2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <linux/uaccess.h>
41 #include <asm/unaligned.h>
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
46 static void hci_le_connect(struct hci_conn
*conn
)
48 struct hci_dev
*hdev
= conn
->hdev
;
49 struct hci_cp_le_create_conn cp
;
51 conn
->state
= BT_CONNECT
;
53 conn
->link_mode
|= HCI_LM_MASTER
;
54 conn
->sec_level
= BT_SECURITY_LOW
;
56 memset(&cp
, 0, sizeof(cp
));
57 cp
.scan_interval
= cpu_to_le16(0x0060);
58 cp
.scan_window
= cpu_to_le16(0x0030);
59 bacpy(&cp
.peer_addr
, &conn
->dst
);
60 cp
.peer_addr_type
= conn
->dst_type
;
61 cp
.conn_interval_min
= cpu_to_le16(0x0028);
62 cp
.conn_interval_max
= cpu_to_le16(0x0038);
63 cp
.supervision_timeout
= cpu_to_le16(0x002a);
64 cp
.min_ce_len
= cpu_to_le16(0x0000);
65 cp
.max_ce_len
= cpu_to_le16(0x0000);
67 hci_send_cmd(hdev
, HCI_OP_LE_CREATE_CONN
, sizeof(cp
), &cp
);
70 static void hci_le_connect_cancel(struct hci_conn
*conn
)
72 hci_send_cmd(conn
->hdev
, HCI_OP_LE_CREATE_CONN_CANCEL
, 0, NULL
);
75 void hci_acl_connect(struct hci_conn
*conn
)
77 struct hci_dev
*hdev
= conn
->hdev
;
78 struct inquiry_entry
*ie
;
79 struct hci_cp_create_conn cp
;
81 BT_DBG("hcon %p", conn
);
83 conn
->state
= BT_CONNECT
;
86 conn
->link_mode
= HCI_LM_MASTER
;
90 conn
->link_policy
= hdev
->link_policy
;
92 memset(&cp
, 0, sizeof(cp
));
93 bacpy(&cp
.bdaddr
, &conn
->dst
);
94 cp
.pscan_rep_mode
= 0x02;
96 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
98 if (inquiry_entry_age(ie
) <= INQUIRY_ENTRY_AGE_MAX
) {
99 cp
.pscan_rep_mode
= ie
->data
.pscan_rep_mode
;
100 cp
.pscan_mode
= ie
->data
.pscan_mode
;
101 cp
.clock_offset
= ie
->data
.clock_offset
|
105 memcpy(conn
->dev_class
, ie
->data
.dev_class
, 3);
106 if (ie
->data
.ssp_mode
> 0)
107 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
110 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
111 if (lmp_rswitch_capable(hdev
) && !(hdev
->link_mode
& HCI_LM_MASTER
))
112 cp
.role_switch
= 0x01;
114 cp
.role_switch
= 0x00;
116 hci_send_cmd(hdev
, HCI_OP_CREATE_CONN
, sizeof(cp
), &cp
);
119 static void hci_acl_connect_cancel(struct hci_conn
*conn
)
121 struct hci_cp_create_conn_cancel cp
;
125 if (conn
->hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
128 bacpy(&cp
.bdaddr
, &conn
->dst
);
129 hci_send_cmd(conn
->hdev
, HCI_OP_CREATE_CONN_CANCEL
, sizeof(cp
), &cp
);
132 void hci_acl_disconn(struct hci_conn
*conn
, __u8 reason
)
134 struct hci_cp_disconnect cp
;
138 conn
->state
= BT_DISCONN
;
140 cp
.handle
= cpu_to_le16(conn
->handle
);
142 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONNECT
, sizeof(cp
