projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add BUILD_BUG_ON for size of struct sockaddr_sco
[deliverable/linux.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
cd82e61c 32#include <net/bluetooth/hci_mon.h>
1da177e4 33
cd82e61c
MH		 34static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
1da177e4
LT		 36/* ----- HCI socket interface ----- */
37
863def58
MH		 38/* Socket info */
39#define hci_pi(sk) ((struct hci_pinfo *) sk)
40
41struct hci_pinfo {
42 struct bt_sock bt;
43 struct hci_dev *hdev;
44 struct hci_filter filter;
45 __u32 cmsg_mask;
46 unsigned short channel;
47};
48
1da177e4
LT		 49static inline int hci_test_bit(int nr, void *addr)
50{
51 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
52}
53
54/* Security filter */
3ad254f7
MH		 55#define HCI_SFLT_MAX_OGF 5
56
57struct hci_sec_filter {
58 __u32 type_mask;
59 __u32 event_mask[2];
60 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
61};
62
7e67c112 63static const struct hci_sec_filter hci_sec_filter = {
1da177e4
LT		 64 /* Packet types */
65 0x10,
66 /* Events */
dd7f5527 67 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 68 /* Commands */
69 {
70 { 0x0 },
71 /* OGF_LINK_CTL */
7c631a67 72 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 73 /* OGF_LINK_POLICY */
7c631a67 74 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 75 /* OGF_HOST_CTL */
7c631a67 76 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 77 /* OGF_INFO_PARAM */
7c631a67 78 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 79 /* OGF_STATUS_PARAM */
7c631a67 80 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 81 }
82};
83
84static struct bt_sock_list hci_sk_list = {
d5fb2962 85 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 86};
87
f81fe64f
MH		 88static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
89{
90 struct hci_filter *flt;
91 int flt_type, flt_event;
92
93 /* Apply filter */
94 flt = &hci_pi(sk)->filter;
95
96 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
97 flt_type = 0;
98 else
99 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
100
101 if (!test_bit(flt_type, &flt->type_mask))
102 return true;
103
104 /* Extra filter for event packets only */
105 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
106 return false;
107
108 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
109
110 if (!hci_test_bit(flt_event, &flt->event_mask))
111 return true;
112
113 /* Check filter only when opcode is set */
114 if (!flt->opcode)
115 return false;
116
117 if (flt_event == HCI_EV_CMD_COMPLETE &&
118 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
119 return true;
120
121 if (flt_event == HCI_EV_CMD_STATUS &&
122 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
123 return true;
124
125 return false;
126}
127
1da177e4 128/* Send frame to RAW socket */
470fe1b5 129void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 130{
131 struct sock *sk;
e0edf373 132 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 133
134 BT_DBG("hdev %p len %d", hdev, skb->len);
135
136 read_lock(&hci_sk_list.lock);
470fe1b5 137
b67bfe0d 138 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 139 struct sk_buff *nskb;
140
141 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
142 continue;
143
144 /* Don't send frame to the socket it came from */
145 if (skb->sk == sk)
146 continue;
147
23500189
MH		 148 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
149 if (is_filtered_packet(sk, skb))
150 continue;
151 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
152 if (!bt_cb(skb)->incoming)
153 continue;
154 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
155 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
156 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
157 continue;
158 } else {
159 /* Don't send frame to other channel types */
1da177e4 160 continue;
23500189 161 }
1da177e4 162
e0edf373
MH		 163 if (!skb_copy) {
164 /* Create a private copy with headroom */
