2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
41 static const struct sco_param sco_param_cvsd
[] = {
42 { EDR_ESCO_MASK
& ~ESCO_2EV3
, 0x000a }, /* S3 */
43 { EDR_ESCO_MASK
& ~ESCO_2EV3
, 0x0007 }, /* S2 */
44 { EDR_ESCO_MASK
| ESCO_EV3
, 0x0007 }, /* S1 */
45 { EDR_ESCO_MASK
| ESCO_HV3
, 0xffff }, /* D1 */
46 { EDR_ESCO_MASK
| ESCO_HV1
, 0xffff }, /* D0 */
49 static const struct sco_param sco_param_wideband
[] = {
50 { EDR_ESCO_MASK
& ~ESCO_2EV3
, 0x000d }, /* T2 */
51 { EDR_ESCO_MASK
| ESCO_EV3
, 0x0008 }, /* T1 */
54 static void hci_le_create_connection_cancel(struct hci_conn
*conn
)
56 hci_send_cmd(conn
->hdev
, HCI_OP_LE_CREATE_CONN_CANCEL
, 0, NULL
);
59 static void hci_acl_create_connection(struct hci_conn
*conn
)
61 struct hci_dev
*hdev
= conn
->hdev
;
62 struct inquiry_entry
*ie
;
63 struct hci_cp_create_conn cp
;
65 BT_DBG("hcon %p", conn
);
67 conn
->state
= BT_CONNECT
;
70 set_bit(HCI_CONN_MASTER
, &conn
->flags
);
74 conn
->link_policy
= hdev
->link_policy
;
76 memset(&cp
, 0, sizeof(cp
));
77 bacpy(&cp
.bdaddr
, &conn
->dst
);
78 cp
.pscan_rep_mode
= 0x02;
80 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
82 if (inquiry_entry_age(ie
) <= INQUIRY_ENTRY_AGE_MAX
) {
83 cp
.pscan_rep_mode
= ie
->data
.pscan_rep_mode
;
84 cp
.pscan_mode
= ie
->data
.pscan_mode
;
85 cp
.clock_offset
= ie
->data
.clock_offset
|
89 memcpy(conn
->dev_class
, ie
->data
.dev_class
, 3);
90 if (ie
->data
.ssp_mode
> 0)
91 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
94 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
95 if (lmp_rswitch_capable(hdev
) && !(hdev
->link_mode
& HCI_LM_MASTER
))
96 cp
.role_switch
= 0x01;
98 cp
.role_switch
= 0x00;
100 hci_send_cmd(hdev
, HCI_OP_CREATE_CONN
, sizeof(cp
), &cp
);
103 static void hci_acl_create_connection_cancel(struct hci_conn
*conn
)
105 struct hci_cp_create_conn_cancel cp
;
107 BT_DBG("hcon %p", conn
);
109 if (conn
->hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
112 bacpy(&cp
.bdaddr
, &conn
->dst
);
113 hci_send_cmd(conn
->hdev
, HCI_OP_CREATE_CONN_CANCEL
, sizeof(cp
), &cp
);
116 static void hci_reject_sco(struct hci_conn
*conn
)
118 struct hci_cp_reject_sync_conn_req cp
;
120 cp
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
121 bacpy(&cp
.bdaddr
, &conn
->dst
);
123 hci_send_cmd(conn
->hdev
, HCI_OP_REJECT_SYNC_CONN_REQ
, sizeof(cp
), &cp
);
126 void hci_disconnect(struct hci_conn
*conn
, __u8 reason
)
128 struct hci_cp_disconnect cp
;
130 BT_DBG("hcon %p", conn
);
132 conn
->state
= BT_DISCONN
;
134 cp
.handle
= cpu_to_le16(conn
->handle
);
136 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONNECT
, sizeof(cp
), &cp
);
139 static void hci_amp_disconn(struct hci_conn
*conn
, __u8 reason
)
141 struct hci_cp_disconn_phy_link cp
;
143 BT_DBG("hcon %p", conn
);
145 conn
->state
= BT_DISCONN
;
147 cp
.phy_handle
= HCI_PHY_HANDLE(conn
->handle
);
149 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONN_PHY_LINK
,
153 static void hci_add_sco(struct hci_conn
*conn
, __u16 handle
)
155 struct hci_dev
*hdev
= conn
->hdev
;
156 struct hci_cp_add_sco cp
;
158 BT_DBG("hcon %p", conn
);
160 conn
->state
= BT_CONNECT
;
165 cp
.handle
= cpu_to_le16(handle
);
166 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
168 hci_send_cmd(hdev
, HCI_OP_ADD_SCO
, sizeof(cp
), &cp
);
171 bool hci_setup_sync(struct hci_conn
*conn
, __u16 handle
)
173 struct hci_dev
*hdev
= conn
->hdev
;
174 struct hci_cp_setup_sync_conn cp
;
175 const struct sco_param
*param
;
177 BT_DBG("hcon %p", conn
);
179 conn
->state
= BT_CONNECT
;
184 cp
.handle
= cpu_to_le16(handle
);
186 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
