projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Bluetooth: Use unresolvable private address for active scanning
[linux-2.6-block.git] / net / bluetooth / hci_conn.c
... / ...
CommitLineData
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
27#include <linux/export.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31
32#include "smp.h"
33#include "a2mp.h"
34
35struct sco_param {
36 u16 pkt_type;
37 u16 max_latency;
38};
39
40static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
46};
47
48static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
51};
52
53static void hci_le_create_connection_cancel(struct hci_conn *conn)
54{
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
56}
57
58static void hci_acl_create_connection(struct hci_conn *conn)
59{
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
63
64 BT_DBG("hcon %p", conn);
65
66 conn->state = BT_CONNECT;
67 conn->out = true;
68
69 conn->link_mode = HCI_LM_MASTER;
70
71 conn->attempt++;
72
73 conn->link_policy = hdev->link_policy;
74
75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
85 __constant_cpu_to_le16(0x8000);
86 }
87
88 memcpy(conn->dev_class, ie->data.dev_class, 3);
89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
91 }
92
93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
95 cp.role_switch = 0x01;
96 else
97 cp.role_switch = 0x00;
98
99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
100}
101
102static void hci_acl_create_connection_cancel(struct hci_conn *conn)
103{
104 struct hci_cp_create_conn_cancel cp;
105
106 BT_DBG("hcon %p", conn);
107
108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
113}
114
115static void hci_reject_sco(struct hci_conn *conn)
116{
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123}
124
125void hci_disconnect(struct hci_conn *conn, __u8 reason)
126{
127 struct hci_cp_disconnect cp;
128
129 BT_DBG("hcon %p", conn);
130
131 conn->state = BT_DISCONN;
132
133 cp.handle = cpu_to_le16(conn->handle);
134 cp.reason = reason;
135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
136}
137
138static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
139{
140 struct hci_cp_disconn_phy_link cp;
141
142 BT_DBG("hcon %p", conn);
143
144 conn->state = BT_DISCONN;
145
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
147 cp.reason = reason;
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
149 sizeof(cp), &cp);
150}
151
152static void hci_add_sco(struct hci_conn *conn, __u16 handle)
153{
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
156
157 BT_DBG("hcon %p", conn);
158
159 conn->state = BT_CONNECT;
160 conn->out = true;
161
162 conn->attempt++;
163
164 cp.handle = cpu_to_le16(handle);
165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
166
167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
168}
169
170bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
171{
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
174 const struct sco_param *param;
175
176 BT_DBG("hcon %p", conn);
177
178 conn->state = BT_CONNECT;
179 conn->out = true;
180
181 conn->attempt++;
182
183 cp.handle = cpu_to_le16(handle);
184
185 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
187 cp.voice_setting = cpu_to_le16(conn->setting);
188
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
192 return false;
193 cp.retrans_effort = 0x02;
194 param = &sco_param_wideband[conn->attempt - 1];
195 break;
196 case SCO_AIRMODE_CVSD:
197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
198 return false;
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
201 break;
202 default:
203 return false;
204 }
205
206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
208
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
210 return false;
211
212 return true;
213}
214
215void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
216 u16 latency, u16 to_multiplier)
217{
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
220
221 memset(&cp, 0, sizeof(cp));
222
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
228 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
229 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
