2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
28 #include <linux/debugfs.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/iso.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
47 struct conn_handle_t {
48 struct hci_conn *conn;
52 static const struct sco_param esco_param_cvsd[] = {
53 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
55 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
56 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
57 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
60 static const struct sco_param sco_param_cvsd[] = {
61 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
62 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
65 static const struct sco_param esco_param_msbc[] = {
66 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
67 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
70 /* This function requires the caller holds hdev->lock */
71 static void hci_connect_le_scan_cleanup(struct hci_conn *conn)
73 struct hci_conn_params *params;
74 struct hci_dev *hdev = conn->hdev;
80 bdaddr_type = conn->dst_type;
82 /* Check if we need to convert to identity address */
83 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
85 bdaddr = &irk->bdaddr;
86 bdaddr_type = irk->addr_type;
89 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
91 if (!params || !params->explicit_connect)
94 /* The connection attempt was doing scan for new RPA, and is
95 * in scan phase. If params are not associated with any other
96 * autoconnect action, remove them completely. If they are, just unmark
97 * them as waiting for connection, by clearing explicit_connect field.
99 params->explicit_connect = false;
101 list_del_init(¶ms->action);
103 switch (params->auto_connect) {
104 case HCI_AUTO_CONN_EXPLICIT:
105 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
106 /* return instead of break to avoid duplicate scan update */
108 case HCI_AUTO_CONN_DIRECT:
109 case HCI_AUTO_CONN_ALWAYS:
110 list_add(¶ms->action, &hdev->pend_le_conns);
112 case HCI_AUTO_CONN_REPORT:
113 list_add(¶ms->action, &hdev->pend_le_reports);
119 hci_update_passive_scan(hdev);
122 static void hci_conn_cleanup(struct hci_conn *conn)
124 struct hci_dev *hdev = conn->hdev;
126 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
127 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
129 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
130 hci_remove_link_key(hdev, &conn->dst);
132 hci_chan_list_flush(conn);
134 hci_conn_hash_del(hdev, conn);
139 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
140 switch (conn->setting & SCO_AIRMODE_MASK) {
141 case SCO_AIRMODE_CVSD:
142 case SCO_AIRMODE_TRANSP:
144 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
149 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
152 hci_conn_del_sysfs(conn);
154 debugfs_remove_recursive(conn->debugfs);
161 static void le_scan_cleanup(struct work_struct *work)
163 struct hci_conn *conn = container_of(work, struct hci_conn,
165 struct hci_dev *hdev = conn->hdev;
166 struct hci_conn *c = NULL;
168 BT_DBG("%s hcon %p", hdev->name, conn);
172 /* Check that the hci_conn is still around */
174 list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) {
181 hci_connect_le_scan_cleanup(conn);
182 hci_conn_cleanup(conn);
185 hci_dev_unlock(hdev);
190 static void hci_connect_le_scan_remove(struct hci_conn *conn)
192 BT_DBG("%s hcon %p", conn->hdev->name, conn);
194 /* We can't call hci_conn_del/hci_conn_cleanup here since that
195 * could deadlock with another hci_conn_del() call that's holding
196 * hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work).
197 * Instead, grab temporary extra references to the hci_dev and
198 * hci_conn and perform the necessary cleanup in a separate work
202 hci_dev_hold(conn->hdev);
205 /* Even though we hold a reference to the hdev, many other
206 * things might get cleaned up meanwhile, including the hdev's
207 * own workqueue, so we can't use that for scheduling.
209 schedule_work(&conn->le_scan_cleanup);
212 static void hci_acl_create_connection(struct hci_conn *conn)
214 struct hci_dev *hdev = conn->hdev;
215 struct inquiry_entry *ie;
216 struct hci_cp_create_conn cp;
218 BT_DBG("hcon %p", conn);
220 /* Many controllers disallow HCI Create Connection while it is doing
221 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
222 * Connection. This may cause the MGMT discovering state to become false
223 * without user space's request but it is okay since the MGMT Discovery
224 * APIs do not promise that discovery should be done forever. Instead,
225 * the user space monitors the status of MGMT discovering and it may
226 * request for discovery again when this flag becomes false.
228 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
229 /* Put this connection to "pending" state so that it will be
230 * executed after the inquiry cancel command complete event.
232 conn->state = BT_CONNECT2;
233 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
237 conn->state = BT_CONNECT;
239 conn->role = HCI_ROLE_MASTER;
243 conn->link_policy = hdev->link_policy;
245 memset(&cp, 0, sizeof(cp));
246 bacpy(&cp.bdaddr, &conn->dst);
247 cp.pscan_rep_mode = 0x02;
249 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
251 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
252 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
253 cp.pscan_mode = ie->data.pscan_mode;
254 cp.clock_offset = ie->data.clock_offset |
258 memcpy(conn->dev_class, ie->data.dev_class, 3);
261 cp.pkt_type = cpu_to_le16(conn->pkt_type);
262 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
263 cp.role_switch = 0x01;
265 cp.role_switch = 0x00;
267 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
270 int hci_disconnect(struct hci_conn *conn, __u8 reason)
272 BT_DBG("hcon %p", conn);
274 /* When we are central of an established connection and it enters
275 * the disconnect timeout, then go ahead and try to read the
276 * current clock offset. Processing of the result is done
277 * within the event handling and hci_clock_offset_evt function.
279 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
280 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
281 struct hci_dev *hdev = conn->hdev;
282 struct hci_cp_read_clock_offset clkoff_cp;
284 clkoff_cp.handle = cpu_to_le16(conn->handle);
285 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
289 return hci_abort_conn(conn, reason);
292 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
294 struct hci_dev *hdev = conn->hdev;
295 struct hci_cp_add_sco cp;
297 BT_DBG("hcon %p", conn);
299 conn->state = BT_CONNECT;
304 cp.handle = cpu_to_le16(handle);
305 cp.pkt_type = cpu_to_le16(conn->pkt_type);
307 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
310 static bool find_next_esco_param(struct hci_conn *conn,
311 const struct sco_param *esco_param, int size)
313 for (; conn->attempt <= size; conn->attempt++) {
314 if (lmp_esco_2m_capable(conn->link) ||
315 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
317 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
318 conn, conn->attempt);
321 return conn->attempt <= size;
324 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
327 __u8 vnd_len, *vnd_data = NULL;
328 struct hci_op_configure_data_path *cmd = NULL;
330 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
335 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
341 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
345 cmd->vnd_len = vnd_len;
346 memcpy(cmd->vnd_data, vnd_data, vnd_len);
348 cmd->direction = 0x00;
349 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
350 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
352 cmd->direction = 0x01;
353 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
354 sizeof(*cmd) + vnd_len, cmd,
363 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
365 struct conn_handle_t *conn_handle = data;
366 struct hci_conn *conn = conn_handle->conn;
367 __u16 handle = conn_handle->handle;
368 struct hci_cp_enhanced_setup_sync_conn cp;
369 const struct sco_param *param;
373 bt_dev_dbg(hdev, "hcon %p", conn);
375 /* for offload use case, codec needs to configured before opening SCO */
376 if (conn->codec.data_path)
377 configure_datapath_sync(hdev, &conn->codec);
379 conn->state = BT_CONNECT;
384 memset(&cp, 0x00, sizeof(cp));
386 cp.handle = cpu_to_le16(handle);
388 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
389 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
391 switch (conn->codec.id) {
393 if (!find_next_esco_param(conn, esco_param_msbc,
394 ARRAY_SIZE(esco_param_msbc)))
397 param = &esco_param_msbc[conn->attempt - 1];
398 cp.tx_coding_format.id = 0x05;
