2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
40 static const struct sco_param sco_param_cvsd[] = {
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
42 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
43 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
44 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
45 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
48 static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
53 static void hci_le_create_connection_cancel(struct hci_conn *conn)
55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
58 static void hci_acl_create_connection(struct hci_conn *conn)
60 struct hci_dev *hdev = conn->hdev;
61 struct inquiry_entry *ie;
62 struct hci_cp_create_conn cp;
64 BT_DBG("hcon %p", conn);
66 conn->state = BT_CONNECT;
69 conn->link_mode = HCI_LM_MASTER;
73 conn->link_policy = hdev->link_policy;
75 memset(&cp, 0, sizeof(cp));
76 bacpy(&cp.bdaddr, &conn->dst);
77 cp.pscan_rep_mode = 0x02;
79 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
81 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
82 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
83 cp.pscan_mode = ie->data.pscan_mode;
84 cp.clock_offset = ie->data.clock_offset |
88 memcpy(conn->dev_class, ie->data.dev_class, 3);
89 if (ie->data.ssp_mode > 0)
90 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
93 cp.pkt_type = cpu_to_le16(conn->pkt_type);
94 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
95 cp.role_switch = 0x01;
97 cp.role_switch = 0x00;
99 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
102 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
104 struct hci_cp_create_conn_cancel cp;
106 BT_DBG("hcon %p", conn);
108 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
111 bacpy(&cp.bdaddr, &conn->dst);
112 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
115 static void hci_reject_sco(struct hci_conn *conn)
117 struct hci_cp_reject_sync_conn_req cp;
119 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
120 bacpy(&cp.bdaddr, &conn->dst);
122 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
125 void hci_disconnect(struct hci_conn *conn, __u8 reason)
127 struct hci_cp_disconnect cp;
129 BT_DBG("hcon %p", conn);
131 conn->state = BT_DISCONN;
133 cp.handle = cpu_to_le16(conn->handle);
135 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
138 static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
140 struct hci_cp_disconn_phy_link cp;
142 BT_DBG("hcon %p", conn);
144 conn->state = BT_DISCONN;
146 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
148 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
152 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
154 struct hci_dev *hdev = conn->hdev;
155 struct hci_cp_add_sco cp;
157 BT_DBG("hcon %p", conn);
159 conn->state = BT_CONNECT;
164 cp.handle = cpu_to_le16(handle);
165 cp.pkt_type = cpu_to_le16(conn->pkt_type);
167 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
170 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
172 struct hci_dev *hdev = conn->hdev;
173 struct hci_cp_setup_sync_conn cp;
174 const struct sco_param *param;
176 BT_DBG("hcon %p", conn);
178 conn->state = BT_CONNECT;
183 cp.handle = cpu_to_le16(handle);
185 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
186 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
187 cp.voice_setting = cpu_to_le16(conn->setting);
189 switch (conn->setting & SCO_AIRMODE_MASK) {
190 case SCO_AIRMODE_TRANSP:
191 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
193 cp.retrans_effort = 0x02;
194 param = &sco_param_wideband[conn->attempt - 1];
196 case SCO_AIRMODE_CVSD:
197 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
199 cp.retrans_effort = 0x01;
200 param = &sco_param_cvsd[conn->attempt - 1];
206 cp.pkt_type = __cpu_to_le16(param->pkt_type);
207 cp.max_latency = __cpu_to_le16(param->max_latency);
209 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
215 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
216 u16 latency, u16 to_multiplier)
218 struct hci_cp_le_conn_update cp;
219 struct hci_dev *hdev = conn->hdev;
221 memset(&cp, 0, sizeof(cp));
223 cp.handle = cpu_to_le16(conn->handle);
224 cp.conn_interval_min = cpu_to_le16(min);
225 cp.conn_interval_max = cpu_to_le16(max);
226 cp.conn_latency = cpu_to_le16(latency);
