]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/bluetooth/hci_conn.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Set disc_timeout to 0 when calling hci_chan_del
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
4bc58f51 31#include <net/bluetooth/l2cap.h>
1da177e4 32
ac4b7236 33#include "smp.h"
7024728e
MH		 34#include "a2mp.h"
35
2dea632f
FD		 36struct sco_param {
37 u16 pkt_type;
38 u16 max_latency;
39};
40
41static const struct sco_param sco_param_cvsd[] = {
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
44 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
45 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
46 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
47};
48
49static const struct sco_param sco_param_wideband[] = {
50 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
51 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
52};
53
1aef8669 54static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 55{
56 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
57}
58
1aef8669 59static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 60{
61 struct hci_dev *hdev = conn->hdev;
62 struct inquiry_entry *ie;
63 struct hci_cp_create_conn cp;
64
42d2d87c 65 BT_DBG("hcon %p", conn);
1da177e4
LT		 66
67 conn->state = BT_CONNECT;
a0c808b3 68 conn->out = true;
40bef302 69 conn->role = HCI_ROLE_MASTER;
1da177e4 70
4c67bc74
MH		 71 conn->attempt++;
72
e4e8e37c
MH		 73 conn->link_policy = hdev->link_policy;
74
1da177e4
LT		 75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
70f23020
AE		 79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
41a96212
MH		 81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 85 cpu_to_le16(0x8000);
41a96212
MH		 86 }
87
1da177e4 88 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 91 }
92
a8746417 93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 95 cp.role_switch = 0x01;
1da177e4 96 else
b6a0dc82 97 cp.role_switch = 0x00;
4c67bc74 98
a9de9248 99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 100}
101
1aef8669 102static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 103{
104 struct hci_cp_create_conn_cancel cp;
105
38b3fef1 106 BT_DBG("hcon %p", conn);
6ac59344 107
d095c1eb 108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 113}
114
93796fa6
CT		 115static void hci_reject_sco(struct hci_conn *conn)
116{
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123}
124
bed71748 125void hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 126{
127 struct hci_cp_disconnect cp;
128
38b3fef1 129 BT_DBG("hcon %p", conn);
1da177e4
LT		 130
131 conn->state = BT_DISCONN;
132
aca3192c 133 cp.handle = cpu_to_le16(conn->handle);
1da177e4 134 cp.reason = reason;
a9de9248 135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 136}
137
a2b1976b 138static void hci_amp_disconn(struct hci_conn *conn)
53502d69
AE		 139{
140 struct hci_cp_disconn_phy_link cp;
141
142 BT_DBG("hcon %p", conn);
143
144 conn->state = BT_DISCONN;
145
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
a2b1976b 147 cp.reason = hci_proto_disconn_ind(conn);
53502d69
AE		 148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
149 sizeof(cp), &cp);
150}
151
57f5d0d1 152static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 153{
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
156
38b3fef1 157 BT_DBG("hcon %p", conn);
1da177e4
LT		 158
159 conn->state = BT_CONNECT;
a0c808b3 160 conn->out = true;
1da177e4 161
efc7688b
MH		 162 conn->attempt++;
163
aca3192c 164 cp.handle = cpu_to_le16(handle);
a8746417 165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 166
a9de9248 167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 168}
169
2dea632f 170bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 171{
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
2dea632f 174 const struct sco_param *param;
b6a0dc82 175
38b3fef1 176 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 177
178 conn->state = BT_CONNECT;
a0c808b3 179 conn->out = true;
b6a0dc82 180
efc7688b
MH		 181 conn->attempt++;
182
b6a0dc82 183 cp.handle = cpu_to_le16(handle);
b6a0dc82 184
dcf4adbf
JP		 185 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 187 cp.voice_setting = cpu_to_le16(conn->setting);
188
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
2dea632f
FD		 191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
192 return false;
10c62ddc 193 cp.retrans_effort = 0x02;
2dea632f 194 param = &sco_param_wideband[conn->attempt - 1];
10c62ddc
FD		 195 break;
196 case SCO_AIRMODE_CVSD:
2dea632f
FD		 197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
198 return false;
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
10c62ddc 201 break;
2dea632f
FD		 202 default:
203 return false;
10c62ddc 204 }
b6a0dc82 205
2dea632f
FD		 206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
208
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
210 return false;
211
212 return true;
b6a0dc82
MH		 213}
214
7d6ca693
JH		 215u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
216 u16 to_multiplier)
2ce603eb 217{
2ce603eb 218 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 219 struct hci_conn_params *params;
220 struct hci_cp_le_conn_update cp;
2ce603eb 221
f044eb05 222 hci_dev_lock(hdev);
2ce603eb 223
f044eb05
MH		 224 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
225 if (params) {
226 params->conn_min_interval = min;
227 params->conn_max_interval = max;
228 params->conn_latency = latency;
229 params->supervision_timeout = to_multiplier;
230 }
231
232 hci_dev_unlock(hdev);
233
234 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 235 cp.handle = cpu_to_le16(conn->handle);
236 cp.conn_interval_min = cpu_to_le16(min);
