2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
28 #include <linux/debugfs.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/iso.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
47 struct conn_handle_t {
48 struct hci_conn *conn;
52 static const struct sco_param esco_param_cvsd[] = {
53 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */
54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */
55 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */
56 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */
57 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */
60 static const struct sco_param sco_param_cvsd[] = {
61 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */
62 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */
65 static const struct sco_param esco_param_msbc[] = {
66 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */
67 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */
70 /* This function requires the caller holds hdev->lock */
71 static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
73 struct hci_conn_params *params;
74 struct hci_dev *hdev = conn->hdev;
80 bdaddr_type = conn->dst_type;
82 /* Check if we need to convert to identity address */
83 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
85 bdaddr = &irk->bdaddr;
86 bdaddr_type = irk->addr_type;
89 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr,
95 hci_conn_drop(params->conn);
96 hci_conn_put(params->conn);
100 if (!params->explicit_connect)
103 /* If the status indicates successful cancellation of
104 * the attempt (i.e. Unknown Connection Id) there's no point of
105 * notifying failure since we'll go back to keep trying to
106 * connect. The only exception is explicit connect requests
107 * where a timeout + cancel does indicate an actual failure.
109 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID)
110 mgmt_connect_failed(hdev, &conn->dst, conn->type,
111 conn->dst_type, status);
113 /* The connection attempt was doing scan for new RPA, and is
114 * in scan phase. If params are not associated with any other
115 * autoconnect action, remove them completely. If they are, just unmark
116 * them as waiting for connection, by clearing explicit_connect field.
118 params->explicit_connect = false;
120 list_del_init(¶ms->action);
122 switch (params->auto_connect) {
123 case HCI_AUTO_CONN_EXPLICIT:
124 hci_conn_params_del(hdev, bdaddr, bdaddr_type);
125 /* return instead of break to avoid duplicate scan update */
127 case HCI_AUTO_CONN_DIRECT:
128 case HCI_AUTO_CONN_ALWAYS:
129 list_add(¶ms->action, &hdev->pend_le_conns);
131 case HCI_AUTO_CONN_REPORT:
132 list_add(¶ms->action, &hdev->pend_le_reports);
138 hci_update_passive_scan(hdev);
141 static void hci_conn_cleanup(struct hci_conn *conn)
143 struct hci_dev *hdev = conn->hdev;
145 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
146 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
148 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
149 hci_remove_link_key(hdev, &conn->dst);
151 hci_chan_list_flush(conn);
153 hci_conn_hash_del(hdev, conn);
158 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
159 switch (conn->setting & SCO_AIRMODE_MASK) {
160 case SCO_AIRMODE_CVSD:
161 case SCO_AIRMODE_TRANSP:
163 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO);
168 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
171 hci_conn_del_sysfs(conn);
173 debugfs_remove_recursive(conn->debugfs);
180 static void le_scan_cleanup(struct work_struct *work)
182 struct hci_conn *conn = container_of(work, struct hci_conn,
184 struct hci_dev *hdev = conn->hdev;
185 struct hci_conn *c = NULL;
187 BT_DBG("%s hcon %p", hdev->name, conn);
191 /* Check that the hci_conn is still around */
193 list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) {
200 hci_connect_le_scan_cleanup(conn, 0x00);
201 hci_conn_cleanup(conn);
204 hci_dev_unlock(hdev);
209 static void hci_connect_le_scan_remove(struct hci_conn *conn)
211 BT_DBG("%s hcon %p", conn->hdev->name, conn);
213 /* We can't call hci_conn_del/hci_conn_cleanup here since that
214 * could deadlock with another hci_conn_del() call that's holding
215 * hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work).
216 * Instead, grab temporary extra references to the hci_dev and
217 * hci_conn and perform the necessary cleanup in a separate work
221 hci_dev_hold(conn->hdev);
224 /* Even though we hold a reference to the hdev, many other
225 * things might get cleaned up meanwhile, including the hdev's
226 * own workqueue, so we can't use that for scheduling.
228 schedule_work(&conn->le_scan_cleanup);
231 static void hci_acl_create_connection(struct hci_conn *conn)
233 struct hci_dev *hdev = conn->hdev;
234 struct inquiry_entry *ie;
235 struct hci_cp_create_conn cp;
237 BT_DBG("hcon %p", conn);
239 /* Many controllers disallow HCI Create Connection while it is doing
240 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create
241 * Connection. This may cause the MGMT discovering state to become false
242 * without user space's request but it is okay since the MGMT Discovery
243 * APIs do not promise that discovery should be done forever. Instead,
244 * the user space monitors the status of MGMT discovering and it may
245 * request for discovery again when this flag becomes false.
247 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
248 /* Put this connection to "pending" state so that it will be
249 * executed after the inquiry cancel command complete event.
251 conn->state = BT_CONNECT2;
252 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
256 conn->state = BT_CONNECT;
258 conn->role = HCI_ROLE_MASTER;
262 conn->link_policy = hdev->link_policy;
264 memset(&cp, 0, sizeof(cp));
265 bacpy(&cp.bdaddr, &conn->dst);
266 cp.pscan_rep_mode = 0x02;
268 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
270 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
271 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
272 cp.pscan_mode = ie->data.pscan_mode;
273 cp.clock_offset = ie->data.clock_offset |
277 memcpy(conn->dev_class, ie->data.dev_class, 3);
280 cp.pkt_type = cpu_to_le16(conn->pkt_type);
281 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
282 cp.role_switch = 0x01;
284 cp.role_switch = 0x00;
286 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
289 int hci_disconnect(struct hci_conn *conn, __u8 reason)
291 BT_DBG("hcon %p", conn);
293 /* When we are central of an established connection and it enters
294 * the disconnect timeout, then go ahead and try to read the
295 * current clock offset. Processing of the result is done
296 * within the event handling and hci_clock_offset_evt function.
298 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER &&
299 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) {
300 struct hci_dev *hdev = conn->hdev;
301 struct hci_cp_read_clock_offset clkoff_cp;
303 clkoff_cp.handle = cpu_to_le16(conn->handle);
304 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
308 return hci_abort_conn(conn, reason);
311 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
313 struct hci_dev *hdev = conn->hdev;
314 struct hci_cp_add_sco cp;
316 BT_DBG("hcon %p", conn);
318 conn->state = BT_CONNECT;
323 cp.handle = cpu_to_le16(handle);
324 cp.pkt_type = cpu_to_le16(conn->pkt_type);
326 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
329 static bool find_next_esco_param(struct hci_conn *conn,
330 const struct sco_param *esco_param, int size)
332 for (; conn->attempt <= size; conn->attempt++) {
333 if (lmp_esco_2m_capable(conn->link) ||
334 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3))
336 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported",
337 conn, conn->attempt);
340 return conn->attempt <= size;
343 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec)
346 __u8 vnd_len, *vnd_data = NULL;
347 struct hci_op_configure_data_path *cmd = NULL;
349 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len,
354 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL);
360 err = hdev->get_data_path_id(hdev, &cmd->data_path_id);
364 cmd->vnd_len = vnd_len;
365 memcpy(cmd->vnd_data, vnd_data, vnd_len);
367 cmd->direction = 0x00;
368 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
369 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT);
371 cmd->direction = 0x01;
372 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH,
373 sizeof(*cmd) + vnd_len, cmd,
382 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data)
384 struct conn_handle_t *conn_handle = data;
385 struct hci_conn *conn = conn_handle->conn;
386 __u16 handle = conn_handle->handle;
387 struct hci_cp_enhanced_setup_sync_conn cp;
388 const struct sco_param *param;
392 bt_dev_dbg(hdev, "hcon %p", conn);
394 /* for offload use case, codec needs to configured before opening SCO */
395 if (conn->codec.data_path)
396 configure_datapath_sync(hdev, &conn->codec);
398 conn->state = BT_CONNECT;
403 memset(&cp, 0x00, sizeof(cp));
405 cp.handle = cpu_to_le16(handle);
