[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / hci_conn.c

/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI connection handling. */

#include <linux/module.h>

#include <linux/types.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/interrupt.h>
#include <linux/notifier.h>
#include <net/sock.h>

#include <asm/system.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

#ifndef CONFIG_BT_HCI_CORE_DEBUG
#undef  BT_DBG
#define BT_DBG(D...)
#endif

void hci_acl_connect(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;
	struct inquiry_entry *ie;
	struct hci_cp_create_conn cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	conn->link_mode = HCI_LM_MASTER;

	conn->attempt++;

	conn->link_policy = hdev->link_policy;

	memset(&cp, 0, sizeof(cp));
	bacpy(&cp.bdaddr, &conn->dst);
	cp.pscan_rep_mode = 0x02;

	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
			inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
		cp.pscan_rep_mode = ie->data.pscan_rep_mode;
		cp.pscan_mode     = ie->data.pscan_mode;
		cp.clock_offset   = ie->data.clock_offset | cpu_to_le16(0x8000);
		memcpy(conn->dev_class, ie->data.dev_class, 3);
	}

	cp.pkt_type = cpu_to_le16(conn->pkt_type);
	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
		cp.role_switch = 0x01;
	else
		cp.role_switch = 0x00;

	hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
}

static void hci_acl_connect_cancel(struct hci_conn *conn)
{
	struct hci_cp_create_conn_cancel cp;

	BT_DBG("%p", conn);

	if (conn->hdev->hci_ver < 2)
		return;

	bacpy(&cp.bdaddr, &conn->dst);
	hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
}

void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
{
	struct hci_cp_disconnect cp;

	BT_DBG("%p", conn);

	conn->state = BT_DISCONN;

	cp.handle = cpu_to_le16(conn->handle);
	cp.reason = reason;
	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
}

void hci_add_sco(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_add_sco cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	cp.handle   = cpu_to_le16(handle);
	cp.pkt_type = cpu_to_le16(conn->pkt_type);

	hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
}

void hci_setup_sync(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_setup_sync_conn cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	cp.handle   = cpu_to_le16(handle);
	cp.pkt_type = cpu_to_le16(conn->pkt_type);

	cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
	cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
	cp.max_latency    = cpu_to_le16(0xffff);
	cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
	cp.retrans_effort = 0xff;

	hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
}

static void hci_conn_timeout(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p state %d", conn, conn->state);

	if (atomic_read(&conn->refcnt))
		return;

	hci_dev_lock(hdev);

	switch (conn->state) {
	case BT_CONNECT:
		if (conn->type == ACL_LINK)
			hci_acl_connect_cancel(conn);
		else
			hci_acl_disconn(conn, 0x13);
		break;
	case BT_CONNECTED:
		hci_acl_disconn(conn, 0x13);
		break;
	default:
		conn->state = BT_CLOSED;
		break;
	}

	hci_dev_unlock(hdev);
}

static void hci_conn_idle(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	hci_conn_enter_sniff_mode(conn);
}

struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *conn;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
	if (!conn)
		return NULL;

	bacpy(&conn->dst, dst);
	conn->hdev  = hdev;
	conn->type  = type;
	conn->mode  = HCI_CM_ACTIVE;
	conn->state = BT_OPEN;

	conn->power_save = 1;

	switch (type) {
	case ACL_LINK:
		conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
		break;
	case SCO_LINK:
		if (lmp_esco_capable(hdev))
			conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
		else
			conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
		break;
	case ESCO_LINK:
		conn->pkt_type = hdev->esco_type;
		break;
	}

	skb_queue_head_init(&conn->data_q);

	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);

	atomic_set(&conn->refcnt, 0);

	hci_dev_hold(hdev);

	tasklet_disable(&hdev->tx_task);

	hci_conn_hash_add(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);

	hci_conn_add_sysfs(conn);

	tasklet_enable(&hdev->tx_task);

	return conn;
}

int hci_conn_del(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);

	del_timer(&conn->idle_timer);

	del_timer(&conn->disc_timer);

	if (conn->type == ACL_LINK) {
		struct hci_conn *sco = conn->link;
		if (sco)
			sco->link = NULL;

