projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for Start Limited Discovery command
[deliverable/linux.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4 28#include <asm/unaligned.h>
dd31506d
MH		 29#include <generated/compile.h>
30#include <generated/utsrelease.h>
1da177e4
LT		 31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
cd82e61c 34#include <net/bluetooth/hci_mon.h>
fa4335d7
JH		 35#include <net/bluetooth/mgmt.h>
36
37#include "mgmt_util.h"
1da177e4 38
801c1e8d
JH		 39static LIST_HEAD(mgmt_chan_list);
40static DEFINE_MUTEX(mgmt_chan_list_lock);
41
cd82e61c
MH		 42static atomic_t monitor_promisc = ATOMIC_INIT(0);
43
1da177e4
LT		 44/* ----- HCI socket interface ----- */
45
863def58
MH		 46/* Socket info */
47#define hci_pi(sk) ((struct hci_pinfo *) sk)
48
49struct hci_pinfo {
50 struct bt_sock bt;
51 struct hci_dev *hdev;
52 struct hci_filter filter;
53 __u32 cmsg_mask;
54 unsigned short channel;
6befc644 55 unsigned long flags;
863def58
MH		 56};
57
6befc644
MH		 58void hci_sock_set_flag(struct sock *sk, int nr)
59{
60 set_bit(nr, &hci_pi(sk)->flags);
61}
62
63void hci_sock_clear_flag(struct sock *sk, int nr)
64{
65 clear_bit(nr, &hci_pi(sk)->flags);
66}
67
c85be545
MH		 68int hci_sock_test_flag(struct sock *sk, int nr)
69{
70 return test_bit(nr, &hci_pi(sk)->flags);
71}
72
d0f172b1
JH		 73unsigned short hci_sock_get_channel(struct sock *sk)
74{
75 return hci_pi(sk)->channel;
76}
77
9391976a 78static inline int hci_test_bit(int nr, const void *addr)
1da177e4 79{
9391976a 80 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
1da177e4
LT		 81}
82
83/* Security filter */
3ad254f7
MH		 84#define HCI_SFLT_MAX_OGF 5
85
86struct hci_sec_filter {
87 __u32 type_mask;
88 __u32 event_mask[2];
89 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
90};
91
7e67c112 92static const struct hci_sec_filter hci_sec_filter = {
1da177e4
LT		 93 /* Packet types */
94 0x10,
95 /* Events */
dd7f5527 96 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 97 /* Commands */
98 {
99 { 0x0 },
100 /* OGF_LINK_CTL */
7c631a67 101 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 102 /* OGF_LINK_POLICY */
7c631a67 103 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 104 /* OGF_HOST_CTL */
7c631a67 105 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 106 /* OGF_INFO_PARAM */
7c631a67 107 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 108 /* OGF_STATUS_PARAM */
7c631a67 109 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 110 }
111};
112
113static struct bt_sock_list hci_sk_list = {
d5fb2962 114 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 115};
116
f81fe64f
MH		 117static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
118{
119 struct hci_filter *flt;
120 int flt_type, flt_event;
121
122 /* Apply filter */
123 flt = &hci_pi(sk)->filter;
124
d79f34e3 125 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
f81fe64f
MH		 126
127 if (!test_bit(flt_type, &flt->type_mask))
128 return true;
129
130 /* Extra filter for event packets only */
d79f34e3 131 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
f81fe64f
MH		 132 return false;
133
134 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
135
136 if (!hci_test_bit(flt_event, &flt->event_mask))
137 return true;
138
139 /* Check filter only when opcode is set */
140 if (!flt->opcode)
141 return false;
142
143 if (flt_event == HCI_EV_CMD_COMPLETE &&
144 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
145 return true;
146
147 if (flt_event == HCI_EV_CMD_STATUS &&
148 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
149 return true;
150
151 return false;
152}
153
1da177e4 154/* Send frame to RAW socket */
470fe1b5 155void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 156{
157 struct sock *sk;
e0edf373 158 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 159
160 BT_DBG("hdev %p len %d", hdev, skb->len);
161
162 read_lock(&hci_sk_list.lock);
470fe1b5 163
b67bfe0d 164 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 165 struct sk_buff *nskb;
166
167 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
168 continue;
169
170 /* Don't send frame to the socket it came from */
171 if (skb->sk == sk)
172 continue;
173
23500189 174 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
d79f34e3
MH		 175 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
176 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
177 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
178 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
bb77543e 179 continue;
23500189
MH		 180 if (is_filtered_packet(sk, skb))
181 continue;
182 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
183 if (!bt_cb(skb)->incoming)
184 continue;
d79f34e3
MH		 185 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
186 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
187 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
23500189
MH		 188 continue;
189 } else {
190 /* Don't send frame to other channel types */
1da177e4 191 continue;
23500189 192 }
1da177e4 193
e0edf373
MH		 194 if (!skb_copy) {
195 /* Create a private copy with headroom */
bad93e9d 196 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
e0edf373
MH		 197 if (!skb_copy)
198 continue;
199
200 /* Put type byte before the data */
d79f34e3 201 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
e0edf373
MH		 202 }
203
204 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 205 if (!nskb)
