projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: ISO: Allow binding a bcast listener to 0 bises
[linux-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
0fe8c8d0 4 Copyright 2023 NXP
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI connection handling. */
27
8c520a59 28#include <linux/export.h>
23b9ceb7 29#include <linux/debugfs.h>
1da177e4
LT		 30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
eca0ae4a
LAD		 34#include <net/bluetooth/iso.h>
35#include <net/bluetooth/mgmt.h>
1da177e4 36
0857dd3b 37#include "hci_request.h"
ac4b7236 38#include "smp.h"
7024728e 39#include "a2mp.h"
eca0ae4a 40#include "eir.h"
7024728e 41
2dea632f
FD		 42struct sco_param {
43 u16 pkt_type;
44 u16 max_latency;
c7da5797 45 u8 retrans_effort;
2dea632f
FD		 46};
47
e07a06b4
BG		 48struct conn_handle_t {
49 struct hci_conn *conn;
50 __u16 handle;
51};
52
48e68ff5 53static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
55 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
56 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
57 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
58 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 59};
60
48e68ff5 61static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 62 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
63 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 64};
65
565766b0 66static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 67 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
68 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 69};
70
f75113a2 71/* This function requires the caller holds hdev->lock */
19cf60bf 72static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
f75113a2
JP		 73{
74 struct hci_conn_params *params;
b5c2b621 75 struct hci_dev *hdev = conn->hdev;
f75113a2
JP		 76 struct smp_irk *irk;
77 bdaddr_t *bdaddr;
78 u8 bdaddr_type;
79
80 bdaddr = &conn->dst;
81 bdaddr_type = conn->dst_type;
82
83 /* Check if we need to convert to identity address */
b5c2b621 84 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
f75113a2
JP		 85 if (irk) {
86 bdaddr = &irk->bdaddr;
87 bdaddr_type = irk->addr_type;
88 }
89
17bc08f0
JH		 90 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
91 bdaddr_type);
19cf60bf 92 if (!params)
f75113a2
JP		 93 return;
94
19cf60bf
LAD		 95 if (params->conn) {
96 hci_conn_drop(params->conn);
97 hci_conn_put(params->conn);
98 params->conn = NULL;
99 }
100
101 if (!params->explicit_connect)
102 return;
103
104 /* If the status indicates successful cancellation of
105 * the attempt (i.e. Unknown Connection Id) there's no point of
106 * notifying failure since we'll go back to keep trying to
107 * connect. The only exception is explicit connect requests
108 * where a timeout + cancel does indicate an actual failure.
109 */
110 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
111 mgmt_connect_failed(hdev, &conn->dst, conn->type,
112 conn->dst_type, status);
113
f75113a2
JP		 114 /* The connection attempt was doing scan for new RPA, and is
115 * in scan phase. If params are not associated with any other
116 * autoconnect action, remove them completely. If they are, just unmark
117 * them as waiting for connection, by clearing explicit_connect field.
118 */
9ad3e6ff
JH		 119 params->explicit_connect = false;
120
195ef75e 121 hci_pend_le_list_del_init(params);
9ad3e6ff
JH		 122
123 switch (params->auto_connect) {
124 case HCI_AUTO_CONN_EXPLICIT:
b5c2b621 125 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
9ad3e6ff
JH		 126 /* return instead of break to avoid duplicate scan update */
127 return;
128 case HCI_AUTO_CONN_DIRECT:
129 case HCI_AUTO_CONN_ALWAYS:
195ef75e 130 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9ad3e6ff
JH		 131 break;
132 case HCI_AUTO_CONN_REPORT:
195ef75e 133 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9ad3e6ff
JH		 134 break;
135 default:
136 break;
168b8a25 137 }
9ad3e6ff 138
5bee2fd6 139 hci_update_passive_scan(hdev);
f75113a2
JP		 140}
141
b958f9a3
JH		 142static void hci_conn_cleanup(struct hci_conn *conn)
143{
144 struct hci_dev *hdev = conn->hdev;
145
146 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
147 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
148
629f66aa
AM		 149 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
150 hci_remove_link_key(hdev, &conn->dst);
151
b958f9a3
JH		 152 hci_chan_list_flush(conn);
153
154 hci_conn_hash_del(hdev, conn);
155
26afbd82
LAD		 156 if (conn->cleanup)
157 conn->cleanup(conn);
158
1f8330ea
SN		 159 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
160 switch (conn->setting & SCO_AIRMODE_MASK) {
161 case SCO_AIRMODE_CVSD:
162 case SCO_AIRMODE_TRANSP:
163 if (hdev->notify)
164 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
165 break;
166 }
167 } else {
168 if (hdev->notify)
169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
170 }
b958f9a3
JH		 171
172 hci_conn_del_sysfs(conn);
173
174 debugfs_remove_recursive(conn->debugfs);
175
176 hci_dev_put(hdev);
177
178 hci_conn_put(conn);
179}
180
1aef8669 181static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 182{
183 struct hci_dev *hdev = conn->hdev;
184 struct inquiry_entry *ie;
185 struct hci_cp_create_conn cp;
186
42d2d87c 187 BT_DBG("hcon %p", conn);
1da177e4 188
89e65975
SS		 189 /* Many controllers disallow HCI Create Connection while it is doing
190 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
191 * Connection. This may cause the MGMT discovering state to become false
192 * without user space's request but it is okay since the MGMT Discovery
193 * APIs do not promise that discovery should be done forever. Instead,
194 * the user space monitors the status of MGMT discovering and it may
195 * request for discovery again when this flag becomes false.
196 */
197 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
198 /* Put this connection to "pending" state so that it will be
199 * executed after the inquiry cancel command complete event.
200 */
201 conn->state = BT_CONNECT2;
202 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
203 return;
204 }
205
1da177e4 206 conn->state = BT_CONNECT;
a0c808b3 207 conn->out = true;
40bef302 208 conn->role = HCI_ROLE_MASTER;
1da177e4 209
4c67bc74
MH		 210 conn->attempt++;
211
e4e8e37c
MH		 212 conn->link_policy = hdev->link_policy;
213
1da177e4
LT		 214 memset(&cp, 0, sizeof(cp));
215 bacpy(&cp.bdaddr, &conn->dst);
216 cp.pscan_rep_mode = 0x02;
217
70f23020
AE		 218 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
219 if (ie) {
41a96212
MH		 220 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
221 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
222 cp.pscan_mode = ie->data.pscan_mode;
223 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 224 cpu_to_le16(0x8000);
41a96212
MH		 225 }
226
1da177e4
LT		 227 memcpy(conn->dev_class, ie->data.dev_class, 3);
228 }
229
a8746417 230 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 231 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 232 cp.role_switch = 0x01;
1da177e4 233 else
b6a0dc82 234 cp.role_switch = 0x00;
4c67bc74 235
a9de9248 236 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 237}
238
e3b679d5 239int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4 240{
38b3fef1 241 BT_DBG("hcon %p", conn);
1da177e4 242
74be523c 243 /* When we are central of an established connection and it enters
839035a7
JH		 244 * the disconnect timeout, then go ahead and try to read the
245 * current clock offset. Processing of the result is done
246 * within the event handling and hci_clock_offset_evt function.
247 */
88d07feb
JH		 248 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
249 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
839035a7 250 struct hci_dev *hdev = conn->hdev;
4f639ede 251 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 252
4f639ede
FF		 253 clkoff_cp.handle = cpu_to_le16(conn->handle);
254 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
255 &clkoff_cp);
839035a7
JH		 256 }
257
88d07feb 258 return hci_abort_conn(conn, reason);
1da177e4
LT		 259}
260
57f5d0d1 261static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 262{
263 struct hci_dev *hdev = conn->hdev;
264 struct hci_cp_add_sco cp;
265
38b3fef1 266 BT_DBG("hcon %p", conn);
1da177e4
LT		 267
268 conn->state = BT_CONNECT;
a0c808b3 269 conn->out = true;
1da177e4 270
efc7688b
MH		 271 conn->attempt++;
272
aca3192c 273 cp.handle = cpu_to_le16(handle);
a8746417 274 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 275
a9de9248 276 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 277}
278
8b1c324c
YL		 279static bool find_next_esco_param(struct hci_conn *conn,
280 const struct sco_param *esco_param, int size)
281{
06149746
LAD		 282 if (!conn->parent)
283 return false;
284
8b1c324c 285 for (; conn->attempt <= size; conn->attempt++) {
06149746 286 if (lmp_esco_2m_capable(conn->parent) ||
8b1c324c
YL		 287 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
288 break;
289 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
290 conn, conn->attempt);
291 }
292
293 return conn->attempt <= size;
294}
295
e07a06b4 296static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
b2af264a 297{
e07a06b4
BG		 298 int err;
299 __u8 vnd_len, *vnd_data = NULL;
300 struct hci_op_configure_data_path *cmd = NULL;
301
302 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
303 &vnd_data);
304 if (err < 0)
305 goto error;
306
307 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
308 if (!cmd) {
309 err = -ENOMEM;
310 goto error;
311 }
312
313 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
314 if (err < 0)
315 goto error;
316
317 cmd->vnd_len = vnd_len;
318 memcpy(cmd->vnd_data, vnd_data, vnd_len);
319
320 cmd->direction = 0x00;
321 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
322 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
323
324 cmd->direction = 0x01;
325 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
326 sizeof(*cmd) + vnd_len, cmd,
327 HCI_CMD_TIMEOUT);
328error:
329
330 kfree(cmd);
331 kfree(vnd_data);
332 return err;
333}
334
335static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
336{
337 struct conn_handle_t *conn_handle = data;
338 struct hci_conn *conn = conn_handle->conn;
339 __u16 handle = conn_handle->handle;
b2af264a
K		 340 struct hci_cp_enhanced_setup_sync_conn cp;
341 const struct sco_param *param;
342
e07a06b4
BG		 343 kfree(conn_handle);
344
b2af264a
K		 345 bt_dev_dbg(hdev, "hcon %p", conn);
346
9798fbde
K		 347 /* for offload use case, codec needs to configured before opening SCO */
348 if (conn->codec.data_path)
e07a06b4 349 configure_datapath_sync(hdev, &conn->codec);
9798fbde 350
b2af264a
K		 351 conn->state = BT_CONNECT;
352 conn->out = true;
353
354 conn->attempt++;
355
356 memset(&cp, 0x00, sizeof(cp));
357
358 cp.handle = cpu_to_le16(handle);
359
360 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
361 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
362
363 switch (conn->codec.id) {
904c139a
K		 364 case BT_CODEC_MSBC:
365 if (!find_next_esco_param(conn, esco_param_msbc,
366 ARRAY_SIZE(esco_param_msbc)))
e07a06b4 367 return -EINVAL;
904c139a
K		 368
369 param = &esco_param_msbc[conn->attempt - 1];
370 cp.tx_coding_format.id = 0x05;
