1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI connection handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
hci_acl_connect(struct hci_conn * conn)48 void hci_acl_connect(struct hci_conn *conn)
49 {
50 struct hci_dev *hdev = conn->hdev;
51 struct inquiry_entry *ie;
52 struct hci_cp_create_conn cp;
53
54 BT_DBG("%p", conn);
55
56 conn->state = BT_CONNECT;
57 conn->out = 1;
58
59 conn->link_mode = HCI_LM_MASTER;
60
61 conn->attempt++;
62
63 conn->link_policy = hdev->link_policy;
64
65 memset(&cp, 0, sizeof(cp));
66 bacpy(&cp.bdaddr, &conn->dst);
67 cp.pscan_rep_mode = 0x02;
68
69 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
70 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
71 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
72 cp.pscan_mode = ie->data.pscan_mode;
73 cp.clock_offset = ie->data.clock_offset |
74 cpu_to_le16(0x8000);
75 }
76
77 memcpy(conn->dev_class, ie->data.dev_class, 3);
78 conn->ssp_mode = ie->data.ssp_mode;
79 }
80
81 cp.pkt_type = cpu_to_le16(conn->pkt_type);
82 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
83 cp.role_switch = 0x01;
84 else
85 cp.role_switch = 0x00;
86
87 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
88 }
89
hci_acl_connect_cancel(struct hci_conn * conn)90 static void hci_acl_connect_cancel(struct hci_conn *conn)
91 {
92 struct hci_cp_create_conn_cancel cp;
93
94 BT_DBG("%p", conn);
95
96 if (conn->hdev->hci_ver < 2)
97 return;
98
99 bacpy(&cp.bdaddr, &conn->dst);
100 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
101 }
102
hci_acl_disconn(struct hci_conn * conn,__u8 reason)103 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
104 {
105 struct hci_cp_disconnect cp;
106
107 BT_DBG("%p", conn);
108
109 conn->state = BT_DISCONN;
110
111 cp.handle = cpu_to_le16(conn->handle);
112 cp.reason = reason;
113 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
114 }
115
hci_add_sco(struct hci_conn * conn,__u16 handle)116 void hci_add_sco(struct hci_conn *conn, __u16 handle)
117 {
118 struct hci_dev *hdev = conn->hdev;
119 struct hci_cp_add_sco cp;
120
121 BT_DBG("%p", conn);
122
123 conn->state = BT_CONNECT;
124 conn->out = 1;
125
126 conn->attempt++;
127
128 cp.handle = cpu_to_le16(handle);
129 cp.pkt_type = cpu_to_le16(conn->pkt_type);
130
131 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
132 }
133
hci_setup_sync(struct hci_conn * conn,__u16 handle)134 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
135 {
136 struct hci_dev *hdev = conn->hdev;
137 struct hci_cp_setup_sync_conn cp;
138
139 BT_DBG("%p", conn);
140
141 conn->state = BT_CONNECT;
142 conn->out = 1;
143
144 conn->attempt++;
145
146 cp.handle = cpu_to_le16(handle);
147 cp.pkt_type = cpu_to_le16(conn->pkt_type);
148
149 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
150 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
151 cp.max_latency = cpu_to_le16(0xffff);
152 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
153 cp.retrans_effort = 0xff;
154
155 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
156 }
157
hci_conn_timeout(unsigned long arg)158 static void hci_conn_timeout(unsigned long arg)
159 {
160 struct hci_conn *conn = (void *) arg;
161 struct hci_dev *hdev = conn->hdev;
162 __u8 reason;
163
164 BT_DBG("conn %p state %d", conn, conn->state);
165
166 if (atomic_read(&conn->refcnt))
167 return;
168
169 hci_dev_lock(hdev);
170
171 switch (conn->state) {
172 case BT_CONNECT:
173 case BT_CONNECT2:
174 if (conn->type == ACL_LINK)
175 hci_acl_connect_cancel(conn);
176 else
177 hci_acl_disconn(conn, 0x13);
178 break;
179 case BT_CONFIG:
180 case BT_CONNECTED:
181 reason = hci_proto_disconn_ind(conn);
