]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hci_conn.c
ieee802154: 6lowpan: add RTNL assertion
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
4bc58f51 31#include <net/bluetooth/l2cap.h>
1da177e4 32
ac4b7236 33#include "smp.h"
7024728e
MH
34#include "a2mp.h"
35
2dea632f
FD
36struct sco_param {
37 u16 pkt_type;
38 u16 max_latency;
c7da5797 39 u8 retrans_effort;
2dea632f
FD
40};
41
48e68ff5 42static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH
43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
44 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
45 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
46 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
47 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD
48};
49
48e68ff5 50static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH
51 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
52 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT
53};
54
565766b0 55static const struct sco_param esco_param_msbc[] = {
c7da5797
JH
56 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
57 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD
58};
59
1aef8669 60static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT
61{
62 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
63}
64
1aef8669 65static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT
66{
67 struct hci_dev *hdev = conn->hdev;
68 struct inquiry_entry *ie;
69 struct hci_cp_create_conn cp;
70
42d2d87c 71 BT_DBG("hcon %p", conn);
1da177e4
LT
72
73 conn->state = BT_CONNECT;
a0c808b3 74 conn->out = true;
40bef302 75 conn->role = HCI_ROLE_MASTER;
1da177e4 76
4c67bc74
MH
77 conn->attempt++;
78
e4e8e37c
MH
79 conn->link_policy = hdev->link_policy;
80
1da177e4
LT
81 memset(&cp, 0, sizeof(cp));
82 bacpy(&cp.bdaddr, &conn->dst);
83 cp.pscan_rep_mode = 0x02;
84
70f23020
AE
85 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
86 if (ie) {
41a96212
MH
87 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
88 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
89 cp.pscan_mode = ie->data.pscan_mode;
90 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 91 cpu_to_le16(0x8000);
41a96212
MH
92 }
93
1da177e4 94 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH
95 if (ie->data.ssp_mode > 0)
96 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT
97 }
98
a8746417 99 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 100 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 101 cp.role_switch = 0x01;
1da177e4 102 else
b6a0dc82 103 cp.role_switch = 0x00;
4c67bc74 104
a9de9248 105 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT
106}
107
1aef8669 108static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH
109{
110 struct hci_cp_create_conn_cancel cp;
111
38b3fef1 112 BT_DBG("hcon %p", conn);
6ac59344 113
d095c1eb 114 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH
115 return;
116
117 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 118 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH
119}
120
93796fa6
CT
121static void hci_reject_sco(struct hci_conn *conn)
122{
123 struct hci_cp_reject_sync_conn_req cp;
124
d41c15cf 125 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
93796fa6
CT
126 bacpy(&cp.bdaddr, &conn->dst);
127
128 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
129}
130
e3b679d5 131int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT
132{
133 struct hci_cp_disconnect cp;
134
38b3fef1 135 BT_DBG("hcon %p", conn);
1da177e4 136
839035a7
JH
137 /* When we are master of an established connection and it enters
138 * the disconnect timeout, then go ahead and try to read the
139 * current clock offset. Processing of the result is done
140 * within the event handling and hci_clock_offset_evt function.
141 */
142 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) {
143 struct hci_dev *hdev = conn->hdev;
144 struct hci_cp_read_clock_offset cp;
145
146 cp.handle = cpu_to_le16(conn->handle);
147 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(cp), &cp);
148 }
149
1da177e4
LT
150 conn->state = BT_DISCONN;
151
aca3192c 152 cp.handle = cpu_to_le16(conn->handle);
1da177e4 153 cp.reason = reason;
e3b679d5 154 return hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT
155}
156
a2b1976b 157static void hci_amp_disconn(struct hci_conn *conn)
53502d69
AE
158{
159 struct hci_cp_disconn_phy_link cp;
160
161 BT_DBG("hcon %p", conn);
162
163 conn->state = BT_DISCONN;
164
165 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
a2b1976b 166 cp.reason = hci_proto_disconn_ind(conn);
53502d69
AE
167 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
168 sizeof(cp), &cp);
169}
170
57f5d0d1 171static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT
172{
173 struct hci_dev *hdev = conn->hdev;
174 struct hci_cp_add_sco cp;
