2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/a2mp.h>
32 #include <net/bluetooth/smp.h>
34 static void hci_le_create_connection(struct hci_conn *conn)
36 struct hci_dev *hdev = conn->hdev;
37 struct hci_cp_le_create_conn cp;
39 conn->state = BT_CONNECT;
41 conn->link_mode |= HCI_LM_MASTER;
42 conn->sec_level = BT_SECURITY_LOW;
44 memset(&cp, 0, sizeof(cp));
45 cp.scan_interval = __constant_cpu_to_le16(0x0060);
46 cp.scan_window = __constant_cpu_to_le16(0x0030);
47 bacpy(&cp.peer_addr, &conn->dst);
48 cp.peer_addr_type = conn->dst_type;
49 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
50 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
51 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
52 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
53 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
55 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
58 static void hci_le_create_connection_cancel(struct hci_conn *conn)
60 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
63 static void hci_acl_create_connection(struct hci_conn *conn)
65 struct hci_dev *hdev = conn->hdev;
66 struct inquiry_entry *ie;
67 struct hci_cp_create_conn cp;
69 BT_DBG("hcon %p", conn);
71 conn->state = BT_CONNECT;
74 conn->link_mode = HCI_LM_MASTER;
78 conn->link_policy = hdev->link_policy;
80 memset(&cp, 0, sizeof(cp));
81 bacpy(&cp.bdaddr, &conn->dst);
82 cp.pscan_rep_mode = 0x02;
84 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
86 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
87 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
88 cp.pscan_mode = ie->data.pscan_mode;
89 cp.clock_offset = ie->data.clock_offset |
90 __constant_cpu_to_le16(0x8000);
93 memcpy(conn->dev_class, ie->data.dev_class, 3);
94 if (ie->data.ssp_mode > 0)
95 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
98 cp.pkt_type = cpu_to_le16(conn->pkt_type);
99 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
100 cp.role_switch = 0x01;
102 cp.role_switch = 0x00;
104 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
107 static void hci_acl_create_connection_cancel(struct hci_conn *conn)
109 struct hci_cp_create_conn_cancel cp;
111 BT_DBG("hcon %p", conn);
113 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
116 bacpy(&cp.bdaddr, &conn->dst);
117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
120 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
122 struct hci_cp_disconnect cp;
124 BT_DBG("hcon %p", conn);
126 conn->state = BT_DISCONN;
128 cp.handle = cpu_to_le16(conn->handle);
130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
133 static void hci_add_sco(struct hci_conn *conn, __u16 handle)
135 struct hci_dev *hdev = conn->hdev;
136 struct hci_cp_add_sco cp;
138 BT_DBG("hcon %p", conn);
140 conn->state = BT_CONNECT;
145 cp.handle = cpu_to_le16(handle);
146 cp.pkt_type = cpu_to_le16(conn->pkt_type);
148 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
151 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
153 struct hci_dev *hdev = conn->hdev;
154 struct hci_cp_setup_sync_conn cp;
156 BT_DBG("hcon %p", conn);
158 conn->state = BT_CONNECT;
163 cp.handle = cpu_to_le16(handle);
164 cp.pkt_type = cpu_to_le16(conn->pkt_type);
166 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
167 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
168 cp.max_latency = __constant_cpu_to_le16(0xffff);
169 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
170 cp.retrans_effort = 0xff;
172 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
175 void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
176 u16 latency, u16 to_multiplier)
178 struct hci_cp_le_conn_update cp;
179 struct hci_dev *hdev = conn->hdev;
181 memset(&cp, 0, sizeof(cp));
183 cp.handle = cpu_to_le16(conn->handle);
184 cp.conn_interval_min = cpu_to_le16(min);
185 cp.conn_interval_max = cpu_to_le16(max);
186 cp.conn_latency = cpu_to_le16(latency);
187 cp.supervision_timeout = cpu_to_le16(to_multiplier);
188 cp.min_ce_len = __constant_cpu_to_le16(0x0001);
189 cp.max_ce_len = __constant_cpu_to_le16(0x0001);
191 hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
194 void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
197 struct hci_dev *hdev = conn->hdev;
198 struct hci_cp_le_start_enc cp;
200 BT_DBG("hcon %p", conn);
202 memset(&cp, 0, sizeof(cp));
204 cp.handle = cpu_to_le16(conn->handle);
205 memcpy(cp.ltk, ltk, sizeof(cp.ltk));
207 memcpy(cp.rand, rand, sizeof(cp.rand));
209 hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
212 /* Device _must_ be locked */
213 void hci_sco_setup(struct hci_conn *conn, __u8 status)
215 struct hci_conn *sco = conn->link;
220 BT_DBG("hcon %p", conn);
223 if (lmp_esco_capable(conn->hdev))