1da177e4
LT		 206 continue;
207
470fe1b5
MH		 208 if (sock_queue_rcv_skb(sk, nskb))
209 kfree_skb(nskb);
210 }
211
212 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 213
214 kfree_skb(skb_copy);
470fe1b5
MH		 215}
216
7129069e
JH		 217/* Send frame to sockets with specific channel */
218void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
c08b1a1d 219 int flag, struct sock *skip_sk)
470fe1b5
MH		 220{
221 struct sock *sk;
470fe1b5 222
7129069e 223 BT_DBG("channel %u len %d", channel, skb->len);
470fe1b5
MH		 224
225 read_lock(&hci_sk_list.lock);
226
b67bfe0d 227 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 228 struct sk_buff *nskb;
229
c08b1a1d 230 /* Ignore socket without the flag set */
c85be545 231 if (!hci_sock_test_flag(sk, flag))
d7f72f61
MH		 232 continue;
233
c08b1a1d
MH		 234 /* Skip the original socket */
235 if (sk == skip_sk)
17711c62
MH		 236 continue;
237
238 if (sk->sk_state != BT_BOUND)
239 continue;
240
241 if (hci_pi(sk)->channel != channel)
242 continue;
243
244 nskb = skb_clone(skb, GFP_ATOMIC);
245 if (!nskb)
246 continue;
247
248 if (sock_queue_rcv_skb(sk, nskb))
249 kfree_skb(nskb);
250 }
251
252 read_unlock(&hci_sk_list.lock);
253}
254
cd82e61c
MH		 255/* Send frame to monitor socket */
256void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
257{
cd82e61c 258 struct sk_buff *skb_copy = NULL;
2b531294 259 struct hci_mon_hdr *hdr;
cd82e61c
MH		 260 __le16 opcode;
261
262 if (!atomic_read(&monitor_promisc))
263 return;
264
265 BT_DBG("hdev %p len %d", hdev, skb->len);
266
d79f34e3 267 switch (hci_skb_pkt_type(skb)) {
cd82e61c 268 case HCI_COMMAND_PKT:
dcf4adbf 269 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
cd82e61c
MH		 270 break;
271 case HCI_EVENT_PKT:
dcf4adbf 272 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
cd82e61c
MH		 273 break;
274 case HCI_ACLDATA_PKT:
275 if (bt_cb(skb)->incoming)
dcf4adbf 276 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
cd82e61c 277 else
dcf4adbf 278 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
cd82e61c
MH		 279 break;
280 case HCI_SCODATA_PKT:
281 if (bt_cb(skb)->incoming)
dcf4adbf 282 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
cd82e61c 283 else
dcf4adbf 284 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
cd82e61c 285 break;
e875ff84
MH		 286 case HCI_DIAG_PKT:
287 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
288 break;
cd82e61c
MH		 289 default:
290 return;
291 }
292
2b531294
MH		 293 /* Create a private copy with headroom */
294 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
295 if (!skb_copy)
296 return;
297
298 /* Put header before the data */
8528d3f7 299 hdr = (void *)skb_push(skb_copy, HCI_MON_HDR_SIZE);
2b531294
MH		 300 hdr->opcode = opcode;
301 hdr->index = cpu_to_le16(hdev->id);
302 hdr->len = cpu_to_le16(skb->len);
303
c08b1a1d
MH		 304 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
305 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 306 kfree_skb(skb_copy);
307}
308
cd82e61c
MH		 309static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
310{
311 struct hci_mon_hdr *hdr;
312 struct hci_mon_new_index *ni;
6c566dd5 313 struct hci_mon_index_info *ii;
cd82e61c
MH		 314 struct sk_buff *skb;
315 __le16 opcode;
316
317 switch (event) {
318 case HCI_DEV_REG:
319 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
320 if (!skb)
321 return NULL;
322
6c566dd5 323 ni = (void *)skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
cd82e61c
MH		 324 ni->type = hdev->dev_type;
325 ni->bus = hdev->bus;
326 bacpy(&ni->bdaddr, &hdev->bdaddr);
327 memcpy(ni->name, hdev->name, 8);
328
dcf4adbf 329 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
cd82e61c
MH		 330 break;
331
332 case HCI_DEV_UNREG:
333 skb = bt_skb_alloc(0, GFP_ATOMIC);
334 if (!skb)
335 return NULL;
336
dcf4adbf 337 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
cd82e61c
MH		 338 break;
339
e131d74a
MH		 340 case HCI_DEV_SETUP:
341 if (hdev->manufacturer == 0xffff)
342 return NULL;
343
344 /* fall through */
345
6c566dd5
MH		 346 case HCI_DEV_UP:
347 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
348 if (!skb)
349 return NULL;
350
351 ii = (void *)skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
352 bacpy(&ii->bdaddr, &hdev->bdaddr);
353 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
354
355 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
356 break;
357
22db3cbc
MH		 358 case HCI_DEV_OPEN:
359 skb = bt_skb_alloc(0, GFP_ATOMIC);
360 if (!skb)
361 return NULL;
362
363 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
364 break;
365
366 case HCI_DEV_CLOSE:
367 skb = bt_skb_alloc(0, GFP_ATOMIC);
368 if (!skb)
369 return NULL;
370
371 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
372 break;
373
cd82e61c
MH		 374 default:
375 return NULL;
376 }
377
378 __net_timestamp(skb);
379
8528d3f7 380 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
cd82e61c
MH		 381 hdr->opcode = opcode;
382 hdr->index = cpu_to_le16(hdev->id);
383 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
384
385 return skb;
386}
387
dd31506d
MH		 388static void send_monitor_note(struct sock *sk, const char *text)
389{
390 size_t len = strlen(text);
391 struct hci_mon_hdr *hdr;
392 struct sk_buff *skb;
393
394 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
395 if (!skb)
396 return;
397
398 strcpy(skb_put(skb, len + 1), text);
399
400 __net_timestamp(skb);
