projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add hci_update_random_address() convenience function
[linux-2.6-block.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31
ac4b7236 32#include "smp.h"
7024728e
MH		 33#include "a2mp.h"
34
2dea632f
FD		 35struct sco_param {
36 u16 pkt_type;
37 u16 max_latency;
38};
39
40static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
46};
47
48static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
51};
52
1aef8669 53static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 54{
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
56}
57
1aef8669 58static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 59{
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
63
42d2d87c 64 BT_DBG("hcon %p", conn);
1da177e4
LT		 65
66 conn->state = BT_CONNECT;
a0c808b3 67 conn->out = true;
a8746417 68
1da177e4
LT		 69 conn->link_mode = HCI_LM_MASTER;
70
4c67bc74
MH		 71 conn->attempt++;
72
e4e8e37c
MH		 73 conn->link_policy = hdev->link_policy;
74
1da177e4
LT		 75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
70f23020
AE		 79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
41a96212
MH		 81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
82781e63 85 __constant_cpu_to_le16(0x8000);
41a96212
MH		 86 }
87
1da177e4 88 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 91 }
92
a8746417 93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 95 cp.role_switch = 0x01;
1da177e4 96 else
b6a0dc82 97 cp.role_switch = 0x00;
4c67bc74 98
a9de9248 99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 100}
101
1aef8669 102static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 103{
104 struct hci_cp_create_conn_cancel cp;
105
38b3fef1 106 BT_DBG("hcon %p", conn);
6ac59344 107
d095c1eb 108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 113}
114
93796fa6
CT		 115static void hci_reject_sco(struct hci_conn *conn)
116{
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123}
124
bed71748 125void hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 126{
127 struct hci_cp_disconnect cp;
128
38b3fef1 129 BT_DBG("hcon %p", conn);
1da177e4
LT		 130
131 conn->state = BT_DISCONN;
132
aca3192c 133 cp.handle = cpu_to_le16(conn->handle);
1da177e4 134 cp.reason = reason;
a9de9248 135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 136}
137
53502d69
AE		 138static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
139{
140 struct hci_cp_disconn_phy_link cp;
141
142 BT_DBG("hcon %p", conn);
143
144 conn->state = BT_DISCONN;
145
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
147 cp.reason = reason;
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
149 sizeof(cp), &cp);
150}
151
57f5d0d1 152static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 153{
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
156
38b3fef1 157 BT_DBG("hcon %p", conn);
1da177e4
LT		 158
159 conn->state = BT_CONNECT;
a0c808b3 160 conn->out = true;
1da177e4 161
efc7688b
MH		 162 conn->attempt++;
163
aca3192c 164 cp.handle = cpu_to_le16(handle);
a8746417 165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 166
a9de9248 167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 168}
169
2dea632f 170bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 171{
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
2dea632f 174 const struct sco_param *param;
b6a0dc82 175
38b3fef1 176 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 177
178 conn->state = BT_CONNECT;
a0c808b3 179 conn->out = true;
b6a0dc82 180
efc7688b
MH		 181 conn->attempt++;
182
b6a0dc82 183 cp.handle = cpu_to_le16(handle);
b6a0dc82 184
82781e63
AE		 185 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
10c62ddc
FD		 187 cp.voice_setting = cpu_to_le16(conn->setting);
188
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
2dea632f
FD		 191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
192 return false;
10c62ddc 193 cp.retrans_effort = 0x02;
2dea632f 194 param = &sco_param_wideband[conn->attempt - 1];
10c62ddc
FD		 195 break;
196 case SCO_AIRMODE_CVSD:
2dea632f
FD		 197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
198 return false;
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
10c62ddc 201 break;
2dea632f
FD		 202 default:
203 return false;
10c62ddc 204 }
b6a0dc82 205
2dea632f
FD		 206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
