1 files changed, 132 insertions, 59 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index a7a27bc2c0b1..b50dabb3f86a 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -66,8 +66,7 @@ static void hci_acl_create_connection(struct hci_conn *conn)
        conn->state = BT_CONNECT;
        conn->out = true;
+        conn->role = HCI_ROLE_MASTER;
-        conn->link_mode = HCI_LM_MASTER;
        conn->attempt++;
@@ -136,7 +135,7 @@ void hci_disconnect(struct hci_conn *conn, __u8 reason)
        hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
 }
-static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
+static void hci_amp_disconn(struct hci_conn *conn)
 {
        struct hci_cp_disconn_phy_link cp;
@@ -145,7 +144,7 @@ static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
        conn->state = BT_DISCONN;
        cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
-        cp.reason = reason;
+        cp.reason = hci_proto_disconn_ind(conn);
        hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
                     sizeof(cp), &cp);
 }
@@ -213,14 +212,26 @@ bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
        return true;
 }
-void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
+u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
-                        u16 latency, u16 to_multiplier)
+                      u16 to_multiplier)
 {
-        struct hci_cp_le_conn_update cp;
        struct hci_dev *hdev = conn->hdev;
+        struct hci_conn_params *params;
+        struct hci_cp_le_conn_update cp;
-        memset(&cp, 0, sizeof(cp));
+        hci_dev_lock(hdev);
+        params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
+        if (params) {
+                params->conn_min_interval = min;
+                params->conn_max_interval = max;
+                params->conn_latency = latency;
+                params->supervision_timeout = to_multiplier;
+        }
+        hci_dev_unlock(hdev);
+        memset(&cp, 0, sizeof(cp));
        cp.handle               = cpu_to_le16(conn->handle);
        cp.conn_interval_min    = cpu_to_le16(min);
        cp.conn_interval_max    = cpu_to_le16(max);
@@ -230,6 +241,11 @@ void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
        cp.max_ce_len           = cpu_to_le16(0x0000);
        hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
+        if (params)
+                return 0x01;
+        return 0x00;
 }
 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
@@ -271,20 +287,6 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
        }
 }
-static void hci_conn_disconnect(struct hci_conn *conn)
-{
-        __u8 reason = hci_proto_disconn_ind(conn);
-        switch (conn->type) {
-        case AMP_LINK:
-                hci_amp_disconn(conn, reason);
-                break;
-        default:
-                hci_disconnect(conn, reason);
-                break;
-        }
-}
 static void hci_conn_timeout(struct work_struct *work)
 {
        struct hci_conn *conn = container_of(work, struct hci_conn,
@@ -319,7 +321,31 @@ static void hci_conn_timeout(struct work_struct *work)
                break;
        case BT_CONFIG:
        case BT_CONNECTED:
-                hci_conn_disconnect(conn);
+                if (conn->type == AMP_LINK) {
+                        hci_amp_disconn(conn);
+                } else {
+                        __u8 reason = hci_proto_disconn_ind(conn);
+                        /* When we are master of an established connection
+                         * and it enters the disconnect timeout, then go
+                         * ahead and try to read the current clock offset.
+                         *
+                         * Processing of the result is done within the
+                         * event handling and hci_clock_offset_evt function.