227 cp.supervision_timeout = cpu_to_le16(to_multiplier);
228 cp.min_ce_len = cpu_to_le16(0x0000);
229 cp.max_ce_len = cpu_to_le16(0x0000);
231 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
234 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
237 struct hci_dev *hdev = conn->hdev;
238 struct hci_cp_le_start_enc cp;
240 BT_DBG("hcon %p", conn);
242 memset(&cp, 0, sizeof(cp));
244 cp.handle = cpu_to_le16(conn->handle);
247 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
249 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
252 /* Device _must_ be locked */
253 void hci_sco_setup(struct hci_conn *conn, __u8 status)
255 struct hci_conn *sco = conn->link;
260 BT_DBG("hcon %p", conn);
263 if (lmp_esco_capable(conn->hdev))
264 hci_setup_sync(sco, conn->handle);
266 hci_add_sco(sco, conn->handle);
268 hci_proto_connect_cfm(sco, status);
273 static void hci_conn_disconnect(struct hci_conn *conn)
275 __u8 reason = hci_proto_disconn_ind(conn);
277 switch (conn->type) {
279 hci_amp_disconn(conn, reason);
282 hci_disconnect(conn, reason);
287 static void hci_conn_timeout(struct work_struct *work)
289 struct hci_conn *conn = container_of(work, struct hci_conn,
292 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
294 if (atomic_read(&conn->refcnt))
297 switch (conn->state) {
301 if (conn->type == ACL_LINK)
302 hci_acl_create_connection_cancel(conn);
303 else if (conn->type == LE_LINK)
304 hci_le_create_connection_cancel(conn);
305 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
306 hci_reject_sco(conn);
311 hci_conn_disconnect(conn);
314 conn->state = BT_CLOSED;
319 /* Enter sniff mode */
320 static void hci_conn_idle(struct work_struct *work)
322 struct hci_conn *conn = container_of(work, struct hci_conn,
324 struct hci_dev *hdev = conn->hdev;
326 BT_DBG("hcon %p mode %d", conn, conn->mode);
328 if (test_bit(HCI_RAW, &hdev->flags))
331 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
334 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
337 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
338 struct hci_cp_sniff_subrate cp;
339 cp.handle = cpu_to_le16(conn->handle);
340 cp.max_latency = cpu_to_le16(0);
341 cp.min_remote_timeout = cpu_to_le16(0);
342 cp.min_local_timeout = cpu_to_le16(0);
343 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
346 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
347 struct hci_cp_sniff_mode cp;
348 cp.handle = cpu_to_le16(conn->handle);
349 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
350 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
351 cp.attempt = cpu_to_le16(4);
352 cp.timeout = cpu_to_le16(1);
353 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
357 static void hci_conn_auto_accept(struct work_struct *work)
359 struct hci_conn *conn = container_of(work, struct hci_conn,
360 auto_accept_work.work);
362 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
366 static void le_conn_timeout(struct work_struct *work)
368 struct hci_conn *conn = container_of(work, struct hci_conn,
369 le_conn_timeout.work);
373 hci_le_create_connection_cancel(conn);
376 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
378 struct hci_conn *conn;
380 BT_DBG("%s dst %pMR", hdev->name, dst);
382 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
386 bacpy(&conn->dst, dst);
387 bacpy(&conn->src, &hdev->bdaddr);
390 conn->mode = HCI_CM_ACTIVE;
391 conn->state = BT_OPEN;
392 conn->auth_type = HCI_AT_GENERAL_BONDING;
393 conn->io_capability = hdev->io_capability;
394 conn->remote_auth = 0xff;
395 conn->key_type = 0xff;
397 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
398 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
402 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
405 /* conn->src should reflect the local identity address */
406 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
409 if (lmp_esco_capable(hdev))
410 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
411 (hdev->esco_type & EDR_ESCO_MASK);
413 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
416 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
420 skb_queue_head_init(&conn->data_q);
422 INIT_LIST_HEAD(&conn->chan_list);
424 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
425 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
