hci_conn.c 23.8 KB
Newer Older
1
/*
L
Linus Torvalds 已提交
2
   BlueZ - Bluetooth protocol stack for Linux
3
   Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
L
Linus Torvalds 已提交
4 5 6 7 8 9 10 11 12 13 14

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 16 17
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
L
Linus Torvalds 已提交
18 19
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

20 21
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
L
Linus Torvalds 已提交
22 23 24 25 26
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI connection handling. */

27
#include <linux/export.h>
L
Linus Torvalds 已提交
28 29 30

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
31
#include <net/bluetooth/a2mp.h>
32
#include <net/bluetooth/smp.h>
L
Linus Torvalds 已提交
33

34
static void hci_le_create_connection(struct hci_conn *conn)
V
Ville Tervo 已提交
35 36 37 38 39
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_le_create_conn cp;

	conn->state = BT_CONNECT;
40
	conn->out = true;
41
	conn->link_mode |= HCI_LM_MASTER;
42
	conn->sec_level = BT_SECURITY_LOW;
V
Ville Tervo 已提交
43 44

	memset(&cp, 0, sizeof(cp));
45 46
	cp.scan_interval = __constant_cpu_to_le16(0x0060);
	cp.scan_window = __constant_cpu_to_le16(0x0030);
V
Ville Tervo 已提交
47
	bacpy(&cp.peer_addr, &conn->dst);
48
	cp.peer_addr_type = conn->dst_type;
49 50 51 52 53
	cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
	cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
	cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
	cp.min_ce_len = __constant_cpu_to_le16(0x0000);
	cp.max_ce_len = __constant_cpu_to_le16(0x0000);
V
Ville Tervo 已提交
54 55 56 57

	hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
}

58
static void hci_le_create_connection_cancel(struct hci_conn *conn)
V
Ville Tervo 已提交
59 60 61 62
{
	hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
}

63
static void hci_acl_create_connection(struct hci_conn *conn)
L
Linus Torvalds 已提交
64 65 66 67 68
{
	struct hci_dev *hdev = conn->hdev;
	struct inquiry_entry *ie;
	struct hci_cp_create_conn cp;

69
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
70 71

	conn->state = BT_CONNECT;
72
	conn->out = true;
73

L
Linus Torvalds 已提交
74 75
	conn->link_mode = HCI_LM_MASTER;

76 77
	conn->attempt++;

78 79
	conn->link_policy = hdev->link_policy;

L
Linus Torvalds 已提交
80 81 82 83
	memset(&cp, 0, sizeof(cp));
	bacpy(&cp.bdaddr, &conn->dst);
	cp.pscan_rep_mode = 0x02;

A
Andrei Emeltchenko 已提交
84 85
	ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
	if (ie) {
86 87 88 89
		if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
			cp.pscan_rep_mode = ie->data.pscan_rep_mode;
			cp.pscan_mode     = ie->data.pscan_mode;
			cp.clock_offset   = ie->data.clock_offset |
90
					    __constant_cpu_to_le16(0x8000);
91 92
		}

L
Linus Torvalds 已提交
93
		memcpy(conn->dev_class, ie->data.dev_class, 3);
94 95
		if (ie->data.ssp_mode > 0)
			set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
L
Linus Torvalds 已提交
96 97
	}

98
	cp.pkt_type = cpu_to_le16(conn->pkt_type);
L
Linus Torvalds 已提交
99
	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
100
		cp.role_switch = 0x01;
L
Linus Torvalds 已提交
101
	else
102
		cp.role_switch = 0x00;
103

104
	hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
L
Linus Torvalds 已提交
105 106
}

107
static void hci_acl_create_connection_cancel(struct hci_conn *conn)
108 109 110
{
	struct hci_cp_create_conn_cancel cp;

111
	BT_DBG("hcon %p", conn);
112

113
	if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
114 115 116
		return;

	bacpy(&cp.bdaddr, &conn->dst);
117
	hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118 119
}