407 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
408 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
410 switch (conn->codec.id) {
412 if (!find_next_esco_param(conn, esco_param_msbc,
413 ARRAY_SIZE(esco_param_msbc)))
416 param = &esco_param_msbc[conn->attempt - 1];
417 cp.tx_coding_format.id = 0x05;
418 cp.rx_coding_format.id = 0x05;
419 cp.tx_codec_frame_size = __cpu_to_le16(60);
420 cp.rx_codec_frame_size = __cpu_to_le16(60);
421 cp.in_bandwidth = __cpu_to_le32(32000);
422 cp.out_bandwidth = __cpu_to_le32(32000);
423 cp.in_coding_format.id = 0x04;
424 cp.out_coding_format.id = 0x04;
425 cp.in_coded_data_size = __cpu_to_le16(16);
426 cp.out_coded_data_size = __cpu_to_le16(16);
427 cp.in_pcm_data_format = 2;
428 cp.out_pcm_data_format = 2;
429 cp.in_pcm_sample_payload_msb_pos = 0;
430 cp.out_pcm_sample_payload_msb_pos = 0;
431 cp.in_data_path = conn->codec.data_path;
432 cp.out_data_path = conn->codec.data_path;
433 cp.in_transport_unit_size = 1;
434 cp.out_transport_unit_size = 1;
437 case BT_CODEC_TRANSPARENT:
438 if (!find_next_esco_param(conn, esco_param_msbc,
439 ARRAY_SIZE(esco_param_msbc)))
441 param = &esco_param_msbc[conn->attempt - 1];
442 cp.tx_coding_format.id = 0x03;
443 cp.rx_coding_format.id = 0x03;
444 cp.tx_codec_frame_size = __cpu_to_le16(60);
445 cp.rx_codec_frame_size = __cpu_to_le16(60);
446 cp.in_bandwidth = __cpu_to_le32(0x1f40);
447 cp.out_bandwidth = __cpu_to_le32(0x1f40);
448 cp.in_coding_format.id = 0x03;
449 cp.out_coding_format.id = 0x03;
450 cp.in_coded_data_size = __cpu_to_le16(16);
451 cp.out_coded_data_size = __cpu_to_le16(16);
452 cp.in_pcm_data_format = 2;
453 cp.out_pcm_data_format = 2;
454 cp.in_pcm_sample_payload_msb_pos = 0;
455 cp.out_pcm_sample_payload_msb_pos = 0;
456 cp.in_data_path = conn->codec.data_path;
457 cp.out_data_path = conn->codec.data_path;
458 cp.in_transport_unit_size = 1;
459 cp.out_transport_unit_size = 1;
463 if (lmp_esco_capable(conn->link)) {
464 if (!find_next_esco_param(conn, esco_param_cvsd,
465 ARRAY_SIZE(esco_param_cvsd)))
467 param = &esco_param_cvsd[conn->attempt - 1];
469 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
471 param = &sco_param_cvsd[conn->attempt - 1];
473 cp.tx_coding_format.id = 2;
474 cp.rx_coding_format.id = 2;
475 cp.tx_codec_frame_size = __cpu_to_le16(60);
476 cp.rx_codec_frame_size = __cpu_to_le16(60);
477 cp.in_bandwidth = __cpu_to_le32(16000);
478 cp.out_bandwidth = __cpu_to_le32(16000);
479 cp.in_coding_format.id = 4;
480 cp.out_coding_format.id = 4;
481 cp.in_coded_data_size = __cpu_to_le16(16);
482 cp.out_coded_data_size = __cpu_to_le16(16);
483 cp.in_pcm_data_format = 2;
484 cp.out_pcm_data_format = 2;
485 cp.in_pcm_sample_payload_msb_pos = 0;
486 cp.out_pcm_sample_payload_msb_pos = 0;
487 cp.in_data_path = conn->codec.data_path;
488 cp.out_data_path = conn->codec.data_path;
489 cp.in_transport_unit_size = 16;
490 cp.out_transport_unit_size = 16;
496 cp.retrans_effort = param->retrans_effort;
497 cp.pkt_type = __cpu_to_le16(param->pkt_type);
498 cp.max_latency = __cpu_to_le16(param->max_latency);
500 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
506 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle)
508 struct hci_dev *hdev = conn->hdev;
509 struct hci_cp_setup_sync_conn cp;
510 const struct sco_param *param;
512 bt_dev_dbg(hdev, "hcon %p", conn);
514 conn->state = BT_CONNECT;
519 cp.handle = cpu_to_le16(handle);
521 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
522 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
523 cp.voice_setting = cpu_to_le16(conn->setting);
525 switch (conn->setting & SCO_AIRMODE_MASK) {
526 case SCO_AIRMODE_TRANSP:
527 if (!find_next_esco_param(conn, esco_param_msbc,
528 ARRAY_SIZE(esco_param_msbc)))
530 param = &esco_param_msbc[conn->attempt - 1];
532 case SCO_AIRMODE_CVSD:
533 if (lmp_esco_capable(conn->link)) {
534 if (!find_next_esco_param(conn, esco_param_cvsd,
535 ARRAY_SIZE(esco_param_cvsd)))
537 param = &esco_param_cvsd[conn->attempt - 1];
539 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
541 param = &sco_param_cvsd[conn->attempt - 1];
548 cp.retrans_effort = param->retrans_effort;
549 cp.pkt_type = __cpu_to_le16(param->pkt_type);
550 cp.max_latency = __cpu_to_le16(param->max_latency);
552 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
558 bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
561 struct conn_handle_t *conn_handle;
563 if (enhanced_sync_conn_capable(conn->hdev)) {
564 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL);
569 conn_handle->conn = conn;
570 conn_handle->handle = handle;
571 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync,
579 return hci_setup_sync_conn(conn, handle);
582 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
585 struct hci_dev *hdev = conn->hdev;
586 struct hci_conn_params *params;
587 struct hci_cp_le_conn_update cp;
591 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
593 params->conn_min_interval = min;
594 params->conn_max_interval = max;
595 params->conn_latency = latency;
596 params->supervision_timeout = to_multiplier;
599 hci_dev_unlock(hdev);
601 memset(&cp, 0, sizeof(cp));
602 cp.handle = cpu_to_le16(conn->handle);
603 cp.conn_interval_min = cpu_to_le16(min);
604 cp.conn_interval_max = cpu_to_le16(max);
605 cp.conn_latency = cpu_to_le16(latency);
606 cp.supervision_timeout = cpu_to_le16(to_multiplier);
607 cp.min_ce_len = cpu_to_le16(0x0000);
608 cp.max_ce_len = cpu_to_le16(0x0000);
610 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
618 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
619 __u8 ltk[16], __u8 key_size)
621 struct hci_dev *hdev = conn->hdev;
622 struct hci_cp_le_start_enc cp;
624 BT_DBG("hcon %p", conn);
626 memset(&cp, 0, sizeof(cp));
628 cp.handle = cpu_to_le16(conn->handle);
631 memcpy(cp.ltk, ltk, key_size);
633 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
636 /* Device _must_ be locked */
637 void hci_sco_setup(struct hci_conn *conn, __u8 status)
639 struct hci_conn *sco = conn->link;
644 BT_DBG("hcon %p", conn);
647 if (lmp_esco_capable(conn->hdev))
648 hci_setup_sync(sco, conn->handle);
650 hci_add_sco(sco, conn->handle);
652 hci_connect_cfm(sco, status);
657 static void hci_conn_timeout(struct work_struct *work)
659 struct hci_conn *conn = container_of(work, struct hci_conn,
661 int refcnt = atomic_read(&conn->refcnt);
663 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
667 /* FIXME: It was observed that in pairing failed scenario, refcnt
668 * drops below 0. Probably this is because l2cap_conn_del calls
669 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is
670 * dropped. After that loop hci_chan_del is called which also drops
671 * conn. For now make sure that ACL is alive if refcnt is higher then 0,
677 /* LE connections in scanning state need special handling */
678 if (conn->state == BT_CONNECT && conn->type == LE_LINK &&
679 test_bit(HCI_CONN_SCANNING, &conn->flags)) {
680 hci_connect_le_scan_remove(conn);
684 hci_abort_conn(conn, hci_proto_disconn_ind(conn));
687 /* Enter sniff mode */
688 static void hci_conn_idle(struct work_struct *work)
690 struct hci_conn *conn = container_of(work, struct hci_conn,
692 struct hci_dev *hdev = conn->hdev;
694 BT_DBG("hcon %p mode %d", conn, conn->mode);
696 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
699 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
702 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
703 struct hci_cp_sniff_subrate cp;
704 cp.handle = cpu_to_le16(conn->handle);
705 cp.max_latency = cpu_to_le16(0);
706 cp.min_remote_timeout = cpu_to_le16(0);
707 cp.min_local_timeout = cpu_to_le16(0);
708 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
711 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
712 struct hci_cp_sniff_mode cp;
713 cp.handle = cpu_to_le16(conn->handle);
714 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
715 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
716 cp.attempt = cpu_to_le16(4);
717 cp.timeout = cpu_to_le16(1);
718 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
722 static void hci_conn_auto_accept(struct work_struct *work)
724 struct hci_conn *conn = container_of(work, struct hci_conn,
725 auto_accept_work.work);
727 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
731 static void le_disable_advertising(struct hci_dev *hdev)
733 if (ext_adv_capable(hdev)) {
734 struct hci_cp_le_set_ext_adv_enable cp;
737 cp.num_of_sets = 0x00;
739 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp),
743 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
748 static void le_conn_timeout(struct work_struct *work)
750 struct hci_conn *conn = container_of(work, struct hci_conn,
751 le_conn_timeout.work);
752 struct hci_dev *hdev = conn->hdev;
756 /* We could end up here due to having done directed advertising,
757 * so clean up the state if necessary. This should however only
758 * happen with broken hardware or if low duty cycle was used
759 * (which doesn't have a timeout of its own).
