Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 LT |
2 | BlueZ - Bluetooth protocol stack for Linux |
3 | Copyright (C) 2000-2001 Qualcomm Incorporated | |
4 | ||
5 | Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> | |
6 | ||
7 | This program is free software; you can redistribute it and/or modify | |
8 | it under the terms of the GNU General Public License version 2 as | |
9 | published by the Free Software Foundation; | |
10 | ||
11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
12 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
13 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
14 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
15 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
16 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
17 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
18 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
19 | ||
8e87d142 YH |
20 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
21 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
22 | SOFTWARE IS DISCLAIMED. |
23 | */ | |
24 | ||
25 | /* Bluetooth HCI sockets. */ | |
26 | ||
8c520a59 | 27 | #include <linux/export.h> |
1da177e4 | 28 | #include <asm/unaligned.h> |
dd31506d MH |
29 | #include <generated/compile.h> |
30 | #include <generated/utsrelease.h> | |
1da177e4 LT |
31 | |
32 | #include <net/bluetooth/bluetooth.h> | |
33 | #include <net/bluetooth/hci_core.h> | |
cd82e61c | 34 | #include <net/bluetooth/hci_mon.h> |
fa4335d7 JH |
35 | #include <net/bluetooth/mgmt.h> |
36 | ||
37 | #include "mgmt_util.h" | |
1da177e4 | 38 | |
801c1e8d JH |
39 | static LIST_HEAD(mgmt_chan_list); |
40 | static DEFINE_MUTEX(mgmt_chan_list_lock); | |
41 | ||
cd82e61c MH |
42 | static atomic_t monitor_promisc = ATOMIC_INIT(0); |
43 | ||
1da177e4 LT |
44 | /* ----- HCI socket interface ----- */ |
45 | ||
863def58 MH |
46 | /* Socket info */ |
47 | #define hci_pi(sk) ((struct hci_pinfo *) sk) | |
48 | ||
49 | struct hci_pinfo { | |
50 | struct bt_sock bt; | |
51 | struct hci_dev *hdev; | |
52 | struct hci_filter filter; | |
53 | __u32 cmsg_mask; | |
54 | unsigned short channel; | |
6befc644 | 55 | unsigned long flags; |
863def58 MH |
56 | }; |
57 | ||
6befc644 MH |
58 | void hci_sock_set_flag(struct sock *sk, int nr) |
59 | { | |
60 | set_bit(nr, &hci_pi(sk)->flags); | |
61 | } | |
62 | ||
63 | void hci_sock_clear_flag(struct sock *sk, int nr) | |
64 | { | |
65 | clear_bit(nr, &hci_pi(sk)->flags); | |
66 | } | |
67 | ||
c85be545 MH |
68 | int hci_sock_test_flag(struct sock *sk, int nr) |
69 | { | |
70 | return test_bit(nr, &hci_pi(sk)->flags); | |
71 | } | |
72 | ||
d0f172b1 JH |
73 | unsigned short hci_sock_get_channel(struct sock *sk) |
74 | { | |
75 | return hci_pi(sk)->channel; | |
76 | } | |
77 | ||
9391976a | 78 | static inline int hci_test_bit(int nr, const void *addr) |
1da177e4 | 79 | { |
9391976a | 80 | return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31)); |
1da177e4 LT |
81 | } |
82 | ||
83 | /* Security filter */ | |
3ad254f7 MH |
84 | #define HCI_SFLT_MAX_OGF 5 |
85 | ||
86 | struct hci_sec_filter { | |
87 | __u32 type_mask; | |
88 | __u32 event_mask[2]; | |
89 | __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4]; | |
90 | }; | |
91 | ||
7e67c112 | 92 | static const struct hci_sec_filter hci_sec_filter = { |
1da177e4 LT |
93 | /* Packet types */ |
94 | 0x10, | |
95 | /* Events */ | |
dd7f5527 | 96 | { 0x1000d9fe, 0x0000b00c }, |
1da177e4 LT |
97 | /* Commands */ |
98 | { | |
99 | { 0x0 }, | |
100 | /* OGF_LINK_CTL */ | |
7c631a67 | 101 | { 0xbe000006, 0x00000001, 0x00000000, 0x00 }, |
1da177e4 | 102 | /* OGF_LINK_POLICY */ |
7c631a67 | 103 | { 0x00005200, 0x00000000, 0x00000000, 0x00 }, |
1da177e4 | 104 | /* OGF_HOST_CTL */ |
7c631a67 | 105 | { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 }, |
1da177e4 | 106 | /* OGF_INFO_PARAM */ |
7c631a67 | 107 | { 0x000002be, 0x00000000, 0x00000000, 0x00 }, |
1da177e4 | 108 | /* OGF_STATUS_PARAM */ |
7c631a67 | 109 | { 0x000000ea, 0x00000000, 0x00000000, 0x00 } |
1da177e4 LT |
110 | } |
111 | }; | |
112 | ||
113 | static struct bt_sock_list hci_sk_list = { | |
d5fb2962 | 114 | .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock) |
1da177e4 LT |
115 | }; |
116 | ||
f81fe64f MH |
117 | static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb) |
118 | { | |
119 | struct hci_filter *flt; | |
120 | int flt_type, flt_event; | |
121 | ||
122 | /* Apply filter */ | |
123 | flt = &hci_pi(sk)->filter; | |
124 | ||
d79f34e3 | 125 | flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS; |
f81fe64f MH |
126 | |
127 | if (!test_bit(flt_type, &flt->type_mask)) | |
128 | return true; | |
129 | ||
130 | /* Extra filter for event packets only */ | |
d79f34e3 | 131 | if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT) |
f81fe64f MH |
132 | return false; |
133 | ||
134 | flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); | |
135 | ||
136 | if (!hci_test_bit(flt_event, &flt->event_mask)) | |
137 | return true; | |
138 | ||
139 | /* Check filter only when opcode is set */ | |
140 | if (!flt->opcode) | |
141 | return false; | |
142 | ||
143 | if (flt_event == HCI_EV_CMD_COMPLETE && | |
144 | flt->opcode != get_unaligned((__le16 *)(skb->data + 3))) | |
145 | return true; | |
146 | ||
147 | if (flt_event == HCI_EV_CMD_STATUS && | |
148 | flt->opcode != get_unaligned((__le16 *)(skb->data + 4))) | |
149 | return true; | |
150 | ||
151 | return false; | |
152 | } | |
153 | ||
1da177e4 | 154 | /* Send frame to RAW socket */ |
470fe1b5 | 155 | void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) |
1da177e4 LT |
156 | { |
157 | struct sock *sk; | |
e0edf373 | 158 | struct sk_buff *skb_copy = NULL; |
1da177e4 LT |
159 | |
160 | BT_DBG("hdev %p len %d", hdev, skb->len); | |
161 | ||
162 | read_lock(&hci_sk_list.lock); | |
470fe1b5 | 163 | |
b67bfe0d | 164 | sk_for_each(sk, &hci_sk_list.head) { |
1da177e4 LT |
165 | struct sk_buff *nskb; |
166 | ||
167 | if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev) | |
168 | continue; | |
169 | ||
170 | /* Don't send frame to the socket it came from */ | |
171 | if (skb->sk == sk) | |
172 | continue; | |
173 | ||
23500189 | 174 | if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) { |
d79f34e3 MH |
175 | if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT && |
176 | hci_skb_pkt_type(skb) != HCI_EVENT_PKT && | |
177 | hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT && | |
178 | hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) | |
bb77543e | 179 | continue; |
23500189 MH |
180 | if (is_filtered_packet(sk, skb)) |
181 | continue; | |
182 | } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { | |
183 | if (!bt_cb(skb)->incoming) | |
184 | continue; | |
d79f34e3 MH |
185 | if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT && |
186 | hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT && | |
