1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 void hci_acl_connect(struct hci_conn *conn) 49 { 50 struct hci_dev *hdev = conn->hdev; 51 struct inquiry_entry *ie; 52 struct hci_cp_create_conn cp; 53 54 BT_DBG("%p", conn); 55 56 conn->state = BT_CONNECT; 57 conn->out = 1; 58 59 conn->link_mode = HCI_LM_MASTER; 60 61 conn->attempt++; 62 63 conn->link_policy = hdev->link_policy; 64 65 memset(&cp, 0, sizeof(cp)); 66 bacpy(&cp.bdaddr, &conn->dst); 67 cp.pscan_rep_mode = 0x02; 68 69 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 70 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 71 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 72 cp.pscan_mode = ie->data.pscan_mode; 73 cp.clock_offset = ie->data.clock_offset | 74 cpu_to_le16(0x8000); 75 } 76 77 memcpy(conn->dev_class, ie->data.dev_class, 3); 78 conn->ssp_mode = ie->data.ssp_mode; 79 } 80 81 cp.pkt_type = cpu_to_le16(conn->pkt_type); 82 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 83 cp.role_switch = 0x01; 84 else 85 cp.role_switch = 0x00; 86 87 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 88 } 89 90 static void hci_acl_connect_cancel(struct hci_conn *conn) 91 { 92 struct hci_cp_create_conn_cancel cp; 93 94 BT_DBG("%p", conn); 95 96 if (conn->hdev->hci_ver < 2) 97 return; 98 99 bacpy(&cp.bdaddr, &conn->dst); 100 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 101 } 102 103 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 104 { 105 struct hci_cp_disconnect cp; 106 107 BT_DBG("%p", conn); 108 109 conn->state = BT_DISCONN; 110 111 cp.handle = cpu_to_le16(conn->handle); 112 cp.reason = reason; 113 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 114 } 115 116 void hci_add_sco(struct hci_conn *conn, __u16 handle) 117 { 118 struct hci_dev *hdev = conn->hdev; 119 struct hci_cp_add_sco cp; 120 121 BT_DBG("%p", conn); 122 123 conn->state = BT_CONNECT; 124 conn->out = 1; 125 126 cp.handle = cpu_to_le16(handle); 127 cp.pkt_type = cpu_to_le16(conn->pkt_type); 128 129 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 130 } 131 132 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 133 { 134 struct hci_dev *hdev = conn->hdev; 135 struct hci_cp_setup_sync_conn cp; 136 137 BT_DBG("%p", conn); 138 139 conn->state = BT_CONNECT; 140 conn->out = 1; 141 142 cp.handle = cpu_to_le16(handle); 143 cp.pkt_type = cpu_to_le16(conn->pkt_type); 144 145 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 146 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 147 cp.max_latency = cpu_to_le16(0xffff); 148 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 149 cp.retrans_effort = 0xff; 150 151 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 152 } 153 154 static void hci_conn_timeout(unsigned long arg) 155 { 156 struct hci_conn *conn = (void *) arg; 157 struct hci_dev *hdev = conn->hdev; 158 159 BT_DBG("conn %p state %d", conn, conn->state); 160 161 if (atomic_read(&conn->refcnt)) 162 return; 163 164 hci_dev_lock(hdev); 165 166 switch (conn->state) { 167 case BT_CONNECT: 168 case BT_CONNECT2: 169 if (conn->type == ACL_LINK) 170 hci_acl_connect_cancel(conn); 171 else 172 hci_acl_disconn(conn, 0x13); 173 break; 174 case BT_CONFIG: 175 case BT_CONNECTED: 176 hci_acl_disconn(conn, 0x13); 177 break; 178 default: 179 conn->state = BT_CLOSED; 180 break; 181 } 182 183 hci_dev_unlock(hdev); 184 } 185 186 static void hci_conn_idle(unsigned long arg) 187 { 188 struct hci_conn *conn = (void *) arg; 189 190 BT_DBG("conn %p mode %d", conn, conn->mode); 191 192 hci_conn_enter_sniff_mode(conn); 193 } 194 195 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 196 { 197 struct hci_conn *conn; 198 199 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 200 201 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 202 if (!conn) 203 return NULL; 204 205 bacpy(&conn->dst, dst); 206 conn->hdev = hdev; 