search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
llist: fix/simplify llist_add() and llist_add_batch()
[linux-2.6.git] / net / bluetooth / hci_conn.c
blob6c7f3637972254c9bbbe0b5a9c6f007ba1ec41e2
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/export.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/a2mp.h>
32 #include <net/bluetooth/smp.h>
33
34 static void hci_le_create_connection(struct hci_conn *conn)
35 {
36 struct hci_dev *hdev = conn->hdev;
37 struct hci_cp_le_create_conn cp;
38
39 conn->state = BT_CONNECT;
40 conn->out = true;
41 conn->link_mode |= HCI_LM_MASTER;
42 conn->sec_level = BT_SECURITY_LOW;
43
44 memset(&cp, 0, sizeof(cp));
45 cp.scan_interval = __constant_cpu_to_le16(0x0060);
46 cp.scan_window = __constant_cpu_to_le16(0x0030);
47 bacpy(&cp.peer_addr, &conn->dst);
48 cp.peer_addr_type = conn->dst_type;
49 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
50 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
51 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
52 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
53 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
54
55 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
56 }
57
58 static void hci_le_create_connection_cancel(struct hci_conn *conn)
59 {
60 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
61 }
62
63 static void hci_acl_create_connection(struct hci_conn *conn)
64 {
65 struct hci_dev *hdev = conn->hdev;
66 struct inquiry_entry *ie;
67 struct hci_cp_create_conn cp;
68
69 BT_DBG("hcon %p", conn);
70
71 conn->state = BT_CONNECT;
72 conn->out = true;
73
74 conn->link_mode = HCI_LM_MASTER;
75
76 conn->attempt++;
77
78 conn->link_policy = hdev->link_policy;
79
80 memset(&cp, 0, sizeof(cp));
81 bacpy(&cp.bdaddr, &conn->dst);
82 cp.pscan_rep_mode = 0x02;
83
84 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
85 if (ie) {
86 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
87 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
88 cp.pscan_mode = ie->data.pscan_mode;
89 cp.clock_offset = ie->data.clock_offset |
90 __constant_cpu_to_le16(0x8000);
91 }
92
93 memcpy(conn->dev_class, ie->data.dev_class, 3);
94 if (ie->data.ssp_mode > 0)
95 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
96 }
97
98 cp.pkt_type = cpu_to_le16(conn->pkt_type);
99 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
100 cp.role_switch = 0x01;
101 else
102 cp.role_switch = 0x00;
103
104 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
105 }
106
107 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
108 {
109 struct hci_cp_create_conn_cancel cp;
110
111 BT_DBG("hcon %p", conn);
112
113 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
114 return;
115
116 bacpy(&cp.bdaddr, &conn->dst);
117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118 }
119
120 static void hci_reject_sco(struct hci_conn *conn)
121 {
122 struct hci_cp_reject_sync_conn_req cp;
123
124 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
125 bacpy(&cp.bdaddr, &conn->dst);
126
127 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
128 }
129
130 void hci_disconnect(struct hci_conn *conn, __u8 reason)
131 {
132 struct hci_cp_disconnect cp;
133
134 BT_DBG("hcon %p", conn);
135
136 conn->state = BT_DISCONN;
137
138 cp.handle = cpu_to_le16(conn->handle);
139 cp.reason = reason;
140 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
141 }
142
143 static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
144 {
145 struct hci_cp_disconn_phy_link cp;
146
147 BT_DBG("hcon %p", conn);
148
149 conn->state = BT_DISCONN;
150
151 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
152 cp.reason = reason;
153 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
154 sizeof(cp), &cp);
155 }
156
157 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
158 {
159 struct hci_dev *hdev = conn->hdev;
160 struct hci_cp_add_sco cp;
161
162 BT_DBG("hcon %p", conn);
163
164 conn->state = BT_CONNECT;
165 conn->out = true;
166
167 conn->attempt++;
168
169 cp.handle = cpu_to_le16(handle);
170 cp.pkt_type = cpu_to_le16(conn->pkt_type);
171
172 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
173 }
174
175 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
176 {
177 struct hci_dev *hdev = conn->hdev;
178 struct hci_cp_setup_sync_conn cp;
179
180 BT_DBG("hcon %p", conn);
181
182 conn->state = BT_CONNECT;
183 conn->out = true;
184
185 conn->attempt++;
186
187 cp.handle = cpu_to_le16(handle);
188 cp.pkt_type = cpu_to_le16(conn->pkt_type);
189
190 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
