]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/bluetooth/hci_conn.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Avoid polling TX power for LE links
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31
ac4b7236 32#include "smp.h"
7024728e
MH		 33#include "a2mp.h"
34
2dea632f
FD		 35struct sco_param {
36 u16 pkt_type;
37 u16 max_latency;
38};
39
40static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
46};
47
48static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
51};
52
1aef8669 53static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 54{
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
56}
57
1aef8669 58static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 59{
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
63
42d2d87c 64 BT_DBG("hcon %p", conn);
1da177e4
LT		 65
66 conn->state = BT_CONNECT;
a0c808b3 67 conn->out = true;
a8746417 68
1da177e4
LT		 69 conn->link_mode = HCI_LM_MASTER;
70
4c67bc74
MH		 71 conn->attempt++;
72
e4e8e37c
MH		 73 conn->link_policy = hdev->link_policy;
74
1da177e4
LT		 75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
70f23020
AE		 79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
41a96212
MH		 81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 85 cpu_to_le16(0x8000);
41a96212
MH		 86 }
87
1da177e4 88 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 91 }
92
a8746417 93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 95 cp.role_switch = 0x01;
1da177e4 96 else
b6a0dc82 97 cp.role_switch = 0x00;
4c67bc74 98
a9de9248 99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 100}
101
1aef8669 102static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 103{
104 struct hci_cp_create_conn_cancel cp;
105
38b3fef1 106 BT_DBG("hcon %p", conn);
6ac59344 107
d095c1eb 108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 113}
114
93796fa6
CT		 115static void hci_reject_sco(struct hci_conn *conn)
116{
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123}
124
bed71748 125void hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 126{
127 struct hci_cp_disconnect cp;
128
38b3fef1 129 BT_DBG("hcon %p", conn);
1da177e4
LT		 130
131 conn->state = BT_DISCONN;
132
aca3192c 133 cp.handle = cpu_to_le16(conn->handle);
1da177e4 134 cp.reason = reason;
a9de9248 135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 136}
137
53502d69
AE		 138static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
139{
140 struct hci_cp_disconn_phy_link cp;
141
142 BT_DBG("hcon %p", conn);
143
144 conn->state = BT_DISCONN;
145
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
147 cp.reason = reason;
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
149 sizeof(cp), &cp);
150}
151
57f5d0d1 152static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 153{
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
156
38b3fef1 157 BT_DBG("hcon %p", conn);
1da177e4
LT		 158
159 conn->state = BT_CONNECT;
a0c808b3 160 conn->out = true;
1da177e4 161
efc7688b
MH		 162 conn->attempt++;
163
aca3192c 164 cp.handle = cpu_to_le16(handle);
a8746417 165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 166
a9de9248 167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 168}
169
2dea632f 170bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 171{
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
2dea632f 174 const struct sco_param *param;
b6a0dc82 175
38b3fef1 176 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 177
178 conn->state = BT_CONNECT;
a0c808b3 179 conn->out = true;
b6a0dc82 180
efc7688b
MH		 181 conn->attempt++;
182
b6a0dc82 183 cp.handle = cpu_to_le16(handle);
b6a0dc82 184
dcf4adbf
JP		 185 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 187 cp.voice_setting = cpu_to_le16(conn->setting);
188
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
2dea632f
FD		 191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
192 return false;
10c62ddc 193 cp.retrans_effort = 0x02;
2dea632f 194 param = &sco_param_wideband[conn->attempt - 1];
10c62ddc
FD		 195 break;
196 case SCO_AIRMODE_CVSD:
2dea632f
FD		 197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
198 return false;
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
10c62ddc 201 break;
2dea632f
FD		 202 default:
203 return false;
10c62ddc 204 }
b6a0dc82 205
2dea632f
FD		 206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
208
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
210 return false;
211
212 return true;
b6a0dc82
MH		 213}
214
2ce603eb 215void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
5974e4c4 216 u16 latency, u16 to_multiplier)
2ce603eb
CT		 217{
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
220
221 memset(&cp, 0, sizeof(cp));
