2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
28 #include <linux/debugfs.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/iso.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
47 struct conn_handle_t {
48 struct hci_conn *conn;
52 static const struct sco_param esco_param_cvsd[] = {
53 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
55 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
56 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
57 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
60 static const struct sco_param sco_param_cvsd[] = {
61 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
62 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
65 static const struct sco_param esco_param_msbc[] = {
66 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
67 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
70 /* This function requires the caller holds hdev->lock */
71 static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
73 struct hci_conn_params *params;
74 struct hci_dev *hdev = conn->hdev;
80 bdaddr_type = conn->dst_type;
82 /* Check if we need to convert to identity address */
83 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
85 bdaddr = &irk->bdaddr;
86 bdaddr_type = irk->addr_type;
89 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
95 hci_conn_drop(params->conn);
96 hci_conn_put(params->conn);
100 if (!params->explicit_connect)
103 /* If the status indicates successful cancellation of
104 * the attempt (i.e. Unknown Connection Id) there's no point of
105 * notifying failure since we'll go back to keep trying to
106 * connect. The only exception is explicit connect requests
107 * where a timeout + cancel does indicate an actual failure.
109 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
110 mgmt_connect_failed(hdev, &conn->dst, conn->type,
111 conn->dst_type, status);
113 /* The connection attempt was doing scan for new RPA, and is
114 * in scan phase. If params are not associated with any other
115 * autoconnect action, remove them completely. If they are, just unmark
116 * them as waiting for connection, by clearing explicit_connect field.
118 params->explicit_connect = false;
120 list_del_init(¶ms->action);
122 switch (params->auto_connect) {
123 case HCI_AUTO_CONN_EXPLICIT:
124 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
125 /* return instead of break to avoid duplicate scan update */
127 case HCI_AUTO_CONN_DIRECT:
128 case HCI_AUTO_CONN_ALWAYS:
129 list_add(¶ms->action, &hdev->pend_le_conns);
131 case HCI_AUTO_CONN_REPORT:
132 list_add(¶ms->action, &hdev->pend_le_reports);
138 hci_update_passive_scan(hdev);
141 static void hci_conn_cleanup(struct hci_conn *conn)
143 struct hci_dev *hdev = conn->hdev;
145 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
146 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
148 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
149 hci_remove_link_key(hdev, &conn->dst);
151 hci_chan_list_flush(conn);
153 hci_conn_hash_del(hdev, conn);
158 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
159 switch (conn->setting & SCO_AIRMODE_MASK) {
160 case SCO_AIRMODE_CVSD:
161 case SCO_AIRMODE_TRANSP:
163 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
168 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
171 hci_conn_del_sysfs(conn);
173 debugfs_remove_recursive(conn->debugfs);
180 static void le_scan_cleanup(struct work_struct *work)
182 struct hci_conn *conn = container_of(work, struct hci_conn,
184 struct hci_dev *hdev = conn->hdev;
185 struct hci_conn *c = NULL;
187 BT_DBG("%s hcon %p", hdev->name, conn);
191 /* Check that the hci_conn is still around */
193 list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) {
200 hci_connect_le_scan_cleanup(conn, 0x00);
201 hci_conn_cleanup(conn);
204 hci_dev_unlock(hdev);
209 static void hci_connect_le_scan_remove(struct hci_conn *conn)
211 BT_DBG("%s hcon %p", conn->hdev->name, conn);
213 /* We can't call hci_conn_del/hci_conn_cleanup here since that
214 * could deadlock with another hci_conn_del() call that's holding
215 * hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work).
216 * Instead, grab temporary extra references to the hci_dev and
217 * hci_conn and perform the necessary cleanup in a separate work
221 hci_dev_hold(conn->hdev);
224 /* Even though we hold a reference to the hdev, many other
225 * things might get cleaned up meanwhile, including the hdev's
226 * own workqueue, so we can't use that for scheduling.
228 schedule_work(&conn->le_scan_cleanup);
231 static void hci_acl_create_connection(struct hci_conn *conn)
233 struct hci_dev *hdev = conn->hdev;
234 struct inquiry_entry *ie;
235 struct hci_cp_create_conn cp;
237 BT_DBG("hcon %p", conn);
239 /* Many controllers disallow HCI Create Connection while it is doing
240 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
241 * Connection. This may cause the MGMT discovering state to become false
242 * without user space's request but it is okay since the MGMT Discovery
243 * APIs do not promise that discovery should be done forever. Instead,
244 * the user space monitors the status of MGMT discovering and it may
245 * request for discovery again when this flag becomes false.
247 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
248 /* Put this connection to "pending" state so that it will be
249 * executed after the inquiry cancel command complete event.
251 conn->state = BT_CONNECT2;
252 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
256 conn->state = BT_CONNECT;
258 conn->role = HCI_ROLE_MASTER;
262 conn->link_policy = hdev->link_policy;
264 memset(&cp, 0, sizeof(cp));
265 bacpy(&cp.bdaddr, &conn->dst);
266 cp.pscan_rep_mode = 0x02;
268 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
270 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
271 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
272 cp.pscan_mode = ie->data.pscan_mode;
273 cp.clock_offset = ie->data.clock_offset |
277 memcpy(conn->dev_class, ie->data.dev_class, 3);
280 cp.pkt_type = cpu_to_le16(conn->pkt_type);
281 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
282 cp.role_switch = 0x01;
284 cp.role_switch = 0x00;
286 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
289 int hci_disconnect(struct hci_conn *conn, __u8 reason)
291 BT_DBG("hcon %p", conn);
293 /* When we are central of an established connection and it enters
294 * the disconnect timeout, then go ahead and try to read the
295 * current clock offset. Processing of the result is done
296 * within the event handling and hci_clock_offset_evt function.
