2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI connection handling. */
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/iso.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "hci_request.h"
48 struct conn_handle_t {
49 struct hci_conn *conn;
53 static const struct sco_param esco_param_cvsd[] = {
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
55 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
56 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
57 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
58 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
61 static const struct sco_param sco_param_cvsd[] = {
62 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
63 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
66 static const struct sco_param esco_param_msbc[] = {
67 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
68 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
71 /* This function requires the caller holds hdev->lock */
72 static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
74 struct hci_conn_params *params;
75 struct hci_dev *hdev = conn->hdev;
81 bdaddr_type = conn->dst_type;
83 /* Check if we need to convert to identity address */
84 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
86 bdaddr = &irk->bdaddr;
87 bdaddr_type = irk->addr_type;
90 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
96 hci_conn_drop(params->conn);
97 hci_conn_put(params->conn);
101 if (!params->explicit_connect)
104 /* If the status indicates successful cancellation of
105 * the attempt (i.e. Unknown Connection Id) there's no point of
106 * notifying failure since we'll go back to keep trying to
107 * connect. The only exception is explicit connect requests
108 * where a timeout + cancel does indicate an actual failure.
110 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
111 mgmt_connect_failed(hdev, &conn->dst, conn->type,
112 conn->dst_type, status);
114 /* The connection attempt was doing scan for new RPA, and is
115 * in scan phase. If params are not associated with any other
116 * autoconnect action, remove them completely. If they are, just unmark
117 * them as waiting for connection, by clearing explicit_connect field.
119 params->explicit_connect = false;
121 hci_pend_le_list_del_init(params);
123 switch (params->auto_connect) {
124 case HCI_AUTO_CONN_EXPLICIT:
125 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
126 /* return instead of break to avoid duplicate scan update */
128 case HCI_AUTO_CONN_DIRECT:
129 case HCI_AUTO_CONN_ALWAYS:
130 hci_pend_le_list_add(params, &hdev->pend_le_conns);
132 case HCI_AUTO_CONN_REPORT:
133 hci_pend_le_list_add(params, &hdev->pend_le_reports);
139 hci_update_passive_scan(hdev);
142 static void hci_conn_cleanup(struct hci_conn *conn)
144 struct hci_dev *hdev = conn->hdev;
146 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
147 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
149 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
150 hci_remove_link_key(hdev, &conn->dst);
152 hci_chan_list_flush(conn);
154 hci_conn_hash_del(hdev, conn);
159 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
160 switch (conn->setting & SCO_AIRMODE_MASK) {
161 case SCO_AIRMODE_CVSD:
162 case SCO_AIRMODE_TRANSP:
164 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
172 hci_conn_del_sysfs(conn);
174 debugfs_remove_recursive(conn->debugfs);
181 static void hci_acl_create_connection(struct hci_conn *conn)
183 struct hci_dev *hdev = conn->hdev;
184 struct inquiry_entry *ie;
185 struct hci_cp_create_conn cp;
187 BT_DBG("hcon %p", conn);
189 /* Many controllers disallow HCI Create Connection while it is doing
190 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
191 * Connection. This may cause the MGMT discovering state to become false
192 * without user space's request but it is okay since the MGMT Discovery
193 * APIs do not promise that discovery should be done forever. Instead,
194 * the user space monitors the status of MGMT discovering and it may
195 * request for discovery again when this flag becomes false.
197 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
198 /* Put this connection to "pending" state so that it will be
199 * executed after the inquiry cancel command complete event.
201 conn->state = BT_CONNECT2;
202 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
206 conn->state = BT_CONNECT;
208 conn->role = HCI_ROLE_MASTER;
212 conn->link_policy = hdev->link_policy;
214 memset(&cp, 0, sizeof(cp));
215 bacpy(&cp.bdaddr, &conn->dst);
216 cp.pscan_rep_mode = 0x02;
218 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
220 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
221 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
222 cp.pscan_mode = ie->data.pscan_mode;
223 cp.clock_offset = ie->data.clock_offset |
227 memcpy(conn->dev_class, ie->data.dev_class, 3);
230 cp.pkt_type = cpu_to_le16(conn->pkt_type);
231 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
232 cp.role_switch = 0x01;
234 cp.role_switch = 0x00;
236 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
239 int hci_disconnect(struct hci_conn *conn, __u8 reason)
241 BT_DBG("hcon %p", conn);
243 /* When we are central of an established connection and it enters
244 * the disconnect timeout, then go ahead and try to read the
245 * current clock offset. Processing of the result is done
246 * within the event handling and hci_clock_offset_evt function.
248 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
249 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
250 struct hci_dev *hdev = conn->hdev;
251 struct hci_cp_read_clock_offset clkoff_cp;
253 clkoff_cp.handle = cpu_to_le16(conn->handle);
254 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
258 return hci_abort_conn(conn, reason);
261 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
263 struct hci_dev *hdev = conn->hdev;
264 struct hci_cp_add_sco cp;
266 BT_DBG("hcon %p", conn);
268 conn->state = BT_CONNECT;
273 cp.handle = cpu_to_le16(handle);
274 cp.pkt_type = cpu_to_le16(conn->pkt_type);
276 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
279 static bool find_next_esco_param(struct hci_conn *conn,
280 const struct sco_param *esco_param, int size)
285 for (; conn->attempt <= size; conn->attempt++) {
286 if (lmp_esco_2m_capable(conn->parent) ||
287 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
289 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
290 conn, conn->attempt);
293 return conn->attempt <= size;
296 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
299 __u8 vnd_len, *vnd_data = NULL;
300 struct hci_op_configure_data_path *cmd = NULL;
302 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
307 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
313 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
317 cmd->vnd_len = vnd_len;
318 memcpy(cmd->vnd_data, vnd_data, vnd_len);
320 cmd->direction = 0x00;
321 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
322 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
324 cmd->direction = 0x01;
325 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
326 sizeof(*cmd) + vnd_len, cmd,
335 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
337 struct conn_handle_t *conn_handle = data;
338 struct hci_conn *conn = conn_handle->conn;
339 __u16 handle = conn_handle->handle;
340 struct hci_cp_enhanced_setup_sync_conn cp;
341 const struct sco_param *param;
345 bt_dev_dbg(hdev, "hcon %p", conn);
347 /* for offload use case, codec needs to configured before opening SCO */
348 if (conn->codec.data_path)
349 configure_datapath_sync(hdev, &conn->codec);
351 conn->state = BT_CONNECT;
356 memset(&cp, 0x00, sizeof(cp));
358 cp.handle = cpu_to_le16(handle);
360 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
361 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
363 switch (conn->codec.id) {
365 if (!find_next_esco_param(conn, esco_param_msbc,
366 ARRAY_SIZE(esco_param_msbc)))
369 param = &esco_param_msbc[conn->attempt - 1];
370 cp.tx_coding_format.id = 0x05;
371 cp.rx_coding_format.id = 0x05;
372 cp.tx_codec_frame_size = __cpu_to_le16(60);
373 cp.rx_codec_frame_size = __cpu_to_le16(60);
374 cp.in_bandwidth = __cpu_to_le32(32000);
375 cp.out_bandwidth = __cpu_to_le32(32000);
376 cp.in_coding_format.id = 0x04;