401
402 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
403 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
404 hdr->index = cpu_to_le16(HCI_DEV_NONE);
405 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
406
407 if (sock_queue_rcv_skb(sk, skb))
408 kfree_skb(skb);
409}
410
cd82e61c
MH		 411static void send_monitor_replay(struct sock *sk)
412{
413 struct hci_dev *hdev;
414
415 read_lock(&hci_dev_list_lock);
416
417 list_for_each_entry(hdev, &hci_dev_list, list) {
418 struct sk_buff *skb;
419
420 skb = create_monitor_event(hdev, HCI_DEV_REG);
421 if (!skb)
422 continue;
423
424 if (sock_queue_rcv_skb(sk, skb))
425 kfree_skb(skb);
22db3cbc
MH		 426
427 if (!test_bit(HCI_RUNNING, &hdev->flags))
428 continue;
429
430 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
431 if (!skb)
432 continue;
433
434 if (sock_queue_rcv_skb(sk, skb))
435 kfree_skb(skb);
6c566dd5 436
e131d74a
MH		 437 if (test_bit(HCI_UP, &hdev->flags))
438 skb = create_monitor_event(hdev, HCI_DEV_UP);
439 else if (hci_dev_test_flag(hdev, HCI_SETUP))
440 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
441 else
442 skb = NULL;
6c566dd5 443
e131d74a
MH		 444 if (skb) {
445 if (sock_queue_rcv_skb(sk, skb))
446 kfree_skb(skb);
447 }
cd82e61c
MH		 448 }
449
450 read_unlock(&hci_dev_list_lock);
451}
452
040030ef
MH		 453/* Generate internal stack event */
454static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
455{
456 struct hci_event_hdr *hdr;
457 struct hci_ev_stack_internal *ev;
458 struct sk_buff *skb;
459
460 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
461 if (!skb)
462 return;
463
8528d3f7 464 hdr = (void *)skb_put(skb, HCI_EVENT_HDR_SIZE);
040030ef
MH		 465 hdr->evt = HCI_EV_STACK_INTERNAL;
466 hdr->plen = sizeof(*ev) + dlen;
467
8528d3f7 468 ev = (void *)skb_put(skb, sizeof(*ev) + dlen);
040030ef
MH		 469 ev->type = type;
470 memcpy(ev->data, data, dlen);
471
472 bt_cb(skb)->incoming = 1;
473 __net_timestamp(skb);
474
d79f34e3 475 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
040030ef
MH		 476 hci_send_to_sock(hdev, skb);
477 kfree_skb(skb);
478}
479
480void hci_sock_dev_event(struct hci_dev *hdev, int event)
481{
040030ef
MH		 482 BT_DBG("hdev %s event %d", hdev->name, event);
483
cd82e61c
MH		 484 if (atomic_read(&monitor_promisc)) {
485 struct sk_buff *skb;
486
ed1b28a4 487 /* Send event to monitor */
cd82e61c
MH		 488 skb = create_monitor_event(hdev, event);
489 if (skb) {
c08b1a1d
MH		 490 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
491 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 492 kfree_skb(skb);
493 }
494 }
495
ed1b28a4
MH		 496 if (event <= HCI_DEV_DOWN) {
497 struct hci_ev_si_device ev;
498
499 /* Send event to sockets */
500 ev.event = event;
501 ev.dev_id = hdev->id;
502 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
503 }
040030ef
MH		 504
505 if (event == HCI_DEV_UNREG) {
506 struct sock *sk;
040030ef
MH		 507
508 /* Detach sockets from device */
509 read_lock(&hci_sk_list.lock);
b67bfe0d 510 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 511 bh_lock_sock_nested(sk);
512 if (hci_pi(sk)->hdev == hdev) {
513 hci_pi(sk)->hdev = NULL;
514 sk->sk_err = EPIPE;
515 sk->sk_state = BT_OPEN;
516 sk->sk_state_change(sk);
517
518 hci_dev_put(hdev);
519 }
520 bh_unlock_sock(sk);
521 }
522 read_unlock(&hci_sk_list.lock);
523 }
524}
525
801c1e8d
JH		 526static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
527{
528 struct hci_mgmt_chan *c;
529
530 list_for_each_entry(c, &mgmt_chan_list, list) {
531 if (c->channel == channel)
532 return c;
533 }
534
535 return NULL;
536}
537
538static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
539{
540 struct hci_mgmt_chan *c;
541
542 mutex_lock(&mgmt_chan_list_lock);
543 c = __hci_mgmt_chan_find(channel);
544 mutex_unlock(&mgmt_chan_list_lock);
545
546 return c;
547}
548
549int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
550{
551 if (c->channel < HCI_CHANNEL_CONTROL)
552 return -EINVAL;
553
554 mutex_lock(&mgmt_chan_list_lock);
555 if (__hci_mgmt_chan_find(c->channel)) {
556 mutex_unlock(&mgmt_chan_list_lock);
557 return -EALREADY;
558 }
559
560 list_add_tail(&c->list, &mgmt_chan_list);
561
562 mutex_unlock(&mgmt_chan_list_lock);
563
564 return 0;
565}
566EXPORT_SYMBOL(hci_mgmt_chan_register);
567
568void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
569{
570 mutex_lock(&mgmt_chan_list_lock);
571 list_del(&c->list);
572 mutex_unlock(&mgmt_chan_list_lock);
573}
574EXPORT_SYMBOL(hci_mgmt_chan_unregister);
575
1da177e4
LT		 576static int hci_sock_release(struct socket *sock)
577{
578 struct sock *sk = sock->sk;
7b005bd3 579 struct hci_dev *hdev;
1da177e4
LT		 580
581 BT_DBG("sock %p sk %p", sock, sk);
582
583 if (!sk)
584 return 0;
585
7b005bd3
MH		 586 hdev = hci_pi(sk)->hdev;
587
cd82e61c
MH		 588 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
589 atomic_dec(&monitor_promisc);
590
1da177e4
LT		 591 bt_sock_unlink(&hci_sk_list, sk);
592
593 if (hdev) {
23500189 594 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
6b3cc1db
SF		 595 /* When releasing an user channel exclusive access,
596 * call hci_dev_do_close directly instead of calling
597 * hci_dev_close to ensure the exclusive access will
598 * be released and the controller brought back down.
599 *
600 * The checking of HCI_AUTO_OFF is not needed in this
601 * case since it will have been cleared already when
602 * opening the user channel.