191 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
192 cp.max_latency = __constant_cpu_to_le16(0xffff);
193 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
194 cp.retrans_effort = 0xff;
195
196 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
197 }
198
199 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
200 u16 latency, u16 to_multiplier)
201 {
202 struct hci_cp_le_conn_update cp;
203 struct hci_dev *hdev = conn->hdev;
204
205 memset(&cp, 0, sizeof(cp));
206
207 cp.handle = cpu_to_le16(conn->handle);
208 cp.conn_interval_min = cpu_to_le16(min);
209 cp.conn_interval_max = cpu_to_le16(max);
210 cp.conn_latency = cpu_to_le16(latency);
211 cp.supervision_timeout = cpu_to_le16(to_multiplier);
212 cp.min_ce_len = __constant_cpu_to_le16(0x0001);
213 cp.max_ce_len = __constant_cpu_to_le16(0x0001);
214
215 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
216 }
217
218 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
219 __u8 ltk[16])
220 {
221 struct hci_dev *hdev = conn->hdev;
222 struct hci_cp_le_start_enc cp;
223
224 BT_DBG("hcon %p", conn);
225
226 memset(&cp, 0, sizeof(cp));
227
228 cp.handle = cpu_to_le16(conn->handle);
229 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
230 cp.ediv = ediv;
231 memcpy(cp.rand, rand, sizeof(cp.rand));
232
233 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
234 }
235
236 /* Device _must_ be locked */
237 void hci_sco_setup(struct hci_conn *conn, __u8 status)
238 {
239 struct hci_conn *sco = conn->link;
240
241 if (!sco)
242 return;
243
244 BT_DBG("hcon %p", conn);
245
246 if (!status) {
247 if (lmp_esco_capable(conn->hdev))
248 hci_setup_sync(sco, conn->handle);
249 else
250 hci_add_sco(sco, conn->handle);
251 } else {
252 hci_proto_connect_cfm(sco, status);
253 hci_conn_del(sco);
254 }
255 }
256
257 static void hci_conn_disconnect(struct hci_conn *conn)
258 {
259 __u8 reason = hci_proto_disconn_ind(conn);
260
261 switch (conn->type) {
262 case AMP_LINK:
263 hci_amp_disconn(conn, reason);
264 break;
265 default:
266 hci_disconnect(conn, reason);
267 break;
268 }
269 }
270
271 static void hci_conn_timeout(struct work_struct *work)
272 {
273 struct hci_conn *conn = container_of(work, struct hci_conn,
274 disc_work.work);
275
276 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
277
278 if (atomic_read(&conn->refcnt))
279 return;
280
281 switch (conn->state) {
282 case BT_CONNECT:
283 case BT_CONNECT2:
284 if (conn->out) {
285 if (conn->type == ACL_LINK)
286 hci_acl_create_connection_cancel(conn);
287 else if (conn->type == LE_LINK)
288 hci_le_create_connection_cancel(conn);
289 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
290 hci_reject_sco(conn);
291 }
292 break;
293 case BT_CONFIG:
294 case BT_CONNECTED:
295 hci_conn_disconnect(conn);
296 break;
297 default:
298 conn->state = BT_CLOSED;
299 break;
300 }
301 }
302
303 /* Enter sniff mode */
304 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
305 {
306 struct hci_dev *hdev = conn->hdev;
307
308 BT_DBG("hcon %p mode %d", conn, conn->mode);
309
310 if (test_bit(HCI_RAW, &hdev->flags))
311 return;
312
313 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
314 return;
315
316 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
317 return;
318
319 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
320 struct hci_cp_sniff_subrate cp;
321 cp.handle = cpu_to_le16(conn->handle);
322 cp.max_latency = __constant_cpu_to_le16(0);
323 cp.min_remote_timeout = __constant_cpu_to_le16(0);
324 cp.min_local_timeout = __constant_cpu_to_le16(0);
325 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
326 }
327
328 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
329 struct hci_cp_sniff_mode cp;
330 cp.handle = cpu_to_le16(conn->handle);
331 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
332 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
333 cp.attempt = __constant_cpu_to_le16(4);
334 cp.timeout = __constant_cpu_to_le16(1);
335 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
336 }
337 }
338
339 static void hci_conn_idle(unsigned long arg)
340 {
341 struct hci_conn *conn = (void *) arg;
342
343 BT_DBG("hcon %p mode %d", conn, conn->mode);
344
345 hci_conn_enter_sniff_mode(conn);
346 }
347
348 static void hci_conn_auto_accept(unsigned long arg)
349 {
350 struct hci_conn *conn = (void *) arg;
351 struct hci_dev *hdev = conn->hdev;
352
353 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
354 &conn->dst);
355 }
356
357 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
358 {
359 struct hci_conn *conn;
360
