projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: btintel: Fixe build regression
[linux-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
0fe8c8d0 4 Copyright 2023 NXP
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI connection handling. */
27
8c520a59 28#include <linux/export.h>
23b9ceb7 29#include <linux/debugfs.h>
1da177e4
LT		 30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
eca0ae4a
LAD		 34#include <net/bluetooth/iso.h>
35#include <net/bluetooth/mgmt.h>
1da177e4 36
0857dd3b 37#include "hci_request.h"
ac4b7236 38#include "smp.h"
eca0ae4a 39#include "eir.h"
7024728e 40
2dea632f
FD		 41struct sco_param {
42 u16 pkt_type;
43 u16 max_latency;
c7da5797 44 u8 retrans_effort;
2dea632f
FD		 45};
46
e07a06b4
BG		 47struct conn_handle_t {
48 struct hci_conn *conn;
49 __u16 handle;
50};
51
48e68ff5 52static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 53 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
55 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
56 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
57 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 58};
59
48e68ff5 60static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 61 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
62 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 63};
64
565766b0 65static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 66 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
67 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 68};
69
f75113a2 70/* This function requires the caller holds hdev->lock */
881559af 71void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
f75113a2
JP		 72{
73 struct hci_conn_params *params;
b5c2b621 74 struct hci_dev *hdev = conn->hdev;
f75113a2
JP		 75 struct smp_irk *irk;
76 bdaddr_t *bdaddr;
77 u8 bdaddr_type;
78
79 bdaddr = &conn->dst;
80 bdaddr_type = conn->dst_type;
81
82 /* Check if we need to convert to identity address */
b5c2b621 83 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
f75113a2
JP		 84 if (irk) {
85 bdaddr = &irk->bdaddr;
86 bdaddr_type = irk->addr_type;
87 }
88
17bc08f0
JH		 89 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
90 bdaddr_type);
19cf60bf 91 if (!params)
f75113a2
JP		 92 return;
93
19cf60bf
LAD		 94 if (params->conn) {
95 hci_conn_drop(params->conn);
96 hci_conn_put(params->conn);
97 params->conn = NULL;
98 }
99
100 if (!params->explicit_connect)
101 return;
102
103 /* If the status indicates successful cancellation of
104 * the attempt (i.e. Unknown Connection Id) there's no point of
105 * notifying failure since we'll go back to keep trying to
106 * connect. The only exception is explicit connect requests
107 * where a timeout + cancel does indicate an actual failure.
108 */
109 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
110 mgmt_connect_failed(hdev, &conn->dst, conn->type,
111 conn->dst_type, status);
112
f75113a2
JP		 113 /* The connection attempt was doing scan for new RPA, and is
114 * in scan phase. If params are not associated with any other
115 * autoconnect action, remove them completely. If they are, just unmark
116 * them as waiting for connection, by clearing explicit_connect field.
117 */
9ad3e6ff
JH		 118 params->explicit_connect = false;
119
195ef75e 120 hci_pend_le_list_del_init(params);
9ad3e6ff
JH		 121
122 switch (params->auto_connect) {
123 case HCI_AUTO_CONN_EXPLICIT:
b5c2b621 124 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
9ad3e6ff
JH		 125 /* return instead of break to avoid duplicate scan update */
126 return;
127 case HCI_AUTO_CONN_DIRECT:
128 case HCI_AUTO_CONN_ALWAYS:
195ef75e 129 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9ad3e6ff
JH		 130 break;
131 case HCI_AUTO_CONN_REPORT:
195ef75e 132 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9ad3e6ff
JH		 133 break;
134 default:
135 break;
168b8a25 136 }
9ad3e6ff 137
5bee2fd6 138 hci_update_passive_scan(hdev);
f75113a2
JP		 139}
140
b958f9a3
JH		 141static void hci_conn_cleanup(struct hci_conn *conn)
142{
143 struct hci_dev *hdev = conn->hdev;
144
145 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
146 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
147
629f66aa
AM		 148 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
149 hci_remove_link_key(hdev, &conn->dst);
150
b958f9a3
JH		 151 hci_chan_list_flush(conn);
152
153 hci_conn_hash_del(hdev, conn);
154
181a42ed
ZX		 155 if (HCI_CONN_HANDLE_UNSET(conn->handle))
156 ida_free(&hdev->unset_handle_ida, conn->handle);
157
26afbd82
LAD		 158 if (conn->cleanup)
159 conn->cleanup(conn);
160
1f8330ea
SN		 161 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
162 switch (conn->setting & SCO_AIRMODE_MASK) {
163 case SCO_AIRMODE_CVSD:
164 case SCO_AIRMODE_TRANSP:
165 if (hdev->notify)
166 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
167 break;
168 }
169 } else {
170 if (hdev->notify)
171 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
172 }
b958f9a3 173
b958f9a3
JH		 174 debugfs_remove_recursive(conn->debugfs);
175
a85fb91e 176 hci_conn_del_sysfs(conn);
b958f9a3 177
a85fb91e 178 hci_dev_put(hdev);
b958f9a3
JH		 179}
180
e3b679d5 181int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4 182{
38b3fef1 183 BT_DBG("hcon %p", conn);
1da177e4 184
74be523c 185 /* When we are central of an established connection and it enters
839035a7
JH		 186 * the disconnect timeout, then go ahead and try to read the
187 * current clock offset. Processing of the result is done
188 * within the event handling and hci_clock_offset_evt function.
189 */
88d07feb
JH		 190 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
191 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
839035a7 192 struct hci_dev *hdev = conn->hdev;
4f639ede 193 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 194
4f639ede
FF		 195 clkoff_cp.handle = cpu_to_le16(conn->handle);
196 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
197 &clkoff_cp);
839035a7
JH		 198 }
199
88d07feb 200 return hci_abort_conn(conn, reason);
1da177e4
LT		 201}
202
57f5d0d1 203static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 204{
205 struct hci_dev *hdev = conn->hdev;
206 struct hci_cp_add_sco cp;
207
38b3fef1 208 BT_DBG("hcon %p", conn);
1da177e4
LT		 209
210 conn->state = BT_CONNECT;
a0c808b3 211 conn->out = true;
1da177e4 212
efc7688b
MH		 213 conn->attempt++;
214
aca3192c 215 cp.handle = cpu_to_le16(handle);
a8746417 216 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 217
a9de9248 218 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 219}
220
8b1c324c
YL		 221static bool find_next_esco_param(struct hci_conn *conn,
222 const struct sco_param *esco_param, int size)
223{
06149746
LAD		 224 if (!conn->parent)
225 return false;
226
8b1c324c 227 for (; conn->attempt <= size; conn->attempt++) {
06149746 228 if (lmp_esco_2m_capable(conn->parent) ||
8b1c324c
YL		 229 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
230 break;
231 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
232 conn, conn->attempt);
233 }
234
235 return conn->attempt <= size;
236}
237
e07a06b4 238static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
b2af264a 239{
e07a06b4
BG		 240 int err;
241 __u8 vnd_len, *vnd_data = NULL;
242 struct hci_op_configure_data_path *cmd = NULL;
243
132d0fd0
ZH		 244 if (!codec->data_path || !hdev->get_codec_config_data)
245 return 0;
246
247 /* Do not take me as error */
248 if (!hdev->get_codec_config_data)
249 return 0;
250
e07a06b4
BG		 251 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
252 &vnd_data);
253 if (err < 0)
254 goto error;
255
256 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
257 if (!cmd) {
258 err = -ENOMEM;
259 goto error;
260 }
261
262 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
263 if (err < 0)
264 goto error;
265
266 cmd->vnd_len = vnd_len;
267 memcpy(cmd->vnd_data, vnd_data, vnd_len);
268
269 cmd->direction = 0x00;
270 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
271 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
272
273 cmd->direction = 0x01;
274 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
275 sizeof(*cmd) + vnd_len, cmd,
276 HCI_CMD_TIMEOUT);
277error:
278
279 kfree(cmd);
280 kfree(vnd_data);
281 return err;
282}
283
284static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
285{
286 struct conn_handle_t *conn_handle = data;
287 struct hci_conn *conn = conn_handle->conn;
288 __u16 handle = conn_handle->handle;
b2af264a
K		 289 struct hci_cp_enhanced_setup_sync_conn cp;
290 const struct sco_param *param;
291
e07a06b4
BG		 292 kfree(conn_handle);
293
b2af264a
K		 294 bt_dev_dbg(hdev, "hcon %p", conn);
295
132d0fd0 296 configure_datapath_sync(hdev, &conn->codec);
9798fbde 297
b2af264a
K		 298 conn->state = BT_CONNECT;
299 conn->out = true;
300
301 conn->attempt++;
302
303 memset(&cp, 0x00, sizeof(cp));
304
305 cp.handle = cpu_to_le16(handle);
306
307 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
308 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
309
310 switch (conn->codec.id) {
904c139a
K		 311 case BT_CODEC_MSBC:
312 if (!find_next_esco_param(conn, esco_param_msbc,
313 ARRAY_SIZE(esco_param_msbc)))
e07a06b4 314 return -EINVAL;
904c139a
K		 315
316 param = &esco_param_msbc[conn->attempt - 1];
317 cp.tx_coding_format.id = 0x05;
318 cp.rx_coding_format.id = 0x05;
319 cp.tx_codec_frame_size = __cpu_to_le16(60);
320 cp.rx_codec_frame_size = __cpu_to_le16(60);
321 cp.in_bandwidth = __cpu_to_le32(32000);
322 cp.out_bandwidth = __cpu_to_le32(32000);
323 cp.in_coding_format.id = 0x04;
324 cp.out_coding_format.id = 0x04;
325 cp.in_coded_data_size = __cpu_to_le16(16);
326 cp.out_coded_data_size = __cpu_to_le16(16);
327 cp.in_pcm_data_format = 2;
328 cp.out_pcm_data_format = 2;
329 cp.in_pcm_sample_payload_msb_pos = 0;
330 cp.out_pcm_sample_payload_msb_pos = 0;
331 cp.in_data_path = conn->codec.data_path;
332 cp.out_data_path = conn->codec.data_path;
333 cp.in_transport_unit_size = 1;
334 cp.out_transport_unit_size = 1;
335 break;
336
b2af264a
K		 337 case BT_CODEC_TRANSPARENT:
338 if (!find_next_esco_param(conn, esco_param_msbc,
339 ARRAY_SIZE(esco_param_msbc)))
340 return false;
341 param = &esco_param_msbc[conn->attempt - 1];
342 cp.tx_coding_format.id = 0x03;
343 cp.rx_coding_format.id = 0x03;
344 cp.tx_codec_frame_size = __cpu_to_le16(60);
345 cp.rx_codec_frame_size = __cpu_to_le16(60);
346 cp.in_bandwidth = __cpu_to_le32(0x1f40);
347 cp.out_bandwidth = __cpu_to_le32(0x1f40);
348 cp.in_coding_format.id = 0x03;
349 cp.out_coding_format.id = 0x03;
350 cp.in_coded_data_size = __cpu_to_le16(16);
351 cp.out_coded_data_size = __cpu_to_le16(16);
352 cp.in_pcm_data_format = 2;
353 cp.out_pcm_data_format = 2;
354 cp.in_pcm_sample_payload_msb_pos = 0;
355 cp.out_pcm_sample_payload_msb_pos = 0;
356 cp.in_data_path = conn->codec.data_path;
357 cp.out_data_path = conn->codec.data_path;
358 cp.in_transport_unit_size = 1;
359 cp.out_transport_unit_size = 1;
360 break;
361
362 case BT_CODEC_CVSD:
06149746 363 if (conn->parent && lmp_esco_capable(conn->parent)) {
b2af264a
K		 364 if (!find_next_esco_param(conn, esco_param_cvsd,
365 ARRAY_SIZE(esco_param_cvsd)))
e07a06b4 366 return -EINVAL;
b2af264a
K		 367 param = &esco_param_cvsd[conn->attempt - 1];
368 } else {
369 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
e07a06b4 370 return -EINVAL;
b2af264a
K		 371 param = &sco_param_cvsd[conn->attempt - 1];
372 }
373 cp.tx_coding_format.id = 2;
374 cp.rx_coding_format.id = 2;
375 cp.tx_codec_frame_size = __cpu_to_le16(60);
376 cp.rx_codec_frame_size = __cpu_to_le16(60);
377 cp.in_bandwidth = __cpu_to_le32(16000);
378 cp.out_bandwidth = __cpu_to_le32(16000);
379 cp.in_coding_format.id = 4;
380 cp.out_coding_format.id = 4;
381 cp.in_coded_data_size = __cpu_to_le16(16);
382 cp.out_coded_data_size = __cpu_to_le16(16);
383 cp.in_pcm_data_format = 2;
384 cp.out_pcm_data_format = 2;
385 cp.in_pcm_sample_payload_msb_pos = 0;
386 cp.out_pcm_sample_payload_msb_pos = 0;
387 cp.in_data_path = conn->codec.data_path;
388 cp.out_data_path = conn->codec.data_path;
389 cp.in_transport_unit_size = 16;
390 cp.out_transport_unit_size = 16;
391 break;
392 default:
e07a06b4 393 return -EINVAL;
b2af264a
K		 394 }
395
396 cp.retrans_effort = param->retrans_effort;
397 cp.pkt_type = __cpu_to_le16(param->pkt_type);
398 cp.max_latency = __cpu_to_le16(param->max_latency);
399
400 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
e07a06b4 401 return -EIO;
b2af264a 402
e07a06b4 403 return 0;
b2af264a
K		 404}
405