603 */
604 hci_dev_do_close(hdev);
9380f9ea
LP		 605 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
606 mgmt_index_added(hdev);
23500189
MH		 607 }
608
1da177e4
LT		 609 atomic_dec(&hdev->promisc);
610 hci_dev_put(hdev);
611 }
612
613 sock_orphan(sk);
614
615 skb_queue_purge(&sk->sk_receive_queue);
616 skb_queue_purge(&sk->sk_write_queue);
617
618 sock_put(sk);
619 return 0;
620}
621
b2a66aad 622static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 623{
624 bdaddr_t bdaddr;
5e762444 625 int err;
f0358568
JH		 626
627 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
628 return -EFAULT;
629
09fd0de5 630 hci_dev_lock(hdev);
5e762444 631
dcc36c16 632 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 633
09fd0de5 634 hci_dev_unlock(hdev);
5e762444
AJ		 635
636 return err;
f0358568
JH		 637}
638
b2a66aad 639static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 640{
641 bdaddr_t bdaddr;
5e762444 642 int err;
f0358568
JH		 643
644 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
645 return -EFAULT;
646
09fd0de5 647 hci_dev_lock(hdev);
5e762444 648
dcc36c16 649 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 650
09fd0de5 651 hci_dev_unlock(hdev);
5e762444
AJ		 652
653 return err;
f0358568
JH		 654}
655
8e87d142 656/* Ioctls that require bound socket */
6039aa73
GP		 657static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
658 unsigned long arg)
1da177e4
LT		 659{
660 struct hci_dev *hdev = hci_pi(sk)->hdev;
661
662 if (!hdev)
663 return -EBADFD;
664
d7a5a11d 665 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
0736cfa8
MH		 666 return -EBUSY;
667
d7a5a11d 668 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
fee746b0
MH		 669 return -EOPNOTSUPP;
670
5b69bef5
MH		 671 if (hdev->dev_type != HCI_BREDR)
672 return -EOPNOTSUPP;
673
1da177e4
LT		 674 switch (cmd) {
675 case HCISETRAW:
676 if (!capable(CAP_NET_ADMIN))
bf5b30b8 677 return -EPERM;
db596681 678 return -EOPNOTSUPP;
1da177e4 679
1da177e4 680 case HCIGETCONNINFO:
8528d3f7 681 return hci_get_conn_info(hdev, (void __user *)arg);
40be492f
MH		 682
683 case HCIGETAUTHINFO:
8528d3f7 684 return hci_get_auth_info(hdev, (void __user *)arg);
1da177e4 685
f0358568
JH		 686 case HCIBLOCKADDR:
687 if (!capable(CAP_NET_ADMIN))
bf5b30b8 688 return -EPERM;
8528d3f7 689 return hci_sock_blacklist_add(hdev, (void __user *)arg);
f0358568
JH		 690
691 case HCIUNBLOCKADDR:
692 if (!capable(CAP_NET_ADMIN))
bf5b30b8 693 return -EPERM;
8528d3f7 694 return hci_sock_blacklist_del(hdev, (void __user *)arg);
1da177e4 695 }
0736cfa8 696
324d36ed 697 return -ENOIOCTLCMD;
1da177e4
LT		 698}
699
8fc9ced3
GP		 700static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
701 unsigned long arg)
1da177e4 702{
8528d3f7 703 void __user *argp = (void __user *)arg;
0736cfa8 704 struct sock *sk = sock->sk;
1da177e4
LT		 705 int err;
706
707 BT_DBG("cmd %x arg %lx", cmd, arg);
708
c1c4f956
MH		 709 lock_sock(sk);
710
711 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
712 err = -EBADFD;
713 goto done;
714 }
715
716 release_sock(sk);
717
1da177e4
LT		 718 switch (cmd) {
719 case HCIGETDEVLIST:
720 return hci_get_dev_list(argp);
721
722 case HCIGETDEVINFO:
723 return hci_get_dev_info(argp);
724
725 case HCIGETCONNLIST:
726 return hci_get_conn_list(argp);
727
728 case HCIDEVUP:
729 if (!capable(CAP_NET_ADMIN))
bf5b30b8 730 return -EPERM;
1da177e4
LT		 731 return hci_dev_open(arg);
732
733 case HCIDEVDOWN:
734 if (!capable(CAP_NET_ADMIN))
bf5b30b8 735 return -EPERM;
1da177e4
LT		 736 return hci_dev_close(arg);
737
738 case HCIDEVRESET:
739 if (!capable(CAP_NET_ADMIN))
bf5b30b8 740 return -EPERM;
1da177e4
LT		 741 return hci_dev_reset(arg);
742
743 case HCIDEVRESTAT:
744 if (!capable(CAP_NET_ADMIN))
bf5b30b8 745 return -EPERM;
1da177e4
LT		 746 return hci_dev_reset_stat(arg);
747
748 case HCISETSCAN:
749 case HCISETAUTH:
750 case HCISETENCRYPT:
751 case HCISETPTYPE:
752 case HCISETLINKPOL:
753 case HCISETLINKMODE:
754 case HCISETACLMTU:
755 case HCISETSCOMTU:
756 if (!capable(CAP_NET_ADMIN))
bf5b30b8 757 return -EPERM;
1da177e4
LT		 758 return hci_dev_cmd(cmd, argp);
759
760 case HCIINQUIRY:
761 return hci_inquiry(argp);
1da177e4 762 }
c1c4f956
MH		 763
764 lock_sock(sk);
765
766 err = hci_sock_bound_ioctl(sk, cmd, arg);
767
768done:
769 release_sock(sk);
770 return err;
1da177e4
LT		 771}
772
8fc9ced3
GP		 773static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
774 int addr_len)
1da177e4 775{
0381101f 776 struct sockaddr_hci haddr;
