[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_conn.c

/* 
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI connection handling. */

#include <linux/module.h>

#include <linux/types.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/interrupt.h>
#include <linux/notifier.h>
#include <net/sock.h>

#include <asm/system.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

#ifndef CONFIG_BT_HCI_CORE_DEBUG
#undef  BT_DBG
#define BT_DBG(D...)
#endif

static void hci_acl_connect(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;
	struct inquiry_entry *ie;
	struct hci_cp_create_conn cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out   = 1;
	conn->link_mode = HCI_LM_MASTER;

	memset(&cp, 0, sizeof(cp));
	bacpy(&cp.bdaddr, &conn->dst);
	cp.pscan_rep_mode = 0x02;

	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
			inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
		cp.pscan_rep_mode = ie->data.pscan_rep_mode;
		cp.pscan_mode     = ie->data.pscan_mode;
		cp.clock_offset   = ie->data.clock_offset | __cpu_to_le16(0x8000);
		memcpy(conn->dev_class, ie->data.dev_class, 3);
	}

	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
		cp.role_switch	= 0x01;
	else
		cp.role_switch	= 0x00;
		
	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
}

void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
{
	struct hci_cp_disconnect cp;

	BT_DBG("%p", conn);

	conn->state = BT_DISCONN;

	cp.handle = __cpu_to_le16(conn->handle);
	cp.reason = reason;
	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT, sizeof(cp), &cp);
}

void hci_add_sco(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_add_sco cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
	cp.handle   = __cpu_to_le16(handle);

	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp);
}

static void hci_conn_timeout(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p state %d", conn, conn->state);

	if (atomic_read(&conn->refcnt))
		return;

	hci_dev_lock(hdev);
 	if (conn->state == BT_CONNECTED)
		hci_acl_disconn(conn, 0x13);
	else
		conn->state = BT_CLOSED;
	hci_dev_unlock(hdev);
	return;
}

static void hci_conn_idle(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	hci_conn_enter_sniff_mode(conn);
}

struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *conn;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
	if (!conn)
		return NULL;

	bacpy(&conn->dst, dst);
	conn->hdev   = hdev;
	conn->type   = type;
	conn->mode   = HCI_CM_ACTIVE;
	conn->state  = BT_OPEN;

	conn->power_save = 1;

	skb_queue_head_init(&conn->data_q);

	init_timer(&conn->disc_timer);
	conn->disc_timer.function = hci_conn_timeout;
	conn->disc_timer.data = (unsigned long) conn;

	init_timer(&conn->idle_timer);
	conn->idle_timer.function = hci_conn_idle;
	conn->idle_timer.data = (unsigned long) conn;

	atomic_set(&conn->refcnt, 0);

	hci_dev_hold(hdev);

	tasklet_disable(&hdev->tx_task);

	hci_conn_hash_add(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);

	hci_conn_add_sysfs(conn);

	tasklet_enable(&hdev->tx_task);

	return conn;
}

int hci_conn_del(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);

	del_timer(&conn->idle_timer);

	del_timer(&conn->disc_timer);

	if (conn->type == SCO_LINK) {
		struct hci_conn *acl = conn->link;
		if (acl) {
			acl->link = NULL;
			hci_conn_put(acl);
		}
	} else {
		struct hci_conn *sco = conn->link;
		if (sco)
			sco->link = NULL;

		/* Unacked frames */
		hdev->acl_cnt += conn->sent;
	}

	tasklet_disable(&hdev->tx_task);

	hci_conn_del_sysfs(conn);

	hci_conn_hash_del(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);

	tasklet_enable(&hdev->tx_task);

	skb_queue_purge(&conn->data_q);

	hci_dev_put(hdev);

	/* will free via device release */
	put_device(&conn->dev);

	return 0;
}

struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
{
	int use_src = bacmp(src, BDADDR_ANY);
	struct hci_dev *hdev = NULL;
	struct list_head *p;