298 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
299 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
300 struct hci_dev *hdev = conn->hdev;
301 struct hci_cp_read_clock_offset clkoff_cp;
303 clkoff_cp.handle = cpu_to_le16(conn->handle);
304 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
308 return hci_abort_conn(conn, reason);
311 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
313 struct hci_dev *hdev = conn->hdev;
314 struct hci_cp_add_sco cp;
316 BT_DBG("hcon %p", conn);
318 conn->state = BT_CONNECT;
323 cp.handle = cpu_to_le16(handle);
324 cp.pkt_type = cpu_to_le16(conn->pkt_type);
326 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
329 static bool find_next_esco_param(struct hci_conn *conn,
330 const struct sco_param *esco_param, int size)
332 for (; conn->attempt <= size; conn->attempt++) {
333 if (lmp_esco_2m_capable(conn->link) ||
334 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
336 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
337 conn, conn->attempt);
340 return conn->attempt <= size;
343 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
346 __u8 vnd_len, *vnd_data = NULL;
347 struct hci_op_configure_data_path *cmd = NULL;
349 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
354 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
360 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
364 cmd->vnd_len = vnd_len;
365 memcpy(cmd->vnd_data, vnd_data, vnd_len);
367 cmd->direction = 0x00;
368 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
369 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
371 cmd->direction = 0x01;
372 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
373 sizeof(*cmd) + vnd_len, cmd,
382 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
384 struct conn_handle_t *conn_handle = data;
385 struct hci_conn *conn = conn_handle->conn;
386 __u16 handle = conn_handle->handle;
387 struct hci_cp_enhanced_setup_sync_conn cp;
388 const struct sco_param *param;
392 bt_dev_dbg(hdev, "hcon %p", conn);
394 /* for offload use case, codec needs to configured before opening SCO */
395 if (conn->codec.data_path)
396 configure_datapath_sync(hdev, &conn->codec);
398 conn->state = BT_CONNECT;
403 memset(&cp, 0x00, sizeof(cp));
405 cp.handle = cpu_to_le16(handle);
407 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
408 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
410 switch (conn->codec.id) {
412 if (!find_next_esco_param(conn, esco_param_msbc,
413 ARRAY_SIZE(esco_param_msbc)))
416 param = &esco_param_msbc[conn->attempt - 1];
417 cp.tx_coding_format.id = 0x05;
418 cp.rx_coding_format.id = 0x05;
419 cp.tx_codec_frame_size = __cpu_to_le16(60);
420 cp.rx_codec_frame_size = __cpu_to_le16(60);
421 cp.in_bandwidth = __cpu_to_le32(32000);
422 cp.out_bandwidth = __cpu_to_le32(32000);
423 cp.in_coding_format.id = 0x04;
424 cp.out_coding_format.id = 0x04;
425 cp.in_coded_data_size = __cpu_to_le16(16);
426 cp.out_coded_data_size = __cpu_to_le16(16);
427 cp.in_pcm_data_format = 2;
428 cp.out_pcm_data_format = 2;
429 cp.in_pcm_sample_payload_msb_pos = 0;
430 cp.out_pcm_sample_payload_msb_pos = 0;
431 cp.in_data_path = conn->codec.data_path;
432 cp.out_data_path = conn->codec.data_path;
433 cp.in_transport_unit_size = 1;
434 cp.out_transport_unit_size = 1;
437 case BT_CODEC_TRANSPARENT:
438 if (!find_next_esco_param(conn, esco_param_msbc,
439 ARRAY_SIZE(esco_param_msbc)))
441 param = &esco_param_msbc[conn->attempt - 1];
442 cp.tx_coding_format.id = 0x03;
443 cp.rx_coding_format.id = 0x03;
444 cp.tx_codec_frame_size = __cpu_to_le16(60);
445 cp.rx_codec_frame_size = __cpu_to_le16(60);
446 cp.in_bandwidth = __cpu_to_le32(0x1f40);
447 cp.out_bandwidth = __cpu_to_le32(0x1f40);
448 cp.in_coding_format.id = 0x03;
449 cp.out_coding_format.id = 0x03;
450 cp.in_coded_data_size = __cpu_to_le16(16);
451 cp.out_coded_data_size = __cpu_to_le16(16);
452 cp.in_pcm_data_format = 2;
453 cp.out_pcm_data_format = 2;
454 cp.in_pcm_sample_payload_msb_pos = 0;
455 cp.out_pcm_sample_payload_msb_pos = 0;
456 cp.in_data_path = conn->codec.data_path;
457 cp.out_data_path = conn->codec.data_path;
458 cp.in_transport_unit_size = 1;
459 cp.out_transport_unit_size = 1;
463 if (lmp_esco_capable(conn->link)) {
464 if (!find_next_esco_param(conn, esco_param_cvsd,
465 ARRAY_SIZE(esco_param_cvsd)))
467 param = &esco_param_cvsd[conn->attempt - 1];
469 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
471 param = &sco_param_cvsd[conn->attempt - 1];
473 cp.tx_coding_format.id = 2;
474 cp.rx_coding_format.id = 2;
475 cp.tx_codec_frame_size = __cpu_to_le16(60);
476 cp.rx_codec_frame_size = __cpu_to_le16(60);
477 cp.in_bandwidth = __cpu_to_le32(16000);
478 cp.out_bandwidth = __cpu_to_le32(16000);
479 cp.in_coding_format.id = 4;
480 cp.out_coding_format.id = 4;
481 cp.in_coded_data_size = __cpu_to_le16(16);
482 cp.out_coded_data_size = __cpu_to_le16(16);
483 cp.in_pcm_data_format = 2;
484 cp.out_pcm_data_format = 2;
485 cp.in_pcm_sample_payload_msb_pos = 0;
486 cp.out_pcm_sample_payload_msb_pos = 0;
487 cp.in_data_path = conn->codec.data_path;
488 cp.out_data_path = conn->codec.data_path;
489 cp.in_transport_unit_size = 16;
490 cp.out_transport_unit_size = 16;
496 cp.retrans_effort = param->retrans_effort;
497 cp.pkt_type = __cpu_to_le16(param->pkt_type);
498 cp.max_latency = __cpu_to_le16(param->max_latency);
500 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
506 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
508 struct hci_dev *hdev = conn->hdev;
509 struct hci_cp_setup_sync_conn cp;
510 const struct sco_param *param;
512 bt_dev_dbg(hdev, "hcon %p", conn);
514 conn->state = BT_CONNECT;
519 cp.handle = cpu_to_le16(handle);
521 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
522 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
523 cp.voice_setting = cpu_to_le16(conn->setting);
525 switch (conn->setting & SCO_AIRMODE_MASK) {
526 case SCO_AIRMODE_TRANSP:
527 if (!find_next_esco_param(conn, esco_param_msbc,
528 ARRAY_SIZE(esco_param_msbc)))
530 param = &esco_param_msbc[conn->attempt - 1];
532 case SCO_AIRMODE_CVSD:
533 if (lmp_esco_capable(conn->link)) {
534 if (!find_next_esco_param(conn, esco_param_cvsd,
535 ARRAY_SIZE(esco_param_cvsd)))
537 param = &esco_param_cvsd[conn->attempt - 1];
539 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
541 param = &sco_param_cvsd[conn->attempt - 1];
548 cp.retrans_effort = param->retrans_effort;
549 cp.pkt_type = __cpu_to_le16(param->pkt_type);
550 cp.max_latency = __cpu_to_le16(param->max_latency);
552 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
558 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
561 struct conn_handle_t *conn_handle;
563 if (enhanced_sync_conn_capable(conn->hdev)) {
564 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
569 conn_handle->conn = conn;
570 conn_handle->handle = handle;
571 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
579 return hci_setup_sync_conn(conn, handle);
582 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
585 struct hci_dev *hdev = conn->hdev;
586 struct hci_conn_params *params;
587 struct hci_cp_le_conn_update cp;
591 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
593 params->conn_min_interval = min;
594 params->conn_max_interval = max;
595 params->conn_latency = latency;
596 params->supervision_timeout = to_multiplier;
599 hci_dev_unlock(hdev);
601 memset(&cp, 0, sizeof(cp));
602 cp.handle = cpu_to_le16(conn->handle);
603 cp.conn_interval_min = cpu_to_le16(min);
604 cp.conn_interval_max = cpu_to_le16(max);
605 cp.conn_latency = cpu_to_le16(latency);
606 cp.supervision_timeout = cpu_to_le16(to_multiplier);
607 cp.min_ce_len = cpu_to_le16(0x0000);
608 cp.max_ce_len = cpu_to_le16(0x0000);
610 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
618 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
619 __u8 ltk[16], __u8 key_size)
621 struct hci_dev *hdev = conn->hdev;
622 struct hci_cp_le_start_enc cp;
624 BT_DBG("hcon %p", conn);
626 memset(&cp, 0, sizeof(cp));
628 cp.handle = cpu_to_le16(conn->handle);
631 memcpy(cp.ltk, ltk, key_size);
633 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
636 /* Device _must_ be locked */
637 void hci_sco_setup(struct hci_conn *conn, __u8 status)
639 struct hci_conn *sco = conn->link;
644 BT_DBG("hcon %p", conn);
647 if (lmp_esco_capable(conn->hdev))
648 hci_setup_sync(sco, conn->handle);
650 hci_add_sco(sco, conn->handle);
652 hci_connect_cfm(sco, status);
657 static void hci_conn_timeout(struct work_struct *work)
659 struct hci_conn *conn = container_of(work, struct hci_conn,
661 int refcnt = atomic_read(&conn->refcnt);
663 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
667 /* FIXME: It was observed that in pairing failed scenario, refcnt
668 * drops below 0. Probably this is because l2cap_conn_del calls
669 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
670 * dropped. After that loop hci_chan_del is called which also drops
671 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
677 /* LE connections in scanning state need special handling */
678 if (conn->state == BT_CONNECT && conn->type == LE_LINK &&
679 test_bit(HCI_CONN_SCANNING, &conn->flags)) {
680 hci_connect_le_scan_remove(conn);
684 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
687 /* Enter sniff mode */
688 static void hci_conn_idle(struct work_struct *work)
690 struct hci_conn *conn = container_of(work, struct hci_conn,
692 struct hci_dev *hdev = conn->hdev;
694 BT_DBG("hcon %p mode %d", conn, conn->mode);
696 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
699 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
702 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
703 struct hci_cp_sniff_subrate cp;
704 cp.handle = cpu_to_le16(conn->handle);
705 cp.max_latency = cpu_to_le16(0);
706 cp.min_remote_timeout = cpu_to_le16(0);
707 cp.min_local_timeout = cpu_to_le16(0);
708 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
711 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
712 struct hci_cp_sniff_mode cp;
713 cp.handle = cpu_to_le16(conn->handle);
714 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
715 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
716 cp.attempt = cpu_to_le16(4);
717 cp.timeout = cpu_to_le16(1);
718 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
722 static void hci_conn_auto_accept(struct work_struct *work)
724 struct hci_conn *conn = container_of(work, struct hci_conn,
725 auto_accept_work.work);
727 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
731 static void le_disable_advertising(struct hci_dev *hdev)
733 if (ext_adv_capable(hdev)) {
734 struct hci_cp_le_set_ext_adv_enable cp;
737 cp.num_of_sets = 0x00;
739 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
743 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
748 static void le_conn_timeout(struct work_struct *work)
750 struct hci_conn *conn = container_of(work, struct hci_conn,
751 le_conn_timeout.work);
752 struct hci_dev *hdev = conn->hdev;
756 /* We could end up here due to having done directed advertising,
757 * so clean up the state if necessary. This should however only
758 * happen with broken hardware or if low duty cycle was used
759 * (which doesn't have a timeout of its own).