406static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 407{
408 struct hci_dev *hdev = conn->hdev;
409 struct hci_cp_setup_sync_conn cp;
2dea632f 410 const struct sco_param *param;
b6a0dc82 411
b2af264a 412 bt_dev_dbg(hdev, "hcon %p", conn);
b6a0dc82
MH		 413
414 conn->state = BT_CONNECT;
a0c808b3 415 conn->out = true;
b6a0dc82 416
efc7688b
MH		 417 conn->attempt++;
418
b6a0dc82 419 cp.handle = cpu_to_le16(handle);
b6a0dc82 420
dcf4adbf
JP		 421 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
422 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 423 cp.voice_setting = cpu_to_le16(conn->setting);
424
425 switch (conn->setting & SCO_AIRMODE_MASK) {
426 case SCO_AIRMODE_TRANSP:
8b1c324c
YL		 427 if (!find_next_esco_param(conn, esco_param_msbc,
428 ARRAY_SIZE(esco_param_msbc)))
2dea632f 429 return false;
565766b0 430 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 431 break;
432 case SCO_AIRMODE_CVSD:
06149746 433 if (conn->parent && lmp_esco_capable(conn->parent)) {
8b1c324c
YL		 434 if (!find_next_esco_param(conn, esco_param_cvsd,
435 ARRAY_SIZE(esco_param_cvsd)))
48e68ff5 436 return false;
48e68ff5
BT		 437 param = &esco_param_cvsd[conn->attempt - 1];
438 } else {
439 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
440 return false;
48e68ff5
BT		 441 param = &sco_param_cvsd[conn->attempt - 1];
442 }
10c62ddc 443 break;
2dea632f
FD		 444 default:
445 return false;
10c62ddc 446 }
b6a0dc82 447
c7da5797 448 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 449 cp.pkt_type = __cpu_to_le16(param->pkt_type);
450 cp.max_latency = __cpu_to_le16(param->max_latency);
451
452 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
453 return false;
454
455 return true;
b6a0dc82
MH		 456}
457
b2af264a
K		 458bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
459{
e07a06b4
BG		 460 int result;
461 struct conn_handle_t *conn_handle;
462
463 if (enhanced_sync_conn_capable(conn->hdev)) {
464 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
465
466 if (!conn_handle)
467 return false;
468
469 conn_handle->conn = conn;
470 conn_handle->handle = handle;
471 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
472 conn_handle, NULL);
473 if (result < 0)
474 kfree(conn_handle);
475
476 return result == 0;
477 }
b2af264a
K		 478
479 return hci_setup_sync_conn(conn, handle);
480}
481
7d6ca693
JH		 482u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
483 u16 to_multiplier)
2ce603eb 484{
2ce603eb 485 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 486 struct hci_conn_params *params;
487 struct hci_cp_le_conn_update cp;
2ce603eb 488
f044eb05 489 hci_dev_lock(hdev);
2ce603eb 490
f044eb05
MH		 491 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
492 if (params) {
493 params->conn_min_interval = min;
494 params->conn_max_interval = max;
495 params->conn_latency = latency;
496 params->supervision_timeout = to_multiplier;
497 }
498
499 hci_dev_unlock(hdev);
500
501 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 502 cp.handle = cpu_to_le16(conn->handle);
503 cp.conn_interval_min = cpu_to_le16(min);
504 cp.conn_interval_max = cpu_to_le16(max);
505 cp.conn_latency = cpu_to_le16(latency);
506 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 507 cp.min_ce_len = cpu_to_le16(0x0000);
508 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 509
510 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 511
512 if (params)
513 return 0x01;
514
515 return 0x00;
2ce603eb 516}
2ce603eb 517
fe39c7b2 518void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
8b76ce34 519 __u8 ltk[16], __u8 key_size)
a7a595f6
VCG		 520{
521 struct hci_dev *hdev = conn->hdev;
522 struct hci_cp_le_start_enc cp;
523
38b3fef1 524 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 525
526 memset(&cp, 0, sizeof(cp));
527
528 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 529 cp.rand = rand;
a7a595f6 530 cp.ediv = ediv;
8b76ce34 531 memcpy(cp.ltk, ltk, key_size);
a7a595f6
VCG		 532
533 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
534}
a7a595f6 535
e73439d8
MH		 536/* Device _must_ be locked */
537void hci_sco_setup(struct hci_conn *conn, __u8 status)
538{
06149746 539 struct hci_link *link;
e73439d8 540
06149746
LAD		 541 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
542 if (!link || !link->conn)
e73439d8
MH		 543 return;
544
38b3fef1
AE		 545 BT_DBG("hcon %p", conn);
546
e73439d8
MH		 547 if (!status) {
548 if (lmp_esco_capable(conn->hdev))
06149746 549 hci_setup_sync(link->conn, conn->handle);
e73439d8 550 else
06149746 551 hci_add_sco(link->conn, conn->handle);
e73439d8 552 } else {
06149746
LAD		 553 hci_connect_cfm(link->conn, status);
554 hci_conn_del(link->conn);
e73439d8
MH		 555 }
556}
557
19c40e3b 558static void hci_conn_timeout(struct work_struct *work)
1da177e4 559{
19c40e3b 560 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 561 disc_work.work);
1d56dc4f 562 int refcnt = atomic_read(&conn->refcnt);
1da177e4 563
38b3fef1 564 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 565
1d56dc4f
LR		 566 WARN_ON(refcnt < 0);
567
568 /* FIXME: It was observed that in pairing failed scenario, refcnt
569 * drops below 0. Probably this is because l2cap_conn_del calls
570 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
571 * dropped. After that loop hci_chan_del is called which also drops
572 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
573 * otherwise drop it.
574 */
575 if (refcnt > 0)
1da177e4
LT		 576 return;
577
89e0ccc8 578 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
1da177e4
LT		 579}
580
416dc94b 581/* Enter sniff mode */
a74a84f6 582static void hci_conn_idle(struct work_struct *work)
416dc94b 583{
a74a84f6
JH		 584 struct hci_conn *conn = container_of(work, struct hci_conn,
585 idle_work.work);
416dc94b
GP		 586 struct hci_dev *hdev = conn->hdev;
587
38b3fef1 588 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 589
416dc94b
GP		 590 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
591 return;
592
593 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
594 return;
595
596 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
597 struct hci_cp_sniff_subrate cp;
598 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 599 cp.max_latency = cpu_to_le16(0);
600 cp.min_remote_timeout = cpu_to_le16(0);
601 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 602 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
603 }
604
51a8efd7 605 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 606 struct hci_cp_sniff_mode cp;
607 cp.handle = cpu_to_le16(conn->handle);
608 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
609 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 610 cp.attempt = cpu_to_le16(4);
611 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 612 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
613 }
614}
615
7bc18d9d 616static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 617{
7bc18d9d
JH		 618 struct hci_conn *conn = container_of(work, struct hci_conn,
619 auto_accept_work.work);
9f61656a 620
7bc18d9d 621 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 622 &conn->dst);
9f61656a
JH		 623}
624
c3bed4de
SN		 625static void le_disable_advertising(struct hci_dev *hdev)
626{
627 if (ext_adv_capable(hdev)) {
628 struct hci_cp_le_set_ext_adv_enable cp;
629
630 cp.enable = 0x00;
631 cp.num_of_sets = 0x00;
632
633 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
634 &cp);
635 } else {
636 u8 enable = 0x00;
637 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
638 &enable);
639 }
640}
641
9489eca4
JH		 642static void le_conn_timeout(struct work_struct *work)
643{
644 struct hci_conn *conn = container_of(work, struct hci_conn,
645 le_conn_timeout.work);
3c857757 646 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 647
648 BT_DBG("");
649
3c857757
JH		 650 /* We could end up here due to having done directed advertising,
651 * so clean up the state if necessary. This should however only
652 * happen with broken hardware or if low duty cycle was used
653 * (which doesn't have a timeout of its own).
654 */
0b1db38c 655 if (conn->role == HCI_ROLE_SLAVE) {
c3bed4de
SN		 656 /* Disable LE Advertising */
657 le_disable_advertising(hdev);
9fa6b4cd 658 hci_dev_lock(hdev);
9b3628d7 659 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
9fa6b4cd 660 hci_dev_unlock(hdev);
3c857757
JH		 661 return;
662 }
663
89e0ccc8 664 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
9489eca4
JH		 665}
666
6b9545dc
PV		 667struct iso_cig_params {
668 struct hci_cp_le_set_cig_params cp;
669 struct hci_cis_params cis[0x1f];
670};
671
eca0ae4a
LAD		 672struct iso_list_data {
673 union {
674 u8 cig;
675 u8 big;
676 };
677 union {
678 u8 cis;
679 u8 bis;
680 u16 sync_handle;
681 };
682 int count;
a0bfde16 683 bool big_term;
fbdc4bc4 684 bool pa_sync_term;
f777d882 685 bool big_sync_term;
eca0ae4a
LAD		 686};
687
688static void bis_list(struct hci_conn *conn, void *data)
689{
690 struct iso_list_data *d = data;
691
692 /* Skip if not broadcast/ANY address */
693 if (bacmp(&conn->dst, BDADDR_ANY))
694 return;
695
0fe8c8d0
IT		 696 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
697 d->bis != conn->iso_qos.bcast.bis)
eca0ae4a
LAD		 698 return;
699
700 d->count++;
701}
702
eca0ae4a
LAD		 703static int terminate_big_sync(struct hci_dev *hdev, void *data)
704{
705 struct iso_list_data *d = data;
706
707 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
708
a254b90c 709 hci_disable_per_advertising_sync(hdev, d->bis);
eca0ae4a
LAD		 710 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
711
a0bfde16
IT		 712 /* Only terminate BIG if it has been created */
713 if (!d->big_term)
eca0ae4a
LAD		 714 return 0;
715
716 return hci_le_terminate_big_sync(hdev, d->big,
717 HCI_ERROR_LOCAL_HOST_TERM);
718}
719
720static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
721{
722 kfree(data);
723}
724
a0bfde16 725static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
eca0ae4a
LAD		 726{
727 struct iso_list_data *d;
3aa21311 728 int ret;
eca0ae4a 729
a0bfde16
IT		 730 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
731 conn->iso_qos.bcast.bis);
eca0ae4a 732
3958e877 733 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 734 if (!d)
735 return -ENOMEM;
736
a0bfde16
IT		 737 d->big = conn->iso_qos.bcast.big;
738 d->bis = conn->iso_qos.bcast.bis;
739 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
eca0ae4a 740
3aa21311
ZS		 741 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
742 terminate_big_destroy);
743 if (ret)
744 kfree(d);
745
746 return ret;
eca0ae4a
LAD		 747}
748
749static int big_terminate_sync(struct hci_dev *hdev, void *data)
750{
751 struct iso_list_data *d = data;
752
753 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
754 d->sync_handle);
755
f777d882
IT		 756 if (d->big_sync_term)
757 hci_le_big_terminate_sync(hdev, d->big);
eca0ae4a 758
fbdc4bc4
IT		 759 if (d->pa_sync_term)
760 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
761
762 return 0;
eca0ae4a
LAD		 763}
764
fcb89f12
IT		 765static void find_bis(struct hci_conn *conn, void *data)
766{
767 struct iso_list_data *d = data;
768
769 /* Ignore if BIG doesn't match */
770 if (d->big != conn->iso_qos.bcast.big)
771 return;
772
773 d->count++;
774}
775
f777d882 776static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
eca0ae4a
LAD		 777{
778 struct iso_list_data *d;
3aa21311 779 int ret;
eca0ae4a 780
f777d882 781 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
eca0ae4a 782
3958e877 783 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 784 if (!d)
785 return -ENOMEM;
786
fcb89f12 787 memset(d, 0, sizeof(*d));
eca0ae4a 788 d->big = big;
f777d882 789 d->sync_handle = conn->sync_handle;
fcb89f12
IT		 790
791 if (test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags)) {
792 hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK,
793 HCI_CONN_PA_SYNC, d);
794
795 if (!d->count)
796 d->pa_sync_term = true;
797
798 d->count = 0;
799 }
800
801 if (test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags)) {
802 hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK,
803 HCI_CONN_BIG_SYNC, d);
804
805 if (!d->count)
806 d->big_sync_term = true;
807 }
eca0ae4a 808
3aa21311
ZS		 809 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
810 terminate_big_destroy);
811 if (ret)
812 kfree(d);
813
814 return ret;
eca0ae4a
LAD		 815}
816
817/* Cleanup BIS connection
818 *
819 * Detects if there any BIS left connected in a BIG
820 * broadcaster: Remove advertising instance and terminate BIG.