377 cp.out_coding_format.id = 0x04;
378 cp.in_coded_data_size = __cpu_to_le16(16);
379 cp.out_coded_data_size = __cpu_to_le16(16);
380 cp.in_pcm_data_format = 2;
381 cp.out_pcm_data_format = 2;
382 cp.in_pcm_sample_payload_msb_pos = 0;
383 cp.out_pcm_sample_payload_msb_pos = 0;
384 cp.in_data_path = conn->codec.data_path;
385 cp.out_data_path = conn->codec.data_path;
386 cp.in_transport_unit_size = 1;
387 cp.out_transport_unit_size = 1;
390 case BT_CODEC_TRANSPARENT:
391 if (!find_next_esco_param(conn, esco_param_msbc,
392 ARRAY_SIZE(esco_param_msbc)))
394 param = &esco_param_msbc[conn->attempt - 1];
395 cp.tx_coding_format.id = 0x03;
396 cp.rx_coding_format.id = 0x03;
397 cp.tx_codec_frame_size = __cpu_to_le16(60);
398 cp.rx_codec_frame_size = __cpu_to_le16(60);
399 cp.in_bandwidth = __cpu_to_le32(0x1f40);
400 cp.out_bandwidth = __cpu_to_le32(0x1f40);
401 cp.in_coding_format.id = 0x03;
402 cp.out_coding_format.id = 0x03;
403 cp.in_coded_data_size = __cpu_to_le16(16);
404 cp.out_coded_data_size = __cpu_to_le16(16);
405 cp.in_pcm_data_format = 2;
406 cp.out_pcm_data_format = 2;
407 cp.in_pcm_sample_payload_msb_pos = 0;
408 cp.out_pcm_sample_payload_msb_pos = 0;
409 cp.in_data_path = conn->codec.data_path;
410 cp.out_data_path = conn->codec.data_path;
411 cp.in_transport_unit_size = 1;
412 cp.out_transport_unit_size = 1;
416 if (conn->parent && lmp_esco_capable(conn->parent)) {
417 if (!find_next_esco_param(conn, esco_param_cvsd,
418 ARRAY_SIZE(esco_param_cvsd)))
420 param = &esco_param_cvsd[conn->attempt - 1];
422 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
424 param = &sco_param_cvsd[conn->attempt - 1];
426 cp.tx_coding_format.id = 2;
427 cp.rx_coding_format.id = 2;
428 cp.tx_codec_frame_size = __cpu_to_le16(60);
429 cp.rx_codec_frame_size = __cpu_to_le16(60);
430 cp.in_bandwidth = __cpu_to_le32(16000);
431 cp.out_bandwidth = __cpu_to_le32(16000);
432 cp.in_coding_format.id = 4;
433 cp.out_coding_format.id = 4;
434 cp.in_coded_data_size = __cpu_to_le16(16);
435 cp.out_coded_data_size = __cpu_to_le16(16);
436 cp.in_pcm_data_format = 2;
437 cp.out_pcm_data_format = 2;
438 cp.in_pcm_sample_payload_msb_pos = 0;
439 cp.out_pcm_sample_payload_msb_pos = 0;
440 cp.in_data_path = conn->codec.data_path;
441 cp.out_data_path = conn->codec.data_path;
442 cp.in_transport_unit_size = 16;
443 cp.out_transport_unit_size = 16;
449 cp.retrans_effort = param->retrans_effort;
450 cp.pkt_type = __cpu_to_le16(param->pkt_type);
451 cp.max_latency = __cpu_to_le16(param->max_latency);
453 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
459 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
461 struct hci_dev *hdev = conn->hdev;
462 struct hci_cp_setup_sync_conn cp;
463 const struct sco_param *param;
465 bt_dev_dbg(hdev, "hcon %p", conn);
467 conn->state = BT_CONNECT;
472 cp.handle = cpu_to_le16(handle);
474 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
475 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
476 cp.voice_setting = cpu_to_le16(conn->setting);
478 switch (conn->setting & SCO_AIRMODE_MASK) {
479 case SCO_AIRMODE_TRANSP:
480 if (!find_next_esco_param(conn, esco_param_msbc,
481 ARRAY_SIZE(esco_param_msbc)))
483 param = &esco_param_msbc[conn->attempt - 1];
485 case SCO_AIRMODE_CVSD:
486 if (conn->parent && lmp_esco_capable(conn->parent)) {
487 if (!find_next_esco_param(conn, esco_param_cvsd,
488 ARRAY_SIZE(esco_param_cvsd)))
490 param = &esco_param_cvsd[conn->attempt - 1];
492 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
494 param = &sco_param_cvsd[conn->attempt - 1];
501 cp.retrans_effort = param->retrans_effort;
502 cp.pkt_type = __cpu_to_le16(param->pkt_type);
503 cp.max_latency = __cpu_to_le16(param->max_latency);
505 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
511 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
514 struct conn_handle_t *conn_handle;
516 if (enhanced_sync_conn_capable(conn->hdev)) {
517 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
522 conn_handle->conn = conn;
523 conn_handle->handle = handle;
524 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
532 return hci_setup_sync_conn(conn, handle);
535 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
538 struct hci_dev *hdev = conn->hdev;
539 struct hci_conn_params *params;
540 struct hci_cp_le_conn_update cp;
544 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
546 params->conn_min_interval = min;
547 params->conn_max_interval = max;
548 params->conn_latency = latency;
549 params->supervision_timeout = to_multiplier;
552 hci_dev_unlock(hdev);
554 memset(&cp, 0, sizeof(cp));
555 cp.handle = cpu_to_le16(conn->handle);
556 cp.conn_interval_min = cpu_to_le16(min);
557 cp.conn_interval_max = cpu_to_le16(max);
558 cp.conn_latency = cpu_to_le16(latency);
559 cp.supervision_timeout = cpu_to_le16(to_multiplier);
560 cp.min_ce_len = cpu_to_le16(0x0000);
561 cp.max_ce_len = cpu_to_le16(0x0000);
563 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
571 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
572 __u8 ltk[16], __u8 key_size)
574 struct hci_dev *hdev = conn->hdev;
575 struct hci_cp_le_start_enc cp;
577 BT_DBG("hcon %p", conn);
579 memset(&cp, 0, sizeof(cp));
581 cp.handle = cpu_to_le16(conn->handle);
584 memcpy(cp.ltk, ltk, key_size);
586 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
589 /* Device _must_ be locked */
590 void hci_sco_setup(struct hci_conn *conn, __u8 status)
592 struct hci_link *link;
594 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list);
595 if (!link || !link->conn)
598 BT_DBG("hcon %p", conn);
601 if (lmp_esco_capable(conn->hdev))
602 hci_setup_sync(link->conn, conn->handle);
604 hci_add_sco(link->conn, conn->handle);
606 hci_connect_cfm(link->conn, status);
607 hci_conn_del(link->conn);
611 static void hci_conn_timeout(struct work_struct *work)
613 struct hci_conn *conn = container_of(work, struct hci_conn,
615 int refcnt = atomic_read(&conn->refcnt);
617 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
621 /* FIXME: It was observed that in pairing failed scenario, refcnt
622 * drops below 0. Probably this is because l2cap_conn_del calls
623 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
624 * dropped. After that loop hci_chan_del is called which also drops
625 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
631 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
634 /* Enter sniff mode */
635 static void hci_conn_idle(struct work_struct *work)
637 struct hci_conn *conn = container_of(work, struct hci_conn,
639 struct hci_dev *hdev = conn->hdev;
641 BT_DBG("hcon %p mode %d", conn, conn->mode);
643 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
646 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
649 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
650 struct hci_cp_sniff_subrate cp;
651 cp.handle = cpu_to_le16(conn->handle);
652 cp.max_latency = cpu_to_le16(0);
653 cp.min_remote_timeout = cpu_to_le16(0);
654 cp.min_local_timeout = cpu_to_le16(0);
655 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
658 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
659 struct hci_cp_sniff_mode cp;
660 cp.handle = cpu_to_le16(conn->handle);
661 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
662 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
663 cp.attempt = cpu_to_le16(4);
664 cp.timeout = cpu_to_le16(1);
665 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
669 static void hci_conn_auto_accept(struct work_struct *work)
671 struct hci_conn *conn = container_of(work, struct hci_conn,
672 auto_accept_work.work);
674 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
678 static void le_disable_advertising(struct hci_dev *hdev)
680 if (ext_adv_capable(hdev)) {
681 struct hci_cp_le_set_ext_adv_enable cp;
684 cp.num_of_sets = 0x00;
686 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
690 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
695 static void le_conn_timeout(struct work_struct *work)
697 struct hci_conn *conn = container_of(work, struct hci_conn,
698 le_conn_timeout.work);
699 struct hci_dev *hdev = conn->hdev;
703 /* We could end up here due to having done directed advertising,
704 * so clean up the state if necessary. This should however only
705 * happen with broken hardware or if low duty cycle was used
706 * (which doesn't have a timeout of its own).
