xref: /openbmc/linux/net/bluetooth/hci_conn.c (revision 22246614)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth HCI connection handling. */
26 
27 #include <linux/module.h>
28 
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40 
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44 
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
49 #undef  BT_DBG
50 #define BT_DBG(D...)
51 #endif
52 
53 void hci_acl_connect(struct hci_conn *conn)
54 {
55 	struct hci_dev *hdev = conn->hdev;
56 	struct inquiry_entry *ie;
57 	struct hci_cp_create_conn cp;
58 
59 	BT_DBG("%p", conn);
60 
61 	conn->state = BT_CONNECT;
62 	conn->out   = 1;
63 	conn->link_mode = HCI_LM_MASTER;
64 
65 	conn->attempt++;
66 
67 	memset(&cp, 0, sizeof(cp));
68 	bacpy(&cp.bdaddr, &conn->dst);
69 	cp.pscan_rep_mode = 0x02;
70 
71 	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
72 			inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
73 		cp.pscan_rep_mode = ie->data.pscan_rep_mode;
74 		cp.pscan_mode     = ie->data.pscan_mode;
75 		cp.clock_offset   = ie->data.clock_offset | cpu_to_le16(0x8000);
76 		memcpy(conn->dev_class, ie->data.dev_class, 3);
77 	}
78 
79 	cp.pkt_type = cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
80 	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
81 		cp.role_switch = 0x01;
82 	else
83 		cp.role_switch = 0x00;
84 
85 	hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
86 }
87 
88 static void hci_acl_connect_cancel(struct hci_conn *conn)
89 {
90 	struct hci_cp_create_conn_cancel cp;
91 
92 	BT_DBG("%p", conn);
93 
94 	if (conn->hdev->hci_ver < 2)
95 		return;
96 
97 	bacpy(&cp.bdaddr, &conn->dst);
98 	hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
99 }
100 
101 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
102 {
103 	struct hci_cp_disconnect cp;
104 
105 	BT_DBG("%p", conn);
106 
107 	conn->state = BT_DISCONN;
108 
109 	cp.handle = cpu_to_le16(conn->handle);
110 	cp.reason = reason;
111 	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
112 }
113 
114 void hci_add_sco(struct hci_conn *conn, __u16 handle)
115 {
116 	struct hci_dev *hdev = conn->hdev;
117 	struct hci_cp_add_sco cp;
118 
119 	BT_DBG("%p", conn);
120 
121 	conn->state = BT_CONNECT;
122 	conn->out = 1;
123 
124 	cp.handle   = cpu_to_le16(handle);
125 	cp.pkt_type = cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
126 
127 	hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
128 }
129 
130 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
131 {
132 	struct hci_dev *hdev = conn->hdev;
133 	struct hci_cp_setup_sync_conn cp;
134 
135 	BT_DBG("%p", conn);
136 
137 	conn->state = BT_CONNECT;
138 	conn->out = 1;
139 
140 	cp.handle   = cpu_to_le16(handle);
141 	cp.pkt_type = cpu_to_le16(hdev->esco_type);
142 
143 	cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
144 	cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
145 	cp.max_latency    = cpu_to_le16(0xffff);
146 	cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
147 	cp.retrans_effort = 0xff;
148 
149 	hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
150 }
151 
152 static void hci_conn_timeout(unsigned long arg)
153 {
154 	struct hci_conn *conn = (void *) arg;
155 	struct hci_dev *hdev = conn->hdev;
156 
157 	BT_DBG("conn %p state %d", conn, conn->state);
158 
159 	if (atomic_read(&conn->refcnt))
160 		return;
161 
162 	hci_dev_lock(hdev);
163 
