2
BlueZ - Bluetooth protocol stack for Linux
3
Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
This program is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License version 2 as
9
published by the Free Software Foundation;
11
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22
SOFTWARE IS DISCLAIMED.
25
/* Bluetooth HCI connection handling. */
27
#include <linux/module.h>
29
#include <linux/types.h>
30
#include <linux/errno.h>
31
#include <linux/kernel.h>
32
#include <linux/slab.h>
33
#include <linux/poll.h>
34
#include <linux/fcntl.h>
35
#include <linux/init.h>
36
#include <linux/skbuff.h>
37
#include <linux/interrupt.h>
38
#include <linux/notifier.h>
41
#include <asm/system.h>
42
#include <linux/uaccess.h>
43
#include <asm/unaligned.h>
45
#include <net/bluetooth/bluetooth.h>
46
#include <net/bluetooth/hci_core.h>
48
static void hci_le_connect(struct hci_conn *conn)
50
struct hci_dev *hdev = conn->hdev;
51
struct hci_cp_le_create_conn cp;
53
conn->state = BT_CONNECT;
55
conn->link_mode |= HCI_LM_MASTER;
56
conn->sec_level = BT_SECURITY_LOW;
58
memset(&cp, 0, sizeof(cp));
59
cp.scan_interval = cpu_to_le16(0x0060);
60
cp.scan_window = cpu_to_le16(0x0030);
61
bacpy(&cp.peer_addr, &conn->dst);
62
cp.peer_addr_type = conn->dst_type;
63
cp.conn_interval_min = cpu_to_le16(0x0028);
64
cp.conn_interval_max = cpu_to_le16(0x0038);
65
cp.supervision_timeout = cpu_to_le16(0x002a);
66
cp.min_ce_len = cpu_to_le16(0x0000);
67
cp.max_ce_len = cpu_to_le16(0x0000);
69
hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
72
static void hci_le_connect_cancel(struct hci_conn *conn)
74
hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
77
void hci_acl_connect(struct hci_conn *conn)
79
struct hci_dev *hdev = conn->hdev;
80
struct inquiry_entry *ie;
81
struct hci_cp_create_conn cp;
85
conn->state = BT_CONNECT;
88
conn->link_mode = HCI_LM_MASTER;
92
conn->link_policy = hdev->link_policy;
94
memset(&cp, 0, sizeof(cp));
95
bacpy(&cp.bdaddr, &conn->dst);
96
cp.pscan_rep_mode = 0x02;
98
ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
100
if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
101
cp.pscan_rep_mode = ie->data.pscan_rep_mode;
102
cp.pscan_mode = ie->data.pscan_mode;
103
cp.clock_offset = ie->data.clock_offset |
107
memcpy(conn->dev_class, ie->data.dev_class, 3);
108
conn->ssp_mode = ie->data.ssp_mode;
111
cp.pkt_type = cpu_to_le16(conn->pkt_type);
112
if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
113
cp.role_switch = 0x01;
115
cp.role_switch = 0x00;
117
hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
120
static void hci_acl_connect_cancel(struct hci_conn *conn)
122
struct hci_cp_create_conn_cancel cp;
126
if (conn->hdev->hci_ver < 2)
129
bacpy(&cp.bdaddr, &conn->dst);
130
hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
133
void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
135
struct hci_cp_disconnect cp;
139
conn->state = BT_DISCONN;
141
cp.handle = cpu_to_le16(conn->handle);
143
hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
146
void hci_add_sco(struct hci_conn *conn, __u16 handle)
148
struct hci_dev *hdev = conn->hdev;
149
struct hci_cp_add_sco cp;
153
conn->state = BT_CONNECT;
158
cp.handle = cpu_to_le16(handle);
159
cp.pkt_type = cpu_to_le16(conn->pkt_type);
161
hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
164
void hci_setup_sync(struct hci_conn *conn, __u16 handle)
166
struct hci_dev *hdev = conn->hdev;
167
struct hci_cp_setup_sync_conn cp;
171
conn->state = BT_CONNECT;
176
cp.handle = cpu_to_le16(handle);
177
cp.pkt_type = cpu_to_le16(conn->pkt_type);
179
cp.tx_bandwidth = cpu_to_le32(0x00001f40);
180
cp.rx_bandwidth = cpu_to_le32(0x00001f40);
181
cp.max_latency = cpu_to_le16(0xffff);
182
cp.voice_setting = cpu_to_le16(hdev->voice_setting);
183
cp.retrans_effort = 0xff;
185
hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
188
void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
189
u16 latency, u16 to_multiplier)
191
struct hci_cp_le_conn_update cp;
192
struct hci_dev *hdev = conn->hdev;
194
memset(&cp, 0, sizeof(cp));
196
cp.handle = cpu_to_le16(conn->handle);
197
cp.conn_interval_min = cpu_to_le16(min);
198
cp.conn_interval_max = cpu_to_le16(max);
199
cp.conn_latency = cpu_to_le16(latency);
200
cp.supervision_timeout = cpu_to_le16(to_multiplier);
201
cp.min_ce_len = cpu_to_le16(0x0001);
202
cp.max_ce_len = cpu_to_le16(0x0001);
204
hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
206
EXPORT_SYMBOL(hci_le_conn_update);
208
void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
211
struct hci_dev *hdev = conn->hdev;
212
struct hci_cp_le_start_enc cp;
216
memset(&cp, 0, sizeof(cp));
218
cp.handle = cpu_to_le16(conn->handle);
219
memcpy(cp.ltk, ltk, sizeof(cp.ltk));
221
memcpy(cp.rand, rand, sizeof(cp.rand));
223
hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
225
EXPORT_SYMBOL(hci_le_start_enc);
227
void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
229
struct hci_dev *hdev = conn->hdev;
230
struct hci_cp_le_ltk_reply cp;
234
memset(&cp, 0, sizeof(cp));
236
cp.handle = cpu_to_le16(conn->handle);
237
memcpy(cp.ltk, ltk, sizeof(ltk));
239
hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
241
EXPORT_SYMBOL(hci_le_ltk_reply);
243
void hci_le_ltk_neg_reply(struct hci_conn *conn)
245
struct hci_dev *hdev = conn->hdev;
246
struct hci_cp_le_ltk_neg_reply cp;
250
memset(&cp, 0, sizeof(cp));
252
cp.handle = cpu_to_le16(conn->handle);
254
hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp);
257
/* Device _must_ be locked */
258
void hci_sco_setup(struct hci_conn *conn, __u8 status)
260
struct hci_conn *sco = conn->link;
268
if (lmp_esco_capable(conn->hdev))
269
hci_setup_sync(sco, conn->handle);
271
hci_add_sco(sco, conn->handle);
273
hci_proto_connect_cfm(sco, status);
278
static void hci_conn_timeout(unsigned long arg)
280
struct hci_conn *conn = (void *) arg;
281
struct hci_dev *hdev = conn->hdev;
284
BT_DBG("conn %p state %d", conn, conn->state);
286
if (atomic_read(&conn->refcnt))
291
switch (conn->state) {
295
if (conn->type == ACL_LINK)
296
hci_acl_connect_cancel(conn);
297
else if (conn->type == LE_LINK)
298
hci_le_connect_cancel(conn);
303
reason = hci_proto_disconn_ind(conn);
304
hci_acl_disconn(conn, reason);
307
conn->state = BT_CLOSED;
311
hci_dev_unlock(hdev);
314
static void hci_conn_idle(unsigned long arg)
316
struct hci_conn *conn = (void *) arg;
318
BT_DBG("conn %p mode %d", conn, conn->mode);
320
hci_conn_enter_sniff_mode(conn);
323
static void hci_conn_auto_accept(unsigned long arg)
325
struct hci_conn *conn = (void *) arg;
326
struct hci_dev *hdev = conn->hdev;
330
hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
333
hci_dev_unlock(hdev);
336
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
338
struct hci_conn *conn;
340
BT_DBG("%s dst %s", hdev->name, batostr(dst));
342
conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
346
bacpy(&conn->dst, dst);
349
conn->mode = HCI_CM_ACTIVE;
350
conn->state = BT_OPEN;
351
conn->auth_type = HCI_AT_GENERAL_BONDING;
352
conn->io_capability = hdev->io_capability;
353
conn->remote_auth = 0xff;
354
conn->key_type = 0xff;
356
conn->power_save = 1;
357
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
361
conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
364
if (lmp_esco_capable(hdev))
365
conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
366
(hdev->esco_type & EDR_ESCO_MASK);
368
conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
371
conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
375
skb_queue_head_init(&conn->data_q);
377
setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
378
setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
379
setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
380
(unsigned long) conn);
382
atomic_set(&conn->refcnt, 0);
386
tasklet_disable(&hdev->tx_task);
388
hci_conn_hash_add(hdev, conn);
390
hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
392
atomic_set(&conn->devref, 0);
394
hci_conn_init_sysfs(conn);
396
tasklet_enable(&hdev->tx_task);
401
int hci_conn_del(struct hci_conn *conn)
403
struct hci_dev *hdev = conn->hdev;
405
BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
407
del_timer(&conn->idle_timer);
409
del_timer(&conn->disc_timer);
411
del_timer(&conn->auto_accept_timer);
413
if (conn->type == ACL_LINK) {
414
struct hci_conn *sco = conn->link;
419
hdev->acl_cnt += conn->sent;
420
} else if (conn->type == LE_LINK) {
422
hdev->le_cnt += conn->sent;
424
hdev->acl_cnt += conn->sent;
426
struct hci_conn *acl = conn->link;
433
tasklet_disable(&hdev->tx_task);
435
hci_conn_hash_del(hdev, conn);
437
hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
439
tasklet_enable(&hdev->tx_task);
441
skb_queue_purge(&conn->data_q);
443
hci_conn_put_device(conn);
447
if (conn->handle == 0)
453
struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
455
int use_src = bacmp(src, BDADDR_ANY);
456
struct hci_dev *hdev = NULL;
459
BT_DBG("%s -> %s", batostr(src), batostr(dst));
461
read_lock_bh(&hci_dev_list_lock);
463
list_for_each(p, &hci_dev_list) {
464
struct hci_dev *d = list_entry(p, struct hci_dev, list);
466
if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
470
* No source address - find interface with bdaddr != dst
471
* Source address - find interface with bdaddr == src
475
if (!bacmp(&d->bdaddr, src)) {
479
if (bacmp(&d->bdaddr, dst)) {
486
hdev = hci_dev_hold(hdev);
488
read_unlock_bh(&hci_dev_list_lock);
491
EXPORT_SYMBOL(hci_get_route);
493
/* Create SCO, ACL or LE connection.
494
* Device _must_ be locked */
495
struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
497
struct hci_conn *acl;
498
struct hci_conn *sco;
501
BT_DBG("%s dst %s", hdev->name, batostr(dst));
503
if (type == LE_LINK) {
504
struct adv_entry *entry;
506
le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
508
return ERR_PTR(-EBUSY);
510
entry = hci_find_adv_entry(hdev, dst);
512
return ERR_PTR(-EHOSTUNREACH);
514
le = hci_conn_add(hdev, LE_LINK, dst);
516
return ERR_PTR(-ENOMEM);
518
le->dst_type = entry->bdaddr_type;
527
acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
529
acl = hci_conn_add(hdev, ACL_LINK, dst);
536
if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
537
acl->sec_level = BT_SECURITY_LOW;
538
acl->pending_sec_level = sec_level;
539
acl->auth_type = auth_type;
540
hci_acl_connect(acl);
543
if (type == ACL_LINK)
546
sco = hci_conn_hash_lookup_ba(hdev, type, dst);
548
sco = hci_conn_add(hdev, type, dst);
560
if (acl->state == BT_CONNECTED &&
561
(sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
563
hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
565
if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
566
/* defer SCO setup until mode change completed */
567
set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
571
hci_sco_setup(acl, 0x00);
576
EXPORT_SYMBOL(hci_connect);
578
/* Check link security requirement */
579
int hci_conn_check_link_mode(struct hci_conn *conn)
581
BT_DBG("conn %p", conn);
583
if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
584
!(conn->link_mode & HCI_LM_ENCRYPT))
589
EXPORT_SYMBOL(hci_conn_check_link_mode);
591
/* Authenticate remote device */
592
static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
594
BT_DBG("conn %p", conn);
596
if (conn->pending_sec_level > sec_level)
597
sec_level = conn->pending_sec_level;
599
if (sec_level > conn->sec_level)
600
conn->pending_sec_level = sec_level;
601
else if (conn->link_mode & HCI_LM_AUTH)