187 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
188 cp
.voice_setting
= cpu_to_le16(conn
->setting
);
190 switch (conn
->setting
& SCO_AIRMODE_MASK
) {
191 case SCO_AIRMODE_TRANSP
:
192 if (conn
->attempt
> ARRAY_SIZE(sco_param_wideband
))
194 cp
.retrans_effort
= 0x02;
195 param
= &sco_param_wideband
[conn
->attempt
- 1];
197 case SCO_AIRMODE_CVSD
:
198 if (conn
->attempt
> ARRAY_SIZE(sco_param_cvsd
))
200 cp
.retrans_effort
= 0x01;
201 param
= &sco_param_cvsd
[conn
->attempt
- 1];
207 cp
.pkt_type
= __cpu_to_le16(param
->pkt_type
);
208 cp
.max_latency
= __cpu_to_le16(param
->max_latency
);
210 if (hci_send_cmd(hdev
, HCI_OP_SETUP_SYNC_CONN
, sizeof(cp
), &cp
) < 0)
216 void hci_le_conn_update(struct hci_conn
*conn
, u16 min
, u16 max
,
217 u16 latency
, u16 to_multiplier
)
219 struct hci_cp_le_conn_update cp
;
220 struct hci_dev
*hdev
= conn
->hdev
;
222 memset(&cp
, 0, sizeof(cp
));
224 cp
.handle
= cpu_to_le16(conn
->handle
);
225 cp
.conn_interval_min
= cpu_to_le16(min
);
226 cp
.conn_interval_max
= cpu_to_le16(max
);
227 cp
.conn_latency
= cpu_to_le16(latency
);
228 cp
.supervision_timeout
= cpu_to_le16(to_multiplier
);
229 cp
.min_ce_len
= cpu_to_le16(0x0000);
230 cp
.max_ce_len
= cpu_to_le16(0x0000);
232 hci_send_cmd(hdev
, HCI_OP_LE_CONN_UPDATE
, sizeof(cp
), &cp
);
235 void hci_le_start_enc(struct hci_conn
*conn
, __le16 ediv
, __le64 rand
,
238 struct hci_dev
*hdev
= conn
->hdev
;
239 struct hci_cp_le_start_enc cp
;
241 BT_DBG("hcon %p", conn
);
243 memset(&cp
, 0, sizeof(cp
));
245 cp
.handle
= cpu_to_le16(conn
->handle
);
248 memcpy(cp
.ltk
, ltk
, sizeof(cp
.ltk
));
250 hci_send_cmd(hdev
, HCI_OP_LE_START_ENC
, sizeof(cp
), &cp
);
253 /* Device _must_ be locked */
254 void hci_sco_setup(struct hci_conn
*conn
, __u8 status
)
256 struct hci_conn
*sco
= conn
->link
;
261 BT_DBG("hcon %p", conn
);
264 if (lmp_esco_capable(conn
->hdev
))
265 hci_setup_sync(sco
, conn
->handle
);
267 hci_add_sco(sco
, conn
->handle
);
269 hci_proto_connect_cfm(sco
, status
);
274 static void hci_conn_disconnect(struct hci_conn
*conn
)
276 __u8 reason
= hci_proto_disconn_ind(conn
);
278 switch (conn
->type
) {
280 hci_amp_disconn(conn
, reason
);
283 hci_disconnect(conn
, reason
);
288 static void hci_conn_timeout(struct work_struct
*work
)
290 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
292 int refcnt
= atomic_read(&conn
->refcnt
);
294 BT_DBG("hcon %p state %s", conn
, state_to_string(conn
->state
));
298 /* FIXME: It was observed that in pairing failed scenario, refcnt
299 * drops below 0. Probably this is because l2cap_conn_del calls
300 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
301 * dropped. After that loop hci_chan_del is called which also drops
302 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
308 switch (conn
->state
) {
312 if (conn
->type
== ACL_LINK
)
313 hci_acl_create_connection_cancel(conn
);
314 else if (conn
->type
== LE_LINK
)
315 hci_le_create_connection_cancel(conn
);
316 } else if (conn
->type
== SCO_LINK
|| conn
->type
== ESCO_LINK
) {
317 hci_reject_sco(conn
);
322 hci_conn_disconnect(conn
);
325 conn
->state
= BT_CLOSED
;
330 /* Enter sniff mode */
331 static void hci_conn_idle(struct work_struct
*work
)
333 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
335 struct hci_dev
*hdev
= conn
->hdev
;
337 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
339 if (test_bit(HCI_RAW
, &hdev
->flags
))
342 if (!lmp_sniff_capable(hdev
) || !lmp_sniff_capable(conn
))
345 if (conn
->mode
!= HCI_CM_ACTIVE
|| !(conn
->link_policy
& HCI_LP_SNIFF
))
348 if (lmp_sniffsubr_capable(hdev
) && lmp_sniffsubr_capable(conn
)) {
