Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 | 2 | BlueZ - Bluetooth protocol stack for Linux |
2d0a0346 | 3 | Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. |
0fe8c8d0 | 4 | Copyright 2023 NXP |
1da177e4 LT |
5 | |
6 | Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> | |
7 | ||
8 | This program is free software; you can redistribute it and/or modify | |
9 | it under the terms of the GNU General Public License version 2 as | |
10 | published by the Free Software Foundation; | |
11 | ||
12 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
13 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
14 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
15 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
16 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
17 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
18 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
19 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
20 | ||
8e87d142 YH |
21 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
22 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
23 | SOFTWARE IS DISCLAIMED. |
24 | */ | |
25 | ||
26 | /* Bluetooth HCI connection handling. */ | |
27 | ||
8c520a59 | 28 | #include <linux/export.h> |
23b9ceb7 | 29 | #include <linux/debugfs.h> |
1da177e4 LT |
30 | |
31 | #include <net/bluetooth/bluetooth.h> | |
32 | #include <net/bluetooth/hci_core.h> | |
4bc58f51 | 33 | #include <net/bluetooth/l2cap.h> |
eca0ae4a LAD |
34 | #include <net/bluetooth/iso.h> |
35 | #include <net/bluetooth/mgmt.h> | |
1da177e4 | 36 | |
0857dd3b | 37 | #include "hci_request.h" |
ac4b7236 | 38 | #include "smp.h" |
eca0ae4a | 39 | #include "eir.h" |
7024728e | 40 | |
2dea632f FD |
41 | struct sco_param { |
42 | u16 pkt_type; | |
43 | u16 max_latency; | |
c7da5797 | 44 | u8 retrans_effort; |
2dea632f FD |
45 | }; |
46 | ||
e07a06b4 BG |
47 | struct conn_handle_t { |
48 | struct hci_conn *conn; | |
49 | __u16 handle; | |
50 | }; | |
51 | ||
48e68ff5 | 52 | static const struct sco_param esco_param_cvsd[] = { |
c7da5797 JH |
53 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */ |
54 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */ | |
55 | { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */ | |
56 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */ | |
57 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */ | |
2dea632f FD |
58 | }; |
59 | ||
48e68ff5 | 60 | static const struct sco_param sco_param_cvsd[] = { |
c7da5797 JH |
61 | { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */ |
62 | { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */ | |
48e68ff5 BT |
63 | }; |
64 | ||
565766b0 | 65 | static const struct sco_param esco_param_msbc[] = { |
c7da5797 JH |
66 | { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */ |
67 | { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */ | |
2dea632f FD |
68 | }; |
69 | ||
f75113a2 | 70 | /* This function requires the caller holds hdev->lock */ |
881559af | 71 | void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) |
f75113a2 JP |
72 | { |
73 | struct hci_conn_params *params; | |
b5c2b621 | 74 | struct hci_dev *hdev = conn->hdev; |
f75113a2 JP |
75 | struct smp_irk *irk; |
76 | bdaddr_t *bdaddr; | |
77 | u8 bdaddr_type; | |
78 | ||
79 | bdaddr = &conn->dst; | |
80 | bdaddr_type = conn->dst_type; | |
81 | ||
82 | /* Check if we need to convert to identity address */ | |
b5c2b621 | 83 | irk = hci_get_irk(hdev, bdaddr, bdaddr_type); |
f75113a2 JP |
84 | if (irk) { |
85 | bdaddr = &irk->bdaddr; | |
86 | bdaddr_type = irk->addr_type; | |
87 | } | |
88 | ||
17bc08f0 JH |
89 | params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr, |
90 | bdaddr_type); | |
19cf60bf | 91 | if (!params) |
f75113a2 JP |
92 | return; |
93 | ||
19cf60bf LAD |
94 | if (params->conn) { |
95 | hci_conn_drop(params->conn); | |
96 | hci_conn_put(params->conn); | |
97 | params->conn = NULL; | |
98 | } | |
99 | ||
100 | if (!params->explicit_connect) | |
101 | return; | |
102 | ||
103 | /* If the status indicates successful cancellation of | |
104 | * the attempt (i.e. Unknown Connection Id) there's no point of | |
105 | * notifying failure since we'll go back to keep trying to | |
106 | * connect. The only exception is explicit connect requests | |
107 | * where a timeout + cancel does indicate an actual failure. | |
108 | */ | |
109 | if (status && status != HCI_ERROR_UNKNOWN_CONN_ID) | |
110 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | |
111 | conn->dst_type, status); | |
112 | ||
f75113a2 JP |
113 | /* The connection attempt was doing scan for new RPA, and is |
114 | * in scan phase. If params are not associated with any other | |
115 | * autoconnect action, remove them completely. If they are, just unmark | |
116 | * them as waiting for connection, by clearing explicit_connect field. | |
117 | */ | |
9ad3e6ff JH |
118 | params->explicit_connect = false; |
119 | ||
195ef75e | 120 | hci_pend_le_list_del_init(params); |
9ad3e6ff JH |
121 | |
122 | switch (params->auto_connect) { | |
123 | case HCI_AUTO_CONN_EXPLICIT: | |
b5c2b621 | 124 | hci_conn_params_del(hdev, bdaddr, bdaddr_type); |
9ad3e6ff JH |
125 | /* return instead of break to avoid duplicate scan update */ |
126 | return; | |
127 | case HCI_AUTO_CONN_DIRECT: | |
128 | case HCI_AUTO_CONN_ALWAYS: | |
195ef75e | 129 | hci_pend_le_list_add(params, &hdev->pend_le_conns); |
9ad3e6ff JH |
130 | break; |
131 | case HCI_AUTO_CONN_REPORT: | |
195ef75e | 132 | hci_pend_le_list_add(params, &hdev->pend_le_reports); |
9ad3e6ff JH |
133 | break; |
134 | default: | |
135 | break; | |
168b8a25 | 136 | } |
9ad3e6ff | 137 | |
5bee2fd6 | 138 | hci_update_passive_scan(hdev); |
f75113a2 JP |
139 | } |
140 | ||
b958f9a3 JH |
141 | static void hci_conn_cleanup(struct hci_conn *conn) |
142 | { | |
143 | struct hci_dev *hdev = conn->hdev; | |
144 | ||
145 | if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags)) | |
146 | hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type); | |
147 | ||
629f66aa AM |
148 | if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) |
149 | hci_remove_link_key(hdev, &conn->dst); | |
150 | ||
b958f9a3 JH |
151 | hci_chan_list_flush(conn); |
152 | ||
153 | hci_conn_hash_del(hdev, conn); | |
154 | ||
181a42ed ZX |
155 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) |
156 | ida_free(&hdev->unset_handle_ida, conn->handle); | |
157 | ||
26afbd82 LAD |
158 | if (conn->cleanup) |
159 | conn->cleanup(conn); | |
160 | ||
1f8330ea SN |
161 | if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { |
162 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
163 | case SCO_AIRMODE_CVSD: | |
164 | case SCO_AIRMODE_TRANSP: | |
165 | if (hdev->notify) | |
166 | hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO); | |
167 | break; | |
168 | } | |
169 | } else { | |
170 | if (hdev->notify) | |
171 | hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); | |
172 | } | |
b958f9a3 | 173 | |
b958f9a3 JH |
174 | debugfs_remove_recursive(conn->debugfs); |
175 | ||
a85fb91e | 176 | hci_conn_del_sysfs(conn); |
b958f9a3 | 177 | |
a85fb91e | 178 | hci_dev_put(hdev); |
b958f9a3 JH |
179 | } |
180 | ||
e3b679d5 | 181 | int hci_disconnect(struct hci_conn *conn, __u8 reason) |
1da177e4 | 182 | { |
38b3fef1 | 183 | BT_DBG("hcon %p", conn); |
1da177e4 | 184 | |
74be523c | 185 | /* When we are central of an established connection and it enters |
839035a7 JH |
186 | * the disconnect timeout, then go ahead and try to read the |
187 | * current clock offset. Processing of the result is done | |
188 | * within the event handling and hci_clock_offset_evt function. | |
189 | */ | |
88d07feb JH |
190 | if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER && |
191 | (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) { | |
839035a7 | 192 | struct hci_dev *hdev = conn->hdev; |
4f639ede | 193 | struct hci_cp_read_clock_offset clkoff_cp; |
839035a7 | 194 | |
4f639ede FF |
195 | clkoff_cp.handle = cpu_to_le16(conn->handle); |
196 | hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp), | |
197 | &clkoff_cp); | |
839035a7 JH |
198 | } |
199 | ||
88d07feb | 200 | return hci_abort_conn(conn, reason); |
1da177e4 LT |
201 | } |
202 | ||
57f5d0d1 | 203 | static void hci_add_sco(struct hci_conn *conn, __u16 handle) |
1da177e4 LT |
204 | { |
205 | struct hci_dev *hdev = conn->hdev; | |
206 | struct hci_cp_add_sco cp; | |
207 | ||
38b3fef1 | 208 | BT_DBG("hcon %p", conn); |
1da177e4 LT |
209 | |
210 | conn->state = BT_CONNECT; | |
a0c808b3 | 211 | conn->out = true; |
1da177e4 | 212 | |
efc7688b MH |
213 | conn->attempt++; |
214 | ||
aca3192c | 215 | cp.handle = cpu_to_le16(handle); |
a8746417 | 216 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
1da177e4 | 217 | |
a9de9248 | 218 | hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); |
1da177e4 LT |
219 | } |
220 | ||
8b1c324c YL |
221 | static bool find_next_esco_param(struct hci_conn *conn, |
222 | const struct sco_param *esco_param, int size) | |
223 | { | |
06149746 LAD |
224 | if (!conn->parent) |
225 | return false; | |
226 | ||
8b1c324c | 227 | for (; conn->attempt <= size; conn->attempt++) { |
06149746 | 228 | if (lmp_esco_2m_capable(conn->parent) || |
8b1c324c YL |
229 | (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3)) |
230 | break; | |
231 | BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported", | |
232 | conn, conn->attempt); | |
233 | } | |
234 | ||
235 | return conn->attempt <= size; | |
236 | } | |
237 | ||
e07a06b4 | 238 | static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec) |
b2af264a | 239 | { |
e07a06b4 BG |
240 | int err; |
241 | __u8 vnd_len, *vnd_data = NULL; | |
242 | struct hci_op_configure_data_path *cmd = NULL; | |
243 | ||
132d0fd0 ZH |
244 | if (!codec->data_path || !hdev->get_codec_config_data) |
245 | return 0; | |
246 | ||
247 | /* Do not take me as error */ | |
248 | if (!hdev->get_codec_config_data) | |
249 | return 0; | |
250 | ||
e07a06b4 BG |
251 | err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len, |
252 | &vnd_data); | |
253 | if (err < 0) | |
254 | goto error; | |
255 | ||
256 | cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL); | |
257 | if (!cmd) { | |
258 | err = -ENOMEM; | |
259 | goto error; | |
260 | } | |
261 | ||
262 | err = hdev->get_data_path_id(hdev, &cmd->data_path_id); | |
263 | if (err < 0) | |
264 | goto error; | |
265 | ||
266 | cmd->vnd_len = vnd_len; | |
267 | memcpy(cmd->vnd_data, vnd_data, vnd_len); | |
268 | ||
269 | cmd->direction = 0x00; | |
270 | __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, | |
271 | sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT); | |
272 | ||
273 | cmd->direction = 0x01; | |
274 | err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, | |
275 | sizeof(*cmd) + vnd_len, cmd, | |
276 | HCI_CMD_TIMEOUT); | |
277 | error: | |
278 | ||
279 | kfree(cmd); | |
280 | kfree(vnd_data); | |
281 | return err; | |
282 | } | |
283 | ||
284 | static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data) | |
285 | { | |
286 | struct conn_handle_t *conn_handle = data; | |
287 | struct hci_conn *conn = conn_handle->conn; | |
288 | __u16 handle = conn_handle->handle; | |
b2af264a K |
289 | struct hci_cp_enhanced_setup_sync_conn cp; |
290 | const struct sco_param *param; | |
291 | ||
e07a06b4 BG |
292 | kfree(conn_handle); |
293 | ||
b2af264a K |
294 | bt_dev_dbg(hdev, "hcon %p", conn); |
295 | ||
132d0fd0 | 296 | configure_datapath_sync(hdev, &conn->codec); |
9798fbde | 297 | |
b2af264a K |
298 | conn->state = BT_CONNECT; |
299 | conn->out = true; | |
300 | ||
301 | conn->attempt++; | |
302 | ||
303 | memset(&cp, 0x00, sizeof(cp)); | |
304 | ||
305 | cp.handle = cpu_to_le16(handle); | |
306 | ||
307 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); | |
308 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
309 | ||
310 | switch (conn->codec.id) { | |
904c139a K |
311 | case BT_CODEC_MSBC: |
312 | if (!find_next_esco_param(conn, esco_param_msbc, | |
313 | ARRAY_SIZE(esco_param_msbc))) | |
e07a06b4 | 314 | return -EINVAL; |
904c139a K |
315 | |
316 | param = &esco_param_msbc[conn->attempt - 1]; | |
317 | cp.tx_coding_format.id = 0x05; | |
318 | cp.rx_coding_format.id = 0x05; | |
319 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
320 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
321 | cp.in_bandwidth = __cpu_to_le32(32000); | |
322 | cp.out_bandwidth = __cpu_to_le32(32000); | |
323 | cp.in_coding_format.id = 0x04; | |
324 | cp.out_coding_format.id = 0x04; | |
325 | cp.in_coded_data_size = __cpu_to_le16(16); | |
326 | cp.out_coded_data_size = __cpu_to_le16(16); | |
327 | cp.in_pcm_data_format = 2; | |
328 | cp.out_pcm_data_format = 2; | |
329 | cp.in_pcm_sample_payload_msb_pos = 0; | |
330 | cp.out_pcm_sample_payload_msb_pos = 0; | |
331 | cp.in_data_path = conn->codec.data_path; | |
332 | cp.out_data_path = conn->codec.data_path; | |
333 | cp.in_transport_unit_size = 1; | |
334 | cp.out_transport_unit_size = 1; | |
335 | break; | |
336 | ||
b2af264a K |
337 | case BT_CODEC_TRANSPARENT: |
338 | if (!find_next_esco_param(conn, esco_param_msbc, | |
339 | ARRAY_SIZE(esco_param_msbc))) | |
340 | return false; | |
341 | param = &esco_param_msbc[conn->attempt - 1]; | |
342 | cp.tx_coding_format.id = 0x03; | |
343 | cp.rx_coding_format.id = 0x03; | |
344 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
345 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
346 | cp.in_bandwidth = __cpu_to_le32(0x1f40); | |
347 | cp.out_bandwidth = __cpu_to_le32(0x1f40); | |
348 | cp.in_coding_format.id = 0x03; | |
349 | cp.out_coding_format.id = 0x03; | |