175
38b3fef1 176 BT_DBG("hcon %p", conn);
1da177e4
LT
177
178 conn->state = BT_CONNECT;
a0c808b3 179 conn->out = true;
1da177e4 180
efc7688b
MH
181 conn->attempt++;
182
aca3192c 183 cp.handle = cpu_to_le16(handle);
a8746417 184 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 185
a9de9248 186 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT
187}
188
2dea632f 189bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH
190{
191 struct hci_dev *hdev = conn->hdev;
192 struct hci_cp_setup_sync_conn cp;
2dea632f 193 const struct sco_param *param;
b6a0dc82 194
38b3fef1 195 BT_DBG("hcon %p", conn);
b6a0dc82
MH
196
197 conn->state = BT_CONNECT;
a0c808b3 198 conn->out = true;
b6a0dc82 199
efc7688b
MH
200 conn->attempt++;
201
b6a0dc82 202 cp.handle = cpu_to_le16(handle);
b6a0dc82 203
dcf4adbf
JP
204 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
205 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD
206 cp.voice_setting = cpu_to_le16(conn->setting);
207
208 switch (conn->setting & SCO_AIRMODE_MASK) {
209 case SCO_AIRMODE_TRANSP:
565766b0 210 if (conn->attempt > ARRAY_SIZE(esco_param_msbc))
2dea632f 211 return false;
565766b0 212 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD
213 break;
214 case SCO_AIRMODE_CVSD:
48e68ff5
BT
215 if (lmp_esco_capable(conn->link)) {
216 if (conn->attempt > ARRAY_SIZE(esco_param_cvsd))
217 return false;
48e68ff5
BT
218 param = &esco_param_cvsd[conn->attempt - 1];
219 } else {
220 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
221 return false;
48e68ff5
BT
222 param = &sco_param_cvsd[conn->attempt - 1];
223 }
10c62ddc 224 break;
2dea632f
FD
225 default:
226 return false;
10c62ddc 227 }
b6a0dc82 228
c7da5797 229 cp.retrans_effort = param->retrans_effort;
2dea632f
FD
230 cp.pkt_type = __cpu_to_le16(param->pkt_type);
231 cp.max_latency = __cpu_to_le16(param->max_latency);
232
233 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
234 return false;
235
236 return true;
b6a0dc82
MH
237}
238
7d6ca693
JH
239u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
240 u16 to_multiplier)
2ce603eb 241{
2ce603eb 242 struct hci_dev *hdev = conn->hdev;
f044eb05
MH
243 struct hci_conn_params *params;
244 struct hci_cp_le_conn_update cp;
2ce603eb 245
f044eb05 246 hci_dev_lock(hdev);
2ce603eb 247
f044eb05
MH
248 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
249 if (params) {
250 params->conn_min_interval = min;
251 params->conn_max_interval = max;
252 params->conn_latency = latency;
253 params->supervision_timeout = to_multiplier;
254 }
255
256 hci_dev_unlock(hdev);
257
258 memset(&cp, 0, sizeof(cp));
2ce603eb
CT
259 cp.handle = cpu_to_le16(conn->handle);
260 cp.conn_interval_min = cpu_to_le16(min);
261 cp.conn_interval_max = cpu_to_le16(max);
262 cp.conn_latency = cpu_to_le16(latency);
263 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP
264 cp.min_ce_len = cpu_to_le16(0x0000);
265 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT
266
267 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH
268
269 if (params)
270 return 0x01;
271
272 return 0x00;
2ce603eb 273}
2ce603eb 274
fe39c7b2 275void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 276 __u8 ltk[16])
a7a595f6
VCG
277{
278 struct hci_dev *hdev = conn->hdev;
279 struct hci_cp_le_start_enc cp;
280
38b3fef1 281 BT_DBG("hcon %p", conn);
a7a595f6
VCG
282
283 memset(&cp, 0, sizeof(cp));
284
285 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 286 cp.rand = rand;
a7a595f6 287 cp.ediv = ediv;
fe39c7b2 288 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG
289
290 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
291}
a7a595f6 292
e73439d8
MH
293/* Device _must_ be locked */
294void hci_sco_setup(struct hci_conn *conn, __u8 status)
295{
296 struct hci_conn *sco = conn->link;
297
e73439d8
MH
298 if (!sco)
299 return;
300
38b3fef1
AE
301 BT_DBG("hcon %p", conn);
302
e73439d8
MH
303 if (!status) {
304 if (lmp_esco_capable(conn->hdev))
305 hci_setup_sync(sco, conn->handle);
306 else
307 hci_add_sco(sco, conn->handle);
308 } else {
309 hci_proto_connect_cfm(sco, status);
310 hci_conn_del(sco);
311 }
312}
313
19c40e3b 314static void hci_conn_timeout(struct work_struct *work)
1da177e4 315{
19c40e3b 316 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 317 disc_work.work);
1d56dc4f 318 int refcnt = atomic_read(&conn->refcnt);
1da177e4 319
38b3fef1 320 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 321
1d56dc4f
LR
322 WARN_ON(refcnt < 0);
323
324 /* FIXME: It was observed that in pairing failed scenario, refcnt
325 * drops below 0. Probably this is because l2cap_conn_del calls
326 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
327 * dropped. After that loop hci_chan_del is called which also drops
328 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
329 * otherwise drop it.