399 cp.rx_coding_format.id = 0x05;
400 cp.tx_codec_frame_size = __cpu_to_le16(60);
401 cp.rx_codec_frame_size = __cpu_to_le16(60);
402 cp.in_bandwidth = __cpu_to_le32(32000);
403 cp.out_bandwidth = __cpu_to_le32(32000);
404 cp.in_coding_format.id = 0x04;
405 cp.out_coding_format.id = 0x04;
406 cp.in_coded_data_size = __cpu_to_le16(16);
407 cp.out_coded_data_size = __cpu_to_le16(16);
408 cp.in_pcm_data_format = 2;
409 cp.out_pcm_data_format = 2;
410 cp.in_pcm_sample_payload_msb_pos = 0;
411 cp.out_pcm_sample_payload_msb_pos = 0;
412 cp.in_data_path = conn->codec.data_path;
413 cp.out_data_path = conn->codec.data_path;
414 cp.in_transport_unit_size = 1;
415 cp.out_transport_unit_size = 1;
418 case BT_CODEC_TRANSPARENT:
419 if (!find_next_esco_param(conn, esco_param_msbc,
420 ARRAY_SIZE(esco_param_msbc)))
422 param = &esco_param_msbc[conn->attempt - 1];
423 cp.tx_coding_format.id = 0x03;
424 cp.rx_coding_format.id = 0x03;
425 cp.tx_codec_frame_size = __cpu_to_le16(60);
426 cp.rx_codec_frame_size = __cpu_to_le16(60);
427 cp.in_bandwidth = __cpu_to_le32(0x1f40);
428 cp.out_bandwidth = __cpu_to_le32(0x1f40);
429 cp.in_coding_format.id = 0x03;
430 cp.out_coding_format.id = 0x03;
431 cp.in_coded_data_size = __cpu_to_le16(16);
432 cp.out_coded_data_size = __cpu_to_le16(16);
433 cp.in_pcm_data_format = 2;
434 cp.out_pcm_data_format = 2;
435 cp.in_pcm_sample_payload_msb_pos = 0;
436 cp.out_pcm_sample_payload_msb_pos = 0;
437 cp.in_data_path = conn->codec.data_path;
438 cp.out_data_path = conn->codec.data_path;
439 cp.in_transport_unit_size = 1;
440 cp.out_transport_unit_size = 1;
444 if (lmp_esco_capable(conn->link)) {
445 if (!find_next_esco_param(conn, esco_param_cvsd,
446 ARRAY_SIZE(esco_param_cvsd)))
448 param = &esco_param_cvsd[conn->attempt - 1];
450 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
452 param = &sco_param_cvsd[conn->attempt - 1];
454 cp.tx_coding_format.id = 2;
455 cp.rx_coding_format.id = 2;
456 cp.tx_codec_frame_size = __cpu_to_le16(60);
457 cp.rx_codec_frame_size = __cpu_to_le16(60);
458 cp.in_bandwidth = __cpu_to_le32(16000);
459 cp.out_bandwidth = __cpu_to_le32(16000);
460 cp.in_coding_format.id = 4;
461 cp.out_coding_format.id = 4;
462 cp.in_coded_data_size = __cpu_to_le16(16);
463 cp.out_coded_data_size = __cpu_to_le16(16);
464 cp.in_pcm_data_format = 2;
465 cp.out_pcm_data_format = 2;
466 cp.in_pcm_sample_payload_msb_pos = 0;
467 cp.out_pcm_sample_payload_msb_pos = 0;
468 cp.in_data_path = conn->codec.data_path;
469 cp.out_data_path = conn->codec.data_path;
470 cp.in_transport_unit_size = 16;
471 cp.out_transport_unit_size = 16;
477 cp.retrans_effort = param->retrans_effort;
478 cp.pkt_type = __cpu_to_le16(param->pkt_type);
479 cp.max_latency = __cpu_to_le16(param->max_latency);
481 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
487 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
489 struct hci_dev *hdev = conn->hdev;
490 struct hci_cp_setup_sync_conn cp;
491 const struct sco_param *param;
493 bt_dev_dbg(hdev, "hcon %p", conn);
495 conn->state = BT_CONNECT;
500 cp.handle = cpu_to_le16(handle);
502 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
503 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
504 cp.voice_setting = cpu_to_le16(conn->setting);
506 switch (conn->setting & SCO_AIRMODE_MASK) {
507 case SCO_AIRMODE_TRANSP:
508 if (!find_next_esco_param(conn, esco_param_msbc,
509 ARRAY_SIZE(esco_param_msbc)))
511 param = &esco_param_msbc[conn->attempt - 1];
513 case SCO_AIRMODE_CVSD:
514 if (lmp_esco_capable(conn->link)) {
515 if (!find_next_esco_param(conn, esco_param_cvsd,
516 ARRAY_SIZE(esco_param_cvsd)))
518 param = &esco_param_cvsd[conn->attempt - 1];
520 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
522 param = &sco_param_cvsd[conn->attempt - 1];
529 cp.retrans_effort = param->retrans_effort;
530 cp.pkt_type = __cpu_to_le16(param->pkt_type);
531 cp.max_latency = __cpu_to_le16(param->max_latency);
533 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
539 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
542 struct conn_handle_t *conn_handle;
544 if (enhanced_sync_conn_capable(conn->hdev)) {
545 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
550 conn_handle->conn = conn;
551 conn_handle->handle = handle;
552 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
560 return hci_setup_sync_conn(conn, handle);
563 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
566 struct hci_dev *hdev = conn->hdev;
567 struct hci_conn_params *params;
568 struct hci_cp_le_conn_update cp;
572 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
574 params->conn_min_interval = min;
575 params->conn_max_interval = max;
576 params->conn_latency = latency;
577 params->supervision_timeout = to_multiplier;
580 hci_dev_unlock(hdev);
582 memset(&cp, 0, sizeof(cp));
583 cp.handle = cpu_to_le16(conn->handle);
584 cp.conn_interval_min = cpu_to_le16(min);
585 cp.conn_interval_max = cpu_to_le16(max);
586 cp.conn_latency = cpu_to_le16(latency);
587 cp.supervision_timeout = cpu_to_le16(to_multiplier);
588 cp.min_ce_len = cpu_to_le16(0x0000);
589 cp.max_ce_len = cpu_to_le16(0x0000);
591 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
599 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
600 __u8 ltk[16], __u8 key_size)
602 struct hci_dev *hdev = conn->hdev;
603 struct hci_cp_le_start_enc cp;
605 BT_DBG("hcon %p", conn);
607 memset(&cp, 0, sizeof(cp));
609 cp.handle = cpu_to_le16(conn->handle);
612 memcpy(cp.ltk, ltk, key_size);
614 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
617 /* Device _must_ be locked */
618 void hci_sco_setup(struct hci_conn *conn, __u8 status)
620 struct hci_conn *sco = conn->link;
625 BT_DBG("hcon %p", conn);
628 if (lmp_esco_capable(conn->hdev))
629 hci_setup_sync(sco, conn->handle);
631 hci_add_sco(sco, conn->handle);
633 hci_connect_cfm(sco, status);
638 static void hci_conn_timeout(struct work_struct *work)
640 struct hci_conn *conn = container_of(work, struct hci_conn,
642 int refcnt = atomic_read(&conn->refcnt);
644 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
648 /* FIXME: It was observed that in pairing failed scenario, refcnt
649 * drops below 0. Probably this is because l2cap_conn_del calls
650 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
651 * dropped. After that loop hci_chan_del is called which also drops
652 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
658 /* LE connections in scanning state need special handling */
659 if (conn->state == BT_CONNECT && conn->type == LE_LINK &&
660 test_bit(HCI_CONN_SCANNING, &conn->flags)) {
661 hci_connect_le_scan_remove(conn);
665 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
668 /* Enter sniff mode */
669 static void hci_conn_idle(struct work_struct *work)
671 struct hci_conn *conn = container_of(work, struct hci_conn,
673 struct hci_dev *hdev = conn->hdev;
675 BT_DBG("hcon %p mode %d", conn, conn->mode);
677 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
680 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
683 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
684 struct hci_cp_sniff_subrate cp;
685 cp.handle = cpu_to_le16(conn->handle);
686 cp.max_latency = cpu_to_le16(0);
687 cp.min_remote_timeout = cpu_to_le16(0);
688 cp.min_local_timeout = cpu_to_le16(0);
689 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
692 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
693 struct hci_cp_sniff_mode cp;
694 cp.handle = cpu_to_le16(conn->handle);
695 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
696 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
697 cp.attempt = cpu_to_le16(4);
698 cp.timeout = cpu_to_le16(1);
699 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
703 static void hci_conn_auto_accept(struct work_struct *work)
705 struct hci_conn *conn = container_of(work, struct hci_conn,
706 auto_accept_work.work);
708 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
712 static void le_disable_advertising(struct hci_dev *hdev)
714 if (ext_adv_capable(hdev)) {
715 struct hci_cp_le_set_ext_adv_enable cp;
718 cp.num_of_sets = 0x00;
720 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
724 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
729 static void le_conn_timeout(struct work_struct *work)
731 struct hci_conn *conn = container_of(work, struct hci_conn,
732 le_conn_timeout.work);
733 struct hci_dev *hdev = conn->hdev;
737 /* We could end up here due to having done directed advertising,
738 * so clean up the state if necessary. This should however only
739 * happen with broken hardware or if low duty cycle was used
740 * (which doesn't have a timeout of its own).