350 | cp.in_coded_data_size = __cpu_to_le16(16); | |
351 | cp.out_coded_data_size = __cpu_to_le16(16); | |
352 | cp.in_pcm_data_format = 2; | |
353 | cp.out_pcm_data_format = 2; | |
354 | cp.in_pcm_sample_payload_msb_pos = 0; | |
355 | cp.out_pcm_sample_payload_msb_pos = 0; | |
356 | cp.in_data_path = conn->codec.data_path; | |
357 | cp.out_data_path = conn->codec.data_path; | |
358 | cp.in_transport_unit_size = 1; | |
359 | cp.out_transport_unit_size = 1; | |
360 | break; | |
361 | ||
362 | case BT_CODEC_CVSD: | |
06149746 | 363 | if (conn->parent && lmp_esco_capable(conn->parent)) { |
b2af264a K |
364 | if (!find_next_esco_param(conn, esco_param_cvsd, |
365 | ARRAY_SIZE(esco_param_cvsd))) | |
e07a06b4 | 366 | return -EINVAL; |
b2af264a K |
367 | param = &esco_param_cvsd[conn->attempt - 1]; |
368 | } else { | |
369 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
e07a06b4 | 370 | return -EINVAL; |
b2af264a K |
371 | param = &sco_param_cvsd[conn->attempt - 1]; |
372 | } | |
373 | cp.tx_coding_format.id = 2; | |
374 | cp.rx_coding_format.id = 2; | |
375 | cp.tx_codec_frame_size = __cpu_to_le16(60); | |
376 | cp.rx_codec_frame_size = __cpu_to_le16(60); | |
377 | cp.in_bandwidth = __cpu_to_le32(16000); | |
378 | cp.out_bandwidth = __cpu_to_le32(16000); | |
379 | cp.in_coding_format.id = 4; | |
380 | cp.out_coding_format.id = 4; | |
381 | cp.in_coded_data_size = __cpu_to_le16(16); | |
382 | cp.out_coded_data_size = __cpu_to_le16(16); | |
383 | cp.in_pcm_data_format = 2; | |
384 | cp.out_pcm_data_format = 2; | |
385 | cp.in_pcm_sample_payload_msb_pos = 0; | |
386 | cp.out_pcm_sample_payload_msb_pos = 0; | |
387 | cp.in_data_path = conn->codec.data_path; | |
388 | cp.out_data_path = conn->codec.data_path; | |
389 | cp.in_transport_unit_size = 16; | |
390 | cp.out_transport_unit_size = 16; | |
391 | break; | |
392 | default: | |
e07a06b4 | 393 | return -EINVAL; |
b2af264a K |
394 | } |
395 | ||
396 | cp.retrans_effort = param->retrans_effort; | |
397 | cp.pkt_type = __cpu_to_le16(param->pkt_type); | |
398 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
399 | ||
400 | if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
e07a06b4 | 401 | return -EIO; |
b2af264a | 402 | |
e07a06b4 | 403 | return 0; |
b2af264a K |
404 | } |
405 | ||
406 | static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle) | |
b6a0dc82 MH |
407 | { |
408 | struct hci_dev *hdev = conn->hdev; | |
409 | struct hci_cp_setup_sync_conn cp; | |
2dea632f | 410 | const struct sco_param *param; |
b6a0dc82 | 411 | |
b2af264a | 412 | bt_dev_dbg(hdev, "hcon %p", conn); |
b6a0dc82 MH |
413 | |
414 | conn->state = BT_CONNECT; | |
a0c808b3 | 415 | conn->out = true; |
b6a0dc82 | 416 | |
efc7688b MH |
417 | conn->attempt++; |
418 | ||
b6a0dc82 | 419 | cp.handle = cpu_to_le16(handle); |
b6a0dc82 | 420 | |
dcf4adbf JP |
421 | cp.tx_bandwidth = cpu_to_le32(0x00001f40); |
422 | cp.rx_bandwidth = cpu_to_le32(0x00001f40); | |
10c62ddc FD |
423 | cp.voice_setting = cpu_to_le16(conn->setting); |
424 | ||
425 | switch (conn->setting & SCO_AIRMODE_MASK) { | |
426 | case SCO_AIRMODE_TRANSP: | |
8b1c324c YL |
427 | if (!find_next_esco_param(conn, esco_param_msbc, |
428 | ARRAY_SIZE(esco_param_msbc))) | |
2dea632f | 429 | return false; |
565766b0 | 430 | param = &esco_param_msbc[conn->attempt - 1]; |
10c62ddc FD |
431 | break; |
432 | case SCO_AIRMODE_CVSD: | |
06149746 | 433 | if (conn->parent && lmp_esco_capable(conn->parent)) { |
8b1c324c YL |
434 | if (!find_next_esco_param(conn, esco_param_cvsd, |
435 | ARRAY_SIZE(esco_param_cvsd))) | |
48e68ff5 | 436 | return false; |
48e68ff5 BT |
437 | param = &esco_param_cvsd[conn->attempt - 1]; |
438 | } else { | |
439 | if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) | |
440 | return false; | |
48e68ff5 BT |
441 | param = &sco_param_cvsd[conn->attempt - 1]; |
442 | } | |
10c62ddc | 443 | break; |
2dea632f FD |
444 | default: |
445 | return false; | |
10c62ddc | 446 | } |
b6a0dc82 | 447 | |
c7da5797 | 448 | cp.retrans_effort = param->retrans_effort; |
2dea632f FD |
449 | cp.pkt_type = __cpu_to_le16(param->pkt_type); |
450 | cp.max_latency = __cpu_to_le16(param->max_latency); | |
451 | ||
452 | if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) | |
453 | return false; | |
454 | ||
455 | return true; | |
b6a0dc82 MH |
456 | } |
457 | ||
b2af264a K |
458 | bool hci_setup_sync(struct hci_conn *conn, __u16 handle) |
459 | { | |
e07a06b4 BG |
460 | int result; |
461 | struct conn_handle_t *conn_handle; | |
462 | ||
463 | if (enhanced_sync_conn_capable(conn->hdev)) { | |
464 | conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL); | |
465 | ||
466 | if (!conn_handle) | |
467 | return false; | |
468 | ||
469 | conn_handle->conn = conn; | |
470 | conn_handle->handle = handle; | |
471 | result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync, | |
472 | conn_handle, NULL); | |
473 | if (result < 0) | |
474 | kfree(conn_handle); | |
475 | ||
476 | return result == 0; | |
477 | } | |
b2af264a K |
478 | |
479 | return hci_setup_sync_conn(conn, handle); | |
480 | } | |
481 | ||
7d6ca693 JH |
482 | u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, |
483 | u16 to_multiplier) | |
2ce603eb | 484 | { |
2ce603eb | 485 | struct hci_dev *hdev = conn->hdev; |
f044eb05 MH |
486 | struct hci_conn_params *params; |
487 | struct hci_cp_le_conn_update cp; | |
2ce603eb | 488 | |
f044eb05 | 489 | hci_dev_lock(hdev); |
2ce603eb | 490 | |
f044eb05 MH |
491 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
492 | if (params) { | |
493 | params->conn_min_interval = min; | |
494 | params->conn_max_interval = max; | |
495 | params->conn_latency = latency; | |
496 | params->supervision_timeout = to_multiplier; | |
497 | } | |
498 | ||
499 | hci_dev_unlock(hdev); | |
500 | ||
501 | memset(&cp, 0, sizeof(cp)); | |
2ce603eb CT |
502 | cp.handle = cpu_to_le16(conn->handle); |
503 | cp.conn_interval_min = cpu_to_le16(min); | |
504 | cp.conn_interval_max = cpu_to_le16(max); | |
505 | cp.conn_latency = cpu_to_le16(latency); | |
506 | cp.supervision_timeout = cpu_to_le16(to_multiplier); | |
dcf4adbf JP |
507 | cp.min_ce_len = cpu_to_le16(0x0000); |
508 | cp.max_ce_len = cpu_to_le16(0x0000); | |
2ce603eb CT |
509 | |
510 | hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); | |
7d6ca693 JH |
511 | |
512 | if (params) | |
513 | return 0x01; | |
514 | ||
515 | return 0x00; | |
2ce603eb | 516 | } |
2ce603eb | 517 | |
fe39c7b2 | 518 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, |
8b76ce34 | 519 | __u8 ltk[16], __u8 key_size) |
a7a595f6 VCG |
520 | { |
521 | struct hci_dev *hdev = conn->hdev; | |
522 | struct hci_cp_le_start_enc cp; | |
523 | ||
38b3fef1 | 524 | BT_DBG("hcon %p", conn); |
a7a595f6 VCG |
525 | |
526 | memset(&cp, 0, sizeof(cp)); | |
527 | ||
528 | cp.handle = cpu_to_le16(conn->handle); | |
fe39c7b2 | 529 | cp.rand = rand; |
a7a595f6 | 530 | cp.ediv = ediv; |
8b76ce34 | 531 | memcpy(cp.ltk, ltk, key_size); |
a7a595f6 VCG |
532 | |
533 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); | |
534 | } | |
a7a595f6 | 535 | |
e73439d8 MH |
536 | /* Device _must_ be locked */ |
537 | void hci_sco_setup(struct hci_conn *conn, __u8 status) | |
538 | { | |
06149746 | 539 | struct hci_link *link; |
e73439d8 | 540 | |
06149746 LAD |
541 | link = list_first_entry_or_null(&conn->link_list, struct hci_link, list); |
542 | if (!link || !link->conn) | |
e73439d8 MH |
543 | return; |
544 | ||
38b3fef1 AE |
545 | BT_DBG("hcon %p", conn); |
546 | ||
e73439d8 MH |
547 | if (!status) { |
548 | if (lmp_esco_capable(conn->hdev)) | |
06149746 | 549 | hci_setup_sync(link->conn, conn->handle); |
e73439d8 | 550 | else |
06149746 | 551 | hci_add_sco(link->conn, conn->handle); |
e73439d8 | 552 | } else { |
06149746 LAD |
553 | hci_connect_cfm(link->conn, status); |
554 | hci_conn_del(link->conn); | |
e73439d8 MH |
555 | } |
556 | } | |
557 | ||
19c40e3b | 558 | static void hci_conn_timeout(struct work_struct *work) |
1da177e4 | 559 | { |
19c40e3b | 560 | struct hci_conn *conn = container_of(work, struct hci_conn, |
5974e4c4 | 561 | disc_work.work); |
1d56dc4f | 562 | int refcnt = atomic_read(&conn->refcnt); |
1da177e4 | 563 | |
38b3fef1 | 564 | BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); |
1da177e4 | 565 | |
1d56dc4f LR |
566 | WARN_ON(refcnt < 0); |
567 | ||
568 | /* FIXME: It was observed that in pairing failed scenario, refcnt | |
569 | * drops below 0. Probably this is because l2cap_conn_del calls | |
570 | * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is | |
571 | * dropped. After that loop hci_chan_del is called which also drops | |
572 | * conn. For now make sure that ACL is alive if refcnt is higher then 0, | |
573 | * otherwise drop it. | |
574 | */ | |
575 | if (refcnt > 0) | |
1da177e4 LT |
576 | return; |
577 | ||
89e0ccc8 | 578 | hci_abort_conn(conn, hci_proto_disconn_ind(conn)); |
1da177e4 LT |
579 | } |
580 | ||
416dc94b | 581 | /* Enter sniff mode */ |
a74a84f6 | 582 | static void hci_conn_idle(struct work_struct *work) |
416dc94b | 583 | { |
a74a84f6 JH |
584 | struct hci_conn *conn = container_of(work, struct hci_conn, |
585 | idle_work.work); | |
416dc94b GP |
586 | struct hci_dev *hdev = conn->hdev; |
587 | ||
38b3fef1 | 588 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
416dc94b | 589 | |
416dc94b GP |
590 | if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) |
591 | return; | |
592 | ||
593 | if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) | |
594 | return; | |
595 | ||
596 | if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { | |
597 | struct hci_cp_sniff_subrate cp; | |
598 | cp.handle = cpu_to_le16(conn->handle); | |
dcf4adbf JP |
599 | cp.max_latency = cpu_to_le16(0); |
600 | cp.min_remote_timeout = cpu_to_le16(0); | |
601 | cp.min_local_timeout = cpu_to_le16(0); | |
416dc94b GP |
602 | hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); |
603 | } | |
604 | ||
51a8efd7 | 605 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
416dc94b GP |
606 | struct hci_cp_sniff_mode cp; |
607 | cp.handle = cpu_to_le16(conn->handle); | |
608 | cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); | |
609 | cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); | |
dcf4adbf JP |
610 | cp.attempt = cpu_to_le16(4); |
611 | cp.timeout = cpu_to_le16(1); | |
416dc94b GP |
612 | hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); |
613 | } | |
614 | } | |
615 | ||
7bc18d9d | 616 | static void hci_conn_auto_accept(struct work_struct *work) |
9f61656a | 617 | { |
7bc18d9d JH |
618 | struct hci_conn *conn = container_of(work, struct hci_conn, |
619 | auto_accept_work.work); | |
9f61656a | 620 | |
7bc18d9d | 621 | hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), |
5974e4c4 | 622 | &conn->dst); |
9f61656a JH |
623 | } |
624 | ||
c3bed4de SN |
625 | static void le_disable_advertising(struct hci_dev *hdev) |
626 | { | |
627 | if (ext_adv_capable(hdev)) { | |
628 | struct hci_cp_le_set_ext_adv_enable cp; | |
629 | ||
630 | cp.enable = 0x00; | |
631 | cp.num_of_sets = 0x00; | |
632 | ||
633 | hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), | |
634 | &cp); | |
635 | } else { | |
636 | u8 enable = 0x00; | |
637 | hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), | |
638 | &enable); | |
639 | } | |
640 | } | |
641 | ||
9489eca4 JH |
642 | static void le_conn_timeout(struct work_struct *work) |
643 | { | |
644 | struct hci_conn *conn = container_of(work, struct hci_conn, | |
645 | le_conn_timeout.work); | |
3c857757 | 646 | struct hci_dev *hdev = conn->hdev; |
9489eca4 JH |
647 | |
648 | BT_DBG(""); | |
649 | ||
3c857757 JH |
650 | /* We could end up here due to having done directed advertising, |
651 | * so clean up the state if necessary. This should however only | |
652 | * happen with broken hardware or if low duty cycle was used | |
653 | * (which doesn't have a timeout of its own). | |
654 | */ | |
0b1db38c | 655 | if (conn->role == HCI_ROLE_SLAVE) { |
c3bed4de SN |
656 | /* Disable LE Advertising */ |
657 | le_disable_advertising(hdev); | |
9fa6b4cd | 658 | hci_dev_lock(hdev); |
9b3628d7 | 659 | hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); |
9fa6b4cd | 660 | hci_dev_unlock(hdev); |
3c857757 JH |
661 | return; |
662 | } | |
663 | ||
89e0ccc8 | 664 | hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); |
9489eca4 JH |
665 | } |
666 | ||
6b9545dc PV |
667 | struct iso_cig_params { |
668 | struct hci_cp_le_set_cig_params cp; | |
669 | struct hci_cis_params cis[0x1f]; | |
670 | }; | |
671 | ||
eca0ae4a LAD |
672 | struct iso_list_data { |
673 | union { | |
674 | u8 cig; | |
675 | u8 big; | |
676 | }; | |
677 | union { | |
678 | u8 cis; | |
679 | u8 bis; | |
680 | u16 sync_handle; | |
681 | }; | |
682 | int count; | |
a0bfde16 | 683 | bool big_term; |
fbdc4bc4 | 684 | bool pa_sync_term; |
f777d882 | 685 | bool big_sync_term; |
eca0ae4a LAD |
686 | }; |
687 | ||
688 | static void bis_list(struct hci_conn *conn, void *data) | |
689 | { | |
690 | struct iso_list_data *d = data; | |
691 | ||
692 | /* Skip if not broadcast/ANY address */ | |
693 | if (bacmp(&conn->dst, BDADDR_ANY)) | |
694 | return; | |
695 | ||
0fe8c8d0 IT |
696 | if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET || |
697 | d->bis != conn->iso_qos.bcast.bis) | |
eca0ae4a LAD |
698 | return; |
699 | ||
700 | d->count++; | |
701 | } | |
702 | ||
eca0ae4a LAD |
703 | static int terminate_big_sync(struct hci_dev *hdev, void *data) |
704 | { | |
705 | struct iso_list_data *d = data; | |
706 | ||
707 | bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis); | |
708 | ||