330 */
331 if (refcnt > 0)
1da177e4
LT
332 return;
333
6ac59344
MH
334 switch (conn->state) {
335 case BT_CONNECT:
769be974 336 case BT_CONNECT2:
fcd89c09
VT
337 if (conn->out) {
338 if (conn->type == ACL_LINK)
1aef8669 339 hci_acl_create_connection_cancel(conn);
fcd89c09 340 else if (conn->type == LE_LINK)
1aef8669 341 hci_le_create_connection_cancel(conn);
93796fa6
CT
342 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
343 hci_reject_sco(conn);
fcd89c09 344 }
6ac59344 345 break;
769be974 346 case BT_CONFIG:
8e87d142 347 case BT_CONNECTED:
40051e46
MH
348 if (conn->type == AMP_LINK) {
349 hci_amp_disconn(conn);
350 } else {
351 __u8 reason = hci_proto_disconn_ind(conn);
352 hci_disconnect(conn, reason);
353 }
6ac59344
MH
354 break;
355 default:
1da177e4 356 conn->state = BT_CLOSED;
6ac59344
MH
357 break;
358 }
1da177e4
LT
359}
360
416dc94b 361/* Enter sniff mode */
a74a84f6 362static void hci_conn_idle(struct work_struct *work)
416dc94b 363{
a74a84f6
JH
364 struct hci_conn *conn = container_of(work, struct hci_conn,
365 idle_work.work);
416dc94b
GP
366 struct hci_dev *hdev = conn->hdev;
367
38b3fef1 368 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 369
416dc94b
GP
370 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
371 return;
372
373 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
374 return;
375
376 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
377 struct hci_cp_sniff_subrate cp;
378 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP
379 cp.max_latency = cpu_to_le16(0);
380 cp.min_remote_timeout = cpu_to_le16(0);
381 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP
382 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
383 }
384
51a8efd7 385 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP
386 struct hci_cp_sniff_mode cp;
387 cp.handle = cpu_to_le16(conn->handle);
388 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
389 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP
390 cp.attempt = cpu_to_le16(4);
391 cp.timeout = cpu_to_le16(1);
416dc94b
GP
392 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
393 }
394}
395
7bc18d9d 396static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 397{
7bc18d9d
JH
398 struct hci_conn *conn = container_of(work, struct hci_conn,
399 auto_accept_work.work);
9f61656a 400
7bc18d9d 401 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 402 &conn->dst);
9f61656a
JH
403}
404
9489eca4
JH
405static void le_conn_timeout(struct work_struct *work)
406{
407 struct hci_conn *conn = container_of(work, struct hci_conn,
408 le_conn_timeout.work);
3c857757 409 struct hci_dev *hdev = conn->hdev;
9489eca4
JH
410
411 BT_DBG("");
412
3c857757
JH
413 /* We could end up here due to having done directed advertising,
414 * so clean up the state if necessary. This should however only
415 * happen with broken hardware or if low duty cycle was used
416 * (which doesn't have a timeout of its own).
417 */
418 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
419 u8 enable = 0x00;
420 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
421 &enable);
422 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
423 return;
424 }
425
9489eca4
JH
426 hci_le_create_connection_cancel(conn);
427}
428
a5c4e309
JH
429struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
430 u8 role)
1da177e4
LT
431{
432 struct hci_conn *conn;
433
6ed93dc6 434 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 435
27f70f3e 436 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 437 if (!conn)
1da177e4 438 return NULL;
1da177e4
LT
439
440 bacpy(&conn->dst, dst);
662e8820 441 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH
442 conn->hdev = hdev;
443 conn->type = type;
a5c4e309 444 conn->role = role;
a8746417
MH
445 conn->mode = HCI_CM_ACTIVE;
446 conn->state = BT_OPEN;
93f19c9f 447 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 448 conn->io_capability = hdev->io_capability;
a9583556 449 conn->remote_auth = 0xff;
13d39315 450 conn->key_type = 0xff;
5a134fae 451 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 452 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 453
58a681ef 454 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 455 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 456
a5c4e309
JH
457 if (conn->role == HCI_ROLE_MASTER)
458 conn->out = true;
459
a8746417
MH
460 switch (type) {
461 case ACL_LINK:
462 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
463 break;
9c84d1da
JH
464 case LE_LINK:
465 /* conn->src should reflect the local identity address */
466 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
467 break;
a8746417
MH
468 case SCO_LINK:
469 if (lmp_esco_capable(hdev))
efc7688b
MH
470 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
471 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH
472 else
473 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
474 break;
475 case ESCO_LINK:
efc7688b 476 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH
477 break;
478 }
479
1da177e4 480 skb_queue_head_init(&conn->data_q);
04837f64 481
70c1f20b 482 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 483
19c40e3b 484 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 485 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 486 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 487 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT
488
489 atomic_set(&conn->refcnt, 0);
490
491 hci_dev_hold(hdev);
492
1da177e4 493 hci_conn_hash_add(hdev, conn);
3c54711c 494 if (hdev->notify)
1da177e4
LT
495 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
496
a67e899c
MH
497 hci_conn_init_sysfs(conn);
498
1da177e4
LT
499 return conn;
500}
501
502int hci_conn_del(struct hci_conn *conn)
503{
504 struct hci_dev *hdev = conn->hdev;
505
38b3fef1 506 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 507
19c40e3b 508 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 509 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 510 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 511
5b7f9909 512 if (conn->type == ACL_LINK) {
1da177e4
LT
513 struct hci_conn *sco = conn->link;
514 if (sco)
515 sco->link = NULL;
516
517 /* Unacked frames */
518 hdev->acl_cnt += conn->sent;
6ed58ec5 519 } else if (conn->type == LE_LINK) {
9489eca4
JH
520 cancel_delayed_work_sync(&conn->le_conn_timeout);