349 struct hci_cp_sniff_subrate cp
;
350 cp
.handle
= cpu_to_le16(conn
->handle
);
351 cp
.max_latency
= cpu_to_le16(0);
352 cp
.min_remote_timeout
= cpu_to_le16(0);
353 cp
.min_local_timeout
= cpu_to_le16(0);
354 hci_send_cmd(hdev
, HCI_OP_SNIFF_SUBRATE
, sizeof(cp
), &cp
);
357 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
358 struct hci_cp_sniff_mode cp
;
359 cp
.handle
= cpu_to_le16(conn
->handle
);
360 cp
.max_interval
= cpu_to_le16(hdev
->sniff_max_interval
);
361 cp
.min_interval
= cpu_to_le16(hdev
->sniff_min_interval
);
362 cp
.attempt
= cpu_to_le16(4);
363 cp
.timeout
= cpu_to_le16(1);
364 hci_send_cmd(hdev
, HCI_OP_SNIFF_MODE
, sizeof(cp
), &cp
);
368 static void hci_conn_auto_accept(struct work_struct
*work
)
370 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
371 auto_accept_work
.work
);
373 hci_send_cmd(conn
->hdev
, HCI_OP_USER_CONFIRM_REPLY
, sizeof(conn
->dst
),
377 static void le_conn_timeout(struct work_struct
*work
)
379 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
380 le_conn_timeout
.work
);
381 struct hci_dev
*hdev
= conn
->hdev
;
385 /* We could end up here due to having done directed advertising,
386 * so clean up the state if necessary. This should however only
387 * happen with broken hardware or if low duty cycle was used
388 * (which doesn't have a timeout of its own).
390 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
392 hci_send_cmd(hdev
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
),
394 hci_le_conn_failed(conn
, HCI_ERROR_ADVERTISING_TIMEOUT
);
398 hci_le_create_connection_cancel(conn
);
401 struct hci_conn
*hci_conn_add(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
)
403 struct hci_conn
*conn
;
405 BT_DBG("%s dst %pMR", hdev
->name
, dst
);
407 conn
= kzalloc(sizeof(struct hci_conn
), GFP_KERNEL
);
411 bacpy(&conn
->dst
, dst
);
412 bacpy(&conn
->src
, &hdev
->bdaddr
);
415 conn
->mode
= HCI_CM_ACTIVE
;
416 conn
->state
= BT_OPEN
;
417 conn
->auth_type
= HCI_AT_GENERAL_BONDING
;
418 conn
->io_capability
= hdev
->io_capability
;
419 conn
->remote_auth
= 0xff;
420 conn
->key_type
= 0xff;
421 conn
->tx_power
= HCI_TX_POWER_INVALID
;
422 conn
->max_tx_power
= HCI_TX_POWER_INVALID
;
424 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
425 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
429 conn
->pkt_type
= hdev
->pkt_type
& ACL_PTYPE_MASK
;
432 /* conn->src should reflect the local identity address */
433 hci_copy_identity_address(hdev
, &conn
->src
, &conn
->src_type
);
436 if (lmp_esco_capable(hdev
))
437 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
438 (hdev
->esco_type
& EDR_ESCO_MASK
);
440 conn
->pkt_type
= hdev
->pkt_type
& SCO_PTYPE_MASK
;
443 conn
->pkt_type
= hdev
->esco_type
& ~EDR_ESCO_MASK
;
447 skb_queue_head_init(&conn
->data_q
);
449 INIT_LIST_HEAD(&conn
->chan_list
);
451 INIT_DELAYED_WORK(&conn
->disc_work
, hci_conn_timeout
);
452 INIT_DELAYED_WORK(&conn
->auto_accept_work
, hci_conn_auto_accept
);
453 INIT_DELAYED_WORK(&conn
->idle_work
, hci_conn_idle
);
454 INIT_DELAYED_WORK(&conn
->le_conn_timeout
, le_conn_timeout
);
456 atomic_set(&conn
->refcnt
, 0);
460 hci_conn_hash_add(hdev
, conn
);
462 hdev
->notify(hdev
, HCI_NOTIFY_CONN_ADD
);
464 hci_conn_init_sysfs(conn
);
469 int hci_conn_del(struct hci_conn
*conn
)
471 struct hci_dev
*hdev
= conn
->hdev
;
473 BT_DBG("%s hcon %p handle %d", hdev
->name
, conn
, conn
->handle
);
475 cancel_delayed_work_sync(&conn
->disc_work
);
476 cancel_delayed_work_sync(&conn
->auto_accept_work
);
477 cancel_delayed_work_sync(&conn
->idle_work
);
479 if (conn
->type
== ACL_LINK
) {
480 struct hci_conn
*sco
= conn
->link
;
485 hdev
->acl_cnt
