projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipvs: Pass ipvs not net into ip_vs_app_net_init and ip_vs_app_net_cleanup
[deliverable/linux.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
cd82e61c 32#include <net/bluetooth/hci_mon.h>
fa4335d7
JH		 33#include <net/bluetooth/mgmt.h>
34
35#include "mgmt_util.h"
1da177e4 36
801c1e8d
JH		 37static LIST_HEAD(mgmt_chan_list);
38static DEFINE_MUTEX(mgmt_chan_list_lock);
39
cd82e61c
MH		 40static atomic_t monitor_promisc = ATOMIC_INIT(0);
41
1da177e4
LT		 42/* ----- HCI socket interface ----- */
43
863def58
MH		 44/* Socket info */
45#define hci_pi(sk) ((struct hci_pinfo *) sk)
46
47struct hci_pinfo {
48 struct bt_sock bt;
49 struct hci_dev *hdev;
50 struct hci_filter filter;
51 __u32 cmsg_mask;
52 unsigned short channel;
6befc644 53 unsigned long flags;
863def58
MH		 54};
55
6befc644
MH		 56void hci_sock_set_flag(struct sock *sk, int nr)
57{
58 set_bit(nr, &hci_pi(sk)->flags);
59}
60
61void hci_sock_clear_flag(struct sock *sk, int nr)
62{
63 clear_bit(nr, &hci_pi(sk)->flags);
64}
65
c85be545
MH		 66int hci_sock_test_flag(struct sock *sk, int nr)
67{
68 return test_bit(nr, &hci_pi(sk)->flags);
69}
70
d0f172b1
JH		 71unsigned short hci_sock_get_channel(struct sock *sk)
72{
73 return hci_pi(sk)->channel;
74}
75
9391976a 76static inline int hci_test_bit(int nr, const void *addr)
1da177e4 77{
9391976a 78 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
1da177e4
LT		 79}
80
81/* Security filter */
3ad254f7
MH		 82#define HCI_SFLT_MAX_OGF 5
83
84struct hci_sec_filter {
85 __u32 type_mask;
86 __u32 event_mask[2];
87 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
88};
89
7e67c112 90static const struct hci_sec_filter hci_sec_filter = {
1da177e4
LT		 91 /* Packet types */
92 0x10,
93 /* Events */
dd7f5527 94 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 95 /* Commands */
96 {
97 { 0x0 },
98 /* OGF_LINK_CTL */
7c631a67 99 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 100 /* OGF_LINK_POLICY */
7c631a67 101 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 102 /* OGF_HOST_CTL */
7c631a67 103 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 104 /* OGF_INFO_PARAM */
7c631a67 105 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 106 /* OGF_STATUS_PARAM */
7c631a67 107 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 108 }
109};
110
111static struct bt_sock_list hci_sk_list = {
d5fb2962 112 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 113};
114
f81fe64f
MH		 115static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
116{
117 struct hci_filter *flt;
118 int flt_type, flt_event;
119
120 /* Apply filter */
121 flt = &hci_pi(sk)->filter;
122
123 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
124 flt_type = 0;
125 else
126 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
127
128 if (!test_bit(flt_type, &flt->type_mask))
129 return true;
130
131 /* Extra filter for event packets only */
132 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
133 return false;
134
135 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
136
137 if (!hci_test_bit(flt_event, &flt->event_mask))
138 return true;
139
140 /* Check filter only when opcode is set */
141 if (!flt->opcode)
142 return false;
143
144 if (flt_event == HCI_EV_CMD_COMPLETE &&
145 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
146 return true;
147
148 if (flt_event == HCI_EV_CMD_STATUS &&
149 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
150 return true;
151
152 return false;
153}
154
1da177e4 155/* Send frame to RAW socket */
470fe1b5 156void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 157{
158 struct sock *sk;
e0edf373 159 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 160
161 BT_DBG("hdev %p len %d", hdev, skb->len);
162
163 read_lock(&hci_sk_list.lock);
470fe1b5 164
b67bfe0d 165 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 166 struct sk_buff *nskb;
167
168 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
169 continue;
170
171 /* Don't send frame to the socket it came from */
172 if (skb->sk == sk)
173 continue;
174
23500189
MH		 175 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
176 if (is_filtered_packet(sk, skb))
177 continue;
178 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
179 if (!bt_cb(skb)->incoming)
180 continue;
181 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
182 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
183 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
184 continue;
185 } else {
186 /* Don't send frame to other channel types */
1da177e4 187 continue;
23500189 188 }
1da177e4 189
e0edf373
MH		 190 if (!skb_copy) {
191 /* Create a private copy with headroom */
bad93e9d 192 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
e0edf373
MH		 193 if (!skb_copy)
194 continue;
195
196 /* Put type byte before the data */
197 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
198 }
199