222
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 228 cp.min_ce_len = cpu_to_le16(0x0000);
229 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 230
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
232}
2ce603eb 233
fe39c7b2 234void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
5974e4c4 235 __u8 ltk[16])
a7a595f6
VCG		 236{
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
239
38b3fef1 240 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 241
242 memset(&cp, 0, sizeof(cp));
243
244 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 245 cp.rand = rand;
a7a595f6 246 cp.ediv = ediv;
fe39c7b2 247 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
a7a595f6
VCG		 248
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
250}
a7a595f6 251
e73439d8
MH		 252/* Device _must_ be locked */
253void hci_sco_setup(struct hci_conn *conn, __u8 status)
254{
255 struct hci_conn *sco = conn->link;
256
e73439d8
MH		 257 if (!sco)
258 return;
259
38b3fef1
AE		 260 BT_DBG("hcon %p", conn);
261
e73439d8
MH		 262 if (!status) {
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
265 else
266 hci_add_sco(sco, conn->handle);
267 } else {
268 hci_proto_connect_cfm(sco, status);
269 hci_conn_del(sco);
270 }
271}
272
53502d69
AE		 273static void hci_conn_disconnect(struct hci_conn *conn)
274{
275 __u8 reason = hci_proto_disconn_ind(conn);
276
277 switch (conn->type) {
53502d69
AE		 278 case AMP_LINK:
279 hci_amp_disconn(conn, reason);
280 break;
4c02e2d4 281 default:
bed71748 282 hci_disconnect(conn, reason);
4c02e2d4 283 break;
53502d69
AE		 284 }
285}
286
19c40e3b 287static void hci_conn_timeout(struct work_struct *work)
1da177e4 288{
19c40e3b 289 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 290 disc_work.work);
1da177e4 291
38b3fef1 292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4
LT		 293
294 if (atomic_read(&conn->refcnt))
295 return;
296
6ac59344
MH		 297 switch (conn->state) {
298 case BT_CONNECT:
769be974 299 case BT_CONNECT2:
fcd89c09
VT		 300 if (conn->out) {
301 if (conn->type == ACL_LINK)
1aef8669 302 hci_acl_create_connection_cancel(conn);
fcd89c09 303 else if (conn->type == LE_LINK)
1aef8669 304 hci_le_create_connection_cancel(conn);
93796fa6
CT		 305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
fcd89c09 307 }
6ac59344 308 break;
769be974 309 case BT_CONFIG:
8e87d142 310 case BT_CONNECTED:
53502d69 311 hci_conn_disconnect(conn);
6ac59344
MH		 312 break;
313 default:
1da177e4 314 conn->state = BT_CLOSED;
6ac59344
MH		 315 break;
316 }
1da177e4
LT		 317}
318
416dc94b 319/* Enter sniff mode */
a74a84f6 320static void hci_conn_idle(struct work_struct *work)
416dc94b 321{
a74a84f6
JH		 322 struct hci_conn *conn = container_of(work, struct hci_conn,
323 idle_work.work);
416dc94b
GP		 324 struct hci_dev *hdev = conn->hdev;
325
38b3fef1 326 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b
GP		 327
328 if (test_bit(HCI_RAW, &hdev->flags))
329 return;
330
331 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
332 return;
333
334 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
335 return;
336
337 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
338 struct hci_cp_sniff_subrate cp;
339 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 340 cp.max_latency = cpu_to_le16(0);
341 cp.min_remote_timeout = cpu_to_le16(0);
342 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 343 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
344 }
345
51a8efd7 346 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 347 struct hci_cp_sniff_mode cp;
348 cp.handle = cpu_to_le16(conn->handle);
349 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
350 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 351 cp.attempt = cpu_to_le16(4);
352 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 353 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
354 }
355}
356
7bc18d9d 357static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 358{
7bc18d9d
JH		 359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 auto_accept_work.work);
9f61656a 361
7bc18d9d 362 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 363 &conn->dst);
9f61656a
JH		 364}
365
9489eca4
JH		 366static void le_conn_timeout(struct work_struct *work)
367{
368 struct hci_conn *conn = container_of(work, struct hci_conn,
369 le_conn_timeout.work);
3c857757 370 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 371
372 BT_DBG("");
373
3c857757
JH		 374 /* We could end up here due to having done directed advertising,
375 * so clean up the state if necessary. This should however only
376 * happen with broken hardware or if low duty cycle was used
377 * (which doesn't have a timeout of its own).