742 if (conn->role == HCI_ROLE_SLAVE) {
743 /* Disable LE Advertising */
744 le_disable_advertising(hdev);
746 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
747 hci_dev_unlock(hdev);
751 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
754 struct iso_list_data {
766 struct hci_cp_le_set_cig_params cp;
767 struct hci_cis_params cis[0x11];
771 static void bis_list(struct hci_conn *conn, void *data)
773 struct iso_list_data *d = data;
775 /* Skip if not broadcast/ANY address */
776 if (bacmp(&conn->dst, BDADDR_ANY))
779 if (d->big != conn->iso_qos.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
780 d->bis != conn->iso_qos.bis)
786 static void find_bis(struct hci_conn *conn, void *data)
788 struct iso_list_data *d = data;
791 if (bacmp(&conn->dst, BDADDR_ANY))
797 static int terminate_big_sync(struct hci_dev *hdev, void *data)
799 struct iso_list_data *d = data;
801 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
803 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
805 /* Check if ISO connection is a BIS and terminate BIG if there are
806 * no other connections using it.
808 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
812 return hci_le_terminate_big_sync(hdev, d->big,
813 HCI_ERROR_LOCAL_HOST_TERM);
816 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
821 static int hci_le_terminate_big(struct hci_dev *hdev, u8 big, u8 bis)
823 struct iso_list_data *d;
826 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis);
828 d = kmalloc(sizeof(*d), GFP_KERNEL);
832 memset(d, 0, sizeof(*d));
836 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
837 terminate_big_destroy);
844 static int big_terminate_sync(struct hci_dev *hdev, void *data)
846 struct iso_list_data *d = data;
848 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
851 /* Check if ISO connection is a BIS and terminate BIG if there are
852 * no other connections using it.
854 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
858 hci_le_big_terminate_sync(hdev, d->big);
860 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
863 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, u16 sync_handle)
865 struct iso_list_data *d;
868 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle);
870 d = kmalloc(sizeof(*d), GFP_KERNEL);
874 memset(d, 0, sizeof(*d));
876 d->sync_handle = sync_handle;
878 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
879 terminate_big_destroy);
886 /* Cleanup BIS connection
888 * Detects if there any BIS left connected in a BIG
889 * broadcaster: Remove advertising instance and terminate BIG.
890 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
892 static void bis_cleanup(struct hci_conn *conn)
894 struct hci_dev *hdev = conn->hdev;
896 bt_dev_dbg(hdev, "conn %p", conn);
898 if (conn->role == HCI_ROLE_MASTER) {
899 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
902 hci_le_terminate_big(hdev, conn->iso_qos.big,
905 hci_le_big_terminate(hdev, conn->iso_qos.big,
910 static int remove_cig_sync(struct hci_dev *hdev, void *data)
912 u8 handle = PTR_ERR(data);
914 return hci_le_remove_cig_sync(hdev, handle);
917 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
919 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
921 return hci_cmd_sync_queue(hdev, remove_cig_sync, ERR_PTR(handle), NULL);
924 static void find_cis(struct hci_conn *conn, void *data)
926 struct iso_list_data *d = data;
928 /* Ignore broadcast */
929 if (!bacmp(&conn->dst, BDADDR_ANY))
935 /* Cleanup CIS connection:
937 * Detects if there any CIS left connected in a CIG and remove it.
939 static void cis_cleanup(struct hci_conn *conn)
941 struct hci_dev *hdev = conn->hdev;
942 struct iso_list_data d;
944 memset(&d, 0, sizeof(d));
945 d.cig = conn->iso_qos.cig;
947 /* Check if ISO connection is a CIS and remove CIG if there are
948 * no other connections using it.
950 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
954 hci_le_remove_cig(hdev, conn->iso_qos.cig);
957 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
960 struct hci_conn *conn;
962 BT_DBG("%s dst %pMR", hdev->name, dst);
964 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
968 bacpy(&conn->dst, dst);
969 bacpy(&conn->src, &hdev->bdaddr);
970 conn->handle = HCI_CONN_HANDLE_UNSET;
974 conn->mode = HCI_CM_ACTIVE;
975 conn->state = BT_OPEN;
976 conn->auth_type = HCI_AT_GENERAL_BONDING;
977 conn->io_capability = hdev->io_capability;
978 conn->remote_auth = 0xff;
979 conn->key_type = 0xff;
980 conn->rssi = HCI_RSSI_INVALID;
981 conn->tx_power = HCI_TX_POWER_INVALID;
982 conn->max_tx_power = HCI_TX_POWER_INVALID;
984 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
985 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
987 /* Set Default Authenticated payload timeout to 30s */
988 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
990 if (conn->role == HCI_ROLE_MASTER)
995 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
998 /* conn->src should reflect the local identity address */
999 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1002 /* conn->src should reflect the local identity address */
1003 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1005 /* set proper cleanup function */
1006 if (!bacmp(dst, BDADDR_ANY))
1007 conn->cleanup = bis_cleanup;
1008 else if (conn->role == HCI_ROLE_MASTER)
1009 conn->cleanup = cis_cleanup;
1013 if (lmp_esco_capable(hdev))
1014 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1015 (hdev->esco_type & EDR_ESCO_MASK);
1017 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1020 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
1024 skb_queue_head_init(&conn->data_q);
1026 INIT_LIST_HEAD(&conn->chan_list);
1028 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
1029 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
1030 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1031 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1032 INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup);
1034 atomic_set(&conn->refcnt, 0);
1038 hci_conn_hash_add(hdev, conn);
1040 /* The SCO and eSCO connections will only be notified when their
1041 * setup has been completed. This is different to ACL links which
1042 * can be notified right away.
1044 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1046 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1049 hci_conn_init_sysfs(conn);
1054 static bool hci_conn_unlink(struct hci_conn *conn)
1059 conn->link->link = NULL;
1065 int hci_conn_del(struct hci_conn *conn)
1067 struct hci_dev *hdev = conn->hdev;
1069 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1071 cancel_delayed_work_sync(&conn->disc_work);
1072 cancel_delayed_work_sync(&conn->auto_accept_work);
1073 cancel_delayed_work_sync(&conn->idle_work);
1075 if (conn->type == ACL_LINK) {
1076 struct hci_conn *link = conn->link;
1079 hci_conn_unlink(conn);
1080 /* Due to race, SCO connection might be not established
1081 * yet at this point. Delete it now, otherwise it is
1082 * possible for it to be stuck and can't be deleted.
1084 if (link->handle == HCI_CONN_HANDLE_UNSET)
1088 /* Unacked frames */
1089 hdev->acl_cnt += conn->sent;
1090 } else if (conn->type == LE_LINK) {
1091 cancel_delayed_work(&conn->le_conn_timeout);
1094 hdev->le_cnt += conn->sent;
1096 hdev->acl_cnt += conn->sent;
1098 struct hci_conn *acl = conn->link;
1101 hci_conn_unlink(conn);
1105 /* Unacked ISO frames */
1106 if (conn->type == ISO_LINK) {
1108 hdev->iso_cnt += conn->sent;
1109 else if (hdev->le_pkts)
1110 hdev->le_cnt += conn->sent;
1112 hdev->acl_cnt += conn->sent;
1117 amp_mgr_put(conn->amp_mgr);
1119 skb_queue_purge(&conn->data_q);
1121 /* Remove the connection from the list and cleanup its remaining
1122 * state. This is a separate function since for some cases like
1123 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1124 * rest of hci_conn_del.