230
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
232}
233
234void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
235 __u8 ltk[16])
236{
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
239
240 BT_DBG("hcon %p", conn);
241
242 memset(&cp, 0, sizeof(cp));
243
244 cp.handle = cpu_to_le16(conn->handle);
245 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
246 cp.ediv = ediv;
247 memcpy(cp.rand, rand, sizeof(cp.rand));
248
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
250}
251
252/* Device _must_ be locked */
253void hci_sco_setup(struct hci_conn *conn, __u8 status)
254{
255 struct hci_conn *sco = conn->link;
256
257 if (!sco)
258 return;
259
260 BT_DBG("hcon %p", conn);
261
262 if (!status) {
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
265 else
266 hci_add_sco(sco, conn->handle);
267 } else {
268 hci_proto_connect_cfm(sco, status);
269 hci_conn_del(sco);
270 }
271}
272
273static void hci_conn_disconnect(struct hci_conn *conn)
274{
275 __u8 reason = hci_proto_disconn_ind(conn);
276
277 switch (conn->type) {
278 case AMP_LINK:
279 hci_amp_disconn(conn, reason);
280 break;
281 default:
282 hci_disconnect(conn, reason);
283 break;
284 }
285}
286
287static void hci_conn_timeout(struct work_struct *work)
288{
289 struct hci_conn *conn = container_of(work, struct hci_conn,
290 disc_work.work);
291
292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
293
294 if (atomic_read(&conn->refcnt))
295 return;
296
297 switch (conn->state) {
298 case BT_CONNECT:
299 case BT_CONNECT2:
300 if (conn->out) {
301 if (conn->type == ACL_LINK)
302 hci_acl_create_connection_cancel(conn);
303 else if (conn->type == LE_LINK)
304 hci_le_create_connection_cancel(conn);
305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
307 }
308 break;
309 case BT_CONFIG:
310 case BT_CONNECTED:
311 hci_conn_disconnect(conn);
312 break;
313 default:
314 conn->state = BT_CLOSED;
315 break;
316 }
317}
318
319/* Enter sniff mode */
320static void hci_conn_idle(struct work_struct *work)
321{
322 struct hci_conn *conn = container_of(work, struct hci_conn,
323 idle_work.work);
324 struct hci_dev *hdev = conn->hdev;
325
326 BT_DBG("hcon %p mode %d", conn, conn->mode);
327
328 if (test_bit(HCI_RAW, &hdev->flags))
329 return;
330
331 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
332 return;
333
334 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
335 return;
336
337 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
338 struct hci_cp_sniff_subrate cp;
339 cp.handle = cpu_to_le16(conn->handle);
340 cp.max_latency = __constant_cpu_to_le16(0);
341 cp.min_remote_timeout = __constant_cpu_to_le16(0);
342 cp.min_local_timeout = __constant_cpu_to_le16(0);
343 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
344 }
345
346 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
347 struct hci_cp_sniff_mode cp;
348 cp.handle = cpu_to_le16(conn->handle);
349 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
350 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
351 cp.attempt = __constant_cpu_to_le16(4);
352 cp.timeout = __constant_cpu_to_le16(1);
353 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
354 }
355}
356
357static void hci_conn_auto_accept(struct work_struct *work)
358{
359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 auto_accept_work.work);
361
362 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
363 &conn->dst);
364}
365
366struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
367{
368 struct hci_conn *conn;
369
370 BT_DBG("%s dst %pMR", hdev->name, dst);
371
372 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
373 if (!conn)
374 return NULL;
375
376 bacpy(&conn->dst, dst);
377 bacpy(&conn->src, &hdev->bdaddr);
378 conn->hdev = hdev;
379 conn->type = type;
380 conn->mode = HCI_CM_ACTIVE;
381 conn->state = BT_OPEN;
382 conn->auth_type = HCI_AT_GENERAL_BONDING;
383 conn->io_capability = hdev->io_capability;
384 conn->remote_auth = 0xff;
385 conn->key_type = 0xff;
386
387 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
388 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
389
390 switch (type) {