164 	switch (conn->state) {
165 	case BT_CONNECT:
166 		if (conn->type == ACL_LINK)
167 			hci_acl_connect_cancel(conn);
168 		else
169 			hci_acl_disconn(conn, 0x13);
170 		break;
171 	case BT_CONNECTED:
172 		hci_acl_disconn(conn, 0x13);
173 		break;
174 	default:
175 		conn->state = BT_CLOSED;
176 		break;
177 	}
178 
179 	hci_dev_unlock(hdev);
180 }
181 
182 static void hci_conn_idle(unsigned long arg)
183 {
184 	struct hci_conn *conn = (void *) arg;
185 
186 	BT_DBG("conn %p mode %d", conn, conn->mode);
187 
188 	hci_conn_enter_sniff_mode(conn);
189 }
190 
191 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
192 {
193 	struct hci_conn *conn;
194 
195 	BT_DBG("%s dst %s", hdev->name, batostr(dst));
196 
197 	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
198 	if (!conn)
199 		return NULL;
200 
201 	bacpy(&conn->dst, dst);
202 	conn->hdev   = hdev;
203 	conn->type   = type;
204 	conn->mode   = HCI_CM_ACTIVE;
205 	conn->state  = BT_OPEN;
206 
207 	conn->power_save = 1;
208 
209 	skb_queue_head_init(&conn->data_q);
210 
211 	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
212 	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
213 
214 	atomic_set(&conn->refcnt, 0);
215 
216 	hci_dev_hold(hdev);
217 
218 	tasklet_disable(&hdev->tx_task);
219 
220 	hci_conn_hash_add(hdev, conn);
221 	if (hdev->notify)
222 		hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
223 
224 	hci_conn_add_sysfs(conn);
225 
226 	tasklet_enable(&hdev->tx_task);
227 
228 	return conn;
229 }
230 
231 int hci_conn_del(struct hci_conn *conn)
232 {
233 	struct hci_dev *hdev = conn->hdev;
234 
235 	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
236 
237 	del_timer(&conn->idle_timer);
238 
239 	del_timer(&conn->disc_timer);
240 
241 	if (conn->type == ACL_LINK) {
242 		struct hci_conn *sco = conn->link;
243 		if (sco)
244 			sco->link = NULL;
245 
246 		/* Unacked frames */
247 		hdev->acl_cnt += conn->sent;
248 	} else {
249 		struct hci_conn *acl = conn->link;
250 		if (acl) {
251 			acl->link = NULL;
252 			hci_conn_put(acl);
253 		}
254 	}
255 
256 	tasklet_disable(&hdev->tx_task);
257 	hci_conn_hash_del(hdev, conn);
258 	if (hdev->notify)
259 		hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
260 	tasklet_enable(&hdev->tx_task);
261 	skb_queue_purge(&conn->data_q);
262 	hci_conn_del_sysfs(conn);
263 
264 	return 0;
265 }
266 
267 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
268 {
269 	int use_src = bacmp(src, BDADDR_ANY);
270 	struct hci_dev *hdev = NULL;
271 	struct list_head *p;
272 
273 	BT_DBG("%s -> %s", batostr(src), batostr(dst));
274 
275 	read_lock_bh(&hci_dev_list_lock);
276 
277 	list_for_each(p, &hci_dev_list) {
278 		struct hci_dev *d = list_entry(p, struct hci_dev, list);
279 
280 		if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
281 			continue;
282 
283 		/* Simple routing:
284 		 *   No source address - find interface with bdaddr != dst
285 		 *   Source address    - find interface with bdaddr == src
286 		 */
287 
288 		if (use_src) {
289 			if (!bacmp(&d->bdaddr, src)) {
290 				hdev = d; break;
291 			}
292 		} else {
293 			if (bacmp(&d->bdaddr, dst)) {
294 				hdev = d; break;
295 			}
296 		}
297 	}
298 
299 	if (hdev)
300 		hdev = hci_dev_hold(hdev);
301 
302 	read_unlock_bh(&hci_dev_list_lock);
303 	return hdev;
304 }
305 EXPORT_SYMBOL(hci_get_route);
306 
307 /* Create SCO or ACL connection.
