1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 #ifndef CONFIG_BT_HCI_CORE_DEBUG 49 #undef BT_DBG 50 #define BT_DBG(D...) 51 #endif 52 53 void hci_acl_connect(struct hci_conn *conn) 54 { 55 struct hci_dev *hdev = conn->hdev; 56 struct inquiry_entry *ie; 57 struct hci_cp_create_conn cp; 58 59 BT_DBG("%p", conn); 60 61 conn->state = BT_CONNECT; 62 conn->out = 1; 63 conn->link_mode = HCI_LM_MASTER; 64 65 conn->attempt++; 66 67 memset(&cp, 0, sizeof(cp)); 68 bacpy(&cp.bdaddr, &conn->dst); 69 cp.pscan_rep_mode = 0x02; 70 71 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) && 72 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 73 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 74 cp.pscan_mode = ie->data.pscan_mode; 75 cp.clock_offset = ie->data.clock_offset | cpu_to_le16(0x8000); 76 memcpy(conn->dev_class, ie->data.dev_class, 3); 77 } 78 79 cp.pkt_type = cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK); 80 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 81 cp.role_switch = 0x01; 82 else 83 cp.role_switch = 0x00; 84 85 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 86 } 87 88 static void hci_acl_connect_cancel(struct hci_conn *conn) 89 { 90 struct hci_cp_create_conn_cancel cp; 91 92 BT_DBG("%p", conn); 93 94 if (conn->hdev->hci_ver < 2) 95 return; 96 97 bacpy(&cp.bdaddr, &conn->dst); 98 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 99 } 100 101 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 102 { 103 struct hci_cp_disconnect cp; 104 105 BT_DBG("%p", conn); 106 107 conn->state = BT_DISCONN; 108 109 cp.handle = cpu_to_le16(conn->handle); 110 cp.reason = reason; 111 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 112 } 113 114 void hci_add_sco(struct hci_conn *conn, __u16 handle) 115 { 116 struct hci_dev *hdev = conn->hdev; 117 struct hci_cp_add_sco cp; 118 119 BT_DBG("%p", conn); 120 121 conn->state = BT_CONNECT; 122 conn->out = 1; 123 124 cp.handle = cpu_to_le16(handle); 125 cp.pkt_type = cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 126 127 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 128 } 129 130 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 131 { 132 struct hci_dev *hdev = conn->hdev; 133 struct hci_cp_setup_sync_conn cp; 134 135 BT_DBG("%p", conn); 136 137 conn->state = BT_CONNECT; 138 conn->out = 1; 139 140 cp.handle = cpu_to_le16(handle); 141 cp.pkt_type = cpu_to_le16(hdev->esco_type); 142 143 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 144 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 145 cp.max_latency = cpu_to_le16(0xffff); 146 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 147 cp.retrans_effort = 0xff; 148 149 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 150 } 151 152 static void hci_conn_timeout(unsigned long arg) 153 { 154 struct hci_conn *conn = (void *) arg; 155 struct hci_dev *hdev = conn->hdev; 156 157 BT_DBG("conn %p state %d", conn, conn->state); 158 159 if (atomic_read(&conn->refcnt)) 160 return; 161 162 hci_dev_lock(hdev); 163 164 switch (conn->state) { 165 case BT_CONNECT: 166 if (conn->type == ACL_LINK) 167 hci_acl_connect_cancel(conn); 168 else 169 hci_acl_disconn(conn, 0x13); 170 break; 171 case BT_CONNECTED: 172 hci_acl_disconn(conn, 0x13); 173 break; 174 default: 175 conn->state = BT_CLOSED; 176 break; 177 } 178 179 hci_dev_unlock(hdev); 180 } 181 182 static void hci_conn_idle(unsigned long arg) 183 { 184 struct hci_conn *conn = (void *) arg; 185 186 BT_DBG("conn %p mode %d", conn, conn->mode); 187 188 hci_conn_enter_sniff_mode(conn); 189 } 190 191 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 192 { 193 struct hci_conn *conn; 194 195 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 196 197 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 198 if (!conn) 199 return NULL; 200 201 bacpy(&conn->dst, dst); 202 conn->hdev = hdev; 203 conn->type = type; 204 conn->mode = HCI_CM_ACTIVE; 205 conn->state = BT_OPEN; 206 207 conn->power_save = 1; 208 209 skb_queue_head_init(&conn->data_q); 210 211 init_timer(&conn->disc_timer); 212 conn->disc_timer.function = hci_conn_timeout; 213 conn->disc_timer.data = (unsigned long) conn; 214 215 init_timer(&conn->idle_timer); 216 conn->idle_timer.function = hci_conn_idle; 217 conn->idle_timer.data = (unsigned long) conn; 218 219 atomic_set(&conn->refcnt, 0); 220 221 hci_dev_hold(hdev); 222 223 tasklet_disable(&hdev->tx_task); 224 225 hci_conn_hash_add(hdev, conn); 226 if (hdev->notify) 227 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 228 229 hci_conn_add_sysfs(conn); 230 231 tasklet_enable(&hdev->tx_task); 232 233 return conn; 234 } 235 236 int