2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/smp.h>
49 static void hci_le_connect(struct hci_conn *conn)
51 struct hci_dev *hdev = conn->hdev;
52 struct hci_cp_le_create_conn cp;
54 conn->state = BT_CONNECT;
56 conn->link_mode |= HCI_LM_MASTER;
57 conn->sec_level = BT_SECURITY_LOW;
59 memset(&cp, 0, sizeof(cp));
60 cp.scan_interval = cpu_to_le16(0x0060);
61 cp.scan_window = cpu_to_le16(0x0030);
62 bacpy(&cp.peer_addr, &conn->dst);
63 cp.peer_addr_type = conn->dst_type;
64 cp.conn_interval_min = cpu_to_le16(0x0028);
65 cp.conn_interval_max = cpu_to_le16(0x0038);
66 cp.supervision_timeout = cpu_to_le16(0x002a);
67 cp.min_ce_len = cpu_to_le16(0x0000);
68 cp.max_ce_len = cpu_to_le16(0x0000);
70 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
73 static void hci_le_connect_cancel(struct hci_conn *conn)
75 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
78 void hci_acl_connect(struct hci_conn *conn)
80 struct hci_dev *hdev = conn->hdev;
81 struct inquiry_entry *ie;
82 struct hci_cp_create_conn cp;
86 conn->state = BT_CONNECT;
89 conn->link_mode = HCI_LM_MASTER;
93 conn->link_policy = hdev->link_policy;
95 memset(&cp, 0, sizeof(cp));
96 bacpy(&cp.bdaddr, &conn->dst);
97 cp.pscan_rep_mode = 0x02;
99 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
101 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
102 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
103 cp.pscan_mode = ie->data.pscan_mode;
104 cp.clock_offset = ie->data.clock_offset |
108 memcpy(conn->dev_class, ie->data.dev_class, 3);
109 conn->ssp_mode = ie->data.ssp_mode;
112 cp.pkt_type = cpu_to_le16(conn->pkt_type);
113 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
114 cp.role_switch = 0x01;
116 cp.role_switch = 0x00;
118 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
121 static void hci_acl_connect_cancel(struct hci_conn *conn)
123 struct hci_cp_create_conn_cancel cp;
127 if (conn->hdev->hci_ver < 2)
130 bacpy(&cp.bdaddr, &conn->dst);
131 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
134 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
136 struct hci_cp_disconnect cp;
140 conn->state = BT_DISCONN;
142 cp.handle = cpu_to_le16(conn->handle);
144 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
147 void hci_add_sco(struct hci_conn *conn, __u16 handle)
149 struct hci_dev *hdev = conn->hdev;
150 struct hci_cp_add_sco cp;
154 conn->state = BT_CONNECT;
159 cp.handle = cpu_to_le16(handle);
160 cp.pkt_type = cpu_to_le16(conn->pkt_type);
162 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
165 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
167 struct hci_dev *hdev = conn->hdev;
168 struct hci_cp_setup_sync_conn cp;
172 conn->state = BT_CONNECT;
177 cp.handle = cpu_to_le16(handle);
178 cp.pkt_type = cpu_to_le16(conn->pkt_type);
180 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
181 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
182 cp.max_latency = cpu_to_le16(0xffff);
183 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
184 cp.retrans_effort = 0xff;
186 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
189 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
190 u16 latency, u16 to_multiplier)
192 struct hci_cp_le_conn_update cp;
193 struct hci_dev *hdev = conn->hdev;
195 memset(&cp, 0, sizeof(cp));
197 cp.handle = cpu_to_le16(conn->handle);
198 cp.conn_interval_min = cpu_to_le16(min);
199 cp.conn_interval_max = cpu_to_le16(max);
200 cp.conn_latency = cpu_to_le16(latency);
201 cp.supervision_timeout = cpu_to_le16(to_multiplier);
202 cp.min_ce_len = cpu_to_le16(0x0001);
203 cp.max_ce_len = cpu_to_le16(0x0001);
205 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
