projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branches 'pm-cpuidle', 'pm-sleep' and 'pm-powercap'
[linux-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
02171da6 4 Copyright 2023-2024 NXP
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI connection handling. */
27
8c520a59 28#include <linux/export.h>
23b9ceb7 29#include <linux/debugfs.h>
1da177e4
LT		 30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
eca0ae4a
LAD		 34#include <net/bluetooth/iso.h>
35#include <net/bluetooth/mgmt.h>
1da177e4 36
0857dd3b 37#include "hci_request.h"
ac4b7236 38#include "smp.h"
eca0ae4a 39#include "eir.h"
7024728e 40
2dea632f
FD		 41struct sco_param {
42 u16 pkt_type;
43 u16 max_latency;
c7da5797 44 u8 retrans_effort;
2dea632f
FD		 45};
46
e07a06b4
BG		 47struct conn_handle_t {
48 struct hci_conn *conn;
49 __u16 handle;
50};
51
48e68ff5 52static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 53 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
55 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
56 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
57 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 58};
59
48e68ff5 60static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 61 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
62 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 63};
64
565766b0 65static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 66 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
67 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 68};
69
f75113a2 70/* This function requires the caller holds hdev->lock */
881559af 71void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
f75113a2
JP		 72{
73 struct hci_conn_params *params;
b5c2b621 74 struct hci_dev *hdev = conn->hdev;
f75113a2
JP		 75 struct smp_irk *irk;
76 bdaddr_t *bdaddr;
77 u8 bdaddr_type;
78
79 bdaddr = &conn->dst;
80 bdaddr_type = conn->dst_type;
81
82 /* Check if we need to convert to identity address */
b5c2b621 83 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
f75113a2
JP		 84 if (irk) {
85 bdaddr = &irk->bdaddr;
86 bdaddr_type = irk->addr_type;
87 }
88
17bc08f0
JH		 89 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
90 bdaddr_type);
19cf60bf 91 if (!params)
f75113a2
JP		 92 return;
93
19cf60bf
LAD		 94 if (params->conn) {
95 hci_conn_drop(params->conn);
96 hci_conn_put(params->conn);
97 params->conn = NULL;
98 }
99
100 if (!params->explicit_connect)
101 return;
102
103 /* If the status indicates successful cancellation of
104 * the attempt (i.e. Unknown Connection Id) there's no point of
105 * notifying failure since we'll go back to keep trying to
106 * connect. The only exception is explicit connect requests
107 * where a timeout + cancel does indicate an actual failure.
108 */
109 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
110 mgmt_connect_failed(hdev, &conn->dst, conn->type,
111 conn->dst_type, status);
112
f75113a2
JP		 113 /* The connection attempt was doing scan for new RPA, and is
114 * in scan phase. If params are not associated with any other
115 * autoconnect action, remove them completely. If they are, just unmark
116 * them as waiting for connection, by clearing explicit_connect field.
117 */
9ad3e6ff
JH		 118 params->explicit_connect = false;
119
195ef75e 120 hci_pend_le_list_del_init(params);
9ad3e6ff
JH		 121
122 switch (params->auto_connect) {
123 case HCI_AUTO_CONN_EXPLICIT:
b5c2b621 124 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
9ad3e6ff
JH		 125 /* return instead of break to avoid duplicate scan update */
126 return;
127 case HCI_AUTO_CONN_DIRECT:
128 case HCI_AUTO_CONN_ALWAYS:
195ef75e 129 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9ad3e6ff
JH		 130 break;
131 case HCI_AUTO_CONN_REPORT:
195ef75e 132 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9ad3e6ff
JH		 133 break;
134 default:
135 break;
168b8a25 136 }
9ad3e6ff 137
5bee2fd6 138 hci_update_passive_scan(hdev);
f75113a2
JP		 139}
140
b958f9a3
JH		 141static void hci_conn_cleanup(struct hci_conn *conn)
142{
143 struct hci_dev *hdev = conn->hdev;
144
145 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
146 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
147
629f66aa
AM		 148 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
149 hci_remove_link_key(hdev, &conn->dst);
150
b958f9a3
JH		 151 hci_chan_list_flush(conn);
152
153 hci_conn_hash_del(hdev, conn);
154
181a42ed
ZX		 155 if (HCI_CONN_HANDLE_UNSET(conn->handle))
156 ida_free(&hdev->unset_handle_ida, conn->handle);
157
26afbd82
LAD		 158 if (conn->cleanup)
159 conn->cleanup(conn);
160
1f8330ea
SN		 161 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
162 switch (conn->setting & SCO_AIRMODE_MASK) {
163 case SCO_AIRMODE_CVSD:
164 case SCO_AIRMODE_TRANSP:
165 if (hdev->notify)
166 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
167 break;
168 }
169 } else {
170 if (hdev->notify)
171 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
172 }
b958f9a3 173
b958f9a3
JH		 174 debugfs_remove_recursive(conn->debugfs);
175
a85fb91e 176 hci_conn_del_sysfs(conn);
b958f9a3 177
a85fb91e 178 hci_dev_put(hdev);
b958f9a3
JH		 179}
180
e3b679d5 181int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4 182{
38b3fef1 183 BT_DBG("hcon %p", conn);
1da177e4 184
74be523c 185 /* When we are central of an established connection and it enters
839035a7
JH		 186 * the disconnect timeout, then go ahead and try to read the
187 * current clock offset. Processing of the result is done
188 * within the event handling and hci_clock_offset_evt function.
189 */
88d07feb
JH		 190 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
191 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
839035a7 192 struct hci_dev *hdev = conn->hdev;
4f639ede 193 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 194
4f639ede
FF		 195 clkoff_cp.handle = cpu_to_le16(conn->handle);
196 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
197 &clkoff_cp);
839035a7
JH		 198 }
199
88d07feb 200 return hci_abort_conn(conn, reason);
1da177e4
LT		 201}
202
57f5d0d1 203static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 204{
205 struct hci_dev *hdev = conn->hdev;
206 struct hci_cp_add_sco cp;
207
38b3fef1 208 BT_DBG("hcon %p", conn);
1da177e4
LT		 209
210 conn->state = BT_CONNECT;
a0c808b3 211 conn->out = true;
1da177e4 212
efc7688b
MH		 213 conn->attempt++;
214
aca3192c 215 cp.handle = cpu_to_le16(handle);
a8746417 216 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 217
a9de9248 218 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 219}
220
8b1c324c
YL		 221static bool find_next_esco_param(struct hci_conn *conn,
222 const struct sco_param *esco_param, int size)
223{
06149746
LAD		 224 if (!conn->parent)
225 return false;
226
8b1c324c 227 for (; conn->attempt <= size; conn->attempt++) {
06149746 228 if (lmp_esco_2m_capable(conn->parent) ||
8b1c324c
YL		 229 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
230 break;
231 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
232 conn, conn->attempt);
233 }
234
235 return conn->attempt <= size;
236}
237
e07a06b4 238static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
b2af264a 239{
e07a06b4
BG		 240 int err;
241 __u8 vnd_len, *vnd_data = NULL;
242 struct hci_op_configure_data_path *cmd = NULL;
243
132d0fd0
ZH		 244 if (!codec->data_path || !hdev->get_codec_config_data)
245 return 0;
246
247 /* Do not take me as error */
248 if (!hdev->get_codec_config_data)
249 return 0;
250
e07a06b4
BG		 251 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
252 &vnd_data);
253 if (err < 0)
254 goto error;
255
256 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
257 if (!cmd) {
258 err = -ENOMEM;
259 goto error;
260 }
261
262 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
263 if (err < 0)
264 goto error;
265
266 cmd->vnd_len = vnd_len;
267 memcpy(cmd->vnd_data, vnd_data, vnd_len);
268
269 cmd->direction = 0x00;
270 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
271 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
272
273 cmd->direction = 0x01;
274 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
275 sizeof(*cmd) + vnd_len, cmd,
276 HCI_CMD_TIMEOUT);
277error:
278
279 kfree(cmd);
280 kfree(vnd_data);
281 return err;
282}
283
284static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
285{
286 struct conn_handle_t *conn_handle = data;
287 struct hci_conn *conn = conn_handle->conn;
288 __u16 handle = conn_handle->handle;
b2af264a
K		 289 struct hci_cp_enhanced_setup_sync_conn cp;
290 const struct sco_param *param;
291
e07a06b4
BG		 292 kfree(conn_handle);
293
b2af264a
K		 294 bt_dev_dbg(hdev, "hcon %p", conn);
295
132d0fd0 296 configure_datapath_sync(hdev, &conn->codec);
9798fbde 297
b2af264a
K		 298 conn->state = BT_CONNECT;
299 conn->out = true;
300
301 conn->attempt++;
302
303 memset(&cp, 0x00, sizeof(cp));
304
305 cp.handle = cpu_to_le16(handle);
306
307 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
308 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
309
310 switch (conn->codec.id) {
904c139a
K		 311 case BT_CODEC_MSBC:
312 if (!find_next_esco_param(conn, esco_param_msbc,
313 ARRAY_SIZE(esco_param_msbc)))
e07a06b4 314 return -EINVAL;
904c139a
K		 315
316 param = &esco_param_msbc[conn->attempt - 1];
317 cp.tx_coding_format.id = 0x05;
318 cp.rx_coding_format.id = 0x05;
319 cp.tx_codec_frame_size = __cpu_to_le16(60);
320 cp.rx_codec_frame_size = __cpu_to_le16(60);
321 cp.in_bandwidth = __cpu_to_le32(32000);
322 cp.out_bandwidth = __cpu_to_le32(32000);
323 cp.in_coding_format.id = 0x04;
324 cp.out_coding_format.id = 0x04;
325 cp.in_coded_data_size = __cpu_to_le16(16);
326 cp.out_coded_data_size = __cpu_to_le16(16);
327 cp.in_pcm_data_format = 2;
328 cp.out_pcm_data_format = 2;
329 cp.in_pcm_sample_payload_msb_pos = 0;
330 cp.out_pcm_sample_payload_msb_pos = 0;
331 cp.in_data_path = conn->codec.data_path;
332 cp.out_data_path = conn->codec.data_path;
333 cp.in_transport_unit_size = 1;
334 cp.out_transport_unit_size = 1;
335 break;
336
b2af264a
K		 337 case BT_CODEC_TRANSPARENT:
338 if (!find_next_esco_param(conn, esco_param_msbc,
339 ARRAY_SIZE(esco_param_msbc)))
340 return false;
341 param = &esco_param_msbc[conn->attempt - 1];
342 cp.tx_coding_format.id = 0x03;
343 cp.rx_coding_format.id = 0x03;
344 cp.tx_codec_frame_size = __cpu_to_le16(60);
345 cp.rx_codec_frame_size = __cpu_to_le16(60);
346 cp.in_bandwidth = __cpu_to_le32(0x1f40);
347 cp.out_bandwidth = __cpu_to_le32(0x1f40);
348 cp.in_coding_format.id = 0x03;
349 cp.out_coding_format.id = 0x03;
350 cp.in_coded_data_size = __cpu_to_le16(16);
351 cp.out_coded_data_size = __cpu_to_le16(16);
352 cp.in_pcm_data_format = 2;
353 cp.out_pcm_data_format = 2;
354 cp.in_pcm_sample_payload_msb_pos = 0;
355 cp.out_pcm_sample_payload_msb_pos = 0;
356 cp.in_data_path = conn->codec.data_path;
357 cp.out_data_path = conn->codec.data_path;
358 cp.in_transport_unit_size = 1;
359 cp.out_transport_unit_size = 1;
360 break;
361
362 case BT_CODEC_CVSD:
06149746 363 if (conn->parent && lmp_esco_capable(conn->parent)) {
b2af264a
K		 364 if (!find_next_esco_param(conn, esco_param_cvsd,
365 ARRAY_SIZE(esco_param_cvsd)))
e07a06b4 366 return -EINVAL;
b2af264a
K		 367 param = &esco_param_cvsd[conn->attempt - 1];
368 } else {
369 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
e07a06b4 370 return -EINVAL;
b2af264a
K		 371 param = &sco_param_cvsd[conn->attempt - 1];
372 }
373 cp.tx_coding_format.id = 2;
374 cp.rx_coding_format.id = 2;
375 cp.tx_codec_frame_size = __cpu_to_le16(60);
376 cp.rx_codec_frame_size = __cpu_to_le16(60);
377 cp.in_bandwidth = __cpu_to_le32(16000);
378 cp.out_bandwidth = __cpu_to_le32(16000);
379 cp.in_coding_format.id = 4;
380 cp.out_coding_format.id = 4;
381 cp.in_coded_data_size = __cpu_to_le16(16);
382 cp.out_coded_data_size = __cpu_to_le16(16);
383 cp.in_pcm_data_format = 2;
384 cp.out_pcm_data_format = 2;
385 cp.in_pcm_sample_payload_msb_pos = 0;
386 cp.out_pcm_sample_payload_msb_pos = 0;
387 cp.in_data_path = conn->codec.data_path;
388 cp.out_data_path = conn->codec.data_path;
389 cp.in_transport_unit_size = 16;
390 cp.out_transport_unit_size = 16;
391 break;
392 default:
e07a06b4 393 return -EINVAL;
b2af264a
K		 394 }
395
396 cp.retrans_effort = param->retrans_effort;
397 cp.pkt_type = __cpu_to_le16(param->pkt_type);
398 cp.max_latency = __cpu_to_le16(param->max_latency);
399
400 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
e07a06b4 401 return -EIO;
b2af264a 402
e07a06b4 403 return 0;
b2af264a
K		 404}
405
