1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <linux/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 static void hci_le_connect(struct hci_conn *conn) 49 { 50 struct hci_dev *hdev = conn->hdev; 51 struct hci_cp_le_create_conn cp; 52 53 conn->state = BT_CONNECT; 54 conn->out = 1; 55 conn->link_mode |= HCI_LM_MASTER; 56 57 memset(&cp, 0, sizeof(cp)); 58 cp.scan_interval = cpu_to_le16(0x0004); 59 cp.scan_window = cpu_to_le16(0x0004); 60 bacpy(&cp.peer_addr, &conn->dst); 61 cp.conn_interval_min = cpu_to_le16(0x0008); 62 cp.conn_interval_max = cpu_to_le16(0x0100); 63 cp.supervision_timeout = cpu_to_le16(0x0064); 64 cp.min_ce_len = cpu_to_le16(0x0001); 65 cp.max_ce_len = cpu_to_le16(0x0001); 66 67 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); 68 } 69 70 static void hci_le_connect_cancel(struct hci_conn *conn) 71 { 72 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL); 73 } 74 75 void hci_acl_connect(struct hci_conn *conn) 76 { 77 struct hci_dev *hdev = conn->hdev; 78 struct inquiry_entry *ie; 79 struct hci_cp_create_conn cp; 80 81 BT_DBG("%p", conn); 82 83 conn->state = BT_CONNECT; 84 conn->out = 1; 85 86 conn->link_mode = HCI_LM_MASTER; 87 88 conn->attempt++; 89 90 conn->link_policy = hdev->link_policy; 91 92 memset(&cp, 0, sizeof(cp)); 93 bacpy(&cp.bdaddr, &conn->dst); 94 cp.pscan_rep_mode = 0x02; 95 96 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 97 if (ie) { 98 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 99 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 100 cp.pscan_mode = ie->data.pscan_mode; 101 cp.clock_offset = ie->data.clock_offset | 102 cpu_to_le16(0x8000); 103 } 104 105 memcpy(conn->dev_class, ie->data.dev_class, 3); 106 conn->ssp_mode = ie->data.ssp_mode; 107 } 108 109 cp.pkt_type = cpu_to_le16(conn->pkt_type); 110 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 111 cp.role_switch = 0x01; 112 else 113 cp.role_switch = 0x00; 114 115 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 116 } 117 118 static void hci_acl_connect_cancel(struct hci_conn *conn) 119 { 120 struct hci_cp_create_conn_cancel cp; 121 122 BT_DBG("%p", conn); 123 124 if (conn->hdev->hci_ver < 2) 125 return; 126 127 bacpy(&cp.bdaddr, &conn->dst); 128 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 129 } 130 131 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 132 { 133 struct hci_cp_disconnect cp; 134 135 BT_DBG("%p", conn); 136 137 conn->state = BT_DISCONN; 138 139 cp.handle = cpu_to_le16(conn->handle); 140 cp.reason = reason; 141 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 142 } 143 144 void hci_add_sco(struct hci_conn *conn, __u16 handle) 145 { 146 struct hci_dev *hdev = conn->hdev; 147 struct hci_cp_add_sco cp; 148 149 BT_DBG("%p", conn); 150 151 conn->state = BT_CONNECT; 152 conn->out = 1; 153 154 conn->attempt++; 155 156 cp.handle = cpu_to_le16(handle); 157 cp.pkt_type = cpu_to_le16(conn->pkt_type); 158 159 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 160 } 161 162 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 163 { 164 struct hci_dev *hdev = conn->hdev; 165 struct hci_cp_setup_sync_conn cp; 166 167 BT_DBG("%p", conn); 168 169 conn->state = BT_CONNECT; 170 conn->out = 1; 171 172 conn->attempt++; 173 174 cp.handle = cpu_to_le16(handle); 175 cp.pkt_type = cpu_to_le16(conn->pkt_type); 176 177 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 178 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 179 cp.max_latency = cpu_to_le16(0xffff); 180 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 