	BT_DBG("%s -> %s", batostr(src), batostr(dst));

	read_lock_bh(&hci_dev_list_lock);

	list_for_each(p, &hci_dev_list) {
		struct hci_dev *d = list_entry(p, struct hci_dev, list);

		if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
			continue;

		/* Simple routing: 
		 *   No source address - find interface with bdaddr != dst
		 *   Source address    - find interface with bdaddr == src
		 */

		if (use_src) {
			if (!bacmp(&d->bdaddr, src)) {
				hdev = d; break;
			}
		} else {
			if (bacmp(&d->bdaddr, dst)) {
				hdev = d; break;
			}
		}
	}

	if (hdev)
		hdev = hci_dev_hold(hdev);

	read_unlock_bh(&hci_dev_list_lock);
	return hdev;
}
EXPORT_SYMBOL(hci_get_route);

/* Create SCO or ACL connection.
 * Device _must_ be locked */
struct hci_conn * hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *acl;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
		if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
			return NULL;
	}

	hci_conn_hold(acl);

	if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
		hci_acl_connect(acl);

	if (type == SCO_LINK) {
		struct hci_conn *sco;

		if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
			if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
				hci_conn_put(acl);
				return NULL;
			}
		}
		acl->link = sco;
		sco->link = acl;

		hci_conn_hold(sco);

		if (acl->state == BT_CONNECTED && 
				(sco->state == BT_OPEN || sco->state == BT_CLOSED))
			hci_add_sco(sco, acl->handle);

		return sco;
	} else {
		return acl;
	}
}
EXPORT_SYMBOL(hci_connect);

/* Authenticate remote device */
int hci_conn_auth(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->link_mode & HCI_LM_AUTH)
		return 1;

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_auth_requested cp;
		cp.handle = __cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_auth);

/* Enable encryption */
int hci_conn_encrypt(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->link_mode & HCI_LM_ENCRYPT)
		return 1;

	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
		return 0;

	if (hci_conn_auth(conn)) {
		struct hci_cp_set_conn_encrypt cp;
		cp.handle  = __cpu_to_le16(conn->handle);
		cp.encrypt = 1; 
		hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_encrypt);

/* Change link key */
int hci_conn_change_link_key(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_change_conn_link_key cp;
		cp.handle = __cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_change_link_key);

/* Switch role */
int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
{
	BT_DBG("conn %p", conn);

	if (!role && conn->link_mode & HCI_LM_MASTER)
		return 1;

	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
		struct hci_cp_switch_role cp;
		bacpy(&cp.bdaddr, &conn->dst);
		cp.role = role;
		hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp);
	}
	return 0;
}
EXPORT_SYMBOL(hci_conn_switch_role);

/* Enter active mode */
void hci_conn_enter_active_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
		goto timer;

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_exit_sniff_mode cp;
		cp.handle = __cpu_to_le16(conn->handle);
		hci_send_cmd(hdev, OGF_LINK_POLICY,
				OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp);
	}

timer:
	if (hdev->idle_timeout > 0)
		mod_timer(&conn->idle_timer,
			jiffies + msecs_to_jiffies(hdev->idle_timeout));
}

/* Enter sniff mode */
void hci_conn_enter_sniff_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
		return;

	if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
		return;

	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
		struct hci_cp_sniff_subrate cp;
		cp.handle             = __cpu_to_le16(conn->handle);
		cp.max_latency        = __constant_cpu_to_le16(0);
		cp.min_remote_timeout = __constant_cpu_to_le16(0);
		cp.min_local_timeout  = __constant_cpu_to_le16(0);
		hci_send_cmd(hdev, OGF_LINK_POLICY,
				OCF_SNIFF_SUBRATE, sizeof(cp), &cp);
	}

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_sniff_mode cp;
		cp.handle       = __cpu_to_le16(conn->handle);
		cp.max_interval = __cpu_to_le16(hdev->sniff_max_interval);
		cp.min_interval = __cpu_to_le16(hdev->sniff_min_interval);
		cp.attempt      = __constant_cpu_to_le16(4);
		cp.timeout      = __constant_cpu_to_le16(1);
		hci_send_cmd(hdev, OGF_LINK_POLICY,
				OCF_SNIFF_MODE, sizeof(cp), &cp);
	}
}

