2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/smp.h>
49 static void hci_le_connect(struct hci_conn *conn)
51 struct hci_dev *hdev = conn->hdev;
52 struct hci_cp_le_create_conn cp;
54 conn->state = BT_CONNECT;
56 conn->link_mode |= HCI_LM_MASTER;
57 conn->sec_level = BT_SECURITY_LOW;
59 memset(&cp, 0, sizeof(cp));
60 cp.scan_interval = cpu_to_le16(0x0060);
61 cp.scan_window = cpu_to_le16(0x0030);
62 bacpy(&cp.peer_addr, &conn->dst);
63 cp.peer_addr_type = conn->dst_type;
64 cp.conn_interval_min = cpu_to_le16(0x0028);
65 cp.conn_interval_max = cpu_to_le16(0x0038);
66 cp.supervision_timeout = cpu_to_le16(0x002a);
67 cp.min_ce_len = cpu_to_le16(0x0000);
68 cp.max_ce_len = cpu_to_le16(0x0000);
70 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
73 static void hci_le_connect_cancel(struct hci_conn *conn)
75 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
78 void hci_acl_connect(struct hci_conn *conn)
80 struct hci_dev *hdev = conn->hdev;
81 struct inquiry_entry *ie;
82 struct hci_cp_create_conn cp;
86 conn->state = BT_CONNECT;
89 conn->link_mode = HCI_LM_MASTER;
93 conn->link_policy = hdev->link_policy;
95 memset(&cp, 0, sizeof(cp));
96 bacpy(&cp.bdaddr, &conn->dst);
97 cp.pscan_rep_mode = 0x02;
99 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
101 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
102 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
103 cp.pscan_mode = ie->data.pscan_mode;
104 cp.clock_offset = ie->data.clock_offset |
108 memcpy(conn->dev_class, ie->data.dev_class, 3);
109 conn->ssp_mode = ie->data.ssp_mode;
112 cp.pkt_type = cpu_to_le16(conn->pkt_type);
113 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
114 cp.role_switch = 0x01;
116 cp.role_switch = 0x00;
118 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
121 static void hci_acl_connect_cancel(struct hci_conn *conn)
123 struct hci_cp_create_conn_cancel cp;
127 if (conn->hdev->hci_ver < 2)
130 bacpy(&cp.bdaddr, &conn->dst);
131 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
134 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
136 struct hci_cp_disconnect cp;
140 conn->state = BT_DISCONN;
142 cp.handle = cpu_to_le16(conn->handle);
144 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
147 void hci_add_sco(struct hci_conn *conn, __u16 handle)
149 struct hci_dev *hdev = conn->hdev;
150 struct hci_cp_add_sco cp;
154 conn->state = BT_CONNECT;
159 cp.handle = cpu_to_le16(handle);
160 cp.pkt_type = cpu_to_le16(conn->pkt_type);
162 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
165 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
167 struct hci_dev *hdev = conn->hdev;
168 struct hci_cp_setup_sync_conn cp;
172 conn->state = BT_CONNECT;
177 cp.handle = cpu_to_le16(handle);
178 cp.pkt_type = cpu_to_le16(conn->pkt_type);
180 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
181 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
182 cp.max_latency = cpu_to_le16(0xffff);
183 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
184 cp.retrans_effort = 0xff;
186 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
189 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
190 u16 latency, u16 to_multiplier)
192 struct hci_cp_le_conn_update cp;
193 struct hci_dev *hdev = conn->hdev;
195 memset(&cp, 0, sizeof(cp));
197 cp.handle = cpu_to_le16(conn->handle);
198 cp.conn_interval_min = cpu_to_le16(min);
199 cp.conn_interval_max = cpu_to_le16(max);
200 cp.conn_latency = cpu_to_le16(latency);
201 cp.supervision_timeout = cpu_to_le16(to_multiplier);
202 cp.min_ce_len = cpu_to_le16(0x0001);
203 cp.max_ce_len = cpu_to_le16(0x0001);
205 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
207 EXPORT_SYMBOL(hci_le_conn_update);
209 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
212 struct hci_dev *hdev = conn->hdev;
213 struct hci_cp_le_start_enc cp;
217 memset(&cp, 0, sizeof(cp));
219 cp.handle = cpu_to_le16(conn->handle);
220 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
222 memcpy(cp.rand, rand, sizeof(cp.rand));
224 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
226 EXPORT_SYMBOL(hci_le_start_enc);
228 void hci_le_ltk_neg_reply(struct hci_conn *conn)
