Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 | 2 | BlueZ - Bluetooth protocol stack for Linux |
2d0a0346 | 3 | Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. |
02171da6 | 4 | Copyright 2023-2024 NXP |
1da177e4 LT |
5 | |
6 | Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> | |
7 | ||
8 | This program is free software; you can redistribute it and/or modify | |
9 | it under the terms of the GNU General Public License version 2 as | |
10 | published by the Free Software Foundation; | |
11 | ||
12 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
13 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
14 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
15 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
16 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
17 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
18 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
19 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
20 | ||
8e87d142 YH |
21 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
22 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
23 | SOFTWARE IS DISCLAIMED. |
24 | */ | |
25 | ||
26 | /* Bluetooth HCI connection handling. */ | |
27 | ||
8c520a59 | 28 | #include <linux/export.h> |
23b9ceb7 | 29 | #include <linux/debugfs.h> |
1da177e4 LT |
30 | |
31 | #include <net/bluetooth/bluetooth.h> | |
32 | #include <net/bluetooth/hci_core.h> | |
4bc58f51 | 33 | #include <net/bluetooth/l2cap.h> |
eca0ae4a LAD |
34 | #include <net/bluetooth/iso.h> |
35 | #include <net/bluetooth/mgmt.h> | |
1da177e4 | 36 | |
0857dd3b | 37 | #include "hci_request.h" |
ac4b7236 | 38 | #include "smp.h" |
eca0ae4a | 39 | #include "eir.h" |
7024728e | 40 | |
2dea632f FD |
41 | struct sco_param { |
42 | u16 pkt_type; | |
43 | u16 max_latency; | |
c7da5797 | 44 | u8 retrans_effort; |
2dea632f FD |
45 | }; |
46 | ||
e07a06b4 BG |
47 | struct conn_handle_t { |
48 | struct hci_conn *conn; | |
49 | __u16 handle; | |
50 | }; | |
51 | ||
48e68ff5 | 52 | static const struct sco_param esco_param_cvsd[] = { |
c7da5797 JH |
53 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */ |
54 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */ | |
55 | { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */ | |
56 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */ | |
57 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */ | |
2dea632f FD |
58 | }; |
59 | ||
48e68ff5 | 60 | static const struct sco_param sco_param_cvsd[] = { |
c7da5797 JH |
61 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */ |
62 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */ | |
48e68ff5 BT |
63 | }; |
64 | ||
565766b0 | 65 | static const struct sco_param esco_param_msbc[] = { |
c7da5797 JH |
66 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */ |
67 | { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */ | |
2dea632f FD |
68 | }; |
69 | ||
f75113a2 | 70 | /* This function requires the caller holds hdev->lock */ |
881559af | 71 | void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) |
f75113a2 JP |
72 | { |
73 | struct hci_conn_params *params; | |
b5c2b621 | 74 | struct hci_dev *hdev = conn->hdev; |
f75113a2 JP |
75 | struct smp_irk *irk; |
76 | bdaddr_t *bdaddr; | |
77 | u8 bdaddr_type; | |
78 | ||
79 | bdaddr = &conn->dst; | |
80 | bdaddr_type = conn->dst_type; | |
81 | ||
82 | /* Check if we need to convert to identity address */ | |
b5c2b621 | 83 | irk = hci_get_irk(hdev, bdaddr, bdaddr_type); |
f75113a2 JP |
84 | if (irk) { |
85 | bdaddr = &irk->bdaddr; | |
86 | bdaddr_type = irk->addr_type; | |
87 | } | |
88 | ||
17bc08f0 JH |
89 | params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr, |
90 | bdaddr_type); | |
19cf60bf | 91 | if (!params) |
f75113a2 JP |
92 | return; |
93 | ||
19cf60bf LAD |
94 | if (params->conn) { |
95 | hci_conn_drop(params->conn); | |
96 | hci_conn_put(params->conn); | |
97 | params->conn = NULL; | |
98 | } | |
99 | ||
100 | if (!params->explicit_connect) | |
101 | return; | |
102 | ||
103 | /* If the status indicates successful cancellation of | |
104 | * the attempt (i.e. Unknown Connection Id) there's no point of | |
105 | * notifying failure since we'll go back to keep trying to | |
106 | * connect. The only exception is explicit connect requests | |
107 | * where a timeout + cancel does indicate an actual failure. | |
108 | */ | |
109 | if (status && status != HCI_ERROR_UNKNOWN_CONN_ID) | |
110 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | |
111 | conn->dst_type, status); | |
112 | ||
f75113a2 JP |
113 | /* The connection attempt was doing scan for new RPA, and is |
114 | * in scan phase. If params are not associated with any other | |
115 | * autoconnect action, remove them completely. If they are, just unmark | |
116 | * them as waiting for connection, by clearing explicit_connect field. | |
117 | */ | |
9ad3e6ff JH |
118 | params->explicit_connect = false; |
119 | ||
195ef75e | 120 | hci_pend_le_list_del_init(params); |
9ad3e6ff JH |
121 | |
122 | switch (params->auto_connect) { | |
123 | case HCI_AUTO_CONN_EXPLICIT: | |
b5c2b621 | 124 | hci_conn_params_del(hdev, bdaddr, bdaddr_type); |
9ad3e6ff JH |
125 | /* return instead of break to avoid duplicate scan update */ |
126 | return; | |
127 | case HCI_AUTO_CONN_DIRECT: | |
128 | case HCI_AUTO_CONN_ALWAYS: | |
195ef75e | 129 | hci_pend_le_list_add(params, &hdev->pend_le_conns); |
9ad3e6ff JH |
130 | break; |
131 | case HCI_AUTO_CONN_REPORT: | |
195ef75e | 132 | hci_pend_le_list_add(params, &hdev->pend_le_reports); |
9ad3e6ff JH |
133 | break; |
134 | default: | |
135 | break; | |
168b8a25 | 136 | } |
9ad3e6ff | 137 | |
5bee2fd6 | 138 | hci_update_passive_scan(hdev); |
f75113a2 JP |
139 | } |
140 | ||
b958f9a3 JH |
141 | static void hci_conn_cleanup(struct hci_conn *conn) |
142 | { | |
143 | struct hci_dev *hdev = conn->hdev; | |
144 | ||
145 | if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags)) | |
146 | hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type); | |
147 | ||
629f66aa AM |
148 | if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) |
149 | hci_remove_link_key(hdev, &conn->dst); | |
150 | ||
b958f9a3 JH |
151 | hci_chan_list_flush(conn); |
152 | ||
153 | hci_conn_hash_del(hdev, conn); | |
154 | ||
181a42ed ZX |
155 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) |
156 | ida_free(&hdev->unset_handle_ida, conn->handle); | |
157 | ||
26afbd82 LAD |
158 | if (conn->cleanup) |
159 | conn->cleanup(conn); | |
160 | ||
1f8330ea SN |
161 | if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { |
162 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
163 | case SCO_AIRMODE_CVSD: | |
164 | case SCO_AIRMODE_TRANSP: | |
165 | if (hdev->notify) | |
166 | hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO); | |
167 | break; | |
168 | } | |
169 | } else { | |
170 | if (hdev->notify) | |
171 | hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); | |
172 | } | |
b958f9a3 | 173 | |
b958f9a3 JH |
174 | debugfs_remove_recursive(conn->debugfs); |
175 | ||
a85fb91e | 176 | hci_conn_del_sysfs(conn); |
b958f9a3 | 177 | |
a85fb91e | 178 | hci_dev_put(hdev); |
b958f9a3 JH |
179 | } |
180 | ||
e3b679d5 | 181 | int hci_disconnect(struct hci_conn *conn, __u8 reason) |
1da177e4 | 182 | { |
38b3fef1 | 183 | BT_DBG("hcon %p", conn); |
1da177e4 | 184 | |
74be523c | 185 | /* When we are central of an established connection and it enters |
839035a7 JH |
186 | * the disconnect timeout, then go ahead and try to read the |
187 | * current clock offset. Processing of the result is done | |
188 | * within the event handling and hci_clock_offset_evt function. | |
189 | */ | |
88d07feb JH |
190 | if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER && |
191 | (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) { | |
839035a7 | 192 | struct hci_dev *hdev = conn->hdev; |
4f639ede | 193 | struct hci_cp_read_clock_offset clkoff_cp; |
839035a7 | 194 | |
4f639ede FF |
195 | clkoff_cp.handle = cpu_to_le16(conn->handle); |
196 | hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp), | |
197 | &clkoff_cp); | |
839035a7 JH |
198 | } |
199 | ||
88d07feb | 200 | return hci_abort_conn(conn, reason); |
1da177e4 LT |
201 | } |
202 | ||
57f5d0d1 | 203 | static void hci_add_sco(struct hci_conn *conn, __u16 handle) |
1da177e4 LT |
204 | { |
205 | struct hci_dev *hdev = conn->hdev; | |
206 | struct hci_cp_add_sco cp; | |
207 | ||
38b3fef1 | 208 | BT_DBG("hcon %p", conn); |
1da177e4 LT |
209 | |
210 | conn->state = BT_CONNECT; | |
a0c808b3 | 211 | conn->out = true; |
1da177e4 | 212 | |
efc7688b MH |
213 | conn->attempt++; |
214 | ||
aca3192c | 215 | cp.handle = cpu_to_le16(handle); |
a8746417 | 216 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
1da177e4 | 217 | |
a9de9248 | 218 | hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); |
1da177e4 LT |
219 | } |
220 | ||
8b1c324c YL |
221 | static bool find_next_esco_param(struct hci_conn *conn, |
222 | const struct sco_param *esco_param, int size) | |
223 | { | |
06149746 LAD |
224 | if (!conn->parent) |
225 | return false; | |
226 | ||
8b1c324c | 227 | for (; conn->attempt <= size; conn->attempt++) { |
06149746 | 228 | if (lmp_esco_2m_capable(conn->parent) || |
8b1c324c YL |
229 | (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3)) |
230 | break; | |
231 | BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported", | |
232 | conn, conn->attempt); | |
233 | } | |
234 | ||
235 | return conn->attempt <= size; | |
236 | } | |
237 | ||
e07a06b4 | 238 | static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec) |
b2af264a | 239 | { |
e07a06b4 BG |
240 | int err; |
241 | __u8 vnd_len, *vnd_data = NULL; | |
242 | struct hci_op_configure_data_path *cmd = NULL; | |
243 | ||
132d0fd0 ZH |
244 | if (!codec->data_path || !hdev->get_codec_config_data) |
245 | return 0; | |
246 | ||
247 | /* Do not take me as error */ | |
248 | if (!hdev->get_codec_config_data) | |
249 | return 0; | |
250 | ||
e07a06b4 BG |
251 | err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len, |
252 | &vnd_data); | |
253 | if (err < 0) | |
254 | goto error; | |
255 | ||
256 | cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL); | |
257 | if (!cmd) { | |
258 | err = -ENOMEM; | |
259 | goto error; | |
260 | } | |
261 | ||
262 | err = hdev->get_data_path_id(hdev, &cmd->data_path_id); | |
263 | if (err < 0) | |
264 | goto error; | |
265 | ||
266 | cmd->vnd_len = vnd_len; | |
267 | memcpy(cmd->vnd_data, vnd_data, vnd_len); | |
268 | ||
269 | cmd->direction = 0x00; | |
270 | __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, | |
271 | sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT); | |
272 | ||
273 | cmd->direction = 0x01; | |
274 | err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, | |
275 | sizeof(*cmd) + vnd_len, cmd, | |
276 | HCI_CMD_TIMEOUT); | |
277 | error: | |
278 | ||
279 | kfree(cmd); | |
280 | kfree(vnd_data); | |
281 | return err; | |
282 | } | |
283 | ||
284 | static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data) | |
285 | { | |
286 | struct conn_handle_t *conn_handle = data; | |
287 | struct hci_conn *conn = conn_handle->conn; | |
288 | __u16 handle = conn_handle->handle; | |
b2af264a K |
289 | struct hci_cp_enhanced_setup_sync_conn cp; |
290 | const struct sco_param *param; | |
291 | ||
e07a06b4 BG |
292 | kfree(conn_handle); |
293 | ||
b2af264a K |
294 | bt_dev_dbg(hdev, "hcon %p", conn); |
295 | ||
132d0fd0 | 296 | configure_datapath_sync(hdev, &conn->codec); |
9798fbde | 297 | |
b2af264a K |
298 | conn->state = BT_CONNECT; |
299 | conn->out = true; | |
300 | ||
301 | conn->attempt++; | |
302 | ||
303 | memset(&cp, 0x00, sizeof(cp)); | |
304 | ||
305 | cp.handle = cpu_to_le16(handle); | |
306 | ||
307 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); | |
308 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
309 | ||
310 | switch (conn->codec.id) { | |
904c139a K |
311 | case BT_CODEC_MSBC: |
312 | if (!find_next_esco_param(conn, esco_param_msbc, | |
313 | ARRAY_SIZE(esco_param_msbc))) | |
e07a06b4 | 314 | return -EINVAL; |
904c139a K |
315 | |
316 | param = &esco_param_msbc[conn->attempt - 1]; | |
317 | cp.tx_coding_format.id = 0x05; | |
318 | cp.rx_coding_format.id = 0x05; | |
319 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
320 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
321 | cp.in_bandwidth = __cpu_to_le32(32000); | |
322 | cp.out_bandwidth = __cpu_to_le32(32000); | |
323 | cp.in_coding_format.id = 0x04; | |
324 | cp.out_coding_format.id = 0x04; | |
325 | cp.in_coded_data_size = __cpu_to_le16(16); | |
326 | cp.out_coded_data_size = __cpu_to_le16(16); | |
327 | cp.in_pcm_data_format = 2; | |
328 | cp.out_pcm_data_format = 2; | |
329 | cp.in_pcm_sample_payload_msb_pos = 0; | |
330 | cp.out_pcm_sample_payload_msb_pos = 0; | |
331 | cp.in_data_path = conn->codec.data_path; | |
332 | cp.out_data_path = conn->codec.data_path; | |
333 | cp.in_transport_unit_size = 1; | |
334 | cp.out_transport_unit_size = 1; | |
335 | break; | |
336 | ||
b2af264a K |
337 | case BT_CODEC_TRANSPARENT: |
338 | if (!find_next_esco_param(conn, esco_param_msbc, | |
339 | ARRAY_SIZE(esco_param_msbc))) | |
340 | return false; | |
341 | param = &esco_param_msbc[conn->attempt - 1]; | |
342 | cp.tx_coding_format.id = 0x03; | |
343 | cp.rx_coding_format.id = 0x03; | |
344 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
345 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
346 | cp.in_bandwidth = __cpu_to_le32(0x1f40); | |
347 | cp.out_bandwidth = __cpu_to_le32(0x1f40); | |
348 | cp.in_coding_format.id = 0x03; | |
349 | cp.out_coding_format.id = 0x03; | |
350 | cp.in_coded_data_size = __cpu_to_le16(16); | |
351 | cp.out_coded_data_size = __cpu_to_le16(16); | |
