net/bluetooth/hci_conn.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License version 2 as
   9    published by the Free Software Foundation;
  10
  11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22    SOFTWARE IS DISCLAIMED.
  23 */
  24
  25 /* Bluetooth HCI connection handling. */
  26
  27 #include <linux/module.h>
  28
  29 #include <linux/types.h>
  30 #include <linux/errno.h>
  31 #include <linux/kernel.h>
  32 #include <linux/slab.h>
  33 #include <linux/poll.h>
  34 #include <linux/fcntl.h>
  35 #include <linux/init.h>
  36 #include <linux/skbuff.h>
  37 #include <linux/interrupt.h>
  38 #include <linux/notifier.h>
  39 #include <net/sock.h>
  40
  41 #include <asm/system.h>
  42 #include <asm/uaccess.h>
  43 #include <asm/unaligned.h>
  44
  45 #include <net/bluetooth/bluetooth.h>
  46 #include <net/bluetooth/hci_core.h>
  47
  48 void hci_acl_connect(struct hci_conn *conn)
  49 {
  50         struct hci_dev *hdev = conn->hdev;
  51         struct inquiry_entry *ie;
  52         struct hci_cp_create_conn cp;
  53
  54         BT_DBG("%p", conn);
  55
  56         conn->state = BT_CONNECT;
  57         conn->out = 1;
  58
  59         conn->link_mode = HCI_LM_MASTER;
  60
  61         conn->attempt++;
  62
  63         conn->link_policy = hdev->link_policy;
  64
  65         memset(&cp, 0, sizeof(cp));
  66         bacpy(&cp.bdaddr, &conn->dst);
  67         cp.pscan_rep_mode = 0x02;
  68
  69         if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
  70                 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
  71                         cp.pscan_rep_mode = ie->data.pscan_rep_mode;
  72                         cp.pscan_mode     = ie->data.pscan_mode;
  73                         cp.clock_offset   = ie->data.clock_offset |
  74                                                         cpu_to_le16(0x8000);
  75                 }
  76
  77                 memcpy(conn->dev_class, ie->data.dev_class, 3);
  78                 conn->ssp_mode = ie->data.ssp_mode;
  79         }
  80
  81         cp.pkt_type = cpu_to_le16(conn->pkt_type);
  82         if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
  83                 cp.role_switch = 0x01;
  84         else
  85                 cp.role_switch = 0x00;
  86
  87         hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
  88 }
  89
  90 static void hci_acl_connect_cancel(struct hci_conn *conn)
  91 {
  92         struct hci_cp_create_conn_cancel cp;
  93
  94         BT_DBG("%p", conn);
  95
  96         if (conn->hdev->hci_ver < 2)
  97                 return;
  98
  99         bacpy(&cp.bdaddr, &conn->dst);
 100         hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
 101 }
 102
 103 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
 104 {
 105         struct hci_cp_disconnect cp;
 106
 107         BT_DBG("%p", conn);
 108
 109         conn->state = BT_DISCONN;
 110
 111         cp.handle = cpu_to_le16(conn->handle);
 112         cp.reason = reason;
 113         hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
 114 }
 115
 116 void hci_add_sco(struct hci_conn *conn, __u16 handle)
 117 {
 118         struct hci_dev *hdev = conn->hdev;
 119         struct hci_cp_add_sco cp;
 120
 121         BT_DBG("%p", conn);
 122
 123         conn->state = BT_CONNECT;
 124         conn->out = 1;
 125
 126         conn->attempt++;
 127
 128         cp.handle   = cpu_to_le16(handle);
 129         cp.pkt_type = cpu_to_le16(conn->pkt_type);
 130
 131         hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
 132 }
 133
 134 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
 135 {
 136         struct hci_dev *hdev = conn->hdev;
 137         struct hci_cp_setup_sync_conn cp;
 138
 139         BT_DBG("%p", conn);
 140
 141         conn->state = BT_CONNECT;
 142         conn->out = 1;
 143
 144         conn->attempt++;
 145
 146         cp.handle   = cpu_to_le16(handle);
 147         cp.pkt_type = cpu_to_le16(conn->pkt_type);
 148
 149         cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
 150         cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
 151         cp.max_latency    = cpu_to_le16(0xffff);
 152         cp.voice_setting  = cpu_to_le16(hdev->voice_setting);
 153         cp.retrans_effort = 0xff;
 154
 155         hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
 156 }
 157
 158 static void hci_conn_timeout(unsigned long arg)
 159 {
 160         struct hci_conn *conn = (void *) arg;
 161         struct hci_dev *hdev = conn->hdev;
