2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
28 #include <linux/debugfs.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
34 #include "hci_request.h"
44 static const struct sco_param esco_param_cvsd[] = {
45 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
46 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
47 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
48 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
49 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
52 static const struct sco_param sco_param_cvsd[] = {
53 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
54 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
57 static const struct sco_param esco_param_msbc[] = {
58 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
59 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
62 /* This function requires the caller holds hdev->lock */
63 static void hci_connect_le_scan_cleanup(struct hci_conn *conn)
65 struct hci_conn_params *params;
66 struct hci_dev *hdev = conn->hdev;
72 bdaddr_type = conn->dst_type;
74 /* Check if we need to convert to identity address */
75 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
77 bdaddr = &irk->bdaddr;
78 bdaddr_type = irk->addr_type;
81 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
83 if (!params || !params->explicit_connect)
86 /* The connection attempt was doing scan for new RPA, and is
87 * in scan phase. If params are not associated with any other
88 * autoconnect action, remove them completely. If they are, just unmark
89 * them as waiting for connection, by clearing explicit_connect field.
91 params->explicit_connect = false;
93 list_del_init(¶ms->action);
95 switch (params->auto_connect) {
96 case HCI_AUTO_CONN_EXPLICIT:
97 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
98 /* return instead of break to avoid duplicate scan update */
100 case HCI_AUTO_CONN_DIRECT:
101 case HCI_AUTO_CONN_ALWAYS:
102 list_add(¶ms->action, &hdev->pend_le_conns);
104 case HCI_AUTO_CONN_REPORT:
105 list_add(¶ms->action, &hdev->pend_le_reports);
111 hci_update_background_scan(hdev);
114 static void hci_conn_cleanup(struct hci_conn *conn)
116 struct hci_dev *hdev = conn->hdev;
118 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
119 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
121 hci_chan_list_flush(conn);
123 hci_conn_hash_del(hdev, conn);
125 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
126 switch (conn->setting & SCO_AIRMODE_MASK) {
127 case SCO_AIRMODE_CVSD:
128 case SCO_AIRMODE_TRANSP:
130 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
135 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
138 hci_conn_del_sysfs(conn);
140 debugfs_remove_recursive(conn->debugfs);
147 static void le_scan_cleanup(struct work_struct *work)
149 struct hci_conn *conn = container_of(work, struct hci_conn,
151 struct hci_dev *hdev = conn->hdev;
152 struct hci_conn *c = NULL;
154 BT_DBG("%s hcon %p", hdev->name, conn);
158 /* Check that the hci_conn is still around */
160 list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) {
167 hci_connect_le_scan_cleanup(conn);
168 hci_conn_cleanup(conn);
171 hci_dev_unlock(hdev);
176 static void hci_connect_le_scan_remove(struct hci_conn *conn)
178 BT_DBG("%s hcon %p", conn->hdev->name, conn);
180 /* We can't call hci_conn_del/hci_conn_cleanup here since that
181 * could deadlock with another hci_conn_del() call that's holding
182 * hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work).
183 * Instead, grab temporary extra references to the hci_dev and
184 * hci_conn and perform the necessary cleanup in a separate work
188 hci_dev_hold(conn->hdev);
191 /* Even though we hold a reference to the hdev, many other
192 * things might get cleaned up meanwhile, including the hdev's
193 * own workqueue, so we can't use that for scheduling.
195 schedule_work(&conn->le_scan_cleanup);
198 static void hci_acl_create_connection(struct hci_conn *conn)
200 struct hci_dev *hdev = conn->hdev;
201 struct inquiry_entry *ie;
202 struct hci_cp_create_conn cp;
204 BT_DBG("hcon %p", conn);
206 /* Many controllers disallow HCI Create Connection while it is doing
207 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
208 * Connection. This may cause the MGMT discovering state to become false
209 * without user space's request but it is okay since the MGMT Discovery
210 * APIs do not promise that discovery should be done forever. Instead,
211 * the user space monitors the status of MGMT discovering and it may
212 * request for discovery again when this flag becomes false.
214 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
215 /* Put this connection to "pending" state so that it will be
216 * executed after the inquiry cancel command complete event.
218 conn->state = BT_CONNECT2;
219 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
223 conn->state = BT_CONNECT;
225 conn->role = HCI_ROLE_MASTER;
229 conn->link_policy = hdev->link_policy;
231 memset(&cp, 0, sizeof(cp));
232 bacpy(&cp.bdaddr, &conn->dst);
233 cp.pscan_rep_mode = 0x02;
235 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
237 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
238 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
239 cp.pscan_mode = ie->data.pscan_mode;
240 cp.clock_offset = ie->data.clock_offset |
244 memcpy(conn->dev_class, ie->data.dev_class, 3);
247 cp.pkt_type = cpu_to_le16(conn->pkt_type);
248 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
249 cp.role_switch = 0x01;
251 cp.role_switch = 0x00;
253 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
256 int hci_disconnect(struct hci_conn *conn, __u8 reason)
258 BT_DBG("hcon %p", conn);
260 /* When we are master of an established connection and it enters
261 * the disconnect timeout, then go ahead and try to read the
262 * current clock offset. Processing of the result is done
263 * within the event handling and hci_clock_offset_evt function.
