projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Search global l2cap channels by src/dst addresses
[linux-2.6-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
fcd89c09
VT		 46static void hci_le_connect(struct hci_conn *conn)
47{
48 struct hci_dev *hdev = conn->hdev;
49 struct hci_cp_le_create_conn cp;
50
51 conn->state = BT_CONNECT;
a0c808b3 52 conn->out = true;
b92a6223 53 conn->link_mode |= HCI_LM_MASTER;
7b5c0d52 54 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 55
56 memset(&cp, 0, sizeof(cp));
0e833915
AL		 57 cp.scan_interval = cpu_to_le16(0x0060);
58 cp.scan_window = cpu_to_le16(0x0030);
fcd89c09 59 bacpy(&cp.peer_addr, &conn->dst);
6d3ce0e7 60 cp.peer_addr_type = conn->dst_type;
0e833915
AL		 61 cp.conn_interval_min = cpu_to_le16(0x0028);
62 cp.conn_interval_max = cpu_to_le16(0x0038);
63 cp.supervision_timeout = cpu_to_le16(0x002a);
64 cp.min_ce_len = cpu_to_le16(0x0000);
65 cp.max_ce_len = cpu_to_le16(0x0000);
fcd89c09
VT		 66
67 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
68}
69
70static void hci_le_connect_cancel(struct hci_conn *conn)
71{
72 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
73}
74
4c67bc74 75void hci_acl_connect(struct hci_conn *conn)
1da177e4
LT		 76{
77 struct hci_dev *hdev = conn->hdev;
78 struct inquiry_entry *ie;
79 struct hci_cp_create_conn cp;
80
42d2d87c 81 BT_DBG("hcon %p", conn);
1da177e4
LT		 82
83 conn->state = BT_CONNECT;
a0c808b3 84 conn->out = true;
a8746417 85
1da177e4
LT		 86 conn->link_mode = HCI_LM_MASTER;
87
4c67bc74
MH		 88 conn->attempt++;
89
e4e8e37c
MH		 90 conn->link_policy = hdev->link_policy;
91
1da177e4
LT		 92 memset(&cp, 0, sizeof(cp));
93 bacpy(&cp.bdaddr, &conn->dst);
94 cp.pscan_rep_mode = 0x02;
95
70f23020
AE		 96 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
97 if (ie) {
41a96212
MH		 98 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
99 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
100 cp.pscan_mode = ie->data.pscan_mode;
101 cp.clock_offset = ie->data.clock_offset |
102 cpu_to_le16(0x8000);
103 }
104
1da177e4 105 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 106 if (ie->data.ssp_mode > 0)
107 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 108 }
109
a8746417 110 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 111 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 112 cp.role_switch = 0x01;
1da177e4 113 else
b6a0dc82 114 cp.role_switch = 0x00;
4c67bc74 115
a9de9248 116 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 117}
118
6ac59344
MH		 119static void hci_acl_connect_cancel(struct hci_conn *conn)
120{
121 struct hci_cp_create_conn_cancel cp;
122
123 BT_DBG("%p", conn);
124
d095c1eb 125 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 126 return;
127
128 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 129 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 130}
131
1da177e4
LT		 132void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
133{
134 struct hci_cp_disconnect cp;
135
136 BT_DBG("%p", conn);
137
138 conn->state = BT_DISCONN;
139
aca3192c 140 cp.handle = cpu_to_le16(conn->handle);
1da177e4 141 cp.reason = reason;
a9de9248 142 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 143}
144
145void hci_add_sco(struct hci_conn *conn, __u16 handle)
146{
147 struct hci_dev *hdev = conn->hdev;
148 struct hci_cp_add_sco cp;
149
150 BT_DBG("%p", conn);
151
152 conn->state = BT_CONNECT;
a0c808b3 153 conn->out = true;
1da177e4 154
efc7688b
MH		 155 conn->attempt++;
156
aca3192c 157 cp.handle = cpu_to_le16(handle);
a8746417 158 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 159
a9de9248 160 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 161}
162
b6a0dc82
MH		 163void hci_setup_sync(struct hci_conn *conn, __u16 handle)
164{
165 struct hci_dev *hdev = conn->hdev;
166 struct hci_cp_setup_sync_conn cp;
