hci_conn.c revision 40be492fe4fab829951681860c2bb26fa1d5fe4a
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI connection handling. */ 26 27#include <linux/module.h> 28 29#include <linux/types.h> 30#include <linux/errno.h> 31#include <linux/kernel.h> 32#include <linux/slab.h> 33#include <linux/poll.h> 34#include <linux/fcntl.h> 35#include <linux/init.h> 36#include <linux/skbuff.h> 37#include <linux/interrupt.h> 38#include <linux/notifier.h> 39#include <net/sock.h> 40 41#include <asm/system.h> 42#include <asm/uaccess.h> 43#include <asm/unaligned.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47 48#ifndef CONFIG_BT_HCI_CORE_DEBUG 49#undef BT_DBG 50#define BT_DBG(D...) 51#endif 52 53void hci_acl_connect(struct hci_conn *conn) 54{ 55 struct hci_dev *hdev = conn->hdev; 56 struct inquiry_entry *ie; 57 struct hci_cp_create_conn cp; 58 59 BT_DBG("%p", conn); 60 61 conn->state = BT_CONNECT; 62 conn->out = 1; 63 64 conn->link_mode = HCI_LM_MASTER; 65 66 conn->attempt++; 67 68 conn->link_policy = hdev->link_policy; 69 70 memset(&cp, 0, sizeof(cp)); 71 bacpy(&cp.bdaddr, &conn->dst); 72 cp.pscan_rep_mode = 0x02; 73 74 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 75 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 76 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 77 cp.pscan_mode = ie->data.pscan_mode; 78 cp.clock_offset = ie->data.clock_offset | 79 cpu_to_le16(0x8000); 80 } 81 82 memcpy(conn->dev_class, ie->data.dev_class, 3); 83 conn->ssp_mode = ie->data.ssp_mode; 84 } 85 86 cp.pkt_type = cpu_to_le16(conn->pkt_type); 87 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 88 cp.role_switch = 0x01; 89 else 90 cp.role_switch = 0x00; 91 92 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 93} 94 95static void hci_acl_connect_cancel(struct hci_conn *conn) 96{ 97 struct hci_cp_create_conn_cancel cp; 98 99 BT_DBG("%p", conn); 100 101 if (conn->hdev->hci_ver < 2) 102 return; 103 104 bacpy(&cp.bdaddr, &conn->dst); 105 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 106} 107 108void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 109{ 110 struct hci_cp_disconnect cp; 111 112 BT_DBG("%p", conn); 113 114 conn->state = BT_DISCONN; 115 116 cp.handle = cpu_to_le16(conn->handle); 117 cp.reason = reason; 118 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 119} 120 121void hci_add_sco(struct hci_conn *conn, __u16 handle) 122{ 123 struct hci_dev *hdev = conn->hdev; 124 struct hci_cp_add_sco cp; 125 126 BT_DBG("%p", conn); 127 128 conn->state = BT_CONNECT; 129 conn->out = 1; 130 131 cp.handle = cpu_to_le16(handle); 132 cp.pkt_type = cpu_to_le16(conn->pkt_type); 133 134 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 135} 136 137void hci_setup_sync(struct hci_conn *conn, __u16 handle) 138{ 139 struct hci_dev *hdev = conn->hdev; 140 struct hci_cp_setup_sync_conn cp; 141 142 BT_DBG("%p", conn); 143 144 conn->state = BT_CONNECT; 145 conn->out = 1; 146 147 cp.handle = cpu_to_le16(handle); 148 cp.pkt_type = cpu_to_le16(conn->pkt_type); 149 150 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 151 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 152 cp.max_latency = cpu_to_le16(0xffff); 153 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 154 cp.retrans_effort = 0xff; 155 156 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 157} 158 159static void hci_conn_timeout(unsigned long arg) 160{ 161 struct hci_conn *conn = (void *) arg; 162 struct hci_dev *hdev = conn->hdev; 163 164 BT_DBG("conn %p state %d", conn, conn->state); 165 166 if (atomic_read(&conn->refcnt)) 167 return; 168 169 hci_dev_lock(hdev); 170 171 switch (conn->state) { 172 case BT_CONNECT: 173 case BT_CONNECT2: 174 if (conn->type == ACL_LINK) 175 hci_acl_connect_cancel(conn); 176 else 177 hci_acl_disconn(conn, 0x13); 178 break; 179 case BT_CONFIG: 180 case BT_CONNECTED: 