Bluetooth: Allow SCO/eSCO packet type selection for outgoing SCO connections.
[linux-2.6.git] / net / bluetooth / hci_conn.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 static void hci_le_connect(struct hci_conn *conn)
49 {
50         struct hci_dev *hdev = conn->hdev;
51         struct hci_cp_le_create_conn cp;
52
53         conn->state = BT_CONNECT;
54         conn->out = 1;
55         conn->link_mode |= HCI_LM_MASTER;
56         conn->sec_level = BT_SECURITY_LOW;
57
58         memset(&cp, 0, sizeof(cp));
59         cp.scan_interval = cpu_to_le16(0x0004);
60         cp.scan_window = cpu_to_le16(0x0004);
61         bacpy(&cp.peer_addr, &conn->dst);
62         cp.peer_addr_type = conn->dst_type;
63         cp.conn_interval_min = cpu_to_le16(0x0008);
64         cp.conn_interval_max = cpu_to_le16(0x0100);
65         cp.supervision_timeout = cpu_to_le16(0x0064);
66         cp.min_ce_len = cpu_to_le16(0x0001);
67         cp.max_ce_len = cpu_to_le16(0x0001);
68
69         hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
70 }
71
72 static void hci_le_connect_cancel(struct hci_conn *conn)
73 {
74         hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
75 }
76
77 void hci_acl_connect(struct hci_conn *conn)
78 {
79         struct hci_dev *hdev = conn->hdev;
80         struct inquiry_entry *ie;
81         struct hci_cp_create_conn cp;
82
83         BT_DBG("%p", conn);
84
85         conn->state = BT_CONNECT;
86         conn->out = 1;
87
88         conn->link_mode = HCI_LM_MASTER;
89
90         conn->attempt++;
91
92         conn->link_policy = hdev->link_policy;
93
94         memset(&cp, 0, sizeof(cp));
95         bacpy(&cp.bdaddr, &conn->dst);
96         cp.pscan_rep_mode = 0x02;
97
98         ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
99         if (ie) {
100                 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
101                         cp.pscan_rep_mode = ie->data.pscan_rep_mode;
102                         cp.pscan_mode     = ie->data.pscan_mode;
103                         cp.clock_offset   = ie->data.clock_offset |
104                                                         cpu_to_le16(0x8000);
105                 }
106
107                 memcpy(conn->dev_class, ie->data.dev_class, 3);
108                 conn->ssp_mode = ie->data.ssp_mode;
109         }
110
111         cp.pkt_type = cpu_to_le16(conn->pkt_type);
112         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
113                 cp.role_switch = 0x01;
114         else
115                 cp.role_switch = 0x00;
116
117         hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
118 }
119
120 static void hci_acl_connect_cancel(struct hci_conn *conn)
121 {
122         struct hci_cp_create_conn_cancel cp;
123
124         BT_DBG("%p", conn);
125
126         if (conn->hdev->hci_ver < 2)
127                 return;
128
129         bacpy(&cp.bdaddr, &conn->dst);
130         hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
131 }
132
133 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134 {
135         struct hci_cp_disconnect cp;
136
137         BT_DBG("%p", conn);
138
139         conn->state = BT_DISCONN;
140
141         cp.handle = cpu_to_le16(conn->handle);
142         cp.reason = reason;
143         hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
144 }
145
146 void hci_add_sco(struct hci_conn *conn, __u16 handle)
147 {
148         struct hci_dev *hdev = conn->hdev;
149         struct hci_cp_add_sco cp;
150
151         BT_DBG("%p", conn);
152
153         conn->state = BT_CONNECT;
154         conn->out = 1;
155
156         conn->attempt++;
157
158         cp.handle   = cpu_to_le16(handle);
159         cp.pkt_type = cpu_to_le16(conn->pkt_type);
160
161         hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
162 }
163
164 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165 {
166         struct hci_dev *hdev = conn->hdev;
167         struct hci_cp_setup_sync_conn cp;
168
169         BT_DBG("%p", conn);
170
171         conn->state = BT_CONNECT;
172         conn->out = 1;
173
174         conn->attempt++;
175
176         cp.handle   = cpu_to_le16(handle);
177         cp.pkt_type = cpu_to_le16(conn->pkt_type);
178