167
168 BT_DBG("%p", conn);
169
170 conn->state = BT_CONNECT;
a0c808b3 171 conn->out = true;
b6a0dc82 172
efc7688b
MH		 173 conn->attempt++;
174
b6a0dc82 175 cp.handle = cpu_to_le16(handle);
a8746417 176 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 177
178 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
179 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
180 cp.max_latency = cpu_to_le16(0xffff);
181 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
182 cp.retrans_effort = 0xff;
183
184 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
185}
186
2ce603eb
CT		 187void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
188 u16 latency, u16 to_multiplier)
189{
190 struct hci_cp_le_conn_update cp;
191 struct hci_dev *hdev = conn->hdev;
192
193 memset(&cp, 0, sizeof(cp));
194
195 cp.handle = cpu_to_le16(conn->handle);
196 cp.conn_interval_min = cpu_to_le16(min);
197 cp.conn_interval_max = cpu_to_le16(max);
198 cp.conn_latency = cpu_to_le16(latency);
199 cp.supervision_timeout = cpu_to_le16(to_multiplier);
200 cp.min_ce_len = cpu_to_le16(0x0001);
201 cp.max_ce_len = cpu_to_le16(0x0001);
202
203 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
204}
205EXPORT_SYMBOL(hci_le_conn_update);
206
a7a595f6
VCG		 207void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
208 __u8 ltk[16])
209{
210 struct hci_dev *hdev = conn->hdev;
211 struct hci_cp_le_start_enc cp;
212
213 BT_DBG("%p", conn);
214
215 memset(&cp, 0, sizeof(cp));
216
217 cp.handle = cpu_to_le16(conn->handle);
218 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
219 cp.ediv = ediv;
51beabdf 220 memcpy(cp.rand, rand, sizeof(cp.rand));
a7a595f6
VCG		 221
222 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
223}
224EXPORT_SYMBOL(hci_le_start_enc);
225
226void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
227{
228 struct hci_dev *hdev = conn->hdev;
229 struct hci_cp_le_ltk_reply cp;
230
231 BT_DBG("%p", conn);
232
233 memset(&cp, 0, sizeof(cp));
234
235 cp.handle = cpu_to_le16(conn->handle);
236 memcpy(cp.ltk, ltk, sizeof(ltk));
237
238 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
239}
240EXPORT_SYMBOL(hci_le_ltk_reply);
241
242void hci_le_ltk_neg_reply(struct hci_conn *conn)
243{
244 struct hci_dev *hdev = conn->hdev;
245 struct hci_cp_le_ltk_neg_reply cp;
246
247 BT_DBG("%p", conn);
248
249 memset(&cp, 0, sizeof(cp));
250
251 cp.handle = cpu_to_le16(conn->handle);
252
253 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
254}
255
e73439d8
MH		 256/* Device _must_ be locked */
257void hci_sco_setup(struct hci_conn *conn, __u8 status)
258{
259 struct hci_conn *sco = conn->link;
260
261 BT_DBG("%p", conn);
262
263 if (!sco)
264 return;
265
266 if (!status) {
267 if (lmp_esco_capable(conn->hdev))
268 hci_setup_sync(sco, conn->handle);
269 else
270 hci_add_sco(sco, conn->handle);
271 } else {
272 hci_proto_connect_cfm(sco, status);
273 hci_conn_del(sco);
274 }
275}
276
19c40e3b 277static void hci_conn_timeout(struct work_struct *work)
1da177e4 278{
19c40e3b
GP		 279 struct hci_conn *conn = container_of(work, struct hci_conn,
280 disc_work.work);
2950f21a 281 __u8 reason;
1da177e4 282
e05dcc32 283 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
1da177e4
LT		 284
285 if (atomic_read(&conn->refcnt))
286 return;
287
6ac59344
MH		 288 switch (conn->state) {
289 case BT_CONNECT:
769be974 290 case BT_CONNECT2:
fcd89c09
VT		 291 if (conn->out) {
292 if (conn->type == ACL_LINK)
293 hci_acl_connect_cancel(conn);
294 else if (conn->type == LE_LINK)
295 hci_le_connect_cancel(conn);
296 }
6ac59344 297 break;
769be974 298 case BT_CONFIG:
8e87d142 299 case BT_CONNECTED:
2950f21a
MH		 300 reason = hci_proto_disconn_ind(conn);
301 hci_acl_disconn(conn, reason);
6ac59344
MH		 302 break;
303 default:
1da177e4 304 conn->state = BT_CLOSED;
6ac59344
MH		 305 break;
306 }
1da177e4