187 | hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) | |
23500189 MH |
188 | continue; |
189 | } else { | |
190 | /* Don't send frame to other channel types */ | |
1da177e4 | 191 | continue; |
23500189 | 192 | } |
1da177e4 | 193 | |
e0edf373 MH |
194 | if (!skb_copy) { |
195 | /* Create a private copy with headroom */ | |
bad93e9d | 196 | skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true); |
e0edf373 MH |
197 | if (!skb_copy) |
198 | continue; | |
199 | ||
200 | /* Put type byte before the data */ | |
d79f34e3 | 201 | memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1); |
e0edf373 MH |
202 | } |
203 | ||
204 | nskb = skb_clone(skb_copy, GFP_ATOMIC); | |
70f23020 | 205 | if (!nskb) |
1da177e4 LT |
206 | continue; |
207 | ||
470fe1b5 MH |
208 | if (sock_queue_rcv_skb(sk, nskb)) |
209 | kfree_skb(nskb); | |
210 | } | |
211 | ||
212 | read_unlock(&hci_sk_list.lock); | |
e0edf373 MH |
213 | |
214 | kfree_skb(skb_copy); | |
470fe1b5 MH |
215 | } |
216 | ||
7129069e JH |
217 | /* Send frame to sockets with specific channel */ |
218 | void hci_send_to_channel(unsigned short channel, struct sk_buff *skb, | |
c08b1a1d | 219 | int flag, struct sock *skip_sk) |
470fe1b5 MH |
220 | { |
221 | struct sock *sk; | |
470fe1b5 | 222 | |
7129069e | 223 | BT_DBG("channel %u len %d", channel, skb->len); |
470fe1b5 MH |
224 | |
225 | read_lock(&hci_sk_list.lock); | |
226 | ||
b67bfe0d | 227 | sk_for_each(sk, &hci_sk_list.head) { |
470fe1b5 MH |
228 | struct sk_buff *nskb; |
229 | ||
c08b1a1d | 230 | /* Ignore socket without the flag set */ |
c85be545 | 231 | if (!hci_sock_test_flag(sk, flag)) |
d7f72f61 MH |
232 | continue; |
233 | ||
c08b1a1d MH |
234 | /* Skip the original socket */ |
235 | if (sk == skip_sk) | |
17711c62 MH |
236 | continue; |
237 | ||
238 | if (sk->sk_state != BT_BOUND) | |
239 | continue; | |
240 | ||
241 | if (hci_pi(sk)->channel != channel) | |
242 | continue; | |
243 | ||
244 | nskb = skb_clone(skb, GFP_ATOMIC); | |
245 | if (!nskb) | |
246 | continue; | |
247 | ||
248 | if (sock_queue_rcv_skb(sk, nskb)) | |
249 | kfree_skb(nskb); | |
250 | } | |
251 | ||
252 | read_unlock(&hci_sk_list.lock); | |
253 | } | |
254 | ||
cd82e61c MH |
255 | /* Send frame to monitor socket */ |
256 | void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb) | |
257 | { | |
cd82e61c | 258 | struct sk_buff *skb_copy = NULL; |
2b531294 | 259 | struct hci_mon_hdr *hdr; |
cd82e61c MH |
260 | __le16 opcode; |
261 | ||
262 | if (!atomic_read(&monitor_promisc)) | |
263 | return; | |
264 | ||
265 | BT_DBG("hdev %p len %d", hdev, skb->len); | |
266 | ||
d79f34e3 | 267 | switch (hci_skb_pkt_type(skb)) { |
cd82e61c | 268 | case HCI_COMMAND_PKT: |
dcf4adbf | 269 | opcode = cpu_to_le16(HCI_MON_COMMAND_PKT); |
cd82e61c MH |
270 | break; |
271 | case HCI_EVENT_PKT: | |
dcf4adbf | 272 | opcode = cpu_to_le16(HCI_MON_EVENT_PKT); |
cd82e61c MH |
273 | break; |
274 | case HCI_ACLDATA_PKT: | |
275 | if (bt_cb(skb)->incoming) | |
dcf4adbf | 276 | opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT); |
cd82e61c | 277 | else |
dcf4adbf | 278 | opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT); |
cd82e61c MH |
279 | break; |
280 | case HCI_SCODATA_PKT: | |
281 | if (bt_cb(skb)->incoming) | |
dcf4adbf | 282 | opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT); |
cd82e61c | 283 | else |
dcf4adbf | 284 | opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT); |
cd82e61c | 285 | break; |
e875ff84 MH |
286 | case HCI_DIAG_PKT: |
287 | opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG); | |
288 | break; | |
cd82e61c MH |
289 | default: |
290 | return; | |
291 | } | |
292 | ||
2b531294 MH |
293 | /* Create a private copy with headroom */ |
294 | skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true); | |
295 | if (!skb_copy) | |
296 | return; | |
297 | ||
298 | /* Put header before the data */ | |
8528d3f7 | 299 | hdr = (void *)skb_push(skb_copy, HCI_MON_HDR_SIZE); |
2b531294 MH |
300 | hdr->opcode = opcode; |
301 | hdr->index = cpu_to_le16(hdev->id); | |
302 | hdr->len = cpu_to_le16(skb->len); | |
303 | ||
c08b1a1d MH |
304 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy, |
305 | HCI_SOCK_TRUSTED, NULL); | |
cd82e61c MH |
306 | kfree_skb(skb_copy); |
307 | } | |
308 | ||
cd82e61c MH |
309 | static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event) |
310 | { | |
311 | struct hci_mon_hdr *hdr; | |
312 | struct hci_mon_new_index *ni; | |
6c566dd5 | 313 | struct hci_mon_index_info *ii; |
cd82e61c MH |
314 | struct sk_buff *skb; |
315 | __le16 opcode; | |
316 | ||
317 | switch (event) { | |
318 | case HCI_DEV_REG: | |
319 | skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC); | |
320 | if (!skb) | |
321 | return NULL; | |
322 | ||
6c566dd5 | 323 | ni = (void *)skb_put(skb, HCI_MON_NEW_INDEX_SIZE); |
cd82e61c MH |
324 | ni->type = hdev->dev_type; |
325 | ni->bus = hdev->bus; | |
326 | bacpy(&ni->bdaddr, &hdev->bdaddr); | |
327 | memcpy(ni->name, hdev->name, 8); | |
328 | ||
dcf4adbf | 329 | opcode = cpu_to_le16(HCI_MON_NEW_INDEX); |
cd82e61c MH |
330 | break; |
331 | ||
332 | case HCI_DEV_UNREG: | |
333 | skb = bt_skb_alloc(0, GFP_ATOMIC); | |
334 | if (!skb) | |
335 | return NULL; | |
336 | ||
dcf4adbf | 337 | opcode = cpu_to_le16(HCI_MON_DEL_INDEX); |
cd82e61c MH |
338 | break; |
339 | ||
e131d74a MH |
340 | case HCI_DEV_SETUP: |
341 | if (hdev->manufacturer == 0xffff) | |
342 | return NULL; | |
343 | ||
344 | /* fall through */ | |
345 | ||
6c566dd5 MH |
346 | case HCI_DEV_UP: |
347 | skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC); | |
348 | if (!skb) | |
349 | return NULL; | |
350 | ||
351 | ii = (void *)skb_put(skb, HCI_MON_INDEX_INFO_SIZE); | |
352 | bacpy(&ii->bdaddr, &hdev->bdaddr); | |
353 | ii->manufacturer = cpu_to_le16(hdev->manufacturer); | |
354 | ||
355 | opcode = cpu_to_le16(HCI_MON_INDEX_INFO); | |
356 | break; | |
357 | ||
22db3cbc MH |
358 | case HCI_DEV_OPEN: |
359 | skb = bt_skb_alloc(0, GFP_ATOMIC); | |
360 | if (!skb) | |
361 | return NULL; | |
362 | ||
363 | opcode = cpu_to_le16(HCI_MON_OPEN_INDEX); | |
364 | break; | |
365 | ||
366 | case HCI_DEV_CLOSE: | |
367 | skb = bt_skb_alloc(0, GFP_ATOMIC); | |
368 | if (!skb) | |
369 | return NULL; | |
370 | ||
371 | opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX); | |
372 | break; | |
373 | ||
cd82e61c MH |
374 | default: |
375 | return NULL; | |
376 | } | |
377 | ||
378 | __net_timestamp(skb); | |
379 | ||
8528d3f7 | 380 | hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE); |
cd82e61c MH |
381 | hdr->opcode = opcode; |
382 | hdr->index = cpu_to_le16(hdev->id); | |
383 | hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE); | |
384 | ||
385 | return skb; | |
386 | } | |
387 | ||
dd31506d MH |
388 | static void send_monitor_note(struct sock *sk, const char *text) |
389 | { | |
390 | size_t len = strlen(text); | |
391 | struct hci_mon_hdr *hdr; | |
392 | struct sk_buff *skb; | |
