projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net/xfrm/xfrm_output.c: move EXPORT_SYMBOL
[deliverable/linux.git] / net / bluetooth / hci_conn.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/export.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31
32 #include "smp.h"
33 #include "a2mp.h"
34
35 struct sco_param {
36 u16 pkt_type;
37 u16 max_latency;
38 };
39
40 static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
46 };
47
48 static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
51 };
52
53 static void hci_le_create_connection_cancel(struct hci_conn *conn)
54 {
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
56 }
57
58 static void hci_acl_create_connection(struct hci_conn *conn)
59 {
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
63
64 BT_DBG("hcon %p", conn);
65
66 conn->state = BT_CONNECT;
67 conn->out = true;
68
69 conn->link_mode = HCI_LM_MASTER;
70
71 conn->attempt++;
72
73 conn->link_policy = hdev->link_policy;
74
75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
78
79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
80 if (ie) {
81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
85 cpu_to_le16(0x8000);
86 }
87
88 memcpy(conn->dev_class, ie->data.dev_class, 3);
89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
91 }
92
93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
95 cp.role_switch = 0x01;
96 else
97 cp.role_switch = 0x00;
98
99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
100 }
101
102 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
103 {
104 struct hci_cp_create_conn_cancel cp;
105
106 BT_DBG("hcon %p", conn);
107
108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
109 return;
110
111 bacpy(&cp.bdaddr, &conn->dst);
112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
113 }
114
115 static void hci_reject_sco(struct hci_conn *conn)
116 {
117 struct hci_cp_reject_sync_conn_req cp;
118
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
121
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
123 }
124
125 void hci_disconnect(struct hci_conn *conn, __u8 reason)
126 {
127 struct hci_cp_disconnect cp;
128
129 BT_DBG("hcon %p", conn);
130
131 conn->state = BT_DISCONN;
132
133 cp.handle = cpu_to_le16(conn->handle);
134 cp.reason = reason;
135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
136 }
137
138 static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
139 {
140 struct hci_cp_disconn_phy_link cp;
141
142 BT_DBG("hcon %p", conn);
143
144 conn->state = BT_DISCONN;
145
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
147 cp.reason = reason;
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
149 sizeof(cp), &cp);
150 }
151
152 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
153 {
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
156
157 BT_DBG("hcon %p", conn);
158
159 conn->state = BT_CONNECT;
160 conn->out = true;
161
162 conn->attempt++;
163
164 cp.handle = cpu_to_le16(handle);
165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
166
167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
168 }
169
170 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
171 {
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
174 const struct sco_param *param;
175
176 BT_DBG("hcon %p", conn);
177
178 conn->state = BT_CONNECT;
179 conn->out = true;
180
181 conn->attempt++;
182
183 cp.handle = cpu_to_le16(handle);
184
185 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
187 cp.voice_setting = cpu_to_le16(conn->setting);
188
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
192 return false;
193 cp.retrans_effort = 0x02;
194 param = &sco_param_wideband[conn->attempt - 1];
195 break;
196 case SCO_AIRMODE_CVSD:
197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
198 return false;
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
201 break;
202 default:
203 return false;
204 }
205
206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
208
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
210 return false;
211
212 return true;
213 }
214
215 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
216 u16 latency, u16 to_multiplier)
217 {
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
220
221 memset(&cp, 0, sizeof(cp));
222
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
228 cp.min_ce_len = cpu_to_le16(0x0000);
229 cp.max_ce_len = cpu_to_le16(0x0000);
230
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