391 case ACL_LINK:
392 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
393 break;
394 case SCO_LINK:
395 if (lmp_esco_capable(hdev))
396 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
397 (hdev->esco_type & EDR_ESCO_MASK);
398 else
399 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
400 break;
401 case ESCO_LINK:
402 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
403 break;
404 }
405
406 skb_queue_head_init(&conn->data_q);
407
408 INIT_LIST_HEAD(&conn->chan_list);
409
410 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
411 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
412 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
413
414 atomic_set(&conn->refcnt, 0);
415
416 hci_dev_hold(hdev);
417
418 hci_conn_hash_add(hdev, conn);
419 if (hdev->notify)
420 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
421
422 hci_conn_init_sysfs(conn);
423
424 return conn;
425}
426
427int hci_conn_del(struct hci_conn *conn)
428{
429 struct hci_dev *hdev = conn->hdev;
430
431 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
432
433 cancel_delayed_work_sync(&conn->disc_work);
434 cancel_delayed_work_sync(&conn->auto_accept_work);
435 cancel_delayed_work_sync(&conn->idle_work);
436
437 if (conn->type == ACL_LINK) {
438 struct hci_conn *sco = conn->link;
439 if (sco)
440 sco->link = NULL;
441
442 /* Unacked frames */
443 hdev->acl_cnt += conn->sent;
444 } else if (conn->type == LE_LINK) {
445 if (hdev->le_pkts)
446 hdev->le_cnt += conn->sent;
447 else
448 hdev->acl_cnt += conn->sent;
449 } else {
450 struct hci_conn *acl = conn->link;
451 if (acl) {
452 acl->link = NULL;
453 hci_conn_drop(acl);
454 }
455 }
456
457 hci_chan_list_flush(conn);
458
459 if (conn->amp_mgr)
460 amp_mgr_put(conn->amp_mgr);
461
462 hci_conn_hash_del(hdev, conn);
463 if (hdev->notify)
464 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
465
466 skb_queue_purge(&conn->data_q);
467
468 hci_conn_del_sysfs(conn);
469
470 hci_dev_put(hdev);
471
472 hci_conn_put(conn);
473
474 return 0;
475}
476
477struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
478{
479 int use_src = bacmp(src, BDADDR_ANY);
480 struct hci_dev *hdev = NULL, *d;
481
482 BT_DBG("%pMR -> %pMR", src, dst);
483
484 read_lock(&hci_dev_list_lock);
485
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (!test_bit(HCI_UP, &d->flags) ||
488 test_bit(HCI_RAW, &d->flags) ||
489 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
490 d->dev_type != HCI_BREDR)
491 continue;
492
493 /* Simple routing:
494 * No source address - find interface with bdaddr != dst
495 * Source address - find interface with bdaddr == src
496 */
497
498 if (use_src) {
499 if (!bacmp(&d->bdaddr, src)) {
500 hdev = d; break;
501 }
502 } else {
503 if (bacmp(&d->bdaddr, dst)) {
504 hdev = d; break;
505 }
506 }
507 }
508
509 if (hdev)
510 hdev = hci_dev_hold(hdev);
511
512 read_unlock(&hci_dev_list_lock);
513 return hdev;
514}
515EXPORT_SYMBOL(hci_get_route);
516
517/* This function requires the caller holds hdev->lock */
518static void le_conn_failed(struct hci_conn *conn, u8 status)
519{
520 struct hci_dev *hdev = conn->hdev;
521
522 conn->state = BT_CLOSED;
523
524 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
525 status);
526
527 hci_proto_connect_cfm(conn, status);
528
529 hci_conn_del(conn);
530}
531
532static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
533{
534 struct hci_conn *conn;
535
536 if (status == 0)
537 return;
538
539 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
540 status);
541
542 hci_dev_lock(hdev);
543
544 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
545 if (!conn)
546 goto done;
547
548 le_conn_failed(conn, status);
549
550done:
551 hci_dev_unlock(hdev);
552}
553
554static int hci_create_le_conn(struct hci_conn *conn)
555{
556 struct hci_dev *hdev = conn->hdev;
557 struct hci_cp_le_create_conn cp;
558 struct hci_request req;
559 u8 own_addr_type;
560 int err;
561
562 hci_req_init(&req, hdev);
563
564 memset(&cp, 0, sizeof(cp));
565
566 /* Update random address, but set require_privacy to false so
567 * that we never connect with an unresolvable address.