a254b90c | 709 | hci_disable_per_advertising_sync(hdev, d->bis); |
eca0ae4a LAD |
710 | hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL); |
711 | ||
a0bfde16 IT |
712 | /* Only terminate BIG if it has been created */ |
713 | if (!d->big_term) | |
eca0ae4a LAD |
714 | return 0; |
715 | ||
716 | return hci_le_terminate_big_sync(hdev, d->big, | |
717 | HCI_ERROR_LOCAL_HOST_TERM); | |
718 | } | |
719 | ||
720 | static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err) | |
721 | { | |
722 | kfree(data); | |
723 | } | |
724 | ||
a0bfde16 | 725 | static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn) |
eca0ae4a LAD |
726 | { |
727 | struct iso_list_data *d; | |
3aa21311 | 728 | int ret; |
eca0ae4a | 729 | |
a0bfde16 IT |
730 | bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big, |
731 | conn->iso_qos.bcast.bis); | |
eca0ae4a | 732 | |
3958e877 | 733 | d = kzalloc(sizeof(*d), GFP_KERNEL); |
eca0ae4a LAD |
734 | if (!d) |
735 | return -ENOMEM; | |
736 | ||
a0bfde16 IT |
737 | d->big = conn->iso_qos.bcast.big; |
738 | d->bis = conn->iso_qos.bcast.bis; | |
739 | d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags); | |
eca0ae4a | 740 | |
3aa21311 ZS |
741 | ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d, |
742 | terminate_big_destroy); | |
743 | if (ret) | |
744 | kfree(d); | |
745 | ||
746 | return ret; | |
eca0ae4a LAD |
747 | } |
748 | ||
749 | static int big_terminate_sync(struct hci_dev *hdev, void *data) | |
750 | { | |
751 | struct iso_list_data *d = data; | |
752 | ||
753 | bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big, | |
754 | d->sync_handle); | |
755 | ||
f777d882 IT |
756 | if (d->big_sync_term) |
757 | hci_le_big_terminate_sync(hdev, d->big); | |
eca0ae4a | 758 | |
fbdc4bc4 IT |
759 | if (d->pa_sync_term) |
760 | return hci_le_pa_terminate_sync(hdev, d->sync_handle); | |
761 | ||
762 | return 0; | |
eca0ae4a LAD |
763 | } |
764 | ||
fcb89f12 IT |
765 | static void find_bis(struct hci_conn *conn, void *data) |
766 | { | |
767 | struct iso_list_data *d = data; | |
768 | ||
769 | /* Ignore if BIG doesn't match */ | |
770 | if (d->big != conn->iso_qos.bcast.big) | |
771 | return; | |
772 | ||
773 | d->count++; | |
774 | } | |
775 | ||
f777d882 | 776 | static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn) |
eca0ae4a LAD |
777 | { |
778 | struct iso_list_data *d; | |
3aa21311 | 779 | int ret; |
eca0ae4a | 780 | |
f777d882 | 781 | bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle); |
eca0ae4a | 782 | |
3958e877 | 783 | d = kzalloc(sizeof(*d), GFP_KERNEL); |
eca0ae4a LAD |
784 | if (!d) |
785 | return -ENOMEM; | |
786 | ||
fcb89f12 | 787 | memset(d, 0, sizeof(*d)); |
eca0ae4a | 788 | d->big = big; |
f777d882 | 789 | d->sync_handle = conn->sync_handle; |
fcb89f12 IT |
790 | |
791 | if (test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags)) { | |
792 | hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK, | |
793 | HCI_CONN_PA_SYNC, d); | |
794 | ||
795 | if (!d->count) | |
796 | d->pa_sync_term = true; | |
797 | ||
798 | d->count = 0; | |
799 | } | |
800 | ||
801 | if (test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags)) { | |
802 | hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK, | |
803 | HCI_CONN_BIG_SYNC, d); | |
804 | ||
805 | if (!d->count) | |
806 | d->big_sync_term = true; | |
807 | } | |
eca0ae4a | 808 | |
3aa21311 ZS |
809 | ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d, |
810 | terminate_big_destroy); | |
811 | if (ret) | |
812 | kfree(d); | |
813 | ||
814 | return ret; | |
eca0ae4a LAD |
815 | } |
816 | ||
817 | /* Cleanup BIS connection | |
818 | * | |
819 | * Detects if there any BIS left connected in a BIG | |
820 | * broadcaster: Remove advertising instance and terminate BIG. | |
821 | * broadcaster receiver: Teminate BIG sync and terminate PA sync. | |
822 | */ | |
823 | static void bis_cleanup(struct hci_conn *conn) | |
824 | { | |
825 | struct hci_dev *hdev = conn->hdev; | |
a0bfde16 | 826 | struct hci_conn *bis; |
eca0ae4a LAD |
827 | |
828 | bt_dev_dbg(hdev, "conn %p", conn); | |
829 | ||
830 | if (conn->role == HCI_ROLE_MASTER) { | |
831 | if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags)) | |
832 | return; | |
833 | ||
a0bfde16 IT |
834 | /* Check if ISO connection is a BIS and terminate advertising |
835 | * set and BIG if there are no other connections using it. | |
836 | */ | |
6a42e9bf | 837 | bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big); |
a0bfde16 IT |
838 | if (bis) |
839 | return; | |
840 | ||
841 | hci_le_terminate_big(hdev, conn); | |
eca0ae4a | 842 | } else { |
0fe8c8d0 | 843 | hci_le_big_terminate(hdev, conn->iso_qos.bcast.big, |
f777d882 | 844 | conn); |
eca0ae4a LAD |
845 | } |
846 | } | |
847 | ||
848 | static int remove_cig_sync(struct hci_dev *hdev, void *data) | |
849 | { | |
a1f6c3ae | 850 | u8 handle = PTR_UINT(data); |
eca0ae4a LAD |
851 | |
852 | return hci_le_remove_cig_sync(hdev, handle); | |
853 | } | |
854 | ||
855 | static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle) | |
856 | { | |
857 | bt_dev_dbg(hdev, "handle 0x%2.2x", handle); | |
858 | ||
a1f6c3ae LAD |
859 | return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle), |
860 | NULL); | |
eca0ae4a LAD |
861 | } |
862 | ||
863 | static void find_cis(struct hci_conn *conn, void *data) | |
864 | { | |
865 | struct iso_list_data *d = data; | |
866 | ||
31c5f916 PV |
867 | /* Ignore broadcast or if CIG don't match */ |
868 | if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig) | |
eca0ae4a LAD |
869 | return; |
870 | ||
871 | d->count++; | |
872 | } | |
873 | ||
874 | /* Cleanup CIS connection: | |
875 | * | |
876 | * Detects if there any CIS left connected in a CIG and remove it. | |
877 | */ | |
878 | static void cis_cleanup(struct hci_conn *conn) | |
879 | { | |
880 | struct hci_dev *hdev = conn->hdev; | |
881 | struct iso_list_data d; | |
882 | ||
31c5f916 PV |
883 | if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET) |
884 | return; | |
885 | ||
eca0ae4a | 886 | memset(&d, 0, sizeof(d)); |
0fe8c8d0 | 887 | d.cig = conn->iso_qos.ucast.cig; |
eca0ae4a LAD |
888 | |
889 | /* Check if ISO connection is a CIS and remove CIG if there are | |
890 | * no other connections using it. | |
891 | */ | |
6c242c64 PV |
892 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d); |
893 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d); | |
eca0ae4a LAD |
894 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d); |
895 | if (d.count) | |
896 | return; | |
897 | ||
0fe8c8d0 | 898 | hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig); |
eca0ae4a LAD |
899 | } |
900 | ||
181a42ed | 901 | static int hci_conn_hash_alloc_unset(struct hci_dev *hdev) |
9f78191c | 902 | { |
181a42ed ZX |
903 | return ida_alloc_range(&hdev->unset_handle_ida, HCI_CONN_HANDLE_MAX + 1, |
904 | U16_MAX, GFP_ATOMIC); | |
9f78191c LAD |
905 | } |
906 | ||
a5c4e309 | 907 | struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, |
181a42ed | 908 | u8 role, u16 handle) |
1da177e4 LT |
909 | { |
910 | struct hci_conn *conn; | |
911 | ||
181a42ed | 912 | bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); |
1da177e4 | 913 | |
27f70f3e | 914 | conn = kzalloc(sizeof(*conn), GFP_KERNEL); |
04837f64 | 915 | if (!conn) |
1da177e4 | 916 | return NULL; |
1da177e4 LT |
917 | |
918 | bacpy(&conn->dst, dst); | |
662e8820 | 919 | bacpy(&conn->src, &hdev->bdaddr); |
181a42ed | 920 | conn->handle = handle; |
a8746417 MH |
921 | conn->hdev = hdev; |
922 | conn->type = type; | |
a5c4e309 | 923 | conn->role = role; |
a8746417 MH |
924 | conn->mode = HCI_CM_ACTIVE; |
925 | conn->state = BT_OPEN; | |
93f19c9f | 926 | conn->auth_type = HCI_AT_GENERAL_BONDING; |
17fa4b9d | 927 | conn->io_capability = hdev->io_capability; |
a9583556 | 928 | conn->remote_auth = 0xff; |
13d39315 | 929 | conn->key_type = 0xff; |
ebf86aa3 | 930 | conn->rssi = HCI_RSSI_INVALID; |
5a134fae | 931 | conn->tx_power = HCI_TX_POWER_INVALID; |
d0455ed9 | 932 | conn->max_tx_power = HCI_TX_POWER_INVALID; |
1d11d70d | 933 | conn->sync_handle = HCI_SYNC_HANDLE_INVALID; |
1da177e4 | 934 | |
58a681ef | 935 | set_bit(HCI_CONN_POWER_SAVE, &conn->flags); |
052b30b0 | 936 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
04837f64 | 937 | |
302975cb SRK |
938 | /* Set Default Authenticated payload timeout to 30s */ |
939 | conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; | |
940 | ||
a5c4e309 JH |
941 | if (conn->role == HCI_ROLE_MASTER) |
942 | conn->out = true; | |
943 | ||
a8746417 MH |
944 | switch (type) { |
945 | case ACL_LINK: | |
946 | conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; | |
947 | break; | |
9c84d1da | 948 | case LE_LINK: |
eca0ae4a LAD |
949 | /* conn->src should reflect the local identity address */ |
950 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
951 | break; | |
26afbd82 | 952 | case ISO_LINK: |
9c84d1da JH |
953 | /* conn->src should reflect the local identity address */ |
954 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | |
eca0ae4a LAD |
955 | |
956 | /* set proper cleanup function */ | |
957 | if (!bacmp(dst, BDADDR_ANY)) | |
958 | conn->cleanup = bis_cleanup; | |
959 | else if (conn->role == HCI_ROLE_MASTER) | |
960 | conn->cleanup = cis_cleanup; | |
961 | ||
9c84d1da | 962 | break; |
a8746417 MH |
963 | case SCO_LINK: |
964 | if (lmp_esco_capable(hdev)) | |
efc7688b MH |
965 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
966 | (hdev->esco_type & EDR_ESCO_MASK); | |
a8746417 MH |
967 | else |
968 | conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; | |
969 | break; | |
970 | case ESCO_LINK: | |
efc7688b | 971 | conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; |
a8746417 MH |
972 | break; |
973 | } | |
974 | ||
1da177e4 | 975 | skb_queue_head_init(&conn->data_q); |
04837f64 | 976 | |
70c1f20b | 977 | INIT_LIST_HEAD(&conn->chan_list); |
06149746 | 978 | INIT_LIST_HEAD(&conn->link_list); |
73d80deb | 979 | |
19c40e3b | 980 | INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); |
7bc18d9d | 981 | INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); |
a74a84f6 | 982 | INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); |
9489eca4 | 983 | INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); |
1da177e4 LT |
984 | |
985 | atomic_set(&conn->refcnt, 0); | |
986 | ||
987 | hci_dev_hold(hdev); | |
988 | ||
1da177e4 | 989 | hci_conn_hash_add(hdev, conn); |
1f8330ea SN |
990 | |
991 | /* The SCO and eSCO connections will only be notified when their | |
992 | * setup has been completed. This is different to ACL links which | |
993 | * can be notified right away. | |
994 | */ | |
995 | if (conn->type != SCO_LINK && conn->type != ESCO_LINK) { | |
996 | if (hdev->notify) | |
997 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); | |
998 | } | |
1da177e4 | 999 | |
a67e899c MH |
1000 | hci_conn_init_sysfs(conn); |
1001 | ||
1da177e4 LT |
1002 | return conn; |
1003 | } | |
1004 | ||
181a42ed ZX |
1005 | struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, |
1006 | bdaddr_t *dst, u8 role) | |
1007 | { | |
1008 | int handle; | |
1009 | ||
1010 | bt_dev_dbg(hdev, "dst %pMR", dst); | |
1011 | ||
1012 | handle = hci_conn_hash_alloc_unset(hdev); | |
1013 | if (unlikely(handle < 0)) | |
1014 | return NULL; | |
1015 | ||
1016 | return hci_conn_add(hdev, type, dst, role, handle); | |
1017 | } | |
1018 | ||
3344d318 PV |
1019 | static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason) |
1020 | { | |
1021 | if (!reason) | |
1022 | reason = HCI_ERROR_REMOTE_USER_TERM; | |
1023 | ||
1024 | /* Due to race, SCO/ISO conn might be not established yet at this point, | |
1025 | * and nothing else will clean it up. In other cases it is done via HCI | |
1026 | * events. | |
1027 | */ | |
1028 | switch (conn->type) { | |
1029 | case SCO_LINK: | |
1030 | case ESCO_LINK: | |
1031 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) | |
1032 | hci_conn_failed(conn, reason); | |
1033 | break; | |
1034 | case ISO_LINK: | |
fa224d0c IT |
1035 | if ((conn->state != BT_CONNECTED && |
1036 | !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) || | |
1037 | test_bit(HCI_CONN_BIG_CREATED, &conn->flags)) | |
3344d318 PV |
1038 | hci_conn_failed(conn, reason); |
1039 | break; | |
1040 | } | |
1041 | } | |
1042 | ||
06149746 | 1043 | static void hci_conn_unlink(struct hci_conn *conn) |
5dc7d23e | 1044 | { |
06149746 LAD |
1045 | struct hci_dev *hdev = conn->hdev; |
1046 | ||
1047 | bt_dev_dbg(hdev, "hcon %p", conn); | |
1048 | ||
1049 | if (!conn->parent) { | |
1050 | struct hci_link *link, *t; | |
1051 | ||
ca1fd42e RL |
1052 | list_for_each_entry_safe(link, t, &conn->link_list, list) { |
1053 | struct hci_conn *child = link->conn; | |
1054 | ||
1055 | hci_conn_unlink(child); | |
1056 | ||
a2ac591c RL |
1057 | /* If hdev is down it means |
1058 | * hci_dev_close_sync/hci_conn_hash_flush is in progress | |
1059 | * and links don't need to be cleanup as all connections | |
1060 | * would be cleanup. | |
1061 | */ | |
1062 | if (!test_bit(HCI_UP, &hdev->flags)) | |
1063 | continue; | |
1064 | ||
3344d318 | 1065 | hci_conn_cleanup_child(child, conn->abort_reason); |
ca1fd42e | 1066 | } |
06149746 LAD |
1067 | |
1068 | return; | |
1069 | } | |
1070 | ||
5dc7d23e | 1071 | if (!conn->link) |
06149746 | 1072 | return; |
5dc7d23e | 1073 | |
06149746 LAD |
1074 | list_del_rcu(&conn->link->list); |
1075 | synchronize_rcu(); | |
1076 | ||
a2904d28 | 1077 | hci_conn_drop(conn->parent); |
2910431a RL |
1078 | hci_conn_put(conn->parent); |
1079 | conn->parent = NULL; | |
1080 | ||
06149746 | 1081 | kfree(conn->link); |
