projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipvs: Pass ipvs not net into ip_vs_app_net_init and ip_vs_app_net_cleanup
[deliverable/linux.git] / net / bluetooth / hci_conn.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
8c520a59 27#include <linux/export.h>
23b9ceb7 28#include <linux/debugfs.h>
1da177e4
LT		 29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
1da177e4 33
0857dd3b 34#include "hci_request.h"
ac4b7236 35#include "smp.h"
7024728e
MH		 36#include "a2mp.h"
37
2dea632f
FD		 38struct sco_param {
39 u16 pkt_type;
40 u16 max_latency;
c7da5797 41 u8 retrans_effort;
2dea632f
FD		 42};
43
48e68ff5 44static const struct sco_param esco_param_cvsd[] = {
c7da5797
JH		 45 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
46 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
47 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
48 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
49 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
2dea632f
FD		 50};
51
48e68ff5 52static const struct sco_param sco_param_cvsd[] = {
c7da5797
JH		 53 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
54 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
48e68ff5
BT		 55};
56
565766b0 57static const struct sco_param esco_param_msbc[] = {
c7da5797
JH		 58 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
59 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
2dea632f
FD		 60};
61
1aef8669 62static void hci_le_create_connection_cancel(struct hci_conn *conn)
fcd89c09
VT		 63{
64 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
65}
66
f75113a2
JP		 67/* This function requires the caller holds hdev->lock */
68static void hci_connect_le_scan_cleanup(struct hci_conn *conn)
69{
70 struct hci_conn_params *params;
71 struct smp_irk *irk;
72 bdaddr_t *bdaddr;
73 u8 bdaddr_type;
74
75 bdaddr = &conn->dst;
76 bdaddr_type = conn->dst_type;
77
78 /* Check if we need to convert to identity address */
79 irk = hci_get_irk(conn->hdev, bdaddr, bdaddr_type);
80 if (irk) {
81 bdaddr = &irk->bdaddr;
82 bdaddr_type = irk->addr_type;
83 }
84
85 params = hci_explicit_connect_lookup(conn->hdev, bdaddr, bdaddr_type);
86 if (!params)
87 return;
88
89 /* The connection attempt was doing scan for new RPA, and is
90 * in scan phase. If params are not associated with any other
91 * autoconnect action, remove them completely. If they are, just unmark
92 * them as waiting for connection, by clearing explicit_connect field.
93 */
94 if (params->auto_connect == HCI_AUTO_CONN_EXPLICIT)
95 hci_conn_params_del(conn->hdev, bdaddr, bdaddr_type);
96 else
97 params->explicit_connect = false;
98}
99
100/* This function requires the caller holds hdev->lock */
101static void hci_connect_le_scan_remove(struct hci_conn *conn)
102{
103 hci_connect_le_scan_cleanup(conn);
104
105 hci_conn_hash_del(conn->hdev, conn);
106 hci_update_background_scan(conn->hdev);
107}
108
1aef8669 109static void hci_acl_create_connection(struct hci_conn *conn)
1da177e4
LT		 110{
111 struct hci_dev *hdev = conn->hdev;
112 struct inquiry_entry *ie;
113 struct hci_cp_create_conn cp;
114
42d2d87c 115 BT_DBG("hcon %p", conn);
1da177e4
LT		 116
117 conn->state = BT_CONNECT;
a0c808b3 118 conn->out = true;
40bef302 119 conn->role = HCI_ROLE_MASTER;
1da177e4 120
4c67bc74
MH		 121 conn->attempt++;
122
e4e8e37c
MH		 123 conn->link_policy = hdev->link_policy;
124
1da177e4
LT		 125 memset(&cp, 0, sizeof(cp));
126 bacpy(&cp.bdaddr, &conn->dst);
127 cp.pscan_rep_mode = 0x02;
128
70f23020
AE		 129 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
130 if (ie) {
41a96212
MH		 131 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
132 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
133 cp.pscan_mode = ie->data.pscan_mode;
134 cp.clock_offset = ie->data.clock_offset |
dcf4adbf 135 cpu_to_le16(0x8000);
41a96212
MH		 136 }
137
1da177e4 138 memcpy(conn->dev_class, ie->data.dev_class, 3);
58a681ef
JH		 139 if (ie->data.ssp_mode > 0)
140 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
1da177e4
LT		 141 }
142
a8746417 143 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 144 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82 145 cp.role_switch = 0x01;
1da177e4 146 else
b6a0dc82 147 cp.role_switch = 0x00;
4c67bc74 148
a9de9248 149 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4
LT		 150}
151
1aef8669 152static void hci_acl_create_connection_cancel(struct hci_conn *conn)
6ac59344
MH		 153{
154 struct hci_cp_create_conn_cancel cp;
155
38b3fef1 156 BT_DBG("hcon %p", conn);
6ac59344 157
d095c1eb 158 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
6ac59344
MH		 159 return;
160
161 bacpy(&cp.bdaddr, &conn->dst);
a9de9248 162 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344
MH		 163}
164
93796fa6
CT		 165static void hci_reject_sco(struct hci_conn *conn)
166{
167 struct hci_cp_reject_sync_conn_req cp;
168
d41c15cf 169 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
93796fa6
CT		 170 bacpy(&cp.bdaddr, &conn->dst);
171
172 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
173}
174
e3b679d5 175int hci_disconnect(struct hci_conn *conn, __u8 reason)
1da177e4
LT		 176{
177 struct hci_cp_disconnect cp;
178
38b3fef1 179 BT_DBG("hcon %p", conn);
1da177e4 180
839035a7
JH		 181 /* When we are master of an established connection and it enters
182 * the disconnect timeout, then go ahead and try to read the
183 * current clock offset. Processing of the result is done
184 * within the event handling and hci_clock_offset_evt function.