181 cp.retrans_effort = 0xff; 182 183 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 184 } 185 186 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, 187 u16 latency, u16 to_multiplier) 188 { 189 struct hci_cp_le_conn_update cp; 190 struct hci_dev *hdev = conn->hdev; 191 192 memset(&cp, 0, sizeof(cp)); 193 194 cp.handle = cpu_to_le16(conn->handle); 195 cp.conn_interval_min = cpu_to_le16(min); 196 cp.conn_interval_max = cpu_to_le16(max); 197 cp.conn_latency = cpu_to_le16(latency); 198 cp.supervision_timeout = cpu_to_le16(to_multiplier); 199 cp.min_ce_len = cpu_to_le16(0x0001); 200 cp.max_ce_len = cpu_to_le16(0x0001); 201 202 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); 203 } 204 EXPORT_SYMBOL(hci_le_conn_update); 205 206 /* Device _must_ be locked */ 207 void hci_sco_setup(struct hci_conn *conn, __u8 status) 208 { 209 struct hci_conn *sco = conn->link; 210 211 BT_DBG("%p", conn); 212 213 if (!sco) 214 return; 215 216 if (!status) { 217 if (lmp_esco_capable(conn->hdev)) 218 hci_setup_sync(sco, conn->handle); 219 else 220 hci_add_sco(sco, conn->handle); 221 } else { 222 hci_proto_connect_cfm(sco, status); 223 hci_conn_del(sco); 224 } 225 } 226 227 static void hci_conn_timeout(unsigned long arg) 228 { 229 struct hci_conn *conn = (void *) arg; 230 struct hci_dev *hdev = conn->hdev; 231 __u8 reason; 232 233 BT_DBG("conn %p state %d", conn, conn->state); 234 235 if (atomic_read(&conn->refcnt)) 236 return; 237 238 hci_dev_lock(hdev); 239 240 switch (conn->state) { 241 case BT_CONNECT: 242 case BT_CONNECT2: 243 if (conn->out) { 244 if (conn->type == ACL_LINK) 245 hci_acl_connect_cancel(conn); 246 else if (conn->type == LE_LINK) 247 hci_le_connect_cancel(conn); 248 } 249 break; 250 case BT_CONFIG: 251 case BT_CONNECTED: 252 reason = hci_proto_disconn_ind(conn); 253 hci_acl_disconn(conn, reason); 254 break; 255 default: 256 conn->state = BT_CLOSED; 257 break; 258 } 259 260 hci_dev_unlock(hdev); 261 } 262 263 static void hci_conn_idle(unsigned long arg) 264 { 265 struct hci_conn *conn = (void *) arg; 266 267 BT_DBG("conn %p mode %d", conn, conn->mode); 268 269 hci_conn_enter_sniff_mode(conn); 270 } 271 272 static void hci_conn_auto_accept(unsigned long arg) 273 { 274 struct hci_conn *conn = (void *) arg; 275 struct hci_dev *hdev = conn->hdev; 276 277 hci_dev_lock(hdev); 278 279 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), 280 &conn->dst); 281 282 hci_dev_unlock(hdev); 283 } 284 285 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 286 { 287 struct hci_conn *conn; 288 289 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 290 291 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 292 if (!conn) 293 return NULL; 294 295 bacpy(&conn->dst, dst); 296 conn->hdev = hdev; 297 conn->type = type; 298 conn->mode = HCI_CM_ACTIVE; 299 conn->state = BT_OPEN; 300 conn->auth_type = HCI_AT_GENERAL_BONDING; 301 conn->io_capability = hdev->io_capability; 302 conn->remote_auth = 0xff; 303 conn->key_type = 0xff; 304 305 conn->power_save = 1; 306 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 307 308 switch (type) { 309 case ACL_LINK: 310 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 311 break; 312 case SCO_LINK: 313 if (lmp_esco_capable(hdev)) 314 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 315 (hdev->esco_type & EDR_ESCO_MASK); 316 else 317 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 318 break; 319 case ESCO_LINK: 320 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 321 break; 322 } 323 324 skb_queue_head_init(&conn->data_q); 