2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 #define FEATURE_ENCRY_PENDING_B4_AUTH
50 void hci_acl_connect(struct hci_conn *conn)
52 struct hci_dev *hdev = conn->hdev;
53 struct inquiry_entry *ie;
54 struct hci_cp_create_conn cp;
58 conn->state = BT_CONNECT;
61 conn->link_mode = HCI_LM_MASTER;
65 conn->link_policy = hdev->link_policy;
67 memset(&cp, 0, sizeof(cp));
68 bacpy(&cp.bdaddr, &conn->dst);
69 cp.pscan_rep_mode = 0x02;
71 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
72 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
73 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
74 cp.pscan_mode = ie->data.pscan_mode;
75 cp.clock_offset = ie->data.clock_offset |
79 memcpy(conn->dev_class, ie->data.dev_class, 3);
80 conn->ssp_mode = ie->data.ssp_mode;
83 cp.pkt_type = cpu_to_le16(conn->pkt_type);
84 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
85 cp.role_switch = 0x01;
87 cp.role_switch = 0x00;
89 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
92 static void hci_acl_connect_cancel(struct hci_conn *conn)
94 struct hci_cp_create_conn_cancel cp;
98 if (conn->hdev->hci_ver < 2)
101 bacpy(&cp.bdaddr, &conn->dst);
102 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
105 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
107 struct hci_cp_disconnect cp;
111 conn->state = BT_DISCONN;
113 cp.handle = cpu_to_le16(conn->handle);
115 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
118 void hci_add_sco(struct hci_conn *conn, __u16 handle)
120 struct hci_dev *hdev = conn->hdev;
121 struct hci_cp_add_sco cp;
125 conn->state = BT_CONNECT;
130 cp.handle = cpu_to_le16(handle);
131 cp.pkt_type = cpu_to_le16(conn->pkt_type);
133 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
136 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
138 struct hci_dev *hdev = conn->hdev;
139 struct hci_cp_setup_sync_conn cp;
143 conn->state = BT_CONNECT;
148 cp.handle = cpu_to_le16(handle);
149 cp.pkt_type = cpu_to_le16(conn->pkt_type);
151 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
152 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
153 cp.max_latency = cpu_to_le16(0xffff);
154 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
155 cp.retrans_effort = 0xff;
157 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
160 /* Device _must_ be locked */
161 void hci_sco_setup(struct hci_conn *conn, __u8 status)
163 struct hci_conn *sco = conn->link;
171 if (lmp_esco_capable(conn->hdev))
172 hci_setup_sync(sco, conn->handle);
174 hci_add_sco(sco, conn->handle);
176 hci_proto_connect_cfm(sco, status);
181 static void hci_conn_timeout(unsigned long arg)
183 struct hci_conn *conn = (void *) arg;
184 struct hci_dev *hdev = conn->hdev;
187 BT_DBG("conn %p state %d", conn, conn->state);
189 if (atomic_read(&conn->refcnt))
194 switch (conn->state) {
197 if (conn->type == ACL_LINK && conn->out)
198 hci_acl_connect_cancel(conn);
202 reason = hci_proto_disconn_ind(conn);
203 hci_acl_disconn(conn, reason);
206 conn->state = BT_CLOSED;
210 hci_dev_unlock(hdev);
213 static void hci_conn_idle(unsigned long arg)
215 struct hci_conn *conn = (void *) arg;
217 BT_DBG("conn %p mode %d", conn, conn->mode);
219 hci_conn_enter_sniff_mode(conn);
222 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
224 struct hci_conn *conn;
226 BT_DBG("%s dst %s", hdev->name, batostr(dst));
228 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
232 bacpy(&conn->dst, dst);
235 conn->mode = HCI_CM_ACTIVE;
236 conn->state = BT_OPEN;
237 conn->auth_type = HCI_AT_GENERAL_BONDING;
239 conn->power_save = 1;
240 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
244 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
247 if (lmp_esco_capable(hdev))
248 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
249 (hdev->esco_type & EDR_ESCO_MASK);
251 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
254 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
258 skb_queue_head_init(&conn->data_q);
260 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
261 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
263 atomic_set(&conn->refcnt, 0);
267 tasklet_disable(&hdev->tx_task);
269 hci_conn_hash_add(hdev, conn);
271 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
273 atomic_set(&conn->devref, 0);
275 hci_conn_init_sysfs(conn);
277 tasklet_enable(&hdev->tx_task);
282 int hci_conn_del(struct hci_conn *conn)
284 struct hci_dev *hdev = conn->hdev;
286 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
288 del_timer(&conn->idle_timer);
290 del_timer(&conn->disc_timer);
292 if (conn->type == ACL_LINK) {
293 struct hci_conn *sco = conn->link;
298 hdev->acl_cnt += conn->sent;
300 struct hci_conn *acl = conn->link;
307 tasklet_disable(&hdev->tx_task);
309 hci_conn_hash_del(hdev, conn);
311 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
313 tasklet_enable(&hdev->tx_task);
315 skb_queue_purge(&conn->data_q);
317 hci_conn_put_device(conn);
324 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
326 int use_src = bacmp(src, BDADDR_ANY);
327 struct hci_dev *hdev = NULL;
330 BT_DBG("%s -> %s", batostr(src), batostr(dst));
332 read_lock_bh(&hci_dev_list_lock);
334 list_for_each(p, &hci_dev_list) {
335 struct hci_dev *d = list_entry(p, struct hci_dev, list);
337 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
341 * No source address - find interface with bdaddr != dst
342 * Source address - find interface with bdaddr == src
346 if (!bacmp(&d->bdaddr, src)) {
350 if (bacmp(&d->bdaddr, dst)) {
357 hdev = hci_dev_hold(hdev);
359 read_unlock_bh(&hci_dev_list_lock);
362 EXPORT_SYMBOL(hci_get_route);
364 /* Create SCO or ACL connection.
