1 files changed, 140 insertions, 59 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index a7a27bc2c0b1..faff6247ac8f 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -66,8 +66,7 @@ static void hci_acl_create_connection(struct hci_conn *conn)
        conn->state = BT_CONNECT;
        conn->out = true;
+        conn->role = HCI_ROLE_MASTER;
-        conn->link_mode = HCI_LM_MASTER;
        conn->attempt++;
@@ -136,7 +135,7 @@ void hci_disconnect(struct hci_conn *conn, __u8 reason)
        hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
 }
-static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
+static void hci_amp_disconn(struct hci_conn *conn)
 {
        struct hci_cp_disconn_phy_link cp;
@@ -145,7 +144,7 @@ static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
        conn->state = BT_DISCONN;
        cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
-        cp.reason = reason;
+        cp.reason = hci_proto_disconn_ind(conn);
        hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
                     sizeof(cp), &cp);
 }
@@ -213,14 +212,26 @@ bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
        return true;
 }
-void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
+u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
-                        u16 latency, u16 to_multiplier)
+                      u16 to_multiplier)
 {
-        struct hci_cp_le_conn_update cp;
        struct hci_dev *hdev = conn->hdev;
+        struct hci_conn_params *params;
+        struct hci_cp_le_conn_update cp;
-        memset(&cp, 0, sizeof(cp));
+        hci_dev_lock(hdev);
+        params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
+        if (params) {
+                params->conn_min_interval = min;
+                params->conn_max_interval = max;
+                params->conn_latency = latency;
+                params->supervision_timeout = to_multiplier;
+        }
+        hci_dev_unlock(hdev);
+        memset(&cp, 0, sizeof(cp));
        cp.handle               = cpu_to_le16(conn->handle);
        cp.conn_interval_min    = cpu_to_le16(min);
        cp.conn_interval_max    = cpu_to_le16(max);
@@ -230,6 +241,11 @@ void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
        cp.max_ce_len           = cpu_to_le16(0x0000);
        hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
+        if (params)
+                return 0x01;
+        return 0x00;
 }
 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
@@ -271,20 +287,6 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
        }
 }
-static void hci_conn_disconnect(struct hci_conn *conn)
-{
-        __u8 reason = hci_proto_disconn_ind(conn);
-        switch (conn->type) {
-        case AMP_LINK:
-                hci_amp_disconn(conn, reason);
-                break;
-        default:
-                hci_disconnect(conn, reason);
-                break;
-        }
-}
 static void hci_conn_timeout(struct work_struct *work)
 {
        struct hci_conn *conn = container_of(work, struct hci_conn,
@@ -319,7 +321,31 @@ static void hci_conn_timeout(struct work_struct *work)
                break;
        case BT_CONFIG:
        case BT_CONNECTED:
-                hci_conn_disconnect(conn);
+                if (conn->type == AMP_LINK) {
+                        hci_amp_disconn(conn);
+                } else {
+                        __u8 reason = hci_proto_disconn_ind(conn);
+                        /* When we are master of an established connection
+                         * and it enters the disconnect timeout, then go
+                         * ahead and try to read the current clock offset.
+                         *
+                         * Processing of the result is done within the
+                         * event handling and hci_clock_offset_evt function.
+                         */
+                        if (conn->type == ACL_LINK &&
+                            conn->role == HCI_ROLE_MASTER) {
+                                struct hci_dev *hdev = conn->hdev;
+                                struct hci_cp_read_clock_offset cp;
+                                cp.handle = cpu_to_le16(conn->handle);
+                                hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET,
+                                             sizeof(cp), &cp);
+                        }
+                        hci_disconnect(conn, reason);
+                }
                break;
        default:
                conn->state = BT_CLOSED;
@@ -336,9 +362,6 @@ static void hci_conn_idle(struct work_struct *work)
        BT_DBG("hcon %p mode %d", conn, conn->mode);
-        if (test_bit(HCI_RAW, &hdev->flags))
-                return;
        if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
                return;
@@ -398,13 +421,14 @@ static void le_conn_timeout(struct work_struct *work)
        hci_le_create_connection_cancel(conn);
 }
-struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
+struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
+                              u8 role)
 {
        struct hci_conn *conn;