1126 hci_conn_cleanup(conn);
1131 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1133 int use_src = bacmp(src, BDADDR_ANY);
1134 struct hci_dev *hdev = NULL, *d;
1136 BT_DBG("%pMR -> %pMR", src, dst);
1138 read_lock(&hci_dev_list_lock);
1140 list_for_each_entry(d, &hci_dev_list, list) {
1141 if (!test_bit(HCI_UP, &d->flags) ||
1142 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
1143 d->dev_type != HCI_PRIMARY)
1147 * No source address - find interface with bdaddr != dst
1148 * Source address - find interface with bdaddr == src
1155 if (src_type == BDADDR_BREDR) {
1156 if (!lmp_bredr_capable(d))
1158 bacpy(&id_addr, &d->bdaddr);
1159 id_addr_type = BDADDR_BREDR;
1161 if (!lmp_le_capable(d))
1164 hci_copy_identity_address(d, &id_addr,
1167 /* Convert from HCI to three-value type */
1168 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1169 id_addr_type = BDADDR_LE_PUBLIC;
1171 id_addr_type = BDADDR_LE_RANDOM;
1174 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1178 if (bacmp(&d->bdaddr, dst)) {
1185 hdev = hci_dev_hold(hdev);
1187 read_unlock(&hci_dev_list_lock);
1190 EXPORT_SYMBOL(hci_get_route);
1192 /* This function requires the caller holds hdev->lock */
1193 static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
1195 struct hci_dev *hdev = conn->hdev;
1196 struct hci_conn_params *params;
1198 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
1200 if (params && params->conn) {
1201 hci_conn_drop(params->conn);
1202 hci_conn_put(params->conn);
1203 params->conn = NULL;
1206 /* If the status indicates successful cancellation of
1207 * the attempt (i.e. Unknown Connection Id) there's no point of
1208 * notifying failure since we'll go back to keep trying to
1209 * connect. The only exception is explicit connect requests
1210 * where a timeout + cancel does indicate an actual failure.
1212 if (status != HCI_ERROR_UNKNOWN_CONN_ID ||
1213 (params && params->explicit_connect))
1214 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1215 conn->dst_type, status);
1217 /* Since we may have temporarily stopped the background scanning in
1218 * favor of connection establishment, we should restart it.
1220 hci_update_passive_scan(hdev);
1222 /* Enable advertising in case this was a failed connection
1223 * attempt as a peripheral.
1225 hci_enable_advertising(hdev);
1228 /* This function requires the caller holds hdev->lock */
1229 void hci_conn_failed(struct hci_conn *conn, u8 status)
1231 struct hci_dev *hdev = conn->hdev;
1233 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1235 switch (conn->type) {
1237 hci_le_conn_failed(conn, status);
1240 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1241 conn->dst_type, status);
1245 conn->state = BT_CLOSED;
1246 hci_connect_cfm(conn, status);
1250 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1252 struct hci_conn *conn = data;
1257 hci_connect_le_scan_cleanup(conn);
1261 bt_dev_err(hdev, "request failed to create LE connection: err %d", err);
1263 /* Check if connection is still pending */
1264 if (conn != hci_lookup_le_connect(hdev))
1267 hci_conn_failed(conn, bt_status(err));
1270 hci_dev_unlock(hdev);
1273 static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
1275 struct hci_conn *conn = data;
1277 bt_dev_dbg(hdev, "conn %p", conn);
1279 return hci_le_create_conn_sync(hdev, conn);
1282 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
1283 u8 dst_type, bool dst_resolved, u8 sec_level,
1284 u16 conn_timeout, u8 role)
1286 struct hci_conn *conn;
1287 struct smp_irk *irk;
1290 /* Let's make sure that le is enabled.*/
1291 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1292 if (lmp_le_capable(hdev))
1293 return ERR_PTR(-ECONNREFUSED);
1295 return ERR_PTR(-EOPNOTSUPP);
1298 /* Since the controller supports only one LE connection attempt at a
1299 * time, we return -EBUSY if there is any connection attempt running.
1301 if (hci_lookup_le_connect(hdev))
1302 return ERR_PTR(-EBUSY);
1304 /* If there's already a connection object but it's not in
1305 * scanning state it means it must already be established, in
1306 * which case we can't do anything else except report a failure
1309 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1310 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1311 return ERR_PTR(-EBUSY);
1314 /* Check if the destination address has been resolved by the controller
1315 * since if it did then the identity address shall be used.
1317 if (!dst_resolved) {
1318 /* When given an identity address with existing identity
1319 * resolving key, the connection needs to be established
1320 * to a resolvable random address.
1322 * Storing the resolvable random address is required here
1323 * to handle connection failures. The address will later
1324 * be resolved back into the original identity address
1325 * from the connect request.
1327 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1328 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1330 dst_type = ADDR_LE_DEV_RANDOM;
1335 bacpy(&conn->dst, dst);
1337 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1339 return ERR_PTR(-ENOMEM);
1340 hci_conn_hold(conn);
1341 conn->pending_sec_level = sec_level;
1344 conn->dst_type = dst_type;
1345 conn->sec_level = BT_SECURITY_LOW;
1346 conn->conn_timeout = conn_timeout;
1348 conn->state = BT_CONNECT;
1349 clear_bit(HCI_CONN_SCANNING, &conn->flags);
1351 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, conn,
1352 create_le_conn_complete);
1355 return ERR_PTR(err);
1361 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1363 struct hci_conn *conn;
1365 conn = hci_conn_hash_lookup_le(hdev, addr, type);
1369 if (conn->state != BT_CONNECTED)
1375 /* This function requires the caller holds hdev->lock */
1376 static int hci_explicit_conn_params_set(struct hci_dev *hdev,
1377 bdaddr_t *addr, u8 addr_type)
1379 struct hci_conn_params *params;
1381 if (is_connected(hdev, addr, addr_type))
1384 params = hci_conn_params_lookup(hdev, addr, addr_type);
1386 params = hci_conn_params_add(hdev, addr, addr_type);
1390 /* If we created new params, mark them to be deleted in
1391 * hci_connect_le_scan_cleanup. It's different case than
1392 * existing disabled params, those will stay after cleanup.
1394 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1397 /* We're trying to connect, so make sure params are at pend_le_conns */
1398 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
1399 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1400 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
1401 list_del_init(¶ms->action);
1402 list_add(¶ms->action, &hdev->pend_le_conns);
1405 params->explicit_connect = true;
1407 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1408 params->auto_connect);
1413 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1415 struct iso_list_data data;
1417 /* Allocate a BIG if not set */
1418 if (qos->big == BT_ISO_QOS_BIG_UNSET) {
1419 for (data.big = 0x00; data.big < 0xef; data.big++) {
1423 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1429 if (data.big == 0xef)
1430 return -EADDRNOTAVAIL;
1433 qos->big = data.big;
1439 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1441 struct iso_list_data data;
1443 /* Allocate BIS if not set */
1444 if (qos->bis == BT_ISO_QOS_BIS_UNSET) {
1445 /* Find an unused adv set to advertise BIS, skip instance 0x00
1446 * since it is reserved as general purpose set.