+                         */
+                        if (conn->type == ACL_LINK &&
+                            conn->role == HCI_ROLE_MASTER) {
+                                struct hci_dev *hdev = conn->hdev;
+                                struct hci_cp_read_clock_offset cp;
+                                cp.handle = cpu_to_le16(conn->handle);
+                                hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET,
+                                             sizeof(cp), &cp);
+                        }
+                        hci_disconnect(conn, reason);
+                }
                break;
        default:
                conn->state = BT_CLOSED;
@@ -336,9 +362,6 @@ static void hci_conn_idle(struct work_struct *work)
        BT_DBG("hcon %p mode %d", conn, conn->mode);
-        if (test_bit(HCI_RAW, &hdev->flags))
-                return;
        if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
                return;
@@ -398,13 +421,14 @@ static void le_conn_timeout(struct work_struct *work)
        hci_le_create_connection_cancel(conn);
 }
-struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
+struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
+                              u8 role)
 {
        struct hci_conn *conn;
        BT_DBG("%s dst %pMR", hdev->name, dst);
-        conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
+        conn = kzalloc(sizeof(*conn), GFP_KERNEL);
        if (!conn)
                return NULL;
@@ -412,6 +436,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
        bacpy(&conn->src, &hdev->bdaddr);
        conn->hdev  = hdev;
        conn->type  = type;
+        conn->role  = role;
        conn->mode  = HCI_CM_ACTIVE;
        conn->state = BT_OPEN;
        conn->auth_type = HCI_AT_GENERAL_BONDING;
@@ -424,6 +449,9 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
        set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+        if (conn->role == HCI_ROLE_MASTER)
+                conn->out = true;
        switch (type) {
        case ACL_LINK:
                conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
@@ -529,7 +557,6 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
        list_for_each_entry(d, &hci_dev_list, list) {
                if (!test_bit(HCI_UP, &d->flags) ||
-                    test_bit(HCI_RAW, &d->flags) ||
                    test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
                    d->dev_type != HCI_BREDR)
                        continue;
@@ -627,7 +654,8 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
        cp.own_address_type = own_addr_type;
        cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
        cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
-        cp.supervision_timeout = cpu_to_le16(0x002a);
+        cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
+        cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
        cp.min_ce_len = cpu_to_le16(0x0000);
        cp.max_ce_len = cpu_to_le16(0x0000);
@@ -644,15 +672,12 @@ static void hci_req_directed_advertising(struct hci_request *req,
        u8 own_addr_type;
        u8 enable;
-        enable = 0x00;
+        /* Clear the HCI_LE_ADV bit temporarily so that the
-        hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
-        /* Clear the HCI_ADVERTISING bit temporarily so that the
         * hci_update_random_address knows that it's safe to go ahead
         * and write a new random address. The flag will be set back on
         * as soon as the SET_ADV_ENABLE HCI command completes.
         */
-        clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
+        clear_bit(HCI_LE_ADV, &hdev->dev_flags);
        /* Set require_privacy to false so that the remote device has a
         * chance of identifying us.
@@ -676,7 +701,8 @@ static void hci_req_directed_advertising(struct hci_request *req,
 }
 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
-                                u8 dst_type, u8 sec_level, u8 auth_type)
+                                u8 dst_type, u8 sec_level, u16 conn_timeout,
+                                u8 role)
 {
        struct hci_conn_params *params;
        struct hci_conn *conn;
@@ -696,7 +722,6 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
        conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
        if (conn) {
                conn->pending_sec_level = sec_level;
-                conn->auth_type = auth_type;
                goto done;
        }
@@ -726,32 +751,56 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
                dst_type = ADDR_LE_DEV_RANDOM;
        }
-        conn = hci_conn_add(hdev, LE_LINK, dst);
+        conn = hci_conn_add(hdev, LE_LINK, dst, role);
        if (!conn)
                return ERR_PTR(-ENOMEM);
        conn->dst_type = dst_type;
        conn->sec_level = BT_SECURITY_LOW;
        conn->pending_sec_level = sec_level;
-        conn->auth_type = auth_type;
+        conn->conn_timeout = conn_timeout;
        hci_req_init(&req, hdev);
-        if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
+        /* Disable advertising if we're active. For master role
+         * connections most controllers will refuse to connect if
+         * advertising is enabled, and for slave role connections we
+         * anyway have to disable it in order to start directed
+         * advertising.
+         */
+        if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
+                u8 enable = 0x00;
+                hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
+                            &enable);
+        }
+        /* If requested to connect as slave use directed advertising */
+        if (conn->role == HCI_ROLE_SLAVE) {
+                /* If we're active scanning most controllers are unable
+                 * to initiate advertising. Simply reject the attempt.