232 }
233
234 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
235 __u8 ltk[16])
236 {
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
239
240 BT_DBG("hcon %p", conn);
241
242 memset(&cp, 0, sizeof(cp));
243
244 cp.handle = cpu_to_le16(conn->handle);
245 cp.rand = rand;
246 cp.ediv = ediv;
247 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
248
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
250 }
251
252 /* Device _must_ be locked */
253 void hci_sco_setup(struct hci_conn *conn, __u8 status)
254 {
255 struct hci_conn *sco = conn->link;
256
257 if (!sco)
258 return;
259
260 BT_DBG("hcon %p", conn);
261
262 if (!status) {
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
265 else
266 hci_add_sco(sco, conn->handle);
267 } else {
268 hci_proto_connect_cfm(sco, status);
269 hci_conn_del(sco);
270 }
271 }
272
273 static void hci_conn_disconnect(struct hci_conn *conn)
274 {
275 __u8 reason = hci_proto_disconn_ind(conn);
276
277 switch (conn->type) {
278 case AMP_LINK:
279 hci_amp_disconn(conn, reason);
280 break;
281 default:
282 hci_disconnect(conn, reason);
283 break;
284 }
285 }
286
287 static void hci_conn_timeout(struct work_struct *work)
288 {
289 struct hci_conn *conn = container_of(work, struct hci_conn,
290 disc_work.work);
291
292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
293
294 if (atomic_read(&conn->refcnt))
295 return;
296
297 switch (conn->state) {
298 case BT_CONNECT:
299 case BT_CONNECT2:
300 if (conn->out) {
301 if (conn->type == ACL_LINK)
302 hci_acl_create_connection_cancel(conn);
303 else if (conn->type == LE_LINK)
304 hci_le_create_connection_cancel(conn);
305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
307 }
308 break;
309 case BT_CONFIG:
310 case BT_CONNECTED:
311 hci_conn_disconnect(conn);
312 break;
313 default:
314 conn->state = BT_CLOSED;
315 break;
316 }
317 }
318
319 /* Enter sniff mode */
320 static void hci_conn_idle(struct work_struct *work)
321 {
322 struct hci_conn *conn = container_of(work, struct hci_conn,
323 idle_work.work);
324 struct hci_dev *hdev = conn->hdev;
325
326 BT_DBG("hcon %p mode %d", conn, conn->mode);
327
328 if (test_bit(HCI_RAW, &hdev->flags))
329 return;
330
331 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
332 return;
333
334 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
335 return;
336
337 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
338 struct hci_cp_sniff_subrate cp;
339 cp.handle = cpu_to_le16(conn->handle);
340 cp.max_latency = cpu_to_le16(0);
341 cp.min_remote_timeout = cpu_to_le16(0);
342 cp.min_local_timeout = cpu_to_le16(0);
343 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
344 }
345
346 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
347 struct hci_cp_sniff_mode cp;
348 cp.handle = cpu_to_le16(conn->handle);
349 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
350 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
351 cp.attempt = cpu_to_le16(4);
352 cp.timeout = cpu_to_le16(1);
353 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
354 }
355 }
356
357 static void hci_conn_auto_accept(struct work_struct *work)
358 {
359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 auto_accept_work.work);
361
362 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
363 &conn->dst);
364 }
365
366 static void le_conn_timeout(struct work_struct *work)
367 {
368 struct hci_conn *conn = container_of(work, struct hci_conn,
369 le_conn_timeout.work);
370
371 BT_DBG("");
372
373 hci_le_create_connection_cancel(conn);
374 }
375
376 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
377 {
378 struct hci_conn *conn;
379
380 BT_DBG("%s dst %pMR", hdev->name, dst);
381
382 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
383 if (!conn)
384 return NULL;
385
386 bacpy(&conn->dst, dst);
387 bacpy(&conn->src, &hdev->bdaddr);
388 conn->hdev = hdev;
389 conn->type = type;
390 conn->mode = HCI_CM_ACTIVE;
391 conn->state = BT_OPEN;
392 conn->auth_type = HCI_AT_GENERAL_BONDING;
393 conn->io_capability = hdev->io_capability;
394 conn->remote_auth = 0xff;
395 conn->key_type = 0xff;
396
397 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
398 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
399
400 switch (type) {
401 case ACL_LINK:
402 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
403 break;
404 case SCO_LINK:
405 if (lmp_esco_capable(hdev))
406 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