207 conn->type = type; 208 conn->mode = HCI_CM_ACTIVE; 209 conn->state = BT_OPEN; 210 211 conn->power_save = 1; 212 213 switch (type) { 214 case ACL_LINK: 215 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 216 break; 217 case SCO_LINK: 218 if (lmp_esco_capable(hdev)) 219 conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK; 220 else 221 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 222 break; 223 case ESCO_LINK: 224 conn->pkt_type = hdev->esco_type; 225 break; 226 } 227 228 skb_queue_head_init(&conn->data_q); 229 230 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 231 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 232 233 atomic_set(&conn->refcnt, 0); 234 235 hci_dev_hold(hdev); 236 237 tasklet_disable(&hdev->tx_task); 238 239 hci_conn_hash_add(hdev, conn); 240 if (hdev->notify) 241 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 242 243 tasklet_enable(&hdev->tx_task); 244 245 return conn; 246 } 247 248 int hci_conn_del(struct hci_conn *conn) 249 { 250 struct hci_dev *hdev = conn->hdev; 251 252 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 253 254 del_timer(&conn->idle_timer); 255 256 del_timer(&conn->disc_timer); 257 258 if (conn->type == ACL_LINK) { 259 struct hci_conn *sco = conn->link; 260 if (sco) 261 sco->link = NULL; 262 263 /* Unacked frames */ 264 hdev->acl_cnt += conn->sent; 265 } else { 266 struct hci_conn *acl = conn->link; 267 if (acl) { 268 acl->link = NULL; 269 hci_conn_put(acl); 270 } 271 } 272 273 tasklet_disable(&hdev->tx_task); 274 275 hci_conn_hash_del(hdev, conn); 276 if (hdev->notify) 277 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 278 279 tasklet_enable(&hdev->tx_task); 280 281 skb_queue_purge(&conn->data_q); 282 283 return 0; 284 } 285 286 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 287 { 288 int use_src = bacmp(src, BDADDR_ANY); 289 struct hci_dev *hdev = NULL; 290 struct list_head *p; 291 292 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 293 294 read_lock_bh(&hci_dev_list_lock); 295 296 list_for_each(p, &hci_dev_list) { 297 struct hci_dev *d = list_entry(p, struct hci_dev, list); 298 299 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 300 continue; 301 302 /* Simple routing: 303 * No source address - find interface with bdaddr != dst 304 * Source address - find interface with bdaddr == src 305 */ 306 307 if (use_src) { 308 if (!bacmp(&d->bdaddr, src)) { 309 hdev = d; break; 310 } 311 } else { 312 if (bacmp(&d->bdaddr, dst)) { 313 hdev = d; break; 314 } 315 } 316 } 317 318 if (hdev) 319 hdev = hci_dev_hold(hdev); 320 321 read_unlock_bh(&hci_dev_list_lock); 322 return hdev; 323 } 324 EXPORT_SYMBOL(hci_get_route); 325 326 /* Create SCO or ACL connection. 327 * Device _must_ be locked */ 328 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) 329 { 330 struct hci_conn *acl; 331 struct hci_conn *sco; 332 333 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 334 335 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 336 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 337 return NULL; 338 } 339 340 hci_conn_hold(acl); 341 342 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 343 acl->sec_level = sec_level; 344 acl->auth_type = auth_type; 345 hci_acl_connect(acl); 346 } 347 348 if (type == ACL_LINK) 349 return acl; 350 351 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { 352 if (!(sco = hci_conn_add(hdev, type, dst))) { 353 hci_conn_put(acl); 354 return NULL; 355 } 356 } 357 358 acl->link = sco; 359 sco->link = acl; 360 361 hci_conn_hold(sco); 362 363 if (acl->state == BT_CONNECTED && 364 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 365 if (lmp_esco_capable(hdev)) 366 hci_setup_sync(sco, acl->handle); 367 else 368 hci_add_sco(sco, acl->handle); 369 } 370 371 return sco; 372 } 373 EXPORT_SYMBOL(hci_connect); 374 375 /* Check link security requirement */ 376 int hci_conn_check_link_mode(struct hci_conn *conn) 377 { 378 BT_DBG("conn %p", conn); 379 380 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 381 !