179         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
180         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
181         cp.max_latency    = cpu_to_le16(0xffff);
182         cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
183         cp.retrans_effort = 0xff;
184
185         hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
186 }
187
188 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189                                         u16 latency, u16 to_multiplier)
190 {
191         struct hci_cp_le_conn_update cp;
192         struct hci_dev *hdev = conn->hdev;
193
194         memset(&cp, 0, sizeof(cp));
195
196         cp.handle               = cpu_to_le16(conn->handle);
197         cp.conn_interval_min    = cpu_to_le16(min);
198         cp.conn_interval_max    = cpu_to_le16(max);
199         cp.conn_latency         = cpu_to_le16(latency);
200         cp.supervision_timeout  = cpu_to_le16(to_multiplier);
201         cp.min_ce_len           = cpu_to_le16(0x0001);
202         cp.max_ce_len           = cpu_to_le16(0x0001);
203
204         hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205 }
206 EXPORT_SYMBOL(hci_le_conn_update);
207
208 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
209                                                         __u8 ltk[16])
210 {
211         struct hci_dev *hdev = conn->hdev;
212         struct hci_cp_le_start_enc cp;
213
214         BT_DBG("%p", conn);
215
216         memset(&cp, 0, sizeof(cp));
217
218         cp.handle = cpu_to_le16(conn->handle);
219         memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220         cp.ediv = ediv;
221         memcpy(cp.rand, rand, sizeof(rand));
222
223         hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224 }
225 EXPORT_SYMBOL(hci_le_start_enc);
226
227 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
228 {
229         struct hci_dev *hdev = conn->hdev;
230         struct hci_cp_le_ltk_reply cp;
231
232         BT_DBG("%p", conn);
233
234         memset(&cp, 0, sizeof(cp));
235
236         cp.handle = cpu_to_le16(conn->handle);
237         memcpy(cp.ltk, ltk, sizeof(ltk));
238
239         hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
240 }
241 EXPORT_SYMBOL(hci_le_ltk_reply);
242
243 void hci_le_ltk_neg_reply(struct hci_conn *conn)
244 {
245         struct hci_dev *hdev = conn->hdev;
246         struct hci_cp_le_ltk_neg_reply cp;
247
248         BT_DBG("%p", conn);
249
250         memset(&cp, 0, sizeof(cp));
251
252         cp.handle = cpu_to_le16(conn->handle);
253
254         hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
255 }
256
257 /* Device _must_ be locked */
258 void hci_sco_setup(struct hci_conn *conn, __u8 status)
259 {
260         struct hci_conn *sco = conn->link;
261
262         BT_DBG("%p", conn);
263
264         if (!sco)
265                 return;
266
267         if (!status) {
268                 if (lmp_esco_capable(conn->hdev))
269                         hci_setup_sync(sco, conn->handle);
270                 else
271                         hci_add_sco(sco, conn->handle);
272         } else {
273                 hci_proto_connect_cfm(sco, status);
274                 hci_conn_del(sco);
275         }
276 }
277
278 static void hci_conn_timeout(unsigned long arg)
279 {
280         struct hci_conn *conn = (void *) arg;
281         struct hci_dev *hdev = conn->hdev;
282         __u8 reason;
283
284         BT_DBG("conn %p state %d", conn, conn->state);
285
286         if (atomic_read(&conn->refcnt))
287                 return;
288
289         hci_dev_lock(hdev);
290
291         switch (conn->state) {
292         case BT_CONNECT:
293         case BT_CONNECT2:
294                 if (conn->out) {
295                         if (conn->type == ACL_LINK)
296                                 hci_acl_connect_cancel(conn);
297                         else if (conn->type == LE_LINK)
298                                 hci_le_connect_cancel(conn);
299                 }
300                 break;
301         case BT_CONFIG:
302         case BT_CONNECTED:
303                 reason = hci_proto_disconn_ind(conn);
304                 hci_acl_disconn(conn, reason);
305                 break;
306         default:
307                 conn->state = BT_CLOSED;
