]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hci_conn.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix setting correct security level when initiating SMP
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
4bc58f51 31#include <net/bluetooth/l2cap.h>
1da177e4 32
ac4b7236 33#include "smp.h"
7024728e
MH		 34#include "a2mp.h"
35
2dea632f
FD		 36struct sco_param {
37 u16 pkt_type;
38 u16 max_latency;
39};
40
41static const struct sco_param sco_param_cvsd[] = {
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
44 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
45 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
46 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
47};
48
49static const struct sco_param sco_param_wideband[] = {
50 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
51 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
52};
53
1aef8669 54static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 55{
56 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
57}
58
1aef8669 59static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 60{
61 struct hci_dev *hdev = conn->hdev;
62 struct inquiry_entry *ie;
63 struct hci_cp_create_conn cp;
64
42d2d87c 65 BT_DBG("hcon %p", conn);
1da177e4
LT		 66
67 conn->state = BT_CONNECT;
a0c808b3 68 conn->out = true;
40bef302 69 conn->role = HCI_ROLE_MASTER;
1da177e4 70
4c67bc74
MH		 71 conn->attempt++;
72
e4e8e37c
MH		 73 conn->link_policy = hdev->link_policy;
74
1da177e4
LT		 75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
70f23020
AE		 79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
41a96212
MH		 81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 85 cpu_to_le16(0x8000);
41a96212
MH		 86 }
87
1da177e4 88 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 91 }
92
a8746417 93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 95 cp.role_switch = 0x01;
1da177e4 96 else
b6a0dc82 97 cp.role_switch = 0x00;
4c67bc74 98
a9de9248 99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 100}
101
1aef8669 102static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 103{
104 struct hci_cp_create_conn_cancel cp;
105
38b3fef1 106 BT_DBG("hcon %p", conn);
6ac59344 107
d095c1eb 108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 113}
114
93796fa6
CT		 115static void hci_reject_sco(struct hci_conn *conn)
116{
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123}
124
e3b679d5 125int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 126{
127 struct hci_cp_disconnect cp;
128
38b3fef1 129 BT_DBG("hcon %p", conn);
1da177e4 130
839035a7
JH		 131 /* When we are master of an established connection and it enters
132 * the disconnect timeout, then go ahead and try to read the
133 * current clock offset. Processing of the result is done
134 * within the event handling and hci_clock_offset_evt function.
135 */
136 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) {
137 struct hci_dev *hdev = conn->hdev;
138 struct hci_cp_read_clock_offset cp;
139
140 cp.handle = cpu_to_le16(conn->handle);
141 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(cp), &cp);
142 }
143
1da177e4
LT		 144 conn->state = BT_DISCONN;
145
aca3192c 146 cp.handle = cpu_to_le16(conn->handle);
1da177e4 147 cp.reason = reason;
e3b679d5 148 return hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 149}
150
a2b1976b 151static void hci_amp_disconn(struct hci_conn *conn)
53502d69
AE		 152{
153 struct hci_cp_disconn_phy_link cp;
154
155 BT_DBG("hcon %p", conn);
156
157 conn->state = BT_DISCONN;
158
159 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
a2b1976b 160 cp.reason = hci_proto_disconn_ind(conn);
53502d69
AE		 161 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
162 sizeof(cp), &cp);
163}
164
57f5d0d1 165static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 166{
167 struct hci_dev *hdev = conn->hdev;
168 struct hci_cp_add_sco cp;
169
38b3fef1 170 BT_DBG("hcon %p", conn);
1da177e4
LT		 171
172 conn->state = BT_CONNECT;
a0c808b3 173 conn->out = true;
1da177e4 174
efc7688b
MH		 175 conn->attempt++;
176
aca3192c 177 cp.handle = cpu_to_le16(handle);
a8746417 178 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 179
a9de9248 180 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 181}
182
2dea632f 183bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 184{
185 struct hci_dev *hdev = conn->hdev;
186 struct hci_cp_setup_sync_conn cp;
2dea632f 187 const struct sco_param *param;
b6a0dc82 188
38b3fef1 189 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 190
191 conn->state = BT_CONNECT;
a0c808b3 192 conn->out = true;
b6a0dc82 193
efc7688b
MH		 194 conn->attempt++;
195
b6a0dc82 196 cp.handle = cpu_to_le16(handle);
b6a0dc82 197
dcf4adbf
JP		 198 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
199 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 200 cp.voice_setting = cpu_to_le16(conn->setting);
201
202 switch (conn->setting & SCO_AIRMODE_MASK) {
203 case SCO_AIRMODE_TRANSP:
2dea632f
FD		 204 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
205 return false;
10c62ddc 206 cp.retrans_effort = 0x02;
2dea632f 207 param = &sco_param_wideband[conn->attempt - 1];
10c62ddc
FD		 208 break;
209 case SCO_AIRMODE_CVSD:
2dea632f
FD		 210 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
211 return false;
212 cp.retrans_effort = 0x01;
213 param = &sco_param_cvsd[conn->attempt - 1];
10c62ddc 214 break;
2dea632f
FD		 215 default:
216 return false;
10c62ddc 217 }
b6a0dc82 218
2dea632f
FD		 219 cp.pkt_type = __cpu_to_le16(param->pkt_type);
220 cp.max_latency = __cpu_to_le16(param->max_latency);
221
222 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
223 return false;
224
225 return true;
b6a0dc82
MH		 226}
227
7d6ca693
JH		 228u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
