1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
48void hci_acl_connect(struct hci_conn *conn)
49{
50 struct hci_dev *hdev = conn->hdev;
51 struct inquiry_entry *ie;
52 struct hci_cp_create_conn cp;
53
54 BT_DBG("%p", conn);
55
56 conn->state = BT_CONNECT;
57 conn->out = 1;
58
59 conn->link_mode = HCI_LM_MASTER;
60
61 conn->attempt++;
62
63 conn->link_policy = hdev->link_policy;
64
65 memset(&cp, 0, sizeof(cp));
66 bacpy(&cp.bdaddr, &conn->dst);
67 cp.pscan_rep_mode = 0x02;
68
69 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
70 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
71 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
72 cp.pscan_mode = ie->data.pscan_mode;
73 cp.clock_offset = ie->data.clock_offset |
74 cpu_to_le16(0x8000);
75 }
76
77 memcpy(conn->dev_class, ie->data.dev_class, 3);
78 conn->ssp_mode = ie->data.ssp_mode;
79 }
80
81 cp.pkt_type = cpu_to_le16(conn->pkt_type);
82 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
83 cp.role_switch = 0x01;
84 else
85 cp.role_switch = 0x00;
86
87 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
88}
89
90static void hci_acl_connect_cancel(struct hci_conn *conn)
91{
92 struct hci_cp_create_conn_cancel cp;
93
94 BT_DBG("%p", conn);
95
96 if (conn->hdev->hci_ver < 2)
97 return;
98
99 bacpy(&cp.bdaddr, &conn->dst);
100 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
101}
102
103void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
104{
105 struct hci_cp_disconnect cp;
106
107 BT_DBG("%p", conn);
108
109 conn->state = BT_DISCONN;
110
111 cp.handle = cpu_to_le16(conn->handle);
112 cp.reason = reason;
113 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
114}
115
116void hci_add_sco(struct hci_conn *conn, __u16 handle)
117{
118 struct hci_dev *hdev = conn->hdev;
119 struct hci_cp_add_sco cp;
120
121 BT_DBG("%p", conn);
122
123 conn->state = BT_CONNECT;
124 conn->out = 1;
125
126 conn->attempt++;
127
128 cp.handle = cpu_to_le16(handle);
129 cp.pkt_type = cpu_to_le16(conn->pkt_type);
130
131 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
132}
133
134void hci_setup_sync(struct hci_conn *conn, __u16 handle)
135{
136 struct hci_dev *hdev = conn->hdev;
137 struct hci_cp_setup_sync_conn cp;
138
139 BT_DBG("%p", conn);
140
141 conn->state = BT_CONNECT;
142 conn->out = 1;
143
144 conn->attempt++;
145
146 cp.handle = cpu_to_le16(handle);
147 cp.pkt_type = cpu_to_le16(conn->pkt_type);
148
149 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
150 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
151 cp.max_latency = cpu_to_le16(0xffff);
152 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
153 cp.retrans_effort = 0xff;
154
155 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
156}
157
158static void hci_conn_timeout(unsigned long arg)
159{
160 struct hci_conn *conn = (void *) arg;
161 struct hci_dev *hdev = conn->hdev;
162 __u8 reason;
163
164 BT_DBG("conn %p state %d", conn, conn->state);
165
166 if (atomic_read(&conn->refcnt))
167 return;
168
169 hci_dev_lock(hdev);
170
171 switch (conn->state) {
172 case BT_CONNECT:
173 case BT_CONNECT2:
174 if (conn->type == ACL_LINK && conn->out)
175 hci_acl_connect_cancel(conn);
176 break;
177 case BT_CONFIG:
178 case BT_CONNECTED:
179 reason = hci_proto_disconn_ind(conn);
180 hci_acl_disconn(conn, reason);
181 break;
182 default:
183 conn->state = BT_CLOSED;
184 break;
185 }
186
187 hci_dev_unlock(hdev);
188}
189
190static void hci_conn_idle(unsigned long arg)
191{
192 struct hci_conn *conn = (void *) arg;
193
194 BT_DBG("conn %p mode %d", conn, conn->mode);
195
196 hci_conn_enter_sniff_mode(conn);
197}
198
199struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
200{
201 struct hci_conn *conn;
202
203 BT_DBG("%s dst %s", hdev->name, batostr(dst));
204
205 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
206 if (!conn)
