2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI connection handling. */
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/iso.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "hci_request.h"
48 struct conn_handle_t {
49 struct hci_conn *conn;
53 static const struct sco_param esco_param_cvsd[] = {
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
55 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
56 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
57 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
58 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
61 static const struct sco_param sco_param_cvsd[] = {
62 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
63 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
66 static const struct sco_param esco_param_msbc[] = {
67 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
68 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
71 /* This function requires the caller holds hdev->lock */
72 static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
74 struct hci_conn_params *params;
75 struct hci_dev *hdev = conn->hdev;
81 bdaddr_type = conn->dst_type;
83 /* Check if we need to convert to identity address */
84 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
86 bdaddr = &irk->bdaddr;
87 bdaddr_type = irk->addr_type;
90 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
96 hci_conn_drop(params->conn);
97 hci_conn_put(params->conn);
101 if (!params->explicit_connect)
104 /* If the status indicates successful cancellation of
105 * the attempt (i.e. Unknown Connection Id) there's no point of
106 * notifying failure since we'll go back to keep trying to
107 * connect. The only exception is explicit connect requests
108 * where a timeout + cancel does indicate an actual failure.
110 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
111 mgmt_connect_failed(hdev, &conn->dst, conn->type,
112 conn->dst_type, status);
114 /* The connection attempt was doing scan for new RPA, and is
115 * in scan phase. If params are not associated with any other
116 * autoconnect action, remove them completely. If they are, just unmark
117 * them as waiting for connection, by clearing explicit_connect field.
119 params->explicit_connect = false;
121 list_del_init(¶ms->action);
123 switch (params->auto_connect) {
124 case HCI_AUTO_CONN_EXPLICIT:
125 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
126 /* return instead of break to avoid duplicate scan update */
128 case HCI_AUTO_CONN_DIRECT:
129 case HCI_AUTO_CONN_ALWAYS:
130 list_add(¶ms->action, &hdev->pend_le_conns);
132 case HCI_AUTO_CONN_REPORT:
133 list_add(¶ms->action, &hdev->pend_le_reports);
139 hci_update_passive_scan(hdev);
142 static void hci_conn_cleanup(struct hci_conn *conn)
144 struct hci_dev *hdev = conn->hdev;
146 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
147 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
149 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
150 hci_remove_link_key(hdev, &conn->dst);
152 hci_chan_list_flush(conn);
154 hci_conn_hash_del(hdev, conn);
159 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
160 switch (conn->setting & SCO_AIRMODE_MASK) {
161 case SCO_AIRMODE_CVSD:
162 case SCO_AIRMODE_TRANSP:
164 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
172 hci_conn_del_sysfs(conn);
174 debugfs_remove_recursive(conn->debugfs);
181 static void le_scan_cleanup(struct work_struct *work)
183 struct hci_conn *conn = container_of(work, struct hci_conn,
185 struct hci_dev *hdev = conn->hdev;
186 struct hci_conn *c = NULL;
188 BT_DBG("%s hcon %p", hdev->name, conn);
192 /* Check that the hci_conn is still around */
194 list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) {
201 hci_connect_le_scan_cleanup(conn, 0x00);
202 hci_conn_cleanup(conn);
205 hci_dev_unlock(hdev);
210 static void hci_connect_le_scan_remove(struct hci_conn *conn)
212 BT_DBG("%s hcon %p", conn->hdev->name, conn);
214 /* We can't call hci_conn_del/hci_conn_cleanup here since that
215 * could deadlock with another hci_conn_del() call that's holding
216 * hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work).
217 * Instead, grab temporary extra references to the hci_dev and
218 * hci_conn and perform the necessary cleanup in a separate work
222 hci_dev_hold(conn->hdev);
225 /* Even though we hold a reference to the hdev, many other
226 * things might get cleaned up meanwhile, including the hdev's
227 * own workqueue, so we can't use that for scheduling.
229 schedule_work(&conn->le_scan_cleanup);
232 static void hci_acl_create_connection(struct hci_conn *conn)
234 struct hci_dev *hdev = conn->hdev;
235 struct inquiry_entry *ie;
236 struct hci_cp_create_conn cp;
238 BT_DBG("hcon %p", conn);
240 /* Many controllers disallow HCI Create Connection while it is doing
241 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
242 * Connection. This may cause the MGMT discovering state to become false
243 * without user space's request but it is okay since the MGMT Discovery
244 * APIs do not promise that discovery should be done forever. Instead,
245 * the user space monitors the status of MGMT discovering and it may
246 * request for discovery again when this flag becomes false.
248 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
249 /* Put this connection to "pending" state so that it will be
250 * executed after the inquiry cancel command complete event.
252 conn->state = BT_CONNECT2;
253 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
257 conn->state = BT_CONNECT;
259 conn->role = HCI_ROLE_MASTER;
263 conn->link_policy = hdev->link_policy;
265 memset(&cp, 0, sizeof(cp));
266 bacpy(&cp.bdaddr, &conn->dst);
267 cp.pscan_rep_mode = 0x02;
269 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
271 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
272 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
273 cp.pscan_mode = ie->data.pscan_mode;
274 cp.clock_offset = ie->data.clock_offset |
278 memcpy(conn->dev_class, ie->data.dev_class, 3);
281 cp.pkt_type = cpu_to_le16(conn->pkt_type);
282 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
283 cp.role_switch = 0x01;
285 cp.role_switch = 0x00;
287 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
290 int hci_disconnect(struct hci_conn *conn, __u8 reason)
292 BT_DBG("hcon %p", conn);
294 /* When we are central of an established connection and it enters
295 * the disconnect timeout, then go ahead and try to read the
296 * current clock offset. Processing of the result is done
297 * within the event handling and hci_clock_offset_evt function.