        BT_DBG("%s dst %pMR", hdev->name, dst);
-        conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
+        conn = kzalloc(sizeof(*conn), GFP_KERNEL);
        if (!conn)
                return NULL;
@@ -412,6 +436,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
        bacpy(&conn->src, &hdev->bdaddr);
        conn->hdev  = hdev;
        conn->type  = type;
+        conn->role  = role;
        conn->mode  = HCI_CM_ACTIVE;
        conn->state = BT_OPEN;
        conn->auth_type = HCI_AT_GENERAL_BONDING;
@@ -424,6 +449,9 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
        set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+        if (conn->role == HCI_ROLE_MASTER)
+                conn->out = true;
        switch (type) {
        case ACL_LINK:
                conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
@@ -529,7 +557,6 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
        list_for_each_entry(d, &hci_dev_list, list) {
                if (!test_bit(HCI_UP, &d->flags) ||
-                    test_bit(HCI_RAW, &d->flags) ||
                    test_bit(HCI_USER_CHANNEL, &d->dev_flags) ||
                    d->dev_type != HCI_BREDR)
                        continue;
@@ -562,6 +589,14 @@ EXPORT_SYMBOL(hci_get_route);
 void hci_le_conn_failed(struct hci_conn *conn, u8 status)
 {
        struct hci_dev *hdev = conn->hdev;
+        struct hci_conn_params *params;
+        params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
+                                           conn->dst_type);
+        if (params && params->conn) {
+                hci_conn_drop(params->conn);
+                params->conn = NULL;
+        }
        conn->state = BT_CLOSED;
@@ -627,7 +662,8 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
        cp.own_address_type = own_addr_type;
        cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
        cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
-        cp.supervision_timeout = cpu_to_le16(0x002a);
+        cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
+        cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
        cp.min_ce_len = cpu_to_le16(0x0000);
        cp.max_ce_len = cpu_to_le16(0x0000);
@@ -644,15 +680,12 @@ static void hci_req_directed_advertising(struct hci_request *req,
        u8 own_addr_type;
        u8 enable;
-        enable = 0x00;
+        /* Clear the HCI_LE_ADV bit temporarily so that the
-        hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
-        /* Clear the HCI_ADVERTISING bit temporarily so that the
         * hci_update_random_address knows that it's safe to go ahead
         * and write a new random address. The flag will be set back on
         * as soon as the SET_ADV_ENABLE HCI command completes.
         */
-        clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
+        clear_bit(HCI_LE_ADV, &hdev->dev_flags);
        /* Set require_privacy to false so that the remote device has a
         * chance of identifying us.
@@ -676,7 +709,8 @@ static void hci_req_directed_advertising(struct hci_request *req,
 }
 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
-                                u8 dst_type, u8 sec_level, u8 auth_type)
+                                u8 dst_type, u8 sec_level, u16 conn_timeout,
+                                u8 role)
 {
        struct hci_conn_params *params;
        struct hci_conn *conn;
@@ -696,7 +730,6 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
        conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
        if (conn) {
                conn->pending_sec_level = sec_level;
-                conn->auth_type = auth_type;
                goto done;
        }
@@ -726,32 +759,56 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
                dst_type = ADDR_LE_DEV_RANDOM;
        }
-        conn = hci_conn_add(hdev, LE_LINK, dst);
+        conn = hci_conn_add(hdev, LE_LINK, dst, role);
        if (!conn)
                return ERR_PTR(-ENOMEM);
        conn->dst_type = dst_type;
        conn->sec_level = BT_SECURITY_LOW;
        conn->pending_sec_level = sec_level;
-        conn->auth_type = auth_type;
+        conn->conn_timeout = conn_timeout;
        hci_req_init(&req, hdev);
-        if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
+        /* Disable advertising if we're active. For master role
+         * connections most controllers will refuse to connect if
+         * advertising is enabled, and for slave role connections we
+         * anyway have to disable it in order to start directed
+         * advertising.
+         */
+        if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
+                u8 enable = 0x00;
+                hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
+                            &enable);
+        }
+        /* If requested to connect as slave use directed advertising */
+        if (conn->role == HCI_ROLE_SLAVE) {
+                /* If we're active scanning most controllers are unable
+                 * to initiate advertising. Simply reject the attempt.