378 */
379 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
380 u8 enable = 0x00;
381 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
382 &enable);
383 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
384 return;
385 }
386
9489eca4
JH		 387 hci_le_create_connection_cancel(conn);
388}
389
1da177e4
LT		 390struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
391{
392 struct hci_conn *conn;
393
6ed93dc6 394 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 395
cb601d7e 396 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
04837f64 397 if (!conn)
1da177e4 398 return NULL;
1da177e4
LT		 399
400 bacpy(&conn->dst, dst);
662e8820 401 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 402 conn->hdev = hdev;
403 conn->type = type;
404 conn->mode = HCI_CM_ACTIVE;
405 conn->state = BT_OPEN;
93f19c9f 406 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 407 conn->io_capability = hdev->io_capability;
a9583556 408 conn->remote_auth = 0xff;
13d39315 409 conn->key_type = 0xff;
5a134fae 410 conn->tx_power = HCI_TX_POWER_INVALID;
1da177e4 411
58a681ef 412 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 413 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 414
a8746417
MH		 415 switch (type) {
416 case ACL_LINK:
417 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
418 break;
9c84d1da
JH		 419 case LE_LINK:
420 /* conn->src should reflect the local identity address */
421 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
422 break;
a8746417
MH		 423 case SCO_LINK:
424 if (lmp_esco_capable(hdev))
efc7688b
MH		 425 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
426 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 427 else
428 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
429 break;
430 case ESCO_LINK:
efc7688b 431 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 432 break;
433 }
434
1da177e4 435 skb_queue_head_init(&conn->data_q);
04837f64 436
70c1f20b 437 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 438
19c40e3b 439 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 440 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 441 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 442 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 443
444 atomic_set(&conn->refcnt, 0);
445
446 hci_dev_hold(hdev);
447
1da177e4 448 hci_conn_hash_add(hdev, conn);
3c54711c 449 if (hdev->notify)
1da177e4
LT		 450 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
451
a67e899c
MH		 452 hci_conn_init_sysfs(conn);
453
1da177e4
LT		 454 return conn;
455}
456
457int hci_conn_del(struct hci_conn *conn)
458{
459 struct hci_dev *hdev = conn->hdev;
460
38b3fef1 461 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 462
19c40e3b 463 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 464 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 465 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 466
5b7f9909 467 if (conn->type == ACL_LINK) {
1da177e4
LT		 468 struct hci_conn *sco = conn->link;
469 if (sco)
470 sco->link = NULL;
471
472 /* Unacked frames */
473 hdev->acl_cnt += conn->sent;
6ed58ec5 474 } else if (conn->type == LE_LINK) {
9489eca4
JH		 475 cancel_delayed_work_sync(&conn->le_conn_timeout);
476
6ed58ec5
VT		 477 if (hdev->le_pkts)
478 hdev->le_cnt += conn->sent;
479 else
480 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 481 } else {
482 struct hci_conn *acl = conn->link;
483 if (acl) {
484 acl->link = NULL;
76a68ba0 485 hci_conn_drop(acl);
5b7f9909 486 }
1da177e4
LT		 487 }
488
2c33c06a 489 hci_chan_list_flush(conn);
73d80deb 490
9740e49d
AE		 491 if (conn->amp_mgr)
492 amp_mgr_put(conn->amp_mgr);
493
1da177e4 494 hci_conn_hash_del(hdev, conn);
3c54711c 495 if (hdev->notify)
1da177e4 496 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 497
1da177e4 498 skb_queue_purge(&conn->data_q);
1da177e4 499
fc225c3f 500 hci_conn_del_sysfs(conn);
2ae9a6be 501
384943ec
MH		 502 hci_dev_put(hdev);
503
8d12356f 504 hci_conn_put(conn);
163f4dab 505
1da177e4
LT		 506 return 0;
507}
508
509struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
510{
511 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 512 struct hci_dev *hdev = NULL, *d;
1da177e4 513
6ed93dc6 514 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 515
f20d09d5 516 read_lock(&hci_dev_list_lock);
1da177e4 517
8035ded4 518 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 519 if (!test_bit(HCI_UP, &d->flags) ||
d300fa9b 520 test_bit(HCI_RAW, &d->flags) ||
af750e94 521 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
d300fa9b 522 d->dev_type != HCI_BREDR)
1da177e4
LT		 523 continue;
524
8e87d142 525 /* Simple routing:
1da177e4
LT		 526 * No source address - find interface with bdaddr != dst
527 * Source address - find interface with bdaddr == src
528 */
529
530 if (use_src) {
531 if (!bacmp(&d->bdaddr, src)) {
532 hdev = d; break;
533 }
534 } else {
535 if (bacmp(&d->bdaddr, dst)) {
536 hdev = d; break;
537 }
538 }
539 }
540
541 if (hdev)
542 hdev = hci_dev_hold(hdev);
543
f20d09d5 544 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 545 return hdev;
546}
547EXPORT_SYMBOL(hci_get_route);
548
9bb3c01f 549/* This function requires the caller holds hdev->lock */
06c053fb 550void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 551{
552 struct hci_dev *hdev = conn->hdev;
553
554 conn->state = BT_CLOSED;
555
556 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
557 status);
558
559 hci_proto_connect_cfm(conn, status);
560
561 hci_conn_del(conn);
a4790dbd
AG		 562
563 /* Since we may have temporarily stopped the background scanning in
564 * favor of connection establishment, we should restart it.