761 if (conn->role == HCI_ROLE_SLAVE) {
762 /* Disable LE Advertising */
763 le_disable_advertising(hdev);
765 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
766 hci_dev_unlock(hdev);
770 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
773 struct iso_list_data {
785 struct hci_cp_le_set_cig_params cp;
786 struct hci_cis_params cis[0x11];
790 static void bis_list(struct hci_conn *conn, void *data)
792 struct iso_list_data *d = data;
794 /* Skip if not broadcast/ANY address */
795 if (bacmp(&conn->dst, BDADDR_ANY))
798 if (d->big != conn->iso_qos.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
799 d->bis != conn->iso_qos.bis)
805 static void find_bis(struct hci_conn *conn, void *data)
807 struct iso_list_data *d = data;
810 if (bacmp(&conn->dst, BDADDR_ANY))
816 static int terminate_big_sync(struct hci_dev *hdev, void *data)
818 struct iso_list_data *d = data;
820 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
822 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
824 /* Check if ISO connection is a BIS and terminate BIG if there are
825 * no other connections using it.
827 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
831 return hci_le_terminate_big_sync(hdev, d->big,
832 HCI_ERROR_LOCAL_HOST_TERM);
835 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
840 static int hci_le_terminate_big(struct hci_dev *hdev, u8 big, u8 bis)
842 struct iso_list_data *d;
845 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis);
847 d = kmalloc(sizeof(*d), GFP_KERNEL);
851 memset(d, 0, sizeof(*d));
855 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
856 terminate_big_destroy);
863 static int big_terminate_sync(struct hci_dev *hdev, void *data)
865 struct iso_list_data *d = data;
867 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
870 /* Check if ISO connection is a BIS and terminate BIG if there are
871 * no other connections using it.
873 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
877 hci_le_big_terminate_sync(hdev, d->big);
879 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
882 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, u16 sync_handle)
884 struct iso_list_data *d;
887 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle);
889 d = kmalloc(sizeof(*d), GFP_KERNEL);
893 memset(d, 0, sizeof(*d));
895 d->sync_handle = sync_handle;
897 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
898 terminate_big_destroy);
905 /* Cleanup BIS connection
907 * Detects if there any BIS left connected in a BIG
908 * broadcaster: Remove advertising instance and terminate BIG.
909 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
911 static void bis_cleanup(struct hci_conn *conn)
913 struct hci_dev *hdev = conn->hdev;
915 bt_dev_dbg(hdev, "conn %p", conn);
917 if (conn->role == HCI_ROLE_MASTER) {
918 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
921 hci_le_terminate_big(hdev, conn->iso_qos.big,
924 hci_le_big_terminate(hdev, conn->iso_qos.big,
929 static int remove_cig_sync(struct hci_dev *hdev, void *data)
931 u8 handle = PTR_ERR(data);
933 return hci_le_remove_cig_sync(hdev, handle);
936 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
938 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
940 return hci_cmd_sync_queue(hdev, remove_cig_sync, ERR_PTR(handle), NULL);
943 static void find_cis(struct hci_conn *conn, void *data)
945 struct iso_list_data *d = data;
947 /* Ignore broadcast */
948 if (!bacmp(&conn->dst, BDADDR_ANY))
954 /* Cleanup CIS connection:
956 * Detects if there any CIS left connected in a CIG and remove it.
958 static void cis_cleanup(struct hci_conn *conn)
960 struct hci_dev *hdev = conn->hdev;
961 struct iso_list_data d;
963 memset(&d, 0, sizeof(d));
964 d.cig = conn->iso_qos.cig;
966 /* Check if ISO connection is a CIS and remove CIG if there are
967 * no other connections using it.
969 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
973 hci_le_remove_cig(hdev, conn->iso_qos.cig);
976 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
979 struct hci_conn *conn;
981 BT_DBG("%s dst %pMR", hdev->name, dst);
983 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
987 bacpy(&conn->dst, dst);
988 bacpy(&conn->src, &hdev->bdaddr);
989 conn->handle = HCI_CONN_HANDLE_UNSET;
993 conn->mode = HCI_CM_ACTIVE;
994 conn->state = BT_OPEN;
995 conn->auth_type = HCI_AT_GENERAL_BONDING;
996 conn->io_capability = hdev->io_capability;
997 conn->remote_auth = 0xff;
998 conn->key_type = 0xff;
999 conn->rssi = HCI_RSSI_INVALID;
1000 conn->tx_power = HCI_TX_POWER_INVALID;
1001 conn->max_tx_power = HCI_TX_POWER_INVALID;
1003 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
1004 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1006 /* Set Default Authenticated payload timeout to 30s */
1007 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
1009 if (conn->role == HCI_ROLE_MASTER)
1014 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
1017 /* conn->src should reflect the local identity address */
1018 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1021 /* conn->src should reflect the local identity address */
1022 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1024 /* set proper cleanup function */
1025 if (!bacmp(dst, BDADDR_ANY))
1026 conn->cleanup = bis_cleanup;
1027 else if (conn->role == HCI_ROLE_MASTER)
1028 conn->cleanup = cis_cleanup;
1032 if (lmp_esco_capable(hdev))
1033 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1034 (hdev->esco_type & EDR_ESCO_MASK);
1036 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1039 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
1043 skb_queue_head_init(&conn->data_q);
1045 INIT_LIST_HEAD(&conn->chan_list);
1047 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
1048 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
1049 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1050 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1051 INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup);
1053 atomic_set(&conn->refcnt, 0);
1057 hci_conn_hash_add(hdev, conn);
1059 /* The SCO and eSCO connections will only be notified when their
1060 * setup has been completed. This is different to ACL links which
1061 * can be notified right away.
1063 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1065 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1068 hci_conn_init_sysfs(conn);
1073 static bool hci_conn_unlink(struct hci_conn *conn)
1078 conn->link->link = NULL;
1084 int hci_conn_del(struct hci_conn *conn)
1086 struct hci_dev *hdev = conn->hdev;
1088 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1090 cancel_delayed_work_sync(&conn->disc_work);
1091 cancel_delayed_work_sync(&conn->auto_accept_work);
1092 cancel_delayed_work_sync(&conn->idle_work);
1094 if (conn->type == ACL_LINK) {
1095 struct hci_conn *link = conn->link;
1098 hci_conn_unlink(conn);
1099 /* Due to race, SCO connection might be not established
1100 * yet at this point. Delete it now, otherwise it is
1101 * possible for it to be stuck and can't be deleted.
