681 | link = kzalloc(sizeof(*link), GFP_KERNEL); | |
1682 | if (!link) | |
1683 | return NULL; | |
1684 | ||
1685 | link->conn = hci_conn_hold(conn); | |
1686 | conn->link = link; | |
1687 | conn->parent = hci_conn_get(parent); | |
1688 | ||
1689 | /* Use list_add_tail_rcu append to the list */ | |
1690 | list_add_tail_rcu(&link->list, &parent->link_list); | |
1691 | ||
1692 | return link; | |
1693 | } | |
1694 | ||
10c62ddc | 1695 | struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, |
b2af264a | 1696 | __u16 setting, struct bt_codec *codec) |
db474275 VCG |
1697 | { |
1698 | struct hci_conn *acl; | |
1699 | struct hci_conn *sco; | |
06149746 | 1700 | struct hci_link *link; |
db474275 | 1701 | |
76b13996 MM |
1702 | acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING, |
1703 | CONN_REASON_SCO_CONNECT); | |
db474275 | 1704 | if (IS_ERR(acl)) |
5b7f9909 | 1705 | return acl; |
1da177e4 | 1706 | |
70f23020 AE |
1707 | sco = hci_conn_hash_lookup_ba(hdev, type, dst); |
1708 | if (!sco) { | |
a5c4e309 | 1709 | sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER); |
70f23020 | 1710 | if (!sco) { |
76a68ba0 | 1711 | hci_conn_drop(acl); |
48c7aba9 | 1712 | return ERR_PTR(-ENOMEM); |
1da177e4 | 1713 | } |
5b7f9909 | 1714 | } |
1da177e4 | 1715 | |
06149746 LAD |
1716 | link = hci_conn_link(acl, sco); |
1717 | if (!link) { | |
1718 | hci_conn_drop(acl); | |
1719 | hci_conn_drop(sco); | |
b4066eb0 | 1720 | return ERR_PTR(-ENOLINK); |
06149746 | 1721 | } |
1da177e4 | 1722 | |
10c62ddc | 1723 | sco->setting = setting; |
b2af264a | 1724 | sco->codec = *codec; |
10c62ddc | 1725 | |
5b7f9909 | 1726 | if (acl->state == BT_CONNECTED && |
5974e4c4 | 1727 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
58a681ef | 1728 | set_bit(HCI_CONN_POWER_SAVE, &acl->flags); |
14b12d0b | 1729 | hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); |
c390216b | 1730 | |
51a8efd7 | 1731 | if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) { |
e73439d8 | 1732 | /* defer SCO setup until mode change completed */ |
51a8efd7 | 1733 | set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags); |
e73439d8 MH |
1734 | return sco; |
1735 | } | |
1736 | ||
1737 | hci_sco_setup(acl, 0x00); | |
b6a0dc82 | 1738 | } |
5b7f9909 MH |
1739 | |
1740 | return sco; | |
1da177e4 | 1741 | } |
1da177e4 | 1742 | |
eca0ae4a LAD |
1743 | static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos) |
1744 | { | |
1745 | struct hci_dev *hdev = conn->hdev; | |
1746 | struct hci_cp_le_create_big cp; | |
a0bfde16 | 1747 | struct iso_list_data data; |
eca0ae4a LAD |
1748 | |
1749 | memset(&cp, 0, sizeof(cp)); | |
1750 | ||
a0bfde16 IT |
1751 | data.big = qos->bcast.big; |
1752 | data.bis = qos->bcast.bis; | |
1753 | data.count = 0; | |
1754 | ||
1755 | /* Create a BIS for each bound connection */ | |
1756 | hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, | |
1757 | BT_BOUND, &data); | |
1758 | ||
0fe8c8d0 IT |
1759 | cp.handle = qos->bcast.big; |
1760 | cp.adv_handle = qos->bcast.bis; | |
a0bfde16 | 1761 | cp.num_bis = data.count; |
0fe8c8d0 IT |
1762 | hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval); |
1763 | cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu); | |
1764 | cp.bis.latency = cpu_to_le16(qos->bcast.out.latency); | |
1765 | cp.bis.rtn = qos->bcast.out.rtn; | |
1766 | cp.bis.phy = qos->bcast.out.phy; | |
1767 | cp.bis.packing = qos->bcast.packing; | |
1768 | cp.bis.framing = qos->bcast.framing; | |
1769 | cp.bis.encryption = qos->bcast.encryption; | |
1770 | memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode)); | |
eca0ae4a LAD |
1771 | |
1772 | return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp); | |
1773 | } | |
1774 | ||
a0912892 | 1775 | static int set_cig_params_sync(struct hci_dev *hdev, void *data) |
6b9545dc | 1776 | { |
a1f6c3ae | 1777 | u8 cig_id = PTR_UINT(data); |
a0912892 LAD |
1778 | struct hci_conn *conn; |
1779 | struct bt_iso_qos *qos; | |
1780 | struct iso_cig_params pdu; | |
1781 | u8 cis_id; | |
6b9545dc | 1782 | |
a0912892 LAD |
1783 | conn = hci_conn_hash_lookup_cig(hdev, cig_id); |
1784 | if (!conn) | |
1785 | return 0; | |
6b9545dc | 1786 | |
a0912892 | 1787 | memset(&pdu, 0, sizeof(pdu)); |
6b9545dc | 1788 | |
a0912892 LAD |
1789 | qos = &conn->iso_qos; |
1790 | pdu.cp.cig_id = cig_id; | |
1791 | hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval); | |
1792 | hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval); | |
1793 | pdu.cp.sca = qos->ucast.sca; | |
1794 | pdu.cp.packing = qos->ucast.packing; | |
1795 | pdu.cp.framing = qos->ucast.framing; | |
1796 | pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency); | |
1797 | pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency); | |
6b9545dc | 1798 | |
a0912892 LAD |
1799 | /* Reprogram all CIS(s) with the same CIG, valid range are: |
1800 | * num_cis: 0x00 to 0x1F | |
1801 | * cis_id: 0x00 to 0xEF | |
1802 | */ | |
1803 | for (cis_id = 0x00; cis_id < 0xf0 && | |
1804 | pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) { | |
1805 | struct hci_cis_params *cis; | |
1806 | ||
1807 | conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id); | |
1808 | if (!conn) | |
1809 | continue; | |
6b9545dc | 1810 | |
a0912892 LAD |
1811 | qos = &conn->iso_qos; |
1812 | ||
1813 | cis = &pdu.cis[pdu.cp.num_cis++]; | |
1814 | cis->cis_id = cis_id; | |
1815 | cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu); | |
1816 | cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu); | |
1817 | cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy : | |
1818 | qos->ucast.in.phy; | |
1819 | cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy : | |
1820 | qos->ucast.out.phy; | |
1821 | cis->c_rtn = qos->ucast.out.rtn; | |
1822 | cis->p_rtn = qos->ucast.in.rtn; | |
1823 | } | |
1824 | ||
1825 | if (!pdu.cp.num_cis) | |
1826 | return 0; | |
1827 | ||