		/* Unacked frames */
		hdev->acl_cnt += conn->sent;
	} else {
		struct hci_conn *acl = conn->link;
		if (acl) {
			acl->link = NULL;
			hci_conn_put(acl);
		}
	}

	tasklet_disable(&hdev->tx_task);
	hci_conn_hash_del(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
	tasklet_enable(&hdev->tx_task);
	skb_queue_purge(&conn->data_q);
	hci_conn_del_sysfs(conn);

	return 0;
}

struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
{
	int use_src = bacmp(src, BDADDR_ANY);
	struct hci_dev *hdev = NULL;
	struct list_head *p;

	BT_DBG("%s -> %s", batostr(src), batostr(dst));

	read_lock_bh(&hci_dev_list_lock);

	list_for_each(p, &hci_dev_list) {
		struct hci_dev *d = list_entry(p, struct hci_dev, list);

		if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
			continue;

		/* Simple routing:
		 *   No source address - find interface with bdaddr != dst
		 *   Source address    - find interface with bdaddr == src
		 */

		if (use_src) {
			if (!bacmp(&d->bdaddr, src)) {
				hdev = d; break;
			}
		} else {
			if (bacmp(&d->bdaddr, dst)) {
				hdev = d; break;
			}
		}
	}

	if (hdev)
		hdev = hci_dev_hold(hdev);

	read_unlock_bh(&hci_dev_list_lock);
	return hdev;
}
EXPORT_SYMBOL(hci_get_route);

/* Create SCO or ACL connection.
 * Device _must_ be locked */
struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *acl;
	struct hci_conn *sco;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
		if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
			return NULL;
	}

	hci_conn_hold(acl);

	if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
		hci_acl_connect(acl);

	if (type == ACL_LINK)
		return acl;

	if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
		if (!(sco = hci_conn_add(hdev, type, dst))) {
			hci_conn_put(acl);
			return NULL;
		}
	}

	acl->link = sco;
	sco->link = acl;

	hci_conn_hold(sco);

	if (acl->state == BT_CONNECTED &&
			(sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
		if (lmp_esco_capable(hdev))
			hci_setup_sync(sco, acl->handle);
		else
			hci_add_sco(sco, acl->handle);
	}

	return sco;
}
EXPORT_SYMBOL(hci_connect);

/* Authenticate remote device */
int hci_conn_auth(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->link_mode & HCI_LM_AUTH)
		return 1;

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_auth_requested cp;
		cp.handle = cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_auth);

/* Enable encryption */
int hci_conn_encrypt(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->link_mode & HCI_LM_ENCRYPT)
		return 1;

	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
		return 0;

	if (hci_conn_auth(conn)) {
		struct hci_cp_set_conn_encrypt cp;
		cp.handle  = cpu_to_le16(conn->handle);
		cp.encrypt = 1;
		hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_encrypt);

/* Change link key */
int hci_conn_change_link_key(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_change_conn_link_key cp;
		cp.handle = cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_change_link_key);

/* Switch role */
int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
{
	BT_DBG("conn %p", conn);

	if (!role && conn->link_mode & HCI_LM_MASTER)
		return 1;

	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
		struct hci_cp_switch_role cp;
		bacpy(&cp.bdaddr, &conn->dst);
		cp.role = role;
		hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_switch_role);

/* Enter active mode */
void hci_conn_enter_active_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
		goto timer;

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_exit_sniff_mode cp;
		cp.handle = cpu_to_le16(conn->handle);
		hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
	}

timer:
	if (hdev->idle_timeout > 0)
		mod_timer(&conn->idle_timer,
			jiffies + msecs_to_jiffies(hdev->idle_timeout));
}

/* Enter sniff mode */
void hci_conn_enter_sniff_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
		return;

	if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
		return;

	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
		struct hci_cp_sniff_subrate cp;
		cp.handle             = cpu_to_le16(conn->handle);
		cp.max_latency        = cpu_to_le16(0);
		cp.min_remote_timeout = cpu_to_le16(0);
		cp.min_local_timeout  = cpu_to_le16(0);
		hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
	}