1103 if (link->handle == HCI_CONN_HANDLE_UNSET)
1107 /* Unacked frames */
1108 hdev->acl_cnt += conn->sent;
1109 } else if (conn->type == LE_LINK) {
1110 cancel_delayed_work(&conn->le_conn_timeout);
1113 hdev->le_cnt += conn->sent;
1115 hdev->acl_cnt += conn->sent;
1117 struct hci_conn *acl = conn->link;
1120 hci_conn_unlink(conn);
1124 /* Unacked ISO frames */
1125 if (conn->type == ISO_LINK) {
1127 hdev->iso_cnt += conn->sent;
1128 else if (hdev->le_pkts)
1129 hdev->le_cnt += conn->sent;
1131 hdev->acl_cnt += conn->sent;
1136 amp_mgr_put(conn->amp_mgr);
1138 skb_queue_purge(&conn->data_q);
1140 /* Remove the connection from the list and cleanup its remaining
1141 * state. This is a separate function since for some cases like
1142 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1143 * rest of hci_conn_del.
1145 hci_conn_cleanup(conn);
1150 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1152 int use_src = bacmp(src, BDADDR_ANY);
1153 struct hci_dev *hdev = NULL, *d;
1155 BT_DBG("%pMR -> %pMR", src, dst);
1157 read_lock(&hci_dev_list_lock);
1159 list_for_each_entry(d, &hci_dev_list, list) {
1160 if (!test_bit(HCI_UP, &d->flags) ||
1161 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
1162 d->dev_type != HCI_PRIMARY)
1166 * No source address - find interface with bdaddr != dst
1167 * Source address - find interface with bdaddr == src
1174 if (src_type == BDADDR_BREDR) {
1175 if (!lmp_bredr_capable(d))
1177 bacpy(&id_addr, &d->bdaddr);
1178 id_addr_type = BDADDR_BREDR;
1180 if (!lmp_le_capable(d))
1183 hci_copy_identity_address(d, &id_addr,
1186 /* Convert from HCI to three-value type */
1187 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1188 id_addr_type = BDADDR_LE_PUBLIC;
1190 id_addr_type = BDADDR_LE_RANDOM;
1193 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1197 if (bacmp(&d->bdaddr, dst)) {
1204 hdev = hci_dev_hold(hdev);
1206 read_unlock(&hci_dev_list_lock);
1209 EXPORT_SYMBOL(hci_get_route);
1211 /* This function requires the caller holds hdev->lock */
1212 static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
1214 struct hci_dev *hdev = conn->hdev;
1216 hci_connect_le_scan_cleanup(conn, status);
1218 /* Enable advertising in case this was a failed connection
1219 * attempt as a peripheral.
1221 hci_enable_advertising(hdev);
1224 /* This function requires the caller holds hdev->lock */
1225 void hci_conn_failed(struct hci_conn *conn, u8 status)
1227 struct hci_dev *hdev = conn->hdev;
1229 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1231 switch (conn->type) {
1233 hci_le_conn_failed(conn, status);
1236 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1237 conn->dst_type, status);
1241 conn->state = BT_CLOSED;
1242 hci_connect_cfm(conn, status);
1246 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1248 struct hci_conn *conn = data;
1253 hci_connect_le_scan_cleanup(conn, 0x00);
1257 bt_dev_err(hdev, "request failed to create LE connection: err %d", err);
1259 /* Check if connection is still pending */
1260 if (conn != hci_lookup_le_connect(hdev))
1263 hci_conn_failed(conn, bt_status(err));
1266 hci_dev_unlock(hdev);
1269 static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
1271 struct hci_conn *conn = data;
1273 bt_dev_dbg(hdev, "conn %p", conn);
1275 return hci_le_create_conn_sync(hdev, conn);
1278 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
1279 u8 dst_type, bool dst_resolved, u8 sec_level,
1280 u16 conn_timeout, u8 role)
1282 struct hci_conn *conn;
1283 struct smp_irk *irk;
1286 /* Let's make sure that le is enabled.*/
1287 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1288 if (lmp_le_capable(hdev))
1289 return ERR_PTR(-ECONNREFUSED);
1291 return ERR_PTR(-EOPNOTSUPP);
1294 /* Since the controller supports only one LE connection attempt at a
1295 * time, we return -EBUSY if there is any connection attempt running.
1297 if (hci_lookup_le_connect(hdev))
1298 return ERR_PTR(-EBUSY);
1300 /* If there's already a connection object but it's not in
1301 * scanning state it means it must already be established, in
1302 * which case we can't do anything else except report a failure
1305 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1306 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1307 return ERR_PTR(-EBUSY);
1310 /* Check if the destination address has been resolved by the controller
1311 * since if it did then the identity address shall be used.
1313 if (!dst_resolved) {
1314 /* When given an identity address with existing identity
1315 * resolving key, the connection needs to be established
1316 * to a resolvable random address.
1318 * Storing the resolvable random address is required here
1319 * to handle connection failures. The address will later
1320 * be resolved back into the original identity address
1321 * from the connect request.
1323 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1324 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1326 dst_type = ADDR_LE_DEV_RANDOM;
1331 bacpy(&conn->dst, dst);
1333 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1335 return ERR_PTR(-ENOMEM);
1336 hci_conn_hold(conn);
1337 conn->pending_sec_level = sec_level;
1340 conn->dst_type = dst_type;
1341 conn->sec_level = BT_SECURITY_LOW;
1342 conn->conn_timeout = conn_timeout;
1344 conn->state = BT_CONNECT;
1345 clear_bit(HCI_CONN_SCANNING, &conn->flags);
1347 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, conn,
1348 create_le_conn_complete);
1351 return ERR_PTR(err);
1357 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1359 struct hci_conn *conn;
1361 conn = hci_conn_hash_lookup_le(hdev, addr, type);
1365 if (conn->state != BT_CONNECTED)
1371 /* This function requires the caller holds hdev->lock */
1372 static int hci_explicit_conn_params_set(struct hci_dev *hdev,
1373 bdaddr_t *addr, u8 addr_type)
1375 struct hci_conn_params *params;
1377 if (is_connected(hdev, addr, addr_type))
1380 params = hci_conn_params_lookup(hdev, addr, addr_type);
1382 params = hci_conn_params_add(hdev, addr, addr_type);
1386 /* If we created new params, mark them to be deleted in
1387 * hci_connect_le_scan_cleanup. It's different case than
1388 * existing disabled params, those will stay after cleanup.
1390 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1393 /* We're trying to connect, so make sure params are at pend_le_conns */
1394 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
1395 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1396 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
1397 list_del_init(¶ms->action);
1398 list_add(¶ms->action, &hdev->pend_le_conns);
1401 params->explicit_connect = true;
1403 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1404 params->auto_connect);
1409 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1411 struct iso_list_data data;
1413 /* Allocate a BIG if not set */
1414 if (qos->big == BT_ISO_QOS_BIG_UNSET) {
1415 for (data.big = 0x00; data.big < 0xef; data.big++) {
1419 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1425 if (data.big == 0xef)
1426 return -EADDRNOTAVAIL;
1429 qos->big = data.big;
1435 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1437 struct iso_list_data data;
1439 /* Allocate BIS if not set */
1440 if (qos->bis == BT_ISO_QOS_BIS_UNSET) {
1441 /* Find an unused adv set to advertise BIS, skip instance 0x00
1442 * since it is reserved as general purpose set.
