Gitiles
Code Review Sign In
192.168.1.100 / R306 / b760bd950b4f56dbe34f084dbd1c5c6d08ef08e8 / . / ap / os / linux / linux-3.4.x / net / bluetooth / hci_conn.c
blob: f767b8786f91ee1c08222111cbd6f1f3dfcc8849 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <net/sock.h>
39
40#include <linux/uaccess.h>
41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45#include <net/bluetooth/smp.h>
46
47static void hci_le_connect(struct hci_conn *conn)
48{
49 struct hci_dev *hdev = conn->hdev;
50 struct hci_cp_le_create_conn cp;
51
52 conn->state = BT_CONNECT;
53 conn->out = true;
54 conn->link_mode |= HCI_LM_MASTER;
55 conn->sec_level = BT_SECURITY_LOW;
56
57 memset(&cp, 0, sizeof(cp));
58 cp.scan_interval = cpu_to_le16(0x0060);
59 cp.scan_window = cpu_to_le16(0x0030);
60 bacpy(&cp.peer_addr, &conn->dst);
61 cp.peer_addr_type = conn->dst_type;
62 cp.conn_interval_min = cpu_to_le16(0x0028);
63 cp.conn_interval_max = cpu_to_le16(0x0038);
64 cp.supervision_timeout = cpu_to_le16(0x002a);
65 cp.min_ce_len = cpu_to_le16(0x0000);
66 cp.max_ce_len = cpu_to_le16(0x0000);
67
68 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
69}
70
71static void hci_le_connect_cancel(struct hci_conn *conn)
72{
73 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
74}
75
76void hci_acl_connect(struct hci_conn *conn)
77{
78 struct hci_dev *hdev = conn->hdev;
79 struct inquiry_entry *ie;
80 struct hci_cp_create_conn cp;
81
82 BT_DBG("hcon %p", conn);
83
84 conn->state = BT_CONNECT;
85 conn->out = true;
86
87 conn->link_mode = HCI_LM_MASTER;
88
89 conn->attempt++;
90
91 conn->link_policy = hdev->link_policy;
92
93 memset(&cp, 0, sizeof(cp));
94 bacpy(&cp.bdaddr, &conn->dst);
95 cp.pscan_rep_mode = 0x02;
96
97 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
98 if (ie) {
99 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
100 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
101 cp.pscan_mode = ie->data.pscan_mode;
102 cp.clock_offset = ie->data.clock_offset |
103 cpu_to_le16(0x8000);
104 }
105
106 memcpy(conn->dev_class, ie->data.dev_class, 3);
107 if (ie->data.ssp_mode > 0)
108 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
109 }
110
111 cp.pkt_type = cpu_to_le16(conn->pkt_type);
112 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
113 cp.role_switch = 0x01;
114 else
115 cp.role_switch = 0x00;
116
117 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
118}
119
120static void hci_acl_connect_cancel(struct hci_conn *conn)
121{
122 struct hci_cp_create_conn_cancel cp;
123
124 BT_DBG("%p", conn);
125
126 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
127 return;
128
129 bacpy(&cp.bdaddr, &conn->dst);
130 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
131}
132
133void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134{
135 struct hci_cp_disconnect cp;
136
137 BT_DBG("%p", conn);
138
139 conn->state = BT_DISCONN;
140
141 cp.handle = cpu_to_le16(conn->handle);
142 cp.reason = reason;
143 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
144}
145
146void hci_add_sco(struct hci_conn *conn, __u16 handle)
147{
148 struct hci_dev *hdev = conn->hdev;
149 struct hci_cp_add_sco cp;
150
151 BT_DBG("%p", conn);
152
153 conn->state = BT_CONNECT;
154 conn->out = true;
155
156 conn->attempt++;
157
158 cp.handle = cpu_to_le16(handle);
159 cp.pkt_type = cpu_to_le16(conn->pkt_type);
160
161 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
162}
163
164void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165{
166 struct hci_dev *hdev = conn->hdev;
167 struct hci_cp_setup_sync_conn cp;
168
169 BT_DBG("%p", conn);
170
171 conn->state = BT_CONNECT;
172 conn->out = true;
173
174 conn->attempt++;
175
176 cp.handle = cpu_to_le16(handle);
177 cp.pkt_type = cpu_to_le16(conn->pkt_type);
178
179 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
180 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
181 cp.max_latency = cpu_to_le16(0xffff);
182 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
183 cp.retrans_effort = 0xff;
