2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
32 static void hci_le_connect(struct hci_conn *conn)
34 struct hci_dev *hdev = conn->hdev;
35 struct hci_cp_le_create_conn cp;
37 conn->state = BT_CONNECT;
39 conn->link_mode |= HCI_LM_MASTER;
40 conn->sec_level = BT_SECURITY_LOW;
42 memset(&cp, 0, sizeof(cp));
43 cp.scan_interval = cpu_to_le16(0x0060);
44 cp.scan_window = cpu_to_le16(0x0030);
45 bacpy(&cp.peer_addr, &conn->dst);
46 cp.peer_addr_type = conn->dst_type;
47 cp.conn_interval_min = cpu_to_le16(0x0028);
48 cp.conn_interval_max = cpu_to_le16(0x0038);
49 cp.supervision_timeout = cpu_to_le16(0x002a);
50 cp.min_ce_len = cpu_to_le16(0x0000);
51 cp.max_ce_len = cpu_to_le16(0x0000);
53 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
56 static void hci_le_connect_cancel(struct hci_conn *conn)
58 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
61 void hci_acl_connect(struct hci_conn *conn)
63 struct hci_dev *hdev = conn->hdev;
64 struct inquiry_entry *ie;
65 struct hci_cp_create_conn cp;
67 BT_DBG("hcon %p", conn);
69 conn->state = BT_CONNECT;
72 conn->link_mode = HCI_LM_MASTER;
76 conn->link_policy = hdev->link_policy;
78 memset(&cp, 0, sizeof(cp));
79 bacpy(&cp.bdaddr, &conn->dst);
80 cp.pscan_rep_mode = 0x02;
82 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
84 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
85 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
86 cp.pscan_mode = ie->data.pscan_mode;
87 cp.clock_offset = ie->data.clock_offset |
91 memcpy(conn->dev_class, ie->data.dev_class, 3);
92 if (ie->data.ssp_mode > 0)
93 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
96 cp.pkt_type = cpu_to_le16(conn->pkt_type);
97 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
98 cp.role_switch = 0x01;
100 cp.role_switch = 0x00;
102 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
105 static void hci_acl_connect_cancel(struct hci_conn *conn)
107 struct hci_cp_create_conn_cancel cp;
111 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
114 bacpy(&cp.bdaddr, &conn->dst);
115 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
120 struct hci_cp_disconnect cp;
124 conn->state = BT_DISCONN;
126 cp.handle = cpu_to_le16(conn->handle);
128 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
131 void hci_add_sco(struct hci_conn *conn, __u16 handle)
133 struct hci_dev *hdev = conn->hdev;
134 struct hci_cp_add_sco cp;
138 conn->state = BT_CONNECT;
143 cp.handle = cpu_to_le16(handle);
144 cp.pkt_type = cpu_to_le16(conn->pkt_type);
146 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
149 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
151 struct hci_dev *hdev = conn->hdev;
152 struct hci_cp_setup_sync_conn cp;
156 conn->state = BT_CONNECT;
161 cp.handle = cpu_to_le16(handle);
162 cp.pkt_type = cpu_to_le16(conn->pkt_type);
164 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
165 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
166 cp.max_latency = cpu_to_le16(0xffff);
167 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
168 cp.retrans_effort = 0xff;
170 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
173 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
174 u16 latency, u16 to_multiplier)
176 struct hci_cp_le_conn_update cp;
177 struct hci_dev *hdev = conn->hdev;
179 memset(&cp, 0, sizeof(cp));
181 cp.handle = cpu_to_le16(conn->handle);
182 cp.conn_interval_min = cpu_to_le16(min);
183 cp.conn_interval_max = cpu_to_le16(max);
184 cp.conn_latency = cpu_to_le16(latency);
185 cp.supervision_timeout = cpu_to_le16(to_multiplier);
186 cp.min_ce_len = cpu_to_le16(0x0001);
187 cp.max_ce_len = cpu_to_le16(0x0001);
189 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
191 EXPORT_SYMBOL(hci_le_conn_update);
193 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
196 struct hci_dev *hdev = conn->hdev;
197 struct hci_cp_le_start_enc cp;
201 memset(&cp, 0, sizeof(cp));
203 cp.handle = cpu_to_le16(conn->handle);
204 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
206 memcpy(cp.rand, rand, sizeof(cp.rand));
208 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
210 EXPORT_SYMBOL(hci_le_start_enc);
212 /* Device _must_ be locked */
213 void hci_sco_setup(struct hci_conn *conn, __u8 status)
215 struct hci_conn *sco = conn->link;
223 if (lmp_esco_capable(conn->hdev))
224 hci_setup_sync(sco, conn->handle);
226 hci_add_sco(sco, conn->handle);
228 hci_proto_connect_cfm(sco, status);
233 static void hci_conn_timeout(struct work_struct *work)