207 EXPORT_SYMBOL(hci_le_conn_update);
209 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
212 struct hci_dev *hdev = conn->hdev;
213 struct hci_cp_le_start_enc cp;
217 memset(&cp, 0, sizeof(cp));
219 cp.handle = cpu_to_le16(conn->handle);
220 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
222 memcpy(cp.rand, rand, sizeof(cp.rand));
224 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
226 EXPORT_SYMBOL(hci_le_start_enc);
228 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
230 struct hci_dev *hdev = conn->hdev;
231 struct hci_cp_le_ltk_reply cp;
235 memset(&cp, 0, sizeof(cp));
237 cp.handle = cpu_to_le16(conn->handle);
238 memcpy(cp.ltk, ltk, sizeof(ltk));
240 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
242 EXPORT_SYMBOL(hci_le_ltk_reply);
244 void hci_le_ltk_neg_reply(struct hci_conn *conn)
246 struct hci_dev *hdev = conn->hdev;
247 struct hci_cp_le_ltk_neg_reply cp;
251 memset(&cp, 0, sizeof(cp));
253 cp.handle = cpu_to_le16(conn->handle);
255 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
258 /* Device _must_ be locked */
259 void hci_sco_setup(struct hci_conn *conn, __u8 status)
261 struct hci_conn *sco = conn->link;
269 if (lmp_esco_capable(conn->hdev))
270 hci_setup_sync(sco, conn->handle);
272 hci_add_sco(sco, conn->handle);
274 hci_proto_connect_cfm(sco, status);
279 static void hci_conn_timeout(unsigned long arg)
281 struct hci_conn *conn = (void *) arg;
282 struct hci_dev *hdev = conn->hdev;
285 BT_DBG("conn %p state %d", conn, conn->state);
287 if (atomic_read(&conn->refcnt))
292 switch (conn->state) {
296 if (conn->type == ACL_LINK)
297 hci_acl_connect_cancel(conn);
298 else if (conn->type == LE_LINK)
299 hci_le_connect_cancel(conn);
304 reason = hci_proto_disconn_ind(conn);
305 hci_acl_disconn(conn, reason);
308 conn->state = BT_CLOSED;
312 hci_dev_unlock(hdev);
315 static void hci_conn_idle(unsigned long arg)
317 struct hci_conn *conn = (void *) arg;
319 BT_DBG("conn %p mode %d", conn, conn->mode);
321 hci_conn_enter_sniff_mode(conn);
324 static void hci_conn_auto_accept(unsigned long arg)
326 struct hci_conn *conn = (void *) arg;
327 struct hci_dev *hdev = conn->hdev;
331 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
334 hci_dev_unlock(hdev);
337 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
339 struct hci_conn *conn;
341 BT_DBG("%s dst %s", hdev->name, batostr(dst));
343 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
347 bacpy(&conn->dst, dst);
350 conn->mode = HCI_CM_ACTIVE;
351 conn->state = BT_OPEN;
352 conn->auth_type = HCI_AT_GENERAL_BONDING;
353 conn->io_capability = hdev->io_capability;
354 conn->remote_auth = 0xff;
355 conn->key_type = 0xff;
357 conn->power_save = 1;
358 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
362 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
365 if (lmp_esco_capable(hdev))
366 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
367 (hdev->esco_type & EDR_ESCO_MASK);
369 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
372 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
376 skb_queue_head_init(&conn->data_q);
378 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
379 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
380 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
381 (unsigned long) conn);
383 atomic_set(&conn->refcnt, 0);
387 tasklet_disable(&hdev->tx_task);
389 hci_conn_hash_add(hdev, conn);
391 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
393 atomic_set(&conn->devref, 0);
395 hci_conn_init_sysfs(conn);
397 tasklet_enable(&hdev->tx_task);
402 int hci_conn_del(struct hci_conn *conn)
404 struct hci_dev *hdev = conn->hdev;
406 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