393 | ||
394 | skb = bt_skb_alloc(len + 1, GFP_ATOMIC); | |
395 | if (!skb) | |
396 | return; | |
397 | ||
398 | strcpy(skb_put(skb, len + 1), text); | |
399 | ||
400 | __net_timestamp(skb); | |
401 | ||
402 | hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE); | |
403 | hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE); | |
404 | hdr->index = cpu_to_le16(HCI_DEV_NONE); | |
405 | hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE); | |
406 | ||
407 | if (sock_queue_rcv_skb(sk, skb)) | |
408 | kfree_skb(skb); | |
409 | } | |
410 | ||
cd82e61c MH |
411 | static void send_monitor_replay(struct sock *sk) |
412 | { | |
413 | struct hci_dev *hdev; | |
414 | ||
415 | read_lock(&hci_dev_list_lock); | |
416 | ||
417 | list_for_each_entry(hdev, &hci_dev_list, list) { | |
418 | struct sk_buff *skb; | |
419 | ||
420 | skb = create_monitor_event(hdev, HCI_DEV_REG); | |
421 | if (!skb) | |
422 | continue; | |
423 | ||
424 | if (sock_queue_rcv_skb(sk, skb)) | |
425 | kfree_skb(skb); | |
22db3cbc MH |
426 | |
427 | if (!test_bit(HCI_RUNNING, &hdev->flags)) | |
428 | continue; | |
429 | ||
430 | skb = create_monitor_event(hdev, HCI_DEV_OPEN); | |
431 | if (!skb) | |
432 | continue; | |
433 | ||
434 | if (sock_queue_rcv_skb(sk, skb)) | |
435 | kfree_skb(skb); | |
6c566dd5 | 436 | |
e131d74a MH |
437 | if (test_bit(HCI_UP, &hdev->flags)) |
438 | skb = create_monitor_event(hdev, HCI_DEV_UP); | |
439 | else if (hci_dev_test_flag(hdev, HCI_SETUP)) | |
440 | skb = create_monitor_event(hdev, HCI_DEV_SETUP); | |
441 | else | |
442 | skb = NULL; | |
6c566dd5 | 443 | |
e131d74a MH |
444 | if (skb) { |
445 | if (sock_queue_rcv_skb(sk, skb)) | |
446 | kfree_skb(skb); | |
447 | } | |
cd82e61c MH |
448 | } |
449 | ||
450 | read_unlock(&hci_dev_list_lock); | |
451 | } | |
452 | ||
040030ef MH |
453 | /* Generate internal stack event */ |
454 | static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) | |
455 | { | |
456 | struct hci_event_hdr *hdr; | |
457 | struct hci_ev_stack_internal *ev; | |
458 | struct sk_buff *skb; | |
459 | ||
460 | skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); | |
461 | if (!skb) | |
462 | return; | |
463 | ||
8528d3f7 | 464 | hdr = (void *)skb_put(skb, HCI_EVENT_HDR_SIZE); |
040030ef MH |
465 | hdr->evt = HCI_EV_STACK_INTERNAL; |
466 | hdr->plen = sizeof(*ev) + dlen; | |
467 | ||
8528d3f7 | 468 | ev = (void *)skb_put(skb, sizeof(*ev) + dlen); |
040030ef MH |
469 | ev->type = type; |
470 | memcpy(ev->data, data, dlen); | |
471 | ||
472 | bt_cb(skb)->incoming = 1; | |
473 | __net_timestamp(skb); | |
474 | ||
d79f34e3 | 475 | hci_skb_pkt_type(skb) = HCI_EVENT_PKT; |
040030ef MH |
476 | hci_send_to_sock(hdev, skb); |
477 | kfree_skb(skb); | |
478 | } | |
479 | ||
480 | void hci_sock_dev_event(struct hci_dev *hdev, int event) | |
481 | { | |
040030ef MH |
482 | BT_DBG("hdev %s event %d", hdev->name, event); |
483 | ||
cd82e61c MH |
484 | if (atomic_read(&monitor_promisc)) { |
485 | struct sk_buff *skb; | |
486 | ||
ed1b28a4 | 487 | /* Send event to monitor */ |
cd82e61c MH |
488 | skb = create_monitor_event(hdev, event); |
489 | if (skb) { | |
c08b1a1d MH |
490 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, |
491 | HCI_SOCK_TRUSTED, NULL); | |
cd82e61c MH |
492 | kfree_skb(skb); |
493 | } | |
494 | } | |
495 | ||
ed1b28a4 MH |
496 | if (event <= HCI_DEV_DOWN) { |
497 | struct hci_ev_si_device ev; | |
498 | ||
499 | /* Send event to sockets */ | |
500 | ev.event = event; | |
501 | ev.dev_id = hdev->id; | |
502 | hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev); | |
503 | } | |
040030ef MH |
504 | |
505 | if (event == HCI_DEV_UNREG) { | |
506 | struct sock *sk; | |
040030ef MH |
507 | |
508 | /* Detach sockets from device */ | |
509 | read_lock(&hci_sk_list.lock); | |
b67bfe0d | 510 | sk_for_each(sk, &hci_sk_list.head) { |
040030ef MH |
511 | bh_lock_sock_nested(sk); |
512 | if (hci_pi(sk)->hdev == hdev) { | |
513 | hci_pi(sk)->hdev = NULL; | |
514 | sk->sk_err = EPIPE; | |
515 | sk->sk_state = BT_OPEN; | |
516 | sk->sk_state_change(sk); | |
517 | ||
518 | hci_dev_put(hdev); | |
519 | } | |
520 | bh_unlock_sock(sk); | |
521 | } | |
522 | read_unlock(&hci_sk_list.lock); | |
523 | } | |
524 | } | |
525 | ||
801c1e8d JH |
526 | static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel) |
527 | { | |
528 | struct hci_mgmt_chan *c; | |
529 | ||
530 | list_for_each_entry(c, &mgmt_chan_list, list) { | |
531 | if (c->channel == channel) | |
532 | return c; | |
533 | } | |
534 | ||
535 | return NULL; | |
536 | } | |
537 | ||
538 | static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel) | |
539 | { | |
540 | struct hci_mgmt_chan *c; | |
541 | ||
542 | mutex_lock(&mgmt_chan_list_lock); | |
543 | c = __hci_mgmt_chan_find(channel); | |
544 | mutex_unlock(&mgmt_chan_list_lock); | |
545 | ||
546 | return c; | |
547 | } | |
548 | ||
549 | int hci_mgmt_chan_register(struct hci_mgmt_chan *c) | |
550 | { | |
551 | if (c->channel < HCI_CHANNEL_CONTROL) | |
552 | return -EINVAL; | |
553 | ||
554 | mutex_lock(&mgmt_chan_list_lock); | |
555 | if (__hci_mgmt_chan_find(c->channel)) { | |
556 | mutex_unlock(&mgmt_chan_list_lock); | |
557 | return -EALREADY; | |
558 | } | |
559 | ||
560 | list_add_tail(&c->list, &mgmt_chan_list); | |
561 | ||
562 | mutex_unlock(&mgmt_chan_list_lock); | |
563 | ||
564 | return 0; | |
565 | } | |
566 | EXPORT_SYMBOL(hci_mgmt_chan_register); | |
567 | ||
568 | void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c) | |
569 | { | |
570 | mutex_lock(&mgmt_chan_list_lock); | |
571 | list_del(&c->list); | |
572 | mutex_unlock(&mgmt_chan_list_lock); | |
573 | } | |
574 | EXPORT_SYMBOL(hci_mgmt_chan_unregister); | |
575 | ||
1da177e4 LT |
576 | static int hci_sock_release(struct socket *sock) |
577 | { | |
578 | struct sock *sk = sock->sk; | |
7b005bd3 | 579 | struct hci_dev *hdev; |
1da177e4 LT |
580 | |
581 | BT_DBG("sock %p sk %p", sock, sk); | |
582 | ||
583 | if (!sk) | |
584 | return 0; | |
585 | ||
7b005bd3 MH |
586 | hdev = hci_pi(sk)->hdev; |
587 | ||
cd82e61c MH |
588 | if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR) |
589 | atomic_dec(&monitor_promisc); | |
590 | ||
1da177e4 LT |
591 | bt_sock_unlink(&hci_sk_list, sk); |
592 | ||
593 | if (hdev) { | |
23500189 | 594 | if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { |
6b3cc1db SF |
595 | /* When releasing an user channel exclusive access, |
596 | * call hci_dev_do_close directly instead of calling | |
597 | * hci_dev_close to ensure the exclusive access will | |
598 | * be released and the controller brought back down. | |
599 | * | |
600 | * The checking of HCI_AUTO_OFF is not needed in this | |
601 | * case since it will have been cleared already when | |
602 | * opening the user channel. | |
603 | */ | |
604 | hci_dev_do_close(hdev); | |
9380f9ea LP |
605 | hci_dev_clear_flag(hdev, HCI_USER_CHANNEL); |
606 | mgmt_index_added(hdev); | |
23500189 MH |
