1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 Copyright 2023-2024 NXP 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 2 as 10 published by the Free Software Foundation; 11 12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 23 SOFTWARE IS DISCLAIMED. 24 */ 25 26 /* Bluetooth HCI connection handling. */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 #include <linux/errqueue.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/iso.h> 36 #include <net/bluetooth/mgmt.h> 37 38 #include "smp.h" 39 #include "eir.h" 40 41 struct sco_param { 42 u16 pkt_type; 43 u16 max_latency; 44 u8 retrans_effort; 45 }; 46 47 struct conn_handle_t { 48 struct hci_conn *conn; 49 __u16 handle; 50 }; 51 52 static const struct sco_param esco_param_cvsd[] = { 53 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */ 54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */ 55 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */ 56 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */ 57 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */ 58 }; 59 60 static const struct sco_param sco_param_cvsd[] = { 61 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */ 62 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */ 63 }; 64 65 static const struct sco_param esco_param_msbc[] = { 66 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */ 67 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */ 68 }; 69 70 /* This function requires the caller holds hdev->lock */ 71 void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) 72 { 73 struct hci_conn_params *params; 74 struct hci_dev *hdev = conn->hdev; 75 struct smp_irk *irk; 76 bdaddr_t *bdaddr; 77 u8 bdaddr_type; 78 79 bdaddr = &conn->dst; 80 bdaddr_type = conn->dst_type; 81 82 /* Check if we need to convert to identity address */ 83 irk = hci_get_irk(hdev, bdaddr, bdaddr_type); 84 if (irk) { 85 bdaddr = &irk->bdaddr; 86 bdaddr_type = irk->addr_type; 87 } 88 89 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr, 90 bdaddr_type); 91 if (!params) 92 return; 93 94 if (params->conn) { 95 hci_conn_drop(params->conn); 96 hci_conn_put(params->conn); 97 params->conn = NULL; 98 } 99 100 if (!params->explicit_connect) 101 return; 102 103 /* If the status indicates successful cancellation of 104 * the attempt (i.e. Unknown Connection Id) there's no point of 105 * notifying failure since we'll go back to keep trying to 106 * connect. The only exception is explicit connect requests 107 * where a timeout + cancel does indicate an actual failure. 108 */ 109 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID) 110 mgmt_connect_failed(hdev, conn, status); 111 112 /* The connection attempt was doing scan for new RPA, and is 113 * in scan phase. If params are not associated with any other 114 * autoconnect action, remove them completely. If they are, just unmark 115 * them as waiting for connection, by clearing explicit_connect field. 116 */ 117 params->explicit_connect = false; 118 119 hci_pend_le_list_del_init(params); 120 121 switch (params->auto_connect) { 122 case HCI_AUTO_CONN_EXPLICIT: 123 hci_conn_params_del(hdev, bdaddr, bdaddr_type); 124 /* return instead of break to avoid duplicate scan update */ 125 return; 126 case HCI_AUTO_CONN_DIRECT: 127 case HCI_AUTO_CONN_ALWAYS: 128 hci_pend_le_list_add(params, &hdev->pend_le_conns); 129 break; 130 case HCI_AUTO_CONN_REPORT: 131 hci_pend_le_list_add(params, &hdev->pend_le_reports); 132 break; 133 default: 134 break; 135 } 136 137 hci_update_passive_scan(hdev); 138 } 139 140 static void hci_conn_cleanup(struct hci_conn *conn) 141 { 142 struct hci_dev *hdev = conn->hdev; 143 144 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags)) 145 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type); 146 147 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) 148 hci_remove_link_key(hdev, &conn->dst); 149 150 hci_chan_list_flush(conn); 151 152 if (HCI_CONN_HANDLE_UNSET(conn->handle)) 153 ida_free(&hdev->unset_handle_ida, conn->handle); 154 155 if (conn->cleanup) 156 conn->cleanup(conn); 157 158 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { 159 switch (conn->setting & SCO_AIRMODE_MASK) { 160 case SCO_AIRMODE_CVSD: 161 case SCO_AIRMODE_TRANSP: 162 if (hdev->notify) 163 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO); 164 break; 165 } 166 } else { 167 if (hdev->notify) 168 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 169 } 170 171 debugfs_remove_recursive(conn->debugfs); 172 173 hci_conn_del_sysfs(conn); 174 175 hci_dev_put(hdev); 176 } 177 178 int hci_disconnect(struct hci_conn *conn, __u8 reason) 179 { 180 BT_DBG("hcon %p", conn); 181 182 /* When we are central of an established connection and it enters 183 * the disconnect timeout, then go ahead and try to read the 184 * current clock offset. Processing of the result is done 185 * within the event handling and hci_clock_offset_evt function. 186 */ 187 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER && 188 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) { 189 struct hci_dev *hdev = conn->hdev; 190 struct hci_cp_read_clock_offset clkoff_cp; 191 192 clkoff_cp.handle = cpu_to_le16(conn->handle); 193 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp), 194 &clkoff_cp); 195 } 196 197 return hci_abort_conn(conn, reason); 198 } 199 200 static void hci_add_sco(struct hci_conn *conn, __u16 handle) 201 { 202 struct hci_dev *hdev = conn->hdev; 203 struct hci_cp_add_sco cp; 204 205 BT_DBG("hcon %p", conn); 206 207 conn->state = BT_CONNECT; 208 conn->out = true; 209 210 conn->attempt++; 211 212 cp.handle = cpu_to_le16(handle); 213 cp.pkt_type = cpu_to_le16(conn->pkt_type); 214 215 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 216 } 217 218 static bool find_next_esco_param(struct hci_conn *conn, 219 const struct sco_param *esco_param, int size) 220 { 221 if (!conn->parent) 222 return false; 223 224 for (; conn->attempt <= size; conn->attempt++) { 225 if (lmp_esco_2m_capable(conn->parent) || 226 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3)) 227 break; 228 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported", 229 conn, conn->attempt); 230 } 231 232 return conn->attempt <= size; 233 } 234 235 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec) 236 { 237 int err; 238 __u8 vnd_len, *vnd_data = NULL; 239 struct hci_op_configure_data_path *cmd = NULL; 240 241 /* Do not take below 2 checks as error since the 1st means user do not 242 * want to use HFP offload mode and the 2nd means the vendor controller 243 * do not need to send below HCI command for offload mode. 244 */ 245 if (!codec->data_path || !hdev->get_codec_config_data) 246 return 0; 247 248 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len, 249 &vnd_data); 250 if (err < 0) 251 goto error; 252 253 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL); 254 if (!cmd) { 255 err = -ENOMEM; 256 goto error; 257 } 258 259 err = hdev->get_data_path_id(hdev, &cmd->data_path_id); 260 if (err < 0) 261 goto error; 262 263 cmd->vnd_len = vnd_len; 264 memcpy(cmd->vnd_data, vnd_data, vnd_len); 265 266 cmd->direction = 0x00; 267 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, 268 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT); 269 270 cmd->direction = 0x01; 271 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, 272 sizeof(*cmd) + vnd_len, cmd, 273 HCI_CMD_TIMEOUT); 274 error: 275 276 kfree(cmd); 277 kfree(vnd_data); 278 return err; 279 } 280 281 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data) 282 { 283 struct conn_handle_t *conn_handle = data; 284 struct hci_conn *conn = conn_handle->conn; 285 __u16 handle = conn_handle->handle; 286 struct hci_cp_enhanced_setup_sync_conn cp; 287 const struct sco_param *param; 288 289 kfree(conn_handle); 290 291 if (!hci_conn_valid(hdev, conn)) 292 return -ECANCELED; 293 294 bt_dev_dbg(hdev, "hcon %p", conn); 295 296 configure_datapath_sync(hdev, &conn->codec); 297 298 conn->state = BT_CONNECT; 299 conn->out = true; 300 301 conn->attempt++; 302 303 memset(&cp, 0x00, sizeof(cp)); 304 305 cp.handle = cpu_to_le16(handle); 306 307 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 308 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 309 310 switch (conn->codec.id) { 311 case BT_CODEC_MSBC: 312 if (!find_next_esco_param(conn, esco_param_msbc, 313 ARRAY_SIZE(esco_param_msbc))) 314 return -EINVAL; 315 316 param = &esco_param_msbc[conn->attempt - 1]; 317 cp.tx_coding_format.id = 0x05; 318 cp.rx_coding_format.id = 0x05; 319 cp.tx_codec_frame_size = __cpu_to_le16(60); 320 cp.rx_codec_frame_size = __cpu_to_le16(60); 321 cp.in_bandwidth = __cpu_to_le32(32000); 322 cp.out_bandwidth = __cpu_to_le32(32000); 323 cp.in_coding_format.id = 0x04; 324 cp.out_coding_format.id = 0x04; 325 cp.in_coded_data_size = __cpu_to_le16(16); 326 cp.out_coded_data_size = __cpu_to_le16(16); 327 cp.in_pcm_data_format = 2; 328 cp.out_pcm_data_format = 2; 329 cp.in_pcm_sample_payload_msb_pos = 0; 330 cp.out_pcm_sample_payload_msb_pos = 0; 331 cp.in_data_path = conn->codec.data_path; 332 cp.out_data_path = conn->codec.data_path; 333 cp.in_transport_unit_size = 1; 334 cp.out_transport_unit_size = 1; 335 break; 336 337 case BT_CODEC_TRANSPARENT: 338 if (!find_next_esco_param(conn, esco_param_msbc, 339 ARRAY_SIZE(esco_param_msbc))) 340 return -EINVAL; 341 342 param = &esco_param_msbc[conn->attempt - 1]; 343 cp.tx_coding_format.id = 0x03; 344 cp.rx_coding_format.id = 0x03; 345 cp.tx_codec_frame_size = __cpu_to_le16(60); 346 cp.rx_codec_frame_size = __cpu_to_le16(60); 347 cp.in_bandwidth = __cpu_to_le32(0x1f40); 348 cp.out_bandwidth = __cpu_to_le32(0x1f40); 349 cp.in_coding_format.id = 0x03; 350 cp.out_coding_format.id = 0x03; 351 cp.in_coded_data_size = __cpu_to_le16(16); 352 cp.out_coded_data_size = __cpu_to_le16(16); 353 cp.in_pcm_data_format = 2; 354 cp.out_pcm_data_format = 2; 355 cp.in_pcm_sample_payload_msb_pos = 0; 356 cp.out_pcm_sample_payload_msb_pos = 0; 357 cp.in_data_path = conn->codec.data_path; 358 cp.out_data_path = conn->codec.data_path; 359 cp.in_transport_unit_size = 1; 360 cp.out_transport_unit_size = 1; 361 break; 362 363 case BT_CODEC_CVSD: 364 if (conn->parent && lmp_esco_capable(conn->parent)) { 365 if (!find_next_esco_param(conn, esco_param_cvsd, 366 ARRAY_SIZE(esco_param_cvsd))) 367 return -EINVAL; 368 param = &esco_param_cvsd[conn->attempt - 1]; 369 } else { 370 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) 371 return -EINVAL; 372 param = &sco_param_cvsd[conn->attempt - 1]; 373 } 374 cp.tx_coding_format.id = 2; 375 cp.rx_coding_format.id = 2; 376 cp.tx_codec_frame_size = __cpu_to_le16(60); 377 cp.rx_codec_frame_size = __cpu_to_le16(60); 378 cp.in_bandwidth = __cpu_to_le32(16000); 379 cp.out_bandwidth = __cpu_to_le32(16000); 380 cp.in_coding_format.id = 4; 381 cp.out_coding_format.id = 4; 382 cp.in_coded_data_size = __cpu_to_le16(16); 383 cp.out_coded_data_size = __cpu_to_le16(16); 384 cp.in_pcm_data_format = 2; 385 cp.out_pcm_data_format = 2; 386 cp.in_pcm_sample_payload_msb_pos = 0; 387 cp.out_pcm_sample_payload_msb_pos = 0; 388 cp.in_data_path = conn->codec.data_path; 389 cp.out_data_path = conn->codec.data_path; 390 cp.in_transport_unit_size = 16; 391 cp.out_transport_unit_size = 16; 392 break; 393 default: 394 return -EINVAL; 395 } 396 397 cp.retrans_effort = param->retrans_effort; 398 cp.pkt_type = __cpu_to_le16(param->pkt_type); 399 cp.max_latency = __cpu_to_le16(param->max_latency); 400 401 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) 402 return -EIO; 403 404 return 0; 405 } 406 407 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle) 408 { 409 struct hci_dev *hdev = conn->hdev; 410 struct hci_cp_setup_sync_conn cp; 411 const struct sco_param *param; 412 413 bt_dev_dbg(hdev, "hcon %p", conn); 414 415 conn->state = BT_CONNECT; 416 conn->out = true; 417 418 conn->attempt++; 419 420 cp.handle = cpu_to_le16(handle); 421 422 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 423 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 424 cp.voice_setting = cpu_to_le16(conn->setting); 425 426 switch (conn->setting & SCO_AIRMODE_MASK) { 427 case SCO_AIRMODE_TRANSP: 428 if (!find_next_esco_param(conn, esco_param_msbc, 429 ARRAY_SIZE(esco_param_msbc))) 430 return false; 431 param = &esco_param_msbc[conn->attempt - 1]; 432 break; 433 case SCO_AIRMODE_CVSD: 434 if (conn->parent && lmp_esco_capable(conn->parent)) { 435 if (!find_next_esco_param(conn, esco_param_cvsd, 436 ARRAY_SIZE(esco_param_cvsd))) 437 return false; 438 param = &esco_param_cvsd[conn->attempt - 1]; 439 } else { 440 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) 441 return false; 442 param = &sco_param_cvsd[conn->attempt - 1]; 443 } 444 break; 445 default: 446 return false; 447 } 448 449 cp.retrans_effort = param->retrans_effort; 450 cp.pkt_type = __cpu_to_le16(param->pkt_type); 451 cp.max_latency = __cpu_to_le16(param->max_latency); 452 453 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) 454 return false; 455 456 return true; 457 } 458 459 bool hci_setup_sync(struct hci_conn *conn, __u16 handle) 460 { 461 int result; 462 struct conn_handle_t *conn_handle; 463 464 if (enhanced_sync_conn_capable(conn->hdev)) { 465 conn_handle = kzalloc_obj(*conn_handle); 466 467 if (!conn_handle) 468 return false; 469 470 conn_handle->conn = conn; 471 conn_handle->handle = handle; 472 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync, 473 conn_handle, NULL); 474 if (result < 0) 475 kfree(conn_handle); 476 477 return result == 0; 478 } 479 480 return hci_setup_sync_conn(conn, handle); 481 } 482 483 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, 484 u16 to_multiplier) 485 { 486 struct hci_dev *hdev = conn->hdev; 487 struct hci_conn_params *params; 488 struct hci_cp_le_conn_update cp; 489 490 hci_dev_lock(hdev); 491 492 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); 493 if (params) { 494 params->conn_min_interval = min; 495 params->conn_max_interval = max; 496 params->conn_latency = latency; 497 params->supervision_timeout = to_multiplier; 498 } 499 500 hci_dev_unlock(hdev); 501 502 memset(&cp, 0, sizeof(cp)); 503 cp.handle = cpu_to_le16(conn->handle); 504 cp.conn_interval_min = cpu_to_le16(min); 505 cp.conn_interval_max = cpu_to_le16(max); 506 cp.conn_latency = cpu_to_le16(latency); 507 cp.supervision_timeout = cpu_to_le16(to_multiplier); 508 cp.min_ce_len = cpu_to_le16(0x0000); 509 cp.max_ce_len = cpu_to_le16(0x0000); 510 511 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); 512 513 if (params) 514 return 0x01; 515 516 return 0x00; 517 } 518 519 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, 520 __u8 ltk[16], __u8 key_size) 521 { 522 struct hci_dev *hdev = conn->hdev; 523 struct hci_cp_le_start_enc cp; 524 525 BT_DBG("hcon %p", conn); 526 527 memset(&cp, 0, sizeof(cp)); 528 529 cp.handle = cpu_to_le16(conn->handle); 530 cp.rand = rand; 531 cp.ediv = ediv; 532 memcpy(cp.ltk, ltk, key_size); 533 534 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); 535 } 536 537 /* Device _must_ be locked */ 538 void hci_sco_setup(struct hci_conn *conn, __u8 status) 539 { 540 struct hci_link *link; 541 542 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list); 543 if (!link || !link->conn) 544 return; 545 546 BT_DBG("hcon %p", conn); 547 548 if (!status) { 549 if (lmp_esco_capable(conn->hdev)) 550 hci_setup_sync(link->conn, conn->handle); 551 else 552 hci_add_sco(link->conn, conn->handle); 553 } else { 554 hci_connect_cfm(link->conn, status); 555 hci_conn_del(link->conn); 556 } 557 } 558 559 static void hci_conn_timeout(struct work_struct *work) 560 { 561 struct hci_conn *conn = container_of(work, struct hci_conn, 562 disc_work.work); 563 int refcnt = atomic_read(&conn->refcnt); 564 565 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); 566 567 WARN_ON(refcnt < 0); 568 569 /* FIXME: It was observed that in pairing failed scenario, refcnt 570 * drops below 0. Probably this is because l2cap_conn_del calls 571 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is 572 * dropped. After that loop hci_chan_del is called which also drops 573 * conn. For now make sure that ACL is alive if refcnt is higher then 0, 574 * otherwise drop it. 575 */ 576 if (refcnt > 0) 577 return; 578 579 hci_abort_conn(conn, hci_proto_disconn_ind(conn)); 580 } 581 582 /* Enter sniff mode */ 583 static void hci_conn_idle(struct work_struct *work) 584 { 585 struct hci_conn *conn = container_of(work, struct hci_conn, 586 idle_work.work); 587 struct hci_dev *hdev = conn->hdev; 588 589 BT_DBG("hcon %p mode %d", conn, conn->mode); 590 591 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 592 return; 593 594 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 595 return; 596 597 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 598 struct hci_cp_sniff_subrate cp; 599 cp.handle = cpu_to_le16(conn->handle); 600 cp.max_latency = cpu_to_le16(0); 601 cp.min_remote_timeout = cpu_to_le16(0); 602 cp.min_local_timeout = cpu_to_le16(0); 603 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 604 } 605 606 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { 607 struct hci_cp_sniff_mode cp; 608 cp.handle = cpu_to_le16(conn->handle); 609 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 610 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 611 cp.attempt = cpu_to_le16(4); 612 cp.timeout = cpu_to_le16(1); 613 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 614 } 615 } 616 617 static void hci_conn_auto_accept(struct work_struct *work) 618 { 619 struct hci_conn *conn = container_of(work, struct hci_conn, 620 auto_accept_work.work); 621 622 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), 623 &conn->dst); 624 } 625 626 static void le_disable_advertising(struct hci_dev *hdev) 627 { 628 if (ext_adv_capable(hdev)) { 629 struct hci_cp_le_set_ext_adv_enable cp; 630 631 cp.enable = 0x00; 632 cp.num_of_sets = 0x00; 633 634 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), 635 &cp); 636 } else { 637 u8 enable = 0x00; 638 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), 639 &enable); 640 } 641 } 642 643 static void le_conn_timeout(struct work_struct *work) 644 { 645 struct hci_conn *conn = container_of(work, struct hci_conn, 646 le_conn_timeout.work); 647 struct hci_dev *hdev = conn->hdev; 648 649 BT_DBG(""); 650 651 /* We could end up here due to having done directed advertising, 652 * so clean up the state if necessary. This should however only 653 * happen with broken hardware or if low duty cycle was used 654 * (which doesn't have a timeout of its own). 655 */ 656 if (conn->role == HCI_ROLE_SLAVE) { 657 /* Disable LE Advertising */ 658 le_disable_advertising(hdev); 659 hci_dev_lock(hdev); 660 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); 661 hci_dev_unlock(hdev); 662 return; 663 } 664 665 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 666 } 667 668 struct iso_list_data { 669 union { 670 u8 cig; 671 u8 big; 672 }; 673 union { 674 u8 cis; 675 u8 bis; 676 u16 sync_handle; 677 }; 678 int count; 679 bool big_term; 680 bool pa_sync_term; 681 bool big_sync_term; 682 }; 683 684 static void bis_list(struct hci_conn *conn, void *data) 685 { 686 struct iso_list_data *d = data; 687 688 /* Skip if not broadcast/ANY address */ 689 if (bacmp(&conn->dst, BDADDR_ANY)) 690 return; 691 692 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET || 693 d->bis != conn->iso_qos.bcast.bis) 694 return; 695 696 d->count++; 697 } 698 699 static int terminate_big_sync(struct hci_dev *hdev, void *data) 700 { 701 struct iso_list_data *d = data; 702 703 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis); 704 705 hci_disable_per_advertising_sync(hdev, d->bis); 706 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL); 707 708 /* Only terminate BIG if it has been created */ 709 if (!d->big_term) 710 return 0; 711 712 return hci_le_terminate_big_sync(hdev, d->big, 713 HCI_ERROR_LOCAL_HOST_TERM); 714 } 715 716 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err) 717 { 718 kfree(data); 719 } 720 721 static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn) 722 { 723 struct iso_list_data *d; 724 int ret; 725 726 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big, 727 conn->iso_qos.bcast.bis); 728 729 d = kzalloc_obj(*d); 730 if (!d) 731 return -ENOMEM; 732 733 d->big = conn->iso_qos.bcast.big; 734 d->bis = conn->iso_qos.bcast.bis; 735 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags); 736 737 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d, 738 terminate_big_destroy); 739 if (ret) 740 kfree(d); 741 742 return ret; 743 } 744 745 static int big_terminate_sync(struct hci_dev *hdev, void *data) 746 { 747 struct iso_list_data *d = data; 748 749 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big, 750 d->sync_handle); 751 752 if (d->big_sync_term) 753 hci_le_big_terminate_sync(hdev, d->big); 754 755 if (d->pa_sync_term) 756 return hci_le_pa_terminate_sync(hdev, d->sync_handle); 757 758 return 0; 759 } 760 761 static void find_bis(struct hci_conn *conn, void *data) 762 { 763 struct iso_list_data *d = data; 764 765 /* Ignore if BIG doesn't match */ 766 if (d->big != conn->iso_qos.bcast.big) 767 return; 768 769 d->count++; 770 } 771 772 static int hci_le_big_terminate(struct hci_dev *hdev, struct hci_conn *conn) 773 { 774 struct iso_list_data *d; 775 int ret; 776 777 bt_dev_dbg(hdev, "hcon %p big 0x%2.2x sync_handle 0x%4.4x", conn, 778 conn->iso_qos.bcast.big, conn->sync_handle); 779 780 d = kzalloc_obj(*d); 781 if (!d) 782 return -ENOMEM; 783 784 d->big = conn->iso_qos.bcast.big; 785 d->sync_handle = conn->sync_handle; 786 787 if (conn->type == PA_LINK && 788 test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags)) { 789 hci_conn_hash_list_flag(hdev, find_bis, PA_LINK, 790 HCI_CONN_PA_SYNC, d); 791 792 if (!d->count) 793 d->pa_sync_term = true; 794 795 d->count = 0; 796 } 797 798 if (test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags)) { 799 hci_conn_hash_list_flag(hdev, find_bis, BIS_LINK, 800 HCI_CONN_BIG_SYNC, d); 801 802 if (!d->count) 803 d->big_sync_term = true; 804 } 805 806 if (!d->pa_sync_term && !d->big_sync_term) 807 return 0; 808 809 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d, 810 terminate_big_destroy); 811 if (ret) 812 kfree(d); 813 814 return ret; 815 } 816 817 /* Cleanup BIS connection 818 * 819 * Detects if there any BIS left connected in a BIG 820 * broadcaster: Remove advertising instance and terminate BIG. 821 * broadcaster receiver: Terminate BIG sync and terminate PA sync. 822 */ 823 static void bis_cleanup(struct hci_conn *conn) 824 { 825 struct hci_dev *hdev = conn->hdev; 826 struct hci_conn *bis; 827 828 bt_dev_dbg(hdev, "conn %p", conn); 829 830 if (conn->role == HCI_ROLE_MASTER) { 