265 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
266 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
267 struct hci_dev *hdev = conn->hdev;
268 struct hci_cp_read_clock_offset clkoff_cp;
270 clkoff_cp.handle = cpu_to_le16(conn->handle);
271 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
275 return hci_abort_conn(conn, reason);
278 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
280 struct hci_dev *hdev = conn->hdev;
281 struct hci_cp_add_sco cp;
283 BT_DBG("hcon %p", conn);
285 conn->state = BT_CONNECT;
290 cp.handle = cpu_to_le16(handle);
291 cp.pkt_type = cpu_to_le16(conn->pkt_type);
293 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
296 static bool find_next_esco_param(struct hci_conn *conn,
297 const struct sco_param *esco_param, int size)
299 for (; conn->attempt <= size; conn->attempt++) {
300 if (lmp_esco_2m_capable(conn->link) ||
301 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
303 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
304 conn, conn->attempt);
307 return conn->attempt <= size;
310 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
312 struct hci_dev *hdev = conn->hdev;
313 struct hci_cp_setup_sync_conn cp;
314 const struct sco_param *param;
316 BT_DBG("hcon %p", conn);
318 conn->state = BT_CONNECT;
323 cp.handle = cpu_to_le16(handle);
325 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
326 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
327 cp.voice_setting = cpu_to_le16(conn->setting);
329 switch (conn->setting & SCO_AIRMODE_MASK) {
330 case SCO_AIRMODE_TRANSP:
331 if (!find_next_esco_param(conn, esco_param_msbc,
332 ARRAY_SIZE(esco_param_msbc)))
334 param = &esco_param_msbc[conn->attempt - 1];
336 case SCO_AIRMODE_CVSD:
337 if (lmp_esco_capable(conn->link)) {
338 if (!find_next_esco_param(conn, esco_param_cvsd,
339 ARRAY_SIZE(esco_param_cvsd)))
341 param = &esco_param_cvsd[conn->attempt - 1];
343 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
345 param = &sco_param_cvsd[conn->attempt - 1];
352 cp.retrans_effort = param->retrans_effort;
353 cp.pkt_type = __cpu_to_le16(param->pkt_type);
354 cp.max_latency = __cpu_to_le16(param->max_latency);
356 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
362 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
365 struct hci_dev *hdev = conn->hdev;
366 struct hci_conn_params *params;
367 struct hci_cp_le_conn_update cp;
371 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
373 params->conn_min_interval = min;
374 params->conn_max_interval = max;
375 params->conn_latency = latency;
376 params->supervision_timeout = to_multiplier;
379 hci_dev_unlock(hdev);
381 memset(&cp, 0, sizeof(cp));
382 cp.handle = cpu_to_le16(conn->handle);
383 cp.conn_interval_min = cpu_to_le16(min);
384 cp.conn_interval_max = cpu_to_le16(max);
385 cp.conn_latency = cpu_to_le16(latency);
386 cp.supervision_timeout = cpu_to_le16(to_multiplier);
387 cp.min_ce_len = cpu_to_le16(0x0000);
388 cp.max_ce_len = cpu_to_le16(0x0000);
390 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
398 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
399 __u8 ltk[16], __u8 key_size)
401 struct hci_dev *hdev = conn->hdev;
402 struct hci_cp_le_start_enc cp;
404 BT_DBG("hcon %p", conn);
406 memset(&cp, 0, sizeof(cp));
408 cp.handle = cpu_to_le16(conn->handle);
411 memcpy(cp.ltk, ltk, key_size);
413 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
416 /* Device _must_ be locked */
417 void hci_sco_setup(struct hci_conn *conn, __u8 status)
419 struct hci_conn *sco = conn->link;
424 BT_DBG("hcon %p", conn);
427 if (lmp_esco_capable(conn->hdev))
428 hci_setup_sync(sco, conn->handle);
430 hci_add_sco(sco, conn->handle);
432 hci_connect_cfm(sco, status);
437 static void hci_conn_timeout(struct work_struct *work)
439 struct hci_conn *conn = container_of(work, struct hci_conn,
441 int refcnt = atomic_read(&conn->refcnt);
443 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
447 /* FIXME: It was observed that in pairing failed scenario, refcnt
448 * drops below 0. Probably this is because l2cap_conn_del calls
449 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
450 * dropped. After that loop hci_chan_del is called which also drops
451 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
457 /* LE connections in scanning state need special handling */
458 if (conn->state == BT_CONNECT && conn->type == LE_LINK &&
459 test_bit(HCI_CONN_SCANNING, &conn->flags)) {
460 hci_connect_le_scan_remove(conn);
464 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
467 /* Enter sniff mode */
468 static void hci_conn_idle(struct work_struct *work)
470 struct hci_conn *conn = container_of(work, struct hci_conn,
472 struct hci_dev *hdev = conn->hdev;
474 BT_DBG("hcon %p mode %d", conn, conn->mode);
476 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
479 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
482 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
483 struct hci_cp_sniff_subrate cp;
484 cp.handle = cpu_to_le16(conn->handle);
485 cp.max_latency = cpu_to_le16(0);
486 cp.min_remote_timeout = cpu_to_le16(0);
487 cp.min_local_timeout = cpu_to_le16(0);
488 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
491 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
492 struct hci_cp_sniff_mode cp;
493 cp.handle = cpu_to_le16(conn->handle);
494 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
495 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
496 cp.attempt = cpu_to_le16(4);
497 cp.timeout = cpu_to_le16(1);
498 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
502 static void hci_conn_auto_accept(struct work_struct *work)
504 struct hci_conn *conn = container_of(work, struct hci_conn,
505 auto_accept_work.work);
507 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
511 static void le_disable_advertising(struct hci_dev *hdev)
513 if (ext_adv_capable(hdev)) {
514 struct hci_cp_le_set_ext_adv_enable cp;
517 cp.num_of_sets = 0x00;
519 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
523 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
528 static void le_conn_timeout(struct work_struct *work)
530 struct hci_conn *conn = container_of(work, struct hci_conn,
531 le_conn_timeout.work);
532 struct hci_dev *hdev = conn->hdev;
536 /* We could end up here due to having done directed advertising,
537 * so clean up the state if necessary. This should however only
538 * happen with broken hardware or if low duty cycle was used
539 * (which doesn't have a timeout of its own).