+                 */
+                if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
+                    hdev->le_scan_type == LE_SCAN_ACTIVE) {
+                        skb_queue_purge(&req.cmd_q);
+                        hci_conn_del(conn);
+                        return ERR_PTR(-EBUSY);
+                }
                hci_req_directed_advertising(&req, conn);
                goto create_conn;
        }
-        conn->out = true;
-        conn->link_mode |= HCI_LM_MASTER;
        params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
        if (params) {
                conn->le_conn_min_interval = params->conn_min_interval;
                conn->le_conn_max_interval = params->conn_max_interval;
+                conn->le_conn_latency = params->conn_latency;
+                conn->le_supv_timeout = params->supervision_timeout;
        } else {
                conn->le_conn_min_interval = hdev->le_conn_min_interval;
                conn->le_conn_max_interval = hdev->le_conn_max_interval;
+                conn->le_conn_latency = hdev->le_conn_latency;
+                conn->le_supv_timeout = hdev->le_supv_timeout;
        }
        /* If controller is scanning, we stop it since some controllers are
@@ -785,11 +842,11 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
        struct hci_conn *acl;
        if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
-                return ERR_PTR(-ENOTSUPP);
+                return ERR_PTR(-EOPNOTSUPP);
        acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
        if (!acl) {
-                acl = hci_conn_add(hdev, ACL_LINK, dst);
+                acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
                if (!acl)
                        return ERR_PTR(-ENOMEM);
        }
@@ -818,7 +875,7 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
        sco = hci_conn_hash_lookup_ba(hdev, type, dst);
        if (!sco) {
-                sco = hci_conn_add(hdev, type, dst);
+                sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
                if (!sco) {
                        hci_conn_drop(acl);
                        return ERR_PTR(-ENOMEM);
@@ -865,7 +922,8 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
                        return 0;
        }
-        if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
+        if (hci_conn_ssp_enabled(conn) &&
+            !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
                return 0;
        return 1;
@@ -881,7 +939,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
        if (sec_level > conn->sec_level)
                conn->pending_sec_level = sec_level;
-        else if (conn->link_mode & HCI_LM_AUTH)
+        else if (test_bit(HCI_CONN_AUTH, &conn->flags))
                return 1;
        /* Make sure we preserve an existing MITM requirement*/
@@ -899,7 +957,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
                /* If we're already encrypted set the REAUTH_PEND flag,
                 * otherwise set the ENCRYPT_PEND.
                 */
-                if (conn->link_mode & HCI_LM_ENCRYPT)
+                if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
                        set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
                else
                        set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
@@ -923,7 +981,8 @@ static void hci_conn_encrypt(struct hci_conn *conn)
 }
 /* Enable security */
-int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
+int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
+                      bool initiator)
 {
        BT_DBG("hcon %p", conn);
@@ -940,7 +999,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
                return 1;
        /* For other security levels we need the link key. */
-        if (!(conn->link_mode & HCI_LM_AUTH))
+        if (!test_bit(HCI_CONN_AUTH, &conn->flags))
                goto auth;
        /* An authenticated FIPS approved combination key has sufficient
@@ -976,11 +1035,14 @@ auth:
        if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
                return 0;
+        if (initiator)
+                set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
        if (!hci_conn_auth(conn, sec_level, auth_type))
                return 0;
 encrypt:
-        if (conn->link_mode & HCI_LM_ENCRYPT)
+        if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
                return 1;
        hci_conn_encrypt(conn);
@@ -1027,7 +1089,7 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
 {
        BT_DBG("hcon %p", conn);
-        if (!role && conn->link_mode & HCI_LM_MASTER)
+        if (role == conn->role)
                return 1;
        if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
@@ -1048,9 +1110,6 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
        BT_DBG("hcon %p mode %d", conn, conn->mode);
-        if (test_bit(HCI_RAW, &hdev->flags))
-                return;
        if (conn->mode != HCI_CM_SNIFF)
                goto timer;
@@ -1101,6 +1160,28 @@ void hci_conn_check_pending(struct hci_dev *hdev)
        hci_dev_unlock(hdev);
 }
+static u32 get_link_mode(struct hci_conn *conn)
+{
+        u32 link_mode = 0;
+        if (conn->role == HCI_ROLE_MASTER)
+                link_mode |= HCI_LM_MASTER;
+        if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
+                link_mode |= HCI_LM_ENCRYPT;
+        if (test_bit(HCI_CONN_AUTH, &conn->flags))
+                link_mode |= HCI_LM_AUTH;