365 * Device _must_ be locked */
366 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
368 struct hci_conn *acl;
369 struct hci_conn *sco;
371 BT_DBG("%s dst %s", hdev->name, batostr(dst));
373 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
374 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
380 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
381 acl->sec_level = sec_level;
382 acl->auth_type = auth_type;
383 hci_acl_connect(acl);
385 if (acl->sec_level < sec_level)
386 acl->sec_level = sec_level;
387 if (acl->auth_type < auth_type)
388 acl->auth_type = auth_type;
391 if (type == ACL_LINK)
394 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
395 if (!(sco = hci_conn_add(hdev, type, dst))) {
406 if (acl->state == BT_CONNECTED &&
407 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
409 hci_conn_enter_active_mode(acl);
411 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
412 /* defer SCO setup until mode change completed */
413 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
417 hci_sco_setup(acl, 0x00);
422 EXPORT_SYMBOL(hci_connect);
424 /* Check link security requirement */
425 int hci_conn_check_link_mode(struct hci_conn *conn)
427 BT_DBG("conn %p", conn);
429 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
430 !(conn->link_mode & HCI_LM_ENCRYPT))
435 EXPORT_SYMBOL(hci_conn_check_link_mode);
437 /* Authenticate remote device */
438 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
440 BT_DBG("conn %p", conn);
442 if (sec_level > conn->sec_level)
443 conn->sec_level = sec_level;
444 else if (conn->link_mode & HCI_LM_AUTH)
447 conn->auth_type = auth_type;
449 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
450 struct hci_cp_auth_requested cp;
451 #ifdef FEATURE_ENCRY_PENDING_B4_AUTH
453 /* encryption must be pending if auth is also pending */
454 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
457 cp.handle = cpu_to_le16(conn->handle);
458 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
465 /* Enable security */
466 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
468 BT_DBG("conn %p", conn);
470 if (sec_level == BT_SECURITY_SDP)
473 if (sec_level == BT_SECURITY_LOW &&
474 (!conn->ssp_mode || !conn->hdev->ssp_mode))
477 if (conn->link_mode & HCI_LM_ENCRYPT)
478 return hci_conn_auth(conn, sec_level, auth_type);
480 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
483 if (hci_conn_auth(conn, sec_level, auth_type)) {
484 struct hci_cp_set_conn_encrypt cp;
485 cp.handle = cpu_to_le16(conn->handle);
487 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
493 EXPORT_SYMBOL(hci_conn_security);
495 /* Change link key */
496 int hci_conn_change_link_key(struct hci_conn *conn)
498 BT_DBG("conn %p", conn);
500 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
501 struct hci_cp_change_conn_link_key cp;
502 cp.handle = cpu_to_le16(conn->handle);
503 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
509 EXPORT_SYMBOL(hci_conn_change_link_key);
512 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
514 BT_DBG("conn %p", conn);
516 if (!role && conn->link_mode & HCI_LM_MASTER)
519 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
520 struct hci_cp_switch_role cp;
521 bacpy(&cp.bdaddr, &conn->dst);
523 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
528 EXPORT_SYMBOL(hci_conn_switch_role);
530 /* Enter active mode */
531 void hci_conn_enter_active_mode(struct hci_conn *conn)
533 struct hci_dev *hdev = conn->hdev;
535 BT_DBG("conn %p mode %d", conn, conn->mode);
537 if (test_bit(HCI_RAW, &hdev->flags))
540 if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
543 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
544 struct hci_cp_exit_sniff_mode cp;
545 cp.handle = cpu_to_le16(conn->handle);
546 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
550 if (hdev->idle_timeout > 0)
551 mod_timer(&conn->idle_timer,