207 return NULL;
208
209 bacpy(&conn->dst, dst);
210 conn->hdev = hdev;
211 conn->type = type;
212 conn->mode = HCI_CM_ACTIVE;
213 conn->state = BT_OPEN;
214 conn->auth_type = HCI_AT_GENERAL_BONDING;
215
216 conn->power_save = 1;
217 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
218
219 switch (type) {
220 case ACL_LINK:
221 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
222 break;
223 case SCO_LINK:
224 if (lmp_esco_capable(hdev))
225 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
226 (hdev->esco_type & EDR_ESCO_MASK);
227 else
228 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
229 break;
230 case ESCO_LINK:
231 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
232 break;
233 }
234
235 skb_queue_head_init(&conn->data_q);
236
237 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
238 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
239
240 atomic_set(&conn->refcnt, 0);
241
242 hci_dev_hold(hdev);
243
244 tasklet_disable(&hdev->tx_task);
245
246 hci_conn_hash_add(hdev, conn);
247 if (hdev->notify)
248 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
249
250 atomic_set(&conn->devref, 0);
251
252 hci_conn_init_sysfs(conn);
253
254 tasklet_enable(&hdev->tx_task);
255
256 return conn;
257}
258
259int hci_conn_del(struct hci_conn *conn)
260{
261 struct hci_dev *hdev = conn->hdev;
262
263 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
264
265 del_timer(&conn->idle_timer);
266
267 del_timer(&conn->disc_timer);
268
269 if (conn->type == ACL_LINK) {
270 struct hci_conn *sco = conn->link;
271 if (sco)
272 sco->link = NULL;
273
274
275 hdev->acl_cnt += conn->sent;
276 } else {
277 struct hci_conn *acl = conn->link;
278 if (acl) {
279 acl->link = NULL;
280 hci_conn_put(acl);
281 }
282 }
283
284 tasklet_disable(&hdev->tx_task);
285
286 hci_conn_hash_del(hdev, conn);
287 if (hdev->notify)
288 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
289
290 tasklet_enable(&hdev->tx_task);
291
292 skb_queue_purge(&conn->data_q);
293
294 hci_conn_put_device(conn);
295
296 hci_dev_put(hdev);
297
298 return 0;
299}
300
301struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
302{
303 int use_src = bacmp(src, BDADDR_ANY);
304 struct hci_dev *hdev = NULL;
305 struct list_head *p;
306
307 BT_DBG("%s -> %s", batostr(src), batostr(dst));
308
309 read_lock_bh(&hci_dev_list_lock);
310
311 list_for_each(p, &hci_dev_list) {
312 struct hci_dev *d = list_entry(p, struct hci_dev, list);
313
314 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
315 continue;
316
317
318
319
320
321
322 if (use_src) {
323 if (!bacmp(&d->bdaddr, src)) {
324 hdev = d; break;
325 }
326 } else {
327 if (bacmp(&d->bdaddr, dst)) {
328 hdev = d; break;
329 }
330 }
331 }
332
333 if (hdev)
334 hdev = hci_dev_hold(hdev);
335
336 read_unlock_bh(&hci_dev_list_lock);
337 return hdev;
338}
339EXPORT_SYMBOL(hci_get_route);
340
341
342
343struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
344{
345 struct hci_conn *acl;
346 struct hci_conn *sco;
347
348 BT_DBG("%s dst %s", hdev->name, batostr(dst));
349
350 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
351 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
352 return NULL;
353 }
354
355 hci_conn_hold(acl);
356
357 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
358 acl->sec_level = sec_level;
359 acl->auth_type = auth_type;
360 hci_acl_connect(acl);
361 }
362
363 if (type == ACL_LINK)
364 return acl;
365
366 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
367 if (!(sco = hci_conn_add(hdev, type, dst))) {
368 hci_conn_put(acl);
369 return NULL;
370 }
371 }
372
373 acl->link = sco;
374 sco->link = acl;
375
376 hci_conn_hold(sco);
377
378 if (acl->state == BT_CONNECTED &&
379 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
380 if (lmp_esco_capable(hdev))
381 hci_setup_sync(sco, acl->handle);
382 else