+        if (test_bit(HCI_CONN_SECURE, &conn->flags))
+                link_mode |= HCI_LM_SECURE;
+        if (test_bit(HCI_CONN_FIPS, &conn->flags))
+                link_mode |= HCI_LM_FIPS;
+        return link_mode;
+}
 int hci_get_conn_list(void __user *arg)
 {
        struct hci_conn *c;
@@ -1136,7 +1217,7 @@ int hci_get_conn_list(void __user *arg)
                (ci + n)->type  = c->type;
                (ci + n)->out   = c->out;
                (ci + n)->state = c->state;
-                (ci + n)->link_mode = c->link_mode;
+                (ci + n)->link_mode = get_link_mode(c);
                if (++n >= req.conn_num)
                        break;
        }
@@ -1172,7 +1253,7 @@ int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
                ci.type  = conn->type;
                ci.out   = conn->out;
                ci.state = conn->state;
-                ci.link_mode = conn->link_mode;
+                ci.link_mode = get_link_mode(conn);
        }
        hci_dev_unlock(hdev);
@@ -1209,7 +1290,7 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
        BT_DBG("%s hcon %p", hdev->name, conn);
-        chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
+        chan = kzalloc(sizeof(*chan), GFP_KERNEL);
        if (!chan)
                return NULL;

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a7a27bc2c0b1..faff6247ac8f 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c
@@ -66,8 +66,7 @@ static void hci_acl_create_connection(struct hci_conn *conn)
66		66
67	conn->state = BT_CONNECT;	67	conn->state = BT_CONNECT;
68	conn->out = true;	68	conn->out = true;
69		69	conn->role = HCI_ROLE_MASTER;
70	conn->link_mode = HCI_LM_MASTER;
71		70
72	conn->attempt++;	71	conn->attempt++;
73		72
@@ -136,7 +135,7 @@ void hci_disconnect(struct hci_conn *conn, __u8 reason)
136	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);	135	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
137	}	136	}
138		137
139	static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)	138	static void hci_amp_disconn(struct hci_conn *conn)
140	{	139	{
141	struct hci_cp_disconn_phy_link cp;	140	struct hci_cp_disconn_phy_link cp;
142		141
@@ -145,7 +144,7 @@ static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
145	conn->state = BT_DISCONN;	144	conn->state = BT_DISCONN;
146		145
147	cp.phy_handle = HCI_PHY_HANDLE(conn->handle);	146	cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
148	cp.reason = reason;	147	cp.reason = hci_proto_disconn_ind(conn);
149	hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,	148	hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
150	sizeof(cp), &cp);	149	sizeof(cp), &cp);
151	}	150	}
@@ -213,14 +212,26 @@ bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
213	return true;	212	return true;
214	}	213	}
215		214
216	void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,	215	u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
217	u16 latency, u16 to_multiplier)	216	u16 to_multiplier)
218	{	217	{
219	struct hci_cp_le_conn_update cp;
220	struct hci_dev *hdev = conn->hdev;	218	struct hci_dev *hdev = conn->hdev;
		219	struct hci_conn_params *params;
		220	struct hci_cp_le_conn_update cp;
221		221
222	memset(&cp, 0, sizeof(cp));	222	hci_dev_lock(hdev);
223		223
		224	params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
		225	if (params) {
		226	params->conn_min_interval = min;
		227	params->conn_max_interval = max;
		228	params->conn_latency = latency;
		229	params->supervision_timeout = to_multiplier;
		230	}
		231
		232	hci_dev_unlock(hdev);
		233
		234	memset(&cp, 0, sizeof(cp));
224	cp.handle = cpu_to_le16(conn->handle);	235	cp.handle = cpu_to_le16(conn->handle);
225	cp.conn_interval_min = cpu_to_le16(min);	236	cp.conn_interval_min = cpu_to_le16(min);
226	cp.conn_interval_max = cpu_to_le16(max);	237	cp.conn_interval_max = cpu_to_le16(max);
@@ -230,6 +241,11 @@ void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
230	cp.max_ce_len = cpu_to_le16(0x0000);	241	cp.max_ce_len = cpu_to_le16(0x0000);
231		242
232	hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);	243	hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
		244
		245	if (params)
		246	return 0x01;
		247
		248	return 0x00;
233	}	249	}
234		250
235	void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,	251	void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
@@ -271,20 +287,6 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
271	}	287	}
272	}	288	}
273		289
274	static void hci_conn_disconnect(struct hci_conn *conn)
275	{
276	__u8 reason = hci_proto_disconn_ind(conn);
277
278	switch (conn->type) {
279	case AMP_LINK:
280	hci_amp_disconn(conn, reason);
281	break;
282	default:
283	hci_disconnect(conn, reason);
284	break;
285	}
286	}
287
288	static void hci_conn_timeout(struct work_struct *work)	290	static void hci_conn_timeout(struct work_struct *work)
289	{	291	{
290	struct hci_conn *conn = container_of(work, struct hci_conn,	292	struct hci_conn *conn = container_of(work, struct hci_conn,
@@ -319,7 +321,31 @@ static void hci_conn_timeout(struct work_struct *work)
319	break;	321	break;
320	case BT_CONFIG:	322	case BT_CONFIG:
321	case BT_CONNECTED:	323	case BT_CONNECTED:
322	hci_conn_disconnect(conn);	324	if (conn->type == AMP_LINK) {
		325	hci_amp_disconn(conn);
		326	} else {
		327	__u8 reason = hci_proto_disconn_ind(conn);
		328
		329	/* When we are master of an established connection
		330	* and it enters the disconnect timeout, then go
		331	* ahead and try to read the current clock offset.
