1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <linux/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 static void hci_le_connect(struct hci_conn *conn) 49 { 50 struct hci_dev *hdev = conn->hdev; 51 struct hci_cp_le_create_conn cp; 52 53 conn->state = BT_CONNECT; 54 conn->out = 1; 55 conn->link_mode |= HCI_LM_MASTER; 56 conn->sec_level = BT_SECURITY_LOW; 57 58 memset(&cp, 0, sizeof(cp)); 59 cp.scan_interval = cpu_to_le16(0x0060); 60 cp.scan_window = cpu_to_le16(0x0030); 61 bacpy(&cp.peer_addr, &conn->dst); 62 cp.peer_addr_type = conn->dst_type; 63 cp.conn_interval_min = cpu_to_le16(0x0028); 64 cp.conn_interval_max = cpu_to_le16(0x0038); 65 cp.supervision_timeout = cpu_to_le16(0x002a); 66 cp.min_ce_len = cpu_to_le16(0x0000); 67 cp.max_ce_len = cpu_to_le16(0x0000); 68 69 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); 70 } 71 72 static void hci_le_connect_cancel(struct hci_conn *conn) 73 { 74 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL); 75 } 76 77 void hci_acl_connect(struct hci_conn *conn) 78 { 79 struct hci_dev *hdev = conn->hdev; 80 struct inquiry_entry *ie; 81 struct hci_cp_create_conn cp; 82 83 BT_DBG("%p", conn); 84 85 conn->state = BT_CONNECT; 86 conn->out = 1; 87 88 conn->link_mode = HCI_LM_MASTER; 89 90 conn->attempt++; 91 92 conn->link_policy = hdev->link_policy; 93 94 memset(&cp, 0, sizeof(cp)); 95 bacpy(&cp.bdaddr, &conn->dst); 96 cp.pscan_rep_mode = 0x02; 97 98 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 99 if (ie) { 100 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 101 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 102 cp.pscan_mode = ie->data.pscan_mode; 103 cp.clock_offset = ie->data.clock_offset | 104 cpu_to_le16(0x8000); 105 } 106 107 memcpy(conn->dev_class, ie->data.dev_class, 3); 108 conn->ssp_mode = ie->data.ssp_mode; 109 } 110 111 cp.pkt_type = cpu_to_le16(conn->pkt_type); 112 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 113 cp.role_switch = 0x01; 114 else 115 cp.role_switch = 0x00; 116 117 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 118 } 119 120 static void hci_acl_connect_cancel(struct hci_conn *conn) 121 { 122 struct hci_cp_create_conn_cancel cp; 123 124 BT_DBG("%p", conn); 125 126 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2) 127 return; 128 129 bacpy(&cp.bdaddr, &conn->dst); 130 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 131 } 132 133 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 134 { 135 struct hci_cp_disconnect cp; 136 137 BT_DBG("%p", conn); 138 139 conn->state = BT_DISCONN; 140 141 cp.handle = cpu_to_le16(conn->handle); 142 cp.reason = reason; 143 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 144 } 145 146 void hci_add_sco(struct hci_conn *conn, __u16 handle) 147 { 148 struct hci_dev *hdev = conn->hdev; 149 struct hci_cp_add_sco cp; 150 151 BT_DBG("%p", conn); 152 153 conn->state = BT_CONNECT; 154 conn->out = 1; 155 156 conn->attempt++; 157 158 cp.handle = cpu_to_le16(handle); 159 cp.pkt_type = cpu_to_le16(conn->pkt_type); 160 161 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 162 } 163 164 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 165 { 166 struct hci_dev *hdev = conn->hdev; 167 struct hci_cp_setup_sync_conn cp; 168 169 BT_DBG("%p", conn); 170 171 conn->state = BT_CONNECT; 172 conn->out = 1; 173 174 conn->attempt++; 175 176 cp.handle = cpu_to_le16(handle); 177 cp.pkt_type = cpu_to_le16(conn->pkt_type); 178 179 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 180 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 181 cp.max_latency = cpu_to_le16(0xffff); 182 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 183 cp.retrans_effort = 0xff; 184 185 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 186 } 187 188 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, 189 u16 latency, u16 to_multiplier) 190 { 191 struct hci_cp_le_conn_update cp; 192 struct hci_dev *hdev = conn->hdev; 193 194 memset(&cp, 0, sizeof(cp)); 195 196 cp.handle = cpu_to_le16(conn->handle); 197 cp.conn_interval_min = cpu_to_le16(min); 198 cp.conn_interval_max = cpu_to_le16(max); 199 cp.conn_latency = cpu_to_le16(latency); 200 cp.supervision_timeout = cpu_to_le16(to_multiplier); 201 cp.min_ce_len = cpu_to_le16(0x0001); 202 cp.max_ce_len = cpu_to_le16(0x0001); 203 204 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); 205 } 206 EXPORT_SYMBOL(hci_le_conn_update); 207 208 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8], 209 __u8 ltk[16]) 210 { 211 struct hci_dev *hdev = conn->hdev; 212 struct hci_cp_le_start_enc cp; 213 214 BT_DBG("%p", conn); 215 216 memset(&cp, 0, sizeof(cp)); 217 218 cp.handle = cpu_to_le16(conn->handle); 219 memcpy(cp.ltk, ltk, sizeof(cp.ltk)); 220 cp.ediv = ediv; 221 memcpy(cp.rand, rand, sizeof(cp.rand)); 222 223 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); 224 } 225 EXPORT_SYMBOL(hci_le_start_enc); 226 227 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) 228 { 229 struct hci_dev *hdev = conn->hdev; 230 struct hci_cp_le_ltk_reply cp; 231 232 BT_DBG("%p", conn); 233 234 memset(&cp, 0, sizeof(cp)); 235 236 cp.handle = cpu_to_le16(conn->handle); 237 memcpy(cp.ltk, ltk, sizeof(ltk)); 238 239 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 240 } 241 EXPORT_SYMBOL(hci_le_ltk_reply); 242 243 void hci_le_ltk_neg_reply(struct hci_conn *conn) 244 { 245 struct hci_dev *hdev = conn->hdev; 246 struct hci_cp_le_ltk_neg_reply cp; 247 248 BT_DBG("%p", conn); 249 250 memset(&cp, 0, sizeof(cp)); 251 252 cp.handle = cpu_to_le16(conn->handle); 253 254 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp); 255 } 256 257 /* Device _must_ be locked */ 258 void hci_sco_setup(struct hci_conn *conn, __u8 status) 259 { 260 struct hci_conn *sco = conn->link; 261 262 BT_DBG("%p", conn); 263 264 if (!sco) 265 return; 266 267 if (!status) { 268 if (lmp_esco_capable(conn->hdev)) 269 hci_setup_sync(sco, conn->handle); 270 else 271 hci_add_sco(sco, conn->handle); 272 } else { 273 hci_proto_connect_cfm(sco, status); 274 hci_conn_del(sco); 275 } 276 } 277 278 static void hci_conn_timeout(unsigned long arg) 279 { 280 struct hci_conn *conn = (void *) arg; 281 struct hci_dev *hdev = conn->hdev; 282 __u8 reason; 283 284 BT_DBG("conn %p state %d", conn, conn->state); 285 286 if (atomic_read(&conn->refcnt)) 287 return; 288 289 hci_dev_lock(hdev); 290 291 switch (conn->state) { 292 case BT_CONNECT: 293 case BT_CONNECT2: 294 if (conn->out) { 295 if (conn->type == ACL_LINK) 296 hci_acl_connect_cancel(conn); 297 else if (conn->type == LE_LINK) 298 hci_le_connect_cancel(conn); 299 } 300 break; 301 case BT_CONFIG: 302 case BT_CONNECTED: 303 reason = hci_proto_disconn_ind(conn); 304 hci_acl_disconn(conn, reason); 305 break; 306 default: 307 conn->state = BT_CLOSED; 308 break; 309 } 310 311 hci_dev_unlock(hdev); 312 } 313 314 static void hci_conn_idle(unsigned long arg) 315 { 316 struct hci_conn *conn = (void *) arg; 317 318 BT_DBG("conn %p mode %d", conn, conn->mode); 319 320 hci_conn_enter_sniff_mode(conn); 321 } 322 323 static void hci_conn_auto_accept(unsigned long arg) 324 { 325 struct hci_conn *conn = (void *) arg; 326 struct hci_dev *hdev = conn->hdev; 327 328 hci_dev_lock(hdev); 329 330 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), 331 &conn->dst); 332 333 hci_dev_unlock(hdev); 334 } 335 336 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 337 { 338 struct hci_conn *conn; 339 340 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 341 342 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 343 if (!conn) 344 return NULL; 345 346 bacpy(&conn->dst, dst); 347 conn->hdev = hdev; 348 conn->type = type; 349 conn->mode = HCI_CM_ACTIVE; 350 conn->state = BT_OPEN; 351 conn->auth_type = HCI_AT_GENERAL_BONDING; 352 conn->io_capability = hdev->io_capability; 353 conn->remote_auth = 0xff; 354 conn->key_type = 0xff; 355 356 conn->power_save = 1; 357 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 358 359 switch (type) { 360 case ACL_LINK: 361 