237 cp.conn_interval_max = cpu_to_le16(max);
238 cp.conn_latency = cpu_to_le16(latency);
239 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 240 cp.min_ce_len = cpu_to_le16(0x0000);
241 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 242
243 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 244
245 if (params)
246 return 0x01;
247
248 return 0x00;
2ce603eb 249}
2ce603eb 250
fe39c7b2 251void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 252 __u8 ltk[16])
a7a595f6
VCG		 253{
254 struct hci_dev *hdev = conn->hdev;
255 struct hci_cp_le_start_enc cp;
256
38b3fef1 257 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 258
259 memset(&cp, 0, sizeof(cp));
260
261 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 262 cp.rand = rand;
a7a595f6 263 cp.ediv = ediv;
fe39c7b2 264 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG		 265
266 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
267}
a7a595f6 268
e73439d8
MH		 269/* Device _must_ be locked */
270void hci_sco_setup(struct hci_conn *conn, __u8 status)
271{
272 struct hci_conn *sco = conn->link;
273
e73439d8
MH		 274 if (!sco)
275 return;
276
38b3fef1
AE		 277 BT_DBG("hcon %p", conn);
278
e73439d8
MH		 279 if (!status) {
280 if (lmp_esco_capable(conn->hdev))
281 hci_setup_sync(sco, conn->handle);
282 else
283 hci_add_sco(sco, conn->handle);
284 } else {
285 hci_proto_connect_cfm(sco, status);
286 hci_conn_del(sco);
287 }
288}
289
19c40e3b 290static void hci_conn_timeout(struct work_struct *work)
1da177e4 291{
19c40e3b 292 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 293 disc_work.work);
1d56dc4f 294 int refcnt = atomic_read(&conn->refcnt);
1da177e4 295
38b3fef1 296 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 297
1d56dc4f
LR		 298 WARN_ON(refcnt < 0);
299
300 /* FIXME: It was observed that in pairing failed scenario, refcnt
301 * drops below 0. Probably this is because l2cap_conn_del calls
302 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
303 * dropped. After that loop hci_chan_del is called which also drops
304 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
305 * otherwise drop it.
306 */
307 if (refcnt > 0)
1da177e4
LT		 308 return;
309
6ac59344
MH		 310 switch (conn->state) {
311 case BT_CONNECT:
769be974 312 case BT_CONNECT2:
fcd89c09
VT		 313 if (conn->out) {
314 if (conn->type == ACL_LINK)
1aef8669 315 hci_acl_create_connection_cancel(conn);
fcd89c09 316 else if (conn->type == LE_LINK)
1aef8669 317 hci_le_create_connection_cancel(conn);
93796fa6
CT		 318 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
319 hci_reject_sco(conn);
fcd89c09 320 }
6ac59344 321 break;
769be974 322 case BT_CONFIG:
8e87d142 323 case BT_CONNECTED:
40051e46
MH		 324 if (conn->type == AMP_LINK) {
325 hci_amp_disconn(conn);
326 } else {
327 __u8 reason = hci_proto_disconn_ind(conn);
df935429
MH		 328
329 /* When we are master of an established connection
330 * and it enters the disconnect timeout, then go
331 * ahead and try to read the current clock offset.
332 *
333 * Processing of the result is done within the
334 * event handling and hci_clock_offset_evt function.
335 */
336 if (conn->type == ACL_LINK &&
40bef302 337 conn->role == HCI_ROLE_MASTER) {
df935429
MH		 338 struct hci_dev *hdev = conn->hdev;
339 struct hci_cp_read_clock_offset cp;
340
341 cp.handle = cpu_to_le16(conn->handle);
342
343 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET,
344 sizeof(cp), &cp);
345 }
346
40051e46
MH		 347 hci_disconnect(conn, reason);
348 }
6ac59344
MH		 349 break;
350 default:
1da177e4 351 conn->state = BT_CLOSED;
6ac59344
MH		 352 break;
353 }
1da177e4
LT		 354}
355
416dc94b 356/* Enter sniff mode */
a74a84f6 357static void hci_conn_idle(struct work_struct *work)
416dc94b 358{
a74a84f6
JH		 359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 idle_work.work);
416dc94b
GP		 361 struct hci_dev *hdev = conn->hdev;
362
38b3fef1 363 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 364
416dc94b
GP		 365 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
366 return;
367
368 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
369 return;
370
371 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
372 struct hci_cp_sniff_subrate cp;
373 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 374 cp.max_latency = cpu_to_le16(0);
375 cp.min_remote_timeout = cpu_to_le16(0);
376 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 377 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
378 }
379
51a8efd7 380 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 381 struct hci_cp_sniff_mode cp;
382 cp.handle = cpu_to_le16(conn->handle);
383 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
384 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 385 cp.attempt = cpu_to_le16(4);
386 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 387 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
388 }
389}
390
7bc18d9d 391static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 392{
7bc18d9d
JH		 393 struct hci_conn *conn = container_of(work, struct hci_conn,
394 auto_accept_work.work);
9f61656a 395
7bc18d9d 396 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 397 &conn->dst);
9f61656a
JH		 398}
399
9489eca4
JH		 400static void le_conn_timeout(struct work_struct *work)
401{
402 struct hci_conn *conn = container_of(work, struct hci_conn,
403 le_conn_timeout.work);
3c857757 404 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 405
406 BT_DBG("");
407
3c857757
JH		 408 /* We could end up here due to having done directed advertising,
409 * so clean up the state if necessary. This should however only
410 * happen with broken hardware or if low duty cycle was used
411 * (which doesn't have a timeout of its own).