565 */
566 hci_update_background_scan(hdev);
3c857757
JH		 567
568 /* Re-enable advertising in case this was a failed connection
569 * attempt as a peripheral.
570 */
571 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 572}
573
1d399ae5
AG		 574static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
575{
576 struct hci_conn *conn;
577
578 if (status == 0)
579 return;
580
581 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
582 status);
583
584 hci_dev_lock(hdev);
585
586 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
587 if (!conn)
588 goto done;
589
06c053fb 590 hci_le_conn_failed(conn, status);
1d399ae5
AG		 591
592done:
593 hci_dev_unlock(hdev);
594}
595
2acf3d90
AG		 596static void hci_req_add_le_create_conn(struct hci_request *req,
597 struct hci_conn *conn)
598{
599 struct hci_cp_le_create_conn cp;
600 struct hci_dev *hdev = conn->hdev;
601 u8 own_addr_type;
602
603 memset(&cp, 0, sizeof(cp));
604
605 /* Update random address, but set require_privacy to false so
606 * that we never connect with an unresolvable address.
607 */
608 if (hci_update_random_address(req, false, &own_addr_type))
609 return;
610
611 /* Save the address type used for this connnection attempt so we able
612 * to retrieve this information if we need it.
613 */
614 conn->src_type = own_addr_type;
615
616 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
617 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
618 bacpy(&cp.peer_addr, &conn->dst);
619 cp.peer_addr_type = conn->dst_type;
620 cp.own_address_type = own_addr_type;
621 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
622 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
dcf4adbf
JP		 623 cp.supervision_timeout = cpu_to_le16(0x002a);
624 cp.min_ce_len = cpu_to_le16(0x0000);
625 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 626
627 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 628
629 conn->state = BT_CONNECT;
2acf3d90
AG		 630}
631
3c857757
JH		 632static void hci_req_directed_advertising(struct hci_request *req,
633 struct hci_conn *conn)
634{
635 struct hci_dev *hdev = req->hdev;
636 struct hci_cp_le_set_adv_param cp;
637 u8 own_addr_type;
638 u8 enable;
639
640 enable = 0x00;
641 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
642
643 /* Clear the HCI_ADVERTISING bit temporarily so that the
644 * hci_update_random_address knows that it's safe to go ahead
645 * and write a new random address. The flag will be set back on
646 * as soon as the SET_ADV_ENABLE HCI command completes.
647 */
648 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
649
650 /* Set require_privacy to false so that the remote device has a
651 * chance of identifying us.
652 */
653 if (hci_update_random_address(req, false, &own_addr_type) < 0)
654 return;
655
656 memset(&cp, 0, sizeof(cp));
657 cp.type = LE_ADV_DIRECT_IND;
658 cp.own_address_type = own_addr_type;
659 cp.direct_addr_type = conn->dst_type;
660 bacpy(&cp.direct_addr, &conn->dst);
661 cp.channel_map = hdev->le_adv_channel_map;
662
663 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
664
665 enable = 0x01;
666 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
667
668 conn->state = BT_CONNECT;
669}
670
04a6c589
AG		 671struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
672 u8 dst_type, u8 sec_level, u8 auth_type)
1da177e4 673{
4292f1f3 674 struct hci_conn_params *params;
f1e5d547 675 struct hci_conn *conn;
1ebfcc1f 676 struct smp_irk *irk;
2acf3d90 677 struct hci_request req;
1d399ae5 678 int err;
1da177e4 679
620ad521
AG		 680 /* Some devices send ATT messages as soon as the physical link is
681 * established. To be able to handle these ATT messages, the user-
682 * space first establishes the connection and then starts the pairing
683 * process.
684 *
685 * So if a hci_conn object already exists for the following connection
686 * attempt, we simply update pending_sec_level and auth_type fields
687 * and return the object found.
688 */
f1e5d547 689 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
620ad521
AG		 690 if (conn) {
691 conn->pending_sec_level = sec_level;
692 conn->auth_type = auth_type;
693 goto done;
694 }
dfc94dbd 695
620ad521
AG		 696 /* Since the controller supports only one LE connection attempt at a
697 * time, we return -EBUSY if there is any connection attempt running.
698 */
699 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
700 if (conn)
701 return ERR_PTR(-EBUSY);
46a190cb 702
edb4b466
MH		 703 /* When given an identity address with existing identity
704 * resolving key, the connection needs to be established
705 * to a resolvable random address.