181 hci_acl_disconn(conn, 0x13); 182 break; 183 default: 184 conn->state = BT_CLOSED; 185 break; 186 } 187 188 hci_dev_unlock(hdev); 189} 190 191static void hci_conn_idle(unsigned long arg) 192{ 193 struct hci_conn *conn = (void *) arg; 194 195 BT_DBG("conn %p mode %d", conn, conn->mode); 196 197 hci_conn_enter_sniff_mode(conn); 198} 199 200struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 201{ 202 struct hci_conn *conn; 203 204 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 205 206 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 207 if (!conn) 208 return NULL; 209 210 bacpy(&conn->dst, dst); 211 conn->hdev = hdev; 212 conn->type = type; 213 conn->mode = HCI_CM_ACTIVE; 214 conn->state = BT_OPEN; 215 216 conn->power_save = 1; 217 218 switch (type) { 219 case ACL_LINK: 220 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 221 break; 222 case SCO_LINK: 223 if (lmp_esco_capable(hdev)) 224 conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK; 225 else 226 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 227 break; 228 case ESCO_LINK: 229 conn->pkt_type = hdev->esco_type; 230 break; 231 } 232 233 skb_queue_head_init(&conn->data_q); 234 235 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 236 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 237 238 atomic_set(&conn->refcnt, 0); 239 240 hci_dev_hold(hdev); 241 242 tasklet_disable(&hdev->tx_task); 243 244 hci_conn_hash_add(hdev, conn); 245 if (hdev->notify) 246 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 247 248 hci_conn_add_sysfs(conn); 249 250 tasklet_enable(&hdev->tx_task); 251 252 return conn; 253} 254 255int hci_conn_del(struct hci_conn *conn) 256{ 257 struct hci_dev *hdev = conn->hdev; 258 259 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 260 261 del_timer(&conn->idle_timer); 262 263 del_timer(&conn->disc_timer); 264 265 if (conn->type == ACL_LINK) { 266 struct hci_conn *sco = conn->link; 267 if (sco) 268 sco->link = NULL; 269 270 /* Unacked frames */ 271 hdev->acl_cnt += conn->sent; 272 } else { 273 struct hci_conn *acl = conn->link; 274 if (acl) { 275 acl->link = NULL; 276 hci_conn_put(acl); 277 } 278 } 279 280 tasklet_disable(&hdev->tx_task); 281 hci_conn_hash_del(hdev, conn); 282 if (hdev->notify) 283 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 284 tasklet_enable(&hdev->tx_task); 285 skb_queue_purge(&conn->data_q); 286 hci_conn_del_sysfs(conn); 287 288 return 0; 289} 290 291struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 292{ 293 int use_src = bacmp(src, BDADDR_ANY); 294 struct hci_dev *hdev = NULL; 295 struct list_head *p; 296 297 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 298 299 read_lock_bh(&hci_dev_list_lock); 300 301 list_for_each(p, &hci_dev_list) { 302 struct hci_dev *d = list_entry(p, struct hci_dev, list); 303 304 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 305 continue; 306 307 /* Simple routing: 308 * No source address - find interface with bdaddr != dst 309 * Source address - find interface with bdaddr == src 310 */ 311 312 if (use_src) { 313 if (!bacmp(&d->bdaddr, src)) { 314 hdev = d; break; 315 } 316 } else { 317 if (bacmp(&d->bdaddr, dst)) { 318 hdev = d; break; 319 } 320 } 321 } 322 323 if (hdev) 324 hdev = hci_dev_hold(hdev); 325 326 read_unlock_bh(&hci_dev_list_lock); 327 return hdev; 328} 329EXPORT_SYMBOL(hci_get_route); 330 331/* Create SCO or ACL connection. 332 * Device _must_ be locked */ 333struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) 334{ 335 struct hci_conn *acl; 336 struct hci_conn *sco; 337 338 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 339 340 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 341 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 342 return NULL; 343 } 344 345 hci_conn_hold(acl); 346 347 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) 348 hci_acl_connect(acl); 349 350 if (type == ACL_LINK) 351 return acl; 352 353 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { 354 if (!