]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hci_conn.c
Bluetooth: Clean up logic in hci_cc_write_scan_enable
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
1da177e4
LT
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT
32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
fcd89c09
VT
48static void hci_le_connect(struct hci_conn *conn)
49{
50 struct hci_dev *hdev = conn->hdev;
51 struct hci_cp_le_create_conn cp;
52
53 conn->state = BT_CONNECT;
54 conn->out = 1;
b92a6223 55 conn->link_mode |= HCI_LM_MASTER;
7b5c0d52 56 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT
57
58 memset(&cp, 0, sizeof(cp));
0e833915
AL
59 cp.scan_interval = cpu_to_le16(0x0060);
60 cp.scan_window = cpu_to_le16(0x0030);
fcd89c09 61 bacpy(&cp.peer_addr, &conn->dst);
6d3ce0e7 62 cp.peer_addr_type = conn->dst_type;
0e833915
AL
63 cp.conn_interval_min = cpu_to_le16(0x0028);
64 cp.conn_interval_max = cpu_to_le16(0x0038);
65 cp.supervision_timeout = cpu_to_le16(0x002a);
66 cp.min_ce_len = cpu_to_le16(0x0000);
67 cp.max_ce_len = cpu_to_le16(0x0000);
fcd89c09
VT
68
69 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
70}
71
72static void hci_le_connect_cancel(struct hci_conn *conn)
73{
74 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
75}
76
4c67bc74 77void hci_acl_connect(struct hci_conn *conn)
1da177e4
LT
78{
79 struct hci_dev *hdev = conn->hdev;
80 struct inquiry_entry *ie;
81 struct hci_cp_create_conn cp;
82
83 BT_DBG("%p", conn);
84
85 conn->state = BT_CONNECT;
a8746417
MH
86 conn->out = 1;
87
1da177e4
LT
88 conn->link_mode = HCI_LM_MASTER;
89
4c67bc74
MH
90 conn->attempt++;
91
e4e8e37c
MH
92 conn->link_policy = hdev->link_policy;
93
1da177e4
LT
94 memset(&cp, 0, sizeof(cp));
95 bacpy(&cp.bdaddr, &conn->dst);
96 cp.pscan_rep_mode = 0x02;
97
70f23020
AE
98 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
99 if (ie) {
41a96212
MH
100 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
101 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
102 cp.pscan_mode = ie->data.pscan_mode;
103 cp.clock_offset = ie->data.clock_offset |
104 cpu_to_le16(0x8000);
105 }
106
1da177e4 107 memcpy(conn->dev_class, ie->data.dev_class, 3);
41a96212 108 conn->ssp_mode = ie->data.ssp_mode;
1da177e4
LT
109 }
110
a8746417 111 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 112 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 113 cp.role_switch = 0x01;
1da177e4 114 else
b6a0dc82 115 cp.role_switch = 0x00;
4c67bc74 116
a9de9248 117 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT
118}
119
6ac59344
MH
120static void hci_acl_connect_cancel(struct hci_conn *conn)
121{
122 struct hci_cp_create_conn_cancel cp;
123
124 BT_DBG("%p", conn);
125
126 if (conn->hdev->hci_ver < 2)
127 return;
128
129 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 130 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH
131}
132
1da177e4
LT
133void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134{
135 struct hci_cp_disconnect cp;
136
137 BT_DBG("%p", conn);
138
139 conn->state = BT_DISCONN;
140
aca3192c 141 cp.handle = cpu_to_le16(conn->handle);
1da177e4 142 cp.reason = reason;
a9de9248 143 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT
144}
145
146void hci_add_sco(struct hci_conn *conn, __u16 handle)
147{
148 struct hci_dev *hdev = conn->hdev;
149 struct hci_cp_add_sco cp;
150
151 BT_DBG("%p", conn);
152
153 conn->state = BT_CONNECT;
154 conn->out = 1;
155
efc7688b
MH
156 conn->attempt++;
157
aca3192c 158 cp.handle = cpu_to_le16(handle);
a8746417 159 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 160
a9de9248 161 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT
162}
163
b6a0dc82
MH
164void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165{
166 struct hci_dev *hdev = conn->hdev;
167 struct hci_cp_setup_sync_conn cp;
168
169 BT_DBG("%p", conn);
170
171 conn->state = BT_CONNECT;
172 conn->out = 1;
173
efc7688b
MH
174 conn->attempt++;
175
b6a0dc82 176 cp.handle = cpu_to_le16(handle);
a8746417 177 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH
178
179 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
180 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