706 *
707 * This uses the cached random resolvable address from
708 * a previous scan. When no cached address is available,
709 * try connecting to the identity address instead.
710 *
711 * Storing the resolvable random address is required here
712 * to handle connection failures. The address will later
713 * be resolved back into the original identity address
714 * from the connect request.
715 */
1ebfcc1f
JH		 716 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
717 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
718 dst = &irk->rpa;
719 dst_type = ADDR_LE_DEV_RANDOM;
720 }
721
620ad521
AG		 722 conn = hci_conn_add(hdev, LE_LINK, dst);
723 if (!conn)
724 return ERR_PTR(-ENOMEM);
9f0caeb1 725
1ebfcc1f 726 conn->dst_type = dst_type;
620ad521 727 conn->sec_level = BT_SECURITY_LOW;
f1e5d547
AG		 728 conn->pending_sec_level = sec_level;
729 conn->auth_type = auth_type;
4292f1f3 730
3c857757
JH		 731 hci_req_init(&req, hdev);
732
733 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
734 hci_req_directed_advertising(&req, conn);
735 goto create_conn;
736 }
737
738 conn->out = true;
739 conn->link_mode |= HCI_LM_MASTER;
740
4292f1f3
AG		 741 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
742 if (params) {
743 conn->le_conn_min_interval = params->conn_min_interval;
744 conn->le_conn_max_interval = params->conn_max_interval;
745 } else {
746 conn->le_conn_min_interval = hdev->le_conn_min_interval;
747 conn->le_conn_max_interval = hdev->le_conn_max_interval;
748 }
eda42b50 749
2acf3d90 750 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 751 * not able to scan and connect at the same time. Also set the
752 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
753 * handler for scan disabling knows to set the correct discovery
754 * state.
2acf3d90
AG		 755 */
756 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
757 hci_req_add_le_scan_disable(&req);
81ad6fd9 758 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
2acf3d90
AG		 759 }
760
81ad6fd9
JH		 761 hci_req_add_le_create_conn(&req, conn);
762
3c857757 763create_conn:
81ad6fd9 764 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 765 if (err) {
766 hci_conn_del(conn);
620ad521 767 return ERR_PTR(err);
2acf3d90 768 }
fcd89c09 769
620ad521
AG		 770done:
771 hci_conn_hold(conn);
f1e5d547 772 return conn;
d04aef4c 773}
fcd89c09 774
04a6c589
AG		 775struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
776 u8 sec_level, u8 auth_type)
1da177e4
LT		 777{
778 struct hci_conn *acl;
fcd89c09 779
56f87901
JH		 780 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
781 return ERR_PTR(-ENOTSUPP);
782
70f23020
AE		 783 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
784 if (!acl) {
785 acl = hci_conn_add(hdev, ACL_LINK, dst);
786 if (!acl)
48c7aba9 787 return ERR_PTR(-ENOMEM);
1da177e4
LT		 788 }
789
790 hci_conn_hold(acl);
791
09ab6f4c 792 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 793 acl->sec_level = BT_SECURITY_LOW;
794 acl->pending_sec_level = sec_level;
09ab6f4c 795 acl->auth_type = auth_type;
1aef8669 796 hci_acl_create_connection(acl);
09ab6f4c 797 }
1da177e4 798
db474275
VCG		 799 return acl;
800}
801
10c62ddc
FD		 802struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
803 __u16 setting)
db474275
VCG		 804{
805 struct hci_conn *acl;
806 struct hci_conn *sco;
807
e660ed6c 808 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 809 if (IS_ERR(acl))
5b7f9909 810 return acl;
1da177e4 811
70f23020
AE		 812 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
813 if (!sco) {
814 sco = hci_conn_add(hdev, type, dst);
815 if (!sco) {
76a68ba0 816 hci_conn_drop(acl);
48c7aba9 817 return ERR_PTR(-ENOMEM);
1da177e4 818 }
5b7f9909 819 }
1da177e4 820
5b7f9909
MH		 821 acl->link = sco;
822 sco->link = acl;
1da177e4 823
5b7f9909 824 hci_conn_hold(sco);
1da177e4 825
10c62ddc
FD		 826 sco->setting = setting;
827
5b7f9909 828 if (acl->state == BT_CONNECTED &&
5974e4c4 829 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 830 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 831 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 832
51a8efd7 833 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 834 /* defer SCO setup until mode change completed */
51a8efd7 835 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 836 return sco;
837 }
838
839 hci_sco_setup(acl, 0x00);
b6a0dc82 840 }
5b7f9909
MH		 841
842 return sco;
1da177e4 843}
1da177e4 844
e7c29cb1
MH		 845/* Check link security requirement */
846int hci_conn_check_link_mode(struct hci_conn *conn)
847{
38b3fef1 848 BT_DBG("hcon %p", conn);
e7c29cb1 849
40b552aa
MH		 850 /* In Secure Connections Only mode, it is required that Secure
851 * Connections is used and the link is encrypted with AES-CCM
852 * using a P-256 authenticated combination key.
