2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
41 static const struct sco_param sco_param_cvsd[] = {
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
43 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
44 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
45 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
46 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
49 static const struct sco_param sco_param_wideband[] = {
50 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
51 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
54 static void hci_le_create_connection_cancel(struct hci_conn *conn)
56 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
59 static void hci_acl_create_connection(struct hci_conn *conn)
61 struct hci_dev *hdev = conn->hdev;
62 struct inquiry_entry *ie;
63 struct hci_cp_create_conn cp;
65 BT_DBG("hcon %p", conn);
67 conn->state = BT_CONNECT;
69 conn->role = HCI_ROLE_MASTER;
73 conn->link_policy = hdev->link_policy;
75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
88 memcpy(conn->dev_class, ie->data.dev_class, 3);
89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
95 cp.role_switch = 0x01;
97 cp.role_switch = 0x00;
99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
102 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
104 struct hci_cp_create_conn_cancel cp;
106 BT_DBG("hcon %p", conn);
108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
111 bacpy(&cp.bdaddr, &conn->dst);
112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
115 static void hci_reject_sco(struct hci_conn *conn)
117 struct hci_cp_reject_sync_conn_req cp;
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
125 void hci_disconnect(struct hci_conn *conn, __u8 reason)
127 struct hci_cp_disconnect cp;
129 BT_DBG("hcon %p", conn);
131 conn->state = BT_DISCONN;
133 cp.handle = cpu_to_le16(conn->handle);
135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
138 static void hci_amp_disconn(struct hci_conn *conn)
140 struct hci_cp_disconn_phy_link cp;
142 BT_DBG("hcon %p", conn);
144 conn->state = BT_DISCONN;
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
147 cp.reason = hci_proto_disconn_ind(conn);
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
152 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
157 BT_DBG("hcon %p", conn);
159 conn->state = BT_CONNECT;
164 cp.handle = cpu_to_le16(handle);
165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
170 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
174 const struct sco_param *param;
176 BT_DBG("hcon %p", conn);
178 conn->state = BT_CONNECT;
183 cp.handle = cpu_to_le16(handle);
185 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
187 cp.voice_setting = cpu_to_le16(conn->setting);
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
193 cp.retrans_effort = 0x02;
194 param = &sco_param_wideband[conn->attempt - 1];
196 case SCO_AIRMODE_CVSD:
197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
215 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
218 struct hci_dev *hdev = conn->hdev;
219 struct hci_conn_params *params;
220 struct hci_cp_le_conn_update cp;
224 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
226 params->conn_min_interval = min;
227 params->conn_max_interval = max;
228 params->conn_latency = latency;
229 params->supervision_timeout = to_multiplier;
232 hci_dev_unlock(hdev);
234 memset(&cp, 0, sizeof(cp));
235 cp.handle = cpu_to_le16(conn->handle);
236 cp.conn_interval_min = cpu_to_le16(min);
237 cp.conn_interval_max = cpu_to_le16(max);
238 cp.conn_latency = cpu_to_le16(latency);
239 cp.supervision_timeout = cpu_to_le16(to_multiplier);
240 cp.min_ce_len = cpu_to_le16(0x0000);
241 cp.max_ce_len = cpu_to_le16(0x0000);
243 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
251 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
254 struct hci_dev *hdev = conn->hdev;
255 struct hci_cp_le_start_enc cp;
257 BT_DBG("hcon %p", conn);
259 memset(&cp, 0, sizeof(cp));
261 cp.handle = cpu_to_le16(conn->handle);
264 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
266 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
269 /* Device _must_ be locked */
270 void hci_sco_setup(struct hci_conn *conn, __u8 status)
272 struct hci_conn *sco = conn->link;
277 BT_DBG("hcon %p", conn);
280 if (lmp_esco_capable(conn->hdev))
281 hci_setup_sync(sco, conn->handle);
283 hci_add_sco(sco, conn->handle);
285 hci_proto_connect_cfm(sco, status);
290 static void hci_conn_timeout(struct work_struct *work)
292 struct hci_conn *conn = container_of(work, struct hci_conn,
294 int refcnt = atomic_read(&conn->refcnt);
296 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
300 /* FIXME: It was observed that in pairing failed scenario, refcnt
301 * drops below 0. Probably this is because l2cap_conn_del calls
302 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
303 * dropped. After that loop hci_chan_del is called which also drops
304 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
310 switch (conn->state) {
314 if (conn->type == ACL_LINK)
315 hci_acl_create_connection_cancel(conn);
316 else if (conn->type == LE_LINK)
317 hci_le_create_connection_cancel(conn);
318 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
319 hci_reject_sco(conn);
324 if (conn->type == AMP_LINK) {
325 hci_amp_disconn(conn);
327 __u8 reason = hci_proto_disconn_ind(conn);
329 /* When we are master of an established connection
330 * and it enters the disconnect timeout, then go
331 * ahead and try to read the current clock offset.