299 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
300 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
301 struct hci_dev *hdev = conn->hdev;
302 struct hci_cp_read_clock_offset clkoff_cp;
304 clkoff_cp.handle = cpu_to_le16(conn->handle);
305 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
309 return hci_abort_conn(conn, reason);
312 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
314 struct hci_dev *hdev = conn->hdev;
315 struct hci_cp_add_sco cp;
317 BT_DBG("hcon %p", conn);
319 conn->state = BT_CONNECT;
324 cp.handle = cpu_to_le16(handle);
325 cp.pkt_type = cpu_to_le16(conn->pkt_type);
327 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
330 static bool find_next_esco_param(struct hci_conn *conn,
331 const struct sco_param *esco_param, int size)
336 for (; conn->attempt <= size; conn->attempt++) {
337 if (lmp_esco_2m_capable(conn->parent) ||
338 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
340 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
341 conn, conn->attempt);
344 return conn->attempt <= size;
347 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
350 __u8 vnd_len, *vnd_data = NULL;
351 struct hci_op_configure_data_path *cmd = NULL;
353 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
358 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
364 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
368 cmd->vnd_len = vnd_len;
369 memcpy(cmd->vnd_data, vnd_data, vnd_len);
371 cmd->direction = 0x00;
372 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
373 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
375 cmd->direction = 0x01;
376 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
377 sizeof(*cmd) + vnd_len, cmd,
386 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
388 struct conn_handle_t *conn_handle = data;
389 struct hci_conn *conn = conn_handle->conn;
390 __u16 handle = conn_handle->handle;
391 struct hci_cp_enhanced_setup_sync_conn cp;
392 const struct sco_param *param;
396 bt_dev_dbg(hdev, "hcon %p", conn);
398 /* for offload use case, codec needs to configured before opening SCO */
399 if (conn->codec.data_path)
400 configure_datapath_sync(hdev, &conn->codec);
402 conn->state = BT_CONNECT;
407 memset(&cp, 0x00, sizeof(cp));
409 cp.handle = cpu_to_le16(handle);
411 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
412 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
414 switch (conn->codec.id) {
416 if (!find_next_esco_param(conn, esco_param_msbc,
417 ARRAY_SIZE(esco_param_msbc)))
420 param = &esco_param_msbc[conn->attempt - 1];
421 cp.tx_coding_format.id = 0x05;
422 cp.rx_coding_format.id = 0x05;
423 cp.tx_codec_frame_size = __cpu_to_le16(60);
424 cp.rx_codec_frame_size = __cpu_to_le16(60);
425 cp.in_bandwidth = __cpu_to_le32(32000);
426 cp.out_bandwidth = __cpu_to_le32(32000);
427 cp.in_coding_format.id = 0x04;
428 cp.out_coding_format.id = 0x04;
429 cp.in_coded_data_size = __cpu_to_le16(16);
430 cp.out_coded_data_size = __cpu_to_le16(16);
431 cp.in_pcm_data_format = 2;
432 cp.out_pcm_data_format = 2;
433 cp.in_pcm_sample_payload_msb_pos = 0;
434 cp.out_pcm_sample_payload_msb_pos = 0;
435 cp.in_data_path = conn->codec.data_path;
436 cp.out_data_path = conn->codec.data_path;
437 cp.in_transport_unit_size = 1;
438 cp.out_transport_unit_size = 1;
441 case BT_CODEC_TRANSPARENT:
442 if (!find_next_esco_param(conn, esco_param_msbc,
443 ARRAY_SIZE(esco_param_msbc)))
445 param = &esco_param_msbc[conn->attempt - 1];
446 cp.tx_coding_format.id = 0x03;
447 cp.rx_coding_format.id = 0x03;
448 cp.tx_codec_frame_size = __cpu_to_le16(60);
449 cp.rx_codec_frame_size = __cpu_to_le16(60);
450 cp.in_bandwidth = __cpu_to_le32(0x1f40);
451 cp.out_bandwidth = __cpu_to_le32(0x1f40);
452 cp.in_coding_format.id = 0x03;
453 cp.out_coding_format.id = 0x03;
454 cp.in_coded_data_size = __cpu_to_le16(16);
455 cp.out_coded_data_size = __cpu_to_le16(16);
456 cp.in_pcm_data_format = 2;
457 cp.out_pcm_data_format = 2;
458 cp.in_pcm_sample_payload_msb_pos = 0;
459 cp.out_pcm_sample_payload_msb_pos = 0;
460 cp.in_data_path = conn->codec.data_path;
461 cp.out_data_path = conn->codec.data_path;
462 cp.in_transport_unit_size = 1;
463 cp.out_transport_unit_size = 1;
467 if (conn->parent && lmp_esco_capable(conn->parent)) {
468 if (!find_next_esco_param(conn, esco_param_cvsd,
469 ARRAY_SIZE(esco_param_cvsd)))
471 param = &esco_param_cvsd[conn->attempt - 1];
473 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
475 param = &sco_param_cvsd[conn->attempt - 1];
477 cp.tx_coding_format.id = 2;
478 cp.rx_coding_format.id = 2;
479 cp.tx_codec_frame_size = __cpu_to_le16(60);
480 cp.rx_codec_frame_size = __cpu_to_le16(60);
481 cp.in_bandwidth = __cpu_to_le32(16000);
482 cp.out_bandwidth = __cpu_to_le32(16000);
483 cp.in_coding_format.id = 4;
484 cp.out_coding_format.id = 4;
485 cp.in_coded_data_size = __cpu_to_le16(16);
486 cp.out_coded_data_size = __cpu_to_le16(16);
487 cp.in_pcm_data_format = 2;
488 cp.out_pcm_data_format = 2;
489 cp.in_pcm_sample_payload_msb_pos = 0;
490 cp.out_pcm_sample_payload_msb_pos = 0;
491 cp.in_data_path = conn->codec.data_path;
492 cp.out_data_path = conn->codec.data_path;
493 cp.in_transport_unit_size = 16;
494 cp.out_transport_unit_size = 16;
500 cp.retrans_effort = param->retrans_effort;
501 cp.pkt_type = __cpu_to_le16(param->pkt_type);
502 cp.max_latency = __cpu_to_le16(param->max_latency);
504 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
510 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
512 struct hci_dev *hdev = conn->hdev;
513 struct hci_cp_setup_sync_conn cp;
514 const struct sco_param *param;
516 bt_dev_dbg(hdev, "hcon %p", conn);
518 conn->state = BT_CONNECT;
523 cp.handle = cpu_to_le16(handle);
525 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
526 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
527 cp.voice_setting = cpu_to_le16(conn->setting);
529 switch (conn->setting & SCO_AIRMODE_MASK) {
530 case SCO_AIRMODE_TRANSP:
531 if (!find_next_esco_param(conn, esco_param_msbc,
532 ARRAY_SIZE(esco_param_msbc)))
534 param = &esco_param_msbc[conn->attempt - 1];
536 case SCO_AIRMODE_CVSD:
537 if (conn->parent && lmp_esco_capable(conn->parent)) {
538 if (!find_next_esco_param(conn, esco_param_cvsd,
539 ARRAY_SIZE(esco_param_cvsd)))
541 param = &esco_param_cvsd[conn->attempt - 1];
543 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
545 param = &sco_param_cvsd[conn->attempt - 1];
552 cp.retrans_effort = param->retrans_effort;
553 cp.pkt_type = __cpu_to_le16(param->pkt_type);
554 cp.max_latency = __cpu_to_le16(param->max_latency);
556 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
562 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
565 struct conn_handle_t *conn_handle;
567 if (enhanced_sync_conn_capable(conn->hdev)) {
568 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
573 conn_handle->conn = conn;
574 conn_handle->handle = handle;
575 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
583 return hci_setup_sync_conn(conn, handle);
586 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
589 struct hci_dev *hdev = conn->hdev;
590 struct hci_conn_params *params;
591 struct hci_cp_le_conn_update cp;
595 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
597 params->conn_min_interval = min;
598 params->conn_max_interval = max;
599 params->conn_latency = latency;
600 params->supervision_timeout = to_multiplier;
603 hci_dev_unlock(hdev);
605 memset(&cp, 0, sizeof(cp));
606 cp.handle = cpu_to_le16(conn->handle);
607 cp.conn_interval_min = cpu_to_le16(min);
608 cp.conn_interval_max = cpu_to_le16(max);
609 cp.conn_latency = cpu_to_le16(latency);
610 cp.supervision_timeout = cpu_to_le16(to_multiplier);
611 cp.min_ce_len = cpu_to_le16(0x0000);
612 cp.max_ce_len = cpu_to_le16(0x0000);
614 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
622 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
623 __u8 ltk[16], __u8 key_size)
625 struct hci_dev *hdev = conn->hdev;
626 struct hci_cp_le_start_enc cp;
628 BT_DBG("hcon %p", conn);
630 memset(&cp, 0, sizeof(cp));
632 cp.handle = cpu_to_le16(conn->handle);
635 memcpy(cp.ltk, ltk, key_size);
637 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
640 /* Device _must_ be locked */
641 void hci_sco_setup(struct hci_conn *conn, __u8 status)
643 struct hci_link *link;
645 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
646 if (!link || !link->conn)
649 BT_DBG("hcon %p", conn);
652 if (lmp_esco_capable(conn->hdev))
653 hci_setup_sync(link->conn, conn->handle);
655 hci_add_sco(link->conn, conn->handle);
657 hci_connect_cfm(link->conn, status);
658 hci_conn_del(link->conn);
662 static void hci_conn_timeout(struct work_struct *work)
664 struct hci_conn *conn = container_of(work, struct hci_conn,
666 int refcnt = atomic_read(&conn->refcnt);
668 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
672 /* FIXME: It was observed that in pairing failed scenario, refcnt
673 * drops below 0. Probably this is because l2cap_conn_del calls
674 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
675 * dropped. After that loop hci_chan_del is called which also drops
676 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
682 /* LE connections in scanning state need special handling */
683 if (conn->state == BT_CONNECT && conn->type == LE_LINK &&
684 test_bit(HCI_CONN_SCANNING, &conn->flags)) {
685 hci_connect_le_scan_remove(conn);
689 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
692 /* Enter sniff mode */
693 static void hci_conn_idle(struct work_struct *work)
695 struct hci_conn *conn = container_of(work, struct hci_conn,
697 struct hci_dev *hdev = conn->hdev;
699 BT_DBG("hcon %p mode %d", conn, conn->mode);
701 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
704 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
707 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
708 struct hci_cp_sniff_subrate cp;
709 cp.handle = cpu_to_le16(conn->handle);
710 cp.max_latency = cpu_to_le16(0);
711 cp.min_remote_timeout = cpu_to_le16(0);
712 cp.min_local_timeout = cpu_to_le16(0);
713 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
716 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
717 struct hci_cp_sniff_mode cp;
718 cp.handle = cpu_to_le16(conn->handle);
719 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
720 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
721 cp.attempt = cpu_to_le16(4);
722 cp.timeout = cpu_to_le16(1);
723 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
727 static void hci_conn_auto_accept(struct work_struct *work)
729 struct hci_conn *conn = container_of(work, struct hci_conn,
730 auto_accept_work.work);
732 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
736 static void le_disable_advertising(struct hci_dev *hdev)
738 if (ext_adv_capable(hdev)) {
739 struct hci_cp_le_set_ext_adv_enable cp;
742 cp.num_of_sets = 0x00;
744 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
748 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
753 static void le_conn_timeout(struct work_struct *work)
755 struct hci_conn *conn = container_of(work, struct hci_conn,
756 le_conn_timeout.work);
757 struct hci_dev *hdev = conn->hdev;
761 /* We could end up here due to having done directed advertising,
762 * so clean up the state if necessary. This should however only
763 * happen with broken hardware or if low duty cycle was used
764 * (which doesn't have a timeout of its own).
