projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix check for connection encryption
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_conn.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/export.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/a2mp.h>
32 #include <net/bluetooth/smp.h>
33
34 static void hci_le_create_connection(struct hci_conn *conn)
35 {
36 struct hci_dev *hdev = conn->hdev;
37 struct hci_cp_le_create_conn cp;
38
39 conn->state = BT_CONNECT;
40 conn->out = true;
41 conn->link_mode |= HCI_LM_MASTER;
42 conn->sec_level = BT_SECURITY_LOW;
43
44 memset(&cp, 0, sizeof(cp));
45 cp.scan_interval = __constant_cpu_to_le16(0x0060);
46 cp.scan_window = __constant_cpu_to_le16(0x0030);
47 bacpy(&cp.peer_addr, &conn->dst);
48 cp.peer_addr_type = conn->dst_type;
49 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
50 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
51 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
52 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
53 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
54
55 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
56 }
57
58 static void hci_le_create_connection_cancel(struct hci_conn *conn)
59 {
60 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
61 }
62
63 static void hci_acl_create_connection(struct hci_conn *conn)
64 {
65 struct hci_dev *hdev = conn->hdev;
66 struct inquiry_entry *ie;
67 struct hci_cp_create_conn cp;
68
69 BT_DBG("hcon %p", conn);
70
71 conn->state = BT_CONNECT;
72 conn->out = true;
73
74 conn->link_mode = HCI_LM_MASTER;
75
76 conn->attempt++;
77
78 conn->link_policy = hdev->link_policy;
79
80 memset(&cp, 0, sizeof(cp));
81 bacpy(&cp.bdaddr, &conn->dst);
82 cp.pscan_rep_mode = 0x02;
83
84 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
85 if (ie) {
86 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
87 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
88 cp.pscan_mode = ie->data.pscan_mode;
89 cp.clock_offset = ie->data.clock_offset |
90 __constant_cpu_to_le16(0x8000);
91 }
92
93 memcpy(conn->dev_class, ie->data.dev_class, 3);
94 if (ie->data.ssp_mode > 0)
95 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
96 }
97
98 cp.pkt_type = cpu_to_le16(conn->pkt_type);
99 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
100 cp.role_switch = 0x01;
101 else
102 cp.role_switch = 0x00;
103
104 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
105 }
106
107 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
108 {
109 struct hci_cp_create_conn_cancel cp;
110
111 BT_DBG("hcon %p", conn);
112
113 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
114 return;
115
116 bacpy(&cp.bdaddr, &conn->dst);
117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118 }
119
120 static void hci_reject_sco(struct hci_conn *conn)
121 {
122 struct hci_cp_reject_sync_conn_req cp;
123
124 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
125 bacpy(&cp.bdaddr, &conn->dst);
126
127 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
128 }
129
130 void hci_disconnect(struct hci_conn *conn, __u8 reason)
131 {
132 struct hci_cp_disconnect cp;
133
134 BT_DBG("hcon %p", conn);
135
136 conn->state = BT_DISCONN;
137
138 cp.handle = cpu_to_le16(conn->handle);
139 cp.reason = reason;
140 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
141 }
142
143 static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
144 {
145 struct hci_cp_disconn_phy_link cp;
146
147 BT_DBG("hcon %p", conn);
148
149 conn->state = BT_DISCONN;
150
151 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
152 cp.reason = reason;
153 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
154 sizeof(cp), &cp);
155 }
156
157 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
158 {
159 struct hci_dev *hdev = conn->hdev;
160 struct hci_cp_add_sco cp;
161
162 BT_DBG("hcon %p", conn);
163
164 conn->state = BT_CONNECT;
165 conn->out = true;
166
167 conn->attempt++;
168
169 cp.handle = cpu_to_le16(handle);
170 cp.pkt_type = cpu_to_le16(conn->pkt_type);
171
172 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
173 }
174
175 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
176 {
177 struct hci_dev *hdev = conn->hdev;
178 struct hci_cp_setup_sync_conn cp;
179
180 BT_DBG("hcon %p", conn);
181
182 conn->state = BT_CONNECT;
183 conn->out = true;
184
185 conn->attempt++;
186
187 cp.handle = cpu_to_le16(handle);
188 cp.pkt_type = cpu_to_le16(conn->pkt_type);
189
190 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
191 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