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_sniff_mode cp;
		cp.handle       = cpu_to_le16(conn->handle);
		cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
		cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
		cp.attempt      = cpu_to_le16(4);
		cp.timeout      = cpu_to_le16(1);
		hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
	}
}

/* Drop all connection on the device */
void hci_conn_hash_flush(struct hci_dev *hdev)
{
	struct hci_conn_hash *h = &hdev->conn_hash;
	struct list_head *p;

	BT_DBG("hdev %s", hdev->name);

	p = h->list.next;
	while (p != &h->list) {
		struct hci_conn *c;

		c = list_entry(p, struct hci_conn, list);
		p = p->next;

		c->state = BT_CLOSED;

		hci_proto_disconn_ind(c, 0x16);
		hci_conn_del(c);
	}
}

/* Check pending connect attempts */
void hci_conn_check_pending(struct hci_dev *hdev)
{
	struct hci_conn *conn;

	BT_DBG("hdev %s", hdev->name);

	hci_dev_lock(hdev);

	conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
	if (conn)
		hci_acl_connect(conn);

	hci_dev_unlock(hdev);
}

int hci_get_conn_list(void __user *arg)
{
	struct hci_conn_list_req req, *cl;
	struct hci_conn_info *ci;
	struct hci_dev *hdev;
	struct list_head *p;
	int n = 0, size, err;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
		return -EINVAL;

	size = sizeof(req) + req.conn_num * sizeof(*ci);

	if (!(cl = kmalloc(size, GFP_KERNEL)))
		return -ENOMEM;

	if (!(hdev = hci_dev_get(req.dev_id))) {
		kfree(cl);
		return -ENODEV;
	}

	ci = cl->conn_info;

	hci_dev_lock_bh(hdev);
	list_for_each(p, &hdev->conn_hash.list) {
		register struct hci_conn *c;
		c = list_entry(p, struct hci_conn, list);

		bacpy(&(ci + n)->bdaddr, &c->dst);
		(ci + n)->handle = c->handle;
		(ci + n)->type  = c->type;
		(ci + n)->out   = c->out;
		(ci + n)->state = c->state;
		(ci + n)->link_mode = c->link_mode;
		if (++n >= req.conn_num)
			break;
	}
	hci_dev_unlock_bh(hdev);

	cl->dev_id = hdev->id;
	cl->conn_num = n;
	size = sizeof(req) + n * sizeof(*ci);

	hci_dev_put(hdev);

	err = copy_to_user(arg, cl, size);
	kfree(cl);

	return err ? -EFAULT : 0;
}

int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_conn_info_req req;
	struct hci_conn_info ci;
	struct hci_conn *conn;
	char __user *ptr = arg + sizeof(req);

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	hci_dev_lock_bh(hdev);
	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	if (conn) {
		bacpy(&ci.bdaddr, &conn->dst);
		ci.handle = conn->handle;
		ci.type  = conn->type;
		ci.out   = conn->out;
		ci.state = conn->state;
		ci.link_mode = conn->link_mode;
	}
	hci_dev_unlock_bh(hdev);

	if (!conn)
		return -ENOENT;

