[linux-2.6-block.git] / net / bluetooth / hci_conn.c

/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI connection handling. */

#include <linux/module.h>

#include <linux/types.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/interrupt.h>
#include <linux/notifier.h>
#include <net/sock.h>

#include <asm/system.h>
#include <linux/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

void hci_acl_connect(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;
	struct inquiry_entry *ie;
	struct hci_cp_create_conn cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	conn->link_mode = HCI_LM_MASTER;

	conn->attempt++;

	conn->link_policy = hdev->link_policy;

	memset(&cp, 0, sizeof(cp));
	bacpy(&cp.bdaddr, &conn->dst);
	cp.pscan_rep_mode = 0x02;

	ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
	if (ie) {
		if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
			cp.pscan_rep_mode = ie->data.pscan_rep_mode;
			cp.pscan_mode     = ie->data.pscan_mode;
			cp.clock_offset   = ie->data.clock_offset |
							cpu_to_le16(0x8000);
		}

		memcpy(conn->dev_class, ie->data.dev_class, 3);
		conn->ssp_mode = ie->data.ssp_mode;
	}

	cp.pkt_type = cpu_to_le16(conn->pkt_type);
	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
		cp.role_switch = 0x01;
	else
		cp.role_switch = 0x00;

	hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
}

static void hci_acl_connect_cancel(struct hci_conn *conn)
{
	struct hci_cp_create_conn_cancel cp;

	BT_DBG("%p", conn);

	if (conn->hdev->hci_ver < 2)
		return;

	bacpy(&cp.bdaddr, &conn->dst);
	hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
}

void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
{
	struct hci_cp_disconnect cp;

	BT_DBG("%p", conn);

	conn->state = BT_DISCONN;

	cp.handle = cpu_to_le16(conn->handle);
	cp.reason = reason;
	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
}

void hci_add_sco(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_add_sco cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	conn->attempt++;

	cp.handle   = cpu_to_le16(handle);
	cp.pkt_type = cpu_to_le16(conn->pkt_type);

	hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
}

void hci_setup_sync(struct hci_conn *conn, __u16 handle)
{
	struct hci_dev *hdev = conn->hdev;
	struct hci_cp_setup_sync_conn cp;

	BT_DBG("%p", conn);

	conn->state = BT_CONNECT;
	conn->out = 1;

	conn->attempt++;

	cp.handle   = cpu_to_le16(handle);
	cp.pkt_type = cpu_to_le16(conn->pkt_type);

	cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
	cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
	cp.max_latency    = cpu_to_le16(0xffff);
	cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
	cp.retrans_effort = 0xff;

	hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
}

/* Device _must_ be locked */
void hci_sco_setup(struct hci_conn *conn, __u8 status)
{
	struct hci_conn *sco = conn->link;

	BT_DBG("%p", conn);

	if (!sco)
		return;

	if (!status) {
		if (lmp_esco_capable(conn->hdev))
			hci_setup_sync(sco, conn->handle);
		else
			hci_add_sco(sco, conn->handle);
	} else {
		hci_proto_connect_cfm(sco, status);
		hci_conn_del(sco);
	}
}

static void hci_conn_timeout(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;
	struct hci_dev *hdev = conn->hdev;
	__u8 reason;

	BT_DBG("conn %p state %d", conn, conn->state);

	if (atomic_read(&conn->refcnt))
		return;

	hci_dev_lock(hdev);

	switch (conn->state) {
	case BT_CONNECT:
	case BT_CONNECT2:
		if (conn->type == ACL_LINK && conn->out)
			hci_acl_connect_cancel(conn);
		break;
	case BT_CONFIG:
	case BT_CONNECTED:
		reason = hci_proto_disconn_ind(conn);
		hci_acl_disconn(conn, reason);
		break;
	default:
		conn->state = BT_CLOSED;
		break;
	}

	hci_dev_unlock(hdev);
}

static void hci_conn_idle(unsigned long arg)
{
	struct hci_conn *conn = (void *) arg;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	hci_conn_enter_sniff_mode(conn);
}

struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
{
	struct hci_conn *conn;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
	if (!conn)
		return NULL;

	bacpy(&conn->dst, dst);
	conn->hdev  = hdev;
	conn->type  = type;
	conn->mode  = HCI_CM_ACTIVE;
	conn->state = BT_OPEN;
	conn->auth_type = HCI_AT_GENERAL_BONDING;

	conn->power_save = 1;
	conn->disc_timeout = HCI_DISCONN_TIMEOUT;

	switch (type) {
	case ACL_LINK:
		conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
		break;
	case SCO_LINK:
		if (lmp_esco_capable(hdev))
			conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
					(hdev->esco_type & EDR_ESCO_MASK);
		else
			conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
		break;
	case ESCO_LINK:
		conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
		break;
	}

	skb_queue_head_init(&conn->data_q);

	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);

	atomic_set(&conn->refcnt, 0);

	hci_dev_hold(hdev);

	tasklet_disable(&hdev->tx_task);

	hci_conn_hash_add(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);

	atomic_set(&conn->devref, 0);

	hci_conn_init_sysfs(conn);

	tasklet_enable(&hdev->tx_task);

	return conn;
}

int hci_conn_del(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);

	del_timer(&conn->idle_timer);

	del_timer(&conn->disc_timer);

	if (conn->type == ACL_LINK) {
		struct hci_conn *sco = conn->link;
		if (sco)
			sco->link = NULL;