230 struct hci_dev *hdev = conn->hdev;
231 struct hci_cp_le_ltk_neg_reply cp;
235 memset(&cp, 0, sizeof(cp));
237 cp.handle = cpu_to_le16(conn->handle);
239 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
242 /* Device _must_ be locked */
243 void hci_sco_setup(struct hci_conn *conn, __u8 status)
245 struct hci_conn *sco = conn->link;
253 if (lmp_esco_capable(conn->hdev))
254 hci_setup_sync(sco, conn->handle);
256 hci_add_sco(sco, conn->handle);
258 hci_proto_connect_cfm(sco, status);
263 static void hci_conn_timeout(unsigned long arg)
265 struct hci_conn *conn = (void *) arg;
266 struct hci_dev *hdev = conn->hdev;
269 BT_DBG("conn %p state %d", conn, conn->state);
271 if (atomic_read(&conn->refcnt))
276 switch (conn->state) {
280 if (conn->type == ACL_LINK)
281 hci_acl_connect_cancel(conn);
282 else if (conn->type == LE_LINK)
283 hci_le_connect_cancel(conn);
288 reason = hci_proto_disconn_ind(conn);
289 hci_acl_disconn(conn, reason);
292 conn->state = BT_CLOSED;
296 hci_dev_unlock(hdev);
299 static void hci_conn_idle(unsigned long arg)
301 struct hci_conn *conn = (void *) arg;
303 BT_DBG("conn %p mode %d", conn, conn->mode);
305 hci_conn_enter_sniff_mode(conn);
308 static void hci_conn_auto_accept(unsigned long arg)
310 struct hci_conn *conn = (void *) arg;
311 struct hci_dev *hdev = conn->hdev;
315 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
318 hci_dev_unlock(hdev);
321 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
323 struct hci_conn *conn;
325 BT_DBG("%s dst %s", hdev->name, batostr(dst));
327 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
331 bacpy(&conn->dst, dst);
334 conn->mode = HCI_CM_ACTIVE;
335 conn->state = BT_OPEN;
336 conn->auth_type = HCI_AT_GENERAL_BONDING;
337 conn->io_capability = hdev->io_capability;
338 conn->remote_auth = 0xff;
339 conn->key_type = 0xff;
341 conn->power_save = 1;
342 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
346 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
349 if (lmp_esco_capable(hdev))
350 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
351 (hdev->esco_type & EDR_ESCO_MASK);
353 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
356 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
360 skb_queue_head_init(&conn->data_q);
362 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
363 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
364 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
365 (unsigned long) conn);
367 atomic_set(&conn->refcnt, 0);
371 tasklet_disable(&hdev->tx_task);
373 hci_conn_hash_add(hdev, conn);
375 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
377 atomic_set(&conn->devref, 0);
379 hci_conn_init_sysfs(conn);
381 tasklet_enable(&hdev->tx_task);
386 int hci_conn_del(struct hci_conn *conn)
388 struct hci_dev *hdev = conn->hdev;
390 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
392 del_timer(&conn->idle_timer);
394 del_timer(&conn->disc_timer);
396 del_timer(&conn->auto_accept_timer);
398 if (conn->type == ACL_LINK) {
399 struct hci_conn *sco = conn->link;
404 hdev->acl_cnt += conn->sent;
405 } else if (conn->type == LE_LINK) {
407 hdev->le_cnt += conn->sent;
409 hdev->acl_cnt += conn->sent;
411 struct hci_conn *acl = conn->link;
418 tasklet_disable(&hdev->tx_task);
420 hci_conn_hash_del(hdev, conn);
422 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
424 tasklet_enable(&hdev->tx_task);
426 skb_queue_purge(&conn->data_q);
428 hci_conn_put_device(conn);
432 if (conn->handle == 0)
438 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
440 int use_src = bacmp(src, BDADDR_ANY);
441 struct hci_dev *hdev = NULL;
444 BT_DBG("%s -> %s", batostr(src), batostr(dst));
446 read_lock_bh(&hci_dev_list_lock);
448 list_for_each(p, &hci_dev_list) {
449 struct hci_dev *d = list_entry(p, struct hci_dev, list);
451 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
455 * No source address - find interface with bdaddr != dst
456 * Source address - find interface with bdaddr == src
460 if (!bacmp(&d->bdaddr, src)) {
464 if (bacmp(&d->bdaddr, dst)) {
471 hdev = hci_dev_hold(hdev);
473 read_unlock_bh(&hci_dev_list_lock);
476 EXPORT_SYMBOL(hci_get_route);
478 /* Create SCO, ACL or LE connection.