+                 */
+                if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
+                    hdev->le_scan_type == LE_SCAN_ACTIVE) {
+                        skb_queue_purge(&req.cmd_q);
+                        hci_conn_del(conn);
+                        return ERR_PTR(-EBUSY);
+                }
                hci_req_directed_advertising(&req, conn);
                goto create_conn;
        }
-        conn->out = true;
-        conn->link_mode |= HCI_LM_MASTER;
        params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
        if (params) {
                conn->le_conn_min_interval = params->conn_min_interval;
                conn->le_conn_max_interval = params->conn_max_interval;
+                conn->le_conn_latency = params->conn_latency;
+                conn->le_supv_timeout = params->supervision_timeout;
        } else {
                conn->le_conn_min_interval = hdev->le_conn_min_interval;
                conn->le_conn_max_interval = hdev->le_conn_max_interval;
+                conn->le_conn_latency = hdev->le_conn_latency;
+                conn->le_supv_timeout = hdev->le_supv_timeout;
        }
        /* If controller is scanning, we stop it since some controllers are
@@ -785,11 +834,11 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
        struct hci_conn *acl;
        if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
-                return ERR_PTR(-ENOTSUPP);
+                return ERR_PTR(-EOPNOTSUPP);
        acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
        if (!acl) {
-                acl = hci_conn_add(hdev, ACL_LINK, dst);
+                acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
                if (!acl)
                        return ERR_PTR(-ENOMEM);
        }
@@ -818,7 +867,7 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
        sco = hci_conn_hash_lookup_ba(hdev, type, dst);
        if (!sco) {
-                sco = hci_conn_add(hdev, type, dst);
+                sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
                if (!sco) {
                        hci_conn_drop(acl);
                        return ERR_PTR(-ENOMEM);
@@ -865,7 +914,8 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
                        return 0;
        }
-        if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
+        if (hci_conn_ssp_enabled(conn) &&
+            !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
                return 0;
        return 1;
@@ -881,7 +931,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
        if (sec_level > conn->sec_level)
                conn->pending_sec_level = sec_level;
-        else if (conn->link_mode & HCI_LM_AUTH)
+        else if (test_bit(HCI_CONN_AUTH, &conn->flags))
                return 1;
        /* Make sure we preserve an existing MITM requirement*/
@@ -899,7 +949,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
                /* If we're already encrypted set the REAUTH_PEND flag,
                 * otherwise set the ENCRYPT_PEND.
                 */
-                if (conn->link_mode & HCI_LM_ENCRYPT)
+                if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
                        set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
                else
                        set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
@@ -923,7 +973,8 @@ static void hci_conn_encrypt(struct hci_conn *conn)
 }
 /* Enable security */
-int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
+int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
+                      bool initiator)
 {
        BT_DBG("hcon %p", conn);
@@ -940,7 +991,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
                return 1;
        /* For other security levels we need the link key. */
-        if (!(conn->link_mode & HCI_LM_AUTH))
+        if (!test_bit(HCI_CONN_AUTH, &conn->flags))
                goto auth;
        /* An authenticated FIPS approved combination key has sufficient
@@ -976,11 +1027,14 @@ auth:
        if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
                return 0;
+        if (initiator)
+                set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
        if (!hci_conn_auth(conn, sec_level, auth_type))
                return 0;
 encrypt:
-        if (conn->link_mode & HCI_LM_ENCRYPT)
+        if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
                return 1;
        hci_conn_encrypt(conn);
@@ -1027,7 +1081,7 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
 {
        BT_DBG("hcon %p", conn);
-        if (!role && conn->link_mode & HCI_LM_MASTER)
+        if (role == conn->role)
                return 1;
        if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
@@ -1048,9 +1102,6 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
        BT_DBG("hcon %p mode %d", conn, conn->mode);
-        if (test_bit(HCI_RAW, &hdev->flags))
-                return;
        if (conn->mode != HCI_CM_SNIFF)
                goto timer;
@@ -1101,6 +1152,28 @@ void hci_conn_check_pending(struct hci_dev *hdev)
        hci_dev_unlock(hdev);
 }
+static u32 get_link_mode(struct hci_conn *conn)
+{
+        u32 link_mode = 0;
+        if (conn->role == HCI_ROLE_MASTER)
+                link_mode |= HCI_LM_MASTER;
+        if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
+                link_mode |= HCI_LM_ENCRYPT;
+        if (test_bit(HCI_CONN_AUTH, &conn->flags))
+                link_mode |= HCI_LM_AUTH;