		/* Unacked frames */
		hdev->acl_cnt += conn->sent;
	} else {
		struct hci_conn *acl = conn->link;
		if (acl) {
			acl->link = NULL;
			hci_conn_put(acl);
		}
	}

	tasklet_disable(&hdev->tx_task);

	hci_conn_hash_del(hdev, conn);
	if (hdev->notify)
		hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);

	tasklet_enable(&hdev->tx_task);

	skb_queue_purge(&conn->data_q);

	hci_conn_put_device(conn);

	hci_dev_put(hdev);

	return 0;
}

struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
{
	int use_src = bacmp(src, BDADDR_ANY);
	struct hci_dev *hdev = NULL;
	struct list_head *p;

	BT_DBG("%s -> %s", batostr(src), batostr(dst));

	read_lock_bh(&hci_dev_list_lock);

	list_for_each(p, &hci_dev_list) {
		struct hci_dev *d = list_entry(p, struct hci_dev, list);

		if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
			continue;

		/* Simple routing:
		 *   No source address - find interface with bdaddr != dst
		 *   Source address    - find interface with bdaddr == src
		 */

		if (use_src) {
			if (!bacmp(&d->bdaddr, src)) {
				hdev = d; break;
			}
		} else {
			if (bacmp(&d->bdaddr, dst)) {
				hdev = d; break;
			}
		}
	}

	if (hdev)
		hdev = hci_dev_hold(hdev);

	read_unlock_bh(&hci_dev_list_lock);
	return hdev;
}
EXPORT_SYMBOL(hci_get_route);

/* Create SCO or ACL connection.
 * Device _must_ be locked */
struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
{
	struct hci_conn *acl;
	struct hci_conn *sco;

	BT_DBG("%s dst %s", hdev->name, batostr(dst));

	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
	if (!acl) {
		acl = hci_conn_add(hdev, ACL_LINK, dst);
		if (!acl)
			return NULL;
	}

	hci_conn_hold(acl);

	if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
		acl->sec_level = sec_level;
		acl->auth_type = auth_type;
		hci_acl_connect(acl);
	}

	if (type == ACL_LINK)
		return acl;

	sco = hci_conn_hash_lookup_ba(hdev, type, dst);
	if (!sco) {
		sco = hci_conn_add(hdev, type, dst);
		if (!sco) {
			hci_conn_put(acl);
			return NULL;
		}
	}

	acl->link = sco;
	sco->link = acl;

	hci_conn_hold(sco);

	if (acl->state == BT_CONNECTED &&
			(sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
		acl->power_save = 1;
		hci_conn_enter_active_mode(acl);

		if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
			/* defer SCO setup until mode change completed */
			set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
			return sco;
		}

		hci_sco_setup(acl, 0x00);
	}

	return sco;
}
EXPORT_SYMBOL(hci_connect);

/* Check link security requirement */
int hci_conn_check_link_mode(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
					!(conn->link_mode & HCI_LM_ENCRYPT))
		return 0;

	return 1;
}
EXPORT_SYMBOL(hci_conn_check_link_mode);

/* Authenticate remote device */
static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
{
	BT_DBG("conn %p", conn);

	if (sec_level > conn->sec_level)
		conn->sec_level = sec_level;
	else if (conn->link_mode & HCI_LM_AUTH)
		return 1;

	/* Make sure we preserve an existing MITM requirement*/
	auth_type |= (conn->auth_type & 0x01);

	conn->auth_type = auth_type;

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_auth_requested cp;
		cp.handle = cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
							sizeof(cp), &cp);
	}

	return 0;
}

/* Enable security */
int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
{
	BT_DBG("conn %p", conn);

	if (sec_level == BT_SECURITY_SDP)
		return 1;

	if (sec_level == BT_SECURITY_LOW &&
				(!conn->ssp_mode || !conn->hdev->ssp_mode))
		return 1;

	if (conn->link_mode & HCI_LM_ENCRYPT)
		return hci_conn_auth(conn, sec_level, auth_type);

	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
		return 0;

	if (hci_conn_auth(conn, sec_level, auth_type)) {
		struct hci_cp_set_conn_encrypt cp;
		cp.handle  = cpu_to_le16(conn->handle);
		cp.encrypt = 1;
		hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
							sizeof(cp), &cp);
	}

	return 0;
}
EXPORT_SYMBOL(hci_conn_security);

/* Change link key */
int hci_conn_change_link_key(struct hci_conn *conn)
{
	BT_DBG("conn %p", conn);

	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
		struct hci_cp_change_conn_link_key cp;
		cp.handle = cpu_to_le16(conn->handle);
		hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
							sizeof(cp), &cp);
	}

	return 0;
}
EXPORT_SYMBOL(hci_conn_change_link_key);

/* Switch role */
int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
{
	BT_DBG("conn %p", conn);

	if (!role && conn->link_mode & HCI_LM_MASTER)
		return 1;

	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
		struct hci_cp_switch_role cp;
		bacpy(&cp.bdaddr, &conn->dst);
		cp.role = role;
		hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
	}

	return 0;
}
EXPORT_SYMBOL(hci_conn_switch_role);