5dc7d23e | 1082 | conn->link = NULL; |
5dc7d23e LAD |
1083 | } |
1084 | ||
a2ac591c | 1085 | void hci_conn_del(struct hci_conn *conn) |
1da177e4 LT |
1086 | { |
1087 | struct hci_dev *hdev = conn->hdev; | |
1088 | ||
38b3fef1 | 1089 | BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle); |
1da177e4 | 1090 | |
a2904d28 RL |
1091 | hci_conn_unlink(conn); |
1092 | ||
19c40e3b | 1093 | cancel_delayed_work_sync(&conn->disc_work); |
7bc18d9d | 1094 | cancel_delayed_work_sync(&conn->auto_accept_work); |
a74a84f6 | 1095 | cancel_delayed_work_sync(&conn->idle_work); |
9f61656a | 1096 | |
5b7f9909 | 1097 | if (conn->type == ACL_LINK) { |
1da177e4 LT |
1098 | /* Unacked frames */ |
1099 | hdev->acl_cnt += conn->sent; | |
6ed58ec5 | 1100 | } else if (conn->type == LE_LINK) { |
980ffc0a | 1101 | cancel_delayed_work(&conn->le_conn_timeout); |
9489eca4 | 1102 | |
6ed58ec5 VT |
1103 | if (hdev->le_pkts) |
1104 | hdev->le_cnt += conn->sent; | |
1105 | else | |
1106 | hdev->acl_cnt += conn->sent; | |
5b7f9909 | 1107 | } else { |
5638d9ea LAD |
1108 | /* Unacked ISO frames */ |
1109 | if (conn->type == ISO_LINK) { | |
1110 | if (hdev->iso_pkts) | |
1111 | hdev->iso_cnt += conn->sent; | |
1112 | else if (hdev->le_pkts) | |
1113 | hdev->le_cnt += conn->sent; | |
1114 | else | |
1115 | hdev->acl_cnt += conn->sent; | |
1116 | } | |
1da177e4 LT |
1117 | } |
1118 | ||
1da177e4 | 1119 | skb_queue_purge(&conn->data_q); |
1da177e4 | 1120 | |
b958f9a3 JH |
1121 | /* Remove the connection from the list and cleanup its remaining |
1122 | * state. This is a separate function since for some cases like | |
1123 | * BT_CONNECT_SCAN we *only* want the cleanup part without the | |
1124 | * rest of hci_conn_del. | |
1125 | */ | |
1126 | hci_conn_cleanup(conn); | |
881559af LAD |
1127 | |
1128 | /* Dequeue callbacks using connection pointer as data */ | |
1129 | hci_cmd_sync_dequeue(hdev, NULL, conn, NULL); | |
1da177e4 LT |
1130 | } |
1131 | ||
39385cb5 | 1132 | struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type) |
1da177e4 LT |
1133 | { |
1134 | int use_src = bacmp(src, BDADDR_ANY); | |
8035ded4 | 1135 | struct hci_dev *hdev = NULL, *d; |
1da177e4 | 1136 | |
6ed93dc6 | 1137 | BT_DBG("%pMR -> %pMR", src, dst); |
1da177e4 | 1138 | |
f20d09d5 | 1139 | read_lock(&hci_dev_list_lock); |
1da177e4 | 1140 | |
8035ded4 | 1141 | list_for_each_entry(d, &hci_dev_list, list) { |
8fc9ced3 | 1142 | if (!test_bit(HCI_UP, &d->flags) || |
d7a5a11d | 1143 | hci_dev_test_flag(d, HCI_USER_CHANNEL) || |
ca8bee5d | 1144 | d->dev_type != HCI_PRIMARY) |
1da177e4 LT |
1145 | continue; |
1146 | ||
8e87d142 | 1147 | /* Simple routing: |
1da177e4 LT |
1148 | * No source address - find interface with bdaddr != dst |
1149 | * Source address - find interface with bdaddr == src | |
1150 | */ | |
1151 | ||
1152 | if (use_src) { | |
39385cb5 JH |
1153 | bdaddr_t id_addr; |
1154 | u8 id_addr_type; | |
1155 | ||
1156 | if (src_type == BDADDR_BREDR) { | |
1157 | if (!lmp_bredr_capable(d)) | |
1158 | continue; | |
1159 | bacpy(&id_addr, &d->bdaddr); | |
1160 | id_addr_type = BDADDR_BREDR; | |
1161 | } else { | |
1162 | if (!lmp_le_capable(d)) | |
1163 | continue; | |
1164 | ||
1165 | hci_copy_identity_address(d, &id_addr, | |
1166 | &id_addr_type); | |
1167 | ||
1168 | /* Convert from HCI to three-value type */ | |
1169 | if (id_addr_type == ADDR_LE_DEV_PUBLIC) | |
1170 | id_addr_type = BDADDR_LE_PUBLIC; | |
1171 | else | |
1172 | id_addr_type = BDADDR_LE_RANDOM; | |
1173 | } | |
1174 | ||
1175 | if (!bacmp(&id_addr, src) && id_addr_type == src_type) { | |
1da177e4 LT |
1176 | hdev = d; break; |
1177 | } | |
1178 | } else { | |
1179 | if (bacmp(&d->bdaddr, dst)) { | |
1180 | hdev = d; break; | |
1181 | } | |
1182 | } | |
1183 | } | |
1184 | ||
1185 | if (hdev) | |
1186 | hdev = hci_dev_hold(hdev); | |
1187 | ||
f20d09d5 | 1188 | read_unlock(&hci_dev_list_lock); |
1da177e4 LT |
1189 | return hdev; |
1190 | } | |
1191 | EXPORT_SYMBOL(hci_get_route); | |
1192 | ||
9bb3c01f | 1193 | /* This function requires the caller holds hdev->lock */ |
9b3628d7 | 1194 | static void hci_le_conn_failed(struct hci_conn *conn, u8 status) |
9bb3c01f AG |
1195 | { |
1196 | struct hci_dev *hdev = conn->hdev; | |
f161dd41 | 1197 | |
19cf60bf | 1198 | hci_connect_le_scan_cleanup(conn, status); |
3c857757 | 1199 | |
abfeea47 | 1200 | /* Enable advertising in case this was a failed connection |
3c857757 JH |
1201 | * attempt as a peripheral. |
1202 | */ | |
abfeea47 | 1203 | hci_enable_advertising(hdev); |
9bb3c01f AG |
1204 | } |
1205 | ||
9b3628d7 LAD |
1206 | /* This function requires the caller holds hdev->lock */ |
1207 | void hci_conn_failed(struct hci_conn *conn, u8 status) | |
1208 | { | |
1209 | struct hci_dev *hdev = conn->hdev; | |
1210 | ||
1211 | bt_dev_dbg(hdev, "status 0x%2.2x", status); | |
1212 | ||
1213 | switch (conn->type) { | |
1214 | case LE_LINK: | |
1215 | hci_le_conn_failed(conn, status); | |
1216 | break; | |
1217 | case ACL_LINK: | |
1218 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | |
1219 | conn->dst_type, status); | |
1220 | break; | |
1221 | } | |
1222 | ||
a254b90c IT |
1223 | /* In case of BIG/PA sync failed, clear conn flags so that |
1224 | * the conns will be correctly cleaned up by ISO layer | |
1225 | */ | |
1226 | test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags); | |
1227 | test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags); | |
1228 | ||
9b3628d7 LAD |
1229 | conn->state = BT_CLOSED; |
1230 | hci_connect_cfm(conn, status); | |
1231 | hci_conn_del(conn); | |
1232 | } | |
1233 | ||
16e3b642 LAD |
1234 | /* This function requires the caller holds hdev->lock */ |
1235 | u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle) | |
1236 | { | |
1237 | struct hci_dev *hdev = conn->hdev; | |
1238 | ||
1239 | bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle); | |
1240 | ||
1241 | if (conn->handle == handle) | |
1242 | return 0; | |
1243 | ||
1244 | if (handle > HCI_CONN_HANDLE_MAX) { | |
1245 | bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x", | |
1246 | handle, HCI_CONN_HANDLE_MAX); | |
1247 | return HCI_ERROR_INVALID_PARAMETERS; | |
1248 | } | |
1249 | ||
1250 | /* If abort_reason has been sent it means the connection is being | |
1251 | * aborted and the handle shall not be changed. | |
1252 | */ | |
1253 | if (conn->abort_reason) | |
1254 | return conn->abort_reason; | |
1255 | ||
181a42ed ZX |
1256 | if (HCI_CONN_HANDLE_UNSET(conn->handle)) |
1257 | ida_free(&hdev->unset_handle_ida, conn->handle); | |
1258 | ||
16e3b642 LAD |
1259 | conn->handle = handle; |
1260 | ||
1261 | return 0; | |
1262 | } | |
1263 | ||
04a6c589 | 1264 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, |
d850bf08 | 1265 | u8 dst_type, bool dst_resolved, u8 sec_level, |
8e8b92ee | 1266 | u16 conn_timeout, u8 role) |
1da177e4 | 1267 | { |
e2caced4 | 1268 | struct hci_conn *conn; |
1ebfcc1f | 1269 | struct smp_irk *irk; |
1d399ae5 | 1270 | int err; |
1da177e4 | 1271 | |
152d386e | 1272 | /* Let's make sure that le is enabled.*/ |
d7a5a11d | 1273 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { |
152d386e LR |
1274 | if (lmp_le_capable(hdev)) |
1275 | return ERR_PTR(-ECONNREFUSED); | |
1276 | ||
1277 | return ERR_PTR(-EOPNOTSUPP); | |
1278 | } | |
1279 | ||
658aead9 JH |
1280 | /* Since the controller supports only one LE connection attempt at a |
1281 | * time, we return -EBUSY if there is any connection attempt running. | |
1282 | */ | |
1283 | if (hci_lookup_le_connect(hdev)) | |
1284 | return ERR_PTR(-EBUSY); | |
1285 | ||
e2caced4 JH |
1286 | /* If there's already a connection object but it's not in |
1287 | * scanning state it means it must already be established, in | |
1288 | * which case we can't do anything else except report a failure | |
1289 | * to connect. | |
620ad521 | 1290 | */ |
9d4c1cc1 | 1291 | conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); |
e2caced4 JH |
1292 | if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) { |
1293 | return ERR_PTR(-EBUSY); | |
620ad521 | 1294 | } |
dfc94dbd | 1295 | |
d850bf08 LAD |
1296 | /* Check if the destination address has been resolved by the controller |
1297 | * since if it did then the identity address shall be used. | |
edb4b466 | 1298 | */ |
d850bf08 LAD |
1299 | if (!dst_resolved) { |
1300 | /* When given an identity address with existing identity | |
1301 | * resolving key, the connection needs to be established | |
1302 | * to a resolvable random address. | |
1303 | * | |
1304 | * Storing the resolvable random address is required here | |
1305 | * to handle connection failures. The address will later | |
1306 | * be resolved back into the original identity address | |
1307 | * from the connect request. | |
1308 | */ | |
1309 | irk = hci_find_irk_by_addr(hdev, dst, dst_type); | |
1310 | if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { | |
1311 | dst = &irk->rpa; | |
1312 | dst_type = ADDR_LE_DEV_RANDOM; | |
1313 | } | |
1ebfcc1f JH |
1314 | } |
1315 | ||
e2caced4 | 1316 | if (conn) { |
28a667c9 JP |
1317 | bacpy(&conn->dst, dst); |
1318 | } else { | |
181a42ed | 1319 | conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); |
e2caced4 JH |
1320 | if (!conn) |
1321 | return ERR_PTR(-ENOMEM); | |
1322 | hci_conn_hold(conn); | |
1323 | conn->pending_sec_level = sec_level; | |
28a667c9 JP |
1324 | } |
1325 | ||
1ebfcc1f | 1326 | conn->dst_type = dst_type; |
620ad521 | 1327 | conn->sec_level = BT_SECURITY_LOW; |
09ae260b | 1328 | conn->conn_timeout = conn_timeout; |
4292f1f3 | 1329 | |
881559af | 1330 | err = hci_connect_le_sync(hdev, conn); |
2acf3d90 AG |
1331 | if (err) { |
1332 | hci_conn_del(conn); | |
620ad521 | 1333 | return ERR_PTR(err); |
2acf3d90 | 1334 | } |
fcd89c09 | 1335 | |
f1e5d547 | 1336 | return conn; |
d04aef4c | 1337 | } |
fcd89c09 | 1338 | |
f75113a2 JP |
1339 | static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) |
1340 | { | |
1341 | struct hci_conn *conn; | |
1342 | ||
9d4c1cc1 | 1343 | conn = hci_conn_hash_lookup_le(hdev, addr, type); |
f75113a2 JP |
1344 | if (!conn) |
1345 | return false; | |
1346 | ||
f75113a2 JP |
1347 | if (conn->state != BT_CONNECTED) |
1348 | return false; | |
1349 | ||
1350 | return true; | |
1351 | } | |
1352 | ||
1353 | /* This function requires the caller holds hdev->lock */ | |
84235d22 | 1354 | static int hci_explicit_conn_params_set(struct hci_dev *hdev, |
f75113a2 JP |
1355 | bdaddr_t *addr, u8 addr_type) |
1356 | { | |
f75113a2 JP |
1357 | struct hci_conn_params *params; |
1358 | ||
1359 | if (is_connected(hdev, addr, addr_type)) | |
1360 | return -EISCONN; | |
1361 | ||
5157b8a5 JP |
1362 | params = hci_conn_params_lookup(hdev, addr, addr_type); |
1363 | if (!params) { | |
1364 | params = hci_conn_params_add(hdev, addr, addr_type); | |
1365 | if (!params) | |
1366 | return -ENOMEM; | |
1367 | ||
1368 | /* If we created new params, mark them to be deleted in | |
1369 | * hci_connect_le_scan_cleanup. It's different case than | |
1370 | * existing disabled params, those will stay after cleanup. | |
1371 | */ | |
1372 | params->auto_connect = HCI_AUTO_CONN_EXPLICIT; | |
1373 | } | |
f75113a2 | 1374 | |
5157b8a5 | 1375 | /* We're trying to connect, so make sure params are at pend_le_conns */ |
49c50922 | 1376 | if (params->auto_connect == HCI_AUTO_CONN_DISABLED || |
5157b8a5 JP |
1377 | params->auto_connect == HCI_AUTO_CONN_REPORT || |
1378 | params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { | |
195ef75e PV |
1379 | hci_pend_le_list_del_init(params); |
1380 | hci_pend_le_list_add(params, &hdev->pend_le_conns); | |
f75113a2 JP |
1381 | } |
1382 | ||
1383 | params->explicit_connect = true; | |
f75113a2 JP |
1384 | |
1385 | BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, | |
1386 | params->auto_connect); | |
1387 | ||
1388 | return 0; | |
1389 | } | |
1390 | ||
eca0ae4a LAD |
1391 | static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos) |
1392 | { | |
6a42e9bf IT |
1393 | struct hci_conn *conn; |
1394 | u8 big; | |
eca0ae4a LAD |
1395 | |
1396 | /* Allocate a BIG if not set */ | |
0fe8c8d0 | 1397 | if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) { |
6a42e9bf | 1398 | for (big = 0x00; big < 0xef; big++) { |
eca0ae4a | 1399 | |
6a42e9bf IT |
1400 | conn = hci_conn_hash_lookup_big(hdev, big); |
1401 | if (!conn) | |
eca0ae4a LAD |
1402 | break; |
1403 | } | |
1404 | ||
6a42e9bf | 1405 | if (big == 0xef) |
eca0ae4a LAD |
1406 | return -EADDRNOTAVAIL; |
1407 | ||
1408 | /* Update BIG */ | |
6a42e9bf | 1409 | qos->bcast.big = big; |
eca0ae4a LAD |
1410 | } |
1411 | ||
1412 | return 0; | |
1413 | } | |
1414 | ||
1415 | static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos) | |
1416 | { | |
6a42e9bf IT |
1417 | struct hci_conn *conn; |
1418 | u8 bis; | |
eca0ae4a LAD |
1419 | |
1420 | /* Allocate BIS if not set */ | |
0fe8c8d0 | 1421 | if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) { |
71b7bb48 IT |
1422 | if (qos->bcast.big != BT_ISO_QOS_BIG_UNSET) { |
1423 | conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); | |
1424 | ||
1425 | if (conn) { | |
1426 | /* If the BIG handle is already matched to an advertising | |
1427 | * handle, do not allocate a new one. | |
1428 | */ | |
1429 | qos->bcast.bis = conn->iso_qos.bcast.bis; | |
1430 | return 0; | |
1431 | } | |
1432 | } | |
1433 | ||
eca0ae4a LAD |
1434 | /* Find an unused adv set to advertise BIS, skip instance 0x00 |
1435 | * since it is reserved as general purpose set. | |
1436 | */ | |
6a42e9bf IT |
1437 | for (bis = 0x01; bis < hdev->le_num_of_adv_sets; |
1438 | bis++) { | |
eca0ae4a | 1439 | |
6a42e9bf IT |