821 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
822 */
823static void bis_cleanup(struct hci_conn *conn)
824{
825 struct hci_dev *hdev = conn->hdev;
a0bfde16 826 struct hci_conn *bis;
eca0ae4a
LAD		 827
828 bt_dev_dbg(hdev, "conn %p", conn);
829
830 if (conn->role == HCI_ROLE_MASTER) {
831 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
832 return;
833
a0bfde16
IT		 834 /* Check if ISO connection is a BIS and terminate advertising
835 * set and BIG if there are no other connections using it.
836 */
6a42e9bf 837 bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
a0bfde16
IT		 838 if (bis)
839 return;
840
841 hci_le_terminate_big(hdev, conn);
eca0ae4a 842 } else {
0fe8c8d0 843 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
f777d882 844 conn);
eca0ae4a
LAD		 845 }
846}
847
848static int remove_cig_sync(struct hci_dev *hdev, void *data)
849{
a1f6c3ae 850 u8 handle = PTR_UINT(data);
eca0ae4a
LAD		 851
852 return hci_le_remove_cig_sync(hdev, handle);
853}
854
855static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
856{
857 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
858
a1f6c3ae
LAD		 859 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
860 NULL);
eca0ae4a
LAD		 861}
862
863static void find_cis(struct hci_conn *conn, void *data)
864{
865 struct iso_list_data *d = data;
866
31c5f916
PV		 867 /* Ignore broadcast or if CIG don't match */
868 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
eca0ae4a
LAD		 869 return;
870
871 d->count++;
872}
873
874/* Cleanup CIS connection:
875 *
876 * Detects if there any CIS left connected in a CIG and remove it.
877 */
878static void cis_cleanup(struct hci_conn *conn)
879{
880 struct hci_dev *hdev = conn->hdev;
881 struct iso_list_data d;
882
31c5f916
PV		 883 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
884 return;
885
eca0ae4a 886 memset(&d, 0, sizeof(d));
0fe8c8d0 887 d.cig = conn->iso_qos.ucast.cig;
eca0ae4a
LAD		 888
889 /* Check if ISO connection is a CIS and remove CIG if there are
890 * no other connections using it.
891 */
6c242c64
PV		 892 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
893 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
eca0ae4a
LAD		 894 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
895 if (d.count)
896 return;
897
0fe8c8d0 898 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
eca0ae4a
LAD		 899}
900
181a42ed 901static int hci_conn_hash_alloc_unset(struct hci_dev *hdev)
9f78191c 902{
181a42ed
ZX		 903 return ida_alloc_range(&hdev->unset_handle_ida, HCI_CONN_HANDLE_MAX + 1,
904 U16_MAX, GFP_ATOMIC);
9f78191c
LAD		 905}
906
a5c4e309 907struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
181a42ed 908 u8 role, u16 handle)
1da177e4
LT		 909{
910 struct hci_conn *conn;
911
181a42ed 912 bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle);
1da177e4 913
27f70f3e 914 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 915 if (!conn)
1da177e4 916 return NULL;
1da177e4
LT		 917
918 bacpy(&conn->dst, dst);
662e8820 919 bacpy(&conn->src, &hdev->bdaddr);
181a42ed 920 conn->handle = handle;
a8746417
MH		 921 conn->hdev = hdev;
922 conn->type = type;
a5c4e309 923 conn->role = role;
a8746417
MH		 924 conn->mode = HCI_CM_ACTIVE;
925 conn->state = BT_OPEN;
93f19c9f 926 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 927 conn->io_capability = hdev->io_capability;
a9583556 928 conn->remote_auth = 0xff;
13d39315 929 conn->key_type = 0xff;
ebf86aa3 930 conn->rssi = HCI_RSSI_INVALID;
5a134fae 931 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 932 conn->max_tx_power = HCI_TX_POWER_INVALID;
1d11d70d 933 conn->sync_handle = HCI_SYNC_HANDLE_INVALID;
1da177e4 934
58a681ef 935 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 936 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 937
302975cb
SRK		 938 /* Set Default Authenticated payload timeout to 30s */
939 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
940
a5c4e309
JH		 941 if (conn->role == HCI_ROLE_MASTER)
942 conn->out = true;
943
a8746417
MH		 944 switch (type) {
945 case ACL_LINK:
946 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
947 break;
9c84d1da 948 case LE_LINK:
eca0ae4a
LAD		 949 /* conn->src should reflect the local identity address */
950 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
951 break;
26afbd82 952 case ISO_LINK:
9c84d1da
JH		 953 /* conn->src should reflect the local identity address */
954 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
eca0ae4a
LAD		 955
956 /* set proper cleanup function */
957 if (!bacmp(dst, BDADDR_ANY))
958 conn->cleanup = bis_cleanup;
959 else if (conn->role == HCI_ROLE_MASTER)
960 conn->cleanup = cis_cleanup;
961
9c84d1da 962 break;
a8746417
MH		 963 case SCO_LINK:
964 if (lmp_esco_capable(hdev))
efc7688b
MH		 965 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
966 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 967 else
968 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
969 break;
970 case ESCO_LINK:
efc7688b 971 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 972 break;
973 }
974
1da177e4 975 skb_queue_head_init(&conn->data_q);
04837f64 976
70c1f20b 977 INIT_LIST_HEAD(&conn->chan_list);
06149746 978 INIT_LIST_HEAD(&conn->link_list);
73d80deb 979
19c40e3b 980 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 981 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 982 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 983 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 984
985 atomic_set(&conn->refcnt, 0);
986
987 hci_dev_hold(hdev);
988
1da177e4 989 hci_conn_hash_add(hdev, conn);
1f8330ea
SN		 990
991 /* The SCO and eSCO connections will only be notified when their
992 * setup has been completed. This is different to ACL links which
993 * can be notified right away.
994 */
995 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
996 if (hdev->notify)
997 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
998 }
1da177e4 999
a67e899c
MH		 1000 hci_conn_init_sysfs(conn);
1001
1da177e4
LT		 1002 return conn;
1003}
1004
181a42ed
ZX		 1005struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type,
1006 bdaddr_t *dst, u8 role)
1007{
1008 int handle;
1009
1010 bt_dev_dbg(hdev, "dst %pMR", dst);
1011
1012 handle = hci_conn_hash_alloc_unset(hdev);
1013 if (unlikely(handle < 0))
1014 return NULL;
1015
1016 return hci_conn_add(hdev, type, dst, role, handle);
1017}
1018
3344d318
PV		 1019static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason)
1020{
1021 if (!reason)
1022 reason = HCI_ERROR_REMOTE_USER_TERM;
1023
1024 /* Due to race, SCO/ISO conn might be not established yet at this point,
1025 * and nothing else will clean it up. In other cases it is done via HCI
1026 * events.
1027 */
1028 switch (conn->type) {
1029 case SCO_LINK:
1030 case ESCO_LINK:
1031 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1032 hci_conn_failed(conn, reason);
1033 break;
1034 case ISO_LINK:
fa224d0c
IT		 1035 if ((conn->state != BT_CONNECTED &&
1036 !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) ||
1037 test_bit(HCI_CONN_BIG_CREATED, &conn->flags))
3344d318
PV		 1038 hci_conn_failed(conn, reason);
1039 break;
1040 }
1041}
1042
06149746 1043static void hci_conn_unlink(struct hci_conn *conn)
5dc7d23e 1044{
06149746
LAD		 1045 struct hci_dev *hdev = conn->hdev;
1046
1047 bt_dev_dbg(hdev, "hcon %p", conn);
1048
1049 if (!conn->parent) {
1050 struct hci_link *link, *t;
1051
ca1fd42e
RL		 1052 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1053 struct hci_conn *child = link->conn;
1054
1055 hci_conn_unlink(child);
1056
a2ac591c
RL		 1057 /* If hdev is down it means
1058 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1059 * and links don't need to be cleanup as all connections
1060 * would be cleanup.
1061 */
1062 if (!test_bit(HCI_UP, &hdev->flags))
1063 continue;
1064
3344d318 1065 hci_conn_cleanup_child(child, conn->abort_reason);
ca1fd42e 1066 }
06149746
LAD		 1067
1068 return;
1069 }
1070
5dc7d23e 1071 if (!conn->link)
06149746 1072 return;
5dc7d23e 1073
06149746
LAD		 1074 list_del_rcu(&conn->link->list);
1075 synchronize_rcu();
1076
a2904d28 1077 hci_conn_drop(conn->parent);
2910431a
RL		 1078 hci_conn_put(conn->parent);
1079 conn->parent = NULL;
1080
06149746 1081 kfree(conn->link);
5dc7d23e 1082 conn->link = NULL;
5dc7d23e
LAD		 1083}
1084
a2ac591c 1085void hci_conn_del(struct hci_conn *conn)
1da177e4
LT		 1086{
1087 struct hci_dev *hdev = conn->hdev;
1088
38b3fef1 1089 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 1090
a2904d28
RL		 1091 hci_conn_unlink(conn);
1092
19c40e3b 1093 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 1094 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 1095 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 1096
5b7f9909 1097 if (conn->type == ACL_LINK) {
1da177e4
LT		 1098 /* Unacked frames */
1099 hdev->acl_cnt += conn->sent;
6ed58ec5 1100 } else if (conn->type == LE_LINK) {
980ffc0a 1101 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 1102
6ed58ec5
VT		 1103 if (hdev->le_pkts)
1104 hdev->le_cnt += conn->sent;
1105 else
1106 hdev->acl_cnt += conn->sent;
5b7f9909 1107 } else {
5638d9ea
LAD		 1108 /* Unacked ISO frames */
1109 if (conn->type == ISO_LINK) {
1110 if (hdev->iso_pkts)
1111 hdev->iso_cnt += conn->sent;
1112 else if (hdev->le_pkts)
1113 hdev->le_cnt += conn->sent;
1114 else
1115 hdev->acl_cnt += conn->sent;
1116 }
1da177e4
LT		 1117 }
1118
1da177e4 1119 skb_queue_purge(&conn->data_q);
1da177e4 1120
b958f9a3
JH		 1121 /* Remove the connection from the list and cleanup its remaining
1122 * state. This is a separate function since for some cases like
1123 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1124 * rest of hci_conn_del.
