[linux-2.6-block.git] / net / bluetooth / hci_conn.c

/* 
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI connection handling. */

#include <linux/module.h>

#include <linux/types.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/interrupt.h>
#include <linux/notifier.h>
#include <net/sock.h>

#include <asm/system.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

#ifndef CONFIG_BT_HCI_CORE_DEBUG
#undef  BT_DBG
#define BT_DBG(D...)
#endif

void hci_acl_connect(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;
	struct inquiry_entry *ie;
	struct hci_cp_create_conn cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out   = 1;
	conn->link_mode = HCI_LM_MASTER;

	conn->attempt++;

	memset(&cp, 0, sizeof(cp));
	bacpy(&cp.bdaddr, &conn->dst);
	cp.pscan_rep_mode = 0x02;

	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
			inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
		cp.pscan_rep_mode = ie->data.pscan_rep_mode;
		cp.pscan_mode     = ie->data.pscan_mode;
		cp.clock_offset   = ie->data.clock_offset | __cpu_to_le16(0x8000);
		memcpy(conn->dev_class, ie->data.dev_class, 3);
	}

	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
		cp.role_switch	= 0x01;
	else
		cp.role_switch	= 0x00;

	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
}

static void hci_acl_connect_cancel(struct hci_conn *conn)
{
	struct hci_cp_create_conn_cancel cp;

	BT_DBG("%p", conn);

	if (conn->hdev->hci_ver < 2)
		return;

	bacpy(&cp.bdaddr, &conn->dst);
	hci_send_cmd(conn->hdev, OGF_LINK_CTL,
				OCF_CREATE_CONN_CANCEL, sizeof(cp), &cp);
}

void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
{
	struct hci_cp_disconnect cp;

	BT_DBG("%p", conn);

	conn->state = BT_DISCONN;

	cp.handle = __cpu_to_le16(conn->handle);
	cp.reason = reason;
	hci_send_cmd(conn->hdev, OGF_LINK_CTL,
				OCF_DISCONNECT, sizeof(cp), &cp);
}

void hci_add_sco(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_add_sco cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
	cp.handle   = __cpu_to_le16(handle);

	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp);
}

static void hci_conn_timeout(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p state %d", conn, conn->state);

	if (atomic_read(&conn->refcnt))
		return;

	hci_dev_lock(hdev);

	switch (conn->state) {
	case BT_CONNECT:
		hci_acl_connect_cancel(conn);
		break;
 	case BT_CONNECTED:
		hci_acl_disconn(conn, 0x13);
		break;
	default:
		conn->state = BT_CLOSED;
		break;
	}

	hci_dev_unlock(hdev);
}

static void hci_conn_idle(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	hci_conn_enter_sniff_mode(conn);
}

struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *conn;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
	if (!conn)
		return NULL;

	bacpy(&conn->dst, dst);
	conn->hdev   = hdev;
	conn->type   = type;
	conn->mode   = HCI_CM_ACTIVE;
	conn->state  = BT_OPEN;

	conn->power_save = 1;

	skb_queue_head_init(&conn->data_q);

	init_timer(&conn->disc_timer);
	conn->disc_timer.function = hci_conn_timeout;
	conn->disc_timer.data = (unsigned long) conn;

	init_timer(&conn->idle_timer);
	conn->idle_timer.function = hci_conn_idle;
	conn->idle_timer.data = (unsigned long) conn;

	atomic_set(&conn->refcnt, 0);

	hci_dev_hold(hdev);

	tasklet_disable(&hdev->tx_task);

	hci_conn_hash_add(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);

	hci_conn_add_sysfs(conn);

	tasklet_enable(&hdev->tx_task);

	return conn;
}

int hci_conn_del(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);

	del_timer(&conn->idle_timer);

	del_timer(&conn->disc_timer);

	if (conn->type == SCO_LINK) {
		struct hci_conn *acl = conn->link;
		if (acl) {
			acl->link = NULL;
			hci_conn_put(acl);
		}
	} else {
		struct hci_conn *sco = conn->link;
		if (sco)
			sco->link = NULL;

		/* Unacked frames */
		hdev->acl_cnt += conn->sent;
	}

	tasklet_disable(&hdev->tx_task);

	hci_conn_del_sysfs(conn);

	hci_conn_hash_del(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);

	tasklet_enable(&hdev->tx_task);

	skb_queue_purge(&conn->data_q);

	hci_dev_put(hdev);

