2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
32 static void hci_le_connect(struct hci_conn *conn)
34 struct hci_dev *hdev = conn->hdev;
35 struct hci_cp_le_create_conn cp;
37 conn->state = BT_CONNECT;
39 conn->link_mode |= HCI_LM_MASTER;
40 conn->sec_level = BT_SECURITY_LOW;
42 memset(&cp, 0, sizeof(cp));
43 cp.scan_interval = cpu_to_le16(0x0060);
44 cp.scan_window = cpu_to_le16(0x0030);
45 bacpy(&cp.peer_addr, &conn->dst);
46 cp.peer_addr_type = conn->dst_type;
47 cp.conn_interval_min = cpu_to_le16(0x0028);
48 cp.conn_interval_max = cpu_to_le16(0x0038);
49 cp.supervision_timeout = cpu_to_le16(0x002a);
50 cp.min_ce_len = cpu_to_le16(0x0000);
51 cp.max_ce_len = cpu_to_le16(0x0000);
53 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
56 static void hci_le_connect_cancel(struct hci_conn *conn)
58 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
61 void hci_acl_connect(struct hci_conn *conn)
63 struct hci_dev *hdev = conn->hdev;
64 struct inquiry_entry *ie;
65 struct hci_cp_create_conn cp;
67 BT_DBG("hcon %p", conn);
69 conn->state = BT_CONNECT;
72 conn->link_mode = HCI_LM_MASTER;
76 conn->link_policy = hdev->link_policy;
78 memset(&cp, 0, sizeof(cp));
79 bacpy(&cp.bdaddr, &conn->dst);
80 cp.pscan_rep_mode = 0x02;
82 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
84 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
85 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
86 cp.pscan_mode = ie->data.pscan_mode;
87 cp.clock_offset = ie->data.clock_offset |
91 memcpy(conn->dev_class, ie->data.dev_class, 3);
92 if (ie->data.ssp_mode > 0)
93 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
96 cp.pkt_type = cpu_to_le16(conn->pkt_type);
97 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
98 cp.role_switch = 0x01;
100 cp.role_switch = 0x00;
102 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
105 static void hci_acl_connect_cancel(struct hci_conn *conn)
107 struct hci_cp_create_conn_cancel cp;
111 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
114 bacpy(&cp.bdaddr, &conn->dst);
115 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
120 struct hci_cp_disconnect cp;
124 conn->state = BT_DISCONN;
126 cp.handle = cpu_to_le16(conn->handle);
128 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
131 void hci_add_sco(struct hci_conn *conn, __u16 handle)
133 struct hci_dev *hdev = conn->hdev;
134 struct hci_cp_add_sco cp;
138 conn->state = BT_CONNECT;
143 cp.handle = cpu_to_le16(handle);
144 cp.pkt_type = cpu_to_le16(conn->pkt_type);
146 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
149 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
151 struct hci_dev *hdev = conn->hdev;
152 struct hci_cp_setup_sync_conn cp;
156 conn->state = BT_CONNECT;
161 cp.handle = cpu_to_le16(handle);
162 cp.pkt_type = cpu_to_le16(conn->pkt_type);
164 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
165 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
166 cp.max_latency = cpu_to_le16(0xffff);
167 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
168 cp.retrans_effort = 0xff;
170 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
173 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
174 u16 latency, u16 to_multiplier)
176 struct hci_cp_le_conn_update cp;
177 struct hci_dev *hdev = conn->hdev;
179 memset(&cp, 0, sizeof(cp));
181 cp.handle = cpu_to_le16(conn->handle);
182 cp.conn_interval_min = cpu_to_le16(min);
183 cp.conn_interval_max = cpu_to_le16(max);
184 cp.conn_latency = cpu_to_le16(latency);
185 cp.supervision_timeout = cpu_to_le16(to_multiplier);
186 cp.min_ce_len = cpu_to_le16(0x0001);
187 cp.max_ce_len = cpu_to_le16(0x0001);
189 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
192 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
195 struct hci_dev *hdev = conn->hdev;
196 struct hci_cp_le_start_enc cp;
200 memset(&cp, 0, sizeof(cp));
202 cp.handle = cpu_to_le16(conn->handle);
203 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
205 memcpy(cp.rand, rand, sizeof(cp.rand));
207 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
210 /* Device _must_ be locked */
211 void hci_sco_setup(struct hci_conn *conn, __u8 status)
213 struct hci_conn *sco = conn->link;
221 if (lmp_esco_capable(conn->hdev))
222 hci_setup_sync(sco, conn->handle);
224 hci_add_sco(sco, conn->handle);
226 hci_proto_connect_cfm(sco, status);
231 static void hci_conn_timeout(struct work_struct *work)
233 struct hci_conn *conn = container_of(work, struct hci_conn,
