]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hci_conn.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ieee802154: 6lowpan: add RTNL assertion
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
4bc58f51 31#include <net/bluetooth/l2cap.h>
1da177e4 32
ac4b7236 33#include "smp.h"
7024728e
MH		 34#include "a2mp.h"
35
2dea632f
FD		 36struct sco_param {
37 u16 pkt_type;
38 u16 max_latency;
c7da5797 39 u8 retrans_effort;
2dea632f
FD		 40};
41
48e68ff5 42static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
44 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
45 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
46 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
47 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 48};
49
48e68ff5 50static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 51 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
52 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 53};
54
565766b0 55static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 56 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
57 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 58};
59
1aef8669 60static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 61{
62 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
63}
64
1aef8669 65static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 66{
67 struct hci_dev *hdev = conn->hdev;
68 struct inquiry_entry *ie;
69 struct hci_cp_create_conn cp;
70
42d2d87c 71 BT_DBG("hcon %p", conn);
1da177e4
LT		 72
73 conn->state = BT_CONNECT;
a0c808b3 74 conn->out = true;
40bef302 75 conn->role = HCI_ROLE_MASTER;
1da177e4 76
4c67bc74
MH		 77 conn->attempt++;
78
e4e8e37c
MH		 79 conn->link_policy = hdev->link_policy;
80
1da177e4
LT		 81 memset(&cp, 0, sizeof(cp));
82 bacpy(&cp.bdaddr, &conn->dst);
83 cp.pscan_rep_mode = 0x02;
84
70f23020
AE		 85 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
86 if (ie) {
41a96212
MH		 87 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
88 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
89 cp.pscan_mode = ie->data.pscan_mode;
90 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 91 cpu_to_le16(0x8000);
41a96212
MH		 92 }
93
1da177e4 94 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 95 if (ie->data.ssp_mode > 0)
96 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 97 }
98
a8746417 99 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 100 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 101 cp.role_switch = 0x01;
1da177e4 102 else
b6a0dc82 103 cp.role_switch = 0x00;
4c67bc74 104
a9de9248 105 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 106}
107
1aef8669 108static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 109{
110 struct hci_cp_create_conn_cancel cp;
111
38b3fef1 112 BT_DBG("hcon %p", conn);
6ac59344 113
d095c1eb 114 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 115 return;
116
117 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 118 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 119}
120
93796fa6
CT		 121static void hci_reject_sco(struct hci_conn *conn)
122{
123 struct hci_cp_reject_sync_conn_req cp;
124
d41c15cf 125 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
93796fa6
CT		 126 bacpy(&cp.bdaddr, &conn->dst);
127
128 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
129}
130
e3b679d5 131int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 132{
133 struct hci_cp_disconnect cp;
134
38b3fef1 135 BT_DBG("hcon %p", conn);
1da177e4 136
839035a7
JH		 137 /* When we are master of an established connection and it enters
138 * the disconnect timeout, then go ahead and try to read the
139 * current clock offset. Processing of the result is done
140 * within the event handling and hci_clock_offset_evt function.
141 */
142 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) {
143 struct hci_dev *hdev = conn->hdev;
144 struct hci_cp_read_clock_offset cp;
145
146 cp.handle = cpu_to_le16(conn->handle);
147 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(cp), &cp);
148 }
149
1da177e4
LT		 150 conn->state = BT_DISCONN;
151
aca3192c 152 cp.handle = cpu_to_le16(conn->handle);
1da177e4 153 cp.reason = reason;
e3b679d5 154 return hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 155}
156
a2b1976b 157static void hci_amp_disconn(struct hci_conn *conn)
53502d69
AE		 158{
159 struct hci_cp_disconn_phy_link cp;
160
161 BT_DBG("hcon %p", conn);
162
163 conn->state = BT_DISCONN;
164
165 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
a2b1976b 166 cp.reason = hci_proto_disconn_ind(conn);
53502d69
AE		 167 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
168 sizeof(cp), &cp);
169}
170
57f5d0d1 171static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 172{
173 struct hci_dev *hdev = conn->hdev;
174 struct hci_cp_add_sco cp;
175
38b3fef1 176 BT_DBG("hcon %p", conn);
1da177e4
LT		 177
178 conn->state = BT_CONNECT;
a0c808b3 179 conn->out = true;
1da177e4 180
efc7688b
MH		 181 conn->attempt++;
182
aca3192c 183 cp.handle = cpu_to_le16(handle);
a8746417 184 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 185
a9de9248 186 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 187}
188
2dea632f 189bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 190{
191 struct hci_dev *hdev = conn->hdev;
192 struct hci_cp_setup_sync_conn cp;
2dea632f 193 const struct sco_param *param;
b6a0dc82 194
38b3fef1 195 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 196
197 conn->state = BT_CONNECT;
a0c808b3 198 conn->out = true;
b6a0dc82 199
efc7688b
MH		 200 conn->attempt++;
201
b6a0dc82 202 cp.handle = cpu_to_le16(handle);
b6a0dc82 203
dcf4adbf
JP		 204 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
205 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 206 cp.voice_setting = cpu_to_le16(conn->setting);
207
208 switch (conn->setting & SCO_AIRMODE_MASK) {
209 case SCO_AIRMODE_TRANSP:
565766b0 210 if (conn->attempt > ARRAY_SIZE(esco_param_msbc))
2dea632f 211 return false;
565766b0 212 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 213 break;
214 case SCO_AIRMODE_CVSD:
48e68ff5
BT		 215 if (lmp_esco_capable(conn->link)) {
216 if (conn->attempt > ARRAY_SIZE(esco_param_cvsd))
217 return false;
48e68ff5
BT		 218 param = &esco_param_cvsd[conn->attempt - 1];
219 } else {
220 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
