projects / kernel / linux-2.6.36.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
upload tizen1.0 source
[kernel/linux-2.6.36.git] / net / bluetooth / hci_conn.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 #define FEATURE_ENCRY_PENDING_B4_AUTH
49
50 void hci_acl_connect(struct hci_conn *conn)
51 {
52         struct hci_dev *hdev = conn->hdev;
53         struct inquiry_entry *ie;
54         struct hci_cp_create_conn cp;
55
56         BT_DBG("%p", conn);
57
58         conn->state = BT_CONNECT;
59         conn->out = 1;
60
61         conn->link_mode = HCI_LM_MASTER;
62
63         conn->attempt++;
64
65         conn->link_policy = hdev->link_policy;
66
67         memset(&cp, 0, sizeof(cp));
68         bacpy(&cp.bdaddr, &conn->dst);
69         cp.pscan_rep_mode = 0x02;
70
71         if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
72                 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
73                         cp.pscan_rep_mode = ie->data.pscan_rep_mode;
74                         cp.pscan_mode     = ie->data.pscan_mode;
75                         cp.clock_offset   = ie->data.clock_offset |
76                                                         cpu_to_le16(0x8000);
77                 }
78
79                 memcpy(conn->dev_class, ie->data.dev_class, 3);
80                 conn->ssp_mode = ie->data.ssp_mode;
81         }
82
83         cp.pkt_type = cpu_to_le16(conn->pkt_type);
84         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
85                 cp.role_switch = 0x01;
86         else
87                 cp.role_switch = 0x00;
88
89         hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
90 }
91
92 static void hci_acl_connect_cancel(struct hci_conn *conn)
93 {
94         struct hci_cp_create_conn_cancel cp;
95
96         BT_DBG("%p", conn);
97
98         if (conn->hdev->hci_ver < 2)
99                 return;
100
101         bacpy(&cp.bdaddr, &conn->dst);
102         hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
103 }
104
105 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
106 {
107         struct hci_cp_disconnect cp;
108
109         BT_DBG("%p", conn);
110
111         conn->state = BT_DISCONN;
112
113         cp.handle = cpu_to_le16(conn->handle);
114         cp.reason = reason;
115         hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
116 }
117
118 void hci_add_sco(struct hci_conn *conn, __u16 handle)
119 {
120         struct hci_dev *hdev = conn->hdev;
121         struct hci_cp_add_sco cp;
122
123         BT_DBG("%p", conn);
124
125         conn->state = BT_CONNECT;
126         conn->out = 1;
127
128         conn->attempt++;
129
130         cp.handle   = cpu_to_le16(handle);
131         cp.pkt_type = cpu_to_le16(conn->pkt_type);
132
133         hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
134 }
135
136 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
137 {
138         struct hci_dev *hdev = conn->hdev;
139         struct hci_cp_setup_sync_conn cp;
140
141         BT_DBG("%p", conn);
142
143         conn->state = BT_CONNECT;
144         conn->out = 1;
145
146         conn->attempt++;
147
148         cp.handle   = cpu_to_le16(handle);
149         cp.pkt_type = cpu_to_le16(conn->pkt_type);
150
151         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
152         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
153         cp.max_latency    = cpu_to_le16(0xffff);
154         cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
155         cp.retrans_effort = 0xff;
156
157         hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
158 }
159
160 /* Device _must_ be locked */
161 void hci_sco_setup(struct hci_conn *conn, __u8 status)
162 {
163         struct hci_conn *sco = conn->link;
164
165         BT_DBG("%p", conn);
166
167         if (!sco)
168                 return;
169
170         if (!status) {
171                 if (lmp_esco_capable(conn->hdev))
172                         hci_setup_sync(sco, conn->handle);
173                 else
174                         hci_add_sco(sco, conn->handle);
175         } else {
176                 hci_proto_connect_cfm(sco, status);
177                 hci_conn_del(sco);
178         }
179 }
180
181 static void hci_conn_timeout(unsigned long arg)
182 {
183         struct hci_conn *conn = (void *) arg;
184         struct hci_dev *hdev = conn->hdev;
185         __u8 reason;
186
187         BT_DBG("conn %p state %d", conn, conn->state);
188
189         if (atomic_read(&conn->refcnt))
190                 return;
191
192         hci_dev_lock(hdev);
193
194         switch (conn->state) {
195         case BT_CONNECT:
196         case BT_CONNECT2:
197                 if (conn->type == ACL_LINK && conn->out)
198                         hci_acl_connect_cancel(conn);
199                 break;
200         case BT_CONFIG:
201         case BT_CONNECTED:
202                 reason = hci_proto_disconn_ind(conn);