	/* will free via device release */
	put_device(&conn->dev);

	return 0;
}

struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
{
	int use_src = bacmp(src, BDADDR_ANY);
	struct hci_dev *hdev = NULL;
	struct list_head *p;

	BT_DBG("%s -> %s", batostr(src), batostr(dst));

	read_lock_bh(&hci_dev_list_lock);

	list_for_each(p, &hci_dev_list) {
		struct hci_dev *d = list_entry(p, struct hci_dev, list);

		if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
			continue;

		/* Simple routing: 
		 *   No source address - find interface with bdaddr != dst
		 *   Source address    - find interface with bdaddr == src
		 */

		if (use_src) {
			if (!bacmp(&d->bdaddr, src)) {
				hdev = d; break;
			}
		} else {
			if (bacmp(&d->bdaddr, dst)) {
				hdev = d; break;
			}
		}
	}

	if (hdev)
		hdev = hci_dev_hold(hdev);

	read_unlock_bh(&hci_dev_list_lock);
	return hdev;
}
EXPORT_SYMBOL(hci_get_route);

/* Create SCO or ACL connection.
 * Device _must_ be locked */
struct hci_conn * hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *acl;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
		if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
			return NULL;
	}

	hci_conn_hold(acl);

	if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
		hci_acl_connect(acl);

	if (type == SCO_LINK) {
		struct hci_conn *sco;

		if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
			if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
				hci_conn_put(acl);
				return NULL;
			}
		}
		acl->link = sco;
		sco->link = acl;

		hci_conn_hold(sco);

		if (acl->state == BT_CONNECTED && 
				(sco->state == BT_OPEN || sco->state == BT_CLOSED))
			hci_add_sco(sco, acl->handle);

		return sco;
	} else {
		return acl;
	}
}
EXPORT_SYMBOL(hci_connect);

/* Authenticate remote device */
int hci_conn_auth(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->link_mode & HCI_LM_AUTH)
		return 1;

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_auth_requested cp;
		cp.handle = __cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_auth);

/* Enable encryption */
int hci_conn_encrypt(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->link_mode & HCI_LM_ENCRYPT)
		return 1;

	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
		return 0;

	if (hci_conn_auth(conn)) {
		struct hci_cp_set_conn_encrypt cp;
		cp.handle  = __cpu_to_le16(conn->handle);
		cp.encrypt = 1; 
		hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_encrypt);

/* Change link key */
int hci_conn_change_link_key(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_change_conn_link_key cp;
		cp.handle = __cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_change_link_key);

/* Switch role */
int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
{
	BT_DBG("conn %p", conn);

	if (!role && conn->link_mode & HCI_LM_MASTER)
		return 1;

	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
		struct hci_cp_switch_role cp;
		bacpy(&cp.bdaddr, &conn->dst);
		cp.role = role;
		hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_switch_role);

/* Enter active mode */
void hci_conn_enter_active_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
		goto timer;

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_exit_sniff_mode cp;
		cp.handle = __cpu_to_le16(conn->handle);
		hci_send_cmd(hdev, OGF_LINK_POLICY,
				OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp);
	}

timer:
	if (hdev->idle_timeout > 0)
		mod_timer(&conn->idle_timer,
			jiffies + msecs_to_jiffies(hdev->idle_timeout));
}

/* Enter sniff mode */
void hci_conn_enter_sniff_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
		return;

	if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
		return;

	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
		struct hci_cp_sniff_subrate cp;
		cp.handle             = __cpu_to_le16(conn->handle);
		cp.max_latency        = __constant_cpu_to_le16(0);
		cp.min_remote_timeout = __constant_cpu_to_le16(0);
		cp.min_local_timeout  = __constant_cpu_to_le16(0);
		hci_send_cmd(hdev, OGF_LINK_POLICY,
				OCF_SNIFF_SUBRATE, sizeof(cp), &cp);
	}

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_sniff_mode cp;
		cp.handle       = __cpu_to_le16(conn->handle);
		cp.max_interval = __cpu_to_le16(hdev->sniff_max_interval);
		cp.min_interval = __cpu_to_le16(hdev->sniff_min_interval);
		cp.attempt      = __constant_cpu_to_le16(4);
		cp.timeout      = __constant_cpu_to_le16(1);
		hci_send_cmd(hdev, OGF_LINK_POLICY,
				OCF_SNIFF_MODE, sizeof(cp), &cp);
	}
}