853 */
854 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
855 if (!hci_conn_sc_enabled(conn) ||
856 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
857 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
858 return 0;
859 }
860
aa64a8b5 861 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
e7c29cb1
MH		 862 return 0;
863
864 return 1;
865}
e7c29cb1 866
1da177e4 867/* Authenticate remote device */
0684e5f9 868static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 869{
38b3fef1 870 BT_DBG("hcon %p", conn);
1da177e4 871
765c2a96
JH		 872 if (conn->pending_sec_level > sec_level)
873 sec_level = conn->pending_sec_level;
874
96a31833 875 if (sec_level > conn->sec_level)
765c2a96 876 conn->pending_sec_level = sec_level;
96a31833 877 else if (conn->link_mode & HCI_LM_AUTH)
1da177e4
LT		 878 return 1;
879
65cf686e
JH		 880 /* Make sure we preserve an existing MITM requirement*/
881 auth_type |= (conn->auth_type & 0x01);
882
96a31833
MH		 883 conn->auth_type = auth_type;
884
51a8efd7 885 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 886 struct hci_cp_auth_requested cp;
b7d05bad
PH		 887
888 /* encrypt must be pending if auth is also pending */
889 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
890
aca3192c 891 cp.handle = cpu_to_le16(conn->handle);
40be492f 892 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 893 sizeof(cp), &cp);
19f8def0 894 if (conn->key_type != 0xff)
51a8efd7 895 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 896 }
8c1b2355 897
1da177e4
LT		 898 return 0;
899}
1da177e4 900
13d39315
WR		 901/* Encrypt the the link */
902static void hci_conn_encrypt(struct hci_conn *conn)
903{
38b3fef1 904 BT_DBG("hcon %p", conn);
13d39315 905
51a8efd7 906 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 907 struct hci_cp_set_conn_encrypt cp;
908 cp.handle = cpu_to_le16(conn->handle);
909 cp.encrypt = 0x01;
910 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 911 &cp);
13d39315
WR		 912 }
913}
914
8c1b2355 915/* Enable security */
0684e5f9 916int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 917{
38b3fef1 918 BT_DBG("hcon %p", conn);
1da177e4 919
d8343f12
VCG		 920 if (conn->type == LE_LINK)
921 return smp_conn_security(conn, sec_level);
922
13d39315 923 /* For sdp we don't need the link key. */
8c1b2355
MH		 924 if (sec_level == BT_SECURITY_SDP)
925 return 1;
926
13d39315
WR		 927 /* For non 2.1 devices and low security level we don't need the link
928 key. */
aa64a8b5 929 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 930 return 1;
8c1b2355 931
13d39315
WR		 932 /* For other security levels we need the link key. */
933 if (!(conn->link_mode & HCI_LM_AUTH))
934 goto auth;
935
7b5a9241
MH		 936 /* An authenticated FIPS approved combination key has sufficient
937 * security for security level 4. */
938 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
939 sec_level == BT_SECURITY_FIPS)
940 goto encrypt;
941
942 /* An authenticated combination key has sufficient security for
943 security level 3. */
944 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
945 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
946 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 947 goto encrypt;
948
949 /* An unauthenticated combination key has sufficient security for
950 security level 1 and 2. */
66138ce8
MH		 951 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
952 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 953 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 954 goto encrypt;
955
956 /* A combination key has always sufficient security for the security
957 levels 1 or 2. High security level requires the combination key
958 is generated using maximum PIN code length (16).