1448 for (data.bis = 0x01; data.bis < hdev->le_num_of_adv_sets;
1452 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1458 if (data.bis == hdev->le_num_of_adv_sets)
1459 return -EADDRNOTAVAIL;
1462 qos->bis = data.bis;
1468 /* This function requires the caller holds hdev->lock */
1469 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
1470 struct bt_iso_qos *qos)
1472 struct hci_conn *conn;
1473 struct iso_list_data data;
1476 /* Let's make sure that le is enabled.*/
1477 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1478 if (lmp_le_capable(hdev))
1479 return ERR_PTR(-ECONNREFUSED);
1480 return ERR_PTR(-EOPNOTSUPP);
1483 err = qos_set_big(hdev, qos);
1485 return ERR_PTR(err);
1487 err = qos_set_bis(hdev, qos);
1489 return ERR_PTR(err);
1491 data.big = qos->big;
1492 data.bis = qos->bis;
1495 /* Check if there is already a matching BIG/BIS */
1496 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, BT_BOUND, &data);
1498 return ERR_PTR(-EADDRINUSE);
1500 conn = hci_conn_hash_lookup_bis(hdev, dst, qos->big, qos->bis);
1502 return ERR_PTR(-EADDRINUSE);
1504 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1506 return ERR_PTR(-ENOMEM);
1508 set_bit(HCI_CONN_PER_ADV, &conn->flags);
1509 conn->state = BT_CONNECT;
1511 hci_conn_hold(conn);
1515 /* This function requires the caller holds hdev->lock */
1516 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1517 u8 dst_type, u8 sec_level,
1519 enum conn_reasons conn_reason)
1521 struct hci_conn *conn;
1523 /* Let's make sure that le is enabled.*/
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1525 if (lmp_le_capable(hdev))
1526 return ERR_PTR(-ECONNREFUSED);
1528 return ERR_PTR(-EOPNOTSUPP);
1531 /* Some devices send ATT messages as soon as the physical link is
1532 * established. To be able to handle these ATT messages, the user-
1533 * space first establishes the connection and then starts the pairing
1536 * So if a hci_conn object already exists for the following connection
1537 * attempt, we simply update pending_sec_level and auth_type fields
1538 * and return the object found.
1540 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1542 if (conn->pending_sec_level < sec_level)
1543 conn->pending_sec_level = sec_level;
1547 BT_DBG("requesting refresh of dst_addr");
1549 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
1551 return ERR_PTR(-ENOMEM);
1553 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1555 return ERR_PTR(-EBUSY);
1558 conn->state = BT_CONNECT;
1559 set_bit(HCI_CONN_SCANNING, &conn->flags);
1560 conn->dst_type = dst_type;
1561 conn->sec_level = BT_SECURITY_LOW;
1562 conn->pending_sec_level = sec_level;
1563 conn->conn_timeout = conn_timeout;
1564 conn->conn_reason = conn_reason;
1566 hci_update_passive_scan(hdev);
1569 hci_conn_hold(conn);
1573 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1574 u8 sec_level, u8 auth_type,
1575 enum conn_reasons conn_reason)
1577 struct hci_conn *acl;
1579 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1580 if (lmp_bredr_capable(hdev))
1581 return ERR_PTR(-ECONNREFUSED);
1583 return ERR_PTR(-EOPNOTSUPP);
1586 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1588 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
1590 return ERR_PTR(-ENOMEM);
1595 acl->conn_reason = conn_reason;
1596 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
1597 acl->sec_level = BT_SECURITY_LOW;
1598 acl->pending_sec_level = sec_level;
1599 acl->auth_type = auth_type;
1600 hci_acl_create_connection(acl);
1606 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1607 __u16 setting, struct bt_codec *codec)
1609 struct hci_conn *acl;
1610 struct hci_conn *sco;
1612 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1613 CONN_REASON_SCO_CONNECT);
1617 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1619 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
1622 return ERR_PTR(-ENOMEM);
1631 sco->setting = setting;
1632 sco->codec = *codec;
1634 if (acl->state == BT_CONNECTED &&
1635 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
1636 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
1637 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
1639 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
1640 /* defer SCO setup until mode change completed */
1641 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
1645 hci_sco_setup(acl, 0x00);
1651 static void cis_add(struct iso_list_data *d, struct bt_iso_qos *qos)
1653 struct hci_cis_params *cis = &d->pdu.cis[d->pdu.cp.num_cis];
1655 cis->cis_id = qos->cis;
1656 cis->c_sdu = cpu_to_le16(qos->out.sdu);
1657 cis->p_sdu = cpu_to_le16(qos->in.sdu);
1658 cis->c_phy = qos->out.phy ? qos->out.phy : qos->in.phy;
1659 cis->p_phy = qos->in.phy ? qos->in.phy : qos->out.phy;
1660 cis->c_rtn = qos->out.rtn;
1661 cis->p_rtn = qos->in.rtn;
1663 d->pdu.cp.num_cis++;
1666 static void cis_list(struct hci_conn *conn, void *data)
1668 struct iso_list_data *d = data;
1670 /* Skip if broadcast/ANY address */
1671 if (!bacmp(&conn->dst, BDADDR_ANY))
1674 if (d->cig != conn->iso_qos.cig || d->cis == BT_ISO_QOS_CIS_UNSET ||
1675 d->cis != conn->iso_qos.cis)
1680 if (d->pdu.cp.cig_id == BT_ISO_QOS_CIG_UNSET ||
1681 d->count >= ARRAY_SIZE(d->pdu.cis))
1684 cis_add(d, &conn->iso_qos);
1687 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1689 struct hci_dev *hdev = conn->hdev;
1690 struct hci_cp_le_create_big cp;
1692 memset(&cp, 0, sizeof(cp));
1694 cp.handle = qos->big;
1695 cp.adv_handle = qos->bis;
1697 hci_cpu_to_le24(qos->out.interval, cp.bis.sdu_interval);
1698 cp.bis.sdu = cpu_to_le16(qos->out.sdu);
1699 cp.bis.latency = cpu_to_le16(qos->out.latency);
1700 cp.bis.rtn = qos->out.rtn;
1701 cp.bis.phy = qos->out.phy;
1702 cp.bis.packing = qos->packing;
1703 cp.bis.framing = qos->framing;
1704 cp.bis.encryption = 0x00;
1705 memset(&cp.bis.bcode, 0, sizeof(cp.bis.bcode));
1707 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1710 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1712 struct hci_dev *hdev = conn->hdev;
1713 struct iso_list_data data;
1715 memset(&data, 0, sizeof(data));
1717 /* Allocate a CIG if not set */
1718 if (qos->cig == BT_ISO_QOS_CIG_UNSET) {
1719 for (data.cig = 0x00; data.cig < 0xff; data.cig++) {
1723 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK,
1728 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK,
1729 BT_CONNECTED, &data);
1734 if (data.cig == 0xff)
1738 qos->cig = data.cig;
1741 data.pdu.cp.cig_id = qos->cig;
1742 hci_cpu_to_le24(qos->out.interval, data.pdu.cp.c_interval);
1743 hci_cpu_to_le24(qos->in.interval, data.pdu.cp.p_interval);
1744 data.pdu.cp.sca = qos->sca;
1745 data.pdu.cp.packing = qos->packing;
1746 data.pdu.cp.framing = qos->framing;
1747 data.pdu.cp.c_latency = cpu_to_le16(qos->out.latency);
1748 data.pdu.cp.p_latency = cpu_to_le16(qos->in.latency);
1750 if (qos->cis != BT_ISO_QOS_CIS_UNSET) {
1752 data.cig = qos->cig;
1753 data.cis = qos->cis;
1755 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1760 cis_add(&data, qos);
1763 /* Reprogram all CIS(s) with the same CIG */
1764 for (data.cig = qos->cig, data.cis = 0x00; data.cis < 0x11;
1768 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1773 /* Allocate a CIS if not set */
1774 if (qos->cis == BT_ISO_QOS_CIS_UNSET) {
1776 qos->cis = data.cis;
1777 cis_add(&data, qos);
1781 if (qos->cis == BT_ISO_QOS_CIS_UNSET || !data.pdu.cp.num_cis)
1784 if (hci_send_cmd(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1785 sizeof(data.pdu.cp) +
1786 (data.pdu.cp.num_cis * sizeof(*data.pdu.cis)),
1793 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1794 __u8 dst_type, struct bt_iso_qos *qos)
1796 struct hci_conn *cis;
1798 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type);
1800 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1802 return ERR_PTR(-ENOMEM);
1803 cis->cleanup = cis_cleanup;
1804 cis->dst_type = dst_type;
1807 if (cis->state == BT_CONNECTED)
1810 /* Check if CIS has been set and the settings matches */
1811 if (cis->state == BT_BOUND &&
1812 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1815 /* Update LINK PHYs according to QoS preference */
1816 cis->le_tx_phy = qos->out.phy;
1817 cis->le_rx_phy = qos->in.phy;
1819 /* If output interval is not set use the input interval as it cannot be