408 del_timer(&conn->idle_timer);
410 del_timer(&conn->disc_timer);
412 del_timer(&conn->auto_accept_timer);
414 if (conn->type == ACL_LINK) {
415 struct hci_conn *sco = conn->link;
420 hdev->acl_cnt += conn->sent;
421 } else if (conn->type == LE_LINK) {
423 hdev->le_cnt += conn->sent;
425 hdev->acl_cnt += conn->sent;
427 struct hci_conn *acl = conn->link;
434 tasklet_disable(&hdev->tx_task);
436 hci_conn_hash_del(hdev, conn);
438 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
440 tasklet_enable(&hdev->tx_task);
442 skb_queue_purge(&conn->data_q);
444 hci_conn_put_device(conn);
448 if (conn->handle == 0)
454 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
456 int use_src = bacmp(src, BDADDR_ANY);
457 struct hci_dev *hdev = NULL;
460 BT_DBG("%s -> %s", batostr(src), batostr(dst));
462 read_lock_bh(&hci_dev_list_lock);
464 list_for_each(p, &hci_dev_list) {
465 struct hci_dev *d = list_entry(p, struct hci_dev, list);
467 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
471 * No source address - find interface with bdaddr != dst
472 * Source address - find interface with bdaddr == src
476 if (!bacmp(&d->bdaddr, src)) {
480 if (bacmp(&d->bdaddr, dst)) {
487 hdev = hci_dev_hold(hdev);
489 read_unlock_bh(&hci_dev_list_lock);
492 EXPORT_SYMBOL(hci_get_route);
494 /* Create SCO, ACL or LE connection.
495 * Device _must_ be locked */
496 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
498 struct hci_conn *acl;
499 struct hci_conn *sco;
502 BT_DBG("%s dst %s", hdev->name, batostr(dst));
504 if (type == LE_LINK) {
505 struct adv_entry *entry;
507 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
509 return ERR_PTR(-EBUSY);
511 entry = hci_find_adv_entry(hdev, dst);
513 return ERR_PTR(-EHOSTUNREACH);
515 le = hci_conn_add(hdev, LE_LINK, dst);
517 return ERR_PTR(-ENOMEM);
519 le->dst_type = entry->bdaddr_type;
528 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
530 acl = hci_conn_add(hdev, ACL_LINK, dst);
537 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
538 acl->sec_level = BT_SECURITY_LOW;
539 acl->pending_sec_level = sec_level;
540 acl->auth_type = auth_type;
541 hci_acl_connect(acl);
544 if (type == ACL_LINK)
547 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
549 sco = hci_conn_add(hdev, type, dst);
561 if (acl->state == BT_CONNECTED &&
562 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
564 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
566 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
567 /* defer SCO setup until mode change completed */
568 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
572 hci_sco_setup(acl, 0x00);
577 EXPORT_SYMBOL(hci_connect);
579 /* Check link security requirement */
580 int hci_conn_check_link_mode(struct hci_conn *conn)
582 BT_DBG("conn %p", conn);
584 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
585 !(conn->link_mode & HCI_LM_ENCRYPT))
590 EXPORT_SYMBOL(hci_conn_check_link_mode);
592 /* Authenticate remote device */
593 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
595 BT_DBG("conn %p", conn);
597 if (conn->pending_sec_level > sec_level)
598 sec_level = conn->pending_sec_level;
600 if (sec_level > conn->sec_level)
601 conn->pending_sec_level = sec_level;
602 else if (conn->link_mode & HCI_LM_AUTH)
605 /* Make sure we preserve an existing MITM requirement*/
606 auth_type |= (conn->auth_type & 0x01);
608 conn->auth_type = auth_type;
610 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
611 struct hci_cp_auth_requested cp;
613 cp.handle = cpu_to_le16(conn->handle);
614 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
617 /* If we're already encrypted set the REAUTH_PEND flag,
618 * otherwise set the ENCRYPT_PEND.
