2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <linux/uaccess.h>
41 #include <asm/unaligned.h>
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
46 static void hci_le_connect(struct hci_conn *conn)
48 struct hci_dev *hdev = conn->hdev;
49 struct hci_cp_le_create_conn cp;
51 conn->state = BT_CONNECT;
53 conn->link_mode |= HCI_LM_MASTER;
54 conn->sec_level = BT_SECURITY_LOW;
56 memset(&cp, 0, sizeof(cp));
57 cp.scan_interval = cpu_to_le16(0x0060);
58 cp.scan_window = cpu_to_le16(0x0030);
59 bacpy(&cp.peer_addr, &conn->dst);
60 cp.peer_addr_type = conn->dst_type;
61 cp.conn_interval_min = cpu_to_le16(0x0028);
62 cp.conn_interval_max = cpu_to_le16(0x0038);
63 cp.supervision_timeout = cpu_to_le16(0x002a);
64 cp.min_ce_len = cpu_to_le16(0x0000);
65 cp.max_ce_len = cpu_to_le16(0x0000);
67 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
70 static void hci_le_connect_cancel(struct hci_conn *conn)
72 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
75 void hci_acl_connect(struct hci_conn *conn)
77 struct hci_dev *hdev = conn->hdev;
78 struct inquiry_entry *ie;
79 struct hci_cp_create_conn cp;
81 BT_DBG("hcon %p", conn);
83 conn->state = BT_CONNECT;
86 conn->link_mode = HCI_LM_MASTER;
90 conn->link_policy = hdev->link_policy;
92 memset(&cp, 0, sizeof(cp));
93 bacpy(&cp.bdaddr, &conn->dst);
94 cp.pscan_rep_mode = 0x02;
96 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
98 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
99 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
100 cp.pscan_mode = ie->data.pscan_mode;
101 cp.clock_offset = ie->data.clock_offset |
105 memcpy(conn->dev_class, ie->data.dev_class, 3);
106 if (ie->data.ssp_mode > 0)
107 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
110 cp.pkt_type = cpu_to_le16(conn->pkt_type);
111 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
112 cp.role_switch = 0x01;
114 cp.role_switch = 0x00;
116 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
119 static void hci_acl_connect_cancel(struct hci_conn *conn)
121 struct hci_cp_create_conn_cancel cp;
125 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
128 bacpy(&cp.bdaddr, &conn->dst);
129 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
132 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
134 struct hci_cp_disconnect cp;
138 conn->state = BT_DISCONN;
140 cp.handle = cpu_to_le16(conn->handle);
142 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
145 void hci_add_sco(struct hci_conn *conn, __u16 handle)
147 struct hci_dev *hdev = conn->hdev;
148 struct hci_cp_add_sco cp;
152 conn->state = BT_CONNECT;
157 cp.handle = cpu_to_le16(handle);
158 cp.pkt_type = cpu_to_le16(conn->pkt_type);
160 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
163 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
165 struct hci_dev *hdev = conn->hdev;
166 struct hci_cp_setup_sync_conn cp;
170 conn->state = BT_CONNECT;
175 cp.handle = cpu_to_le16(handle);
176 cp.pkt_type = cpu_to_le16(conn->pkt_type);
178 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
179 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
180 cp.max_latency = cpu_to_le16(0xffff);
181 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
182 cp.retrans_effort = 0xff;
184 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
187 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
188 u16 latency, u16 to_multiplier)
190 struct hci_cp_le_conn_update cp;
191 struct hci_dev *hdev = conn->hdev;
193 memset(&cp, 0, sizeof(cp));
195 cp.handle = cpu_to_le16(conn->handle);
196 cp.conn_interval_min = cpu_to_le16(min);
197 cp.conn_interval_max = cpu_to_le16(max);
198 cp.conn_latency = cpu_to_le16(latency);
199 cp.supervision_timeout = cpu_to_le16(to_multiplier);
200 cp.min_ce_len = cpu_to_le16(0x0001);
201 cp.max_ce_len = cpu_to_le16(0x0001);
203 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
205 EXPORT_SYMBOL(hci_le_conn_update);
207 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
210 struct hci_dev *hdev = conn->hdev;
211 struct hci_cp_le_start_enc cp;
215 memset(&cp, 0, sizeof(cp));
217 cp.handle = cpu_to_le16(conn->handle);
218 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
220 memcpy(cp.rand, rand, sizeof(cp.rand));
222 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
224 EXPORT_SYMBOL(hci_le_start_enc);
226 /* Device _must_ be locked */
227 void hci_sco_setup(struct hci_conn *conn, __u8 status)
229 struct hci_conn *sco = conn->link;
237 if (lmp_esco_capable(conn->hdev))
238 hci_setup_sync(sco, conn->handle);
240 hci_add_sco(sco, conn->handle);
242 hci_proto_connect_cfm(sco, status);