1440 | conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis); |
1441 | if (!conn) | |
eca0ae4a LAD |
1442 | break; |
1443 | } | |
1444 | ||
6a42e9bf | 1445 | if (bis == hdev->le_num_of_adv_sets) |
eca0ae4a LAD |
1446 | return -EADDRNOTAVAIL; |
1447 | ||
1448 | /* Update BIS */ | |
6a42e9bf | 1449 | qos->bcast.bis = bis; |
eca0ae4a LAD |
1450 | } |
1451 | ||
1452 | return 0; | |
1453 | } | |
1454 | ||
1455 | /* This function requires the caller holds hdev->lock */ | |
1456 | static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, | |
a0bfde16 IT |
1457 | struct bt_iso_qos *qos, __u8 base_len, |
1458 | __u8 *base) | |
eca0ae4a LAD |
1459 | { |
1460 | struct hci_conn *conn; | |
eca0ae4a LAD |
1461 | int err; |
1462 | ||
1463 | /* Let's make sure that le is enabled.*/ | |
1464 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1465 | if (lmp_le_capable(hdev)) | |
1466 | return ERR_PTR(-ECONNREFUSED); | |
1467 | return ERR_PTR(-EOPNOTSUPP); | |
1468 | } | |
1469 | ||
1470 | err = qos_set_big(hdev, qos); | |
1471 | if (err) | |
1472 | return ERR_PTR(err); | |
1473 | ||
1474 | err = qos_set_bis(hdev, qos); | |
1475 | if (err) | |
1476 | return ERR_PTR(err); | |
1477 | ||
a0bfde16 IT |
1478 | /* Check if the LE Create BIG command has already been sent */ |
1479 | conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big, | |
1480 | qos->bcast.big); | |
1481 | if (conn) | |
eca0ae4a LAD |
1482 | return ERR_PTR(-EADDRINUSE); |
1483 | ||
a0bfde16 IT |
1484 | /* Check BIS settings against other bound BISes, since all |
1485 | * BISes in a BIG must have the same value for all parameters | |
1486 | */ | |
6a42e9bf | 1487 | conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); |
a0bfde16 IT |
1488 | |
1489 | if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) || | |
1490 | base_len != conn->le_per_adv_data_len || | |
1491 | memcmp(conn->le_per_adv_data, base, base_len))) | |
eca0ae4a LAD |
1492 | return ERR_PTR(-EADDRINUSE); |
1493 | ||
181a42ed | 1494 | conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); |
eca0ae4a LAD |
1495 | if (!conn) |
1496 | return ERR_PTR(-ENOMEM); | |
1497 | ||
eca0ae4a LAD |
1498 | conn->state = BT_CONNECT; |
1499 | ||
1500 | hci_conn_hold(conn); | |
1501 | return conn; | |
1502 | } | |
1503 | ||
f75113a2 JP |
1504 | /* This function requires the caller holds hdev->lock */ |
1505 | struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, | |
1506 | u8 dst_type, u8 sec_level, | |
76b13996 MM |
1507 | u16 conn_timeout, |
1508 | enum conn_reasons conn_reason) | |
f75113a2 JP |
1509 | { |
1510 | struct hci_conn *conn; | |
f75113a2 JP |
1511 | |
1512 | /* Let's make sure that le is enabled.*/ | |
1513 | if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { | |
1514 | if (lmp_le_capable(hdev)) | |
1515 | return ERR_PTR(-ECONNREFUSED); | |
1516 | ||
1517 | return ERR_PTR(-EOPNOTSUPP); | |
1518 | } | |
1519 | ||
1520 | /* Some devices send ATT messages as soon as the physical link is | |
1521 | * established. To be able to handle these ATT messages, the user- | |
1522 | * space first establishes the connection and then starts the pairing | |
1523 | * process. | |
1524 | * | |
1525 | * So if a hci_conn object already exists for the following connection | |
1526 | * attempt, we simply update pending_sec_level and auth_type fields | |
1527 | * and return the object found. | |
1528 | */ | |
9d4c1cc1 | 1529 | conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); |
f75113a2 JP |
1530 | if (conn) { |
1531 | if (conn->pending_sec_level < sec_level) | |
1532 | conn->pending_sec_level = sec_level; | |
1533 | goto done; | |
1534 | } | |
1535 | ||
1536 | BT_DBG("requesting refresh of dst_addr"); | |
1537 | ||
181a42ed | 1538 | conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); |
f75113a2 JP |
1539 | if (!conn) |
1540 | return ERR_PTR(-ENOMEM); | |
1541 | ||
d088337c NE |
1542 | if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { |
1543 | hci_conn_del(conn); | |
f75113a2 | 1544 | return ERR_PTR(-EBUSY); |
d088337c | 1545 | } |
f75113a2 JP |
1546 | |
1547 | conn->state = BT_CONNECT; | |
1548 | set_bit(HCI_CONN_SCANNING, &conn->flags); | |
f75113a2 JP |
1549 | conn->dst_type = dst_type; |
1550 | conn->sec_level = BT_SECURITY_LOW; | |
1551 | conn->pending_sec_level = sec_level; | |
1552 | conn->conn_timeout = conn_timeout; | |
76b13996 | 1553 | conn->conn_reason = conn_reason; |
f75113a2 | 1554 | |
5bee2fd6 | 1555 | hci_update_passive_scan(hdev); |
84235d22 | 1556 | |
f75113a2 JP |
1557 | done: |
1558 | hci_conn_hold(conn); | |
1559 | return conn; | |
1560 | } | |
1561 | ||
04a6c589 | 1562 | struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, |
76b13996 | 1563 | u8 sec_level, u8 auth_type, |
bf98feea | 1564 | enum conn_reasons conn_reason, u16 timeout) |
1da177e4 LT |
1565 | { |
1566 | struct hci_conn *acl; | |
fcd89c09 | 1567 | |
d7a5a11d | 1568 | if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { |
c411110e LR |
1569 | if (lmp_bredr_capable(hdev)) |
1570 | return ERR_PTR(-ECONNREFUSED); | |
1571 | ||
beb19e4c | 1572 | return ERR_PTR(-EOPNOTSUPP); |
c411110e | 1573 | } |
56f87901 | 1574 | |
1ffc6f8c LCY |
1575 | /* Reject outgoing connection to device with same BD ADDR against |
1576 | * CVE-2020-26555 | |
1577 | */ | |
1578 | if (!bacmp(&hdev->bdaddr, dst)) { | |
1579 | bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n", | |
1580 | dst); | |
1581 | return ERR_PTR(-ECONNREFUSED); | |
1582 | } | |
1583 | ||
70f23020 AE |
1584 | acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); |
1585 | if (!acl) { | |
181a42ed | 1586 | acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); |
70f23020 | 1587 | if (!acl) |
48c7aba9 | 1588 | return ERR_PTR(-ENOMEM); |
1da177e4 LT |
1589 | } |
1590 | ||
1591 | hci_conn_hold(acl); | |
1592 | ||
76b13996 | 1593 | acl->conn_reason = conn_reason; |
09ab6f4c | 1594 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
45340097 JD |
1595 | int err; |
1596 | ||
765c2a96 JH |
1597 | acl->sec_level = BT_SECURITY_LOW; |
1598 | acl->pending_sec_level = sec_level; | |
09ab6f4c | 1599 | acl->auth_type = auth_type; |
bf98feea | 1600 | acl->conn_timeout = timeout; |
45340097 | 1601 | |
5f641f03 | 1602 | err = hci_connect_acl_sync(hdev, acl); |
45340097 JD |
1603 | if (err) { |
1604 | hci_conn_del(acl); | |
1605 | return ERR_PTR(err); | |
1606 | } | |
09ab6f4c | 1607 | } |
1da177e4 | 1608 | |
db474275 VCG |
1609 | return acl; |
1610 | } | |
1611 | ||
06149746 LAD |
1612 | static struct hci_link *hci_conn_link(struct hci_conn *parent, |
1613 | struct hci_conn *conn) | |
1614 | { | |
1615 | struct hci_dev *hdev = parent->hdev; | |
1616 | struct hci_link *link; | |
1617 | ||
1618 | bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn); | |
1619 | ||
1620 | if (conn->link) | |
1621 | return conn->link; | |
1622 | ||
1623 | if (conn->parent) | |
1624 | return NULL; | |
1625 | ||
1626 | link = kzalloc(sizeof(*link), GFP_KERNEL); | |
1627 | if (!link) | |
1628 | return NULL; | |
1629 | ||
1630 | link->conn = hci_conn_hold(conn); | |
1631 | conn->link = link; | |
1632 | conn->parent = hci_conn_get(parent); | |
1633 | ||
1634 | /* Use list_add_tail_rcu append to the list */ | |
1635 | list_add_tail_rcu(&link->list, &parent->link_list); | |
1636 | ||
1637 | return link; | |
1638 | } | |
1639 | ||
10c62ddc | 1640 | struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, |
bf98feea LAD |
1641 | __u16 setting, struct bt_codec *codec, |
1642 | u16 timeout) | |
db474275 VCG |
1643 | { |
1644 | struct hci_conn *acl; | |
1645 | struct hci_conn *sco; | |
06149746 | 1646 | struct hci_link *link; |
db474275 | 1647 | |
76b13996 | 1648 | acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING, |
bf98feea | 1649 | CONN_REASON_SCO_CONNECT, timeout); |
db474275 | 1650 | if (IS_ERR(acl)) |
5b7f9909 | 1651 | return acl; |
1da177e4 | 1652 | |
70f23020 AE |
1653 | sco = hci_conn_hash_lookup_ba(hdev, type, dst); |
1654 | if (!sco) { | |
181a42ed | 1655 | sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); |
70f23020 | 1656 | if (!sco) { |
76a68ba0 | 1657 | hci_conn_drop(acl); |
48c7aba9 | 1658 | return ERR_PTR(-ENOMEM); |
1da177e4 | 1659 | } |
5b7f9909 | 1660 | } |
1da177e4 | 1661 | |
06149746 LAD |
1662 | link = hci_conn_link(acl, sco); |
1663 | if (!link) { | |
1664 | hci_conn_drop(acl); | |
1665 | hci_conn_drop(sco); | |
b4066eb0 | 1666 | return ERR_PTR(-ENOLINK); |
06149746 | 1667 | } |
1da177e4 | 1668 | |
10c62ddc | 1669 | sco->setting = setting; |
b2af264a | 1670 | sco->codec = *codec; |
10c62ddc | 1671 | |
5b7f9909 | 1672 | if (acl->state == BT_CONNECTED && |
5974e4c4 | 1673 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
58a681ef | 1674 | set_bit(HCI_CONN_POWER_SAVE, &acl->flags); |
14b12d0b | 1675 | hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); |
c390216b | 1676 | |
51a8efd7 | 1677 | if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) { |
e73439d8 | 1678 | /* defer SCO setup until mode change completed */ |
51a8efd7 | 1679 | set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags); |
e73439d8 MH |
1680 | return sco; |
1681 | } | |
1682 | ||
1683 | hci_sco_setup(acl, 0x00); | |
b6a0dc82 | 1684 | } |
5b7f9909 MH |
1685 | |
1686 | return sco; | |
1da177e4 | 1687 | } |
1da177e4 | 1688 | |
eca0ae4a LAD |
1689 | static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos) |
1690 | { | |
1691 | struct hci_dev *hdev = conn->hdev; | |
1692 | struct hci_cp_le_create_big cp; | |
a0bfde16 | 1693 | struct iso_list_data data; |
eca0ae4a LAD |
1694 | |
1695 | memset(&cp, 0, sizeof(cp)); | |
1696 | ||
a0bfde16 IT |
1697 | data.big = qos->bcast.big; |
1698 | data.bis = qos->bcast.bis; | |
1699 | data.count = 0; | |
1700 | ||
1701 | /* Create a BIS for each bound connection */ | |
1702 | hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, | |
1703 | BT_BOUND, &data); | |
1704 | ||
0fe8c8d0 IT |
1705 | cp.handle = qos->bcast.big; |
1706 | cp.adv_handle = qos->bcast.bis; | |
a0bfde16 | 1707 | cp.num_bis = data.count; |
0fe8c8d0 IT |
1708 | hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval); |
1709 | cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu); | |
1710 | cp.bis.latency = cpu_to_le16(qos->bcast.out.latency); | |
1711 | cp.bis.rtn = qos->bcast.out.rtn; | |
1712 | cp.bis.phy = qos->bcast.out.phy; | |
1713 | cp.bis.packing = qos->bcast.packing; | |
1714 | cp.bis.framing = qos->bcast.framing; | |
1715 | cp.bis.encryption = qos->bcast.encryption; | |
1716 | memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode)); | |
eca0ae4a LAD |
1717 | |
1718 | return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp); | |
1719 | } | |
1720 | ||
a0912892 | 1721 | static int set_cig_params_sync(struct hci_dev *hdev, void *data) |
6b9545dc | 1722 | { |
a1f6c3ae | 1723 | u8 cig_id = PTR_UINT(data); |
a0912892 LAD |
1724 | struct hci_conn *conn; |
1725 | struct bt_iso_qos *qos; | |
1726 | struct iso_cig_params pdu; | |
1727 | u8 cis_id; | |
6b9545dc | 1728 | |
a0912892 LAD |
1729 | conn = hci_conn_hash_lookup_cig(hdev, cig_id); |
1730 | if (!conn) | |
1731 | return 0; | |
6b9545dc | 1732 | |
a0912892 | 1733 | memset(&pdu, 0, sizeof(pdu)); |
6b9545dc | 1734 | |
a0912892 LAD |
1735 | qos = &conn->iso_qos; |
1736 | pdu.cp.cig_id = cig_id; | |
1737 | hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval); | |
1738 | hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval); | |
1739 | pdu.cp.sca = qos->ucast.sca; | |
1740 | pdu.cp.packing = qos->ucast.packing; | |
1741 | pdu.cp.framing = qos->ucast.framing; | |
1742 | pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency); | |
1743 | pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency); | |
6b9545dc | 1744 | |
a0912892 LAD |
1745 | /* Reprogram all CIS(s) with the same CIG, valid range are: |
1746 | * num_cis: 0x00 to 0x1F | |
1747 | * cis_id: 0x00 to 0xEF | |
1748 | */ | |
1749 | for (cis_id = 0x00; cis_id < 0xf0 && | |
1750 | pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) { | |
1751 | struct hci_cis_params *cis; | |
1752 | ||
1753 | conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id); | |
1754 | if (!conn) | |
1755 | continue; | |
6b9545dc | 1756 | |
a0912892 LAD |
1757 | qos = &conn->iso_qos; |
1758 | ||
1759 | cis = &pdu.cis[pdu.cp.num_cis++]; | |
1760 | cis->cis_id = cis_id; | |
1761 | cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu); | |
1762 | cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu); | |
1763 | cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy : | |
1764 | qos->ucast.in.phy; | |
1765 | cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy : | |
1766 | qos->ucast.out.phy; | |
1767 | cis->c_rtn = qos->ucast.out.rtn; | |
1768 | cis->p_rtn = qos->ucast.in.rtn; | |
1769 | } | |
1770 | ||
1771 | if (!pdu.cp.num_cis) | |
1772 | return 0; | |
1773 | ||
1774 | return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, | |
1775 | sizeof(pdu.cp) + | |
1776 | pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu, | |
6b9545dc PV |
1777 | HCI_CMD_TIMEOUT); |
1778 | } | |
1779 | ||
26afbd82 LAD |
1780 | static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos) |
1781 | { | |
1782 | struct hci_dev *hdev = conn->hdev; | |
1783 | struct iso_list_data data; | |
1784 | ||
1785 | memset(&data, 0, sizeof(data)); | |
1786 | ||
e6a7a46b | 1787 | /* Allocate first still reconfigurable CIG if not set */ |
0fe8c8d0 | 1788 | if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) { |
e6a7a46b | 1789 | for (data.cig = 0x00; data.cig < 0xf0; data.cig++) { |
26afbd82 | 1790 | data.count = 0; |
26afbd82 | 1791 | |
e6a7a46b PV |
1792 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, |