1822 if (!qos->out.interval)
1823 qos->out.interval = qos->in.interval;
1825 /* If input interval is not set use the output interval as it cannot be
1828 if (!qos->in.interval)
1829 qos->in.interval = qos->out.interval;
1831 /* If output latency is not set use the input latency as it cannot be
1834 if (!qos->out.latency)
1835 qos->out.latency = qos->in.latency;
1837 /* If input latency is not set use the output latency as it cannot be
1840 if (!qos->in.latency)
1841 qos->in.latency = qos->out.latency;
1843 if (!hci_le_set_cig_params(cis, qos)) {
1845 return ERR_PTR(-EINVAL);
1848 cis->iso_qos = *qos;
1849 cis->state = BT_BOUND;
1854 bool hci_iso_setup_path(struct hci_conn *conn)
1856 struct hci_dev *hdev = conn->hdev;
1857 struct hci_cp_le_setup_iso_path cmd;
1859 memset(&cmd, 0, sizeof(cmd));
1861 if (conn->iso_qos.out.sdu) {
1862 cmd.handle = cpu_to_le16(conn->handle);
1863 cmd.direction = 0x00; /* Input (Host to Controller) */
1864 cmd.path = 0x00; /* HCI path if enabled */
1865 cmd.codec = 0x03; /* Transparent Data */
1867 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1872 if (conn->iso_qos.in.sdu) {
1873 cmd.handle = cpu_to_le16(conn->handle);
1874 cmd.direction = 0x01; /* Output (Controller to Host) */
1875 cmd.path = 0x00; /* HCI path if enabled */
1876 cmd.codec = 0x03; /* Transparent Data */
1878 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1886 static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1889 struct hci_cp_le_create_cis cp;
1890 struct hci_cis cis[0x1f];
1892 struct hci_conn *conn = data;
1895 memset(&cmd, 0, sizeof(cmd));
1896 cmd.cis[0].acl_handle = cpu_to_le16(conn->link->handle);
1897 cmd.cis[0].cis_handle = cpu_to_le16(conn->handle);
1899 cig = conn->iso_qos.cig;
1905 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1906 struct hci_cis *cis = &cmd.cis[cmd.cp.num_cis];
1908 if (conn == data || conn->type != ISO_LINK ||
1909 conn->state == BT_CONNECTED || conn->iso_qos.cig != cig)
1912 /* Check if all CIS(s) belonging to a CIG are ready */
1913 if (!conn->link || conn->link->state != BT_CONNECTED ||
1914 conn->state != BT_CONNECT) {
1919 /* Group all CIS with state BT_CONNECT since the spec don't
1920 * allow to send them individually:
1922 * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
1925 * If the Host issues this command before all the
1926 * HCI_LE_CIS_Established events from the previous use of the
1927 * command have been generated, the Controller shall return the
1928 * error code Command Disallowed (0x0C).
1930 cis->acl_handle = cpu_to_le16(conn->link->handle);
1931 cis->cis_handle = cpu_to_le16(conn->handle);
1937 hci_dev_unlock(hdev);
1939 if (!cmd.cp.num_cis)
1942 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_CIS, sizeof(cmd.cp) +
1943 sizeof(cmd.cis[0]) * cmd.cp.num_cis, &cmd);
1946 int hci_le_create_cis(struct hci_conn *conn)
1948 struct hci_conn *cis;
1949 struct hci_dev *hdev = conn->hdev;
1952 switch (conn->type) {
1954 if (!conn->link || conn->state != BT_CONNECTED)
1965 if (cis->state == BT_CONNECT)
1968 /* Queue Create CIS */
1969 err = hci_cmd_sync_queue(hdev, hci_create_cis_sync, cis, NULL);
1973 cis->state = BT_CONNECT;
1978 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
1979 struct bt_iso_io_qos *qos, __u8 phy)
1981 /* Only set MTU if PHY is enabled */
1982 if (!qos->sdu && qos->phy) {
1983 if (hdev->iso_mtu > 0)
1984 qos->sdu = hdev->iso_mtu;
1985 else if (hdev->le_mtu > 0)
1986 qos->sdu = hdev->le_mtu;
1988 qos->sdu = hdev->acl_mtu;
1991 /* Use the same PHY as ACL if set to any */
1992 if (qos->phy == BT_ISO_PHY_ANY)
1995 /* Use LE ACL connection interval if not set */
1997 /* ACL interval unit in 1.25 ms to us */
1998 qos->interval = conn->le_conn_interval * 1250;
2000 /* Use LE ACL connection latency if not set */
2002 qos->latency = conn->le_conn_latency;
2005 static void hci_bind_bis(struct hci_conn *conn,
2006 struct bt_iso_qos *qos)
2008 /* Update LINK PHYs according to QoS preference */
2009 conn->le_tx_phy = qos->out.phy;
2010 conn->le_tx_phy = qos->out.phy;
2011 conn->iso_qos = *qos;
2012 conn->state = BT_BOUND;
2015 static int create_big_sync(struct hci_dev *hdev, void *data)
2017 struct hci_conn *conn = data;
2018 struct bt_iso_qos *qos = &conn->iso_qos;
2019 u16 interval, sync_interval = 0;
2023 if (qos->out.phy == 0x02)
2024 flags |= MGMT_ADV_FLAG_SEC_2M;
2026 /* Align intervals */
2027 interval = qos->out.interval / 1250;
2030 sync_interval = qos->sync_interval * 1600;
2032 err = hci_start_per_adv_sync(hdev, qos->bis, conn->le_per_adv_data_len,
2033 conn->le_per_adv_data, flags, interval,
2034 interval, sync_interval);
2038 return hci_le_create_big(conn, &conn->iso_qos);
2041 static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2043 struct hci_cp_le_pa_create_sync *cp = data;
2045 bt_dev_dbg(hdev, "");
2048 bt_dev_err(hdev, "Unable to create PA: %d", err);
2053 static int create_pa_sync(struct hci_dev *hdev, void *data)
2055 struct hci_cp_le_pa_create_sync *cp = data;
2058 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2059 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2061 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2065 return hci_update_passive_scan_sync(hdev);
2068 int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
2071 struct hci_cp_le_pa_create_sync *cp;
2073 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2076 cp = kmalloc(sizeof(*cp), GFP_KERNEL);
2078 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2082 /* Convert from ISO socket address type to HCI address type */
2083 if (dst_type == BDADDR_LE_PUBLIC)
2084 dst_type = ADDR_LE_DEV_PUBLIC;
2086 dst_type = ADDR_LE_DEV_RANDOM;
2088 memset(cp, 0, sizeof(*cp));
2090 cp->addr_type = dst_type;
2091 bacpy(&cp->addr, dst);
2093 /* Queue start pa_create_sync and scan */
2094 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2097 int hci_le_big_create_sync(struct hci_dev *hdev, struct bt_iso_qos *qos,
2098 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2101 struct hci_cp_le_big_create_sync cp;
2106 if (num_bis > sizeof(pdu.bis))
2109 err = qos_set_big(hdev, qos);
2113 memset(&pdu, 0, sizeof(pdu));
2114 pdu.cp.handle = qos->big;
2115 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
2116 pdu.cp.num_bis = num_bis;
2117 memcpy(pdu.bis, bis, num_bis);
2119 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2120 sizeof(pdu.cp) + num_bis, &pdu);
2123 static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2125 struct hci_conn *conn = data;
2127 bt_dev_dbg(hdev, "conn %p", conn);
2130 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2131 hci_connect_cfm(conn, err);
2136 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2137 __u8 dst_type, struct bt_iso_qos *qos,
2138 __u8 base_len, __u8 *base)
2140 struct hci_conn *conn;
2143 /* We need hci_conn object using the BDADDR_ANY as dst */
2144 conn = hci_add_bis(hdev, dst, qos);
2148 hci_bind_bis(conn, qos);
2150 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2151 if (base_len && base) {
2152 base_len = eir_append_service_data(conn->le_per_adv_data, 0,
2153 0x1851, base, base_len);
2154 conn->le_per_adv_data_len = base_len;
2157 /* Queue start periodic advertising and create BIG */
2158 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2159 create_big_complete);
2161 hci_conn_drop(conn);
2162 return ERR_PTR(err);
2165 hci_iso_qos_setup(hdev, conn, &qos->out,
2166 conn->le_tx_phy ? conn->le_tx_phy :
2167 hdev->le_tx_def_phys);
2172 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2173 __u8 dst_type, struct bt_iso_qos *qos)
2175 struct hci_conn *le;
2176 struct hci_conn *cis;
2178 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2179 le = hci_connect_le(hdev, dst, dst_type, false,
2181 HCI_LE_CONN_TIMEOUT,
2184 le = hci_connect_le_scan(hdev, dst, dst_type,
2186 HCI_LE_CONN_TIMEOUT,
2187 CONN_REASON_ISO_CONNECT);
2191 hci_iso_qos_setup(hdev, le, &qos->out,
2192 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
2193 hci_iso_qos_setup(hdev, le, &qos->in,
2194 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2196 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2207 /* If LE is already connected and CIS handle is already set proceed to
2208 * Create CIS immediately.