192 cp.max_latency = __constant_cpu_to_le16(0xffff);
193 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
194 cp.retrans_effort = 0xff;
195
196 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
197 }
198
199 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
200 u16 latency, u16 to_multiplier)
201 {
202 struct hci_cp_le_conn_update cp;
203 struct hci_dev *hdev = conn->hdev;
204
205 memset(&cp, 0, sizeof(cp));
206
207 cp.handle = cpu_to_le16(conn->handle);
208 cp.conn_interval_min = cpu_to_le16(min);
209 cp.conn_interval_max = cpu_to_le16(max);
210 cp.conn_latency = cpu_to_le16(latency);
211 cp.supervision_timeout = cpu_to_le16(to_multiplier);
212 cp.min_ce_len = __constant_cpu_to_le16(0x0001);
213 cp.max_ce_len = __constant_cpu_to_le16(0x0001);
214
215 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
216 }
217
218 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
219 __u8 ltk[16])
220 {
221 struct hci_dev *hdev = conn->hdev;
222 struct hci_cp_le_start_enc cp;
223
224 BT_DBG("hcon %p", conn);
225
226 memset(&cp, 0, sizeof(cp));
227
228 cp.handle = cpu_to_le16(conn->handle);
229 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
230 cp.ediv = ediv;
231 memcpy(cp.rand, rand, sizeof(cp.rand));
232
233 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
234 }
235
236 /* Device _must_ be locked */
237 void hci_sco_setup(struct hci_conn *conn, __u8 status)
238 {
239 struct hci_conn *sco = conn->link;
240
241 if (!sco)
242 return;
243
244 BT_DBG("hcon %p", conn);
245
246 if (!status) {
247 if (lmp_esco_capable(conn->hdev))
248 hci_setup_sync(sco, conn->handle);
249 else
250 hci_add_sco(sco, conn->handle);
251 } else {
252 hci_proto_connect_cfm(sco, status);
253 hci_conn_del(sco);
254 }
255 }
256
257 static void hci_conn_disconnect(struct hci_conn *conn)
258 {
259 __u8 reason = hci_proto_disconn_ind(conn);
260
261 switch (conn->type) {
262 case AMP_LINK:
263 hci_amp_disconn(conn, reason);
264 break;
265 default:
266 hci_disconnect(conn, reason);
267 break;
268 }
269 }
270
271 static void hci_conn_timeout(struct work_struct *work)
272 {
273 struct hci_conn *conn = container_of(work, struct hci_conn,
274 disc_work.work);
275
276 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
277
278 if (atomic_read(&conn->refcnt))
279 return;
280
281 switch (conn->state) {
282 case BT_CONNECT:
283 case BT_CONNECT2:
284 if (conn->out) {
285 if (conn->type == ACL_LINK)
286 hci_acl_create_connection_cancel(conn);
287 else if (conn->type == LE_LINK)
288 hci_le_create_connection_cancel(conn);
289 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
290 hci_reject_sco(conn);
291 }
292 break;
293 case BT_CONFIG:
294 case BT_CONNECTED:
295 hci_conn_disconnect(conn);
296 break;
297 default:
298 conn->state = BT_CLOSED;
299 break;
300 }
301 }
302
303 /* Enter sniff mode */
304 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
305 {
306 struct hci_dev *hdev = conn->hdev;
307
308 BT_DBG("hcon %p mode %d", conn, conn->mode);
309
310 if (test_bit(HCI_RAW, &hdev->flags))
311 return;
312
313 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
314 return;
315
316 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
317 return;
318
319 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
320 struct hci_cp_sniff_subrate cp;
321 cp.handle = cpu_to_le16(conn->handle);
322 cp.max_latency = __constant_cpu_to_le16(0);
323 cp.min_remote_timeout = __constant_cpu_to_le16(0);
324 cp.min_local_timeout = __constant_cpu_to_le16(0);
325 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
326 }
327
328 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
329 struct hci_cp_sniff_mode cp;
330 cp.handle = cpu_to_le16(conn->handle);
331 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
332 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
333 cp.attempt = __constant_cpu_to_le16(4);
334 cp.timeout = __constant_cpu_to_le16(1);
335 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
336 }
337 }
338
339 static void hci_conn_idle(unsigned long arg)
340 {
341 struct hci_conn *conn = (void *) arg;
342
343 BT_DBG("hcon %p mode %d", conn, conn->mode);
344
345 hci_conn_enter_sniff_mode(conn);
346 }
347
348 static void hci_conn_auto_accept(unsigned long arg)
349 {
350 struct hci_conn *conn = (void *) arg;
351 struct hci_dev *hdev = conn->hdev;
352
353 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
354 &conn->dst);
355 }
356
357 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
358 {
359 struct hci_conn *conn;
360
361 BT_DBG("%s dst %pMR", hdev->name, dst);
362