203                 hci_acl_disconn(conn, reason);
204                 break;
205         default:
206                 conn->state = BT_CLOSED;
207                 break;
208         }
209
210         hci_dev_unlock(hdev);
211 }
212
213 static void hci_conn_idle(unsigned long arg)
214 {
215         struct hci_conn *conn = (void *) arg;
216
217         BT_DBG("conn %p mode %d", conn, conn->mode);
218
219         hci_conn_enter_sniff_mode(conn);
220 }
221
222 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
223 {
224         struct hci_conn *conn;
225
226         BT_DBG("%s dst %s", hdev->name, batostr(dst));
227
228         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
229         if (!conn)
230                 return NULL;
231
232         bacpy(&conn->dst, dst);
233         conn->hdev  = hdev;
234         conn->type  = type;
235         conn->mode  = HCI_CM_ACTIVE;
236         conn->state = BT_OPEN;
237         conn->auth_type = HCI_AT_GENERAL_BONDING;
238
239         conn->power_save = 1;
240         conn->disc_timeout = HCI_DISCONN_TIMEOUT;
241
242         switch (type) {
243         case ACL_LINK:
244                 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
245                 break;
246         case SCO_LINK:
247                 if (lmp_esco_capable(hdev))
248                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
249                                         (hdev->esco_type & EDR_ESCO_MASK);
250                 else
251                         conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
252                 break;
253         case ESCO_LINK:
254                 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
255                 break;
256         }
257
258         skb_queue_head_init(&conn->data_q);
259
260         setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
261         setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
262
263         atomic_set(&conn->refcnt, 0);
264
265         hci_dev_hold(hdev);
266
267         tasklet_disable(&hdev->tx_task);
268
269         hci_conn_hash_add(hdev, conn);
270         if (hdev->notify)
271                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
272
273         atomic_set(&conn->devref, 0);
274
275         hci_conn_init_sysfs(conn);
276
277         tasklet_enable(&hdev->tx_task);
278
279         return conn;
280 }
281
282 int hci_conn_del(struct hci_conn *conn)
283 {
284         struct hci_dev *hdev = conn->hdev;
285
286         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
287
288         del_timer(&conn->idle_timer);
289
290         del_timer(&conn->disc_timer);
291
292         if (conn->type == ACL_LINK) {
293                 struct hci_conn *sco = conn->link;
294                 if (sco)
295                         sco->link = NULL;
296
297                 /* Unacked frames */
298                 hdev->acl_cnt += conn->sent;
299         } else {
300                 struct hci_conn *acl = conn->link;
301                 if (acl) {
302                         acl->link = NULL;
303                         hci_conn_put(acl);
304                 }
305         }
306
307         tasklet_disable(&hdev->tx_task);
308
309         hci_conn_hash_del(hdev, conn);
310         if (hdev->notify)
311                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
312
313         tasklet_enable(&hdev->tx_task);
314
315         skb_queue_purge(&conn->data_q);
316
317         hci_conn_put_device(conn);
318
319         hci_dev_put(hdev);
320
321         return 0;
322 }
323
324 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
325 {
326         int use_src = bacmp(src, BDADDR_ANY);
327         struct hci_dev *hdev = NULL;
328         struct list_head *p;
329
330         BT_DBG("%s -> %s", batostr(src), batostr(dst));
331
332         read_lock_bh(&hci_dev_list_lock);
333
334         list_for_each(p, &hci_dev_list) {
335                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
336
337                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
338                         continue;
339
340                 /* Simple routing:
341                  *   No source address - find interface with bdaddr != dst
342                  *   Source address    - find interface with bdaddr == src
343                  */
344
345                 if (use_src) {
346                         if (!bacmp(&d->bdaddr, src)) {
347                                 hdev = d; break;
348                         }
349                 } else {
350                         if (bacmp(&d->bdaddr, dst)) {
351                                 hdev = d; break;
352                         }
353                 }
354         }
355
356         if (hdev)
357                 hdev = hci_dev_hold(hdev);
358
359         read_unlock_bh(&hci_dev_list_lock);
360         return hdev;
361 }
362 EXPORT_SYMBOL(hci_get_route);
363
364 /* Create SCO or ACL connection.