200 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 201 if (!nskb)
1da177e4
LT		 202 continue;
203
470fe1b5
MH		 204 if (sock_queue_rcv_skb(sk, nskb))
205 kfree_skb(nskb);
206 }
207
208 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 209
210 kfree_skb(skb_copy);
470fe1b5
MH		 211}
212
7129069e
JH		 213/* Send frame to sockets with specific channel */
214void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
c08b1a1d 215 int flag, struct sock *skip_sk)
470fe1b5
MH		 216{
217 struct sock *sk;
470fe1b5 218
7129069e 219 BT_DBG("channel %u len %d", channel, skb->len);
470fe1b5
MH		 220
221 read_lock(&hci_sk_list.lock);
222
b67bfe0d 223 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 224 struct sk_buff *nskb;
225
c08b1a1d 226 /* Ignore socket without the flag set */
c85be545 227 if (!hci_sock_test_flag(sk, flag))
d7f72f61
MH		 228 continue;
229
c08b1a1d
MH		 230 /* Skip the original socket */
231 if (sk == skip_sk)
17711c62
MH		 232 continue;
233
234 if (sk->sk_state != BT_BOUND)
235 continue;
236
237 if (hci_pi(sk)->channel != channel)
238 continue;
239
240 nskb = skb_clone(skb, GFP_ATOMIC);
241 if (!nskb)
242 continue;
243
244 if (sock_queue_rcv_skb(sk, nskb))
245 kfree_skb(nskb);
246 }
247
248 read_unlock(&hci_sk_list.lock);
249}
250
cd82e61c
MH		 251/* Send frame to monitor socket */
252void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
253{
cd82e61c 254 struct sk_buff *skb_copy = NULL;
2b531294 255 struct hci_mon_hdr *hdr;
cd82e61c
MH		 256 __le16 opcode;
257
258 if (!atomic_read(&monitor_promisc))
259 return;
260
261 BT_DBG("hdev %p len %d", hdev, skb->len);
262
263 switch (bt_cb(skb)->pkt_type) {
264 case HCI_COMMAND_PKT:
dcf4adbf 265 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
cd82e61c
MH		 266 break;
267 case HCI_EVENT_PKT:
dcf4adbf 268 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
cd82e61c
MH		 269 break;
270 case HCI_ACLDATA_PKT:
271 if (bt_cb(skb)->incoming)
dcf4adbf 272 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
cd82e61c 273 else
dcf4adbf 274 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
cd82e61c
MH		 275 break;
276 case HCI_SCODATA_PKT:
277 if (bt_cb(skb)->incoming)
dcf4adbf 278 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
cd82e61c 279 else
dcf4adbf 280 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
cd82e61c
MH		 281 break;
282 default:
283 return;
284 }
285
2b531294
MH		 286 /* Create a private copy with headroom */
287 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
288 if (!skb_copy)
289 return;
290
291 /* Put header before the data */
292 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
293 hdr->opcode = opcode;
294 hdr->index = cpu_to_le16(hdev->id);
295 hdr->len = cpu_to_le16(skb->len);
296
c08b1a1d
MH		 297 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
298 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 299 kfree_skb(skb_copy);
300}
301
cd82e61c
MH		 302static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
303{
304 struct hci_mon_hdr *hdr;
305 struct hci_mon_new_index *ni;
306 struct sk_buff *skb;
307 __le16 opcode;
308
309 switch (event) {
310 case HCI_DEV_REG:
311 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
312 if (!skb)
313 return NULL;
314
315 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
316 ni->type = hdev->dev_type;
317 ni->bus = hdev->bus;
318 bacpy(&ni->bdaddr, &hdev->bdaddr);
319 memcpy(ni->name, hdev->name, 8);
320
dcf4adbf 321 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
cd82e61c
MH		 322 break;
323
324 case HCI_DEV_UNREG:
325 skb = bt_skb_alloc(0, GFP_ATOMIC);
326 if (!skb)
327 return NULL;
328
dcf4adbf 329 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
cd82e61c
MH		 330 break;
331
332 default:
333 return NULL;
334 }
335
336 __net_timestamp(skb);
337
338 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
339 hdr->opcode = opcode;
340 hdr->index = cpu_to_le16(hdev->id);
341 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
342
343 return skb;
344}
345
346static void send_monitor_replay(struct sock *sk)
347{
348 struct hci_dev *hdev;
349
350 read_lock(&hci_dev_list_lock);
351
352 list_for_each_entry(hdev, &hci_dev_list, list) {
353 struct sk_buff *skb;
354
355 skb = create_monitor_event(hdev, HCI_DEV_REG);
356 if (!skb)
357 continue;
358
359 if (sock_queue_rcv_skb(sk, skb))
360 kfree_skb(skb);
361 }
362
363 read_unlock(&hci_dev_list_lock);
364}
365
040030ef
MH		 366/* Generate internal stack event */
367static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
368{
369 struct hci_event_hdr *hdr;
370 struct hci_ev_stack_internal *ev;
371 struct sk_buff *skb;
372
373 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
374 if (!skb)
375 return;
376
377 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
378 hdr->evt = HCI_EV_STACK_INTERNAL;
379 hdr->plen = sizeof(*ev) + dlen;
380
381 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
382 ev->type = type;
383 memcpy(ev->data, data, dlen);
384
385 bt_cb(skb)->incoming = 1;
