projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
[linux-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
0fe8c8d0 4 Copyright 2023 NXP
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI connection handling. */
27
8c520a59 28#include <linux/export.h>
23b9ceb7 29#include <linux/debugfs.h>
1da177e4
LT		 30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
eca0ae4a
LAD		 34#include <net/bluetooth/iso.h>
35#include <net/bluetooth/mgmt.h>
1da177e4 36
0857dd3b 37#include "hci_request.h"
ac4b7236 38#include "smp.h"
7024728e 39#include "a2mp.h"
eca0ae4a 40#include "eir.h"
7024728e 41
2dea632f
FD		 42struct sco_param {
43 u16 pkt_type;
44 u16 max_latency;
c7da5797 45 u8 retrans_effort;
2dea632f
FD		 46};
47
e07a06b4
BG		 48struct conn_handle_t {
49 struct hci_conn *conn;
50 __u16 handle;
51};
52
48e68ff5 53static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
55 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
56 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
57 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
58 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 59};
60
48e68ff5 61static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 62 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
63 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 64};
65
565766b0 66static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 67 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
68 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 69};
70
f75113a2 71/* This function requires the caller holds hdev->lock */
19cf60bf 72static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
f75113a2
JP		 73{
74 struct hci_conn_params *params;
b5c2b621 75 struct hci_dev *hdev = conn->hdev;
f75113a2
JP		 76 struct smp_irk *irk;
77 bdaddr_t *bdaddr;
78 u8 bdaddr_type;
79
80 bdaddr = &conn->dst;
81 bdaddr_type = conn->dst_type;
82
83 /* Check if we need to convert to identity address */
b5c2b621 84 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
f75113a2
JP		 85 if (irk) {
86 bdaddr = &irk->bdaddr;
87 bdaddr_type = irk->addr_type;
88 }
89
17bc08f0
JH		 90 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
91 bdaddr_type);
19cf60bf 92 if (!params)
f75113a2
JP		 93 return;
94
19cf60bf
LAD		 95 if (params->conn) {
96 hci_conn_drop(params->conn);
97 hci_conn_put(params->conn);
98 params->conn = NULL;
99 }
100
101 if (!params->explicit_connect)
102 return;
103
104 /* If the status indicates successful cancellation of
105 * the attempt (i.e. Unknown Connection Id) there's no point of
106 * notifying failure since we'll go back to keep trying to
107 * connect. The only exception is explicit connect requests
108 * where a timeout + cancel does indicate an actual failure.
109 */
110 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
111 mgmt_connect_failed(hdev, &conn->dst, conn->type,
112 conn->dst_type, status);
113
f75113a2
JP		 114 /* The connection attempt was doing scan for new RPA, and is
115 * in scan phase. If params are not associated with any other
116 * autoconnect action, remove them completely. If they are, just unmark
117 * them as waiting for connection, by clearing explicit_connect field.
118 */
9ad3e6ff
JH		 119 params->explicit_connect = false;
120
195ef75e 121 hci_pend_le_list_del_init(params);
9ad3e6ff
JH		 122
123 switch (params->auto_connect) {
124 case HCI_AUTO_CONN_EXPLICIT:
b5c2b621 125 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
9ad3e6ff
JH		 126 /* return instead of break to avoid duplicate scan update */
127 return;
128 case HCI_AUTO_CONN_DIRECT:
129 case HCI_AUTO_CONN_ALWAYS:
195ef75e 130 hci_pend_le_list_add(params, &hdev->pend_le_conns);
9ad3e6ff
JH		 131 break;
132 case HCI_AUTO_CONN_REPORT:
195ef75e 133 hci_pend_le_list_add(params, &hdev->pend_le_reports);
9ad3e6ff
JH		 134 break;
135 default:
136 break;
168b8a25 137 }
9ad3e6ff 138
5bee2fd6 139 hci_update_passive_scan(hdev);
f75113a2
JP		 140}
141
b958f9a3
JH		 142static void hci_conn_cleanup(struct hci_conn *conn)
143{
144 struct hci_dev *hdev = conn->hdev;
145
146 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
147 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
148
629f66aa
AM		 149 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
150 hci_remove_link_key(hdev, &conn->dst);
151
b958f9a3
JH		 152 hci_chan_list_flush(conn);
153
154 hci_conn_hash_del(hdev, conn);
155
26afbd82
LAD		 156 if (conn->cleanup)
157 conn->cleanup(conn);
158
1f8330ea
SN		 159 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
160 switch (conn->setting & SCO_AIRMODE_MASK) {
161 case SCO_AIRMODE_CVSD:
162 case SCO_AIRMODE_TRANSP:
163 if (hdev->notify)
164 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
165 break;
166 }
167 } else {
168 if (hdev->notify)
169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
170 }
b958f9a3
JH		 171
172 hci_conn_del_sysfs(conn);
173
174 debugfs_remove_recursive(conn->debugfs);
175
176 hci_dev_put(hdev);
177
178 hci_conn_put(conn);
179}
180
1aef8669 181static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 182{
183 struct hci_dev *hdev = conn->hdev;
184 struct inquiry_entry *ie;
185 struct hci_cp_create_conn cp;
186
42d2d87c 187 BT_DBG("hcon %p", conn);
1da177e4 188
89e65975
SS		 189 /* Many controllers disallow HCI Create Connection while it is doing
190 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
191 * Connection. This may cause the MGMT discovering state to become false
192 * without user space's request but it is okay since the MGMT Discovery
193 * APIs do not promise that discovery should be done forever. Instead,
194 * the user space monitors the status of MGMT discovering and it may
195 * request for discovery again when this flag becomes false.
196 */
197 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
198 /* Put this connection to "pending" state so that it will be
199 * executed after the inquiry cancel command complete event.
200 */
201 conn->state = BT_CONNECT2;
202 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
203 return;
204 }
205
1da177e4 206 conn->state = BT_CONNECT;
a0c808b3 207 conn->out = true;
40bef302 208 conn->role = HCI_ROLE_MASTER;
1da177e4 209
4c67bc74
MH		 210 conn->attempt++;
211
e4e8e37c
MH		 212 conn->link_policy = hdev->link_policy;
213
1da177e4
LT		 214 memset(&cp, 0, sizeof(cp));
215 bacpy(&cp.bdaddr, &conn->dst);
216 cp.pscan_rep_mode = 0x02;
217
70f23020
AE		 218 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
219 if (ie) {
41a96212
MH		 220 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
221 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
222 cp.pscan_mode = ie->data.pscan_mode;
223 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 224 cpu_to_le16(0x8000);
41a96212
MH		 225 }
226
1da177e4
LT		 227 memcpy(conn->dev_class, ie->data.dev_class, 3);
228 }
229
a8746417 230 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 231 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 232 cp.role_switch = 0x01;
1da177e4 233 else
b6a0dc82 234 cp.role_switch = 0x00;
4c67bc74 235
a9de9248 236 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 237}
238
e3b679d5 239int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4 240{
38b3fef1 241 BT_DBG("hcon %p", conn);
1da177e4 242
74be523c 243 /* When we are central of an established connection and it enters
839035a7
JH		 244 * the disconnect timeout, then go ahead and try to read the
245 * current clock offset. Processing of the result is done
246 * within the event handling and hci_clock_offset_evt function.
247 */
88d07feb
JH		 248 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
249 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
839035a7 250 struct hci_dev *hdev = conn->hdev;
4f639ede 251 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 252
4f639ede
FF		 253 clkoff_cp.handle = cpu_to_le16(conn->handle);
254 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
255 &clkoff_cp);
839035a7
JH		 256 }
257
88d07feb 258 return hci_abort_conn(conn, reason);
1da177e4
LT		 259}
260
57f5d0d1 261static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 262{
263 struct hci_dev *hdev = conn->hdev;
264 struct hci_cp_add_sco cp;
265
38b3fef1 266 BT_DBG("hcon %p", conn);
1da177e4
LT		 267
268 conn->state = BT_CONNECT;
a0c808b3 269 conn->out = true;
1da177e4 270
efc7688b
MH		 271 conn->attempt++;
272
aca3192c 273 cp.handle = cpu_to_le16(handle);
a8746417 274 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 275
a9de9248 276 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 277}
278
8b1c324c
YL		 279static bool find_next_esco_param(struct hci_conn *conn,
280 const struct sco_param *esco_param, int size)
281{
06149746
LAD		 282 if (!conn->parent)
283 return false;
284
8b1c324c 285 for (; conn->attempt <= size; conn->attempt++) {
06149746 286 if (lmp_esco_2m_capable(conn->parent) ||
8b1c324c
YL		 287 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
288 break;
289 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
290 conn, conn->attempt);
291 }
292
293 return conn->attempt <= size;
294}
295
e07a06b4 296static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
b2af264a 297{
e07a06b4
BG		 298 int err;
299 __u8 vnd_len, *vnd_data = NULL;
300 struct hci_op_configure_data_path *cmd = NULL;
301
302 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
303 &vnd_data);
304 if (err < 0)
305 goto error;
306
307 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
308 if (!cmd) {
309 err = -ENOMEM;
310 goto error;
311 }
312
313 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
314 if (err < 0)
315 goto error;
316
317 cmd->vnd_len = vnd_len;
318 memcpy(cmd->vnd_data, vnd_data, vnd_len);
319
320 cmd->direction = 0x00;
321 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
322 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
323
324 cmd->direction = 0x01;
325 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
326 sizeof(*cmd) + vnd_len, cmd,
327 HCI_CMD_TIMEOUT);
328error:
329
330 kfree(cmd);
331 kfree(vnd_data);
332 return err;
333}
334
335static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
336{
337 struct conn_handle_t *conn_handle = data;
338 struct hci_conn *conn = conn_handle->conn;
339 __u16 handle = conn_handle->handle;
b2af264a
K		 340 struct hci_cp_enhanced_setup_sync_conn cp;
341 const struct sco_param *param;
342
e07a06b4
BG		 343 kfree(conn_handle);
344
b2af264a
K		 345 bt_dev_dbg(hdev, "hcon %p", conn);
346
9798fbde
K		 347 /* for offload use case, codec needs to configured before opening SCO */
348 if (conn->codec.data_path)
e07a06b4 349 configure_datapath_sync(hdev, &conn->codec);
9798fbde 350
b2af264a
K		 351 conn->state = BT_CONNECT;
352 conn->out = true;
353
354 conn->attempt++;
355
356 memset(&cp, 0x00, sizeof(cp));
357
358 cp.handle = cpu_to_le16(handle);
359
360 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
361 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
362
363 switch (conn->codec.id) {
904c139a
K		 364 case BT_CODEC_MSBC:
365 if (!find_next_esco_param(conn, esco_param_msbc,
366 ARRAY_SIZE(esco_param_msbc)))
e07a06b4 367 return -EINVAL;
904c139a
K		 368
369 param = &esco_param_msbc[conn->attempt - 1];
370 cp.tx_coding_format.id = 0x05;
371 cp.rx_coding_format.id = 0x05;
