1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <linux/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 static void hci_le_connect(struct hci_conn *conn) 49 { 50 struct hci_dev *hdev = conn->hdev; 51 struct hci_cp_le_create_conn cp; 52 53 conn->state = BT_CONNECT; 54 conn->out = 1; 55 conn->link_mode |= HCI_LM_MASTER; 56 conn->sec_level = BT_SECURITY_LOW; 57 58 memset(&cp, 0, sizeof(cp)); 59 cp.scan_interval = cpu_to_le16(0x0004); 60 cp.scan_window = cpu_to_le16(0x0004); 61 bacpy(&cp.peer_addr, &conn->dst); 62 cp.peer_addr_type = conn->dst_type; 63 cp.conn_interval_min = cpu_to_le16(0x0008); 64 cp.conn_interval_max = cpu_to_le16(0x0100); 65 cp.supervision_timeout = cpu_to_le16(0x0064); 66 cp.min_ce_len = cpu_to_le16(0x0001); 67 cp.max_ce_len = cpu_to_le16(0x0001); 68 69 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); 70 } 71 72 static void hci_le_connect_cancel(struct hci_conn *conn) 73 { 74 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL); 75 } 76 77 void hci_acl_connect(struct hci_conn *conn) 78 { 79 struct hci_dev *hdev = conn->hdev; 80 struct inquiry_entry *ie; 81 struct hci_cp_create_conn cp; 82 83 BT_DBG("%p", conn); 84 85 conn->state = BT_CONNECT; 86 conn->out = 1; 87 88 conn->link_mode = HCI_LM_MASTER; 89 90 conn->attempt++; 91 92 conn->link_policy = hdev->link_policy; 93 94 memset(&cp, 0, sizeof(cp)); 95 bacpy(&cp.bdaddr, &conn->dst); 96 cp.pscan_rep_mode = 0x02; 97 98 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 99 if (ie) { 100 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 101 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 102 cp.pscan_mode = ie->data.pscan_mode; 103 cp.clock_offset = ie->data.clock_offset | 104 cpu_to_le16(0x8000); 105 } 106 107 memcpy(conn->dev_class, ie->data.dev_class, 3); 108 conn->ssp_mode = ie->data.ssp_mode; 109 } 110 111 cp.pkt_type = cpu_to_le16(conn->pkt_type); 112 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 113 cp.role_switch = 0x01; 114 else 115 cp.role_switch = 0x00; 116 117 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 118 } 119 120 static void hci_acl_connect_cancel(struct hci_conn *conn) 121 { 122 struct hci_cp_create_conn_cancel cp; 123 124 BT_DBG("%p", conn); 125 126 if (conn->hdev->hci_ver < 2) 127 return; 128 129 bacpy(&cp.bdaddr, &conn->dst); 130 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 131 } 132 133 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 134 { 135 struct hci_cp_disconnect cp; 136 137 BT_DBG("%p", conn); 138 139 conn->state = BT_DISCONN; 140 141 cp.handle = cpu_to_le16(conn->handle); 142 cp.reason = reason; 143 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 144 } 145 146 void hci_add_sco(struct hci_conn *conn, __u16 handle) 147 { 148 struct hci_dev *hdev = conn->hdev; 149 struct hci_cp_add_sco cp; 150 151 BT_DBG("%p", conn); 152 153 conn->state = BT_CONNECT; 154 conn->out = 1; 155 156 conn->attempt++; 157 158 cp.handle = cpu_to_le16(handle); 159 cp.pkt_type = cpu_to_le16(conn->pkt_type); 160 161 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 162 } 163 164 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 165 { 166 struct hci_dev *hdev = conn->hdev; 167 struct hci_cp_setup_sync_conn cp; 168 169 BT_DBG("%p", conn); 170 171 conn->state = BT_CONNECT; 172 conn->out = 1; 173 174 conn->attempt++; 175 176 cp.handle = cpu_to_le16(handle); 177 cp.pkt_type = cpu_to_le16(conn->pkt_type); 178 179 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 180 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 181 cp.max_latency = cpu_to_le16(0xffff); 182 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 183 cp.retrans_effort = 0xff; 184 185 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 186 } 187 188 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, 189 u16 