521
6ed58ec5
VT
522 if (hdev->le_pkts)
523 hdev->le_cnt += conn->sent;
524 else
525 hdev->acl_cnt += conn->sent;
5b7f9909
MH
526 } else {
527 struct hci_conn *acl = conn->link;
528 if (acl) {
529 acl->link = NULL;
76a68ba0 530 hci_conn_drop(acl);
5b7f9909 531 }
1da177e4
LT
532 }
533
2c33c06a 534 hci_chan_list_flush(conn);
73d80deb 535
9740e49d
AE
536 if (conn->amp_mgr)
537 amp_mgr_put(conn->amp_mgr);
538
1da177e4 539 hci_conn_hash_del(hdev, conn);
3c54711c 540 if (hdev->notify)
1da177e4 541 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 542
1da177e4 543 skb_queue_purge(&conn->data_q);
1da177e4 544
fc225c3f 545 hci_conn_del_sysfs(conn);
2ae9a6be 546
384943ec
MH
547 hci_dev_put(hdev);
548
8d12356f 549 hci_conn_put(conn);
163f4dab 550
1da177e4
LT
551 return 0;
552}
553
554struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
555{
556 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 557 struct hci_dev *hdev = NULL, *d;
1da177e4 558
6ed93dc6 559 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 560
f20d09d5 561 read_lock(&hci_dev_list_lock);
1da177e4 562
8035ded4 563 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 564 if (!test_bit(HCI_UP, &d->flags) ||
af750e94 565 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 566 d->dev_type != HCI_BREDR)
1da177e4
LT
567 continue;
568
8e87d142 569 /* Simple routing:
1da177e4
LT
570 * No source address - find interface with bdaddr != dst
571 * Source address - find interface with bdaddr == src
572 */
573
574 if (use_src) {
575 if (!bacmp(&d->bdaddr, src)) {
576 hdev = d; break;
577 }
578 } else {
579 if (bacmp(&d->bdaddr, dst)) {
580 hdev = d; break;
581 }
582 }
583 }
584
585 if (hdev)
586 hdev = hci_dev_hold(hdev);
587
f20d09d5 588 read_unlock(&hci_dev_list_lock);
1da177e4
LT
589 return hdev;
590}
591EXPORT_SYMBOL(hci_get_route);
592
9bb3c01f 593/* This function requires the caller holds hdev->lock */
06c053fb 594void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG
595{
596 struct hci_dev *hdev = conn->hdev;
f161dd41
JH
597 struct hci_conn_params *params;
598
599 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
600 conn->dst_type);
601 if (params && params->conn) {
602 hci_conn_drop(params->conn);
f8aaf9b6 603 hci_conn_put(params->conn);
f161dd41
JH
604 params->conn = NULL;
605 }
9bb3c01f
AG
606
607 conn->state = BT_CLOSED;
608
609 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
610 status);
611
612 hci_proto_connect_cfm(conn, status);
613
614 hci_conn_del(conn);
a4790dbd
AG
615
616 /* Since we may have temporarily stopped the background scanning in
617 * favor of connection establishment, we should restart it.
618 */
619 hci_update_background_scan(hdev);
3c857757
JH
620
621 /* Re-enable advertising in case this was a failed connection
622 * attempt as a peripheral.
623 */
624 mgmt_reenable_advertising(hdev);
9bb3c01f
AG
625}
626
1d399ae5
AG
627static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
628{
629 struct hci_conn *conn;
630
631 if (status == 0)
632 return;
633
634 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
635 status);
636
637 hci_dev_lock(hdev);
638
639 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
640 if (!conn)
641 goto done;
642
06c053fb 643 hci_le_conn_failed(conn, status);
1d399ae5
AG
644
645done:
646 hci_dev_unlock(hdev);
647}
648
2acf3d90
AG
649static void hci_req_add_le_create_conn(struct hci_request *req,
650 struct hci_conn *conn)
651{
652 struct hci_cp_le_create_conn cp;
653 struct hci_dev *hdev = conn->hdev;
654 u8 own_addr_type;
655
656 memset(&cp, 0, sizeof(cp));
657
658 /* Update random address, but set require_privacy to false so
659 * that we never connect with an unresolvable address.
660 */
661 if (hci_update_random_address(req, false, &own_addr_type))
662 return;
663
2acf3d90
AG
664 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
665 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
666 bacpy(&cp.peer_addr, &conn->dst);
667 cp.peer_addr_type = conn->dst_type;
668 cp.own_address_type = own_addr_type;
669 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
670 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
037fc415
MH
671 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
672 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
dcf4adbf
JP
673 cp.min_ce_len = cpu_to_le16(0x0000);
674 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG
675
676 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH
677
678 conn->state = BT_CONNECT;
2acf3d90
AG
679}
680
3c857757
JH
681static void hci_req_directed_advertising(struct hci_request *req,
682 struct hci_conn *conn)
683{
684 struct hci_dev *hdev = req->hdev;
685 struct hci_cp_le_set_adv_param cp;
686 u8 own_addr_type;
687 u8 enable;
688
5ce194c4 689 /* Clear the HCI_LE_ADV bit temporarily so that the
3c857757
JH
690 * hci_update_random_address knows that it's safe to go ahead
691 * and write a new random address. The flag will be set back on
692 * as soon as the SET_ADV_ENABLE HCI command completes.
693 */
5ce194c4 694 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH
695
696 /* Set require_privacy to false so that the remote device has a
697 * chance of identifying us.
698 */
699 if (hci_update_random_address(req, false, &own_addr_type) < 0)
700 return;
701
702 memset(&cp, 0, sizeof(cp));
703 cp.type = LE_ADV_DIRECT_IND;
704 cp.own_address_type = own_addr_type;
705 cp.direct_addr_type = conn->dst_type;
706 bacpy(&cp.direct_addr, &conn->dst);
707 cp.channel_map = hdev->le_adv_channel_map;
708
709 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
710
711 enable = 0x01;
712 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
713
714 conn->state = BT_CONNECT;
715}
716
04a6c589 717struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
cdd6275e 718 u8 dst_type, u8 sec_level, u16 conn_timeout,
e804d25d 719 u8 role)
1da177e4 720{
4292f1f3 721 struct hci_conn_params *params;
f1e5d547 722 struct hci_conn *conn;
1ebfcc1f 723 struct smp_irk *irk;
2acf3d90 724 struct hci_request req;
1d399ae5 725 int err;
1da177e4 726
620ad521
AG
727 /* Some devices send ATT messages as soon as the physical link is
728 * established. To be able to handle these ATT messages, the user-
729 * space first establishes the connection and then starts the pairing
730 * process.