831 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags)) 832 return; 833 834 /* Check if ISO connection is a BIS and terminate advertising 835 * set and BIG if there are no other connections using it. 836 */ 837 bis = hci_conn_hash_lookup_big_state(hdev, 838 conn->iso_qos.bcast.big, 839 BT_CONNECTED, 840 HCI_ROLE_MASTER); 841 if (bis) 842 return; 843 844 bis = hci_conn_hash_lookup_big_state(hdev, 845 conn->iso_qos.bcast.big, 846 BT_CONNECT, 847 HCI_ROLE_MASTER); 848 if (bis) 849 return; 850 851 bis = hci_conn_hash_lookup_big_state(hdev, 852 conn->iso_qos.bcast.big, 853 BT_OPEN, 854 HCI_ROLE_MASTER); 855 if (bis) 856 return; 857 858 hci_le_terminate_big(hdev, conn); 859 } else { 860 hci_le_big_terminate(hdev, conn); 861 } 862 } 863 864 static int remove_cig_sync(struct hci_dev *hdev, void *data) 865 { 866 u8 handle = PTR_UINT(data); 867 868 return hci_le_remove_cig_sync(hdev, handle); 869 } 870 871 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle) 872 { 873 bt_dev_dbg(hdev, "handle 0x%2.2x", handle); 874 875 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle), 876 NULL); 877 } 878 879 static void find_cis(struct hci_conn *conn, void *data) 880 { 881 struct iso_list_data *d = data; 882 883 /* Ignore broadcast or if CIG don't match */ 884 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig) 885 return; 886 887 d->count++; 888 } 889 890 /* Cleanup CIS connection: 891 * 892 * Detects if there any CIS left connected in a CIG and remove it. 893 */ 894 static void cis_cleanup(struct hci_conn *conn) 895 { 896 struct hci_dev *hdev = conn->hdev; 897 struct iso_list_data d; 898 899 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET) 900 return; 901 902 memset(&d, 0, sizeof(d)); 903 d.cig = conn->iso_qos.ucast.cig; 904 905 /* Check if ISO connection is a CIS and remove CIG if there are 906 * no other connections using it. 907 */ 908 hci_conn_hash_list_state(hdev, find_cis, CIS_LINK, BT_BOUND, &d); 909 hci_conn_hash_list_state(hdev, find_cis, CIS_LINK, BT_CONNECT, 910 &d); 911 hci_conn_hash_list_state(hdev, find_cis, CIS_LINK, BT_CONNECTED, 912 &d); 913 if (d.count) 914 return; 915 916 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig); 917 } 918 919 static int hci_conn_hash_alloc_unset(struct hci_dev *hdev) 920 { 921 return ida_alloc_range(&hdev->unset_handle_ida, HCI_CONN_HANDLE_MAX + 1, 922 U16_MAX, GFP_ATOMIC); 923 } 924 925 static struct hci_conn *__hci_conn_add(struct hci_dev *hdev, int type, 926 bdaddr_t *dst, u8 dst_type, 927 u8 role, u16 handle) 928 { 929 struct hci_conn *conn; 930 struct smp_irk *irk = NULL; 931 932 switch (type) { 933 case ACL_LINK: 934 if (!hdev->acl_mtu) 935 return ERR_PTR(-ECONNREFUSED); 936 break; 937 case CIS_LINK: 938 case BIS_LINK: 939 case PA_LINK: 940 if (!hdev->iso_mtu) 941 return ERR_PTR(-ECONNREFUSED); 942 irk = hci_get_irk(hdev, dst, dst_type); 943 break; 944 case LE_LINK: 945 if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) 946 return ERR_PTR(-ECONNREFUSED); 947 if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) 948 return ERR_PTR(-ECONNREFUSED); 949 irk = hci_get_irk(hdev, dst, dst_type); 950 break; 951 case SCO_LINK: 952 case ESCO_LINK: 953 if (!hdev->sco_pkts) 954 /* Controller does not support SCO or eSCO over HCI */ 955 return ERR_PTR(-ECONNREFUSED); 956 break; 957 default: 958 return ERR_PTR(-ECONNREFUSED); 959 } 960 961 bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); 962 963 conn = kzalloc_obj(*conn); 964 if (!conn) 965 return ERR_PTR(-ENOMEM); 966 967 /* If and IRK exists use its identity address */ 968 if (!irk) { 969 bacpy(&conn->dst, dst); 970 conn->dst_type = dst_type; 971 } else { 972 bacpy(&conn->dst, &irk->bdaddr); 973 conn->dst_type = irk->addr_type; 974 } 975 976 bacpy(&conn->src, &hdev->bdaddr); 977 conn->handle = handle; 978 conn->hdev = hdev; 979 conn->type = type; 980 conn->role = role; 981 conn->mode = HCI_CM_ACTIVE; 982 conn->state = BT_OPEN; 983 conn->auth_type = HCI_AT_GENERAL_BONDING; 984 conn->io_capability = hdev->io_capability; 985 conn->remote_auth = 0xff; 986 conn->key_type = 0xff; 987 conn->rssi = HCI_RSSI_INVALID; 988 conn->tx_power = HCI_TX_POWER_INVALID; 989 conn->max_tx_power = HCI_TX_POWER_INVALID; 990 conn->sync_handle = HCI_SYNC_HANDLE_INVALID; 991 conn->sid = HCI_SID_INVALID; 992 993 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 994 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 995 996 /* Set Default Authenticated payload timeout to 30s */ 997 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; 998 999 if (conn->role == HCI_ROLE_MASTER) 1000 conn->out = true; 1001 1002 switch (type) { 1003 case ACL_LINK: 1004 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 1005 conn->link_policy = hdev->link_policy; 1006 conn->mtu = hdev->acl_mtu; 1007 break; 1008 case LE_LINK: 1009 /* conn->src should reflect the local identity address */ 1010 hci_copy_identity_address(hdev, &conn->src, &conn->src_type); 1011 conn->mtu = hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; 1012 /* Use the controller supported PHYS as default until the 1013 * remote features are resolved. 1014 */ 1015 conn->le_tx_def_phys = hdev->le_tx_def_phys; 1016 conn->le_rx_def_phys = hdev->le_tx_def_phys; 1017 break; 1018 case CIS_LINK: 1019 /* conn->src should reflect the local identity address */ 1020 hci_copy_identity_address(hdev, &conn->src, &conn->src_type); 1021 1022 if (conn->role == HCI_ROLE_MASTER) 1023 conn->cleanup = cis_cleanup; 1024 1025 conn->mtu = hdev->iso_mtu; 1026 break; 1027 case PA_LINK: 1028 case BIS_LINK: 1029 /* conn->src should reflect the local identity address */ 1030 hci_copy_identity_address(hdev, &conn->src, &conn->src_type); 1031 conn->cleanup = bis_cleanup; 1032 conn->mtu = hdev->iso_mtu; 1033 break; 1034 case SCO_LINK: 1035 if (lmp_esco_capable(hdev)) 1036 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1037 (hdev->esco_type & EDR_ESCO_MASK); 1038 else 1039 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 1040 1041 conn->mtu = hdev->sco_mtu; 1042 break; 1043 case ESCO_LINK: 1044 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 1045 conn->mtu = hdev->sco_mtu; 1046 break; 1047 } 1048 1049 skb_queue_head_init(&conn->data_q); 1050 skb_queue_head_init(&conn->tx_q.queue); 1051 1052 INIT_LIST_HEAD(&conn->chan_list); 1053 INIT_LIST_HEAD(&conn->link_list); 1054 1055 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); 1056 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); 1057 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); 1058 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); 1059 1060 atomic_set(&conn->refcnt, 0); 1061 1062 hci_dev_hold(hdev); 1063 1064 hci_conn_hash_add(hdev, conn); 1065 1066 /* The SCO and eSCO connections will only be notified when their 1067 * setup has been completed. This is different to ACL links which 1068 * can be notified right away. 1069 */ 1070 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) { 1071 if (hdev->notify) 1072 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 1073 } 1074 1075 hci_conn_init_sysfs(conn); 1076 return conn; 1077 } 1078 1079 struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, 1080 bdaddr_t *dst, u8 dst_type, u8 role) 1081 { 1082 int handle; 1083 1084 bt_dev_dbg(hdev, "dst %pMR", dst); 1085 1086 handle = hci_conn_hash_alloc_unset(hdev); 1087 if (unlikely(handle < 0)) 1088 return ERR_PTR(-ECONNREFUSED); 1089 1090 return __hci_conn_add(hdev, type, dst, dst_type, role, handle); 1091 } 1092 1093 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 1094 u8 dst_type, u8 role, u16 handle) 1095 { 1096 if (handle > HCI_CONN_HANDLE_MAX) 1097 return ERR_PTR(-EINVAL); 1098 1099 return __hci_conn_add(hdev, type, dst, dst_type, role, handle); 1100 } 1101 1102 static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason) 1103 { 1104 if (!reason) 1105 reason = HCI_ERROR_REMOTE_USER_TERM; 1106 1107 /* Due to race, SCO/ISO conn might be not established yet at this point, 1108 * and nothing else will clean it up. In other cases it is done via HCI 1109 * events. 1110 */ 1111 switch (conn->type) { 1112 case SCO_LINK: 1113 case ESCO_LINK: 1114 if (HCI_CONN_HANDLE_UNSET(conn->handle)) 1115 hci_conn_failed(conn, reason); 1116 break; 1117 case CIS_LINK: 1118 case BIS_LINK: 1119 case PA_LINK: 1120 if ((conn->state != BT_CONNECTED && 1121 !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) || 1122 test_bit(HCI_CONN_BIG_CREATED, &conn->flags)) 1123 hci_conn_failed(conn, reason); 1124 break; 1125 } 1126 } 1127 1128 static void hci_conn_unlink(struct hci_conn *conn) 1129 { 1130 struct hci_dev *hdev = conn->hdev; 1131 1132 bt_dev_dbg(hdev, "hcon %p", conn); 1133 1134 if (!conn->parent) { 1135 struct hci_link *link, *t; 1136 1137 list_for_each_entry_safe(link, t, &conn->link_list, list) { 1138 struct hci_conn *child = link->conn; 1139 1140 hci_conn_unlink(child); 1141 1142 /* If hdev is down it means 1143 * hci_dev_close_sync/hci_conn_hash_flush is in progress 1144 * and links don't need to be cleanup as all connections 1145 * would be cleanup. 1146 */ 1147 if (!test_bit(HCI_UP, &hdev->flags)) 1148 continue; 1149 1150 hci_conn_cleanup_child(child, conn->abort_reason); 1151 } 1152 1153 return; 1154 } 1155 1156 if (!conn->link) 1157 return; 1158 1159 list_del_rcu(&conn->link->list); 1160 synchronize_rcu(); 1161 1162 hci_conn_drop(conn->parent); 1163 hci_conn_put(conn->parent); 1164 conn->parent = NULL; 1165 1166 kfree(conn->link); 1167 conn->link = NULL; 1168 } 1169 1170 void hci_conn_del(struct hci_conn *conn) 1171 { 1172 struct hci_dev *hdev = conn->hdev; 1173 1174 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle); 1175 1176 hci_conn_unlink(conn); 1177 1178 disable_delayed_work_sync(&conn->disc_work); 1179 disable_delayed_work_sync(&conn->auto_accept_work); 1180 disable_delayed_work_sync(&conn->idle_work); 1181 1182 /* Remove the connection from the list so unacked logic can detect when 1183 * a certain pool is not being utilized. 