), &cp
);
145 void hci_add_sco(struct hci_conn
*conn
, __u16 handle
)
147 struct hci_dev
*hdev
= conn
->hdev
;
148 struct hci_cp_add_sco cp
;
152 conn
->state
= BT_CONNECT
;
157 cp
.handle
= cpu_to_le16(handle
);
158 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
160 hci_send_cmd(hdev
, HCI_OP_ADD_SCO
, sizeof(cp
), &cp
);
163 void hci_setup_sync(struct hci_conn
*conn
, __u16 handle
)
165 struct hci_dev
*hdev
= conn
->hdev
;
166 struct hci_cp_setup_sync_conn cp
;
170 conn
->state
= BT_CONNECT
;
175 cp
.handle
= cpu_to_le16(handle
);
176 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
178 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
179 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
180 cp
.max_latency
= cpu_to_le16(0xffff);
181 cp
.voice_setting
= cpu_to_le16(hdev
->voice_setting
);
182 cp
.retrans_effort
= 0xff;
184 hci_send_cmd(hdev
, HCI_OP_SETUP_SYNC_CONN
, sizeof(cp
), &cp
);
187 void hci_le_conn_update(struct hci_conn
*conn
, u16 min
, u16 max
,
188 u16 latency
, u16 to_multiplier
)
190 struct hci_cp_le_conn_update cp
;
191 struct hci_dev
*hdev
= conn
->hdev
;
193 memset(&cp
, 0, sizeof(cp
));
195 cp
.handle
= cpu_to_le16(conn
->handle
);
196 cp
.conn_interval_min
= cpu_to_le16(min
);
197 cp
.conn_interval_max
= cpu_to_le16(max
);
198 cp
.conn_latency
= cpu_to_le16(latency
);
199 cp
.supervision_timeout
= cpu_to_le16(to_multiplier
);
200 cp
.min_ce_len
= cpu_to_le16(0x0001);
201 cp
.max_ce_len
= cpu_to_le16(0x0001);
203 hci_send_cmd(hdev
, HCI_OP_LE_CONN_UPDATE
, sizeof(cp
), &cp
);
205 EXPORT_SYMBOL(hci_le_conn_update
);
207 void hci_le_start_enc(struct hci_conn
*conn
, __le16 ediv
, __u8 rand
[8],
210 struct hci_dev
*hdev
= conn
->hdev
;
211 struct hci_cp_le_start_enc cp
;
215 memset(&cp
, 0, sizeof(cp
));
217 cp
.handle
= cpu_to_le16(conn
->handle
);
218 memcpy(cp
.ltk
, ltk
, sizeof(cp
.ltk
));
220 memcpy(cp
.rand
, rand
, sizeof(cp
.rand
));
222 hci_send_cmd(hdev
, HCI_OP_LE_START_ENC
, sizeof(cp
), &cp
);
224 EXPORT_SYMBOL(hci_le_start_enc
);
226 void hci_le_ltk_reply(struct hci_conn
*conn
, u8 ltk
[16])
228 struct hci_dev
*hdev
= conn
->hdev
;
229 struct hci_cp_le_ltk_reply cp
;
233 memset(&cp
, 0, sizeof(cp
));
235 cp
.handle
= cpu_to_le16(conn
->handle
);
236 memcpy(cp
.ltk
, ltk
, sizeof(ltk
));
238 hci_send_cmd(hdev
, HCI_OP_LE_LTK_REPLY
, sizeof(cp
), &cp
);
240 EXPORT_SYMBOL(hci_le_ltk_reply
);
242 void hci_le_ltk_neg_reply(struct hci_conn
*conn
)
244 struct hci_dev
*hdev
= conn
->hdev
;
245 struct hci_cp_le_ltk_neg_reply cp
;
249 memset(&cp
, 0, sizeof(cp
));
251 cp
.handle
= cpu_to_le16(conn
->handle
);
