1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 Copyright 2023 NXP 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 2 as 10 published by the Free Software Foundation; 11 12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 23 SOFTWARE IS DISCLAIMED. 24 */ 25 26 /* Bluetooth HCI connection handling. */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/iso.h> 35 #include <net/bluetooth/mgmt.h> 36 37 #include "hci_request.h" 38 #include "smp.h" 39 #include "a2mp.h" 40 #include "eir.h" 41 42 struct sco_param { 43 u16 pkt_type; 44 u16 max_latency; 45 u8 retrans_effort; 46 }; 47 48 struct conn_handle_t { 49 struct hci_conn *conn; 50 __u16 handle; 51 }; 52 53 static const struct sco_param esco_param_cvsd[] = { 54 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a, 0x01 }, /* S3 */ 55 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007, 0x01 }, /* S2 */ 56 { EDR_ESCO_MASK | ESCO_EV3, 0x0007, 0x01 }, /* S1 */ 57 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0x01 }, /* D1 */ 58 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0x01 }, /* D0 */ 59 }; 60 61 static const struct sco_param sco_param_cvsd[] = { 62 { EDR_ESCO_MASK | ESCO_HV3, 0xffff, 0xff }, /* D1 */ 63 { EDR_ESCO_MASK | ESCO_HV1, 0xffff, 0xff }, /* D0 */ 64 }; 65 66 static const struct sco_param esco_param_msbc[] = { 67 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d, 0x02 }, /* T2 */ 68 { EDR_ESCO_MASK | ESCO_EV3, 0x0008, 0x02 }, /* T1 */ 69 }; 70 71 /* This function requires the caller holds hdev->lock */ 72 static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) 73 { 74 struct hci_conn_params *params; 75 struct hci_dev *hdev = conn->hdev; 76 struct smp_irk *irk; 77 bdaddr_t *bdaddr; 78 u8 bdaddr_type; 79 80 bdaddr = &conn->dst; 81 bdaddr_type = conn->dst_type; 82 83 /* Check if we need to convert to identity address */ 84 irk = hci_get_irk(hdev, bdaddr, bdaddr_type); 85 if (irk) { 86 bdaddr = &irk->bdaddr; 87 bdaddr_type = irk->addr_type; 88 } 89 90 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr, 91 bdaddr_type); 92 if (!params) 93 return; 94 95 if (params->conn) { 96 hci_conn_drop(params->conn); 97 hci_conn_put(params->conn); 98 params->conn = NULL; 99 } 100 101 if (!params->explicit_connect) 102 return; 103 104 /* If the status indicates successful cancellation of 105 * the attempt (i.e. Unknown Connection Id) there's no point of 106 * notifying failure since we'll go back to keep trying to 107 * connect. The only exception is explicit connect requests 108 * where a timeout + cancel does indicate an actual failure. 109 */ 110 if (status && status != HCI_ERROR_UNKNOWN_CONN_ID) 111 mgmt_connect_failed(hdev, &conn->dst, conn->type, 112 conn->dst_type, status); 113 114 /* The connection attempt was doing scan for new RPA, and is 115 * in scan phase. If params are not associated with any other 116 * autoconnect action, remove them completely. If they are, just unmark 117 * them as waiting for connection, by clearing explicit_connect field. 118 */ 119 params->explicit_connect = false; 120 121 list_del_init(¶ms->action); 122 123 switch (params->auto_connect) { 124 case HCI_AUTO_CONN_EXPLICIT: 125 hci_conn_params_del(hdev, bdaddr, bdaddr_type); 126 /* return instead of break to avoid duplicate scan update */ 127 return; 128 case HCI_AUTO_CONN_DIRECT: 129 case HCI_AUTO_CONN_ALWAYS: 130 list_add(¶ms->action, &hdev->pend_le_conns); 131 break; 132 case HCI_AUTO_CONN_REPORT: 133 list_add(¶ms->action, &hdev->pend_le_reports); 134 break; 135 default: 136 break; 137 } 138 139 hci_update_passive_scan(hdev); 140 } 141 142 static void hci_conn_cleanup(struct hci_conn *conn) 143 { 144 struct hci_dev *hdev = conn->hdev; 145 146 if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags)) 147 hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type); 148 149 if (test_and_clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags)) 150 hci_remove_link_key(hdev, &conn->dst); 151 152 hci_chan_list_flush(conn); 153 154 hci_conn_hash_del(hdev, conn); 155 156 if (conn->cleanup) 157 conn->cleanup(conn); 158 159 if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { 160 switch (conn->setting & SCO_AIRMODE_MASK) { 161 case SCO_AIRMODE_CVSD: 162 case SCO_AIRMODE_TRANSP: 163 if (hdev->notify) 164 hdev->notify(hdev, HCI_NOTIFY_DISABLE_SCO); 165 break; 166 } 167 } else { 168 if (hdev->notify) 169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 170 } 171 172 hci_conn_del_sysfs(conn); 173 174 debugfs_remove_recursive(conn->debugfs); 175 176 hci_dev_put(hdev); 177 178 hci_conn_put(conn); 179 } 180 181 static void le_scan_cleanup(struct work_struct *work) 182 { 183 struct hci_conn *conn = container_of(work, struct hci_conn, 184 le_scan_cleanup); 185 struct hci_dev *hdev = conn->hdev; 186 struct hci_conn *c = NULL; 187 188 BT_DBG("%s hcon %p", hdev->name, conn); 189 190 hci_dev_lock(hdev); 191 192 /* Check that the hci_conn is still around */ 193 rcu_read_lock(); 194 list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) { 195 if (c == conn) 196 break; 197 } 198 rcu_read_unlock(); 199 200 if (c == conn) { 201 hci_connect_le_scan_cleanup(conn, 0x00); 202 hci_conn_cleanup(conn); 203 } 204 205 hci_dev_unlock(hdev); 206 hci_dev_put(hdev); 207 hci_conn_put(conn); 208 } 209 210 static void hci_connect_le_scan_remove(struct hci_conn *conn) 211 { 212 BT_DBG("%s hcon %p", conn->hdev->name, conn); 213 214 /* We can't call hci_conn_del/hci_conn_cleanup here since that 215 * could deadlock with another hci_conn_del() call that's holding 216 * hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work). 217 * Instead, grab temporary extra references to the hci_dev and 218 * hci_conn and perform the necessary cleanup in a separate work 219 * callback. 220 */ 221 222 hci_dev_hold(conn->hdev); 223 hci_conn_get(conn); 224 225 /* Even though we hold a reference to the hdev, many other 226 * things might get cleaned up meanwhile, including the hdev's 227 * own workqueue, so we can't use that for scheduling. 228 */ 229 schedule_work(&conn->le_scan_cleanup); 230 } 231 232 static void hci_acl_create_connection(struct hci_conn *conn) 233 { 234 struct hci_dev *hdev = conn->hdev; 235 struct inquiry_entry *ie; 236 struct hci_cp_create_conn cp; 237 238 BT_DBG("hcon %p", conn); 239 240 /* Many controllers disallow HCI Create Connection while it is doing 241 * HCI Inquiry. So we cancel the Inquiry first before issuing HCI Create 242 * Connection. This may cause the MGMT discovering state to become false 243 * without user space's request but it is okay since the MGMT Discovery 244 * APIs do not promise that discovery should be done forever. Instead, 245 * the user space monitors the status of MGMT discovering and it may 246 * request for discovery again when this flag becomes false. 247 */ 248 if (test_bit(HCI_INQUIRY, &hdev->flags)) { 249 /* Put this connection to "pending" state so that it will be 250 * executed after the inquiry cancel command complete event. 251 */ 252 conn->state = BT_CONNECT2; 253 hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 254 return; 255 } 256 257 conn->state = BT_CONNECT; 258 conn->out = true; 259 conn->role = HCI_ROLE_MASTER; 260 261 conn->attempt++; 262 263 conn->link_policy = hdev->link_policy; 264 265 memset(&cp, 0, sizeof(cp)); 266 bacpy(&cp.bdaddr, &conn->dst); 267 cp.pscan_rep_mode = 0x02; 268 269 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 270 if (ie) { 271 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 272 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 273 cp.pscan_mode = ie->data.pscan_mode; 274 cp.clock_offset = ie->data.clock_offset | 275 cpu_to_le16(0x8000); 276 } 277 278 memcpy(conn->dev_class, ie->data.dev_class, 3); 279 } 280 281 cp.pkt_type = cpu_to_le16(conn->pkt_type); 282 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 283 cp.role_switch = 0x01; 284 else 285 cp.role_switch = 0x00; 286 287 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 288 } 289 290 int hci_disconnect(struct hci_conn *conn, __u8 reason) 291 { 292 BT_DBG("hcon %p", conn); 293 294 /* When we are central of an established connection and it enters 295 * the disconnect timeout, then go ahead and try to read the 296 * current clock offset. Processing of the result is done 297 * within the event handling and hci_clock_offset_evt function. 298 */ 299 if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER && 300 (conn->state == BT_CONNECTED || conn->state == BT_CONFIG)) { 301 struct hci_dev *hdev = conn->hdev; 302 struct hci_cp_read_clock_offset clkoff_cp; 303 304 clkoff_cp.handle = cpu_to_le16(conn->handle); 305 hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp), 306 &clkoff_cp); 307 } 308 309 return hci_abort_conn(conn, reason); 310 } 311 312 static void hci_add_sco(struct hci_conn *conn, __u16 handle) 313 { 314 struct hci_dev *hdev = conn->hdev; 315 struct hci_cp_add_sco cp; 316 317 BT_DBG("hcon %p", conn); 318 319 conn->state = BT_CONNECT; 320 conn->out = true; 321 322 conn->attempt++; 323 324 cp.handle = cpu_to_le16(handle); 325 cp.pkt_type = cpu_to_le16(conn->pkt_type); 326 327 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 328 } 329 330 static bool find_next_esco_param(struct hci_conn *conn, 331 const struct sco_param *esco_param, int size) 332 { 333 if (!conn->parent) 334 return false; 335 336 for (; conn->attempt <= size; conn->attempt++) { 337 if (lmp_esco_2m_capable(conn->parent) || 338 (esco_param[conn->attempt - 1].pkt_type & ESCO_2EV3)) 339 break; 340 BT_DBG("hcon %p skipped attempt %d, eSCO 2M not supported", 341 conn, conn->attempt); 342 } 343 344 return conn->attempt <= size; 345 } 346 347 static int configure_datapath_sync(struct hci_dev *hdev, struct bt_codec *codec) 348 { 349 int err; 350 __u8 vnd_len, *vnd_data = NULL; 351 struct hci_op_configure_data_path *cmd = NULL; 352 353 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len, 354 &vnd_data); 355 if (err < 0) 356 goto error; 357 358 cmd = kzalloc(sizeof(*cmd) + vnd_len, GFP_KERNEL); 359 if (!cmd) { 360 err = -ENOMEM; 361 goto error; 362 } 363 364 err = hdev->get_data_path_id(hdev, &cmd->data_path_id); 365 if (err < 0) 366 goto error; 367 368 cmd->vnd_len = vnd_len; 369 memcpy(cmd->vnd_data, vnd_data, vnd_len); 370 371 cmd->direction = 0x00; 372 __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, 373 sizeof(*cmd) + vnd_len, cmd, HCI_CMD_TIMEOUT); 374 375 cmd->direction = 0x01; 376 err = __hci_cmd_sync_status(hdev, HCI_CONFIGURE_DATA_PATH, 377 sizeof(*cmd) + vnd_len, cmd, 378 HCI_CMD_TIMEOUT); 379 error: 380 381 kfree(cmd); 382 kfree(vnd_data); 383 return err; 384 } 385 386 static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data) 387 { 388 struct conn_handle_t *conn_handle = data; 389 struct hci_conn *conn = conn_handle->conn; 390 __u16 handle = conn_handle->handle; 391 struct hci_cp_enhanced_setup_sync_conn cp; 392 const struct sco_param *param; 393 394 kfree(conn_handle); 395 396 bt_dev_dbg(hdev, "hcon %p", conn); 397 398 /* for offload use case, codec needs to configured before opening SCO */ 399 if (conn->codec.data_path) 400 configure_datapath_sync(hdev, &conn->codec); 401 402 conn->state = BT_CONNECT; 403 conn->out = true; 404 405 conn->attempt++; 406 407 memset(&cp, 0x00, sizeof(cp)); 408 409 cp.handle = cpu_to_le16(handle); 410 411 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 412 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 413 414 switch (conn->codec.id) { 415 case BT_CODEC_MSBC: 416 if (!find_next_esco_param(conn, esco_param_msbc, 417 ARRAY_SIZE(esco_param_msbc))) 418 return -EINVAL; 419 420 param = &esco_param_msbc[conn->attempt - 1]; 421 cp.tx_coding_format.id = 0x05; 422 cp.rx_coding_format.id = 0x05; 423 cp.tx_codec_frame_size = __cpu_to_le16(60); 424 cp.rx_codec_frame_size = __cpu_to_le16(60); 425 cp.in_bandwidth = __cpu_to_le32(32000); 426 cp.out_bandwidth = __cpu_to_le32(32000); 427 cp.in_coding_format.id = 0x04; 428 cp.out_coding_format.id = 0x04; 429 cp.in_coded_data_size = __cpu_to_le16(16); 430 cp.out_coded_data_size = __cpu_to_le16(16); 431 cp.in_pcm_data_format = 2; 432 cp.out_pcm_data_format = 2; 433 cp.in_pcm_sample_payload_msb_pos = 0; 434 cp.out_pcm_sample_payload_msb_pos = 0; 435 cp.in_data_path = conn->codec.data_path; 436 cp.out_data_path = conn->codec.data_path; 437 cp.in_transport_unit_size = 1; 438 cp.out_transport_unit_size = 1; 439 break; 440 441 case BT_CODEC_TRANSPARENT: 442 if (!find_next_esco_param(conn, esco_param_msbc, 443 ARRAY_SIZE(esco_param_msbc))) 444 return false; 445 param = &esco_param_msbc[conn->attempt - 1]; 446 cp.tx_coding_format.id = 0x03; 447 cp.rx_coding_format.id = 0x03; 448 cp.tx_codec_frame_size = __cpu_to_le16(60); 449 cp.rx_codec_frame_size = __cpu_to_le16(60); 450 cp.in_bandwidth = __cpu_to_le32(0x1f40); 451 cp.out_bandwidth = __cpu_to_le32(0x1f40); 452 cp.in_coding_format.id = 0x03; 453 cp.out_coding_format.id = 0x03; 454 cp.in_coded_data_size = __cpu_to_le16(16); 455 cp.out_coded_data_size = __cpu_to_le16(16); 456 cp.in_pcm_data_format = 2; 457 cp.out_pcm_data_format = 2; 458 cp.in_pcm_sample_payload_msb_pos = 0; 459 cp.out_pcm_sample_payload_msb_pos = 0; 460 cp.in_data_path = conn->codec.data_path; 461 cp.out_data_path = conn->codec.data_path; 462 cp.in_transport_unit_size = 1; 463 cp.out_transport_unit_size = 1; 464 break; 465 466 case BT_CODEC_CVSD: 467 if (conn->parent && lmp_esco_capable(conn->parent)) { 468 if (!find_next_esco_param(conn, esco_param_cvsd, 469 ARRAY_SIZE(esco_param_cvsd))) 470 return -EINVAL; 471 param = &esco_param_cvsd[conn->attempt - 1]; 472 } else { 473 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) 474 return -EINVAL; 475 param = &sco_param_cvsd[conn->attempt - 1]; 476 } 477 cp.tx_coding_format.id = 2; 478 cp.rx_coding_format.id = 2; 479 cp.tx_codec_frame_size = __cpu_to_le16(60); 480 cp.rx_codec_frame_size = __cpu_to_le16(60); 481 cp.in_bandwidth = __cpu_to_le32(16000); 482 cp.out_bandwidth = __cpu_to_le32(16000); 483 cp.in_coding_format.id = 4; 484 cp.out_coding_format.id = 4; 485 cp.in_coded_data_size = __cpu_to_le16(16); 486 cp.out_coded_data_size = __cpu_to_le16(16); 487 cp.in_pcm_data_format = 2; 488 cp.out_pcm_data_format = 2; 489 cp.in_pcm_sample_payload_msb_pos = 0; 490 cp.out_pcm_sample_payload_msb_pos = 0; 491 cp.in_data_path = conn->codec.data_path; 492 cp.out_data_path = conn->codec.data_path; 493 cp.in_transport_unit_size = 16; 494 cp.out_transport_unit_size = 16; 495 break; 496 default: 497 return -EINVAL; 498 } 499 500 cp.retrans_effort = param->retrans_effort; 501 cp.pkt_type = __cpu_to_le16(param->pkt_type); 502 cp.max_latency = __cpu_to_le16(param->max_latency); 503 504 if (hci_send_cmd(hdev, HCI_OP_ENHANCED_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) 505 return -EIO; 506 507 return 0; 508 } 509 510 static bool hci_setup_sync_conn(struct hci_conn *conn, __u16 handle) 511 { 512 struct hci_dev *hdev = conn->hdev; 513 struct hci_cp_setup_sync_conn cp; 514 const struct sco_param *param; 515 516 bt_dev_dbg(hdev, "hcon %p", conn); 517 518 conn->state = BT_CONNECT; 519 conn->out = true; 520 521 conn->attempt++; 522 523 cp.handle = cpu_to_le16(handle); 524 525 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 526 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 527 cp.voice_setting = cpu_to_le16(conn->setting); 528 529 switch (conn->setting & SCO_AIRMODE_MASK) { 530 case SCO_AIRMODE_TRANSP: 531 if (!find_next_esco_param(conn, esco_param_msbc, 532 ARRAY_SIZE(esco_param_msbc))) 533 return false; 534 param = &esco_param_msbc[conn->attempt - 1]; 535 break; 536 case SCO_AIRMODE_CVSD: 537 if (conn->parent && lmp_esco_capable(conn->parent)) { 538 if (!find_next_esco_param(conn, esco_param_cvsd, 539 ARRAY_SIZE(esco_param_cvsd))) 540 return false; 541 param = &esco_param_cvsd[conn->attempt - 1]; 542 } else { 543 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd)) 544 return false; 545 param = &sco_param_cvsd[conn->attempt - 1]; 546 } 547 break; 548 default: 549 return false; 550 } 551 552 cp.retrans_effort = param->retrans_effort; 553 cp.pkt_type = __cpu_to_le16(param->pkt_type); 554 cp.max_latency = __cpu_to_le16(param->max_latency); 555 556 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0) 557 return false; 558 559 return true; 560 } 561 562 bool hci_setup_sync(struct hci_conn *conn, __u16 handle) 563 { 564 int result; 565 struct conn_handle_t *conn_handle; 566 567 if (enhanced_sync_conn_capable(conn->hdev)) { 568 conn_handle = kzalloc(sizeof(*conn_handle), GFP_KERNEL); 569 570 if (!conn_handle) 571 return false; 572 573 conn_handle->conn = conn; 574 conn_handle->handle = handle; 575 result = hci_cmd_sync_queue(conn->hdev, hci_enhanced_setup_sync, 576 conn_handle, NULL); 577 if (result < 0) 578 kfree(conn_handle); 579 580 return result == 0; 581 } 582 583 return hci_setup_sync_conn(conn, handle); 584 } 585 586 u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, 587 u16 to_multiplier) 588 { 589 struct hci_dev *hdev = conn->hdev; 590 struct hci_conn_params *params; 591 struct hci_cp_le_conn_update cp; 592 593 hci_dev_lock(hdev); 594 595 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); 596 if (params) { 597 params->conn_min_interval = min; 598 params->conn_max_interval = max; 599 params->conn_latency = latency; 600 params->supervision_timeout = to_multiplier; 601 } 602 603 hci_dev_unlock(hdev); 604 605 memset(&cp, 0, sizeof(cp)); 606 cp.handle = cpu_to_le16(conn->handle); 607 cp.conn_interval_min = cpu_to_le16(min); 608 cp.conn_interval_max = cpu_to_le16(max); 609 cp.conn_latency = cpu_to_le16(latency); 610 cp.supervision_timeout = cpu_to_le16(to_multiplier); 611 cp.min_ce_len = cpu_to_le16(0x0000); 612 cp.max_ce_len = cpu_to_le16(0x0000); 613 614 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); 615 616 if (params) 617 return 0x01; 618 619 return 0x00; 620 } 621 622 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, 623 __u8 ltk[16], __u8 key_size) 624 { 625 struct hci_dev *hdev = conn->hdev; 626 struct hci_cp_le_start_enc cp; 627 628 BT_DBG("hcon %p", conn); 629 630 memset(&cp, 0, sizeof(cp)); 631 632 cp.handle = cpu_to_le16(conn->handle); 633 cp.rand = rand; 634 cp.ediv = ediv; 635 memcpy(cp.ltk, ltk, key_size); 636 637 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); 638 } 639 640 /* Device _must_ be locked */ 641 void hci_sco_setup(struct hci_conn *conn, __u8 status) 642 { 643 struct hci_link *link; 644 645 link = list_first_entry_or_null(&conn->link_list, struct hci_link, list); 646 if (!link || !link->conn) 647 return; 648 649 BT_DBG("hcon %p", conn); 650 651 if (!status) { 652 if (lmp_esco_capable(conn->hdev)) 653 hci_setup_sync(link->conn, conn->handle); 654 else 655 hci_add_sco(link->conn, conn->handle); 656 } else { 657 hci_connect_cfm(link->conn, status); 658 hci_conn_del(link->conn); 659 } 660 } 661 662 static void hci_conn_timeout(struct work_struct *work) 663 { 664 struct hci_conn *conn = container_of(work, struct hci_conn, 665 disc_work.work); 666 int refcnt = atomic_read(&conn->refcnt); 667 668 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); 669 670 WARN_ON(refcnt < 0); 671 672 /* FIXME: It was observed that in pairing failed scenario, refcnt 673 * drops below 0. Probably this is because l2cap_conn_del calls 674 * l2cap_chan_del for each channel, and inside l2cap_chan_del conn is 675 * dropped. After that loop hci_chan_del is called which also drops 676 * conn. For now make sure that ACL is alive if refcnt is higher then 0, 677 * otherwise drop it. 678 */ 679 if (refcnt > 0) 680 return; 681 682 /* LE connections in scanning state need special handling */ 683 if (conn->state == BT_CONNECT && conn->type == LE_LINK && 684 test_bit(HCI_CONN_SCANNING, &conn->flags)) { 685 hci_connect_le_scan_remove(conn); 686 return; 687 } 688 689 hci_abort_conn(conn, hci_proto_disconn_ind(conn)); 690 } 691 692 /* Enter sniff mode */ 693 static void hci_conn_idle(struct work_struct *work) 694 { 695 struct hci_conn *conn = container_of(work, struct hci_conn, 696 idle_work.work); 697 struct hci_dev *hdev = conn->hdev; 698 699 BT_DBG("hcon %p mode %d", conn, conn->mode); 700 701 