A
Andre Guedes 已提交
120
void hci_disconnect(struct hci_conn *conn, __u8 reason)
L
Linus Torvalds 已提交
121 122 123
{
	struct hci_cp_disconnect cp;

124
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
125 126 127

	conn->state = BT_DISCONN;

128
	cp.handle = cpu_to_le16(conn->handle);
L
Linus Torvalds 已提交
129
	cp.reason = reason;
130
	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
L
Linus Torvalds 已提交
131 132
}

133 134 135 136 137 138 139 140 141 142 143 144 145 146
static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
{
	struct hci_cp_disconn_phy_link cp;

	BT_DBG("hcon %p", conn);

	conn->state = BT_DISCONN;

	cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
	cp.reason = reason;
	hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
		     sizeof(cp), &cp);
}

147
static void hci_add_sco(struct hci_conn *conn, __u16 handle)
L
Linus Torvalds 已提交
148 149 150 151
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_add_sco cp;

152
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
153 154

	conn->state = BT_CONNECT;
155
	conn->out = true;
L
Linus Torvalds 已提交
156

157 158
	conn->attempt++;

159
	cp.handle   = cpu_to_le16(handle);
160
	cp.pkt_type = cpu_to_le16(conn->pkt_type);
L
Linus Torvalds 已提交
161

162
	hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
L
Linus Torvalds 已提交
163 164
}

165 166 167 168 169
void hci_setup_sync(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_setup_sync_conn cp;

170
	BT_DBG("hcon %p", conn);
171 172

	conn->state = BT_CONNECT;
173
	conn->out = true;
174

175 176
	conn->attempt++;

177
	cp.handle   = cpu_to_le16(handle);
178
	cp.pkt_type = cpu_to_le16(conn->pkt_type);
179

180 181 182
	cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
	cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);
	cp.max_latency    = __constant_cpu_to_le16(0xffff);
183 184 185 186 187 188
	cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
	cp.retrans_effort = 0xff;

	hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
}

189
void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
190
			u16 latency, u16 to_multiplier)
191 192 193 194 195 196 197 198 199 200 201
{
	struct hci_cp_le_conn_update cp;
	struct hci_dev *hdev = conn->hdev;

	memset(&cp, 0, sizeof(cp));

	cp.handle		= cpu_to_le16(conn->handle);
	cp.conn_interval_min	= cpu_to_le16(min);
	cp.conn_interval_max	= cpu_to_le16(max);
	cp.conn_latency		= cpu_to_le16(latency);
	cp.supervision_timeout	= cpu_to_le16(to_multiplier);
202 203
	cp.min_ce_len		= __constant_cpu_to_le16(0x0001);
	cp.max_ce_len		= __constant_cpu_to_le16(0x0001);
204 205 206 207

	hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
}

208
void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
209
		      __u8 ltk[16])
210 211 212 213
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_le_start_enc cp;

214
	BT_DBG("hcon %p", conn);
215 216 217 218 219 220

	memset(&cp, 0, sizeof(cp));

	cp.handle = cpu_to_le16(conn->handle);
	memcpy(cp.ltk, ltk, sizeof(cp.ltk));
	cp.ediv = ediv;
221
	memcpy(cp.rand, rand, sizeof(cp.rand));
222 223 224 225

	hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
}

226 227 228 229 230 231 232 233
/* Device _must_ be locked */
void hci_sco_setup(struct hci_conn *conn, __u8 status)
{
	struct hci_conn *sco = conn->link;

	if (!sco)
		return;

234 235
	BT_DBG("hcon %p", conn);

236 237 238 239 240 241 242 243 244 245 246
	if (!status) {
		if (lmp_esco_capable(conn->hdev))
			hci_setup_sync(sco, conn->handle);
		else
			hci_add_sco(sco, conn->handle);
	} else {
		hci_proto_connect_cfm(sco, status);
		hci_conn_del(sco);
	}
}

247 248 249 250 251 252 253 254
static void hci_conn_disconnect(struct hci_conn *conn)
{
	__u8 reason = hci_proto_disconn_ind(conn);

	switch (conn->type) {
	case AMP_LINK:
		hci_amp_disconn(conn, reason);
		break;
255
	default:
A
Andre Guedes 已提交
256
		hci_disconnect(conn, reason);
257
		break;
258 259 260
	}
}