247 static void hci_conn_timeout(struct work_struct *work)
249 struct hci_conn *conn = container_of(work, struct hci_conn,
253 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
255 if (atomic_read(&conn->refcnt))
258 switch (conn->state) {
262 if (conn->type == ACL_LINK)
263 hci_acl_connect_cancel(conn);
264 else if (conn->type == LE_LINK)
265 hci_le_connect_cancel(conn);
270 reason = hci_proto_disconn_ind(conn);
271 hci_acl_disconn(conn, reason);
274 conn->state = BT_CLOSED;
279 /* Enter sniff mode */
280 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
282 struct hci_dev *hdev = conn->hdev;
284 BT_DBG("conn %p mode %d", conn, conn->mode);
286 if (test_bit(HCI_RAW, &hdev->flags))
289 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
292 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
295 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
296 struct hci_cp_sniff_subrate cp;
297 cp.handle = cpu_to_le16(conn->handle);
298 cp.max_latency = cpu_to_le16(0);
299 cp.min_remote_timeout = cpu_to_le16(0);
300 cp.min_local_timeout = cpu_to_le16(0);
301 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
304 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
305 struct hci_cp_sniff_mode cp;
306 cp.handle = cpu_to_le16(conn->handle);
307 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
308 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
309 cp.attempt = cpu_to_le16(4);
310 cp.timeout = cpu_to_le16(1);
311 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
315 static void hci_conn_idle(unsigned long arg)
317 struct hci_conn *conn = (void *) arg;
319 BT_DBG("conn %p mode %d", conn, conn->mode);
321 hci_conn_enter_sniff_mode(conn);
324 static void hci_conn_auto_accept(unsigned long arg)
326 struct hci_conn *conn = (void *) arg;
327 struct hci_dev *hdev = conn->hdev;
329 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
333 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
335 struct hci_conn *conn;
337 BT_DBG("%s dst %s", hdev->name, batostr(dst));
339 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
343 bacpy(&conn->dst, dst);
346 conn->mode = HCI_CM_ACTIVE;
347 conn->state = BT_OPEN;
348 conn->auth_type = HCI_AT_GENERAL_BONDING;
349 conn->io_capability = hdev->io_capability;
350 conn->remote_auth = 0xff;
351 conn->key_type = 0xff;
353 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
354 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
358 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
361 if (lmp_esco_capable(hdev))
362 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
363 (hdev->esco_type & EDR_ESCO_MASK);
365 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
368 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
372 skb_queue_head_init(&conn->data_q);
374 INIT_LIST_HEAD(&conn->chan_list);
376 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
377 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
378 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
379 (unsigned long) conn);
381 atomic_set(&conn->refcnt, 0);
385 hci_conn_hash_add(hdev, conn);
387 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
389 atomic_set(&conn->devref, 0);
391 hci_conn_init_sysfs(conn);
396 int hci_conn_del(struct hci_conn *conn)
398 struct hci_dev *hdev = conn->hdev;
400 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
402 del_timer(&conn->idle_timer);
404 cancel_delayed_work_sync(&conn->disc_work);
406 del_timer(&conn->auto_accept_timer);
408 if (conn->type == ACL_LINK) {
409 struct hci_conn *sco = conn->link;
414 hdev->acl_cnt += conn->sent;
415 } else if (conn->type == LE_LINK) {
417 hdev->le_cnt += conn->sent;
419 hdev->acl_cnt += conn->sent;
421 struct hci_conn *acl = conn->link;
429 hci_chan_list_flush(conn);
431 hci_conn_hash_del(hdev, conn);
433 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
435 skb_queue_purge(&conn->data_q);
437 hci_conn_put_device(conn);
441 if (conn->handle == 0)
447 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
449 int use_src = bacmp(src, BDADDR_ANY);
450 struct hci_dev *hdev = NULL, *d;
452 BT_DBG("%s -> %s", batostr(src), batostr(dst));
454 read_lock(&hci_dev_list_lock);
456 list_for_each_entry(d, &hci_dev_list, list) {
457 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
461 * No source address - find interface with bdaddr != dst
462 * Source address - find interface with bdaddr == src
466 if (!bacmp(&d->bdaddr, src)) {
470 if (bacmp(&d->bdaddr, dst)) {
477 hdev = hci_dev_hold(hdev);
479 read_unlock(&hci_dev_list_lock);
482 EXPORT_SYMBOL(hci_get_route);
484 /* Create SCO, ACL or LE connection.