+        if (test_bit(HCI_CONN_SECURE, &conn->flags))
+                link_mode |= HCI_LM_SECURE;
+        if (test_bit(HCI_CONN_FIPS, &conn->flags))
+                link_mode |= HCI_LM_FIPS;
+        return link_mode;
+}
 int hci_get_conn_list(void __user *arg)
 {
        struct hci_conn *c;
@@ -1136,7 +1209,7 @@ int hci_get_conn_list(void __user *arg)
                (ci + n)->type  = c->type;
                (ci + n)->out   = c->out;
                (ci + n)->state = c->state;
-                (ci + n)->link_mode = c->link_mode;
+                (ci + n)->link_mode = get_link_mode(c);
                if (++n >= req.conn_num)
                        break;
        }
@@ -1172,7 +1245,7 @@ int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
                ci.type  = conn->type;
                ci.out   = conn->out;
                ci.state = conn->state;
-                ci.link_mode = conn->link_mode;
+                ci.link_mode = get_link_mode(conn);
        }
        hci_dev_unlock(hdev);
@@ -1209,7 +1282,7 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
        BT_DBG("%s hcon %p", hdev->name, conn);
-        chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
+        chan = kzalloc(sizeof(*chan), GFP_KERNEL);
        if (!chan)
                return NULL;

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a7a27bc2c0b1..b50dabb3f86a 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c
@@ -66,8 +66,7 @@ static void hci_acl_create_connection(struct hci_conn *conn)
66		66
67	conn->state = BT_CONNECT;	67	conn->state = BT_CONNECT;
68	conn->out = true;	68	conn->out = true;
69		69	conn->role = HCI_ROLE_MASTER;
70	conn->link_mode = HCI_LM_MASTER;
71		70
72	conn->attempt++;	71	conn->attempt++;
73		72
@@ -136,7 +135,7 @@ void hci_disconnect(struct hci_conn *conn, __u8 reason)
136	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);	135	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
137	}	136	}
138		137
139	static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)	138	static void hci_amp_disconn(struct hci_conn *conn)
140	{	139	{
141	struct hci_cp_disconn_phy_link cp;	140	struct hci_cp_disconn_phy_link cp;
142		141
@@ -145,7 +144,7 @@ static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
145	conn->state = BT_DISCONN;	144	conn->state = BT_DISCONN;
146		145
147	cp.phy_handle = HCI_PHY_HANDLE(conn->handle);	146	cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
148	cp.reason = reason;	147	cp.reason = hci_proto_disconn_ind(conn);
149	hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,	148	hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
150	sizeof(cp), &cp);	149	sizeof(cp), &cp);
151	}	150	}
@@ -213,14 +212,26 @@ bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
213	return true;	212	return true;
214	}	213	}
215		214
216	void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,	215	u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
217	u16 latency, u16 to_multiplier)	216	u16 to_multiplier)
218	{	217	{
219	struct hci_cp_le_conn_update cp;
220	struct hci_dev *hdev = conn->hdev;	218	struct hci_dev *hdev = conn->hdev;
		219	struct hci_conn_params *params;
		220	struct hci_cp_le_conn_update cp;
221		221
222	memset(&cp, 0, sizeof(cp));	222	hci_dev_lock(hdev);
223		223
		224	params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
		225	if (params) {
		226	params->conn_min_interval = min;
		227	params->conn_max_interval = max;
		228	params->conn_latency = latency;
		229	params->supervision_timeout = to_multiplier;
		230	}
		231
		232	hci_dev_unlock(hdev);
		233
		234	memset(&cp, 0, sizeof(cp));
224	cp.handle = cpu_to_le16(conn->handle);	235	cp.handle = cpu_to_le16(conn->handle);
225	cp.conn_interval_min = cpu_to_le16(min);	236	cp.conn_interval_min = cpu_to_le16(min);
226	cp.conn_interval_max = cpu_to_le16(max);	237	cp.conn_interval_max = cpu_to_le16(max);
@@ -230,6 +241,11 @@ void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
230	cp.max_ce_len = cpu_to_le16(0x0000);	241	cp.max_ce_len = cpu_to_le16(0x0000);
231		242
232	hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);	243	hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
		244
		245	if (params)
		246	return 0x01;
		247
		248	return 0x00;
233	}	249	}
234		250
235	void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,	251	void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
@@ -271,20 +287,6 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
271	}	287	}
272	}	288	}
273		289
274	static void hci_conn_disconnect(struct hci_conn *conn)
275	{
276	__u8 reason = hci_proto_disconn_ind(conn);
277
278	switch (conn->type) {
279	case AMP_LINK:
280	hci_amp_disconn(conn, reason);
281	break;
282	default:
283	hci_disconnect(conn, reason);
284	break;
285	}
286	}
287
288	static void hci_conn_timeout(struct work_struct *work)	290	static void hci_conn_timeout(struct work_struct *work)
289	{	291	{
290	struct hci_conn *conn = container_of(work, struct hci_conn,	292	struct hci_conn *conn = container_of(work, struct hci_conn,
@@ -319,7 +321,31 @@ static void hci_conn_timeout(struct work_struct *work)
319	break;	321	break;
320	case BT_CONFIG:	322	case BT_CONFIG:
321	case BT_CONNECTED:	323	case BT_CONNECTED:
322	hci_conn_disconnect(conn);	324	if (conn->type == AMP_LINK) {
		325	hci_amp_disconn(conn);
		326	} else {
		327	__u8 reason = hci_proto_disconn_ind(conn);
		328
		329	/* When we are master of an established connection
		330	* and it enters the disconnect timeout, then go
		331	* ahead and try to read the current clock offset.