352 | cp.in_pcm_data_format = 2; | |
353 | cp.out_pcm_data_format = 2; | |
354 | cp.in_pcm_sample_payload_msb_pos = 0; | |
355 | cp.out_pcm_sample_payload_msb_pos = 0; | |
356 | cp.in_data_path = conn->codec.data_path; | |
357 | cp.out_data_path = conn->codec.data_path; | |
358 | cp.in_transport_unit_size = 1; | |
359 | cp.out_transport_unit_size = 1; | |
360 | break; | |
361 | ||
362 | case BT_CODEC_CVSD: | |
06149746 | 363 | if (conn->parent && lmp_esco_capable(conn->parent)) { |
b2af264a K |
364 | if (!find_next_esco_param(conn, esco_param_cvsd, |
365 | ARRAY_SIZE(esco_param_cvsd))) | |
e07a06b4 | 366 | return -EINVAL; |
b2af264a K |
367 | param = &esco_param_cvsd[conn->attempt - 1]; |
368 | } else { | |
369 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
e07a06b4 | 370 | return -EINVAL; |
b2af264a K |
371 | param = &sco_param_cvsd[conn->attempt - 1]; |
372 | } | |
373 | cp.tx_coding_format.id = 2; | |
374 | cp.rx_coding_format.id = 2; | |
375 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
376 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
377 | cp.in_bandwidth = __cpu_to_le32(16000); | |
378 | cp.out_bandwidth = __cpu_to_le32(16000); | |
379 | cp.in_coding_format.id = 4; | |
380 | cp.out_coding_format.id = 4; | |
381 | cp.in_coded_data_size = __cpu_to_le16(16); | |
382 | cp.out_coded_data_size = __cpu_to_le16(16); | |
383 | cp.in_pcm_data_format = 2; | |
384 | cp.out_pcm_data_format = 2; | |
385 | cp.in_pcm_sample_payload_msb_pos = 0; | |
386 | cp.out_pcm_sample_payload_msb_pos = 0; | |
387 | cp.in_data_path = conn->codec.data_path; | |
388 | cp.out_data_path = conn->codec.data_path; | |
389 | cp.in_transport_unit_size = 16; | |
390 | cp.out_transport_unit_size = 16; | |
391 | break; | |
392 | default: | |
e07a06b4 | 393 | return -EINVAL; |
b2af264a K |
394 | } |
395 | ||
396 | cp.retrans_effort = param->retrans_effort; | |
397 | cp.pkt_type = __cpu_to_le16(param->pkt_type); | |
398 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
399 | ||
400 | if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
e07a06b4 | 401 | return -EIO; |
b2af264a | 402 | |
e07a06b4 | 403 | return 0; |
b2af264a K |
404 | } |
405 | ||
406 | static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle) | |
b6a0dc82 MH |
407 | { |
408 | struct hci_dev *hdev = conn->hdev; | |
409 | struct hci_cp_setup_sync_conn cp; | |
2dea632f | 410 | const struct sco_param *param; |
b6a0dc82 | 411 | |
b2af264a | 412 | bt_dev_dbg(hdev, "hcon %p", conn); |
b6a0dc82 MH |
413 | |
414 | conn->state = BT_CONNECT; | |
a0c808b3 | 415 | conn->out = true; |
b6a0dc82 | 416 | |
efc7688b MH |
417 | conn->attempt++; |
418 | ||
b6a0dc82 | 419 | cp.handle = cpu_to_le16(handle); |
b6a0dc82 | 420 | |
dcf4adbf JP |
421 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); |
422 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
10c62ddc FD |
423 | cp.voice_setting = cpu_to_le16(conn->setting); |
424 | ||
425 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
426 | case SCO_AIRMODE_TRANSP: | |
8b1c324c YL |
427 | if (!find_next_esco_param(conn, esco_param_msbc, |
428 | ARRAY_SIZE(esco_param_msbc))) | |
2dea632f | 429 | return false; |
565766b0 | 430 | param = &esco_param_msbc[conn->attempt - 1]; |
10c62ddc FD |
431 | break; |
432 | case SCO_AIRMODE_CVSD: | |
06149746 | 433 | if (conn->parent && lmp_esco_capable(conn->parent)) { |
8b1c324c YL |
434 | if (!find_next_esco_param(conn, esco_param_cvsd, |
435 | ARRAY_SIZE(esco_param_cvsd))) | |
48e68ff5 | 436 | return false; |
48e68ff5 BT |
437 | param = &esco_param_cvsd[conn->attempt - 1]; |
438 | } else { | |
439 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
440 | return false; | |
48e68ff5 BT |
441 | param = &sco_param_cvsd[conn->attempt - 1]; |
442 | } | |
10c62ddc | 443 | break; |
2dea632f FD |
444 | default: |
445 | return false; | |
10c62ddc | 446 | } |
b6a0dc82 | 447 | |
c7da5797 | 448 | cp.retrans_effort = param->retrans_effort; |
2dea632f FD |
449 | cp.pkt_type = __cpu_to_le16(param->pkt_type); |
450 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
451 | ||
452 | if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
453 | return false; | |
454 | ||
455 | return true; | |
b6a0dc82 MH |
456 | } |
457 | ||
b2af264a K |
458 | bool hci_setup_sync(struct hci_conn *conn, __u16 handle) |
459 | { | |
e07a06b4 BG |
460 | int result; |
461 | struct conn_handle_t *conn_handle; | |
462 | ||
463 | if (enhanced_sync_conn_capable(conn->hdev)) { | |
464 | conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL); | |
465 | ||
466 | if (!conn_handle) | |
467 | return false; | |
468 | ||
469 | conn_handle->conn = conn; | |
470 | conn_handle->handle = handle; | |
471 | result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync, | |
472 | conn_handle, NULL); | |
473 | if (result < 0) | |
474 | kfree(conn_handle); | |
475 | ||
476 | return result == 0; | |
477 | } | |
b2af264a K |
478 | |
479 | return hci_setup_sync_conn(conn, handle); | |
480 | } | |
481 | ||
7d6ca693 JH |
482 | u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, |
483 | u16 to_multiplier) | |
2ce603eb | 484 | { |
2ce603eb | 485 | struct hci_dev *hdev = conn->hdev; |
f044eb05 MH |
486 | struct hci_conn_params *params; |
487 | struct hci_cp_le_conn_update cp; | |
2ce603eb | 488 | |
f044eb05 | 489 | hci_dev_lock(hdev); |
2ce603eb | 490 | |
f044eb05 MH |
491 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
492 | if (params) { | |
493 | params->conn_min_interval = min; | |
494 | params->conn_max_interval = max; | |
495 | params->conn_latency = latency; | |
496 | params->supervision_timeout = to_multiplier; | |
497 | } | |
498 | ||
499 | hci_dev_unlock(hdev); | |
500 | ||
501 | memset(&cp, 0, sizeof(cp)); | |
2ce603eb CT |
502 | cp.handle = cpu_to_le16(conn->handle); |
503 | cp.conn_interval_min = cpu_to_le16(min); | |
504 | cp.conn_interval_max = cpu_to_le16(max); | |
505 | cp.conn_latency = cpu_to_le16(latency); | |
506 | cp.supervision_timeout = cpu_to_le16(to_multiplier); | |
dcf4adbf JP |
507 | cp.min_ce_len = cpu_to_le16(0x0000); |
508 | cp.max_ce_len = cpu_to_le16(0x0000); | |
2ce603eb CT |
509 | |
510 | hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); | |
7d6ca693 JH |
511 | |
512 | if (params) | |
513 | return 0x01; | |
514 | ||
515 | return 0x00; | |
2ce603eb | 516 | } |
2ce603eb | 517 | |
fe39c7b2 | 518 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, |
8b76ce34 | 519 | __u8 ltk[16], __u8 key_size) |
a7a595f6 VCG |
520 | { |
521 | struct hci_dev *hdev = conn->hdev; | |
522 | struct hci_cp_le_start_enc cp; | |
523 | ||
38b3fef1 | 524 | BT_DBG("hcon %p", conn); |
a7a595f6 VCG |
525 | |
526 | memset(&cp, 0, sizeof(cp)); | |
527 | ||
528 | cp.handle = cpu_to_le16(conn->handle); | |
fe39c7b2 | 529 | cp.rand = rand; |
a7a595f6 | 530 | cp.ediv = ediv; |
8b76ce34 | 531 | memcpy(cp.ltk, ltk, key_size); |
a7a595f6 VCG |
532 | |
533 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); | |
534 | } | |
a7a595f6 | 535 | |
e73439d8 MH |
536 | /* Device _must_ be locked */ |
537 | void hci_sco_setup(struct hci_conn *conn, __u8 status) | |
538 | { | |
06149746 | 539 | struct hci_link *link; |
e73439d8 | 540 | |
06149746 LAD |
541 | link = list_first_entry_or_null(&conn->link_list, struct hci_link, list); |
542 | if (!link || !link->conn) | |
e73439d8 MH |
543 | return; |
544 | ||
38b3fef1 AE |
545 | BT_DBG("hcon %p", conn); |
546 | ||
e73439d8 MH |
547 | if (!status) { |
548 | if (lmp_esco_capable(conn->hdev)) | |
06149746 | 549 | hci_setup_sync(link->conn, conn->handle); |
e73439d8 | 550 | else |
06149746 | 551 | hci_add_sco(link->conn, conn->handle); |
e73439d8 | 552 | } else { |
06149746 LAD |
553 | hci_connect_cfm(link->conn, status); |
554 | hci_conn_del(link->conn); | |
e73439d8 MH |
555 | } |
556 | } | |
557 | ||
19c40e3b | 558 | static void hci_conn_timeout(struct work_struct *work) |
1da177e4 | 559 | { |
19c40e3b | 560 | struct hci_conn *conn = container_of(work, struct hci_conn, |
5974e4c4 | 561 | disc_work.work); |
1d56dc4f | 562 | int refcnt = atomic_read(&conn->refcnt); |
1da177e4 | 563 | |
38b3fef1 | 564 | BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); |
1da177e4 | 565 | |
1d56dc4f LR |
566 | WARN_ON(refcnt < 0); |
567 | ||
568 | /* FIXME: It was observed that in pairing failed scenario, refcnt | |
569 | * drops below 0. Probably this is because l2cap_conn_del calls | |
570 | * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is | |
571 | * dropped. After that loop hci_chan_del is called which also drops | |
572 | * conn. For now make sure that ACL is alive if refcnt is higher then 0, | |
573 | * otherwise drop it. | |
574 | */ | |
575 | if (refcnt > 0) | |
1da177e4 LT |
576 | return; |
577 | ||
89e0ccc8 | 578 | hci_abort_conn(conn, hci_proto_disconn_ind(conn)); |
1da177e4 LT |
579 | } |
580 | ||
416dc94b | 581 | /* Enter sniff mode */ |
a74a84f6 | 582 | static void hci_conn_idle(struct work_struct *work) |
416dc94b | 583 | { |
a74a84f6 JH |
584 | struct hci_conn *conn = container_of(work, struct hci_conn, |
585 | idle_work.work); | |
416dc94b GP |
586 | struct hci_dev *hdev = conn->hdev; |
587 | ||
38b3fef1 | 588 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
416dc94b | 589 | |
416dc94b GP |
590 | if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) |
591 | return; | |
592 | ||
593 | if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) | |
594 | return; | |
595 | ||
596 | if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { | |
597 | struct hci_cp_sniff_subrate cp; | |
598 | cp.handle = cpu_to_le16(conn->handle); | |
dcf4adbf JP |
599 | cp.max_latency = cpu_to_le16(0); |
600 | cp.min_remote_timeout = cpu_to_le16(0); | |
601 | cp.min_local_timeout = cpu_to_le16(0); | |
416dc94b GP |
602 | hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); |
603 | } | |
604 | ||
51a8efd7 | 605 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
416dc94b GP |
606 | struct hci_cp_sniff_mode cp; |
607 | cp.handle = cpu_to_le16(conn->handle); | |
608 | cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); | |
609 | cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); | |
dcf4adbf JP |
610 | cp.attempt = cpu_to_le16(4); |
611 | cp.timeout = cpu_to_le16(1); | |
416dc94b GP |
612 | hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); |
613 | } | |
614 | } | |
615 | ||
7bc18d9d | 616 | static void hci_conn_auto_accept(struct work_struct *work) |
9f61656a | 617 | { |
7bc18d9d JH |
618 | struct hci_conn *conn = container_of(work, struct hci_conn, |
619 | auto_accept_work.work); | |
9f61656a | 620 | |
7bc18d9d | 621 | hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), |
5974e4c4 | 622 | &conn->dst); |
9f61656a JH |
623 | } |
624 | ||
c3bed4de SN |
625 | static void le_disable_advertising(struct hci_dev *hdev) |
626 | { | |
627 | if (ext_adv_capable(hdev)) { | |
628 | struct hci_cp_le_set_ext_adv_enable cp; | |
629 | ||
630 | cp.enable = 0x00; | |
631 | cp.num_of_sets = 0x00; | |
632 | ||
633 | hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), | |
634 | &cp); | |
635 | } else { | |
636 | u8 enable = 0x00; | |
637 | hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), | |
638 | &enable); | |
639 | } | |
640 | } | |
641 | ||
9489eca4 JH |
642 | static void le_conn_timeout(struct work_struct *work) |
643 | { | |
644 | struct hci_conn *conn = container_of(work, struct hci_conn, | |
645 | le_conn_timeout.work); | |
3c857757 | 646 | struct hci_dev *hdev = conn->hdev; |
9489eca4 JH |
647 | |
648 | BT_DBG(""); | |
649 | ||
3c857757 JH |
650 | /* We could end up here due to having done directed advertising, |
651 | * so clean up the state if necessary. This should however only | |
652 | * happen with broken hardware or if low duty cycle was used | |
653 | * (which doesn't have a timeout of its own). | |
654 | */ | |
0b1db38c | 655 | if (conn->role == HCI_ROLE_SLAVE) { |
c3bed4de SN |
656 | /* Disable LE Advertising */ |
657 | le_disable_advertising(hdev); | |
9fa6b4cd | 658 | hci_dev_lock(hdev); |
9b3628d7 | 659 | hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); |
9fa6b4cd | 660 | hci_dev_unlock(hdev); |
3c857757 JH |
661 | return; |
662 | } | |
663 | ||
89e0ccc8 | 664 | hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); |
9489eca4 JH |
665 | } |
666 | ||
6b9545dc PV |
667 | struct iso_cig_params { |
668 | struct hci_cp_le_set_cig_params cp; | |
669 | struct hci_cis_params cis[0x1f]; | |
670 | }; | |
671 | ||
eca0ae4a LAD |
672 | struct iso_list_data { |
673 | union { | |
674 | u8 cig; | |
675 | u8 big; | |
676 | }; | |
677 | union { | |
678 | u8 cis; | |
679 | u8 bis; | |
680 | u16 sync_handle; | |
681 | }; | |
682 | int count; | |
a0bfde16 | 683 | bool big_term; |
fbdc4bc4 | 684 | bool pa_sync_term; |
f777d882 | 685 | bool big_sync_term; |
eca0ae4a LAD |
686 | }; |
687 | ||
688 | static void bis_list(struct hci_conn *conn, void *data) | |
689 | { | |
690 | struct iso_list_data *d = data; | |
691 | ||
692 | /* Skip if not broadcast/ANY address */ | |
693 | if (bacmp(&conn->dst, BDADDR_ANY)) | |
694 | return; | |
695 | ||
0fe8c8d0 IT |
696 | if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET || |
697 | d->bis != conn->iso_qos.bcast.bis) | |
eca0ae4a LAD |
698 | return; |
699 | ||
700 | d->count++; | |
701 | } | |
702 | ||
eca0ae4a LAD |
703 | static int terminate_big_sync(struct hci_dev *hdev, void *data) |
704 | { | |
705 | struct iso_list_data *d = data; | |
706 | ||
707 | bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis); | |
708 | ||
a254b90c | 709 | hci_disable_per_advertising_sync(hdev, d->bis); |
eca0ae4a LAD |
710 | hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL); |
711 | ||
a0bfde16 IT |
712 | /* Only terminate BIG if it has been created */ |