221 return false;
48e68ff5
BT		 222 param = &sco_param_cvsd[conn->attempt - 1];
223 }
10c62ddc 224 break;
2dea632f
FD		 225 default:
226 return false;
10c62ddc 227 }
b6a0dc82 228
c7da5797 229 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 230 cp.pkt_type = __cpu_to_le16(param->pkt_type);
231 cp.max_latency = __cpu_to_le16(param->max_latency);
232
233 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
234 return false;
235
236 return true;
b6a0dc82
MH		 237}
238
7d6ca693
JH		 239u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
240 u16 to_multiplier)
2ce603eb 241{
2ce603eb 242 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 243 struct hci_conn_params *params;
244 struct hci_cp_le_conn_update cp;
2ce603eb 245
f044eb05 246 hci_dev_lock(hdev);
2ce603eb 247
f044eb05
MH		 248 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
249 if (params) {
250 params->conn_min_interval = min;
251 params->conn_max_interval = max;
252 params->conn_latency = latency;
253 params->supervision_timeout = to_multiplier;
254 }
255
256 hci_dev_unlock(hdev);
257
258 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 259 cp.handle = cpu_to_le16(conn->handle);
260 cp.conn_interval_min = cpu_to_le16(min);
261 cp.conn_interval_max = cpu_to_le16(max);
262 cp.conn_latency = cpu_to_le16(latency);
263 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 264 cp.min_ce_len = cpu_to_le16(0x0000);
265 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 266
267 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 268
269 if (params)
270 return 0x01;
271
272 return 0x00;
2ce603eb 273}
2ce603eb 274
fe39c7b2 275void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 276 __u8 ltk[16])
a7a595f6
VCG		 277{
278 struct hci_dev *hdev = conn->hdev;
279 struct hci_cp_le_start_enc cp;
280
38b3fef1 281 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 282
283 memset(&cp, 0, sizeof(cp));
284
285 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 286 cp.rand = rand;
a7a595f6 287 cp.ediv = ediv;
fe39c7b2 288 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG		 289
290 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
291}
a7a595f6 292
e73439d8
MH		 293/* Device _must_ be locked */
294void hci_sco_setup(struct hci_conn *conn, __u8 status)
295{
296 struct hci_conn *sco = conn->link;
297
e73439d8
MH		 298 if (!sco)
299 return;
300
38b3fef1
AE		 301 BT_DBG("hcon %p", conn);
302
e73439d8
MH		 303 if (!status) {
304 if (lmp_esco_capable(conn->hdev))
305 hci_setup_sync(sco, conn->handle);
306 else
307 hci_add_sco(sco, conn->handle);
308 } else {
309 hci_proto_connect_cfm(sco, status);
310 hci_conn_del(sco);
311 }
312}
313
19c40e3b 314static void hci_conn_timeout(struct work_struct *work)
1da177e4 315{
19c40e3b 316 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 317 disc_work.work);
1d56dc4f 318 int refcnt = atomic_read(&conn->refcnt);
1da177e4 319
38b3fef1 320 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 321
1d56dc4f
LR		 322 WARN_ON(refcnt < 0);
323
324 /* FIXME: It was observed that in pairing failed scenario, refcnt
325 * drops below 0. Probably this is because l2cap_conn_del calls
326 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
327 * dropped. After that loop hci_chan_del is called which also drops
328 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
329 * otherwise drop it.
330 */
331 if (refcnt > 0)
1da177e4
LT		 332 return;
333
6ac59344
MH		 334 switch (conn->state) {
335 case BT_CONNECT:
769be974 336 case BT_CONNECT2:
fcd89c09
VT		 337 if (conn->out) {
338 if (conn->type == ACL_LINK)
1aef8669 339 hci_acl_create_connection_cancel(conn);
fcd89c09 340 else if (conn->type == LE_LINK)
1aef8669 341 hci_le_create_connection_cancel(conn);
93796fa6
CT		 342 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
343 hci_reject_sco(conn);
fcd89c09 344 }
6ac59344 345 break;
769be974 346 case BT_CONFIG:
8e87d142 347 case BT_CONNECTED:
40051e46
MH		 348 if (conn->type == AMP_LINK) {
349 hci_amp_disconn(conn);
350 } else {
351 __u8 reason = hci_proto_disconn_ind(conn);
352 hci_disconnect(conn, reason);
353 }
6ac59344
MH		 354 break;
355 default:
1da177e4 356 conn->state = BT_CLOSED;
6ac59344
MH		 357 break;
358 }
1da177e4
LT		 359}
360
416dc94b 361/* Enter sniff mode */
a74a84f6 362static void hci_conn_idle(struct work_struct *work)
416dc94b 363{
a74a84f6
JH		 364 struct hci_conn *conn = container_of(work, struct hci_conn,
365 idle_work.work);
416dc94b
GP		 366 struct hci_dev *hdev = conn->hdev;
367
38b3fef1 368 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 369
416dc94b
GP		 370 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
371 return;
372
373 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
374 return;
375
376 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
377 struct hci_cp_sniff_subrate cp;
378 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 379 cp.max_latency = cpu_to_le16(0);
380 cp.min_remote_timeout = cpu_to_le16(0);
381 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 382 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
383 }
384
51a8efd7 385 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 386 struct hci_cp_sniff_mode cp;
387 cp.handle = cpu_to_le16(conn->handle);
388 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
389 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 390 cp.attempt = cpu_to_le16(4);
391 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 392 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
393 }
394}
395
7bc18d9d 396static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 397{
7bc18d9d
JH		 398 struct hci_conn *conn = container_of(work, struct hci_conn,
399 auto_accept_work.work);
9f61656a 400
7bc18d9d 401 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 402 &conn->dst);
9f61656a
JH		 403}
404
9489eca4
JH		 405static void le_conn_timeout(struct work_struct *work)
406{
407 struct hci_conn *conn = container_of(work, struct hci_conn,
408 le_conn_timeout.work);
3c857757 409 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 410
411 BT_DBG("");
412
3c857757
JH		 413 /* We could end up here due to having done directed advertising,
414 * so clean up the state if necessary. This should however only
415 * happen with broken hardware or if low duty cycle was used
416 * (which doesn't have a timeout of its own).