761 if (conn->role == HCI_ROLE_SLAVE) {
762 /* Disable LE Advertising */
763 le_disable_advertising(hdev);
765 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT);
766 hci_dev_unlock(hdev);
770 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
773 struct iso_cig_params {
774 struct hci_cp_le_set_cig_params cp;
775 struct hci_cis_params cis[0x1f];
778 struct iso_list_data {
789 struct iso_cig_params pdu;
792 static void bis_list(struct hci_conn *conn, void *data)
794 struct iso_list_data *d = data;
796 /* Skip if not broadcast/ANY address */
797 if (bacmp(&conn->dst, BDADDR_ANY))
800 if (d->big != conn->iso_qos.big || d->bis == BT_ISO_QOS_BIS_UNSET ||
801 d->bis != conn->iso_qos.bis)
807 static void find_bis(struct hci_conn *conn, void *data)
809 struct iso_list_data *d = data;
812 if (bacmp(&conn->dst, BDADDR_ANY))
818 static int terminate_big_sync(struct hci_dev *hdev, void *data)
820 struct iso_list_data *d = data;
822 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis);
824 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
826 /* Check if ISO connection is a BIS and terminate BIG if there are
827 * no other connections using it.
829 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
833 return hci_le_terminate_big_sync(hdev, d->big,
834 HCI_ERROR_LOCAL_HOST_TERM);
837 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err)
842 static int hci_le_terminate_big(struct hci_dev *hdev, u8 big, u8 bis)
844 struct iso_list_data *d;
847 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis);
849 d = kmalloc(sizeof(*d), GFP_KERNEL);
853 memset(d, 0, sizeof(*d));
857 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
858 terminate_big_destroy);
865 static int big_terminate_sync(struct hci_dev *hdev, void *data)
867 struct iso_list_data *d = data;
869 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
872 /* Check if ISO connection is a BIS and terminate BIG if there are
873 * no other connections using it.
875 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
879 hci_le_big_terminate_sync(hdev, d->big);
881 return hci_le_pa_terminate_sync(hdev, d->sync_handle);
884 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, u16 sync_handle)
886 struct iso_list_data *d;
889 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle);
891 d = kmalloc(sizeof(*d), GFP_KERNEL);
895 memset(d, 0, sizeof(*d));
897 d->sync_handle = sync_handle;
899 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
900 terminate_big_destroy);
907 /* Cleanup BIS connection
909 * Detects if there any BIS left connected in a BIG
910 * broadcaster: Remove advertising instance and terminate BIG.
911 * broadcaster receiver: Teminate BIG sync and terminate PA sync.
913 static void bis_cleanup(struct hci_conn *conn)
915 struct hci_dev *hdev = conn->hdev;
917 bt_dev_dbg(hdev, "conn %p", conn);
919 if (conn->role == HCI_ROLE_MASTER) {
920 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
923 hci_le_terminate_big(hdev, conn->iso_qos.big,
926 hci_le_big_terminate(hdev, conn->iso_qos.big,
931 static int remove_cig_sync(struct hci_dev *hdev, void *data)
933 u8 handle = PTR_ERR(data);
935 return hci_le_remove_cig_sync(hdev, handle);
938 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle)
940 bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
942 return hci_cmd_sync_queue(hdev, remove_cig_sync, ERR_PTR(handle), NULL);
945 static void find_cis(struct hci_conn *conn, void *data)
947 struct iso_list_data *d = data;
949 /* Ignore broadcast */
950 if (!bacmp(&conn->dst, BDADDR_ANY))
956 /* Cleanup CIS connection:
958 * Detects if there any CIS left connected in a CIG and remove it.
960 static void cis_cleanup(struct hci_conn *conn)
962 struct hci_dev *hdev = conn->hdev;
963 struct iso_list_data d;
965 memset(&d, 0, sizeof(d));
966 d.cig = conn->iso_qos.cig;
968 /* Check if ISO connection is a CIS and remove CIG if there are
969 * no other connections using it.
971 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_BOUND, &d);
972 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECT, &d);
973 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d);
977 hci_le_remove_cig(hdev, conn->iso_qos.cig);
980 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
983 struct hci_conn *conn;
985 BT_DBG("%s dst %pMR", hdev->name, dst);
987 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
991 bacpy(&conn->dst, dst);
992 bacpy(&conn->src, &hdev->bdaddr);
993 conn->handle = HCI_CONN_HANDLE_UNSET;
997 conn->mode = HCI_CM_ACTIVE;
998 conn->state = BT_OPEN;
999 conn->auth_type = HCI_AT_GENERAL_BONDING;
1000 conn->io_capability = hdev->io_capability;
1001 conn->remote_auth = 0xff;
1002 conn->key_type = 0xff;
1003 conn->rssi = HCI_RSSI_INVALID;
1004 conn->tx_power = HCI_TX_POWER_INVALID;
1005 conn->max_tx_power = HCI_TX_POWER_INVALID;
1007 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
1008 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1010 /* Set Default Authenticated payload timeout to 30s */
1011 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
1013 if (conn->role == HCI_ROLE_MASTER)
1018 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
1021 /* conn->src should reflect the local identity address */
1022 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1025 /* conn->src should reflect the local identity address */
1026 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
1028 /* set proper cleanup function */
1029 if (!bacmp(dst, BDADDR_ANY))
1030 conn->cleanup = bis_cleanup;
1031 else if (conn->role == HCI_ROLE_MASTER)
1032 conn->cleanup = cis_cleanup;
1036 if (lmp_esco_capable(hdev))
1037 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
1038 (hdev->esco_type & EDR_ESCO_MASK);
1040 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
1043 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
1047 skb_queue_head_init(&conn->data_q);
1049 INIT_LIST_HEAD(&conn->chan_list);
1051 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
1052 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
1053 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1054 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1055 INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup);
1057 atomic_set(&conn->refcnt, 0);
1061 hci_conn_hash_add(hdev, conn);
1063 /* The SCO and eSCO connections will only be notified when their
1064 * setup has been completed. This is different to ACL links which
1065 * can be notified right away.
1067 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) {
1069 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
1072 hci_conn_init_sysfs(conn);
1077 static bool hci_conn_unlink(struct hci_conn *conn)
1082 conn->link->link = NULL;
1088 int hci_conn_del(struct hci_conn *conn)
1090 struct hci_dev *hdev = conn->hdev;
1092 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
1094 cancel_delayed_work_sync(&conn->disc_work);
1095 cancel_delayed_work_sync(&conn->auto_accept_work);
1096 cancel_delayed_work_sync(&conn->idle_work);
1098 if (conn->type == ACL_LINK) {
1099 struct hci_conn *link = conn->link;
1102 hci_conn_unlink(conn);
1103 /* Due to race, SCO connection might be not established
1104 * yet at this point. Delete it now, otherwise it is
1105 * possible for it to be stuck and can't be deleted.
1107 if (link->handle == HCI_CONN_HANDLE_UNSET)
1111 /* Unacked frames */
1112 hdev->acl_cnt += conn->sent;
1113 } else if (conn->type == LE_LINK) {
1114 cancel_delayed_work(&conn->le_conn_timeout);
1117 hdev->le_cnt += conn->sent;
1119 hdev->acl_cnt += conn->sent;
1121 struct hci_conn *acl = conn->link;
1124 hci_conn_unlink(conn);
1128 /* Unacked ISO frames */
1129 if (conn->type == ISO_LINK) {
1131 hdev->iso_cnt += conn->sent;
1132 else if (hdev->le_pkts)
1133 hdev->le_cnt += conn->sent;
1135 hdev->acl_cnt += conn->sent;
1140 amp_mgr_put(conn->amp_mgr);
1142 skb_queue_purge(&conn->data_q);
1144 /* Remove the connection from the list and cleanup its remaining
1145 * state. This is a separate function since for some cases like
1146 * BT_CONNECT_SCAN we *only* want the cleanup part without the
1147 * rest of hci_conn_del.