731 *
732 * So if a hci_conn object already exists for the following connection
733 * attempt, we simply update pending_sec_level and auth_type fields
734 * and return the object found.
735 */
f1e5d547 736 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG
737 if (conn) {
738 conn->pending_sec_level = sec_level;
620ad521
AG
739 goto done;
740 }
dfc94dbd 741
620ad521
AG
742 /* Since the controller supports only one LE connection attempt at a
743 * time, we return -EBUSY if there is any connection attempt running.
744 */
745 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
746 if (conn)
747 return ERR_PTR(-EBUSY);
46a190cb 748
edb4b466
MH
749 /* When given an identity address with existing identity
750 * resolving key, the connection needs to be established
751 * to a resolvable random address.
752 *
753 * This uses the cached random resolvable address from
754 * a previous scan. When no cached address is available,
755 * try connecting to the identity address instead.
756 *
757 * Storing the resolvable random address is required here
758 * to handle connection failures. The address will later
759 * be resolved back into the original identity address
760 * from the connect request.
761 */
1ebfcc1f
JH
762 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
763 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
764 dst = &irk->rpa;
765 dst_type = ADDR_LE_DEV_RANDOM;
766 }
767
a5c4e309 768 conn = hci_conn_add(hdev, LE_LINK, dst, role);
620ad521
AG
769 if (!conn)
770 return ERR_PTR(-ENOMEM);
9f0caeb1 771
1ebfcc1f 772 conn->dst_type = dst_type;
620ad521 773 conn->sec_level = BT_SECURITY_LOW;
f1e5d547 774 conn->pending_sec_level = sec_level;
09ae260b 775 conn->conn_timeout = conn_timeout;
4292f1f3 776
3c857757
JH
777 hci_req_init(&req, hdev);
778
376f54c1
JH
779 /* Disable advertising if we're active. For master role
780 * connections most controllers will refuse to connect if
781 * advertising is enabled, and for slave role connections we
782 * anyway have to disable it in order to start directed
783 * advertising.
784 */
785 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
786 u8 enable = 0x00;
787 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
788 &enable);
789 }
790
cdd6275e 791 /* If requested to connect as slave use directed advertising */
e804d25d 792 if (conn->role == HCI_ROLE_SLAVE) {
e8bb6b97
JH
793 /* If we're active scanning most controllers are unable
794 * to initiate advertising. Simply reject the attempt.
795 */
796 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
797 hdev->le_scan_type == LE_SCAN_ACTIVE) {
798 skb_queue_purge(&req.cmd_q);
799 hci_conn_del(conn);
800 return ERR_PTR(-EBUSY);
801 }
802
3c857757
JH
803 hci_req_directed_advertising(&req, conn);
804 goto create_conn;
805 }
806
4292f1f3
AG
807 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
808 if (params) {
809 conn->le_conn_min_interval = params->conn_min_interval;
810 conn->le_conn_max_interval = params->conn_max_interval;
037fc415
MH
811 conn->le_conn_latency = params->conn_latency;
812 conn->le_supv_timeout = params->supervision_timeout;
4292f1f3
AG
813 } else {
814 conn->le_conn_min_interval = hdev->le_conn_min_interval;
815 conn->le_conn_max_interval = hdev->le_conn_max_interval;
04fb7d90
MH
816 conn->le_conn_latency = hdev->le_conn_latency;
817 conn->le_supv_timeout = hdev->le_supv_timeout;
4292f1f3 818 }
eda42b50 819
2acf3d90 820 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH
821 * not able to scan and connect at the same time. Also set the
822 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
823 * handler for scan disabling knows to set the correct discovery
824 * state.