208
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
210 return false;
211
212 return true;
b6a0dc82
MH		 213}
214
2ce603eb 215void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
5974e4c4 216 u16 latency, u16 to_multiplier)
2ce603eb
CT		 217{
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
220
221 memset(&cp, 0, sizeof(cp));
222
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
d66c2950
MH		 228 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
229 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
2ce603eb
CT		 230
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
232}
2ce603eb 233
a7a595f6 234void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
5974e4c4 235 __u8 ltk[16])
a7a595f6
VCG		 236{
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
239
38b3fef1 240 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 241
242 memset(&cp, 0, sizeof(cp));
243
244 cp.handle = cpu_to_le16(conn->handle);
245 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
246 cp.ediv = ediv;
51beabdf 247 memcpy(cp.rand, rand, sizeof(cp.rand));
a7a595f6
VCG		 248
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
250}
a7a595f6 251
e73439d8
MH		 252/* Device _must_ be locked */
253void hci_sco_setup(struct hci_conn *conn, __u8 status)
254{
255 struct hci_conn *sco = conn->link;
256
e73439d8
MH		 257 if (!sco)
258 return;
259
38b3fef1
AE		 260 BT_DBG("hcon %p", conn);
261
e73439d8
MH		 262 if (!status) {
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
265 else
266 hci_add_sco(sco, conn->handle);
267 } else {
268 hci_proto_connect_cfm(sco, status);
269 hci_conn_del(sco);
270 }
271}
272
53502d69
AE		 273static void hci_conn_disconnect(struct hci_conn *conn)
274{
275 __u8 reason = hci_proto_disconn_ind(conn);
276
277 switch (conn->type) {
53502d69
AE		 278 case AMP_LINK:
279 hci_amp_disconn(conn, reason);
280 break;
4c02e2d4 281 default:
bed71748 282 hci_disconnect(conn, reason);
4c02e2d4 283 break;
53502d69
AE		 284 }
285}
286
19c40e3b 287static void hci_conn_timeout(struct work_struct *work)
1da177e4 288{
19c40e3b 289 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 290 disc_work.work);
1da177e4 291
38b3fef1 292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4
LT		 293
294 if (atomic_read(&conn->refcnt))
295 return;
296
6ac59344
MH		 297 switch (conn->state) {
298 case BT_CONNECT:
769be974 299 case BT_CONNECT2:
fcd89c09
VT		 300 if (conn->out) {
301 if (conn->type == ACL_LINK)
1aef8669 302 hci_acl_create_connection_cancel(conn);
fcd89c09 303 else if (conn->type == LE_LINK)
1aef8669 304 hci_le_create_connection_cancel(conn);
93796fa6
CT		 305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
fcd89c09 307 }
6ac59344 308 break;
769be974 309 case BT_CONFIG:
8e87d142 310 case BT_CONNECTED:
53502d69 311 hci_conn_disconnect(conn);
6ac59344
MH		 312 break;
313 default:
1da177e4 314 conn->state = BT_CLOSED;
6ac59344
MH		 315 break;
316 }
1da177e4
LT		 317}
318
416dc94b 319/* Enter sniff mode */
a74a84f6 320static void hci_conn_idle(struct work_struct *work)
416dc94b 321{
a74a84f6
JH		 322 struct hci_conn *conn = container_of(work, struct hci_conn,
323 idle_work.work);
416dc94b
GP		 324 struct hci_dev *hdev = conn->hdev;
325
38b3fef1 326 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b
GP		 327
328 if (test_bit(HCI_RAW, &hdev->flags))
329 return;
330
331 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
332 return;
333
334 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
335 return;
336
337 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
338 struct hci_cp_sniff_subrate cp;
339 cp.handle = cpu_to_le16(conn->handle);
82781e63
AE		 340 cp.max_latency = __constant_cpu_to_le16(0);
341 cp.min_remote_timeout = __constant_cpu_to_le16(0);
342 cp.min_local_timeout = __constant_cpu_to_le16(0);
416dc94b
GP		 343 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
344 }
345
51a8efd7 346 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 347 struct hci_cp_sniff_mode cp;
348 cp.handle = cpu_to_le16(conn->handle);
349 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
350 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
82781e63
AE		 351 cp.attempt = __constant_cpu_to_le16(4);
352 cp.timeout = __constant_cpu_to_le16(1);
416dc94b
GP		 353 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
354 }
355}
356