224 hci_setup_sync(sco, conn->handle);
226 hci_add_sco(sco, conn->handle);
228 hci_proto_connect_cfm(sco, status);
233 static void hci_conn_timeout(struct work_struct *work)
235 struct hci_conn *conn = container_of(work, struct hci_conn,
239 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
241 if (atomic_read(&conn->refcnt))
244 switch (conn->state) {
248 if (conn->type == ACL_LINK)
249 hci_acl_create_connection_cancel(conn);
250 else if (conn->type == LE_LINK)
251 hci_le_create_connection_cancel(conn);
256 reason = hci_proto_disconn_ind(conn);
257 hci_acl_disconn(conn, reason);
260 conn->state = BT_CLOSED;
265 /* Enter sniff mode */
266 static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
268 struct hci_dev *hdev = conn->hdev;
270 BT_DBG("hcon %p mode %d", conn, conn->mode);
272 if (test_bit(HCI_RAW, &hdev->flags))
275 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
278 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
281 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
282 struct hci_cp_sniff_subrate cp;
283 cp.handle = cpu_to_le16(conn->handle);
284 cp.max_latency = __constant_cpu_to_le16(0);
285 cp.min_remote_timeout = __constant_cpu_to_le16(0);
286 cp.min_local_timeout = __constant_cpu_to_le16(0);
287 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
290 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
291 struct hci_cp_sniff_mode cp;
292 cp.handle = cpu_to_le16(conn->handle);
293 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
294 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
295 cp.attempt = __constant_cpu_to_le16(4);
296 cp.timeout = __constant_cpu_to_le16(1);
297 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
301 static void hci_conn_idle(unsigned long arg)
303 struct hci_conn *conn = (void *) arg;
305 BT_DBG("hcon %p mode %d", conn, conn->mode);
307 hci_conn_enter_sniff_mode(conn);
310 static void hci_conn_auto_accept(unsigned long arg)
312 struct hci_conn *conn = (void *) arg;
313 struct hci_dev *hdev = conn->hdev;
315 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
319 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
321 struct hci_conn *conn;
323 BT_DBG("%s dst %s", hdev->name, batostr(dst));
325 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
329 bacpy(&conn->dst, dst);
332 conn->mode = HCI_CM_ACTIVE;
333 conn->state = BT_OPEN;
334 conn->auth_type = HCI_AT_GENERAL_BONDING;
335 conn->io_capability = hdev->io_capability;
336 conn->remote_auth = 0xff;
337 conn->key_type = 0xff;
339 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
340 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
344 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
347 if (lmp_esco_capable(hdev))
348 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
349 (hdev->esco_type & EDR_ESCO_MASK);
351 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
354 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
358 skb_queue_head_init(&conn->data_q);
360 INIT_LIST_HEAD(&conn->chan_list);
362 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
363 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
364 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
365 (unsigned long) conn);
367 atomic_set(&conn->refcnt, 0);
371 hci_conn_hash_add(hdev, conn);
373 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
375 atomic_set(&conn->devref, 0);
377 hci_conn_init_sysfs(conn);
382 int hci_conn_del(struct hci_conn *conn)
384 struct hci_dev *hdev = conn->hdev;
386 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
388 del_timer(&conn->idle_timer);
390 cancel_delayed_work_sync(&conn->disc_work);
392 del_timer(&conn->auto_accept_timer);
394 if (conn->type == ACL_LINK) {
395 struct hci_conn *sco = conn->link;
400 hdev->acl_cnt += conn->sent;
401 } else if (conn->type == LE_LINK) {
403 hdev->le_cnt += conn->sent;
405 hdev->acl_cnt += conn->sent;
407 struct hci_conn *acl = conn->link;
414 hci_chan_list_flush(conn);
417 amp_mgr_put(conn->amp_mgr);
419 hci_conn_hash_del(hdev, conn);
421 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
423 skb_queue_purge(&conn->data_q);
425 hci_conn_put_device(conn);
429 if (conn->handle == 0)
435 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
437 int use_src = bacmp(src, BDADDR_ANY);
438 struct hci_dev *hdev = NULL, *d;
440 BT_DBG("%s -> %s", batostr(src), batostr(dst));
442 read_lock(&hci_dev_list_lock);
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (!test_bit(HCI_UP, &d->flags) ||
446 test_bit(HCI_RAW, &d->flags) ||
447 d->dev_type != HCI_BREDR)
451 * No source address - find interface with bdaddr != dst
452 * Source address - find interface with bdaddr == src
456 if (!bacmp(&d->bdaddr, src)) {