/* Drop all connection on the device */
void hci_conn_hash_flush(struct hci_dev *hdev)
{
	struct hci_conn_hash *h = &hdev->conn_hash;
	struct list_head *p;

	BT_DBG("hdev %s", hdev->name);

	p = h->list.next;
	while (p != &h->list) {
		struct hci_conn *c;

		c = list_entry(p, struct hci_conn, list);
		p = p->next;

		c->state = BT_CLOSED;

		hci_proto_disconn_ind(c, 0x16);
		hci_conn_del(c);
	}
}

int hci_get_conn_list(void __user *arg)
{
	struct hci_conn_list_req req, *cl;
	struct hci_conn_info *ci;
	struct hci_dev *hdev;
	struct list_head *p;
	int n = 0, size, err;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
		return -EINVAL;

	size = sizeof(req) + req.conn_num * sizeof(*ci);

	if (!(cl = kmalloc(size, GFP_KERNEL)))
		return -ENOMEM;

	if (!(hdev = hci_dev_get(req.dev_id))) {
		kfree(cl);
		return -ENODEV;
	}

	ci = cl->conn_info;

	hci_dev_lock_bh(hdev);
	list_for_each(p, &hdev->conn_hash.list) {
		register struct hci_conn *c;
		c = list_entry(p, struct hci_conn, list);

		bacpy(&(ci + n)->bdaddr, &c->dst);
		(ci + n)->handle = c->handle;
		(ci + n)->type  = c->type;
		(ci + n)->out   = c->out;
		(ci + n)->state = c->state;
		(ci + n)->link_mode = c->link_mode;
		if (++n >= req.conn_num)
			break;
	}
	hci_dev_unlock_bh(hdev);

	cl->dev_id = hdev->id;
	cl->conn_num = n;
	size = sizeof(req) + n * sizeof(*ci);

	hci_dev_put(hdev);

	err = copy_to_user(arg, cl, size);
	kfree(cl);

	return err ? -EFAULT : 0;
}

int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_conn_info_req req;
	struct hci_conn_info ci;
	struct hci_conn *conn;
	char __user *ptr = arg + sizeof(req);

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	hci_dev_lock_bh(hdev);
	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	if (conn) {
		bacpy(&ci.bdaddr, &conn->dst);
		ci.handle = conn->handle;
		ci.type  = conn->type;
		ci.out   = conn->out;
		ci.state = conn->state;
		ci.link_mode = conn->link_mode;
	}
	hci_dev_unlock_bh(hdev);

	if (!conn)
		return -ENOENT;