371 cp.rx_coding_format.id = 0x05;
372 cp.tx_codec_frame_size = __cpu_to_le16(60);
373 cp.rx_codec_frame_size = __cpu_to_le16(60);
374 cp.in_bandwidth = __cpu_to_le32(32000);
375 cp.out_bandwidth = __cpu_to_le32(32000);
376 cp.in_coding_format.id = 0x04;
377 cp.out_coding_format.id = 0x04;
378 cp.in_coded_data_size = __cpu_to_le16(16);
379 cp.out_coded_data_size = __cpu_to_le16(16);
380 cp.in_pcm_data_format = 2;
381 cp.out_pcm_data_format = 2;
382 cp.in_pcm_sample_payload_msb_pos = 0;
383 cp.out_pcm_sample_payload_msb_pos = 0;
384 cp.in_data_path = conn->codec.data_path;
385 cp.out_data_path = conn->codec.data_path;
386 cp.in_transport_unit_size = 1;
387 cp.out_transport_unit_size = 1;
388 break;
389
b2af264a
K		 390 case BT_CODEC_TRANSPARENT:
391 if (!find_next_esco_param(conn, esco_param_msbc,
392 ARRAY_SIZE(esco_param_msbc)))
393 return false;
394 param = &esco_param_msbc[conn->attempt - 1];
395 cp.tx_coding_format.id = 0x03;
396 cp.rx_coding_format.id = 0x03;
397 cp.tx_codec_frame_size = __cpu_to_le16(60);
398 cp.rx_codec_frame_size = __cpu_to_le16(60);
399 cp.in_bandwidth = __cpu_to_le32(0x1f40);
400 cp.out_bandwidth = __cpu_to_le32(0x1f40);
401 cp.in_coding_format.id = 0x03;
402 cp.out_coding_format.id = 0x03;
403 cp.in_coded_data_size = __cpu_to_le16(16);
404 cp.out_coded_data_size = __cpu_to_le16(16);
405 cp.in_pcm_data_format = 2;
406 cp.out_pcm_data_format = 2;
407 cp.in_pcm_sample_payload_msb_pos = 0;
408 cp.out_pcm_sample_payload_msb_pos = 0;
409 cp.in_data_path = conn->codec.data_path;
410 cp.out_data_path = conn->codec.data_path;
411 cp.in_transport_unit_size = 1;
412 cp.out_transport_unit_size = 1;
413 break;
414
415 case BT_CODEC_CVSD:
06149746 416 if (conn->parent && lmp_esco_capable(conn->parent)) {
b2af264a
K		 417 if (!find_next_esco_param(conn, esco_param_cvsd,
418 ARRAY_SIZE(esco_param_cvsd)))
e07a06b4 419 return -EINVAL;
b2af264a
K		 420 param = &esco_param_cvsd[conn->attempt - 1];
421 } else {
422 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
e07a06b4 423 return -EINVAL;
b2af264a
K		 424 param = &sco_param_cvsd[conn->attempt - 1];
425 }
426 cp.tx_coding_format.id = 2;
427 cp.rx_coding_format.id = 2;
428 cp.tx_codec_frame_size = __cpu_to_le16(60);
429 cp.rx_codec_frame_size = __cpu_to_le16(60);
430 cp.in_bandwidth = __cpu_to_le32(16000);
431 cp.out_bandwidth = __cpu_to_le32(16000);
432 cp.in_coding_format.id = 4;
433 cp.out_coding_format.id = 4;
434 cp.in_coded_data_size = __cpu_to_le16(16);
435 cp.out_coded_data_size = __cpu_to_le16(16);
436 cp.in_pcm_data_format = 2;
437 cp.out_pcm_data_format = 2;
438 cp.in_pcm_sample_payload_msb_pos = 0;
439 cp.out_pcm_sample_payload_msb_pos = 0;
440 cp.in_data_path = conn->codec.data_path;
441 cp.out_data_path = conn->codec.data_path;
442 cp.in_transport_unit_size = 16;
443 cp.out_transport_unit_size = 16;
444 break;
445 default:
e07a06b4 446 return -EINVAL;
b2af264a
K		 447 }
448
449 cp.retrans_effort = param->retrans_effort;
450 cp.pkt_type = __cpu_to_le16(param->pkt_type);
451 cp.max_latency = __cpu_to_le16(param->max_latency);
452
453 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
e07a06b4 454 return -EIO;
b2af264a 455
e07a06b4 456 return 0;
b2af264a
K		 457}
458
459static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 460{
461 struct hci_dev *hdev = conn->hdev;
462 struct hci_cp_setup_sync_conn cp;
2dea632f 463 const struct sco_param *param;
b6a0dc82 464
b2af264a 465 bt_dev_dbg(hdev, "hcon %p", conn);
b6a0dc82
MH		 466
467 conn->state = BT_CONNECT;
a0c808b3 468 conn->out = true;
b6a0dc82 469
efc7688b
MH		 470 conn->attempt++;
471
b6a0dc82 472 cp.handle = cpu_to_le16(handle);
b6a0dc82 473
dcf4adbf
JP		 474 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
475 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 476 cp.voice_setting = cpu_to_le16(conn->setting);
477
478 switch (conn->setting & SCO_AIRMODE_MASK) {
479 case SCO_AIRMODE_TRANSP:
8b1c324c
YL		 480 if (!find_next_esco_param(conn, esco_param_msbc,
481 ARRAY_SIZE(esco_param_msbc)))
2dea632f 482 return false;
565766b0 483 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 484 break;
485 case SCO_AIRMODE_CVSD:
06149746 486 if (conn->parent && lmp_esco_capable(conn->parent)) {
8b1c324c
YL		 487 if (!find_next_esco_param(conn, esco_param_cvsd,
488 ARRAY_SIZE(esco_param_cvsd)))
48e68ff5 489 return false;
48e68ff5
BT		 490 param = &esco_param_cvsd[conn->attempt - 1];
491 } else {
492 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
493 return false;
48e68ff5
BT		 494 param = &sco_param_cvsd[conn->attempt - 1];
495 }
10c62ddc 496 break;
2dea632f
FD		 497 default:
498 return false;
10c62ddc 499 }
b6a0dc82 500
c7da5797 501 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 502 cp.pkt_type = __cpu_to_le16(param->pkt_type);
503 cp.max_latency = __cpu_to_le16(param->max_latency);
504
505 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
506 return false;
507
508 return true;
b6a0dc82
MH		 509}
510
b2af264a
K		 511bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
512{
e07a06b4
BG		 513 int result;
514 struct conn_handle_t *conn_handle;
515
516 if (enhanced_sync_conn_capable(conn->hdev)) {
517 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
518
519 if (!conn_handle)
520 return false;
521
522 conn_handle->conn = conn;
523 conn_handle->handle = handle;
524 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
525 conn_handle, NULL);
526 if (result < 0)
527 kfree(conn_handle);
528
529 return result == 0;
530 }
b2af264a
K		 531
532 return hci_setup_sync_conn(conn, handle);
533}
534
7d6ca693
JH		 535u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
536 u16 to_multiplier)
2ce603eb 537{
2ce603eb 538 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 539 struct hci_conn_params *params;
540 struct hci_cp_le_conn_update cp;
2ce603eb 541
f044eb05 542 hci_dev_lock(hdev);
2ce603eb 543
f044eb05
MH		 544 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
545 if (params) {
546 params->conn_min_interval = min;
547 params->conn_max_interval = max;
548 params->conn_latency = latency;
549 params->supervision_timeout = to_multiplier;
550 }
551
552 hci_dev_unlock(hdev);
553
554 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 555 cp.handle = cpu_to_le16(conn->handle);
556 cp.conn_interval_min = cpu_to_le16(min);
557 cp.conn_interval_max = cpu_to_le16(max);
558 cp.conn_latency = cpu_to_le16(latency);
559 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 560 cp.min_ce_len = cpu_to_le16(0x0000);
561 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 562
563 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 564
565 if (params)
566 return 0x01;
567
568 return 0x00;
2ce603eb 569}
2ce603eb 570
fe39c7b2 571void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
8b76ce34 572 __u8 ltk[16], __u8 key_size)
a7a595f6
VCG		 573{
574 struct hci_dev *hdev = conn->hdev;
575 struct hci_cp_le_start_enc cp;
576
38b3fef1 577 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 578
579 memset(&cp, 0, sizeof(cp));
580
581 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 582 cp.rand = rand;
a7a595f6 583 cp.ediv = ediv;
8b76ce34 584 memcpy(cp.ltk, ltk, key_size);
a7a595f6
VCG		 585
586 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
587}
a7a595f6 588
e73439d8
MH		 589/* Device _must_ be locked */
590void hci_sco_setup(struct hci_conn *conn, __u8 status)
591{
06149746 592 struct hci_link *link;
e73439d8 593
06149746
LAD		 594 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
595 if (!link || !link->conn)
e73439d8
MH		 596 return;
597
38b3fef1
AE		 598 BT_DBG("hcon %p", conn);
599
e73439d8
MH		 600 if (!status) {
601 if (lmp_esco_capable(conn->hdev))
06149746 602 hci_setup_sync(link->conn, conn->handle);
e73439d8 603 else
06149746 604 hci_add_sco(link->conn, conn->handle);
e73439d8 605 } else {
06149746
LAD		 606 hci_connect_cfm(link->conn, status);
607 hci_conn_del(link->conn);
e73439d8
MH		 608 }
609}
610
19c40e3b 611static void hci_conn_timeout(struct work_struct *work)
1da177e4 612{
19c40e3b 613 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 614 disc_work.work);
1d56dc4f 615 int refcnt = atomic_read(&conn->refcnt);
1da177e4 616
38b3fef1 617 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 618
1d56dc4f
LR		 619 WARN_ON(refcnt < 0);
620
621 /* FIXME: It was observed that in pairing failed scenario, refcnt
622 * drops below 0. Probably this is because l2cap_conn_del calls
623 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
624 * dropped. After that loop hci_chan_del is called which also drops
625 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
626 * otherwise drop it.
627 */
628 if (refcnt > 0)
1da177e4
LT		 629 return;
630
89e0ccc8 631 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
1da177e4
LT		 632}
633
416dc94b 634/* Enter sniff mode */
a74a84f6 635static void hci_conn_idle(struct work_struct *work)
416dc94b 636{
a74a84f6
JH		 637 struct hci_conn *conn = container_of(work, struct hci_conn,
638 idle_work.work);
416dc94b
GP		 639 struct hci_dev *hdev = conn->hdev;
640
38b3fef1 641 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 642
416dc94b
GP		 643 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
644 return;
645
646 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
647 return;
648
649 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
650 struct hci_cp_sniff_subrate cp;
651 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 652 cp.max_latency = cpu_to_le16(0);
653 cp.min_remote_timeout = cpu_to_le16(0);
654 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 655 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
656 }
657
51a8efd7 658 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 659 struct hci_cp_sniff_mode cp;
660 cp.handle = cpu_to_le16(conn->handle);
661 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
662 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 663 cp.attempt = cpu_to_le16(4);
664 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 665 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
666 }
667}
668
7bc18d9d 669static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 670{
7bc18d9d
JH		 671 struct hci_conn *conn = container_of(work, struct hci_conn,
672 auto_accept_work.work);
9f61656a 673
7bc18d9d 674 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 675 &conn->dst);
9f61656a
JH		 676}
677
c3bed4de
SN		 678static void le_disable_advertising(struct hci_dev *hdev)
679{
680 if (ext_adv_capable(hdev)) {
681 struct hci_cp_le_set_ext_adv_enable cp;
682
683 cp.enable = 0x00;
684 cp.num_of_sets = 0x00;
685
686 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
687 &cp);
688 } else {
689 u8 enable = 0x00;
690 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
691 &enable);
692 }
693}
694
9489eca4
JH		 695static void le_conn_timeout(struct work_struct *work)
696{
697 struct hci_conn *conn = container_of(work, struct hci_conn,
698 le_conn_timeout.work);
3c857757 699 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 700
701 BT_DBG("");
702
3c857757
JH		 703 /* We could end up here due to having done directed advertising,
704 * so clean up the state if necessary. This should however only
705 * happen with broken hardware or if low duty cycle was used
706 * (which doesn't have a timeout of its own).
