2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/a2mp.h>
33 static void hci_le_connect(struct hci_conn *conn)
35 struct hci_dev *hdev = conn->hdev;
36 struct hci_cp_le_create_conn cp;
38 conn->state = BT_CONNECT;
40 conn->link_mode |= HCI_LM_MASTER;
41 conn->sec_level = BT_SECURITY_LOW;
43 memset(&cp, 0, sizeof(cp));
44 cp.scan_interval = __constant_cpu_to_le16(0x0060);
45 cp.scan_window = __constant_cpu_to_le16(0x0030);
46 bacpy(&cp.peer_addr, &conn->dst);
47 cp.peer_addr_type = conn->dst_type;
48 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
49 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
50 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
51 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
52 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
54 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
57 static void hci_le_connect_cancel(struct hci_conn *conn)
59 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
62 void hci_acl_connect(struct hci_conn *conn)
64 struct hci_dev *hdev = conn->hdev;
65 struct inquiry_entry *ie;
66 struct hci_cp_create_conn cp;
68 BT_DBG("hcon %p", conn);
70 conn->state = BT_CONNECT;
73 conn->link_mode = HCI_LM_MASTER;
77 conn->link_policy = hdev->link_policy;
79 memset(&cp, 0, sizeof(cp));
80 bacpy(&cp.bdaddr, &conn->dst);
81 cp.pscan_rep_mode = 0x02;
83 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
85 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
86 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
87 cp.pscan_mode = ie->data.pscan_mode;
88 cp.clock_offset = ie->data.clock_offset |
89 __constant_cpu_to_le16(0x8000);
92 memcpy(conn->dev_class, ie->data.dev_class, 3);
93 if (ie->data.ssp_mode > 0)
94 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
97 cp.pkt_type = cpu_to_le16(conn->pkt_type);
98 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
99 cp.role_switch = 0x01;
101 cp.role_switch = 0x00;
103 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
106 static void hci_acl_connect_cancel(struct hci_conn *conn)
108 struct hci_cp_create_conn_cancel cp;
112 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
115 bacpy(&cp.bdaddr, &conn->dst);
116 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
119 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
121 struct hci_cp_disconnect cp;
125 conn->state = BT_DISCONN;
127 cp.handle = cpu_to_le16(conn->handle);
129 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
132 void hci_add_sco(struct hci_conn *conn, __u16 handle)
134 struct hci_dev *hdev = conn->hdev;
135 struct hci_cp_add_sco cp;
139 conn->state = BT_CONNECT;
144 cp.handle = cpu_to_le16(handle);
145 cp.pkt_type = cpu_to_le16(conn->pkt_type);
147 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
150 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
152 struct hci_dev *hdev = conn->hdev;
153 struct hci_cp_setup_sync_conn cp;
157 conn->state = BT_CONNECT;
162 cp.handle = cpu_to_le16(handle);
163 cp.pkt_type = cpu_to_le16(conn->pkt_type);
165 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
166 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
167 cp.max_latency = __constant_cpu_to_le16(0xffff);
168 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
169 cp.retrans_effort = 0xff;
171 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
174 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
175 u16 latency, u16 to_multiplier)
177 struct hci_cp_le_conn_update cp;
178 struct hci_dev *hdev = conn->hdev;
180 memset(&cp, 0, sizeof(cp));
182 cp.handle = cpu_to_le16(conn->handle);
183 cp.conn_interval_min = cpu_to_le16(min);
184 cp.conn_interval_max = cpu_to_le16(max);
185 cp.conn_latency = cpu_to_le16(latency);
186 cp.supervision_timeout = cpu_to_le16(to_multiplier);
187 cp.min_ce_len = __constant_cpu_to_le16(0x0001);
188 cp.max_ce_len = __constant_cpu_to_le16(0x0001);
190 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
193 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
196 struct hci_dev *hdev = conn->hdev;
197 struct hci_cp_le_start_enc cp;
201 memset(&cp, 0, sizeof(cp));
203 cp.handle = cpu_to_le16(conn->handle);
204 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
206 memcpy(cp.rand, rand, sizeof(cp.rand));
208 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
211 /* Device _must_ be locked */
212 void hci_sco_setup(struct hci_conn *conn, __u8 status)
214 struct hci_conn *sco = conn->link;
222 if (lmp_esco_capable(conn->hdev))
223 hci_setup_sync(sco, conn->handle);
225 hci_add_sco(sco, conn->handle);
227 hci_proto_connect_cfm(sco, status);
232 static void hci_conn_timeout(struct work_struct *work)