1149 hci_conn_cleanup(conn);
1154 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type)
1156 int use_src = bacmp(src, BDADDR_ANY);
1157 struct hci_dev *hdev = NULL, *d;
1159 BT_DBG("%pMR -> %pMR", src, dst);
1161 read_lock(&hci_dev_list_lock);
1163 list_for_each_entry(d, &hci_dev_list, list) {
1164 if (!test_bit(HCI_UP, &d->flags) ||
1165 hci_dev_test_flag(d, HCI_USER_CHANNEL) ||
1166 d->dev_type != HCI_PRIMARY)
1170 * No source address - find interface with bdaddr != dst
1171 * Source address - find interface with bdaddr == src
1178 if (src_type == BDADDR_BREDR) {
1179 if (!lmp_bredr_capable(d))
1181 bacpy(&id_addr, &d->bdaddr);
1182 id_addr_type = BDADDR_BREDR;
1184 if (!lmp_le_capable(d))
1187 hci_copy_identity_address(d, &id_addr,
1190 /* Convert from HCI to three-value type */
1191 if (id_addr_type == ADDR_LE_DEV_PUBLIC)
1192 id_addr_type = BDADDR_LE_PUBLIC;
1194 id_addr_type = BDADDR_LE_RANDOM;
1197 if (!bacmp(&id_addr, src) && id_addr_type == src_type) {
1201 if (bacmp(&d->bdaddr, dst)) {
1208 hdev = hci_dev_hold(hdev);
1210 read_unlock(&hci_dev_list_lock);
1213 EXPORT_SYMBOL(hci_get_route);
1215 /* This function requires the caller holds hdev->lock */
1216 static void hci_le_conn_failed(struct hci_conn *conn, u8 status)
1218 struct hci_dev *hdev = conn->hdev;
1220 hci_connect_le_scan_cleanup(conn, status);
1222 /* Enable advertising in case this was a failed connection
1223 * attempt as a peripheral.
1225 hci_enable_advertising(hdev);
1228 /* This function requires the caller holds hdev->lock */
1229 void hci_conn_failed(struct hci_conn *conn, u8 status)
1231 struct hci_dev *hdev = conn->hdev;
1233 bt_dev_dbg(hdev, "status 0x%2.2x", status);
1235 switch (conn->type) {
1237 hci_le_conn_failed(conn, status);
1240 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1241 conn->dst_type, status);
1245 conn->state = BT_CLOSED;
1246 hci_connect_cfm(conn, status);
1250 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1252 struct hci_conn *conn = data;
1254 bt_dev_dbg(hdev, "err %d", err);
1259 hci_connect_le_scan_cleanup(conn, 0x00);
1263 /* Check if connection is still pending */
1264 if (conn != hci_lookup_le_connect(hdev))
1267 hci_conn_failed(conn, bt_status(err));
1270 hci_dev_unlock(hdev);
1273 static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
1275 struct hci_conn *conn = data;
1277 bt_dev_dbg(hdev, "conn %p", conn);
1279 return hci_le_create_conn_sync(hdev, conn);
1282 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
1283 u8 dst_type, bool dst_resolved, u8 sec_level,
1284 u16 conn_timeout, u8 role)
1286 struct hci_conn *conn;
1287 struct smp_irk *irk;
1290 /* Let's make sure that le is enabled.*/
1291 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1292 if (lmp_le_capable(hdev))
1293 return ERR_PTR(-ECONNREFUSED);
1295 return ERR_PTR(-EOPNOTSUPP);
1298 /* Since the controller supports only one LE connection attempt at a
1299 * time, we return -EBUSY if there is any connection attempt running.
1301 if (hci_lookup_le_connect(hdev))
1302 return ERR_PTR(-EBUSY);
1304 /* If there's already a connection object but it's not in
1305 * scanning state it means it must already be established, in
1306 * which case we can't do anything else except report a failure
1309 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1310 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) {
1311 return ERR_PTR(-EBUSY);
1314 /* Check if the destination address has been resolved by the controller
1315 * since if it did then the identity address shall be used.
1317 if (!dst_resolved) {
1318 /* When given an identity address with existing identity
1319 * resolving key, the connection needs to be established
1320 * to a resolvable random address.
1322 * Storing the resolvable random address is required here
1323 * to handle connection failures. The address will later
1324 * be resolved back into the original identity address
1325 * from the connect request.
1327 irk = hci_find_irk_by_addr(hdev, dst, dst_type);
1328 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) {
1330 dst_type = ADDR_LE_DEV_RANDOM;
1335 bacpy(&conn->dst, dst);
1337 conn = hci_conn_add(hdev, LE_LINK, dst, role);
1339 return ERR_PTR(-ENOMEM);
1340 hci_conn_hold(conn);
1341 conn->pending_sec_level = sec_level;
1344 conn->dst_type = dst_type;
1345 conn->sec_level = BT_SECURITY_LOW;
1346 conn->conn_timeout = conn_timeout;
1348 conn->state = BT_CONNECT;
1349 clear_bit(HCI_CONN_SCANNING, &conn->flags);
1351 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, conn,
1352 create_le_conn_complete);
1355 return ERR_PTR(err);
1361 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
1363 struct hci_conn *conn;
1365 conn = hci_conn_hash_lookup_le(hdev, addr, type);
1369 if (conn->state != BT_CONNECTED)
1375 /* This function requires the caller holds hdev->lock */
1376 static int hci_explicit_conn_params_set(struct hci_dev *hdev,
1377 bdaddr_t *addr, u8 addr_type)
1379 struct hci_conn_params *params;
1381 if (is_connected(hdev, addr, addr_type))
1384 params = hci_conn_params_lookup(hdev, addr, addr_type);
1386 params = hci_conn_params_add(hdev, addr, addr_type);
1390 /* If we created new params, mark them to be deleted in
1391 * hci_connect_le_scan_cleanup. It's different case than
1392 * existing disabled params, those will stay after cleanup.
1394 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
1397 /* We're trying to connect, so make sure params are at pend_le_conns */
1398 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
1399 params->auto_connect == HCI_AUTO_CONN_REPORT ||
1400 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
1401 list_del_init(¶ms->action);
1402 list_add(¶ms->action, &hdev->pend_le_conns);
1405 params->explicit_connect = true;
1407 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
1408 params->auto_connect);
1413 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1415 struct iso_list_data data;
1417 /* Allocate a BIG if not set */
1418 if (qos->big == BT_ISO_QOS_BIG_UNSET) {
1419 for (data.big = 0x00; data.big < 0xef; data.big++) {
1423 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1429 if (data.big == 0xef)
1430 return -EADDRNOTAVAIL;
1433 qos->big = data.big;
1439 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1441 struct iso_list_data data;
1443 /* Allocate BIS if not set */
1444 if (qos->bis == BT_ISO_QOS_BIS_UNSET) {
1445 /* Find an unused adv set to advertise BIS, skip instance 0x00
1446 * since it is reserved as general purpose set.
1448 for (data.bis = 0x01; data.bis < hdev->le_num_of_adv_sets;
1452 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1458 if (data.bis == hdev->le_num_of_adv_sets)
1459 return -EADDRNOTAVAIL;
1462 qos->bis = data.bis;
1468 /* This function requires the caller holds hdev->lock */
1469 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
1470 struct bt_iso_qos *qos)
1472 struct hci_conn *conn;
1473 struct iso_list_data data;
1476 /* Let's make sure that le is enabled.*/
1477 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1478 if (lmp_le_capable(hdev))
1479 return ERR_PTR(-ECONNREFUSED);
1480 return ERR_PTR(-EOPNOTSUPP);
1483 err = qos_set_big(hdev, qos);
1485 return ERR_PTR(err);
1487 err = qos_set_bis(hdev, qos);
1489 return ERR_PTR(err);
1491 data.big = qos->big;
1492 data.bis = qos->bis;
1495 /* Check if there is already a matching BIG/BIS */
1496 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, BT_BOUND, &data);
1498 return ERR_PTR(-EADDRINUSE);
1500 conn = hci_conn_hash_lookup_bis(hdev, dst, qos->big, qos->bis);
1502 return ERR_PTR(-EADDRINUSE);
1504 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1506 return ERR_PTR(-ENOMEM);
1508 set_bit(HCI_CONN_PER_ADV, &conn->flags);
1509 conn->state = BT_CONNECT;
1511 hci_conn_hold(conn);
1515 /* This function requires the caller holds hdev->lock */
1516 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
1517 u8 dst_type, u8 sec_level,
1519 enum conn_reasons conn_reason)
1521 struct hci_conn *conn;
1523 /* Let's make sure that le is enabled.*/
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1525 if (lmp_le_capable(hdev))
1526 return ERR_PTR(-ECONNREFUSED);
1528 return ERR_PTR(-EOPNOTSUPP);
1531 /* Some devices send ATT messages as soon as the physical link is
1532 * established. To be able to handle these ATT messages, the user-
1533 * space first establishes the connection and then starts the pairing
1536 * So if a hci_conn object already exists for the following connection
1537 * attempt, we simply update pending_sec_level and auth_type fields
1538 * and return the object found.
