Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
[linux-2.6.git] / net / bluetooth / hci_conn.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 static void hci_le_connect(struct hci_conn *conn)
49 {
50         struct hci_dev *hdev = conn->hdev;
51         struct hci_cp_le_create_conn cp;
52
53         conn->state = BT_CONNECT;
54         conn->out = 1;
55         conn->link_mode |= HCI_LM_MASTER;
56         conn->sec_level = BT_SECURITY_LOW;
57
58         memset(&cp, 0, sizeof(cp));
59         cp.scan_interval = cpu_to_le16(0x0060);
60         cp.scan_window = cpu_to_le16(0x0030);
61         bacpy(&cp.peer_addr, &conn->dst);
62         cp.peer_addr_type = conn->dst_type;
63         cp.conn_interval_min = cpu_to_le16(0x0028);
64         cp.conn_interval_max = cpu_to_le16(0x0038);
65         cp.supervision_timeout = cpu_to_le16(0x002a);
66         cp.min_ce_len = cpu_to_le16(0x0000);
67         cp.max_ce_len = cpu_to_le16(0x0000);
68
69         hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
70 }
71
72 static void hci_le_connect_cancel(struct hci_conn *conn)
73 {
74         hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
75 }
76
77 void hci_acl_connect(struct hci_conn *conn)
78 {
79         struct hci_dev *hdev = conn->hdev;
80         struct inquiry_entry *ie;
81         struct hci_cp_create_conn cp;
82
83         BT_DBG("%p", conn);
84
85         conn->state = BT_CONNECT;
86         conn->out = 1;
87
88         conn->link_mode = HCI_LM_MASTER;
89
90         conn->attempt++;
91
92         conn->link_policy = hdev->link_policy;
93
94         memset(&cp, 0, sizeof(cp));
95         bacpy(&cp.bdaddr, &conn->dst);
96         cp.pscan_rep_mode = 0x02;
97
98         ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
99         if (ie) {
100                 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
101                         cp.pscan_rep_mode = ie->data.pscan_rep_mode;
102                         cp.pscan_mode     = ie->data.pscan_mode;
103                         cp.clock_offset   = ie->data.clock_offset |
104                                                         cpu_to_le16(0x8000);
105                 }
106
107                 memcpy(conn->dev_class, ie->data.dev_class, 3);
108                 conn->ssp_mode = ie->data.ssp_mode;
109         }
110
111         cp.pkt_type = cpu_to_le16(conn->pkt_type);
112         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
113                 cp.role_switch = 0x01;
114         else
115                 cp.role_switch = 0x00;
116
117         hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
118 }
119
120 static void hci_acl_connect_cancel(struct hci_conn *conn)
121 {
122         struct hci_cp_create_conn_cancel cp;
123
124         BT_DBG("%p", conn);
125
126         if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
127                 return;
128
129         bacpy(&cp.bdaddr, &conn->dst);
130         hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
131 }
132
133 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134 {
135         struct hci_cp_disconnect cp;
136
137         BT_DBG("%p", conn);
138
139         conn->state = BT_DISCONN;
140
141         cp.handle = cpu_to_le16(conn->handle);
142         cp.reason = reason;
143         hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
144 }
145
146 void hci_add_sco(struct hci_conn *conn, __u16 handle)
147 {
148         struct hci_dev *hdev = conn->hdev;
149         struct hci_cp_add_sco cp;
150
151         BT_DBG("%p", conn);
152
153         conn->state = BT_CONNECT;
154         conn->out = 1;
155
156         conn->attempt++;
157
158         cp.handle   = cpu_to_le16(handle);
159         cp.pkt_type = cpu_to_le16(conn->pkt_type);
160
161         hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
162 }
163
164 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165 {
166         struct hci_dev *hdev = conn->hdev;
167         struct hci_cp_setup_sync_conn cp;
168
169         BT_DBG("%p", conn);
170
171         conn->state = BT_CONNECT;
172         conn->out = 1;
173
174         conn->attempt++;
175
176         cp.handle   = cpu_to_le16(handle);
177         cp.pkt_type = cpu_to_le16(conn->pkt_type);
178
179         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
180         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
181         cp.max_latency    = cpu_to_le16(0xffff);
182         cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