1125 */
1126 hci_conn_cleanup(conn);
881559af
LAD		 1127
1128 /* Dequeue callbacks using connection pointer as data */
1129 hci_cmd_sync_dequeue(hdev, NULL, conn, NULL);
1da177e4
LT		 1130}
1131
39385cb5 1132struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1da177e4
LT		 1133{
1134 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 1135 struct hci_dev *hdev = NULL, *d;
1da177e4 1136
6ed93dc6 1137 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 1138
f20d09d5 1139 read_lock(&hci_dev_list_lock);
1da177e4 1140
8035ded4 1141 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 1142 if (!test_bit(HCI_UP, &d->flags) ||
d7a5a11d 1143 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
ca8bee5d 1144 d->dev_type != HCI_PRIMARY)
1da177e4
LT		 1145 continue;
1146
8e87d142 1147 /* Simple routing:
1da177e4
LT		 1148 * No source address - find interface with bdaddr != dst
1149 * Source address - find interface with bdaddr == src
1150 */
1151
1152 if (use_src) {
39385cb5
JH		 1153 bdaddr_t id_addr;
1154 u8 id_addr_type;
1155
1156 if (src_type == BDADDR_BREDR) {
1157 if (!lmp_bredr_capable(d))
1158 continue;
1159 bacpy(&id_addr, &d->bdaddr);
1160 id_addr_type = BDADDR_BREDR;
1161 } else {
1162 if (!lmp_le_capable(d))
1163 continue;
1164
1165 hci_copy_identity_address(d, &id_addr,
1166 &id_addr_type);
1167
1168 /* Convert from HCI to three-value type */
1169 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1170 id_addr_type = BDADDR_LE_PUBLIC;
1171 else
1172 id_addr_type = BDADDR_LE_RANDOM;
1173 }
1174
1175 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1da177e4
LT		 1176 hdev = d; break;
1177 }
1178 } else {
1179 if (bacmp(&d->bdaddr, dst)) {
1180 hdev = d; break;
1181 }
1182 }
1183 }
1184
1185 if (hdev)
1186 hdev = hci_dev_hold(hdev);
1187
f20d09d5 1188 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 1189 return hdev;
1190}
1191EXPORT_SYMBOL(hci_get_route);
1192
9bb3c01f 1193/* This function requires the caller holds hdev->lock */
9b3628d7 1194static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 1195{
1196 struct hci_dev *hdev = conn->hdev;
f161dd41 1197
19cf60bf 1198 hci_connect_le_scan_cleanup(conn, status);
3c857757 1199
abfeea47 1200 /* Enable advertising in case this was a failed connection
3c857757
JH		 1201 * attempt as a peripheral.
1202 */
abfeea47 1203 hci_enable_advertising(hdev);
9bb3c01f
AG		 1204}
1205
9b3628d7
LAD		 1206/* This function requires the caller holds hdev->lock */
1207void hci_conn_failed(struct hci_conn *conn, u8 status)
1208{
1209 struct hci_dev *hdev = conn->hdev;
1210
1211 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1212
1213 switch (conn->type) {
1214 case LE_LINK:
1215 hci_le_conn_failed(conn, status);
1216 break;
1217 case ACL_LINK:
1218 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1219 conn->dst_type, status);
1220 break;
1221 }
1222
a254b90c
IT		 1223 /* In case of BIG/PA sync failed, clear conn flags so that
1224 * the conns will be correctly cleaned up by ISO layer
1225 */
1226 test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags);
1227 test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags);
1228
9b3628d7
LAD		 1229 conn->state = BT_CLOSED;
1230 hci_connect_cfm(conn, status);
1231 hci_conn_del(conn);
1232}
1233
16e3b642
LAD		 1234/* This function requires the caller holds hdev->lock */
1235u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1236{
1237 struct hci_dev *hdev = conn->hdev;
1238
1239 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1240
1241 if (conn->handle == handle)
1242 return 0;
1243
1244 if (handle > HCI_CONN_HANDLE_MAX) {
1245 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1246 handle, HCI_CONN_HANDLE_MAX);
1247 return HCI_ERROR_INVALID_PARAMETERS;
1248 }
1249
1250 /* If abort_reason has been sent it means the connection is being
1251 * aborted and the handle shall not be changed.
1252 */
1253 if (conn->abort_reason)
1254 return conn->abort_reason;
1255
181a42ed
ZX		 1256 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1257 ida_free(&hdev->unset_handle_ida, conn->handle);
1258
16e3b642
LAD		 1259 conn->handle = handle;
1260
1261 return 0;
1262}
1263
04a6c589 1264struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
d850bf08 1265 u8 dst_type, bool dst_resolved, u8 sec_level,
8e8b92ee 1266 u16 conn_timeout, u8 role)
1da177e4 1267{
e2caced4 1268 struct hci_conn *conn;
1ebfcc1f 1269 struct smp_irk *irk;
1d399ae5 1270 int err;
1da177e4 1271
152d386e 1272 /* Let's make sure that le is enabled.*/
d7a5a11d 1273 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
152d386e
LR		 1274 if (lmp_le_capable(hdev))
1275 return ERR_PTR(-ECONNREFUSED);
1276
1277 return ERR_PTR(-EOPNOTSUPP);
1278 }
1279
658aead9
JH		 1280 /* Since the controller supports only one LE connection attempt at a
1281 * time, we return -EBUSY if there is any connection attempt running.
1282 */
1283 if (hci_lookup_le_connect(hdev))
1284 return ERR_PTR(-EBUSY);
1285
e2caced4
JH		 1286 /* If there's already a connection object but it's not in
1287 * scanning state it means it must already be established, in
1288 * which case we can't do anything else except report a failure
1289 * to connect.
620ad521 1290 */
9d4c1cc1 1291 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
e2caced4
JH		 1292 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1293 return ERR_PTR(-EBUSY);
620ad521 1294 }
dfc94dbd 1295
d850bf08
LAD		 1296 /* Check if the destination address has been resolved by the controller
1297 * since if it did then the identity address shall be used.
edb4b466 1298 */
d850bf08
LAD		 1299 if (!dst_resolved) {
1300 /* When given an identity address with existing identity
1301 * resolving key, the connection needs to be established
1302 * to a resolvable random address.
1303 *
1304 * Storing the resolvable random address is required here
1305 * to handle connection failures. The address will later
1306 * be resolved back into the original identity address
1307 * from the connect request.
1308 */
1309 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1310 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1311 dst = &irk->rpa;
1312 dst_type = ADDR_LE_DEV_RANDOM;
1313 }
1ebfcc1f
JH		 1314 }
1315
e2caced4 1316 if (conn) {
28a667c9
JP		 1317 bacpy(&conn->dst, dst);
1318 } else {
181a42ed 1319 conn = hci_conn_add_unset(hdev, LE_LINK, dst, role);
e2caced4
JH		 1320 if (!conn)
1321 return ERR_PTR(-ENOMEM);
1322 hci_conn_hold(conn);
1323 conn->pending_sec_level = sec_level;
28a667c9
JP		 1324 }
1325
1ebfcc1f 1326 conn->dst_type = dst_type;
620ad521 1327 conn->sec_level = BT_SECURITY_LOW;
09ae260b 1328 conn->conn_timeout = conn_timeout;
4292f1f3 1329
881559af 1330 err = hci_connect_le_sync(hdev, conn);
2acf3d90
AG		 1331 if (err) {
1332 hci_conn_del(conn);
620ad521 1333 return ERR_PTR(err);
2acf3d90 1334 }
fcd89c09 1335
f1e5d547 1336 return conn;
d04aef4c 1337}
fcd89c09 1338
f75113a2
JP		 1339static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1340{
1341 struct hci_conn *conn;
1342
9d4c1cc1 1343 conn = hci_conn_hash_lookup_le(hdev, addr, type);
f75113a2
JP		 1344 if (!conn)
1345 return false;
1346
f75113a2
JP		 1347 if (conn->state != BT_CONNECTED)
1348 return false;
1349
1350 return true;
1351}
1352
1353/* This function requires the caller holds hdev->lock */
84235d22 1354static int hci_explicit_conn_params_set(struct hci_dev *hdev,
f75113a2
JP		 1355 bdaddr_t *addr, u8 addr_type)
1356{
f75113a2
JP		 1357 struct hci_conn_params *params;
1358
1359 if (is_connected(hdev, addr, addr_type))
1360 return -EISCONN;
1361
5157b8a5
JP		 1362 params = hci_conn_params_lookup(hdev, addr, addr_type);
1363 if (!params) {
1364 params = hci_conn_params_add(hdev, addr, addr_type);
1365 if (!params)
1366 return -ENOMEM;
1367
1368 /* If we created new params, mark them to be deleted in
1369 * hci_connect_le_scan_cleanup. It's different case than
1370 * existing disabled params, those will stay after cleanup.
1371 */
1372 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1373 }
f75113a2 1374
5157b8a5 1375 /* We're trying to connect, so make sure params are at pend_le_conns */
49c50922 1376 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5157b8a5
JP		 1377 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1378 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
195ef75e
PV		 1379 hci_pend_le_list_del_init(params);
1380 hci_pend_le_list_add(params, &hdev->pend_le_conns);
f75113a2
JP		 1381 }
1382
1383 params->explicit_connect = true;
f75113a2
JP		 1384
1385 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1386 params->auto_connect);
1387
1388 return 0;
1389}
1390
eca0ae4a
LAD		 1391static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1392{
6a42e9bf
IT		 1393 struct hci_conn *conn;
1394 u8 big;
eca0ae4a
LAD		 1395
1396 /* Allocate a BIG if not set */
0fe8c8d0 1397 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
6a42e9bf 1398 for (big = 0x00; big < 0xef; big++) {
eca0ae4a 1399
6a42e9bf
IT		 1400 conn = hci_conn_hash_lookup_big(hdev, big);
1401 if (!conn)
eca0ae4a
LAD		 1402 break;
1403 }
1404
6a42e9bf 1405 if (big == 0xef)
eca0ae4a
LAD		 1406 return -EADDRNOTAVAIL;
1407
1408 /* Update BIG */
6a42e9bf 1409 qos->bcast.big = big;
eca0ae4a
LAD		 1410 }
1411
1412 return 0;
1413}
1414
1415static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1416{
6a42e9bf
IT		 1417 struct hci_conn *conn;
1418 u8 bis;
eca0ae4a
LAD		 1419
1420 /* Allocate BIS if not set */
0fe8c8d0 1421 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
71b7bb48
IT		 1422 if (qos->bcast.big != BT_ISO_QOS_BIG_UNSET) {
1423 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
1424
1425 if (conn) {
1426 /* If the BIG handle is already matched to an advertising
1427 * handle, do not allocate a new one.
1428 */
1429 qos->bcast.bis = conn->iso_qos.bcast.bis;
1430 return 0;
1431 }
1432 }
1433
eca0ae4a
LAD		 1434 /* Find an unused adv set to advertise BIS, skip instance 0x00
1435 * since it is reserved as general purpose set.
1436 */
6a42e9bf
IT		 1437 for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1438 bis++) {
eca0ae4a 1439
6a42e9bf
IT		 1440 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1441 if (!conn)
eca0ae4a
LAD		 1442 break;
1443 }
1444
6a42e9bf 1445 if (bis == hdev->le_num_of_adv_sets)
eca0ae4a
LAD		 1446 return -EADDRNOTAVAIL;
1447
1448 /* Update BIS */
6a42e9bf 1449 qos->bcast.bis = bis;
eca0ae4a
LAD		 1450 }
1451
1452 return 0;
1453}
1454
1455/* This function requires the caller holds hdev->lock */
1456static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
a0bfde16
IT		 1457 struct bt_iso_qos *qos, __u8 base_len,
1458 __u8 *base)
eca0ae4a
LAD		 1459{
1460 struct hci_conn *conn;
eca0ae4a
LAD		 1461 int err;
1462
1463 /* Let's make sure that le is enabled.*/
1464 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1465 if (lmp_le_capable(hdev))
1466 return ERR_PTR(-ECONNREFUSED);
1467 return ERR_PTR(-EOPNOTSUPP);
1468 }
1469
1470 err = qos_set_big(hdev, qos);
1471 if (err)
1472 return ERR_PTR(err);
1473
1474 err = qos_set_bis(hdev, qos);
1475 if (err)
1476 return ERR_PTR(err);
1477
a0bfde16
IT		 1478 /* Check if the LE Create BIG command has already been sent */
1479 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1480 qos->bcast.big);
1481 if (conn)
eca0ae4a
LAD		 1482 return ERR_PTR(-EADDRINUSE);
1483
a0bfde16
IT		 1484 /* Check BIS settings against other bound BISes, since all
1485 * BISes in a BIG must have the same value for all parameters
1486 */
6a42e9bf 1487 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
a0bfde16
IT		 1488
1489 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1490 base_len != conn->le_per_adv_data_len ||
1491 memcmp(conn->le_per_adv_data, base, base_len)))
eca0ae4a
LAD		 1492 return ERR_PTR(-EADDRINUSE);
1493
181a42ed 1494 conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
eca0ae4a
LAD		 1495 if (!conn)
1496 return ERR_PTR(-ENOMEM);
1497
eca0ae4a
LAD		 1498 conn->state = BT_CONNECT;
1499
1500 hci_conn_hold(conn);
1501 return conn;
1502}
1503
f75113a2
JP		 1504/* This function requires the caller holds hdev->lock */
1505struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1506 u8 dst_type, u8 sec_level,
76b13996
MM		 1507 u16 conn_timeout,
1508 enum conn_reasons conn_reason)
f75113a2
JP		 1509{
1510 struct hci_conn *conn;
f75113a2
JP		 1511
1512 /* Let's make sure that le is enabled.*/
1513 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1514 if (lmp_le_capable(hdev))
1515 return ERR_PTR(-ECONNREFUSED);
1516
1517 return ERR_PTR(-EOPNOTSUPP);
1518 }
1519
1520 /* Some devices send ATT messages as soon as the physical link is
1521 * established. To be able to handle these ATT messages, the user-
1522 * space first establishes the connection and then starts the pairing
1523 * process.