	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	19
	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI connection handling. */
	26
1da177e4 LT	27	#include <linux/module.h>
	28
	29	#include <linux/types.h>
	30	#include <linux/errno.h>
	31	#include <linux/kernel.h>
1da177e4 LT	32	#include <linux/sched.h>
	33	#include <linux/slab.h>
	34	#include <linux/poll.h>
	35	#include <linux/fcntl.h>
	36	#include <linux/init.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/interrupt.h>
	39	#include <linux/notifier.h>
	40	#include <net/sock.h>
	41
	42	#include <asm/system.h>
	43	#include <asm/uaccess.h>
	44	#include <asm/unaligned.h>
	45
	46	#include <net/bluetooth/bluetooth.h>
	47	#include <net/bluetooth/hci_core.h>
	48
	49	#ifndef CONFIG_BT_HCI_CORE_DEBUG
	50	#undef BT_DBG
	51	#define BT_DBG(D...)
	52	#endif
	53
4c67bc74	54	void hci_acl_connect(struct hci_conn *conn)
1da177e4 LT	55	{
	56	struct hci_dev *hdev = conn->hdev;
	57	struct inquiry_entry *ie;
	58	struct hci_cp_create_conn cp;
	59
	60	BT_DBG("%p", conn);
	61
	62	conn->state = BT_CONNECT;
	63	conn->out = 1;
	64	conn->link_mode = HCI_LM_MASTER;
	65
4c67bc74 MH	66	conn->attempt++;
4c67bc74 MH	67
1da177e4 LT	68	memset(&cp, 0, sizeof(cp));
	69	bacpy(&cp.bdaddr, &conn->dst);
	70	cp.pscan_rep_mode = 0x02;
	71
	72	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
	73	inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
	74	cp.pscan_rep_mode = ie->data.pscan_rep_mode;
	75	cp.pscan_mode = ie->data.pscan_mode;
	76	cp.clock_offset = ie->data.clock_offset \| __cpu_to_le16(0x8000);
	77	memcpy(conn->dev_class, ie->data.dev_class, 3);
	78	}
	79
	80	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
	81	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
	82	cp.role_switch = 0x01;
	83	else
	84	cp.role_switch = 0x00;
4c67bc74	85
1da177e4 LT	86	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
	87	}
	88
6ac59344 MH	89	static void hci_acl_connect_cancel(struct hci_conn *conn)
	90	{
	91	struct hci_cp_create_conn_cancel cp;
	92
	93	BT_DBG("%p", conn);
	94
	95	if (conn->hdev->hci_ver < 2)
	96	return;
	97
	98	bacpy(&cp.bdaddr, &conn->dst);
	99	hci_send_cmd(conn->hdev, OGF_LINK_CTL,
	100	OCF_CREATE_CONN_CANCEL, sizeof(cp), &cp);
	101	}
	102
1da177e4 LT	103	void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
	104	{
	105	struct hci_cp_disconnect cp;
	106
	107	BT_DBG("%p", conn);
	108
	109	conn->state = BT_DISCONN;
	110
	111	cp.handle = __cpu_to_le16(conn->handle);
	112	cp.reason = reason;
6ac59344 MH	113	hci_send_cmd(conn->hdev, OGF_LINK_CTL,
6ac59344 MH	114	OCF_DISCONNECT, sizeof(cp), &cp);
1da177e4 LT	115	}
	116
	117	void hci_add_sco(struct hci_conn *conn, __u16 handle)
	118	{
	119	struct hci_dev *hdev = conn->hdev;
	120	struct hci_cp_add_sco cp;
	121
	122	BT_DBG("%p", conn);
	123
	124	conn->state = BT_CONNECT;
	125	conn->out = 1;
	126
	127	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
	128	cp.handle = __cpu_to_le16(handle);
	129
	130	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp);
	131	}
	132
	133	static void hci_conn_timeout(unsigned long arg)
	134	{
04837f64 MH	135	struct hci_conn conn = (void ) arg;
04837f64 MH	136	struct hci_dev *hdev = conn->hdev;
1da177e4 LT	137
	138	BT_DBG("conn %p state %d", conn, conn->state);
	139
	140	if (atomic_read(&conn->refcnt))
	141	return;
	142
	143	hci_dev_lock(hdev);
6ac59344 MH	144
	145	switch (conn->state) {
	146	case BT_CONNECT:
	147	hci_acl_connect_cancel(conn);
	148	break;
	149	case BT_CONNECTED:
1da177e4	150	hci_acl_disconn(conn, 0x13);
6ac59344 MH	151	break;
6ac59344 MH	152	default:
1da177e4	153	conn->state = BT_CLOSED;
6ac59344 MH	154	break;
	155	}
	156
1da177e4	157	hci_dev_unlock(hdev);
1da177e4 LT	158	}