365  * Device _must_ be locked */
366 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
367 {
368         struct hci_conn *acl;
369         struct hci_conn *sco;
370
371         BT_DBG("%s dst %s", hdev->name, batostr(dst));
372
373         if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
374                 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
375                         return NULL;
376         }
377
378         hci_conn_hold(acl);
379
380         if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
381                 acl->sec_level = sec_level;
382                 acl->auth_type = auth_type;
383                 hci_acl_connect(acl);
384         } else {
385                 if (acl->sec_level < sec_level)
386                         acl->sec_level = sec_level;
387                 if (acl->auth_type < auth_type)
388                         acl->auth_type = auth_type;
389         }
390
391         if (type == ACL_LINK)
392                 return acl;
393
394         if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
395                 if (!(sco = hci_conn_add(hdev, type, dst))) {
396                         hci_conn_put(acl);
397                         return NULL;
398                 }
399         }
400
401         acl->link = sco;
402         sco->link = acl;
403
404         hci_conn_hold(sco);
405
406         if (acl->state == BT_CONNECTED &&
407                         (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
408                 acl->power_save = 1;
409                 hci_conn_enter_active_mode(acl);
410
411                 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
412                         /* defer SCO setup until mode change completed */
413                         set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
414                         return sco;
415                 }
416
417                 hci_sco_setup(acl, 0x00);
418         }
419
420         return sco;
421 }
422 EXPORT_SYMBOL(hci_connect);
423
424 /* Check link security requirement */
425 int hci_conn_check_link_mode(struct hci_conn *conn)
426 {
427         BT_DBG("conn %p", conn);
428
429         if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
430                                         !(conn->link_mode & HCI_LM_ENCRYPT))
431                 return 0;
432
433         return 1;
434 }
435 EXPORT_SYMBOL(hci_conn_check_link_mode);
436
437 /* Authenticate remote device */
438 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
439 {
440         BT_DBG("conn %p", conn);
441
442         if (sec_level > conn->sec_level)
443                 conn->sec_level = sec_level;
444         else if (conn->link_mode & HCI_LM_AUTH)
445                 return 1;
446
447         conn->auth_type = auth_type;
448
449         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
450                 struct hci_cp_auth_requested cp;
451 #ifdef FEATURE_ENCRY_PENDING_B4_AUTH
452
453                 /* encryption must be pending if auth is also pending */
454                 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
455
456 #endif
457                 cp.handle = cpu_to_le16(conn->handle);
458                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
459                                                         sizeof(cp), &cp);
460         }
461
462         return 0;
463 }
464
465 /* Enable security */
466 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
467 {
468         BT_DBG("conn %p", conn);
469
470         if (sec_level == BT_SECURITY_SDP)
471                 return 1;
472
473         if (sec_level == BT_SECURITY_LOW &&
474                                 (!conn->ssp_mode || !conn->hdev->ssp_mode))
475                 return 1;
476
477         if (conn->link_mode & HCI_LM_ENCRYPT)
478                 return hci_conn_auth(conn, sec_level, auth_type);
479
480         if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
481                 return 0;
482
483         if (hci_conn_auth(conn, sec_level, auth_type)) {
484                 struct hci_cp_set_conn_encrypt cp;
485                 cp.handle  = cpu_to_le16(conn->handle);