707 */
0b1db38c 708 if (conn->role == HCI_ROLE_SLAVE) {
c3bed4de
SN		 709 /* Disable LE Advertising */
710 le_disable_advertising(hdev);
9fa6b4cd 711 hci_dev_lock(hdev);
9b3628d7 712 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
9fa6b4cd 713 hci_dev_unlock(hdev);
3c857757
JH		 714 return;
715 }
716
89e0ccc8 717 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
9489eca4
JH		 718}
719
6b9545dc
PV		 720struct iso_cig_params {
721 struct hci_cp_le_set_cig_params cp;
722 struct hci_cis_params cis[0x1f];
723};
724
eca0ae4a
LAD		 725struct iso_list_data {
726 union {
727 u8 cig;
728 u8 big;
729 };
730 union {
731 u8 cis;
732 u8 bis;
733 u16 sync_handle;
734 };
735 int count;
a0bfde16 736 bool big_term;
fbdc4bc4 737 bool pa_sync_term;
f777d882 738 bool big_sync_term;
eca0ae4a
LAD		 739};
740
741static void bis_list(struct hci_conn *conn, void *data)
742{
743 struct iso_list_data *d = data;
744
745 /* Skip if not broadcast/ANY address */
746 if (bacmp(&conn->dst, BDADDR_ANY))
747 return;
748
0fe8c8d0
IT		 749 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
750 d->bis != conn->iso_qos.bcast.bis)
eca0ae4a
LAD		 751 return;
752
753 d->count++;
754}
755
eca0ae4a
LAD		 756static int terminate_big_sync(struct hci_dev *hdev, void *data)
757{
758 struct iso_list_data *d = data;
759
760 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
761
a254b90c 762 hci_disable_per_advertising_sync(hdev, d->bis);
eca0ae4a
LAD		 763 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
764
a0bfde16
IT		 765 /* Only terminate BIG if it has been created */
766 if (!d->big_term)
eca0ae4a
LAD		 767 return 0;
768
769 return hci_le_terminate_big_sync(hdev, d->big,
770 HCI_ERROR_LOCAL_HOST_TERM);
771}
772
773static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
774{
775 kfree(data);
776}
777
a0bfde16 778static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
eca0ae4a
LAD		 779{
780 struct iso_list_data *d;
3aa21311 781 int ret;
eca0ae4a 782
a0bfde16
IT		 783 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
784 conn->iso_qos.bcast.bis);
eca0ae4a 785
3958e877 786 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 787 if (!d)
788 return -ENOMEM;
789
a0bfde16
IT		 790 d->big = conn->iso_qos.bcast.big;
791 d->bis = conn->iso_qos.bcast.bis;
792 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
eca0ae4a 793
3aa21311
ZS		 794 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
795 terminate_big_destroy);
796 if (ret)
797 kfree(d);
798
799 return ret;
eca0ae4a
LAD		 800}
801
802static int big_terminate_sync(struct hci_dev *hdev, void *data)
803{
804 struct iso_list_data *d = data;
805
806 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
807 d->sync_handle);
808
f777d882
IT		 809 if (d->big_sync_term)
810 hci_le_big_terminate_sync(hdev, d->big);
eca0ae4a 811
fbdc4bc4
IT		 812 if (d->pa_sync_term)
813 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
814
815 return 0;
eca0ae4a
LAD		 816}
817
f777d882 818static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
eca0ae4a
LAD		 819{
820 struct iso_list_data *d;
3aa21311 821 int ret;
eca0ae4a 822
f777d882 823 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
eca0ae4a 824
3958e877 825 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 826 if (!d)
827 return -ENOMEM;
828
eca0ae4a 829 d->big = big;
f777d882 830 d->sync_handle = conn->sync_handle;
fbdc4bc4 831 d->pa_sync_term = test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags);
f777d882 832 d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags);
eca0ae4a 833
3aa21311
ZS		 834 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
835 terminate_big_destroy);
836 if (ret)
837 kfree(d);
838
839 return ret;
eca0ae4a
LAD		 840}
841
842/* Cleanup BIS connection
843 *
844 * Detects if there any BIS left connected in a BIG
845 * broadcaster: Remove advertising instance and terminate BIG.
846 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
847 */
848static void bis_cleanup(struct hci_conn *conn)
849{
850 struct hci_dev *hdev = conn->hdev;
a0bfde16 851 struct hci_conn *bis;
eca0ae4a
LAD		 852
853 bt_dev_dbg(hdev, "conn %p", conn);
854
855 if (conn->role == HCI_ROLE_MASTER) {
856 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
857 return;
858
a0bfde16
IT		 859 /* Check if ISO connection is a BIS and terminate advertising
860 * set and BIG if there are no other connections using it.
861 */
6a42e9bf 862 bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
a0bfde16
IT		 863 if (bis)
864 return;
865
866 hci_le_terminate_big(hdev, conn);
eca0ae4a 867 } else {
f777d882
IT		 868 bis = hci_conn_hash_lookup_big_any_dst(hdev,
869 conn->iso_qos.bcast.big);
870
871 if (bis)
872 return;
873
0fe8c8d0 874 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
f777d882 875 conn);
eca0ae4a
LAD		 876 }
877}
878
879static int remove_cig_sync(struct hci_dev *hdev, void *data)
880{
a1f6c3ae 881 u8 handle = PTR_UINT(data);
eca0ae4a
LAD		 882
883 return hci_le_remove_cig_sync(hdev, handle);
884}
885
886static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
887{
888 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
889
a1f6c3ae
LAD		 890 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
891 NULL);
eca0ae4a
LAD		 892}
893
894static void find_cis(struct hci_conn *conn, void *data)
895{
896 struct iso_list_data *d = data;
897
31c5f916
PV		 898 /* Ignore broadcast or if CIG don't match */
899 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
eca0ae4a
LAD		 900 return;
901
902 d->count++;
903}
904
905/* Cleanup CIS connection:
906 *
907 * Detects if there any CIS left connected in a CIG and remove it.
908 */
909static void cis_cleanup(struct hci_conn *conn)
910{
911 struct hci_dev *hdev = conn->hdev;
912 struct iso_list_data d;
913
31c5f916
PV		 914 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
915 return;
916
eca0ae4a 917 memset(&d, 0, sizeof(d));
0fe8c8d0 918 d.cig = conn->iso_qos.ucast.cig;
eca0ae4a
LAD		 919
920 /* Check if ISO connection is a CIS and remove CIG if there are
921 * no other connections using it.
922 */
6c242c64
PV		 923 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
924 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
eca0ae4a
LAD		 925 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
926 if (d.count)
927 return;
928
0fe8c8d0 929 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
eca0ae4a
LAD		 930}
931
9f78191c
LAD		 932static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev)
933{
934 struct hci_conn_hash *h = &hdev->conn_hash;
935 struct hci_conn *c;
936 u16 handle = HCI_CONN_HANDLE_MAX + 1;
937
938 rcu_read_lock();
939
940 list_for_each_entry_rcu(c, &h->list, list) {
941 /* Find the first unused handle */
942 if (handle == 0xffff || c->handle != handle)
943 break;
944 handle++;
945 }
946 rcu_read_unlock();
947
948 return handle;
949}
950
a5c4e309
JH		 951struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
952 u8 role)
1da177e4
LT		 953{
954 struct hci_conn *conn;
955
6ed93dc6 956 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 957
27f70f3e 958 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 959 if (!conn)
1da177e4 960 return NULL;
1da177e4
LT		 961
962 bacpy(&conn->dst, dst);
662e8820 963 bacpy(&conn->src, &hdev->bdaddr);
9f78191c 964 conn->handle = hci_conn_hash_alloc_unset(hdev);
a8746417
MH		 965 conn->hdev = hdev;
966 conn->type = type;
a5c4e309 967 conn->role = role;
a8746417
MH		 968 conn->mode = HCI_CM_ACTIVE;
969 conn->state = BT_OPEN;
93f19c9f 970 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 971 conn->io_capability = hdev->io_capability;
a9583556 972 conn->remote_auth = 0xff;
13d39315 973 conn->key_type = 0xff;
ebf86aa3 974 conn->rssi = HCI_RSSI_INVALID;
5a134fae 975 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 976 conn->max_tx_power = HCI_TX_POWER_INVALID;
1d11d70d 977 conn->sync_handle = HCI_SYNC_HANDLE_INVALID;
1da177e4 978
58a681ef 979 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 980 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 981
302975cb
SRK		 982 /* Set Default Authenticated payload timeout to 30s */
983 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
984
a5c4e309
JH		 985 if (conn->role == HCI_ROLE_MASTER)
986 conn->out = true;
987
a8746417
MH		 988 switch (type) {
989 case ACL_LINK:
990 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
991 break;
9c84d1da 992 case LE_LINK:
eca0ae4a
LAD		 993 /* conn->src should reflect the local identity address */
994 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
995 break;
26afbd82 996 case ISO_LINK:
9c84d1da
JH		 997 /* conn->src should reflect the local identity address */
998 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
eca0ae4a
LAD		 999
1000 /* set proper cleanup function */
1001 if (!bacmp(dst, BDADDR_ANY))
1002 conn->cleanup = bis_cleanup;
1003 else if (conn->role == HCI_ROLE_MASTER)
1004 conn->cleanup = cis_cleanup;
1005
9c84d1da 1006 break;
a8746417
MH		 1007 case SCO_LINK:
1008 if (lmp_esco_capable(hdev))
efc7688b
MH		 1009 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1010 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 1011 else
1012 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1013 break;
1014 case ESCO_LINK:
efc7688b 1015 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 1016 break;
1017 }
1018
1da177e4 1019 skb_queue_head_init(&conn->data_q);
04837f64 1020
70c1f20b 1021 INIT_LIST_HEAD(&conn->chan_list);
06149746 1022 INIT_LIST_HEAD(&conn->link_list);
73d80deb 1023
19c40e3b 1024 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 1025 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 1026 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 1027 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 1028
1029 atomic_set(&conn->refcnt, 0);
1030
1031 hci_dev_hold(hdev);
1032
1da177e4 1033 hci_conn_hash_add(hdev, conn);
1f8330ea
SN		 1034
1035 /* The SCO and eSCO connections will only be notified when their
1036 * setup has been completed. This is different to ACL links which
1037 * can be notified right away.
1038 */
1039 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1040 if (hdev->notify)
1041 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1042 }
1da177e4 1043
a67e899c
MH		 1044 hci_conn_init_sysfs(conn);
1045
1da177e4
LT		 1046 return conn;
1047}
1048
3344d318
PV		 1049static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason)
1050{
1051 if (!reason)
1052 reason = HCI_ERROR_REMOTE_USER_TERM;
1053
1054 /* Due to race, SCO/ISO conn might be not established yet at this point,
1055 * and nothing else will clean it up. In other cases it is done via HCI
1056 * events.
1057 */
1058 switch (conn->type) {
1059 case SCO_LINK:
1060 case ESCO_LINK:
1061 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1062 hci_conn_failed(conn, reason);
1063 break;
1064 case ISO_LINK:
1065 if (conn->state != BT_CONNECTED &&
1066 !test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
1067 hci_conn_failed(conn, reason);
1068 break;
1069 }
1070}
1071
06149746 1072static void hci_conn_unlink(struct hci_conn *conn)
5dc7d23e 1073{
06149746
LAD		 1074 struct hci_dev *hdev = conn->hdev;
1075
1076 bt_dev_dbg(hdev, "hcon %p", conn);
1077
1078 if (!conn->parent) {
1079 struct hci_link *link, *t;
1080
ca1fd42e
RL		 1081 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1082 struct hci_conn *child = link->conn;
1083
1084 hci_conn_unlink(child);
1085
a2ac591c
RL		 1086 /* If hdev is down it means
1087 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1088 * and links don't need to be cleanup as all connections
1089 * would be cleanup.
1090 */
1091 if (!test_bit(HCI_UP, &hdev->flags))
1092 continue;
1093
3344d318 1094 hci_conn_cleanup_child(child, conn->abort_reason);
ca1fd42e 1095 }
06149746
LAD		 1096
1097 return;
1098 }
1099
5dc7d23e 1100 if (!conn->link)
06149746 1101 return;
5dc7d23e 1102
06149746
LAD		 1103 list_del_rcu(&conn->link->list);
1104 synchronize_rcu();
1105
a2904d28 1106 hci_conn_drop(conn->parent);
2910431a
RL		 1107 hci_conn_put(conn->parent);
1108 conn->parent = NULL;
1109
06149746 1110 kfree(conn->link);
5dc7d23e 1111 conn->link = NULL;
5dc7d23e
LAD		 1112}
1113
a2ac591c 1114void hci_conn_del(struct hci_conn *conn)
1da177e4
LT		 1115{
1116 struct hci_dev *hdev = conn->hdev;
1117
38b3fef1 1118 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 1119
a2904d28
RL		 1120 hci_conn_unlink(conn);
1121
19c40e3b 1122 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 1123 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 1124 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 1125
5b7f9909 1126 if (conn->type == ACL_LINK) {
1da177e4
LT		 1127 /* Unacked frames */
1128 hdev->acl_cnt += conn->sent;
6ed58ec5 1129 } else if (conn->type == LE_LINK) {
980ffc0a 1130 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 1131
6ed58ec5
VT		 1132 if (hdev->le_pkts)
1133 hdev->le_cnt += conn->sent;
1134 else
1135 hdev->acl_cnt += conn->sent;
5b7f9909 1136 } else {
5638d9ea
LAD		 1137 /* Unacked ISO frames */
1138 if (conn->type == ISO_LINK) {
1139 if (hdev->iso_pkts)
1140 hdev->iso_cnt += conn->sent;
1141 else if (hdev->le_pkts)
1142 hdev->le_cnt += conn->sent;
1143 else
1144 hdev->acl_cnt += conn->sent;
1145 }
1da177e4
LT		 1146 }
1147
9740e49d
AE		 1148 if (conn->amp_mgr)
1149 amp_mgr_put(conn->amp_mgr);
1150
1da177e4 1151 skb_queue_purge(&conn->data_q);
1da177e4 1152
b958f9a3
JH		 1153 /* Remove the connection from the list and cleanup its remaining
1154 * state. This is a separate function since for some cases like
1155 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1156 * rest of hci_conn_del.