2acf3d90
AG
825 */
826 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
827 hci_req_add_le_scan_disable(&req);
81ad6fd9 828 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG
829 }
830
81ad6fd9
JH
831 hci_req_add_le_create_conn(&req, conn);
832
3c857757 833create_conn:
81ad6fd9 834 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG
835 if (err) {
836 hci_conn_del(conn);
620ad521 837 return ERR_PTR(err);
2acf3d90 838 }
fcd89c09 839
620ad521
AG
840done:
841 hci_conn_hold(conn);
f1e5d547 842 return conn;
d04aef4c 843}
fcd89c09 844
04a6c589
AG
845struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
846 u8 sec_level, u8 auth_type)
1da177e4
LT
847{
848 struct hci_conn *acl;
fcd89c09 849
56f87901 850 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
beb19e4c 851 return ERR_PTR(-EOPNOTSUPP);
56f87901 852
70f23020
AE
853 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
854 if (!acl) {
a5c4e309 855 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 856 if (!acl)
48c7aba9 857 return ERR_PTR(-ENOMEM);
1da177e4
LT
858 }
859
860 hci_conn_hold(acl);
861
09ab6f4c 862 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH
863 acl->sec_level = BT_SECURITY_LOW;
864 acl->pending_sec_level = sec_level;
09ab6f4c 865 acl->auth_type = auth_type;
1aef8669 866 hci_acl_create_connection(acl);
09ab6f4c 867 }
1da177e4 868
db474275
VCG
869 return acl;
870}
871
10c62ddc
FD
872struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
873 __u16 setting)
db474275
VCG
874{
875 struct hci_conn *acl;
876 struct hci_conn *sco;
877
e660ed6c 878 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 879 if (IS_ERR(acl))
5b7f9909 880 return acl;
1da177e4 881
70f23020
AE
882 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
883 if (!sco) {
a5c4e309 884 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 885 if (!sco) {
76a68ba0 886 hci_conn_drop(acl);
48c7aba9 887 return ERR_PTR(-ENOMEM);
1da177e4 888 }
5b7f9909 889 }
1da177e4 890
5b7f9909
MH
891 acl->link = sco;
892 sco->link = acl;
1da177e4 893
5b7f9909 894 hci_conn_hold(sco);
1da177e4 895
10c62ddc
FD
896 sco->setting = setting;
897
5b7f9909 898 if (acl->state == BT_CONNECTED &&
5974e4c4 899 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 900 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 901 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 902
51a8efd7 903 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 904 /* defer SCO setup until mode change completed */
51a8efd7 905 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH
906 return sco;
907 }
908
909 hci_sco_setup(acl, 0x00);
b6a0dc82 910 }
5b7f9909
MH
911
912 return sco;
1da177e4 913}
1da177e4 914
e7c29cb1
MH
915/* Check link security requirement */
916int hci_conn_check_link_mode(struct hci_conn *conn)
917{
38b3fef1 918 BT_DBG("hcon %p", conn);
e7c29cb1 919
40b552aa
MH
920 /* In Secure Connections Only mode, it is required that Secure
921 * Connections is used and the link is encrypted with AES-CCM
922 * using a P-256 authenticated combination key.
923 */
924 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
925 if (!hci_conn_sc_enabled(conn) ||
926 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
927 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
928 return 0;
929 }
930
4dae2798
JH
931 if (hci_conn_ssp_enabled(conn) &&
932 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH
933 return 0;
934
935 return 1;
936}
e7c29cb1 937
1da177e4 938/* Authenticate remote device */
0684e5f9 939static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 940{
38b3fef1 941 BT_DBG("hcon %p", conn);
1da177e4 942
765c2a96
JH
943 if (conn->pending_sec_level > sec_level)
944 sec_level = conn->pending_sec_level;
945
96a31833 946 if (sec_level > conn->sec_level)
765c2a96 947 conn->pending_sec_level = sec_level;
4dae2798 948 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT
949 return 1;
950
65cf686e
JH
951 /* Make sure we preserve an existing MITM requirement*/
952 auth_type |= (conn->auth_type & 0x01);
953
96a31833
MH
954 conn->auth_type = auth_type;
955
51a8efd7 956 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 957 struct hci_cp_auth_requested cp;
b7d05bad 958
aca3192c 959 cp.handle = cpu_to_le16(conn->handle);
40be492f 960 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 961 sizeof(cp), &cp);
09da1f34
JH
962
963 /* If we're already encrypted set the REAUTH_PEND flag,
964 * otherwise set the ENCRYPT_PEND.
965 */
4dae2798 966 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 967 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH
968 else
969 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 970 }
8c1b2355 971
1da177e4
LT
972 return 0;
973}
1da177e4 974
13d39315
WR
975/* Encrypt the the link */
976static void hci_conn_encrypt(struct hci_conn *conn)
977{
38b3fef1 978 BT_DBG("hcon %p", conn);
13d39315 979
51a8efd7 980 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR
981 struct hci_cp_set_conn_encrypt cp;
982 cp.handle = cpu_to_le16(conn->handle);
983 cp.encrypt = 0x01;
984 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 985 &cp);
13d39315
WR
986 }
987}
988
8c1b2355 989/* Enable security */
e7cafc45
JH
990int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
991 bool initiator)
1da177e4 992{
38b3fef1 993 BT_DBG("hcon %p", conn);
1da177e4 994
d8343f12
VCG
995 if (conn->type == LE_LINK)
996 return smp_conn_security(conn, sec_level);
997
13d39315 998 /* For sdp we don't need the link key. */
8c1b2355
MH
999 if (sec_level == BT_SECURITY_SDP)
1000 return 1;
1001
13d39315
WR
1002 /* For non 2.1 devices and low security level we don't need the link
1003 key. */
aa64a8b5 1004 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 1005 return 1;
8c1b2355 1006
13d39315 1007 /* For other security levels we need the link key. */
4dae2798 1008 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR
1009 goto auth;
1010
7b5a9241
MH
1011 /* An authenticated FIPS approved combination key has sufficient
1012 * security for security level 4. */
1013 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1014 sec_level == BT_SECURITY_FIPS)
1015 goto encrypt;
1016
1017 /* An authenticated combination key has sufficient security for
1018 security level 3. */
1019 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1020 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1021 sec_level == BT_SECURITY_HIGH)
13d39315
WR
1022 goto encrypt;
1023
1024 /* An unauthenticated combination key has sufficient security for
1025 security level 1 and 2. */
66138ce8
MH
1026 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1027 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 1028 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR
1029 goto encrypt;
1030
1031 /* A combination key has always sufficient security for the security
1032 levels 1 or 2. High security level requires the combination key
1033 is generated using maximum PIN code length (16).
