]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hci_conn.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unnecessary hcon->smp_conn variable
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
4bc58f51 31#include <net/bluetooth/l2cap.h>
1da177e4 32
ac4b7236 33#include "smp.h"
7024728e
MH		 34#include "a2mp.h"
35
2dea632f
FD		 36struct sco_param {
37 u16 pkt_type;
38 u16 max_latency;
39};
40
41static const struct sco_param sco_param_cvsd[] = {
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
44 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
45 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
46 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
47};
48
49static const struct sco_param sco_param_wideband[] = {
50 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
51 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
52};
53
1aef8669 54static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 55{
56 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
57}
58
1aef8669 59static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 60{
61 struct hci_dev *hdev = conn->hdev;
62 struct inquiry_entry *ie;
63 struct hci_cp_create_conn cp;
64
42d2d87c 65 BT_DBG("hcon %p", conn);
1da177e4
LT		 66
67 conn->state = BT_CONNECT;
a0c808b3 68 conn->out = true;
a8746417 69
4dae2798 70 set_bit(HCI_CONN_MASTER, &conn->flags);
1da177e4 71
4c67bc74
MH		 72 conn->attempt++;
73
e4e8e37c
MH		 74 conn->link_policy = hdev->link_policy;
75
1da177e4
LT		 76 memset(&cp, 0, sizeof(cp));
77 bacpy(&cp.bdaddr, &conn->dst);
78 cp.pscan_rep_mode = 0x02;
79
70f23020
AE		 80 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
81 if (ie) {
41a96212
MH		 82 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
83 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
84 cp.pscan_mode = ie->data.pscan_mode;
85 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 86 cpu_to_le16(0x8000);
41a96212
MH		 87 }
88
1da177e4 89 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 90 if (ie->data.ssp_mode > 0)
91 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 92 }
93
a8746417 94 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 95 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 96 cp.role_switch = 0x01;
1da177e4 97 else
b6a0dc82 98 cp.role_switch = 0x00;
4c67bc74 99
a9de9248 100 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 101}
102
1aef8669 103static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 104{
105 struct hci_cp_create_conn_cancel cp;
106
38b3fef1 107 BT_DBG("hcon %p", conn);
6ac59344 108
d095c1eb 109 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 110 return;
111
112 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 113 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 114}
115
93796fa6
CT		 116static void hci_reject_sco(struct hci_conn *conn)
117{
118 struct hci_cp_reject_sync_conn_req cp;
119
120 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
121 bacpy(&cp.bdaddr, &conn->dst);
122
123 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
124}
125
bed71748 126void hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 127{
128 struct hci_cp_disconnect cp;
129
38b3fef1 130 BT_DBG("hcon %p", conn);
1da177e4
LT		 131
132 conn->state = BT_DISCONN;
133
aca3192c 134 cp.handle = cpu_to_le16(conn->handle);
1da177e4 135 cp.reason = reason;
a9de9248 136 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 137}
138
53502d69
AE		 139static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
140{
141 struct hci_cp_disconn_phy_link cp;
142
143 BT_DBG("hcon %p", conn);
144
145 conn->state = BT_DISCONN;
146
147 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
148 cp.reason = reason;
149 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
150 sizeof(cp), &cp);
151}
152
57f5d0d1 153static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 154{
155 struct hci_dev *hdev = conn->hdev;
156 struct hci_cp_add_sco cp;
157
38b3fef1 158 BT_DBG("hcon %p", conn);
1da177e4
LT		 159
160 conn->state = BT_CONNECT;
a0c808b3 161 conn->out = true;
1da177e4 162
efc7688b
MH		 163 conn->attempt++;
164
aca3192c 165 cp.handle = cpu_to_le16(handle);
a8746417 166 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 167
a9de9248 168 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 169}
170
2dea632f 171bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 172{
173 struct hci_dev *hdev = conn->hdev;
174 struct hci_cp_setup_sync_conn cp;
2dea632f 175 const struct sco_param *param;
b6a0dc82 176
38b3fef1 177 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 178
179 conn->state = BT_CONNECT;
a0c808b3 180 conn->out = true;
b6a0dc82 181
efc7688b
MH		 182 conn->attempt++;
183
b6a0dc82 184 cp.handle = cpu_to_le16(handle);
b6a0dc82 185
dcf4adbf
JP		 186 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
187 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 188 cp.voice_setting = cpu_to_le16(conn->setting);
189
190 switch (conn->setting & SCO_AIRMODE_MASK) {
191 case SCO_AIRMODE_TRANSP:
2dea632f
FD		 192 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
193 return false;
10c62ddc 194 cp.retrans_effort = 0x02;
2dea632f 195 param = &sco_param_wideband[conn->attempt - 1];
10c62ddc
FD		 196 break;
197 case SCO_AIRMODE_CVSD:
2dea632f
FD		 198 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
199 return false;
200 cp.retrans_effort = 0x01;
201 param = &sco_param_cvsd[conn->attempt - 1];
10c62ddc 202 break;
2dea632f
FD		 203 default:
204 return false;
10c62ddc 205 }
b6a0dc82 206
2dea632f
FD		 207 cp.pkt_type = __cpu_to_le16(param->pkt_type);
208 cp.max_latency = __cpu_to_le16(param->max_latency);
209
210 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
