2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <asm/system.h>
41 #include <linux/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
47 static void hci_le_connect(struct hci_conn *conn)
49 struct hci_dev *hdev = conn->hdev;
50 struct hci_cp_le_create_conn cp;
52 conn->state = BT_CONNECT;
54 conn->link_mode |= HCI_LM_MASTER;
55 conn->sec_level = BT_SECURITY_LOW;
57 memset(&cp, 0, sizeof(cp));
58 cp.scan_interval = cpu_to_le16(0x0060);
59 cp.scan_window = cpu_to_le16(0x0030);
60 bacpy(&cp.peer_addr, &conn->dst);
61 cp.peer_addr_type = conn->dst_type;
62 cp.conn_interval_min = cpu_to_le16(0x0028);
63 cp.conn_interval_max = cpu_to_le16(0x0038);
64 cp.supervision_timeout = cpu_to_le16(0x002a);
65 cp.min_ce_len = cpu_to_le16(0x0000);
66 cp.max_ce_len = cpu_to_le16(0x0000);
68 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
71 static void hci_le_connect_cancel(struct hci_conn *conn)
73 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
76 void hci_acl_connect(struct hci_conn *conn)
78 struct hci_dev *hdev = conn->hdev;
79 struct inquiry_entry *ie;
80 struct hci_cp_create_conn cp;
82 BT_DBG("hcon %p", conn);
84 conn->state = BT_CONNECT;
87 conn->link_mode = HCI_LM_MASTER;
91 conn->link_policy = hdev->link_policy;
93 memset(&cp, 0, sizeof(cp));
94 bacpy(&cp.bdaddr, &conn->dst);
95 cp.pscan_rep_mode = 0x02;
97 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
99 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
100 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
101 cp.pscan_mode = ie->data.pscan_mode;
102 cp.clock_offset = ie->data.clock_offset |
106 memcpy(conn->dev_class, ie->data.dev_class, 3);
107 if (ie->data.ssp_mode > 0)
108 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
111 cp.pkt_type = cpu_to_le16(conn->pkt_type);
112 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
113 cp.role_switch = 0x01;
115 cp.role_switch = 0x00;
117 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
120 static void hci_acl_connect_cancel(struct hci_conn *conn)
122 struct hci_cp_create_conn_cancel cp;
126 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
129 bacpy(&cp.bdaddr, &conn->dst);
130 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
133 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
135 struct hci_cp_disconnect cp;
139 conn->state = BT_DISCONN;
141 cp.handle = cpu_to_le16(conn->handle);
143 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
146 void hci_add_sco(struct hci_conn *conn, __u16 handle)
148 struct hci_dev *hdev = conn->hdev;
149 struct hci_cp_add_sco cp;
153 conn->state = BT_CONNECT;
158 cp.handle = cpu_to_le16(handle);
159 cp.pkt_type = cpu_to_le16(conn->pkt_type);
161 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
164 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
166 struct hci_dev *hdev = conn->hdev;
167 struct hci_cp_setup_sync_conn cp;
171 conn->state = BT_CONNECT;
176 cp.handle = cpu_to_le16(handle);
177 cp.pkt_type = cpu_to_le16(conn->pkt_type);
179 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
180 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
181 cp.max_latency = cpu_to_le16(0xffff);
182 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
183 cp.retrans_effort = 0xff;
185 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
188 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189 u16 latency, u16 to_multiplier)
191 struct hci_cp_le_conn_update cp;
192 struct hci_dev *hdev = conn->hdev;
194 memset(&cp, 0, sizeof(cp));
196 cp.handle = cpu_to_le16(conn->handle);
197 cp.conn_interval_min = cpu_to_le16(min);
198 cp.conn_interval_max = cpu_to_le16(max);
199 cp.conn_latency = cpu_to_le16(latency);
200 cp.supervision_timeout = cpu_to_le16(to_multiplier);
201 cp.min_ce_len = cpu_to_le16(0x0001);
202 cp.max_ce_len = cpu_to_le16(0x0001);