+= conn
->sent
;
486 } else if (conn
->type
== LE_LINK
) {
487 cancel_delayed_work_sync(&conn
->le_conn_timeout
);
490 hdev
->le_cnt
+= conn
->sent
;
492 hdev
->acl_cnt
+= conn
->sent
;
494 struct hci_conn
*acl
= conn
->link
;
501 hci_chan_list_flush(conn
);
504 amp_mgr_put(conn
->amp_mgr
);
506 hci_conn_hash_del(hdev
, conn
);
508 hdev
->notify(hdev
, HCI_NOTIFY_CONN_DEL
);
510 skb_queue_purge(&conn
->data_q
);
512 hci_conn_del_sysfs(conn
);
521 struct hci_dev
*hci_get_route(bdaddr_t
*dst
, bdaddr_t
*src
)
523 int use_src
= bacmp(src
, BDADDR_ANY
);
524 struct hci_dev
*hdev
= NULL
, *d
;
526 BT_DBG("%pMR -> %pMR", src
, dst
);
528 read_lock(&hci_dev_list_lock
);
530 list_for_each_entry(d
, &hci_dev_list
, list
) {
531 if (!test_bit(HCI_UP
, &d
->flags
) ||
532 test_bit(HCI_RAW
, &d
->flags
) ||
533 test_bit(HCI_USER_CHANNEL
, &d
->dev_flags
) ||
534 d
->dev_type
!= HCI_BREDR
)
538 * No source address - find interface with bdaddr != dst
539 * Source address - find interface with bdaddr == src
543 if (!bacmp(&d
->bdaddr
, src
)) {
547 if (bacmp(&d
->bdaddr
, dst
)) {
554 hdev
= hci_dev_hold(hdev
);
556 read_unlock(&hci_dev_list_lock
);
559 EXPORT_SYMBOL(hci_get_route
);
561 /* This function requires the caller holds hdev->lock */
562 void hci_le_conn_failed(struct hci_conn
*conn
, u8 status
)
564 struct hci_dev
*hdev
= conn
->hdev
;
566 conn
->state
= BT_CLOSED
;
568 mgmt_connect_failed(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
571 hci_proto_connect_cfm(conn
, status
);
575 /* Since we may have temporarily stopped the background scanning in
576 * favor of connection establishment, we should restart it.
578 hci_update_background_scan(hdev
);
580 /* Re-enable advertising in case this was a failed connection
581 * attempt as a peripheral.
583 mgmt_reenable_advertising(hdev
);
586 static void create_le_conn_complete(struct hci_dev
*hdev
, u8 status
)
588 struct hci_conn
*conn
;
593 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
598 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
602 hci_le_conn_failed(conn
, status
);
605 hci_dev_unlock(hdev
);
608 static void hci_req_add_le_create_conn(struct hci_request
*req
,
609 struct hci_conn
*conn
)
611 struct hci_cp_le_create_conn cp
;
612 struct hci_dev
*hdev
= conn
->hdev
;
615 memset(&cp
, 0, sizeof(cp
));
617 /* Update random address, but set require_privacy to false so
618 * that we never connect with an unresolvable address.
620 if (hci_update_random_address(req
, false, &own_addr_type
))
623 cp
.scan_interval
= cpu_to_le16(hdev
->le_scan_interval
);
624 cp
.scan_window
= cpu_to_le16(hdev
->le_scan_window
);
625 bacpy(&cp
.peer_addr
, &conn
->dst
);
626 cp
.peer_addr_type
= conn
->dst_type
;
627 cp
.own_address_type
= own_addr_type
;
628 cp
.conn_interval_min
= cpu_to_le16(conn
->le_conn_min_interval
);
629 cp
.conn_interval_max
= cpu_to_le16(conn
->le_conn_max_interval
);
630 cp
.supervision_timeout
= cpu_to_le16(0x002a);
631 cp
.min_ce_len
= cpu_to_le16(0x0000);
632 cp
.max_ce_len
= cpu_to_le16(0x0000);
634 hci_req_add(req
, HCI_OP_LE_CREATE_CONN
, sizeof(cp
), &cp
);
636 conn
->state
= BT_CONNECT
;
639 static void hci_req_directed_advertising(struct hci_request
*req
,
640 struct hci_conn
*conn
)
642 struct hci_dev
*hdev
= req
->hdev
;
643 struct hci_cp_le_set_adv_param cp
;
648 hci_req_add(req
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
), &enable
);
650 /* Clear the HCI_ADVERTISING bit temporarily so that the
651 * hci_update_random_address knows that it's safe to go ahead
652 * and write a new random address. The flag will be set back on
653 * as soon as the SET_ADV_ENABLE HCI command completes.