183         cp.retrans_effort = 0xff;
184
185         hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
186 }
187
188 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189                                         u16 latency, u16 to_multiplier)
190 {
191         struct hci_cp_le_conn_update cp;
192         struct hci_dev *hdev = conn->hdev;
193
194         memset(&cp, 0, sizeof(cp));
195
196         cp.handle               = cpu_to_le16(conn->handle);
197         cp.conn_interval_min    = cpu_to_le16(min);
198         cp.conn_interval_max    = cpu_to_le16(max);
199         cp.conn_latency         = cpu_to_le16(latency);
200         cp.supervision_timeout  = cpu_to_le16(to_multiplier);
201         cp.min_ce_len           = cpu_to_le16(0x0001);
202         cp.max_ce_len           = cpu_to_le16(0x0001);
203
204         hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205 }
206 EXPORT_SYMBOL(hci_le_conn_update);
207
208 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
209                                                         __u8 ltk[16])
210 {
211         struct hci_dev *hdev = conn->hdev;
212         struct hci_cp_le_start_enc cp;
213
214         BT_DBG("%p", conn);
215
216         memset(&cp, 0, sizeof(cp));
217
218         cp.handle = cpu_to_le16(conn->handle);
219         memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220         cp.ediv = ediv;
221         memcpy(cp.rand, rand, sizeof(cp.rand));
222
223         hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224 }
225 EXPORT_SYMBOL(hci_le_start_enc);
226
227 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
228 {
229         struct hci_dev *hdev = conn->hdev;
230         struct hci_cp_le_ltk_reply cp;
231
232         BT_DBG("%p", conn);
233
234         memset(&cp, 0, sizeof(cp));
235
236         cp.handle = cpu_to_le16(conn->handle);
237         memcpy(cp.ltk, ltk, sizeof(ltk));
238
239         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
240 }
241 EXPORT_SYMBOL(hci_le_ltk_reply);
242
243 void hci_le_ltk_neg_reply(struct hci_conn *conn)
244 {
245         struct hci_dev *hdev = conn->hdev;
246         struct hci_cp_le_ltk_neg_reply cp;
247
248         BT_DBG("%p", conn);
249
250         memset(&cp, 0, sizeof(cp));
251
252         cp.handle = cpu_to_le16(conn->handle);
253
254         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
255 }
256
257 /* Device _must_ be locked */
258 void hci_sco_setup(struct hci_conn *conn, __u8 status)
259 {
260         struct hci_conn *sco = conn->link;
261
262         BT_DBG("%p", conn);
263
264         if (!sco)
265                 return;
266
267         if (!status) {
268                 if (lmp_esco_capable(conn->hdev))
269                         hci_setup_sync(sco, conn->handle);
270                 else
271                         hci_add_sco(sco, conn->handle);
272         } else {
273                 hci_proto_connect_cfm(sco, status);
274                 hci_conn_del(sco);
275         }
276 }
277
278 static void hci_conn_timeout(unsigned long arg)
279 {
280         struct hci_conn *conn = (void *) arg;
281         struct hci_dev *hdev = conn->hdev;
282         __u8 reason;
283
284         BT_DBG("conn %p state %d", conn, conn->state);
285
286         if (atomic_read(&conn->refcnt))
287                 return;
288
289         hci_dev_lock(hdev);
290
291         switch (conn->state) {
292         case BT_CONNECT:
293         case BT_CONNECT2:
294                 if (conn->out) {
295                         if (conn->type == ACL_LINK)
296                                 hci_acl_connect_cancel(conn);
297                         else if (conn->type == LE_LINK)
298                                 hci_le_connect_cancel(conn);
299                 }
300                 break;
301         case BT_CONFIG:
302         case BT_CONNECTED:
303                 reason = hci_proto_disconn_ind(conn);
304                 hci_acl_disconn(conn, reason);
305                 break;
306         default:
307                 conn->state = BT_CLOSED;
308                 break;
309         }
310
311         hci_dev_unlock(hdev);
312 }
313
314 static void hci_conn_idle(unsigned long arg)
315 {
316         struct hci_conn *conn = (void *) arg;
317
318         BT_DBG("conn %p mode %d", conn, conn->mode);
319
320         hci_conn_enter_sniff_mode(conn);
321 }
322
323 static void hci_conn_auto_accept(unsigned long arg)