363 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
364 if (!conn)
365 return NULL;
366
367 bacpy(&conn->dst, dst);
368 conn->hdev = hdev;
369 conn->type = type;
370 conn->mode = HCI_CM_ACTIVE;
371 conn->state = BT_OPEN;
372 conn->auth_type = HCI_AT_GENERAL_BONDING;
373 conn->io_capability = hdev->io_capability;
374 conn->remote_auth = 0xff;
375 conn->key_type = 0xff;
376
377 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
378 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
379
380 switch (type) {
381 case ACL_LINK:
382 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
383 break;
384 case SCO_LINK:
385 if (lmp_esco_capable(hdev))
386 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
387 (hdev->esco_type & EDR_ESCO_MASK);
388 else
389 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
390 break;
391 case ESCO_LINK:
392 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
393 break;
394 }
395
396 skb_queue_head_init(&conn->data_q);
397
398 INIT_LIST_HEAD(&conn->chan_list);
399
400 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
401 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
402 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
403 (unsigned long) conn);
404
405 atomic_set(&conn->refcnt, 0);
406
407 hci_dev_hold(hdev);
408
409 hci_conn_hash_add(hdev, conn);
410 if (hdev->notify)
411 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
412
413 hci_conn_init_sysfs(conn);
414
415 return conn;
416 }
417
418 int hci_conn_del(struct hci_conn *conn)
419 {
420 struct hci_dev *hdev = conn->hdev;
421
422 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
423
424 del_timer(&conn->idle_timer);
425
426 cancel_delayed_work_sync(&conn->disc_work);
427
428 del_timer(&conn->auto_accept_timer);
429
430 if (conn->type == ACL_LINK) {
431 struct hci_conn *sco = conn->link;
432 if (sco)
433 sco->link = NULL;
434
435 /* Unacked frames */
436 hdev->acl_cnt += conn->sent;
437 } else if (conn->type == LE_LINK) {
438 if (hdev->le_pkts)
439 hdev->le_cnt += conn->sent;
440 else
441 hdev->acl_cnt += conn->sent;
442 } else {
443 struct hci_conn *acl = conn->link;
444 if (acl) {
445 acl->link = NULL;
446 hci_conn_drop(acl);
447 }
448 }
449
450 hci_chan_list_flush(conn);
451
452 if (conn->amp_mgr)
453 amp_mgr_put(conn->amp_mgr);
454
455 hci_conn_hash_del(hdev, conn);
456 if (hdev->notify)
457 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
458
459 skb_queue_purge(&conn->data_q);
460
461 hci_conn_del_sysfs(conn);
462
463 hci_dev_put(hdev);
464
465 hci_conn_put(conn);
466
467 return 0;
468 }
469
470 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
471 {
472 int use_src = bacmp(src, BDADDR_ANY);
473 struct hci_dev *hdev = NULL, *d;
474
475 BT_DBG("%pMR -> %pMR", src, dst);
476
477 read_lock(&hci_dev_list_lock);
478
479 list_for_each_entry(d, &hci_dev_list, list) {
480 if (!test_bit(HCI_UP, &d->flags) ||
481 test_bit(HCI_RAW, &d->flags) ||
482 d->dev_type != HCI_BREDR)
483 continue;
484
485 /* Simple routing:
486 * No source address - find interface with bdaddr != dst
487 * Source address - find interface with bdaddr == src
488 */
489
490 if (use_src) {
491 if (!bacmp(&d->bdaddr, src)) {
492 hdev = d; break;
493 }
494 } else {
495 if (bacmp(&d->bdaddr, dst)) {
496 hdev = d; break;
497 }
498 }
499 }
500
501 if (hdev)
502 hdev = hci_dev_hold(hdev);
503
504 read_unlock(&hci_dev_list_lock);
505 return hdev;
506 }
507 EXPORT_SYMBOL(hci_get_route);
508
509 static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
510 u8 dst_type, u8 sec_level, u8 auth_type)
511 {
512 struct hci_conn *le;
513
514 if (test_bit(HCI_LE_PERIPHERAL, &hdev->flags))
515 return ERR_PTR(-ENOTSUPP);
516
517 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
518 if (!le) {
519 le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
520 if (le)
521 return ERR_PTR(-EBUSY);
522
523 le = hci_conn_add(hdev, LE_LINK, dst);
524 if (!le)
525 return ERR_PTR(-ENOMEM);
526
527 le->dst_type = bdaddr_to_le(dst_type);
528 hci_le_create_connection(le);
529 }
530
531 le->pending_sec_level = sec_level;
532 le->auth_type = auth_type;
533
534 hci_conn_hold(le);
535
536 return le;
537 }
538
539 static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
540 u8 sec_level, u8 auth_type)
541 {
542 struct hci_conn *acl;
543
544 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
545 if (!acl) {
546 acl = hci_conn_add(hdev, ACL_LINK, dst);
547 if (!acl)
548 return ERR_PTR(-ENOMEM);
549 }
550
551 hci_conn_hold(acl);
552
553 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
554 acl->sec_level = BT_SECURITY_LOW;