607 | } |
608 | ||
1da177e4 LT |
609 | atomic_dec(&hdev->promisc); |
610 | hci_dev_put(hdev); | |
611 | } | |
612 | ||
613 | sock_orphan(sk); | |
614 | ||
615 | skb_queue_purge(&sk->sk_receive_queue); | |
616 | skb_queue_purge(&sk->sk_write_queue); | |
617 | ||
618 | sock_put(sk); | |
619 | return 0; | |
620 | } | |
621 | ||
b2a66aad | 622 | static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg) |
f0358568 JH |
623 | { |
624 | bdaddr_t bdaddr; | |
5e762444 | 625 | int err; |
f0358568 JH |
626 | |
627 | if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) | |
628 | return -EFAULT; | |
629 | ||
09fd0de5 | 630 | hci_dev_lock(hdev); |
5e762444 | 631 | |
dcc36c16 | 632 | err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR); |
5e762444 | 633 | |
09fd0de5 | 634 | hci_dev_unlock(hdev); |
5e762444 AJ |
635 | |
636 | return err; | |
f0358568 JH |
637 | } |
638 | ||
b2a66aad | 639 | static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg) |
f0358568 JH |
640 | { |
641 | bdaddr_t bdaddr; | |
5e762444 | 642 | int err; |
f0358568 JH |
643 | |
644 | if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) | |
645 | return -EFAULT; | |
646 | ||
09fd0de5 | 647 | hci_dev_lock(hdev); |
5e762444 | 648 | |
dcc36c16 | 649 | err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR); |
5e762444 | 650 | |
09fd0de5 | 651 | hci_dev_unlock(hdev); |
5e762444 AJ |
652 | |
653 | return err; | |
f0358568 JH |
654 | } |
655 | ||
8e87d142 | 656 | /* Ioctls that require bound socket */ |
6039aa73 GP |
657 | static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, |
658 | unsigned long arg) | |
1da177e4 LT |
659 | { |
660 | struct hci_dev *hdev = hci_pi(sk)->hdev; | |
661 | ||
662 | if (!hdev) | |
663 | return -EBADFD; | |
664 | ||
d7a5a11d | 665 | if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) |
0736cfa8 MH |
666 | return -EBUSY; |
667 | ||
d7a5a11d | 668 | if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) |
fee746b0 MH |
669 | return -EOPNOTSUPP; |
670 | ||
5b69bef5 MH |
671 | if (hdev->dev_type != HCI_BREDR) |
672 | return -EOPNOTSUPP; | |
673 | ||
1da177e4 LT |
674 | switch (cmd) { |
675 | case HCISETRAW: | |
676 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 677 | return -EPERM; |
db596681 | 678 | return -EOPNOTSUPP; |
1da177e4 | 679 | |
1da177e4 | 680 | case HCIGETCONNINFO: |
8528d3f7 | 681 | return hci_get_conn_info(hdev, (void __user *)arg); |
40be492f MH |
682 | |
683 | case HCIGETAUTHINFO: | |
8528d3f7 | 684 | return hci_get_auth_info(hdev, (void __user *)arg); |
1da177e4 | 685 | |
f0358568 JH |
686 | case HCIBLOCKADDR: |
687 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 688 | return -EPERM; |
8528d3f7 | 689 | return hci_sock_blacklist_add(hdev, (void __user *)arg); |
f0358568 JH |
690 | |
691 | case HCIUNBLOCKADDR: | |
692 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 693 | return -EPERM; |
8528d3f7 | 694 | return hci_sock_blacklist_del(hdev, (void __user *)arg); |
1da177e4 | 695 | } |
0736cfa8 | 696 | |
324d36ed | 697 | return -ENOIOCTLCMD; |
1da177e4 LT |
698 | } |
699 | ||
8fc9ced3 GP |
700 | static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, |
701 | unsigned long arg) | |
1da177e4 | 702 | { |
8528d3f7 | 703 | void __user *argp = (void __user *)arg; |
0736cfa8 | 704 | struct sock *sk = sock->sk; |
1da177e4 LT |
705 | int err; |
706 | ||
707 | BT_DBG("cmd %x arg %lx", cmd, arg); | |
708 | ||
c1c4f956 MH |
709 | lock_sock(sk); |
710 | ||
711 | if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { | |
712 | err = -EBADFD; | |
713 | goto done; | |
714 | } | |
715 | ||
716 | release_sock(sk); | |
717 | ||
1da177e4 LT |
718 | switch (cmd) { |
719 | case HCIGETDEVLIST: | |
720 | return hci_get_dev_list(argp); | |
721 | ||
722 | case HCIGETDEVINFO: | |
723 | return hci_get_dev_info(argp); | |
724 | ||
725 | case HCIGETCONNLIST: | |
726 | return hci_get_conn_list(argp); | |
727 | ||
728 | case HCIDEVUP: | |
729 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 730 | return -EPERM; |
1da177e4 LT |
731 | return hci_dev_open(arg); |
732 | ||
733 | case HCIDEVDOWN: | |
734 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 735 | return -EPERM; |
1da177e4 LT |
736 | return hci_dev_close(arg); |
737 | ||
738 | case HCIDEVRESET: | |
739 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 740 | return -EPERM; |
1da177e4 LT |
741 | return hci_dev_reset(arg); |
742 | ||
743 | case HCIDEVRESTAT: | |
744 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 745 | return -EPERM; |
1da177e4 LT |
746 | return hci_dev_reset_stat(arg); |
747 | ||
748 | case HCISETSCAN: | |
749 | case HCISETAUTH: | |
750 | case HCISETENCRYPT: | |
751 | case HCISETPTYPE: | |
752 | case HCISETLINKPOL: | |
753 | case HCISETLINKMODE: | |
754 | case HCISETACLMTU: | |
755 | case HCISETSCOMTU: | |
756 | if (!capable(CAP_NET_ADMIN)) | |
bf5b30b8 | 757 | return -EPERM; |
1da177e4 LT |
758 | return hci_dev_cmd(cmd, argp); |
759 | ||
760 | case HCIINQUIRY: | |
761 | return hci_inquiry(argp); | |
1da177e4 | 762 | } |
c1c4f956 MH |
763 | |
764 | lock_sock(sk); | |
765 | ||
766 | err = hci_sock_bound_ioctl(sk, cmd, arg); | |
767 | ||
768 | done: | |
769 | release_sock(sk); | |
770 | return err; | |
1da177e4 LT |
771 | } |
772 | ||
8fc9ced3 GP |
773 | static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, |
774 | int addr_len) | |
1da177e4 | 775 | { |
0381101f | 776 | struct sockaddr_hci haddr; |
1da177e4 LT |
777 | struct sock *sk = sock->sk; |
778 | struct hci_dev *hdev = NULL; | |
0381101f | 779 | int len, err = 0; |
1da177e4 LT |
780 | |
781 | BT_DBG("sock %p sk %p", sock, sk); | |
782 | ||
0381101f JH |
783 | if (!addr) |
784 | return -EINVAL; | |
785 | ||
786 | memset(&haddr, 0, sizeof(haddr)); | |
787 | len = min_t(unsigned int, sizeof(haddr), addr_len); | |
788 | memcpy(&haddr, addr, len); | |
789 | ||
790 | if (haddr.hci_family != AF_BLUETOOTH) | |
791 | return -EINVAL; | |
792 | ||
1da177e4 LT |
793 | lock_sock(sk); |
794 | ||
7cc2ade2 | 795 | if (sk->sk_state == BT_BOUND) { |
1da177e4 LT |
796 | err = -EALREADY; |
797 | goto done; | |
798 | } | |
799 | ||
7cc2ade2 MH |
800 | switch (haddr.hci_channel) { |
801 | case HCI_CHANNEL_RAW: | |
802 | if (hci_pi(sk)->hdev) { | |
803 | err = -EALREADY; | |
1da177e4 LT |
804 | goto done; |
805 | } | |
806 | ||
7cc2ade2 MH |
807 | if (haddr.hci_dev != HCI_DEV_NONE) { |
808 | hdev = hci_dev_get(haddr.hci_dev); | |
809 | if (!hdev) { | |
810 | err = -ENODEV; | |
811 | goto done; | |
812 | } | |
813 | ||
814 | atomic_inc(&hdev->promisc); | |
815 | } | |
816 | ||
817 | hci_pi(sk)->hdev = hdev; | |
818 | break; | |
819 | ||
23500189 MH |
820 | case HCI_CHANNEL_USER: |
821 | if (hci_pi(sk)->hdev) { | |
822 | err = -EALREADY; | |
823 | goto done; | |
824 | } | |
825 | ||
826 | if (haddr.hci_dev == HCI_DEV_NONE) { | |
827 | err = -EINVAL; | |
828 | goto done; | |
829 | } | |
830 | ||
10a8b86f | 831 | if (!capable(CAP_NET_ADMIN)) { |