1184 */ 1185 hci_conn_hash_del(hdev, conn); 1186 1187 /* Handle unacked frames: 1188 * 1189 * - In case there are no connection, or if restoring the buffers 1190 * considered in transist would overflow, restore all buffers to the 1191 * pool. 1192 * - Otherwise restore just the buffers considered in transit for the 1193 * hci_conn 1194 */ 1195 switch (conn->type) { 1196 case ACL_LINK: 1197 if (!hci_conn_num(hdev, ACL_LINK) || 1198 hdev->acl_cnt + conn->sent > hdev->acl_pkts) 1199 hdev->acl_cnt = hdev->acl_pkts; 1200 else 1201 hdev->acl_cnt += conn->sent; 1202 break; 1203 case LE_LINK: 1204 cancel_delayed_work(&conn->le_conn_timeout); 1205 1206 if (hdev->le_pkts) { 1207 if (!hci_conn_num(hdev, LE_LINK) || 1208 hdev->le_cnt + conn->sent > hdev->le_pkts) 1209 hdev->le_cnt = hdev->le_pkts; 1210 else 1211 hdev->le_cnt += conn->sent; 1212 } else { 1213 if ((!hci_conn_num(hdev, LE_LINK) && 1214 !hci_conn_num(hdev, ACL_LINK)) || 1215 hdev->acl_cnt + conn->sent > hdev->acl_pkts) 1216 hdev->acl_cnt = hdev->acl_pkts; 1217 else 1218 hdev->acl_cnt += conn->sent; 1219 } 1220 break; 1221 case CIS_LINK: 1222 case BIS_LINK: 1223 case PA_LINK: 1224 if (!hci_iso_count(hdev) || 1225 hdev->iso_cnt + conn->sent > hdev->iso_pkts) 1226 hdev->iso_cnt = hdev->iso_pkts; 1227 else 1228 hdev->iso_cnt += conn->sent; 1229 break; 1230 } 1231 1232 skb_queue_purge(&conn->data_q); 1233 skb_queue_purge(&conn->tx_q.queue); 1234 1235 /* Remove the connection from the list and cleanup its remaining 1236 * state. This is a separate function since for some cases like 1237 * BT_CONNECT_SCAN we *only* want the cleanup part without the 1238 * rest of hci_conn_del. 1239 */ 1240 hci_conn_cleanup(conn); 1241 1242 /* Dequeue callbacks using connection pointer as data */ 1243 hci_cmd_sync_dequeue(hdev, NULL, conn, NULL); 1244 } 1245 1246 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type) 1247 { 1248 int use_src = bacmp(src, BDADDR_ANY); 1249 struct hci_dev *hdev = NULL, *d; 1250 1251 BT_DBG("%pMR -> %pMR", src, dst); 1252 1253 read_lock(&hci_dev_list_lock); 1254 1255 list_for_each_entry(d, &hci_dev_list, list) { 1256 if (!test_bit(HCI_UP, &d->flags) || 1257 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 1258 continue; 1259 1260 /* Simple routing: 1261 * No source address - find interface with bdaddr != dst 1262 * Source address - find interface with bdaddr == src 1263 */ 1264 1265 if (use_src) { 1266 bdaddr_t id_addr; 1267 u8 id_addr_type; 1268 1269 if (src_type == BDADDR_BREDR) { 1270 if (!lmp_bredr_capable(d)) 1271 continue; 1272 bacpy(&id_addr, &d->bdaddr); 1273 id_addr_type = BDADDR_BREDR; 1274 } else { 1275 if (!lmp_le_capable(d)) 1276 continue; 1277 1278 hci_copy_identity_address(d, &id_addr, 1279 &id_addr_type); 1280 1281 /* Convert from HCI to three-value type */ 1282 if (id_addr_type == ADDR_LE_DEV_PUBLIC) 1283 id_addr_type = BDADDR_LE_PUBLIC; 1284 else 1285 id_addr_type = BDADDR_LE_RANDOM; 1286 } 1287 1288 if (!bacmp(&id_addr, src) && id_addr_type == src_type) { 1289 hdev = d; break; 1290 } 1291 } else { 1292 if (bacmp(&d->bdaddr, dst)) { 1293 hdev = d; break; 1294 } 1295 } 1296 } 1297 1298 if (hdev) 1299 hdev = hci_dev_hold(hdev); 1300 1301 read_unlock(&hci_dev_list_lock); 1302 return hdev; 1303 } 1304 EXPORT_SYMBOL(hci_get_route); 1305 1306 /* This function requires the caller holds hdev->lock */ 1307 static void hci_le_conn_failed(struct hci_conn *conn, u8 status) 1308 { 1309 struct hci_dev *hdev = conn->hdev; 1310 1311 hci_connect_le_scan_cleanup(conn, status); 1312 1313 /* Enable advertising in case this was a failed connection 1314 * attempt as a peripheral. 1315 */ 1316 hci_enable_advertising(hdev); 1317 } 1318 1319 /* This function requires the caller holds hdev->lock */ 1320 void hci_conn_failed(struct hci_conn *conn, u8 status) 1321 { 1322 struct hci_dev *hdev = conn->hdev; 1323 1324 bt_dev_dbg(hdev, "status 0x%2.2x", status); 1325 1326 switch (conn->type) { 1327 case LE_LINK: 1328 hci_le_conn_failed(conn, status); 1329 break; 1330 case ACL_LINK: 1331 mgmt_connect_failed(hdev, conn, status); 1332 break; 1333 } 1334 1335 /* In case of BIG/PA sync failed, clear conn flags so that 1336 * the conns will be correctly cleaned up by ISO layer 1337 */ 1338 test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags); 1339 test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags); 1340 1341 conn->state = BT_CLOSED; 1342 hci_connect_cfm(conn, status); 1343 hci_conn_del(conn); 1344 } 1345 1346 /* This function requires the caller holds hdev->lock */ 1347 u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle) 1348 { 1349 struct hci_dev *hdev = conn->hdev; 1350 1351 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle); 1352 1353 if (conn->handle == handle) 1354 return 0; 1355 1356 if (handle > HCI_CONN_HANDLE_MAX) { 1357 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x", 1358 handle, HCI_CONN_HANDLE_MAX); 1359 return HCI_ERROR_INVALID_PARAMETERS; 1360 } 1361 1362 /* If abort_reason has been sent it means the connection is being 1363 * aborted and the handle shall not be changed. 1364 */ 1365 if (conn->abort_reason) 1366 return conn->abort_reason; 1367 1368 if (HCI_CONN_HANDLE_UNSET(conn->handle)) 1369 ida_free(&hdev->unset_handle_ida, conn->handle); 1370 1371 conn->handle = handle; 1372 1373 return 0; 1374 } 1375 1376 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, 1377 u8 dst_type, bool dst_resolved, u8 sec_level, 1378 u16 conn_timeout, u8 role, u8 phy, u8 sec_phy) 1379 { 1380 struct hci_conn *conn; 1381 struct smp_irk *irk; 1382 int err; 1383 1384 /* Let's make sure that le is enabled.*/ 1385 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1386 if (lmp_le_capable(hdev)) 1387 return ERR_PTR(-ECONNREFUSED); 1388 1389 return ERR_PTR(-EOPNOTSUPP); 1390 } 1391 1392 /* Since the controller supports only one LE connection attempt at a 1393 * time, we return -EBUSY if there is any connection attempt running. 1394 */ 1395 if (hci_lookup_le_connect(hdev)) 1396 return ERR_PTR(-EBUSY); 1397 1398 /* If there's already a connection object but it's not in 1399 * scanning state it means it must already be established, in 1400 * which case we can't do anything else except report a failure 1401 * to connect. 1402 */ 1403 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); 1404 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) { 1405 return ERR_PTR(-EBUSY); 1406 } 1407 1408 /* Check if the destination address has been resolved by the controller 1409 * since if it did then the identity address shall be used. 1410 */ 1411 if (!dst_resolved) { 1412 /* When given an identity address with existing identity 1413 * resolving key, the connection needs to be established 1414 * to a resolvable random address. 1415 * 1416 * Storing the resolvable random address is required here 1417 * to handle connection failures. The address will later 1418 * be resolved back into the original identity address 1419 * from the connect request. 1420 */ 1421 irk = hci_find_irk_by_addr(hdev, dst, dst_type); 1422 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { 1423 dst = &irk->rpa; 1424 dst_type = ADDR_LE_DEV_RANDOM; 1425 } 1426 } 1427 1428 if (conn) { 1429 bacpy(&conn->dst, dst); 1430 } else { 1431 conn = hci_conn_add_unset(hdev, LE_LINK, dst, dst_type, role); 1432 if (IS_ERR(conn)) 1433 return conn; 1434 hci_conn_hold(conn); 1435 conn->pending_sec_level = sec_level; 1436 } 1437 1438 conn->sec_level = BT_SECURITY_LOW; 1439 conn->conn_timeout = conn_timeout; 1440 conn->le_adv_phy = phy; 1441 conn->le_adv_sec_phy = sec_phy; 1442 1443 err = hci_connect_le_sync(hdev, conn); 1444 if (err) { 1445 hci_conn_del(conn); 1446 return ERR_PTR(err); 1447 } 1448 1449 return conn; 1450 } 1451 1452 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 1453 { 1454 struct hci_conn *conn; 1455 1456 conn = hci_conn_hash_lookup_le(hdev, addr, type); 1457 if (!conn) 1458 return false; 1459 1460 if (conn->state != BT_CONNECTED) 1461 return false; 1462 1463 return true; 1464 } 1465 1466 /* This function requires the caller holds hdev->lock */ 1467 static int hci_explicit_conn_params_set(struct hci_dev *hdev, 1468 bdaddr_t *addr, u8 addr_type) 1469 { 1470 struct hci_conn_params *params; 1471 1472 if (is_connected(hdev, addr, addr_type)) 1473 return -EISCONN; 1474 1475 params = hci_conn_params_lookup(hdev, addr, addr_type); 1476 if (!params) { 1477 params = hci_conn_params_add(hdev, addr, addr_type); 1478 if (!params) 1479 return -ENOMEM; 1480 1481 /* If we created new params, mark them to be deleted in 1482 * hci_connect_le_scan_cleanup. It's different case than 1483 * existing disabled params, those will stay after cleanup. 1484 */ 1485 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 1486 } 1487 1488 /* We're trying to connect, so make sure params are at pend_le_conns */ 1489 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 1490 params->auto_connect == HCI_AUTO_CONN_REPORT || 1491 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 1492 hci_pend_le_list_del_init(params); 1493 hci_pend_le_list_add(params, &hdev->pend_le_conns); 1494 } 1495 1496 params->explicit_connect = true; 1497 1498 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 1499 params->auto_connect); 1500 1501 return 0; 1502 } 1503 1504 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos) 1505 { 1506 struct hci_conn *conn; 1507 u8 big; 1508 1509 /* Allocate a BIG if not set */ 1510 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) { 1511 for (big = 0x00; big < 0xef; big++) { 1512 1513 conn = hci_conn_hash_lookup_big(hdev, big); 1514 if (!conn) 1515 break; 1516 } 1517 1518 if (big == 0xef) 1519 return -EADDRNOTAVAIL; 1520 1521 /* Update BIG */ 1522 qos->bcast.big = big; 1523 } 1524 1525 return 0; 1526 } 1527 1528 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos) 1529 { 1530 struct hci_conn *conn; 1531 u8 bis; 1532 1533 /* Allocate BIS if not set */ 1534 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) { 1535 if (qos->bcast.big != BT_ISO_QOS_BIG_UNSET) { 1536 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); 1537 1538 if (conn) { 1539 /* If the BIG handle is already matched to an advertising 1540 * handle, do not allocate a new one. 1541 */ 1542 qos->bcast.bis = conn->iso_qos.bcast.bis; 1543 return 0; 1544 } 1545 } 1546 1547 /* Find an unused adv set to advertise BIS, skip instance 0x00 1548 * since it is reserved as general purpose set. 1549 */ 1550 for (bis = 0x01; bis < hdev->le_num_of_adv_sets; 1551 bis++) { 1552 1553 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis); 1554 if (!conn) 1555 break; 1556 } 1557 1558 if (bis == hdev->le_num_of_adv_sets) 1559 return -EADDRNOTAVAIL; 1560 1561 /* Update BIS */ 1562 qos->bcast.bis = bis; 1563 } 1564 1565 return 0; 1566 } 1567 1568 /* This function requires the caller holds hdev->lock */ 1569 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, 1570 __u8 sid, struct bt_iso_qos *qos, 1571 __u8 base_len, __u8 *base, u16 timeout) 1572 { 1573 struct hci_conn *conn; 1574 int err; 1575 1576 /* Let's make sure that le is enabled.*/ 1577 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1578 if (lmp_le_capable(hdev)) 1579 return ERR_PTR(-ECONNREFUSED); 1580 return ERR_PTR(-EOPNOTSUPP); 1581 } 1582 1583 err = qos_set_big(hdev, qos); 1584 if (err) 1585 return ERR_PTR(err); 1586 1587 err = qos_set_bis(hdev, qos); 1588 if (err) 1589 return ERR_PTR(err); 1590 1591 /* Check if the LE Create BIG command has already been sent */ 1592 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big, 1593 qos->bcast.big); 1594 if (conn) 1595 return ERR_PTR(-EADDRINUSE); 1596 1597 /* Check BIS settings against other bound BISes, since all 1598 * BISes in a BIG must have the same value for all parameters 1599 */ 1600 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); 1601 1602 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) || 1603 base_len != conn->le_per_adv_data_len || 1604 memcmp(conn->le_per_adv_data, base, base_len))) 1605 return ERR_PTR(-EADDRINUSE); 1606 1607 conn = hci_conn_add_unset(hdev, BIS_LINK, dst, 0, HCI_ROLE_MASTER); 1608 if (IS_ERR(conn)) 1609 return conn; 1610 1611 conn->state = BT_CONNECT; 1612 conn->sid = sid; 1613 conn->conn_timeout = timeout; 1614 1615 hci_conn_hold(conn); 1616 return conn; 1617 } 1618 1619 /* This function requires the caller holds hdev->lock */ 1620 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, 1621 u8 dst_type, u8 sec_level, 1622 u16 conn_timeout, 1623 enum conn_reasons conn_reason) 1624 { 1625 struct hci_conn *conn; 1626 1627 /* Let's make sure that le is enabled.