185 */
186 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) {
187 struct hci_dev *hdev = conn->hdev;
4f639ede 188 struct hci_cp_read_clock_offset clkoff_cp;
839035a7 189
4f639ede
FF		 190 clkoff_cp.handle = cpu_to_le16(conn->handle);
191 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
192 &clkoff_cp);
839035a7
JH		 193 }
194
1da177e4
LT		 195 conn->state = BT_DISCONN;
196
aca3192c 197 cp.handle = cpu_to_le16(conn->handle);
1da177e4 198 cp.reason = reason;
e3b679d5 199 return hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4
LT		 200}
201
a2b1976b 202static void hci_amp_disconn(struct hci_conn *conn)
53502d69
AE		 203{
204 struct hci_cp_disconn_phy_link cp;
205
206 BT_DBG("hcon %p", conn);
207
208 conn->state = BT_DISCONN;
209
210 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
a2b1976b 211 cp.reason = hci_proto_disconn_ind(conn);
53502d69
AE		 212 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
213 sizeof(cp), &cp);
214}
215
57f5d0d1 216static void hci_add_sco(struct hci_conn *conn, __u16 handle)
1da177e4
LT		 217{
218 struct hci_dev *hdev = conn->hdev;
219 struct hci_cp_add_sco cp;
220
38b3fef1 221 BT_DBG("hcon %p", conn);
1da177e4
LT		 222
223 conn->state = BT_CONNECT;
a0c808b3 224 conn->out = true;
1da177e4 225
efc7688b
MH		 226 conn->attempt++;
227
aca3192c 228 cp.handle = cpu_to_le16(handle);
a8746417 229 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4 230
a9de9248 231 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4
LT		 232}
233
2dea632f 234bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
b6a0dc82
MH		 235{
236 struct hci_dev *hdev = conn->hdev;
237 struct hci_cp_setup_sync_conn cp;
2dea632f 238 const struct sco_param *param;
b6a0dc82 239
38b3fef1 240 BT_DBG("hcon %p", conn);
b6a0dc82
MH		 241
242 conn->state = BT_CONNECT;
a0c808b3 243 conn->out = true;
b6a0dc82 244
efc7688b
MH		 245 conn->attempt++;
246
b6a0dc82 247 cp.handle = cpu_to_le16(handle);
b6a0dc82 248
dcf4adbf
JP		 249 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
250 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
10c62ddc
FD		 251 cp.voice_setting = cpu_to_le16(conn->setting);
252
253 switch (conn->setting & SCO_AIRMODE_MASK) {
254 case SCO_AIRMODE_TRANSP:
565766b0 255 if (conn->attempt > ARRAY_SIZE(esco_param_msbc))
2dea632f 256 return false;
565766b0 257 param = &esco_param_msbc[conn->attempt - 1];
10c62ddc
FD		 258 break;
259 case SCO_AIRMODE_CVSD:
48e68ff5
BT		 260 if (lmp_esco_capable(conn->link)) {
261 if (conn->attempt > ARRAY_SIZE(esco_param_cvsd))
262 return false;
48e68ff5
BT		 263 param = &esco_param_cvsd[conn->attempt - 1];
264 } else {
265 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
266 return false;
48e68ff5
BT		 267 param = &sco_param_cvsd[conn->attempt - 1];
268 }
10c62ddc 269 break;
2dea632f
FD		 270 default:
271 return false;
10c62ddc 272 }
b6a0dc82 273
c7da5797 274 cp.retrans_effort = param->retrans_effort;
2dea632f
FD		 275 cp.pkt_type = __cpu_to_le16(param->pkt_type);
276 cp.max_latency = __cpu_to_le16(param->max_latency);
277
278 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
279 return false;
280
281 return true;
b6a0dc82
MH		 282}
283
7d6ca693
JH		 284u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
285 u16 to_multiplier)
2ce603eb 286{
2ce603eb 287 struct hci_dev *hdev = conn->hdev;
f044eb05
MH		 288 struct hci_conn_params *params;
289 struct hci_cp_le_conn_update cp;
2ce603eb 290
f044eb05 291 hci_dev_lock(hdev);
2ce603eb 292
f044eb05
MH		 293 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
294 if (params) {
295 params->conn_min_interval = min;
296 params->conn_max_interval = max;
297 params->conn_latency = latency;
298 params->supervision_timeout = to_multiplier;
299 }
300
301 hci_dev_unlock(hdev);
302
303 memset(&cp, 0, sizeof(cp));
2ce603eb
CT		 304 cp.handle = cpu_to_le16(conn->handle);
305 cp.conn_interval_min = cpu_to_le16(min);
306 cp.conn_interval_max = cpu_to_le16(max);
307 cp.conn_latency = cpu_to_le16(latency);
308 cp.supervision_timeout = cpu_to_le16(to_multiplier);
dcf4adbf
JP		 309 cp.min_ce_len = cpu_to_le16(0x0000);
310 cp.max_ce_len = cpu_to_le16(0x0000);
2ce603eb
CT		 311
312 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
7d6ca693
JH		 313
314 if (params)
315 return 0x01;
316
317 return 0x00;
2ce603eb 318}
2ce603eb 319
fe39c7b2 320void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
8b76ce34 321 __u8 ltk[16], __u8 key_size)
a7a595f6
VCG		 322{
323 struct hci_dev *hdev = conn->hdev;
324 struct hci_cp_le_start_enc cp;
325
38b3fef1 326 BT_DBG("hcon %p", conn);
a7a595f6
VCG		 327
328 memset(&cp, 0, sizeof(cp));
329
330 cp.handle = cpu_to_le16(conn->handle);
fe39c7b2 331 cp.rand = rand;
a7a595f6 332 cp.ediv = ediv;
8b76ce34 333 memcpy(cp.ltk, ltk, key_size);
a7a595f6
VCG		 334
335 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
336}
a7a595f6 337
e73439d8
MH		 338/* Device _must_ be locked */
339void hci_sco_setup(struct hci_conn *conn, __u8 status)
340{
341 struct hci_conn *sco = conn->link;
342
e73439d8
MH		 343 if (!sco)
344 return;
345
38b3fef1
AE		 346 BT_DBG("hcon %p", conn);
347
e73439d8
MH		 348 if (!status) {
349 if (lmp_esco_capable(conn->hdev))
350 hci_setup_sync(sco, conn->handle);
351 else
352 hci_add_sco(sco, conn->handle);
353 } else {
539c496d 354 hci_connect_cfm(sco, status);
e73439d8
MH		 355 hci_conn_del(sco);
356 }
357}
358
19c40e3b 359static void hci_conn_timeout(struct work_struct *work)
1da177e4 360{
19c40e3b 361 struct hci_conn *conn = container_of(work, struct hci_conn,
5974e4c4 362 disc_work.work);
1d56dc4f 363 int refcnt = atomic_read(&conn->refcnt);
1da177e4 364
38b3fef1 365 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
1da177e4 366
1d56dc4f
LR		 367 WARN_ON(refcnt < 0);
368
369 /* FIXME: It was observed that in pairing failed scenario, refcnt
370 * drops below 0. Probably this is because l2cap_conn_del calls
371 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
372 * dropped. After that loop hci_chan_del is called which also drops
373 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
374 * otherwise drop it.