417 */
418 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
419 u8 enable = 0x00;
420 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
421 &enable);
422 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
423 return;
424 }
425
9489eca4
JH		 426 hci_le_create_connection_cancel(conn);
427}
428
a5c4e309
JH		 429struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
430 u8 role)
1da177e4
LT		 431{
432 struct hci_conn *conn;
433
6ed93dc6 434 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 435
27f70f3e 436 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 437 if (!conn)
1da177e4 438 return NULL;
1da177e4
LT		 439
440 bacpy(&conn->dst, dst);
662e8820 441 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 442 conn->hdev = hdev;
443 conn->type = type;
a5c4e309 444 conn->role = role;
a8746417
MH		 445 conn->mode = HCI_CM_ACTIVE;
446 conn->state = BT_OPEN;
93f19c9f 447 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 448 conn->io_capability = hdev->io_capability;
a9583556 449 conn->remote_auth = 0xff;
13d39315 450 conn->key_type = 0xff;
5a134fae 451 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 452 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 453
58a681ef 454 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 455 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 456
a5c4e309
JH		 457 if (conn->role == HCI_ROLE_MASTER)
458 conn->out = true;
459
a8746417
MH		 460 switch (type) {
461 case ACL_LINK:
462 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
463 break;
9c84d1da
JH		 464 case LE_LINK:
465 /* conn->src should reflect the local identity address */
466 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
467 break;
a8746417
MH		 468 case SCO_LINK:
469 if (lmp_esco_capable(hdev))
efc7688b
MH		 470 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
471 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 472 else
473 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
474 break;
475 case ESCO_LINK:
efc7688b 476 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 477 break;
478 }
479
1da177e4 480 skb_queue_head_init(&conn->data_q);
04837f64 481
70c1f20b 482 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 483
19c40e3b 484 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 485 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 486 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 487 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 488
489 atomic_set(&conn->refcnt, 0);
490
491 hci_dev_hold(hdev);
492
1da177e4 493 hci_conn_hash_add(hdev, conn);
3c54711c 494 if (hdev->notify)
1da177e4
LT		 495 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
496
a67e899c
MH		 497 hci_conn_init_sysfs(conn);
498
1da177e4
LT		 499 return conn;
500}
501
502int hci_conn_del(struct hci_conn *conn)
503{
504 struct hci_dev *hdev = conn->hdev;
505
38b3fef1 506 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 507
19c40e3b 508 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 509 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 510 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 511
5b7f9909 512 if (conn->type == ACL_LINK) {
1da177e4
LT		 513 struct hci_conn *sco = conn->link;
514 if (sco)
515 sco->link = NULL;
516
517 /* Unacked frames */
518 hdev->acl_cnt += conn->sent;
6ed58ec5 519 } else if (conn->type == LE_LINK) {
9489eca4
JH		 520 cancel_delayed_work_sync(&conn->le_conn_timeout);
521
6ed58ec5
VT		 522 if (hdev->le_pkts)
523 hdev->le_cnt += conn->sent;
524 else
525 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 526 } else {
527 struct hci_conn *acl = conn->link;
528 if (acl) {
529 acl->link = NULL;
76a68ba0 530 hci_conn_drop(acl);
5b7f9909 531 }
1da177e4
LT		 532 }
533
2c33c06a 534 hci_chan_list_flush(conn);
73d80deb 535
9740e49d
AE		 536 if (conn->amp_mgr)
537 amp_mgr_put(conn->amp_mgr);
538
1da177e4 539 hci_conn_hash_del(hdev, conn);
3c54711c 540 if (hdev->notify)
1da177e4 541 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 542
1da177e4 543 skb_queue_purge(&conn->data_q);
1da177e4 544
fc225c3f 545 hci_conn_del_sysfs(conn);
2ae9a6be 546
384943ec
MH		 547 hci_dev_put(hdev);
548
8d12356f 549 hci_conn_put(conn);
163f4dab 550
1da177e4
LT		 551 return 0;
552}
553
554struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
555{
556 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 557 struct hci_dev *hdev = NULL, *d;
1da177e4 558
6ed93dc6 559 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 560
f20d09d5 561 read_lock(&hci_dev_list_lock);
1da177e4 562
8035ded4 563 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 564 if (!test_bit(HCI_UP, &d->flags) ||
af750e94 565 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 566 d->dev_type != HCI_BREDR)
1da177e4
LT		 567 continue;
568
8e87d142 569 /* Simple routing:
1da177e4
LT		 570 * No source address - find interface with bdaddr != dst