(sco = hci_conn_add(hdev, type, dst))) { 355 hci_conn_put(acl); 356 return NULL; 357 } 358 } 359 360 acl->link = sco; 361 sco->link = acl; 362 363 hci_conn_hold(sco); 364 365 if (acl->state == BT_CONNECTED && 366 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 367 if (lmp_esco_capable(hdev)) 368 hci_setup_sync(sco, acl->handle); 369 else 370 hci_add_sco(sco, acl->handle); 371 } 372 373 return sco; 374} 375EXPORT_SYMBOL(hci_connect); 376 377/* Authenticate remote device */ 378int hci_conn_auth(struct hci_conn *conn) 379{ 380 BT_DBG("conn %p", conn); 381 382 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) { 383 if (!(conn->auth_type & 0x01)) { 384 conn->auth_type = HCI_AT_GENERAL_BONDING_MITM; 385 conn->link_mode &= ~HCI_LM_AUTH; 386 } 387 } 388 389 if (conn->link_mode & HCI_LM_AUTH) 390 return 1; 391 392 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 393 struct hci_cp_auth_requested cp; 394 cp.handle = cpu_to_le16(conn->handle); 395 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 396 sizeof(cp), &cp); 397 } 398 return 0; 399} 400EXPORT_SYMBOL(hci_conn_auth); 401 402/* Enable encryption */ 403int hci_conn_encrypt(struct hci_conn *conn) 404{ 405 BT_DBG("conn %p", conn); 406 407 if (conn->link_mode & HCI_LM_ENCRYPT) 408 return hci_conn_auth(conn); 409 410 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 411 return 0; 412 413 if (hci_conn_auth(conn)) { 414 struct hci_cp_set_conn_encrypt cp; 415 cp.handle = cpu_to_le16(conn->handle); 416 cp.encrypt = 1; 417 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, 418 sizeof(cp), &cp); 419 } 420 return 0; 421} 422EXPORT_SYMBOL(hci_conn_encrypt); 423 424/* Change link key */ 425int hci_conn_change_link_key(struct hci_conn *conn) 426{ 427 BT_DBG("conn %p", conn); 428 429 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 430 struct hci_cp_change_conn_link_key cp; 431 cp.handle = cpu_to_le16(conn->handle); 432 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 433 sizeof(cp), &cp); 434 } 435 return 0; 436} 437EXPORT_SYMBOL(hci_conn_change_link_key); 438 439/* Switch role */ 440int hci_conn_switch_role(struct hci_conn *conn, uint8_t role) 441{ 442 BT_DBG("conn %p", conn); 443 444 if (!role && conn->link_mode & HCI_LM_MASTER) 445 return 1; 446 447 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 448 struct hci_cp_switch_role cp; 449 bacpy(&cp.bdaddr, &conn->dst); 450 cp.role = role; 451 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 452 } 453 return 0; 454} 455EXPORT_SYMBOL(hci_conn_switch_role); 456 457/* Enter active mode */ 458void hci_conn_enter_active_mode(struct hci_conn *conn) 459{ 460 struct hci_dev *hdev = conn->hdev; 461 462 BT_DBG("conn %p mode %d", conn, conn->mode); 463 464 if (test_bit(HCI_RAW, &hdev->flags)) 465 return; 466 467 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 468 goto timer; 469 470 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 471 struct hci_cp_exit_sniff_mode cp; 472 cp.handle = cpu_to_le16(conn->handle); 473 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 474 } 475 476timer: 477 if (hdev->idle_timeout > 0) 478 mod_timer(&conn->idle_timer, 479 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 480} 481 482/* Enter sniff mode */ 483void hci_conn_enter_sniff_mode(struct hci_conn *conn) 484{ 485 struct hci_dev *hdev = conn->hdev; 486 487 BT_DBG("conn %p mode %d", conn, conn->mode); 488 489 if (test_bit(HCI_RAW, &hdev->flags)) 490 return; 491 492 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 493 return; 494 495 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 496 return; 497 498 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 499 struct hci_cp_sniff_subrate cp; 