486                 cp.encrypt = 1;
487                 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
488                                                         sizeof(cp), &cp);
489         }
490
491         return 0;
492 }
493 EXPORT_SYMBOL(hci_conn_security);
494
495 /* Change link key */
496 int hci_conn_change_link_key(struct hci_conn *conn)
497 {
498         BT_DBG("conn %p", conn);
499
500         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
501                 struct hci_cp_change_conn_link_key cp;
502                 cp.handle = cpu_to_le16(conn->handle);
503                 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
504                                                         sizeof(cp), &cp);
505         }
506
507         return 0;
508 }
509 EXPORT_SYMBOL(hci_conn_change_link_key);
510
511 /* Switch role */
512 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
513 {
514         BT_DBG("conn %p", conn);
515
516         if (!role && conn->link_mode & HCI_LM_MASTER)
517                 return 1;
518
519         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
520                 struct hci_cp_switch_role cp;
521                 bacpy(&cp.bdaddr, &conn->dst);
522                 cp.role = role;
523                 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
524         }
525
526         return 0;
527 }
528 EXPORT_SYMBOL(hci_conn_switch_role);
529
530 /* Enter active mode */
531 void hci_conn_enter_active_mode(struct hci_conn *conn)
532 {
533         struct hci_dev *hdev = conn->hdev;
534
535         BT_DBG("conn %p mode %d", conn, conn->mode);
536
537         if (test_bit(HCI_RAW, &hdev->flags))
538                 return;
539
540         if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
541                 goto timer;
542
543         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
544                 struct hci_cp_exit_sniff_mode cp;
545                 cp.handle = cpu_to_le16(conn->handle);
546                 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
547         }
548
549 timer:
550         if (hdev->idle_timeout > 0)
551                 mod_timer(&conn->idle_timer,
552                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
553 }
554
555 /* Enter sniff mode */
556 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
557 {
558         struct hci_dev *hdev = conn->hdev;
559
560         BT_DBG("conn %p mode %d", conn, conn->mode);
561
562         if (test_bit(HCI_RAW, &hdev->flags))
563                 return;
564
565         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
566                 return;
567
568         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
569                 return;
570
571         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
572                 struct hci_cp_sniff_subrate cp;
573                 cp.handle             = cpu_to_le16(conn->handle);
574                 cp.max_latency        = cpu_to_le16(0);
575                 cp.min_remote_timeout = cpu_to_le16(0);
576                 cp.min_local_timeout  = cpu_to_le16(0);
577                 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
578         }
579
580         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
581                 struct hci_cp_sniff_mode cp;
582                 cp.handle       = cpu_to_le16(conn->handle);
583                 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
584                 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
585                 cp.attempt      = cpu_to_le16(4);
586                 cp.timeout      = cpu_to_le16(1);
587                 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
588         }
589 }
590
591 /* Drop all connection on the device */
592 void hci_conn_hash_flush(struct hci_dev *hdev)
593 {
594         struct hci_conn_hash *h = &hdev->conn_hash;
595         struct list_head *p;
596
597         BT_DBG("hdev %s", hdev->name);
598
599         p = h->list.next;
600         while (p != &h->list) {
601                 struct hci_conn *c;
602
603                 c = list_entry(p, struct hci_conn, list);
604                 p = p->next;