211 return false;
212
213 return true;
b6a0dc82
MH		 214}
215
2ce603eb 216void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
5974e4c4 217 u16 latency, u16 to_multiplier)
2ce603eb
CT		 218{
219 struct hci_cp_le_conn_update cp;
220 struct hci_dev *hdev = conn->hdev;
221
222 memset(&cp, 0, sizeof(cp));
223
224 cp.handle = cpu_to_le16(conn->handle);
225 cp.conn_interval_min = cpu_to_le16(min);
226 cp.conn_interval_max = cpu_to_le16(max);
227 cp.conn_latency = cpu_to_le16(latency);
228 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 229 cp.min_ce_len = cpu_to_le16(0x0000);
230 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 231
232 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
233}
2ce603eb 234
fe39c7b2 235void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 236 __u8 ltk[16])
a7a595f6
VCG		 237{
238 struct hci_dev *hdev = conn->hdev;
239 struct hci_cp_le_start_enc cp;
240
38b3fef1 241 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 242
243 memset(&cp, 0, sizeof(cp));
244
245 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 246 cp.rand = rand;
a7a595f6 247 cp.ediv = ediv;
fe39c7b2 248 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG		 249
250 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
251}
a7a595f6 252
e73439d8
MH		 253/* Device _must_ be locked */
254void hci_sco_setup(struct hci_conn *conn, __u8 status)
255{
256 struct hci_conn *sco = conn->link;
257
e73439d8
MH		 258 if (!sco)
259 return;
260
38b3fef1
AE		 261 BT_DBG("hcon %p", conn);
262
e73439d8
MH		 263 if (!status) {
264 if (lmp_esco_capable(conn->hdev))
265 hci_setup_sync(sco, conn->handle);
266 else
267 hci_add_sco(sco, conn->handle);
268 } else {
269 hci_proto_connect_cfm(sco, status);
270 hci_conn_del(sco);
271 }
272}
273
53502d69
AE		 274static void hci_conn_disconnect(struct hci_conn *conn)
275{
276 __u8 reason = hci_proto_disconn_ind(conn);
277
278 switch (conn->type) {
53502d69
AE		 279 case AMP_LINK:
280 hci_amp_disconn(conn, reason);
281 break;
4c02e2d4 282 default:
bed71748 283 hci_disconnect(conn, reason);
4c02e2d4 284 break;
53502d69
AE		 285 }
286}
287
19c40e3b 288static void hci_conn_timeout(struct work_struct *work)
1da177e4 289{
19c40e3b 290 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 291 disc_work.work);
1d56dc4f 292 int refcnt = atomic_read(&conn->refcnt);
1da177e4 293
38b3fef1 294 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 295
1d56dc4f
LR		 296 WARN_ON(refcnt < 0);
297
298 /* FIXME: It was observed that in pairing failed scenario, refcnt
299 * drops below 0. Probably this is because l2cap_conn_del calls
300 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
301 * dropped. After that loop hci_chan_del is called which also drops
302 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
303 * otherwise drop it.
304 */
305 if (refcnt > 0)
1da177e4
LT		 306 return;
307
6ac59344
MH		 308 switch (conn->state) {
309 case BT_CONNECT:
769be974 310 case BT_CONNECT2:
fcd89c09
VT		 311 if (conn->out) {
312 if (conn->type == ACL_LINK)
1aef8669 313 hci_acl_create_connection_cancel(conn);
fcd89c09 314 else if (conn->type == LE_LINK)
1aef8669 315 hci_le_create_connection_cancel(conn);
93796fa6
CT		 316 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
317 hci_reject_sco(conn);
fcd89c09 318 }
6ac59344 319 break;
769be974 320 case BT_CONFIG:
8e87d142 321 case BT_CONNECTED:
53502d69 322 hci_conn_disconnect(conn);
6ac59344
MH		 323 break;
324 default:
1da177e4 325 conn->state = BT_CLOSED;
6ac59344
MH		 326 break;
327 }
1da177e4
LT		 328}
329
416dc94b 330/* Enter sniff mode */
a74a84f6 331static void hci_conn_idle(struct work_struct *work)
416dc94b 332{
a74a84f6
JH		 333 struct hci_conn *conn = container_of(work, struct hci_conn,
334 idle_work.work);
416dc94b
GP		 335 struct hci_dev *hdev = conn->hdev;
336
38b3fef1 337 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b
GP		 338
339 if (test_bit(HCI_RAW, &hdev->flags))
340 return;
341
342 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
343 return;
344
345 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
346 return;
347
348 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
349 struct hci_cp_sniff_subrate cp;
350 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 351 cp.max_latency = cpu_to_le16(0);
352 cp.min_remote_timeout = cpu_to_le16(0);
353 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 354 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
355 }
356
51a8efd7 357 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 358 struct hci_cp_sniff_mode cp;
359 cp.handle = cpu_to_le16(conn->handle);
360 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
361 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 362 cp.attempt = cpu_to_le16(4);
363 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 364 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
365 }
366}
367
7bc18d9d 368static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 369{
7bc18d9d
JH		 370 struct hci_conn *conn = container_of(work, struct hci_conn,
371 auto_accept_work.work);
9f61656a 372
7bc18d9d 373 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 374 &conn->dst);
9f61656a
JH		 375}
376
9489eca4
JH		 377static void le_conn_timeout(struct work_struct *work)
378{
379 struct hci_conn *conn = container_of(work, struct hci_conn,
380 le_conn_timeout.work);
3c857757 381 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 382
383 BT_DBG("");
384
3c857757
JH		 385 /* We could end up here due to having done directed advertising,
386 * so clean up the state if necessary. This should however only
387 * happen with broken hardware or if low duty cycle was used
388 * (which doesn't have a timeout of its own).