571 * Source address - find interface with bdaddr == src
572 */
573
574 if (use_src) {
575 if (!bacmp(&d->bdaddr, src)) {
576 hdev = d; break;
577 }
578 } else {
579 if (bacmp(&d->bdaddr, dst)) {
580 hdev = d; break;
581 }
582 }
583 }
584
585 if (hdev)
586 hdev = hci_dev_hold(hdev);
587
f20d09d5 588 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 589 return hdev;
590}
591EXPORT_SYMBOL(hci_get_route);
592
9bb3c01f 593/* This function requires the caller holds hdev->lock */
06c053fb 594void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 595{
596 struct hci_dev *hdev = conn->hdev;
f161dd41
JH		 597 struct hci_conn_params *params;
598
599 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
600 conn->dst_type);
601 if (params && params->conn) {
602 hci_conn_drop(params->conn);
f8aaf9b6 603 hci_conn_put(params->conn);
f161dd41
JH		 604 params->conn = NULL;
605 }
9bb3c01f
AG		 606
607 conn->state = BT_CLOSED;
608
609 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
610 status);
611
612 hci_proto_connect_cfm(conn, status);
613
614 hci_conn_del(conn);
a4790dbd
AG		 615
616 /* Since we may have temporarily stopped the background scanning in
617 * favor of connection establishment, we should restart it.
618 */
619 hci_update_background_scan(hdev);
3c857757
JH		 620
621 /* Re-enable advertising in case this was a failed connection
622 * attempt as a peripheral.
623 */
624 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 625}
626
1d399ae5
AG		 627static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
628{
629 struct hci_conn *conn;
630
631 if (status == 0)
632 return;
633
634 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
635 status);
636
637 hci_dev_lock(hdev);
638
639 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
640 if (!conn)
641 goto done;
642
06c053fb 643 hci_le_conn_failed(conn, status);
1d399ae5
AG		 644
645done:
646 hci_dev_unlock(hdev);
647}
648
2acf3d90
AG		 649static void hci_req_add_le_create_conn(struct hci_request *req,
650 struct hci_conn *conn)
651{
652 struct hci_cp_le_create_conn cp;
653 struct hci_dev *hdev = conn->hdev;
654 u8 own_addr_type;
655
656 memset(&cp, 0, sizeof(cp));
657
658 /* Update random address, but set require_privacy to false so
659 * that we never connect with an unresolvable address.
660 */
661 if (hci_update_random_address(req, false, &own_addr_type))
662 return;
663
2acf3d90
AG		 664 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
665 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
666 bacpy(&cp.peer_addr, &conn->dst);
667 cp.peer_addr_type = conn->dst_type;
668 cp.own_address_type = own_addr_type;
669 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
670 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
037fc415
MH		 671 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
672 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
dcf4adbf
JP		 673 cp.min_ce_len = cpu_to_le16(0x0000);
674 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 675
676 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 677
678 conn->state = BT_CONNECT;
2acf3d90
AG		 679}
680
3c857757
JH		 681static void hci_req_directed_advertising(struct hci_request *req,
682 struct hci_conn *conn)
683{
684 struct hci_dev *hdev = req->hdev;
685 struct hci_cp_le_set_adv_param cp;
686 u8 own_addr_type;
687 u8 enable;
688
5ce194c4 689 /* Clear the HCI_LE_ADV bit temporarily so that the
3c857757
JH		 690 * hci_update_random_address knows that it's safe to go ahead
691 * and write a new random address. The flag will be set back on
692 * as soon as the SET_ADV_ENABLE HCI command completes.
693 */
5ce194c4 694 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
3c857757
JH		 695
696 /* Set require_privacy to false so that the remote device has a
697 * chance of identifying us.
698 */
699 if (hci_update_random_address(req, false, &own_addr_type) < 0)
700 return;
701
702 memset(&cp, 0, sizeof(cp));
703 cp.type = LE_ADV_DIRECT_IND;
704 cp.own_address_type = own_addr_type;
705 cp.direct_addr_type = conn->dst_type;
706 bacpy(&cp.direct_addr, &conn->dst);
707 cp.channel_map = hdev->le_adv_channel_map;
708
709 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
710
711 enable = 0x01;
712 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
713
714 conn->state = BT_CONNECT;
715}
716
04a6c589 717struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
cdd6275e 718 u8 dst_type, u8 sec_level, u16 conn_timeout,
e804d25d 719 u8 role)
1da177e4 720{
4292f1f3 721 struct hci_conn_params *params;
f1e5d547 722 struct hci_conn *conn;
1ebfcc1f 723 struct smp_irk *irk;
2acf3d90 724 struct hci_request req;
1d399ae5 725 int err;
1da177e4 726
620ad521
AG		 727 /* Some devices send ATT messages as soon as the physical link is
728 * established. To be able to handle these ATT messages, the user-
729 * space first establishes the connection and then starts the pairing
730 * process.
