net/bluetooth/hci_conn.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License version 2 as
   9    published by the Free Software Foundation;
  10
  11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22    SOFTWARE IS DISCLAIMED.
  23 */
  24
  25 /* Bluetooth HCI connection handling. */
  26
  27 #include <linux/module.h>
  28
  29 #include <linux/types.h>
  30 #include <linux/errno.h>
  31 #include <linux/kernel.h>
  32 #include <linux/slab.h>
  33 #include <linux/poll.h>
  34 #include <linux/fcntl.h>
  35 #include <linux/init.h>
  36 #include <linux/skbuff.h>
  37 #include <linux/interrupt.h>
  38 #include <linux/notifier.h>
  39 #include <net/sock.h>
  40
  41 #include <asm/system.h>
  42 #include <asm/uaccess.h>
  43 #include <asm/unaligned.h>
  44
  45 #include <net/bluetooth/bluetooth.h>
  46 #include <net/bluetooth/hci_core.h>
  47
  48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
  49 #undef  BT_DBG
  50 #define BT_DBG(D...)
  51 #endif
  52
  53 void hci_acl_connect(struct hci_conn *conn)
  54 {
  55         struct hci_dev *hdev = conn->hdev;
  56         struct inquiry_entry *ie;
  57         struct hci_cp_create_conn cp;
  58
  59         BT_DBG("%p", conn);
  60
  61         conn->state = BT_CONNECT;
  62         conn->out = 1;
  63
  64         conn->link_mode = HCI_LM_MASTER;
  65
  66         conn->attempt++;
  67
  68         conn->link_policy = hdev->link_policy;
  69
  70         memset(&cp, 0, sizeof(cp));
  71         bacpy(&cp.bdaddr, &conn->dst);
  72         cp.pscan_rep_mode = 0x02;
  73
  74         if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
  75                 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
  76                         cp.pscan_rep_mode = ie->data.pscan_rep_mode;
  77                         cp.pscan_mode     = ie->data.pscan_mode;
  78                         cp.clock_offset   = ie->data.clock_offset |
  79                                                         cpu_to_le16(0x8000);
  80                 }
  81
  82                 memcpy(conn->dev_class, ie->data.dev_class, 3);
  83                 conn->ssp_mode = ie->data.ssp_mode;
  84         }
  85
  86         cp.pkt_type = cpu_to_le16(conn->pkt_type);
  87         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
  88                 cp.role_switch = 0x01;
  89         else
  90                 cp.role_switch = 0x00;
  91
  92         hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
  93 }
  94
  95 static void hci_acl_connect_cancel(struct hci_conn *conn)
  96 {
  97         struct hci_cp_create_conn_cancel cp;
  98
  99         BT_DBG("%p", conn);
 100
 101         if (conn->hdev->hci_ver < 2)
 102                 return;
 103
 104         bacpy(&cp.bdaddr, &conn->dst);
 105         hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
 106 }
 107
 108 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
 109 {
 110         struct hci_cp_disconnect cp;
 111
 112         BT_DBG("%p", conn);
 113
 114         conn->state = BT_DISCONN;
 115
 116         cp.handle = cpu_to_le16(conn->handle);
 117         cp.reason = reason;
 118         hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
 119 }
 120
 121 void hci_add_sco(struct hci_conn *conn, __u16 handle)
 122 {
 123         struct hci_dev *hdev = conn->hdev;
 124         struct hci_cp_add_sco cp;
 125
 126         BT_DBG("%p", conn);
 127
 128         conn->state = BT_CONNECT;
 129         conn->out = 1;
 130
 131         cp.handle   = cpu_to_le16(handle);
 132         cp.pkt_type = cpu_to_le16(conn->pkt_type);
 133
 134         hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
 135 }
 136
 137 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
 138 {
 139         struct hci_dev *hdev = conn->hdev;
 140         struct hci_cp_setup_sync_conn cp;
 141
 142         BT_DBG("%p", conn);
 143
 144         conn->state = BT_CONNECT;
 145         conn->out = 1;
 146
 147         cp.handle   = cpu_to_le16(handle);
 148         cp.pkt_type = cpu_to_le16(conn->pkt_type);
 149
 150         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
 151         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
 152         cp.max_latency    = cpu_to_le16(0xffff);
 153         cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
 154         cp.retrans_effort = 0xff;
 155
 156         hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
 157 }
 158
 159 static void hci_conn_timeout(unsigned long arg)
 160 {
 161         struct hci_conn *conn = (void *) arg;
 162         struct hci_dev *hdev = conn->hdev;
 163
 164         BT_DBG("conn %p state %d", conn, conn->state);
 165
 166         if (atomic_read(&conn->refcnt))
 167                 return;
 168
 169         hci_dev_lock(hdev);
 170
 171         switch (conn->state) {
 172         case BT_CONNECT:
 173         case BT_CONNECT2:
 174                 if (conn->type == ACL_LINK)
 175                         hci_acl_connect_cancel(conn);
