1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <linux/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 void hci_acl_connect(struct hci_conn *conn) 49 { 50 struct hci_dev *hdev = conn->hdev; 51 struct inquiry_entry *ie; 52 struct hci_cp_create_conn cp; 53 54 BT_DBG("%p", conn); 55 56 conn->state = BT_CONNECT; 57 conn->out = 1; 58 59 conn->link_mode = HCI_LM_MASTER; 60 61 conn->attempt++; 62 63 conn->link_policy = hdev->link_policy; 64 65 memset(&cp, 0, sizeof(cp)); 66 bacpy(&cp.bdaddr, &conn->dst); 67 cp.pscan_rep_mode = 0x02; 68 69 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 70 if (ie) { 71 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 72 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 73 cp.pscan_mode = ie->data.pscan_mode; 74 cp.clock_offset = ie->data.clock_offset | 75 cpu_to_le16(0x8000); 76 } 77 78 memcpy(conn->dev_class, ie->data.dev_class, 3); 79 conn->ssp_mode = ie->data.ssp_mode; 80 } 81 82 cp.pkt_type = cpu_to_le16(conn->pkt_type); 83 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 84 cp.role_switch = 0x01; 85 else 86 cp.role_switch = 0x00; 87 88 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 89 } 90 91 static void hci_acl_connect_cancel(struct hci_conn *conn) 92 { 93 struct hci_cp_create_conn_cancel cp; 94 95 BT_DBG("%p", conn); 96 97 if (conn->hdev->hci_ver < 2) 98 return; 99 100 bacpy(&cp.bdaddr, &conn->dst); 101 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 102 } 103 104 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 105 { 106 struct hci_cp_disconnect cp; 107 108 BT_DBG("%p", conn); 109 110 conn->state = BT_DISCONN; 111 112 cp.handle = cpu_to_le16(conn->handle); 113 cp.reason = reason; 114 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 115 } 116 117 void hci_add_sco(struct hci_conn *conn, __u16 handle) 118 { 119 struct hci_dev *hdev = conn->hdev; 120 struct hci_cp_add_sco cp; 121 122 BT_DBG("%p", conn); 123 124 conn->state = BT_CONNECT; 125 conn->out = 1; 126 127 conn->attempt++; 128 129 cp.handle = cpu_to_le16(handle); 130 cp.pkt_type = cpu_to_le16(conn->pkt_type); 131 132 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 133 } 134 135 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 136 { 137 struct hci_dev *hdev = conn->hdev; 138 struct hci_cp_setup_sync_conn cp; 139 140 BT_DBG("%p", conn); 141 142 conn->state = BT_CONNECT; 143 conn->out = 1; 144 145 conn->attempt++; 146 147 cp.handle = cpu_to_le16(handle); 148 cp.pkt_type = cpu_to_le16(conn->pkt_type); 149 150 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 151 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 152 cp.max_latency = cpu_to_le16(0xffff); 153 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 154 cp.retrans_effort = 0xff; 155 156 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 157 } 158 159 /* Device _must_ be locked */ 160 void hci_sco_setup(struct hci_conn *conn, __u8 status) 161 { 162 struct hci_conn *sco = conn->link; 163 164 BT_DBG("%p", conn); 165 166 if (!sco) 167 return; 168 169 if (!status) { 170 if (lmp_esco_capable(conn->hdev)) 171 hci_setup_sync(sco, conn->handle); 172 else 173 hci_add_sco(sco, conn->handle); 174 } else { 175 hci_proto_connect_cfm(sco, status); 176 hci_conn_del(sco); 177 } 178 } 179 180 static void hci_conn_timeout(unsigned long arg) 181 { 182 struct hci_conn *conn = (void *) arg; 183 struct hci_dev *hdev = conn->hdev; 184 __u8 reason; 185 186 BT_DBG("conn %p state %d", conn, conn->state); 187 188 if (atomic_read(&conn->refcnt)) 189 return; 190 191 hci_dev_lock(hdev); 192 193 switch (conn->state) { 194 case BT_CONNECT: 195 case BT_CONNECT2: 196 if (conn->type == ACL_LINK && conn->out) 197 hci_acl_connect_cancel(conn); 198 break; 199 case BT_CONFIG: 200 case BT_CONNECTED: 201 reason = hci_proto_disconn_ind(conn); 202 hci_acl_disconn(conn, reason); 203 break; 204 default: 205 conn->state = BT_CLOSED; 206 break; 207 } 208 209 hci_dev_unlock(hdev); 210 } 211 212 static void hci_conn_idle(unsigned long arg) 213 { 214 struct hci_conn *conn = (void *) arg; 215 216 BT_DBG("conn %p mode %d", conn, conn->mode); 217 218 hci_conn_enter_sniff_mode(conn); 219 } 220 221 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 222 { 223 struct hci_conn *conn; 