407 (hdev->esco_type & EDR_ESCO_MASK);
408 else
409 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
410 break;
411 case ESCO_LINK:
412 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
413 break;
414 }
415
416 skb_queue_head_init(&conn->data_q);
417
418 INIT_LIST_HEAD(&conn->chan_list);
419
420 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
421 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
422 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
423 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
424
425 atomic_set(&conn->refcnt, 0);
426
427 hci_dev_hold(hdev);
428
429 hci_conn_hash_add(hdev, conn);
430 if (hdev->notify)
431 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
432
433 hci_conn_init_sysfs(conn);
434
435 return conn;
436 }
437
438 int hci_conn_del(struct hci_conn *conn)
439 {
440 struct hci_dev *hdev = conn->hdev;
441
442 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
443
444 cancel_delayed_work_sync(&conn->disc_work);
445 cancel_delayed_work_sync(&conn->auto_accept_work);
446 cancel_delayed_work_sync(&conn->idle_work);
447
448 if (conn->type == ACL_LINK) {
449 struct hci_conn *sco = conn->link;
450 if (sco)
451 sco->link = NULL;
452
453 /* Unacked frames */
454 hdev->acl_cnt += conn->sent;
455 } else if (conn->type == LE_LINK) {
456 cancel_delayed_work_sync(&conn->le_conn_timeout);
457
458 if (hdev->le_pkts)
459 hdev->le_cnt += conn->sent;
460 else
461 hdev->acl_cnt += conn->sent;
462 } else {
463 struct hci_conn *acl = conn->link;
464 if (acl) {
465 acl->link = NULL;
466 hci_conn_drop(acl);
467 }
468 }
469
470 hci_chan_list_flush(conn);
471
472 if (conn->amp_mgr)
473 amp_mgr_put(conn->amp_mgr);
474
475 hci_conn_hash_del(hdev, conn);
476 if (hdev->notify)
477 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
478
479 skb_queue_purge(&conn->data_q);
480
481 hci_conn_del_sysfs(conn);
482
483 hci_dev_put(hdev);
484
485 hci_conn_put(conn);
486
487 return 0;
488 }
489
490 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
491 {
492 int use_src = bacmp(src, BDADDR_ANY);
493 struct hci_dev *hdev = NULL, *d;
494
495 BT_DBG("%pMR -> %pMR", src, dst);
496
497 read_lock(&hci_dev_list_lock);
498
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (!test_bit(HCI_UP, &d->flags) ||
501 test_bit(HCI_RAW, &d->flags) ||
502 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
503 d->dev_type != HCI_BREDR)
504 continue;
505
506 /* Simple routing:
507 * No source address - find interface with bdaddr != dst
508 * Source address - find interface with bdaddr == src
509 */
510
511 if (use_src) {
512 if (!bacmp(&d->bdaddr, src)) {
513 hdev = d; break;
514 }
515 } else {
516 if (bacmp(&d->bdaddr, dst)) {
517 hdev = d; break;
518 }
519 }
520 }
521
522 if (hdev)
523 hdev = hci_dev_hold(hdev);
524
525 read_unlock(&hci_dev_list_lock);
526 return hdev;
527 }
528 EXPORT_SYMBOL(hci_get_route);
529
530 /* This function requires the caller holds hdev->lock */
531 void hci_le_conn_failed(struct hci_conn *conn, u8 status)
532 {
533 struct hci_dev *hdev = conn->hdev;
534
535 conn->state = BT_CLOSED;
536
537 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
538 status);
539
540 hci_proto_connect_cfm(conn, status);
541
542 hci_conn_del(conn);
543
544 /* Since we may have temporarily stopped the background scanning in
545 * favor of connection establishment, we should restart it.
546 */
547 hci_update_background_scan(hdev);
548 }
549
550 static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
551 {
552 struct hci_conn *conn;
553
554 if (status == 0)
555 return;
556
557 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
558 status);
559
560 hci_dev_lock(hdev);
561
562 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
563 if (!conn)
564 goto done;
565
566 hci_le_conn_failed(conn, status);
567
568 done:
569 hci_dev_unlock(hdev);
570 }
571
572 static void hci_req_add_le_create_conn(struct hci_request *req,
573 struct hci_conn *conn)
574 {
575 struct hci_cp_le_create_conn cp;
576 struct hci_dev *hdev = conn->hdev;
577 u8 own_addr_type;
578
579 memset(&cp, 0, sizeof(cp));
580
581 /* Update random address, but set require_privacy to false so
582 * that we never connect with an unresolvable address.
583 */
584 if (hci_update_random_address(req, false, &own_addr_type))
585 return;
586
587 /* Save the address type used for this connnection attempt so we able
588 * to retrieve this information if we need it.