bad93e9d 165 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
e0edf373
MH		 166 if (!skb_copy)
167 continue;
168
169 /* Put type byte before the data */
170 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
171 }
172
173 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 174 if (!nskb)
1da177e4
LT		 175 continue;
176
470fe1b5
MH		 177 if (sock_queue_rcv_skb(sk, nskb))
178 kfree_skb(nskb);
179 }
180
181 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 182
183 kfree_skb(skb_copy);
470fe1b5
MH		 184}
185
186/* Send frame to control socket */
187void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
188{
189 struct sock *sk;
470fe1b5
MH		 190
191 BT_DBG("len %d", skb->len);
192
193 read_lock(&hci_sk_list.lock);
194
b67bfe0d 195 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 196 struct sk_buff *nskb;
197
198 /* Skip the original socket */
199 if (sk == skip_sk)
200 continue;
201
202 if (sk->sk_state != BT_BOUND)
203 continue;
204
205 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
206 continue;
207
208 nskb = skb_clone(skb, GFP_ATOMIC);
209 if (!nskb)
210 continue;
1da177e4
LT		 211
212 if (sock_queue_rcv_skb(sk, nskb))
213 kfree_skb(nskb);
214 }
470fe1b5 215
1da177e4
LT		 216 read_unlock(&hci_sk_list.lock);
217}
218
cd82e61c
MH		 219/* Send frame to monitor socket */
220void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
221{
222 struct sock *sk;
cd82e61c
MH		 223 struct sk_buff *skb_copy = NULL;
224 __le16 opcode;
225
226 if (!atomic_read(&monitor_promisc))
227 return;
228
229 BT_DBG("hdev %p len %d", hdev, skb->len);
230
231 switch (bt_cb(skb)->pkt_type) {
232 case HCI_COMMAND_PKT:
dcf4adbf 233 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
cd82e61c
MH		 234 break;
235 case HCI_EVENT_PKT:
dcf4adbf 236 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
cd82e61c
MH		 237 break;
238 case HCI_ACLDATA_PKT:
239 if (bt_cb(skb)->incoming)
dcf4adbf 240 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
cd82e61c 241 else
dcf4adbf 242 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
cd82e61c
MH		 243 break;
244 case HCI_SCODATA_PKT:
245 if (bt_cb(skb)->incoming)
dcf4adbf 246 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
cd82e61c 247 else
dcf4adbf 248 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
cd82e61c
MH		 249 break;
250 default:
251 return;
252 }
253
254 read_lock(&hci_sk_list.lock);
255
b67bfe0d 256 sk_for_each(sk, &hci_sk_list.head) {
cd82e61c
MH		 257 struct sk_buff *nskb;
258
259 if (sk->sk_state != BT_BOUND)
260 continue;
261
262 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
263 continue;
264
265 if (!skb_copy) {
266 struct hci_mon_hdr *hdr;
267
268 /* Create a private copy with headroom */
bad93e9d
OP		 269 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE,
270 GFP_ATOMIC, true);
cd82e61c
MH		 271 if (!skb_copy)
272 continue;
273
274 /* Put header before the data */
275 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
276 hdr->opcode = opcode;
277 hdr->index = cpu_to_le16(hdev->id);
278 hdr->len = cpu_to_le16(skb->len);
279 }
280
281 nskb = skb_clone(skb_copy, GFP_ATOMIC);
282 if (!nskb)
283 continue;
284
285 if (sock_queue_rcv_skb(sk, nskb))
286 kfree_skb(nskb);
287 }
288
289 read_unlock(&hci_sk_list.lock);
290
291 kfree_skb(skb_copy);
292}
293
294static void send_monitor_event(struct sk_buff *skb)
295{
296 struct sock *sk;
cd82e61c
MH		 297
298 BT_DBG("len %d", skb->len);
299
300 read_lock(&hci_sk_list.lock);
301
b67bfe0d 302 sk_for_each(sk, &hci_sk_list.head) {
cd82e61c
MH		 303 struct sk_buff *nskb;
304
305 if (sk->sk_state != BT_BOUND)
306 continue;
307
308 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
309 continue;
310
311 nskb = skb_clone(skb, GFP_ATOMIC);
312 if (!nskb)
313 continue;
314
315 if (sock_queue_rcv_skb(sk, nskb))
316 kfree_skb(nskb);
317 }
318
319 read_unlock(&hci_sk_list.lock);
320}
321
322static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
323{