555 acl->pending_sec_level = sec_level;
556 acl->auth_type = auth_type;
557 hci_acl_create_connection(acl);
558 }
559
560 return acl;
561 }
562
563 static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
564 bdaddr_t *dst, u8 sec_level, u8 auth_type)
565 {
566 struct hci_conn *acl;
567 struct hci_conn *sco;
568
569 acl = hci_connect_acl(hdev, dst, sec_level, auth_type);
570 if (IS_ERR(acl))
571 return acl;
572
573 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
574 if (!sco) {
575 sco = hci_conn_add(hdev, type, dst);
576 if (!sco) {
577 hci_conn_drop(acl);
578 return ERR_PTR(-ENOMEM);
579 }
580 }
581
582 acl->link = sco;
583 sco->link = acl;
584
585 hci_conn_hold(sco);
586
587 if (acl->state == BT_CONNECTED &&
588 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
589 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
590 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
591
592 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
593 /* defer SCO setup until mode change completed */
594 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
595 return sco;
596 }
597
598 hci_sco_setup(acl, 0x00);
599 }
600
601 return sco;
602 }
603
604 /* Create SCO, ACL or LE connection. */
605 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
606 __u8 dst_type, __u8 sec_level, __u8 auth_type)
607 {
608 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
609
610 switch (type) {
611 case LE_LINK:
612 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
613 case ACL_LINK:
614 return hci_connect_acl(hdev, dst, sec_level, auth_type);
615 case SCO_LINK:
616 case ESCO_LINK:
617 return hci_connect_sco(hdev, type, dst, sec_level, auth_type);
618 }
619
620 return ERR_PTR(-EINVAL);
621 }
622
623 /* Check link security requirement */
624 int hci_conn_check_link_mode(struct hci_conn *conn)
625 {
626 BT_DBG("hcon %p", conn);
627
628 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
629 return 0;
630
631 return 1;
632 }
633
634 /* Authenticate remote device */
635 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
636 {
637 BT_DBG("hcon %p", conn);
638
639 if (conn->pending_sec_level > sec_level)
640 sec_level = conn->pending_sec_level;
641
642 if (sec_level > conn->sec_level)
643 conn->pending_sec_level = sec_level;
644 else if (conn->link_mode & HCI_LM_AUTH)
645 return 1;
646
647 /* Make sure we preserve an existing MITM requirement*/
648 auth_type |= (conn->auth_type & 0x01);
649
650 conn->auth_type = auth_type;
651
652 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
653 struct hci_cp_auth_requested cp;
654
655 cp.handle = cpu_to_le16(conn->handle);
656 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
657 sizeof(cp), &cp);
658
659 /* If we're already encrypted set the REAUTH_PEND flag,
660 * otherwise set the ENCRYPT_PEND.
661 */
662 if (conn->link_mode & HCI_LM_ENCRYPT)
663 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
664 else
665 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
666 }
667
668 return 0;
669 }
670
671 /* Encrypt the the link */
672 static void hci_conn_encrypt(struct hci_conn *conn)
673 {
674 BT_DBG("hcon %p", conn);
675
676 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
677 struct hci_cp_set_conn_encrypt cp;
678 cp.handle = cpu_to_le16(conn->handle);
679 cp.encrypt = 0x01;
680 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
681 &cp);
682 }
683 }
684
685 /* Enable security */
686 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
687 {
688 BT_DBG("hcon %p", conn);
689
690 if (conn->type == LE_LINK)
691 return smp_conn_security(conn, sec_level);
692
693 /* For sdp we don't need the link key. */
694 if (sec_level == BT_SECURITY_SDP)
695 return 1;
696
697 /* For non 2.1 devices and low security level we don't need the link
698 key. */
699 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
700 return 1;
701
702 /* For other security levels we need the link key. */
703 if (!(conn->link_mode & HCI_LM_AUTH))
704 goto auth;
705
706 /* An authenticated combination key has sufficient security for any
707 security level. */
708 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
709 goto encrypt;
710
711 /* An unauthenticated combination key has sufficient security for
712 security level 1 and 2. */
713 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
714 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
715 goto encrypt;
716
717 /* A combination key has always sufficient security for the security
718 levels 1 or 2. High security level requires the combination key
719 is generated using maximum PIN code length (16).