181 cp.max_latency = cpu_to_le16(0xffff);
182 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
183 cp.retrans_effort = 0xff;
184
185 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
186}
187
2ce603eb
CT
188void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189 u16 latency, u16 to_multiplier)
190{
191 struct hci_cp_le_conn_update cp;
192 struct hci_dev *hdev = conn->hdev;
193
194 memset(&cp, 0, sizeof(cp));
195
196 cp.handle = cpu_to_le16(conn->handle);
197 cp.conn_interval_min = cpu_to_le16(min);
198 cp.conn_interval_max = cpu_to_le16(max);
199 cp.conn_latency = cpu_to_le16(latency);
200 cp.supervision_timeout = cpu_to_le16(to_multiplier);
201 cp.min_ce_len = cpu_to_le16(0x0001);
202 cp.max_ce_len = cpu_to_le16(0x0001);
203
204 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205}
206EXPORT_SYMBOL(hci_le_conn_update);
207
a7a595f6
VCG
208void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
209 __u8 ltk[16])
210{
211 struct hci_dev *hdev = conn->hdev;
212 struct hci_cp_le_start_enc cp;
213
214 BT_DBG("%p", conn);
215
216 memset(&cp, 0, sizeof(cp));
217
218 cp.handle = cpu_to_le16(conn->handle);
219 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220 cp.ediv = ediv;
51beabdf 221 memcpy(cp.rand, rand, sizeof(cp.rand));
a7a595f6
VCG
222
223 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224}
225EXPORT_SYMBOL(hci_le_start_enc);
226
227void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
228{
229 struct hci_dev *hdev = conn->hdev;
230 struct hci_cp_le_ltk_reply cp;
231
232 BT_DBG("%p", conn);
233
234 memset(&cp, 0, sizeof(cp));
235
236 cp.handle = cpu_to_le16(conn->handle);
237 memcpy(cp.ltk, ltk, sizeof(ltk));
238
239 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
240}
241EXPORT_SYMBOL(hci_le_ltk_reply);
242
243void hci_le_ltk_neg_reply(struct hci_conn *conn)
244{
245 struct hci_dev *hdev = conn->hdev;
246 struct hci_cp_le_ltk_neg_reply cp;
247
248 BT_DBG("%p", conn);
249
250 memset(&cp, 0, sizeof(cp));
251
252 cp.handle = cpu_to_le16(conn->handle);
253
254 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
255}
256
e73439d8
MH
257/* Device _must_ be locked */
258void hci_sco_setup(struct hci_conn *conn, __u8 status)
259{
260 struct hci_conn *sco = conn->link;
261
262 BT_DBG("%p", conn);
263
264 if (!sco)
265 return;
266
267 if (!status) {
268 if (lmp_esco_capable(conn->hdev))
269 hci_setup_sync(sco, conn->handle);
270 else
271 hci_add_sco(sco, conn->handle);
272 } else {
273 hci_proto_connect_cfm(sco, status);
274 hci_conn_del(sco);
275 }
276}
277
1da177e4
LT
278static void hci_conn_timeout(unsigned long arg)
279{
04837f64
MH
280 struct hci_conn *conn = (void *) arg;
281 struct hci_dev *hdev = conn->hdev;
2950f21a 282 __u8 reason;
1da177e4
LT
283
284 BT_DBG("conn %p state %d", conn, conn->state);
285
286 if (atomic_read(&conn->refcnt))
287 return;
288
289 hci_dev_lock(hdev);
6ac59344
MH
290
291 switch (conn->state) {
292 case BT_CONNECT:
769be974 293 case BT_CONNECT2:
fcd89c09
VT
294 if (conn->out) {
295 if (conn->type == ACL_LINK)
296 hci_acl_connect_cancel(conn);
297 else if (conn->type == LE_LINK)
298 hci_le_connect_cancel(conn);
299 }
6ac59344 300 break;
769be974 301 case BT_CONFIG:
8e87d142 302 case BT_CONNECTED:
2950f21a
MH
303 reason = hci_proto_disconn_ind(conn);
304 hci_acl_disconn(conn, reason);
6ac59344
MH
305 break;
306 default:
1da177e4 307 conn->state = BT_CLOSED;
6ac59344
MH
308 break;
309 }
310
1da177e4 311 hci_dev_unlock(hdev);
1da177e4
LT
312}
313
04837f64 314static void hci_conn_idle(unsigned long arg)
1da177e4 315{
04837f64
MH
316 struct hci_conn *conn = (void *) arg;
317
318 BT_DBG("conn %p mode %d", conn, conn->mode);
319
320 hci_conn_enter_sniff_mode(conn);
1da177e4
LT
321}
322
9f61656a
JH
323static void hci_conn_auto_accept(unsigned long arg)
324{
325 struct hci_conn *conn = (void *) arg;
326 struct hci_dev *hdev = conn->hdev;
327
328 hci_dev_lock(hdev);
329
330 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
331 &conn->dst);
332
333 hci_dev_unlock(hdev);
334}
335
1da177e4
LT
336struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
337{
338 struct hci_conn *conn;
339