1da177e4 LT	159
04837f64	160	static void hci_conn_idle(unsigned long arg)
1da177e4	161	{
04837f64 MH	162	struct hci_conn conn = (void ) arg;
	163
	164	BT_DBG("conn %p mode %d", conn, conn->mode);
	165
	166	hci_conn_enter_sniff_mode(conn);
1da177e4 LT	167	}
	168
	169	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
	170	{
	171	struct hci_conn *conn;
	172
	173	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	174
04837f64 MH	175	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
04837f64 MH	176	if (!conn)
1da177e4	177	return NULL;
1da177e4 LT	178
1da177e4 LT	179	bacpy(&conn->dst, dst);
1da177e4	180	conn->hdev = hdev;
04837f64 MH	181	conn->type = type;
04837f64 MH	182	conn->mode = HCI_CM_ACTIVE;
1da177e4 LT	183	conn->state = BT_OPEN;
1da177e4 LT	184
04837f64 MH	185	conn->power_save = 1;
04837f64 MH	186
1da177e4	187	skb_queue_head_init(&conn->data_q);
04837f64 MH	188
	189	init_timer(&conn->disc_timer);
	190	conn->disc_timer.function = hci_conn_timeout;
	191	conn->disc_timer.data = (unsigned long) conn;
	192
	193	init_timer(&conn->idle_timer);
	194	conn->idle_timer.function = hci_conn_idle;
	195	conn->idle_timer.data = (unsigned long) conn;
1da177e4 LT	196
	197	atomic_set(&conn->refcnt, 0);
	198
	199	hci_dev_hold(hdev);
	200
	201	tasklet_disable(&hdev->tx_task);
	202
	203	hci_conn_hash_add(hdev, conn);
	204	if (hdev->notify)
	205	hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
	206
b219e3ac MH	207	hci_conn_add_sysfs(conn);
b219e3ac MH	208
1da177e4 LT	209	tasklet_enable(&hdev->tx_task);
	210
	211	return conn;
	212	}
	213
	214	int hci_conn_del(struct hci_conn *conn)
	215	{
	216	struct hci_dev *hdev = conn->hdev;
	217
	218	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
	219
04837f64 MH	220	del_timer(&conn->idle_timer);
	221
	222	del_timer(&conn->disc_timer);
1da177e4 LT	223
	224	if (conn->type == SCO_LINK) {
	225	struct hci_conn *acl = conn->link;
	226	if (acl) {
	227	acl->link = NULL;
	228	hci_conn_put(acl);
	229	}
	230	} else {
	231	struct hci_conn *sco = conn->link;
	232	if (sco)
	233	sco->link = NULL;
	234
	235	/* Unacked frames */
	236	hdev->acl_cnt += conn->sent;
	237	}
	238
	239	tasklet_disable(&hdev->tx_task);
	240
b219e3ac MH	241	hci_conn_del_sysfs(conn);
b219e3ac MH	242
1da177e4 LT	243	hci_conn_hash_del(hdev, conn);
	244	if (hdev->notify)
	245	hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
	246
	247	tasklet_enable(&hdev->tx_task);
	248
	249	skb_queue_purge(&conn->data_q);
	250
	251	hci_dev_put(hdev);
	252
b219e3ac MH	253	/* will free via device release */
	254	put_device(&conn->dev);
	255
1da177e4 LT	256	return 0;
	257	}
	258
	259	struct hci_dev hci_get_route(bdaddr_t dst, bdaddr_t *src)
	260	{
	261	int use_src = bacmp(src, BDADDR_ANY);
	262	struct hci_dev *hdev = NULL;
	263	struct list_head *p;
	264
	265	BT_DBG("%s -> %s", batostr(src), batostr(dst));
	266
	267	read_lock_bh(&hci_dev_list_lock);
	268
	269	list_for_each(p, &hci_dev_list) {
	270	struct hci_dev *d = list_entry(p, struct hci_dev, list);
	271
	272	if (!test_bit(HCI_UP, &d->flags) \|\| test_bit(HCI_RAW, &d->flags))
	273	continue;
	274
	275	/* Simple routing:
	276	* No source address - find interface with bdaddr != dst
	277	* Source address - find interface with bdaddr == src
	278	*/
	279
	280	if (use_src) {
	281	if (!bacmp(&d->bdaddr, src)) {
	282	hdev = d; break;
	283	}
	284	} else {
	285	if (bacmp(&d->bdaddr, dst)) {
	286	hdev = d; break;
	287	}
	288	}
	289	}
	290
	291	if (hdev)
	292	hdev = hci_dev_hold(hdev);
	293
	294	read_unlock_bh(&hci_dev_list_lock);
	295	return hdev;
	296	}
	297	EXPORT_SYMBOL(hci_get_route);
	298
	299	/* Create SCO or ACL connection.
	300	* Device _must_ be locked */