308                 break;
309         }
310
311         hci_dev_unlock(hdev);
312 }
313
314 static void hci_conn_idle(unsigned long arg)
315 {
316         struct hci_conn *conn = (void *) arg;
317
318         BT_DBG("conn %p mode %d", conn, conn->mode);
319
320         hci_conn_enter_sniff_mode(conn);
321 }
322
323 static void hci_conn_auto_accept(unsigned long arg)
324 {
325         struct hci_conn *conn = (void *) arg;
326         struct hci_dev *hdev = conn->hdev;
327
328         hci_dev_lock(hdev);
329
330         hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
331                                                                 &conn->dst);
332
333         hci_dev_unlock(hdev);
334 }
335
336 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
337                                         __u16 pkt_type, bdaddr_t *dst)
338 {
339         struct hci_conn *conn;
340
341         BT_DBG("%s dst %s", hdev->name, batostr(dst));
342
343         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
344         if (!conn)
345                 return NULL;
346
347         bacpy(&conn->dst, dst);
348         conn->hdev  = hdev;
349         conn->type  = type;
350         conn->mode  = HCI_CM_ACTIVE;
351         conn->state = BT_OPEN;
352         conn->auth_type = HCI_AT_GENERAL_BONDING;
353         conn->io_capability = hdev->io_capability;
354         conn->remote_auth = 0xff;
355         conn->key_type = 0xff;
356
357         conn->power_save = 1;
358         conn->disc_timeout = HCI_DISCONN_TIMEOUT;
359
360         switch (type) {
361         case ACL_LINK:
362                 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
363                 break;
364         case SCO_LINK:
365                 if (!pkt_type)
366                         pkt_type = SCO_ESCO_MASK;
367         case ESCO_LINK:
368                 if (!pkt_type)
369                         pkt_type = ALL_ESCO_MASK;
370                 if (lmp_esco_capable(hdev)) {
371                         /* HCI Setup Synchronous Connection Command uses
372                            reverse logic on the EDR_ESCO_MASK bits */
373                         conn->pkt_type = (pkt_type ^ EDR_ESCO_MASK) &
374                                         hdev->esco_type;
375                 } else {
376                         /* Legacy HCI Add Sco Connection Command uses a
377                            shifted bitmask */
378                         conn->pkt_type = (pkt_type << 5) & hdev->pkt_type &
379                                         SCO_PTYPE_MASK;
380                 }
381                 break;
382         }
383
384         skb_queue_head_init(&conn->data_q);
385
386         setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
387         setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
388         setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
389                                                         (unsigned long) conn);
390
391         atomic_set(&conn->refcnt, 0);
392
393         hci_dev_hold(hdev);
394
395         tasklet_disable(&hdev->tx_task);
396
397         hci_conn_hash_add(hdev, conn);
398         if (hdev->notify)
399                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
400
401         atomic_set(&conn->devref, 0);
402
403         hci_conn_init_sysfs(conn);
404
405         tasklet_enable(&hdev->tx_task);
406
407         return conn;
408 }
409
410 int hci_conn_del(struct hci_conn *conn)
411 {
412         struct hci_dev *hdev = conn->hdev;
413
414         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
415
416         del_timer(&conn->idle_timer);
417
418         del_timer(&conn->disc_timer);
419
420         del_timer(&conn->auto_accept_timer);
421
422         if (conn->type == ACL_LINK) {
423                 struct hci_conn *sco = conn->link;
424                 if (sco)
425                         sco->link = NULL;
426
427                 /* Unacked frames */
428                 hdev->acl_cnt += conn->sent;
429         } else if (conn->type == LE_LINK) {
430                 if (hdev->le_pkts)
431                         hdev->le_cnt += conn->sent;
432                 else
433                         hdev->acl_cnt += conn->sent;
434         } else {
