projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use unresolvable private address for active scanning
[linux-2.6-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31
ac4b7236 32#include "smp.h"
7024728e
MH		 33#include "a2mp.h"
34
2dea632f
FD		 35struct sco_param {
36 u16 pkt_type;
37 u16 max_latency;
38};
39
40static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
46};
47
48static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
51};
52
1aef8669 53static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 54{
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
56}
57
1aef8669 58static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 59{
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
63
42d2d87c 64 BT_DBG("hcon %p", conn);
1da177e4
LT		 65
66 conn->state = BT_CONNECT;
a0c808b3 67 conn->out = true;
a8746417 68
1da177e4
LT		 69 conn->link_mode = HCI_LM_MASTER;
70
4c67bc74
MH		 71 conn->attempt++;
72
e4e8e37c
MH		 73 conn->link_policy = hdev->link_policy;
74
1da177e4
LT		 75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
70f23020
AE		 79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
41a96212
MH		 81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
82781e63 85 __constant_cpu_to_le16(0x8000);
41a96212
MH		 86 }
87
1da177e4 88 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 91 }
92
a8746417 93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 95 cp.role_switch = 0x01;
1da177e4 96 else
b6a0dc82 97 cp.role_switch = 0x00;
4c67bc74 98
a9de9248 99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 100}
101
1aef8669 102static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 103{
104 struct hci_cp_create_conn_cancel cp;
105
38b3fef1 106 BT_DBG("hcon %p", conn);
6ac59344 107
d095c1eb 108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 113}
114
93796fa6
CT		 115static void hci_reject_sco(struct hci_conn *conn)
116{
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123}
124
bed71748 125void hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 126{
127 struct hci_cp_disconnect cp;
128
38b3fef1 129 BT_DBG("hcon %p", conn);
1da177e4
LT		 130
131 conn->state = BT_DISCONN;
132
aca3192c 133 cp.handle = cpu_to_le16(conn->handle);
1da177e4 134 cp.reason = reason;
a9de9248 135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 136}
137
53502d69
AE		 138static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
139{
140 struct hci_cp_disconn_phy_link cp;
141
142 BT_DBG("hcon %p", conn);
143
144 conn->state = BT_DISCONN;
145
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
147 cp.reason = reason;
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
149 sizeof(cp), &cp);
150}
151
57f5d0d1 152static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 153{
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
156
38b3fef1 157 BT_DBG("hcon %p", conn);
1da177e4
LT		 158
159 conn->state = BT_CONNECT;
a0c808b3 160 conn->out = true;
1da177e4 161
efc7688b
MH		 162 conn->attempt++;
163
aca3192c 164 cp.handle = cpu_to_le16(handle);
a8746417 165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 166
a9de9248 167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 168}
169
2dea632f 170bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 171{
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
2dea632f 174 const struct sco_param *param;
b6a0dc82 175
38b3fef1 176 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 177
178 conn->state = BT_CONNECT;
a0c808b3 179 conn->out = true;
b6a0dc82 180
efc7688b
MH		 181 conn->attempt++;
182
b6a0dc82 183 cp.handle = cpu_to_le16(handle);
b6a0dc82 184
82781e63
AE		 185 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
10c62ddc
FD		 187 cp.voice_setting = cpu_to_le16(conn->setting);
188
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
2dea632f
FD		 191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
192 return false;
10c62ddc 193 cp.retrans_effort = 0x02;
2dea632f 194 param = &sco_param_wideband[conn->attempt - 1];
10c62ddc
FD		 195 break;
196 case SCO_AIRMODE_CVSD:
2dea632f
FD		 197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
198 return false;
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
10c62ddc 201 break;
2dea632f
FD		 202 default:
203 return false;
10c62ddc 204 }
b6a0dc82 205
2dea632f
FD		 206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
208
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
210 return false;
211
212 return true;
b6a0dc82
MH		 213}
214
2ce603eb 215void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
5974e4c4 216 u16 latency, u16 to_multiplier)
2ce603eb
CT		 217{
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
220
221 memset(&cp, 0, sizeof(cp));
222
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
d66c2950
MH		 228 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
229 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
2ce603eb
CT		 230
