1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 #ifndef CONFIG_BT_HCI_CORE_DEBUG 49 #undef BT_DBG 50 #define BT_DBG(D...) 51 #endif 52 53 void hci_acl_connect(struct hci_conn *conn) 54 { 55 struct hci_dev *hdev = conn->hdev; 56 struct inquiry_entry *ie; 57 struct hci_cp_create_conn cp; 58 59 BT_DBG("%p", conn); 60 61 conn->state = BT_CONNECT; 62 conn->out = 1; 63 conn->link_mode = HCI_LM_MASTER; 64 65 conn->attempt++; 66 67 memset(&cp, 0, sizeof(cp)); 68 bacpy(&cp.bdaddr, &conn->dst); 69 cp.pscan_rep_mode = 0x02; 70 71 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) && 72 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 73 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 74 cp.pscan_mode = ie->data.pscan_mode; 75 cp.clock_offset = ie->data.clock_offset | cpu_to_le16(0x8000); 76 memcpy(conn->dev_class, ie->data.dev_class, 3); 77 } 78 79 cp.pkt_type = cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK); 80 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 81 cp.role_switch = 0x01; 82 else 83 cp.role_switch = 0x00; 84 85 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp); 86 } 87 88 static void hci_acl_connect_cancel(struct hci_conn *conn) 89 { 90 struct hci_cp_create_conn_cancel cp; 91 92 BT_DBG("%p", conn); 93 94 if (conn->hdev->hci_ver < 2) 95 return; 96 97 bacpy(&cp.bdaddr, &conn->dst); 98 hci_send_cmd(conn->hdev, OGF_LINK_CTL, 99 OCF_CREATE_CONN_CANCEL, sizeof(cp), &cp); 100 } 101 102 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 103 { 104 struct hci_cp_disconnect cp; 105 106 BT_DBG("%p", conn); 107 108 conn->state = BT_DISCONN; 109 110 cp.handle = cpu_to_le16(conn->handle); 111 cp.reason = reason; 112 hci_send_cmd(conn->hdev, OGF_LINK_CTL, 113 OCF_DISCONNECT, sizeof(cp), &cp); 114 } 115 116 void hci_add_sco(struct hci_conn *conn, __u16 handle) 117 { 118 struct hci_dev *hdev = conn->hdev; 119 struct hci_cp_add_sco cp; 120 121 BT_DBG("%p", conn); 122 123 conn->state = BT_CONNECT; 124 conn->out = 1; 125 126 cp.handle = cpu_to_le16(handle); 127 cp.pkt_type = cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 128 129 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp); 130 } 131 132 static void hci_conn_timeout(unsigned long arg) 133 { 134 struct hci_conn *conn = (void *) arg; 135 struct hci_dev *hdev = conn->hdev; 136 137 BT_DBG("conn %p state %d", conn, conn->state); 138 139 if (atomic_read(&conn->refcnt)) 140 return; 141 142 hci_dev_lock(hdev); 143 144 switch (conn->state) { 145 case BT_CONNECT: 146 hci_acl_connect_cancel(conn); 147 break; 148 case BT_CONNECTED: 149 hci_acl_disconn(conn, 0x13); 150 break; 151 default: 152 conn->state = BT_CLOSED; 153 break; 154 } 155 156 hci_dev_unlock(hdev); 157 } 158 159 static void hci_conn_idle(unsigned long arg) 160 { 161 struct hci_conn *conn = (void *) arg; 162 163 BT_DBG("conn %p mode %d", conn, conn->mode); 164 165 hci_conn_enter_sniff_mode(conn); 166 } 167 168 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 169 { 170 struct hci_conn *conn; 171 172 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 173 174 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 175 if (!conn) 176 return NULL; 177 178 bacpy(&conn->dst, dst); 179 conn->hdev = hdev; 180 conn->type = type; 181 conn->mode = HCI_CM_ACTIVE; 182 conn->state = BT_OPEN; 183 184 conn->power_save = 1; 185 186 skb_queue_head_init(&conn->data_q); 187 188 init_timer(&conn->disc_timer); 189 conn->disc_timer.function = hci_conn_timeout; 190 conn->disc_timer.data = (unsigned long) conn; 191 192 init_timer(&conn->idle_timer); 193 conn->idle_timer.function = hci_conn_idle; 194 conn->idle_timer.data = (unsigned long) conn; 195 196 atomic_set(&conn->refcnt, 0); 197 198 hci_dev_hold(hdev); 199 200 tasklet_disable(&hdev->tx_task); 201 202 hci_conn_hash_add(hdev, conn); 203 if (hdev->notify) 204 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 205 206 hci_conn_add_sysfs(conn); 207 208 tasklet_enable(&hdev->tx_task); 209 210 return conn; 211 } 212 213 int hci_conn_del(struct hci_conn *conn) 214 { 215 struct hci_dev *hdev = conn->hdev; 216 217 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 218 219 del_timer(&conn->idle_timer); 220 221 del_timer(&conn->disc_timer); 222 223 if (conn->type == ACL_LINK) { 224 struct hci_conn *sco = conn->link; 225 if (sco) 226 sco->link = NULL; 