1524 *
1525 * So if a hci_conn object already exists for the following connection
1526 * attempt, we simply update pending_sec_level and auth_type fields
1527 * and return the object found.
1528 */
9d4c1cc1 1529 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
f75113a2
JP		 1530 if (conn) {
1531 if (conn->pending_sec_level < sec_level)
1532 conn->pending_sec_level = sec_level;
1533 goto done;
1534 }
1535
1536 BT_DBG("requesting refresh of dst_addr");
1537
181a42ed 1538 conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
f75113a2
JP		 1539 if (!conn)
1540 return ERR_PTR(-ENOMEM);
1541
d088337c
NE		 1542 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1543 hci_conn_del(conn);
f75113a2 1544 return ERR_PTR(-EBUSY);
d088337c 1545 }
f75113a2
JP		 1546
1547 conn->state = BT_CONNECT;
1548 set_bit(HCI_CONN_SCANNING, &conn->flags);
f75113a2
JP		 1549 conn->dst_type = dst_type;
1550 conn->sec_level = BT_SECURITY_LOW;
1551 conn->pending_sec_level = sec_level;
1552 conn->conn_timeout = conn_timeout;
76b13996 1553 conn->conn_reason = conn_reason;
f75113a2 1554
5bee2fd6 1555 hci_update_passive_scan(hdev);
84235d22 1556
f75113a2
JP		 1557done:
1558 hci_conn_hold(conn);
1559 return conn;
1560}
1561
04a6c589 1562struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
76b13996 1563 u8 sec_level, u8 auth_type,
bf98feea 1564 enum conn_reasons conn_reason, u16 timeout)
1da177e4
LT		 1565{
1566 struct hci_conn *acl;
fcd89c09 1567
d7a5a11d 1568 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
c411110e
LR		 1569 if (lmp_bredr_capable(hdev))
1570 return ERR_PTR(-ECONNREFUSED);
1571
beb19e4c 1572 return ERR_PTR(-EOPNOTSUPP);
c411110e 1573 }
56f87901 1574
1ffc6f8c
LCY		 1575 /* Reject outgoing connection to device with same BD ADDR against
1576 * CVE-2020-26555
1577 */
1578 if (!bacmp(&hdev->bdaddr, dst)) {
1579 bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n",
1580 dst);
1581 return ERR_PTR(-ECONNREFUSED);
1582 }
1583
70f23020
AE		 1584 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1585 if (!acl) {
181a42ed 1586 acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 1587 if (!acl)
48c7aba9 1588 return ERR_PTR(-ENOMEM);
1da177e4
LT		 1589 }
1590
1591 hci_conn_hold(acl);
1592
76b13996 1593 acl->conn_reason = conn_reason;
09ab6f4c 1594 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
45340097
JD		 1595 int err;
1596
765c2a96
JH		 1597 acl->sec_level = BT_SECURITY_LOW;
1598 acl->pending_sec_level = sec_level;
09ab6f4c 1599 acl->auth_type = auth_type;
bf98feea 1600 acl->conn_timeout = timeout;
45340097 1601
5f641f03 1602 err = hci_connect_acl_sync(hdev, acl);
45340097
JD		 1603 if (err) {
1604 hci_conn_del(acl);
1605 return ERR_PTR(err);
1606 }
09ab6f4c 1607 }
1da177e4 1608
db474275
VCG		 1609 return acl;
1610}
1611
06149746
LAD		 1612static struct hci_link *hci_conn_link(struct hci_conn *parent,
1613 struct hci_conn *conn)
1614{
1615 struct hci_dev *hdev = parent->hdev;
1616 struct hci_link *link;
1617
1618 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1619
1620 if (conn->link)
1621 return conn->link;
1622
1623 if (conn->parent)
1624 return NULL;
1625
1626 link = kzalloc(sizeof(*link), GFP_KERNEL);
1627 if (!link)
1628 return NULL;
1629
1630 link->conn = hci_conn_hold(conn);
1631 conn->link = link;
1632 conn->parent = hci_conn_get(parent);
1633
1634 /* Use list_add_tail_rcu append to the list */
1635 list_add_tail_rcu(&link->list, &parent->link_list);
1636
1637 return link;
1638}
1639
10c62ddc 1640struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
bf98feea
LAD		 1641 __u16 setting, struct bt_codec *codec,
1642 u16 timeout)
db474275
VCG		 1643{
1644 struct hci_conn *acl;
1645 struct hci_conn *sco;
06149746 1646 struct hci_link *link;
db474275 1647
76b13996 1648 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
bf98feea 1649 CONN_REASON_SCO_CONNECT, timeout);
db474275 1650 if (IS_ERR(acl))
5b7f9909 1651 return acl;
1da177e4 1652
70f23020
AE		 1653 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1654 if (!sco) {
181a42ed 1655 sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 1656 if (!sco) {
76a68ba0 1657 hci_conn_drop(acl);
48c7aba9 1658 return ERR_PTR(-ENOMEM);
1da177e4 1659 }
5b7f9909 1660 }
1da177e4 1661
06149746
LAD		 1662 link = hci_conn_link(acl, sco);
1663 if (!link) {
1664 hci_conn_drop(acl);
1665 hci_conn_drop(sco);
b4066eb0 1666 return ERR_PTR(-ENOLINK);
06149746 1667 }
1da177e4 1668
10c62ddc 1669 sco->setting = setting;
b2af264a 1670 sco->codec = *codec;
10c62ddc 1671
5b7f9909 1672 if (acl->state == BT_CONNECTED &&
5974e4c4 1673 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 1674 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 1675 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 1676
51a8efd7 1677 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 1678 /* defer SCO setup until mode change completed */
51a8efd7 1679 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 1680 return sco;
1681 }
1682
1683 hci_sco_setup(acl, 0x00);
b6a0dc82 1684 }
5b7f9909
MH		 1685
1686 return sco;
1da177e4 1687}
1da177e4 1688
eca0ae4a
LAD		 1689static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1690{
1691 struct hci_dev *hdev = conn->hdev;
1692 struct hci_cp_le_create_big cp;
a0bfde16 1693 struct iso_list_data data;
eca0ae4a
LAD		 1694
1695 memset(&cp, 0, sizeof(cp));
1696
a0bfde16
IT		 1697 data.big = qos->bcast.big;
1698 data.bis = qos->bcast.bis;
1699 data.count = 0;
1700
1701 /* Create a BIS for each bound connection */
1702 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1703 BT_BOUND, &data);
1704
0fe8c8d0
IT		 1705 cp.handle = qos->bcast.big;
1706 cp.adv_handle = qos->bcast.bis;
a0bfde16 1707 cp.num_bis = data.count;
0fe8c8d0
IT		 1708 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1709 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1710 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1711 cp.bis.rtn = qos->bcast.out.rtn;
1712 cp.bis.phy = qos->bcast.out.phy;
1713 cp.bis.packing = qos->bcast.packing;
1714 cp.bis.framing = qos->bcast.framing;
1715 cp.bis.encryption = qos->bcast.encryption;
1716 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
eca0ae4a
LAD		 1717
1718 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1719}
1720
a0912892 1721static int set_cig_params_sync(struct hci_dev *hdev, void *data)
6b9545dc 1722{
a1f6c3ae 1723 u8 cig_id = PTR_UINT(data);
a0912892
LAD		 1724 struct hci_conn *conn;
1725 struct bt_iso_qos *qos;
1726 struct iso_cig_params pdu;
1727 u8 cis_id;
6b9545dc 1728
a0912892
LAD		 1729 conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1730 if (!conn)
1731 return 0;
6b9545dc 1732
a0912892 1733 memset(&pdu, 0, sizeof(pdu));
6b9545dc 1734
a0912892
LAD		 1735 qos = &conn->iso_qos;
1736 pdu.cp.cig_id = cig_id;
1737 hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1738 hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1739 pdu.cp.sca = qos->ucast.sca;
1740 pdu.cp.packing = qos->ucast.packing;
1741 pdu.cp.framing = qos->ucast.framing;
1742 pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1743 pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
6b9545dc 1744
a0912892
LAD		 1745 /* Reprogram all CIS(s) with the same CIG, valid range are:
1746 * num_cis: 0x00 to 0x1F
1747 * cis_id: 0x00 to 0xEF
1748 */
1749 for (cis_id = 0x00; cis_id < 0xf0 &&
1750 pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1751 struct hci_cis_params *cis;
1752
1753 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1754 if (!conn)
1755 continue;
6b9545dc 1756
a0912892
LAD		 1757 qos = &conn->iso_qos;
1758
1759 cis = &pdu.cis[pdu.cp.num_cis++];
1760 cis->cis_id = cis_id;
1761 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1762 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1763 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1764 qos->ucast.in.phy;
1765 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1766 qos->ucast.out.phy;
1767 cis->c_rtn = qos->ucast.out.rtn;
1768 cis->p_rtn = qos->ucast.in.rtn;
1769 }
1770
1771 if (!pdu.cp.num_cis)
1772 return 0;
1773
1774 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1775 sizeof(pdu.cp) +
1776 pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
6b9545dc
PV		 1777 HCI_CMD_TIMEOUT);
1778}
1779
26afbd82
LAD		 1780static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1781{
1782 struct hci_dev *hdev = conn->hdev;
1783 struct iso_list_data data;
1784
1785 memset(&data, 0, sizeof(data));
1786
e6a7a46b 1787 /* Allocate first still reconfigurable CIG if not set */
0fe8c8d0 1788 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
e6a7a46b 1789 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
26afbd82 1790 data.count = 0;
26afbd82 1791
e6a7a46b
PV		 1792 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1793 BT_CONNECT, &data);
26afbd82
LAD		 1794 if (data.count)
1795 continue;
1796
e6a7a46b 1797 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
26afbd82
LAD		 1798 BT_CONNECTED, &data);
1799 if (!data.count)
1800 break;
1801 }
1802
e6a7a46b 1803 if (data.cig == 0xf0)
26afbd82
LAD		 1804 return false;
1805
1806 /* Update CIG */
0fe8c8d0 1807 qos->ucast.cig = data.cig;
26afbd82
LAD		 1808 }
1809
0fe8c8d0 1810 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
a0912892
LAD		 1811 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1812 qos->ucast.cis))
26afbd82 1813 return false;
a0912892 1814 goto done;
26afbd82
LAD		 1815 }
1816
a0912892
LAD		 1817 /* Allocate first available CIS if not set */
1818 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1819 data.cis++) {
1820 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1821 data.cis)) {
26afbd82 1822 /* Update CIS */
0fe8c8d0 1823 qos->ucast.cis = data.cis;
a0912892 1824 break;
26afbd82
LAD		 1825 }
1826 }
1827
a0912892 1828 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
26afbd82
LAD		 1829 return false;
1830
a0912892
LAD		 1831done:
1832 if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
a1f6c3ae 1833 UINT_PTR(qos->ucast.cig), NULL) < 0)
6b9545dc 1834 return false;
6b9545dc 1835
26afbd82
LAD		 1836 return true;
1837}
1838
26afbd82
LAD		 1839struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1840 __u8 dst_type, struct bt_iso_qos *qos)
1841{
1842 struct hci_conn *cis;
1843
c14516fa
LAD		 1844 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1845 qos->ucast.cis);
26afbd82 1846 if (!cis) {
181a42ed 1847 cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
26afbd82
LAD		 1848 if (!cis)
1849 return ERR_PTR(-ENOMEM);
1850 cis->cleanup = cis_cleanup;
b36a234d 1851 cis->dst_type = dst_type;
b5793de3
PV		 1852 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1853 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
26afbd82
LAD		 1854 }
1855
1856 if (cis->state == BT_CONNECTED)
1857 return cis;
1858
1859 /* Check if CIS has been set and the settings matches */
1860 if (cis->state == BT_BOUND &&
1861 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1862 return cis;
1863
1864 /* Update LINK PHYs according to QoS preference */
0fe8c8d0
IT		 1865 cis->le_tx_phy = qos->ucast.out.phy;
1866 cis->le_rx_phy = qos->ucast.in.phy;
26afbd82
LAD		 1867
1868 /* If output interval is not set use the input interval as it cannot be
1869 * 0x000000.