235 struct hci_conn *conn = container_of(work, struct hci_conn,
239 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
241 if (atomic_read(&conn->refcnt))
244 switch (conn->state) {
248 if (conn->type == ACL_LINK)
249 hci_acl_connect_cancel(conn);
250 else if (conn->type == LE_LINK)
251 hci_le_connect_cancel(conn);
256 reason = hci_proto_disconn_ind(conn);
257 hci_acl_disconn(conn, reason);
260 conn->state = BT_CLOSED;
265 /* Enter sniff mode */
266 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
268 struct hci_dev *hdev = conn->hdev;
270 BT_DBG("conn %p mode %d", conn, conn->mode);
272 if (test_bit(HCI_RAW, &hdev->flags))
275 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
278 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
281 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
282 struct hci_cp_sniff_subrate cp;
283 cp.handle = cpu_to_le16(conn->handle);
284 cp.max_latency = cpu_to_le16(0);
285 cp.min_remote_timeout = cpu_to_le16(0);
286 cp.min_local_timeout = cpu_to_le16(0);
287 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
290 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
291 struct hci_cp_sniff_mode cp;
292 cp.handle = cpu_to_le16(conn->handle);
293 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
294 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
295 cp.attempt = cpu_to_le16(4);
296 cp.timeout = cpu_to_le16(1);
297 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
301 static void hci_conn_idle(unsigned long arg)
303 struct hci_conn *conn = (void *) arg;
305 BT_DBG("conn %p mode %d", conn, conn->mode);
307 hci_conn_enter_sniff_mode(conn);
310 static void hci_conn_auto_accept(unsigned long arg)
312 struct hci_conn *conn = (void *) arg;
313 struct hci_dev *hdev = conn->hdev;
315 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
319 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
321 struct hci_conn *conn;
323 BT_DBG("%s dst %s", hdev->name, batostr(dst));
325 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
329 bacpy(&conn->dst, dst);
332 conn->mode = HCI_CM_ACTIVE;
333 conn->state = BT_OPEN;
334 conn->auth_type = HCI_AT_GENERAL_BONDING;
335 conn->io_capability = hdev->io_capability;
336 conn->remote_auth = 0xff;
337 conn->key_type = 0xff;
339 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
340 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
344 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
347 if (lmp_esco_capable(hdev))
348 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
349 (hdev->esco_type & EDR_ESCO_MASK);
351 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
354 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
358 skb_queue_head_init(&conn->data_q);
360 INIT_LIST_HEAD(&conn->chan_list);
362 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
363 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
364 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
365 (unsigned long) conn);
367 atomic_set(&conn->refcnt, 0);
371 hci_conn_hash_add(hdev, conn);
373 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
375 atomic_set(&conn->devref, 0);
377 hci_conn_init_sysfs(conn);
382 int hci_conn_del(struct hci_conn *conn)
384 struct hci_dev *hdev = conn->hdev;
386 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
388 del_timer(&conn->idle_timer);
390 cancel_delayed_work_sync(&conn->disc_work);
392 del_timer(&conn->auto_accept_timer);
394 if (conn->type == ACL_LINK) {
395 struct hci_conn *sco = conn->link;
400 hdev->acl_cnt += conn->sent;
401 } else if (conn->type == LE_LINK) {
403 hdev->le_cnt += conn->sent;
405 hdev->acl_cnt += conn->sent;
407 struct hci_conn *acl = conn->link;
414 hci_chan_list_flush(conn);
416 hci_conn_hash_del(hdev, conn);
418 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
420 skb_queue_purge(&conn->data_q);
422 hci_conn_put_device(conn);
426 if (conn->handle == 0)
432 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
434 int use_src = bacmp(src, BDADDR_ANY);
435 struct hci_dev *hdev = NULL, *d;
437 BT_DBG("%s -> %s", batostr(src), batostr(dst));
439 read_lock(&hci_dev_list_lock);
441 list_for_each_entry(d, &hci_dev_list, list) {
442 if (!test_bit(HCI_UP, &d->flags) ||
443 test_bit(HCI_RAW, &d->flags))
447 * No source address - find interface with bdaddr != dst
448 * Source address - find interface with bdaddr == src
452 if (!bacmp(&d->bdaddr, src)) {
456 if (bacmp(&d->bdaddr, dst)) {
463 hdev = hci_dev_hold(hdev);
465 read_unlock(&hci_dev_list_lock);
468 EXPORT_SYMBOL(hci_get_route);
470 /* Create SCO, ACL or LE connection.