184
185 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
186}
187
188void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189 u16 latency, u16 to_multiplier)
190{
191 struct hci_cp_le_conn_update cp;
192 struct hci_dev *hdev = conn->hdev;
193
194 memset(&cp, 0, sizeof(cp));
195
196 cp.handle = cpu_to_le16(conn->handle);
197 cp.conn_interval_min = cpu_to_le16(min);
198 cp.conn_interval_max = cpu_to_le16(max);
199 cp.conn_latency = cpu_to_le16(latency);
200 cp.supervision_timeout = cpu_to_le16(to_multiplier);
201 cp.min_ce_len = cpu_to_le16(0x0001);
202 cp.max_ce_len = cpu_to_le16(0x0001);
203
204 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205}
206EXPORT_SYMBOL(hci_le_conn_update);
207
208void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
209 __u8 ltk[16])
210{
211 struct hci_dev *hdev = conn->hdev;
212 struct hci_cp_le_start_enc cp;
213
214 BT_DBG("%p", conn);
215
216 memset(&cp, 0, sizeof(cp));
217
218 cp.handle = cpu_to_le16(conn->handle);
219 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220 cp.ediv = ediv;
221 memcpy(cp.rand, rand, sizeof(cp.rand));
222
223 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224}
225EXPORT_SYMBOL(hci_le_start_enc);
226
227void hci_le_ltk_neg_reply(struct hci_conn *conn)
228{
229 struct hci_dev *hdev = conn->hdev;
230 struct hci_cp_le_ltk_neg_reply cp;
231
232 BT_DBG("%p", conn);
233
234 memset(&cp, 0, sizeof(cp));
235
236 cp.handle = cpu_to_le16(conn->handle);
237
238 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
239}
240
241/* Device _must_ be locked */
242void hci_sco_setup(struct hci_conn *conn, __u8 status)
243{
244 struct hci_conn *sco = conn->link;
245
246 BT_DBG("%p", conn);
247
248 if (!sco)
249 return;
250
251 if (!status) {
252 if (lmp_esco_capable(conn->hdev))
253 hci_setup_sync(sco, conn->handle);
254 else
255 hci_add_sco(sco, conn->handle);
256 } else {
257 hci_proto_connect_cfm(sco, status);
258 hci_conn_del(sco);
259 }
260}
261
262static void hci_conn_timeout(struct work_struct *work)
263{
264 struct hci_conn *conn = container_of(work, struct hci_conn,
265 disc_work.work);
266 __u8 reason;
267
268 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
269
270 if (atomic_read(&conn->refcnt))
271 return;
272
273 switch (conn->state) {
274 case BT_CONNECT:
275 case BT_CONNECT2:
276 if (conn->out) {
277 if (conn->type == ACL_LINK)
278 hci_acl_connect_cancel(conn);
279 else if (conn->type == LE_LINK)
280 hci_le_connect_cancel(conn);
281 }
282 break;
283 case BT_CONFIG:
284 case BT_CONNECTED:
285 reason = hci_proto_disconn_ind(conn);
286 hci_acl_disconn(conn, reason);
287 break;
288 default:
289 conn->state = BT_CLOSED;
290 break;
291 }
292}
293
294/* Enter sniff mode */
295static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
296{
297 struct hci_dev *hdev = conn->hdev;
298
299 BT_DBG("conn %p mode %d", conn, conn->mode);
300
301 if (test_bit(HCI_RAW, &hdev->flags))
302 return;
303
304 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
305 return;
306
307 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
308 return;
309
310 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
311 struct hci_cp_sniff_subrate cp;
312 cp.handle = cpu_to_le16(conn->handle);
313 cp.max_latency = cpu_to_le16(0);
314 cp.min_remote_timeout = cpu_to_le16(0);
315 cp.min_local_timeout = cpu_to_le16(0);
316 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
317 }
318
319 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
320 struct hci_cp_sniff_mode cp;
321 cp.handle = cpu_to_le16(conn->handle);
322 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
323 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
324 cp.attempt = cpu_to_le16(4);
325 cp.timeout = cpu_to_le16(1);
326 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
327 }
328}
329
330static void hci_conn_idle(unsigned long arg)
331{
332 struct hci_conn *conn = (void *) arg;
333
334 BT_DBG("conn %p mode %d", conn, conn->mode);
335
336 hci_conn_enter_sniff_mode(conn);
337}
338