1828 | return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, | |
1829 | sizeof(pdu.cp) + | |
1830 | pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu, | |
6b9545dc PV |
1831 | HCI_CMD_TIMEOUT); |
1832 | } | |
1833 | ||
26afbd82 LAD |
1834 | static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos) |
1835 | { | |
1836 | struct hci_dev *hdev = conn->hdev; | |
1837 | struct iso_list_data data; | |
1838 | ||
1839 | memset(&data, 0, sizeof(data)); | |
1840 | ||
e6a7a46b | 1841 | /* Allocate first still reconfigurable CIG if not set */ |
0fe8c8d0 | 1842 | if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) { |
e6a7a46b | 1843 | for (data.cig = 0x00; data.cig < 0xf0; data.cig++) { |
26afbd82 | 1844 | data.count = 0; |
26afbd82 | 1845 | |
e6a7a46b PV |
1846 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, |
1847 | BT_CONNECT, &data); | |
26afbd82 LAD |
1848 | if (data.count) |
1849 | continue; | |
1850 | ||
e6a7a46b | 1851 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, |
26afbd82 LAD |
1852 | BT_CONNECTED, &data); |
1853 | if (!data.count) | |
1854 | break; | |
1855 | } | |
1856 | ||
e6a7a46b | 1857 | if (data.cig == 0xf0) |
26afbd82 LAD |
1858 | return false; |
1859 | ||
1860 | /* Update CIG */ | |
0fe8c8d0 | 1861 | qos->ucast.cig = data.cig; |
26afbd82 LAD |
1862 | } |
1863 | ||
0fe8c8d0 | 1864 | if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) { |
a0912892 LAD |
1865 | if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig, |
1866 | qos->ucast.cis)) | |
26afbd82 | 1867 | return false; |
a0912892 | 1868 | goto done; |
26afbd82 LAD |
1869 | } |
1870 | ||
a0912892 LAD |
1871 | /* Allocate first available CIS if not set */ |
1872 | for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0; | |
1873 | data.cis++) { | |
1874 | if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig, | |
1875 | data.cis)) { | |
26afbd82 | 1876 | /* Update CIS */ |
0fe8c8d0 | 1877 | qos->ucast.cis = data.cis; |
a0912892 | 1878 | break; |
26afbd82 LAD |
1879 | } |
1880 | } | |
1881 | ||
a0912892 | 1882 | if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) |
26afbd82 LAD |
1883 | return false; |
1884 | ||
a0912892 LAD |
1885 | done: |
1886 | if (hci_cmd_sync_queue(hdev, set_cig_params_sync, | |
a1f6c3ae | 1887 | UINT_PTR(qos->ucast.cig), NULL) < 0) |
6b9545dc | 1888 | return false; |
6b9545dc | 1889 | |
26afbd82 LAD |
1890 | return true; |
1891 | } | |
1892 | ||
26afbd82 LAD |
1893 | struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, |
1894 | __u8 dst_type, struct bt_iso_qos *qos) | |
1895 | { | |
1896 | struct hci_conn *cis; | |
1897 | ||
c14516fa LAD |
1898 | cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, |
1899 | qos->ucast.cis); | |
26afbd82 LAD |
1900 | if (!cis) { |
1901 | cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); | |
1902 | if (!cis) | |
1903 | return ERR_PTR(-ENOMEM); | |
1904 | cis->cleanup = cis_cleanup; | |
b36a234d | 1905 | cis->dst_type = dst_type; |
b5793de3 PV |
1906 | cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; |
1907 | cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET; | |
26afbd82 LAD |
1908 | } |
1909 | ||
1910 | if (cis->state == BT_CONNECTED) | |
1911 | return cis; | |
1912 | ||
1913 | /* Check if CIS has been set and the settings matches */ | |
1914 | if (cis->state == BT_BOUND && | |
1915 | !memcmp(&cis->iso_qos, qos, sizeof(*qos))) | |
1916 | return cis; | |
1917 | ||
1918 | /* Update LINK PHYs according to QoS preference */ | |
0fe8c8d0 IT |
1919 | cis->le_tx_phy = qos->ucast.out.phy; |
1920 | cis->le_rx_phy = qos->ucast.in.phy; | |
26afbd82 LAD |
1921 | |
1922 | /* If output interval is not set use the input interval as it cannot be | |
1923 | * 0x000000. | |
1924 | */ | |
0fe8c8d0 IT |
1925 | if (!qos->ucast.out.interval) |
1926 | qos->ucast.out.interval = qos->ucast.in.interval; | |
26afbd82 LAD |
1927 | |
1928 | /* If input interval is not set use the output interval as it cannot be | |
1929 | * 0x000000. | |
1930 | */ | |
0fe8c8d0 IT |
1931 | if (!qos->ucast.in.interval) |
1932 | qos->ucast.in.interval = qos->ucast.out.interval; | |
26afbd82 LAD |
1933 | |
1934 | /* If output latency is not set use the input latency as it cannot be | |
1935 | * 0x0000. | |
1936 | */ | |
0fe8c8d0 IT |
1937 | if (!qos->ucast.out.latency) |
1938 | qos->ucast.out.latency = qos->ucast.in.latency; | |
26afbd82 LAD |
1939 | |
1940 | /* If input latency is not set use the output latency as it cannot be | |
1941 | * 0x0000. | |
1942 | */ | |
0fe8c8d0 IT |
1943 | if (!qos->ucast.in.latency) |
1944 | qos->ucast.in.latency = qos->ucast.out.latency; | |
26afbd82 | 1945 | |
26afbd82 LAD |
1946 | if (!hci_le_set_cig_params(cis, qos)) { |
1947 | hci_conn_drop(cis); | |
1948 | return ERR_PTR(-EINVAL); | |
1949 | } | |
1950 | ||
69997d50 PV |
1951 | hci_conn_hold(cis); |
1952 | ||
26afbd82 LAD |
1953 | cis->iso_qos = *qos; |
1954 | cis->state = BT_BOUND; | |
1955 | ||
1956 | return cis; | |
1957 | } | |
1958 | ||
1959 | bool hci_iso_setup_path(struct hci_conn *conn) | |
1960 | { | |
1961 | struct hci_dev *hdev = conn->hdev; | |
1962 | struct hci_cp_le_setup_iso_path cmd; | |
1963 | ||
1964 | memset(&cmd, 0, sizeof(cmd)); | |
1965 | ||
0fe8c8d0 | 1966 | if (conn->iso_qos.ucast.out.sdu) { |
26afbd82 LAD |
1967 | cmd.handle = cpu_to_le16(conn->handle); |
1968 | cmd.direction = 0x00; /* Input (Host to Controller) */ | |
1969 | cmd.path = 0x00; /* HCI path if enabled */ | |
1970 | cmd.codec = 0x03; /* Transparent Data */ | |
1971 | ||
1972 | if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), | |
1973 | &cmd) < 0) | |
1974 | return false; | |
1975 | } | |
1976 | ||
0fe8c8d0 | 1977 | if (conn->iso_qos.ucast.in.sdu) { |
26afbd82 LAD |
1978 | cmd.handle = cpu_to_le16(conn->handle); |
1979 | cmd.direction = 0x01; /* Output (Controller to Host) */ | |
1980 | cmd.path = 0x00; /* HCI path if enabled */ | |