/* Enter active mode */
void hci_conn_enter_active_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
		goto timer;

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_exit_sniff_mode cp;
		cp.handle = cpu_to_le16(conn->handle);
		hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
	}

timer:
	if (hdev->idle_timeout > 0)
		mod_timer(&conn->idle_timer,
			jiffies + msecs_to_jiffies(hdev->idle_timeout));
}

/* Enter sniff mode */
void hci_conn_enter_sniff_mode(struct hci_conn *conn)
{
	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p mode %d", conn, conn->mode);

	if (test_bit(HCI_RAW, &hdev->flags))
		return;

	if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
		return;

	if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
		return;

	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
		struct hci_cp_sniff_subrate cp;
		cp.handle             = cpu_to_le16(conn->handle);
		cp.max_latency        = cpu_to_le16(0);
		cp.min_remote_timeout = cpu_to_le16(0);
		cp.min_local_timeout  = cpu_to_le16(0);
		hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
	}

	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
		struct hci_cp_sniff_mode cp;
		cp.handle       = cpu_to_le16(conn->handle);
		cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
		cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
		cp.attempt      = cpu_to_le16(4);
		cp.timeout      = cpu_to_le16(1);
		hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
	}
}

/* Drop all connection on the device */
void hci_conn_hash_flush(struct hci_dev *hdev)
{
	struct hci_conn_hash *h = &hdev->conn_hash;
	struct list_head *p;

	BT_DBG("hdev %s", hdev->name);

	p = h->list.next;
	while (p != &h->list) {
		struct hci_conn *c;

		c = list_entry(p, struct hci_conn, list);
		p = p->next;

		c->state = BT_CLOSED;

		hci_proto_disconn_cfm(c, 0x16);
		hci_conn_del(c);
	}
}

/* Check pending connect attempts */
void hci_conn_check_pending(struct hci_dev *hdev)
{
	struct hci_conn *conn;

	BT_DBG("hdev %s", hdev->name);

	hci_dev_lock(hdev);

	conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
	if (conn)
		hci_acl_connect(conn);

	hci_dev_unlock(hdev);
}

void hci_conn_hold_device(struct hci_conn *conn)
{
	atomic_inc(&conn->devref);
}
EXPORT_SYMBOL(hci_conn_hold_device);

void hci_conn_put_device(struct hci_conn *conn)
{
	if (atomic_dec_and_test(&conn->devref))
		hci_conn_del_sysfs(conn);
}
EXPORT_SYMBOL(hci_conn_put_device);

int hci_get_conn_list(void __user *arg)
{
	struct hci_conn_list_req req, *cl;
	struct hci_conn_info *ci;
	struct hci_dev *hdev;
	struct list_head *p;
	int n = 0, size, err;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
		return -EINVAL;

	size = sizeof(req) + req.conn_num * sizeof(*ci);

	cl = kmalloc(size, GFP_KERNEL);
	if (!cl)
		return -ENOMEM;

	hdev = hci_dev_get(req.dev_id);
	if (!hdev) {
		kfree(cl);
		return -ENODEV;
	}

	ci = cl->conn_info;

	hci_dev_lock_bh(hdev);
	list_for_each(p, &hdev->conn_hash.list) {
		register struct hci_conn *c;
		c = list_entry(p, struct hci_conn, list);

		bacpy(&(ci + n)->bdaddr, &c->dst);
		(ci + n)->handle = c->handle;
		(ci + n)->type  = c->type;
		(ci + n)->out   = c->out;
		(ci + n)->state = c->state;
		(ci + n)->link_mode = c->link_mode;
		if (++n >= req.conn_num)
			break;
	}
	hci_dev_unlock_bh(hdev);

	cl->dev_id = hdev->id;
	cl->conn_num = n;
	size = sizeof(req) + n * sizeof(*ci);

	hci_dev_put(hdev);

	err = copy_to_user(arg, cl, size);
	kfree(cl);

	return err ? -EFAULT : 0;
}

int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_conn_info_req req;
	struct hci_conn_info ci;
	struct hci_conn *conn;
	char __user *ptr = arg + sizeof(req);

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	hci_dev_lock_bh(hdev);
	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	if (conn) {
		bacpy(&ci.bdaddr, &conn->dst);
		ci.handle = conn->handle;
		ci.type  = conn->type;
		ci.out   = conn->out;
		ci.state = conn->state;
		ci.link_mode = conn->link_mode;
	}
	hci_dev_unlock_bh(hdev);

	if (!conn)
		return -ENOENT;