1157 */
1158 hci_conn_cleanup(conn);
1da177e4
LT		 1159}
1160
39385cb5 1161struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1da177e4
LT		 1162{
1163 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 1164 struct hci_dev *hdev = NULL, *d;
1da177e4 1165
6ed93dc6 1166 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 1167
f20d09d5 1168 read_lock(&hci_dev_list_lock);
1da177e4 1169
8035ded4 1170 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 1171 if (!test_bit(HCI_UP, &d->flags) ||
d7a5a11d 1172 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
ca8bee5d 1173 d->dev_type != HCI_PRIMARY)
1da177e4
LT		 1174 continue;
1175
8e87d142 1176 /* Simple routing:
1da177e4
LT		 1177 * No source address - find interface with bdaddr != dst
1178 * Source address - find interface with bdaddr == src
1179 */
1180
1181 if (use_src) {
39385cb5
JH		 1182 bdaddr_t id_addr;
1183 u8 id_addr_type;
1184
1185 if (src_type == BDADDR_BREDR) {
1186 if (!lmp_bredr_capable(d))
1187 continue;
1188 bacpy(&id_addr, &d->bdaddr);
1189 id_addr_type = BDADDR_BREDR;
1190 } else {
1191 if (!lmp_le_capable(d))
1192 continue;
1193
1194 hci_copy_identity_address(d, &id_addr,
1195 &id_addr_type);
1196
1197 /* Convert from HCI to three-value type */
1198 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1199 id_addr_type = BDADDR_LE_PUBLIC;
1200 else
1201 id_addr_type = BDADDR_LE_RANDOM;
1202 }
1203
1204 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1da177e4
LT		 1205 hdev = d; break;
1206 }
1207 } else {
1208 if (bacmp(&d->bdaddr, dst)) {
1209 hdev = d; break;
1210 }
1211 }
1212 }
1213
1214 if (hdev)
1215 hdev = hci_dev_hold(hdev);
1216
f20d09d5 1217 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 1218 return hdev;
1219}
1220EXPORT_SYMBOL(hci_get_route);
1221
9bb3c01f 1222/* This function requires the caller holds hdev->lock */
9b3628d7 1223static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 1224{
1225 struct hci_dev *hdev = conn->hdev;
f161dd41 1226
19cf60bf 1227 hci_connect_le_scan_cleanup(conn, status);
3c857757 1228
abfeea47 1229 /* Enable advertising in case this was a failed connection
3c857757
JH		 1230 * attempt as a peripheral.
1231 */
abfeea47 1232 hci_enable_advertising(hdev);
9bb3c01f
AG		 1233}
1234
9b3628d7
LAD		 1235/* This function requires the caller holds hdev->lock */
1236void hci_conn_failed(struct hci_conn *conn, u8 status)
1237{
1238 struct hci_dev *hdev = conn->hdev;
1239
1240 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1241
1242 switch (conn->type) {
1243 case LE_LINK:
1244 hci_le_conn_failed(conn, status);
1245 break;
1246 case ACL_LINK:
1247 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1248 conn->dst_type, status);
1249 break;
1250 }
1251
a254b90c
IT		 1252 /* In case of BIG/PA sync failed, clear conn flags so that
1253 * the conns will be correctly cleaned up by ISO layer
1254 */
1255 test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags);
1256 test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags);
1257
9b3628d7
LAD		 1258 conn->state = BT_CLOSED;
1259 hci_connect_cfm(conn, status);
1260 hci_conn_del(conn);
1261}
1262
16e3b642
LAD		 1263/* This function requires the caller holds hdev->lock */
1264u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1265{
1266 struct hci_dev *hdev = conn->hdev;
1267
1268 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1269
1270 if (conn->handle == handle)
1271 return 0;
1272
1273 if (handle > HCI_CONN_HANDLE_MAX) {
1274 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1275 handle, HCI_CONN_HANDLE_MAX);
1276 return HCI_ERROR_INVALID_PARAMETERS;
1277 }
1278
1279 /* If abort_reason has been sent it means the connection is being
1280 * aborted and the handle shall not be changed.
1281 */
1282 if (conn->abort_reason)
1283 return conn->abort_reason;
1284
1285 conn->handle = handle;
1286
1287 return 0;
1288}
1289
8e8b92ee 1290static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1d399ae5 1291{
04a51d61 1292 struct hci_conn *conn;
a1f6c3ae 1293 u16 handle = PTR_UINT(data);
04a51d61
LAD		 1294
1295 conn = hci_conn_hash_lookup_handle(hdev, handle);
1296 if (!conn)
1297 return;
1d399ae5 1298
b62e7220
LAD		 1299 bt_dev_dbg(hdev, "err %d", err);
1300
28a667c9
JP		 1301 hci_dev_lock(hdev);
1302
8e8b92ee 1303 if (!err) {
19cf60bf 1304 hci_connect_le_scan_cleanup(conn, 0x00);
28a667c9
JP		 1305 goto done;
1306 }
1d399ae5 1307
c9f73a21
LAD		 1308 /* Check if connection is still pending */
1309 if (conn != hci_lookup_le_connect(hdev))
1d399ae5
AG		 1310 goto done;
1311
5cd39700
AP		 1312 /* Flush to make sure we send create conn cancel command if needed */
1313 flush_delayed_work(&conn->le_conn_timeout);
a86ddbff 1314 hci_conn_failed(conn, bt_status(err));
1d399ae5
AG		 1315
1316done:
1317 hci_dev_unlock(hdev);
1318}
1319
8e8b92ee 1320static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
3c857757 1321{
04a51d61 1322 struct hci_conn *conn;
a1f6c3ae 1323 u16 handle = PTR_UINT(data);
04a51d61
LAD		 1324
1325 conn = hci_conn_hash_lookup_handle(hdev, handle);
1326 if (!conn)
1327 return 0;
075e40b7 1328
8e8b92ee 1329 bt_dev_dbg(hdev, "conn %p", conn);
3c857757 1330
3a15324f 1331 clear_bit(HCI_CONN_SCANNING, &conn->flags);
04a51d61
LAD		 1332 conn->state = BT_CONNECT;
1333
8e8b92ee 1334 return hci_le_create_conn_sync(hdev, conn);
3c857757
JH		 1335}
1336
04a6c589 1337struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
d850bf08 1338 u8 dst_type, bool dst_resolved, u8 sec_level,
8e8b92ee 1339 u16 conn_timeout, u8 role)
1da177e4 1340{
e2caced4 1341 struct hci_conn *conn;
1ebfcc1f 1342 struct smp_irk *irk;
1d399ae5 1343 int err;
1da177e4 1344
152d386e 1345 /* Let's make sure that le is enabled.*/
d7a5a11d 1346 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
152d386e
LR		 1347 if (lmp_le_capable(hdev))
1348 return ERR_PTR(-ECONNREFUSED);
1349
1350 return ERR_PTR(-EOPNOTSUPP);
1351 }
1352
658aead9
JH		 1353 /* Since the controller supports only one LE connection attempt at a
1354 * time, we return -EBUSY if there is any connection attempt running.
1355 */
1356 if (hci_lookup_le_connect(hdev))
1357 return ERR_PTR(-EBUSY);
1358
e2caced4
JH		 1359 /* If there's already a connection object but it's not in
1360 * scanning state it means it must already be established, in
1361 * which case we can't do anything else except report a failure
1362 * to connect.
620ad521 1363 */
9d4c1cc1 1364 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
e2caced4
JH		 1365 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1366 return ERR_PTR(-EBUSY);
620ad521 1367 }
dfc94dbd 1368
d850bf08
LAD		 1369 /* Check if the destination address has been resolved by the controller
1370 * since if it did then the identity address shall be used.
edb4b466 1371 */
d850bf08
LAD		 1372 if (!dst_resolved) {
1373 /* When given an identity address with existing identity
1374 * resolving key, the connection needs to be established
1375 * to a resolvable random address.
1376 *
1377 * Storing the resolvable random address is required here
1378 * to handle connection failures. The address will later
1379 * be resolved back into the original identity address
1380 * from the connect request.
1381 */
1382 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1383 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1384 dst = &irk->rpa;
1385 dst_type = ADDR_LE_DEV_RANDOM;
1386 }
1ebfcc1f
JH		 1387 }
1388
e2caced4 1389 if (conn) {
28a667c9
JP		 1390 bacpy(&conn->dst, dst);
1391 } else {
1392 conn = hci_conn_add(hdev, LE_LINK, dst, role);
e2caced4
JH		 1393 if (!conn)
1394 return ERR_PTR(-ENOMEM);
1395 hci_conn_hold(conn);
1396 conn->pending_sec_level = sec_level;
28a667c9
JP		 1397 }
1398
1ebfcc1f 1399 conn->dst_type = dst_type;
620ad521 1400 conn->sec_level = BT_SECURITY_LOW;
09ae260b 1401 conn->conn_timeout = conn_timeout;
4292f1f3 1402
04a51d61 1403 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync,
a1f6c3ae 1404 UINT_PTR(conn->handle),
8e8b92ee 1405 create_le_conn_complete);
2acf3d90
AG		 1406 if (err) {
1407 hci_conn_del(conn);
620ad521 1408 return ERR_PTR(err);
2acf3d90 1409 }
fcd89c09 1410
f1e5d547 1411 return conn;
d04aef4c 1412}
fcd89c09 1413
f75113a2
JP		 1414static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1415{
1416 struct hci_conn *conn;
1417
9d4c1cc1 1418 conn = hci_conn_hash_lookup_le(hdev, addr, type);
f75113a2
JP		 1419 if (!conn)
1420 return false;
1421
f75113a2
JP		 1422 if (conn->state != BT_CONNECTED)
1423 return false;
1424
1425 return true;
1426}
1427
1428/* This function requires the caller holds hdev->lock */
84235d22 1429static int hci_explicit_conn_params_set(struct hci_dev *hdev,
f75113a2
JP		 1430 bdaddr_t *addr, u8 addr_type)
1431{
f75113a2
JP		 1432 struct hci_conn_params *params;
1433
1434 if (is_connected(hdev, addr, addr_type))
1435 return -EISCONN;
1436
5157b8a5
JP		 1437 params = hci_conn_params_lookup(hdev, addr, addr_type);
1438 if (!params) {
1439 params = hci_conn_params_add(hdev, addr, addr_type);
1440 if (!params)
1441 return -ENOMEM;
1442
1443 /* If we created new params, mark them to be deleted in
1444 * hci_connect_le_scan_cleanup. It's different case than
1445 * existing disabled params, those will stay after cleanup.
1446 */
1447 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1448 }
f75113a2 1449
5157b8a5 1450 /* We're trying to connect, so make sure params are at pend_le_conns */
49c50922 1451 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5157b8a5
JP		 1452 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1453 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
195ef75e
PV		 1454 hci_pend_le_list_del_init(params);
1455 hci_pend_le_list_add(params, &hdev->pend_le_conns);
f75113a2
JP		 1456 }
1457
1458 params->explicit_connect = true;
f75113a2
JP		 1459
1460 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1461 params->auto_connect);
1462
1463 return 0;
1464}
1465
eca0ae4a
LAD		 1466static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1467{
6a42e9bf
IT		 1468 struct hci_conn *conn;
1469 u8 big;
eca0ae4a
LAD		 1470
1471 /* Allocate a BIG if not set */
0fe8c8d0 1472 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
6a42e9bf 1473 for (big = 0x00; big < 0xef; big++) {
eca0ae4a 1474
6a42e9bf
IT		 1475 conn = hci_conn_hash_lookup_big(hdev, big);
1476 if (!conn)
eca0ae4a
LAD		 1477 break;
1478 }
1479
6a42e9bf 1480 if (big == 0xef)
eca0ae4a
LAD		 1481 return -EADDRNOTAVAIL;
1482
1483 /* Update BIG */
6a42e9bf 1484 qos->bcast.big = big;
eca0ae4a
LAD		 1485 }
1486
1487 return 0;
1488}
1489
1490static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1491{
6a42e9bf
IT		 1492 struct hci_conn *conn;
1493 u8 bis;
eca0ae4a
LAD		 1494
1495 /* Allocate BIS if not set */
0fe8c8d0 1496 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
eca0ae4a
LAD		 1497 /* Find an unused adv set to advertise BIS, skip instance 0x00
1498 * since it is reserved as general purpose set.