1da177e4
LT		 777 struct sock *sk = sock->sk;
778 struct hci_dev *hdev = NULL;
0381101f 779 int len, err = 0;
1da177e4
LT		 780
781 BT_DBG("sock %p sk %p", sock, sk);
782
0381101f
JH		 783 if (!addr)
784 return -EINVAL;
785
786 memset(&haddr, 0, sizeof(haddr));
787 len = min_t(unsigned int, sizeof(haddr), addr_len);
788 memcpy(&haddr, addr, len);
789
790 if (haddr.hci_family != AF_BLUETOOTH)
791 return -EINVAL;
792
1da177e4
LT		 793 lock_sock(sk);
794
7cc2ade2 795 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 796 err = -EALREADY;
797 goto done;
798 }
799
7cc2ade2
MH		 800 switch (haddr.hci_channel) {
801 case HCI_CHANNEL_RAW:
802 if (hci_pi(sk)->hdev) {
803 err = -EALREADY;
1da177e4
LT		 804 goto done;
805 }
806
7cc2ade2
MH		 807 if (haddr.hci_dev != HCI_DEV_NONE) {
808 hdev = hci_dev_get(haddr.hci_dev);
809 if (!hdev) {
810 err = -ENODEV;
811 goto done;
812 }
813
814 atomic_inc(&hdev->promisc);
815 }
816
817 hci_pi(sk)->hdev = hdev;
818 break;
819
23500189
MH		 820 case HCI_CHANNEL_USER:
821 if (hci_pi(sk)->hdev) {
822 err = -EALREADY;
823 goto done;
824 }
825
826 if (haddr.hci_dev == HCI_DEV_NONE) {
827 err = -EINVAL;
828 goto done;
829 }
830
10a8b86f 831 if (!capable(CAP_NET_ADMIN)) {
23500189
MH		 832 err = -EPERM;
833 goto done;
834 }
835
836 hdev = hci_dev_get(haddr.hci_dev);
837 if (!hdev) {
838 err = -ENODEV;
839 goto done;
840 }
841
781f899f 842 if (test_bit(HCI_INIT, &hdev->flags) ||
d7a5a11d 843 hci_dev_test_flag(hdev, HCI_SETUP) ||
781f899f
MH		 844 hci_dev_test_flag(hdev, HCI_CONFIG) ||
845 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
846 test_bit(HCI_UP, &hdev->flags))) {
23500189
MH		 847 err = -EBUSY;
848 hci_dev_put(hdev);
849 goto done;
850 }
851
238be788 852 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
23500189
MH		 853 err = -EUSERS;
854 hci_dev_put(hdev);
855 goto done;
856 }
857
0602a8ad 858 mgmt_index_removed(hdev);
23500189
MH		 859
860 err = hci_dev_open(hdev->id);
861 if (err) {
781f899f
MH		 862 if (err == -EALREADY) {
863 /* In case the transport is already up and
864 * running, clear the error here.
865 *
866 * This can happen when opening an user
867 * channel and HCI_AUTO_OFF grace period
868 * is still active.
869 */
870 err = 0;
871 } else {
872 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
873 mgmt_index_added(hdev);
874 hci_dev_put(hdev);
875 goto done;
876 }
23500189
MH		 877 }
878
879 atomic_inc(&hdev->promisc);
880
881 hci_pi(sk)->hdev = hdev;
882 break;
883
cd82e61c
MH		 884 case HCI_CHANNEL_MONITOR:
885 if (haddr.hci_dev != HCI_DEV_NONE) {
886 err = -EINVAL;
887 goto done;
888 }
889
890 if (!capable(CAP_NET_RAW)) {
891 err = -EPERM;
892 goto done;
893 }
894
50ebc055
MH		 895 /* The monitor interface is restricted to CAP_NET_RAW
896 * capabilities and with that implicitly trusted.
897 */
898 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
899
dd31506d
MH		 900 send_monitor_note(sk, "Linux version " UTS_RELEASE
901 " (" UTS_MACHINE ")");
902 send_monitor_note(sk, "Bluetooth subsystem version "
903 BT_SUBSYS_VERSION);
cd82e61c
MH		 904 send_monitor_replay(sk);
905
906 atomic_inc(&monitor_promisc);
907 break;
908
ac714949
MH		 909 case HCI_CHANNEL_LOGGING:
910 if (haddr.hci_dev != HCI_DEV_NONE) {
911 err = -EINVAL;
912 goto done;
913 }
914
915 if (!capable(CAP_NET_ADMIN)) {
916 err = -EPERM;
917 goto done;
918 }
919 break;
920
7cc2ade2 921 default:
801c1e8d
JH		 922 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
923 err = -EINVAL;
924 goto done;
925 }
926
927 if (haddr.hci_dev != HCI_DEV_NONE) {
928 err = -EINVAL;
929 goto done;
930 }
931
1195fbb8
MH		 932 /* Users with CAP_NET_ADMIN capabilities are allowed
933 * access to all management commands and events. For
934 * untrusted users the interface is restricted and
935 * also only untrusted events are sent.
50ebc055 936 */
1195fbb8
MH		 937 if (capable(CAP_NET_ADMIN))
938 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
50ebc055 939
f9207338
MH		 940 /* At the moment the index and unconfigured index events
941 * are enabled unconditionally. Setting them on each
942 * socket when binding keeps this functionality. They
943 * however might be cleared later and then sending of these
944 * events will be disabled, but that is then intentional.
f6b7712e
MH		 945 *
946 * This also enables generic events that are safe to be
947 * received by untrusted users. Example for such events
948 * are changes to settings, class of device, name etc.