372 cp.tx_codec_frame_size = __cpu_to_le16(60);
373 cp.rx_codec_frame_size = __cpu_to_le16(60);
374 cp.in_bandwidth = __cpu_to_le32(32000);
375 cp.out_bandwidth = __cpu_to_le32(32000);
376 cp.in_coding_format.id = 0x04;
377 cp.out_coding_format.id = 0x04;
378 cp.in_coded_data_size = __cpu_to_le16(16);
379 cp.out_coded_data_size = __cpu_to_le16(16);
380 cp.in_pcm_data_format = 2;
381 cp.out_pcm_data_format = 2;
382 cp.in_pcm_sample_payload_msb_pos = 0;
383 cp.out_pcm_sample_payload_msb_pos = 0;
384 cp.in_data_path = conn->codec.data_path;
385 cp.out_data_path = conn->codec.data_path;
386 cp.in_transport_unit_size = 1;
387 cp.out_transport_unit_size = 1;
388 break;
389
b2af264a
K		 390 case BT_CODEC_TRANSPARENT:
391 if (!find_next_esco_param(conn, esco_param_msbc,
392 ARRAY_SIZE(esco_param_msbc)))
393 return false;
394 param = &esco_param_msbc[conn->attempt - 1];
395 cp.tx_coding_format.id = 0x03;
396 cp.rx_coding_format.id = 0x03;
397 cp.tx_codec_frame_size = __cpu_to_le16(60);
398 cp.rx_codec_frame_size = __cpu_to_le16(60);
399 cp.in_bandwidth = __cpu_to_le32(0x1f40);
400 cp.out_bandwidth = __cpu_to_le32(0x1f40);
401 cp.in_coding_format.id = 0x03;
402 cp.out_coding_format.id = 0x03;
403 cp.in_coded_data_size = __cpu_to_le16(16);
404 cp.out_coded_data_size = __cpu_to_le16(16);
405 cp.in_pcm_data_format = 2;
406 cp.out_pcm_data_format = 2;
407 cp.in_pcm_sample_payload_msb_pos = 0;
408 cp.out_pcm_sample_payload_msb_pos = 0;
409 cp.in_data_path = conn->codec.data_path;
410 cp.out_data_path = conn->codec.data_path;
411 cp.in_transport_unit_size = 1;
412 cp.out_transport_unit_size = 1;
413 break;
414
415 case BT_CODEC_CVSD:
06149746 416 if (conn->parent && lmp_esco_capable(conn->parent)) {
b2af264a
K		 417 if (!find_next_esco_param(conn, esco_param_cvsd,
418 ARRAY_SIZE(esco_param_cvsd)))
e07a06b4 419 return -EINVAL;
b2af264a
K		 420 param = &esco_param_cvsd[conn->attempt - 1];
421 } else {
422 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
e07a06b4 423 return -EINVAL;
b2af264a
K		 424 param = &sco_param_cvsd[conn->attempt - 1];
425 }
426 cp.tx_coding_format.id = 2;
427 cp.rx_coding_format.id = 2;
428 cp.tx_codec_frame_size = __cpu_to_le16(60);
429 cp.rx_codec_frame_size = __cpu_to_le16(60);
430 cp.in_bandwidth = __cpu_to_le32(16000);
431 cp.out_bandwidth = __cpu_to_le32(16000);
432 cp.in_coding_format.id = 4;
433 cp.out_coding_format.id = 4;
434 cp.in_coded_data_size = __cpu_to_le16(16);
435 cp.out_coded_data_size = __cpu_to_le16(16);
436 cp.in_pcm_data_format = 2;
437 cp.out_pcm_data_format = 2;
438 cp.in_pcm_sample_payload_msb_pos = 0;
439 cp.out_pcm_sample_payload_msb_pos = 0;
440 cp.in_data_path = conn->codec.data_path;
441 cp.out_data_path = conn->codec.data_path;
442 cp.in_transport_unit_size = 16;
443 cp.out_transport_unit_size = 16;
444 break;
445 default:
e07a06b4 446 return -EINVAL;
b2af264a
K		 447 }
448
449 cp.retrans_effort = param->retrans_effort;
450 cp.pkt_type = __cpu_to_le16(param->pkt_type);
451 cp.max_latency = __cpu_to_le16(param->max_latency);
452
453 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
e07a06b4 454 return -EIO;
b2af264a 455
e07a06b4 456 return 0;
b2af264a
K		 457}
458
459static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 460{
461 struct hci_dev *hdev = conn->hdev;
462 struct hci_cp_setup_sync_conn cp;
2dea632f 463 const struct sco_param *param;
b6a0dc82 464
b2af264a 465 bt_dev_dbg(hdev, "hcon %p", conn);
b6a0dc82
MH		 466
467 conn->state = BT_CONNECT;
a0c808b3 468 conn->out = true;
b6a0dc82 469
efc7688b
MH		 470 conn->attempt++;
471
b6a0dc82 472 cp.handle = cpu_to_le16(handle);
b6a0dc82 473
dcf4adbf
JP		 474 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
475 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 476 cp.voice_setting = cpu_to_le16(conn->setting);
477
478 switch (conn->setting & SCO_AIRMODE_MASK) {
479 case SCO_AIRMODE_TRANSP:
8b1c324c
YL		 480 if (!find_next_esco_param(conn, esco_param_msbc,
481 ARRAY_SIZE(esco_param_msbc)))
2dea632f 482 return false;
565766b0 483 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 484 break;
485 case SCO_AIRMODE_CVSD:
06149746 486 if (conn->parent && lmp_esco_capable(conn->parent)) {
8b1c324c
YL		 487 if (!find_next_esco_param(conn, esco_param_cvsd,
488 ARRAY_SIZE(esco_param_cvsd)))
48e68ff5 489 return false;
48e68ff5
BT		 490 param = &esco_param_cvsd[conn->attempt - 1];
491 } else {
492 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
493 return false;
48e68ff5
BT		 494 param = &sco_param_cvsd[conn->attempt - 1];
495 }
10c62ddc 496 break;
2dea632f
FD		 497 default:
498 return false;
10c62ddc 499 }
b6a0dc82 500
c7da5797 501 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 502 cp.pkt_type = __cpu_to_le16(param->pkt_type);
503 cp.max_latency = __cpu_to_le16(param->max_latency);
504
505 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
506 return false;
507
508 return true;
b6a0dc82
MH		 509}
510
b2af264a
K		 511bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
512{
e07a06b4
BG		 513 int result;
514 struct conn_handle_t *conn_handle;
515
516 if (enhanced_sync_conn_capable(conn->hdev)) {
517 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
518
519 if (!conn_handle)
520 return false;
521
522 conn_handle->conn = conn;
523 conn_handle->handle = handle;
524 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
525 conn_handle, NULL);
526 if (result < 0)
527 kfree(conn_handle);
528
529 return result == 0;
530 }
b2af264a
K		 531
532 return hci_setup_sync_conn(conn, handle);
533}
534
7d6ca693
JH		 535u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
536 u16 to_multiplier)
2ce603eb 537{
2ce603eb 538 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 539 struct hci_conn_params *params;
540 struct hci_cp_le_conn_update cp;
2ce603eb 541
f044eb05 542 hci_dev_lock(hdev);
2ce603eb 543
f044eb05
MH		 544 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
545 if (params) {
546 params->conn_min_interval = min;
547 params->conn_max_interval = max;
548 params->conn_latency = latency;
549 params->supervision_timeout = to_multiplier;
550 }
551
552 hci_dev_unlock(hdev);
553
554 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 555 cp.handle = cpu_to_le16(conn->handle);
556 cp.conn_interval_min = cpu_to_le16(min);
557 cp.conn_interval_max = cpu_to_le16(max);
558 cp.conn_latency = cpu_to_le16(latency);
559 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 560 cp.min_ce_len = cpu_to_le16(0x0000);
561 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 562
563 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 564
565 if (params)
566 return 0x01;
567
568 return 0x00;
2ce603eb 569}
2ce603eb 570
fe39c7b2 571void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
8b76ce34 572 __u8 ltk[16], __u8 key_size)
a7a595f6
VCG		 573{
574 struct hci_dev *hdev = conn->hdev;
575 struct hci_cp_le_start_enc cp;
576
38b3fef1 577 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 578
579 memset(&cp, 0, sizeof(cp));
580
581 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 582 cp.rand = rand;
a7a595f6 583 cp.ediv = ediv;
8b76ce34 584 memcpy(cp.ltk, ltk, key_size);
a7a595f6
VCG		 585
586 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
587}
a7a595f6 588
e73439d8
MH		 589/* Device _must_ be locked */
590void hci_sco_setup(struct hci_conn *conn, __u8 status)
591{
06149746 592 struct hci_link *link;
e73439d8 593
06149746
LAD		 594 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
595 if (!link || !link->conn)
e73439d8
MH		 596 return;
597
38b3fef1
AE		 598 BT_DBG("hcon %p", conn);
599
e73439d8
MH		 600 if (!status) {
601 if (lmp_esco_capable(conn->hdev))
06149746 602 hci_setup_sync(link->conn, conn->handle);
e73439d8 603 else
06149746 604 hci_add_sco(link->conn, conn->handle);
e73439d8 605 } else {
06149746
LAD		 606 hci_connect_cfm(link->conn, status);
607 hci_conn_del(link->conn);
e73439d8
MH		 608 }
609}
610
19c40e3b 611static void hci_conn_timeout(struct work_struct *work)
1da177e4 612{
19c40e3b 613 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 614 disc_work.work);
1d56dc4f 615 int refcnt = atomic_read(&conn->refcnt);
1da177e4 616
38b3fef1 617 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 618
1d56dc4f
LR		 619 WARN_ON(refcnt < 0);
620
621 /* FIXME: It was observed that in pairing failed scenario, refcnt
622 * drops below 0. Probably this is because l2cap_conn_del calls
623 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
624 * dropped. After that loop hci_chan_del is called which also drops
625 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
626 * otherwise drop it.
627 */
628 if (refcnt > 0)
1da177e4
LT		 629 return;
630
89e0ccc8 631 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
1da177e4
LT		 632}
633
416dc94b 634/* Enter sniff mode */
a74a84f6 635static void hci_conn_idle(struct work_struct *work)
416dc94b 636{
a74a84f6
JH		 637 struct hci_conn *conn = container_of(work, struct hci_conn,
638 idle_work.work);
416dc94b
GP		 639 struct hci_dev *hdev = conn->hdev;
640
38b3fef1 641 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 642
416dc94b
GP		 643 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
644 return;
645
646 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
647 return;
648
649 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
650 struct hci_cp_sniff_subrate cp;
651 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 652 cp.max_latency = cpu_to_le16(0);
653 cp.min_remote_timeout = cpu_to_le16(0);
654 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 655 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
656 }
657
51a8efd7 658 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 659 struct hci_cp_sniff_mode cp;
660 cp.handle = cpu_to_le16(conn->handle);
661 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
662 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 663 cp.attempt = cpu_to_le16(4);
664 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 665 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
666 }
667}
668
7bc18d9d 669static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 670{
7bc18d9d
JH		 671 struct hci_conn *conn = container_of(work, struct hci_conn,
672 auto_accept_work.work);
9f61656a 673
7bc18d9d 674 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 675 &conn->dst);
9f61656a
JH		 676}
677
c3bed4de
SN		 678static void le_disable_advertising(struct hci_dev *hdev)
679{
680 if (ext_adv_capable(hdev)) {
681 struct hci_cp_le_set_ext_adv_enable cp;
682
683 cp.enable = 0x00;
684 cp.num_of_sets = 0x00;
685
686 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
687 &cp);
688 } else {
689 u8 enable = 0x00;
690 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
691 &enable);
692 }
693}
694
9489eca4
JH		 695static void le_conn_timeout(struct work_struct *work)
696{
697 struct hci_conn *conn = container_of(work, struct hci_conn,
698 le_conn_timeout.work);
3c857757 699 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 700
701 BT_DBG("");
702
3c857757
JH		 703 /* We could end up here due to having done directed advertising,
704 * so clean up the state if necessary. This should however only
705 * happen with broken hardware or if low duty cycle was used
706 * (which doesn't have a timeout of its own).