324 {
325         struct hci_conn *conn = (void *) arg;
326         struct hci_dev *hdev = conn->hdev;
327
328         hci_dev_lock(hdev);
329
330         hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
331                                                                 &conn->dst);
332
333         hci_dev_unlock(hdev);
334 }
335
336 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
337 {
338         struct hci_conn *conn;
339
340         BT_DBG("%s dst %s", hdev->name, batostr(dst));
341
342         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
343         if (!conn)
344                 return NULL;
345
346         bacpy(&conn->dst, dst);
347         conn->hdev  = hdev;
348         conn->type  = type;
349         conn->mode  = HCI_CM_ACTIVE;
350         conn->state = BT_OPEN;
351         conn->auth_type = HCI_AT_GENERAL_BONDING;
352         conn->io_capability = hdev->io_capability;
353         conn->remote_auth = 0xff;
354         conn->key_type = 0xff;
355
356         conn->power_save = 1;
357         conn->disc_timeout = HCI_DISCONN_TIMEOUT;
358
359         switch (type) {
360         case ACL_LINK:
361                 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
362                 break;
363         case SCO_LINK:
364                 if (lmp_esco_capable(hdev))
365                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
366                                         (hdev->esco_type & EDR_ESCO_MASK);
367                 else
368                         conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
369                 break;
370         case ESCO_LINK:
371                 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
372                 break;
373         }
374
375         skb_queue_head_init(&conn->data_q);
376
377         hci_chan_hash_init(conn);
378
379         setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
380         setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
381         setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
382                                                         (unsigned long) conn);
383
384         atomic_set(&conn->refcnt, 0);
385
386         hci_dev_hold(hdev);
387
388         tasklet_disable(&hdev->tx_task);
389
390         hci_conn_hash_add(hdev, conn);
391         if (hdev->notify)
392                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
393
394         atomic_set(&conn->devref, 0);
395
396         hci_conn_init_sysfs(conn);
397
398         tasklet_enable(&hdev->tx_task);
399
400         return conn;
401 }
402
403 int hci_conn_del(struct hci_conn *conn)
404 {
405         struct hci_dev *hdev = conn->hdev;
406
407         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
408
409         del_timer(&conn->idle_timer);
410
411         del_timer(&conn->disc_timer);
412
413         del_timer(&conn->auto_accept_timer);
414
415         if (conn->type == ACL_LINK) {
416                 struct hci_conn *sco = conn->link;
417                 if (sco)
418                         sco->link = NULL;
419
420                 /* Unacked frames */
421                 hdev->acl_cnt += conn->sent;
422         } else if (conn->type == LE_LINK) {
423                 if (hdev->le_pkts)
424                         hdev->le_cnt += conn->sent;
425                 else
426                         hdev->acl_cnt += conn->sent;
427         } else {
428                 struct hci_conn *acl = conn->link;
429                 if (acl) {
430                         acl->link = NULL;
431                         hci_conn_put(acl);
432                 }
433         }
434
435         tasklet_disable(&hdev->tx_task);
436
437         hci_chan_hash_flush(conn);
438
439         hci_conn_hash_del(hdev, conn);
440         if (hdev->notify)
441                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
442
443         tasklet_enable(&hdev->tx_task);
444
445         skb_queue_purge(&conn->data_q);
446
447         hci_conn_put_device(conn);
448
449         hci_dev_put(hdev);
450
451         if (conn->handle == 0)
452                 kfree(conn);
453
454         return 0;
455 }
456
457 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
458 {
459         int use_src = bacmp(src, BDADDR_ANY);
460         struct hci_dev *hdev = NULL, *d;
461
462         BT_DBG("%s -> %s", batostr(src), batostr(dst));
463
464         read_lock_bh(&hci_dev_list_lock);
465