1870 */
0fe8c8d0
IT		 1871 if (!qos->ucast.out.interval)
1872 qos->ucast.out.interval = qos->ucast.in.interval;
26afbd82
LAD		 1873
1874 /* If input interval is not set use the output interval as it cannot be
1875 * 0x000000.
1876 */
0fe8c8d0
IT		 1877 if (!qos->ucast.in.interval)
1878 qos->ucast.in.interval = qos->ucast.out.interval;
26afbd82
LAD		 1879
1880 /* If output latency is not set use the input latency as it cannot be
1881 * 0x0000.
1882 */
0fe8c8d0
IT		 1883 if (!qos->ucast.out.latency)
1884 qos->ucast.out.latency = qos->ucast.in.latency;
26afbd82
LAD		 1885
1886 /* If input latency is not set use the output latency as it cannot be
1887 * 0x0000.
1888 */
0fe8c8d0
IT		 1889 if (!qos->ucast.in.latency)
1890 qos->ucast.in.latency = qos->ucast.out.latency;
26afbd82 1891
26afbd82
LAD		 1892 if (!hci_le_set_cig_params(cis, qos)) {
1893 hci_conn_drop(cis);
1894 return ERR_PTR(-EINVAL);
1895 }
1896
69997d50
PV		 1897 hci_conn_hold(cis);
1898
26afbd82
LAD		 1899 cis->iso_qos = *qos;
1900 cis->state = BT_BOUND;
1901
1902 return cis;
1903}
1904
1905bool hci_iso_setup_path(struct hci_conn *conn)
1906{
1907 struct hci_dev *hdev = conn->hdev;
1908 struct hci_cp_le_setup_iso_path cmd;
1909
1910 memset(&cmd, 0, sizeof(cmd));
1911
0fe8c8d0 1912 if (conn->iso_qos.ucast.out.sdu) {
26afbd82
LAD		 1913 cmd.handle = cpu_to_le16(conn->handle);
1914 cmd.direction = 0x00; /* Input (Host to Controller) */
1915 cmd.path = 0x00; /* HCI path if enabled */
1916 cmd.codec = 0x03; /* Transparent Data */
1917
1918 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1919 &cmd) < 0)
1920 return false;
1921 }
1922
0fe8c8d0 1923 if (conn->iso_qos.ucast.in.sdu) {
26afbd82
LAD		 1924 cmd.handle = cpu_to_le16(conn->handle);
1925 cmd.direction = 0x01; /* Output (Controller to Host) */
1926 cmd.path = 0x00; /* HCI path if enabled */
1927 cmd.codec = 0x03; /* Transparent Data */
1928
1929 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1930 &cmd) < 0)
1931 return false;
1932 }
1933
1934 return true;
1935}
1936
7f74563e 1937int hci_conn_check_create_cis(struct hci_conn *conn)
26afbd82 1938{
7f74563e
PV		 1939 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1940 return -EINVAL;
26afbd82 1941
7f74563e 1942 if (!conn->parent || conn->parent->state != BT_CONNECTED ||
9f78191c 1943 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
7f74563e 1944 return 1;
26afbd82 1945
7f74563e
PV		 1946 return 0;
1947}
06149746 1948
7f74563e
PV		 1949static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1950{
1951 return hci_le_create_cis_sync(hdev);
1952}
06149746 1953
7f74563e
PV		 1954int hci_le_create_cis_pending(struct hci_dev *hdev)
1955{
1956 struct hci_conn *conn;
1957 bool pending = false;
06149746 1958
7f74563e 1959 rcu_read_lock();
06149746 1960
7f74563e
PV		 1961 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1962 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
1963 rcu_read_unlock();
1964 return -EBUSY;
06149746
LAD		 1965 }
1966
7f74563e
PV		 1967 if (!hci_conn_check_create_cis(conn))
1968 pending = true;
26afbd82
LAD		 1969 }
1970
7f74563e
PV		 1971 rcu_read_unlock();
1972
1973 if (!pending)
26afbd82
LAD		 1974 return 0;
1975
1976 /* Queue Create CIS */
7f74563e 1977 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
26afbd82
LAD		 1978}
1979
1980static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
1981 struct bt_iso_io_qos *qos, __u8 phy)
1982{
1983 /* Only set MTU if PHY is enabled */
1984 if (!qos->sdu && qos->phy) {
1985 if (hdev->iso_mtu > 0)
1986 qos->sdu = hdev->iso_mtu;
1987 else if (hdev->le_mtu > 0)
1988 qos->sdu = hdev->le_mtu;
1989 else
1990 qos->sdu = hdev->acl_mtu;
1991 }
1992
1993 /* Use the same PHY as ACL if set to any */
1994 if (qos->phy == BT_ISO_PHY_ANY)
1995 qos->phy = phy;
1996
1997 /* Use LE ACL connection interval if not set */
1998 if (!qos->interval)
1999 /* ACL interval unit in 1.25 ms to us */
2000 qos->interval = conn->le_conn_interval * 1250;
2001
2002 /* Use LE ACL connection latency if not set */
2003 if (!qos->latency)
2004 qos->latency = conn->le_conn_latency;
2005}
2006
eca0ae4a
LAD		 2007static int create_big_sync(struct hci_dev *hdev, void *data)
2008{
2009 struct hci_conn *conn = data;
2010 struct bt_iso_qos *qos = &conn->iso_qos;
2011 u16 interval, sync_interval = 0;
2012 u32 flags = 0;
2013 int err;
2014
0fe8c8d0 2015 if (qos->bcast.out.phy == 0x02)
eca0ae4a
LAD		 2016 flags |= MGMT_ADV_FLAG_SEC_2M;
2017
2018 /* Align intervals */
14f0dcec 2019 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
eca0ae4a 2020
0fe8c8d0 2021 if (qos->bcast.bis)
14f0dcec 2022 sync_interval = interval * 4;
eca0ae4a 2023
0fe8c8d0 2024 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
eca0ae4a
LAD		 2025 conn->le_per_adv_data, flags, interval,
2026 interval, sync_interval);
2027 if (err)
2028 return err;
2029
2030 return hci_le_create_big(conn, &conn->iso_qos);
2031}
2032
2033static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2034{
2035 struct hci_cp_le_pa_create_sync *cp = data;
2036
2037 bt_dev_dbg(hdev, "");
2038
2039 if (err)
2040 bt_dev_err(hdev, "Unable to create PA: %d", err);
2041
2042 kfree(cp);
2043}
2044
2045static int create_pa_sync(struct hci_dev *hdev, void *data)
2046{
2047 struct hci_cp_le_pa_create_sync *cp = data;
2048 int err;
2049
2050 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2051 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2052 if (err) {
2053 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2054 return err;
2055 }
2056
2057 return hci_update_passive_scan_sync(hdev);
2058}
2059
2060int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
0fe8c8d0 2061 __u8 sid, struct bt_iso_qos *qos)
eca0ae4a
LAD		 2062{
2063 struct hci_cp_le_pa_create_sync *cp;
2064
2065 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2066 return -EBUSY;
2067
37224a29 2068 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
eca0ae4a
LAD		 2069 if (!cp) {
2070 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2071 return -ENOMEM;
2072 }
2073
0fe8c8d0 2074 cp->options = qos->bcast.options;
eca0ae4a
LAD		 2075 cp->sid = sid;
2076 cp->addr_type = dst_type;
2077 bacpy(&cp->addr, dst);
0fe8c8d0
IT		 2078 cp->skip = cpu_to_le16(qos->bcast.skip);
2079 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2080 cp->sync_cte_type = qos->bcast.sync_cte_type;
eca0ae4a
LAD		 2081
2082 /* Queue start pa_create_sync and scan */
2083 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2084}
2085
fbdc4bc4
IT		 2086int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
2087 struct bt_iso_qos *qos,
eca0ae4a
LAD		 2088 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2089{
2090 struct _packed {
2091 struct hci_cp_le_big_create_sync cp;
2092 __u8 bis[0x11];
2093 } pdu;
2094 int err;
2095
31ca583b 2096 if (num_bis < 0x01 || num_bis > sizeof(pdu.bis))
eca0ae4a
LAD		 2097 return -EINVAL;
2098
2099 err = qos_set_big(hdev, qos);
2100 if (err)
2101 return err;
2102
fbdc4bc4
IT		 2103 if (hcon)
2104 hcon->iso_qos.bcast.big = qos->bcast.big;
2105
eca0ae4a 2106 memset(&pdu, 0, sizeof(pdu));
0fe8c8d0 2107 pdu.cp.handle = qos->bcast.big;
eca0ae4a 2108 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
0fe8c8d0
IT		 2109 pdu.cp.encryption = qos->bcast.encryption;
2110 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2111 pdu.cp.mse = qos->bcast.mse;
2112 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
eca0ae4a
LAD		 2113 pdu.cp.num_bis = num_bis;
2114 memcpy(pdu.bis, bis, num_bis);
2115
2116 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2117 sizeof(pdu.cp) + num_bis, &pdu);
2118}
2119
2120static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2121{
2122 struct hci_conn *conn = data;
2123
2124 bt_dev_dbg(hdev, "conn %p", conn);
2125
2126 if (err) {
2127 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2128 hci_connect_cfm(conn, err);
2129 hci_conn_del(conn);
2130 }
2131}
2132
a0bfde16
IT		 2133struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2134 struct bt_iso_qos *qos,
2135 __u8 base_len, __u8 *base)
eca0ae4a
LAD		 2136{
2137 struct hci_conn *conn;
fa224d0c 2138 struct hci_conn *parent;
a0bfde16 2139 __u8 eir[HCI_MAX_PER_AD_LENGTH];
fa224d0c
IT		 2140 struct hci_link *link;
2141
2142 /* Look for any BIS that is open for rebinding */
2143 conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN);
2144 if (conn) {
2145 memcpy(qos, &conn->iso_qos, sizeof(*qos));
2146 conn->state = BT_CONNECTED;
2147 return conn;
2148 }
a0bfde16
IT		 2149
2150 if (base_len && base)
2151 base_len = eir_append_service_data(eir, 0, 0x1851,
2152 base, base_len);
eca0ae4a
LAD		 2153
2154 /* We need hci_conn object using the BDADDR_ANY as dst */
a0bfde16 2155 conn = hci_add_bis(hdev, dst, qos, base_len, eir);
eca0ae4a
LAD		 2156 if (IS_ERR(conn))
2157 return conn;
2158
a0bfde16
IT		 2159 /* Update LINK PHYs according to QoS preference */
2160 conn->le_tx_phy = qos->bcast.out.phy;
2161 conn->le_tx_phy = qos->bcast.out.phy;
eca0ae4a
LAD		 2162
2163 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2164 if (base_len && base) {
a0bfde16 2165 memcpy(conn->le_per_adv_data, eir, sizeof(eir));
eca0ae4a
LAD		 2166 conn->le_per_adv_data_len = base_len;
2167 }
2168
a0bfde16
IT		 2169 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2170 conn->le_tx_phy ? conn->le_tx_phy :
2171 hdev->le_tx_def_phys);
2172
2173 conn->iso_qos = *qos;
2174 conn->state = BT_BOUND;
2175
fa224d0c
IT		 2176 /* Link BISes together */
2177 parent = hci_conn_hash_lookup_big(hdev,
2178 conn->iso_qos.bcast.big);
2179 if (parent && parent != conn) {
2180 link = hci_conn_link(parent, conn);
2181 if (!link) {
2182 hci_conn_drop(conn);
2183 return ERR_PTR(-ENOLINK);
2184 }
2185
2186 /* Link takes the refcount */
2187 hci_conn_drop(conn);
2188 }
2189
a0bfde16
IT		 2190 return conn;
2191}
2192
2193static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2194{
2195 struct iso_list_data *d = data;
2196
2197 /* Skip if not broadcast/ANY address */
2198 if (bacmp(&conn->dst, BDADDR_ANY))
2199 return;
2200
2201 if (d->big != conn->iso_qos.bcast.big ||
2202 d->bis == BT_ISO_QOS_BIS_UNSET ||
2203 d->bis != conn->iso_qos.bcast.bis)
2204 return;
2205
2206 set_bit(HCI_CONN_PER_ADV, &conn->flags);
2207}
2208
2209struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2210 __u8 dst_type, struct bt_iso_qos *qos,
2211 __u8 base_len, __u8 *base)
2212{
2213 struct hci_conn *conn;
2214 int err;
2215 struct iso_list_data data;
2216
2217 conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2218 if (IS_ERR(conn))
2219 return conn;