182 hci_acl_disconn(conn, reason);
183 break;
184 default:
185 conn->state = BT_CLOSED;
186 break;
187 }
188
189 hci_dev_unlock(hdev);
190 }
191
hci_conn_idle(unsigned long arg)192 static void hci_conn_idle(unsigned long arg)
193 {
194 struct hci_conn *conn = (void *) arg;
195
196 BT_DBG("conn %p mode %d", conn, conn->mode);
197
198 hci_conn_enter_sniff_mode(conn);
199 }
200
hci_conn_add(struct hci_dev * hdev,int type,bdaddr_t * dst)201 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
202 {
203 struct hci_conn *conn;
204
205 BT_DBG("%s dst %s", hdev->name, batostr(dst));
206
207 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
208 if (!conn)
209 return NULL;
210
211 bacpy(&conn->dst, dst);
212 conn->hdev = hdev;
213 conn->type = type;
214 conn->mode = HCI_CM_ACTIVE;
215 conn->state = BT_OPEN;
216 conn->auth_type = HCI_AT_GENERAL_BONDING;
217
218 conn->power_save = 1;
219
220 switch (type) {
221 case ACL_LINK:
222 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
223 break;
224 case SCO_LINK:
225 if (lmp_esco_capable(hdev))
226 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
227 (hdev->esco_type & EDR_ESCO_MASK);
228 else
229 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
230 break;
231 case ESCO_LINK:
232 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
233 break;
234 }
235
236 skb_queue_head_init(&conn->data_q);
237
238 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
239 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
240
241 atomic_set(&conn->refcnt, 0);
242
243 hci_dev_hold(hdev);
244
245 tasklet_disable(&hdev->tx_task);
246
247 hci_conn_hash_add(hdev, conn);
248 if (hdev->notify)
249 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
250
251 tasklet_enable(&hdev->tx_task);
252
253 return conn;
254 }
255
hci_conn_del(struct hci_conn * conn)256 int hci_conn_del(struct hci_conn *conn)
257 {
258 struct hci_dev *hdev = conn->hdev;
259
260 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
261
262 del_timer(&conn->idle_timer);
263
264 del_timer(&conn->disc_timer);
265
266 if (conn->type == ACL_LINK) {
267 struct hci_conn *sco = conn->link;
268 if (sco)
269 sco->link = NULL;
270
271 /* Unacked frames */
272 hdev->acl_cnt += conn->sent;
273 } else {
274 struct hci_conn *acl = conn->link;
275 if (acl) {
276 acl->link = NULL;
277 hci_conn_put(acl);
278 }
279 }
280
281 tasklet_disable(&hdev->tx_task);
282
283 hci_conn_hash_del(hdev, conn);
284 if (hdev->notify)
285 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
286
287 tasklet_enable(&hdev->tx_task);
288
289 skb_queue_purge(&conn->data_q);
290
291 hci_conn_del_sysfs(conn);
292
293 return 0;
294 }
295
hci_get_route(bdaddr_t * dst,bdaddr_t * src)296 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
297 {
298 int use_src = bacmp(src, BDADDR_ANY);
299 struct hci_dev *hdev = NULL;
300 struct list_head *p;
301
302 BT_DBG("%s -> %s", batostr(src), batostr(dst));
303
304 read_lock_bh(&hci_dev_list_lock);
305
306 list_for_each(p, &hci_dev_list) {
307 struct hci_dev *d = list_entry(p, struct hci_dev, list);
308
309 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
310 continue;
311
312 /* Simple routing:
313 * No source address - find interface with bdaddr != dst
314 * Source address - find interface with bdaddr == src
315 */
316
317 if (use_src) {
318 if (!bacmp(&d->bdaddr, src)) {
319 hdev = d; break;
320 }
321 } else {
322 if (bacmp(&d->bdaddr, dst)) {
323 hdev = d; break;
324 }
325 }
326 }
327
328 if (hdev)
329 hdev = hci_dev_hold(hdev);
330
331 read_unlock_bh(&hci_dev_list_lock);
332 return hdev;
333 }
334 EXPORT_SYMBOL(hci_get_route);
335
336 /* Create SCO or ACL connection.