234 struct hci_conn *conn = container_of(work, struct hci_conn,
238 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
240 if (atomic_read(&conn->refcnt))
243 switch (conn->state) {
247 if (conn->type == ACL_LINK)
248 hci_acl_connect_cancel(conn);
249 else if (conn->type == LE_LINK)
250 hci_le_connect_cancel(conn);
255 reason = hci_proto_disconn_ind(conn);
256 hci_acl_disconn(conn, reason);
259 conn->state = BT_CLOSED;
264 /* Enter sniff mode */
265 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
267 struct hci_dev *hdev = conn->hdev;
269 BT_DBG("conn %p mode %d", conn, conn->mode);
271 if (test_bit(HCI_RAW, &hdev->flags))
274 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
277 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
280 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
281 struct hci_cp_sniff_subrate cp;
282 cp.handle = cpu_to_le16(conn->handle);
283 cp.max_latency = __constant_cpu_to_le16(0);
284 cp.min_remote_timeout = __constant_cpu_to_le16(0);
285 cp.min_local_timeout = __constant_cpu_to_le16(0);
286 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
289 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
290 struct hci_cp_sniff_mode cp;
291 cp.handle = cpu_to_le16(conn->handle);
292 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
293 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
294 cp.attempt = __constant_cpu_to_le16(4);
295 cp.timeout = __constant_cpu_to_le16(1);
296 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
300 static void hci_conn_idle(unsigned long arg)
302 struct hci_conn *conn = (void *) arg;
304 BT_DBG("conn %p mode %d", conn, conn->mode);
306 hci_conn_enter_sniff_mode(conn);
309 static void hci_conn_auto_accept(unsigned long arg)
311 struct hci_conn *conn = (void *) arg;
312 struct hci_dev *hdev = conn->hdev;
314 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
318 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
320 struct hci_conn *conn;
322 BT_DBG("%s dst %s", hdev->name, batostr(dst));
324 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
328 bacpy(&conn->dst, dst);
331 conn->mode = HCI_CM_ACTIVE;
332 conn->state = BT_OPEN;
333 conn->auth_type = HCI_AT_GENERAL_BONDING;
334 conn->io_capability = hdev->io_capability;
335 conn->remote_auth = 0xff;
336 conn->key_type = 0xff;
338 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
339 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
343 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
346 if (lmp_esco_capable(hdev))
347 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
348 (hdev->esco_type & EDR_ESCO_MASK);
350 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
353 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
357 skb_queue_head_init(&conn->data_q);
359 INIT_LIST_HEAD(&conn->chan_list);
361 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
362 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
363 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
364 (unsigned long) conn);
366 atomic_set(&conn->refcnt, 0);
370 hci_conn_hash_add(hdev, conn);
372 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
374 atomic_set(&conn->devref, 0);
376 hci_conn_init_sysfs(conn);
381 int hci_conn_del(struct hci_conn *conn)
383 struct hci_dev *hdev = conn->hdev;
385 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
387 del_timer(&conn->idle_timer);
389 cancel_delayed_work_sync(&conn->disc_work);
391 del_timer(&conn->auto_accept_timer);
393 if (conn->type == ACL_LINK) {
394 struct hci_conn *sco = conn->link;
399 hdev->acl_cnt += conn->sent;
400 } else if (conn->type == LE_LINK) {
402 hdev->le_cnt += conn->sent;
404 hdev->acl_cnt += conn->sent;
406 struct hci_conn *acl = conn->link;
413 hci_chan_list_flush(conn);
416 amp_mgr_put(conn->amp_mgr);
418 hci_conn_hash_del(hdev, conn);
420 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
422 skb_queue_purge(&conn->data_q);
424 hci_conn_put_device(conn);
428 if (conn->handle == 0)
434 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
436 int use_src = bacmp(src, BDADDR_ANY);
437 struct hci_dev *hdev = NULL, *d;
439 BT_DBG("%s -> %s", batostr(src), batostr(dst));
441 read_lock(&hci_dev_list_lock);
443 list_for_each_entry(d, &hci_dev_list, list) {
444 if (!test_bit(HCI_UP, &d->flags) ||
445 test_bit(HCI_RAW, &d->flags))
449 * No source address - find interface with bdaddr != dst
450 * Source address - find interface with bdaddr == src
454 if (!bacmp(&d->bdaddr, src)) {
458 if (bacmp(&d->bdaddr, dst)) {
465 hdev = hci_dev_hold(hdev);
467 read_unlock(&hci_dev_list_lock);
470 EXPORT_SYMBOL(hci_get_route);
472 /* Create SCO, ACL or LE connection.