655 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
657 /* Set require_privacy to false so that the remote device has a
658 * chance of identifying us.
660 if (hci_update_random_address(req
, false, &own_addr_type
) < 0)
663 memset(&cp
, 0, sizeof(cp
));
664 cp
.type
= LE_ADV_DIRECT_IND
;
665 cp
.own_address_type
= own_addr_type
;
666 cp
.direct_addr_type
= conn
->dst_type
;
667 bacpy(&cp
.direct_addr
, &conn
->dst
);
668 cp
.channel_map
= hdev
->le_adv_channel_map
;
670 hci_req_add(req
, HCI_OP_LE_SET_ADV_PARAM
, sizeof(cp
), &cp
);
673 hci_req_add(req
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
), &enable
);
675 conn
->state
= BT_CONNECT
;
678 struct hci_conn
*hci_connect_le(struct hci_dev
*hdev
, bdaddr_t
*dst
,
679 u8 dst_type
, u8 sec_level
, u8 auth_type
)
681 struct hci_conn_params
*params
;
682 struct hci_conn
*conn
;
684 struct hci_request req
;
687 /* Some devices send ATT messages as soon as the physical link is
688 * established. To be able to handle these ATT messages, the user-
689 * space first establishes the connection and then starts the pairing
692 * So if a hci_conn object already exists for the following connection
693 * attempt, we simply update pending_sec_level and auth_type fields
694 * and return the object found.
696 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, dst
);
698 conn
->pending_sec_level
= sec_level
;
699 conn
->auth_type
= auth_type
;
703 /* Since the controller supports only one LE connection attempt at a
704 * time, we return -EBUSY if there is any connection attempt running.
706 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
708 return ERR_PTR(-EBUSY
);
710 /* When given an identity address with existing identity
711 * resolving key, the connection needs to be established
712 * to a resolvable random address.
714 * This uses the cached random resolvable address from
715 * a previous scan. When no cached address is available,
716 * try connecting to the identity address instead.
718 * Storing the resolvable random address is required here
719 * to handle connection failures. The address will later
720 * be resolved back into the original identity address
721 * from the connect request.
723 irk
= hci_find_irk_by_addr(hdev
, dst
, dst_type
);
724 if (irk
&& bacmp(&irk
->rpa
, BDADDR_ANY
)) {
726 dst_type
= ADDR_LE_DEV_RANDOM
;
729 conn
= hci_conn_add(hdev
, LE_LINK
, dst
);
731 return ERR_PTR(-ENOMEM
);
733 conn
->dst_type
= dst_type
;
734 conn
->sec_level
= BT_SECURITY_LOW
;
735 conn
->pending_sec_level
= sec_level
;
736 conn
->auth_type
= auth_type
;
738 hci_req_init(&req
, hdev
);
740 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
741 hci_req_directed_advertising(&req
, conn
);
746 set_bit(HCI_CONN_MASTER
, &conn
->flags
);
748 params
= hci_conn_params_lookup(hdev
, &conn
->dst
, conn
->dst_type
);
750 conn
->le_conn_min_interval
= params
->conn_min_interval
;
751 conn
->le_conn_max_interval
= params
->conn_max_interval
;
753 conn
->le_conn_min_interval
= hdev
->le_conn_min_interval
;
754 conn
->le_conn_max_interval
= hdev
->le_conn_max_interval
;
757 /* If controller is scanning, we stop it since some controllers are
758 * not able to scan and connect at the same time. Also set the
759 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
760 * handler for scan disabling knows to set the correct discovery
763 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
)) {
764 hci_req_add_le_scan_disable(&req
);
765 set_bit(HCI_LE_SCAN_INTERRUPTED
, &hdev
->dev_flags
);
768 hci_req_add_le_create_conn(&req
, conn
);
771 err
= hci_req_run(&req
, create_le_conn_complete
);
782 struct hci_conn
*hci_connect_acl(struct hci_dev
*hdev
, bdaddr_t
*dst
,
783 u8 sec_level
, u8 auth_type
)
785 struct hci_conn
*acl
;
787 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
788 return ERR_PTR(-ENOTSUPP
);
790 acl
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, dst
);
792 acl
= hci_conn_add(hdev
, ACL_LINK
, dst
);
794 return ERR_PTR(-ENOMEM
);
799 if (acl
->state
== BT_OPEN
|| acl
->state
== BT_CLOSED
) {
800 acl
->sec_level
= BT_SECURITY_LOW
;
801 acl
->pending_sec_level
= sec_level
;
802 acl
->auth_type
= auth_type
;
803 hci_acl_create_connection(acl
);
809 struct hci_conn
*hci_connect_sco(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
,
812 struct hci_conn
*acl
;
813 struct hci_conn
*sco
;
815 acl
= hci_connect_acl(hdev
, dst
, BT_SECURITY_LOW
, HCI_AT_NO_BONDING
);
819 sco
= hci_conn_hash_lookup_ba(hdev
, type
, dst
);
821 sco
= hci_conn_add(hdev
, type
, dst
);
824 return ERR_PTR(-ENOMEM
);
833 sco
->setting
= setting
;
835 if (acl
->state
== BT_CONNECTED
&&
836 (sco
->state
== BT_OPEN
|| sco
->state
== BT_CLOSED
)) {
837 set_bit(HCI_CONN_POWER_SAVE
, &acl
->flags
);
838 hci_conn_enter_active_mode(acl
, BT_POWER_FORCE_ACTIVE_ON
);
840 if (test_bit(HCI_CONN_MODE_CHANGE_PEND
, &acl
->flags
)) {
841 /* defer SCO setup until mode change completed */
842 set_bit(HCI_CONN_SCO_SETUP_PEND
, &acl
->flags
);
846 hci_sco_setup(acl
, 0x00);
852 /* Check link security requirement */
853 int hci_conn_check_link_mode(struct hci_conn
*conn
)
855 BT_DBG("hcon %p", conn
);
857 /* In Secure Connections Only mode, it is required that Secure
858 * Connections is used and the link is encrypted with AES-CCM
859 * using a P-256 authenticated combination key.