337 * Device _must_ be locked */
hci_connect(struct hci_dev * hdev,int type,bdaddr_t * dst,__u8 sec_level,__u8 auth_type)338 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
339 {
340 struct hci_conn *acl;
341 struct hci_conn *sco;
342
343 BT_DBG("%s dst %s", hdev->name, batostr(dst));
344
345 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
346 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
347 return NULL;
348 }
349
350 hci_conn_hold(acl);
351
352 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
353 acl->sec_level = sec_level;
354 acl->auth_type = auth_type;
355 hci_acl_connect(acl);
356 }
357
358 if (type == ACL_LINK)
359 return acl;
360
361 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
362 if (!(sco = hci_conn_add(hdev, type, dst))) {
363 hci_conn_put(acl);
364 return NULL;
365 }
366 }
367
368 acl->link = sco;
369 sco->link = acl;
370
371 hci_conn_hold(sco);
372
373 if (acl->state == BT_CONNECTED &&
374 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
375 if (lmp_esco_capable(hdev))
376 hci_setup_sync(sco, acl->handle);
377 else
378 hci_add_sco(sco, acl->handle);
379 }
380
381 return sco;
382 }
383 EXPORT_SYMBOL(hci_connect);
384
385 /* Check link security requirement */
hci_conn_check_link_mode(struct hci_conn * conn)386 int hci_conn_check_link_mode(struct hci_conn *conn)
387 {
388 BT_DBG("conn %p", conn);
389
390 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
391 !(conn->link_mode & HCI_LM_ENCRYPT))
392 return 0;
393
394 return 1;
395 }
396 EXPORT_SYMBOL(hci_conn_check_link_mode);
397
398 /* Authenticate remote device */
hci_conn_auth(struct hci_conn * conn,__u8 sec_level,__u8 auth_type)399 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
400 {
401 BT_DBG("conn %p", conn);
402
403 if (sec_level > conn->sec_level)
404 conn->sec_level = sec_level;
405 else if (conn->link_mode & HCI_LM_AUTH)
406 return 1;
407
408 conn->auth_type = auth_type;
409
410 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
411 struct hci_cp_auth_requested cp;
412 cp.handle = cpu_to_le16(conn->handle);
413 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
414 sizeof(cp), &cp);
415 }
416
417 return 0;
418 }
419
420 /* Enable security */
hci_conn_security(struct hci_conn * conn,__u8 sec_level,__u8 auth_type)421 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
422 {
423 BT_DBG("conn %p", conn);
424
425 if (sec_level == BT_SECURITY_SDP)
426 return 1;
427
428 if (sec_level == BT_SECURITY_LOW &&
429 (!conn->ssp_mode || !conn->hdev->ssp_mode))
430 return 1;
431
432 if (conn->link_mode & HCI_LM_ENCRYPT)
433 return hci_conn_auth(conn, sec_level, auth_type);
434
435 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
436 return 0;
437
438 if (hci_conn_auth(conn, sec_level, auth_type)) {
439 struct hci_cp_set_conn_encrypt cp;
440 cp.handle = cpu_to_le16(conn->handle);
441 cp.encrypt = 1;
442 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
443 sizeof(cp), &cp);
444 }
445
446 return 0;
447 }
448 EXPORT_SYMBOL(hci_conn_security);
449
450 /* Change link key */
hci_conn_change_link_key(struct hci_conn * conn)451 int hci_conn_change_link_key(struct hci_conn *conn)
452 {
453 BT_DBG("conn %p", conn);
454
455 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
456 struct hci_cp_change_conn_link_key cp;
457 cp.handle = cpu_to_le16(conn->handle);
458 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
459 sizeof(cp), &cp);
460 }
461
462 return 0;
463 }
464 EXPORT_SYMBOL(hci_conn_change_link_key);
465
466 /* Switch role */
hci_conn_switch_role(struct hci_conn * conn,__u8 role)467 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
468 {
469 BT_DBG("conn %p", conn);
470
471 if (!role && conn->link_mode & HCI_LM_MASTER)
472 return 1;
473
474 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
475 struct hci_cp_switch_role cp;
476 bacpy(&cp.bdaddr, &conn->dst);
477 cp.role = role;
478 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
479 }
480
481 return 0;
482 }
483 EXPORT_SYMBOL(hci_conn_switch_role);
484
485 /* Enter active mode */
hci_conn_enter_active_mode(struct hci_conn * conn)486 void hci_conn_enter_active_mode(struct hci_conn *conn)
487 {
488 struct hci_dev *hdev = conn->hdev;
489
490 BT_DBG("conn %p mode %d", conn, conn->mode);
491
492 if (test_bit(HCI_RAW, &hdev->flags))
493 return;
494
495 if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
496 goto timer;
497
498 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
499 struct hci_cp_exit_sniff_mode cp;
500 cp.handle = cpu_to_le16(conn->handle);
501 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
502 }
503
504 timer:
505 if (hdev->idle_timeout > 0)
506 mod_timer(&conn->idle_timer,