541 if (conn->role == HCI_ROLE_SLAVE) {
542 /* Disable LE Advertising */
543 le_disable_advertising(hdev);
544 hci_le_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
548 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
551 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
554 struct hci_conn *conn;
556 BT_DBG("%s dst %pMR", hdev->name, dst);
558 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
562 bacpy(&conn->dst, dst);
563 bacpy(&conn->src, &hdev->bdaddr);
567 conn->mode = HCI_CM_ACTIVE;
568 conn->state = BT_OPEN;
569 conn->auth_type = HCI_AT_GENERAL_BONDING;
570 conn->io_capability = hdev->io_capability;
571 conn->remote_auth = 0xff;
572 conn->key_type = 0xff;
573 conn->rssi = HCI_RSSI_INVALID;
574 conn->tx_power = HCI_TX_POWER_INVALID;
575 conn->max_tx_power = HCI_TX_POWER_INVALID;
577 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
578 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
580 /* Set Default Authenticated payload timeout to 30s */
581 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
583 if (conn->role == HCI_ROLE_MASTER)
588 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
591 /* conn->src should reflect the local identity address */
592 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
595 if (lmp_esco_capable(hdev))
596 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
597 (hdev->esco_type & EDR_ESCO_MASK);
599 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
602 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
606 skb_queue_head_init(&conn->data_q);
608 INIT_LIST_HEAD(&conn->chan_list);
610 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
611 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
612 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
613 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
614 INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup);
616 atomic_set(&conn->refcnt, 0);
620 hci_conn_hash_add(hdev, conn);
622 /* The SCO and eSCO connections will only be notified when their
623 * setup has been completed. This is different to ACL links which
624 * can be notified right away.
626 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
628 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
631 hci_conn_init_sysfs(conn);
636 int hci_conn_del(struct hci_conn *conn)
638 struct hci_dev *hdev = conn->hdev;
640 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
642 cancel_delayed_work_sync(&conn->disc_work);
643 cancel_delayed_work_sync(&conn->auto_accept_work);
644 cancel_delayed_work_sync(&conn->idle_work);
646 if (conn->type == ACL_LINK) {
647 struct hci_conn *sco = conn->link;
652 hdev->acl_cnt += conn->sent;
653 } else if (conn->type == LE_LINK) {
654 cancel_delayed_work(&conn->le_conn_timeout);
657 hdev->le_cnt += conn->sent;
659 hdev->acl_cnt += conn->sent;
661 struct hci_conn *acl = conn->link;
669 amp_mgr_put(conn->amp_mgr);
671 skb_queue_purge(&conn->data_q);
673 /* Remove the connection from the list and cleanup its remaining
674 * state. This is a separate function since for some cases like
675 * BT_CONNECT_SCAN we *only* want the cleanup part without the
676 * rest of hci_conn_del.
678 hci_conn_cleanup(conn);
683 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
685 int use_src = bacmp(src, BDADDR_ANY);
686 struct hci_dev *hdev = NULL, *d;
688 BT_DBG("%pMR -> %pMR", src, dst);
690 read_lock(&hci_dev_list_lock);
692 list_for_each_entry(d, &hci_dev_list, list) {
693 if (!test_bit(HCI_UP, &d->flags) ||
694 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
695 d->dev_type != HCI_PRIMARY)
699 * No source address - find interface with bdaddr != dst
700 * Source address - find interface with bdaddr == src
707 if (src_type == BDADDR_BREDR) {
708 if (!lmp_bredr_capable(d))
710 bacpy(&id_addr, &d->bdaddr);
711 id_addr_type = BDADDR_BREDR;
713 if (!lmp_le_capable(d))
716 hci_copy_identity_address(d, &id_addr,
719 /* Convert from HCI to three-value type */
720 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
721 id_addr_type = BDADDR_LE_PUBLIC;
723 id_addr_type = BDADDR_LE_RANDOM;
726 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
730 if (bacmp(&d->bdaddr, dst)) {
737 hdev = hci_dev_hold(hdev);
739 read_unlock(&hci_dev_list_lock);
742 EXPORT_SYMBOL(hci_get_route);
744 /* This function requires the caller holds hdev->lock */
745 void hci_le_conn_failed(struct hci_conn *conn, u8 status)
747 struct hci_dev *hdev = conn->hdev;
748 struct hci_conn_params *params;
750 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
752 if (params && params->conn) {
753 hci_conn_drop(params->conn);
754 hci_conn_put(params->conn);
758 conn->state = BT_CLOSED;
760 /* If the status indicates successful cancellation of
761 * the attempt (i.e. Unkown Connection Id) there's no point of
762 * notifying failure since we'll go back to keep trying to
763 * connect. The only exception is explicit connect requests
764 * where a timeout + cancel does indicate an actual failure.
766 if (status != HCI_ERROR_UNKNOWN_CONN_ID ||
767 (params && params->explicit_connect))
768 mgmt_connect_failed(hdev, &conn->dst, conn->type,
769 conn->dst_type, status);
771 hci_connect_cfm(conn, status);
775 /* Since we may have temporarily stopped the background scanning in
776 * favor of connection establishment, we should restart it.