229 u16 to_multiplier)
2ce603eb 230{
2ce603eb 231 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 232 struct hci_conn_params *params;
233 struct hci_cp_le_conn_update cp;
2ce603eb 234
f044eb05 235 hci_dev_lock(hdev);
2ce603eb 236
f044eb05
MH		 237 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
238 if (params) {
239 params->conn_min_interval = min;
240 params->conn_max_interval = max;
241 params->conn_latency = latency;
242 params->supervision_timeout = to_multiplier;
243 }
244
245 hci_dev_unlock(hdev);
246
247 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 248 cp.handle = cpu_to_le16(conn->handle);
249 cp.conn_interval_min = cpu_to_le16(min);
250 cp.conn_interval_max = cpu_to_le16(max);
251 cp.conn_latency = cpu_to_le16(latency);
252 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 253 cp.min_ce_len = cpu_to_le16(0x0000);
254 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 255
256 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 257
258 if (params)
259 return 0x01;
260
261 return 0x00;
2ce603eb 262}
2ce603eb 263
fe39c7b2 264void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 265 __u8 ltk[16])
a7a595f6
VCG		 266{
267 struct hci_dev *hdev = conn->hdev;
268 struct hci_cp_le_start_enc cp;
269
38b3fef1 270 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 271
272 memset(&cp, 0, sizeof(cp));
273
274 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 275 cp.rand = rand;
a7a595f6 276 cp.ediv = ediv;
fe39c7b2 277 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG		 278
279 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
280}
a7a595f6 281
e73439d8
MH		 282/* Device _must_ be locked */
283void hci_sco_setup(struct hci_conn *conn, __u8 status)
284{
285 struct hci_conn *sco = conn->link;
286
e73439d8
MH		 287 if (!sco)
288 return;
289
38b3fef1
AE		 290 BT_DBG("hcon %p", conn);
291
e73439d8
MH		 292 if (!status) {
293 if (lmp_esco_capable(conn->hdev))
294 hci_setup_sync(sco, conn->handle);
295 else
296 hci_add_sco(sco, conn->handle);
297 } else {
298 hci_proto_connect_cfm(sco, status);
299 hci_conn_del(sco);
300 }
301}
302
19c40e3b 303static void hci_conn_timeout(struct work_struct *work)
1da177e4 304{
19c40e3b 305 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 306 disc_work.work);
1d56dc4f 307 int refcnt = atomic_read(&conn->refcnt);
1da177e4 308
38b3fef1 309 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 310
1d56dc4f
LR		 311 WARN_ON(refcnt < 0);
312
313 /* FIXME: It was observed that in pairing failed scenario, refcnt
314 * drops below 0. Probably this is because l2cap_conn_del calls
315 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
316 * dropped. After that loop hci_chan_del is called which also drops
317 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
318 * otherwise drop it.
319 */
320 if (refcnt > 0)
1da177e4
LT		 321 return;
322
6ac59344
MH		 323 switch (conn->state) {
324 case BT_CONNECT:
769be974 325 case BT_CONNECT2:
fcd89c09
VT		 326 if (conn->out) {
327 if (conn->type == ACL_LINK)
1aef8669 328 hci_acl_create_connection_cancel(conn);
fcd89c09 329 else if (conn->type == LE_LINK)
1aef8669 330 hci_le_create_connection_cancel(conn);
93796fa6
CT		 331 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
332 hci_reject_sco(conn);
fcd89c09 333 }
6ac59344 334 break;
769be974 335 case BT_CONFIG:
8e87d142 336 case BT_CONNECTED:
40051e46
MH		 337 if (conn->type == AMP_LINK) {
338 hci_amp_disconn(conn);
339 } else {
340 __u8 reason = hci_proto_disconn_ind(conn);
341 hci_disconnect(conn, reason);
342 }
6ac59344
MH		 343 break;
344 default:
1da177e4 345 conn->state = BT_CLOSED;
6ac59344
MH		 346 break;
347 }
1da177e4
LT		 348}
349
416dc94b 350/* Enter sniff mode */
a74a84f6 351static void hci_conn_idle(struct work_struct *work)
416dc94b 352{
a74a84f6
JH		 353 struct hci_conn *conn = container_of(work, struct hci_conn,
354 idle_work.work);
416dc94b
GP		 355 struct hci_dev *hdev = conn->hdev;
356
38b3fef1 357 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 358
416dc94b
GP		 359 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
360 return;
361
362 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
363 return;
364
365 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
366 struct hci_cp_sniff_subrate cp;
367 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 368 cp.max_latency = cpu_to_le16(0);
369 cp.min_remote_timeout = cpu_to_le16(0);
370 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 371 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
372 }
373
51a8efd7 374 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 375 struct hci_cp_sniff_mode cp;
376 cp.handle = cpu_to_le16(conn->handle);
377 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
378 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 379 cp.attempt = cpu_to_le16(4);
380 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 381 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
382 }
383}
384
7bc18d9d 385static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 386{
7bc18d9d
JH		 387 struct hci_conn *conn = container_of(work, struct hci_conn,
388 auto_accept_work.work);
9f61656a 389
7bc18d9d 390 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 391 &conn->dst);
9f61656a
JH		 392}
393
9489eca4
JH		 394static void le_conn_timeout(struct work_struct *work)
395{
396 struct hci_conn *conn = container_of(work, struct hci_conn,
397 le_conn_timeout.work);
3c857757 398 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 399
400 BT_DBG("");
401
3c857757
JH		 402 /* We could end up here due to having done directed advertising,
403 * so clean up the state if necessary. This should however only
404 * happen with broken hardware or if low duty cycle was used
405 * (which doesn't have a timeout of its own).