333 * Processing of the result is done within the
334 * event handling and hci_clock_offset_evt function.
336 if (conn->type == ACL_LINK &&
337 conn->role == HCI_ROLE_MASTER) {
338 struct hci_dev *hdev = conn->hdev;
339 struct hci_cp_read_clock_offset cp;
341 cp.handle = cpu_to_le16(conn->handle);
343 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET,
347 hci_disconnect(conn, reason);
351 conn->state = BT_CLOSED;
356 /* Enter sniff mode */
357 static void hci_conn_idle(struct work_struct *work)
359 struct hci_conn *conn = container_of(work, struct hci_conn,
361 struct hci_dev *hdev = conn->hdev;
363 BT_DBG("hcon %p mode %d", conn, conn->mode);
365 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
368 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
371 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
372 struct hci_cp_sniff_subrate cp;
373 cp.handle = cpu_to_le16(conn->handle);
374 cp.max_latency = cpu_to_le16(0);
375 cp.min_remote_timeout = cpu_to_le16(0);
376 cp.min_local_timeout = cpu_to_le16(0);
377 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
380 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
381 struct hci_cp_sniff_mode cp;
382 cp.handle = cpu_to_le16(conn->handle);
383 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
384 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
385 cp.attempt = cpu_to_le16(4);
386 cp.timeout = cpu_to_le16(1);
387 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
391 static void hci_conn_auto_accept(struct work_struct *work)
393 struct hci_conn *conn = container_of(work, struct hci_conn,
394 auto_accept_work.work);
396 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
400 static void le_conn_timeout(struct work_struct *work)
402 struct hci_conn *conn = container_of(work, struct hci_conn,
403 le_conn_timeout.work);
404 struct hci_dev *hdev = conn->hdev;
408 /* We could end up here due to having done directed advertising,
409 * so clean up the state if necessary. This should however only
410 * happen with broken hardware or if low duty cycle was used
411 * (which doesn't have a timeout of its own).
413 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
415 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
417 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
421 hci_le_create_connection_cancel(conn);
424 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
427 struct hci_conn *conn;
429 BT_DBG("%s dst %pMR", hdev->name, dst);
431 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
435 bacpy(&conn->dst, dst);
436 bacpy(&conn->src, &hdev->bdaddr);
440 conn->mode = HCI_CM_ACTIVE;
441 conn->state = BT_OPEN;
442 conn->auth_type = HCI_AT_GENERAL_BONDING;
443 conn->io_capability = hdev->io_capability;
444 conn->remote_auth = 0xff;
445 conn->key_type = 0xff;
446 conn->tx_power = HCI_TX_POWER_INVALID;
447 conn->max_tx_power = HCI_TX_POWER_INVALID;
449 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
450 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
452 if (conn->role == HCI_ROLE_MASTER)
457 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
460 /* conn->src should reflect the local identity address */
461 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
464 if (lmp_esco_capable(hdev))
465 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
466 (hdev->esco_type & EDR_ESCO_MASK);
468 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
471 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
475 skb_queue_head_init(&conn->data_q);
477 INIT_LIST_HEAD(&conn->chan_list);
479 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
480 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
481 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
482 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
484 atomic_set(&conn->refcnt, 0);
488 hci_conn_hash_add(hdev, conn);
490 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
492 hci_conn_init_sysfs(conn);
497 int hci_conn_del(struct hci_conn *conn)
499 struct hci_dev *hdev = conn->hdev;
501 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
503 cancel_delayed_work_sync(&conn->disc_work);
504 cancel_delayed_work_sync(&conn->auto_accept_work);
505 cancel_delayed_work_sync(&conn->idle_work);
507 if (conn->type == ACL_LINK) {
508 struct hci_conn *sco = conn->link;
513 hdev->acl_cnt += conn->sent;
514 } else if (conn->type == LE_LINK) {
515 cancel_delayed_work_sync(&conn->le_conn_timeout);
518 hdev->le_cnt += conn->sent;