324 struct hci_mon_hdr *hdr;
325 struct hci_mon_new_index *ni;
326 struct sk_buff *skb;
327 __le16 opcode;
328
329 switch (event) {
330 case HCI_DEV_REG:
331 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
332 if (!skb)
333 return NULL;
334
335 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
336 ni->type = hdev->dev_type;
337 ni->bus = hdev->bus;
338 bacpy(&ni->bdaddr, &hdev->bdaddr);
339 memcpy(ni->name, hdev->name, 8);
340
dcf4adbf 341 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
cd82e61c
MH		 342 break;
343
344 case HCI_DEV_UNREG:
345 skb = bt_skb_alloc(0, GFP_ATOMIC);
346 if (!skb)
347 return NULL;
348
dcf4adbf 349 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
cd82e61c
MH		 350 break;
351
352 default:
353 return NULL;
354 }
355
356 __net_timestamp(skb);
357
358 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
359 hdr->opcode = opcode;
360 hdr->index = cpu_to_le16(hdev->id);
361 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
362
363 return skb;
364}
365
366static void send_monitor_replay(struct sock *sk)
367{
368 struct hci_dev *hdev;
369
370 read_lock(&hci_dev_list_lock);
371
372 list_for_each_entry(hdev, &hci_dev_list, list) {
373 struct sk_buff *skb;
374
375 skb = create_monitor_event(hdev, HCI_DEV_REG);
376 if (!skb)
377 continue;
378
379 if (sock_queue_rcv_skb(sk, skb))
380 kfree_skb(skb);
381 }
382
383 read_unlock(&hci_dev_list_lock);
384}
385
040030ef
MH		 386/* Generate internal stack event */
387static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
388{
389 struct hci_event_hdr *hdr;
390 struct hci_ev_stack_internal *ev;
391 struct sk_buff *skb;
392
393 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
394 if (!skb)
395 return;
396
397 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
398 hdr->evt = HCI_EV_STACK_INTERNAL;
399 hdr->plen = sizeof(*ev) + dlen;
400
401 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
402 ev->type = type;
403 memcpy(ev->data, data, dlen);
404
405 bt_cb(skb)->incoming = 1;
406 __net_timestamp(skb);
407
408 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
040030ef
MH		 409 hci_send_to_sock(hdev, skb);
410 kfree_skb(skb);
411}
412
413void hci_sock_dev_event(struct hci_dev *hdev, int event)
414{
415 struct hci_ev_si_device ev;
416
417 BT_DBG("hdev %s event %d", hdev->name, event);
418
cd82e61c
MH		 419 /* Send event to monitor */
420 if (atomic_read(&monitor_promisc)) {
421 struct sk_buff *skb;
422
423 skb = create_monitor_event(hdev, event);
424 if (skb) {
425 send_monitor_event(skb);
426 kfree_skb(skb);
427 }
428 }
429
040030ef
MH		 430 /* Send event to sockets */
431 ev.event = event;
432 ev.dev_id = hdev->id;
433 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
434
435 if (event == HCI_DEV_UNREG) {
436 struct sock *sk;
040030ef
MH		 437
438 /* Detach sockets from device */
439 read_lock(&hci_sk_list.lock);
b67bfe0d 440 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 441 bh_lock_sock_nested(sk);
442 if (hci_pi(sk)->hdev == hdev) {
443 hci_pi(sk)->hdev = NULL;
444 sk->sk_err = EPIPE;
445 sk->sk_state = BT_OPEN;
446 sk->sk_state_change(sk);
447
448 hci_dev_put(hdev);
449 }
450 bh_unlock_sock(sk);
451 }
452 read_unlock(&hci_sk_list.lock);
453 }
454}
455
1da177e4
LT		 456static int hci_sock_release(struct socket *sock)
457{
458 struct sock *sk = sock->sk;
7b005bd3 459 struct hci_dev *hdev;
1da177e4
LT		 460
461 BT_DBG("sock %p sk %p", sock, sk);
462
463 if (!sk)
464 return 0;
465
7b005bd3
MH		 466 hdev = hci_pi(sk)->hdev;
467
cd82e61c
MH		 468 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
469 atomic_dec(&monitor_promisc);
470
1da177e4
LT		 471 bt_sock_unlink(&hci_sk_list, sk);
472
473 if (hdev) {
23500189 474 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
0602a8ad 475 mgmt_index_added(hdev);
23500189
MH		 476 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
477 hci_dev_close(hdev->id);
478 }
479
1da177e4
LT		 480 atomic_dec(&hdev->promisc);