	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
}

int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
{
	struct hci_auth_info_req req;
	struct hci_conn *conn;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	hci_dev_lock_bh(hdev);
	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
	if (conn)
		req.type = conn->auth_type;
	hci_dev_unlock_bh(hdev);

	if (!conn)
		return -ENOENT;

	return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
}
Commit	Line	Data
8e87d142	1	/*
1da177e4	2	BlueZ - Bluetooth protocol stack for Linux
2d0a0346	3	Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4 LT	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142 YH	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4 LT	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1da177e4 LT	19
8e87d142 YH	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
8e87d142 YH	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4 LT	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI connection handling. */
	26
1da177e4 LT	27	#include <linux/module.h>
	28
	29	#include <linux/types.h>
	30	#include <linux/errno.h>
	31	#include <linux/kernel.h>
1da177e4 LT	32	#include <linux/slab.h>
	33	#include <linux/poll.h>
	34	#include <linux/fcntl.h>
	35	#include <linux/init.h>
	36	#include <linux/skbuff.h>
	37	#include <linux/interrupt.h>
	38	#include <linux/notifier.h>
	39	#include <net/sock.h>
	40
	41	#include <asm/system.h>
70f23020	42	#include <linux/uaccess.h>
1da177e4 LT	43	#include <asm/unaligned.h>
	44
	45	#include <net/bluetooth/bluetooth.h>
	46	#include <net/bluetooth/hci_core.h>
	47
4c67bc74	48	void hci_acl_connect(struct hci_conn *conn)
1da177e4 LT	49	{
	50	struct hci_dev *hdev = conn->hdev;
	51	struct inquiry_entry *ie;
	52	struct hci_cp_create_conn cp;
	53
	54	BT_DBG("%p", conn);
	55
	56	conn->state = BT_CONNECT;
a8746417 MH	57	conn->out = 1;
a8746417 MH	58
1da177e4 LT	59	conn->link_mode = HCI_LM_MASTER;
1da177e4 LT	60
4c67bc74 MH	61	conn->attempt++;
4c67bc74 MH	62
e4e8e37c MH	63	conn->link_policy = hdev->link_policy;
e4e8e37c MH	64
1da177e4 LT	65	memset(&cp, 0, sizeof(cp));
	66	bacpy(&cp.bdaddr, &conn->dst);
	67	cp.pscan_rep_mode = 0x02;
	68
70f23020 AE	69	ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
70f23020 AE	70	if (ie) {
41a96212 MH	71	if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
	72	cp.pscan_rep_mode = ie->data.pscan_rep_mode;
	73	cp.pscan_mode = ie->data.pscan_mode;
	74	cp.clock_offset = ie->data.clock_offset \|
	75	cpu_to_le16(0x8000);
	76	}
	77
1da177e4	78	memcpy(conn->dev_class, ie->data.dev_class, 3);
41a96212	79	conn->ssp_mode = ie->data.ssp_mode;
1da177e4 LT	80	}
1da177e4 LT	81
a8746417	82	cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4	83	if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
b6a0dc82	84	cp.role_switch = 0x01;
1da177e4	85	else
b6a0dc82	86	cp.role_switch = 0x00;
4c67bc74	87
a9de9248	88	hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
1da177e4 LT	89	}
1da177e4 LT	90
6ac59344 MH	91	static void hci_acl_connect_cancel(struct hci_conn *conn)
	92	{
	93	struct hci_cp_create_conn_cancel cp;
	94
	95	BT_DBG("%p", conn);
	96
	97	if (conn->hdev->hci_ver < 2)
	98	return;
	99
	100	bacpy(&cp.bdaddr, &conn->dst);
a9de9248	101	hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
6ac59344 MH	102	}
6ac59344 MH	103
1da177e4 LT	104	void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
	105	{
	106	struct hci_cp_disconnect cp;
	107
	108	BT_DBG("%p", conn);
	109
	110	conn->state = BT_DISCONN;
	111
aca3192c	112	cp.handle = cpu_to_le16(conn->handle);
1da177e4	113	cp.reason = reason;
a9de9248	114	hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
1da177e4 LT	115	}
	116
	117	void hci_add_sco(struct hci_conn *conn, __u16 handle)
	118	{
	119	struct hci_dev *hdev = conn->hdev;
	120	struct hci_cp_add_sco cp;
	121
	122	BT_DBG("%p", conn);
	123
	124	conn->state = BT_CONNECT;
	125	conn->out = 1;
	126
efc7688b MH	127	conn->attempt++;
efc7688b MH	128
aca3192c	129	cp.handle = cpu_to_le16(handle);
a8746417	130	cp.pkt_type = cpu_to_le16(conn->pkt_type);
1da177e4	131
a9de9248	132	hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
1da177e4 LT	133	}
1da177e4 LT	134
b6a0dc82 MH	135	void hci_setup_sync(struct hci_conn *conn, __u16 handle)
	136	{
	137	struct hci_dev *hdev = conn->hdev;