/* Drop all connection on the device */
void hci_conn_hash_flush(struct hci_dev *hdev)
{
	struct hci_conn_hash *h = &hdev->conn_hash;
	struct list_head *p;

	BT_DBG("hdev %s", hdev->name);

	p = h->list.next;
	while (p != &h->list) {
		struct hci_conn *c;

		c = list_entry(p, struct hci_conn, list);
		p = p->next;

		c->state = BT_CLOSED;

		hci_proto_disconn_ind(c, 0x16);
		hci_conn_del(c);
	}
}

int hci_get_conn_list(void __user *arg)
{
	struct hci_conn_list_req req, *cl;
	struct hci_conn_info *ci;
	struct hci_dev *hdev;
	struct list_head *p;
	int n = 0, size, err;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
		return -EINVAL;

	size = sizeof(req) + req.conn_num * sizeof(*ci);

	if (!(cl = kmalloc(size, GFP_KERNEL)))
		return -ENOMEM;

	if (!(hdev = hci_dev_get(req.dev_id))) {
		kfree(cl);
		return -ENODEV;
	}

	ci = cl->conn_info;

	hci_dev_lock_bh(hdev);
	list_for_each(p, &hdev->conn_hash.list) {
		register struct hci_conn *c;
		c = list_entry(p, struct hci_conn, list);

		bacpy(&(ci + n)->bdaddr, &c->dst);
		(ci + n)->handle = c->handle;
		(ci + n)->type  = c->type;
		(ci + n)->out   = c->out;
		(ci + n)->state = c->state;
		(ci + n)->link_mode = c->link_mode;
		if (++n >= req.conn_num)
			break;
	}
	hci_dev_unlock_bh(hdev);

	cl->dev_id = hdev->id;
	cl->conn_num = n;
	size = sizeof(req) + n * sizeof(*ci);

	hci_dev_put(hdev);

	err = copy_to_user(arg, cl, size);
	kfree(cl);

	return err ? -EFAULT : 0;
}

int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_conn_info_req req;
	struct hci_conn_info ci;
	struct hci_conn *conn;
	char __user *ptr = arg + sizeof(req);

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	hci_dev_lock_bh(hdev);
	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	if (conn) {
		bacpy(&ci.bdaddr, &conn->dst);
		ci.handle = conn->handle;
		ci.type  = conn->type;
		ci.out   = conn->out;
		ci.state = conn->state;
		ci.link_mode = conn->link_mode;
	}
	hci_dev_unlock_bh(hdev);

	if (!conn)
		return -ENOENT;