308  * Device _must_ be locked */
309 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
310 {
311 	struct hci_conn *acl;
312 	struct hci_conn *sco;
313 
314 	BT_DBG("%s dst %s", hdev->name, batostr(dst));
315 
316 	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
317 		if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
318 			return NULL;
319 	}
320 
321 	hci_conn_hold(acl);
322 
323 	if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
324 		hci_acl_connect(acl);
325 
326 	if (type == ACL_LINK)
327 		return acl;
328 
329 	if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
330 		if (!(sco = hci_conn_add(hdev, type, dst))) {
331 			hci_conn_put(acl);
332 			return NULL;
333 		}
334 	}
335 
336 	acl->link = sco;
337 	sco->link = acl;
338 
339 	hci_conn_hold(sco);
340 
341 	if (acl->state == BT_CONNECTED &&
342 			(sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
343 		if (lmp_esco_capable(hdev))
344 			hci_setup_sync(sco, acl->handle);
345 		else
346 			hci_add_sco(sco, acl->handle);
347 	}
348 
349 	return sco;
350 }
351 EXPORT_SYMBOL(hci_connect);
352 
353 /* Authenticate remote device */
354 int hci_conn_auth(struct hci_conn *conn)
355 {
356 	BT_DBG("conn %p", conn);
357 
358 	if (conn->link_mode & HCI_LM_AUTH)
359 		return 1;
360 
361 	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
362 		struct hci_cp_auth_requested cp;
363 		cp.handle = cpu_to_le16(conn->handle);
364 		hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
365 	}
366 	return 0;
367 }
368 EXPORT_SYMBOL(hci_conn_auth);
369 
370 /* Enable encryption */
371 int hci_conn_encrypt(struct hci_conn *conn)
372 {
373 	BT_DBG("conn %p", conn);
374 
375 	if (conn->link_mode & HCI_LM_ENCRYPT)
376 		return 1;
377 
378 	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
379 		return 0;
380 
381 	if (hci_conn_auth(conn)) {
382 		struct hci_cp_set_conn_encrypt cp;
383 		cp.handle  = cpu_to_le16(conn->handle);
384 		cp.encrypt = 1;
385 		hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
386 	}
387 	return 0;
388 }
389 EXPORT_SYMBOL(hci_conn_encrypt);
390 
391 /* Change link key */
392 int hci_conn_change_link_key(struct hci_conn *conn)
393 {
394 	BT_DBG("conn %p", conn);
395 
396 	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
397 		struct hci_cp_change_conn_link_key cp;
398 		cp.handle = cpu_to_le16(conn->handle);
399 		hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
400 	}
401 	return 0;
402 }
403 EXPORT_SYMBOL(hci_conn_change_link_key);
404 
405 /* Switch role */
406 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
407 {
408 	BT_DBG("conn %p", conn);
409 
410 	if (!role && conn->link_mode & HCI_LM_MASTER)
411 		return 1;
412 
413 	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
414 		struct hci_cp_switch_role cp;
415 		bacpy(&cp.bdaddr, &conn->dst);
416 		cp.role = role;
417 		hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
418 	}
419 	return 0;
420 }
421 EXPORT_SYMBOL(hci_conn_switch_role);
422 
423 /* Enter active mode */
424 void hci_conn_enter_active_mode(struct hci_conn *conn)
425 {
426 	struct hci_dev *hdev = conn->hdev;
427 
428 	BT_DBG("conn %p mode %d", conn, conn->mode);
429 
430 	if (test_bit(HCI_RAW, &hdev->flags))
431 		return;
432 
433 	if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
434 		goto timer;
435 
436 	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
437 		struct hci_cp_exit_sniff_mode cp;
438 		cp.handle = cpu_to_le16(conn->handle);
439 		hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
440 	}
441 
442 timer:
443 	if (hdev->idle_timeout > 0)
444 		mod_timer(&conn->idle_timer,
445 			jiffies + msecs_to_jiffies(hdev->idle_timeout));
446 }
447 
448 /* Enter sniff mode */
449 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
450 {
451 	struct hci_dev *hdev = conn->hdev;
452 
453 	BT_DBG("conn %p mode %d", conn, conn->mode);
454 
455 	if (test_bit(HCI_RAW, &hdev->flags))