	138	struct hci_cp_setup_sync_conn cp;
	139
	140	BT_DBG("%p", conn);
	141
	142	conn->state = BT_CONNECT;
	143	conn->out = 1;
	144
efc7688b MH	145	conn->attempt++;
efc7688b MH	146
b6a0dc82	147	cp.handle = cpu_to_le16(handle);
a8746417	148	cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 MH	149
	150	cp.tx_bandwidth = cpu_to_le32(0x00001f40);
	151	cp.rx_bandwidth = cpu_to_le32(0x00001f40);
	152	cp.max_latency = cpu_to_le16(0xffff);
	153	cp.voice_setting = cpu_to_le16(hdev->voice_setting);
	154	cp.retrans_effort = 0xff;
	155
	156	hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
	157	}
	158
e73439d8 MH	159	/* Device _must_ be locked */
	160	void hci_sco_setup(struct hci_conn *conn, __u8 status)
	161	{
	162	struct hci_conn *sco = conn->link;
	163
	164	BT_DBG("%p", conn);
	165
	166	if (!sco)
	167	return;
	168
	169	if (!status) {
	170	if (lmp_esco_capable(conn->hdev))
	171	hci_setup_sync(sco, conn->handle);
	172	else
	173	hci_add_sco(sco, conn->handle);
	174	} else {
	175	hci_proto_connect_cfm(sco, status);
	176	hci_conn_del(sco);
	177	}
	178	}
	179
1da177e4 LT	180	static void hci_conn_timeout(unsigned long arg)
1da177e4 LT	181	{
04837f64 MH	182	struct hci_conn conn = (void ) arg;
04837f64 MH	183	struct hci_dev *hdev = conn->hdev;
2950f21a	184	__u8 reason;
1da177e4 LT	185
	186	BT_DBG("conn %p state %d", conn, conn->state);
	187
	188	if (atomic_read(&conn->refcnt))
	189	return;
	190
	191	hci_dev_lock(hdev);
6ac59344 MH	192
	193	switch (conn->state) {
	194	case BT_CONNECT:
769be974	195	case BT_CONNECT2:
1b0336bb	196	if (conn->type == ACL_LINK && conn->out)
b6a0dc82	197	hci_acl_connect_cancel(conn);
6ac59344	198	break;
769be974	199	case BT_CONFIG:
8e87d142	200	case BT_CONNECTED:
2950f21a MH	201	reason = hci_proto_disconn_ind(conn);
2950f21a MH	202	hci_acl_disconn(conn, reason);
6ac59344 MH	203	break;
6ac59344 MH	204	default:
1da177e4	205	conn->state = BT_CLOSED;
6ac59344 MH	206	break;
	207	}
	208
1da177e4	209	hci_dev_unlock(hdev);
1da177e4 LT	210	}
1da177e4 LT	211
04837f64	212	static void hci_conn_idle(unsigned long arg)
1da177e4	213	{
04837f64 MH	214	struct hci_conn conn = (void ) arg;
	215
	216	BT_DBG("conn %p mode %d", conn, conn->mode);
	217
	218	hci_conn_enter_sniff_mode(conn);
1da177e4 LT	219	}
	220
	221	struct hci_conn hci_conn_add(struct hci_dev hdev, int type, bdaddr_t *dst)
	222	{
	223	struct hci_conn *conn;
	224
	225	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	226
04837f64 MH	227	conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
04837f64 MH	228	if (!conn)
1da177e4	229	return NULL;
1da177e4 LT	230
1da177e4 LT	231	bacpy(&conn->dst, dst);
a8746417 MH	232	conn->hdev = hdev;
	233	conn->type = type;
	234	conn->mode = HCI_CM_ACTIVE;
	235	conn->state = BT_OPEN;
93f19c9f	236	conn->auth_type = HCI_AT_GENERAL_BONDING;
1da177e4	237
04837f64	238	conn->power_save = 1;
052b30b0	239	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
04837f64	240
a8746417 MH	241	switch (type) {
	242	case ACL_LINK:
	243	conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
	244	break;
	245	case SCO_LINK:
	246	if (lmp_esco_capable(hdev))
efc7688b MH	247	conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) \|
efc7688b MH	248	(hdev->esco_type & EDR_ESCO_MASK);
a8746417 MH	249	else
	250	conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
	251	break;
	252	case ESCO_LINK:
efc7688b	253	conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
a8746417 MH	254	break;
	255	}
	256
1da177e4	257	skb_queue_head_init(&conn->data_q);
04837f64	258
b24b8a24 PE	259	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
b24b8a24 PE	260	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
1da177e4 LT	261
	262	atomic_set(&conn->refcnt, 0);
	263
	264	hci_dev_hold(hdev);
	265
	266	tasklet_disable(&hdev->tx_task);
	267
	268	hci_conn_hash_add(hdev, conn);
	269	if (hdev->notify)
	270	hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
	271
9eba32b8 MH	272	atomic_set(&conn->devref, 0);
9eba32b8 MH	273
a67e899c MH	274	hci_conn_init_sysfs(conn);
a67e899c MH	275
1da177e4 LT	276	tasklet_enable(&hdev->tx_task);
	277
	278	return conn;
	279	}
	280
	281	int hci_conn_del(struct hci_conn *conn)
	282	{
	283	struct hci_dev *hdev = conn->hdev;
	284
	285	BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
	286