708 if (conn->role == HCI_ROLE_SLAVE) {
709 /* Disable LE Advertising */
710 le_disable_advertising(hdev);
712 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
713 hci_dev_unlock(hdev);
717 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
720 struct iso_cig_params {
721 struct hci_cp_le_set_cig_params cp;
722 struct hci_cis_params cis[0x1f];
725 struct iso_list_data {
741 static void bis_list(struct hci_conn *conn, void *data)
743 struct iso_list_data *d = data;
745 /* Skip if not broadcast/ANY address */
746 if (bacmp(&conn->dst, BDADDR_ANY))
749 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
750 d->bis != conn->iso_qos.bcast.bis)
756 static int terminate_big_sync(struct hci_dev *hdev, void *data)
758 struct iso_list_data *d = data;
760 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
762 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
764 /* Only terminate BIG if it has been created */
768 return hci_le_terminate_big_sync(hdev, d->big,
769 HCI_ERROR_LOCAL_HOST_TERM);
772 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
777 static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
779 struct iso_list_data *d;
782 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
783 conn->iso_qos.bcast.bis);
785 d = kzalloc(sizeof(*d), GFP_KERNEL);
789 d->big = conn->iso_qos.bcast.big;
790 d->bis = conn->iso_qos.bcast.bis;
791 d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
793 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
794 terminate_big_destroy);
801 static int big_terminate_sync(struct hci_dev *hdev, void *data)
803 struct iso_list_data *d = data;
805 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
808 if (d->big_sync_term)
809 hci_le_big_terminate_sync(hdev, d->big);
812 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
817 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
819 struct iso_list_data *d;
822 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
824 d = kzalloc(sizeof(*d), GFP_KERNEL);
829 d->sync_handle = conn->sync_handle;
830 d->pa_sync_term = test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags);
831 d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags);
833 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
834 terminate_big_destroy);
841 /* Cleanup BIS connection
843 * Detects if there any BIS left connected in a BIG
844 * broadcaster: Remove advertising instance and terminate BIG.
845 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
847 static void bis_cleanup(struct hci_conn *conn)
849 struct hci_dev *hdev = conn->hdev;
850 struct hci_conn *bis;
852 bt_dev_dbg(hdev, "conn %p", conn);
854 if (conn->role == HCI_ROLE_MASTER) {
855 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
858 /* Check if ISO connection is a BIS and terminate advertising
859 * set and BIG if there are no other connections using it.
861 bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
865 hci_le_terminate_big(hdev, conn);
867 bis = hci_conn_hash_lookup_big_any_dst(hdev,
868 conn->iso_qos.bcast.big);
873 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
878 static int remove_cig_sync(struct hci_dev *hdev, void *data)
880 u8 handle = PTR_UINT(data);
882 return hci_le_remove_cig_sync(hdev, handle);
885 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
887 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
889 return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
893 static void find_cis(struct hci_conn *conn, void *data)
895 struct iso_list_data *d = data;
897 /* Ignore broadcast or if CIG don't match */
898 if (!bacmp(&conn->dst, BDADDR_ANY) || d->cig != conn->iso_qos.ucast.cig)
904 /* Cleanup CIS connection:
906 * Detects if there any CIS left connected in a CIG and remove it.
908 static void cis_cleanup(struct hci_conn *conn)
910 struct hci_dev *hdev = conn->hdev;
911 struct iso_list_data d;
913 if (conn->iso_qos.ucast.cig == BT_ISO_QOS_CIG_UNSET)
916 memset(&d, 0, sizeof(d));
917 d.cig = conn->iso_qos.ucast.cig;
919 /* Check if ISO connection is a CIS and remove CIG if there are
920 * no other connections using it.
922 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
923 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
924 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
928 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
931 static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev)
933 struct hci_conn_hash *h = &hdev->conn_hash;
935 u16 handle = HCI_CONN_HANDLE_MAX + 1;
939 list_for_each_entry_rcu(c, &h->list, list) {
940 /* Find the first unused handle */
941 if (handle == 0xffff || c->handle != handle)
950 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
953 struct hci_conn *conn;
955 BT_DBG("%s dst %pMR", hdev->name, dst);
957 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
961 bacpy(&conn->dst, dst);
962 bacpy(&conn->src, &hdev->bdaddr);
963 conn->handle = hci_conn_hash_alloc_unset(hdev);
967 conn->mode = HCI_CM_ACTIVE;
968 conn->state = BT_OPEN;
969 conn->auth_type = HCI_AT_GENERAL_BONDING;
970 conn->io_capability = hdev->io_capability;
971 conn->remote_auth = 0xff;
972 conn->key_type = 0xff;
973 conn->rssi = HCI_RSSI_INVALID;
974 conn->tx_power = HCI_TX_POWER_INVALID;
975 conn->max_tx_power = HCI_TX_POWER_INVALID;
977 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
978 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980 /* Set Default Authenticated payload timeout to 30s */
981 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
983 if (conn->role == HCI_ROLE_MASTER)
988 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
991 /* conn->src should reflect the local identity address */
992 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
995 /* conn->src should reflect the local identity address */
996 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
998 /* set proper cleanup function */
999 if (!bacmp(dst, BDADDR_ANY))
1000 conn->cleanup = bis_cleanup;
1001 else if (conn->role == HCI_ROLE_MASTER)
1002 conn->cleanup = cis_cleanup;
1006 if (lmp_esco_capable(hdev))
1007 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1008 (hdev->esco_type & EDR_ESCO_MASK);
1010 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1013 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
1017 skb_queue_head_init(&conn->data_q);
1019 INIT_LIST_HEAD(&conn->chan_list);
1020 INIT_LIST_HEAD(&conn->link_list);
1022 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
1023 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
1024 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1025 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1027 atomic_set(&conn->refcnt, 0);
1031 hci_conn_hash_add(hdev, conn);
1033 /* The SCO and eSCO connections will only be notified when their
1034 * setup has been completed. This is different to ACL links which
1035 * can be notified right away.
1037 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1039 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1042 hci_conn_init_sysfs(conn);
1047 static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason)
1050 reason = HCI_ERROR_REMOTE_USER_TERM;
1052 /* Due to race, SCO/ISO conn might be not established yet at this point,
1053 * and nothing else will clean it up. In other cases it is done via HCI
1056 switch (conn->type) {
1059 if (HCI_CONN_HANDLE_UNSET(conn->handle))
1060 hci_conn_failed(conn, reason);
1063 if (conn->state != BT_CONNECTED &&
1064 !test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
1065 hci_conn_failed(conn, reason);
1070 static void hci_conn_unlink(struct hci_conn *conn)
1072 struct hci_dev *hdev = conn->hdev;
1074 bt_dev_dbg(hdev, "hcon %p", conn);
1076 if (!conn->parent) {
1077 struct hci_link *link, *t;
1079 list_for_each_entry_safe(link, t, &conn->link_list, list) {
1080 struct hci_conn *child = link->conn;
1082 hci_conn_unlink(child);
1084 /* If hdev is down it means
1085 * hci_dev_close_sync/hci_conn_hash_flush is in progress
1086 * and links don't need to be cleanup as all connections
1089 if (!test_bit(HCI_UP, &hdev->flags))
1092 hci_conn_cleanup_child(child, conn->abort_reason);
1101 list_del_rcu(&conn->link->list);
1104 hci_conn_drop(conn->parent);
1105 hci_conn_put(conn->parent);
1106 conn->parent = NULL;
1112 void hci_conn_del(struct hci_conn *conn)
1114 struct hci_dev *hdev = conn->hdev;
1116 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1118 hci_conn_unlink(conn);
1120 cancel_delayed_work_sync(&conn->disc_work);
1121 cancel_delayed_work_sync(&conn->auto_accept_work);
1122 cancel_delayed_work_sync(&conn->idle_work);
1124 if (conn->type == ACL_LINK) {
1125 /* Unacked frames */
1126 hdev->acl_cnt += conn->sent;
1127 } else if (conn->type == LE_LINK) {
1128 cancel_delayed_work(&conn->le_conn_timeout);
1131 hdev->le_cnt += conn->sent;
1133 hdev->acl_cnt += conn->sent;
1135 /* Unacked ISO frames */
1136 if (conn->type == ISO_LINK) {
1138 hdev->iso_cnt += conn->sent;
1139 else if (hdev->le_pkts)
1140 hdev->le_cnt += conn->sent;
1142 hdev->acl_cnt += conn->sent;
1147 amp_mgr_put(conn->amp_mgr);
1149 skb_queue_purge(&conn->data_q);
1151 /* Remove the connection from the list and cleanup its remaining
1152 * state. This is a separate function since for some cases like
1153 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1154 * rest of hci_conn_del.