375 */
376 if (refcnt > 0)
1da177e4
LT		 377 return;
378
6ac59344
MH		 379 switch (conn->state) {
380 case BT_CONNECT:
769be974 381 case BT_CONNECT2:
fcd89c09
VT		 382 if (conn->out) {
383 if (conn->type == ACL_LINK)
1aef8669 384 hci_acl_create_connection_cancel(conn);
cc2b6911
JP		 385 else if (conn->type == LE_LINK) {
386 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
387 hci_connect_le_scan_remove(conn);
388 else
389 hci_le_create_connection_cancel(conn);
390 }
93796fa6
CT		 391 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
392 hci_reject_sco(conn);
fcd89c09 393 }
6ac59344 394 break;
769be974 395 case BT_CONFIG:
8e87d142 396 case BT_CONNECTED:
40051e46
MH		 397 if (conn->type == AMP_LINK) {
398 hci_amp_disconn(conn);
399 } else {
400 __u8 reason = hci_proto_disconn_ind(conn);
401 hci_disconnect(conn, reason);
402 }
6ac59344
MH		 403 break;
404 default:
1da177e4 405 conn->state = BT_CLOSED;
6ac59344
MH		 406 break;
407 }
1da177e4
LT		 408}
409
416dc94b 410/* Enter sniff mode */
a74a84f6 411static void hci_conn_idle(struct work_struct *work)
416dc94b 412{
a74a84f6
JH		 413 struct hci_conn *conn = container_of(work, struct hci_conn,
414 idle_work.work);
416dc94b
GP		 415 struct hci_dev *hdev = conn->hdev;
416
38b3fef1 417 BT_DBG("hcon %p mode %d", conn, conn->mode);
416dc94b 418
416dc94b
GP		 419 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
420 return;
421
422 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
423 return;
424
425 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
426 struct hci_cp_sniff_subrate cp;
427 cp.handle = cpu_to_le16(conn->handle);
dcf4adbf
JP		 428 cp.max_latency = cpu_to_le16(0);
429 cp.min_remote_timeout = cpu_to_le16(0);
430 cp.min_local_timeout = cpu_to_le16(0);
416dc94b
GP		 431 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
432 }
433
51a8efd7 434 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
416dc94b
GP		 435 struct hci_cp_sniff_mode cp;
436 cp.handle = cpu_to_le16(conn->handle);
437 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
438 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
dcf4adbf
JP		 439 cp.attempt = cpu_to_le16(4);
440 cp.timeout = cpu_to_le16(1);
416dc94b
GP		 441 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
442 }
443}
444
7bc18d9d 445static void hci_conn_auto_accept(struct work_struct *work)
9f61656a 446{
7bc18d9d
JH		 447 struct hci_conn *conn = container_of(work, struct hci_conn,
448 auto_accept_work.work);
9f61656a 449
7bc18d9d 450 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
5974e4c4 451 &conn->dst);
9f61656a
JH		 452}
453
9489eca4
JH		 454static void le_conn_timeout(struct work_struct *work)
455{
456 struct hci_conn *conn = container_of(work, struct hci_conn,
457 le_conn_timeout.work);
3c857757 458 struct hci_dev *hdev = conn->hdev;
9489eca4
JH		 459
460 BT_DBG("");
461
3c857757
JH		 462 /* We could end up here due to having done directed advertising,
463 * so clean up the state if necessary. This should however only
464 * happen with broken hardware or if low duty cycle was used
465 * (which doesn't have a timeout of its own).
466 */
0b1db38c 467 if (conn->role == HCI_ROLE_SLAVE) {
3c857757
JH		 468 u8 enable = 0x00;
469 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
470 &enable);
471 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
472 return;
473 }
474
9489eca4
JH		 475 hci_le_create_connection_cancel(conn);
476}
477
a5c4e309
JH		 478struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
479 u8 role)
1da177e4
LT		 480{
481 struct hci_conn *conn;
482
6ed93dc6 483 BT_DBG("%s dst %pMR", hdev->name, dst);
1da177e4 484
27f70f3e 485 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
04837f64 486 if (!conn)
1da177e4 487 return NULL;
1da177e4
LT		 488
489 bacpy(&conn->dst, dst);
662e8820 490 bacpy(&conn->src, &hdev->bdaddr);
a8746417
MH		 491 conn->hdev = hdev;
492 conn->type = type;
a5c4e309 493 conn->role = role;
a8746417
MH		 494 conn->mode = HCI_CM_ACTIVE;
495 conn->state = BT_OPEN;
93f19c9f 496 conn->auth_type = HCI_AT_GENERAL_BONDING;
17fa4b9d 497 conn->io_capability = hdev->io_capability;
a9583556 498 conn->remote_auth = 0xff;
13d39315 499 conn->key_type = 0xff;
ebf86aa3 500 conn->rssi = HCI_RSSI_INVALID;
5a134fae 501 conn->tx_power = HCI_TX_POWER_INVALID;
d0455ed9 502 conn->max_tx_power = HCI_TX_POWER_INVALID;
1da177e4 503
58a681ef 504 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
052b30b0 505 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64 506
a5c4e309
JH		 507 if (conn->role == HCI_ROLE_MASTER)
508 conn->out = true;
509
a8746417
MH		 510 switch (type) {
511 case ACL_LINK:
512 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
513 break;
9c84d1da
JH		 514 case LE_LINK:
515 /* conn->src should reflect the local identity address */
516 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
517 break;
a8746417
MH		 518 case SCO_LINK:
519 if (lmp_esco_capable(hdev))
efc7688b
MH		 520 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
521 (hdev->esco_type & EDR_ESCO_MASK);
a8746417
MH		 522 else
523 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
524 break;
525 case ESCO_LINK:
efc7688b 526 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417
MH		 527 break;
528 }
529
1da177e4 530 skb_queue_head_init(&conn->data_q);
04837f64 531
70c1f20b 532 INIT_LIST_HEAD(&conn->chan_list);
73d80deb 533
19c40e3b 534 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
7bc18d9d 535 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
a74a84f6 536 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
9489eca4 537 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1da177e4
LT		 538
539 atomic_set(&conn->refcnt, 0);
540
541 hci_dev_hold(hdev);
542
1da177e4 543 hci_conn_hash_add(hdev, conn);
3c54711c 544 if (hdev->notify)
1da177e4
LT		 545 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
546
a67e899c
MH		 547 hci_conn_init_sysfs(conn);
548
1da177e4
LT		 549 return conn;
550}
551
552int hci_conn_del(struct hci_conn *conn)
553{
554 struct hci_dev *hdev = conn->hdev;
555
38b3fef1 556 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1da177e4 557
19c40e3b 558 cancel_delayed_work_sync(&conn->disc_work);
7bc18d9d 559 cancel_delayed_work_sync(&conn->auto_accept_work);
a74a84f6 560 cancel_delayed_work_sync(&conn->idle_work);
9f61656a 561
5b7f9909 562 if (conn->type == ACL_LINK) {
1da177e4
LT		 563 struct hci_conn *sco = conn->link;
564 if (sco)
565 sco->link = NULL;
566
567 /* Unacked frames */
568 hdev->acl_cnt += conn->sent;
6ed58ec5 569 } else if (conn->type == LE_LINK) {
980ffc0a 570 cancel_delayed_work(&conn->le_conn_timeout);
9489eca4 571
6ed58ec5
VT		 572 if (hdev->le_pkts)
573 hdev->le_cnt += conn->sent;
574 else
575 hdev->acl_cnt += conn->sent;
5b7f9909
MH		 576 } else {
577 struct hci_conn *acl = conn->link;
578 if (acl) {