406 */
407 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
408 u8 enable = 0x00;
409 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
410 &enable);
411 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
412 return;
413 }
414
9489eca4
JH		 415 hci_le_create_connection_cancel(conn);
416}
417
a5c4e309
JH		 418struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
419 u8 role)
1da177e4
LT		 420{
421 struct hci_conn *conn;
422
6ed93dc6 423 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 424
27f70f3e 425 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 426 if (!conn)
1da177e4 427 return NULL;
1da177e4
LT		 428
429 bacpy(&conn->dst, dst);
662e8820 430 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 431 conn->hdev = hdev;
432 conn->type = type;
a5c4e309 433 conn->role = role;
a8746417
MH		 434 conn->mode = HCI_CM_ACTIVE;
435 conn->state = BT_OPEN;
93f19c9f 436 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 437 conn->io_capability = hdev->io_capability;
a9583556 438 conn->remote_auth = 0xff;
13d39315 439 conn->key_type = 0xff;
5a134fae 440 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 441 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 442
58a681ef 443 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 444 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 445
a5c4e309
JH		 446 if (conn->role == HCI_ROLE_MASTER)
447 conn->out = true;
448
a8746417
MH		 449 switch (type) {
450 case ACL_LINK:
451 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
452 break;
9c84d1da
JH		 453 case LE_LINK:
454 /* conn->src should reflect the local identity address */
455 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
456 break;
a8746417
MH		 457 case SCO_LINK:
458 if (lmp_esco_capable(hdev))
efc7688b
MH		 459 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
460 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 461 else
462 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
463 break;
464 case ESCO_LINK:
efc7688b 465 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 466 break;
467 }
468
1da177e4 469 skb_queue_head_init(&conn->data_q);
04837f64 470
70c1f20b 471 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 472
19c40e3b 473 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 474 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 475 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 476 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 477
478 atomic_set(&conn->refcnt, 0);
479
480 hci_dev_hold(hdev);
481
1da177e4 482 hci_conn_hash_add(hdev, conn);
3c54711c 483 if (hdev->notify)
1da177e4
LT		 484 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
485
a67e899c
MH		 486 hci_conn_init_sysfs(conn);
487
1da177e4
LT		 488 return conn;
489}
490
491int hci_conn_del(struct hci_conn *conn)
492{
493 struct hci_dev *hdev = conn->hdev;
494
38b3fef1 495 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 496
19c40e3b 497 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 498 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 499 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 500
5b7f9909 501 if (conn->type == ACL_LINK) {
1da177e4
LT		 502 struct hci_conn *sco = conn->link;
503 if (sco)
504 sco->link = NULL;
505
506 /* Unacked frames */
507 hdev->acl_cnt += conn->sent;
6ed58ec5 508 } else if (conn->type == LE_LINK) {
9489eca4
JH		 509 cancel_delayed_work_sync(&conn->le_conn_timeout);
510
6ed58ec5
VT		 511 if (hdev->le_pkts)
512 hdev->le_cnt += conn->sent;
513 else
514 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 515 } else {
516 struct hci_conn *acl = conn->link;
517 if (acl) {
518 acl->link = NULL;
76a68ba0 519 hci_conn_drop(acl);
5b7f9909 520 }
1da177e4
LT		 521 }
522
2c33c06a 523 hci_chan_list_flush(conn);
73d80deb 524
9740e49d
AE		 525 if (conn->amp_mgr)
526 amp_mgr_put(conn->amp_mgr);
527
1da177e4 528 hci_conn_hash_del(hdev, conn);
3c54711c 529 if (hdev->notify)
1da177e4 530 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 531
1da177e4 532 skb_queue_purge(&conn->data_q);
1da177e4 533
fc225c3f 534 hci_conn_del_sysfs(conn);
2ae9a6be 535
384943ec
MH		 536 hci_dev_put(hdev);
537
8d12356f 538 hci_conn_put(conn);
163f4dab 539
1da177e4
LT		 540 return 0;
541}
542
543struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
544{
545 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 546 struct hci_dev *hdev = NULL, *d;
1da177e4 547
6ed93dc6 548 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 549
f20d09d5 550 read_lock(&hci_dev_list_lock);
1da177e4 551
8035ded4 552 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 553 if (!test_bit(HCI_UP, &d->flags) ||
af750e94 554 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 555 d->dev_type != HCI_BREDR)
1da177e4
LT		 556 continue;
557
8e87d142 558 /* Simple routing:
1da177e4
LT		 559 * No source address - find interface with bdaddr != dst
560 * Source address - find interface with bdaddr == src
561 */
562
563 if (use_src) {
564 if (!bacmp(&d->bdaddr, src)) {
565 hdev = d; break;
566 }
567 } else {
568 if (bacmp(&d->bdaddr, dst)) {
569 hdev = d; break;
570 }
571 }
572 }
573
574 if (hdev)
575 hdev = hci_dev_hold(hdev);
576
f20d09d5 577 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 578 return hdev;
579}
580EXPORT_SYMBOL(hci_get_route);
581
9bb3c01f 582/* This function requires the caller holds hdev->lock */
06c053fb 583void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 584{
585 struct hci_dev *hdev = conn->hdev;
f161dd41
JH		 586 struct hci_conn_params *params;
587
588 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
589 conn->dst_type);
590 if (params && params->conn) {
591 hci_conn_drop(params->conn);
f8aaf9b6 592 hci_conn_put(params->conn);
f161dd41
JH		 593 params->conn = NULL;
594 }
9bb3c01f
AG		 595
596 conn->state = BT_CLOSED;
597
598 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
599 status);
600
601 hci_proto_connect_cfm(conn, status);
602
603 hci_conn_del(conn);
a4790dbd
AG		 604
605 /* Since we may have temporarily stopped the background scanning in
606 * favor of connection establishment, we should restart it.