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 362 break; 363 case SCO_LINK: 364 if (lmp_esco_capable(hdev)) 365 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 366 (hdev->esco_type & EDR_ESCO_MASK); 367 else 368 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 369 break; 370 case ESCO_LINK: 371 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 372 break; 373 } 374 375 skb_queue_head_init(&conn->data_q); 376 377 hci_chan_hash_init(conn); 378 379 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 380 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 381 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept, 382 (unsigned long) conn); 383 384 atomic_set(&conn->refcnt, 0); 385 386 hci_dev_hold(hdev); 387 388 tasklet_disable(&hdev->tx_task); 389 390 hci_conn_hash_add(hdev, conn); 391 if (hdev->notify) 392 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 393 394 atomic_set(&conn->devref, 0); 395 396 hci_conn_init_sysfs(conn); 397 398 tasklet_enable(&hdev->tx_task); 399 400 return conn; 401 } 402 403 int hci_conn_del(struct hci_conn *conn) 404 { 405 struct hci_dev *hdev = conn->hdev; 406 407 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 408 409 del_timer(&conn->idle_timer); 410 411 del_timer(&conn->disc_timer); 412 413 del_timer(&conn->auto_accept_timer); 414 415 if (conn->type == ACL_LINK) { 416 struct hci_conn *sco = conn->link; 417 if (sco) 418 sco->link = NULL; 419 420 /* Unacked frames */ 421 hdev->acl_cnt += conn->sent; 422 } else if (conn->type == LE_LINK) { 423 if (hdev->le_pkts) 424 hdev->le_cnt += conn->sent; 425 else 426 hdev->acl_cnt += conn->sent; 427 } else { 428 struct hci_conn *acl = conn->link; 429 if (acl) { 430 acl->link = NULL; 431 hci_conn_put(acl); 432 } 433 } 434 435 tasklet_disable(&hdev->tx_task); 436 437 hci_chan_hash_flush(conn); 438 439 hci_conn_hash_del(hdev, conn); 440 if (hdev->notify) 441 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 442 443 tasklet_enable(&hdev->tx_task); 444 445 skb_queue_purge(&conn->data_q); 446 447 hci_conn_put_device(conn); 448 449 hci_dev_put(hdev); 450 451 if (conn->handle == 0) 452 kfree(conn); 453 454 return 0; 455 } 456 457 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 458 { 459 int use_src = bacmp(src, BDADDR_ANY); 460 struct hci_dev *hdev = NULL, *d; 461 462 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 463 464 read_lock_bh(&hci_dev_list_lock); 465 466 list_for_each_entry(d, &hci_dev_list, list) { 467 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 468 continue; 469 470 /* Simple routing: 471 * No source address - find interface with bdaddr != dst 472 * Source address - find interface with bdaddr == src 473 */ 474 475 if (use_src) { 476 if (!bacmp(&d->bdaddr, src)) { 477 hdev = d; break; 478 } 479 } else { 480 if (bacmp(&d->bdaddr, dst)) { 481 hdev = d; break; 482 } 483 } 484 } 485 486 if (hdev) 487 hdev = hci_dev_hold(hdev); 488 489 read_unlock_bh(&hci_dev_list_lock); 490 return hdev; 491 } 492 EXPORT_SYMBOL(hci_get_route); 493 494 /* Create SCO, ACL or LE connection. 495 * Device _must_ be locked */ 496 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) 497 { 498 struct hci_conn *acl; 499 struct hci_conn *sco; 500 struct hci_conn *le; 501 502 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 503 504 if (type == LE_LINK) { 505 struct adv_entry *entry; 506 507 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); 508 if (le) 509 return ERR_PTR(-EBUSY); 510 511 entry = hci_find_adv_entry(hdev, dst); 512 if (!entry) 513 return ERR_PTR(-EHOSTUNREACH); 514 515 le = hci_conn_add(hdev, LE_LINK, dst); 516 if (!le) 517 return ERR_PTR(-ENOMEM); 518 519 le->dst_type = entry->bdaddr_type; 520 521 hci_le_connect(le); 522 523 hci_conn_hold(le); 524 525 return le; 526 } 527 528 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 529 if (!acl) { 530 acl = hci_conn_add(hdev, ACL_LINK, dst); 531 if (!acl) 532 return NULL; 533 } 534 535 hci_conn_hold(acl); 536 537 