861 if (test_bit(HCI_SC_ONLY
, &conn
->hdev
->flags
)) {
862 if (!hci_conn_sc_enabled(conn
) ||
863 !test_bit(HCI_CONN_AES_CCM
, &conn
->flags
) ||
864 conn
->key_type
!= HCI_LK_AUTH_COMBINATION_P256
)
868 if (hci_conn_ssp_enabled(conn
) &&
869 !test_bit(HCI_CONN_ENCRYPT
, &conn
->flags
))
875 /* Authenticate remote device */
876 static int hci_conn_auth(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
878 BT_DBG("hcon %p", conn
);
880 if (conn
->pending_sec_level
> sec_level
)
881 sec_level
= conn
->pending_sec_level
;
883 if (sec_level
> conn
->sec_level
)
884 conn
->pending_sec_level
= sec_level
;
885 else if (test_bit(HCI_CONN_AUTH
, &conn
->flags
))
888 /* Make sure we preserve an existing MITM requirement*/
889 auth_type
|= (conn
->auth_type
& 0x01);
891 conn
->auth_type
= auth_type
;
893 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
894 struct hci_cp_auth_requested cp
;
896 cp
.handle
= cpu_to_le16(conn
->handle
);
897 hci_send_cmd(conn
->hdev
, HCI_OP_AUTH_REQUESTED
,
900 /* If we're already encrypted set the REAUTH_PEND flag,
901 * otherwise set the ENCRYPT_PEND.
903 if (test_bit(HCI_CONN_ENCRYPT
, &conn
->flags
))
904 set_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
906 set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
912 /* Encrypt the the link */
913 static void hci_conn_encrypt(struct hci_conn
*conn
)
915 BT_DBG("hcon %p", conn
);
917 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
918 struct hci_cp_set_conn_encrypt cp
;
919 cp
.handle
= cpu_to_le16(conn
->handle
);
921 hci_send_cmd(conn
->hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
926 /* Enable security */
927 int hci_conn_security(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
929 BT_DBG("hcon %p", conn
);
931 if (conn
->type
== LE_LINK
)
932 return smp_conn_security(conn
, sec_level
);
934 /* For sdp we don't need the link key. */
935 if (sec_level
== BT_SECURITY_SDP
)
938 /* For non 2.1 devices and low security level we don't need the link
940 if (sec_level
== BT_SECURITY_LOW
&& !hci_conn_ssp_enabled(conn
))
943 /* For other security levels we need the link key. */
944 if (!test_bit(HCI_CONN_AUTH
, &conn
->flags
))
947 /* An authenticated FIPS approved combination key has sufficient
948 * security for security level 4. */
949 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION_P256
&&
950 sec_level
== BT_SECURITY_FIPS
)
953 /* An authenticated combination key has sufficient security for
955 if ((conn
->key_type
== HCI_LK_AUTH_COMBINATION_P192
||
956 conn
->key_type
== HCI_LK_AUTH_COMBINATION_P256
) &&
957 sec_level
== BT_SECURITY_HIGH
)
960 /* An unauthenticated combination key has sufficient security for
961 security level 1 and 2. */
962 if ((conn
->key_type
== HCI_LK_UNAUTH_COMBINATION_P192
||
963 conn
->key_type
== HCI_LK_UNAUTH_COMBINATION_P256
) &&
964 (sec_level
== BT_SECURITY_MEDIUM
|| sec_level
== BT_SECURITY_LOW
))
967 /* A combination key has always sufficient security for the security
968 levels 1 or 2. High security level requires the combination key
969 is generated using maximum PIN code length (16).