406static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 407{
408 struct hci_dev *hdev = conn->hdev;
409 struct hci_cp_setup_sync_conn cp;
2dea632f 410 const struct sco_param *param;
b6a0dc82 411
b2af264a 412 bt_dev_dbg(hdev, "hcon %p", conn);
b6a0dc82
MH		 413
414 conn->state = BT_CONNECT;
a0c808b3 415 conn->out = true;
b6a0dc82 416
efc7688b
MH		 417 conn->attempt++;
418
b6a0dc82 419 cp.handle = cpu_to_le16(handle);
b6a0dc82 420
dcf4adbf
JP		 421 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
422 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 423 cp.voice_setting = cpu_to_le16(conn->setting);
424
425 switch (conn->setting & SCO_AIRMODE_MASK) {
426 case SCO_AIRMODE_TRANSP:
8b1c324c
YL		 427 if (!find_next_esco_param(conn, esco_param_msbc,
428 ARRAY_SIZE(esco_param_msbc)))
2dea632f 429 return false;
565766b0 430 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 431 break;
432 case SCO_AIRMODE_CVSD:
06149746 433 if (conn->parent && lmp_esco_capable(conn->parent)) {
8b1c324c
YL		 434 if (!find_next_esco_param(conn, esco_param_cvsd,
435 ARRAY_SIZE(esco_param_cvsd)))
48e68ff5 436 return false;
48e68ff5
BT		 437 param = &esco_param_cvsd[conn->attempt - 1];
438 } else {
439 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
440 return false;
48e68ff5
BT		 441 param = &sco_param_cvsd[conn->attempt - 1];
442 }
10c62ddc 443 break;
2dea632f
FD		 444 default:
445 return false;
10c62ddc 446 }
b6a0dc82 447
c7da5797 448 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 449 cp.pkt_type = __cpu_to_le16(param->pkt_type);
450 cp.max_latency = __cpu_to_le16(param->max_latency);
451
452 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
453 return false;
454
455 return true;
b6a0dc82
MH		 456}
457
b2af264a
K		 458bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
459{
e07a06b4
BG		 460 int result;
461 struct conn_handle_t *conn_handle;
462
463 if (enhanced_sync_conn_capable(conn->hdev)) {
464 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
465
466 if (!conn_handle)
467 return false;
468
469 conn_handle->conn = conn;
470 conn_handle->handle = handle;
471 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
472 conn_handle, NULL);
473 if (result < 0)
474 kfree(conn_handle);
475
476 return result == 0;
477 }
b2af264a
K		 478
479 return hci_setup_sync_conn(conn, handle);
480}
481
7d6ca693
JH		 482u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
483 u16 to_multiplier)
2ce603eb 484{
2ce603eb 485 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 486 struct hci_conn_params *params;
487 struct hci_cp_le_conn_update cp;
2ce603eb 488
f044eb05 489 hci_dev_lock(hdev);
2ce603eb 490
f044eb05
MH		 491 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
492 if (params) {
493 params->conn_min_interval = min;
494 params->conn_max_interval = max;
495 params->conn_latency = latency;
496 params->supervision_timeout = to_multiplier;
497 }
498
499 hci_dev_unlock(hdev);
500
501 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 502 cp.handle = cpu_to_le16(conn->handle);
503 cp.conn_interval_min = cpu_to_le16(min);
504 cp.conn_interval_max = cpu_to_le16(max);
505 cp.conn_latency = cpu_to_le16(latency);
506 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 507 cp.min_ce_len = cpu_to_le16(0x0000);
508 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 509
510 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 511
512 if (params)
513 return 0x01;
514
515 return 0x00;
2ce603eb 516}
2ce603eb 517
fe39c7b2 518void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
8b76ce34 519 __u8 ltk[16], __u8 key_size)
a7a595f6
VCG		 520{
521 struct hci_dev *hdev = conn->hdev;
522 struct hci_cp_le_start_enc cp;
523
38b3fef1 524 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 525
526 memset(&cp, 0, sizeof(cp));
527
528 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 529 cp.rand = rand;
a7a595f6 530 cp.ediv = ediv;
8b76ce34 531 memcpy(cp.ltk, ltk, key_size);
a7a595f6
VCG		 532
533 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
534}
a7a595f6 535
e73439d8
MH		 536/* Device _must_ be locked */
537void hci_sco_setup(struct hci_conn *conn, __u8 status)
538{
06149746 539 struct hci_link *link;
e73439d8 540
06149746
LAD		 541 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
542 if (!link || !link->conn)
e73439d8
MH		 543 return;
544
38b3fef1
AE		 545 BT_DBG("hcon %p", conn);
546
e73439d8
MH		 547 if (!status) {
548 if (lmp_esco_capable(conn->hdev))
06149746 549 hci_setup_sync(link->conn, conn->handle);
e73439d8 550 else
06149746 551 hci_add_sco(link->conn, conn->handle);
e73439d8 552 } else {
06149746
LAD		 553 hci_connect_cfm(link->conn, status);
554 hci_conn_del(link->conn);
e73439d8
MH		 555 }
556}
557
19c40e3b 558static void hci_conn_timeout(struct work_struct *work)
1da177e4 559{
19c40e3b 560 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 561 disc_work.work);
1d56dc4f 562 int refcnt = atomic_read(&conn->refcnt);
1da177e4 563
38b3fef1 564 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 565
1d56dc4f
LR		 566 WARN_ON(refcnt < 0);
567
568 /* FIXME: It was observed that in pairing failed scenario, refcnt
569 * drops below 0. Probably this is because l2cap_conn_del calls
570 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
571 * dropped. After that loop hci_chan_del is called which also drops
572 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
573 * otherwise drop it.
574 */
575 if (refcnt > 0)
1da177e4
LT		 576 return;
577
89e0ccc8 578 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
1da177e4
LT		 579}
580
416dc94b 581/* Enter sniff mode */
a74a84f6 582static void hci_conn_idle(struct work_struct *work)
416dc94b 583{
a74a84f6
JH		 584 struct hci_conn *conn = container_of(work, struct hci_conn,
585 idle_work.work);
416dc94b
GP		 586 struct hci_dev *hdev = conn->hdev;
587
38b3fef1 588 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 589
416dc94b
GP		 590 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
591 return;
592
593 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
594 return;
595
596 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
597 struct hci_cp_sniff_subrate cp;
598 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 599 cp.max_latency = cpu_to_le16(0);
600 cp.min_remote_timeout = cpu_to_le16(0);
601 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 602 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
603 }
604
51a8efd7 605 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 606 struct hci_cp_sniff_mode cp;
607 cp.handle = cpu_to_le16(conn->handle);
608 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
609 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 610 cp.attempt = cpu_to_le16(4);
611 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 612 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
613 }
614}
615
7bc18d9d 616static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 617{
7bc18d9d
JH		 618 struct hci_conn *conn = container_of(work, struct hci_conn,
619 auto_accept_work.work);
9f61656a 620
7bc18d9d 621 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 622 &conn->dst);
9f61656a
JH		 623}
624
c3bed4de
SN		 625static void le_disable_advertising(struct hci_dev *hdev)
626{
627 if (ext_adv_capable(hdev)) {
628 struct hci_cp_le_set_ext_adv_enable cp;
629
630 cp.enable = 0x00;
631 cp.num_of_sets = 0x00;
632
633 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
634 &cp);
635 } else {
636 u8 enable = 0x00;
637 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
638 &enable);
639 }
640}
641
9489eca4
JH		 642static void le_conn_timeout(struct work_struct *work)
643{
644 struct hci_conn *conn = container_of(work, struct hci_conn,
645 le_conn_timeout.work);
3c857757 646 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 647
648 BT_DBG("");
649
3c857757
JH		 650 /* We could end up here due to having done directed advertising,
651 * so clean up the state if necessary. This should however only
652 * happen with broken hardware or if low duty cycle was used
653 * (which doesn't have a timeout of its own).
654 */
0b1db38c 655 if (conn->role == HCI_ROLE_SLAVE) {
c3bed4de
SN		 656 /* Disable LE Advertising */
657 le_disable_advertising(hdev);
9fa6b4cd 658 hci_dev_lock(hdev);
9b3628d7 659 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
9fa6b4cd 660 hci_dev_unlock(hdev);
3c857757
JH		 661 return;
662 }
663
89e0ccc8 664 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
9489eca4
JH		 665}
666
6b9545dc
PV		 667struct iso_cig_params {
668 struct hci_cp_le_set_cig_params cp;
669 struct hci_cis_params cis[0x1f];
670};
671
eca0ae4a
LAD		 672struct iso_list_data {
673 union {
674 u8 cig;
675 u8 big;
676 };
677 union {
678 u8 cis;
679 u8 bis;
680 u16 sync_handle;
681 };
682 int count;
a0bfde16 683 bool big_term;
fbdc4bc4 684 bool pa_sync_term;
f777d882 685 bool big_sync_term;
eca0ae4a
LAD		 686};
687
688static void bis_list(struct hci_conn *conn, void *data)
689{
690 struct iso_list_data *d = data;
691
692 /* Skip if not broadcast/ANY address */
693 if (bacmp(&conn->dst, BDADDR_ANY))
694 return;
695
0fe8c8d0
IT		 696 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
697 d->bis != conn->iso_qos.bcast.bis)
eca0ae4a
LAD		 698 return;
699
700 d->count++;
701}
702
eca0ae4a
LAD		 703static int terminate_big_sync(struct hci_dev *hdev, void *data)
704{
705 struct iso_list_data *d = data;
706
707 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
708
a254b90c 709 hci_disable_per_advertising_sync(hdev, d->bis);
eca0ae4a
LAD		 710 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
711
a0bfde16
IT		 712 /* Only terminate BIG if it has been created */
713 if (!d->big_term)
eca0ae4a
LAD		 714 return 0;
715
716 return hci_le_terminate_big_sync(hdev, d->big,
717 HCI_ERROR_LOCAL_HOST_TERM);
718}
719
720static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
721{
722 kfree(data);
723}
724
a0bfde16 725static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
eca0ae4a
LAD		 726{
727 struct iso_list_data *d;
3aa21311 728 int ret;
eca0ae4a 729
a0bfde16
IT		 730 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
731 conn->iso_qos.bcast.bis);
eca0ae4a 732
3958e877 733 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 734 if (!d)
735 return -ENOMEM;
736
a0bfde16
IT		 737 d->big = conn->iso_qos.bcast.big;
738 d->bis = conn->iso_qos.bcast.bis;
739 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
eca0ae4a 740
3aa21311
ZS		 741 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
742 terminate_big_destroy);
743 if (ret)
744 kfree(d);
745
746 return ret;
eca0ae4a
LAD		 747}
748
749static int big_terminate_sync(struct hci_dev *hdev, void *data)
750{
751 struct iso_list_data *d = data;
752
753 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
754 d->sync_handle);
755
f777d882
IT		 756 if (d->big_sync_term)
757 hci_le_big_terminate_sync(hdev, d->big);
eca0ae4a 758
fbdc4bc4
IT		 759 if (d->pa_sync_term)
760 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
761
762 return 0;
eca0ae4a
LAD		 763}
764
fcb89f12
IT		 765static void find_bis(struct hci_conn *conn, void *data)
766{
767 struct iso_list_data *d = data;
768
769 /* Ignore if BIG doesn't match */
770 if (d->big != conn->iso_qos.bcast.big)
771 return;
772
773 d->count++;
774}
775
f777d882 776static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
eca0ae4a
LAD		 777{
778 struct iso_list_data *d;
3aa21311 779 int ret;
eca0ae4a 780
f777d882 781 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
eca0ae4a 782
3958e877 783 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 784 if (!d)
785 return -ENOMEM;
786
fcb89f12 787 memset(d, 0, sizeof(*d));
eca0ae4a 788 d->big = big;
f777d882 789 d->sync_handle = conn->sync_handle;
fcb89f12
IT		 790
791 if (test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags)) {
792 hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK,
793 HCI_CONN_PA_SYNC, d);
794
795 if (!d->count)
796 d->pa_sync_term = true;
797
798 d->count = 0;
799 }
800
801 if (test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags)) {
802 hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK,
803 HCI_CONN_BIG_SYNC, d);
804
805 if (!d->count)
806 d->big_sync_term = true;
807 }
eca0ae4a 808
3aa21311
ZS		 809 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
810 terminate_big_destroy);
811 if (ret)
812 kfree(d);
813
814 return ret;
eca0ae4a
LAD		 815}
816
817/* Cleanup BIS connection
818 *
819 * Detects if there any BIS left connected in a BIG
820 * broadcaster: Remove advertising instance and terminate BIG.
