2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <linux/uaccess.h>
41 #include <asm/unaligned.h>
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
46 static void hci_le_connect(struct hci_conn *conn)
48 struct hci_dev *hdev = conn->hdev;
49 struct hci_cp_le_create_conn cp;
51 conn->state = BT_CONNECT;
53 conn->link_mode |= HCI_LM_MASTER;
54 conn->sec_level = BT_SECURITY_LOW;
56 memset(&cp, 0, sizeof(cp));
57 cp.scan_interval = cpu_to_le16(0x0060);
58 cp.scan_window = cpu_to_le16(0x0030);
59 bacpy(&cp.peer_addr, &conn->dst);
60 cp.peer_addr_type = conn->dst_type;
61 cp.conn_interval_min = cpu_to_le16(0x0028);
62 cp.conn_interval_max = cpu_to_le16(0x0038);
63 cp.supervision_timeout = cpu_to_le16(0x002a);
64 cp.min_ce_len = cpu_to_le16(0x0000);
65 cp.max_ce_len = cpu_to_le16(0x0000);
67 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
70 static void hci_le_connect_cancel(struct hci_conn *conn)
72 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
75 void hci_acl_connect(struct hci_conn *conn)
77 struct hci_dev *hdev = conn->hdev;
78 struct inquiry_entry *ie;
79 struct hci_cp_create_conn cp;
81 BT_DBG("hcon %p", conn);
83 conn->state = BT_CONNECT;
86 conn->link_mode = HCI_LM_MASTER;
90 conn->link_policy = hdev->link_policy;
92 memset(&cp, 0, sizeof(cp));
93 bacpy(&cp.bdaddr, &conn->dst);
94 cp.pscan_rep_mode = 0x02;
96 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
98 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
99 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
100 cp.pscan_mode = ie->data.pscan_mode;
101 cp.clock_offset = ie->data.clock_offset |
105 memcpy(conn->dev_class, ie->data.dev_class, 3);
106 if (ie->data.ssp_mode > 0)
107 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
110 cp.pkt_type = cpu_to_le16(conn->pkt_type);
111 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
112 cp.role_switch = 0x01;
114 cp.role_switch = 0x00;
116 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
119 static void hci_acl_connect_cancel(struct hci_conn *conn)
121 struct hci_cp_create_conn_cancel cp;
125 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
128 bacpy(&cp.bdaddr, &conn->dst);
129 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
132 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134 struct hci_cp_disconnect cp;
138 conn->state = BT_DISCONN;
140 cp.handle = cpu_to_le16(conn->handle);
142 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
145 void hci_add_sco(struct hci_conn *conn, __u16 handle)
147 struct hci_dev *hdev = conn->hdev;
148 struct hci_cp_add_sco cp;
152 conn->state = BT_CONNECT;
157 cp.handle = cpu_to_le16(handle);
158 cp.pkt_type = cpu_to_le16(conn->pkt_type);
160 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
163 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165 struct hci_dev *hdev = conn->hdev;
166 struct hci_cp_setup_sync_conn cp;
170 conn->state = BT_CONNECT;
175 cp.handle = cpu_to_le16(handle);
176 cp.pkt_type = cpu_to_le16(conn->pkt_type);
178 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
179 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
180 cp.max_latency = cpu_to_le16(0xffff);
181 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
182 cp.retrans_effort = 0xff;
184 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
187 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
188 u16 latency, u16 to_multiplier)
190 struct hci_cp_le_conn_update cp;
191 struct hci_dev *hdev = conn->hdev;
193 memset(&cp, 0, sizeof(cp));
195 cp.handle = cpu_to_le16(conn->handle);
196 cp.conn_interval_min = cpu_to_le16(min);
197 cp.conn_interval_max = cpu_to_le16(max);
198 cp.conn_latency = cpu_to_le16(latency);
199 cp.supervision_timeout = cpu_to_le16(to_multiplier);
200 cp.min_ce_len = cpu_to_le16(0x0001);
201 cp.max_ce_len = cpu_to_le16(0x0001);
203 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205 EXPORT_SYMBOL(hci_le_conn_update);
207 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
210 struct hci_dev *hdev = conn->hdev;
211 struct hci_cp_le_start_enc cp;
215 memset(&cp, 0, sizeof(cp));
217 cp.handle = cpu_to_le16(conn->handle);
218 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220 memcpy(cp.rand, rand, sizeof(cp.rand));
222 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224 EXPORT_SYMBOL(hci_le_start_enc);
226 /* Device _must_ be locked */
227 void hci_sco_setup(struct hci_conn *conn, __u8 status)
229 struct hci_conn *sco = conn->link;
237 if (lmp_esco_capable(conn->hdev))
238 hci_setup_sync(sco, conn->handle);
240 hci_add_sco(sco, conn->handle);
242 hci_proto_connect_cfm(sco, status);