261
static void hci_conn_timeout(struct work_struct *work)
L
Linus Torvalds 已提交
262
{
263
	struct hci_conn *conn = container_of(work, struct hci_conn,
264
					     disc_work.work);
L
Linus Torvalds 已提交
265

266
	BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
L
Linus Torvalds 已提交
267 268 269 270

	if (atomic_read(&conn->refcnt))
		return;

271 272
	switch (conn->state) {
	case BT_CONNECT:
273
	case BT_CONNECT2:
V
Ville Tervo 已提交
274 275
		if (conn->out) {
			if (conn->type == ACL_LINK)
276
				hci_acl_create_connection_cancel(conn);
V
Ville Tervo 已提交
277
			else if (conn->type == LE_LINK)
278
				hci_le_create_connection_cancel(conn);
V
Ville Tervo 已提交
279
		}
280
		break;
281
	case BT_CONFIG:
282
	case BT_CONNECTED:
283
		hci_conn_disconnect(conn);
284 285
		break;
	default:
L
Linus Torvalds 已提交
286
		conn->state = BT_CLOSED;
287 288
		break;
	}
L
Linus Torvalds 已提交
289 290
}

291 292 293 294 295
/* Enter sniff mode */
static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

296
	BT_DBG("hcon %p mode %d", conn, conn->mode);
297 298 299 300 301 302 303 304 305 306 307 308 309

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
		return;

	if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
		return;

	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
		struct hci_cp_sniff_subrate cp;
		cp.handle             = cpu_to_le16(conn->handle);
310 311 312
		cp.max_latency        = __constant_cpu_to_le16(0);
		cp.min_remote_timeout = __constant_cpu_to_le16(0);
		cp.min_local_timeout  = __constant_cpu_to_le16(0);
313 314 315
		hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
	}

316
	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
317 318 319 320
		struct hci_cp_sniff_mode cp;
		cp.handle       = cpu_to_le16(conn->handle);
		cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
		cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
321 322
		cp.attempt      = __constant_cpu_to_le16(4);
		cp.timeout      = __constant_cpu_to_le16(1);
323 324 325 326
		hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
	}
}

327
static void hci_conn_idle(unsigned long arg)
L
Linus Torvalds 已提交
328
{
329 330
	struct hci_conn *conn = (void *) arg;

331
	BT_DBG("hcon %p mode %d", conn, conn->mode);
332 333

	hci_conn_enter_sniff_mode(conn);
L
Linus Torvalds 已提交
334 335
}

336 337 338 339 340 341
static void hci_conn_auto_accept(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;
	struct hci_dev *hdev = conn->hdev;

	hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
342
		     &conn->dst);
343 344
}

L
Linus Torvalds 已提交
345 346 347 348
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *conn;

349
	BT_DBG("%s dst %pMR", hdev->name, dst);
L
Linus Torvalds 已提交
350

351
	conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
352
	if (!conn)
L
Linus Torvalds 已提交
353 354 355
		return NULL;

	bacpy(&conn->dst, dst);
356 357 358 359
	conn->hdev  = hdev;
	conn->type  = type;
	conn->mode  = HCI_CM_ACTIVE;
	conn->state = BT_OPEN;
360
	conn->auth_type = HCI_AT_GENERAL_BONDING;
361
	conn->io_capability = hdev->io_capability;
362
	conn->remote_auth = 0xff;
363
	conn->key_type = 0xff;
L
Linus Torvalds 已提交
364

365
	set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
366
	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
367

368 369 370 371 372 373
	switch (type) {
	case ACL_LINK:
		conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
		break;
	case SCO_LINK:
		if (lmp_esco_capable(hdev))
374 375
			conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
					(hdev->esco_type & EDR_ESCO_MASK);
376 377 378 379
		else
			conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
		break;
	case ESCO_LINK:
380
		conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
381 382 383
		break;
	}