204 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
206 EXPORT_SYMBOL(hci_le_conn_update);
208 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
211 struct hci_dev *hdev = conn->hdev;
212 struct hci_cp_le_start_enc cp;
216 memset(&cp, 0, sizeof(cp));
218 cp.handle = cpu_to_le16(conn->handle);
219 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
221 memcpy(cp.rand, rand, sizeof(cp.rand));
223 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
225 EXPORT_SYMBOL(hci_le_start_enc);
227 void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
229 struct hci_dev *hdev = conn->hdev;
230 struct hci_cp_le_ltk_reply cp;
234 memset(&cp, 0, sizeof(cp));
236 cp.handle = cpu_to_le16(conn->handle);
237 memcpy(cp.ltk, ltk, sizeof(ltk));
239 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
241 EXPORT_SYMBOL(hci_le_ltk_reply);
243 void hci_le_ltk_neg_reply(struct hci_conn *conn)
245 struct hci_dev *hdev = conn->hdev;
246 struct hci_cp_le_ltk_neg_reply cp;
250 memset(&cp, 0, sizeof(cp));
252 cp.handle = cpu_to_le16(conn->handle);
254 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
257 /* Device _must_ be locked */
258 void hci_sco_setup(struct hci_conn *conn, __u8 status)
260 struct hci_conn *sco = conn->link;
268 if (lmp_esco_capable(conn->hdev))
269 hci_setup_sync(sco, conn->handle);
271 hci_add_sco(sco, conn->handle);
273 hci_proto_connect_cfm(sco, status);
278 static void hci_conn_timeout(struct work_struct *work)
280 struct hci_conn *conn = container_of(work, struct hci_conn,
284 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
286 if (atomic_read(&conn->refcnt))
289 switch (conn->state) {
293 if (conn->type == ACL_LINK)
294 hci_acl_connect_cancel(conn);
295 else if (conn->type == LE_LINK)
296 hci_le_connect_cancel(conn);
301 reason = hci_proto_disconn_ind(conn);
302 hci_acl_disconn(conn, reason);
305 conn->state = BT_CLOSED;
310 /* Enter sniff mode */
311 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
313 struct hci_dev *hdev = conn->hdev;
315 BT_DBG("conn %p mode %d", conn, conn->mode);
317 if (test_bit(HCI_RAW, &hdev->flags))
320 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
323 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
326 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
327 struct hci_cp_sniff_subrate cp;
328 cp.handle = cpu_to_le16(conn->handle);
329 cp.max_latency = cpu_to_le16(0);
330 cp.min_remote_timeout = cpu_to_le16(0);
331 cp.min_local_timeout = cpu_to_le16(0);
332 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
335 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
336 struct hci_cp_sniff_mode cp;
337 cp.handle = cpu_to_le16(conn->handle);
338 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
339 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
340 cp.attempt = cpu_to_le16(4);
341 cp.timeout = cpu_to_le16(1);
342 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
346 static void hci_conn_idle(unsigned long arg)
348 struct hci_conn *conn = (void *) arg;
350 BT_DBG("conn %p mode %d", conn, conn->mode);
352 hci_conn_enter_sniff_mode(conn);
355 static void hci_conn_auto_accept(unsigned long arg)
357 struct hci_conn *conn = (void *) arg;
358 struct hci_dev *hdev = conn->hdev;
360 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
364 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
366 struct hci_conn *conn;
368 BT_DBG("%s dst %s", hdev->name, batostr(dst));
370 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
374 bacpy(&conn->dst, dst);
377 conn->mode = HCI_CM_ACTIVE;
378 conn->state = BT_OPEN;
379 conn->auth_type = HCI_AT_GENERAL_BONDING;
380 conn->io_capability = hdev->io_capability;
381 conn->remote_auth = 0xff;
382 conn->key_type = 0xff;
384 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
385 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
389 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