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
232}
2ce603eb 233
a7a595f6 234void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
5974e4c4 235 __u8 ltk[16])
a7a595f6
VCG		 236{
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
239
38b3fef1 240 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 241
242 memset(&cp, 0, sizeof(cp));
243
244 cp.handle = cpu_to_le16(conn->handle);
245 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
246 cp.ediv = ediv;
51beabdf 247 memcpy(cp.rand, rand, sizeof(cp.rand));
a7a595f6
VCG		 248
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
250}
a7a595f6 251
e73439d8
MH		 252/* Device _must_ be locked */
253void hci_sco_setup(struct hci_conn *conn, __u8 status)
254{
255 struct hci_conn *sco = conn->link;
256
e73439d8
MH		 257 if (!sco)
258 return;
259
38b3fef1
AE		 260 BT_DBG("hcon %p", conn);
261
e73439d8
MH		 262 if (!status) {
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
265 else
266 hci_add_sco(sco, conn->handle);
267 } else {
268 hci_proto_connect_cfm(sco, status);
269 hci_conn_del(sco);
270 }
271}
272
53502d69
AE		 273static void hci_conn_disconnect(struct hci_conn *conn)
274{
275 __u8 reason = hci_proto_disconn_ind(conn);
276
277 switch (conn->type) {
53502d69
AE		 278 case AMP_LINK:
279 hci_amp_disconn(conn, reason);
280 break;
4c02e2d4 281 default:
bed71748 282 hci_disconnect(conn, reason);
4c02e2d4 283 break;
53502d69
AE		 284 }
285}
286
19c40e3b 287static void hci_conn_timeout(struct work_struct *work)
1da177e4 288{
19c40e3b 289 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 290 disc_work.work);
1da177e4 291
38b3fef1 292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4
LT		 293
294 if (atomic_read(&conn->refcnt))
295 return;
296
6ac59344
MH		 297 switch (conn->state) {
298 case BT_CONNECT:
769be974 299 case BT_CONNECT2:
fcd89c09
VT		 300 if (conn->out) {
301 if (conn->type == ACL_LINK)
1aef8669 302 hci_acl_create_connection_cancel(conn);
fcd89c09 303 else if (conn->type == LE_LINK)
1aef8669 304 hci_le_create_connection_cancel(conn);
93796fa6
CT		 305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
fcd89c09 307 }
6ac59344 308 break;
769be974 309 case BT_CONFIG:
8e87d142 310 case BT_CONNECTED:
53502d69 311 hci_conn_disconnect(conn);
6ac59344
MH		 312 break;
313 default:
1da177e4 314 conn->state = BT_CLOSED;
6ac59344
MH		 315 break;
316 }
1da177e4
LT		 317}
318
416dc94b 319/* Enter sniff mode */
a74a84f6 320static void hci_conn_idle(struct work_struct *work)
416dc94b 321{
a74a84f6
JH		 322 struct hci_conn *conn = container_of(work, struct hci_conn,
323 idle_work.work);
416dc94b
GP		 324 struct hci_dev *hdev = conn->hdev;
325
38b3fef1 326 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b
GP		 327
328 if (test_bit(HCI_RAW, &hdev->flags))
329 return;
330
331 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
332 return;
333
334 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
335 return;
336
337 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
338 struct hci_cp_sniff_subrate cp;
339 cp.handle = cpu_to_le16(conn->handle);
82781e63
AE		 340 cp.max_latency = __constant_cpu_to_le16(0);
341 cp.min_remote_timeout = __constant_cpu_to_le16(0);
342 cp.min_local_timeout = __constant_cpu_to_le16(0);
416dc94b
GP		 343 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
344 }
345
51a8efd7 346 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 347 struct hci_cp_sniff_mode cp;
348 cp.handle = cpu_to_le16(conn->handle);
349 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
350 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
82781e63
AE		 351 cp.attempt = __constant_cpu_to_le16(4);
352 cp.timeout = __constant_cpu_to_le16(1);
416dc94b
GP		 353 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
354 }
355}
356
7bc18d9d 357static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 358{
7bc18d9d
JH		 359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 auto_accept_work.work);
9f61656a 361
7bc18d9d 362 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 363 &conn->dst);
9f61656a
JH		 364}
365
1da177e4
LT		 366struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
367{
368 struct hci_conn *conn;
369
6ed93dc6 370 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 371
cb601d7e 372 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
04837f64 373 if (!conn)
1da177e4 374 return NULL;
1da177e4
LT		 375
376 bacpy(&conn->dst, dst);
662e8820 377 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 378 conn->hdev = hdev;
379 conn->type = type;
380 conn->mode = HCI_CM_ACTIVE;
381 conn->state = BT_OPEN;
93f19c9f 382 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 383 conn->io_capability = hdev->io_capability;
a9583556 384 conn->remote_auth = 0xff;
13d39315 385 conn->key_type = 0xff;
1da177e4 386
58a681ef 387 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 388 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 389