253 hci_send_cmd(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, sizeof(cp
), &cp
);
256 /* Device _must_ be locked */
257 void hci_sco_setup(struct hci_conn
*conn
, __u8 status
)
259 struct hci_conn
*sco
= conn
->link
;
267 if (lmp_esco_capable(conn
->hdev
))
268 hci_setup_sync(sco
, conn
->handle
);
270 hci_add_sco(sco
, conn
->handle
);
272 hci_proto_connect_cfm(sco
, status
);
277 static void hci_conn_timeout(struct work_struct
*work
)
279 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
283 BT_DBG("conn %p state %s", conn
, state_to_string(conn
->state
));
285 if (atomic_read(&conn
->refcnt
))
288 switch (conn
->state
) {
292 if (conn
->type
== ACL_LINK
)
293 hci_acl_connect_cancel(conn
);
294 else if (conn
->type
== LE_LINK
)
295 hci_le_connect_cancel(conn
);
300 reason
= hci_proto_disconn_ind(conn
);
301 hci_acl_disconn(conn
, reason
);
304 conn
->state
= BT_CLOSED
;
309 /* Enter sniff mode */
310 static void hci_conn_enter_sniff_mode(struct hci_conn
*conn
)
312 struct hci_dev
*hdev
= conn
->hdev
;
314 BT_DBG("conn %p mode %d", conn
, conn
->mode
);
316 if (test_bit(HCI_RAW
, &hdev
->flags
))
319 if (!lmp_sniff_capable(hdev
) || !lmp_sniff_capable(conn
))
322 if (conn
->mode
!= HCI_CM_ACTIVE
|| !(conn
->link_policy
& HCI_LP_SNIFF
))
325 if (lmp_sniffsubr_capable(hdev
) && lmp_sniffsubr_capable(conn
)) {
326 struct hci_cp_sniff_subrate cp
;
327 cp
.handle
= cpu_to_le16(conn
->handle
);
328 cp
.max_latency
= cpu_to_le16(0);
329 cp
.min_remote_timeout
= cpu_to_le16(0);
330 cp
.min_local_timeout
= cpu_to_le16(0);
331 hci_send_cmd(hdev
, HCI_OP_SNIFF_SUBRATE
, sizeof(cp
), &cp
);
334 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
335 struct hci_cp_sniff_mode cp
;
336 cp
.handle
= cpu_to_le16(conn
->handle
);
337 cp
.max_interval
= cpu_to_le16(hdev
->sniff_max_interval
);
338 cp
.min_interval
= cpu_to_le16(hdev
->sniff_min_interval
);
339 cp
.attempt
= cpu_to_le16(4);
340 cp
.timeout
= cpu_to_le16(1);
341 hci_send_cmd(hdev
, HCI_OP_SNIFF_MODE
, sizeof(cp
), &cp
);
345 static void hci_conn_idle(unsigned long arg
)
347 struct hci_conn
*conn
= (void *) arg
;
349 BT_DBG("conn %p mode %d", conn
, conn
->mode
);
351 hci_conn_enter_sniff_mode(conn
);
354 static void hci_conn_auto_accept(unsigned long arg
)
356 struct hci_conn
*conn
= (void *) arg
;
357 struct hci_dev
*hdev
= conn
->hdev
;
359 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
, sizeof(conn
->dst
),
363 struct hci_conn
*hci_conn_add(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
)
365 struct hci_conn
*conn
;
367 BT_DBG("%s dst %s", hdev
->name
, batostr(dst
));
369 conn
= kzalloc(sizeof(struct hci_conn
), GFP_KERNEL
);
373 bacpy(&conn