607 */
608 hci_update_background_scan(hdev);
3c857757
JH		 609
610 /* Re-enable advertising in case this was a failed connection
611 * attempt as a peripheral.
612 */
613 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 614}
615
1d399ae5
AG		 616static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
617{
618 struct hci_conn *conn;
619
620 if (status == 0)
621 return;
622
623 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
624 status);
625
626 hci_dev_lock(hdev);
627
628 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
629 if (!conn)
630 goto done;
631
06c053fb 632 hci_le_conn_failed(conn, status);
1d399ae5
AG		 633
634done:
635 hci_dev_unlock(hdev);
636}
637
2acf3d90
AG		 638static void hci_req_add_le_create_conn(struct hci_request *req,
639 struct hci_conn *conn)
640{
641 struct hci_cp_le_create_conn cp;
642 struct hci_dev *hdev = conn->hdev;
643 u8 own_addr_type;
644
645 memset(&cp, 0, sizeof(cp));
646
647 /* Update random address, but set require_privacy to false so
648 * that we never connect with an unresolvable address.
649 */
650 if (hci_update_random_address(req, false, &own_addr_type))
651 return;
652
2acf3d90
AG		 653 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
654 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
655 bacpy(&cp.peer_addr, &conn->dst);
656 cp.peer_addr_type = conn->dst_type;
657 cp.own_address_type = own_addr_type;
658 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
659 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
037fc415
MH		 660 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
661 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
dcf4adbf
JP		 662 cp.min_ce_len = cpu_to_le16(0x0000);
663 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 664
665 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 666
667 conn->state = BT_CONNECT;
2acf3d90
AG		 668}
669
3c857757
JH		 670static void hci_req_directed_advertising(struct hci_request *req,
671 struct hci_conn *conn)
672{
673 struct hci_dev *hdev = req->hdev;
674 struct hci_cp_le_set_adv_param cp;
675 u8 own_addr_type;
676 u8 enable;
677
5ce194c4 678 /* Clear the HCI_LE_ADV bit temporarily so that the
3c857757
JH		 679 * hci_update_random_address knows that it's safe to go ahead
680 * and write a new random address. The flag will be set back on
681 * as soon as the SET_ADV_ENABLE HCI command completes.
682 */
5ce194c4 683 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 684
685 /* Set require_privacy to false so that the remote device has a
686 * chance of identifying us.
687 */
688 if (hci_update_random_address(req, false, &own_addr_type) < 0)
689 return;
690
691 memset(&cp, 0, sizeof(cp));
692 cp.type = LE_ADV_DIRECT_IND;
693 cp.own_address_type = own_addr_type;
694 cp.direct_addr_type = conn->dst_type;
695 bacpy(&cp.direct_addr, &conn->dst);
696 cp.channel_map = hdev->le_adv_channel_map;
697
698 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
699
700 enable = 0x01;
701 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
702
703 conn->state = BT_CONNECT;
704}
705
04a6c589 706struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
cdd6275e 707 u8 dst_type, u8 sec_level, u16 conn_timeout,
e804d25d 708 u8 role)
1da177e4 709{
4292f1f3 710 struct hci_conn_params *params;
f1e5d547 711 struct hci_conn *conn;
1ebfcc1f 712 struct smp_irk *irk;
2acf3d90 713 struct hci_request req;
1d399ae5 714 int err;
1da177e4 715
620ad521
AG		 716 /* Some devices send ATT messages as soon as the physical link is
717 * established. To be able to handle these ATT messages, the user-
718 * space first establishes the connection and then starts the pairing
719 * process.
720 *
721 * So if a hci_conn object already exists for the following connection
722 * attempt, we simply update pending_sec_level and auth_type fields
723 * and return the object found.
