1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI connection handling. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/slab.h> 33 #include <linux/poll.h> 34 #include <linux/fcntl.h> 35 #include <linux/init.h> 36 #include <linux/skbuff.h> 37 #include <linux/interrupt.h> 38 #include <linux/notifier.h> 39 #include <net/sock.h> 40 41 #include <asm/system.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 48 void hci_acl_connect(struct hci_conn *conn) 49 { 50 struct hci_dev *hdev = conn->hdev; 51 struct inquiry_entry *ie; 52 struct hci_cp_create_conn cp; 53 54 BT_DBG("%p", conn); 55 56 conn->state = BT_CONNECT; 57 conn->out = 1; 58 59 conn->link_mode = HCI_LM_MASTER; 60 61 conn->attempt++; 62 63 conn->link_policy = hdev->link_policy; 64 65 memset(&cp, 0, sizeof(cp)); 66 bacpy(&cp.bdaddr, &conn->dst); 67 cp.pscan_rep_mode = 0x02; 68 69 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 70 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 71 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 72 cp.pscan_mode = ie->data.pscan_mode; 73 cp.clock_offset = ie->data.clock_offset | 74 cpu_to_le16(0x8000); 75 } 76 77 memcpy(conn->dev_class, ie->data.dev_class, 3); 78 conn->ssp_mode = ie->data.ssp_mode; 79 } 80 81 cp.pkt_type = cpu_to_le16(conn->pkt_type); 82 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 83 cp.role_switch = 0x01; 84 else 85 cp.role_switch = 0x00; 86 87 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp); 88 } 89 90 static void hci_acl_connect_cancel(struct hci_conn *conn) 91 { 92 struct hci_cp_create_conn_cancel cp; 93 94 BT_DBG("%p", conn); 95 96 if (conn->hdev->hci_ver < 2) 97 return; 98 99 bacpy(&cp.bdaddr, &conn->dst); 100 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 101 } 102 103 void hci_acl_disconn(struct hci_conn *conn, __u8 reason) 104 { 105 struct hci_cp_disconnect cp; 106 107 BT_DBG("%p", conn); 108 109 conn->state = BT_DISCONN; 110 111 cp.handle = cpu_to_le16(conn->handle); 112 cp.reason = reason; 113 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 114 } 115 116 void hci_add_sco(struct hci_conn *conn, __u16 handle) 117 { 118 struct hci_dev *hdev = conn->hdev; 119 struct hci_cp_add_sco cp; 120 121 BT_DBG("%p", conn); 122 123 conn->state = BT_CONNECT; 124 conn->out = 1; 125 126 conn->attempt++; 127 128 cp.handle = cpu_to_le16(handle); 129 cp.pkt_type = cpu_to_le16(conn->pkt_type); 130 131 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 132 } 133 134 void hci_setup_sync(struct hci_conn *conn, __u16 handle) 135 { 136 struct hci_dev *hdev = conn->hdev; 137 struct hci_cp_setup_sync_conn cp; 138 139 BT_DBG("%p", conn); 140 141 conn->state = BT_CONNECT; 142 conn->out = 1; 143 144 conn->attempt++; 145 146 cp.handle = cpu_to_le16(handle); 147 cp.pkt_type = cpu_to_le16(conn->pkt_type); 148 149 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 150 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 151 cp.max_latency = cpu_to_le16(0xffff); 152 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 153 cp.retrans_effort = 0xff; 154 155 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 156 } 157 158 static void hci_conn_timeout(unsigned long arg) 159 { 160 struct hci_conn *conn = (void *) arg; 161 struct hci_dev *hdev = conn->hdev; 162 __u8 reason; 163 164 BT_DBG("conn %p state %d", conn, conn->state); 165 166 if (atomic_read(&conn->refcnt)) 167 return; 168 169 hci_dev_lock(hdev); 170 171 switch (conn->state) { 172 case BT_CONNECT: 173 case BT_CONNECT2: 174 if (conn->type == ACL_LINK && conn->out) 175 hci_acl_connect_cancel(conn); 176 break; 177 case BT_CONFIG: 178 case BT_CONNECTED: 179 reason = hci_proto_disconn_ind(conn); 180 hci_acl_disconn(conn, reason); 181 break; 182 default: 183 conn->state = BT_CLOSED; 184 break; 185 } 186 187 hci_dev_unlock(hdev); 188 } 189 190 static void hci_conn_idle(unsigned long arg) 191 { 192 struct hci_conn *conn = (void *) arg; 193 194 BT_DBG("conn %p mode %d", conn, conn->mode); 195 196 hci_conn_enter_sniff_mode(conn); 197 } 198 199 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 200 { 201 struct hci_conn *conn; 202 203 