620 if (conn->link_mode & HCI_LM_ENCRYPT)
621 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
623 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
629 /* Encrypt the the link */
630 static void hci_conn_encrypt(struct hci_conn *conn)
632 BT_DBG("conn %p", conn);
634 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
635 struct hci_cp_set_conn_encrypt cp;
636 cp.handle = cpu_to_le16(conn->handle);
638 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
643 /* Enable security */
644 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
646 BT_DBG("conn %p", conn);
648 #ifdef CONFIG_BT_L2CAP
649 if (conn->type == LE_LINK)
650 return smp_conn_security(conn, sec_level);
653 /* For sdp we don't need the link key. */
654 if (sec_level == BT_SECURITY_SDP)
657 /* For non 2.1 devices and low security level we don't need the link
659 if (sec_level == BT_SECURITY_LOW &&
660 (!conn->ssp_mode || !conn->hdev->ssp_mode))
663 /* For other security levels we need the link key. */
664 if (!(conn->link_mode & HCI_LM_AUTH))
667 /* An authenticated combination key has sufficient security for any
669 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
672 /* An unauthenticated combination key has sufficient security for
673 security level 1 and 2. */
674 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
675 (sec_level == BT_SECURITY_MEDIUM ||
676 sec_level == BT_SECURITY_LOW))
679 /* A combination key has always sufficient security for the security
680 levels 1 or 2. High security level requires the combination key
681 is generated using maximum PIN code length (16).
682 For pre 2.1 units. */
683 if (conn->key_type == HCI_LK_COMBINATION &&
684 (sec_level != BT_SECURITY_HIGH ||
685 conn->pin_length == 16))
689 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
692 if (!hci_conn_auth(conn, sec_level, auth_type))
696 if (conn->link_mode & HCI_LM_ENCRYPT)
699 hci_conn_encrypt(conn);
702 EXPORT_SYMBOL(hci_conn_security);
704 /* Check secure link requirement */
705 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
707 BT_DBG("conn %p", conn);
709 if (sec_level != BT_SECURITY_HIGH)
710 return 1; /* Accept if non-secure is required */
712 if (conn->sec_level == BT_SECURITY_HIGH)
715 return 0; /* Reject not secure link */
717 EXPORT_SYMBOL(hci_conn_check_secure);
719 /* Change link key */
720 int hci_conn_change_link_key(struct hci_conn *conn)
722 BT_DBG("conn %p", conn);
724 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
725 struct hci_cp_change_conn_link_key cp;
726 cp.handle = cpu_to_le16(conn->handle);
727 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
733 EXPORT_SYMBOL(hci_conn_change_link_key);
736 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
738 BT_DBG("conn %p", conn);
740 if (!role && conn->link_mode & HCI_LM_MASTER)
743 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
744 struct hci_cp_switch_role cp;
745 bacpy(&cp.bdaddr, &conn->dst);
747 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
752 EXPORT_SYMBOL(hci_conn_switch_role);
754 /* Enter active mode */
755 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
757 struct hci_dev *hdev = conn->hdev;
759 BT_DBG("conn %p mode %d", conn, conn->mode);
761 if (test_bit(HCI_RAW, &hdev->flags))
764 if (conn->mode != HCI_CM_SNIFF)
767 if (!conn->power_save && !force_active)
770 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
771 struct hci_cp_exit_sniff_mode cp;
772 cp.handle = cpu_to_le16(conn->handle);
773 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
777 if (hdev->idle_timeout > 0)
778 mod_timer(&conn->idle_timer,
779 jiffies + msecs_to_jiffies(hdev->idle_timeout));
782 /* Enter sniff mode */
783 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