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 702 return; 703 704 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 705 return; 706 707 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 708 struct hci_cp_sniff_subrate cp; 709 cp.handle = cpu_to_le16(conn->handle); 710 cp.max_latency = cpu_to_le16(0); 711 cp.min_remote_timeout = cpu_to_le16(0); 712 cp.min_local_timeout = cpu_to_le16(0); 713 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 714 } 715 716 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { 717 struct hci_cp_sniff_mode cp; 718 cp.handle = cpu_to_le16(conn->handle); 719 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 720 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 721 cp.attempt = cpu_to_le16(4); 722 cp.timeout = cpu_to_le16(1); 723 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 724 } 725 } 726 727 static void hci_conn_auto_accept(struct work_struct *work) 728 { 729 struct hci_conn *conn = container_of(work, struct hci_conn, 730 auto_accept_work.work); 731 732 hci_send_cmd(conn->hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst), 733 &conn->dst); 734 } 735 736 static void le_disable_advertising(struct hci_dev *hdev) 737 { 738 if (ext_adv_capable(hdev)) { 739 struct hci_cp_le_set_ext_adv_enable cp; 740 741 cp.enable = 0x00; 742 cp.num_of_sets = 0x00; 743 744 hci_send_cmd(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), 745 &cp); 746 } else { 747 u8 enable = 0x00; 748 hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), 749 &enable); 750 } 751 } 752 753 static void le_conn_timeout(struct work_struct *work) 754 { 755 struct hci_conn *conn = container_of(work, struct hci_conn, 756 le_conn_timeout.work); 757 struct hci_dev *hdev = conn->hdev; 758 759 BT_DBG(""); 760 761 /* We could end up here due to having done directed advertising, 762 * so clean up the state if necessary. This should however only 763 * happen with broken hardware or if low duty cycle was used 764 * (which doesn't have a timeout of its own). 765 */ 766 if (conn->role == HCI_ROLE_SLAVE) { 767 /* Disable LE Advertising */ 768 le_disable_advertising(hdev); 769 hci_dev_lock(hdev); 770 hci_conn_failed(conn, HCI_ERROR_ADVERTISING_TIMEOUT); 771 hci_dev_unlock(hdev); 772 return; 773 } 774 775 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 776 } 777 778 struct iso_list_data { 779 union { 780 u8 cig; 781 u8 big; 782 }; 783 union { 784 u8 cis; 785 u8 bis; 786 u16 sync_handle; 787 }; 788 int count; 789 struct { 790 struct hci_cp_le_set_cig_params cp; 791 struct hci_cis_params cis[0x11]; 792 } pdu; 793 }; 794 795 static void bis_list(struct hci_conn *conn, void *data) 796 { 797 struct iso_list_data *d = data; 798 799 /* Skip if not broadcast/ANY address */ 800 if (bacmp(&conn->dst, BDADDR_ANY)) 801 return; 802 803 if (d->big != conn->iso_qos.bcast.big || d->bis == BT_ISO_QOS_BIS_UNSET || 804 d->bis != conn->iso_qos.bcast.bis) 805 return; 806 807 d->count++; 808 } 809 810 static void find_bis(struct hci_conn *conn, void *data) 811 { 812 struct iso_list_data *d = data; 813 814 /* Ignore unicast */ 815 if (bacmp(&conn->dst, BDADDR_ANY)) 816 return; 817 818 d->count++; 819 } 820 821 static int terminate_big_sync(struct hci_dev *hdev, void *data) 822 { 823 struct iso_list_data *d = data; 824 825 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis); 826 827 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL); 828 829 /* Check if ISO connection is a BIS and terminate BIG if there are 830 * no other connections using it. 831 */ 832 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d); 833 if (d->count) 834 return 0; 835 836 return hci_le_terminate_big_sync(hdev, d->big, 837 HCI_ERROR_LOCAL_HOST_TERM); 838 } 839 840 static void terminate_big_destroy(struct hci_dev *hdev, void *data, int err) 841 { 842 kfree(data); 843 } 844 845 static int hci_le_terminate_big(struct hci_dev *hdev, u8 big, u8 bis) 846 { 847 struct iso_list_data *d; 848 int ret; 849 850 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis); 851 852 d = kzalloc(sizeof(*d), GFP_KERNEL); 853 if (!d) 854 return -ENOMEM; 855 856 d->big = big; 857 d->bis = bis; 858 859 ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d, 860 terminate_big_destroy); 861 if (ret) 862 kfree(d); 863 864 return ret; 865 } 866 867 static int big_terminate_sync(struct hci_dev *hdev, void *data) 868 { 869 struct iso_list_data *d = data; 870 871 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big, 872 d->sync_handle); 873 874 /* Check if ISO connection is a BIS and terminate BIG if there are 875 * no other connections using it. 876 */ 877 hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d); 878 if (d->count) 879 return 0; 880 881 hci_le_big_terminate_sync(hdev, d->big); 882 883 return hci_le_pa_terminate_sync(hdev, d->sync_handle); 884 } 885 886 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, u16 sync_handle) 887 { 888 struct iso_list_data *d; 889 int ret; 890 891 bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle); 892 893 d = kzalloc(sizeof(*d), GFP_KERNEL); 894 if (!d) 895 return -ENOMEM; 896 897 d->big = big; 898 d->sync_handle = sync_handle; 899 900 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d, 901 terminate_big_destroy); 902 if (ret) 903 kfree(d); 904 905 return ret; 906 } 907 908 /* Cleanup BIS connection 909 * 910 * Detects if there any BIS left connected in a BIG 911 * broadcaster: Remove advertising instance and terminate BIG. 912 * broadcaster receiver: Teminate BIG sync and terminate PA sync. 913 */ 914 static void bis_cleanup(struct hci_conn *conn) 915 { 916 struct hci_dev *hdev = conn->hdev; 917 918 bt_dev_dbg(hdev, "conn %p", conn); 919 920 if (conn->role == HCI_ROLE_MASTER) { 921 if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags)) 922 return; 923 924 hci_le_terminate_big(hdev, conn->iso_qos.bcast.big, 925 conn->iso_qos.bcast.bis); 926 } else { 927 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big, 928 conn->sync_handle); 929 } 930 } 931 932 static int remove_cig_sync(struct hci_dev *hdev, void *data) 933 { 934 u8 handle = PTR_ERR(data); 935 936 return hci_le_remove_cig_sync(hdev, handle); 937 } 938 939 static int hci_le_remove_cig(struct hci_dev *hdev, u8 handle) 940 { 941 bt_dev_dbg(hdev, "handle 0x%2.2x", handle); 942 943 return hci_cmd_sync_queue(hdev, remove_cig_sync, ERR_PTR(handle), NULL); 944 } 945 946 static void find_cis(struct hci_conn *conn, void *data) 947 { 948 struct iso_list_data *d = data; 949 950 /* Ignore broadcast */ 951 if (!bacmp(&conn->dst, BDADDR_ANY)) 952 return; 953 954 d->count++; 955 } 956 957 /* Cleanup CIS connection: 958 * 959 * Detects if there any CIS left connected in a CIG and remove it. 960 */ 961 static void cis_cleanup(struct hci_conn *conn) 962 { 963 struct hci_dev *hdev = conn->hdev; 964 struct iso_list_data d; 965 966 memset(&d, 0, sizeof(d)); 967 d.cig = conn->iso_qos.ucast.cig; 968 969 /* Check if ISO connection is a CIS and remove CIG if there are 970 * no other connections using it. 971 */ 972 hci_conn_hash_list_state(hdev, find_cis, ISO_LINK, BT_CONNECTED, &d); 973 if (d.count) 974 return; 975 976 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig); 977 } 978 979 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 980 u8 role) 981 { 982 struct hci_conn *conn; 983 984 BT_DBG("%s dst %pMR", hdev->name, dst); 985 986 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 987 if (!conn) 988 return NULL; 989 990 bacpy(&conn->dst, dst); 991 bacpy(&conn->src, &hdev->bdaddr); 992 conn->handle = HCI_CONN_HANDLE_UNSET; 993 conn->hdev = hdev; 994 conn->type = type; 995 conn->role = role; 996 conn->mode = HCI_CM_ACTIVE; 997 conn->state = BT_OPEN; 998 conn->auth_type = HCI_AT_GENERAL_BONDING; 999 conn->io_capability = hdev->io_capability; 1000 conn->remote_auth = 0xff; 1001 conn->key_type = 0xff; 1002 conn->rssi = HCI_RSSI_INVALID; 1003 conn->tx_power = HCI_TX_POWER_INVALID; 1004 conn->max_tx_power = HCI_TX_POWER_INVALID; 1005 1006 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 1007 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1008 1009 /* Set Default Authenticated payload timeout to 30s */ 1010 conn->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; 1011 1012 if (conn->role == HCI_ROLE_MASTER) 1013 conn->out = true; 1014 1015 switch (type) { 1016 case ACL_LINK: 1017 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 1018 break; 1019 case LE_LINK: 1020 /* conn->src should reflect the local identity address */ 1021 hci_copy_identity_address(hdev, &conn->src, &conn->src_type); 1022 break; 1023 case ISO_LINK: 1024 /* conn->src should reflect the local identity address */ 1025 hci_copy_identity_address(hdev, &conn->src, &conn->src_type); 1026 1027 /* set proper cleanup function */ 1028 if (!bacmp(dst, BDADDR_ANY)) 1029 conn->cleanup = bis_cleanup; 1030 else if (conn->role == HCI_ROLE_MASTER) 1031 conn->cleanup = cis_cleanup; 1032 1033 break; 1034 case SCO_LINK: 1035 if (lmp_esco_capable(hdev)) 1036 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1037 (hdev->esco_type & EDR_ESCO_MASK); 1038 else 1039 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 1040 break; 1041 case ESCO_LINK: 1042 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 1043 break; 1044 } 1045 1046 skb_queue_head_init(&conn->data_q); 1047 1048 INIT_LIST_HEAD(&conn->chan_list); 1049 INIT_LIST_HEAD(&conn->link_list); 1050 1051 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); 1052 INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); 1053 INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); 1054 INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); 1055 INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup); 1056 1057 atomic_set(&conn->refcnt, 0); 1058 1059 hci_dev_hold(hdev); 1060 1061 hci_conn_hash_add(hdev, conn); 1062 1063 /* The SCO and eSCO connections will only be notified when their 1064 * setup has been completed. This is different to ACL links which 1065 * can be notified right away. 1066 */ 1067 if (conn->type != SCO_LINK && conn->type != ESCO_LINK) { 1068 if (hdev->notify) 1069 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 1070 } 1071 1072 hci_conn_init_sysfs(conn); 1073 1074 return conn; 1075 } 1076 1077 static void hci_conn_unlink(struct hci_conn *conn) 1078 { 1079 struct hci_dev *hdev = conn->hdev; 1080 1081 bt_dev_dbg(hdev, "hcon %p", conn); 1082 1083 if (!conn->parent) { 1084 struct hci_link *link, *t; 1085 1086 list_for_each_entry_safe(link, t, &conn->link_list, list) { 1087 struct hci_conn *child = link->conn; 1088 1089 hci_conn_unlink(child); 1090 1091 /* If hdev is down it means 1092 * hci_dev_close_sync/hci_conn_hash_flush is in progress 1093 * and links don't need to be cleanup as all connections 1094 * would be cleanup. 