2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
53 void hci_acl_connect(struct hci_conn *conn)
55 struct hci_dev *hdev = conn->hdev;
56 struct inquiry_entry *ie;
57 struct hci_cp_create_conn cp;
61 conn->state = BT_CONNECT;
64 conn->link_mode = HCI_LM_MASTER;
68 conn->link_policy = hdev->link_policy;
70 memset(&cp, 0, sizeof(cp));
71 bacpy(&cp.bdaddr, &conn->dst);
72 cp.pscan_rep_mode = 0x02;
74 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
75 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
76 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
77 cp.pscan_mode = ie->data.pscan_mode;
78 cp.clock_offset = ie->data.clock_offset | cpu_to_le16(0x8000);
79 memcpy(conn->dev_class, ie->data.dev_class, 3);
82 cp.pkt_type = cpu_to_le16(conn->pkt_type);
83 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
84 cp.role_switch = 0x01;
86 cp.role_switch = 0x00;
88 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
91 static void hci_acl_connect_cancel(struct hci_conn *conn)
93 struct hci_cp_create_conn_cancel cp;
97 if (conn->hdev->hci_ver < 2)
100 bacpy(&cp.bdaddr, &conn->dst);
101 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
104 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
106 struct hci_cp_disconnect cp;
110 conn->state = BT_DISCONN;
112 cp.handle = cpu_to_le16(conn->handle);
114 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
117 void hci_add_sco(struct hci_conn *conn, __u16 handle)
119 struct hci_dev *hdev = conn->hdev;
120 struct hci_cp_add_sco cp;
124 conn->state = BT_CONNECT;
127 cp.handle = cpu_to_le16(handle);
128 cp.pkt_type = cpu_to_le16(conn->pkt_type);
130 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
133 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
135 struct hci_dev *hdev = conn->hdev;
136 struct hci_cp_setup_sync_conn cp;
140 conn->state = BT_CONNECT;
143 cp.handle = cpu_to_le16(handle);
144 cp.pkt_type = cpu_to_le16(conn->pkt_type);
146 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
147 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
148 cp.max_latency = cpu_to_le16(0xffff);
149 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
150 cp.retrans_effort = 0xff;
152 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
155 static void hci_conn_timeout(unsigned long arg)
157 struct hci_conn *conn = (void *) arg;
158 struct hci_dev *hdev = conn->hdev;
160 BT_DBG("conn %p state %d", conn, conn->state);
162 if (atomic_read(&conn->refcnt))
167 switch (conn->state) {
169 if (conn->type == ACL_LINK)
170 hci_acl_connect_cancel(conn);
172 hci_acl_disconn(conn, 0x13);
175 hci_acl_disconn(conn, 0x13);
178 conn->state = BT_CLOSED;
182 hci_dev_unlock(hdev);
185 static void hci_conn_idle(unsigned long arg)
187 struct hci_conn *conn = (void *) arg;
189 BT_DBG("conn %p mode %d", conn, conn->mode);
191 hci_conn_enter_sniff_mode(conn);
194 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
196 struct hci_conn *conn;
198 BT_DBG("%s dst %s", hdev->name, batostr(dst));
200 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
204 bacpy(&conn->dst, dst);
207 conn->mode = HCI_CM_ACTIVE;
208 conn->state = BT_OPEN;
210 conn->power_save = 1;
214 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
217 if (lmp_esco_capable(hdev))
218 conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
220 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
223 conn->pkt_type = hdev->esco_type;
227 skb_queue_head_init(&conn->data_q);
229 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
230 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
232 atomic_set(&conn->refcnt, 0);
236 tasklet_disable(&hdev->tx_task);
238 hci_conn_hash_add(hdev, conn);
240 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
242 hci_conn_add_sysfs(conn);
244 tasklet_enable(&hdev->tx_task);
249 int hci_conn_del(struct hci_conn *conn)
251 struct hci_dev *hdev = conn->hdev;
253 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
255 del_timer(&conn->idle_timer);
257 del_timer(&conn->disc_timer);
259 if (conn->type == ACL_LINK) {
260 struct hci_conn *sco = conn->link;
265 hdev->acl_cnt += conn->sent;
267 struct hci_conn *acl = conn->link;
274 tasklet_disable(&hdev->tx_task);
275 hci_conn_hash_del(hdev, conn);
277 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
278 tasklet_enable(&hdev->tx_task);
279 skb_queue_purge(&conn->data_q);
280 hci_conn_del_sysfs(conn);
285 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
287 int use_src = bacmp(src, BDADDR_ANY);
288 struct hci_dev *hdev = NULL;
291 BT_DBG("%s -> %s", batostr(src), batostr(dst));
293 read_lock_bh(&hci_dev_list_lock);
295 list_for_each(p, &hci_dev_list) {
296 struct hci_dev *d = list_entry(p, struct hci_dev, list);
298 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
302 * No source address - find interface with bdaddr != dst
303 * Source address - find interface with bdaddr == src
307 if (!bacmp(&d->bdaddr, src)) {
311 if (bacmp(&d->bdaddr, dst)) {
318 hdev = hci_dev_hold(hdev);
320 read_unlock_bh(&hci_dev_list_lock);
323 EXPORT_SYMBOL(hci_get_route);
325 /* Create SCO or ACL connection.