237 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
239 if (atomic_read(&conn->refcnt))
242 switch (conn->state) {
246 if (conn->type == ACL_LINK)
247 hci_acl_connect_cancel(conn);
248 else if (conn->type == LE_LINK)
249 hci_le_connect_cancel(conn);
254 reason = hci_proto_disconn_ind(conn);
255 hci_acl_disconn(conn, reason);
258 conn->state = BT_CLOSED;
263 /* Enter sniff mode */
264 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
266 struct hci_dev *hdev = conn->hdev;
268 BT_DBG("conn %p mode %d", conn, conn->mode);
270 if (test_bit(HCI_RAW, &hdev->flags))
273 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
276 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
279 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
280 struct hci_cp_sniff_subrate cp;
281 cp.handle = cpu_to_le16(conn->handle);
282 cp.max_latency = cpu_to_le16(0);
283 cp.min_remote_timeout = cpu_to_le16(0);
284 cp.min_local_timeout = cpu_to_le16(0);
285 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
288 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
289 struct hci_cp_sniff_mode cp;
290 cp.handle = cpu_to_le16(conn->handle);
291 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
292 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
293 cp.attempt = cpu_to_le16(4);
294 cp.timeout = cpu_to_le16(1);
295 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
299 static void hci_conn_idle(unsigned long arg)
301 struct hci_conn *conn = (void *) arg;
303 BT_DBG("conn %p mode %d", conn, conn->mode);
305 hci_conn_enter_sniff_mode(conn);
308 static void hci_conn_auto_accept(unsigned long arg)
310 struct hci_conn *conn = (void *) arg;
311 struct hci_dev *hdev = conn->hdev;
313 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
317 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
319 struct hci_conn *conn;
321 BT_DBG("%s dst %s", hdev->name, batostr(dst));
323 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
327 bacpy(&conn->dst, dst);
330 conn->mode = HCI_CM_ACTIVE;
331 conn->state = BT_OPEN;
332 conn->auth_type = HCI_AT_GENERAL_BONDING;
333 conn->io_capability = hdev->io_capability;
334 conn->remote_auth = 0xff;
335 conn->key_type = 0xff;
337 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
338 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
342 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
345 if (lmp_esco_capable(hdev))
346 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
347 (hdev->esco_type & EDR_ESCO_MASK);
349 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
352 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
356 skb_queue_head_init(&conn->data_q);
358 INIT_LIST_HEAD(&conn->chan_list);
360 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
361 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
362 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
363 (unsigned long) conn);
365 atomic_set(&conn->refcnt, 0);
369 hci_conn_hash_add(hdev, conn);
371 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
373 atomic_set(&conn->devref, 0);
375 hci_conn_init_sysfs(conn);
380 int hci_conn_del(struct hci_conn *conn)
382 struct hci_dev *hdev = conn->hdev;
384 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
386 del_timer(&conn->idle_timer);
388 cancel_delayed_work_sync(&conn->disc_work);
390 del_timer(&conn->auto_accept_timer);
392 if (conn->type == ACL_LINK) {
393 struct hci_conn *sco = conn->link;
398 hdev->acl_cnt += conn->sent;
399 } else if (conn->type == LE_LINK) {
401 hdev->le_cnt += conn->sent;
403 hdev->acl_cnt += conn->sent;
405 struct hci_conn *acl = conn->link;
412 hci_chan_list_flush(conn);
414 hci_conn_hash_del(hdev, conn);
416 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
418 skb_queue_purge(&conn->data_q);
420 hci_conn_put_device(conn);
424 if (conn->handle == 0)
430 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
432 int use_src = bacmp(src, BDADDR_ANY);
433 struct hci_dev *hdev = NULL, *d;
435 BT_DBG("%s -> %s", batostr(src), batostr(dst));
437 read_lock(&hci_dev_list_lock);
439 list_for_each_entry(d, &hci_dev_list, list) {
440 if (!test_bit(HCI_UP, &d->flags) ||
441 test_bit(HCI_RAW, &d->flags))
445 * No source address - find interface with bdaddr != dst
446 * Source address - find interface with bdaddr == src
450 if (!bacmp(&d->bdaddr, src)) {
454 if (bacmp(&d->bdaddr, dst)) {
461 hdev = hci_dev_hold(hdev);
463 read_unlock(&hci_dev_list_lock);
466 EXPORT_SYMBOL(hci_get_route);
468 /* Create SCO, ACL or LE connection.