713 | if (!d->big_term) | |
eca0ae4a LAD |
714 | return 0; |
715 | ||
716 | return hci_le_terminate_big_sync(hdev, d->big, | |
717 | HCI_ERROR_LOCAL_HOST_TERM); | |
718 | } | |
719 | ||
720 | static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err) | |
721 | { | |
722 | kfree(data); | |
723 | } | |
724 | ||
a0bfde16 | 725 | static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn) |
eca0ae4a LAD |
726 | { |
727 | struct iso_list_data *d; | |
3aa21311 | 728 | int ret; |
eca0ae4a | 729 | |
a0bfde16 IT |
730 | bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big, |
731 | conn->iso_qos.bcast.bis); | |
eca0ae4a | 732 | |
3958e877 | 733 | d = kzalloc(sizeof(*d), GFP_KERNEL); |
eca0ae4a LAD |
734 | if (!d) |
735 | return -ENOMEM; | |
736 | ||
a0bfde16 IT |
737 | d->big = conn->iso_qos.bcast.big; |
738 | d->bis = conn->iso_qos.bcast.bis; | |
739 | d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags); | |
eca0ae4a | 740 | |
3aa21311 ZS |
741 | ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d, |
742 | terminate_big_destroy); | |
743 | if (ret) | |
744 | kfree(d); | |
745 | ||
746 | return ret; | |
eca0ae4a LAD |
747 | } |
748 | ||
749 | static int big_terminate_sync(struct hci_dev *hdev, void *data) | |
750 | { | |
751 | struct iso_list_data *d = data; | |
752 | ||
753 | bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big, | |
754 | d->sync_handle); | |
755 | ||
f777d882 IT |
756 | if (d->big_sync_term) |
757 | hci_le_big_terminate_sync(hdev, d->big); | |
eca0ae4a | 758 | |
fbdc4bc4 IT |
759 | if (d->pa_sync_term) |
760 | return hci_le_pa_terminate_sync(hdev, d->sync_handle); | |
761 | ||
762 | return 0; | |
eca0ae4a LAD |
763 | } |
764 | ||
fcb89f12 IT |
765 | static void find_bis(struct hci_conn *conn, void *data) |
766 | { | |
767 | struct iso_list_data *d = data; | |
768 | ||
769 | /* Ignore if BIG doesn't match */ | |
770 | if (d->big != conn->iso_qos.bcast.big) | |
771 | return; | |
772 | ||
773 | d->count++; | |
774 | } | |
775 | ||
f777d882 | 776 | static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn) |
eca0ae4a LAD |
777 | { |
778 | struct iso_list_data *d; | |
3aa21311 | 779 | int ret; |
eca0ae4a | 780 | |
f777d882 | 781 | bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle); |
eca0ae4a | 782 | |
3958e877 | 783 | d = kzalloc(sizeof(*d), GFP_KERNEL); |
eca0ae4a LAD |
784 | if (!d) |
785 | return -ENOMEM; | |
786 | ||
fcb89f12 | 787 | memset(d, 0, sizeof(*d)); |
eca0ae4a | 788 | d->big = big; |
f777d882 | 789 | d->sync_handle = conn->sync_handle; |
fcb89f12 IT |
790 | |
791 | if (test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags)) { | |
792 | hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK, | |
793 | HCI_CONN_PA_SYNC, d); | |
794 | ||
795 | if (!d->count) | |
796 | d->pa_sync_term = true; | |
797 | ||
798 | d->count = 0; | |
799 | } | |
800 | ||
801 | if (test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags)) { | |
802 | hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK, | |
803 | HCI_CONN_BIG_SYNC, d); | |
804 | ||
805 | if (!d->count) | |
806 | d->big_sync_term = true; | |
807 | } | |
eca0ae4a | 808 | |
3aa21311 ZS |
809 | ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d, |
810 | terminate_big_destroy); | |
811 | if (ret) | |
812 | kfree(d); | |
813 | ||
814 | return ret; | |
eca0ae4a LAD |
815 | } |
816 | ||
817 | /* Cleanup BIS connection | |
818 | * | |
819 | * Detects if there any BIS left connected in a BIG | |
820 | * broadcaster: Remove advertising instance and terminate BIG. | |
821 | * broadcaster receiver: Teminate BIG sync and terminate PA sync. | |
822 | */ | |
823 | static void bis_cleanup(struct hci_conn *conn) | |
824 | { | |
825 | struct hci_dev *hdev = conn->hdev; | |
a0bfde16 | 826 | struct hci_conn *bis; |
eca0ae4a LAD |
827 | |
828 | bt_dev_dbg(hdev, "conn %p", conn); | |
829 | ||
830 | if (conn->role == HCI_ROLE_MASTER) { | |
831 | if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags)) | |
832 | return; | |
833 | ||
a0bfde16 IT |
834 | /* Check if ISO connection is a BIS and terminate advertising |
835 | * set and BIG if there are no other connections using it. | |
836 | */ | |
6a42e9bf | 837 | bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big); |
a0bfde16 IT |
838 | if (bis) |
839 | return; | |
840 | ||
841 | hci_le_terminate_big(hdev, conn); | |
eca0ae4a | 842 | } else { |
0fe8c8d0 | 843 | hci_le_big_terminate(hdev, conn->iso_qos.bcast.big, |
f777d882 | 844 | conn); |
eca0ae4a LAD |
845 | } |
846 | } | |
847 | ||
848 | static int remove_cig_sync(struct hci_dev *hdev, void *data) | |
849 | { | |
a1f6c3ae | 850 | u8 handle = PTR_UINT(data); |
eca0ae4a LAD |
851 | |
852 | return hci_le_remove_cig_sync(hdev, handle); | |
853 | } | |
854 | ||
855 | static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle) | |
856 | { | |
857 | bt_dev_dbg(hdev, "handle 0x%2.2x", handle); | |
858 | ||
a1f6c3ae LAD |
859 | return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle), |
860 | NULL); | |
eca0ae4a LAD |
861 | } |
862 | ||
863 | static void find_cis(struct hci_conn *conn, void *data) | |
864 | { | |
865 | struct iso_list_data *d = data; | |
866 | ||
31c5f916 PV |
867 | /* Ignore broadcast or if CIG don't match */ |
868 | if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig) | |
eca0ae4a LAD |
869 | return; |
870 | ||
871 | d->count++; | |
872 | } | |
873 | ||
874 | /* Cleanup CIS connection: | |
875 | * | |
876 | * Detects if there any CIS left connected in a CIG and remove it. | |
877 | */ | |
878 | static void cis_cleanup(struct hci_conn *conn) | |
879 | { | |
880 | struct hci_dev *hdev = conn->hdev; | |
881 | struct iso_list_data d; | |
882 | ||
31c5f916 PV |
883 | if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET) |
884 | return; | |
885 | ||
eca0ae4a | 886 | memset(&d, 0, sizeof(d)); |
0fe8c8d0 | 887 | d.cig = conn->iso_qos.ucast.cig; |
eca0ae4a LAD |
888 | |
889 | /* Check if ISO connection is a CIS and remove CIG if there are | |
890 | * no other connections using it. | |
891 | */ | |
6c242c64 PV |
892 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d); |
893 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d); | |
eca0ae4a LAD |
894 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d); |
895 | if (d.count) | |
896 | return; | |
897 | ||
0fe8c8d0 | 898 | hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig); |
eca0ae4a LAD |
899 | } |
900 | ||
181a42ed | 901 | static int hci_conn_hash_alloc_unset(struct hci_dev *hdev) |
9f78191c | 902 | { |
181a42ed ZX |
903 | return ida_alloc_range(&hdev->unset_handle_ida, HCI_CONN_HANDLE_MAX + 1, |
904 | U16_MAX, GFP_ATOMIC); | |
9f78191c LAD |
905 | } |
906 | ||
a5c4e309 | 907 | struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, |
181a42ed | 908 | u8 role, u16 handle) |
1da177e4 LT |
909 | { |
910 | struct hci_conn *conn; | |
911 | ||
181a42ed | 912 | bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); |
1da177e4 | 913 | |
27f70f3e | 914 | conn = kzalloc(sizeof(*conn), GFP_KERNEL); |
04837f64 | 915 | if (!conn) |
1da177e4 | 916 | return NULL; |
1da177e4 LT |
917 | |
918 | bacpy(&conn->dst, dst); | |
662e8820 | 919 | bacpy(&conn->src, &hdev->bdaddr); |
181a42ed | 920 | conn->handle = handle; |
a8746417 MH |
921 | conn->hdev = hdev; |
922 | conn->type = type; | |
a5c4e309 | 923 | conn->role = role; |
a8746417 MH |
924 | conn->mode = HCI_CM_ACTIVE; |
925 | conn->state = BT_OPEN; | |
93f19c9f | 926 | conn->auth_type = HCI_AT_GENERAL_BONDING; |
17fa4b9d | 927 | conn->io_capability = hdev->io_capability; |
a9583556 | 928 | conn->remote_auth = 0xff; |
13d39315 | 929 | conn->key_type = 0xff; |
ebf86aa3 | 930 | conn->rssi = HCI_RSSI_INVALID; |
5a134fae | 931 | conn->tx_power = HCI_TX_POWER_INVALID; |
d0455ed9 | 932 | conn->max_tx_power = HCI_TX_POWER_INVALID; |
1d11d70d | 933 | conn->sync_handle = HCI_SYNC_HANDLE_INVALID; |
1da177e4 | 934 | |
58a681ef | 935 | set_bit(HCI_CONN_POWER_SAVE, &conn->flags); |
052b30b0 | 936 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
04837f64 | 937 | |
302975cb SRK |
938 | /* Set Default Authenticated payload timeout to 30s */ |
939 | conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; | |
940 | ||
a5c4e309 JH |
941 | if (conn->role == HCI_ROLE_MASTER) |
942 | conn->out = true; | |
943 | ||
a8746417 MH |
944 | switch (type) { |
945 | case ACL_LINK: | |
946 | conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; | |
947 | break; | |
9c84d1da | 948 | case LE_LINK: |
eca0ae4a LAD |
949 | /* conn->src should reflect the local identity address */ |
950 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
951 | break; | |
26afbd82 | 952 | case ISO_LINK: |
9c84d1da JH |
953 | /* conn->src should reflect the local identity address */ |
954 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
eca0ae4a LAD |
955 | |
956 | /* set proper cleanup function */ | |
957 | if (!bacmp(dst, BDADDR_ANY)) | |
958 | conn->cleanup = bis_cleanup; | |
959 | else if (conn->role == HCI_ROLE_MASTER) | |
960 | conn->cleanup = cis_cleanup; | |
961 | ||
9c84d1da | 962 | break; |
a8746417 MH |
963 | case SCO_LINK: |
964 | if (lmp_esco_capable(hdev)) | |
efc7688b MH |
965 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
966 | (hdev->esco_type & EDR_ESCO_MASK); | |
a8746417 MH |
967 | else |
968 | conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; | |
969 | break; | |
970 | case ESCO_LINK: | |
efc7688b | 971 | conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; |
a8746417 MH |
972 | break; |
973 | } | |
974 | ||
1da177e4 | 975 | skb_queue_head_init(&conn->data_q); |
04837f64 | 976 | |
70c1f20b | 977 | INIT_LIST_HEAD(&conn->chan_list); |
06149746 | 978 | INIT_LIST_HEAD(&conn->link_list); |
73d80deb | 979 | |
19c40e3b | 980 | INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); |
7bc18d9d | 981 | INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); |
a74a84f6 | 982 | INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); |
9489eca4 | 983 | INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); |
1da177e4 LT |
984 | |
985 | atomic_set(&conn->refcnt, 0); | |
986 | ||
987 | hci_dev_hold(hdev); | |
988 | ||
1da177e4 | 989 | hci_conn_hash_add(hdev, conn); |
1f8330ea SN |
990 | |
991 | /* The SCO and eSCO connections will only be notified when their | |
992 | * setup has been completed. This is different to ACL links which | |
993 | * can be notified right away. | |
994 | */ | |
995 | if (conn->type != SCO_LINK && conn->type != ESCO_LINK) { | |
996 | if (hdev->notify) | |
997 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); | |
998 | } | |
1da177e4 | 999 | |
a67e899c MH |
1000 | hci_conn_init_sysfs(conn); |
1001 | ||
1da177e4 LT |
1002 | return conn; |
1003 | } | |
1004 | ||
181a42ed ZX |
1005 | struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, |
1006 | bdaddr_t *dst, u8 role) | |
1007 | { | |
1008 | int handle; | |
1009 | ||
1010 | bt_dev_dbg(hdev, "dst %pMR", dst); | |
1011 | ||
1012 | handle = hci_conn_hash_alloc_unset(hdev); | |
1013 | if (unlikely(handle < 0)) | |
1014 | return NULL; | |
1015 | ||
1016 | return hci_conn_add(hdev, type, dst, role, handle); | |
1017 | } | |
1018 | ||
3344d318 PV |
1019 | static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason) |
1020 | { | |
1021 | if (!reason) | |
1022 | reason = HCI_ERROR_REMOTE_USER_TERM; | |
1023 | ||
1024 | /* Due to race, SCO/ISO conn might be not established yet at this point, | |
1025 | * and nothing else will clean it up. In other cases it is done via HCI | |
1026 | * events. | |
1027 | */ | |
1028 | switch (conn->type) { | |
1029 | case SCO_LINK: | |
1030 | case ESCO_LINK: | |
1031 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) | |
1032 | hci_conn_failed(conn, reason); | |
1033 | break; | |
1034 | case ISO_LINK: | |
fa224d0c IT |
1035 | if ((conn->state != BT_CONNECTED && |
1036 | !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) || | |
1037 | test_bit(HCI_CONN_BIG_CREATED, &conn->flags)) | |
3344d318 PV |
1038 | hci_conn_failed(conn, reason); |
1039 | break; | |
1040 | } | |
1041 | } | |
1042 | ||
06149746 | 1043 | static void hci_conn_unlink(struct hci_conn *conn) |
5dc7d23e | 1044 | { |
06149746 LAD |
1045 | struct hci_dev *hdev = conn->hdev; |
1046 | ||
1047 | bt_dev_dbg(hdev, "hcon %p", conn); | |
1048 | ||
1049 | if (!conn->parent) { | |
1050 | struct hci_link *link, *t; | |
1051 | ||
ca1fd42e RL |
1052 | list_for_each_entry_safe(link, t, &conn->link_list, list) { |
1053 | struct hci_conn *child = link->conn; | |
1054 | ||
1055 | hci_conn_unlink(child); | |
1056 | ||
a2ac591c RL |
1057 | /* If hdev is down it means |
1058 | * hci_dev_close_sync/hci_conn_hash_flush is in progress | |
1059 | * and links don't need to be cleanup as all connections | |
1060 | * would be cleanup. | |
1061 | */ | |
1062 | if (!test_bit(HCI_UP, &hdev->flags)) | |
1063 | continue; | |
1064 | ||
3344d318 | 1065 | hci_conn_cleanup_child(child, conn->abort_reason); |
ca1fd42e | 1066 | } |
06149746 LAD |
1067 | |
1068 | return; | |
1069 | } | |
1070 | ||
5dc7d23e | 1071 | if (!conn->link) |
06149746 | 1072 | return; |
5dc7d23e | 1073 | |
06149746 LAD |
1074 | list_del_rcu(&conn->link->list); |
1075 | synchronize_rcu(); | |
1076 | ||
a2904d28 | 1077 | hci_conn_drop(conn->parent); |
2910431a RL |
1078 | hci_conn_put(conn->parent); |
1079 | conn->parent = NULL; | |
1080 | ||
06149746 | 1081 | kfree(conn->link); |
5dc7d23e | 1082 | conn->link = NULL; |
5dc7d23e LAD |
1083 | } |
1084 | ||
a2ac591c | 1085 | void hci_conn_del(struct hci_conn *conn) |
1da177e4 LT |
1086 | { |
1087 | struct hci_dev *hdev = conn->hdev; | |
1088 | ||
38b3fef1 | 1089 | BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle); |