339static void hci_conn_auto_accept(unsigned long arg)
340{
341 struct hci_conn *conn = (void *) arg;
342 struct hci_dev *hdev = conn->hdev;
343
344 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
345 &conn->dst);
346}
347
348struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
349 __u16 pkt_type, bdaddr_t *dst)
350{
351 struct hci_conn *conn;
352
353 BT_DBG("%s dst %s", hdev->name, batostr(dst));
354
355 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
356 if (!conn)
357 return NULL;
358
359 bacpy(&conn->dst, dst);
360 conn->hdev = hdev;
361 conn->type = type;
362 conn->mode = HCI_CM_ACTIVE;
363 conn->state = BT_OPEN;
364 conn->auth_type = HCI_AT_GENERAL_BONDING;
365 conn->io_capability = hdev->io_capability;
366 conn->remote_auth = 0xff;
367 conn->key_type = 0xff;
368
369 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
370 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
371
372 switch (type) {
373 case ACL_LINK:
374 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
375 break;
376 case SCO_LINK:
377 if (!pkt_type)
378 pkt_type = SCO_ESCO_MASK;
379 case ESCO_LINK:
380 if (!pkt_type)
381 pkt_type = ALL_ESCO_MASK;
382 if (lmp_esco_capable(hdev)) {
383 /* HCI Setup Synchronous Connection Command uses
384 reverse logic on the EDR_ESCO_MASK bits */
385 conn->pkt_type = (pkt_type ^ EDR_ESCO_MASK) &
386 hdev->esco_type;
387 } else {
388 /* Legacy HCI Add Sco Connection Command uses a
389 shifted bitmask */
390 conn->pkt_type = (pkt_type << 5) & hdev->pkt_type &
391 SCO_PTYPE_MASK;
392 }
393 break;
394 }
395
396 skb_queue_head_init(&conn->data_q);
397
398 INIT_LIST_HEAD(&conn->chan_list);
399
400 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
401 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
402 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
403 (unsigned long) conn);
404
405 atomic_set(&conn->refcnt, 0);
406
407 hci_dev_hold(hdev);
408
409 hci_conn_hash_add(hdev, conn);
410 if (hdev->notify)
411 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
412
413 atomic_set(&conn->devref, 0);
414
415 hci_conn_init_sysfs(conn);
416
417 return conn;
418}
419
420int hci_conn_del(struct hci_conn *conn)
421{
422 struct hci_dev *hdev = conn->hdev;
423
424 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
425
426 del_timer(&conn->idle_timer);
427
428 cancel_delayed_work_sync(&conn->disc_work);
429
430 del_timer(&conn->auto_accept_timer);
431
432 if (conn->type == ACL_LINK) {
433 struct hci_conn *sco = conn->link;
434 if (sco)
435 sco->link = NULL;
436
437 /* Unacked frames */
438 hdev->acl_cnt += conn->sent;
439 } else if (conn->type == LE_LINK) {
440 if (hdev->le_pkts)
441 hdev->le_cnt += conn->sent;
442 else
443 hdev->acl_cnt += conn->sent;
444 } else {
445 struct hci_conn *acl = conn->link;
446 if (acl) {
447 acl->link = NULL;
448 hci_conn_put(acl);
449 }
450 }
451
452
453 hci_chan_list_flush(conn);
454
455 hci_conn_hash_del(hdev, conn);
456 if (hdev->notify)
457 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
458
459 skb_queue_purge(&conn->data_q);
460
461 hci_conn_put_device(conn);
462
463 hci_dev_put(hdev);
464
465 if (conn->handle == 0)
466 kfree(conn);
467
468 return 0;
469}
470
471struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
472{
473 int use_src = bacmp(src, BDADDR_ANY);
474 struct hci_dev *hdev = NULL, *d;
475
476 BT_DBG("%s -> %s", batostr(src), batostr(dst));
477
478 read_lock(&hci_dev_list_lock);
479
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
482 continue;
483
484 /* Simple routing:
485 * No source address - find interface with bdaddr != dst
486 * Source address - find interface with bdaddr == src
487 */
488
489 if (use_src) {
490 if (!bacmp(&d->bdaddr, src)) {
491 hdev = d; break;
492 }
493 } else {
494 if (bacmp(&d->bdaddr, dst)) {
495 hdev = d; break;
496 }
497 }
498 }
499
500 if (hdev)
501 hdev = hci_dev_hold(hdev);
502
503 read_unlock(&hci_dev_list_lock);
504 return hdev;
505}
506EXPORT_SYMBOL(hci_get_route);
507
508/* Create SCO, ACL or LE connection.