LT		 307}
308
416dc94b
GP		 309/* Enter sniff mode */
310static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
311{
312 struct hci_dev *hdev = conn->hdev;
313
314 BT_DBG("conn %p mode %d", conn, conn->mode);
315
316 if (test_bit(HCI_RAW, &hdev->flags))
317 return;
318
319 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
320 return;
321
322 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
323 return;
324
325 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
326 struct hci_cp_sniff_subrate cp;
327 cp.handle = cpu_to_le16(conn->handle);
328 cp.max_latency = cpu_to_le16(0);
329 cp.min_remote_timeout = cpu_to_le16(0);
330 cp.min_local_timeout = cpu_to_le16(0);
331 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
332 }
333
51a8efd7 334 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 335 struct hci_cp_sniff_mode cp;
336 cp.handle = cpu_to_le16(conn->handle);
337 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
338 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
339 cp.attempt = cpu_to_le16(4);
340 cp.timeout = cpu_to_le16(1);
341 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
342 }
343}
344
04837f64 345static void hci_conn_idle(unsigned long arg)
1da177e4 346{
04837f64
MH		 347 struct hci_conn *conn = (void *) arg;
348
349 BT_DBG("conn %p mode %d", conn, conn->mode);
350
351 hci_conn_enter_sniff_mode(conn);
1da177e4
LT		 352}
353
9f61656a
JH		 354static void hci_conn_auto_accept(unsigned long arg)
355{
356 struct hci_conn *conn = (void *) arg;
357 struct hci_dev *hdev = conn->hdev;
358
9f61656a
JH		 359 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
360 &conn->dst);
9f61656a
JH		 361}
362
1da177e4
LT		 363struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
364{
365 struct hci_conn *conn;
366
367 BT_DBG("%s dst %s", hdev->name, batostr(dst));
368
cb601d7e 369 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
04837f64 370 if (!conn)
1da177e4 371 return NULL;
1da177e4
LT		 372
373 bacpy(&conn->dst, dst);
a8746417
MH		 374 conn->hdev = hdev;
375 conn->type = type;
376 conn->mode = HCI_CM_ACTIVE;
377 conn->state = BT_OPEN;
93f19c9f 378 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 379 conn->io_capability = hdev->io_capability;
a9583556 380 conn->remote_auth = 0xff;
13d39315 381 conn->key_type = 0xff;
1da177e4 382
58a681ef 383 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 384 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 385
a8746417
MH		 386 switch (type) {
387 case ACL_LINK:
388 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
389 break;
390 case SCO_LINK:
391 if (lmp_esco_capable(hdev))
efc7688b
MH		 392 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
393 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 394 else
395 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
396 break;
397 case ESCO_LINK:
efc7688b 398 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 399 break;
400 }
401
1da177e4 402 skb_queue_head_init(&conn->data_q);
04837f64 403
70c1f20b 404 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 405
19c40e3b 406 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
b24b8a24 407 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
9f61656a
JH		 408 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
409 (unsigned long) conn);
1da177e4
LT		 410
411 atomic_set(&conn->refcnt, 0);
412
413 hci_dev_hold(hdev);
414
1da177e4 415 hci_conn_hash_add(hdev, conn);
3c54711c 416 if (hdev->notify)
1da177e4
LT		 417 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
418
9eba32b8
MH		 419 atomic_set(&conn->devref, 0);
420
a67e899c
MH		 421 hci_conn_init_sysfs(conn);
422
1da177e4
LT		 423 return conn;
424}
425
426int hci_conn_del(struct hci_conn *conn)
427{
428 struct hci_dev *hdev = conn->hdev;
429
430 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
431
04837f64