1981 | cmd.codec = 0x03; /* Transparent Data */ | |
1982 | ||
1983 | if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), | |
1984 | &cmd) < 0) | |
1985 | return false; | |
1986 | } | |
1987 | ||
1988 | return true; | |
1989 | } | |
1990 | ||
7f74563e | 1991 | int hci_conn_check_create_cis(struct hci_conn *conn) |
26afbd82 | 1992 | { |
7f74563e PV |
1993 | if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY)) |
1994 | return -EINVAL; | |
26afbd82 | 1995 | |
7f74563e | 1996 | if (!conn->parent || conn->parent->state != BT_CONNECTED || |
9f78191c | 1997 | conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle)) |
7f74563e | 1998 | return 1; |
26afbd82 | 1999 | |
7f74563e PV |
2000 | return 0; |
2001 | } | |
06149746 | 2002 | |
7f74563e PV |
2003 | static int hci_create_cis_sync(struct hci_dev *hdev, void *data) |
2004 | { | |
2005 | return hci_le_create_cis_sync(hdev); | |
2006 | } | |
06149746 | 2007 | |
7f74563e PV |
2008 | int hci_le_create_cis_pending(struct hci_dev *hdev) |
2009 | { | |
2010 | struct hci_conn *conn; | |
2011 | bool pending = false; | |
06149746 | 2012 | |
7f74563e | 2013 | rcu_read_lock(); |
06149746 | 2014 | |
7f74563e PV |
2015 | list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) { |
2016 | if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) { | |
2017 | rcu_read_unlock(); | |
2018 | return -EBUSY; | |
06149746 LAD |
2019 | } |
2020 | ||
7f74563e PV |
2021 | if (!hci_conn_check_create_cis(conn)) |
2022 | pending = true; | |
26afbd82 LAD |
2023 | } |
2024 | ||
7f74563e PV |
2025 | rcu_read_unlock(); |
2026 | ||
2027 | if (!pending) | |
26afbd82 LAD |
2028 | return 0; |
2029 | ||
2030 | /* Queue Create CIS */ | |
7f74563e | 2031 | return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL); |
26afbd82 LAD |
2032 | } |
2033 | ||
2034 | static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, | |
2035 | struct bt_iso_io_qos *qos, __u8 phy) | |
2036 | { | |
2037 | /* Only set MTU if PHY is enabled */ | |
2038 | if (!qos->sdu && qos->phy) { | |
2039 | if (hdev->iso_mtu > 0) | |
2040 | qos->sdu = hdev->iso_mtu; | |
2041 | else if (hdev->le_mtu > 0) | |
2042 | qos->sdu = hdev->le_mtu; | |
2043 | else | |
2044 | qos->sdu = hdev->acl_mtu; | |
2045 | } | |
2046 | ||
2047 | /* Use the same PHY as ACL if set to any */ | |
2048 | if (qos->phy == BT_ISO_PHY_ANY) | |
2049 | qos->phy = phy; | |
2050 | ||
2051 | /* Use LE ACL connection interval if not set */ | |
2052 | if (!qos->interval) | |
2053 | /* ACL interval unit in 1.25 ms to us */ | |
2054 | qos->interval = conn->le_conn_interval * 1250; | |
2055 | ||
2056 | /* Use LE ACL connection latency if not set */ | |
2057 | if (!qos->latency) | |
2058 | qos->latency = conn->le_conn_latency; | |
2059 | } | |
2060 | ||
eca0ae4a LAD |
2061 | static int create_big_sync(struct hci_dev *hdev, void *data) |
2062 | { | |
2063 | struct hci_conn *conn = data; | |
2064 | struct bt_iso_qos *qos = &conn->iso_qos; | |
2065 | u16 interval, sync_interval = 0; | |
2066 | u32 flags = 0; | |
2067 | int err; | |
2068 | ||
0fe8c8d0 | 2069 | if (qos->bcast.out.phy == 0x02) |
eca0ae4a LAD |
2070 | flags |= MGMT_ADV_FLAG_SEC_2M; |
2071 | ||
2072 | /* Align intervals */ | |
14f0dcec | 2073 | interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor; |
eca0ae4a | 2074 | |
0fe8c8d0 | 2075 | if (qos->bcast.bis) |
14f0dcec | 2076 | sync_interval = interval * 4; |
eca0ae4a | 2077 | |
0fe8c8d0 | 2078 | err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len, |
eca0ae4a LAD |
2079 | conn->le_per_adv_data, flags, interval, |
2080 | interval, sync_interval); | |
2081 | if (err) | |
2082 | return err; | |
2083 | ||
2084 | return hci_le_create_big(conn, &conn->iso_qos); | |
2085 | } | |
2086 | ||
2087 | static void create_pa_complete(struct hci_dev *hdev, void *data, int err) | |
2088 | { | |
2089 | struct hci_cp_le_pa_create_sync *cp = data; | |
2090 | ||
2091 | bt_dev_dbg(hdev, ""); | |
2092 | ||
2093 | if (err) | |
2094 | bt_dev_err(hdev, "Unable to create PA: %d", err); | |
2095 | ||
2096 | kfree(cp); | |
2097 | } | |
2098 | ||
2099 | static int create_pa_sync(struct hci_dev *hdev, void *data) | |
2100 | { | |
2101 | struct hci_cp_le_pa_create_sync *cp = data; | |
2102 | int err; | |
2103 | ||
2104 | err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC, | |
2105 | sizeof(*cp), cp, HCI_CMD_TIMEOUT); | |
2106 | if (err) { | |
2107 | hci_dev_clear_flag(hdev, HCI_PA_SYNC); | |
2108 | return err; | |
2109 | } | |
2110 | ||
2111 | return hci_update_passive_scan_sync(hdev); | |
2112 | } | |
2113 | ||
2114 | int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type, | |
0fe8c8d0 | 2115 | __u8 sid, struct bt_iso_qos *qos) |
eca0ae4a LAD |
2116 | { |
2117 | struct hci_cp_le_pa_create_sync *cp; | |
2118 | ||
2119 | if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC)) | |
2120 | return -EBUSY; | |
2121 | ||
37224a29 | 2122 | cp = kzalloc(sizeof(*cp), GFP_KERNEL); |
eca0ae4a LAD |
2123 | if (!cp) { |
2124 | hci_dev_clear_flag(hdev, HCI_PA_SYNC); | |
2125 | return -ENOMEM; | |
2126 | } | |
2127 | ||
0fe8c8d0 | 2128 | cp->options = qos->bcast.options; |
eca0ae4a LAD |
2129 | cp->sid = sid; |
2130 | cp->addr_type = dst_type; | |
2131 | bacpy(&cp->addr, dst); | |
0fe8c8d0 IT |
2132 | cp->skip = cpu_to_le16(qos->bcast.skip); |
2133 | cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); | |
2134 | cp->sync_cte_type = qos->bcast.sync_cte_type; | |
eca0ae4a LAD |
2135 | |
2136 | /* Queue start pa_create_sync and scan */ | |
2137 | return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete); | |
2138 | } | |
2139 | ||
fbdc4bc4 IT |
2140 | int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon, |
2141 | struct bt_iso_qos *qos, | |
eca0ae4a LAD |
2142 | __u16 sync_handle, __u8 num_bis, __u8 bis[]) |
2143 | { | |
2144 | struct _packed { | |
2145 | struct hci_cp_le_big_create_sync cp; | |