568 */
569 err = hci_update_random_address(&req, false, &own_addr_type);
570 if (err < 0)
571 return err;
572
573 conn->src_type = own_addr_type;
574
575 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
576 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
577 bacpy(&cp.peer_addr, &conn->dst);
578 cp.peer_addr_type = conn->dst_type;
579 cp.own_address_type = own_addr_type;
580 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
581 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
582 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
583 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
584 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
585
586 hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
587
588 err = hci_req_run(&req, create_le_conn_complete);
589 if (err) {
590 hci_conn_del(conn);
591 return err;
592 }
593
594 return 0;
595}
596
597static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
598 u8 dst_type, u8 sec_level, u8 auth_type)
599{
600 struct hci_conn_params *params;
601 struct hci_conn *conn;
602 struct smp_irk *irk;
603 int err;
604
605 if (test_bit(HCI_ADVERTISING, &hdev->flags))
606 return ERR_PTR(-ENOTSUPP);
607
608 /* Some devices send ATT messages as soon as the physical link is
609 * established. To be able to handle these ATT messages, the user-
610 * space first establishes the connection and then starts the pairing
611 * process.
612 *
613 * So if a hci_conn object already exists for the following connection
614 * attempt, we simply update pending_sec_level and auth_type fields
615 * and return the object found.
616 */
617 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
618 if (conn) {
619 conn->pending_sec_level = sec_level;
620 conn->auth_type = auth_type;
621 goto done;
622 }
623
624 /* Since the controller supports only one LE connection attempt at a
625 * time, we return -EBUSY if there is any connection attempt running.
626 */
627 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
628 if (conn)
629 return ERR_PTR(-EBUSY);
630
631 /* Convert from L2CAP channel address type to HCI address type */
632 if (dst_type == BDADDR_LE_PUBLIC)
633 dst_type = ADDR_LE_DEV_PUBLIC;
634 else
635 dst_type = ADDR_LE_DEV_RANDOM;
636
637 /* When given an identity address with existing identity
638 * resolving key, the connection needs to be established
639 * to a resolvable random address.
640 *
641 * This uses the cached random resolvable address from
642 * a previous scan. When no cached address is available,
643 * try connecting to the identity address instead.
644 *
645 * Storing the resolvable random address is required here
646 * to handle connection failures. The address will later
647 * be resolved back into the original identity address
648 * from the connect request.
649 */
650 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
651 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
652 dst = &irk->rpa;
653 dst_type = ADDR_LE_DEV_RANDOM;
654 }
655
656 conn = hci_conn_add(hdev, LE_LINK, dst);
657 if (!conn)
658 return ERR_PTR(-ENOMEM);
659
660 conn->dst_type = dst_type;
661
662 conn->state = BT_CONNECT;
663 conn->out = true;
664 conn->link_mode |= HCI_LM_MASTER;
665 conn->sec_level = BT_SECURITY_LOW;
666 conn->pending_sec_level = sec_level;
667 conn->auth_type = auth_type;
668
669 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
670 if (params) {
671 conn->le_conn_min_interval = params->conn_min_interval;
672 conn->le_conn_max_interval = params->conn_max_interval;
673 } else {
674 conn->le_conn_min_interval = hdev->le_conn_min_interval;
675 conn->le_conn_max_interval = hdev->le_conn_max_interval;
676 }
677
678 err = hci_create_le_conn(conn);
679 if (err)
680 return ERR_PTR(err);
681
682done:
683 hci_conn_hold(conn);
684 return conn;
685}
686
687static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
688 u8 sec_level, u8 auth_type)
689{
690 struct hci_conn *acl;
691
692 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
693 return ERR_PTR(-ENOTSUPP);
694
695 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
696 if (!acl) {
697 acl = hci_conn_add(hdev, ACL_LINK, dst);
698 if (!acl)
699 return ERR_PTR(-ENOMEM);
700 }
701
702 hci_conn_hold(acl);
703
704 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
705 acl->sec_level = BT_SECURITY_LOW;
706 acl->pending_sec_level = sec_level;
707 acl->auth_type = auth_type;
708 hci_acl_create_connection(acl);
709 }
710
711 return acl;
712}
713
714struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
715 __u16 setting)
716{