579 acl->link = NULL;
76a68ba0 580 hci_conn_drop(acl);
5b7f9909 581 }
1da177e4
LT		 582 }
583
2c33c06a 584 hci_chan_list_flush(conn);
73d80deb 585
9740e49d
AE		 586 if (conn->amp_mgr)
587 amp_mgr_put(conn->amp_mgr);
588
1da177e4 589 hci_conn_hash_del(hdev, conn);
3c54711c 590 if (hdev->notify)
1da177e4 591 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3 592
1da177e4 593 skb_queue_purge(&conn->data_q);
1da177e4 594
fc225c3f 595 hci_conn_del_sysfs(conn);
2ae9a6be 596
23b9ceb7
MH		 597 debugfs_remove_recursive(conn->debugfs);
598
89cbb063
AA		 599 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
600 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
601
384943ec
MH		 602 hci_dev_put(hdev);
603
8d12356f 604 hci_conn_put(conn);
163f4dab 605
1da177e4
LT		 606 return 0;
607}
608
609struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
610{
611 int use_src = bacmp(src, BDADDR_ANY);
8035ded4 612 struct hci_dev *hdev = NULL, *d;
1da177e4 613
6ed93dc6 614 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4 615
f20d09d5 616 read_lock(&hci_dev_list_lock);
1da177e4 617
8035ded4 618 list_for_each_entry(d, &hci_dev_list, list) {
8fc9ced3 619 if (!test_bit(HCI_UP, &d->flags) ||
d7a5a11d 620 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
d300fa9b 621 d->dev_type != HCI_BREDR)
1da177e4
LT		 622 continue;
623
8e87d142 624 /* Simple routing:
1da177e4
LT		 625 * No source address - find interface with bdaddr != dst
626 * Source address - find interface with bdaddr == src
627 */
628
629 if (use_src) {
630 if (!bacmp(&d->bdaddr, src)) {
631 hdev = d; break;
632 }
633 } else {
634 if (bacmp(&d->bdaddr, dst)) {
635 hdev = d; break;
636 }
637 }
638 }
639
640 if (hdev)
641 hdev = hci_dev_hold(hdev);
642
f20d09d5 643 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 644 return hdev;
645}
646EXPORT_SYMBOL(hci_get_route);
647
9bb3c01f 648/* This function requires the caller holds hdev->lock */
06c053fb 649void hci_le_conn_failed(struct hci_conn *conn, u8 status)
9bb3c01f
AG		 650{
651 struct hci_dev *hdev = conn->hdev;
f161dd41
JH		 652 struct hci_conn_params *params;
653
654 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
655 conn->dst_type);
656 if (params && params->conn) {
657 hci_conn_drop(params->conn);
f8aaf9b6 658 hci_conn_put(params->conn);
f161dd41
JH		 659 params->conn = NULL;
660 }
9bb3c01f
AG		 661
662 conn->state = BT_CLOSED;
663
664 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
665 status);
666
539c496d 667 hci_connect_cfm(conn, status);
9bb3c01f
AG		 668
669 hci_conn_del(conn);
a4790dbd
AG		 670
671 /* Since we may have temporarily stopped the background scanning in
672 * favor of connection establishment, we should restart it.
673 */
674 hci_update_background_scan(hdev);
3c857757
JH		 675
676 /* Re-enable advertising in case this was a failed connection
677 * attempt as a peripheral.
678 */
679 mgmt_reenable_advertising(hdev);
9bb3c01f
AG		 680}
681
1904a853 682static void create_le_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1d399ae5
AG		 683{
684 struct hci_conn *conn;
685
28a667c9
JP		 686 hci_dev_lock(hdev);
687
688 conn = hci_lookup_le_connect(hdev);
689
690 if (!status) {
691 hci_connect_le_scan_cleanup(conn);
692 goto done;
693 }
1d399ae5
AG		 694
695 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
696 status);
697
1d399ae5
AG		 698 if (!conn)
699 goto done;
700
06c053fb 701 hci_le_conn_failed(conn, status);
1d399ae5
AG		 702
703done:
704 hci_dev_unlock(hdev);
705}
706
2acf3d90
AG		 707static void hci_req_add_le_create_conn(struct hci_request *req,
708 struct hci_conn *conn)
709{
710 struct hci_cp_le_create_conn cp;
711 struct hci_dev *hdev = conn->hdev;
712 u8 own_addr_type;
713
714 memset(&cp, 0, sizeof(cp));
715
716 /* Update random address, but set require_privacy to false so
9437d2ed 717 * that we never connect with an non-resolvable address.
2acf3d90
AG		 718 */
719 if (hci_update_random_address(req, false, &own_addr_type))
720 return;
721
2acf3d90
AG		 722 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
723 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
724 bacpy(&cp.peer_addr, &conn->dst);
725 cp.peer_addr_type = conn->dst_type;
726 cp.own_address_type = own_addr_type;
727 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
728 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
037fc415
MH		 729 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
730 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
dcf4adbf
JP		 731 cp.min_ce_len = cpu_to_le16(0x0000);
732 cp.max_ce_len = cpu_to_le16(0x0000);
2acf3d90
AG		 733
734 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
b46e0030
JH		 735
736 conn->state = BT_CONNECT;
28a667c9 737 clear_bit(HCI_CONN_SCANNING, &conn->flags);
2acf3d90
AG		 738}
739
3c857757
JH		 740static void hci_req_directed_advertising(struct hci_request *req,
741 struct hci_conn *conn)
742{
743 struct hci_dev *hdev = req->hdev;
744 struct hci_cp_le_set_adv_param cp;
745 u8 own_addr_type;
746 u8 enable;
747
5ce194c4 748 /* Clear the HCI_LE_ADV bit temporarily so that the
3c857757
JH		 749 * hci_update_random_address knows that it's safe to go ahead
750 * and write a new random address. The flag will be set back on
751 * as soon as the SET_ADV_ENABLE HCI command completes.
752 */
a358dc11 753 hci_dev_clear_flag(hdev, HCI_LE_ADV);
3c857757
JH		 754
755 /* Set require_privacy to false so that the remote device has a
756 * chance of identifying us.
757 */
758 if (hci_update_random_address(req, false, &own_addr_type) < 0)
759 return;
760
761 memset(&cp, 0, sizeof(cp));
762 cp.type = LE_ADV_DIRECT_IND;
763 cp.own_address_type = own_addr_type;
764 cp.direct_addr_type = conn->dst_type;
765 bacpy(&cp.direct_addr, &conn->dst);
766 cp.channel_map = hdev->le_adv_channel_map;
767
768 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
769
770 enable = 0x01;
771 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
772
773 conn->state = BT_CONNECT;
774}
775
04a6c589 776struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
cdd6275e 777 u8 dst_type, u8 sec_level, u16 conn_timeout,
e804d25d 778 u8 role)
1da177e4 779{
4292f1f3 780 struct hci_conn_params *params;
28a667c9 781 struct hci_conn *conn, *conn_unfinished;
1ebfcc1f 782 struct smp_irk *irk;
2acf3d90 783 struct hci_request req;
1d399ae5 784 int err;
1da177e4 785
152d386e 786 /* Let's make sure that le is enabled.*/
d7a5a11d 787 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
152d386e
LR		 788 if (lmp_le_capable(hdev))
789 return ERR_PTR(-ECONNREFUSED);
790
791 return ERR_PTR(-EOPNOTSUPP);
792 }
793
620ad521
AG		 794 /* Some devices send ATT messages as soon as the physical link is
795 * established. To be able to handle these ATT messages, the user-
796 * space first establishes the connection and then starts the pairing
797 * process.