23500189 MH |
832 | err = -EPERM; |
833 | goto done; | |
834 | } | |
835 | ||
836 | hdev = hci_dev_get(haddr.hci_dev); | |
837 | if (!hdev) { | |
838 | err = -ENODEV; | |
839 | goto done; | |
840 | } | |
841 | ||
781f899f | 842 | if (test_bit(HCI_INIT, &hdev->flags) || |
d7a5a11d | 843 | hci_dev_test_flag(hdev, HCI_SETUP) || |
781f899f MH |
844 | hci_dev_test_flag(hdev, HCI_CONFIG) || |
845 | (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) && | |
846 | test_bit(HCI_UP, &hdev->flags))) { | |
23500189 MH |
847 | err = -EBUSY; |
848 | hci_dev_put(hdev); | |
849 | goto done; | |
850 | } | |
851 | ||
238be788 | 852 | if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) { |
23500189 MH |
853 | err = -EUSERS; |
854 | hci_dev_put(hdev); | |
855 | goto done; | |
856 | } | |
857 | ||
0602a8ad | 858 | mgmt_index_removed(hdev); |
23500189 MH |
859 | |
860 | err = hci_dev_open(hdev->id); | |
861 | if (err) { | |
781f899f MH |
862 | if (err == -EALREADY) { |
863 | /* In case the transport is already up and | |
864 | * running, clear the error here. | |
865 | * | |
866 | * This can happen when opening an user | |
867 | * channel and HCI_AUTO_OFF grace period | |
868 | * is still active. | |
869 | */ | |
870 | err = 0; | |
871 | } else { | |
872 | hci_dev_clear_flag(hdev, HCI_USER_CHANNEL); | |
873 | mgmt_index_added(hdev); | |
874 | hci_dev_put(hdev); | |
875 | goto done; | |
876 | } | |
23500189 MH |
877 | } |
878 | ||
879 | atomic_inc(&hdev->promisc); | |
880 | ||
881 | hci_pi(sk)->hdev = hdev; | |
882 | break; | |
883 | ||
cd82e61c MH |
884 | case HCI_CHANNEL_MONITOR: |
885 | if (haddr.hci_dev != HCI_DEV_NONE) { | |
886 | err = -EINVAL; | |
887 | goto done; | |
888 | } | |
889 | ||
890 | if (!capable(CAP_NET_RAW)) { | |
891 | err = -EPERM; | |
892 | goto done; | |
893 | } | |
894 | ||
50ebc055 MH |
895 | /* The monitor interface is restricted to CAP_NET_RAW |
896 | * capabilities and with that implicitly trusted. | |
897 | */ | |
898 | hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); | |
899 | ||
dd31506d MH |
900 | send_monitor_note(sk, "Linux version " UTS_RELEASE |
901 | " (" UTS_MACHINE ")"); | |
902 | send_monitor_note(sk, "Bluetooth subsystem version " | |
903 | BT_SUBSYS_VERSION); | |
cd82e61c MH |
904 | send_monitor_replay(sk); |
905 | ||
906 | atomic_inc(&monitor_promisc); | |
907 | break; | |
908 | ||
ac714949 MH |
909 | case HCI_CHANNEL_LOGGING: |
910 | if (haddr.hci_dev != HCI_DEV_NONE) { | |
911 | err = -EINVAL; | |
912 | goto done; | |
913 | } | |
914 | ||
915 | if (!capable(CAP_NET_ADMIN)) { | |
916 | err = -EPERM; | |
917 | goto done; | |
918 | } | |
919 | break; | |
920 | ||
7cc2ade2 | 921 | default: |
801c1e8d JH |
922 | if (!hci_mgmt_chan_find(haddr.hci_channel)) { |
923 | err = -EINVAL; | |
924 | goto done; | |
925 | } | |
926 | ||
927 | if (haddr.hci_dev != HCI_DEV_NONE) { | |
928 | err = -EINVAL; | |
929 | goto done; | |
930 | } | |
931 | ||
1195fbb8 MH |
932 | /* Users with CAP_NET_ADMIN capabilities are allowed |
933 | * access to all management commands and events. For | |
934 | * untrusted users the interface is restricted and | |
935 | * also only untrusted events are sent. | |
50ebc055 | 936 | */ |
1195fbb8 MH |
937 | if (capable(CAP_NET_ADMIN)) |
938 | hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); | |
50ebc055 | 939 | |
f9207338 MH |
940 | /* At the moment the index and unconfigured index events |
941 | * are enabled unconditionally. Setting them on each | |
942 | * socket when binding keeps this functionality. They | |
943 | * however might be cleared later and then sending of these | |
944 | * events will be disabled, but that is then intentional. | |
f6b7712e MH |
945 | * |
946 | * This also enables generic events that are safe to be | |
947 | * received by untrusted users. Example for such events | |
948 | * are changes to settings, class of device, name etc. | |
f9207338 MH |
949 | */ |
950 | if (haddr.hci_channel == HCI_CHANNEL_CONTROL) { | |
951 | hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS); | |
952 | hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); | |
f6b7712e | 953 | hci_sock_set_flag(sk, HCI_MGMT_GENERIC_EVENTS); |
f9207338 | 954 | } |
801c1e8d | 955 | break; |
1da177e4 LT |
956 | } |
957 | ||
7cc2ade2 | 958 | |
0381101f | 959 | hci_pi(sk)->channel = haddr.hci_channel; |
1da177e4 LT |
960 | sk->sk_state = BT_BOUND; |
961 | ||
962 | done: | |
963 | release_sock(sk); | |
964 | return err; | |
965 | } | |
966 | ||
8fc9ced3 GP |
967 | static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, |
968 | int *addr_len, int peer) | |
1da177e4 | 969 | { |
8528d3f7 | 970 | struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr; |
1da177e4 | 971 | struct sock *sk = sock->sk; |
9d4b68b2 MH |
972 | struct hci_dev *hdev; |
973 | int err = 0; | |
1da177e4 LT |
974 | |
975 | BT_DBG("sock %p sk %p", sock, sk); | |
976 | ||
06f43cbc MH |
977 | if (peer) |
978 | return -EOPNOTSUPP; | |
979 | ||
1da177e4 LT |
980 | lock_sock(sk); |
981 | ||
9d4b68b2 MH |
982 | hdev = hci_pi(sk)->hdev; |
983 | if (!hdev) { | |
984 | err = -EBADFD; | |
985 | goto done; | |
986 | } | |
987 | ||
1da177e4 LT |
988 | *addr_len = sizeof(*haddr); |
989 | haddr->hci_family = AF_BLUETOOTH; | |
7b005bd3 | 990 | haddr->hci_dev = hdev->id; |
9d4b68b2 | 991 | haddr->hci_channel= hci_pi(sk)->channel; |
1da177e4 | 992 | |
9d4b68b2 | 993 | done: |
1da177e4 | 994 | release_sock(sk); |
9d4b68b2 | 995 | return err; |
1da177e4 LT |
996 | } |
997 | ||
6039aa73 GP |
998 | static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, |
999 | struct sk_buff *skb) | |
1da177e4 LT |
1000 | { |
1001 | __u32 mask = hci_pi(sk)->cmsg_mask; | |
1002 | ||
0d48d939 MH |
1003 | if (mask & HCI_CMSG_DIR) { |
1004 | int incoming = bt_cb(skb)->incoming; | |
8fc9ced3 GP |
1005 | put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), |
1006 | &incoming); | |
0d48d939 | 1007 | } |
1da177e4 | 1008 | |
a61bbcf2 | 1009 | if (mask & HCI_CMSG_TSTAMP) { |
f6e623a6 JFS |
1010 | #ifdef CONFIG_COMPAT |
1011 | struct compat_timeval ctv; | |
1012 | #endif | |
a61bbcf2 | 1013 | struct timeval tv; |
767c5eb5 MH |
1014 | void *data; |
1015 | int len; | |
a61bbcf2 PM |
1016 | |
1017 | skb_get_timestamp(skb, &tv); | |
767c5eb5 | 1018 | |
1da97f83 DM |
1019 | data = &tv; |
1020 | len = sizeof(tv); | |
1021 | #ifdef CONFIG_COMPAT | |
da88cea1 L |
1022 | if (!COMPAT_USE_64BIT_TIME && |
1023 | (msg->msg_flags & MSG_CMSG_COMPAT)) { | |
767c5eb5 MH |
1024 | ctv.tv_sec = tv.tv_sec; |
1025 | ctv.tv_usec = tv.tv_usec; | |
1026 | data = &ctv; | |
1027 | len = sizeof(ctv); | |
767c5eb5 | 1028 | } |
1da97f83 | 1029 | #endif |
767c5eb5 MH |
1030 | |
1031 | put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data); | |
a61bbcf2 | 1032 | } |
1da177e4 | 1033 | } |
8e87d142 | 1034 | |
8528d3f7 MH |
1035 | static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, |
1036 | size_t len, int flags) | |