717 struct hci_conn *acl;
718 struct hci_conn *sco;
719
720 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
721 if (IS_ERR(acl))
722 return acl;
723
724 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
725 if (!sco) {
726 sco = hci_conn_add(hdev, type, dst);
727 if (!sco) {
728 hci_conn_drop(acl);
729 return ERR_PTR(-ENOMEM);
730 }
731 }
732
733 acl->link = sco;
734 sco->link = acl;
735
736 hci_conn_hold(sco);
737
738 sco->setting = setting;
739
740 if (acl->state == BT_CONNECTED &&
741 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
742 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
743 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
744
745 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
746 /* defer SCO setup until mode change completed */
747 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
748 return sco;
749 }
750
751 hci_sco_setup(acl, 0x00);
752 }
753
754 return sco;
755}
756
757/* Create SCO, ACL or LE connection. */
758struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
759 __u8 dst_type, __u8 sec_level, __u8 auth_type)
760{
761 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
762
763 switch (type) {
764 case LE_LINK:
765 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
766 case ACL_LINK:
767 return hci_connect_acl(hdev, dst, sec_level, auth_type);
768 }
769
770 return ERR_PTR(-EINVAL);
771}
772
773/* Check link security requirement */
774int hci_conn_check_link_mode(struct hci_conn *conn)
775{
776 BT_DBG("hcon %p", conn);
777
778 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
779 return 0;
780
781 return 1;
782}
783
784/* Authenticate remote device */
785static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
786{
787 BT_DBG("hcon %p", conn);
788
789 if (conn->pending_sec_level > sec_level)
790 sec_level = conn->pending_sec_level;
791
792 if (sec_level > conn->sec_level)
793 conn->pending_sec_level = sec_level;
794 else if (conn->link_mode & HCI_LM_AUTH)
795 return 1;
796
797 /* Make sure we preserve an existing MITM requirement*/
798 auth_type |= (conn->auth_type & 0x01);
799
800 conn->auth_type = auth_type;
801
802 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
803 struct hci_cp_auth_requested cp;
804
805 /* encrypt must be pending if auth is also pending */
806 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
807
808 cp.handle = cpu_to_le16(conn->handle);
809 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
810 sizeof(cp), &cp);
811 if (conn->key_type != 0xff)
812 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
813 }
814
815 return 0;
816}
817
818/* Encrypt the the link */
819static void hci_conn_encrypt(struct hci_conn *conn)
820{
821 BT_DBG("hcon %p", conn);
822
823 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
824 struct hci_cp_set_conn_encrypt cp;
825 cp.handle = cpu_to_le16(conn->handle);
826 cp.encrypt = 0x01;
827 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
828 &cp);
829 }
830}
831
832/* Enable security */
833int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
834{
835 BT_DBG("hcon %p", conn);
836
837 if (conn->type == LE_LINK)
838 return smp_conn_security(conn, sec_level);
839
840 /* For sdp we don't need the link key. */
841 if (sec_level == BT_SECURITY_SDP)
842 return 1;
843
844 /* For non 2.1 devices and low security level we don't need the link
845 key. */
846 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
847 return 1;
848
849 /* For other security levels we need the link key. */
850 if (!(conn->link_mode & HCI_LM_AUTH))
851 goto auth;
852
853 /* An authenticated FIPS approved combination key has sufficient
854 * security for security level 4. */
855 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
856 sec_level == BT_SECURITY_FIPS)
857 goto encrypt;
858
859 /* An authenticated combination key has sufficient security for
860 security level 3. */
861 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
862 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
863 sec_level == BT_SECURITY_HIGH)
864 goto encrypt;
865
866 /* An unauthenticated combination key has sufficient security for
867 security level 1 and 2. */
868 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
869 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
870 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
871 goto encrypt;
872
873 /* A combination key has always sufficient security for the security
874 levels 1 or 2. High security level requires the combination key
875 is generated using maximum PIN code length (16).