821 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
822 */
823static void bis_cleanup(struct hci_conn *conn)
824{
825 struct hci_dev *hdev = conn->hdev;
a0bfde16 826 struct hci_conn *bis;
eca0ae4a
LAD		 827
828 bt_dev_dbg(hdev, "conn %p", conn);
829
830 if (conn->role == HCI_ROLE_MASTER) {
831 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
832 return;
833
a0bfde16
IT		 834 /* Check if ISO connection is a BIS and terminate advertising
835 * set and BIG if there are no other connections using it.
836 */
6a42e9bf 837 bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
a0bfde16
IT		 838 if (bis)
839 return;
840
841 hci_le_terminate_big(hdev, conn);
eca0ae4a 842 } else {
0fe8c8d0 843 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
f777d882 844 conn);
eca0ae4a
LAD		 845 }
846}
847
848static int remove_cig_sync(struct hci_dev *hdev, void *data)
849{
a1f6c3ae 850 u8 handle = PTR_UINT(data);
eca0ae4a
LAD		 851
852 return hci_le_remove_cig_sync(hdev, handle);
853}
854
855static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
856{
857 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
858
a1f6c3ae
LAD		 859 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
860 NULL);
eca0ae4a
LAD		 861}
862
863static void find_cis(struct hci_conn *conn, void *data)
864{
865 struct iso_list_data *d = data;
866
31c5f916
PV		 867 /* Ignore broadcast or if CIG don't match */
868 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
eca0ae4a
LAD		 869 return;
870
871 d->count++;
872}
873
874/* Cleanup CIS connection:
875 *
876 * Detects if there any CIS left connected in a CIG and remove it.
877 */
878static void cis_cleanup(struct hci_conn *conn)
879{
880 struct hci_dev *hdev = conn->hdev;
881 struct iso_list_data d;
882
31c5f916
PV		 883 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
884 return;
885
eca0ae4a 886 memset(&d, 0, sizeof(d));
0fe8c8d0 887 d.cig = conn->iso_qos.ucast.cig;
eca0ae4a
LAD		 888
889 /* Check if ISO connection is a CIS and remove CIG if there are
890 * no other connections using it.
891 */
6c242c64
PV		 892 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
893 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
eca0ae4a
LAD		 894 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
895 if (d.count)
896 return;
897
0fe8c8d0 898 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
eca0ae4a
LAD		 899}
900
181a42ed 901static int hci_conn_hash_alloc_unset(struct hci_dev *hdev)
9f78191c 902{
181a42ed
ZX		 903 return ida_alloc_range(&hdev->unset_handle_ida, HCI_CONN_HANDLE_MAX + 1,
904 U16_MAX, GFP_ATOMIC);
9f78191c
LAD		 905}
906
a5c4e309 907struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
181a42ed 908 u8 role, u16 handle)
1da177e4
LT		 909{
910 struct hci_conn *conn;
911
181a42ed 912 bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle);
1da177e4 913
27f70f3e 914 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 915 if (!conn)
1da177e4 916 return NULL;
1da177e4
LT		 917
918 bacpy(&conn->dst, dst);
662e8820 919 bacpy(&conn->src, &hdev->bdaddr);
181a42ed 920 conn->handle = handle;
a8746417
MH		 921 conn->hdev = hdev;
922 conn->type = type;
a5c4e309 923 conn->role = role;
a8746417
MH		 924 conn->mode = HCI_CM_ACTIVE;
925 conn->state = BT_OPEN;
93f19c9f 926 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 927 conn->io_capability = hdev->io_capability;
a9583556 928 conn->remote_auth = 0xff;
13d39315 929 conn->key_type = 0xff;
ebf86aa3 930 conn->rssi = HCI_RSSI_INVALID;
5a134fae 931 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 932 conn->max_tx_power = HCI_TX_POWER_INVALID;
1d11d70d 933 conn->sync_handle = HCI_SYNC_HANDLE_INVALID;
1da177e4 934
58a681ef 935 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 936 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 937
302975cb
SRK		 938 /* Set Default Authenticated payload timeout to 30s */
939 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
940
a5c4e309
JH		 941 if (conn->role == HCI_ROLE_MASTER)
942 conn->out = true;
943
a8746417
MH		 944 switch (type) {
945 case ACL_LINK:
946 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
947 break;
9c84d1da 948 case LE_LINK:
eca0ae4a
LAD		 949 /* conn->src should reflect the local identity address */
950 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
951 break;
26afbd82 952 case ISO_LINK:
9c84d1da
JH		 953 /* conn->src should reflect the local identity address */
954 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
eca0ae4a
LAD		 955
956 /* set proper cleanup function */
957 if (!bacmp(dst, BDADDR_ANY))
958 conn->cleanup = bis_cleanup;
959 else if (conn->role == HCI_ROLE_MASTER)
960 conn->cleanup = cis_cleanup;
961
9c84d1da 962 break;
a8746417
MH		 963 case SCO_LINK:
964 if (lmp_esco_capable(hdev))
efc7688b
MH		 965 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
966 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 967 else
968 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
969 break;
970 case ESCO_LINK:
efc7688b 971 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 972 break;
973 }
974
1da177e4 975 skb_queue_head_init(&conn->data_q);
04837f64 976
70c1f20b 977 INIT_LIST_HEAD(&conn->chan_list);
06149746 978 INIT_LIST_HEAD(&conn->link_list);
73d80deb 979
19c40e3b 980 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 981 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 982 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 983 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 984
985 atomic_set(&conn->refcnt, 0);
986
987 hci_dev_hold(hdev);
988
1da177e4 989 hci_conn_hash_add(hdev, conn);
1f8330ea
SN		 990
991 /* The SCO and eSCO connections will only be notified when their
992 * setup has been completed. This is different to ACL links which
993 * can be notified right away.
994 */
995 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
996 if (hdev->notify)
997 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
998 }
1da177e4 999
a67e899c
MH		 1000 hci_conn_init_sysfs(conn);
1001
1da177e4
LT		 1002 return conn;
1003}
1004
181a42ed
ZX		 1005struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type,
1006 bdaddr_t *dst, u8 role)
1007{
1008 int handle;
1009
1010 bt_dev_dbg(hdev, "dst %pMR", dst);
1011
1012 handle = hci_conn_hash_alloc_unset(hdev);
1013 if (unlikely(handle < 0))
1014 return NULL;
1015
1016 return hci_conn_add(hdev, type, dst, role, handle);
1017}
1018
3344d318
PV		 1019static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason)
1020{
1021 if (!reason)
1022 reason = HCI_ERROR_REMOTE_USER_TERM;
1023
1024 /* Due to race, SCO/ISO conn might be not established yet at this point,
1025 * and nothing else will clean it up. In other cases it is done via HCI
1026 * events.
1027 */
1028 switch (conn->type) {
1029 case SCO_LINK:
1030 case ESCO_LINK:
1031 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1032 hci_conn_failed(conn, reason);
1033 break;
1034 case ISO_LINK:
fa224d0c
IT		 1035 if ((conn->state != BT_CONNECTED &&
1036 !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) ||
1037 test_bit(HCI_CONN_BIG_CREATED, &conn->flags))
3344d318
PV		 1038 hci_conn_failed(conn, reason);
1039 break;
1040 }
1041}
1042
06149746 1043static void hci_conn_unlink(struct hci_conn *conn)
5dc7d23e 1044{
06149746
LAD		 1045 struct hci_dev *hdev = conn->hdev;
1046
1047 bt_dev_dbg(hdev, "hcon %p", conn);
1048
1049 if (!conn->parent) {
1050 struct hci_link *link, *t;
1051
ca1fd42e
RL		 1052 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1053 struct hci_conn *child = link->conn;
1054
1055 hci_conn_unlink(child);
1056
a2ac591c
RL		 1057 /* If hdev is down it means
1058 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1059 * and links don't need to be cleanup as all connections
1060 * would be cleanup.
1061 */
1062 if (!test_bit(HCI_UP, &hdev->flags))
1063 continue;
1064
3344d318 1065 hci_conn_cleanup_child(child, conn->abort_reason);
ca1fd42e 1066 }
06149746
LAD		 1067
1068 return;
1069 }
1070
5dc7d23e 1071 if (!conn->link)
06149746 1072 return;
5dc7d23e 1073
06149746
LAD		 1074 list_del_rcu(&conn->link->list);
1075 synchronize_rcu();
1076
a2904d28 1077 hci_conn_drop(conn->parent);
2910431a
RL		 1078 hci_conn_put(conn->parent);
1079 conn->parent = NULL;
1080
06149746 1081 kfree(conn->link);
5dc7d23e 1082 conn->link = NULL;
5dc7d23e
LAD		 1083}
1084
a2ac591c 1085void hci_conn_del(struct hci_conn *conn)
1da177e4
LT		 1086{
1087 struct hci_dev *hdev = conn->hdev;
1088
38b3fef1 1089 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 1090
a2904d28
RL		 1091 hci_conn_unlink(conn);
1092
19c40e3b 1093 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 1094 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 1095 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 1096
5b7f9909 1097 if (conn->type == ACL_LINK) {
1da177e4
LT		 1098 /* Unacked frames */
1099 hdev->acl_cnt += conn->sent;
6ed58ec5 1100 } else if (conn->type == LE_LINK) {
980ffc0a 1101 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 1102
6ed58ec5
VT		 1103 if (hdev->le_pkts)
1104 hdev->le_cnt += conn->sent;
1105 else
1106 hdev->acl_cnt += conn->sent;
5b7f9909 1107 } else {
5638d9ea
LAD		 1108 /* Unacked ISO frames */
1109 if (conn->type == ISO_LINK) {
1110 if (hdev->iso_pkts)
1111 hdev->iso_cnt += conn->sent;
1112 else if (hdev->le_pkts)
1113 hdev->le_cnt += conn->sent;
1114 else
1115 hdev->acl_cnt += conn->sent;
1116 }
1da177e4
LT		 1117 }
1118
1da177e4 1119 skb_queue_purge(&conn->data_q);
1da177e4 1120
b958f9a3
JH		 1121 /* Remove the connection from the list and cleanup its remaining
1122 * state. This is a separate function since for some cases like
1123 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1124 * rest of hci_conn_del.