7bc18d9d 357static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 358{
7bc18d9d
JH		 359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 auto_accept_work.work);
9f61656a 361
7bc18d9d 362 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 363 &conn->dst);
9f61656a
JH		 364}
365
1da177e4
LT		 366struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
367{
368 struct hci_conn *conn;
369
6ed93dc6 370 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 371
cb601d7e 372 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
04837f64 373 if (!conn)
1da177e4 374 return NULL;
1da177e4
LT		 375
376 bacpy(&conn->dst, dst);
662e8820 377 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 378 conn->hdev = hdev;
379 conn->type = type;
380 conn->mode = HCI_CM_ACTIVE;
381 conn->state = BT_OPEN;
93f19c9f 382 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 383 conn->io_capability = hdev->io_capability;
a9583556 384 conn->remote_auth = 0xff;
13d39315 385 conn->key_type = 0xff;
1da177e4 386
58a681ef 387 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 388 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 389
a8746417
MH		 390 switch (type) {
391 case ACL_LINK:
392 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
393 break;
394 case SCO_LINK:
395 if (lmp_esco_capable(hdev))
efc7688b
MH		 396 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
397 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 398 else
399 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
400 break;
401 case ESCO_LINK:
efc7688b 402 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 403 break;
404 }
405
1da177e4 406 skb_queue_head_init(&conn->data_q);
04837f64 407
70c1f20b 408 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 409
19c40e3b 410 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 411 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 412 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1da177e4
LT		 413
414 atomic_set(&conn->refcnt, 0);
415
416 hci_dev_hold(hdev);
417
1da177e4 418 hci_conn_hash_add(hdev, conn);
3c54711c 419 if (hdev->notify)
1da177e4
LT		 420 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
421
a67e899c
MH		 422 hci_conn_init_sysfs(conn);
423
1da177e4
LT		 424 return conn;
425}
426
427int hci_conn_del(struct hci_conn *conn)
428{
429 struct hci_dev *hdev = conn->hdev;
430
38b3fef1 431 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 432
19c40e3b 433 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 434 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 435 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 436
5b7f9909 437 if (conn->type == ACL_LINK) {
1da177e4
LT		 438 struct hci_conn *sco = conn->link;
439 if (sco)
440 sco->link = NULL;
441
442 /* Unacked frames */
443 hdev->acl_cnt += conn->sent;
6ed58ec5
VT		 444 } else if (conn->type == LE_LINK) {
445 if (hdev->le_pkts)
446 hdev->le_cnt += conn->sent;
447 else
448 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 449 } else {
450 struct hci_conn *acl = conn->link;
451 if (acl) {
452 acl->link = NULL;
76a68ba0 453 hci_conn_drop(acl);
5b7f9909 454 }
1da177e4
LT		 455 }
456
2c33c06a 457 hci_chan_list_flush(conn);
73d80deb 458
9740e49d
AE		 459 if (conn->amp_mgr)
460 amp_mgr_put(conn->amp_mgr);
461
1da177e4 462 hci_conn_hash_del(hdev, conn);
3c54711c 463 if (hdev->notify)
1da177e4 464 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 465
1da177e4 466 skb_queue_purge(&conn->data_q);
1da177e4 467
fc225c3f 468 hci_conn_del_sysfs(conn);
2ae9a6be 469
384943ec
MH		 470 hci_dev_put(hdev);
471
8d12356f 472 hci_conn_put(conn);
163f4dab 473
1da177e4
LT		 474 return 0;
475}
476
477struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
478{
479 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 480 struct hci_dev *hdev = NULL, *d;
1da177e4 481
6ed93dc6 482 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 483
f20d09d5 484 read_lock(&hci_dev_list_lock);
1da177e4 485
8035ded4 486 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 487 if (!test_bit(HCI_UP, &d->flags) ||
d300fa9b 488 test_bit(HCI_RAW, &d->flags) ||
af750e94 489 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 490 d->dev_type != HCI_BREDR)
1da177e4
LT		 491 continue;
492
8e87d142 493 /* Simple routing:
1da177e4
LT		 494 * No source address - find interface with bdaddr != dst
495 * Source address - find interface with bdaddr == src