959 For pre 2.1 units. */
960 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 961 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
962 conn->pin_length == 16))
13d39315
WR		 963 goto encrypt;
964
965auth:
51a8efd7 966 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 967 return 0;
968
6fdf658c
LAD		 969 if (!hci_conn_auth(conn, sec_level, auth_type))
970 return 0;
13d39315
WR		 971
972encrypt:
973 if (conn->link_mode & HCI_LM_ENCRYPT)
974 return 1;
8c1b2355 975
13d39315 976 hci_conn_encrypt(conn);
1da177e4
LT		 977 return 0;
978}
8c1b2355 979EXPORT_SYMBOL(hci_conn_security);
1da177e4 980
b3b1b061
WR		 981/* Check secure link requirement */
982int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
983{
38b3fef1 984 BT_DBG("hcon %p", conn);
b3b1b061 985
9cb2e030
MH		 986 /* Accept if non-secure or higher security level is required */
987 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
988 return 1;
b3b1b061 989
9cb2e030
MH		 990 /* Accept if secure or higher security level is already present */
991 if (conn->sec_level == BT_SECURITY_HIGH ||
992 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 993 return 1;
994
9cb2e030
MH		 995 /* Reject not secure link */
996 return 0;
b3b1b061
WR		 997}
998EXPORT_SYMBOL(hci_conn_check_secure);
999
1da177e4
LT		 1000/* Change link key */
1001int hci_conn_change_link_key(struct hci_conn *conn)
1002{
38b3fef1 1003 BT_DBG("hcon %p", conn);
1da177e4 1004
51a8efd7 1005 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1006 struct hci_cp_change_conn_link_key cp;
aca3192c 1007 cp.handle = cpu_to_le16(conn->handle);
40be492f 1008 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
5974e4c4 1009 sizeof(cp), &cp);
1da177e4 1010 }
8c1b2355 1011
1da177e4
LT		 1012 return 0;
1013}
1da177e4
LT		 1014
1015/* Switch role */
8c1b2355 1016int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1017{
38b3fef1 1018 BT_DBG("hcon %p", conn);
1da177e4
LT		 1019
1020 if (!role && conn->link_mode & HCI_LM_MASTER)
1021 return 1;
1022
51a8efd7 1023 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1024 struct hci_cp_switch_role cp;
1025 bacpy(&cp.bdaddr, &conn->dst);
1026 cp.role = role;
a9de9248 1027 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1028 }
8c1b2355 1029
1da177e4
LT		 1030 return 0;
1031}
1032EXPORT_SYMBOL(hci_conn_switch_role);
1033
04837f64 1034/* Enter active mode */
14b12d0b 1035void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1036{
1037 struct hci_dev *hdev = conn->hdev;
1038
38b3fef1 1039 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64
MH		 1040
1041 if (test_bit(HCI_RAW, &hdev->flags))
1042 return;
1043
14b12d0b
JG		 1044 if (conn->mode != HCI_CM_SNIFF)
1045 goto timer;
1046
58a681ef 1047 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1048 goto timer;
1049
51a8efd7 1050 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1051 struct hci_cp_exit_sniff_mode cp;
aca3192c 1052 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1053 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1054 }
1055
1056timer:
1057 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1058 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1059 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1060}
1061
1da177e4
LT		 1062/* Drop all connection on the device */
1063void hci_conn_hash_flush(struct hci_dev *hdev)
1064{
1065 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1066 struct hci_conn *c, *n;
1da177e4
LT		 1067
1068 BT_DBG("hdev %s", hdev->name);
1069
3c4e0df0 1070 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1071 c->state = BT_CLOSED;
1072
9f5a0d7b 1073 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1074 hci_conn_del(c);
1075 }
1076}
1077
a9de9248
MH		 1078/* Check pending connect attempts */
1079void hci_conn_check_pending(struct hci_dev *hdev)
1080{
1081 struct hci_conn *conn;
1082
1083 BT_DBG("hdev %s", hdev->name);
1084
1085 hci_dev_lock(hdev);
1086
1087 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1088 if (conn)
1aef8669 1089 hci_acl_create_connection(conn);
a9de9248
MH		 1090
1091 hci_dev_unlock(hdev);
1092}
1093
1da177e4
LT		 1094int hci_get_conn_list(void __user *arg)
1095{
fc5fef61 1096 struct hci_conn *c;
1da177e4
LT		 1097 struct hci_conn_list_req req, *cl;
1098 struct hci_conn_info *ci;
1099 struct hci_dev *hdev;
1da177e4
LT		 1100 int n = 0, size, err;
1101
1102 if (copy_from_user(&req, arg, sizeof(req)))
1103 return -EFAULT;