latency, u16 to_multiplier) 190 { 191 struct hci_cp_le_conn_update cp; 192 struct hci_dev *hdev = conn->hdev; 193 194 memset(&cp, 0, sizeof(cp)); 195 196 cp.handle = cpu_to_le16(conn->handle); 197 cp.conn_interval_min = cpu_to_le16(min); 198 cp.conn_interval_max = cpu_to_le16(max); 199 cp.conn_latency = cpu_to_le16(latency); 200 cp.supervision_timeout = cpu_to_le16(to_multiplier); 201 cp.min_ce_len = cpu_to_le16(0x0001); 202 cp.max_ce_len = cpu_to_le16(0x0001); 203 204 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); 205 } 206 EXPORT_SYMBOL(hci_le_conn_update); 207 208 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8], 209 __u8 ltk[16]) 210 { 211 struct hci_dev *hdev = conn->hdev; 212 struct hci_cp_le_start_enc cp; 213 214 BT_DBG("%p", conn); 215 216 memset(&cp, 0, sizeof(cp)); 217 218 cp.handle = cpu_to_le16(conn->handle); 219 memcpy(cp.ltk, ltk, sizeof(cp.ltk)); 220 cp.ediv = ediv; 221 memcpy(cp.rand, rand, sizeof(rand)); 222 223 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); 224 } 225 EXPORT_SYMBOL(hci_le_start_enc); 226 227 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) 228 { 229 struct hci_dev *hdev = conn->hdev; 230 struct hci_cp_le_ltk_reply cp; 231 232 BT_DBG("%p", conn); 233 234 memset(&cp, 0, sizeof(cp)); 235 236 cp.handle = cpu_to_le16(conn->handle); 237 memcpy(cp.ltk, ltk, sizeof(ltk)); 238 239 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 240 } 241 EXPORT_SYMBOL(hci_le_ltk_reply); 242 243 void hci_le_ltk_neg_reply(struct hci_conn *conn) 244 { 245 struct hci_dev *hdev = conn->hdev; 246 struct hci_cp_le_ltk_neg_reply cp; 247 248 BT_DBG("%p", conn); 249 250 memset(&cp, 0, sizeof(cp)); 251 252 cp.handle = cpu_to_le16(conn->handle); 253 254 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp); 255 } 256 257 /* Device _must_ be locked */ 258 void hci_sco_setup(struct hci_conn *conn, __u8 status) 259 { 260 struct hci_conn *sco = conn->link; 261 262 BT_DBG("%p", conn); 263 264 if (!sco) 265 return; 266 267 if (!status) { 268 if (lmp_esco_capable(conn->hdev)) 269 hci_setup_sync(sco, conn->handle); 270 else 271 hci_add_sco(sco, conn->handle); 272 } else { 273 hci_proto_connect_cfm(sco, status); 274 hci_conn_del(sco); 275 } 276 } 277 278 static void hci_conn_timeout(unsigned long arg) 279 { 280 struct hci_conn *conn = (void *) arg; 281 struct hci_dev *hdev = conn->hdev; 282 __u8 reason; 283 284 BT_DBG("conn %p state %d", conn, conn->state); 285 286 if (atomic_read(&conn->refcnt)) 287 return; 288 289 hci_dev_lock(hdev); 290 291 switch (conn->state) { 292 case BT_CONNECT: 293 case BT_CONNECT2: 294 if (conn->out) { 295 if (conn->type == ACL_LINK) 296 hci_acl_connect_cancel(conn); 297 else if (conn->type == LE_LINK) 298 hci_le_connect_cancel(conn); 299 } 300 break; 301 case BT_CONFIG: 302 case BT_CONNECTED: 303 reason = hci_proto_disconn_ind(conn); 304 hci_acl_disconn(conn, reason); 305 break; 306 default: 307 conn->state = BT_CLOSED; 308 break; 309 } 310 311 hci_dev_unlock(hdev); 312 } 313 314 static void hci_conn_idle(unsigned long arg) 315 { 316 struct hci_conn *conn = (void *) arg; 317 318 BT_DBG("conn %p mode %d", conn, conn->mode); 319 320 hci_conn_enter_sniff_mode(conn); 321 } 322 323 static void hci_conn_auto_accept(unsigned long arg) 324 { 325 struct hci_conn *conn = (void *) arg; 326 struct hci_dev *hdev = conn->hdev; 327 328 hci_dev_lock(hdev); 329 330 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), 331 &conn->dst); 332 333 hci_dev_unlock(hdev); 334 } 335 336 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 337 { 338 struct hci_conn *conn; 339 340 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 341 342 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 343 if (!conn) 344 return NULL; 345 346 bacpy(&conn->dst, dst); 347 conn->hdev = hdev; 348 conn->type = type; 349 conn->mode = HCI_CM_ACTIVE; 350 conn->state = BT_OPEN; 351 conn->auth_type = HCI_AT_GENERAL_BONDING; 352 conn->io_capability = hdev->io_capability; 353 conn->remote_auth = 0xff; 354 conn->key_type = 0xff; 355 356 conn->power_save = 1; 357 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 358 359 switch (type) { 360 case ACL_LINK: 361 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 362 break; 363 case SCO_LINK: 364 if (lmp_esco_capable(hdev)) 365 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 366 (hdev->esco_type & EDR_ESCO_MASK); 367 else 368 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 369 break; 370 case ESCO_LINK: 371 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 372 break; 373 } 374 375 skb_queue_head_init(&conn->data_q); 376 377 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 378 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 379 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept, 380 (unsigned long) conn); 381 382 atomic_set(&conn->refcnt, 0); 383 384 hci_dev_hold(hdev); 385 386 tasklet_disable(&hdev->tx_task); 387 388 hci_conn_hash_add(hdev, conn); 389 if (hdev->notify) 390 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 391 392 atomic_set(&conn->devref, 0); 393 394 hci_conn_init_sysfs(conn); 395 396 tasklet_enable(&hdev->tx_task); 397 398 return conn; 399 } 400 401 int hci_conn_del(struct hci_conn *conn) 402 { 403 struct hci_dev *hdev = conn->hdev; 404 405 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 406 407 del_timer(&conn->idle_timer); 408 409 del_timer(&conn->disc_timer); 410 411 del_timer(&conn->auto_accept_timer); 412 413 if (conn->type == ACL_LINK) { 414 struct hci_conn *sco = conn->link; 415 if (sco) 416 sco->link = NULL; 417 418 /* Unacked frames */ 419 hdev->acl_cnt += conn->sent; 420 } else if (conn->type == LE_LINK) { 421 if (hdev->le_pkts) 422 hdev->le_cnt += conn->sent; 423 else 424 hdev->acl_cnt += conn->sent; 425 } else { 426 struct hci_conn *acl = conn->link; 427 if (acl) { 428 acl->link = NULL; 429 hci_conn_put(acl); 430 } 431 } 432 433 tasklet_disable(&hdev->tx_task); 434 435 hci_conn_hash_del(hdev, conn); 436 if (hdev->notify) 437 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 438 439 tasklet_enable(&hdev->tx_task); 440 441 skb_queue_purge(&conn->data_q); 442 443 hci_conn_put_device(conn); 444 445 hci_dev_put(hdev); 446 447 if (conn->handle == 0) 448 kfree(conn); 449 450 return 0; 451 } 452 453 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 454 { 455 int use_src = bacmp(src, BDADDR_ANY); 456 struct hci_dev *hdev = NULL; 457 struct list_head *p; 458 459 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 460 461 read_lock_bh(&hci_dev_list_lock); 462 463 list_for_each(p, &hci_dev_list) { 464 struct hci_dev *d = list_entry(p, struct hci_dev, list); 465 466 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 467 continue; 468 469 /* Simple routing: 470 * No source address - find interface with bdaddr != dst 471 * Source address - find interface with bdaddr == src 472 */ 473 474 if (use_src) { 475 if (!bacmp(&d->bdaddr, src)) { 476 hdev = d; break; 477 } 478 } else { 479 if (bacmp(&d->bdaddr, dst)) { 480 hdev = d; break; 481 } 482 } 483 } 484 485 if (hdev) 486 hdev = hci_dev_hold(hdev); 487 488 read_unlock_bh(&hci_dev_list_lock); 489 return hdev; 490 } 491 EXPORT_SYMBOL(hci_get_route); 492 493 /* Create SCO, ACL or LE connection. 