		332	*
		333	* Processing of the result is done within the
		334	* event handling and hci_clock_offset_evt function.
		335	*/
		336	if (conn->type == ACL_LINK &&
		337	conn->role == HCI_ROLE_MASTER) {
		338	struct hci_dev *hdev = conn->hdev;
		339	struct hci_cp_read_clock_offset cp;
		340
		341	cp.handle = cpu_to_le16(conn->handle);
		342
		343	hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET,
		344	sizeof(cp), &cp);
		345	}
		346
		347	hci_disconnect(conn, reason);
		348	}
323	break;	349	break;
324	default:	350	default:
325	conn->state = BT_CLOSED;	351	conn->state = BT_CLOSED;
@@ -336,9 +362,6 @@ static void hci_conn_idle(struct work_struct *work)
336		362
337	BT_DBG("hcon %p mode %d", conn, conn->mode);	363	BT_DBG("hcon %p mode %d", conn, conn->mode);
338		364
339	if (test_bit(HCI_RAW, &hdev->flags))
340	return;
341
342	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))	365	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))
343	return;	366	return;
344		367
@@ -398,13 +421,14 @@ static void le_conn_timeout(struct work_struct *work)
398	hci_le_create_connection_cancel(conn);	421	hci_le_create_connection_cancel(conn);
399	}	422	}
400		423
401	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)	424	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst,
		425	u8 role)
402	{	426	{
403	struct hci_conn *conn;	427	struct hci_conn *conn;
404		428
405	BT_DBG("%s dst %pMR", hdev->name, dst);	429	BT_DBG("%s dst %pMR", hdev->name, dst);
406		430
407	conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);	431	conn = kzalloc(sizeof(*conn), GFP_KERNEL);
408	if (!conn)	432	if (!conn)
409	return NULL;	433	return NULL;
410		434
@@ -412,6 +436,7 @@ struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
412	bacpy(&conn->src, &hdev->bdaddr);	436	bacpy(&conn->src, &hdev->bdaddr);
413	conn->hdev = hdev;	437	conn->hdev = hdev;
414	conn->type = type;	438	conn->type = type;
		439	conn->role = role;
415	conn->mode = HCI_CM_ACTIVE;	440	conn->mode = HCI_CM_ACTIVE;
416	conn->state = BT_OPEN;	441	conn->state = BT_OPEN;
417	conn->auth_type = HCI_AT_GENERAL_BONDING;	442	conn->auth_type = HCI_AT_GENERAL_BONDING;
@@ -424,6 +449,9 @@ struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
424	set_bit(HCI_CONN_POWER_SAVE, &conn->flags);	449	set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
425	conn->disc_timeout = HCI_DISCONN_TIMEOUT;	450	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
426		451
		452	if (conn->role == HCI_ROLE_MASTER)
		453	conn->out = true;
		454
427	switch (type) {	455	switch (type) {
428	case ACL_LINK:	456	case ACL_LINK:
429	conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;	457	conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
@@ -529,7 +557,6 @@ struct hci_dev hci_get_route(bdaddr_t dst, bdaddr_t *src)
529		557
530	list_for_each_entry(d, &hci_dev_list, list) {	558	list_for_each_entry(d, &hci_dev_list, list) {
531	if (!test_bit(HCI_UP, &d->flags) \|\|	559	if (!test_bit(HCI_UP, &d->flags) \|\|
532	test_bit(HCI_RAW, &d->flags) \|\|
533	test_bit(HCI_USER_CHANNEL, &d->dev_flags) \|\|	560	test_bit(HCI_USER_CHANNEL, &d->dev_flags) \|\|
534	d->dev_type != HCI_BREDR)	561	d->dev_type != HCI_BREDR)
535	continue;	562	continue;
@@ -562,6 +589,14 @@ EXPORT_SYMBOL(hci_get_route);
562	void hci_le_conn_failed(struct hci_conn *conn, u8 status)	589	void hci_le_conn_failed(struct hci_conn *conn, u8 status)
563	{	590	{
564	struct hci_dev *hdev = conn->hdev;	591	struct hci_dev *hdev = conn->hdev;
		592	struct hci_conn_params *params;
		593
		594	params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
		595	conn->dst_type);
		596	if (params && params->conn) {
		597	hci_conn_drop(params->conn);
		598	params->conn = NULL;
		599	}
565		600
566	conn->state = BT_CLOSED;	601	conn->state = BT_CLOSED;
567		602
@@ -627,7 +662,8 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
627	cp.own_address_type = own_addr_type;	662	cp.own_address_type = own_addr_type;
628	cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);	663	cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
629	cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);	664	cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
630	cp.supervision_timeout = cpu_to_le16(0x002a);	665	cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
		666	cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
631	cp.min_ce_len = cpu_to_le16(0x0000);	667	cp.min_ce_len = cpu_to_le16(0x0000);
632	cp.max_ce_len = cpu_to_le16(0x0000);	668	cp.max_ce_len = cpu_to_le16(0x0000);
633		669
@@ -644,15 +680,12 @@ static void hci_req_directed_advertising(struct hci_request *req,
644	u8 own_addr_type;	680	u8 own_addr_type;
645	u8 enable;	681	u8 enable;
646		682
647	enable = 0x00;	683	/* Clear the HCI_LE_ADV bit temporarily so that the
648	hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
649
650	/* Clear the HCI_ADVERTISING bit temporarily so that the
651	* hci_update_random_address knows that it's safe to go ahead	684	* hci_update_random_address knows that it's safe to go ahead
652	* and write a new random address. The flag will be set back on	685	* and write a new random address. The flag will be set back on
653	* as soon as the SET_ADV_ENABLE HCI command completes.	686	* as soon as the SET_ADV_ENABLE HCI command completes.