766 if (conn->role == HCI_ROLE_SLAVE) {
767 /* Disable LE Advertising */
768 le_disable_advertising(hdev);
770 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
771 hci_dev_unlock(hdev);
775 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
778 struct iso_cig_params {
779 struct hci_cp_le_set_cig_params cp;
780 struct hci_cis_params cis[0x1f];
783 struct iso_list_data {
794 struct iso_cig_params pdu;
797 static void bis_list(struct hci_conn *conn, void *data)
799 struct iso_list_data *d = data;
801 /* Skip if not broadcast/ANY address */
802 if (bacmp(&conn->dst, BDADDR_ANY))
805 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
806 d->bis != conn->iso_qos.bcast.bis)
812 static void find_bis(struct hci_conn *conn, void *data)
814 struct iso_list_data *d = data;
817 if (bacmp(&conn->dst, BDADDR_ANY))
823 static int terminate_big_sync(struct hci_dev *hdev, void *data)
825 struct iso_list_data *d = data;
827 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
829 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
831 /* Check if ISO connection is a BIS and terminate BIG if there are
832 * no other connections using it.
834 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
838 return hci_le_terminate_big_sync(hdev, d->big,
839 HCI_ERROR_LOCAL_HOST_TERM);
842 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
847 static int hci_le_terminate_big(struct hci_dev *hdev, u8 big, u8 bis)
849 struct iso_list_data *d;
852 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis);
854 d = kzalloc(sizeof(*d), GFP_KERNEL);
861 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
862 terminate_big_destroy);
869 static int big_terminate_sync(struct hci_dev *hdev, void *data)
871 struct iso_list_data *d = data;
873 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
876 /* Check if ISO connection is a BIS and terminate BIG if there are
877 * no other connections using it.
879 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
883 hci_le_big_terminate_sync(hdev, d->big);
885 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
888 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, u16 sync_handle)
890 struct iso_list_data *d;
893 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle);
895 d = kzalloc(sizeof(*d), GFP_KERNEL);
900 d->sync_handle = sync_handle;
902 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
903 terminate_big_destroy);
910 /* Cleanup BIS connection
912 * Detects if there any BIS left connected in a BIG
913 * broadcaster: Remove advertising instance and terminate BIG.
914 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
916 static void bis_cleanup(struct hci_conn *conn)
918 struct hci_dev *hdev = conn->hdev;
920 bt_dev_dbg(hdev, "conn %p", conn);
922 if (conn->role == HCI_ROLE_MASTER) {
923 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
926 hci_le_terminate_big(hdev, conn->iso_qos.bcast.big,
927 conn->iso_qos.bcast.bis);
929 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
934 static int remove_cig_sync(struct hci_dev *hdev, void *data)
936 u8 handle = PTR_ERR(data);
938 return hci_le_remove_cig_sync(hdev, handle);
941 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
943 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
945 return hci_cmd_sync_queue(hdev, remove_cig_sync, ERR_PTR(handle), NULL);
948 static void find_cis(struct hci_conn *conn, void *data)
950 struct iso_list_data *d = data;
952 /* Ignore broadcast or if CIG don't match */
953 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
959 /* Cleanup CIS connection:
961 * Detects if there any CIS left connected in a CIG and remove it.
963 static void cis_cleanup(struct hci_conn *conn)
965 struct hci_dev *hdev = conn->hdev;
966 struct iso_list_data d;
968 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
971 memset(&d, 0, sizeof(d));
972 d.cig = conn->iso_qos.ucast.cig;
974 /* Check if ISO connection is a CIS and remove CIG if there are
975 * no other connections using it.
977 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
978 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
979 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
983 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
986 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
989 struct hci_conn *conn;
991 BT_DBG("%s dst %pMR", hdev->name, dst);
993 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
997 bacpy(&conn->dst, dst);
998 bacpy(&conn->src, &hdev->bdaddr);
999 conn->handle = HCI_CONN_HANDLE_UNSET;
1003 conn->mode = HCI_CM_ACTIVE;
1004 conn->state = BT_OPEN;
1005 conn->auth_type = HCI_AT_GENERAL_BONDING;
1006 conn->io_capability = hdev->io_capability;
1007 conn->remote_auth = 0xff;
1008 conn->key_type = 0xff;
1009 conn->rssi = HCI_RSSI_INVALID;
1010 conn->tx_power = HCI_TX_POWER_INVALID;
1011 conn->max_tx_power = HCI_TX_POWER_INVALID;
1013 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
1014 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1016 /* Set Default Authenticated payload timeout to 30s */
1017 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
1019 if (conn->role == HCI_ROLE_MASTER)
1024 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
1027 /* conn->src should reflect the local identity address */
1028 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1031 /* conn->src should reflect the local identity address */
1032 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1034 /* set proper cleanup function */
1035 if (!bacmp(dst, BDADDR_ANY))
1036 conn->cleanup = bis_cleanup;
1037 else if (conn->role == HCI_ROLE_MASTER)
1038 conn->cleanup = cis_cleanup;
1042 if (lmp_esco_capable(hdev))
1043 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1044 (hdev->esco_type & EDR_ESCO_MASK);
1046 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1049 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
1053 skb_queue_head_init(&conn->data_q);
1055 INIT_LIST_HEAD(&conn->chan_list);
1056 INIT_LIST_HEAD(&conn->link_list);
1058 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
1059 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
1060 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1061 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1062 INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup);
1064 atomic_set(&conn->refcnt, 0);
1068 hci_conn_hash_add(hdev, conn);
1070 /* The SCO and eSCO connections will only be notified when their
1071 * setup has been completed. This is different to ACL links which
1072 * can be notified right away.
1074 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1076 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1079 hci_conn_init_sysfs(conn);
1084 static void hci_conn_unlink(struct hci_conn *conn)
1086 struct hci_dev *hdev = conn->hdev;
1088 bt_dev_dbg(hdev, "hcon %p", conn);
1090 if (!conn->parent) {
1091 struct hci_link *link, *t;
1093 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1094 struct hci_conn *child = link->conn;
1096 hci_conn_unlink(child);
1098 /* If hdev is down it means
1099 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1100 * and links don't need to be cleanup as all connections
1103 if (!test_bit(HCI_UP, &hdev->flags))
1106 /* Due to race, SCO connection might be not established
1107 * yet at this point. Delete it now, otherwise it is
1108 * possible for it to be stuck and can't be deleted.