1125 */
1126 hci_conn_cleanup(conn);
881559af
LAD		 1127
1128 /* Dequeue callbacks using connection pointer as data */
1129 hci_cmd_sync_dequeue(hdev, NULL, conn, NULL);
1da177e4
LT		 1130}
1131
39385cb5 1132struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1da177e4
LT		 1133{
1134 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 1135 struct hci_dev *hdev = NULL, *d;
1da177e4 1136
6ed93dc6 1137 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 1138
f20d09d5 1139 read_lock(&hci_dev_list_lock);
1da177e4 1140
8035ded4 1141 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 1142 if (!test_bit(HCI_UP, &d->flags) ||
d7a5a11d 1143 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
ca8bee5d 1144 d->dev_type != HCI_PRIMARY)
1da177e4
LT		 1145 continue;
1146
8e87d142 1147 /* Simple routing:
1da177e4
LT		 1148 * No source address - find interface with bdaddr != dst
1149 * Source address - find interface with bdaddr == src
1150 */
1151
1152 if (use_src) {
39385cb5
JH		 1153 bdaddr_t id_addr;
1154 u8 id_addr_type;
1155
1156 if (src_type == BDADDR_BREDR) {
1157 if (!lmp_bredr_capable(d))
1158 continue;
1159 bacpy(&id_addr, &d->bdaddr);
1160 id_addr_type = BDADDR_BREDR;
1161 } else {
1162 if (!lmp_le_capable(d))
1163 continue;
1164
1165 hci_copy_identity_address(d, &id_addr,
1166 &id_addr_type);
1167
1168 /* Convert from HCI to three-value type */
1169 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1170 id_addr_type = BDADDR_LE_PUBLIC;
1171 else
1172 id_addr_type = BDADDR_LE_RANDOM;
1173 }
1174
1175 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1da177e4
LT		 1176 hdev = d; break;
1177 }
1178 } else {
1179 if (bacmp(&d->bdaddr, dst)) {
1180 hdev = d; break;
1181 }
1182 }
1183 }
1184
1185 if (hdev)
1186 hdev = hci_dev_hold(hdev);
1187
f20d09d5 1188 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 1189 return hdev;
1190}
1191EXPORT_SYMBOL(hci_get_route);
1192
9bb3c01f 1193/* This function requires the caller holds hdev->lock */
9b3628d7 1194static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 1195{
1196 struct hci_dev *hdev = conn->hdev;
f161dd41 1197
19cf60bf 1198 hci_connect_le_scan_cleanup(conn, status);
3c857757 1199
abfeea47 1200 /* Enable advertising in case this was a failed connection
3c857757
JH		 1201 * attempt as a peripheral.
1202 */
abfeea47 1203 hci_enable_advertising(hdev);
9bb3c01f
AG		 1204}
1205
9b3628d7
LAD		 1206/* This function requires the caller holds hdev->lock */
1207void hci_conn_failed(struct hci_conn *conn, u8 status)
1208{
1209 struct hci_dev *hdev = conn->hdev;
1210
1211 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1212
1213 switch (conn->type) {
1214 case LE_LINK:
1215 hci_le_conn_failed(conn, status);
1216 break;
1217 case ACL_LINK:
1218 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1219 conn->dst_type, status);
1220 break;
1221 }
1222
a254b90c
IT		 1223 /* In case of BIG/PA sync failed, clear conn flags so that
1224 * the conns will be correctly cleaned up by ISO layer
1225 */
1226 test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags);
1227 test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags);
1228
9b3628d7
LAD		 1229 conn->state = BT_CLOSED;
1230 hci_connect_cfm(conn, status);
1231 hci_conn_del(conn);
1232}
1233
16e3b642
LAD		 1234/* This function requires the caller holds hdev->lock */
1235u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1236{
1237 struct hci_dev *hdev = conn->hdev;
1238
1239 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1240
1241 if (conn->handle == handle)
1242 return 0;
1243
1244 if (handle > HCI_CONN_HANDLE_MAX) {
1245 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1246 handle, HCI_CONN_HANDLE_MAX);
1247 return HCI_ERROR_INVALID_PARAMETERS;
1248 }
1249
1250 /* If abort_reason has been sent it means the connection is being
1251 * aborted and the handle shall not be changed.
1252 */
1253 if (conn->abort_reason)
1254 return conn->abort_reason;
1255
181a42ed
ZX		 1256 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1257 ida_free(&hdev->unset_handle_ida, conn->handle);
1258
16e3b642
LAD		 1259 conn->handle = handle;
1260
1261 return 0;
1262}
1263
04a6c589 1264struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
d850bf08 1265 u8 dst_type, bool dst_resolved, u8 sec_level,
2e7ed5f5 1266 u16 conn_timeout, u8 role, u8 phy, u8 sec_phy)
1da177e4 1267{
e2caced4 1268 struct hci_conn *conn;
1ebfcc1f 1269 struct smp_irk *irk;
1d399ae5 1270 int err;
1da177e4 1271
152d386e 1272 /* Let's make sure that le is enabled.*/
d7a5a11d 1273 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
152d386e
LR		 1274 if (lmp_le_capable(hdev))
1275 return ERR_PTR(-ECONNREFUSED);
1276
1277 return ERR_PTR(-EOPNOTSUPP);
1278 }
1279
658aead9
JH		 1280 /* Since the controller supports only one LE connection attempt at a
1281 * time, we return -EBUSY if there is any connection attempt running.
1282 */
1283 if (hci_lookup_le_connect(hdev))
1284 return ERR_PTR(-EBUSY);
1285
e2caced4
JH		 1286 /* If there's already a connection object but it's not in
1287 * scanning state it means it must already be established, in
1288 * which case we can't do anything else except report a failure
1289 * to connect.
620ad521 1290 */
9d4c1cc1 1291 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
e2caced4
JH		 1292 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1293 return ERR_PTR(-EBUSY);
620ad521 1294 }
dfc94dbd 1295
d850bf08
LAD		 1296 /* Check if the destination address has been resolved by the controller
1297 * since if it did then the identity address shall be used.
edb4b466 1298 */
d850bf08
LAD		 1299 if (!dst_resolved) {
1300 /* When given an identity address with existing identity
1301 * resolving key, the connection needs to be established
1302 * to a resolvable random address.
1303 *
1304 * Storing the resolvable random address is required here
1305 * to handle connection failures. The address will later
1306 * be resolved back into the original identity address
1307 * from the connect request.
1308 */
1309 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1310 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1311 dst = &irk->rpa;
1312 dst_type = ADDR_LE_DEV_RANDOM;
1313 }
1ebfcc1f
JH		 1314 }
1315
e2caced4 1316 if (conn) {
28a667c9
JP		 1317 bacpy(&conn->dst, dst);
1318 } else {
181a42ed 1319 conn = hci_conn_add_unset(hdev, LE_LINK, dst, role);
e2caced4
JH		 1320 if (!conn)
1321 return ERR_PTR(-ENOMEM);
1322 hci_conn_hold(conn);
1323 conn->pending_sec_level = sec_level;
28a667c9
JP		 1324 }
1325
1ebfcc1f 1326 conn->dst_type = dst_type;
620ad521 1327 conn->sec_level = BT_SECURITY_LOW;
09ae260b 1328 conn->conn_timeout = conn_timeout;
2e7ed5f5
LAD		 1329 conn->le_adv_phy = phy;
1330 conn->le_adv_sec_phy = sec_phy;
4292f1f3 1331
881559af 1332 err = hci_connect_le_sync(hdev, conn);
2acf3d90
AG		 1333 if (err) {
1334 hci_conn_del(conn);
620ad521 1335 return ERR_PTR(err);
2acf3d90 1336 }
fcd89c09 1337
f1e5d547 1338 return conn;
d04aef4c 1339}
fcd89c09 1340
f75113a2
JP		 1341static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1342{
1343 struct hci_conn *conn;
1344
9d4c1cc1 1345 conn = hci_conn_hash_lookup_le(hdev, addr, type);
f75113a2
JP		 1346 if (!conn)
1347 return false;
1348
f75113a2
JP		 1349 if (conn->state != BT_CONNECTED)
1350 return false;
1351
1352 return true;
1353}
1354
1355/* This function requires the caller holds hdev->lock */
84235d22 1356static int hci_explicit_conn_params_set(struct hci_dev *hdev,
f75113a2
JP		 1357 bdaddr_t *addr, u8 addr_type)
1358{
f75113a2
JP		 1359 struct hci_conn_params *params;
1360
1361 if (is_connected(hdev, addr, addr_type))
1362 return -EISCONN;
1363
5157b8a5
JP		 1364 params = hci_conn_params_lookup(hdev, addr, addr_type);
1365 if (!params) {
1366 params = hci_conn_params_add(hdev, addr, addr_type);
1367 if (!params)
1368 return -ENOMEM;
1369
1370 /* If we created new params, mark them to be deleted in
1371 * hci_connect_le_scan_cleanup. It's different case than
1372 * existing disabled params, those will stay after cleanup.
1373 */
1374 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1375 }
f75113a2 1376
5157b8a5 1377 /* We're trying to connect, so make sure params are at pend_le_conns */
49c50922 1378 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5157b8a5
JP		 1379 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1380 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
195ef75e
PV		 1381 hci_pend_le_list_del_init(params);
1382 hci_pend_le_list_add(params, &hdev->pend_le_conns);
f75113a2
JP		 1383 }
1384
1385 params->explicit_connect = true;
f75113a2
JP		 1386
1387 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1388 params->auto_connect);
1389
1390 return 0;
1391}
1392
eca0ae4a
LAD		 1393static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1394{
6a42e9bf
IT		 1395 struct hci_conn *conn;
1396 u8 big;
eca0ae4a
LAD		 1397
1398 /* Allocate a BIG if not set */
0fe8c8d0 1399 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
6a42e9bf 1400 for (big = 0x00; big < 0xef; big++) {
eca0ae4a 1401
6a42e9bf
IT		 1402 conn = hci_conn_hash_lookup_big(hdev, big);
1403 if (!conn)
eca0ae4a
LAD		 1404 break;
1405 }
1406
6a42e9bf 1407 if (big == 0xef)
eca0ae4a
LAD		 1408 return -EADDRNOTAVAIL;
1409
1410 /* Update BIG */
6a42e9bf 1411 qos->bcast.big = big;
eca0ae4a
LAD		 1412 }
1413
1414 return 0;
1415}
1416
1417static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1418{
6a42e9bf
IT		 1419 struct hci_conn *conn;
1420 u8 bis;
eca0ae4a
LAD		 1421
1422 /* Allocate BIS if not set */
0fe8c8d0 1423 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
71b7bb48
IT		 1424 if (qos->bcast.big != BT_ISO_QOS_BIG_UNSET) {
1425 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
1426
1427 if (conn) {
1428 /* If the BIG handle is already matched to an advertising
1429 * handle, do not allocate a new one.
1430 */
1431 qos->bcast.bis = conn->iso_qos.bcast.bis;
1432 return 0;
1433 }
1434 }
1435
eca0ae4a
LAD		 1436 /* Find an unused adv set to advertise BIS, skip instance 0x00
1437 * since it is reserved as general purpose set.
1438 */
6a42e9bf
IT		 1439 for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1440 bis++) {
eca0ae4a 1441
6a42e9bf
IT		 1442 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1443 if (!conn)
eca0ae4a
LAD		 1444 break;
1445 }
1446
6a42e9bf 1447 if (bis == hdev->le_num_of_adv_sets)
eca0ae4a
LAD		 1448 return -EADDRNOTAVAIL;
1449
1450 /* Update BIS */
6a42e9bf 1451 qos->bcast.bis = bis;
eca0ae4a
LAD		 1452 }
1453
1454 return 0;
1455}
1456
1457/* This function requires the caller holds hdev->lock */
1458static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
a0bfde16
IT		 1459 struct bt_iso_qos *qos, __u8 base_len,
1460 __u8 *base)
eca0ae4a
LAD		 1461{
1462 struct hci_conn *conn;
eca0ae4a
LAD		 1463 int err;
1464
1465 /* Let's make sure that le is enabled.*/
1466 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1467 if (lmp_le_capable(hdev))
1468 return ERR_PTR(-ECONNREFUSED);
1469 return ERR_PTR(-EOPNOTSUPP);
1470 }
1471
1472 err = qos_set_big(hdev, qos);
1473 if (err)
1474 return ERR_PTR(err);
1475
1476 err = qos_set_bis(hdev, qos);
1477 if (err)
1478 return ERR_PTR(err);
1479
a0bfde16
IT		 1480 /* Check if the LE Create BIG command has already been sent */
1481 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1482 qos->bcast.big);
1483 if (conn)
eca0ae4a
LAD		 1484 return ERR_PTR(-EADDRINUSE);
1485
a0bfde16
IT		 1486 /* Check BIS settings against other bound BISes, since all
1487 * BISes in a BIG must have the same value for all parameters
1488 */
6a42e9bf 1489 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
a0bfde16
IT		 1490
1491 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1492 base_len != conn->le_per_adv_data_len ||
1493 memcmp(conn->le_per_adv_data, base, base_len)))
eca0ae4a
LAD		 1494 return ERR_PTR(-EADDRINUSE);
1495
181a42ed 1496 conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
eca0ae4a
LAD		 1497 if (!conn)
1498 return ERR_PTR(-ENOMEM);
1499
eca0ae4a
LAD		 1500 conn->state = BT_CONNECT;
1501
1502 hci_conn_hold(conn);
1503 return conn;
1504}
1505
f75113a2
JP		 1506/* This function requires the caller holds hdev->lock */
1507struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1508 u8 dst_type, u8 sec_level,
76b13996
MM		 1509 u16 conn_timeout,
1510 enum conn_reasons conn_reason)
f75113a2
JP		 1511{
1512 struct hci_conn *conn;
f75113a2
JP		 1513
1514 /* Let's make sure that le is enabled.*/
1515 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1516 if (lmp_le_capable(hdev))
1517 return ERR_PTR(-ECONNREFUSED);
1518
1519 return ERR_PTR(-EOPNOTSUPP);
1520 }
1521
1522 /* Some devices send ATT messages as soon as the physical link is
1523 * established. To be able to handle these ATT messages, the user-
1524 * space first establishes the connection and then starts the pairing
1525 * process.