L
Linus Torvalds 已提交
384
	skb_queue_head_init(&conn->data_q);
385

386
	INIT_LIST_HEAD(&conn->chan_list);
387

388
	INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
389
	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
390
	setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
391
		    (unsigned long) conn);
L
Linus Torvalds 已提交
392 393 394 395 396 397

	atomic_set(&conn->refcnt, 0);

	hci_dev_hold(hdev);

	hci_conn_hash_add(hdev, conn);
398
	if (hdev->notify)
L
Linus Torvalds 已提交
399 400
		hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);

401 402
	atomic_set(&conn->devref, 0);

403 404
	hci_conn_init_sysfs(conn);

L
Linus Torvalds 已提交
405 406 407 408 409 410 411
	return conn;
}

int hci_conn_del(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

412
	BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
L
Linus Torvalds 已提交
413

414 415
	del_timer(&conn->idle_timer);

416
	cancel_delayed_work_sync(&conn->disc_work);
L
Linus Torvalds 已提交
417

418 419
	del_timer(&conn->auto_accept_timer);

420
	if (conn->type == ACL_LINK) {
L
Linus Torvalds 已提交
421 422 423 424 425 426
		struct hci_conn *sco = conn->link;
		if (sco)
			sco->link = NULL;

		/* Unacked frames */
		hdev->acl_cnt += conn->sent;
427 428 429 430 431
	} else if (conn->type == LE_LINK) {
		if (hdev->le_pkts)
			hdev->le_cnt += conn->sent;
		else
			hdev->acl_cnt += conn->sent;
432 433 434 435
	} else {
		struct hci_conn *acl = conn->link;
		if (acl) {
			acl->link = NULL;
436
			hci_conn_drop(acl);
437
		}
L
Linus Torvalds 已提交
438 439
	}

440
	hci_chan_list_flush(conn);
441

442 443 444
	if (conn->amp_mgr)
		amp_mgr_put(conn->amp_mgr);

L
Linus Torvalds 已提交
445
	hci_conn_hash_del(hdev, conn);
446
	if (hdev->notify)
L
Linus Torvalds 已提交
447
		hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
448

L
Linus Torvalds 已提交
449 450
	skb_queue_purge(&conn->data_q);

451
	hci_conn_put_device(conn);
452

453 454
	hci_dev_put(hdev);

455 456 457
	if (conn->handle == 0)
		kfree(conn);

L
Linus Torvalds 已提交
458 459 460 461 462 463
	return 0;
}

struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
{
	int use_src = bacmp(src, BDADDR_ANY);
464
	struct hci_dev *hdev = NULL, *d;
L
Linus Torvalds 已提交
465

466
	BT_DBG("%pMR -> %pMR", src, dst);
L
Linus Torvalds 已提交
467

468
	read_lock(&hci_dev_list_lock);
L
Linus Torvalds 已提交
469

470
	list_for_each_entry(d, &hci_dev_list, list) {
471
		if (!test_bit(HCI_UP, &d->flags) ||
472 473
		    test_bit(HCI_RAW, &d->flags) ||
		    d->dev_type != HCI_BREDR)
L
Linus Torvalds 已提交
474 475
			continue;

476
		/* Simple routing:
L
Linus Torvalds 已提交
477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494
		 *   No source address - find interface with bdaddr != dst
		 *   Source address    - find interface with bdaddr == src
		 */

		if (use_src) {
			if (!bacmp(&d->bdaddr, src)) {
				hdev = d; break;
			}
		} else {
			if (bacmp(&d->bdaddr, dst)) {
				hdev = d; break;
			}
		}
	}

	if (hdev)
		hdev = hci_dev_hold(hdev);

495
	read_unlock(&hci_dev_list_lock);
L
Linus Torvalds 已提交
496 497 498 499
	return hdev;
}
EXPORT_SYMBOL(hci_get_route);

500 501
static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
				    u8 dst_type, u8 sec_level, u8 auth_type)
L
Linus Torvalds 已提交
502
{
V
Ville Tervo 已提交
503
	struct hci_conn *le;
L
Linus Torvalds 已提交
504