361 BT_DBG("%s dst %pMR", hdev->name, dst);
362
363 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
364 if (!conn)
365 return NULL;
366
367 bacpy(&conn->dst, dst);
368 conn->hdev = hdev;
369 conn->type = type;
370 conn->mode = HCI_CM_ACTIVE;
371 conn->state = BT_OPEN;
372 conn->auth_type = HCI_AT_GENERAL_BONDING;
373 conn->io_capability = hdev->io_capability;
374 conn->remote_auth = 0xff;
375 conn->key_type = 0xff;
376
377 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
378 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
379
380 switch (type) {
381 case ACL_LINK:
382 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
383 break;
384 case SCO_LINK:
385 if (lmp_esco_capable(hdev))
386 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
387 (hdev->esco_type & EDR_ESCO_MASK);
388 else
389 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
390 break;
391 case ESCO_LINK:
392 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
393 break;
394 }
395
396 skb_queue_head_init(&conn->data_q);
397
398 INIT_LIST_HEAD(&conn->chan_list);
399
400 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
401 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
402 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
403 (unsigned long) conn);
404
405 atomic_set(&conn->refcnt, 0);
406
407 hci_dev_hold(hdev);
408
409 hci_conn_hash_add(hdev, conn);
410 if (hdev->notify)
411 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
412
413 hci_conn_init_sysfs(conn);
414
415 return conn;
416 }
417
418 int hci_conn_del(struct hci_conn *conn)
419 {
420 struct hci_dev *hdev = conn->hdev;
421
422 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
423
424 del_timer(&conn->idle_timer);
425
426 cancel_delayed_work_sync(&conn->disc_work);
427
428 del_timer(&conn->auto_accept_timer);
429
430 if (conn->type == ACL_LINK) {
431 struct hci_conn *sco = conn->link;
432 if (sco)
433 sco->link = NULL;
434
435 /* Unacked frames */
436 hdev->acl_cnt += conn->sent;
437 } else if (conn->type == LE_LINK) {
438 if (hdev->le_pkts)
439 hdev->le_cnt += conn->sent;
440 else
441 hdev->acl_cnt += conn->sent;
442 } else {
443 struct hci_conn *acl = conn->link;
444 if (acl) {
445 acl->link = NULL;
446 hci_conn_drop(acl);
447 }
448 }
449
450 hci_chan_list_flush(conn);
451
452 if (conn->amp_mgr)
453 amp_mgr_put(conn->amp_mgr);
454
455 hci_conn_hash_del(hdev, conn);
456 if (hdev->notify)
457 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
458
459 skb_queue_purge(&conn->data_q);
460
461 hci_conn_del_sysfs(conn);
462
463 hci_dev_put(hdev);
464
465 hci_conn_put(conn);
466
467 return 0;
468 }
469
470 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
471 {
472 int use_src = bacmp(src, BDADDR_ANY);
473 struct hci_dev *hdev = NULL, *d;
474
475 BT_DBG("%pMR -> %pMR", src, dst);
476
477 read_lock(&hci_dev_list_lock);
478
479 list_for_each_entry(d, &hci_dev_list, list) {
480 if (!test_bit(HCI_UP, &d->flags) ||
481 test_bit(HCI_RAW, &d->flags) ||
482 d->dev_type != HCI_BREDR)
483 continue;
484
485 /* Simple routing:
486 * No source address - find interface with bdaddr != dst
487 * Source address - find interface with bdaddr == src
488 */
489
490 if (use_src) {
491 if (!bacmp(&d->bdaddr, src)) {
492 hdev = d; break;
493 }
494 } else {
495 if (bacmp(&d->bdaddr, dst)) {
496 hdev = d; break;
497 }
498 }
499 }
500
501 if (hdev)
502 hdev = hci_dev_hold(hdev);
503
504 read_unlock(&hci_dev_list_lock);
505 return hdev;
506 }
507 EXPORT_SYMBOL(hci_get_route);
508
509 static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
510 u8 dst_type, u8 sec_level, u8 auth_type)
511 {
512 struct hci_conn *le;
513
514 if (test_bit(HCI_LE_PERIPHERAL, &hdev->flags))
515 return ERR_PTR(-ENOTSUPP);
516
517 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
518 if (!le) {
519 le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
520 if (le)
521 return ERR_PTR(-EBUSY);
522
523 le = hci_conn_add(hdev, LE_LINK, dst);
524 if (!le)
525 return ERR_PTR(-ENOMEM);
526
527 le->dst_type = bdaddr_to_le(dst_type);
528 hci_le_create_connection(le);
529 }
530
531 le->pending_sec_level = sec_level;
532 le->auth_type = auth_type;
533
534 hci_conn_hold(le);
535
536 return le;
537 }
538
539 static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
540 u8 sec_level, u8 auth_type)
541 {
542 struct hci_conn *acl;
543
544 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
545 if (!acl) {
546 acl = hci_conn_add(hdev, ACL_LINK, dst);
547 if (!acl)
548 return ERR_PTR(-ENOMEM);
549 }
550
551 hci_conn_hold(acl);
552
553 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