479 * Device _must_ be locked */
480 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
482 struct hci_conn *acl;
483 struct hci_conn *sco;
486 BT_DBG("%s dst %s", hdev->name, batostr(dst));
488 if (type == LE_LINK) {
489 struct adv_entry *entry;
491 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
493 return ERR_PTR(-EBUSY);
495 entry = hci_find_adv_entry(hdev, dst);
497 return ERR_PTR(-EHOSTUNREACH);
499 le = hci_conn_add(hdev, LE_LINK, dst);
501 return ERR_PTR(-ENOMEM);
503 le->dst_type = entry->bdaddr_type;
512 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
514 acl = hci_conn_add(hdev, ACL_LINK, dst);
521 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
522 acl->sec_level = BT_SECURITY_LOW;
523 acl->pending_sec_level = sec_level;
524 acl->auth_type = auth_type;
525 hci_acl_connect(acl);
528 if (type == ACL_LINK)
531 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
533 sco = hci_conn_add(hdev, type, dst);
545 if (acl->state == BT_CONNECTED &&
546 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
548 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
550 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
551 /* defer SCO setup until mode change completed */
552 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
556 hci_sco_setup(acl, 0x00);
561 EXPORT_SYMBOL(hci_connect);
563 /* Check link security requirement */
564 int hci_conn_check_link_mode(struct hci_conn *conn)
566 BT_DBG("conn %p", conn);
568 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
569 !(conn->link_mode & HCI_LM_ENCRYPT))
574 EXPORT_SYMBOL(hci_conn_check_link_mode);
576 /* Authenticate remote device */
577 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
579 BT_DBG("conn %p", conn);
581 if (conn->pending_sec_level > sec_level)
582 sec_level = conn->pending_sec_level;
584 if (sec_level > conn->sec_level)
585 conn->pending_sec_level = sec_level;
586 else if (conn->link_mode & HCI_LM_AUTH)
589 /* Make sure we preserve an existing MITM requirement*/
590 auth_type |= (conn->auth_type & 0x01);
592 conn->auth_type = auth_type;
594 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
595 struct hci_cp_auth_requested cp;
597 cp.handle = cpu_to_le16(conn->handle);
598 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
601 /* If we're already encrypted set the REAUTH_PEND flag,
602 * otherwise set the ENCRYPT_PEND.
604 if (conn->link_mode & HCI_LM_ENCRYPT)
605 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
607 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
613 /* Encrypt the the link */
614 static void hci_conn_encrypt(struct hci_conn *conn)
616 BT_DBG("conn %p", conn);
618 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
619 struct hci_cp_set_conn_encrypt cp;
620 cp.handle = cpu_to_le16(conn->handle);
622 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
627 /* Enable security */
628 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
630 BT_DBG("conn %p", conn);
632 #ifdef CONFIG_BT_L2CAP
633 if (conn->type == LE_LINK)
634 return smp_conn_security(conn, sec_level);
637 /* For sdp we don't need the link key. */
638 if (sec_level == BT_SECURITY_SDP)
641 /* For non 2.1 devices and low security level we don't need the link
643 if (sec_level == BT_SECURITY_LOW &&
644 (!conn->ssp_mode || !conn->hdev->ssp_mode))
647 /* For other security levels we need the link key. */
648 if (!(conn->link_mode & HCI_LM_AUTH))
651 /* An authenticated combination key has sufficient security for any
653 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
656 /* An unauthenticated combination key has sufficient security for
657 security level 1 and 2. */
658 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
659 (sec_level == BT_SECURITY_MEDIUM ||
660 sec_level == BT_SECURITY_LOW))
663 /* A combination key has always sufficient security for the security
664 levels 1 or 2. High security level requires the combination key
665 is generated using maximum PIN code length (16).
666 For pre 2.1 units. */
667 if (conn->key_type == HCI_LK_COMBINATION &&
668 (sec_level != BT_SECURITY_HIGH ||
669 conn->pin_length == 16))
673 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
676 if (!hci_conn_auth(conn, sec_level, auth_type))
680 if (conn->link_mode & HCI_LM_ENCRYPT)
683 hci_conn_encrypt(conn);
686 EXPORT_SYMBOL(hci_conn_security);
688 /* Check secure link requirement */
689 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
691 BT_DBG("conn %p", conn);
693 if (sec_level != BT_SECURITY_HIGH)
694 return 1; /* Accept if non-secure is required */
696 if (conn->sec_level == BT_SECURITY_HIGH)
699 return 0; /* Reject not secure link */
701 EXPORT_SYMBOL(hci_conn_check_secure);
703 /* Change link key */
704 int hci_conn_change_link_key(struct hci_conn *conn)
706 BT_DBG("conn %p", conn);
708 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
709 struct hci_cp_change_conn_link_key cp;
