33c4e0cd83b1b5387dfb4824f64b34b704e4ea67
[linux-2.6.git] / net / bluetooth / hci_conn.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 static void hci_le_connect(struct hci_conn *conn)
49 {
50         struct hci_dev *hdev = conn->hdev;
51         struct hci_cp_le_create_conn cp;
52
53         conn->state = BT_CONNECT;
54         conn->out = 1;
55         conn->link_mode |= HCI_LM_MASTER;
56         conn->sec_level = BT_SECURITY_LOW;
57
58         memset(&cp, 0, sizeof(cp));
59         cp.scan_interval = cpu_to_le16(0x0004);
60         cp.scan_window = cpu_to_le16(0x0004);
61         bacpy(&cp.peer_addr, &conn->dst);
62         cp.peer_addr_type = conn->dst_type;
63         cp.conn_interval_min = cpu_to_le16(0x0008);
64         cp.conn_interval_max = cpu_to_le16(0x0100);
65         cp.supervision_timeout = cpu_to_le16(0x0064);
66         cp.min_ce_len = cpu_to_le16(0x0001);
67         cp.max_ce_len = cpu_to_le16(0x0001);
68
69         hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
70 }
71
72 static void hci_le_connect_cancel(struct hci_conn *conn)
73 {
74         hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
75 }
76
77 void hci_acl_connect(struct hci_conn *conn)
78 {
79         struct hci_dev *hdev = conn->hdev;
80         struct inquiry_entry *ie;
81         struct hci_cp_create_conn cp;
82
83         BT_DBG("%p", conn);
84
85         conn->state = BT_CONNECT;
86         conn->out = 1;
87
88         conn->link_mode = HCI_LM_MASTER;
89
90         conn->attempt++;
91
92         conn->link_policy = hdev->link_policy;
93
94         memset(&cp, 0, sizeof(cp));
95         bacpy(&cp.bdaddr, &conn->dst);
96         cp.pscan_rep_mode = 0x02;
97
98         ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
99         if (ie) {
100                 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
101                         cp.pscan_rep_mode = ie->data.pscan_rep_mode;
102                         cp.pscan_mode     = ie->data.pscan_mode;
103                         cp.clock_offset   = ie->data.clock_offset |
104                                                         cpu_to_le16(0x8000);
105                 }
106
107                 memcpy(conn->dev_class, ie->data.dev_class, 3);
108                 conn->ssp_mode = ie->data.ssp_mode;
109         }
110
111         cp.pkt_type = cpu_to_le16(conn->pkt_type);
112         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
113                 cp.role_switch = 0x01;
114         else
115                 cp.role_switch = 0x00;
116
117         hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
118 }
119
120 static void hci_acl_connect_cancel(struct hci_conn *conn)
121 {
122         struct hci_cp_create_conn_cancel cp;
123
124         BT_DBG("%p", conn);
125
126         if (conn->hdev->hci_ver < 2)
127                 return;
128
129         bacpy(&cp.bdaddr, &conn->dst);
130         hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
131 }
132
133 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134 {
135         struct hci_cp_disconnect cp;
136
137         BT_DBG("%p", conn);
138
139         conn->state = BT_DISCONN;
140
141         cp.handle = cpu_to_le16(conn->handle);
142         cp.reason = reason;
143         hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
144 }
145
146 void hci_add_sco(struct hci_conn *conn, __u16 handle)
147 {
148         struct hci_dev *hdev = conn->hdev;
149         struct hci_cp_add_sco cp;
150
151         BT_DBG("%p", conn);
152
153         conn->state = BT_CONNECT;
154         conn->out = 1;
155
156         conn->attempt++;
157
158         cp.handle   = cpu_to_le16(handle);
159         cp.pkt_type = cpu_to_le16(conn->pkt_type);
160
161         hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
162 }
163
164 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165 {
166         struct hci_dev *hdev = conn->hdev;
167         struct hci_cp_setup_sync_conn cp;
168
169         BT_DBG("%p", conn);
170
171         conn->state = BT_CONNECT;
172         conn->out = 1;
173
174         conn->attempt++;
175
176         cp.handle   = cpu_to_le16(handle);
177         cp.pkt_type = cpu_to_le16(conn->pkt_type);
178
179         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