1444 for (data.bis = 0x01; data.bis < hdev->le_num_of_adv_sets;
1448 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1454 if (data.bis == hdev->le_num_of_adv_sets)
1455 return -EADDRNOTAVAIL;
1458 qos->bis = data.bis;
1464 /* This function requires the caller holds hdev->lock */
1465 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
1466 struct bt_iso_qos *qos)
1468 struct hci_conn *conn;
1469 struct iso_list_data data;
1472 /* Let's make sure that le is enabled.*/
1473 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1474 if (lmp_le_capable(hdev))
1475 return ERR_PTR(-ECONNREFUSED);
1476 return ERR_PTR(-EOPNOTSUPP);
1479 err = qos_set_big(hdev, qos);
1481 return ERR_PTR(err);
1483 err = qos_set_bis(hdev, qos);
1485 return ERR_PTR(err);
1487 data.big = qos->big;
1488 data.bis = qos->bis;
1491 /* Check if there is already a matching BIG/BIS */
1492 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, BT_BOUND, &data);
1494 return ERR_PTR(-EADDRINUSE);
1496 conn = hci_conn_hash_lookup_bis(hdev, dst, qos->big, qos->bis);
1498 return ERR_PTR(-EADDRINUSE);
1500 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1502 return ERR_PTR(-ENOMEM);
1504 set_bit(HCI_CONN_PER_ADV, &conn->flags);
1505 conn->state = BT_CONNECT;
1507 hci_conn_hold(conn);
1511 /* This function requires the caller holds hdev->lock */
1512 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1513 u8 dst_type, u8 sec_level,
1515 enum conn_reasons conn_reason)
1517 struct hci_conn *conn;
1519 /* Let's make sure that le is enabled.*/
1520 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1521 if (lmp_le_capable(hdev))
1522 return ERR_PTR(-ECONNREFUSED);
1524 return ERR_PTR(-EOPNOTSUPP);
1527 /* Some devices send ATT messages as soon as the physical link is
1528 * established. To be able to handle these ATT messages, the user-
1529 * space first establishes the connection and then starts the pairing
1532 * So if a hci_conn object already exists for the following connection
1533 * attempt, we simply update pending_sec_level and auth_type fields
1534 * and return the object found.
1536 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1538 if (conn->pending_sec_level < sec_level)
1539 conn->pending_sec_level = sec_level;
1543 BT_DBG("requesting refresh of dst_addr");
1545 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
1547 return ERR_PTR(-ENOMEM);
1549 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1551 return ERR_PTR(-EBUSY);
1554 conn->state = BT_CONNECT;
1555 set_bit(HCI_CONN_SCANNING, &conn->flags);
1556 conn->dst_type = dst_type;
1557 conn->sec_level = BT_SECURITY_LOW;
1558 conn->pending_sec_level = sec_level;
1559 conn->conn_timeout = conn_timeout;
1560 conn->conn_reason = conn_reason;
1562 hci_update_passive_scan(hdev);
1565 hci_conn_hold(conn);
1569 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1570 u8 sec_level, u8 auth_type,
1571 enum conn_reasons conn_reason)
1573 struct hci_conn *acl;
1575 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1576 if (lmp_bredr_capable(hdev))
1577 return ERR_PTR(-ECONNREFUSED);
1579 return ERR_PTR(-EOPNOTSUPP);
1582 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1584 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
1586 return ERR_PTR(-ENOMEM);
1591 acl->conn_reason = conn_reason;
1592 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
1593 acl->sec_level = BT_SECURITY_LOW;
1594 acl->pending_sec_level = sec_level;
1595 acl->auth_type = auth_type;
1596 hci_acl_create_connection(acl);
1602 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1603 __u16 setting, struct bt_codec *codec)
1605 struct hci_conn *acl;
1606 struct hci_conn *sco;
1608 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1609 CONN_REASON_SCO_CONNECT);
1613 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1615 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
1618 return ERR_PTR(-ENOMEM);
1627 sco->setting = setting;
1628 sco->codec = *codec;
1630 if (acl->state == BT_CONNECTED &&
1631 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
1632 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
1633 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
1635 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
1636 /* defer SCO setup until mode change completed */
1637 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
1641 hci_sco_setup(acl, 0x00);
1647 static void cis_add(struct iso_list_data *d, struct bt_iso_qos *qos)
1649 struct hci_cis_params *cis = &d->pdu.cis[d->pdu.cp.num_cis];
1651 cis->cis_id = qos->cis;
1652 cis->c_sdu = cpu_to_le16(qos->out.sdu);
1653 cis->p_sdu = cpu_to_le16(qos->in.sdu);
1654 cis->c_phy = qos->out.phy ? qos->out.phy : qos->in.phy;
1655 cis->p_phy = qos->in.phy ? qos->in.phy : qos->out.phy;
1656 cis->c_rtn = qos->out.rtn;
1657 cis->p_rtn = qos->in.rtn;
1659 d->pdu.cp.num_cis++;
1662 static void cis_list(struct hci_conn *conn, void *data)
1664 struct iso_list_data *d = data;
1666 /* Skip if broadcast/ANY address */
1667 if (!bacmp(&conn->dst, BDADDR_ANY))
1670 if (d->cig != conn->iso_qos.cig || d->cis == BT_ISO_QOS_CIS_UNSET ||
1671 d->cis != conn->iso_qos.cis)
1676 if (d->pdu.cp.cig_id == BT_ISO_QOS_CIG_UNSET ||
1677 d->count >= ARRAY_SIZE(d->pdu.cis))
1680 cis_add(d, &conn->iso_qos);
1683 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1685 struct hci_dev *hdev = conn->hdev;
1686 struct hci_cp_le_create_big cp;
1688 memset(&cp, 0, sizeof(cp));
1690 cp.handle = qos->big;
1691 cp.adv_handle = qos->bis;
1693 hci_cpu_to_le24(qos->out.interval, cp.bis.sdu_interval);
1694 cp.bis.sdu = cpu_to_le16(qos->out.sdu);
1695 cp.bis.latency = cpu_to_le16(qos->out.latency);
1696 cp.bis.rtn = qos->out.rtn;
1697 cp.bis.phy = qos->out.phy;
1698 cp.bis.packing = qos->packing;
1699 cp.bis.framing = qos->framing;
1700 cp.bis.encryption = 0x00;
1701 memset(&cp.bis.bcode, 0, sizeof(cp.bis.bcode));
1703 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1706 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1708 struct hci_dev *hdev = conn->hdev;
1709 struct iso_list_data data;
1711 memset(&data, 0, sizeof(data));
1713 /* Allocate a CIG if not set */
1714 if (qos->cig == BT_ISO_QOS_CIG_UNSET) {
1715 for (data.cig = 0x00; data.cig < 0xff; data.cig++) {
1719 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK,
1724 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK,
1725 BT_CONNECTED, &data);
1730 if (data.cig == 0xff)
1734 qos->cig = data.cig;
1737 data.pdu.cp.cig_id = qos->cig;
1738 hci_cpu_to_le24(qos->out.interval, data.pdu.cp.c_interval);
1739 hci_cpu_to_le24(qos->in.interval, data.pdu.cp.p_interval);
1740 data.pdu.cp.sca = qos->sca;
1741 data.pdu.cp.packing = qos->packing;
1742 data.pdu.cp.framing = qos->framing;
1743 data.pdu.cp.c_latency = cpu_to_le16(qos->out.latency);
1744 data.pdu.cp.p_latency = cpu_to_le16(qos->in.latency);
1746 if (qos->cis != BT_ISO_QOS_CIS_UNSET) {
1748 data.cig = qos->cig;
1749 data.cis = qos->cis;
1751 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1756 cis_add(&data, qos);
1759 /* Reprogram all CIS(s) with the same CIG */
1760 for (data.cig = qos->cig, data.cis = 0x00; data.cis < 0x11;
1764 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1769 /* Allocate a CIS if not set */
1770 if (qos->cis == BT_ISO_QOS_CIS_UNSET) {
1772 qos->cis = data.cis;
1773 cis_add(&data, qos);
1777 if (qos->cis == BT_ISO_QOS_CIS_UNSET || !data.pdu.cp.num_cis)
1780 if (hci_send_cmd(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1781 sizeof(data.pdu.cp) +
1782 (data.pdu.cp.num_cis * sizeof(*data.pdu.cis)),
1789 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1790 __u8 dst_type, struct bt_iso_qos *qos)
1792 struct hci_conn *cis;
1794 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type);
1796 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1798 return ERR_PTR(-ENOMEM);
1799 cis->cleanup = cis_cleanup;
1800 cis->dst_type = dst_type;
1803 if (cis->state == BT_CONNECTED)
1806 /* Check if CIS has been set and the settings matches */
1807 if (cis->state == BT_BOUND &&
1808 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1811 /* Update LINK PHYs according to QoS preference */
1812 cis->le_tx_phy = qos->out.phy;
1813 cis->le_rx_phy = qos->in.phy;
1815 /* If output interval is not set use the input interval as it cannot be