 162         __u8 reason;
 163
 164         BT_DBG("conn %p state %d", conn, conn->state);
 165
 166         if (atomic_read(&conn->refcnt))
 167                 return;
 168
 169         hci_dev_lock(hdev);
 170
 171         switch (conn->state) {
 172         case BT_CONNECT:
 173         case BT_CONNECT2:
 174                 if (conn->type == ACL_LINK && conn->out)
 175                         hci_acl_connect_cancel(conn);
 176                 break;
 177         case BT_CONFIG:
 178         case BT_CONNECTED:
 179                 reason = hci_proto_disconn_ind(conn);
 180                 hci_acl_disconn(conn, reason);
 181                 break;
 182         default:
 183                 conn->state = BT_CLOSED;
 184                 break;
 185         }
 186
 187         hci_dev_unlock(hdev);
 188 }
 189
 190 static void hci_conn_idle(unsigned long arg)
 191 {
 192         struct hci_conn *conn = (void *) arg;
 193
 194         BT_DBG("conn %p mode %d", conn, conn->mode);
 195
 196         hci_conn_enter_sniff_mode(conn);
 197 }
 198
 199 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
 200 {
 201         struct hci_conn *conn;
 202
 203         BT_DBG("%s dst %s", hdev->name, batostr(dst));
 204
 205         conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
 206         if (!conn)
 207                 return NULL;
 208
 209         bacpy(&conn->dst, dst);
 210         conn->hdev  = hdev;
 211         conn->type  = type;
 212         conn->mode  = HCI_CM_ACTIVE;
 213         conn->state = BT_OPEN;
 214         conn->auth_type = HCI_AT_GENERAL_BONDING;
 215
 216         conn->power_save = 1;
 217         conn->disc_timeout = HCI_DISCONN_TIMEOUT;
 218
 219         switch (type) {
 220         case ACL_LINK:
 221                 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
 222                 break;
 223         case SCO_LINK:
 224                 if (lmp_esco_capable(hdev))
 225                         conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
 226                                         (hdev->esco_type & EDR_ESCO_MASK);
 227                 else
 228                         conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
 229                 break;
 230         case ESCO_LINK:
 231                 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK;
 232                 break;
 233         }
 234
 235         skb_queue_head_init(&conn->data_q);
 236
 237         setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
 238         setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
 239
 240         atomic_set(&conn->refcnt, 0);
 241
 242         hci_dev_hold(hdev);
 243
 244         tasklet_disable(&hdev->tx_task);
 245
 246         hci_conn_hash_add(hdev, conn);
 247         if (hdev->notify)
 248                 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
 249
 250         atomic_set(&conn->devref, 0);
 251
 252         hci_conn_init_sysfs(conn);
 253
 254         tasklet_enable(&hdev->tx_task);
 255
 256         return conn;
 257 }
 258
 259 int hci_conn_del(struct hci_conn *conn)
 260 {
 261         struct hci_dev *hdev = conn->hdev;
 262
 263         BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
 264
 265         del_timer(&conn->idle_timer);
 266
 267         del_timer(&conn->disc_timer);
 268
 269         if (conn->type == ACL_LINK) {
 270                 struct hci_conn *sco = conn->link;
 271                 if (sco)
 272                         sco->link = NULL;
 273
 274                 /* Unacked frames */
 275                 hdev->acl_cnt += conn->sent;
 276         } else {
 277                 struct hci_conn *acl = conn->link;
 278                 if (acl) {
 279                         acl->link = NULL;
 280                         hci_conn_put(acl);
 281                 }
 282         }
 283
 284         tasklet_disable(&hdev->tx_task);
 285
 286         hci_conn_hash_del(hdev, conn);
 287         if (hdev->notify)
 288                 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
 289
 290         tasklet_enable(&hdev->tx_task);
 291
 292         skb_queue_purge(&conn->data_q);
 293
 294         hci_conn_put_device(conn);
 295
 296         hci_dev_put(hdev);
 297
 298         return 0;
 299 }
 300
 301 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
 302 {
 303         int use_src = bacmp(src, BDADDR_ANY);
 304         struct hci_dev *hdev = NULL;
 305         struct list_head *p;
 306
 307         BT_DBG("%s -> %s", batostr(src), batostr(dst));
 308