724 */
f1e5d547 725 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 726 if (conn) {
727 conn->pending_sec_level = sec_level;
620ad521
AG		 728 goto done;
729 }
dfc94dbd 730
620ad521
AG		 731 /* Since the controller supports only one LE connection attempt at a
732 * time, we return -EBUSY if there is any connection attempt running.
733 */
734 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
735 if (conn)
736 return ERR_PTR(-EBUSY);
46a190cb 737
edb4b466
MH		 738 /* When given an identity address with existing identity
739 * resolving key, the connection needs to be established
740 * to a resolvable random address.
741 *
742 * This uses the cached random resolvable address from
743 * a previous scan. When no cached address is available,
744 * try connecting to the identity address instead.
745 *
746 * Storing the resolvable random address is required here
747 * to handle connection failures. The address will later
748 * be resolved back into the original identity address
749 * from the connect request.
750 */
1ebfcc1f
JH		 751 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
752 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
753 dst = &irk->rpa;
754 dst_type = ADDR_LE_DEV_RANDOM;
755 }
756
a5c4e309 757 conn = hci_conn_add(hdev, LE_LINK, dst, role);
620ad521
AG		 758 if (!conn)
759 return ERR_PTR(-ENOMEM);
9f0caeb1 760
1ebfcc1f 761 conn->dst_type = dst_type;
620ad521 762 conn->sec_level = BT_SECURITY_LOW;
f1e5d547 763 conn->pending_sec_level = sec_level;
09ae260b 764 conn->conn_timeout = conn_timeout;
4292f1f3 765
3c857757
JH		 766 hci_req_init(&req, hdev);
767
376f54c1
JH		 768 /* Disable advertising if we're active. For master role
769 * connections most controllers will refuse to connect if
770 * advertising is enabled, and for slave role connections we
771 * anyway have to disable it in order to start directed
772 * advertising.
773 */
774 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
775 u8 enable = 0x00;
776 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
777 &enable);
778 }
779
cdd6275e 780 /* If requested to connect as slave use directed advertising */
e804d25d 781 if (conn->role == HCI_ROLE_SLAVE) {
e8bb6b97
JH		 782 /* If we're active scanning most controllers are unable
783 * to initiate advertising. Simply reject the attempt.
784 */
785 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
786 hdev->le_scan_type == LE_SCAN_ACTIVE) {
787 skb_queue_purge(&req.cmd_q);
788 hci_conn_del(conn);
789 return ERR_PTR(-EBUSY);
790 }
791
3c857757
JH		 792 hci_req_directed_advertising(&req, conn);
793 goto create_conn;
794 }
795
4292f1f3
AG		 796 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
797 if (params) {
798 conn->le_conn_min_interval = params->conn_min_interval;
799 conn->le_conn_max_interval = params->conn_max_interval;
037fc415
MH		 800 conn->le_conn_latency = params->conn_latency;
801 conn->le_supv_timeout = params->supervision_timeout;
4292f1f3
AG		 802 } else {
803 conn->le_conn_min_interval = hdev->le_conn_min_interval;
804 conn->le_conn_max_interval = hdev->le_conn_max_interval;
04fb7d90
MH		 805 conn->le_conn_latency = hdev->le_conn_latency;
806 conn->le_supv_timeout = hdev->le_supv_timeout;
4292f1f3 807 }
eda42b50 808
2acf3d90 809 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 810 * not able to scan and connect at the same time. Also set the
811 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
812 * handler for scan disabling knows to set the correct discovery
813 * state.
2acf3d90
AG		 814 */
815 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
816 hci_req_add_le_scan_disable(&req);
81ad6fd9 817 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG		 818 }
819
81ad6fd9
JH		 820 hci_req_add_le_create_conn(&req, conn);
821
3c857757 822create_conn:
81ad6fd9 823 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 824 if (err) {
825 hci_conn_del(conn);
620ad521 826 return ERR_PTR(err);
2acf3d90 827 }
fcd89c09 828
620ad521
AG		 829done:
830 hci_conn_hold(conn);
f1e5d547 831 return conn;
d04aef4c 832}
fcd89c09 833
04a6c589
AG		 834struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
835 u8 sec_level, u8 auth_type)
1da177e4
LT		 836{
837 struct hci_conn *acl;
fcd89c09 838
56f87901 839 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
beb19e4c 840 return ERR_PTR(-EOPNOTSUPP);
56f87901 841
70f23020
AE		 842 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
843 if (!acl) {
a5c4e309 844 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 845 if (!acl)
48c7aba9 846 return ERR_PTR(-ENOMEM);
1da177e4
LT		 847 }
848
849 hci_conn_hold(acl);
850
09ab6f4c 851 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 852 acl->sec_level = BT_SECURITY_LOW;
853 acl->pending_sec_level = sec_level;
09ab6f4c 854 acl->auth_type = auth_type;
1aef8669 855 hci_acl_create_connection(acl);
09ab6f4c 856 }
1da177e4 857
db474275
VCG		 858 return acl;
859}
860
10c62ddc
FD		 861struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
862 __u16 setting)
db474275
VCG		 863{
864 struct hci_conn *acl;
865 struct hci_conn *sco;
866
e660ed6c 867 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 868 if (IS_ERR(acl))
5b7f9909 869 return acl;
1da177e4 870
70f23020
AE		 871 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
872 if (!sco) {
a5c4e309 873 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 874 if (!sco) {
76a68ba0 875 hci_conn_drop(acl);
48c7aba9 876 return ERR_PTR(-ENOMEM);
1da177e4 877 }
5b7f9909 878 }
1da177e4 879
5b7f9909
MH		 880 acl->link = sco;
881 sco->link = acl;
1da177e4 882
5b7f9909 883 hci_conn_hold(sco);
1da177e4 884
10c62ddc
FD		 885 sco->setting = setting;
886
5b7f9909 887 if (acl->state == BT_CONNECTED &&
5974e4c4 888 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 889 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 890 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 891
51a8efd7 892 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 893 /* defer SCO setup until mode change completed */
51a8efd7 894 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 895 return sco;
896 }
897
898 hci_sco_setup(acl, 0x00);
b6a0dc82 899 }
5b7f9909
MH		 900
901 return sco;
1da177e4 902}
1da177e4 903
e7c29cb1
MH		 904/* Check link security requirement */
905int hci_conn_check_link_mode(struct hci_conn *conn)
906{
38b3fef1 907 BT_DBG("hcon %p", conn);
e7c29cb1 908
40b552aa
MH		 909 /* In Secure Connections Only mode, it is required that Secure
910 * Connections is used and the link is encrypted with AES-CCM
911 * using a P-256 authenticated combination key.