1818 if (!qos->out.interval)
1819 qos->out.interval = qos->in.interval;
1821 /* If input interval is not set use the output interval as it cannot be
1824 if (!qos->in.interval)
1825 qos->in.interval = qos->out.interval;
1827 /* If output latency is not set use the input latency as it cannot be
1830 if (!qos->out.latency)
1831 qos->out.latency = qos->in.latency;
1833 /* If input latency is not set use the output latency as it cannot be
1836 if (!qos->in.latency)
1837 qos->in.latency = qos->out.latency;
1839 if (!hci_le_set_cig_params(cis, qos)) {
1841 return ERR_PTR(-EINVAL);
1844 cis->iso_qos = *qos;
1845 cis->state = BT_BOUND;
1850 bool hci_iso_setup_path(struct hci_conn *conn)
1852 struct hci_dev *hdev = conn->hdev;
1853 struct hci_cp_le_setup_iso_path cmd;
1855 memset(&cmd, 0, sizeof(cmd));
1857 if (conn->iso_qos.out.sdu) {
1858 cmd.handle = cpu_to_le16(conn->handle);
1859 cmd.direction = 0x00; /* Input (Host to Controller) */
1860 cmd.path = 0x00; /* HCI path if enabled */
1861 cmd.codec = 0x03; /* Transparent Data */
1863 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1868 if (conn->iso_qos.in.sdu) {
1869 cmd.handle = cpu_to_le16(conn->handle);
1870 cmd.direction = 0x01; /* Output (Controller to Host) */
1871 cmd.path = 0x00; /* HCI path if enabled */
1872 cmd.codec = 0x03; /* Transparent Data */
1874 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1882 static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1885 struct hci_cp_le_create_cis cp;
1886 struct hci_cis cis[0x1f];
1888 struct hci_conn *conn = data;
1891 memset(&cmd, 0, sizeof(cmd));
1892 cmd.cis[0].acl_handle = cpu_to_le16(conn->link->handle);
1893 cmd.cis[0].cis_handle = cpu_to_le16(conn->handle);
1895 cig = conn->iso_qos.cig;
1901 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1902 struct hci_cis *cis = &cmd.cis[cmd.cp.num_cis];
1904 if (conn == data || conn->type != ISO_LINK ||
1905 conn->state == BT_CONNECTED || conn->iso_qos.cig != cig)
1908 /* Check if all CIS(s) belonging to a CIG are ready */
1909 if (!conn->link || conn->link->state != BT_CONNECTED ||
1910 conn->state != BT_CONNECT) {
1915 /* Group all CIS with state BT_CONNECT since the spec don't
1916 * allow to send them individually:
1918 * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
1921 * If the Host issues this command before all the
1922 * HCI_LE_CIS_Established events from the previous use of the
1923 * command have been generated, the Controller shall return the
1924 * error code Command Disallowed (0x0C).
1926 cis->acl_handle = cpu_to_le16(conn->link->handle);
1927 cis->cis_handle = cpu_to_le16(conn->handle);
1933 hci_dev_unlock(hdev);
1935 if (!cmd.cp.num_cis)
1938 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_CIS, sizeof(cmd.cp) +
1939 sizeof(cmd.cis[0]) * cmd.cp.num_cis, &cmd);
1942 int hci_le_create_cis(struct hci_conn *conn)
1944 struct hci_conn *cis;
1945 struct hci_dev *hdev = conn->hdev;
1948 switch (conn->type) {
1950 if (!conn->link || conn->state != BT_CONNECTED)
1961 if (cis->state == BT_CONNECT)
1964 /* Queue Create CIS */
1965 err = hci_cmd_sync_queue(hdev, hci_create_cis_sync, cis, NULL);
1969 cis->state = BT_CONNECT;
1974 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
1975 struct bt_iso_io_qos *qos, __u8 phy)
1977 /* Only set MTU if PHY is enabled */
1978 if (!qos->sdu && qos->phy) {
1979 if (hdev->iso_mtu > 0)
1980 qos->sdu = hdev->iso_mtu;
1981 else if (hdev->le_mtu > 0)
1982 qos->sdu = hdev->le_mtu;
1984 qos->sdu = hdev->acl_mtu;
1987 /* Use the same PHY as ACL if set to any */
1988 if (qos->phy == BT_ISO_PHY_ANY)
1991 /* Use LE ACL connection interval if not set */
1993 /* ACL interval unit in 1.25 ms to us */
1994 qos->interval = conn->le_conn_interval * 1250;
1996 /* Use LE ACL connection latency if not set */
1998 qos->latency = conn->le_conn_latency;
2001 static void hci_bind_bis(struct hci_conn *conn,
2002 struct bt_iso_qos *qos)
2004 /* Update LINK PHYs according to QoS preference */
2005 conn->le_tx_phy = qos->out.phy;
2006 conn->le_tx_phy = qos->out.phy;
2007 conn->iso_qos = *qos;
2008 conn->state = BT_BOUND;
2011 static int create_big_sync(struct hci_dev *hdev, void *data)
2013 struct hci_conn *conn = data;
2014 struct bt_iso_qos *qos = &conn->iso_qos;
2015 u16 interval, sync_interval = 0;
2019 if (qos->out.phy == 0x02)
2020 flags |= MGMT_ADV_FLAG_SEC_2M;
2022 /* Align intervals */
2023 interval = qos->out.interval / 1250;
2026 sync_interval = qos->sync_interval * 1600;
2028 err = hci_start_per_adv_sync(hdev, qos->bis, conn->le_per_adv_data_len,
2029 conn->le_per_adv_data, flags, interval,
2030 interval, sync_interval);
2034 return hci_le_create_big(conn, &conn->iso_qos);
2037 static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2039 struct hci_cp_le_pa_create_sync *cp = data;
2041 bt_dev_dbg(hdev, "");
2044 bt_dev_err(hdev, "Unable to create PA: %d", err);
2049 static int create_pa_sync(struct hci_dev *hdev, void *data)
2051 struct hci_cp_le_pa_create_sync *cp = data;
2054 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2055 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2057 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2061 return hci_update_passive_scan_sync(hdev);
2064 int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
2067 struct hci_cp_le_pa_create_sync *cp;
2069 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2072 cp = kmalloc(sizeof(*cp), GFP_KERNEL);
2074 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2078 /* Convert from ISO socket address type to HCI address type */
2079 if (dst_type == BDADDR_LE_PUBLIC)
2080 dst_type = ADDR_LE_DEV_PUBLIC;
2082 dst_type = ADDR_LE_DEV_RANDOM;
2084 memset(cp, 0, sizeof(*cp));
2086 cp->addr_type = dst_type;
2087 bacpy(&cp->addr, dst);
2089 /* Queue start pa_create_sync and scan */
2090 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2093 int hci_le_big_create_sync(struct hci_dev *hdev, struct bt_iso_qos *qos,
2094 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2097 struct hci_cp_le_big_create_sync cp;
2102 if (num_bis > sizeof(pdu.bis))
2105 err = qos_set_big(hdev, qos);
2109 memset(&pdu, 0, sizeof(pdu));
2110 pdu.cp.handle = qos->big;
2111 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
2112 pdu.cp.num_bis = num_bis;
2113 memcpy(pdu.bis, bis, num_bis);
2115 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2116 sizeof(pdu.cp) + num_bis, &pdu);
2119 static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2121 struct hci_conn *conn = data;
2123 bt_dev_dbg(hdev, "conn %p", conn);
2126 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2127 hci_connect_cfm(conn, err);
2132 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2133 __u8 dst_type, struct bt_iso_qos *qos,
2134 __u8 base_len, __u8 *base)
2136 struct hci_conn *conn;
2139 /* We need hci_conn object using the BDADDR_ANY as dst */
2140 conn = hci_add_bis(hdev, dst, qos);
2144 hci_bind_bis(conn, qos);
2146 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2147 if (base_len && base) {
2148 base_len = eir_append_service_data(conn->le_per_adv_data, 0,
2149 0x1851, base, base_len);
2150 conn->le_per_adv_data_len = base_len;
2153 /* Queue start periodic advertising and create BIG */
2154 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2155 create_big_complete);
2157 hci_conn_drop(conn);
2158 return ERR_PTR(err);
2161 hci_iso_qos_setup(hdev, conn, &qos->out,
2162 conn->le_tx_phy ? conn->le_tx_phy :
2163 hdev->le_tx_def_phys);
2168 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2169 __u8 dst_type, struct bt_iso_qos *qos)
2171 struct hci_conn *le;
2172 struct hci_conn *cis;
2174 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2175 le = hci_connect_le(hdev, dst, dst_type, false,
2177 HCI_LE_CONN_TIMEOUT,
2180 le = hci_connect_le_scan(hdev, dst, dst_type,
2182 HCI_LE_CONN_TIMEOUT,
2183 CONN_REASON_ISO_CONNECT);
2187 hci_iso_qos_setup(hdev, le, &qos->out,
2188 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
2189 hci_iso_qos_setup(hdev, le, &qos->in,
2190 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2192 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2203 /* If LE is already connected and CIS handle is already set proceed to
2204 * Create CIS immediately.