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 538 acl->sec_level = BT_SECURITY_LOW; 539 acl->pending_sec_level = sec_level; 540 acl->auth_type = auth_type; 541 hci_acl_connect(acl); 542 } 543 544 if (type == ACL_LINK) 545 return acl; 546 547 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 548 if (!sco) { 549 sco = hci_conn_add(hdev, type, dst); 550 if (!sco) { 551 hci_conn_put(acl); 552 return NULL; 553 } 554 } 555 556 acl->link = sco; 557 sco->link = acl; 558 559 hci_conn_hold(sco); 560 561 if (acl->state == BT_CONNECTED && 562 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 563 acl->power_save = 1; 564 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); 565 566 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { 567 /* defer SCO setup until mode change completed */ 568 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend); 569 return sco; 570 } 571 572 hci_sco_setup(acl, 0x00); 573 } 574 575 return sco; 576 } 577 EXPORT_SYMBOL(hci_connect); 578 579 /* Check link security requirement */ 580 int hci_conn_check_link_mode(struct hci_conn *conn) 581 { 582 BT_DBG("conn %p", conn); 583 584 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 585 !(conn->link_mode & HCI_LM_ENCRYPT)) 586 return 0; 587 588 return 1; 589 } 590 EXPORT_SYMBOL(hci_conn_check_link_mode); 591 592 /* Authenticate remote device */ 593 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 594 { 595 BT_DBG("conn %p", conn); 596 597 if (conn->pending_sec_level > sec_level) 598 sec_level = conn->pending_sec_level; 599 600 if (sec_level > conn->sec_level) 601 conn->pending_sec_level = sec_level; 602 else if (conn->link_mode & HCI_LM_AUTH) 603 return 1; 604 605 /* Make sure we preserve an existing MITM requirement*/ 606 auth_type |= (conn->auth_type & 0x01); 607 608 conn->auth_type = auth_type; 609 610 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 611 struct hci_cp_auth_requested cp; 612 cp.handle = cpu_to_le16(conn->handle); 613 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 614 sizeof(cp), &cp); 615 if (conn->key_type != 0xff) 616 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend); 617 } 618 619 return 0; 620 } 621 622 /* Encrypt the the link */ 623 static void hci_conn_encrypt(struct hci_conn *conn) 624 { 625 BT_DBG("conn %p", conn); 626 627 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 628 struct hci_cp_set_conn_encrypt cp; 629 cp.handle = cpu_to_le16(conn->handle); 630 cp.encrypt = 0x01; 631 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 632 &cp); 633 } 634 } 635 636 /* Enable security */ 637 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 638 { 639 BT_DBG("conn %p", conn); 640 641 /* For sdp we don't need the link key. */ 642 if (sec_level == BT_SECURITY_SDP) 643 return 1; 644 645 /* For non 2.1 devices and low security level we don't need the link 646 key. */ 647 if (sec_level == BT_SECURITY_LOW && 648 (!conn->ssp_mode || !conn->hdev->ssp_mode)) 649 return 1; 650 651 /* For other security levels we need the link key. */ 652 if (!(conn->link_mode & HCI_LM_AUTH)) 653 goto auth; 654 655 /* An authenticated combination key has sufficient security for any 656 security level. */ 657 if (conn->key_type == HCI_LK_AUTH_COMBINATION) 658 goto encrypt; 659 660 /* An unauthenticated combination key has sufficient security for 661 security level 1 and 2. */ 662 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION && 663 (sec_level == BT_SECURITY_MEDIUM || 664 sec_level == BT_SECURITY_LOW)) 665 goto encrypt; 666 667 /* A combination key has always sufficient security for the security 668 levels 1 or 2. High security level requires the combination key 669 is generated using maximum PIN code length (16). 