2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/smp.h>
49 static void hci_le_connect(struct hci_conn *conn)
51 struct hci_dev *hdev = conn->hdev;
52 struct hci_cp_le_create_conn cp;
54 conn->state = BT_CONNECT;
56 conn->link_mode |= HCI_LM_MASTER;
57 conn->sec_level = BT_SECURITY_LOW;
59 memset(&cp, 0, sizeof(cp));
60 cp.scan_interval = cpu_to_le16(0x0060);
61 cp.scan_window = cpu_to_le16(0x0030);
62 bacpy(&cp.peer_addr, &conn->dst);
63 cp.peer_addr_type = conn->dst_type;
64 cp.conn_interval_min = cpu_to_le16(0x0028);
65 cp.conn_interval_max = cpu_to_le16(0x0038);
66 cp.supervision_timeout = cpu_to_le16(0x002a);
67 cp.min_ce_len = cpu_to_le16(0x0000);
68 cp.max_ce_len = cpu_to_le16(0x0000);
70 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
73 static void hci_le_connect_cancel(struct hci_conn *conn)
75 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
78 void hci_acl_connect(struct hci_conn *conn)
80 struct hci_dev *hdev = conn->hdev;
81 struct inquiry_entry *ie;
82 struct hci_cp_create_conn cp;
86 conn->state = BT_CONNECT;
89 conn->link_mode = HCI_LM_MASTER;
93 conn->link_policy = hdev->link_policy;
95 memset(&cp, 0, sizeof(cp));
96 bacpy(&cp.bdaddr, &conn->dst);
97 cp.pscan_rep_mode = 0x02;
99 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
101 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
102 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
103 cp.pscan_mode = ie->data.pscan_mode;
104 cp.clock_offset = ie->data.clock_offset |
108 memcpy(conn->dev_class, ie->data.dev_class, 3);
109 conn->ssp_mode = ie->data.ssp_mode;
112 cp.pkt_type = cpu_to_le16(conn->pkt_type);
113 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
114 cp.role_switch = 0x01;
116 cp.role_switch = 0x00;
118 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
121 static void hci_acl_connect_cancel(struct hci_conn *conn)
123 struct hci_cp_create_conn_cancel cp;
127 if (conn->hdev->hci_ver < 2)
130 bacpy(&cp.bdaddr, &conn->dst);
131 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
134 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
136 struct hci_cp_disconnect cp;
140 conn->state = BT_DISCONN;
142 cp.handle = cpu_to_le16(conn->handle);
144 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
147 void hci_add_sco(struct hci_conn *conn, __u16 handle)
149 struct hci_dev *hdev = conn->hdev;
150 struct hci_cp_add_sco cp;
154 conn->state = BT_CONNECT;
159 cp.handle = cpu_to_le16(handle);
160 cp.pkt_type = cpu_to_le16(conn->pkt_type);
162 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
165 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
167 struct hci_dev *hdev = conn->hdev;
168 struct hci_cp_setup_sync_conn cp;
172 conn->state = BT_CONNECT;
177 cp.handle = cpu_to_le16(handle);
178 cp.pkt_type = cpu_to_le16(conn->pkt_type);
180 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
181 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
182 cp.max_latency = cpu_to_le16(0xffff);
183 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
184 cp.retrans_effort = 0xff;
186 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
189 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
190 u16 latency, u16 to_multiplier)
192 struct hci_cp_le_conn_update cp;
193 struct hci_dev *hdev = conn->hdev;
195 memset(&cp, 0, sizeof(cp));
197 cp.handle = cpu_to_le16(conn->handle);
198 cp.conn_interval_min = cpu_to_le16(min);
199 cp.conn_interval_max = cpu_to_le16(max);
200 cp.conn_latency = cpu_to_le16(latency);
201 cp.supervision_timeout = cpu_to_le16(to_multiplier);
202 cp.min_ce_len = cpu_to_le16(0x0001);
203 cp.max_ce_len = cpu_to_le16(0x0001);
205 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