481 hci_dev_put(hdev);
482 }
483
484 sock_orphan(sk);
485
486 skb_queue_purge(&sk->sk_receive_queue);
487 skb_queue_purge(&sk->sk_write_queue);
488
489 sock_put(sk);
490 return 0;
491}
492
b2a66aad 493static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 494{
495 bdaddr_t bdaddr;
5e762444 496 int err;
f0358568
JH		 497
498 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
499 return -EFAULT;
500
09fd0de5 501 hci_dev_lock(hdev);
5e762444 502
dcc36c16 503 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 504
09fd0de5 505 hci_dev_unlock(hdev);
5e762444
AJ		 506
507 return err;
f0358568
JH		 508}
509
b2a66aad 510static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 511{
512 bdaddr_t bdaddr;
5e762444 513 int err;
f0358568
JH		 514
515 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
516 return -EFAULT;
517
09fd0de5 518 hci_dev_lock(hdev);
5e762444 519
dcc36c16 520 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 521
09fd0de5 522 hci_dev_unlock(hdev);
5e762444
AJ		 523
524 return err;
f0358568
JH		 525}
526
8e87d142 527/* Ioctls that require bound socket */
6039aa73
GP		 528static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
529 unsigned long arg)
1da177e4
LT		 530{
531 struct hci_dev *hdev = hci_pi(sk)->hdev;
532
533 if (!hdev)
534 return -EBADFD;
535
0736cfa8
MH		 536 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
537 return -EBUSY;
538
4a964404 539 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
fee746b0
MH		 540 return -EOPNOTSUPP;
541
5b69bef5
MH		 542 if (hdev->dev_type != HCI_BREDR)
543 return -EOPNOTSUPP;
544
1da177e4
LT		 545 switch (cmd) {
546 case HCISETRAW:
547 if (!capable(CAP_NET_ADMIN))
bf5b30b8 548 return -EPERM;
db596681 549 return -EOPNOTSUPP;
1da177e4 550
1da177e4 551 case HCIGETCONNINFO:
40be492f
MH		 552 return hci_get_conn_info(hdev, (void __user *) arg);
553
554 case HCIGETAUTHINFO:
555 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 556
f0358568
JH		 557 case HCIBLOCKADDR:
558 if (!capable(CAP_NET_ADMIN))
bf5b30b8 559 return -EPERM;
b2a66aad 560 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 561
562 case HCIUNBLOCKADDR:
563 if (!capable(CAP_NET_ADMIN))
bf5b30b8 564 return -EPERM;
b2a66aad 565 return hci_sock_blacklist_del(hdev, (void __user *) arg);
1da177e4 566 }
0736cfa8 567
324d36ed 568 return -ENOIOCTLCMD;
1da177e4
LT		 569}
570
8fc9ced3
GP		 571static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
572 unsigned long arg)
1da177e4 573{
40be492f 574 void __user *argp = (void __user *) arg;
0736cfa8 575 struct sock *sk = sock->sk;
1da177e4
LT		 576 int err;
577
578 BT_DBG("cmd %x arg %lx", cmd, arg);
579
c1c4f956
MH		 580 lock_sock(sk);
581
582 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
583 err = -EBADFD;
584 goto done;
585 }
586
587 release_sock(sk);
588
1da177e4
LT		 589 switch (cmd) {
590 case HCIGETDEVLIST:
591 return hci_get_dev_list(argp);
592
593 case HCIGETDEVINFO:
594 return hci_get_dev_info(argp);
595
596 case HCIGETCONNLIST:
597 return hci_get_conn_list(argp);
598
599 case HCIDEVUP:
600 if (!capable(CAP_NET_ADMIN))
bf5b30b8 601 return -EPERM;
1da177e4
LT		 602 return hci_dev_open(arg);
603
604 case HCIDEVDOWN:
605 if (!capable(CAP_NET_ADMIN))
bf5b30b8 606 return -EPERM;
1da177e4
LT		 607 return hci_dev_close(arg);
608
609 case HCIDEVRESET:
610 if (!capable(CAP_NET_ADMIN))
bf5b30b8 611 return -EPERM;
1da177e4
LT		 612 return hci_dev_reset(arg);
613
614 case HCIDEVRESTAT:
615 if (!capable(CAP_NET_ADMIN))
bf5b30b8 616 return -EPERM;
1da177e4
LT		 617 return hci_dev_reset_stat(arg);
618
619 case HCISETSCAN:
620 case HCISETAUTH:
621 case HCISETENCRYPT:
622 case HCISETPTYPE:
623 case HCISETLINKPOL:
624 case HCISETLINKMODE:
625 case HCISETACLMTU:
626 case HCISETSCOMTU:
627 if (!capable(CAP_NET_ADMIN))
bf5b30b8 628 return -EPERM;
1da177e4
LT		 629 return hci_dev_cmd(cmd, argp);
630
631 case HCIINQUIRY:
632 return hci_inquiry(argp);
1da177e4 633 }
c1c4f956
MH		 634
635 lock_sock(sk);
636