604
/* Make sure we preserve an existing MITM requirement*/
605
auth_type |= (conn->auth_type & 0x01);
607
conn->auth_type = auth_type;
609
if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
610
struct hci_cp_auth_requested cp;
611
cp.handle = cpu_to_le16(conn->handle);
612
hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
614
if (conn->key_type != 0xff)
615
set_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
621
/* Encrypt the the link */
622
static void hci_conn_encrypt(struct hci_conn *conn)
624
BT_DBG("conn %p", conn);
626
if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
627
struct hci_cp_set_conn_encrypt cp;
628
cp.handle = cpu_to_le16(conn->handle);
630
hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
635
/* Enable security */
636
int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
638
BT_DBG("conn %p", conn);
640
/* For sdp we don't need the link key. */
641
if (sec_level == BT_SECURITY_SDP)
644
/* For non 2.1 devices and low security level we don't need the link
646
if (sec_level == BT_SECURITY_LOW &&
647
(!conn->ssp_mode || !conn->hdev->ssp_mode))
650
/* For other security levels we need the link key. */
651
if (!(conn->link_mode & HCI_LM_AUTH))
654
/* An authenticated combination key has sufficient security for any
656
if (conn->key_type == HCI_LK_AUTH_COMBINATION)
659
/* An unauthenticated combination key has sufficient security for
660
security level 1 and 2. */
661
if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
662
(sec_level == BT_SECURITY_MEDIUM ||
663
sec_level == BT_SECURITY_LOW))
666
/* A combination key has always sufficient security for the security
667
levels 1 or 2. High security level requires the combination key
668
is generated using maximum PIN code length (16).
669
For pre 2.1 units. */
670
if (conn->key_type == HCI_LK_COMBINATION &&
671
(sec_level != BT_SECURITY_HIGH ||
672
conn->pin_length == 16))
676
if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
679
if (!hci_conn_auth(conn, sec_level, auth_type))
683
if (conn->link_mode & HCI_LM_ENCRYPT)
686
hci_conn_encrypt(conn);
689
EXPORT_SYMBOL(hci_conn_security);
691
/* Check secure link requirement */
692
int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
694
BT_DBG("conn %p", conn);
696
if (sec_level != BT_SECURITY_HIGH)
697
return 1; /* Accept if non-secure is required */
699
if (conn->sec_level == BT_SECURITY_HIGH)
702
return 0; /* Reject not secure link */
704
EXPORT_SYMBOL(hci_conn_check_secure);
706
/* Change link key */
707
int hci_conn_change_link_key(struct hci_conn *conn)
709
BT_DBG("conn %p", conn);
711
if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
712
struct hci_cp_change_conn_link_key cp;
713
cp.handle = cpu_to_le16(conn->handle);
714
hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
720
EXPORT_SYMBOL(hci_conn_change_link_key);
723
int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
725
BT_DBG("conn %p", conn);
727
if (!role && conn->link_mode & HCI_LM_MASTER)
730
if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
731
struct hci_cp_switch_role cp;
732
bacpy(&cp.bdaddr, &conn->dst);
734
hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
739
EXPORT_SYMBOL(hci_conn_switch_role);
741
/* Enter active mode */
742
void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
744
struct hci_dev *hdev = conn->hdev;
746
BT_DBG("conn %p mode %d", conn, conn->mode);
748
if (test_bit(HCI_RAW, &hdev->flags))
751
if (conn->mode != HCI_CM_SNIFF)
754
if (!conn->power_save && !force_active)
757
if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
758
struct hci_cp_exit_sniff_mode cp;
759
cp.handle = cpu_to_le16(conn->handle);
760
hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
764
if (hdev->idle_timeout > 0)
765
mod_timer(&conn->idle_timer,
766
jiffies + msecs_to_jiffies(hdev->idle_timeout));