412 */
413 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
414 u8 enable = 0x00;
415 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
416 &enable);
417 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
418 return;
419 }
420
9489eca4
JH		 421 hci_le_create_connection_cancel(conn);
422}
423
a5c4e309
JH		 424struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
425 u8 role)
1da177e4
LT		 426{
427 struct hci_conn *conn;
428
6ed93dc6 429 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 430
27f70f3e 431 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 432 if (!conn)
1da177e4 433 return NULL;
1da177e4
LT		 434
435 bacpy(&conn->dst, dst);
662e8820 436 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 437 conn->hdev = hdev;
438 conn->type = type;
a5c4e309 439 conn->role = role;
a8746417
MH		 440 conn->mode = HCI_CM_ACTIVE;
441 conn->state = BT_OPEN;
93f19c9f 442 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 443 conn->io_capability = hdev->io_capability;
a9583556 444 conn->remote_auth = 0xff;
13d39315 445 conn->key_type = 0xff;
5a134fae 446 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 447 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 448
58a681ef 449 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 450 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 451
a5c4e309
JH		 452 if (conn->role == HCI_ROLE_MASTER)
453 conn->out = true;
454
a8746417
MH		 455 switch (type) {
456 case ACL_LINK:
457 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
458 break;
9c84d1da
JH		 459 case LE_LINK:
460 /* conn->src should reflect the local identity address */
461 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
462 break;
a8746417
MH		 463 case SCO_LINK:
464 if (lmp_esco_capable(hdev))
efc7688b
MH		 465 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
466 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 467 else
468 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
469 break;
470 case ESCO_LINK:
efc7688b 471 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 472 break;
473 }
474
1da177e4 475 skb_queue_head_init(&conn->data_q);
04837f64 476
70c1f20b 477 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 478
19c40e3b 479 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 480 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 481 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 482 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 483
484 atomic_set(&conn->refcnt, 0);
485
486 hci_dev_hold(hdev);
487
1da177e4 488 hci_conn_hash_add(hdev, conn);
3c54711c 489 if (hdev->notify)
1da177e4
LT		 490 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
491
a67e899c
MH		 492 hci_conn_init_sysfs(conn);
493
1da177e4
LT		 494 return conn;
495}
496
497int hci_conn_del(struct hci_conn *conn)
498{
499 struct hci_dev *hdev = conn->hdev;
500
38b3fef1 501 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 502
19c40e3b 503 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 504 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 505 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 506
5b7f9909 507 if (conn->type == ACL_LINK) {
1da177e4
LT		 508 struct hci_conn *sco = conn->link;
509 if (sco)
510 sco->link = NULL;
511
512 /* Unacked frames */
513 hdev->acl_cnt += conn->sent;
6ed58ec5 514 } else if (conn->type == LE_LINK) {
9489eca4
JH		 515 cancel_delayed_work_sync(&conn->le_conn_timeout);
516
6ed58ec5
VT		 517 if (hdev->le_pkts)
518 hdev->le_cnt += conn->sent;
519 else
520 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 521 } else {
522 struct hci_conn *acl = conn->link;
523 if (acl) {
524 acl->link = NULL;
76a68ba0 525 hci_conn_drop(acl);
5b7f9909 526 }
1da177e4
LT		 527 }
528
2c33c06a 529 hci_chan_list_flush(conn);
73d80deb 530
9740e49d
AE		 531 if (conn->amp_mgr)
532 amp_mgr_put(conn->amp_mgr);
533
1da177e4 534 hci_conn_hash_del(hdev, conn);
3c54711c 535 if (hdev->notify)
1da177e4 536 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 537
1da177e4 538 skb_queue_purge(&conn->data_q);
1da177e4 539
fc225c3f 540 hci_conn_del_sysfs(conn);
2ae9a6be 541
384943ec
MH		 542 hci_dev_put(hdev);
543
8d12356f 544 hci_conn_put(conn);
163f4dab 545
1da177e4
LT		 546 return 0;
547}
548
549struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
550{
551 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 552 struct hci_dev *hdev = NULL, *d;
1da177e4 553
6ed93dc6 554 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 555
f20d09d5 556 read_lock(&hci_dev_list_lock);
1da177e4 557
8035ded4 558 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 559 if (!test_bit(HCI_UP, &d->flags) ||
af750e94 560 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 561 d->dev_type != HCI_BREDR)
1da177e4
LT		 562 continue;
563
8e87d142 564 /* Simple routing:
1da177e4
LT		 565 * No source address - find interface with bdaddr != dst
566 * Source address - find interface with bdaddr == src
567 */
568
569 if (use_src) {
570 if (!bacmp(&d->bdaddr, src)) {
571 hdev = d; break;
572 }
573 } else {
574 if (bacmp(&d->bdaddr, dst)) {
575 hdev = d; break;
576 }
577 }
578 }
579
580 if (hdev)
581 hdev = hci_dev_hold(hdev);
582
f20d09d5 583 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 584 return hdev;
585}
586EXPORT_SYMBOL(hci_get_route);
587
9bb3c01f 588/* This function requires the caller holds hdev->lock */
06c053fb 589void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 590{
591 struct hci_dev *hdev = conn->hdev;
f161dd41
JH		 592 struct hci_conn_params *params;
593
594 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
595 conn->dst_type);
596 if (params && params->conn) {
597 hci_conn_drop(params->conn);
f8aaf9b6 598 hci_conn_put(params->conn);
f161dd41
JH		 599 params->conn = NULL;
600 }
9bb3c01f
AG		 601
602 conn->state = BT_CLOSED;
603
604 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
605 status);
606
607 hci_proto_connect_cfm(conn, status);
608
609 hci_conn_del(conn);
a4790dbd
AG		 610
611 /* Since we may have temporarily stopped the background scanning in
612 * favor of connection establishment, we should restart it.