1034 For pre 2.1 units. */
1035 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH
1036 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1037 conn->pin_length == 16))
13d39315
WR
1038 goto encrypt;
1039
1040auth:
51a8efd7 1041 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT
1042 return 0;
1043
977f8fce
JH
1044 if (initiator)
1045 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1046
6fdf658c
LAD
1047 if (!hci_conn_auth(conn, sec_level, auth_type))
1048 return 0;
13d39315
WR
1049
1050encrypt:
4dae2798 1051 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 1052 return 1;
8c1b2355 1053
13d39315 1054 hci_conn_encrypt(conn);
1da177e4
LT
1055 return 0;
1056}
8c1b2355 1057EXPORT_SYMBOL(hci_conn_security);
1da177e4 1058
b3b1b061
WR
1059/* Check secure link requirement */
1060int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1061{
38b3fef1 1062 BT_DBG("hcon %p", conn);
b3b1b061 1063
9cb2e030
MH
1064 /* Accept if non-secure or higher security level is required */
1065 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1066 return 1;
b3b1b061 1067
9cb2e030
MH
1068 /* Accept if secure or higher security level is already present */
1069 if (conn->sec_level == BT_SECURITY_HIGH ||
1070 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR
1071 return 1;
1072
9cb2e030
MH
1073 /* Reject not secure link */
1074 return 0;
b3b1b061
WR
1075}
1076EXPORT_SYMBOL(hci_conn_check_secure);
1077
1da177e4
LT
1078/* Change link key */
1079int hci_conn_change_link_key(struct hci_conn *conn)
1080{
38b3fef1 1081 BT_DBG("hcon %p", conn);
1da177e4 1082
51a8efd7 1083 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1084 struct hci_cp_change_conn_link_key cp;
aca3192c 1085 cp.handle = cpu_to_le16(conn->handle);
40be492f 1086 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1087 sizeof(cp), &cp);
1da177e4 1088 }
8c1b2355 1089
1da177e4
LT
1090 return 0;
1091}
1da177e4
LT
1092
1093/* Switch role */
8c1b2355 1094int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1095{
38b3fef1 1096 BT_DBG("hcon %p", conn);
1da177e4 1097
40bef302 1098 if (role == conn->role)
1da177e4
LT
1099 return 1;
1100
51a8efd7 1101 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT
1102 struct hci_cp_switch_role cp;
1103 bacpy(&cp.bdaddr, &conn->dst);
1104 cp.role = role;
a9de9248 1105 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1106 }
8c1b2355 1107
1da177e4
LT
1108 return 0;
1109}
1110EXPORT_SYMBOL(hci_conn_switch_role);
1111
04837f64 1112/* Enter active mode */
14b12d0b 1113void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH
1114{
1115 struct hci_dev *hdev = conn->hdev;
1116
38b3fef1 1117 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 1118
14b12d0b
JG
1119 if (conn->mode != HCI_CM_SNIFF)
1120 goto timer;
1121
58a681ef 1122 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH
1123 goto timer;
1124
51a8efd7 1125 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1126 struct hci_cp_exit_sniff_mode cp;
aca3192c 1127 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1128 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH
1129 }
1130
1131timer:
1132 if (hdev->idle_timeout > 0)
a74a84f6
JH
1133 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1134 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH
1135}
1136
1da177e4
LT
1137/* Drop all connection on the device */
1138void hci_conn_hash_flush(struct hci_dev *hdev)
1139{
1140 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1141 struct hci_conn *c, *n;
1da177e4
LT
1142
1143 BT_DBG("hdev %s", hdev->name);
1144
3c4e0df0 1145 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT
1146 c->state = BT_CLOSED;
1147
9f5a0d7b 1148 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT
1149 hci_conn_del(c);
1150 }
1151}
1152
a9de9248
MH
1153/* Check pending connect attempts */
1154void hci_conn_check_pending(struct hci_dev *hdev)
1155{
1156 struct hci_conn *conn;
1157
1158 BT_DBG("hdev %s", hdev->name);
1159
1160 hci_dev_lock(hdev);
1161
1162 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1163 if (conn)
1aef8669 1164 hci_acl_create_connection(conn);
a9de9248
MH
1165
1166 hci_dev_unlock(hdev);
1167}
1168
4dae2798
JH
1169static u32 get_link_mode(struct hci_conn *conn)
1170{
1171 u32 link_mode = 0;
1172
40bef302 1173 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH
1174 link_mode |= HCI_LM_MASTER;
1175
1176 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1177 link_mode |= HCI_LM_ENCRYPT;
1178
1179 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1180 link_mode |= HCI_LM_AUTH;
1181
1182 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1183 link_mode |= HCI_LM_SECURE;
1184
1185 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1186 link_mode |= HCI_LM_FIPS;
1187
1188 return link_mode;
1189}
1190
1da177e4
LT
1191int hci_get_conn_list(void __user *arg)
1192{
fc5fef61 1193 struct hci_conn *c;
1da177e4
LT
1194 struct hci_conn_list_req req, *cl;