509 * Device _must_ be locked */
510struct hci_conn *hci_connect(struct hci_dev *hdev, int type,
511 __u16 pkt_type, bdaddr_t *dst,
512 __u8 sec_level, __u8 auth_type)
513{
514 struct hci_conn *acl;
515 struct hci_conn *sco;
516 struct hci_conn *le;
517
518 BT_DBG("%s dst %s", hdev->name, batostr(dst));
519
520 if (type == LE_LINK) {
521 struct adv_entry *entry;
522
523 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
524 if (le)
525 return ERR_PTR(-EBUSY);
526
527 entry = hci_find_adv_entry(hdev, dst);
528 if (!entry)
529 return ERR_PTR(-EHOSTUNREACH);
530
531 le = hci_conn_add(hdev, LE_LINK, 0, dst);
532 if (!le)
533 return ERR_PTR(-ENOMEM);
534
535 le->dst_type = entry->bdaddr_type;
536
537 hci_le_connect(le);
538
539 hci_conn_hold(le);
540
541 return le;
542 }
543
544 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
545 if (!acl) {
546 acl = hci_conn_add(hdev, ACL_LINK, 0, dst);
547 if (!acl)
548 return ERR_PTR(-ENOMEM);
549 }
550
551 hci_conn_hold(acl);
552
553 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
554 acl->sec_level = BT_SECURITY_LOW;
555 acl->pending_sec_level = sec_level;
556 acl->auth_type = auth_type;
557 hci_acl_connect(acl);
558 }
559
560 if (type == ACL_LINK)
561 return acl;
562
563 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
564 if (!sco) {
565 sco = hci_conn_add(hdev, type, pkt_type, dst);
566 if (!sco) {
567 hci_conn_put(acl);
568 return ERR_PTR(-ENOMEM);
569 }
570 }
571
572 acl->link = sco;
573 sco->link = acl;
574
575 hci_conn_hold(sco);
576
577 if (acl->state == BT_CONNECTED &&
578 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
579 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
580 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
581
582 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
583 /* defer SCO setup until mode change completed */
584 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
585 return sco;
586 }
587
588 hci_sco_setup(acl, 0x00);
589 }
590
591 return sco;
592}
593EXPORT_SYMBOL(hci_connect);
594
595/* Check link security requirement */
596int hci_conn_check_link_mode(struct hci_conn *conn)
597{
598 BT_DBG("conn %p", conn);
599
600 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
601 return 0;
602
603 return 1;
604}
605EXPORT_SYMBOL(hci_conn_check_link_mode);
606
607/* Authenticate remote device */
608static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
609{
610 BT_DBG("conn %p", conn);
611
612 if (conn->pending_sec_level > sec_level)
613 sec_level = conn->pending_sec_level;
614
615 if (sec_level > conn->sec_level)
616 conn->pending_sec_level = sec_level;
617 else if (conn->link_mode & HCI_LM_AUTH)
618 return 1;
619
620 /* Make sure we preserve an existing MITM requirement*/
621 auth_type |= (conn->auth_type & 0x01);
622
623 conn->auth_type = auth_type;
624
625 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
626 struct hci_cp_auth_requested cp;
627
628 /* encrypt must be pending if auth is also pending */
629 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
630
631 cp.handle = cpu_to_le16(conn->handle);
632 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
633 sizeof(cp), &cp);
634 if (conn->key_type != 0xff)
635 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
636 }
637
638 return 0;
639}
640
641/* Encrypt the the link */
642static void hci_conn_encrypt(struct hci_conn *conn)
643{
644 BT_DBG("conn %p", conn);
645
646 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
647 struct hci_cp_set_conn_encrypt cp;
648 cp.handle = cpu_to_le16(conn->handle);
649 cp.encrypt = 0x01;
650 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
651 &cp);
652 }
653}
654
655/* Enable security */
656int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
657{
658 BT_DBG("conn %p", conn);
659
660 if (conn->type == LE_LINK)
661 return smp_conn_security(conn, sec_level);
662
663 /* For sdp we don't need the link key. */
664 if (sec_level == BT_SECURITY_SDP)
665 return 1;
666
667 /* For non 2.1 devices and low security level we don't need the link
668 key. */
669 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
670 return 1;
671
672 /* For other security levels we need the link key. */
673 if (!(conn->link_mode & HCI_LM_AUTH))
674 goto auth;
675
676 /* An authenticated combination key has sufficient security for any
677 security level. */
678 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
679 goto encrypt;
680
681 /* An unauthenticated combination key has sufficient security for
682 security level 1 and 2. */
683 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
684 (sec_level == BT_SECURITY_MEDIUM ||
685 sec_level == BT_SECURITY_LOW))
686 goto encrypt;
687
688 /* A combination key has always sufficient security for the security
689 levels 1 or 2. High security level requires the combination key
690 is generated using maximum PIN code length (16).