a8746417
MH		 390 switch (type) {
391 case ACL_LINK:
392 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
393 break;
394 case SCO_LINK:
395 if (lmp_esco_capable(hdev))
efc7688b
MH		 396 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
397 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 398 else
399 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
400 break;
401 case ESCO_LINK:
efc7688b 402 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 403 break;
404 }
405
1da177e4 406 skb_queue_head_init(&conn->data_q);
04837f64 407
70c1f20b 408 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 409
19c40e3b 410 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 411 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 412 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1da177e4
LT		 413
414 atomic_set(&conn->refcnt, 0);
415
416 hci_dev_hold(hdev);
417
1da177e4 418 hci_conn_hash_add(hdev, conn);
3c54711c 419 if (hdev->notify)
1da177e4
LT		 420 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
421
a67e899c
MH		 422 hci_conn_init_sysfs(conn);
423
1da177e4
LT		 424 return conn;
425}
426
427int hci_conn_del(struct hci_conn *conn)
428{
429 struct hci_dev *hdev = conn->hdev;
430
38b3fef1 431 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 432
19c40e3b 433 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 434 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 435 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 436
5b7f9909 437 if (conn->type == ACL_LINK) {
1da177e4
LT		 438 struct hci_conn *sco = conn->link;
439 if (sco)
440 sco->link = NULL;
441
442 /* Unacked frames */
443 hdev->acl_cnt += conn->sent;
6ed58ec5
VT		 444 } else if (conn->type == LE_LINK) {
445 if (hdev->le_pkts)
446 hdev->le_cnt += conn->sent;
447 else
448 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 449 } else {
450 struct hci_conn *acl = conn->link;
451 if (acl) {
452 acl->link = NULL;
76a68ba0 453 hci_conn_drop(acl);
5b7f9909 454 }
1da177e4
LT		 455 }
456
2c33c06a 457 hci_chan_list_flush(conn);
73d80deb 458
9740e49d
AE		 459 if (conn->amp_mgr)
460 amp_mgr_put(conn->amp_mgr);
461
1da177e4 462 hci_conn_hash_del(hdev, conn);
3c54711c 463 if (hdev->notify)
1da177e4 464 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 465
1da177e4 466 skb_queue_purge(&conn->data_q);
1da177e4 467
fc225c3f 468 hci_conn_del_sysfs(conn);
2ae9a6be 469
384943ec
MH		 470 hci_dev_put(hdev);
471
8d12356f 472 hci_conn_put(conn);
163f4dab 473
1da177e4
LT		 474 return 0;
475}
476
477struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
478{
479 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 480 struct hci_dev *hdev = NULL, *d;
1da177e4 481
6ed93dc6 482 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 483
f20d09d5 484 read_lock(&hci_dev_list_lock);
1da177e4 485
8035ded4 486 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 487 if (!test_bit(HCI_UP, &d->flags) ||
d300fa9b 488 test_bit(HCI_RAW, &d->flags) ||
af750e94 489 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 490 d->dev_type != HCI_BREDR)
1da177e4
LT		 491 continue;
492
8e87d142 493 /* Simple routing:
1da177e4
LT		 494 * No source address - find interface with bdaddr != dst
495 * Source address - find interface with bdaddr == src
496 */
497
498 if (use_src) {
499 if (!bacmp(&d->bdaddr, src)) {
500 hdev = d; break;
501 }
502 } else {
503 if (bacmp(&d->bdaddr, dst)) {
504 hdev = d; break;
505 }
506 }
507 }
508
509 if (hdev)
510 hdev = hci_dev_hold(hdev);
511
f20d09d5 512 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 513 return hdev;
514}
515EXPORT_SYMBOL(hci_get_route);
516
9bb3c01f
AG		 517/* This function requires the caller holds hdev->lock */
518static void le_conn_failed(struct hci_conn *conn, u8 status)
519{
520 struct hci_dev *hdev = conn->hdev;
521
522 conn->state = BT_CLOSED;
523
524 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
525 status);
526
527 hci_proto_connect_cfm(conn, status);
528
529 hci_conn_del(conn);
530}
531
1d399ae5
AG		 532static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
533{
534 struct hci_conn *conn;
535
536 if (status == 0)
537 return;
538
539 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
540 status);
541
542 hci_dev_lock(hdev);
543
544 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
545 if (!conn)
546 goto done;
547
9bb3c01f 548 le_conn_failed(conn, status);
1d399ae5
AG		 549
550done:
551 hci_dev_unlock(hdev);
552}
553
554static int hci_create_le_conn(struct hci_conn *conn)
555{
556 struct hci_dev *hdev = conn->hdev;
557 struct hci_cp_le_create_conn cp;
558 struct hci_request req;
85030be4 559 u8 own_addr_type;
1d399ae5
AG		 560 int err;
561
562 hci_req_init(&req, hdev);
563
564 memset(&cp, 0, sizeof(cp));
85030be4 565
94b1fc92
MH		 566 /* Update random address, but set require_privacy to false so
567 * that we never connect with an unresolvable address.