731 *
732 * So if a hci_conn object already exists for the following connection
733 * attempt, we simply update pending_sec_level and auth_type fields
734 * and return the object found.
735 */
f1e5d547 736 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 737 if (conn) {
738 conn->pending_sec_level = sec_level;
620ad521
AG		 739 goto done;
740 }
dfc94dbd 741
620ad521
AG		 742 /* Since the controller supports only one LE connection attempt at a
743 * time, we return -EBUSY if there is any connection attempt running.
744 */
745 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
746 if (conn)
747 return ERR_PTR(-EBUSY);
46a190cb 748
edb4b466
MH		 749 /* When given an identity address with existing identity
750 * resolving key, the connection needs to be established
751 * to a resolvable random address.
752 *
753 * This uses the cached random resolvable address from
754 * a previous scan. When no cached address is available,
755 * try connecting to the identity address instead.
756 *
757 * Storing the resolvable random address is required here
758 * to handle connection failures. The address will later
759 * be resolved back into the original identity address
760 * from the connect request.
761 */
1ebfcc1f
JH		 762 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
763 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
764 dst = &irk->rpa;
765 dst_type = ADDR_LE_DEV_RANDOM;
766 }
767
a5c4e309 768 conn = hci_conn_add(hdev, LE_LINK, dst, role);
620ad521
AG		 769 if (!conn)
770 return ERR_PTR(-ENOMEM);
9f0caeb1 771
1ebfcc1f 772 conn->dst_type = dst_type;
620ad521 773 conn->sec_level = BT_SECURITY_LOW;
f1e5d547 774 conn->pending_sec_level = sec_level;
09ae260b 775 conn->conn_timeout = conn_timeout;
4292f1f3 776
3c857757
JH		 777 hci_req_init(&req, hdev);
778
376f54c1
JH		 779 /* Disable advertising if we're active. For master role
780 * connections most controllers will refuse to connect if
781 * advertising is enabled, and for slave role connections we
782 * anyway have to disable it in order to start directed
783 * advertising.
784 */
785 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
786 u8 enable = 0x00;
787 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
788 &enable);
789 }
790
cdd6275e 791 /* If requested to connect as slave use directed advertising */
e804d25d 792 if (conn->role == HCI_ROLE_SLAVE) {
e8bb6b97
JH		 793 /* If we're active scanning most controllers are unable
794 * to initiate advertising. Simply reject the attempt.
795 */
796 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
797 hdev->le_scan_type == LE_SCAN_ACTIVE) {
798 skb_queue_purge(&req.cmd_q);
799 hci_conn_del(conn);
800 return ERR_PTR(-EBUSY);
801 }
802
3c857757
JH		 803 hci_req_directed_advertising(&req, conn);
804 goto create_conn;
805 }
806
4292f1f3
AG		 807 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
808 if (params) {
809 conn->le_conn_min_interval = params->conn_min_interval;
810 conn->le_conn_max_interval = params->conn_max_interval;
037fc415
MH		 811 conn->le_conn_latency = params->conn_latency;
812 conn->le_supv_timeout = params->supervision_timeout;
4292f1f3
AG		 813 } else {
814 conn->le_conn_min_interval = hdev->le_conn_min_interval;
815 conn->le_conn_max_interval = hdev->le_conn_max_interval;
04fb7d90
MH		 816 conn->le_conn_latency = hdev->le_conn_latency;
817 conn->le_supv_timeout = hdev->le_supv_timeout;
4292f1f3 818 }
eda42b50 819
2acf3d90 820 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 821 * not able to scan and connect at the same time. Also set the
822 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
823 * handler for scan disabling knows to set the correct discovery
824 * state.