426 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
427 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
429 atomic_set(&conn->refcnt, 0);
433 hci_conn_hash_add(hdev, conn);
435 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
437 hci_conn_init_sysfs(conn);
442 int hci_conn_del(struct hci_conn *conn)
444 struct hci_dev *hdev = conn->hdev;
446 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
448 cancel_delayed_work_sync(&conn->disc_work);
449 cancel_delayed_work_sync(&conn->auto_accept_work);
450 cancel_delayed_work_sync(&conn->idle_work);
452 if (conn->type == ACL_LINK) {
453 struct hci_conn *sco = conn->link;
458 hdev->acl_cnt += conn->sent;
459 } else if (conn->type == LE_LINK) {
460 cancel_delayed_work_sync(&conn->le_conn_timeout);
463 hdev->le_cnt += conn->sent;
465 hdev->acl_cnt += conn->sent;
467 struct hci_conn *acl = conn->link;
474 hci_chan_list_flush(conn);
477 amp_mgr_put(conn->amp_mgr);
479 hci_conn_hash_del(hdev, conn);
481 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
483 skb_queue_purge(&conn->data_q);
485 hci_conn_del_sysfs(conn);
494 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
496 int use_src = bacmp(src, BDADDR_ANY);
497 struct hci_dev *hdev = NULL, *d;
499 BT_DBG("%pMR -> %pMR", src, dst);
501 read_lock(&hci_dev_list_lock);
503 list_for_each_entry(d, &hci_dev_list, list) {
504 if (!test_bit(HCI_UP, &d->flags) ||
505 test_bit(HCI_RAW, &d->flags) ||
506 test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
507 d->dev_type != HCI_BREDR)
511 * No source address - find interface with bdaddr != dst
512 * Source address - find interface with bdaddr == src
516 if (!bacmp(&d->bdaddr, src)) {
520 if (bacmp(&d->bdaddr, dst)) {
527 hdev = hci_dev_hold(hdev);
529 read_unlock(&hci_dev_list_lock);
532 EXPORT_SYMBOL(hci_get_route);
534 /* This function requires the caller holds hdev->lock */
535 void hci_le_conn_failed(struct hci_conn *conn, u8 status)
537 struct hci_dev *hdev = conn->hdev;
539 conn->state = BT_CLOSED;
541 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
544 hci_proto_connect_cfm(conn, status);
548 /* Since we may have temporarily stopped the background scanning in
549 * favor of connection establishment, we should restart it.
551 hci_update_background_scan(hdev);
554 static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
556 struct hci_conn *conn;
561 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
566 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
570 hci_le_conn_failed(conn, status);
573 hci_dev_unlock(hdev);
576 static void hci_req_add_le_create_conn(struct hci_request *req,
577 struct hci_conn *conn)
579 struct hci_cp_le_create_conn cp;
580 struct hci_dev *hdev = conn->hdev;
583 memset(&cp, 0, sizeof(cp));
585 /* Update random address, but set require_privacy to false so
586 * that we never connect with an unresolvable address.
588 if (hci_update_random_address(req, false, &own_addr_type))
591 /* Save the address type used for this connnection attempt so we able
592 * to retrieve this information if we need it.
594 conn->src_type = own_addr_type;
596 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
597 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
598 bacpy(&cp.peer_addr, &conn->dst);
599 cp.peer_addr_type = conn->dst_type;
600 cp.own_address_type = own_addr_type;
601 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
602 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
603 cp.supervision_timeout = cpu_to_le16(0x002a);
604 cp.min_ce_len = cpu_to_le16(0x0000);
605 cp.max_ce_len = cpu_to_le16(0x0000);
607 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
609 conn->state = BT_CONNECT;
612 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
613 u8 dst_type, u8 sec_level, u8 auth_type)
615 struct hci_conn_params *params;
616 struct hci_conn *conn;
618 struct hci_request req;
621 if (test_bit(HCI_ADVERTISING, &hdev->flags))
622 return ERR_PTR(-ENOTSUPP);
624 /* Some devices send ATT messages as soon as the physical link is
625 * established. To be able to handle these ATT messages, the user-
626 * space first establishes the connection and then starts the pairing
629 * So if a hci_conn object already exists for the following connection
630 * attempt, we simply update pending_sec_level and auth_type fields
631 * and return the object found.
