2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
40 static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
48 static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
53 static void hci_le_create_connection_cancel(struct hci_conn *conn)
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
58 static void hci_acl_create_connection(struct hci_conn *conn)
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
64 BT_DBG("hcon %p", conn);
66 conn->state = BT_CONNECT;
69 conn->link_mode = HCI_LM_MASTER;
73 conn->link_policy = hdev->link_policy;
75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
85 __constant_cpu_to_le16(0x8000);
88 memcpy(conn->dev_class, ie->data.dev_class, 3);
89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
95 cp.role_switch = 0x01;
97 cp.role_switch = 0x00;
99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
102 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
104 struct hci_cp_create_conn_cancel cp;
106 BT_DBG("hcon %p", conn);
108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
111 bacpy(&cp.bdaddr, &conn->dst);
112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
115 static void hci_reject_sco(struct hci_conn *conn)
117 struct hci_cp_reject_sync_conn_req cp;
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
125 void hci_disconnect(struct hci_conn *conn, __u8 reason)
127 struct hci_cp_disconnect cp;
129 BT_DBG("hcon %p", conn);
131 conn->state = BT_DISCONN;
133 cp.handle = cpu_to_le16(conn->handle);
135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
138 static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
140 struct hci_cp_disconn_phy_link cp;
142 BT_DBG("hcon %p", conn);
144 conn->state = BT_DISCONN;
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
152 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
157 BT_DBG("hcon %p", conn);
159 conn->state = BT_CONNECT;
164 cp.handle = cpu_to_le16(handle);
165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
170 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
174 const struct sco_param *param;
176 BT_DBG("hcon %p", conn);
178 conn->state = BT_CONNECT;
183 cp.handle = cpu_to_le16(handle);
185 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
187 cp.voice_setting = cpu_to_le16(conn->setting);
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
193 cp.retrans_effort = 0x02;
194 param = &sco_param_wideband[conn->attempt - 1];
196 case SCO_AIRMODE_CVSD:
197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
215 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
216 u16 latency, u16 to_multiplier)
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
221 memset(&cp, 0, sizeof(cp));
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
228 cp.min_ce_len = __constant_cpu_to_le16(0x0001);
229 cp.max_ce_len = __constant_cpu_to_le16(0x0001);
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
234 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
240 BT_DBG("hcon %p", conn);
242 memset(&cp, 0, sizeof(cp));
244 cp.handle = cpu_to_le16(conn->handle);
245 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
247 memcpy(cp.rand, rand, sizeof(cp.rand));
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
252 /* Device _must_ be locked */
253 void hci_sco_setup(struct hci_conn *conn, __u8 status)
255 struct hci_conn *sco = conn->link;
260 BT_DBG("hcon %p", conn);
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
266 hci_add_sco(sco, conn->handle);
268 hci_proto_connect_cfm(sco, status);
273 static void hci_conn_disconnect(struct hci_conn *conn)
275 __u8 reason = hci_proto_disconn_ind(conn);
277 switch (conn->type) {
279 hci_amp_disconn(conn, reason);
282 hci_disconnect(conn, reason);
287 static void hci_conn_timeout(struct work_struct *work)
289 struct hci_conn *conn = container_of(work, struct hci_conn,
292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
294 if (atomic_read(&conn->refcnt))
297 switch (conn->state) {
301 if (conn->type == ACL_LINK)
302 hci_acl_create_connection_cancel(conn);
303 else if (conn->type == LE_LINK)
304 hci_le_create_connection_cancel(conn);
305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
311 hci_conn_disconnect(conn);
