2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/a2mp.h>
32 #include <net/bluetooth/smp.h>
39 static const struct sco_param sco_param_cvsd
[] = {
40 { EDR_ESCO_MASK
& ~ESCO_2EV3
, 0x000a }, /* S3 */
41 { EDR_ESCO_MASK
& ~ESCO_2EV3
, 0x0007 }, /* S2 */
42 { EDR_ESCO_MASK
| ESCO_EV3
, 0x0007 }, /* S1 */
43 { EDR_ESCO_MASK
| ESCO_HV3
, 0xffff }, /* D1 */
44 { EDR_ESCO_MASK
| ESCO_HV1
, 0xffff }, /* D0 */
47 static const struct sco_param sco_param_wideband
[] = {
48 { EDR_ESCO_MASK
& ~ESCO_2EV3
, 0x000d }, /* T2 */
49 { EDR_ESCO_MASK
| ESCO_EV3
, 0x0008 }, /* T1 */
52 static void hci_le_create_connection(struct hci_conn
*conn
)
54 struct hci_dev
*hdev
= conn
->hdev
;
55 struct hci_cp_le_create_conn cp
;
57 conn
->state
= BT_CONNECT
;
59 conn
->link_mode
|= HCI_LM_MASTER
;
60 conn
->sec_level
= BT_SECURITY_LOW
;
62 memset(&cp
, 0, sizeof(cp
));
63 cp
.scan_interval
= __constant_cpu_to_le16(0x0060);
64 cp
.scan_window
= __constant_cpu_to_le16(0x0030);
65 bacpy(&cp
.peer_addr
, &conn
->dst
);
66 cp
.peer_addr_type
= conn
->dst_type
;
67 cp
.conn_interval_min
= __constant_cpu_to_le16(0x0028);
68 cp
.conn_interval_max
= __constant_cpu_to_le16(0x0038);
69 cp
.supervision_timeout
= __constant_cpu_to_le16(0x002a);
70 cp
.min_ce_len
= __constant_cpu_to_le16(0x0000);
71 cp
.max_ce_len
= __constant_cpu_to_le16(0x0000);
73 hci_send_cmd(hdev
, HCI_OP_LE_CREATE_CONN
, sizeof(cp
), &cp
);
76 static void hci_le_create_connection_cancel(struct hci_conn
*conn
)
78 hci_send_cmd(conn
->hdev
, HCI_OP_LE_CREATE_CONN_CANCEL
, 0, NULL
);
81 static void hci_acl_create_connection(struct hci_conn
*conn
)
83 struct hci_dev
*hdev
= conn
->hdev
;
84 struct inquiry_entry
*ie
;
85 struct hci_cp_create_conn cp
;
87 BT_DBG("hcon %p", conn
);
89 conn
->state
= BT_CONNECT
;
92 conn
->link_mode
= HCI_LM_MASTER
;
96 conn
->link_policy
= hdev
->link_policy
;
98 memset(&cp
, 0, sizeof(cp
));
99 bacpy(&cp
.bdaddr
, &conn
->dst
);
100 cp
.pscan_rep_mode
= 0x02;
102 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
104 if (inquiry_entry_age(ie
) <= INQUIRY_ENTRY_AGE_MAX
) {
105 cp
.pscan_rep_mode
= ie
->data
.pscan_rep_mode
;
106 cp
.pscan_mode
= ie
->data
.pscan_mode
;
107 cp
.clock_offset
= ie
->data
.clock_offset
|
108 __constant_cpu_to_le16(0x8000);
111 memcpy(conn
->dev_class
, ie
->data
.dev_class
, 3);
112 if (ie
->data
.ssp_mode
> 0)
113 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
116 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
117 if (lmp_rswitch_capable(hdev
) && !(hdev
->link_mode
& HCI_LM_MASTER
))
118 cp
.role_switch
= 0x01;
120 cp
.role_switch
= 0x00;
122 hci_send_cmd(hdev
, HCI_OP_CREATE_CONN
, sizeof(cp
), &cp
);
125 static void hci_acl_create_connection_cancel(struct hci_conn
*conn
)
127 struct hci_cp_create_conn_cancel cp
;
129 BT_DBG("hcon %p", conn