	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
}
Commit	Line	Data
8e87d142	1	/*
1da177e4 LT	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142 YH	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4 LT	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1da177e4 LT	19
8e87d142 YH	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
8e87d142 YH	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4 LT	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI connection handling. */
	26
1da177e4 LT	27	#include <linux/module.h>
	28
	29	#include <linux/types.h>
	30	#include <linux/errno.h>
	31	#include <linux/kernel.h>
1da177e4 LT	32	#include <linux/slab.h>
	33	#include <linux/poll.h>
	34	#include <linux/fcntl.h>
	35	#include <linux/init.h>
	36	#include <linux/skbuff.h>
	37	#include <linux/interrupt.h>
	38	#include <linux/notifier.h>
	39	#include <net/sock.h>
	40
	41	#include <asm/system.h>
	42	#include <asm/uaccess.h>
	43	#include <asm/unaligned.h>
	44
	45	#include <net/bluetooth/bluetooth.h>
	46	#include <net/bluetooth/hci_core.h>
	47
	48	#ifndef CONFIG_BT_HCI_CORE_DEBUG
	49	#undef BT_DBG
	50	#define BT_DBG(D...)
	51	#endif
	52
4c67bc74	53	void hci_acl_connect(struct hci_conn *conn)
1da177e4 LT	54	{
	55	struct hci_dev *hdev = conn->hdev;
	56	struct inquiry_entry *ie;
	57	struct hci_cp_create_conn cp;
	58
	59	BT_DBG("%p", conn);
	60
	61	conn->state = BT_CONNECT;
a8746417 MH	62	conn->out = 1;
a8746417 MH	63
1da177e4 LT	64	conn->link_mode = HCI_LM_MASTER;
1da177e4 LT	65
4c67bc74 MH	66	conn->attempt++;
4c67bc74 MH	67
e4e8e37c MH	68	conn->link_policy = hdev->link_policy;
e4e8e37c MH	69
1da177e4 LT	70	memset(&cp, 0, sizeof(cp));
	71	bacpy(&cp.bdaddr, &conn->dst);
	72	cp.pscan_rep_mode = 0x02;
	73
	74	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
	75	inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
	76	cp.pscan_rep_mode = ie->data.pscan_rep_mode;
	77	cp.pscan_mode = ie->data.pscan_mode;
aca3192c	78	cp.clock_offset = ie->data.clock_offset \| cpu_to_le16(0x8000);
1da177e4 LT	79	memcpy(conn->dev_class, ie->data.dev_class, 3);
	80	}
	81
a8746417	82	cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4	83	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82	84	cp.role_switch = 0x01;
1da177e4	85	else
b6a0dc82	86	cp.role_switch = 0x00;
4c67bc74	87
a9de9248	88	hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4 LT	89	}
1da177e4 LT	90
6ac59344 MH	91	static void hci_acl_connect_cancel(struct hci_conn *conn)
	92	{
	93	struct hci_cp_create_conn_cancel cp;
	94
	95	BT_DBG("%p", conn);
	96
	97	if (conn->hdev->hci_ver < 2)
	98	return;
	99
	100	bacpy(&cp.bdaddr, &conn->dst);
a9de9248	101	hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344 MH	102	}
6ac59344 MH	103
1da177e4 LT	104	void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
	105	{
	106	struct hci_cp_disconnect cp;
	107
	108	BT_DBG("%p", conn);
	109
	110	conn->state = BT_DISCONN;
	111
aca3192c	112	cp.handle = cpu_to_le16(conn->handle);
1da177e4	113	cp.reason = reason;
a9de9248	114	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4 LT	115	}
	116
	117	void hci_add_sco(struct hci_conn *conn, __u16 handle)
	118	{
	119	struct hci_dev *hdev = conn->hdev;
	120	struct hci_cp_add_sco cp;
	121
	122	BT_DBG("%p", conn);
	123
	124	conn->state = BT_CONNECT;
	125	conn->out = 1;
	126
aca3192c	127	cp.handle = cpu_to_le16(handle);
a8746417	128	cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4	129