227 228 /* Unacked frames */ 229 hdev->acl_cnt += conn->sent; 230 } else { 231 struct hci_conn *acl = conn->link; 232 if (acl) { 233 acl->link = NULL; 234 hci_conn_put(acl); 235 } 236 } 237 238 tasklet_disable(&hdev->tx_task); 239 240 hci_conn_del_sysfs(conn); 241 242 hci_conn_hash_del(hdev, conn); 243 if (hdev->notify) 244 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 245 246 tasklet_enable(&hdev->tx_task); 247 248 skb_queue_purge(&conn->data_q); 249 250 hci_dev_put(hdev); 251 252 /* will free via device release */ 253 put_device(&conn->dev); 254 255 return 0; 256 } 257 258 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 259 { 260 int use_src = bacmp(src, BDADDR_ANY); 261 struct hci_dev *hdev = NULL; 262 struct list_head *p; 263 264 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 265 266 read_lock_bh(&hci_dev_list_lock); 267 268 list_for_each(p, &hci_dev_list) { 269 struct hci_dev *d = list_entry(p, struct hci_dev, list); 270 271 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 272 continue; 273 274 /* Simple routing: 275 * No source address - find interface with bdaddr != dst 276 * Source address - find interface with bdaddr == src 277 */ 278 279 if (use_src) { 280 if (!bacmp(&d->bdaddr, src)) { 281 hdev = d; break; 282 } 283 } else { 284 if (bacmp(&d->bdaddr, dst)) { 285 hdev = d; break; 286 } 287 } 288 } 289 290 if (hdev) 291 hdev = hci_dev_hold(hdev); 292 293 read_unlock_bh(&hci_dev_list_lock); 294 return hdev; 295 } 296 EXPORT_SYMBOL(hci_get_route); 297 298 /* Create SCO or ACL connection. 299 * Device _must_ be locked */ 300 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) 301 { 302 struct hci_conn *acl; 303 struct hci_conn *sco; 304 305 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 306 307 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 308 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 309 return NULL; 310 } 311 312 hci_conn_hold(acl); 313 314 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) 315 hci_acl_connect(acl); 316 317 if (type == ACL_LINK) 318 return acl; 319 320 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { 321 if (!(sco = hci_conn_add(hdev, type, dst))) { 322 hci_conn_put(acl); 323 return NULL; 324 } 325 } 326 327 acl->link = sco; 328 sco->link = acl; 329 330 hci_conn_hold(sco); 331 332 if (acl->state == BT_CONNECTED && 333 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) 334 hci_add_sco(sco, acl->handle); 335 336 return sco; 337 } 338 EXPORT_SYMBOL(hci_connect); 339 340 /* Authenticate remote device */ 341 int hci_conn_auth(struct hci_conn *conn) 342 { 343 BT_DBG("conn %p", conn); 344 345 if (conn->link_mode & HCI_LM_AUTH) 346 return 1; 347 348 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 349 struct hci_cp_auth_requested cp; 350 cp.handle = cpu_to_le16(conn->handle); 351 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp); 352 } 353 return 0; 354 } 355 EXPORT_SYMBOL(hci_conn_auth); 356 357 /* Enable encryption */ 358 int hci_conn_encrypt(struct hci_conn *conn) 359 { 360 BT_DBG("conn %p", conn); 361 362 if (conn->link_mode & HCI_LM_ENCRYPT) 363 return 1; 364 365 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 366 return 0; 367 368 if (hci_conn_auth(conn)) { 369 struct hci_cp_set_conn_encrypt cp; 370 cp.handle = cpu_to_le16(conn->handle); 371 cp.encrypt = 1; 372 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp); 373 } 374 return 0; 375 } 376 EXPORT_SYMBOL(hci_conn_encrypt); 377 378 /* Change link key */ 379 int hci_conn_change_link_key(struct hci_conn *conn) 380 { 381 BT_DBG("conn %p", conn); 382 383 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 384 struct hci_cp_change_conn_link_key cp; 385 cp.handle = cpu_to_le16(conn->handle); 386 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp); 387 } 388 return 0; 389 } 390 EXPORT_SYMBOL(hci_conn_change_link_key); 391 392 /* Switch role */ 393 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role) 394 { 395 BT_DBG("conn %p", conn); 396 397 if (!role && conn->link_mode & HCI_LM_MASTER) 398 return 1; 399 400 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 401 struct hci_cp_switch_role cp; 402 bacpy(&cp.bdaddr, &conn->dst); 403 cp.role = role; 404 hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp); 405 } 406 return 0; 407 } 408 EXPORT_SYMBOL(hci_conn_switch_role); 