314 conn->state = BT_CLOSED;
319 /* Enter sniff mode */
320 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
322 struct hci_dev *hdev = conn->hdev;
324 BT_DBG("hcon %p mode %d", conn, conn->mode);
326 if (test_bit(HCI_RAW, &hdev->flags))
329 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
332 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
335 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
336 struct hci_cp_sniff_subrate cp;
337 cp.handle = cpu_to_le16(conn->handle);
338 cp.max_latency = __constant_cpu_to_le16(0);
339 cp.min_remote_timeout = __constant_cpu_to_le16(0);
340 cp.min_local_timeout = __constant_cpu_to_le16(0);
341 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
344 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
345 struct hci_cp_sniff_mode cp;
346 cp.handle = cpu_to_le16(conn->handle);
347 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
348 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
349 cp.attempt = __constant_cpu_to_le16(4);
350 cp.timeout = __constant_cpu_to_le16(1);
351 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
355 static void hci_conn_idle(unsigned long arg)
357 struct hci_conn *conn = (void *) arg;
359 BT_DBG("hcon %p mode %d", conn, conn->mode);
361 hci_conn_enter_sniff_mode(conn);
364 static void hci_conn_auto_accept(unsigned long arg)
366 struct hci_conn *conn = (void *) arg;
367 struct hci_dev *hdev = conn->hdev;
369 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
373 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
375 struct hci_conn *conn;
377 BT_DBG("%s dst %pMR", hdev->name, dst);
379 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
383 bacpy(&conn->dst, dst);
384 bacpy(&conn->src, &hdev->bdaddr);
387 conn->mode = HCI_CM_ACTIVE;
388 conn->state = BT_OPEN;
389 conn->auth_type = HCI_AT_GENERAL_BONDING;
390 conn->io_capability = hdev->io_capability;
391 conn->remote_auth = 0xff;
392 conn->key_type = 0xff;
394 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
395 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
399 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
402 if (lmp_esco_capable(hdev))
403 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
404 (hdev->esco_type & EDR_ESCO_MASK);
406 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
409 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
413 skb_queue_head_init(&conn->data_q);
415 INIT_LIST_HEAD(&conn->chan_list);
417 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
418 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
419 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
420 (unsigned long) conn);
422 atomic_set(&conn->refcnt, 0);
426 hci_conn_hash_add(hdev, conn);
428 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
430 hci_conn_init_sysfs(conn);
435 int hci_conn_del(struct hci_conn *conn)
437 struct hci_dev *hdev = conn->hdev;
439 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
441 del_timer(&conn->idle_timer);
443 cancel_delayed_work_sync(&conn->disc_work);
445 del_timer(&conn->auto_accept_timer);
447 if (conn->type == ACL_LINK) {
448 struct hci_conn *sco = conn->link;
453 hdev->acl_cnt += conn->sent;
454 } else if (conn->type == LE_LINK) {
456 hdev->le_cnt += conn->sent;
458 hdev->acl_cnt += conn->sent;
460 struct hci_conn *acl = conn->link;
467 hci_chan_list_flush(conn);
470 amp_mgr_put(conn->amp_mgr);
472 hci_conn_hash_del(hdev, conn);
474 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
476 skb_queue_purge(&conn->data_q);
478 hci_conn_del_sysfs(conn);
487 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
489 int use_src = bacmp(src, BDADDR_ANY);
490 struct hci_dev *hdev = NULL, *d;
492 BT_DBG("%pMR -> %pMR", src, dst);
494 read_lock(&hci_dev_list_lock);
496 list_for_each_entry(d, &hci_dev_list, list) {
497 if (!test_bit(HCI_UP, &d->flags) ||
498 test_bit(HCI_RAW, &d->flags) ||
499 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
500 d->dev_type != HCI_BREDR)
504 * No source address - find interface with bdaddr != dst
505 * Source address - find interface with bdaddr == src
509 if (!bacmp(&d->bdaddr, src)) {
513 if (bacmp(&d->bdaddr, dst)) {
520 hdev = hci_dev_hold(hdev);