1526 *
1527 * So if a hci_conn object already exists for the following connection
1528 * attempt, we simply update pending_sec_level and auth_type fields
1529 * and return the object found.
1530 */
9d4c1cc1 1531 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
f75113a2
JP		 1532 if (conn) {
1533 if (conn->pending_sec_level < sec_level)
1534 conn->pending_sec_level = sec_level;
1535 goto done;
1536 }
1537
1538 BT_DBG("requesting refresh of dst_addr");
1539
181a42ed 1540 conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
f75113a2
JP		 1541 if (!conn)
1542 return ERR_PTR(-ENOMEM);
1543
d088337c
NE		 1544 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1545 hci_conn_del(conn);
f75113a2 1546 return ERR_PTR(-EBUSY);
d088337c 1547 }
f75113a2
JP		 1548
1549 conn->state = BT_CONNECT;
1550 set_bit(HCI_CONN_SCANNING, &conn->flags);
f75113a2
JP		 1551 conn->dst_type = dst_type;
1552 conn->sec_level = BT_SECURITY_LOW;
1553 conn->pending_sec_level = sec_level;
1554 conn->conn_timeout = conn_timeout;
76b13996 1555 conn->conn_reason = conn_reason;
f75113a2 1556
5bee2fd6 1557 hci_update_passive_scan(hdev);
84235d22 1558
f75113a2
JP		 1559done:
1560 hci_conn_hold(conn);
1561 return conn;
1562}
1563
04a6c589 1564struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
76b13996 1565 u8 sec_level, u8 auth_type,
bf98feea 1566 enum conn_reasons conn_reason, u16 timeout)
1da177e4
LT		 1567{
1568 struct hci_conn *acl;
fcd89c09 1569
d7a5a11d 1570 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
c411110e
LR		 1571 if (lmp_bredr_capable(hdev))
1572 return ERR_PTR(-ECONNREFUSED);
1573
beb19e4c 1574 return ERR_PTR(-EOPNOTSUPP);
c411110e 1575 }
56f87901 1576
1ffc6f8c
LCY		 1577 /* Reject outgoing connection to device with same BD ADDR against
1578 * CVE-2020-26555
1579 */
1580 if (!bacmp(&hdev->bdaddr, dst)) {
1581 bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n",
1582 dst);
1583 return ERR_PTR(-ECONNREFUSED);
1584 }
1585
70f23020
AE		 1586 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1587 if (!acl) {
181a42ed 1588 acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 1589 if (!acl)
48c7aba9 1590 return ERR_PTR(-ENOMEM);
1da177e4
LT		 1591 }
1592
1593 hci_conn_hold(acl);
1594
76b13996 1595 acl->conn_reason = conn_reason;
09ab6f4c 1596 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
45340097
JD		 1597 int err;
1598
765c2a96
JH		 1599 acl->sec_level = BT_SECURITY_LOW;
1600 acl->pending_sec_level = sec_level;
09ab6f4c 1601 acl->auth_type = auth_type;
bf98feea 1602 acl->conn_timeout = timeout;
45340097 1603
5f641f03 1604 err = hci_connect_acl_sync(hdev, acl);
45340097
JD		 1605 if (err) {
1606 hci_conn_del(acl);
1607 return ERR_PTR(err);
1608 }
09ab6f4c 1609 }
1da177e4 1610
db474275
VCG		 1611 return acl;
1612}
1613
06149746
LAD		 1614static struct hci_link *hci_conn_link(struct hci_conn *parent,
1615 struct hci_conn *conn)
1616{
1617 struct hci_dev *hdev = parent->hdev;
1618 struct hci_link *link;
1619
1620 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1621
1622 if (conn->link)
1623 return conn->link;
1624
1625 if (conn->parent)
1626 return NULL;
1627
1628 link = kzalloc(sizeof(*link), GFP_KERNEL);
1629 if (!link)
1630 return NULL;
1631
1632 link->conn = hci_conn_hold(conn);
1633 conn->link = link;
1634 conn->parent = hci_conn_get(parent);
1635
1636 /* Use list_add_tail_rcu append to the list */
1637 list_add_tail_rcu(&link->list, &parent->link_list);
1638
1639 return link;
1640}
1641
10c62ddc 1642struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
bf98feea
LAD		 1643 __u16 setting, struct bt_codec *codec,
1644 u16 timeout)
db474275
VCG		 1645{
1646 struct hci_conn *acl;
1647 struct hci_conn *sco;
06149746 1648 struct hci_link *link;
db474275 1649
76b13996 1650 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
bf98feea 1651 CONN_REASON_SCO_CONNECT, timeout);
db474275 1652 if (IS_ERR(acl))
5b7f9909 1653 return acl;
1da177e4 1654
70f23020
AE		 1655 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1656 if (!sco) {
181a42ed 1657 sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 1658 if (!sco) {
76a68ba0 1659 hci_conn_drop(acl);
48c7aba9 1660 return ERR_PTR(-ENOMEM);
1da177e4 1661 }
5b7f9909 1662 }
1da177e4 1663
06149746
LAD		 1664 link = hci_conn_link(acl, sco);
1665 if (!link) {
1666 hci_conn_drop(acl);
1667 hci_conn_drop(sco);
b4066eb0 1668 return ERR_PTR(-ENOLINK);
06149746 1669 }
1da177e4 1670
10c62ddc 1671 sco->setting = setting;
b2af264a 1672 sco->codec = *codec;
10c62ddc 1673
5b7f9909 1674 if (acl->state == BT_CONNECTED &&
5974e4c4 1675 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 1676 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 1677 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 1678
51a8efd7 1679 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 1680 /* defer SCO setup until mode change completed */
51a8efd7 1681 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 1682 return sco;
1683 }
1684
1685 hci_sco_setup(acl, 0x00);
b6a0dc82 1686 }
5b7f9909
MH		 1687
1688 return sco;
1da177e4 1689}
1da177e4 1690
eca0ae4a
LAD		 1691static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1692{
1693 struct hci_dev *hdev = conn->hdev;
1694 struct hci_cp_le_create_big cp;
a0bfde16 1695 struct iso_list_data data;
eca0ae4a
LAD		 1696
1697 memset(&cp, 0, sizeof(cp));
1698
a0bfde16
IT		 1699 data.big = qos->bcast.big;
1700 data.bis = qos->bcast.bis;
1701 data.count = 0;
1702
1703 /* Create a BIS for each bound connection */
1704 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1705 BT_BOUND, &data);
1706
0fe8c8d0
IT		 1707 cp.handle = qos->bcast.big;
1708 cp.adv_handle = qos->bcast.bis;
a0bfde16 1709 cp.num_bis = data.count;
0fe8c8d0
IT		 1710 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1711 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1712 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1713 cp.bis.rtn = qos->bcast.out.rtn;
1714 cp.bis.phy = qos->bcast.out.phy;
1715 cp.bis.packing = qos->bcast.packing;
1716 cp.bis.framing = qos->bcast.framing;
1717 cp.bis.encryption = qos->bcast.encryption;
1718 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
eca0ae4a
LAD		 1719
1720 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1721}
1722
a0912892 1723static int set_cig_params_sync(struct hci_dev *hdev, void *data)
6b9545dc 1724{
a1f6c3ae 1725 u8 cig_id = PTR_UINT(data);
a0912892
LAD		 1726 struct hci_conn *conn;
1727 struct bt_iso_qos *qos;
1728 struct iso_cig_params pdu;
1729 u8 cis_id;
6b9545dc 1730
a0912892
LAD		 1731 conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1732 if (!conn)
1733 return 0;
6b9545dc 1734
a0912892 1735 memset(&pdu, 0, sizeof(pdu));
6b9545dc 1736
a0912892
LAD		 1737 qos = &conn->iso_qos;
1738 pdu.cp.cig_id = cig_id;
1739 hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1740 hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1741 pdu.cp.sca = qos->ucast.sca;
1742 pdu.cp.packing = qos->ucast.packing;
1743 pdu.cp.framing = qos->ucast.framing;
1744 pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1745 pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
6b9545dc 1746
a0912892
LAD		 1747 /* Reprogram all CIS(s) with the same CIG, valid range are:
1748 * num_cis: 0x00 to 0x1F
1749 * cis_id: 0x00 to 0xEF
1750 */
1751 for (cis_id = 0x00; cis_id < 0xf0 &&
1752 pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1753 struct hci_cis_params *cis;
1754
1755 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1756 if (!conn)
1757 continue;
6b9545dc 1758
a0912892
LAD		 1759 qos = &conn->iso_qos;
1760
1761 cis = &pdu.cis[pdu.cp.num_cis++];
1762 cis->cis_id = cis_id;
1763 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1764 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1765 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1766 qos->ucast.in.phy;
1767 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1768 qos->ucast.out.phy;
1769 cis->c_rtn = qos->ucast.out.rtn;
1770 cis->p_rtn = qos->ucast.in.rtn;
1771 }
1772
1773 if (!pdu.cp.num_cis)
1774 return 0;
1775
1776 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1777 sizeof(pdu.cp) +
1778 pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
6b9545dc
PV		 1779 HCI_CMD_TIMEOUT);
1780}
1781
26afbd82
LAD		 1782static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1783{
1784 struct hci_dev *hdev = conn->hdev;
1785 struct iso_list_data data;
1786
1787 memset(&data, 0, sizeof(data));
1788
e6a7a46b 1789 /* Allocate first still reconfigurable CIG if not set */
0fe8c8d0 1790 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
e6a7a46b 1791 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
26afbd82 1792 data.count = 0;
26afbd82 1793
e6a7a46b
PV		 1794 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1795 BT_CONNECT, &data);
26afbd82
LAD		 1796 if (data.count)
1797 continue;
1798
e6a7a46b 1799 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
26afbd82
LAD		 1800 BT_CONNECTED, &data);
1801 if (!data.count)
1802 break;
1803 }
1804
e6a7a46b 1805 if (data.cig == 0xf0)
26afbd82
LAD		 1806 return false;
1807
1808 /* Update CIG */
0fe8c8d0 1809 qos->ucast.cig = data.cig;
26afbd82
LAD		 1810 }
1811
0fe8c8d0 1812 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
a0912892
LAD		 1813 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1814 qos->ucast.cis))
26afbd82 1815 return false;
a0912892 1816 goto done;
26afbd82
LAD		 1817 }
1818
a0912892
LAD		 1819 /* Allocate first available CIS if not set */
1820 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1821 data.cis++) {
1822 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1823 data.cis)) {
26afbd82 1824 /* Update CIS */
0fe8c8d0 1825 qos->ucast.cis = data.cis;
a0912892 1826 break;
26afbd82
LAD		 1827 }
1828 }
1829
a0912892 1830 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
26afbd82
LAD		 1831 return false;
1832
a0912892
LAD		 1833done:
1834 if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
a1f6c3ae 1835 UINT_PTR(qos->ucast.cig), NULL) < 0)
6b9545dc 1836 return false;
6b9545dc 1837
26afbd82
LAD		 1838 return true;
1839}
1840
26afbd82
LAD		 1841struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1842 __u8 dst_type, struct bt_iso_qos *qos)
1843{
1844 struct hci_conn *cis;
1845
c14516fa
LAD		 1846 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1847 qos->ucast.cis);
26afbd82 1848 if (!cis) {
181a42ed 1849 cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
26afbd82
LAD		 1850 if (!cis)
1851 return ERR_PTR(-ENOMEM);
1852 cis->cleanup = cis_cleanup;
b36a234d 1853 cis->dst_type = dst_type;
b5793de3
PV		 1854 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1855 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
26afbd82
LAD		 1856 }
1857
1858 if (cis->state == BT_CONNECTED)
1859 return cis;
1860
1861 /* Check if CIS has been set and the settings matches */
1862 if (cis->state == BT_BOUND &&
1863 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1864 return cis;
1865
1866 /* Update LINK PHYs according to QoS preference */
0fe8c8d0
IT		 1867 cis->le_tx_phy = qos->ucast.out.phy;
1868 cis->le_rx_phy = qos->ucast.in.phy;
26afbd82
LAD		 1869
1870 /* If output interval is not set use the input interval as it cannot be
1871 * 0x000000.