670 For pre 2.1 units. */ 671 if (conn->key_type == HCI_LK_COMBINATION && 672 (sec_level != BT_SECURITY_HIGH || 673 conn->pin_length == 16)) 674 goto encrypt; 675 676 auth: 677 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 678 return 0; 679 680 if (!hci_conn_auth(conn, sec_level, auth_type)) 681 return 0; 682 683 encrypt: 684 if (conn->link_mode & HCI_LM_ENCRYPT) 685 return 1; 686 687 hci_conn_encrypt(conn); 688 return 0; 689 } 690 EXPORT_SYMBOL(hci_conn_security); 691 692 /* Check secure link requirement */ 693 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 694 { 695 BT_DBG("conn %p", conn); 696 697 if (sec_level != BT_SECURITY_HIGH) 698 return 1; /* Accept if non-secure is required */ 699 700 if (conn->sec_level == BT_SECURITY_HIGH) 701 return 1; 702 703 return 0; /* Reject not secure link */ 704 } 705 EXPORT_SYMBOL(hci_conn_check_secure); 706 707 /* Change link key */ 708 int hci_conn_change_link_key(struct hci_conn *conn) 709 { 710 BT_DBG("conn %p", conn); 711 712 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 713 struct hci_cp_change_conn_link_key cp; 714 cp.handle = cpu_to_le16(conn->handle); 715 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 716 sizeof(cp), &cp); 717 } 718 719 return 0; 720 } 721 EXPORT_SYMBOL(hci_conn_change_link_key); 722 723 /* Switch role */ 724 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 725 { 726 BT_DBG("conn %p", conn); 727 728 if (!role && conn->link_mode & HCI_LM_MASTER) 729 return 1; 730 731 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 732 struct hci_cp_switch_role cp; 733 bacpy(&cp.bdaddr, &conn->dst); 734 cp.role = role; 735 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 736 } 737 738 return 0; 739 } 740 EXPORT_SYMBOL(hci_conn_switch_role); 741 742 /* Enter active mode */ 743 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) 744 { 745 struct hci_dev *hdev = conn->hdev; 746 747 BT_DBG("conn %p mode %d", conn, conn->mode); 748 749 if (test_bit(HCI_RAW, &hdev->flags)) 750 return; 751 752 if (conn->mode != HCI_CM_SNIFF) 753 goto timer; 754 755 if (!conn->power_save && !force_active) 756 goto timer; 757 758 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 759 struct hci_cp_exit_sniff_mode cp; 760 cp.handle = cpu_to_le16(conn->handle); 761 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 762 } 763 764 timer: 765 if (hdev->idle_timeout > 0) 766 mod_timer(&conn->idle_timer, 767 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 768 } 769 770 /* Enter sniff mode */ 771 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 772 { 773 struct hci_dev *hdev = conn->hdev; 774 775 BT_DBG("conn %p mode %d", conn, conn->mode); 776 777 if (test_bit(HCI_RAW, &hdev->flags)) 778 return; 779 780 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 781 return; 782 783 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 784 return; 785 786 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 787 struct hci_cp_sniff_subrate cp; 788 cp.handle = cpu_to_le16(conn->handle); 789 cp.max_latency = cpu_to_le16(0); 790 cp.min_remote_timeout = cpu_to_le16(0); 791 cp.min_local_timeout = cpu_to_le16(0); 792 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 793 } 794 795 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 796 struct hci_cp_sniff_mode cp; 797 cp.handle = cpu_to_le16(conn->handle); 798 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 799 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 800 cp.attempt = cpu_to_le16(4); 801 cp.timeout = cpu_to_le16(1); 802 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 803 } 804 } 805 806 /* Drop all connection on the device */ 807 void hci_conn_hash_flush(struct hci_dev *hdev) 808 { 809 struct hci_conn_hash *h = &hdev->conn_hash; 810 struct list_head *p; 811 812 BT_DBG("hdev %s", hdev->name); 813 814 p = h->list.next; 815 while (p != &h->list) { 816 struct hci_conn *c; 817 818 c = list_entry(p, struct hci_conn, list); 819 p = p->next; 820 821 c->state = BT_CLOSED; 822 823 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM); 824 hci_conn_del(c); 825 } 826 } 827 828 /* Check pending connect attempts */ 829 void hci_conn_check_pending(struct hci_dev *hdev) 830 { 831 struct hci_conn *conn; 832 833 BT_DBG("hdev %s", hdev->name); 834 835 hci_dev_lock(hdev); 836 837 