435                 struct hci_conn *acl = conn->link;
436                 if (acl) {
437                         acl->link = NULL;
438                         hci_conn_put(acl);
439                 }
440         }
441
442         tasklet_disable(&hdev->tx_task);
443
444         hci_conn_hash_del(hdev, conn);
445         if (hdev->notify)
446                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
447
448         tasklet_enable(&hdev->tx_task);
449
450         skb_queue_purge(&conn->data_q);
451
452         hci_conn_put_device(conn);
453
454         hci_dev_put(hdev);
455
456         if (conn->handle == 0)
457                 kfree(conn);
458
459         return 0;
460 }
461
462 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
463 {
464         int use_src = bacmp(src, BDADDR_ANY);
465         struct hci_dev *hdev = NULL;
466         struct list_head *p;
467
468         BT_DBG("%s -> %s", batostr(src), batostr(dst));
469
470         read_lock_bh(&hci_dev_list_lock);
471
472         list_for_each(p, &hci_dev_list) {
473                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
474
475                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
476                         continue;
477
478                 /* Simple routing:
479                  *   No source address - find interface with bdaddr != dst
480                  *   Source address    - find interface with bdaddr == src
481                  */
482
483                 if (use_src) {
484                         if (!bacmp(&d->bdaddr, src)) {
485                                 hdev = d; break;
486                         }
487                 } else {
488                         if (bacmp(&d->bdaddr, dst)) {
489                                 hdev = d; break;
490                         }
491                 }
492         }
493
494         if (hdev)
495                 hdev = hci_dev_hold(hdev);
496
497         read_unlock_bh(&hci_dev_list_lock);
498         return hdev;
499 }
500 EXPORT_SYMBOL(hci_get_route);
501
502 /* Create SCO, ACL or LE connection.
503  * Device _must_ be locked */
504 struct hci_conn *hci_connect(struct hci_dev *hdev, int type,
505                                         __u16 pkt_type, bdaddr_t *dst,
506                                         __u8 sec_level, __u8 auth_type)
507 {
508         struct hci_conn *acl;
509         struct hci_conn *sco;
510         struct hci_conn *le;
511
512         BT_DBG("%s dst %s", hdev->name, batostr(dst));
513
514         if (type == LE_LINK) {
515                 struct adv_entry *entry;
516
517                 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
518                 if (le)
519                         return ERR_PTR(-EBUSY);
520
521                 entry = hci_find_adv_entry(hdev, dst);
522                 if (!entry)
523                         return ERR_PTR(-EHOSTUNREACH);
524
525                 le = hci_conn_add(hdev, LE_LINK, 0, dst);
526                 if (!le)
527                         return ERR_PTR(-ENOMEM);
528
529                 le->dst_type = entry->bdaddr_type;
530
531                 hci_le_connect(le);
532
533                 hci_conn_hold(le);
534
535                 return le;
536         }
537
538         acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
539         if (!acl) {
540                 acl = hci_conn_add(hdev, ACL_LINK, 0, dst);
541                 if (!acl)
542                         return NULL;
543         }
544
545         hci_conn_hold(acl);
546
547         if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
548                 acl->sec_level = BT_SECURITY_LOW;
549                 acl->pending_sec_level = sec_level;
550                 acl->auth_type = auth_type;
551                 hci_acl_connect(acl);
552         }
553
554         if (type == ACL_LINK)
555                 return acl;
556
557         sco = hci_conn_hash_lookup_ba(hdev, type, dst);
558         if (!sco) {
559                 sco = hci_conn_add(hdev, type, pkt_type, dst);
560                 if (!sco) {
561                         hci_conn_put(acl);
562                         return NULL;
563                 }
564         }
565
566         acl->link = sco;
567         sco->link = acl;