 309         read_lock_bh(&hci_dev_list_lock);
 310
 311         list_for_each(p, &hci_dev_list) {
 312                 struct hci_dev *d = list_entry(p, struct hci_dev, list);
 313
 314                 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
 315                         continue;
 316
 317                 /* Simple routing:
 318                  *   No source address - find interface with bdaddr != dst
 319                  *   Source address    - find interface with bdaddr == src
 320                  */
 321
 322                 if (use_src) {
 323                         if (!bacmp(&d->bdaddr, src)) {
 324                                 hdev = d; break;
 325                         }
 326                 } else {
 327                         if (bacmp(&d->bdaddr, dst)) {
 328                                 hdev = d; break;
 329                         }
 330                 }
 331         }
 332
 333         if (hdev)
 334                 hdev = hci_dev_hold(hdev);
 335
 336         read_unlock_bh(&hci_dev_list_lock);
 337         return hdev;
 338 }
 339 EXPORT_SYMBOL(hci_get_route);
 340
 341 /* Create SCO or ACL connection.
 342  * Device _must_ be locked */
 343 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type)
 344 {
 345         struct hci_conn *acl;
 346         struct hci_conn *sco;
 347
 348         BT_DBG("%s dst %s", hdev->name, batostr(dst));
 349
 350         if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
 351                 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
 352                         return NULL;
 353         }
 354
 355         hci_conn_hold(acl);
 356
 357         if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
 358                 acl->sec_level = sec_level;
 359                 acl->auth_type = auth_type;
 360                 hci_acl_connect(acl);
 361         } else {
 362                 if (acl->sec_level < sec_level)
 363                         acl->sec_level = sec_level;
 364                 if (acl->auth_type < auth_type)
 365                         acl->auth_type = auth_type;
 366         }
 367
 368         if (type == ACL_LINK)
 369                 return acl;
 370
 371         if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
 372                 if (!(sco = hci_conn_add(hdev, type, dst))) {
 373                         hci_conn_put(acl);
 374                         return NULL;
 375                 }
 376         }
 377
 378         acl->link = sco;
 379         sco->link = acl;
 380
 381         hci_conn_hold(sco);
 382
 383         if (acl->state == BT_CONNECTED &&
 384                         (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
 385                 acl->power_save = 1;
 386                 hci_conn_enter_active_mode(acl);
 387
 388                 if (lmp_esco_capable(hdev))
 389                         hci_setup_sync(sco, acl->handle);
 390                 else
 391                         hci_add_sco(sco, acl->handle);
 392         }
 393
 394         return sco;
 395 }
 396 EXPORT_SYMBOL(hci_connect);
 397
 398 /* Check link security requirement */
 399 int hci_conn_check_link_mode(struct hci_conn *conn)
 400 {
 401         BT_DBG("conn %p", conn);
 402
 403         if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
 404                                         !(conn->link_mode & HCI_LM_ENCRYPT))
 405                 return 0;
 406
 407         return 1;
 408 }
 409 EXPORT_SYMBOL(hci_conn_check_link_mode);
 410
 411 /* Authenticate remote device */
 412 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 413 {
 414         BT_DBG("conn %p", conn);
 415
 416         if (sec_level > conn->sec_level)
 417                 conn->sec_level = sec_level;
 418         else if (conn->link_mode & HCI_LM_AUTH)
 419                 return 1;
 420
 421         conn->auth_type = auth_type;
 422
 423         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
 424                 struct hci_cp_auth_requested cp;
 425                 cp.handle = cpu_to_le16(conn->handle);
 426                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
 427                                                         sizeof(cp), &cp);
 428         }
 429
 430         return 0;
 431 }
 432
 433 /* Enable security */
 434 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 435 {
 436         BT_DBG("conn %p", conn);
 437
 438         if (sec_level == BT_SECURITY_SDP)
 439                 return 1;
 440
 441         if (sec_level == BT_SECURITY_LOW &&