389 */
390 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
391 u8 enable = 0x00;
392 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
393 &enable);
394 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
395 return;
396 }
397
9489eca4
JH		 398 hci_le_create_connection_cancel(conn);
399}
400
1da177e4
LT		 401struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
402{
403 struct hci_conn *conn;
404
6ed93dc6 405 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 406
cb601d7e 407 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
04837f64 408 if (!conn)
1da177e4 409 return NULL;
1da177e4
LT		 410
411 bacpy(&conn->dst, dst);
662e8820 412 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 413 conn->hdev = hdev;
414 conn->type = type;
415 conn->mode = HCI_CM_ACTIVE;
416 conn->state = BT_OPEN;
93f19c9f 417 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 418 conn->io_capability = hdev->io_capability;
a9583556 419 conn->remote_auth = 0xff;
13d39315 420 conn->key_type = 0xff;
5a134fae 421 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 422 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 423
58a681ef 424 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 425 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 426
a8746417
MH		 427 switch (type) {
428 case ACL_LINK:
429 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
430 break;
9c84d1da
JH		 431 case LE_LINK:
432 /* conn->src should reflect the local identity address */
433 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
434 break;
a8746417
MH		 435 case SCO_LINK:
436 if (lmp_esco_capable(hdev))
efc7688b
MH		 437 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
438 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 439 else
440 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
441 break;
442 case ESCO_LINK:
efc7688b 443 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 444 break;
445 }
446
1da177e4 447 skb_queue_head_init(&conn->data_q);
04837f64 448
70c1f20b 449 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 450
19c40e3b 451 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 452 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 453 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 454 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 455
456 atomic_set(&conn->refcnt, 0);
457
458 hci_dev_hold(hdev);
459
1da177e4 460 hci_conn_hash_add(hdev, conn);
3c54711c 461 if (hdev->notify)
1da177e4
LT		 462 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
463
a67e899c
MH		 464 hci_conn_init_sysfs(conn);
465
1da177e4
LT		 466 return conn;
467}
468
469int hci_conn_del(struct hci_conn *conn)
470{
471 struct hci_dev *hdev = conn->hdev;
472
38b3fef1 473 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 474
19c40e3b 475 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 476 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 477 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 478
5b7f9909 479 if (conn->type == ACL_LINK) {
1da177e4
LT		 480 struct hci_conn *sco = conn->link;
481 if (sco)
482 sco->link = NULL;
483
484 /* Unacked frames */
485 hdev->acl_cnt += conn->sent;
6ed58ec5 486 } else if (conn->type == LE_LINK) {
9489eca4
JH		 487 cancel_delayed_work_sync(&conn->le_conn_timeout);
488
6ed58ec5
VT		 489 if (hdev->le_pkts)
490 hdev->le_cnt += conn->sent;
491 else
492 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 493 } else {
494 struct hci_conn *acl = conn->link;
495 if (acl) {
496 acl->link = NULL;
76a68ba0 497 hci_conn_drop(acl);
5b7f9909 498 }
1da177e4
LT		 499 }
500
2c33c06a 501 hci_chan_list_flush(conn);
73d80deb 502
9740e49d
AE		 503 if (conn->amp_mgr)
504 amp_mgr_put(conn->amp_mgr);
505
1da177e4 506 hci_conn_hash_del(hdev, conn);
3c54711c 507 if (hdev->notify)
1da177e4 508 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 509
1da177e4 510 skb_queue_purge(&conn->data_q);
1da177e4 511
fc225c3f 512 hci_conn_del_sysfs(conn);
2ae9a6be 513
384943ec
MH		 514 hci_dev_put(hdev);
515
8d12356f 516 hci_conn_put(conn);
163f4dab 517
1da177e4
LT		 518 return 0;
519}
520
521struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
522{
523 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 524 struct hci_dev *hdev = NULL, *d;
1da177e4 525
6ed93dc6 526 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 527
f20d09d5 528 read_lock(&hci_dev_list_lock);
1da177e4 529
8035ded4 530 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 531 if (!test_bit(HCI_UP, &d->flags) ||
d300fa9b 532 test_bit(HCI_RAW, &d->flags) ||
af750e94 533 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 534 d->dev_type != HCI_BREDR)
1da177e4
LT		 535 continue;