MH		 432 del_timer(&conn->idle_timer);
433
19c40e3b 434 cancel_delayed_work_sync(&conn->disc_work);
1da177e4 435
9f61656a
JH		 436 del_timer(&conn->auto_accept_timer);
437
5b7f9909 438 if (conn->type == ACL_LINK) {
1da177e4
LT		 439 struct hci_conn *sco = conn->link;
440 if (sco)
441 sco->link = NULL;
442
443 /* Unacked frames */
444 hdev->acl_cnt += conn->sent;
6ed58ec5
VT		 445 } else if (conn->type == LE_LINK) {
446 if (hdev->le_pkts)
447 hdev->le_cnt += conn->sent;
448 else
449 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 450 } else {
451 struct hci_conn *acl = conn->link;
452 if (acl) {
453 acl->link = NULL;
454 hci_conn_put(acl);
455 }
1da177e4
LT		 456 }
457
7d0db0a3 458
2c33c06a 459 hci_chan_list_flush(conn);
73d80deb 460
1da177e4 461 hci_conn_hash_del(hdev, conn);
3c54711c 462 if (hdev->notify)
1da177e4 463 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 464
1da177e4 465 skb_queue_purge(&conn->data_q);
1da177e4 466
9eba32b8 467 hci_conn_put_device(conn);
2ae9a6be 468
384943ec
MH		 469 hci_dev_put(hdev);
470
163f4dab
TT		 471 if (conn->handle == 0)
472 kfree(conn);
473
1da177e4
LT		 474 return 0;
475}
476
477struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
478{
479 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 480 struct hci_dev *hdev = NULL, *d;
1da177e4
LT		 481
482 BT_DBG("%s -> %s", batostr(src), batostr(dst));
483
f20d09d5 484 read_lock(&hci_dev_list_lock);
1da177e4 485
8035ded4 486 list_for_each_entry(d, &hci_dev_list, list) {
1da177e4
LT		 487 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
488 continue;
489
8e87d142 490 /* Simple routing:
1da177e4
LT		 491 * No source address - find interface with bdaddr != dst
492 * Source address - find interface with bdaddr == src
493 */
494
495 if (use_src) {
496 if (!bacmp(&d->bdaddr, src)) {
497 hdev = d; break;
498 }
499 } else {
500 if (bacmp(&d->bdaddr, dst)) {
501 hdev = d; break;
502 }
503 }
504 }
505
506 if (hdev)
507 hdev = hci_dev_hold(hdev);
508
f20d09d5 509 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 510 return hdev;
511}
512EXPORT_SYMBOL(hci_get_route);
513
fcd89c09 514/* Create SCO, ACL or LE connection.
1da177e4 515 * Device _must_ be locked */
8c1b2355 516struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
1da177e4
LT		 517{
518 struct hci_conn *acl;
5b7f9909 519 struct hci_conn *sco;
fcd89c09 520 struct hci_conn *le;
1da177e4
LT		 521
522 BT_DBG("%s dst %s", hdev->name, batostr(dst));
523
fcd89c09 524 if (type == LE_LINK) {
eda42b50
AG		 525 struct adv_entry *entry;
526
fcd89c09 527 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
15c4794f 528 if (le)
30e76272 529 return ERR_PTR(-EBUSY);
eda42b50
AG		 530
531 entry = hci_find_adv_entry(hdev, dst);
532 if (!entry)
533 return ERR_PTR(-EHOSTUNREACH);
534
15c4794f 535 le = hci_conn_add(hdev, LE_LINK, dst);
fcd89c09 536 if (!le)
30e76272 537 return ERR_PTR(-ENOMEM);
893d6751 538
eda42b50
AG		 539 le->dst_type = entry->bdaddr_type;
540
893d6751 541 hci_le_connect(le);
fcd89c09
VT		 542
543 hci_conn_hold(le);
544
545 return le;
546 }
547
70f23020
AE		 548 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
549 if (!acl) {
550 acl = hci_conn_add(hdev, ACL_LINK, dst);
551 if (!acl)
48c7aba9 552 return ERR_PTR(-ENOMEM);
1da177e4
LT		 553 }
554
555 hci_conn_hold(acl);
556
09ab6f4c 557 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 558 acl->sec_level = BT_SECURITY_LOW;
559 acl->pending_sec_level = sec_level;
09ab6f4c 560 acl->auth_type = auth_type;
1da177e4 561 hci_acl_connect(acl);
09ab6f4c 562 }
1da177e4 563
5b7f9909
MH		 564 if (type == ACL_LINK)
565 return acl;
1da177e4 566
70f23020
AE		 567 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
568 if (!sco) {
569 sco = hci_conn_add(hdev, type, dst);
570 if (!sco) {
5b7f9909 571 hci_conn_put(acl);
48c7aba9 572 return ERR_PTR(-ENOMEM);