505 506 507
	if (test_bit(HCI_LE_PERIPHERAL, &hdev->flags))
		return ERR_PTR(-ENOTSUPP);

508 509 510 511 512
	le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
	if (!le) {
		le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
		if (le)
			return ERR_PTR(-EBUSY);
L
Linus Torvalds 已提交
513

514 515 516
		le = hci_conn_add(hdev, LE_LINK, dst);
		if (!le)
			return ERR_PTR(-ENOMEM);
517

518 519 520
		le->dst_type = bdaddr_to_le(dst_type);
		hci_le_create_connection(le);
	}
521

522 523
	le->pending_sec_level = sec_level;
	le->auth_type = auth_type;
524

525
	hci_conn_hold(le);
V
Ville Tervo 已提交
526

527 528
	return le;
}
V
Ville Tervo 已提交
529

530 531
static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
						u8 sec_level, u8 auth_type)
L
Linus Torvalds 已提交
532 533
{
	struct hci_conn *acl;
V
Ville Tervo 已提交
534

A
Andrei Emeltchenko 已提交
535 536 537 538
	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
	if (!acl) {
		acl = hci_conn_add(hdev, ACL_LINK, dst);
		if (!acl)
539
			return ERR_PTR(-ENOMEM);
L
Linus Torvalds 已提交
540 541 542 543
	}

	hci_conn_hold(acl);

544
	if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
545 546
		acl->sec_level = BT_SECURITY_LOW;
		acl->pending_sec_level = sec_level;
547
		acl->auth_type = auth_type;
548
		hci_acl_create_connection(acl);
549
	}
L
Linus Torvalds 已提交
550

551 552 553
	return acl;
}

554 555
static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
				bdaddr_t *dst, u8 sec_level, u8 auth_type)
556 557 558 559 560 561
{
	struct hci_conn *acl;
	struct hci_conn *sco;

	acl = hci_connect_acl(hdev, dst, sec_level, auth_type);
	if (IS_ERR(acl))
562
		return acl;
L
Linus Torvalds 已提交
563

A
Andrei Emeltchenko 已提交
564 565 566 567
	sco = hci_conn_hash_lookup_ba(hdev, type, dst);
	if (!sco) {
		sco = hci_conn_add(hdev, type, dst);
		if (!sco) {
568
			hci_conn_drop(acl);
569
			return ERR_PTR(-ENOMEM);
L
Linus Torvalds 已提交
570
		}
571
	}
L
Linus Torvalds 已提交
572

573 574
	acl->link = sco;
	sco->link = acl;
L
Linus Torvalds 已提交
575

576
	hci_conn_hold(sco);
L
Linus Torvalds 已提交
577

578
	if (acl->state == BT_CONNECTED &&
579
	    (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
580
		set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
581
		hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
582

583
		if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
584
			/* defer SCO setup until mode change completed */
585
			set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
586 587 588 589
			return sco;
		}

		hci_sco_setup(acl, 0x00);
590
	}
591 592

	return sco;
L
Linus Torvalds 已提交
593 594
}

595 596 597 598
/* Create SCO, ACL or LE connection. */
struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
			     __u8 dst_type, __u8 sec_level, __u8 auth_type)
{
599
	BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
600

601 602
	switch (type) {
	case LE_LINK:
603
		return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
604
	case ACL_LINK:
605
		return hci_connect_acl(hdev, dst, sec_level, auth_type);
606
	case SCO_LINK:
607 608
	case ESCO_LINK:
		return hci_connect_sco(hdev, type, dst, sec_level, auth_type);
609
	}
610

611
	return ERR_PTR(-EINVAL);
612 613
}

614 615 616
/* Check link security requirement */
int hci_conn_check_link_mode(struct hci_conn *conn)
{
617
	BT_DBG("hcon %p", conn);
618

619
	if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
620 621 622 623 624
		return 0;

	return 1;
}

L
Linus Torvalds 已提交
625
/* Authenticate remote device */
626
static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
L
Linus Torvalds 已提交
627
{
628
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
629