466         list_for_each_entry(d, &hci_dev_list, list) {
467                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
468                         continue;
469
470                 /* Simple routing:
471                  *   No source address - find interface with bdaddr != dst
472                  *   Source address    - find interface with bdaddr == src
473                  */
474
475                 if (use_src) {
476                         if (!bacmp(&d->bdaddr, src)) {
477                                 hdev = d; break;
478                         }
479                 } else {
480                         if (bacmp(&d->bdaddr, dst)) {
481                                 hdev = d; break;
482                         }
483                 }
484         }
485
486         if (hdev)
487                 hdev = hci_dev_hold(hdev);
488
489         read_unlock_bh(&hci_dev_list_lock);
490         return hdev;
491 }
492 EXPORT_SYMBOL(hci_get_route);
493
494 /* Create SCO, ACL or LE connection.
495  * Device _must_ be locked */
496 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
497 {
498         struct hci_conn *acl;
499         struct hci_conn *sco;
500         struct hci_conn *le;
501
502         BT_DBG("%s dst %s", hdev->name, batostr(dst));
503
504         if (type == LE_LINK) {
505                 struct adv_entry *entry;
506
507                 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
508                 if (le)
509                         return ERR_PTR(-EBUSY);
510
511                 entry = hci_find_adv_entry(hdev, dst);
512                 if (!entry)
513                         return ERR_PTR(-EHOSTUNREACH);
514
515                 le = hci_conn_add(hdev, LE_LINK, dst);
516                 if (!le)
517                         return ERR_PTR(-ENOMEM);
518
519                 le->dst_type = entry->bdaddr_type;
520
521                 hci_le_connect(le);
522
523                 hci_conn_hold(le);
524
525                 return le;
526         }
527
528         acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
529         if (!acl) {
530                 acl = hci_conn_add(hdev, ACL_LINK, dst);
531                 if (!acl)
532                         return NULL;
533         }
534
535         hci_conn_hold(acl);
536
537         if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
538                 acl->sec_level = BT_SECURITY_LOW;
539                 acl->pending_sec_level = sec_level;
540                 acl->auth_type = auth_type;
541                 hci_acl_connect(acl);
542         }
543
544         if (type == ACL_LINK)
545                 return acl;
546
547         sco = hci_conn_hash_lookup_ba(hdev, type, dst);
548         if (!sco) {
549                 sco = hci_conn_add(hdev, type, dst);
550                 if (!sco) {
551                         hci_conn_put(acl);
552                         return NULL;
553                 }
554         }
555
556         acl->link = sco;
557         sco->link = acl;
558
559         hci_conn_hold(sco);
560
561         if (acl->state == BT_CONNECTED &&
562                         (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
563                 acl->power_save = 1;
564                 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
565
566                 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
567                         /* defer SCO setup until mode change completed */
568                         set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
569                         return sco;
570                 }
571
572                 hci_sco_setup(acl, 0x00);
573         }
574
575         return sco;
576 }
577 EXPORT_SYMBOL(hci_connect);
578
579 /* Check link security requirement */
580 int hci_conn_check_link_mode(struct hci_conn *conn)
581 {
582         BT_DBG("conn %p", conn);
583
584         if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
585                                         !(conn->link_mode & HCI_LM_ENCRYPT))
586                 return 0;
587
588         return 1;
589 }
590 EXPORT_SYMBOL(hci_conn_check_link_mode);
591
592 /* Authenticate remote device */
593 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
594 {
595         BT_DBG("conn %p", conn);
596
597         if (conn->pending_sec_level > sec_level)
598                 sec_level = conn->pending_sec_level;
599
600         if (sec_level > conn->sec_level)