f9207338
MH		 949 */
950 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) {
951 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
952 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
f6b7712e 953 hci_sock_set_flag(sk, HCI_MGMT_GENERIC_EVENTS);
f9207338 954 }
801c1e8d 955 break;
1da177e4
LT		 956 }
957
7cc2ade2 958
0381101f 959 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 960 sk->sk_state = BT_BOUND;
961
962done:
963 release_sock(sk);
964 return err;
965}
966
8fc9ced3
GP		 967static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
968 int *addr_len, int peer)
1da177e4 969{
8528d3f7 970 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
1da177e4 971 struct sock *sk = sock->sk;
9d4b68b2
MH		 972 struct hci_dev *hdev;
973 int err = 0;
1da177e4
LT		 974
975 BT_DBG("sock %p sk %p", sock, sk);
976
06f43cbc
MH		 977 if (peer)
978 return -EOPNOTSUPP;
979
1da177e4
LT		 980 lock_sock(sk);
981
9d4b68b2
MH		 982 hdev = hci_pi(sk)->hdev;
983 if (!hdev) {
984 err = -EBADFD;
985 goto done;
986 }
987
1da177e4
LT		 988 *addr_len = sizeof(*haddr);
989 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 990 haddr->hci_dev = hdev->id;
9d4b68b2 991 haddr->hci_channel= hci_pi(sk)->channel;
1da177e4 992
9d4b68b2 993done:
1da177e4 994 release_sock(sk);
9d4b68b2 995 return err;
1da177e4
LT		 996}
997
6039aa73
GP		 998static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
999 struct sk_buff *skb)
1da177e4
LT		 1000{
1001 __u32 mask = hci_pi(sk)->cmsg_mask;
1002
0d48d939
MH		 1003 if (mask & HCI_CMSG_DIR) {
1004 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 1005 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1006 &incoming);
0d48d939 1007 }
1da177e4 1008
a61bbcf2 1009 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 1010#ifdef CONFIG_COMPAT
1011 struct compat_timeval ctv;
1012#endif
a61bbcf2 1013 struct timeval tv;
767c5eb5
MH		 1014 void *data;
1015 int len;
a61bbcf2
PM		 1016
1017 skb_get_timestamp(skb, &tv);
767c5eb5 1018
1da97f83
DM		 1019 data = &tv;
1020 len = sizeof(tv);
1021#ifdef CONFIG_COMPAT
da88cea1
L		 1022 if (!COMPAT_USE_64BIT_TIME &&
1023 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 1024 ctv.tv_sec = tv.tv_sec;
1025 ctv.tv_usec = tv.tv_usec;
1026 data = &ctv;
1027 len = sizeof(ctv);
767c5eb5 1028 }
1da97f83 1029#endif
767c5eb5
MH		 1030
1031 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 1032 }
1da177e4 1033}
8e87d142 1034
8528d3f7
MH		 1035static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1036 size_t len, int flags)
1da177e4
LT		 1037{
1038 int noblock = flags & MSG_DONTWAIT;
1039 struct sock *sk = sock->sk;
1040 struct sk_buff *skb;
1041 int copied, err;
1042
1043 BT_DBG("sock %p, sk %p", sock, sk);
1044
d94a6104 1045 if (flags & MSG_OOB)
1da177e4
LT		 1046 return -EOPNOTSUPP;
1047
ac714949
MH		 1048 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1049 return -EOPNOTSUPP;
1050
1da177e4
LT		 1051 if (sk->sk_state == BT_CLOSED)
1052 return 0;
1053
70f23020
AE		 1054 skb = skb_recv_datagram(sk, flags, noblock, &err);
1055 if (!skb)
1da177e4
LT		 1056 return err;
1057
1da177e4
LT		 1058 copied = skb->len;
1059 if (len < copied) {
1060 msg->msg_flags |= MSG_TRUNC;
1061 copied = len;
1062 }
1063
badff6d0 1064 skb_reset_transport_header(skb);
51f3d02b 1065 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1da177e4 1066
3a208627
MH		 1067 switch (hci_pi(sk)->channel) {
1068 case HCI_CHANNEL_RAW:
1069 hci_sock_cmsg(sk, msg, skb);
1070 break;
23500189 1071 case HCI_CHANNEL_USER:
cd82e61c
MH		 1072 case HCI_CHANNEL_MONITOR:
1073 sock_recv_timestamp(msg, sk, skb);
1074 break;
801c1e8d
JH		 1075 default:
1076 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1077 sock_recv_timestamp(msg, sk, skb);
1078 break;
3a208627 1079 }
1da177e4
LT		 1080
1081 skb_free_datagram(sk, skb);
1082
1083 return err ? : copied;
1084}
1085
fa4335d7
JH		 1086static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1087 struct msghdr *msg, size_t msglen)
1088{
1089 void *buf;
1090 u8 *cp;
1091 struct mgmt_hdr *hdr;
1092 u16 opcode, index, len;
1093 struct hci_dev *hdev = NULL;
1094 const struct hci_mgmt_handler *handler;
1095 bool var_len, no_hdev;
1096 int err;
1097
1098 BT_DBG("got %zu bytes", msglen);
1099
1100 if (msglen < sizeof(*hdr))
1101 return -EINVAL;
1102
1103 buf = kmalloc(msglen, GFP_KERNEL);
1104 if (!buf)
1105 return -ENOMEM;
1106
1107 if (memcpy_from_msg(buf, msg, msglen)) {
1108 err = -EFAULT;
1109 goto done;
1110 }
1111
1112 hdr = buf;
1113 opcode = __le16_to_cpu(hdr->opcode);
1114 index = __le16_to_cpu(hdr->index);
1115 len = __le16_to_cpu(hdr->len);
1116
1117 if (len != msglen - sizeof(*hdr)) {
1118 err = -EINVAL;
1119 goto done;
1120 }
1121
1122 if (opcode >= chan->handler_count ||
1123 chan->handlers[opcode].func == NULL) {
1124 BT_DBG("Unknown op %u", opcode);
1125 err = mgmt_cmd_status(sk, index, opcode,
1126 MGMT_STATUS_UNKNOWN_COMMAND);
1127 goto done;
1128 }
1129
1130 handler = &chan->handlers[opcode];
1131
1132 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1133 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1134 err = mgmt_cmd_status(sk, index, opcode,
1135 MGMT_STATUS_PERMISSION_DENIED);
1136 goto done;
1137 }
1138
1139 if (index != MGMT_INDEX_NONE) {
1140 hdev = hci_dev_get(index);
1141 if (!hdev) {
1142 err = mgmt_cmd_status(sk, index, opcode,
1143 MGMT_STATUS_INVALID_INDEX);
1144 goto done;
1145 }
1146
1147 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1148 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1149 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1150 err = mgmt_cmd_status(sk, index, opcode,
1151 MGMT_STATUS_INVALID_INDEX);
1152 goto done;
1153 }
1154
1155 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1156 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1157 err = mgmt_cmd_status(sk, index, opcode,
1158 MGMT_STATUS_INVALID_INDEX);
1159 goto done;
1160 }
1161 }
1162
1163 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1164 if (no_hdev != !hdev) {
1165 err = mgmt_cmd_status(sk, index, opcode,
1166 MGMT_STATUS_INVALID_INDEX);
1167 goto done;
1168 }
1169
1170 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1171 if ((var_len && len < handler->data_len) ||
1172 (!var_len && len != handler->data_len)) {
1173 err = mgmt_cmd_status(sk, index, opcode,
1174 MGMT_STATUS_INVALID_PARAMS);
1175 goto done;
1176 }
1177
1178 if (hdev && chan->hdev_init)
1179 chan->hdev_init(sk, hdev);
1180
1181 cp = buf + sizeof(*hdr);
1182
1183 err = handler->func(sk, hdev, cp, len);
1184 if (err < 0)
1185 goto done;
1186
1187 err = msglen;
1188
1189done:
1190 if (hdev)
1191 hci_dev_put(hdev);
1192
1193 kfree(buf);
1194 return err;
1195}
1196
ac714949
MH		 1197static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1198{
1199 struct hci_mon_hdr *hdr;
1200 struct sk_buff *skb;
1201 struct hci_dev *hdev;
1202 u16 index;
1203 int err;
1204
1205 /* The logging frame consists at minimum of the standard header,
1206 * the priority byte, the ident length byte and at least one string
1207 * terminator NUL byte. Anything shorter are invalid packets.