);
131 if (conn
->hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
134 bacpy(&cp
.bdaddr
, &conn
->dst
);
135 hci_send_cmd(conn
->hdev
, HCI_OP_CREATE_CONN_CANCEL
, sizeof(cp
), &cp
);
138 static void hci_reject_sco(struct hci_conn
*conn
)
140 struct hci_cp_reject_sync_conn_req cp
;
142 cp
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
143 bacpy(&cp
.bdaddr
, &conn
->dst
);
145 hci_send_cmd(conn
->hdev
, HCI_OP_REJECT_SYNC_CONN_REQ
, sizeof(cp
), &cp
);
148 void hci_disconnect(struct hci_conn
*conn
, __u8 reason
)
150 struct hci_cp_disconnect cp
;
152 BT_DBG("hcon %p", conn
);
154 conn
->state
= BT_DISCONN
;
156 cp
.handle
= cpu_to_le16(conn
->handle
);
158 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONNECT
, sizeof(cp
), &cp
);
161 static void hci_amp_disconn(struct hci_conn
*conn
, __u8 reason
)
163 struct hci_cp_disconn_phy_link cp
;
165 BT_DBG("hcon %p", conn
);
167 conn
->state
= BT_DISCONN
;
169 cp
.phy_handle
= HCI_PHY_HANDLE(conn
->handle
);
171 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONN_PHY_LINK
,
175 static void hci_add_sco(struct hci_conn
*conn
, __u16 handle
)
177 struct hci_dev
*hdev
= conn
->hdev
;
178 struct hci_cp_add_sco cp
;
180 BT_DBG("hcon %p", conn
);
182 conn
->state
= BT_CONNECT
;
187 cp
.handle
= cpu_to_le16(handle
);
188 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
190 hci_send_cmd(hdev
, HCI_OP_ADD_SCO
, sizeof(cp
), &cp
);
193 bool hci_setup_sync(struct hci_conn
*conn
, __u16 handle
)
195 struct hci_dev
*hdev
= conn
->hdev
;
196 struct hci_cp_setup_sync_conn cp
;
197 const struct sco_param
*param
;
199 BT_DBG("hcon %p", conn
);
201 conn
->state
= BT_CONNECT
;
206 cp
.handle
= cpu_to_le16(handle
);
208 cp
.tx_bandwidth
= __constant_cpu_to_le32(0x00001f40);
209 cp
.rx_bandwidth
= __constant_cpu_to_le32(0x00001f40);
210 cp
.voice_setting
= cpu_to_le16(conn
->setting
);
212 switch (conn
->setting
& SCO_AIRMODE_MASK
) {
213 case SCO_AIRMODE_TRANSP
:
214 if (conn
->attempt
> ARRAY_SIZE(sco_param_wideband
))
216 cp
.retrans_effort
= 0x02;
217 param
= &sco_param_wideband
[conn
->attempt
- 1];
219 case SCO_AIRMODE_CVSD
:
220 if (conn
->attempt
> ARRAY_SIZE(sco_param_cvsd
))
222 cp
.retrans_effort
= 0x01;
223 param
= &sco_param_cvsd
[conn
->attempt
- 1];
229 cp
.pkt_type
= __cpu_to_le16(param
->pkt_type
);
230 cp
.max_latency
= __cpu_to_le16(param
->max_latency
);
232 if (hci_send_cmd(hdev
, HCI_OP_SETUP_SYNC_CONN
, sizeof(cp
), &cp
) < 0)
238 void hci_le_conn_update(struct hci_conn
*conn
, u16 min
, u16 max
,
239 u16 latency
, u16 to_multiplier
)
241 struct hci_cp_le_conn_update cp
;
242 struct hci_dev
*hdev
= conn
->hdev
;
244 memset(&cp
, 0, sizeof(cp
));
246 cp
.handle
= cpu_to_le16(conn
->handle
);
247 cp
.conn_interval_min
= cpu_to_le16(min
);
248 cp
.conn_interval_max