485 * Device _must_ be locked */
486 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
487 __u8 dst_type, __u8 sec_level, __u8 auth_type)
489 struct hci_conn *acl;
490 struct hci_conn *sco;
493 BT_DBG("%s dst %s", hdev->name, batostr(dst));
495 if (type == LE_LINK) {
496 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
498 le = hci_conn_add(hdev, LE_LINK, dst);
500 return ERR_PTR(-ENOMEM);
502 le->dst_type = bdaddr_to_le(dst_type);
506 le->pending_sec_level = sec_level;
507 le->auth_type = auth_type;
514 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
516 acl = hci_conn_add(hdev, ACL_LINK, dst);
518 return ERR_PTR(-ENOMEM);
523 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
524 acl->sec_level = BT_SECURITY_LOW;
525 acl->pending_sec_level = sec_level;
526 acl->auth_type = auth_type;
527 hci_acl_connect(acl);
530 if (type == ACL_LINK)
533 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
535 sco = hci_conn_add(hdev, type, dst);
538 return ERR_PTR(-ENOMEM);
547 if (acl->state == BT_CONNECTED &&
548 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
549 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
550 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
552 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
553 /* defer SCO setup until mode change completed */
554 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
558 hci_sco_setup(acl, 0x00);
563 EXPORT_SYMBOL(hci_connect);
565 /* Check link security requirement */
566 int hci_conn_check_link_mode(struct hci_conn *conn)
568 BT_DBG("conn %p", conn);
570 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
575 EXPORT_SYMBOL(hci_conn_check_link_mode);
577 /* Authenticate remote device */
578 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
580 BT_DBG("conn %p", conn);
582 if (conn->pending_sec_level > sec_level)
583 sec_level = conn->pending_sec_level;
585 if (sec_level > conn->sec_level)
586 conn->pending_sec_level = sec_level;
587 else if (conn->link_mode & HCI_LM_AUTH)
590 /* Make sure we preserve an existing MITM requirement*/
591 auth_type |= (conn->auth_type & 0x01);
593 conn->auth_type = auth_type;
595 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
596 struct hci_cp_auth_requested cp;
598 /* encrypt must be pending if auth is also pending */
599 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
601 cp.handle = cpu_to_le16(conn->handle);
602 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
604 if (conn->key_type != 0xff)
605 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
611 /* Encrypt the the link */
612 static void hci_conn_encrypt(struct hci_conn *conn)
614 BT_DBG("conn %p", conn);
616 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
617 struct hci_cp_set_conn_encrypt cp;
618 cp.handle = cpu_to_le16(conn->handle);
620 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
625 /* Enable security */
626 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
628 BT_DBG("conn %p", conn);
630 /* For sdp we don't need the link key. */
631 if (sec_level == BT_SECURITY_SDP)
634 /* For non 2.1 devices and low security level we don't need the link
636 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
639 /* For other security levels we need the link key. */
640 if (!(conn->link_mode & HCI_LM_AUTH))
643 /* An authenticated combination key has sufficient security for any
645 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
648 /* An unauthenticated combination key has sufficient security for
649 security level 1 and 2. */
650 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
651 (sec_level == BT_SECURITY_MEDIUM ||
652 sec_level == BT_SECURITY_LOW))
655 /* A combination key has always sufficient security for the security
656 levels 1 or 2. High security level requires the combination key
657 is generated using maximum PIN code length (16).