654	*/	687	*/
655	clear_bit(HCI_ADVERTISING, &hdev->dev_flags);	688	clear_bit(HCI_LE_ADV, &hdev->dev_flags);
656		689
657	/* Set require_privacy to false so that the remote device has a	690	/* Set require_privacy to false so that the remote device has a
658	* chance of identifying us.	691	* chance of identifying us.
@@ -676,7 +709,8 @@ static void hci_req_directed_advertising(struct hci_request *req,
676	}	709	}
677		710
678	struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,	711	struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,
679	u8 dst_type, u8 sec_level, u8 auth_type)	712	u8 dst_type, u8 sec_level, u16 conn_timeout,
		713	u8 role)
680	{	714	{
681	struct hci_conn_params *params;	715	struct hci_conn_params *params;
682	struct hci_conn *conn;	716	struct hci_conn *conn;
@@ -696,7 +730,6 @@ struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,
696	conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);	730	conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
697	if (conn) {	731	if (conn) {
698	conn->pending_sec_level = sec_level;	732	conn->pending_sec_level = sec_level;
699	conn->auth_type = auth_type;
700	goto done;	733	goto done;
701	}	734	}
702		735
@@ -726,32 +759,56 @@ struct hci_conn hci_connect_le(struct hci_dev hdev, bdaddr_t *dst,
726	dst_type = ADDR_LE_DEV_RANDOM;	759	dst_type = ADDR_LE_DEV_RANDOM;
727	}	760	}
728		761
729	conn = hci_conn_add(hdev, LE_LINK, dst);	762	conn = hci_conn_add(hdev, LE_LINK, dst, role);
730	if (!conn)	763	if (!conn)
731	return ERR_PTR(-ENOMEM);	764	return ERR_PTR(-ENOMEM);
732		765
733	conn->dst_type = dst_type;	766	conn->dst_type = dst_type;
734	conn->sec_level = BT_SECURITY_LOW;	767	conn->sec_level = BT_SECURITY_LOW;
735	conn->pending_sec_level = sec_level;	768	conn->pending_sec_level = sec_level;
736	conn->auth_type = auth_type;	769	conn->conn_timeout = conn_timeout;
737		770
738	hci_req_init(&req, hdev);	771	hci_req_init(&req, hdev);
739		772
740	if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {	773	/* Disable advertising if we're active. For master role
		774	* connections most controllers will refuse to connect if
		775	* advertising is enabled, and for slave role connections we
		776	* anyway have to disable it in order to start directed
		777	* advertising.
		778	*/
		779	if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
		780	u8 enable = 0x00;
		781	hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
		782	&enable);
		783	}
		784
		785	/* If requested to connect as slave use directed advertising */
		786	if (conn->role == HCI_ROLE_SLAVE) {
		787	/* If we're active scanning most controllers are unable
		788	* to initiate advertising. Simply reject the attempt.