383 hci_add_sco(sco, acl->handle);
384 }
385
386 return sco;
387}
388EXPORT_SYMBOL(hci_connect);
389
390
391int hci_conn_check_link_mode(struct hci_conn *conn)
392{
393 BT_DBG("conn %p", conn);
394
395 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
396 !(conn->link_mode & HCI_LM_ENCRYPT))
397 return 0;
398
399 return 1;
400}
401EXPORT_SYMBOL(hci_conn_check_link_mode);
402
403
404static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
405{
406 BT_DBG("conn %p", conn);
407
408 if (sec_level > conn->sec_level)
409 conn->sec_level = sec_level;
410 else if (conn->link_mode & HCI_LM_AUTH)
411 return 1;
412
413 conn->auth_type = auth_type;
414
415 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
416 struct hci_cp_auth_requested cp;
417 cp.handle = cpu_to_le16(conn->handle);
418 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
419 sizeof(cp), &cp);
420 }
421
422 return 0;
423}
424
425
426int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
427{
428 BT_DBG("conn %p", conn);
429
430 if (sec_level == BT_SECURITY_SDP)
431 return 1;
432
433 if (sec_level == BT_SECURITY_LOW &&
434 (!conn->ssp_mode || !conn->hdev->ssp_mode))
435 return 1;
436
437 if (conn->link_mode & HCI_LM_ENCRYPT)
438 return hci_conn_auth(conn, sec_level, auth_type);
439
440 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
441 return 0;
442
443 if (hci_conn_auth(conn, sec_level, auth_type)) {
444 struct hci_cp_set_conn_encrypt cp;
445 cp.handle = cpu_to_le16(conn->handle);
446 cp.encrypt = 1;
447 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
448 sizeof(cp), &cp);
449 }
450
451 return 0;
452}
453EXPORT_SYMBOL(hci_conn_security);
454
455
456int hci_conn_change_link_key(struct hci_conn *conn)
457{
458 BT_DBG("conn %p", conn);
459
460 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
461 struct hci_cp_change_conn_link_key cp;
462 cp.handle = cpu_to_le16(conn->handle);
463 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
464 sizeof(cp), &cp);
465 }
466
467 return 0;
468}
469EXPORT_SYMBOL(hci_conn_change_link_key);
470
471
472int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
473{
474 BT_DBG("conn %p", conn);
475
476 if (!role && conn->link_mode & HCI_LM_MASTER)
477 return 1;
478
479 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
480 struct hci_cp_switch_role cp;
481 bacpy(&cp.bdaddr, &conn->dst);
482 cp.role = role;
483 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
484 }
485
486 return 0;
487}
488EXPORT_SYMBOL(hci_conn_switch_role);
489
490
491void hci_conn_enter_active_mode(struct hci_conn *conn)
492{
493 struct hci_dev *hdev = conn->hdev;
494
495 BT_DBG("conn %p mode %d", conn, conn->mode);
496
497 if (test_bit(HCI_RAW, &hdev->flags))
498 return;
499
500 if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
501 goto timer;
502
503 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
504 struct hci_cp_exit_sniff_mode cp;
505 cp.handle = cpu_to_le16(conn->handle);
506 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
507 }
508
509timer:
510 if (hdev->idle_timeout > 0)
511 mod_timer(&conn->idle_timer,
512 jiffies + msecs_to_jiffies(hdev->idle_timeout));
513}
514
515
516void hci_conn_enter_sniff_mode(struct hci_conn *conn)
517{
518 struct hci_dev *hdev = conn->hdev;
519
520 BT_DBG("conn %p mode %d", conn, conn->mode);
521
522 if (test_bit(HCI_RAW, &hdev->flags))
523 return;
524
525 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
526 return;
527
528 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
529 return;
530
531 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
532 struct hci_cp_sniff_subrate cp;
533 cp.handle = cpu_to_le16(conn->handle);
534 cp.max_latency = cpu_to_le16(0);
535 cp.min_remote_timeout = cpu_to_le16(0);
536 cp.min_local_timeout = cpu_to_le16(0);
537 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
538 }
539