386 __net_timestamp(skb);
387
388 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
040030ef
MH		 389 hci_send_to_sock(hdev, skb);
390 kfree_skb(skb);
391}
392
393void hci_sock_dev_event(struct hci_dev *hdev, int event)
394{
395 struct hci_ev_si_device ev;
396
397 BT_DBG("hdev %s event %d", hdev->name, event);
398
cd82e61c
MH		 399 /* Send event to monitor */
400 if (atomic_read(&monitor_promisc)) {
401 struct sk_buff *skb;
402
403 skb = create_monitor_event(hdev, event);
404 if (skb) {
c08b1a1d
MH		 405 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
406 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 407 kfree_skb(skb);
408 }
409 }
410
040030ef
MH		 411 /* Send event to sockets */
412 ev.event = event;
413 ev.dev_id = hdev->id;
414 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
415
416 if (event == HCI_DEV_UNREG) {
417 struct sock *sk;
040030ef
MH		 418
419 /* Detach sockets from device */
420 read_lock(&hci_sk_list.lock);
b67bfe0d 421 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 422 bh_lock_sock_nested(sk);
423 if (hci_pi(sk)->hdev == hdev) {
424 hci_pi(sk)->hdev = NULL;
425 sk->sk_err = EPIPE;
426 sk->sk_state = BT_OPEN;
427 sk->sk_state_change(sk);
428
429 hci_dev_put(hdev);
430 }
431 bh_unlock_sock(sk);
432 }
433 read_unlock(&hci_sk_list.lock);
434 }
435}
436
801c1e8d
JH		 437static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
438{
439 struct hci_mgmt_chan *c;
440
441 list_for_each_entry(c, &mgmt_chan_list, list) {
442 if (c->channel == channel)
443 return c;
444 }
445
446 return NULL;
447}
448
449static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
450{
451 struct hci_mgmt_chan *c;
452
453 mutex_lock(&mgmt_chan_list_lock);
454 c = __hci_mgmt_chan_find(channel);
455 mutex_unlock(&mgmt_chan_list_lock);
456
457 return c;
458}
459
460int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
461{
462 if (c->channel < HCI_CHANNEL_CONTROL)
463 return -EINVAL;
464
465 mutex_lock(&mgmt_chan_list_lock);
466 if (__hci_mgmt_chan_find(c->channel)) {
467 mutex_unlock(&mgmt_chan_list_lock);
468 return -EALREADY;
469 }
470
471 list_add_tail(&c->list, &mgmt_chan_list);
472
473 mutex_unlock(&mgmt_chan_list_lock);
474
475 return 0;
476}
477EXPORT_SYMBOL(hci_mgmt_chan_register);
478
479void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
480{
481 mutex_lock(&mgmt_chan_list_lock);
482 list_del(&c->list);
483 mutex_unlock(&mgmt_chan_list_lock);
484}
485EXPORT_SYMBOL(hci_mgmt_chan_unregister);
486
1da177e4
LT		 487static int hci_sock_release(struct socket *sock)
488{
489 struct sock *sk = sock->sk;
7b005bd3 490 struct hci_dev *hdev;
1da177e4
LT		 491
492 BT_DBG("sock %p sk %p", sock, sk);
493
494 if (!sk)
495 return 0;
496
7b005bd3
MH		 497 hdev = hci_pi(sk)->hdev;
498
cd82e61c
MH		 499 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
500 atomic_dec(&monitor_promisc);
501
1da177e4
LT		 502 bt_sock_unlink(&hci_sk_list, sk);
503
504 if (hdev) {
23500189 505 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
6b3cc1db
SF		 506 /* When releasing an user channel exclusive access,
507 * call hci_dev_do_close directly instead of calling
508 * hci_dev_close to ensure the exclusive access will
509 * be released and the controller brought back down.
510 *
511 * The checking of HCI_AUTO_OFF is not needed in this
512 * case since it will have been cleared already when
513 * opening the user channel.
514 */
515 hci_dev_do_close(hdev);
9380f9ea
LP		 516 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
517 mgmt_index_added(hdev);
23500189
MH		 518 }
519
1da177e4
LT		 520 atomic_dec(&hdev->promisc);
521 hci_dev_put(hdev);
522 }
523
524 sock_orphan(sk);
525
526 skb_queue_purge(&sk->sk_receive_queue);
527 skb_queue_purge(&sk->sk_write_queue);
528
529 sock_put(sk);
530 return 0;
531}
532
b2a66aad 533static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 534{
535 bdaddr_t bdaddr;
5e762444 536 int err;
f0358568
JH		 537
538 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
539 return -EFAULT;
540
09fd0de5 541 hci_dev_lock(hdev);
5e762444 542
dcc36c16 543 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 544
09fd0de5 545 hci_dev_unlock(hdev);
5e762444
AJ		 546
547 return err;
f0358568
JH		 548}
549
b2a66aad 550static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 551{
552 bdaddr_t bdaddr;
5e762444 553 int err;
f0358568
JH		 554
555 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
556 return -EFAULT;
557
09fd0de5 558 hci_dev_lock(hdev);
5e762444 559
dcc36c16 560 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 561
09fd0de5 562 hci_dev_unlock(hdev);
5e762444
AJ		 563
564 return err;
f0358568
JH		 565}
566
8e87d142 567/* Ioctls that require bound socket */
6039aa73
GP		 568static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
569 unsigned long arg)
1da177e4
LT		 570{
571 struct hci_dev *hdev = hci_pi(sk)->hdev;
572
573 if (!hdev)
574 return -EBADFD;
575
d7a5a11d 576 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