= cpu_to_le16(max
);
249 cp
.conn_latency
= cpu_to_le16(latency
);
250 cp
.supervision_timeout
= cpu_to_le16(to_multiplier
);
251 cp
.min_ce_len
= __constant_cpu_to_le16(0x0001);
252 cp
.max_ce_len
= __constant_cpu_to_le16(0x0001);
254 hci_send_cmd(hdev
, HCI_OP_LE_CONN_UPDATE
, sizeof(cp
), &cp
);
257 void hci_le_start_enc(struct hci_conn
*conn
, __le16 ediv
, __u8 rand
[8],
260 struct hci_dev
*hdev
= conn
->hdev
;
261 struct hci_cp_le_start_enc cp
;
263 BT_DBG("hcon %p", conn
);
265 memset(&cp
, 0, sizeof(cp
));
267 cp
.handle
= cpu_to_le16(conn
->handle
);
268 memcpy(cp
.ltk
, ltk
, sizeof(cp
.ltk
));
270 memcpy(cp
.rand
, rand
, sizeof(cp
.rand
));
272 hci_send_cmd(hdev
, HCI_OP_LE_START_ENC
, sizeof(cp
), &cp
);
275 /* Device _must_ be locked */
276 void hci_sco_setup(struct hci_conn
*conn
, __u8 status
)
278 struct hci_conn
*sco
= conn
->link
;
283 BT_DBG("hcon %p", conn
);
286 if (lmp_esco_capable(conn
->hdev
))
287 hci_setup_sync(sco
, conn
->handle
);
289 hci_add_sco(sco
, conn
->handle
);
291 hci_proto_connect_cfm(sco
, status
);
296 static void hci_conn_disconnect(struct hci_conn
*conn
)
298 __u8 reason
= hci_proto_disconn_ind(conn
);
300 switch (conn
->type
) {
302 hci_amp_disconn(conn
, reason
);
305 hci_disconnect(conn
, reason
);
310 static void hci_conn_timeout(struct work_struct
*work
)
312 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
315 BT_DBG("hcon %p state %s", conn
, state_to_string(conn
->state
));
317 if (atomic_read(&conn
->refcnt
))
320 switch (conn
->state
) {
324 if (conn
->type
== ACL_LINK
)
325 hci_acl_create_connection_cancel(conn
);
326 else if (conn
->type
== LE_LINK
)
327 hci_le_create_connection_cancel(conn
);
328 } else if (conn
->type
== SCO_LINK
|| conn
->type
== ESCO_LINK
) {
329 hci_reject_sco(conn
);
334 hci_conn_disconnect(conn
);
337 conn
->state
= BT_CLOSED
;
342 /* Enter sniff mode */
343 static void hci_conn_enter_sniff_mode(struct hci_conn
*conn
)
345 struct hci_dev
*hdev
= conn
->hdev
;
347 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
349 if (test_bit(HCI_RAW
, &hdev
->flags
))
352 if (!lmp_sniff_capable(hdev
) || !lmp_sniff_capable(conn
))
355 if (conn
->mode
!= HCI_CM_ACTIVE
|| !(conn
->link_policy
& HCI_LP_SNIFF
))
358 if (lmp_sniffsubr_capable(hdev
) && lmp_sniffsubr_capable(conn
)) {
359 struct hci_cp_sniff_subrate cp
;
360 cp
.handle
= cpu_to_le16(conn
->handle
);
361 cp
.max_latency
= __constant_cpu_to_le16(0);
362 cp
.min_remote_timeout
= __constant_cpu_to_le16(0);
363 cp
.min_local_timeout
= __constant_cpu_to_le16(0);
364 hci_send_cmd(hdev
, HCI_OP_SNIFF_SUBRATE
, sizeof(cp
), &cp
);
367 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
368 struct hci_cp_sniff_mode cp
;
369 cp
.handle
= cpu_to_le16(conn
->handle
);
370 cp
.max_interval
= cpu_to_le16(hdev