613 */
614 hci_update_background_scan(hdev);
3c857757
JH		 615
616 /* Re-enable advertising in case this was a failed connection
617 * attempt as a peripheral.
618 */
619 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 620}
621
1d399ae5
AG		 622static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
623{
624 struct hci_conn *conn;
625
626 if (status == 0)
627 return;
628
629 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
630 status);
631
632 hci_dev_lock(hdev);
633
634 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
635 if (!conn)
636 goto done;
637
06c053fb 638 hci_le_conn_failed(conn, status);
1d399ae5
AG		 639
640done:
641 hci_dev_unlock(hdev);
642}
643
2acf3d90
AG		 644static void hci_req_add_le_create_conn(struct hci_request *req,
645 struct hci_conn *conn)
646{
647 struct hci_cp_le_create_conn cp;
648 struct hci_dev *hdev = conn->hdev;
649 u8 own_addr_type;
650
651 memset(&cp, 0, sizeof(cp));
652
653 /* Update random address, but set require_privacy to false so
654 * that we never connect with an unresolvable address.
655 */
656 if (hci_update_random_address(req, false, &own_addr_type))
657 return;
658
2acf3d90
AG		 659 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
660 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
661 bacpy(&cp.peer_addr, &conn->dst);
662 cp.peer_addr_type = conn->dst_type;
663 cp.own_address_type = own_addr_type;
664 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
665 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
037fc415
MH		 666 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
667 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
dcf4adbf
JP		 668 cp.min_ce_len = cpu_to_le16(0x0000);
669 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 670
671 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 672
673 conn->state = BT_CONNECT;
2acf3d90
AG		 674}
675
3c857757
JH		 676static void hci_req_directed_advertising(struct hci_request *req,
677 struct hci_conn *conn)
678{
679 struct hci_dev *hdev = req->hdev;
680 struct hci_cp_le_set_adv_param cp;
681 u8 own_addr_type;
682 u8 enable;
683
5ce194c4 684 /* Clear the HCI_LE_ADV bit temporarily so that the
3c857757
JH		 685 * hci_update_random_address knows that it's safe to go ahead
686 * and write a new random address. The flag will be set back on
687 * as soon as the SET_ADV_ENABLE HCI command completes.
688 */
5ce194c4 689 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 690
691 /* Set require_privacy to false so that the remote device has a
692 * chance of identifying us.
693 */
694 if (hci_update_random_address(req, false, &own_addr_type) < 0)
695 return;
696
697 memset(&cp, 0, sizeof(cp));
698 cp.type = LE_ADV_DIRECT_IND;
699 cp.own_address_type = own_addr_type;
700 cp.direct_addr_type = conn->dst_type;
701 bacpy(&cp.direct_addr, &conn->dst);
702 cp.channel_map = hdev->le_adv_channel_map;
703
704 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
705
706 enable = 0x01;
707 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
708
709 conn->state = BT_CONNECT;
710}
711
04a6c589 712struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
cdd6275e 713 u8 dst_type, u8 sec_level, u16 conn_timeout,
e804d25d 714 u8 role)
1da177e4 715{
4292f1f3 716 struct hci_conn_params *params;
f1e5d547 717 struct hci_conn *conn;
1ebfcc1f 718 struct smp_irk *irk;
2acf3d90 719 struct hci_request req;
1d399ae5 720 int err;
1da177e4 721
620ad521
AG		 722 /* Some devices send ATT messages as soon as the physical link is
723 * established. To be able to handle these ATT messages, the user-
724 * space first establishes the connection and then starts the pairing
725 * process.
726 *
727 * So if a hci_conn object already exists for the following connection
728 * attempt, we simply update pending_sec_level and auth_type fields
729 * and return the object found.
730 */
f1e5d547 731 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 732 if (conn) {
733 conn->pending_sec_level = sec_level;
620ad521
AG		 734 goto done;
735 }
dfc94dbd 736
620ad521
AG		 737 /* Since the controller supports only one LE connection attempt at a
738 * time, we return -EBUSY if there is any connection attempt running.