180         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
181         cp.max_latency    = cpu_to_le16(0xffff);
182         cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
183         cp.retrans_effort = 0xff;
184
185         hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
186 }
187
188 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189                                         u16 latency, u16 to_multiplier)
190 {
191         struct hci_cp_le_conn_update cp;
192         struct hci_dev *hdev = conn->hdev;
193
194         memset(&cp, 0, sizeof(cp));
195
196         cp.handle               = cpu_to_le16(conn->handle);
197         cp.conn_interval_min    = cpu_to_le16(min);
198         cp.conn_interval_max    = cpu_to_le16(max);
199         cp.conn_latency         = cpu_to_le16(latency);
200         cp.supervision_timeout  = cpu_to_le16(to_multiplier);
201         cp.min_ce_len           = cpu_to_le16(0x0001);
202         cp.max_ce_len           = cpu_to_le16(0x0001);
203
204         hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205 }
206 EXPORT_SYMBOL(hci_le_conn_update);
207
208 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
209                                                         __u8 ltk[16])
210 {
211         struct hci_dev *hdev = conn->hdev;
212         struct hci_cp_le_start_enc cp;
213
214         BT_DBG("%p", conn);
215
216         memset(&cp, 0, sizeof(cp));
217
218         cp.handle = cpu_to_le16(conn->handle);
219         memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220         cp.ediv = ediv;
221         memcpy(cp.rand, rand, sizeof(rand));
222
223         hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224 }
225 EXPORT_SYMBOL(hci_le_start_enc);
226
227 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
228 {
229         struct hci_dev *hdev = conn->hdev;
230         struct hci_cp_le_ltk_reply cp;
231
232         BT_DBG("%p", conn);
233
234         memset(&cp, 0, sizeof(cp));
235
236         cp.handle = cpu_to_le16(conn->handle);
237         memcpy(cp.ltk, ltk, sizeof(ltk));
238
239         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
240 }
241 EXPORT_SYMBOL(hci_le_ltk_reply);
242
243 void hci_le_ltk_neg_reply(struct hci_conn *conn)
244 {
245         struct hci_dev *hdev = conn->hdev;
246         struct hci_cp_le_ltk_neg_reply cp;
247
248         BT_DBG("%p", conn);
249
250         memset(&cp, 0, sizeof(cp));
251
252         cp.handle = cpu_to_le16(conn->handle);
253
254         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
255 }
256
257 /* Device _must_ be locked */
258 void hci_sco_setup(struct hci_conn *conn, __u8 status)
259 {
260         struct hci_conn *sco = conn->link;
261
262         BT_DBG("%p", conn);
263
264         if (!sco)
265                 return;
266
267         if (!status) {
268                 if (lmp_esco_capable(conn->hdev))
269                         hci_setup_sync(sco, conn->handle);
270                 else
271                         hci_add_sco(sco, conn->handle);
272         } else {
273                 hci_proto_connect_cfm(sco, status);
274                 hci_conn_del(sco);
275         }
276 }
277
278 static void hci_conn_timeout(unsigned long arg)
279 {
280         struct hci_conn *conn = (void *) arg;
281         struct hci_dev *hdev = conn->hdev;
282         __u8 reason;
283
284         BT_DBG("conn %p state %d", conn, conn->state);
285
286         if (atomic_read(&conn->refcnt))
287                 return;
288
289         hci_dev_lock(hdev);
290
291         switch (conn->state) {
292         case BT_CONNECT:
293         case BT_CONNECT2:
294                 if (conn->out) {
295                         if (conn->type == ACL_LINK)
296                                 hci_acl_connect_cancel(conn);
297                         else if (conn->type == LE_LINK)
298                                 hci_le_connect_cancel(conn);
299                 }
300                 break;
301         case BT_CONFIG:
302         case BT_CONNECTED:
303                 reason = hci_proto_disconn_ind(conn);
304                 hci_acl_disconn(conn, reason);
305                 break;
306         default:
307                 conn->state = BT_CLOSED;
308                 break;
309         }
310
311         hci_dev_unlock(hdev);