1da177e4 LT |
1037 | { |
1038 | int noblock = flags & MSG_DONTWAIT; | |
1039 | struct sock *sk = sock->sk; | |
1040 | struct sk_buff *skb; | |
1041 | int copied, err; | |
1042 | ||
1043 | BT_DBG("sock %p, sk %p", sock, sk); | |
1044 | ||
d94a6104 | 1045 | if (flags & MSG_OOB) |
1da177e4 LT |
1046 | return -EOPNOTSUPP; |
1047 | ||
ac714949 MH |
1048 | if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING) |
1049 | return -EOPNOTSUPP; | |
1050 | ||
1da177e4 LT |
1051 | if (sk->sk_state == BT_CLOSED) |
1052 | return 0; | |
1053 | ||
70f23020 AE |
1054 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
1055 | if (!skb) | |
1da177e4 LT |
1056 | return err; |
1057 | ||
1da177e4 LT |
1058 | copied = skb->len; |
1059 | if (len < copied) { | |
1060 | msg->msg_flags |= MSG_TRUNC; | |
1061 | copied = len; | |
1062 | } | |
1063 | ||
badff6d0 | 1064 | skb_reset_transport_header(skb); |
51f3d02b | 1065 | err = skb_copy_datagram_msg(skb, 0, msg, copied); |
1da177e4 | 1066 | |
3a208627 MH |
1067 | switch (hci_pi(sk)->channel) { |
1068 | case HCI_CHANNEL_RAW: | |
1069 | hci_sock_cmsg(sk, msg, skb); | |
1070 | break; | |
23500189 | 1071 | case HCI_CHANNEL_USER: |
cd82e61c MH |
1072 | case HCI_CHANNEL_MONITOR: |
1073 | sock_recv_timestamp(msg, sk, skb); | |
1074 | break; | |
801c1e8d JH |
1075 | default: |
1076 | if (hci_mgmt_chan_find(hci_pi(sk)->channel)) | |
1077 | sock_recv_timestamp(msg, sk, skb); | |
1078 | break; | |
3a208627 | 1079 | } |
1da177e4 LT |
1080 | |
1081 | skb_free_datagram(sk, skb); | |
1082 | ||
1083 | return err ? : copied; | |
1084 | } | |
1085 | ||
fa4335d7 JH |
1086 | static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, |
1087 | struct msghdr *msg, size_t msglen) | |
1088 | { | |
1089 | void *buf; | |
1090 | u8 *cp; | |
1091 | struct mgmt_hdr *hdr; | |
1092 | u16 opcode, index, len; | |
1093 | struct hci_dev *hdev = NULL; | |
1094 | const struct hci_mgmt_handler *handler; | |
1095 | bool var_len, no_hdev; | |
1096 | int err; | |
1097 | ||
1098 | BT_DBG("got %zu bytes", msglen); | |
1099 | ||
1100 | if (msglen < sizeof(*hdr)) | |
1101 | return -EINVAL; | |
1102 | ||
1103 | buf = kmalloc(msglen, GFP_KERNEL); | |
1104 | if (!buf) | |
1105 | return -ENOMEM; | |
1106 | ||
1107 | if (memcpy_from_msg(buf, msg, msglen)) { | |
1108 | err = -EFAULT; | |
1109 | goto done; | |
1110 | } | |
1111 | ||
1112 | hdr = buf; | |
1113 | opcode = __le16_to_cpu(hdr->opcode); | |
1114 | index = __le16_to_cpu(hdr->index); | |
1115 | len = __le16_to_cpu(hdr->len); | |
1116 | ||
1117 | if (len != msglen - sizeof(*hdr)) { | |
1118 | err = -EINVAL; | |
1119 | goto done; | |
1120 | } | |
1121 | ||
1122 | if (opcode >= chan->handler_count || | |
1123 | chan->handlers[opcode].func == NULL) { | |
1124 | BT_DBG("Unknown op %u", opcode); | |
1125 | err = mgmt_cmd_status(sk, index, opcode, | |
1126 | MGMT_STATUS_UNKNOWN_COMMAND); | |
1127 | goto done; | |
1128 | } | |
1129 | ||
1130 | handler = &chan->handlers[opcode]; | |
1131 | ||
1132 | if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) && | |
1133 | !(handler->flags & HCI_MGMT_UNTRUSTED)) { | |
1134 | err = mgmt_cmd_status(sk, index, opcode, | |
1135 | MGMT_STATUS_PERMISSION_DENIED); | |
1136 | goto done; | |
1137 | } | |
1138 | ||
1139 | if (index != MGMT_INDEX_NONE) { | |
1140 | hdev = hci_dev_get(index); | |
1141 | if (!hdev) { | |
1142 | err = mgmt_cmd_status(sk, index, opcode, | |
1143 | MGMT_STATUS_INVALID_INDEX); | |
1144 | goto done; | |
1145 | } | |
1146 | ||
1147 | if (hci_dev_test_flag(hdev, HCI_SETUP) || | |
1148 | hci_dev_test_flag(hdev, HCI_CONFIG) || | |
1149 | hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { | |
1150 | err = mgmt_cmd_status(sk, index, opcode, | |
1151 | MGMT_STATUS_INVALID_INDEX); | |
1152 | goto done; | |
1153 | } | |
1154 | ||
1155 | if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) && | |
1156 | !(handler->flags & HCI_MGMT_UNCONFIGURED)) { | |
1157 | err = mgmt_cmd_status(sk, index, opcode, | |
1158 | MGMT_STATUS_INVALID_INDEX); | |
1159 | goto done; | |
1160 | } | |
1161 | } | |
1162 | ||
1163 | no_hdev = (handler->flags & HCI_MGMT_NO_HDEV); | |
1164 | if (no_hdev != !hdev) { | |
1165 | err = mgmt_cmd_status(sk, index, opcode, | |
1166 | MGMT_STATUS_INVALID_INDEX); | |
1167 | goto done; | |
1168 | } | |
1169 | ||
1170 | var_len = (handler->flags & HCI_MGMT_VAR_LEN); | |
1171 | if ((var_len && len < handler->data_len) || | |
1172 | (!var_len && len != handler->data_len)) { | |
1173 | err = mgmt_cmd_status(sk, index, opcode, | |
1174 | MGMT_STATUS_INVALID_PARAMS); | |
1175 | goto done; | |
1176 | } | |
1177 | ||
1178 | if (hdev && chan->hdev_init) | |
1179 | chan->hdev_init(sk, hdev); | |
1180 | ||
1181 | cp = buf + sizeof(*hdr); | |
1182 | ||
1183 | err = handler->func(sk, hdev, cp, len); | |
1184 | if (err < 0) | |
1185 | goto done; | |
1186 | ||
1187 | err = msglen; | |
1188 | ||
1189 | done: | |
1190 | if (hdev) | |
1191 | hci_dev_put(hdev); | |
1192 | ||
1193 | kfree(buf); | |
1194 | return err; | |
1195 | } | |
1196 | ||
ac714949 MH |
1197 | static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len) |
1198 | { | |
1199 | struct hci_mon_hdr *hdr; | |
1200 | struct sk_buff *skb; | |
1201 | struct hci_dev *hdev; | |
1202 | u16 index; | |
1203 | int err; | |
1204 | ||
1205 | /* The logging frame consists at minimum of the standard header, | |
1206 | * the priority byte, the ident length byte and at least one string | |
1207 | * terminator NUL byte. Anything shorter are invalid packets. | |
1208 | */ | |
1209 | if (len < sizeof(*hdr) + 3) | |
1210 | return -EINVAL; | |
1211 | ||
1212 | skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); | |
1213 | if (!skb) | |
1214 | return err; | |
1215 | ||
1216 | if (memcpy_from_msg(skb_put(skb, len), msg, len)) { | |
1217 | err = -EFAULT; | |
1218 | goto drop; | |
1219 | } | |
1220 | ||
1221 | hdr = (void *)skb->data; | |
1222 | ||
1223 | if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) { | |
1224 | err = -EINVAL; | |
1225 | goto drop; | |
1226 | } | |
1227 | ||
1228 | if (__le16_to_cpu(hdr->opcode) == 0x0000) { | |
1229 | __u8 priority = skb->data[sizeof(*hdr)]; | |
1230 | __u8 ident_len = skb->data[sizeof(*hdr) + 1]; | |
1231 | ||
1232 | /* Only the priorities 0-7 are valid and with that any other | |
1233 | * value results in an invalid packet. | |
1234 | * | |
1235 | * The priority byte is followed by an ident length byte and | |
1236 | * the NUL terminated ident string. Check that the ident | |
1237 | * length is not overflowing the packet and also that the | |
1238 | * ident string itself is NUL terminated. In case the ident | |
1239 | * length is zero, the length value actually doubles as NUL | |
1240 | * terminator identifier. | |
1241 | * | |
1242 | * The message follows the ident string (if present) and | |
1243 | * must be NUL terminated. Otherwise it is not a valid packet. | |
1244 | */ | |