1da177e4 | 1090 | |
a2904d28 RL |
1091 | hci_conn_unlink(conn); |
1092 | ||
19c40e3b | 1093 | cancel_delayed_work_sync(&conn->disc_work); |
7bc18d9d | 1094 | cancel_delayed_work_sync(&conn->auto_accept_work); |
a74a84f6 | 1095 | cancel_delayed_work_sync(&conn->idle_work); |
9f61656a | 1096 | |
5b7f9909 | 1097 | if (conn->type == ACL_LINK) { |
1da177e4 LT |
1098 | /* Unacked frames */ |
1099 | hdev->acl_cnt += conn->sent; | |
6ed58ec5 | 1100 | } else if (conn->type == LE_LINK) { |
980ffc0a | 1101 | cancel_delayed_work(&conn->le_conn_timeout); |
9489eca4 | 1102 | |
6ed58ec5 VT |
1103 | if (hdev->le_pkts) |
1104 | hdev->le_cnt += conn->sent; | |
1105 | else | |
1106 | hdev->acl_cnt += conn->sent; | |
5b7f9909 | 1107 | } else { |
5638d9ea LAD |
1108 | /* Unacked ISO frames */ |
1109 | if (conn->type == ISO_LINK) { | |
1110 | if (hdev->iso_pkts) | |
1111 | hdev->iso_cnt += conn->sent; | |
1112 | else if (hdev->le_pkts) | |
1113 | hdev->le_cnt += conn->sent; | |
1114 | else | |
1115 | hdev->acl_cnt += conn->sent; | |
1116 | } | |
1da177e4 LT |
1117 | } |
1118 | ||
1da177e4 | 1119 | skb_queue_purge(&conn->data_q); |
1da177e4 | 1120 | |
b958f9a3 JH |
1121 | /* Remove the connection from the list and cleanup its remaining |
1122 | * state. This is a separate function since for some cases like | |
1123 | * BT_CONNECT_SCAN we *only* want the cleanup part without the | |
1124 | * rest of hci_conn_del. | |
1125 | */ | |
1126 | hci_conn_cleanup(conn); | |
881559af LAD |
1127 | |
1128 | /* Dequeue callbacks using connection pointer as data */ | |
1129 | hci_cmd_sync_dequeue(hdev, NULL, conn, NULL); | |
1da177e4 LT |
1130 | } |
1131 | ||
39385cb5 | 1132 | struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type) |
1da177e4 LT |
1133 | { |
1134 | int use_src = bacmp(src, BDADDR_ANY); | |
8035ded4 | 1135 | struct hci_dev *hdev = NULL, *d; |
1da177e4 | 1136 | |
6ed93dc6 | 1137 | BT_DBG("%pMR -> %pMR", src, dst); |
1da177e4 | 1138 | |
f20d09d5 | 1139 | read_lock(&hci_dev_list_lock); |
1da177e4 | 1140 | |
8035ded4 | 1141 | list_for_each_entry(d, &hci_dev_list, list) { |
8fc9ced3 | 1142 | if (!test_bit(HCI_UP, &d->flags) || |
d7a5a11d | 1143 | hci_dev_test_flag(d, HCI_USER_CHANNEL) || |
ca8bee5d | 1144 | d->dev_type != HCI_PRIMARY) |
1da177e4 LT |
1145 | continue; |
1146 | ||
8e87d142 | 1147 | /* Simple routing: |
1da177e4 LT |
1148 | * No source address - find interface with bdaddr != dst |
1149 | * Source address - find interface with bdaddr == src | |
1150 | */ | |
1151 | ||
1152 | if (use_src) { | |
39385cb5 JH |
1153 | bdaddr_t id_addr; |
1154 | u8 id_addr_type; | |
1155 | ||
1156 | if (src_type == BDADDR_BREDR) { | |
1157 | if (!lmp_bredr_capable(d)) | |
1158 | continue; | |
1159 | bacpy(&id_addr, &d->bdaddr); | |
1160 | id_addr_type = BDADDR_BREDR; | |
1161 | } else { | |
1162 | if (!lmp_le_capable(d)) | |
1163 | continue; | |
1164 | ||
1165 | hci_copy_identity_address(d, &id_addr, | |
1166 | &id_addr_type); | |
1167 | ||
1168 | /* Convert from HCI to three-value type */ | |
1169 | if (id_addr_type == ADDR_LE_DEV_PUBLIC) | |
1170 | id_addr_type = BDADDR_LE_PUBLIC; | |
1171 | else | |
1172 | id_addr_type = BDADDR_LE_RANDOM; | |
1173 | } | |
1174 | ||
1175 | if (!bacmp(&id_addr, src) && id_addr_type == src_type) { | |
1da177e4 LT |
1176 | hdev = d; break; |
1177 | } | |
1178 | } else { | |
1179 | if (bacmp(&d->bdaddr, dst)) { | |
1180 | hdev = d; break; | |
1181 | } | |
1182 | } | |
1183 | } | |
1184 | ||
1185 | if (hdev) | |
1186 | hdev = hci_dev_hold(hdev); | |
1187 | ||
f20d09d5 | 1188 | read_unlock(&hci_dev_list_lock); |
1da177e4 LT |
1189 | return hdev; |
1190 | } | |
1191 | EXPORT_SYMBOL(hci_get_route); | |
1192 | ||
9bb3c01f | 1193 | /* This function requires the caller holds hdev->lock */ |
9b3628d7 | 1194 | static void hci_le_conn_failed(struct hci_conn *conn, u8 status) |
9bb3c01f AG |
1195 | { |
1196 | struct hci_dev *hdev = conn->hdev; | |
f161dd41 | 1197 | |
19cf60bf | 1198 | hci_connect_le_scan_cleanup(conn, status); |
3c857757 | 1199 | |
abfeea47 | 1200 | /* Enable advertising in case this was a failed connection |
3c857757 JH |
1201 | * attempt as a peripheral. |
1202 | */ | |
abfeea47 | 1203 | hci_enable_advertising(hdev); |
9bb3c01f AG |
1204 | } |
1205 | ||
9b3628d7 LAD |
1206 | /* This function requires the caller holds hdev->lock */ |
1207 | void hci_conn_failed(struct hci_conn *conn, u8 status) | |
1208 | { | |
1209 | struct hci_dev *hdev = conn->hdev; | |
1210 | ||
1211 | bt_dev_dbg(hdev, "status 0x%2.2x", status); | |
1212 | ||
1213 | switch (conn->type) { | |
1214 | case LE_LINK: | |
1215 | hci_le_conn_failed(conn, status); | |
1216 | break; | |
1217 | case ACL_LINK: | |
1218 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | |
1219 | conn->dst_type, status); | |
1220 | break; | |
1221 | } | |
1222 | ||
a254b90c IT |
1223 | /* In case of BIG/PA sync failed, clear conn flags so that |
1224 | * the conns will be correctly cleaned up by ISO layer | |
1225 | */ | |
1226 | test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags); | |
1227 | test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags); | |
1228 | ||
9b3628d7 LAD |
1229 | conn->state = BT_CLOSED; |
1230 | hci_connect_cfm(conn, status); | |
1231 | hci_conn_del(conn); | |
1232 | } | |
1233 | ||
16e3b642 LAD |
1234 | /* This function requires the caller holds hdev->lock */ |
1235 | u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle) | |
1236 | { | |
1237 | struct hci_dev *hdev = conn->hdev; | |
1238 | ||
1239 | bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle); | |
1240 | ||
1241 | if (conn->handle == handle) | |
1242 | return 0; | |
1243 | ||
1244 | if (handle > HCI_CONN_HANDLE_MAX) { | |
1245 | bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x", | |
1246 | handle, HCI_CONN_HANDLE_MAX); | |
1247 | return HCI_ERROR_INVALID_PARAMETERS; | |
1248 | } | |
1249 | ||
1250 | /* If abort_reason has been sent it means the connection is being | |
1251 | * aborted and the handle shall not be changed. | |
1252 | */ | |
1253 | if (conn->abort_reason) | |
1254 | return conn->abort_reason; | |
1255 | ||
181a42ed ZX |
1256 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) |
1257 | ida_free(&hdev->unset_handle_ida, conn->handle); | |
1258 | ||
16e3b642 LAD |
1259 | conn->handle = handle; |
1260 | ||
1261 | return 0; | |
1262 | } | |
1263 | ||
04a6c589 | 1264 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, |
d850bf08 | 1265 | u8 dst_type, bool dst_resolved, u8 sec_level, |
2e7ed5f5 | 1266 | u16 conn_timeout, u8 role, u8 phy, u8 sec_phy) |
1da177e4 | 1267 | { |
e2caced4 | 1268 | struct hci_conn *conn; |
1ebfcc1f | 1269 | struct smp_irk *irk; |
1d399ae5 | 1270 | int err; |
1da177e4 | 1271 | |
152d386e | 1272 | /* Let's make sure that le is enabled.*/ |
d7a5a11d | 1273 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { |
152d386e LR |
1274 | if (lmp_le_capable(hdev)) |
1275 | return ERR_PTR(-ECONNREFUSED); | |
1276 | ||
1277 | return ERR_PTR(-EOPNOTSUPP); | |
1278 | } | |
1279 | ||
658aead9 JH |
1280 | /* Since the controller supports only one LE connection attempt at a |
1281 | * time, we return -EBUSY if there is any connection attempt running. | |
1282 | */ | |
1283 | if (hci_lookup_le_connect(hdev)) | |
1284 | return ERR_PTR(-EBUSY); | |
1285 | ||
e2caced4 JH |
1286 | /* If there's already a connection object but it's not in |
1287 | * scanning state it means it must already be established, in | |
1288 | * which case we can't do anything else except report a failure | |
1289 | * to connect. | |
620ad521 | 1290 | */ |
9d4c1cc1 | 1291 | conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); |
e2caced4 JH |
1292 | if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) { |
1293 | return ERR_PTR(-EBUSY); | |
620ad521 | 1294 | } |
dfc94dbd | 1295 | |
d850bf08 LAD |
1296 | /* Check if the destination address has been resolved by the controller |
1297 | * since if it did then the identity address shall be used. | |
edb4b466 | 1298 | */ |
d850bf08 LAD |
1299 | if (!dst_resolved) { |
1300 | /* When given an identity address with existing identity | |
1301 | * resolving key, the connection needs to be established | |
1302 | * to a resolvable random address. | |
1303 | * | |
1304 | * Storing the resolvable random address is required here | |
1305 | * to handle connection failures. The address will later | |
1306 | * be resolved back into the original identity address | |
1307 | * from the connect request. | |
1308 | */ | |
1309 | irk = hci_find_irk_by_addr(hdev, dst, dst_type); | |
1310 | if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { | |
1311 | dst = &irk->rpa; | |
1312 | dst_type = ADDR_LE_DEV_RANDOM; | |
1313 | } | |
1ebfcc1f JH |
1314 | } |
1315 | ||
e2caced4 | 1316 | if (conn) { |
28a667c9 JP |
1317 | bacpy(&conn->dst, dst); |
1318 | } else { | |
181a42ed | 1319 | conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); |
e2caced4 JH |
1320 | if (!conn) |
1321 | return ERR_PTR(-ENOMEM); | |
1322 | hci_conn_hold(conn); | |
1323 | conn->pending_sec_level = sec_level; | |
28a667c9 JP |
1324 | } |
1325 | ||
1ebfcc1f | 1326 | conn->dst_type = dst_type; |
620ad521 | 1327 | conn->sec_level = BT_SECURITY_LOW; |
09ae260b | 1328 | conn->conn_timeout = conn_timeout; |
2e7ed5f5 LAD |
1329 | conn->le_adv_phy = phy; |
1330 | conn->le_adv_sec_phy = sec_phy; | |
4292f1f3 | 1331 | |
881559af | 1332 | err = hci_connect_le_sync(hdev, conn); |
2acf3d90 AG |
1333 | if (err) { |
1334 | hci_conn_del(conn); | |
620ad521 | 1335 | return ERR_PTR(err); |
2acf3d90 | 1336 | } |
fcd89c09 | 1337 | |
f1e5d547 | 1338 | return conn; |
d04aef4c | 1339 | } |
fcd89c09 | 1340 | |
f75113a2 JP |
1341 | static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) |
1342 | { | |
1343 | struct hci_conn *conn; | |
1344 | ||
9d4c1cc1 | 1345 | conn = hci_conn_hash_lookup_le(hdev, addr, type); |
f75113a2 JP |
1346 | if (!conn) |
1347 | return false; | |
1348 | ||
f75113a2 JP |
1349 | if (conn->state != BT_CONNECTED) |
1350 | return false; | |
1351 | ||
1352 | return true; | |
1353 | } | |
1354 | ||
1355 | /* This function requires the caller holds hdev->lock */ | |
84235d22 | 1356 | static int hci_explicit_conn_params_set(struct hci_dev *hdev, |
f75113a2 JP |
1357 | bdaddr_t *addr, u8 addr_type) |
1358 | { | |
f75113a2 JP |
1359 | struct hci_conn_params *params; |
1360 | ||
1361 | if (is_connected(hdev, addr, addr_type)) | |
1362 | return -EISCONN; | |
1363 | ||
5157b8a5 JP |
1364 | params = hci_conn_params_lookup(hdev, addr, addr_type); |
1365 | if (!params) { | |
1366 | params = hci_conn_params_add(hdev, addr, addr_type); | |
1367 | if (!params) | |
1368 | return -ENOMEM; | |
1369 | ||
1370 | /* If we created new params, mark them to be deleted in | |
1371 | * hci_connect_le_scan_cleanup. It's different case than | |
1372 | * existing disabled params, those will stay after cleanup. | |
1373 | */ | |
1374 | params->auto_connect = HCI_AUTO_CONN_EXPLICIT; | |
1375 | } | |
f75113a2 | 1376 | |
5157b8a5 | 1377 | /* We're trying to connect, so make sure params are at pend_le_conns */ |
49c50922 | 1378 | if (params->auto_connect == HCI_AUTO_CONN_DISABLED || |
5157b8a5 JP |
1379 | params->auto_connect == HCI_AUTO_CONN_REPORT || |
1380 | params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { | |
195ef75e PV |
1381 | hci_pend_le_list_del_init(params); |
1382 | hci_pend_le_list_add(params, &hdev->pend_le_conns); | |
f75113a2 JP |
1383 | } |
1384 | ||
1385 | params->explicit_connect = true; | |
f75113a2 JP |
1386 | |
1387 | BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, | |
1388 | params->auto_connect); | |
1389 | ||
1390 | return 0; | |
1391 | } | |
1392 | ||
eca0ae4a LAD |
1393 | static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos) |
1394 | { | |
6a42e9bf IT |
1395 | struct hci_conn *conn; |
1396 | u8 big; | |
eca0ae4a LAD |
1397 | |
1398 | /* Allocate a BIG if not set */ | |
0fe8c8d0 | 1399 | if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) { |
6a42e9bf | 1400 | for (big = 0x00; big < 0xef; big++) { |
eca0ae4a | 1401 | |
6a42e9bf IT |
1402 | conn = hci_conn_hash_lookup_big(hdev, big); |
1403 | if (!conn) | |
eca0ae4a LAD |
1404 | break; |
1405 | } | |
1406 | ||
6a42e9bf | 1407 | if (big == 0xef) |
eca0ae4a LAD |
1408 | return -EADDRNOTAVAIL; |
1409 | ||
1410 | /* Update BIG */ | |
6a42e9bf | 1411 | qos->bcast.big = big; |
eca0ae4a LAD |
1412 | } |
1413 | ||
1414 | return 0; | |
1415 | } | |
1416 | ||
1417 | static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos) | |
1418 | { | |
6a42e9bf IT |
1419 | struct hci_conn *conn; |
1420 | u8 bis; | |
eca0ae4a LAD |
1421 | |
1422 | /* Allocate BIS if not set */ | |
0fe8c8d0 | 1423 | if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) { |
71b7bb48 IT |
1424 | if (qos->bcast.big != BT_ISO_QOS_BIG_UNSET) { |
1425 | conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); | |
1426 | ||
1427 | if (conn) { | |
1428 | /* If the BIG handle is already matched to an advertising | |
1429 | * handle, do not allocate a new one. | |
1430 | */ | |
1431 | qos->bcast.bis = conn->iso_qos.bcast.bis; | |
1432 | return 0; | |
1433 | } | |
1434 | } | |
1435 | ||
eca0ae4a LAD |
1436 | /* Find an unused adv set to advertise BIS, skip instance 0x00 |
1437 | * since it is reserved as general purpose set. | |
1438 | */ | |
6a42e9bf IT |
1439 | for (bis = 0x01; bis < hdev->le_num_of_adv_sets; |
1440 | bis++) { | |
eca0ae4a | 1441 | |
6a42e9bf IT |
1442 | conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis); |
1443 | if (!conn) | |
eca0ae4a LAD |
1444 | break; |
1445 | } | |
1446 | ||
6a42e9bf | 1447 | if (bis == hdev->le_num_of_adv_sets) |
eca0ae4a LAD |
1448 | return -EADDRNOTAVAIL; |
1449 | ||
1450 | /* Update BIS */ | |