469 * Device _must_ be locked */
470 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
471 __u8 dst_type, __u8 sec_level, __u8 auth_type)
473 struct hci_conn *acl;
474 struct hci_conn *sco;
477 BT_DBG("%s dst %s", hdev->name, batostr(dst));
479 if (type == LE_LINK) {
480 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
482 le = hci_conn_add(hdev, LE_LINK, dst);
484 return ERR_PTR(-ENOMEM);
486 le->dst_type = bdaddr_to_le(dst_type);
490 le->pending_sec_level = sec_level;
491 le->auth_type = auth_type;
498 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
500 acl = hci_conn_add(hdev, ACL_LINK, dst);
502 return ERR_PTR(-ENOMEM);
507 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
508 acl->sec_level = BT_SECURITY_LOW;
509 acl->pending_sec_level = sec_level;
510 acl->auth_type = auth_type;
511 hci_acl_connect(acl);
514 if (type == ACL_LINK)
517 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
519 sco = hci_conn_add(hdev, type, dst);
522 return ERR_PTR(-ENOMEM);
531 if (acl->state == BT_CONNECTED &&
532 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
533 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
534 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
536 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
537 /* defer SCO setup until mode change completed */
538 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
542 hci_sco_setup(acl, 0x00);
548 /* Check link security requirement */
549 int hci_conn_check_link_mode(struct hci_conn *conn)
551 BT_DBG("conn %p", conn);
553 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
559 /* Authenticate remote device */
560 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
562 BT_DBG("conn %p", conn);
564 if (conn->pending_sec_level > sec_level)
565 sec_level = conn->pending_sec_level;
567 if (sec_level > conn->sec_level)
568 conn->pending_sec_level = sec_level;
569 else if (conn->link_mode & HCI_LM_AUTH)
572 /* Make sure we preserve an existing MITM requirement*/
573 auth_type |= (conn->auth_type & 0x01);
575 conn->auth_type = auth_type;
577 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
578 struct hci_cp_auth_requested cp;
580 /* encrypt must be pending if auth is also pending */
581 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
583 cp.handle = cpu_to_le16(conn->handle);
584 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
586 if (conn->key_type != 0xff)
587 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
593 /* Encrypt the the link */
594 static void hci_conn_encrypt(struct hci_conn *conn)
596 BT_DBG("conn %p", conn);
598 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
599 struct hci_cp_set_conn_encrypt cp;
600 cp.handle = cpu_to_le16(conn->handle);
602 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
607 /* Enable security */
608 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
610 BT_DBG("conn %p", conn);
612 /* For sdp we don't need the link key. */
613 if (sec_level == BT_SECURITY_SDP)
616 /* For non 2.1 devices and low security level we don't need the link
618 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
621 /* For other security levels we need the link key. */
622 if (!(conn->link_mode & HCI_LM_AUTH))
625 /* An authenticated combination key has sufficient security for any
627 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
630 /* An unauthenticated combination key has sufficient security for
631 security level 1 and 2. */
632 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
633 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
636 /* A combination key has always sufficient security for the security
637 levels 1 or 2. High security level requires the combination key
638 is generated using maximum PIN code length (16).