2206 if (le->state == BT_CONNECTED && cis->handle != HCI_CONN_HANDLE_UNSET)
2207 hci_le_create_cis(le);
2212 /* Check link security requirement */
2213 int hci_conn_check_link_mode(struct hci_conn *conn)
2215 BT_DBG("hcon %p", conn);
2217 /* In Secure Connections Only mode, it is required that Secure
2218 * Connections is used and the link is encrypted with AES-CCM
2219 * using a P-256 authenticated combination key.
2221 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
2222 if (!hci_conn_sc_enabled(conn) ||
2223 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2224 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2228 /* AES encryption is required for Level 4:
2230 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2233 * 128-bit equivalent strength for link and encryption keys
2234 * required using FIPS approved algorithms (E0 not allowed,
2235 * SAFER+ not allowed, and P-192 not allowed; encryption key
2238 if (conn->sec_level == BT_SECURITY_FIPS &&
2239 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2240 bt_dev_err(conn->hdev,
2241 "Invalid security: Missing AES-CCM usage");
2245 if (hci_conn_ssp_enabled(conn) &&
2246 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2252 /* Authenticate remote device */
2253 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
2255 BT_DBG("hcon %p", conn);
2257 if (conn->pending_sec_level > sec_level)
2258 sec_level = conn->pending_sec_level;
2260 if (sec_level > conn->sec_level)
2261 conn->pending_sec_level = sec_level;
2262 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
2265 /* Make sure we preserve an existing MITM requirement*/
2266 auth_type |= (conn->auth_type & 0x01);
2268 conn->auth_type = auth_type;
2270 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2271 struct hci_cp_auth_requested cp;
2273 cp.handle = cpu_to_le16(conn->handle);
2274 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
2277 /* If we're already encrypted set the REAUTH_PEND flag,
2278 * otherwise set the ENCRYPT_PEND.
2280 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2281 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2283 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2289 /* Encrypt the link */
2290 static void hci_conn_encrypt(struct hci_conn *conn)
2292 BT_DBG("hcon %p", conn);
2294 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2295 struct hci_cp_set_conn_encrypt cp;
2296 cp.handle = cpu_to_le16(conn->handle);
2298 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2303 /* Enable security */
2304 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2307 BT_DBG("hcon %p", conn);
2309 if (conn->type == LE_LINK)
2310 return smp_conn_security(conn, sec_level);
2312 /* For sdp we don't need the link key. */
2313 if (sec_level == BT_SECURITY_SDP)
2316 /* For non 2.1 devices and low security level we don't need the link
2318 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
2321 /* For other security levels we need the link key. */
2322 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
2325 /* An authenticated FIPS approved combination key has sufficient
2326 * security for security level 4. */
2327 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
2328 sec_level == BT_SECURITY_FIPS)
2331 /* An authenticated combination key has sufficient security for
2332 security level 3. */
2333 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
2334 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
2335 sec_level == BT_SECURITY_HIGH)
2338 /* An unauthenticated combination key has sufficient security for
2339 security level 1 and 2. */
2340 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2341 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2342 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
2345 /* A combination key has always sufficient security for the security
2346 levels 1 or 2. High security level requires the combination key
2347 is generated using maximum PIN code length (16).
2348 For pre 2.1 units. */
2349 if (conn->key_type == HCI_LK_COMBINATION &&
2350 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
2351 conn->pin_length == 16))
2355 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
2359 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2361 if (!hci_conn_auth(conn, sec_level, auth_type))
2365 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2366 /* Ensure that the encryption key size has been read,
2367 * otherwise stall the upper layer responses.
2369 if (!conn->enc_key_size)
2372 /* Nothing else needed, all requirements are met */
2376 hci_conn_encrypt(conn);
2379 EXPORT_SYMBOL(hci_conn_security);
2381 /* Check secure link requirement */
2382 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2384 BT_DBG("hcon %p", conn);
2386 /* Accept if non-secure or higher security level is required */
2387 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2390 /* Accept if secure or higher security level is already present */
2391 if (conn->sec_level == BT_SECURITY_HIGH ||
2392 conn->sec_level == BT_SECURITY_FIPS)
2395 /* Reject not secure link */
2398 EXPORT_SYMBOL(hci_conn_check_secure);
2401 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
2403 BT_DBG("hcon %p", conn);
2405 if (role == conn->role)
2408 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
2409 struct hci_cp_switch_role cp;
2410 bacpy(&cp.bdaddr, &conn->dst);
2412 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
2417 EXPORT_SYMBOL(hci_conn_switch_role);
2419 /* Enter active mode */
2420 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
2422 struct hci_dev *hdev = conn->hdev;
2424 BT_DBG("hcon %p mode %d", conn, conn->mode);
2426 if (conn->mode != HCI_CM_SNIFF)
2429 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
2432 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2433 struct hci_cp_exit_sniff_mode cp;
2434 cp.handle = cpu_to_le16(conn->handle);
2435 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
2439 if (hdev->idle_timeout > 0)
2440 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2441 msecs_to_jiffies(hdev->idle_timeout));
2444 /* Drop all connection on the device */
2445 void hci_conn_hash_flush(struct hci_dev *hdev)
2447 struct hci_conn_hash *h = &hdev->conn_hash;
2448 struct hci_conn *c, *n;
2450 BT_DBG("hdev %s", hdev->name);
2452 list_for_each_entry_safe(c, n, &h->list, list) {
2453 c->state = BT_CLOSED;
2455 hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
2457 /* Unlink before deleting otherwise it is possible that
2458 * hci_conn_del removes the link which may cause the list to
2459 * contain items already freed.