247 static void hci_conn_timeout(struct work_struct *work)
249 struct hci_conn *conn = container_of(work, struct hci_conn,
253 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
255 if (atomic_read(&conn->refcnt))
258 switch (conn->state) {
262 if (conn->type == ACL_LINK)
263 hci_acl_connect_cancel(conn);
264 else if (conn->type == LE_LINK)
265 hci_le_connect_cancel(conn);
270 reason = hci_proto_disconn_ind(conn);
271 hci_acl_disconn(conn, reason);
274 conn->state = BT_CLOSED;
279 /* Enter sniff mode */
280 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
282 struct hci_dev *hdev = conn->hdev;
284 BT_DBG("conn %p mode %d", conn, conn->mode);
286 if (test_bit(HCI_RAW, &hdev->flags))
289 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
292 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
295 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
296 struct hci_cp_sniff_subrate cp;
297 cp.handle = cpu_to_le16(conn->handle);
298 cp.max_latency = cpu_to_le16(0);
299 cp.min_remote_timeout = cpu_to_le16(0);
300 cp.min_local_timeout = cpu_to_le16(0);
301 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
304 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
305 struct hci_cp_sniff_mode cp;
306 cp.handle = cpu_to_le16(conn->handle);
307 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
308 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
309 cp.attempt = cpu_to_le16(4);
310 cp.timeout = cpu_to_le16(1);
311 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
315 static void hci_conn_idle(unsigned long arg)
317 struct hci_conn *conn = (void *) arg;
319 BT_DBG("conn %p mode %d", conn, conn->mode);
321 hci_conn_enter_sniff_mode(conn);
324 static void hci_conn_auto_accept(unsigned long arg)
326 struct hci_conn *conn = (void *) arg;
327 struct hci_dev *hdev = conn->hdev;
329 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
333 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
335 struct hci_conn *conn;
337 BT_DBG("%s dst %s", hdev->name, batostr(dst));
339 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
343 bacpy(&conn->dst, dst);
346 conn->mode = HCI_CM_ACTIVE;
347 conn->state = BT_OPEN;
348 conn->auth_type = HCI_AT_GENERAL_BONDING;
349 conn->io_capability = hdev->io_capability;
350 conn->remote_auth = 0xff;
351 conn->key_type = 0xff;
353 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
354 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
358 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
361 if (lmp_esco_capable(hdev))
362 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
363 (hdev->esco_type & EDR_ESCO_MASK);
365 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
368 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
372 skb_queue_head_init(&conn->data_q);
374 INIT_LIST_HEAD(&conn->chan_list);
376 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
377 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
378 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
379 (unsigned long) conn);
381 atomic_set(&conn->refcnt, 0);
385 hci_conn_hash_add(hdev, conn);
387 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
389 atomic_set(&conn->devref, 0);
391 hci_conn_init_sysfs(conn);
396 int hci_conn_del(struct hci_conn *conn)
398 struct hci_dev *hdev = conn->hdev;
400 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
402 del_timer(&conn->idle_timer);
404 cancel_delayed_work_sync(&conn->disc_work);
406 del_timer(&conn->auto_accept_timer);
408 if (conn->type == ACL_LINK) {
409 struct hci_conn *sco = conn->link;
414 hdev->acl_cnt += conn->sent;
415 } else if (conn->type == LE_LINK) {
417 hdev->le_cnt += conn->sent;
419 hdev->acl_cnt += conn->sent;
421 struct hci_conn *acl = conn->link;
428 hci_chan_list_flush(conn);
430 hci_conn_hash_del(hdev, conn);
432 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
434 skb_queue_purge(&conn->data_q);
436 hci_conn_put_device(conn);
440 if (conn->handle == 0)
446 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
448 int use_src = bacmp(src, BDADDR_ANY);
449 struct hci_dev *hdev = NULL, *d;
451 BT_DBG("%s -> %s", batostr(src), batostr(dst));
453 read_lock(&hci_dev_list_lock);
455 list_for_each_entry(d, &hci_dev_list, list) {
456 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
460 * No source address - find interface with bdaddr != dst
461 * Source address - find interface with bdaddr == src
465 if (!bacmp(&d->bdaddr, src)) {
469 if (bacmp(&d->bdaddr, dst)) {
476 hdev = hci_dev_hold(hdev);
478 read_unlock(&hci_dev_list_lock);
481 EXPORT_SYMBOL(hci_get_route);
483 /* Create SCO, ACL or LE connection.