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 838 if (conn) 839 hci_acl_connect(conn); 840 841 hci_dev_unlock(hdev); 842 } 843 844 void hci_conn_hold_device(struct hci_conn *conn) 845 { 846 atomic_inc(&conn->devref); 847 } 848 EXPORT_SYMBOL(hci_conn_hold_device); 849 850 void hci_conn_put_device(struct hci_conn *conn) 851 { 852 if (atomic_dec_and_test(&conn->devref)) 853 hci_conn_del_sysfs(conn); 854 } 855 EXPORT_SYMBOL(hci_conn_put_device); 856 857 int hci_get_conn_list(void __user *arg) 858 { 859 register struct hci_conn *c; 860 struct hci_conn_list_req req, *cl; 861 struct hci_conn_info *ci; 862 struct hci_dev *hdev; 863 int n = 0, size, err; 864 865 if (copy_from_user(&req, arg, sizeof(req))) 866 return -EFAULT; 867 868 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 869 return -EINVAL; 870 871 size = sizeof(req) + req.conn_num * sizeof(*ci); 872 873 cl = kmalloc(size, GFP_KERNEL); 874 if (!cl) 875 return -ENOMEM; 876 877 hdev = hci_dev_get(req.dev_id); 878 if (!hdev) { 879 kfree(cl); 880 return -ENODEV; 881 } 882 883 ci = cl->conn_info; 884 885 hci_dev_lock_bh(hdev); 886 list_for_each_entry(c, &hdev->conn_hash.list, list) { 887 bacpy(&(ci + n)->bdaddr, &c->dst); 888 (ci + n)->handle = c->handle; 889 (ci + n)->type = c->type; 890 (ci + n)->out = c->out; 891 (ci + n)->state = c->state; 892 (ci + n)->link_mode = c->link_mode; 893 if (++n >= req.conn_num) 894 break; 895 } 896 hci_dev_unlock_bh(hdev); 897 898 cl->dev_id = hdev->id; 899 cl->conn_num = n; 900 size = sizeof(req) + n * sizeof(*ci); 901 902 hci_dev_put(hdev); 903 904 err = copy_to_user(arg, cl, size); 905 kfree(cl); 906 907 return err ? -EFAULT : 0; 908 } 909 910 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 911 { 912 struct hci_conn_info_req req; 913 struct hci_conn_info ci; 914 struct hci_conn *conn; 915 char __user *ptr = arg + sizeof(req); 916 917 if (copy_from_user(&req, arg, sizeof(req))) 918 return -EFAULT; 919 920 hci_dev_lock_bh(hdev); 921 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 922 if (conn) { 923 bacpy(&ci.bdaddr, &conn->dst); 924 ci.handle = conn->handle; 925 ci.type = conn->type; 926 ci.out = conn->out; 927 ci.state = conn->state; 928 ci.link_mode = conn->link_mode; 929 } 930 hci_dev_unlock_bh(hdev); 931 932 if (!conn) 933 return -ENOENT; 934 935 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 936 } 937 938 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 939 { 940 struct hci_auth_info_req req; 941 struct hci_conn *conn; 942 943 if (copy_from_user(&req, arg, sizeof(req))) 944 return -EFAULT; 945 946 hci_dev_lock_bh(hdev); 947 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 948 if (conn) 949 req.type = conn->auth_type; 950 hci_dev_unlock_bh(hdev); 951 952 if (!conn) 953 return -ENOENT; 954 955 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 956 } 957 958 struct hci_chan *hci_chan_create(struct hci_conn *conn) 959 { 960 struct hci_dev *hdev = conn->hdev; 961 struct hci_chan *chan; 962 963 BT_DBG("%s conn %p", hdev->name, conn); 964 965 chan = kzalloc(sizeof(struct hci_chan), GFP_ATOMIC); 966 if (!chan) 967 return NULL; 968 969 chan->conn = conn; 970 skb_queue_head_init(&chan->data_q); 971 972 tasklet_disable(&hdev->tx_task); 973 hci_chan_hash_add(conn, chan); 974 tasklet_enable(&hdev->tx_task); 975 976 return chan; 977 } 978 979 int hci_chan_del(struct hci_chan *chan) 980 { 981 struct hci_conn *conn = chan->conn; 982 struct hci_dev *hdev = conn->hdev; 983 984 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan); 985 986 tasklet_disable(&hdev->tx_task); 987 hci_chan_hash_del(conn, chan); 988 tasklet_enable(&hdev->tx_task); 989 990 skb_queue_purge(&chan->data_q); 991 kfree(chan); 992 993 return 0; 994 } 995 996 void hci_chan_hash_flush(struct hci_conn *conn) 997 { 998 struct hci_chan_hash *h = &conn->chan_hash; 999 struct hci_chan *chan, *tmp; 1000 1001 BT_DBG("conn %p", conn); 1002 1003 list_for_each_entry_safe(chan, tmp, &h->list, list) 1004 hci_chan_del(chan); 1005 } 1006