1da177e4 573 }
5b7f9909 574 }
1da177e4 575
5b7f9909
MH		 576 acl->link = sco;
577 sco->link = acl;
1da177e4 578
5b7f9909 579 hci_conn_hold(sco);
1da177e4 580
5b7f9909 581 if (acl->state == BT_CONNECTED &&
b6a0dc82 582 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 583 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 584 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 585
51a8efd7 586 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 587 /* defer SCO setup until mode change completed */
51a8efd7 588 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 589 return sco;
590 }
591
592 hci_sco_setup(acl, 0x00);
b6a0dc82 593 }
5b7f9909
MH		 594
595 return sco;
1da177e4
LT		 596}
597EXPORT_SYMBOL(hci_connect);
598
e7c29cb1
MH		 599/* Check link security requirement */
600int hci_conn_check_link_mode(struct hci_conn *conn)
601{
602 BT_DBG("conn %p", conn);
603
aa64a8b5 604 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
e7c29cb1
MH		 605 return 0;
606
607 return 1;
608}
609EXPORT_SYMBOL(hci_conn_check_link_mode);
610
1da177e4 611/* Authenticate remote device */
0684e5f9 612static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4
LT		 613{
614 BT_DBG("conn %p", conn);
615
765c2a96
JH		 616 if (conn->pending_sec_level > sec_level)
617 sec_level = conn->pending_sec_level;
618
96a31833 619 if (sec_level > conn->sec_level)
765c2a96 620 conn->pending_sec_level = sec_level;
96a31833 621 else if (conn->link_mode & HCI_LM_AUTH)
1da177e4
LT		 622 return 1;
623
65cf686e
JH		 624 /* Make sure we preserve an existing MITM requirement*/
625 auth_type |= (conn->auth_type & 0x01);
626
96a31833
MH		 627 conn->auth_type = auth_type;
628
51a8efd7 629 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 630 struct hci_cp_auth_requested cp;
b7d05bad
PH		 631
632 /* encrypt must be pending if auth is also pending */
633 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
634
aca3192c 635 cp.handle = cpu_to_le16(conn->handle);
40be492f
MH		 636 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
637 sizeof(cp), &cp);
19f8def0 638 if (conn->key_type != 0xff)
51a8efd7 639 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 640 }
8c1b2355 641
1da177e4
LT		 642 return 0;
643}
1da177e4 644
13d39315
WR		 645/* Encrypt the the link */
646static void hci_conn_encrypt(struct hci_conn *conn)
647{
648 BT_DBG("conn %p", conn);
649
51a8efd7 650 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 651 struct hci_cp_set_conn_encrypt cp;
652 cp.handle = cpu_to_le16(conn->handle);
653 cp.encrypt = 0x01;
654 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
655 &cp);
656 }
657}
658
8c1b2355 659/* Enable security */
0684e5f9 660int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4
LT		 661{
662 BT_DBG("conn %p", conn);
663
13d39315 664 /* For sdp we don't need the link key. */
8c1b2355
MH		 665 if (sec_level == BT_SECURITY_SDP)
666 return 1;
667
13d39315
WR		 668 /* For non 2.1 devices and low security level we don't need the link
669 key. */
aa64a8b5 670 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 671 return 1;
8c1b2355 672
13d39315
WR		 673 /* For other security levels we need the link key. */
674 if (!(conn->link_mode & HCI_LM_AUTH))
675 goto auth;
676
677 /* An authenticated combination key has sufficient security for any
678 security level. */
679 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
680 goto encrypt;
681
682 /* An unauthenticated combination key has sufficient security for
683 security level 1 and 2. */
684 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
685 (sec_level == BT_SECURITY_MEDIUM ||
686 sec_level == BT_SECURITY_LOW))
687 goto encrypt;
688
689 /* A combination key has always sufficient security for the security
690 levels 1 or 2. High security level requires the combination key
691 is generated using maximum PIN code length (16).