536
8e87d142 537 /* Simple routing:
1da177e4
LT		 538 * No source address - find interface with bdaddr != dst
539 * Source address - find interface with bdaddr == src
540 */
541
542 if (use_src) {
543 if (!bacmp(&d->bdaddr, src)) {
544 hdev = d; break;
545 }
546 } else {
547 if (bacmp(&d->bdaddr, dst)) {
548 hdev = d; break;
549 }
550 }
551 }
552
553 if (hdev)
554 hdev = hci_dev_hold(hdev);
555
f20d09d5 556 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 557 return hdev;
558}
559EXPORT_SYMBOL(hci_get_route);
560
9bb3c01f 561/* This function requires the caller holds hdev->lock */
06c053fb 562void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 563{
564 struct hci_dev *hdev = conn->hdev;
565
566 conn->state = BT_CLOSED;
567
568 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
569 status);
570
571 hci_proto_connect_cfm(conn, status);
572
573 hci_conn_del(conn);
a4790dbd
AG		 574
575 /* Since we may have temporarily stopped the background scanning in
576 * favor of connection establishment, we should restart it.
577 */
578 hci_update_background_scan(hdev);
3c857757
JH		 579
580 /* Re-enable advertising in case this was a failed connection
581 * attempt as a peripheral.
582 */
583 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 584}
585
1d399ae5
AG		 586static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
587{
588 struct hci_conn *conn;
589
590 if (status == 0)
591 return;
592
593 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
594 status);
595
596 hci_dev_lock(hdev);
597
598 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
599 if (!conn)
600 goto done;
601
06c053fb 602 hci_le_conn_failed(conn, status);
1d399ae5
AG		 603
604done:
605 hci_dev_unlock(hdev);
606}
607
2acf3d90
AG		 608static void hci_req_add_le_create_conn(struct hci_request *req,
609 struct hci_conn *conn)
610{
611 struct hci_cp_le_create_conn cp;
612 struct hci_dev *hdev = conn->hdev;
613 u8 own_addr_type;
614
615 memset(&cp, 0, sizeof(cp));
616
617 /* Update random address, but set require_privacy to false so
618 * that we never connect with an unresolvable address.
619 */
620 if (hci_update_random_address(req, false, &own_addr_type))
621 return;
622
2acf3d90
AG		 623 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
624 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
625 bacpy(&cp.peer_addr, &conn->dst);
626 cp.peer_addr_type = conn->dst_type;
627 cp.own_address_type = own_addr_type;
628 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
629 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
dcf4adbf
JP		 630 cp.supervision_timeout = cpu_to_le16(0x002a);
631 cp.min_ce_len = cpu_to_le16(0x0000);
632 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 633
634 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 635
636 conn->state = BT_CONNECT;
2acf3d90
AG		 637}
638
3c857757
JH		 639static void hci_req_directed_advertising(struct hci_request *req,
640 struct hci_conn *conn)
641{
642 struct hci_dev *hdev = req->hdev;
643 struct hci_cp_le_set_adv_param cp;
644 u8 own_addr_type;
645 u8 enable;
646
647 enable = 0x00;
648 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
649
650 /* Clear the HCI_ADVERTISING bit temporarily so that the
651 * hci_update_random_address knows that it's safe to go ahead
652 * and write a new random address. The flag will be set back on
653 * as soon as the SET_ADV_ENABLE HCI command completes.
654 */
655 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
656
657 /* Set require_privacy to false so that the remote device has a
658 * chance of identifying us.
659 */
660 if (hci_update_random_address(req, false, &own_addr_type) < 0)
661 return;
662
663 memset(&cp, 0, sizeof(cp));
664 cp.type = LE_ADV_DIRECT_IND;
665 cp.own_address_type = own_addr_type;
666 cp.direct_addr_type = conn->dst_type;
667 bacpy(&cp.direct_addr, &conn->dst);
668 cp.channel_map = hdev->le_adv_channel_map;
669
670 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
671
672 enable = 0x01;
673 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
674
675 conn->state = BT_CONNECT;
676}
677
04a6c589
AG		 678struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
679 u8 dst_type, u8 sec_level, u8 auth_type)
1da177e4 680{
4292f1f3 681 struct hci_conn_params *params;
f1e5d547 682 struct hci_conn *conn;
1ebfcc1f 683 struct smp_irk *irk;
2acf3d90 684 struct hci_request req;
1d399ae5 685 int err;
1da177e4 686
620ad521
AG		 687 /* Some devices send ATT messages as soon as the physical link is
688 * established. To be able to handle these ATT messages, the user-
689 * space first establishes the connection and then starts the pairing
690 * process.