2146 | __u8 bis[0x11]; | |
2147 | } pdu; | |
2148 | int err; | |
2149 | ||
31ca583b | 2150 | if (num_bis < 0x01 || num_bis > sizeof(pdu.bis)) |
eca0ae4a LAD |
2151 | return -EINVAL; |
2152 | ||
2153 | err = qos_set_big(hdev, qos); | |
2154 | if (err) | |
2155 | return err; | |
2156 | ||
fbdc4bc4 IT |
2157 | if (hcon) |
2158 | hcon->iso_qos.bcast.big = qos->bcast.big; | |
2159 | ||
eca0ae4a | 2160 | memset(&pdu, 0, sizeof(pdu)); |
0fe8c8d0 | 2161 | pdu.cp.handle = qos->bcast.big; |
eca0ae4a | 2162 | pdu.cp.sync_handle = cpu_to_le16(sync_handle); |
0fe8c8d0 IT |
2163 | pdu.cp.encryption = qos->bcast.encryption; |
2164 | memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode)); | |
2165 | pdu.cp.mse = qos->bcast.mse; | |
2166 | pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout); | |
eca0ae4a LAD |
2167 | pdu.cp.num_bis = num_bis; |
2168 | memcpy(pdu.bis, bis, num_bis); | |
2169 | ||
2170 | return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC, | |
2171 | sizeof(pdu.cp) + num_bis, &pdu); | |
2172 | } | |
2173 | ||
2174 | static void create_big_complete(struct hci_dev *hdev, void *data, int err) | |
2175 | { | |
2176 | struct hci_conn *conn = data; | |
2177 | ||
2178 | bt_dev_dbg(hdev, "conn %p", conn); | |
2179 | ||
2180 | if (err) { | |
2181 | bt_dev_err(hdev, "Unable to create BIG: %d", err); | |
2182 | hci_connect_cfm(conn, err); | |
2183 | hci_conn_del(conn); | |
2184 | } | |
2185 | } | |
2186 | ||
a0bfde16 IT |
2187 | struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst, |
2188 | struct bt_iso_qos *qos, | |
2189 | __u8 base_len, __u8 *base) | |
eca0ae4a LAD |
2190 | { |
2191 | struct hci_conn *conn; | |
a0bfde16 IT |
2192 | __u8 eir[HCI_MAX_PER_AD_LENGTH]; |
2193 | ||
2194 | if (base_len && base) | |
2195 | base_len = eir_append_service_data(eir, 0, 0x1851, | |
2196 | base, base_len); | |
eca0ae4a LAD |
2197 | |
2198 | /* We need hci_conn object using the BDADDR_ANY as dst */ | |
a0bfde16 | 2199 | conn = hci_add_bis(hdev, dst, qos, base_len, eir); |
eca0ae4a LAD |
2200 | if (IS_ERR(conn)) |
2201 | return conn; | |
2202 | ||
a0bfde16 IT |
2203 | /* Update LINK PHYs according to QoS preference */ |
2204 | conn->le_tx_phy = qos->bcast.out.phy; | |
2205 | conn->le_tx_phy = qos->bcast.out.phy; | |
eca0ae4a LAD |
2206 | |
2207 | /* Add Basic Announcement into Peridic Adv Data if BASE is set */ | |
2208 | if (base_len && base) { | |
a0bfde16 | 2209 | memcpy(conn->le_per_adv_data, eir, sizeof(eir)); |
eca0ae4a LAD |
2210 | conn->le_per_adv_data_len = base_len; |
2211 | } | |
2212 | ||
a0bfde16 IT |
2213 | hci_iso_qos_setup(hdev, conn, &qos->bcast.out, |
2214 | conn->le_tx_phy ? conn->le_tx_phy : | |
2215 | hdev->le_tx_def_phys); | |
2216 | ||
2217 | conn->iso_qos = *qos; | |
2218 | conn->state = BT_BOUND; | |
2219 | ||
2220 | return conn; | |
2221 | } | |
2222 | ||
2223 | static void bis_mark_per_adv(struct hci_conn *conn, void *data) | |
2224 | { | |
2225 | struct iso_list_data *d = data; | |
2226 | ||
2227 | /* Skip if not broadcast/ANY address */ | |
2228 | if (bacmp(&conn->dst, BDADDR_ANY)) | |
2229 | return; | |
2230 | ||
2231 | if (d->big != conn->iso_qos.bcast.big || | |
2232 | d->bis == BT_ISO_QOS_BIS_UNSET || | |
2233 | d->bis != conn->iso_qos.bcast.bis) | |
2234 | return; | |
2235 | ||
2236 | set_bit(HCI_CONN_PER_ADV, &conn->flags); | |
2237 | } | |
2238 | ||
2239 | struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst, | |
2240 | __u8 dst_type, struct bt_iso_qos *qos, | |
2241 | __u8 base_len, __u8 *base) | |
2242 | { | |
2243 | struct hci_conn *conn; | |
2244 | int err; | |
2245 | struct iso_list_data data; | |
2246 | ||
2247 | conn = hci_bind_bis(hdev, dst, qos, base_len, base); | |
2248 | if (IS_ERR(conn)) | |
2249 | return conn; | |
2250 | ||
2251 | data.big = qos->bcast.big; | |
2252 | data.bis = qos->bcast.bis; | |
2253 | ||
2254 | /* Set HCI_CONN_PER_ADV for all bound connections, to mark that | |
2255 | * the start periodic advertising and create BIG commands have | |
2256 | * been queued | |
2257 | */ | |
2258 | hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK, | |
2259 | BT_BOUND, &data); | |
2260 | ||
eca0ae4a LAD |
2261 | /* Queue start periodic advertising and create BIG */ |
2262 | err = hci_cmd_sync_queue(hdev, create_big_sync, conn, | |
2263 | create_big_complete); | |
2264 | if (err < 0) { | |
2265 | hci_conn_drop(conn); | |
2266 | return ERR_PTR(err); | |
2267 | } | |
2268 | ||
eca0ae4a LAD |
2269 | return conn; |
2270 | } | |
2271 | ||
26afbd82 LAD |
2272 | struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, |
2273 | __u8 dst_type, struct bt_iso_qos *qos) | |
2274 | { | |
2275 | struct hci_conn *le; | |
2276 | struct hci_conn *cis; | |
06149746 | 2277 | struct hci_link *link; |
26afbd82 | 2278 | |
26afbd82 LAD |
2279 | if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) |
2280 | le = hci_connect_le(hdev, dst, dst_type, false, | |
2281 | BT_SECURITY_LOW, | |
2282 | HCI_LE_CONN_TIMEOUT, | |
2283 | HCI_ROLE_SLAVE); | |
2284 | else | |
2285 | le = hci_connect_le_scan(hdev, dst, dst_type, | |
2286 | BT_SECURITY_LOW, | |
2287 | HCI_LE_CONN_TIMEOUT, | |
2288 | CONN_REASON_ISO_CONNECT); | |
2289 | if (IS_ERR(le)) | |
2290 | return le; | |
2291 | ||
0fe8c8d0 | 2292 | hci_iso_qos_setup(hdev, le, &qos->ucast.out, |
26afbd82 | 2293 | le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys); |
0fe8c8d0 | 2294 | hci_iso_qos_setup(hdev, le, &qos->ucast.in, |
26afbd82 LAD |
2295 | le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys); |
2296 | ||
2297 | cis = hci_bind_cis(hdev, dst, dst_type, qos); | |
2298 | if (IS_ERR(cis)) { | |
2299 | hci_conn_drop(le); | |
2300 | return cis; | |
2301 | } | |
2302 | ||
06149746 LAD |
2303 | link = hci_conn_link(le, cis); |
2304 | if (!link) { | |
2305 | hci_conn_drop(le); | |
2306 | hci_conn_drop(cis); | |
b4066eb0 | 2307 | return ERR_PTR(-ENOLINK); |
06149746 | 2308 | } |