326 * Device _must_ be locked */
327 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
329 struct hci_conn *acl;
330 struct hci_conn *sco;
332 BT_DBG("%s dst %s", hdev->name, batostr(dst));
334 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
335 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
341 if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
342 hci_acl_connect(acl);
344 if (type == ACL_LINK)
347 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
348 if (!(sco = hci_conn_add(hdev, type, dst))) {
359 if (acl->state == BT_CONNECTED &&
360 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
361 if (lmp_esco_capable(hdev))
362 hci_setup_sync(sco, acl->handle);
364 hci_add_sco(sco, acl->handle);
369 EXPORT_SYMBOL(hci_connect);
371 /* Authenticate remote device */
372 int hci_conn_auth(struct hci_conn *conn)
374 BT_DBG("conn %p", conn);
376 if (conn->link_mode & HCI_LM_AUTH)
379 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
380 struct hci_cp_auth_requested cp;
381 cp.handle = cpu_to_le16(conn->handle);
382 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
386 EXPORT_SYMBOL(hci_conn_auth);
388 /* Enable encryption */
389 int hci_conn_encrypt(struct hci_conn *conn)
391 BT_DBG("conn %p", conn);
393 if (conn->link_mode & HCI_LM_ENCRYPT)
396 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
399 if (hci_conn_auth(conn)) {
400 struct hci_cp_set_conn_encrypt cp;
401 cp.handle = cpu_to_le16(conn->handle);
403 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
407 EXPORT_SYMBOL(hci_conn_encrypt);
409 /* Change link key */
410 int hci_conn_change_link_key(struct hci_conn *conn)
412 BT_DBG("conn %p", conn);
414 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
415 struct hci_cp_change_conn_link_key cp;
416 cp.handle = cpu_to_le16(conn->handle);
417 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
421 EXPORT_SYMBOL(hci_conn_change_link_key);
424 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
426 BT_DBG("conn %p", conn);
428 if (!role && conn->link_mode & HCI_LM_MASTER)
431 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
432 struct hci_cp_switch_role cp;
433 bacpy(&cp.bdaddr, &conn->dst);
435 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
439 EXPORT_SYMBOL(hci_conn_switch_role);
441 /* Enter active mode */
442 void hci_conn_enter_active_mode(struct hci_conn *conn)
444 struct hci_dev *hdev = conn->hdev;
446 BT_DBG("conn %p mode %d", conn, conn->mode);
448 if (test_bit(HCI_RAW, &hdev->flags))
451 if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
454 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
455 struct hci_cp_exit_sniff_mode cp;
456 cp.handle = cpu_to_le16(conn->handle);
457 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
461 if (hdev->idle_timeout > 0)
462 mod_timer(&conn->idle_timer,
463 jiffies + msecs_to_jiffies(hdev->idle_timeout));
466 /* Enter sniff mode */
467 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
469 struct hci_dev *hdev = conn->hdev;
471 BT_DBG("conn %p mode %d", conn, conn->mode);
473 if (test_bit(HCI_RAW, &hdev->flags))
476 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
479 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
482 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
483 struct hci_cp_sniff_subrate cp;
484 cp.handle = cpu_to_le16(conn->handle);
485 cp.max_latency = cpu_to_le16(0);
486 cp.min_remote_timeout = cpu_to_le16(0);
487 cp.min_local_timeout = cpu_to_le16(0);
488 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
491 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
492 struct hci_cp_sniff_mode cp;
493 cp.handle = cpu_to_le16(conn->handle);
494 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
495 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
496 cp.attempt = cpu_to_le16(4);
497 cp.timeout = cpu_to_le16(1);
498 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
502 /* Drop all connection on the device */
503 void hci_conn_hash_flush(struct hci_dev *hdev)
505 struct hci_conn_hash *h = &hdev->conn_hash;
508 BT_DBG("hdev %s", hdev->name);
511 while (p != &h->list) {
514 c = list_entry(p, struct hci_conn, list);
517 c->state = BT_CLOSED;
519 hci_proto_disconn_ind(c, 0x16);
524 /* Check pending connect attempts */
525 void hci_conn_check_pending(struct hci_dev *hdev)
527 struct hci_conn *conn;
529 BT_DBG("hdev %s", hdev->name);
533 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
535 hci_acl_connect(conn);
537 hci_dev_unlock(hdev);
540 int hci_get_conn_list(void __user *arg)
542 struct hci_conn_list_req req, *cl;
543 struct hci_conn_info *ci;
544 struct hci_dev *hdev;
546 int n = 0, size, err;
548 if (copy_from_user(&req, arg, sizeof(req)))
551 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
554 size = sizeof(req) + req.conn_num * sizeof(*ci);
556 if (!(cl = kmalloc(size, GFP_KERNEL)))
559 if (!(hdev = hci_dev_get(req.dev_id))) {
566 hci_dev_lock_bh(hdev);
567 list_for_each(p, &hdev->conn_hash.list) {
568 register struct hci_conn *c;
569 c = list_entry(p, struct hci_conn, list);
571 bacpy(&(ci + n)->bdaddr, &c->dst);
572 (ci + n)->handle = c->handle;
573 (ci + n)->type = c->type;
574 (ci + n)->out = c->out;
575 (ci + n)->state = c->state;
576 (ci + n)->link_mode = c->link_mode;
577 if (++n >= req.conn_num)
580 hci_dev_unlock_bh(hdev);
582 cl->dev_id = hdev->id;
584 size = sizeof(req) + n * sizeof(*ci);
588 err = copy_to_user(arg, cl, size);
591 return err ? -EFAULT : 0;
594 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
596 struct hci_conn_info_req req;
597 struct hci_conn_info ci;
598 struct hci_conn *conn;
599 char __user *ptr = arg + sizeof(req);
601 if (copy_from_user(&req, arg, sizeof(req)))
604 hci_dev_lock_bh(hdev);
605 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
607 bacpy(&ci.bdaddr, &conn->dst);
608 ci.handle = conn->handle;
609 ci.type = conn->type;
611 ci.state = conn->state;
612 ci.link_mode = conn->link_mode;
614 hci_dev_unlock_bh(hdev);
619 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;