522 read_unlock(&hci_dev_list_lock);
525 EXPORT_SYMBOL(hci_get_route);
527 static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
529 struct hci_conn *conn;
534 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
539 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
543 conn->state = BT_CLOSED;
545 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
548 hci_proto_connect_cfm(conn, status);
553 hci_dev_unlock(hdev);
556 static int hci_create_le_conn(struct hci_conn *conn)
558 struct hci_dev *hdev = conn->hdev;
559 struct hci_cp_le_create_conn cp;
560 struct hci_request req;
563 hci_req_init(&req, hdev);
565 memset(&cp, 0, sizeof(cp));
566 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
567 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
568 bacpy(&cp.peer_addr, &conn->dst);
569 cp.peer_addr_type = conn->dst_type;
570 cp.own_address_type = conn->src_type;
571 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
572 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
573 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
574 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
575 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
576 hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
578 err = hci_req_run(&req, create_le_conn_complete);
587 static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
588 u8 dst_type, u8 sec_level, u8 auth_type)
590 struct hci_conn *conn;
593 if (test_bit(HCI_ADVERTISING, &hdev->flags))
594 return ERR_PTR(-ENOTSUPP);
596 /* Some devices send ATT messages as soon as the physical link is
597 * established. To be able to handle these ATT messages, the user-
598 * space first establishes the connection and then starts the pairing
601 * So if a hci_conn object already exists for the following connection
602 * attempt, we simply update pending_sec_level and auth_type fields
603 * and return the object found.
605 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
607 conn->pending_sec_level = sec_level;
608 conn->auth_type = auth_type;
612 /* Since the controller supports only one LE connection attempt at a
613 * time, we return -EBUSY if there is any connection attempt running.
615 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
617 return ERR_PTR(-EBUSY);
619 conn = hci_conn_add(hdev, LE_LINK, dst);
621 return ERR_PTR(-ENOMEM);
623 if (dst_type == BDADDR_LE_PUBLIC)
624 conn->dst_type = ADDR_LE_DEV_PUBLIC;
626 conn->dst_type = ADDR_LE_DEV_RANDOM;
628 if (bacmp(&conn->src, BDADDR_ANY)) {
629 conn->src_type = ADDR_LE_DEV_PUBLIC;
631 bacpy(&conn->src, &hdev->static_addr);
632 conn->src_type = ADDR_LE_DEV_RANDOM;
635 conn->state = BT_CONNECT;
637 conn->link_mode |= HCI_LM_MASTER;
638 conn->sec_level = BT_SECURITY_LOW;
639 conn->pending_sec_level = sec_level;
640 conn->auth_type = auth_type;
642 err = hci_create_le_conn(conn);
651 static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
652 u8 sec_level, u8 auth_type)
654 struct hci_conn *acl;
656 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
657 return ERR_PTR(-ENOTSUPP);
659 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
661 acl = hci_conn_add(hdev, ACL_LINK, dst);
663 return ERR_PTR(-ENOMEM);
668 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
669 acl->sec_level = BT_SECURITY_LOW;
670 acl->pending_sec_level = sec_level;
671 acl->auth_type = auth_type;
672 hci_acl_create_connection(acl);
678 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
681 struct hci_conn *acl;
682 struct hci_conn *sco;
684 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
688 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
690 sco = hci_conn_add(hdev, type, dst);
693 return ERR_PTR(-ENOMEM);
702 sco->setting = setting;
704 if (acl->state == BT_CONNECTED &&
705 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
706 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
707 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
709 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
710 /* defer SCO setup until mode change completed */
711 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
715 hci_sco_setup(acl, 0x00);
721 /* Create SCO, ACL or LE connection. */