	301	struct hci_conn * hci_connect(struct hci_dev hdev, int type, bdaddr_t dst)
	302	{
	303	struct hci_conn *acl;
	304
	305	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	306
	307	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
	308	if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
	309	return NULL;
	310	}
	311
	312	hci_conn_hold(acl);
	313
	314	if (acl->state == BT_OPEN \|\| acl->state == BT_CLOSED)
	315	hci_acl_connect(acl);
	316
	317	if (type == SCO_LINK) {
	318	struct hci_conn *sco;
	319
320	if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
321	if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
322	hci_conn_put(acl);
323	return NULL;
324	}
325	}
326	acl->link = sco;
327	sco->link = acl;
328
329	hci_conn_hold(sco);
330
331	if (acl->state == BT_CONNECTED &&
332	(sco->state == BT_OPEN \|\| sco->state == BT_CLOSED))
333	hci_add_sco(sco, acl->handle);
334
335	return sco;
336	} else {
337	return acl;
338	}
339	}
340	EXPORT_SYMBOL(hci_connect);
341
342	/* Authenticate remote device */
343	int hci_conn_auth(struct hci_conn *conn)
344	{
345	BT_DBG("conn %p", conn);
346
347	if (conn->link_mode & HCI_LM_AUTH)
348	return 1;
349
350	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
351	struct hci_cp_auth_requested cp;
352	cp.handle = __cpu_to_le16(conn->handle);
353	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp);
354	}
355	return 0;
356	}
357	EXPORT_SYMBOL(hci_conn_auth);
358
359	/* Enable encryption */
360	int hci_conn_encrypt(struct hci_conn *conn)
361	{
362	BT_DBG("conn %p", conn);
363
364	if (conn->link_mode & HCI_LM_ENCRYPT)
365	return 1;
366
367	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
368	return 0;
369
370	if (hci_conn_auth(conn)) {
371	struct hci_cp_set_conn_encrypt cp;
372	cp.handle = __cpu_to_le16(conn->handle);
373	cp.encrypt = 1;
374	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
375	}
376	return 0;
377	}
378	EXPORT_SYMBOL(hci_conn_encrypt);
379
380	/* Change link key */
381	int hci_conn_change_link_key(struct hci_conn *conn)
382	{
383	BT_DBG("conn %p", conn);
384
385	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
386	struct hci_cp_change_conn_link_key cp;
387	cp.handle = __cpu_to_le16(conn->handle);
388	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
389	}
390	return 0;
391	}
392	EXPORT_SYMBOL(hci_conn_change_link_key);
393
394	/* Switch role */
395	int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
396	{
397	BT_DBG("conn %p", conn);
398
399	if (!role && conn->link_mode & HCI_LM_MASTER)
400	return 1;
401
402	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
403	struct hci_cp_switch_role cp;
404	bacpy(&cp.bdaddr, &conn->dst);
405	cp.role = role;
406	hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp);
407	}
408	return 0;
409	}
410	EXPORT_SYMBOL(hci_conn_switch_role);
411
04837f64 MH	412	/* Enter active mode */
	413	void hci_conn_enter_active_mode(struct hci_conn *conn)
	414	{
	415	struct hci_dev *hdev = conn->hdev;
	416
	417	BT_DBG("conn %p mode %d", conn, conn->mode);
	418
	419	if (test_bit(HCI_RAW, &hdev->flags))
	420	return;
	421
	422	if (conn->mode != HCI_CM_SNIFF \|\| !conn->power_save)
	423	goto timer;
	424
	425	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	426	struct hci_cp_exit_sniff_mode cp;
	427	cp.handle = __cpu_to_le16(conn->handle);
	428	hci_send_cmd(hdev, OGF_LINK_POLICY,
	429	OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp);
	430	}
	431
	432	timer:
	433	if (hdev->idle_timeout > 0)
	434	mod_timer(&conn->idle_timer,
	435	jiffies + msecs_to_jiffies(hdev->idle_timeout));
	436	}
	437
	438	/* Enter sniff mode */
	439	void hci_conn_enter_sniff_mode(struct hci_conn *conn)
	440	{
	441	struct hci_dev *hdev = conn->hdev;
	442
	443	BT_DBG("conn %p mode %d", conn, conn->mode);