	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	19
	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI connection handling. */
	26
1da177e4 LT	27	#include <linux/module.h>
	28
	29	#include <linux/types.h>
	30	#include <linux/errno.h>
	31	#include <linux/kernel.h>
1da177e4 LT	32	#include <linux/sched.h>
	33	#include <linux/slab.h>
	34	#include <linux/poll.h>
	35	#include <linux/fcntl.h>
	36	#include <linux/init.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/interrupt.h>
	39	#include <linux/notifier.h>
	40	#include <net/sock.h>
	41
	42	#include <asm/system.h>
	43	#include <asm/uaccess.h>
	44	#include <asm/unaligned.h>
	45
	46	#include <net/bluetooth/bluetooth.h>
	47	#include <net/bluetooth/hci_core.h>
	48
	49	#ifndef CONFIG_BT_HCI_CORE_DEBUG
	50	#undef BT_DBG
	51	#define BT_DBG(D...)
	52	#endif
	53
	54	static void hci_acl_connect(struct hci_conn *conn)
	55	{
	56	struct hci_dev *hdev = conn->hdev;
	57	struct inquiry_entry *ie;
	58	struct hci_cp_create_conn cp;
	59
	60	BT_DBG("%p", conn);
	61
	62	conn->state = BT_CONNECT;
	63	conn->out = 1;
	64	conn->link_mode = HCI_LM_MASTER;
	65
	66	memset(&cp, 0, sizeof(cp));
	67	bacpy(&cp.bdaddr, &conn->dst);
	68	cp.pscan_rep_mode = 0x02;
	69
	70	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
	71	inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
	72	cp.pscan_rep_mode = ie->data.pscan_rep_mode;
	73	cp.pscan_mode = ie->data.pscan_mode;
	74	cp.clock_offset = ie->data.clock_offset \| __cpu_to_le16(0x8000);
	75	memcpy(conn->dev_class, ie->data.dev_class, 3);
	76	}
	77
	78	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
	79	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
	80	cp.role_switch = 0x01;
	81	else
	82	cp.role_switch = 0x00;
	83
	84	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
	85	}
	86
	87	void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
	88	{
	89	struct hci_cp_disconnect cp;
	90
	91	BT_DBG("%p", conn);
	92
	93	conn->state = BT_DISCONN;
	94
	95	cp.handle = __cpu_to_le16(conn->handle);
96	cp.reason = reason;
97	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT, sizeof(cp), &cp);
98	}
99
100	void hci_add_sco(struct hci_conn *conn, __u16 handle)
101	{
102	struct hci_dev *hdev = conn->hdev;
103	struct hci_cp_add_sco cp;
104
105	BT_DBG("%p", conn);
106
107	conn->state = BT_CONNECT;
108	conn->out = 1;
109
110	cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
111	cp.handle = __cpu_to_le16(handle);
112
113	hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp);
114	}
115
116	static void hci_conn_timeout(unsigned long arg)
117	{
04837f64 MH	118	struct hci_conn conn = (void ) arg;
04837f64 MH	119	struct hci_dev *hdev = conn->hdev;
1da177e4 LT	120
	121	BT_DBG("conn %p state %d", conn, conn->state);
	122
	123	if (atomic_read(&conn->refcnt))
	124	return;
	125
	126	hci_dev_lock(hdev);
	127	if (conn->state == BT_CONNECTED)
	128	hci_acl_disconn(conn, 0x13);
	129	else
	130	conn->state = BT_CLOSED;
	131	hci_dev_unlock(hdev);
	132	return;
	133	}
	134
04837f64	135	static void hci_conn_idle(unsigned long arg)
1da177e4	136	{
04837f64 MH	137	struct hci_conn conn = (void ) arg;
	138
	139	BT_DBG("conn %p mode %d", conn, conn->mode);
	140
	141	hci_conn_enter_sniff_mode(conn);
1da177e4 LT	142	}
	143
	144	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
	145	{
	146	struct hci_conn *conn;
	147
	148	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	149
04837f64 MH	150	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
04837f64 MH	151	if (!conn)
1da177e4	152	return NULL;