340 BT_DBG("%s dst %s", hdev->name, batostr(dst));
341
04837f64
MH
342 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
343 if (!conn)
1da177e4 344 return NULL;
1da177e4
LT
345
346 bacpy(&conn->dst, dst);
a8746417
MH
347 conn->hdev = hdev;
348 conn->type = type;
349 conn->mode = HCI_CM_ACTIVE;
350 conn->state = BT_OPEN;
93f19c9f 351 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 352 conn->io_capability = hdev->io_capability;
a9583556 353 conn->remote_auth = 0xff;
13d39315 354 conn->key_type = 0xff;
1da177e4 355
04837f64 356 conn->power_save = 1;
052b30b0 357 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 358
a8746417
MH
359 switch (type) {
360 case ACL_LINK:
361 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
362 break;
363 case SCO_LINK:
364 if (lmp_esco_capable(hdev))
efc7688b
MH
365 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
366 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH
367 else
368 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
369 break;
370 case ESCO_LINK:
efc7688b 371 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH
372 break;
373 }
374
1da177e4 375 skb_queue_head_init(&conn->data_q);
04837f64 376
73d80deb
LAD
377 hci_chan_hash_init(conn);
378
b24b8a24
PE
379 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
380 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
9f61656a
JH
381 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
382 (unsigned long) conn);
1da177e4
LT
383
384 atomic_set(&conn->refcnt, 0);
385
386 hci_dev_hold(hdev);
387
388 tasklet_disable(&hdev->tx_task);
389
390 hci_conn_hash_add(hdev, conn);
391 if (hdev->notify)
392 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
393
9eba32b8
MH
394 atomic_set(&conn->devref, 0);
395
a67e899c
MH
396 hci_conn_init_sysfs(conn);
397
1da177e4
LT
398 tasklet_enable(&hdev->tx_task);
399
400 return conn;
401}
402
403int hci_conn_del(struct hci_conn *conn)
404{
405 struct hci_dev *hdev = conn->hdev;
406
407 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
408
04837f64
MH
409 del_timer(&conn->idle_timer);
410
411 del_timer(&conn->disc_timer);
1da177e4 412
9f61656a
JH
413 del_timer(&conn->auto_accept_timer);
414
5b7f9909 415 if (conn->type == ACL_LINK) {
1da177e4
LT
416 struct hci_conn *sco = conn->link;
417 if (sco)
418 sco->link = NULL;
419
420 /* Unacked frames */
421 hdev->acl_cnt += conn->sent;
6ed58ec5
VT
422 } else if (conn->type == LE_LINK) {
423 if (hdev->le_pkts)
424 hdev->le_cnt += conn->sent;
425 else
426 hdev->acl_cnt += conn->sent;
5b7f9909
MH
427 } else {
428 struct hci_conn *acl = conn->link;
429 if (acl) {
430 acl->link = NULL;
431 hci_conn_put(acl);
432 }
1da177e4
LT
433 }
434
435 tasklet_disable(&hdev->tx_task);
7d0db0a3 436
73d80deb
LAD
437 hci_chan_hash_flush(conn);
438
1da177e4
LT
439 hci_conn_hash_del(hdev, conn);
440 if (hdev->notify)
441 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 442
1da177e4 443 tasklet_enable(&hdev->tx_task);
7d0db0a3 444
1da177e4 445 skb_queue_purge(&conn->data_q);
1da177e4 446
9eba32b8 447 hci_conn_put_device(conn);
2ae9a6be 448
384943ec
MH
449 hci_dev_put(hdev);
450
163f4dab
TT
451 if (conn->handle == 0)
452 kfree(conn);
453
1da177e4
LT
454 return 0;
455}
456
457struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
458{
459 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 460 struct hci_dev *hdev = NULL, *d;
1da177e4
LT
461
462 BT_DBG("%s -> %s", batostr(src), batostr(dst));
463
464 read_lock_bh(&hci_dev_list_lock);
465
8035ded4 466 list_for_each_entry(d, &hci_dev_list, list) {
1da177e4
LT
467 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
468 continue;
469
8e87d142 470 /* Simple routing:
1da177e4
LT
471 * No source address - find interface with bdaddr != dst
472 * Source address - find interface with bdaddr == src
473 */
474
475 if (use_src) {
476 if (!bacmp(&d->bdaddr, src)) {
477 hdev = d; break;
478 }
479 } else {
480 if (bacmp(&d->bdaddr, dst)) {
481 hdev = d; break;
482 }
483 }
484 }
485
486 if (hdev)
487 hdev = hci_dev_hold(hdev);
488
489 read_unlock_bh(&hci_dev_list_lock);
490 return hdev;
491}
492EXPORT_SYMBOL(hci_get_route);
493
fcd89c09 494/* Create SCO, ACL or LE connection.