6a42e9bf | 1451 | qos->bcast.bis = bis; |
eca0ae4a LAD |
1452 | } |
1453 | ||
1454 | return 0; | |
1455 | } | |
1456 | ||
1457 | /* This function requires the caller holds hdev->lock */ | |
1458 | static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, | |
a0bfde16 IT |
1459 | struct bt_iso_qos *qos, __u8 base_len, |
1460 | __u8 *base) | |
eca0ae4a LAD |
1461 | { |
1462 | struct hci_conn *conn; | |
eca0ae4a LAD |
1463 | int err; |
1464 | ||
1465 | /* Let's make sure that le is enabled.*/ | |
1466 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1467 | if (lmp_le_capable(hdev)) | |
1468 | return ERR_PTR(-ECONNREFUSED); | |
1469 | return ERR_PTR(-EOPNOTSUPP); | |
1470 | } | |
1471 | ||
1472 | err = qos_set_big(hdev, qos); | |
1473 | if (err) | |
1474 | return ERR_PTR(err); | |
1475 | ||
1476 | err = qos_set_bis(hdev, qos); | |
1477 | if (err) | |
1478 | return ERR_PTR(err); | |
1479 | ||
a0bfde16 IT |
1480 | /* Check if the LE Create BIG command has already been sent */ |
1481 | conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big, | |
1482 | qos->bcast.big); | |
1483 | if (conn) | |
eca0ae4a LAD |
1484 | return ERR_PTR(-EADDRINUSE); |
1485 | ||
a0bfde16 IT |
1486 | /* Check BIS settings against other bound BISes, since all |
1487 | * BISes in a BIG must have the same value for all parameters | |
1488 | */ | |
6a42e9bf | 1489 | conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); |
a0bfde16 IT |
1490 | |
1491 | if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) || | |
1492 | base_len != conn->le_per_adv_data_len || | |
1493 | memcmp(conn->le_per_adv_data, base, base_len))) | |
eca0ae4a LAD |
1494 | return ERR_PTR(-EADDRINUSE); |
1495 | ||
181a42ed | 1496 | conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); |
eca0ae4a LAD |
1497 | if (!conn) |
1498 | return ERR_PTR(-ENOMEM); | |
1499 | ||
eca0ae4a LAD |
1500 | conn->state = BT_CONNECT; |
1501 | ||
1502 | hci_conn_hold(conn); | |
1503 | return conn; | |
1504 | } | |
1505 | ||
f75113a2 JP |
1506 | /* This function requires the caller holds hdev->lock */ |
1507 | struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, | |
1508 | u8 dst_type, u8 sec_level, | |
76b13996 MM |
1509 | u16 conn_timeout, |
1510 | enum conn_reasons conn_reason) | |
f75113a2 JP |
1511 | { |
1512 | struct hci_conn *conn; | |
f75113a2 JP |
1513 | |
1514 | /* Let's make sure that le is enabled.*/ | |
1515 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1516 | if (lmp_le_capable(hdev)) | |
1517 | return ERR_PTR(-ECONNREFUSED); | |
1518 | ||
1519 | return ERR_PTR(-EOPNOTSUPP); | |
1520 | } | |
1521 | ||
1522 | /* Some devices send ATT messages as soon as the physical link is | |
1523 | * established. To be able to handle these ATT messages, the user- | |
1524 | * space first establishes the connection and then starts the pairing | |
1525 | * process. | |
1526 | * | |
1527 | * So if a hci_conn object already exists for the following connection | |
1528 | * attempt, we simply update pending_sec_level and auth_type fields | |
1529 | * and return the object found. | |
1530 | */ | |
9d4c1cc1 | 1531 | conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); |
f75113a2 JP |
1532 | if (conn) { |
1533 | if (conn->pending_sec_level < sec_level) | |
1534 | conn->pending_sec_level = sec_level; | |
1535 | goto done; | |
1536 | } | |
1537 | ||
1538 | BT_DBG("requesting refresh of dst_addr"); | |
1539 | ||
181a42ed | 1540 | conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); |
f75113a2 JP |
1541 | if (!conn) |
1542 | return ERR_PTR(-ENOMEM); | |
1543 | ||
d088337c NE |
1544 | if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { |
1545 | hci_conn_del(conn); | |
f75113a2 | 1546 | return ERR_PTR(-EBUSY); |
d088337c | 1547 | } |
f75113a2 JP |
1548 | |
1549 | conn->state = BT_CONNECT; | |
1550 | set_bit(HCI_CONN_SCANNING, &conn->flags); | |
f75113a2 JP |
1551 | conn->dst_type = dst_type; |
1552 | conn->sec_level = BT_SECURITY_LOW; | |
1553 | conn->pending_sec_level = sec_level; | |
1554 | conn->conn_timeout = conn_timeout; | |
76b13996 | 1555 | conn->conn_reason = conn_reason; |
f75113a2 | 1556 | |
5bee2fd6 | 1557 | hci_update_passive_scan(hdev); |
84235d22 | 1558 | |
f75113a2 JP |
1559 | done: |
1560 | hci_conn_hold(conn); | |
1561 | return conn; | |
1562 | } | |
1563 | ||
04a6c589 | 1564 | struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, |
76b13996 | 1565 | u8 sec_level, u8 auth_type, |
bf98feea | 1566 | enum conn_reasons conn_reason, u16 timeout) |
1da177e4 LT |
1567 | { |
1568 | struct hci_conn *acl; | |
fcd89c09 | 1569 | |
d7a5a11d | 1570 | if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { |
c411110e LR |
1571 | if (lmp_bredr_capable(hdev)) |
1572 | return ERR_PTR(-ECONNREFUSED); | |
1573 | ||
beb19e4c | 1574 | return ERR_PTR(-EOPNOTSUPP); |
c411110e | 1575 | } |
56f87901 | 1576 | |
1ffc6f8c LCY |
1577 | /* Reject outgoing connection to device with same BD ADDR against |
1578 | * CVE-2020-26555 | |
1579 | */ | |
1580 | if (!bacmp(&hdev->bdaddr, dst)) { | |
1581 | bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n", | |
1582 | dst); | |
1583 | return ERR_PTR(-ECONNREFUSED); | |
1584 | } | |
1585 | ||
70f23020 AE |
1586 | acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); |
1587 | if (!acl) { | |
181a42ed | 1588 | acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); |
70f23020 | 1589 | if (!acl) |
48c7aba9 | 1590 | return ERR_PTR(-ENOMEM); |
1da177e4 LT |
1591 | } |
1592 | ||
1593 | hci_conn_hold(acl); | |
1594 | ||
76b13996 | 1595 | acl->conn_reason = conn_reason; |
09ab6f4c | 1596 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
45340097 JD |
1597 | int err; |
1598 | ||
765c2a96 JH |
1599 | acl->sec_level = BT_SECURITY_LOW; |
1600 | acl->pending_sec_level = sec_level; | |
09ab6f4c | 1601 | acl->auth_type = auth_type; |
bf98feea | 1602 | acl->conn_timeout = timeout; |
45340097 | 1603 | |
5f641f03 | 1604 | err = hci_connect_acl_sync(hdev, acl); |
45340097 JD |
1605 | if (err) { |
1606 | hci_conn_del(acl); | |
1607 | return ERR_PTR(err); | |
1608 | } | |
09ab6f4c | 1609 | } |
1da177e4 | 1610 | |
db474275 VCG |
1611 | return acl; |
1612 | } | |
1613 | ||
06149746 LAD |
1614 | static struct hci_link *hci_conn_link(struct hci_conn *parent, |
1615 | struct hci_conn *conn) | |
1616 | { | |
1617 | struct hci_dev *hdev = parent->hdev; | |
1618 | struct hci_link *link; | |
1619 | ||
1620 | bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn); | |
1621 | ||
1622 | if (conn->link) | |
1623 | return conn->link; | |
1624 | ||
1625 | if (conn->parent) | |
1626 | return NULL; | |
1627 | ||
1628 | link = kzalloc(sizeof(*link), GFP_KERNEL); | |
1629 | if (!link) | |
1630 | return NULL; | |
1631 | ||
1632 | link->conn = hci_conn_hold(conn); | |
1633 | conn->link = link; | |
1634 | conn->parent = hci_conn_get(parent); | |
1635 | ||
1636 | /* Use list_add_tail_rcu append to the list */ | |
1637 | list_add_tail_rcu(&link->list, &parent->link_list); | |
1638 | ||
1639 | return link; | |
1640 | } | |
1641 | ||
10c62ddc | 1642 | struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, |
bf98feea LAD |
1643 | __u16 setting, struct bt_codec *codec, |
1644 | u16 timeout) | |
db474275 VCG |
1645 | { |
1646 | struct hci_conn *acl; | |
1647 | struct hci_conn *sco; | |
06149746 | 1648 | struct hci_link *link; |
db474275 | 1649 | |
76b13996 | 1650 | acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING, |
bf98feea | 1651 | CONN_REASON_SCO_CONNECT, timeout); |
db474275 | 1652 | if (IS_ERR(acl)) |
5b7f9909 | 1653 | return acl; |
1da177e4 | 1654 | |
70f23020 AE |
1655 | sco = hci_conn_hash_lookup_ba(hdev, type, dst); |
1656 | if (!sco) { | |
181a42ed | 1657 | sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); |
70f23020 | 1658 | if (!sco) { |
76a68ba0 | 1659 | hci_conn_drop(acl); |
48c7aba9 | 1660 | return ERR_PTR(-ENOMEM); |
1da177e4 | 1661 | } |
5b7f9909 | 1662 | } |
1da177e4 | 1663 | |
06149746 LAD |
1664 | link = hci_conn_link(acl, sco); |
1665 | if (!link) { | |
1666 | hci_conn_drop(acl); | |
1667 | hci_conn_drop(sco); | |
b4066eb0 | 1668 | return ERR_PTR(-ENOLINK); |
06149746 | 1669 | } |
1da177e4 | 1670 | |
10c62ddc | 1671 | sco->setting = setting; |
b2af264a | 1672 | sco->codec = *codec; |
10c62ddc | 1673 | |
5b7f9909 | 1674 | if (acl->state == BT_CONNECTED && |
5974e4c4 | 1675 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
58a681ef | 1676 | set_bit(HCI_CONN_POWER_SAVE, &acl->flags); |
14b12d0b | 1677 | hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); |
c390216b | 1678 | |
51a8efd7 | 1679 | if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) { |
e73439d8 | 1680 | /* defer SCO setup until mode change completed */ |
51a8efd7 | 1681 | set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags); |
e73439d8 MH |
1682 | return sco; |
1683 | } | |
1684 | ||
1685 | hci_sco_setup(acl, 0x00); | |
b6a0dc82 | 1686 | } |
5b7f9909 MH |
1687 | |
1688 | return sco; | |
1da177e4 | 1689 | } |
1da177e4 | 1690 | |
eca0ae4a LAD |
1691 | static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos) |
1692 | { | |
1693 | struct hci_dev *hdev = conn->hdev; | |
1694 | struct hci_cp_le_create_big cp; | |
a0bfde16 | 1695 | struct iso_list_data data; |
eca0ae4a LAD |
1696 | |
1697 | memset(&cp, 0, sizeof(cp)); | |
1698 | ||
a0bfde16 IT |
1699 | data.big = qos->bcast.big; |
1700 | data.bis = qos->bcast.bis; | |
1701 | data.count = 0; | |
1702 | ||
1703 | /* Create a BIS for each bound connection */ | |
1704 | hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, | |
1705 | BT_BOUND, &data); | |
1706 | ||
0fe8c8d0 IT |
1707 | cp.handle = qos->bcast.big; |
1708 | cp.adv_handle = qos->bcast.bis; | |
a0bfde16 | 1709 | cp.num_bis = data.count; |
0fe8c8d0 IT |
1710 | hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval); |
1711 | cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu); | |
1712 | cp.bis.latency = cpu_to_le16(qos->bcast.out.latency); | |
1713 | cp.bis.rtn = qos->bcast.out.rtn; | |
1714 | cp.bis.phy = qos->bcast.out.phy; | |
1715 | cp.bis.packing = qos->bcast.packing; | |
1716 | cp.bis.framing = qos->bcast.framing; | |
1717 | cp.bis.encryption = qos->bcast.encryption; | |
1718 | memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode)); | |
eca0ae4a LAD |
1719 | |
1720 | return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp); | |
1721 | } | |
1722 | ||
a0912892 | 1723 | static int set_cig_params_sync(struct hci_dev *hdev, void *data) |
6b9545dc | 1724 | { |
a1f6c3ae | 1725 | u8 cig_id = PTR_UINT(data); |
a0912892 LAD |
1726 | struct hci_conn *conn; |
1727 | struct bt_iso_qos *qos; | |
1728 | struct iso_cig_params pdu; | |
1729 | u8 cis_id; | |
6b9545dc | 1730 | |
a0912892 LAD |
1731 | conn = hci_conn_hash_lookup_cig(hdev, cig_id); |
1732 | if (!conn) | |
1733 | return 0; | |
6b9545dc | 1734 | |
a0912892 | 1735 | memset(&pdu, 0, sizeof(pdu)); |
6b9545dc | 1736 | |
a0912892 LAD |
1737 | qos = &conn->iso_qos; |
1738 | pdu.cp.cig_id = cig_id; | |
1739 | hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval); | |
1740 | hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval); | |
1741 | pdu.cp.sca = qos->ucast.sca; | |
1742 | pdu.cp.packing = qos->ucast.packing; | |
1743 | pdu.cp.framing = qos->ucast.framing; | |
1744 | pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency); | |
1745 | pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency); | |
6b9545dc | 1746 | |
a0912892 LAD |
1747 | /* Reprogram all CIS(s) with the same CIG, valid range are: |
1748 | * num_cis: 0x00 to 0x1F | |
1749 | * cis_id: 0x00 to 0xEF | |
1750 | */ | |
1751 | for (cis_id = 0x00; cis_id < 0xf0 && | |
1752 | pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) { | |
1753 | struct hci_cis_params *cis; | |
1754 | ||
1755 | conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id); | |
1756 | if (!conn) | |
1757 | continue; | |
6b9545dc | 1758 | |
a0912892 LAD |
1759 | qos = &conn->iso_qos; |
1760 | ||
1761 | cis = &pdu.cis[pdu.cp.num_cis++]; | |
1762 | cis->cis_id = cis_id; | |
1763 | cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu); | |
1764 | cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu); | |
1765 | cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy : | |
1766 | qos->ucast.in.phy; | |
1767 | cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy : | |
1768 | qos->ucast.out.phy; | |
1769 | cis->c_rtn = qos->ucast.out.rtn; | |
1770 | cis->p_rtn = qos->ucast.in.rtn; | |
1771 | } | |
1772 | ||
1773 | if (!pdu.cp.num_cis) | |
1774 | return 0; | |
1775 | ||
1776 | return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, | |
1777 | sizeof(pdu.cp) + | |
1778 | pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu, | |
6b9545dc PV |
1779 | HCI_CMD_TIMEOUT); |
1780 | } | |
1781 | ||
26afbd82 LAD |
1782 | static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos) |
1783 | { | |
1784 | struct hci_dev *hdev = conn->hdev; | |
1785 | struct iso_list_data data; | |
1786 | ||
1787 | memset(&data, 0, sizeof(data)); | |
1788 | ||
e6a7a46b | 1789 | /* Allocate first still reconfigurable CIG if not set */ |
0fe8c8d0 | 1790 | if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) { |
e6a7a46b | 1791 | for (data.cig = 0x00; data.cig < 0xf0; data.cig++) { |
26afbd82 | 1792 | data.count = 0; |
26afbd82 | 1793 | |
e6a7a46b PV |
1794 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, |
1795 | BT_CONNECT, &data); | |
26afbd82 LAD |
1796 | if (data.count) |
1797 | continue; | |
1798 | ||
e6a7a46b | 1799 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, |
26afbd82 LAD |
1800 | BT_CONNECTED, &data); |
1801 | if (!data.count) | |
1802 | break; | |
1803 | } | |
1804 | ||
e6a7a46b | 1805 | if (data.cig == 0xf0) |
26afbd82 LAD |
1806 | return false; |