798 *
799 * So if a hci_conn object already exists for the following connection
800 * attempt, we simply update pending_sec_level and auth_type fields
801 * and return the object found.
802 */
f1e5d547 803 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
28a667c9 804 conn_unfinished = NULL;
620ad521 805 if (conn) {
28a667c9
JP		 806 if (conn->state == BT_CONNECT &&
807 test_bit(HCI_CONN_SCANNING, &conn->flags)) {
808 BT_DBG("will continue unfinished conn %pMR", dst);
809 conn_unfinished = conn;
810 } else {
811 if (conn->pending_sec_level < sec_level)
812 conn->pending_sec_level = sec_level;
813 goto done;
814 }
620ad521 815 }
dfc94dbd 816
620ad521
AG		 817 /* Since the controller supports only one LE connection attempt at a
818 * time, we return -EBUSY if there is any connection attempt running.
819 */
e7d9ab73 820 if (hci_lookup_le_connect(hdev))
620ad521 821 return ERR_PTR(-EBUSY);
46a190cb 822
edb4b466
MH		 823 /* When given an identity address with existing identity
824 * resolving key, the connection needs to be established
825 * to a resolvable random address.
826 *
edb4b466
MH		 827 * Storing the resolvable random address is required here
828 * to handle connection failures. The address will later
829 * be resolved back into the original identity address
830 * from the connect request.
831 */
1ebfcc1f
JH		 832 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
833 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
834 dst = &irk->rpa;
835 dst_type = ADDR_LE_DEV_RANDOM;
836 }
837
28a667c9
JP		 838 if (conn_unfinished) {
839 conn = conn_unfinished;
840 bacpy(&conn->dst, dst);
841 } else {
842 conn = hci_conn_add(hdev, LE_LINK, dst, role);
843 }
844
620ad521
AG		 845 if (!conn)
846 return ERR_PTR(-ENOMEM);
9f0caeb1 847
1ebfcc1f 848 conn->dst_type = dst_type;
620ad521 849 conn->sec_level = BT_SECURITY_LOW;
09ae260b 850 conn->conn_timeout = conn_timeout;
4292f1f3 851
28a667c9
JP		 852 if (!conn_unfinished)
853 conn->pending_sec_level = sec_level;
854
3c857757
JH		 855 hci_req_init(&req, hdev);
856
376f54c1
JH		 857 /* Disable advertising if we're active. For master role
858 * connections most controllers will refuse to connect if
859 * advertising is enabled, and for slave role connections we
860 * anyway have to disable it in order to start directed
861 * advertising.
862 */
d7a5a11d 863 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
376f54c1
JH		 864 u8 enable = 0x00;
865 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
866 &enable);
867 }
868
cdd6275e 869 /* If requested to connect as slave use directed advertising */
e804d25d 870 if (conn->role == HCI_ROLE_SLAVE) {
e8bb6b97
JH		 871 /* If we're active scanning most controllers are unable
872 * to initiate advertising. Simply reject the attempt.
873 */
d7a5a11d 874 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97
JH		 875 hdev->le_scan_type == LE_SCAN_ACTIVE) {
876 skb_queue_purge(&req.cmd_q);
877 hci_conn_del(conn);
878 return ERR_PTR(-EBUSY);
879 }
880
3c857757
JH		 881 hci_req_directed_advertising(&req, conn);
882 goto create_conn;
883 }
884
4292f1f3
AG		 885 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
886 if (params) {
887 conn->le_conn_min_interval = params->conn_min_interval;
888 conn->le_conn_max_interval = params->conn_max_interval;
037fc415
MH		 889 conn->le_conn_latency = params->conn_latency;
890 conn->le_supv_timeout = params->supervision_timeout;
4292f1f3
AG		 891 } else {
892 conn->le_conn_min_interval = hdev->le_conn_min_interval;
893 conn->le_conn_max_interval = hdev->le_conn_max_interval;
04fb7d90
MH		 894 conn->le_conn_latency = hdev->le_conn_latency;
895 conn->le_supv_timeout = hdev->le_supv_timeout;
4292f1f3 896 }
eda42b50 897
2acf3d90 898 /* If controller is scanning, we stop it since some controllers are
81ad6fd9
JH		 899 * not able to scan and connect at the same time. Also set the
900 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
901 * handler for scan disabling knows to set the correct discovery
902 * state.
2acf3d90 903 */
d7a5a11d 904 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
2acf3d90 905 hci_req_add_le_scan_disable(&req);
a1536da2 906 hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED);
2acf3d90
AG		 907 }
908
81ad6fd9
JH		 909 hci_req_add_le_create_conn(&req, conn);
910
3c857757 911create_conn:
81ad6fd9 912 err = hci_req_run(&req, create_le_conn_complete);
2acf3d90
AG		 913 if (err) {
914 hci_conn_del(conn);
620ad521 915 return ERR_PTR(err);
2acf3d90 916 }
fcd89c09 917
620ad521 918done:
28a667c9
JP		 919 /* If this is continuation of connect started by hci_connect_le_scan,
920 * it already called hci_conn_hold and calling it again would mess the
921 * counter.
922 */
923 if (!conn_unfinished)
924 hci_conn_hold(conn);
925
f1e5d547 926 return conn;
d04aef4c 927}
fcd89c09 928
f75113a2
JP		 929static void hci_connect_le_scan_complete(struct hci_dev *hdev, u8 status,
930 u16 opcode)
931{
932 struct hci_conn *conn;
933
934 if (!status)
935 return;
936
937 BT_ERR("Failed to add device to auto conn whitelist: status 0x%2.2x",
938 status);
939
940 hci_dev_lock(hdev);
941
942 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
943 if (conn)
944 hci_le_conn_failed(conn, status);
945
946 hci_dev_unlock(hdev);
947}
948
949static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
950{
951 struct hci_conn *conn;
952
953 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
954 if (!conn)
955 return false;
956
957 if (conn->dst_type != type)
958 return false;
959
960 if (conn->state != BT_CONNECTED)
961 return false;
962
963 return true;
964}
965
966/* This function requires the caller holds hdev->lock */
967static int hci_explicit_conn_params_set(struct hci_request *req,
968 bdaddr_t *addr, u8 addr_type)
969{
970 struct hci_dev *hdev = req->hdev;
971 struct hci_conn_params *params;
972
973 if (is_connected(hdev, addr, addr_type))
974 return -EISCONN;
975
976 params = hci_conn_params_add(hdev, addr, addr_type);
977 if (!params)
978 return -EIO;
979
980 /* If we created new params, or existing params were marked as disabled,
981 * mark them to be used just once to connect.