630 631 632
	if (conn->pending_sec_level > sec_level)
		sec_level = conn->pending_sec_level;

633
	if (sec_level > conn->sec_level)
634
		conn->pending_sec_level = sec_level;
635
	else if (conn->link_mode & HCI_LM_AUTH)
L
Linus Torvalds 已提交
636 637
		return 1;

638 639 640
	/* Make sure we preserve an existing MITM requirement*/
	auth_type |= (conn->auth_type & 0x01);

641 642
	conn->auth_type = auth_type;

643
	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
L
Linus Torvalds 已提交
644
		struct hci_cp_auth_requested cp;
645 646 647 648

		/* encrypt must be pending if auth is also pending */
		set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);

649
		cp.handle = cpu_to_le16(conn->handle);
650
		hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
651
			     sizeof(cp), &cp);
652
		if (conn->key_type != 0xff)
653
			set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
L
Linus Torvalds 已提交
654
	}
655

L
Linus Torvalds 已提交
656 657 658
	return 0;
}

659 660 661
/* Encrypt the the link */
static void hci_conn_encrypt(struct hci_conn *conn)
{
662
	BT_DBG("hcon %p", conn);
663

664
	if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
665 666 667 668
		struct hci_cp_set_conn_encrypt cp;
		cp.handle  = cpu_to_le16(conn->handle);
		cp.encrypt = 0x01;
		hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
669
			     &cp);
670 671 672
	}
}

673
/* Enable security */
674
int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
L
Linus Torvalds 已提交
675
{
676
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
677

678 679 680
	if (conn->type == LE_LINK)
		return smp_conn_security(conn, sec_level);

681
	/* For sdp we don't need the link key. */
682 683 684
	if (sec_level == BT_SECURITY_SDP)
		return 1;

685 686
	/* For non 2.1 devices and low security level we don't need the link
	   key. */
687
	if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
688
		return 1;
689

690 691 692 693 694 695 696 697 698 699 700 701
	/* For other security levels we need the link key. */
	if (!(conn->link_mode & HCI_LM_AUTH))
		goto auth;

	/* An authenticated combination key has sufficient security for any
	   security level. */
	if (conn->key_type == HCI_LK_AUTH_COMBINATION)
		goto encrypt;

	/* An unauthenticated combination key has sufficient security for
	   security level 1 and 2. */
	if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
702
	    (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
703 704 705 706 707 708 709
		goto encrypt;

	/* A combination key has always sufficient security for the security
	   levels 1 or 2. High security level requires the combination key
	   is generated using maximum PIN code length (16).
	   For pre 2.1 units. */
	if (conn->key_type == HCI_LK_COMBINATION &&
710
	    (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
711 712 713
		goto encrypt;

auth:
714
	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
L
Linus Torvalds 已提交
715 716
		return 0;

717 718
	if (!hci_conn_auth(conn, sec_level, auth_type))
		return 0;
719 720 721 722

encrypt:
	if (conn->link_mode & HCI_LM_ENCRYPT)
		return 1;
723

724
	hci_conn_encrypt(conn);
L
Linus Torvalds 已提交
725 726
	return 0;
}
727
EXPORT_SYMBOL(hci_conn_security);
L
Linus Torvalds 已提交
728

729 730 731
/* Check secure link requirement */
int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
{
732
	BT_DBG("hcon %p", conn);
733 734 735 736

	if (sec_level != BT_SECURITY_HIGH)
		return 1; /* Accept if non-secure is required */

737
	if (conn->sec_level == BT_SECURITY_HIGH)
738 739 740 741 742 743
		return 1;

	return 0; /* Reject not secure link */
}
EXPORT_SYMBOL(hci_conn_check_secure);

L
Linus Torvalds 已提交
744 745 746
/* Change link key */
int hci_conn_change_link_key(struct hci_conn *conn)
{
747
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
748