1807 | ||
1808 | /* Update CIG */ | |
0fe8c8d0 | 1809 | qos->ucast.cig = data.cig; |
26afbd82 LAD |
1810 | } |
1811 | ||
0fe8c8d0 | 1812 | if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) { |
a0912892 LAD |
1813 | if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig, |
1814 | qos->ucast.cis)) | |
26afbd82 | 1815 | return false; |
a0912892 | 1816 | goto done; |
26afbd82 LAD |
1817 | } |
1818 | ||
a0912892 LAD |
1819 | /* Allocate first available CIS if not set */ |
1820 | for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0; | |
1821 | data.cis++) { | |
1822 | if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig, | |
1823 | data.cis)) { | |
26afbd82 | 1824 | /* Update CIS */ |
0fe8c8d0 | 1825 | qos->ucast.cis = data.cis; |
a0912892 | 1826 | break; |
26afbd82 LAD |
1827 | } |
1828 | } | |
1829 | ||
a0912892 | 1830 | if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) |
26afbd82 LAD |
1831 | return false; |
1832 | ||
a0912892 LAD |
1833 | done: |
1834 | if (hci_cmd_sync_queue(hdev, set_cig_params_sync, | |
a1f6c3ae | 1835 | UINT_PTR(qos->ucast.cig), NULL) < 0) |
6b9545dc | 1836 | return false; |
6b9545dc | 1837 | |
26afbd82 LAD |
1838 | return true; |
1839 | } | |
1840 | ||
26afbd82 LAD |
1841 | struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, |
1842 | __u8 dst_type, struct bt_iso_qos *qos) | |
1843 | { | |
1844 | struct hci_conn *cis; | |
1845 | ||
c14516fa LAD |
1846 | cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, |
1847 | qos->ucast.cis); | |
26afbd82 | 1848 | if (!cis) { |
181a42ed | 1849 | cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); |
26afbd82 LAD |
1850 | if (!cis) |
1851 | return ERR_PTR(-ENOMEM); | |
1852 | cis->cleanup = cis_cleanup; | |
b36a234d | 1853 | cis->dst_type = dst_type; |
b5793de3 PV |
1854 | cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; |
1855 | cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET; | |
26afbd82 LAD |
1856 | } |
1857 | ||
1858 | if (cis->state == BT_CONNECTED) | |
1859 | return cis; | |
1860 | ||
1861 | /* Check if CIS has been set and the settings matches */ | |
1862 | if (cis->state == BT_BOUND && | |
1863 | !memcmp(&cis->iso_qos, qos, sizeof(*qos))) | |
1864 | return cis; | |
1865 | ||
1866 | /* Update LINK PHYs according to QoS preference */ | |
0fe8c8d0 IT |
1867 | cis->le_tx_phy = qos->ucast.out.phy; |
1868 | cis->le_rx_phy = qos->ucast.in.phy; | |
26afbd82 LAD |
1869 | |
1870 | /* If output interval is not set use the input interval as it cannot be | |
1871 | * 0x000000. | |
1872 | */ | |
0fe8c8d0 IT |
1873 | if (!qos->ucast.out.interval) |
1874 | qos->ucast.out.interval = qos->ucast.in.interval; | |
26afbd82 LAD |
1875 | |
1876 | /* If input interval is not set use the output interval as it cannot be | |
1877 | * 0x000000. | |
1878 | */ | |
0fe8c8d0 IT |
1879 | if (!qos->ucast.in.interval) |
1880 | qos->ucast.in.interval = qos->ucast.out.interval; | |
26afbd82 LAD |
1881 | |
1882 | /* If output latency is not set use the input latency as it cannot be | |
1883 | * 0x0000. | |
1884 | */ | |
0fe8c8d0 IT |
1885 | if (!qos->ucast.out.latency) |
1886 | qos->ucast.out.latency = qos->ucast.in.latency; | |
26afbd82 LAD |
1887 | |
1888 | /* If input latency is not set use the output latency as it cannot be | |
1889 | * 0x0000. | |
1890 | */ | |
0fe8c8d0 IT |
1891 | if (!qos->ucast.in.latency) |
1892 | qos->ucast.in.latency = qos->ucast.out.latency; | |
26afbd82 | 1893 | |
26afbd82 LAD |
1894 | if (!hci_le_set_cig_params(cis, qos)) { |
1895 | hci_conn_drop(cis); | |
1896 | return ERR_PTR(-EINVAL); | |
1897 | } | |
1898 | ||
69997d50 PV |
1899 | hci_conn_hold(cis); |
1900 | ||
26afbd82 LAD |
1901 | cis->iso_qos = *qos; |
1902 | cis->state = BT_BOUND; | |
1903 | ||
1904 | return cis; | |
1905 | } | |
1906 | ||
1907 | bool hci_iso_setup_path(struct hci_conn *conn) | |
1908 | { | |
1909 | struct hci_dev *hdev = conn->hdev; | |
1910 | struct hci_cp_le_setup_iso_path cmd; | |
1911 | ||
1912 | memset(&cmd, 0, sizeof(cmd)); | |
1913 | ||
0fe8c8d0 | 1914 | if (conn->iso_qos.ucast.out.sdu) { |
26afbd82 LAD |
1915 | cmd.handle = cpu_to_le16(conn->handle); |
1916 | cmd.direction = 0x00; /* Input (Host to Controller) */ | |
1917 | cmd.path = 0x00; /* HCI path if enabled */ | |
1918 | cmd.codec = 0x03; /* Transparent Data */ | |
1919 | ||
1920 | if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), | |
1921 | &cmd) < 0) | |
1922 | return false; | |
1923 | } | |
1924 | ||
0fe8c8d0 | 1925 | if (conn->iso_qos.ucast.in.sdu) { |
26afbd82 LAD |
1926 | cmd.handle = cpu_to_le16(conn->handle); |
1927 | cmd.direction = 0x01; /* Output (Controller to Host) */ | |
1928 | cmd.path = 0x00; /* HCI path if enabled */ | |
1929 | cmd.codec = 0x03; /* Transparent Data */ | |
1930 | ||
1931 | if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), | |
1932 | &cmd) < 0) | |
1933 | return false; | |
1934 | } | |
1935 | ||
1936 | return true; | |
1937 | } | |
1938 | ||
7f74563e | 1939 | int hci_conn_check_create_cis(struct hci_conn *conn) |
26afbd82 | 1940 | { |
7f74563e PV |
1941 | if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY)) |
1942 | return -EINVAL; | |
26afbd82 | 1943 | |
7f74563e | 1944 | if (!conn->parent || conn->parent->state != BT_CONNECTED || |
9f78191c | 1945 | conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle)) |
7f74563e | 1946 | return 1; |
26afbd82 | 1947 | |
7f74563e PV |
1948 | return 0; |
1949 | } | |
06149746 | 1950 | |
7f74563e PV |
1951 | static int hci_create_cis_sync(struct hci_dev *hdev, void *data) |
1952 | { | |
1953 | return hci_le_create_cis_sync(hdev); | |
1954 | } | |
06149746 | 1955 | |
7f74563e PV |
1956 | int hci_le_create_cis_pending(struct hci_dev *hdev) |
1957 | { | |
1958 | struct hci_conn *conn; | |
1959 | bool pending = false; | |
06149746 | 1960 | |
7f74563e | 1961 | rcu_read_lock(); |
06149746 | 1962 | |
7f74563e PV |
1963 | list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) { |
1964 | if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) { | |
1965 | rcu_read_unlock(); | |
1966 | return -EBUSY; | |
06149746 LAD |
1967 | } |
1968 | ||
7f74563e PV |
1969 | if (!hci_conn_check_create_cis(conn)) |
1970 | pending = true; | |
26afbd82 LAD |
1971 | } |
1972 | ||
7f74563e PV |
1973 | rcu_read_unlock(); |
1974 | ||
1975 | if (!pending) | |
26afbd82 LAD |
1976 | return 0; |
1977 | ||
1978 | /* Queue Create CIS */ | |
7f74563e | 1979 | return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL); |
26afbd82 LAD |
1980 | } |
1981 | ||
1982 | static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, | |
1983 | struct bt_iso_io_qos *qos, __u8 phy) | |
1984 | { | |
1985 | /* Only set MTU if PHY is enabled */ | |
1986 | if (!qos->sdu && qos->phy) { | |
1987 | if (hdev->iso_mtu > 0) | |
1988 | qos->sdu = hdev->iso_mtu; | |
1989 | else if (hdev->le_mtu > 0) | |
1990 | qos->sdu = hdev->le_mtu; | |
1991 | else | |
1992 | qos->sdu = hdev->acl_mtu; | |
1993 | } | |
1994 | ||
1995 | /* Use the same PHY as ACL if set to any */ | |
1996 | if (qos->phy == BT_ISO_PHY_ANY) | |
1997 | qos->phy = phy; | |
1998 | ||
1999 | /* Use LE ACL connection interval if not set */ | |
2000 | if (!qos->interval) | |
2001 | /* ACL interval unit in 1.25 ms to us */ | |
2002 | qos->interval = conn->le_conn_interval * 1250; | |
2003 | ||
2004 | /* Use LE ACL connection latency if not set */ | |
2005 | if (!qos->latency) | |
2006 | qos->latency = conn->le_conn_latency; | |
2007 | } | |
2008 | ||
eca0ae4a LAD |
2009 | static int create_big_sync(struct hci_dev *hdev, void *data) |
2010 | { | |
2011 | struct hci_conn *conn = data; | |
2012 | struct bt_iso_qos *qos = &conn->iso_qos; | |
2013 | u16 interval, sync_interval = 0; | |
2014 | u32 flags = 0; | |
2015 | int err; | |
2016 | ||
0fe8c8d0 | 2017 | if (qos->bcast.out.phy == 0x02) |
eca0ae4a LAD |
2018 | flags |= MGMT_ADV_FLAG_SEC_2M; |
2019 | ||
2020 | /* Align intervals */ | |
14f0dcec | 2021 | interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor; |
eca0ae4a | 2022 | |
0fe8c8d0 | 2023 | if (qos->bcast.bis) |
14f0dcec | 2024 | sync_interval = interval * 4; |
eca0ae4a | 2025 | |
0fe8c8d0 | 2026 | err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len, |
eca0ae4a LAD |
2027 | conn->le_per_adv_data, flags, interval, |
2028 | interval, sync_interval); | |
2029 | if (err) | |
2030 | return err; | |
2031 | ||
2032 | return hci_le_create_big(conn, &conn->iso_qos); | |
2033 | } | |
2034 | ||
2035 | static void create_pa_complete(struct hci_dev *hdev, void *data, int err) | |
2036 | { | |
2037 | struct hci_cp_le_pa_create_sync *cp = data; | |
2038 | ||
2039 | bt_dev_dbg(hdev, ""); | |
2040 | ||
2041 | if (err) | |
2042 | bt_dev_err(hdev, "Unable to create PA: %d", err); | |
2043 | ||
2044 | kfree(cp); | |
2045 | } | |
2046 | ||
2047 | static int create_pa_sync(struct hci_dev *hdev, void *data) | |
2048 | { | |
2049 | struct hci_cp_le_pa_create_sync *cp = data; | |
2050 | int err; | |
2051 | ||
2052 | err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC, | |
2053 | sizeof(*cp), cp, HCI_CMD_TIMEOUT); | |
2054 | if (err) { | |
2055 | hci_dev_clear_flag(hdev, HCI_PA_SYNC); | |
2056 | return err; | |
2057 | } | |
2058 | ||
2059 | return hci_update_passive_scan_sync(hdev); | |
2060 | } | |
2061 | ||
02171da6 IT |
2062 | struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, |
2063 | __u8 dst_type, __u8 sid, | |
2064 | struct bt_iso_qos *qos) | |
eca0ae4a LAD |
2065 | { |
2066 | struct hci_cp_le_pa_create_sync *cp; | |
02171da6 IT |
2067 | struct hci_conn *conn; |
2068 | int err; | |
eca0ae4a LAD |
2069 | |
2070 | if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC)) | |
02171da6 IT |
2071 | return ERR_PTR(-EBUSY); |
2072 | ||
2073 | conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE); | |
2074 | if (!conn) | |
2075 | return ERR_PTR(-ENOMEM); | |
2076 | ||
2077 | conn->iso_qos = *qos; | |
2078 | conn->state = BT_LISTEN; | |
2079 | ||
2080 | hci_conn_hold(conn); | |
eca0ae4a | 2081 | |
37224a29 | 2082 | cp = kzalloc(sizeof(*cp), GFP_KERNEL); |
eca0ae4a LAD |
2083 | if (!cp) { |
2084 | hci_dev_clear_flag(hdev, HCI_PA_SYNC); | |
02171da6 IT |
2085 | hci_conn_drop(conn); |
2086 | return ERR_PTR(-ENOMEM); | |
eca0ae4a LAD |
2087 | } |
2088 | ||
0fe8c8d0 | 2089 | cp->options = qos->bcast.options; |
eca0ae4a LAD |
2090 | cp->sid = sid; |
2091 | cp->addr_type = dst_type; | |
2092 | bacpy(&cp->addr, dst); | |
0fe8c8d0 IT |
2093 | cp->skip = cpu_to_le16(qos->bcast.skip); |
2094 | cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); | |
2095 | cp->sync_cte_type = qos->bcast.sync_cte_type; | |
eca0ae4a LAD |
2096 | |
2097 | /* Queue start pa_create_sync and scan */ | |
02171da6 IT |
2098 | err = hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete); |
2099 | if (err < 0) { | |
2100 | hci_conn_drop(conn); | |
2101 | kfree(cp); | |
2102 | return ERR_PTR(err); | |
2103 | } | |
2104 | ||
2105 | return conn; | |
eca0ae4a LAD |
2106 | } |
2107 | ||
fbdc4bc4 IT |
2108 | int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon, |
2109 | struct bt_iso_qos *qos, | |
eca0ae4a LAD |
2110 | __u16 sync_handle, __u8 num_bis, __u8 bis[]) |
2111 | { | |
2112 | struct _packed { | |
2113 | struct hci_cp_le_big_create_sync cp; | |
2114 | __u8 bis[0x11]; | |
2115 | } pdu; | |
2116 | int err; | |
2117 | ||
31ca583b | 2118 | if (num_bis < 0x01 || num_bis > sizeof(pdu.bis)) |
eca0ae4a LAD |
2119 | return -EINVAL; |
2120 | ||
2121 | err = qos_set_big(hdev, qos); | |
2122 | if (err) | |
2123 | return err; | |
2124 | ||
fbdc4bc4 IT |
2125 | if (hcon) |
2126 | hcon->iso_qos.bcast.big = qos->bcast.big; | |
2127 | ||
eca0ae4a | 2128 | memset(&pdu, 0, sizeof(pdu)); |
0fe8c8d0 | 2129 | pdu.cp.handle = qos->bcast.big; |
eca0ae4a | 2130 | pdu.cp.sync_handle = cpu_to_le16(sync_handle); |
0fe8c8d0 IT |
2131 | pdu.cp.encryption = qos->bcast.encryption; |
2132 | memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode)); | |
2133 | pdu.cp.mse = qos->bcast.mse; | |
2134 | pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout); | |
eca0ae4a LAD |
2135 | pdu.cp.num_bis = num_bis; |
2136 | memcpy(pdu.bis, bis, num_bis); | |
2137 | ||
2138 | return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC, | |
2139 | sizeof(pdu.cp) + num_bis, &pdu); | |
2140 | } | |
2141 | ||
2142 | static void create_big_complete(struct hci_dev *hdev, void *data, int err) | |
2143 | { | |
2144 | struct hci_conn *conn = data; | |
2145 | ||
2146 | bt_dev_dbg(hdev, "conn %p", conn); | |
2147 | ||
2148 | if (err) { | |
2149 | bt_dev_err(hdev, "Unable to create BIG: %d", err); | |
2150 | hci_connect_cfm(conn, err); | |
2151 | hci_conn_del(conn); | |
2152 | } | |
2153 | } | |
2154 | ||
a0bfde16 IT |
2155 | struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst, |
2156 | struct bt_iso_qos *qos, | |
2157 | __u8 base_len, __u8 *base) | |
eca0ae4a LAD |
2158 | { |
2159 | struct hci_conn *conn; | |
fa224d0c | 2160 | struct hci_conn *parent; |
a0bfde16 | 2161 | __u8 eir[HCI_MAX_PER_AD_LENGTH]; |
fa224d0c IT |
2162 | struct hci_link *link; |
2163 | ||
2164 | /* Look for any BIS that is open for rebinding */ | |
2165 | conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN); | |
2166 | if (conn) { | |
2167 | memcpy(qos, &conn->iso_qos, sizeof(*qos)); | |
2168 | conn->state = BT_CONNECTED; | |
2169 | return conn; | |
2170 | } | |
a0bfde16 IT |
2171 | |
2172 | if (base_len && base) | |
2173 | base_len = eir_append_service_data(eir, 0, 0x1851, | |
2174 | base, base_len); | |
eca0ae4a LAD |
2175 | |
2176 | /* We need hci_conn object using the BDADDR_ANY as dst */ | |
a0bfde16 | 2177 | conn = hci_add_bis(hdev, dst, qos, base_len, eir); |
eca0ae4a LAD |
2178 | if (IS_ERR(conn)) |
2179 | return conn; | |
2180 | ||
a0bfde16 IT |