722 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
723 __u8 dst_type, __u8 sec_level, __u8 auth_type)
725 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
729 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
731 return hci_connect_acl(hdev, dst, sec_level, auth_type);
734 return ERR_PTR(-EINVAL);
737 /* Check link security requirement */
738 int hci_conn_check_link_mode(struct hci_conn *conn)
740 BT_DBG("hcon %p", conn);
742 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
748 /* Authenticate remote device */
749 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
751 BT_DBG("hcon %p", conn);
753 if (conn->pending_sec_level > sec_level)
754 sec_level = conn->pending_sec_level;
756 if (sec_level > conn->sec_level)
757 conn->pending_sec_level = sec_level;
758 else if (conn->link_mode & HCI_LM_AUTH)
761 /* Make sure we preserve an existing MITM requirement*/
762 auth_type |= (conn->auth_type & 0x01);
764 conn->auth_type = auth_type;
766 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
767 struct hci_cp_auth_requested cp;
769 /* encrypt must be pending if auth is also pending */
770 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
772 cp.handle = cpu_to_le16(conn->handle);
773 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
775 if (conn->key_type != 0xff)
776 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
782 /* Encrypt the the link */
783 static void hci_conn_encrypt(struct hci_conn *conn)
785 BT_DBG("hcon %p", conn);
787 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
788 struct hci_cp_set_conn_encrypt cp;
789 cp.handle = cpu_to_le16(conn->handle);
791 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
796 /* Enable security */
797 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
799 BT_DBG("hcon %p", conn);
801 if (conn->type == LE_LINK)
802 return smp_conn_security(conn, sec_level);
804 /* For sdp we don't need the link key. */
805 if (sec_level == BT_SECURITY_SDP)
808 /* For non 2.1 devices and low security level we don't need the link
810 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
813 /* For other security levels we need the link key. */
814 if (!(conn->link_mode & HCI_LM_AUTH))
817 /* An authenticated combination key has sufficient security for any
819 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
822 /* An unauthenticated combination key has sufficient security for
823 security level 1 and 2. */
824 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
825 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
828 /* A combination key has always sufficient security for the security
829 levels 1 or 2. High security level requires the combination key
830 is generated using maximum PIN code length (16).
831 For pre 2.1 units. */
832 if (conn->key_type == HCI_LK_COMBINATION &&
833 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
837 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
840 if (!hci_conn_auth(conn, sec_level, auth_type))
844 if (conn->link_mode & HCI_LM_ENCRYPT)
847 hci_conn_encrypt(conn);
850 EXPORT_SYMBOL(hci_conn_security);
852 /* Check secure link requirement */
853 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
855 BT_DBG("hcon %p", conn);
857 if (sec_level != BT_SECURITY_HIGH)
858 return 1; /* Accept if non-secure is required */
860 if (conn->sec_level == BT_SECURITY_HIGH)
863 return 0; /* Reject not secure link */
865 EXPORT_SYMBOL(hci_conn_check_secure);
867 /* Change link key */
868 int hci_conn_change_link_key(struct hci_conn *conn)
870 BT_DBG("hcon %p", conn);
872 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
873 struct hci_cp_change_conn_link_key cp;
874 cp.handle = cpu_to_le16(conn->handle);
875 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
883 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
885 BT_DBG("hcon %p", conn);
887 if (!role && conn->link_mode & HCI_LM_MASTER)
890 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
891 struct hci_cp_switch_role cp;
892 bacpy(&cp.bdaddr, &conn->dst);
894 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
899 EXPORT_SYMBOL(hci_conn_switch_role);
901 /* Enter active mode */
902 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