hci_conn_del(struct hci_conn *conn) 237 { 238 struct hci_dev *hdev = conn->hdev; 239 240 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 241 242 del_timer(&conn->idle_timer); 243 244 del_timer(&conn->disc_timer); 245 246 if (conn->type == ACL_LINK) { 247 struct hci_conn *sco = conn->link; 248 if (sco) 249 sco->link = NULL; 250 251 /* Unacked frames */ 252 hdev->acl_cnt += conn->sent; 253 } else { 254 struct hci_conn *acl = conn->link; 255 if (acl) { 256 acl->link = NULL; 257 hci_conn_put(acl); 258 } 259 } 260 261 tasklet_disable(&hdev->tx_task); 262 263 hci_conn_del_sysfs(conn); 264 265 hci_conn_hash_del(hdev, conn); 266 if (hdev->notify) 267 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 268 269 tasklet_enable(&hdev->tx_task); 270 271 skb_queue_purge(&conn->data_q); 272 273 hci_dev_put(hdev); 274 275 /* will free via device release */ 276 put_device(&conn->dev); 277 278 return 0; 279 } 280 281 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 282 { 283 int use_src = bacmp(src, BDADDR_ANY); 284 struct hci_dev *hdev = NULL; 285 struct list_head *p; 286 287 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 288 289 read_lock_bh(&hci_dev_list_lock); 290 291 list_for_each(p, &hci_dev_list) { 292 struct hci_dev *d = list_entry(p, struct hci_dev, list); 293 294 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 295 continue; 296 297 /* Simple routing: 298 * No source address - find interface with bdaddr != dst 299 * Source address - find interface with bdaddr == src 300 */ 301 302 if (use_src) { 303 if (!bacmp(&d->bdaddr, src)) { 304 hdev = d; break; 305 } 306 } else { 307 if (bacmp(&d->bdaddr, dst)) { 308 hdev = d; break; 309 } 310 } 311 } 312 313 if (hdev) 314 hdev = hci_dev_hold(hdev); 315 316 read_unlock_bh(&hci_dev_list_lock); 317 return hdev; 318 } 319 EXPORT_SYMBOL(hci_get_route); 320 321 /* Create SCO or ACL connection. 322 * Device _must_ be locked */ 323 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) 324 { 325 struct hci_conn *acl; 326 struct hci_conn *sco; 327 328 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 329 330 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 331 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 332 return NULL; 333 } 334 335 hci_conn_hold(acl); 336 337 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) 338 hci_acl_connect(acl); 339 340 if (type == ACL_LINK) 341 return acl; 342 343 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { 344 if (!(sco = hci_conn_add(hdev, type, dst))) { 345 hci_conn_put(acl); 346 return NULL; 347 } 348 } 349 350 acl->link = sco; 351 sco->link = acl; 352 353 hci_conn_hold(sco); 354 355 if (acl->state == BT_CONNECTED && 356 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 357 if (lmp_esco_capable(hdev)) 358 hci_setup_sync(sco, acl->handle); 359 else 360 hci_add_sco(sco, acl->handle); 361 } 362 363 return sco; 364 } 365 EXPORT_SYMBOL(hci_connect); 366 367 /* Authenticate remote device */ 368 int hci_conn_auth(struct hci_conn *conn) 369 { 370 BT_DBG("conn %p", conn); 371 372 if (conn->link_mode & HCI_LM_AUTH) 373 return 1; 374 375 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 376 struct hci_cp_auth_requested cp; 377 cp.handle = cpu_to_le16(conn->handle); 378 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 379 } 380 return 0; 381 } 382 EXPORT_SYMBOL(hci_conn_auth); 383 384 /* Enable encryption */ 385 int hci_conn_encrypt(struct hci_conn *conn) 386 { 387 BT_DBG("conn %p", conn); 388 389 if (conn->link_mode & HCI_LM_ENCRYPT) 390 return 1; 391 392 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 393 return 0; 394 395 if (hci_conn_auth(conn)) { 396 struct hci_cp_set_conn_encrypt cp; 397 cp.handle = cpu_to_le16(conn->handle); 398 cp.encrypt = 1; 399 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp); 400 } 401 return 0; 402 } 403 EXPORT_SYMBOL(hci_conn_encrypt); 404 405 /* Change link key */ 406 int hci_conn_change_link_key(struct hci_conn *conn) 407 { 408 BT_DBG("conn %p", conn); 409 410 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 411 struct hci_cp_change_conn_link_key cp; 412 cp.handle = cpu_to_le16(conn->handle); 413 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp); 414 } 415 return 0; 416 } 417 EXPORT_SYMBOL(hci_conn_change_link_key); 418 419 /* Switch role */ 420 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role) 421 { 422 BT_DBG("conn %p", conn); 423 424 if (!role && conn->link_mode & HCI_LM_MASTER) 425 return 1; 426 427 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 428 struct hci_cp_switch_role cp; 429 bacpy(&cp.bdaddr, &conn->dst); 430 cp.role = role; 431 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 