1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/config.h> 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/skbuff.h> 39 #include <linux/interrupt.h> 40 #include <linux/notifier.h> 41 #include <net/sock.h> 42 43 #include <asm/system.h> 44 #include <asm/uaccess.h> 45 #include <asm/unaligned.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 50 #ifndef CONFIG_BT_HCI_CORE_DEBUG 51 #undef BT_DBG 52 #define BT_DBG(D...) 53 #endif 54 55 static void hci_acl_connect(struct hci_conn *conn) 56 { 57 struct hci_dev *hdev = conn->hdev; 58 struct inquiry_entry *ie; 59 struct hci_cp_create_conn cp; 60 61 BT_DBG("%p", conn); 62 63 conn->state = BT_CONNECT; 64 conn->out = 1; 65 conn->link_mode = HCI_LM_MASTER; 66 67 memset(&cp, 0, sizeof(cp)); 68 bacpy(&cp.bdaddr, &conn->dst); 69 cp.pscan_rep_mode = 0x02; 70 71 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) && 72 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 73 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 74 cp.pscan_mode = ie->data.pscan_mode; 75 cp.clock_offset = ie->data.clock_offset | __cpu_to_le16(0x8000); 76 memcpy(conn->dev_class, ie->data.dev_class, 3); 77 } 78 79 cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK); 80 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 81 cp.role_switch = 0x01; 82 else 83 cp.role_switch = 0x00; 84 85 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp); 86 } 87 88 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 89 { 90 struct hci_cp_disconnect cp; 91 92 BT_DBG("%p", conn); 93 94 conn->state = BT_DISCONN; 95 96 cp.handle = __cpu_to_le16(conn->handle); 97 cp.reason = reason; 98 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT, sizeof(cp), &cp); 99 } 100 101 void hci_add_sco(struct hci_conn *conn, __u16 handle) 102 { 103 struct hci_dev *hdev = conn->hdev; 104 struct hci_cp_add_sco cp; 105 106 BT_DBG("%p", conn); 107 108 conn->state = BT_CONNECT; 109 conn->out = 1; 110 111 cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 112 cp.handle = __cpu_to_le16(handle); 113 114 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp); 115 } 116 117 static void hci_conn_timeout(unsigned long arg) 118 { 119 struct hci_conn *conn = (void *)arg; 120 struct hci_dev *hdev = conn->hdev; 121 122 BT_DBG("conn %p state %d", conn, conn->state); 123 124 if (atomic_read(&conn->refcnt)) 125 return; 126 127 hci_dev_lock(hdev); 128 if (conn->state == BT_CONNECTED) 129 hci_acl_disconn(conn, 0x13); 130 else 131 conn->state = BT_CLOSED; 132 hci_dev_unlock(hdev); 133 return; 134 } 135 136 static void hci_conn_init_timer(struct hci_conn *conn) 137 { 138 init_timer(&conn->timer); 139 conn->timer.function = hci_conn_timeout; 140 conn->timer.data = (unsigned long)conn; 141 } 142 143 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 144 { 145 struct hci_conn *conn; 146 147 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 148 149 if (!(conn = kmalloc(sizeof(struct hci_conn), GFP_ATOMIC))) 150 return NULL; 151 memset(conn, 0, sizeof(struct hci_conn)); 152 153 bacpy(&conn->dst, dst); 154 conn->type = type; 155 conn->hdev = hdev; 156 conn->state = BT_OPEN; 157 158 skb_queue_head_init(&conn->data_q); 159 hci_conn_init_timer(conn); 160 161 atomic_set(&conn->refcnt, 0); 162 163 hci_dev_hold(hdev); 164 165 tasklet_disable(&hdev->tx_task); 166 167 hci_conn_hash_add(hdev, conn); 168 if (hdev->notify) 169 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 170 171 tasklet_enable(&hdev->tx_task); 172 173 return conn; 174 } 175 176 int