1540 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type);
1542 if (conn->pending_sec_level < sec_level)
1543 conn->pending_sec_level = sec_level;
1547 BT_DBG("requesting refresh of dst_addr");
1549 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER);
1551 return ERR_PTR(-ENOMEM);
1553 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) {
1555 return ERR_PTR(-EBUSY);
1558 conn->state = BT_CONNECT;
1559 set_bit(HCI_CONN_SCANNING, &conn->flags);
1560 conn->dst_type = dst_type;
1561 conn->sec_level = BT_SECURITY_LOW;
1562 conn->pending_sec_level = sec_level;
1563 conn->conn_timeout = conn_timeout;
1564 conn->conn_reason = conn_reason;
1566 hci_update_passive_scan(hdev);
1569 hci_conn_hold(conn);
1573 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
1574 u8 sec_level, u8 auth_type,
1575 enum conn_reasons conn_reason)
1577 struct hci_conn *acl;
1579 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1580 if (lmp_bredr_capable(hdev))
1581 return ERR_PTR(-ECONNREFUSED);
1583 return ERR_PTR(-EOPNOTSUPP);
1586 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
1588 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
1590 return ERR_PTR(-ENOMEM);
1595 acl->conn_reason = conn_reason;
1596 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
1597 acl->sec_level = BT_SECURITY_LOW;
1598 acl->pending_sec_level = sec_level;
1599 acl->auth_type = auth_type;
1600 hci_acl_create_connection(acl);
1606 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
1607 __u16 setting, struct bt_codec *codec)
1609 struct hci_conn *acl;
1610 struct hci_conn *sco;
1612 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING,
1613 CONN_REASON_SCO_CONNECT);
1617 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
1619 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
1622 return ERR_PTR(-ENOMEM);
1631 sco->setting = setting;
1632 sco->codec = *codec;
1634 if (acl->state == BT_CONNECTED &&
1635 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
1636 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
1637 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
1639 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
1640 /* defer SCO setup until mode change completed */
1641 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
1645 hci_sco_setup(acl, 0x00);
1651 static void cis_add(struct iso_list_data *d, struct bt_iso_qos *qos)
1653 struct hci_cis_params *cis = &d->pdu.cis[d->pdu.cp.num_cis];
1655 cis->cis_id = qos->cis;
1656 cis->c_sdu = cpu_to_le16(qos->out.sdu);
1657 cis->p_sdu = cpu_to_le16(qos->in.sdu);
1658 cis->c_phy = qos->out.phy ? qos->out.phy : qos->in.phy;
1659 cis->p_phy = qos->in.phy ? qos->in.phy : qos->out.phy;
1660 cis->c_rtn = qos->out.rtn;
1661 cis->p_rtn = qos->in.rtn;
1663 d->pdu.cp.num_cis++;
1666 static void cis_list(struct hci_conn *conn, void *data)
1668 struct iso_list_data *d = data;
1670 /* Skip if broadcast/ANY address */
1671 if (!bacmp(&conn->dst, BDADDR_ANY))
1674 if (d->cig != conn->iso_qos.cig || d->cis == BT_ISO_QOS_CIS_UNSET ||
1675 d->cis != conn->iso_qos.cis)
1680 if (d->pdu.cp.cig_id == BT_ISO_QOS_CIG_UNSET ||
1681 d->count >= ARRAY_SIZE(d->pdu.cis))
1684 cis_add(d, &conn->iso_qos);
1687 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1689 struct hci_dev *hdev = conn->hdev;
1690 struct hci_cp_le_create_big cp;
1692 memset(&cp, 0, sizeof(cp));
1694 cp.handle = qos->big;
1695 cp.adv_handle = qos->bis;
1697 hci_cpu_to_le24(qos->out.interval, cp.bis.sdu_interval);
1698 cp.bis.sdu = cpu_to_le16(qos->out.sdu);
1699 cp.bis.latency = cpu_to_le16(qos->out.latency);
1700 cp.bis.rtn = qos->out.rtn;
1701 cp.bis.phy = qos->out.phy;
1702 cp.bis.packing = qos->packing;
1703 cp.bis.framing = qos->framing;
1704 cp.bis.encryption = 0x00;
1705 memset(&cp.bis.bcode, 0, sizeof(cp.bis.bcode));
1707 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1710 static void set_cig_params_complete(struct hci_dev *hdev, void *data, int err)
1712 struct iso_cig_params *pdu = data;
1714 bt_dev_dbg(hdev, "");
1717 bt_dev_err(hdev, "Unable to set CIG parameters: %d", err);
1722 static int set_cig_params_sync(struct hci_dev *hdev, void *data)
1724 struct iso_cig_params *pdu = data;
1727 plen = sizeof(pdu->cp) + pdu->cp.num_cis * sizeof(pdu->cis[0]);
1728 return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, plen, pdu,
1732 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos)
1734 struct hci_dev *hdev = conn->hdev;
1735 struct iso_list_data data;
1736 struct iso_cig_params *pdu;
1738 memset(&data, 0, sizeof(data));
1740 /* Allocate a CIG if not set */
1741 if (qos->cig == BT_ISO_QOS_CIG_UNSET) {
1742 for (data.cig = 0x00; data.cig < 0xff; data.cig++) {
1746 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK,
1751 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK,
1752 BT_CONNECTED, &data);
1757 if (data.cig == 0xff)
1761 qos->cig = data.cig;
1764 data.pdu.cp.cig_id = qos->cig;
1765 hci_cpu_to_le24(qos->out.interval, data.pdu.cp.c_interval);
1766 hci_cpu_to_le24(qos->in.interval, data.pdu.cp.p_interval);
1767 data.pdu.cp.sca = qos->sca;
1768 data.pdu.cp.packing = qos->packing;
1769 data.pdu.cp.framing = qos->framing;
1770 data.pdu.cp.c_latency = cpu_to_le16(qos->out.latency);
1771 data.pdu.cp.p_latency = cpu_to_le16(qos->in.latency);
1773 if (qos->cis != BT_ISO_QOS_CIS_UNSET) {
1775 data.cig = qos->cig;
1776 data.cis = qos->cis;
1778 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1783 cis_add(&data, qos);
1786 /* Reprogram all CIS(s) with the same CIG */
1787 for (data.cig = qos->cig, data.cis = 0x00; data.cis < 0x11;
1791 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1796 /* Allocate a CIS if not set */
1797 if (qos->cis == BT_ISO_QOS_CIS_UNSET) {
1799 qos->cis = data.cis;
1800 cis_add(&data, qos);
1804 if (qos->cis == BT_ISO_QOS_CIS_UNSET || !data.pdu.cp.num_cis)
1807 pdu = kzalloc(sizeof(*pdu), GFP_KERNEL);
1811 memcpy(pdu, &data.pdu, sizeof(*pdu));
1813 if (hci_cmd_sync_queue(hdev, set_cig_params_sync, pdu,
1814 set_cig_params_complete) < 0) {
1822 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1823 __u8 dst_type, struct bt_iso_qos *qos)
1825 struct hci_conn *cis;
1827 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type);
1829 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1831 return ERR_PTR(-ENOMEM);
1832 cis->cleanup = cis_cleanup;
1833 cis->dst_type = dst_type;
1836 if (cis->state == BT_CONNECTED)
1839 /* Check if CIS has been set and the settings matches */
1840 if (cis->state == BT_BOUND &&
1841 !memcmp(&cis->iso_qos, qos, sizeof(*qos)))
1844 /* Update LINK PHYs according to QoS preference */
1845 cis->le_tx_phy = qos->out.phy;
1846 cis->le_rx_phy = qos->in.phy;
1848 /* If output interval is not set use the input interval as it cannot be
1851 if (!qos->out.interval)
1852 qos->out.interval = qos->in.interval;
1854 /* If input interval is not set use the output interval as it cannot be
1857 if (!qos->in.interval)
1858 qos->in.interval = qos->out.interval;
1860 /* If output latency is not set use the input latency as it cannot be
1863 if (!qos->out.latency)
1864 qos->out.latency = qos->in.latency;
1866 /* If input latency is not set use the output latency as it cannot be
1869 if (!qos->in.latency)
1870 qos->in.latency = qos->out.latency;
1872 if (!hci_le_set_cig_params(cis, qos)) {
1874 return ERR_PTR(-EINVAL);
1877 cis->iso_qos = *qos;
1878 cis->state = BT_BOUND;
1883 bool hci_iso_setup_path(struct hci_conn *conn)
1885 struct hci_dev *hdev = conn->hdev;