392 if (lmp_esco_capable(hdev))
393 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
394 (hdev->esco_type & EDR_ESCO_MASK);
396 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
399 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
403 skb_queue_head_init(&conn->data_q);
405 INIT_LIST_HEAD(&conn->chan_list);
407 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
408 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
409 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
410 (unsigned long) conn);
412 atomic_set(&conn->refcnt, 0);
416 hci_conn_hash_add(hdev, conn);
418 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
420 atomic_set(&conn->devref, 0);
422 hci_conn_init_sysfs(conn);
427 int hci_conn_del(struct hci_conn *conn)
429 struct hci_dev *hdev = conn->hdev;
431 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
433 del_timer(&conn->idle_timer);
435 cancel_delayed_work_sync(&conn->disc_work);
437 del_timer(&conn->auto_accept_timer);
439 if (conn->type == ACL_LINK) {
440 struct hci_conn *sco = conn->link;
445 hdev->acl_cnt += conn->sent;
446 } else if (conn->type == LE_LINK) {
448 hdev->le_cnt += conn->sent;
450 hdev->acl_cnt += conn->sent;
452 struct hci_conn *acl = conn->link;
460 hci_chan_list_flush(conn);
462 hci_conn_hash_del(hdev, conn);
464 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
466 skb_queue_purge(&conn->data_q);
468 hci_conn_put_device(conn);
472 if (conn->handle == 0)
478 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
480 int use_src = bacmp(src, BDADDR_ANY);
481 struct hci_dev *hdev = NULL, *d;
483 BT_DBG("%s -> %s", batostr(src), batostr(dst));
485 read_lock(&hci_dev_list_lock);
487 list_for_each_entry(d, &hci_dev_list, list) {
488 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
492 * No source address - find interface with bdaddr != dst
493 * Source address - find interface with bdaddr == src
497 if (!bacmp(&d->bdaddr, src)) {
501 if (bacmp(&d->bdaddr, dst)) {
508 hdev = hci_dev_hold(hdev);
510 read_unlock(&hci_dev_list_lock);
513 EXPORT_SYMBOL(hci_get_route);
515 /* Create SCO, ACL or LE connection.
516 * Device _must_ be locked */
517 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
519 struct hci_conn *acl;
520 struct hci_conn *sco;
523 BT_DBG("%s dst %s", hdev->name, batostr(dst));
525 if (type == LE_LINK) {
526 struct adv_entry *entry;
528 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
530 return ERR_PTR(-EBUSY);
532 entry = hci_find_adv_entry(hdev, dst);
534 return ERR_PTR(-EHOSTUNREACH);
536 le = hci_conn_add(hdev, LE_LINK, dst);
538 return ERR_PTR(-ENOMEM);
540 le->dst_type = entry->bdaddr_type;
549 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
551 acl = hci_conn_add(hdev, ACL_LINK, dst);
553 return ERR_PTR(-ENOMEM);
558 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
559 acl->sec_level = BT_SECURITY_LOW;
560 acl->pending_sec_level = sec_level;
561 acl->auth_type = auth_type;
562 hci_acl_connect(acl);
565 if (type == ACL_LINK)
568 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
570 sco = hci_conn_add(hdev, type, dst);
573 return ERR_PTR(-ENOMEM);
582 if (acl->state == BT_CONNECTED &&
583 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
584 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
585 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
587 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
588 /* defer SCO setup until mode change completed */
589 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
593 hci_sco_setup(acl, 0x00);
598 EXPORT_SYMBOL(hci_connect);
600 /* Check link security requirement */
601 int hci_conn_check_link_mode(struct hci_conn *conn)
603 BT_DBG("conn %p", conn);
605 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
610 EXPORT_SYMBOL(hci_conn_check_link_mode);