691 *
692 * So if a hci_conn object already exists for the following connection
693 * attempt, we simply update pending_sec_level and auth_type fields
694 * and return the object found.
695 */
f1e5d547 696 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 697 if (conn) {
698 conn->pending_sec_level = sec_level;
699 conn->auth_type = auth_type;
700 goto done;
701 }
dfc94dbd 702
620ad521
AG		 703 /* Since the controller supports only one LE connection attempt at a
704 * time, we return -EBUSY if there is any connection attempt running.
705 */
706 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
707 if (conn)
708 return ERR_PTR(-EBUSY);
46a190cb 709
edb4b466
MH		 710 /* When given an identity address with existing identity
711 * resolving key, the connection needs to be established
712 * to a resolvable random address.
713 *
714 * This uses the cached random resolvable address from
715 * a previous scan. When no cached address is available,
716 * try connecting to the identity address instead.
717 *
718 * Storing the resolvable random address is required here
719 * to handle connection failures. The address will later
720 * be resolved back into the original identity address
721 * from the connect request.
722 */
1ebfcc1f
JH		 723 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
724 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
725 dst = &irk->rpa;
726 dst_type = ADDR_LE_DEV_RANDOM;
727 }
728
620ad521
AG		 729 conn = hci_conn_add(hdev, LE_LINK, dst);
730 if (!conn)
731 return ERR_PTR(-ENOMEM);
9f0caeb1 732
1ebfcc1f 733 conn->dst_type = dst_type;
620ad521 734 conn->sec_level = BT_SECURITY_LOW;
f1e5d547
AG		 735 conn->pending_sec_level = sec_level;
736 conn->auth_type = auth_type;
4292f1f3 737
3c857757
JH		 738 hci_req_init(&req, hdev);
739
740 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
741 hci_req_directed_advertising(&req, conn);
742 goto create_conn;
743 }
744
745 conn->out = true;
4dae2798 746 set_bit(HCI_CONN_MASTER, &conn->flags);
3c857757 747
4292f1f3
AG		 748 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
749 if (params) {
750 conn->le_conn_min_interval = params->conn_min_interval;
751 conn->le_conn_max_interval = params->conn_max_interval;
752 } else {
753 conn->le_conn_min_interval = hdev->le_conn_min_interval;
754 conn->le_conn_max_interval = hdev->le_conn_max_interval;
755 }
eda42b50 756
2acf3d90 757 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 758 * not able to scan and connect at the same time. Also set the
759 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
760 * handler for scan disabling knows to set the correct discovery
761 * state.
2acf3d90
AG		 762 */
763 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
764 hci_req_add_le_scan_disable(&req);
81ad6fd9 765 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG		 766 }
767
81ad6fd9
JH		 768 hci_req_add_le_create_conn(&req, conn);
769
3c857757 770create_conn:
81ad6fd9 771 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 772 if (err) {
773 hci_conn_del(conn);
620ad521 774 return ERR_PTR(err);
2acf3d90 775 }
fcd89c09 776
620ad521
AG		 777done:
778 hci_conn_hold(conn);
f1e5d547 779 return conn;
d04aef4c 780}
fcd89c09 781
04a6c589
AG		 782struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
783 u8 sec_level, u8 auth_type)
1da177e4
LT		 784{
785 struct hci_conn *acl;
fcd89c09 786
56f87901
JH		 787 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
788 return ERR_PTR(-ENOTSUPP);
789
70f23020
AE		 790 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
791 if (!acl) {
792 acl = hci_conn_add(hdev, ACL_LINK, dst);
793 if (!acl)
48c7aba9 794 return ERR_PTR(-ENOMEM);
1da177e4
LT		 795 }
796
797 hci_conn_hold(acl);
798
09ab6f4c 799 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 800 acl->sec_level = BT_SECURITY_LOW;
801 acl->pending_sec_level = sec_level;
09ab6f4c 802 acl->auth_type = auth_type;
1aef8669 803 hci_acl_create_connection(acl);
09ab6f4c 804 }
1da177e4 805
db474275
VCG		 806 return acl;
807}
808
10c62ddc
FD		 809struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
810 __u16 setting)
db474275
VCG		 811{
812 struct hci_conn *acl;
813 struct hci_conn *sco;
814
e660ed6c 815 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 816 if (IS_ERR(acl))
5b7f9909 817 return acl;
1da177e4 818
70f23020
AE		 819 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
820 if (!sco) {
821 sco = hci_conn_add(hdev, type, dst);
822 if (!sco) {
76a68ba0 823 hci_conn_drop(acl);
48c7aba9 824 return ERR_PTR(-ENOMEM);
1da177e4 825 }
5b7f9909 826 }
1da177e4 827
5b7f9909
MH		 828 acl->link = sco;
829 sco->link = acl;
1da177e4 830
5b7f9909 831 hci_conn_hold(sco);
1da177e4 832
10c62ddc
FD		 833 sco->setting = setting;
834
5b7f9909 835 if (acl->state == BT_CONNECTED &&
5974e4c4 836 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 837 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 838 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 839
51a8efd7 840 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 841 /* defer SCO setup until mode change completed */
51a8efd7 842 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 843 return sco;
844 }
845
846 hci_sco_setup(acl, 0x00);
b6a0dc82 847 }
5b7f9909
MH		 848
849 return sco;
1da177e4 850}
1da177e4 851
e7c29cb1
MH		 852/* Check link security requirement */
853int hci_conn_check_link_mode(struct hci_conn *conn)
854{
38b3fef1 855 BT_DBG("hcon %p", conn);
e7c29cb1 856
40b552aa
MH		 857 /* In Secure Connections Only mode, it is required that Secure
858 * Connections is used and the link is encrypted with AES-CCM
859 * using a P-256 authenticated combination key.