739 */
740 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
741 if (conn)
742 return ERR_PTR(-EBUSY);
46a190cb 743
edb4b466
MH		 744 /* When given an identity address with existing identity
745 * resolving key, the connection needs to be established
746 * to a resolvable random address.
747 *
748 * This uses the cached random resolvable address from
749 * a previous scan. When no cached address is available,
750 * try connecting to the identity address instead.
751 *
752 * Storing the resolvable random address is required here
753 * to handle connection failures. The address will later
754 * be resolved back into the original identity address
755 * from the connect request.
756 */
1ebfcc1f
JH		 757 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
758 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
759 dst = &irk->rpa;
760 dst_type = ADDR_LE_DEV_RANDOM;
761 }
762
a5c4e309 763 conn = hci_conn_add(hdev, LE_LINK, dst, role);
620ad521
AG		 764 if (!conn)
765 return ERR_PTR(-ENOMEM);
9f0caeb1 766
1ebfcc1f 767 conn->dst_type = dst_type;
620ad521 768 conn->sec_level = BT_SECURITY_LOW;
f1e5d547 769 conn->pending_sec_level = sec_level;
09ae260b 770 conn->conn_timeout = conn_timeout;
4292f1f3 771
3c857757
JH		 772 hci_req_init(&req, hdev);
773
376f54c1
JH		 774 /* Disable advertising if we're active. For master role
775 * connections most controllers will refuse to connect if
776 * advertising is enabled, and for slave role connections we
777 * anyway have to disable it in order to start directed
778 * advertising.
779 */
780 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
781 u8 enable = 0x00;
782 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
783 &enable);
784 }
785
cdd6275e 786 /* If requested to connect as slave use directed advertising */
e804d25d 787 if (conn->role == HCI_ROLE_SLAVE) {
e8bb6b97
JH		 788 /* If we're active scanning most controllers are unable
789 * to initiate advertising. Simply reject the attempt.
790 */
791 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
792 hdev->le_scan_type == LE_SCAN_ACTIVE) {
793 skb_queue_purge(&req.cmd_q);
794 hci_conn_del(conn);
795 return ERR_PTR(-EBUSY);
796 }
797
3c857757
JH		 798 hci_req_directed_advertising(&req, conn);
799 goto create_conn;
800 }
801
4292f1f3
AG		 802 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
803 if (params) {
804 conn->le_conn_min_interval = params->conn_min_interval;
805 conn->le_conn_max_interval = params->conn_max_interval;
037fc415
MH		 806 conn->le_conn_latency = params->conn_latency;
807 conn->le_supv_timeout = params->supervision_timeout;
4292f1f3
AG		 808 } else {
809 conn->le_conn_min_interval = hdev->le_conn_min_interval;
810 conn->le_conn_max_interval = hdev->le_conn_max_interval;
04fb7d90
MH		 811 conn->le_conn_latency = hdev->le_conn_latency;
812 conn->le_supv_timeout = hdev->le_supv_timeout;
4292f1f3 813 }
eda42b50 814
2acf3d90 815 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 816 * not able to scan and connect at the same time. Also set the
817 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
818 * handler for scan disabling knows to set the correct discovery
819 * state.
2acf3d90
AG		 820 */
821 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
822 hci_req_add_le_scan_disable(&req);
81ad6fd9 823 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG		 824 }
825
81ad6fd9
JH		 826 hci_req_add_le_create_conn(&req, conn);
827
3c857757 828create_conn:
81ad6fd9 829 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 830 if (err) {
831 hci_conn_del(conn);
620ad521 832 return ERR_PTR(err);
2acf3d90 833 }
fcd89c09 834
620ad521
AG		 835done:
836 hci_conn_hold(conn);
f1e5d547 837 return conn;
d04aef4c 838}
fcd89c09 839
04a6c589
AG		 840struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
841 u8 sec_level, u8 auth_type)
1da177e4
LT		 842{
843 struct hci_conn *acl;
fcd89c09 844
56f87901 845 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
beb19e4c 846 return ERR_PTR(-EOPNOTSUPP);
56f87901 847
70f23020
AE		 848 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
849 if (!acl) {
a5c4e309 850 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 851 if (!acl)
48c7aba9 852 return ERR_PTR(-ENOMEM);
1da177e4
LT		 853 }
854
855 hci_conn_hold(acl);
856
09ab6f4c 857 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 858 acl->sec_level = BT_SECURITY_LOW;
859 acl->pending_sec_level = sec_level;
09ab6f4c 860 acl->auth_type = auth_type;
1aef8669 861 hci_acl_create_connection(acl);
09ab6f4c 862 }
1da177e4 863
db474275
VCG		 864 return acl;
865}
866
10c62ddc
FD		 867struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
868 __u16 setting)
db474275
VCG		 869{
870 struct hci_conn *acl;
871 struct hci_conn *sco;
872
e660ed6c 873 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 874 if (IS_ERR(acl))
5b7f9909 875 return acl;
1da177e4 876
70f23020
AE		 877 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
878 if (!sco) {
a5c4e309 879 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 880 if (!sco) {
76a68ba0 881 hci_conn_drop(acl);
48c7aba9 882 return ERR_PTR(-ENOMEM);
1da177e4 883 }
5b7f9909 884 }
1da177e4 885
5b7f9909
MH		 886 acl->link = sco;
887 sco->link = acl;
1da177e4 888
5b7f9909 889 hci_conn_hold(sco);
1da177e4 890
10c62ddc
FD		 891 sco->setting = setting;
892
5b7f9909 893 if (acl->state == BT_CONNECTED &&
5974e4c4 894 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 895 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 896 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 897
51a8efd7 898 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 899 /* defer SCO setup until mode change completed */
51a8efd7 900 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 901 return sco;
902 }
903
904 hci_sco_setup(acl, 0x00);
b6a0dc82 905 }
5b7f9909
MH		 906
907 return sco;
1da177e4 908}
1da177e4 909
e7c29cb1
MH		 910/* Check link security requirement */
911int hci_conn_check_link_mode(struct hci_conn *conn)
912{
38b3fef1 913 BT_DBG("hcon %p", conn);
e7c29cb1 914
40b552aa
MH		 915 /* In Secure Connections Only mode, it is required that Secure
916 * Connections is used and the link is encrypted with AES-CCM
917 * using a P-256 authenticated combination key.