1156 hci_conn_cleanup(conn);
1159 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1161 int use_src = bacmp(src, BDADDR_ANY);
1162 struct hci_dev *hdev = NULL, *d;
1164 BT_DBG("%pMR -> %pMR", src, dst);
1166 read_lock(&hci_dev_list_lock);
1168 list_for_each_entry(d, &hci_dev_list, list) {
1169 if (!test_bit(HCI_UP, &d->flags) ||
1170 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
1171 d->dev_type != HCI_PRIMARY)
1175 * No source address - find interface with bdaddr != dst
1176 * Source address - find interface with bdaddr == src
1183 if (src_type == BDADDR_BREDR) {
1184 if (!lmp_bredr_capable(d))
1186 bacpy(&id_addr, &d->bdaddr);
1187 id_addr_type = BDADDR_BREDR;
1189 if (!lmp_le_capable(d))
1192 hci_copy_identity_address(d, &id_addr,
1195 /* Convert from HCI to three-value type */
1196 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1197 id_addr_type = BDADDR_LE_PUBLIC;
1199 id_addr_type = BDADDR_LE_RANDOM;
1202 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1206 if (bacmp(&d->bdaddr, dst)) {
1213 hdev = hci_dev_hold(hdev);
1215 read_unlock(&hci_dev_list_lock);
1218 EXPORT_SYMBOL(hci_get_route);
1220 /* This function requires the caller holds hdev->lock */
1221 static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
1223 struct hci_dev *hdev = conn->hdev;
1225 hci_connect_le_scan_cleanup(conn, status);
1227 /* Enable advertising in case this was a failed connection
1228 * attempt as a peripheral.
1230 hci_enable_advertising(hdev);
1233 /* This function requires the caller holds hdev->lock */
1234 void hci_conn_failed(struct hci_conn *conn, u8 status)
1236 struct hci_dev *hdev = conn->hdev;
1238 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1240 switch (conn->type) {
1242 hci_le_conn_failed(conn, status);
1245 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1246 conn->dst_type, status);
1250 conn->state = BT_CLOSED;
1251 hci_connect_cfm(conn, status);
1255 /* This function requires the caller holds hdev->lock */
1256 u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1258 struct hci_dev *hdev = conn->hdev;
1260 bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1262 if (conn->handle == handle)
1265 if (handle > HCI_CONN_HANDLE_MAX) {
1266 bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1267 handle, HCI_CONN_HANDLE_MAX);
1268 return HCI_ERROR_INVALID_PARAMETERS;
1271 /* If abort_reason has been sent it means the connection is being
1272 * aborted and the handle shall not be changed.
1274 if (conn->abort_reason)
1275 return conn->abort_reason;
1277 conn->handle = handle;
1282 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1284 struct hci_conn *conn;
1285 u16 handle = PTR_UINT(data);
1287 conn = hci_conn_hash_lookup_handle(hdev, handle);
1291 bt_dev_dbg(hdev, "err %d", err);
1296 hci_connect_le_scan_cleanup(conn, 0x00);
1300 /* Check if connection is still pending */
1301 if (conn != hci_lookup_le_connect(hdev))
1304 /* Flush to make sure we send create conn cancel command if needed */
1305 flush_delayed_work(&conn->le_conn_timeout);
1306 hci_conn_failed(conn, bt_status(err));
1309 hci_dev_unlock(hdev);
1312 static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
1314 struct hci_conn *conn;
1315 u16 handle = PTR_UINT(data);
1317 conn = hci_conn_hash_lookup_handle(hdev, handle);
1321 bt_dev_dbg(hdev, "conn %p", conn);
1323 clear_bit(HCI_CONN_SCANNING, &conn->flags);
1324 conn->state = BT_CONNECT;
1326 return hci_le_create_conn_sync(hdev, conn);
1329 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
1330 u8 dst_type, bool dst_resolved, u8 sec_level,
1331 u16 conn_timeout, u8 role)
1333 struct hci_conn *conn;
1334 struct smp_irk *irk;
1337 /* Let's make sure that le is enabled.*/
1338 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1339 if (lmp_le_capable(hdev))
1340 return ERR_PTR(-ECONNREFUSED);
1342 return ERR_PTR(-EOPNOTSUPP);
1345 /* Since the controller supports only one LE connection attempt at a
1346 * time, we return -EBUSY if there is any connection attempt running.
1348 if (hci_lookup_le_connect(hdev))
1349 return ERR_PTR(-EBUSY);
1351 /* If there's already a connection object but it's not in
1352 * scanning state it means it must already be established, in
1353 * which case we can't do anything else except report a failure
1356 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1357 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1358 return ERR_PTR(-EBUSY);
1361 /* Check if the destination address has been resolved by the controller
1362 * since if it did then the identity address shall be used.
1364 if (!dst_resolved) {
1365 /* When given an identity address with existing identity
1366 * resolving key, the connection needs to be established
1367 * to a resolvable random address.
1369 * Storing the resolvable random address is required here
1370 * to handle connection failures. The address will later
1371 * be resolved back into the original identity address
1372 * from the connect request.
1374 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1375 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1377 dst_type = ADDR_LE_DEV_RANDOM;
1382 bacpy(&conn->dst, dst);
1384 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1386 return ERR_PTR(-ENOMEM);
1387 hci_conn_hold(conn);
1388 conn->pending_sec_level = sec_level;
1391 conn->dst_type = dst_type;
1392 conn->sec_level = BT_SECURITY_LOW;
1393 conn->conn_timeout = conn_timeout;
1395 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync,
1396 UINT_PTR(conn->handle),
1397 create_le_conn_complete);
1400 return ERR_PTR(err);
1406 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1408 struct hci_conn *conn;
1410 conn = hci_conn_hash_lookup_le(hdev, addr, type);
1414 if (conn->state != BT_CONNECTED)
1420 /* This function requires the caller holds hdev->lock */
1421 static int hci_explicit_conn_params_set(struct hci_dev *hdev,
1422 bdaddr_t *addr, u8 addr_type)
1424 struct hci_conn_params *params;
1426 if (is_connected(hdev, addr, addr_type))
1429 params = hci_conn_params_lookup(hdev, addr, addr_type);
1431 params = hci_conn_params_add(hdev, addr, addr_type);
1435 /* If we created new params, mark them to be deleted in
1436 * hci_connect_le_scan_cleanup. It's different case than
1437 * existing disabled params, those will stay after cleanup.
1439 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1442 /* We're trying to connect, so make sure params are at pend_le_conns */
1443 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
1444 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1445 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
1446 hci_pend_le_list_del_init(params);
1447 hci_pend_le_list_add(params, &hdev->pend_le_conns);
1450 params->explicit_connect = true;
1452 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1453 params->auto_connect);
1458 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1460 struct hci_conn *conn;
1463 /* Allocate a BIG if not set */
1464 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
1465 for (big = 0x00; big < 0xef; big++) {
1467 conn = hci_conn_hash_lookup_big(hdev, big);
1473 return -EADDRNOTAVAIL;
1476 qos->bcast.big = big;
1482 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1484 struct hci_conn *conn;
1487 /* Allocate BIS if not set */
1488 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
1489 /* Find an unused adv set to advertise BIS, skip instance 0x00
1490 * since it is reserved as general purpose set.