860 */
861 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
862 if (!hci_conn_sc_enabled(conn) ||
863 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
864 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
865 return 0;
866 }
867
4dae2798
JH		 868 if (hci_conn_ssp_enabled(conn) &&
869 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 870 return 0;
871
872 return 1;
873}
e7c29cb1 874
1da177e4 875/* Authenticate remote device */
0684e5f9 876static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 877{
38b3fef1 878 BT_DBG("hcon %p", conn);
1da177e4 879
765c2a96
JH		 880 if (conn->pending_sec_level > sec_level)
881 sec_level = conn->pending_sec_level;
882
96a31833 883 if (sec_level > conn->sec_level)
765c2a96 884 conn->pending_sec_level = sec_level;
4dae2798 885 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 886 return 1;
887
65cf686e
JH		 888 /* Make sure we preserve an existing MITM requirement*/
889 auth_type |= (conn->auth_type & 0x01);
890
96a31833
MH		 891 conn->auth_type = auth_type;
892
51a8efd7 893 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 894 struct hci_cp_auth_requested cp;
b7d05bad 895
aca3192c 896 cp.handle = cpu_to_le16(conn->handle);
40be492f 897 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 898 sizeof(cp), &cp);
09da1f34
JH		 899
900 /* If we're already encrypted set the REAUTH_PEND flag,
901 * otherwise set the ENCRYPT_PEND.
902 */
4dae2798 903 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 904 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 905 else
906 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 907 }
8c1b2355 908
1da177e4
LT		 909 return 0;
910}
1da177e4 911
13d39315
WR		 912/* Encrypt the the link */
913static void hci_conn_encrypt(struct hci_conn *conn)
914{
38b3fef1 915 BT_DBG("hcon %p", conn);
13d39315 916
51a8efd7 917 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 918 struct hci_cp_set_conn_encrypt cp;
919 cp.handle = cpu_to_le16(conn->handle);
920 cp.encrypt = 0x01;
921 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 922 &cp);
13d39315
WR		 923 }
924}
925
8c1b2355 926/* Enable security */
0684e5f9 927int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 928{
38b3fef1 929 BT_DBG("hcon %p", conn);
1da177e4 930
d8343f12
VCG		 931 if (conn->type == LE_LINK)
932 return smp_conn_security(conn, sec_level);
933
13d39315 934 /* For sdp we don't need the link key. */
8c1b2355
MH		 935 if (sec_level == BT_SECURITY_SDP)
936 return 1;
937
13d39315
WR		 938 /* For non 2.1 devices and low security level we don't need the link
939 key. */
aa64a8b5 940 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 941 return 1;
8c1b2355 942
13d39315 943 /* For other security levels we need the link key. */
4dae2798 944 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 945 goto auth;
946
7b5a9241
MH		 947 /* An authenticated FIPS approved combination key has sufficient
948 * security for security level 4. */
949 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
950 sec_level == BT_SECURITY_FIPS)
951 goto encrypt;
952
953 /* An authenticated combination key has sufficient security for
954 security level 3. */
955 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
956 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
957 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 958 goto encrypt;
959
960 /* An unauthenticated combination key has sufficient security for
961 security level 1 and 2. */
66138ce8
MH		 962 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
963 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 964 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 965 goto encrypt;
966
967 /* A combination key has always sufficient security for the security
968 levels 1 or 2. High security level requires the combination key
969 is generated using maximum PIN code length (16).