496 */
497
498 if (use_src) {
499 if (!bacmp(&d->bdaddr, src)) {
500 hdev = d; break;
501 }
502 } else {
503 if (bacmp(&d->bdaddr, dst)) {
504 hdev = d; break;
505 }
506 }
507 }
508
509 if (hdev)
510 hdev = hci_dev_hold(hdev);
511
f20d09d5 512 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 513 return hdev;
514}
515EXPORT_SYMBOL(hci_get_route);
516
9bb3c01f
AG		 517/* This function requires the caller holds hdev->lock */
518static void le_conn_failed(struct hci_conn *conn, u8 status)
519{
520 struct hci_dev *hdev = conn->hdev;
521
522 conn->state = BT_CLOSED;
523
524 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
525 status);
526
527 hci_proto_connect_cfm(conn, status);
528
529 hci_conn_del(conn);
530}
531
1d399ae5
AG		 532static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
533{
534 struct hci_conn *conn;
535
536 if (status == 0)
537 return;
538
539 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
540 status);
541
542 hci_dev_lock(hdev);
543
544 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
545 if (!conn)
546 goto done;
547
9bb3c01f 548 le_conn_failed(conn, status);
1d399ae5
AG		 549
550done:
551 hci_dev_unlock(hdev);
552}
553
554static int hci_create_le_conn(struct hci_conn *conn)
555{
556 struct hci_dev *hdev = conn->hdev;
557 struct hci_cp_le_create_conn cp;
558 struct hci_request req;
559 int err;
560
561 hci_req_init(&req, hdev);
562
563 memset(&cp, 0, sizeof(cp));
bef64738
MH		 564 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
565 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
1d399ae5
AG		 566 bacpy(&cp.peer_addr, &conn->dst);
567 cp.peer_addr_type = conn->dst_type;
e7c4096e 568 cp.own_address_type = conn->src_type;
1e406eef
AG		 569 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
570 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
1d399ae5
AG		 571 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
572 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
573 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
4e70c7e7 574
1d399ae5
AG		 575 hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
576
577 err = hci_req_run(&req, create_le_conn_complete);
578 if (err) {
579 hci_conn_del(conn);
580 return err;
581 }
582
583 return 0;
584}
585
d04aef4c
VCG		 586static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
587 u8 dst_type, u8 sec_level, u8 auth_type)
1da177e4 588{
4292f1f3 589 struct hci_conn_params *params;
f1e5d547 590 struct hci_conn *conn;
1ebfcc1f 591 struct smp_irk *irk;
1d399ae5 592 int err;
1da177e4 593
f3d3444a 594 if (test_bit(HCI_ADVERTISING, &hdev->flags))
f1550478
JH		 595 return ERR_PTR(-ENOTSUPP);
596
620ad521
AG		 597 /* Some devices send ATT messages as soon as the physical link is
598 * established. To be able to handle these ATT messages, the user-
599 * space first establishes the connection and then starts the pairing
600 * process.
601 *
602 * So if a hci_conn object already exists for the following connection
603 * attempt, we simply update pending_sec_level and auth_type fields
604 * and return the object found.
605 */
f1e5d547 606 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 607 if (conn) {
608 conn->pending_sec_level = sec_level;
609 conn->auth_type = auth_type;
610 goto done;
611 }
dfc94dbd 612
620ad521
AG		 613 /* Since the controller supports only one LE connection attempt at a
614 * time, we return -EBUSY if there is any connection attempt running.
615 */
616 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
617 if (conn)
618 return ERR_PTR(-EBUSY);
46a190cb 619
1ebfcc1f
JH		 620 /* Convert from L2CAP channel address type to HCI address type */
621 if (dst_type == BDADDR_LE_PUBLIC)
622 dst_type = ADDR_LE_DEV_PUBLIC;
623 else
624 dst_type = ADDR_LE_DEV_RANDOM;
625
edb4b466
MH		 626 /* When given an identity address with existing identity
627 * resolving key, the connection needs to be established
628 * to a resolvable random address.
629 *
630 * This uses the cached random resolvable address from
631 * a previous scan. When no cached address is available,
632 * try connecting to the identity address instead.
633 *
634 * Storing the resolvable random address is required here
635 * to handle connection failures. The address will later
636 * be resolved back into the original identity address
637 * from the connect request.