2acf3d90
AG		 825 */
826 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
827 hci_req_add_le_scan_disable(&req);
81ad6fd9 828 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG		 829 }
830
81ad6fd9
JH		 831 hci_req_add_le_create_conn(&req, conn);
832
3c857757 833create_conn:
81ad6fd9 834 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 835 if (err) {
836 hci_conn_del(conn);
620ad521 837 return ERR_PTR(err);
2acf3d90 838 }
fcd89c09 839
620ad521
AG		 840done:
841 hci_conn_hold(conn);
f1e5d547 842 return conn;
d04aef4c 843}
fcd89c09 844
04a6c589
AG		 845struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
846 u8 sec_level, u8 auth_type)
1da177e4
LT		 847{
848 struct hci_conn *acl;
fcd89c09 849
56f87901 850 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
beb19e4c 851 return ERR_PTR(-EOPNOTSUPP);
56f87901 852
70f23020
AE		 853 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
854 if (!acl) {
a5c4e309 855 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 856 if (!acl)
48c7aba9 857 return ERR_PTR(-ENOMEM);
1da177e4
LT		 858 }
859
860 hci_conn_hold(acl);
861
09ab6f4c 862 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 863 acl->sec_level = BT_SECURITY_LOW;
864 acl->pending_sec_level = sec_level;
09ab6f4c 865 acl->auth_type = auth_type;
1aef8669 866 hci_acl_create_connection(acl);
09ab6f4c 867 }
1da177e4 868
db474275
VCG		 869 return acl;
870}
871
10c62ddc
FD		 872struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
873 __u16 setting)
db474275
VCG		 874{
875 struct hci_conn *acl;
876 struct hci_conn *sco;
877
e660ed6c 878 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 879 if (IS_ERR(acl))
5b7f9909 880 return acl;
1da177e4 881
70f23020
AE		 882 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
883 if (!sco) {
a5c4e309 884 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 885 if (!sco) {
76a68ba0 886 hci_conn_drop(acl);
48c7aba9 887 return ERR_PTR(-ENOMEM);
1da177e4 888 }
5b7f9909 889 }
1da177e4 890
5b7f9909
MH		 891 acl->link = sco;
892 sco->link = acl;
1da177e4 893
5b7f9909 894 hci_conn_hold(sco);
1da177e4 895
10c62ddc
FD		 896 sco->setting = setting;
897
5b7f9909 898 if (acl->state == BT_CONNECTED &&
5974e4c4 899 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 900 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 901 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 902
51a8efd7 903 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 904 /* defer SCO setup until mode change completed */
51a8efd7 905 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 906 return sco;
907 }
908
909 hci_sco_setup(acl, 0x00);
b6a0dc82 910 }
5b7f9909
MH		 911
912 return sco;
1da177e4 913}
1da177e4 914
e7c29cb1
MH		 915/* Check link security requirement */
916int hci_conn_check_link_mode(struct hci_conn *conn)
917{
38b3fef1 918 BT_DBG("hcon %p", conn);
e7c29cb1 919
40b552aa
MH		 920 /* In Secure Connections Only mode, it is required that Secure
921 * Connections is used and the link is encrypted with AES-CCM
922 * using a P-256 authenticated combination key.
923 */
924 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
925 if (!hci_conn_sc_enabled(conn) ||
926 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
927 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
928 return 0;
929 }
930
4dae2798
JH		 931 if (hci_conn_ssp_enabled(conn) &&
932 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 933 return 0;
934
935 return 1;
936}
e7c29cb1 937
1da177e4 938/* Authenticate remote device */
0684e5f9 939static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 940{
38b3fef1 941 BT_DBG("hcon %p", conn);
1da177e4 942
765c2a96
JH		 943 if (conn->pending_sec_level > sec_level)
944 sec_level = conn->pending_sec_level;
945
96a31833 946 if (sec_level > conn->sec_level)
765c2a96 947 conn->pending_sec_level = sec_level;
4dae2798 948 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 949 return 1;
950
65cf686e
JH		 951 /* Make sure we preserve an existing MITM requirement*/
952 auth_type |= (conn->auth_type & 0x01);
953
96a31833
MH		 954 conn->auth_type = auth_type;
955
51a8efd7 956 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 957 struct hci_cp_auth_requested cp;
b7d05bad 958
aca3192c 959 cp.handle = cpu_to_le16(conn->handle);
40be492f 960 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 961 sizeof(cp), &cp);
09da1f34
JH		 962
963 /* If we're already encrypted set the REAUTH_PEND flag,
964 * otherwise set the ENCRYPT_PEND.
965 */
4dae2798 966 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 967 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 968 else
969 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 970 }
8c1b2355 971
1da177e4
LT		 972 return 0;
973}
1da177e4 974
13d39315
WR		 975/* Encrypt the the link */
976static void hci_conn_encrypt(struct hci_conn *conn)
977{
38b3fef1 978 BT_DBG("hcon %p", conn);
13d39315 979
51a8efd7 980 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 981 struct hci_cp_set_conn_encrypt cp;
982 cp.handle = cpu_to_le16(conn->handle);
983 cp.encrypt = 0x01;
984 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 985 &cp);
13d39315
WR		 986 }
987}
988
8c1b2355 989/* Enable security */
e7cafc45
JH		 990int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
991 bool initiator)
1da177e4 992{
38b3fef1 993 BT_DBG("hcon %p", conn);
1da177e4 994
d8343f12
VCG		 995 if (conn->type == LE_LINK)
996 return smp_conn_security(conn, sec_level);
997
13d39315 998 /* For sdp we don't need the link key. */
8c1b2355
MH		 999 if (sec_level == BT_SECURITY_SDP)
1000 return 1;
1001
13d39315
WR		 1002 /* For non 2.1 devices and low security level we don't need the link
1003 key. */
aa64a8b5 1004 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 1005 return 1;
8c1b2355 1006
13d39315 1007 /* For other security levels we need the link key. */
4dae2798 1008 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 1009 goto auth;
1010
7b5a9241
MH		 1011 /* An authenticated FIPS approved combination key has sufficient
1012 * security for security level 4. */
1013 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1014 sec_level == BT_SECURITY_FIPS)
1015 goto encrypt;
1016
1017 /* An authenticated combination key has sufficient security for
1018 security level 3. */
1019 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1020 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1021 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 1022 goto encrypt;
1023
1024 /* An unauthenticated combination key has sufficient security for
1025 security level 1 and 2. */
66138ce8
MH		 1026 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1027 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 1028 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 1029 goto encrypt;
1030
1031 /* A combination key has always sufficient security for the security
1032 levels 1 or 2. High security level requires the combination key
1033 is generated using maximum PIN code length (16).