1499 */
6a42e9bf
IT		 1500 for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1501 bis++) {
eca0ae4a 1502
6a42e9bf
IT		 1503 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1504 if (!conn)
eca0ae4a
LAD		 1505 break;
1506 }
1507
6a42e9bf 1508 if (bis == hdev->le_num_of_adv_sets)
eca0ae4a
LAD		 1509 return -EADDRNOTAVAIL;
1510
1511 /* Update BIS */
6a42e9bf 1512 qos->bcast.bis = bis;
eca0ae4a
LAD		 1513 }
1514
1515 return 0;
1516}
1517
1518/* This function requires the caller holds hdev->lock */
1519static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
a0bfde16
IT		 1520 struct bt_iso_qos *qos, __u8 base_len,
1521 __u8 *base)
eca0ae4a
LAD		 1522{
1523 struct hci_conn *conn;
eca0ae4a
LAD		 1524 int err;
1525
1526 /* Let's make sure that le is enabled.*/
1527 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1528 if (lmp_le_capable(hdev))
1529 return ERR_PTR(-ECONNREFUSED);
1530 return ERR_PTR(-EOPNOTSUPP);
1531 }
1532
1533 err = qos_set_big(hdev, qos);
1534 if (err)
1535 return ERR_PTR(err);
1536
1537 err = qos_set_bis(hdev, qos);
1538 if (err)
1539 return ERR_PTR(err);
1540
a0bfde16
IT		 1541 /* Check if the LE Create BIG command has already been sent */
1542 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1543 qos->bcast.big);
1544 if (conn)
eca0ae4a
LAD		 1545 return ERR_PTR(-EADDRINUSE);
1546
a0bfde16
IT		 1547 /* Check BIS settings against other bound BISes, since all
1548 * BISes in a BIG must have the same value for all parameters
1549 */
6a42e9bf 1550 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
a0bfde16
IT		 1551
1552 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1553 base_len != conn->le_per_adv_data_len ||
1554 memcmp(conn->le_per_adv_data, base, base_len)))
eca0ae4a
LAD		 1555 return ERR_PTR(-EADDRINUSE);
1556
1557 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1558 if (!conn)
1559 return ERR_PTR(-ENOMEM);
1560
eca0ae4a
LAD		 1561 conn->state = BT_CONNECT;
1562
1563 hci_conn_hold(conn);
1564 return conn;
1565}
1566
f75113a2
JP		 1567/* This function requires the caller holds hdev->lock */
1568struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1569 u8 dst_type, u8 sec_level,
76b13996
MM		 1570 u16 conn_timeout,
1571 enum conn_reasons conn_reason)
f75113a2
JP		 1572{
1573 struct hci_conn *conn;
f75113a2
JP		 1574
1575 /* Let's make sure that le is enabled.*/
1576 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1577 if (lmp_le_capable(hdev))
1578 return ERR_PTR(-ECONNREFUSED);
1579
1580 return ERR_PTR(-EOPNOTSUPP);
1581 }
1582
1583 /* Some devices send ATT messages as soon as the physical link is
1584 * established. To be able to handle these ATT messages, the user-
1585 * space first establishes the connection and then starts the pairing
1586 * process.
1587 *
1588 * So if a hci_conn object already exists for the following connection
1589 * attempt, we simply update pending_sec_level and auth_type fields
1590 * and return the object found.
1591 */
9d4c1cc1 1592 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
f75113a2
JP		 1593 if (conn) {
1594 if (conn->pending_sec_level < sec_level)
1595 conn->pending_sec_level = sec_level;
1596 goto done;
1597 }
1598
1599 BT_DBG("requesting refresh of dst_addr");
1600
0ad06aa6 1601 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
f75113a2
JP		 1602 if (!conn)
1603 return ERR_PTR(-ENOMEM);
1604
d088337c
NE		 1605 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1606 hci_conn_del(conn);
f75113a2 1607 return ERR_PTR(-EBUSY);
d088337c 1608 }
f75113a2
JP		 1609
1610 conn->state = BT_CONNECT;
1611 set_bit(HCI_CONN_SCANNING, &conn->flags);
f75113a2
JP		 1612 conn->dst_type = dst_type;
1613 conn->sec_level = BT_SECURITY_LOW;
1614 conn->pending_sec_level = sec_level;
1615 conn->conn_timeout = conn_timeout;
76b13996 1616 conn->conn_reason = conn_reason;
f75113a2 1617
5bee2fd6 1618 hci_update_passive_scan(hdev);
84235d22 1619
f75113a2
JP		 1620done:
1621 hci_conn_hold(conn);
1622 return conn;
1623}
1624
04a6c589 1625struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
76b13996
MM		 1626 u8 sec_level, u8 auth_type,
1627 enum conn_reasons conn_reason)
1da177e4
LT		 1628{
1629 struct hci_conn *acl;
fcd89c09 1630
d7a5a11d 1631 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
c411110e
LR		 1632 if (lmp_bredr_capable(hdev))
1633 return ERR_PTR(-ECONNREFUSED);
1634
beb19e4c 1635 return ERR_PTR(-EOPNOTSUPP);
c411110e 1636 }
56f87901 1637
1ffc6f8c
LCY		 1638 /* Reject outgoing connection to device with same BD ADDR against
1639 * CVE-2020-26555
1640 */
1641 if (!bacmp(&hdev->bdaddr, dst)) {
1642 bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n",
1643 dst);
1644 return ERR_PTR(-ECONNREFUSED);
1645 }
1646
70f23020
AE		 1647 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1648 if (!acl) {
a5c4e309 1649 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 1650 if (!acl)
48c7aba9 1651 return ERR_PTR(-ENOMEM);
1da177e4
LT		 1652 }
1653
1654 hci_conn_hold(acl);
1655
76b13996 1656 acl->conn_reason = conn_reason;
09ab6f4c 1657 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 1658 acl->sec_level = BT_SECURITY_LOW;
1659 acl->pending_sec_level = sec_level;
09ab6f4c 1660 acl->auth_type = auth_type;
1aef8669 1661 hci_acl_create_connection(acl);
09ab6f4c 1662 }
1da177e4 1663
db474275
VCG		 1664 return acl;
1665}
1666
06149746
LAD		 1667static struct hci_link *hci_conn_link(struct hci_conn *parent,
1668 struct hci_conn *conn)
1669{
1670 struct hci_dev *hdev = parent->hdev;
1671 struct hci_link *link;
1672
1673 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1674
1675 if (conn->link)
1676 return conn->link;
1677
1678 if (conn->parent)
1679 return NULL;
1680
1681 link = kzalloc(sizeof(*link), GFP_KERNEL);
1682 if (!link)
1683 return NULL;
1684
1685 link->conn = hci_conn_hold(conn);
1686 conn->link = link;
1687 conn->parent = hci_conn_get(parent);
1688
1689 /* Use list_add_tail_rcu append to the list */
1690 list_add_tail_rcu(&link->list, &parent->link_list);
1691
1692 return link;
1693}
1694
10c62ddc 1695struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
b2af264a 1696 __u16 setting, struct bt_codec *codec)
db474275
VCG		 1697{
1698 struct hci_conn *acl;
1699 struct hci_conn *sco;
06149746 1700 struct hci_link *link;
db474275 1701
76b13996
MM		 1702 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1703 CONN_REASON_SCO_CONNECT);
db474275 1704 if (IS_ERR(acl))
5b7f9909 1705 return acl;
1da177e4 1706
70f23020
AE		 1707 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1708 if (!sco) {
a5c4e309 1709 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 1710 if (!sco) {
76a68ba0 1711 hci_conn_drop(acl);
48c7aba9 1712 return ERR_PTR(-ENOMEM);
1da177e4 1713 }
5b7f9909 1714 }
1da177e4 1715
06149746
LAD		 1716 link = hci_conn_link(acl, sco);
1717 if (!link) {
1718 hci_conn_drop(acl);
1719 hci_conn_drop(sco);
b4066eb0 1720 return ERR_PTR(-ENOLINK);
06149746 1721 }
1da177e4 1722
10c62ddc 1723 sco->setting = setting;
b2af264a 1724 sco->codec = *codec;
10c62ddc 1725
5b7f9909 1726 if (acl->state == BT_CONNECTED &&
5974e4c4 1727 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 1728 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 1729 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 1730
51a8efd7 1731 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 1732 /* defer SCO setup until mode change completed */
51a8efd7 1733 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 1734 return sco;
1735 }
1736
1737 hci_sco_setup(acl, 0x00);
b6a0dc82 1738 }
5b7f9909
MH		 1739
1740 return sco;
1da177e4 1741}
1da177e4 1742
eca0ae4a
LAD		 1743static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1744{
1745 struct hci_dev *hdev = conn->hdev;
1746 struct hci_cp_le_create_big cp;
a0bfde16 1747 struct iso_list_data data;
eca0ae4a
LAD		 1748
1749 memset(&cp, 0, sizeof(cp));
1750
a0bfde16
IT		 1751 data.big = qos->bcast.big;
1752 data.bis = qos->bcast.bis;
1753 data.count = 0;
1754
1755 /* Create a BIS for each bound connection */
1756 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1757 BT_BOUND, &data);
1758
0fe8c8d0
IT		 1759 cp.handle = qos->bcast.big;
1760 cp.adv_handle = qos->bcast.bis;
a0bfde16 1761 cp.num_bis = data.count;
0fe8c8d0
IT		 1762 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1763 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1764 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1765 cp.bis.rtn = qos->bcast.out.rtn;
1766 cp.bis.phy = qos->bcast.out.phy;
1767 cp.bis.packing = qos->bcast.packing;
1768 cp.bis.framing = qos->bcast.framing;
1769 cp.bis.encryption = qos->bcast.encryption;
1770 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
eca0ae4a
LAD		 1771
1772 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1773}
1774
a0912892 1775static int set_cig_params_sync(struct hci_dev *hdev, void *data)
6b9545dc 1776{
a1f6c3ae 1777 u8 cig_id = PTR_UINT(data);
a0912892
LAD		 1778 struct hci_conn *conn;
1779 struct bt_iso_qos *qos;
1780 struct iso_cig_params pdu;
1781 u8 cis_id;
6b9545dc 1782
a0912892
LAD		 1783 conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1784 if (!conn)
1785 return 0;
6b9545dc 1786
a0912892 1787 memset(&pdu, 0, sizeof(pdu));
6b9545dc 1788
a0912892
LAD		 1789 qos = &conn->iso_qos;
1790 pdu.cp.cig_id = cig_id;
1791 hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1792 hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1793 pdu.cp.sca = qos->ucast.sca;
1794 pdu.cp.packing = qos->ucast.packing;
1795 pdu.cp.framing = qos->ucast.framing;
1796 pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1797 pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
6b9545dc 1798
a0912892
LAD		 1799 /* Reprogram all CIS(s) with the same CIG, valid range are:
1800 * num_cis: 0x00 to 0x1F
1801 * cis_id: 0x00 to 0xEF
1802 */
1803 for (cis_id = 0x00; cis_id < 0xf0 &&
1804 pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1805 struct hci_cis_params *cis;
1806
1807 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1808 if (!conn)
1809 continue;
6b9545dc 1810
a0912892
LAD		 1811 qos = &conn->iso_qos;
1812
1813 cis = &pdu.cis[pdu.cp.num_cis++];
1814 cis->cis_id = cis_id;
1815 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1816 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1817 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1818 qos->ucast.in.phy;
1819 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1820 qos->ucast.out.phy;
1821 cis->c_rtn = qos->ucast.out.rtn;
1822 cis->p_rtn = qos->ucast.in.rtn;
1823 }
1824
1825 if (!pdu.cp.num_cis)
1826 return 0;
1827
1828 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1829 sizeof(pdu.cp) +
1830 pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
6b9545dc
PV		 1831 HCI_CMD_TIMEOUT);
1832}
1833
26afbd82
LAD		 1834static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1835{
1836 struct hci_dev *hdev = conn->hdev;
1837 struct iso_list_data data;
1838
1839 memset(&data, 0, sizeof(data));
1840
e6a7a46b 1841 /* Allocate first still reconfigurable CIG if not set */
0fe8c8d0 1842 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
e6a7a46b 1843 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
26afbd82 1844 data.count = 0;
26afbd82 1845
e6a7a46b
PV		 1846 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1847 BT_CONNECT, &data);
26afbd82
LAD		 1848 if (data.count)
1849 continue;
1850
e6a7a46b 1851 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
26afbd82
LAD		 1852 BT_CONNECTED, &data);
1853 if (!data.count)
1854 break;
1855 }
1856
e6a7a46b 1857 if (data.cig == 0xf0)
26afbd82
LAD		 1858 return false;
1859
1860 /* Update CIG */
0fe8c8d0 1861 qos->ucast.cig = data.cig;
26afbd82
LAD		 1862 }
1863
0fe8c8d0 1864 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
a0912892
LAD		 1865 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1866 qos->ucast.cis))
26afbd82 1867 return false;
a0912892 1868 goto done;
26afbd82
LAD		 1869 }
1870
a0912892
LAD		 1871 /* Allocate first available CIS if not set */
1872 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1873 data.cis++) {
1874 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1875 data.cis)) {
26afbd82 1876 /* Update CIS */
0fe8c8d0 1877 qos->ucast.cis = data.cis;
a0912892 1878 break;
26afbd82
LAD		 1879 }
1880 }
1881
a0912892 1882 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
26afbd82
LAD		 1883 return false;
1884
a0912892
LAD		 1885done:
1886 if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
a1f6c3ae 1887 UINT_PTR(qos->ucast.cig), NULL) < 0)
6b9545dc 1888 return false;
6b9545dc 1889
26afbd82
LAD		 1890 return true;
1891}
1892
26afbd82
LAD		 1893struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1894 __u8 dst_type, struct bt_iso_qos *qos)
1895{
1896 struct hci_conn *cis;
1897
c14516fa
LAD		 1898 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1899 qos->ucast.cis);
26afbd82
LAD		 1900 if (!cis) {
1901 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1902 if (!cis)
1903 return ERR_PTR(-ENOMEM);
1904 cis->cleanup = cis_cleanup;
b36a234d 1905 cis->dst_type = dst_type;
b5793de3
PV		 1906 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1907 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
26afbd82
LAD		 1908 }
1909
1910 if (cis->state == BT_CONNECTED)
1911 return cis;
1912
1913 /* Check if CIS has been set and the settings matches */
1914 if (cis->state == BT_BOUND &&
1915 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1916 return cis;
1917
1918 /* Update LINK PHYs according to QoS preference */
0fe8c8d0
IT		 1919 cis->le_tx_phy = qos->ucast.out.phy;
1920 cis->le_rx_phy = qos->ucast.in.phy;
26afbd82
LAD		 1921
1922 /* If output interval is not set use the input interval as it cannot be
1923 * 0x000000.