638 */
1ebfcc1f
JH		 639 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
640 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
641 dst = &irk->rpa;
642 dst_type = ADDR_LE_DEV_RANDOM;
643 }
644
620ad521
AG		 645 conn = hci_conn_add(hdev, LE_LINK, dst);
646 if (!conn)
647 return ERR_PTR(-ENOMEM);
9f0caeb1 648
1ebfcc1f 649 conn->dst_type = dst_type;
79830f66 650 conn->src_type = hdev->own_addr_type;
e7c4096e 651
620ad521
AG		 652 conn->state = BT_CONNECT;
653 conn->out = true;
654 conn->link_mode |= HCI_LM_MASTER;
655 conn->sec_level = BT_SECURITY_LOW;
f1e5d547
AG		 656 conn->pending_sec_level = sec_level;
657 conn->auth_type = auth_type;
4292f1f3
AG		 658
659 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
660 if (params) {
661 conn->le_conn_min_interval = params->conn_min_interval;
662 conn->le_conn_max_interval = params->conn_max_interval;
663 } else {
664 conn->le_conn_min_interval = hdev->le_conn_min_interval;
665 conn->le_conn_max_interval = hdev->le_conn_max_interval;
666 }
eda42b50 667
620ad521
AG		 668 err = hci_create_le_conn(conn);
669 if (err)
670 return ERR_PTR(err);
fcd89c09 671
620ad521
AG		 672done:
673 hci_conn_hold(conn);
f1e5d547 674 return conn;
d04aef4c 675}
fcd89c09 676
db474275
VCG		 677static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
678 u8 sec_level, u8 auth_type)
1da177e4
LT		 679{
680 struct hci_conn *acl;
fcd89c09 681
56f87901
JH		 682 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
683 return ERR_PTR(-ENOTSUPP);
684
70f23020
AE		 685 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
686 if (!acl) {
687 acl = hci_conn_add(hdev, ACL_LINK, dst);
688 if (!acl)
48c7aba9 689 return ERR_PTR(-ENOMEM);
1da177e4
LT		 690 }
691
692 hci_conn_hold(acl);
693
09ab6f4c 694 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 695 acl->sec_level = BT_SECURITY_LOW;
696 acl->pending_sec_level = sec_level;
09ab6f4c 697 acl->auth_type = auth_type;
1aef8669 698 hci_acl_create_connection(acl);
09ab6f4c 699 }
1da177e4 700
db474275
VCG		 701 return acl;
702}
703
10c62ddc
FD		 704struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
705 __u16 setting)
db474275
VCG		 706{
707 struct hci_conn *acl;
708 struct hci_conn *sco;
709
e660ed6c 710 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 711 if (IS_ERR(acl))
5b7f9909 712 return acl;
1da177e4 713
70f23020
AE		 714 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
715 if (!sco) {
716 sco = hci_conn_add(hdev, type, dst);
717 if (!sco) {
76a68ba0 718 hci_conn_drop(acl);
48c7aba9 719 return ERR_PTR(-ENOMEM);
1da177e4 720 }
5b7f9909 721 }
1da177e4 722
5b7f9909
MH		 723 acl->link = sco;
724 sco->link = acl;
1da177e4 725
5b7f9909 726 hci_conn_hold(sco);
1da177e4 727
10c62ddc
FD		 728 sco->setting = setting;
729
5b7f9909 730 if (acl->state == BT_CONNECTED &&
5974e4c4 731 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 732 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 733 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 734
51a8efd7 735 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 736 /* defer SCO setup until mode change completed */
51a8efd7 737 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 738 return sco;
739 }
740
741 hci_sco_setup(acl, 0x00);
b6a0dc82 742 }
5b7f9909
MH		 743
744 return sco;
1da177e4 745}
1da177e4 746
b7d839bf
VCG		 747/* Create SCO, ACL or LE connection. */
748struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
749 __u8 dst_type, __u8 sec_level, __u8 auth_type)
750{
6ed93dc6 751 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
b7d839bf 752
4cd2d983
VCG		 753 switch (type) {
754 case LE_LINK:
b7d839bf 755 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
4cd2d983 756 case ACL_LINK:
b7d839bf 757 return hci_connect_acl(hdev, dst, sec_level, auth_type);
4cd2d983 758 }
b7d839bf 759
4cd2d983 760 return ERR_PTR(-EINVAL);
b7d839bf
VCG		 761}
762
e7c29cb1
MH		 763/* Check link security requirement */
764int hci_conn_check_link_mode(struct hci_conn *conn)
765{
38b3fef1 766 BT_DBG("hcon %p", conn);
e7c29cb1 767