769
/* Enter sniff mode */
770
void hci_conn_enter_sniff_mode(struct hci_conn *conn)
772
struct hci_dev *hdev = conn->hdev;
774
BT_DBG("conn %p mode %d", conn, conn->mode);
776
if (test_bit(HCI_RAW, &hdev->flags))
779
if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
782
if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
785
if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
786
struct hci_cp_sniff_subrate cp;
787
cp.handle = cpu_to_le16(conn->handle);
788
cp.max_latency = cpu_to_le16(0);
789
cp.min_remote_timeout = cpu_to_le16(0);
790
cp.min_local_timeout = cpu_to_le16(0);
791
hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
794
if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
795
struct hci_cp_sniff_mode cp;
796
cp.handle = cpu_to_le16(conn->handle);
797
cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
798
cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
799
cp.attempt = cpu_to_le16(4);
800
cp.timeout = cpu_to_le16(1);
801
hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
805
/* Drop all connection on the device */
806
void hci_conn_hash_flush(struct hci_dev *hdev)
808
struct hci_conn_hash *h = &hdev->conn_hash;
811
BT_DBG("hdev %s", hdev->name);
814
while (p != &h->list) {
817
c = list_entry(p, struct hci_conn, list);
820
c->state = BT_CLOSED;
822
hci_proto_disconn_cfm(c, 0x16);
827
/* Check pending connect attempts */
828
void hci_conn_check_pending(struct hci_dev *hdev)
830
struct hci_conn *conn;
832
BT_DBG("hdev %s", hdev->name);
836
conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
838
hci_acl_connect(conn);
840
hci_dev_unlock(hdev);
843
void hci_conn_hold_device(struct hci_conn *conn)
845
atomic_inc(&conn->devref);
847
EXPORT_SYMBOL(hci_conn_hold_device);
849
void hci_conn_put_device(struct hci_conn *conn)
851
if (atomic_dec_and_test(&conn->devref))
852
hci_conn_del_sysfs(conn);
854
EXPORT_SYMBOL(hci_conn_put_device);
856
int hci_get_conn_list(void __user *arg)
858
struct hci_conn_list_req req, *cl;
859
struct hci_conn_info *ci;
860
struct hci_dev *hdev;
862
int n = 0, size, err;
864
if (copy_from_user(&req, arg, sizeof(req)))
867
if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
870
size = sizeof(req) + req.conn_num * sizeof(*ci);
872
cl = kmalloc(size, GFP_KERNEL);
876
hdev = hci_dev_get(req.dev_id);
884
hci_dev_lock_bh(hdev);
885
list_for_each(p, &hdev->conn_hash.list) {
886
register struct hci_conn *c;
887
c = list_entry(p, struct hci_conn, list);
889
bacpy(&(ci + n)->bdaddr, &c->dst);
890
(ci + n)->handle = c->handle;
891
(ci + n)->type = c->type;
892
(ci + n)->out = c->out;
893
(ci + n)->state = c->state;
894
(ci + n)->link_mode = c->link_mode;
895
if (++n >= req.conn_num)
898
hci_dev_unlock_bh(hdev);
900
cl->dev_id = hdev->id;
902
size = sizeof(req) + n * sizeof(*ci);
906
err = copy_to_user(arg, cl, size);
909
return err ? -EFAULT : 0;
912
int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
914
struct hci_conn_info_req req;
915
struct hci_conn_info ci;
916
struct hci_conn *conn;
917
char __user *ptr = arg + sizeof(req);
919
if (copy_from_user(&req, arg, sizeof(req)))
922
hci_dev_lock_bh(hdev);
923
conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
925
bacpy(&ci.bdaddr, &conn->dst);
926
ci.handle = conn->handle;
927
ci.type = conn->type;
929
ci.state = conn->state;
930
ci.link_mode = conn->link_mode;
932
hci_dev_unlock_bh(hdev);
937
return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
940
int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
942
struct hci_auth_info_req req;
943
struct hci_conn *conn;
945
if (copy_from_user(&req, arg, sizeof(req)))
948
hci_dev_lock_bh(hdev);
949
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
951
req.type = conn->auth_type;
952
hci_dev_unlock_bh(hdev);
957
return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;