1104
1105 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1106 return -EINVAL;
1107
1108 size = sizeof(req) + req.conn_num * sizeof(*ci);
1109
70f23020
AE		 1110 cl = kmalloc(size, GFP_KERNEL);
1111 if (!cl)
1da177e4
LT		 1112 return -ENOMEM;
1113
70f23020
AE		 1114 hdev = hci_dev_get(req.dev_id);
1115 if (!hdev) {
1da177e4
LT		 1116 kfree(cl);
1117 return -ENODEV;
1118 }
1119
1120 ci = cl->conn_info;
1121
09fd0de5 1122 hci_dev_lock(hdev);
8035ded4 1123 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1124 bacpy(&(ci + n)->bdaddr, &c->dst);
1125 (ci + n)->handle = c->handle;
1126 (ci + n)->type = c->type;
1127 (ci + n)->out = c->out;
1128 (ci + n)->state = c->state;
1129 (ci + n)->link_mode = c->link_mode;
1130 if (++n >= req.conn_num)
1131 break;
1132 }
09fd0de5 1133 hci_dev_unlock(hdev);
1da177e4
LT		 1134
1135 cl->dev_id = hdev->id;
1136 cl->conn_num = n;
1137 size = sizeof(req) + n * sizeof(*ci);
1138
1139 hci_dev_put(hdev);
1140
1141 err = copy_to_user(arg, cl, size);
1142 kfree(cl);
1143
1144 return err ? -EFAULT : 0;
1145}
1146
1147int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1148{
1149 struct hci_conn_info_req req;
1150 struct hci_conn_info ci;
1151 struct hci_conn *conn;
1152 char __user *ptr = arg + sizeof(req);
1153
1154 if (copy_from_user(&req, arg, sizeof(req)))
1155 return -EFAULT;
1156
09fd0de5 1157 hci_dev_lock(hdev);
1da177e4
LT		 1158 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1159 if (conn) {
1160 bacpy(&ci.bdaddr, &conn->dst);
1161 ci.handle = conn->handle;
1162 ci.type = conn->type;
1163 ci.out = conn->out;
1164 ci.state = conn->state;
1165 ci.link_mode = conn->link_mode;
1166 }
09fd0de5 1167 hci_dev_unlock(hdev);
1da177e4
LT		 1168
1169 if (!conn)
1170 return -ENOENT;
1171
1172 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1173}
40be492f
MH		 1174
1175int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1176{
1177 struct hci_auth_info_req req;
1178 struct hci_conn *conn;
1179
1180 if (copy_from_user(&req, arg, sizeof(req)))
1181 return -EFAULT;
1182
09fd0de5 1183 hci_dev_lock(hdev);
40be492f
MH		 1184 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1185 if (conn)
1186 req.type = conn->auth_type;
09fd0de5 1187 hci_dev_unlock(hdev);
40be492f
MH		 1188
1189 if (!conn)
1190 return -ENOENT;
1191
1192 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1193}
73d80deb
LAD		 1194
1195struct hci_chan *hci_chan_create(struct hci_conn *conn)
1196{
1197 struct hci_dev *hdev = conn->hdev;
1198 struct hci_chan *chan;
1199
38b3fef1 1200 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1201
75d7735c 1202 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
73d80deb
LAD		 1203 if (!chan)
1204 return NULL;
1205
1206 chan->conn = conn;
1207 skb_queue_head_init(&chan->data_q);
168df8e5 1208 chan->state = BT_CONNECTED;
73d80deb 1209
8192edef 1210 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1211
1212 return chan;
1213}
1214
9472007c 1215void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1216{
1217 struct hci_conn *conn = chan->conn;
1218 struct hci_dev *hdev = conn->hdev;
1219
38b3fef1 1220 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1221
8192edef
GP		 1222 list_del_rcu(&chan->list);
1223
1224 synchronize_rcu();
73d80deb 1225
76a68ba0 1226 hci_conn_drop(conn);
e9b02748 1227
73d80deb
LAD		 1228 skb_queue_purge(&chan->data_q);
1229 kfree(chan);
73d80deb
LAD		 1230}
1231
2c33c06a 1232void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1233{
2a5a5ec6 1234 struct hci_chan *chan, *n;
73d80deb 1235
38b3fef1 1236 BT_DBG("hcon %p", conn);
73d80deb 1237
2a5a5ec6 1238 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1239 hci_chan_del(chan);
1240}
42c4e53e
AE		 1241
1242static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1243 __u16 handle)
1244{
1245 struct hci_chan *hchan;
1246
1247 list_for_each_entry(hchan, &hcon->chan_list, list) {
1248 if (hchan->handle == handle)
1249 return hchan;
1250 }
1251
1252 return NULL;
1253}
1254
1255struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1256{
1257 struct hci_conn_hash *h = &hdev->conn_hash;
1258 struct hci_conn *hcon;
1259 struct hci_chan *hchan = NULL;
1260
1261 rcu_read_lock();
1262
1263 list_for_each_entry_rcu(hcon, &h->list, list) {
1264 hchan = __hci_chan_lookup_handle(hcon, handle);
1265 if (hchan)
1266 break;
1267 }
1268
1269 rcu_read_unlock();
1270
1271 return hchan;
1272}
ubuntu-bionic-kernel mirror