312 }
313
314 static void hci_conn_idle(unsigned long arg)
315 {
316         struct hci_conn *conn = (void *) arg;
317
318         BT_DBG("conn %p mode %d", conn, conn->mode);
319
320         hci_conn_enter_sniff_mode(conn);
321 }
322
323 static void hci_conn_auto_accept(unsigned long arg)
324 {
325         struct hci_conn *conn = (void *) arg;
326         struct hci_dev *hdev = conn->hdev;
327
328         hci_dev_lock(hdev);
329
330         hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
331                                                                 &conn->dst);
332
333         hci_dev_unlock(hdev);
334 }
335
336 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
337                                         __u16 pkt_type, bdaddr_t *dst)
338 {
339         struct hci_conn *conn;
340
341         BT_DBG("%s dst %s", hdev->name, batostr(dst));
342
343         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
344         if (!conn)
345                 return NULL;
346
347         bacpy(&conn->dst, dst);
348         conn->hdev  = hdev;
349         conn->type  = type;
350         conn->mode  = HCI_CM_ACTIVE;
351         conn->state = BT_OPEN;
352         conn->auth_type = HCI_AT_GENERAL_BONDING;
353         conn->io_capability = hdev->io_capability;
354         conn->remote_auth = 0xff;
355         conn->key_type = 0xff;
356
357         conn->power_save = 1;
358         conn->disc_timeout = HCI_DISCONN_TIMEOUT;
359
360         switch (type) {
361         case ACL_LINK:
362                 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
363                 break;
364         case SCO_LINK:
365                 if (!pkt_type)
366                         pkt_type = SCO_ESCO_MASK;
367         case ESCO_LINK:
368                 if (!pkt_type)
369                         pkt_type = ALL_ESCO_MASK;
370                 if (lmp_esco_capable(hdev)) {
371                         /* HCI Setup Synchronous Connection Command uses
372                            reverse logic on the EDR_ESCO_MASK bits */
373                         conn->pkt_type = (pkt_type ^ EDR_ESCO_MASK) &
374                                         hdev->esco_type;
375                 } else {
376                         /* Legacy HCI Add Sco Connection Command uses a
377                            shifted bitmask */
378                         conn->pkt_type = (pkt_type << 5) & hdev->pkt_type &
379                                         SCO_PTYPE_MASK;
380                 }
381                 break;
382         }
383
384         skb_queue_head_init(&conn->data_q);
385
386         setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
387         setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
388         setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
389                                                         (unsigned long) conn);
390
391         atomic_set(&conn->refcnt, 0);
392
393         hci_dev_hold(hdev);
394
395         tasklet_disable(&hdev->tx_task);
396
397         hci_conn_hash_add(hdev, conn);
398         if (hdev->notify)
399                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
400
401         atomic_set(&conn->devref, 0);
402
403         hci_conn_init_sysfs(conn);
404
405         tasklet_enable(&hdev->tx_task);
406
407         return conn;
408 }
409
410 int hci_conn_del(struct hci_conn *conn)
411 {
412         struct hci_dev *hdev = conn->hdev;
413
414         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
415
416         del_timer(&conn->idle_timer);
417
418         del_timer(&conn->disc_timer);
419
420         del_timer(&conn->auto_accept_timer);
421
422         if (conn->type == ACL_LINK) {
423                 struct hci_conn *sco = conn->link;
424                 if (sco)
425                         sco->link = NULL;
426
427                 /* Unacked frames */
428                 hdev->acl_cnt += conn->sent;
429         } else if (conn->type == LE_LINK) {
430                 if (hdev->le_pkts)
431                         hdev->le_cnt += conn->sent;
432                 else
433                         hdev->acl_cnt += conn->sent;
434         } else {
435                 struct hci_conn *acl = conn->link;
436                 if (acl) {