707 */
0b1db38c 708 if (conn->role == HCI_ROLE_SLAVE) {
c3bed4de
SN		 709 /* Disable LE Advertising */
710 le_disable_advertising(hdev);
9fa6b4cd 711 hci_dev_lock(hdev);
9b3628d7 712 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
9fa6b4cd 713 hci_dev_unlock(hdev);
3c857757
JH		 714 return;
715 }
716
89e0ccc8 717 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
9489eca4
JH		 718}
719
6b9545dc
PV		 720struct iso_cig_params {
721 struct hci_cp_le_set_cig_params cp;
722 struct hci_cis_params cis[0x1f];
723};
724
eca0ae4a
LAD		 725struct iso_list_data {
726 union {
727 u8 cig;
728 u8 big;
729 };
730 union {
731 u8 cis;
732 u8 bis;
733 u16 sync_handle;
734 };
735 int count;
a0bfde16 736 bool big_term;
fbdc4bc4 737 bool pa_sync_term;
f777d882 738 bool big_sync_term;
eca0ae4a
LAD		 739};
740
741static void bis_list(struct hci_conn *conn, void *data)
742{
743 struct iso_list_data *d = data;
744
745 /* Skip if not broadcast/ANY address */
746 if (bacmp(&conn->dst, BDADDR_ANY))
747 return;
748
0fe8c8d0
IT		 749 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
750 d->bis != conn->iso_qos.bcast.bis)
eca0ae4a
LAD		 751 return;
752
753 d->count++;
754}
755
eca0ae4a
LAD		 756static int terminate_big_sync(struct hci_dev *hdev, void *data)
757{
758 struct iso_list_data *d = data;
759
760 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
761
762 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
763
a0bfde16
IT		 764 /* Only terminate BIG if it has been created */
765 if (!d->big_term)
eca0ae4a
LAD		 766 return 0;
767
768 return hci_le_terminate_big_sync(hdev, d->big,
769 HCI_ERROR_LOCAL_HOST_TERM);
770}
771
772static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
773{
774 kfree(data);
775}
776
a0bfde16 777static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
eca0ae4a
LAD		 778{
779 struct iso_list_data *d;
3aa21311 780 int ret;
eca0ae4a 781
a0bfde16
IT		 782 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
783 conn->iso_qos.bcast.bis);
eca0ae4a 784
3958e877 785 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 786 if (!d)
787 return -ENOMEM;
788
a0bfde16
IT		 789 d->big = conn->iso_qos.bcast.big;
790 d->bis = conn->iso_qos.bcast.bis;
791 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
eca0ae4a 792
3aa21311
ZS		 793 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
794 terminate_big_destroy);
795 if (ret)
796 kfree(d);
797
798 return ret;
eca0ae4a
LAD		 799}
800
801static int big_terminate_sync(struct hci_dev *hdev, void *data)
802{
803 struct iso_list_data *d = data;
804
805 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
806 d->sync_handle);
807
f777d882
IT		 808 if (d->big_sync_term)
809 hci_le_big_terminate_sync(hdev, d->big);
eca0ae4a 810
fbdc4bc4
IT		 811 if (d->pa_sync_term)
812 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
813
814 return 0;
eca0ae4a
LAD		 815}
816
f777d882 817static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
eca0ae4a
LAD		 818{
819 struct iso_list_data *d;
3aa21311 820 int ret;
eca0ae4a 821
f777d882 822 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
eca0ae4a 823
3958e877 824 d = kzalloc(sizeof(*d), GFP_KERNEL);
eca0ae4a
LAD		 825 if (!d)
826 return -ENOMEM;
827
eca0ae4a 828 d->big = big;
f777d882 829 d->sync_handle = conn->sync_handle;
fbdc4bc4 830 d->pa_sync_term = test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags);
f777d882 831 d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags);
eca0ae4a 832
3aa21311
ZS		 833 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
834 terminate_big_destroy);
835 if (ret)
836 kfree(d);
837
838 return ret;
eca0ae4a
LAD		 839}
840
841/* Cleanup BIS connection
842 *
843 * Detects if there any BIS left connected in a BIG
844 * broadcaster: Remove advertising instance and terminate BIG.
845 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
846 */
847static void bis_cleanup(struct hci_conn *conn)
848{
849 struct hci_dev *hdev = conn->hdev;
a0bfde16 850 struct hci_conn *bis;
eca0ae4a
LAD		 851
852 bt_dev_dbg(hdev, "conn %p", conn);
853
854 if (conn->role == HCI_ROLE_MASTER) {
855 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
856 return;
857
a0bfde16
IT		 858 /* Check if ISO connection is a BIS and terminate advertising
859 * set and BIG if there are no other connections using it.
860 */
6a42e9bf 861 bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
a0bfde16
IT		 862 if (bis)
863 return;
864
865 hci_le_terminate_big(hdev, conn);
eca0ae4a 866 } else {
f777d882
IT		 867 bis = hci_conn_hash_lookup_big_any_dst(hdev,
868 conn->iso_qos.bcast.big);
869
870 if (bis)
871 return;
872
0fe8c8d0 873 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
f777d882 874 conn);
eca0ae4a
LAD		 875 }
876}
877
878static int remove_cig_sync(struct hci_dev *hdev, void *data)
879{
a1f6c3ae 880 u8 handle = PTR_UINT(data);
eca0ae4a
LAD		 881
882 return hci_le_remove_cig_sync(hdev, handle);
883}
884
885static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
886{
887 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
888
a1f6c3ae
LAD		 889 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
890 NULL);
eca0ae4a
LAD		 891}
892
893static void find_cis(struct hci_conn *conn, void *data)
894{
895 struct iso_list_data *d = data;
896
31c5f916
PV		 897 /* Ignore broadcast or if CIG don't match */
898 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
eca0ae4a
LAD		 899 return;
900
901 d->count++;
902}
903
904/* Cleanup CIS connection:
905 *
906 * Detects if there any CIS left connected in a CIG and remove it.
907 */
908static void cis_cleanup(struct hci_conn *conn)
909{
910 struct hci_dev *hdev = conn->hdev;
911 struct iso_list_data d;
912
31c5f916
PV		 913 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
914 return;
915
eca0ae4a 916 memset(&d, 0, sizeof(d));
0fe8c8d0 917 d.cig = conn->iso_qos.ucast.cig;
eca0ae4a
LAD		 918
919 /* Check if ISO connection is a CIS and remove CIG if there are
920 * no other connections using it.
921 */
6c242c64
PV		 922 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
923 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
eca0ae4a
LAD		 924 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
925 if (d.count)
926 return;
927
0fe8c8d0 928 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
eca0ae4a
LAD		 929}
930
9f78191c
LAD		 931static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev)
932{
933 struct hci_conn_hash *h = &hdev->conn_hash;
934 struct hci_conn *c;
935 u16 handle = HCI_CONN_HANDLE_MAX + 1;
936
937 rcu_read_lock();
938
939 list_for_each_entry_rcu(c, &h->list, list) {
940 /* Find the first unused handle */
941 if (handle == 0xffff || c->handle != handle)
942 break;
943 handle++;
944 }
945 rcu_read_unlock();
946
947 return handle;
948}
949
a5c4e309
JH		 950struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
951 u8 role)
1da177e4
LT		 952{
953 struct hci_conn *conn;
954
6ed93dc6 955 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 956
27f70f3e 957 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 958 if (!conn)
1da177e4 959 return NULL;
1da177e4
LT		 960
961 bacpy(&conn->dst, dst);
662e8820 962 bacpy(&conn->src, &hdev->bdaddr);
9f78191c 963 conn->handle = hci_conn_hash_alloc_unset(hdev);
a8746417
MH		 964 conn->hdev = hdev;
965 conn->type = type;
a5c4e309 966 conn->role = role;
a8746417
MH		 967 conn->mode = HCI_CM_ACTIVE;
968 conn->state = BT_OPEN;
93f19c9f 969 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 970 conn->io_capability = hdev->io_capability;
a9583556 971 conn->remote_auth = 0xff;
13d39315 972 conn->key_type = 0xff;
ebf86aa3 973 conn->rssi = HCI_RSSI_INVALID;
5a134fae 974 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 975 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 976
58a681ef 977 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 978 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 979
302975cb
SRK		 980 /* Set Default Authenticated payload timeout to 30s */
981 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
982
a5c4e309
JH		 983 if (conn->role == HCI_ROLE_MASTER)
984 conn->out = true;
985
a8746417
MH		 986 switch (type) {
987 case ACL_LINK:
988 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
989 break;
9c84d1da 990 case LE_LINK:
eca0ae4a
LAD		 991 /* conn->src should reflect the local identity address */
992 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
993 break;
26afbd82 994 case ISO_LINK:
9c84d1da
JH		 995 /* conn->src should reflect the local identity address */
996 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
eca0ae4a
LAD		 997
998 /* set proper cleanup function */
999 if (!bacmp(dst, BDADDR_ANY))
1000 conn->cleanup = bis_cleanup;
1001 else if (conn->role == HCI_ROLE_MASTER)
1002 conn->cleanup = cis_cleanup;
1003
9c84d1da 1004 break;
a8746417
MH		 1005 case SCO_LINK:
1006 if (lmp_esco_capable(hdev))
efc7688b
MH		 1007 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1008 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 1009 else
1010 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1011 break;
1012 case ESCO_LINK:
efc7688b 1013 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 1014 break;
1015 }
1016
1da177e4 1017 skb_queue_head_init(&conn->data_q);
04837f64 1018
70c1f20b 1019 INIT_LIST_HEAD(&conn->chan_list);
06149746 1020 INIT_LIST_HEAD(&conn->link_list);
73d80deb 1021
19c40e3b 1022 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 1023 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 1024 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 1025 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 1026
1027 atomic_set(&conn->refcnt, 0);
1028
1029 hci_dev_hold(hdev);
1030
1da177e4 1031 hci_conn_hash_add(hdev, conn);
1f8330ea
SN		 1032
1033 /* The SCO and eSCO connections will only be notified when their
1034 * setup has been completed. This is different to ACL links which
1035 * can be notified right away.
1036 */
1037 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1038 if (hdev->notify)
1039 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1040 }
1da177e4 1041
a67e899c
MH		 1042 hci_conn_init_sysfs(conn);
1043
1da177e4
LT		 1044 return conn;
1045}
1046
06149746 1047static void hci_conn_unlink(struct hci_conn *conn)
5dc7d23e 1048{
06149746
LAD		 1049 struct hci_dev *hdev = conn->hdev;
1050
1051 bt_dev_dbg(hdev, "hcon %p", conn);
1052
1053 if (!conn->parent) {
1054 struct hci_link *link, *t;
1055
ca1fd42e
RL		 1056 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1057 struct hci_conn *child = link->conn;
1058
1059 hci_conn_unlink(child);
1060
a2ac591c
RL		 1061 /* If hdev is down it means
1062 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1063 * and links don't need to be cleanup as all connections
1064 * would be cleanup.
1065 */
1066 if (!test_bit(HCI_UP, &hdev->flags))
1067 continue;
1068
ca1fd42e
RL		 1069 /* Due to race, SCO connection might be not established
1070 * yet at this point. Delete it now, otherwise it is
1071 * possible for it to be stuck and can't be deleted.
1072 */
a2904d28
RL		 1073 if ((child->type == SCO_LINK ||
1074 child->type == ESCO_LINK) &&
9f78191c 1075 HCI_CONN_HANDLE_UNSET(child->handle))
ca1fd42e
RL		 1076 hci_conn_del(child);
1077 }
06149746
LAD		 1078
1079 return;
1080 }
1081
5dc7d23e 1082 if (!conn->link)
06149746 1083 return;
5dc7d23e 1084
06149746
LAD		 1085 list_del_rcu(&conn->link->list);
1086 synchronize_rcu();
1087
a2904d28 1088 hci_conn_drop(conn->parent);
2910431a
RL		 1089 hci_conn_put(conn->parent);
1090 conn->parent = NULL;
1091
06149746 1092 kfree(conn->link);
5dc7d23e 1093 conn->link = NULL;
5dc7d23e
LAD		 1094}
1095
a2ac591c 1096void hci_conn_del(struct hci_conn *conn)
1da177e4
LT		 1097{
1098 struct hci_dev *hdev = conn->hdev;
1099
38b3fef1 1100 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 1101
a2904d28
RL		 1102 hci_conn_unlink(conn);
1103
19c40e3b 1104 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 1105 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 1106 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 1107
5b7f9909 1108 if (conn->type == ACL_LINK) {
1da177e4
LT		 1109 /* Unacked frames */
1110 hdev->acl_cnt += conn->sent;
6ed58ec5 1111 } else if (conn->type == LE_LINK) {
980ffc0a 1112 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 1113
6ed58ec5
VT		 1114 if (hdev->le_pkts)
1115 hdev->le_cnt += conn->sent;
1116 else
1117 hdev->acl_cnt += conn->sent;
5b7f9909 1118 } else {
5638d9ea
LAD		 1119 /* Unacked ISO frames */
1120 if (conn->type == ISO_LINK) {
1121 if (hdev->iso_pkts)
1122 hdev->iso_cnt += conn->sent;
1123 else if (hdev->le_pkts)
1124 hdev->le_cnt += conn->sent;
1125 else
1126 hdev->acl_cnt += conn->sent;
1127 }
1da177e4
LT		 1128 }
1129
9740e49d
AE		 1130 if (conn->amp_mgr)
1131 amp_mgr_put(conn->amp_mgr);
1132
1da177e4 1133 skb_queue_purge(&conn->data_q);
1da177e4 1134
b958f9a3
JH		 1135 /* Remove the connection from the list and cleanup its remaining
1136 * state. This is a separate function since for some cases like
1137 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1138 * rest of hci_conn_del.