507 jiffies + msecs_to_jiffies(hdev->idle_timeout));
508 }
509
510 /* Enter sniff mode */
hci_conn_enter_sniff_mode(struct hci_conn * conn)511 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
512 {
513 struct hci_dev *hdev = conn->hdev;
514
515 BT_DBG("conn %p mode %d", conn, conn->mode);
516
517 if (test_bit(HCI_RAW, &hdev->flags))
518 return;
519
520 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
521 return;
522
523 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
524 return;
525
526 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
527 struct hci_cp_sniff_subrate cp;
528 cp.handle = cpu_to_le16(conn->handle);
529 cp.max_latency = cpu_to_le16(0);
530 cp.min_remote_timeout = cpu_to_le16(0);
531 cp.min_local_timeout = cpu_to_le16(0);
532 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
533 }
534
535 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
536 struct hci_cp_sniff_mode cp;
537 cp.handle = cpu_to_le16(conn->handle);
538 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
539 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
540 cp.attempt = cpu_to_le16(4);
541 cp.timeout = cpu_to_le16(1);
542 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
543 }
544 }
545
546 /* Drop all connection on the device */
hci_conn_hash_flush(struct hci_dev * hdev)547 void hci_conn_hash_flush(struct hci_dev *hdev)
548 {
549 struct hci_conn_hash *h = &hdev->conn_hash;
550 struct list_head *p;
551
552 BT_DBG("hdev %s", hdev->name);
553
554 p = h->list.next;
555 while (p != &h->list) {
556 struct hci_conn *c;
557
558 c = list_entry(p, struct hci_conn, list);
559 p = p->next;
560
561 c->state = BT_CLOSED;
562
563 hci_proto_disconn_cfm(c, 0x16);
564 hci_conn_del(c);
565 }
566 }
567
568 /* Check pending connect attempts */
hci_conn_check_pending(struct hci_dev * hdev)569 void hci_conn_check_pending(struct hci_dev *hdev)
570 {
571 struct hci_conn *conn;
572
573 BT_DBG("hdev %s", hdev->name);
574
575 hci_dev_lock(hdev);
576
577 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
578 if (conn)
579 hci_acl_connect(conn);
580
581 hci_dev_unlock(hdev);
582 }
583
hci_get_conn_list(void __user * arg)584 int hci_get_conn_list(void __user *arg)
585 {
586 struct hci_conn_list_req req, *cl;
587 struct hci_conn_info *ci;
588 struct hci_dev *hdev;
589 struct list_head *p;
590 int n = 0, size, err;
591
592 if (copy_from_user(&req, arg, sizeof(req)))
593 return -EFAULT;
594
595 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
596 return -EINVAL;
597
598 size = sizeof(req) + req.conn_num * sizeof(*ci);
599
600 if (!(cl = kmalloc(size, GFP_KERNEL)))
601 return -ENOMEM;
602
603 if (!(hdev = hci_dev_get(req.dev_id))) {
604 kfree(cl);
605 return -ENODEV;
606 }
607
608 ci = cl->conn_info;
609
610 hci_dev_lock_bh(hdev);
611 list_for_each(p, &hdev->conn_hash.list) {
612 register struct hci_conn *c;
613 c = list_entry(p, struct hci_conn, list);
614
615 bacpy(&(ci + n)->bdaddr, &c->dst);
616 (ci + n)->handle = c->handle;
617 (ci + n)->type = c->type;
618 (ci + n)->out = c->out;
619 (ci + n)->state = c->state;
620 (ci + n)->link_mode = c->link_mode;
621 if (++n >= req.conn_num)
622 break;
623 }
624 hci_dev_unlock_bh(hdev);
625
626 cl->dev_id = hdev->id;
627 cl->conn_num = n;
628 size = sizeof(req) + n * sizeof(*ci);
629
630 hci_dev_put(hdev);
631
632 err = copy_to_user(arg, cl, size);
633 kfree(cl);
634
635 return err ? -EFAULT : 0;
636 }
637
hci_get_conn_info(struct hci_dev * hdev,void __user * arg)638 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
639 {
640 struct hci_conn_info_req req;
641 struct hci_conn_info ci;
642 struct hci_conn *conn;
643 char __user *ptr = arg + sizeof(req);
644
645 if (copy_from_user(&req, arg, sizeof(req)))
646 return -EFAULT;
647
648 hci_dev_lock_bh(hdev);
649 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
650 if (conn) {
651 bacpy(&ci.bdaddr, &conn->dst);
652 ci.handle = conn->handle;
653 ci.type = conn->type;
654 ci.out = conn->out;
655 ci.state = conn->state;
656 ci.link_mode = conn->link_mode;
657 }
658 hci_dev_unlock_bh(hdev);
659
660 if (!conn)
661 return -ENOENT;
662
663 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
664 }
665
hci_get_auth_info(struct hci_dev * hdev,void __user * arg)666 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
667 {
668 struct hci_auth_info_req req;
669 struct hci_conn *conn;
670
671 if (copy_from_user(&req, arg, sizeof(req)))
672 return -EFAULT;
673
674 hci_dev_lock_bh(hdev);
675 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
676 if (conn)
677 req.type = conn->auth_type;
678 hci_dev_unlock_bh(hdev);
679
680 if (!conn)
681 return -ENOENT;
682
683 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
684 }
685