637 err = hci_sock_bound_ioctl(sk, cmd, arg);
638
639done:
640 release_sock(sk);
641 return err;
1da177e4
LT		 642}
643
8fc9ced3
GP		 644static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
645 int addr_len)
1da177e4 646{
0381101f 647 struct sockaddr_hci haddr;
1da177e4
LT		 648 struct sock *sk = sock->sk;
649 struct hci_dev *hdev = NULL;
0381101f 650 int len, err = 0;
1da177e4
LT		 651
652 BT_DBG("sock %p sk %p", sock, sk);
653
0381101f
JH		 654 if (!addr)
655 return -EINVAL;
656
657 memset(&haddr, 0, sizeof(haddr));
658 len = min_t(unsigned int, sizeof(haddr), addr_len);
659 memcpy(&haddr, addr, len);
660
661 if (haddr.hci_family != AF_BLUETOOTH)
662 return -EINVAL;
663
1da177e4
LT		 664 lock_sock(sk);
665
7cc2ade2 666 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 667 err = -EALREADY;
668 goto done;
669 }
670
7cc2ade2
MH		 671 switch (haddr.hci_channel) {
672 case HCI_CHANNEL_RAW:
673 if (hci_pi(sk)->hdev) {
674 err = -EALREADY;
1da177e4
LT		 675 goto done;
676 }
677
7cc2ade2
MH		 678 if (haddr.hci_dev != HCI_DEV_NONE) {
679 hdev = hci_dev_get(haddr.hci_dev);
680 if (!hdev) {
681 err = -ENODEV;
682 goto done;
683 }
684
685 atomic_inc(&hdev->promisc);
686 }
687
688 hci_pi(sk)->hdev = hdev;
689 break;
690
23500189
MH		 691 case HCI_CHANNEL_USER:
692 if (hci_pi(sk)->hdev) {
693 err = -EALREADY;
694 goto done;
695 }
696
697 if (haddr.hci_dev == HCI_DEV_NONE) {
698 err = -EINVAL;
699 goto done;
700 }
701
10a8b86f 702 if (!capable(CAP_NET_ADMIN)) {
23500189
MH		 703 err = -EPERM;
704 goto done;
705 }
706
707 hdev = hci_dev_get(haddr.hci_dev);
708 if (!hdev) {
709 err = -ENODEV;
710 goto done;
711 }
712
713 if (test_bit(HCI_UP, &hdev->flags) ||
714 test_bit(HCI_INIT, &hdev->flags) ||
d603b76b
MH		 715 test_bit(HCI_SETUP, &hdev->dev_flags) ||
716 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
23500189
MH		 717 err = -EBUSY;
718 hci_dev_put(hdev);
719 goto done;
720 }
721
722 if (test_and_set_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
723 err = -EUSERS;
724 hci_dev_put(hdev);
725 goto done;
726 }
727
0602a8ad 728 mgmt_index_removed(hdev);
23500189
MH		 729
730 err = hci_dev_open(hdev->id);
731 if (err) {
732 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
0602a8ad 733 mgmt_index_added(hdev);
23500189
MH		 734 hci_dev_put(hdev);
735 goto done;
736 }
737
738 atomic_inc(&hdev->promisc);
739
740 hci_pi(sk)->hdev = hdev;
741 break;
742
7cc2ade2 743 case HCI_CHANNEL_CONTROL:
4b95a24c 744 if (haddr.hci_dev != HCI_DEV_NONE) {
7cc2ade2
MH		 745 err = -EINVAL;
746 goto done;
747 }
748
801f13bd
MH		 749 if (!capable(CAP_NET_ADMIN)) {
750 err = -EPERM;
751 goto done;
752 }
753
7cc2ade2
MH		 754 break;
755
cd82e61c
MH		 756 case HCI_CHANNEL_MONITOR:
757 if (haddr.hci_dev != HCI_DEV_NONE) {
758 err = -EINVAL;
759 goto done;
760 }
761
762 if (!capable(CAP_NET_RAW)) {
763 err = -EPERM;
764 goto done;
765 }
766
767 send_monitor_replay(sk);
768
769 atomic_inc(&monitor_promisc);
770 break;
771
7cc2ade2
MH		 772 default:
773 err = -EINVAL;
774 goto done;
1da177e4
LT		 775 }
776
7cc2ade2 777
0381101f 778 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 779 sk->sk_state = BT_BOUND;
780
781done:
782 release_sock(sk);
783 return err;
784}
785
8fc9ced3
GP		 786static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
787 int *addr_len, int peer)
1da177e4
LT		 788{
789 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
790 struct sock *sk = sock->sk;
9d4b68b2
MH		 791 struct hci_dev *hdev;
792 int err = 0;
1da177e4
LT		 793
794 BT_DBG("sock %p sk %p", sock, sk);
795
06f43cbc
MH		 796 if (peer)
797 return -EOPNOTSUPP;
798
1da177e4
LT		 799 lock_sock(sk);
800
9d4b68b2
MH		 801 hdev = hci_pi(sk)->hdev;
802 if (!hdev) {
803 err = -EBADFD;
804 goto done;
805 }
806
1da177e4
LT		 807 *addr_len = sizeof(*haddr);
808 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 809 haddr->hci_dev = hdev->id;
9d4b68b2 810 haddr->hci_channel= hci_pi(sk)->channel;
1da177e4 811