2210 if (le->state == BT_CONNECTED && cis->handle != HCI_CONN_HANDLE_UNSET)
2211 hci_le_create_cis(le);
2216 /* Check link security requirement */
2217 int hci_conn_check_link_mode(struct hci_conn *conn)
2219 BT_DBG("hcon %p", conn);
2221 /* In Secure Connections Only mode, it is required that Secure
2222 * Connections is used and the link is encrypted with AES-CCM
2223 * using a P-256 authenticated combination key.
2225 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
2226 if (!hci_conn_sc_enabled(conn) ||
2227 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2228 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2232 /* AES encryption is required for Level 4:
2234 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2237 * 128-bit equivalent strength for link and encryption keys
2238 * required using FIPS approved algorithms (E0 not allowed,
2239 * SAFER+ not allowed, and P-192 not allowed; encryption key
2242 if (conn->sec_level == BT_SECURITY_FIPS &&
2243 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2244 bt_dev_err(conn->hdev,
2245 "Invalid security: Missing AES-CCM usage");
2249 if (hci_conn_ssp_enabled(conn) &&
2250 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2256 /* Authenticate remote device */
2257 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
2259 BT_DBG("hcon %p", conn);
2261 if (conn->pending_sec_level > sec_level)
2262 sec_level = conn->pending_sec_level;
2264 if (sec_level > conn->sec_level)
2265 conn->pending_sec_level = sec_level;
2266 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
2269 /* Make sure we preserve an existing MITM requirement*/
2270 auth_type |= (conn->auth_type & 0x01);
2272 conn->auth_type = auth_type;
2274 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2275 struct hci_cp_auth_requested cp;
2277 cp.handle = cpu_to_le16(conn->handle);
2278 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
2281 /* If we're already encrypted set the REAUTH_PEND flag,
2282 * otherwise set the ENCRYPT_PEND.
2284 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2285 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2287 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2293 /* Encrypt the link */
2294 static void hci_conn_encrypt(struct hci_conn *conn)
2296 BT_DBG("hcon %p", conn);
2298 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2299 struct hci_cp_set_conn_encrypt cp;
2300 cp.handle = cpu_to_le16(conn->handle);
2302 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2307 /* Enable security */
2308 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2311 BT_DBG("hcon %p", conn);
2313 if (conn->type == LE_LINK)
2314 return smp_conn_security(conn, sec_level);
2316 /* For sdp we don't need the link key. */
2317 if (sec_level == BT_SECURITY_SDP)
2320 /* For non 2.1 devices and low security level we don't need the link
2322 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
2325 /* For other security levels we need the link key. */
2326 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
2329 /* An authenticated FIPS approved combination key has sufficient
2330 * security for security level 4. */
2331 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
2332 sec_level == BT_SECURITY_FIPS)
2335 /* An authenticated combination key has sufficient security for
2336 security level 3. */
2337 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
2338 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
2339 sec_level == BT_SECURITY_HIGH)
2342 /* An unauthenticated combination key has sufficient security for
2343 security level 1 and 2. */
2344 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2345 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2346 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
2349 /* A combination key has always sufficient security for the security
2350 levels 1 or 2. High security level requires the combination key
2351 is generated using maximum PIN code length (16).
2352 For pre 2.1 units. */
2353 if (conn->key_type == HCI_LK_COMBINATION &&
2354 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
2355 conn->pin_length == 16))
2359 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
2363 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2365 if (!hci_conn_auth(conn, sec_level, auth_type))
2369 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2370 /* Ensure that the encryption key size has been read,
2371 * otherwise stall the upper layer responses.
2373 if (!conn->enc_key_size)
2376 /* Nothing else needed, all requirements are met */
2380 hci_conn_encrypt(conn);
2383 EXPORT_SYMBOL(hci_conn_security);
2385 /* Check secure link requirement */
2386 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2388 BT_DBG("hcon %p", conn);
2390 /* Accept if non-secure or higher security level is required */
2391 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2394 /* Accept if secure or higher security level is already present */
2395 if (conn->sec_level == BT_SECURITY_HIGH ||
2396 conn->sec_level == BT_SECURITY_FIPS)
2399 /* Reject not secure link */
2402 EXPORT_SYMBOL(hci_conn_check_secure);
2405 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
2407 BT_DBG("hcon %p", conn);
2409 if (role == conn->role)
2412 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
2413 struct hci_cp_switch_role cp;
2414 bacpy(&cp.bdaddr, &conn->dst);
2416 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
2421 EXPORT_SYMBOL(hci_conn_switch_role);
2423 /* Enter active mode */
2424 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
2426 struct hci_dev *hdev = conn->hdev;
2428 BT_DBG("hcon %p mode %d", conn, conn->mode);
2430 if (conn->mode != HCI_CM_SNIFF)
2433 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
2436 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2437 struct hci_cp_exit_sniff_mode cp;
2438 cp.handle = cpu_to_le16(conn->handle);
2439 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
2443 if (hdev->idle_timeout > 0)
2444 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2445 msecs_to_jiffies(hdev->idle_timeout));
2448 /* Drop all connection on the device */
2449 void hci_conn_hash_flush(struct hci_dev *hdev)
2451 struct hci_conn_hash *h = &hdev->conn_hash;
2452 struct hci_conn *c, *n;
2454 BT_DBG("hdev %s", hdev->name);
2456 list_for_each_entry_safe(c, n, &h->list, list) {
2457 c->state = BT_CLOSED;
2459 hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
2461 /* Unlink before deleting otherwise it is possible that
2462 * hci_conn_del removes the link which may cause the list to
2463 * contain items already freed.