04837f64 MH	287	del_timer(&conn->idle_timer);
	288
	289	del_timer(&conn->disc_timer);
1da177e4	290
5b7f9909	291	if (conn->type == ACL_LINK) {
1da177e4 LT	292	struct hci_conn *sco = conn->link;
	293	if (sco)
	294	sco->link = NULL;
	295
	296	/* Unacked frames */
	297	hdev->acl_cnt += conn->sent;
5b7f9909 MH	298	} else {
	299	struct hci_conn *acl = conn->link;
	300	if (acl) {
	301	acl->link = NULL;
	302	hci_conn_put(acl);
	303	}
1da177e4 LT	304	}
	305
	306	tasklet_disable(&hdev->tx_task);
7d0db0a3	307
1da177e4 LT	308	hci_conn_hash_del(hdev, conn);
	309	if (hdev->notify)
	310	hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
7d0db0a3	311
1da177e4	312	tasklet_enable(&hdev->tx_task);
7d0db0a3	313
1da177e4	314	skb_queue_purge(&conn->data_q);
1da177e4	315
9eba32b8	316	hci_conn_put_device(conn);
2ae9a6be	317
384943ec MH	318	hci_dev_put(hdev);
384943ec MH	319
1da177e4 LT	320	return 0;
	321	}
	322
	323	struct hci_dev hci_get_route(bdaddr_t dst, bdaddr_t *src)
	324	{
	325	int use_src = bacmp(src, BDADDR_ANY);
	326	struct hci_dev *hdev = NULL;
	327	struct list_head *p;
	328
	329	BT_DBG("%s -> %s", batostr(src), batostr(dst));
	330
	331	read_lock_bh(&hci_dev_list_lock);
	332
	333	list_for_each(p, &hci_dev_list) {
	334	struct hci_dev *d = list_entry(p, struct hci_dev, list);
	335
	336	if (!test_bit(HCI_UP, &d->flags) \|\| test_bit(HCI_RAW, &d->flags))
	337	continue;
	338
8e87d142	339	/* Simple routing:
1da177e4 LT	340	* No source address - find interface with bdaddr != dst
	341	* Source address - find interface with bdaddr == src
	342	*/
	343
	344	if (use_src) {
	345	if (!bacmp(&d->bdaddr, src)) {
	346	hdev = d; break;
	347	}
	348	} else {
	349	if (bacmp(&d->bdaddr, dst)) {
	350	hdev = d; break;
	351	}
	352	}
	353	}
	354
	355	if (hdev)
	356	hdev = hci_dev_hold(hdev);
	357
	358	read_unlock_bh(&hci_dev_list_lock);
	359	return hdev;
	360	}
	361	EXPORT_SYMBOL(hci_get_route);
	362
	363	/* Create SCO or ACL connection.
	364	* Device _must_ be locked */
8c1b2355	365	struct hci_conn hci_connect(struct hci_dev hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
1da177e4 LT	366	{
1da177e4 LT	367	struct hci_conn *acl;
5b7f9909	368	struct hci_conn *sco;
1da177e4 LT	369
	370	BT_DBG("%s dst %s", hdev->name, batostr(dst));
	371
70f23020 AE	372	acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
	373	if (!acl) {
	374	acl = hci_conn_add(hdev, ACL_LINK, dst);
	375	if (!acl)
1da177e4 LT	376	return NULL;
	377	}
	378
	379	hci_conn_hold(acl);
	380
09ab6f4c	381	if (acl->state == BT_OPEN \|\| acl->state == BT_CLOSED) {
8c1b2355	382	acl->sec_level = sec_level;
09ab6f4c	383	acl->auth_type = auth_type;
1da177e4	384	hci_acl_connect(acl);
09ab6f4c	385	}
1da177e4	386
5b7f9909 MH	387	if (type == ACL_LINK)
5b7f9909 MH	388	return acl;
1da177e4	389
70f23020 AE	390	sco = hci_conn_hash_lookup_ba(hdev, type, dst);
	391	if (!sco) {
	392	sco = hci_conn_add(hdev, type, dst);
	393	if (!sco) {
5b7f9909 MH	394	hci_conn_put(acl);
5b7f9909 MH	395	return NULL;
1da177e4	396	}
5b7f9909	397	}
1da177e4	398
5b7f9909 MH	399	acl->link = sco;
5b7f9909 MH	400	sco->link = acl;
1da177e4	401
5b7f9909	402	hci_conn_hold(sco);
1da177e4	403
5b7f9909	404	if (acl->state == BT_CONNECTED &&
b6a0dc82	405	(sco->state == BT_OPEN \|\| sco->state == BT_CLOSED)) {
c390216b NP	406	acl->power_save = 1;
	407	hci_conn_enter_active_mode(acl);
	408
e73439d8 MH	409	if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
	410	/* defer SCO setup until mode change completed */
	411	set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
	412	return sco;
	413	}
	414
	415	hci_sco_setup(acl, 0x00);
b6a0dc82	416	}
5b7f9909 MH	417
5b7f9909 MH	418	return sco;
1da177e4 LT	419	}
	420	EXPORT_SYMBOL(hci_connect);
	421
e7c29cb1 MH	422	/* Check link security requirement */
	423	int hci_conn_check_link_mode(struct hci_conn *conn)
	424	{
	425	BT_DBG("conn %p", conn);
	426
	427	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
	428	!(conn->link_mode & HCI_LM_ENCRYPT))
	429	return 0;
	430
	431	return 1;
	432	}
	433	EXPORT_SYMBOL(hci_conn_check_link_mode);
	434
1da177e4	435	/* Authenticate remote device */
0684e5f9	436	static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 LT	437	{
	438	BT_DBG("conn %p", conn);
	439
96a31833	440	if (sec_level > conn->sec_level)
0684e5f9	441	conn->sec_level = sec_level;