1872 */
0fe8c8d0
IT		 1873 if (!qos->ucast.out.interval)
1874 qos->ucast.out.interval = qos->ucast.in.interval;
26afbd82
LAD		 1875
1876 /* If input interval is not set use the output interval as it cannot be
1877 * 0x000000.
1878 */
0fe8c8d0
IT		 1879 if (!qos->ucast.in.interval)
1880 qos->ucast.in.interval = qos->ucast.out.interval;
26afbd82
LAD		 1881
1882 /* If output latency is not set use the input latency as it cannot be
1883 * 0x0000.
1884 */
0fe8c8d0
IT		 1885 if (!qos->ucast.out.latency)
1886 qos->ucast.out.latency = qos->ucast.in.latency;
26afbd82
LAD		 1887
1888 /* If input latency is not set use the output latency as it cannot be
1889 * 0x0000.
1890 */
0fe8c8d0
IT		 1891 if (!qos->ucast.in.latency)
1892 qos->ucast.in.latency = qos->ucast.out.latency;
26afbd82 1893
26afbd82
LAD		 1894 if (!hci_le_set_cig_params(cis, qos)) {
1895 hci_conn_drop(cis);
1896 return ERR_PTR(-EINVAL);
1897 }
1898
69997d50
PV		 1899 hci_conn_hold(cis);
1900
26afbd82
LAD		 1901 cis->iso_qos = *qos;
1902 cis->state = BT_BOUND;
1903
1904 return cis;
1905}
1906
1907bool hci_iso_setup_path(struct hci_conn *conn)
1908{
1909 struct hci_dev *hdev = conn->hdev;
1910 struct hci_cp_le_setup_iso_path cmd;
1911
1912 memset(&cmd, 0, sizeof(cmd));
1913
0fe8c8d0 1914 if (conn->iso_qos.ucast.out.sdu) {
26afbd82
LAD		 1915 cmd.handle = cpu_to_le16(conn->handle);
1916 cmd.direction = 0x00; /* Input (Host to Controller) */
1917 cmd.path = 0x00; /* HCI path if enabled */
1918 cmd.codec = 0x03; /* Transparent Data */
1919
1920 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1921 &cmd) < 0)
1922 return false;
1923 }
1924
0fe8c8d0 1925 if (conn->iso_qos.ucast.in.sdu) {
26afbd82
LAD		 1926 cmd.handle = cpu_to_le16(conn->handle);
1927 cmd.direction = 0x01; /* Output (Controller to Host) */
1928 cmd.path = 0x00; /* HCI path if enabled */
1929 cmd.codec = 0x03; /* Transparent Data */
1930
1931 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1932 &cmd) < 0)
1933 return false;
1934 }
1935
1936 return true;
1937}
1938
7f74563e 1939int hci_conn_check_create_cis(struct hci_conn *conn)
26afbd82 1940{
7f74563e
PV		 1941 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1942 return -EINVAL;
26afbd82 1943
7f74563e 1944 if (!conn->parent || conn->parent->state != BT_CONNECTED ||
9f78191c 1945 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
7f74563e 1946 return 1;
26afbd82 1947
7f74563e
PV		 1948 return 0;
1949}
06149746 1950
7f74563e
PV		 1951static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1952{
1953 return hci_le_create_cis_sync(hdev);
1954}
06149746 1955
7f74563e
PV		 1956int hci_le_create_cis_pending(struct hci_dev *hdev)
1957{
1958 struct hci_conn *conn;
1959 bool pending = false;
06149746 1960
7f74563e 1961 rcu_read_lock();
06149746 1962
7f74563e
PV		 1963 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1964 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
1965 rcu_read_unlock();
1966 return -EBUSY;
06149746
LAD		 1967 }
1968
7f74563e
PV		 1969 if (!hci_conn_check_create_cis(conn))
1970 pending = true;
26afbd82
LAD		 1971 }
1972
7f74563e
PV		 1973 rcu_read_unlock();
1974
1975 if (!pending)
26afbd82
LAD		 1976 return 0;
1977
1978 /* Queue Create CIS */
7f74563e 1979 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
26afbd82
LAD		 1980}
1981
1982static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
1983 struct bt_iso_io_qos *qos, __u8 phy)
1984{
1985 /* Only set MTU if PHY is enabled */
1986 if (!qos->sdu && qos->phy) {
1987 if (hdev->iso_mtu > 0)
1988 qos->sdu = hdev->iso_mtu;
1989 else if (hdev->le_mtu > 0)
1990 qos->sdu = hdev->le_mtu;
1991 else
1992 qos->sdu = hdev->acl_mtu;
1993 }
1994
1995 /* Use the same PHY as ACL if set to any */
1996 if (qos->phy == BT_ISO_PHY_ANY)
1997 qos->phy = phy;
1998
1999 /* Use LE ACL connection interval if not set */
2000 if (!qos->interval)
2001 /* ACL interval unit in 1.25 ms to us */
2002 qos->interval = conn->le_conn_interval * 1250;
2003
2004 /* Use LE ACL connection latency if not set */
2005 if (!qos->latency)
2006 qos->latency = conn->le_conn_latency;
2007}
2008
eca0ae4a
LAD		 2009static int create_big_sync(struct hci_dev *hdev, void *data)
2010{
2011 struct hci_conn *conn = data;
2012 struct bt_iso_qos *qos = &conn->iso_qos;
2013 u16 interval, sync_interval = 0;
2014 u32 flags = 0;
2015 int err;
2016
0fe8c8d0 2017 if (qos->bcast.out.phy == 0x02)
eca0ae4a
LAD		 2018 flags |= MGMT_ADV_FLAG_SEC_2M;
2019
2020 /* Align intervals */
14f0dcec 2021 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
eca0ae4a 2022
0fe8c8d0 2023 if (qos->bcast.bis)
14f0dcec 2024 sync_interval = interval * 4;
eca0ae4a 2025
0fe8c8d0 2026 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
eca0ae4a
LAD		 2027 conn->le_per_adv_data, flags, interval,
2028 interval, sync_interval);
2029 if (err)
2030 return err;
2031
2032 return hci_le_create_big(conn, &conn->iso_qos);
2033}
2034
2035static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2036{
2037 struct hci_cp_le_pa_create_sync *cp = data;
2038
2039 bt_dev_dbg(hdev, "");
2040
2041 if (err)
2042 bt_dev_err(hdev, "Unable to create PA: %d", err);
2043
2044 kfree(cp);
2045}
2046
2047static int create_pa_sync(struct hci_dev *hdev, void *data)
2048{
2049 struct hci_cp_le_pa_create_sync *cp = data;
2050 int err;
2051
2052 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2053 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2054 if (err) {
2055 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2056 return err;
2057 }
2058
2059 return hci_update_passive_scan_sync(hdev);
2060}
2061
02171da6
IT		 2062struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst,
2063 __u8 dst_type, __u8 sid,
2064 struct bt_iso_qos *qos)
eca0ae4a
LAD		 2065{
2066 struct hci_cp_le_pa_create_sync *cp;
02171da6
IT		 2067 struct hci_conn *conn;
2068 int err;
eca0ae4a
LAD		 2069
2070 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
02171da6
IT		 2071 return ERR_PTR(-EBUSY);
2072
2073 conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE);
2074 if (!conn)
2075 return ERR_PTR(-ENOMEM);
2076
2077 conn->iso_qos = *qos;
2078 conn->state = BT_LISTEN;
2079
2080 hci_conn_hold(conn);
eca0ae4a 2081
37224a29 2082 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
eca0ae4a
LAD		 2083 if (!cp) {
2084 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
02171da6
IT		 2085 hci_conn_drop(conn);
2086 return ERR_PTR(-ENOMEM);
eca0ae4a
LAD		 2087 }
2088
0fe8c8d0 2089 cp->options = qos->bcast.options;
eca0ae4a
LAD		 2090 cp->sid = sid;
2091 cp->addr_type = dst_type;
2092 bacpy(&cp->addr, dst);
0fe8c8d0
IT		 2093 cp->skip = cpu_to_le16(qos->bcast.skip);
2094 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2095 cp->sync_cte_type = qos->bcast.sync_cte_type;
eca0ae4a
LAD		 2096
2097 /* Queue start pa_create_sync and scan */
02171da6
IT		 2098 err = hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2099 if (err < 0) {
2100 hci_conn_drop(conn);
2101 kfree(cp);
2102 return ERR_PTR(err);
2103 }
2104
2105 return conn;
eca0ae4a
LAD		 2106}
2107
fbdc4bc4
IT		 2108int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
2109 struct bt_iso_qos *qos,
eca0ae4a
LAD		 2110 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2111{
2112 struct _packed {
2113 struct hci_cp_le_big_create_sync cp;
2114 __u8 bis[0x11];
2115 } pdu;
2116 int err;
2117
31ca583b 2118 if (num_bis < 0x01 || num_bis > sizeof(pdu.bis))
eca0ae4a
LAD		 2119 return -EINVAL;
2120
2121 err = qos_set_big(hdev, qos);
2122 if (err)
2123 return err;
2124
fbdc4bc4
IT		 2125 if (hcon)
2126 hcon->iso_qos.bcast.big = qos->bcast.big;
2127
eca0ae4a 2128 memset(&pdu, 0, sizeof(pdu));
0fe8c8d0 2129 pdu.cp.handle = qos->bcast.big;
eca0ae4a 2130 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
0fe8c8d0
IT		 2131 pdu.cp.encryption = qos->bcast.encryption;
2132 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2133 pdu.cp.mse = qos->bcast.mse;
2134 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
eca0ae4a
LAD		 2135 pdu.cp.num_bis = num_bis;
2136 memcpy(pdu.bis, bis, num_bis);
2137
2138 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2139 sizeof(pdu.cp) + num_bis, &pdu);
2140}
2141
2142static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2143{
2144 struct hci_conn *conn = data;
2145
2146 bt_dev_dbg(hdev, "conn %p", conn);
2147
2148 if (err) {
2149 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2150 hci_connect_cfm(conn, err);
2151 hci_conn_del(conn);
2152 }
2153}
2154
a0bfde16
IT		 2155struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2156 struct bt_iso_qos *qos,
2157 __u8 base_len, __u8 *base)
eca0ae4a
LAD		 2158{
2159 struct hci_conn *conn;
fa224d0c 2160 struct hci_conn *parent;
a0bfde16 2161 __u8 eir[HCI_MAX_PER_AD_LENGTH];
fa224d0c
IT		 2162 struct hci_link *link;
2163
2164 /* Look for any BIS that is open for rebinding */
2165 conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN);
2166 if (conn) {
2167 memcpy(qos, &conn->iso_qos, sizeof(*qos));
2168 conn->state = BT_CONNECTED;
2169 return conn;
2170 }
a0bfde16
IT		 2171
2172 if (base_len && base)
2173 base_len = eir_append_service_data(eir, 0, 0x1851,
2174 base, base_len);
eca0ae4a
LAD		 2175
2176 /* We need hci_conn object using the BDADDR_ANY as dst */
a0bfde16 2177 conn = hci_add_bis(hdev, dst, qos, base_len, eir);
eca0ae4a
LAD		 2178 if (IS_ERR(conn))
2179 return conn;
2180
a0bfde16
IT		 2181 /* Update LINK PHYs according to QoS preference */
2182 conn->le_tx_phy = qos->bcast.out.phy;
2183 conn->le_tx_phy = qos->bcast.out.phy;
eca0ae4a
LAD		 2184
2185 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2186 if (base_len && base) {
a0bfde16 2187 memcpy(conn->le_per_adv_data, eir, sizeof(eir));
eca0ae4a
LAD		 2188 conn->le_per_adv_data_len = base_len;
2189 }
2190
a0bfde16
IT		 2191 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2192 conn->le_tx_phy ? conn->le_tx_phy :
2193 hdev->le_tx_def_phys);
2194
2195 conn->iso_qos = *qos;
2196 conn->state = BT_BOUND;
2197
fa224d0c
IT		 2198 /* Link BISes together */
2199 parent = hci_conn_hash_lookup_big(hdev,
2200 conn->iso_qos.bcast.big);
2201 if (parent && parent != conn) {
2202 link = hci_conn_link(parent, conn);
2203 if (!link) {
2204 hci_conn_drop(conn);
2205 return ERR_PTR(-ENOLINK);
2206 }
2207
2208 /* Link takes the refcount */
2209 hci_conn_drop(conn);
2210 }
2211
a0bfde16
IT		 2212 return conn;
2213}
2214
2215static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2216{
2217 struct iso_list_data *d = data;
2218
2219 /* Skip if not broadcast/ANY address */
2220 if (bacmp(&conn->dst, BDADDR_ANY))
2221 return;
2222
2223 if (d->big != conn->iso_qos.bcast.big ||
2224 d->bis == BT_ISO_QOS_BIS_UNSET ||
2225 d->bis != conn->iso_qos.bcast.bis)
2226 return;
2227
2228 set_bit(HCI_CONN_PER_ADV, &conn->flags);
2229}
2230