1da177e4 495 * Device _must_ be locked */
8c1b2355 496struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
1da177e4
LT
497{
498 struct hci_conn *acl;
5b7f9909 499 struct hci_conn *sco;
fcd89c09 500 struct hci_conn *le;
1da177e4
LT
501
502 BT_DBG("%s dst %s", hdev->name, batostr(dst));
503
fcd89c09 504 if (type == LE_LINK) {
eda42b50
AG
505 struct adv_entry *entry;
506
fcd89c09 507 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
15c4794f 508 if (le)
30e76272 509 return ERR_PTR(-EBUSY);
eda42b50
AG
510
511 entry = hci_find_adv_entry(hdev, dst);
512 if (!entry)
513 return ERR_PTR(-EHOSTUNREACH);
514
15c4794f 515 le = hci_conn_add(hdev, LE_LINK, dst);
fcd89c09 516 if (!le)
30e76272 517 return ERR_PTR(-ENOMEM);
893d6751 518
eda42b50
AG
519 le->dst_type = entry->bdaddr_type;
520
893d6751 521 hci_le_connect(le);
fcd89c09
VT
522
523 hci_conn_hold(le);
524
525 return le;
526 }
527
70f23020
AE
528 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
529 if (!acl) {
530 acl = hci_conn_add(hdev, ACL_LINK, dst);
531 if (!acl)
1da177e4
LT
532 return NULL;
533 }
534
535 hci_conn_hold(acl);
536
09ab6f4c 537 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH
538 acl->sec_level = BT_SECURITY_LOW;
539 acl->pending_sec_level = sec_level;
09ab6f4c 540 acl->auth_type = auth_type;
1da177e4 541 hci_acl_connect(acl);
09ab6f4c 542 }
1da177e4 543
5b7f9909
MH
544 if (type == ACL_LINK)
545 return acl;
1da177e4 546
70f23020
AE
547 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
548 if (!sco) {
549 sco = hci_conn_add(hdev, type, dst);
550 if (!sco) {
5b7f9909
MH
551 hci_conn_put(acl);
552 return NULL;
1da177e4 553 }
5b7f9909 554 }
1da177e4 555
5b7f9909
MH
556 acl->link = sco;
557 sco->link = acl;
1da177e4 558
5b7f9909 559 hci_conn_hold(sco);
1da177e4 560
5b7f9909 561 if (acl->state == BT_CONNECTED &&
b6a0dc82 562 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
c390216b 563 acl->power_save = 1;
14b12d0b 564 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 565
e73439d8
MH
566 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
567 /* defer SCO setup until mode change completed */
568 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
569 return sco;
570 }
571
572 hci_sco_setup(acl, 0x00);
b6a0dc82 573 }
5b7f9909
MH
574
575 return sco;
1da177e4
LT
576}
577EXPORT_SYMBOL(hci_connect);
578
e7c29cb1
MH
579/* Check link security requirement */
580int hci_conn_check_link_mode(struct hci_conn *conn)
581{
582 BT_DBG("conn %p", conn);
583
584 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
585 !(conn->link_mode & HCI_LM_ENCRYPT))
586 return 0;
587
588 return 1;
589}
590EXPORT_SYMBOL(hci_conn_check_link_mode);
591
1da177e4 592/* Authenticate remote device */
0684e5f9 593static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4
LT
594{
595 BT_DBG("conn %p", conn);
596
765c2a96
JH
597 if (conn->pending_sec_level > sec_level)
598 sec_level = conn->pending_sec_level;
599
96a31833 600 if (sec_level > conn->sec_level)
765c2a96 601 conn->pending_sec_level = sec_level;
96a31833 602 else if (conn->link_mode & HCI_LM_AUTH)
1da177e4
LT
603 return 1;
604
65cf686e
JH
605 /* Make sure we preserve an existing MITM requirement*/
606 auth_type |= (conn->auth_type & 0x01);
607
96a31833
MH
608 conn->auth_type = auth_type;
609
1da177e4
LT
610 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
611 struct hci_cp_auth_requested cp;
aca3192c 612 cp.handle = cpu_to_le16(conn->handle);
40be492f
MH
613 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