568 */
569 err = hci_update_random_address(&req, false, &own_addr_type);
85030be4
JH		 570 if (err < 0)
571 return err;
572
e26b1ffa
JH		 573 conn->src_type = own_addr_type;
574
bef64738
MH		 575 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
576 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
1d399ae5
AG		 577 bacpy(&cp.peer_addr, &conn->dst);
578 cp.peer_addr_type = conn->dst_type;
85030be4 579 cp.own_address_type = own_addr_type;
1e406eef
AG		 580 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
581 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
1d399ae5
AG		 582 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
583 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
584 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
4e70c7e7 585
1d399ae5
AG		 586 hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
587
588 err = hci_req_run(&req, create_le_conn_complete);
589 if (err) {
590 hci_conn_del(conn);
591 return err;
592 }
593
594 return 0;
595}
596
d04aef4c
VCG		 597static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
598 u8 dst_type, u8 sec_level, u8 auth_type)
1da177e4 599{
4292f1f3 600 struct hci_conn_params *params;
f1e5d547 601 struct hci_conn *conn;
1ebfcc1f 602 struct smp_irk *irk;
1d399ae5 603 int err;
1da177e4 604
f3d3444a 605 if (test_bit(HCI_ADVERTISING, &hdev->flags))
f1550478
JH		 606 return ERR_PTR(-ENOTSUPP);
607
620ad521
AG		 608 /* Some devices send ATT messages as soon as the physical link is
609 * established. To be able to handle these ATT messages, the user-
610 * space first establishes the connection and then starts the pairing
611 * process.
612 *
613 * So if a hci_conn object already exists for the following connection
614 * attempt, we simply update pending_sec_level and auth_type fields
615 * and return the object found.
616 */
f1e5d547 617 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 618 if (conn) {
619 conn->pending_sec_level = sec_level;
620 conn->auth_type = auth_type;
621 goto done;
622 }
dfc94dbd 623
620ad521
AG		 624 /* Since the controller supports only one LE connection attempt at a
625 * time, we return -EBUSY if there is any connection attempt running.
626 */
627 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
628 if (conn)
629 return ERR_PTR(-EBUSY);
46a190cb 630
1ebfcc1f
JH		 631 /* Convert from L2CAP channel address type to HCI address type */
632 if (dst_type == BDADDR_LE_PUBLIC)
633 dst_type = ADDR_LE_DEV_PUBLIC;
634 else
635 dst_type = ADDR_LE_DEV_RANDOM;
636
edb4b466
MH		 637 /* When given an identity address with existing identity
638 * resolving key, the connection needs to be established
639 * to a resolvable random address.
640 *
641 * This uses the cached random resolvable address from
642 * a previous scan. When no cached address is available,
643 * try connecting to the identity address instead.
644 *
645 * Storing the resolvable random address is required here
646 * to handle connection failures. The address will later
647 * be resolved back into the original identity address
648 * from the connect request.