 176                 else
 177                         hci_acl_disconn(conn, 0x13);
 178                 break;
 179         case BT_CONFIG:
 180         case BT_CONNECTED:
 181                 hci_acl_disconn(conn, 0x13);
 182                 break;
 183         default:
 184                 conn->state = BT_CLOSED;
 185                 break;
 186         }
 187
 188         hci_dev_unlock(hdev);
 189 }
 190
 191 static void hci_conn_idle(unsigned long arg)
 192 {
 193         struct hci_conn *conn = (void *) arg;
 194
 195         BT_DBG("conn %p mode %d", conn, conn->mode);
 196
 197         hci_conn_enter_sniff_mode(conn);
 198 }
 199
 200 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
 201 {
 202         struct hci_conn *conn;
 203
 204         BT_DBG("%s dst %s", hdev->name, batostr(dst));
 205
 206         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
 207         if (!conn)
 208                 return NULL;
 209
 210         bacpy(&conn->dst, dst);
 211         conn->hdev  = hdev;
 212         conn->type  = type;
 213         conn->mode  = HCI_CM_ACTIVE;
 214         conn->state = BT_OPEN;
 215
 216         conn->power_save = 1;
 217
 218         switch (type) {
 219         case ACL_LINK:
 220                 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
 221                 break;
 222         case SCO_LINK:
 223                 if (lmp_esco_capable(hdev))
 224                         conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
 225                 else
 226                         conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
 227                 break;
 228         case ESCO_LINK:
 229                 conn->pkt_type = hdev->esco_type;
 230                 break;
 231         }
 232
 233         skb_queue_head_init(&conn->data_q);
 234
 235         setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
 236         setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
 237
 238         atomic_set(&conn->refcnt, 0);
 239
 240         hci_dev_hold(hdev);
 241
 242         tasklet_disable(&hdev->tx_task);
 243
 244         hci_conn_hash_add(hdev, conn);
 245         if (hdev->notify)
 246                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
 247
 248         hci_conn_add_sysfs(conn);
 249
 250         tasklet_enable(&hdev->tx_task);
 251
 252         return conn;
 253 }
 254
 255 int hci_conn_del(struct hci_conn *conn)
 256 {
 257         struct hci_dev *hdev = conn->hdev;
 258
 259         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
 260
 261         del_timer(&conn->idle_timer);
 262
 263         del_timer(&conn->disc_timer);
 264
 265         if (conn->type == ACL_LINK) {
 266                 struct hci_conn *sco = conn->link;
 267                 if (sco)
 268                         sco->link = NULL;
 269
 270                 /* Unacked frames */
 271                 hdev->acl_cnt += conn->sent;
 272         } else {
 273                 struct hci_conn *acl = conn->link;
 274                 if (acl) {
 275                         acl->link = NULL;
 276                         hci_conn_put(acl);
 277                 }
 278         }
 279
 280         tasklet_disable(&hdev->tx_task);
 281         hci_conn_hash_del(hdev, conn);
 282         if (hdev->notify)
 283                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
 284         tasklet_enable(&hdev->tx_task);
 285         skb_queue_purge(&conn->data_q);
 286         hci_conn_del_sysfs(conn);
 287
 288         return 0;
 289 }
 290
 291 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
 292 {
 293         int use_src = bacmp(src, BDADDR_ANY);
 294         struct hci_dev *hdev = NULL;
 295         struct list_head *p;
 296
 297         BT_DBG("%s -> %s", batostr(src), batostr(dst));
 298
 299         read_lock_bh(&hci_dev_list_lock);
 300
 301         list_for_each(p, &hci_dev_list) {
 302                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
 303
 304                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
 305                         continue;
 306
 307                 /* Simple routing:
 308                  *   No source address - find interface with bdaddr != dst
 309                  *   Source address    - find interface with bdaddr == src
 310                  */
 311
 312                 if (use_src) {
 313                         if (!bacmp(&d->bdaddr, src)) {
 314                                 hdev = d; break;
 315                         }
 316                 } else {
 317                         if (bacmp(&d->bdaddr, dst)) {
 318                                 hdev = d; break;
 319                         }
 320                 }
 321         }
 322
 323         if (hdev)
 324                 hdev = hci_dev_hold(hdev);
 325
 326         read_unlock_bh(&hci_dev_list_lock);
 327         return hdev;
 328 }
 329 EXPORT_SYMBOL(hci_get_route);
 330
 331 /* Create SCO or ACL connection.