614 sizeof(cp), &cp);
19f8def0
WR
615 if (conn->key_type != 0xff)
616 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 617 }
8c1b2355 618
1da177e4
LT
619 return 0;
620}
1da177e4 621
13d39315
WR
622/* Encrypt the the link */
623static void hci_conn_encrypt(struct hci_conn *conn)
624{
625 BT_DBG("conn %p", conn);
626
627 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
628 struct hci_cp_set_conn_encrypt cp;
629 cp.handle = cpu_to_le16(conn->handle);
630 cp.encrypt = 0x01;
631 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
632 &cp);
633 }
634}
635
8c1b2355 636/* Enable security */
0684e5f9 637int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4
LT
638{
639 BT_DBG("conn %p", conn);
640
13d39315 641 /* For sdp we don't need the link key. */
8c1b2355
MH
642 if (sec_level == BT_SECURITY_SDP)
643 return 1;
644
13d39315
WR
645 /* For non 2.1 devices and low security level we don't need the link
646 key. */
3fdca1e1
MH
647 if (sec_level == BT_SECURITY_LOW &&
648 (!conn->ssp_mode || !conn->hdev->ssp_mode))
649 return 1;
8c1b2355 650
13d39315
WR
651 /* For other security levels we need the link key. */
652 if (!(conn->link_mode & HCI_LM_AUTH))
653 goto auth;
654
655 /* An authenticated combination key has sufficient security for any
656 security level. */
657 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
658 goto encrypt;
659
660 /* An unauthenticated combination key has sufficient security for
661 security level 1 and 2. */
662 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
663 (sec_level == BT_SECURITY_MEDIUM ||
664 sec_level == BT_SECURITY_LOW))
665 goto encrypt;
666
667 /* A combination key has always sufficient security for the security
668 levels 1 or 2. High security level requires the combination key
669 is generated using maximum PIN code length (16).
670 For pre 2.1 units. */
671 if (conn->key_type == HCI_LK_COMBINATION &&
672 (sec_level != BT_SECURITY_HIGH ||
673 conn->pin_length == 16))
674 goto encrypt;
675
676auth:
33060542 677 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
1da177e4
LT
678 return 0;
679
6fdf658c
LAD
680 if (!hci_conn_auth(conn, sec_level, auth_type))
681 return 0;
13d39315
WR
682
683encrypt:
684 if (conn->link_mode & HCI_LM_ENCRYPT)
685 return 1;
8c1b2355 686
13d39315 687 hci_conn_encrypt(conn);
1da177e4
LT
688 return 0;
689}
8c1b2355 690EXPORT_SYMBOL(hci_conn_security);
1da177e4 691
b3b1b061
WR
692/* Check secure link requirement */
693int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
694{
695 BT_DBG("conn %p", conn);
696
697 if (sec_level != BT_SECURITY_HIGH)
698 return 1; /* Accept if non-secure is required */
699
ef4177e2 700 if (conn->sec_level == BT_SECURITY_HIGH)
b3b1b061
WR
701 return 1;
702
703 return 0; /* Reject not secure link */
704}
705EXPORT_SYMBOL(hci_conn_check_secure);
706
1da177e4
LT
707/* Change link key */
708int hci_conn_change_link_key(struct hci_conn *conn)
709{
710 BT_DBG("conn %p", conn);
711
712 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
713 struct hci_cp_change_conn_link_key cp;
aca3192c 714 cp.handle = cpu_to_le16(conn->handle);
40be492f
MH
715 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
716 sizeof(cp), &cp);
1da177e4 717 }
8c1b2355 718
1da177e4
LT
719 return 0;
720}
721EXPORT_SYMBOL(hci_conn_change_link_key);
722
723/* Switch role */
8c1b2355 724int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4
LT
725{
726 BT_DBG("conn %p", conn);
727
728 if (!role && conn->link_mode & HCI_LM_MASTER)
729 return 1;
730