649 */
1ebfcc1f
JH		 650 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
651 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
652 dst = &irk->rpa;
653 dst_type = ADDR_LE_DEV_RANDOM;
654 }
655
620ad521
AG		 656 conn = hci_conn_add(hdev, LE_LINK, dst);
657 if (!conn)
658 return ERR_PTR(-ENOMEM);
9f0caeb1 659
1ebfcc1f 660 conn->dst_type = dst_type;
e7c4096e 661
620ad521
AG		 662 conn->state = BT_CONNECT;
663 conn->out = true;
664 conn->link_mode |= HCI_LM_MASTER;
665 conn->sec_level = BT_SECURITY_LOW;
f1e5d547
AG		 666 conn->pending_sec_level = sec_level;
667 conn->auth_type = auth_type;
4292f1f3
AG		 668
669 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
670 if (params) {
671 conn->le_conn_min_interval = params->conn_min_interval;
672 conn->le_conn_max_interval = params->conn_max_interval;
673 } else {
674 conn->le_conn_min_interval = hdev->le_conn_min_interval;
675 conn->le_conn_max_interval = hdev->le_conn_max_interval;
676 }
eda42b50 677
620ad521
AG		 678 err = hci_create_le_conn(conn);
679 if (err)
680 return ERR_PTR(err);
fcd89c09 681
620ad521
AG		 682done:
683 hci_conn_hold(conn);
f1e5d547 684 return conn;
d04aef4c 685}
fcd89c09 686
db474275
VCG		 687static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
688 u8 sec_level, u8 auth_type)
1da177e4
LT		 689{
690 struct hci_conn *acl;
fcd89c09 691
56f87901
JH		 692 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
693 return ERR_PTR(-ENOTSUPP);
694
70f23020
AE		 695 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
696 if (!acl) {
697 acl = hci_conn_add(hdev, ACL_LINK, dst);
698 if (!acl)
48c7aba9 699 return ERR_PTR(-ENOMEM);
1da177e4
LT		 700 }
701
702 hci_conn_hold(acl);
703
09ab6f4c 704 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 705 acl->sec_level = BT_SECURITY_LOW;
706 acl->pending_sec_level = sec_level;
09ab6f4c 707 acl->auth_type = auth_type;
1aef8669 708 hci_acl_create_connection(acl);
09ab6f4c 709 }
1da177e4 710
db474275
VCG		 711 return acl;
712}
713
10c62ddc
FD		 714struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
715 __u16 setting)
db474275
VCG		 716{
717 struct hci_conn *acl;
718 struct hci_conn *sco;
719
e660ed6c 720 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 721 if (IS_ERR(acl))
5b7f9909 722 return acl;
1da177e4 723
70f23020
AE		 724 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
725 if (!sco) {
726 sco = hci_conn_add(hdev, type, dst);
727 if (!sco) {
76a68ba0 728 hci_conn_drop(acl);
48c7aba9 729 return ERR_PTR(-ENOMEM);
1da177e4 730 }
5b7f9909 731 }
1da177e4 732
5b7f9909
MH		 733 acl->link = sco;
734 sco->link = acl;
1da177e4 735
5b7f9909 736 hci_conn_hold(sco);
1da177e4 737
10c62ddc
FD		 738 sco->setting = setting;
739
5b7f9909 740 if (acl->state == BT_CONNECTED &&
5974e4c4 741 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 742 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 743 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 744
51a8efd7 745 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 746 /* defer SCO setup until mode change completed */
51a8efd7 747 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 748 return sco;
749 }
750
751 hci_sco_setup(acl, 0x00);
b6a0dc82 752 }
5b7f9909
MH		 753
754 return sco;
1da177e4 755}
1da177e4 756
b7d839bf
VCG		 757/* Create SCO, ACL or LE connection. */
758struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
759 __u8 dst_type, __u8 sec_level, __u8 auth_type)
760{
6ed93dc6 761 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
b7d839bf 762
4cd2d983
VCG		 763 switch (type) {
764 case LE_LINK:
b7d839bf 765 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
4cd2d983 766 case ACL_LINK:
b7d839bf 767 return hci_connect_acl(hdev, dst, sec_level, auth_type);