1da177e4 LT	153
1da177e4 LT	154	bacpy(&conn->dst, dst);
1da177e4	155	conn->hdev = hdev;
04837f64 MH	156	conn->type = type;
04837f64 MH	157	conn->mode = HCI_CM_ACTIVE;
1da177e4 LT	158	conn->state = BT_OPEN;
1da177e4 LT	159
04837f64 MH	160	conn->power_save = 1;
04837f64 MH	161
1da177e4	162	skb_queue_head_init(&conn->data_q);
04837f64 MH	163
	164	init_timer(&conn->disc_timer);
	165	conn->disc_timer.function = hci_conn_timeout;
	166	conn->disc_timer.data = (unsigned long) conn;
	167
	168	init_timer(&conn->idle_timer);
	169	conn->idle_timer.function = hci_conn_idle;
	170	conn->idle_timer.data = (unsigned long) conn;
1da177e4 LT	171
	172	atomic_set(&conn->refcnt, 0);
	173
	174	hci_dev_hold(hdev);
	175
	176	tasklet_disable(&hdev->tx_task);
	177
	178	hci_conn_hash_add(hdev, conn);
	179	if (hdev->notify)
	180	hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
	181
b219e3ac MH	182	hci_conn_add_sysfs(conn);
b219e3ac MH	183
1da177e4 LT	184	tasklet_enable(&hdev->tx_task);
	185
	186	return conn;
	187	}
	188
	189	int hci_conn_del(struct hci_conn *conn)
	190	{
	191	struct hci_dev *hdev = conn->hdev;
	192
	193	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
	194
04837f64 MH	195	del_timer(&conn->idle_timer);
	196
	197	del_timer(&conn->disc_timer);
1da177e4 LT	198
	199	if (conn->type == SCO_LINK) {
	200	struct hci_conn *acl = conn->link;
	201	if (acl) {
	202	acl->link = NULL;
	203	hci_conn_put(acl);
	204	}
	205	} else {
	206	struct hci_conn *sco = conn->link;
	207	if (sco)
	208	sco->link = NULL;
	209
	210	/* Unacked frames */
	211	hdev->acl_cnt += conn->sent;
	212	}
	213
	214	tasklet_disable(&hdev->tx_task);
	215
b219e3ac MH	216	hci_conn_del_sysfs(conn);
b219e3ac MH	217
1da177e4 LT	218	hci_conn_hash_del(hdev, conn);
	219	if (hdev->notify)
	220	hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
	221
	222	tasklet_enable(&hdev->tx_task);
	223
	224	skb_queue_purge(&conn->data_q);
	225
	226	hci_dev_put(hdev);
	227
b219e3ac MH	228	/* will free via device release */
	229	put_device(&conn->dev);
	230
1da177e4 LT	231	return 0;
	232	}
	233
	234	struct hci_dev hci_get_route(bdaddr_t dst, bdaddr_t *src)
	235	{
	236	int use_src = bacmp(src, BDADDR_ANY);
	237	struct hci_dev *hdev = NULL;
	238	struct list_head *p;
	239
	240	BT_DBG("%s -> %s", batostr(src), batostr(dst));
	241
	242	read_lock_bh(&hci_dev_list_lock);
	243
	244	list_for_each(p, &hci_dev_list) {
	245	struct hci_dev *d = list_entry(p, struct hci_dev, list);
	246
	247	if (!test_bit(HCI_UP, &d->flags) \|\| test_bit(HCI_RAW, &d->flags))
	248	continue;
	249
	250	/* Simple routing:
	251	* No source address - find interface with bdaddr != dst
	252	* Source address - find interface with bdaddr == src
	253	*/
	254
	255	if (use_src) {
	256	if (!bacmp(&d->bdaddr, src)) {
	257	hdev = d; break;
	258	}
	259	} else {
	260	if (bacmp(&d->bdaddr, dst)) {
	261	hdev = d; break;
	262	}
	263	}
	264	}
	265
	266	if (hdev)
	267	hdev = hci_dev_hold(hdev);
	268
	269	read_unlock_bh(&hci_dev_list_lock);
	270	return hdev;
	271	}
	272	EXPORT_SYMBOL(hci_get_route);
	273
	274	/* Create SCO or ACL connection.
	275	* Device _must_ be locked */
	276	struct hci_conn * hci_connect(struct hci_dev hdev, int type, bdaddr_t dst)
	277	{
	278	struct hci_conn *acl;
	279
	280	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	281
	282	if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
	283	if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
	284	return NULL;
	285	}
	286
	287	hci_conn_hold(acl);
	288
	289	if (acl->state == BT_OPEN \|\| acl->state == BT_CLOSED)