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 204 205 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 206 if (!conn) 207 return NULL; 208 209 bacpy(&conn->dst, dst); 210 conn->hdev = hdev; 211 conn->type = type; 212 conn->mode = HCI_CM_ACTIVE; 213 conn->state = BT_OPEN; 214 conn->auth_type = HCI_AT_GENERAL_BONDING; 215 216 conn->power_save = 1; 217 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 218 219 switch (type) { 220 case ACL_LINK: 221 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; 222 break; 223 case SCO_LINK: 224 if (lmp_esco_capable(hdev)) 225 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 226 (hdev->esco_type & EDR_ESCO_MASK); 227 else 228 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; 229 break; 230 case ESCO_LINK: 231 conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; 232 break; 233 } 234 235 skb_queue_head_init(&conn->data_q); 236 237 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 238 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 239 240 atomic_set(&conn->refcnt, 0); 241 242 hci_dev_hold(hdev); 243 244 tasklet_disable(&hdev->tx_task); 245 246 hci_conn_hash_add(hdev, conn); 247 if (hdev->notify) 248 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 249 250 atomic_set(&conn->devref, 0); 251 252 hci_conn_init_sysfs(conn); 253 254 tasklet_enable(&hdev->tx_task); 255 256 return conn; 257 } 258 259 int hci_conn_del(struct hci_conn *conn) 260 { 261 struct hci_dev *hdev = conn->hdev; 262 263 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 264 265 del_timer(&conn->idle_timer); 266 267 del_timer(&conn->disc_timer); 268 269 if (conn->type == ACL_LINK) { 270 struct hci_conn *sco = conn->link; 271 if (sco) 272 sco->link = NULL; 273 274 /* Unacked frames */ 275 hdev->acl_cnt += conn->sent; 276 } else { 277 struct hci_conn *acl = conn->link; 278 if (acl) { 279 acl->link = NULL; 280 hci_conn_put(acl); 281 } 282 } 283 284 tasklet_disable(&hdev->tx_task); 285 286 hci_conn_hash_del(hdev, conn); 287 if (hdev->notify) 288 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 289 290 tasklet_enable(&hdev->tx_task); 291 292 skb_queue_purge(&conn->data_q); 293 294 hci_conn_put_device(conn); 295 296 hci_dev_put(hdev); 297 298 return 0; 299 } 300 301 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) 302 { 303 int use_src = bacmp(src, BDADDR_ANY); 304 struct hci_dev *hdev = NULL; 305 struct list_head *p; 306 307 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 308 309 read_lock_bh(&hci_dev_list_lock); 310 311 list_for_each(p, &hci_dev_list) { 312 struct hci_dev *d = list_entry(p, struct hci_dev, list); 313 314 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags)) 315 continue; 316 317 /* Simple routing: 318 * No source address - find interface with bdaddr != dst 319 * Source address - find interface with bdaddr == src 320 */ 321 322 if (use_src) { 323 if (!bacmp(&d->bdaddr, src)) { 324 hdev = d; break; 325 } 326 } else { 327 if (bacmp(&d->bdaddr, dst)) { 328 hdev = d; break; 329 } 330 } 331 } 332 333 if (hdev) 334 hdev = hci_dev_hold(hdev); 335 336 read_unlock_bh(&hci_dev_list_lock); 337 return hdev; 338 } 339 EXPORT_SYMBOL(hci_get_route); 340 341 /* Create SCO or ACL connection. 342 * Device _must_ be locked */ 343 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) 344 { 345 struct hci_conn *acl; 346 struct hci_conn *sco; 347 348 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 349 350 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 351 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 352 return NULL; 353 } 354 355 hci_conn_hold(acl); 356 357 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 358 acl->sec_level = sec_level; 359 acl->auth_type = auth_type; 360 hci_acl_connect(acl); 361 } 362 363 if (type == ACL_LINK) 364 return acl; 365 366 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { 367 if (!