a9de9248	130	hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4 LT	131	}
1da177e4 LT	132
b6a0dc82 MH	133	void hci_setup_sync(struct hci_conn *conn, __u16 handle)
	134	{
	135	struct hci_dev *hdev = conn->hdev;
	136	struct hci_cp_setup_sync_conn cp;
	137
	138	BT_DBG("%p", conn);
	139
	140	conn->state = BT_CONNECT;
	141	conn->out = 1;
	142
	143	cp.handle = cpu_to_le16(handle);
a8746417	144	cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 MH	145
	146	cp.tx_bandwidth = cpu_to_le32(0x00001f40);
	147	cp.rx_bandwidth = cpu_to_le32(0x00001f40);
	148	cp.max_latency = cpu_to_le16(0xffff);
	149	cp.voice_setting = cpu_to_le16(hdev->voice_setting);
	150	cp.retrans_effort = 0xff;
	151
	152	hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
	153	}
	154
1da177e4 LT	155	static void hci_conn_timeout(unsigned long arg)
1da177e4 LT	156	{
04837f64 MH	157	struct hci_conn conn = (void ) arg;
04837f64 MH	158	struct hci_dev *hdev = conn->hdev;
1da177e4 LT	159
	160	BT_DBG("conn %p state %d", conn, conn->state);
	161
	162	if (atomic_read(&conn->refcnt))
	163	return;
	164
	165	hci_dev_lock(hdev);
6ac59344 MH	166
	167	switch (conn->state) {
	168	case BT_CONNECT:
b6a0dc82 MH	169	if (conn->type == ACL_LINK)
	170	hci_acl_connect_cancel(conn);
	171	else
	172	hci_acl_disconn(conn, 0x13);
6ac59344	173	break;
8e87d142	174	case BT_CONNECTED:
1da177e4	175	hci_acl_disconn(conn, 0x13);
6ac59344 MH	176	break;
6ac59344 MH	177	default:
1da177e4	178	conn->state = BT_CLOSED;
6ac59344 MH	179	break;
	180	}
	181
1da177e4	182	hci_dev_unlock(hdev);
1da177e4 LT	183	}
1da177e4 LT	184
04837f64	185	static void hci_conn_idle(unsigned long arg)
1da177e4	186	{
04837f64 MH	187	struct hci_conn conn = (void ) arg;
	188
	189	BT_DBG("conn %p mode %d", conn, conn->mode);
	190
	191	hci_conn_enter_sniff_mode(conn);
1da177e4 LT	192	}
	193
	194	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
	195	{
	196	struct hci_conn *conn;
	197
	198	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	199
04837f64 MH	200	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
04837f64 MH	201	if (!conn)
1da177e4	202	return NULL;
1da177e4 LT	203
1da177e4 LT	204	bacpy(&conn->dst, dst);
a8746417 MH	205	conn->hdev = hdev;
	206	conn->type = type;
	207	conn->mode = HCI_CM_ACTIVE;
	208	conn->state = BT_OPEN;
1da177e4	209
04837f64 MH	210	conn->power_save = 1;
04837f64 MH	211
a8746417 MH	212	switch (type) {
	213	case ACL_LINK:
	214	conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
	215	break;
	216	case SCO_LINK:
	217	if (lmp_esco_capable(hdev))
	218	conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
	219	else
	220	conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
	221	break;
	222	case ESCO_LINK:
	223	conn->pkt_type = hdev->esco_type;
	224	break;
	225	}
	226
1da177e4	227	skb_queue_head_init(&conn->data_q);
04837f64	228
b24b8a24 PE	229	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
b24b8a24 PE	230	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
1da177e4 LT	231
	232	atomic_set(&conn->refcnt, 0);
	233
	234	hci_dev_hold(hdev);
	235
	236	tasklet_disable(&hdev->tx_task);
	237
	238	hci_conn_hash_add(hdev, conn);
	239	if (hdev->notify)
	240	hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
	241
b219e3ac MH	242	hci_conn_add_sysfs(conn);
b219e3ac MH	243
1da177e4 LT	244	tasklet_enable(&hdev->tx_task);
	245
	246	return conn;
	247	}
	248