*/ 1628 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1629 if (lmp_le_capable(hdev)) 1630 return ERR_PTR(-ECONNREFUSED); 1631 1632 return ERR_PTR(-EOPNOTSUPP); 1633 } 1634 1635 /* Some devices send ATT messages as soon as the physical link is 1636 * established. To be able to handle these ATT messages, the user- 1637 * space first establishes the connection and then starts the pairing 1638 * process. 1639 * 1640 * So if a hci_conn object already exists for the following connection 1641 * attempt, we simply update pending_sec_level and auth_type fields 1642 * and return the object found. 1643 */ 1644 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); 1645 if (conn) { 1646 if (conn->pending_sec_level < sec_level) 1647 conn->pending_sec_level = sec_level; 1648 goto done; 1649 } 1650 1651 BT_DBG("requesting refresh of dst_addr"); 1652 1653 conn = hci_conn_add_unset(hdev, LE_LINK, dst, dst_type, 1654 HCI_ROLE_MASTER); 1655 if (IS_ERR(conn)) 1656 return conn; 1657 1658 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { 1659 hci_conn_del(conn); 1660 return ERR_PTR(-EBUSY); 1661 } 1662 1663 conn->state = BT_CONNECT; 1664 set_bit(HCI_CONN_SCANNING, &conn->flags); 1665 conn->sec_level = BT_SECURITY_LOW; 1666 conn->pending_sec_level = sec_level; 1667 conn->conn_timeout = conn_timeout; 1668 conn->conn_reason = conn_reason; 1669 1670 hci_update_passive_scan(hdev); 1671 1672 done: 1673 hci_conn_hold(conn); 1674 return conn; 1675 } 1676 1677 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, 1678 u8 sec_level, u8 auth_type, 1679 enum conn_reasons conn_reason, u16 timeout) 1680 { 1681 struct hci_conn *acl; 1682 1683 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1684 if (lmp_bredr_capable(hdev)) 1685 return ERR_PTR(-ECONNREFUSED); 1686 1687 return ERR_PTR(-EOPNOTSUPP); 1688 } 1689 1690 /* Reject outgoing connection to device with same BD ADDR against 1691 * CVE-2020-26555 1692 */ 1693 if (!bacmp(&hdev->bdaddr, dst)) { 1694 bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n", 1695 dst); 1696 return ERR_PTR(-ECONNREFUSED); 1697 } 1698 1699 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 1700 if (!acl) { 1701 acl = hci_conn_add_unset(hdev, ACL_LINK, dst, 0, 1702 HCI_ROLE_MASTER); 1703 if (IS_ERR(acl)) 1704 return acl; 1705 } 1706 1707 hci_conn_hold(acl); 1708 1709 acl->conn_reason = conn_reason; 1710 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 1711 int err; 1712 1713 acl->sec_level = BT_SECURITY_LOW; 1714 acl->pending_sec_level = sec_level; 1715 acl->auth_type = auth_type; 1716 acl->conn_timeout = timeout; 1717 1718 err = hci_connect_acl_sync(hdev, acl); 1719 if (err) { 1720 hci_conn_del(acl); 1721 return ERR_PTR(err); 1722 } 1723 } 1724 1725 return acl; 1726 } 1727 1728 static struct hci_link *hci_conn_link(struct hci_conn *parent, 1729 struct hci_conn *conn) 1730 { 1731 struct hci_dev *hdev = parent->hdev; 1732 struct hci_link *link; 1733 1734 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn); 1735 1736 if (conn->link) 1737 return conn->link; 1738 1739 if (conn->parent) 1740 return NULL; 1741 1742 link = kzalloc_obj(*link); 1743 if (!link) 1744 return NULL; 1745 1746 link->conn = hci_conn_hold(conn); 1747 conn->link = link; 1748 conn->parent = hci_conn_get(parent); 1749 1750 /* Use list_add_tail_rcu append to the list */ 1751 list_add_tail_rcu(&link->list, &parent->link_list); 1752 1753 return link; 1754 } 1755 1756 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, 1757 __u16 setting, struct bt_codec *codec, 1758 u16 timeout) 1759 { 1760 struct hci_conn *acl; 1761 struct hci_conn *sco; 1762 struct hci_link *link; 1763 1764 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING, 1765 CONN_REASON_SCO_CONNECT, timeout); 1766 if (IS_ERR(acl)) 1767 return acl; 1768 1769 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 1770 if (!sco) { 1771 sco = hci_conn_add_unset(hdev, type, dst, 0, HCI_ROLE_MASTER); 1772 if (IS_ERR(sco)) { 1773 hci_conn_drop(acl); 1774 return sco; 1775 } 1776 } 1777 1778 link = hci_conn_link(acl, sco); 1779 if (!link) { 1780 hci_conn_drop(acl); 1781 hci_conn_drop(sco); 1782 return ERR_PTR(-ENOLINK); 1783 } 1784 1785 sco->setting = setting; 1786 sco->codec = *codec; 1787 1788 if (acl->state == BT_CONNECTED && 1789 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 1790 set_bit(HCI_CONN_POWER_SAVE, &acl->flags); 1791 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); 1792 1793 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) { 1794 /* defer SCO setup until mode change completed */ 1795 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags); 1796 return sco; 1797 } 1798 1799 hci_sco_setup(acl, 0x00); 1800 } 1801 1802 return sco; 1803 } 1804 1805 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos) 1806 { 1807 struct hci_dev *hdev = conn->hdev; 1808 struct hci_cp_le_create_big cp; 1809 struct iso_list_data data; 1810 1811 memset(&cp, 0, sizeof(cp)); 1812 1813 data.big = qos->bcast.big; 1814 data.bis = qos->bcast.bis; 1815 data.count = 0; 1816 1817 /* Create a BIS for each bound connection */ 1818 hci_conn_hash_list_state(hdev, bis_list, BIS_LINK, 1819 BT_BOUND, &data); 1820 1821 cp.handle = qos->bcast.big; 1822 cp.adv_handle = qos->bcast.bis; 1823 cp.num_bis = data.count; 1824 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval); 1825 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu); 1826 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency); 1827 cp.bis.rtn = qos->bcast.out.rtn; 1828 cp.bis.phy = qos->bcast.out.phys; 1829 cp.bis.packing = qos->bcast.packing; 1830 cp.bis.framing = qos->bcast.framing; 1831 cp.bis.encryption = qos->bcast.encryption; 1832 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode)); 1833 1834 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp); 1835 } 1836 1837 static int set_cig_params_sync(struct hci_dev *hdev, void *data) 1838 { 1839 DEFINE_FLEX(struct hci_cp_le_set_cig_params, pdu, cis, num_cis, 0x1f); 1840 u8 cig_id = PTR_UINT(data); 1841 struct hci_conn *conn; 1842 struct bt_iso_qos *qos; 1843 u8 aux_num_cis = 0; 1844 u8 cis_id; 1845 1846 hci_dev_lock(hdev); 1847 1848 conn = hci_conn_hash_lookup_cig(hdev, cig_id); 1849 if (!conn) { 1850 hci_dev_unlock(hdev); 1851 return 0; 1852 } 1853 1854 qos = &conn->iso_qos; 1855 pdu->cig_id = cig_id; 1856 hci_cpu_to_le24(qos->ucast.out.interval, pdu->c_interval); 1857 hci_cpu_to_le24(qos->ucast.in.interval, pdu->p_interval); 1858 pdu->sca = qos->ucast.sca; 1859 pdu->packing = qos->ucast.packing; 1860 pdu->framing = qos->ucast.framing; 1861 pdu->c_latency = cpu_to_le16(qos->ucast.out.latency); 1862 pdu->p_latency = cpu_to_le16(qos->ucast.in.latency); 1863 1864 /* Reprogram all CIS(s) with the same CIG, valid range are: 1865 * num_cis: 0x00 to 0x1F 1866 * cis_id: 0x00 to 0xEF 1867 */ 1868 for (cis_id = 0x00; cis_id < 0xf0 && 1869 aux_num_cis < pdu->num_cis; cis_id++) { 1870 struct hci_cis_params *cis; 1871 1872 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id); 1873 if (!conn) 1874 continue; 1875 1876 qos = &conn->iso_qos; 1877 1878 cis = &pdu->cis[aux_num_cis++]; 1879 cis->cis_id = cis_id; 1880 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu); 1881 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu); 1882 cis->c_phys = qos->ucast.out.phys ? qos->ucast.out.phys : 1883 qos->ucast.in.phys; 1884 cis->p_phys = qos->ucast.in.phys ? qos->ucast.in.phys : 1885 qos->ucast.out.phys; 1886 cis->c_rtn = qos->ucast.out.rtn; 1887 cis->p_rtn = qos->ucast.in.rtn; 1888 } 1889 pdu->num_cis = aux_num_cis; 1890 1891 hci_dev_unlock(hdev); 1892 1893 if (!pdu->num_cis) 1894 return 0; 1895 1896 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, 1897 struct_size(pdu, cis, pdu->num_cis), 1898 pdu, HCI_CMD_TIMEOUT); 1899 } 1900 1901 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos) 1902 { 1903 struct hci_dev *hdev = conn->hdev; 1904 struct iso_list_data data; 1905 1906 memset(&data, 0, sizeof(data)); 1907 1908 /* Allocate first still reconfigurable CIG if not set */ 1909 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) { 1910 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) { 1911 data.count = 0; 1912 1913 hci_conn_hash_list_state(hdev, find_cis, CIS_LINK, 1914 BT_CONNECT, &data); 1915 if (data.count) 1916 continue; 1917 1918 hci_conn_hash_list_state(hdev, find_cis, CIS_LINK, 1919 BT_CONNECTED, &data); 1920 if (!data.count) 1921 break; 1922 } 1923 1924 if (data.cig == 0xf0) 1925 return false; 1926 1927 /* Update CIG */ 1928 qos->ucast.cig = data.cig; 1929 } 1930 1931 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) { 1932 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig, 1933 qos->ucast.cis)) 1934 return false; 1935 goto done; 1936 } 1937 1938 /* Allocate first available CIS if not set */ 1939 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0; 1940 data.cis++) { 1941 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig, 1942 data.cis)) { 1943 /* Update CIS */ 1944 qos->ucast.cis = data.cis; 1945 break; 1946 } 1947 } 1948 1949 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) 1950 return false; 1951 1952 done: 1953 conn->iso_qos = *qos; 1954 1955 if (hci_cmd_sync_queue(hdev, set_cig_params_sync, 1956 UINT_PTR(qos->ucast.cig), NULL) < 0) 1957 return false; 1958 1959 return true; 1960 } 1961 1962 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, 1963 __u8 dst_type, struct bt_iso_qos *qos, 1964 u16 timeout) 1965 { 1966 struct hci_conn *cis; 1967 1968 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, 1969 qos->ucast.cis); 1970 if (!cis) { 1971 cis = hci_conn_add_unset(hdev, CIS_LINK, dst, dst_type, 1972 HCI_ROLE_MASTER); 1973 if (IS_ERR(cis)) 1974 return cis; 1975 cis->cleanup = cis_cleanup; 1976 cis->dst_type = dst_type; 1977 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; 1978 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET; 1979 cis->conn_timeout = timeout; 1980 } 1981 1982 if (cis->state == BT_CONNECTED) 1983 return cis; 1984 1985 /* Check if CIS has been set and the settings matches */ 1986 if (cis->state == BT_BOUND && 1987 !memcmp(&cis->iso_qos, qos, sizeof(*qos))) 1988 return cis; 1989 1990 /* Update LINK PHYs according to QoS preference */ 1991 cis->le_tx_phy = qos->ucast.out.phys; 1992 cis->le_rx_phy = qos->ucast.in.phys; 1993 1994 /* If output interval is not set use the input interval as it cannot be 1995 * 0x000000. 1996 */ 1997 if (!qos->ucast.out.interval) 1998 qos->ucast.out.interval = qos->ucast.in.interval; 1999 2000 /* If input interval is not set use the output interval as it cannot be 2001 * 0x000000. 2002 */ 2003 if (!qos->ucast.in.interval) 2004 qos->ucast.in.interval = qos->ucast.out.interval; 2005 2006 /* If output latency is not set use the input latency as it cannot be 2007 * 0x0000. 2008 */ 2009 if (!qos->ucast.out.latency) 2010 qos->ucast.out.latency = qos->ucast.in.latency; 2011 2012 /* If input latency is not set use the output latency as it cannot be 2013 * 0x0000. 