->sniff_max_interval
);
371 cp
.min_interval
= cpu_to_le16(hdev
->sniff_min_interval
);
372 cp
.attempt
= __constant_cpu_to_le16(4);
373 cp
.timeout
= __constant_cpu_to_le16(1);
374 hci_send_cmd(hdev
, HCI_OP_SNIFF_MODE
, sizeof(cp
), &cp
);
378 static void hci_conn_idle(unsigned long arg
)
380 struct hci_conn
*conn
= (void *) arg
;
382 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
384 hci_conn_enter_sniff_mode(conn
);
387 static void hci_conn_auto_accept(unsigned long arg
)
389 struct hci_conn
*conn
= (void *) arg
;
390 struct hci_dev
*hdev
= conn
->hdev
;
392 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
, sizeof(conn
->dst
),
396 struct hci_conn
*hci_conn_add(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
)
398 struct hci_conn
*conn
;
400 BT_DBG("%s dst %pMR", hdev
->name
, dst
);
402 conn
= kzalloc(sizeof(struct hci_conn
), GFP_KERNEL
);
406 bacpy(&conn
->dst
, dst
);
409 conn
->mode
= HCI_CM_ACTIVE
;
410 conn
->state
= BT_OPEN
;
411 conn
->auth_type
= HCI_AT_GENERAL_BONDING
;
412 conn
->io_capability
= hdev
->io_capability
;
413 conn
->remote_auth
= 0xff;
414 conn
->key_type
= 0xff;
416 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
417 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
421 conn
->pkt_type
= hdev
->pkt_type
& ACL_PTYPE_MASK
;
424 if (lmp_esco_capable(hdev
))
425 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
426 (hdev
->esco_type
& EDR_ESCO_MASK
);
428 conn
->pkt_type
= hdev
->pkt_type
& SCO_PTYPE_MASK
;
431 conn
->pkt_type
= hdev
->esco_type
& ~EDR_ESCO_MASK
;
435 skb_queue_head_init(&conn
->data_q
);
437 INIT_LIST_HEAD(&conn
->chan_list
);
439 INIT_DELAYED_WORK(&conn
->disc_work
, hci_conn_timeout
);
440 setup_timer(&conn
->idle_timer
, hci_conn_idle
, (unsigned long)conn
);
441 setup_timer(&conn
->auto_accept_timer
, hci_conn_auto_accept
,
442 (unsigned long) conn
);
444 atomic_set(&conn
->refcnt
, 0);
448 hci_conn_hash_add(hdev
, conn
);
450 hdev
->notify(hdev
, HCI_NOTIFY_CONN_ADD
);
452 hci_conn_init_sysfs(conn
);
457 int hci_conn_del(struct hci_conn
*conn
)
459 struct hci_dev
*hdev
= conn
->hdev
;
461 BT_DBG("%s hcon %p handle %d", hdev
->name
, conn
, conn
->handle
);
463 del_timer(&conn
->idle_timer
);
465 cancel_delayed_work_sync(&conn
->disc_work
);
467 del_timer(&conn
->auto_accept_timer
);
469 if (conn
->type
== ACL_LINK
) {
470 struct hci_conn
*sco
= conn
->link
;
475 hdev
->acl_cnt
+= conn
->sent
;
476 } else if (conn
->type
== LE_LINK
) {
478 hdev
->le_cnt
+= conn
->sent
;
480 hdev
->acl_cnt
+= conn
->sent
;
482 struct hci_conn
*acl
= conn
->link
;
489 hci_chan_list_flush(conn
);
492 amp_mgr_put(conn
->amp_mgr
);
494 hci_conn_hash_del(hdev
, conn
);
496 hdev
->notify(hdev
, HCI_NOTIFY_CONN_DEL
);
498 skb_queue_purge(&conn
->data_q
);
500 hci_conn_del_sysfs(conn
);
509 struct hci_dev