589 */
590 conn->src_type = own_addr_type;
591
592 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
593 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
594 bacpy(&cp.peer_addr, &conn->dst);
595 cp.peer_addr_type = conn->dst_type;
596 cp.own_address_type = own_addr_type;
597 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
598 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
599 cp.supervision_timeout = cpu_to_le16(0x002a);
600 cp.min_ce_len = cpu_to_le16(0x0000);
601 cp.max_ce_len = cpu_to_le16(0x0000);
602
603 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
604
605 conn->state = BT_CONNECT;
606 }
607
608 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
609 u8 dst_type, u8 sec_level, u8 auth_type)
610 {
611 struct hci_conn_params *params;
612 struct hci_conn *conn;
613 struct smp_irk *irk;
614 struct hci_request req;
615 int err;
616
617 if (test_bit(HCI_ADVERTISING, &hdev->flags))
618 return ERR_PTR(-ENOTSUPP);
619
620 /* Some devices send ATT messages as soon as the physical link is
621 * established. To be able to handle these ATT messages, the user-
622 * space first establishes the connection and then starts the pairing
623 * process.
624 *
625 * So if a hci_conn object already exists for the following connection
626 * attempt, we simply update pending_sec_level and auth_type fields
627 * and return the object found.
628 */
629 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
630 if (conn) {
631 conn->pending_sec_level = sec_level;
632 conn->auth_type = auth_type;
633 goto done;
634 }
635
636 /* Since the controller supports only one LE connection attempt at a
637 * time, we return -EBUSY if there is any connection attempt running.
638 */
639 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
640 if (conn)
641 return ERR_PTR(-EBUSY);
642
643 /* When given an identity address with existing identity
644 * resolving key, the connection needs to be established
645 * to a resolvable random address.
646 *
647 * This uses the cached random resolvable address from
648 * a previous scan. When no cached address is available,
649 * try connecting to the identity address instead.
650 *
651 * Storing the resolvable random address is required here
652 * to handle connection failures. The address will later
653 * be resolved back into the original identity address
654 * from the connect request.
655 */
656 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
657 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
658 dst = &irk->rpa;
659 dst_type = ADDR_LE_DEV_RANDOM;
660 }
661
662 conn = hci_conn_add(hdev, LE_LINK, dst);
663 if (!conn)
664 return ERR_PTR(-ENOMEM);
665
666 conn->dst_type = dst_type;
667
668 conn->out = true;
669 conn->link_mode |= HCI_LM_MASTER;
670 conn->sec_level = BT_SECURITY_LOW;
671 conn->pending_sec_level = sec_level;
672 conn->auth_type = auth_type;
673
674 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
675 if (params) {
676 conn->le_conn_min_interval = params->conn_min_interval;
677 conn->le_conn_max_interval = params->conn_max_interval;
678 } else {
679 conn->le_conn_min_interval = hdev->le_conn_min_interval;
680 conn->le_conn_max_interval = hdev->le_conn_max_interval;
681 }
682
683 hci_req_init(&req, hdev);
684
685 /* If controller is scanning, we stop it since some controllers are
686 * not able to scan and connect at the same time. Also set the
687 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
688 * handler for scan disabling knows to set the correct discovery
689 * state.