		332	*
		333	* Processing of the result is done within the
		334	* event handling and hci_clock_offset_evt function.
		335	*/
		336	if (conn->type == ACL_LINK &&
		337	conn->role == HCI_ROLE_MASTER) {
		338	struct hci_dev *hdev = conn->hdev;
		339	struct hci_cp_read_clock_offset cp;
		340
		341	cp.handle = cpu_to_le16(conn->handle);
		342
		343	hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET,
		344	sizeof(cp), &cp);
		345	}
		346
		347	hci_disconnect(conn, reason);
		348	}
323	break;	349	break;
324	default:	350	default:
325	conn->state = BT_CLOSED;	351	conn->state = BT_CLOSED;
@@ -336,9 +362,6 @@ static void hci_conn_idle(struct work_struct *work)
336		362
337	BT_DBG("hcon %p mode %d", conn, conn->mode);	363	BT_DBG("hcon %p mode %d", conn, conn->mode);
338		364
339	if (test_bit(HCI_RAW, &hdev->flags))
340	return;
341
342	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))	365	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))
343	return;	366	return;
344		367
@@ -398,13 +421,14 @@ static void le_conn_timeout(struct work_struct *work)
398	hci_le_create_connection_cancel(conn);	421	hci_le_create_connection_cancel(conn);
399	}	422	}
400		423
401	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)	424	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst,
		425	u8 role)
402	{	426	{
403	struct hci_conn *conn;	427	struct hci_conn *conn;
404		428
405	BT_DBG("%s dst %pMR", hdev->name, dst);	429	BT_DBG("%s dst %pMR", hdev->name, dst);
406		430
407	conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);	431	conn = kzalloc(sizeof(*conn), GFP_KERNEL);
408	if (!conn)	432	if (!conn)
409	return NULL;	433	return NULL;
410		434
@@ -412,6 +436,7 @@ struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
412	bacpy(&conn->src, &hdev->bdaddr);	436	bacpy(&conn->src, &hdev->bdaddr);
413	conn->hdev = hdev;	437	conn->hdev = hdev;
414	conn->type = type;	438	conn->type = type;
		439	conn->role = role;
415	conn->mode = HCI_CM_ACTIVE;	440	conn->mode = HCI_CM_ACTIVE;
416	conn->state = BT_OPEN;	441	conn->state = BT_OPEN;
417	conn->auth_type = HCI_AT_GENERAL_BONDING;	442	conn->auth_type = HCI_AT_GENERAL_BONDING;
@@ -424,6 +449,9 @@ struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
424	set_bit(HCI_CONN_POWER_SAVE, &conn->flags);	449	set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
425	conn->disc_timeout = HCI_DISCONN_TIMEOUT;	450	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
426		451
		452	if (conn->role == HCI_ROLE_MASTER)
		453	conn->out = true;
		454
427	switch (type) {	455	switch (type) {
428	case ACL_LINK:	456	case ACL_LINK:
429	conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;	457	conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
@@ -529,7 +557,6 @@ struct hci_dev hci_get_route(bdaddr_t dst, bdaddr_t *src)
529		557
530	list_for_each_entry(d, &hci_dev_list, list) {	558	list_for_each_entry(d, &hci_dev_list, list) {
531	if (!test_bit(HCI_UP, &d->flags) \|\|	559	if (!test_bit(HCI_UP, &d->flags) \|\|
532	test_bit(HCI_RAW, &d->flags) \|\|
533	test_bit(HCI_USER_CHANNEL, &d->dev_flags) \|\|	560	test_bit(HCI_USER_CHANNEL, &d->dev_flags) \|\|
534	d->dev_type != HCI_BREDR)	561	d->dev_type != HCI_BREDR)
535	continue;	562	continue;
@@ -627,7 +654,8 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
627	cp.own_address_type = own_addr_type;	654	cp.own_address_type = own_addr_type;
628	cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);	655	cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
629	cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);	656	cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
630	cp.supervision_timeout = cpu_to_le16(0x002a);	657	cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
		658	cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
631	cp.min_ce_len = cpu_to_le16(0x0000);	659	cp.min_ce_len = cpu_to_le16(0x0000);
632	cp.max_ce_len = cpu_to_le16(0x0000);	660	cp.max_ce_len = cpu_to_le16(0x0000);
633		661
@@ -644,15 +672,12 @@ static void hci_req_directed_advertising(struct hci_request *req,
644	u8 own_addr_type;	672	u8 own_addr_type;
645	u8 enable;	673	u8 enable;
646		674
647	enable = 0x00;	675	/* Clear the HCI_LE_ADV bit temporarily so that the
648	hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
649
650	/* Clear the HCI_ADVERTISING bit temporarily so that the
651	* hci_update_random_address knows that it's safe to go ahead	676	* hci_update_random_address knows that it's safe to go ahead
652	* and write a new random address. The flag will be set back on	677	* and write a new random address. The flag will be set back on
653	* as soon as the SET_ADV_ENABLE HCI command completes.	678	* as soon as the SET_ADV_ENABLE HCI command completes.