601                 conn->pending_sec_level = sec_level;
602         else if (conn->link_mode & HCI_LM_AUTH)
603                 return 1;
604
605         /* Make sure we preserve an existing MITM requirement*/
606         auth_type |= (conn->auth_type & 0x01);
607
608         conn->auth_type = auth_type;
609
610         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
611                 struct hci_cp_auth_requested cp;
612                 cp.handle = cpu_to_le16(conn->handle);
613                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
614                                                         sizeof(cp), &cp);
615                 if (conn->key_type != 0xff)
616                         set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
617         }
618
619         return 0;
620 }
621
622 /* Encrypt the the link */
623 static void hci_conn_encrypt(struct hci_conn *conn)
624 {
625         BT_DBG("conn %p", conn);
626
627         if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
628                 struct hci_cp_set_conn_encrypt cp;
629                 cp.handle  = cpu_to_le16(conn->handle);
630                 cp.encrypt = 0x01;
631                 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
632                                                                         &cp);
633         }
634 }
635
636 /* Enable security */
637 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
638 {
639         BT_DBG("conn %p", conn);
640
641         /* For sdp we don't need the link key. */
642         if (sec_level == BT_SECURITY_SDP)
643                 return 1;
644
645         /* For non 2.1 devices and low security level we don't need the link
646            key. */
647         if (sec_level == BT_SECURITY_LOW &&
648                                 (!conn->ssp_mode || !conn->hdev->ssp_mode))
649                 return 1;
650
651         /* For other security levels we need the link key. */
652         if (!(conn->link_mode & HCI_LM_AUTH))
653                 goto auth;
654
655         /* An authenticated combination key has sufficient security for any
656            security level. */
657         if (conn->key_type == HCI_LK_AUTH_COMBINATION)
658                 goto encrypt;
659
660         /* An unauthenticated combination key has sufficient security for
661            security level 1 and 2. */
662         if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
663                         (sec_level == BT_SECURITY_MEDIUM ||
664                         sec_level == BT_SECURITY_LOW))
665                 goto encrypt;
666
667         /* A combination key has always sufficient security for the security
668            levels 1 or 2. High security level requires the combination key
669            is generated using maximum PIN code length (16).
670            For pre 2.1 units. */
671         if (conn->key_type == HCI_LK_COMBINATION &&
672                         (sec_level != BT_SECURITY_HIGH ||
673                         conn->pin_length == 16))
674                 goto encrypt;
675
676 auth:
677         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
678                 return 0;
679
680         if (!hci_conn_auth(conn, sec_level, auth_type))
681                 return 0;
682
683 encrypt:
684         if (conn->link_mode & HCI_LM_ENCRYPT)
685                 return 1;
686
687         hci_conn_encrypt(conn);
688         return 0;
689 }
690 EXPORT_SYMBOL(hci_conn_security);
691
692 /* Check secure link requirement */
693 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
694 {
695         BT_DBG("conn %p", conn);
696
697         if (sec_level != BT_SECURITY_HIGH)
698                 return 1; /* Accept if non-secure is required */
699
700         if (conn->sec_level == BT_SECURITY_HIGH)
701                 return 1;
702
703         return 0; /* Reject not secure link */
704 }
705 EXPORT_SYMBOL(hci_conn_check_secure);
706
707 /* Change link key */
708 int hci_conn_change_link_key(struct hci_conn *conn)
709 {
710         BT_DBG("conn %p", conn);
711
712         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
713                 struct hci_cp_change_conn_link_key cp;
714                 cp.handle = cpu_to_le16(conn->handle);
715                 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
716                                                         sizeof(cp), &cp);
717         }
718
719         return 0;
720 }
721 EXPORT_SYMBOL(hci_conn_change_link_key);