1110 if ((child->type == SCO_LINK ||
1111 child->type == ESCO_LINK) &&
1112 child->handle == HCI_CONN_HANDLE_UNSET)
1113 hci_conn_del(child);
1122 list_del_rcu(&conn->link->list);
1125 hci_conn_drop(conn->parent);
1126 hci_conn_put(conn->parent);
1127 conn->parent = NULL;
1133 void hci_conn_del(struct hci_conn *conn)
1135 struct hci_dev *hdev = conn->hdev;
1137 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1139 hci_conn_unlink(conn);
1141 cancel_delayed_work_sync(&conn->disc_work);
1142 cancel_delayed_work_sync(&conn->auto_accept_work);
1143 cancel_delayed_work_sync(&conn->idle_work);
1145 if (conn->type == ACL_LINK) {
1146 /* Unacked frames */
1147 hdev->acl_cnt += conn->sent;
1148 } else if (conn->type == LE_LINK) {
1149 cancel_delayed_work(&conn->le_conn_timeout);
1152 hdev->le_cnt += conn->sent;
1154 hdev->acl_cnt += conn->sent;
1156 /* Unacked ISO frames */
1157 if (conn->type == ISO_LINK) {
1159 hdev->iso_cnt += conn->sent;
1160 else if (hdev->le_pkts)
1161 hdev->le_cnt += conn->sent;
1163 hdev->acl_cnt += conn->sent;
1168 amp_mgr_put(conn->amp_mgr);
1170 skb_queue_purge(&conn->data_q);
1172 /* Remove the connection from the list and cleanup its remaining
1173 * state. This is a separate function since for some cases like
1174 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1175 * rest of hci_conn_del.
1177 hci_conn_cleanup(conn);
1180 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1182 int use_src = bacmp(src, BDADDR_ANY);
1183 struct hci_dev *hdev = NULL, *d;
1185 BT_DBG("%pMR -> %pMR", src, dst);
1187 read_lock(&hci_dev_list_lock);
1189 list_for_each_entry(d, &hci_dev_list, list) {
1190 if (!test_bit(HCI_UP, &d->flags) ||
1191 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
1192 d->dev_type != HCI_PRIMARY)
1196 * No source address - find interface with bdaddr != dst
1197 * Source address - find interface with bdaddr == src
1204 if (src_type == BDADDR_BREDR) {
1205 if (!lmp_bredr_capable(d))
1207 bacpy(&id_addr, &d->bdaddr);
1208 id_addr_type = BDADDR_BREDR;
1210 if (!lmp_le_capable(d))
1213 hci_copy_identity_address(d, &id_addr,
1216 /* Convert from HCI to three-value type */
1217 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1218 id_addr_type = BDADDR_LE_PUBLIC;
1220 id_addr_type = BDADDR_LE_RANDOM;
1223 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1227 if (bacmp(&d->bdaddr, dst)) {
1234 hdev = hci_dev_hold(hdev);
1236 read_unlock(&hci_dev_list_lock);
1239 EXPORT_SYMBOL(hci_get_route);
1241 /* This function requires the caller holds hdev->lock */
1242 static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
1244 struct hci_dev *hdev = conn->hdev;
1246 hci_connect_le_scan_cleanup(conn, status);
1248 /* Enable advertising in case this was a failed connection
1249 * attempt as a peripheral.
1251 hci_enable_advertising(hdev);
1254 /* This function requires the caller holds hdev->lock */
1255 void hci_conn_failed(struct hci_conn *conn, u8 status)
1257 struct hci_dev *hdev = conn->hdev;
1259 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1261 switch (conn->type) {
1263 hci_le_conn_failed(conn, status);
1266 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1267 conn->dst_type, status);
1271 conn->state = BT_CLOSED;
1272 hci_connect_cfm(conn, status);
1276 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1278 struct hci_conn *conn = data;
1280 bt_dev_dbg(hdev, "err %d", err);
1285 hci_connect_le_scan_cleanup(conn, 0x00);
1289 /* Check if connection is still pending */
1290 if (conn != hci_lookup_le_connect(hdev))
1293 /* Flush to make sure we send create conn cancel command if needed */
1294 flush_delayed_work(&conn->le_conn_timeout);
1295 hci_conn_failed(conn, bt_status(err));
1298 hci_dev_unlock(hdev);
1301 static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
1303 struct hci_conn *conn = data;
1305 bt_dev_dbg(hdev, "conn %p", conn);
1307 return hci_le_create_conn_sync(hdev, conn);
1310 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
1311 u8 dst_type, bool dst_resolved, u8 sec_level,
1312 u16 conn_timeout, u8 role)
1314 struct hci_conn *conn;
1315 struct smp_irk *irk;
1318 /* Let's make sure that le is enabled.*/
1319 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1320 if (lmp_le_capable(hdev))
1321 return ERR_PTR(-ECONNREFUSED);
1323 return ERR_PTR(-EOPNOTSUPP);
1326 /* Since the controller supports only one LE connection attempt at a
1327 * time, we return -EBUSY if there is any connection attempt running.
1329 if (hci_lookup_le_connect(hdev))
1330 return ERR_PTR(-EBUSY);
1332 /* If there's already a connection object but it's not in
1333 * scanning state it means it must already be established, in
1334 * which case we can't do anything else except report a failure
1337 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1338 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1339 return ERR_PTR(-EBUSY);
1342 /* Check if the destination address has been resolved by the controller
1343 * since if it did then the identity address shall be used.
1345 if (!dst_resolved) {
1346 /* When given an identity address with existing identity
1347 * resolving key, the connection needs to be established
1348 * to a resolvable random address.
1350 * Storing the resolvable random address is required here
1351 * to handle connection failures. The address will later
1352 * be resolved back into the original identity address
1353 * from the connect request.
1355 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1356 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1358 dst_type = ADDR_LE_DEV_RANDOM;
1363 bacpy(&conn->dst, dst);
1365 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1367 return ERR_PTR(-ENOMEM);
1368 hci_conn_hold(conn);
1369 conn->pending_sec_level = sec_level;
1372 conn->dst_type = dst_type;
1373 conn->sec_level = BT_SECURITY_LOW;
1374 conn->conn_timeout = conn_timeout;
1376 conn->state = BT_CONNECT;
1377 clear_bit(HCI_CONN_SCANNING, &conn->flags);
1379 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, conn,
1380 create_le_conn_complete);
1383 return ERR_PTR(err);
1389 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1391 struct hci_conn *conn;
1393 conn = hci_conn_hash_lookup_le(hdev, addr, type);
1397 if (conn->state != BT_CONNECTED)
1403 /* This function requires the caller holds hdev->lock */
1404 static int hci_explicit_conn_params_set(struct hci_dev *hdev,
1405 bdaddr_t *addr, u8 addr_type)
1407 struct hci_conn_params *params;
1409 if (is_connected(hdev, addr, addr_type))
1412 params = hci_conn_params_lookup(hdev, addr, addr_type);
1414 params = hci_conn_params_add(hdev, addr, addr_type);
1418 /* If we created new params, mark them to be deleted in
1419 * hci_connect_le_scan_cleanup. It's different case than
1420 * existing disabled params, those will stay after cleanup.
1422 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1425 /* We're trying to connect, so make sure params are at pend_le_conns */
1426 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
1427 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1428 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
1429 list_del_init(¶ms->action);
1430 list_add(¶ms->action, &hdev->pend_le_conns);
1433 params->explicit_connect = true;
1435 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1436 params->auto_connect);
1441 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1443 struct iso_list_data data;
1445 /* Allocate a BIG if not set */
1446 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
1447 for (data.big = 0x00; data.big < 0xef; data.big++) {
1451 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1457 if (data.big == 0xef)
1458 return -EADDRNOTAVAIL;
1461 qos->bcast.big = data.big;
1467 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1469 struct iso_list_data data;
1471 /* Allocate BIS if not set */
1472 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
1473 /* Find an unused adv set to advertise BIS, skip instance 0x00
1474 * since it is reserved as general purpose set.