224 225 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 226 227 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 228 if (!conn) 229 return NULL; 230 231 bacpy(&conn->dst, dst); 232 conn->hdev = hdev; 233 conn->type = type; 234 conn->mode = HCI_CM_ACTIVE; 235 conn->state = BT_OPEN; 236 conn->auth_type = HCI_AT_GENERAL_BONDING; 237 238 conn->power_save = 1; 239 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 240 241 switch (type) { 242 case ACL_LINK: 243 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 244 break; 245 case SCO_LINK: 246 if (lmp_esco_capable(hdev)) 247 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 248 (hdev->esco_type & EDR_ESCO_MASK); 249 else 250 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 251 break; 252 case ESCO_LINK: 253 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 254 break; 255 } 256 257 skb_queue_head_init(&conn->data_q); 258 259 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 260 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 261 262 atomic_set(&conn->refcnt, 0); 263 264 hci_dev_hold(hdev); 265 266 tasklet_disable(&hdev->tx_task); 267 268 hci_conn_hash_add(hdev, conn); 269 if (hdev->notify) 270 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 271 272 atomic_set(&conn->devref, 0); 273 274 hci_conn_init_sysfs(conn); 275 276 tasklet_enable(&hdev->tx_task); 277 278 return conn; 279 } 280 281 int hci_conn_del(struct hci_conn *conn) 282 { 283 struct hci_dev *hdev = conn->hdev; 284 285 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 286 287 del_timer(&conn->idle_timer); 288 289 del_timer(&conn->disc_timer); 290 291 if (conn->type == ACL_LINK) { 292 struct hci_conn *sco = conn->link; 293 if (sco) 294 sco->link = NULL; 295 296 /* Unacked frames */ 297 hdev->acl_cnt += conn->sent; 298 } else { 299 struct hci_conn *acl = conn->link; 300 if (acl) { 301 acl->link = NULL; 302 hci_conn_put(acl); 303 } 304 } 305 306 tasklet_disable(&hdev->tx_task); 307 308 hci_conn_hash_del(hdev, conn); 309 if (hdev->notify) 310 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 311 312 tasklet_enable(&hdev->tx_task); 313 314 skb_queue_purge(&conn->data_q); 315 316 hci_conn_put_device(conn); 317 318 hci_dev_put(hdev); 319 320 return 0; 321 } 322 323 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 324 { 325 int use_src = bacmp(src, BDADDR_ANY); 326 struct hci_dev *hdev = NULL; 327 struct list_head *p; 328 329 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 330 331 read_lock_bh(&hci_dev_list_lock); 332 333 list_for_each(p, &hci_dev_list) { 334 struct hci_dev *d = list_entry(p, struct hci_dev, list); 335 336 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 337 continue; 338 339 /* Simple routing: 340 * No source address - find interface with bdaddr != dst 341 * Source address - find interface with bdaddr == src 342 */ 343 344 if (use_src) { 345 if (!bacmp(&d->bdaddr, src)) { 346 hdev = d; break; 347 } 348 } else { 349 if (bacmp(&d->bdaddr, dst)) { 350 hdev = d; break; 351 } 352 } 353 } 354 355 if (hdev) 356 hdev = hci_dev_hold(hdev); 357 358 read_unlock_bh(&hci_dev_list_lock); 359 return hdev; 360 } 361 EXPORT_SYMBOL(hci_get_route); 362 363 /* Create SCO or ACL connection. 364 * Device _must_ be locked */ 365 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) 366 { 367 struct hci_conn *acl; 368 struct hci_conn *sco; 369 370 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 371 372 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 373 if (!acl) { 374 acl = hci_conn_add(hdev, ACL_LINK, dst); 375 if (!acl) 376 return NULL; 377 } 378 379 hci_conn_hold(acl); 380 381 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 382 acl->sec_level = BT_SECURITY_LOW; 383 acl->pending_sec_level = sec_level; 384 acl->auth_type = auth_type; 385 hci_acl_connect(acl); 386 } 387 388 if (type == ACL_LINK) 389 return acl; 390 391 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 392 if (!sco) { 393 sco = hci_conn_add(hdev, type, dst); 394 if (!sco) { 395 hci_conn_put(acl); 396 return NULL; 397 } 398 } 399 400 acl->link = sco; 401 sco->link = acl; 402 403 hci_conn_hold(sco); 404 405 if (acl->state == BT_CONNECTED && 406 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 407 acl->power_save = 1; 408 hci_conn_enter_active_mode(acl); 409 410 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { 411 /* defer SCO setup until mode change completed */ 412 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend); 413 return sco; 414 } 415 416 hci_sco_setup(acl, 0x00); 417 } 418 419 return sco; 420 } 421 EXPORT_SYMBOL(hci_connect); 422 423 /* Check link security requirement */ 424 int hci_conn_check_link_mode(struct hci_conn *conn) 425 { 426 BT_DBG("conn %p", conn); 427 428 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 429 !