->dst
, dst
);
376 conn
->mode
= HCI_CM_ACTIVE
;
377 conn
->state
= BT_OPEN
;
378 conn
->auth_type
= HCI_AT_GENERAL_BONDING
;
379 conn
->io_capability
= hdev
->io_capability
;
380 conn
->remote_auth
= 0xff;
381 conn
->key_type
= 0xff;
383 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
384 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
388 conn
->pkt_type
= hdev
->pkt_type
& ACL_PTYPE_MASK
;
391 if (lmp_esco_capable(hdev
))
392 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
393 (hdev
->esco_type
& EDR_ESCO_MASK
);
395 conn
->pkt_type
= hdev
->pkt_type
& SCO_PTYPE_MASK
;
398 conn
->pkt_type
= hdev
->esco_type
& ~EDR_ESCO_MASK
;
402 skb_queue_head_init(&conn
->data_q
);
404 INIT_LIST_HEAD(&conn
->chan_list
);
406 INIT_DELAYED_WORK(&conn
->disc_work
, hci_conn_timeout
);
407 setup_timer(&conn
->idle_timer
, hci_conn_idle
, (unsigned long)conn
);
408 setup_timer(&conn
->auto_accept_timer
, hci_conn_auto_accept
,
409 (unsigned long) conn
);
411 atomic_set(&conn
->refcnt
, 0);
415 hci_conn_hash_add(hdev
, conn
);
417 hdev
->notify(hdev
, HCI_NOTIFY_CONN_ADD
);
419 atomic_set(&conn
->devref
, 0);
421 hci_conn_init_sysfs(conn
);
426 int hci_conn_del(struct hci_conn
*conn
)
428 struct hci_dev
*hdev
= conn
->hdev
;
430 BT_DBG("%s conn %p handle %d", hdev
->name
, conn
, conn
->handle
);
432 del_timer(&conn
->idle_timer
);
434 cancel_delayed_work_sync(&conn
->disc_work
);
436 del_timer(&conn
->auto_accept_timer
);
438 if (conn
->type
== ACL_LINK
) {
439 struct hci_conn
*sco
= conn
->link
;
444 hdev
->acl_cnt
+= conn
->sent
;
445 } else if (conn
->type
== LE_LINK
) {
447 hdev
->le_cnt
+= conn
->sent
;
449 hdev
->acl_cnt
+= conn
->sent
;
451 struct hci_conn
*acl
= conn
->link
;
459 hci_chan_list_flush(conn
);
461 hci_conn_hash_del(hdev
, conn
);
463 hdev
->notify(hdev
, HCI_NOTIFY_CONN_DEL
);
465 skb_queue_purge(&conn
->data_q
);
467 hci_conn_put_device(conn
);
471 if (conn
->handle
== 0)
477 struct hci_dev
*hci_get_route(bdaddr_t
*dst
, bdaddr_t
*src
)
479 int use_src
= bacmp(src
, BDADDR_ANY
);
480 struct hci_dev
*hdev
= NULL
, *d
;
482 BT_DBG("%s -> %s", batostr(src
), batostr(dst
));
484 read_lock(&hci_dev_list_lock
);
486 list_for_each_entry(d
, &hci_dev_list
, list
) {
487 if (!test_bit(HCI_UP
, &d
->flags
) || test_bit(HCI_RAW
, &d
->flags
))
491 * No source address - find interface with bdaddr != dst
492 * Source address - find interface with bdaddr == src
496 if (!bacmp(&d
->bdaddr
, src
)) {
500 if (bacmp(&d
->bdaddr
, dst
)) {
507 hdev
= hci_dev_hold(hdev
);
509 read_unlock(&hci_dev_list_lock
);
512 EXPORT_SYMBOL(hci_get_route
);
514 /* Create SCO, ACL or LE connection.