554 acl->sec_level = BT_SECURITY_LOW;
555 acl->pending_sec_level = sec_level;
556 acl->auth_type = auth_type;
557 hci_acl_create_connection(acl);
558 }
559
560 return acl;
561 }
562
563 static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
564 bdaddr_t *dst, u8 sec_level, u8 auth_type)
565 {
566 struct hci_conn *acl;
567 struct hci_conn *sco;
568
569 acl = hci_connect_acl(hdev, dst, sec_level, auth_type);
570 if (IS_ERR(acl))
571 return acl;
572
573 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
574 if (!sco) {
575 sco = hci_conn_add(hdev, type, dst);
576 if (!sco) {
577 hci_conn_drop(acl);
578 return ERR_PTR(-ENOMEM);
579 }
580 }
581
582 acl->link = sco;
583 sco->link = acl;
584
585 hci_conn_hold(sco);
586
587 if (acl->state == BT_CONNECTED &&
588 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
589 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
590 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
591
592 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
593 /* defer SCO setup until mode change completed */
594 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
595 return sco;
596 }
597
598 hci_sco_setup(acl, 0x00);
599 }
600
601 return sco;
602 }
603
604 /* Create SCO, ACL or LE connection. */
605 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
606 __u8 dst_type, __u8 sec_level, __u8 auth_type)
607 {
608 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
609
610 switch (type) {
611 case LE_LINK:
612 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
613 case ACL_LINK:
614 return hci_connect_acl(hdev, dst, sec_level, auth_type);
615 case SCO_LINK:
616 case ESCO_LINK:
617 return hci_connect_sco(hdev, type, dst, sec_level, auth_type);
618 }
619
620 return ERR_PTR(-EINVAL);
621 }
622
623 /* Check link security requirement */
624 int hci_conn_check_link_mode(struct hci_conn *conn)
625 {
626 BT_DBG("hcon %p", conn);
627
628 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
629 return 0;
630
631 return 1;
632 }
633
634 /* Authenticate remote device */
635 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
636 {
637 BT_DBG("hcon %p", conn);
638
639 if (conn->pending_sec_level > sec_level)
640 sec_level = conn->pending_sec_level;
641
642 if (sec_level > conn->sec_level)
643 conn->pending_sec_level = sec_level;
644 else if (conn->link_mode & HCI_LM_AUTH)
645 return 1;
646
647 /* Make sure we preserve an existing MITM requirement*/
648 auth_type |= (conn->auth_type & 0x01);
649
650 conn->auth_type = auth_type;
651
652 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
653 struct hci_cp_auth_requested cp;
654
655 /* encrypt must be pending if auth is also pending */
656 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
657
658 cp.handle = cpu_to_le16(conn->handle);
659 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
660 sizeof(cp), &cp);
661 if (conn->key_type != 0xff)
662 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
663 }
664
665 return 0;
666 }
667
668 /* Encrypt the the link */
669 static void hci_conn_encrypt(struct hci_conn *conn)
670 {
671 BT_DBG("hcon %p", conn);
672
673 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
674 struct hci_cp_set_conn_encrypt cp;
675 cp.handle = cpu_to_le16(conn->handle);
676 cp.encrypt = 0x01;
677 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
678 &cp);
679 }
680 }
681
682 /* Enable security */
683 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
684 {
685 BT_DBG("hcon %p", conn);
686
687 if (conn->type == LE_LINK)
688 return smp_conn_security(conn, sec_level);
689
690 /* For sdp we don't need the link key. */
691 if (sec_level == BT_SECURITY_SDP)
692 return 1;
693
694 /* For non 2.1 devices and low security level we don't need the link
695 key. */
696 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
697 return 1;
698
699 /* For other security levels we need the link key. */
700 if (!(conn->link_mode & HCI_LM_AUTH))
701 goto auth;
702
703 /* An authenticated combination key has sufficient security for any
704 security level. */
705 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
706 goto encrypt;
707
708 /* An unauthenticated combination key has sufficient security for
709 security level 1 and 2. */
710 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
711 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
712 goto encrypt;
713
714 /* A combination key has always sufficient security for the security
715 levels 1 or 2. High security level requires the combination key
716 is generated using maximum PIN code length (16).