720 For pre 2.1 units. */
721 if (conn->key_type == HCI_LK_COMBINATION &&
722 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
723 goto encrypt;
724
725 auth:
726 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
727 return 0;
728
729 if (!hci_conn_auth(conn, sec_level, auth_type))
730 return 0;
731
732 encrypt:
733 if (conn->link_mode & HCI_LM_ENCRYPT)
734 return 1;
735
736 hci_conn_encrypt(conn);
737 return 0;
738 }
739 EXPORT_SYMBOL(hci_conn_security);
740
741 /* Check secure link requirement */
742 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
743 {
744 BT_DBG("hcon %p", conn);
745
746 if (sec_level != BT_SECURITY_HIGH)
747 return 1; /* Accept if non-secure is required */
748
749 if (conn->sec_level == BT_SECURITY_HIGH)
750 return 1;
751
752 return 0; /* Reject not secure link */
753 }
754 EXPORT_SYMBOL(hci_conn_check_secure);
755
756 /* Change link key */
757 int hci_conn_change_link_key(struct hci_conn *conn)
758 {
759 BT_DBG("hcon %p", conn);
760
761 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
762 struct hci_cp_change_conn_link_key cp;
763 cp.handle = cpu_to_le16(conn->handle);
764 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
765 sizeof(cp), &cp);
766 }
767
768 return 0;
769 }
770
771 /* Switch role */
772 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
773 {
774 BT_DBG("hcon %p", conn);
775
776 if (!role && conn->link_mode & HCI_LM_MASTER)
777 return 1;
778
779 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
780 struct hci_cp_switch_role cp;
781 bacpy(&cp.bdaddr, &conn->dst);
782 cp.role = role;
783 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
784 }
785
786 return 0;
787 }
788 EXPORT_SYMBOL(hci_conn_switch_role);
789
790 /* Enter active mode */
791 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
792 {
793 struct hci_dev *hdev = conn->hdev;
794
795 BT_DBG("hcon %p mode %d", conn, conn->mode);
796
797 if (test_bit(HCI_RAW, &hdev->flags))
798 return;
799
800 if (conn->mode != HCI_CM_SNIFF)
801 goto timer;
802
803 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
804 goto timer;
805
806 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
807 struct hci_cp_exit_sniff_mode cp;
808 cp.handle = cpu_to_le16(conn->handle);
809 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
810 }
811
812 timer:
813 if (hdev->idle_timeout > 0)
814 mod_timer(&conn->idle_timer,
815 jiffies + msecs_to_jiffies(hdev->idle_timeout));
816 }
817
818 /* Drop all connection on the device */
819 void hci_conn_hash_flush(struct hci_dev *hdev)
820 {
821 struct hci_conn_hash *h = &hdev->conn_hash;
822 struct hci_conn *c, *n;
823
824 BT_DBG("hdev %s", hdev->name);
825
826 list_for_each_entry_safe(c, n, &h->list, list) {
827 c->state = BT_CLOSED;
828
829 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
830 hci_conn_del(c);
831 }
832 }
833
834 /* Check pending connect attempts */
835 void hci_conn_check_pending(struct hci_dev *hdev)
836 {
837 struct hci_conn *conn;
838
839 BT_DBG("hdev %s", hdev->name);
840
841 hci_dev_lock(hdev);
842
843 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
844 if (conn)
845 hci_acl_create_connection(conn);
846
847 hci_dev_unlock(hdev);
848 }
849
850 int hci_get_conn_list(void __user *arg)
851 {
852 struct hci_conn *c;
853 struct hci_conn_list_req req, *cl;
854 struct hci_conn_info *ci;
855 struct hci_dev *hdev;
856 int n = 0, size, err;
857
858 if (copy_from_user(&req, arg, sizeof(req)))
859 return -EFAULT;
860
861 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
862 return -EINVAL;
863
864 size = sizeof(req) + req.conn_num * sizeof(*ci);
865
866 cl = kmalloc(size, GFP_KERNEL);
867 if (!cl)