484 * Device _must_ be locked */
485 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
486 __u8 dst_type, __u8 sec_level, __u8 auth_type)
488 struct hci_conn *acl;
489 struct hci_conn *sco;
492 BT_DBG("%s dst %s", hdev->name, batostr(dst));
494 if (type == LE_LINK) {
495 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
497 le = hci_conn_add(hdev, LE_LINK, dst);
499 return ERR_PTR(-ENOMEM);
501 le->dst_type = bdaddr_to_le(dst_type);
505 le->pending_sec_level = sec_level;
506 le->auth_type = auth_type;
513 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
515 acl = hci_conn_add(hdev, ACL_LINK, dst);
517 return ERR_PTR(-ENOMEM);
522 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
523 acl->sec_level = BT_SECURITY_LOW;
524 acl->pending_sec_level = sec_level;
525 acl->auth_type = auth_type;
526 hci_acl_connect(acl);
529 if (type == ACL_LINK)
532 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
534 sco = hci_conn_add(hdev, type, dst);
537 return ERR_PTR(-ENOMEM);
546 if (acl->state == BT_CONNECTED &&
547 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
548 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
549 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
551 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
552 /* defer SCO setup until mode change completed */
553 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
557 hci_sco_setup(acl, 0x00);
562 EXPORT_SYMBOL(hci_connect);
564 /* Check link security requirement */
565 int hci_conn_check_link_mode(struct hci_conn *conn)
567 BT_DBG("conn %p", conn);
569 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
574 EXPORT_SYMBOL(hci_conn_check_link_mode);
576 /* Authenticate remote device */
577 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
579 BT_DBG("conn %p", conn);
581 if (conn->pending_sec_level > sec_level)
582 sec_level = conn->pending_sec_level;
584 if (sec_level > conn->sec_level)
585 conn->pending_sec_level = sec_level;
586 else if (conn->link_mode & HCI_LM_AUTH)
589 /* Make sure we preserve an existing MITM requirement*/
590 auth_type |= (conn->auth_type & 0x01);
592 conn->auth_type = auth_type;
594 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
595 struct hci_cp_auth_requested cp;
597 /* encrypt must be pending if auth is also pending */
598 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
600 cp.handle = cpu_to_le16(conn->handle);
601 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
603 if (conn->key_type != 0xff)
604 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
610 /* Encrypt the the link */
611 static void hci_conn_encrypt(struct hci_conn *conn)
613 BT_DBG("conn %p", conn);
615 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
616 struct hci_cp_set_conn_encrypt cp;
617 cp.handle = cpu_to_le16(conn->handle);
619 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
624 /* Enable security */
625 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
627 BT_DBG("conn %p", conn);
629 /* For sdp we don't need the link key. */
630 if (sec_level == BT_SECURITY_SDP)
633 /* For non 2.1 devices and low security level we don't need the link
635 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
638 /* For other security levels we need the link key. */
639 if (!(conn->link_mode & HCI_LM_AUTH))
642 /* An authenticated combination key has sufficient security for any
644 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
647 /* An unauthenticated combination key has sufficient security for
648 security level 1 and 2. */
649 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
650 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
653 /* A combination key has always sufficient security for the security
654 levels 1 or 2. High security level requires the combination key
655 is generated using maximum PIN code length (16).