520 hdev->acl_cnt += conn->sent;
522 struct hci_conn *acl = conn->link;
529 hci_chan_list_flush(conn);
532 amp_mgr_put(conn->amp_mgr);
534 hci_conn_hash_del(hdev, conn);
536 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
538 skb_queue_purge(&conn->data_q);
540 hci_conn_del_sysfs(conn);
549 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
551 int use_src = bacmp(src, BDADDR_ANY);
552 struct hci_dev *hdev = NULL, *d;
554 BT_DBG("%pMR -> %pMR", src, dst);
556 read_lock(&hci_dev_list_lock);
558 list_for_each_entry(d, &hci_dev_list, list) {
559 if (!test_bit(HCI_UP, &d->flags) ||
560 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
561 d->dev_type != HCI_BREDR)
565 * No source address - find interface with bdaddr != dst
566 * Source address - find interface with bdaddr == src
570 if (!bacmp(&d->bdaddr, src)) {
574 if (bacmp(&d->bdaddr, dst)) {
581 hdev = hci_dev_hold(hdev);
583 read_unlock(&hci_dev_list_lock);
586 EXPORT_SYMBOL(hci_get_route);
588 /* This function requires the caller holds hdev->lock */
589 void hci_le_conn_failed(struct hci_conn *conn, u8 status)
591 struct hci_dev *hdev = conn->hdev;
593 conn->state = BT_CLOSED;
595 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
598 hci_proto_connect_cfm(conn, status);
602 /* Since we may have temporarily stopped the background scanning in
603 * favor of connection establishment, we should restart it.
605 hci_update_background_scan(hdev);
607 /* Re-enable advertising in case this was a failed connection
608 * attempt as a peripheral.
610 mgmt_reenable_advertising(hdev);
613 static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
615 struct hci_conn *conn;
620 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
625 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
629 hci_le_conn_failed(conn, status);
632 hci_dev_unlock(hdev);
635 static void hci_req_add_le_create_conn(struct hci_request *req,
636 struct hci_conn *conn)
638 struct hci_cp_le_create_conn cp;
639 struct hci_dev *hdev = conn->hdev;
642 memset(&cp, 0, sizeof(cp));
644 /* Update random address, but set require_privacy to false so
645 * that we never connect with an unresolvable address.
647 if (hci_update_random_address(req, false, &own_addr_type))
650 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
651 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
652 bacpy(&cp.peer_addr, &conn->dst);
653 cp.peer_addr_type = conn->dst_type;
654 cp.own_address_type = own_addr_type;
655 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
656 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
657 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
658 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
659 cp.min_ce_len = cpu_to_le16(0x0000);
660 cp.max_ce_len = cpu_to_le16(0x0000);
662 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
664 conn->state = BT_CONNECT;
667 static void hci_req_directed_advertising(struct hci_request *req,
668 struct hci_conn *conn)
670 struct hci_dev *hdev = req->hdev;
671 struct hci_cp_le_set_adv_param cp;
675 /* Clear the HCI_LE_ADV bit temporarily so that the
676 * hci_update_random_address knows that it's safe to go ahead
677 * and write a new random address. The flag will be set back on
678 * as soon as the SET_ADV_ENABLE HCI command completes.
680 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
682 /* Set require_privacy to false so that the remote device has a
683 * chance of identifying us.
685 if (hci_update_random_address(req, false, &own_addr_type) < 0)
688 memset(&cp, 0, sizeof(cp));
689 cp.type = LE_ADV_DIRECT_IND;
690 cp.own_address_type = own_addr_type;
691 cp.direct_addr_type = conn->dst_type;
692 bacpy(&cp.direct_addr, &conn->dst);
693 cp.channel_map = hdev->le_adv_channel_map;
695 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
698 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
700 conn->state = BT_CONNECT;
703 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
704 u8 dst_type, u8 sec_level, u16 conn_timeout,
707 struct hci_conn_params *params;
708 struct hci_conn *conn;
710 struct hci_request req;
713 /* Some devices send ATT messages as soon as the physical link is
714 * established. To be able to handle these ATT messages, the user-
715 * space first establishes the connection and then starts the pairing
718 * So if a hci_conn object already exists for the following connection
719 * attempt, we simply update pending_sec_level and auth_type fields
720 * and return the object found.