691 For pre 2.1 units. */
692 if (conn->key_type == HCI_LK_COMBINATION &&
693 (sec_level != BT_SECURITY_HIGH ||
694 conn->pin_length == 16))
695 goto encrypt;
696
697auth:
698 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
699 return 0;
700
701 if (!hci_conn_auth(conn, sec_level, auth_type))
702 return 0;
703
704encrypt:
705 if (conn->link_mode & HCI_LM_ENCRYPT)
706 return 1;
707
708 hci_conn_encrypt(conn);
709 return 0;
710}
711EXPORT_SYMBOL(hci_conn_security);
712
713/* Check secure link requirement */
714int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
715{
716 BT_DBG("conn %p", conn);
717
718 if (sec_level != BT_SECURITY_HIGH)
719 return 1; /* Accept if non-secure is required */
720
721 if (conn->sec_level == BT_SECURITY_HIGH)
722 return 1;
723
724 return 0; /* Reject not secure link */
725}
726EXPORT_SYMBOL(hci_conn_check_secure);
727
728/* Change link key */
729int hci_conn_change_link_key(struct hci_conn *conn)
730{
731 BT_DBG("conn %p", conn);
732
733 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
734 struct hci_cp_change_conn_link_key cp;
735 cp.handle = cpu_to_le16(conn->handle);
736 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
737 sizeof(cp), &cp);
738 }
739
740 return 0;
741}
742EXPORT_SYMBOL(hci_conn_change_link_key);
743
744/* Switch role */
745int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
746{
747 BT_DBG("conn %p", conn);
748
749 if (!role && conn->link_mode & HCI_LM_MASTER)
750 return 1;
751
752 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
753 struct hci_cp_switch_role cp;
754 bacpy(&cp.bdaddr, &conn->dst);
755 cp.role = role;
756 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
757 }
758
759 return 0;
760}
761EXPORT_SYMBOL(hci_conn_switch_role);
762
763/* Enter active mode */
764void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
765{
766 struct hci_dev *hdev = conn->hdev;
767
768 BT_DBG("conn %p mode %d", conn, conn->mode);
769
770 if (test_bit(HCI_RAW, &hdev->flags))
771 return;
772
773 if (conn->mode != HCI_CM_SNIFF)
774 goto timer;
775
776 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
777 goto timer;
778
779 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
780 struct hci_cp_exit_sniff_mode cp;
781 cp.handle = cpu_to_le16(conn->handle);
782 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
783 }
784
785timer:
786 if (hdev->idle_timeout > 0)
787 mod_timer(&conn->idle_timer,
788 jiffies + msecs_to_jiffies(hdev->idle_timeout));
789}
790
791/* Drop all connection on the device */
792void hci_conn_hash_flush(struct hci_dev *hdev)
793{
794 struct hci_conn_hash *h = &hdev->conn_hash;
795 struct hci_conn *c, *n;
796
797 BT_DBG("hdev %s", hdev->name);
798
799 list_for_each_entry_safe(c, n, &h->list, list) {
800 c->state = BT_CLOSED;
801
802 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
803 hci_conn_del(c);
804 }
805}
806
807/* Check pending connect attempts */
808void hci_conn_check_pending(struct hci_dev *hdev)
809{
810 struct hci_conn *conn;
811
812 BT_DBG("hdev %s", hdev->name);
813
814 hci_dev_lock(hdev);
815
816 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
817 if (conn)
818 hci_acl_connect(conn);
819
820 hci_dev_unlock(hdev);
821}
822
823void hci_conn_hold_device(struct hci_conn *conn)
824{
825 atomic_inc(&conn->devref);
826}
827EXPORT_SYMBOL(hci_conn_hold_device);
828
829void hci_conn_put_device(struct hci_conn *conn)
830{
831 if (atomic_dec_and_test(&conn->devref))
832 hci_conn_del_sysfs(conn);
833}
834EXPORT_SYMBOL(hci_conn_put_device);
835
836int hci_get_conn_list(void __user *arg)
837{
838 register struct hci_conn *c;
839 struct hci_conn_list_req req, *cl;
840 struct hci_conn_info *ci;