473 * Device _must_ be locked */
474 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
475 __u8 dst_type, __u8 sec_level, __u8 auth_type)
477 struct hci_conn *acl;
478 struct hci_conn *sco;
481 BT_DBG("%s dst %s", hdev->name, batostr(dst));
483 if (type == LE_LINK) {
484 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
486 le = hci_conn_hash_lookup_state(hdev, LE_LINK,
489 return ERR_PTR(-EBUSY);
491 le = hci_conn_add(hdev, LE_LINK, dst);
493 return ERR_PTR(-ENOMEM);
495 le->dst_type = bdaddr_to_le(dst_type);
499 le->pending_sec_level = sec_level;
500 le->auth_type = auth_type;
507 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
509 acl = hci_conn_add(hdev, ACL_LINK, dst);
511 return ERR_PTR(-ENOMEM);
516 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
517 acl->sec_level = BT_SECURITY_LOW;
518 acl->pending_sec_level = sec_level;
519 acl->auth_type = auth_type;
520 hci_acl_connect(acl);
523 if (type == ACL_LINK)
526 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
528 sco = hci_conn_add(hdev, type, dst);
531 return ERR_PTR(-ENOMEM);
540 if (acl->state == BT_CONNECTED &&
541 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
542 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
543 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
545 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
546 /* defer SCO setup until mode change completed */
547 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
551 hci_sco_setup(acl, 0x00);
557 /* Check link security requirement */
558 int hci_conn_check_link_mode(struct hci_conn *conn)
560 BT_DBG("conn %p", conn);
562 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
568 /* Authenticate remote device */
569 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
571 BT_DBG("conn %p", conn);
573 if (conn->pending_sec_level > sec_level)
574 sec_level = conn->pending_sec_level;
576 if (sec_level > conn->sec_level)
577 conn->pending_sec_level = sec_level;
578 else if (conn->link_mode & HCI_LM_AUTH)
581 /* Make sure we preserve an existing MITM requirement*/
582 auth_type |= (conn->auth_type & 0x01);
584 conn->auth_type = auth_type;
586 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
587 struct hci_cp_auth_requested cp;
589 /* encrypt must be pending if auth is also pending */
590 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
592 cp.handle = cpu_to_le16(conn->handle);
593 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
595 if (conn->key_type != 0xff)
596 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
602 /* Encrypt the the link */
603 static void hci_conn_encrypt(struct hci_conn *conn)
605 BT_DBG("conn %p", conn);
607 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
608 struct hci_cp_set_conn_encrypt cp;
609 cp.handle = cpu_to_le16(conn->handle);
611 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
616 /* Enable security */
617 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
619 BT_DBG("conn %p", conn);
621 /* For sdp we don't need the link key. */
622 if (sec_level == BT_SECURITY_SDP)
625 /* For non 2.1 devices and low security level we don't need the link
627 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
630 /* For other security levels we need the link key. */
631 if (!(conn->link_mode & HCI_LM_AUTH))
634 /* An authenticated combination key has sufficient security for any
636 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
639 /* An unauthenticated combination key has sufficient security for
640 security level 1 and 2. */
641 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
642 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
645 /* A combination key has always sufficient security for the security
646 levels 1 or 2. High security level requires the combination key
647 is generated using maximum PIN code length (16).