*hci_get_route(bdaddr_t
*dst
, bdaddr_t
*src
)
511 int use_src
= bacmp(src
, BDADDR_ANY
);
512 struct hci_dev
*hdev
= NULL
, *d
;
514 BT_DBG("%pMR -> %pMR", src
, dst
);
516 read_lock(&hci_dev_list_lock
);
518 list_for_each_entry(d
, &hci_dev_list
, list
) {
519 if (!test_bit(HCI_UP
, &d
->flags
) ||
520 test_bit(HCI_RAW
, &d
->flags
) ||
521 d
->dev_type
!= HCI_BREDR
)
525 * No source address - find interface with bdaddr != dst
526 * Source address - find interface with bdaddr == src
530 if (!bacmp(&d
->bdaddr
, src
)) {
534 if (bacmp(&d
->bdaddr
, dst
)) {
541 hdev
= hci_dev_hold(hdev
);
543 read_unlock(&hci_dev_list_lock
);
546 EXPORT_SYMBOL(hci_get_route
);
548 static struct hci_conn
*hci_connect_le(struct hci_dev
*hdev
, bdaddr_t
*dst
,
549 u8 dst_type
, u8 sec_level
, u8 auth_type
)
553 if (test_bit(HCI_LE_PERIPHERAL
, &hdev
->flags
))
554 return ERR_PTR(-ENOTSUPP
);
556 le
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, dst
);
558 le
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
560 return ERR_PTR(-EBUSY
);
562 le
= hci_conn_add(hdev
, LE_LINK
, dst
);
564 return ERR_PTR(-ENOMEM
);
566 le
->dst_type
= bdaddr_to_le(dst_type
);
567 hci_le_create_connection(le
);
570 le
->pending_sec_level
= sec_level
;
571 le
->auth_type
= auth_type
;
578 static struct hci_conn
*hci_connect_acl(struct hci_dev
*hdev
, bdaddr_t
*dst
,
579 u8 sec_level
, u8 auth_type
)
581 struct hci_conn
*acl
;
583 acl
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, dst
);
585 acl
= hci_conn_add(hdev
, ACL_LINK
, dst
);
587 return ERR_PTR(-ENOMEM
);
592 if (acl
->state
== BT_OPEN
|| acl
->state
== BT_CLOSED
) {
593 acl
->sec_level
= BT_SECURITY_LOW
;
594 acl
->pending_sec_level
= sec_level
;
595 acl
->auth_type
= auth_type
;
596 hci_acl_create_connection(acl
);
602 struct hci_conn
*hci_connect_sco(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
,
605 struct hci_conn
*acl
;
606 struct hci_conn
*sco
;
608 acl
= hci_connect_acl(hdev
, dst
, BT_SECURITY_LOW
, HCI_AT_NO_BONDING
);
612 sco
= hci_conn_hash_lookup_ba(hdev
, type
, dst
);
614 sco
= hci_conn_add(hdev
, type
, dst
);
617 return ERR_PTR(-ENOMEM
);
626 sco
->setting
= setting
;
628 if (acl
->state
== BT_CONNECTED
&&
629 (sco
->state
== BT_OPEN
|| sco
->state
== BT_CLOSED
)) {
630 set_bit(HCI_CONN_POWER_SAVE
, &acl
->flags
);
631 hci_conn_enter_active_mode(acl
, BT_POWER_FORCE_ACTIVE_ON
);
633 if (test_bit(HCI_CONN_MODE_CHANGE_PEND
, &acl
->flags
)) {
634 /* defer SCO setup until mode change completed */
635 set_bit(HCI_CONN_SCO_SETUP_PEND
, &acl
->flags
);
639 hci_sco_setup(acl
, 0x00);
645 /* Create SCO, ACL or LE connection. */
646 struct hci_conn
*hci_connect(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
,
647 __u8 dst_type
, __u8 sec_level
, __u8 auth_type
)