868 return -ENOMEM;
869
870 hdev = hci_dev_get(req.dev_id);
871 if (!hdev) {
872 kfree(cl);
873 return -ENODEV;
874 }
875
876 ci = cl->conn_info;
877
878 hci_dev_lock(hdev);
879 list_for_each_entry(c, &hdev->conn_hash.list, list) {
880 bacpy(&(ci + n)->bdaddr, &c->dst);
881 (ci + n)->handle = c->handle;
882 (ci + n)->type = c->type;
883 (ci + n)->out = c->out;
884 (ci + n)->state = c->state;
885 (ci + n)->link_mode = c->link_mode;
886 if (++n >= req.conn_num)
887 break;
888 }
889 hci_dev_unlock(hdev);
890
891 cl->dev_id = hdev->id;
892 cl->conn_num = n;
893 size = sizeof(req) + n * sizeof(*ci);
894
895 hci_dev_put(hdev);
896
897 err = copy_to_user(arg, cl, size);
898 kfree(cl);
899
900 return err ? -EFAULT : 0;
901 }
902
903 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
904 {
905 struct hci_conn_info_req req;
906 struct hci_conn_info ci;
907 struct hci_conn *conn;
908 char __user *ptr = arg + sizeof(req);
909
910 if (copy_from_user(&req, arg, sizeof(req)))
911 return -EFAULT;
912
913 hci_dev_lock(hdev);
914 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
915 if (conn) {
916 bacpy(&ci.bdaddr, &conn->dst);
917 ci.handle = conn->handle;
918 ci.type = conn->type;
919 ci.out = conn->out;
920 ci.state = conn->state;
921 ci.link_mode = conn->link_mode;
922 }
923 hci_dev_unlock(hdev);
924
925 if (!conn)
926 return -ENOENT;
927
928 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
929 }
930
931 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
932 {
933 struct hci_auth_info_req req;
934 struct hci_conn *conn;
935
936 if (copy_from_user(&req, arg, sizeof(req)))
937 return -EFAULT;
938
939 hci_dev_lock(hdev);
940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
941 if (conn)
942 req.type = conn->auth_type;
943 hci_dev_unlock(hdev);
944
945 if (!conn)
946 return -ENOENT;
947
948 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
949 }
950
951 struct hci_chan *hci_chan_create(struct hci_conn *conn)
952 {
953 struct hci_dev *hdev = conn->hdev;
954 struct hci_chan *chan;
955
956 BT_DBG("%s hcon %p", hdev->name, conn);
957
958 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
959 if (!chan)
960 return NULL;
961
962 chan->conn = conn;
963 skb_queue_head_init(&chan->data_q);
964 chan->state = BT_CONNECTED;
965
966 list_add_rcu(&chan->list, &conn->chan_list);
967
968 return chan;
969 }
970
971 void hci_chan_del(struct hci_chan *chan)
972 {
973 struct hci_conn *conn = chan->conn;
974 struct hci_dev *hdev = conn->hdev;
975
976 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
977
978 list_del_rcu(&chan->list);
979
980 synchronize_rcu();
981
982 hci_conn_drop(conn);
983
984 skb_queue_purge(&chan->data_q);
985 kfree(chan);
986 }
987
988 void hci_chan_list_flush(struct hci_conn *conn)
989 {
990 struct hci_chan *chan, *n;
991
992 BT_DBG("hcon %p", conn);
993
994 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
995 hci_chan_del(chan);
996 }
997
998 static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
999 __u16 handle)
1000 {
1001 struct hci_chan *hchan;
1002
1003 list_for_each_entry(hchan, &hcon->chan_list, list) {
1004 if (hchan->handle == handle)
1005 return hchan;
1006 }
1007
1008 return NULL;
1009 }
1010
1011 struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1012 {
1013 struct hci_conn_hash *h = &hdev->conn_hash;
1014 struct hci_conn *hcon;
1015 struct hci_chan *hchan = NULL;
1016
1017 rcu_read_lock();
1018
1019 list_for_each_entry_rcu(hcon, &h->list, list) {
1020 hchan = __hci_chan_lookup_handle(hcon, handle);
1021 if (hchan)
1022 break;
1023 }
1024
1025 rcu_read_unlock();
1026
1027 return hchan;
1028 }
kernel source for telekom puls (alcatel/mediatek)