612 /* Authenticate remote device */
613 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
615 BT_DBG("conn %p", conn);
617 if (conn->pending_sec_level > sec_level)
618 sec_level = conn->pending_sec_level;
620 if (sec_level > conn->sec_level)
621 conn->pending_sec_level = sec_level;
622 else if (conn->link_mode & HCI_LM_AUTH)
625 /* Make sure we preserve an existing MITM requirement*/
626 auth_type |= (conn->auth_type & 0x01);
628 conn->auth_type = auth_type;
630 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
631 struct hci_cp_auth_requested cp;
633 /* encrypt must be pending if auth is also pending */
634 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
636 cp.handle = cpu_to_le16(conn->handle);
637 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
639 if (conn->key_type != 0xff)
640 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
646 /* Encrypt the the link */
647 static void hci_conn_encrypt(struct hci_conn *conn)
649 BT_DBG("conn %p", conn);
651 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
652 struct hci_cp_set_conn_encrypt cp;
653 cp.handle = cpu_to_le16(conn->handle);
655 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
660 /* Enable security */
661 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
663 BT_DBG("conn %p", conn);
665 /* For sdp we don't need the link key. */
666 if (sec_level == BT_SECURITY_SDP)
669 /* For non 2.1 devices and low security level we don't need the link
671 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
674 /* For other security levels we need the link key. */
675 if (!(conn->link_mode & HCI_LM_AUTH))
678 /* An authenticated combination key has sufficient security for any
680 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
683 /* An unauthenticated combination key has sufficient security for
684 security level 1 and 2. */
685 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
686 (sec_level == BT_SECURITY_MEDIUM ||
687 sec_level == BT_SECURITY_LOW))
690 /* A combination key has always sufficient security for the security
691 levels 1 or 2. High security level requires the combination key
692 is generated using maximum PIN code length (16).
693 For pre 2.1 units. */
694 if (conn->key_type == HCI_LK_COMBINATION &&
695 (sec_level != BT_SECURITY_HIGH ||
696 conn->pin_length == 16))
700 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
703 if (!hci_conn_auth(conn, sec_level, auth_type))
707 if (conn->link_mode & HCI_LM_ENCRYPT)
710 hci_conn_encrypt(conn);
713 EXPORT_SYMBOL(hci_conn_security);
715 /* Check secure link requirement */
716 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
718 BT_DBG("conn %p", conn);
720 if (sec_level != BT_SECURITY_HIGH)
721 return 1; /* Accept if non-secure is required */
723 if (conn->sec_level == BT_SECURITY_HIGH)
726 return 0; /* Reject not secure link */
728 EXPORT_SYMBOL(hci_conn_check_secure);
730 /* Change link key */
731 int hci_conn_change_link_key(struct hci_conn *conn)
733 BT_DBG("conn %p", conn);
735 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
736 struct hci_cp_change_conn_link_key cp;
737 cp.handle = cpu_to_le16(conn->handle);
738 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
744 EXPORT_SYMBOL(hci_conn_change_link_key);
747 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
749 BT_DBG("conn %p", conn);
751 if (!role && conn->link_mode & HCI_LM_MASTER)
754 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
755 struct hci_cp_switch_role cp;
756 bacpy(&cp.bdaddr, &conn->dst);
758 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
763 EXPORT_SYMBOL(hci_conn_switch_role);
765 /* Enter active mode */
766 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
768 struct hci_dev *hdev = conn->hdev;
770 BT_DBG("conn %p mode %d", conn, conn->mode);
772 if (test_bit(HCI_RAW, &hdev->flags))
775 if (conn->mode != HCI_CM_SNIFF)