515 * Device _must_ be locked */
516 struct hci_conn
*hci_connect(struct hci_dev
*hdev
, int type
, bdaddr_t
*dst
, __u8 sec_level
, __u8 auth_type
)
518 struct hci_conn
*acl
;
519 struct hci_conn
*sco
;
522 BT_DBG("%s dst %s", hdev
->name
, batostr(dst
));
524 if (type
== LE_LINK
) {
525 struct adv_entry
*entry
;
527 le
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, dst
);
529 return ERR_PTR(-EBUSY
);
531 entry
= hci_find_adv_entry(hdev
, dst
);
533 return ERR_PTR(-EHOSTUNREACH
);
535 le
= hci_conn_add(hdev
, LE_LINK
, dst
);
537 return ERR_PTR(-ENOMEM
);
539 le
->dst_type
= entry
->bdaddr_type
;
548 acl
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, dst
);
550 acl
= hci_conn_add(hdev
, ACL_LINK
, dst
);
552 return ERR_PTR(-ENOMEM
);
557 if (acl
->state
== BT_OPEN
|| acl
->state
== BT_CLOSED
) {
558 acl
->sec_level
= BT_SECURITY_LOW
;
559 acl
->pending_sec_level
= sec_level
;
560 acl
->auth_type
= auth_type
;
561 hci_acl_connect(acl
);
564 if (type
== ACL_LINK
)
567 sco
= hci_conn_hash_lookup_ba(hdev
, type
, dst
);
569 sco
= hci_conn_add(hdev
, type
, dst
);
572 return ERR_PTR(-ENOMEM
);
581 if (acl
->state
== BT_CONNECTED
&&
582 (sco
->state
== BT_OPEN
|| sco
->state
== BT_CLOSED
)) {
583 set_bit(HCI_CONN_POWER_SAVE
, &acl
->flags
);
584 hci_conn_enter_active_mode(acl
, BT_POWER_FORCE_ACTIVE_ON
);
586 if (test_bit(HCI_CONN_MODE_CHANGE_PEND
, &acl
->flags
)) {
587 /* defer SCO setup until mode change completed */
588 set_bit(HCI_CONN_SCO_SETUP_PEND
, &acl
->flags
);
592 hci_sco_setup(acl
, 0x00);
597 EXPORT_SYMBOL(hci_connect
);
599 /* Check link security requirement */
600 int hci_conn_check_link_mode(struct hci_conn
*conn
)
602 BT_DBG("conn %p", conn
);
604 if (hci_conn_ssp_enabled(conn
) && !(conn
->link_mode
& HCI_LM_ENCRYPT
))
609 EXPORT_SYMBOL(hci_conn_check_link_mode
);
611 /* Authenticate remote device */
612 static int hci_conn_auth(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
614 BT_DBG("conn %p", conn
);
616 if (conn
->pending_sec_level
> sec_level
)
617 sec_level
= conn
->pending_sec_level
;
619 if (sec_level
> conn
->sec_level
)
620 conn
->pending_sec_level
= sec_level
;
621 else if (conn
->link_mode
& HCI_LM_AUTH
)
624 /* Make sure we preserve an existing MITM requirement*/
625 auth_type
|= (conn
->auth_type
& 0x01);
627 conn
->auth_type
= auth_type
;
629 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
630 struct hci_cp_auth_requested cp
;
632 /* encrypt must be pending if auth is also pending */
633 set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
635 cp
.handle
= cpu_to_le16(conn
->handle
);
636 hci_send_cmd(conn
->hdev
, HCI_OP_AUTH_REQUESTED
,
638 if (conn
->key_type
!= 0xff)
639 set_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
645 /* Encrypt the the link */
646 static void hci_conn_encrypt(struct hci_conn
*conn
)
648 BT_DBG("conn %p", conn
);
650 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
651 struct hci_cp_set_conn_encrypt cp
;
652 cp
.handle
= cpu_to_le16(conn
->handle
);
654 hci_send_cmd(conn
->hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
659 /* Enable security */
660 int hci_conn_security(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
662 BT_DBG("conn %p", conn
);
664 /* For sdp we don't need the link key. */
665 if (sec_level
== BT_SECURITY_SDP
)
668 /* For non 2.1 devices and low security level we don't need the link
670 if (sec_level
== BT_SECURITY_LOW
&& !hci_conn_ssp_enabled(conn
))
673 /* For other security levels we need the link key. */
674 if (!(conn
->link_mode
& HCI_LM_AUTH
))
677 /* An authenticated combination key has sufficient security for any
679 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION
)
682 /* An unauthenticated combination key has sufficient security for
683 security level 1 and 2. */
684 if (conn
->key_type
== HCI_LK_UNAUTH_COMBINATION
&&
685 (sec_level
== BT_SECURITY_MEDIUM
||
686 sec_level
== BT_SECURITY_LOW
))
689 /* A combination key has always sufficient security for the security
690 levels 1 or 2. High security level requires the combination key
691 is generated using maximum PIN code length (16).