2466 /* Check pending connect attempts */
2467 void hci_conn_check_pending(struct hci_dev *hdev)
2469 struct hci_conn *conn;
2471 BT_DBG("hdev %s", hdev->name);
2475 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2477 hci_acl_create_connection(conn);
2479 hci_dev_unlock(hdev);
2482 static u32 get_link_mode(struct hci_conn *conn)
2486 if (conn->role == HCI_ROLE_MASTER)
2487 link_mode |= HCI_LM_MASTER;
2489 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2490 link_mode |= HCI_LM_ENCRYPT;
2492 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2493 link_mode |= HCI_LM_AUTH;
2495 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2496 link_mode |= HCI_LM_SECURE;
2498 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2499 link_mode |= HCI_LM_FIPS;
2504 int hci_get_conn_list(void __user *arg)
2507 struct hci_conn_list_req req, *cl;
2508 struct hci_conn_info *ci;
2509 struct hci_dev *hdev;
2510 int n = 0, size, err;
2512 if (copy_from_user(&req, arg, sizeof(req)))
2515 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2518 size = sizeof(req) + req.conn_num * sizeof(*ci);
2520 cl = kmalloc(size, GFP_KERNEL);
2524 hdev = hci_dev_get(req.dev_id);
2533 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2534 bacpy(&(ci + n)->bdaddr, &c->dst);
2535 (ci + n)->handle = c->handle;
2536 (ci + n)->type = c->type;
2537 (ci + n)->out = c->out;
2538 (ci + n)->state = c->state;
2539 (ci + n)->link_mode = get_link_mode(c);
2540 if (++n >= req.conn_num)
2543 hci_dev_unlock(hdev);
2545 cl->dev_id = hdev->id;
2547 size = sizeof(req) + n * sizeof(*ci);
2551 err = copy_to_user(arg, cl, size);
2554 return err ? -EFAULT : 0;
2557 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2559 struct hci_conn_info_req req;
2560 struct hci_conn_info ci;
2561 struct hci_conn *conn;
2562 char __user *ptr = arg + sizeof(req);
2564 if (copy_from_user(&req, arg, sizeof(req)))
2568 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2570 bacpy(&ci.bdaddr, &conn->dst);
2571 ci.handle = conn->handle;
2572 ci.type = conn->type;
2574 ci.state = conn->state;
2575 ci.link_mode = get_link_mode(conn);
2577 hci_dev_unlock(hdev);
2582 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2585 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2587 struct hci_auth_info_req req;
2588 struct hci_conn *conn;
2590 if (copy_from_user(&req, arg, sizeof(req)))
2594 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2596 req.type = conn->auth_type;
2597 hci_dev_unlock(hdev);
2602 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2605 struct hci_chan *hci_chan_create(struct hci_conn *conn)
2607 struct hci_dev *hdev = conn->hdev;
2608 struct hci_chan *chan;
2610 BT_DBG("%s hcon %p", hdev->name, conn);
2612 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2613 BT_DBG("Refusing to create new hci_chan");
2617 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
2621 chan->conn = hci_conn_get(conn);
2622 skb_queue_head_init(&chan->data_q);
2623 chan->state = BT_CONNECTED;
2625 list_add_rcu(&chan->list, &conn->chan_list);
2630 void hci_chan_del(struct hci_chan *chan)
2632 struct hci_conn *conn = chan->conn;
2633 struct hci_dev *hdev = conn->hdev;
2635 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
2637 list_del_rcu(&chan->list);
2641 /* Prevent new hci_chan's to be created for this hci_conn */
2642 set_bit(HCI_CONN_DROP, &conn->flags);
2646 skb_queue_purge(&chan->data_q);
2650 void hci_chan_list_flush(struct hci_conn *conn)
2652 struct hci_chan *chan, *n;
2654 BT_DBG("hcon %p", conn);
2656 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
2660 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2663 struct hci_chan *hchan;
2665 list_for_each_entry(hchan, &hcon->chan_list, list) {
2666 if (hchan->handle == handle)
2673 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2675 struct hci_conn_hash *h = &hdev->conn_hash;
2676 struct hci_conn *hcon;
2677 struct hci_chan *hchan = NULL;
2681 list_for_each_entry_rcu(hcon, &h->list, list) {
2682 hchan = __hci_chan_lookup_handle(hcon, handle);
2692 u32 hci_conn_get_phy(struct hci_conn *conn)
2696 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2697 * Table 6.2: Packets defined for synchronous, asynchronous, and
2698 * CPB logical transport types.
2700 switch (conn->type) {
2702 /* SCO logical transport (1 Mb/s):
2703 * HV1, HV2, HV3 and DV.
2705 phys |= BT_PHY_BR_1M_1SLOT;
2710 /* ACL logical transport (1 Mb/s) ptt=0:
2711 * DH1, DM3, DH3, DM5 and DH5.
2713 phys |= BT_PHY_BR_1M_1SLOT;
2715 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2716 phys |= BT_PHY_BR_1M_3SLOT;
2718 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2719 phys |= BT_PHY_BR_1M_5SLOT;
2721 /* ACL logical transport (2 Mb/s) ptt=1:
2722 * 2-DH1, 2-DH3 and 2-DH5.
2724 if (!(conn->pkt_type & HCI_2DH1))
2725 phys |= BT_PHY_EDR_2M_1SLOT;
2727 if (!(conn->pkt_type & HCI_2DH3))
2728 phys |= BT_PHY_EDR_2M_3SLOT;
2730 if (!(conn->pkt_type & HCI_2DH5))
2731 phys |= BT_PHY_EDR_2M_5SLOT;
2733 /* ACL logical transport (3 Mb/s) ptt=1:
2734 * 3-DH1, 3-DH3 and 3-DH5.
2736 if (!(conn->pkt_type & HCI_3DH1))
2737 phys |= BT_PHY_EDR_3M_1SLOT;
2739 if (!(conn->pkt_type & HCI_3DH3))
2740 phys |= BT_PHY_EDR_3M_3SLOT;
2742 if (!(conn->pkt_type & HCI_3DH5))
2743 phys |= BT_PHY_EDR_3M_5SLOT;
2748 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2749 phys |= BT_PHY_BR_1M_1SLOT;
2751 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2752 phys |= BT_PHY_BR_1M_3SLOT;
2754 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2755 if (!(conn->pkt_type & ESCO_2EV3))
2756 phys |= BT_PHY_EDR_2M_1SLOT;
2758 if (!(conn->pkt_type & ESCO_2EV5))
2759 phys |= BT_PHY_EDR_2M_3SLOT;
2761 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2762 if (!(conn->pkt_type & ESCO_3EV3))
2763 phys |= BT_PHY_EDR_3M_1SLOT;
2765 if (!(conn->pkt_type & ESCO_3EV5))
2766 phys |= BT_PHY_EDR_3M_3SLOT;
2771 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2772 phys |= BT_PHY_LE_1M_TX;
2774 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2775 phys |= BT_PHY_LE_1M_RX;
2777 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2778 phys |= BT_PHY_LE_2M_TX;
2780 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2781 phys |= BT_PHY_LE_2M_RX;
2783 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2784 phys |= BT_PHY_LE_CODED_TX;
2786 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2787 phys |= BT_PHY_LE_CODED_RX;
2795 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2799 switch (conn->state) {
2802 if (conn->type == AMP_LINK) {
2803 struct hci_cp_disconn_phy_link cp;
2805 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2807 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
2810 struct hci_cp_disconnect dc;
2812 dc.handle = cpu_to_le16(conn->handle);
2814 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT,
2818 conn->state = BT_DISCONN;
2822 if (conn->type == LE_LINK) {
2823 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2825 r = hci_send_cmd(conn->hdev,
2826 HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
2827 } else if (conn->type == ACL_LINK) {
2828 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
2830 r = hci_send_cmd(conn->hdev,
2831 HCI_OP_CREATE_CONN_CANCEL,
2836 if (conn->type == ACL_LINK) {
2837 struct hci_cp_reject_conn_req rej;
2839 bacpy(&rej.bdaddr, &conn->dst);
2840 rej.reason = reason;
2842 r = hci_send_cmd(conn->hdev,
2843 HCI_OP_REJECT_CONN_REQ,
2845 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2846 struct hci_cp_reject_sync_conn_req rej;
2848 bacpy(&rej.bdaddr, &conn->dst);
2850 /* SCO rejection has its own limited set of
2851 * allowed error values (0x0D-0x0F) which isn't
2852 * compatible with most values passed to this
2853 * function. To be safe hard-code one of the
2854 * values that's suitable for SCO.
2856 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2858 r = hci_send_cmd(conn->hdev,
2859 HCI_OP_REJECT_SYNC_CONN_REQ,
2864 conn->state = BT_CLOSED;