540 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
541 struct hci_cp_sniff_mode cp;
542 cp.handle = cpu_to_le16(conn->handle);
543 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
544 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
545 cp.attempt = cpu_to_le16(4);
546 cp.timeout = cpu_to_le16(1);
547 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
548 }
549}
550
551
552void hci_conn_hash_flush(struct hci_dev *hdev)
553{
554 struct hci_conn_hash *h = &hdev->conn_hash;
555 struct list_head *p;
556
557 BT_DBG("hdev %s", hdev->name);
558
559 p = h->list.next;
560 while (p != &h->list) {
561 struct hci_conn *c;
562
563 c = list_entry(p, struct hci_conn, list);
564 p = p->next;
565
566 c->state = BT_CLOSED;
567
568 hci_proto_disconn_cfm(c, 0x16);
569 hci_conn_del(c);
570 }
571}
572
573
574void hci_conn_check_pending(struct hci_dev *hdev)
575{
576 struct hci_conn *conn;
577
578 BT_DBG("hdev %s", hdev->name);
579
580 hci_dev_lock(hdev);
581
582 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
583 if (conn)
584 hci_acl_connect(conn);
585
586 hci_dev_unlock(hdev);
587}
588
589void hci_conn_hold_device(struct hci_conn *conn)
590{
591 atomic_inc(&conn->devref);
592}
593EXPORT_SYMBOL(hci_conn_hold_device);
594
595void hci_conn_put_device(struct hci_conn *conn)
596{
597 if (atomic_dec_and_test(&conn->devref))
598 hci_conn_del_sysfs(conn);
599}
600EXPORT_SYMBOL(hci_conn_put_device);
601
602int hci_get_conn_list(void __user *arg)
603{
604 struct hci_conn_list_req req, *cl;
605 struct hci_conn_info *ci;
606 struct hci_dev *hdev;
607 struct list_head *p;
608 int n = 0, size, err;
609
610 if (copy_from_user(&req, arg, sizeof(req)))
611 return -EFAULT;
612
613 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
614 return -EINVAL;
615
616 size = sizeof(req) + req.conn_num * sizeof(*ci);
617
618 if (!(cl = kmalloc(size, GFP_KERNEL)))
619 return -ENOMEM;
620
621 if (!(hdev = hci_dev_get(req.dev_id))) {
622 kfree(cl);
623 return -ENODEV;
624 }
625
626 ci = cl->conn_info;
627
628 hci_dev_lock_bh(hdev);
629 list_for_each(p, &hdev->conn_hash.list) {
630 register struct hci_conn *c;
631 c = list_entry(p, struct hci_conn, list);
632
633 bacpy(&(ci + n)->bdaddr, &c->dst);
634 (ci + n)->handle = c->handle;
635 (ci + n)->type = c->type;
636 (ci + n)->out = c->out;
637 (ci + n)->state = c->state;
638 (ci + n)->link_mode = c->link_mode;
639 if (++n >= req.conn_num)
640 break;
641 }
642 hci_dev_unlock_bh(hdev);
643
644 cl->dev_id = hdev->id;
645 cl->conn_num = n;
646 size = sizeof(req) + n * sizeof(*ci);
647
648 hci_dev_put(hdev);
649
650 err = copy_to_user(arg, cl, size);
651 kfree(cl);
652
653 return err ? -EFAULT : 0;
654}
655
656int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
657{
658 struct hci_conn_info_req req;
659 struct hci_conn_info ci;
660 struct hci_conn *conn;
661 char __user *ptr = arg + sizeof(req);
662
663 if (copy_from_user(&req, arg, sizeof(req)))
664 return -EFAULT;
665
666 hci_dev_lock_bh(hdev);
667 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
668 if (conn) {
669 bacpy(&ci.bdaddr, &conn->dst);
670 ci.handle = conn->handle;
671 ci.type = conn->type;
672 ci.out = conn->out;
673 ci.state = conn->state;
674 ci.link_mode = conn->link_mode;
675 }
676 hci_dev_unlock_bh(hdev);
677
678 if (!conn)
679 return -ENOENT;
680
681 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
682}
683
684int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
685{
686 struct hci_auth_info_req req;
687 struct hci_conn *conn;
688
689 if (copy_from_user(&req, arg, sizeof(req)))
690 return -EFAULT;
691
692 hci_dev_lock_bh(hdev);
693 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
694 if (conn)
695 req.type = conn->auth_type;
696 hci_dev_unlock_bh(hdev);
697
698 if (!conn)
699 return -ENOENT;
700
701 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
702}
703