970 For pre 2.1 units. */
971 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 972 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
973 conn->pin_length == 16))
13d39315
WR		 974 goto encrypt;
975
976auth:
51a8efd7 977 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 978 return 0;
979
6fdf658c
LAD		 980 if (!hci_conn_auth(conn, sec_level, auth_type))
981 return 0;
13d39315
WR		 982
983encrypt:
4dae2798 984 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 985 return 1;
8c1b2355 986
13d39315 987 hci_conn_encrypt(conn);
1da177e4
LT		 988 return 0;
989}
8c1b2355 990EXPORT_SYMBOL(hci_conn_security);
1da177e4 991
b3b1b061
WR		 992/* Check secure link requirement */
993int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
994{
38b3fef1 995 BT_DBG("hcon %p", conn);
b3b1b061 996
9cb2e030
MH		 997 /* Accept if non-secure or higher security level is required */
998 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
999 return 1;
b3b1b061 1000
9cb2e030
MH		 1001 /* Accept if secure or higher security level is already present */
1002 if (conn->sec_level == BT_SECURITY_HIGH ||
1003 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 1004 return 1;
1005
9cb2e030
MH		 1006 /* Reject not secure link */
1007 return 0;
b3b1b061
WR		 1008}
1009EXPORT_SYMBOL(hci_conn_check_secure);
1010
1da177e4
LT		 1011/* Change link key */
1012int hci_conn_change_link_key(struct hci_conn *conn)
1013{
38b3fef1 1014 BT_DBG("hcon %p", conn);
1da177e4 1015
51a8efd7 1016 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1017 struct hci_cp_change_conn_link_key cp;
aca3192c 1018 cp.handle = cpu_to_le16(conn->handle);
40be492f 1019 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1020 sizeof(cp), &cp);
1da177e4 1021 }
8c1b2355 1022
1da177e4
LT		 1023 return 0;
1024}
1da177e4
LT		 1025
1026/* Switch role */
8c1b2355 1027int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1028{
38b3fef1 1029 BT_DBG("hcon %p", conn);
1da177e4 1030
4dae2798 1031 if (!role && test_bit(HCI_CONN_MASTER, &conn->flags))
1da177e4
LT		 1032 return 1;
1033
51a8efd7 1034 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1035 struct hci_cp_switch_role cp;
1036 bacpy(&cp.bdaddr, &conn->dst);
1037 cp.role = role;
a9de9248 1038 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1039 }
8c1b2355 1040
1da177e4
LT		 1041 return 0;
1042}
1043EXPORT_SYMBOL(hci_conn_switch_role);
1044
04837f64 1045/* Enter active mode */
14b12d0b 1046void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1047{
1048 struct hci_dev *hdev = conn->hdev;
1049
38b3fef1 1050 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64
MH		 1051
1052 if (test_bit(HCI_RAW, &hdev->flags))
1053 return;
1054
14b12d0b
JG		 1055 if (conn->mode != HCI_CM_SNIFF)
1056 goto timer;
1057
58a681ef 1058 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1059 goto timer;
1060
51a8efd7 1061 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1062 struct hci_cp_exit_sniff_mode cp;
aca3192c 1063 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1064 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1065 }
1066
1067timer:
1068 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1069 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1070 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1071}
1072
1da177e4
LT		 1073/* Drop all connection on the device */
1074void hci_conn_hash_flush(struct hci_dev *hdev)
1075{
1076 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1077 struct hci_conn *c, *n;
1da177e4
LT		 1078
1079 BT_DBG("hdev %s", hdev->name);
1080
3c4e0df0 1081 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1082 c->state = BT_CLOSED;
1083
9f5a0d7b 1084 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1085 hci_conn_del(c);
1086 }
1087}
1088
a9de9248
MH		 1089/* Check pending connect attempts */
1090void hci_conn_check_pending(struct hci_dev *hdev)
1091{
1092 struct hci_conn *conn;
1093
1094 BT_DBG("hdev %s", hdev->name);
1095
1096 hci_dev_lock(hdev);
1097
1098 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1099 if (conn)
1aef8669 1100 hci_acl_create_connection(conn);
a9de9248
MH		 1101
1102 hci_dev_unlock(hdev);
1103}
1104
4dae2798
JH		 1105static u32 get_link_mode(struct hci_conn *conn)
1106{
1107 u32 link_mode = 0;
1108
1109 if (test_bit(HCI_CONN_MASTER, &conn->flags))
1110 link_mode |= HCI_LM_MASTER;
1111
1112 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1113 link_mode |= HCI_LM_ENCRYPT;
1114
1115 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1116 link_mode |= HCI_LM_AUTH;
1117
1118 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1119 link_mode |= HCI_LM_SECURE;
1120
1121 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1122 link_mode |= HCI_LM_FIPS;
1123
1124 return link_mode;
1125}
1126
1da177e4