1095 */ 1096 if (!test_bit(HCI_UP, &hdev->flags)) 1097 continue; 1098 1099 /* Due to race, SCO connection might be not established 1100 * yet at this point. Delete it now, otherwise it is 1101 * possible for it to be stuck and can't be deleted. 1102 */ 1103 if ((child->type == SCO_LINK || 1104 child->type == ESCO_LINK) && 1105 child->handle == HCI_CONN_HANDLE_UNSET) 1106 hci_conn_del(child); 1107 } 1108 1109 return; 1110 } 1111 1112 if (!conn->link) 1113 return; 1114 1115 list_del_rcu(&conn->link->list); 1116 synchronize_rcu(); 1117 1118 hci_conn_drop(conn->parent); 1119 hci_conn_put(conn->parent); 1120 conn->parent = NULL; 1121 1122 kfree(conn->link); 1123 conn->link = NULL; 1124 } 1125 1126 void hci_conn_del(struct hci_conn *conn) 1127 { 1128 struct hci_dev *hdev = conn->hdev; 1129 1130 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle); 1131 1132 hci_conn_unlink(conn); 1133 1134 cancel_delayed_work_sync(&conn->disc_work); 1135 cancel_delayed_work_sync(&conn->auto_accept_work); 1136 cancel_delayed_work_sync(&conn->idle_work); 1137 1138 if (conn->type == ACL_LINK) { 1139 /* Unacked frames */ 1140 hdev->acl_cnt += conn->sent; 1141 } else if (conn->type == LE_LINK) { 1142 cancel_delayed_work(&conn->le_conn_timeout); 1143 1144 if (hdev->le_pkts) 1145 hdev->le_cnt += conn->sent; 1146 else 1147 hdev->acl_cnt += conn->sent; 1148 } else { 1149 /* Unacked ISO frames */ 1150 if (conn->type == ISO_LINK) { 1151 if (hdev->iso_pkts) 1152 hdev->iso_cnt += conn->sent; 1153 else if (hdev->le_pkts) 1154 hdev->le_cnt += conn->sent; 1155 else 1156 hdev->acl_cnt += conn->sent; 1157 } 1158 } 1159 1160 if (conn->amp_mgr) 1161 amp_mgr_put(conn->amp_mgr); 1162 1163 skb_queue_purge(&conn->data_q); 1164 1165 /* Remove the connection from the list and cleanup its remaining 1166 * state. This is a separate function since for some cases like 1167 * BT_CONNECT_SCAN we *only* want the cleanup part without the 1168 * rest of hci_conn_del. 1169 */ 1170 hci_conn_cleanup(conn); 1171 } 1172 1173 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src, uint8_t src_type) 1174 { 1175 int use_src = bacmp(src, BDADDR_ANY); 1176 struct hci_dev *hdev = NULL, *d; 1177 1178 BT_DBG("%pMR -> %pMR", src, dst); 1179 1180 read_lock(&hci_dev_list_lock); 1181 1182 list_for_each_entry(d, &hci_dev_list, list) { 1183 if (!test_bit(HCI_UP, &d->flags) || 1184 hci_dev_test_flag(d, HCI_USER_CHANNEL) || 1185 d->dev_type != HCI_PRIMARY) 1186 continue; 1187 1188 /* Simple routing: 1189 * No source address - find interface with bdaddr != dst 1190 * Source address - find interface with bdaddr == src 1191 */ 1192 1193 if (use_src) { 1194 bdaddr_t id_addr; 1195 u8 id_addr_type; 1196 1197 if (src_type == BDADDR_BREDR) { 1198 if (!lmp_bredr_capable(d)) 1199 continue; 1200 bacpy(&id_addr, &d->bdaddr); 1201 id_addr_type = BDADDR_BREDR; 1202 } else { 1203 if (!lmp_le_capable(d)) 1204 continue; 1205 1206 hci_copy_identity_address(d, &id_addr, 1207 &id_addr_type); 1208 1209 /* Convert from HCI to three-value type */ 1210 if (id_addr_type == ADDR_LE_DEV_PUBLIC) 1211 id_addr_type = BDADDR_LE_PUBLIC; 1212 else 1213 id_addr_type = BDADDR_LE_RANDOM; 1214 } 1215 1216 if (!bacmp(&id_addr, src) && id_addr_type == src_type) { 1217 hdev = d; break; 1218 } 1219 } else { 1220 if (bacmp(&d->bdaddr, dst)) { 1221 hdev = d; break; 1222 } 1223 } 1224 } 1225 1226 if (hdev) 1227 hdev = hci_dev_hold(hdev); 1228 1229 read_unlock(&hci_dev_list_lock); 1230 return hdev; 1231 } 1232 EXPORT_SYMBOL(hci_get_route); 1233 1234 /* This function requires the caller holds hdev->lock */ 1235 static void hci_le_conn_failed(struct hci_conn *conn, u8 status) 1236 { 1237 struct hci_dev *hdev = conn->hdev; 1238 1239 hci_connect_le_scan_cleanup(conn, status); 1240 1241 /* Enable advertising in case this was a failed connection 1242 * attempt as a peripheral. 1243 */ 1244 hci_enable_advertising(hdev); 1245 } 1246 1247 /* This function requires the caller holds hdev->lock */ 1248 void hci_conn_failed(struct hci_conn *conn, u8 status) 1249 { 1250 struct hci_dev *hdev = conn->hdev; 1251 1252 bt_dev_dbg(hdev, "status 0x%2.2x", status); 1253 1254 switch (conn->type) { 1255 case LE_LINK: 1256 hci_le_conn_failed(conn, status); 1257 break; 1258 case ACL_LINK: 1259 mgmt_connect_failed(hdev, &conn->dst, conn->type, 1260 conn->dst_type, status); 1261 break; 1262 } 1263 1264 conn->state = BT_CLOSED; 1265 hci_connect_cfm(conn, status); 1266 hci_conn_del(conn); 1267 } 1268 1269 static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err) 1270 { 1271 struct hci_conn *conn = data; 1272 1273 bt_dev_dbg(hdev, "err %d", err); 1274 1275 hci_dev_lock(hdev); 1276 1277 if (!err) { 1278 hci_connect_le_scan_cleanup(conn, 0x00); 1279 goto done; 1280 } 1281 1282 /* Check if connection is still pending */ 1283 if (conn != hci_lookup_le_connect(hdev)) 1284 goto done; 1285 1286 /* Flush to make sure we send create conn cancel command if needed */ 1287 flush_delayed_work(&conn->le_conn_timeout); 1288 hci_conn_failed(conn, bt_status(err)); 1289 1290 done: 1291 hci_dev_unlock(hdev); 1292 } 1293 1294 static int hci_connect_le_sync(struct hci_dev *hdev, void *data) 1295 { 1296 struct hci_conn *conn = data; 1297 1298 bt_dev_dbg(hdev, "conn %p", conn); 1299 1300 return hci_le_create_conn_sync(hdev, conn); 1301 } 1302 1303 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, 1304 u8 dst_type, bool dst_resolved, u8 sec_level, 1305 u16 conn_timeout, u8 role) 1306 { 1307 struct hci_conn *conn; 1308 struct smp_irk *irk; 1309 int err; 1310 1311 /* Let's make sure that le is enabled.*/ 1312 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1313 if (lmp_le_capable(hdev)) 1314 return ERR_PTR(-ECONNREFUSED); 1315 1316 return ERR_PTR(-EOPNOTSUPP); 1317 } 1318 1319 /* Since the controller supports only one LE connection attempt at a 1320 * time, we return -EBUSY if there is any connection attempt running. 1321 */ 1322 if (hci_lookup_le_connect(hdev)) 1323 return ERR_PTR(-EBUSY); 1324 1325 /* If there's already a connection object but it's not in 1326 * scanning state it means it must already be established, in 1327 * which case we can't do anything else except report a failure 1328 * to connect. 1329 */ 1330 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); 1331 if (conn && !test_bit(HCI_CONN_SCANNING, &conn->flags)) { 1332 return ERR_PTR(-EBUSY); 1333 } 1334 1335 /* Check if the destination address has been resolved by the controller 1336 * since if it did then the identity address shall be used. 1337 */ 1338 if (!dst_resolved) { 1339 /* When given an identity address with existing identity 1340 * resolving key, the connection needs to be established 1341 * to a resolvable random address. 1342 * 1343 * Storing the resolvable random address is required here 1344 * to handle connection failures. The address will later 1345 * be resolved back into the original identity address 1346 * from the connect request. 1347 */ 1348 irk = hci_find_irk_by_addr(hdev, dst, dst_type); 1349 if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { 1350 dst = &irk->rpa; 1351 dst_type = ADDR_LE_DEV_RANDOM; 1352 } 1353 } 1354 1355 if (conn) { 1356 bacpy(&conn->dst, dst); 1357 } else { 1358 conn = hci_conn_add(hdev, LE_LINK, dst, role); 1359 if (!conn) 1360 return ERR_PTR(-ENOMEM); 1361 hci_conn_hold(conn); 1362 conn->pending_sec_level = sec_level; 1363 } 1364 1365 conn->dst_type = dst_type; 1366 conn->sec_level = BT_SECURITY_LOW; 1367 conn->conn_timeout = conn_timeout; 1368 1369 conn->state = BT_CONNECT; 1370 clear_bit(HCI_CONN_SCANNING, &conn->flags); 1371 1372 err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, conn, 1373 create_le_conn_complete); 1374 if (err) { 1375 hci_conn_del(conn); 1376 return ERR_PTR(err); 1377 } 1378 1379 return conn; 1380 } 1381 1382 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 1383 { 1384 struct hci_conn *conn; 1385 1386 conn = hci_conn_hash_lookup_le(hdev, addr, type); 1387 if (!conn) 1388 return false; 1389 1390 if (conn->state != BT_CONNECTED) 1391 return false; 1392 1393 return true; 1394 } 1395 1396 /* This function requires the caller holds hdev->lock */ 1397 static int hci_explicit_conn_params_set(struct hci_dev *hdev, 1398 bdaddr_t *addr, u8 addr_type) 1399 { 1400 struct hci_conn_params *params; 1401 1402 if (is_connected(hdev, addr, addr_type)) 1403 return -EISCONN; 1404 1405 params = hci_conn_params_lookup(hdev, addr, addr_type); 1406 if (!params) { 1407 params = hci_conn_params_add(hdev, addr, addr_type); 1408 if (!params) 1409 return -ENOMEM; 1410 1411 /* If we created new params, mark them to be deleted in 1412 * hci_connect_le_scan_cleanup. It's different case than 1413 * existing disabled params, those will stay after cleanup. 