876 For pre 2.1 units. */
877 if (conn->key_type == HCI_LK_COMBINATION &&
878 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
879 conn->pin_length == 16))
880 goto encrypt;
881
882auth:
883 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
884 return 0;
885
886 if (!hci_conn_auth(conn, sec_level, auth_type))
887 return 0;
888
889encrypt:
890 if (conn->link_mode & HCI_LM_ENCRYPT)
891 return 1;
892
893 hci_conn_encrypt(conn);
894 return 0;
895}
896EXPORT_SYMBOL(hci_conn_security);
897
898/* Check secure link requirement */
899int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
900{
901 BT_DBG("hcon %p", conn);
902
903 /* Accept if non-secure or higher security level is required */
904 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
905 return 1;
906
907 /* Accept if secure or higher security level is already present */
908 if (conn->sec_level == BT_SECURITY_HIGH ||
909 conn->sec_level == BT_SECURITY_FIPS)
910 return 1;
911
912 /* Reject not secure link */
913 return 0;
914}
915EXPORT_SYMBOL(hci_conn_check_secure);
916
917/* Change link key */
918int hci_conn_change_link_key(struct hci_conn *conn)
919{
920 BT_DBG("hcon %p", conn);
921
922 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
923 struct hci_cp_change_conn_link_key cp;
924 cp.handle = cpu_to_le16(conn->handle);
925 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
926 sizeof(cp), &cp);
927 }
928
929 return 0;
930}
931
932/* Switch role */
933int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
934{
935 BT_DBG("hcon %p", conn);
936
937 if (!role && conn->link_mode & HCI_LM_MASTER)
938 return 1;
939
940 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
941 struct hci_cp_switch_role cp;
942 bacpy(&cp.bdaddr, &conn->dst);
943 cp.role = role;
944 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
945 }
946
947 return 0;
948}
949EXPORT_SYMBOL(hci_conn_switch_role);
950
951/* Enter active mode */
952void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
953{
954 struct hci_dev *hdev = conn->hdev;
955
956 BT_DBG("hcon %p mode %d", conn, conn->mode);
957
958 if (test_bit(HCI_RAW, &hdev->flags))
959 return;
960
961 if (conn->mode != HCI_CM_SNIFF)
962 goto timer;
963
964 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
965 goto timer;
966
967 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
968 struct hci_cp_exit_sniff_mode cp;
969 cp.handle = cpu_to_le16(conn->handle);
970 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
971 }
972
973timer:
974 if (hdev->idle_timeout > 0)
975 queue_delayed_work(hdev->workqueue, &conn->idle_work,
976 msecs_to_jiffies(hdev->idle_timeout));
977}
978
979/* Drop all connection on the device */
980void hci_conn_hash_flush(struct hci_dev *hdev)
981{
982 struct hci_conn_hash *h = &hdev->conn_hash;
983 struct hci_conn *c, *n;
984
985 BT_DBG("hdev %s", hdev->name);
986
987 list_for_each_entry_safe(c, n, &h->list, list) {
988 c->state = BT_CLOSED;
989
990 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
991 hci_conn_del(c);
992 }
993}
994
995/* Check pending connect attempts */
996void hci_conn_check_pending(struct hci_dev *hdev)
997{
998 struct hci_conn *conn;
999
1000 BT_DBG("hdev %s", hdev->name);
1001
1002 hci_dev_lock(hdev);
1003
1004 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1005 if (conn)
1006 hci_acl_create_connection(conn);
1007
1008 hci_dev_unlock(hdev);
1009}
1010
1011int hci_get_conn_list(void __user *arg)
1012{
1013 struct hci_conn *c;
1014 struct hci_conn_list_req req, *cl;
1015 struct hci_conn_info *ci;
1016 struct hci_dev *hdev;
1017 int n = 0, size, err;
1018
1019 if (copy_from_user(&req, arg, sizeof(req)))
1020 return -EFAULT;
1021
1022 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1023 return -EINVAL;
1024
1025 size = sizeof(req) + req.conn_num * sizeof(*ci);
1026