690 */
691 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
692 hci_req_add_le_scan_disable(&req);
693 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
694 }
695
696 hci_req_add_le_create_conn(&req, conn);
697
698 err = hci_req_run(&req, create_le_conn_complete);
699 if (err) {
700 hci_conn_del(conn);
701 return ERR_PTR(err);
702 }
703
704 done:
705 hci_conn_hold(conn);
706 return conn;
707 }
708
709 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
710 u8 sec_level, u8 auth_type)
711 {
712 struct hci_conn *acl;
713
714 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
715 return ERR_PTR(-ENOTSUPP);
716
717 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
718 if (!acl) {
719 acl = hci_conn_add(hdev, ACL_LINK, dst);
720 if (!acl)
721 return ERR_PTR(-ENOMEM);
722 }
723
724 hci_conn_hold(acl);
725
726 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
727 acl->sec_level = BT_SECURITY_LOW;
728 acl->pending_sec_level = sec_level;
729 acl->auth_type = auth_type;
730 hci_acl_create_connection(acl);
731 }
732
733 return acl;
734 }
735
736 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
737 __u16 setting)
738 {
739 struct hci_conn *acl;
740 struct hci_conn *sco;
741
742 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
743 if (IS_ERR(acl))
744 return acl;
745
746 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
747 if (!sco) {
748 sco = hci_conn_add(hdev, type, dst);
749 if (!sco) {
750 hci_conn_drop(acl);
751 return ERR_PTR(-ENOMEM);
752 }
753 }
754
755 acl->link = sco;
756 sco->link = acl;
757
758 hci_conn_hold(sco);
759
760 sco->setting = setting;
761
762 if (acl->state == BT_CONNECTED &&
763 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
764 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
765 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
766
767 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
768 /* defer SCO setup until mode change completed */
769 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
770 return sco;
771 }
772
773 hci_sco_setup(acl, 0x00);
774 }
775
776 return sco;
777 }
778
779 /* Check link security requirement */
780 int hci_conn_check_link_mode(struct hci_conn *conn)
781 {
782 BT_DBG("hcon %p", conn);
783
784 /* In Secure Connections Only mode, it is required that Secure
785 * Connections is used and the link is encrypted with AES-CCM
786 * using a P-256 authenticated combination key.
787 */
788 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
789 if (!hci_conn_sc_enabled(conn) ||
790 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
791 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
792 return 0;
793 }
794
795 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
796 return 0;
797
798 return 1;
799 }
800
801 /* Authenticate remote device */
802 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
803 {
804 BT_DBG("hcon %p", conn);
805
806 if (conn->pending_sec_level > sec_level)
807 sec_level = conn->pending_sec_level;
808
809 if (sec_level > conn->sec_level)
810 conn->pending_sec_level = sec_level;
811 else if (conn->link_mode & HCI_LM_AUTH)
812 return 1;
813
814 /* Make sure we preserve an existing MITM requirement*/
815 auth_type |= (conn->auth_type & 0x01);
816
817 conn->auth_type = auth_type;
818
819 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
820 struct hci_cp_auth_requested cp;
821
822 /* encrypt must be pending if auth is also pending */
823 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
824
825 cp.handle = cpu_to_le16(conn->handle);
826 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
827 sizeof(cp), &cp);
828 if (conn->key_type != 0xff)
829 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
830 }
831
832 return 0;
833 }
834
835 /* Encrypt the the link */
836 static void hci_conn_encrypt(struct hci_conn *conn)
837 {
838 BT_DBG("hcon %p", conn);
839
840 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
841 struct hci_cp_set_conn_encrypt cp;
842 cp.handle = cpu_to_le16(conn->handle);
843 cp.encrypt = 0x01;
844 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
845 &cp);
846 }
847 }
848
849 /* Enable security */
850 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
851 {
852 BT_DBG("hcon %p", conn);
853
854 if (conn->type == LE_LINK)
855 return smp_conn_security(conn, sec_level);
856
857 /* For sdp we don't need the link key. */
858 if (sec_level == BT_SECURITY_SDP)
859 return 1;
860
861 /* For non 2.1 devices and low security level we don't need the link
862 key. */
863 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
864 return 1;
865
866 /* For other security levels we need the link key. */
867 if (!(conn->link_mode & HCI_LM_AUTH))
868 goto auth;
869
870 /* An authenticated FIPS approved combination key has sufficient
871 * security for security level 4. */
872 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
873 sec_level == BT_SECURITY_FIPS)
874 goto encrypt;
875
876 /* An authenticated combination key has sufficient security for
877 security level 3. */
878 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
879 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
880 sec_level == BT_SECURITY_HIGH)
881 goto encrypt;
882
883 /* An unauthenticated combination key has sufficient security for
884 security level 1 and 2. */
885 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
886 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
887 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
888 goto encrypt;
889
890 /* A combination key has always sufficient security for the security
891 levels 1 or 2. High security level requires the combination key
892 is generated using maximum PIN code length (16).
