net/bluetooth/hci_conn.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License version 2 as
   9    published by the Free Software Foundation;
  10
  11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22    SOFTWARE IS DISCLAIMED.
  23 */
  24
  25 /* Bluetooth HCI connection handling. */
  26
  27 #include <linux/module.h>
  28
  29 #include <linux/types.h>
  30 #include <linux/errno.h>
  31 #include <linux/kernel.h>
  32 #include <linux/sched.h>
  33 #include <linux/slab.h>
  34 #include <linux/poll.h>
  35 #include <linux/fcntl.h>
  36 #include <linux/init.h>
  37 #include <linux/skbuff.h>
  38 #include <linux/interrupt.h>
  39 #include <linux/notifier.h>
  40 #include <net/sock.h>
  41
  42 #include <asm/system.h>
  43 #include <asm/uaccess.h>
  44 #include <asm/unaligned.h>
  45
  46 #include <net/bluetooth/bluetooth.h>
  47 #include <net/bluetooth/hci_core.h>
  48
  49 #ifndef CONFIG_BT_HCI_CORE_DEBUG
  50 #undef  BT_DBG
  51 #define BT_DBG(D...)
  52 #endif
  53
  54 void hci_acl_connect(struct hci_conn *conn)
  55 {
  56         struct hci_dev *hdev = conn->hdev;
  57         struct inquiry_entry *ie;
  58         struct hci_cp_create_conn cp;
  59
  60         BT_DBG("%p", conn);
  61
  62         conn->state = BT_CONNECT;
  63         conn->out   = 1;
  64         conn->link_mode = HCI_LM_MASTER;
  65
  66         conn->attempt++;
  67
  68         memset(&cp, 0, sizeof(cp));
  69         bacpy(&cp.bdaddr, &conn->dst);
  70         cp.pscan_rep_mode = 0x02;
  71
  72         if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
  73                         inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
  74                 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
  75                 cp.pscan_mode     = ie->data.pscan_mode;
  76                 cp.clock_offset   = ie->data.clock_offset | __cpu_to_le16(0x8000);
  77                 memcpy(conn->dev_class, ie->data.dev_class, 3);
  78         }
  79
  80         cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
  81         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
  82                 cp.role_switch  = 0x01;
  83         else
  84                 cp.role_switch  = 0x00;
  85
  86         hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
  87 }
  88
  89 static void hci_acl_connect_cancel(struct hci_conn *conn)
  90 {
  91         struct hci_cp_create_conn_cancel cp;
  92
  93         BT_DBG("%p", conn);
  94
  95         if (conn->hdev->hci_ver < 2)
  96                 return;
  97
  98         bacpy(&cp.bdaddr, &conn->dst);
  99         hci_send_cmd(conn->hdev, OGF_LINK_CTL,
 100                                 OCF_CREATE_CONN_CANCEL, sizeof(cp), &cp);
 101 }
 102
 103 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
 104 {
 105         struct hci_cp_disconnect cp;
 106
 107         BT_DBG("%p", conn);
 108
 109         conn->state = BT_DISCONN;
 110
 111         cp.handle = __cpu_to_le16(conn->handle);
 112         cp.reason = reason;
 113         hci_send_cmd(conn->hdev, OGF_LINK_CTL,
 114                                 OCF_DISCONNECT, sizeof(cp), &cp);
 115 }
 116
 117 void hci_add_sco(struct hci_conn *conn, __u16 handle)
 118 {
 119         struct hci_dev *hdev = conn->hdev;
 120         struct hci_cp_add_sco cp;
 121
 122         BT_DBG("%p", conn);
 123
 124         conn->state = BT_CONNECT;
 125         conn->out = 1;
 126
 127         cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
 128         cp.handle   = __cpu_to_le16(handle);
 129
 130         hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp);
 131 }
 132
 133 static void hci_conn_timeout(unsigned long arg)
 134 {
 135         struct hci_conn *conn = (void *) arg;
 136         struct hci_dev *hdev = conn->hdev;
 137
 138         BT_DBG("conn %p state %d", conn, conn->state);
 139
 140         if (atomic_read(&conn->refcnt))
 141                 return;
 142
 143         hci_dev_lock(hdev);
 144
 145         switch (conn->state) {
 146         case BT_CONNECT:
 147                 hci_acl_connect_cancel(conn);
 148                 break;
 149         case BT_CONNECTED:
 150                 hci_acl_disconn(conn, 0x13);
 151                 break;
 152         default:
 153                 conn->state = BT_CLOSED;
 154                 break;
 155         }
 156