1034 For pre 2.1 units. */
1035 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 1036 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1037 conn->pin_length == 16))
13d39315
WR		 1038 goto encrypt;
1039
1040auth:
51a8efd7 1041 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 1042 return 0;
1043
977f8fce
JH		 1044 if (initiator)
1045 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1046
6fdf658c
LAD		 1047 if (!hci_conn_auth(conn, sec_level, auth_type))
1048 return 0;
13d39315
WR		 1049
1050encrypt:
4dae2798 1051 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 1052 return 1;
8c1b2355 1053
13d39315 1054 hci_conn_encrypt(conn);
1da177e4
LT		 1055 return 0;
1056}
8c1b2355 1057EXPORT_SYMBOL(hci_conn_security);
1da177e4 1058
b3b1b061
WR		 1059/* Check secure link requirement */
1060int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1061{
38b3fef1 1062 BT_DBG("hcon %p", conn);
b3b1b061 1063
9cb2e030
MH		 1064 /* Accept if non-secure or higher security level is required */
1065 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1066 return 1;
b3b1b061 1067
9cb2e030
MH		 1068 /* Accept if secure or higher security level is already present */
1069 if (conn->sec_level == BT_SECURITY_HIGH ||
1070 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 1071 return 1;
1072
9cb2e030
MH		 1073 /* Reject not secure link */
1074 return 0;
b3b1b061
WR		 1075}
1076EXPORT_SYMBOL(hci_conn_check_secure);
1077
1da177e4
LT		 1078/* Change link key */
1079int hci_conn_change_link_key(struct hci_conn *conn)
1080{
38b3fef1 1081 BT_DBG("hcon %p", conn);
1da177e4 1082
51a8efd7 1083 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1084 struct hci_cp_change_conn_link_key cp;
aca3192c 1085 cp.handle = cpu_to_le16(conn->handle);
40be492f 1086 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1087 sizeof(cp), &cp);
1da177e4 1088 }
8c1b2355 1089
1da177e4
LT		 1090 return 0;
1091}
1da177e4
LT		 1092
1093/* Switch role */
8c1b2355 1094int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1095{
38b3fef1 1096 BT_DBG("hcon %p", conn);
1da177e4 1097
40bef302 1098 if (role == conn->role)
1da177e4
LT		 1099 return 1;
1100
51a8efd7 1101 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1102 struct hci_cp_switch_role cp;
1103 bacpy(&cp.bdaddr, &conn->dst);
1104 cp.role = role;
a9de9248 1105 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1106 }
8c1b2355 1107
1da177e4
LT		 1108 return 0;
1109}
1110EXPORT_SYMBOL(hci_conn_switch_role);
1111
04837f64 1112/* Enter active mode */
14b12d0b 1113void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1114{
1115 struct hci_dev *hdev = conn->hdev;
1116
38b3fef1 1117 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 1118
14b12d0b
JG		 1119 if (conn->mode != HCI_CM_SNIFF)
1120 goto timer;
1121
58a681ef 1122 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1123 goto timer;
1124
51a8efd7 1125 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1126 struct hci_cp_exit_sniff_mode cp;
aca3192c 1127 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1128 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1129 }
1130
1131timer:
1132 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1133 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1134 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1135}
1136
1da177e4
LT		 1137/* Drop all connection on the device */
1138void hci_conn_hash_flush(struct hci_dev *hdev)
1139{
1140 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1141 struct hci_conn *c, *n;
1da177e4
LT		 1142
1143 BT_DBG("hdev %s", hdev->name);
1144
3c4e0df0 1145 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1146 c->state = BT_CLOSED;
1147
9f5a0d7b 1148 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1149 hci_conn_del(c);
1150 }
1151}
1152
a9de9248
MH		 1153/* Check pending connect attempts */
1154void hci_conn_check_pending(struct hci_dev *hdev)
1155{
1156 struct hci_conn *conn;
1157
1158 BT_DBG("hdev %s", hdev->name);
1159
1160 hci_dev_lock(hdev);
1161
1162 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1163 if (conn)
1aef8669 1164 hci_acl_create_connection(conn);
a9de9248
MH		 1165
1166 hci_dev_unlock(hdev);
1167}
1168
4dae2798
JH		 1169static u32 get_link_mode(struct hci_conn *conn)
1170{
1171 u32 link_mode = 0;
1172
40bef302 1173 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 1174 link_mode |= HCI_LM_MASTER;
1175
1176 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1177 link_mode |= HCI_LM_ENCRYPT;
1178
1179 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1180 link_mode |= HCI_LM_AUTH;
1181
1182 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1183 link_mode |= HCI_LM_SECURE;
1184
1185 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1186 link_mode |= HCI_LM_FIPS;
1187
1188 return link_mode;
1189}
1190
1da177e4
LT		 1191int hci_get_conn_list(void __user *arg)
1192{
fc5fef61 1193 struct hci_conn *c;
1da177e4
LT		 1194 struct hci_conn_list_req req, *cl;