9d4b68b2 812done:
1da177e4 813 release_sock(sk);
9d4b68b2 814 return err;
1da177e4
LT		 815}
816
6039aa73
GP		 817static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
818 struct sk_buff *skb)
1da177e4
LT		 819{
820 __u32 mask = hci_pi(sk)->cmsg_mask;
821
0d48d939
MH		 822 if (mask & HCI_CMSG_DIR) {
823 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 824 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
825 &incoming);
0d48d939 826 }
1da177e4 827
a61bbcf2 828 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 829#ifdef CONFIG_COMPAT
830 struct compat_timeval ctv;
831#endif
a61bbcf2 832 struct timeval tv;
767c5eb5
MH		 833 void *data;
834 int len;
a61bbcf2
PM		 835
836 skb_get_timestamp(skb, &tv);
767c5eb5 837
1da97f83
DM		 838 data = &tv;
839 len = sizeof(tv);
840#ifdef CONFIG_COMPAT
da88cea1
L		 841 if (!COMPAT_USE_64BIT_TIME &&
842 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 843 ctv.tv_sec = tv.tv_sec;
844 ctv.tv_usec = tv.tv_usec;
845 data = &ctv;
846 len = sizeof(ctv);
767c5eb5 847 }
1da97f83 848#endif
767c5eb5
MH		 849
850 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 851 }
1da177e4 852}
8e87d142
YH		 853
854static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
3bb3c755 855 struct msghdr *msg, size_t len, int flags)
1da177e4
LT		 856{
857 int noblock = flags & MSG_DONTWAIT;
858 struct sock *sk = sock->sk;
859 struct sk_buff *skb;
860 int copied, err;
861
862 BT_DBG("sock %p, sk %p", sock, sk);
863
864 if (flags & (MSG_OOB))
865 return -EOPNOTSUPP;
866
867 if (sk->sk_state == BT_CLOSED)
868 return 0;
869
70f23020
AE		 870 skb = skb_recv_datagram(sk, flags, noblock, &err);
871 if (!skb)
1da177e4
LT		 872 return err;
873
1da177e4
LT		 874 copied = skb->len;
875 if (len < copied) {
876 msg->msg_flags |= MSG_TRUNC;
877 copied = len;
878 }
879
badff6d0 880 skb_reset_transport_header(skb);
51f3d02b 881 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1da177e4 882
3a208627
MH		 883 switch (hci_pi(sk)->channel) {
884 case HCI_CHANNEL_RAW:
885 hci_sock_cmsg(sk, msg, skb);
886 break;
23500189 887 case HCI_CHANNEL_USER:
97e0bdeb 888 case HCI_CHANNEL_CONTROL:
cd82e61c
MH		 889 case HCI_CHANNEL_MONITOR:
890 sock_recv_timestamp(msg, sk, skb);
891 break;
3a208627 892 }
1da177e4
LT		 893
894 skb_free_datagram(sk, skb);
895
896 return err ? : copied;
897}
898
8e87d142 899static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 900 struct msghdr *msg, size_t len)
901{
902 struct sock *sk = sock->sk;
903 struct hci_dev *hdev;
904 struct sk_buff *skb;
905 int err;
906
907 BT_DBG("sock %p sk %p", sock, sk);
908
909 if (msg->msg_flags & MSG_OOB)
910 return -EOPNOTSUPP;
911
912 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
913 return -EINVAL;
914
915 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
916 return -EINVAL;
917
918 lock_sock(sk);
919
0381101f
JH		 920 switch (hci_pi(sk)->channel) {
921 case HCI_CHANNEL_RAW:
23500189 922 case HCI_CHANNEL_USER:
0381101f
JH		 923 break;
924 case HCI_CHANNEL_CONTROL:
925 err = mgmt_control(sk, msg, len);
926 goto done;
cd82e61c
MH		 927 case HCI_CHANNEL_MONITOR:
928 err = -EOPNOTSUPP;
929 goto done;
0381101f
JH		 930 default:
931 err = -EINVAL;
932 goto done;
933 }
934
70f23020
AE		 935 hdev = hci_pi(sk)->hdev;
936 if (!hdev) {
1da177e4
LT		 937 err = -EBADFD;
938 goto done;
939 }
940
7e21addc
MH		 941 if (!test_bit(HCI_UP, &hdev->flags)) {
942 err = -ENETDOWN;
943 goto done;
944 }
945
70f23020
AE		 946 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
947 if (!skb)
1da177e4
LT		 948 goto done;
949
6ce8e9ce 950 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1da177e4
LT		 951 err = -EFAULT;
952 goto drop;
953 }
954
0d48d939 955 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4 956 skb_pull(skb, 1);
1da177e4 957
1bc5ad16
MH		 958 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
959 /* No permission check is needed for user channel
960 * since that gets enforced when binding the socket.