717 For pre 2.1 units. */
718 if (conn->key_type == HCI_LK_COMBINATION &&
719 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
720 goto encrypt;
721
722 auth:
723 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
724 return 0;
725
726 if (!hci_conn_auth(conn, sec_level, auth_type))
727 return 0;
728
729 encrypt:
730 if (conn->link_mode & HCI_LM_ENCRYPT)
731 return 1;
732
733 hci_conn_encrypt(conn);
734 return 0;
735 }
736 EXPORT_SYMBOL(hci_conn_security);
737
738 /* Check secure link requirement */
739 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
740 {
741 BT_DBG("hcon %p", conn);
742
743 if (sec_level != BT_SECURITY_HIGH)
744 return 1; /* Accept if non-secure is required */
745
746 if (conn->sec_level == BT_SECURITY_HIGH)
747 return 1;
748
749 return 0; /* Reject not secure link */
750 }
751 EXPORT_SYMBOL(hci_conn_check_secure);
752
753 /* Change link key */
754 int hci_conn_change_link_key(struct hci_conn *conn)
755 {
756 BT_DBG("hcon %p", conn);
757
758 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
759 struct hci_cp_change_conn_link_key cp;
760 cp.handle = cpu_to_le16(conn->handle);
761 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
762 sizeof(cp), &cp);
763 }
764
765 return 0;
766 }
767
768 /* Switch role */
769 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
770 {
771 BT_DBG("hcon %p", conn);
772
773 if (!role && conn->link_mode & HCI_LM_MASTER)
774 return 1;
775
776 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
777 struct hci_cp_switch_role cp;
778 bacpy(&cp.bdaddr, &conn->dst);
779 cp.role = role;
780 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
781 }
782
783 return 0;
784 }
785 EXPORT_SYMBOL(hci_conn_switch_role);
786
787 /* Enter active mode */
788 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
789 {
790 struct hci_dev *hdev = conn->hdev;
791
792 BT_DBG("hcon %p mode %d", conn, conn->mode);
793
794 if (test_bit(HCI_RAW, &hdev->flags))
795 return;
796
797 if (conn->mode != HCI_CM_SNIFF)
798 goto timer;
799
800 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
801 goto timer;
802
803 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
804 struct hci_cp_exit_sniff_mode cp;
805 cp.handle = cpu_to_le16(conn->handle);
806 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
807 }
808
809 timer:
810 if (hdev->idle_timeout > 0)
811 mod_timer(&conn->idle_timer,
812 jiffies + msecs_to_jiffies(hdev->idle_timeout));
813 }
814
815 /* Drop all connection on the device */
816 void hci_conn_hash_flush(struct hci_dev *hdev)
817 {
818 struct hci_conn_hash *h = &hdev->conn_hash;
819 struct hci_conn *c, *n;
820
821 BT_DBG("hdev %s", hdev->name);
822
823 list_for_each_entry_safe(c, n, &h->list, list) {
824 c->state = BT_CLOSED;
825
826 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
827 hci_conn_del(c);
828 }
829 }
830
831 /* Check pending connect attempts */
832 void hci_conn_check_pending(struct hci_dev *hdev)
833 {
834 struct hci_conn *conn;
835
836 BT_DBG("hdev %s", hdev->name);
837
838 hci_dev_lock(hdev);
839
840 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
841 if (conn)
842 hci_acl_create_connection(conn);
843
844 hci_dev_unlock(hdev);
845 }
846
847 int hci_get_conn_list(void __user *arg)
848 {
849 struct hci_conn *c;
850 struct hci_conn_list_req req, *cl;
851 struct hci_conn_info *ci;
852 struct hci_dev *hdev;
853 int n = 0, size, err;
854
855 if (copy_from_user(&req, arg, sizeof(req)))
856 return -EFAULT;
857
858 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
859 return -EINVAL;
860
861 size = sizeof(req) + req.conn_num * sizeof(*ci);
862
863 cl = kmalloc(size, GFP_KERNEL);