1492 for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1495 conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1500 if (bis == hdev->le_num_of_adv_sets)
1501 return -EADDRNOTAVAIL;
1504 qos->bcast.bis = bis;
1510 /* This function requires the caller holds hdev->lock */
1511 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
1512 struct bt_iso_qos *qos, __u8 base_len,
1515 struct hci_conn *conn;
1518 /* Let's make sure that le is enabled.*/
1519 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1520 if (lmp_le_capable(hdev))
1521 return ERR_PTR(-ECONNREFUSED);
1522 return ERR_PTR(-EOPNOTSUPP);
1525 err = qos_set_big(hdev, qos);
1527 return ERR_PTR(err);
1529 err = qos_set_bis(hdev, qos);
1531 return ERR_PTR(err);
1533 /* Check if the LE Create BIG command has already been sent */
1534 conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1537 return ERR_PTR(-EADDRINUSE);
1539 /* Check BIS settings against other bound BISes, since all
1540 * BISes in a BIG must have the same value for all parameters
1542 conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
1544 if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1545 base_len != conn->le_per_adv_data_len ||
1546 memcmp(conn->le_per_adv_data, base, base_len)))
1547 return ERR_PTR(-EADDRINUSE);
1549 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1551 return ERR_PTR(-ENOMEM);
1553 conn->state = BT_CONNECT;
1555 hci_conn_hold(conn);
1559 /* This function requires the caller holds hdev->lock */
1560 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1561 u8 dst_type, u8 sec_level,
1563 enum conn_reasons conn_reason)
1565 struct hci_conn *conn;
1567 /* Let's make sure that le is enabled.*/
1568 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1569 if (lmp_le_capable(hdev))
1570 return ERR_PTR(-ECONNREFUSED);
1572 return ERR_PTR(-EOPNOTSUPP);
1575 /* Some devices send ATT messages as soon as the physical link is
1576 * established. To be able to handle these ATT messages, the user-
1577 * space first establishes the connection and then starts the pairing
1580 * So if a hci_conn object already exists for the following connection
1581 * attempt, we simply update pending_sec_level and auth_type fields
1582 * and return the object found.
1584 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1586 if (conn->pending_sec_level < sec_level)
1587 conn->pending_sec_level = sec_level;
1591 BT_DBG("requesting refresh of dst_addr");
1593 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
1595 return ERR_PTR(-ENOMEM);
1597 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1599 return ERR_PTR(-EBUSY);
1602 conn->state = BT_CONNECT;
1603 set_bit(HCI_CONN_SCANNING, &conn->flags);
1604 conn->dst_type = dst_type;
1605 conn->sec_level = BT_SECURITY_LOW;
1606 conn->pending_sec_level = sec_level;
1607 conn->conn_timeout = conn_timeout;
1608 conn->conn_reason = conn_reason;
1610 hci_update_passive_scan(hdev);
1613 hci_conn_hold(conn);
1617 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1618 u8 sec_level, u8 auth_type,
1619 enum conn_reasons conn_reason)
1621 struct hci_conn *acl;
1623 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1624 if (lmp_bredr_capable(hdev))
1625 return ERR_PTR(-ECONNREFUSED);
1627 return ERR_PTR(-EOPNOTSUPP);
1630 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1632 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
1634 return ERR_PTR(-ENOMEM);
1639 acl->conn_reason = conn_reason;
1640 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
1641 acl->sec_level = BT_SECURITY_LOW;
1642 acl->pending_sec_level = sec_level;
1643 acl->auth_type = auth_type;
1644 hci_acl_create_connection(acl);
1650 static struct hci_link *hci_conn_link(struct hci_conn *parent,
1651 struct hci_conn *conn)
1653 struct hci_dev *hdev = parent->hdev;
1654 struct hci_link *link;
1656 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn);
1664 link = kzalloc(sizeof(*link), GFP_KERNEL);
1668 link->conn = hci_conn_hold(conn);
1670 conn->parent = hci_conn_get(parent);
1672 /* Use list_add_tail_rcu append to the list */
1673 list_add_tail_rcu(&link->list, &parent->link_list);
1678 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1679 __u16 setting, struct bt_codec *codec)
1681 struct hci_conn *acl;
1682 struct hci_conn *sco;
1683 struct hci_link *link;
1685 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1686 CONN_REASON_SCO_CONNECT);
1690 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1692 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
1695 return ERR_PTR(-ENOMEM);
1699 link = hci_conn_link(acl, sco);
1703 return ERR_PTR(-ENOLINK);
1706 sco->setting = setting;
1707 sco->codec = *codec;
1709 if (acl->state == BT_CONNECTED &&
1710 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
1711 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
1712 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
1714 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
1715 /* defer SCO setup until mode change completed */
1716 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
1720 hci_sco_setup(acl, 0x00);
1726 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1728 struct hci_dev *hdev = conn->hdev;
1729 struct hci_cp_le_create_big cp;
1730 struct iso_list_data data;
1732 memset(&cp, 0, sizeof(cp));
1734 data.big = qos->bcast.big;
1735 data.bis = qos->bcast.bis;
1738 /* Create a BIS for each bound connection */
1739 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1742 cp.handle = qos->bcast.big;
1743 cp.adv_handle = qos->bcast.bis;
1744 cp.num_bis = data.count;
1745 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1746 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1747 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
1748 cp.bis.rtn = qos->bcast.out.rtn;
1749 cp.bis.phy = qos->bcast.out.phy;
1750 cp.bis.packing = qos->bcast.packing;
1751 cp.bis.framing = qos->bcast.framing;
1752 cp.bis.encryption = qos->bcast.encryption;
1753 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode));
1755 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1758 static int set_cig_params_sync(struct hci_dev *hdev, void *data)
1760 u8 cig_id = PTR_UINT(data);
1761 struct hci_conn *conn;
1762 struct bt_iso_qos *qos;
1763 struct iso_cig_params pdu;
1766 conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1770 memset(&pdu, 0, sizeof(pdu));
1772 qos = &conn->iso_qos;
1773 pdu.cp.cig_id = cig_id;
1774 hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1775 hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1776 pdu.cp.sca = qos->ucast.sca;
1777 pdu.cp.packing = qos->ucast.packing;
1778 pdu.cp.framing = qos->ucast.framing;
1779 pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1780 pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
1782 /* Reprogram all CIS(s) with the same CIG, valid range are:
1783 * num_cis: 0x00 to 0x1F
1784 * cis_id: 0x00 to 0xEF
1786 for (cis_id = 0x00; cis_id < 0xf0 &&
1787 pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1788 struct hci_cis_params *cis;
1790 conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1794 qos = &conn->iso_qos;
1796 cis = &pdu.cis[pdu.cp.num_cis++];
1797 cis->cis_id = cis_id;
1798 cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1799 cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1800 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1802 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1804 cis->c_rtn = qos->ucast.out.rtn;
1805 cis->p_rtn = qos->ucast.in.rtn;
1808 if (!pdu.cp.num_cis)
1811 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1813 pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
1817 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1819 struct hci_dev *hdev = conn->hdev;
1820 struct iso_list_data data;
1822 memset(&data, 0, sizeof(data));
1824 /* Allocate first still reconfigurable CIG if not set */
1825 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) {
1826 for (data.cig = 0x00; data.cig < 0xf0; data.cig++) {
1829 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1834 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK,
1835 BT_CONNECTED, &data);
1840 if (data.cig == 0xf0)
1844 qos->ucast.cig = data.cig;
1847 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
1848 if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1854 /* Allocate first available CIS if not set */
1855 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1857 if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1860 qos->ucast.cis = data.cis;
1865 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
1869 if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
1870 UINT_PTR(qos->ucast.cig), NULL) < 0)
1876 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1877 __u8 dst_type, struct bt_iso_qos *qos)
1879 struct hci_conn *cis;
1881 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig,
1884 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1886 return ERR_PTR(-ENOMEM);
1887 cis->cleanup = cis_cleanup;
1888 cis->dst_type = dst_type;
1889 cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1890 cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
1893 if (cis->state == BT_CONNECTED)