722
723 /* Switch role */
724 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
725 {
726         BT_DBG("conn %p", conn);
727
728         if (!role && conn->link_mode & HCI_LM_MASTER)
729                 return 1;
730
731         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
732                 struct hci_cp_switch_role cp;
733                 bacpy(&cp.bdaddr, &conn->dst);
734                 cp.role = role;
735                 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
736         }
737
738         return 0;
739 }
740 EXPORT_SYMBOL(hci_conn_switch_role);
741
742 /* Enter active mode */
743 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
744 {
745         struct hci_dev *hdev = conn->hdev;
746
747         BT_DBG("conn %p mode %d", conn, conn->mode);
748
749         if (test_bit(HCI_RAW, &hdev->flags))
750                 return;
751
752         if (conn->mode != HCI_CM_SNIFF)
753                 goto timer;
754
755         if (!conn->power_save && !force_active)
756                 goto timer;
757
758         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
759                 struct hci_cp_exit_sniff_mode cp;
760                 cp.handle = cpu_to_le16(conn->handle);
761                 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
762         }
763
764 timer:
765         if (hdev->idle_timeout > 0)
766                 mod_timer(&conn->idle_timer,
767                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
768 }
769
770 /* Enter sniff mode */
771 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
772 {
773         struct hci_dev *hdev = conn->hdev;
774
775         BT_DBG("conn %p mode %d", conn, conn->mode);
776
777         if (test_bit(HCI_RAW, &hdev->flags))
778                 return;
779
780         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
781                 return;
782
783         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
784                 return;
785
786         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
787                 struct hci_cp_sniff_subrate cp;
788                 cp.handle             = cpu_to_le16(conn->handle);
789                 cp.max_latency        = cpu_to_le16(0);
790                 cp.min_remote_timeout = cpu_to_le16(0);
791                 cp.min_local_timeout  = cpu_to_le16(0);
792                 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
793         }
794
795         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
796                 struct hci_cp_sniff_mode cp;
797                 cp.handle       = cpu_to_le16(conn->handle);
798                 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
799                 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
800                 cp.attempt      = cpu_to_le16(4);
801                 cp.timeout      = cpu_to_le16(1);
802                 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
803         }
804 }
805
806 /* Drop all connection on the device */
807 void hci_conn_hash_flush(struct hci_dev *hdev)
808 {
809         struct hci_conn_hash *h = &hdev->conn_hash;
810         struct list_head *p;
811
812         BT_DBG("hdev %s", hdev->name);
813
814         p = h->list.next;
815         while (p != &h->list) {
816                 struct hci_conn *c;
817
818                 c = list_entry(p, struct hci_conn, list);
819                 p = p->next;
820
821                 c->state = BT_CLOSED;
822
823                 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
824                 hci_conn_del(c);
825         }
826 }
827
828 /* Check pending connect attempts */
829 void hci_conn_check_pending(struct hci_dev *hdev)
830 {
831         struct hci_conn *conn;
832
833         BT_DBG("hdev %s", hdev->name);
834
835         hci_dev_lock(hdev);
836
837         conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
838         if (conn)
839                 hci_acl_connect(conn);
840
841         hci_dev_unlock(hdev);
842 }
843
844 void hci_conn_hold_device(struct hci_conn *conn)
845 {
846         atomic_inc(&conn->devref);
847 }
848 EXPORT_SYMBOL(hci_conn_hold_device);
849
850 void hci_conn_put_device(struct hci_conn *conn)
851 {
852         if (atomic_dec_and_test(&conn->devref))
853                 hci_conn_del_sysfs(conn);
854 }
855 EXPORT_SYMBOL(hci_conn_put_device);
856
857 int hci_get_conn_list(void __user *arg)
858 {