500 cp.handle = cpu_to_le16(conn->handle); 501 cp.max_latency = cpu_to_le16(0); 502 cp.min_remote_timeout = cpu_to_le16(0); 503 cp.min_local_timeout = cpu_to_le16(0); 504 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 505 } 506 507 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 508 struct hci_cp_sniff_mode cp; 509 cp.handle = cpu_to_le16(conn->handle); 510 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 511 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 512 cp.attempt = cpu_to_le16(4); 513 cp.timeout = cpu_to_le16(1); 514 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 515 } 516} 517 518/* Drop all connection on the device */ 519void hci_conn_hash_flush(struct hci_dev *hdev) 520{ 521 struct hci_conn_hash *h = &hdev->conn_hash; 522 struct list_head *p; 523 524 BT_DBG("hdev %s", hdev->name); 525 526 p = h->list.next; 527 while (p != &h->list) { 528 struct hci_conn *c; 529 530 c = list_entry(p, struct hci_conn, list); 531 p = p->next; 532 533 c->state = BT_CLOSED; 534 535 hci_proto_disconn_ind(c, 0x16); 536 hci_conn_del(c); 537 } 538} 539 540/* Check pending connect attempts */ 541void hci_conn_check_pending(struct hci_dev *hdev) 542{ 543 struct hci_conn *conn; 544 545 BT_DBG("hdev %s", hdev->name); 546 547 hci_dev_lock(hdev); 548 549 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 550 if (conn) 551 hci_acl_connect(conn); 552 553 hci_dev_unlock(hdev); 554} 555 556int hci_get_conn_list(void __user *arg) 557{ 558 struct hci_conn_list_req req, *cl; 559 struct hci_conn_info *ci; 560 struct hci_dev *hdev; 561 struct list_head *p; 562 int n = 0, size, err; 563 564 if (copy_from_user(&req, arg, sizeof(req))) 565 return -EFAULT; 566 567 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 568 return -EINVAL; 569 570 size = sizeof(req) + req.conn_num * sizeof(*ci); 571 572 if (!(cl = kmalloc(size, GFP_KERNEL))) 573 return -ENOMEM; 574 575 if (!(hdev = hci_dev_get(req.dev_id))) { 576 kfree(cl); 577 return -ENODEV; 578 } 579 580 ci = cl->conn_info; 581 582 hci_dev_lock_bh(hdev); 583 list_for_each(p, &hdev->conn_hash.list) { 584 register struct hci_conn *c; 585 c = list_entry(p, struct hci_conn, list); 586 587 bacpy(&(ci + n)->bdaddr, &c->dst); 588 (ci + n)->handle = c->handle; 589 (ci + n)->type = c->type; 590 (ci + n)->out = c->out; 591 (ci + n)->state = c->state; 592 (ci + n)->link_mode = c->link_mode; 593 if (++n >= req.conn_num) 594 break; 595 } 596 hci_dev_unlock_bh(hdev); 597 598 cl->dev_id = hdev->id; 599 cl->conn_num = n; 600 size = sizeof(req) + n * sizeof(*ci); 601 602 hci_dev_put(hdev); 603 604 err = copy_to_user(arg, cl, size); 605 kfree(cl); 606 607 return err ? -EFAULT : 0; 608} 609 610int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 611{ 612 struct hci_conn_info_req req; 613 struct hci_conn_info ci; 614 struct hci_conn *conn; 615 char __user *ptr = arg + sizeof(req); 616 617 if (copy_from_user(&req, arg, sizeof(req))) 618 return -EFAULT; 619 620 hci_dev_lock_bh(hdev); 621 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 622 if (conn) { 623 bacpy(&ci.bdaddr, &conn->dst); 624 ci.handle = conn->handle; 625 ci.type = conn->type; 626 ci.out = conn->out; 627 ci.state = conn->state; 628 ci.link_mode = conn->link_mode; 629 } 630 hci_dev_unlock_bh(hdev); 631 632 if (!conn) 633 return -ENOENT; 634 635 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 636} 637 638int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 639{ 640 struct hci_auth_info_req req; 641 struct hci_conn *conn; 642 643 if (copy_from_user(&req, arg, sizeof(req))) 644 return -EFAULT; 645 646 hci_dev_lock_bh(hdev); 647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 648 if (conn) 649 req.type = conn->auth_type; 650 hci_dev_unlock_bh(hdev); 651 652 if (!conn) 653 return -ENOENT; 654 655 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 656} 657