1195 struct hci_conn_info *ci;
1196 struct hci_dev *hdev;
1da177e4
LT		 1197 int n = 0, size, err;
1198
1199 if (copy_from_user(&req, arg, sizeof(req)))
1200 return -EFAULT;
1201
1202 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1203 return -EINVAL;
1204
1205 size = sizeof(req) + req.conn_num * sizeof(*ci);
1206
70f23020
AE		 1207 cl = kmalloc(size, GFP_KERNEL);
1208 if (!cl)
1da177e4
LT		 1209 return -ENOMEM;
1210
70f23020
AE		 1211 hdev = hci_dev_get(req.dev_id);
1212 if (!hdev) {
1da177e4
LT		 1213 kfree(cl);
1214 return -ENODEV;
1215 }
1216
1217 ci = cl->conn_info;
1218
09fd0de5 1219 hci_dev_lock(hdev);
8035ded4 1220 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1221 bacpy(&(ci + n)->bdaddr, &c->dst);
1222 (ci + n)->handle = c->handle;
1223 (ci + n)->type = c->type;
1224 (ci + n)->out = c->out;
1225 (ci + n)->state = c->state;
4dae2798 1226 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 1227 if (++n >= req.conn_num)
1228 break;
1229 }
09fd0de5 1230 hci_dev_unlock(hdev);
1da177e4
LT		 1231
1232 cl->dev_id = hdev->id;
1233 cl->conn_num = n;
1234 size = sizeof(req) + n * sizeof(*ci);
1235
1236 hci_dev_put(hdev);
1237
1238 err = copy_to_user(arg, cl, size);
1239 kfree(cl);
1240
1241 return err ? -EFAULT : 0;
1242}
1243
1244int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1245{
1246 struct hci_conn_info_req req;
1247 struct hci_conn_info ci;
1248 struct hci_conn *conn;
1249 char __user *ptr = arg + sizeof(req);
1250
1251 if (copy_from_user(&req, arg, sizeof(req)))
1252 return -EFAULT;
1253
09fd0de5 1254 hci_dev_lock(hdev);
1da177e4
LT		 1255 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1256 if (conn) {
1257 bacpy(&ci.bdaddr, &conn->dst);
1258 ci.handle = conn->handle;
1259 ci.type = conn->type;
1260 ci.out = conn->out;
1261 ci.state = conn->state;
4dae2798 1262 ci.link_mode = get_link_mode(conn);
1da177e4 1263 }
09fd0de5 1264 hci_dev_unlock(hdev);
1da177e4
LT		 1265
1266 if (!conn)
1267 return -ENOENT;
1268
1269 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1270}
40be492f
MH		 1271
1272int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1273{
1274 struct hci_auth_info_req req;
1275 struct hci_conn *conn;
1276
1277 if (copy_from_user(&req, arg, sizeof(req)))
1278 return -EFAULT;
1279
09fd0de5 1280 hci_dev_lock(hdev);
40be492f
MH		 1281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1282 if (conn)
1283 req.type = conn->auth_type;
09fd0de5 1284 hci_dev_unlock(hdev);
40be492f
MH		 1285
1286 if (!conn)
1287 return -ENOENT;
1288
1289 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1290}
73d80deb
LAD		 1291
1292struct hci_chan *hci_chan_create(struct hci_conn *conn)
1293{
1294 struct hci_dev *hdev = conn->hdev;
1295 struct hci_chan *chan;
1296
38b3fef1 1297 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1298
f94b665d
JH		 1299 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
1300 BT_DBG("Refusing to create new hci_chan");
1301 return NULL;
1302 }
1303
27f70f3e 1304 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 1305 if (!chan)
1306 return NULL;
1307
6c388d32 1308 chan->conn = hci_conn_get(conn);
73d80deb 1309 skb_queue_head_init(&chan->data_q);
168df8e5 1310 chan->state = BT_CONNECTED;
73d80deb 1311
8192edef 1312 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1313
1314 return chan;
1315}
1316
9472007c 1317void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1318{
1319 struct hci_conn *conn = chan->conn;
1320 struct hci_dev *hdev = conn->hdev;
1321
38b3fef1 1322 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1323
8192edef
GP		 1324 list_del_rcu(&chan->list);
1325
1326 synchronize_rcu();
73d80deb 1327
bcbb655a 1328 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 1329 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 1330
6c388d32 1331 hci_conn_put(conn);
e9b02748 1332
73d80deb
LAD		 1333 skb_queue_purge(&chan->data_q);
1334 kfree(chan);
73d80deb
LAD		 1335}
1336
2c33c06a 1337void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1338{
2a5a5ec6 1339 struct hci_chan *chan, *n;
73d80deb 1340
38b3fef1 1341 BT_DBG("hcon %p", conn);
73d80deb 1342
2a5a5ec6 1343 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1344 hci_chan_del(chan);
1345}
42c4e53e
AE		 1346
1347static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1348 __u16 handle)
1349{
1350 struct hci_chan *hchan;
1351
1352 list_for_each_entry(hchan, &hcon->chan_list, list) {
1353 if (hchan->handle == handle)
1354 return hchan;
1355 }
1356
1357 return NULL;
1358}
1359
1360struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1361{
1362 struct hci_conn_hash *h = &hdev->conn_hash;
1363 struct hci_conn *hcon;
1364 struct hci_chan *hchan = NULL;
1365
1366 rcu_read_lock();
1367
1368 list_for_each_entry_rcu(hcon, &h->list, list) {
1369 hchan = __hci_chan_lookup_handle(hcon, handle);
1370 if (hchan)
1371 break;
1372 }
1373
1374 rcu_read_unlock();
1375
1376 return hchan;
1377}
ubuntu-zesty-kernel mirror