1208 */
1209 if (len < sizeof(*hdr) + 3)
1210 return -EINVAL;
1211
1212 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1213 if (!skb)
1214 return err;
1215
1216 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1217 err = -EFAULT;
1218 goto drop;
1219 }
1220
1221 hdr = (void *)skb->data;
1222
1223 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1224 err = -EINVAL;
1225 goto drop;
1226 }
1227
1228 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1229 __u8 priority = skb->data[sizeof(*hdr)];
1230 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1231
1232 /* Only the priorities 0-7 are valid and with that any other
1233 * value results in an invalid packet.
1234 *
1235 * The priority byte is followed by an ident length byte and
1236 * the NUL terminated ident string. Check that the ident
1237 * length is not overflowing the packet and also that the
1238 * ident string itself is NUL terminated. In case the ident
1239 * length is zero, the length value actually doubles as NUL
1240 * terminator identifier.
1241 *
1242 * The message follows the ident string (if present) and
1243 * must be NUL terminated. Otherwise it is not a valid packet.
1244 */
1245 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1246 ident_len > len - sizeof(*hdr) - 3 ||
1247 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1248 err = -EINVAL;
1249 goto drop;
1250 }
1251 } else {
1252 err = -EINVAL;
1253 goto drop;
1254 }
1255
1256 index = __le16_to_cpu(hdr->index);
1257
1258 if (index != MGMT_INDEX_NONE) {
1259 hdev = hci_dev_get(index);
1260 if (!hdev) {
1261 err = -ENODEV;
1262 goto drop;
1263 }
1264 } else {
1265 hdev = NULL;
1266 }
1267
1268 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1269
1270 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1271 err = len;
1272
1273 if (hdev)
1274 hci_dev_put(hdev);
1275
1276drop:
1277 kfree_skb(skb);
1278 return err;
1279}
1280
1b784140
YX		 1281static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1282 size_t len)
1da177e4
LT		 1283{
1284 struct sock *sk = sock->sk;
801c1e8d 1285 struct hci_mgmt_chan *chan;
1da177e4
LT		 1286 struct hci_dev *hdev;
1287 struct sk_buff *skb;
1288 int err;
1289
1290 BT_DBG("sock %p sk %p", sock, sk);
1291
1292 if (msg->msg_flags & MSG_OOB)
1293 return -EOPNOTSUPP;
1294
1295 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
1296 return -EINVAL;
1297
1298 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1299 return -EINVAL;
1300
1301 lock_sock(sk);
1302
0381101f
JH		 1303 switch (hci_pi(sk)->channel) {
1304 case HCI_CHANNEL_RAW:
23500189 1305 case HCI_CHANNEL_USER:
0381101f 1306 break;
cd82e61c
MH		 1307 case HCI_CHANNEL_MONITOR:
1308 err = -EOPNOTSUPP;
1309 goto done;
ac714949
MH		 1310 case HCI_CHANNEL_LOGGING:
1311 err = hci_logging_frame(sk, msg, len);
1312 goto done;
0381101f 1313 default:
801c1e8d
JH		 1314 mutex_lock(&mgmt_chan_list_lock);
1315 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1316 if (chan)
fa4335d7 1317 err = hci_mgmt_cmd(chan, sk, msg, len);
801c1e8d
JH		 1318 else
1319 err = -EINVAL;
1320
1321 mutex_unlock(&mgmt_chan_list_lock);
0381101f
JH		 1322 goto done;
1323 }
1324
70f23020
AE		 1325 hdev = hci_pi(sk)->hdev;
1326 if (!hdev) {
1da177e4
LT		 1327 err = -EBADFD;
1328 goto done;
1329 }
1330
7e21addc
MH		 1331 if (!test_bit(HCI_UP, &hdev->flags)) {
1332 err = -ENETDOWN;
1333 goto done;
1334 }
1335
70f23020
AE		 1336 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1337 if (!skb)
1da177e4
LT		 1338 goto done;
1339
6ce8e9ce 1340 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1da177e4
LT		 1341 err = -EFAULT;
1342 goto drop;
1343 }
1344
8528d3f7 1345 hci_skb_pkt_type(skb) = skb->data[0];
1da177e4 1346 skb_pull(skb, 1);
1da177e4 1347
1bc5ad16
MH		 1348 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1349 /* No permission check is needed for user channel
1350 * since that gets enforced when binding the socket.