841 struct hci_dev *hdev;
842 int n = 0, size, err;
843
844 if (copy_from_user(&req, arg, sizeof(req)))
845 return -EFAULT;
846
847 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
848 return -EINVAL;
849
850 size = sizeof(req) + req.conn_num * sizeof(*ci);
851
852 cl = kmalloc(size, GFP_KERNEL);
853 if (!cl)
854 return -ENOMEM;
855
856 hdev = hci_dev_get(req.dev_id);
857 if (!hdev) {
858 kfree(cl);
859 return -ENODEV;
860 }
861
862 ci = cl->conn_info;
863
864 hci_dev_lock(hdev);
865 list_for_each_entry(c, &hdev->conn_hash.list, list) {
866 bacpy(&(ci + n)->bdaddr, &c->dst);
867 (ci + n)->handle = c->handle;
868 (ci + n)->type = c->type;
869 (ci + n)->out = c->out;
870 (ci + n)->state = c->state;
871 (ci + n)->link_mode = c->link_mode;
872 if (c->type == SCO_LINK) {
873 (ci + n)->mtu = hdev->sco_mtu;
874 (ci + n)->cnt = hdev->sco_cnt;
875 (ci + n)->pkts = hdev->sco_pkts;
876 } else {
877 (ci + n)->mtu = hdev->acl_mtu;
878 (ci + n)->cnt = hdev->acl_cnt;
879 (ci + n)->pkts = hdev->acl_pkts;
880 }
881 if (++n >= req.conn_num)
882 break;
883 }
884 hci_dev_unlock(hdev);
885
886 cl->dev_id = hdev->id;
887 cl->conn_num = n;
888 size = sizeof(req) + n * sizeof(*ci);
889
890 hci_dev_put(hdev);
891
892 err = copy_to_user(arg, cl, size);
893 kfree(cl);
894
895 return err ? -EFAULT : 0;
896}
897
898int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
899{
900 struct hci_conn_info_req req;
901 struct hci_conn_info ci;
902 struct hci_conn *conn;
903 char __user *ptr = arg + sizeof(req);
904
905 if (copy_from_user(&req, arg, sizeof(req)))
906 return -EFAULT;
907
908 hci_dev_lock(hdev);
909 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
910 if (conn) {
911 bacpy(&ci.bdaddr, &conn->dst);
912 ci.handle = conn->handle;
913 ci.type = conn->type;
914 ci.out = conn->out;
915 ci.state = conn->state;
916 ci.link_mode = conn->link_mode;
917 if (req.type == SCO_LINK) {
918 ci.mtu = hdev->sco_mtu;
919 ci.cnt = hdev->sco_cnt;
920 ci.pkts = hdev->sco_pkts;
921 } else {
922 ci.mtu = hdev->acl_mtu;
923 ci.cnt = hdev->acl_cnt;
924 ci.pkts = hdev->acl_pkts;
925 }
926 }
927 hci_dev_unlock(hdev);
928
929 if (!conn)
930 return -ENOENT;
931
932 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
933}
934
935int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
936{
937 struct hci_auth_info_req req;
938 struct hci_conn *conn;
939
940 if (copy_from_user(&req, arg, sizeof(req)))
941 return -EFAULT;
942
943 hci_dev_lock(hdev);
944 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
945 if (conn)
946 req.type = conn->auth_type;
947 hci_dev_unlock(hdev);
948
949 if (!conn)
950 return -ENOENT;
951
952 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
953}
954
955struct hci_chan *hci_chan_create(struct hci_conn *conn)
956{
957 struct hci_dev *hdev = conn->hdev;
958 struct hci_chan *chan;
959
960 BT_DBG("%s conn %p", hdev->name, conn);
961
962 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
963 if (!chan)
964 return NULL;
965
966 chan->conn = conn;
967 skb_queue_head_init(&chan->data_q);
968
969 list_add_rcu(&chan->list, &conn->chan_list);
970
971 return chan;
972}
973
974int hci_chan_del(struct hci_chan *chan)
975{
976 struct hci_conn *conn = chan->conn;
977 struct hci_dev *hdev = conn->hdev;
978
979 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
980
981 list_del_rcu(&chan->list);
982
983 synchronize_rcu();
984
985 skb_queue_purge(&chan->data_q);
986 kfree(chan);
987
988 return 0;
989}
990
991void hci_chan_list_flush(struct hci_conn *conn)
992{
993 struct hci_chan *chan, *n;
994
995 BT_DBG("conn %p", conn);
996
997 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
998 hci_chan_del(chan);
999}