970 For pre 2.1 units. */
971 if (conn
->key_type
== HCI_LK_COMBINATION
&&
972 (sec_level
== BT_SECURITY_MEDIUM
|| sec_level
== BT_SECURITY_LOW
||
973 conn
->pin_length
== 16))
977 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
))
980 if (!hci_conn_auth(conn
, sec_level
, auth_type
))
984 if (test_bit(HCI_CONN_ENCRYPT
, &conn
->flags
))
987 hci_conn_encrypt(conn
);
990 EXPORT_SYMBOL(hci_conn_security
);
992 /* Check secure link requirement */
993 int hci_conn_check_secure(struct hci_conn
*conn
, __u8 sec_level
)
995 BT_DBG("hcon %p", conn
);
997 /* Accept if non-secure or higher security level is required */
998 if (sec_level
!= BT_SECURITY_HIGH
&& sec_level
!= BT_SECURITY_FIPS
)
1001 /* Accept if secure or higher security level is already present */
1002 if (conn
->sec_level
== BT_SECURITY_HIGH
||
1003 conn
->sec_level
== BT_SECURITY_FIPS
)
1006 /* Reject not secure link */
1009 EXPORT_SYMBOL(hci_conn_check_secure
);
1011 /* Change link key */
1012 int hci_conn_change_link_key(struct hci_conn
*conn
)
1014 BT_DBG("hcon %p", conn
);
1016 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
1017 struct hci_cp_change_conn_link_key cp
;
1018 cp
.handle
= cpu_to_le16(conn
->handle
);
1019 hci_send_cmd(conn
->hdev
, HCI_OP_CHANGE_CONN_LINK_KEY
,
1027 int hci_conn_switch_role(struct hci_conn
*conn
, __u8 role
)
1029 BT_DBG("hcon %p", conn
);
1031 if (!role
&& test_bit(HCI_CONN_MASTER
, &conn
->flags
))
1034 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
)) {
1035 struct hci_cp_switch_role cp
;
1036 bacpy(&cp
.bdaddr
, &conn
->dst
);
1038 hci_send_cmd(conn
->hdev
, HCI_OP_SWITCH_ROLE
, sizeof(cp
), &cp
);
1043 EXPORT_SYMBOL(hci_conn_switch_role
);
1045 /* Enter active mode */
1046 void hci_conn_enter_active_mode(struct hci_conn
*conn
, __u8 force_active
)
1048 struct hci_dev
*hdev
= conn
->hdev
;
1050 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
1052 if (test_bit(HCI_RAW
, &hdev
->flags
))
1055 if (conn
->mode
!= HCI_CM_SNIFF
)
1058 if (!test_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
) && !force_active
)
1061 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
1062 struct hci_cp_exit_sniff_mode cp
;
1063 cp
.handle
= cpu_to_le16(conn
->handle
);
1064 hci_send_cmd(hdev
, HCI_OP_EXIT_SNIFF_MODE
, sizeof(cp
), &cp
);
1068 if (hdev
->idle_timeout
> 0)
1069 queue_delayed_work(hdev
->workqueue
, &conn
->idle_work
,
1070 msecs_to_jiffies(hdev
->idle_timeout
));
1073 /* Drop all connection on the device */
1074 void hci_conn_hash_flush(struct hci_dev
*hdev
)
1076 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
1077 struct hci_conn
*c
, *n
;
1079 BT_DBG("hdev %s", hdev
->name
);
1081 list_for_each_entry_safe(c
, n
, &h
->list
, list
) {
1082 c
->state
= BT_CLOSED
;
1084 hci_proto_disconn_cfm(c
, HCI_ERROR_LOCAL_HOST_TERM
);
1089 /* Check pending connect attempts */
1090 void hci_conn_check_pending(struct hci_dev
*hdev
)
1092 struct hci_conn
*conn
;
1094 BT_DBG("hdev %s", hdev
->name
);
1098 conn
= hci_conn_hash_lookup_state(hdev
, ACL_LINK
, BT_CONNECT2
);
1100 hci_acl_create_connection(conn
);
1102 hci_dev_unlock(hdev
);
1105 static u32
get_link_mode(struct hci_conn
*conn
)
1109 if (test_bit(HCI_CONN_MASTER
, &conn
->flags
))
1110 link_mode
|= HCI_LM_MASTER
;
1112 if (test_bit(HCI_CONN_ENCRYPT
, &conn
->flags
))
1113 link_mode
|= HCI_LM_ENCRYPT
;
1115 if (test_bit(HCI_CONN_AUTH
, &conn
->flags
))
1116 link_mode
|= HCI_LM_AUTH
;
1118 if (test_bit(HCI_CONN_SECURE