1896 /* Check if CIS has been set and the settings matches */
1897 if (cis->state == BT_BOUND &&
1898 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1901 /* Update LINK PHYs according to QoS preference */
1902 cis->le_tx_phy = qos->ucast.out.phy;
1903 cis->le_rx_phy = qos->ucast.in.phy;
1905 /* If output interval is not set use the input interval as it cannot be
1908 if (!qos->ucast.out.interval)
1909 qos->ucast.out.interval = qos->ucast.in.interval;
1911 /* If input interval is not set use the output interval as it cannot be
1914 if (!qos->ucast.in.interval)
1915 qos->ucast.in.interval = qos->ucast.out.interval;
1917 /* If output latency is not set use the input latency as it cannot be
1920 if (!qos->ucast.out.latency)
1921 qos->ucast.out.latency = qos->ucast.in.latency;
1923 /* If input latency is not set use the output latency as it cannot be
1926 if (!qos->ucast.in.latency)
1927 qos->ucast.in.latency = qos->ucast.out.latency;
1929 if (!hci_le_set_cig_params(cis, qos)) {
1931 return ERR_PTR(-EINVAL);
1936 cis->iso_qos = *qos;
1937 cis->state = BT_BOUND;
1942 bool hci_iso_setup_path(struct hci_conn *conn)
1944 struct hci_dev *hdev = conn->hdev;
1945 struct hci_cp_le_setup_iso_path cmd;
1947 memset(&cmd, 0, sizeof(cmd));
1949 if (conn->iso_qos.ucast.out.sdu) {
1950 cmd.handle = cpu_to_le16(conn->handle);
1951 cmd.direction = 0x00; /* Input (Host to Controller) */
1952 cmd.path = 0x00; /* HCI path if enabled */
1953 cmd.codec = 0x03; /* Transparent Data */
1955 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1960 if (conn->iso_qos.ucast.in.sdu) {
1961 cmd.handle = cpu_to_le16(conn->handle);
1962 cmd.direction = 0x01; /* Output (Controller to Host) */
1963 cmd.path = 0x00; /* HCI path if enabled */
1964 cmd.codec = 0x03; /* Transparent Data */
1966 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1974 int hci_conn_check_create_cis(struct hci_conn *conn)
1976 if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1979 if (!conn->parent || conn->parent->state != BT_CONNECTED ||
1980 conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
1986 static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1988 return hci_le_create_cis_sync(hdev);
1991 int hci_le_create_cis_pending(struct hci_dev *hdev)
1993 struct hci_conn *conn;
1994 bool pending = false;
1998 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1999 if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
2004 if (!hci_conn_check_create_cis(conn))
2013 /* Queue Create CIS */
2014 return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
2017 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
2018 struct bt_iso_io_qos *qos, __u8 phy)
2020 /* Only set MTU if PHY is enabled */
2021 if (!qos->sdu && qos->phy) {
2022 if (hdev->iso_mtu > 0)
2023 qos->sdu = hdev->iso_mtu;
2024 else if (hdev->le_mtu > 0)
2025 qos->sdu = hdev->le_mtu;
2027 qos->sdu = hdev->acl_mtu;
2030 /* Use the same PHY as ACL if set to any */
2031 if (qos->phy == BT_ISO_PHY_ANY)
2034 /* Use LE ACL connection interval if not set */
2036 /* ACL interval unit in 1.25 ms to us */
2037 qos->interval = conn->le_conn_interval * 1250;
2039 /* Use LE ACL connection latency if not set */
2041 qos->latency = conn->le_conn_latency;
2044 static int create_big_sync(struct hci_dev *hdev, void *data)
2046 struct hci_conn *conn = data;
2047 struct bt_iso_qos *qos = &conn->iso_qos;
2048 u16 interval, sync_interval = 0;
2052 if (qos->bcast.out.phy == 0x02)
2053 flags |= MGMT_ADV_FLAG_SEC_2M;
2055 /* Align intervals */
2056 interval = (qos->bcast.out.interval / 1250) * qos->bcast.sync_factor;
2059 sync_interval = interval * 4;
2061 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len,
2062 conn->le_per_adv_data, flags, interval,
2063 interval, sync_interval);
2067 return hci_le_create_big(conn, &conn->iso_qos);
2070 static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2072 struct hci_cp_le_pa_create_sync *cp = data;
2074 bt_dev_dbg(hdev, "");
2077 bt_dev_err(hdev, "Unable to create PA: %d", err);
2082 static int create_pa_sync(struct hci_dev *hdev, void *data)
2084 struct hci_cp_le_pa_create_sync *cp = data;
2087 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2088 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2090 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2094 return hci_update_passive_scan_sync(hdev);
2097 int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
2098 __u8 sid, struct bt_iso_qos *qos)
2100 struct hci_cp_le_pa_create_sync *cp;
2102 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2105 cp = kzalloc(sizeof(*cp), GFP_KERNEL);
2107 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2111 cp->options = qos->bcast.options;
2113 cp->addr_type = dst_type;
2114 bacpy(&cp->addr, dst);
2115 cp->skip = cpu_to_le16(qos->bcast.skip);
2116 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
2117 cp->sync_cte_type = qos->bcast.sync_cte_type;
2119 /* Queue start pa_create_sync and scan */
2120 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2123 int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
2124 struct bt_iso_qos *qos,
2125 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2128 struct hci_cp_le_big_create_sync cp;
2133 if (num_bis > sizeof(pdu.bis))
2136 err = qos_set_big(hdev, qos);
2141 hcon->iso_qos.bcast.big = qos->bcast.big;
2143 memset(&pdu, 0, sizeof(pdu));
2144 pdu.cp.handle = qos->bcast.big;
2145 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
2146 pdu.cp.encryption = qos->bcast.encryption;
2147 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode));
2148 pdu.cp.mse = qos->bcast.mse;
2149 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout);
2150 pdu.cp.num_bis = num_bis;
2151 memcpy(pdu.bis, bis, num_bis);
2153 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2154 sizeof(pdu.cp) + num_bis, &pdu);
2157 static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2159 struct hci_conn *conn = data;
2161 bt_dev_dbg(hdev, "conn %p", conn);
2164 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2165 hci_connect_cfm(conn, err);
2170 struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2171 struct bt_iso_qos *qos,
2172 __u8 base_len, __u8 *base)
2174 struct hci_conn *conn;
2175 __u8 eir[HCI_MAX_PER_AD_LENGTH];
2177 if (base_len && base)
2178 base_len = eir_append_service_data(eir, 0, 0x1851,
2181 /* We need hci_conn object using the BDADDR_ANY as dst */
2182 conn = hci_add_bis(hdev, dst, qos, base_len, eir);
2186 /* Update LINK PHYs according to QoS preference */
2187 conn->le_tx_phy = qos->bcast.out.phy;
2188 conn->le_tx_phy = qos->bcast.out.phy;
2190 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2191 if (base_len && base) {
2192 memcpy(conn->le_per_adv_data, eir, sizeof(eir));
2193 conn->le_per_adv_data_len = base_len;
2196 hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2197 conn->le_tx_phy ? conn->le_tx_phy :
2198 hdev->le_tx_def_phys);
2200 conn->iso_qos = *qos;
2201 conn->state = BT_BOUND;
2206 static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2208 struct iso_list_data *d = data;
2210 /* Skip if not broadcast/ANY address */
2211 if (bacmp(&conn->dst, BDADDR_ANY))
2214 if (d->big != conn->iso_qos.bcast.big ||
2215 d->bis == BT_ISO_QOS_BIS_UNSET ||
2216 d->bis != conn->iso_qos.bcast.bis)
2219 set_bit(HCI_CONN_PER_ADV, &conn->flags);
2222 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2223 __u8 dst_type, struct bt_iso_qos *qos,
2224 __u8 base_len, __u8 *base)
2226 struct hci_conn *conn;
2228 struct iso_list_data data;
2230 conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2234 data.big = qos->bcast.big;
2235 data.bis = qos->bcast.bis;
2237 /* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2238 * the start periodic advertising and create BIG commands have
2241 hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2244 /* Queue start periodic advertising and create BIG */
2245 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2246 create_big_complete);
2248 hci_conn_drop(conn);
2249 return ERR_PTR(err);
2255 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2256 __u8 dst_type, struct bt_iso_qos *qos)
2258 struct hci_conn *le;
2259 struct hci_conn *cis;
2260 struct hci_link *link;
2262 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2263 le = hci_connect_le(hdev, dst, dst_type, false,
2265 HCI_LE_CONN_TIMEOUT,
2268 le = hci_connect_le_scan(hdev, dst, dst_type,
2270 HCI_LE_CONN_TIMEOUT,
2271 CONN_REASON_ISO_CONNECT);
2275 hci_iso_qos_setup(hdev, le, &qos->ucast.out,
2276 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
2277 hci_iso_qos_setup(hdev, le, &qos->ucast.in,
2278 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2280 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2286 link = hci_conn_link(le, cis);
2290 return ERR_PTR(-ENOLINK);
2293 /* Link takes the refcount */
2296 cis->state = BT_CONNECT;
2298 hci_le_create_cis_pending(hdev);
2303 /* Check link security requirement */
2304 int hci_conn_check_link_mode(struct hci_conn *conn)
2306 BT_DBG("hcon %p", conn);
2308 /* In Secure Connections Only mode, it is required that Secure
2309 * Connections is used and the link is encrypted with AES-CCM
2310 * using a P-256 authenticated combination key.