859         register struct hci_conn *c;
860         struct hci_conn_list_req req, *cl;
861         struct hci_conn_info *ci;
862         struct hci_dev *hdev;
863         int n = 0, size, err;
864
865         if (copy_from_user(&req, arg, sizeof(req)))
866                 return -EFAULT;
867
868         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
869                 return -EINVAL;
870
871         size = sizeof(req) + req.conn_num * sizeof(*ci);
872
873         cl = kmalloc(size, GFP_KERNEL);
874         if (!cl)
875                 return -ENOMEM;
876
877         hdev = hci_dev_get(req.dev_id);
878         if (!hdev) {
879                 kfree(cl);
880                 return -ENODEV;
881         }
882
883         ci = cl->conn_info;
884
885         hci_dev_lock_bh(hdev);
886         list_for_each_entry(c, &hdev->conn_hash.list, list) {
887                 bacpy(&(ci + n)->bdaddr, &c->dst);
888                 (ci + n)->handle = c->handle;
889                 (ci + n)->type  = c->type;
890                 (ci + n)->out   = c->out;
891                 (ci + n)->state = c->state;
892                 (ci + n)->link_mode = c->link_mode;
893                 if (++n >= req.conn_num)
894                         break;
895         }
896         hci_dev_unlock_bh(hdev);
897
898         cl->dev_id = hdev->id;
899         cl->conn_num = n;
900         size = sizeof(req) + n * sizeof(*ci);
901
902         hci_dev_put(hdev);
903
904         err = copy_to_user(arg, cl, size);
905         kfree(cl);
906
907         return err ? -EFAULT : 0;
908 }
909
910 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
911 {
912         struct hci_conn_info_req req;
913         struct hci_conn_info ci;
914         struct hci_conn *conn;
915         char __user *ptr = arg + sizeof(req);
916
917         if (copy_from_user(&req, arg, sizeof(req)))
918                 return -EFAULT;
919
920         hci_dev_lock_bh(hdev);
921         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
922         if (conn) {
923                 bacpy(&ci.bdaddr, &conn->dst);
924                 ci.handle = conn->handle;
925                 ci.type  = conn->type;
926                 ci.out   = conn->out;
927                 ci.state = conn->state;
928                 ci.link_mode = conn->link_mode;
929         }
930         hci_dev_unlock_bh(hdev);
931
932         if (!conn)
933                 return -ENOENT;
934
935         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
936 }
937
938 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
939 {
940         struct hci_auth_info_req req;
941         struct hci_conn *conn;
942
943         if (copy_from_user(&req, arg, sizeof(req)))
944                 return -EFAULT;
945
946         hci_dev_lock_bh(hdev);
947         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
948         if (conn)
949                 req.type = conn->auth_type;
950         hci_dev_unlock_bh(hdev);
951
952         if (!conn)
953                 return -ENOENT;
954
955         return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
956 }
957
958 struct hci_chan *hci_chan_create(struct hci_conn *conn)
959 {
960         struct hci_dev *hdev = conn->hdev;
961         struct hci_chan *chan;
962
963         BT_DBG("%s conn %p", hdev->name, conn);
964
965         chan = kzalloc(sizeof(struct hci_chan), GFP_ATOMIC);
966         if (!chan)
967                 return NULL;
968
969         chan->conn = conn;
970         skb_queue_head_init(&chan->data_q);
971
972         tasklet_disable(&hdev->tx_task);
973         hci_chan_hash_add(conn, chan);
974         tasklet_enable(&hdev->tx_task);
975
976         return chan;
977 }
978
979 int hci_chan_del(struct hci_chan *chan)
980 {
981         struct hci_conn *conn = chan->conn;
982         struct hci_dev *hdev = conn->hdev;
983
984         BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
985
986         tasklet_disable(&hdev->tx_task);
987         hci_chan_hash_del(conn, chan);
988         tasklet_enable(&hdev->tx_task);
989
990         skb_queue_purge(&chan->data_q);
991         kfree(chan);
992
993         return 0;
994 }
995
996 void hci_chan_hash_flush(struct hci_conn *conn)
997 {
998         struct hci_chan_hash *h = &conn->chan_hash;
999         struct hci_chan *chan, *tmp;
1000
1001         BT_DBG("conn %p", conn);
1002
1003         list_for_each_entry_safe(chan, tmp, &h->list, list)
1004                 hci_chan_del(chan);
1005 }