778 hci_update_background_scan(hdev);
780 /* Re-enable advertising in case this was a failed connection
781 * attempt as a peripheral.
783 hci_req_reenable_advertising(hdev);
786 static void create_le_conn_complete(struct hci_dev *hdev, u8 status, u16 opcode)
788 struct hci_conn *conn;
792 conn = hci_lookup_le_connect(hdev);
794 if (hdev->adv_instance_cnt)
795 hci_req_resume_adv_instances(hdev);
798 hci_connect_le_scan_cleanup(conn);
802 bt_dev_err(hdev, "request failed to create LE connection: "
803 "status 0x%2.2x", status);
808 hci_le_conn_failed(conn, status);
811 hci_dev_unlock(hdev);
814 static bool conn_use_rpa(struct hci_conn *conn)
816 struct hci_dev *hdev = conn->hdev;
818 return hci_dev_test_flag(hdev, HCI_PRIVACY);
821 static void set_ext_conn_params(struct hci_conn *conn,
822 struct hci_cp_le_ext_conn_param *p)
824 struct hci_dev *hdev = conn->hdev;
826 memset(p, 0, sizeof(*p));
828 p->scan_interval = cpu_to_le16(hdev->le_scan_int_connect);
829 p->scan_window = cpu_to_le16(hdev->le_scan_window_connect);
830 p->conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
831 p->conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
832 p->conn_latency = cpu_to_le16(conn->le_conn_latency);
833 p->supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
834 p->min_ce_len = cpu_to_le16(0x0000);
835 p->max_ce_len = cpu_to_le16(0x0000);
838 static void hci_req_add_le_create_conn(struct hci_request *req,
839 struct hci_conn *conn,
840 bdaddr_t *direct_rpa)
842 struct hci_dev *hdev = conn->hdev;
845 /* If direct address was provided we use it instead of current
849 if (bacmp(&req->hdev->random_addr, direct_rpa))
850 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
853 /* direct address is always RPA */
854 own_addr_type = ADDR_LE_DEV_RANDOM;
856 /* Update random address, but set require_privacy to false so
857 * that we never connect with an non-resolvable address.
859 if (hci_update_random_address(req, false, conn_use_rpa(conn),
864 if (use_ext_conn(hdev)) {
865 struct hci_cp_le_ext_create_conn *cp;
866 struct hci_cp_le_ext_conn_param *p;
867 u8 data[sizeof(*cp) + sizeof(*p) * 3];
871 p = (void *) cp->data;
873 memset(cp, 0, sizeof(*cp));
875 bacpy(&cp->peer_addr, &conn->dst);
876 cp->peer_addr_type = conn->dst_type;
877 cp->own_addr_type = own_addr_type;
882 cp->phys |= LE_SCAN_PHY_1M;
883 set_ext_conn_params(conn, p);
890 cp->phys |= LE_SCAN_PHY_2M;
891 set_ext_conn_params(conn, p);
897 if (scan_coded(hdev)) {
898 cp->phys |= LE_SCAN_PHY_CODED;
899 set_ext_conn_params(conn, p);
904 hci_req_add(req, HCI_OP_LE_EXT_CREATE_CONN, plen, data);
907 struct hci_cp_le_create_conn cp;
909 memset(&cp, 0, sizeof(cp));
911 cp.scan_interval = cpu_to_le16(hdev->le_scan_int_connect);
912 cp.scan_window = cpu_to_le16(hdev->le_scan_window_connect);
914 bacpy(&cp.peer_addr, &conn->dst);
915 cp.peer_addr_type = conn->dst_type;
916 cp.own_address_type = own_addr_type;
917 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
918 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
919 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
920 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
921 cp.min_ce_len = cpu_to_le16(0x0000);
922 cp.max_ce_len = cpu_to_le16(0x0000);
924 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
927 conn->state = BT_CONNECT;
928 clear_bit(HCI_CONN_SCANNING, &conn->flags);
931 static void hci_req_directed_advertising(struct hci_request *req,
932 struct hci_conn *conn)
934 struct hci_dev *hdev = req->hdev;
938 if (ext_adv_capable(hdev)) {
939 struct hci_cp_le_set_ext_adv_params cp;
940 bdaddr_t random_addr;
942 /* Set require_privacy to false so that the remote device has a
943 * chance of identifying us.
945 if (hci_get_random_address(hdev, false, conn_use_rpa(conn), NULL,
946 &own_addr_type, &random_addr) < 0)
949 memset(&cp, 0, sizeof(cp));
951 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_DIRECT_IND);
952 cp.own_addr_type = own_addr_type;
953 cp.channel_map = hdev->le_adv_channel_map;
954 cp.tx_power = HCI_TX_POWER_INVALID;
955 cp.primary_phy = HCI_ADV_PHY_1M;
956 cp.secondary_phy = HCI_ADV_PHY_1M;
957 cp.handle = 0; /* Use instance 0 for directed adv */
958 cp.own_addr_type = own_addr_type;
959 cp.peer_addr_type = conn->dst_type;
960 bacpy(&cp.peer_addr, &conn->dst);
962 /* As per Core Spec 5.2 Vol 2, PART E, Sec 7.8.53, for
963 * advertising_event_property LE_LEGACY_ADV_DIRECT_IND
964 * does not supports advertising data when the advertising set already
965 * contains some, the controller shall return erroc code 'Invalid
966 * HCI Command Parameters(0x12).
967 * So it is required to remove adv set for handle 0x00. since we use
968 * instance 0 for directed adv.