2312 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
2313 if (!hci_conn_sc_enabled(conn) ||
2314 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2315 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2319 /* AES encryption is required for Level 4:
2321 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2324 * 128-bit equivalent strength for link and encryption keys
2325 * required using FIPS approved algorithms (E0 not allowed,
2326 * SAFER+ not allowed, and P-192 not allowed; encryption key
2329 if (conn->sec_level == BT_SECURITY_FIPS &&
2330 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2331 bt_dev_err(conn->hdev,
2332 "Invalid security: Missing AES-CCM usage");
2336 if (hci_conn_ssp_enabled(conn) &&
2337 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2343 /* Authenticate remote device */
2344 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
2346 BT_DBG("hcon %p", conn);
2348 if (conn->pending_sec_level > sec_level)
2349 sec_level = conn->pending_sec_level;
2351 if (sec_level > conn->sec_level)
2352 conn->pending_sec_level = sec_level;
2353 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
2356 /* Make sure we preserve an existing MITM requirement*/
2357 auth_type |= (conn->auth_type & 0x01);
2359 conn->auth_type = auth_type;
2361 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2362 struct hci_cp_auth_requested cp;
2364 cp.handle = cpu_to_le16(conn->handle);
2365 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
2368 /* If we're already encrypted set the REAUTH_PEND flag,
2369 * otherwise set the ENCRYPT_PEND.
2371 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2372 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2374 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2380 /* Encrypt the link */
2381 static void hci_conn_encrypt(struct hci_conn *conn)
2383 BT_DBG("hcon %p", conn);
2385 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2386 struct hci_cp_set_conn_encrypt cp;
2387 cp.handle = cpu_to_le16(conn->handle);
2389 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2394 /* Enable security */
2395 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2398 BT_DBG("hcon %p", conn);
2400 if (conn->type == LE_LINK)
2401 return smp_conn_security(conn, sec_level);
2403 /* For sdp we don't need the link key. */
2404 if (sec_level == BT_SECURITY_SDP)
2407 /* For non 2.1 devices and low security level we don't need the link
2409 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
2412 /* For other security levels we need the link key. */
2413 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
2416 switch (conn->key_type) {
2417 case HCI_LK_AUTH_COMBINATION_P256:
2418 /* An authenticated FIPS approved combination key has
2419 * sufficient security for security level 4 or lower.
2421 if (sec_level <= BT_SECURITY_FIPS)
2424 case HCI_LK_AUTH_COMBINATION_P192:
2425 /* An authenticated combination key has sufficient security for
2426 * security level 3 or lower.
2428 if (sec_level <= BT_SECURITY_HIGH)
2431 case HCI_LK_UNAUTH_COMBINATION_P192:
2432 case HCI_LK_UNAUTH_COMBINATION_P256:
2433 /* An unauthenticated combination key has sufficient security
2434 * for security level 2 or lower.
2436 if (sec_level <= BT_SECURITY_MEDIUM)
2439 case HCI_LK_COMBINATION:
2440 /* A combination key has always sufficient security for the
2441 * security levels 2 or lower. High security level requires the
2442 * combination key is generated using maximum PIN code length
2443 * (16). For pre 2.1 units.
2445 if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16)
2453 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
2457 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2459 if (!hci_conn_auth(conn, sec_level, auth_type))
2463 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2464 /* Ensure that the encryption key size has been read,
2465 * otherwise stall the upper layer responses.
2467 if (!conn->enc_key_size)
2470 /* Nothing else needed, all requirements are met */
2474 hci_conn_encrypt(conn);
2477 EXPORT_SYMBOL(hci_conn_security);
2479 /* Check secure link requirement */
2480 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2482 BT_DBG("hcon %p", conn);
2484 /* Accept if non-secure or higher security level is required */
2485 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2488 /* Accept if secure or higher security level is already present */
2489 if (conn->sec_level == BT_SECURITY_HIGH ||
2490 conn->sec_level == BT_SECURITY_FIPS)
2493 /* Reject not secure link */
2496 EXPORT_SYMBOL(hci_conn_check_secure);
2499 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
2501 BT_DBG("hcon %p", conn);
2503 if (role == conn->role)
2506 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
2507 struct hci_cp_switch_role cp;
2508 bacpy(&cp.bdaddr, &conn->dst);
2510 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
2515 EXPORT_SYMBOL(hci_conn_switch_role);
2517 /* Enter active mode */
2518 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
2520 struct hci_dev *hdev = conn->hdev;
2522 BT_DBG("hcon %p mode %d", conn, conn->mode);
2524 if (conn->mode != HCI_CM_SNIFF)
2527 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
2530 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2531 struct hci_cp_exit_sniff_mode cp;
2532 cp.handle = cpu_to_le16(conn->handle);
2533 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
2537 if (hdev->idle_timeout > 0)
2538 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2539 msecs_to_jiffies(hdev->idle_timeout));
2542 /* Drop all connection on the device */
2543 void hci_conn_hash_flush(struct hci_dev *hdev)
2545 struct list_head *head = &hdev->conn_hash.list;
2546 struct hci_conn *conn;
2548 BT_DBG("hdev %s", hdev->name);
2550 /* We should not traverse the list here, because hci_conn_del
2551 * can remove extra links, which may cause the list traversal
2552 * to hit items that have already been released.