654	*/	679	*/
655	clear_bit(HCI_ADVERTISING, &hdev->dev_flags);	680	clear_bit(HCI_LE_ADV, &hdev->dev_flags);
656		681
657	/* Set require_privacy to false so that the remote device has a	682	/* Set require_privacy to false so that the remote device has a
658	* chance of identifying us.	683	* chance of identifying us.
@@ -676,7 +701,8 @@ static void hci_req_directed_advertising(struct hci_request *req,
676	}	701	}
677		702
678	struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,	703	struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,
679	u8 dst_type, u8 sec_level, u8 auth_type)	704	u8 dst_type, u8 sec_level, u16 conn_timeout,
		705	u8 role)
680	{	706	{
681	struct hci_conn_params *params;	707	struct hci_conn_params *params;
682	struct hci_conn *conn;	708	struct hci_conn *conn;
@@ -696,7 +722,6 @@ struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,
696	conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);	722	conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
697	if (conn) {	723	if (conn) {
698	conn->pending_sec_level = sec_level;	724	conn->pending_sec_level = sec_level;
699	conn->auth_type = auth_type;
700	goto done;	725	goto done;
701	}	726	}
702		727
@@ -726,32 +751,56 @@ struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,
726	dst_type = ADDR_LE_DEV_RANDOM;	751	dst_type = ADDR_LE_DEV_RANDOM;
727	}	752	}
728		753
729	conn = hci_conn_add(hdev, LE_LINK, dst);	754	conn = hci_conn_add(hdev, LE_LINK, dst, role);
730	if (!conn)	755	if (!conn)
731	return ERR_PTR(-ENOMEM);	756	return ERR_PTR(-ENOMEM);
732		757
733	conn->dst_type = dst_type;	758	conn->dst_type = dst_type;
734	conn->sec_level = BT_SECURITY_LOW;	759	conn->sec_level = BT_SECURITY_LOW;
735	conn->pending_sec_level = sec_level;	760	conn->pending_sec_level = sec_level;
736	conn->auth_type = auth_type;	761	conn->conn_timeout = conn_timeout;
737		762
738	hci_req_init(&req, hdev);	763	hci_req_init(&req, hdev);
739		764
740	if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {	765	/* Disable advertising if we're active. For master role
		766	* connections most controllers will refuse to connect if
		767	* advertising is enabled, and for slave role connections we
		768	* anyway have to disable it in order to start directed
		769	* advertising.
		770	*/
		771	if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
		772	u8 enable = 0x00;
		773	hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
		774	&enable);
		775	}
		776
		777	/* If requested to connect as slave use directed advertising */
		778	if (conn->role == HCI_ROLE_SLAVE) {
		779	/* If we're active scanning most controllers are unable
		780	* to initiate advertising. Simply reject the attempt.