		789	*/
		790	if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
		791	hdev->le_scan_type == LE_SCAN_ACTIVE) {
		792	skb_queue_purge(&req.cmd_q);
		793	hci_conn_del(conn);
		794	return ERR_PTR(-EBUSY);
		795	}
		796
741	hci_req_directed_advertising(&req, conn);	797	hci_req_directed_advertising(&req, conn);
742	goto create_conn;	798	goto create_conn;
743	}	799	}
744		800
745	conn->out = true;
746	conn->link_mode \|= HCI_LM_MASTER;
747
748	params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);	801	params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
749	if (params) {	802	if (params) {
750	conn->le_conn_min_interval = params->conn_min_interval;	803	conn->le_conn_min_interval = params->conn_min_interval;
751	conn->le_conn_max_interval = params->conn_max_interval;	804	conn->le_conn_max_interval = params->conn_max_interval;
		805	conn->le_conn_latency = params->conn_latency;
		806	conn->le_supv_timeout = params->supervision_timeout;
752	} else {	807	} else {
753	conn->le_conn_min_interval = hdev->le_conn_min_interval;	808	conn->le_conn_min_interval = hdev->le_conn_min_interval;
754	conn->le_conn_max_interval = hdev->le_conn_max_interval;	809	conn->le_conn_max_interval = hdev->le_conn_max_interval;
		810	conn->le_conn_latency = hdev->le_conn_latency;
		811	conn->le_supv_timeout = hdev->le_supv_timeout;
755	}	812	}
756		813
757	/* If controller is scanning, we stop it since some controllers are	814	/* If controller is scanning, we stop it since some controllers are
@@ -785,11 +842,11 @@ struct hci_conn hci_connect_acl(struct hci_dev hdev, bdaddr_t *dst,
785	struct hci_conn *acl;	842	struct hci_conn *acl;
786		843
787	if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))	844	if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
788	return ERR_PTR(-ENOTSUPP);	845	return ERR_PTR(-EOPNOTSUPP);
789		846
790	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);	847	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
791	if (!acl) {	848	if (!acl) {
792	acl = hci_conn_add(hdev, ACL_LINK, dst);	849	acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER);
793	if (!acl)	850	if (!acl)
794	return ERR_PTR(-ENOMEM);	851	return ERR_PTR(-ENOMEM);
795	}	852	}
@@ -818,7 +875,7 @@ struct hci_conn hci_connect_sco(struct hci_dev hdev, int type, bdaddr_t *dst,
818		875
819	sco = hci_conn_hash_lookup_ba(hdev, type, dst);	876	sco = hci_conn_hash_lookup_ba(hdev, type, dst);
820	if (!sco) {	877	if (!sco) {
821	sco = hci_conn_add(hdev, type, dst);	878	sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER);
822	if (!sco) {	879	if (!sco) {
823	hci_conn_drop(acl);	880	hci_conn_drop(acl);
824	return ERR_PTR(-ENOMEM);	881	return ERR_PTR(-ENOMEM);
@@ -865,7 +922,8 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
865	return 0;	922	return 0;
866	}	923	}
867		924
868	if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))	925	if (hci_conn_ssp_enabled(conn) &&
		926	!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
869	return 0;	927	return 0;
870		928
871	return 1;	929	return 1;
@@ -881,7 +939,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
881		939
882	if (sec_level > conn->sec_level)	940	if (sec_level > conn->sec_level)
883	conn->pending_sec_level = sec_level;	941	conn->pending_sec_level = sec_level;
884	else if (conn->link_mode & HCI_LM_AUTH)	942	else if (test_bit(HCI_CONN_AUTH, &conn->flags))
885	return 1;	943	return 1;
886		944
887	/* Make sure we preserve an existing MITM requirement*/	945	/* Make sure we preserve an existing MITM requirement*/
@@ -899,7 +957,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
899	/* If we're already encrypted set the REAUTH_PEND flag,	957	/* If we're already encrypted set the REAUTH_PEND flag,
900	* otherwise set the ENCRYPT_PEND.	958	* otherwise set the ENCRYPT_PEND.