568
569         hci_conn_hold(sco);
570
571         if (acl->state == BT_CONNECTED &&
572                         (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
573                 acl->power_save = 1;
574                 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
575
576                 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
577                         /* defer SCO setup until mode change completed */
578                         set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
579                         return sco;
580                 }
581
582                 hci_sco_setup(acl, 0x00);
583         }
584
585         return sco;
586 }
587 EXPORT_SYMBOL(hci_connect);
588
589 /* Check link security requirement */
590 int hci_conn_check_link_mode(struct hci_conn *conn)
591 {
592         BT_DBG("conn %p", conn);
593
594         if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
595                                         !(conn->link_mode & HCI_LM_ENCRYPT))
596                 return 0;
597
598         return 1;
599 }
600 EXPORT_SYMBOL(hci_conn_check_link_mode);
601
602 /* Authenticate remote device */
603 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
604 {
605         BT_DBG("conn %p", conn);
606
607         if (conn->pending_sec_level > sec_level)
608                 sec_level = conn->pending_sec_level;
609
610         if (sec_level > conn->sec_level)
611                 conn->pending_sec_level = sec_level;
612         else if (conn->link_mode & HCI_LM_AUTH)
613                 return 1;
614
615         /* Make sure we preserve an existing MITM requirement*/
616         auth_type |= (conn->auth_type & 0x01);
617
618         conn->auth_type = auth_type;
619
620         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
621                 struct hci_cp_auth_requested cp;
622                 cp.handle = cpu_to_le16(conn->handle);
623                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
624                                                         sizeof(cp), &cp);
625                 if (conn->key_type != 0xff)
626                         set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
627         }
628
629         return 0;
630 }
631
632 /* Encrypt the the link */
633 static void hci_conn_encrypt(struct hci_conn *conn)
634 {
635         BT_DBG("conn %p", conn);
636
637         if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
638                 struct hci_cp_set_conn_encrypt cp;
639                 cp.handle  = cpu_to_le16(conn->handle);
640                 cp.encrypt = 0x01;
641                 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
642                                                                         &cp);
643         }
644 }
645
646 /* Enable security */
647 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
648 {
649         BT_DBG("conn %p", conn);
650
651         /* For sdp we don't need the link key. */
652         if (sec_level == BT_SECURITY_SDP)
653                 return 1;
654
655         /* For non 2.1 devices and low security level we don't need the link
656            key. */
657         if (sec_level == BT_SECURITY_LOW &&
658                                 (!conn->ssp_mode || !conn->hdev->ssp_mode))
659                 return 1;
660
661         /* For other security levels we need the link key. */
662         if (!(conn->link_mode & HCI_LM_AUTH))
663                 goto auth;
664
665         /* An authenticated combination key has sufficient security for any
666            security level. */
667         if (conn->key_type == HCI_LK_AUTH_COMBINATION)
668                 goto encrypt;
669
670         /* An unauthenticated combination key has sufficient security for
671            security level 1 and 2. */
672         if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
673                         (sec_level == BT_SECURITY_MEDIUM ||
674                         sec_level == BT_SECURITY_LOW))
675                 goto encrypt;
676
677         /* A combination key has always sufficient security for the security
678            levels 1 or 2. High security level requires the combination key
679            is generated using maximum PIN code length (16).