692 For pre 2.1 units. */
693 if (conn->key_type == HCI_LK_COMBINATION &&
694 (sec_level != BT_SECURITY_HIGH ||
695 conn->pin_length == 16))
696 goto encrypt;
697
698auth:
51a8efd7 699 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 700 return 0;
701
6fdf658c
LAD		 702 if (!hci_conn_auth(conn, sec_level, auth_type))
703 return 0;
13d39315
WR		 704
705encrypt:
706 if (conn->link_mode & HCI_LM_ENCRYPT)
707 return 1;
8c1b2355 708
13d39315 709 hci_conn_encrypt(conn);
1da177e4
LT		 710 return 0;
711}
8c1b2355 712EXPORT_SYMBOL(hci_conn_security);
1da177e4 713
b3b1b061
WR		 714/* Check secure link requirement */
715int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
716{
717 BT_DBG("conn %p", conn);
718
719 if (sec_level != BT_SECURITY_HIGH)
720 return 1; /* Accept if non-secure is required */
721
ef4177e2 722 if (conn->sec_level == BT_SECURITY_HIGH)
b3b1b061
WR		 723 return 1;
724
725 return 0; /* Reject not secure link */
726}
727EXPORT_SYMBOL(hci_conn_check_secure);
728
1da177e4
LT		 729/* Change link key */
730int hci_conn_change_link_key(struct hci_conn *conn)
731{
732 BT_DBG("conn %p", conn);
733
51a8efd7 734 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 735 struct hci_cp_change_conn_link_key cp;
aca3192c 736 cp.handle = cpu_to_le16(conn->handle);
40be492f
MH		 737 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
738 sizeof(cp), &cp);
1da177e4 739 }
8c1b2355 740
1da177e4
LT		 741 return 0;
742}
743EXPORT_SYMBOL(hci_conn_change_link_key);
744
745/* Switch role */
8c1b2355 746int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4
LT		 747{
748 BT_DBG("conn %p", conn);
749
750 if (!role && conn->link_mode & HCI_LM_MASTER)
751 return 1;
752
51a8efd7 753 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 754 struct hci_cp_switch_role cp;
755 bacpy(&cp.bdaddr, &conn->dst);
756 cp.role = role;
a9de9248 757 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 758 }
8c1b2355 759
1da177e4
LT		 760 return 0;
761}
762EXPORT_SYMBOL(hci_conn_switch_role);
763
04837f64 764/* Enter active mode */
14b12d0b 765void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 766{
767 struct hci_dev *hdev = conn->hdev;
768
769 BT_DBG("conn %p mode %d", conn, conn->mode);
770
771 if (test_bit(HCI_RAW, &hdev->flags))
772 return;
773
14b12d0b
JG		 774 if (conn->mode != HCI_CM_SNIFF)
775 goto timer;
776
58a681ef 777 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 778 goto timer;
779
51a8efd7 780 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 781 struct hci_cp_exit_sniff_mode cp;
aca3192c 782 cp.handle = cpu_to_le16(conn->handle);
a9de9248 783 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 784 }
785
786timer:
787 if (hdev->idle_timeout > 0)
788 mod_timer(&conn->idle_timer,
789 jiffies + msecs_to_jiffies(hdev->idle_timeout));
790}
791
1da177e4
LT		 792/* Drop all connection on the device */
793void hci_conn_hash_flush(struct hci_dev *hdev)
794{
795 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 796 struct hci_conn *c, *n;
1da177e4
LT		 797
798 BT_DBG("hdev %s", hdev->name);
799
3c4e0df0 800 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 801 c->state = BT_CLOSED;
802
9f5a0d7b 803 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 804 hci_conn_del(c);
805 }
806}
807
a9de9248
MH		 808/* Check pending connect attempts */
809void hci_conn_check_pending(struct hci_dev *hdev)
810{
811 struct hci_conn *conn;
812
813 BT_DBG("hdev %s", hdev->name);
814
815 hci_dev_lock(hdev);
816
817 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
818 if (conn)
819 hci_acl_connect(conn);
820
821 hci_dev_unlock(hdev);
822}
823
9eba32b8
MH		 824void hci_conn_hold_device(struct hci_conn *conn)
825{
826 atomic_inc(&conn->devref);
827}
828EXPORT_SYMBOL(hci_conn_hold_device);
829
830void hci_conn_put_device(struct hci_conn *conn)
831{
832 if (atomic_dec_and_test(&conn->devref))