1139 */
1140 hci_conn_cleanup(conn);
1da177e4
LT		 1141}
1142
39385cb5 1143struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1da177e4
LT		 1144{
1145 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 1146 struct hci_dev *hdev = NULL, *d;
1da177e4 1147
6ed93dc6 1148 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 1149
f20d09d5 1150 read_lock(&hci_dev_list_lock);
1da177e4 1151
8035ded4 1152 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 1153 if (!test_bit(HCI_UP, &d->flags) ||
d7a5a11d 1154 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
ca8bee5d 1155 d->dev_type != HCI_PRIMARY)
1da177e4
LT		 1156 continue;
1157
8e87d142 1158 /* Simple routing:
1da177e4
LT		 1159 * No source address - find interface with bdaddr != dst
1160 * Source address - find interface with bdaddr == src
1161 */
1162
1163 if (use_src) {
39385cb5
JH		 1164 bdaddr_t id_addr;
1165 u8 id_addr_type;
1166
1167 if (src_type == BDADDR_BREDR) {
1168 if (!lmp_bredr_capable(d))
1169 continue;
1170 bacpy(&id_addr, &d->bdaddr);
1171 id_addr_type = BDADDR_BREDR;
1172 } else {
1173 if (!lmp_le_capable(d))
1174 continue;
1175
1176 hci_copy_identity_address(d, &id_addr,
1177 &id_addr_type);
1178
1179 /* Convert from HCI to three-value type */
1180 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1181 id_addr_type = BDADDR_LE_PUBLIC;
1182 else
1183 id_addr_type = BDADDR_LE_RANDOM;
1184 }
1185
1186 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1da177e4
LT		 1187 hdev = d; break;
1188 }
1189 } else {
1190 if (bacmp(&d->bdaddr, dst)) {
1191 hdev = d; break;
1192 }
1193 }
1194 }
1195
1196 if (hdev)
1197 hdev = hci_dev_hold(hdev);
1198
f20d09d5 1199 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 1200 return hdev;
1201}
1202EXPORT_SYMBOL(hci_get_route);
1203
9bb3c01f 1204/* This function requires the caller holds hdev->lock */
9b3628d7 1205static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 1206{
1207 struct hci_dev *hdev = conn->hdev;
f161dd41 1208
19cf60bf 1209 hci_connect_le_scan_cleanup(conn, status);
3c857757 1210
abfeea47 1211 /* Enable advertising in case this was a failed connection
3c857757
JH		 1212 * attempt as a peripheral.
1213 */
abfeea47 1214 hci_enable_advertising(hdev);
9bb3c01f
AG		 1215}
1216
9b3628d7
LAD		 1217/* This function requires the caller holds hdev->lock */
1218void hci_conn_failed(struct hci_conn *conn, u8 status)
1219{
1220 struct hci_dev *hdev = conn->hdev;
1221
1222 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1223
1224 switch (conn->type) {
1225 case LE_LINK:
1226 hci_le_conn_failed(conn, status);
1227 break;
1228 case ACL_LINK:
1229 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1230 conn->dst_type, status);
1231 break;
1232 }
1233
1234 conn->state = BT_CLOSED;
1235 hci_connect_cfm(conn, status);
1236 hci_conn_del(conn);
1237}
1238
16e3b642
LAD		 1239/* This function requires the caller holds hdev->lock */
1240u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1241{
1242 struct hci_dev *hdev = conn->hdev;
1243
1244 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1245
1246 if (conn->handle == handle)
1247 return 0;
1248
1249 if (handle > HCI_CONN_HANDLE_MAX) {
1250 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1251 handle, HCI_CONN_HANDLE_MAX);
1252 return HCI_ERROR_INVALID_PARAMETERS;
1253 }
1254
1255 /* If abort_reason has been sent it means the connection is being
1256 * aborted and the handle shall not be changed.
1257 */
1258 if (conn->abort_reason)
1259 return conn->abort_reason;
1260
1261 conn->handle = handle;
1262
1263 return 0;
1264}
1265
8e8b92ee 1266static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1d399ae5 1267{
04a51d61 1268 struct hci_conn *conn;
a1f6c3ae 1269 u16 handle = PTR_UINT(data);
04a51d61
LAD		 1270
1271 conn = hci_conn_hash_lookup_handle(hdev, handle);
1272 if (!conn)
1273 return;
1d399ae5 1274
b62e7220
LAD		 1275 bt_dev_dbg(hdev, "err %d", err);
1276
28a667c9
JP		 1277 hci_dev_lock(hdev);
1278
8e8b92ee 1279 if (!err) {
19cf60bf 1280 hci_connect_le_scan_cleanup(conn, 0x00);
28a667c9
JP		 1281 goto done;
1282 }
1d399ae5 1283
c9f73a21
LAD		 1284 /* Check if connection is still pending */
1285 if (conn != hci_lookup_le_connect(hdev))
1d399ae5
AG		 1286 goto done;
1287
5cd39700
AP		 1288 /* Flush to make sure we send create conn cancel command if needed */
1289 flush_delayed_work(&conn->le_conn_timeout);
a86ddbff 1290 hci_conn_failed(conn, bt_status(err));
1d399ae5
AG		 1291
1292done:
1293 hci_dev_unlock(hdev);
1294}
1295
8e8b92ee 1296static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
3c857757 1297{
04a51d61 1298 struct hci_conn *conn;
a1f6c3ae 1299 u16 handle = PTR_UINT(data);
04a51d61
LAD		 1300
1301 conn = hci_conn_hash_lookup_handle(hdev, handle);
1302 if (!conn)
1303 return 0;
075e40b7 1304
8e8b92ee 1305 bt_dev_dbg(hdev, "conn %p", conn);
3c857757 1306
3a15324f 1307 clear_bit(HCI_CONN_SCANNING, &conn->flags);
04a51d61
LAD		 1308 conn->state = BT_CONNECT;
1309
8e8b92ee 1310 return hci_le_create_conn_sync(hdev, conn);
3c857757
JH		 1311}
1312
04a6c589 1313struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
d850bf08 1314 u8 dst_type, bool dst_resolved, u8 sec_level,
8e8b92ee 1315 u16 conn_timeout, u8 role)
1da177e4 1316{
e2caced4 1317 struct hci_conn *conn;
1ebfcc1f 1318 struct smp_irk *irk;
1d399ae5 1319 int err;
1da177e4 1320
152d386e 1321 /* Let's make sure that le is enabled.*/
d7a5a11d 1322 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
152d386e
LR		 1323 if (lmp_le_capable(hdev))
1324 return ERR_PTR(-ECONNREFUSED);
1325
1326 return ERR_PTR(-EOPNOTSUPP);
1327 }
1328
658aead9
JH		 1329 /* Since the controller supports only one LE connection attempt at a
1330 * time, we return -EBUSY if there is any connection attempt running.
1331 */
1332 if (hci_lookup_le_connect(hdev))
1333 return ERR_PTR(-EBUSY);
1334
e2caced4
JH		 1335 /* If there's already a connection object but it's not in
1336 * scanning state it means it must already be established, in
1337 * which case we can't do anything else except report a failure
1338 * to connect.
620ad521 1339 */
9d4c1cc1 1340 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
e2caced4
JH		 1341 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1342 return ERR_PTR(-EBUSY);
620ad521 1343 }
dfc94dbd 1344
d850bf08
LAD		 1345 /* Check if the destination address has been resolved by the controller
1346 * since if it did then the identity address shall be used.
edb4b466 1347 */
d850bf08
LAD		 1348 if (!dst_resolved) {
1349 /* When given an identity address with existing identity
1350 * resolving key, the connection needs to be established
1351 * to a resolvable random address.
1352 *
1353 * Storing the resolvable random address is required here
1354 * to handle connection failures. The address will later
1355 * be resolved back into the original identity address
1356 * from the connect request.
1357 */
1358 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1359 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1360 dst = &irk->rpa;
1361 dst_type = ADDR_LE_DEV_RANDOM;
1362 }
1ebfcc1f
JH		 1363 }
1364
e2caced4 1365 if (conn) {
28a667c9
JP		 1366 bacpy(&conn->dst, dst);
1367 } else {
1368 conn = hci_conn_add(hdev, LE_LINK, dst, role);
e2caced4
JH		 1369 if (!conn)
1370 return ERR_PTR(-ENOMEM);
1371 hci_conn_hold(conn);
1372 conn->pending_sec_level = sec_level;
28a667c9
JP		 1373 }
1374
1ebfcc1f 1375 conn->dst_type = dst_type;
620ad521 1376 conn->sec_level = BT_SECURITY_LOW;
09ae260b 1377 conn->conn_timeout = conn_timeout;
4292f1f3 1378
04a51d61 1379 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync,
a1f6c3ae 1380 UINT_PTR(conn->handle),
8e8b92ee 1381 create_le_conn_complete);
2acf3d90
AG		 1382 if (err) {
1383 hci_conn_del(conn);
620ad521 1384 return ERR_PTR(err);
2acf3d90 1385 }
fcd89c09 1386
f1e5d547 1387 return conn;
d04aef4c 1388}
fcd89c09 1389
f75113a2
JP		 1390static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1391{
1392 struct hci_conn *conn;
1393
9d4c1cc1 1394 conn = hci_conn_hash_lookup_le(hdev, addr, type);
f75113a2
JP		 1395 if (!conn)
1396 return false;
1397
f75113a2
JP		 1398 if (conn->state != BT_CONNECTED)
1399 return false;
1400
1401 return true;
1402}
1403
1404/* This function requires the caller holds hdev->lock */
84235d22 1405static int hci_explicit_conn_params_set(struct hci_dev *hdev,
f75113a2
JP		 1406 bdaddr_t *addr, u8 addr_type)
1407{
f75113a2
JP		 1408 struct hci_conn_params *params;
1409
1410 if (is_connected(hdev, addr, addr_type))
1411 return -EISCONN;
1412
5157b8a5
JP		 1413 params = hci_conn_params_lookup(hdev, addr, addr_type);
1414 if (!params) {
1415 params = hci_conn_params_add(hdev, addr, addr_type);
1416 if (!params)
1417 return -ENOMEM;
1418
1419 /* If we created new params, mark them to be deleted in
1420 * hci_connect_le_scan_cleanup. It's different case than
1421 * existing disabled params, those will stay after cleanup.
1422 */
1423 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1424 }
f75113a2 1425
5157b8a5 1426 /* We're trying to connect, so make sure params are at pend_le_conns */
49c50922 1427 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5157b8a5
JP		 1428 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1429 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
195ef75e
PV		 1430 hci_pend_le_list_del_init(params);
1431 hci_pend_le_list_add(params, &hdev->pend_le_conns);
f75113a2
JP		 1432 }
1433
1434 params->explicit_connect = true;
f75113a2
JP		 1435
1436 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1437 params->auto_connect);
1438
1439 return 0;
1440}
1441
eca0ae4a
LAD		 1442static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1443{
6a42e9bf
IT		 1444 struct hci_conn *conn;
1445 u8 big;
eca0ae4a
LAD		 1446
1447 /* Allocate a BIG if not set */
0fe8c8d0 1448 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
6a42e9bf 1449 for (big = 0x00; big < 0xef; big++) {
eca0ae4a 1450
6a42e9bf
IT		 1451 conn = hci_conn_hash_lookup_big(hdev, big);
1452 if (!conn)
eca0ae4a
LAD		 1453 break;
1454 }
1455
6a42e9bf 1456 if (big == 0xef)
eca0ae4a
LAD		 1457 return -EADDRNOTAVAIL;
1458
1459 /* Update BIG */
6a42e9bf 1460 qos->bcast.big = big;
eca0ae4a
LAD		 1461 }
1462
1463 return 0;
1464}
1465
1466static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1467{
6a42e9bf
IT		 1468 struct hci_conn *conn;
1469 u8 bis;
eca0ae4a
LAD		 1470
1471 /* Allocate BIS if not set */
0fe8c8d0 1472 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
eca0ae4a
LAD		 1473 /* Find an unused adv set to advertise BIS, skip instance 0x00
1474 * since it is reserved as general purpose set.