912 */
913 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
914 if (!hci_conn_sc_enabled(conn) ||
915 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
916 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
917 return 0;
918 }
919
4dae2798
JH		 920 if (hci_conn_ssp_enabled(conn) &&
921 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 922 return 0;
923
924 return 1;
925}
e7c29cb1 926
1da177e4 927/* Authenticate remote device */
0684e5f9 928static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 929{
38b3fef1 930 BT_DBG("hcon %p", conn);
1da177e4 931
765c2a96
JH		 932 if (conn->pending_sec_level > sec_level)
933 sec_level = conn->pending_sec_level;
934
96a31833 935 if (sec_level > conn->sec_level)
765c2a96 936 conn->pending_sec_level = sec_level;
4dae2798 937 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 938 return 1;
939
65cf686e
JH		 940 /* Make sure we preserve an existing MITM requirement*/
941 auth_type |= (conn->auth_type & 0x01);
942
96a31833
MH		 943 conn->auth_type = auth_type;
944
51a8efd7 945 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 946 struct hci_cp_auth_requested cp;
b7d05bad 947
aca3192c 948 cp.handle = cpu_to_le16(conn->handle);
40be492f 949 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 950 sizeof(cp), &cp);
09da1f34
JH		 951
952 /* If we're already encrypted set the REAUTH_PEND flag,
953 * otherwise set the ENCRYPT_PEND.
954 */
4dae2798 955 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 956 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 957 else
958 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 959 }
8c1b2355 960
1da177e4
LT		 961 return 0;
962}
1da177e4 963
13d39315
WR		 964/* Encrypt the the link */
965static void hci_conn_encrypt(struct hci_conn *conn)
966{
38b3fef1 967 BT_DBG("hcon %p", conn);
13d39315 968
51a8efd7 969 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 970 struct hci_cp_set_conn_encrypt cp;
971 cp.handle = cpu_to_le16(conn->handle);
972 cp.encrypt = 0x01;
973 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 974 &cp);
13d39315
WR		 975 }
976}
977
8c1b2355 978/* Enable security */
e7cafc45
JH		 979int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
980 bool initiator)
1da177e4 981{
38b3fef1 982 BT_DBG("hcon %p", conn);
1da177e4 983
d8343f12
VCG		 984 if (conn->type == LE_LINK)
985 return smp_conn_security(conn, sec_level);
986
13d39315 987 /* For sdp we don't need the link key. */
8c1b2355
MH		 988 if (sec_level == BT_SECURITY_SDP)
989 return 1;
990
13d39315
WR		 991 /* For non 2.1 devices and low security level we don't need the link
992 key. */
aa64a8b5 993 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 994 return 1;
8c1b2355 995
13d39315 996 /* For other security levels we need the link key. */
4dae2798 997 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 998 goto auth;
999
7b5a9241
MH		 1000 /* An authenticated FIPS approved combination key has sufficient
1001 * security for security level 4. */
1002 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1003 sec_level == BT_SECURITY_FIPS)
1004 goto encrypt;
1005
1006 /* An authenticated combination key has sufficient security for
1007 security level 3. */
1008 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1009 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1010 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 1011 goto encrypt;
1012
1013 /* An unauthenticated combination key has sufficient security for
1014 security level 1 and 2. */
66138ce8
MH		 1015 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1016 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 1017 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 1018 goto encrypt;
1019
1020 /* A combination key has always sufficient security for the security
1021 levels 1 or 2. High security level requires the combination key
1022 is generated using maximum PIN code length (16).