2181 | /* Update LINK PHYs according to QoS preference */ |
2182 | conn->le_tx_phy = qos->bcast.out.phy; | |
2183 | conn->le_tx_phy = qos->bcast.out.phy; | |
eca0ae4a LAD |
2184 | |
2185 | /* Add Basic Announcement into Peridic Adv Data if BASE is set */ | |
2186 | if (base_len && base) { | |
a0bfde16 | 2187 | memcpy(conn->le_per_adv_data, eir, sizeof(eir)); |
eca0ae4a LAD |
2188 | conn->le_per_adv_data_len = base_len; |
2189 | } | |
2190 | ||
a0bfde16 IT |
2191 | hci_iso_qos_setup(hdev, conn, &qos->bcast.out, |
2192 | conn->le_tx_phy ? conn->le_tx_phy : | |
2193 | hdev->le_tx_def_phys); | |
2194 | ||
2195 | conn->iso_qos = *qos; | |
2196 | conn->state = BT_BOUND; | |
2197 | ||
fa224d0c IT |
2198 | /* Link BISes together */ |
2199 | parent = hci_conn_hash_lookup_big(hdev, | |
2200 | conn->iso_qos.bcast.big); | |
2201 | if (parent && parent != conn) { | |
2202 | link = hci_conn_link(parent, conn); | |
2203 | if (!link) { | |
2204 | hci_conn_drop(conn); | |
2205 | return ERR_PTR(-ENOLINK); | |
2206 | } | |
2207 | ||
2208 | /* Link takes the refcount */ | |
2209 | hci_conn_drop(conn); | |
2210 | } | |
2211 | ||
a0bfde16 IT |
2212 | return conn; |
2213 | } | |
2214 | ||
2215 | static void bis_mark_per_adv(struct hci_conn *conn, void *data) | |
2216 | { | |
2217 | struct iso_list_data *d = data; | |
2218 | ||
2219 | /* Skip if not broadcast/ANY address */ | |
2220 | if (bacmp(&conn->dst, BDADDR_ANY)) | |
2221 | return; | |
2222 | ||
2223 | if (d->big != conn->iso_qos.bcast.big || | |
2224 | d->bis == BT_ISO_QOS_BIS_UNSET || | |
2225 | d->bis != conn->iso_qos.bcast.bis) | |
2226 | return; | |
2227 | ||
2228 | set_bit(HCI_CONN_PER_ADV, &conn->flags); | |
2229 | } | |
2230 | ||
2231 | struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst, | |
2232 | __u8 dst_type, struct bt_iso_qos *qos, | |
2233 | __u8 base_len, __u8 *base) | |
2234 | { | |
2235 | struct hci_conn *conn; | |
2236 | int err; | |
2237 | struct iso_list_data data; | |
2238 | ||
2239 | conn = hci_bind_bis(hdev, dst, qos, base_len, base); | |
2240 | if (IS_ERR(conn)) | |
2241 | return conn; | |
2242 | ||
fa224d0c IT |
2243 | if (conn->state == BT_CONNECTED) |
2244 | return conn; | |
2245 | ||
a0bfde16 IT |
2246 | data.big = qos->bcast.big; |
2247 | data.bis = qos->bcast.bis; | |
2248 | ||
2249 | /* Set HCI_CONN_PER_ADV for all bound connections, to mark that | |
2250 | * the start periodic advertising and create BIG commands have | |
2251 | * been queued | |
2252 | */ | |
2253 | hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK, | |
2254 | BT_BOUND, &data); | |
2255 | ||
eca0ae4a LAD |
2256 | /* Queue start periodic advertising and create BIG */ |
2257 | err = hci_cmd_sync_queue(hdev, create_big_sync, conn, | |
2258 | create_big_complete); | |
2259 | if (err < 0) { | |
2260 | hci_conn_drop(conn); | |
2261 | return ERR_PTR(err); | |
2262 | } | |
2263 | ||
eca0ae4a LAD |
2264 | return conn; |
2265 | } | |
2266 | ||
26afbd82 LAD |
2267 | struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, |
2268 | __u8 dst_type, struct bt_iso_qos *qos) | |
2269 | { | |
2270 | struct hci_conn *le; | |
2271 | struct hci_conn *cis; | |
06149746 | 2272 | struct hci_link *link; |
26afbd82 | 2273 | |
26afbd82 LAD |
2274 | if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) |
2275 | le = hci_connect_le(hdev, dst, dst_type, false, | |
2276 | BT_SECURITY_LOW, | |
2277 | HCI_LE_CONN_TIMEOUT, | |
2e7ed5f5 | 2278 | HCI_ROLE_SLAVE, 0, 0); |
26afbd82 LAD |
2279 | else |
2280 | le = hci_connect_le_scan(hdev, dst, dst_type, | |
2281 | BT_SECURITY_LOW, | |
2282 | HCI_LE_CONN_TIMEOUT, | |
2283 | CONN_REASON_ISO_CONNECT); | |
2284 | if (IS_ERR(le)) | |
2285 | return le; | |
2286 | ||
0fe8c8d0 | 2287 | hci_iso_qos_setup(hdev, le, &qos->ucast.out, |
26afbd82 | 2288 | le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys); |
0fe8c8d0 | 2289 | hci_iso_qos_setup(hdev, le, &qos->ucast.in, |
26afbd82 LAD |
2290 | le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys); |
2291 | ||
2292 | cis = hci_bind_cis(hdev, dst, dst_type, qos); | |
2293 | if (IS_ERR(cis)) { | |
2294 | hci_conn_drop(le); | |
2295 | return cis; | |
2296 | } | |
2297 | ||
06149746 LAD |
2298 | link = hci_conn_link(le, cis); |
2299 | if (!link) { | |
2300 | hci_conn_drop(le); | |
2301 | hci_conn_drop(cis); | |
b4066eb0 | 2302 | return ERR_PTR(-ENOLINK); |
06149746 | 2303 | } |
26afbd82 | 2304 | |
69997d50 PV |
2305 | /* Link takes the refcount */ |
2306 | hci_conn_drop(cis); | |
2307 | ||
7f74563e PV |
2308 | cis->state = BT_CONNECT; |
2309 | ||
2310 | hci_le_create_cis_pending(hdev); | |
26afbd82 LAD |
2311 | |
2312 | return cis; | |
2313 | } | |
2314 | ||
e7c29cb1 MH |
2315 | /* Check link security requirement */ |
2316 | int hci_conn_check_link_mode(struct hci_conn *conn) | |
2317 | { | |
38b3fef1 | 2318 | BT_DBG("hcon %p", conn); |
e7c29cb1 | 2319 | |
40b552aa MH |
2320 | /* In Secure Connections Only mode, it is required that Secure |
2321 | * Connections is used and the link is encrypted with AES-CCM | |
2322 | * using a P-256 authenticated combination key. | |
2323 | */ | |
d7a5a11d | 2324 | if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) { |
40b552aa MH |
2325 | if (!hci_conn_sc_enabled(conn) || |
2326 | !test_bit(HCI_CONN_AES_CCM, &conn->flags) || | |
2327 | conn->key_type != HCI_LK_AUTH_COMBINATION_P256) | |
2328 | return 0; | |
2329 | } | |
2330 | ||
8746f135 LAD |
2331 | /* AES encryption is required for Level 4: |
2332 | * | |
2333 | * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C | |
2334 | * page 1319: | |
2335 | * | |
2336 | * 128-bit equivalent strength for link and encryption keys | |
2337 | * required using FIPS approved algorithms (E0 not allowed, | |
2338 | * SAFER+ not allowed, and P-192 not allowed; encryption key | |
2339 | * not shortened) | |
2340 | */ | |
2341 | if (conn->sec_level == BT_SECURITY_FIPS && | |
2342 | !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { | |
2343 | bt_dev_err(conn->hdev, | |
2344 | "Invalid security: Missing AES-CCM usage"); | |
2345 | return 0; | |
2346 | } | |
2347 | ||
4dae2798 JH |
2348 | if (hci_conn_ssp_enabled(conn) && |
2349 | !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
e7c29cb1 MH |
2350 | return 0; |
2351 | ||
2352 | return 1; | |
2353 | } | |
e7c29cb1 | 2354 | |
1da177e4 | 2355 | /* Authenticate remote device */ |
0684e5f9 | 2356 | static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) |
1da177e4 | 2357 | { |
38b3fef1 | 2358 | BT_DBG("hcon %p", conn); |
1da177e4 | 2359 | |
765c2a96 JH |
2360 | if (conn->pending_sec_level > sec_level) |
2361 | sec_level = conn->pending_sec_level; | |
2362 | ||
96a31833 | 2363 | if (sec_level > conn->sec_level) |
765c2a96 | 2364 | conn->pending_sec_level = sec_level; |
4dae2798 | 2365 | else if (test_bit(HCI_CONN_AUTH, &conn->flags)) |
1da177e4 LT |
2366 | return 1; |
2367 | ||
65cf686e JH |
2368 | /* Make sure we preserve an existing MITM requirement*/ |
2369 | auth_type |= (conn->auth_type & 0x01); | |
2370 | ||
96a31833 MH |
2371 | conn->auth_type = auth_type; |
2372 | ||
51a8efd7 | 2373 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { |
1da177e4 | 2374 | struct hci_cp_auth_requested cp; |
b7d05bad | 2375 | |
aca3192c | 2376 | cp.handle = cpu_to_le16(conn->handle); |
40be492f | 2377 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, |
5974e4c4 | 2378 | sizeof(cp), &cp); |
09da1f34 | 2379 | |
d03376c1 LAD |
2380 | /* Set the ENCRYPT_PEND to trigger encryption after |
2381 | * authentication. | |
09da1f34 | 2382 | */ |
d03376c1 | 2383 | if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) |
09da1f34 | 2384 | set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); |
1da177e4 | 2385 | } |
8c1b2355 | 2386 | |
1da177e4 LT |
2387 | return 0; |
2388 | } | |
1da177e4 | 2389 | |
bb6d6895 | 2390 | /* Encrypt the link */ |
13d39315 WR |
2391 | static void hci_conn_encrypt(struct hci_conn *conn) |
2392 | { | |
38b3fef1 | 2393 | BT_DBG("hcon %p", conn); |
13d39315 | 2394 | |
51a8efd7 | 2395 | if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { |
13d39315 WR |
2396 | struct hci_cp_set_conn_encrypt cp; |
2397 | cp.handle = cpu_to_le16(conn->handle); | |
2398 | cp.encrypt = 0x01; | |
2399 | hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), | |
5974e4c4 | 2400 | &cp); |
13d39315 WR |
2401 | } |
2402 | } | |
2403 | ||
8c1b2355 | 2404 | /* Enable security */ |
e7cafc45 JH |
2405 | int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, |
2406 | bool initiator) | |
1da177e4 | 2407 | { |
38b3fef1 | 2408 | BT_DBG("hcon %p", conn); |
1da177e4 | 2409 | |
d8343f12 VCG |
2410 | if (conn->type == LE_LINK) |
2411 | return smp_conn_security(conn, sec_level); | |
2412 | ||
13d39315 | 2413 | /* For sdp we don't need the link key. */ |
8c1b2355 MH |
2414 | if (sec_level == BT_SECURITY_SDP) |
2415 | return 1; | |
2416 | ||
13d39315 WR |
2417 | /* For non 2.1 devices and low security level we don't need the link |
2418 | key. */ | |
aa64a8b5 | 2419 | if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn)) |
3fdca1e1 | 2420 | return 1; |
8c1b2355 | 2421 | |
13d39315 | 2422 | /* For other security levels we need the link key. */ |
4dae2798 | 2423 | if (!test_bit(HCI_CONN_AUTH, &conn->flags)) |
13d39315 WR |
2424 | goto auth; |
2425 | ||
1d8e8014 YH |
2426 | switch (conn->key_type) { |
2427 | case HCI_LK_AUTH_COMBINATION_P256: | |
2428 | /* An authenticated FIPS approved combination key has | |
2429 | * sufficient security for security level 4 or lower. | |
2430 | */ | |
2431 | if (sec_level <= BT_SECURITY_FIPS) | |
2432 | goto encrypt; | |
2433 | break; | |
2434 | case HCI_LK_AUTH_COMBINATION_P192: | |
2435 | /* An authenticated combination key has sufficient security for | |
2436 | * security level 3 or lower. | |
2437 | */ | |
2438 | if (sec_level <= BT_SECURITY_HIGH) | |
2439 | goto encrypt; | |
2440 | break; | |
2441 | case HCI_LK_UNAUTH_COMBINATION_P192: | |
2442 | case HCI_LK_UNAUTH_COMBINATION_P256: | |
2443 | /* An unauthenticated combination key has sufficient security | |
2444 | * for security level 2 or lower. | |
2445 | */ | |
2446 | if (sec_level <= BT_SECURITY_MEDIUM) | |
2447 | goto encrypt; | |
2448 | break; | |
2449 | case HCI_LK_COMBINATION: | |
2450 | /* A combination key has always sufficient security for the | |
2451 | * security levels 2 or lower. High security level requires the | |
2452 | * combination key is generated using maximum PIN code length | |
2453 | * (16). For pre 2.1 units. | |
2454 | */ | |
2455 | if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16) | |
2456 | goto encrypt; | |
2457 | break; | |
2458 | default: | |
2459 | break; | |
2460 | } | |
13d39315 WR |
2461 | |
2462 | auth: | |
51a8efd7 | 2463 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) |
1da177e4 LT |
2464 | return 0; |
2465 | ||
977f8fce JH |
2466 | if (initiator) |
2467 | set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); | |
2468 | ||
6fdf658c LAD |
2469 | if (!hci_conn_auth(conn, sec_level, auth_type)) |
2470 | return 0; | |
13d39315 WR |
2471 | |
2472 | encrypt: | |
693cd8ce MH |
2473 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) { |
2474 | /* Ensure that the encryption key size has been read, | |
2475 | * otherwise stall the upper layer responses. | |
2476 | */ | |
2477 | if (!conn->enc_key_size) | |
2478 | return 0; | |
2479 | ||
2480 | /* Nothing else needed, all requirements are met */ | |
13d39315 | 2481 | return 1; |
693cd8ce | 2482 | } |
8c1b2355 | 2483 | |
13d39315 | 2484 | hci_conn_encrypt(conn); |
1da177e4 LT |
2485 | return 0; |
2486 | } | |
8c1b2355 | 2487 | EXPORT_SYMBOL(hci_conn_security); |
1da177e4 | 2488 | |
b3b1b061 WR |
2489 | /* Check secure link requirement */ |
2490 | int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) | |
2491 | { | |
38b3fef1 | 2492 | BT_DBG("hcon %p", conn); |
b3b1b061 | 2493 | |
9cb2e030 MH |
2494 | /* Accept if non-secure or higher security level is required */ |
2495 | if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) | |
2496 | return 1; | |
b3b1b061 | 2497 | |
9cb2e030 MH |
2498 | /* Accept if secure or higher security level is already present */ |
2499 | if (conn->sec_level == BT_SECURITY_HIGH || | |
2500 | conn->sec_level == BT_SECURITY_FIPS) | |
b3b1b061 WR |
2501 | return 1; |
2502 | ||
9cb2e030 MH |
2503 | /* Reject not secure link */ |
2504 | return 0; | |
b3b1b061 WR |
2505 | } |
2506 | EXPORT_SYMBOL(hci_conn_check_secure); | |
2507 | ||
1da177e4 | 2508 | /* Switch role */ |
8c1b2355 | 2509 | int hci_conn_switch_role(struct hci_conn *conn, __u8 role) |
1da177e4 | 2510 | { |
38b3fef1 | 2511 | BT_DBG("hcon %p", conn); |
1da177e4 | 2512 | |
40bef302 | 2513 | if (role == conn->role) |
1da177e4 LT |
2514 | return 1; |
2515 | ||
51a8efd7 | 2516 | if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) { |
1da177e4 LT |
2517 | struct hci_cp_switch_role cp; |
2518 | bacpy(&cp.bdaddr, &conn->dst); | |
2519 | cp.role = role; | |
a9de9248 | 2520 | hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); |
1da177e4 | 2521 | } |
8c1b2355 | 2522 | |
1da177e4 LT |
2523 | return 0; |
2524 | } | |
2525 | EXPORT_SYMBOL(hci_conn_switch_role); | |
2526 | ||
04837f64 | 2527 | /* Enter active mode */ |
14b12d0b | 2528 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) |
04837f64 MH |
2529 | { |
2530 | struct hci_dev *hdev = conn->hdev; | |
2531 | ||
38b3fef1 | 2532 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
04837f64 | 2533 | |
14b12d0b JG |
2534 | if (conn->mode != HCI_CM_SNIFF) |
2535 | goto timer; | |
2536 | ||
58a681ef | 2537 | if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active) |
04837f64 MH |
2538 | goto timer; |
2539 | ||
51a8efd7 | 2540 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