864 if (!cl)
865 return -ENOMEM;
866
867 hdev = hci_dev_get(req.dev_id);
868 if (!hdev) {
869 kfree(cl);
870 return -ENODEV;
871 }
872
873 ci = cl->conn_info;
874
875 hci_dev_lock(hdev);
876 list_for_each_entry(c, &hdev->conn_hash.list, list) {
877 bacpy(&(ci + n)->bdaddr, &c->dst);
878 (ci + n)->handle = c->handle;
879 (ci + n)->type = c->type;
880 (ci + n)->out = c->out;
881 (ci + n)->state = c->state;
882 (ci + n)->link_mode = c->link_mode;
883 if (++n >= req.conn_num)
884 break;
885 }
886 hci_dev_unlock(hdev);
887
888 cl->dev_id = hdev->id;
889 cl->conn_num = n;
890 size = sizeof(req) + n * sizeof(*ci);
891
892 hci_dev_put(hdev);
893
894 err = copy_to_user(arg, cl, size);
895 kfree(cl);
896
897 return err ? -EFAULT : 0;
898 }
899
900 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
901 {
902 struct hci_conn_info_req req;
903 struct hci_conn_info ci;
904 struct hci_conn *conn;
905 char __user *ptr = arg + sizeof(req);
906
907 if (copy_from_user(&req, arg, sizeof(req)))
908 return -EFAULT;
909
910 hci_dev_lock(hdev);
911 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
912 if (conn) {
913 bacpy(&ci.bdaddr, &conn->dst);
914 ci.handle = conn->handle;
915 ci.type = conn->type;
916 ci.out = conn->out;
917 ci.state = conn->state;
918 ci.link_mode = conn->link_mode;
919 }
920 hci_dev_unlock(hdev);
921
922 if (!conn)
923 return -ENOENT;
924
925 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
926 }
927
928 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
929 {
930 struct hci_auth_info_req req;
931 struct hci_conn *conn;
932
933 if (copy_from_user(&req, arg, sizeof(req)))
934 return -EFAULT;
935
936 hci_dev_lock(hdev);
937 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
938 if (conn)
939 req.type = conn->auth_type;
940 hci_dev_unlock(hdev);
941
942 if (!conn)
943 return -ENOENT;
944
945 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
946 }
947
948 struct hci_chan *hci_chan_create(struct hci_conn *conn)
949 {
950 struct hci_dev *hdev = conn->hdev;
951 struct hci_chan *chan;
952
953 BT_DBG("%s hcon %p", hdev->name, conn);
954
955 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
956 if (!chan)
957 return NULL;
958
959 chan->conn = conn;
960 skb_queue_head_init(&chan->data_q);
961 chan->state = BT_CONNECTED;
962
963 list_add_rcu(&chan->list, &conn->chan_list);
964
965 return chan;
966 }
967
968 void hci_chan_del(struct hci_chan *chan)
969 {
970 struct hci_conn *conn = chan->conn;
971 struct hci_dev *hdev = conn->hdev;
972
973 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
974
975 list_del_rcu(&chan->list);
976
977 synchronize_rcu();
978
979 hci_conn_drop(conn);
980
981 skb_queue_purge(&chan->data_q);
982 kfree(chan);
983 }
984
985 void hci_chan_list_flush(struct hci_conn *conn)
986 {
987 struct hci_chan *chan, *n;
988
989 BT_DBG("hcon %p", conn);
990
991 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
992 hci_chan_del(chan);
993 }
994
995 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
996 __u16 handle)
997 {
998 struct hci_chan *hchan;
999
1000 list_for_each_entry(hchan, &hcon->chan_list, list) {
1001 if (hchan->handle == handle)
1002 return hchan;
1003 }
1004
1005 return NULL;
1006 }
1007
1008 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1009 {
1010 struct hci_conn_hash *h = &hdev->conn_hash;
1011 struct hci_conn *hcon;
1012 struct hci_chan *hchan = NULL;
1013
1014 rcu_read_lock();
1015
1016 list_for_each_entry_rcu(hcon, &h->list, list) {
1017 hchan = __hci_chan_lookup_handle(hcon, handle);
1018 if (hchan)
1019 break;
1020 }
1021
1022 rcu_read_unlock();
1023
1024 return hchan;
1025 }
Linus' kernel tree