471 * Device _must_ be locked */
472 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
473 __u8 dst_type, __u8 sec_level, __u8 auth_type)
475 struct hci_conn *acl;
476 struct hci_conn *sco;
479 BT_DBG("%s dst %s", hdev->name, batostr(dst));
481 if (type == LE_LINK) {
482 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
484 le = hci_conn_add(hdev, LE_LINK, dst);
486 return ERR_PTR(-ENOMEM);
488 le->dst_type = bdaddr_to_le(dst_type);
492 le->pending_sec_level = sec_level;
493 le->auth_type = auth_type;
500 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
502 acl = hci_conn_add(hdev, ACL_LINK, dst);
504 return ERR_PTR(-ENOMEM);
509 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
510 acl->sec_level = BT_SECURITY_LOW;
511 acl->pending_sec_level = sec_level;
512 acl->auth_type = auth_type;
513 hci_acl_connect(acl);
516 if (type == ACL_LINK)
519 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
521 sco = hci_conn_add(hdev, type, dst);
524 return ERR_PTR(-ENOMEM);
533 if (acl->state == BT_CONNECTED &&
534 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
535 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
536 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
538 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
539 /* defer SCO setup until mode change completed */
540 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
544 hci_sco_setup(acl, 0x00);
549 EXPORT_SYMBOL(hci_connect);
551 /* Check link security requirement */
552 int hci_conn_check_link_mode(struct hci_conn *conn)
554 BT_DBG("conn %p", conn);
556 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
561 EXPORT_SYMBOL(hci_conn_check_link_mode);
563 /* Authenticate remote device */
564 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
566 BT_DBG("conn %p", conn);
568 if (conn->pending_sec_level > sec_level)
569 sec_level = conn->pending_sec_level;
571 if (sec_level > conn->sec_level)
572 conn->pending_sec_level = sec_level;
573 else if (conn->link_mode & HCI_LM_AUTH)
576 /* Make sure we preserve an existing MITM requirement*/
577 auth_type |= (conn->auth_type & 0x01);
579 conn->auth_type = auth_type;
581 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
582 struct hci_cp_auth_requested cp;
584 /* encrypt must be pending if auth is also pending */
585 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
587 cp.handle = cpu_to_le16(conn->handle);
588 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
590 if (conn->key_type != 0xff)
591 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
597 /* Encrypt the the link */
598 static void hci_conn_encrypt(struct hci_conn *conn)
600 BT_DBG("conn %p", conn);
602 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
603 struct hci_cp_set_conn_encrypt cp;
604 cp.handle = cpu_to_le16(conn->handle);
606 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
611 /* Enable security */
612 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
614 BT_DBG("conn %p", conn);
616 /* For sdp we don't need the link key. */
617 if (sec_level == BT_SECURITY_SDP)
620 /* For non 2.1 devices and low security level we don't need the link
622 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
625 /* For other security levels we need the link key. */
626 if (!(conn->link_mode & HCI_LM_AUTH))
629 /* An authenticated combination key has sufficient security for any
631 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
634 /* An unauthenticated combination key has sufficient security for
635 security level 1 and 2. */
636 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
637 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
640 /* A combination key has always sufficient security for the security
641 levels 1 or 2. High security level requires the combination key
642 is generated using maximum PIN code length (16).