(conn->link_mode & HCI_LM_ENCRYPT)) 430 return 0; 431 432 return 1; 433 } 434 EXPORT_SYMBOL(hci_conn_check_link_mode); 435 436 /* Authenticate remote device */ 437 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 438 { 439 BT_DBG("conn %p", conn); 440 441 if (conn->pending_sec_level > sec_level) 442 sec_level = conn->pending_sec_level; 443 444 if (sec_level > conn->sec_level) 445 conn->pending_sec_level = sec_level; 446 else if (conn->link_mode & HCI_LM_AUTH) 447 return 1; 448 449 /* Make sure we preserve an existing MITM requirement*/ 450 auth_type |= (conn->auth_type & 0x01); 451 452 conn->auth_type = auth_type; 453 454 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 455 struct hci_cp_auth_requested cp; 456 cp.handle = cpu_to_le16(conn->handle); 457 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 458 sizeof(cp), &cp); 459 } 460 461 return 0; 462 } 463 464 /* Enable security */ 465 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 466 { 467 BT_DBG("conn %p", conn); 468 469 if (sec_level == BT_SECURITY_SDP) 470 return 1; 471 472 if (sec_level == BT_SECURITY_LOW && 473 (!conn->ssp_mode || !conn->hdev->ssp_mode)) 474 return 1; 475 476 if (conn->link_mode & HCI_LM_ENCRYPT) 477 return hci_conn_auth(conn, sec_level, auth_type); 478 479 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 480 return 0; 481 482 if (hci_conn_auth(conn, sec_level, auth_type)) { 483 struct hci_cp_set_conn_encrypt cp; 484 cp.handle = cpu_to_le16(conn->handle); 485 cp.encrypt = 1; 486 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, 487 sizeof(cp), &cp); 488 } 489 490 return 0; 491 } 492 EXPORT_SYMBOL(hci_conn_security); 493 494 /* Change link key */ 495 int hci_conn_change_link_key(struct hci_conn *conn) 496 { 497 BT_DBG("conn %p", conn); 498 499 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 500 struct hci_cp_change_conn_link_key cp; 501 cp.handle = cpu_to_le16(conn->handle); 502 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 503 sizeof(cp), &cp); 504 } 505 506 return 0; 507 } 508 EXPORT_SYMBOL(hci_conn_change_link_key); 509 510 /* Switch role */ 511 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 512 { 513 BT_DBG("conn %p", conn); 514 515 if (!role && conn->link_mode & HCI_LM_MASTER) 516 return 1; 517 518 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 519 struct hci_cp_switch_role cp; 520 bacpy(&cp.bdaddr, &conn->dst); 521 cp.role = role; 522 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 523 } 524 525 return 0; 526 } 527 EXPORT_SYMBOL(hci_conn_switch_role); 528 529 /* Enter active mode */ 530 void hci_conn_enter_active_mode(struct hci_conn *conn) 531 { 532 struct hci_dev *hdev = conn->hdev; 533 534 BT_DBG("conn %p mode %d", conn, conn->mode); 535 536 if (test_bit(HCI_RAW, &hdev->flags)) 537 return; 538 539 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 540 goto timer; 541 542 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 543 struct hci_cp_exit_sniff_mode cp; 544 cp.handle = cpu_to_le16(conn->handle); 545 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 546 } 547 548 timer: 549 if (hdev->idle_timeout > 0) 550 mod_timer(&conn->idle_timer, 551 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 552 } 553 554 /* Enter sniff mode */ 555 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 556 { 557 struct hci_dev *hdev = conn->hdev; 558 559 BT_DBG("conn %p mode %d", conn, conn->mode); 560 561 if (test_bit(HCI_RAW, &hdev->flags)) 562 return; 563 564 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 565 return; 566 567 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 568 return; 569 570 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 