639 For pre 2.1 units. */
640 if (conn->key_type == HCI_LK_COMBINATION &&
641 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
645 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
648 if (!hci_conn_auth(conn, sec_level, auth_type))
652 if (conn->link_mode & HCI_LM_ENCRYPT)
655 hci_conn_encrypt(conn);
658 EXPORT_SYMBOL(hci_conn_security);
660 /* Check secure link requirement */
661 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
663 BT_DBG("conn %p", conn);
665 if (sec_level != BT_SECURITY_HIGH)
666 return 1; /* Accept if non-secure is required */
668 if (conn->sec_level == BT_SECURITY_HIGH)
671 return 0; /* Reject not secure link */
673 EXPORT_SYMBOL(hci_conn_check_secure);
675 /* Change link key */
676 int hci_conn_change_link_key(struct hci_conn *conn)
678 BT_DBG("conn %p", conn);
680 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
681 struct hci_cp_change_conn_link_key cp;
682 cp.handle = cpu_to_le16(conn->handle);
683 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
691 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
693 BT_DBG("conn %p", conn);
695 if (!role && conn->link_mode & HCI_LM_MASTER)
698 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
699 struct hci_cp_switch_role cp;
700 bacpy(&cp.bdaddr, &conn->dst);
702 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
707 EXPORT_SYMBOL(hci_conn_switch_role);
709 /* Enter active mode */
710 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
712 struct hci_dev *hdev = conn->hdev;
714 BT_DBG("conn %p mode %d", conn, conn->mode);
716 if (test_bit(HCI_RAW, &hdev->flags))
719 if (conn->mode != HCI_CM_SNIFF)
722 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
725 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
726 struct hci_cp_exit_sniff_mode cp;
727 cp.handle = cpu_to_le16(conn->handle);
728 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
732 if (hdev->idle_timeout > 0)
733 mod_timer(&conn->idle_timer,
734 jiffies + msecs_to_jiffies(hdev->idle_timeout));
737 /* Drop all connection on the device */
738 void hci_conn_hash_flush(struct hci_dev *hdev)
740 struct hci_conn_hash *h = &hdev->conn_hash;
741 struct hci_conn *c, *n;
743 BT_DBG("hdev %s", hdev->name);
745 list_for_each_entry_safe(c, n, &h->list, list) {
746 c->state = BT_CLOSED;
748 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
753 /* Check pending connect attempts */
754 void hci_conn_check_pending(struct hci_dev *hdev)
756 struct hci_conn *conn;
758 BT_DBG("hdev %s", hdev->name);
762 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
764 hci_acl_connect(conn);
766 hci_dev_unlock(hdev);
769 void hci_conn_hold_device(struct hci_conn *conn)
771 atomic_inc(&conn->devref);
773 EXPORT_SYMBOL(hci_conn_hold_device);
775 void hci_conn_put_device(struct hci_conn *conn)
777 if (atomic_dec_and_test(&conn->devref))
778 hci_conn_del_sysfs(conn);
780 EXPORT_SYMBOL(hci_conn_put_device);
782 int hci_get_conn_list(void __user *arg)
785 struct hci_conn_list_req req, *cl;
786 struct hci_conn_info *ci;
787 struct hci_dev *hdev;
788 int n = 0, size, err;
790 if (copy_from_user(&req, arg, sizeof(req)))
793 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
796 size = sizeof(req) + req.conn_num * sizeof(*ci);
798 cl = kmalloc(size, GFP_KERNEL);
802 hdev = hci_dev_get(req.dev_id);
811 list_for_each_entry(c, &hdev->conn_hash.list, list) {
812 bacpy(&(ci + n)->bdaddr, &c->dst);
813 (ci + n)->handle = c->handle;
814 (ci + n)->type = c->type;
815 (ci + n)->out = c->out;
816 (ci + n)->state = c->state;
817 (ci + n)->link_mode = c->link_mode;
818 if (++n >= req.conn_num)
821 hci_dev_unlock(hdev);
823 cl->dev_id = hdev->id;
825 size = sizeof(req) + n * sizeof(*ci);
829 err = copy_to_user(arg, cl, size);
832 return err ? -EFAULT : 0;
835 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
837 struct hci_conn_info_req req;
838 struct hci_conn_info ci;
839 struct hci_conn *conn;
840 char __user *ptr = arg + sizeof(req);
842 if (copy_from_user(&req, arg, sizeof(req)))
846 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
848 bacpy(&ci.bdaddr, &conn->dst);
849 ci.handle = conn->handle;
850 ci.type = conn->type;
852 ci.state = conn->state;
853 ci.link_mode = conn->link_mode;
855 hci_dev_unlock(hdev);
860 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
863 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
865 struct hci_auth_info_req req;
866 struct hci_conn *conn;
868 if (copy_from_user(&req, arg, sizeof(req)))
872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
874 req.type = conn->auth_type;
875 hci_dev_unlock(hdev);
880 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
883 struct hci_chan *hci_chan_create(struct hci_conn *conn)
885 struct hci_dev *hdev = conn->hdev;
886 struct hci_chan *chan;
888 BT_DBG("%s conn %p", hdev->name, conn);
890 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
895 skb_queue_head_init(&chan->data_q);
897 list_add_rcu(&chan->list, &conn->chan_list);
902 int hci_chan_del(struct hci_chan *chan)
904 struct hci_conn *conn = chan->conn;
905 struct hci_dev *hdev = conn->hdev;
907 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
909 list_del_rcu(&chan->list);
913 skb_queue_purge(&chan->data_q);
919 void hci_chan_list_flush(struct hci_conn *conn)
921 struct hci_chan *chan, *n;
923 BT_DBG("conn %p", conn);
925 list_for_each_entry_safe(chan, n, &conn->chan_list, list)