1924 */
0fe8c8d0
IT		 1925 if (!qos->ucast.out.interval)
1926 qos->ucast.out.interval = qos->ucast.in.interval;
26afbd82
LAD		 1927
1928 /* If input interval is not set use the output interval as it cannot be
1929 * 0x000000.
1930 */
0fe8c8d0
IT		 1931 if (!qos->ucast.in.interval)
1932 qos->ucast.in.interval = qos->ucast.out.interval;
26afbd82
LAD		 1933
1934 /* If output latency is not set use the input latency as it cannot be
1935 * 0x0000.
1936 */
0fe8c8d0
IT		 1937 if (!qos->ucast.out.latency)
1938 qos->ucast.out.latency = qos->ucast.in.latency;
26afbd82
LAD		 1939
1940 /* If input latency is not set use the output latency as it cannot be
1941 * 0x0000.
1942 */
0fe8c8d0
IT		 1943 if (!qos->ucast.in.latency)
1944 qos->ucast.in.latency = qos->ucast.out.latency;
26afbd82 1945
26afbd82
LAD		 1946 if (!hci_le_set_cig_params(cis, qos)) {
1947 hci_conn_drop(cis);
1948 return ERR_PTR(-EINVAL);
1949 }
1950
69997d50
PV		 1951 hci_conn_hold(cis);
1952
26afbd82
LAD		 1953 cis->iso_qos = *qos;
1954 cis->state = BT_BOUND;
1955
1956 return cis;
1957}
1958
1959bool hci_iso_setup_path(struct hci_conn *conn)
1960{
1961 struct hci_dev *hdev = conn->hdev;
1962 struct hci_cp_le_setup_iso_path cmd;
1963
1964 memset(&cmd, 0, sizeof(cmd));
1965
0fe8c8d0 1966 if (conn->iso_qos.ucast.out.sdu) {
26afbd82
LAD		 1967 cmd.handle = cpu_to_le16(conn->handle);
1968 cmd.direction = 0x00; /* Input (Host to Controller) */
1969 cmd.path = 0x00; /* HCI path if enabled */
1970 cmd.codec = 0x03; /* Transparent Data */
1971
1972 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1973 &cmd) < 0)
1974 return false;
1975 }
1976
0fe8c8d0 1977 if (conn->iso_qos.ucast.in.sdu) {
26afbd82
LAD		 1978 cmd.handle = cpu_to_le16(conn->handle);
1979 cmd.direction = 0x01; /* Output (Controller to Host) */
1980 cmd.path = 0x00; /* HCI path if enabled */
1981 cmd.codec = 0x03; /* Transparent Data */
1982
1983 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1984 &cmd) < 0)
1985 return false;
1986 }
1987
1988 return true;
1989}
1990
7f74563e 1991int hci_conn_check_create_cis(struct hci_conn *conn)
26afbd82 1992{
7f74563e
PV		 1993 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1994 return -EINVAL;
26afbd82 1995
7f74563e 1996 if (!conn->parent || conn->parent->state != BT_CONNECTED ||
9f78191c 1997 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
7f74563e 1998 return 1;
26afbd82 1999
7f74563e
PV		 2000 return 0;
2001}
06149746 2002
7f74563e
PV		 2003static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
2004{
2005 return hci_le_create_cis_sync(hdev);
2006}
06149746 2007
7f74563e
PV		 2008int hci_le_create_cis_pending(struct hci_dev *hdev)
2009{
2010 struct hci_conn *conn;
2011 bool pending = false;
06149746 2012
7f74563e 2013 rcu_read_lock();
06149746 2014
7f74563e
PV		 2015 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
2016 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
2017 rcu_read_unlock();
2018 return -EBUSY;
06149746
LAD		 2019 }
2020
7f74563e
PV		 2021 if (!hci_conn_check_create_cis(conn))
2022 pending = true;
26afbd82
LAD		 2023 }
2024
7f74563e
PV		 2025 rcu_read_unlock();
2026
2027 if (!pending)
26afbd82
LAD		 2028 return 0;
2029
2030 /* Queue Create CIS */
7f74563e 2031 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
26afbd82
LAD		 2032}
2033
2034static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
2035 struct bt_iso_io_qos *qos, __u8 phy)
2036{
2037 /* Only set MTU if PHY is enabled */
2038 if (!qos->sdu && qos->phy) {
2039 if (hdev->iso_mtu > 0)
2040 qos->sdu = hdev->iso_mtu;
2041 else if (hdev->le_mtu > 0)
2042 qos->sdu = hdev->le_mtu;
2043 else
2044 qos->sdu = hdev->acl_mtu;
2045 }
2046
2047 /* Use the same PHY as ACL if set to any */
2048 if (qos->phy == BT_ISO_PHY_ANY)
2049 qos->phy = phy;
2050
2051 /* Use LE ACL connection interval if not set */
2052 if (!qos->interval)
2053 /* ACL interval unit in 1.25 ms to us */
2054 qos->interval = conn->le_conn_interval * 1250;
2055
2056 /* Use LE ACL connection latency if not set */
2057 if (!qos->latency)
2058 qos->latency = conn->le_conn_latency;
2059}
2060
eca0ae4a
LAD		 2061static int create_big_sync(struct hci_dev *hdev, void *data)
2062{
2063 struct hci_conn *conn = data;
2064 struct bt_iso_qos *qos = &conn->iso_qos;
2065 u16 interval, sync_interval = 0;
2066 u32 flags = 0;
2067 int err;
2068
0fe8c8d0 2069 if (qos->bcast.out.phy == 0x02)
eca0ae4a
LAD		 2070 flags |= MGMT_ADV_FLAG_SEC_2M;
2071
2072 /* Align intervals */
14f0dcec 2073 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
eca0ae4a 2074
0fe8c8d0 2075 if (qos->bcast.bis)
14f0dcec 2076 sync_interval = interval * 4;
eca0ae4a 2077
0fe8c8d0 2078 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
eca0ae4a
LAD		 2079 conn->le_per_adv_data, flags, interval,
2080 interval, sync_interval);
2081 if (err)
2082 return err;
2083
2084 return hci_le_create_big(conn, &conn->iso_qos);
2085}
2086
2087static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2088{
2089 struct hci_cp_le_pa_create_sync *cp = data;
2090
2091 bt_dev_dbg(hdev, "");
2092
2093 if (err)
2094 bt_dev_err(hdev, "Unable to create PA: %d", err);
2095
2096 kfree(cp);
2097}
2098
2099static int create_pa_sync(struct hci_dev *hdev, void *data)
2100{
2101 struct hci_cp_le_pa_create_sync *cp = data;
2102 int err;
2103
2104 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2105 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2106 if (err) {
2107 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2108 return err;
2109 }
2110
2111 return hci_update_passive_scan_sync(hdev);
2112}
2113
2114int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
0fe8c8d0 2115 __u8 sid, struct bt_iso_qos *qos)
eca0ae4a
LAD		 2116{
2117 struct hci_cp_le_pa_create_sync *cp;
2118
2119 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2120 return -EBUSY;
2121
37224a29 2122 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
eca0ae4a
LAD		 2123 if (!cp) {
2124 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2125 return -ENOMEM;
2126 }
2127
0fe8c8d0 2128 cp->options = qos->bcast.options;
eca0ae4a
LAD		 2129 cp->sid = sid;
2130 cp->addr_type = dst_type;
2131 bacpy(&cp->addr, dst);
0fe8c8d0
IT		 2132 cp->skip = cpu_to_le16(qos->bcast.skip);
2133 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2134 cp->sync_cte_type = qos->bcast.sync_cte_type;
eca0ae4a
LAD		 2135
2136 /* Queue start pa_create_sync and scan */
2137 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2138}
2139
fbdc4bc4
IT		 2140int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
2141 struct bt_iso_qos *qos,
eca0ae4a
LAD		 2142 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2143{
2144 struct _packed {
2145 struct hci_cp_le_big_create_sync cp;
2146 __u8 bis[0x11];
2147 } pdu;
2148 int err;
2149
31ca583b 2150 if (num_bis < 0x01 || num_bis > sizeof(pdu.bis))
eca0ae4a
LAD		 2151 return -EINVAL;
2152
2153 err = qos_set_big(hdev, qos);
2154 if (err)
2155 return err;
2156
fbdc4bc4
IT		 2157 if (hcon)
2158 hcon->iso_qos.bcast.big = qos->bcast.big;
2159
eca0ae4a 2160 memset(&pdu, 0, sizeof(pdu));
0fe8c8d0 2161 pdu.cp.handle = qos->bcast.big;
eca0ae4a 2162 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
0fe8c8d0
IT		 2163 pdu.cp.encryption = qos->bcast.encryption;
2164 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2165 pdu.cp.mse = qos->bcast.mse;
2166 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
eca0ae4a
LAD		 2167 pdu.cp.num_bis = num_bis;
2168 memcpy(pdu.bis, bis, num_bis);
2169
2170 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2171 sizeof(pdu.cp) + num_bis, &pdu);
2172}
2173
2174static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2175{
2176 struct hci_conn *conn = data;
2177
2178 bt_dev_dbg(hdev, "conn %p", conn);
2179
2180 if (err) {
2181 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2182 hci_connect_cfm(conn, err);
2183 hci_conn_del(conn);
2184 }
2185}
2186
a0bfde16
IT		 2187struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2188 struct bt_iso_qos *qos,
2189 __u8 base_len, __u8 *base)
eca0ae4a
LAD		 2190{
2191 struct hci_conn *conn;
a0bfde16
IT		 2192 __u8 eir[HCI_MAX_PER_AD_LENGTH];
2193
2194 if (base_len && base)
2195 base_len = eir_append_service_data(eir, 0, 0x1851,
2196 base, base_len);
eca0ae4a
LAD		 2197
2198 /* We need hci_conn object using the BDADDR_ANY as dst */
a0bfde16 2199 conn = hci_add_bis(hdev, dst, qos, base_len, eir);
eca0ae4a
LAD		 2200 if (IS_ERR(conn))
2201 return conn;
2202
a0bfde16
IT		 2203 /* Update LINK PHYs according to QoS preference */
2204 conn->le_tx_phy = qos->bcast.out.phy;
2205 conn->le_tx_phy = qos->bcast.out.phy;
eca0ae4a
LAD		 2206
2207 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2208 if (base_len && base) {
a0bfde16 2209 memcpy(conn->le_per_adv_data, eir, sizeof(eir));
eca0ae4a
LAD		 2210 conn->le_per_adv_data_len = base_len;
2211 }
2212
a0bfde16
IT		 2213 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2214 conn->le_tx_phy ? conn->le_tx_phy :
2215 hdev->le_tx_def_phys);
2216
2217 conn->iso_qos = *qos;
2218 conn->state = BT_BOUND;
2219
2220 return conn;
2221}
2222
2223static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2224{
2225 struct iso_list_data *d = data;
2226
2227 /* Skip if not broadcast/ANY address */
2228 if (bacmp(&conn->dst, BDADDR_ANY))
2229 return;
2230
2231 if (d->big != conn->iso_qos.bcast.big ||
2232 d->bis == BT_ISO_QOS_BIS_UNSET ||
2233 d->bis != conn->iso_qos.bcast.bis)
2234 return;
2235
2236 set_bit(HCI_CONN_PER_ADV, &conn->flags);
2237}
2238
2239struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2240 __u8 dst_type, struct bt_iso_qos *qos,
2241 __u8 base_len, __u8 *base)
2242{
2243 struct hci_conn *conn;
2244 int err;
2245 struct iso_list_data data;
2246
2247 conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2248 if (IS_ERR(conn))
2249 return conn;
2250
2251 data.big = qos->bcast.big;
2252 data.bis = qos->bcast.bis;
2253
2254 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2255 * the start periodic advertising and create BIG commands have
2256 * been queued
2257 */
2258 hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2259 BT_BOUND, &data);
2260
eca0ae4a