aa64a8b5 768 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
e7c29cb1
MH		 769 return 0;
770
771 return 1;
772}
e7c29cb1 773
1da177e4 774/* Authenticate remote device */
0684e5f9 775static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 776{
38b3fef1 777 BT_DBG("hcon %p", conn);
1da177e4 778
765c2a96
JH		 779 if (conn->pending_sec_level > sec_level)
780 sec_level = conn->pending_sec_level;
781
96a31833 782 if (sec_level > conn->sec_level)
765c2a96 783 conn->pending_sec_level = sec_level;
96a31833 784 else if (conn->link_mode & HCI_LM_AUTH)
1da177e4
LT		 785 return 1;
786
65cf686e
JH		 787 /* Make sure we preserve an existing MITM requirement*/
788 auth_type |= (conn->auth_type & 0x01);
789
96a31833
MH		 790 conn->auth_type = auth_type;
791
51a8efd7 792 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 793 struct hci_cp_auth_requested cp;
b7d05bad
PH		 794
795 /* encrypt must be pending if auth is also pending */
796 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
797
aca3192c 798 cp.handle = cpu_to_le16(conn->handle);
40be492f 799 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 800 sizeof(cp), &cp);
19f8def0 801 if (conn->key_type != 0xff)
51a8efd7 802 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 803 }
8c1b2355 804
1da177e4
LT		 805 return 0;
806}
1da177e4 807
13d39315
WR		 808/* Encrypt the the link */
809static void hci_conn_encrypt(struct hci_conn *conn)
810{
38b3fef1 811 BT_DBG("hcon %p", conn);
13d39315 812
51a8efd7 813 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 814 struct hci_cp_set_conn_encrypt cp;
815 cp.handle = cpu_to_le16(conn->handle);
816 cp.encrypt = 0x01;
817 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 818 &cp);
13d39315
WR		 819 }
820}
821
8c1b2355 822/* Enable security */
0684e5f9 823int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 824{
38b3fef1 825 BT_DBG("hcon %p", conn);
1da177e4 826
d8343f12
VCG		 827 if (conn->type == LE_LINK)
828 return smp_conn_security(conn, sec_level);
829
13d39315 830 /* For sdp we don't need the link key. */
8c1b2355
MH		 831 if (sec_level == BT_SECURITY_SDP)
832 return 1;
833
13d39315
WR		 834 /* For non 2.1 devices and low security level we don't need the link
835 key. */
aa64a8b5 836 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 837 return 1;
8c1b2355 838
13d39315
WR		 839 /* For other security levels we need the link key. */
840 if (!(conn->link_mode & HCI_LM_AUTH))
841 goto auth;
842
7b5a9241
MH		 843 /* An authenticated FIPS approved combination key has sufficient
844 * security for security level 4. */
845 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
846 sec_level == BT_SECURITY_FIPS)
847 goto encrypt;
848
849 /* An authenticated combination key has sufficient security for
850 security level 3. */
851 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
852 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
853 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 854 goto encrypt;
855
856 /* An unauthenticated combination key has sufficient security for
857 security level 1 and 2. */
66138ce8
MH		 858 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
859 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 860 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 861 goto encrypt;
862
863 /* A combination key has always sufficient security for the security
864 levels 1 or 2. High security level requires the combination key
865 is generated using maximum PIN code length (16).
866 For pre 2.1 units. */
867 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 868 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
869 conn->pin_length == 16))
13d39315
WR		 870 goto encrypt;
871
872auth:
51a8efd7 873 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 874 return 0;
875
6fdf658c
LAD		 876 if (!hci_conn_auth(conn, sec_level, auth_type))
877 return 0;
13d39315
WR		 878
879encrypt:
880 if (conn->link_mode & HCI_LM_ENCRYPT)
881 return 1;
8c1b2355 882
13d39315 883 hci_conn_encrypt(conn);
1da177e4
LT		 884 return 0;
885}
8c1b2355 886EXPORT_SYMBOL(hci_conn_security);
1da177e4 887
b3b1b061