207 EXPORT_SYMBOL(hci_le_conn_update);
209 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
212 struct hci_dev *hdev = conn->hdev;
213 struct hci_cp_le_start_enc cp;
217 memset(&cp, 0, sizeof(cp));
219 cp.handle = cpu_to_le16(conn->handle);
220 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
222 memcpy(cp.rand, rand, sizeof(cp.rand));
224 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
226 EXPORT_SYMBOL(hci_le_start_enc);
228 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
230 struct hci_dev *hdev = conn->hdev;
231 struct hci_cp_le_ltk_reply cp;
235 memset(&cp, 0, sizeof(cp));
237 cp.handle = cpu_to_le16(conn->handle);
238 memcpy(cp.ltk, ltk, sizeof(ltk));
240 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
242 EXPORT_SYMBOL(hci_le_ltk_reply);
244 void hci_le_ltk_neg_reply(struct hci_conn *conn)
246 struct hci_dev *hdev = conn->hdev;
247 struct hci_cp_le_ltk_neg_reply cp;
251 memset(&cp, 0, sizeof(cp));
253 cp.handle = cpu_to_le16(conn->handle);
255 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
258 /* Device _must_ be locked */
259 void hci_sco_setup(struct hci_conn *conn, __u8 status)
261 struct hci_conn *sco = conn->link;
269 if (lmp_esco_capable(conn->hdev))
270 hci_setup_sync(sco, conn->handle);
272 hci_add_sco(sco, conn->handle);
274 hci_proto_connect_cfm(sco, status);
279 static void hci_conn_timeout(unsigned long arg)
281 struct hci_conn *conn = (void *) arg;
282 struct hci_dev *hdev = conn->hdev;
285 BT_DBG("conn %p state %d", conn, conn->state);
287 if (atomic_read(&conn->refcnt))
292 switch (conn->state) {
296 if (conn->type == ACL_LINK)
297 hci_acl_connect_cancel(conn);
298 else if (conn->type == LE_LINK)
299 hci_le_connect_cancel(conn);
304 reason = hci_proto_disconn_ind(conn);
305 hci_acl_disconn(conn, reason);
308 conn->state = BT_CLOSED;
312 hci_dev_unlock(hdev);
315 static void hci_conn_idle(unsigned long arg)
317 struct hci_conn *conn = (void *) arg;
319 BT_DBG("conn %p mode %d", conn, conn->mode);
321 hci_conn_enter_sniff_mode(conn);
324 static void hci_conn_auto_accept(unsigned long arg)
326 struct hci_conn *conn = (void *) arg;
327 struct hci_dev *hdev = conn->hdev;
331 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
334 hci_dev_unlock(hdev);
337 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
339 struct hci_conn *conn;
341 BT_DBG("%s dst %s", hdev->name, batostr(dst));
343 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
347 bacpy(&conn->dst, dst);
350 conn->mode = HCI_CM_ACTIVE;
351 conn->state = BT_OPEN;
352 conn->auth_type = HCI_AT_GENERAL_BONDING;
353 conn->io_capability = hdev->io_capability;
354 conn->remote_auth = 0xff;
355 conn->key_type = 0xff;
357 conn->power_save = 1;
358 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
362 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
365 if (lmp_esco_capable(hdev))
366 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
367 (hdev->esco_type & EDR_ESCO_MASK);
369 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
372 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
376 skb_queue_head_init(&conn->data_q);
378 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
379 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
380 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
381 (unsigned long) conn);
383 atomic_set(&conn->refcnt, 0);
387 tasklet_disable(&hdev->tx_task);
389 hci_conn_hash_add(hdev, conn);
391 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
393 atomic_set(&conn->devref, 0);
395 hci_conn_init_sysfs(conn);
397 tasklet_enable(&hdev->tx_task);
402 int hci_conn_del(struct hci_conn *conn)
404 struct hci_dev *hdev = conn->hdev;
406 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