605
606                 c->state = BT_CLOSED;
607
608                 hci_proto_disconn_cfm(c, 0x16);
609                 hci_conn_del(c);
610         }
611 }
612
613 /* Check pending connect attempts */
614 void hci_conn_check_pending(struct hci_dev *hdev)
615 {
616         struct hci_conn *conn;
617
618         BT_DBG("hdev %s", hdev->name);
619
620         hci_dev_lock(hdev);
621
622         conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
623         if (conn)
624                 hci_acl_connect(conn);
625
626         hci_dev_unlock(hdev);
627 }
628
629 void hci_conn_hold_device(struct hci_conn *conn)
630 {
631         atomic_inc(&conn->devref);
632 }
633 EXPORT_SYMBOL(hci_conn_hold_device);
634
635 void hci_conn_put_device(struct hci_conn *conn)
636 {
637         if (atomic_dec_and_test(&conn->devref))
638                 hci_conn_del_sysfs(conn);
639 }
640 EXPORT_SYMBOL(hci_conn_put_device);
641
642 int hci_get_conn_list(void __user *arg)
643 {
644         struct hci_conn_list_req req, *cl;
645         struct hci_conn_info *ci;
646         struct hci_dev *hdev;
647         struct list_head *p;
648         int n = 0, size, err;
649
650         if (copy_from_user(&req, arg, sizeof(req)))
651                 return -EFAULT;
652
653         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
654                 return -EINVAL;
655
656         size = sizeof(req) + req.conn_num * sizeof(*ci);
657
658         if (!(cl = kmalloc(size, GFP_KERNEL)))
659                 return -ENOMEM;
660
661         if (!(hdev = hci_dev_get(req.dev_id))) {
662                 kfree(cl);
663                 return -ENODEV;
664         }
665
666         ci = cl->conn_info;
667
668         hci_dev_lock_bh(hdev);
669         list_for_each(p, &hdev->conn_hash.list) {
670                 register struct hci_conn *c;
671                 c = list_entry(p, struct hci_conn, list);
672
673                 bacpy(&(ci + n)->bdaddr, &c->dst);
674                 (ci + n)->handle = c->handle;
675                 (ci + n)->type  = c->type;
676                 (ci + n)->out   = c->out;
677                 (ci + n)->state = c->state;
678                 (ci + n)->link_mode = c->link_mode;
679                 if (++n >= req.conn_num)
680                         break;
681         }
682         hci_dev_unlock_bh(hdev);
683
684         cl->dev_id = hdev->id;
685         cl->conn_num = n;
686         size = sizeof(req) + n * sizeof(*ci);
687
688         hci_dev_put(hdev);
689
690         err = copy_to_user(arg, cl, size);
691         kfree(cl);
692
693         return err ? -EFAULT : 0;
694 }
695
696 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
697 {
698         struct hci_conn_info_req req;
699         struct hci_conn_info ci;
700         struct hci_conn *conn;
701         char __user *ptr = arg + sizeof(req);
702
703         if (copy_from_user(&req, arg, sizeof(req)))
704                 return -EFAULT;
705
706         hci_dev_lock_bh(hdev);
707         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
708         if (conn) {
709                 bacpy(&ci.bdaddr, &conn->dst);
710                 ci.handle = conn->handle;
711                 ci.type  = conn->type;
712                 ci.out   = conn->out;
713                 ci.state = conn->state;
714                 ci.link_mode = conn->link_mode;
715         }
716         hci_dev_unlock_bh(hdev);
717
718         if (!conn)
719                 return -ENOENT;
720
721         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
722 }
723
724 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
725 {
726         struct hci_auth_info_req req;
727         struct hci_conn *conn;
728
729         if (copy_from_user(&req, arg, sizeof(req)))
730                 return -EFAULT;
731
732         hci_dev_lock_bh(hdev);
733         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
734         if (conn)
735                 req.type = conn->auth_type;
736         hci_dev_unlock_bh(hdev);
737
738         if (!conn)
739                 return -ENOENT;
740
741         return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
742 }
Domain: System / Kernel;