731 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
732 struct hci_cp_switch_role cp;
733 bacpy(&cp.bdaddr, &conn->dst);
734 cp.role = role;
a9de9248 735 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 736 }
8c1b2355 737
1da177e4
LT
738 return 0;
739}
740EXPORT_SYMBOL(hci_conn_switch_role);
741
04837f64 742/* Enter active mode */
14b12d0b 743void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH
744{
745 struct hci_dev *hdev = conn->hdev;
746
747 BT_DBG("conn %p mode %d", conn, conn->mode);
748
749 if (test_bit(HCI_RAW, &hdev->flags))
750 return;
751
14b12d0b
JG
752 if (conn->mode != HCI_CM_SNIFF)
753 goto timer;
754
755 if (!conn->power_save && !force_active)
04837f64
MH
756 goto timer;
757
758 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
759 struct hci_cp_exit_sniff_mode cp;
aca3192c 760 cp.handle = cpu_to_le16(conn->handle);
a9de9248 761 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH
762 }
763
764timer:
765 if (hdev->idle_timeout > 0)
766 mod_timer(&conn->idle_timer,
767 jiffies + msecs_to_jiffies(hdev->idle_timeout));
768}
769
770/* Enter sniff mode */
771void hci_conn_enter_sniff_mode(struct hci_conn *conn)
772{
773 struct hci_dev *hdev = conn->hdev;
774
775 BT_DBG("conn %p mode %d", conn, conn->mode);
776
777 if (test_bit(HCI_RAW, &hdev->flags))
778 return;
779
780 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
781 return;
782
783 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
784 return;
785
786 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
787 struct hci_cp_sniff_subrate cp;
aca3192c
YH
788 cp.handle = cpu_to_le16(conn->handle);
789 cp.max_latency = cpu_to_le16(0);
790 cp.min_remote_timeout = cpu_to_le16(0);
791 cp.min_local_timeout = cpu_to_le16(0);
a9de9248 792 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
04837f64
MH
793 }
794
795 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
796 struct hci_cp_sniff_mode cp;
aca3192c
YH
797 cp.handle = cpu_to_le16(conn->handle);
798 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
799 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
800 cp.attempt = cpu_to_le16(4);
801 cp.timeout = cpu_to_le16(1);
a9de9248 802 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH
803 }
804}
805
1da177e4
LT
806/* Drop all connection on the device */
807void hci_conn_hash_flush(struct hci_dev *hdev)
808{
809 struct hci_conn_hash *h = &hdev->conn_hash;
810 struct list_head *p;
811
812 BT_DBG("hdev %s", hdev->name);
813
814 p = h->list.next;
815 while (p != &h->list) {
816 struct hci_conn *c;
817
818 c = list_entry(p, struct hci_conn, list);
819 p = p->next;
820
821 c->state = BT_CLOSED;
822
2950f21a 823 hci_proto_disconn_cfm(c, 0x16);
1da177e4
LT
824 hci_conn_del(c);
825 }
826}
827
a9de9248
MH
828/* Check pending connect attempts */
829void hci_conn_check_pending(struct hci_dev *hdev)
830{
831 struct hci_conn *conn;
832
833 BT_DBG("hdev %s", hdev->name);
834
835 hci_dev_lock(hdev);
836
837 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
838 if (conn)
839 hci_acl_connect(conn);
840
841 hci_dev_unlock(hdev);
842}
843
9eba32b8
MH
844void hci_conn_hold_device(struct hci_conn *conn)
845{
846 atomic_inc(&conn->devref);
847}
848EXPORT_SYMBOL(hci_conn_hold_device);
849
850void hci_conn_put_device(struct hci_conn *conn)
851{
852 if (atomic_dec_and_test(&conn->devref))
853 hci_conn_del_sysfs(conn);
854}
855EXPORT_SYMBOL(hci_conn_put_device);
856
1da177e4
LT
857int hci_get_conn_list(void __user *arg)
858{
8035ded4 859 register struct hci_conn *c;
1da177e4
LT