1886 struct hci_cp_le_setup_iso_path cmd;
1888 memset(&cmd, 0, sizeof(cmd));
1890 if (conn->iso_qos.out.sdu) {
1891 cmd.handle = cpu_to_le16(conn->handle);
1892 cmd.direction = 0x00; /* Input (Host to Controller) */
1893 cmd.path = 0x00; /* HCI path if enabled */
1894 cmd.codec = 0x03; /* Transparent Data */
1896 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1901 if (conn->iso_qos.in.sdu) {
1902 cmd.handle = cpu_to_le16(conn->handle);
1903 cmd.direction = 0x01; /* Output (Controller to Host) */
1904 cmd.path = 0x00; /* HCI path if enabled */
1905 cmd.codec = 0x03; /* Transparent Data */
1907 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd),
1915 static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1918 struct hci_cp_le_create_cis cp;
1919 struct hci_cis cis[0x1f];
1921 struct hci_conn *conn = data;
1924 memset(&cmd, 0, sizeof(cmd));
1925 cmd.cis[0].acl_handle = cpu_to_le16(conn->link->handle);
1926 cmd.cis[0].cis_handle = cpu_to_le16(conn->handle);
1928 cig = conn->iso_qos.cig;
1934 list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1935 struct hci_cis *cis = &cmd.cis[cmd.cp.num_cis];
1937 if (conn == data || conn->type != ISO_LINK ||
1938 conn->state == BT_CONNECTED || conn->iso_qos.cig != cig)
1941 /* Check if all CIS(s) belonging to a CIG are ready */
1942 if (!conn->link || conn->link->state != BT_CONNECTED ||
1943 conn->state != BT_CONNECT) {
1948 /* Group all CIS with state BT_CONNECT since the spec don't
1949 * allow to send them individually:
1951 * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
1954 * If the Host issues this command before all the
1955 * HCI_LE_CIS_Established events from the previous use of the
1956 * command have been generated, the Controller shall return the
1957 * error code Command Disallowed (0x0C).
1959 cis->acl_handle = cpu_to_le16(conn->link->handle);
1960 cis->cis_handle = cpu_to_le16(conn->handle);
1966 hci_dev_unlock(hdev);
1968 if (!cmd.cp.num_cis)
1971 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_CIS, sizeof(cmd.cp) +
1972 sizeof(cmd.cis[0]) * cmd.cp.num_cis, &cmd);
1975 int hci_le_create_cis(struct hci_conn *conn)
1977 struct hci_conn *cis;
1978 struct hci_dev *hdev = conn->hdev;
1981 switch (conn->type) {
1983 if (!conn->link || conn->state != BT_CONNECTED)
1994 if (cis->state == BT_CONNECT)
1997 /* Queue Create CIS */
1998 err = hci_cmd_sync_queue(hdev, hci_create_cis_sync, cis, NULL);
2002 cis->state = BT_CONNECT;
2007 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
2008 struct bt_iso_io_qos *qos, __u8 phy)
2010 /* Only set MTU if PHY is enabled */
2011 if (!qos->sdu && qos->phy) {
2012 if (hdev->iso_mtu > 0)
2013 qos->sdu = hdev->iso_mtu;
2014 else if (hdev->le_mtu > 0)
2015 qos->sdu = hdev->le_mtu;
2017 qos->sdu = hdev->acl_mtu;
2020 /* Use the same PHY as ACL if set to any */
2021 if (qos->phy == BT_ISO_PHY_ANY)
2024 /* Use LE ACL connection interval if not set */
2026 /* ACL interval unit in 1.25 ms to us */
2027 qos->interval = conn->le_conn_interval * 1250;
2029 /* Use LE ACL connection latency if not set */
2031 qos->latency = conn->le_conn_latency;
2034 static void hci_bind_bis(struct hci_conn *conn,
2035 struct bt_iso_qos *qos)
2037 /* Update LINK PHYs according to QoS preference */
2038 conn->le_tx_phy = qos->out.phy;
2039 conn->le_tx_phy = qos->out.phy;
2040 conn->iso_qos = *qos;
2041 conn->state = BT_BOUND;
2044 static int create_big_sync(struct hci_dev *hdev, void *data)
2046 struct hci_conn *conn = data;
2047 struct bt_iso_qos *qos = &conn->iso_qos;
2048 u16 interval, sync_interval = 0;
2052 if (qos->out.phy == 0x02)
2053 flags |= MGMT_ADV_FLAG_SEC_2M;
2055 /* Align intervals */
2056 interval = qos->out.interval / 1250;
2059 sync_interval = qos->sync_interval * 1600;
2061 err = hci_start_per_adv_sync(hdev, qos->bis, conn->le_per_adv_data_len,
2062 conn->le_per_adv_data, flags, interval,
2063 interval, sync_interval);
2067 return hci_le_create_big(conn, &conn->iso_qos);
2070 static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
2072 struct hci_cp_le_pa_create_sync *cp = data;
2074 bt_dev_dbg(hdev, "");
2077 bt_dev_err(hdev, "Unable to create PA: %d", err);
2082 static int create_pa_sync(struct hci_dev *hdev, void *data)
2084 struct hci_cp_le_pa_create_sync *cp = data;
2087 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
2088 sizeof(*cp), cp, HCI_CMD_TIMEOUT);
2090 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2094 return hci_update_passive_scan_sync(hdev);
2097 int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type,
2100 struct hci_cp_le_pa_create_sync *cp;
2102 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
2105 cp = kmalloc(sizeof(*cp), GFP_KERNEL);
2107 hci_dev_clear_flag(hdev, HCI_PA_SYNC);
2111 /* Convert from ISO socket address type to HCI address type */
2112 if (dst_type == BDADDR_LE_PUBLIC)
2113 dst_type = ADDR_LE_DEV_PUBLIC;
2115 dst_type = ADDR_LE_DEV_RANDOM;
2117 memset(cp, 0, sizeof(*cp));
2119 cp->addr_type = dst_type;
2120 bacpy(&cp->addr, dst);
2122 /* Queue start pa_create_sync and scan */
2123 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
2126 int hci_le_big_create_sync(struct hci_dev *hdev, struct bt_iso_qos *qos,
2127 __u16 sync_handle, __u8 num_bis, __u8 bis[])
2130 struct hci_cp_le_big_create_sync cp;
2135 if (num_bis > sizeof(pdu.bis))
2138 err = qos_set_big(hdev, qos);
2142 memset(&pdu, 0, sizeof(pdu));
2143 pdu.cp.handle = qos->big;
2144 pdu.cp.sync_handle = cpu_to_le16(sync_handle);
2145 pdu.cp.num_bis = num_bis;
2146 memcpy(pdu.bis, bis, num_bis);
2148 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
2149 sizeof(pdu.cp) + num_bis, &pdu);
2152 static void create_big_complete(struct hci_dev *hdev, void *data, int err)
2154 struct hci_conn *conn = data;
2156 bt_dev_dbg(hdev, "conn %p", conn);
2159 bt_dev_err(hdev, "Unable to create BIG: %d", err);
2160 hci_connect_cfm(conn, err);
2165 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2166 __u8 dst_type, struct bt_iso_qos *qos,
2167 __u8 base_len, __u8 *base)
2169 struct hci_conn *conn;
2172 /* We need hci_conn object using the BDADDR_ANY as dst */
2173 conn = hci_add_bis(hdev, dst, qos);
2177 hci_bind_bis(conn, qos);
2179 /* Add Basic Announcement into Peridic Adv Data if BASE is set */
2180 if (base_len && base) {
2181 base_len = eir_append_service_data(conn->le_per_adv_data, 0,
2182 0x1851, base, base_len);
2183 conn->le_per_adv_data_len = base_len;
2186 /* Queue start periodic advertising and create BIG */
2187 err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
2188 create_big_complete);
2190 hci_conn_drop(conn);
2191 return ERR_PTR(err);
2194 hci_iso_qos_setup(hdev, conn, &qos->out,
2195 conn->le_tx_phy ? conn->le_tx_phy :
2196 hdev->le_tx_def_phys);
2201 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
2202 __u8 dst_type, struct bt_iso_qos *qos)
2204 struct hci_conn *le;
2205 struct hci_conn *cis;
2207 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2208 le = hci_connect_le(hdev, dst, dst_type, false,
2210 HCI_LE_CONN_TIMEOUT,
2213 le = hci_connect_le_scan(hdev, dst, dst_type,
2215 HCI_LE_CONN_TIMEOUT,
2216 CONN_REASON_ISO_CONNECT);
2220 hci_iso_qos_setup(hdev, le, &qos->out,
2221 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys);
2222 hci_iso_qos_setup(hdev, le, &qos->in,
2223 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys);
2225 cis = hci_bind_cis(hdev, dst, dst_type, qos);
2236 /* If LE is already connected and CIS handle is already set proceed to
2237 * Create CIS immediately.