893 For pre 2.1 units. */
894 if (conn->key_type == HCI_LK_COMBINATION &&
895 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
896 conn->pin_length == 16))
897 goto encrypt;
898
899 auth:
900 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
901 return 0;
902
903 if (!hci_conn_auth(conn, sec_level, auth_type))
904 return 0;
905
906 encrypt:
907 if (conn->link_mode & HCI_LM_ENCRYPT)
908 return 1;
909
910 hci_conn_encrypt(conn);
911 return 0;
912 }
913 EXPORT_SYMBOL(hci_conn_security);
914
915 /* Check secure link requirement */
916 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
917 {
918 BT_DBG("hcon %p", conn);
919
920 /* Accept if non-secure or higher security level is required */
921 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
922 return 1;
923
924 /* Accept if secure or higher security level is already present */
925 if (conn->sec_level == BT_SECURITY_HIGH ||
926 conn->sec_level == BT_SECURITY_FIPS)
927 return 1;
928
929 /* Reject not secure link */
930 return 0;
931 }
932 EXPORT_SYMBOL(hci_conn_check_secure);
933
934 /* Change link key */
935 int hci_conn_change_link_key(struct hci_conn *conn)
936 {
937 BT_DBG("hcon %p", conn);
938
939 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
940 struct hci_cp_change_conn_link_key cp;
941 cp.handle = cpu_to_le16(conn->handle);
942 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
943 sizeof(cp), &cp);
944 }
945
946 return 0;
947 }
948
949 /* Switch role */
950 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
951 {
952 BT_DBG("hcon %p", conn);
953
954 if (!role && conn->link_mode & HCI_LM_MASTER)
955 return 1;
956
957 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
958 struct hci_cp_switch_role cp;
959 bacpy(&cp.bdaddr, &conn->dst);
960 cp.role = role;
961 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
962 }
963
964 return 0;
965 }
966 EXPORT_SYMBOL(hci_conn_switch_role);
967
968 /* Enter active mode */
969 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
970 {
971 struct hci_dev *hdev = conn->hdev;
972
973 BT_DBG("hcon %p mode %d", conn, conn->mode);
974
975 if (test_bit(HCI_RAW, &hdev->flags))
976 return;
977
978 if (conn->mode != HCI_CM_SNIFF)
979 goto timer;
980
981 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
982 goto timer;
983
984 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
985 struct hci_cp_exit_sniff_mode cp;
986 cp.handle = cpu_to_le16(conn->handle);
987 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
988 }
989
990 timer:
991 if (hdev->idle_timeout > 0)
992 queue_delayed_work(hdev->workqueue, &conn->idle_work,
993 msecs_to_jiffies(hdev->idle_timeout));
994 }
995
996 /* Drop all connection on the device */
997 void hci_conn_hash_flush(struct hci_dev *hdev)
998 {
999 struct hci_conn_hash *h = &hdev->conn_hash;
1000 struct hci_conn *c, *n;
1001
1002 BT_DBG("hdev %s", hdev->name);
1003
1004 list_for_each_entry_safe(c, n, &h->list, list) {
1005 c->state = BT_CLOSED;
1006
1007 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1008 hci_conn_del(c);
1009 }
1010 }
1011
1012 /* Check pending connect attempts */
1013 void hci_conn_check_pending(struct hci_dev *hdev)
1014 {
1015 struct hci_conn *conn;
1016
1017 BT_DBG("hdev %s", hdev->name);
1018
1019 hci_dev_lock(hdev);
1020
1021 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1022 if (conn)
1023 hci_acl_create_connection(conn);
1024
1025 hci_dev_unlock(hdev);
1026 }
1027
1028 int hci_get_conn_list(void __user *arg)
1029 {
1030 struct hci_conn *c;
1031 struct hci_conn_list_req req, *cl;
1032 struct hci_conn_info *ci;
1033 struct hci_dev *hdev;
1034 int n = 0, size, err;
1035
1036 if (copy_from_user(&req, arg, sizeof(req)))
1037 return -EFAULT;
1038
1039 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1040 return -EINVAL;
1041
1042 size = sizeof(req) + req.conn_num * sizeof(*ci);
1043