hci_conn_del(struct hci_conn *conn) 177 { 178 struct hci_dev *hdev = conn->hdev; 179 180 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 181 182 hci_conn_del_timer(conn); 183 184 if (conn->type == SCO_LINK) { 185 struct hci_conn *acl = conn->link; 186 if (acl) { 187 acl->link = NULL; 188 hci_conn_put(acl); 189 } 190 } else { 191 struct hci_conn *sco = conn->link; 192 if (sco) 193 sco->link = NULL; 194 195 /* Unacked frames */ 196 hdev->acl_cnt += conn->sent; 197 } 198 199 tasklet_disable(&hdev->tx_task); 200 201 hci_conn_hash_del(hdev, conn); 202 if (hdev->notify) 203 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 204 205 tasklet_enable(&hdev->tx_task); 206 207 skb_queue_purge(&conn->data_q); 208 209 hci_dev_put(hdev); 210 211 kfree(conn); 212 return 0; 213 } 214 215 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 216 { 217 int use_src = bacmp(src, BDADDR_ANY); 218 struct hci_dev *hdev = NULL; 219 struct list_head *p; 220 221 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 222 223 read_lock_bh(&hci_dev_list_lock); 224 225 list_for_each(p, &hci_dev_list) { 226 struct hci_dev *d = list_entry(p, struct hci_dev, list); 227 228 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 229 continue; 230 231 /* Simple routing: 232 * No source address - find interface with bdaddr != dst 233 * Source address - find interface with bdaddr == src 234 */ 235 236 if (use_src) { 237 if (!bacmp(&d->bdaddr, src)) { 238 hdev = d; break; 239 } 240 } else { 241 if (bacmp(&d->bdaddr, dst)) { 242 hdev = d; break; 243 } 244 } 245 } 246 247 if (hdev) 248 hdev = hci_dev_hold(hdev); 249 250 read_unlock_bh(&hci_dev_list_lock); 251 return hdev; 252 } 253 EXPORT_SYMBOL(hci_get_route); 254 255 /* Create SCO or ACL connection. 256 * Device _must_ be locked */ 257 struct hci_conn * hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) 258 { 259 struct hci_conn *acl; 260 261 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 262 263 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 264 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 265 return NULL; 266 } 267 268 hci_conn_hold(acl); 269 270 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) 271 hci_acl_connect(acl); 272 273 if (type == SCO_LINK) { 274 struct hci_conn *sco; 275 276 if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) { 277 if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) { 278 hci_conn_put(acl); 279 return NULL; 280 } 281 } 282 acl->link = sco; 283 sco->link = acl; 284 285 hci_conn_hold(sco); 286 287 if (acl->state == BT_CONNECTED && 288 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) 289 hci_add_sco(sco, acl->handle); 290 291 return sco; 292 } else { 293 return acl; 294 } 295 } 296 EXPORT_SYMBOL(hci_connect); 297 298 /* Authenticate remote device */ 299 int hci_conn_auth(struct hci_conn *conn) 300 { 301 BT_DBG("conn %p", conn); 302 303 if (conn->link_mode & HCI_LM_AUTH) 304 return 1; 305 306 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 307 struct hci_cp_auth_requested cp; 308 cp.handle = __cpu_to_le16(conn->handle); 309 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp); 310 } 311 return 0; 312 } 313 EXPORT_SYMBOL(hci_conn_auth); 314 315 /* Enable encryption */ 316 int hci_conn_encrypt(struct hci_conn *conn) 317 { 318 BT_DBG("conn %p", conn); 319 320 if (conn->link_mode & HCI_LM_ENCRYPT) 321 return 1; 322 323 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 324 return 0; 325 326 if (hci_conn_auth(conn)) { 327 struct hci_cp_set_conn_encrypt