1475 */
6a42e9bf
IT		 1476 for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1477 bis++) {
eca0ae4a 1478
6a42e9bf
IT		 1479 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1480 if (!conn)
eca0ae4a
LAD		 1481 break;
1482 }
1483
6a42e9bf 1484 if (bis == hdev->le_num_of_adv_sets)
eca0ae4a
LAD		 1485 return -EADDRNOTAVAIL;
1486
1487 /* Update BIS */
6a42e9bf 1488 qos->bcast.bis = bis;
eca0ae4a
LAD		 1489 }
1490
1491 return 0;
1492}
1493
1494/* This function requires the caller holds hdev->lock */
1495static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
a0bfde16
IT		 1496 struct bt_iso_qos *qos, __u8 base_len,
1497 __u8 *base)
eca0ae4a
LAD		 1498{
1499 struct hci_conn *conn;
eca0ae4a
LAD		 1500 int err;
1501
1502 /* Let's make sure that le is enabled.*/
1503 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1504 if (lmp_le_capable(hdev))
1505 return ERR_PTR(-ECONNREFUSED);
1506 return ERR_PTR(-EOPNOTSUPP);
1507 }
1508
1509 err = qos_set_big(hdev, qos);
1510 if (err)
1511 return ERR_PTR(err);
1512
1513 err = qos_set_bis(hdev, qos);
1514 if (err)
1515 return ERR_PTR(err);
1516
a0bfde16
IT		 1517 /* Check if the LE Create BIG command has already been sent */
1518 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1519 qos->bcast.big);
1520 if (conn)
eca0ae4a
LAD		 1521 return ERR_PTR(-EADDRINUSE);
1522
a0bfde16
IT		 1523 /* Check BIS settings against other bound BISes, since all
1524 * BISes in a BIG must have the same value for all parameters
1525 */
6a42e9bf 1526 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
a0bfde16
IT		 1527
1528 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1529 base_len != conn->le_per_adv_data_len ||
1530 memcmp(conn->le_per_adv_data, base, base_len)))
eca0ae4a
LAD		 1531 return ERR_PTR(-EADDRINUSE);
1532
1533 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1534 if (!conn)
1535 return ERR_PTR(-ENOMEM);
1536
eca0ae4a
LAD		 1537 conn->state = BT_CONNECT;
1538
1539 hci_conn_hold(conn);
1540 return conn;
1541}
1542
f75113a2
JP		 1543/* This function requires the caller holds hdev->lock */
1544struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1545 u8 dst_type, u8 sec_level,
76b13996
MM		 1546 u16 conn_timeout,
1547 enum conn_reasons conn_reason)
f75113a2
JP		 1548{
1549 struct hci_conn *conn;
f75113a2
JP		 1550
1551 /* Let's make sure that le is enabled.*/
1552 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1553 if (lmp_le_capable(hdev))
1554 return ERR_PTR(-ECONNREFUSED);
1555
1556 return ERR_PTR(-EOPNOTSUPP);
1557 }
1558
1559 /* Some devices send ATT messages as soon as the physical link is
1560 * established. To be able to handle these ATT messages, the user-
1561 * space first establishes the connection and then starts the pairing
1562 * process.
1563 *
1564 * So if a hci_conn object already exists for the following connection
1565 * attempt, we simply update pending_sec_level and auth_type fields
1566 * and return the object found.
1567 */
9d4c1cc1 1568 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
f75113a2
JP		 1569 if (conn) {
1570 if (conn->pending_sec_level < sec_level)
1571 conn->pending_sec_level = sec_level;
1572 goto done;
1573 }
1574
1575 BT_DBG("requesting refresh of dst_addr");
1576
0ad06aa6 1577 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
f75113a2
JP		 1578 if (!conn)
1579 return ERR_PTR(-ENOMEM);
1580
d088337c
NE		 1581 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1582 hci_conn_del(conn);
f75113a2 1583 return ERR_PTR(-EBUSY);
d088337c 1584 }
f75113a2
JP		 1585
1586 conn->state = BT_CONNECT;
1587 set_bit(HCI_CONN_SCANNING, &conn->flags);
f75113a2
JP		 1588 conn->dst_type = dst_type;
1589 conn->sec_level = BT_SECURITY_LOW;
1590 conn->pending_sec_level = sec_level;
1591 conn->conn_timeout = conn_timeout;
76b13996 1592 conn->conn_reason = conn_reason;
f75113a2 1593
5bee2fd6 1594 hci_update_passive_scan(hdev);
84235d22 1595
f75113a2
JP		 1596done:
1597 hci_conn_hold(conn);
1598 return conn;
1599}
1600
04a6c589 1601struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
76b13996
MM		 1602 u8 sec_level, u8 auth_type,
1603 enum conn_reasons conn_reason)
1da177e4
LT		 1604{
1605 struct hci_conn *acl;
fcd89c09 1606
d7a5a11d 1607 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
c411110e
LR		 1608 if (lmp_bredr_capable(hdev))
1609 return ERR_PTR(-ECONNREFUSED);
1610
beb19e4c 1611 return ERR_PTR(-EOPNOTSUPP);
c411110e 1612 }
56f87901 1613
70f23020
AE		 1614 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1615 if (!acl) {
a5c4e309 1616 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 1617 if (!acl)
48c7aba9 1618 return ERR_PTR(-ENOMEM);
1da177e4
LT		 1619 }
1620
1621 hci_conn_hold(acl);
1622
76b13996 1623 acl->conn_reason = conn_reason;
09ab6f4c 1624 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 1625 acl->sec_level = BT_SECURITY_LOW;
1626 acl->pending_sec_level = sec_level;
09ab6f4c 1627 acl->auth_type = auth_type;
1aef8669 1628 hci_acl_create_connection(acl);
09ab6f4c 1629 }
1da177e4 1630
db474275
VCG		 1631 return acl;
1632}
1633
06149746
LAD		 1634static struct hci_link *hci_conn_link(struct hci_conn *parent,
1635 struct hci_conn *conn)
1636{
1637 struct hci_dev *hdev = parent->hdev;
1638 struct hci_link *link;
1639
1640 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1641
1642 if (conn->link)
1643 return conn->link;
1644
1645 if (conn->parent)
1646 return NULL;
1647
1648 link = kzalloc(sizeof(*link), GFP_KERNEL);
1649 if (!link)
1650 return NULL;
1651
1652 link->conn = hci_conn_hold(conn);
1653 conn->link = link;
1654 conn->parent = hci_conn_get(parent);
1655
1656 /* Use list_add_tail_rcu append to the list */
1657 list_add_tail_rcu(&link->list, &parent->link_list);
1658
1659 return link;
1660}
1661
10c62ddc 1662struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
b2af264a 1663 __u16 setting, struct bt_codec *codec)
db474275
VCG		 1664{
1665 struct hci_conn *acl;
1666 struct hci_conn *sco;
06149746 1667 struct hci_link *link;
db474275 1668
76b13996
MM		 1669 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1670 CONN_REASON_SCO_CONNECT);
db474275 1671 if (IS_ERR(acl))
5b7f9909 1672 return acl;
1da177e4 1673
70f23020
AE		 1674 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1675 if (!sco) {
a5c4e309 1676 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 1677 if (!sco) {
76a68ba0 1678 hci_conn_drop(acl);
48c7aba9 1679 return ERR_PTR(-ENOMEM);
1da177e4 1680 }
5b7f9909 1681 }
1da177e4 1682
06149746
LAD		 1683 link = hci_conn_link(acl, sco);
1684 if (!link) {
1685 hci_conn_drop(acl);
1686 hci_conn_drop(sco);
b4066eb0 1687 return ERR_PTR(-ENOLINK);
06149746 1688 }
1da177e4 1689
10c62ddc 1690 sco->setting = setting;
b2af264a 1691 sco->codec = *codec;
10c62ddc 1692
5b7f9909 1693 if (acl->state == BT_CONNECTED &&
5974e4c4 1694 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 1695 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 1696 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 1697
51a8efd7 1698 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 1699 /* defer SCO setup until mode change completed */
51a8efd7 1700 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 1701 return sco;
1702 }
1703
1704 hci_sco_setup(acl, 0x00);
b6a0dc82 1705 }
5b7f9909
MH		 1706
1707 return sco;
1da177e4 1708}
1da177e4 1709
eca0ae4a
LAD		 1710static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1711{
1712 struct hci_dev *hdev = conn->hdev;
1713 struct hci_cp_le_create_big cp;
a0bfde16 1714 struct iso_list_data data;
eca0ae4a
LAD		 1715
1716 memset(&cp, 0, sizeof(cp));
1717
a0bfde16
IT		 1718 data.big = qos->bcast.big;
1719 data.bis = qos->bcast.bis;
1720 data.count = 0;
1721
1722 /* Create a BIS for each bound connection */
1723 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1724 BT_BOUND, &data);
1725
0fe8c8d0
IT		 1726 cp.handle = qos->bcast.big;
1727 cp.adv_handle = qos->bcast.bis;
a0bfde16 1728 cp.num_bis = data.count;
0fe8c8d0
IT		 1729 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1730 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1731 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1732 cp.bis.rtn = qos->bcast.out.rtn;
1733 cp.bis.phy = qos->bcast.out.phy;
1734 cp.bis.packing = qos->bcast.packing;
1735 cp.bis.framing = qos->bcast.framing;
1736 cp.bis.encryption = qos->bcast.encryption;
1737 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
eca0ae4a
LAD		 1738
1739 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1740}
1741
a0912892 1742static int set_cig_params_sync(struct hci_dev *hdev, void *data)
6b9545dc 1743{
a1f6c3ae 1744 u8 cig_id = PTR_UINT(data);
a0912892
LAD		 1745 struct hci_conn *conn;
1746 struct bt_iso_qos *qos;
1747 struct iso_cig_params pdu;
1748 u8 cis_id;
6b9545dc 1749
a0912892
LAD		 1750 conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1751 if (!conn)
1752 return 0;
6b9545dc 1753
a0912892 1754 memset(&pdu, 0, sizeof(pdu));
6b9545dc 1755
a0912892
LAD		 1756 qos = &conn->iso_qos;
1757 pdu.cp.cig_id = cig_id;
1758 hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1759 hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1760 pdu.cp.sca = qos->ucast.sca;
1761 pdu.cp.packing = qos->ucast.packing;
1762 pdu.cp.framing = qos->ucast.framing;
1763 pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1764 pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
6b9545dc 1765
a0912892
LAD		 1766 /* Reprogram all CIS(s) with the same CIG, valid range are:
1767 * num_cis: 0x00 to 0x1F
1768 * cis_id: 0x00 to 0xEF
1769 */
1770 for (cis_id = 0x00; cis_id < 0xf0 &&
1771 pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1772 struct hci_cis_params *cis;
1773
1774 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1775 if (!conn)
1776 continue;
6b9545dc 1777
a0912892
LAD		 1778 qos = &conn->iso_qos;
1779
1780 cis = &pdu.cis[pdu.cp.num_cis++];
1781 cis->cis_id = cis_id;
1782 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1783 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1784 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1785 qos->ucast.in.phy;
1786 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1787 qos->ucast.out.phy;
1788 cis->c_rtn = qos->ucast.out.rtn;
1789 cis->p_rtn = qos->ucast.in.rtn;
1790 }
1791
1792 if (!pdu.cp.num_cis)
1793 return 0;
1794
1795 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1796 sizeof(pdu.cp) +
1797 pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
6b9545dc
PV		 1798 HCI_CMD_TIMEOUT);
1799}
1800
26afbd82
LAD		 1801static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1802{
1803 struct hci_dev *hdev = conn->hdev;
1804 struct iso_list_data data;
1805
1806 memset(&data, 0, sizeof(data));
1807
e6a7a46b 1808 /* Allocate first still reconfigurable CIG if not set */
0fe8c8d0 1809 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
e6a7a46b 1810 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
26afbd82 1811 data.count = 0;
26afbd82 1812
e6a7a46b
PV		 1813 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1814 BT_CONNECT, &data);
26afbd82
LAD		 1815 if (data.count)
1816 continue;
1817
e6a7a46b 1818 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
26afbd82
LAD		 1819 BT_CONNECTED, &data);
1820 if (!data.count)
1821 break;
1822 }
1823
e6a7a46b 1824 if (data.cig == 0xf0)
26afbd82
LAD		 1825 return false;
1826
1827 /* Update CIG */
0fe8c8d0 1828 qos->ucast.cig = data.cig;
26afbd82
LAD		 1829 }
1830
0fe8c8d0 1831 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
a0912892
LAD		 1832 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1833 qos->ucast.cis))
26afbd82 1834 return false;
a0912892 1835 goto done;
26afbd82
LAD		 1836 }
1837
a0912892
LAD		 1838 /* Allocate first available CIS if not set */
1839 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1840 data.cis++) {
1841 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1842 data.cis)) {
26afbd82 1843 /* Update CIS */
0fe8c8d0 1844 qos->ucast.cis = data.cis;
a0912892 1845 break;
26afbd82
LAD		 1846 }
1847 }
1848
a0912892 1849 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
26afbd82
LAD		 1850 return false;
1851
a0912892
LAD		 1852done:
1853 if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
a1f6c3ae 1854 UINT_PTR(qos->ucast.cig), NULL) < 0)
6b9545dc 1855 return false;
6b9545dc 1856
26afbd82
LAD		 1857 return true;
1858}
1859
26afbd82
LAD		 1860struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1861 __u8 dst_type, struct bt_iso_qos *qos)
1862{
1863 struct hci_conn *cis;
1864
c14516fa
LAD		 1865 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1866 qos->ucast.cis);
26afbd82
LAD		 1867 if (!cis) {
1868 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1869 if (!cis)
1870 return ERR_PTR(-ENOMEM);
1871 cis->cleanup = cis_cleanup;
b36a234d 1872 cis->dst_type = dst_type;
b5793de3
PV		 1873 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1874 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
26afbd82
LAD		 1875 }
1876
1877 if (cis->state == BT_CONNECTED)
1878 return cis;
1879
1880 /* Check if CIS has been set and the settings matches */
1881 if (cis->state == BT_BOUND &&
1882 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1883 return cis;
1884
1885 /* Update LINK PHYs according to QoS preference */
0fe8c8d0
IT		 1886 cis->le_tx_phy = qos->ucast.out.phy;
1887 cis->le_rx_phy = qos->ucast.in.phy;
26afbd82
LAD		 1888
1889 /* If output interval is not set use the input interval as it cannot be
1890 * 0x000000.