2220
fa224d0c
IT		 2221 if (conn->state == BT_CONNECTED)
2222 return conn;
2223
a0bfde16
IT		 2224 data.big = qos->bcast.big;
2225 data.bis = qos->bcast.bis;
2226
2227 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2228 * the start periodic advertising and create BIG commands have
2229 * been queued
2230 */
2231 hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2232 BT_BOUND, &data);
2233
eca0ae4a
LAD		 2234 /* Queue start periodic advertising and create BIG */
2235 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2236 create_big_complete);
2237 if (err < 0) {
2238 hci_conn_drop(conn);
2239 return ERR_PTR(err);
2240 }
2241
eca0ae4a
LAD		 2242 return conn;
2243}
2244
26afbd82
LAD		 2245struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2246 __u8 dst_type, struct bt_iso_qos *qos)
2247{
2248 struct hci_conn *le;
2249 struct hci_conn *cis;
06149746 2250 struct hci_link *link;
26afbd82 2251
26afbd82
LAD		 2252 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2253 le = hci_connect_le(hdev, dst, dst_type, false,
2254 BT_SECURITY_LOW,
2255 HCI_LE_CONN_TIMEOUT,
2256 HCI_ROLE_SLAVE);
2257 else
2258 le = hci_connect_le_scan(hdev, dst, dst_type,
2259 BT_SECURITY_LOW,
2260 HCI_LE_CONN_TIMEOUT,
2261 CONN_REASON_ISO_CONNECT);
2262 if (IS_ERR(le))
2263 return le;
2264
0fe8c8d0 2265 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
26afbd82 2266 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
0fe8c8d0 2267 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
26afbd82
LAD		 2268 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2269
2270 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2271 if (IS_ERR(cis)) {
2272 hci_conn_drop(le);
2273 return cis;
2274 }
2275
06149746
LAD		 2276 link = hci_conn_link(le, cis);
2277 if (!link) {
2278 hci_conn_drop(le);
2279 hci_conn_drop(cis);
b4066eb0 2280 return ERR_PTR(-ENOLINK);
06149746 2281 }
26afbd82 2282
69997d50
PV		 2283 /* Link takes the refcount */
2284 hci_conn_drop(cis);
2285
7f74563e
PV		 2286 cis->state = BT_CONNECT;
2287
2288 hci_le_create_cis_pending(hdev);
26afbd82
LAD		 2289
2290 return cis;
2291}
2292
e7c29cb1
MH		 2293/* Check link security requirement */
2294int hci_conn_check_link_mode(struct hci_conn *conn)
2295{
38b3fef1 2296 BT_DBG("hcon %p", conn);
e7c29cb1 2297
40b552aa
MH		 2298 /* In Secure Connections Only mode, it is required that Secure
2299 * Connections is used and the link is encrypted with AES-CCM
2300 * using a P-256 authenticated combination key.
2301 */
d7a5a11d 2302 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
40b552aa
MH		 2303 if (!hci_conn_sc_enabled(conn) ||
2304 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2305 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2306 return 0;
2307 }
2308
8746f135
LAD		 2309 /* AES encryption is required for Level 4:
2310 *
2311 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2312 * page 1319:
2313 *
2314 * 128-bit equivalent strength for link and encryption keys
2315 * required using FIPS approved algorithms (E0 not allowed,
2316 * SAFER+ not allowed, and P-192 not allowed; encryption key
2317 * not shortened)
2318 */
2319 if (conn->sec_level == BT_SECURITY_FIPS &&
2320 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2321 bt_dev_err(conn->hdev,
2322 "Invalid security: Missing AES-CCM usage");
2323 return 0;
2324 }
2325
4dae2798
JH		 2326 if (hci_conn_ssp_enabled(conn) &&
2327 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 2328 return 0;
2329
2330 return 1;
2331}
e7c29cb1 2332
1da177e4 2333/* Authenticate remote device */
0684e5f9 2334static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 2335{
38b3fef1 2336 BT_DBG("hcon %p", conn);
1da177e4 2337
765c2a96
JH		 2338 if (conn->pending_sec_level > sec_level)
2339 sec_level = conn->pending_sec_level;
2340
96a31833 2341 if (sec_level > conn->sec_level)
765c2a96 2342 conn->pending_sec_level = sec_level;
4dae2798 2343 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 2344 return 1;
2345
65cf686e
JH		 2346 /* Make sure we preserve an existing MITM requirement*/
2347 auth_type |= (conn->auth_type & 0x01);
2348
96a31833
MH		 2349 conn->auth_type = auth_type;
2350
51a8efd7 2351 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 2352 struct hci_cp_auth_requested cp;
b7d05bad 2353
aca3192c 2354 cp.handle = cpu_to_le16(conn->handle);
40be492f 2355 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 2356 sizeof(cp), &cp);
09da1f34 2357
d03376c1
LAD		 2358 /* Set the ENCRYPT_PEND to trigger encryption after
2359 * authentication.
09da1f34 2360 */
d03376c1 2361 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
09da1f34 2362 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2363 }
8c1b2355 2364
1da177e4
LT		 2365 return 0;
2366}
1da177e4 2367
bb6d6895 2368/* Encrypt the link */
13d39315
WR		 2369static void hci_conn_encrypt(struct hci_conn *conn)
2370{
38b3fef1 2371 BT_DBG("hcon %p", conn);
13d39315 2372
51a8efd7 2373 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 2374 struct hci_cp_set_conn_encrypt cp;
2375 cp.handle = cpu_to_le16(conn->handle);
2376 cp.encrypt = 0x01;
2377 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 2378 &cp);
13d39315
WR		 2379 }
2380}
2381
8c1b2355 2382/* Enable security */
e7cafc45
JH		 2383int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2384 bool initiator)
1da177e4 2385{
38b3fef1 2386 BT_DBG("hcon %p", conn);
1da177e4 2387
d8343f12
VCG		 2388 if (conn->type == LE_LINK)
2389 return smp_conn_security(conn, sec_level);
2390
13d39315 2391 /* For sdp we don't need the link key. */
8c1b2355
MH		 2392 if (sec_level == BT_SECURITY_SDP)
2393 return 1;
2394
13d39315
WR		 2395 /* For non 2.1 devices and low security level we don't need the link
2396 key. */
aa64a8b5 2397 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 2398 return 1;
8c1b2355 2399
13d39315 2400 /* For other security levels we need the link key. */
4dae2798 2401 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 2402 goto auth;
2403
1d8e8014
YH		 2404 switch (conn->key_type) {
2405 case HCI_LK_AUTH_COMBINATION_P256:
2406 /* An authenticated FIPS approved combination key has
2407 * sufficient security for security level 4 or lower.
2408 */
2409 if (sec_level <= BT_SECURITY_FIPS)
2410 goto encrypt;
2411 break;
2412 case HCI_LK_AUTH_COMBINATION_P192:
2413 /* An authenticated combination key has sufficient security for
2414 * security level 3 or lower.
2415 */
2416 if (sec_level <= BT_SECURITY_HIGH)
2417 goto encrypt;
2418 break;
2419 case HCI_LK_UNAUTH_COMBINATION_P192:
2420 case HCI_LK_UNAUTH_COMBINATION_P256:
2421 /* An unauthenticated combination key has sufficient security
2422 * for security level 2 or lower.
2423 */
2424 if (sec_level <= BT_SECURITY_MEDIUM)
2425 goto encrypt;
2426 break;
2427 case HCI_LK_COMBINATION:
2428 /* A combination key has always sufficient security for the
2429 * security levels 2 or lower. High security level requires the
2430 * combination key is generated using maximum PIN code length
2431 * (16). For pre 2.1 units.
2432 */
2433 if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16)
2434 goto encrypt;
2435 break;
2436 default:
2437 break;
2438 }
13d39315
WR		 2439
2440auth:
51a8efd7 2441 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 2442 return 0;
2443
977f8fce
JH		 2444 if (initiator)
2445 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2446
6fdf658c
LAD		 2447 if (!hci_conn_auth(conn, sec_level, auth_type))
2448 return 0;
13d39315
WR		 2449
2450encrypt:
693cd8ce
MH		 2451 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2452 /* Ensure that the encryption key size has been read,
2453 * otherwise stall the upper layer responses.
2454 */
2455 if (!conn->enc_key_size)
2456 return 0;
2457
2458 /* Nothing else needed, all requirements are met */
13d39315 2459 return 1;
693cd8ce 2460 }
8c1b2355 2461
13d39315 2462 hci_conn_encrypt(conn);
1da177e4
LT		 2463 return 0;
2464}
8c1b2355 2465EXPORT_SYMBOL(hci_conn_security);
1da177e4 2466
b3b1b061
WR		 2467/* Check secure link requirement */
2468int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2469{
38b3fef1 2470 BT_DBG("hcon %p", conn);
b3b1b061 2471
9cb2e030
MH		 2472 /* Accept if non-secure or higher security level is required */
2473 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2474 return 1;
b3b1b061 2475
9cb2e030
MH		 2476 /* Accept if secure or higher security level is already present */
2477 if (conn->sec_level == BT_SECURITY_HIGH ||
2478 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 2479 return 1;
2480
9cb2e030
MH		 2481 /* Reject not secure link */
2482 return 0;
b3b1b061
WR		 2483}
2484EXPORT_SYMBOL(hci_conn_check_secure);
2485
1da177e4 2486/* Switch role */
8c1b2355 2487int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 2488{
38b3fef1 2489 BT_DBG("hcon %p", conn);
1da177e4 2490
40bef302 2491 if (role == conn->role)
1da177e4
LT		 2492 return 1;
2493
51a8efd7 2494 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 2495 struct hci_cp_switch_role cp;
2496 bacpy(&cp.bdaddr, &conn->dst);
2497 cp.role = role;
a9de9248 2498 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 2499 }
8c1b2355 2500
1da177e4
LT		 2501 return 0;
2502}
2503EXPORT_SYMBOL(hci_conn_switch_role);
2504
04837f64 2505/* Enter active mode */
14b12d0b 2506void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 2507{
2508 struct hci_dev *hdev = conn->hdev;
2509
38b3fef1 2510 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 2511
14b12d0b
JG		 2512 if (conn->mode != HCI_CM_SNIFF)
2513 goto timer;
2514
58a681ef 2515 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 2516 goto timer;
2517
51a8efd7 2518 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 2519 struct hci_cp_exit_sniff_mode cp;
aca3192c 2520 cp.handle = cpu_to_le16(conn->handle);
a9de9248 2521 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 2522 }
2523
2524timer:
2525 if (hdev->idle_timeout > 0)
a74a84f6
JH		 2526 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2527 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 2528}
2529
1da177e4
LT		 2530/* Drop all connection on the device */
2531void hci_conn_hash_flush(struct hci_dev *hdev)
2532{
a2ac591c
RL		 2533 struct list_head *head = &hdev->conn_hash.list;
2534 struct hci_conn *conn;
1da177e4
LT		 2535
2536 BT_DBG("hdev %s", hdev->name);
2537
a2ac591c
RL		 2538 /* We should not traverse the list here, because hci_conn_del
2539 * can remove extra links, which may cause the list traversal
2540 * to hit items that have already been released.