833 hci_conn_del_sysfs(conn);
834}
835EXPORT_SYMBOL(hci_conn_put_device);
836
1da177e4
LT		 837int hci_get_conn_list(void __user *arg)
838{
8035ded4 839 register struct hci_conn *c;
1da177e4
LT		 840 struct hci_conn_list_req req, *cl;
841 struct hci_conn_info *ci;
842 struct hci_dev *hdev;
1da177e4
LT		 843 int n = 0, size, err;
844
845 if (copy_from_user(&req, arg, sizeof(req)))
846 return -EFAULT;
847
848 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
849 return -EINVAL;
850
851 size = sizeof(req) + req.conn_num * sizeof(*ci);
852
70f23020
AE		 853 cl = kmalloc(size, GFP_KERNEL);
854 if (!cl)
1da177e4
LT		 855 return -ENOMEM;
856
70f23020
AE		 857 hdev = hci_dev_get(req.dev_id);
858 if (!hdev) {
1da177e4
LT		 859 kfree(cl);
860 return -ENODEV;
861 }
862
863 ci = cl->conn_info;
864
09fd0de5 865 hci_dev_lock(hdev);
8035ded4 866 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 867 bacpy(&(ci + n)->bdaddr, &c->dst);
868 (ci + n)->handle = c->handle;
869 (ci + n)->type = c->type;
870 (ci + n)->out = c->out;
871 (ci + n)->state = c->state;
872 (ci + n)->link_mode = c->link_mode;
873 if (++n >= req.conn_num)
874 break;
875 }
09fd0de5 876 hci_dev_unlock(hdev);
1da177e4
LT		 877
878 cl->dev_id = hdev->id;
879 cl->conn_num = n;
880 size = sizeof(req) + n * sizeof(*ci);
881
882 hci_dev_put(hdev);
883
884 err = copy_to_user(arg, cl, size);
885 kfree(cl);
886
887 return err ? -EFAULT : 0;
888}
889
890int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
891{
892 struct hci_conn_info_req req;
893 struct hci_conn_info ci;
894 struct hci_conn *conn;
895 char __user *ptr = arg + sizeof(req);
896
897 if (copy_from_user(&req, arg, sizeof(req)))
898 return -EFAULT;
899
09fd0de5 900 hci_dev_lock(hdev);
1da177e4
LT		 901 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
902 if (conn) {
903 bacpy(&ci.bdaddr, &conn->dst);
904 ci.handle = conn->handle;
905 ci.type = conn->type;
906 ci.out = conn->out;
907 ci.state = conn->state;
908 ci.link_mode = conn->link_mode;
909 }
09fd0de5 910 hci_dev_unlock(hdev);
1da177e4
LT		 911
912 if (!conn)
913 return -ENOENT;
914
915 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
916}
40be492f
MH		 917
918int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
919{
920 struct hci_auth_info_req req;
921 struct hci_conn *conn;
922
923 if (copy_from_user(&req, arg, sizeof(req)))
924 return -EFAULT;
925
09fd0de5 926 hci_dev_lock(hdev);
40be492f
MH		 927 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
928 if (conn)
929 req.type = conn->auth_type;
09fd0de5 930 hci_dev_unlock(hdev);
40be492f
MH		 931
932 if (!conn)
933 return -ENOENT;
934
935 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
936}
73d80deb
LAD		 937
938struct hci_chan *hci_chan_create(struct hci_conn *conn)
939{
940 struct hci_dev *hdev = conn->hdev;
941 struct hci_chan *chan;
942
943 BT_DBG("%s conn %p", hdev->name, conn);
944
75d7735c 945 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
73d80deb
LAD		 946 if (!chan)
947 return NULL;
948
949 chan->conn = conn;
950 skb_queue_head_init(&chan->data_q);
951
8192edef 952 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 953
954 return chan;
955}
956
957int hci_chan_del(struct hci_chan *chan)
958{
959 struct hci_conn *conn = chan->conn;
960 struct hci_dev *hdev = conn->hdev;
961
962 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
963
8192edef
GP		 964 list_del_rcu(&chan->list);
965
966 synchronize_rcu();
73d80deb
LAD		 967
968 skb_queue_purge(&chan->data_q);
969 kfree(chan);
970
971 return 0;
972}
973
2c33c06a 974void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 975{
2a5a5ec6 976 struct hci_chan *chan, *n;
73d80deb
LAD		 977
978 BT_DBG("conn %p", conn);
979
2a5a5ec6 980 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 981 hci_chan_del(chan);
982}
Linux 6.x block layer and io_uring tree(s)