2239 if (le->state == BT_CONNECTED && cis->handle != HCI_CONN_HANDLE_UNSET)
2240 hci_le_create_cis(le);
2245 /* Check link security requirement */
2246 int hci_conn_check_link_mode(struct hci_conn *conn)
2248 BT_DBG("hcon %p", conn);
2250 /* In Secure Connections Only mode, it is required that Secure
2251 * Connections is used and the link is encrypted with AES-CCM
2252 * using a P-256 authenticated combination key.
2254 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) {
2255 if (!hci_conn_sc_enabled(conn) ||
2256 !test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2257 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)
2261 /* AES encryption is required for Level 4:
2263 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
2266 * 128-bit equivalent strength for link and encryption keys
2267 * required using FIPS approved algorithms (E0 not allowed,
2268 * SAFER+ not allowed, and P-192 not allowed; encryption key
2271 if (conn->sec_level == BT_SECURITY_FIPS &&
2272 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
2273 bt_dev_err(conn->hdev,
2274 "Invalid security: Missing AES-CCM usage");
2278 if (hci_conn_ssp_enabled(conn) &&
2279 !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2285 /* Authenticate remote device */
2286 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
2288 BT_DBG("hcon %p", conn);
2290 if (conn->pending_sec_level > sec_level)
2291 sec_level = conn->pending_sec_level;
2293 if (sec_level > conn->sec_level)
2294 conn->pending_sec_level = sec_level;
2295 else if (test_bit(HCI_CONN_AUTH, &conn->flags))
2298 /* Make sure we preserve an existing MITM requirement*/
2299 auth_type |= (conn->auth_type & 0x01);
2301 conn->auth_type = auth_type;
2303 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2304 struct hci_cp_auth_requested cp;
2306 cp.handle = cpu_to_le16(conn->handle);
2307 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
2310 /* If we're already encrypted set the REAUTH_PEND flag,
2311 * otherwise set the ENCRYPT_PEND.
2313 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2314 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2316 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2322 /* Encrypt the link */
2323 static void hci_conn_encrypt(struct hci_conn *conn)
2325 BT_DBG("hcon %p", conn);
2327 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2328 struct hci_cp_set_conn_encrypt cp;
2329 cp.handle = cpu_to_le16(conn->handle);
2331 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2336 /* Enable security */
2337 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
2340 BT_DBG("hcon %p", conn);
2342 if (conn->type == LE_LINK)
2343 return smp_conn_security(conn, sec_level);
2345 /* For sdp we don't need the link key. */
2346 if (sec_level == BT_SECURITY_SDP)
2349 /* For non 2.1 devices and low security level we don't need the link
2351 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
2354 /* For other security levels we need the link key. */
2355 if (!test_bit(HCI_CONN_AUTH, &conn->flags))
2358 /* An authenticated FIPS approved combination key has sufficient
2359 * security for security level 4. */
2360 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 &&
2361 sec_level == BT_SECURITY_FIPS)
2364 /* An authenticated combination key has sufficient security for
2365 security level 3. */
2366 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 ||
2367 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) &&
2368 sec_level == BT_SECURITY_HIGH)
2371 /* An unauthenticated combination key has sufficient security for
2372 security level 1 and 2. */
2373 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2374 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2375 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
2378 /* A combination key has always sufficient security for the security
2379 levels 1 or 2. High security level requires the combination key
2380 is generated using maximum PIN code length (16).
2381 For pre 2.1 units. */
2382 if (conn->key_type == HCI_LK_COMBINATION &&
2383 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW ||
2384 conn->pin_length == 16))
2388 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
2392 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2394 if (!hci_conn_auth(conn, sec_level, auth_type))
2398 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2399 /* Ensure that the encryption key size has been read,
2400 * otherwise stall the upper layer responses.
2402 if (!conn->enc_key_size)
2405 /* Nothing else needed, all requirements are met */
2409 hci_conn_encrypt(conn);
2412 EXPORT_SYMBOL(hci_conn_security);
2414 /* Check secure link requirement */
2415 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
2417 BT_DBG("hcon %p", conn);
2419 /* Accept if non-secure or higher security level is required */
2420 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS)
2423 /* Accept if secure or higher security level is already present */
2424 if (conn->sec_level == BT_SECURITY_HIGH ||
2425 conn->sec_level == BT_SECURITY_FIPS)
2428 /* Reject not secure link */
2431 EXPORT_SYMBOL(hci_conn_check_secure);
2434 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
2436 BT_DBG("hcon %p", conn);
2438 if (role == conn->role)
2441 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
2442 struct hci_cp_switch_role cp;
2443 bacpy(&cp.bdaddr, &conn->dst);
2445 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
2450 EXPORT_SYMBOL(hci_conn_switch_role);
2452 /* Enter active mode */
2453 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
2455 struct hci_dev *hdev = conn->hdev;
2457 BT_DBG("hcon %p mode %d", conn, conn->mode);
2459 if (conn->mode != HCI_CM_SNIFF)
2462 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
2465 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2466 struct hci_cp_exit_sniff_mode cp;
2467 cp.handle = cpu_to_le16(conn->handle);
2468 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
2472 if (hdev->idle_timeout > 0)
2473 queue_delayed_work(hdev->workqueue, &conn->idle_work,
2474 msecs_to_jiffies(hdev->idle_timeout));
2477 /* Drop all connection on the device */
2478 void hci_conn_hash_flush(struct hci_dev *hdev)
2480 struct hci_conn_hash *h = &hdev->conn_hash;
2481 struct hci_conn *c, *n;
2483 BT_DBG("hdev %s", hdev->name);
2485 list_for_each_entry_safe(c, n, &h->list, list) {
2486 c->state = BT_CLOSED;
2488 hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
2490 /* Unlink before deleting otherwise it is possible that
2491 * hci_conn_del removes the link which may cause the list to
2492 * contain items already freed.