749
	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
L
Linus Torvalds 已提交
750
		struct hci_cp_change_conn_link_key cp;
751
		cp.handle = cpu_to_le16(conn->handle);
752
		hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
753
			     sizeof(cp), &cp);
L
Linus Torvalds 已提交
754
	}
755

L
Linus Torvalds 已提交
756 757 758 759
	return 0;
}

/* Switch role */
760
int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
L
Linus Torvalds 已提交
761
{
762
	BT_DBG("hcon %p", conn);
L
Linus Torvalds 已提交
763 764 765 766

	if (!role && conn->link_mode & HCI_LM_MASTER)
		return 1;

767
	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
L
Linus Torvalds 已提交
768 769 770
		struct hci_cp_switch_role cp;
		bacpy(&cp.bdaddr, &conn->dst);
		cp.role = role;
771
		hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
L
Linus Torvalds 已提交
772
	}
773

L
Linus Torvalds 已提交
774 775 776 777
	return 0;
}
EXPORT_SYMBOL(hci_conn_switch_role);

778
/* Enter active mode */
779
void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
780 781 782
{
	struct hci_dev *hdev = conn->hdev;

783
	BT_DBG("hcon %p mode %d", conn, conn->mode);
784 785 786 787

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

788 789 790
	if (conn->mode != HCI_CM_SNIFF)
		goto timer;

791
	if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
792 793
		goto timer;

794
	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
795
		struct hci_cp_exit_sniff_mode cp;
796
		cp.handle = cpu_to_le16(conn->handle);
797
		hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
798 799 800 801 802
	}

timer:
	if (hdev->idle_timeout > 0)
		mod_timer(&conn->idle_timer,
803
			  jiffies + msecs_to_jiffies(hdev->idle_timeout));
804 805
}

L
Linus Torvalds 已提交
806 807 808 809
/* Drop all connection on the device */
void hci_conn_hash_flush(struct hci_dev *hdev)
{
	struct hci_conn_hash *h = &hdev->conn_hash;
810
	struct hci_conn *c, *n;
L
Linus Torvalds 已提交
811 812 813

	BT_DBG("hdev %s", hdev->name);

814
	list_for_each_entry_safe(c, n, &h->list, list) {
L
Linus Torvalds 已提交
815 816
		c->state = BT_CLOSED;

817
		hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
L
Linus Torvalds 已提交
818 819 820 821
		hci_conn_del(c);
	}
}

822 823 824 825 826 827 828 829 830 831 832
/* Check pending connect attempts */
void hci_conn_check_pending(struct hci_dev *hdev)
{
	struct hci_conn *conn;

	BT_DBG("hdev %s", hdev->name);

	hci_dev_lock(hdev);

	conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
	if (conn)
833
		hci_acl_create_connection(conn);
834 835 836 837

	hci_dev_unlock(hdev);
}

838 839 840 841 842 843 844 845 846 847 848 849 850
void hci_conn_hold_device(struct hci_conn *conn)
{
	atomic_inc(&conn->devref);
}
EXPORT_SYMBOL(hci_conn_hold_device);

void hci_conn_put_device(struct hci_conn *conn)
{
	if (atomic_dec_and_test(&conn->devref))
		hci_conn_del_sysfs(conn);
}
EXPORT_SYMBOL(hci_conn_put_device);

L
Linus Torvalds 已提交
851 852
int hci_get_conn_list(void __user *arg)
{
853
	struct hci_conn *c;
L
Linus Torvalds 已提交
854 855 856 857 858 859 860 861 862 863 864 865 866
	struct hci_conn_list_req req, *cl;
	struct hci_conn_info *ci;
	struct hci_dev *hdev;
	int n = 0, size, err;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
		return -EINVAL;

	size = sizeof(req) + req.conn_num * sizeof(*ci);

A
Andrei Emeltchenko 已提交
867 868
	cl = kmalloc(size, GFP_KERNEL);
	if (!cl)
L
Linus Torvalds 已提交
869 870
		return -ENOMEM;

A
Andrei Emeltchenko 已提交
871 872
	hdev = hci_dev_get(req.dev_id);
	if (!hdev) {
L
Linus Torvalds 已提交
873 874 875 876 877 878
		kfree(cl);
		return -ENODEV;
	}

	ci = cl->conn_info;