1414 */ 1415 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 1416 } 1417 1418 /* We're trying to connect, so make sure params are at pend_le_conns */ 1419 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 1420 params->auto_connect == HCI_AUTO_CONN_REPORT || 1421 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 1422 list_del_init(¶ms->action); 1423 list_add(¶ms->action, &hdev->pend_le_conns); 1424 } 1425 1426 params->explicit_connect = true; 1427 1428 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 1429 params->auto_connect); 1430 1431 return 0; 1432 } 1433 1434 static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos) 1435 { 1436 struct iso_list_data data; 1437 1438 /* Allocate a BIG if not set */ 1439 if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) { 1440 for (data.big = 0x00; data.big < 0xef; data.big++) { 1441 data.count = 0; 1442 data.bis = 0xff; 1443 1444 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, 1445 BT_BOUND, &data); 1446 if (!data.count) 1447 break; 1448 } 1449 1450 if (data.big == 0xef) 1451 return -EADDRNOTAVAIL; 1452 1453 /* Update BIG */ 1454 qos->bcast.big = data.big; 1455 } 1456 1457 return 0; 1458 } 1459 1460 static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos) 1461 { 1462 struct iso_list_data data; 1463 1464 /* Allocate BIS if not set */ 1465 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) { 1466 /* Find an unused adv set to advertise BIS, skip instance 0x00 1467 * since it is reserved as general purpose set. 1468 */ 1469 for (data.bis = 0x01; data.bis < hdev->le_num_of_adv_sets; 1470 data.bis++) { 1471 data.count = 0; 1472 1473 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, 1474 BT_BOUND, &data); 1475 if (!data.count) 1476 break; 1477 } 1478 1479 if (data.bis == hdev->le_num_of_adv_sets) 1480 return -EADDRNOTAVAIL; 1481 1482 /* Update BIS */ 1483 qos->bcast.bis = data.bis; 1484 } 1485 1486 return 0; 1487 } 1488 1489 /* This function requires the caller holds hdev->lock */ 1490 static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, 1491 struct bt_iso_qos *qos) 1492 { 1493 struct hci_conn *conn; 1494 struct iso_list_data data; 1495 int err; 1496 1497 /* Let's make sure that le is enabled.*/ 1498 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1499 if (lmp_le_capable(hdev)) 1500 return ERR_PTR(-ECONNREFUSED); 1501 return ERR_PTR(-EOPNOTSUPP); 1502 } 1503 1504 err = qos_set_big(hdev, qos); 1505 if (err) 1506 return ERR_PTR(err); 1507 1508 err = qos_set_bis(hdev, qos); 1509 if (err) 1510 return ERR_PTR(err); 1511 1512 data.big = qos->bcast.big; 1513 data.bis = qos->bcast.bis; 1514 data.count = 0; 1515 1516 /* Check if there is already a matching BIG/BIS */ 1517 hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, BT_BOUND, &data); 1518 if (data.count) 1519 return ERR_PTR(-EADDRINUSE); 1520 1521 conn = hci_conn_hash_lookup_bis(hdev, dst, qos->bcast.big, qos->bcast.bis); 1522 if (conn) 1523 return ERR_PTR(-EADDRINUSE); 1524 1525 conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); 1526 if (!conn) 1527 return ERR_PTR(-ENOMEM); 1528 1529 set_bit(HCI_CONN_PER_ADV, &conn->flags); 1530 conn->state = BT_CONNECT; 1531 1532 hci_conn_hold(conn); 1533 return conn; 1534 } 1535 1536 /* This function requires the caller holds hdev->lock */ 1537 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, 1538 u8 dst_type, u8 sec_level, 1539 u16 conn_timeout, 1540 enum conn_reasons conn_reason) 1541 { 1542 struct hci_conn *conn; 1543 1544 /* Let's make sure that le is enabled.*/ 1545 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1546 if (lmp_le_capable(hdev)) 1547 return ERR_PTR(-ECONNREFUSED); 1548 1549 return ERR_PTR(-EOPNOTSUPP); 1550 } 1551 1552 /* Some devices send ATT messages as soon as the physical link is 1553 * established. To be able to handle these ATT messages, the user- 1554 * space first establishes the connection and then starts the pairing 1555 * process. 1556 * 1557 * So if a hci_conn object already exists for the following connection 1558 * attempt, we simply update pending_sec_level and auth_type fields 1559 * and return the object found. 1560 */ 1561 conn = hci_conn_hash_lookup_le(hdev, dst, dst_type); 1562 if (conn) { 1563 if (conn->pending_sec_level < sec_level) 1564 conn->pending_sec_level = sec_level; 1565 goto done; 1566 } 1567 1568 BT_DBG("requesting refresh of dst_addr"); 1569 1570 conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER); 1571 if (!conn) 1572 return ERR_PTR(-ENOMEM); 1573 1574 if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { 1575 hci_conn_del(conn); 1576 return ERR_PTR(-EBUSY); 1577 } 1578 1579 conn->state = BT_CONNECT; 1580 set_bit(HCI_CONN_SCANNING, &conn->flags); 1581 conn->dst_type = dst_type; 1582 conn->sec_level = BT_SECURITY_LOW; 1583 conn->pending_sec_level = sec_level; 1584 conn->conn_timeout = conn_timeout; 1585 conn->conn_reason = conn_reason; 1586 1587 hci_update_passive_scan(hdev); 1588 1589 done: 1590 hci_conn_hold(conn); 1591 return conn; 1592 } 1593 1594 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, 1595 u8 sec_level, u8 auth_type, 1596 enum conn_reasons conn_reason) 1597 { 1598 struct hci_conn *acl; 1599 1600 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1601 if (lmp_bredr_capable(hdev)) 1602 return ERR_PTR(-ECONNREFUSED); 1603 1604 return ERR_PTR(-EOPNOTSUPP); 1605 } 1606 1607 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 1608 if (!acl) { 1609 acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); 1610 if (!acl) 1611 return ERR_PTR(-ENOMEM); 1612 } 1613 1614 hci_conn_hold(acl); 1615 1616 acl->conn_reason = conn_reason; 1617 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 1618 acl->sec_level = BT_SECURITY_LOW; 1619 acl->pending_sec_level = sec_level; 1620 acl->auth_type = auth_type; 1621 hci_acl_create_connection(acl); 1622 } 1623 1624 return acl; 1625 } 1626 1627 static struct hci_link *hci_conn_link(struct hci_conn *parent, 1628 struct hci_conn *conn) 1629 { 1630 struct hci_dev *hdev = parent->hdev; 1631 struct hci_link *link; 1632 1633 bt_dev_dbg(hdev, "parent %p hcon %p", parent, conn); 1634 1635 if (conn->link) 1636 return conn->link; 1637 1638 if (conn->parent) 1639 return NULL; 1640 1641 link = kzalloc(sizeof(*link), GFP_KERNEL); 1642 if (!link) 1643 return NULL; 1644 1645 link->conn = hci_conn_hold(conn); 1646 conn->link = link; 1647 conn->parent = hci_conn_get(parent); 1648 1649 /* Use list_add_tail_rcu append to the list */ 1650 list_add_tail_rcu(&link->list, &parent->link_list); 1651 1652 return link; 1653 } 1654 1655 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, 1656 __u16 setting, struct bt_codec *codec) 1657 { 1658 struct hci_conn *acl; 1659 struct hci_conn *sco; 1660 struct hci_link *link; 1661 1662 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING, 1663 CONN_REASON_SCO_CONNECT); 1664 if (IS_ERR(acl)) 1665 return acl; 1666 1667 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 1668 if (!sco) { 1669 sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER); 1670 if (!sco) { 1671 hci_conn_drop(acl); 1672 return ERR_PTR(-ENOMEM); 1673 } 1674 } 1675 1676 link = hci_conn_link(acl, sco); 1677 if (!link) { 1678 hci_conn_drop(acl); 1679 hci_conn_drop(sco); 1680 return NULL; 1681 } 1682 1683 sco->setting = setting; 1684 sco->codec = *codec; 1685 1686 if (acl->state == BT_CONNECTED && 1687 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 1688 set_bit(HCI_CONN_POWER_SAVE, &acl->flags); 1689 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); 1690 1691 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) { 1692 /* defer SCO setup until mode change completed */ 1693 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags); 1694 return sco; 1695 } 1696 1697 hci_sco_setup(acl, 0x00); 1698 } 1699 1700 return sco; 1701 } 1702 1703 static void cis_add(struct iso_list_data *d, struct bt_iso_qos *qos) 1704 { 1705 struct hci_cis_params *cis = &d->pdu.cis[d->pdu.cp.num_cis]; 1706 1707 cis->cis_id = qos->ucast.cis; 1708 cis->c_sdu = cpu_to_le16(qos->ucast.out.sdu); 1709 cis->p_sdu = cpu_to_le16(qos->ucast.in.sdu); 1710 cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy : qos->ucast.in.phy; 1711 cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy : qos->ucast.out.phy; 1712 cis->c_rtn = qos->ucast.out.rtn; 1713 cis->p_rtn = qos->ucast.in.rtn; 1714 1715 d->pdu.cp.num_cis++; 1716 } 1717 1718 static void cis_list(struct hci_conn *conn, void *data) 1719 { 1720 struct iso_list_data *d = data; 1721 1722 /* Skip if broadcast/ANY address */ 1723 if (!bacmp(&conn->dst, BDADDR_ANY)) 1724 return; 1725 1726 if (d->cig != conn->iso_qos.ucast.cig || d->cis == BT_ISO_QOS_CIS_UNSET || 1727 d->cis != conn->iso_qos.ucast.cis) 1728 return; 1729 1730 d->count++; 1731 1732 if (d->pdu.cp.cig_id == BT_ISO_QOS_CIG_UNSET || 1733 d->count >= ARRAY_SIZE(d->pdu.cis)) 1734 return; 1735 1736 cis_add(d, &conn->iso_qos); 1737 } 1738 1739 static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos) 1740 { 1741 struct hci_dev *hdev = conn->hdev; 1742 struct hci_cp_le_create_big cp; 1743 1744 memset(&cp, 0, sizeof(cp)); 1745 1746 cp.handle = qos->bcast.big; 1747 cp.adv_handle = qos->bcast.bis; 1748 cp.num_bis = 0x01; 1749 hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval); 1750 cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu); 1751 cp.bis.latency = cpu_to_le16(qos->bcast.out.latency); 1752 cp.bis.rtn = qos->bcast.out.rtn; 1753 cp.bis.phy = qos->bcast.out.phy; 1754 cp.bis.packing = qos->bcast.packing; 1755 cp.bis.framing = qos->bcast.framing; 1756 cp.bis.encryption = qos->bcast.encryption; 1757 memcpy(cp.bis.bcode, qos->bcast.bcode, sizeof(cp.bis.bcode)); 1758 1759 return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp); 1760 } 1761 1762 static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos) 1763 { 1764 struct hci_dev *hdev = conn->hdev; 1765 struct iso_list_data data; 1766 1767 memset(&data, 0, sizeof(data)); 1768 1769 /* Allocate a CIG if not set */ 1770 if (qos->ucast.cig == BT_ISO_QOS_CIG_UNSET) { 1771 for (data.cig = 0x00; data.cig < 0xff; data.cig++) { 1772 data.count = 0; 1773 data.cis = 0xff; 1774 1775 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, 1776 BT_BOUND, &data); 1777 if (data.count) 1778 continue; 1779 1780 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, 1781 BT_CONNECTED, &data); 1782 if (!data.count) 1783 break; 1784 } 1785 1786 if (data.cig == 0xff) 1787 return false; 1788 1789 /* Update CIG */ 1790 qos->ucast.cig = data.cig; 1791 } 1792 1793 data.pdu.cp.cig_id = qos->ucast.cig; 1794 hci_cpu_to_le24(qos->ucast.out.interval, data.pdu.cp.c_interval); 1795 