 442                                 (!conn->ssp_mode || !conn->hdev->ssp_mode))
 443                 return 1;
 444
 445         if (conn->link_mode & HCI_LM_ENCRYPT)
 446                 return hci_conn_auth(conn, sec_level, auth_type);
 447
 448         if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
 449                 return 0;
 450
 451         if (hci_conn_auth(conn, sec_level, auth_type)) {
 452                 struct hci_cp_set_conn_encrypt cp;
 453                 cp.handle  = cpu_to_le16(conn->handle);
 454                 cp.encrypt = 1;
 455                 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
 456                                                         sizeof(cp), &cp);
 457         }
 458
 459         return 0;
 460 }
 461 EXPORT_SYMBOL(hci_conn_security);
 462
 463 /* Change link key */
 464 int hci_conn_change_link_key(struct hci_conn *conn)
 465 {
 466         BT_DBG("conn %p", conn);
 467
 468         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
 469                 struct hci_cp_change_conn_link_key cp;
 470                 cp.handle = cpu_to_le16(conn->handle);
 471                 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
 472                                                         sizeof(cp), &cp);
 473         }
 474
 475         return 0;
 476 }
 477 EXPORT_SYMBOL(hci_conn_change_link_key);
 478
 479 /* Switch role */
 480 int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
 481 {
 482         BT_DBG("conn %p", conn);
 483
 484         if (!role && conn->link_mode & HCI_LM_MASTER)
 485                 return 1;
 486
 487         if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
 488                 struct hci_cp_switch_role cp;
 489                 bacpy(&cp.bdaddr, &conn->dst);
 490                 cp.role = role;
 491                 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
 492         }
 493
 494         return 0;
 495 }
 496 EXPORT_SYMBOL(hci_conn_switch_role);
 497
 498 /* Enter active mode */
 499 void hci_conn_enter_active_mode(struct hci_conn *conn)
 500 {
 501         struct hci_dev *hdev = conn->hdev;
 502
 503         BT_DBG("conn %p mode %d", conn, conn->mode);
 504
 505         if (test_bit(HCI_RAW, &hdev->flags))
 506                 return;
 507
 508         if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
 509                 goto timer;
 510
 511         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
 512                 struct hci_cp_exit_sniff_mode cp;
 513                 cp.handle = cpu_to_le16(conn->handle);
 514                 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
 515         }
 516
 517 timer:
 518         if (hdev->idle_timeout > 0)
 519                 mod_timer(&conn->idle_timer,
 520                         jiffies + msecs_to_jiffies(hdev->idle_timeout));
 521 }
 522
 523 /* Enter sniff mode */
 524 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
 525 {
 526         struct hci_dev *hdev = conn->hdev;
 527
 528         BT_DBG("conn %p mode %d", conn, conn->mode);
 529
 530         if (test_bit(HCI_RAW, &hdev->flags))
 531                 return;
 532
 533         if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
 534                 return;
 535
 536         if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
 537                 return;
 538
 539         if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
 540                 struct hci_cp_sniff_subrate cp;
 541                 cp.handle             = cpu_to_le16(conn->handle);
 542                 cp.max_latency        = cpu_to_le16(0);
 543                 cp.min_remote_timeout = cpu_to_le16(0);
 544                 cp.min_local_timeout  = cpu_to_le16(0);
 545                 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
 546         }
 547
 548         if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
 549                 struct hci_cp_sniff_mode cp;
 550                 cp.handle       = cpu_to_le16(conn->handle);
 551                 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
 552                 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
 553                 cp.attempt      = cpu_to_le16(4);
 554                 cp.timeout      = cpu_to_le16(1);
 555                 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
 556         }
 557 }
 558
 559 /* Drop all connection on the device */
 560 void hci_conn_hash_flush(struct hci_dev *hdev)
 561 {
 562         struct hci_conn_hash *h = &hdev->conn_hash;
 563         struct list_head *p;