408 del_timer(&conn->idle_timer);
410 del_timer(&conn->disc_timer);
412 del_timer(&conn->auto_accept_timer);
414 if (conn->type == ACL_LINK) {
415 struct hci_conn *sco = conn->link;
420 hdev->acl_cnt += conn->sent;
421 } else if (conn->type == LE_LINK) {
423 hdev->le_cnt += conn->sent;
425 hdev->acl_cnt += conn->sent;
427 struct hci_conn *acl = conn->link;
434 tasklet_disable(&hdev->tx_task);
436 hci_conn_hash_del(hdev, conn);
438 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
440 tasklet_enable(&hdev->tx_task);
442 skb_queue_purge(&conn->data_q);
444 hci_conn_put_device(conn);
448 if (conn->handle == 0)
454 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
456 int use_src = bacmp(src, BDADDR_ANY);
457 struct hci_dev *hdev = NULL;
460 BT_DBG("%s -> %s", batostr(src), batostr(dst));
462 read_lock_bh(&hci_dev_list_lock);
464 list_for_each(p, &hci_dev_list) {
465 struct hci_dev *d = list_entry(p, struct hci_dev, list);
467 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
471 * No source address - find interface with bdaddr != dst
472 * Source address - find interface with bdaddr == src
476 if (!bacmp(&d->bdaddr, src)) {
480 if (bacmp(&d->bdaddr, dst)) {
487 hdev = hci_dev_hold(hdev);
489 read_unlock_bh(&hci_dev_list_lock);
492 EXPORT_SYMBOL(hci_get_route);
494 /* Create SCO, ACL or LE connection.
495 * Device _must_ be locked */
496 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
498 struct hci_conn *acl;
499 struct hci_conn *sco;
502 BT_DBG("%s dst %s", hdev->name, batostr(dst));
504 if (type == LE_LINK) {
505 struct adv_entry *entry;
507 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
509 return ERR_PTR(-EBUSY);
511 entry = hci_find_adv_entry(hdev, dst);
513 return ERR_PTR(-EHOSTUNREACH);
515 le = hci_conn_add(hdev, LE_LINK, dst);
517 return ERR_PTR(-ENOMEM);
519 le->dst_type = entry->bdaddr_type;
528 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
530 acl = hci_conn_add(hdev, ACL_LINK, dst);
537 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
538 acl->sec_level = BT_SECURITY_LOW;
539 acl->pending_sec_level = sec_level;
540 acl->auth_type = auth_type;
541 hci_acl_connect(acl);
544 if (type == ACL_LINK)
547 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
549 sco = hci_conn_add(hdev, type, dst);
561 if (acl->state == BT_CONNECTED &&
562 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
564 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
566 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
567 /* defer SCO setup until mode change completed */
568 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
572 hci_sco_setup(acl, 0x00);
577 EXPORT_SYMBOL(hci_connect);
579 /* Check link security requirement */
580 int hci_conn_check_link_mode(struct hci_conn *conn)
582 BT_DBG("conn %p", conn);
584 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
585 !(conn->link_mode & HCI_LM_ENCRYPT))
590 EXPORT_SYMBOL(hci_conn_check_link_mode);
592 /* Authenticate remote device */
593 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
595 BT_DBG("conn %p", conn);
597 if (conn->pending_sec_level > sec_level)
598 sec_level = conn->pending_sec_level;
600 if (sec_level > conn->sec_level)
601 conn->pending_sec_level = sec_level;
602 else if (conn->link_mode & HCI_LM_AUTH)
605 /* Make sure we preserve an existing MITM requirement*/
606 auth_type |= (conn->auth_type & 0x01);
608 conn->auth_type = auth_type;
610 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
611 struct hci_cp_auth_requested cp;
613 /* encrypt must be pending if auth is also pending */
614 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
616 cp.handle = cpu_to_le16(conn->handle);