hci_cpu_to_le24(qos->ucast.in.interval, data.pdu.cp.p_interval); 1796 data.pdu.cp.sca = qos->ucast.sca; 1797 data.pdu.cp.packing = qos->ucast.packing; 1798 data.pdu.cp.framing = qos->ucast.framing; 1799 data.pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency); 1800 data.pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency); 1801 1802 if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) { 1803 data.count = 0; 1804 data.cig = qos->ucast.cig; 1805 data.cis = qos->ucast.cis; 1806 1807 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND, 1808 &data); 1809 if (data.count) 1810 return false; 1811 1812 cis_add(&data, qos); 1813 } 1814 1815 /* Reprogram all CIS(s) with the same CIG */ 1816 for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0x11; 1817 data.cis++) { 1818 data.count = 0; 1819 1820 hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND, 1821 &data); 1822 if (data.count) 1823 continue; 1824 1825 /* Allocate a CIS if not set */ 1826 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) { 1827 /* Update CIS */ 1828 qos->ucast.cis = data.cis; 1829 cis_add(&data, qos); 1830 } 1831 } 1832 1833 if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET || !data.pdu.cp.num_cis) 1834 return false; 1835 1836 if (hci_send_cmd(hdev, HCI_OP_LE_SET_CIG_PARAMS, 1837 sizeof(data.pdu.cp) + 1838 (data.pdu.cp.num_cis * sizeof(*data.pdu.cis)), 1839 &data.pdu) < 0) 1840 return false; 1841 1842 return true; 1843 } 1844 1845 struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, 1846 __u8 dst_type, struct bt_iso_qos *qos) 1847 { 1848 struct hci_conn *cis; 1849 1850 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, 1851 qos->ucast.cis); 1852 if (!cis) { 1853 cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); 1854 if (!cis) 1855 return ERR_PTR(-ENOMEM); 1856 cis->cleanup = cis_cleanup; 1857 cis->dst_type = dst_type; 1858 } 1859 1860 if (cis->state == BT_CONNECTED) 1861 return cis; 1862 1863 /* Check if CIS has been set and the settings matches */ 1864 if (cis->state == BT_BOUND && 1865 !memcmp(&cis->iso_qos, qos, sizeof(*qos))) 1866 return cis; 1867 1868 /* Update LINK PHYs according to QoS preference */ 1869 cis->le_tx_phy = qos->ucast.out.phy; 1870 cis->le_rx_phy = qos->ucast.in.phy; 1871 1872 /* If output interval is not set use the input interval as it cannot be 1873 * 0x000000. 1874 */ 1875 if (!qos->ucast.out.interval) 1876 qos->ucast.out.interval = qos->ucast.in.interval; 1877 1878 /* If input interval is not set use the output interval as it cannot be 1879 * 0x000000. 1880 */ 1881 if (!qos->ucast.in.interval) 1882 qos->ucast.in.interval = qos->ucast.out.interval; 1883 1884 /* If output latency is not set use the input latency as it cannot be 1885 * 0x0000. 1886 */ 1887 if (!qos->ucast.out.latency) 1888 qos->ucast.out.latency = qos->ucast.in.latency; 1889 1890 /* If input latency is not set use the output latency as it cannot be 1891 * 0x0000. 1892 */ 1893 if (!qos->ucast.in.latency) 1894 qos->ucast.in.latency = qos->ucast.out.latency; 1895 1896 if (!hci_le_set_cig_params(cis, qos)) { 1897 hci_conn_drop(cis); 1898 return ERR_PTR(-EINVAL); 1899 } 1900 1901 cis->iso_qos = *qos; 1902 cis->state = BT_BOUND; 1903 1904 return cis; 1905 } 1906 1907 bool hci_iso_setup_path(struct hci_conn *conn) 1908 { 1909 struct hci_dev *hdev = conn->hdev; 1910 struct hci_cp_le_setup_iso_path cmd; 1911 1912 memset(&cmd, 0, sizeof(cmd)); 1913 1914 if (conn->iso_qos.ucast.out.sdu) { 1915 cmd.handle = cpu_to_le16(conn->handle); 1916 cmd.direction = 0x00; /* Input (Host to Controller) */ 1917 cmd.path = 0x00; /* HCI path if enabled */ 1918 cmd.codec = 0x03; /* Transparent Data */ 1919 1920 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), 1921 &cmd) < 0) 1922 return false; 1923 } 1924 1925 if (conn->iso_qos.ucast.in.sdu) { 1926 cmd.handle = cpu_to_le16(conn->handle); 1927 cmd.direction = 0x01; /* Output (Controller to Host) */ 1928 cmd.path = 0x00; /* HCI path if enabled */ 1929 cmd.codec = 0x03; /* Transparent Data */ 1930 1931 if (hci_send_cmd(hdev, HCI_OP_LE_SETUP_ISO_PATH, sizeof(cmd), 1932 &cmd) < 0) 1933 return false; 1934 } 1935 1936 return true; 1937 } 1938 1939 static int hci_create_cis_sync(struct hci_dev *hdev, void *data) 1940 { 1941 return hci_le_create_cis_sync(hdev, data); 1942 } 1943 1944 int hci_le_create_cis(struct hci_conn *conn) 1945 { 1946 struct hci_conn *cis; 1947 struct hci_link *link, *t; 1948 struct hci_dev *hdev = conn->hdev; 1949 int err; 1950 1951 bt_dev_dbg(hdev, "hcon %p", conn); 1952 1953 switch (conn->type) { 1954 case LE_LINK: 1955 if (conn->state != BT_CONNECTED || list_empty(&conn->link_list)) 1956 return -EINVAL; 1957 1958 cis = NULL; 1959 1960 /* hci_conn_link uses list_add_tail_rcu so the list is in 1961 * the same order as the connections are requested. 1962 */ 1963 list_for_each_entry_safe(link, t, &conn->link_list, list) { 1964 if (link->conn->state == BT_BOUND) { 1965 err = hci_le_create_cis(link->conn); 1966 if (err) 1967 return err; 1968 1969 cis = link->conn; 1970 } 1971 } 1972 1973 return cis ? 0 : -EINVAL; 1974 case ISO_LINK: 1975 cis = conn; 1976 break; 1977 default: 1978 return -EINVAL; 1979 } 1980 1981 if (cis->state == BT_CONNECT) 1982 return 0; 1983 1984 /* Queue Create CIS */ 1985 err = hci_cmd_sync_queue(hdev, hci_create_cis_sync, cis, NULL); 1986 if (err) 1987 return err; 1988 1989 cis->state = BT_CONNECT; 1990 1991 return 0; 1992 } 1993 1994 static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, 1995 struct bt_iso_io_qos *qos, __u8 phy) 1996 { 1997 /* Only set MTU if PHY is enabled */ 1998 if (!qos->sdu && qos->phy) { 1999 if (hdev->iso_mtu > 0) 2000 qos->sdu = hdev->iso_mtu; 2001 else if (hdev->le_mtu > 0) 2002 qos->sdu = hdev->le_mtu; 2003 else 2004 qos->sdu = hdev->acl_mtu; 2005 } 2006 2007 /* Use the same PHY as ACL if set to any */ 2008 if (qos->phy == BT_ISO_PHY_ANY) 2009 qos->phy = phy; 2010 2011 /* Use LE ACL connection interval if not set */ 2012 if (!qos->interval) 2013 /* ACL interval unit in 1.25 ms to us */ 2014 qos->interval = conn->le_conn_interval * 1250; 2015 2016 /* Use LE ACL connection latency if not set */ 2017 if (!qos->latency) 2018 qos->latency = conn->le_conn_latency; 2019 } 2020 2021 static void hci_bind_bis(struct hci_conn *conn, 2022 struct bt_iso_qos *qos) 2023 { 2024 /* Update LINK PHYs according to QoS preference */ 2025 conn->le_tx_phy = qos->bcast.out.phy; 2026 conn->le_tx_phy = qos->bcast.out.phy; 2027 conn->iso_qos = *qos; 2028 conn->state = BT_BOUND; 2029 } 2030 2031 static int create_big_sync(struct hci_dev *hdev, void *data) 2032 { 2033 struct hci_conn *conn = data; 2034 struct bt_iso_qos *qos = &conn->iso_qos; 2035 u16 interval, sync_interval = 0; 2036 u32 flags = 0; 2037 int err; 2038 2039 if (qos->bcast.out.phy == 0x02) 2040 flags |= MGMT_ADV_FLAG_SEC_2M; 2041 2042 /* Align intervals */ 2043 interval = qos->bcast.out.interval / 1250; 2044 2045 if (qos->bcast.bis) 2046 sync_interval = qos->bcast.sync_interval * 1600; 2047 2048 err = hci_start_per_adv_sync(hdev, qos->bcast.bis, conn->le_per_adv_data_len, 2049 conn->le_per_adv_data, flags, interval, 2050 interval, sync_interval); 2051 if (err) 2052 return err; 2053 2054 return hci_le_create_big(conn, &conn->iso_qos); 2055 } 2056 2057 static void create_pa_complete(struct hci_dev *hdev, void *data, int err) 2058 { 2059 struct hci_cp_le_pa_create_sync *cp = data; 2060 2061 bt_dev_dbg(hdev, ""); 2062 2063 if (err) 2064 bt_dev_err(hdev, "Unable to create PA: %d", err); 2065 2066 kfree(cp); 2067 } 2068 2069 static int create_pa_sync(struct hci_dev *hdev, void *data) 2070 { 2071 struct hci_cp_le_pa_create_sync *cp = data; 2072 int err; 2073 2074 err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC, 2075 sizeof(*cp), cp, HCI_CMD_TIMEOUT); 2076 if (err) { 2077 hci_dev_clear_flag(hdev, HCI_PA_SYNC); 2078 return err; 2079 } 2080 2081 return hci_update_passive_scan_sync(hdev); 2082 } 2083 2084 int hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, __u8 dst_type, 2085 __u8 sid, struct bt_iso_qos *qos) 2086 { 2087 struct hci_cp_le_pa_create_sync *cp; 2088 2089 if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC)) 2090 return -EBUSY; 2091 2092 cp = kzalloc(sizeof(*cp), GFP_KERNEL); 2093 if (!cp) { 2094 hci_dev_clear_flag(hdev, HCI_PA_SYNC); 2095 return -ENOMEM; 2096 } 2097 2098 cp->options = qos->bcast.options; 2099 cp->sid = sid; 2100 cp->addr_type = dst_type; 2101 bacpy(&cp->addr, dst); 2102 cp->skip = cpu_to_le16(qos->bcast.skip); 2103 cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); 2104 cp->sync_cte_type = qos->bcast.sync_cte_type; 2105 2106 /* Queue start pa_create_sync and scan */ 2107 return hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete); 2108 } 2109 2110 int hci_le_big_create_sync(struct hci_dev *hdev, struct bt_iso_qos *qos, 2111 __u16 sync_handle, __u8 num_bis, __u8 bis[]) 2112 { 2113 struct _packed { 2114 struct hci_cp_le_big_create_sync cp; 2115 __u8 bis[0x11]; 2116 } pdu; 2117 int err; 2118 2119 if (num_bis > sizeof(pdu.bis)) 2120 return -EINVAL; 2121 2122 err = qos_set_big(hdev, qos); 2123 if (err) 2124 return err; 2125 2126 memset(&pdu, 0, sizeof(pdu)); 2127 pdu.cp.handle = qos->bcast.big; 2128 pdu.cp.sync_handle = cpu_to_le16(sync_handle); 2129 pdu.cp.encryption = qos->bcast.encryption; 2130 memcpy(pdu.cp.bcode, qos->bcast.bcode, sizeof(pdu.cp.bcode)); 2131 pdu.cp.mse = qos->bcast.mse; 2132 pdu.cp.timeout = cpu_to_le16(qos->bcast.timeout); 2133 pdu.cp.num_bis = num_bis; 2134 memcpy(pdu.bis, bis, num_bis); 2135 2136 return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC, 2137 sizeof(pdu.cp) + num_bis, &pdu); 2138 } 2139 2140 static void create_big_complete(struct hci_dev *hdev, void *data, int err) 2141 { 2142 struct hci_conn *conn = data; 2143 2144 bt_dev_dbg(hdev, "conn %p", conn); 2145 2146 if (err) { 2147 bt_dev_err(hdev, "Unable to create BIG: %d", err); 2148 hci_connect_cfm(conn, err); 2149 hci_conn_del(conn); 2150 } 2151 } 2152 2153 struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst, 2154 __u8 dst_type, struct bt_iso_qos *qos, 2155 __u8 base_len, __u8 *base) 2156 { 2157 struct hci_conn *conn; 2158 int err; 2159 2160 /* We need hci_conn object using the BDADDR_ANY as dst */ 2161 conn = hci_add_bis(hdev, dst, qos); 2162 if (IS_ERR(conn)) 2163 return conn; 2164 2165 hci_bind_bis(conn, qos); 2166 2167 /* Add Basic Announcement into Peridic Adv Data if BASE is set */ 2168 if (base_len && base) { 2169 base_len = eir_append_service_data(conn->le_per_adv_data, 0, 2170 0x1851, base, base_len); 2171 conn->le_per_adv_data_len = base_len; 2172 } 2173 2174 /* Queue start periodic advertising and create BIG */ 2175 err = hci_cmd_sync_queue(hdev, create_big_sync, conn, 2176 create_big_complete); 2177 if (err < 0) { 2178 hci_conn_drop(conn); 2179 return ERR_PTR(err); 2180 } 2181 2182 hci_iso_qos_setup(hdev, conn, &qos->bcast.out, 2183 conn->le_tx_phy ? conn->le_tx_phy : 2184 hdev->le_tx_def_phys); 2185 2186 return conn; 2187 } 2188 2189 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, 2190 __u8 dst_type, struct bt_iso_qos *qos) 2191 { 2192 struct hci_conn *le; 2193 struct hci_conn *cis; 2194 struct hci_link *link; 2195 2196 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2197 le = hci_connect_le(hdev, dst, dst_type, false, 2198 BT_SECURITY_LOW, 2199 HCI_LE_CONN_TIMEOUT, 2200 HCI_ROLE_SLAVE); 2201 else 2202 le = hci_connect_le_scan(hdev, dst, dst_type, 2203 BT_SECURITY_LOW, 2204 HCI_LE_CONN_TIMEOUT, 2205 CONN_REASON_ISO_CONNECT); 2206 if (IS_ERR(le)) 2207 return le; 2208 2209 hci_iso_qos_setup(hdev, le, &qos->ucast.out, 2210 le->le_tx_phy ? le->le_tx_phy : hdev->le_tx_def_phys); 2211 hci_iso_qos_setup(hdev, le, &qos->ucast.in, 2212 le->le_rx_phy ? le->le_rx_phy : hdev->le_rx_def_phys); 2213 2214 cis = hci_bind_cis(hdev, dst, dst_type, qos); 2215 if (IS_ERR(cis)) { 2216 hci_conn_drop(le); 2217 return cis; 2218 } 2219 2220 link = hci_conn_link(le, cis); 2221 if (!link) { 2222 hci_conn_drop(le); 2223 hci_conn_drop(cis); 2224 return NULL; 2225 } 2226 2227 /* If LE is already connected and CIS handle is already set proceed to 2228 * Create CIS immediately. 2229 */ 2230 if (le->state == BT_CONNECTED && cis->handle != HCI_CONN_HANDLE_UNSET) 2231 hci_le_create_cis(cis); 2232 2233 return cis; 2234 } 2235 2236 /* Check link security requirement */ 2237 int hci_conn_check_link_mode(struct hci_conn *conn) 2238 { 2239 BT_DBG("hcon %p", conn); 2240 2241 /* In Secure Connections Only mode, it is required that Secure 2242 * Connections is used and the link is encrypted with AES-CCM 2243 * using a P-256 authenticated combination key. 2244 */ 2245 if (hci_dev_test_flag(conn->hdev, HCI_SC_ONLY)) { 2246 if (!hci_conn_sc_enabled(conn) || 2247 !test_bit(HCI_CONN_AES_CCM, &conn->flags) || 2248 conn->key_type != HCI_LK_AUTH_COMBINATION_P256) 2249 return 0; 2250 } 2251 2252 /* AES encryption is required for Level 4: 2253 * 2254 * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C 2255 * page 1319: 2256 * 2257 * 128-bit equivalent strength for link and encryption keys 2258 * required using FIPS approved algorithms (E0 not allowed, 2259 * SAFER+ not allowed, and P-192 not allowed; encryption key 2260 * not shortened) 2261 */ 2262 if (conn->sec_level == BT_SECURITY_FIPS && 2263 !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { 2264 bt_dev_err(conn->hdev, 2265 "Invalid security: Missing AES-CCM usage"); 2266 return 0; 2267 } 2268 2269 if (hci_conn_ssp_enabled(conn) && 2270 !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2271 return 0; 2272 2273 return 1; 2274 } 2275 2276 /* Authenticate remote device */ 2277 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 2278 { 2279 BT_DBG("hcon %p", conn); 2280 2281 if (conn->pending_sec_level > sec_level) 2282 sec_level = conn->pending_sec_level; 2283 2284 if (sec_level > conn->sec_level) 2285 conn->pending_sec_level = sec_level; 2286 else if (test_bit(HCI_CONN_AUTH, &conn->flags)) 2287 return 1; 2288 2289 /* Make sure we preserve an existing MITM requirement*/ 2290 auth_type |= (conn->auth_type & 0x01); 2291 2292 conn->auth_type = auth_type; 2293 2294 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 2295 struct hci_cp_auth_requested cp; 2296 2297 cp.handle = cpu_to_le16(conn->handle); 2298 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 2299 sizeof(cp), &cp); 2300 2301 /* If we're already encrypted set the REAUTH_PEND flag, 2302 * otherwise set the ENCRYPT_PEND. 2303 */ 2304 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2305 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 2306 else 2307 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2308 } 2309 2310 return 0; 2311 } 2312 2313 /* Encrypt the link */ 2314 static void hci_conn_encrypt(struct hci_conn *conn) 2315 { 2316 BT_DBG("hcon %p", conn); 2317 2318 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 2319 struct hci_cp_set_conn_encrypt cp; 2320 cp.handle = cpu_to_le16(conn->handle); 2321 cp.encrypt = 0x01; 2322 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 2323 &cp); 2324 } 2325 } 2326 2327 /* Enable security */ 2328 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, 2329 bool initiator) 2330 { 2331 BT_DBG("hcon %p", conn); 2332 2333 if (conn->type == LE_LINK) 2334 return smp_conn_security(conn, sec_level); 2335 2336 /* For sdp we don't need the link key. */ 2337 if (sec_level == BT_SECURITY_SDP) 2338 return 1; 2339 2340 /* For non 2.1 devices and low security level we don't need the link 2341 key. */ 2342 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn)) 2343 return 1; 2344 2345 /* For other security levels we need the link key. */ 2346 if (!test_bit(HCI_CONN_AUTH, &conn->flags)) 2347 goto auth; 2348 2349 /* An authenticated FIPS approved combination key has sufficient 2350 * security for security level 4. */ 2351 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 && 2352 sec_level == BT_SECURITY_FIPS) 2353 goto encrypt; 2354 2355 /* An authenticated combination key has sufficient security for 2356 security level 3. */ 2357 if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 || 2358 conn->key_type == HCI_LK_AUTH_COMBINATION_P256) && 2359 sec_level == BT_SECURITY_HIGH) 2360 goto encrypt; 2361 2362 /* An unauthenticated combination key has sufficient security for 2363 security level 1 and 2. */ 2364 if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 || 2365 conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) && 2366 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW)) 2367 goto encrypt; 2368 2369 /* A combination key has always sufficient security for the security 2370 levels 1 or 2. High security level requires the combination key 2371 is generated using maximum PIN code length (16). 2372 For pre 2.1 units. */ 2373 if (conn->key_type == HCI_LK_COMBINATION && 2374 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW || 2375 conn->pin_length == 16)) 2376 goto encrypt; 2377 2378 auth: 2379 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) 2380 return 0; 2381 2382 if (initiator) 2383 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags); 2384 2385 if (!hci_conn_auth(conn, sec_level, auth_type)) 2386 return 0; 2387 2388 encrypt: 2389 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) { 2390 /* Ensure that the encryption key size has been read, 2391 * otherwise stall the upper layer responses. 2392 */ 2393 if (!conn->enc_key_size) 2394 return 0; 2395 2396 /* Nothing else needed, all requirements are met */ 2397 return 1; 2398 } 2399 2400 hci_conn_encrypt(conn); 2401 return 0; 2402 } 2403 EXPORT_SYMBOL(hci_conn_security); 2404 2405 /* Check secure link requirement */ 2406 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 2407 { 2408 BT_DBG("hcon %p", conn); 2409 2410 /* Accept if non-secure or higher security level is required */ 2411 if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) 2412 return 1; 2413 2414 /* Accept if secure or higher security level is already present */ 2415 if (conn->sec_level == BT_SECURITY_HIGH || 2416 conn->sec_level == BT_SECURITY_FIPS) 2417 return 1; 2418 2419 /* Reject not secure link */ 2420 return 0; 2421 } 2422 EXPORT_SYMBOL(hci_conn_check_secure); 2423 2424 /* Switch role */ 2425 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 2426 { 2427 BT_DBG("hcon %p", conn); 2428 2429 if (role == conn->role) 2430 return 1; 2431 2432 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) { 2433 struct hci_cp_switch_role cp; 2434 bacpy(&cp.bdaddr, &conn->dst); 2435 cp.role = role; 2436 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 2437 } 2438 2439 return 0; 2440 } 2441 EXPORT_SYMBOL(hci_conn_switch_role); 2442 2443 /* Enter active mode */ 2444 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) 2445 { 2446 struct hci_dev *hdev = conn->hdev; 2447 2448 BT_DBG("hcon %p mode %d", conn, conn->mode); 2449 2450 if (conn->mode != HCI_CM_SNIFF) 2451 goto timer; 2452 2453 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active) 2454 goto timer; 2455 2456 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) { 2457 struct hci_cp_exit_sniff_mode cp; 2458 cp.handle = cpu_to_le16(conn->handle); 2459 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 2460 } 2461 2462 timer: 2463 if (hdev->idle_timeout > 0) 2464 queue_delayed_work(hdev->workqueue, &conn->idle_work, 2465 msecs_to_jiffies(hdev->idle_timeout)); 2466 } 2467 2468 /* Drop all connection on the device */ 2469 void hci_conn_hash_flush(struct hci_dev *hdev) 2470 { 2471 struct list_head *head = &hdev->conn_hash.list; 2472 struct hci_conn *conn; 2473 2474 BT_DBG("hdev %s", hdev->name); 2475 2476 /* We should not traverse the list here, because hci_conn_del 2477 * can remove extra links, which may cause the list traversal 2478 * to hit items that have already been released. 