970 __hci_req_remove_ext_adv_instance(req, cp.handle);
972 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp);
974 if (own_addr_type == ADDR_LE_DEV_RANDOM &&
975 bacmp(&random_addr, BDADDR_ANY) &&
976 bacmp(&random_addr, &hdev->random_addr)) {
977 struct hci_cp_le_set_adv_set_rand_addr cp;
979 memset(&cp, 0, sizeof(cp));
982 bacpy(&cp.bdaddr, &random_addr);
985 HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
989 __hci_req_enable_ext_advertising(req, 0x00);
991 struct hci_cp_le_set_adv_param cp;
993 /* Clear the HCI_LE_ADV bit temporarily so that the
994 * hci_update_random_address knows that it's safe to go ahead
995 * and write a new random address. The flag will be set back on
996 * as soon as the SET_ADV_ENABLE HCI command completes.
998 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1000 /* Set require_privacy to false so that the remote device has a
1001 * chance of identifying us.
1003 if (hci_update_random_address(req, false, conn_use_rpa(conn),
1004 &own_addr_type) < 0)
1007 memset(&cp, 0, sizeof(cp));
1009 /* Some controllers might reject command if intervals are not
1010 * within range for undirected advertising.
1011 * BCM20702A0 is known to be affected by this.
1013 cp.min_interval = cpu_to_le16(0x0020);
1014 cp.max_interval = cpu_to_le16(0x0020);
1016 cp.type = LE_ADV_DIRECT_IND;
1017 cp.own_address_type = own_addr_type;
1018 cp.direct_addr_type = conn->dst_type;
1019 bacpy(&cp.direct_addr, &conn->dst);
1020 cp.channel_map = hdev->le_adv_channel_map;
1022 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1025 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
1029 conn->state = BT_CONNECT;
1032 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
1033 u8 dst_type, u8 sec_level, u16 conn_timeout,
1034 u8 role, bdaddr_t *direct_rpa)
1036 struct hci_conn_params *params;
1037 struct hci_conn *conn;
1038 struct smp_irk *irk;
1039 struct hci_request req;
1042 /* This ensures that during disable le_scan address resolution
1043 * will not be disabled if it is followed by le_create_conn
1045 bool rpa_le_conn = true;
1047 /* Let's make sure that le is enabled.*/
1048 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1049 if (lmp_le_capable(hdev))
1050 return ERR_PTR(-ECONNREFUSED);
1052 return ERR_PTR(-EOPNOTSUPP);
1055 /* Since the controller supports only one LE connection attempt at a
1056 * time, we return -EBUSY if there is any connection attempt running.
1058 if (hci_lookup_le_connect(hdev))
1059 return ERR_PTR(-EBUSY);
1061 /* If there's already a connection object but it's not in
1062 * scanning state it means it must already be established, in
1063 * which case we can't do anything else except report a failure
1066 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1067 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1068 return ERR_PTR(-EBUSY);
1071 /* When given an identity address with existing identity
1072 * resolving key, the connection needs to be established
1073 * to a resolvable random address.
1075 * Storing the resolvable random address is required here
1076 * to handle connection failures. The address will later
1077 * be resolved back into the original identity address
1078 * from the connect request.
1080 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1081 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1083 dst_type = ADDR_LE_DEV_RANDOM;
1087 bacpy(&conn->dst, dst);
1089 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1091 return ERR_PTR(-ENOMEM);
1092 hci_conn_hold(conn);
1093 conn->pending_sec_level = sec_level;
1096 conn->dst_type = dst_type;
1097 conn->sec_level = BT_SECURITY_LOW;
1098 conn->conn_timeout = conn_timeout;
1100 hci_req_init(&req, hdev);
1102 /* Disable advertising if we're active. For master role
1103 * connections most controllers will refuse to connect if
1104 * advertising is enabled, and for slave role connections we
1105 * anyway have to disable it in order to start directed
1106 * advertising. Any registered advertisements will be
1107 * re-enabled after the connection attempt is finished.
1109 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1110 __hci_req_pause_adv_instances(&req);
1112 /* If requested to connect as slave use directed advertising */
1113 if (conn->role == HCI_ROLE_SLAVE) {
1114 /* If we're active scanning most controllers are unable
1115 * to initiate advertising. Simply reject the attempt.
1117 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
1118 hdev->le_scan_type == LE_SCAN_ACTIVE) {
1119 hci_req_purge(&req);
1121 return ERR_PTR(-EBUSY);
1124 hci_req_directed_advertising(&req, conn);
1128 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1130 conn->le_conn_min_interval = params->conn_min_interval;
1131 conn->le_conn_max_interval = params->conn_max_interval;
1132 conn->le_conn_latency = params->conn_latency;
1133 conn->le_supv_timeout = params->supervision_timeout;
1135 conn->le_conn_min_interval = hdev->le_conn_min_interval;
1136 conn->le_conn_max_interval = hdev->le_conn_max_interval;
1137 conn->le_conn_latency = hdev->le_conn_latency;
1138 conn->le_supv_timeout = hdev->le_supv_timeout;
1141 /* If controller is scanning, we stop it since some controllers are
1142 * not able to scan and connect at the same time. Also set the
1143 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
1144 * handler for scan disabling knows to set the correct discovery
1147 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1148 hci_req_add_le_scan_disable(&req, rpa_le_conn);
1149 hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED);
1152 hci_req_add_le_create_conn(&req, conn, direct_rpa);
1155 err = hci_req_run(&req, create_le_conn_complete);
1159 if (hdev->adv_instance_cnt)
1160 hci_req_resume_adv_instances(hdev);
1162 return ERR_PTR(err);
1168 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1170 struct hci_conn *conn;
1172 conn = hci_conn_hash_lookup_le(hdev, addr, type);
1176 if (conn->state != BT_CONNECTED)
1182 /* This function requires the caller holds hdev->lock */
1183 static int hci_explicit_conn_params_set(struct hci_dev *hdev,
1184 bdaddr_t *addr, u8 addr_type)
1186 struct hci_conn_params *params;
1188 if (is_connected(hdev, addr, addr_type))
1191 params = hci_conn_params_lookup(hdev, addr, addr_type);
1193 params = hci_conn_params_add(hdev, addr, addr_type);
1197 /* If we created new params, mark them to be deleted in
1198 * hci_connect_le_scan_cleanup. It's different case than
1199 * existing disabled params, those will stay after cleanup.