	444
	445	if (test_bit(HCI_RAW, &hdev->flags))
	446	return;
	447
	448	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))
	449	return;
	450
	451	if (conn->mode != HCI_CM_ACTIVE \|\| !(conn->link_policy & HCI_LP_SNIFF))
	452	return;
	453
	454	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
	455	struct hci_cp_sniff_subrate cp;
	456	cp.handle = __cpu_to_le16(conn->handle);
	457	cp.max_latency = __constant_cpu_to_le16(0);
	458	cp.min_remote_timeout = __constant_cpu_to_le16(0);
	459	cp.min_local_timeout = __constant_cpu_to_le16(0);
	460	hci_send_cmd(hdev, OGF_LINK_POLICY,
	461	OCF_SNIFF_SUBRATE, sizeof(cp), &cp);
	462	}
	463
	464	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	465	struct hci_cp_sniff_mode cp;
	466	cp.handle = __cpu_to_le16(conn->handle);
	467	cp.max_interval = __cpu_to_le16(hdev->sniff_max_interval);
	468	cp.min_interval = __cpu_to_le16(hdev->sniff_min_interval);
	469	cp.attempt = __constant_cpu_to_le16(4);
	470	cp.timeout = __constant_cpu_to_le16(1);
	471	hci_send_cmd(hdev, OGF_LINK_POLICY,
	472	OCF_SNIFF_MODE, sizeof(cp), &cp);
	473	}
	474	}
	475
1da177e4 LT	476	/* Drop all connection on the device */
	477	void hci_conn_hash_flush(struct hci_dev *hdev)
	478	{
	479	struct hci_conn_hash *h = &hdev->conn_hash;
	480	struct list_head *p;
	481
	482	BT_DBG("hdev %s", hdev->name);
	483
	484	p = h->list.next;
	485	while (p != &h->list) {
	486	struct hci_conn *c;
	487
	488	c = list_entry(p, struct hci_conn, list);
	489	p = p->next;
	490
	491	c->state = BT_CLOSED;
	492
	493	hci_proto_disconn_ind(c, 0x16);
	494	hci_conn_del(c);
	495	}
	496	}
	497
	498	int hci_get_conn_list(void __user *arg)
	499	{
	500	struct hci_conn_list_req req, *cl;
	501	struct hci_conn_info *ci;
	502	struct hci_dev *hdev;
	503	struct list_head *p;
	504	int n = 0, size, err;
	505
	506	if (copy_from_user(&req, arg, sizeof(req)))
	507	return -EFAULT;
	508
	509	if (!req.conn_num \|\| req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
	510	return -EINVAL;
	511
	512	size = sizeof(req) + req.conn_num * sizeof(*ci);
	513
12fe2c58	514	if (!(cl = kmalloc(size, GFP_KERNEL)))
1da177e4 LT	515	return -ENOMEM;
	516
	517	if (!(hdev = hci_dev_get(req.dev_id))) {
	518	kfree(cl);
	519	return -ENODEV;
	520	}
	521
	522	ci = cl->conn_info;
	523
	524	hci_dev_lock_bh(hdev);
	525	list_for_each(p, &hdev->conn_hash.list) {
	526	register struct hci_conn *c;
	527	c = list_entry(p, struct hci_conn, list);
	528
	529	bacpy(&(ci + n)->bdaddr, &c->dst);
	530	(ci + n)->handle = c->handle;
	531	(ci + n)->type = c->type;
	532	(ci + n)->out = c->out;
	533	(ci + n)->state = c->state;
	534	(ci + n)->link_mode = c->link_mode;
	535	if (++n >= req.conn_num)
	536	break;
	537	}
	538	hci_dev_unlock_bh(hdev);
	539
	540	cl->dev_id = hdev->id;
	541	cl->conn_num = n;
	542	size = sizeof(req) + n * sizeof(*ci);
	543
	544	hci_dev_put(hdev);
	545
	546	err = copy_to_user(arg, cl, size);
	547	kfree(cl);
	548
	549	return err ? -EFAULT : 0;
	550	}
	551
	552	int hci_get_conn_info(struct hci_dev hdev, void __user arg)
	553	{
	554	struct hci_conn_info_req req;
	555	struct hci_conn_info ci;
	556	struct hci_conn *conn;
	557	char __user *ptr = arg + sizeof(req);
	558
	559	if (copy_from_user(&req, arg, sizeof(req)))
	560	return -EFAULT;
	561
	562	hci_dev_lock_bh(hdev);
	563	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	564	if (conn) {
	565	bacpy(&ci.bdaddr, &conn->dst);
	566	ci.handle = conn->handle;
	567	ci.type = conn->type;
	568	ci.out = conn->out;
	569	ci.state = conn->state;
	570	ci.link_mode = conn->link_mode;
	571	}
	572	hci_dev_unlock_bh(hdev);
	573
	574	if (!conn)
	575	return -ENOENT;
	576
	577	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
	578	}