722 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
724 conn->pending_sec_level = sec_level;
728 /* Since the controller supports only one LE connection attempt at a
729 * time, we return -EBUSY if there is any connection attempt running.
731 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
733 return ERR_PTR(-EBUSY);
735 /* When given an identity address with existing identity
736 * resolving key, the connection needs to be established
737 * to a resolvable random address.
739 * This uses the cached random resolvable address from
740 * a previous scan. When no cached address is available,
741 * try connecting to the identity address instead.
743 * Storing the resolvable random address is required here
744 * to handle connection failures. The address will later
745 * be resolved back into the original identity address
746 * from the connect request.
748 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
749 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
751 dst_type = ADDR_LE_DEV_RANDOM;
754 conn = hci_conn_add(hdev, LE_LINK, dst, role);
756 return ERR_PTR(-ENOMEM);
758 conn->dst_type = dst_type;
759 conn->sec_level = BT_SECURITY_LOW;
760 conn->pending_sec_level = sec_level;
761 conn->conn_timeout = conn_timeout;
763 hci_req_init(&req, hdev);
765 /* Disable advertising if we're active. For master role
766 * connections most controllers will refuse to connect if
767 * advertising is enabled, and for slave role connections we
768 * anyway have to disable it in order to start directed
771 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
773 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
777 /* If requested to connect as slave use directed advertising */
778 if (conn->role == HCI_ROLE_SLAVE) {
779 /* If we're active scanning most controllers are unable
780 * to initiate advertising. Simply reject the attempt.
782 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
783 hdev->le_scan_type == LE_SCAN_ACTIVE) {
784 skb_queue_purge(&req.cmd_q);
786 return ERR_PTR(-EBUSY);
789 hci_req_directed_advertising(&req, conn);
793 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
795 conn->le_conn_min_interval = params->conn_min_interval;
796 conn->le_conn_max_interval = params->conn_max_interval;
797 conn->le_conn_latency = params->conn_latency;
798 conn->le_supv_timeout = params->supervision_timeout;
800 conn->le_conn_min_interval = hdev->le_conn_min_interval;
801 conn->le_conn_max_interval = hdev->le_conn_max_interval;
802 conn->le_conn_latency = hdev->le_conn_latency;
803 conn->le_supv_timeout = hdev->le_supv_timeout;
806 /* If controller is scanning, we stop it since some controllers are
807 * not able to scan and connect at the same time. Also set the
808 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
809 * handler for scan disabling knows to set the correct discovery
812 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
813 hci_req_add_le_scan_disable(&req);
814 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
817 hci_req_add_le_create_conn(&req, conn);
820 err = hci_req_run(&req, create_le_conn_complete);
831 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
832 u8 sec_level, u8 auth_type)
834 struct hci_conn *acl;
836 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
837 return ERR_PTR(-EOPNOTSUPP);
839 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
841 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
843 return ERR_PTR(-ENOMEM);
848 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
849 acl->sec_level = BT_SECURITY_LOW;
850 acl->pending_sec_level = sec_level;
851 acl->auth_type = auth_type;
852 hci_acl_create_connection(acl);
858 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
861 struct hci_conn *acl;
862 struct hci_conn *sco;
864 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
868 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
870 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
873 return ERR_PTR(-ENOMEM);
882 sco->setting = setting;
884 if (acl->state == BT_CONNECTED &&
885 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
886 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
887 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
889 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
890 /* defer SCO setup until mode change completed */
891 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
895 hci_sco_setup(acl, 0x00);
901 /* Check link security requirement */
902 int hci_conn_check_link_mode(struct hci_conn *conn)
904 BT_DBG("hcon %p", conn);
906 /* In Secure Connections Only mode, it is required that Secure
907 * Connections is used and the link is encrypted with AES-CCM
908 * using a P-256 authenticated combination key.