918 */
919 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
920 if (!hci_conn_sc_enabled(conn) ||
921 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
922 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
923 return 0;
924 }
925
4dae2798
JH		 926 if (hci_conn_ssp_enabled(conn) &&
927 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 928 return 0;
929
930 return 1;
931}
e7c29cb1 932
1da177e4 933/* Authenticate remote device */
0684e5f9 934static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 935{
38b3fef1 936 BT_DBG("hcon %p", conn);
1da177e4 937
765c2a96
JH		 938 if (conn->pending_sec_level > sec_level)
939 sec_level = conn->pending_sec_level;
940
96a31833 941 if (sec_level > conn->sec_level)
765c2a96 942 conn->pending_sec_level = sec_level;
4dae2798 943 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 944 return 1;
945
65cf686e
JH		 946 /* Make sure we preserve an existing MITM requirement*/
947 auth_type |= (conn->auth_type & 0x01);
948
96a31833
MH		 949 conn->auth_type = auth_type;
950
51a8efd7 951 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 952 struct hci_cp_auth_requested cp;
b7d05bad 953
aca3192c 954 cp.handle = cpu_to_le16(conn->handle);
40be492f 955 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 956 sizeof(cp), &cp);
09da1f34
JH		 957
958 /* If we're already encrypted set the REAUTH_PEND flag,
959 * otherwise set the ENCRYPT_PEND.
960 */
4dae2798 961 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 962 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 963 else
964 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 965 }
8c1b2355 966
1da177e4
LT		 967 return 0;
968}
1da177e4 969
13d39315
WR		 970/* Encrypt the the link */
971static void hci_conn_encrypt(struct hci_conn *conn)
972{
38b3fef1 973 BT_DBG("hcon %p", conn);
13d39315 974
51a8efd7 975 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 976 struct hci_cp_set_conn_encrypt cp;
977 cp.handle = cpu_to_le16(conn->handle);
978 cp.encrypt = 0x01;
979 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 980 &cp);
13d39315
WR		 981 }
982}
983
8c1b2355 984/* Enable security */
e7cafc45
JH		 985int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
986 bool initiator)
1da177e4 987{
38b3fef1 988 BT_DBG("hcon %p", conn);
1da177e4 989
d8343f12
VCG		 990 if (conn->type == LE_LINK)
991 return smp_conn_security(conn, sec_level);
992
13d39315 993 /* For sdp we don't need the link key. */
8c1b2355
MH		 994 if (sec_level == BT_SECURITY_SDP)
995 return 1;
996
13d39315
WR		 997 /* For non 2.1 devices and low security level we don't need the link
998 key. */
aa64a8b5 999 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 1000 return 1;
8c1b2355 1001
13d39315 1002 /* For other security levels we need the link key. */
4dae2798 1003 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 1004 goto auth;
1005
7b5a9241
MH		 1006 /* An authenticated FIPS approved combination key has sufficient
1007 * security for security level 4. */
1008 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1009 sec_level == BT_SECURITY_FIPS)
1010 goto encrypt;
1011
1012 /* An authenticated combination key has sufficient security for
1013 security level 3. */
1014 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1015 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1016 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 1017 goto encrypt;
1018
1019 /* An unauthenticated combination key has sufficient security for
1020 security level 1 and 2. */
66138ce8
MH		 1021 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1022 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 1023 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 1024 goto encrypt;
1025
1026 /* A combination key has always sufficient security for the security
1027 levels 1 or 2. High security level requires the combination key
1028 is generated using maximum PIN code length (16).