26afbd82 | 2309 | |
69997d50 PV |
2310 | /* Link takes the refcount */ |
2311 | hci_conn_drop(cis); | |
2312 | ||
7f74563e PV |
2313 | cis->state = BT_CONNECT; |
2314 | ||
2315 | hci_le_create_cis_pending(hdev); | |
26afbd82 LAD |
2316 | |
2317 | return cis; | |
2318 | } | |
2319 | ||
e7c29cb1 MH |
2320 | /* Check link security requirement */ |
2321 | int hci_conn_check_link_mode(struct hci_conn *conn) | |
2322 | { | |
38b3fef1 | 2323 | BT_DBG("hcon %p", conn); |
e7c29cb1 | 2324 | |
40b552aa MH |
2325 | /* In Secure Connections Only mode, it is required that Secure |
2326 | * Connections is used and the link is encrypted with AES-CCM | |
2327 | * using a P-256 authenticated combination key. | |
2328 | */ | |
d7a5a11d | 2329 | if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) { |
40b552aa MH |
2330 | if (!hci_conn_sc_enabled(conn) || |
2331 | !test_bit(HCI_CONN_AES_CCM, &conn->flags) || | |
2332 | conn->key_type != HCI_LK_AUTH_COMBINATION_P256) | |
2333 | return 0; | |
2334 | } | |
2335 | ||
8746f135 LAD |
2336 | /* AES encryption is required for Level 4: |
2337 | * | |
2338 | * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C | |
2339 | * page 1319: | |
2340 | * | |
2341 | * 128-bit equivalent strength for link and encryption keys | |
2342 | * required using FIPS approved algorithms (E0 not allowed, | |
2343 | * SAFER+ not allowed, and P-192 not allowed; encryption key | |
2344 | * not shortened) | |
2345 | */ | |
2346 | if (conn->sec_level == BT_SECURITY_FIPS && | |
2347 | !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { | |
2348 | bt_dev_err(conn->hdev, | |
2349 | "Invalid security: Missing AES-CCM usage"); | |
2350 | return 0; | |
2351 | } | |
2352 | ||
4dae2798 JH |
2353 | if (hci_conn_ssp_enabled(conn) && |
2354 | !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
e7c29cb1 MH |
2355 | return 0; |
2356 | ||
2357 | return 1; | |
2358 | } | |
e7c29cb1 | 2359 | |
1da177e4 | 2360 | /* Authenticate remote device */ |
0684e5f9 | 2361 | static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) |
1da177e4 | 2362 | { |
38b3fef1 | 2363 | BT_DBG("hcon %p", conn); |
1da177e4 | 2364 | |
765c2a96 JH |
2365 | if (conn->pending_sec_level > sec_level) |
2366 | sec_level = conn->pending_sec_level; | |
2367 | ||
96a31833 | 2368 | if (sec_level > conn->sec_level) |
765c2a96 | 2369 | conn->pending_sec_level = sec_level; |
4dae2798 | 2370 | else if (test_bit(HCI_CONN_AUTH, &conn->flags)) |
1da177e4 LT |
2371 | return 1; |
2372 | ||
65cf686e JH |
2373 | /* Make sure we preserve an existing MITM requirement*/ |
2374 | auth_type |= (conn->auth_type & 0x01); | |
2375 | ||
96a31833 MH |
2376 | conn->auth_type = auth_type; |
2377 | ||
51a8efd7 | 2378 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { |
1da177e4 | 2379 | struct hci_cp_auth_requested cp; |
b7d05bad | 2380 | |
aca3192c | 2381 | cp.handle = cpu_to_le16(conn->handle); |
40be492f | 2382 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, |
5974e4c4 | 2383 | sizeof(cp), &cp); |
09da1f34 JH |
2384 | |
2385 | /* If we're already encrypted set the REAUTH_PEND flag, | |
2386 | * otherwise set the ENCRYPT_PEND. | |
2387 | */ | |
4dae2798 | 2388 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) |
51a8efd7 | 2389 | set_bit(HCI_CONN_REAUTH_PEND, &conn->flags); |
09da1f34 JH |
2390 | else |
2391 | set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); | |
1da177e4 | 2392 | } |
8c1b2355 | 2393 | |
1da177e4 LT |
2394 | return 0; |
2395 | } | |
1da177e4 | 2396 | |
bb6d6895 | 2397 | /* Encrypt the link */ |
13d39315 WR |
2398 | static void hci_conn_encrypt(struct hci_conn *conn) |
2399 | { | |
38b3fef1 | 2400 | BT_DBG("hcon %p", conn); |
13d39315 | 2401 | |
51a8efd7 | 2402 | if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { |
13d39315 WR |
2403 | struct hci_cp_set_conn_encrypt cp; |
2404 | cp.handle = cpu_to_le16(conn->handle); | |
2405 | cp.encrypt = 0x01; | |
2406 | hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), | |
5974e4c4 | 2407 | &cp); |
13d39315 WR |
2408 | } |
2409 | } | |
2410 | ||
8c1b2355 | 2411 | /* Enable security */ |
e7cafc45 JH |
2412 | int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, |
2413 | bool initiator) | |
1da177e4 | 2414 | { |
38b3fef1 | 2415 | BT_DBG("hcon %p", conn); |
1da177e4 | 2416 | |
d8343f12 VCG |
2417 | if (conn->type == LE_LINK) |
2418 | return smp_conn_security(conn, sec_level); | |
2419 | ||
13d39315 | 2420 | /* For sdp we don't need the link key. */ |
8c1b2355 MH |
2421 | if (sec_level == BT_SECURITY_SDP) |
2422 | return 1; | |
2423 | ||
13d39315 WR |
2424 | /* For non 2.1 devices and low security level we don't need the link |
2425 | key. */ | |
aa64a8b5 | 2426 | if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn)) |
3fdca1e1 | 2427 | return 1; |
8c1b2355 | 2428 | |
13d39315 | 2429 | /* For other security levels we need the link key. */ |
4dae2798 | 2430 | if (!test_bit(HCI_CONN_AUTH, &conn->flags)) |
13d39315 WR |
2431 | goto auth; |
2432 | ||
1d8e8014 YH |
2433 | switch (conn->key_type) { |
2434 | case HCI_LK_AUTH_COMBINATION_P256: | |
2435 | /* An authenticated FIPS approved combination key has | |
2436 | * sufficient security for security level 4 or lower. | |
2437 | */ | |
2438 | if (sec_level <= BT_SECURITY_FIPS) | |
2439 | goto encrypt; | |
2440 | break; | |
2441 | case HCI_LK_AUTH_COMBINATION_P192: | |
2442 | /* An authenticated combination key has sufficient security for | |
2443 | * security level 3 or lower. | |
2444 | */ | |
2445 | if (sec_level <= BT_SECURITY_HIGH) | |
2446 | goto encrypt; | |
2447 | break; | |
2448 | case HCI_LK_UNAUTH_COMBINATION_P192: | |
2449 | case HCI_LK_UNAUTH_COMBINATION_P256: | |
2450 | /* An unauthenticated combination key has sufficient security | |
2451 | * for security level 2 or lower. | |
2452 | */ | |
2453 | if (sec_level <= BT_SECURITY_MEDIUM) | |
2454 | goto encrypt; | |
2455 | break; | |