0736cfa8
MH		 577 return -EBUSY;
578
d7a5a11d 579 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
fee746b0
MH		 580 return -EOPNOTSUPP;
581
5b69bef5
MH		 582 if (hdev->dev_type != HCI_BREDR)
583 return -EOPNOTSUPP;
584
1da177e4
LT		 585 switch (cmd) {
586 case HCISETRAW:
587 if (!capable(CAP_NET_ADMIN))
bf5b30b8 588 return -EPERM;
db596681 589 return -EOPNOTSUPP;
1da177e4 590
1da177e4 591 case HCIGETCONNINFO:
40be492f
MH		 592 return hci_get_conn_info(hdev, (void __user *) arg);
593
594 case HCIGETAUTHINFO:
595 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 596
f0358568
JH		 597 case HCIBLOCKADDR:
598 if (!capable(CAP_NET_ADMIN))
bf5b30b8 599 return -EPERM;
b2a66aad 600 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 601
602 case HCIUNBLOCKADDR:
603 if (!capable(CAP_NET_ADMIN))
bf5b30b8 604 return -EPERM;
b2a66aad 605 return hci_sock_blacklist_del(hdev, (void __user *) arg);
1da177e4 606 }
0736cfa8 607
324d36ed 608 return -ENOIOCTLCMD;
1da177e4
LT		 609}
610
8fc9ced3
GP		 611static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
612 unsigned long arg)
1da177e4 613{
40be492f 614 void __user *argp = (void __user *) arg;
0736cfa8 615 struct sock *sk = sock->sk;
1da177e4
LT		 616 int err;
617
618 BT_DBG("cmd %x arg %lx", cmd, arg);
619
c1c4f956
MH		 620 lock_sock(sk);
621
622 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
623 err = -EBADFD;
624 goto done;
625 }
626
627 release_sock(sk);
628
1da177e4
LT		 629 switch (cmd) {
630 case HCIGETDEVLIST:
631 return hci_get_dev_list(argp);
632
633 case HCIGETDEVINFO:
634 return hci_get_dev_info(argp);
635
636 case HCIGETCONNLIST:
637 return hci_get_conn_list(argp);
638
639 case HCIDEVUP:
640 if (!capable(CAP_NET_ADMIN))
bf5b30b8 641 return -EPERM;
1da177e4
LT		 642 return hci_dev_open(arg);
643
644 case HCIDEVDOWN:
645 if (!capable(CAP_NET_ADMIN))
bf5b30b8 646 return -EPERM;
1da177e4
LT		 647 return hci_dev_close(arg);
648
649 case HCIDEVRESET:
650 if (!capable(CAP_NET_ADMIN))
bf5b30b8 651 return -EPERM;
1da177e4
LT		 652 return hci_dev_reset(arg);
653
654 case HCIDEVRESTAT:
655 if (!capable(CAP_NET_ADMIN))
bf5b30b8 656 return -EPERM;
1da177e4
LT		 657 return hci_dev_reset_stat(arg);
658
659 case HCISETSCAN:
660 case HCISETAUTH:
661 case HCISETENCRYPT:
662 case HCISETPTYPE:
663 case HCISETLINKPOL:
664 case HCISETLINKMODE:
665 case HCISETACLMTU:
666 case HCISETSCOMTU:
667 if (!capable(CAP_NET_ADMIN))
bf5b30b8 668 return -EPERM;
1da177e4
LT		 669 return hci_dev_cmd(cmd, argp);
670
671 case HCIINQUIRY:
672 return hci_inquiry(argp);
1da177e4 673 }
c1c4f956
MH		 674
675 lock_sock(sk);
676
677 err = hci_sock_bound_ioctl(sk, cmd, arg);
678
679done:
680 release_sock(sk);
681 return err;
1da177e4
LT		 682}
683
8fc9ced3
GP		 684static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
685 int addr_len)
1da177e4 686{
0381101f 687 struct sockaddr_hci haddr;
1da177e4
LT		 688 struct sock *sk = sock->sk;
689 struct hci_dev *hdev = NULL;
0381101f 690 int len, err = 0;
1da177e4
LT		 691
692 BT_DBG("sock %p sk %p", sock, sk);
693
0381101f
JH		 694 if (!addr)
695 return -EINVAL;
696
697 memset(&haddr, 0, sizeof(haddr));
698 len = min_t(unsigned int, sizeof(haddr), addr_len);
699 memcpy(&haddr, addr, len);
700
701 if (haddr.hci_family != AF_BLUETOOTH)
702 return -EINVAL;
703
1da177e4
LT		 704 lock_sock(sk);
705
7cc2ade2 706 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 707 err = -EALREADY;
708 goto done;
709 }
710
7cc2ade2
MH		 711 switch (haddr.hci_channel) {
712 case HCI_CHANNEL_RAW:
713 if (hci_pi(sk)->hdev) {
714 err = -EALREADY;
1da177e4
LT		 715 goto done;
716 }
717
7cc2ade2
MH		 718 if (haddr.hci_dev != HCI_DEV_NONE) {
719 hdev = hci_dev_get(haddr.hci_dev);
720 if (!hdev) {
721 err = -ENODEV;
722 goto done;
723 }
724
725 atomic_inc(&hdev->promisc);
726 }
727
728 hci_pi(sk)->hdev = hdev;
729 break;
730
23500189
MH		 731 case HCI_CHANNEL_USER:
732 if (hci_pi(sk)->hdev) {
733 err = -EALREADY;
734 goto done;
735 }
736
737 if (haddr.hci_dev == HCI_DEV_NONE) {
738 err = -EINVAL;
739 goto done;
740 }
741
10a8b86f 742 if (!capable(CAP_NET_ADMIN)) {
23500189
MH		 743 err = -EPERM;
744 goto done;
745 }
746
747 hdev = hci_dev_get(haddr.hci_dev);
748 if (!hdev) {
749 err = -ENODEV;
750 goto done;
751 }
752
781f899f 753 if (test_bit(HCI_INIT, &hdev->flags) ||
d7a5a11d 754 hci_dev_test_flag(hdev, HCI_SETUP) ||
781f899f
MH		 755 hci_dev_test_flag(hdev, HCI_CONFIG) ||
756 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
757 test_bit(HCI_UP, &hdev->flags))) {
23500189
MH		 758 err = -EBUSY;
759 hci_dev_put(hdev);
760 goto done;
761 }
762
238be788 763 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
23500189
MH		 764 err = -EUSERS;
765 hci_dev_put(hdev);
766 goto done;
767 }
768
0602a8ad 769 mgmt_index_removed(hdev);
23500189
MH		 770
771 err = hci_dev_open(hdev->id);
772 if (err) {
781f899f
MH		 773 if (err == -EALREADY) {
774 /* In case the transport is already up and
775 * running, clear the error here.