409 410 /* Enter active mode */ 411 void hci_conn_enter_active_mode(struct hci_conn *conn) 412 { 413 struct hci_dev *hdev = conn->hdev; 414 415 BT_DBG("conn %p mode %d", conn, conn->mode); 416 417 if (test_bit(HCI_RAW, &hdev->flags)) 418 return; 419 420 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 421 goto timer; 422 423 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 424 struct hci_cp_exit_sniff_mode cp; 425 cp.handle = cpu_to_le16(conn->handle); 426 hci_send_cmd(hdev, OGF_LINK_POLICY, 427 OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp); 428 } 429 430 timer: 431 if (hdev->idle_timeout > 0) 432 mod_timer(&conn->idle_timer, 433 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 434 } 435 436 /* Enter sniff mode */ 437 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 438 { 439 struct hci_dev *hdev = conn->hdev; 440 441 BT_DBG("conn %p mode %d", conn, conn->mode); 442 443 if (test_bit(HCI_RAW, &hdev->flags)) 444 return; 445 446 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 447 return; 448 449 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 450 return; 451 452 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 453 struct hci_cp_sniff_subrate cp; 454 cp.handle = cpu_to_le16(conn->handle); 455 cp.max_latency = cpu_to_le16(0); 456 cp.min_remote_timeout = cpu_to_le16(0); 457 cp.min_local_timeout = cpu_to_le16(0); 458 hci_send_cmd(hdev, OGF_LINK_POLICY, 459 OCF_SNIFF_SUBRATE, sizeof(cp), &cp); 460 } 461 462 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 463 struct hci_cp_sniff_mode cp; 464 cp.handle = cpu_to_le16(conn->handle); 465 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 466 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 467 cp.attempt = cpu_to_le16(4); 468 cp.timeout = cpu_to_le16(1); 469 hci_send_cmd(hdev, OGF_LINK_POLICY, 470 OCF_SNIFF_MODE, sizeof(cp), &cp); 471 } 472 } 473 474 /* Drop all connection on the device */ 475 void hci_conn_hash_flush(struct hci_dev *hdev) 476 { 477 struct hci_conn_hash *h = &hdev->conn_hash; 478 struct list_head *p; 479 480 BT_DBG("hdev %s", hdev->name); 481 482 p = h->list.next; 483 while (p != &h->list) { 484 struct hci_conn *c; 485 486 c = list_entry(p, struct hci_conn, list); 487 p = p->next; 488 489 c->state = BT_CLOSED; 490 491 hci_proto_disconn_ind(c, 0x16); 492 hci_conn_del(c); 493 } 494 } 495 496 int hci_get_conn_list(void __user *arg) 497 { 498 struct hci_conn_list_req req, *cl; 499 struct hci_conn_info *ci; 500 struct hci_dev *hdev; 501 struct list_head *p; 502 int n = 0, size, err; 503 504 if (copy_from_user(&req, arg, sizeof(req))) 505 return -EFAULT; 506 507 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 508 return -EINVAL; 509 510 size = sizeof(req) + req.conn_num * sizeof(*ci); 511 512 if (!(cl = kmalloc(size, GFP_KERNEL))) 513 return -ENOMEM; 514 515 if (!(hdev = hci_dev_get(req.dev_id))) { 516 kfree(cl); 517 return -ENODEV; 518 } 519 520 ci = cl->conn_info; 521 522 hci_dev_lock_bh(hdev); 523 list_for_each(p, &hdev->conn_hash.list) { 524 register struct hci_conn *c; 525 c = list_entry(p, struct hci_conn, list); 526 527 bacpy(&(ci + n)->bdaddr, &c->dst); 528 (ci + n)->handle = c->handle; 529 (ci + n)->type = c->type; 530 (ci + n)->out = c->out; 531 (ci + n)->state = c->state; 532 (ci + n)->link_mode = c->link_mode; 533 if (++n >= req.conn_num) 534 break; 535 } 536 hci_dev_unlock_bh(hdev); 537 538 cl->dev_id = hdev->id; 539 cl->conn_num = n; 540 size = sizeof(req) + n * sizeof(*ci); 541 542 hci_dev_put(hdev); 543 544 err = copy_to_user(arg, cl, size); 545 kfree(cl); 546 547 return err ? -EFAULT : 0; 548 } 549 550 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 551 { 552 struct hci_conn_info_req req; 553 struct hci_conn_info ci; 554 struct hci_conn *conn; 555 char __user *ptr = arg + sizeof(req); 556 557 if (copy_from_user(&req, arg, sizeof(req))) 558 return -EFAULT; 559 560 hci_dev_lock_bh(hdev); 561 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 562 if (conn) { 563 bacpy(&ci.bdaddr, &conn->dst); 564 ci.handle = conn->handle; 565 ci.type = conn->type; 566 ci.out = conn->out; 567 ci.state = conn->state; 568 ci.link_mode = conn->link_mode; 569 } 570 hci_dev_unlock_bh(hdev); 571 572 if (!conn) 573 return -ENOENT; 574 575 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 576 } 577