2456 | case HCI_LK_COMBINATION: | |
2457 | /* A combination key has always sufficient security for the | |
2458 | * security levels 2 or lower. High security level requires the | |
2459 | * combination key is generated using maximum PIN code length | |
2460 | * (16). For pre 2.1 units. | |
2461 | */ | |
2462 | if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16) | |
2463 | goto encrypt; | |
2464 | break; | |
2465 | default: | |
2466 | break; | |
2467 | } | |
13d39315 WR |
2468 | |
2469 | auth: | |
51a8efd7 | 2470 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) |
1da177e4 LT |
2471 | return 0; |
2472 | ||
977f8fce JH |
2473 | if (initiator) |
2474 | set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); | |
2475 | ||
6fdf658c LAD |
2476 | if (!hci_conn_auth(conn, sec_level, auth_type)) |
2477 | return 0; | |
13d39315 WR |
2478 | |
2479 | encrypt: | |
693cd8ce MH |
2480 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) { |
2481 | /* Ensure that the encryption key size has been read, | |
2482 | * otherwise stall the upper layer responses. | |
2483 | */ | |
2484 | if (!conn->enc_key_size) | |
2485 | return 0; | |
2486 | ||
2487 | /* Nothing else needed, all requirements are met */ | |
13d39315 | 2488 | return 1; |
693cd8ce | 2489 | } |
8c1b2355 | 2490 | |
13d39315 | 2491 | hci_conn_encrypt(conn); |
1da177e4 LT |
2492 | return 0; |
2493 | } | |
8c1b2355 | 2494 | EXPORT_SYMBOL(hci_conn_security); |
1da177e4 | 2495 | |
b3b1b061 WR |
2496 | /* Check secure link requirement */ |
2497 | int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) | |
2498 | { | |
38b3fef1 | 2499 | BT_DBG("hcon %p", conn); |
b3b1b061 | 2500 | |
9cb2e030 MH |
2501 | /* Accept if non-secure or higher security level is required */ |
2502 | if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) | |
2503 | return 1; | |
b3b1b061 | 2504 | |
9cb2e030 MH |
2505 | /* Accept if secure or higher security level is already present */ |
2506 | if (conn->sec_level == BT_SECURITY_HIGH || | |
2507 | conn->sec_level == BT_SECURITY_FIPS) | |
b3b1b061 WR |
2508 | return 1; |
2509 | ||
9cb2e030 MH |
2510 | /* Reject not secure link */ |
2511 | return 0; | |
b3b1b061 WR |
2512 | } |
2513 | EXPORT_SYMBOL(hci_conn_check_secure); | |
2514 | ||
1da177e4 | 2515 | /* Switch role */ |
8c1b2355 | 2516 | int hci_conn_switch_role(struct hci_conn *conn, __u8 role) |
1da177e4 | 2517 | { |
38b3fef1 | 2518 | BT_DBG("hcon %p", conn); |
1da177e4 | 2519 | |
40bef302 | 2520 | if (role == conn->role) |
1da177e4 LT |
2521 | return 1; |
2522 | ||
51a8efd7 | 2523 | if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) { |
1da177e4 LT |
2524 | struct hci_cp_switch_role cp; |
2525 | bacpy(&cp.bdaddr, &conn->dst); | |
2526 | cp.role = role; | |
a9de9248 | 2527 | hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); |
1da177e4 | 2528 | } |
8c1b2355 | 2529 | |
1da177e4 LT |
2530 | return 0; |
2531 | } | |
2532 | EXPORT_SYMBOL(hci_conn_switch_role); | |
2533 | ||
04837f64 | 2534 | /* Enter active mode */ |
14b12d0b | 2535 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) |
04837f64 MH |
2536 | { |
2537 | struct hci_dev *hdev = conn->hdev; | |
2538 | ||
38b3fef1 | 2539 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
04837f64 | 2540 | |
14b12d0b JG |
2541 | if (conn->mode != HCI_CM_SNIFF) |
2542 | goto timer; | |
2543 | ||
58a681ef | 2544 | if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active) |
04837f64 MH |
2545 | goto timer; |
2546 | ||
51a8efd7 | 2547 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
04837f64 | 2548 | struct hci_cp_exit_sniff_mode cp; |
aca3192c | 2549 | cp.handle = cpu_to_le16(conn->handle); |
a9de9248 | 2550 | hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); |
04837f64 MH |
2551 | } |
2552 | ||
2553 | timer: | |
2554 | if (hdev->idle_timeout > 0) | |
a74a84f6 JH |
2555 | queue_delayed_work(hdev->workqueue, &conn->idle_work, |
2556 | msecs_to_jiffies(hdev->idle_timeout)); | |
04837f64 MH |
2557 | } |
2558 | ||
1da177e4 LT |
2559 | /* Drop all connection on the device */ |
2560 | void hci_conn_hash_flush(struct hci_dev *hdev) | |
2561 | { | |
a2ac591c RL |
2562 | struct list_head *head = &hdev->conn_hash.list; |
2563 | struct hci_conn *conn; | |
1da177e4 LT |
2564 | |
2565 | BT_DBG("hdev %s", hdev->name); | |
2566 | ||
a2ac591c RL |
2567 | /* We should not traverse the list here, because hci_conn_del |
2568 | * can remove extra links, which may cause the list traversal | |
2569 | * to hit items that have already been released. | |
2570 | */ | |
2571 | while ((conn = list_first_entry_or_null(head, | |
2572 | struct hci_conn, | |
2573 | list)) != NULL) { | |
2574 | conn->state = BT_CLOSED; | |
2575 | hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM); | |
a2ac591c | 2576 | hci_conn_del(conn); |
1da177e4 LT |
2577 | } |
2578 | } | |
2579 | ||
a9de9248 MH |
2580 | /* Check pending connect attempts */ |
2581 | void hci_conn_check_pending(struct hci_dev *hdev) | |
2582 | { | |
2583 | struct hci_conn *conn; | |
2584 | ||
2585 | BT_DBG("hdev %s", hdev->name); | |
2586 | ||
2587 | hci_dev_lock(hdev); | |
2588 | ||
2589 | conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); | |
2590 | if (conn) | |
1aef8669 | 2591 | hci_acl_create_connection(conn); |
a9de9248 MH |
2592 | |
2593 | hci_dev_unlock(hdev); | |
2594 | } | |
2595 | ||
4dae2798 JH |
2596 | static u32 get_link_mode(struct hci_conn *conn) |
2597 | { | |
2598 | u32 link_mode = 0; | |
2599 | ||
40bef302 | 2600 | if (conn->role == HCI_ROLE_MASTER) |
4dae2798 JH |
2601 | link_mode |= HCI_LM_MASTER; |
2602 | ||
2603 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
2604 | link_mode |= HCI_LM_ENCRYPT; | |
2605 | ||
2606 | if (test_bit(HCI_CONN_AUTH, &conn->flags)) | |
2607 | link_mode |= HCI_LM_AUTH; | |
2608 | ||
2609 | if (test_bit(HCI_CONN_SECURE, &conn->flags)) | |
2610 | link_mode |= HCI_LM_SECURE; | |