1793 | BT_CONNECT, &data); | |
26afbd82 LAD |
1794 | if (data.count) |
1795 | continue; | |
1796 | ||
e6a7a46b | 1797 | hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, |
26afbd82 LAD |
1798 | BT_CONNECTED, &data); |
1799 | if (!data.count) | |
1800 | break; | |
1801 | } | |
1802 | ||
e6a7a46b | 1803 | if (data.cig == 0xf0) |
26afbd82 LAD |
1804 | return false; |
1805 | ||
1806 | /* Update CIG */ | |
0fe8c8d0 | 1807 | qos->ucast.cig = data.cig; |
26afbd82 LAD |
1808 | } |
1809 | ||
0fe8c8d0 | 1810 | if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) { |
a0912892 LAD |
1811 | if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig, |
1812 | qos->ucast.cis)) | |
26afbd82 | 1813 | return false; |
a0912892 | 1814 | goto done; |
26afbd82 LAD |
1815 | } |
1816 | ||
a0912892 LAD |
1817 | /* Allocate first available CIS if not set */ |
1818 | for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0; | |
1819 | data.cis++) { | |
1820 | if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig, | |
1821 | data.cis)) { | |
26afbd82 | 1822 | /* Update CIS */ |
0fe8c8d0 | 1823 | qos->ucast.cis = data.cis; |
a0912892 | 1824 | break; |
26afbd82 LAD |
1825 | } |
1826 | } | |
1827 | ||
a0912892 | 1828 | if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) |
26afbd82 LAD |
1829 | return false; |
1830 | ||
a0912892 LAD |
1831 | done: |
1832 | if (hci_cmd_sync_queue(hdev, set_cig_params_sync, | |
a1f6c3ae | 1833 | UINT_PTR(qos->ucast.cig), NULL) < 0) |
6b9545dc | 1834 | return false; |
6b9545dc | 1835 | |
26afbd82 LAD |
1836 | return true; |
1837 | } | |
1838 | ||
26afbd82 LAD |
1839 | struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, |
1840 | __u8 dst_type, struct bt_iso_qos *qos) | |
1841 | { | |
1842 | struct hci_conn *cis; | |
1843 | ||
c14516fa LAD |
1844 | cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, |
1845 | qos->ucast.cis); | |
26afbd82 | 1846 | if (!cis) { |
181a42ed | 1847 | cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); |
26afbd82 LAD |
1848 | if (!cis) |
1849 | return ERR_PTR(-ENOMEM); | |
1850 | cis->cleanup = cis_cleanup; | |
b36a234d | 1851 | cis->dst_type = dst_type; |
b5793de3 PV |
1852 | cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; |
1853 | cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET; | |
26afbd82 LAD |
1854 | } |
1855 | ||
1856 | if (cis->state == BT_CONNECTED) | |
1857 | return cis; | |
1858 | ||
1859 | /* Check if CIS has been set and the settings matches */ | |
1860 | if (cis->state == BT_BOUND && | |
1861 | !memcmp(&cis->iso_qos, qos, sizeof(*qos))) | |
1862 | return cis; | |
1863 | ||
1864 | /* Update LINK PHYs according to QoS preference */ | |
0fe8c8d0 IT |
1865 | cis->le_tx_phy = qos->ucast.out.phy; |
1866 | cis->le_rx_phy = qos->ucast.in.phy; | |
26afbd82 LAD |
1867 | |
1868 | /* If output interval is not set use the input interval as it cannot be | |
1869 | * 0x000000. | |
1870 | */ | |
0fe8c8d0 IT |
1871 | if (!qos->ucast.out.interval) |
1872 | qos->ucast.out.interval = qos->ucast.in.interval; | |
26afbd82 LAD |
1873 | |
1874 | /* If input interval is not set use the output interval as it cannot be | |
1875 | * 0x000000. | |
1876 | */ | |
0fe8c8d0 IT |
1877 | if (!qos->ucast.in.interval) |
1878 | qos->ucast.in.interval = qos->ucast.out.interval; | |
26afbd82 LAD |
1879 | |
1880 | /* If output latency is not set use the input latency as it cannot be | |
1881 | * 0x0000. | |
1882 | */ | |
0fe8c8d0 IT |
1883 | if (!qos->ucast.out.latency) |
1884 | qos->ucast.out.latency = qos->ucast.in.latency; | |
26afbd82 LAD |
1885 | |
1886 | /* If input latency is not set use the output latency as it cannot be | |
1887 | * 0x0000. | |
1888 | */ | |
0fe8c8d0 IT |
1889 | if (!qos->ucast.in.latency) |
1890 | qos->ucast.in.latency = qos->ucast.out.latency; | |
26afbd82 | 1891 | |
26afbd82 LAD |
1892 | if (!hci_le_set_cig_params(cis, qos)) { |
1893 | hci_conn_drop(cis); | |
1894 | return ERR_PTR(-EINVAL); | |
1895 | } | |
1896 | ||
69997d50 PV |
1897 | hci_conn_hold(cis); |
1898 | ||
26afbd82 LAD |
1899 | cis->iso_qos = *qos; |
1900 | cis->state = BT_BOUND; | |
1901 | ||
1902 | return cis; | |
1903 | } | |
1904 | ||
1905 | bool hci_iso_setup_path(struct hci_conn *conn) | |
1906 | { | |
1907 | struct hci_dev *hdev = conn->hdev; | |
1908 | struct hci_cp_le_setup_iso_path cmd; | |
1909 | ||
1910 | memset(&cmd, 0, sizeof(cmd)); | |
1911 | ||
0fe8c8d0 | 1912 | if (conn->iso_qos.ucast.out.sdu) { |
26afbd82 LAD |
1913 | cmd.handle = cpu_to_le16(conn->handle); |
1914 | cmd.direction = 0x00; /* Input (Host to Controller) */ | |
1915 | cmd.path = 0x00; /* HCI path if enabled */ | |
1916 | cmd.codec = 0x03; /* Transparent Data */ | |
1917 | ||
1918 | if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), | |
1919 | &cmd) < 0) | |
1920 | return false; | |
1921 | } | |
1922 | ||
0fe8c8d0 | 1923 | if (conn->iso_qos.ucast.in.sdu) { |
26afbd82 LAD |
1924 | cmd.handle = cpu_to_le16(conn->handle); |
1925 | cmd.direction = 0x01; /* Output (Controller to Host) */ | |
1926 | cmd.path = 0x00; /* HCI path if enabled */ | |
1927 | cmd.codec = 0x03; /* Transparent Data */ | |
1928 | ||
1929 | if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), | |
1930 | &cmd) < 0) | |
1931 | return false; | |
1932 | } | |
1933 | ||
1934 | return true; | |
1935 | } | |
1936 | ||
7f74563e | 1937 | int hci_conn_check_create_cis(struct hci_conn *conn) |
26afbd82 | 1938 | { |
7f74563e PV |
1939 | if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY)) |
1940 | return -EINVAL; | |
26afbd82 | 1941 | |
7f74563e | 1942 | if (!conn->parent || conn->parent->state != BT_CONNECTED || |
9f78191c | 1943 | conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle)) |
7f74563e | 1944 | return 1; |
26afbd82 | 1945 | |
7f74563e PV |
1946 | return 0; |
1947 | } | |
06149746 | 1948 | |
7f74563e PV |
1949 | static int hci_create_cis_sync(struct hci_dev *hdev, void *data) |
1950 | { | |
1951 | return hci_le_create_cis_sync(hdev); | |
1952 | } | |
06149746 | 1953 | |
7f74563e PV |
1954 | int hci_le_create_cis_pending(struct hci_dev *hdev) |
1955 | { | |
1956 | struct hci_conn *conn; | |
1957 | bool pending = false; | |
06149746 | 1958 | |
7f74563e | 1959 | rcu_read_lock(); |
06149746 | 1960 | |
7f74563e PV |
1961 | list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) { |
1962 | if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) { | |
1963 | rcu_read_unlock(); | |
1964 | return -EBUSY; | |
06149746 LAD |
1965 | } |
1966 | ||
7f74563e PV |
1967 | if (!hci_conn_check_create_cis(conn)) |
1968 | pending = true; | |
26afbd82 LAD |
1969 | } |
1970 | ||
7f74563e PV |
1971 | rcu_read_unlock(); |
1972 | ||
1973 | if (!pending) | |
26afbd82 LAD |
1974 | return 0; |
1975 | ||
1976 | /* Queue Create CIS */ | |
7f74563e | 1977 | return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL); |
26afbd82 LAD |
1978 | } |
1979 | ||
1980 | static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, | |
1981 | struct bt_iso_io_qos *qos, __u8 phy) | |
1982 | { | |
1983 | /* Only set MTU if PHY is enabled */ | |
1984 | if (!qos->sdu && qos->phy) { | |
1985 | if (hdev->iso_mtu > 0) | |
1986 | qos->sdu = hdev->iso_mtu; | |
1987 | else if (hdev->le_mtu > 0) | |
1988 | qos->sdu = hdev->le_mtu; | |
1989 | else | |
1990 | qos->sdu = hdev->acl_mtu; | |
1991 | } | |
1992 | ||
1993 | /* Use the same PHY as ACL if set to any */ | |
1994 | if (qos->phy == BT_ISO_PHY_ANY) | |
1995 | qos->phy = phy; | |
1996 | ||
1997 | /* Use LE ACL connection interval if not set */ | |
1998 | if (!qos->interval) | |
1999 | /* ACL interval unit in 1.25 ms to us */ | |
2000 | qos->interval = conn->le_conn_interval * 1250; | |
2001 | ||
2002 | /* Use LE ACL connection latency if not set */ | |
2003 | if (!qos->latency) | |
2004 | qos->latency = conn->le_conn_latency; | |
2005 | } | |
2006 | ||
eca0ae4a LAD |
2007 | static int create_big_sync(struct hci_dev *hdev, void *data) |
2008 | { | |
2009 | struct hci_conn *conn = data; | |
2010 | struct bt_iso_qos *qos = &conn->iso_qos; | |
2011 | u16 interval, sync_interval = 0; | |
2012 | u32 flags = 0; | |
2013 | int err; | |
2014 | ||
0fe8c8d0 | 2015 | if (qos->bcast.out.phy == 0x02) |
eca0ae4a LAD |
2016 | flags |= MGMT_ADV_FLAG_SEC_2M; |
2017 | ||
2018 | /* Align intervals */ | |
14f0dcec | 2019 | interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor; |
eca0ae4a | 2020 | |
0fe8c8d0 | 2021 | if (qos->bcast.bis) |
14f0dcec | 2022 | sync_interval = interval * 4; |
eca0ae4a | 2023 | |
0fe8c8d0 | 2024 | err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len, |
eca0ae4a LAD |
2025 | conn->le_per_adv_data, flags, interval, |
2026 | interval, sync_interval); | |
2027 | if (err) | |
2028 | return err; | |
2029 | ||
2030 | return hci_le_create_big(conn, &conn->iso_qos); | |
2031 | } | |
2032 | ||
2033 | static void create_pa_complete(struct hci_dev *hdev, void *data, int err) | |
2034 | { | |
2035 | struct hci_cp_le_pa_create_sync *cp = data; | |
2036 | ||
2037 | bt_dev_dbg(hdev, ""); | |
2038 | ||
2039 | if (err) | |
2040 | bt_dev_err(hdev, "Unable to create PA: %d", err); | |
2041 | ||
2042 | kfree(cp); | |
2043 | } | |
2044 | ||
2045 | static int create_pa_sync(struct hci_dev *hdev, void *data) | |
2046 | { | |
2047 | struct hci_cp_le_pa_create_sync *cp = data; | |
2048 | int err; | |
2049 | ||
2050 | err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC, | |
2051 | sizeof(*cp), cp, HCI_CMD_TIMEOUT); | |
2052 | if (err) { | |
2053 | hci_dev_clear_flag(hdev, HCI_PA_SYNC); | |
2054 | return err; | |
2055 | } | |
2056 | ||
2057 | return hci_update_passive_scan_sync(hdev); | |
2058 | } | |
2059 | ||
2060 | int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type, | |
0fe8c8d0 | 2061 | __u8 sid, struct bt_iso_qos *qos) |
eca0ae4a LAD |
2062 | { |
2063 | struct hci_cp_le_pa_create_sync *cp; | |
2064 | ||
2065 | if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC)) | |
2066 | return -EBUSY; | |
2067 | ||
37224a29 | 2068 | cp = kzalloc(sizeof(*cp), GFP_KERNEL); |
eca0ae4a LAD |
2069 | if (!cp) { |
2070 | hci_dev_clear_flag(hdev, HCI_PA_SYNC); | |
2071 | return -ENOMEM; | |
2072 | } | |
2073 | ||
0fe8c8d0 | 2074 | cp->options = qos->bcast.options; |
eca0ae4a LAD |
2075 | cp->sid = sid; |
2076 | cp->addr_type = dst_type; | |
2077 | bacpy(&cp->addr, dst); | |
0fe8c8d0 IT |
2078 | cp->skip = cpu_to_le16(qos->bcast.skip); |
2079 | cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); | |
2080 | cp->sync_cte_type = qos->bcast.sync_cte_type; | |
eca0ae4a LAD |
2081 | |
2082 | /* Queue start pa_create_sync and scan */ | |
2083 | return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete); | |
2084 | } | |
2085 | ||
fbdc4bc4 IT |
2086 | int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon, |
2087 | struct bt_iso_qos *qos, | |
eca0ae4a LAD |
2088 | __u16 sync_handle, __u8 num_bis, __u8 bis[]) |
2089 | { | |
2090 | struct _packed { | |
2091 | struct hci_cp_le_big_create_sync cp; | |
2092 | __u8 bis[0x11]; | |
2093 | } pdu; | |
2094 | int err; | |
2095 | ||
31ca583b | 2096 | if (num_bis < 0x01 || num_bis > sizeof(pdu.bis)) |
eca0ae4a LAD |
2097 | return -EINVAL; |
2098 | ||
2099 | err = qos_set_big(hdev, qos); | |
2100 | if (err) | |
2101 | return err; | |
2102 | ||
fbdc4bc4 IT |
2103 | if (hcon) |
2104 | hcon->iso_qos.bcast.big = qos->bcast.big; | |
2105 | ||
eca0ae4a | 2106 | memset(&pdu, 0, sizeof(pdu)); |
0fe8c8d0 | 2107 | pdu.cp.handle = qos->bcast.big; |
eca0ae4a | 2108 | pdu.cp.sync_handle = cpu_to_le16(sync_handle); |
0fe8c8d0 IT |
2109 | pdu.cp.encryption = qos->bcast.encryption; |
2110 | memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode)); | |
2111 | pdu.cp.mse = qos->bcast.mse; | |
2112 | pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout); | |
eca0ae4a LAD |
2113 | pdu.cp.num_bis = num_bis; |
2114 | memcpy(pdu.bis, bis, num_bis); | |
2115 | ||
2116 | return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC, | |
2117 | sizeof(pdu.cp) + num_bis, &pdu); | |
2118 | } | |
2119 | ||
2120 | static void create_big_complete(struct hci_dev *hdev, void *data, int err) | |
2121 | { | |
2122 | struct hci_conn *conn = data; | |
2123 | ||
2124 | bt_dev_dbg(hdev, "conn %p", conn); | |
2125 | ||
2126 | if (err) { | |
2127 | bt_dev_err(hdev, "Unable to create BIG: %d", err); | |
2128 | hci_connect_cfm(conn, err); | |
2129 | hci_conn_del(conn); | |
2130 | } | |
2131 | } | |
2132 | ||
a0bfde16 IT |
2133 | struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst, |
2134 | struct bt_iso_qos *qos, | |
2135 | __u8 base_len, __u8 *base) | |
eca0ae4a LAD |
2136 | { |
2137 | struct hci_conn *conn; | |
fa224d0c | 2138 | struct hci_conn *parent; |
a0bfde16 | 2139 | __u8 eir[HCI_MAX_PER_AD_LENGTH]; |
fa224d0c IT |
2140 | struct hci_link *link; |
2141 | ||
2142 | /* Look for any BIS that is open for rebinding */ | |
2143 | conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN); | |
2144 | if (conn) { | |
2145 | memcpy(qos, &conn->iso_qos, sizeof(*qos)); | |
2146 | conn->state = BT_CONNECTED; | |
2147 | return conn; | |
2148 | } | |
a0bfde16 IT |
2149 | |
2150 | if (base_len && base) | |
2151 | base_len = eir_append_service_data(eir, 0, 0x1851, | |
2152 | base, base_len); | |
eca0ae4a LAD |
2153 | |
2154 | /* We need hci_conn object using the BDADDR_ANY as dst */ | |
a0bfde16 | 2155 | conn = hci_add_bis(hdev, dst, qos, base_len, eir); |
eca0ae4a LAD |
2156 | if (IS_ERR(conn)) |
2157 | return conn; | |
2158 | ||
a0bfde16 IT |
2159 | /* Update LINK PHYs according to QoS preference */ |
2160 | conn->le_tx_phy = qos->bcast.out.phy; | |
2161 | conn->le_tx_phy = qos->bcast.out.phy; | |