437                         acl->link = NULL;
438                         hci_conn_put(acl);
439                 }
440         }
441
442         tasklet_disable(&hdev->tx_task);
443
444         hci_conn_hash_del(hdev, conn);
445         if (hdev->notify)
446                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
447
448         tasklet_enable(&hdev->tx_task);
449
450         skb_queue_purge(&conn->data_q);
451
452         hci_conn_put_device(conn);
453
454         hci_dev_put(hdev);
455
456         if (conn->handle == 0)
457                 kfree(conn);
458
459         return 0;
460 }
461
462 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
463 {
464         int use_src = bacmp(src, BDADDR_ANY);
465         struct hci_dev *hdev = NULL;
466         struct list_head *p;
467
468         BT_DBG("%s -> %s", batostr(src), batostr(dst));
469
470         read_lock_bh(&hci_dev_list_lock);
471
472         list_for_each(p, &hci_dev_list) {
473                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
474
475                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
476                         continue;
477
478                 /* Simple routing:
479                  *   No source address - find interface with bdaddr != dst
480                  *   Source address    - find interface with bdaddr == src
481                  */
482
483                 if (use_src) {
484                         if (!bacmp(&d->bdaddr, src)) {
485                                 hdev = d; break;
486                         }
487                 } else {
488                         if (bacmp(&d->bdaddr, dst)) {
489                                 hdev = d; break;
490                         }
491                 }
492         }
493
494         if (hdev)
495                 hdev = hci_dev_hold(hdev);
496
497         read_unlock_bh(&hci_dev_list_lock);
498         return hdev;
499 }
500 EXPORT_SYMBOL(hci_get_route);
501
502 /* Create SCO, ACL or LE connection.
503  * Device _must_ be locked */
504 struct hci_conn *hci_connect(struct hci_dev *hdev, int type,
505                                         __u16 pkt_type, bdaddr_t *dst,
506                                         __u8 sec_level, __u8 auth_type)
507 {
508         struct hci_conn *acl;
509         struct hci_conn *sco;
510         struct hci_conn *le;
511
512         BT_DBG("%s dst %s", hdev->name, batostr(dst));
513
514         if (type == LE_LINK) {
515                 struct adv_entry *entry;
516
517                 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
518                 if (le)
519                         return ERR_PTR(-EBUSY);
520
521                 entry = hci_find_adv_entry(hdev, dst);
522                 if (!entry)
523                         return ERR_PTR(-EHOSTUNREACH);
524
525                 le = hci_conn_add(hdev, LE_LINK, 0, dst);
526                 if (!le)
527                         return ERR_PTR(-ENOMEM);
528
529                 le->dst_type = entry->bdaddr_type;
530
531                 hci_le_connect(le);
532
533                 hci_conn_hold(le);
534
535                 return le;
536         }
537
538         acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
539         if (!acl) {
540                 acl = hci_conn_add(hdev, ACL_LINK, 0, dst);
541                 if (!acl)
542                         return NULL;
543         }
544
545         hci_conn_hold(acl);
546
547         if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
548                 acl->sec_level = BT_SECURITY_LOW;
549                 acl->pending_sec_level = sec_level;
550                 acl->auth_type = auth_type;
551                 hci_acl_connect(acl);
552         }
553
554         if (type == ACL_LINK)
555                 return acl;
556
557         sco = hci_conn_hash_lookup_ba(hdev, type, dst);
558         if (!sco) {
559                 sco = hci_conn_add(hdev, type, pkt_type, dst);
560                 if (!sco) {
561                         hci_conn_put(acl);
562                         return NULL;
563                 }
564         }
565
566         acl->link = sco;
567         sco->link = acl;
568
569         hci_conn_hold(sco);
570
571         if (acl->state == BT_CONNECTED &&
572                         (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