(conn->link_mode & HCI_LM_ENCRYPT)) 382 return 0; 383 384 return 1; 385 } 386 EXPORT_SYMBOL(hci_conn_check_link_mode); 387 388 /* Authenticate remote device */ 389 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level) 390 { 391 BT_DBG("conn %p", conn); 392 393 if (sec_level > conn->sec_level) 394 conn->link_mode &= ~HCI_LM_AUTH; 395 396 conn->sec_level = sec_level; 397 398 if (sec_level == BT_SECURITY_HIGH) 399 conn->auth_type |= 0x01; 400 401 if (conn->link_mode & HCI_LM_AUTH) 402 return 1; 403 404 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 405 struct hci_cp_auth_requested cp; 406 cp.handle = cpu_to_le16(conn->handle); 407 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 408 sizeof(cp), &cp); 409 } 410 411 return 0; 412 } 413 414 /* Enable security */ 415 int hci_conn_security(struct hci_conn *conn, __u8 sec_level) 416 { 417 BT_DBG("conn %p", conn); 418 419 if (sec_level == BT_SECURITY_SDP) 420 return 1; 421 422 if (sec_level == BT_SECURITY_LOW) { 423 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) 424 return hci_conn_auth(conn, sec_level); 425 else 426 return 1; 427 } 428 429 if (conn->link_mode & HCI_LM_ENCRYPT) 430 return hci_conn_auth(conn, sec_level); 431 432 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 433 return 0; 434 435 if (hci_conn_auth(conn, sec_level)) { 436 struct hci_cp_set_conn_encrypt cp; 437 cp.handle = cpu_to_le16(conn->handle); 438 cp.encrypt = 1; 439 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, 440 sizeof(cp), &cp); 441 } 442 443 return 0; 444 } 445 EXPORT_SYMBOL(hci_conn_security); 446 447 /* Change link key */ 448 int hci_conn_change_link_key(struct hci_conn *conn) 449 { 450 BT_DBG("conn %p", conn); 451 452 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 453 struct hci_cp_change_conn_link_key cp; 454 cp.handle = cpu_to_le16(conn->handle); 455 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 456 sizeof(cp), &cp); 457 } 458 459 return 0; 460 } 461 EXPORT_SYMBOL(hci_conn_change_link_key); 462 463 /* Switch role */ 464 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 465 { 466 BT_DBG("conn %p", conn); 467 468 if (!role && conn->link_mode & HCI_LM_MASTER) 469 return 1; 470 471 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 472 struct hci_cp_switch_role cp; 473 bacpy(&cp.bdaddr, &conn->dst); 474 cp.role = role; 475 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 476 } 477 478 return 0; 479 } 480 EXPORT_SYMBOL(hci_conn_switch_role); 481 482 /* Enter active mode */ 483 void hci_conn_enter_active_mode(struct hci_conn *conn) 484 { 485 struct hci_dev *hdev = conn->hdev; 486 487 BT_DBG("conn %p mode %d", conn, conn->mode); 488 489 if (test_bit(HCI_RAW, &hdev->flags)) 490 return; 491 492 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 493 goto timer; 494 495 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 496 struct hci_cp_exit_sniff_mode cp; 497 cp.handle = cpu_to_le16(conn->handle); 498 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 499 } 500 501 timer: 502 if (hdev->idle_timeout > 0) 503 mod_timer(&conn->idle_timer, 504 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 505 } 506 507 /* Enter sniff mode */ 508 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 509 { 510 struct hci_dev *hdev = conn->hdev; 511 512 BT_DBG("conn %p mode %d", conn, conn->mode); 513 514 if (test_bit(HCI_RAW, &hdev->flags)) 515 return; 516 517 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 518 return; 519 520 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 521 return; 522 523 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 524 struct hci_cp_sniff_subrate cp; 525 cp.handle = cpu_to_le16(conn->handle); 