710 cp.handle = cpu_to_le16(conn->handle);
711 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
717 EXPORT_SYMBOL(hci_conn_change_link_key);
720 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
722 BT_DBG("conn %p", conn);
724 if (!role && conn->link_mode & HCI_LM_MASTER)
727 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
728 struct hci_cp_switch_role cp;
729 bacpy(&cp.bdaddr, &conn->dst);
731 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
736 EXPORT_SYMBOL(hci_conn_switch_role);
738 /* Enter active mode */
739 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
741 struct hci_dev *hdev = conn->hdev;
743 BT_DBG("conn %p mode %d", conn, conn->mode);
745 if (test_bit(HCI_RAW, &hdev->flags))
748 if (conn->mode != HCI_CM_SNIFF)
751 if (!conn->power_save && !force_active)
754 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
755 struct hci_cp_exit_sniff_mode cp;
756 cp.handle = cpu_to_le16(conn->handle);
757 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
761 if (hdev->idle_timeout > 0)
762 mod_timer(&conn->idle_timer,
763 jiffies + msecs_to_jiffies(hdev->idle_timeout));
766 /* Enter sniff mode */
767 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
769 struct hci_dev *hdev = conn->hdev;
771 BT_DBG("conn %p mode %d", conn, conn->mode);
773 if (test_bit(HCI_RAW, &hdev->flags))
776 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
779 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
782 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
783 struct hci_cp_sniff_subrate cp;
784 cp.handle = cpu_to_le16(conn->handle);
785 cp.max_latency = cpu_to_le16(0);
786 cp.min_remote_timeout = cpu_to_le16(0);
787 cp.min_local_timeout = cpu_to_le16(0);
788 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
791 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
792 struct hci_cp_sniff_mode cp;
793 cp.handle = cpu_to_le16(conn->handle);
794 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
795 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
796 cp.attempt = cpu_to_le16(4);
797 cp.timeout = cpu_to_le16(1);
798 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
802 /* Drop all connection on the device */
803 void hci_conn_hash_flush(struct hci_dev *hdev)
805 struct hci_conn_hash *h = &hdev->conn_hash;
808 BT_DBG("hdev %s", hdev->name);
811 while (p != &h->list) {
814 c = list_entry(p, struct hci_conn, list);
817 c->state = BT_CLOSED;
819 hci_proto_disconn_cfm(c, 0x16);
824 /* Check pending connect attempts */
825 void hci_conn_check_pending(struct hci_dev *hdev)
827 struct hci_conn *conn;
829 BT_DBG("hdev %s", hdev->name);
833 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
835 hci_acl_connect(conn);
837 hci_dev_unlock(hdev);
840 void hci_conn_hold_device(struct hci_conn *conn)
842 atomic_inc(&conn->devref);
844 EXPORT_SYMBOL(hci_conn_hold_device);
846 void hci_conn_put_device(struct hci_conn *conn)
848 if (atomic_dec_and_test(&conn->devref))
849 hci_conn_del_sysfs(conn);
851 EXPORT_SYMBOL(hci_conn_put_device);
853 int hci_get_conn_list(void __user *arg)
855 struct hci_conn_list_req req, *cl;
856 struct hci_conn_info *ci;
857 struct hci_dev *hdev;
859 int n = 0, size, err;
861 if (copy_from_user(&req, arg, sizeof(req)))
864 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
867 size = sizeof(req) + req.conn_num * sizeof(*ci);
869 cl = kmalloc(size, GFP_KERNEL);
873 hdev = hci_dev_get(req.dev_id);
881 hci_dev_lock_bh(hdev);
882 list_for_each(p, &hdev->conn_hash.list) {
883 register struct hci_conn *c;
884 c = list_entry(p, struct hci_conn, list);
886 bacpy(&(ci + n)->bdaddr, &c->dst);
887 (ci + n)->handle = c->handle;
888 (ci + n)->type = c->type;
889 (ci + n)->out = c->out;
890 (ci + n)->state = c->state;
891 (ci + n)->link_mode = c->link_mode;
892 if (++n >= req.conn_num)
895 hci_dev_unlock_bh(hdev);
897 cl->dev_id = hdev->id;
899 size = sizeof(req) + n * sizeof(*ci);
903 err = copy_to_user(arg, cl, size);
906 return err ? -EFAULT : 0;
909 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
911 struct hci_conn_info_req req;
912 struct hci_conn_info ci;
913 struct hci_conn *conn;
914 char __user *ptr = arg + sizeof(req);
916 if (copy_from_user(&req, arg, sizeof(req)))
919 hci_dev_lock_bh(hdev);
920 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
922 bacpy(&ci.bdaddr, &conn->dst);
923 ci.handle = conn->handle;
924 ci.type = conn->type;
926 ci.state = conn->state;
927 ci.link_mode = conn->link_mode;
929 hci_dev_unlock_bh(hdev);
934 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
937 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
939 struct hci_auth_info_req req;
940 struct hci_conn *conn;
942 if (copy_from_user(&req, arg, sizeof(req)))
945 hci_dev_lock_bh(hdev);
946 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
948 req.type = conn->auth_type;
949 hci_dev_unlock_bh(hdev);
954 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;