2554 while ((conn = list_first_entry_or_null(head,
2557 conn->state = BT_CLOSED;
2558 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM);
2563 /* Check pending connect attempts */
2564 void hci_conn_check_pending(struct hci_dev *hdev)
2566 struct hci_conn *conn;
2568 BT_DBG("hdev %s", hdev->name);
2572 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2574 hci_acl_create_connection(conn);
2576 hci_dev_unlock(hdev);
2579 static u32 get_link_mode(struct hci_conn *conn)
2583 if (conn->role == HCI_ROLE_MASTER)
2584 link_mode |= HCI_LM_MASTER;
2586 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2587 link_mode |= HCI_LM_ENCRYPT;
2589 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2590 link_mode |= HCI_LM_AUTH;
2592 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2593 link_mode |= HCI_LM_SECURE;
2595 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2596 link_mode |= HCI_LM_FIPS;
2601 int hci_get_conn_list(void __user *arg)
2604 struct hci_conn_list_req req, *cl;
2605 struct hci_conn_info *ci;
2606 struct hci_dev *hdev;
2607 int n = 0, size, err;
2609 if (copy_from_user(&req, arg, sizeof(req)))
2612 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2615 size = sizeof(req) + req.conn_num * sizeof(*ci);
2617 cl = kmalloc(size, GFP_KERNEL);
2621 hdev = hci_dev_get(req.dev_id);
2630 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2631 bacpy(&(ci + n)->bdaddr, &c->dst);
2632 (ci + n)->handle = c->handle;
2633 (ci + n)->type = c->type;
2634 (ci + n)->out = c->out;
2635 (ci + n)->state = c->state;
2636 (ci + n)->link_mode = get_link_mode(c);
2637 if (++n >= req.conn_num)
2640 hci_dev_unlock(hdev);
2642 cl->dev_id = hdev->id;
2644 size = sizeof(req) + n * sizeof(*ci);
2648 err = copy_to_user(arg, cl, size);
2651 return err ? -EFAULT : 0;
2654 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2656 struct hci_conn_info_req req;
2657 struct hci_conn_info ci;
2658 struct hci_conn *conn;
2659 char __user *ptr = arg + sizeof(req);
2661 if (copy_from_user(&req, arg, sizeof(req)))
2665 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2667 bacpy(&ci.bdaddr, &conn->dst);
2668 ci.handle = conn->handle;
2669 ci.type = conn->type;
2671 ci.state = conn->state;
2672 ci.link_mode = get_link_mode(conn);
2674 hci_dev_unlock(hdev);
2679 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2682 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2684 struct hci_auth_info_req req;
2685 struct hci_conn *conn;
2687 if (copy_from_user(&req, arg, sizeof(req)))
2691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2693 req.type = conn->auth_type;
2694 hci_dev_unlock(hdev);
2699 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2702 struct hci_chan *hci_chan_create(struct hci_conn *conn)
2704 struct hci_dev *hdev = conn->hdev;
2705 struct hci_chan *chan;
2707 BT_DBG("%s hcon %p", hdev->name, conn);
2709 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2710 BT_DBG("Refusing to create new hci_chan");
2714 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
2718 chan->conn = hci_conn_get(conn);
2719 skb_queue_head_init(&chan->data_q);
2720 chan->state = BT_CONNECTED;
2722 list_add_rcu(&chan->list, &conn->chan_list);
2727 void hci_chan_del(struct hci_chan *chan)
2729 struct hci_conn *conn = chan->conn;
2730 struct hci_dev *hdev = conn->hdev;
2732 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
2734 list_del_rcu(&chan->list);
2738 /* Prevent new hci_chan's to be created for this hci_conn */
2739 set_bit(HCI_CONN_DROP, &conn->flags);
2743 skb_queue_purge(&chan->data_q);
2747 void hci_chan_list_flush(struct hci_conn *conn)
2749 struct hci_chan *chan, *n;
2751 BT_DBG("hcon %p", conn);
2753 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
2757 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2760 struct hci_chan *hchan;
2762 list_for_each_entry(hchan, &hcon->chan_list, list) {
2763 if (hchan->handle == handle)
2770 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2772 struct hci_conn_hash *h = &hdev->conn_hash;
2773 struct hci_conn *hcon;
2774 struct hci_chan *hchan = NULL;
2778 list_for_each_entry_rcu(hcon, &h->list, list) {
2779 hchan = __hci_chan_lookup_handle(hcon, handle);
2789 u32 hci_conn_get_phy(struct hci_conn *conn)
2793 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2794 * Table 6.2: Packets defined for synchronous, asynchronous, and
2795 * CPB logical transport types.
2797 switch (conn->type) {
2799 /* SCO logical transport (1 Mb/s):
2800 * HV1, HV2, HV3 and DV.
2802 phys |= BT_PHY_BR_1M_1SLOT;
2807 /* ACL logical transport (1 Mb/s) ptt=0:
2808 * DH1, DM3, DH3, DM5 and DH5.
2810 phys |= BT_PHY_BR_1M_1SLOT;
2812 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2813 phys |= BT_PHY_BR_1M_3SLOT;
2815 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2816 phys |= BT_PHY_BR_1M_5SLOT;
2818 /* ACL logical transport (2 Mb/s) ptt=1:
2819 * 2-DH1, 2-DH3 and 2-DH5.
2821 if (!(conn->pkt_type & HCI_2DH1))
2822 phys |= BT_PHY_EDR_2M_1SLOT;
2824 if (!(conn->pkt_type & HCI_2DH3))
2825 phys |= BT_PHY_EDR_2M_3SLOT;
2827 if (!(conn->pkt_type & HCI_2DH5))
2828 phys |= BT_PHY_EDR_2M_5SLOT;
2830 /* ACL logical transport (3 Mb/s) ptt=1:
2831 * 3-DH1, 3-DH3 and 3-DH5.
2833 if (!(conn->pkt_type & HCI_3DH1))
2834 phys |= BT_PHY_EDR_3M_1SLOT;
2836 if (!(conn->pkt_type & HCI_3DH3))
2837 phys |= BT_PHY_EDR_3M_3SLOT;
2839 if (!(conn->pkt_type & HCI_3DH5))
2840 phys |= BT_PHY_EDR_3M_5SLOT;
2845 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2846 phys |= BT_PHY_BR_1M_1SLOT;
2848 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2849 phys |= BT_PHY_BR_1M_3SLOT;
2851 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2852 if (!(conn->pkt_type & ESCO_2EV3))
2853 phys |= BT_PHY_EDR_2M_1SLOT;
2855 if (!(conn->pkt_type & ESCO_2EV5))
2856 phys |= BT_PHY_EDR_2M_3SLOT;
2858 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2859 if (!(conn->pkt_type & ESCO_3EV3))
2860 phys |= BT_PHY_EDR_3M_1SLOT;
2862 if (!(conn->pkt_type & ESCO_3EV5))
2863 phys |= BT_PHY_EDR_3M_3SLOT;
2868 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2869 phys |= BT_PHY_LE_1M_TX;
2871 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2872 phys |= BT_PHY_LE_1M_RX;
2874 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2875 phys |= BT_PHY_LE_2M_TX;
2877 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2878 phys |= BT_PHY_LE_2M_RX;
2880 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2881 phys |= BT_PHY_LE_CODED_TX;
2883 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2884 phys |= BT_PHY_LE_CODED_RX;
2892 static int abort_conn_sync(struct hci_dev *hdev, void *data)
2894 struct hci_conn *conn;
2895 u16 handle = PTR_UINT(data);
2897 conn = hci_conn_hash_lookup_handle(hdev, handle);
2901 return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2904 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2906 struct hci_dev *hdev = conn->hdev;
2908 /* If abort_reason has already been set it means the connection is
2909 * already being aborted so don't attempt to overwrite it.
2911 if (conn->abort_reason)
2914 bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
2916 conn->abort_reason = reason;
2918 /* If the connection is pending check the command opcode since that
2919 * might be blocking on hci_cmd_sync_work while waiting its respective
2920 * event so we need to hci_cmd_sync_cancel to cancel it.
2922 * hci_connect_le serializes the connection attempts so only one
2923 * connection can be in BT_CONNECT at time.
2925 if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2926 switch (hci_skb_event(hdev->sent_cmd)) {
2927 case HCI_EV_LE_CONN_COMPLETE:
2928 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2929 case HCI_EVT_LE_CIS_ESTABLISHED:
2930 hci_cmd_sync_cancel(hdev, -ECANCELED);
2935 return hci_cmd_sync_queue(hdev, abort_conn_sync, UINT_PTR(conn->handle),
projects / platform / kernel / linux-rpi.git / blob