633 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
635 conn->pending_sec_level = sec_level;
636 conn->auth_type = auth_type;
640 /* Since the controller supports only one LE connection attempt at a
641 * time, we return -EBUSY if there is any connection attempt running.
643 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
645 return ERR_PTR(-EBUSY);
647 /* When given an identity address with existing identity
648 * resolving key, the connection needs to be established
649 * to a resolvable random address.
651 * This uses the cached random resolvable address from
652 * a previous scan. When no cached address is available,
653 * try connecting to the identity address instead.
655 * Storing the resolvable random address is required here
656 * to handle connection failures. The address will later
657 * be resolved back into the original identity address
658 * from the connect request.
660 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
661 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
663 dst_type = ADDR_LE_DEV_RANDOM;
666 conn = hci_conn_add(hdev, LE_LINK, dst);
668 return ERR_PTR(-ENOMEM);
670 conn->dst_type = dst_type;
673 conn->link_mode |= HCI_LM_MASTER;
674 conn->sec_level = BT_SECURITY_LOW;
675 conn->pending_sec_level = sec_level;
676 conn->auth_type = auth_type;
678 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
680 conn->le_conn_min_interval = params->conn_min_interval;
681 conn->le_conn_max_interval = params->conn_max_interval;
683 conn->le_conn_min_interval = hdev->le_conn_min_interval;
684 conn->le_conn_max_interval = hdev->le_conn_max_interval;
687 hci_req_init(&req, hdev);
689 /* If controller is scanning, we stop it since some controllers are
690 * not able to scan and connect at the same time. Also set the
691 * HCI_LE_SCAN_INTERRUPTED flag so that the command complete
692 * handler for scan disabling knows to set the correct discovery
695 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
696 hci_req_add_le_scan_disable(&req);
697 set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
700 hci_req_add_le_create_conn(&req, conn);
702 err = hci_req_run(&req, create_le_conn_complete);
713 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
714 u8 sec_level, u8 auth_type)
716 struct hci_conn *acl;
718 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
719 return ERR_PTR(-ENOTSUPP);
721 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
723 acl = hci_conn_add(hdev, ACL_LINK, dst);
725 return ERR_PTR(-ENOMEM);
730 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
731 acl->sec_level = BT_SECURITY_LOW;
732 acl->pending_sec_level = sec_level;
733 acl->auth_type = auth_type;
734 hci_acl_create_connection(acl);
740 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
743 struct hci_conn *acl;
744 struct hci_conn *sco;
746 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
750 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
752 sco = hci_conn_add(hdev, type, dst);
755 return ERR_PTR(-ENOMEM);
764 sco->setting = setting;
766 if (acl->state == BT_CONNECTED &&
767 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
768 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
769 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
771 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
772 /* defer SCO setup until mode change completed */
773 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
777 hci_sco_setup(acl, 0x00);
783 /* Check link security requirement */
784 int hci_conn_check_link_mode(struct hci_conn *conn)
786 BT_DBG("hcon %p", conn);
788 /* In Secure Connections Only mode, it is required that Secure
789 * Connections is used and the link is encrypted with AES-CCM
790 * using a P-256 authenticated combination key.