1245 | if (priority > 7 || skb->data[len - 1] != 0x00 || | |
1246 | ident_len > len - sizeof(*hdr) - 3 || | |
1247 | skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) { | |
1248 | err = -EINVAL; | |
1249 | goto drop; | |
1250 | } | |
1251 | } else { | |
1252 | err = -EINVAL; | |
1253 | goto drop; | |
1254 | } | |
1255 | ||
1256 | index = __le16_to_cpu(hdr->index); | |
1257 | ||
1258 | if (index != MGMT_INDEX_NONE) { | |
1259 | hdev = hci_dev_get(index); | |
1260 | if (!hdev) { | |
1261 | err = -ENODEV; | |
1262 | goto drop; | |
1263 | } | |
1264 | } else { | |
1265 | hdev = NULL; | |
1266 | } | |
1267 | ||
1268 | hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING); | |
1269 | ||
1270 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL); | |
1271 | err = len; | |
1272 | ||
1273 | if (hdev) | |
1274 | hci_dev_put(hdev); | |
1275 | ||
1276 | drop: | |
1277 | kfree_skb(skb); | |
1278 | return err; | |
1279 | } | |
1280 | ||
1b784140 YX |
1281 | static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg, |
1282 | size_t len) | |
1da177e4 LT |
1283 | { |
1284 | struct sock *sk = sock->sk; | |
801c1e8d | 1285 | struct hci_mgmt_chan *chan; |
1da177e4 LT |
1286 | struct hci_dev *hdev; |
1287 | struct sk_buff *skb; | |
1288 | int err; | |
1289 | ||
1290 | BT_DBG("sock %p sk %p", sock, sk); | |
1291 | ||
1292 | if (msg->msg_flags & MSG_OOB) | |
1293 | return -EOPNOTSUPP; | |
1294 | ||
1295 | if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE)) | |
1296 | return -EINVAL; | |
1297 | ||
1298 | if (len < 4 || len > HCI_MAX_FRAME_SIZE) | |
1299 | return -EINVAL; | |
1300 | ||
1301 | lock_sock(sk); | |
1302 | ||
0381101f JH |
1303 | switch (hci_pi(sk)->channel) { |
1304 | case HCI_CHANNEL_RAW: | |
23500189 | 1305 | case HCI_CHANNEL_USER: |
0381101f | 1306 | break; |
cd82e61c MH |
1307 | case HCI_CHANNEL_MONITOR: |
1308 | err = -EOPNOTSUPP; | |
1309 | goto done; | |
ac714949 MH |
1310 | case HCI_CHANNEL_LOGGING: |
1311 | err = hci_logging_frame(sk, msg, len); | |
1312 | goto done; | |
0381101f | 1313 | default: |
801c1e8d JH |
1314 | mutex_lock(&mgmt_chan_list_lock); |
1315 | chan = __hci_mgmt_chan_find(hci_pi(sk)->channel); | |
1316 | if (chan) | |
fa4335d7 | 1317 | err = hci_mgmt_cmd(chan, sk, msg, len); |
801c1e8d JH |
1318 | else |
1319 | err = -EINVAL; | |
1320 | ||
1321 | mutex_unlock(&mgmt_chan_list_lock); | |
0381101f JH |
1322 | goto done; |
1323 | } | |
1324 | ||
70f23020 AE |
1325 | hdev = hci_pi(sk)->hdev; |
1326 | if (!hdev) { | |
1da177e4 LT |
1327 | err = -EBADFD; |
1328 | goto done; | |
1329 | } | |
1330 | ||
7e21addc MH |
1331 | if (!test_bit(HCI_UP, &hdev->flags)) { |
1332 | err = -ENETDOWN; | |
1333 | goto done; | |
1334 | } | |
1335 | ||
70f23020 AE |
1336 | skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); |
1337 | if (!skb) | |
1da177e4 LT |
1338 | goto done; |
1339 | ||
6ce8e9ce | 1340 | if (memcpy_from_msg(skb_put(skb, len), msg, len)) { |
1da177e4 LT |
1341 | err = -EFAULT; |
1342 | goto drop; | |
1343 | } | |
1344 | ||
8528d3f7 | 1345 | hci_skb_pkt_type(skb) = skb->data[0]; |
1da177e4 | 1346 | skb_pull(skb, 1); |
1da177e4 | 1347 | |
1bc5ad16 MH |
1348 | if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { |
1349 | /* No permission check is needed for user channel | |
1350 | * since that gets enforced when binding the socket. | |
1351 | * | |
1352 | * However check that the packet type is valid. | |
1353 | */ | |
d79f34e3 MH |
1354 | if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT && |
1355 | hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT && | |
1356 | hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) { | |
1bc5ad16 MH |
1357 | err = -EINVAL; |
1358 | goto drop; | |
1359 | } | |
1360 | ||
1361 | skb_queue_tail(&hdev->raw_q, skb); | |
1362 | queue_work(hdev->workqueue, &hdev->tx_work); | |
d79f34e3 | 1363 | } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) { |
83985319 | 1364 | u16 opcode = get_unaligned_le16(skb->data); |
1da177e4 LT |
1365 | u16 ogf = hci_opcode_ogf(opcode); |
1366 | u16 ocf = hci_opcode_ocf(opcode); | |
1367 | ||
1368 | if (((ogf > HCI_SFLT_MAX_OGF) || | |
3bb3c755 GP |
1369 | !hci_test_bit(ocf & HCI_FLT_OCF_BITS, |
1370 | &hci_sec_filter.ocf_mask[ogf])) && | |
1371 | !capable(CAP_NET_RAW)) { | |
1da177e4 LT |
1372 | err = -EPERM; |
1373 | goto drop; | |
1374 | } | |
1375 | ||
1982162b MH |
1376 | /* Since the opcode has already been extracted here, store |
1377 | * a copy of the value for later use by the drivers. | |
1378 | */ | |
1379 | hci_skb_opcode(skb) = opcode; | |
1380 | ||
fee746b0 | 1381 | if (ogf == 0x3f) { |
1da177e4 | 1382 | skb_queue_tail(&hdev->raw_q, skb); |
3eff45ea | 1383 | queue_work(hdev->workqueue, &hdev->tx_work); |
1da177e4 | 1384 | } else { |
49c922bb | 1385 | /* Stand-alone HCI commands must be flagged as |
11714b3d JH |
1386 | * single-command requests. |
1387 | */ | |
44d27137 | 1388 | bt_cb(skb)->hci.req_flags |= HCI_REQ_START; |
11714b3d | 1389 | |
1da177e4 | 1390 | skb_queue_tail(&hdev->cmd_q, skb); |
c347b765 | 1391 | queue_work(hdev->workqueue, &hdev->cmd_work); |
1da177e4 LT |
1392 | } |
1393 | } else { | |
1394 | if (!capable(CAP_NET_RAW)) { | |
1395 | err = -EPERM; | |
1396 | goto drop; | |
1397 | } | |
1398 | ||
d79f34e3 MH |
1399 | if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT && |
1400 | hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) { | |
bb77543e MH |
1401 | err = -EINVAL; |
1402 | goto drop; | |
1403 | } | |
1404 | ||
1da177e4 | 1405 | skb_queue_tail(&hdev->raw_q, skb); |
3eff45ea | 1406 | queue_work(hdev->workqueue, &hdev->tx_work); |
1da177e4 LT |
1407 | } |
1408 | ||
1409 | err = len; | |
1410 | ||
1411 | done: | |
1412 | release_sock(sk); | |
1413 | return err; | |
1414 | ||
1415 | drop: | |
1416 | kfree_skb(skb); | |
1417 | goto done; | |
1418 | } | |
1419 | ||
8fc9ced3 GP |
1420 | static int hci_sock_setsockopt(struct socket *sock, int level, int optname, |
1421 | char __user *optval, unsigned int len) | |
1da177e4 LT |
1422 | { |
1423 | struct hci_ufilter uf = { .opcode = 0 }; | |
1424 | struct sock *sk = sock->sk; | |
1425 | int err = 0, opt = 0; | |
1426 | ||
1427 | BT_DBG("sk %p, opt %d", sk, optname); | |
1428 | ||
1429 | lock_sock(sk); | |
1430 | ||
2f39cdb7 | 1431 | if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { |
c2371e80 | 1432 | err = -EBADFD; |
2f39cdb7 MH |
1433 | goto done; |
1434 | } | |
1435 | ||
1da177e4 LT |
1436 | switch (optname) { |
1437 | case HCI_DATA_DIR: | |
1438 | if (get_user(opt, (int __user *)optval)) { | |
1439 | err = -EFAULT; | |
1440 | break; | |
1441 | } | |
1442 | ||
1443 | if (opt) | |
1444 | hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR; | |
1445 | else | |
1446 | hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR; | |
1447 | break; | |
1448 | ||
1449 | case HCI_TIME_STAMP: | |
1450 | if (get_user(opt, (int __user *)optval)) { | |
1451 | err = -EFAULT; | |
1452 | break; | |