982 */
983 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
984 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
985 list_del_init(&params->action);
986 list_add(&params->action, &hdev->pend_le_conns);
987 }
988
989 params->explicit_connect = true;
990 __hci_update_background_scan(req);
991
992 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
993 params->auto_connect);
994
995 return 0;
996}
997
998/* This function requires the caller holds hdev->lock */
999struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1000 u8 dst_type, u8 sec_level,
1001 u16 conn_timeout, u8 role)
1002{
1003 struct hci_conn *conn;
1004 struct hci_request req;
1005 int err;
1006
1007 /* Let's make sure that le is enabled.*/
1008 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1009 if (lmp_le_capable(hdev))
1010 return ERR_PTR(-ECONNREFUSED);
1011
1012 return ERR_PTR(-EOPNOTSUPP);
1013 }
1014
1015 /* Some devices send ATT messages as soon as the physical link is
1016 * established. To be able to handle these ATT messages, the user-
1017 * space first establishes the connection and then starts the pairing
1018 * process.
1019 *
1020 * So if a hci_conn object already exists for the following connection
1021 * attempt, we simply update pending_sec_level and auth_type fields
1022 * and return the object found.
1023 */
1024 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
1025 if (conn) {
1026 if (conn->pending_sec_level < sec_level)
1027 conn->pending_sec_level = sec_level;
1028 goto done;
1029 }
1030
1031 BT_DBG("requesting refresh of dst_addr");
1032
1033 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1034 if (!conn)
1035 return ERR_PTR(-ENOMEM);
1036
1037 hci_req_init(&req, hdev);
1038
1039 if (hci_explicit_conn_params_set(&req, dst, dst_type) < 0)
1040 return ERR_PTR(-EBUSY);
1041
1042 conn->state = BT_CONNECT;
1043 set_bit(HCI_CONN_SCANNING, &conn->flags);
1044
1045 err = hci_req_run(&req, hci_connect_le_scan_complete);
1046 if (err && err != -ENODATA) {
1047 hci_conn_del(conn);
1048 return ERR_PTR(err);
1049 }
1050
1051 conn->dst_type = dst_type;
1052 conn->sec_level = BT_SECURITY_LOW;
1053 conn->pending_sec_level = sec_level;
1054 conn->conn_timeout = conn_timeout;
1055
1056done:
1057 hci_conn_hold(conn);
1058 return conn;
1059}
1060
04a6c589
AG		 1061struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1062 u8 sec_level, u8 auth_type)
1da177e4
LT		 1063{
1064 struct hci_conn *acl;
fcd89c09 1065
d7a5a11d 1066 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
c411110e
LR		 1067 if (lmp_bredr_capable(hdev))
1068 return ERR_PTR(-ECONNREFUSED);
1069
beb19e4c 1070 return ERR_PTR(-EOPNOTSUPP);
c411110e 1071 }
56f87901 1072
70f23020
AE		 1073 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1074 if (!acl) {
a5c4e309 1075 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
70f23020 1076 if (!acl)
48c7aba9 1077 return ERR_PTR(-ENOMEM);
1da177e4
LT		 1078 }
1079
1080 hci_conn_hold(acl);
1081
09ab6f4c 1082 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
765c2a96
JH		 1083 acl->sec_level = BT_SECURITY_LOW;
1084 acl->pending_sec_level = sec_level;
09ab6f4c 1085 acl->auth_type = auth_type;
1aef8669 1086 hci_acl_create_connection(acl);
09ab6f4c 1087 }
1da177e4 1088
db474275
VCG		 1089 return acl;
1090}
1091
10c62ddc
FD		 1092struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1093 __u16 setting)
db474275
VCG		 1094{
1095 struct hci_conn *acl;
1096 struct hci_conn *sco;
1097
e660ed6c 1098 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
db474275 1099 if (IS_ERR(acl))
5b7f9909 1100 return acl;
1da177e4 1101
70f23020
AE		 1102 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1103 if (!sco) {
a5c4e309 1104 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
70f23020 1105 if (!sco) {
76a68ba0 1106 hci_conn_drop(acl);
48c7aba9 1107 return ERR_PTR(-ENOMEM);
1da177e4 1108 }
5b7f9909 1109 }
1da177e4 1110
5b7f9909
MH		 1111 acl->link = sco;
1112 sco->link = acl;
1da177e4 1113
5b7f9909 1114 hci_conn_hold(sco);
1da177e4 1115
10c62ddc
FD		 1116 sco->setting = setting;
1117
5b7f9909 1118 if (acl->state == BT_CONNECTED &&
5974e4c4 1119 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
58a681ef 1120 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
14b12d0b 1121 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
c390216b 1122
51a8efd7 1123 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
e73439d8 1124 /* defer SCO setup until mode change completed */
51a8efd7 1125 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
e73439d8
MH		 1126 return sco;
1127 }
1128
1129 hci_sco_setup(acl, 0x00);
b6a0dc82 1130 }
5b7f9909
MH		 1131
1132 return sco;
1da177e4 1133}
1da177e4 1134
e7c29cb1
MH		 1135/* Check link security requirement */
1136int hci_conn_check_link_mode(struct hci_conn *conn)
1137{
38b3fef1 1138 BT_DBG("hcon %p", conn);
e7c29cb1 1139
40b552aa
MH		 1140 /* In Secure Connections Only mode, it is required that Secure
1141 * Connections is used and the link is encrypted with AES-CCM
1142 * using a P-256 authenticated combination key.
1143 */
d7a5a11d 1144 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
40b552aa
MH		 1145 if (!hci_conn_sc_enabled(conn) ||
1146 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
1147 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
1148 return 0;
1149 }
1150
4dae2798
JH		 1151 if (hci_conn_ssp_enabled(conn) &&
1152 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
e7c29cb1
MH		 1153 return 0;
1154
1155 return 1;
1156}
e7c29cb1 1157
1da177e4 1158/* Authenticate remote device */
0684e5f9 1159static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 1160{
38b3fef1 1161 BT_DBG("hcon %p", conn);
1da177e4 1162
765c2a96
JH		 1163 if (conn->pending_sec_level > sec_level)
1164 sec_level = conn->pending_sec_level;
1165
96a31833 1166 if (sec_level > conn->sec_level)
765c2a96 1167 conn->pending_sec_level = sec_level;
4dae2798 1168 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1da177e4
LT		 1169 return 1;
1170
65cf686e
JH		 1171 /* Make sure we preserve an existing MITM requirement*/
1172 auth_type |= (conn->auth_type & 0x01);
1173
96a31833
MH		 1174 conn->auth_type = auth_type;
1175
51a8efd7 1176 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1da177e4 1177 struct hci_cp_auth_requested cp;
b7d05bad 1178
aca3192c 1179 cp.handle = cpu_to_le16(conn->handle);
40be492f 1180 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
5974e4c4 1181 sizeof(cp), &cp);
09da1f34
JH		 1182
1183 /* If we're already encrypted set the REAUTH_PEND flag,
1184 * otherwise set the ENCRYPT_PEND.