656 For pre 2.1 units. */
657 if (conn->key_type == HCI_LK_COMBINATION &&
658 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
662 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
665 if (!hci_conn_auth(conn, sec_level, auth_type))
669 if (conn->link_mode & HCI_LM_ENCRYPT)
672 hci_conn_encrypt(conn);
675 EXPORT_SYMBOL(hci_conn_security);
677 /* Check secure link requirement */
678 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
680 BT_DBG("conn %p", conn);
682 if (sec_level != BT_SECURITY_HIGH)
683 return 1; /* Accept if non-secure is required */
685 if (conn->sec_level == BT_SECURITY_HIGH)
688 return 0; /* Reject not secure link */
690 EXPORT_SYMBOL(hci_conn_check_secure);
692 /* Change link key */
693 int hci_conn_change_link_key(struct hci_conn *conn)
695 BT_DBG("conn %p", conn);
697 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
698 struct hci_cp_change_conn_link_key cp;
699 cp.handle = cpu_to_le16(conn->handle);
700 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
706 EXPORT_SYMBOL(hci_conn_change_link_key);
709 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
711 BT_DBG("conn %p", conn);
713 if (!role && conn->link_mode & HCI_LM_MASTER)
716 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
717 struct hci_cp_switch_role cp;
718 bacpy(&cp.bdaddr, &conn->dst);
720 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
725 EXPORT_SYMBOL(hci_conn_switch_role);
727 /* Enter active mode */
728 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
730 struct hci_dev *hdev = conn->hdev;
732 BT_DBG("conn %p mode %d", conn, conn->mode);
734 if (test_bit(HCI_RAW, &hdev->flags))
737 if (conn->mode != HCI_CM_SNIFF)
740 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
743 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
744 struct hci_cp_exit_sniff_mode cp;
745 cp.handle = cpu_to_le16(conn->handle);
746 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
750 if (hdev->idle_timeout > 0)
751 mod_timer(&conn->idle_timer,
752 jiffies + msecs_to_jiffies(hdev->idle_timeout));
755 /* Drop all connection on the device */
756 void hci_conn_hash_flush(struct hci_dev *hdev)
758 struct hci_conn_hash *h = &hdev->conn_hash;
759 struct hci_conn *c, *n;
761 BT_DBG("hdev %s", hdev->name);
763 list_for_each_entry_safe(c, n, &h->list, list) {
764 c->state = BT_CLOSED;
766 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
771 /* Check pending connect attempts */
772 void hci_conn_check_pending(struct hci_dev *hdev)
774 struct hci_conn *conn;
776 BT_DBG("hdev %s", hdev->name);
780 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
782 hci_acl_connect(conn);
784 hci_dev_unlock(hdev);
787 void hci_conn_hold_device(struct hci_conn *conn)
789 atomic_inc(&conn->devref);
791 EXPORT_SYMBOL(hci_conn_hold_device);
793 void hci_conn_put_device(struct hci_conn *conn)
795 if (atomic_dec_and_test(&conn->devref))
796 hci_conn_del_sysfs(conn);
798 EXPORT_SYMBOL(hci_conn_put_device);
800 int hci_get_conn_list(void __user *arg)
803 struct hci_conn_list_req req, *cl;
804 struct hci_conn_info *ci;
805 struct hci_dev *hdev;
806 int n = 0, size, err;
808 if (copy_from_user(&req, arg, sizeof(req)))
811 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
814 size = sizeof(req) + req.conn_num * sizeof(*ci);
816 cl = kmalloc(size, GFP_KERNEL);
820 hdev = hci_dev_get(req.dev_id);
829 list_for_each_entry(c, &hdev->conn_hash.list, list) {
830 bacpy(&(ci + n)->bdaddr, &c->dst);
831 (ci + n)->handle = c->handle;
832 (ci + n)->type = c->type;
833 (ci + n)->out = c->out;
834 (ci + n)->state = c->state;
835 (ci + n)->link_mode = c->link_mode;
836 if (++n >= req.conn_num)
839 hci_dev_unlock(hdev);
841 cl->dev_id = hdev->id;
843 size = sizeof(req) + n * sizeof(*ci);
847 err = copy_to_user(arg, cl, size);
850 return err ? -EFAULT : 0;
853 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
855 struct hci_conn_info_req req;
856 struct hci_conn_info ci;
857 struct hci_conn *conn;
858 char __user *ptr = arg + sizeof(req);
860 if (copy_from_user(&req, arg, sizeof(req)))
864 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
866 bacpy(&ci.bdaddr, &conn->dst);
867 ci.handle = conn->handle;
868 ci.type = conn->type;
870 ci.state = conn->state;
871 ci.link_mode = conn->link_mode;
873 hci_dev_unlock(hdev);
878 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
881 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
883 struct hci_auth_info_req req;
884 struct hci_conn *conn;
886 if (copy_from_user(&req, arg, sizeof(req)))
890 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
892 req.type = conn->auth_type;
893 hci_dev_unlock(hdev);
898 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
901 struct hci_chan *hci_chan_create(struct hci_conn *conn)
903 struct hci_dev *hdev = conn->hdev;
904 struct hci_chan *chan;
906 BT_DBG("%s conn %p", hdev->name, conn);
908 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
913 skb_queue_head_init(&chan->data_q);
915 list_add_rcu(&chan->list, &conn->chan_list);
920 int hci_chan_del(struct hci_chan *chan)
922 struct hci_conn *conn = chan->conn;
923 struct hci_dev *hdev = conn->hdev;
925 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
927 list_del_rcu(&chan->list);
931 skb_queue_purge(&chan->data_q);
937 void hci_chan_list_flush(struct hci_conn *conn)
939 struct hci_chan *chan, *n;
941 BT_DBG("conn %p", conn);
943 list_for_each_entry_safe(chan, n, &conn->chan_list, list)