2014 */ 2015 if (!qos->ucast.in.latency) 2016 qos->ucast.in.latency = qos->ucast.out.latency; 2017 2018 if (!hci_le_set_cig_params(cis, qos)) { 2019 hci_conn_drop(cis); 2020 return ERR_PTR(-EINVAL); 2021 } 2022 2023 hci_conn_hold(cis); 2024 cis->state = BT_BOUND; 2025 2026 return cis; 2027 } 2028 2029 bool hci_iso_setup_path(struct hci_conn *conn) 2030 { 2031 struct hci_dev *hdev = conn->hdev; 2032 struct hci_cp_le_setup_iso_path cmd; 2033 2034 memset(&cmd, 0, sizeof(cmd)); 2035 2036 if (conn->iso_qos.ucast.out.sdu) { 2037 cmd.handle = cpu_to_le16(conn->handle); 2038 cmd.direction = 0x00; /* Input (Host to Controller) */ 2039 cmd.path = 0x00; /* HCI path if enabled */ 2040 cmd.codec = 0x03; /* Transparent Data */ 2041 2042 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), 2043 &cmd) < 0) 2044 return false; 2045 } 2046 2047 if (conn->iso_qos.ucast.in.sdu) { 2048 cmd.handle = cpu_to_le16(conn->handle); 2049 cmd.direction = 0x01; /* Output (Controller to Host) */ 2050 cmd.path = 0x00; /* HCI path if enabled */ 2051 cmd.codec = 0x03; /* Transparent Data */ 2052 2053 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), 2054 &cmd) < 0) 2055 return false; 2056 } 2057 2058 return true; 2059 } 2060 2061 int hci_conn_check_create_cis(struct hci_conn *conn) 2062 { 2063 if (conn->type != CIS_LINK) 2064 return -EINVAL; 2065 2066 if (!conn->parent || conn->parent->state != BT_CONNECTED || 2067 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle)) 2068 return 1; 2069 2070 return 0; 2071 } 2072 2073 static int hci_create_cis_sync(struct hci_dev *hdev, void *data) 2074 { 2075 return hci_le_create_cis_sync(hdev); 2076 } 2077 2078 int hci_le_create_cis_pending(struct hci_dev *hdev) 2079 { 2080 struct hci_conn *conn; 2081 bool pending = false; 2082 2083 rcu_read_lock(); 2084 2085 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) { 2086 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) { 2087 rcu_read_unlock(); 2088 return -EBUSY; 2089 } 2090 2091 if (!hci_conn_check_create_cis(conn)) 2092 pending = true; 2093 } 2094 2095 rcu_read_unlock(); 2096 2097 if (!pending) 2098 return 0; 2099 2100 /* Queue Create CIS */ 2101 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL); 2102 } 2103 2104 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, 2105 struct bt_iso_io_qos *qos, __u8 phys) 2106 { 2107 /* Only set MTU if PHY is enabled */ 2108 if (!qos->sdu && qos->phys) 2109 qos->sdu = conn->mtu; 2110 2111 /* Use the same PHY as ACL if set to any */ 2112 if (qos->phys == BT_ISO_PHY_ANY) 2113 qos->phys = phys; 2114 2115 /* Use LE ACL connection interval if not set */ 2116 if (!qos->interval) 2117 /* ACL interval unit in 1.25 ms to us */ 2118 qos->interval = conn->le_conn_interval * 1250; 2119 2120 /* Use LE ACL connection latency if not set */ 2121 if (!qos->latency) 2122 qos->latency = conn->le_conn_latency; 2123 } 2124 2125 static int create_big_sync(struct hci_dev *hdev, void *data) 2126 { 2127 struct hci_conn *conn = data; 2128 struct bt_iso_qos *qos = &conn->iso_qos; 2129 u16 interval, sync_interval = 0; 2130 u32 flags = 0; 2131 int err; 2132 2133 if (qos->bcast.out.phys == BIT(1)) 2134 flags |= MGMT_ADV_FLAG_SEC_2M; 2135 2136 /* Align intervals */ 2137 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor; 2138 2139 if (qos->bcast.bis) 2140 sync_interval = interval * 4; 2141 2142 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->sid, 2143 conn->le_per_adv_data_len, 2144 conn->le_per_adv_data, flags, interval, 2145 interval, sync_interval); 2146 if (err) 2147 return err; 2148 2149 return hci_le_create_big(conn, &conn->iso_qos); 2150 } 2151 2152 struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, 2153 __u8 dst_type, __u8 sid, 2154 struct bt_iso_qos *qos) 2155 { 2156 struct hci_conn *conn; 2157 2158 bt_dev_dbg(hdev, "dst %pMR type %d sid %d", dst, dst_type, sid); 2159 2160 conn = hci_conn_add_unset(hdev, PA_LINK, dst, dst_type, HCI_ROLE_SLAVE); 2161 if (IS_ERR(conn)) 2162 return conn; 2163 2164 conn->iso_qos = *qos; 2165 conn->sid = sid; 2166 conn->state = BT_LISTEN; 2167 conn->conn_timeout = msecs_to_jiffies(qos->bcast.sync_timeout * 10); 2168 2169 hci_conn_hold(conn); 2170 2171 hci_connect_pa_sync(hdev, conn); 2172 2173 return conn; 2174 } 2175 2176 int hci_conn_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon, 2177 struct bt_iso_qos *qos, __u16 sync_handle, 2178 __u8 num_bis, __u8 bis[]) 2179 { 2180 int err; 2181 2182 if (num_bis < 0x01 || num_bis > ISO_MAX_NUM_BIS) 2183 return -EINVAL; 2184 2185 err = qos_set_big(hdev, qos); 2186 if (err) 2187 return err; 2188 2189 if (hcon) { 2190 /* Update hcon QoS */ 2191 hcon->iso_qos = *qos; 2192 2193 hcon->num_bis = num_bis; 2194 memcpy(hcon->bis, bis, num_bis); 2195 hcon->conn_timeout = msecs_to_jiffies(qos->bcast.timeout * 10); 2196 } 2197 2198 return hci_connect_big_sync(hdev, hcon); 2199 } 2200 2201 static void create_big_complete(struct hci_dev *hdev, void *data, int err) 2202 { 2203 struct hci_conn *conn = data; 2204 2205 bt_dev_dbg(hdev, "conn %p", conn); 2206 2207 if (err) { 2208 bt_dev_err(hdev, "Unable to create BIG: %d", err); 2209 hci_connect_cfm(conn, err); 2210 hci_conn_del(conn); 2211 } 2212 } 2213 2214 struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst, __u8 sid, 2215 struct bt_iso_qos *qos, 2216 __u8 base_len, __u8 *base, u16 timeout) 2217 { 2218 struct hci_conn *conn; 2219 struct hci_conn *parent; 2220 __u8 eir[HCI_MAX_PER_AD_LENGTH]; 2221 struct hci_link *link; 2222 2223 /* Look for any BIS that is open for rebinding */ 2224 conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN, 2225 HCI_ROLE_MASTER); 2226 if (conn) { 2227 memcpy(qos, &conn->iso_qos, sizeof(*qos)); 2228 conn->state = BT_CONNECTED; 2229 return conn; 2230 } 2231 2232 if (base_len && base) 2233 base_len = eir_append_service_data(eir, 0, 0x1851, 2234 base, base_len); 2235 2236 /* We need hci_conn object using the BDADDR_ANY as dst */ 2237 conn = hci_add_bis(hdev, dst, sid, qos, base_len, eir, timeout); 2238 if (IS_ERR(conn)) 2239 return conn; 2240 2241 /* Update LINK PHYs according to QoS preference */ 2242 conn->le_tx_def_phys = qos->bcast.out.phys; 2243 2244 /* Add Basic Announcement into Peridic Adv Data if BASE is set */ 2245 if (base_len && base) { 2246 memcpy(conn->le_per_adv_data, eir, sizeof(eir)); 2247 conn->le_per_adv_data_len = base_len; 2248 } 2249 2250 hci_iso_qos_setup(hdev, conn, &qos->bcast.out, 2251 conn->le_tx_def_phys ? conn->le_tx_def_phys : 2252 hdev->le_tx_def_phys); 2253 2254 conn->iso_qos = *qos; 2255 conn->state = BT_BOUND; 2256 2257 /* Link BISes together */ 2258 parent = hci_conn_hash_lookup_big(hdev, 2259 conn->iso_qos.bcast.big); 2260 if (parent && parent != conn) { 2261 link = hci_conn_link(parent, conn); 2262 hci_conn_drop(conn); 2263 if (!link) 2264 return ERR_PTR(-ENOLINK); 2265 } 2266 2267 return conn; 2268 } 2269 2270 int hci_past_bis(struct hci_conn *conn, bdaddr_t *dst, __u8 dst_type) 2271 { 2272 struct hci_conn *le; 2273 2274 /* Lookup existing LE connection to rebind to */ 2275 le = hci_conn_hash_lookup_le(conn->hdev, dst, dst_type); 2276 if (!le) 2277 return -EINVAL; 2278 2279 return hci_past_sync(conn, le); 2280 } 2281 2282 static void bis_mark_per_adv(struct hci_conn *conn, void *data) 2283 { 2284 struct iso_list_data *d = data; 2285 2286 /* Skip if not broadcast/ANY address */ 2287 if (bacmp(&conn->dst, BDADDR_ANY)) 2288 return; 2289 2290 if (d->big != conn->iso_qos.bcast.big || 2291 d->bis == BT_ISO_QOS_BIS_UNSET || 2292 d->bis != conn->iso_qos.bcast.bis) 2293 return; 2294 2295 set_bit(HCI_CONN_PER_ADV, &conn->flags); 2296 } 2297 2298 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst, 2299 __u8 dst_type, __u8 sid, 2300 struct bt_iso_qos *qos, 2301 __u8 base_len, __u8 *base, u16 timeout) 2302 { 2303 struct hci_conn *conn; 2304 int err; 2305 struct iso_list_data data; 2306 2307 conn = hci_bind_bis(hdev, dst, sid, qos, base_len, base, timeout); 2308 if (IS_ERR(conn)) 2309 return conn; 2310 2311 if (conn->state == BT_CONNECTED) 2312 return conn; 2313 2314 /* Check if SID needs to be allocated then search for the first 2315 * available. 2316 */ 2317 if (conn->sid == HCI_SID_INVALID) { 2318 u8 sid; 2319 2320 for (sid = 0; sid <= 0x0f; sid++) { 2321 if (!hci_find_adv_sid(hdev, sid)) { 2322 conn->sid = sid; 2323 break; 2324 } 2325 } 2326 } 2327 2328 data.big = qos->bcast.big; 2329 data.bis = qos->bcast.bis; 2330 2331 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that 2332 * the start periodic advertising and create BIG commands have 2333 * been queued 2334 */ 2335 hci_conn_hash_list_state(hdev, bis_mark_per_adv, BIS_LINK, 2336 BT_BOUND, &data); 2337 2338 /* Queue start periodic advertising and create BIG */ 2339 err = hci_cmd_sync_queue(hdev, create_big_sync, conn, 2340 create_big_complete); 2341 if (err < 0) { 2342 hci_conn_drop(conn); 2343 return ERR_PTR(err); 2344 } 2345 2346 return conn; 2347 } 2348 2349 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, 2350 __u8 dst_type, struct bt_iso_qos *qos, 2351 u16 timeout) 2352 { 2353 struct hci_conn *le; 2354 struct hci_conn *cis; 2355 struct hci_link *link; 2356 2357 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2358 le = hci_connect_le(hdev, dst, dst_type, false, 2359 BT_SECURITY_LOW, 2360 HCI_LE_CONN_TIMEOUT, 2361 HCI_ROLE_SLAVE, 0, 0); 2362 else 2363 le = hci_connect_le_scan(hdev, dst, dst_type, 2364 BT_SECURITY_LOW, 2365 HCI_LE_CONN_TIMEOUT, 2366 CONN_REASON_ISO_CONNECT); 2367 if (IS_ERR(le)) 2368 return le; 2369 2370 hci_iso_qos_setup(hdev, le, &qos->ucast.out, 2371 le->le_tx_def_phys ? le->le_tx_def_phys : 2372 hdev->le_tx_def_phys); 2373 hci_iso_qos_setup(hdev, le, &qos->ucast.in, 2374 le->le_rx_def_phys ? le->le_rx_def_phys : 2375 hdev->le_rx_def_phys); 2376 2377 cis = hci_bind_cis(hdev, dst, dst_type, qos, timeout); 2378 if (IS_ERR(cis)) { 2379 hci_conn_drop(le); 2380 return cis; 2381 } 2382 2383 link = hci_conn_link(le, cis); 2384 hci_conn_drop(cis); 2385 if (!link) { 2386 hci_conn_drop(le); 2387 return ERR_PTR(-ENOLINK); 2388 } 2389 2390 cis->state = BT_CONNECT; 2391 2392 hci_le_create_cis_pending(hdev); 2393 2394 return cis; 2395 } 2396 2397 /* Check link security requirement */ 2398 int hci_conn_check_link_mode(struct hci_conn *conn) 2399 { 2400 BT_DBG("hcon %p", conn); 2401 2402 /* In Secure Connections Only mode, it is required that Secure 2403 * Connections is used and the link is encrypted with AES-CCM 2404 * using a P-256 authenticated combination key. 2405 */ 2406 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) { 2407 if (!hci_conn_sc_enabled(conn) || 2408 !test_bit(HCI_CONN_AES_CCM, &conn->flags) || 2409 conn->key_type != HCI_LK_AUTH_COMBINATION_P256) 2410 return 0; 2411 } 2412 2413 /* AES encryption is required for Level 4: 2414 * 2415 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C 2416 * page 1319: 2417 * 2418 * 128-bit equivalent strength for link and encryption keys 2419 * required using FIPS approved algorithms (E0 not allowed, 2420 * SAFER+ not allowed, and P-192 not allowed; encryption key 2421 * not shortened) 2422 */ 2423 if (conn->sec_level == BT_SECURITY_FIPS && 2424 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { 2425 bt_dev_err(conn->hdev, 2426 "Invalid security: Missing AES-CCM usage"); 2427 return 0; 2428 } 2429 2430 if (hci_conn_ssp_enabled(conn) && 2431 !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2432 return 0; 2433 2434 return 1; 2435 } 2436 2437 /* Authenticate remote device */ 2438 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 2439 { 2440 BT_DBG("hcon %p", conn); 2441 2442 if (conn->pending_sec_level > sec_level) 2443 sec_level = conn->pending_sec_level; 2444 2445 if (sec_level > conn->sec_level) 2446 conn->pending_sec_level = sec_level; 2447 else if (test_bit(HCI_CONN_AUTH, &conn->flags)) 2448 return 1; 2449 2450 /* Make sure we preserve an existing MITM requirement*/ 2451 auth_type |= (conn->auth_type & 0x01); 2452 2453 conn->auth_type = auth_type; 2454 2455 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 2456 struct hci_cp_auth_requested cp; 2457 2458 cp.handle = cpu_to_le16(conn->handle); 2459 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 2460 sizeof(cp), &cp); 2461 2462 /* Set the ENCRYPT_PEND to trigger encryption after 2463 * authentication. 