792 if (test_bit(HCI_SC_ONLY, &conn->hdev->flags)) {
793 if (!hci_conn_sc_enabled(conn) ||
794 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
795 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
799 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
805 /* Authenticate remote device */
806 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
808 BT_DBG("hcon %p", conn);
810 if (conn->pending_sec_level > sec_level)
811 sec_level = conn->pending_sec_level;
813 if (sec_level > conn->sec_level)
814 conn->pending_sec_level = sec_level;
815 else if (conn->link_mode & HCI_LM_AUTH)
818 /* Make sure we preserve an existing MITM requirement*/
819 auth_type |= (conn->auth_type & 0x01);
821 conn->auth_type = auth_type;
823 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
824 struct hci_cp_auth_requested cp;
826 /* encrypt must be pending if auth is also pending */
827 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
829 cp.handle = cpu_to_le16(conn->handle);
830 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
832 if (conn->key_type != 0xff)
833 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
839 /* Encrypt the the link */
840 static void hci_conn_encrypt(struct hci_conn *conn)
842 BT_DBG("hcon %p", conn);
844 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
845 struct hci_cp_set_conn_encrypt cp;
846 cp.handle = cpu_to_le16(conn->handle);
848 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
853 /* Enable security */
854 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
856 BT_DBG("hcon %p", conn);
858 if (conn->type == LE_LINK)
859 return smp_conn_security(conn, sec_level);
861 /* For sdp we don't need the link key. */
862 if (sec_level == BT_SECURITY_SDP)
865 /* For non 2.1 devices and low security level we don't need the link
867 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
870 /* For other security levels we need the link key. */
871 if (!(conn->link_mode & HCI_LM_AUTH))
874 /* An authenticated FIPS approved combination key has sufficient
875 * security for security level 4. */
876 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
877 sec_level == BT_SECURITY_FIPS)
880 /* An authenticated combination key has sufficient security for
882 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
883 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
884 sec_level == BT_SECURITY_HIGH)
887 /* An unauthenticated combination key has sufficient security for
888 security level 1 and 2. */
889 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
890 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
891 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
894 /* A combination key has always sufficient security for the security
895 levels 1 or 2. High security level requires the combination key
896 is generated using maximum PIN code length (16).
897 For pre 2.1 units. */
898 if (conn->key_type == HCI_LK_COMBINATION &&
899 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
900 conn->pin_length == 16))
904 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
907 if (!hci_conn_auth(conn, sec_level, auth_type))
911 if (conn->link_mode & HCI_LM_ENCRYPT)
914 hci_conn_encrypt(conn);
917 EXPORT_SYMBOL(hci_conn_security);
919 /* Check secure link requirement */
920 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
922 BT_DBG("hcon %p", conn);
924 /* Accept if non-secure or higher security level is required */
925 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
928 /* Accept if secure or higher security level is already present */
929 if (conn->sec_level == BT_SECURITY_HIGH ||
930 conn->sec_level == BT_SECURITY_FIPS)
933 /* Reject not secure link */
936 EXPORT_SYMBOL(hci_conn_check_secure);
938 /* Change link key */
939 int hci_conn_change_link_key(struct hci_conn *conn)
941 BT_DBG("hcon %p", conn);
943 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
944 struct hci_cp_change_conn_link_key cp;
945 cp.handle = cpu_to_le16(conn->handle);
946 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
954 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
956 BT_DBG("hcon %p", conn);
958 if (!role && conn->link_mode & HCI_LM_MASTER)
961 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
962 struct hci_cp_switch_role cp;
963 bacpy(&cp.bdaddr, &conn->dst);
965 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