617 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
619 if (conn->key_type != 0xff)
620 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
626 /* Encrypt the the link */
627 static void hci_conn_encrypt(struct hci_conn *conn)
629 BT_DBG("conn %p", conn);
631 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
632 struct hci_cp_set_conn_encrypt cp;
633 cp.handle = cpu_to_le16(conn->handle);
635 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
640 /* Enable security */
641 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
643 BT_DBG("conn %p", conn);
645 #ifdef CONFIG_BT_L2CAP
646 if (conn->type == LE_LINK)
647 return smp_conn_security(conn, sec_level);
650 /* For sdp we don't need the link key. */
651 if (sec_level == BT_SECURITY_SDP)
654 /* For non 2.1 devices and low security level we don't need the link
656 if (sec_level == BT_SECURITY_LOW &&
657 (!conn->ssp_mode || !conn->hdev->ssp_mode))
660 /* For other security levels we need the link key. */
661 if (!(conn->link_mode & HCI_LM_AUTH))
664 /* An authenticated combination key has sufficient security for any
666 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
669 /* An unauthenticated combination key has sufficient security for
670 security level 1 and 2. */
671 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
672 (sec_level == BT_SECURITY_MEDIUM ||
673 sec_level == BT_SECURITY_LOW))
676 /* A combination key has always sufficient security for the security
677 levels 1 or 2. High security level requires the combination key
678 is generated using maximum PIN code length (16).
679 For pre 2.1 units. */
680 if (conn->key_type == HCI_LK_COMBINATION &&
681 (sec_level != BT_SECURITY_HIGH ||
682 conn->pin_length == 16))
686 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
689 if (!hci_conn_auth(conn, sec_level, auth_type))
693 if (conn->link_mode & HCI_LM_ENCRYPT)
696 hci_conn_encrypt(conn);
699 EXPORT_SYMBOL(hci_conn_security);
701 /* Check secure link requirement */
702 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
704 BT_DBG("conn %p", conn);
706 if (sec_level != BT_SECURITY_HIGH)
707 return 1; /* Accept if non-secure is required */
709 if (conn->sec_level == BT_SECURITY_HIGH)
712 return 0; /* Reject not secure link */
714 EXPORT_SYMBOL(hci_conn_check_secure);
716 /* Change link key */
717 int hci_conn_change_link_key(struct hci_conn *conn)
719 BT_DBG("conn %p", conn);
721 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
722 struct hci_cp_change_conn_link_key cp;
723 cp.handle = cpu_to_le16(conn->handle);
724 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
730 EXPORT_SYMBOL(hci_conn_change_link_key);
733 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
735 BT_DBG("conn %p", conn);
737 if (!role && conn->link_mode & HCI_LM_MASTER)
740 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
741 struct hci_cp_switch_role cp;
742 bacpy(&cp.bdaddr, &conn->dst);
744 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
749 EXPORT_SYMBOL(hci_conn_switch_role);
751 /* Enter active mode */
752 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
754 struct hci_dev *hdev = conn->hdev;
756 BT_DBG("conn %p mode %d", conn, conn->mode);
758 if (test_bit(HCI_RAW, &hdev->flags))
761 if (conn->mode != HCI_CM_SNIFF)
764 if (!conn->power_save && !force_active)
767 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
768 struct hci_cp_exit_sniff_mode cp;
769 cp.handle = cpu_to_le16(conn->handle);
770 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
774 if (hdev->idle_timeout > 0)
775 mod_timer(&conn->idle_timer,
776 jiffies + msecs_to_jiffies(hdev->idle_timeout));
779 /* Enter sniff mode */
780 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