680            For pre 2.1 units. */
681         if (conn->key_type == HCI_LK_COMBINATION &&
682                         (sec_level != BT_SECURITY_HIGH ||
683                         conn->pin_length == 16))
684                 goto encrypt;
685
686 auth:
687         if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
688                 return 0;
689
690         if (!hci_conn_auth(conn, sec_level, auth_type))
691                 return 0;
692
693 encrypt:
694         if (conn->link_mode & HCI_LM_ENCRYPT)
695                 return 1;
696
697         hci_conn_encrypt(conn);
698         return 0;
699 }
700 EXPORT_SYMBOL(hci_conn_security);
701
702 /* Check secure link requirement */
703 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
704 {
705         BT_DBG("conn %p", conn);
706
707         if (sec_level != BT_SECURITY_HIGH)
708                 return 1; /* Accept if non-secure is required */
709
710         if (conn->sec_level == BT_SECURITY_HIGH)
711                 return 1;
712
713         return 0; /* Reject not secure link */
714 }
715 EXPORT_SYMBOL(hci_conn_check_secure);
716
717 /* Change link key */
718 int hci_conn_change_link_key(struct hci_conn *conn)
719 {
720         BT_DBG("conn %p", conn);
721
722         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
723                 struct hci_cp_change_conn_link_key cp;
724                 cp.handle = cpu_to_le16(conn->handle);
725                 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
726                                                         sizeof(cp), &cp);
727         }
728
729         return 0;
730 }
731 EXPORT_SYMBOL(hci_conn_change_link_key);
732
733 /* Switch role */
734 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
735 {
736         BT_DBG("conn %p", conn);
737
738         if (!role && conn->link_mode & HCI_LM_MASTER)
739                 return 1;
740
741         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
742                 struct hci_cp_switch_role cp;
743                 bacpy(&cp.bdaddr, &conn->dst);
744                 cp.role = role;
745                 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
746         }
747
748         return 0;
749 }
750 EXPORT_SYMBOL(hci_conn_switch_role);
751
752 /* Enter active mode */
753 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
754 {
755         struct hci_dev *hdev = conn->hdev;
756
757         BT_DBG("conn %p mode %d", conn, conn->mode);
758
759         if (test_bit(HCI_RAW, &hdev->flags))
760                 return;
761
762         if (conn->mode != HCI_CM_SNIFF)
763                 goto timer;
764
765         if (!conn->power_save && !force_active)
766                 goto timer;
767
768         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
769                 struct hci_cp_exit_sniff_mode cp;
770                 cp.handle = cpu_to_le16(conn->handle);
771                 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
772         }
773
774 timer:
775         if (hdev->idle_timeout > 0)
776                 mod_timer(&conn->idle_timer,
777                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
778 }
779
780 /* Enter sniff mode */
781 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
782 {
783         struct hci_dev *hdev = conn->hdev;
784
785         BT_DBG("conn %p mode %d", conn, conn->mode);
786
787         if (test_bit(HCI_RAW, &hdev->flags))
788                 return;
789
790         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
791                 return;
792
793         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
794                 return;
795
796         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
797                 struct hci_cp_sniff_subrate cp;
798                 cp.handle             = cpu_to_le16(conn->handle);
799                 cp.max_latency        = cpu_to_le16(0);
800                 cp.min_remote_timeout = cpu_to_le16(0);
801                 cp.min_local_timeout  = cpu_to_le16(0);
802                 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
803         }
804
805         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
806                 struct hci_cp_sniff_mode cp;
807                 cp.handle       = cpu_to_le16(conn->handle);
808                 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
809                 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
810                 cp.attempt      = cpu_to_le16(4);
811                 cp.timeout      = cpu_to_le16(1);
812                 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
813         }
814 }
815
816 /* Drop all connection on the device */
817 void hci_conn_hash_flush(struct hci_dev *hdev)
818 {
819         struct hci_conn_hash *h = &hdev->conn_hash;
820         struct list_head *p;
821
822         BT_DBG("hdev %s", hdev->name);
823
824         p = h->list.next;
825         while (p != &h->list) {
826                 struct hci_conn *c;
827
828                 c = list_entry(p, struct hci_conn, list);