460 if (bacmp(&d->bdaddr, dst)) {
467 hdev = hci_dev_hold(hdev);
469 read_unlock(&hci_dev_list_lock);
472 EXPORT_SYMBOL(hci_get_route);
474 static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
475 u8 dst_type, u8 sec_level, u8 auth_type)
479 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
481 le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
483 return ERR_PTR(-EBUSY);
485 le = hci_conn_add(hdev, LE_LINK, dst);
487 return ERR_PTR(-ENOMEM);
489 le->dst_type = bdaddr_to_le(dst_type);
490 hci_le_create_connection(le);
493 le->pending_sec_level = sec_level;
494 le->auth_type = auth_type;
501 static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
502 u8 sec_level, u8 auth_type)
504 struct hci_conn *acl;
506 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
508 acl = hci_conn_add(hdev, ACL_LINK, dst);
510 return ERR_PTR(-ENOMEM);
515 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
516 acl->sec_level = BT_SECURITY_LOW;
517 acl->pending_sec_level = sec_level;
518 acl->auth_type = auth_type;
519 hci_acl_create_connection(acl);
525 static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
526 bdaddr_t *dst, u8 sec_level, u8 auth_type)
528 struct hci_conn *acl;
529 struct hci_conn *sco;
531 acl = hci_connect_acl(hdev, dst, sec_level, auth_type);
535 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
537 sco = hci_conn_add(hdev, type, dst);
540 return ERR_PTR(-ENOMEM);
549 if (acl->state == BT_CONNECTED &&
550 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
551 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
552 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
554 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
555 /* defer SCO setup until mode change completed */
556 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
560 hci_sco_setup(acl, 0x00);
566 /* Create SCO, ACL or LE connection. */
567 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
568 __u8 dst_type, __u8 sec_level, __u8 auth_type)
570 BT_DBG("%s dst %s type 0x%x", hdev->name, batostr(dst), type);
574 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
576 return hci_connect_acl(hdev, dst, sec_level, auth_type);
579 return hci_connect_sco(hdev, type, dst, sec_level, auth_type);
582 return ERR_PTR(-EINVAL);
585 /* Check link security requirement */
586 int hci_conn_check_link_mode(struct hci_conn *conn)
588 BT_DBG("hcon %p", conn);
590 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
596 /* Authenticate remote device */
597 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
599 BT_DBG("hcon %p", conn);
601 if (conn->pending_sec_level > sec_level)
602 sec_level = conn->pending_sec_level;
604 if (sec_level > conn->sec_level)
605 conn->pending_sec_level = sec_level;
606 else if (conn->link_mode & HCI_LM_AUTH)
609 /* Make sure we preserve an existing MITM requirement*/
610 auth_type |= (conn->auth_type & 0x01);
612 conn->auth_type = auth_type;
614 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
615 struct hci_cp_auth_requested cp;
617 /* encrypt must be pending if auth is also pending */
618 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
620 cp.handle = cpu_to_le16(conn->handle);
621 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
623 if (conn->key_type != 0xff)
624 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
630 /* Encrypt the the link */
631 static void hci_conn_encrypt(struct hci_conn *conn)
633 BT_DBG("hcon %p", conn);
635 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
636 struct hci_cp_set_conn_encrypt cp;
637 cp.handle = cpu_to_le16(conn->handle);
639 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
644 /* Enable security */
645 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
647 BT_DBG("hcon %p", conn);
649 if (conn->type == LE_LINK)
650 return smp_conn_security(conn, sec_level);
652 /* For sdp we don't need the link key. */
653 if (sec_level == BT_SECURITY_SDP)
656 /* For non 2.1 devices and low security level we don't need the link
658 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
661 /* For other security levels we need the link key. */
662 if (!(conn->link_mode & HCI_LM_AUTH))
665 /* An authenticated combination key has sufficient security for any
667 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
670 /* An unauthenticated combination key has sufficient security for
671 security level 1 and 2. */
672 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
673 (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW))
676 /* A combination key has always sufficient security for the security
677 levels 1 or 2. High security level requires the combination key
678 is generated using maximum PIN code length (16).