1476 for (data.bis = 0x01; data.bis < hdev->le_num_of_adv_sets;
1480 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1486 if (data.bis == hdev->le_num_of_adv_sets)
1487 return -EADDRNOTAVAIL;
1490 qos->bcast.bis = data.bis;
1496 /* This function requires the caller holds hdev->lock */
1497 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
1498 struct bt_iso_qos *qos)
1500 struct hci_conn *conn;
1501 struct iso_list_data data;
1504 /* Let's make sure that le is enabled.*/
1505 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1506 if (lmp_le_capable(hdev))
1507 return ERR_PTR(-ECONNREFUSED);
1508 return ERR_PTR(-EOPNOTSUPP);
1511 err = qos_set_big(hdev, qos);
1513 return ERR_PTR(err);
1515 err = qos_set_bis(hdev, qos);
1517 return ERR_PTR(err);
1519 data.big = qos->bcast.big;
1520 data.bis = qos->bcast.bis;
1523 /* Check if there is already a matching BIG/BIS */
1524 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, BT_BOUND, &data);
1526 return ERR_PTR(-EADDRINUSE);
1528 conn = hci_conn_hash_lookup_bis(hdev, dst, qos->bcast.big, qos->bcast.bis);
1530 return ERR_PTR(-EADDRINUSE);
1532 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1534 return ERR_PTR(-ENOMEM);
1536 set_bit(HCI_CONN_PER_ADV, &conn->flags);
1537 conn->state = BT_CONNECT;
1539 hci_conn_hold(conn);
1543 /* This function requires the caller holds hdev->lock */
1544 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1545 u8 dst_type, u8 sec_level,
1547 enum conn_reasons conn_reason)
1549 struct hci_conn *conn;
1551 /* Let's make sure that le is enabled.*/
1552 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1553 if (lmp_le_capable(hdev))
1554 return ERR_PTR(-ECONNREFUSED);
1556 return ERR_PTR(-EOPNOTSUPP);
1559 /* Some devices send ATT messages as soon as the physical link is
1560 * established. To be able to handle these ATT messages, the user-
1561 * space first establishes the connection and then starts the pairing
1564 * So if a hci_conn object already exists for the following connection
1565 * attempt, we simply update pending_sec_level and auth_type fields
1566 * and return the object found.
1568 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1570 if (conn->pending_sec_level < sec_level)
1571 conn->pending_sec_level = sec_level;
1575 BT_DBG("requesting refresh of dst_addr");
1577 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
1579 return ERR_PTR(-ENOMEM);
1581 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1583 return ERR_PTR(-EBUSY);
1586 conn->state = BT_CONNECT;
1587 set_bit(HCI_CONN_SCANNING, &conn->flags);
1588 conn->dst_type = dst_type;
1589 conn->sec_level = BT_SECURITY_LOW;
1590 conn->pending_sec_level = sec_level;
1591 conn->conn_timeout = conn_timeout;
1592 conn->conn_reason = conn_reason;
1594 hci_update_passive_scan(hdev);
1597 hci_conn_hold(conn);
1601 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1602 u8 sec_level, u8 auth_type,
1603 enum conn_reasons conn_reason)
1605 struct hci_conn *acl;
1607 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1608 if (lmp_bredr_capable(hdev))
1609 return ERR_PTR(-ECONNREFUSED);
1611 return ERR_PTR(-EOPNOTSUPP);
1614 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1616 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
1618 return ERR_PTR(-ENOMEM);
1623 acl->conn_reason = conn_reason;
1624 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
1625 acl->sec_level = BT_SECURITY_LOW;
1626 acl->pending_sec_level = sec_level;
1627 acl->auth_type = auth_type;
1628 hci_acl_create_connection(acl);
1634 static struct hci_link *hci_conn_link(struct hci_conn *parent,
1635 struct hci_conn *conn)
1637 struct hci_dev *hdev = parent->hdev;
1638 struct hci_link *link;
1640 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1648 link = kzalloc(sizeof(*link), GFP_KERNEL);
1652 link->conn = hci_conn_hold(conn);
1654 conn->parent = hci_conn_get(parent);
1656 /* Use list_add_tail_rcu append to the list */
1657 list_add_tail_rcu(&link->list, &parent->link_list);
1662 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1663 __u16 setting, struct bt_codec *codec)
1665 struct hci_conn *acl;
1666 struct hci_conn *sco;
1667 struct hci_link *link;
1669 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1670 CONN_REASON_SCO_CONNECT);
1674 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1676 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
1679 return ERR_PTR(-ENOMEM);
1683 link = hci_conn_link(acl, sco);
1690 sco->setting = setting;
1691 sco->codec = *codec;
1693 if (acl->state == BT_CONNECTED &&
1694 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
1695 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
1696 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
1698 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
1699 /* defer SCO setup until mode change completed */
1700 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
1704 hci_sco_setup(acl, 0x00);
1710 static void cis_add(struct iso_list_data *d, struct bt_iso_qos *qos)
1712 struct hci_cis_params *cis = &d->pdu.cis[d->pdu.cp.num_cis];
1714 cis->cis_id = qos->ucast.cis;
1715 cis->c_sdu = cpu_to_le16(qos->ucast.out.sdu);
1716 cis->p_sdu = cpu_to_le16(qos->ucast.in.sdu);
1717 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy : qos->ucast.in.phy;
1718 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy : qos->ucast.out.phy;
1719 cis->c_rtn = qos->ucast.out.rtn;
1720 cis->p_rtn = qos->ucast.in.rtn;
1722 d->pdu.cp.num_cis++;
1725 static void cis_list(struct hci_conn *conn, void *data)
1727 struct iso_list_data *d = data;
1729 /* Skip if broadcast/ANY address */
1730 if (!bacmp(&conn->dst, BDADDR_ANY))
1733 if (d->cig != conn->iso_qos.ucast.cig || d->cis == BT_ISO_QOS_CIS_UNSET ||
1734 d->cis != conn->iso_qos.ucast.cis)
1739 if (d->pdu.cp.cig_id == BT_ISO_QOS_CIG_UNSET ||
1740 d->count >= ARRAY_SIZE(d->pdu.cis))
1743 cis_add(d, &conn->iso_qos);
1746 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1748 struct hci_dev *hdev = conn->hdev;
1749 struct hci_cp_le_create_big cp;
1751 memset(&cp, 0, sizeof(cp));
1753 cp.handle = qos->bcast.big;
1754 cp.adv_handle = qos->bcast.bis;
1756 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1757 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1758 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1759 cp.bis.rtn = qos->bcast.out.rtn;
1760 cp.bis.phy = qos->bcast.out.phy;
1761 cp.bis.packing = qos->bcast.packing;
1762 cp.bis.framing = qos->bcast.framing;
1763 cp.bis.encryption = qos->bcast.encryption;
1764 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
1766 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1769 static void set_cig_params_complete(struct hci_dev *hdev, void *data, int err)
1771 struct iso_cig_params *pdu = data;
1773 bt_dev_dbg(hdev, "");
1776 bt_dev_err(hdev, "Unable to set CIG parameters: %d", err);
1781 static int set_cig_params_sync(struct hci_dev *hdev, void *data)
1783 struct iso_cig_params *pdu = data;
1786 plen = sizeof(pdu->cp) + pdu->cp.num_cis * sizeof(pdu->cis[0]);
1787 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, plen, pdu,
1791 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1793 struct hci_dev *hdev = conn->hdev;
1794 struct iso_list_data data;
1795 struct iso_cig_params *pdu;
1797 memset(&data, 0, sizeof(data));
1799 /* Allocate first still reconfigurable CIG if not set */
1800 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
1801 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
1804 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1809 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1810 BT_CONNECTED, &data);
1815 if (data.cig == 0xf0)
1819 qos->ucast.cig = data.cig;
1822 data.pdu.cp.cig_id = qos->ucast.cig;
1823 hci_cpu_to_le24(qos->ucast.out.interval, data.pdu.cp.c_interval);
1824 hci_cpu_to_le24(qos->ucast.in.interval, data.pdu.cp.p_interval);
1825 data.pdu.cp.sca = qos->ucast.sca;
1826 data.pdu.cp.packing = qos->ucast.packing;
1827 data.pdu.cp.framing = qos->ucast.framing;
1828 data.pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1829 data.pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
1831 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
1833 data.cig = qos->ucast.cig;
1834 data.cis = qos->ucast.cis;
1836 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1841 cis_add(&data, qos);
1844 /* Reprogram all CIS(s) with the same CIG */
1845 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0x11;
1849 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1854 /* Allocate a CIS if not set */
1855 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) {
1857 qos->ucast.cis = data.cis;
1858 cis_add(&data, qos);