1029 For pre 2.1 units. */
1030 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 1031 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1032 conn->pin_length == 16))
13d39315
WR		 1033 goto encrypt;
1034
1035auth:
51a8efd7 1036 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 1037 return 0;
1038
977f8fce
JH		 1039 if (initiator)
1040 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1041
6fdf658c
LAD		 1042 if (!hci_conn_auth(conn, sec_level, auth_type))
1043 return 0;
13d39315
WR		 1044
1045encrypt:
4dae2798 1046 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 1047 return 1;
8c1b2355 1048
13d39315 1049 hci_conn_encrypt(conn);
1da177e4
LT		 1050 return 0;
1051}
8c1b2355 1052EXPORT_SYMBOL(hci_conn_security);
1da177e4 1053
b3b1b061
WR		 1054/* Check secure link requirement */
1055int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1056{
38b3fef1 1057 BT_DBG("hcon %p", conn);
b3b1b061 1058
9cb2e030
MH		 1059 /* Accept if non-secure or higher security level is required */
1060 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1061 return 1;
b3b1b061 1062
9cb2e030
MH		 1063 /* Accept if secure or higher security level is already present */
1064 if (conn->sec_level == BT_SECURITY_HIGH ||
1065 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 1066 return 1;
1067
9cb2e030
MH		 1068 /* Reject not secure link */
1069 return 0;
b3b1b061
WR		 1070}
1071EXPORT_SYMBOL(hci_conn_check_secure);
1072
1da177e4
LT		 1073/* Change link key */
1074int hci_conn_change_link_key(struct hci_conn *conn)
1075{
38b3fef1 1076 BT_DBG("hcon %p", conn);
1da177e4 1077
51a8efd7 1078 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1079 struct hci_cp_change_conn_link_key cp;
aca3192c 1080 cp.handle = cpu_to_le16(conn->handle);
40be492f 1081 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1082 sizeof(cp), &cp);
1da177e4 1083 }
8c1b2355 1084
1da177e4
LT		 1085 return 0;
1086}
1da177e4
LT		 1087
1088/* Switch role */
8c1b2355 1089int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1090{
38b3fef1 1091 BT_DBG("hcon %p", conn);
1da177e4 1092
40bef302 1093 if (role == conn->role)
1da177e4
LT		 1094 return 1;
1095
51a8efd7 1096 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1097 struct hci_cp_switch_role cp;
1098 bacpy(&cp.bdaddr, &conn->dst);
1099 cp.role = role;
a9de9248 1100 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1101 }
8c1b2355 1102
1da177e4
LT		 1103 return 0;
1104}
1105EXPORT_SYMBOL(hci_conn_switch_role);
1106
04837f64 1107/* Enter active mode */
14b12d0b 1108void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1109{
1110 struct hci_dev *hdev = conn->hdev;
1111
38b3fef1 1112 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 1113
14b12d0b
JG		 1114 if (conn->mode != HCI_CM_SNIFF)
1115 goto timer;
1116
58a681ef 1117 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1118 goto timer;
1119
51a8efd7 1120 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1121 struct hci_cp_exit_sniff_mode cp;
aca3192c 1122 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1123 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1124 }
1125
1126timer:
1127 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1128 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1129 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1130}
1131
1da177e4
LT		 1132/* Drop all connection on the device */
1133void hci_conn_hash_flush(struct hci_dev *hdev)
1134{
1135 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1136 struct hci_conn *c, *n;
1da177e4
LT		 1137
1138 BT_DBG("hdev %s", hdev->name);
1139
3c4e0df0 1140 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1141 c->state = BT_CLOSED;
1142
9f5a0d7b 1143 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1144 hci_conn_del(c);
1145 }
1146}
1147
a9de9248
MH		 1148/* Check pending connect attempts */
1149void hci_conn_check_pending(struct hci_dev *hdev)
1150{
1151 struct hci_conn *conn;
1152
1153 BT_DBG("hdev %s", hdev->name);
1154
1155 hci_dev_lock(hdev);
1156
1157 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1158 if (conn)
1aef8669 1159 hci_acl_create_connection(conn);
a9de9248
MH		 1160
1161 hci_dev_unlock(hdev);
1162}
1163
4dae2798
JH		 1164static u32 get_link_mode(struct hci_conn *conn)
1165{
1166 u32 link_mode = 0;
1167
40bef302 1168 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 1169 link_mode |= HCI_LM_MASTER;
1170
1171 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1172 link_mode |= HCI_LM_ENCRYPT;
1173
1174 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1175 link_mode |= HCI_LM_AUTH;
1176
1177 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1178 link_mode |= HCI_LM_SECURE;
1179
1180 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1181 link_mode |= HCI_LM_FIPS;
1182
1183 return link_mode;
1184}
1185
1da177e4
LT		 1186int hci_get_conn_list(void __user *arg)
1187{
fc5fef61 1188 struct hci_conn *c;