1023 For pre 2.1 units. */
1024 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 1025 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1026 conn->pin_length == 16))
13d39315
WR		 1027 goto encrypt;
1028
1029auth:
51a8efd7 1030 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 1031 return 0;
1032
977f8fce
JH		 1033 if (initiator)
1034 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1035
6fdf658c
LAD		 1036 if (!hci_conn_auth(conn, sec_level, auth_type))
1037 return 0;
13d39315
WR		 1038
1039encrypt:
4dae2798 1040 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 1041 return 1;
8c1b2355 1042
13d39315 1043 hci_conn_encrypt(conn);
1da177e4
LT		 1044 return 0;
1045}
8c1b2355 1046EXPORT_SYMBOL(hci_conn_security);
1da177e4 1047
b3b1b061
WR		 1048/* Check secure link requirement */
1049int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1050{
38b3fef1 1051 BT_DBG("hcon %p", conn);
b3b1b061 1052
9cb2e030
MH		 1053 /* Accept if non-secure or higher security level is required */
1054 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1055 return 1;
b3b1b061 1056
9cb2e030
MH		 1057 /* Accept if secure or higher security level is already present */
1058 if (conn->sec_level == BT_SECURITY_HIGH ||
1059 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 1060 return 1;
1061
9cb2e030
MH		 1062 /* Reject not secure link */
1063 return 0;
b3b1b061
WR		 1064}
1065EXPORT_SYMBOL(hci_conn_check_secure);
1066
1da177e4
LT		 1067/* Change link key */
1068int hci_conn_change_link_key(struct hci_conn *conn)
1069{
38b3fef1 1070 BT_DBG("hcon %p", conn);
1da177e4 1071
51a8efd7 1072 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1073 struct hci_cp_change_conn_link_key cp;
aca3192c 1074 cp.handle = cpu_to_le16(conn->handle);
40be492f 1075 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1076 sizeof(cp), &cp);
1da177e4 1077 }
8c1b2355 1078
1da177e4
LT		 1079 return 0;
1080}
1da177e4
LT		 1081
1082/* Switch role */
8c1b2355 1083int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1084{
38b3fef1 1085 BT_DBG("hcon %p", conn);
1da177e4 1086
40bef302 1087 if (role == conn->role)
1da177e4
LT		 1088 return 1;
1089
51a8efd7 1090 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1091 struct hci_cp_switch_role cp;
1092 bacpy(&cp.bdaddr, &conn->dst);
1093 cp.role = role;
a9de9248 1094 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1095 }
8c1b2355 1096
1da177e4
LT		 1097 return 0;
1098}
1099EXPORT_SYMBOL(hci_conn_switch_role);
1100
04837f64 1101/* Enter active mode */
14b12d0b 1102void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1103{
1104 struct hci_dev *hdev = conn->hdev;
1105
38b3fef1 1106 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 1107
14b12d0b
JG		 1108 if (conn->mode != HCI_CM_SNIFF)
1109 goto timer;
1110
58a681ef 1111 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1112 goto timer;
1113
51a8efd7 1114 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1115 struct hci_cp_exit_sniff_mode cp;
aca3192c 1116 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1117 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1118 }
1119
1120timer:
1121 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1122 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1123 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1124}
1125
1da177e4
LT		 1126/* Drop all connection on the device */
1127void hci_conn_hash_flush(struct hci_dev *hdev)
1128{
1129 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1130 struct hci_conn *c, *n;
1da177e4
LT		 1131
1132 BT_DBG("hdev %s", hdev->name);
1133
3c4e0df0 1134 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1135 c->state = BT_CLOSED;
1136
9f5a0d7b 1137 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1138 hci_conn_del(c);
1139 }
1140}
1141
a9de9248
MH		 1142/* Check pending connect attempts */
1143void hci_conn_check_pending(struct hci_dev *hdev)
1144{
1145 struct hci_conn *conn;
1146
1147 BT_DBG("hdev %s", hdev->name);
1148
1149 hci_dev_lock(hdev);
1150
1151 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1152 if (conn)
1aef8669 1153 hci_acl_create_connection(conn);
a9de9248
MH		 1154
1155 hci_dev_unlock(hdev);
1156}
1157
4dae2798
JH		 1158static u32 get_link_mode(struct hci_conn *conn)
1159{
1160 u32 link_mode = 0;
1161
40bef302 1162 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 1163 link_mode |= HCI_LM_MASTER;
1164
1165 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1166 link_mode |= HCI_LM_ENCRYPT;
1167
1168 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1169 link_mode |= HCI_LM_AUTH;
1170
1171 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1172 link_mode |= HCI_LM_SECURE;
1173
1174 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1175 link_mode |= HCI_LM_FIPS;
1176
1177 return link_mode;
1178}
1179
1da177e4
LT		 1180int hci_get_conn_list(void __user *arg)
1181{
fc5fef61 1182 struct hci_conn *c;
1da177e4
LT		 1183 struct hci_conn_list_req req, *cl;