679 For pre 2.1 units. */
680 if (conn->key_type == HCI_LK_COMBINATION &&
681 (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16))
685 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
688 if (!hci_conn_auth(conn, sec_level, auth_type))
692 if (conn->link_mode & HCI_LM_ENCRYPT)
695 hci_conn_encrypt(conn);
698 EXPORT_SYMBOL(hci_conn_security);
700 /* Check secure link requirement */
701 int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
703 BT_DBG("hcon %p", conn);
705 if (sec_level != BT_SECURITY_HIGH)
706 return 1; /* Accept if non-secure is required */
708 if (conn->sec_level == BT_SECURITY_HIGH)
711 return 0; /* Reject not secure link */
713 EXPORT_SYMBOL(hci_conn_check_secure);
715 /* Change link key */
716 int hci_conn_change_link_key(struct hci_conn *conn)
718 BT_DBG("hcon %p", conn);
720 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
721 struct hci_cp_change_conn_link_key cp;
722 cp.handle = cpu_to_le16(conn->handle);
723 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
731 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
733 BT_DBG("hcon %p", conn);
735 if (!role && conn->link_mode & HCI_LM_MASTER)
738 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
739 struct hci_cp_switch_role cp;
740 bacpy(&cp.bdaddr, &conn->dst);
742 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
747 EXPORT_SYMBOL(hci_conn_switch_role);
749 /* Enter active mode */
750 void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
752 struct hci_dev *hdev = conn->hdev;
754 BT_DBG("hcon %p mode %d", conn, conn->mode);
756 if (test_bit(HCI_RAW, &hdev->flags))
759 if (conn->mode != HCI_CM_SNIFF)
762 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
765 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
766 struct hci_cp_exit_sniff_mode cp;
767 cp.handle = cpu_to_le16(conn->handle);
768 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
772 if (hdev->idle_timeout > 0)
773 mod_timer(&conn->idle_timer,
774 jiffies + msecs_to_jiffies(hdev->idle_timeout));
777 /* Drop all connection on the device */
778 void hci_conn_hash_flush(struct hci_dev *hdev)
780 struct hci_conn_hash *h = &hdev->conn_hash;
781 struct hci_conn *c, *n;
783 BT_DBG("hdev %s", hdev->name);
785 list_for_each_entry_safe(c, n, &h->list, list) {
786 c->state = BT_CLOSED;
788 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
793 /* Check pending connect attempts */
794 void hci_conn_check_pending(struct hci_dev *hdev)
796 struct hci_conn *conn;
798 BT_DBG("hdev %s", hdev->name);
802 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
804 hci_acl_create_connection(conn);
806 hci_dev_unlock(hdev);
809 void hci_conn_hold_device(struct hci_conn *conn)
811 atomic_inc(&conn->devref);
813 EXPORT_SYMBOL(hci_conn_hold_device);
815 void hci_conn_put_device(struct hci_conn *conn)
817 if (atomic_dec_and_test(&conn->devref))
818 hci_conn_del_sysfs(conn);
820 EXPORT_SYMBOL(hci_conn_put_device);
822 int hci_get_conn_list(void __user *arg)
825 struct hci_conn_list_req req, *cl;
826 struct hci_conn_info *ci;
827 struct hci_dev *hdev;
828 int n = 0, size, err;
830 if (copy_from_user(&req, arg, sizeof(req)))
833 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
836 size = sizeof(req) + req.conn_num * sizeof(*ci);
838 cl = kmalloc(size, GFP_KERNEL);
842 hdev = hci_dev_get(req.dev_id);
851 list_for_each_entry(c, &hdev->conn_hash.list, list) {
852 bacpy(&(ci + n)->bdaddr, &c->dst);
853 (ci + n)->handle = c->handle;
854 (ci + n)->type = c->type;
855 (ci + n)->out = c->out;
856 (ci + n)->state = c->state;
857 (ci + n)->link_mode = c->link_mode;
858 if (++n >= req.conn_num)
861 hci_dev_unlock(hdev);
863 cl->dev_id = hdev->id;
865 size = sizeof(req) + n * sizeof(*ci);
869 err = copy_to_user(arg, cl, size);
872 return err ? -EFAULT : 0;
875 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
877 struct hci_conn_info_req req;
878 struct hci_conn_info ci;
879 struct hci_conn *conn;
880 char __user *ptr = arg + sizeof(req);
882 if (copy_from_user(&req, arg, sizeof(req)))
886 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
888 bacpy(&ci.bdaddr, &conn->dst);
889 ci.handle = conn->handle;
890 ci.type = conn->type;
892 ci.state = conn->state;
893 ci.link_mode = conn->link_mode;
895 hci_dev_unlock(hdev);
900 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
903 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
905 struct hci_auth_info_req req;
906 struct hci_conn *conn;
908 if (copy_from_user(&req, arg, sizeof(req)))
912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
914 req.type = conn->auth_type;
915 hci_dev_unlock(hdev);
920 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
923 struct hci_chan *hci_chan_create(struct hci_conn *conn)
925 struct hci_dev *hdev = conn->hdev;
926 struct hci_chan *chan;
928 BT_DBG("%s hcon %p", hdev->name, conn);
930 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
935 skb_queue_head_init(&chan->data_q);
937 list_add_rcu(&chan->list, &conn->chan_list);
942 void hci_chan_del(struct hci_chan *chan)
944 struct hci_conn *conn = chan->conn;
945 struct hci_dev *hdev = conn->hdev;
947 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
949 list_del_rcu(&chan->list);
953 skb_queue_purge(&chan->data_q);
957 void hci_chan_list_flush(struct hci_conn *conn)
959 struct hci_chan *chan, *n;
961 BT_DBG("hcon %p", conn);
963 list_for_each_entry_safe(chan, n, &conn->chan_list, list)