494 * Device _must_ be locked */ 495 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) 496 { 497 struct hci_conn *acl; 498 struct hci_conn *sco; 499 struct hci_conn *le; 500 501 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 502 503 if (type == LE_LINK) { 504 struct adv_entry *entry; 505 506 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); 507 if (le) 508 return ERR_PTR(-EBUSY); 509 510 entry = hci_find_adv_entry(hdev, dst); 511 if (!entry) 512 return ERR_PTR(-EHOSTUNREACH); 513 514 le = hci_conn_add(hdev, LE_LINK, dst); 515 if (!le) 516 return ERR_PTR(-ENOMEM); 517 518 le->dst_type = entry->bdaddr_type; 519 520 hci_le_connect(le); 521 522 hci_conn_hold(le); 523 524 return le; 525 } 526 527 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 528 if (!acl) { 529 acl = hci_conn_add(hdev, ACL_LINK, dst); 530 if (!acl) 531 return NULL; 532 } 533 534 hci_conn_hold(acl); 535 536 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 537 acl->sec_level = BT_SECURITY_LOW; 538 acl->pending_sec_level = sec_level; 539 acl->auth_type = auth_type; 540 hci_acl_connect(acl); 541 } 542 543 if (type == ACL_LINK) 544 return acl; 545 546 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 547 if (!sco) { 548 sco = hci_conn_add(hdev, type, dst); 549 if (!sco) { 550 hci_conn_put(acl); 551 return NULL; 552 } 553 } 554 555 acl->link = sco; 556 sco->link = acl; 557 558 hci_conn_hold(sco); 559 560 if (acl->state == BT_CONNECTED && 561 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 562 acl->power_save = 1; 563 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); 564 565 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { 566 /* defer SCO setup until mode change completed */ 567 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend); 568 return sco; 569 } 570 571 hci_sco_setup(acl, 0x00); 572 } 573 574 return sco; 575 } 576 EXPORT_SYMBOL(hci_connect); 577 578 /* Check link security requirement */ 579 int hci_conn_check_link_mode(struct hci_conn *conn) 580 { 581 BT_DBG("conn %p", conn); 582 583 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 584 !(conn->link_mode & HCI_LM_ENCRYPT)) 585 return 0; 586 587 return 1; 588 } 589 EXPORT_SYMBOL(hci_conn_check_link_mode); 590 591 /* Authenticate remote device */ 592 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 593 { 594 BT_DBG("conn %p", conn); 595 596 if (conn->pending_sec_level > sec_level) 597 sec_level = conn->pending_sec_level; 598 599 if (sec_level > conn->sec_level) 600 conn->pending_sec_level = sec_level; 601 else if (conn->link_mode & HCI_LM_AUTH) 602 return 1; 603 604 /* Make sure we preserve an existing MITM requirement*/ 605 auth_type |= (conn->auth_type & 0x01); 606 607 conn->auth_type = auth_type; 608 609 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 610 struct hci_cp_auth_requested cp; 611 cp.handle = cpu_to_le16(conn->handle); 612 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 613 sizeof(cp), &cp); 614 if (conn->key_type != 0xff) 615 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend); 616 } 617 618 return 0; 619 } 620 621 /* Encrypt the the link */ 622 static void hci_conn_encrypt(struct hci_conn *conn) 623 { 624 BT_DBG("conn %p", conn); 625 626 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 627 struct hci_cp_set_conn_encrypt cp; 628 cp.handle = cpu_to_le16(conn->handle); 629 cp.encrypt = 0x01; 630 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 631 &cp); 632 } 633 } 634 635 /* Enable security */ 636 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 637 { 638 BT_DBG("conn %p", conn); 639 640 /* For sdp we don't need the link key. */ 641 if (sec_level == BT_SECURITY_SDP) 642 return 1; 643 644 /* For non 2.1 devices and low security level we don't need the link 645 key. */ 646 if (sec_level == BT_SECURITY_LOW && 647 (!conn->ssp_mode || !conn->hdev->ssp_mode)) 648 return 1; 649 650 /* For other security levels we need the link key. */ 651 if (!