961 *
962 * However check that the packet type is valid.
963 */
964 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
965 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
966 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
967 err = -EINVAL;
968 goto drop;
969 }
970
971 skb_queue_tail(&hdev->raw_q, skb);
972 queue_work(hdev->workqueue, &hdev->tx_work);
973 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 974 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 975 u16 ogf = hci_opcode_ogf(opcode);
976 u16 ocf = hci_opcode_ocf(opcode);
977
978 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 979 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
980 &hci_sec_filter.ocf_mask[ogf])) &&
981 !capable(CAP_NET_RAW)) {
1da177e4
LT		 982 err = -EPERM;
983 goto drop;
984 }
985
fee746b0 986 if (ogf == 0x3f) {
1da177e4 987 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 988 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 989 } else {
49c922bb 990 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 991 * single-command requests.
992 */
993 bt_cb(skb)->req.start = true;
994
1da177e4 995 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 996 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 997 }
998 } else {
999 if (!capable(CAP_NET_RAW)) {
1000 err = -EPERM;
1001 goto drop;
1002 }
1003
1004 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1005 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 1006 }
1007
1008 err = len;
1009
1010done:
1011 release_sock(sk);
1012 return err;
1013
1014drop:
1015 kfree_skb(skb);
1016 goto done;
1017}
1018
8fc9ced3
GP		 1019static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1020 char __user *optval, unsigned int len)
1da177e4
LT		 1021{
1022 struct hci_ufilter uf = { .opcode = 0 };
1023 struct sock *sk = sock->sk;
1024 int err = 0, opt = 0;
1025
1026 BT_DBG("sk %p, opt %d", sk, optname);
1027
1028 lock_sock(sk);
1029
2f39cdb7 1030 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1031 err = -EBADFD;
2f39cdb7
MH		 1032 goto done;
1033 }
1034
1da177e4
LT		 1035 switch (optname) {
1036 case HCI_DATA_DIR:
1037 if (get_user(opt, (int __user *)optval)) {
1038 err = -EFAULT;
1039 break;
1040 }
1041
1042 if (opt)
1043 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1044 else
1045 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1046 break;
1047
1048 case HCI_TIME_STAMP:
1049 if (get_user(opt, (int __user *)optval)) {
1050 err = -EFAULT;
1051 break;
1052 }
1053
1054 if (opt)
1055 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1056 else
1057 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1058 break;
1059
1060 case HCI_FILTER:
0878b666
MH		 1061 {
1062 struct hci_filter *f = &hci_pi(sk)->filter;
1063
1064 uf.type_mask = f->type_mask;
1065 uf.opcode = f->opcode;
1066 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1067 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1068 }
1069
1da177e4
LT		 1070 len = min_t(unsigned int, len, sizeof(uf));
1071 if (copy_from_user(&uf, optval, len)) {
1072 err = -EFAULT;
1073 break;
1074 }
1075
1076 if (!capable(CAP_NET_RAW)) {
1077 uf.type_mask &= hci_sec_filter.type_mask;
1078 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1079 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1080 }
1081
1082 {
1083 struct hci_filter *f = &hci_pi(sk)->filter;
1084
1085 f->type_mask = uf.type_mask;
1086 f->opcode = uf.opcode;
1087 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1088 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1089 }
8e87d142 1090 break;
1da177e4
LT		 1091
1092 default:
1093 err = -ENOPROTOOPT;
1094 break;
1095 }
1096
2f39cdb7 1097done:
1da177e4
LT		 1098 release_sock(sk);
1099 return err;
1100}
1101
8fc9ced3
GP		 1102static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1103 char __user *optval, int __user *optlen)
1da177e4
LT		 1104{
1105 struct hci_ufilter uf;
1106 struct sock *sk = sock->sk;
cedc5469
MH		 1107 int len, opt, err = 0;
1108
1109 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 1110
1111 if (get_user(len, optlen))
1112 return -EFAULT;