LAD		 2261 /* Queue start periodic advertising and create BIG */
2262 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2263 create_big_complete);
2264 if (err < 0) {
2265 hci_conn_drop(conn);
2266 return ERR_PTR(err);
2267 }
2268
eca0ae4a
LAD		 2269 return conn;
2270}
2271
26afbd82
LAD		 2272struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2273 __u8 dst_type, struct bt_iso_qos *qos)
2274{
2275 struct hci_conn *le;
2276 struct hci_conn *cis;
06149746 2277 struct hci_link *link;
26afbd82 2278
26afbd82
LAD		 2279 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2280 le = hci_connect_le(hdev, dst, dst_type, false,
2281 BT_SECURITY_LOW,
2282 HCI_LE_CONN_TIMEOUT,
2283 HCI_ROLE_SLAVE);
2284 else
2285 le = hci_connect_le_scan(hdev, dst, dst_type,
2286 BT_SECURITY_LOW,
2287 HCI_LE_CONN_TIMEOUT,
2288 CONN_REASON_ISO_CONNECT);
2289 if (IS_ERR(le))
2290 return le;
2291
0fe8c8d0 2292 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
26afbd82 2293 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
0fe8c8d0 2294 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
26afbd82
LAD		 2295 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2296
2297 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2298 if (IS_ERR(cis)) {
2299 hci_conn_drop(le);
2300 return cis;
2301 }
2302
06149746
LAD		 2303 link = hci_conn_link(le, cis);
2304 if (!link) {
2305 hci_conn_drop(le);
2306 hci_conn_drop(cis);
b4066eb0 2307 return ERR_PTR(-ENOLINK);
06149746 2308 }
26afbd82 2309
69997d50
PV		 2310 /* Link takes the refcount */
2311 hci_conn_drop(cis);
2312
7f74563e
PV		 2313 cis->state = BT_CONNECT;
2314
2315 hci_le_create_cis_pending(hdev);
26afbd82
LAD		 2316
2317 return cis;
2318}
2319
e7c29cb1
MH		 2320/* Check link security requirement */
2321int hci_conn_check_link_mode(struct hci_conn *conn)
2322{
38b3fef1 2323 BT_DBG("hcon %p", conn);
e7c29cb1 2324
40b552aa
MH		 2325 /* In Secure Connections Only mode, it is required that Secure
2326 * Connections is used and the link is encrypted with AES-CCM
2327 * using a P-256 authenticated combination key.
2328 */
d7a5a11d 2329 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
40b552aa
MH		 2330 if (!hci_conn_sc_enabled(conn) ||
2331 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2332 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2333 return 0;
2334 }
2335
8746f135
LAD		 2336 /* AES encryption is required for Level 4:
2337 *
2338 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2339 * page 1319:
2340 *
2341 * 128-bit equivalent strength for link and encryption keys
2342 * required using FIPS approved algorithms (E0 not allowed,
2343 * SAFER+ not allowed, and P-192 not allowed; encryption key
2344 * not shortened)
2345 */
2346 if (conn->sec_level == BT_SECURITY_FIPS &&
2347 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2348 bt_dev_err(conn->hdev,
2349 "Invalid security: Missing AES-CCM usage");
2350 return 0;
2351 }
2352
4dae2798
JH		 2353 if (hci_conn_ssp_enabled(conn) &&
2354 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 2355 return 0;
2356
2357 return 1;
2358}
e7c29cb1 2359
1da177e4 2360/* Authenticate remote device */
0684e5f9 2361static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 2362{
38b3fef1 2363 BT_DBG("hcon %p", conn);
1da177e4 2364
765c2a96
JH		 2365 if (conn->pending_sec_level > sec_level)
2366 sec_level = conn->pending_sec_level;
2367
96a31833 2368 if (sec_level > conn->sec_level)
765c2a96 2369 conn->pending_sec_level = sec_level;
4dae2798 2370 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 2371 return 1;
2372
65cf686e
JH		 2373 /* Make sure we preserve an existing MITM requirement*/
2374 auth_type |= (conn->auth_type & 0x01);
2375
96a31833
MH		 2376 conn->auth_type = auth_type;
2377
51a8efd7 2378 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 2379 struct hci_cp_auth_requested cp;
b7d05bad 2380
aca3192c 2381 cp.handle = cpu_to_le16(conn->handle);
40be492f 2382 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 2383 sizeof(cp), &cp);
09da1f34
JH		 2384
2385 /* If we're already encrypted set the REAUTH_PEND flag,
2386 * otherwise set the ENCRYPT_PEND.
2387 */
4dae2798 2388 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 2389 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 2390 else
2391 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2392 }
8c1b2355 2393
1da177e4
LT		 2394 return 0;
2395}
1da177e4 2396
bb6d6895 2397/* Encrypt the link */
13d39315
WR		 2398static void hci_conn_encrypt(struct hci_conn *conn)
2399{
38b3fef1 2400 BT_DBG("hcon %p", conn);
13d39315 2401
51a8efd7 2402 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 2403 struct hci_cp_set_conn_encrypt cp;
2404 cp.handle = cpu_to_le16(conn->handle);
2405 cp.encrypt = 0x01;
2406 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 2407 &cp);
13d39315
WR		 2408 }
2409}
2410
8c1b2355 2411/* Enable security */
e7cafc45
JH		 2412int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2413 bool initiator)
1da177e4 2414{
38b3fef1 2415 BT_DBG("hcon %p", conn);
1da177e4 2416
d8343f12
VCG		 2417 if (conn->type == LE_LINK)
2418 return smp_conn_security(conn, sec_level);
2419
13d39315 2420 /* For sdp we don't need the link key. */
8c1b2355
MH		 2421 if (sec_level == BT_SECURITY_SDP)
2422 return 1;
2423
13d39315
WR		 2424 /* For non 2.1 devices and low security level we don't need the link
2425 key. */
aa64a8b5 2426 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 2427 return 1;
8c1b2355 2428
13d39315 2429 /* For other security levels we need the link key. */
4dae2798 2430 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 2431 goto auth;
2432
1d8e8014
YH		 2433 switch (conn->key_type) {
2434 case HCI_LK_AUTH_COMBINATION_P256:
2435 /* An authenticated FIPS approved combination key has
2436 * sufficient security for security level 4 or lower.
2437 */
2438 if (sec_level <= BT_SECURITY_FIPS)
2439 goto encrypt;
2440 break;
2441 case HCI_LK_AUTH_COMBINATION_P192:
2442 /* An authenticated combination key has sufficient security for
2443 * security level 3 or lower.
2444 */
2445 if (sec_level <= BT_SECURITY_HIGH)
2446 goto encrypt;
2447 break;
2448 case HCI_LK_UNAUTH_COMBINATION_P192:
2449 case HCI_LK_UNAUTH_COMBINATION_P256:
2450 /* An unauthenticated combination key has sufficient security
2451 * for security level 2 or lower.
2452 */
2453 if (sec_level <= BT_SECURITY_MEDIUM)
2454 goto encrypt;
2455 break;
2456 case HCI_LK_COMBINATION:
2457 /* A combination key has always sufficient security for the
2458 * security levels 2 or lower. High security level requires the
2459 * combination key is generated using maximum PIN code length
2460 * (16). For pre 2.1 units.
2461 */
2462 if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16)
2463 goto encrypt;
2464 break;
2465 default:
2466 break;
2467 }
13d39315
WR		 2468
2469auth:
51a8efd7 2470 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 2471 return 0;
2472
977f8fce
JH		 2473 if (initiator)
2474 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2475
6fdf658c
LAD		 2476 if (!hci_conn_auth(conn, sec_level, auth_type))
2477 return 0;
13d39315
WR		 2478
2479encrypt:
693cd8ce
MH		 2480 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2481 /* Ensure that the encryption key size has been read,
2482 * otherwise stall the upper layer responses.
2483 */
2484 if (!conn->enc_key_size)
2485 return 0;
2486
2487 /* Nothing else needed, all requirements are met */
13d39315 2488 return 1;
693cd8ce 2489 }
8c1b2355 2490
13d39315 2491 hci_conn_encrypt(conn);
1da177e4
LT		 2492 return 0;
2493}
8c1b2355 2494EXPORT_SYMBOL(hci_conn_security);
1da177e4 2495
b3b1b061
WR		 2496/* Check secure link requirement */
2497int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2498{
38b3fef1 2499 BT_DBG("hcon %p", conn);
b3b1b061 2500
9cb2e030
MH		 2501 /* Accept if non-secure or higher security level is required */
2502 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2503 return 1;
b3b1b061 2504
9cb2e030
MH		 2505 /* Accept if secure or higher security level is already present */
2506 if (conn->sec_level == BT_SECURITY_HIGH ||
2507 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 2508 return 1;
2509
9cb2e030
MH		 2510 /* Reject not secure link */
2511 return 0;
b3b1b061
WR		 2512}
2513EXPORT_SYMBOL(hci_conn_check_secure);
2514
1da177e4 2515/* Switch role */
8c1b2355 2516int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 2517{
38b3fef1 2518 BT_DBG("hcon %p", conn);
1da177e4 2519
40bef302 2520 if (role == conn->role)
1da177e4
LT		 2521 return 1;
2522
51a8efd7 2523 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 2524 struct hci_cp_switch_role cp;
2525 bacpy(&cp.bdaddr, &conn->dst);
2526 cp.role = role;
a9de9248 2527 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 2528 }
8c1b2355 2529
1da177e4
LT		 2530 return 0;
2531}
2532EXPORT_SYMBOL(hci_conn_switch_role);
2533
04837f64 2534/* Enter active mode */
14b12d0b 2535void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 2536{
2537 struct hci_dev *hdev = conn->hdev;
2538
38b3fef1 2539 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 2540
14b12d0b
JG		 2541 if (conn->mode != HCI_CM_SNIFF)
2542 goto timer;
2543
58a681ef 2544 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 2545 goto timer;
2546
51a8efd7 2547 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 2548 struct hci_cp_exit_sniff_mode cp;
aca3192c 2549 cp.handle = cpu_to_le16(conn->handle);
a9de9248 2550 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 2551 }
2552
2553timer:
2554 if (hdev->idle_timeout > 0)
a74a84f6
JH		 2555 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2556 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 2557}
2558
1da177e4
LT		 2559/* Drop all connection on the device */
2560void hci_conn_hash_flush(struct hci_dev *hdev)
2561{
a2ac591c
RL		 2562 struct list_head *head = &hdev->conn_hash.list;
2563 struct hci_conn *conn;
1da177e4
LT		 2564
2565 BT_DBG("hdev %s", hdev->name);
2566
a2ac591c
RL		 2567 /* We should not traverse the list here, because hci_conn_del
2568 * can remove extra links, which may cause the list traversal
2569 * to hit items that have already been released.