879
	hci_dev_lock(hdev);
880
	list_for_each_entry(c, &hdev->conn_hash.list, list) {
L
Linus Torvalds 已提交
881 882 883 884 885 886 887 888 889
		bacpy(&(ci + n)->bdaddr, &c->dst);
		(ci + n)->handle = c->handle;
		(ci + n)->type  = c->type;
		(ci + n)->out   = c->out;
		(ci + n)->state = c->state;
		(ci + n)->link_mode = c->link_mode;
		if (++n >= req.conn_num)
			break;
	}
890
	hci_dev_unlock(hdev);
L
Linus Torvalds 已提交
891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913

	cl->dev_id = hdev->id;
	cl->conn_num = n;
	size = sizeof(req) + n * sizeof(*ci);

	hci_dev_put(hdev);

	err = copy_to_user(arg, cl, size);
	kfree(cl);

	return err ? -EFAULT : 0;
}

int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_conn_info_req req;
	struct hci_conn_info ci;
	struct hci_conn *conn;
	char __user *ptr = arg + sizeof(req);

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

914
	hci_dev_lock(hdev);
L
Linus Torvalds 已提交
915 916 917 918 919 920 921 922 923
	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	if (conn) {
		bacpy(&ci.bdaddr, &conn->dst);
		ci.handle = conn->handle;
		ci.type  = conn->type;
		ci.out   = conn->out;
		ci.state = conn->state;
		ci.link_mode = conn->link_mode;
	}
924
	hci_dev_unlock(hdev);
L
Linus Torvalds 已提交
925 926 927 928 929 930

	if (!conn)
		return -ENOENT;

	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
}
931 932 933 934 935 936 937 938 939

int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_auth_info_req req;
	struct hci_conn *conn;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

940
	hci_dev_lock(hdev);
941 942 943
	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
	if (conn)
		req.type = conn->auth_type;
944
	hci_dev_unlock(hdev);
945 946 947 948 949 950

	if (!conn)
		return -ENOENT;

	return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
}
951 952 953 954 955 956

struct hci_chan *hci_chan_create(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_chan *chan;

957
	BT_DBG("%s hcon %p", hdev->name, conn);
958

959
	chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
960 961 962 963 964
	if (!chan)
		return NULL;

	chan->conn = conn;
	skb_queue_head_init(&chan->data_q);
M
Mat Martineau 已提交
965
	chan->state = BT_CONNECTED;
966

967
	list_add_rcu(&chan->list, &conn->chan_list);
968 969 970 971

	return chan;
}

972
void hci_chan_del(struct hci_chan *chan)
973 974 975 976
{
	struct hci_conn *conn = chan->conn;
	struct hci_dev *hdev = conn->hdev;

977
	BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
978

979 980 981
	list_del_rcu(&chan->list);

	synchronize_rcu();
982

983
	hci_conn_drop(conn);
984

985 986 987 988
	skb_queue_purge(&chan->data_q);
	kfree(chan);
}

989
void hci_chan_list_flush(struct hci_conn *conn)
990
{
991
	struct hci_chan *chan, *n;
992

993
	BT_DBG("hcon %p", conn);
994

995
	list_for_each_entry_safe(chan, n, &conn->chan_list, list)
996 997
		hci_chan_del(chan);
}
998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029

static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
						 __u16 handle)
{
	struct hci_chan *hchan;

	list_for_each_entry(hchan, &hcon->chan_list, list) {
		if (hchan->handle == handle)
			return hchan;
	}

	return NULL;
}

struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
{
	struct hci_conn_hash *h = &hdev->conn_hash;
	struct hci_conn *hcon;
	struct hci_chan *hchan = NULL;

	rcu_read_lock();

	list_for_each_entry_rcu(hcon, &h->list, list) {
		hchan = __hci_chan_lookup_handle(hcon, handle);
		if (hchan)
			break;
	}

	rcu_read_unlock();

	return hchan;
}