649 BT_DBG("%s dst %pMR type 0x%x", hdev
->name
, dst
, type
);
653 return hci_connect_le(hdev
, dst
, dst_type
, sec_level
, auth_type
);
655 return hci_connect_acl(hdev
, dst
, sec_level
, auth_type
);
658 return ERR_PTR(-EINVAL
);
661 /* Check link security requirement */
662 int hci_conn_check_link_mode(struct hci_conn
*conn
)
664 BT_DBG("hcon %p", conn
);
666 if (hci_conn_ssp_enabled(conn
) && !(conn
->link_mode
& HCI_LM_ENCRYPT
))
672 /* Authenticate remote device */
673 static int hci_conn_auth(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
675 BT_DBG("hcon %p", conn
);
677 if (conn
->pending_sec_level
> sec_level
)
678 sec_level
= conn
->pending_sec_level
;
680 if (sec_level
> conn
->sec_level
)
681 conn
->pending_sec_level
= sec_level
;
682 else if (conn
->link_mode
& HCI_LM_AUTH
)
685 /* Make sure we preserve an existing MITM requirement*/
686 auth_type
|= (conn
->auth_type
& 0x01);
688 conn
->auth_type
= auth_type
;
690 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
691 struct hci_cp_auth_requested cp
;
693 /* encrypt must be pending if auth is also pending */
694 set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
696 cp
.handle
= cpu_to_le16(conn
->handle
);
697 hci_send_cmd(conn
->hdev
, HCI_OP_AUTH_REQUESTED
,
699 if (conn
->key_type
!= 0xff)
700 set_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
706 /* Encrypt the the link */
707 static void hci_conn_encrypt(struct hci_conn
*conn
)
709 BT_DBG("hcon %p", conn
);
711 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
712 struct hci_cp_set_conn_encrypt cp
;
713 cp
.handle
= cpu_to_le16(conn
->handle
);
715 hci_send_cmd(conn
->hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
720 /* Enable security */
721 int hci_conn_security(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
723 BT_DBG("hcon %p", conn
);
725 if (conn
->type
== LE_LINK
)
726 return smp_conn_security(conn
, sec_level
);
728 /* For sdp we don't need the link key. */
729 if (sec_level
== BT_SECURITY_SDP
)
732 /* For non 2.1 devices and low security level we don't need the link
734 if (sec_level
== BT_SECURITY_LOW
&& !hci_conn_ssp_enabled(conn
))
737 /* For other security levels we need the link key. */
738 if (!(conn
->link_mode
& HCI_LM_AUTH
))
741 /* An authenticated combination key has sufficient security for any
743 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION
)
746 /* An unauthenticated combination key has sufficient security for
747 security level 1 and 2. */
748 if (conn
->key_type
== HCI_LK_UNAUTH_COMBINATION
&&
749 (sec_level
== BT_SECURITY_MEDIUM
|| sec_level
== BT_SECURITY_LOW
))
752 /* A combination key has always sufficient security for the security
753 levels 1 or 2. High security level requires the combination key
754 is generated using maximum PIN code length (16).