4cd2d983 768 }
b7d839bf 769
4cd2d983 770 return ERR_PTR(-EINVAL);
b7d839bf
VCG		 771}
772
e7c29cb1
MH		 773/* Check link security requirement */
774int hci_conn_check_link_mode(struct hci_conn *conn)
775{
38b3fef1 776 BT_DBG("hcon %p", conn);
e7c29cb1 777
aa64a8b5 778 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
e7c29cb1
MH		 779 return 0;
780
781 return 1;
782}
e7c29cb1 783
1da177e4 784/* Authenticate remote device */
0684e5f9 785static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 786{
38b3fef1 787 BT_DBG("hcon %p", conn);
1da177e4 788
765c2a96
JH		 789 if (conn->pending_sec_level > sec_level)
790 sec_level = conn->pending_sec_level;
791
96a31833 792 if (sec_level > conn->sec_level)
765c2a96 793 conn->pending_sec_level = sec_level;
96a31833 794 else if (conn->link_mode & HCI_LM_AUTH)
1da177e4
LT		 795 return 1;
796
65cf686e
JH		 797 /* Make sure we preserve an existing MITM requirement*/
798 auth_type |= (conn->auth_type & 0x01);
799
96a31833
MH		 800 conn->auth_type = auth_type;
801
51a8efd7 802 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 803 struct hci_cp_auth_requested cp;
b7d05bad
PH		 804
805 /* encrypt must be pending if auth is also pending */
806 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
807
aca3192c 808 cp.handle = cpu_to_le16(conn->handle);
40be492f 809 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 810 sizeof(cp), &cp);
19f8def0 811 if (conn->key_type != 0xff)
51a8efd7 812 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 813 }
8c1b2355 814
1da177e4
LT		 815 return 0;
816}
1da177e4 817
13d39315
WR		 818/* Encrypt the the link */
819static void hci_conn_encrypt(struct hci_conn *conn)
820{
38b3fef1 821 BT_DBG("hcon %p", conn);
13d39315 822
51a8efd7 823 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 824 struct hci_cp_set_conn_encrypt cp;
825 cp.handle = cpu_to_le16(conn->handle);
826 cp.encrypt = 0x01;
827 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 828 &cp);
13d39315
WR		 829 }
830}
831
8c1b2355 832/* Enable security */
0684e5f9 833int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 834{
38b3fef1 835 BT_DBG("hcon %p", conn);
1da177e4 836
d8343f12
VCG		 837 if (conn->type == LE_LINK)
838 return smp_conn_security(conn, sec_level);
839
13d39315 840 /* For sdp we don't need the link key. */
8c1b2355
MH		 841 if (sec_level == BT_SECURITY_SDP)
842 return 1;
843
13d39315
WR		 844 /* For non 2.1 devices and low security level we don't need the link
845 key. */
aa64a8b5 846 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 847 return 1;
8c1b2355 848
13d39315
WR		 849 /* For other security levels we need the link key. */
850 if (!(conn->link_mode & HCI_LM_AUTH))
851 goto auth;
852
7b5a9241
MH		 853 /* An authenticated FIPS approved combination key has sufficient
854 * security for security level 4. */
855 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
856 sec_level == BT_SECURITY_FIPS)
857 goto encrypt;
858
859 /* An authenticated combination key has sufficient security for
860 security level 3. */
861 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
862 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
863 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 864 goto encrypt;
865
866 /* An unauthenticated combination key has sufficient security for
867 security level 1 and 2. */
66138ce8
MH		 868 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
869 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 870 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 871 goto encrypt;
872
873 /* A combination key has always sufficient security for the security
874 levels 1 or 2. High security level requires the combination key
875 is generated using maximum PIN code length (16).