eca0ae4a LAD |
2162 | |
2163 | /* Add Basic Announcement into Peridic Adv Data if BASE is set */ | |
2164 | if (base_len && base) { | |
a0bfde16 | 2165 | memcpy(conn->le_per_adv_data, eir, sizeof(eir)); |
eca0ae4a LAD |
2166 | conn->le_per_adv_data_len = base_len; |
2167 | } | |
2168 | ||
a0bfde16 IT |
2169 | hci_iso_qos_setup(hdev, conn, &qos->bcast.out, |
2170 | conn->le_tx_phy ? conn->le_tx_phy : | |
2171 | hdev->le_tx_def_phys); | |
2172 | ||
2173 | conn->iso_qos = *qos; | |
2174 | conn->state = BT_BOUND; | |
2175 | ||
fa224d0c IT |
2176 | /* Link BISes together */ |
2177 | parent = hci_conn_hash_lookup_big(hdev, | |
2178 | conn->iso_qos.bcast.big); | |
2179 | if (parent && parent != conn) { | |
2180 | link = hci_conn_link(parent, conn); | |
2181 | if (!link) { | |
2182 | hci_conn_drop(conn); | |
2183 | return ERR_PTR(-ENOLINK); | |
2184 | } | |
2185 | ||
2186 | /* Link takes the refcount */ | |
2187 | hci_conn_drop(conn); | |
2188 | } | |
2189 | ||
a0bfde16 IT |
2190 | return conn; |
2191 | } | |
2192 | ||
2193 | static void bis_mark_per_adv(struct hci_conn *conn, void *data) | |
2194 | { | |
2195 | struct iso_list_data *d = data; | |
2196 | ||
2197 | /* Skip if not broadcast/ANY address */ | |
2198 | if (bacmp(&conn->dst, BDADDR_ANY)) | |
2199 | return; | |
2200 | ||
2201 | if (d->big != conn->iso_qos.bcast.big || | |
2202 | d->bis == BT_ISO_QOS_BIS_UNSET || | |
2203 | d->bis != conn->iso_qos.bcast.bis) | |
2204 | return; | |
2205 | ||
2206 | set_bit(HCI_CONN_PER_ADV, &conn->flags); | |
2207 | } | |
2208 | ||
2209 | struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst, | |
2210 | __u8 dst_type, struct bt_iso_qos *qos, | |
2211 | __u8 base_len, __u8 *base) | |
2212 | { | |
2213 | struct hci_conn *conn; | |
2214 | int err; | |
2215 | struct iso_list_data data; | |
2216 | ||
2217 | conn = hci_bind_bis(hdev, dst, qos, base_len, base); | |
2218 | if (IS_ERR(conn)) | |
2219 | return conn; | |
2220 | ||
fa224d0c IT |
2221 | if (conn->state == BT_CONNECTED) |
2222 | return conn; | |
2223 | ||
a0bfde16 IT |
2224 | data.big = qos->bcast.big; |
2225 | data.bis = qos->bcast.bis; | |
2226 | ||
2227 | /* Set HCI_CONN_PER_ADV for all bound connections, to mark that | |
2228 | * the start periodic advertising and create BIG commands have | |
2229 | * been queued | |
2230 | */ | |
2231 | hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK, | |
2232 | BT_BOUND, &data); | |
2233 | ||
eca0ae4a LAD |
2234 | /* Queue start periodic advertising and create BIG */ |
2235 | err = hci_cmd_sync_queue(hdev, create_big_sync, conn, | |
2236 | create_big_complete); | |
2237 | if (err < 0) { | |
2238 | hci_conn_drop(conn); | |
2239 | return ERR_PTR(err); | |
2240 | } | |
2241 | ||
eca0ae4a LAD |
2242 | return conn; |
2243 | } | |
2244 | ||
26afbd82 LAD |
2245 | struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, |
2246 | __u8 dst_type, struct bt_iso_qos *qos) | |
2247 | { | |
2248 | struct hci_conn *le; | |
2249 | struct hci_conn *cis; | |
06149746 | 2250 | struct hci_link *link; |
26afbd82 | 2251 | |
26afbd82 LAD |
2252 | if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) |
2253 | le = hci_connect_le(hdev, dst, dst_type, false, | |
2254 | BT_SECURITY_LOW, | |
2255 | HCI_LE_CONN_TIMEOUT, | |
2256 | HCI_ROLE_SLAVE); | |
2257 | else | |
2258 | le = hci_connect_le_scan(hdev, dst, dst_type, | |
2259 | BT_SECURITY_LOW, | |
2260 | HCI_LE_CONN_TIMEOUT, | |
2261 | CONN_REASON_ISO_CONNECT); | |
2262 | if (IS_ERR(le)) | |
2263 | return le; | |
2264 | ||
0fe8c8d0 | 2265 | hci_iso_qos_setup(hdev, le, &qos->ucast.out, |
26afbd82 | 2266 | le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys); |
0fe8c8d0 | 2267 | hci_iso_qos_setup(hdev, le, &qos->ucast.in, |
26afbd82 LAD |
2268 | le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys); |
2269 | ||
2270 | cis = hci_bind_cis(hdev, dst, dst_type, qos); | |
2271 | if (IS_ERR(cis)) { | |
2272 | hci_conn_drop(le); | |
2273 | return cis; | |
2274 | } | |
2275 | ||
06149746 LAD |
2276 | link = hci_conn_link(le, cis); |
2277 | if (!link) { | |
2278 | hci_conn_drop(le); | |
2279 | hci_conn_drop(cis); | |
b4066eb0 | 2280 | return ERR_PTR(-ENOLINK); |
06149746 | 2281 | } |
26afbd82 | 2282 | |
69997d50 PV |
2283 | /* Link takes the refcount */ |
2284 | hci_conn_drop(cis); | |
2285 | ||
7f74563e PV |
2286 | cis->state = BT_CONNECT; |
2287 | ||
2288 | hci_le_create_cis_pending(hdev); | |
26afbd82 LAD |
2289 | |
2290 | return cis; | |
2291 | } | |
2292 | ||
e7c29cb1 MH |
2293 | /* Check link security requirement */ |
2294 | int hci_conn_check_link_mode(struct hci_conn *conn) | |
2295 | { | |
38b3fef1 | 2296 | BT_DBG("hcon %p", conn); |
e7c29cb1 | 2297 | |
40b552aa MH |
2298 | /* In Secure Connections Only mode, it is required that Secure |
2299 | * Connections is used and the link is encrypted with AES-CCM | |
2300 | * using a P-256 authenticated combination key. | |
2301 | */ | |
d7a5a11d | 2302 | if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) { |
40b552aa MH |
2303 | if (!hci_conn_sc_enabled(conn) || |
2304 | !test_bit(HCI_CONN_AES_CCM, &conn->flags) || | |
2305 | conn->key_type != HCI_LK_AUTH_COMBINATION_P256) | |
2306 | return 0; | |
2307 | } | |
2308 | ||
8746f135 LAD |
2309 | /* AES encryption is required for Level 4: |
2310 | * | |
2311 | * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C | |
2312 | * page 1319: | |
2313 | * | |
2314 | * 128-bit equivalent strength for link and encryption keys | |
2315 | * required using FIPS approved algorithms (E0 not allowed, | |
2316 | * SAFER+ not allowed, and P-192 not allowed; encryption key | |
2317 | * not shortened) | |
2318 | */ | |
2319 | if (conn->sec_level == BT_SECURITY_FIPS && | |
2320 | !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { | |
2321 | bt_dev_err(conn->hdev, | |
2322 | "Invalid security: Missing AES-CCM usage"); | |
2323 | return 0; | |
2324 | } | |
2325 | ||
4dae2798 JH |
2326 | if (hci_conn_ssp_enabled(conn) && |
2327 | !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
e7c29cb1 MH |
2328 | return 0; |
2329 | ||
2330 | return 1; | |
2331 | } | |
e7c29cb1 | 2332 | |
1da177e4 | 2333 | /* Authenticate remote device */ |
0684e5f9 | 2334 | static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) |
1da177e4 | 2335 | { |
38b3fef1 | 2336 | BT_DBG("hcon %p", conn); |
1da177e4 | 2337 | |
765c2a96 JH |
2338 | if (conn->pending_sec_level > sec_level) |
2339 | sec_level = conn->pending_sec_level; | |
2340 | ||
96a31833 | 2341 | if (sec_level > conn->sec_level) |
765c2a96 | 2342 | conn->pending_sec_level = sec_level; |
4dae2798 | 2343 | else if (test_bit(HCI_CONN_AUTH, &conn->flags)) |
1da177e4 LT |
2344 | return 1; |
2345 | ||
65cf686e JH |
2346 | /* Make sure we preserve an existing MITM requirement*/ |
2347 | auth_type |= (conn->auth_type & 0x01); | |
2348 | ||
96a31833 MH |
2349 | conn->auth_type = auth_type; |
2350 | ||
51a8efd7 | 2351 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { |
1da177e4 | 2352 | struct hci_cp_auth_requested cp; |
b7d05bad | 2353 | |
aca3192c | 2354 | cp.handle = cpu_to_le16(conn->handle); |
40be492f | 2355 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, |
5974e4c4 | 2356 | sizeof(cp), &cp); |
09da1f34 | 2357 | |
d03376c1 LAD |
2358 | /* Set the ENCRYPT_PEND to trigger encryption after |
2359 | * authentication. | |
09da1f34 | 2360 | */ |
d03376c1 | 2361 | if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) |
09da1f34 | 2362 | set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); |
1da177e4 | 2363 | } |
8c1b2355 | 2364 | |
1da177e4 LT |
2365 | return 0; |
2366 | } | |
1da177e4 | 2367 | |
bb6d6895 | 2368 | /* Encrypt the link */ |
13d39315 WR |
2369 | static void hci_conn_encrypt(struct hci_conn *conn) |
2370 | { | |
38b3fef1 | 2371 | BT_DBG("hcon %p", conn); |
13d39315 | 2372 | |
51a8efd7 | 2373 | if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { |
13d39315 WR |
2374 | struct hci_cp_set_conn_encrypt cp; |
2375 | cp.handle = cpu_to_le16(conn->handle); | |
2376 | cp.encrypt = 0x01; | |
2377 | hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), | |
5974e4c4 | 2378 | &cp); |
13d39315 WR |
2379 | } |
2380 | } | |
2381 | ||
8c1b2355 | 2382 | /* Enable security */ |
e7cafc45 JH |
2383 | int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, |
2384 | bool initiator) | |
1da177e4 | 2385 | { |
38b3fef1 | 2386 | BT_DBG("hcon %p", conn); |
1da177e4 | 2387 | |
d8343f12 VCG |
2388 | if (conn->type == LE_LINK) |
2389 | return smp_conn_security(conn, sec_level); | |
2390 | ||
13d39315 | 2391 | /* For sdp we don't need the link key. */ |
8c1b2355 MH |
2392 | if (sec_level == BT_SECURITY_SDP) |
2393 | return 1; | |
2394 | ||
13d39315 WR |
2395 | /* For non 2.1 devices and low security level we don't need the link |
2396 | key. */ | |
aa64a8b5 | 2397 | if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn)) |
3fdca1e1 | 2398 | return 1; |
8c1b2355 | 2399 | |
13d39315 | 2400 | /* For other security levels we need the link key. */ |
4dae2798 | 2401 | if (!test_bit(HCI_CONN_AUTH, &conn->flags)) |
13d39315 WR |
2402 | goto auth; |
2403 | ||
1d8e8014 YH |
2404 | switch (conn->key_type) { |
2405 | case HCI_LK_AUTH_COMBINATION_P256: | |
2406 | /* An authenticated FIPS approved combination key has | |
2407 | * sufficient security for security level 4 or lower. | |
2408 | */ | |
2409 | if (sec_level <= BT_SECURITY_FIPS) | |
2410 | goto encrypt; | |
2411 | break; | |
2412 | case HCI_LK_AUTH_COMBINATION_P192: | |
2413 | /* An authenticated combination key has sufficient security for | |
2414 | * security level 3 or lower. | |
2415 | */ | |
2416 | if (sec_level <= BT_SECURITY_HIGH) | |
2417 | goto encrypt; | |
2418 | break; | |
2419 | case HCI_LK_UNAUTH_COMBINATION_P192: | |
2420 | case HCI_LK_UNAUTH_COMBINATION_P256: | |
2421 | /* An unauthenticated combination key has sufficient security | |
2422 | * for security level 2 or lower. | |
2423 | */ | |
2424 | if (sec_level <= BT_SECURITY_MEDIUM) | |
2425 | goto encrypt; | |
2426 | break; | |
2427 | case HCI_LK_COMBINATION: | |
2428 | /* A combination key has always sufficient security for the | |
2429 | * security levels 2 or lower. High security level requires the | |
2430 | * combination key is generated using maximum PIN code length | |
2431 | * (16). For pre 2.1 units. | |
2432 | */ | |
2433 | if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16) | |
2434 | goto encrypt; | |
2435 | break; | |
2436 | default: | |
2437 | break; | |
2438 | } | |
13d39315 WR |
2439 | |
2440 | auth: | |
51a8efd7 | 2441 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) |
1da177e4 LT |
2442 | return 0; |
2443 | ||
977f8fce JH |
2444 | if (initiator) |
2445 | set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); | |
2446 | ||
6fdf658c LAD |
2447 | if (!hci_conn_auth(conn, sec_level, auth_type)) |
2448 | return 0; | |
13d39315 WR |
2449 | |
2450 | encrypt: | |
693cd8ce MH |
2451 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) { |
2452 | /* Ensure that the encryption key size has been read, | |
2453 | * otherwise stall the upper layer responses. | |
2454 | */ | |
2455 | if (!conn->enc_key_size) | |
2456 | return 0; | |
2457 | ||
2458 | /* Nothing else needed, all requirements are met */ | |
13d39315 | 2459 | return 1; |
693cd8ce | 2460 | } |
8c1b2355 | 2461 | |
13d39315 | 2462 | hci_conn_encrypt(conn); |
1da177e4 LT |
2463 | return 0; |
2464 | } | |
8c1b2355 | 2465 | EXPORT_SYMBOL(hci_conn_security); |
1da177e4 | 2466 | |
b3b1b061 WR |
2467 | /* Check secure link requirement */ |
2468 | int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) | |
2469 | { | |
38b3fef1 | 2470 | BT_DBG("hcon %p", conn); |
b3b1b061 | 2471 | |
9cb2e030 MH |
2472 | /* Accept if non-secure or higher security level is required */ |
2473 | if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) | |
2474 | return 1; | |
b3b1b061 | 2475 | |
9cb2e030 MH |
2476 | /* Accept if secure or higher security level is already present */ |
2477 | if (conn->sec_level == BT_SECURITY_HIGH || | |
2478 | conn->sec_level == BT_SECURITY_FIPS) | |
b3b1b061 WR |
2479 | return 1; |
2480 | ||
9cb2e030 MH |
2481 | /* Reject not secure link */ |
2482 | return 0; | |
b3b1b061 WR |
2483 | } |
2484 | EXPORT_SYMBOL(hci_conn_check_secure); | |
2485 | ||
1da177e4 | 2486 | /* Switch role */ |
8c1b2355 | 2487 | int hci_conn_switch_role(struct hci_conn *conn, __u8 role) |
1da177e4 | 2488 | { |
38b3fef1 | 2489 | BT_DBG("hcon %p", conn); |
1da177e4 | 2490 | |
40bef302 | 2491 | if (role == conn->role) |
1da177e4 LT |
2492 | return 1; |
2493 | ||
51a8efd7 | 2494 | if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) { |
1da177e4 LT |
2495 | struct hci_cp_switch_role cp; |
2496 | bacpy(&cp.bdaddr, &conn->dst); | |
2497 | cp.role = role; | |
a9de9248 | 2498 | hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); |
1da177e4 | 2499 | } |
8c1b2355 | 2500 | |
1da177e4 LT |
2501 | return 0; |
2502 | } | |
2503 | EXPORT_SYMBOL(hci_conn_switch_role); | |
2504 | ||
04837f64 | 2505 | /* Enter active mode */ |
14b12d0b | 2506 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) |
04837f64 MH |
2507 | { |
2508 | struct hci_dev *hdev = conn->hdev; | |
2509 | ||
38b3fef1 | 2510 | BT_DBG("hcon %p mode %d", conn, conn->mode); |
04837f64 | 2511 | |
14b12d0b JG |
2512 | if (conn->mode != HCI_CM_SNIFF) |
2513 | goto timer; | |
2514 | ||
58a681ef | 2515 | if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active) |
04837f64 MH |
2516 | goto timer; |
2517 | ||
51a8efd7 | 2518 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { |
04837f64 | 2519 | struct hci_cp_exit_sniff_mode cp; |
aca3192c | 2520 | cp.handle = cpu_to_le16(conn->handle); |