2464 */ 2465 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2466 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2467 } 2468 2469 return 0; 2470 } 2471 2472 /* Encrypt the link */ 2473 static void hci_conn_encrypt(struct hci_conn *conn) 2474 { 2475 BT_DBG("hcon %p", conn); 2476 2477 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 2478 struct hci_cp_set_conn_encrypt cp; 2479 cp.handle = cpu_to_le16(conn->handle); 2480 cp.encrypt = 0x01; 2481 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 2482 &cp); 2483 } 2484 } 2485 2486 /* Enable security */ 2487 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, 2488 bool initiator) 2489 { 2490 BT_DBG("hcon %p", conn); 2491 2492 if (conn->type == LE_LINK) 2493 return smp_conn_security(conn, sec_level); 2494 2495 /* For sdp we don't need the link key. */ 2496 if (sec_level == BT_SECURITY_SDP) 2497 return 1; 2498 2499 /* For non 2.1 devices and low security level we don't need the link 2500 key. */ 2501 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn)) 2502 return 1; 2503 2504 /* For other security levels we need the link key. */ 2505 if (!test_bit(HCI_CONN_AUTH, &conn->flags)) 2506 goto auth; 2507 2508 switch (conn->key_type) { 2509 case HCI_LK_AUTH_COMBINATION_P256: 2510 /* An authenticated FIPS approved combination key has 2511 * sufficient security for security level 4 or lower. 2512 */ 2513 if (sec_level <= BT_SECURITY_FIPS) 2514 goto encrypt; 2515 break; 2516 case HCI_LK_AUTH_COMBINATION_P192: 2517 /* An authenticated combination key has sufficient security for 2518 * security level 3 or lower. 2519 */ 2520 if (sec_level <= BT_SECURITY_HIGH) 2521 goto encrypt; 2522 break; 2523 case HCI_LK_UNAUTH_COMBINATION_P192: 2524 case HCI_LK_UNAUTH_COMBINATION_P256: 2525 /* An unauthenticated combination key has sufficient security 2526 * for security level 2 or lower. 2527 */ 2528 if (sec_level <= BT_SECURITY_MEDIUM) 2529 goto encrypt; 2530 break; 2531 case HCI_LK_COMBINATION: 2532 /* A combination key has always sufficient security for the 2533 * security levels 2 or lower. High security level requires the 2534 * combination key is generated using maximum PIN code length 2535 * (16). For pre 2.1 units. 2536 */ 2537 if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16) 2538 goto encrypt; 2539 break; 2540 default: 2541 break; 2542 } 2543 2544 auth: 2545 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) 2546 return 0; 2547 2548 if (initiator) 2549 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); 2550 2551 if (!hci_conn_auth(conn, sec_level, auth_type)) 2552 return 0; 2553 2554 encrypt: 2555 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) { 2556 /* Ensure that the encryption key size has been read, 2557 * otherwise stall the upper layer responses. 2558 */ 2559 if (!conn->enc_key_size) 2560 return 0; 2561 2562 /* Nothing else needed, all requirements are met */ 2563 return 1; 2564 } 2565 2566 hci_conn_encrypt(conn); 2567 return 0; 2568 } 2569 EXPORT_SYMBOL(hci_conn_security); 2570 2571 /* Check secure link requirement */ 2572 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 2573 { 2574 BT_DBG("hcon %p", conn); 2575 2576 /* Accept if non-secure or higher security level is required */ 2577 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) 2578 return 1; 2579 2580 /* Accept if secure or higher security level is already present */ 2581 if (conn->sec_level == BT_SECURITY_HIGH || 2582 conn->sec_level == BT_SECURITY_FIPS) 2583 return 1; 2584 2585 /* Reject not secure link */ 2586 return 0; 2587 } 2588 EXPORT_SYMBOL(hci_conn_check_secure); 2589 2590 /* Switch role */ 2591 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 2592 { 2593 BT_DBG("hcon %p", conn); 2594 2595 if (role == conn->role) 2596 return 1; 2597 2598 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) { 2599 struct hci_cp_switch_role cp; 2600 bacpy(&cp.bdaddr, &conn->dst); 2601 cp.role = role; 2602 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 2603 } 2604 2605 return 0; 2606 } 2607 EXPORT_SYMBOL(hci_conn_switch_role); 2608 2609 /* Enter active mode */ 2610 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) 2611 { 2612 struct hci_dev *hdev = conn->hdev; 2613 2614 BT_DBG("hcon %p mode %d", conn, conn->mode); 2615 2616 if (conn->mode != HCI_CM_SNIFF) 2617 goto timer; 2618 2619 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active) 2620 goto timer; 2621 2622 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { 2623 struct hci_cp_exit_sniff_mode cp; 2624 cp.handle = cpu_to_le16(conn->handle); 2625 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 2626 } 2627 2628 timer: 2629 if (hdev->idle_timeout > 0) 2630 mod_delayed_work(hdev->workqueue, &conn->idle_work, 2631 msecs_to_jiffies(hdev->idle_timeout)); 2632 } 2633 2634 /* Drop all connection on the device */ 2635 void hci_conn_hash_flush(struct hci_dev *hdev) 2636 { 2637 struct list_head *head = &hdev->conn_hash.list; 2638 struct hci_conn *conn; 2639 2640 BT_DBG("hdev %s", hdev->name); 2641 2642 /* We should not traverse the list here, because hci_conn_del 2643 * can remove extra links, which may cause the list traversal 2644 * to hit items that have already been released. 2645 */ 2646 while ((conn = list_first_entry_or_null(head, 2647 struct hci_conn, 2648 list)) != NULL) { 2649 conn->state = BT_CLOSED; 2650 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM); 2651 hci_conn_del(conn); 2652 } 2653 } 2654 2655 static u32 get_link_mode(struct hci_conn *conn) 2656 { 2657 u32 link_mode = 0; 2658 2659 if (conn->role == HCI_ROLE_MASTER) 2660 link_mode |= HCI_LM_MASTER; 2661 2662 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2663 link_mode |= HCI_LM_ENCRYPT; 2664 2665 if (test_bit(HCI_CONN_AUTH, &conn->flags)) 2666 link_mode |= HCI_LM_AUTH; 2667 2668 if (test_bit(HCI_CONN_SECURE, &conn->flags)) 2669 link_mode |= HCI_LM_SECURE; 2670 2671 if (test_bit(HCI_CONN_FIPS, &conn->flags)) 2672 link_mode |= HCI_LM_FIPS; 2673 2674 return link_mode; 2675 } 2676 2677 int hci_get_conn_list(void __user *arg) 2678 { 2679 struct hci_conn *c; 2680 struct hci_conn_list_req req, *cl; 2681 struct hci_conn_info *ci; 2682 struct hci_dev *hdev; 2683 int n = 0, size, err; 2684 2685 if (copy_from_user(&req, arg, sizeof(req))) 2686 return -EFAULT; 2687 2688 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 2689 return -EINVAL; 2690 2691 size = sizeof(req) + req.conn_num * sizeof(*ci); 2692 2693 cl = kmalloc(size, GFP_KERNEL); 2694 if (!cl) 2695 return -ENOMEM; 2696 2697 hdev = hci_dev_get(req.dev_id); 2698 if (!hdev) { 2699 kfree(cl); 2700 return -ENODEV; 2701 } 2702 2703 ci = cl->conn_info; 2704 2705 hci_dev_lock(hdev); 2706 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2707 bacpy(&(ci + n)->bdaddr, &c->dst); 2708 (ci + n)->handle = c->handle; 2709 (ci + n)->type = c->type; 2710 (ci + n)->out = c->out; 2711 (ci + n)->state = c->state; 2712 (ci + n)->link_mode = get_link_mode(c); 2713 if (++n >= req.conn_num) 2714 break; 2715 } 2716 hci_dev_unlock(hdev); 2717 2718 cl->dev_id = hdev->id; 2719 cl->conn_num = n; 2720 size = sizeof(req) + n * sizeof(*ci); 2721 2722 hci_dev_put(hdev); 2723 2724 err = copy_to_user(arg, cl, size); 2725 kfree(cl); 2726 2727 return err ? -EFAULT : 0; 2728 } 2729 2730 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 2731 { 2732 struct hci_conn_info_req req; 2733 struct hci_conn_info ci; 2734 struct hci_conn *conn; 2735 char __user *ptr = arg + sizeof(req); 2736 2737 if (copy_from_user(&req, arg, sizeof(req))) 2738 return -EFAULT; 2739 2740 hci_dev_lock(hdev); 2741 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 2742 if (conn) { 2743 bacpy(&ci.bdaddr, &conn->dst); 2744 ci.handle = conn->handle; 2745 ci.type = conn->type; 2746 ci.out = conn->out; 2747 ci.state = conn->state; 2748 ci.link_mode = get_link_mode(conn); 2749 } 2750 hci_dev_unlock(hdev); 2751 2752 if (!conn) 2753 return -ENOENT; 2754 2755 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 2756 } 2757 2758 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 2759 { 2760 struct hci_auth_info_req req; 2761 struct hci_conn *conn; 2762 2763 if (copy_from_user(&req, arg, sizeof(req))) 2764 return -EFAULT; 2765 2766 hci_dev_lock(hdev); 2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 2768 if (conn) 2769 req.type = conn->auth_type; 2770 hci_dev_unlock(hdev); 2771 2772 if (!conn) 2773 return -ENOENT; 2774 2775 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 2776 } 2777 2778 struct hci_chan *hci_chan_create(struct hci_conn *conn) 2779 { 2780 struct hci_dev *hdev = conn->hdev; 2781 struct hci_chan *chan; 2782 2783 BT_DBG("%s hcon %p", hdev->name, conn); 2784 2785 if (test_bit(HCI_CONN_DROP, &conn->flags)) { 2786 BT_DBG("Refusing to create new hci_chan"); 2787 return NULL; 2788 } 2789 2790 chan = kzalloc_obj(*chan); 2791 if (!chan) 2792 return NULL; 2793 2794 chan->conn = hci_conn_get(conn); 2795 skb_queue_head_init(&chan->data_q); 2796 chan->state = BT_CONNECTED; 2797 2798 list_add_rcu(&chan->list, &conn->chan_list); 2799 2800 return chan; 2801 } 2802 2803 void hci_chan_del(struct hci_chan *chan) 2804 { 2805 struct hci_conn *conn = chan->conn; 2806 struct hci_dev *hdev = conn->hdev; 2807 2808 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan); 2809 2810 list_del_rcu(&chan->list); 2811 2812 synchronize_rcu(); 2813 2814 /* Prevent new hci_chan's to be created for this hci_conn */ 2815 set_bit(HCI_CONN_DROP, &conn->flags); 2816 2817 hci_conn_put(conn); 2818 2819 skb_queue_purge(&chan->data_q); 2820 kfree(chan); 2821 } 2822 2823 void hci_chan_list_flush(struct hci_conn *conn) 2824 { 2825 struct hci_chan *chan, *n; 2826 2827 BT_DBG("hcon %p", conn); 2828 2829 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 2830 hci_chan_del(chan); 2831 } 2832 2833 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, 2834 __u16 handle) 2835 { 2836 struct hci_chan *hchan; 2837 2838 list_for_each_entry(hchan, &hcon->chan_list, list) { 2839 if (hchan->handle == handle) 2840 return hchan; 2841 } 2842 2843 return NULL; 2844 } 2845 2846 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle) 2847 { 2848 struct hci_conn_hash *h = &hdev->conn_hash; 2849 struct hci_conn *hcon; 2850 struct hci_chan *hchan = NULL; 2851 2852 rcu_read_lock(); 2853 2854 list_for_each_entry_rcu(hcon, &h->list, list) { 2855 hchan = __hci_chan_lookup_handle(hcon, handle); 2856 if (hchan) 2857 break; 2858 } 2859 2860 rcu_read_unlock(); 2861 2862 return hchan; 2863 } 2864 2865 u32 hci_conn_get_phy(struct hci_conn *conn) 2866 { 2867 u32 phys = 0; 2868 2869 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471: 2870 * Table 6.2: Packets defined for synchronous, asynchronous, and 2871 * CPB logical transport types. 2872 */ 2873 switch (conn->type) { 2874 case SCO_LINK: 2875 /* SCO logical transport (1 Mb/s): 2876 * HV1, HV2, HV3 and DV. 2877 */ 2878 phys |= BT_PHY_BR_1M_1SLOT; 2879 2880 break; 2881 2882 case ACL_LINK: 2883 /* ACL logical transport (1 Mb/s) ptt=0: 2884 * DH1, DM3, DH3, DM5 and DH5. 