LT		 1127int hci_get_conn_list(void __user *arg)
1128{
fc5fef61 1129 struct hci_conn *c;
1da177e4
LT		 1130 struct hci_conn_list_req req, *cl;
1131 struct hci_conn_info *ci;
1132 struct hci_dev *hdev;
1da177e4
LT		 1133 int n = 0, size, err;
1134
1135 if (copy_from_user(&req, arg, sizeof(req)))
1136 return -EFAULT;
1137
1138 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1139 return -EINVAL;
1140
1141 size = sizeof(req) + req.conn_num * sizeof(*ci);
1142
70f23020
AE		 1143 cl = kmalloc(size, GFP_KERNEL);
1144 if (!cl)
1da177e4
LT		 1145 return -ENOMEM;
1146
70f23020
AE		 1147 hdev = hci_dev_get(req.dev_id);
1148 if (!hdev) {
1da177e4
LT		 1149 kfree(cl);
1150 return -ENODEV;
1151 }
1152
1153 ci = cl->conn_info;
1154
09fd0de5 1155 hci_dev_lock(hdev);
8035ded4 1156 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1157 bacpy(&(ci + n)->bdaddr, &c->dst);
1158 (ci + n)->handle = c->handle;
1159 (ci + n)->type = c->type;
1160 (ci + n)->out = c->out;
1161 (ci + n)->state = c->state;
4dae2798 1162 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 1163 if (++n >= req.conn_num)
1164 break;
1165 }
09fd0de5 1166 hci_dev_unlock(hdev);
1da177e4
LT		 1167
1168 cl->dev_id = hdev->id;
1169 cl->conn_num = n;
1170 size = sizeof(req) + n * sizeof(*ci);
1171
1172 hci_dev_put(hdev);
1173
1174 err = copy_to_user(arg, cl, size);
1175 kfree(cl);
1176
1177 return err ? -EFAULT : 0;
1178}
1179
1180int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1181{
1182 struct hci_conn_info_req req;
1183 struct hci_conn_info ci;
1184 struct hci_conn *conn;
1185 char __user *ptr = arg + sizeof(req);
1186
1187 if (copy_from_user(&req, arg, sizeof(req)))
1188 return -EFAULT;
1189
09fd0de5 1190 hci_dev_lock(hdev);
1da177e4
LT		 1191 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1192 if (conn) {
1193 bacpy(&ci.bdaddr, &conn->dst);
1194 ci.handle = conn->handle;
1195 ci.type = conn->type;
1196 ci.out = conn->out;
1197 ci.state = conn->state;
4dae2798 1198 ci.link_mode = get_link_mode(conn);
1da177e4 1199 }
09fd0de5 1200 hci_dev_unlock(hdev);
1da177e4
LT		 1201
1202 if (!conn)
1203 return -ENOENT;
1204
1205 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1206}
40be492f
MH		 1207
1208int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1209{
1210 struct hci_auth_info_req req;
1211 struct hci_conn *conn;
1212
1213 if (copy_from_user(&req, arg, sizeof(req)))
1214 return -EFAULT;
1215
09fd0de5 1216 hci_dev_lock(hdev);
40be492f
MH		 1217 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1218 if (conn)
1219 req.type = conn->auth_type;
09fd0de5 1220 hci_dev_unlock(hdev);
40be492f
MH		 1221
1222 if (!conn)
1223 return -ENOENT;
1224
1225 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1226}
73d80deb
LAD		 1227
1228struct hci_chan *hci_chan_create(struct hci_conn *conn)
1229{
1230 struct hci_dev *hdev = conn->hdev;
1231 struct hci_chan *chan;
1232
38b3fef1 1233 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1234
75d7735c 1235 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
73d80deb
LAD		 1236 if (!chan)
1237 return NULL;
1238
1239 chan->conn = conn;
1240 skb_queue_head_init(&chan->data_q);
168df8e5 1241 chan->state = BT_CONNECTED;
73d80deb 1242
8192edef 1243 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1244
1245 return chan;
1246}
1247
9472007c 1248void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1249{
1250 struct hci_conn *conn = chan->conn;
1251 struct hci_dev *hdev = conn->hdev;
1252
38b3fef1 1253 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1254
8192edef
GP		 1255 list_del_rcu(&chan->list);
1256
1257 synchronize_rcu();
73d80deb 1258
76a68ba0 1259 hci_conn_drop(conn);
e9b02748 1260
73d80deb
LAD		 1261 skb_queue_purge(&chan->data_q);
1262 kfree(chan);
73d80deb
LAD		 1263}
1264
2c33c06a 1265void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1266{
2a5a5ec6 1267 struct hci_chan *chan, *n;
73d80deb 1268
38b3fef1 1269 BT_DBG("hcon %p", conn);
73d80deb 1270
2a5a5ec6 1271 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1272 hci_chan_del(chan);
1273}
42c4e53e
AE		 1274
1275static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1276 __u16 handle)
1277{
1278 struct hci_chan *hchan;
1279
1280 list_for_each_entry(hchan, &hcon->chan_list, list) {
1281 if (hchan->handle == handle)
1282 return hchan;
1283 }
1284
1285 return NULL;
1286}
1287
1288struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1289{
1290 struct hci_conn_hash *h = &hdev->conn_hash;
1291 struct hci_conn *hcon;
1292 struct hci_chan *hchan = NULL;
1293
1294 rcu_read_lock();
1295
1296 list_for_each_entry_rcu(hcon, &h->list, list) {
1297 hchan = __hci_chan_lookup_handle(hcon, handle);
1298 if (hchan)
1299 break;
1300 }
1301
1302 rcu_read_unlock();
1303
1304 return hchan;
1305}
ubuntu-zesty-kernel mirror