526 cp.max_latency = cpu_to_le16(0); 527 cp.min_remote_timeout = cpu_to_le16(0); 528 cp.min_local_timeout = cpu_to_le16(0); 529 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 530 } 531 532 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 533 struct hci_cp_sniff_mode cp; 534 cp.handle = cpu_to_le16(conn->handle); 535 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 536 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 537 cp.attempt = cpu_to_le16(4); 538 cp.timeout = cpu_to_le16(1); 539 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 540 } 541 } 542 543 /* Drop all connection on the device */ 544 void hci_conn_hash_flush(struct hci_dev *hdev) 545 { 546 struct hci_conn_hash *h = &hdev->conn_hash; 547 struct list_head *p; 548 549 BT_DBG("hdev %s", hdev->name); 550 551 p = h->list.next; 552 while (p != &h->list) { 553 struct hci_conn *c; 554 555 c = list_entry(p, struct hci_conn, list); 556 p = p->next; 557 558 c->state = BT_CLOSED; 559 560 hci_conn_del_sysfs(c); 561 562 hci_proto_disconn_ind(c, 0x16); 563 hci_conn_del(c); 564 } 565 } 566 567 /* Check pending connect attempts */ 568 void hci_conn_check_pending(struct hci_dev *hdev) 569 { 570 struct hci_conn *conn; 571 572 BT_DBG("hdev %s", hdev->name); 573 574 hci_dev_lock(hdev); 575 576 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 577 if (conn) 578 hci_acl_connect(conn); 579 580 hci_dev_unlock(hdev); 581 } 582 583 int hci_get_conn_list(void __user *arg) 584 { 585 struct hci_conn_list_req req, *cl; 586 struct hci_conn_info *ci; 587 struct hci_dev *hdev; 588 struct list_head *p; 589 int n = 0, size, err; 590 591 if (copy_from_user(&req, arg, sizeof(req))) 592 return -EFAULT; 593 594 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 595 return -EINVAL; 596 597 size = sizeof(req) + req.conn_num * sizeof(*ci); 598 599 if (!(cl = kmalloc(size, GFP_KERNEL))) 600 return -ENOMEM; 601 602 if (!(hdev = hci_dev_get(req.dev_id))) { 603 kfree(cl); 604 return -ENODEV; 605 } 606 607 ci = cl->conn_info; 608 609 hci_dev_lock_bh(hdev); 610 list_for_each(p, &hdev->conn_hash.list) { 611 register struct hci_conn *c; 612 c = list_entry(p, struct hci_conn, list); 613 614 bacpy(&(ci + n)->bdaddr, &c->dst); 615 (ci + n)->handle = c->handle; 616 (ci + n)->type = c->type; 617 (ci + n)->out = c->out; 618 (ci + n)->state = c->state; 619 (ci + n)->link_mode = c->link_mode; 620 if (++n >= req.conn_num) 621 break; 622 } 623 hci_dev_unlock_bh(hdev); 624 625 cl->dev_id = hdev->id; 626 cl->conn_num = n; 627 size = sizeof(req) + n * sizeof(*ci); 628 629 hci_dev_put(hdev); 630 631 err = copy_to_user(arg, cl, size); 632 kfree(cl); 633 634 return err ? -EFAULT : 0; 635 } 636 637 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 638 { 639 struct hci_conn_info_req req; 640 struct hci_conn_info ci; 641 struct hci_conn *conn; 642 char __user *ptr = arg + sizeof(req); 643 644 if (copy_from_user(&req, arg, sizeof(req))) 645 return -EFAULT; 646 647 hci_dev_lock_bh(hdev); 648 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 649 if (conn) { 650 bacpy(&ci.bdaddr, &conn->dst); 651 ci.handle = conn->handle; 652 ci.type = conn->type; 653 ci.out = conn->out; 654 ci.state = conn->state; 655 ci.link_mode = conn->link_mode; 656 } 657 hci_dev_unlock_bh(hdev); 658 659 if (!conn) 660 return -ENOENT; 661 662 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 663 } 664 665 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 666 { 667 struct hci_auth_info_req req; 668 struct hci_conn *conn; 669 670 if (copy_from_user(&req, arg, sizeof(req))) 671 return -EFAULT; 672 673 hci_dev_lock_bh(hdev); 674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 675 if (conn) 676 req.type = conn->auth_type; 677 hci_dev_unlock_bh(hdev); 678 679 if (!conn) 680 return -ENOENT; 681 682 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 683 } 684