1862 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET || !data.pdu.cp.num_cis)
1865 pdu = kmemdup(&data.pdu, sizeof(*pdu), GFP_KERNEL);
1869 if (hci_cmd_sync_queue(hdev, set_cig_params_sync, pdu,
1870 set_cig_params_complete) < 0) {
1878 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1879 __u8 dst_type, struct bt_iso_qos *qos)
1881 struct hci_conn *cis;
1883 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1886 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1888 return ERR_PTR(-ENOMEM);
1889 cis->cleanup = cis_cleanup;
1890 cis->dst_type = dst_type;
1893 if (cis->state == BT_CONNECTED)
1896 /* Check if CIS has been set and the settings matches */
1897 if (cis->state == BT_BOUND &&
1898 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1901 /* Update LINK PHYs according to QoS preference */
1902 cis->le_tx_phy = qos->ucast.out.phy;
1903 cis->le_rx_phy = qos->ucast.in.phy;
1905 /* If output interval is not set use the input interval as it cannot be
1908 if (!qos->ucast.out.interval)
1909 qos->ucast.out.interval = qos->ucast.in.interval;
1911 /* If input interval is not set use the output interval as it cannot be
1914 if (!qos->ucast.in.interval)
1915 qos->ucast.in.interval = qos->ucast.out.interval;
1917 /* If output latency is not set use the input latency as it cannot be
1920 if (!qos->ucast.out.latency)
1921 qos->ucast.out.latency = qos->ucast.in.latency;
1923 /* If input latency is not set use the output latency as it cannot be
1926 if (!qos->ucast.in.latency)
1927 qos->ucast.in.latency = qos->ucast.out.latency;
1929 if (!hci_le_set_cig_params(cis, qos)) {
1931 return ERR_PTR(-EINVAL);
1934 cis->iso_qos = *qos;
1935 cis->state = BT_BOUND;
1940 bool hci_iso_setup_path(struct hci_conn *conn)
1942 struct hci_dev *hdev = conn->hdev;
1943 struct hci_cp_le_setup_iso_path cmd;
1945 memset(&cmd, 0, sizeof(cmd));
1947 if (conn->iso_qos.ucast.out.sdu) {
1948 cmd.handle = cpu_to_le16(conn->handle);
1949 cmd.direction = 0x00; /* Input (Host to Controller) */
1950 cmd.path = 0x00; /* HCI path if enabled */
1951 cmd.codec = 0x03; /* Transparent Data */
1953 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1958 if (conn->iso_qos.ucast.in.sdu) {
1959 cmd.handle = cpu_to_le16(conn->handle);
1960 cmd.direction = 0x01; /* Output (Controller to Host) */
1961 cmd.path = 0x00; /* HCI path if enabled */
1962 cmd.codec = 0x03; /* Transparent Data */
1964 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1972 static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1974 return hci_le_create_cis_sync(hdev, data);
1977 int hci_le_create_cis(struct hci_conn *conn)
1979 struct hci_conn *cis;
1980 struct hci_link *link, *t;
1981 struct hci_dev *hdev = conn->hdev;
1984 bt_dev_dbg(hdev, "hcon %p", conn);
1986 switch (conn->type) {
1988 if (conn->state != BT_CONNECTED || list_empty(&conn->link_list))
1993 /* hci_conn_link uses list_add_tail_rcu so the list is in
1994 * the same order as the connections are requested.
1996 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1997 if (link->conn->state == BT_BOUND) {
1998 err = hci_le_create_cis(link->conn);
2006 return cis ? 0 : -EINVAL;
2014 if (cis->state == BT_CONNECT)
2017 /* Queue Create CIS */
2018 err = hci_cmd_sync_queue(hdev, hci_create_cis_sync, cis, NULL);
2022 cis->state = BT_CONNECT;
2027 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
2028 struct bt_iso_io_qos *qos, __u8 phy)
2030 /* Only set MTU if PHY is enabled */
2031 if (!qos->sdu && qos->phy) {
2032 if (hdev->iso_mtu > 0)
2033 qos->sdu = hdev->iso_mtu;
2034 else if (hdev->le_mtu > 0)
2035 qos->sdu = hdev->le_mtu;
2037 qos->sdu = hdev->acl_mtu;
2040 /* Use the same PHY as ACL if set to any */
2041 if (qos->phy == BT_ISO_PHY_ANY)
2044 /* Use LE ACL connection interval if not set */
2046 /* ACL interval unit in 1.25 ms to us */
2047 qos->interval = conn->le_conn_interval * 1250;
2049 /* Use LE ACL connection latency if not set */
2051 qos->latency = conn->le_conn_latency;
2054 static void hci_bind_bis(struct hci_conn *conn,
2055 struct bt_iso_qos *qos)
2057 /* Update LINK PHYs according to QoS preference */
2058 conn->le_tx_phy = qos->bcast.out.phy;
2059 conn->le_tx_phy = qos->bcast.out.phy;
2060 conn->iso_qos = *qos;
2061 conn->state = BT_BOUND;
2064 static int create_big_sync(struct hci_dev *hdev, void *data)
2066 struct hci_conn *conn = data;
2067 struct bt_iso_qos *qos = &conn->iso_qos;
2068 u16 interval, sync_interval = 0;
2072 if (qos->bcast.out.phy == 0x02)
2073 flags |= MGMT_ADV_FLAG_SEC_2M;
2075 /* Align intervals */
2076 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
2079 sync_interval = interval * 4;
2081 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
2082 conn->le_per_adv_data, flags, interval,
2083 interval, sync_interval);
2087 return hci_le_create_big(conn, &conn->iso_qos);
2090 static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2092 struct hci_cp_le_pa_create_sync *cp = data;
2094 bt_dev_dbg(hdev, "");
2097 bt_dev_err(hdev, "Unable to create PA: %d", err);
2102 static int create_pa_sync(struct hci_dev *hdev, void *data)
2104 struct hci_cp_le_pa_create_sync *cp = data;
2107 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2108 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2110 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2114 return hci_update_passive_scan_sync(hdev);
2117 int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
2118 __u8 sid, struct bt_iso_qos *qos)
2120 struct hci_cp_le_pa_create_sync *cp;
2122 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2125 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
2127 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2131 cp->options = qos->bcast.options;
2133 cp->addr_type = dst_type;
2134 bacpy(&cp->addr, dst);
2135 cp->skip = cpu_to_le16(qos->bcast.skip);
2136 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2137 cp->sync_cte_type = qos->bcast.sync_cte_type;
2139 /* Queue start pa_create_sync and scan */
2140 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2143 int hci_le_big_create_sync(struct hci_dev *hdev, struct bt_iso_qos *qos,
2144 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2147 struct hci_cp_le_big_create_sync cp;
2152 if (num_bis > sizeof(pdu.bis))
2155 err = qos_set_big(hdev, qos);
2159 memset(&pdu, 0, sizeof(pdu));
2160 pdu.cp.handle = qos->bcast.big;
2161 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
2162 pdu.cp.encryption = qos->bcast.encryption;
2163 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2164 pdu.cp.mse = qos->bcast.mse;
2165 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
2166 pdu.cp.num_bis = num_bis;
2167 memcpy(pdu.bis, bis, num_bis);
2169 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2170 sizeof(pdu.cp) + num_bis, &pdu);
2173 static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2175 struct hci_conn *conn = data;
2177 bt_dev_dbg(hdev, "conn %p", conn);
2180 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2181 hci_connect_cfm(conn, err);
2186 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2187 __u8 dst_type, struct bt_iso_qos *qos,
2188 __u8 base_len, __u8 *base)
2190 struct hci_conn *conn;
2193 /* We need hci_conn object using the BDADDR_ANY as dst */
2194 conn = hci_add_bis(hdev, dst, qos);
2198 hci_bind_bis(conn, qos);
2200 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2201 if (base_len && base) {
2202 base_len = eir_append_service_data(conn->le_per_adv_data, 0,
2203 0x1851, base, base_len);
2204 conn->le_per_adv_data_len = base_len;
2207 /* Queue start periodic advertising and create BIG */
2208 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2209 create_big_complete);
2211 hci_conn_drop(conn);
2212 return ERR_PTR(err);
2215 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2216 conn->le_tx_phy ? conn->le_tx_phy :
2217 hdev->le_tx_def_phys);
2222 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2223 __u8 dst_type, struct bt_iso_qos *qos)
2225 struct hci_conn *le;
2226 struct hci_conn *cis;
2227 struct hci_link *link;
2229 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2230 le = hci_connect_le(hdev, dst, dst_type, false,
2232 HCI_LE_CONN_TIMEOUT,
2235 le = hci_connect_le_scan(hdev, dst, dst_type,
2237 HCI_LE_CONN_TIMEOUT,
2238 CONN_REASON_ISO_CONNECT);
2242 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
2243 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
2244 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
2245 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2247 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2253 link = hci_conn_link(le, cis);
2260 /* If LE is already connected and CIS handle is already set proceed to
2261 * Create CIS immediately.