778 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
781 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
782 struct hci_cp_exit_sniff_mode cp;
783 cp.handle = cpu_to_le16(conn->handle);
784 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
788 if (hdev->idle_timeout > 0)
789 mod_timer(&conn->idle_timer,
790 jiffies + msecs_to_jiffies(hdev->idle_timeout));
793 /* Drop all connection on the device */
794 void hci_conn_hash_flush(struct hci_dev *hdev)
796 struct hci_conn_hash *h = &hdev->conn_hash;
797 struct hci_conn *c, *n;
799 BT_DBG("hdev %s", hdev->name);
801 list_for_each_entry_safe(c, n, &h->list, list) {
802 c->state = BT_CLOSED;
804 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
809 /* Check pending connect attempts */
810 void hci_conn_check_pending(struct hci_dev *hdev)
812 struct hci_conn *conn;
814 BT_DBG("hdev %s", hdev->name);
818 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
820 hci_acl_connect(conn);
822 hci_dev_unlock(hdev);
825 void hci_conn_hold_device(struct hci_conn *conn)
827 atomic_inc(&conn->devref);
829 EXPORT_SYMBOL(hci_conn_hold_device);
831 void hci_conn_put_device(struct hci_conn *conn)
833 if (atomic_dec_and_test(&conn->devref))
834 hci_conn_del_sysfs(conn);
836 EXPORT_SYMBOL(hci_conn_put_device);
838 int hci_get_conn_list(void __user *arg)
840 register struct hci_conn *c;
841 struct hci_conn_list_req req, *cl;
842 struct hci_conn_info *ci;
843 struct hci_dev *hdev;
844 int n = 0, size, err;
846 if (copy_from_user(&req, arg, sizeof(req)))
849 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
852 size = sizeof(req) + req.conn_num * sizeof(*ci);
854 cl = kmalloc(size, GFP_KERNEL);
858 hdev = hci_dev_get(req.dev_id);
867 list_for_each_entry(c, &hdev->conn_hash.list, list) {
868 bacpy(&(ci + n)->bdaddr, &c->dst);
869 (ci + n)->handle = c->handle;
870 (ci + n)->type = c->type;
871 (ci + n)->out = c->out;
872 (ci + n)->state = c->state;
873 (ci + n)->link_mode = c->link_mode;
874 if (++n >= req.conn_num)
877 hci_dev_unlock(hdev);
879 cl->dev_id = hdev->id;
881 size = sizeof(req) + n * sizeof(*ci);
885 err = copy_to_user(arg, cl, size);
888 return err ? -EFAULT : 0;
891 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
893 struct hci_conn_info_req req;
894 struct hci_conn_info ci;
895 struct hci_conn *conn;
896 char __user *ptr = arg + sizeof(req);
898 if (copy_from_user(&req, arg, sizeof(req)))
902 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
904 bacpy(&ci.bdaddr, &conn->dst);
905 ci.handle = conn->handle;
906 ci.type = conn->type;
908 ci.state = conn->state;
909 ci.link_mode = conn->link_mode;
911 hci_dev_unlock(hdev);
916 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
919 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
921 struct hci_auth_info_req req;
922 struct hci_conn *conn;
924 if (copy_from_user(&req, arg, sizeof(req)))
928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
930 req.type = conn->auth_type;
931 hci_dev_unlock(hdev);
936 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
939 struct hci_chan *hci_chan_create(struct hci_conn *conn)
941 struct hci_dev *hdev = conn->hdev;
942 struct hci_chan *chan;
944 BT_DBG("%s conn %p", hdev->name, conn);
946 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
951 skb_queue_head_init(&chan->data_q);
953 list_add_rcu(&chan->list, &conn->chan_list);
958 int hci_chan_del(struct hci_chan *chan)
960 struct hci_conn *conn = chan->conn;
961 struct hci_dev *hdev = conn->hdev;
963 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan);
965 list_del_rcu(&chan->list);
969 skb_queue_purge(&chan->data_q);
975 void hci_chan_list_flush(struct hci_conn *conn)
977 struct hci_chan *chan, *n;
979 BT_DBG("conn %p", conn);
981 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
projects / firefly-linux-kernel-4.4.55.git / blob