776 *
777 * This can happen when opening an user
778 * channel and HCI_AUTO_OFF grace period
779 * is still active.
780 */
781 err = 0;
782 } else {
783 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
784 mgmt_index_added(hdev);
785 hci_dev_put(hdev);
786 goto done;
787 }
23500189
MH		 788 }
789
790 atomic_inc(&hdev->promisc);
791
792 hci_pi(sk)->hdev = hdev;
793 break;
794
cd82e61c
MH		 795 case HCI_CHANNEL_MONITOR:
796 if (haddr.hci_dev != HCI_DEV_NONE) {
797 err = -EINVAL;
798 goto done;
799 }
800
801 if (!capable(CAP_NET_RAW)) {
802 err = -EPERM;
803 goto done;
804 }
805
50ebc055
MH		 806 /* The monitor interface is restricted to CAP_NET_RAW
807 * capabilities and with that implicitly trusted.
808 */
809 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
810
cd82e61c
MH		 811 send_monitor_replay(sk);
812
813 atomic_inc(&monitor_promisc);
814 break;
815
7cc2ade2 816 default:
801c1e8d
JH		 817 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
818 err = -EINVAL;
819 goto done;
820 }
821
822 if (haddr.hci_dev != HCI_DEV_NONE) {
823 err = -EINVAL;
824 goto done;
825 }
826
1195fbb8
MH		 827 /* Users with CAP_NET_ADMIN capabilities are allowed
828 * access to all management commands and events. For
829 * untrusted users the interface is restricted and
830 * also only untrusted events are sent.
50ebc055 831 */
1195fbb8
MH		 832 if (capable(CAP_NET_ADMIN))
833 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
50ebc055 834
f9207338
MH		 835 /* At the moment the index and unconfigured index events
836 * are enabled unconditionally. Setting them on each
837 * socket when binding keeps this functionality. They
838 * however might be cleared later and then sending of these
839 * events will be disabled, but that is then intentional.
f6b7712e
MH		 840 *
841 * This also enables generic events that are safe to be
842 * received by untrusted users. Example for such events
843 * are changes to settings, class of device, name etc.
f9207338
MH		 844 */
845 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) {
846 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
847 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
f6b7712e 848 hci_sock_set_flag(sk, HCI_MGMT_GENERIC_EVENTS);
f9207338 849 }
801c1e8d 850 break;
1da177e4
LT		 851 }
852
7cc2ade2 853
0381101f 854 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 855 sk->sk_state = BT_BOUND;
856
857done:
858 release_sock(sk);
859 return err;
860}
861
8fc9ced3
GP		 862static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
863 int *addr_len, int peer)
1da177e4
LT		 864{
865 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
866 struct sock *sk = sock->sk;
9d4b68b2
MH		 867 struct hci_dev *hdev;
868 int err = 0;
1da177e4
LT		 869
870 BT_DBG("sock %p sk %p", sock, sk);
871
06f43cbc
MH		 872 if (peer)
873 return -EOPNOTSUPP;
874
1da177e4
LT		 875 lock_sock(sk);
876
9d4b68b2
MH		 877 hdev = hci_pi(sk)->hdev;
878 if (!hdev) {
879 err = -EBADFD;
880 goto done;
881 }
882
1da177e4
LT		 883 *addr_len = sizeof(*haddr);
884 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 885 haddr->hci_dev = hdev->id;
9d4b68b2 886 haddr->hci_channel= hci_pi(sk)->channel;
1da177e4 887
9d4b68b2 888done:
1da177e4 889 release_sock(sk);
9d4b68b2 890 return err;
1da177e4
LT		 891}
892
6039aa73
GP		 893static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
894 struct sk_buff *skb)
1da177e4
LT		 895{
896 __u32 mask = hci_pi(sk)->cmsg_mask;
897
0d48d939
MH		 898 if (mask & HCI_CMSG_DIR) {
899 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 900 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
901 &incoming);
0d48d939 902 }
1da177e4 903
a61bbcf2 904 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 905#ifdef CONFIG_COMPAT
906 struct compat_timeval ctv;
907#endif
a61bbcf2 908 struct timeval tv;
767c5eb5
MH		 909 void *data;
910 int len;
a61bbcf2
PM		 911
912 skb_get_timestamp(skb, &tv);
767c5eb5 913
1da97f83
DM		 914 data = &tv;
915 len = sizeof(tv);
916#ifdef CONFIG_COMPAT
da88cea1
L		 917 if (!COMPAT_USE_64BIT_TIME &&
918 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 919 ctv.tv_sec = tv.tv_sec;
920 ctv.tv_usec = tv.tv_usec;
921 data = &ctv;
922 len = sizeof(ctv);
767c5eb5 923 }
1da97f83 924#endif
767c5eb5
MH		 925
926 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 927 }
1da177e4 928}
8e87d142 929
1b784140
YX		 930static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
931 int flags)
1da177e4
LT		 932{
933 int noblock = flags & MSG_DONTWAIT;
934 struct sock *sk = sock->sk;
935 struct sk_buff *skb;
936 int copied, err;
937
938 BT_DBG("sock %p, sk %p", sock, sk);
939