692 For pre 2.1 units. */
693 if (conn
->key_type
== HCI_LK_COMBINATION
&&
694 (sec_level
!= BT_SECURITY_HIGH
||
695 conn
->pin_length
== 16))
699 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
))
702 if (!hci_conn_auth(conn
, sec_level
, auth_type
))
706 if (conn
->link_mode
& HCI_LM_ENCRYPT
)
709 hci_conn_encrypt(conn
);
712 EXPORT_SYMBOL(hci_conn_security
);
714 /* Check secure link requirement */
715 int hci_conn_check_secure(struct hci_conn
*conn
, __u8 sec_level
)
717 BT_DBG("conn %p", conn
);
719 if (sec_level
!= BT_SECURITY_HIGH
)
720 return 1; /* Accept if non-secure is required */
722 if (conn
->sec_level
== BT_SECURITY_HIGH
)
725 return 0; /* Reject not secure link */
727 EXPORT_SYMBOL(hci_conn_check_secure
);
729 /* Change link key */
730 int hci_conn_change_link_key(struct hci_conn
*conn
)
732 BT_DBG("conn %p", conn
);
734 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
735 struct hci_cp_change_conn_link_key cp
;
736 cp
.handle
= cpu_to_le16(conn
->handle
);
737 hci_send_cmd(conn
->hdev
, HCI_OP_CHANGE_CONN_LINK_KEY
,
743 EXPORT_SYMBOL(hci_conn_change_link_key
);
746 int hci_conn_switch_role(struct hci_conn
*conn
, __u8 role
)
748 BT_DBG("conn %p", conn
);
750 if (!role
&& conn
->link_mode
& HCI_LM_MASTER
)
753 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
)) {
754 struct hci_cp_switch_role cp
;
755 bacpy(&cp
.bdaddr
, &conn
->dst
);
757 hci_send_cmd(conn
->hdev
, HCI_OP_SWITCH_ROLE
, sizeof(cp
), &cp
);
762 EXPORT_SYMBOL(hci_conn_switch_role
);
764 /* Enter active mode */
765 void hci_conn_enter_active_mode(struct hci_conn
*conn
, __u8 force_active
)
767 struct hci_dev
*hdev
= conn
->hdev
;
769 BT_DBG("conn %p mode %d", conn
, conn
->mode
);
771 if (test_bit(HCI_RAW
, &hdev
->flags
))
774 if (conn
->mode
!= HCI_CM_SNIFF
)
777 if (!test_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
) && !force_active
)
780 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
781 struct hci_cp_exit_sniff_mode cp
;
782 cp
.handle
= cpu_to_le16(conn
->handle
);
783 hci_send_cmd(hdev
, HCI_OP_EXIT_SNIFF_MODE
, sizeof(cp
), &cp
);
787 if (hdev
->idle_timeout
> 0)
788 mod_timer(&conn
->idle_timer
,
789 jiffies
+ msecs_to_jiffies(hdev
->idle_timeout
));
792 /* Drop all connection on the device */
793 void hci_conn_hash_flush(struct hci_dev
*hdev
)
795 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
796 struct hci_conn
*c
, *n
;
798 BT_DBG("hdev %s", hdev
->name
);
800 list_for_each_entry_safe(c
, n
, &h
->list
, list
) {
801 c
->state
= BT_CLOSED
;
803 hci_proto_disconn_cfm(c
, HCI_ERROR_LOCAL_HOST_TERM
);
808 /* Check pending connect attempts */
809 void hci_conn_check_pending(struct hci_dev
*hdev
)
811 struct hci_conn
*conn
;
813 BT_DBG("hdev %s", hdev
->name
);
817 conn
= hci_conn_hash_lookup_state(hdev
, ACL_LINK
, BT_CONNECT2
);
819 hci_acl_connect(conn
);
821 hci_dev_unlock(hdev
);
824 void hci_conn_hold_device(struct hci_conn
*conn
)