2611 | ||
2612 | if (test_bit(HCI_CONN_FIPS, &conn->flags)) | |
2613 | link_mode |= HCI_LM_FIPS; | |
2614 | ||
2615 | return link_mode; | |
2616 | } | |
2617 | ||
1da177e4 LT |
2618 | int hci_get_conn_list(void __user *arg) |
2619 | { | |
fc5fef61 | 2620 | struct hci_conn *c; |
1da177e4 LT |
2621 | struct hci_conn_list_req req, *cl; |
2622 | struct hci_conn_info *ci; | |
2623 | struct hci_dev *hdev; | |
1da177e4 LT |
2624 | int n = 0, size, err; |
2625 | ||
2626 | if (copy_from_user(&req, arg, sizeof(req))) | |
2627 | return -EFAULT; | |
2628 | ||
2629 | if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) | |
2630 | return -EINVAL; | |
2631 | ||
2632 | size = sizeof(req) + req.conn_num * sizeof(*ci); | |
2633 | ||
70f23020 AE |
2634 | cl = kmalloc(size, GFP_KERNEL); |
2635 | if (!cl) | |
1da177e4 LT |
2636 | return -ENOMEM; |
2637 | ||
70f23020 AE |
2638 | hdev = hci_dev_get(req.dev_id); |
2639 | if (!hdev) { | |
1da177e4 LT |
2640 | kfree(cl); |
2641 | return -ENODEV; | |
2642 | } | |
2643 | ||
2644 | ci = cl->conn_info; | |
2645 | ||
09fd0de5 | 2646 | hci_dev_lock(hdev); |
8035ded4 | 2647 | list_for_each_entry(c, &hdev->conn_hash.list, list) { |
1da177e4 LT |
2648 | bacpy(&(ci + n)->bdaddr, &c->dst); |
2649 | (ci + n)->handle = c->handle; | |
2650 | (ci + n)->type = c->type; | |
2651 | (ci + n)->out = c->out; | |
2652 | (ci + n)->state = c->state; | |
4dae2798 | 2653 | (ci + n)->link_mode = get_link_mode(c); |
1da177e4 LT |
2654 | if (++n >= req.conn_num) |
2655 | break; | |
2656 | } | |
09fd0de5 | 2657 | hci_dev_unlock(hdev); |
1da177e4 LT |
2658 | |
2659 | cl->dev_id = hdev->id; | |
2660 | cl->conn_num = n; | |
2661 | size = sizeof(req) + n * sizeof(*ci); | |
2662 | ||
2663 | hci_dev_put(hdev); | |
2664 | ||
2665 | err = copy_to_user(arg, cl, size); | |
2666 | kfree(cl); | |
2667 | ||
2668 | return err ? -EFAULT : 0; | |
2669 | } | |
2670 | ||
2671 | int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) | |
2672 | { | |
2673 | struct hci_conn_info_req req; | |
2674 | struct hci_conn_info ci; | |
2675 | struct hci_conn *conn; | |
2676 | char __user *ptr = arg + sizeof(req); | |
2677 | ||
2678 | if (copy_from_user(&req, arg, sizeof(req))) | |
2679 | return -EFAULT; | |
2680 | ||
09fd0de5 | 2681 | hci_dev_lock(hdev); |
1da177e4 LT |
2682 | conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); |
2683 | if (conn) { | |
2684 | bacpy(&ci.bdaddr, &conn->dst); | |
2685 | ci.handle = conn->handle; | |
2686 | ci.type = conn->type; | |
2687 | ci.out = conn->out; | |
2688 | ci.state = conn->state; | |
4dae2798 | 2689 | ci.link_mode = get_link_mode(conn); |
1da177e4 | 2690 | } |
09fd0de5 | 2691 | hci_dev_unlock(hdev); |
1da177e4 LT |
2692 | |
2693 | if (!conn) | |
2694 | return -ENOENT; | |
2695 | ||
2696 | return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; | |
2697 | } | |
40be492f MH |
2698 | |
2699 | int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) | |
2700 | { | |
2701 | struct hci_auth_info_req req; | |
2702 | struct hci_conn *conn; | |
2703 | ||
2704 | if (copy_from_user(&req, arg, sizeof(req))) | |
2705 | return -EFAULT; | |
2706 | ||
09fd0de5 | 2707 | hci_dev_lock(hdev); |
40be492f MH |
2708 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); |
2709 | if (conn) | |
2710 | req.type = conn->auth_type; | |
09fd0de5 | 2711 | hci_dev_unlock(hdev); |
40be492f MH |
2712 | |
2713 | if (!conn) | |
2714 | return -ENOENT; | |
2715 | ||
2716 | return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; | |
2717 | } | |
73d80deb LAD |
2718 | |
2719 | struct hci_chan *hci_chan_create(struct hci_conn *conn) | |
2720 | { | |
2721 | struct hci_dev *hdev = conn->hdev; | |
2722 | struct hci_chan *chan; | |
2723 | ||
38b3fef1 | 2724 | BT_DBG("%s hcon %p", hdev->name, conn); |
73d80deb | 2725 | |
f94b665d JH |
2726 | if (test_bit(HCI_CONN_DROP, &conn->flags)) { |
2727 | BT_DBG("Refusing to create new hci_chan"); | |
2728 | return NULL; | |
2729 | } | |
2730 | ||
27f70f3e | 2731 | chan = kzalloc(sizeof(*chan), GFP_KERNEL); |
73d80deb LAD |
2732 | if (!chan) |
2733 | return NULL; | |
2734 | ||
6c388d32 | 2735 | chan->conn = hci_conn_get(conn); |
73d80deb | 2736 | skb_queue_head_init(&chan->data_q); |
168df8e5 | 2737 | chan->state = BT_CONNECTED; |
73d80deb | 2738 | |
8192edef | 2739 | list_add_rcu(&chan->list, &conn->chan_list); |
73d80deb LAD |
2740 | |
2741 | return chan; | |
2742 | } | |
2743 | ||
9472007c | 2744 | void hci_chan_del(struct hci_chan *chan) |
73d80deb LAD |
2745 | { |
2746 | struct hci_conn *conn = chan->conn; | |
2747 | struct hci_dev *hdev = conn->hdev; | |
2748 | ||
38b3fef1 | 2749 | BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan); |
73d80deb | 2750 | |
8192edef GP |
2751 | list_del_rcu(&chan->list); |
2752 | ||
2753 | synchronize_rcu(); | |
73d80deb | 2754 | |
bcbb655a | 2755 | /* Prevent new hci_chan's to be created for this hci_conn */ |
f94b665d | 2756 | set_bit(HCI_CONN_DROP, &conn->flags); |
b3ff670a | 2757 | |
6c388d32 | 2758 | hci_conn_put(conn); |
e9b02748 | 2759 | |
73d80deb LAD |
2760 | skb_queue_purge(&chan->data_q); |
2761 | kfree(chan); | |
73d80deb LAD |
2762 | } |
2763 | ||
2c33c06a | 2764 | void hci_chan_list_flush(struct hci_conn *conn) |
73d80deb | 2765 | { |
2a5a5ec6 | 2766 | struct hci_chan *chan, *n; |
73d80deb | 2767 | |
38b3fef1 | 2768 | BT_DBG("hcon %p", conn); |
73d80deb | 2769 | |
2a5a5ec6 | 2770 | list_for_each_entry_safe(chan, n, &conn->chan_list, list) |
73d80deb LAD |
2771 | hci_chan_del(chan); |
2772 | } | |
42c4e53e AE |
2773 | |
2774 | static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, | |
2775 | __u16 handle) | |
2776 | { | |
2777 | struct hci_chan *hchan; | |
2778 | ||
2779 | list_for_each_entry(hchan, &hcon->chan_list, list) { | |
2780 | if (hchan->handle == handle) | |
2781 | return hchan; | |
2782 | } | |
2783 | ||
2784 | return NULL; | |
2785 | } | |
2786 | ||