1da177e4
LT		 1189 struct hci_conn_list_req req, *cl;
1190 struct hci_conn_info *ci;
1191 struct hci_dev *hdev;
1da177e4
LT		 1192 int n = 0, size, err;
1193
1194 if (copy_from_user(&req, arg, sizeof(req)))
1195 return -EFAULT;
1196
1197 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1198 return -EINVAL;
1199
1200 size = sizeof(req) + req.conn_num * sizeof(*ci);
1201
70f23020
AE		 1202 cl = kmalloc(size, GFP_KERNEL);
1203 if (!cl)
1da177e4
LT		 1204 return -ENOMEM;
1205
70f23020
AE		 1206 hdev = hci_dev_get(req.dev_id);
1207 if (!hdev) {
1da177e4
LT		 1208 kfree(cl);
1209 return -ENODEV;
1210 }
1211
1212 ci = cl->conn_info;
1213
09fd0de5 1214 hci_dev_lock(hdev);
8035ded4 1215 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1216 bacpy(&(ci + n)->bdaddr, &c->dst);
1217 (ci + n)->handle = c->handle;
1218 (ci + n)->type = c->type;
1219 (ci + n)->out = c->out;
1220 (ci + n)->state = c->state;
4dae2798 1221 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 1222 if (++n >= req.conn_num)
1223 break;
1224 }
09fd0de5 1225 hci_dev_unlock(hdev);
1da177e4
LT		 1226
1227 cl->dev_id = hdev->id;
1228 cl->conn_num = n;
1229 size = sizeof(req) + n * sizeof(*ci);
1230
1231 hci_dev_put(hdev);
1232
1233 err = copy_to_user(arg, cl, size);
1234 kfree(cl);
1235
1236 return err ? -EFAULT : 0;
1237}
1238
1239int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1240{
1241 struct hci_conn_info_req req;
1242 struct hci_conn_info ci;
1243 struct hci_conn *conn;
1244 char __user *ptr = arg + sizeof(req);
1245
1246 if (copy_from_user(&req, arg, sizeof(req)))
1247 return -EFAULT;
1248
09fd0de5 1249 hci_dev_lock(hdev);
1da177e4
LT		 1250 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1251 if (conn) {
1252 bacpy(&ci.bdaddr, &conn->dst);
1253 ci.handle = conn->handle;
1254 ci.type = conn->type;
1255 ci.out = conn->out;
1256 ci.state = conn->state;
4dae2798 1257 ci.link_mode = get_link_mode(conn);
1da177e4 1258 }
09fd0de5 1259 hci_dev_unlock(hdev);
1da177e4
LT		 1260
1261 if (!conn)
1262 return -ENOENT;
1263
1264 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1265}
40be492f
MH		 1266
1267int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1268{
1269 struct hci_auth_info_req req;
1270 struct hci_conn *conn;
1271
1272 if (copy_from_user(&req, arg, sizeof(req)))
1273 return -EFAULT;
1274
09fd0de5 1275 hci_dev_lock(hdev);
40be492f
MH		 1276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1277 if (conn)
1278 req.type = conn->auth_type;
09fd0de5 1279 hci_dev_unlock(hdev);
40be492f
MH		 1280
1281 if (!conn)
1282 return -ENOENT;
1283
1284 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1285}
73d80deb
LAD		 1286
1287struct hci_chan *hci_chan_create(struct hci_conn *conn)
1288{
1289 struct hci_dev *hdev = conn->hdev;
1290 struct hci_chan *chan;
1291
38b3fef1 1292 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1293
27f70f3e 1294 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 1295 if (!chan)
1296 return NULL;
1297
6c388d32
JH		 1298 chan->conn = hci_conn_get(conn);
1299 hci_conn_hold(conn);
73d80deb 1300 skb_queue_head_init(&chan->data_q);
168df8e5 1301 chan->state = BT_CONNECTED;
73d80deb 1302
8192edef 1303 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1304
1305 return chan;
1306}
1307
9472007c 1308void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1309{
1310 struct hci_conn *conn = chan->conn;
1311 struct hci_dev *hdev = conn->hdev;
1312
38b3fef1 1313 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1314
8192edef
GP		 1315 list_del_rcu(&chan->list);
1316
1317 synchronize_rcu();
73d80deb 1318
b3ff670a
JH		 1319 /* Force the connection to be immediately dropped */
1320 conn->disc_timeout = 0;
1321
76a68ba0 1322 hci_conn_drop(conn);
6c388d32 1323 hci_conn_put(conn);
e9b02748 1324
73d80deb
LAD		 1325 skb_queue_purge(&chan->data_q);
1326 kfree(chan);
73d80deb
LAD		 1327}
1328
2c33c06a 1329void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1330{
2a5a5ec6 1331 struct hci_chan *chan, *n;
73d80deb 1332
38b3fef1 1333 BT_DBG("hcon %p", conn);
73d80deb 1334
2a5a5ec6 1335 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1336 hci_chan_del(chan);
1337}
42c4e53e
AE		 1338
1339static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1340 __u16 handle)
1341{
1342 struct hci_chan *hchan;
1343
1344 list_for_each_entry(hchan, &hcon->chan_list, list) {
1345 if (hchan->handle == handle)
1346 return hchan;
1347 }
1348
1349 return NULL;
1350}
1351
1352struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1353{
1354 struct hci_conn_hash *h = &hdev->conn_hash;
1355 struct hci_conn *hcon;
1356 struct hci_chan *hchan = NULL;
1357
1358 rcu_read_lock();
1359
1360 list_for_each_entry_rcu(hcon, &h->list, list) {
1361 hchan = __hci_chan_lookup_handle(hcon, handle);
1362 if (hchan)
1363 break;
1364 }
1365
1366 rcu_read_unlock();
1367
1368 return hchan;
1369}
ubuntu-bionic-kernel mirror