648 For pre 2.1 units. */
649 if (conn->key_type == HCI_LK_COMBINATION &&
650 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
654 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
657 if (!hci_conn_auth(conn, sec_level, auth_type))
661 if (conn->link_mode & HCI_LM_ENCRYPT)
664 hci_conn_encrypt(conn);
667 EXPORT_SYMBOL(hci_conn_security);
669 /* Check secure link requirement */
670 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
672 BT_DBG("conn %p", conn);
674 if (sec_level != BT_SECURITY_HIGH)
675 return 1; /* Accept if non-secure is required */
677 if (conn->sec_level == BT_SECURITY_HIGH)
680 return 0; /* Reject not secure link */
682 EXPORT_SYMBOL(hci_conn_check_secure);
684 /* Change link key */
685 int hci_conn_change_link_key(struct hci_conn *conn)
687 BT_DBG("conn %p", conn);
689 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
690 struct hci_cp_change_conn_link_key cp;
691 cp.handle = cpu_to_le16(conn->handle);
692 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
700 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
702 BT_DBG("conn %p", conn);
704 if (!role && conn->link_mode & HCI_LM_MASTER)
707 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
708 struct hci_cp_switch_role cp;
709 bacpy(&cp.bdaddr, &conn->dst);
711 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
716 EXPORT_SYMBOL(hci_conn_switch_role);
718 /* Enter active mode */
719 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
721 struct hci_dev *hdev = conn->hdev;
723 BT_DBG("conn %p mode %d", conn, conn->mode);
725 if (test_bit(HCI_RAW, &hdev->flags))
728 if (conn->mode != HCI_CM_SNIFF)
731 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
734 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
735 struct hci_cp_exit_sniff_mode cp;
736 cp.handle = cpu_to_le16(conn->handle);
737 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
741 if (hdev->idle_timeout > 0)
742 mod_timer(&conn->idle_timer,
743 jiffies + msecs_to_jiffies(hdev->idle_timeout));
746 /* Drop all connection on the device */
747 void hci_conn_hash_flush(struct hci_dev *hdev)
749 struct hci_conn_hash *h = &hdev->conn_hash;
750 struct hci_conn *c, *n;
752 BT_DBG("hdev %s", hdev->name);
754 list_for_each_entry_safe(c, n, &h->list, list) {
755 c->state = BT_CLOSED;
757 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
762 /* Check pending connect attempts */
763 void hci_conn_check_pending(struct hci_dev *hdev)
765 struct hci_conn *conn;
767 BT_DBG("hdev %s", hdev->name);
771 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
773 hci_acl_connect(conn);
775 hci_dev_unlock(hdev);
778 void hci_conn_hold_device(struct hci_conn *conn)
780 atomic_inc(&conn->devref);
782 EXPORT_SYMBOL(hci_conn_hold_device);
784 void hci_conn_put_device(struct hci_conn *conn)
786 if (atomic_dec_and_test(&conn->devref))
787 hci_conn_del_sysfs(conn);
789 EXPORT_SYMBOL(hci_conn_put_device);
791 int hci_get_conn_list(void __user *arg)
794 struct hci_conn_list_req req, *cl;
795 struct hci_conn_info *ci;
796 struct hci_dev *hdev;
797 int n = 0, size, err;
799 if (copy_from_user(&req, arg, sizeof(req)))
802 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
805 size = sizeof(req) + req.conn_num * sizeof(*ci);
807 cl = kmalloc(size, GFP_KERNEL);
811 hdev = hci_dev_get(req.dev_id);
820 list_for_each_entry(c, &hdev->conn_hash.list, list) {
821 bacpy(&(ci + n)->bdaddr, &c->dst);
822 (ci + n)->handle = c->handle;
823 (ci + n)->type = c->type;
824 (ci + n)->out = c->out;
825 (ci + n)->state = c->state;
826 (ci + n)->link_mode = c->link_mode;
827 if (++n >= req.conn_num)
830 hci_dev_unlock(hdev);
832 cl->dev_id = hdev->id;
834 size = sizeof(req) + n * sizeof(*ci);
838 err = copy_to_user(arg, cl, size);
841 return err ? -EFAULT : 0;
844 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
846 struct hci_conn_info_req req;
847 struct hci_conn_info ci;
848 struct hci_conn *conn;
849 char __user *ptr = arg + sizeof(req);
851 if (copy_from_user(&req, arg, sizeof(req)))
855 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
857 bacpy(&ci.bdaddr, &conn->dst);
858 ci.handle = conn->handle;
859 ci.type = conn->type;
861 ci.state = conn->state;
862 ci.link_mode = conn->link_mode;
864 hci_dev_unlock(hdev);
869 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
872 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
874 struct hci_auth_info_req req;
875 struct hci_conn *conn;
877 if (copy_from_user(&req, arg, sizeof(req)))
881 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
883 req.type = conn->auth_type;
884 hci_dev_unlock(hdev);
889 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
892 struct hci_chan *hci_chan_create(struct hci_conn *conn)
894 struct hci_dev *hdev = conn->hdev;
895 struct hci_chan *chan;
897 BT_DBG("%s conn %p", hdev->name, conn);
899 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
904 skb_queue_head_init(&chan->data_q);
906 list_add_rcu(&chan->list, &conn->chan_list);
911 int hci_chan_del(struct hci_chan *chan)
913 struct hci_conn *conn = chan->conn;
914 struct hci_dev *hdev = conn->hdev;
916 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
918 list_del_rcu(&chan->list);
922 skb_queue_purge(&chan->data_q);
928 void hci_chan_list_flush(struct hci_conn *conn)
930 struct hci_chan *chan, *n;
932 BT_DBG("conn %p", conn);
934 list_for_each_entry_safe(chan, n, &conn->chan_list, list)