1891 */
0fe8c8d0
IT		 1892 if (!qos->ucast.out.interval)
1893 qos->ucast.out.interval = qos->ucast.in.interval;
26afbd82
LAD		 1894
1895 /* If input interval is not set use the output interval as it cannot be
1896 * 0x000000.
1897 */
0fe8c8d0
IT		 1898 if (!qos->ucast.in.interval)
1899 qos->ucast.in.interval = qos->ucast.out.interval;
26afbd82
LAD		 1900
1901 /* If output latency is not set use the input latency as it cannot be
1902 * 0x0000.
1903 */
0fe8c8d0
IT		 1904 if (!qos->ucast.out.latency)
1905 qos->ucast.out.latency = qos->ucast.in.latency;
26afbd82
LAD		 1906
1907 /* If input latency is not set use the output latency as it cannot be
1908 * 0x0000.
1909 */
0fe8c8d0
IT		 1910 if (!qos->ucast.in.latency)
1911 qos->ucast.in.latency = qos->ucast.out.latency;
26afbd82 1912
26afbd82
LAD		 1913 if (!hci_le_set_cig_params(cis, qos)) {
1914 hci_conn_drop(cis);
1915 return ERR_PTR(-EINVAL);
1916 }
1917
69997d50
PV		 1918 hci_conn_hold(cis);
1919
26afbd82
LAD		 1920 cis->iso_qos = *qos;
1921 cis->state = BT_BOUND;
1922
1923 return cis;
1924}
1925
1926bool hci_iso_setup_path(struct hci_conn *conn)
1927{
1928 struct hci_dev *hdev = conn->hdev;
1929 struct hci_cp_le_setup_iso_path cmd;
1930
1931 memset(&cmd, 0, sizeof(cmd));
1932
0fe8c8d0 1933 if (conn->iso_qos.ucast.out.sdu) {
26afbd82
LAD		 1934 cmd.handle = cpu_to_le16(conn->handle);
1935 cmd.direction = 0x00; /* Input (Host to Controller) */
1936 cmd.path = 0x00; /* HCI path if enabled */
1937 cmd.codec = 0x03; /* Transparent Data */
1938
1939 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1940 &cmd) < 0)
1941 return false;
1942 }
1943
0fe8c8d0 1944 if (conn->iso_qos.ucast.in.sdu) {
26afbd82
LAD		 1945 cmd.handle = cpu_to_le16(conn->handle);
1946 cmd.direction = 0x01; /* Output (Controller to Host) */
1947 cmd.path = 0x00; /* HCI path if enabled */
1948 cmd.codec = 0x03; /* Transparent Data */
1949
1950 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1951 &cmd) < 0)
1952 return false;
1953 }
1954
1955 return true;
1956}
1957
7f74563e 1958int hci_conn_check_create_cis(struct hci_conn *conn)
26afbd82 1959{
7f74563e
PV		 1960 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1961 return -EINVAL;
26afbd82 1962
7f74563e 1963 if (!conn->parent || conn->parent->state != BT_CONNECTED ||
9f78191c 1964 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
7f74563e 1965 return 1;
26afbd82 1966
7f74563e
PV		 1967 return 0;
1968}
06149746 1969
7f74563e
PV		 1970static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1971{
1972 return hci_le_create_cis_sync(hdev);
1973}
06149746 1974
7f74563e
PV		 1975int hci_le_create_cis_pending(struct hci_dev *hdev)
1976{
1977 struct hci_conn *conn;
1978 bool pending = false;
06149746 1979
7f74563e 1980 rcu_read_lock();
06149746 1981
7f74563e
PV		 1982 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1983 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
1984 rcu_read_unlock();
1985 return -EBUSY;
06149746
LAD		 1986 }
1987
7f74563e
PV		 1988 if (!hci_conn_check_create_cis(conn))
1989 pending = true;
26afbd82
LAD		 1990 }
1991
7f74563e
PV		 1992 rcu_read_unlock();
1993
1994 if (!pending)
26afbd82
LAD		 1995 return 0;
1996
1997 /* Queue Create CIS */
7f74563e 1998 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
26afbd82
LAD		 1999}
2000
2001static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
2002 struct bt_iso_io_qos *qos, __u8 phy)
2003{
2004 /* Only set MTU if PHY is enabled */
2005 if (!qos->sdu && qos->phy) {
2006 if (hdev->iso_mtu > 0)
2007 qos->sdu = hdev->iso_mtu;
2008 else if (hdev->le_mtu > 0)
2009 qos->sdu = hdev->le_mtu;
2010 else
2011 qos->sdu = hdev->acl_mtu;
2012 }
2013
2014 /* Use the same PHY as ACL if set to any */
2015 if (qos->phy == BT_ISO_PHY_ANY)
2016 qos->phy = phy;
2017
2018 /* Use LE ACL connection interval if not set */
2019 if (!qos->interval)
2020 /* ACL interval unit in 1.25 ms to us */
2021 qos->interval = conn->le_conn_interval * 1250;
2022
2023 /* Use LE ACL connection latency if not set */
2024 if (!qos->latency)
2025 qos->latency = conn->le_conn_latency;
2026}
2027
eca0ae4a
LAD		 2028static int create_big_sync(struct hci_dev *hdev, void *data)
2029{
2030 struct hci_conn *conn = data;
2031 struct bt_iso_qos *qos = &conn->iso_qos;
2032 u16 interval, sync_interval = 0;
2033 u32 flags = 0;
2034 int err;
2035
0fe8c8d0 2036 if (qos->bcast.out.phy == 0x02)
eca0ae4a
LAD		 2037 flags |= MGMT_ADV_FLAG_SEC_2M;
2038
2039 /* Align intervals */
14f0dcec 2040 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
eca0ae4a 2041
0fe8c8d0 2042 if (qos->bcast.bis)
14f0dcec 2043 sync_interval = interval * 4;
eca0ae4a 2044
0fe8c8d0 2045 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
eca0ae4a
LAD		 2046 conn->le_per_adv_data, flags, interval,
2047 interval, sync_interval);
2048 if (err)
2049 return err;
2050
2051 return hci_le_create_big(conn, &conn->iso_qos);
2052}
2053
2054static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2055{
2056 struct hci_cp_le_pa_create_sync *cp = data;
2057
2058 bt_dev_dbg(hdev, "");
2059
2060 if (err)
2061 bt_dev_err(hdev, "Unable to create PA: %d", err);
2062
2063 kfree(cp);
2064}
2065
2066static int create_pa_sync(struct hci_dev *hdev, void *data)
2067{
2068 struct hci_cp_le_pa_create_sync *cp = data;
2069 int err;
2070
2071 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2072 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2073 if (err) {
2074 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2075 return err;
2076 }
2077
2078 return hci_update_passive_scan_sync(hdev);
2079}
2080
2081int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
0fe8c8d0 2082 __u8 sid, struct bt_iso_qos *qos)
eca0ae4a
LAD		 2083{
2084 struct hci_cp_le_pa_create_sync *cp;
2085
2086 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2087 return -EBUSY;
2088
37224a29 2089 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
eca0ae4a
LAD		 2090 if (!cp) {
2091 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2092 return -ENOMEM;
2093 }
2094
0fe8c8d0 2095 cp->options = qos->bcast.options;
eca0ae4a
LAD		 2096 cp->sid = sid;
2097 cp->addr_type = dst_type;
2098 bacpy(&cp->addr, dst);
0fe8c8d0
IT		 2099 cp->skip = cpu_to_le16(qos->bcast.skip);
2100 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2101 cp->sync_cte_type = qos->bcast.sync_cte_type;
eca0ae4a
LAD		 2102
2103 /* Queue start pa_create_sync and scan */
2104 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2105}
2106
fbdc4bc4
IT		 2107int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
2108 struct bt_iso_qos *qos,
eca0ae4a
LAD		 2109 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2110{
2111 struct _packed {
2112 struct hci_cp_le_big_create_sync cp;
2113 __u8 bis[0x11];
2114 } pdu;
2115 int err;
2116
2117 if (num_bis > sizeof(pdu.bis))
2118 return -EINVAL;
2119
2120 err = qos_set_big(hdev, qos);
2121 if (err)
2122 return err;
2123
fbdc4bc4
IT		 2124 if (hcon)
2125 hcon->iso_qos.bcast.big = qos->bcast.big;
2126
eca0ae4a 2127 memset(&pdu, 0, sizeof(pdu));
0fe8c8d0 2128 pdu.cp.handle = qos->bcast.big;
eca0ae4a 2129 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
0fe8c8d0
IT		 2130 pdu.cp.encryption = qos->bcast.encryption;
2131 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2132 pdu.cp.mse = qos->bcast.mse;
2133 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
eca0ae4a
LAD		 2134 pdu.cp.num_bis = num_bis;
2135 memcpy(pdu.bis, bis, num_bis);
2136
2137 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2138 sizeof(pdu.cp) + num_bis, &pdu);
2139}
2140
2141static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2142{
2143 struct hci_conn *conn = data;
2144
2145 bt_dev_dbg(hdev, "conn %p", conn);
2146
2147 if (err) {
2148 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2149 hci_connect_cfm(conn, err);
2150 hci_conn_del(conn);
2151 }
2152}
2153
a0bfde16
IT		 2154struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2155 struct bt_iso_qos *qos,
2156 __u8 base_len, __u8 *base)
eca0ae4a
LAD		 2157{
2158 struct hci_conn *conn;
a0bfde16
IT		 2159 __u8 eir[HCI_MAX_PER_AD_LENGTH];
2160
2161 if (base_len && base)
2162 base_len = eir_append_service_data(eir, 0, 0x1851,
2163 base, base_len);
eca0ae4a
LAD		 2164
2165 /* We need hci_conn object using the BDADDR_ANY as dst */
a0bfde16 2166 conn = hci_add_bis(hdev, dst, qos, base_len, eir);
eca0ae4a
LAD		 2167 if (IS_ERR(conn))
2168 return conn;
2169
a0bfde16
IT		 2170 /* Update LINK PHYs according to QoS preference */
2171 conn->le_tx_phy = qos->bcast.out.phy;
2172 conn->le_tx_phy = qos->bcast.out.phy;
eca0ae4a
LAD		 2173
2174 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2175 if (base_len && base) {
a0bfde16 2176 memcpy(conn->le_per_adv_data, eir, sizeof(eir));
eca0ae4a
LAD		 2177 conn->le_per_adv_data_len = base_len;
2178 }
2179
a0bfde16
IT		 2180 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2181 conn->le_tx_phy ? conn->le_tx_phy :
2182 hdev->le_tx_def_phys);
2183
2184 conn->iso_qos = *qos;
2185 conn->state = BT_BOUND;
2186
2187 return conn;
2188}
2189
2190static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2191{
2192 struct iso_list_data *d = data;
2193
2194 /* Skip if not broadcast/ANY address */
2195 if (bacmp(&conn->dst, BDADDR_ANY))
2196 return;
2197
2198 if (d->big != conn->iso_qos.bcast.big ||
2199 d->bis == BT_ISO_QOS_BIS_UNSET ||
2200 d->bis != conn->iso_qos.bcast.bis)
2201 return;
2202
2203 set_bit(HCI_CONN_PER_ADV, &conn->flags);
2204}
2205
2206struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2207 __u8 dst_type, struct bt_iso_qos *qos,
2208 __u8 base_len, __u8 *base)
2209{
2210 struct hci_conn *conn;
2211 int err;
2212 struct iso_list_data data;
2213
2214 conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2215 if (IS_ERR(conn))
2216 return conn;
2217
2218 data.big = qos->bcast.big;
2219 data.bis = qos->bcast.bis;
2220
2221 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2222 * the start periodic advertising and create BIG commands have
2223 * been queued
2224 */
2225 hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2226 BT_BOUND, &data);
2227
eca0ae4a
LAD		 2228 /* Queue start periodic advertising and create BIG */