 157         hci_dev_unlock(hdev);
 158 }
 159
 160 static void hci_conn_idle(unsigned long arg)
 161 {
 162         struct hci_conn *conn = (void *) arg;
 163
 164         BT_DBG("conn %p mode %d", conn, conn->mode);
 165
 166         hci_conn_enter_sniff_mode(conn);
 167 }
 168
 169 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
 170 {
 171         struct hci_conn *conn;
 172
 173         BT_DBG("%s dst %s", hdev->name, batostr(dst));
 174
 175         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
 176         if (!conn)
 177                 return NULL;
 178
 179         bacpy(&conn->dst, dst);
 180         conn->hdev   = hdev;
 181         conn->type   = type;
 182         conn->mode   = HCI_CM_ACTIVE;
 183         conn->state  = BT_OPEN;
 184
 185         conn->power_save = 1;
 186
 187         skb_queue_head_init(&conn->data_q);
 188
 189         init_timer(&conn->disc_timer);
 190         conn->disc_timer.function = hci_conn_timeout;
 191         conn->disc_timer.data = (unsigned long) conn;
 192
 193         init_timer(&conn->idle_timer);
 194         conn->idle_timer.function = hci_conn_idle;
 195         conn->idle_timer.data = (unsigned long) conn;
 196
 197         atomic_set(&conn->refcnt, 0);
 198
 199         hci_dev_hold(hdev);
 200
 201         tasklet_disable(&hdev->tx_task);
 202
 203         hci_conn_hash_add(hdev, conn);
 204         if (hdev->notify)
 205                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
 206
 207         hci_conn_add_sysfs(conn);
 208
 209         tasklet_enable(&hdev->tx_task);
 210
 211         return conn;
 212 }
 213
 214 int hci_conn_del(struct hci_conn *conn)
 215 {
 216         struct hci_dev *hdev = conn->hdev;
 217
 218         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
 219
 220         del_timer(&conn->idle_timer);
 221
 222         del_timer(&conn->disc_timer);
 223
 224         if (conn->type == SCO_LINK) {
 225                 struct hci_conn *acl = conn->link;
 226                 if (acl) {
 227                         acl->link = NULL;
 228                         hci_conn_put(acl);
 229                 }
 230         } else {
 231                 struct hci_conn *sco = conn->link;
 232                 if (sco)
 233                         sco->link = NULL;
 234
 235                 /* Unacked frames */
 236                 hdev->acl_cnt += conn->sent;
 237         }
 238
 239         tasklet_disable(&hdev->tx_task);
 240
 241         hci_conn_del_sysfs(conn);
 242
 243         hci_conn_hash_del(hdev, conn);
 244         if (hdev->notify)
 245                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
 246
 247         tasklet_enable(&hdev->tx_task);
 248
 249         skb_queue_purge(&conn->data_q);
 250
 251         hci_dev_put(hdev);
 252
 253         /* will free via device release */
 254         put_device(&conn->dev);
 255
 256         return 0;
 257 }
 258
 259 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
 260 {
 261         int use_src = bacmp(src, BDADDR_ANY);
 262         struct hci_dev *hdev = NULL;
 263         struct list_head *p;
 264
 265         BT_DBG("%s -> %s", batostr(src), batostr(dst));
 266
 267         read_lock_bh(&hci_dev_list_lock);
 268
 269         list_for_each(p, &hci_dev_list) {
 270                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
 271
 272                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
 273                         continue;
 274
 275                 /* Simple routing:
 276                  *   No source address - find interface with bdaddr != dst
 277                  *   Source address    - find interface with bdaddr == src
 278                  */
 279
 280                 if (use_src) {
 281                         if (!bacmp(&d->bdaddr, src)) {
 282                                 hdev = d; break;
 283                         }
 284                 } else {
 285                         if (bacmp(&d->bdaddr, dst)) {
 286                                 hdev = d; break;
 287                         }
 288                 }
 289         }
 290
 291         if (hdev)
 292                 hdev = hci_dev_hold(hdev);
 293
 294         read_unlock_bh(&hci_dev_list_lock);
 295         return hdev;
 296 }
 297 EXPORT_SYMBOL(hci_get_route);
 298
 299 /* Create SCO or ACL connection.