 332  * Device _must_ be locked */
 333 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
 334 {
 335         struct hci_conn *acl;
 336         struct hci_conn *sco;
 337
 338         BT_DBG("%s dst %s", hdev->name, batostr(dst));
 339
 340         if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
 341                 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
 342                         return NULL;
 343         }
 344
 345         hci_conn_hold(acl);
 346
 347         if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
 348                 hci_acl_connect(acl);
 349
 350         if (type == ACL_LINK)
 351                 return acl;
 352
 353         if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
 354                 if (!(sco = hci_conn_add(hdev, type, dst))) {
 355                         hci_conn_put(acl);
 356                         return NULL;
 357                 }
 358         }
 359
 360         acl->link = sco;
 361         sco->link = acl;
 362
 363         hci_conn_hold(sco);
 364
 365         if (acl->state == BT_CONNECTED &&
 366                         (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
 367                 if (lmp_esco_capable(hdev))
 368                         hci_setup_sync(sco, acl->handle);
 369                 else
 370                         hci_add_sco(sco, acl->handle);
 371         }
 372
 373         return sco;
 374 }
 375 EXPORT_SYMBOL(hci_connect);
 376
 377 /* Authenticate remote device */
 378 int hci_conn_auth(struct hci_conn *conn)
 379 {
 380         BT_DBG("conn %p", conn);
 381
 382         if (conn->link_mode & HCI_LM_AUTH)
 383                 return 1;
 384
 385         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
 386                 struct hci_cp_auth_requested cp;
 387                 cp.handle = cpu_to_le16(conn->handle);
 388                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
 389         }
 390         return 0;
 391 }
 392 EXPORT_SYMBOL(hci_conn_auth);
 393
 394 /* Enable encryption */
 395 int hci_conn_encrypt(struct hci_conn *conn)
 396 {
 397         BT_DBG("conn %p", conn);
 398
 399         if (conn->link_mode & HCI_LM_ENCRYPT)
 400                 return 1;
 401
 402         if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
 403                 return 0;
 404
 405         if (hci_conn_auth(conn)) {
 406                 struct hci_cp_set_conn_encrypt cp;
 407                 cp.handle  = cpu_to_le16(conn->handle);
 408                 cp.encrypt = 1;
 409                 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
 410         }
 411         return 0;
 412 }
 413 EXPORT_SYMBOL(hci_conn_encrypt);
 414
 415 /* Change link key */
 416 int hci_conn_change_link_key(struct hci_conn *conn)
 417 {
 418         BT_DBG("conn %p", conn);
 419
 420         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
 421                 struct hci_cp_change_conn_link_key cp;
 422                 cp.handle = cpu_to_le16(conn->handle);
 423                 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
 424         }
 425         return 0;
 426 }
 427 EXPORT_SYMBOL(hci_conn_change_link_key);
 428
 429 /* Switch role */
 430 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
 431 {
 432         BT_DBG("conn %p", conn);
 433
 434         if (!role && conn->link_mode & HCI_LM_MASTER)
 435                 return 1;
 436
 437         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
 438                 struct hci_cp_switch_role cp;
 439                 bacpy(&cp.bdaddr, &conn->dst);
 440                 cp.role = role;
 441                 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
 442         }
 443         return 0;
 444 }
 445 EXPORT_SYMBOL(hci_conn_switch_role);
 446
 447 /* Enter active mode */
 448 void hci_conn_enter_active_mode(struct hci_conn *conn)
 449 {
 450         struct hci_dev *hdev = conn->hdev;
 451
 452         BT_DBG("conn %p mode %d", conn, conn->mode);
 453
 454         if (test_bit(HCI_RAW, &hdev->flags))
 455                 return;
 456
 457         if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
 458                 goto timer;
 459
 460         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
 461                 struct hci_cp_exit_sniff_mode cp;
 462                 cp.handle = cpu_to_le16(conn->handle);
 463                 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
 464         }
 465
 466 timer:
 467         if (hdev->idle_timeout > 0)
 468                 mod_timer(&conn->idle_timer,
 469                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
 470 }
 471
 472 /* Enter sniff mode */
 473 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
 474 {
 475         struct hci_dev *hdev = conn->hdev;
 476
 477         BT_DBG("conn %p mode %d", conn, conn->mode);
 478
 479         if (test_bit(HCI_RAW, &hdev->flags))
 480                 return;
 481