970 EXPORT_SYMBOL(hci_conn_switch_role);
972 /* Enter active mode */
973 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
975 struct hci_dev *hdev = conn->hdev;
977 BT_DBG("hcon %p mode %d", conn, conn->mode);
979 if (test_bit(HCI_RAW, &hdev->flags))
982 if (conn->mode != HCI_CM_SNIFF)
985 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
988 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
989 struct hci_cp_exit_sniff_mode cp;
990 cp.handle = cpu_to_le16(conn->handle);
991 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
995 if (hdev->idle_timeout > 0)
996 queue_delayed_work(hdev->workqueue, &conn->idle_work,
997 msecs_to_jiffies(hdev->idle_timeout));
1000 /* Drop all connection on the device */
1001 void hci_conn_hash_flush(struct hci_dev *hdev)
1003 struct hci_conn_hash *h = &hdev->conn_hash;
1004 struct hci_conn *c, *n;
1006 BT_DBG("hdev %s", hdev->name);
1008 list_for_each_entry_safe(c, n, &h->list, list) {
1009 c->state = BT_CLOSED;
1011 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
1016 /* Check pending connect attempts */
1017 void hci_conn_check_pending(struct hci_dev *hdev)
1019 struct hci_conn *conn;
1021 BT_DBG("hdev %s", hdev->name);
1025 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
1027 hci_acl_create_connection(conn);
1029 hci_dev_unlock(hdev);
1032 int hci_get_conn_list(void __user *arg)
1035 struct hci_conn_list_req req, *cl;
1036 struct hci_conn_info *ci;
1037 struct hci_dev *hdev;
1038 int n = 0, size, err;
1040 if (copy_from_user(&req, arg, sizeof(req)))
1043 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
1046 size = sizeof(req) + req.conn_num * sizeof(*ci);
1048 cl = kmalloc(size, GFP_KERNEL);
1052 hdev = hci_dev_get(req.dev_id);
1061 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1062 bacpy(&(ci + n)->bdaddr, &c->dst);
1063 (ci + n)->handle = c->handle;
1064 (ci + n)->type = c->type;
1065 (ci + n)->out = c->out;
1066 (ci + n)->state = c->state;
1067 (ci + n)->link_mode = c->link_mode;
1068 if (++n >= req.conn_num)
1071 hci_dev_unlock(hdev);
1073 cl->dev_id = hdev->id;
1075 size = sizeof(req) + n * sizeof(*ci);
1079 err = copy_to_user(arg, cl, size);
1082 return err ? -EFAULT : 0;
1085 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
1087 struct hci_conn_info_req req;
1088 struct hci_conn_info ci;
1089 struct hci_conn *conn;
1090 char __user *ptr = arg + sizeof(req);
1092 if (copy_from_user(&req, arg, sizeof(req)))
1096 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
1098 bacpy(&ci.bdaddr, &conn->dst);
1099 ci.handle = conn->handle;
1100 ci.type = conn->type;
1102 ci.state = conn->state;
1103 ci.link_mode = conn->link_mode;
1105 hci_dev_unlock(hdev);
1110 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
1113 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
1115 struct hci_auth_info_req req;
1116 struct hci_conn *conn;
1118 if (copy_from_user(&req, arg, sizeof(req)))
1122 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
1124 req.type = conn->auth_type;
1125 hci_dev_unlock(hdev);
1130 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
1133 struct hci_chan *hci_chan_create(struct hci_conn *conn)
1135 struct hci_dev *hdev = conn->hdev;
1136 struct hci_chan *chan;
1138 BT_DBG("%s hcon %p", hdev->name, conn);
1140 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
1145 skb_queue_head_init(&chan->data_q);
1146 chan->state = BT_CONNECTED;
1148 list_add_rcu(&chan->list, &conn->chan_list);
1153 void hci_chan_del(struct hci_chan *chan)
1155 struct hci_conn *conn = chan->conn;
1156 struct hci_dev *hdev = conn->hdev;
1158 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
1160 list_del_rcu(&chan->list);
1164 hci_conn_drop(conn);
1166 skb_queue_purge(&chan->data_q);
1170 void hci_chan_list_flush(struct hci_conn *conn)
1172 struct hci_chan *chan, *n;
1174 BT_DBG("hcon %p", conn);
1176 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
1180 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1183 struct hci_chan *hchan;
1185 list_for_each_entry(hchan, &hcon->chan_list, list) {
1186 if (hchan->handle == handle)
1193 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1195 struct hci_conn_hash *h = &hdev->conn_hash;
1196 struct hci_conn *hcon;
1197 struct hci_chan *hchan = NULL;
1201 list_for_each_entry_rcu(hcon, &h->list, list) {
1202 hchan = __hci_chan_lookup_handle(hcon, handle);