96a31833	442	else if (conn->link_mode & HCI_LM_AUTH)
1da177e4 LT	443	return 1;
1da177e4 LT	444
65cf686e JH	445	/* Make sure we preserve an existing MITM requirement*/
	446	auth_type \|= (conn->auth_type & 0x01);
	447
96a31833 MH	448	conn->auth_type = auth_type;
96a31833 MH	449
1da177e4 LT	450	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1da177e4 LT	451	struct hci_cp_auth_requested cp;
aca3192c	452	cp.handle = cpu_to_le16(conn->handle);
40be492f MH	453	hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
40be492f MH	454	sizeof(cp), &cp);
1da177e4	455	}
8c1b2355	456
1da177e4 LT	457	return 0;
1da177e4 LT	458	}
1da177e4	459
8c1b2355	460	/* Enable security */
0684e5f9	461	int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
1da177e4 LT	462	{
	463	BT_DBG("conn %p", conn);
	464
8c1b2355 MH	465	if (sec_level == BT_SECURITY_SDP)
	466	return 1;
	467
3fdca1e1 MH	468	if (sec_level == BT_SECURITY_LOW &&
	469	(!conn->ssp_mode \|\| !conn->hdev->ssp_mode))
	470	return 1;
8c1b2355	471
1da177e4	472	if (conn->link_mode & HCI_LM_ENCRYPT)
0684e5f9	473	return hci_conn_auth(conn, sec_level, auth_type);
1da177e4 LT	474
	475	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
	476	return 0;
	477
0684e5f9	478	if (hci_conn_auth(conn, sec_level, auth_type)) {
1da177e4	479	struct hci_cp_set_conn_encrypt cp;
aca3192c	480	cp.handle = cpu_to_le16(conn->handle);
8e87d142	481	cp.encrypt = 1;
40be492f MH	482	hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
40be492f MH	483	sizeof(cp), &cp);
1da177e4	484	}
8c1b2355	485
1da177e4 LT	486	return 0;
1da177e4 LT	487	}
8c1b2355	488	EXPORT_SYMBOL(hci_conn_security);
1da177e4 LT	489
	490	/* Change link key */
	491	int hci_conn_change_link_key(struct hci_conn *conn)
	492	{
	493	BT_DBG("conn %p", conn);
	494
	495	if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
	496	struct hci_cp_change_conn_link_key cp;
aca3192c	497	cp.handle = cpu_to_le16(conn->handle);
40be492f MH	498	hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
40be492f MH	499	sizeof(cp), &cp);
1da177e4	500	}
8c1b2355	501
1da177e4 LT	502	return 0;
	503	}
	504	EXPORT_SYMBOL(hci_conn_change_link_key);
	505
	506	/* Switch role */
8c1b2355	507	int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
1da177e4 LT	508	{
	509	BT_DBG("conn %p", conn);
	510
	511	if (!role && conn->link_mode & HCI_LM_MASTER)
	512	return 1;
	513
	514	if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
	515	struct hci_cp_switch_role cp;
	516	bacpy(&cp.bdaddr, &conn->dst);
	517	cp.role = role;
a9de9248	518	hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
1da177e4	519	}
8c1b2355	520
1da177e4 LT	521	return 0;
	522	}
	523	EXPORT_SYMBOL(hci_conn_switch_role);
	524
04837f64 MH	525	/* Enter active mode */
	526	void hci_conn_enter_active_mode(struct hci_conn *conn)
	527	{
	528	struct hci_dev *hdev = conn->hdev;
	529
	530	BT_DBG("conn %p mode %d", conn, conn->mode);
	531
	532	if (test_bit(HCI_RAW, &hdev->flags))
	533	return;
	534
	535	if (conn->mode != HCI_CM_SNIFF \|\| !conn->power_save)
	536	goto timer;
	537
	538	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	539	struct hci_cp_exit_sniff_mode cp;
aca3192c	540	cp.handle = cpu_to_le16(conn->handle);
a9de9248	541	hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
04837f64 MH	542	}
	543
	544	timer:
	545	if (hdev->idle_timeout > 0)
	546	mod_timer(&conn->idle_timer,
	547	jiffies + msecs_to_jiffies(hdev->idle_timeout));
	548	}
	549
	550	/* Enter sniff mode */
	551	void hci_conn_enter_sniff_mode(struct hci_conn *conn)
	552	{
	553	struct hci_dev *hdev = conn->hdev;
	554
	555	BT_DBG("conn %p mode %d", conn, conn->mode);
	556
	557	if (test_bit(HCI_RAW, &hdev->flags))
	558	return;
	559
	560	if (!lmp_sniff_capable(hdev) \|\| !lmp_sniff_capable(conn))
	561	return;
	562
	563	if (conn->mode != HCI_CM_ACTIVE \|\| !(conn->link_policy & HCI_LP_SNIFF))
	564	return;
	565
	566	if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
	567	struct hci_cp_sniff_subrate cp;
aca3192c YH	568	cp.handle = cpu_to_le16(conn->handle);
	569	cp.max_latency = cpu_to_le16(0);
	570	cp.min_remote_timeout = cpu_to_le16(0);
	571	cp.min_local_timeout = cpu_to_le16(0);
a9de9248	572	hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
04837f64 MH	573	}
	574
	575	if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