	249	int hci_conn_del(struct hci_conn *conn)
	250	{
	251	struct hci_dev *hdev = conn->hdev;
	252
	253	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
	254
04837f64 MH	255	del_timer(&conn->idle_timer);
	256
	257	del_timer(&conn->disc_timer);
1da177e4	258
5b7f9909	259	if (conn->type == ACL_LINK) {
1da177e4 LT	260	struct hci_conn *sco = conn->link;
	261	if (sco)
	262	sco->link = NULL;
	263
	264	/* Unacked frames */
	265	hdev->acl_cnt += conn->sent;
5b7f9909 MH	266	} else {
	267	struct hci_conn *acl = conn->link;
	268	if (acl) {
	269	acl->link = NULL;
	270	hci_conn_put(acl);
	271	}
1da177e4 LT	272	}
	273
	274	tasklet_disable(&hdev->tx_task);
1da177e4 LT	275	hci_conn_hash_del(hdev, conn);
	276	if (hdev->notify)
	277	hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
1da177e4	278	tasklet_enable(&hdev->tx_task);
1da177e4	279	skb_queue_purge(&conn->data_q);
38b7da09	280	hci_conn_del_sysfs(conn);
1da177e4	281
1da177e4 LT	282	return 0;
	283	}
	284
	285	struct hci_dev hci_get_route(bdaddr_t dst, bdaddr_t *src)
	286	{
	287	int use_src = bacmp(src, BDADDR_ANY);
	288	struct hci_dev *hdev = NULL;
	289	struct list_head *p;
	290
	291	BT_DBG("%s -> %s", batostr(src), batostr(dst));
	292
	293	read_lock_bh(&hci_dev_list_lock);
	294
	295	list_for_each(p, &hci_dev_list) {
	296	struct hci_dev *d = list_entry(p, struct hci_dev, list);
	297
	298	if (!test_bit(HCI_UP, &d->flags) \|\| test_bit(HCI_RAW, &d->flags))
	299	continue;
	300
8e87d142	301	/* Simple routing:
1da177e4 LT	302	* No source address - find interface with bdaddr != dst
	303	* Source address - find interface with bdaddr == src
	304	*/
	305
	306	if (use_src) {
	307	if (!bacmp(&d->bdaddr, src)) {
	308	hdev = d; break;
	309	}
	310	} else {
	311	if (bacmp(&d->bdaddr, dst)) {
	312	hdev = d; break;
	313	}
	314	}
	315	}
	316
	317	if (hdev)
	318	hdev = hci_dev_hold(hdev);
	319
	320	read_unlock_bh(&hci_dev_list_lock);
	321	return hdev;
	322	}
	323	EXPORT_SYMBOL(hci_get_route);
	324
	325	/* Create SCO or ACL connection.
	326	* Device _must_ be locked */
5b7f9909	327	struct hci_conn hci_connect(struct hci_dev hdev, int type, bdaddr_t *dst)
1da177e4 LT	328	{
1da177e4 LT	329	struct hci_conn *acl;
5b7f9909	330	struct hci_conn *sco;
1da177e4 LT	331
	332	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	333
	334	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
	335	if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
	336	return NULL;
	337	}
	338
	339	hci_conn_hold(acl);
	340
	341	if (acl->state == BT_OPEN \|\| acl->state == BT_CLOSED)
	342	hci_acl_connect(acl);
	343
5b7f9909 MH	344	if (type == ACL_LINK)
5b7f9909 MH	345	return acl;
1da177e4	346
5b7f9909 MH	347	if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
	348	if (!(sco = hci_conn_add(hdev, type, dst))) {
	349	hci_conn_put(acl);
	350	return NULL;
1da177e4	351	}
5b7f9909	352	}
1da177e4	353
5b7f9909 MH	354	acl->link = sco;
5b7f9909 MH	355	sco->link = acl;
1da177e4	356
5b7f9909	357	hci_conn_hold(sco);
1da177e4	358
5b7f9909	359	if (acl->state == BT_CONNECTED &&
b6a0dc82 MH	360	(sco->state == BT_OPEN \|\| sco->state == BT_CLOSED)) {
	361	if (lmp_esco_capable(hdev))
	362	hci_setup_sync(sco, acl->handle);
	363	else
	364	hci_add_sco(sco, acl->handle);
	365	}
5b7f9909 MH	366
5b7f9909 MH	367	return sco;
1da177e4 LT	368	}
	369	EXPORT_SYMBOL(hci_connect);
	370
	371	/* Authenticate remote device */
	372	int hci_conn_auth(struct hci_conn *conn)
	373	{