2263 if (le->state == BT_CONNECTED && cis->handle != HCI_CONN_HANDLE_UNSET)
2264 hci_le_create_cis(cis);
2269 /* Check link security requirement */
2270 int hci_conn_check_link_mode(struct hci_conn *conn)
2272 BT_DBG("hcon %p", conn);
2274 /* In Secure Connections Only mode, it is required that Secure
2275 * Connections is used and the link is encrypted with AES-CCM
2276 * using a P-256 authenticated combination key.
2278 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
2279 if (!hci_conn_sc_enabled(conn) ||
2280 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2281 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2285 /* AES encryption is required for Level 4:
2287 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2290 * 128-bit equivalent strength for link and encryption keys
2291 * required using FIPS approved algorithms (E0 not allowed,
2292 * SAFER+ not allowed, and P-192 not allowed; encryption key
2295 if (conn->sec_level == BT_SECURITY_FIPS &&
2296 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2297 bt_dev_err(conn->hdev,
2298 "Invalid security: Missing AES-CCM usage");
2302 if (hci_conn_ssp_enabled(conn) &&
2303 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2309 /* Authenticate remote device */
2310 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
2312 BT_DBG("hcon %p", conn);
2314 if (conn->pending_sec_level > sec_level)
2315 sec_level = conn->pending_sec_level;
2317 if (sec_level > conn->sec_level)
2318 conn->pending_sec_level = sec_level;
2319 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
2322 /* Make sure we preserve an existing MITM requirement*/
2323 auth_type |= (conn->auth_type & 0x01);
2325 conn->auth_type = auth_type;
2327 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2328 struct hci_cp_auth_requested cp;
2330 cp.handle = cpu_to_le16(conn->handle);
2331 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
2334 /* If we're already encrypted set the REAUTH_PEND flag,
2335 * otherwise set the ENCRYPT_PEND.
2337 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2338 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2340 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2346 /* Encrypt the link */
2347 static void hci_conn_encrypt(struct hci_conn *conn)
2349 BT_DBG("hcon %p", conn);
2351 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2352 struct hci_cp_set_conn_encrypt cp;
2353 cp.handle = cpu_to_le16(conn->handle);
2355 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2360 /* Enable security */
2361 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2364 BT_DBG("hcon %p", conn);
2366 if (conn->type == LE_LINK)
2367 return smp_conn_security(conn, sec_level);
2369 /* For sdp we don't need the link key. */
2370 if (sec_level == BT_SECURITY_SDP)
2373 /* For non 2.1 devices and low security level we don't need the link
2375 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
2378 /* For other security levels we need the link key. */
2379 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
2382 /* An authenticated FIPS approved combination key has sufficient
2383 * security for security level 4. */
2384 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
2385 sec_level == BT_SECURITY_FIPS)
2388 /* An authenticated combination key has sufficient security for
2389 security level 3. */
2390 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
2391 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
2392 sec_level == BT_SECURITY_HIGH)
2395 /* An unauthenticated combination key has sufficient security for
2396 security level 1 and 2. */
2397 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2398 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2399 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
2402 /* A combination key has always sufficient security for the security
2403 levels 1 or 2. High security level requires the combination key
2404 is generated using maximum PIN code length (16).
2405 For pre 2.1 units. */
2406 if (conn->key_type == HCI_LK_COMBINATION &&
2407 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
2408 conn->pin_length == 16))
2412 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
2416 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2418 if (!hci_conn_auth(conn, sec_level, auth_type))
2422 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2423 /* Ensure that the encryption key size has been read,
2424 * otherwise stall the upper layer responses.
2426 if (!conn->enc_key_size)
2429 /* Nothing else needed, all requirements are met */
2433 hci_conn_encrypt(conn);
2436 EXPORT_SYMBOL(hci_conn_security);
2438 /* Check secure link requirement */
2439 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2441 BT_DBG("hcon %p", conn);
2443 /* Accept if non-secure or higher security level is required */
2444 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2447 /* Accept if secure or higher security level is already present */
2448 if (conn->sec_level == BT_SECURITY_HIGH ||
2449 conn->sec_level == BT_SECURITY_FIPS)
2452 /* Reject not secure link */
2455 EXPORT_SYMBOL(hci_conn_check_secure);
2458 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
2460 BT_DBG("hcon %p", conn);
2462 if (role == conn->role)
2465 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
2466 struct hci_cp_switch_role cp;
2467 bacpy(&cp.bdaddr, &conn->dst);
2469 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
2474 EXPORT_SYMBOL(hci_conn_switch_role);
2476 /* Enter active mode */
2477 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
2479 struct hci_dev *hdev = conn->hdev;
2481 BT_DBG("hcon %p mode %d", conn, conn->mode);
2483 if (conn->mode != HCI_CM_SNIFF)
2486 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
2489 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2490 struct hci_cp_exit_sniff_mode cp;
2491 cp.handle = cpu_to_le16(conn->handle);
2492 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
2496 if (hdev->idle_timeout > 0)
2497 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2498 msecs_to_jiffies(hdev->idle_timeout));
2501 /* Drop all connection on the device */
2502 void hci_conn_hash_flush(struct hci_dev *hdev)
2504 struct list_head *head = &hdev->conn_hash.list;
2505 struct hci_conn *conn;
2507 BT_DBG("hdev %s", hdev->name);
2509 /* We should not traverse the list here, because hci_conn_del
2510 * can remove extra links, which may cause the list traversal
2511 * to hit items that have already been released.