876 For pre 2.1 units. */
877 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 878 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
879 conn->pin_length == 16))
13d39315
WR		 880 goto encrypt;
881
882auth:
51a8efd7 883 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 884 return 0;
885
6fdf658c
LAD		 886 if (!hci_conn_auth(conn, sec_level, auth_type))
887 return 0;
13d39315
WR		 888
889encrypt:
890 if (conn->link_mode & HCI_LM_ENCRYPT)
891 return 1;
8c1b2355 892
13d39315 893 hci_conn_encrypt(conn);
1da177e4
LT		 894 return 0;
895}
8c1b2355 896EXPORT_SYMBOL(hci_conn_security);
1da177e4 897
b3b1b061
WR		 898/* Check secure link requirement */
899int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
900{
38b3fef1 901 BT_DBG("hcon %p", conn);
b3b1b061 902
9cb2e030
MH		 903 /* Accept if non-secure or higher security level is required */
904 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
905 return 1;
b3b1b061 906
9cb2e030
MH		 907 /* Accept if secure or higher security level is already present */
908 if (conn->sec_level == BT_SECURITY_HIGH ||
909 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 910 return 1;
911
9cb2e030
MH		 912 /* Reject not secure link */
913 return 0;
b3b1b061
WR		 914}
915EXPORT_SYMBOL(hci_conn_check_secure);
916
1da177e4
LT		 917/* Change link key */
918int hci_conn_change_link_key(struct hci_conn *conn)
919{
38b3fef1 920 BT_DBG("hcon %p", conn);
1da177e4 921
51a8efd7 922 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 923 struct hci_cp_change_conn_link_key cp;
aca3192c 924 cp.handle = cpu_to_le16(conn->handle);
40be492f 925 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 926 sizeof(cp), &cp);
1da177e4 927 }
8c1b2355 928
1da177e4
LT		 929 return 0;
930}
1da177e4
LT		 931
932/* Switch role */
8c1b2355 933int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 934{
38b3fef1 935 BT_DBG("hcon %p", conn);
1da177e4
LT		 936
937 if (!role && conn->link_mode & HCI_LM_MASTER)
938 return 1;
939
51a8efd7 940 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 941 struct hci_cp_switch_role cp;
942 bacpy(&cp.bdaddr, &conn->dst);
943 cp.role = role;
a9de9248 944 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 945 }
8c1b2355 946
1da177e4
LT		 947 return 0;
948}
949EXPORT_SYMBOL(hci_conn_switch_role);
950
04837f64 951/* Enter active mode */
14b12d0b 952void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 953{
954 struct hci_dev *hdev = conn->hdev;
955
38b3fef1 956 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64
MH		 957
958 if (test_bit(HCI_RAW, &hdev->flags))
959 return;
960
14b12d0b
JG		 961 if (conn->mode != HCI_CM_SNIFF)
962 goto timer;
963
58a681ef 964 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 965 goto timer;
966
51a8efd7 967 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 968 struct hci_cp_exit_sniff_mode cp;
aca3192c 969 cp.handle = cpu_to_le16(conn->handle);
a9de9248 970 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 971 }
972
973timer:
974 if (hdev->idle_timeout > 0)
a74a84f6
JH		 975 queue_delayed_work(hdev->workqueue, &conn->idle_work,
976 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 977}
978
1da177e4
LT		 979/* Drop all connection on the device */
980void hci_conn_hash_flush(struct hci_dev *hdev)
981{
982 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 983 struct hci_conn *c, *n;
1da177e4
LT		 984
985 BT_DBG("hdev %s", hdev->name);
986
3c4e0df0 987 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 988 c->state = BT_CLOSED;
989
9f5a0d7b 990 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 991 hci_conn_del(c);
992 }
993}
994
a9de9248
MH		 995/* Check pending connect attempts */
996void hci_conn_check_pending(struct hci_dev *hdev)
997{
998 struct hci_conn *conn;
999
1000 BT_DBG("hdev %s", hdev->name);
1001
1002 hci_dev_lock(hdev);
1003
1004 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1005 if (conn)
1aef8669 1006 hci_acl_create_connection(conn);
a9de9248
MH		 1007
1008 hci_dev_unlock(hdev);
1009}
1010
1da177e4
LT		 1011int hci_get_conn_list(void __user *arg)
1012{
fc5fef61 1013 struct hci_conn *c;
1da177e4
LT		 1014 struct hci_conn_list_req req, *cl;
1015 struct hci_conn_info *ci;
1016 struct hci_dev *hdev;
1da177e4
LT		 1017 int n = 0, size, err;
1018
1019 if (copy_from_user(&req, arg, sizeof(req)))
1020 return -EFAULT;
1021
1022 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1023 return -EINVAL;