	374	BT_DBG("conn %p", conn);
	375
	376	if (conn->link_mode & HCI_LM_AUTH)
	377	return 1;
	378
	379	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
	380	struct hci_cp_auth_requested cp;
aca3192c	381	cp.handle = cpu_to_le16(conn->handle);
a9de9248	382	hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1da177e4 LT	383	}
	384	return 0;
	385	}
	386	EXPORT_SYMBOL(hci_conn_auth);
	387
	388	/* Enable encryption */
	389	int hci_conn_encrypt(struct hci_conn *conn)
	390	{
	391	BT_DBG("conn %p", conn);
	392
	393	if (conn->link_mode & HCI_LM_ENCRYPT)
	394	return 1;
	395
	396	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
	397	return 0;
	398
	399	if (hci_conn_auth(conn)) {
	400	struct hci_cp_set_conn_encrypt cp;
aca3192c	401	cp.handle = cpu_to_le16(conn->handle);
8e87d142	402	cp.encrypt = 1;
a9de9248	403	hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
1da177e4 LT	404	}
	405	return 0;
	406	}
	407	EXPORT_SYMBOL(hci_conn_encrypt);
	408
	409	/* Change link key */
	410	int hci_conn_change_link_key(struct hci_conn *conn)
	411	{
	412	BT_DBG("conn %p", conn);
	413
	414	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
	415	struct hci_cp_change_conn_link_key cp;
aca3192c	416	cp.handle = cpu_to_le16(conn->handle);
a9de9248	417	hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
1da177e4 LT	418	}
	419	return 0;
	420	}
	421	EXPORT_SYMBOL(hci_conn_change_link_key);
	422
	423	/* Switch role */
	424	int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
	425	{
	426	BT_DBG("conn %p", conn);
	427
	428	if (!role && conn->link_mode & HCI_LM_MASTER)
	429	return 1;
	430
	431	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
	432	struct hci_cp_switch_role cp;
	433	bacpy(&cp.bdaddr, &conn->dst);
	434	cp.role = role;
a9de9248	435	hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 LT	436	}
	437	return 0;
	438	}
	439	EXPORT_SYMBOL(hci_conn_switch_role);
	440
04837f64 MH	441	/* Enter active mode */
	442	void hci_conn_enter_active_mode(struct hci_conn *conn)
	443	{
	444	struct hci_dev *hdev = conn->hdev;
	445
	446	BT_DBG("conn %p mode %d", conn, conn->mode);
	447
	448	if (test_bit(HCI_RAW, &hdev->flags))
	449	return;
	450
	451	if (conn->mode != HCI_CM_SNIFF \|\| !conn->power_save)
	452	goto timer;
	453
	454	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	455	struct hci_cp_exit_sniff_mode cp;
aca3192c	456	cp.handle = cpu_to_le16(conn->handle);
a9de9248	457	hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64 MH	458	}
	459
	460	timer:
	461	if (hdev->idle_timeout > 0)
	462	mod_timer(&conn->idle_timer,
	463	jiffies + msecs_to_jiffies(hdev->idle_timeout));
	464	}
	465
	466	/* Enter sniff mode */
	467	void hci_conn_enter_sniff_mode(struct hci_conn *conn)
	468	{
	469	struct hci_dev *hdev = conn->hdev;
	470
	471	BT_DBG("conn %p mode %d", conn, conn->mode);
	472
	473	if (test_bit(HCI_RAW, &hdev->flags))
	474	return;
	475
	476	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))
	477	return;
	478
	479	if (conn->mode != HCI_CM_ACTIVE \|\| !(conn->link_policy & HCI_LP_SNIFF))
	480	return;
	481
	482	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
	483	struct hci_cp_sniff_subrate cp;
aca3192c YH	484	cp.handle = cpu_to_le16(conn->handle);
	485	cp.max_latency = cpu_to_le16(0);
	486	cp.min_remote_timeout = cpu_to_le16(0);
	487	cp.min_local_timeout = cpu_to_le16(0);
a9de9248	488	hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
04837f64 MH	489	}