904 struct hci_dev *hdev = conn->hdev;
906 BT_DBG("hcon %p mode %d", conn, conn->mode);
908 if (test_bit(HCI_RAW, &hdev->flags))
911 if (conn->mode != HCI_CM_SNIFF)
914 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
917 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
918 struct hci_cp_exit_sniff_mode cp;
919 cp.handle = cpu_to_le16(conn->handle);
920 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
924 if (hdev->idle_timeout > 0)
925 mod_timer(&conn->idle_timer,
926 jiffies + msecs_to_jiffies(hdev->idle_timeout));
929 /* Drop all connection on the device */
930 void hci_conn_hash_flush(struct hci_dev *hdev)
932 struct hci_conn_hash *h = &hdev->conn_hash;
933 struct hci_conn *c, *n;
935 BT_DBG("hdev %s", hdev->name);
937 list_for_each_entry_safe(c, n, &h->list, list) {
938 c->state = BT_CLOSED;
940 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
945 /* Check pending connect attempts */
946 void hci_conn_check_pending(struct hci_dev *hdev)
948 struct hci_conn *conn;
950 BT_DBG("hdev %s", hdev->name);
954 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
956 hci_acl_create_connection(conn);
958 hci_dev_unlock(hdev);
961 int hci_get_conn_list(void __user *arg)
964 struct hci_conn_list_req req, *cl;
965 struct hci_conn_info *ci;
966 struct hci_dev *hdev;
967 int n = 0, size, err;
969 if (copy_from_user(&req, arg, sizeof(req)))
972 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
975 size = sizeof(req) + req.conn_num * sizeof(*ci);
977 cl = kmalloc(size, GFP_KERNEL);
981 hdev = hci_dev_get(req.dev_id);
990 list_for_each_entry(c, &hdev->conn_hash.list, list) {
991 bacpy(&(ci + n)->bdaddr, &c->dst);
992 (ci + n)->handle = c->handle;
993 (ci + n)->type = c->type;
994 (ci + n)->out = c->out;
995 (ci + n)->state = c->state;
996 (ci + n)->link_mode = c->link_mode;
997 if (++n >= req.conn_num)
1000 hci_dev_unlock(hdev);
1002 cl->dev_id = hdev->id;
1004 size = sizeof(req) + n * sizeof(*ci);
1008 err = copy_to_user(arg, cl, size);
1011 return err ? -EFAULT : 0;
1014 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1016 struct hci_conn_info_req req;
1017 struct hci_conn_info ci;
1018 struct hci_conn *conn;
1019 char __user *ptr = arg + sizeof(req);
1021 if (copy_from_user(&req, arg, sizeof(req)))
1025 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1027 bacpy(&ci.bdaddr, &conn->dst);
1028 ci.handle = conn->handle;
1029 ci.type = conn->type;
1031 ci.state = conn->state;
1032 ci.link_mode = conn->link_mode;
1034 hci_dev_unlock(hdev);
1039 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1042 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1044 struct hci_auth_info_req req;
1045 struct hci_conn *conn;
1047 if (copy_from_user(&req, arg, sizeof(req)))
1051 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1053 req.type = conn->auth_type;
1054 hci_dev_unlock(hdev);
1059 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1062 struct hci_chan *hci_chan_create(struct hci_conn *conn)
1064 struct hci_dev *hdev = conn->hdev;
1065 struct hci_chan *chan;
1067 BT_DBG("%s hcon %p", hdev->name, conn);
1069 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
1074 skb_queue_head_init(&chan->data_q);
1075 chan->state = BT_CONNECTED;
1077 list_add_rcu(&chan->list, &conn->chan_list);
1082 void hci_chan_del(struct hci_chan *chan)
1084 struct hci_conn *conn = chan->conn;
1085 struct hci_dev *hdev = conn->hdev;
1087 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
1089 list_del_rcu(&chan->list);
1093 hci_conn_drop(conn);
1095 skb_queue_purge(&chan->data_q);
1099 void hci_chan_list_flush(struct hci_conn *conn)
1101 struct hci_chan *chan, *n;
1103 BT_DBG("hcon %p", conn);
1105 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
1109 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1112 struct hci_chan *hchan;
1114 list_for_each_entry(hchan, &hcon->chan_list, list) {
1115 if (hchan->handle == handle)
1122 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1124 struct hci_conn_hash *h = &hdev->conn_hash;
1125 struct hci_conn *hcon;
1126 struct hci_chan *hchan = NULL;
1130 list_for_each_entry_rcu(hcon, &h->list, list) {
1131 hchan = __hci_chan_lookup_handle(hcon, handle);