	290	hci_acl_connect(acl);
	291
	292	if (type == SCO_LINK) {
	293	struct hci_conn *sco;
	294
295	if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
296	if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
297	hci_conn_put(acl);
298	return NULL;
299	}
300	}
301	acl->link = sco;
302	sco->link = acl;
303
304	hci_conn_hold(sco);
305
306	if (acl->state == BT_CONNECTED &&
307	(sco->state == BT_OPEN \|\| sco->state == BT_CLOSED))
308	hci_add_sco(sco, acl->handle);
309
310	return sco;
311	} else {
312	return acl;
313	}
314	}
315	EXPORT_SYMBOL(hci_connect);
316
317	/* Authenticate remote device */
318	int hci_conn_auth(struct hci_conn *conn)
319	{
320	BT_DBG("conn %p", conn);
321
322	if (conn->link_mode & HCI_LM_AUTH)
323	return 1;
324
325	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
326	struct hci_cp_auth_requested cp;
327	cp.handle = __cpu_to_le16(conn->handle);
328	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp);
329	}
330	return 0;
331	}
332	EXPORT_SYMBOL(hci_conn_auth);
333
334	/* Enable encryption */
335	int hci_conn_encrypt(struct hci_conn *conn)
336	{
337	BT_DBG("conn %p", conn);
338
339	if (conn->link_mode & HCI_LM_ENCRYPT)
340	return 1;
341
342	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
343	return 0;
344
345	if (hci_conn_auth(conn)) {
346	struct hci_cp_set_conn_encrypt cp;
347	cp.handle = __cpu_to_le16(conn->handle);
348	cp.encrypt = 1;
349	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
350	}
351	return 0;
352	}
353	EXPORT_SYMBOL(hci_conn_encrypt);
354
355	/* Change link key */
356	int hci_conn_change_link_key(struct hci_conn *conn)
357	{
358	BT_DBG("conn %p", conn);
359
360	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
361	struct hci_cp_change_conn_link_key cp;
362	cp.handle = __cpu_to_le16(conn->handle);
363	hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
364	}
365	return 0;
366	}
367	EXPORT_SYMBOL(hci_conn_change_link_key);
368
369	/* Switch role */
370	int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
371	{
372	BT_DBG("conn %p", conn);
373
374	if (!role && conn->link_mode & HCI_LM_MASTER)
375	return 1;
376
377	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
378	struct hci_cp_switch_role cp;
379	bacpy(&cp.bdaddr, &conn->dst);
380	cp.role = role;
381	hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp);
382	}
383	return 0;
384	}
385	EXPORT_SYMBOL(hci_conn_switch_role);
386
04837f64 MH	387	/* Enter active mode */
	388	void hci_conn_enter_active_mode(struct hci_conn *conn)
	389	{
	390	struct hci_dev *hdev = conn->hdev;
	391
	392	BT_DBG("conn %p mode %d", conn, conn->mode);
	393
	394	if (test_bit(HCI_RAW, &hdev->flags))
	395	return;
	396
	397	if (conn->mode != HCI_CM_SNIFF \|\| !conn->power_save)
	398	goto timer;
	399
	400	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	401	struct hci_cp_exit_sniff_mode cp;
	402	cp.handle = __cpu_to_le16(conn->handle);
	403	hci_send_cmd(hdev, OGF_LINK_POLICY,
	404	OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp);
	405	}
	406
	407	timer:
	408	if (hdev->idle_timeout > 0)
	409	mod_timer(&conn->idle_timer,
	410	jiffies + msecs_to_jiffies(hdev->idle_timeout));
	411	}
	412
	413	/* Enter sniff mode */
	414	void hci_conn_enter_sniff_mode(struct hci_conn *conn)
	415	{
	416	struct hci_dev *hdev = conn->hdev;
	417
	418	BT_DBG("conn %p mode %d", conn, conn->mode);
	419
	420	if (test_bit(HCI_RAW, &hdev->flags))
	421	return;
	422
	423	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))
	424	return;
	425