573                 acl->power_save = 1;
574                 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
575
576                 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
577                         /* defer SCO setup until mode change completed */
578                         set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
579                         return sco;
580                 }
581
582                 hci_sco_setup(acl, 0x00);
583         }
584
585         return sco;
586 }
587 EXPORT_SYMBOL(hci_connect);
588
589 /* Check link security requirement */
590 int hci_conn_check_link_mode(struct hci_conn *conn)
591 {
592         BT_DBG("conn %p", conn);
593
594         if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
595                                         !(conn->link_mode & HCI_LM_ENCRYPT))
596                 return 0;
597
598         return 1;
599 }
600 EXPORT_SYMBOL(hci_conn_check_link_mode);
601
602 /* Authenticate remote device */
603 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
604 {
605         BT_DBG("conn %p", conn);
606
607         if (conn->pending_sec_level > sec_level)
608                 sec_level = conn->pending_sec_level;
609
610         if (sec_level > conn->sec_level)
611                 conn->pending_sec_level = sec_level;
612         else if (conn->link_mode & HCI_LM_AUTH)
613                 return 1;
614
615         /* Make sure we preserve an existing MITM requirement*/
616         auth_type |= (conn->auth_type & 0x01);
617
618         conn->auth_type = auth_type;
619
620         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
621                 struct hci_cp_auth_requested cp;
622
623                 /* encrypt must be pending if auth is also pending */
624                 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
625
626                 cp.handle = cpu_to_le16(conn->handle);
627                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
628                                                         sizeof(cp), &cp);
629                 if (conn->key_type != 0xff)
630                         set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
631         }
632
633         return 0;
634 }
635
636 /* Encrypt the the link */
637 static void hci_conn_encrypt(struct hci_conn *conn)
638 {
639         BT_DBG("conn %p", conn);
640
641         if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
642                 struct hci_cp_set_conn_encrypt cp;
643                 cp.handle  = cpu_to_le16(conn->handle);
644                 cp.encrypt = 0x01;
645                 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
646                                                                         &cp);
647         }
648 }
649
650 /* Enable security */
651 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
652 {
653         BT_DBG("conn %p", conn);
654
655         /* For sdp we don't need the link key. */
656         if (sec_level == BT_SECURITY_SDP)
657                 return 1;
658
659         /* For non 2.1 devices and low security level we don't need the link
660            key. */
661         if (sec_level == BT_SECURITY_LOW &&
662                                 (!conn->ssp_mode || !conn->hdev->ssp_mode))
663                 return 1;
664
665         /* For other security levels we need the link key. */
666         if (!(conn->link_mode & HCI_LM_AUTH))
667                 goto auth;
668
669         /* An authenticated combination key has sufficient security for any
670            security level. */
671         if (conn->key_type == HCI_LK_AUTH_COMBINATION)
672                 goto encrypt;
673
674         /* An unauthenticated combination key has sufficient security for
675            security level 1 and 2. */
676         if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
677                         (sec_level == BT_SECURITY_MEDIUM ||
678                         sec_level == BT_SECURITY_LOW))
679                 goto encrypt;
680
681         /* A combination key has always sufficient security for the security
682            levels 1 or 2. High security level requires the combination key
683            is generated using maximum PIN code length (16).