1201 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1204 /* We're trying to connect, so make sure params are at pend_le_conns */
1205 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
1206 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1207 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
1208 list_del_init(¶ms->action);
1209 list_add(¶ms->action, &hdev->pend_le_conns);
1212 params->explicit_connect = true;
1214 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1215 params->auto_connect);
1220 /* This function requires the caller holds hdev->lock */
1221 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1222 u8 dst_type, u8 sec_level,
1224 enum conn_reasons conn_reason)
1226 struct hci_conn *conn;
1228 /* Let's make sure that le is enabled.*/
1229 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1230 if (lmp_le_capable(hdev))
1231 return ERR_PTR(-ECONNREFUSED);
1233 return ERR_PTR(-EOPNOTSUPP);
1236 /* Some devices send ATT messages as soon as the physical link is
1237 * established. To be able to handle these ATT messages, the user-
1238 * space first establishes the connection and then starts the pairing
1241 * So if a hci_conn object already exists for the following connection
1242 * attempt, we simply update pending_sec_level and auth_type fields
1243 * and return the object found.
1245 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1247 if (conn->pending_sec_level < sec_level)
1248 conn->pending_sec_level = sec_level;
1252 BT_DBG("requesting refresh of dst_addr");
1254 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
1256 return ERR_PTR(-ENOMEM);
1258 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1260 return ERR_PTR(-EBUSY);
1263 conn->state = BT_CONNECT;
1264 set_bit(HCI_CONN_SCANNING, &conn->flags);
1265 conn->dst_type = dst_type;
1266 conn->sec_level = BT_SECURITY_LOW;
1267 conn->pending_sec_level = sec_level;
1268 conn->conn_timeout = conn_timeout;
1269 conn->conn_reason = conn_reason;
1271 hci_update_background_scan(hdev);
1274 hci_conn_hold(conn);
1278 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1279 u8 sec_level, u8 auth_type,
1280 enum conn_reasons conn_reason)
1282 struct hci_conn *acl;
1284 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1285 if (lmp_bredr_capable(hdev))
1286 return ERR_PTR(-ECONNREFUSED);
1288 return ERR_PTR(-EOPNOTSUPP);
1291 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1293 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
1295 return ERR_PTR(-ENOMEM);
1300 acl->conn_reason = conn_reason;
1301 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
1302 acl->sec_level = BT_SECURITY_LOW;
1303 acl->pending_sec_level = sec_level;
1304 acl->auth_type = auth_type;
1305 hci_acl_create_connection(acl);
1311 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1314 struct hci_conn *acl;
1315 struct hci_conn *sco;
1317 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1318 CONN_REASON_SCO_CONNECT);
1322 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1324 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
1327 return ERR_PTR(-ENOMEM);
1336 sco->setting = setting;
1338 if (acl->state == BT_CONNECTED &&
1339 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
1340 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
1341 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
1343 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
1344 /* defer SCO setup until mode change completed */
1345 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
1349 hci_sco_setup(acl, 0x00);
1355 /* Check link security requirement */
1356 int hci_conn_check_link_mode(struct hci_conn *conn)
1358 BT_DBG("hcon %p", conn);
1360 /* In Secure Connections Only mode, it is required that Secure
1361 * Connections is used and the link is encrypted with AES-CCM
1362 * using a P-256 authenticated combination key.
1364 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
1365 if (!hci_conn_sc_enabled(conn) ||
1366 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
1367 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
1371 /* AES encryption is required for Level 4:
1373 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
1376 * 128-bit equivalent strength for link and encryption keys
1377 * required using FIPS approved algorithms (E0 not allowed,
1378 * SAFER+ not allowed, and P-192 not allowed; encryption key
1381 if (conn->sec_level == BT_SECURITY_FIPS &&
1382 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
1383 bt_dev_err(conn->hdev,
1384 "Invalid security: Missing AES-CCM usage");
1388 if (hci_conn_ssp_enabled(conn) &&
1389 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1395 /* Authenticate remote device */
1396 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1398 BT_DBG("hcon %p", conn);
1400 if (conn->pending_sec_level > sec_level)
1401 sec_level = conn->pending_sec_level;
1403 if (sec_level > conn->sec_level)
1404 conn->pending_sec_level = sec_level;
1405 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
1408 /* Make sure we preserve an existing MITM requirement*/
1409 auth_type |= (conn->auth_type & 0x01);
1411 conn->auth_type = auth_type;
1413 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1414 struct hci_cp_auth_requested cp;
1416 cp.handle = cpu_to_le16(conn->handle);
1417 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
1420 /* If we're already encrypted set the REAUTH_PEND flag,
1421 * otherwise set the ENCRYPT_PEND.