cp; 328 cp.handle = __cpu_to_le16(conn->handle); 329 cp.encrypt = 1; 330 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp); 331 } 332 return 0; 333 } 334 EXPORT_SYMBOL(hci_conn_encrypt); 335 336 /* Change link key */ 337 int hci_conn_change_link_key(struct hci_conn *conn) 338 { 339 BT_DBG("conn %p", conn); 340 341 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 342 struct hci_cp_change_conn_link_key cp; 343 cp.handle = __cpu_to_le16(conn->handle); 344 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp); 345 } 346 return 0; 347 } 348 EXPORT_SYMBOL(hci_conn_change_link_key); 349 350 /* Switch role */ 351 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role) 352 { 353 BT_DBG("conn %p", conn); 354 355 if (!role && conn->link_mode & HCI_LM_MASTER) 356 return 1; 357 358 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 359 struct hci_cp_switch_role cp; 360 bacpy(&cp.bdaddr, &conn->dst); 361 cp.role = role; 362 hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp); 363 } 364 return 0; 365 } 366 EXPORT_SYMBOL(hci_conn_switch_role); 367 368 /* Drop all connection on the device */ 369 void hci_conn_hash_flush(struct hci_dev *hdev) 370 { 371 struct hci_conn_hash *h = &hdev->conn_hash; 372 struct list_head *p; 373 374 BT_DBG("hdev %s", hdev->name); 375 376 p = h->list.next; 377 while (p != &h->list) { 378 struct hci_conn *c; 379 380 c = list_entry(p, struct hci_conn, list); 381 p = p->next; 382 383 c->state = BT_CLOSED; 384 385 hci_proto_disconn_ind(c, 0x16); 386 hci_conn_del(c); 387 } 388 } 389 390 int hci_get_conn_list(void __user *arg) 391 { 392 struct hci_conn_list_req req, *cl; 393 struct hci_conn_info *ci; 394 struct hci_dev *hdev; 395 struct list_head *p; 396 int n = 0, size, err; 397 398 if (copy_from_user(&req, arg, sizeof(req))) 399 return -EFAULT; 400 401 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 402 return -EINVAL; 403 404 size = sizeof(req) + req.conn_num * sizeof(*ci); 405 406 if (!(cl = (void *) kmalloc(size, GFP_KERNEL))) 407 return -ENOMEM; 408 409 if (!(hdev = hci_dev_get(req.dev_id))) { 410 kfree(cl); 411 return -ENODEV; 412 } 413 414 ci = cl->conn_info; 415 416 hci_dev_lock_bh(hdev); 417 list_for_each(p, &hdev->conn_hash.list) { 418 register struct hci_conn *c; 419 c = list_entry(p, struct hci_conn, list); 420 421 bacpy(&(ci + n)->bdaddr, &c->dst); 422 (ci + n)->handle = c->handle; 423 (ci + n)->type = c->type; 424 (ci + n)->out = c->out; 425 (ci + n)->state = c->state; 426 (ci + n)->link_mode = c->link_mode; 427 if (++n >= req.conn_num) 428 break; 429 } 430 hci_dev_unlock_bh(hdev); 431 432 cl->dev_id = hdev->id; 433 cl->conn_num = n; 434 size = sizeof(req) + n * sizeof(*ci); 435 436 hci_dev_put(hdev); 437 438 err = copy_to_user(arg, cl, size); 439 kfree(cl); 440 441 return err ? -EFAULT : 0; 442 } 443 444 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 445 { 446 struct hci_conn_info_req req; 447 struct hci_conn_info ci; 448 struct hci_conn *conn; 449 char __user *ptr = arg + sizeof(req); 450 451 if (copy_from_user(&req, arg, sizeof(req))) 452 return -EFAULT; 453 454 hci_dev_lock_bh(hdev); 455 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 456 if (conn) { 457 bacpy(&ci.bdaddr, &conn->dst); 458 ci.handle = conn->handle; 459 ci.type = conn->type; 460 ci.out = conn->out; 461 ci.state = conn->state; 462 ci.link_mode = conn->link_mode; 463 } 464 hci_dev_unlock_bh(hdev); 465 466 if (!conn) 467 return -ENOENT; 468 469 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 470 } 471