		781	*/
		782	if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
		783	hdev->le_scan_type == LE_SCAN_ACTIVE) {
		784	skb_queue_purge(&req.cmd_q);
		785	hci_conn_del(conn);
		786	return ERR_PTR(-EBUSY);
		787	}
		788
741	hci_req_directed_advertising(&req, conn);	789	hci_req_directed_advertising(&req, conn);
742	goto create_conn;	790	goto create_conn;
743	}	791	}
744		792
745	conn->out = true;
746	conn->link_mode \|= HCI_LM_MASTER;
747
748	params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);	793	params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
749	if (params) {	794	if (params) {
750	conn->le_conn_min_interval = params->conn_min_interval;	795	conn->le_conn_min_interval = params->conn_min_interval;
751	conn->le_conn_max_interval = params->conn_max_interval;	796	conn->le_conn_max_interval = params->conn_max_interval;
		797	conn->le_conn_latency = params->conn_latency;
		798	conn->le_supv_timeout = params->supervision_timeout;
752	} else {	799	} else {
753	conn->le_conn_min_interval = hdev->le_conn_min_interval;	800	conn->le_conn_min_interval = hdev->le_conn_min_interval;
754	conn->le_conn_max_interval = hdev->le_conn_max_interval;	801	conn->le_conn_max_interval = hdev->le_conn_max_interval;
		802	conn->le_conn_latency = hdev->le_conn_latency;
		803	conn->le_supv_timeout = hdev->le_supv_timeout;
755	}	804	}
756		805
757	/* If controller is scanning, we stop it since some controllers are	806	/* If controller is scanning, we stop it since some controllers are
@@ -785,11 +834,11 @@ struct hci_conn hci_connect_acl(struct hci_dev hdev, bdaddr_t *dst,
785	struct hci_conn *acl;	834	struct hci_conn *acl;
786		835
787	if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))	836	if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
788	return ERR_PTR(-ENOTSUPP);	837	return ERR_PTR(-EOPNOTSUPP);
789		838
790	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);	839	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
791	if (!acl) {	840	if (!acl) {
792	acl = hci_conn_add(hdev, ACL_LINK, dst);	841	acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
793	if (!acl)	842	if (!acl)
794	return ERR_PTR(-ENOMEM);	843	return ERR_PTR(-ENOMEM);
795	}	844	}
@@ -818,7 +867,7 @@ struct hci_conn hci_connect_sco(struct hci_dev hdev, int type, bdaddr_t *dst,
818		867
819	sco = hci_conn_hash_lookup_ba(hdev, type, dst);	868	sco = hci_conn_hash_lookup_ba(hdev, type, dst);
820	if (!sco) {	869	if (!sco) {
821	sco = hci_conn_add(hdev, type, dst);	870	sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
822	if (!sco) {	871	if (!sco) {
823	hci_conn_drop(acl);	872	hci_conn_drop(acl);
824	return ERR_PTR(-ENOMEM);	873	return ERR_PTR(-ENOMEM);
@@ -865,7 +914,8 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
865	return 0;	914	return 0;
866	}	915	}
867		916
868	if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))	917	if (hci_conn_ssp_enabled(conn) &&
		918	!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
869	return 0;	919	return 0;
870		920
871	return 1;	921	return 1;
@@ -881,7 +931,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
881		931
882	if (sec_level > conn->sec_level)	932	if (sec_level > conn->sec_level)
883	conn->pending_sec_level = sec_level;	933	conn->pending_sec_level = sec_level;
884	else if (conn->link_mode & HCI_LM_AUTH)	934	else if (test_bit(HCI_CONN_AUTH, &conn->flags))
885	return 1;	935	return 1;
886		936
887	/* Make sure we preserve an existing MITM requirement*/	937	/* Make sure we preserve an existing MITM requirement*/
@@ -899,7 +949,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
899	/* If we're already encrypted set the REAUTH_PEND flag,	949	/* If we're already encrypted set the REAUTH_PEND flag,
900	* otherwise set the ENCRYPT_PEND.	950	* otherwise set the ENCRYPT_PEND.