 300  * Device _must_ be locked */
 301 struct hci_conn * hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
 302 {
 303         struct hci_conn *acl;
 304
 305         BT_DBG("%s dst %s", hdev->name, batostr(dst));
 306
 307         if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
 308                 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
 309                         return NULL;
 310         }
 311
 312         hci_conn_hold(acl);
 313
 314         if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
 315                 hci_acl_connect(acl);
 316
 317         if (type == SCO_LINK) {
 318                 struct hci_conn *sco;
 319
 320                 if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
 321                         if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
 322                                 hci_conn_put(acl);
 323                                 return NULL;
 324                         }
 325                 }
 326                 acl->link = sco;
 327                 sco->link = acl;
 328
 329                 hci_conn_hold(sco);
 330
 331                 if (acl->state == BT_CONNECTED &&
 332                                 (sco->state == BT_OPEN || sco->state == BT_CLOSED))
 333                         hci_add_sco(sco, acl->handle);
 334
 335                 return sco;
 336         } else {
 337                 return acl;
 338         }
 339 }
 340 EXPORT_SYMBOL(hci_connect);
 341
 342 /* Authenticate remote device */
 343 int hci_conn_auth(struct hci_conn *conn)
 344 {
 345         BT_DBG("conn %p", conn);
 346
 347         if (conn->link_mode & HCI_LM_AUTH)
 348                 return 1;
 349
 350         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
 351                 struct hci_cp_auth_requested cp;
 352                 cp.handle = __cpu_to_le16(conn->handle);
 353                 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp);
 354         }
 355         return 0;
 356 }
 357 EXPORT_SYMBOL(hci_conn_auth);
 358
 359 /* Enable encryption */
 360 int hci_conn_encrypt(struct hci_conn *conn)
 361 {
 362         BT_DBG("conn %p", conn);
 363
 364         if (conn->link_mode & HCI_LM_ENCRYPT)
 365                 return 1;
 366
 367         if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
 368                 return 0;
 369
 370         if (hci_conn_auth(conn)) {
 371                 struct hci_cp_set_conn_encrypt cp;
 372                 cp.handle  = __cpu_to_le16(conn->handle);
 373                 cp.encrypt = 1;
 374                 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
 375         }
 376         return 0;
 377 }
 378 EXPORT_SYMBOL(hci_conn_encrypt);
 379
 380 /* Change link key */
 381 int hci_conn_change_link_key(struct hci_conn *conn)
 382 {
 383         BT_DBG("conn %p", conn);
 384
 385         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
 386                 struct hci_cp_change_conn_link_key cp;
 387                 cp.handle = __cpu_to_le16(conn->handle);
 388                 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
 389         }
 390         return 0;
 391 }
 392 EXPORT_SYMBOL(hci_conn_change_link_key);
 393
 394 /* Switch role */
 395 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
 396 {
 397         BT_DBG("conn %p", conn);
 398
 399         if (!role && conn->link_mode & HCI_LM_MASTER)
 400                 return 1;
 401
 402         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
 403                 struct hci_cp_switch_role cp;
 404                 bacpy(&cp.bdaddr, &conn->dst);
 405                 cp.role = role;
 406                 hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp);
 407         }
 408         return 0;
 409 }
 410 EXPORT_SYMBOL(hci_conn_switch_role);
 411
 412 /* Enter active mode */
 413 void hci_conn_enter_active_mode(struct hci_conn *conn)
 414 {
 415         struct hci_dev *hdev = conn->hdev;
 416
 417         BT_DBG("conn %p mode %d", conn, conn->mode);
 418
 419         if (test_bit(HCI_RAW, &hdev->flags))
 420                 return;
 421
 422         if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
 423                 goto timer;
 424
 425         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
 426                 struct hci_cp_exit_sniff_mode cp;
 427                 cp.handle = __cpu_to_le16(conn->handle);
 428                 hci_send_cmd(hdev, OGF_LINK_POLICY,
 429                                 OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp);
 430         }
 431
 432 timer:
 433         if (hdev->idle_timeout > 0)
 434                 mod_timer(&conn->idle_timer,
 435                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
 436 }
 437
 438 /* Enter sniff mode */
 439 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
 440 {
 441         struct hci_dev *hdev = conn->hdev;