	490
	491	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	492	struct hci_cp_sniff_mode cp;
aca3192c YH	493	cp.handle = cpu_to_le16(conn->handle);
	494	cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
	495	cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
	496	cp.attempt = cpu_to_le16(4);
	497	cp.timeout = cpu_to_le16(1);
a9de9248	498	hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
04837f64 MH	499	}
	500	}
	501
1da177e4 LT	502	/* Drop all connection on the device */
	503	void hci_conn_hash_flush(struct hci_dev *hdev)
	504	{
	505	struct hci_conn_hash *h = &hdev->conn_hash;
	506	struct list_head *p;
	507
	508	BT_DBG("hdev %s", hdev->name);
	509
	510	p = h->list.next;
	511	while (p != &h->list) {
	512	struct hci_conn *c;
	513
	514	c = list_entry(p, struct hci_conn, list);
	515	p = p->next;
	516
	517	c->state = BT_CLOSED;
	518
	519	hci_proto_disconn_ind(c, 0x16);
	520	hci_conn_del(c);
	521	}
	522	}
	523
a9de9248 MH	524	/* Check pending connect attempts */
	525	void hci_conn_check_pending(struct hci_dev *hdev)
	526	{
	527	struct hci_conn *conn;
	528
	529	BT_DBG("hdev %s", hdev->name);
	530
	531	hci_dev_lock(hdev);
	532
	533	conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
	534	if (conn)
	535	hci_acl_connect(conn);
	536
	537	hci_dev_unlock(hdev);
	538	}
	539
1da177e4 LT	540	int hci_get_conn_list(void __user *arg)
	541	{
	542	struct hci_conn_list_req req, *cl;
	543	struct hci_conn_info *ci;
	544	struct hci_dev *hdev;
	545	struct list_head *p;
	546	int n = 0, size, err;
	547
	548	if (copy_from_user(&req, arg, sizeof(req)))
	549	return -EFAULT;
	550
	551	if (!req.conn_num \|\| req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
	552	return -EINVAL;
	553
	554	size = sizeof(req) + req.conn_num * sizeof(*ci);
	555
12fe2c58	556	if (!(cl = kmalloc(size, GFP_KERNEL)))
1da177e4 LT	557	return -ENOMEM;
	558
	559	if (!(hdev = hci_dev_get(req.dev_id))) {
	560	kfree(cl);
	561	return -ENODEV;
	562	}
	563
	564	ci = cl->conn_info;
	565
	566	hci_dev_lock_bh(hdev);
	567	list_for_each(p, &hdev->conn_hash.list) {
	568	register struct hci_conn *c;
	569	c = list_entry(p, struct hci_conn, list);
	570
	571	bacpy(&(ci + n)->bdaddr, &c->dst);
	572	(ci + n)->handle = c->handle;
	573	(ci + n)->type = c->type;
	574	(ci + n)->out = c->out;
	575	(ci + n)->state = c->state;
	576	(ci + n)->link_mode = c->link_mode;
	577	if (++n >= req.conn_num)
	578	break;
	579	}
	580	hci_dev_unlock_bh(hdev);
	581
	582	cl->dev_id = hdev->id;
	583	cl->conn_num = n;
	584	size = sizeof(req) + n * sizeof(*ci);
	585
	586	hci_dev_put(hdev);
	587
	588	err = copy_to_user(arg, cl, size);
	589	kfree(cl);
	590
	591	return err ? -EFAULT : 0;
	592	}
	593
	594	int hci_get_conn_info(struct hci_dev hdev, void __user arg)
	595	{
	596	struct hci_conn_info_req req;
	597	struct hci_conn_info ci;
	598	struct hci_conn *conn;
	599	char __user *ptr = arg + sizeof(req);
	600
	601	if (copy_from_user(&req, arg, sizeof(req)))
	602	return -EFAULT;
	603
	604	hci_dev_lock_bh(hdev);
	605	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	606	if (conn) {
	607	bacpy(&ci.bdaddr, &conn->dst);
	608	ci.handle = conn->handle;
	609	ci.type = conn->type;
	610	ci.out = conn->out;
	611	ci.state = conn->state;
	612	ci.link_mode = conn->link_mode;
	613	}
	614	hci_dev_unlock_bh(hdev);
	615
	616	if (!conn)
	617	return -ENOENT;
	618
	619	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
	620	}