1195 struct hci_conn_info *ci;
1196 struct hci_dev *hdev;
1da177e4
LT
1197 int n = 0, size, err;
1198
1199 if (copy_from_user(&req, arg, sizeof(req)))
1200 return -EFAULT;
1201
1202 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1203 return -EINVAL;
1204
1205 size = sizeof(req) + req.conn_num * sizeof(*ci);
1206
70f23020
AE
1207 cl = kmalloc(size, GFP_KERNEL);
1208 if (!cl)
1da177e4
LT
1209 return -ENOMEM;
1210
70f23020
AE
1211 hdev = hci_dev_get(req.dev_id);
1212 if (!hdev) {
1da177e4
LT
1213 kfree(cl);
1214 return -ENODEV;
1215 }
1216
1217 ci = cl->conn_info;
1218
09fd0de5 1219 hci_dev_lock(hdev);
8035ded4 1220 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT
1221 bacpy(&(ci + n)->bdaddr, &c->dst);
1222 (ci + n)->handle = c->handle;
1223 (ci + n)->type = c->type;
1224 (ci + n)->out = c->out;
1225 (ci + n)->state = c->state;
4dae2798 1226 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT
1227 if (++n >= req.conn_num)
1228 break;
1229 }
09fd0de5 1230 hci_dev_unlock(hdev);
1da177e4
LT
1231
1232 cl->dev_id = hdev->id;
1233 cl->conn_num = n;
1234 size = sizeof(req) + n * sizeof(*ci);
1235
1236 hci_dev_put(hdev);
1237
1238 err = copy_to_user(arg, cl, size);
1239 kfree(cl);
1240
1241 return err ? -EFAULT : 0;
1242}
1243
1244int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1245{
1246 struct hci_conn_info_req req;
1247 struct hci_conn_info ci;
1248 struct hci_conn *conn;
1249 char __user *ptr = arg + sizeof(req);
1250
1251 if (copy_from_user(&req, arg, sizeof(req)))
1252 return -EFAULT;
1253
09fd0de5 1254 hci_dev_lock(hdev);
1da177e4
LT
1255 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1256 if (conn) {
1257 bacpy(&ci.bdaddr, &conn->dst);
1258 ci.handle = conn->handle;
1259 ci.type = conn->type;
1260 ci.out = conn->out;
1261 ci.state = conn->state;
4dae2798 1262 ci.link_mode = get_link_mode(conn);
1da177e4 1263 }
09fd0de5 1264 hci_dev_unlock(hdev);
1da177e4
LT
1265
1266 if (!conn)
1267 return -ENOENT;
1268
1269 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1270}
40be492f
MH
1271
1272int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1273{
1274 struct hci_auth_info_req req;
1275 struct hci_conn *conn;
1276
1277 if (copy_from_user(&req, arg, sizeof(req)))
1278 return -EFAULT;
1279
09fd0de5 1280 hci_dev_lock(hdev);
40be492f
MH
1281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1282 if (conn)
1283 req.type = conn->auth_type;
09fd0de5 1284 hci_dev_unlock(hdev);
40be492f
MH
1285
1286 if (!conn)
1287 return -ENOENT;
1288
1289 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1290}
73d80deb
LAD
1291
1292struct hci_chan *hci_chan_create(struct hci_conn *conn)
1293{
1294 struct hci_dev *hdev = conn->hdev;
1295 struct hci_chan *chan;
1296
38b3fef1 1297 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1298
f94b665d
JH
1299 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
1300 BT_DBG("Refusing to create new hci_chan");
1301 return NULL;
1302 }
1303
27f70f3e 1304 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD
1305 if (!chan)
1306 return NULL;
1307
6c388d32 1308 chan->conn = hci_conn_get(conn);
73d80deb 1309 skb_queue_head_init(&chan->data_q);
168df8e5 1310 chan->state = BT_CONNECTED;
73d80deb 1311
8192edef 1312 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD
1313
1314 return chan;
1315}
1316
9472007c 1317void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD
1318{
1319 struct hci_conn *conn = chan->conn;
1320 struct hci_dev *hdev = conn->hdev;
1321
38b3fef1 1322 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1323
8192edef
GP
1324 list_del_rcu(&chan->list);
1325
1326 synchronize_rcu();
73d80deb 1327
bcbb655a 1328 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 1329 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 1330
6c388d32 1331 hci_conn_put(conn);
e9b02748 1332
73d80deb
LAD
1333 skb_queue_purge(&chan->data_q);
1334 kfree(chan);
73d80deb
LAD
1335}
1336
2c33c06a 1337void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1338{
2a5a5ec6 1339 struct hci_chan *chan, *n;
73d80deb 1340
38b3fef1 1341 BT_DBG("hcon %p", conn);
73d80deb 1342
2a5a5ec6 1343 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD
1344 hci_chan_del(chan);
1345}
42c4e53e
AE
1346
1347static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1348 __u16 handle)
1349{
1350 struct hci_chan *hchan;
1351
1352 list_for_each_entry(hchan, &hcon->chan_list, list) {
1353 if (hchan->handle == handle)
1354 return hchan;
1355 }
1356
1357 return NULL;
1358}
1359
1360struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1361{
1362 struct hci_conn_hash *h = &hdev->conn_hash;
1363 struct hci_conn *hcon;
1364 struct hci_chan *hchan = NULL;
1365
1366 rcu_read_lock();
1367
1368 list_for_each_entry_rcu(hcon, &h->list, list) {
1369 hchan = __hci_chan_lookup_handle(hcon, handle);
1370 if (hchan)
1371 break;
1372 }
1373
1374 rcu_read_unlock();
1375
1376 return hchan;
1377}