2231struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2232 __u8 dst_type, struct bt_iso_qos *qos,
2233 __u8 base_len, __u8 *base)
2234{
2235 struct hci_conn *conn;
2236 int err;
2237 struct iso_list_data data;
2238
2239 conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2240 if (IS_ERR(conn))
2241 return conn;
2242
fa224d0c
IT		 2243 if (conn->state == BT_CONNECTED)
2244 return conn;
2245
a0bfde16
IT		 2246 data.big = qos->bcast.big;
2247 data.bis = qos->bcast.bis;
2248
2249 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2250 * the start periodic advertising and create BIG commands have
2251 * been queued
2252 */
2253 hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2254 BT_BOUND, &data);
2255
eca0ae4a
LAD		 2256 /* Queue start periodic advertising and create BIG */
2257 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2258 create_big_complete);
2259 if (err < 0) {
2260 hci_conn_drop(conn);
2261 return ERR_PTR(err);
2262 }
2263
eca0ae4a
LAD		 2264 return conn;
2265}
2266
26afbd82
LAD		 2267struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2268 __u8 dst_type, struct bt_iso_qos *qos)
2269{
2270 struct hci_conn *le;
2271 struct hci_conn *cis;
06149746 2272 struct hci_link *link;
26afbd82 2273
26afbd82
LAD		 2274 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2275 le = hci_connect_le(hdev, dst, dst_type, false,
2276 BT_SECURITY_LOW,
2277 HCI_LE_CONN_TIMEOUT,
2e7ed5f5 2278 HCI_ROLE_SLAVE, 0, 0);
26afbd82
LAD		 2279 else
2280 le = hci_connect_le_scan(hdev, dst, dst_type,
2281 BT_SECURITY_LOW,
2282 HCI_LE_CONN_TIMEOUT,
2283 CONN_REASON_ISO_CONNECT);
2284 if (IS_ERR(le))
2285 return le;
2286
0fe8c8d0 2287 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
26afbd82 2288 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
0fe8c8d0 2289 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
26afbd82
LAD		 2290 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2291
2292 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2293 if (IS_ERR(cis)) {
2294 hci_conn_drop(le);
2295 return cis;
2296 }
2297
06149746
LAD		 2298 link = hci_conn_link(le, cis);
2299 if (!link) {
2300 hci_conn_drop(le);
2301 hci_conn_drop(cis);
b4066eb0 2302 return ERR_PTR(-ENOLINK);
06149746 2303 }
26afbd82 2304
69997d50
PV		 2305 /* Link takes the refcount */
2306 hci_conn_drop(cis);
2307
7f74563e
PV		 2308 cis->state = BT_CONNECT;
2309
2310 hci_le_create_cis_pending(hdev);
26afbd82
LAD		 2311
2312 return cis;
2313}
2314
e7c29cb1
MH		 2315/* Check link security requirement */
2316int hci_conn_check_link_mode(struct hci_conn *conn)
2317{
38b3fef1 2318 BT_DBG("hcon %p", conn);
e7c29cb1 2319
40b552aa
MH		 2320 /* In Secure Connections Only mode, it is required that Secure
2321 * Connections is used and the link is encrypted with AES-CCM
2322 * using a P-256 authenticated combination key.
2323 */
d7a5a11d 2324 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
40b552aa
MH		 2325 if (!hci_conn_sc_enabled(conn) ||
2326 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2327 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2328 return 0;
2329 }
2330
8746f135
LAD		 2331 /* AES encryption is required for Level 4:
2332 *
2333 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2334 * page 1319:
2335 *
2336 * 128-bit equivalent strength for link and encryption keys
2337 * required using FIPS approved algorithms (E0 not allowed,
2338 * SAFER+ not allowed, and P-192 not allowed; encryption key
2339 * not shortened)
2340 */
2341 if (conn->sec_level == BT_SECURITY_FIPS &&
2342 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2343 bt_dev_err(conn->hdev,
2344 "Invalid security: Missing AES-CCM usage");
2345 return 0;
2346 }
2347
4dae2798
JH		 2348 if (hci_conn_ssp_enabled(conn) &&
2349 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 2350 return 0;
2351
2352 return 1;
2353}
e7c29cb1 2354
1da177e4 2355/* Authenticate remote device */
0684e5f9 2356static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 2357{
38b3fef1 2358 BT_DBG("hcon %p", conn);
1da177e4 2359
765c2a96
JH		 2360 if (conn->pending_sec_level > sec_level)
2361 sec_level = conn->pending_sec_level;
2362
96a31833 2363 if (sec_level > conn->sec_level)
765c2a96 2364 conn->pending_sec_level = sec_level;
4dae2798 2365 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 2366 return 1;
2367
65cf686e
JH		 2368 /* Make sure we preserve an existing MITM requirement*/
2369 auth_type |= (conn->auth_type & 0x01);
2370
96a31833
MH		 2371 conn->auth_type = auth_type;
2372
51a8efd7 2373 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 2374 struct hci_cp_auth_requested cp;
b7d05bad 2375
aca3192c 2376 cp.handle = cpu_to_le16(conn->handle);
40be492f 2377 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 2378 sizeof(cp), &cp);
09da1f34 2379
d03376c1
LAD		 2380 /* Set the ENCRYPT_PEND to trigger encryption after
2381 * authentication.
09da1f34 2382 */
d03376c1 2383 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
09da1f34 2384 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2385 }
8c1b2355 2386
1da177e4
LT		 2387 return 0;
2388}
1da177e4 2389
bb6d6895 2390/* Encrypt the link */
13d39315
WR		 2391static void hci_conn_encrypt(struct hci_conn *conn)
2392{
38b3fef1 2393 BT_DBG("hcon %p", conn);
13d39315 2394
51a8efd7 2395 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 2396 struct hci_cp_set_conn_encrypt cp;
2397 cp.handle = cpu_to_le16(conn->handle);
2398 cp.encrypt = 0x01;
2399 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 2400 &cp);
13d39315
WR		 2401 }
2402}
2403
8c1b2355 2404/* Enable security */
e7cafc45
JH		 2405int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2406 bool initiator)
1da177e4 2407{
38b3fef1 2408 BT_DBG("hcon %p", conn);
1da177e4 2409
d8343f12
VCG		 2410 if (conn->type == LE_LINK)
2411 return smp_conn_security(conn, sec_level);
2412
13d39315 2413 /* For sdp we don't need the link key. */
8c1b2355
MH		 2414 if (sec_level == BT_SECURITY_SDP)
2415 return 1;
2416
13d39315
WR		 2417 /* For non 2.1 devices and low security level we don't need the link
2418 key. */
aa64a8b5 2419 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 2420 return 1;
8c1b2355 2421
13d39315 2422 /* For other security levels we need the link key. */
4dae2798 2423 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 2424 goto auth;
2425
1d8e8014
YH		 2426 switch (conn->key_type) {
2427 case HCI_LK_AUTH_COMBINATION_P256:
2428 /* An authenticated FIPS approved combination key has
2429 * sufficient security for security level 4 or lower.
2430 */
2431 if (sec_level <= BT_SECURITY_FIPS)
2432 goto encrypt;
2433 break;
2434 case HCI_LK_AUTH_COMBINATION_P192:
2435 /* An authenticated combination key has sufficient security for
2436 * security level 3 or lower.
2437 */
2438 if (sec_level <= BT_SECURITY_HIGH)
2439 goto encrypt;
2440 break;
2441 case HCI_LK_UNAUTH_COMBINATION_P192:
2442 case HCI_LK_UNAUTH_COMBINATION_P256:
2443 /* An unauthenticated combination key has sufficient security
2444 * for security level 2 or lower.
2445 */
2446 if (sec_level <= BT_SECURITY_MEDIUM)
2447 goto encrypt;
2448 break;
2449 case HCI_LK_COMBINATION:
2450 /* A combination key has always sufficient security for the
2451 * security levels 2 or lower. High security level requires the
2452 * combination key is generated using maximum PIN code length
2453 * (16). For pre 2.1 units.
2454 */
2455 if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16)
2456 goto encrypt;
2457 break;
2458 default:
2459 break;
2460 }
13d39315
WR		 2461
2462auth:
51a8efd7 2463 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 2464 return 0;
2465
977f8fce
JH		 2466 if (initiator)
2467 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2468
6fdf658c
LAD		 2469 if (!hci_conn_auth(conn, sec_level, auth_type))
2470 return 0;
13d39315
WR		 2471
2472encrypt:
693cd8ce
MH		 2473 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2474 /* Ensure that the encryption key size has been read,
2475 * otherwise stall the upper layer responses.
2476 */
2477 if (!conn->enc_key_size)
2478 return 0;
2479
2480 /* Nothing else needed, all requirements are met */
13d39315 2481 return 1;
693cd8ce 2482 }
8c1b2355 2483
13d39315 2484 hci_conn_encrypt(conn);
1da177e4
LT		 2485 return 0;
2486}
8c1b2355 2487EXPORT_SYMBOL(hci_conn_security);
1da177e4 2488
b3b1b061
WR		 2489/* Check secure link requirement */
2490int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2491{
38b3fef1 2492 BT_DBG("hcon %p", conn);
b3b1b061 2493
9cb2e030
MH		 2494 /* Accept if non-secure or higher security level is required */
2495 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2496 return 1;
b3b1b061 2497
9cb2e030
MH		 2498 /* Accept if secure or higher security level is already present */
2499 if (conn->sec_level == BT_SECURITY_HIGH ||
2500 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 2501 return 1;
2502
9cb2e030
MH		 2503 /* Reject not secure link */
2504 return 0;
b3b1b061
WR		 2505}
2506EXPORT_SYMBOL(hci_conn_check_secure);
2507
1da177e4 2508/* Switch role */
8c1b2355 2509int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 2510{
38b3fef1 2511 BT_DBG("hcon %p", conn);
1da177e4 2512
40bef302 2513 if (role == conn->role)
1da177e4
LT		 2514 return 1;
2515
51a8efd7 2516 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 2517 struct hci_cp_switch_role cp;
2518 bacpy(&cp.bdaddr, &conn->dst);
2519 cp.role = role;
a9de9248 2520 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 2521 }
8c1b2355 2522
1da177e4
LT		 2523 return 0;
2524}
2525EXPORT_SYMBOL(hci_conn_switch_role);
2526
04837f64 2527/* Enter active mode */
14b12d0b 2528void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 2529{
2530 struct hci_dev *hdev = conn->hdev;
2531
38b3fef1 2532 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 2533
14b12d0b
JG		 2534 if (conn->mode != HCI_CM_SNIFF)
2535 goto timer;
2536
58a681ef 2537 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 2538 goto timer;
2539
51a8efd7 2540 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 2541 struct hci_cp_exit_sniff_mode cp;
aca3192c 2542 cp.handle = cpu_to_le16(conn->handle);
a9de9248 2543 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 2544 }
2545
2546timer:
2547 if (hdev->idle_timeout > 0)
a74a84f6
JH		 2548 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2549 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 2550}
2551
1da177e4
LT		 2552/* Drop all connection on the device */
2553void hci_conn_hash_flush(struct hci_dev *hdev)
2554{
a2ac591c
RL		 2555 struct list_head *head = &hdev->conn_hash.list;
2556 struct hci_conn *conn;
1da177e4
LT		 2557
2558 BT_DBG("hdev %s", hdev->name);
2559
a2ac591c
RL		 2560 /* We should not traverse the list here, because hci_conn_del
2561 * can remove extra links, which may cause the list traversal
2562 * to hit items that have already been released.