1113
cedc5469
MH		 1114 lock_sock(sk);
1115
1116 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1117 err = -EBADFD;
cedc5469
MH		 1118 goto done;
1119 }
1120
1da177e4
LT		 1121 switch (optname) {
1122 case HCI_DATA_DIR:
1123 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1124 opt = 1;
8e87d142 1125 else
1da177e4
LT		 1126 opt = 0;
1127
1128 if (put_user(opt, optval))
cedc5469 1129 err = -EFAULT;
1da177e4
LT		 1130 break;
1131
1132 case HCI_TIME_STAMP:
1133 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1134 opt = 1;
8e87d142 1135 else
1da177e4
LT		 1136 opt = 0;
1137
1138 if (put_user(opt, optval))
cedc5469 1139 err = -EFAULT;
1da177e4
LT		 1140 break;
1141
1142 case HCI_FILTER:
1143 {
1144 struct hci_filter *f = &hci_pi(sk)->filter;
1145
e15ca9a0 1146 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1147 uf.type_mask = f->type_mask;
1148 uf.opcode = f->opcode;
1149 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1150 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1151 }
1152
1153 len = min_t(unsigned int, len, sizeof(uf));
1154 if (copy_to_user(optval, &uf, len))
cedc5469 1155 err = -EFAULT;
1da177e4
LT		 1156 break;
1157
1158 default:
cedc5469 1159 err = -ENOPROTOOPT;
1da177e4
LT		 1160 break;
1161 }
1162
cedc5469
MH		 1163done:
1164 release_sock(sk);
1165 return err;
1da177e4
LT		 1166}
1167
90ddc4f0 1168static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1169 .family = PF_BLUETOOTH,
1170 .owner = THIS_MODULE,
1171 .release = hci_sock_release,
1172 .bind = hci_sock_bind,
1173 .getname = hci_sock_getname,
1174 .sendmsg = hci_sock_sendmsg,
1175 .recvmsg = hci_sock_recvmsg,
1176 .ioctl = hci_sock_ioctl,
1177 .poll = datagram_poll,
1178 .listen = sock_no_listen,
1179 .shutdown = sock_no_shutdown,
1180 .setsockopt = hci_sock_setsockopt,
1181 .getsockopt = hci_sock_getsockopt,
1182 .connect = sock_no_connect,
1183 .socketpair = sock_no_socketpair,
1184 .accept = sock_no_accept,
1185 .mmap = sock_no_mmap
1186};
1187
1188static struct proto hci_sk_proto = {
1189 .name = "HCI",
1190 .owner = THIS_MODULE,
1191 .obj_size = sizeof(struct hci_pinfo)
1192};
1193
3f378b68
EP		 1194static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1195 int kern)
1da177e4
LT		 1196{
1197 struct sock *sk;
1198
1199 BT_DBG("sock %p", sock);
1200
1201 if (sock->type != SOCK_RAW)
1202 return -ESOCKTNOSUPPORT;
1203
1204 sock->ops = &hci_sock_ops;
1205
6257ff21 1206 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4
LT		 1207 if (!sk)
1208 return -ENOMEM;
1209
1210 sock_init_data(sock, sk);
1211
1212 sock_reset_flag(sk, SOCK_ZAPPED);
1213
1214 sk->sk_protocol = protocol;
1215
1216 sock->state = SS_UNCONNECTED;
1217 sk->sk_state = BT_OPEN;
1218
1219 bt_sock_link(&hci_sk_list, sk);
1220 return 0;
1221}
1222
ec1b4cf7 1223static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1224 .family = PF_BLUETOOTH,
1225 .owner = THIS_MODULE,
1226 .create = hci_sock_create,
1227};
1228
1da177e4
LT		 1229int __init hci_sock_init(void)
1230{
1231 int err;
1232
b0a8e282
MH		 1233 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1234
1da177e4
LT		 1235 err = proto_register(&hci_sk_proto, 0);
1236 if (err < 0)
1237 return err;
1238
1239 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1240 if (err < 0) {
1241 BT_ERR("HCI socket registration failed");
1da177e4 1242 goto error;
f7c86637
MY		 1243 }
1244
b0316615 1245 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1246 if (err < 0) {
1247 BT_ERR("Failed to create HCI proc file");
1248 bt_sock_unregister(BTPROTO_HCI);
1249 goto error;
1250 }
1da177e4 1251
1da177e4
LT		 1252 BT_INFO("HCI socket layer initialized");
1253
1254 return 0;
1255
1256error:
1da177e4
LT		 1257 proto_unregister(&hci_sk_proto);
1258 return err;
1259}
1260
b7440a14 1261void hci_sock_cleanup(void)
1da177e4 1262{
f7c86637 1263 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1264 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1265 proto_unregister(&hci_sk_proto);
1da177e4 1266}
Linux kernel - Deliverables
This page took 0.829433 seconds and 5 git commands to generate.