1423 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1424 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1426 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1432 /* Encrypt the link */
1433 static void hci_conn_encrypt(struct hci_conn *conn)
1435 BT_DBG("hcon %p", conn);
1437 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1438 struct hci_cp_set_conn_encrypt cp;
1439 cp.handle = cpu_to_le16(conn->handle);
1441 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1446 /* Enable security */
1447 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
1450 BT_DBG("hcon %p", conn);
1452 if (conn->type == LE_LINK)
1453 return smp_conn_security(conn, sec_level);
1455 /* For sdp we don't need the link key. */
1456 if (sec_level == BT_SECURITY_SDP)
1459 /* For non 2.1 devices and low security level we don't need the link
1461 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
1464 /* For other security levels we need the link key. */
1465 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
1468 /* An authenticated FIPS approved combination key has sufficient
1469 * security for security level 4. */
1470 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
1471 sec_level == BT_SECURITY_FIPS)
1474 /* An authenticated combination key has sufficient security for
1475 security level 3. */
1476 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
1477 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
1478 sec_level == BT_SECURITY_HIGH)
1481 /* An unauthenticated combination key has sufficient security for
1482 security level 1 and 2. */
1483 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
1484 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
1485 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
1488 /* A combination key has always sufficient security for the security
1489 levels 1 or 2. High security level requires the combination key
1490 is generated using maximum PIN code length (16).
1491 For pre 2.1 units. */
1492 if (conn->key_type == HCI_LK_COMBINATION &&
1493 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
1494 conn->pin_length == 16))
1498 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
1502 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1504 if (!hci_conn_auth(conn, sec_level, auth_type))
1508 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
1509 /* Ensure that the encryption key size has been read,
1510 * otherwise stall the upper layer responses.
1512 if (!conn->enc_key_size)
1515 /* Nothing else needed, all requirements are met */
1519 hci_conn_encrypt(conn);
1522 EXPORT_SYMBOL(hci_conn_security);
1524 /* Check secure link requirement */
1525 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
1527 BT_DBG("hcon %p", conn);
1529 /* Accept if non-secure or higher security level is required */
1530 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
1533 /* Accept if secure or higher security level is already present */
1534 if (conn->sec_level == BT_SECURITY_HIGH ||
1535 conn->sec_level == BT_SECURITY_FIPS)
1538 /* Reject not secure link */
1541 EXPORT_SYMBOL(hci_conn_check_secure);
1544 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1546 BT_DBG("hcon %p", conn);
1548 if (role == conn->role)
1551 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
1552 struct hci_cp_switch_role cp;
1553 bacpy(&cp.bdaddr, &conn->dst);
1555 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1560 EXPORT_SYMBOL(hci_conn_switch_role);
1562 /* Enter active mode */
1563 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
1565 struct hci_dev *hdev = conn->hdev;
1567 BT_DBG("hcon %p mode %d", conn, conn->mode);
1569 if (conn->mode != HCI_CM_SNIFF)
1572 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
1575 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
1576 struct hci_cp_exit_sniff_mode cp;
1577 cp.handle = cpu_to_le16(conn->handle);
1578 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
1582 if (hdev->idle_timeout > 0)
1583 queue_delayed_work(hdev->workqueue, &conn->idle_work,
1584 msecs_to_jiffies(hdev->idle_timeout));
1587 /* Drop all connection on the device */
1588 void hci_conn_hash_flush(struct hci_dev *hdev)
1590 struct hci_conn_hash *h = &hdev->conn_hash;
1591 struct hci_conn *c, *n;
1593 BT_DBG("hdev %s", hdev->name);
1595 list_for_each_entry_safe(c, n, &h->list, list) {
1596 c->state = BT_CLOSED;
1598 hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1603 /* Check pending connect attempts */
1604 void hci_conn_check_pending(struct hci_dev *hdev)
1606 struct hci_conn *conn;
1608 BT_DBG("hdev %s", hdev->name);
1612 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1614 hci_acl_create_connection(conn);
1616 hci_dev_unlock(hdev);
1619 static u32 get_link_mode(struct hci_conn *conn)
1623 if (conn->role == HCI_ROLE_MASTER)
1624 link_mode |= HCI_LM_MASTER;
1626 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
1627 link_mode |= HCI_LM_ENCRYPT;
1629 if (test_bit(HCI_CONN_AUTH, &conn->flags))
1630 link_mode |= HCI_LM_AUTH;
1632 if (test_bit(HCI_CONN_SECURE, &conn->flags))
1633 link_mode |= HCI_LM_SECURE;
1635 if (test_bit(HCI_CONN_FIPS, &conn->flags))
1636 link_mode |= HCI_LM_FIPS;
1641 int hci_get_conn_list(void __user *arg)
1644 struct hci_conn_list_req req, *cl;
1645 struct hci_conn_info *ci;
1646 struct hci_dev *hdev;
1647 int n = 0, size, err;
1649 if (copy_from_user(&req, arg, sizeof(req)))
1652 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1655 size = sizeof(req) + req.conn_num * sizeof(*ci);