571 struct hci_cp_sniff_subrate cp; 572 cp.handle = cpu_to_le16(conn->handle); 573 cp.max_latency = cpu_to_le16(0); 574 cp.min_remote_timeout = cpu_to_le16(0); 575 cp.min_local_timeout = cpu_to_le16(0); 576 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 577 } 578 579 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 580 struct hci_cp_sniff_mode cp; 581 cp.handle = cpu_to_le16(conn->handle); 582 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 583 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 584 cp.attempt = cpu_to_le16(4); 585 cp.timeout = cpu_to_le16(1); 586 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 587 } 588 } 589 590 /* Drop all connection on the device */ 591 void hci_conn_hash_flush(struct hci_dev *hdev) 592 { 593 struct hci_conn_hash *h = &hdev->conn_hash; 594 struct list_head *p; 595 596 BT_DBG("hdev %s", hdev->name); 597 598 p = h->list.next; 599 while (p != &h->list) { 600 struct hci_conn *c; 601 602 c = list_entry(p, struct hci_conn, list); 603 p = p->next; 604 605 c->state = BT_CLOSED; 606 607 hci_proto_disconn_cfm(c, 0x16); 608 hci_conn_del(c); 609 } 610 } 611 612 /* Check pending connect attempts */ 613 void hci_conn_check_pending(struct hci_dev *hdev) 614 { 615 struct hci_conn *conn; 616 617 BT_DBG("hdev %s", hdev->name); 618 619 hci_dev_lock(hdev); 620 621 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 622 if (conn) 623 hci_acl_connect(conn); 624 625 hci_dev_unlock(hdev); 626 } 627 628 void hci_conn_hold_device(struct hci_conn *conn) 629 { 630 atomic_inc(&conn->devref); 631 } 632 EXPORT_SYMBOL(hci_conn_hold_device); 633 634 void hci_conn_put_device(struct hci_conn *conn) 635 { 636 if (atomic_dec_and_test(&conn->devref)) 637 hci_conn_del_sysfs(conn); 638 } 639 EXPORT_SYMBOL(hci_conn_put_device); 640 641 int hci_get_conn_list(void __user *arg) 642 { 643 struct hci_conn_list_req req, *cl; 644 struct hci_conn_info *ci; 645 struct hci_dev *hdev; 646 struct list_head *p; 647 int n = 0, size, err; 648 649 if (copy_from_user(&req, arg, sizeof(req))) 650 return -EFAULT; 651 652 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 653 return -EINVAL; 654 655 size = sizeof(req) + req.conn_num * sizeof(*ci); 656 657 cl = kmalloc(size, GFP_KERNEL); 658 if (!cl) 659 return -ENOMEM; 660 661 hdev = hci_dev_get(req.dev_id); 662 if (!hdev) { 663 kfree(cl); 664 return -ENODEV; 665 } 666 667 ci = cl->conn_info; 668 669 hci_dev_lock_bh(hdev); 670 list_for_each(p, &hdev->conn_hash.list) { 671 register struct hci_conn *c; 672 c = list_entry(p, struct hci_conn, list); 673 674 bacpy(&(ci + n)->bdaddr, &c->dst); 675 (ci + n)->handle = c->handle; 676 (ci + n)->type = c->type; 677 (ci + n)->out = c->out; 678 (ci + n)->state = c->state; 679 (ci + n)->link_mode = c->link_mode; 680 if (++n >= req.conn_num) 681 break; 682 } 683 hci_dev_unlock_bh(hdev); 684 685 cl->dev_id = hdev->id; 686 cl->conn_num = n; 687 size = sizeof(req) + n * sizeof(*ci); 688 689 hci_dev_put(hdev); 690 691 err = copy_to_user(arg, cl, size); 692 kfree(cl); 693 694 return err ? -EFAULT : 0; 695 } 696 697 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 698 { 699 struct hci_conn_info_req req; 700 struct hci_conn_info ci; 701 struct hci_conn *conn; 702 char __user *ptr = arg + sizeof(req); 703 704 if (copy_from_user(&req, arg, sizeof(req))) 705 return -EFAULT; 706 707 hci_dev_lock_bh(hdev); 708 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 709 if (conn) { 710 bacpy(&ci.bdaddr, &conn->dst); 711 ci.handle = conn->handle; 712 ci.type = conn->type; 713 ci.out = conn->out; 714 ci.state = conn->state; 715 ci.link_mode = conn->link_mode; 716 } 717 hci_dev_unlock_bh(hdev); 718 719 if (!conn) 720 return -ENOENT; 721 722 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 723 } 724 725 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 726 { 727 struct hci_auth_info_req req; 728 struct hci_conn *conn; 729 730 if (copy_from_user(&req, arg, sizeof(req))) 731 return -EFAULT; 732 733 hci_dev_lock_bh(hdev); 734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 735 if (conn) 736 req.type = conn->auth_type; 737 hci_dev_unlock_bh(hdev); 738 739 if (!conn) 740 return -ENOENT; 741 742 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 743 } 744