829                 p = p->next;
830
831                 c->state = BT_CLOSED;
832
833                 hci_proto_disconn_cfm(c, 0x16);
834                 hci_conn_del(c);
835         }
836 }
837
838 /* Check pending connect attempts */
839 void hci_conn_check_pending(struct hci_dev *hdev)
840 {
841         struct hci_conn *conn;
842
843         BT_DBG("hdev %s", hdev->name);
844
845         hci_dev_lock(hdev);
846
847         conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
848         if (conn)
849                 hci_acl_connect(conn);
850
851         hci_dev_unlock(hdev);
852 }
853
854 void hci_conn_hold_device(struct hci_conn *conn)
855 {
856         atomic_inc(&conn->devref);
857 }
858 EXPORT_SYMBOL(hci_conn_hold_device);
859
860 void hci_conn_put_device(struct hci_conn *conn)
861 {
862         if (atomic_dec_and_test(&conn->devref))
863                 hci_conn_del_sysfs(conn);
864 }
865 EXPORT_SYMBOL(hci_conn_put_device);
866
867 int hci_get_conn_list(void __user *arg)
868 {
869         struct hci_conn_list_req req, *cl;
870         struct hci_conn_info *ci;
871         struct hci_dev *hdev;
872         struct list_head *p;
873         int n = 0, size, err;
874
875         if (copy_from_user(&req, arg, sizeof(req)))
876                 return -EFAULT;
877
878         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
879                 return -EINVAL;
880
881         size = sizeof(req) + req.conn_num * sizeof(*ci);
882
883         cl = kmalloc(size, GFP_KERNEL);
884         if (!cl)
885                 return -ENOMEM;
886
887         hdev = hci_dev_get(req.dev_id);
888         if (!hdev) {
889                 kfree(cl);
890                 return -ENODEV;
891         }
892
893         ci = cl->conn_info;
894
895         hci_dev_lock_bh(hdev);
896         list_for_each(p, &hdev->conn_hash.list) {
897                 register struct hci_conn *c;
898                 c = list_entry(p, struct hci_conn, list);
899
900                 bacpy(&(ci + n)->bdaddr, &c->dst);
901                 (ci + n)->handle = c->handle;
902                 (ci + n)->type  = c->type;
903                 (ci + n)->out   = c->out;
904                 (ci + n)->state = c->state;
905                 (ci + n)->link_mode = c->link_mode;
906                 if (c->type == SCO_LINK) {
907                         (ci + n)->mtu = hdev->sco_mtu;
908                         (ci + n)->cnt = hdev->sco_cnt;
909                         (ci + n)->pkts = hdev->sco_pkts;
910                 } else {
911                         (ci + n)->mtu = hdev->acl_mtu;
912                         (ci + n)->cnt = hdev->acl_cnt;
913                         (ci + n)->pkts = hdev->acl_pkts;
914                 }
915                 if (++n >= req.conn_num)
916                         break;
917         }
918         hci_dev_unlock_bh(hdev);
919
920         cl->dev_id = hdev->id;
921         cl->conn_num = n;
922         size = sizeof(req) + n * sizeof(*ci);
923
924         hci_dev_put(hdev);
925
926         err = copy_to_user(arg, cl, size);
927         kfree(cl);
928
929         return err ? -EFAULT : 0;
930 }
931
932 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
933 {
934         struct hci_conn_info_req req;
935         struct hci_conn_info ci;
936         struct hci_conn *conn;
937         char __user *ptr = arg + sizeof(req);
938
939         if (copy_from_user(&req, arg, sizeof(req)))
940                 return -EFAULT;
941
942         hci_dev_lock_bh(hdev);
943         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
944         if (conn) {
945                 bacpy(&ci.bdaddr, &conn->dst);
946                 ci.handle = conn->handle;
947                 ci.type  = conn->type;
948                 ci.out   = conn->out;
949                 ci.state = conn->state;
950                 ci.link_mode = conn->link_mode;
951                 if (req.type == SCO_LINK) {
952                         ci.mtu = hdev->sco_mtu;
953                         ci.cnt = hdev->sco_cnt;
954                         ci.pkts = hdev->sco_pkts;
955                 } else {
956                         ci.mtu = hdev->acl_mtu;
957                         ci.cnt = hdev->acl_cnt;
958                         ci.pkts = hdev->acl_pkts;
959                 }
960         }
961         hci_dev_unlock_bh(hdev);
962
963         if (!conn)
964                 return -ENOENT;
965
966         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
967 }
968
969 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
970 {
971         struct hci_auth_info_req req;
972         struct hci_conn *conn;
973
974         if (copy_from_user(&req, arg, sizeof(req)))
975                 return -EFAULT;
976
977         hci_dev_lock_bh(hdev);
978         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
979         if (conn)
980                 req.type = conn->auth_type;
981         hci_dev_unlock_bh(hdev);
982
983         if (!conn)
984                 return -ENOENT;
985
986         return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
987 }