325 326 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 327 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 328 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept, 329 (unsigned long) conn); 330 331 atomic_set(&conn->refcnt, 0); 332 333 hci_dev_hold(hdev); 334 335 tasklet_disable(&hdev->tx_task); 336 337 hci_conn_hash_add(hdev, conn); 338 if (hdev->notify) 339 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 340 341 atomic_set(&conn->devref, 0); 342 343 hci_conn_init_sysfs(conn); 344 345 tasklet_enable(&hdev->tx_task); 346 347 return conn; 348 } 349 350 int hci_conn_del(struct hci_conn *conn) 351 { 352 struct hci_dev *hdev = conn->hdev; 353 354 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 355 356 del_timer(&conn->idle_timer); 357 358 del_timer(&conn->disc_timer); 359 360 del_timer(&conn->auto_accept_timer); 361 362 if (conn->type == ACL_LINK) { 363 struct hci_conn *sco = conn->link; 364 if (sco) 365 sco->link = NULL; 366 367 /* Unacked frames */ 368 hdev->acl_cnt += conn->sent; 369 } else if (conn->type == LE_LINK) { 370 if (hdev->le_pkts) 371 hdev->le_cnt += conn->sent; 372 else 373 hdev->acl_cnt += conn->sent; 374 } else { 375 struct hci_conn *acl = conn->link; 376 if (acl) { 377 acl->link = NULL; 378 hci_conn_put(acl); 379 } 380 } 381 382 tasklet_disable(&hdev->tx_task); 383 384 hci_conn_hash_del(hdev, conn); 385 if (hdev->notify) 386 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 387 388 tasklet_enable(&hdev->tx_task); 389 390 skb_queue_purge(&conn->data_q); 391 392 hci_conn_put_device(conn); 393 394 hci_dev_put(hdev); 395 396 if (conn->handle == 0) 397 kfree(conn); 398 399 return 0; 400 } 401 402 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 403 { 404 int use_src = bacmp(src, BDADDR_ANY); 405 struct hci_dev *hdev = NULL; 406 struct list_head *p; 407 408 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 409 410 read_lock_bh(&hci_dev_list_lock); 411 412 list_for_each(p, &hci_dev_list) { 413 struct hci_dev *d = list_entry(p, struct hci_dev, list); 414 415 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 416 continue; 417 418 /* Simple routing: 419 * No source address - find interface with bdaddr != dst 420 * Source address - find interface with bdaddr == src 421 */ 422 423 if (use_src) { 424 if (!bacmp(&d->bdaddr, src)) { 425 hdev = d; break; 426 } 427 } else { 428 if (bacmp(&d->bdaddr, dst)) { 429 hdev = d; break; 430 } 431 } 432 } 433 434 if (hdev) 435 hdev = hci_dev_hold(hdev); 436 437 read_unlock_bh(&hci_dev_list_lock); 438 return hdev; 439 } 440 EXPORT_SYMBOL(hci_get_route); 441 442 /* Create SCO, ACL or LE connection. 443 * Device _must_ be locked */ 444 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) 445 { 446 struct hci_conn *acl; 447 struct hci_conn *sco; 448 struct hci_conn *le; 449 450 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 451 452 if (type == LE_LINK) { 453 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); 454 if (le) 455 return ERR_PTR(-EBUSY); 456 le = hci_conn_add(hdev, LE_LINK, dst); 457 if (!le) 458 return ERR_PTR(-ENOMEM); 459 if (le->state == BT_OPEN) 460 hci_le_connect(le); 461 462 hci_conn_hold(le); 463 464 return le; 465 } 466 467 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 468 if (!acl) { 469 acl = hci_conn_add(hdev, ACL_LINK, dst); 470 if (!acl) 471 return NULL; 472 } 473 474 hci_conn_hold(acl); 475 476 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 477 acl->sec_level = BT_SECURITY_LOW; 478 acl->pending_sec_level = sec_level; 479 acl->auth_type = auth_type; 480 hci_acl_connect(acl); 481 } 482 483 if (type == ACL_LINK) 484 return acl; 485 486 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 487 if (!sco) { 488 sco = hci_conn_add(hdev, type, dst); 489 if (!sco) { 490 hci_conn_put(acl); 491 return NULL; 492 } 493 } 494 495 acl->link = sco; 496 sco->link = acl; 497 498 hci_conn_hold(sco); 499 500 if (acl->state == BT_CONNECTED && 501 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 502 acl->power_save = 1; 503 hci_conn_enter_active_mode(acl); 504 505 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { 506 /* defer SCO setup until mode change completed */ 507 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend); 508 return sco; 509 } 510 511 hci_sco_setup(acl, 0x00); 512 } 513 514 return sco; 515 } 516 EXPORT_SYMBOL(hci_connect); 517 518 /* Check link security requirement */ 519 int hci_conn_check_link_mode(struct hci_conn *conn) 520 { 521 BT_DBG("conn %p", conn); 522 523 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 524 !(conn->link_mode & HCI_LM_ENCRYPT)) 525 return 0; 526 527 return 1; 528 } 529 EXPORT_SYMBOL(hci_conn_check_link_mode); 530 531 /* Authenticate remote device */ 532 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 533 { 534 BT_DBG("conn %p", conn); 535 536 if (conn->pending_sec_level > sec_level) 537 sec_level = conn->pending_sec_level; 538 539 if (sec_level > conn->sec_level) 540 conn->pending_sec_level = sec_level; 541 else if (conn->link_mode & HCI_LM_AUTH) 542 return 1; 543 544 /* Make sure we preserve an existing MITM requirement*/ 545 auth_type |= (conn->auth_type & 0x01); 546 547 conn->auth_type = auth_type; 548 549 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 550 struct hci_cp_auth_requested cp; 551 cp.handle = cpu_to_le16(conn->handle); 552 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 553 sizeof(cp), &cp); 554 } 555 556 return 0; 557 } 558 559 /* Encrypt the the link */ 560 static void hci_conn_encrypt(struct hci_conn *conn) 561 { 562 BT_DBG("conn %p", conn); 563 564 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 565 struct hci_cp_set_conn_encrypt cp; 566 cp.handle = cpu_to_le16(conn->handle); 567 cp.encrypt = 0x01; 568 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 569 &cp); 570 } 571 } 572 573 /* Enable security */ 574 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 575 { 576 BT_DBG("conn %p", conn); 577 578 /* For sdp we don't need the link key. */ 579 if (sec_level == BT_SECURITY_SDP) 580 return 1; 581 582 /* For non 2.1 devices and low security level we don't need the link 583 key. */ 584 if (sec_level == BT_SECURITY_LOW && 585 (!conn->ssp_mode || !conn->hdev->ssp_mode)) 586 return 1; 587 588 /* For other security levels we need the link key. */ 589 if (!(conn->link_mode & HCI_LM_AUTH)) 590 goto auth; 591 592 /* An authenticated combination key has sufficient security for any 593 security level. */ 594 if (conn->key_type == HCI_LK_AUTH_COMBINATION) 595 goto encrypt; 596 597 /* An unauthenticated combination key has sufficient security for 598 security level 1 and 2. */ 599 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION && 600 (sec_level == BT_SECURITY_MEDIUM || 601 sec_level == BT_SECURITY_LOW)) 602 goto encrypt; 603 604 /* A combination key has always sufficient security for the security 605 levels 1 or 2. High security level requires the combination key 606 is generated using maximum PIN code length (16). 