1185 */
4dae2798 1186 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
51a8efd7 1187 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
09da1f34
JH		 1188 else
1189 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 1190 }
8c1b2355 1191
1da177e4
LT		 1192 return 0;
1193}
1da177e4 1194
13d39315
WR		 1195/* Encrypt the the link */
1196static void hci_conn_encrypt(struct hci_conn *conn)
1197{
38b3fef1 1198 BT_DBG("hcon %p", conn);
13d39315 1199
51a8efd7 1200 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
13d39315
WR		 1201 struct hci_cp_set_conn_encrypt cp;
1202 cp.handle = cpu_to_le16(conn->handle);
1203 cp.encrypt = 0x01;
1204 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
5974e4c4 1205 &cp);
13d39315
WR		 1206 }
1207}
1208
8c1b2355 1209/* Enable security */
e7cafc45
JH		 1210int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
1211 bool initiator)
1da177e4 1212{
38b3fef1 1213 BT_DBG("hcon %p", conn);
1da177e4 1214
d8343f12
VCG		 1215 if (conn->type == LE_LINK)
1216 return smp_conn_security(conn, sec_level);
1217
13d39315 1218 /* For sdp we don't need the link key. */
8c1b2355
MH		 1219 if (sec_level == BT_SECURITY_SDP)
1220 return 1;
1221
13d39315
WR		 1222 /* For non 2.1 devices and low security level we don't need the link
1223 key. */
aa64a8b5 1224 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
3fdca1e1 1225 return 1;
8c1b2355 1226
13d39315 1227 /* For other security levels we need the link key. */
4dae2798 1228 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
13d39315
WR		 1229 goto auth;
1230
7b5a9241
MH		 1231 /* An authenticated FIPS approved combination key has sufficient
1232 * security for security level 4. */
1233 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1234 sec_level == BT_SECURITY_FIPS)
1235 goto encrypt;
1236
1237 /* An authenticated combination key has sufficient security for
1238 security level 3. */
1239 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1240 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1241 sec_level == BT_SECURITY_HIGH)
13d39315
WR		 1242 goto encrypt;
1243
1244 /* An unauthenticated combination key has sufficient security for
1245 security level 1 and 2. */
66138ce8
MH		 1246 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1247 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
5974e4c4 1248 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
13d39315
WR		 1249 goto encrypt;
1250
1251 /* A combination key has always sufficient security for the security
1252 levels 1 or 2. High security level requires the combination key
1253 is generated using maximum PIN code length (16).
1254 For pre 2.1 units. */
1255 if (conn->key_type == HCI_LK_COMBINATION &&
7b5a9241
MH		 1256 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1257 conn->pin_length == 16))
13d39315
WR		 1258 goto encrypt;
1259
1260auth:
51a8efd7 1261 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1da177e4
LT		 1262 return 0;
1263
977f8fce
JH		 1264 if (initiator)
1265 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1266
6fdf658c
LAD		 1267 if (!hci_conn_auth(conn, sec_level, auth_type))
1268 return 0;
13d39315
WR		 1269
1270encrypt:
4dae2798 1271 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
13d39315 1272 return 1;
8c1b2355 1273
13d39315 1274 hci_conn_encrypt(conn);
1da177e4
LT		 1275 return 0;
1276}
8c1b2355 1277EXPORT_SYMBOL(hci_conn_security);
1da177e4 1278
b3b1b061
WR		 1279/* Check secure link requirement */
1280int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1281{
38b3fef1 1282 BT_DBG("hcon %p", conn);
b3b1b061 1283
9cb2e030
MH		 1284 /* Accept if non-secure or higher security level is required */
1285 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1286 return 1;
b3b1b061 1287
9cb2e030
MH		 1288 /* Accept if secure or higher security level is already present */
1289 if (conn->sec_level == BT_SECURITY_HIGH ||
1290 conn->sec_level == BT_SECURITY_FIPS)
b3b1b061
WR		 1291 return 1;
1292
9cb2e030
MH		 1293 /* Reject not secure link */
1294 return 0;
b3b1b061
WR		 1295}
1296EXPORT_SYMBOL(hci_conn_check_secure);
1297
1da177e4 1298/* Switch role */
8c1b2355 1299int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 1300{
38b3fef1 1301 BT_DBG("hcon %p", conn);
1da177e4 1302
40bef302 1303 if (role == conn->role)
1da177e4
LT		 1304 return 1;
1305
51a8efd7 1306 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1da177e4
LT		 1307 struct hci_cp_switch_role cp;
1308 bacpy(&cp.bdaddr, &conn->dst);
1309 cp.role = role;
a9de9248 1310 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4 1311 }
8c1b2355 1312
1da177e4
LT		 1313 return 0;
1314}
1315EXPORT_SYMBOL(hci_conn_switch_role);
1316
04837f64 1317/* Enter active mode */
14b12d0b 1318void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
04837f64
MH		 1319{
1320 struct hci_dev *hdev = conn->hdev;
1321
38b3fef1 1322 BT_DBG("hcon %p mode %d", conn, conn->mode);
04837f64 1323
14b12d0b
JG		 1324 if (conn->mode != HCI_CM_SNIFF)
1325 goto timer;
1326
58a681ef 1327 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
04837f64
MH		 1328 goto timer;
1329
51a8efd7 1330 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
04837f64 1331 struct hci_cp_exit_sniff_mode cp;
aca3192c 1332 cp.handle = cpu_to_le16(conn->handle);
a9de9248 1333 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64
MH		 1334 }
1335
1336timer:
1337 if (hdev->idle_timeout > 0)
a74a84f6
JH		 1338 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1339 msecs_to_jiffies(hdev->idle_timeout));
04837f64
MH		 1340}
1341
1da177e4
LT		 1342/* Drop all connection on the device */
1343void hci_conn_hash_flush(struct hci_dev *hdev)
1344{
1345 struct hci_conn_hash *h = &hdev->conn_hash;
3c4e0df0 1346 struct hci_conn *c, *n;
1da177e4
LT		 1347
1348 BT_DBG("hdev %s", hdev->name);
1349
3c4e0df0 1350 list_for_each_entry_safe(c, n, &h->list, list) {
1da177e4
LT		 1351 c->state = BT_CLOSED;
1352
3a6d576b 1353 hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1da177e4
LT		 1354 hci_conn_del(c);
1355 }
1356}
1357
a9de9248
MH		 1358/* Check pending connect attempts */
1359void hci_conn_check_pending(struct hci_dev *hdev)