2229 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2230 create_big_complete);
2231 if (err < 0) {
2232 hci_conn_drop(conn);
2233 return ERR_PTR(err);
2234 }
2235
eca0ae4a
LAD		 2236 return conn;
2237}
2238
26afbd82
LAD		 2239struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2240 __u8 dst_type, struct bt_iso_qos *qos)
2241{
2242 struct hci_conn *le;
2243 struct hci_conn *cis;
06149746 2244 struct hci_link *link;
26afbd82 2245
26afbd82
LAD		 2246 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2247 le = hci_connect_le(hdev, dst, dst_type, false,
2248 BT_SECURITY_LOW,
2249 HCI_LE_CONN_TIMEOUT,
2250 HCI_ROLE_SLAVE);
2251 else
2252 le = hci_connect_le_scan(hdev, dst, dst_type,
2253 BT_SECURITY_LOW,
2254 HCI_LE_CONN_TIMEOUT,
2255 CONN_REASON_ISO_CONNECT);
2256 if (IS_ERR(le))
2257 return le;
2258
0fe8c8d0 2259 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
26afbd82 2260 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
0fe8c8d0 2261 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
26afbd82
LAD		 2262 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2263
2264 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2265 if (IS_ERR(cis)) {
2266 hci_conn_drop(le);
2267 return cis;
2268 }
2269
06149746
LAD		 2270 link = hci_conn_link(le, cis);
2271 if (!link) {
2272 hci_conn_drop(le);
2273 hci_conn_drop(cis);
b4066eb0 2274 return ERR_PTR(-ENOLINK);
06149746 2275 }
26afbd82 2276
69997d50
PV		 2277 /* Link takes the refcount */
2278 hci_conn_drop(cis);
2279
7f74563e
PV		 2280 cis->state = BT_CONNECT;
2281
2282 hci_le_create_cis_pending(hdev);
26afbd82
LAD		 2283
2284 return cis;
2285}
2286
e7c29cb1
MH		 2287/* Check link security requirement */
2288int hci_conn_check_link_mode(struct hci_conn *conn)
2289{
38b3fef1 2290 BT_DBG("hcon %p", conn);
e7c29cb1 2291
40b552aa
MH		 2292 /* In Secure Connections Only mode, it is required that Secure
2293 * Connections is used and the link is encrypted with AES-CCM
2294 * using a P-256 authenticated combination key.
2295 */
d7a5a11d 2296 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
40b552aa
MH		 2297 if (!hci_conn_sc_enabled(conn) ||
2298 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2299 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2300 return 0;
2301 }
2302
8746f135
LAD		 2303 /* AES encryption is required for Level 4:
2304 *
2305 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2306 * page 1319:
2307 *
2308 * 128-bit equivalent strength for link and encryption keys
2309 * required using FIPS approved algorithms (E0 not allowed,
2310 * SAFER+ not allowed, and P-192 not allowed; encryption key
2311 * not shortened)
2312 */
2313 if (conn->sec_level == BT_SECURITY_FIPS &&
2314 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2315 bt_dev_err(conn->hdev,
2316 "Invalid security: Missing AES-CCM usage");
2317 return 0;
2318 }
2319
4dae2798
JH		 2320 if (hci_conn_ssp_enabled(conn) &&
2321 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 2322 return 0;
2323
2324 return 1;
2325}
e7c29cb1 2326
1da177e4 2327/* Authenticate remote device */
0684e5f9 2328static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 2329{
38b3fef1 2330 BT_DBG("hcon %p", conn);
1da177e4 2331
765c2a96
JH		 2332 if (conn->pending_sec_level > sec_level)
2333 sec_level = conn->pending_sec_level;
2334
96a31833 2335 if (sec_level > conn->sec_level)
765c2a96 2336 conn->pending_sec_level = sec_level;
4dae2798 2337 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 2338 return 1;
2339
65cf686e
JH		 2340 /* Make sure we preserve an existing MITM requirement*/
2341 auth_type |= (conn->auth_type & 0x01);
2342
96a31833
MH		 2343 conn->auth_type = auth_type;
2344
51a8efd7 2345 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 2346 struct hci_cp_auth_requested cp;
b7d05bad 2347
aca3192c 2348 cp.handle = cpu_to_le16(conn->handle);
40be492f 2349 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 2350 sizeof(cp), &cp);
09da1f34
JH		 2351
2352 /* If we're already encrypted set the REAUTH_PEND flag,
2353 * otherwise set the ENCRYPT_PEND.
2354 */
4dae2798 2355 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 2356 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 2357 else
2358 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2359 }
8c1b2355 2360
1da177e4
LT		 2361 return 0;
2362}
1da177e4 2363
bb6d6895 2364/* Encrypt the link */
13d39315
WR		 2365static void hci_conn_encrypt(struct hci_conn *conn)
2366{
38b3fef1 2367 BT_DBG("hcon %p", conn);
13d39315 2368
51a8efd7 2369 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 2370 struct hci_cp_set_conn_encrypt cp;
2371 cp.handle = cpu_to_le16(conn->handle);
2372 cp.encrypt = 0x01;
2373 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 2374 &cp);
13d39315
WR		 2375 }
2376}
2377
8c1b2355 2378/* Enable security */
e7cafc45
JH		 2379int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2380 bool initiator)
1da177e4 2381{
38b3fef1 2382 BT_DBG("hcon %p", conn);
1da177e4 2383
d8343f12
VCG		 2384 if (conn->type == LE_LINK)
2385 return smp_conn_security(conn, sec_level);
2386
13d39315 2387 /* For sdp we don't need the link key. */
8c1b2355
MH		 2388 if (sec_level == BT_SECURITY_SDP)
2389 return 1;
2390
13d39315
WR		 2391 /* For non 2.1 devices and low security level we don't need the link
2392 key. */
aa64a8b5 2393 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 2394 return 1;
8c1b2355 2395
13d39315 2396 /* For other security levels we need the link key. */
4dae2798 2397 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 2398 goto auth;
2399
7b5a9241
MH		 2400 /* An authenticated FIPS approved combination key has sufficient
2401 * security for security level 4. */
2402 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
2403 sec_level == BT_SECURITY_FIPS)
2404 goto encrypt;
2405
2406 /* An authenticated combination key has sufficient security for
2407 security level 3. */
2408 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
2409 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
2410 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 2411 goto encrypt;
2412
2413 /* An unauthenticated combination key has sufficient security for
2414 security level 1 and 2. */
66138ce8
MH		 2415 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2416 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 2417 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 2418 goto encrypt;
2419
2420 /* A combination key has always sufficient security for the security
2421 levels 1 or 2. High security level requires the combination key
2422 is generated using maximum PIN code length (16).
2423 For pre 2.1 units. */
2424 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 2425 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
2426 conn->pin_length == 16))
13d39315
WR		 2427 goto encrypt;
2428
2429auth:
51a8efd7 2430 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 2431 return 0;
2432
977f8fce
JH		 2433 if (initiator)
2434 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2435
6fdf658c
LAD		 2436 if (!hci_conn_auth(conn, sec_level, auth_type))
2437 return 0;
13d39315
WR		 2438
2439encrypt:
693cd8ce
MH		 2440 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2441 /* Ensure that the encryption key size has been read,
2442 * otherwise stall the upper layer responses.
2443 */
2444 if (!conn->enc_key_size)
2445 return 0;
2446
2447 /* Nothing else needed, all requirements are met */
13d39315 2448 return 1;
693cd8ce 2449 }
8c1b2355 2450
13d39315 2451 hci_conn_encrypt(conn);
1da177e4
LT		 2452 return 0;
2453}
8c1b2355 2454EXPORT_SYMBOL(hci_conn_security);
1da177e4 2455
b3b1b061
WR		 2456/* Check secure link requirement */
2457int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2458{
38b3fef1 2459 BT_DBG("hcon %p", conn);
b3b1b061 2460
9cb2e030
MH		 2461 /* Accept if non-secure or higher security level is required */
2462 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2463 return 1;
b3b1b061 2464
9cb2e030
MH		 2465 /* Accept if secure or higher security level is already present */
2466 if (conn->sec_level == BT_SECURITY_HIGH ||
2467 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 2468 return 1;
2469
9cb2e030
MH		 2470 /* Reject not secure link */
2471 return 0;
b3b1b061
WR		 2472}
2473EXPORT_SYMBOL(hci_conn_check_secure);
2474
1da177e4 2475/* Switch role */
8c1b2355 2476int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 2477{
38b3fef1 2478 BT_DBG("hcon %p", conn);
1da177e4 2479
40bef302 2480 if (role == conn->role)
1da177e4
LT		 2481 return 1;
2482
51a8efd7 2483 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 2484 struct hci_cp_switch_role cp;
2485 bacpy(&cp.bdaddr, &conn->dst);
2486 cp.role = role;
a9de9248 2487 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 2488 }
8c1b2355 2489
1da177e4
LT		 2490 return 0;
2491}
2492EXPORT_SYMBOL(hci_conn_switch_role);
2493
04837f64 2494/* Enter active mode */
14b12d0b 2495void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 2496{
2497 struct hci_dev *hdev = conn->hdev;
2498
38b3fef1 2499 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 2500
14b12d0b
JG		 2501 if (conn->mode != HCI_CM_SNIFF)
2502 goto timer;
2503
58a681ef 2504 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 2505 goto timer;
2506
51a8efd7 2507 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 2508 struct hci_cp_exit_sniff_mode cp;
aca3192c 2509 cp.handle = cpu_to_le16(conn->handle);
a9de9248 2510 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 2511 }
2512
2513timer:
2514 if (hdev->idle_timeout > 0)
a74a84f6
JH		 2515 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2516 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 2517}
2518
1da177e4
LT		 2519/* Drop all connection on the device */
2520void hci_conn_hash_flush(struct hci_dev *hdev)
2521{
a2ac591c
RL		 2522 struct list_head *head = &hdev->conn_hash.list;
2523 struct hci_conn *conn;
1da177e4
LT		 2524
2525 BT_DBG("hdev %s", hdev->name);
2526
a2ac591c
RL		 2527 /* We should not traverse the list here, because hci_conn_del
2528 * can remove extra links, which may cause the list traversal
2529 * to hit items that have already been released.