1024
1025 size = sizeof(req) + req.conn_num * sizeof(*ci);
1026
70f23020
AE		 1027 cl = kmalloc(size, GFP_KERNEL);
1028 if (!cl)
1da177e4
LT		 1029 return -ENOMEM;
1030
70f23020
AE		 1031 hdev = hci_dev_get(req.dev_id);
1032 if (!hdev) {
1da177e4
LT		 1033 kfree(cl);
1034 return -ENODEV;
1035 }
1036
1037 ci = cl->conn_info;
1038
09fd0de5 1039 hci_dev_lock(hdev);
8035ded4 1040 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1041 bacpy(&(ci + n)->bdaddr, &c->dst);
1042 (ci + n)->handle = c->handle;
1043 (ci + n)->type = c->type;
1044 (ci + n)->out = c->out;
1045 (ci + n)->state = c->state;
1046 (ci + n)->link_mode = c->link_mode;
1047 if (++n >= req.conn_num)
1048 break;
1049 }
09fd0de5 1050 hci_dev_unlock(hdev);
1da177e4
LT		 1051
1052 cl->dev_id = hdev->id;
1053 cl->conn_num = n;
1054 size = sizeof(req) + n * sizeof(*ci);
1055
1056 hci_dev_put(hdev);
1057
1058 err = copy_to_user(arg, cl, size);
1059 kfree(cl);
1060
1061 return err ? -EFAULT : 0;
1062}
1063
1064int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1065{
1066 struct hci_conn_info_req req;
1067 struct hci_conn_info ci;
1068 struct hci_conn *conn;
1069 char __user *ptr = arg + sizeof(req);
1070
1071 if (copy_from_user(&req, arg, sizeof(req)))
1072 return -EFAULT;
1073
09fd0de5 1074 hci_dev_lock(hdev);
1da177e4
LT		 1075 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1076 if (conn) {
1077 bacpy(&ci.bdaddr, &conn->dst);
1078 ci.handle = conn->handle;
1079 ci.type = conn->type;
1080 ci.out = conn->out;
1081 ci.state = conn->state;
1082 ci.link_mode = conn->link_mode;
1083 }
09fd0de5 1084 hci_dev_unlock(hdev);
1da177e4
LT		 1085
1086 if (!conn)
1087 return -ENOENT;
1088
1089 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1090}
40be492f
MH		 1091
1092int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1093{
1094 struct hci_auth_info_req req;
1095 struct hci_conn *conn;
1096
1097 if (copy_from_user(&req, arg, sizeof(req)))
1098 return -EFAULT;
1099
09fd0de5 1100 hci_dev_lock(hdev);
40be492f
MH		 1101 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1102 if (conn)
1103 req.type = conn->auth_type;
09fd0de5 1104 hci_dev_unlock(hdev);
40be492f
MH		 1105
1106 if (!conn)
1107 return -ENOENT;
1108
1109 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1110}
73d80deb
LAD		 1111
1112struct hci_chan *hci_chan_create(struct hci_conn *conn)
1113{
1114 struct hci_dev *hdev = conn->hdev;
1115 struct hci_chan *chan;
1116
38b3fef1 1117 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1118
75d7735c 1119 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
73d80deb
LAD		 1120 if (!chan)
1121 return NULL;
1122
1123 chan->conn = conn;
1124 skb_queue_head_init(&chan->data_q);
168df8e5 1125 chan->state = BT_CONNECTED;
73d80deb 1126
8192edef 1127 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1128
1129 return chan;
1130}
1131
9472007c 1132void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1133{
1134 struct hci_conn *conn = chan->conn;
1135 struct hci_dev *hdev = conn->hdev;
1136
38b3fef1 1137 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1138
8192edef
GP		 1139 list_del_rcu(&chan->list);
1140
1141 synchronize_rcu();
73d80deb 1142
76a68ba0 1143 hci_conn_drop(conn);
e9b02748 1144
73d80deb
LAD		 1145 skb_queue_purge(&chan->data_q);
1146 kfree(chan);
73d80deb
LAD		 1147}
1148
2c33c06a 1149void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1150{
2a5a5ec6 1151 struct hci_chan *chan, *n;
73d80deb 1152
38b3fef1 1153 BT_DBG("hcon %p", conn);
73d80deb 1154
2a5a5ec6 1155 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1156 hci_chan_del(chan);
1157}
42c4e53e
AE		 1158
1159static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1160 __u16 handle)
1161{
1162 struct hci_chan *hchan;
1163
1164 list_for_each_entry(hchan, &hcon->chan_list, list) {
1165 if (hchan->handle == handle)
1166 return hchan;
1167 }
1168
1169 return NULL;
1170}
1171
1172struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1173{
1174 struct hci_conn_hash *h = &hdev->conn_hash;
1175 struct hci_conn *hcon;
1176 struct hci_chan *hchan = NULL;
1177
1178 rcu_read_lock();
1179
1180 list_for_each_entry_rcu(hcon, &h->list, list) {
1181 hchan = __hci_chan_lookup_handle(hcon, handle);
1182 if (hchan)
1183 break;
1184 }
1185
1186 rcu_read_unlock();
1187
1188 return hchan;
1189}
Linux 6.x block layer and io_uring tree(s)