901	*/	959	*/
902	if (conn->link_mode & HCI_LM_ENCRYPT)	960	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
903	set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);	961	set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
904	else	962	else
905	set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);	963	set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
@@ -923,7 +981,8 @@ static void hci_conn_encrypt(struct hci_conn *conn)
923	}	981	}
924		982
925	/* Enable security */	983	/* Enable security */
926	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)	984	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
		985	bool initiator)
927	{	986	{
928	BT_DBG("hcon %p", conn);	987	BT_DBG("hcon %p", conn);
929		988
@@ -940,7 +999,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
940	return 1;	999	return 1;
941		1000
942	/* For other security levels we need the link key. */	1001	/* For other security levels we need the link key. */
943	if (!(conn->link_mode & HCI_LM_AUTH))	1002	if (!test_bit(HCI_CONN_AUTH, &conn->flags))
944	goto auth;	1003	goto auth;
945		1004
946	/* An authenticated FIPS approved combination key has sufficient	1005	/* An authenticated FIPS approved combination key has sufficient
@@ -976,11 +1035,14 @@ auth:
976	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))	1035	if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
977	return 0;	1036	return 0;
978		1037
		1038	if (initiator)
		1039	set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
		1040
979	if (!hci_conn_auth(conn, sec_level, auth_type))	1041	if (!hci_conn_auth(conn, sec_level, auth_type))
980	return 0;	1042	return 0;
981		1043
982	encrypt:	1044	encrypt:
983	if (conn->link_mode & HCI_LM_ENCRYPT)	1045	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
984	return 1;	1046	return 1;
985		1047
986	hci_conn_encrypt(conn);	1048	hci_conn_encrypt(conn);
@@ -1027,7 +1089,7 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1027	{	1089	{
1028	BT_DBG("hcon %p", conn);	1090	BT_DBG("hcon %p", conn);
1029		1091
1030	if (!role && conn->link_mode & HCI_LM_MASTER)	1092	if (role == conn->role)
1031	return 1;	1093	return 1;
1032		1094
1033	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {	1095	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
@@ -1048,9 +1110,6 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
1048		1110
1049	BT_DBG("hcon %p mode %d", conn, conn->mode);	1111	BT_DBG("hcon %p mode %d", conn, conn->mode);
1050		1112
1051	if (test_bit(HCI_RAW, &hdev->flags))
1052	return;
1053
1054	if (conn->mode != HCI_CM_SNIFF)	1113	if (conn->mode != HCI_CM_SNIFF)
1055	goto timer;	1114	goto timer;
1056		1115
@@ -1101,6 +1160,28 @@ void hci_conn_check_pending(struct hci_dev *hdev)
1101	hci_dev_unlock(hdev);	1160	hci_dev_unlock(hdev);
1102	}	1161	}
1103		1162
		1163	static u32 get_link_mode(struct hci_conn *conn)
		1164	{
		1165	u32 link_mode = 0;
		1166
		1167	if (conn->role == HCI_ROLE_MASTER)
		1168	link_mode \|= HCI_LM_MASTER;
		1169
		1170	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
		1171	link_mode \|= HCI_LM_ENCRYPT;
		1172
		1173	if (test_bit(HCI_CONN_AUTH, &conn->flags))
		1174	link_mode \|= HCI_LM_AUTH;
		1175
		1176	if (test_bit(HCI_CONN_SECURE, &conn->flags))
		1177	link_mode \|= HCI_LM_SECURE;
		1178
		1179	if (test_bit(HCI_CONN_FIPS, &conn->flags))
		1180	link_mode \|= HCI_LM_FIPS;
		1181
		1182	return link_mode;
		1183	}
		1184
1104	int hci_get_conn_list(void __user *arg)	1185	int hci_get_conn_list(void __user *arg)
1105	{	1186	{
1106	struct hci_conn *c;	1187	struct hci_conn *c;
@@ -1136,7 +1217,7 @@ int hci_get_conn_list(void __user *arg)
1136	(ci + n)->type = c->type;	1217	(ci + n)->type = c->type;
1137	(ci + n)->out = c->out;	1218	(ci + n)->out = c->out;
1138	(ci + n)->state = c->state;	1219	(ci + n)->state = c->state;
1139	(ci + n)->link_mode = c->link_mode;	1220	(ci + n)->link_mode = get_link_mode(c);
1140	if (++n >= req.conn_num)	1221	if (++n >= req.conn_num)
1141	break;	1222	break;
1142	}	1223	}
@@ -1172,7 +1253,7 @@ int hci_get_conn_info(struct hci_dev hdev, void __user arg)
1172	ci.type = conn->type;	1253	ci.type = conn->type;
1173	ci.out = conn->out;	1254	ci.out = conn->out;
1174	ci.state = conn->state;	1255	ci.state = conn->state;
1175	ci.link_mode = conn->link_mode;	1256	ci.link_mode = get_link_mode(conn);
1176	}	1257	}
1177	hci_dev_unlock(hdev);	1258	hci_dev_unlock(hdev);
1178		1259
@@ -1209,7 +1290,7 @@ struct hci_chan hci_chan_create(struct hci_conn conn)
1209		1290
1210	BT_DBG("%s hcon %p", hdev->name, conn);	1291	BT_DBG("%s hcon %p", hdev->name, conn);
1211		1292
1212	chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);	1293	chan = kzalloc(sizeof(*chan), GFP_KERNEL);
1213	if (!chan)	1294	if (!chan)
1214	return NULL;	1295	return NULL;
1215		1296