684            For pre 2.1 units. */
685         if (conn->key_type == HCI_LK_COMBINATION &&
686                         (sec_level != BT_SECURITY_HIGH ||
687                         conn->pin_length == 16))
688                 goto encrypt;
689
690 auth:
691         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
692                 return 0;
693
694         if (!hci_conn_auth(conn, sec_level, auth_type))
695                 return 0;
696
697 encrypt:
698         if (conn->link_mode & HCI_LM_ENCRYPT)
699                 return 1;
700
701         hci_conn_encrypt(conn);
702         return 0;
703 }
704 EXPORT_SYMBOL(hci_conn_security);
705
706 /* Check secure link requirement */
707 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
708 {
709         BT_DBG("conn %p", conn);
710
711         if (sec_level != BT_SECURITY_HIGH)
712                 return 1; /* Accept if non-secure is required */
713
714         if (conn->sec_level == BT_SECURITY_HIGH)
715                 return 1;
716
717         return 0; /* Reject not secure link */
718 }
719 EXPORT_SYMBOL(hci_conn_check_secure);
720
721 /* Change link key */
722 int hci_conn_change_link_key(struct hci_conn *conn)
723 {
724         BT_DBG("conn %p", conn);
725
726         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
727                 struct hci_cp_change_conn_link_key cp;
728                 cp.handle = cpu_to_le16(conn->handle);
729                 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
730                                                         sizeof(cp), &cp);
731         }
732
733         return 0;
734 }
735 EXPORT_SYMBOL(hci_conn_change_link_key);
736
737 /* Switch role */
738 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
739 {
740         BT_DBG("conn %p", conn);
741
742         if (!role && conn->link_mode & HCI_LM_MASTER)
743                 return 1;
744
745         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
746                 struct hci_cp_switch_role cp;
747                 bacpy(&cp.bdaddr, &conn->dst);
748                 cp.role = role;
749                 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
750         }
751
752         return 0;
753 }
754 EXPORT_SYMBOL(hci_conn_switch_role);
755
756 /* Enter active mode */
757 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
758 {
759         struct hci_dev *hdev = conn->hdev;
760
761         BT_DBG("conn %p mode %d", conn, conn->mode);
762
763         if (test_bit(HCI_RAW, &hdev->flags))
764                 return;
765
766         if (conn->mode != HCI_CM_SNIFF)
767                 goto timer;
768
769         if (!conn->power_save && !force_active)
770                 goto timer;
771
772         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
773                 struct hci_cp_exit_sniff_mode cp;
774                 cp.handle = cpu_to_le16(conn->handle);
775                 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
776         }
777
778 timer:
779         if (hdev->idle_timeout > 0)
780                 mod_timer(&conn->idle_timer,
781                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
782 }
783
784 /* Enter sniff mode */
785 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
786 {
787         struct hci_dev *hdev = conn->hdev;
788
789         BT_DBG("conn %p mode %d", conn, conn->mode);
790
791         if (test_bit(HCI_RAW, &hdev->flags))
792                 return;
793
794         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
795                 return;
796
797         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
798                 return;
799
800         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
801                 struct hci_cp_sniff_subrate cp;
802                 cp.handle             = cpu_to_le16(conn->handle);
803                 cp.max_latency        = cpu_to_le16(0);
804                 cp.min_remote_timeout = cpu_to_le16(0);
805                 cp.min_local_timeout  = cpu_to_le16(0);
806                 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
807         }
808
809         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
810                 struct hci_cp_sniff_mode cp;
811                 cp.handle       = cpu_to_le16(conn->handle);
812                 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
813                 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
814                 cp.attempt      = cpu_to_le16(4);
815                 cp.timeout      = cpu_to_le16(1);
816                 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
817         }
818 }
819
820 /* Drop all connection on the device */
821 void hci_conn_hash_flush(struct hci_dev *hdev)
822 {
823         struct hci_conn_hash *h = &hdev->conn_hash;
824         struct list_head *p;
825
826         BT_DBG("hdev %s", hdev->name);
827
828         p = h->list.next;
829         while (p != &h->list) {
830                 struct hci_conn *c;
831
832                 c = list_entry(p, struct hci_conn, list);