(sco = hci_conn_add(hdev, type, dst))) { 368 hci_conn_put(acl); 369 return NULL; 370 } 371 } 372 373 acl->link = sco; 374 sco->link = acl; 375 376 hci_conn_hold(sco); 377 378 if (acl->state == BT_CONNECTED && 379 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 380 acl->power_save = 1; 381 hci_conn_enter_active_mode(acl); 382 383 if (lmp_esco_capable(hdev)) 384 hci_setup_sync(sco, acl->handle); 385 else 386 hci_add_sco(sco, acl->handle); 387 } 388 389 return sco; 390 } 391 EXPORT_SYMBOL(hci_connect); 392 393 /* Check link security requirement */ 394 int hci_conn_check_link_mode(struct hci_conn *conn) 395 { 396 BT_DBG("conn %p", conn); 397 398 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 399 !(conn->link_mode & HCI_LM_ENCRYPT)) 400 return 0; 401 402 return 1; 403 } 404 EXPORT_SYMBOL(hci_conn_check_link_mode); 405 406 /* Authenticate remote device */ 407 static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 408 { 409 BT_DBG("conn %p", conn); 410 411 if (sec_level > conn->sec_level) 412 conn->sec_level = sec_level; 413 else if (conn->link_mode & HCI_LM_AUTH) 414 return 1; 415 416 conn->auth_type = auth_type; 417 418 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 419 struct hci_cp_auth_requested cp; 420 cp.handle = cpu_to_le16(conn->handle); 421 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 422 sizeof(cp), &cp); 423 } 424 425 return 0; 426 } 427 428 /* Enable security */ 429 int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 430 { 431 BT_DBG("conn %p", conn); 432 433 if (sec_level == BT_SECURITY_SDP) 434 return 1; 435 436 if (sec_level == BT_SECURITY_LOW && 437 (!conn->ssp_mode || !conn->hdev->ssp_mode)) 438 return 1; 439 440 if (conn->link_mode & HCI_LM_ENCRYPT) 441 return hci_conn_auth(conn, sec_level, auth_type); 442 443 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 444 return 0; 445 446 if (hci_conn_auth(conn, sec_level, auth_type)) { 447 struct hci_cp_set_conn_encrypt cp; 448 cp.handle = cpu_to_le16(conn->handle); 449 cp.encrypt = 1; 450 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, 451 sizeof(cp), &cp); 452 } 453 454 return 0; 455 } 456 EXPORT_SYMBOL(hci_conn_security); 457 458 /* Change link key */ 459 int hci_conn_change_link_key(struct hci_conn *conn) 460 { 461 BT_DBG("conn %p", conn); 462 463 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 464 struct hci_cp_change_conn_link_key cp; 465 cp.handle = cpu_to_le16(conn->handle); 466 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 467 sizeof(cp), &cp); 468 } 469 470 return 0; 471 } 472 EXPORT_SYMBOL(hci_conn_change_link_key); 473 474 /* Switch role */ 475 int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 476 { 477 BT_DBG("conn %p", conn); 478 479 if (!role && conn->link_mode & HCI_LM_MASTER) 480 return 1; 481 482 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 483 struct hci_cp_switch_role cp; 484 bacpy(&cp.bdaddr, &conn->dst); 485 cp.role = role; 486 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); 487 } 488 489 return 0; 490 } 491 EXPORT_SYMBOL(hci_conn_switch_role); 492 493 /* Enter active mode */ 494 void hci_conn_enter_active_mode(struct hci_conn *conn) 495 { 496 struct hci_dev *hdev = conn->hdev; 497 498 BT_DBG("conn %p mode %d", conn, conn->mode); 499 500 if (test_bit(HCI_RAW, &hdev->flags)) 501 return; 502 503 if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 504 goto timer; 505 506 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 507 struct hci_cp_exit_sniff_mode cp; 508 cp.handle = cpu_to_le16(conn->handle); 509 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 510 } 511 512 timer: 513 if (hdev->idle_timeout > 0) 514 mod_timer(&conn->idle_timer, 515 jiffies + msecs_to_jiffies(hdev->idle_timeout)); 516 } 517 518 /* Enter sniff mode */ 519 void hci_conn_enter_sniff_mode(struct hci_conn *conn) 520 { 521 struct hci_dev *hdev = conn->hdev; 522 523 BT_DBG("conn %p mode %d", conn, conn->mode); 524 525 if (test_bit(HCI_RAW, &hdev->flags)) 526 return; 527 528 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 529 return; 530 531 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 532 return; 533 534 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 535 struct hci_cp_sniff_subrate cp; 536 cp.handle = cpu_to_le16(conn->handle); 537 cp.max_latency = cpu_to_le16(0); 538 cp.min_remote_timeout = cpu_to_le16(0); 539 cp.min_local_timeout = cpu_to_le16(0); 540 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 541 } 542 543 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 544 struct hci_cp_sniff_mode cp; 545 cp.handle = cpu_to_le16(conn->handle); 546 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 547 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval); 548 cp.attempt = cpu_to_le16(4); 549 cp.timeout = cpu_to_le16(1); 550 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp); 551 } 552 } 553 554 /* Drop all connection on the device */ 555 void hci_conn_hash_flush(struct hci_dev *hdev) 556 { 557 struct hci_conn_hash *h = &hdev->conn_hash; 558 struct list_head *p; 559 560 BT_DBG("hdev %s", hdev->name); 561 562 p = h->list.next; 563 while (p != &h->list) { 564 struct hci_conn *c; 565 566 c = list_entry(p, struct hci_conn, list); 567 p = p->next; 568 569 c->state = BT_CLOSED; 570 571 hci_proto_disconn_cfm(c, 0x16); 572 hci_conn_del(c); 573 } 574 } 575 576 /* Check pending connect attempts */ 577 void hci_conn_check_pending(struct hci_dev *hdev) 578 { 579 struct hci_conn *conn; 580 581 BT_DBG("hdev %s", hdev->name); 582 583 hci_dev_lock(hdev); 584 585 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2); 586 if (conn) 587 hci_acl_connect(conn); 588 589 hci_dev_unlock(hdev); 590 } 591 592 void hci_conn_hold_device(struct hci_conn *conn) 593 { 594 atomic_inc(&conn->devref); 595 } 596 EXPORT_SYMBOL(hci_conn_hold_device); 597 598 void hci_conn_put_device(struct hci_conn *conn) 599 { 600 if (atomic_dec_and_test(&conn->devref)) 601 hci_conn_del_sysfs(conn); 602 } 603 EXPORT_SYMBOL(hci_conn_put_device); 604 605 int hci_get_conn_list(void __user *arg) 606 { 607 struct hci_conn_list_req req, *cl; 608 struct hci_conn_info *ci; 609 struct hci_dev *hdev; 610 struct list_head *p; 611 int n = 0, size, err; 612 613 if (copy_from_user(&req, arg, sizeof(req))) 614 return -EFAULT; 615 616 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci)) 617 return -EINVAL; 618 619 size = sizeof(req) + req.conn_num * sizeof(*ci); 620 621 if (!(cl = kmalloc(size, GFP_KERNEL))) 622 return -ENOMEM; 623 624 if (!(hdev = hci_dev_get(req.dev_id))) { 625 kfree(cl); 626 return -ENODEV; 627 } 628 629 ci = cl->conn_info; 630 631 hci_dev_lock_bh(hdev); 632 list_for_each(p, &hdev->conn_hash.list) { 633 register struct hci_conn *c; 634 c = list_entry(p, struct hci_conn, list); 635 636 bacpy(&(ci + n)->bdaddr, &c->dst); 637 (ci + n)->handle = c->handle; 638 (ci + n)->type = c->type; 639 (ci + n)->out = c->out; 640 (ci + n)->state = c->state; 641 (ci + n)->link_mode = c->link_mode; 642 if (++n >= req.conn_num) 643 break; 644 } 645 hci_dev_unlock_bh(hdev); 646 647 cl->dev_id = hdev->id; 648 cl->conn_num = n; 649 size = sizeof(req) + n * sizeof(*ci); 650 651 hci_dev_put(hdev); 652 653 err = copy_to_user(arg, cl, size); 654 kfree(cl); 655 656 return err ? -EFAULT : 0; 657 } 658 659 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg) 660 { 661 struct hci_conn_info_req req; 662 struct hci_conn_info ci; 663 struct hci_conn *conn; 664 char __user *ptr = arg + sizeof(req); 665 666 if (copy_from_user(&req, arg, sizeof(req))) 667 return -EFAULT; 668 669 hci_dev_lock_bh(hdev); 670 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr); 671 if (conn) { 672 bacpy(&ci.bdaddr, &conn->dst); 673 ci.handle = conn->handle; 674 ci.type = conn->type; 675 ci.out = conn->out; 676 ci.state = conn->state; 677 ci.link_mode = conn->link_mode; 678 } 679 hci_dev_unlock_bh(hdev); 680 681 if (!conn) 682 return -ENOENT; 683 684 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 685 } 686 687 int hci_get_auth_info(struct hci_dev *hdev, void __user *arg) 688 { 689 struct hci_auth_info_req req; 690 struct hci_conn *conn; 691 692 if (copy_from_user(&req, arg, sizeof(req))) 693 return -EFAULT; 694 695 hci_dev_lock_bh(hdev); 696 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr); 697 if (conn) 698 req.type = conn->auth_type; 699 hci_dev_unlock_bh(hdev); 700 701 if (!conn) 702 return -ENOENT; 703 704 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0; 705 } 706