2499 /* Check pending connect attempts */
2500 void hci_conn_check_pending(struct hci_dev *hdev)
2502 struct hci_conn *conn;
2504 BT_DBG("hdev %s", hdev->name);
2508 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
2510 hci_acl_create_connection(conn);
2512 hci_dev_unlock(hdev);
2515 static u32 get_link_mode(struct hci_conn *conn)
2519 if (conn->role == HCI_ROLE_MASTER)
2520 link_mode |= HCI_LM_MASTER;
2522 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2523 link_mode |= HCI_LM_ENCRYPT;
2525 if (test_bit(HCI_CONN_AUTH, &conn->flags))
2526 link_mode |= HCI_LM_AUTH;
2528 if (test_bit(HCI_CONN_SECURE, &conn->flags))
2529 link_mode |= HCI_LM_SECURE;
2531 if (test_bit(HCI_CONN_FIPS, &conn->flags))
2532 link_mode |= HCI_LM_FIPS;
2537 int hci_get_conn_list(void __user *arg)
2540 struct hci_conn_list_req req, *cl;
2541 struct hci_conn_info *ci;
2542 struct hci_dev *hdev;
2543 int n = 0, size, err;
2545 if (copy_from_user(&req, arg, sizeof(req)))
2548 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
2551 size = sizeof(req) + req.conn_num * sizeof(*ci);
2553 cl = kmalloc(size, GFP_KERNEL);
2557 hdev = hci_dev_get(req.dev_id);
2566 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2567 bacpy(&(ci + n)->bdaddr, &c->dst);
2568 (ci + n)->handle = c->handle;
2569 (ci + n)->type = c->type;
2570 (ci + n)->out = c->out;
2571 (ci + n)->state = c->state;
2572 (ci + n)->link_mode = get_link_mode(c);
2573 if (++n >= req.conn_num)
2576 hci_dev_unlock(hdev);
2578 cl->dev_id = hdev->id;
2580 size = sizeof(req) + n * sizeof(*ci);
2584 err = copy_to_user(arg, cl, size);
2587 return err ? -EFAULT : 0;
2590 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
2592 struct hci_conn_info_req req;
2593 struct hci_conn_info ci;
2594 struct hci_conn *conn;
2595 char __user *ptr = arg + sizeof(req);
2597 if (copy_from_user(&req, arg, sizeof(req)))
2601 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
2603 bacpy(&ci.bdaddr, &conn->dst);
2604 ci.handle = conn->handle;
2605 ci.type = conn->type;
2607 ci.state = conn->state;
2608 ci.link_mode = get_link_mode(conn);
2610 hci_dev_unlock(hdev);
2615 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
2618 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
2620 struct hci_auth_info_req req;
2621 struct hci_conn *conn;
2623 if (copy_from_user(&req, arg, sizeof(req)))
2627 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
2629 req.type = conn->auth_type;
2630 hci_dev_unlock(hdev);
2635 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
2638 struct hci_chan *hci_chan_create(struct hci_conn *conn)
2640 struct hci_dev *hdev = conn->hdev;
2641 struct hci_chan *chan;
2643 BT_DBG("%s hcon %p", hdev->name, conn);
2645 if (test_bit(HCI_CONN_DROP, &conn->flags)) {
2646 BT_DBG("Refusing to create new hci_chan");
2650 chan = kzalloc(sizeof(*chan), GFP_KERNEL);
2654 chan->conn = hci_conn_get(conn);
2655 skb_queue_head_init(&chan->data_q);
2656 chan->state = BT_CONNECTED;
2658 list_add_rcu(&chan->list, &conn->chan_list);
2663 void hci_chan_del(struct hci_chan *chan)
2665 struct hci_conn *conn = chan->conn;
2666 struct hci_dev *hdev = conn->hdev;
2668 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
2670 list_del_rcu(&chan->list);
2674 /* Prevent new hci_chan's to be created for this hci_conn */
2675 set_bit(HCI_CONN_DROP, &conn->flags);
2679 skb_queue_purge(&chan->data_q);
2683 void hci_chan_list_flush(struct hci_conn *conn)
2685 struct hci_chan *chan, *n;
2687 BT_DBG("hcon %p", conn);
2689 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
2693 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
2696 struct hci_chan *hchan;
2698 list_for_each_entry(hchan, &hcon->chan_list, list) {
2699 if (hchan->handle == handle)
2706 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
2708 struct hci_conn_hash *h = &hdev->conn_hash;
2709 struct hci_conn *hcon;
2710 struct hci_chan *hchan = NULL;
2714 list_for_each_entry_rcu(hcon, &h->list, list) {
2715 hchan = __hci_chan_lookup_handle(hcon, handle);
2725 u32 hci_conn_get_phy(struct hci_conn *conn)
2729 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471:
2730 * Table 6.2: Packets defined for synchronous, asynchronous, and
2731 * CPB logical transport types.
2733 switch (conn->type) {
2735 /* SCO logical transport (1 Mb/s):
2736 * HV1, HV2, HV3 and DV.
2738 phys |= BT_PHY_BR_1M_1SLOT;
2743 /* ACL logical transport (1 Mb/s) ptt=0:
2744 * DH1, DM3, DH3, DM5 and DH5.
2746 phys |= BT_PHY_BR_1M_1SLOT;
2748 if (conn->pkt_type & (HCI_DM3 | HCI_DH3))
2749 phys |= BT_PHY_BR_1M_3SLOT;
2751 if (conn->pkt_type & (HCI_DM5 | HCI_DH5))
2752 phys |= BT_PHY_BR_1M_5SLOT;
2754 /* ACL logical transport (2 Mb/s) ptt=1:
2755 * 2-DH1, 2-DH3 and 2-DH5.
2757 if (!(conn->pkt_type & HCI_2DH1))
2758 phys |= BT_PHY_EDR_2M_1SLOT;
2760 if (!(conn->pkt_type & HCI_2DH3))
2761 phys |= BT_PHY_EDR_2M_3SLOT;
2763 if (!(conn->pkt_type & HCI_2DH5))
2764 phys |= BT_PHY_EDR_2M_5SLOT;
2766 /* ACL logical transport (3 Mb/s) ptt=1:
2767 * 3-DH1, 3-DH3 and 3-DH5.
2769 if (!(conn->pkt_type & HCI_3DH1))
2770 phys |= BT_PHY_EDR_3M_1SLOT;
2772 if (!(conn->pkt_type & HCI_3DH3))
2773 phys |= BT_PHY_EDR_3M_3SLOT;
2775 if (!(conn->pkt_type & HCI_3DH5))
2776 phys |= BT_PHY_EDR_3M_5SLOT;
2781 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */
2782 phys |= BT_PHY_BR_1M_1SLOT;
2784 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5)))
2785 phys |= BT_PHY_BR_1M_3SLOT;
2787 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */
2788 if (!(conn->pkt_type & ESCO_2EV3))
2789 phys |= BT_PHY_EDR_2M_1SLOT;
2791 if (!(conn->pkt_type & ESCO_2EV5))
2792 phys |= BT_PHY_EDR_2M_3SLOT;
2794 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */
2795 if (!(conn->pkt_type & ESCO_3EV3))
2796 phys |= BT_PHY_EDR_3M_1SLOT;
2798 if (!(conn->pkt_type & ESCO_3EV5))
2799 phys |= BT_PHY_EDR_3M_3SLOT;
2804 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M)
2805 phys |= BT_PHY_LE_1M_TX;
2807 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M)
2808 phys |= BT_PHY_LE_1M_RX;
2810 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M)
2811 phys |= BT_PHY_LE_2M_TX;
2813 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M)
2814 phys |= BT_PHY_LE_2M_RX;
2816 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED)
2817 phys |= BT_PHY_LE_CODED_TX;
2819 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED)
2820 phys |= BT_PHY_LE_CODED_RX;
2828 int hci_abort_conn(struct hci_conn *conn, u8 reason)
2832 if (test_and_set_bit(HCI_CONN_CANCEL, &conn->flags))
2835 switch (conn->state) {
2838 if (conn->type == AMP_LINK) {
2839 struct hci_cp_disconn_phy_link cp;
2841 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2843 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
2846 struct hci_cp_disconnect dc;
2848 dc.handle = cpu_to_le16(conn->handle);
2850 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT,
2854 conn->state = BT_DISCONN;
2858 if (conn->type == LE_LINK) {
2859 if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2861 r = hci_send_cmd(conn->hdev,
2862 HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
2863 } else if (conn->type == ACL_LINK) {
2864 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
2866 r = hci_send_cmd(conn->hdev,
2867 HCI_OP_CREATE_CONN_CANCEL,
2872 if (conn->type == ACL_LINK) {
2873 struct hci_cp_reject_conn_req rej;
2875 bacpy(&rej.bdaddr, &conn->dst);
2876 rej.reason = reason;
2878 r = hci_send_cmd(conn->hdev,
2879 HCI_OP_REJECT_CONN_REQ,
2881 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2882 struct hci_cp_reject_sync_conn_req rej;
2884 bacpy(&rej.bdaddr, &conn->dst);
2886 /* SCO rejection has its own limited set of
2887 * allowed error values (0x0D-0x0F) which isn't
2888 * compatible with most values passed to this
2889 * function. To be safe hard-code one of the
2890 * values that's suitable for SCO.
2892 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2894 r = hci_send_cmd(conn->hdev,
2895 HCI_OP_REJECT_SYNC_CONN_REQ,
2900 conn->state = BT_CLOSED;
projects / platform / kernel / linux-starfive.git / blob