04837f64 | 2541 | struct hci_cp_exit_sniff_mode cp; |
aca3192c | 2542 | cp.handle = cpu_to_le16(conn->handle); |
a9de9248 | 2543 | hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); |
04837f64 MH |
2544 | } |
2545 | ||
2546 | timer: | |
2547 | if (hdev->idle_timeout > 0) | |
a74a84f6 JH |
2548 | queue_delayed_work(hdev->workqueue, &conn->idle_work, |
2549 | msecs_to_jiffies(hdev->idle_timeout)); | |
04837f64 MH |
2550 | } |
2551 | ||
1da177e4 LT |
2552 | /* Drop all connection on the device */ |
2553 | void hci_conn_hash_flush(struct hci_dev *hdev) | |
2554 | { | |
a2ac591c RL |
2555 | struct list_head *head = &hdev->conn_hash.list; |
2556 | struct hci_conn *conn; | |
1da177e4 LT |
2557 | |
2558 | BT_DBG("hdev %s", hdev->name); | |
2559 | ||
a2ac591c RL |
2560 | /* We should not traverse the list here, because hci_conn_del |
2561 | * can remove extra links, which may cause the list traversal | |
2562 | * to hit items that have already been released. | |
2563 | */ | |
2564 | while ((conn = list_first_entry_or_null(head, | |
2565 | struct hci_conn, | |
2566 | list)) != NULL) { | |
2567 | conn->state = BT_CLOSED; | |
2568 | hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM); | |
a2ac591c | 2569 | hci_conn_del(conn); |
1da177e4 LT |
2570 | } |
2571 | } | |
2572 | ||
4dae2798 JH |
2573 | static u32 get_link_mode(struct hci_conn *conn) |
2574 | { | |
2575 | u32 link_mode = 0; | |
2576 | ||
40bef302 | 2577 | if (conn->role == HCI_ROLE_MASTER) |
4dae2798 JH |
2578 | link_mode |= HCI_LM_MASTER; |
2579 | ||
2580 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
2581 | link_mode |= HCI_LM_ENCRYPT; | |
2582 | ||
2583 | if (test_bit(HCI_CONN_AUTH, &conn->flags)) | |
2584 | link_mode |= HCI_LM_AUTH; | |
2585 | ||
2586 | if (test_bit(HCI_CONN_SECURE, &conn->flags)) | |
2587 | link_mode |= HCI_LM_SECURE; | |
2588 | ||
2589 | if (test_bit(HCI_CONN_FIPS, &conn->flags)) | |
2590 | link_mode |= HCI_LM_FIPS; | |
2591 | ||
2592 | return link_mode; | |
2593 | } | |
2594 | ||
1da177e4 LT |
2595 | int hci_get_conn_list(void __user *arg) |
2596 | { | |
fc5fef61 | 2597 | struct hci_conn *c; |
1da177e4 LT |
2598 | struct hci_conn_list_req req, *cl; |
2599 | struct hci_conn_info *ci; | |
2600 | struct hci_dev *hdev; | |
1da177e4 LT |
2601 | int n = 0, size, err; |
2602 | ||
2603 | if (copy_from_user(&req, arg, sizeof(req))) | |
2604 | return -EFAULT; | |
2605 | ||
2606 | if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) | |
2607 | return -EINVAL; | |
2608 | ||
2609 | size = sizeof(req) + req.conn_num * sizeof(*ci); | |
2610 | ||
70f23020 AE |
2611 | cl = kmalloc(size, GFP_KERNEL); |
2612 | if (!cl) | |
1da177e4 LT |
2613 | return -ENOMEM; |
2614 | ||
70f23020 AE |
2615 | hdev = hci_dev_get(req.dev_id); |
2616 | if (!hdev) { | |
1da177e4 LT |
2617 | kfree(cl); |
2618 | return -ENODEV; | |
2619 | } | |
2620 | ||
2621 | ci = cl->conn_info; | |
2622 | ||
09fd0de5 | 2623 | hci_dev_lock(hdev); |
8035ded4 | 2624 | list_for_each_entry(c, &hdev->conn_hash.list, list) { |
1da177e4 LT |
2625 | bacpy(&(ci + n)->bdaddr, &c->dst); |
2626 | (ci + n)->handle = c->handle; | |
2627 | (ci + n)->type = c->type; | |
2628 | (ci + n)->out = c->out; | |
2629 | (ci + n)->state = c->state; | |
4dae2798 | 2630 | (ci + n)->link_mode = get_link_mode(c); |
1da177e4 LT |
2631 | if (++n >= req.conn_num) |
2632 | break; | |
2633 | } | |
09fd0de5 | 2634 | hci_dev_unlock(hdev); |
1da177e4 LT |
2635 | |
2636 | cl->dev_id = hdev->id; | |
2637 | cl->conn_num = n; | |
2638 | size = sizeof(req) + n * sizeof(*ci); | |
2639 | ||
2640 | hci_dev_put(hdev); | |
2641 | ||
2642 | err = copy_to_user(arg, cl, size); | |
2643 | kfree(cl); | |
2644 | ||
2645 | return err ? -EFAULT : 0; | |
2646 | } | |
2647 | ||
2648 | int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) | |
2649 | { | |
2650 | struct hci_conn_info_req req; | |
2651 | struct hci_conn_info ci; | |
2652 | struct hci_conn *conn; | |
2653 | char __user *ptr = arg + sizeof(req); | |
2654 | ||
2655 | if (copy_from_user(&req, arg, sizeof(req))) | |
2656 | return -EFAULT; | |
2657 | ||
09fd0de5 | 2658 | hci_dev_lock(hdev); |
1da177e4 LT |
2659 | conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); |
2660 | if (conn) { | |
2661 | bacpy(&ci.bdaddr, &conn->dst); | |
2662 | ci.handle = conn->handle; | |
2663 | ci.type = conn->type; | |
2664 | ci.out = conn->out; | |
2665 | ci.state = conn->state; | |
4dae2798 | 2666 | ci.link_mode = get_link_mode(conn); |
1da177e4 | 2667 | } |
09fd0de5 | 2668 | hci_dev_unlock(hdev); |
1da177e4 LT |
2669 | |
2670 | if (!conn) | |
2671 | return -ENOENT; | |
2672 | ||
2673 | return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; | |
2674 | } | |
40be492f MH |
2675 | |
2676 | int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) | |
2677 | { | |
2678 | struct hci_auth_info_req req; | |
2679 | struct hci_conn *conn; | |
2680 | ||
2681 | if (copy_from_user(&req, arg, sizeof(req))) | |
2682 | return -EFAULT; | |
2683 | ||
09fd0de5 | 2684 | hci_dev_lock(hdev); |
40be492f MH |
2685 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); |
2686 | if (conn) | |
2687 | req.type = conn->auth_type; | |
09fd0de5 | 2688 | hci_dev_unlock(hdev); |
40be492f MH |
2689 | |
2690 | if (!conn) | |
2691 | return -ENOENT; | |
2692 | ||
2693 | return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; | |
2694 | } | |
73d80deb LAD |
2695 | |
2696 | struct hci_chan *hci_chan_create(struct hci_conn *conn) | |
2697 | { | |
2698 | struct hci_dev *hdev = conn->hdev; | |
2699 | struct hci_chan *chan; | |
2700 | ||
38b3fef1 | 2701 | BT_DBG("%s hcon %p", hdev->name, conn); |
73d80deb | 2702 | |
f94b665d JH |
2703 | if (test_bit(HCI_CONN_DROP, &conn->flags)) { |
2704 | BT_DBG("Refusing to create new hci_chan"); | |
2705 | return NULL; | |
2706 | } | |
2707 | ||
27f70f3e | 2708 | chan = kzalloc(sizeof(*chan), GFP_KERNEL); |
73d80deb LAD |
2709 | if (!chan) |
2710 | return NULL; | |
2711 | ||
6c388d32 | 2712 | chan->conn = hci_conn_get(conn); |
73d80deb | 2713 | skb_queue_head_init(&chan->data_q); |
168df8e5 | 2714 | chan->state = BT_CONNECTED; |
73d80deb | 2715 | |
8192edef | 2716 | list_add_rcu(&chan->list, &conn->chan_list); |
73d80deb LAD |
2717 | |
2718 | return chan; | |
2719 | } | |
2720 | ||
9472007c | 2721 | void hci_chan_del(struct hci_chan *chan) |
73d80deb LAD |
2722 | { |
2723 | struct hci_conn *conn = chan->conn; | |
2724 | struct hci_dev *hdev = conn->hdev; | |
2725 | ||
38b3fef1 | 2726 | BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan); |
73d80deb | 2727 | |
8192edef GP |
2728 | list_del_rcu(&chan->list); |
2729 | ||
2730 | synchronize_rcu(); | |
73d80deb | 2731 | |
bcbb655a | 2732 | /* Prevent new hci_chan's to be created for this hci_conn */ |
f94b665d | 2733 | set_bit(HCI_CONN_DROP, &conn->flags); |
b3ff670a | 2734 | |
6c388d32 | 2735 | hci_conn_put(conn); |
e9b02748 | 2736 | |
73d80deb LAD |
2737 | skb_queue_purge(&chan->data_q); |
2738 | kfree(chan); | |
73d80deb LAD |
2739 | } |
2740 | ||
2c33c06a | 2741 | void hci_chan_list_flush(struct hci_conn *conn) |
73d80deb | 2742 | { |
2a5a5ec6 | 2743 | struct hci_chan *chan, *n; |
73d80deb | 2744 | |
38b3fef1 | 2745 | BT_DBG("hcon %p", conn); |
73d80deb | 2746 | |
2a5a5ec6 | 2747 | list_for_each_entry_safe(chan, n, &conn->chan_list, list) |
73d80deb LAD |
2748 | hci_chan_del(chan); |
2749 | } | |
42c4e53e AE |
2750 | |
2751 | static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, | |
2752 | __u16 handle) | |
2753 | { | |
2754 | struct hci_chan *hchan; | |
2755 | ||
2756 | list_for_each_entry(hchan, &hcon->chan_list, list) { | |
2757 | if (hchan->handle == handle) | |
2758 | return hchan; | |
2759 | } | |
2760 | ||
2761 | return NULL; | |
2762 | } | |
2763 | ||
2764 | struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle) | |
2765 | { | |
2766 | struct hci_conn_hash *h = &hdev->conn_hash; | |
2767 | struct hci_conn *hcon; | |
2768 | struct hci_chan *hchan = NULL; | |
2769 | ||
2770 | rcu_read_lock(); | |
2771 | ||
2772 | list_for_each_entry_rcu(hcon, &h->list, list) { | |
2773 | hchan = __hci_chan_lookup_handle(hcon, handle); | |
2774 | if (hchan) | |
2775 | break; | |
2776 | } | |
2777 | ||
2778 | rcu_read_unlock(); | |
2779 | ||
2780 | return hchan; | |
2781 | } | |
eab2404b LAD |
2782 | |
2783 | u32 hci_conn_get_phy(struct hci_conn *conn) | |
2784 | { | |
2785 | u32 phys = 0; | |
2786 | ||
eab2404b LAD |
2787 | /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471: |
2788 | * Table 6.2: Packets defined for synchronous, asynchronous, and | |
6397729b | 2789 | * CPB logical transport types. |
eab2404b LAD |
2790 | */ |
2791 | switch (conn->type) { | |
2792 | case SCO_LINK: | |
2793 | /* SCO logical transport (1 Mb/s): | |
2794 | * HV1, HV2, HV3 and DV. | |
2795 | */ | |
2796 | phys |= BT_PHY_BR_1M_1SLOT; | |
2797 | ||
2798 | break; | |
2799 | ||
2800 | case ACL_LINK: | |
2801 | /* ACL logical transport (1 Mb/s) ptt=0: | |
2802 | * DH1, DM3, DH3, DM5 and DH5. | |
2803 | */ | |
2804 | phys |= BT_PHY_BR_1M_1SLOT; | |
2805 | ||
2806 | if (conn->pkt_type & (HCI_DM3 | HCI_DH3)) | |
2807 | phys |= BT_PHY_BR_1M_3SLOT; | |
2808 | ||
2809 | if (conn->pkt_type & (HCI_DM5 | HCI_DH5)) | |
2810 | phys |= BT_PHY_BR_1M_5SLOT; | |
2811 | ||
2812 | /* ACL logical transport (2 Mb/s) ptt=1: | |
2813 | * 2-DH1, 2-DH3 and 2-DH5. | |
2814 | */ | |
2815 | if (!(conn->pkt_type & HCI_2DH1)) | |
2816 | phys |= BT_PHY_EDR_2M_1SLOT; | |
2817 | ||
2818 | if (!(conn->pkt_type & HCI_2DH3)) | |
2819 | phys |= BT_PHY_EDR_2M_3SLOT; | |
2820 | ||
2821 | if (!(conn->pkt_type & HCI_2DH5)) | |
2822 | phys |= BT_PHY_EDR_2M_5SLOT; | |
2823 | ||
2824 | /* ACL logical transport (3 Mb/s) ptt=1: | |
2825 | * 3-DH1, 3-DH3 and 3-DH5. | |
2826 | */ | |
2827 | if (!(conn->pkt_type & HCI_3DH1)) | |
2828 | phys |= BT_PHY_EDR_3M_1SLOT; | |
2829 | ||
2830 | if (!(conn->pkt_type & HCI_3DH3)) | |
2831 | phys |= BT_PHY_EDR_3M_3SLOT; | |
2832 | ||
2833 | if (!(conn->pkt_type & HCI_3DH5)) | |
2834 | phys |= BT_PHY_EDR_3M_5SLOT; | |
2835 | ||
2836 | break; | |
2837 | ||
2838 | case ESCO_LINK: | |
2839 | /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */ | |
2840 | phys |= BT_PHY_BR_1M_1SLOT; | |
2841 | ||
2842 | if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5))) | |
2843 | phys |= BT_PHY_BR_1M_3SLOT; | |
2844 | ||
2845 | /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */ | |
2846 | if (!(conn->pkt_type & ESCO_2EV3)) | |
2847 | phys |= BT_PHY_EDR_2M_1SLOT; | |
2848 | ||
2849 | if (!(conn->pkt_type & ESCO_2EV5)) | |
2850 | phys |= BT_PHY_EDR_2M_3SLOT; | |
2851 | ||
2852 | /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */ | |
2853 | if (!(conn->pkt_type & ESCO_3EV3)) | |
2854 | phys |= BT_PHY_EDR_3M_1SLOT; | |
2855 | ||
2856 | if (!(conn->pkt_type & ESCO_3EV5)) | |
2857 | phys |= BT_PHY_EDR_3M_3SLOT; | |
2858 | ||
2859 | break; | |
2860 | ||
2861 | case LE_LINK: | |
2862 | if (conn->le_tx_phy & HCI_LE_SET_PHY_1M) | |
2863 | phys |= BT_PHY_LE_1M_TX; | |
2864 | ||
2865 | if (conn->le_rx_phy & HCI_LE_SET_PHY_1M) | |
2866 | phys |= BT_PHY_LE_1M_RX; | |
2867 | ||
2868 | if (conn->le_tx_phy & HCI_LE_SET_PHY_2M) | |
2869 | phys |= BT_PHY_LE_2M_TX; | |
2870 | ||
2871 | if (conn->le_rx_phy & HCI_LE_SET_PHY_2M) | |
2872 | phys |= BT_PHY_LE_2M_RX; | |
2873 | ||
2874 | if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED) | |
2875 | phys |= BT_PHY_LE_CODED_TX; | |
2876 | ||
2877 | if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED) | |
2878 | phys |= BT_PHY_LE_CODED_RX; | |
2879 | ||
2880 | break; | |
2881 | } | |
2882 | ||
eab2404b LAD |
2883 | return phys; |
2884 | } | |
1a942de0 | 2885 | |
a13f316e | 2886 | static int abort_conn_sync(struct hci_dev *hdev, void *data) |
1a942de0 | 2887 | { |
881559af | 2888 | struct hci_conn *conn = data; |
1a942de0 | 2889 | |
881559af LAD |
2890 | if (!hci_conn_valid(hdev, conn)) |
2891 | return -ECANCELED; | |
b62e7220 | 2892 | |
a13f316e LAD |
2893 | return hci_abort_conn_sync(hdev, conn, conn->abort_reason); |
2894 | } | |
1a942de0 | 2895 | |
a13f316e LAD |
2896 | int hci_abort_conn(struct hci_conn *conn, u8 reason) |
2897 | { | |
2898 | struct hci_dev *hdev = conn->hdev; | |
1a942de0 | 2899 | |
a13f316e LAD |
2900 | /* If abort_reason has already been set it means the connection is |
2901 | * already being aborted so don't attempt to overwrite it. | |
2902 | */ | |
2903 | if (conn->abort_reason) | |
2904 | return 0; | |
1a942de0 | 2905 | |
a13f316e | 2906 | bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason); |
1a942de0 | 2907 | |
a13f316e | 2908 | conn->abort_reason = reason; |
1a942de0 | 2909 | |
a13f316e LAD |
2910 | /* If the connection is pending check the command opcode since that |
2911 | * might be blocking on hci_cmd_sync_work while waiting its respective | |
2912 | * event so we need to hci_cmd_sync_cancel to cancel it. | |
04a51d61 LAD |
2913 | * |
2914 | * hci_connect_le serializes the connection attempts so only one | |
2915 | * connection can be in BT_CONNECT at time. | |
a13f316e LAD |
2916 | */ |
2917 | if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) { | |
2918 | switch (hci_skb_event(hdev->sent_cmd)) { | |
5f641f03 | 2919 | case HCI_EV_CONN_COMPLETE: |
a13f316e LAD |
2920 | case HCI_EV_LE_CONN_COMPLETE: |
2921 | case HCI_EV_LE_ENHANCED_CONN_COMPLETE: | |
2922 | case HCI_EVT_LE_CIS_ESTABLISHED: | |
2615fd9a | 2923 | hci_cmd_sync_cancel(hdev, ECANCELED); |
a13f316e | 2924 | break; |
1a942de0 | 2925 | } |
881559af LAD |
2926 | /* Cancel connect attempt if still queued/pending */ |
2927 | } else if (!hci_cancel_connect_sync(hdev, conn)) { | |
2928 | return 0; | |
1a942de0 BG |
2929 | } |
2930 | ||
881559af | 2931 | return hci_cmd_sync_queue_once(hdev, abort_conn_sync, conn, NULL); |
1a942de0 | 2932 | } |