2787 | struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle) | |
2788 | { | |
2789 | struct hci_conn_hash *h = &hdev->conn_hash; | |
2790 | struct hci_conn *hcon; | |
2791 | struct hci_chan *hchan = NULL; | |
2792 | ||
2793 | rcu_read_lock(); | |
2794 | ||
2795 | list_for_each_entry_rcu(hcon, &h->list, list) { | |
2796 | hchan = __hci_chan_lookup_handle(hcon, handle); | |
2797 | if (hchan) | |
2798 | break; | |
2799 | } | |
2800 | ||
2801 | rcu_read_unlock(); | |
2802 | ||
2803 | return hchan; | |
2804 | } | |
eab2404b LAD |
2805 | |
2806 | u32 hci_conn_get_phy(struct hci_conn *conn) | |
2807 | { | |
2808 | u32 phys = 0; | |
2809 | ||
eab2404b LAD |
2810 | /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471: |
2811 | * Table 6.2: Packets defined for synchronous, asynchronous, and | |
6397729b | 2812 | * CPB logical transport types. |
eab2404b LAD |
2813 | */ |
2814 | switch (conn->type) { | |
2815 | case SCO_LINK: | |
2816 | /* SCO logical transport (1 Mb/s): | |
2817 | * HV1, HV2, HV3 and DV. | |
2818 | */ | |
2819 | phys |= BT_PHY_BR_1M_1SLOT; | |
2820 | ||
2821 | break; | |
2822 | ||
2823 | case ACL_LINK: | |
2824 | /* ACL logical transport (1 Mb/s) ptt=0: | |
2825 | * DH1, DM3, DH3, DM5 and DH5. | |
2826 | */ | |
2827 | phys |= BT_PHY_BR_1M_1SLOT; | |
2828 | ||
2829 | if (conn->pkt_type & (HCI_DM3 | HCI_DH3)) | |
2830 | phys |= BT_PHY_BR_1M_3SLOT; | |
2831 | ||
2832 | if (conn->pkt_type & (HCI_DM5 | HCI_DH5)) | |
2833 | phys |= BT_PHY_BR_1M_5SLOT; | |
2834 | ||
2835 | /* ACL logical transport (2 Mb/s) ptt=1: | |
2836 | * 2-DH1, 2-DH3 and 2-DH5. | |
2837 | */ | |
2838 | if (!(conn->pkt_type & HCI_2DH1)) | |
2839 | phys |= BT_PHY_EDR_2M_1SLOT; | |
2840 | ||
2841 | if (!(conn->pkt_type & HCI_2DH3)) | |
2842 | phys |= BT_PHY_EDR_2M_3SLOT; | |
2843 | ||
2844 | if (!(conn->pkt_type & HCI_2DH5)) | |
2845 | phys |= BT_PHY_EDR_2M_5SLOT; | |
2846 | ||
2847 | /* ACL logical transport (3 Mb/s) ptt=1: | |
2848 | * 3-DH1, 3-DH3 and 3-DH5. | |
2849 | */ | |
2850 | if (!(conn->pkt_type & HCI_3DH1)) | |
2851 | phys |= BT_PHY_EDR_3M_1SLOT; | |
2852 | ||
2853 | if (!(conn->pkt_type & HCI_3DH3)) | |
2854 | phys |= BT_PHY_EDR_3M_3SLOT; | |
2855 | ||
2856 | if (!(conn->pkt_type & HCI_3DH5)) | |
2857 | phys |= BT_PHY_EDR_3M_5SLOT; | |
2858 | ||
2859 | break; | |
2860 | ||
2861 | case ESCO_LINK: | |
2862 | /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */ | |
2863 | phys |= BT_PHY_BR_1M_1SLOT; | |
2864 | ||
2865 | if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5))) | |
2866 | phys |= BT_PHY_BR_1M_3SLOT; | |
2867 | ||
2868 | /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */ | |
2869 | if (!(conn->pkt_type & ESCO_2EV3)) | |
2870 | phys |= BT_PHY_EDR_2M_1SLOT; | |
2871 | ||
2872 | if (!(conn->pkt_type & ESCO_2EV5)) | |
2873 | phys |= BT_PHY_EDR_2M_3SLOT; | |
2874 | ||
2875 | /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */ | |
2876 | if (!(conn->pkt_type & ESCO_3EV3)) | |
2877 | phys |= BT_PHY_EDR_3M_1SLOT; | |
2878 | ||
2879 | if (!(conn->pkt_type & ESCO_3EV5)) | |
2880 | phys |= BT_PHY_EDR_3M_3SLOT; | |
2881 | ||
2882 | break; | |
2883 | ||
2884 | case LE_LINK: | |
2885 | if (conn->le_tx_phy & HCI_LE_SET_PHY_1M) | |
2886 | phys |= BT_PHY_LE_1M_TX; | |
2887 | ||
2888 | if (conn->le_rx_phy & HCI_LE_SET_PHY_1M) | |
2889 | phys |= BT_PHY_LE_1M_RX; | |
2890 | ||
2891 | if (conn->le_tx_phy & HCI_LE_SET_PHY_2M) | |
2892 | phys |= BT_PHY_LE_2M_TX; | |
2893 | ||
2894 | if (conn->le_rx_phy & HCI_LE_SET_PHY_2M) | |
2895 | phys |= BT_PHY_LE_2M_RX; | |
2896 | ||
2897 | if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED) | |
2898 | phys |= BT_PHY_LE_CODED_TX; | |
2899 | ||
2900 | if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED) | |
2901 | phys |= BT_PHY_LE_CODED_RX; | |
2902 | ||
2903 | break; | |
2904 | } | |
2905 | ||
eab2404b LAD |
2906 | return phys; |
2907 | } | |
1a942de0 | 2908 | |
a13f316e | 2909 | static int abort_conn_sync(struct hci_dev *hdev, void *data) |
1a942de0 | 2910 | { |
a13f316e | 2911 | struct hci_conn *conn; |
a1f6c3ae | 2912 | u16 handle = PTR_UINT(data); |
1a942de0 | 2913 | |
a13f316e LAD |
2914 | conn = hci_conn_hash_lookup_handle(hdev, handle); |
2915 | if (!conn) | |
b62e7220 LAD |
2916 | return 0; |
2917 | ||
a13f316e LAD |
2918 | return hci_abort_conn_sync(hdev, conn, conn->abort_reason); |
2919 | } | |
1a942de0 | 2920 | |
a13f316e LAD |
2921 | int hci_abort_conn(struct hci_conn *conn, u8 reason) |
2922 | { | |
2923 | struct hci_dev *hdev = conn->hdev; | |
1a942de0 | 2924 | |
a13f316e LAD |
2925 | /* If abort_reason has already been set it means the connection is |
2926 | * already being aborted so don't attempt to overwrite it. | |
2927 | */ | |
2928 | if (conn->abort_reason) | |
2929 | return 0; | |
1a942de0 | 2930 | |
a13f316e | 2931 | bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason); |
1a942de0 | 2932 | |
a13f316e | 2933 | conn->abort_reason = reason; |
1a942de0 | 2934 | |
a13f316e LAD |
2935 | /* If the connection is pending check the command opcode since that |
2936 | * might be blocking on hci_cmd_sync_work while waiting its respective | |
2937 | * event so we need to hci_cmd_sync_cancel to cancel it. | |
04a51d61 LAD |
2938 | * |
2939 | * hci_connect_le serializes the connection attempts so only one | |
2940 | * connection can be in BT_CONNECT at time. | |
a13f316e LAD |
2941 | */ |
2942 | if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) { | |
2943 | switch (hci_skb_event(hdev->sent_cmd)) { | |
2944 | case HCI_EV_LE_CONN_COMPLETE: | |
2945 | case HCI_EV_LE_ENHANCED_CONN_COMPLETE: | |
2946 | case HCI_EVT_LE_CIS_ESTABLISHED: | |
2947 | hci_cmd_sync_cancel(hdev, -ECANCELED); | |
2948 | break; | |
1a942de0 | 2949 | } |
1a942de0 BG |
2950 | } |
2951 | ||
a1f6c3ae | 2952 | return hci_cmd_sync_queue(hdev, abort_conn_sync, UINT_PTR(conn->handle), |
a13f316e | 2953 | NULL); |
1a942de0 | 2954 | } |