658 For pre 2.1 units. */
659 if (conn->key_type == HCI_LK_COMBINATION &&
660 (sec_level != BT_SECURITY_HIGH ||
661 conn->pin_length == 16))
665 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
668 if (!hci_conn_auth(conn, sec_level, auth_type))
672 if (conn->link_mode & HCI_LM_ENCRYPT)
675 hci_conn_encrypt(conn);
678 EXPORT_SYMBOL(hci_conn_security);
680 /* Check secure link requirement */
681 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
683 BT_DBG("conn %p", conn);
685 if (sec_level != BT_SECURITY_HIGH)
686 return 1; /* Accept if non-secure is required */
688 if (conn->sec_level == BT_SECURITY_HIGH)
691 return 0; /* Reject not secure link */
693 EXPORT_SYMBOL(hci_conn_check_secure);
695 /* Change link key */
696 int hci_conn_change_link_key(struct hci_conn *conn)
698 BT_DBG("conn %p", conn);
700 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
701 struct hci_cp_change_conn_link_key cp;
702 cp.handle = cpu_to_le16(conn->handle);
703 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
709 EXPORT_SYMBOL(hci_conn_change_link_key);
712 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
714 BT_DBG("conn %p", conn);
716 if (!role && conn->link_mode & HCI_LM_MASTER)
719 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
720 struct hci_cp_switch_role cp;
721 bacpy(&cp.bdaddr, &conn->dst);
723 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
728 EXPORT_SYMBOL(hci_conn_switch_role);
730 /* Enter active mode */
731 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
733 struct hci_dev *hdev = conn->hdev;
735 BT_DBG("conn %p mode %d", conn, conn->mode);
737 if (test_bit(HCI_RAW, &hdev->flags))
740 if (conn->mode != HCI_CM_SNIFF)
743 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
746 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
747 struct hci_cp_exit_sniff_mode cp;
748 cp.handle = cpu_to_le16(conn->handle);
749 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
753 if (hdev->idle_timeout > 0)
754 mod_timer(&conn->idle_timer,
755 jiffies + msecs_to_jiffies(hdev->idle_timeout));
758 /* Drop all connection on the device */
759 void hci_conn_hash_flush(struct hci_dev *hdev)
761 struct hci_conn_hash *h = &hdev->conn_hash;
762 struct hci_conn *c, *n;
764 BT_DBG("hdev %s", hdev->name);
766 list_for_each_entry_safe(c, n, &h->list, list) {
767 c->state = BT_CLOSED;
769 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
774 /* Check pending connect attempts */
775 void hci_conn_check_pending(struct hci_dev *hdev)
777 struct hci_conn *conn;
779 BT_DBG("hdev %s", hdev->name);
783 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
785 hci_acl_connect(conn);
787 hci_dev_unlock(hdev);
790 void hci_conn_hold_device(struct hci_conn *conn)
792 atomic_inc(&conn->devref);
794 EXPORT_SYMBOL(hci_conn_hold_device);
796 void hci_conn_put_device(struct hci_conn *conn)
798 if (atomic_dec_and_test(&conn->devref))
799 hci_conn_del_sysfs(conn);
801 EXPORT_SYMBOL(hci_conn_put_device);
803 int hci_get_conn_list(void __user *arg)
805 register struct hci_conn *c;
806 struct hci_conn_list_req req, *cl;
807 struct hci_conn_info *ci;
808 struct hci_dev *hdev;
809 int n = 0, size, err;
811 if (copy_from_user(&req, arg, sizeof(req)))
814 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
817 size = sizeof(req) + req.conn_num * sizeof(*ci);
819 cl = kmalloc(size, GFP_KERNEL);
823 hdev = hci_dev_get(req.dev_id);
832 list_for_each_entry(c, &hdev->conn_hash.list, list) {
833 bacpy(&(ci + n)->bdaddr, &c->dst);
834 (ci + n)->handle = c->handle;
835 (ci + n)->type = c->type;
836 (ci + n)->out = c->out;
837 (ci + n)->state = c->state;
838 (ci + n)->link_mode = c->link_mode;
839 if (++n >= req.conn_num)
842 hci_dev_unlock(hdev);
844 cl->dev_id = hdev->id;
846 size = sizeof(req) + n * sizeof(*ci);
850 err = copy_to_user(arg, cl, size);
853 return err ? -EFAULT : 0;
856 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
858 struct hci_conn_info_req req;
859 struct hci_conn_info ci;
860 struct hci_conn *conn;
861 char __user *ptr = arg + sizeof(req);
863 if (copy_from_user(&req, arg, sizeof(req)))
867 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
869 bacpy(&ci.bdaddr, &conn->dst);
870 ci.handle = conn->handle;
871 ci.type = conn->type;
873 ci.state = conn->state;
874 ci.link_mode = conn->link_mode;
876 hci_dev_unlock(hdev);
881 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
884 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
886 struct hci_auth_info_req req;
887 struct hci_conn *conn;
889 if (copy_from_user(&req, arg, sizeof(req)))
893 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
895 req.type = conn->auth_type;
896 hci_dev_unlock(hdev);
901 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
904 struct hci_chan *hci_chan_create(struct hci_conn *conn)
906 struct hci_dev *hdev = conn->hdev;
907 struct hci_chan *chan;
909 BT_DBG("%s conn %p", hdev->name, conn);
911 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
916 skb_queue_head_init(&chan->data_q);
918 list_add_rcu(&chan->list, &conn->chan_list);
923 int hci_chan_del(struct hci_chan *chan)
925 struct hci_conn *conn = chan->conn;
926 struct hci_dev *hdev = conn->hdev;
928 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
930 list_del_rcu(&chan->list);
934 skb_queue_purge(&chan->data_q);
940 void hci_chan_list_flush(struct hci_conn *conn)
942 struct hci_chan *chan, *n;
944 BT_DBG("conn %p", conn);
946 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
projects / firefly-linux-kernel-4.4.55.git / blob