940 if (flags & (MSG_OOB))
941 return -EOPNOTSUPP;
942
943 if (sk->sk_state == BT_CLOSED)
944 return 0;
945
70f23020
AE		 946 skb = skb_recv_datagram(sk, flags, noblock, &err);
947 if (!skb)
1da177e4
LT		 948 return err;
949
1da177e4
LT		 950 copied = skb->len;
951 if (len < copied) {
952 msg->msg_flags |= MSG_TRUNC;
953 copied = len;
954 }
955
badff6d0 956 skb_reset_transport_header(skb);
51f3d02b 957 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1da177e4 958
3a208627
MH		 959 switch (hci_pi(sk)->channel) {
960 case HCI_CHANNEL_RAW:
961 hci_sock_cmsg(sk, msg, skb);
962 break;
23500189 963 case HCI_CHANNEL_USER:
cd82e61c
MH		 964 case HCI_CHANNEL_MONITOR:
965 sock_recv_timestamp(msg, sk, skb);
966 break;
801c1e8d
JH		 967 default:
968 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
969 sock_recv_timestamp(msg, sk, skb);
970 break;
3a208627 971 }
1da177e4
LT		 972
973 skb_free_datagram(sk, skb);
974
975 return err ? : copied;
976}
977
fa4335d7
JH		 978static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
979 struct msghdr *msg, size_t msglen)
980{
981 void *buf;
982 u8 *cp;
983 struct mgmt_hdr *hdr;
984 u16 opcode, index, len;
985 struct hci_dev *hdev = NULL;
986 const struct hci_mgmt_handler *handler;
987 bool var_len, no_hdev;
988 int err;
989
990 BT_DBG("got %zu bytes", msglen);
991
992 if (msglen < sizeof(*hdr))
993 return -EINVAL;
994
995 buf = kmalloc(msglen, GFP_KERNEL);
996 if (!buf)
997 return -ENOMEM;
998
999 if (memcpy_from_msg(buf, msg, msglen)) {
1000 err = -EFAULT;
1001 goto done;
1002 }
1003
1004 hdr = buf;
1005 opcode = __le16_to_cpu(hdr->opcode);
1006 index = __le16_to_cpu(hdr->index);
1007 len = __le16_to_cpu(hdr->len);
1008
1009 if (len != msglen - sizeof(*hdr)) {
1010 err = -EINVAL;
1011 goto done;
1012 }
1013
1014 if (opcode >= chan->handler_count ||
1015 chan->handlers[opcode].func == NULL) {
1016 BT_DBG("Unknown op %u", opcode);
1017 err = mgmt_cmd_status(sk, index, opcode,
1018 MGMT_STATUS_UNKNOWN_COMMAND);
1019 goto done;
1020 }
1021
1022 handler = &chan->handlers[opcode];
1023
1024 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1025 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1026 err = mgmt_cmd_status(sk, index, opcode,
1027 MGMT_STATUS_PERMISSION_DENIED);
1028 goto done;
1029 }
1030
1031 if (index != MGMT_INDEX_NONE) {
1032 hdev = hci_dev_get(index);
1033 if (!hdev) {
1034 err = mgmt_cmd_status(sk, index, opcode,
1035 MGMT_STATUS_INVALID_INDEX);
1036 goto done;
1037 }
1038
1039 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1040 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1041 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1042 err = mgmt_cmd_status(sk, index, opcode,
1043 MGMT_STATUS_INVALID_INDEX);
1044 goto done;
1045 }
1046
1047 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1048 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1049 err = mgmt_cmd_status(sk, index, opcode,
1050 MGMT_STATUS_INVALID_INDEX);
1051 goto done;
1052 }
1053 }
1054
1055 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1056 if (no_hdev != !hdev) {
1057 err = mgmt_cmd_status(sk, index, opcode,
1058 MGMT_STATUS_INVALID_INDEX);
1059 goto done;
1060 }
1061
1062 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1063 if ((var_len && len < handler->data_len) ||
1064 (!var_len && len != handler->data_len)) {
1065 err = mgmt_cmd_status(sk, index, opcode,
1066 MGMT_STATUS_INVALID_PARAMS);
1067 goto done;
1068 }
1069
1070 if (hdev && chan->hdev_init)
1071 chan->hdev_init(sk, hdev);
1072
1073 cp = buf + sizeof(*hdr);
1074
1075 err = handler->func(sk, hdev, cp, len);
1076 if (err < 0)
1077 goto done;
1078
1079 err = msglen;
1080
1081done:
1082 if (hdev)
1083 hci_dev_put(hdev);
1084
1085 kfree(buf);
1086 return err;
1087}
1088
1b784140
YX		 1089static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1090 size_t len)
1da177e4
LT		 1091{
1092 struct sock *sk = sock->sk;
801c1e8d 1093 struct hci_mgmt_chan *chan;
1da177e4
LT		 1094 struct hci_dev *hdev;
1095 struct sk_buff *skb;
1096 int err;
1097
1098 BT_DBG("sock %p sk %p", sock, sk);
1099
1100 if (msg->msg_flags & MSG_OOB)
1101 return -EOPNOTSUPP;
1102
1103 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
1104 return -EINVAL;
1105
1106 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1107 return -EINVAL;
1108
1109 lock_sock(sk);
1110
0381101f
JH		 1111 switch (hci_pi(sk)->channel) {
1112 case HCI_CHANNEL_RAW:
23500189 1113 case HCI_CHANNEL_USER:
0381101f 1114 break;
cd82e61c
MH		 1115 case HCI_CHANNEL_MONITOR:
1116 err = -EOPNOTSUPP;
1117 goto done;
0381101f 1118 default:
801c1e8d
JH		 1119 mutex_lock(&mgmt_chan_list_lock);