	576	struct hci_cp_sniff_mode cp;
aca3192c YH	577	cp.handle = cpu_to_le16(conn->handle);
	578	cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
	579	cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
	580	cp.attempt = cpu_to_le16(4);
	581	cp.timeout = cpu_to_le16(1);
a9de9248	582	hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
04837f64 MH	583	}
	584	}
	585
1da177e4 LT	586	/* Drop all connection on the device */
	587	void hci_conn_hash_flush(struct hci_dev *hdev)
	588	{
	589	struct hci_conn_hash *h = &hdev->conn_hash;
	590	struct list_head *p;
	591
	592	BT_DBG("hdev %s", hdev->name);
	593
	594	p = h->list.next;
	595	while (p != &h->list) {
	596	struct hci_conn *c;
	597
	598	c = list_entry(p, struct hci_conn, list);
	599	p = p->next;
	600
	601	c->state = BT_CLOSED;
	602
2950f21a	603	hci_proto_disconn_cfm(c, 0x16);
1da177e4 LT	604	hci_conn_del(c);
	605	}
	606	}
	607
a9de9248 MH	608	/* Check pending connect attempts */
	609	void hci_conn_check_pending(struct hci_dev *hdev)
	610	{
	611	struct hci_conn *conn;
	612
	613	BT_DBG("hdev %s", hdev->name);
	614
	615	hci_dev_lock(hdev);
	616
	617	conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
	618	if (conn)
	619	hci_acl_connect(conn);
	620
	621	hci_dev_unlock(hdev);
	622	}
	623
9eba32b8 MH	624	void hci_conn_hold_device(struct hci_conn *conn)
	625	{
	626	atomic_inc(&conn->devref);
	627	}
	628	EXPORT_SYMBOL(hci_conn_hold_device);
	629
	630	void hci_conn_put_device(struct hci_conn *conn)
	631	{
	632	if (atomic_dec_and_test(&conn->devref))
	633	hci_conn_del_sysfs(conn);
	634	}
	635	EXPORT_SYMBOL(hci_conn_put_device);
	636
1da177e4 LT	637	int hci_get_conn_list(void __user *arg)
	638	{
	639	struct hci_conn_list_req req, *cl;
	640	struct hci_conn_info *ci;
	641	struct hci_dev *hdev;
	642	struct list_head *p;
	643	int n = 0, size, err;
	644
	645	if (copy_from_user(&req, arg, sizeof(req)))
	646	return -EFAULT;
	647
	648	if (!req.conn_num \|\| req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
	649	return -EINVAL;
	650
	651	size = sizeof(req) + req.conn_num * sizeof(*ci);
	652
70f23020 AE	653	cl = kmalloc(size, GFP_KERNEL);
70f23020 AE	654	if (!cl)
1da177e4 LT	655	return -ENOMEM;
1da177e4 LT	656
70f23020 AE	657	hdev = hci_dev_get(req.dev_id);
70f23020 AE	658	if (!hdev) {
1da177e4 LT	659	kfree(cl);
	660	return -ENODEV;
	661	}
	662
	663	ci = cl->conn_info;
	664
	665	hci_dev_lock_bh(hdev);
	666	list_for_each(p, &hdev->conn_hash.list) {
	667	register struct hci_conn *c;
	668	c = list_entry(p, struct hci_conn, list);
	669
	670	bacpy(&(ci + n)->bdaddr, &c->dst);
	671	(ci + n)->handle = c->handle;
	672	(ci + n)->type = c->type;
	673	(ci + n)->out = c->out;
	674	(ci + n)->state = c->state;
	675	(ci + n)->link_mode = c->link_mode;
	676	if (++n >= req.conn_num)
	677	break;
	678	}
	679	hci_dev_unlock_bh(hdev);
	680
	681	cl->dev_id = hdev->id;
	682	cl->conn_num = n;
	683	size = sizeof(req) + n * sizeof(*ci);
	684
	685	hci_dev_put(hdev);
	686
	687	err = copy_to_user(arg, cl, size);
	688	kfree(cl);
	689
	690	return err ? -EFAULT : 0;
	691	}
	692
	693	int hci_get_conn_info(struct hci_dev hdev, void __user arg)
	694	{
	695	struct hci_conn_info_req req;
	696	struct hci_conn_info ci;
	697	struct hci_conn *conn;
	698	char __user *ptr = arg + sizeof(req);
	699
	700	if (copy_from_user(&req, arg, sizeof(req)))
	701	return -EFAULT;
	702
	703	hci_dev_lock_bh(hdev);
	704	conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
	705	if (conn) {
	706	bacpy(&ci.bdaddr, &conn->dst);
	707	ci.handle = conn->handle;
	708	ci.type = conn->type;
	709	ci.out = conn->out;
	710	ci.state = conn->state;
	711	ci.link_mode = conn->link_mode;
	712	}
	713	hci_dev_unlock_bh(hdev);
	714
	715	if (!conn)
	716	return -ENOENT;
	717
	718	return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
	719	}
40be492f MH	720
	721	int hci_get_auth_info(struct hci_dev hdev, void __user arg)
	722	{
	723	struct hci_auth_info_req req;
	724	struct hci_conn *conn;
	725
	726	if (copy_from_user(&req, arg, sizeof(req)))
	727	return -EFAULT;
	728
	729	hci_dev_lock_bh(hdev);
	730	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
	731	if (conn)
	732	req.type = conn->auth_type;
	733	hci_dev_unlock_bh(hdev);
	734
	735	if (!conn)
	736	return -ENOENT;
	737
	738	return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
	739	}