826 atomic_inc(&conn
->devref
);
828 EXPORT_SYMBOL(hci_conn_hold_device
);
830 void hci_conn_put_device(struct hci_conn
*conn
)
832 if (atomic_dec_and_test(&conn
->devref
))
833 hci_conn_del_sysfs(conn
);
835 EXPORT_SYMBOL(hci_conn_put_device
);
837 int hci_get_conn_list(void __user
*arg
)
839 register struct hci_conn
*c
;
840 struct hci_conn_list_req req
, *cl
;
841 struct hci_conn_info
*ci
;
842 struct hci_dev
*hdev
;
843 int n
= 0, size
, err
;
845 if (copy_from_user(&req
, arg
, sizeof(req
)))
848 if (!req
.conn_num
|| req
.conn_num
> (PAGE_SIZE
* 2) / sizeof(*ci
))
851 size
= sizeof(req
) + req
.conn_num
* sizeof(*ci
);
853 cl
= kmalloc(size
, GFP_KERNEL
);
857 hdev
= hci_dev_get(req
.dev_id
);
866 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
867 bacpy(&(ci
+ n
)->bdaddr
, &c
->dst
);
868 (ci
+ n
)->handle
= c
->handle
;
869 (ci
+ n
)->type
= c
->type
;
870 (ci
+ n
)->out
= c
->out
;
871 (ci
+ n
)->state
= c
->state
;
872 (ci
+ n
)->link_mode
= c
->link_mode
;
873 if (++n
>= req
.conn_num
)
876 hci_dev_unlock(hdev
);
878 cl
->dev_id
= hdev
->id
;
880 size
= sizeof(req
) + n
* sizeof(*ci
);
884 err
= copy_to_user(arg
, cl
, size
);
887 return err
? -EFAULT
: 0;
890 int hci_get_conn_info(struct hci_dev
*hdev
, void __user
*arg
)
892 struct hci_conn_info_req req
;
893 struct hci_conn_info ci
;
894 struct hci_conn
*conn
;
895 char __user
*ptr
= arg
+ sizeof(req
);
897 if (copy_from_user(&req
, arg
, sizeof(req
)))
901 conn
= hci_conn_hash_lookup_ba(hdev
, req
.type
, &req
.bdaddr
);
903 bacpy(&ci
.bdaddr
, &conn
->dst
);
904 ci
.handle
= conn
->handle
;
905 ci
.type
= conn
->type
;
907 ci
.state
= conn
->state
;
908 ci
.link_mode
= conn
->link_mode
;
910 hci_dev_unlock(hdev
);
915 return copy_to_user(ptr
, &ci
, sizeof(ci
)) ? -EFAULT
: 0;
918 int hci_get_auth_info(struct hci_dev
*hdev
, void __user
*arg
)
920 struct hci_auth_info_req req
;
921 struct hci_conn
*conn
;
923 if (copy_from_user(&req
, arg
, sizeof(req
)))
927 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &req
.bdaddr
);
929 req
.type
= conn
->auth_type
;
930 hci_dev_unlock(hdev
);
935 return copy_to_user(arg
, &req
, sizeof(req
)) ? -EFAULT
: 0;
938 struct hci_chan
*hci_chan_create(struct hci_conn
*conn
)
940 struct hci_dev
*hdev
= conn
->hdev
;
941 struct hci_chan
*chan
;
943 BT_DBG("%s conn %p", hdev
->name
, conn
);
945 chan
= kzalloc(sizeof(struct hci_chan
), GFP_KERNEL
);
950 skb_queue_head_init(&chan
->data_q
);
952 list_add_rcu(&chan
->list
, &conn
->chan_list
);
957 int hci_chan_del(struct hci_chan
*chan
)
959 struct hci_conn
*conn
= chan
->conn
;
960 struct hci_dev
*hdev
= conn
->hdev
;
962 BT_DBG("%s conn %p chan %p", hdev
->name
, conn
, chan
);
964 list_del_rcu(&chan
->list
);
968 skb_queue_purge(&chan
->data_q
);
974 void hci_chan_list_flush(struct hci_conn
*conn
)
976 struct hci_chan
*chan
, *n
;
978 BT_DBG("conn %p", conn
);
980 list_for_each_entry_safe(chan
, n
, &conn
->chan_list
, list
)