1120 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1121 if (chan)
fa4335d7 1122 err = hci_mgmt_cmd(chan, sk, msg, len);
801c1e8d
JH		 1123 else
1124 err = -EINVAL;
1125
1126 mutex_unlock(&mgmt_chan_list_lock);
0381101f
JH		 1127 goto done;
1128 }
1129
70f23020
AE		 1130 hdev = hci_pi(sk)->hdev;
1131 if (!hdev) {
1da177e4
LT		 1132 err = -EBADFD;
1133 goto done;
1134 }
1135
7e21addc
MH		 1136 if (!test_bit(HCI_UP, &hdev->flags)) {
1137 err = -ENETDOWN;
1138 goto done;
1139 }
1140
70f23020
AE		 1141 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1142 if (!skb)
1da177e4
LT		 1143 goto done;
1144
6ce8e9ce 1145 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1da177e4
LT		 1146 err = -EFAULT;
1147 goto drop;
1148 }
1149
0d48d939 1150 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4 1151 skb_pull(skb, 1);
1da177e4 1152
1bc5ad16
MH		 1153 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1154 /* No permission check is needed for user channel
1155 * since that gets enforced when binding the socket.
1156 *
1157 * However check that the packet type is valid.
1158 */
1159 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
1160 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
1161 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
1162 err = -EINVAL;
1163 goto drop;
1164 }
1165
1166 skb_queue_tail(&hdev->raw_q, skb);
1167 queue_work(hdev->workqueue, &hdev->tx_work);
1168 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 1169 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 1170 u16 ogf = hci_opcode_ogf(opcode);
1171 u16 ocf = hci_opcode_ocf(opcode);
1172
1173 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 1174 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1175 &hci_sec_filter.ocf_mask[ogf])) &&
1176 !capable(CAP_NET_RAW)) {
1da177e4
LT		 1177 err = -EPERM;
1178 goto drop;
1179 }
1180
fee746b0 1181 if (ogf == 0x3f) {
1da177e4 1182 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1183 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 1184 } else {
49c922bb 1185 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 1186 * single-command requests.
1187 */
db6e3e8d 1188 bt_cb(skb)->req.start = true;
11714b3d 1189
1da177e4 1190 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 1191 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 1192 }
1193 } else {
1194 if (!capable(CAP_NET_RAW)) {
1195 err = -EPERM;
1196 goto drop;
1197 }
1198
1199 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1200 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 1201 }
1202
1203 err = len;
1204
1205done:
1206 release_sock(sk);
1207 return err;
1208
1209drop:
1210 kfree_skb(skb);
1211 goto done;
1212}
1213
8fc9ced3
GP		 1214static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1215 char __user *optval, unsigned int len)
1da177e4
LT		 1216{
1217 struct hci_ufilter uf = { .opcode = 0 };
1218 struct sock *sk = sock->sk;
1219 int err = 0, opt = 0;
1220
1221 BT_DBG("sk %p, opt %d", sk, optname);
1222
1223 lock_sock(sk);
1224
2f39cdb7 1225 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1226 err = -EBADFD;
2f39cdb7
MH		 1227 goto done;
1228 }
1229
1da177e4
LT		 1230 switch (optname) {
1231 case HCI_DATA_DIR:
1232 if (get_user(opt, (int __user *)optval)) {
1233 err = -EFAULT;
1234 break;
1235 }
1236
1237 if (opt)
1238 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1239 else
1240 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1241 break;
1242
1243 case HCI_TIME_STAMP:
1244 if (get_user(opt, (int __user *)optval)) {
1245 err = -EFAULT;
1246 break;
1247 }
1248
1249 if (opt)
1250 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1251 else
1252 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1253 break;
1254
1255 case HCI_FILTER:
0878b666
MH		 1256 {
1257 struct hci_filter *f = &hci_pi(sk)->filter;
1258
1259 uf.type_mask = f->type_mask;
1260 uf.opcode = f->opcode;
1261 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1262 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1263 }
1264
1da177e4
LT		 1265 len = min_t(unsigned int, len, sizeof(uf));
1266 if (copy_from_user(&uf, optval, len)) {
1267 err = -EFAULT;
1268 break;
1269 }
1270
1271 if (!capable(CAP_NET_RAW)) {
1272 uf.type_mask &= hci_sec_filter.type_mask;
1273 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1274 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1275 }
1276
1277 {
1278 struct hci_filter *f = &hci_pi(sk)->filter;
1279
1280 f->type_mask = uf.type_mask;
1281 f->opcode = uf.opcode;
1282 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1283 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1284 }
8e87d142 1285 break;