2513 while ((conn = list_first_entry_or_null(head,
2516 conn->state = BT_CLOSED;
2517 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
2522 /* Check pending connect attempts */
2523 void hci_conn_check_pending(struct hci_dev *hdev)
2525 struct hci_conn *conn;
2527 BT_DBG("hdev %s", hdev->name);
2531 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2533 hci_acl_create_connection(conn);
2535 hci_dev_unlock(hdev);
2538 static u32 get_link_mode(struct hci_conn *conn)
2542 if (conn->role == HCI_ROLE_MASTER)
2543 link_mode |= HCI_LM_MASTER;
2545 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2546 link_mode |= HCI_LM_ENCRYPT;
2548 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2549 link_mode |= HCI_LM_AUTH;
2551 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2552 link_mode |= HCI_LM_SECURE;
2554 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2555 link_mode |= HCI_LM_FIPS;
2560 int hci_get_conn_list(void __user *arg)
2563 struct hci_conn_list_req req, *cl;
2564 struct hci_conn_info *ci;
2565 struct hci_dev *hdev;
2566 int n = 0, size, err;
2568 if (copy_from_user(&req, arg, sizeof(req)))
2571 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2574 size = sizeof(req) + req.conn_num * sizeof(*ci);
2576 cl = kmalloc(size, GFP_KERNEL);
2580 hdev = hci_dev_get(req.dev_id);
2589 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2590 bacpy(&(ci + n)->bdaddr, &c->dst);
2591 (ci + n)->handle = c->handle;
2592 (ci + n)->type = c->type;
2593 (ci + n)->out = c->out;
2594 (ci + n)->state = c->state;
2595 (ci + n)->link_mode = get_link_mode(c);
2596 if (++n >= req.conn_num)
2599 hci_dev_unlock(hdev);
2601 cl->dev_id = hdev->id;
2603 size = sizeof(req) + n * sizeof(*ci);
2607 err = copy_to_user(arg, cl, size);
2610 return err ? -EFAULT : 0;
2613 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2615 struct hci_conn_info_req req;
2616 struct hci_conn_info ci;
2617 struct hci_conn *conn;
2618 char __user *ptr = arg + sizeof(req);
2620 if (copy_from_user(&req, arg, sizeof(req)))
2624 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2626 bacpy(&ci.bdaddr, &conn->dst);
2627 ci.handle = conn->handle;
2628 ci.type = conn->type;
2630 ci.state = conn->state;
2631 ci.link_mode = get_link_mode(conn);
2633 hci_dev_unlock(hdev);
2638 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2641 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2643 struct hci_auth_info_req req;
2644 struct hci_conn *conn;
2646 if (copy_from_user(&req, arg, sizeof(req)))
2650 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2652 req.type = conn->auth_type;
2653 hci_dev_unlock(hdev);
2658 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2661 struct hci_chan *hci_chan_create(struct hci_conn *conn)
2663 struct hci_dev *hdev = conn->hdev;
2664 struct hci_chan *chan;
2666 BT_DBG("%s hcon %p", hdev->name, conn);
2668 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2669 BT_DBG("Refusing to create new hci_chan");
2673 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
2677 chan->conn = hci_conn_get(conn);
2678 skb_queue_head_init(&chan->data_q);
2679 chan->state = BT_CONNECTED;
2681 list_add_rcu(&chan->list, &conn->chan_list);
2686 void hci_chan_del(struct hci_chan *chan)
2688 struct hci_conn *conn = chan->conn;
2689 struct hci_dev *hdev = conn->hdev;
2691 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
2693 list_del_rcu(&chan->list);
2697 /* Prevent new hci_chan's to be created for this hci_conn */
2698 set_bit(HCI_CONN_DROP, &conn->flags);
2702 skb_queue_purge(&chan->data_q);
2706 void hci_chan_list_flush(struct hci_conn *conn)
2708 struct hci_chan *chan, *n;
2710 BT_DBG("hcon %p", conn);
2712 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
2716 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2719 struct hci_chan *hchan;
2721 list_for_each_entry(hchan, &hcon->chan_list, list) {
2722 if (hchan->handle == handle)
2729 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2731 struct hci_conn_hash *h = &hdev->conn_hash;
2732 struct hci_conn *hcon;
2733 struct hci_chan *hchan = NULL;
2737 list_for_each_entry_rcu(hcon, &h->list, list) {
2738 hchan = __hci_chan_lookup_handle(hcon, handle);
2748 u32 hci_conn_get_phy(struct hci_conn *conn)
2752 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2753 * Table 6.2: Packets defined for synchronous, asynchronous, and
2754 * CPB logical transport types.
2756 switch (conn->type) {
2758 /* SCO logical transport (1 Mb/s):
2759 * HV1, HV2, HV3 and DV.
2761 phys |= BT_PHY_BR_1M_1SLOT;
2766 /* ACL logical transport (1 Mb/s) ptt=0:
2767 * DH1, DM3, DH3, DM5 and DH5.
2769 phys |= BT_PHY_BR_1M_1SLOT;
2771 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2772 phys |= BT_PHY_BR_1M_3SLOT;
2774 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2775 phys |= BT_PHY_BR_1M_5SLOT;
2777 /* ACL logical transport (2 Mb/s) ptt=1:
2778 * 2-DH1, 2-DH3 and 2-DH5.
2780 if (!(conn->pkt_type & HCI_2DH1))
2781 phys |= BT_PHY_EDR_2M_1SLOT;
2783 if (!(conn->pkt_type & HCI_2DH3))
2784 phys |= BT_PHY_EDR_2M_3SLOT;
2786 if (!(conn->pkt_type & HCI_2DH5))
2787 phys |= BT_PHY_EDR_2M_5SLOT;
2789 /* ACL logical transport (3 Mb/s) ptt=1:
2790 * 3-DH1, 3-DH3 and 3-DH5.
2792 if (!(conn->pkt_type & HCI_3DH1))
2793 phys |= BT_PHY_EDR_3M_1SLOT;
2795 if (!(conn->pkt_type & HCI_3DH3))
2796 phys |= BT_PHY_EDR_3M_3SLOT;
2798 if (!(conn->pkt_type & HCI_3DH5))
2799 phys |= BT_PHY_EDR_3M_5SLOT;
2804 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2805 phys |= BT_PHY_BR_1M_1SLOT;
2807 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2808 phys |= BT_PHY_BR_1M_3SLOT;
2810 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2811 if (!(conn->pkt_type & ESCO_2EV3))
2812 phys |= BT_PHY_EDR_2M_1SLOT;
2814 if (!(conn->pkt_type & ESCO_2EV5))
2815 phys |= BT_PHY_EDR_2M_3SLOT;
2817 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2818 if (!(conn->pkt_type & ESCO_3EV3))
2819 phys |= BT_PHY_EDR_3M_1SLOT;
2821 if (!(conn->pkt_type & ESCO_3EV5))
2822 phys |= BT_PHY_EDR_3M_3SLOT;
2827 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2828 phys |= BT_PHY_LE_1M_TX;
2830 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2831 phys |= BT_PHY_LE_1M_RX;
2833 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2834 phys |= BT_PHY_LE_2M_TX;
2836 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2837 phys |= BT_PHY_LE_2M_RX;
2839 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2840 phys |= BT_PHY_LE_CODED_TX;
2842 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2843 phys |= BT_PHY_LE_CODED_RX;
2851 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2855 if (test_and_set_bit(HCI_CONN_CANCEL, &conn->flags))
2858 switch (conn->state) {
2861 if (conn->type == AMP_LINK) {
2862 struct hci_cp_disconn_phy_link cp;
2864 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2866 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
2869 struct hci_cp_disconnect dc;
2871 dc.handle = cpu_to_le16(conn->handle);
2873 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT,
2877 conn->state = BT_DISCONN;
2881 if (conn->type == LE_LINK) {
2882 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2884 r = hci_send_cmd(conn->hdev,
2885 HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
2886 } else if (conn->type == ACL_LINK) {
2887 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
2889 r = hci_send_cmd(conn->hdev,
2890 HCI_OP_CREATE_CONN_CANCEL,
2895 if (conn->type == ACL_LINK) {
2896 struct hci_cp_reject_conn_req rej;
2898 bacpy(&rej.bdaddr, &conn->dst);
2899 rej.reason = reason;
2901 r = hci_send_cmd(conn->hdev,
2902 HCI_OP_REJECT_CONN_REQ,
2904 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2905 struct hci_cp_reject_sync_conn_req rej;
2907 bacpy(&rej.bdaddr, &conn->dst);
2909 /* SCO rejection has its own limited set of
2910 * allowed error values (0x0D-0x0F) which isn't
2911 * compatible with most values passed to this
2912 * function. To be safe hard-code one of the
2913 * values that's suitable for SCO.
2915 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2917 r = hci_send_cmd(conn->hdev,
2918 HCI_OP_REJECT_SYNC_CONN_REQ,
2923 conn->state = BT_CLOSED;
projects / platform / kernel / linux-starfive.git / blob