2530 */
2531 while ((conn = list_first_entry_or_null(head,
2532 struct hci_conn,
2533 list)) != NULL) {
2534 conn->state = BT_CLOSED;
2535 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
a2ac591c 2536 hci_conn_del(conn);
1da177e4
LT		 2537 }
2538}
2539
a9de9248
MH		 2540/* Check pending connect attempts */
2541void hci_conn_check_pending(struct hci_dev *hdev)
2542{
2543 struct hci_conn *conn;
2544
2545 BT_DBG("hdev %s", hdev->name);
2546
2547 hci_dev_lock(hdev);
2548
2549 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2550 if (conn)
1aef8669 2551 hci_acl_create_connection(conn);
a9de9248
MH		 2552
2553 hci_dev_unlock(hdev);
2554}
2555
4dae2798
JH		 2556static u32 get_link_mode(struct hci_conn *conn)
2557{
2558 u32 link_mode = 0;
2559
40bef302 2560 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 2561 link_mode |= HCI_LM_MASTER;
2562
2563 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2564 link_mode |= HCI_LM_ENCRYPT;
2565
2566 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2567 link_mode |= HCI_LM_AUTH;
2568
2569 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2570 link_mode |= HCI_LM_SECURE;
2571
2572 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2573 link_mode |= HCI_LM_FIPS;
2574
2575 return link_mode;
2576}
2577
1da177e4
LT		 2578int hci_get_conn_list(void __user *arg)
2579{
fc5fef61 2580 struct hci_conn *c;
1da177e4
LT		 2581 struct hci_conn_list_req req, *cl;
2582 struct hci_conn_info *ci;
2583 struct hci_dev *hdev;
1da177e4
LT		 2584 int n = 0, size, err;
2585
2586 if (copy_from_user(&req, arg, sizeof(req)))
2587 return -EFAULT;
2588
2589 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2590 return -EINVAL;
2591
2592 size = sizeof(req) + req.conn_num * sizeof(*ci);
2593
70f23020
AE		 2594 cl = kmalloc(size, GFP_KERNEL);
2595 if (!cl)
1da177e4
LT		 2596 return -ENOMEM;
2597
70f23020
AE		 2598 hdev = hci_dev_get(req.dev_id);
2599 if (!hdev) {
1da177e4
LT		 2600 kfree(cl);
2601 return -ENODEV;
2602 }
2603
2604 ci = cl->conn_info;
2605
09fd0de5 2606 hci_dev_lock(hdev);
8035ded4 2607 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 2608 bacpy(&(ci + n)->bdaddr, &c->dst);
2609 (ci + n)->handle = c->handle;
2610 (ci + n)->type = c->type;
2611 (ci + n)->out = c->out;
2612 (ci + n)->state = c->state;
4dae2798 2613 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 2614 if (++n >= req.conn_num)
2615 break;
2616 }
09fd0de5 2617 hci_dev_unlock(hdev);
1da177e4
LT		 2618
2619 cl->dev_id = hdev->id;
2620 cl->conn_num = n;
2621 size = sizeof(req) + n * sizeof(*ci);
2622
2623 hci_dev_put(hdev);
2624
2625 err = copy_to_user(arg, cl, size);
2626 kfree(cl);
2627
2628 return err ? -EFAULT : 0;
2629}
2630
2631int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2632{
2633 struct hci_conn_info_req req;
2634 struct hci_conn_info ci;
2635 struct hci_conn *conn;
2636 char __user *ptr = arg + sizeof(req);
2637
2638 if (copy_from_user(&req, arg, sizeof(req)))
2639 return -EFAULT;
2640
09fd0de5 2641 hci_dev_lock(hdev);
1da177e4
LT		 2642 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2643 if (conn) {
2644 bacpy(&ci.bdaddr, &conn->dst);
2645 ci.handle = conn->handle;
2646 ci.type = conn->type;
2647 ci.out = conn->out;
2648 ci.state = conn->state;
4dae2798 2649 ci.link_mode = get_link_mode(conn);
1da177e4 2650 }
09fd0de5 2651 hci_dev_unlock(hdev);
1da177e4
LT		 2652
2653 if (!conn)
2654 return -ENOENT;
2655
2656 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2657}
40be492f
MH		 2658
2659int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2660{
2661 struct hci_auth_info_req req;
2662 struct hci_conn *conn;
2663
2664 if (copy_from_user(&req, arg, sizeof(req)))
2665 return -EFAULT;
2666
09fd0de5 2667 hci_dev_lock(hdev);
40be492f
MH		 2668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2669 if (conn)
2670 req.type = conn->auth_type;
09fd0de5 2671 hci_dev_unlock(hdev);
40be492f
MH		 2672
2673 if (!conn)
2674 return -ENOENT;
2675
2676 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2677}
73d80deb
LAD		 2678
2679struct hci_chan *hci_chan_create(struct hci_conn *conn)
2680{
2681 struct hci_dev *hdev = conn->hdev;
2682 struct hci_chan *chan;
2683
38b3fef1 2684 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 2685
f94b665d
JH		 2686 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2687 BT_DBG("Refusing to create new hci_chan");
2688 return NULL;
2689 }
2690
27f70f3e 2691 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 2692 if (!chan)
2693 return NULL;
2694
6c388d32 2695 chan->conn = hci_conn_get(conn);
73d80deb 2696 skb_queue_head_init(&chan->data_q);
168df8e5 2697 chan->state = BT_CONNECTED;
73d80deb 2698
8192edef 2699 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 2700
2701 return chan;
2702}
2703
9472007c 2704void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 2705{
2706 struct hci_conn *conn = chan->conn;
2707 struct hci_dev *hdev = conn->hdev;
2708
38b3fef1 2709 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 2710
8192edef
GP		 2711 list_del_rcu(&chan->list);
2712
2713 synchronize_rcu();
73d80deb 2714
bcbb655a 2715 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 2716 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 2717
6c388d32 2718 hci_conn_put(conn);
e9b02748 2719
73d80deb
LAD		 2720 skb_queue_purge(&chan->data_q);
2721 kfree(chan);
73d80deb
LAD		 2722}
2723
2c33c06a 2724void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 2725{
2a5a5ec6 2726 struct hci_chan *chan, *n;
73d80deb 2727
38b3fef1 2728 BT_DBG("hcon %p", conn);
73d80deb 2729
2a5a5ec6 2730 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 2731 hci_chan_del(chan);
2732}
42c4e53e
AE		 2733
2734static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2735 __u16 handle)
2736{
2737 struct hci_chan *hchan;
2738
2739 list_for_each_entry(hchan, &hcon->chan_list, list) {
2740 if (hchan->handle == handle)
2741 return hchan;
2742 }
2743
2744 return NULL;
2745}
2746
2747struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2748{
2749 struct hci_conn_hash *h = &hdev->conn_hash;
2750 struct hci_conn *hcon;
2751 struct hci_chan *hchan = NULL;
2752
2753 rcu_read_lock();
2754
2755 list_for_each_entry_rcu(hcon, &h->list, list) {
2756 hchan = __hci_chan_lookup_handle(hcon, handle);
2757 if (hchan)
2758 break;
2759 }
2760
2761 rcu_read_unlock();
2762
2763 return hchan;
2764}
eab2404b
LAD		 2765
2766u32 hci_conn_get_phy(struct hci_conn *conn)
2767{
2768 u32 phys = 0;
2769
eab2404b
LAD		 2770 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2771 * Table 6.2: Packets defined for synchronous, asynchronous, and
6397729b 2772 * CPB logical transport types.
eab2404b
LAD		 2773 */
2774 switch (conn->type) {
2775 case SCO_LINK:
2776 /* SCO logical transport (1 Mb/s):
2777 * HV1, HV2, HV3 and DV.
2778 */
2779 phys |= BT_PHY_BR_1M_1SLOT;
2780
2781 break;
2782
2783 case ACL_LINK:
2784 /* ACL logical transport (1 Mb/s) ptt=0:
2785 * DH1, DM3, DH3, DM5 and DH5.
2786 */
2787 phys |= BT_PHY_BR_1M_1SLOT;
2788
2789 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2790 phys |= BT_PHY_BR_1M_3SLOT;
2791
2792 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2793 phys |= BT_PHY_BR_1M_5SLOT;
2794
2795 /* ACL logical transport (2 Mb/s) ptt=1:
2796 * 2-DH1, 2-DH3 and 2-DH5.
2797 */
2798 if (!(conn->pkt_type & HCI_2DH1))
2799 phys |= BT_PHY_EDR_2M_1SLOT;
2800
2801 if (!(conn->pkt_type & HCI_2DH3))
2802 phys |= BT_PHY_EDR_2M_3SLOT;
2803
2804 if (!(conn->pkt_type & HCI_2DH5))
2805 phys |= BT_PHY_EDR_2M_5SLOT;
2806
2807 /* ACL logical transport (3 Mb/s) ptt=1:
2808 * 3-DH1, 3-DH3 and 3-DH5.
2809 */
2810 if (!(conn->pkt_type & HCI_3DH1))
2811 phys |= BT_PHY_EDR_3M_1SLOT;
2812
2813 if (!(conn->pkt_type & HCI_3DH3))
2814 phys |= BT_PHY_EDR_3M_3SLOT;
2815
2816 if (!(conn->pkt_type & HCI_3DH5))
2817 phys |= BT_PHY_EDR_3M_5SLOT;
2818
2819 break;
2820
2821 case ESCO_LINK:
2822 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2823 phys |= BT_PHY_BR_1M_1SLOT;
2824
2825 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2826 phys |= BT_PHY_BR_1M_3SLOT;
2827
2828 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2829 if (!(conn->pkt_type & ESCO_2EV3))
2830 phys |= BT_PHY_EDR_2M_1SLOT;
2831
2832 if (!(conn->pkt_type & ESCO_2EV5))
2833 phys |= BT_PHY_EDR_2M_3SLOT;
2834
2835 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2836 if (!(conn->pkt_type & ESCO_3EV3))
2837 phys |= BT_PHY_EDR_3M_1SLOT;
2838
2839 if (!(conn->pkt_type & ESCO_3EV5))
2840 phys |= BT_PHY_EDR_3M_3SLOT;
2841
2842 break;
2843
2844 case LE_LINK:
2845 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2846 phys |= BT_PHY_LE_1M_TX;
2847
2848 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2849 phys |= BT_PHY_LE_1M_RX;
2850
2851 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2852 phys |= BT_PHY_LE_2M_TX;
2853
2854 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2855 phys |= BT_PHY_LE_2M_RX;
2856
2857 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2858 phys |= BT_PHY_LE_CODED_TX;
2859
2860 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2861 phys |= BT_PHY_LE_CODED_RX;
2862
2863 break;
2864 }
2865
eab2404b
LAD		 2866 return phys;
2867}
1a942de0 2868
a13f316e 2869static int abort_conn_sync(struct hci_dev *hdev, void *data)
1a942de0 2870{
a13f316e 2871 struct hci_conn *conn;
a1f6c3ae 2872 u16 handle = PTR_UINT(data);
1a942de0 2873
a13f316e
LAD		 2874 conn = hci_conn_hash_lookup_handle(hdev, handle);
2875 if (!conn)
b62e7220
LAD		 2876 return 0;
2877
a13f316e
LAD		 2878 return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2879}
1a942de0 2880
a13f316e
LAD		 2881int hci_abort_conn(struct hci_conn *conn, u8 reason)
2882{
2883 struct hci_dev *hdev = conn->hdev;
1a942de0 2884
a13f316e
LAD		 2885 /* If abort_reason has already been set it means the connection is
2886 * already being aborted so don't attempt to overwrite it.
2887 */
2888 if (conn->abort_reason)
2889 return 0;
1a942de0 2890
a13f316e 2891 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
1a942de0 2892
a13f316e 2893 conn->abort_reason = reason;
1a942de0 2894
a13f316e
LAD		 2895 /* If the connection is pending check the command opcode since that
2896 * might be blocking on hci_cmd_sync_work while waiting its respective
2897 * event so we need to hci_cmd_sync_cancel to cancel it.
04a51d61
LAD		 2898 *
2899 * hci_connect_le serializes the connection attempts so only one
2900 * connection can be in BT_CONNECT at time.
a13f316e
LAD		 2901 */
2902 if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2903 switch (hci_skb_event(hdev->sent_cmd)) {
2904 case HCI_EV_LE_CONN_COMPLETE:
2905 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2906 case HCI_EVT_LE_CIS_ESTABLISHED:
2907 hci_cmd_sync_cancel(hdev, -ECANCELED);
2908 break;
1a942de0 2909 }
1a942de0
BG		 2910 }
2911
a1f6c3ae 2912 return hci_cmd_sync_queue(hdev, abort_conn_sync, UINT_PTR(conn->handle),
a13f316e 2913 NULL);
1a942de0 2914}
Linux 6.x block layer and io_uring tree(s)