(conn->link_mode & HCI_LM_AUTH)) 652 goto auth; 653 654 /* An authenticated combination key has sufficient security for any 655 security level. */ 656 if (conn->key_type == HCI_LK_AUTH_COMBINATION) 657 goto encrypt; 658 659 /* An unauthenticated combination key has sufficient security for 660 security level 1 and 2. */ 661 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION && 662 (sec_level == BT_SECURITY_MEDIUM || 663 sec_level == BT_SECURITY_LOW)) 664 goto encrypt; 665 666 /* A combination key has always sufficient security for the security 667 levels 1 or 2. High security level requires the combination key 668 is generated using maximum PIN code length (16). 669 For pre 2.1 units. */ 670 if (conn->key_type == HCI_LK_COMBINATION && 671 (sec_level != BT_SECURITY_HIGH || 672 conn->pin_length == 16)) 673 goto encrypt; 674 675 auth: 676 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 677 return 0; 678 679 if (!hci_conn_auth(conn, sec_level, auth_type)) 680 return 0; 681 682 encrypt: 683 if (conn->link_mode & HCI_LM_ENCRYPT) 684 return 1; 685 686 hci_conn_encrypt(conn); 687 return 0; 688 } 689 EXPORT_SYMBOL(hci_conn_security); 690 691 /* Check secure link requirement */ 692 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 693 { 694 BT_DBG("conn %p", conn); 695 696 if (sec_level != BT_SECURITY_HIGH) 697 return 1; /* Accept if non-secure is required */ 698 699 if (conn->sec_level == BT_SECURITY_HIGH) 700 return 1; 701 702 return 0; /* Reject not secure link */ 703 } 704 EXPORT_SYMBOL(hci_conn_check_secure); 705 706 /* Change link key */ 707 int hci_conn_change_link_key(struct hci_conn *conn) 708 { 709 BT_DBG("conn %p", conn); 710 711 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 712 struct hci_cp_change_conn_link_key cp; 713 cp.handle = cpu_to_le16(conn->handle); 714 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 715 sizeof(cp), &cp); 716 } 717 718 return 0; 719 } 720 EXPORT_SYMBOL(hci_conn_change_link_key); 721 722 /* Switch role */ 723 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 724 { 725 BT_DBG("conn %p", conn); 726 727 if (!role && conn->link_mode & HCI_LM_MASTER) 728 return 1; 729 730 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 731 struct hci_cp_switch_role cp; 732 bacpy(&cp.bdaddr, &conn->dst); 733 cp.role = role; 734 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 735 } 736 737 return 0; 738 } 739 EXPORT_SYMBOL(hci_conn_switch_role); 740 741 /* Enter active mode */ 742 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) 743 { 744 struct hci_dev *hdev = conn->hdev; 745 746 BT_DBG("conn %p mode %d", conn, conn->mode); 747 748 if (test_bit(HCI_RAW, &hdev->flags)) 749 return; 750 751 if (conn->mode != HCI_CM_SNIFF) 752 goto timer; 753 754 if (!conn->power_save && !force_active) 755 goto timer; 756 757 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 758 struct hci_cp_exit_sniff_mode cp; 759 cp.handle = cpu_to_le16(conn->handle); 760 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 761 } 762 763 timer: 764 if (hdev->idle_timeout > 0) 765 mod_timer(&conn->idle_timer, 766 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 767 } 768 769 /* Enter sniff mode */ 770 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 771 { 772 struct hci_dev *hdev = conn->hdev; 773 774 BT_DBG("conn %p mode %d", conn, conn->mode); 775 776 if (test_bit(HCI_RAW, &hdev->flags)) 777 return; 778 779 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 780 return; 781 782 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 783 return; 784 785 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 786 struct hci_cp_sniff_subrate cp; 787 cp.handle = cpu_to_le16(conn->handle); 788 cp.max_latency = cpu_to_le16(0); 789 cp.min_remote_timeout = cpu_to_le16(0); 790 cp.min_local_timeout = cpu_to_le16(0); 791 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 792 } 793 794 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 795 struct hci_cp_sniff_mode cp; 796 cp.handle = cpu_to_le16(conn->handle); 797 