1657 cl = kmalloc(size, GFP_KERNEL);
1661 hdev = hci_dev_get(req.dev_id);
1670 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1671 bacpy(&(ci + n)->bdaddr, &c->dst);
1672 (ci + n)->handle = c->handle;
1673 (ci + n)->type = c->type;
1674 (ci + n)->out = c->out;
1675 (ci + n)->state = c->state;
1676 (ci + n)->link_mode = get_link_mode(c);
1677 if (++n >= req.conn_num)
1680 hci_dev_unlock(hdev);
1682 cl->dev_id = hdev->id;
1684 size = sizeof(req) + n * sizeof(*ci);
1688 err = copy_to_user(arg, cl, size);
1691 return err ? -EFAULT : 0;
1694 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1696 struct hci_conn_info_req req;
1697 struct hci_conn_info ci;
1698 struct hci_conn *conn;
1699 char __user *ptr = arg + sizeof(req);
1701 if (copy_from_user(&req, arg, sizeof(req)))
1705 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1707 bacpy(&ci.bdaddr, &conn->dst);
1708 ci.handle = conn->handle;
1709 ci.type = conn->type;
1711 ci.state = conn->state;
1712 ci.link_mode = get_link_mode(conn);
1714 hci_dev_unlock(hdev);
1719 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1722 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1724 struct hci_auth_info_req req;
1725 struct hci_conn *conn;
1727 if (copy_from_user(&req, arg, sizeof(req)))
1731 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1733 req.type = conn->auth_type;
1734 hci_dev_unlock(hdev);
1739 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1742 struct hci_chan *hci_chan_create(struct hci_conn *conn)
1744 struct hci_dev *hdev = conn->hdev;
1745 struct hci_chan *chan;
1747 BT_DBG("%s hcon %p", hdev->name, conn);
1749 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
1750 BT_DBG("Refusing to create new hci_chan");
1754 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
1758 chan->conn = hci_conn_get(conn);
1759 skb_queue_head_init(&chan->data_q);
1760 chan->state = BT_CONNECTED;
1762 list_add_rcu(&chan->list, &conn->chan_list);
1767 void hci_chan_del(struct hci_chan *chan)
1769 struct hci_conn *conn = chan->conn;
1770 struct hci_dev *hdev = conn->hdev;
1772 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
1774 list_del_rcu(&chan->list);
1778 /* Prevent new hci_chan's to be created for this hci_conn */
1779 set_bit(HCI_CONN_DROP, &conn->flags);
1783 skb_queue_purge(&chan->data_q);
1787 void hci_chan_list_flush(struct hci_conn *conn)
1789 struct hci_chan *chan, *n;
1791 BT_DBG("hcon %p", conn);
1793 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
1797 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1800 struct hci_chan *hchan;
1802 list_for_each_entry(hchan, &hcon->chan_list, list) {
1803 if (hchan->handle == handle)
1810 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1812 struct hci_conn_hash *h = &hdev->conn_hash;
1813 struct hci_conn *hcon;
1814 struct hci_chan *hchan = NULL;
1818 list_for_each_entry_rcu(hcon, &h->list, list) {
1819 hchan = __hci_chan_lookup_handle(hcon, handle);
1829 u32 hci_conn_get_phy(struct hci_conn *conn)
1833 hci_dev_lock(conn->hdev);
1835 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
1836 * Table 6.2: Packets defined for synchronous, asynchronous, and
1837 * CSB logical transport types.
1839 switch (conn->type) {
1841 /* SCO logical transport (1 Mb/s):
1842 * HV1, HV2, HV3 and DV.
1844 phys |= BT_PHY_BR_1M_1SLOT;
1849 /* ACL logical transport (1 Mb/s) ptt=0:
1850 * DH1, DM3, DH3, DM5 and DH5.
1852 phys |= BT_PHY_BR_1M_1SLOT;
1854 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
1855 phys |= BT_PHY_BR_1M_3SLOT;
1857 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
1858 phys |= BT_PHY_BR_1M_5SLOT;
1860 /* ACL logical transport (2 Mb/s) ptt=1:
1861 * 2-DH1, 2-DH3 and 2-DH5.
1863 if (!(conn->pkt_type & HCI_2DH1))
1864 phys |= BT_PHY_EDR_2M_1SLOT;
1866 if (!(conn->pkt_type & HCI_2DH3))
1867 phys |= BT_PHY_EDR_2M_3SLOT;
1869 if (!(conn->pkt_type & HCI_2DH5))
1870 phys |= BT_PHY_EDR_2M_5SLOT;
1872 /* ACL logical transport (3 Mb/s) ptt=1:
1873 * 3-DH1, 3-DH3 and 3-DH5.
1875 if (!(conn->pkt_type & HCI_3DH1))
1876 phys |= BT_PHY_EDR_3M_1SLOT;
1878 if (!(conn->pkt_type & HCI_3DH3))
1879 phys |= BT_PHY_EDR_3M_3SLOT;
1881 if (!(conn->pkt_type & HCI_3DH5))
1882 phys |= BT_PHY_EDR_3M_5SLOT;
1887 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
1888 phys |= BT_PHY_BR_1M_1SLOT;
1890 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
1891 phys |= BT_PHY_BR_1M_3SLOT;
1893 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
1894 if (!(conn->pkt_type & ESCO_2EV3))
1895 phys |= BT_PHY_EDR_2M_1SLOT;
1897 if (!(conn->pkt_type & ESCO_2EV5))
1898 phys |= BT_PHY_EDR_2M_3SLOT;
1900 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
1901 if (!(conn->pkt_type & ESCO_3EV3))
1902 phys |= BT_PHY_EDR_3M_1SLOT;
1904 if (!(conn->pkt_type & ESCO_3EV5))
1905 phys |= BT_PHY_EDR_3M_3SLOT;
1910 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
1911 phys |= BT_PHY_LE_1M_TX;
1913 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
1914 phys |= BT_PHY_LE_1M_RX;
1916 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
1917 phys |= BT_PHY_LE_2M_TX;
1919 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
1920 phys |= BT_PHY_LE_2M_RX;
1922 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
1923 phys |= BT_PHY_LE_CODED_TX;
1925 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
1926 phys |= BT_PHY_LE_CODED_RX;
1931 hci_dev_unlock(conn->hdev);
projects / linux-2.6-microblaze.git / blob