755 For pre 2.1 units. */
756 if (conn
->key_type
== HCI_LK_COMBINATION
&&
757 (sec_level
!= BT_SECURITY_HIGH
|| conn
->pin_length
== 16))
761 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
))
764 if (!hci_conn_auth(conn
, sec_level
, auth_type
))
768 if (conn
->link_mode
& HCI_LM_ENCRYPT
)
771 hci_conn_encrypt(conn
);
774 EXPORT_SYMBOL(hci_conn_security
);
776 /* Check secure link requirement */
777 int hci_conn_check_secure(struct hci_conn
*conn
, __u8 sec_level
)
779 BT_DBG("hcon %p", conn
);
781 if (sec_level
!= BT_SECURITY_HIGH
)
782 return 1; /* Accept if non-secure is required */
784 if (conn
->sec_level
== BT_SECURITY_HIGH
)
787 return 0; /* Reject not secure link */
789 EXPORT_SYMBOL(hci_conn_check_secure
);
791 /* Change link key */
792 int hci_conn_change_link_key(struct hci_conn
*conn
)
794 BT_DBG("hcon %p", conn
);
796 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
797 struct hci_cp_change_conn_link_key cp
;
798 cp
.handle
= cpu_to_le16(conn
->handle
);
799 hci_send_cmd(conn
->hdev
, HCI_OP_CHANGE_CONN_LINK_KEY
,
807 int hci_conn_switch_role(struct hci_conn
*conn
, __u8 role
)
809 BT_DBG("hcon %p", conn
);
811 if (!role
&& conn
->link_mode
& HCI_LM_MASTER
)
814 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
)) {
815 struct hci_cp_switch_role cp
;
816 bacpy(&cp
.bdaddr
, &conn
->dst
);
818 hci_send_cmd(conn
->hdev
, HCI_OP_SWITCH_ROLE
, sizeof(cp
), &cp
);
823 EXPORT_SYMBOL(hci_conn_switch_role
);
825 /* Enter active mode */
826 void hci_conn_enter_active_mode(struct hci_conn
*conn
, __u8 force_active
)
828 struct hci_dev
*hdev
= conn
->hdev
;
830 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
832 if (test_bit(HCI_RAW
, &hdev
->flags
))
835 if (conn
->mode
!= HCI_CM_SNIFF
)
838 if (!test_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
) && !force_active
)
841 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
842 struct hci_cp_exit_sniff_mode cp
;
843 cp
.handle
= cpu_to_le16(conn
->handle
);
844 hci_send_cmd(hdev
, HCI_OP_EXIT_SNIFF_MODE
, sizeof(cp
), &cp
);
848 if (hdev
->idle_timeout
> 0)
849 mod_timer(&conn
->idle_timer
,
850 jiffies
+ msecs_to_jiffies(hdev
->idle_timeout
));
853 /* Drop all connection on the device */
854 void hci_conn_hash_flush(struct hci_dev
*hdev
)
856 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
857 struct hci_conn
*c
, *n
;
859 BT_DBG("hdev %s", hdev
->name
);
861 list_for_each_entry_safe(c
, n
, &h
->list
, list
) {
862 c
->state
= BT_CLOSED
;
864 hci_proto_disconn_cfm(c
, HCI_ERROR_LOCAL_HOST_TERM
);
869 /* Check pending connect attempts */
870 void hci_conn_check_pending(struct hci_dev
*hdev
)
872 struct hci_conn
*conn
;
874 BT_DBG("hdev %s", hdev
->name
);
878 conn
= hci_conn_hash_lookup_state(hdev
, ACL_LINK
, BT_CONNECT2
);
880 hci_acl_create_connection(conn
);
882 hci_dev_unlock(hdev
);
885 int hci_get_conn_list(void __user
*arg
)
888 struct hci_conn_list_req req
, *cl
;
889 struct hci_conn_info
*ci
;
890 struct hci_dev
*hdev
;
891 int n
= 0, size
, err
;
893 if (copy_from_user(&req
, arg
, sizeof(req