782 struct hci_dev *hdev = conn->hdev;
784 BT_DBG("conn %p mode %d", conn, conn->mode);
786 if (test_bit(HCI_RAW, &hdev->flags))
789 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
792 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
795 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
796 struct hci_cp_sniff_subrate cp;
797 cp.handle = cpu_to_le16(conn->handle);
798 cp.max_latency = cpu_to_le16(0);
799 cp.min_remote_timeout = cpu_to_le16(0);
800 cp.min_local_timeout = cpu_to_le16(0);
801 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
804 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
805 struct hci_cp_sniff_mode cp;
806 cp.handle = cpu_to_le16(conn->handle);
807 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
808 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
809 cp.attempt = cpu_to_le16(4);
810 cp.timeout = cpu_to_le16(1);
811 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
815 /* Drop all connection on the device */
816 void hci_conn_hash_flush(struct hci_dev *hdev)
818 struct hci_conn_hash *h = &hdev->conn_hash;
821 BT_DBG("hdev %s", hdev->name);
824 while (p != &h->list) {
827 c = list_entry(p, struct hci_conn, list);
830 c->state = BT_CLOSED;
832 hci_proto_disconn_cfm(c, 0x16);
837 /* Check pending connect attempts */
838 void hci_conn_check_pending(struct hci_dev *hdev)
840 struct hci_conn *conn;
842 BT_DBG("hdev %s", hdev->name);
846 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
848 hci_acl_connect(conn);
850 hci_dev_unlock(hdev);
853 void hci_conn_hold_device(struct hci_conn *conn)
855 atomic_inc(&conn->devref);
857 EXPORT_SYMBOL(hci_conn_hold_device);
859 void hci_conn_put_device(struct hci_conn *conn)
861 if (atomic_dec_and_test(&conn->devref))
862 hci_conn_del_sysfs(conn);
864 EXPORT_SYMBOL(hci_conn_put_device);
866 int hci_get_conn_list(void __user *arg)
868 struct hci_conn_list_req req, *cl;
869 struct hci_conn_info *ci;
870 struct hci_dev *hdev;
872 int n = 0, size, err;
874 if (copy_from_user(&req, arg, sizeof(req)))
877 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
880 size = sizeof(req) + req.conn_num * sizeof(*ci);
882 cl = kmalloc(size, GFP_KERNEL);
886 hdev = hci_dev_get(req.dev_id);
894 hci_dev_lock_bh(hdev);
895 list_for_each(p, &hdev->conn_hash.list) {
896 register struct hci_conn *c;
897 c = list_entry(p, struct hci_conn, list);
899 bacpy(&(ci + n)->bdaddr, &c->dst);
900 (ci + n)->handle = c->handle;
901 (ci + n)->type = c->type;
902 (ci + n)->out = c->out;
903 (ci + n)->state = c->state;
904 (ci + n)->link_mode = c->link_mode;
905 if (++n >= req.conn_num)
908 hci_dev_unlock_bh(hdev);
910 cl->dev_id = hdev->id;
912 size = sizeof(req) + n * sizeof(*ci);
916 err = copy_to_user(arg, cl, size);
919 return err ? -EFAULT : 0;
922 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
924 struct hci_conn_info_req req;
925 struct hci_conn_info ci;
926 struct hci_conn *conn;
927 char __user *ptr = arg + sizeof(req);
929 if (copy_from_user(&req, arg, sizeof(req)))
932 hci_dev_lock_bh(hdev);
933 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
935 bacpy(&ci.bdaddr, &conn->dst);
936 ci.handle = conn->handle;
937 ci.type = conn->type;
939 ci.state = conn->state;
940 ci.link_mode = conn->link_mode;
942 hci_dev_unlock_bh(hdev);
947 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
950 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
952 struct hci_auth_info_req req;
953 struct hci_conn *conn;
955 if (copy_from_user(&req, arg, sizeof(req)))
958 hci_dev_lock_bh(hdev);
959 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
961 req.type = conn->auth_type;
962 hci_dev_unlock_bh(hdev);
967 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;