, &conn
->flags
))
1119 link_mode
|= HCI_LM_SECURE
;
1121 if (test_bit(HCI_CONN_FIPS
, &conn
->flags
))
1122 link_mode
|= HCI_LM_FIPS
;
1127 int hci_get_conn_list(void __user
*arg
)
1130 struct hci_conn_list_req req
, *cl
;
1131 struct hci_conn_info
*ci
;
1132 struct hci_dev
*hdev
;
1133 int n
= 0, size
, err
;
1135 if (copy_from_user(&req
, arg
, sizeof(req
)))
1138 if (!req
.conn_num
|| req
.conn_num
> (PAGE_SIZE
* 2) / sizeof(*ci
))
1141 size
= sizeof(req
) + req
.conn_num
* sizeof(*ci
);
1143 cl
= kmalloc(size
, GFP_KERNEL
);
1147 hdev
= hci_dev_get(req
.dev_id
);
1156 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1157 bacpy(&(ci
+ n
)->bdaddr
, &c
->dst
);
1158 (ci
+ n
)->handle
= c
->handle
;
1159 (ci
+ n
)->type
= c
->type
;
1160 (ci
+ n
)->out
= c
->out
;
1161 (ci
+ n
)->state
= c
->state
;
1162 (ci
+ n
)->link_mode
= get_link_mode(c
);
1163 if (++n
>= req
.conn_num
)
1166 hci_dev_unlock(hdev
);
1168 cl
->dev_id
= hdev
->id
;
1170 size
= sizeof(req
) + n
* sizeof(*ci
);
1174 err
= copy_to_user(arg
, cl
, size
);
1177 return err
? -EFAULT
: 0;
1180 int hci_get_conn_info(struct hci_dev
*hdev
, void __user
*arg
)
1182 struct hci_conn_info_req req
;
1183 struct hci_conn_info ci
;
1184 struct hci_conn
*conn
;
1185 char __user
*ptr
= arg
+ sizeof(req
);
1187 if (copy_from_user(&req
, arg
, sizeof(req
)))
1191 conn
= hci_conn_hash_lookup_ba(hdev
, req
.type
, &req
.bdaddr
);
1193 bacpy(&ci
.bdaddr
, &conn
->dst
);
1194 ci
.handle
= conn
->handle
;
1195 ci
.type
= conn
->type
;
1197 ci
.state
= conn
->state
;
1198 ci
.link_mode
= get_link_mode(conn
);
1200 hci_dev_unlock(hdev
);
1205 return copy_to_user(ptr
, &ci
, sizeof(ci
)) ? -EFAULT
: 0;
1208 int hci_get_auth_info(struct hci_dev
*hdev
, void __user
*arg
)
1210 struct hci_auth_info_req req
;
1211 struct hci_conn
*conn
;
1213 if (copy_from_user(&req
, arg
, sizeof(req
)))
1217 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &req
.bdaddr
);
1219 req
.type
= conn
->auth_type
;
1220 hci_dev_unlock(hdev
);
1225 return copy_to_user(arg
, &req
, sizeof(req
)) ? -EFAULT
: 0;
1228 struct hci_chan
*hci_chan_create(struct hci_conn
*conn
)
1230 struct hci_dev
*hdev
= conn
->hdev
;
1231 struct hci_chan
*chan
;
1233 BT_DBG("%s hcon %p", hdev
->name
, conn
);
1235 chan
= kzalloc(sizeof(struct hci_chan
), GFP_KERNEL
);
1240 skb_queue_head_init(&chan
->data_q
);
1241 chan
->state
= BT_CONNECTED
;
1243 list_add_rcu(&chan
->list
, &conn
->chan_list
);
1248 void hci_chan_del(struct hci_chan
*chan
)
1250 struct hci_conn
*conn
= chan
->conn
;
1251 struct hci_dev
*hdev
= conn
->hdev
;
1253 BT_DBG("%s hcon %p chan %p", hdev
->name
, conn
, chan
);
1255 list_del_rcu(&chan
->list
);
1259 hci_conn_drop(conn
);
1261 skb_queue_purge(&chan
->data_q
);
1265 void hci_chan_list_flush(struct hci_conn
*conn
)
1267 struct hci_chan
*chan
, *n
;
1269 BT_DBG("hcon %p", conn
);
1271 list_for_each_entry_safe(chan
, n
, &conn
->chan_list
, list
)
1275 static struct hci_chan
*__hci_chan_lookup_handle(struct hci_conn
*hcon
,
1278 struct hci_chan
*hchan
;
1280 list_for_each_entry(hchan
, &hcon
->chan_list
, list
) {
1281 if (hchan
->handle
== handle
)
1288 struct hci_chan
*hci_chan_lookup_handle(struct hci_dev
*hdev
, __u16 handle
)
1290 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
1291 struct hci_conn
*hcon
;
1292 struct hci_chan
*hchan
= NULL
;
1296 list_for_each_entry_rcu(hcon
, &h
->list
, list
) {
1297 hchan
= __hci_chan_lookup_handle(hcon
, handle
);