1360{
1361 struct hci_conn *conn;
1362
1363 BT_DBG("hdev %s", hdev->name);
1364
1365 hci_dev_lock(hdev);
1366
1367 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1368 if (conn)
1aef8669 1369 hci_acl_create_connection(conn);
a9de9248
MH		 1370
1371 hci_dev_unlock(hdev);
1372}
1373
4dae2798
JH		 1374static u32 get_link_mode(struct hci_conn *conn)
1375{
1376 u32 link_mode = 0;
1377
40bef302 1378 if (conn->role == HCI_ROLE_MASTER)
4dae2798
JH		 1379 link_mode |= HCI_LM_MASTER;
1380
1381 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1382 link_mode |= HCI_LM_ENCRYPT;
1383
1384 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1385 link_mode |= HCI_LM_AUTH;
1386
1387 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1388 link_mode |= HCI_LM_SECURE;
1389
1390 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1391 link_mode |= HCI_LM_FIPS;
1392
1393 return link_mode;
1394}
1395
1da177e4
LT		 1396int hci_get_conn_list(void __user *arg)
1397{
fc5fef61 1398 struct hci_conn *c;
1da177e4
LT		 1399 struct hci_conn_list_req req, *cl;
1400 struct hci_conn_info *ci;
1401 struct hci_dev *hdev;
1da177e4
LT		 1402 int n = 0, size, err;
1403
1404 if (copy_from_user(&req, arg, sizeof(req)))
1405 return -EFAULT;
1406
1407 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1408 return -EINVAL;
1409
1410 size = sizeof(req) + req.conn_num * sizeof(*ci);
1411
70f23020
AE		 1412 cl = kmalloc(size, GFP_KERNEL);
1413 if (!cl)
1da177e4
LT		 1414 return -ENOMEM;
1415
70f23020
AE		 1416 hdev = hci_dev_get(req.dev_id);
1417 if (!hdev) {
1da177e4
LT		 1418 kfree(cl);
1419 return -ENODEV;
1420 }
1421
1422 ci = cl->conn_info;
1423
09fd0de5 1424 hci_dev_lock(hdev);
8035ded4 1425 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1da177e4
LT		 1426 bacpy(&(ci + n)->bdaddr, &c->dst);
1427 (ci + n)->handle = c->handle;
1428 (ci + n)->type = c->type;
1429 (ci + n)->out = c->out;
1430 (ci + n)->state = c->state;
4dae2798 1431 (ci + n)->link_mode = get_link_mode(c);
1da177e4
LT		 1432 if (++n >= req.conn_num)
1433 break;
1434 }
09fd0de5 1435 hci_dev_unlock(hdev);
1da177e4
LT		 1436
1437 cl->dev_id = hdev->id;
1438 cl->conn_num = n;
1439 size = sizeof(req) + n * sizeof(*ci);
1440
1441 hci_dev_put(hdev);
1442
1443 err = copy_to_user(arg, cl, size);
1444 kfree(cl);
1445
1446 return err ? -EFAULT : 0;
1447}
1448
1449int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1450{
1451 struct hci_conn_info_req req;
1452 struct hci_conn_info ci;
1453 struct hci_conn *conn;
1454 char __user *ptr = arg + sizeof(req);
1455
1456 if (copy_from_user(&req, arg, sizeof(req)))
1457 return -EFAULT;
1458
09fd0de5 1459 hci_dev_lock(hdev);
1da177e4
LT		 1460 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1461 if (conn) {
1462 bacpy(&ci.bdaddr, &conn->dst);
1463 ci.handle = conn->handle;
1464 ci.type = conn->type;
1465 ci.out = conn->out;
1466 ci.state = conn->state;
4dae2798 1467 ci.link_mode = get_link_mode(conn);
1da177e4 1468 }
09fd0de5 1469 hci_dev_unlock(hdev);
1da177e4
LT		 1470
1471 if (!conn)
1472 return -ENOENT;
1473
1474 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1475}
40be492f
MH		 1476
1477int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1478{
1479 struct hci_auth_info_req req;
1480 struct hci_conn *conn;
1481
1482 if (copy_from_user(&req, arg, sizeof(req)))
1483 return -EFAULT;
1484
09fd0de5 1485 hci_dev_lock(hdev);
40be492f
MH		 1486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1487 if (conn)
1488 req.type = conn->auth_type;
09fd0de5 1489 hci_dev_unlock(hdev);
40be492f
MH		 1490
1491 if (!conn)
1492 return -ENOENT;
1493
1494 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1495}
73d80deb
LAD		 1496
1497struct hci_chan *hci_chan_create(struct hci_conn *conn)
1498{
1499 struct hci_dev *hdev = conn->hdev;
1500 struct hci_chan *chan;
1501
38b3fef1 1502 BT_DBG("%s hcon %p", hdev->name, conn);
73d80deb 1503
f94b665d
JH		 1504 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
1505 BT_DBG("Refusing to create new hci_chan");
1506 return NULL;
1507 }
1508
27f70f3e 1509 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
73d80deb
LAD		 1510 if (!chan)
1511 return NULL;
1512
6c388d32 1513 chan->conn = hci_conn_get(conn);
73d80deb 1514 skb_queue_head_init(&chan->data_q);
168df8e5 1515 chan->state = BT_CONNECTED;
73d80deb 1516
8192edef 1517 list_add_rcu(&chan->list, &conn->chan_list);
73d80deb
LAD		 1518
1519 return chan;
1520}
1521
9472007c 1522void hci_chan_del(struct hci_chan *chan)
73d80deb
LAD		 1523{
1524 struct hci_conn *conn = chan->conn;
1525 struct hci_dev *hdev = conn->hdev;
1526
38b3fef1 1527 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
73d80deb 1528
8192edef
GP		 1529 list_del_rcu(&chan->list);
1530
1531 synchronize_rcu();
73d80deb 1532
bcbb655a 1533 /* Prevent new hci_chan's to be created for this hci_conn */
f94b665d 1534 set_bit(HCI_CONN_DROP, &conn->flags);
b3ff670a 1535
6c388d32 1536 hci_conn_put(conn);
e9b02748 1537
73d80deb
LAD		 1538 skb_queue_purge(&chan->data_q);
1539 kfree(chan);
73d80deb
LAD		 1540}
1541
2c33c06a 1542void hci_chan_list_flush(struct hci_conn *conn)
73d80deb 1543{
2a5a5ec6 1544 struct hci_chan *chan, *n;
73d80deb 1545
38b3fef1 1546 BT_DBG("hcon %p", conn);
73d80deb 1547
2a5a5ec6 1548 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
73d80deb
LAD		 1549 hci_chan_del(chan);
1550}
42c4e53e
AE		 1551
1552static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1553 __u16 handle)
1554{
1555 struct hci_chan *hchan;
1556
1557 list_for_each_entry(hchan, &hcon->chan_list, list) {
1558 if (hchan->handle == handle)
1559 return hchan;
1560 }
1561
1562 return NULL;
1563}
1564
1565struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1566{
1567 struct hci_conn_hash *h = &hdev->conn_hash;
1568 struct hci_conn *hcon;
1569 struct hci_chan *hchan = NULL;
1570
1571 rcu_read_lock();
1572
1573 list_for_each_entry_rcu(hcon, &h->list, list) {
1574 hchan = __hci_chan_lookup_handle(hcon, handle);
1575 if (hchan)
1576 break;
1577 }
1578
1579 rcu_read_unlock();
1580
1581 return hchan;
1582}
Linux kernel - Deliverables
This page took 0.770564 seconds and 5 git commands to generate.