910 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
911 if (!hci_conn_sc_enabled(conn) ||
912 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
913 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
917 if (hci_conn_ssp_enabled(conn) &&
918 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
924 /* Authenticate remote device */
925 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
927 BT_DBG("hcon %p", conn);
929 if (conn->pending_sec_level > sec_level)
930 sec_level = conn->pending_sec_level;
932 if (sec_level > conn->sec_level)
933 conn->pending_sec_level = sec_level;
934 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
937 /* Make sure we preserve an existing MITM requirement*/
938 auth_type |= (conn->auth_type & 0x01);
940 conn->auth_type = auth_type;
942 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
943 struct hci_cp_auth_requested cp;
945 cp.handle = cpu_to_le16(conn->handle);
946 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
949 /* If we're already encrypted set the REAUTH_PEND flag,
950 * otherwise set the ENCRYPT_PEND.
952 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
953 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
955 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
961 /* Encrypt the the link */
962 static void hci_conn_encrypt(struct hci_conn *conn)
964 BT_DBG("hcon %p", conn);
966 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
967 struct hci_cp_set_conn_encrypt cp;
968 cp.handle = cpu_to_le16(conn->handle);
970 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
975 /* Enable security */
976 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
979 BT_DBG("hcon %p", conn);
981 if (conn->type == LE_LINK)
982 return smp_conn_security(conn, sec_level);
984 /* For sdp we don't need the link key. */
985 if (sec_level == BT_SECURITY_SDP)
988 /* For non 2.1 devices and low security level we don't need the link
990 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
993 /* For other security levels we need the link key. */
994 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
997 /* An authenticated FIPS approved combination key has sufficient
998 * security for security level 4. */
999 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1000 sec_level == BT_SECURITY_FIPS)
1003 /* An authenticated combination key has sufficient security for
1004 security level 3. */
1005 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1006 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1007 sec_level == BT_SECURITY_HIGH)
1010 /* An unauthenticated combination key has sufficient security for
1011 security level 1 and 2. */
1012 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1013 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
1014 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
1017 /* A combination key has always sufficient security for the security
1018 levels 1 or 2. High security level requires the combination key
1019 is generated using maximum PIN code length (16).
1020 For pre 2.1 units. */
1021 if (conn->key_type == HCI_LK_COMBINATION &&
1022 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1023 conn->pin_length == 16))
1027 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1031 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1033 if (!hci_conn_auth(conn, sec_level, auth_type))
1037 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1040 hci_conn_encrypt(conn);
1043 EXPORT_SYMBOL(hci_conn_security);
1045 /* Check secure link requirement */
1046 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1048 BT_DBG("hcon %p", conn);
1050 /* Accept if non-secure or higher security level is required */
1051 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1054 /* Accept if secure or higher security level is already present */
1055 if (conn->sec_level == BT_SECURITY_HIGH ||
1056 conn->sec_level == BT_SECURITY_FIPS)
1059 /* Reject not secure link */
1062 EXPORT_SYMBOL(hci_conn_check_secure);
1064 /* Change link key */
1065 int hci_conn_change_link_key(struct hci_conn *conn)
1067 BT_DBG("hcon %p", conn);
1069 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1070 struct hci_cp_change_conn_link_key cp;
1071 cp.handle = cpu_to_le16(conn->handle);
1072 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
1080 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1082 BT_DBG("hcon %p", conn);
1084 if (role == conn->role)
1087 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1088 struct hci_cp_switch_role cp;
1089 bacpy(&cp.bdaddr, &conn->dst);
1091 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1096 EXPORT_SYMBOL(hci_conn_switch_role);
1098 /* Enter active mode */
1099 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