643 For pre 2.1 units. */
644 if (conn->key_type == HCI_LK_COMBINATION &&
645 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
649 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
652 if (!hci_conn_auth(conn, sec_level, auth_type))
656 if (conn->link_mode & HCI_LM_ENCRYPT)
659 hci_conn_encrypt(conn);
662 EXPORT_SYMBOL(hci_conn_security);
664 /* Check secure link requirement */
665 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
667 BT_DBG("conn %p", conn);
669 if (sec_level != BT_SECURITY_HIGH)
670 return 1; /* Accept if non-secure is required */
672 if (conn->sec_level == BT_SECURITY_HIGH)
675 return 0; /* Reject not secure link */
677 EXPORT_SYMBOL(hci_conn_check_secure);
679 /* Change link key */
680 int hci_conn_change_link_key(struct hci_conn *conn)
682 BT_DBG("conn %p", conn);
684 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
685 struct hci_cp_change_conn_link_key cp;
686 cp.handle = cpu_to_le16(conn->handle);
687 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
693 EXPORT_SYMBOL(hci_conn_change_link_key);
696 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
698 BT_DBG("conn %p", conn);
700 if (!role && conn->link_mode & HCI_LM_MASTER)
703 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
704 struct hci_cp_switch_role cp;
705 bacpy(&cp.bdaddr, &conn->dst);
707 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
712 EXPORT_SYMBOL(hci_conn_switch_role);
714 /* Enter active mode */
715 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
717 struct hci_dev *hdev = conn->hdev;
719 BT_DBG("conn %p mode %d", conn, conn->mode);
721 if (test_bit(HCI_RAW, &hdev->flags))
724 if (conn->mode != HCI_CM_SNIFF)
727 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
730 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
731 struct hci_cp_exit_sniff_mode cp;
732 cp.handle = cpu_to_le16(conn->handle);
733 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
737 if (hdev->idle_timeout > 0)
738 mod_timer(&conn->idle_timer,
739 jiffies + msecs_to_jiffies(hdev->idle_timeout));
742 /* Drop all connection on the device */
743 void hci_conn_hash_flush(struct hci_dev *hdev)
745 struct hci_conn_hash *h = &hdev->conn_hash;
746 struct hci_conn *c, *n;
748 BT_DBG("hdev %s", hdev->name);
750 list_for_each_entry_safe(c, n, &h->list, list) {
751 c->state = BT_CLOSED;
753 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
758 /* Check pending connect attempts */
759 void hci_conn_check_pending(struct hci_dev *hdev)
761 struct hci_conn *conn;
763 BT_DBG("hdev %s", hdev->name);
767 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
769 hci_acl_connect(conn);
771 hci_dev_unlock(hdev);
774 void hci_conn_hold_device(struct hci_conn *conn)
776 atomic_inc(&conn->devref);
778 EXPORT_SYMBOL(hci_conn_hold_device);
780 void hci_conn_put_device(struct hci_conn *conn)
782 if (atomic_dec_and_test(&conn->devref))
783 hci_conn_del_sysfs(conn);
785 EXPORT_SYMBOL(hci_conn_put_device);
787 int hci_get_conn_list(void __user *arg)
790 struct hci_conn_list_req req, *cl;
791 struct hci_conn_info *ci;
792 struct hci_dev *hdev;
793 int n = 0, size, err;
795 if (copy_from_user(&req, arg, sizeof(req)))
798 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
801 size = sizeof(req) + req.conn_num * sizeof(*ci);
803 cl = kmalloc(size, GFP_KERNEL);
807 hdev = hci_dev_get(req.dev_id);
816 list_for_each_entry(c, &hdev->conn_hash.list, list) {
817 bacpy(&(ci + n)->bdaddr, &c->dst);
818 (ci + n)->handle = c->handle;
819 (ci + n)->type = c->type;
820 (ci + n)->out = c->out;
821 (ci + n)->state = c->state;
822 (ci + n)->link_mode = c->link_mode;
823 if (++n >= req.conn_num)
826 hci_dev_unlock(hdev);
828 cl->dev_id = hdev->id;
830 size = sizeof(req) + n * sizeof(*ci);
834 err = copy_to_user(arg, cl, size);
837 return err ? -EFAULT : 0;
840 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
842 struct hci_conn_info_req req;
843 struct hci_conn_info ci;
844 struct hci_conn *conn;
845 char __user *ptr = arg + sizeof(req);
847 if (copy_from_user(&req, arg, sizeof(req)))
851 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
853 bacpy(&ci.bdaddr, &conn->dst);
854 ci.handle = conn->handle;
855 ci.type = conn->type;
857 ci.state = conn->state;
858 ci.link_mode = conn->link_mode;
860 hci_dev_unlock(hdev);
865 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
868 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
870 struct hci_auth_info_req req;
871 struct hci_conn *conn;
873 if (copy_from_user(&req, arg, sizeof(req)))
877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
879 req.type = conn->auth_type;
880 hci_dev_unlock(hdev);
885 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
888 struct hci_chan *hci_chan_create(struct hci_conn *conn)
890 struct hci_dev *hdev = conn->hdev;
891 struct hci_chan *chan;
893 BT_DBG("%s conn %p", hdev->name, conn);
895 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
900 skb_queue_head_init(&chan->data_q);
902 list_add_rcu(&chan->list, &conn->chan_list);
907 int hci_chan_del(struct hci_chan *chan)
909 struct hci_conn *conn = chan->conn;
910 struct hci_dev *hdev = conn->hdev;
912 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
914 list_del_rcu(&chan->list);
918 skb_queue_purge(&chan->data_q);
924 void hci_chan_list_flush(struct hci_conn *conn)
926 struct hci_chan *chan, *n;
928 BT_DBG("conn %p", conn);
930 list_for_each_entry_safe(chan, n, &conn->chan_list, list)