860 struct hci_conn_list_req req, *cl;
861 struct hci_conn_info *ci;
862 struct hci_dev *hdev;
1da177e4
LT
863 int n = 0, size, err;
864
865 if (copy_from_user(&req, arg, sizeof(req)))
866 return -EFAULT;
867
868 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
869 return -EINVAL;
870
871 size = sizeof(req) + req.conn_num * sizeof(*ci);
872
70f23020
AE
873 cl = kmalloc(size, GFP_KERNEL);
874 if (!cl)
1da177e4
LT
875 return -ENOMEM;
876
70f23020
AE
877 hdev = hci_dev_get(req.dev_id);
878 if (!hdev) {
1da177e4
LT
879 kfree(cl);
880 return -ENODEV;
881 }
882
883 ci = cl->conn_info;
884
885 hci_dev_lock_bh(hdev);
8035ded4 886 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT
887 bacpy(&(ci + n)->bdaddr, &c->dst);
888 (ci + n)->handle = c->handle;
889 (ci + n)->type = c->type;
890 (ci + n)->out = c->out;
891 (ci + n)->state = c->state;
892 (ci + n)->link_mode = c->link_mode;
893 if (++n >= req.conn_num)
894 break;
895 }
896 hci_dev_unlock_bh(hdev);
897
898 cl->dev_id = hdev->id;
899 cl->conn_num = n;
900 size = sizeof(req) + n * sizeof(*ci);
901
902 hci_dev_put(hdev);
903
904 err = copy_to_user(arg, cl, size);
905 kfree(cl);
906
907 return err ? -EFAULT : 0;
908}
909
910int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
911{
912 struct hci_conn_info_req req;
913 struct hci_conn_info ci;
914 struct hci_conn *conn;
915 char __user *ptr = arg + sizeof(req);
916
917 if (copy_from_user(&req, arg, sizeof(req)))
918 return -EFAULT;
919
920 hci_dev_lock_bh(hdev);
921 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
922 if (conn) {
923 bacpy(&ci.bdaddr, &conn->dst);
924 ci.handle = conn->handle;
925 ci.type = conn->type;
926 ci.out = conn->out;
927 ci.state = conn->state;
928 ci.link_mode = conn->link_mode;
929 }
930 hci_dev_unlock_bh(hdev);
931
932 if (!conn)
933 return -ENOENT;
934
935 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
936}
40be492f
MH
937
938int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
939{
940 struct hci_auth_info_req req;
941 struct hci_conn *conn;
942
943 if (copy_from_user(&req, arg, sizeof(req)))
944 return -EFAULT;
945
946 hci_dev_lock_bh(hdev);
947 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
948 if (conn)
949 req.type = conn->auth_type;
950 hci_dev_unlock_bh(hdev);
951
952 if (!conn)
953 return -ENOENT;
954
955 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
956}
73d80deb
LAD
957
958struct hci_chan *hci_chan_create(struct hci_conn *conn)
959{
960 struct hci_dev *hdev = conn->hdev;
961 struct hci_chan *chan;
962
963 BT_DBG("%s conn %p", hdev->name, conn);
964
965 chan = kzalloc(sizeof(struct hci_chan), GFP_ATOMIC);
966 if (!chan)
967 return NULL;
968
969 chan->conn = conn;
970 skb_queue_head_init(&chan->data_q);
971
972 tasklet_disable(&hdev->tx_task);
973 hci_chan_hash_add(conn, chan);
974 tasklet_enable(&hdev->tx_task);
975
976 return chan;
977}
978
979int hci_chan_del(struct hci_chan *chan)
980{
981 struct hci_conn *conn = chan->conn;
982 struct hci_dev *hdev = conn->hdev;
983
984 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
985
986 tasklet_disable(&hdev->tx_task);
987 hci_chan_hash_del(conn, chan);
988 tasklet_enable(&hdev->tx_task);
989
990 skb_queue_purge(&chan->data_q);
991 kfree(chan);
992
993 return 0;
994}
995
996void hci_chan_hash_flush(struct hci_conn *conn)
997{
998 struct hci_chan_hash *h = &conn->chan_hash;
999 struct hci_chan *chan, *tmp;
1000
1001 BT_DBG("conn %p", conn);
1002
1003 list_for_each_entry_safe(chan, tmp, &h->list, list)
1004 hci_chan_del(chan);
1005}