901	*/	951	*/
902	if (conn->link_mode & HCI_LM_ENCRYPT)	952	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
903	set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);	953	set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
904	else	954	else
905	set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);	955	set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
@@ -923,7 +973,8 @@ static void hci_conn_encrypt(struct hci_conn *conn)
923	}	973	}
924		974
925	/* Enable security */	975	/* Enable security */
926	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)	976	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
		977	bool initiator)
927	{	978	{
928	BT_DBG("hcon %p", conn);	979	BT_DBG("hcon %p", conn);
929		980
@@ -940,7 +991,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
940	return 1;	991	return 1;
941		992
942	/* For other security levels we need the link key. */	993	/* For other security levels we need the link key. */
943	if (!(conn->link_mode & HCI_LM_AUTH))	994	if (!test_bit(HCI_CONN_AUTH, &conn->flags))
944	goto auth;	995	goto auth;
945		996
946	/* An authenticated FIPS approved combination key has sufficient	997	/* An authenticated FIPS approved combination key has sufficient
@@ -976,11 +1027,14 @@ auth:
976	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))	1027	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
977	return 0;	1028	return 0;
978		1029
		1030	if (initiator)
		1031	set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
		1032
979	if (!hci_conn_auth(conn, sec_level, auth_type))	1033	if (!hci_conn_auth(conn, sec_level, auth_type))
980	return 0;	1034	return 0;
981		1035
982	encrypt:	1036	encrypt:
983	if (conn->link_mode & HCI_LM_ENCRYPT)	1037	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
984	return 1;	1038	return 1;
985		1039
986	hci_conn_encrypt(conn);	1040	hci_conn_encrypt(conn);
@@ -1027,7 +1081,7 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1027	{	1081	{
1028	BT_DBG("hcon %p", conn);	1082	BT_DBG("hcon %p", conn);
1029		1083
1030	if (!role && conn->link_mode & HCI_LM_MASTER)	1084	if (role == conn->role)
1031	return 1;	1085	return 1;
1032		1086
1033	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {	1087	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
@@ -1048,9 +1102,6 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
1048		1102
1049	BT_DBG("hcon %p mode %d", conn, conn->mode);	1103	BT_DBG("hcon %p mode %d", conn, conn->mode);
1050		1104
1051	if (test_bit(HCI_RAW, &hdev->flags))
1052	return;
1053
1054	if (conn->mode != HCI_CM_SNIFF)	1105	if (conn->mode != HCI_CM_SNIFF)
1055	goto timer;	1106	goto timer;
1056		1107
@@ -1101,6 +1152,28 @@ void hci_conn_check_pending(struct hci_dev *hdev)
1101	hci_dev_unlock(hdev);	1152	hci_dev_unlock(hdev);
1102	}	1153	}
1103		1154
		1155	static u32 get_link_mode(struct hci_conn *conn)
		1156	{
		1157	u32 link_mode = 0;
		1158
		1159	if (conn->role == HCI_ROLE_MASTER)
		1160	link_mode \|= HCI_LM_MASTER;
		1161
		1162	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
		1163	link_mode \|= HCI_LM_ENCRYPT;
		1164
		1165	if (test_bit(HCI_CONN_AUTH, &conn->flags))
		1166	link_mode \|= HCI_LM_AUTH;
		1167
		1168	if (test_bit(HCI_CONN_SECURE, &conn->flags))
		1169	link_mode \|= HCI_LM_SECURE;
		1170
		1171	if (test_bit(HCI_CONN_FIPS, &conn->flags))
		1172	link_mode \|= HCI_LM_FIPS;
		1173
		1174	return link_mode;
		1175	}
		1176
1104	int hci_get_conn_list(void __user *arg)	1177	int hci_get_conn_list(void __user *arg)
1105	{	1178	{
1106	struct hci_conn *c;	1179	struct hci_conn *c;
@@ -1136,7 +1209,7 @@ int hci_get_conn_list(void __user *arg)
1136	(ci + n)->type = c->type;	1209	(ci + n)->type = c->type;
1137	(ci + n)->out = c->out;	1210	(ci + n)->out = c->out;
1138	(ci + n)->state = c->state;	1211	(ci + n)->state = c->state;
1139	(ci + n)->link_mode = c->link_mode;	1212	(ci + n)->link_mode = get_link_mode(c);
1140	if (++n >= req.conn_num)	1213	if (++n >= req.conn_num)
1141	break;	1214	break;
1142	}	1215	}
@@ -1172,7 +1245,7 @@ int hci_get_conn_info(struct hci_dev hdev, void __user arg)
1172	ci.type = conn->type;	1245	ci.type = conn->type;
1173	ci.out = conn->out;	1246	ci.out = conn->out;
1174	ci.state = conn->state;	1247	ci.state = conn->state;
1175	ci.link_mode = conn->link_mode;	1248	ci.link_mode = get_link_mode(conn);
1176	}	1249	}
1177	hci_dev_unlock(hdev);	1250	hci_dev_unlock(hdev);
1178		1251
@@ -1209,7 +1282,7 @@ struct hci_chan hci_chan_create(struct hci_conn conn)
1209		1282
1210	BT_DBG("%s hcon %p", hdev->name, conn);	1283	BT_DBG("%s hcon %p", hdev->name, conn);
1211		1284
1212	chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);	1285	chan = kzalloc(sizeof(*chan), GFP_KERNEL);
1213	if (!chan)	1286	if (!chan)
1214	return NULL;	1287	return NULL;
1215		1288