a9de9248 | 2521 | hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); |
04837f64 MH |
2522 | } |
2523 | ||
2524 | timer: | |
2525 | if (hdev->idle_timeout > 0) | |
a74a84f6 JH |
2526 | queue_delayed_work(hdev->workqueue, &conn->idle_work, |
2527 | msecs_to_jiffies(hdev->idle_timeout)); | |
04837f64 MH |
2528 | } |
2529 | ||
1da177e4 LT |
2530 | /* Drop all connection on the device */ |
2531 | void hci_conn_hash_flush(struct hci_dev *hdev) | |
2532 | { | |
a2ac591c RL |
2533 | struct list_head *head = &hdev->conn_hash.list; |
2534 | struct hci_conn *conn; | |
1da177e4 LT |
2535 | |
2536 | BT_DBG("hdev %s", hdev->name); | |
2537 | ||
a2ac591c RL |
2538 | /* We should not traverse the list here, because hci_conn_del |
2539 | * can remove extra links, which may cause the list traversal | |
2540 | * to hit items that have already been released. | |
2541 | */ | |
2542 | while ((conn = list_first_entry_or_null(head, | |
2543 | struct hci_conn, | |
2544 | list)) != NULL) { | |
2545 | conn->state = BT_CLOSED; | |
2546 | hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM); | |
a2ac591c | 2547 | hci_conn_del(conn); |
1da177e4 LT |
2548 | } |
2549 | } | |
2550 | ||
4dae2798 JH |
2551 | static u32 get_link_mode(struct hci_conn *conn) |
2552 | { | |
2553 | u32 link_mode = 0; | |
2554 | ||
40bef302 | 2555 | if (conn->role == HCI_ROLE_MASTER) |
4dae2798 JH |
2556 | link_mode |= HCI_LM_MASTER; |
2557 | ||
2558 | if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) | |
2559 | link_mode |= HCI_LM_ENCRYPT; | |
2560 | ||
2561 | if (test_bit(HCI_CONN_AUTH, &conn->flags)) | |
2562 | link_mode |= HCI_LM_AUTH; | |
2563 | ||
2564 | if (test_bit(HCI_CONN_SECURE, &conn->flags)) | |
2565 | link_mode |= HCI_LM_SECURE; | |
2566 | ||
2567 | if (test_bit(HCI_CONN_FIPS, &conn->flags)) | |
2568 | link_mode |= HCI_LM_FIPS; | |
2569 | ||
2570 | return link_mode; | |
2571 | } | |
2572 | ||
1da177e4 LT |
2573 | int hci_get_conn_list(void __user *arg) |
2574 | { | |
fc5fef61 | 2575 | struct hci_conn *c; |
1da177e4 LT |
2576 | struct hci_conn_list_req req, *cl; |
2577 | struct hci_conn_info *ci; | |
2578 | struct hci_dev *hdev; | |
1da177e4 LT |
2579 | int n = 0, size, err; |
2580 | ||
2581 | if (copy_from_user(&req, arg, sizeof(req))) | |
2582 | return -EFAULT; | |
2583 | ||
2584 | if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) | |
2585 | return -EINVAL; | |
2586 | ||
2587 | size = sizeof(req) + req.conn_num * sizeof(*ci); | |
2588 | ||
70f23020 AE |
2589 | cl = kmalloc(size, GFP_KERNEL); |
2590 | if (!cl) | |
1da177e4 LT |
2591 | return -ENOMEM; |
2592 | ||
70f23020 AE |
2593 | hdev = hci_dev_get(req.dev_id); |
2594 | if (!hdev) { | |
1da177e4 LT |
2595 | kfree(cl); |
2596 | return -ENODEV; | |
2597 | } | |
2598 | ||
2599 | ci = cl->conn_info; | |
2600 | ||
09fd0de5 | 2601 | hci_dev_lock(hdev); |
8035ded4 | 2602 | list_for_each_entry(c, &hdev->conn_hash.list, list) { |
1da177e4 LT |
2603 | bacpy(&(ci + n)->bdaddr, &c->dst); |
2604 | (ci + n)->handle = c->handle; | |
2605 | (ci + n)->type = c->type; | |
2606 | (ci + n)->out = c->out; | |
2607 | (ci + n)->state = c->state; | |
4dae2798 | 2608 | (ci + n)->link_mode = get_link_mode(c); |
1da177e4 LT |
2609 | if (++n >= req.conn_num) |
2610 | break; | |
2611 | } | |
09fd0de5 | 2612 | hci_dev_unlock(hdev); |
1da177e4 LT |
2613 | |
2614 | cl->dev_id = hdev->id; | |
2615 | cl->conn_num = n; | |
2616 | size = sizeof(req) + n * sizeof(*ci); | |
2617 | ||
2618 | hci_dev_put(hdev); | |
2619 | ||
2620 | err = copy_to_user(arg, cl, size); | |
2621 | kfree(cl); | |
2622 | ||
2623 | return err ? -EFAULT : 0; | |
2624 | } | |
2625 | ||
2626 | int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) | |
2627 | { | |
2628 | struct hci_conn_info_req req; | |
2629 | struct hci_conn_info ci; | |
2630 | struct hci_conn *conn; | |
2631 | char __user *ptr = arg + sizeof(req); | |
2632 | ||
2633 | if (copy_from_user(&req, arg, sizeof(req))) | |
2634 | return -EFAULT; | |
2635 | ||
09fd0de5 | 2636 | hci_dev_lock(hdev); |
1da177e4 LT |
2637 | conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); |
2638 | if (conn) { | |
2639 | bacpy(&ci.bdaddr, &conn->dst); | |
2640 | ci.handle = conn->handle; | |
2641 | ci.type = conn->type; | |
2642 | ci.out = conn->out; | |
2643 | ci.state = conn->state; | |
4dae2798 | 2644 | ci.link_mode = get_link_mode(conn); |
1da177e4 | 2645 | } |
09fd0de5 | 2646 | hci_dev_unlock(hdev); |
1da177e4 LT |
2647 | |
2648 | if (!conn) | |
2649 | return -ENOENT; | |
2650 | ||
2651 | return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; | |
2652 | } | |
40be492f MH |
2653 | |
2654 | int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) | |
2655 | { | |
2656 | struct hci_auth_info_req req; | |
2657 | struct hci_conn *conn; | |
2658 | ||
2659 | if (copy_from_user(&req, arg, sizeof(req))) | |
2660 | return -EFAULT; | |
2661 | ||
09fd0de5 | 2662 | hci_dev_lock(hdev); |
40be492f MH |
2663 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); |
2664 | if (conn) | |
2665 | req.type = conn->auth_type; | |
09fd0de5 | 2666 | hci_dev_unlock(hdev); |
40be492f MH |
2667 | |
2668 | if (!conn) | |
2669 | return -ENOENT; | |
2670 | ||
2671 | return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; | |
2672 | } | |
73d80deb LAD |
2673 | |
2674 | struct hci_chan *hci_chan_create(struct hci_conn *conn) | |
2675 | { | |
2676 | struct hci_dev *hdev = conn->hdev; | |
2677 | struct hci_chan *chan; | |
2678 | ||
38b3fef1 | 2679 | BT_DBG("%s hcon %p", hdev->name, conn); |
73d80deb | 2680 | |
f94b665d JH |
2681 | if (test_bit(HCI_CONN_DROP, &conn->flags)) { |
2682 | BT_DBG("Refusing to create new hci_chan"); | |
2683 | return NULL; | |
2684 | } | |
2685 | ||
27f70f3e | 2686 | chan = kzalloc(sizeof(*chan), GFP_KERNEL); |
73d80deb LAD |
2687 | if (!chan) |
2688 | return NULL; | |
2689 | ||
6c388d32 | 2690 | chan->conn = hci_conn_get(conn); |
73d80deb | 2691 | skb_queue_head_init(&chan->data_q); |
168df8e5 | 2692 | chan->state = BT_CONNECTED; |
73d80deb | 2693 | |
8192edef | 2694 | list_add_rcu(&chan->list, &conn->chan_list); |
73d80deb LAD |
2695 | |
2696 | return chan; | |
2697 | } | |
2698 | ||
9472007c | 2699 | void hci_chan_del(struct hci_chan *chan) |
73d80deb LAD |
2700 | { |
2701 | struct hci_conn *conn = chan->conn; | |
2702 | struct hci_dev *hdev = conn->hdev; | |
2703 | ||
38b3fef1 | 2704 | BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan); |
73d80deb | 2705 | |
8192edef GP |
2706 | list_del_rcu(&chan->list); |
2707 | ||
2708 | synchronize_rcu(); | |
73d80deb | 2709 | |
bcbb655a | 2710 | /* Prevent new hci_chan's to be created for this hci_conn */ |
f94b665d | 2711 | set_bit(HCI_CONN_DROP, &conn->flags); |
b3ff670a | 2712 | |
6c388d32 | 2713 | hci_conn_put(conn); |
e9b02748 | 2714 | |
73d80deb LAD |
2715 | skb_queue_purge(&chan->data_q); |
2716 | kfree(chan); | |
73d80deb LAD |
2717 | } |
2718 | ||
2c33c06a | 2719 | void hci_chan_list_flush(struct hci_conn *conn) |
73d80deb | 2720 | { |
2a5a5ec6 | 2721 | struct hci_chan *chan, *n; |
73d80deb | 2722 | |
38b3fef1 | 2723 | BT_DBG("hcon %p", conn); |
73d80deb | 2724 | |
2a5a5ec6 | 2725 | list_for_each_entry_safe(chan, n, &conn->chan_list, list) |
73d80deb LAD |
2726 | hci_chan_del(chan); |
2727 | } | |
42c4e53e AE |
2728 | |
2729 | static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, | |
2730 | __u16 handle) | |
2731 | { | |
2732 | struct hci_chan *hchan; | |
2733 | ||
2734 | list_for_each_entry(hchan, &hcon->chan_list, list) { | |
2735 | if (hchan->handle == handle) | |
2736 | return hchan; | |
2737 | } | |
2738 | ||
2739 | return NULL; | |
2740 | } | |
2741 | ||
2742 | struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle) | |
2743 | { | |
2744 | struct hci_conn_hash *h = &hdev->conn_hash; | |
2745 | struct hci_conn *hcon; | |
2746 | struct hci_chan *hchan = NULL; | |
2747 | ||
2748 | rcu_read_lock(); | |
2749 | ||
2750 | list_for_each_entry_rcu(hcon, &h->list, list) { | |
2751 | hchan = __hci_chan_lookup_handle(hcon, handle); | |
2752 | if (hchan) | |
2753 | break; | |
2754 | } | |
2755 | ||
2756 | rcu_read_unlock(); | |
2757 | ||
2758 | return hchan; | |
2759 | } | |
eab2404b LAD |
2760 | |
2761 | u32 hci_conn_get_phy(struct hci_conn *conn) | |
2762 | { | |
2763 | u32 phys = 0; | |
2764 | ||
eab2404b LAD |
2765 | /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471: |
2766 | * Table 6.2: Packets defined for synchronous, asynchronous, and | |
6397729b | 2767 | * CPB logical transport types. |
eab2404b LAD |
2768 | */ |
2769 | switch (conn->type) { | |
2770 | case SCO_LINK: | |
2771 | /* SCO logical transport (1 Mb/s): | |
2772 | * HV1, HV2, HV3 and DV. | |
2773 | */ | |
2774 | phys |= BT_PHY_BR_1M_1SLOT; | |
2775 | ||
2776 | break; | |
2777 | ||
2778 | case ACL_LINK: | |
2779 | /* ACL logical transport (1 Mb/s) ptt=0: | |
2780 | * DH1, DM3, DH3, DM5 and DH5. | |
2781 | */ | |
2782 | phys |= BT_PHY_BR_1M_1SLOT; | |
2783 | ||
2784 | if (conn->pkt_type & (HCI_DM3 | HCI_DH3)) | |
2785 | phys |= BT_PHY_BR_1M_3SLOT; | |
2786 | ||
2787 | if (conn->pkt_type & (HCI_DM5 | HCI_DH5)) | |
2788 | phys |= BT_PHY_BR_1M_5SLOT; | |
2789 | ||
2790 | /* ACL logical transport (2 Mb/s) ptt=1: | |
2791 | * 2-DH1, 2-DH3 and 2-DH5. | |
2792 | */ | |
2793 | if (!(conn->pkt_type & HCI_2DH1)) | |
2794 | phys |= BT_PHY_EDR_2M_1SLOT; | |
2795 | ||
2796 | if (!(conn->pkt_type & HCI_2DH3)) | |
2797 | phys |= BT_PHY_EDR_2M_3SLOT; | |
2798 | ||
2799 | if (!(conn->pkt_type & HCI_2DH5)) | |
2800 | phys |= BT_PHY_EDR_2M_5SLOT; | |
2801 | ||
2802 | /* ACL logical transport (3 Mb/s) ptt=1: | |
2803 | * 3-DH1, 3-DH3 and 3-DH5. | |
2804 | */ | |
2805 | if (!(conn->pkt_type & HCI_3DH1)) | |
2806 | phys |= BT_PHY_EDR_3M_1SLOT; | |
2807 | ||
2808 | if (!(conn->pkt_type & HCI_3DH3)) | |
2809 | phys |= BT_PHY_EDR_3M_3SLOT; | |
2810 | ||
2811 | if (!(conn->pkt_type & HCI_3DH5)) | |
2812 | phys |= BT_PHY_EDR_3M_5SLOT; | |
2813 | ||
2814 | break; | |
2815 | ||
2816 | case ESCO_LINK: | |
2817 | /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */ | |
2818 | phys |= BT_PHY_BR_1M_1SLOT; | |
2819 | ||
2820 | if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5))) | |
2821 | phys |= BT_PHY_BR_1M_3SLOT; | |
2822 | ||
2823 | /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */ | |
2824 | if (!(conn->pkt_type & ESCO_2EV3)) | |
2825 | phys |= BT_PHY_EDR_2M_1SLOT; | |
2826 | ||
2827 | if (!(conn->pkt_type & ESCO_2EV5)) | |
2828 | phys |= BT_PHY_EDR_2M_3SLOT; | |
2829 | ||
2830 | /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */ | |
2831 | if (!(conn->pkt_type & ESCO_3EV3)) | |
2832 | phys |= BT_PHY_EDR_3M_1SLOT; | |
2833 | ||
2834 | if (!(conn->pkt_type & ESCO_3EV5)) | |
2835 | phys |= BT_PHY_EDR_3M_3SLOT; | |
2836 | ||
2837 | break; | |
2838 | ||
2839 | case LE_LINK: | |
2840 | if (conn->le_tx_phy & HCI_LE_SET_PHY_1M) | |
2841 | phys |= BT_PHY_LE_1M_TX; | |
2842 | ||
2843 | if (conn->le_rx_phy & HCI_LE_SET_PHY_1M) | |
2844 | phys |= BT_PHY_LE_1M_RX; | |
2845 | ||
2846 | if (conn->le_tx_phy & HCI_LE_SET_PHY_2M) | |
2847 | phys |= BT_PHY_LE_2M_TX; | |
2848 | ||
2849 | if (conn->le_rx_phy & HCI_LE_SET_PHY_2M) | |
2850 | phys |= BT_PHY_LE_2M_RX; | |
2851 | ||
2852 | if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED) | |
2853 | phys |= BT_PHY_LE_CODED_TX; | |
2854 | ||
2855 | if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED) | |
2856 | phys |= BT_PHY_LE_CODED_RX; | |
2857 | ||
2858 | break; | |
2859 | } | |
2860 | ||
eab2404b LAD |
2861 | return phys; |
2862 | } | |
1a942de0 | 2863 | |
a13f316e | 2864 | static int abort_conn_sync(struct hci_dev *hdev, void *data) |
1a942de0 | 2865 | { |
881559af | 2866 | struct hci_conn *conn = data; |
1a942de0 | 2867 | |
881559af LAD |
2868 | if (!hci_conn_valid(hdev, conn)) |
2869 | return -ECANCELED; | |
b62e7220 | 2870 | |
a13f316e LAD |
2871 | return hci_abort_conn_sync(hdev, conn, conn->abort_reason); |
2872 | } | |
1a942de0 | 2873 | |
a13f316e LAD |
2874 | int hci_abort_conn(struct hci_conn *conn, u8 reason) |
2875 | { | |
2876 | struct hci_dev *hdev = conn->hdev; | |
1a942de0 | 2877 | |
a13f316e LAD |
2878 | /* If abort_reason has already been set it means the connection is |
2879 | * already being aborted so don't attempt to overwrite it. | |
2880 | */ | |
2881 | if (conn->abort_reason) | |
2882 | return 0; | |
1a942de0 | 2883 | |
a13f316e | 2884 | bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason); |
1a942de0 | 2885 | |
a13f316e | 2886 | conn->abort_reason = reason; |
1a942de0 | 2887 | |
a13f316e LAD |
2888 | /* If the connection is pending check the command opcode since that |
2889 | * might be blocking on hci_cmd_sync_work while waiting its respective | |
2890 | * event so we need to hci_cmd_sync_cancel to cancel it. | |
04a51d61 LAD |
2891 | * |
2892 | * hci_connect_le serializes the connection attempts so only one | |
2893 | * connection can be in BT_CONNECT at time. | |
a13f316e LAD |
2894 | */ |
2895 | if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) { | |
2896 | switch (hci_skb_event(hdev->sent_cmd)) { | |
5f641f03 | 2897 | case HCI_EV_CONN_COMPLETE: |
a13f316e LAD |
2898 | case HCI_EV_LE_CONN_COMPLETE: |
2899 | case HCI_EV_LE_ENHANCED_CONN_COMPLETE: | |
2900 | case HCI_EVT_LE_CIS_ESTABLISHED: | |
2901 | hci_cmd_sync_cancel(hdev, -ECANCELED); | |
2902 | break; | |
1a942de0 | 2903 | } |
881559af LAD |
2904 | /* Cancel connect attempt if still queued/pending */ |
2905 | } else if (!hci_cancel_connect_sync(hdev, conn)) { | |
2906 | return 0; | |
1a942de0 BG |
2907 | } |
2908 | ||
881559af | 2909 | return hci_cmd_sync_queue_once(hdev, abort_conn_sync, conn, NULL); |
1a942de0 | 2910 | } |