833                 p = p->next;
834
835                 c->state = BT_CLOSED;
836
837                 hci_proto_disconn_cfm(c, 0x16);
838                 hci_conn_del(c);
839         }
840 }
841
842 /* Check pending connect attempts */
843 void hci_conn_check_pending(struct hci_dev *hdev)
844 {
845         struct hci_conn *conn;
846
847         BT_DBG("hdev %s", hdev->name);
848
849         hci_dev_lock(hdev);
850
851         conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
852         if (conn)
853                 hci_acl_connect(conn);
854
855         hci_dev_unlock(hdev);
856 }
857
858 void hci_conn_hold_device(struct hci_conn *conn)
859 {
860         atomic_inc(&conn->devref);
861 }
862 EXPORT_SYMBOL(hci_conn_hold_device);
863
864 void hci_conn_put_device(struct hci_conn *conn)
865 {
866         if (atomic_dec_and_test(&conn->devref))
867                 hci_conn_del_sysfs(conn);
868 }
869 EXPORT_SYMBOL(hci_conn_put_device);
870
871 int hci_get_conn_list(void __user *arg)
872 {
873         struct hci_conn_list_req req, *cl;
874         struct hci_conn_info *ci;
875         struct hci_dev *hdev;
876         struct list_head *p;
877         int n = 0, size, err;
878
879         if (copy_from_user(&req, arg, sizeof(req)))
880                 return -EFAULT;
881
882         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
883                 return -EINVAL;
884
885         size = sizeof(req) + req.conn_num * sizeof(*ci);
886
887         cl = kmalloc(size, GFP_KERNEL);
888         if (!cl)
889                 return -ENOMEM;
890
891         hdev = hci_dev_get(req.dev_id);
892         if (!hdev) {
893                 kfree(cl);
894                 return -ENODEV;
895         }
896
897         ci = cl->conn_info;
898
899         hci_dev_lock_bh(hdev);
900         list_for_each(p, &hdev->conn_hash.list) {
901                 register struct hci_conn *c;
902                 c = list_entry(p, struct hci_conn, list);
903
904                 bacpy(&(ci + n)->bdaddr, &c->dst);
905                 (ci + n)->handle = c->handle;
906                 (ci + n)->type  = c->type;
907                 (ci + n)->out   = c->out;
908                 (ci + n)->state = c->state;
909                 (ci + n)->link_mode = c->link_mode;
910                 if (c->type == SCO_LINK) {
911                         (ci + n)->mtu = hdev->sco_mtu;
912                         (ci + n)->cnt = hdev->sco_cnt;
913                         (ci + n)->pkts = hdev->sco_pkts;
914                 } else {
915                         (ci + n)->mtu = hdev->acl_mtu;
916                         (ci + n)->cnt = hdev->acl_cnt;
917                         (ci + n)->pkts = hdev->acl_pkts;
918                 }
919                 if (++n >= req.conn_num)
920                         break;
921         }
922         hci_dev_unlock_bh(hdev);
923
924         cl->dev_id = hdev->id;
925         cl->conn_num = n;
926         size = sizeof(req) + n * sizeof(*ci);
927
928         hci_dev_put(hdev);
929
930         err = copy_to_user(arg, cl, size);
931         kfree(cl);
932
933         return err ? -EFAULT : 0;
934 }
935
936 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
937 {
938         struct hci_conn_info_req req;
939         struct hci_conn_info ci;
940         struct hci_conn *conn;
941         char __user *ptr = arg + sizeof(req);
942
943         if (copy_from_user(&req, arg, sizeof(req)))
944                 return -EFAULT;
945
946         hci_dev_lock_bh(hdev);
947         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
948         if (conn) {
949                 bacpy(&ci.bdaddr, &conn->dst);
950                 ci.handle = conn->handle;
951                 ci.type  = conn->type;
952                 ci.out   = conn->out;
953                 ci.state = conn->state;
954                 ci.link_mode = conn->link_mode;
955                 if (req.type == SCO_LINK) {
956                         ci.mtu = hdev->sco_mtu;
957                         ci.cnt = hdev->sco_cnt;
958                         ci.pkts = hdev->sco_pkts;
959                 } else {
960                         ci.mtu = hdev->acl_mtu;
961                         ci.cnt = hdev->acl_cnt;
962                         ci.pkts = hdev->acl_pkts;
963                 }
964         }
965         hci_dev_unlock_bh(hdev);
966
967         if (!conn)
968                 return -ENOENT;
969
970         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
971 }
972
973 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
974 {
975         struct hci_auth_info_req req;
976         struct hci_conn *conn;
977
978         if (copy_from_user(&req, arg, sizeof(req)))
979                 return -EFAULT;
980
981         hci_dev_lock_bh(hdev);
982         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
983         if (conn)
984                 req.type = conn->auth_type;
985         hci_dev_unlock_bh(hdev);
986
987         if (!conn)
988                 return -ENOENT;
989
990         return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
991 }