607 For pre 2.1 units. */ 608 if (conn->key_type == HCI_LK_COMBINATION && 609 (sec_level != BT_SECURITY_HIGH || 610 conn->pin_length == 16)) 611 goto encrypt; 612 613 auth: 614 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 615 return 0; 616 617 if (!hci_conn_auth(conn, sec_level, auth_type)) 618 return 0; 619 620 encrypt: 621 if (conn->link_mode & HCI_LM_ENCRYPT) 622 return 1; 623 624 hci_conn_encrypt(conn); 625 return 0; 626 } 627 EXPORT_SYMBOL(hci_conn_security); 628 629 /* Check secure link requirement */ 630 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 631 { 632 BT_DBG("conn %p", conn); 633 634 if (sec_level != BT_SECURITY_HIGH) 635 return 1; /* Accept if non-secure is required */ 636 637 if (conn->key_type == HCI_LK_AUTH_COMBINATION || 638 (conn->key_type == HCI_LK_COMBINATION && 639 conn->pin_length == 16)) 640 return 1; 641 642 return 0; /* Reject not secure link */ 643 } 644 EXPORT_SYMBOL(hci_conn_check_secure); 645 646 /* Change link key */ 647 int hci_conn_change_link_key(struct hci_conn *conn) 648 { 649 BT_DBG("conn %p", conn); 650 651 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 652 struct hci_cp_change_conn_link_key cp; 653 cp.handle = cpu_to_le16(conn->handle); 654 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 655 sizeof(cp), &cp); 656 } 657 658 return 0; 659 } 660 EXPORT_SYMBOL(hci_conn_change_link_key); 661 662 /* Switch role */ 663 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 664 { 665 BT_DBG("conn %p", conn); 666 667 if (!role && conn->link_mode & HCI_LM_MASTER) 668 return 1; 669 670 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 671 struct hci_cp_switch_role cp; 672 bacpy(&cp.bdaddr, &conn->dst); 673 cp.role = role; 674 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 675 } 676 677 return 0; 678 } 679 EXPORT_SYMBOL(hci_conn_switch_role); 680 681 /* Enter active mode */ 682 void hci_conn_enter_active_mode(struct hci_conn *conn) 683 { 684 struct hci_dev *hdev = conn->hdev; 685 686 BT_DBG("conn %p mode %d", conn, conn->mode); 687 688 if (test_bit(HCI_RAW, &hdev->flags)) 689 return; 690 691 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 692 goto timer; 693 694 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 695 struct hci_cp_exit_sniff_mode cp; 696 cp.handle = cpu_to_le16(conn->handle); 697 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 698 } 699 700 timer: 701 if (hdev->idle_timeout > 0) 702 mod_timer(&conn->idle_timer, 703 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 704 } 705 706 /* Enter sniff mode */ 707 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 708 { 709 struct hci_dev *hdev = conn->hdev; 710 711 BT_DBG("conn %p mode %d", conn, conn->mode); 712 713 if (test_bit(HCI_RAW, &hdev->flags)) 714 return; 715 716 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 717 return; 718 719 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 720 return; 721 722 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 723 struct hci_cp_sniff_subrate cp; 724 cp.handle = cpu_to_le16(conn->handle); 725 cp.max_latency = cpu_to_le16(0); 726 cp.min_remote_timeout = cpu_to_le16(0); 727 cp.min_local_timeout = cpu_to_le16(0); 728 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 729 } 730 731 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 732 struct hci_cp_sniff_mode cp; 733 cp.handle = cpu_to_le16(conn->handle); 734 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 735 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 736 cp.attempt = cpu_to_le16(4); 737 cp.timeout = cpu_to_le16(1); 738 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 739 } 740 } 741 742 /* Drop all connection