 564
 565         BT_DBG("hdev %s", hdev->name);
 566
 567         p = h->list.next;
 568         while (p != &h->list) {
 569                 struct hci_conn *c;
 570
 571                 c = list_entry(p, struct hci_conn, list);
 572                 p = p->next;
 573
 574                 c->state = BT_CLOSED;
 575
 576                 hci_proto_disconn_cfm(c, 0x16);
 577                 hci_conn_del(c);
 578         }
 579 }
 580
 581 /* Check pending connect attempts */
 582 void hci_conn_check_pending(struct hci_dev *hdev)
 583 {
 584         struct hci_conn *conn;
 585
 586         BT_DBG("hdev %s", hdev->name);
 587
 588         hci_dev_lock(hdev);
 589
 590         conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
 591         if (conn)
 592                 hci_acl_connect(conn);
 593
 594         hci_dev_unlock(hdev);
 595 }
 596
 597 void hci_conn_hold_device(struct hci_conn *conn)
 598 {
 599         atomic_inc(&conn->devref);
 600 }
 601 EXPORT_SYMBOL(hci_conn_hold_device);
 602
 603 void hci_conn_put_device(struct hci_conn *conn)
 604 {
 605         if (atomic_dec_and_test(&conn->devref))
 606                 hci_conn_del_sysfs(conn);
 607 }
 608 EXPORT_SYMBOL(hci_conn_put_device);
 609
 610 int hci_get_conn_list(void __user *arg)
 611 {
 612         struct hci_conn_list_req req, *cl;
 613         struct hci_conn_info *ci;
 614         struct hci_dev *hdev;
 615         struct list_head *p;
 616         int n = 0, size, err;
 617
 618         if (copy_from_user(&req, arg, sizeof(req)))
 619                 return -EFAULT;
 620
 621         if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
 622                 return -EINVAL;
 623
 624         size = sizeof(req) + req.conn_num * sizeof(*ci);
 625
 626         if (!(cl = kmalloc(size, GFP_KERNEL)))
 627                 return -ENOMEM;
 628
 629         if (!(hdev = hci_dev_get(req.dev_id))) {
 630                 kfree(cl);
 631                 return -ENODEV;
 632         }
 633
 634         ci = cl->conn_info;
 635
 636         hci_dev_lock_bh(hdev);
 637         list_for_each(p, &hdev->conn_hash.list) {
 638                 register struct hci_conn *c;
 639                 c = list_entry(p, struct hci_conn, list);
 640
 641                 bacpy(&(ci + n)->bdaddr, &c->dst);
 642                 (ci + n)->handle = c->handle;
 643                 (ci + n)->type  = c->type;
 644                 (ci + n)->out   = c->out;
 645                 (ci + n)->state = c->state;
 646                 (ci + n)->link_mode = c->link_mode;
 647                 if (++n >= req.conn_num)
 648                         break;
 649         }
 650         hci_dev_unlock_bh(hdev);
 651
 652         cl->dev_id = hdev->id;
 653         cl->conn_num = n;
 654         size = sizeof(req) + n * sizeof(*ci);
 655
 656         hci_dev_put(hdev);
 657
 658         err = copy_to_user(arg, cl, size);
 659         kfree(cl);
 660
 661         return err ? -EFAULT : 0;
 662 }
 663
 664 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
 665 {
 666         struct hci_conn_info_req req;
 667         struct hci_conn_info ci;
 668         struct hci_conn *conn;
 669         char __user *ptr = arg + sizeof(req);
 670
 671         if (copy_from_user(&req, arg, sizeof(req)))
 672                 return -EFAULT;
 673
 674         hci_dev_lock_bh(hdev);
 675         conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
 676         if (conn) {
 677                 bacpy(&ci.bdaddr, &conn->dst);
 678                 ci.handle = conn->handle;
 679                 ci.type  = conn->type;
 680                 ci.out   = conn->out;
 681                 ci.state = conn->state;
 682                 ci.link_mode = conn->link_mode;
 683         }
 684         hci_dev_unlock_bh(hdev);
 685
 686         if (!conn)
 687                 return -ENOENT;
 688
 689         return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
 690 }
 691
 692 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
 693 {
 694         struct hci_auth_info_req req;
 695         struct hci_conn *conn;
 696
 697         if (copy_from_user(&req, arg, sizeof(req)))
 698                 return -EFAULT;
 699
 700         hci_dev_lock_bh(hdev);
 701         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
 702         if (conn)
 703                 req.type = conn->auth_type;
 704         hci_dev_unlock_bh(hdev);
 705
 706         if (!conn)
 707                 return -ENOENT;
 708
 709         return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
 710 }