432 } 433 return 0; 434 } 435 EXPORT_SYMBOL(hci_conn_switch_role); 436 437 /* Enter active mode */ 438 void hci_conn_enter_active_mode(struct hci_conn *conn) 439 { 440 struct hci_dev *hdev = conn->hdev; 441 442 BT_DBG("conn %p mode %d", conn, conn->mode); 443 444 if (test_bit(HCI_RAW, &hdev->flags)) 445 return; 446 447 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 448 goto timer; 449 450 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 451 struct hci_cp_exit_sniff_mode cp; 452 cp.handle = cpu_to_le16(conn->handle); 453 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 454 } 455 456 timer: 457 if (hdev->idle_timeout > 0) 458 mod_timer(&conn->idle_timer, 459 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 460 } 461 462 /* Enter sniff mode */ 463 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 464 { 465 struct hci_dev *hdev = conn->hdev; 466 467 BT_DBG("conn %p mode %d", conn, conn->mode); 468 469 if (test_bit(HCI_RAW, &hdev->flags)) 470 return; 471 472 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 473 return; 474 475 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 476 return; 477 478 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 479 struct hci_cp_sniff_subrate cp; 480 cp.handle = cpu_to_le16(conn->handle); 481 cp.max_latency = cpu_to_le16(0); 482 cp.min_remote_timeout = cpu_to_le16(0); 483 cp.min_local_timeout = cpu_to_le16(0); 484 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 485 } 486 487 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 488 struct hci_cp_sniff_mode cp; 489 cp.handle = cpu_to_le16(conn->handle); 490 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 491 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 492 cp.attempt = cpu_to_le16(4); 493 cp.timeout = cpu_to_le16(1); 494 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 495 } 496 } 497 498 /* Drop all connection on the device */ 499 void hci_conn_hash_flush(struct hci_dev *hdev) 500 { 501 struct hci_conn_hash *h = &hdev->conn_hash; 502 struct list_head *p; 503 504 BT_DBG("hdev %s", hdev->name); 505 506 p = h->list.next; 507 while (p != &h->list) { 508 struct hci_conn *c; 509 510 c = list_entry(p, struct hci_conn, list); 511 p = p->next; 512 513 c->state = BT_CLOSED; 514 515 hci_proto_disconn_ind(c, 0x16); 516 hci_conn_del(c); 517 } 518 } 519 520 /* Check pending connect attempts */ 521 void hci_conn_check_pending(struct hci_dev *hdev) 522 { 523 struct hci_conn *conn; 524 525 BT_DBG("hdev %s", hdev->name); 526 527 hci_dev_lock(hdev); 528 529 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 530 if (conn) 531 hci_acl_connect(conn); 532 533 hci_dev_unlock(hdev); 534 } 535 536 int hci_get_conn_list(void __user *arg) 537 { 538 struct hci_conn_list_req req, *cl; 539 struct hci_conn_info *ci; 540 struct hci_dev *hdev; 541 struct list_head *p; 542 int n = 0, size, err; 543 544 if (copy_from_user(&req, arg, sizeof(req))) 545 return -EFAULT; 546 547 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 548 return -EINVAL; 549 550 size = sizeof(req) + req.conn_num * sizeof(*ci); 551 552 if (!(cl = kmalloc(size, GFP_KERNEL))) 553 return -ENOMEM; 554 555 if (!(hdev = hci_dev_get(req.dev_id))) { 556 kfree(cl); 557 return -ENODEV; 558 } 559 560 ci = cl->conn_info; 561 562 hci_dev_lock_bh(hdev); 563 list_for_each(p, &hdev->conn_hash.list) { 564 register struct hci_conn *c; 565 c = list_entry(p, struct hci_conn, list); 566 567 bacpy(&(ci + n)->bdaddr, &c->dst); 568 (ci + n)->handle = c->handle; 569 (ci + n)->type = c->type; 570 (ci + n)->out = c->out; 571 (ci + n)->state = c->state; 572 (ci + n)->link_mode = c->link_mode; 573 if (++n >= req.conn_num) 574 break; 575 } 576 hci_dev_unlock_bh(hdev); 577 578 cl->dev_id = hdev->id; 579 cl->conn_num = n; 580 size = sizeof(req) + n * sizeof(*ci); 581 582 hci_dev_put(hdev); 583 584 err = copy_to_user(arg, cl, size); 585 kfree(cl); 586 587 return err ? -EFAULT : 0; 588 } 589 590 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 591 { 592 struct hci_conn_info_req req; 593 struct hci_conn_info ci; 594 struct hci_conn *conn; 595 char __user *ptr = arg + sizeof(req); 596 597 if (copy_from_user(&req, arg, sizeof(req))) 598 return -EFAULT; 599 600 hci_dev_lock_bh(hdev); 601 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 602 if (conn) { 603 bacpy(&ci.bdaddr, &conn->dst); 604 ci.handle = conn->handle; 605 ci.type = conn->type; 606 ci.out = conn->out; 607 ci.state = conn->state; 608 ci.link_mode = conn->link_mode; 609 } 610 hci_dev_unlock_bh(hdev); 611 612 if (!conn) 613 return -ENOENT; 614 615 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 616 } 617