on the device */ 743 void hci_conn_hash_flush(struct hci_dev *hdev) 744 { 745 struct hci_conn_hash *h = &hdev->conn_hash; 746 struct list_head *p; 747 748 BT_DBG("hdev %s", hdev->name); 749 750 p = h->list.next; 751 while (p != &h->list) { 752 struct hci_conn *c; 753 754 c = list_entry(p, struct hci_conn, list); 755 p = p->next; 756 757 c->state = BT_CLOSED; 758 759 hci_proto_disconn_cfm(c, 0x16); 760 hci_conn_del(c); 761 } 762 } 763 764 /* Check pending connect attempts */ 765 void hci_conn_check_pending(struct hci_dev *hdev) 766 { 767 struct hci_conn *conn; 768 769 BT_DBG("hdev %s", hdev->name); 770 771 hci_dev_lock(hdev); 772 773 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 774 if (conn) 775 hci_acl_connect(conn); 776 777 hci_dev_unlock(hdev); 778 } 779 780 void hci_conn_hold_device(struct hci_conn *conn) 781 { 782 atomic_inc(&conn->devref); 783 } 784 EXPORT_SYMBOL(hci_conn_hold_device); 785 786 void hci_conn_put_device(struct hci_conn *conn) 787 { 788 if (atomic_dec_and_test(&conn->devref)) 789 hci_conn_del_sysfs(conn); 790 } 791 EXPORT_SYMBOL(hci_conn_put_device); 792 793 int hci_get_conn_list(void __user *arg) 794 { 795 struct hci_conn_list_req req, *cl; 796 struct hci_conn_info *ci; 797 struct hci_dev *hdev; 798 struct list_head *p; 799 int n = 0, size, err; 800 801 if (copy_from_user(&req, arg, sizeof(req))) 802 return -EFAULT; 803 804 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 805 return -EINVAL; 806 807 size = sizeof(req) + req.conn_num * sizeof(*ci); 808 809 cl = kmalloc(size, GFP_KERNEL); 810 if (!cl) 811 return -ENOMEM; 812 813 hdev = hci_dev_get(req.dev_id); 814 if (!hdev) { 815 kfree(cl); 816 return -ENODEV; 817 } 818 819 ci = cl->conn_info; 820 821 hci_dev_lock_bh(hdev); 822 list_for_each(p, &hdev->conn_hash.list) { 823 register struct hci_conn *c; 824 c = list_entry(p, struct hci_conn, list); 825 826 bacpy(&(ci + n)->bdaddr, &c->dst); 827 (ci + n)->handle = c->handle; 828 (ci + n)->type = c->type; 829 (ci + n)->out = c->out; 830 (ci + n)->state = c->state; 831 (ci + n)->link_mode = c->link_mode; 832 if (++n >= req.conn_num) 833 break; 834 } 835 hci_dev_unlock_bh(hdev); 836 837 cl->dev_id = hdev->id; 838 cl->conn_num = n; 839 size = sizeof(req) + n * sizeof(*ci); 840 841 hci_dev_put(hdev); 842 843 err = copy_to_user(arg, cl, size); 844 kfree(cl); 845 846 return err ? -EFAULT : 0; 847 } 848 849 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 850 { 851 struct hci_conn_info_req req; 852 struct hci_conn_info ci; 853 struct hci_conn *conn; 854 char __user *ptr = arg + sizeof(req); 855 856 if (copy_from_user(&req, arg, sizeof(req))) 857 return -EFAULT; 858 859 hci_dev_lock_bh(hdev); 860 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 861 if (conn) { 862 bacpy(&ci.bdaddr, &conn->dst); 863 ci.handle = conn->handle; 864 ci.type = conn->type; 865 ci.out = conn->out; 866 ci.state = conn->state; 867 ci.link_mode = conn->link_mode; 868 } 869 hci_dev_unlock_bh(hdev); 870 871 if (!conn) 872 return -ENOENT; 873 874 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 875 } 876 877 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 878 { 879 struct hci_auth_info_req req; 880 struct hci_conn *conn; 881 882 if (copy_from_user(&req, arg, sizeof(req))) 883 return -EFAULT; 884 885 hci_dev_lock_bh(hdev); 886 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 887 if (conn) 888 req.type = conn->auth_type; 889 hci_dev_unlock_bh(hdev); 890 891 if (!conn) 892 return -ENOENT; 893 894 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 895 } 896