2885 */ 2886 phys |= BT_PHY_BR_1M_1SLOT; 2887 2888 if (conn->pkt_type & (HCI_DM3 | HCI_DH3)) 2889 phys |= BT_PHY_BR_1M_3SLOT; 2890 2891 if (conn->pkt_type & (HCI_DM5 | HCI_DH5)) 2892 phys |= BT_PHY_BR_1M_5SLOT; 2893 2894 /* ACL logical transport (2 Mb/s) ptt=1: 2895 * 2-DH1, 2-DH3 and 2-DH5. 2896 */ 2897 if (!(conn->pkt_type & HCI_2DH1)) 2898 phys |= BT_PHY_EDR_2M_1SLOT; 2899 2900 if (!(conn->pkt_type & HCI_2DH3)) 2901 phys |= BT_PHY_EDR_2M_3SLOT; 2902 2903 if (!(conn->pkt_type & HCI_2DH5)) 2904 phys |= BT_PHY_EDR_2M_5SLOT; 2905 2906 /* ACL logical transport (3 Mb/s) ptt=1: 2907 * 3-DH1, 3-DH3 and 3-DH5. 2908 */ 2909 if (!(conn->pkt_type & HCI_3DH1)) 2910 phys |= BT_PHY_EDR_3M_1SLOT; 2911 2912 if (!(conn->pkt_type & HCI_3DH3)) 2913 phys |= BT_PHY_EDR_3M_3SLOT; 2914 2915 if (!(conn->pkt_type & HCI_3DH5)) 2916 phys |= BT_PHY_EDR_3M_5SLOT; 2917 2918 break; 2919 2920 case ESCO_LINK: 2921 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */ 2922 phys |= BT_PHY_BR_1M_1SLOT; 2923 2924 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5))) 2925 phys |= BT_PHY_BR_1M_3SLOT; 2926 2927 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */ 2928 if (!(conn->pkt_type & ESCO_2EV3)) 2929 phys |= BT_PHY_EDR_2M_1SLOT; 2930 2931 if (!(conn->pkt_type & ESCO_2EV5)) 2932 phys |= BT_PHY_EDR_2M_3SLOT; 2933 2934 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */ 2935 if (!(conn->pkt_type & ESCO_3EV3)) 2936 phys |= BT_PHY_EDR_3M_1SLOT; 2937 2938 if (!(conn->pkt_type & ESCO_3EV5)) 2939 phys |= BT_PHY_EDR_3M_3SLOT; 2940 2941 break; 2942 2943 case LE_LINK: 2944 if (conn->le_tx_def_phys & HCI_LE_SET_PHY_1M) 2945 phys |= BT_PHY_LE_1M_TX; 2946 2947 if (conn->le_rx_def_phys & HCI_LE_SET_PHY_1M) 2948 phys |= BT_PHY_LE_1M_RX; 2949 2950 if (conn->le_tx_def_phys & HCI_LE_SET_PHY_2M) 2951 phys |= BT_PHY_LE_2M_TX; 2952 2953 if (conn->le_rx_def_phys & HCI_LE_SET_PHY_2M) 2954 phys |= BT_PHY_LE_2M_RX; 2955 2956 if (conn->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 2957 phys |= BT_PHY_LE_CODED_TX; 2958 2959 if (conn->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 2960 phys |= BT_PHY_LE_CODED_RX; 2961 2962 break; 2963 } 2964 2965 return phys; 2966 } 2967 2968 static u16 bt_phy_pkt_type(struct hci_conn *conn, u32 phys) 2969 { 2970 u16 pkt_type = conn->pkt_type; 2971 2972 if (phys & BT_PHY_BR_1M_3SLOT) 2973 pkt_type |= HCI_DM3 | HCI_DH3; 2974 else 2975 pkt_type &= ~(HCI_DM3 | HCI_DH3); 2976 2977 if (phys & BT_PHY_BR_1M_5SLOT) 2978 pkt_type |= HCI_DM5 | HCI_DH5; 2979 else 2980 pkt_type &= ~(HCI_DM5 | HCI_DH5); 2981 2982 if (phys & BT_PHY_EDR_2M_1SLOT) 2983 pkt_type &= ~HCI_2DH1; 2984 else 2985 pkt_type |= HCI_2DH1; 2986 2987 if (phys & BT_PHY_EDR_2M_3SLOT) 2988 pkt_type &= ~HCI_2DH3; 2989 else 2990 pkt_type |= HCI_2DH3; 2991 2992 if (phys & BT_PHY_EDR_2M_5SLOT) 2993 pkt_type &= ~HCI_2DH5; 2994 else 2995 pkt_type |= HCI_2DH5; 2996 2997 if (phys & BT_PHY_EDR_3M_1SLOT) 2998 pkt_type &= ~HCI_3DH1; 2999 else 3000 pkt_type |= HCI_3DH1; 3001 3002 if (phys & BT_PHY_EDR_3M_3SLOT) 3003 pkt_type &= ~HCI_3DH3; 3004 else 3005 pkt_type |= HCI_3DH3; 3006 3007 if (phys & BT_PHY_EDR_3M_5SLOT) 3008 pkt_type &= ~HCI_3DH5; 3009 else 3010 pkt_type |= HCI_3DH5; 3011 3012 return pkt_type; 3013 } 3014 3015 static int bt_phy_le_phy(u32 phys, u8 *tx_phys, u8 *rx_phys) 3016 { 3017 if (!tx_phys || !rx_phys) 3018 return -EINVAL; 3019 3020 *tx_phys = 0; 3021 *rx_phys = 0; 3022 3023 if (phys & BT_PHY_LE_1M_TX) 3024 *tx_phys |= HCI_LE_SET_PHY_1M; 3025 3026 if (phys & BT_PHY_LE_1M_RX) 3027 *rx_phys |= HCI_LE_SET_PHY_1M; 3028 3029 if (phys & BT_PHY_LE_2M_TX) 3030 *tx_phys |= HCI_LE_SET_PHY_2M; 3031 3032 if (phys & BT_PHY_LE_2M_RX) 3033 *rx_phys |= HCI_LE_SET_PHY_2M; 3034 3035 if (phys & BT_PHY_LE_CODED_TX) 3036 *tx_phys |= HCI_LE_SET_PHY_CODED; 3037 3038 if (phys & BT_PHY_LE_CODED_RX) 3039 *rx_phys |= HCI_LE_SET_PHY_CODED; 3040 3041 return 0; 3042 } 3043 3044 int hci_conn_set_phy(struct hci_conn *conn, u32 phys) 3045 { 3046 u8 tx_phys, rx_phys; 3047 3048 switch (conn->type) { 3049 case SCO_LINK: 3050 case ESCO_LINK: 3051 return -EINVAL; 3052 case ACL_LINK: 3053 /* Only allow setting BR/EDR PHYs if link type is ACL */ 3054 if (phys & ~BT_PHY_BREDR_MASK) 3055 return -EINVAL; 3056 3057 return hci_acl_change_pkt_type(conn, 3058 bt_phy_pkt_type(conn, phys)); 3059 case LE_LINK: 3060 /* Only allow setting LE PHYs if link type is LE */ 3061 if (phys & ~BT_PHY_LE_MASK) 3062 return -EINVAL; 3063 3064 if (bt_phy_le_phy(phys, &tx_phys, &rx_phys)) 3065 return -EINVAL; 3066 3067 return hci_le_set_phy(conn, tx_phys, rx_phys); 3068 default: 3069 return -EINVAL; 3070 } 3071 } 3072 3073 static int abort_conn_sync(struct hci_dev *hdev, void *data) 3074 { 3075 struct hci_conn *conn = data; 3076 3077 if (!hci_conn_valid(hdev, conn)) 3078 return -ECANCELED; 3079 3080 return hci_abort_conn_sync(hdev, conn, conn->abort_reason); 3081 } 3082 3083 int hci_abort_conn(struct hci_conn *conn, u8 reason) 3084 { 3085 struct hci_dev *hdev = conn->hdev; 3086 3087 /* If abort_reason has already been set it means the connection is 3088 * already being aborted so don't attempt to overwrite it. 3089 */ 3090 if (conn->abort_reason) 3091 return 0; 3092 3093 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason); 3094 3095 conn->abort_reason = reason; 3096 3097 /* If the connection is pending check the command opcode since that 3098 * might be blocking on hci_cmd_sync_work while waiting its respective 3099 * event so we need to hci_cmd_sync_cancel to cancel it. 3100 * 3101 * hci_connect_le serializes the connection attempts so only one 3102 * connection can be in BT_CONNECT at time. 3103 */ 3104 if (conn->state == BT_CONNECT && READ_ONCE(hdev->req_status) == HCI_REQ_PEND) { 3105 switch (hci_skb_event(hdev->sent_cmd)) { 3106 case HCI_EV_CONN_COMPLETE: 3107 case HCI_EV_LE_CONN_COMPLETE: 3108 case HCI_EV_LE_ENHANCED_CONN_COMPLETE: 3109 case HCI_EVT_LE_CIS_ESTABLISHED: 3110 hci_cmd_sync_cancel(hdev, ECANCELED); 3111 break; 3112 } 3113 /* Cancel connect attempt if still queued/pending */ 3114 } else if (!hci_cancel_connect_sync(hdev, conn)) { 3115 return 0; 3116 } 3117 3118 /* Run immediately if on cmd_sync_work since this may be called 3119 * as a result to MGMT_OP_DISCONNECT/MGMT_OP_UNPAIR which does 3120 * already queue its callback on cmd_sync_work. 3121 */ 3122 return hci_cmd_sync_run_once(hdev, abort_conn_sync, conn, NULL); 3123 } 3124 3125 void hci_setup_tx_timestamp(struct sk_buff *skb, size_t key_offset, 3126 const struct sockcm_cookie *sockc) 3127 { 3128 struct sock *sk = skb ? skb->sk : NULL; 3129 int key; 3130 3131 /* This shall be called on a single skb of those generated by user 3132 * sendmsg(), and only when the sendmsg() does not return error to 3133 * user. This is required for keeping the tskey that increments here in 3134 * sync with possible sendmsg() counting by user. 3135 * 3136 * Stream sockets shall set key_offset to sendmsg() length in bytes 3137 * and call with the last fragment, others to 1 and first fragment. 3138 */ 3139 3140 if (!skb || !sockc || !sk || !key_offset) 3141 return; 3142 3143 sock_tx_timestamp(sk, sockc, &skb_shinfo(skb)->tx_flags); 3144 3145 if (sk->sk_type == SOCK_STREAM) 3146 key = atomic_add_return(key_offset, &sk->sk_tskey); 3147 3148 if (sockc->tsflags & SOF_TIMESTAMPING_OPT_ID && 3149 sockc->tsflags & SOF_TIMESTAMPING_TX_RECORD_MASK) { 3150 if (sockc->tsflags & SOCKCM_FLAG_TS_OPT_ID) { 3151 skb_shinfo(skb)->tskey = sockc->ts_opt_id; 3152 } else { 3153 if (sk->sk_type != SOCK_STREAM) 3154 key = atomic_inc_return(&sk->sk_tskey); 3155 skb_shinfo(skb)->tskey = key - 1; 3156 } 3157 } 3158 } 3159 3160 void hci_conn_tx_queue(struct hci_conn *conn, struct sk_buff *skb) 3161 { 3162 struct tx_queue *comp = &conn->tx_q; 3163 bool track = false; 3164 3165 /* Emit SND now, ie. just before sending to driver */ 3166 if (skb_shinfo(skb)->tx_flags & SKBTX_SW_TSTAMP) 3167 __skb_tstamp_tx(skb, NULL, NULL, skb->sk, SCM_TSTAMP_SND); 3168 3169 /* COMPLETION tstamp is emitted for tracked skb later in Number of 3170 * Completed Packets event. Available only for flow controlled cases. 3171 * 3172 * TODO: SCO support without flowctl (needs to be done in drivers) 3173 */ 3174 switch (conn->type) { 3175 case CIS_LINK: 3176 case BIS_LINK: 3177 case PA_LINK: 3178 case ACL_LINK: 3179 case LE_LINK: 3180 break; 3181 case SCO_LINK: 3182 case ESCO_LINK: 3183 if (!hci_dev_test_flag(conn->hdev, HCI_SCO_FLOWCTL)) 3184 return; 3185 break; 3186 default: 3187 return; 3188 } 3189 3190 if (skb->sk && (skb_shinfo(skb)->tx_flags & SKBTX_COMPLETION_TSTAMP)) 3191 track = true; 3192 3193 /* If nothing is tracked, just count extra skbs at the queue head */ 3194 if (!track && !comp->tracked) { 3195 comp->extra++; 3196 return; 3197 } 3198 3199 if (track) { 3200 skb = skb_clone_sk(skb); 3201 if (!skb) 3202 goto count_only; 3203 3204 comp->tracked++; 3205 } else { 3206 skb = skb_clone(skb, GFP_KERNEL); 3207 if (!skb) 3208 goto count_only; 3209 } 3210 3211 skb_queue_tail(&comp->queue, skb); 3212 return; 3213 3214 count_only: 3215 /* Stop tracking skbs, and only count. This will not emit timestamps for 3216 * the packets, but if we get here something is more seriously wrong. 3217 */ 3218 comp->tracked = 0; 3219 comp->extra += skb_queue_len(&comp->queue) + 1; 3220 skb_queue_purge(&comp->queue); 3221 } 3222 3223 void hci_conn_tx_dequeue(struct hci_conn *conn) 3224 { 3225 struct tx_queue *comp = &conn->tx_q; 3226 struct sk_buff *skb; 3227 3228 /* If there are tracked skbs, the counted extra go before dequeuing real 3229 * skbs, to keep ordering. When nothing is tracked, the ordering doesn't 3230 * matter so dequeue real skbs first to get rid of them ASAP. 3231 */ 3232 if (comp->extra && (comp->tracked || skb_queue_empty(&comp->queue))) { 3233 comp->extra--; 3234 return; 3235 } 3236 3237 skb = skb_dequeue(&comp->queue); 3238 if (!skb) 3239 return; 3240 3241 if (skb->sk) { 3242 comp->tracked--; 3243 __skb_tstamp_tx(skb, NULL, NULL, skb->sk, 3244 SCM_TSTAMP_COMPLETION); 3245 } 3246 3247 kfree_skb(skb); 3248 } 3249 3250 u8 *hci_conn_key_enc_size(struct hci_conn *conn) 3251 { 3252 if (conn->type == ACL_LINK) { 3253 struct link_key *key; 3254 3255 key = hci_find_link_key(conn->hdev, &conn->dst); 3256 if (!key) 3257 return NULL; 3258 3259 return &key->pin_len; 3260 } else if (conn->type == LE_LINK) { 3261 struct smp_ltk *ltk; 3262 3263 ltk = hci_find_ltk(conn->hdev, &conn->dst, conn->dst_type, 3264 conn->role); 3265 if (!ltk) 3266 return NULL; 3267 3268 return <k->enc_size; 3269 } 3270 3271 return NULL; 3272 } 3273 3274 int hci_ethtool_ts_info(unsigned int index, int sk_proto, 3275 struct kernel_ethtool_ts_info *info) 3276 { 3277 struct hci_dev *hdev; 3278 3279 hdev = hci_dev_get(index); 3280 if (!hdev) 3281 return -ENODEV; 3282 3283 info->so_timestamping = 3284 SOF_TIMESTAMPING_RX_SOFTWARE | 3285 SOF_TIMESTAMPING_SOFTWARE; 3286 info->phc_index = -1; 3287 info->tx_types = BIT(HWTSTAMP_TX_OFF); 3288 info->rx_filters = BIT(HWTSTAMP_FILTER_NONE); 3289 3290 switch (sk_proto) { 3291 case BTPROTO_ISO: 3292 case BTPROTO_L2CAP: 3293 info->so_timestamping |= SOF_TIMESTAMPING_TX_SOFTWARE; 3294 info->so_timestamping |= SOF_TIMESTAMPING_TX_COMPLETION; 3295 break; 3296 case BTPROTO_SCO: 3297 info->so_timestamping |= SOF_TIMESTAMPING_TX_SOFTWARE; 3298 if (hci_dev_test_flag(hdev, HCI_SCO_FLOWCTL)) 3299 info->so_timestamping |= SOF_TIMESTAMPING_TX_COMPLETION; 3300 break; 3301 } 3302 3303 hci_dev_put(hdev); 3304 return 0; 3305 } 3306