2470 /* Check pending connect attempts */
2471 void hci_conn_check_pending(struct hci_dev *hdev)
2473 struct hci_conn *conn;
2475 BT_DBG("hdev %s", hdev->name);
2479 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2481 hci_acl_create_connection(conn);
2483 hci_dev_unlock(hdev);
2486 static u32 get_link_mode(struct hci_conn *conn)
2490 if (conn->role == HCI_ROLE_MASTER)
2491 link_mode |= HCI_LM_MASTER;
2493 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2494 link_mode |= HCI_LM_ENCRYPT;
2496 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2497 link_mode |= HCI_LM_AUTH;
2499 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2500 link_mode |= HCI_LM_SECURE;
2502 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2503 link_mode |= HCI_LM_FIPS;
2508 int hci_get_conn_list(void __user *arg)
2511 struct hci_conn_list_req req, *cl;
2512 struct hci_conn_info *ci;
2513 struct hci_dev *hdev;
2514 int n = 0, size, err;
2516 if (copy_from_user(&req, arg, sizeof(req)))
2519 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2522 size = sizeof(req) + req.conn_num * sizeof(*ci);
2524 cl = kmalloc(size, GFP_KERNEL);
2528 hdev = hci_dev_get(req.dev_id);
2537 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2538 bacpy(&(ci + n)->bdaddr, &c->dst);
2539 (ci + n)->handle = c->handle;
2540 (ci + n)->type = c->type;
2541 (ci + n)->out = c->out;
2542 (ci + n)->state = c->state;
2543 (ci + n)->link_mode = get_link_mode(c);
2544 if (++n >= req.conn_num)
2547 hci_dev_unlock(hdev);
2549 cl->dev_id = hdev->id;
2551 size = sizeof(req) + n * sizeof(*ci);
2555 err = copy_to_user(arg, cl, size);
2558 return err ? -EFAULT : 0;
2561 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2563 struct hci_conn_info_req req;
2564 struct hci_conn_info ci;
2565 struct hci_conn *conn;
2566 char __user *ptr = arg + sizeof(req);
2568 if (copy_from_user(&req, arg, sizeof(req)))
2572 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2574 bacpy(&ci.bdaddr, &conn->dst);
2575 ci.handle = conn->handle;
2576 ci.type = conn->type;
2578 ci.state = conn->state;
2579 ci.link_mode = get_link_mode(conn);
2581 hci_dev_unlock(hdev);
2586 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2589 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2591 struct hci_auth_info_req req;
2592 struct hci_conn *conn;
2594 if (copy_from_user(&req, arg, sizeof(req)))
2598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2600 req.type = conn->auth_type;
2601 hci_dev_unlock(hdev);
2606 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2609 struct hci_chan *hci_chan_create(struct hci_conn *conn)
2611 struct hci_dev *hdev = conn->hdev;
2612 struct hci_chan *chan;
2614 BT_DBG("%s hcon %p", hdev->name, conn);
2616 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2617 BT_DBG("Refusing to create new hci_chan");
2621 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
2625 chan->conn = hci_conn_get(conn);
2626 skb_queue_head_init(&chan->data_q);
2627 chan->state = BT_CONNECTED;
2629 list_add_rcu(&chan->list, &conn->chan_list);
2634 void hci_chan_del(struct hci_chan *chan)
2636 struct hci_conn *conn = chan->conn;
2637 struct hci_dev *hdev = conn->hdev;
2639 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
2641 list_del_rcu(&chan->list);
2645 /* Prevent new hci_chan's to be created for this hci_conn */
2646 set_bit(HCI_CONN_DROP, &conn->flags);
2650 skb_queue_purge(&chan->data_q);
2654 void hci_chan_list_flush(struct hci_conn *conn)
2656 struct hci_chan *chan, *n;
2658 BT_DBG("hcon %p", conn);
2660 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
2664 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2667 struct hci_chan *hchan;
2669 list_for_each_entry(hchan, &hcon->chan_list, list) {
2670 if (hchan->handle == handle)
2677 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2679 struct hci_conn_hash *h = &hdev->conn_hash;
2680 struct hci_conn *hcon;
2681 struct hci_chan *hchan = NULL;
2685 list_for_each_entry_rcu(hcon, &h->list, list) {
2686 hchan = __hci_chan_lookup_handle(hcon, handle);
2696 u32 hci_conn_get_phy(struct hci_conn *conn)
2700 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2701 * Table 6.2: Packets defined for synchronous, asynchronous, and
2702 * CPB logical transport types.
2704 switch (conn->type) {
2706 /* SCO logical transport (1 Mb/s):
2707 * HV1, HV2, HV3 and DV.
2709 phys |= BT_PHY_BR_1M_1SLOT;
2714 /* ACL logical transport (1 Mb/s) ptt=0:
2715 * DH1, DM3, DH3, DM5 and DH5.
2717 phys |= BT_PHY_BR_1M_1SLOT;
2719 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2720 phys |= BT_PHY_BR_1M_3SLOT;
2722 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2723 phys |= BT_PHY_BR_1M_5SLOT;
2725 /* ACL logical transport (2 Mb/s) ptt=1:
2726 * 2-DH1, 2-DH3 and 2-DH5.
2728 if (!(conn->pkt_type & HCI_2DH1))
2729 phys |= BT_PHY_EDR_2M_1SLOT;
2731 if (!(conn->pkt_type & HCI_2DH3))
2732 phys |= BT_PHY_EDR_2M_3SLOT;
2734 if (!(conn->pkt_type & HCI_2DH5))
2735 phys |= BT_PHY_EDR_2M_5SLOT;
2737 /* ACL logical transport (3 Mb/s) ptt=1:
2738 * 3-DH1, 3-DH3 and 3-DH5.
2740 if (!(conn->pkt_type & HCI_3DH1))
2741 phys |= BT_PHY_EDR_3M_1SLOT;
2743 if (!(conn->pkt_type & HCI_3DH3))
2744 phys |= BT_PHY_EDR_3M_3SLOT;
2746 if (!(conn->pkt_type & HCI_3DH5))
2747 phys |= BT_PHY_EDR_3M_5SLOT;
2752 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2753 phys |= BT_PHY_BR_1M_1SLOT;
2755 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2756 phys |= BT_PHY_BR_1M_3SLOT;
2758 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2759 if (!(conn->pkt_type & ESCO_2EV3))
2760 phys |= BT_PHY_EDR_2M_1SLOT;
2762 if (!(conn->pkt_type & ESCO_2EV5))
2763 phys |= BT_PHY_EDR_2M_3SLOT;
2765 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2766 if (!(conn->pkt_type & ESCO_3EV3))
2767 phys |= BT_PHY_EDR_3M_1SLOT;
2769 if (!(conn->pkt_type & ESCO_3EV5))
2770 phys |= BT_PHY_EDR_3M_3SLOT;
2775 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2776 phys |= BT_PHY_LE_1M_TX;
2778 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2779 phys |= BT_PHY_LE_1M_RX;
2781 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2782 phys |= BT_PHY_LE_2M_TX;
2784 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2785 phys |= BT_PHY_LE_2M_RX;
2787 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2788 phys |= BT_PHY_LE_CODED_TX;
2790 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2791 phys |= BT_PHY_LE_CODED_RX;
2799 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2803 switch (conn->state) {
2806 if (conn->type == AMP_LINK) {
2807 struct hci_cp_disconn_phy_link cp;
2809 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2811 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
2814 struct hci_cp_disconnect dc;
2816 dc.handle = cpu_to_le16(conn->handle);
2818 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT,
2822 conn->state = BT_DISCONN;
2826 if (conn->type == LE_LINK) {
2827 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2829 r = hci_send_cmd(conn->hdev,
2830 HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
2831 } else if (conn->type == ACL_LINK) {
2832 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
2834 r = hci_send_cmd(conn->hdev,
2835 HCI_OP_CREATE_CONN_CANCEL,
2840 if (conn->type == ACL_LINK) {
2841 struct hci_cp_reject_conn_req rej;
2843 bacpy(&rej.bdaddr, &conn->dst);
2844 rej.reason = reason;
2846 r = hci_send_cmd(conn->hdev,
2847 HCI_OP_REJECT_CONN_REQ,
2849 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2850 struct hci_cp_reject_sync_conn_req rej;
2852 bacpy(&rej.bdaddr, &conn->dst);
2854 /* SCO rejection has its own limited set of
2855 * allowed error values (0x0D-0x0F) which isn't
2856 * compatible with most values passed to this
2857 * function. To be safe hard-code one of the
2858 * values that's suitable for SCO.
2860 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2862 r = hci_send_cmd(conn->hdev,
2863 HCI_OP_REJECT_SYNC_CONN_REQ,
2868 conn->state = BT_CLOSED;
projects / platform / kernel / linux-starfive.git / blob