456 		return;
457 
458 	if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
459 		return;
460 
461 	if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
462 		return;
463 
464 	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
465 		struct hci_cp_sniff_subrate cp;
466 		cp.handle             = cpu_to_le16(conn->handle);
467 		cp.max_latency        = cpu_to_le16(0);
468 		cp.min_remote_timeout = cpu_to_le16(0);
469 		cp.min_local_timeout  = cpu_to_le16(0);
470 		hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
471 	}
472 
473 	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
474 		struct hci_cp_sniff_mode cp;
475 		cp.handle       = cpu_to_le16(conn->handle);
476 		cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
477 		cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
478 		cp.attempt      = cpu_to_le16(4);
479 		cp.timeout      = cpu_to_le16(1);
480 		hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
481 	}
482 }
483 
484 /* Drop all connection on the device */
485 void hci_conn_hash_flush(struct hci_dev *hdev)
486 {
487 	struct hci_conn_hash *h = &hdev->conn_hash;
488 	struct list_head *p;
489 
490 	BT_DBG("hdev %s", hdev->name);
491 
492 	p = h->list.next;
493 	while (p != &h->list) {
494 		struct hci_conn *c;
495 
496 		c = list_entry(p, struct hci_conn, list);
497 		p = p->next;
498 
499 		c->state = BT_CLOSED;
500 
501 		hci_proto_disconn_ind(c, 0x16);
502 		hci_conn_del(c);
503 	}
504 }
505 
506 /* Check pending connect attempts */
507 void hci_conn_check_pending(struct hci_dev *hdev)
508 {
509 	struct hci_conn *conn;
510 
511 	BT_DBG("hdev %s", hdev->name);
512 
513 	hci_dev_lock(hdev);
514 
515 	conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
516 	if (conn)
517 		hci_acl_connect(conn);
518 
519 	hci_dev_unlock(hdev);
520 }
521 
522 int hci_get_conn_list(void __user *arg)
523 {
524 	struct hci_conn_list_req req, *cl;
525 	struct hci_conn_info *ci;
526 	struct hci_dev *hdev;
527 	struct list_head *p;
528 	int n = 0, size, err;
529 
530 	if (copy_from_user(&req, arg, sizeof(req)))
531 		return -EFAULT;
532 
533 	if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
534 		return -EINVAL;
535 
536 	size = sizeof(req) + req.conn_num * sizeof(*ci);
537 
538 	if (!(cl = kmalloc(size, GFP_KERNEL)))
539 		return -ENOMEM;
540 
541 	if (!(hdev = hci_dev_get(req.dev_id))) {
542 		kfree(cl);
543 		return -ENODEV;
544 	}
545 
546 	ci = cl->conn_info;
547 
548 	hci_dev_lock_bh(hdev);
549 	list_for_each(p, &hdev->conn_hash.list) {
550 		register struct hci_conn *c;
551 		c = list_entry(p, struct hci_conn, list);
552 
553 		bacpy(&(ci + n)->bdaddr, &c->dst);
554 		(ci + n)->handle = c->handle;
555 		(ci + n)->type  = c->type;
556 		(ci + n)->out   = c->out;
557 		(ci + n)->state = c->state;
558 		(ci + n)->link_mode = c->link_mode;
559 		if (++n >= req.conn_num)
560 			break;
561 	}
562 	hci_dev_unlock_bh(hdev);
563 
564 	cl->dev_id = hdev->id;
565 	cl->conn_num = n;
566 	size = sizeof(req) + n * sizeof(*ci);
567 
568 	hci_dev_put(hdev);
569 
570 	err = copy_to_user(arg, cl, size);
571 	kfree(cl);
572 
573 	return err ? -EFAULT : 0;
574 }
575 
576 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
577 {
578 	struct hci_conn_info_req req;
579 	struct hci_conn_info ci;
580 	struct hci_conn *conn;
581 	char __user *ptr = arg + sizeof(req);
582 
583 	if (copy_from_user(&req, arg, sizeof(req)))
584 		return -EFAULT;
585 
586 	hci_dev_lock_bh(hdev);
587 	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
588 	if (conn) {
589 		bacpy(&ci.bdaddr, &conn->dst);
590 		ci.handle = conn->handle;
591 		ci.type  = conn->type;
592 		ci.out   = conn->out;
593 		ci.state = conn->state;
594 		ci.link_mode = conn->link_mode;
595 	}
596 	hci_dev_unlock_bh(hdev);
597 
598 	if (!conn)
599 		return -ENOENT;
600 
601 	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
602 }
603