1da177e4
LT		 1286
1287 default:
1288 err = -ENOPROTOOPT;
1289 break;
1290 }
1291
2f39cdb7 1292done:
1da177e4
LT		 1293 release_sock(sk);
1294 return err;
1295}
1296
8fc9ced3
GP		 1297static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1298 char __user *optval, int __user *optlen)
1da177e4
LT		 1299{
1300 struct hci_ufilter uf;
1301 struct sock *sk = sock->sk;
cedc5469
MH		 1302 int len, opt, err = 0;
1303
1304 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 1305
1306 if (get_user(len, optlen))
1307 return -EFAULT;
1308
cedc5469
MH		 1309 lock_sock(sk);
1310
1311 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1312 err = -EBADFD;
cedc5469
MH		 1313 goto done;
1314 }
1315
1da177e4
LT		 1316 switch (optname) {
1317 case HCI_DATA_DIR:
1318 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1319 opt = 1;
8e87d142 1320 else
1da177e4
LT		 1321 opt = 0;
1322
1323 if (put_user(opt, optval))
cedc5469 1324 err = -EFAULT;
1da177e4
LT		 1325 break;
1326
1327 case HCI_TIME_STAMP:
1328 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1329 opt = 1;
8e87d142 1330 else
1da177e4
LT		 1331 opt = 0;
1332
1333 if (put_user(opt, optval))
cedc5469 1334 err = -EFAULT;
1da177e4
LT		 1335 break;
1336
1337 case HCI_FILTER:
1338 {
1339 struct hci_filter *f = &hci_pi(sk)->filter;
1340
e15ca9a0 1341 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1342 uf.type_mask = f->type_mask;
1343 uf.opcode = f->opcode;
1344 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1345 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1346 }
1347
1348 len = min_t(unsigned int, len, sizeof(uf));
1349 if (copy_to_user(optval, &uf, len))
cedc5469 1350 err = -EFAULT;
1da177e4
LT		 1351 break;
1352
1353 default:
cedc5469 1354 err = -ENOPROTOOPT;
1da177e4
LT		 1355 break;
1356 }
1357
cedc5469
MH		 1358done:
1359 release_sock(sk);
1360 return err;
1da177e4
LT		 1361}
1362
90ddc4f0 1363static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1364 .family = PF_BLUETOOTH,
1365 .owner = THIS_MODULE,
1366 .release = hci_sock_release,
1367 .bind = hci_sock_bind,
1368 .getname = hci_sock_getname,
1369 .sendmsg = hci_sock_sendmsg,
1370 .recvmsg = hci_sock_recvmsg,
1371 .ioctl = hci_sock_ioctl,
1372 .poll = datagram_poll,
1373 .listen = sock_no_listen,
1374 .shutdown = sock_no_shutdown,
1375 .setsockopt = hci_sock_setsockopt,
1376 .getsockopt = hci_sock_getsockopt,
1377 .connect = sock_no_connect,
1378 .socketpair = sock_no_socketpair,
1379 .accept = sock_no_accept,
1380 .mmap = sock_no_mmap
1381};
1382
1383static struct proto hci_sk_proto = {
1384 .name = "HCI",
1385 .owner = THIS_MODULE,
1386 .obj_size = sizeof(struct hci_pinfo)
1387};
1388
3f378b68
EP		 1389static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1390 int kern)
1da177e4
LT		 1391{
1392 struct sock *sk;
1393
1394 BT_DBG("sock %p", sock);
1395
1396 if (sock->type != SOCK_RAW)
1397 return -ESOCKTNOSUPPORT;
1398
1399 sock->ops = &hci_sock_ops;
1400
11aa9c28 1401 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
1da177e4
LT		 1402 if (!sk)
1403 return -ENOMEM;
1404
1405 sock_init_data(sock, sk);
1406
1407 sock_reset_flag(sk, SOCK_ZAPPED);
1408
1409 sk->sk_protocol = protocol;
1410
1411 sock->state = SS_UNCONNECTED;
1412 sk->sk_state = BT_OPEN;
1413
1414 bt_sock_link(&hci_sk_list, sk);
1415 return 0;
1416}
1417
ec1b4cf7 1418static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1419 .family = PF_BLUETOOTH,
1420 .owner = THIS_MODULE,
1421 .create = hci_sock_create,
1422};
1423
1da177e4
LT		 1424int __init hci_sock_init(void)
1425{
1426 int err;
1427
b0a8e282
MH		 1428 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1429
1da177e4
LT		 1430 err = proto_register(&hci_sk_proto, 0);
1431 if (err < 0)
1432 return err;
1433
1434 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1435 if (err < 0) {
1436 BT_ERR("HCI socket registration failed");
1da177e4 1437 goto error;
f7c86637
MY		 1438 }
1439
b0316615 1440 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1441 if (err < 0) {
1442 BT_ERR("Failed to create HCI proc file");
1443 bt_sock_unregister(BTPROTO_HCI);
1444 goto error;
1445 }
1da177e4 1446
1da177e4
LT		 1447 BT_INFO("HCI socket layer initialized");
1448
1449 return 0;
1450
1451error:
1da177e4
LT		 1452 proto_unregister(&hci_sk_proto);
1453 return err;
1454}
1455
b7440a14 1456void hci_sock_cleanup(void)
1da177e4 1457{
f7c86637 1458 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1459 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1460 proto_unregister(&hci_sk_proto);
1da177e4 1461}
Linux kernel - Deliverables
This page took 0.982093 seconds and 5 git commands to generate.