WR		 888/* Check secure link requirement */
889int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
890{
38b3fef1 891 BT_DBG("hcon %p", conn);
b3b1b061 892
9cb2e030
MH		 893 /* Accept if non-secure or higher security level is required */
894 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
895 return 1;
b3b1b061 896
9cb2e030
MH		 897 /* Accept if secure or higher security level is already present */
898 if (conn->sec_level == BT_SECURITY_HIGH ||
899 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 900 return 1;
901
9cb2e030
MH		 902 /* Reject not secure link */
903 return 0;
b3b1b061
WR		 904}
905EXPORT_SYMBOL(hci_conn_check_secure);
906
1da177e4
LT		 907/* Change link key */
908int hci_conn_change_link_key(struct hci_conn *conn)
909{
38b3fef1 910 BT_DBG("hcon %p", conn);
1da177e4 911
51a8efd7 912 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 913 struct hci_cp_change_conn_link_key cp;
aca3192c 914 cp.handle = cpu_to_le16(conn->handle);
40be492f 915 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 916 sizeof(cp), &cp);
1da177e4 917 }
8c1b2355 918
1da177e4
LT		 919 return 0;
920}
1da177e4
LT		 921
922/* Switch role */
8c1b2355 923int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 924{
38b3fef1 925 BT_DBG("hcon %p", conn);
1da177e4
LT		 926
927 if (!role && conn->link_mode & HCI_LM_MASTER)
928 return 1;
929
51a8efd7 930 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 931 struct hci_cp_switch_role cp;
932 bacpy(&cp.bdaddr, &conn->dst);
933 cp.role = role;
a9de9248 934 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 935 }
8c1b2355 936
1da177e4
LT		 937 return 0;
938}
939EXPORT_SYMBOL(hci_conn_switch_role);
940
04837f64 941/* Enter active mode */
14b12d0b 942void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 943{
944 struct hci_dev *hdev = conn->hdev;
945
38b3fef1 946 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64
MH		 947
948 if (test_bit(HCI_RAW, &hdev->flags))
949 return;
950
14b12d0b
JG		 951 if (conn->mode != HCI_CM_SNIFF)
952 goto timer;
953
58a681ef 954 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 955 goto timer;
956
51a8efd7 957 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 958 struct hci_cp_exit_sniff_mode cp;
aca3192c 959 cp.handle = cpu_to_le16(conn->handle);
a9de9248 960 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 961 }
962
963timer:
964 if (hdev->idle_timeout > 0)
a74a84f6
JH		 965 queue_delayed_work(hdev->workqueue, &conn->idle_work,
966 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 967}
968
1da177e4
LT		 969/* Drop all connection on the device */
970void hci_conn_hash_flush(struct hci_dev *hdev)
971{
972 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 973 struct hci_conn *c, *n;
1da177e4
LT		 974
975 BT_DBG("hdev %s", hdev->name);
976
3c4e0df0 977 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 978 c->state = BT_CLOSED;
979
9f5a0d7b 980 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 981 hci_conn_del(c);
982 }
983}
984
a9de9248
MH		 985/* Check pending connect attempts */
986void hci_conn_check_pending(struct hci_dev *hdev)
987{
988 struct hci_conn *conn;
989
990 BT_DBG("hdev %s", hdev->name);
991
992 hci_dev_lock(hdev);
993
994 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
995 if (conn)
1aef8669 996 hci_acl_create_connection(conn);
a9de9248
MH		 997
998 hci_dev_unlock(hdev);
999}
1000
1da177e4
LT		 1001int hci_get_conn_list(void __user *arg)
1002{
fc5fef61 1003 struct hci_conn *c;
1da177e4
LT		 1004 struct hci_conn_list_req req, *cl;
1005 struct hci_conn_info *ci;
1006 struct hci_dev *hdev;
1da177e4
LT		 1007 int n = 0, size, err;
1008
1009 if (copy_from_user(&req, arg, sizeof(req)))
1010 return -EFAULT;
1011
1012 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1013 return -EINVAL;
1014
1015 size = sizeof(req) + req.conn_num * sizeof(*ci);
1016
70f23020
AE		 1017 cl = kmalloc(size, GFP_KERNEL);
1018 if (!cl)
1da177e4
LT		 1019 return -ENOMEM;
1020
70f23020
AE		 1021 hdev = hci_dev_get(req.dev_id);
1022 if (!hdev) {
1da177e4
LT		 1023 kfree(cl);
1024 return -ENODEV;