 482         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
 483                 return;
 484
 485         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
 486                 return;
 487
 488         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
 489                 struct hci_cp_sniff_subrate cp;
 490                 cp.handle             = cpu_to_le16(conn->handle);
 491                 cp.max_latency        = cpu_to_le16(0);
 492                 cp.min_remote_timeout = cpu_to_le16(0);
 493                 cp.min_local_timeout  = cpu_to_le16(0);
 494                 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
 495         }
 496
 497         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
 498                 struct hci_cp_sniff_mode cp;
 499                 cp.handle       = cpu_to_le16(conn->handle);
 500                 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
 501                 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
 502                 cp.attempt      = cpu_to_le16(4);
 503                 cp.timeout      = cpu_to_le16(1);
 504                 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
 505         }
 506 }
 507
 508 /* Drop all connection on the device */
 509 void hci_conn_hash_flush(struct hci_dev *hdev)
 510 {
 511         struct hci_conn_hash *h = &hdev->conn_hash;
 512         struct list_head *p;
 513
 514         BT_DBG("hdev %s", hdev->name);
 515
 516         p = h->list.next;
 517         while (p != &h->list) {
 518                 struct hci_conn *c;
 519
 520                 c = list_entry(p, struct hci_conn, list);
 521                 p = p->next;
 522
 523                 c->state = BT_CLOSED;
 524
 525                 hci_proto_disconn_ind(c, 0x16);
 526                 hci_conn_del(c);
 527         }
 528 }
 529
 530 /* Check pending connect attempts */
 531 void hci_conn_check_pending(struct hci_dev *hdev)
 532 {
 533         struct hci_conn *conn;
 534
 535         BT_DBG("hdev %s", hdev->name);
 536
 537         hci_dev_lock(hdev);
 538
 539         conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
 540         if (conn)
 541                 hci_acl_connect(conn);
 542
 543         hci_dev_unlock(hdev);
 544 }
 545
 546 int hci_get_conn_list(void __user *arg)
 547 {
 548         struct hci_conn_list_req req, *cl;
 549         struct hci_conn_info *ci;
 550         struct hci_dev *hdev;
 551         struct list_head *p;
 552         int n = 0, size, err;
 553
 554         if (copy_from_user(&req, arg, sizeof(req)))
 555                 return -EFAULT;
 556
 557         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
 558                 return -EINVAL;
 559
 560         size = sizeof(req) + req.conn_num * sizeof(*ci);
 561
 562         if (!(cl = kmalloc(size, GFP_KERNEL)))
 563                 return -ENOMEM;
 564
 565         if (!(hdev = hci_dev_get(req.dev_id))) {
 566                 kfree(cl);
 567                 return -ENODEV;
 568         }
 569
 570         ci = cl->conn_info;
 571
 572         hci_dev_lock_bh(hdev);
 573         list_for_each(p, &hdev->conn_hash.list) {
 574                 register struct hci_conn *c;
 575                 c = list_entry(p, struct hci_conn, list);
 576
 577                 bacpy(&(ci + n)->bdaddr, &c->dst);
 578                 (ci + n)->handle = c->handle;
 579                 (ci + n)->type  = c->type;
 580                 (ci + n)->out   = c->out;
 581                 (ci + n)->state = c->state;
 582                 (ci + n)->link_mode = c->link_mode;
 583                 if (++n >= req.conn_num)
 584                         break;
 585         }
 586         hci_dev_unlock_bh(hdev);
 587
 588         cl->dev_id = hdev->id;
 589         cl->conn_num = n;
 590         size = sizeof(req) + n * sizeof(*ci);
 591
 592         hci_dev_put(hdev);
 593
 594         err = copy_to_user(arg, cl, size);
 595         kfree(cl);
 596
 597         return err ? -EFAULT : 0;
 598 }
 599
 600 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
 601 {
 602         struct hci_conn_info_req req;
 603         struct hci_conn_info ci;
 604         struct hci_conn *conn;
 605         char __user *ptr = arg + sizeof(req);
 606
 607         if (copy_from_user(&req, arg, sizeof(req)))
 608                 return -EFAULT;
 609
 610         hci_dev_lock_bh(hdev);
 611         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
 612         if (conn) {
 613                 bacpy(&ci.bdaddr, &conn->dst);
 614                 ci.handle = conn->handle;
 615                 ci.type  = conn->type;
 616                 ci.out   = conn->out;
 617                 ci.state = conn->state;
 618                 ci.link_mode = conn->link_mode;
 619         }
 620         hci_dev_unlock_bh(hdev);
 621
 622         if (!conn)
 623                 return -ENOENT;
 624
 625         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
 626 }