1101 struct hci_dev *hdev = conn->hdev;
1103 BT_DBG("hcon %p mode %d", conn, conn->mode);
1105 if (conn->mode != HCI_CM_SNIFF)
1108 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
1111 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
1112 struct hci_cp_exit_sniff_mode cp;
1113 cp.handle = cpu_to_le16(conn->handle);
1114 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
1118 if (hdev->idle_timeout > 0)
1119 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1120 msecs_to_jiffies(hdev->idle_timeout));
1123 /* Drop all connection on the device */
1124 void hci_conn_hash_flush(struct hci_dev *hdev)
1126 struct hci_conn_hash *h = &hdev->conn_hash;
1127 struct hci_conn *c, *n;
1129 BT_DBG("hdev %s", hdev->name);
1131 list_for_each_entry_safe(c, n, &h->list, list) {
1132 c->state = BT_CLOSED;
1134 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1139 /* Check pending connect attempts */
1140 void hci_conn_check_pending(struct hci_dev *hdev)
1142 struct hci_conn *conn;
1144 BT_DBG("hdev %s", hdev->name);
1148 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1150 hci_acl_create_connection(conn);
1152 hci_dev_unlock(hdev);
1155 static u32 get_link_mode(struct hci_conn *conn)
1159 if (conn->role == HCI_ROLE_MASTER)
1160 link_mode |= HCI_LM_MASTER;
1162 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1163 link_mode |= HCI_LM_ENCRYPT;
1165 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1166 link_mode |= HCI_LM_AUTH;
1168 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1169 link_mode |= HCI_LM_SECURE;
1171 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1172 link_mode |= HCI_LM_FIPS;
1177 int hci_get_conn_list(void __user *arg)
1180 struct hci_conn_list_req req, *cl;
1181 struct hci_conn_info *ci;
1182 struct hci_dev *hdev;
1183 int n = 0, size, err;
1185 if (copy_from_user(&req, arg, sizeof(req)))
1188 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1191 size = sizeof(req) + req.conn_num * sizeof(*ci);
1193 cl = kmalloc(size, GFP_KERNEL);
1197 hdev = hci_dev_get(req.dev_id);
1206 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1207 bacpy(&(ci + n)->bdaddr, &c->dst);
1208 (ci + n)->handle = c->handle;
1209 (ci + n)->type = c->type;
1210 (ci + n)->out = c->out;
1211 (ci + n)->state = c->state;
1212 (ci + n)->link_mode = get_link_mode(c);
1213 if (++n >= req.conn_num)
1216 hci_dev_unlock(hdev);
1218 cl->dev_id = hdev->id;
1220 size = sizeof(req) + n * sizeof(*ci);
1224 err = copy_to_user(arg, cl, size);
1227 return err ? -EFAULT : 0;
1230 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1232 struct hci_conn_info_req req;
1233 struct hci_conn_info ci;
1234 struct hci_conn *conn;
1235 char __user *ptr = arg + sizeof(req);
1237 if (copy_from_user(&req, arg, sizeof(req)))
1241 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1243 bacpy(&ci.bdaddr, &conn->dst);
1244 ci.handle = conn->handle;
1245 ci.type = conn->type;
1247 ci.state = conn->state;
1248 ci.link_mode = get_link_mode(conn);
1250 hci_dev_unlock(hdev);
1255 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1258 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1260 struct hci_auth_info_req req;
1261 struct hci_conn *conn;
1263 if (copy_from_user(&req, arg, sizeof(req)))
1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1269 req.type = conn->auth_type;
1270 hci_dev_unlock(hdev);
1275 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1278 struct hci_chan *hci_chan_create(struct hci_conn *conn)
1280 struct hci_dev *hdev = conn->hdev;
1281 struct hci_chan *chan;
1283 BT_DBG("%s hcon %p", hdev->name, conn);
1285 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
1290 skb_queue_head_init(&chan->data_q);
1291 chan->state = BT_CONNECTED;
1293 list_add_rcu(&chan->list, &conn->chan_list);
1298 void hci_chan_del(struct hci_chan *chan)
1300 struct hci_conn *conn = chan->conn;
1301 struct hci_dev *hdev = conn->hdev;
1303 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
1305 list_del_rcu(&chan->list);
1309 hci_conn_drop(conn);
1311 skb_queue_purge(&chan->data_q);
1315 void hci_chan_list_flush(struct hci_conn *conn)
1317 struct hci_chan *chan, *n;
1319 BT_DBG("hcon %p", conn);
1321 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
1325 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1328 struct hci_chan *hchan;
1330 list_for_each_entry(hchan, &hcon->chan_list, list) {
1331 if (hchan->handle == handle)
1338 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1340 struct hci_conn_hash *h = &hdev->conn_hash;
1341 struct hci_conn *hcon;
1342 struct hci_chan *hchan = NULL;
1346 list_for_each_entry_rcu(hcon, &h->list, list) {
1347 hchan = __hci_chan_lookup_handle(hcon, handle);
git.openpandora.org / pandora-kernel.git / blob