1025 }
1026
1027 ci = cl->conn_info;
1028
09fd0de5 1029 hci_dev_lock(hdev);
8035ded4 1030 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1031 bacpy(&(ci + n)->bdaddr, &c->dst);
1032 (ci + n)->handle = c->handle;
1033 (ci + n)->type = c->type;
1034 (ci + n)->out = c->out;
1035 (ci + n)->state = c->state;
1036 (ci + n)->link_mode = c->link_mode;
1037 if (++n >= req.conn_num)
1038 break;
1039 }
09fd0de5 1040 hci_dev_unlock(hdev);
1da177e4
LT		 1041
1042 cl->dev_id = hdev->id;
1043 cl->conn_num = n;
1044 size = sizeof(req) + n * sizeof(*ci);
1045
1046 hci_dev_put(hdev);
1047
1048 err = copy_to_user(arg, cl, size);
1049 kfree(cl);
1050
1051 return err ? -EFAULT : 0;
1052}
1053
1054int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1055{
1056 struct hci_conn_info_req req;
1057 struct hci_conn_info ci;
1058 struct hci_conn *conn;
1059 char __user *ptr = arg + sizeof(req);
1060
1061 if (copy_from_user(&req, arg, sizeof(req)))
1062 return -EFAULT;
1063
09fd0de5 1064 hci_dev_lock(hdev);
1da177e4
LT		 1065 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1066 if (conn) {
1067 bacpy(&ci.bdaddr, &conn->dst);
1068 ci.handle = conn->handle;
1069 ci.type = conn->type;
1070 ci.out = conn->out;
1071 ci.state = conn->state;
1072 ci.link_mode = conn->link_mode;
1073 }
09fd0de5 1074 hci_dev_unlock(hdev);
1da177e4
LT		 1075
1076 if (!conn)
1077 return -ENOENT;
1078
1079 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1080}
40be492f
MH		 1081
1082int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1083{
1084 struct hci_auth_info_req req;
1085 struct hci_conn *conn;
1086
1087 if (copy_from_user(&req, arg, sizeof(req)))
1088 return -EFAULT;
1089
09fd0de5 1090 hci_dev_lock(hdev);
40be492f
MH		 1091 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1092 if (conn)
1093 req.type = conn->auth_type;
09fd0de5 1094 hci_dev_unlock(hdev);
40be492f
MH		 1095
1096 if (!conn)
1097 return -ENOENT;
1098
1099 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1100}
73d80deb
LAD		 1101
1102struct hci_chan *hci_chan_create(struct hci_conn *conn)
1103{
1104 struct hci_dev *hdev = conn->hdev;
1105 struct hci_chan *chan;
1106
38b3fef1 1107 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1108
75d7735c 1109 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
73d80deb
LAD		 1110 if (!chan)
1111 return NULL;
1112
1113 chan->conn = conn;
1114 skb_queue_head_init(&chan->data_q);
168df8e5 1115 chan->state = BT_CONNECTED;
73d80deb 1116
8192edef 1117 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1118
1119 return chan;
1120}
1121
9472007c 1122void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1123{
1124 struct hci_conn *conn = chan->conn;
1125 struct hci_dev *hdev = conn->hdev;
1126
38b3fef1 1127 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1128
8192edef
GP		 1129 list_del_rcu(&chan->list);
1130
1131 synchronize_rcu();
73d80deb 1132
76a68ba0 1133 hci_conn_drop(conn);
e9b02748 1134
73d80deb
LAD		 1135 skb_queue_purge(&chan->data_q);
1136 kfree(chan);
73d80deb
LAD		 1137}
1138
2c33c06a 1139void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1140{
2a5a5ec6 1141 struct hci_chan *chan, *n;
73d80deb 1142
38b3fef1 1143 BT_DBG("hcon %p", conn);
73d80deb 1144
2a5a5ec6 1145 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1146 hci_chan_del(chan);
1147}
42c4e53e
AE		 1148
1149static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1150 __u16 handle)
1151{
1152 struct hci_chan *hchan;
1153
1154 list_for_each_entry(hchan, &hcon->chan_list, list) {
1155 if (hchan->handle == handle)
1156 return hchan;
1157 }
1158
1159 return NULL;
1160}
1161
1162struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1163{
1164 struct hci_conn_hash *h = &hdev->conn_hash;
1165 struct hci_conn *hcon;
1166 struct hci_chan *hchan = NULL;
1167
1168 rcu_read_lock();
1169
1170 list_for_each_entry_rcu(hcon, &h->list, list) {
1171 hchan = __hci_chan_lookup_handle(hcon, handle);
1172 if (hchan)
1173 break;
1174 }
1175
1176 rcu_read_unlock();
1177
1178 return hchan;
1179}
Linux 6.x block layer and io_uring tree(s)