785 struct hci_dev *hdev = conn->hdev;
787 BT_DBG("conn %p mode %d", conn, conn->mode);
789 if (test_bit(HCI_RAW, &hdev->flags))
792 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
795 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
798 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
799 struct hci_cp_sniff_subrate cp;
800 cp.handle = cpu_to_le16(conn->handle);
801 cp.max_latency = cpu_to_le16(0);
802 cp.min_remote_timeout = cpu_to_le16(0);
803 cp.min_local_timeout = cpu_to_le16(0);
804 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
807 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
808 struct hci_cp_sniff_mode cp;
809 cp.handle = cpu_to_le16(conn->handle);
810 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
811 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
812 cp.attempt = cpu_to_le16(4);
813 cp.timeout = cpu_to_le16(1);
814 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
818 /* Drop all connection on the device */
819 void hci_conn_hash_flush(struct hci_dev *hdev)
821 struct hci_conn_hash *h = &hdev->conn_hash;
824 BT_DBG("hdev %s", hdev->name);
827 while (p != &h->list) {
830 c = list_entry(p, struct hci_conn, list);
833 c->state = BT_CLOSED;
835 hci_proto_disconn_cfm(c, 0x16);
840 /* Check pending connect attempts */
841 void hci_conn_check_pending(struct hci_dev *hdev)
843 struct hci_conn *conn;
845 BT_DBG("hdev %s", hdev->name);
849 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
851 hci_acl_connect(conn);
853 hci_dev_unlock(hdev);
856 void hci_conn_hold_device(struct hci_conn *conn)
858 atomic_inc(&conn->devref);
860 EXPORT_SYMBOL(hci_conn_hold_device);
862 void hci_conn_put_device(struct hci_conn *conn)
864 if (atomic_dec_and_test(&conn->devref))
865 hci_conn_del_sysfs(conn);
867 EXPORT_SYMBOL(hci_conn_put_device);
869 int hci_get_conn_list(void __user *arg)
871 struct hci_conn_list_req req, *cl;
872 struct hci_conn_info *ci;
873 struct hci_dev *hdev;
875 int n = 0, size, err;
877 if (copy_from_user(&req, arg, sizeof(req)))
880 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
883 size = sizeof(req) + req.conn_num * sizeof(*ci);
885 cl = kmalloc(size, GFP_KERNEL);
889 hdev = hci_dev_get(req.dev_id);
897 hci_dev_lock_bh(hdev);
898 list_for_each(p, &hdev->conn_hash.list) {
899 register struct hci_conn *c;
900 c = list_entry(p, struct hci_conn, list);
902 bacpy(&(ci + n)->bdaddr, &c->dst);
903 (ci + n)->handle = c->handle;
904 (ci + n)->type = c->type;
905 (ci + n)->out = c->out;
906 (ci + n)->state = c->state;
907 (ci + n)->link_mode = c->link_mode;
908 if (++n >= req.conn_num)
911 hci_dev_unlock_bh(hdev);
913 cl->dev_id = hdev->id;
915 size = sizeof(req) + n * sizeof(*ci);
919 err = copy_to_user(arg, cl, size);
922 return err ? -EFAULT : 0;
925 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
927 struct hci_conn_info_req req;
928 struct hci_conn_info ci;
929 struct hci_conn *conn;
930 char __user *ptr = arg + sizeof(req);
932 if (copy_from_user(&req, arg, sizeof(req)))
935 hci_dev_lock_bh(hdev);
936 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
938 bacpy(&ci.bdaddr, &conn->dst);
939 ci.handle = conn->handle;
940 ci.type = conn->type;
942 ci.state = conn->state;
943 ci.link_mode = conn->link_mode;
945 hci_dev_unlock_bh(hdev);
950 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
953 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
955 struct hci_auth_info_req req;
956 struct hci_conn *conn;
958 if (copy_from_user(&req, arg, sizeof(req)))
961 hci_dev_lock_bh(hdev);
962 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
964 req.type = conn->auth_type;
965 hci_dev_unlock_bh(hdev);
970 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;