 442
 443         BT_DBG("conn %p mode %d", conn, conn->mode);
 444
 445         if (test_bit(HCI_RAW, &hdev->flags))
 446                 return;
 447
 448         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
 449                 return;
 450
 451         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
 452                 return;
 453
 454         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
 455                 struct hci_cp_sniff_subrate cp;
 456                 cp.handle             = __cpu_to_le16(conn->handle);
 457                 cp.max_latency        = __constant_cpu_to_le16(0);
 458                 cp.min_remote_timeout = __constant_cpu_to_le16(0);
 459                 cp.min_local_timeout  = __constant_cpu_to_le16(0);
 460                 hci_send_cmd(hdev, OGF_LINK_POLICY,
 461                                 OCF_SNIFF_SUBRATE, sizeof(cp), &cp);
 462         }
 463
 464         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
 465                 struct hci_cp_sniff_mode cp;
 466                 cp.handle       = __cpu_to_le16(conn->handle);
 467                 cp.max_interval = __cpu_to_le16(hdev->sniff_max_interval);
 468                 cp.min_interval = __cpu_to_le16(hdev->sniff_min_interval);
 469                 cp.attempt      = __constant_cpu_to_le16(4);
 470                 cp.timeout      = __constant_cpu_to_le16(1);
 471                 hci_send_cmd(hdev, OGF_LINK_POLICY,
 472                                 OCF_SNIFF_MODE, sizeof(cp), &cp);
 473         }
 474 }
 475
 476 /* Drop all connection on the device */
 477 void hci_conn_hash_flush(struct hci_dev *hdev)
 478 {
 479         struct hci_conn_hash *h = &hdev->conn_hash;
 480         struct list_head *p;
 481
 482         BT_DBG("hdev %s", hdev->name);
 483
 484         p = h->list.next;
 485         while (p != &h->list) {
 486                 struct hci_conn *c;
 487
 488                 c = list_entry(p, struct hci_conn, list);
 489                 p = p->next;
 490
 491                 c->state = BT_CLOSED;
 492
 493                 hci_proto_disconn_ind(c, 0x16);
 494                 hci_conn_del(c);
 495         }
 496 }
 497
 498 int hci_get_conn_list(void __user *arg)
 499 {
 500         struct hci_conn_list_req req, *cl;
 501         struct hci_conn_info *ci;
 502         struct hci_dev *hdev;
 503         struct list_head *p;
 504         int n = 0, size, err;
 505
 506         if (copy_from_user(&req, arg, sizeof(req)))
 507                 return -EFAULT;
 508
 509         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
 510                 return -EINVAL;
 511
 512         size = sizeof(req) + req.conn_num * sizeof(*ci);
 513
 514         if (!(cl = kmalloc(size, GFP_KERNEL)))
 515                 return -ENOMEM;
 516
 517         if (!(hdev = hci_dev_get(req.dev_id))) {
 518                 kfree(cl);
 519                 return -ENODEV;
 520         }
 521
 522         ci = cl->conn_info;
 523
 524         hci_dev_lock_bh(hdev);
 525         list_for_each(p, &hdev->conn_hash.list) {
 526                 register struct hci_conn *c;
 527                 c = list_entry(p, struct hci_conn, list);
 528
 529                 bacpy(&(ci + n)->bdaddr, &c->dst);
 530                 (ci + n)->handle = c->handle;
 531                 (ci + n)->type  = c->type;
 532                 (ci + n)->out   = c->out;
 533                 (ci + n)->state = c->state;
 534                 (ci + n)->link_mode = c->link_mode;
 535                 if (++n >= req.conn_num)
 536                         break;
 537         }
 538         hci_dev_unlock_bh(hdev);
 539
 540         cl->dev_id = hdev->id;
 541         cl->conn_num = n;
 542         size = sizeof(req) + n * sizeof(*ci);
 543
 544         hci_dev_put(hdev);
 545
 546         err = copy_to_user(arg, cl, size);
 547         kfree(cl);
 548
 549         return err ? -EFAULT : 0;
 550 }
 551
 552 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
 553 {
 554         struct hci_conn_info_req req;
 555         struct hci_conn_info ci;
 556         struct hci_conn *conn;
 557         char __user *ptr = arg + sizeof(req);
 558
 559         if (copy_from_user(&req, arg, sizeof(req)))
 560                 return -EFAULT;
 561
 562         hci_dev_lock_bh(hdev);
 563         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
 564         if (conn) {
 565                 bacpy(&ci.bdaddr, &conn->dst);
 566                 ci.handle = conn->handle;
 567                 ci.type  = conn->type;
 568                 ci.out   = conn->out;
 569                 ci.state = conn->state;
 570                 ci.link_mode = conn->link_mode;
 571         }
 572         hci_dev_unlock_bh(hdev);
 573
 574         if (!conn)
 575                 return -ENOENT;
 576
 577         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
 578 }