2479 */ 2480 while ((conn = list_first_entry_or_null(head, 2481 struct hci_conn, 2482 list)) != NULL) { 2483 conn->state = BT_CLOSED; 2484 hci_disconn_cfm(conn, HCI_ERROR_LOCAL_HOST_TERM); 2485 hci_conn_del(conn); 2486 } 2487 } 2488 2489 /* Check pending connect attempts */ 2490 void hci_conn_check_pending(struct hci_dev *hdev) 2491 { 2492 struct hci_conn *conn; 2493 2494 BT_DBG("hdev %s", hdev->name); 2495 2496 hci_dev_lock(hdev); 2497 2498 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 2499 if (conn) 2500 hci_acl_create_connection(conn); 2501 2502 hci_dev_unlock(hdev); 2503 } 2504 2505 static u32 get_link_mode(struct hci_conn *conn) 2506 { 2507 u32 link_mode = 0; 2508 2509 if (conn->role == HCI_ROLE_MASTER) 2510 link_mode |= HCI_LM_MASTER; 2511 2512 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2513 link_mode |= HCI_LM_ENCRYPT; 2514 2515 if (test_bit(HCI_CONN_AUTH, &conn->flags)) 2516 link_mode |= HCI_LM_AUTH; 2517 2518 if (test_bit(HCI_CONN_SECURE, &conn->flags)) 2519 link_mode |= HCI_LM_SECURE; 2520 2521 if (test_bit(HCI_CONN_FIPS, &conn->flags)) 2522 link_mode |= HCI_LM_FIPS; 2523 2524 return link_mode; 2525 } 2526 2527 int hci_get_conn_list(void __user *arg) 2528 { 2529 struct hci_conn *c; 2530 struct hci_conn_list_req req, *cl; 2531 struct hci_conn_info *ci; 2532 struct hci_dev *hdev; 2533 int n = 0, size, err; 2534 2535 if (copy_from_user(&req, arg, sizeof(req))) 2536 return -EFAULT; 2537 2538 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 2539 return -EINVAL; 2540 2541 size = sizeof(req) + req.conn_num * sizeof(*ci); 2542 2543 cl = kmalloc(size, GFP_KERNEL); 2544 if (!cl) 2545 return -ENOMEM; 2546 2547 hdev = hci_dev_get(req.dev_id); 2548 if (!hdev) { 2549 kfree(cl); 2550 return -ENODEV; 2551 } 2552 2553 ci = cl->conn_info; 2554 2555 hci_dev_lock(hdev); 2556 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2557 bacpy(&(ci + n)->bdaddr, &c->dst); 2558 (ci + n)->handle = c->handle; 2559 (ci + n)->type = c->type; 2560 (ci + n)->out = c->out; 2561 (ci + n)->state = c->state; 2562 (ci + n)->link_mode = get_link_mode(c); 2563 if (++n >= req.conn_num) 2564 break; 2565 } 2566 hci_dev_unlock(hdev); 2567 2568 cl->dev_id = hdev->id; 2569 cl->conn_num = n; 2570 size = sizeof(req) + n * sizeof(*ci); 2571 2572 hci_dev_put(hdev); 2573 2574 err = copy_to_user(arg, cl, size); 2575 kfree(cl); 2576 2577 return err ? -EFAULT : 0; 2578 } 2579 2580 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 2581 { 2582 struct hci_conn_info_req req; 2583 struct hci_conn_info ci; 2584 struct hci_conn *conn; 2585 char __user *ptr = arg + sizeof(req); 2586 2587 if (copy_from_user(&req, arg, sizeof(req))) 2588 return -EFAULT; 2589 2590 hci_dev_lock(hdev); 2591 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 2592 if (conn) { 2593 bacpy(&ci.bdaddr, &conn->dst); 2594 ci.handle = conn->handle; 2595 ci.type = conn->type; 2596 ci.out = conn->out; 2597 ci.state = conn->state; 2598 ci.link_mode = get_link_mode(conn); 2599 } 2600 hci_dev_unlock(hdev); 2601 2602 if (!conn) 2603 return -ENOENT; 2604 2605 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 2606 } 2607 2608 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 2609 { 2610 struct hci_auth_info_req req; 2611 struct hci_conn *conn; 2612 2613 if (copy_from_user(&req, arg, sizeof(req))) 2614 return -EFAULT; 2615 2616 hci_dev_lock(hdev); 2617 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 2618 if (conn) 2619 req.type = conn->auth_type; 2620 hci_dev_unlock(hdev); 2621 2622 if (!conn) 2623 return -ENOENT; 2624 2625 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 2626 } 2627 2628 struct hci_chan *hci_chan_create(struct hci_conn *conn) 2629 { 2630 struct hci_dev *hdev = conn->hdev; 2631 struct hci_chan *chan; 2632 2633 BT_DBG("%s hcon %p", hdev->name, conn); 2634 2635 if (test_bit(HCI_CONN_DROP, &conn->flags)) { 2636 BT_DBG("Refusing to create new hci_chan"); 2637 return NULL; 2638 } 2639 2640 chan = kzalloc(sizeof(*chan), GFP_KERNEL); 2641 if (!chan) 2642 return NULL; 2643 2644 chan->conn = hci_conn_get(conn); 2645 skb_queue_head_init(&chan->data_q); 2646 chan->state = BT_CONNECTED; 2647 2648 list_add_rcu(&chan->list, &conn->chan_list); 2649 2650 return chan; 2651 } 2652 2653 void hci_chan_del(struct hci_chan *chan) 2654 { 2655 struct hci_conn *conn = chan->conn; 2656 struct hci_dev *hdev = conn->hdev; 2657 2658 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan); 2659 2660 list_del_rcu(&chan->list); 2661 2662 synchronize_rcu(); 2663 2664 /* Prevent new hci_chan's to be created for this hci_conn */ 2665 set_bit(HCI_CONN_DROP, &conn->flags); 2666 2667 hci_conn_put(conn); 2668 2669 skb_queue_purge(&chan->data_q); 2670 kfree(chan); 2671 } 2672 2673 void hci_chan_list_flush(struct hci_conn *conn) 2674 { 2675 struct hci_chan *chan, *n; 2676 2677 BT_DBG("hcon %p", conn); 2678 2679 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 2680 hci_chan_del(chan); 2681 } 2682 2683 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, 2684 __u16 handle) 2685 { 2686 struct hci_chan *hchan; 2687 2688 list_for_each_entry(hchan, &hcon->chan_list, list) { 2689 if (hchan->handle == handle) 2690 return hchan; 2691 } 2692 2693 return NULL; 2694 } 2695 2696 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle) 2697 { 2698 struct hci_conn_hash *h = &hdev->conn_hash; 2699 struct hci_conn *hcon; 2700 struct hci_chan *hchan = NULL; 2701 2702 rcu_read_lock(); 2703 2704 list_for_each_entry_rcu(hcon, &h->list, list) { 2705 hchan = __hci_chan_lookup_handle(hcon, handle); 2706 if (hchan) 2707 break; 2708 } 2709 2710 rcu_read_unlock(); 2711 2712 return hchan; 2713 } 2714 2715 u32 hci_conn_get_phy(struct hci_conn *conn) 2716 { 2717 u32 phys = 0; 2718 2719 /* BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 2, Part B page 471: 2720 * Table 6.2: Packets defined for synchronous, asynchronous, and 2721 * CPB logical transport types. 2722 */ 2723 switch (conn->type) { 2724 case SCO_LINK: 2725 /* SCO logical transport (1 Mb/s): 2726 * HV1, HV2, HV3 and DV. 2727 */ 2728 phys |= BT_PHY_BR_1M_1SLOT; 2729 2730 break; 2731 2732 case ACL_LINK: 2733 /* ACL logical transport (1 Mb/s) ptt=0: 2734 * DH1, DM3, DH3, DM5 and DH5. 2735 */ 2736 phys |= BT_PHY_BR_1M_1SLOT; 2737 2738 if (conn->pkt_type & (HCI_DM3 | HCI_DH3)) 2739 phys |= BT_PHY_BR_1M_3SLOT; 2740 2741 if (conn->pkt_type & (HCI_DM5 | HCI_DH5)) 2742 phys |= BT_PHY_BR_1M_5SLOT; 2743 2744 /* ACL logical transport (2 Mb/s) ptt=1: 2745 * 2-DH1, 2-DH3 and 2-DH5. 2746 */ 2747 if (!(conn->pkt_type & HCI_2DH1)) 2748 phys |= BT_PHY_EDR_2M_1SLOT; 2749 2750 if (!(conn->pkt_type & HCI_2DH3)) 2751 phys |= BT_PHY_EDR_2M_3SLOT; 2752 2753 if (!(conn->pkt_type & HCI_2DH5)) 2754 phys |= BT_PHY_EDR_2M_5SLOT; 2755 2756 /* ACL logical transport (3 Mb/s) ptt=1: 2757 * 3-DH1, 3-DH3 and 3-DH5. 2758 */ 2759 if (!(conn->pkt_type & HCI_3DH1)) 2760 phys |= BT_PHY_EDR_3M_1SLOT; 2761 2762 if (!(conn->pkt_type & HCI_3DH3)) 2763 phys |= BT_PHY_EDR_3M_3SLOT; 2764 2765 if (!(conn->pkt_type & HCI_3DH5)) 2766 phys |= BT_PHY_EDR_3M_5SLOT; 2767 2768 break; 2769 2770 case ESCO_LINK: 2771 /* eSCO logical transport (1 Mb/s): EV3, EV4 and EV5 */ 2772 phys |= BT_PHY_BR_1M_1SLOT; 2773 2774 if (!(conn->pkt_type & (ESCO_EV4 | ESCO_EV5))) 2775 phys |= BT_PHY_BR_1M_3SLOT; 2776 2777 /* eSCO logical transport (2 Mb/s): 2-EV3, 2-EV5 */ 2778 if (!(conn->pkt_type & ESCO_2EV3)) 2779 phys |= BT_PHY_EDR_2M_1SLOT; 2780 2781 if (!(conn->pkt_type & ESCO_2EV5)) 2782 phys |= BT_PHY_EDR_2M_3SLOT; 2783 2784 /* eSCO logical transport (3 Mb/s): 3-EV3, 3-EV5 */ 2785 if (!(conn->pkt_type & ESCO_3EV3)) 2786 phys |= BT_PHY_EDR_3M_1SLOT; 2787 2788 if (!(conn->pkt_type & ESCO_3EV5)) 2789 phys |= BT_PHY_EDR_3M_3SLOT; 2790 2791 break; 2792 2793 case LE_LINK: 2794 if (conn->le_tx_phy & HCI_LE_SET_PHY_1M) 2795 phys |= BT_PHY_LE_1M_TX; 2796 2797 if (conn->le_rx_phy & HCI_LE_SET_PHY_1M) 2798 phys |= BT_PHY_LE_1M_RX; 2799 2800 if (conn->le_tx_phy & HCI_LE_SET_PHY_2M) 2801 phys |= BT_PHY_LE_2M_TX; 2802 2803 if (conn->le_rx_phy & HCI_LE_SET_PHY_2M) 2804 phys |= BT_PHY_LE_2M_RX; 2805 2806 if (conn->le_tx_phy & HCI_LE_SET_PHY_CODED) 2807 phys |= BT_PHY_LE_CODED_TX; 2808 2809 if (conn->le_rx_phy & HCI_LE_SET_PHY_CODED) 2810 phys |= BT_PHY_LE_CODED_RX; 2811 2812 break; 2813 } 2814 2815 return phys; 2816 } 2817 2818 int hci_abort_conn(struct hci_conn *conn, u8 reason) 2819 { 2820 int r = 0; 2821 2822 if (test_and_set_bit(HCI_CONN_CANCEL, &conn->flags)) 2823 return 0; 2824 2825 switch (conn->state) { 2826 case BT_CONNECTED: 2827 case BT_CONFIG: 2828 if (conn->type == AMP_LINK) { 2829 struct hci_cp_disconn_phy_link cp; 2830 2831 cp.phy_handle = HCI_PHY_HANDLE(conn->handle); 2832 cp.reason = reason; 2833 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK, 2834 sizeof(cp), &cp); 2835 } else { 2836 struct hci_cp_disconnect dc; 2837 2838 dc.handle = cpu_to_le16(conn->handle); 2839 dc.reason = reason; 2840 r = hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, 2841 sizeof(dc), &dc); 2842 } 2843 2844 conn->state = BT_DISCONN; 2845 2846 break; 2847 case BT_CONNECT: 2848 if (conn->type == LE_LINK) { 2849 if (test_bit(HCI_CONN_SCANNING, &conn->flags)) 2850 break; 2851 r = hci_send_cmd(conn->hdev, 2852 HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL); 2853 } else if (conn->type == ACL_LINK) { 2854 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2) 2855 break; 2856 r = hci_send_cmd(conn->hdev, 2857 HCI_OP_CREATE_CONN_CANCEL, 2858 6, &conn->dst); 2859 } 2860 break; 2861 case BT_CONNECT2: 2862 if (conn->type == ACL_LINK) { 2863 struct hci_cp_reject_conn_req rej; 2864 2865 bacpy(&rej.bdaddr, &conn->dst); 2866 rej.reason = reason; 2867 2868 r = hci_send_cmd(conn->hdev, 2869 HCI_OP_REJECT_CONN_REQ, 2870 sizeof(rej), &rej); 2871 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { 2872 struct hci_cp_reject_sync_conn_req rej; 2873 2874 bacpy(&rej.bdaddr, &conn->dst); 2875 2876 /* SCO rejection has its own limited set of 2877 * allowed error values (0x0D-0x0F) which isn't 2878 * compatible with most values passed to this 2879 * function. To be safe hard-code one of the 2880 * values that's suitable for SCO. 2881 */ 2882 rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES; 2883 2884 r = hci_send_cmd(conn->hdev, 2885 HCI_OP_REJECT_SYNC_CONN_REQ, 2886 sizeof(rej), &rej); 2887 } 2888 break; 2889 default: 2890 conn->state = BT_CLOSED; 2891 break; 2892 } 2893 2894 return r; 2895 } 2896