	426	if (conn->mode != HCI_CM_ACTIVE \|\| !(conn->link_policy & HCI_LP_SNIFF))
	427	return;
	428
	429	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
	430	struct hci_cp_sniff_subrate cp;
	431	cp.handle = __cpu_to_le16(conn->handle);
	432	cp.max_latency = __constant_cpu_to_le16(0);
	433	cp.min_remote_timeout = __constant_cpu_to_le16(0);
	434	cp.min_local_timeout = __constant_cpu_to_le16(0);
	435	hci_send_cmd(hdev, OGF_LINK_POLICY,
	436	OCF_SNIFF_SUBRATE, sizeof(cp), &cp);
	437	}
	438
	439	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	440	struct hci_cp_sniff_mode cp;
	441	cp.handle = __cpu_to_le16(conn->handle);
	442	cp.max_interval = __cpu_to_le16(hdev->sniff_max_interval);
	443	cp.min_interval = __cpu_to_le16(hdev->sniff_min_interval);
	444	cp.attempt = __constant_cpu_to_le16(4);
	445	cp.timeout = __constant_cpu_to_le16(1);
	446	hci_send_cmd(hdev, OGF_LINK_POLICY,
	447	OCF_SNIFF_MODE, sizeof(cp), &cp);
	448	}
	449	}
	450
1da177e4 LT	451	/* Drop all connection on the device */
	452	void hci_conn_hash_flush(struct hci_dev *hdev)
	453	{
	454	struct hci_conn_hash *h = &hdev->conn_hash;
	455	struct list_head *p;
	456
	457	BT_DBG("hdev %s", hdev->name);
	458
	459	p = h->list.next;
	460	while (p != &h->list) {
	461	struct hci_conn *c;
	462
	463	c = list_entry(p, struct hci_conn, list);
	464	p = p->next;
	465
	466	c->state = BT_CLOSED;
	467
	468	hci_proto_disconn_ind(c, 0x16);
	469	hci_conn_del(c);
	470	}
	471	}
	472
	473	int hci_get_conn_list(void __user *arg)
	474	{
	475	struct hci_conn_list_req req, *cl;
	476	struct hci_conn_info *ci;
	477	struct hci_dev *hdev;
	478	struct list_head *p;
	479	int n = 0, size, err;
	480
	481	if (copy_from_user(&req, arg, sizeof(req)))
	482	return -EFAULT;
	483
	484	if (!req.conn_num \|\| req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
	485	return -EINVAL;
	486
	487	size = sizeof(req) + req.conn_num * sizeof(*ci);
	488
12fe2c58	489	if (!(cl = kmalloc(size, GFP_KERNEL)))
1da177e4 LT	490	return -ENOMEM;
	491
	492	if (!(hdev = hci_dev_get(req.dev_id))) {
	493	kfree(cl);
	494	return -ENODEV;
	495	}
	496
	497	ci = cl->conn_info;
	498
	499	hci_dev_lock_bh(hdev);
	500	list_for_each(p, &hdev->conn_hash.list) {
	501	register struct hci_conn *c;
	502	c = list_entry(p, struct hci_conn, list);
	503
	504	bacpy(&(ci + n)->bdaddr, &c->dst);
	505	(ci + n)->handle = c->handle;
	506	(ci + n)->type = c->type;
	507	(ci + n)->out = c->out;
	508	(ci + n)->state = c->state;
	509	(ci + n)->link_mode = c->link_mode;
	510	if (++n >= req.conn_num)
	511	break;
	512	}
	513	hci_dev_unlock_bh(hdev);
	514
	515	cl->dev_id = hdev->id;
	516	cl->conn_num = n;
	517	size = sizeof(req) + n * sizeof(*ci);
	518
	519	hci_dev_put(hdev);
	520
	521	err = copy_to_user(arg, cl, size);
	522	kfree(cl);
	523
	524	return err ? -EFAULT : 0;
	525	}
	526
	527	int hci_get_conn_info(struct hci_dev hdev, void __user arg)
	528	{
	529	struct hci_conn_info_req req;
	530	struct hci_conn_info ci;
	531	struct hci_conn *conn;
	532	char __user *ptr = arg + sizeof(req);
	533
	534	if (copy_from_user(&req, arg, sizeof(req)))
	535	return -EFAULT;
	536
	537	hci_dev_lock_bh(hdev);
	538	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	539	if (conn) {
	540	bacpy(&ci.bdaddr, &conn->dst);
	541	ci.handle = conn->handle;
	542	ci.type = conn->type;
	543	ci.out = conn->out;
	544	ci.state = conn->state;
	545	ci.link_mode = conn->link_mode;
	546	}
	547	hci_dev_unlock_bh(hdev);
	548
	549	if (!conn)
	550	return -ENOENT;
	551
	552	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
	553	}