2563 */
2564 while ((conn = list_first_entry_or_null(head,
2565 struct hci_conn,
2566 list)) != NULL) {
2567 conn->state = BT_CLOSED;
2568 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
a2ac591c 2569 hci_conn_del(conn);
1da177e4
LT		 2570 }
2571}
2572
4dae2798
JH		 2573static u32 get_link_mode(struct hci_conn *conn)
2574{
2575 u32 link_mode = 0;
2576
40bef302 2577 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 2578 link_mode |= HCI_LM_MASTER;
2579
2580 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2581 link_mode |= HCI_LM_ENCRYPT;
2582
2583 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2584 link_mode |= HCI_LM_AUTH;
2585
2586 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2587 link_mode |= HCI_LM_SECURE;
2588
2589 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2590 link_mode |= HCI_LM_FIPS;
2591
2592 return link_mode;
2593}
2594
1da177e4
LT		 2595int hci_get_conn_list(void __user *arg)
2596{
fc5fef61 2597 struct hci_conn *c;
1da177e4
LT		 2598 struct hci_conn_list_req req, *cl;
2599 struct hci_conn_info *ci;
2600 struct hci_dev *hdev;
1da177e4
LT		 2601 int n = 0, size, err;
2602
2603 if (copy_from_user(&req, arg, sizeof(req)))
2604 return -EFAULT;
2605
2606 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2607 return -EINVAL;
2608
2609 size = sizeof(req) + req.conn_num * sizeof(*ci);
2610
70f23020
AE		 2611 cl = kmalloc(size, GFP_KERNEL);
2612 if (!cl)
1da177e4
LT		 2613 return -ENOMEM;
2614
70f23020
AE		 2615 hdev = hci_dev_get(req.dev_id);
2616 if (!hdev) {
1da177e4
LT		 2617 kfree(cl);
2618 return -ENODEV;
2619 }
2620
2621 ci = cl->conn_info;
2622
09fd0de5 2623 hci_dev_lock(hdev);
8035ded4 2624 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 2625 bacpy(&(ci + n)->bdaddr, &c->dst);
2626 (ci + n)->handle = c->handle;
2627 (ci + n)->type = c->type;
2628 (ci + n)->out = c->out;
2629 (ci + n)->state = c->state;
4dae2798 2630 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 2631 if (++n >= req.conn_num)
2632 break;
2633 }
09fd0de5 2634 hci_dev_unlock(hdev);
1da177e4
LT		 2635
2636 cl->dev_id = hdev->id;
2637 cl->conn_num = n;
2638 size = sizeof(req) + n * sizeof(*ci);
2639
2640 hci_dev_put(hdev);
2641
2642 err = copy_to_user(arg, cl, size);
2643 kfree(cl);
2644
2645 return err ? -EFAULT : 0;
2646}
2647
2648int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2649{
2650 struct hci_conn_info_req req;
2651 struct hci_conn_info ci;
2652 struct hci_conn *conn;
2653 char __user *ptr = arg + sizeof(req);
2654
2655 if (copy_from_user(&req, arg, sizeof(req)))
2656 return -EFAULT;
2657
09fd0de5 2658 hci_dev_lock(hdev);
1da177e4
LT		 2659 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2660 if (conn) {
2661 bacpy(&ci.bdaddr, &conn->dst);
2662 ci.handle = conn->handle;
2663 ci.type = conn->type;
2664 ci.out = conn->out;
2665 ci.state = conn->state;
4dae2798 2666 ci.link_mode = get_link_mode(conn);
1da177e4 2667 }
09fd0de5 2668 hci_dev_unlock(hdev);
1da177e4
LT		 2669
2670 if (!conn)
2671 return -ENOENT;
2672
2673 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2674}
40be492f
MH		 2675
2676int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2677{
2678 struct hci_auth_info_req req;
2679 struct hci_conn *conn;
2680
2681 if (copy_from_user(&req, arg, sizeof(req)))
2682 return -EFAULT;
2683
09fd0de5 2684 hci_dev_lock(hdev);
40be492f
MH		 2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2686 if (conn)
2687 req.type = conn->auth_type;
09fd0de5 2688 hci_dev_unlock(hdev);
40be492f
MH		 2689
2690 if (!conn)
2691 return -ENOENT;
2692
2693 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2694}
73d80deb
LAD		 2695
2696struct hci_chan *hci_chan_create(struct hci_conn *conn)
2697{
2698 struct hci_dev *hdev = conn->hdev;
2699 struct hci_chan *chan;
2700
38b3fef1 2701 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 2702
f94b665d
JH		 2703 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2704 BT_DBG("Refusing to create new hci_chan");
2705 return NULL;
2706 }
2707
27f70f3e 2708 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 2709 if (!chan)
2710 return NULL;
2711
6c388d32 2712 chan->conn = hci_conn_get(conn);
73d80deb 2713 skb_queue_head_init(&chan->data_q);
168df8e5 2714 chan->state = BT_CONNECTED;
73d80deb 2715
8192edef 2716 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 2717
2718 return chan;
2719}
2720
9472007c 2721void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 2722{
2723 struct hci_conn *conn = chan->conn;
2724 struct hci_dev *hdev = conn->hdev;
2725
38b3fef1 2726 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 2727
8192edef
GP		 2728 list_del_rcu(&chan->list);
2729
2730 synchronize_rcu();
73d80deb 2731
bcbb655a 2732 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 2733 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 2734
6c388d32 2735 hci_conn_put(conn);
e9b02748 2736
73d80deb
LAD		 2737 skb_queue_purge(&chan->data_q);
2738 kfree(chan);
73d80deb
LAD		 2739}
2740
2c33c06a 2741void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 2742{
2a5a5ec6 2743 struct hci_chan *chan, *n;
73d80deb 2744
38b3fef1 2745 BT_DBG("hcon %p", conn);
73d80deb 2746
2a5a5ec6 2747 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 2748 hci_chan_del(chan);
2749}
42c4e53e
AE		 2750
2751static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2752 __u16 handle)
2753{
2754 struct hci_chan *hchan;
2755
2756 list_for_each_entry(hchan, &hcon->chan_list, list) {
2757 if (hchan->handle == handle)
2758 return hchan;
2759 }
2760
2761 return NULL;
2762}
2763
2764struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2765{
2766 struct hci_conn_hash *h = &hdev->conn_hash;
2767 struct hci_conn *hcon;
2768 struct hci_chan *hchan = NULL;
2769
2770 rcu_read_lock();
2771
2772 list_for_each_entry_rcu(hcon, &h->list, list) {
2773 hchan = __hci_chan_lookup_handle(hcon, handle);
2774 if (hchan)
2775 break;
2776 }
2777
2778 rcu_read_unlock();
2779
2780 return hchan;
2781}
eab2404b
LAD		 2782
2783u32 hci_conn_get_phy(struct hci_conn *conn)
2784{
2785 u32 phys = 0;
2786
eab2404b
LAD		 2787 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2788 * Table 6.2: Packets defined for synchronous, asynchronous, and
6397729b 2789 * CPB logical transport types.
eab2404b
LAD		 2790 */
2791 switch (conn->type) {
2792 case SCO_LINK:
2793 /* SCO logical transport (1 Mb/s):
2794 * HV1, HV2, HV3 and DV.
2795 */
2796 phys |= BT_PHY_BR_1M_1SLOT;
2797
2798 break;
2799
2800 case ACL_LINK:
2801 /* ACL logical transport (1 Mb/s) ptt=0:
2802 * DH1, DM3, DH3, DM5 and DH5.
2803 */
2804 phys |= BT_PHY_BR_1M_1SLOT;
2805
2806 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2807 phys |= BT_PHY_BR_1M_3SLOT;
2808
2809 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2810 phys |= BT_PHY_BR_1M_5SLOT;
2811
2812 /* ACL logical transport (2 Mb/s) ptt=1:
2813 * 2-DH1, 2-DH3 and 2-DH5.
2814 */
2815 if (!(conn->pkt_type & HCI_2DH1))
2816 phys |= BT_PHY_EDR_2M_1SLOT;
2817
2818 if (!(conn->pkt_type & HCI_2DH3))
2819 phys |= BT_PHY_EDR_2M_3SLOT;
2820
2821 if (!(conn->pkt_type & HCI_2DH5))
2822 phys |= BT_PHY_EDR_2M_5SLOT;
2823
2824 /* ACL logical transport (3 Mb/s) ptt=1:
2825 * 3-DH1, 3-DH3 and 3-DH5.
2826 */
2827 if (!(conn->pkt_type & HCI_3DH1))
2828 phys |= BT_PHY_EDR_3M_1SLOT;
2829
2830 if (!(conn->pkt_type & HCI_3DH3))
2831 phys |= BT_PHY_EDR_3M_3SLOT;
2832
2833 if (!(conn->pkt_type & HCI_3DH5))
2834 phys |= BT_PHY_EDR_3M_5SLOT;
2835
2836 break;
2837
2838 case ESCO_LINK:
2839 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2840 phys |= BT_PHY_BR_1M_1SLOT;
2841
2842 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2843 phys |= BT_PHY_BR_1M_3SLOT;
2844
2845 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2846 if (!(conn->pkt_type & ESCO_2EV3))
2847 phys |= BT_PHY_EDR_2M_1SLOT;
2848
2849 if (!(conn->pkt_type & ESCO_2EV5))
2850 phys |= BT_PHY_EDR_2M_3SLOT;
2851
2852 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2853 if (!(conn->pkt_type & ESCO_3EV3))
2854 phys |= BT_PHY_EDR_3M_1SLOT;
2855
2856 if (!(conn->pkt_type & ESCO_3EV5))
2857 phys |= BT_PHY_EDR_3M_3SLOT;
2858
2859 break;
2860
2861 case LE_LINK:
2862 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2863 phys |= BT_PHY_LE_1M_TX;
2864
2865 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2866 phys |= BT_PHY_LE_1M_RX;
2867
2868 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2869 phys |= BT_PHY_LE_2M_TX;
2870
2871 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2872 phys |= BT_PHY_LE_2M_RX;
2873
2874 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2875 phys |= BT_PHY_LE_CODED_TX;
2876
2877 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2878 phys |= BT_PHY_LE_CODED_RX;
2879
2880 break;
2881 }
2882
eab2404b
LAD		 2883 return phys;
2884}
1a942de0 2885
a13f316e 2886static int abort_conn_sync(struct hci_dev *hdev, void *data)
1a942de0 2887{
881559af 2888 struct hci_conn *conn = data;
1a942de0 2889
881559af
LAD		 2890 if (!hci_conn_valid(hdev, conn))
2891 return -ECANCELED;
b62e7220 2892
a13f316e
LAD		 2893 return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2894}
1a942de0 2895
a13f316e
LAD		 2896int hci_abort_conn(struct hci_conn *conn, u8 reason)
2897{
2898 struct hci_dev *hdev = conn->hdev;
1a942de0 2899
a13f316e
LAD		 2900 /* If abort_reason has already been set it means the connection is
2901 * already being aborted so don't attempt to overwrite it.
2902 */
2903 if (conn->abort_reason)
2904 return 0;
1a942de0 2905
a13f316e 2906 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
1a942de0 2907
a13f316e 2908 conn->abort_reason = reason;
1a942de0 2909
a13f316e
LAD		 2910 /* If the connection is pending check the command opcode since that
2911 * might be blocking on hci_cmd_sync_work while waiting its respective
2912 * event so we need to hci_cmd_sync_cancel to cancel it.
04a51d61
LAD		 2913 *
2914 * hci_connect_le serializes the connection attempts so only one
2915 * connection can be in BT_CONNECT at time.
a13f316e
LAD		 2916 */
2917 if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2918 switch (hci_skb_event(hdev->sent_cmd)) {
5f641f03 2919 case HCI_EV_CONN_COMPLETE:
a13f316e
LAD		 2920 case HCI_EV_LE_CONN_COMPLETE:
2921 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2922 case HCI_EVT_LE_CIS_ESTABLISHED:
2615fd9a 2923 hci_cmd_sync_cancel(hdev, ECANCELED);
a13f316e 2924 break;
1a942de0 2925 }
881559af
LAD		 2926 /* Cancel connect attempt if still queued/pending */
2927 } else if (!hci_cancel_connect_sync(hdev, conn)) {
2928 return 0;
1a942de0
BG		 2929 }
2930
881559af 2931 return hci_cmd_sync_queue_once(hdev, abort_conn_sync, conn, NULL);
1a942de0 2932}
Linux 6.x block layer and io_uring tree(s)