1044 cl = kmalloc(size, GFP_KERNEL);
1045 if (!cl)
1046 return -ENOMEM;
1047
1048 hdev = hci_dev_get(req.dev_id);
1049 if (!hdev) {
1050 kfree(cl);
1051 return -ENODEV;
1052 }
1053
1054 ci = cl->conn_info;
1055
1056 hci_dev_lock(hdev);
1057 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1058 bacpy(&(ci + n)->bdaddr, &c->dst);
1059 (ci + n)->handle = c->handle;
1060 (ci + n)->type = c->type;
1061 (ci + n)->out = c->out;
1062 (ci + n)->state = c->state;
1063 (ci + n)->link_mode = c->link_mode;
1064 if (++n >= req.conn_num)
1065 break;
1066 }
1067 hci_dev_unlock(hdev);
1068
1069 cl->dev_id = hdev->id;
1070 cl->conn_num = n;
1071 size = sizeof(req) + n * sizeof(*ci);
1072
1073 hci_dev_put(hdev);
1074
1075 err = copy_to_user(arg, cl, size);
1076 kfree(cl);
1077
1078 return err ? -EFAULT : 0;
1079 }
1080
1081 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1082 {
1083 struct hci_conn_info_req req;
1084 struct hci_conn_info ci;
1085 struct hci_conn *conn;
1086 char __user *ptr = arg + sizeof(req);
1087
1088 if (copy_from_user(&req, arg, sizeof(req)))
1089 return -EFAULT;
1090
1091 hci_dev_lock(hdev);
1092 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1093 if (conn) {
1094 bacpy(&ci.bdaddr, &conn->dst);
1095 ci.handle = conn->handle;
1096 ci.type = conn->type;
1097 ci.out = conn->out;
1098 ci.state = conn->state;
1099 ci.link_mode = conn->link_mode;
1100 }
1101 hci_dev_unlock(hdev);
1102
1103 if (!conn)
1104 return -ENOENT;
1105
1106 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1107 }
1108
1109 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1110 {
1111 struct hci_auth_info_req req;
1112 struct hci_conn *conn;
1113
1114 if (copy_from_user(&req, arg, sizeof(req)))
1115 return -EFAULT;
1116
1117 hci_dev_lock(hdev);
1118 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1119 if (conn)
1120 req.type = conn->auth_type;
1121 hci_dev_unlock(hdev);
1122
1123 if (!conn)
1124 return -ENOENT;
1125
1126 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1127 }
1128
1129 struct hci_chan *hci_chan_create(struct hci_conn *conn)
1130 {
1131 struct hci_dev *hdev = conn->hdev;
1132 struct hci_chan *chan;
1133
1134 BT_DBG("%s hcon %p", hdev->name, conn);
1135
1136 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
1137 if (!chan)
1138 return NULL;
1139
1140 chan->conn = conn;
1141 skb_queue_head_init(&chan->data_q);
1142 chan->state = BT_CONNECTED;
1143
1144 list_add_rcu(&chan->list, &conn->chan_list);
1145
1146 return chan;
1147 }
1148
1149 void hci_chan_del(struct hci_chan *chan)
1150 {
1151 struct hci_conn *conn = chan->conn;
1152 struct hci_dev *hdev = conn->hdev;
1153
1154 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
1155
1156 list_del_rcu(&chan->list);
1157
1158 synchronize_rcu();
1159
1160 hci_conn_drop(conn);
1161
1162 skb_queue_purge(&chan->data_q);
1163 kfree(chan);
1164 }
1165
1166 void hci_chan_list_flush(struct hci_conn *conn)
1167 {
1168 struct hci_chan *chan, *n;
1169
1170 BT_DBG("hcon %p", conn);
1171
1172 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
1173 hci_chan_del(chan);
1174 }
1175
1176 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1177 __u16 handle)
1178 {
1179 struct hci_chan *hchan;
1180
1181 list_for_each_entry(hchan, &hcon->chan_list, list) {
1182 if (hchan->handle == handle)
1183 return hchan;
1184 }
1185
1186 return NULL;
1187 }
1188
1189 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1190 {
1191 struct hci_conn_hash *h = &hdev->conn_hash;
1192 struct hci_conn *hcon;
1193 struct hci_chan *hchan = NULL;
1194
1195 rcu_read_lock();
1196
1197 list_for_each_entry_rcu(hcon, &h->list, list) {
1198 hchan = __hci_chan_lookup_handle(hcon, handle);
1199 if (hchan)
1200 break;
1201 }
1202
1203 rcu_read_unlock();
1204
1205 return hchan;
1206 }
Linux kernel - Deliverables
This page took 0.142095 seconds and 5 git commands to generate.