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 798 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 799 cp.attempt = cpu_to_le16(4); 800 cp.timeout = cpu_to_le16(1); 801 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 802 } 803 } 804 805 /* Drop all connection on the device */ 806 void hci_conn_hash_flush(struct hci_dev *hdev) 807 { 808 struct hci_conn_hash *h = &hdev->conn_hash; 809 struct list_head *p; 810 811 BT_DBG("hdev %s", hdev->name); 812 813 p = h->list.next; 814 while (p != &h->list) { 815 struct hci_conn *c; 816 817 c = list_entry(p, struct hci_conn, list); 818 p = p->next; 819 820 c->state = BT_CLOSED; 821 822 hci_proto_disconn_cfm(c, 0x16); 823 hci_conn_del(c); 824 } 825 } 826 827 /* Check pending connect attempts */ 828 void hci_conn_check_pending(struct hci_dev *hdev) 829 { 830 struct hci_conn *conn; 831 832 BT_DBG("hdev %s", hdev->name); 833 834 hci_dev_lock(hdev); 835 836 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 837 if (conn) 838 hci_acl_connect(conn); 839 840 hci_dev_unlock(hdev); 841 } 842 843 void hci_conn_hold_device(struct hci_conn *conn) 844 { 845 atomic_inc(&conn->devref); 846 } 847 EXPORT_SYMBOL(hci_conn_hold_device); 848 849 void hci_conn_put_device(struct hci_conn *conn) 850 { 851 if (atomic_dec_and_test(&conn->devref)) 852 hci_conn_del_sysfs(conn); 853 } 854 EXPORT_SYMBOL(hci_conn_put_device); 855 856 int hci_get_conn_list(void __user *arg) 857 { 858 struct hci_conn_list_req req, *cl; 859 struct hci_conn_info *ci; 860 struct hci_dev *hdev; 861 struct list_head *p; 862 int n = 0, size, err; 863 864 if (copy_from_user(&req, arg, sizeof(req))) 865 return -EFAULT; 866 867 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 868 return -EINVAL; 869 870 size = sizeof(req) + req.conn_num * sizeof(*ci); 871 872 cl = kmalloc(size, GFP_KERNEL); 873 if (!cl) 874 return -ENOMEM; 875 876 hdev = hci_dev_get(req.dev_id); 877 if (!hdev) { 878 kfree(cl); 879 return -ENODEV; 880 } 881 882 ci = cl->conn_info; 883 884 hci_dev_lock_bh(hdev); 885 list_for_each(p, &hdev->conn_hash.list) { 886 register struct hci_conn *c; 887 c = list_entry(p, struct hci_conn, list); 888 889 bacpy(&(ci + n)->bdaddr, &c->dst); 890 (ci + n)->handle = c->handle; 891 (ci + n)->type = c->type; 892 (ci + n)->out = c->out; 893 (ci + n)->state = c->state; 894 (ci + n)->link_mode = c->link_mode; 895 if (++n >= req.conn_num) 896 break; 897 } 898 hci_dev_unlock_bh(hdev); 899 900 cl->dev_id = hdev->id; 901 cl->conn_num = n; 902 size = sizeof(req) + n * sizeof(*ci); 903 904 hci_dev_put(hdev); 905 906 err = copy_to_user(arg, cl, size); 907 kfree(cl); 908 909 return err ? -EFAULT : 0; 910 } 911 912 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 913 { 914 struct hci_conn_info_req req; 915 struct hci_conn_info ci; 916 struct hci_conn *conn; 917 char __user *ptr = arg + sizeof(req); 918 919 if (copy_from_user(&req, arg, sizeof(req))) 920 return -EFAULT; 921 922 hci_dev_lock_bh(hdev); 923 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 924 if (conn) { 925 bacpy(&ci.bdaddr, &conn->dst); 926 ci.handle = conn->handle; 927 ci.type = conn->type; 928 ci.out = conn->out; 929 ci.state = conn->state; 930 ci.link_mode = conn->link_mode; 931 } 932 hci_dev_unlock_bh(hdev); 933 934 if (!conn) 935 return -ENOENT; 936 937 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 938 } 939 940 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 941 { 942 struct hci_auth_info_req req; 943 struct hci_conn *conn; 944 945 if (copy_from_user(&req, arg, sizeof(req))) 946 return -EFAULT; 947 948 hci_dev_lock_bh(hdev); 949 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 950 if (conn) 951 req.type = conn->auth_type; 952 hci_dev_unlock_bh(hdev); 953 954 if (!conn) 955 return -ENOENT; 956 957 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 958 } 959