)))
896 if (!req
.conn_num
|| req
.conn_num
> (PAGE_SIZE
* 2) / sizeof(*ci
))
899 size
= sizeof(req
) + req
.conn_num
* sizeof(*ci
);
901 cl
= kmalloc(size
, GFP_KERNEL
);
905 hdev
= hci_dev_get(req
.dev_id
);
914 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
915 bacpy(&(ci
+ n
)->bdaddr
, &c
->dst
);
916 (ci
+ n
)->handle
= c
->handle
;
917 (ci
+ n
)->type
= c
->type
;
918 (ci
+ n
)->out
= c
->out
;
919 (ci
+ n
)->state
= c
->state
;
920 (ci
+ n
)->link_mode
= c
->link_mode
;
921 if (++n
>= req
.conn_num
)
924 hci_dev_unlock(hdev
);
926 cl
->dev_id
= hdev
->id
;
928 size
= sizeof(req
) + n
* sizeof(*ci
);
932 err
= copy_to_user(arg
, cl
, size
);
935 return err
? -EFAULT
: 0;
938 int hci_get_conn_info(struct hci_dev
*hdev
, void __user
*arg
)
940 struct hci_conn_info_req req
;
941 struct hci_conn_info ci
;
942 struct hci_conn
*conn
;
943 char __user
*ptr
= arg
+ sizeof(req
);
945 if (copy_from_user(&req
, arg
, sizeof(req
)))
949 conn
= hci_conn_hash_lookup_ba(hdev
, req
.type
, &req
.bdaddr
);
951 bacpy(&ci
.bdaddr
, &conn
->dst
);
952 ci
.handle
= conn
->handle
;
953 ci
.type
= conn
->type
;
955 ci
.state
= conn
->state
;
956 ci
.link_mode
= conn
->link_mode
;
958 hci_dev_unlock(hdev
);
963 return copy_to_user(ptr
, &ci
, sizeof(ci
)) ? -EFAULT
: 0;
966 int hci_get_auth_info(struct hci_dev
*hdev
, void __user
*arg
)
968 struct hci_auth_info_req req
;
969 struct hci_conn
*conn
;
971 if (copy_from_user(&req
, arg
, sizeof(req
)))
975 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &req
.bdaddr
);
977 req
.type
= conn
->auth_type
;
978 hci_dev_unlock(hdev
);
983 return copy_to_user(arg
, &req
, sizeof(req
)) ? -EFAULT
: 0;
986 struct hci_chan
*hci_chan_create(struct hci_conn
*conn
)
988 struct hci_dev
*hdev
= conn
->hdev
;
989 struct hci_chan
*chan
;
991 BT_DBG("%s hcon %p", hdev
->name
, conn
);
993 chan
= kzalloc(sizeof(struct hci_chan
), GFP_KERNEL
);
998 skb_queue_head_init(&chan
->data_q
);
999 chan
->state
= BT_CONNECTED
;
1001 list_add_rcu(&chan
->list
, &conn
->chan_list
);
1006 void hci_chan_del(struct hci_chan
*chan
)
1008 struct hci_conn
*conn
= chan
->conn
;
1009 struct hci_dev
*hdev
= conn
->hdev
;
1011 BT_DBG("%s hcon %p chan %p", hdev
->name
, conn
, chan
);
1013 list_del_rcu(&chan
->list
);
1017 hci_conn_drop(conn
);
1019 skb_queue_purge(&chan
->data_q
);
1023 void hci_chan_list_flush(struct hci_conn
*conn
)
1025 struct hci_chan
*chan
, *n
;
1027 BT_DBG("hcon %p", conn
);
1029 list_for_each_entry_safe(chan
, n
, &conn
->chan_list
, list
)
1033 static struct hci_chan
*__hci_chan_lookup_handle(struct hci_conn
*hcon
,
1036 struct hci_chan
*hchan
;
1038 list_for_each_entry(hchan
, &hcon
->chan_list
, list
) {
1039 if (hchan
->handle
== handle
)
1046 struct hci_chan
*hci_chan_lookup_handle(struct hci_dev
*hdev
, __u16 handle
)
1048 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
1049 struct hci_conn
*hcon
;
1050 struct hci_chan
*hchan
= NULL
;
1054 list_for_each_entry_rcu(hcon
, &h
->list
, list
) {
1055 hchan
= __hci_chan_lookup_handle(hcon
, handle
);