1027 cl = kmalloc(size, GFP_KERNEL);
1028 if (!cl)
1029 return -ENOMEM;
1030
1031 hdev = hci_dev_get(req.dev_id);
1032 if (!hdev) {
1033 kfree(cl);
1034 return -ENODEV;
1035 }
1036
1037 ci = cl->conn_info;
1038
1039 hci_dev_lock(hdev);
1040 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1041 bacpy(&(ci + n)->bdaddr, &c->dst);
1042 (ci + n)->handle = c->handle;
1043 (ci + n)->type = c->type;
1044 (ci + n)->out = c->out;
1045 (ci + n)->state = c->state;
1046 (ci + n)->link_mode = c->link_mode;
1047 if (++n >= req.conn_num)
1048 break;
1049 }
1050 hci_dev_unlock(hdev);
1051
1052 cl->dev_id = hdev->id;
1053 cl->conn_num = n;
1054 size = sizeof(req) + n * sizeof(*ci);
1055
1056 hci_dev_put(hdev);
1057
1058 err = copy_to_user(arg, cl, size);
1059 kfree(cl);
1060
1061 return err ? -EFAULT : 0;
1062}
1063
1064int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1065{
1066 struct hci_conn_info_req req;
1067 struct hci_conn_info ci;
1068 struct hci_conn *conn;
1069 char __user *ptr = arg + sizeof(req);
1070
1071 if (copy_from_user(&req, arg, sizeof(req)))
1072 return -EFAULT;
1073
1074 hci_dev_lock(hdev);
1075 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1076 if (conn) {
1077 bacpy(&ci.bdaddr, &conn->dst);
1078 ci.handle = conn->handle;
1079 ci.type = conn->type;
1080 ci.out = conn->out;
1081 ci.state = conn->state;
1082 ci.link_mode = conn->link_mode;
1083 }
1084 hci_dev_unlock(hdev);
1085
1086 if (!conn)
1087 return -ENOENT;
1088
1089 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1090}
1091
1092int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1093{
1094 struct hci_auth_info_req req;
1095 struct hci_conn *conn;
1096
1097 if (copy_from_user(&req, arg, sizeof(req)))
1098 return -EFAULT;
1099
1100 hci_dev_lock(hdev);
1101 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1102 if (conn)
1103 req.type = conn->auth_type;
1104 hci_dev_unlock(hdev);
1105
1106 if (!conn)
1107 return -ENOENT;
1108
1109 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1110}
1111
1112struct hci_chan *hci_chan_create(struct hci_conn *conn)
1113{
1114 struct hci_dev *hdev = conn->hdev;
1115 struct hci_chan *chan;
1116
1117 BT_DBG("%s hcon %p", hdev->name, conn);
1118
1119 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
1120 if (!chan)
1121 return NULL;
1122
1123 chan->conn = conn;
1124 skb_queue_head_init(&chan->data_q);
1125 chan->state = BT_CONNECTED;
1126
1127 list_add_rcu(&chan->list, &conn->chan_list);
1128
1129 return chan;
1130}
1131
1132void hci_chan_del(struct hci_chan *chan)
1133{
1134 struct hci_conn *conn = chan->conn;
1135 struct hci_dev *hdev = conn->hdev;
1136
1137 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
1138
1139 list_del_rcu(&chan->list);
1140
1141 synchronize_rcu();
1142
1143 hci_conn_drop(conn);
1144
1145 skb_queue_purge(&chan->data_q);
1146 kfree(chan);
1147}
1148
1149void hci_chan_list_flush(struct hci_conn *conn)
1150{
1151 struct hci_chan *chan, *n;
1152
1153 BT_DBG("hcon %p", conn);
1154
1155 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
1156 hci_chan_del(chan);
1157}
1158
1159static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1160 __u16 handle)
1161{
1162 struct hci_chan *hchan;
1163
1164 list_for_each_entry(hchan, &hcon->chan_list, list) {
1165 if (hchan->handle == handle)
1166 return hchan;
1167 }
1168
1169 return NULL;
1170}
1171
1172struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1173{
1174 struct hci_conn_hash *h = &hdev->conn_hash;
1175 struct hci_conn *hcon;
1176 struct hci_chan *hchan = NULL;
1177
1178 rcu_read_lock();
1179
1180 list_for_each_entry_rcu(hcon, &h->list, list) {
1181 hchan = __hci_chan_lookup_handle(hcon, handle);
1182 if (hchan)
1183 break;
1184 }
1185
1186 rcu_read_unlock();
1187
1188 return hchan;
1189}
Linux 6.x block layer and io_uring tree(s)