1453 | } | |
1454 | ||
1455 | if (opt) | |
1456 | hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP; | |
1457 | else | |
1458 | hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP; | |
1459 | break; | |
1460 | ||
1461 | case HCI_FILTER: | |
0878b666 MH |
1462 | { |
1463 | struct hci_filter *f = &hci_pi(sk)->filter; | |
1464 | ||
1465 | uf.type_mask = f->type_mask; | |
1466 | uf.opcode = f->opcode; | |
1467 | uf.event_mask[0] = *((u32 *) f->event_mask + 0); | |
1468 | uf.event_mask[1] = *((u32 *) f->event_mask + 1); | |
1469 | } | |
1470 | ||
1da177e4 LT |
1471 | len = min_t(unsigned int, len, sizeof(uf)); |
1472 | if (copy_from_user(&uf, optval, len)) { | |
1473 | err = -EFAULT; | |
1474 | break; | |
1475 | } | |
1476 | ||
1477 | if (!capable(CAP_NET_RAW)) { | |
1478 | uf.type_mask &= hci_sec_filter.type_mask; | |
1479 | uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0); | |
1480 | uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1); | |
1481 | } | |
1482 | ||
1483 | { | |
1484 | struct hci_filter *f = &hci_pi(sk)->filter; | |
1485 | ||
1486 | f->type_mask = uf.type_mask; | |
1487 | f->opcode = uf.opcode; | |
1488 | *((u32 *) f->event_mask + 0) = uf.event_mask[0]; | |
1489 | *((u32 *) f->event_mask + 1) = uf.event_mask[1]; | |
1490 | } | |
8e87d142 | 1491 | break; |
1da177e4 LT |
1492 | |
1493 | default: | |
1494 | err = -ENOPROTOOPT; | |
1495 | break; | |
1496 | } | |
1497 | ||
2f39cdb7 | 1498 | done: |
1da177e4 LT |
1499 | release_sock(sk); |
1500 | return err; | |
1501 | } | |
1502 | ||
8fc9ced3 GP |
1503 | static int hci_sock_getsockopt(struct socket *sock, int level, int optname, |
1504 | char __user *optval, int __user *optlen) | |
1da177e4 LT |
1505 | { |
1506 | struct hci_ufilter uf; | |
1507 | struct sock *sk = sock->sk; | |
cedc5469 MH |
1508 | int len, opt, err = 0; |
1509 | ||
1510 | BT_DBG("sk %p, opt %d", sk, optname); | |
1da177e4 LT |
1511 | |
1512 | if (get_user(len, optlen)) | |
1513 | return -EFAULT; | |
1514 | ||
cedc5469 MH |
1515 | lock_sock(sk); |
1516 | ||
1517 | if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { | |
c2371e80 | 1518 | err = -EBADFD; |
cedc5469 MH |
1519 | goto done; |
1520 | } | |
1521 | ||
1da177e4 LT |
1522 | switch (optname) { |
1523 | case HCI_DATA_DIR: | |
1524 | if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR) | |
1525 | opt = 1; | |
8e87d142 | 1526 | else |
1da177e4 LT |
1527 | opt = 0; |
1528 | ||
1529 | if (put_user(opt, optval)) | |
cedc5469 | 1530 | err = -EFAULT; |
1da177e4 LT |
1531 | break; |
1532 | ||
1533 | case HCI_TIME_STAMP: | |
1534 | if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP) | |
1535 | opt = 1; | |
8e87d142 | 1536 | else |
1da177e4 LT |
1537 | opt = 0; |
1538 | ||
1539 | if (put_user(opt, optval)) | |
cedc5469 | 1540 | err = -EFAULT; |
1da177e4 LT |
1541 | break; |
1542 | ||
1543 | case HCI_FILTER: | |
1544 | { | |
1545 | struct hci_filter *f = &hci_pi(sk)->filter; | |
1546 | ||
e15ca9a0 | 1547 | memset(&uf, 0, sizeof(uf)); |
1da177e4 LT |
1548 | uf.type_mask = f->type_mask; |
1549 | uf.opcode = f->opcode; | |
1550 | uf.event_mask[0] = *((u32 *) f->event_mask + 0); | |
1551 | uf.event_mask[1] = *((u32 *) f->event_mask + 1); | |
1552 | } | |
1553 | ||
1554 | len = min_t(unsigned int, len, sizeof(uf)); | |
1555 | if (copy_to_user(optval, &uf, len)) | |
cedc5469 | 1556 | err = -EFAULT; |
1da177e4 LT |
1557 | break; |
1558 | ||
1559 | default: | |
cedc5469 | 1560 | err = -ENOPROTOOPT; |
1da177e4 LT |
1561 | break; |
1562 | } | |
1563 | ||
cedc5469 MH |
1564 | done: |
1565 | release_sock(sk); | |
1566 | return err; | |
1da177e4 LT |
1567 | } |
1568 | ||
90ddc4f0 | 1569 | static const struct proto_ops hci_sock_ops = { |
1da177e4 LT |
1570 | .family = PF_BLUETOOTH, |
1571 | .owner = THIS_MODULE, | |
1572 | .release = hci_sock_release, | |
1573 | .bind = hci_sock_bind, | |
1574 | .getname = hci_sock_getname, | |
1575 | .sendmsg = hci_sock_sendmsg, | |
1576 | .recvmsg = hci_sock_recvmsg, | |
1577 | .ioctl = hci_sock_ioctl, | |
1578 | .poll = datagram_poll, | |
1579 | .listen = sock_no_listen, | |
1580 | .shutdown = sock_no_shutdown, | |
1581 | .setsockopt = hci_sock_setsockopt, | |
1582 | .getsockopt = hci_sock_getsockopt, | |
1583 | .connect = sock_no_connect, | |
1584 | .socketpair = sock_no_socketpair, | |
1585 | .accept = sock_no_accept, | |
1586 | .mmap = sock_no_mmap | |
1587 | }; | |
1588 | ||
1589 | static struct proto hci_sk_proto = { | |
1590 | .name = "HCI", | |
1591 | .owner = THIS_MODULE, | |
1592 | .obj_size = sizeof(struct hci_pinfo) | |
1593 | }; | |
1594 | ||
3f378b68 EP |
1595 | static int hci_sock_create(struct net *net, struct socket *sock, int protocol, |
1596 | int kern) | |
1da177e4 LT |
1597 | { |
1598 | struct sock *sk; | |
1599 | ||
1600 | BT_DBG("sock %p", sock); | |
1601 | ||
1602 | if (sock->type != SOCK_RAW) | |
1603 | return -ESOCKTNOSUPPORT; | |
1604 | ||
1605 | sock->ops = &hci_sock_ops; | |
1606 | ||
11aa9c28 | 1607 | sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern); |
1da177e4 LT |
1608 | if (!sk) |
1609 | return -ENOMEM; | |
1610 | ||
1611 | sock_init_data(sock, sk); | |
1612 | ||
1613 | sock_reset_flag(sk, SOCK_ZAPPED); | |
1614 | ||
1615 | sk->sk_protocol = protocol; | |
1616 | ||
1617 | sock->state = SS_UNCONNECTED; | |
1618 | sk->sk_state = BT_OPEN; | |
1619 | ||
1620 | bt_sock_link(&hci_sk_list, sk); | |
1621 | return 0; | |
1622 | } | |
1623 | ||
ec1b4cf7 | 1624 | static const struct net_proto_family hci_sock_family_ops = { |
1da177e4 LT |
1625 | .family = PF_BLUETOOTH, |
1626 | .owner = THIS_MODULE, | |
1627 | .create = hci_sock_create, | |
1628 | }; | |
1629 | ||
1da177e4 LT |
1630 | int __init hci_sock_init(void) |
1631 | { | |
1632 | int err; | |
1633 | ||
b0a8e282 MH |
1634 | BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr)); |
1635 | ||
1da177e4 LT |
1636 | err = proto_register(&hci_sk_proto, 0); |
1637 | if (err < 0) | |
1638 | return err; | |
1639 | ||
1640 | err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops); | |
f7c86637 MY |
1641 | if (err < 0) { |
1642 | BT_ERR("HCI socket registration failed"); | |
1da177e4 | 1643 | goto error; |
f7c86637 MY |
1644 | } |
1645 | ||
b0316615 | 1646 | err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL); |
f7c86637 MY |
1647 | if (err < 0) { |
1648 | BT_ERR("Failed to create HCI proc file"); | |
1649 | bt_sock_unregister(BTPROTO_HCI); | |
1650 | goto error; | |
1651 | } | |
1da177e4 | 1652 | |
1da177e4 LT |
1653 | BT_INFO("HCI socket layer initialized"); |
1654 | ||
1655 | return 0; | |
1656 | ||
1657 | error: | |
1da177e4 LT |
1658 | proto_unregister(&hci_sk_proto); |
1659 | return err; | |
1660 | } | |
1661 | ||
b7440a14 | 1662 | void hci_sock_cleanup(void) |
1da177e4 | 1663 | { |
f7c86637 | 1664 | bt_procfs_cleanup(&init_net, "hci"); |
5e9d7f86 | 1665 | bt_sock_unregister(BTPROTO_HCI); |
1da177e4 | 1666 | proto_unregister(&hci_sk_proto); |
1da177e4 | 1667 | } |