2541 */
2542 while ((conn = list_first_entry_or_null(head,
2543 struct hci_conn,
2544 list)) != NULL) {
2545 conn->state = BT_CLOSED;
2546 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
a2ac591c 2547 hci_conn_del(conn);
1da177e4
LT		 2548 }
2549}
2550
4dae2798
JH		 2551static u32 get_link_mode(struct hci_conn *conn)
2552{
2553 u32 link_mode = 0;
2554
40bef302 2555 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 2556 link_mode |= HCI_LM_MASTER;
2557
2558 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2559 link_mode |= HCI_LM_ENCRYPT;
2560
2561 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2562 link_mode |= HCI_LM_AUTH;
2563
2564 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2565 link_mode |= HCI_LM_SECURE;
2566
2567 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2568 link_mode |= HCI_LM_FIPS;
2569
2570 return link_mode;
2571}
2572
1da177e4
LT		 2573int hci_get_conn_list(void __user *arg)
2574{
fc5fef61 2575 struct hci_conn *c;
1da177e4
LT		 2576 struct hci_conn_list_req req, *cl;
2577 struct hci_conn_info *ci;
2578 struct hci_dev *hdev;
1da177e4
LT		 2579 int n = 0, size, err;
2580
2581 if (copy_from_user(&req, arg, sizeof(req)))
2582 return -EFAULT;
2583
2584 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2585 return -EINVAL;
2586
2587 size = sizeof(req) + req.conn_num * sizeof(*ci);
2588
70f23020
AE		 2589 cl = kmalloc(size, GFP_KERNEL);
2590 if (!cl)
1da177e4
LT		 2591 return -ENOMEM;
2592
70f23020
AE		 2593 hdev = hci_dev_get(req.dev_id);
2594 if (!hdev) {
1da177e4
LT		 2595 kfree(cl);
2596 return -ENODEV;
2597 }
2598
2599 ci = cl->conn_info;
2600
09fd0de5 2601 hci_dev_lock(hdev);
8035ded4 2602 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 2603 bacpy(&(ci + n)->bdaddr, &c->dst);
2604 (ci + n)->handle = c->handle;
2605 (ci + n)->type = c->type;
2606 (ci + n)->out = c->out;
2607 (ci + n)->state = c->state;
4dae2798 2608 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 2609 if (++n >= req.conn_num)
2610 break;
2611 }
09fd0de5 2612 hci_dev_unlock(hdev);
1da177e4
LT		 2613
2614 cl->dev_id = hdev->id;
2615 cl->conn_num = n;
2616 size = sizeof(req) + n * sizeof(*ci);
2617
2618 hci_dev_put(hdev);
2619
2620 err = copy_to_user(arg, cl, size);
2621 kfree(cl);
2622
2623 return err ? -EFAULT : 0;
2624}
2625
2626int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2627{
2628 struct hci_conn_info_req req;
2629 struct hci_conn_info ci;
2630 struct hci_conn *conn;
2631 char __user *ptr = arg + sizeof(req);
2632
2633 if (copy_from_user(&req, arg, sizeof(req)))
2634 return -EFAULT;
2635
09fd0de5 2636 hci_dev_lock(hdev);
1da177e4
LT		 2637 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2638 if (conn) {
2639 bacpy(&ci.bdaddr, &conn->dst);
2640 ci.handle = conn->handle;
2641 ci.type = conn->type;
2642 ci.out = conn->out;
2643 ci.state = conn->state;
4dae2798 2644 ci.link_mode = get_link_mode(conn);
1da177e4 2645 }
09fd0de5 2646 hci_dev_unlock(hdev);
1da177e4
LT		 2647
2648 if (!conn)
2649 return -ENOENT;
2650
2651 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2652}
40be492f
MH		 2653
2654int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2655{
2656 struct hci_auth_info_req req;
2657 struct hci_conn *conn;
2658
2659 if (copy_from_user(&req, arg, sizeof(req)))
2660 return -EFAULT;
2661
09fd0de5 2662 hci_dev_lock(hdev);
40be492f
MH		 2663 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2664 if (conn)
2665 req.type = conn->auth_type;
09fd0de5 2666 hci_dev_unlock(hdev);
40be492f
MH		 2667
2668 if (!conn)
2669 return -ENOENT;
2670
2671 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2672}
73d80deb
LAD		 2673
2674struct hci_chan *hci_chan_create(struct hci_conn *conn)
2675{
2676 struct hci_dev *hdev = conn->hdev;
2677 struct hci_chan *chan;
2678
38b3fef1 2679 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 2680
f94b665d
JH		 2681 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2682 BT_DBG("Refusing to create new hci_chan");
2683 return NULL;
2684 }
2685
27f70f3e 2686 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 2687 if (!chan)
2688 return NULL;
2689
6c388d32 2690 chan->conn = hci_conn_get(conn);
73d80deb 2691 skb_queue_head_init(&chan->data_q);
168df8e5 2692 chan->state = BT_CONNECTED;
73d80deb 2693
8192edef 2694 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 2695
2696 return chan;
2697}
2698
9472007c 2699void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 2700{
2701 struct hci_conn *conn = chan->conn;
2702 struct hci_dev *hdev = conn->hdev;
2703
38b3fef1 2704 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 2705
8192edef
GP		 2706 list_del_rcu(&chan->list);
2707
2708 synchronize_rcu();
73d80deb 2709
bcbb655a 2710 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 2711 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 2712
6c388d32 2713 hci_conn_put(conn);
e9b02748 2714
73d80deb
LAD		 2715 skb_queue_purge(&chan->data_q);
2716 kfree(chan);
73d80deb
LAD		 2717}
2718
2c33c06a 2719void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 2720{
2a5a5ec6 2721 struct hci_chan *chan, *n;
73d80deb 2722
38b3fef1 2723 BT_DBG("hcon %p", conn);
73d80deb 2724
2a5a5ec6 2725 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 2726 hci_chan_del(chan);
2727}
42c4e53e
AE		 2728
2729static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2730 __u16 handle)
2731{
2732 struct hci_chan *hchan;
2733
2734 list_for_each_entry(hchan, &hcon->chan_list, list) {
2735 if (hchan->handle == handle)
2736 return hchan;
2737 }
2738
2739 return NULL;
2740}
2741
2742struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2743{
2744 struct hci_conn_hash *h = &hdev->conn_hash;
2745 struct hci_conn *hcon;
2746 struct hci_chan *hchan = NULL;
2747
2748 rcu_read_lock();
2749
2750 list_for_each_entry_rcu(hcon, &h->list, list) {
2751 hchan = __hci_chan_lookup_handle(hcon, handle);
2752 if (hchan)
2753 break;
2754 }
2755
2756 rcu_read_unlock();
2757
2758 return hchan;
2759}
eab2404b
LAD		 2760
2761u32 hci_conn_get_phy(struct hci_conn *conn)
2762{
2763 u32 phys = 0;
2764
eab2404b
LAD		 2765 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2766 * Table 6.2: Packets defined for synchronous, asynchronous, and
6397729b 2767 * CPB logical transport types.
eab2404b
LAD		 2768 */
2769 switch (conn->type) {
2770 case SCO_LINK:
2771 /* SCO logical transport (1 Mb/s):
2772 * HV1, HV2, HV3 and DV.
2773 */
2774 phys |= BT_PHY_BR_1M_1SLOT;
2775
2776 break;
2777
2778 case ACL_LINK:
2779 /* ACL logical transport (1 Mb/s) ptt=0:
2780 * DH1, DM3, DH3, DM5 and DH5.
2781 */
2782 phys |= BT_PHY_BR_1M_1SLOT;
2783
2784 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2785 phys |= BT_PHY_BR_1M_3SLOT;
2786
2787 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2788 phys |= BT_PHY_BR_1M_5SLOT;
2789
2790 /* ACL logical transport (2 Mb/s) ptt=1:
2791 * 2-DH1, 2-DH3 and 2-DH5.
2792 */
2793 if (!(conn->pkt_type & HCI_2DH1))
2794 phys |= BT_PHY_EDR_2M_1SLOT;
2795
2796 if (!(conn->pkt_type & HCI_2DH3))
2797 phys |= BT_PHY_EDR_2M_3SLOT;
2798
2799 if (!(conn->pkt_type & HCI_2DH5))
2800 phys |= BT_PHY_EDR_2M_5SLOT;
2801
2802 /* ACL logical transport (3 Mb/s) ptt=1:
2803 * 3-DH1, 3-DH3 and 3-DH5.
2804 */
2805 if (!(conn->pkt_type & HCI_3DH1))
2806 phys |= BT_PHY_EDR_3M_1SLOT;
2807
2808 if (!(conn->pkt_type & HCI_3DH3))
2809 phys |= BT_PHY_EDR_3M_3SLOT;
2810
2811 if (!(conn->pkt_type & HCI_3DH5))
2812 phys |= BT_PHY_EDR_3M_5SLOT;
2813
2814 break;
2815
2816 case ESCO_LINK:
2817 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2818 phys |= BT_PHY_BR_1M_1SLOT;
2819
2820 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2821 phys |= BT_PHY_BR_1M_3SLOT;
2822
2823 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2824 if (!(conn->pkt_type & ESCO_2EV3))
2825 phys |= BT_PHY_EDR_2M_1SLOT;
2826
2827 if (!(conn->pkt_type & ESCO_2EV5))
2828 phys |= BT_PHY_EDR_2M_3SLOT;
2829
2830 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2831 if (!(conn->pkt_type & ESCO_3EV3))
2832 phys |= BT_PHY_EDR_3M_1SLOT;
2833
2834 if (!(conn->pkt_type & ESCO_3EV5))
2835 phys |= BT_PHY_EDR_3M_3SLOT;
2836
2837 break;
2838
2839 case LE_LINK:
2840 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2841 phys |= BT_PHY_LE_1M_TX;
2842
2843 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2844 phys |= BT_PHY_LE_1M_RX;
2845
2846 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2847 phys |= BT_PHY_LE_2M_TX;
2848
2849 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2850 phys |= BT_PHY_LE_2M_RX;
2851
2852 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2853 phys |= BT_PHY_LE_CODED_TX;
2854
2855 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2856 phys |= BT_PHY_LE_CODED_RX;
2857
2858 break;
2859 }
2860
eab2404b
LAD		 2861 return phys;
2862}
1a942de0 2863
a13f316e 2864static int abort_conn_sync(struct hci_dev *hdev, void *data)
1a942de0 2865{
881559af 2866 struct hci_conn *conn = data;
1a942de0 2867
881559af
LAD		 2868 if (!hci_conn_valid(hdev, conn))
2869 return -ECANCELED;
b62e7220 2870
a13f316e
LAD		 2871 return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2872}
1a942de0 2873
a13f316e
LAD		 2874int hci_abort_conn(struct hci_conn *conn, u8 reason)
2875{
2876 struct hci_dev *hdev = conn->hdev;
1a942de0 2877
a13f316e
LAD		 2878 /* If abort_reason has already been set it means the connection is
2879 * already being aborted so don't attempt to overwrite it.
2880 */
2881 if (conn->abort_reason)
2882 return 0;
1a942de0 2883
a13f316e 2884 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
1a942de0 2885
a13f316e 2886 conn->abort_reason = reason;
1a942de0 2887
a13f316e
LAD		 2888 /* If the connection is pending check the command opcode since that
2889 * might be blocking on hci_cmd_sync_work while waiting its respective
2890 * event so we need to hci_cmd_sync_cancel to cancel it.
04a51d61
LAD		 2891 *
2892 * hci_connect_le serializes the connection attempts so only one
2893 * connection can be in BT_CONNECT at time.
a13f316e
LAD		 2894 */
2895 if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2896 switch (hci_skb_event(hdev->sent_cmd)) {
5f641f03 2897 case HCI_EV_CONN_COMPLETE:
a13f316e
LAD		 2898 case HCI_EV_LE_CONN_COMPLETE:
2899 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2900 case HCI_EVT_LE_CIS_ESTABLISHED:
2901 hci_cmd_sync_cancel(hdev, -ECANCELED);
2902 break;
1a942de0 2903 }
881559af
LAD		 2904 /* Cancel connect attempt if still queued/pending */
2905 } else if (!hci_cancel_connect_sync(hdev, conn)) {
2906 return 0;
1a942de0
BG		 2907 }
2908
881559af 2909 return hci_cmd_sync_queue_once(hdev, abort_conn_sync, conn, NULL);
1a942de0 2910}
Linux 6.x block layer and io_uring tree(s)