552 jiffies + msecs_to_jiffies(hdev->idle_timeout));
555 /* Enter sniff mode */
556 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
558 struct hci_dev *hdev = conn->hdev;
560 BT_DBG("conn %p mode %d", conn, conn->mode);
562 if (test_bit(HCI_RAW, &hdev->flags))
565 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
568 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
571 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
572 struct hci_cp_sniff_subrate cp;
573 cp.handle = cpu_to_le16(conn->handle);
574 cp.max_latency = cpu_to_le16(0);
575 cp.min_remote_timeout = cpu_to_le16(0);
576 cp.min_local_timeout = cpu_to_le16(0);
577 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
580 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
581 struct hci_cp_sniff_mode cp;
582 cp.handle = cpu_to_le16(conn->handle);
583 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
584 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
585 cp.attempt = cpu_to_le16(4);
586 cp.timeout = cpu_to_le16(1);
587 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
591 /* Drop all connection on the device */
592 void hci_conn_hash_flush(struct hci_dev *hdev)
594 struct hci_conn_hash *h = &hdev->conn_hash;
597 BT_DBG("hdev %s", hdev->name);
600 while (p != &h->list) {
603 c = list_entry(p, struct hci_conn, list);
606 c->state = BT_CLOSED;
608 hci_proto_disconn_cfm(c, 0x16);
613 /* Check pending connect attempts */
614 void hci_conn_check_pending(struct hci_dev *hdev)
616 struct hci_conn *conn;
618 BT_DBG("hdev %s", hdev->name);
622 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
624 hci_acl_connect(conn);
626 hci_dev_unlock(hdev);
629 void hci_conn_hold_device(struct hci_conn *conn)
631 atomic_inc(&conn->devref);
633 EXPORT_SYMBOL(hci_conn_hold_device);
635 void hci_conn_put_device(struct hci_conn *conn)
637 if (atomic_dec_and_test(&conn->devref))
638 hci_conn_del_sysfs(conn);
640 EXPORT_SYMBOL(hci_conn_put_device);
642 int hci_get_conn_list(void __user *arg)
644 struct hci_conn_list_req req, *cl;
645 struct hci_conn_info *ci;
646 struct hci_dev *hdev;
648 int n = 0, size, err;
650 if (copy_from_user(&req, arg, sizeof(req)))
653 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
656 size = sizeof(req) + req.conn_num * sizeof(*ci);
658 if (!(cl = kmalloc(size, GFP_KERNEL)))
661 if (!(hdev = hci_dev_get(req.dev_id))) {
668 hci_dev_lock_bh(hdev);
669 list_for_each(p, &hdev->conn_hash.list) {
670 register struct hci_conn *c;
671 c = list_entry(p, struct hci_conn, list);
673 bacpy(&(ci + n)->bdaddr, &c->dst);
674 (ci + n)->handle = c->handle;
675 (ci + n)->type = c->type;
676 (ci + n)->out = c->out;
677 (ci + n)->state = c->state;
678 (ci + n)->link_mode = c->link_mode;
679 if (++n >= req.conn_num)
682 hci_dev_unlock_bh(hdev);
684 cl->dev_id = hdev->id;
686 size = sizeof(req) + n * sizeof(*ci);
690 err = copy_to_user(arg, cl, size);
693 return err ? -EFAULT : 0;
696 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
698 struct hci_conn_info_req req;
699 struct hci_conn_info ci;
700 struct hci_conn *conn;
701 char __user *ptr = arg + sizeof(req);
703 if (copy_from_user(&req, arg, sizeof(req)))
706 hci_dev_lock_bh(hdev);
707 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
709 bacpy(&ci.bdaddr, &conn->dst);
710 ci.handle = conn->handle;
711 ci.type = conn->type;
713 ci.state = conn->state;
714 ci.link_mode = conn->link_mode;
716 hci_dev_unlock_bh(hdev);
721 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
724 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
726 struct hci_auth_info_req req;
727 struct hci_conn *conn;
729 if (copy_from_user(&req, arg, sizeof(req)))
732 hci_dev_lock_bh(hdev);
733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
735 req.type = conn->auth_type;
736 hci_dev_unlock_bh(hdev);
741 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;