2570 */
2571 while ((conn = list_first_entry_or_null(head,
2572 struct hci_conn,
2573 list)) != NULL) {
2574 conn->state = BT_CLOSED;
2575 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
a2ac591c 2576 hci_conn_del(conn);
1da177e4
LT		 2577 }
2578}
2579
a9de9248
MH		 2580/* Check pending connect attempts */
2581void hci_conn_check_pending(struct hci_dev *hdev)
2582{
2583 struct hci_conn *conn;
2584
2585 BT_DBG("hdev %s", hdev->name);
2586
2587 hci_dev_lock(hdev);
2588
2589 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2590 if (conn)
1aef8669 2591 hci_acl_create_connection(conn);
a9de9248
MH		 2592
2593 hci_dev_unlock(hdev);
2594}
2595
4dae2798
JH		 2596static u32 get_link_mode(struct hci_conn *conn)
2597{
2598 u32 link_mode = 0;
2599
40bef302 2600 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 2601 link_mode |= HCI_LM_MASTER;
2602
2603 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2604 link_mode |= HCI_LM_ENCRYPT;
2605
2606 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2607 link_mode |= HCI_LM_AUTH;
2608
2609 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2610 link_mode |= HCI_LM_SECURE;
2611
2612 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2613 link_mode |= HCI_LM_FIPS;
2614
2615 return link_mode;
2616}
2617
1da177e4
LT		 2618int hci_get_conn_list(void __user *arg)
2619{
fc5fef61 2620 struct hci_conn *c;
1da177e4
LT		 2621 struct hci_conn_list_req req, *cl;
2622 struct hci_conn_info *ci;
2623 struct hci_dev *hdev;
1da177e4
LT		 2624 int n = 0, size, err;
2625
2626 if (copy_from_user(&req, arg, sizeof(req)))
2627 return -EFAULT;
2628
2629 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2630 return -EINVAL;
2631
2632 size = sizeof(req) + req.conn_num * sizeof(*ci);
2633
70f23020
AE		 2634 cl = kmalloc(size, GFP_KERNEL);
2635 if (!cl)
1da177e4
LT		 2636 return -ENOMEM;
2637
70f23020
AE		 2638 hdev = hci_dev_get(req.dev_id);
2639 if (!hdev) {
1da177e4
LT		 2640 kfree(cl);
2641 return -ENODEV;
2642 }
2643
2644 ci = cl->conn_info;
2645
09fd0de5 2646 hci_dev_lock(hdev);
8035ded4 2647 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 2648 bacpy(&(ci + n)->bdaddr, &c->dst);
2649 (ci + n)->handle = c->handle;
2650 (ci + n)->type = c->type;
2651 (ci + n)->out = c->out;
2652 (ci + n)->state = c->state;
4dae2798 2653 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 2654 if (++n >= req.conn_num)
2655 break;
2656 }
09fd0de5 2657 hci_dev_unlock(hdev);
1da177e4
LT		 2658
2659 cl->dev_id = hdev->id;
2660 cl->conn_num = n;
2661 size = sizeof(req) + n * sizeof(*ci);
2662
2663 hci_dev_put(hdev);
2664
2665 err = copy_to_user(arg, cl, size);
2666 kfree(cl);
2667
2668 return err ? -EFAULT : 0;
2669}
2670
2671int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2672{
2673 struct hci_conn_info_req req;
2674 struct hci_conn_info ci;
2675 struct hci_conn *conn;
2676 char __user *ptr = arg + sizeof(req);
2677
2678 if (copy_from_user(&req, arg, sizeof(req)))
2679 return -EFAULT;
2680
09fd0de5 2681 hci_dev_lock(hdev);
1da177e4
LT		 2682 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2683 if (conn) {
2684 bacpy(&ci.bdaddr, &conn->dst);
2685 ci.handle = conn->handle;
2686 ci.type = conn->type;
2687 ci.out = conn->out;
2688 ci.state = conn->state;
4dae2798 2689 ci.link_mode = get_link_mode(conn);
1da177e4 2690 }
09fd0de5 2691 hci_dev_unlock(hdev);
1da177e4
LT		 2692
2693 if (!conn)
2694 return -ENOENT;
2695
2696 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2697}
40be492f
MH		 2698
2699int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2700{
2701 struct hci_auth_info_req req;
2702 struct hci_conn *conn;
2703
2704 if (copy_from_user(&req, arg, sizeof(req)))
2705 return -EFAULT;
2706
09fd0de5 2707 hci_dev_lock(hdev);
40be492f
MH		 2708 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2709 if (conn)
2710 req.type = conn->auth_type;
09fd0de5 2711 hci_dev_unlock(hdev);
40be492f
MH		 2712
2713 if (!conn)
2714 return -ENOENT;
2715
2716 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2717}
73d80deb
LAD		 2718
2719struct hci_chan *hci_chan_create(struct hci_conn *conn)
2720{
2721 struct hci_dev *hdev = conn->hdev;
2722 struct hci_chan *chan;
2723
38b3fef1 2724 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 2725
f94b665d
JH		 2726 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2727 BT_DBG("Refusing to create new hci_chan");
2728 return NULL;
2729 }
2730
27f70f3e 2731 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 2732 if (!chan)
2733 return NULL;
2734
6c388d32 2735 chan->conn = hci_conn_get(conn);
73d80deb 2736 skb_queue_head_init(&chan->data_q);
168df8e5 2737 chan->state = BT_CONNECTED;
73d80deb 2738
8192edef 2739 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 2740
2741 return chan;
2742}
2743
9472007c 2744void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 2745{
2746 struct hci_conn *conn = chan->conn;
2747 struct hci_dev *hdev = conn->hdev;
2748
38b3fef1 2749 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 2750
8192edef
GP		 2751 list_del_rcu(&chan->list);
2752
2753 synchronize_rcu();
73d80deb 2754
bcbb655a 2755 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 2756 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 2757
6c388d32 2758 hci_conn_put(conn);
e9b02748 2759
73d80deb
LAD		 2760 skb_queue_purge(&chan->data_q);
2761 kfree(chan);
73d80deb
LAD		 2762}
2763
2c33c06a 2764void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 2765{
2a5a5ec6 2766 struct hci_chan *chan, *n;
73d80deb 2767
38b3fef1 2768 BT_DBG("hcon %p", conn);
73d80deb 2769
2a5a5ec6 2770 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 2771 hci_chan_del(chan);
2772}
42c4e53e
AE		 2773
2774static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2775 __u16 handle)
2776{
2777 struct hci_chan *hchan;
2778
2779 list_for_each_entry(hchan, &hcon->chan_list, list) {
2780 if (hchan->handle == handle)
2781 return hchan;
2782 }
2783
2784 return NULL;
2785}
2786
2787struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2788{
2789 struct hci_conn_hash *h = &hdev->conn_hash;
2790 struct hci_conn *hcon;
2791 struct hci_chan *hchan = NULL;
2792
2793 rcu_read_lock();
2794
2795 list_for_each_entry_rcu(hcon, &h->list, list) {
2796 hchan = __hci_chan_lookup_handle(hcon, handle);
2797 if (hchan)
2798 break;
2799 }
2800
2801 rcu_read_unlock();
2802
2803 return hchan;
2804}
eab2404b
LAD		 2805
2806u32 hci_conn_get_phy(struct hci_conn *conn)
2807{
2808 u32 phys = 0;
2809
eab2404b
LAD		 2810 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2811 * Table 6.2: Packets defined for synchronous, asynchronous, and
6397729b 2812 * CPB logical transport types.
eab2404b
LAD		 2813 */
2814 switch (conn->type) {
2815 case SCO_LINK:
2816 /* SCO logical transport (1 Mb/s):
2817 * HV1, HV2, HV3 and DV.
2818 */
2819 phys |= BT_PHY_BR_1M_1SLOT;
2820
2821 break;
2822
2823 case ACL_LINK:
2824 /* ACL logical transport (1 Mb/s) ptt=0:
2825 * DH1, DM3, DH3, DM5 and DH5.
2826 */
2827 phys |= BT_PHY_BR_1M_1SLOT;
2828
2829 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2830 phys |= BT_PHY_BR_1M_3SLOT;
2831
2832 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2833 phys |= BT_PHY_BR_1M_5SLOT;
2834
2835 /* ACL logical transport (2 Mb/s) ptt=1:
2836 * 2-DH1, 2-DH3 and 2-DH5.
2837 */
2838 if (!(conn->pkt_type & HCI_2DH1))
2839 phys |= BT_PHY_EDR_2M_1SLOT;
2840
2841 if (!(conn->pkt_type & HCI_2DH3))
2842 phys |= BT_PHY_EDR_2M_3SLOT;
2843
2844 if (!(conn->pkt_type & HCI_2DH5))
2845 phys |= BT_PHY_EDR_2M_5SLOT;
2846
2847 /* ACL logical transport (3 Mb/s) ptt=1:
2848 * 3-DH1, 3-DH3 and 3-DH5.
2849 */
2850 if (!(conn->pkt_type & HCI_3DH1))
2851 phys |= BT_PHY_EDR_3M_1SLOT;
2852
2853 if (!(conn->pkt_type & HCI_3DH3))
2854 phys |= BT_PHY_EDR_3M_3SLOT;
2855
2856 if (!(conn->pkt_type & HCI_3DH5))
2857 phys |= BT_PHY_EDR_3M_5SLOT;
2858
2859 break;
2860
2861 case ESCO_LINK:
2862 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2863 phys |= BT_PHY_BR_1M_1SLOT;
2864
2865 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2866 phys |= BT_PHY_BR_1M_3SLOT;
2867
2868 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2869 if (!(conn->pkt_type & ESCO_2EV3))
2870 phys |= BT_PHY_EDR_2M_1SLOT;
2871
2872 if (!(conn->pkt_type & ESCO_2EV5))
2873 phys |= BT_PHY_EDR_2M_3SLOT;
2874
2875 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2876 if (!(conn->pkt_type & ESCO_3EV3))
2877 phys |= BT_PHY_EDR_3M_1SLOT;
2878
2879 if (!(conn->pkt_type & ESCO_3EV5))
2880 phys |= BT_PHY_EDR_3M_3SLOT;
2881
2882 break;
2883
2884 case LE_LINK:
2885 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2886 phys |= BT_PHY_LE_1M_TX;
2887
2888 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2889 phys |= BT_PHY_LE_1M_RX;
2890
2891 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2892 phys |= BT_PHY_LE_2M_TX;
2893
2894 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2895 phys |= BT_PHY_LE_2M_RX;
2896
2897 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2898 phys |= BT_PHY_LE_CODED_TX;
2899
2900 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2901 phys |= BT_PHY_LE_CODED_RX;
2902
2903 break;
2904 }
2905
eab2404b
LAD		 2906 return phys;
2907}
1a942de0 2908
a13f316e 2909static int abort_conn_sync(struct hci_dev *hdev, void *data)
1a942de0 2910{
a13f316e 2911 struct hci_conn *conn;
a1f6c3ae 2912 u16 handle = PTR_UINT(data);
1a942de0 2913
a13f316e
LAD		 2914 conn = hci_conn_hash_lookup_handle(hdev, handle);
2915 if (!conn)
b62e7220
LAD		 2916 return 0;
2917
a13f316e
LAD		 2918 return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2919}
1a942de0 2920
a13f316e
LAD		 2921int hci_abort_conn(struct hci_conn *conn, u8 reason)
2922{
2923 struct hci_dev *hdev = conn->hdev;
1a942de0 2924
a13f316e
LAD		 2925 /* If abort_reason has already been set it means the connection is
2926 * already being aborted so don't attempt to overwrite it.
2927 */
2928 if (conn->abort_reason)
2929 return 0;
1a942de0 2930
a13f316e 2931 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
1a942de0 2932
a13f316e 2933 conn->abort_reason = reason;
1a942de0 2934
a13f316e
LAD		 2935 /* If the connection is pending check the command opcode since that
2936 * might be blocking on hci_cmd_sync_work while waiting its respective
2937 * event so we need to hci_cmd_sync_cancel to cancel it.
04a51d61
LAD		 2938 *
2939 * hci_connect_le serializes the connection attempts so only one
2940 * connection can be in BT_CONNECT at time.
a13f316e
LAD		 2941 */
2942 if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2943 switch (hci_skb_event(hdev->sent_cmd)) {
2944 case HCI_EV_LE_CONN_COMPLETE:
2945 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2946 case HCI_EVT_LE_CIS_ESTABLISHED:
2947 hci_cmd_sync_cancel(hdev, -ECANCELED);
2948 break;
1a942de0 2949 }
1a942de0
BG		 2950 }
2951
a1f6c3ae 2952 return hci_cmd_sync_queue(hdev, abort_conn_sync, UINT_PTR(conn->handle),
a13f316e 2953 NULL);
1a942de0 2954}
Linux 6.x block layer and io_uring tree(s)