1184 struct hci_conn_info *ci;
1185 struct hci_dev *hdev;
1da177e4
LT		 1186 int n = 0, size, err;
1187
1188 if (copy_from_user(&req, arg, sizeof(req)))
1189 return -EFAULT;
1190
1191 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1192 return -EINVAL;
1193
1194 size = sizeof(req) + req.conn_num * sizeof(*ci);
1195
70f23020
AE		 1196 cl = kmalloc(size, GFP_KERNEL);
1197 if (!cl)
1da177e4
LT		 1198 return -ENOMEM;
1199
70f23020
AE		 1200 hdev = hci_dev_get(req.dev_id);
1201 if (!hdev) {
1da177e4
LT		 1202 kfree(cl);
1203 return -ENODEV;
1204 }
1205
1206 ci = cl->conn_info;
1207
09fd0de5 1208 hci_dev_lock(hdev);
8035ded4 1209 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1210 bacpy(&(ci + n)->bdaddr, &c->dst);
1211 (ci + n)->handle = c->handle;
1212 (ci + n)->type = c->type;
1213 (ci + n)->out = c->out;
1214 (ci + n)->state = c->state;
4dae2798 1215 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 1216 if (++n >= req.conn_num)
1217 break;
1218 }
09fd0de5 1219 hci_dev_unlock(hdev);
1da177e4
LT		 1220
1221 cl->dev_id = hdev->id;
1222 cl->conn_num = n;
1223 size = sizeof(req) + n * sizeof(*ci);
1224
1225 hci_dev_put(hdev);
1226
1227 err = copy_to_user(arg, cl, size);
1228 kfree(cl);
1229
1230 return err ? -EFAULT : 0;
1231}
1232
1233int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1234{
1235 struct hci_conn_info_req req;
1236 struct hci_conn_info ci;
1237 struct hci_conn *conn;
1238 char __user *ptr = arg + sizeof(req);
1239
1240 if (copy_from_user(&req, arg, sizeof(req)))
1241 return -EFAULT;
1242
09fd0de5 1243 hci_dev_lock(hdev);
1da177e4
LT		 1244 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1245 if (conn) {
1246 bacpy(&ci.bdaddr, &conn->dst);
1247 ci.handle = conn->handle;
1248 ci.type = conn->type;
1249 ci.out = conn->out;
1250 ci.state = conn->state;
4dae2798 1251 ci.link_mode = get_link_mode(conn);
1da177e4 1252 }
09fd0de5 1253 hci_dev_unlock(hdev);
1da177e4
LT		 1254
1255 if (!conn)
1256 return -ENOENT;
1257
1258 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1259}
40be492f
MH		 1260
1261int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1262{
1263 struct hci_auth_info_req req;
1264 struct hci_conn *conn;
1265
1266 if (copy_from_user(&req, arg, sizeof(req)))
1267 return -EFAULT;
1268
09fd0de5 1269 hci_dev_lock(hdev);
40be492f
MH		 1270 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1271 if (conn)
1272 req.type = conn->auth_type;
09fd0de5 1273 hci_dev_unlock(hdev);
40be492f
MH		 1274
1275 if (!conn)
1276 return -ENOENT;
1277
1278 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1279}
73d80deb
LAD		 1280
1281struct hci_chan *hci_chan_create(struct hci_conn *conn)
1282{
1283 struct hci_dev *hdev = conn->hdev;
1284 struct hci_chan *chan;
1285
38b3fef1 1286 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1287
f94b665d
JH		 1288 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
1289 BT_DBG("Refusing to create new hci_chan");
1290 return NULL;
1291 }
1292
27f70f3e 1293 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 1294 if (!chan)
1295 return NULL;
1296
6c388d32 1297 chan->conn = hci_conn_get(conn);
73d80deb 1298 skb_queue_head_init(&chan->data_q);
168df8e5 1299 chan->state = BT_CONNECTED;
73d80deb 1300
8192edef 1301 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1302
1303 return chan;
1304}
1305
9472007c 1306void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1307{
1308 struct hci_conn *conn = chan->conn;
1309 struct hci_dev *hdev = conn->hdev;
1310
38b3fef1 1311 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1312
8192edef
GP		 1313 list_del_rcu(&chan->list);
1314
1315 synchronize_rcu();
73d80deb 1316
bcbb655a 1317 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 1318 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 1319
6c388d32 1320 hci_conn_put(conn);
e9b02748 1321
73d80deb
LAD		 1322 skb_queue_purge(&chan->data_q);
1323 kfree(chan);
73d80deb
LAD		 1324}
1325
2c33c06a 1326void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1327{
2a5a5ec6 1328 struct hci_chan *chan, *n;
73d80deb 1329
38b3fef1 1330 BT_DBG("hcon %p", conn);
73d80deb 1331
2a5a5ec6 1332 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1333 hci_chan_del(chan);
1334}
42c4e53e
AE		 1335
1336static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1337 __u16 handle)
1338{
1339 struct hci_chan *hchan;
1340
1341 list_for_each_entry(hchan, &hcon->chan_list, list) {
1342 if (hchan->handle == handle)
1343 return hchan;
1344 }
1345
1346 return NULL;
1347}
1348
1349struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1350{
1351 struct hci_conn_hash *h = &hdev->conn_hash;
1352 struct hci_conn *hcon;
1353 struct hci_chan *hchan = NULL;
1354
1355 rcu_read_lock();
1356
1357 list_for_each_entry_rcu(hcon, &h->list, list) {
1358 hchan = __hci_chan_lookup_handle(hcon, handle);
1359 if (hchan)
1360 break;
1361 }
1362
1363 rcu_read_unlock();
1364
1365 return hchan;
1366}
ubuntu-zesty-kernel mirror