1351 *
1352 * However check that the packet type is valid.
1353 */
d79f34e3
MH		 1354 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1355 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1356 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
1bc5ad16
MH		 1357 err = -EINVAL;
1358 goto drop;
1359 }
1360
1361 skb_queue_tail(&hdev->raw_q, skb);
1362 queue_work(hdev->workqueue, &hdev->tx_work);
d79f34e3 1363 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
83985319 1364 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 1365 u16 ogf = hci_opcode_ogf(opcode);
1366 u16 ocf = hci_opcode_ocf(opcode);
1367
1368 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 1369 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1370 &hci_sec_filter.ocf_mask[ogf])) &&
1371 !capable(CAP_NET_RAW)) {
1da177e4
LT		 1372 err = -EPERM;
1373 goto drop;
1374 }
1375
1982162b
MH		 1376 /* Since the opcode has already been extracted here, store
1377 * a copy of the value for later use by the drivers.
1378 */
1379 hci_skb_opcode(skb) = opcode;
1380
fee746b0 1381 if (ogf == 0x3f) {
1da177e4 1382 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1383 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 1384 } else {
49c922bb 1385 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 1386 * single-command requests.
1387 */
44d27137 1388 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
11714b3d 1389
1da177e4 1390 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 1391 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 1392 }
1393 } else {
1394 if (!capable(CAP_NET_RAW)) {
1395 err = -EPERM;
1396 goto drop;
1397 }
1398
d79f34e3
MH		 1399 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1400 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
bb77543e
MH		 1401 err = -EINVAL;
1402 goto drop;
1403 }
1404
1da177e4 1405 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1406 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 1407 }
1408
1409 err = len;
1410
1411done:
1412 release_sock(sk);
1413 return err;
1414
1415drop:
1416 kfree_skb(skb);
1417 goto done;
1418}
1419
8fc9ced3
GP		 1420static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1421 char __user *optval, unsigned int len)
1da177e4
LT		 1422{
1423 struct hci_ufilter uf = { .opcode = 0 };
1424 struct sock *sk = sock->sk;
1425 int err = 0, opt = 0;
1426
1427 BT_DBG("sk %p, opt %d", sk, optname);
1428
1429 lock_sock(sk);
1430
2f39cdb7 1431 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1432 err = -EBADFD;
2f39cdb7
MH		 1433 goto done;
1434 }
1435
1da177e4
LT		 1436 switch (optname) {
1437 case HCI_DATA_DIR:
1438 if (get_user(opt, (int __user *)optval)) {
1439 err = -EFAULT;
1440 break;
1441 }
1442
1443 if (opt)
1444 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1445 else
1446 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1447 break;
1448
1449 case HCI_TIME_STAMP:
1450 if (get_user(opt, (int __user *)optval)) {
1451 err = -EFAULT;
1452 break;
1453 }
1454
1455 if (opt)
1456 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1457 else
1458 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1459 break;
1460
1461 case HCI_FILTER:
0878b666
MH		 1462 {
1463 struct hci_filter *f = &hci_pi(sk)->filter;
1464
1465 uf.type_mask = f->type_mask;
1466 uf.opcode = f->opcode;
1467 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1468 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1469 }
1470
1da177e4
LT		 1471 len = min_t(unsigned int, len, sizeof(uf));
1472 if (copy_from_user(&uf, optval, len)) {
1473 err = -EFAULT;
1474 break;
1475 }
1476
1477 if (!capable(CAP_NET_RAW)) {
1478 uf.type_mask &= hci_sec_filter.type_mask;
1479 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1480 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1481 }
1482
1483 {
1484 struct hci_filter *f = &hci_pi(sk)->filter;
1485
1486 f->type_mask = uf.type_mask;
1487 f->opcode = uf.opcode;
1488 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1489 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1490 }
8e87d142 1491 break;
1da177e4
LT		 1492
1493 default:
1494 err = -ENOPROTOOPT;
1495 break;
1496 }
1497
2f39cdb7 1498done:
1da177e4
LT		 1499 release_sock(sk);
1500 return err;
1501}
1502
8fc9ced3
GP		 1503static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1504 char __user *optval, int __user *optlen)
1da177e4
LT		 1505{
1506 struct hci_ufilter uf;
1507 struct sock *sk = sock->sk;
cedc5469
MH		 1508 int len, opt, err = 0;
1509
1510 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 1511
1512 if (get_user(len, optlen))
1513 return -EFAULT;
1514
cedc5469
MH		 1515 lock_sock(sk);
1516
1517 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1518 err = -EBADFD;
cedc5469
MH		 1519 goto done;
1520 }
1521
1da177e4
LT		 1522 switch (optname) {
1523 case HCI_DATA_DIR:
1524 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1525 opt = 1;
8e87d142 1526 else
1da177e4
LT		 1527 opt = 0;
1528
1529 if (put_user(opt, optval))
cedc5469 1530 err = -EFAULT;
1da177e4
LT		 1531 break;
1532
1533 case HCI_TIME_STAMP:
1534 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1535 opt = 1;
8e87d142 1536 else
1da177e4
LT		 1537 opt = 0;
1538
1539 if (put_user(opt, optval))
cedc5469 1540 err = -EFAULT;
1da177e4
LT		 1541 break;
1542
1543 case HCI_FILTER:
1544 {
1545 struct hci_filter *f = &hci_pi(sk)->filter;
1546
e15ca9a0 1547 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1548 uf.type_mask = f->type_mask;
1549 uf.opcode = f->opcode;
1550 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1551 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1552 }
1553
1554 len = min_t(unsigned int, len, sizeof(uf));
1555 if (copy_to_user(optval, &uf, len))
cedc5469 1556 err = -EFAULT;
1da177e4
LT		 1557 break;
1558
1559 default:
cedc5469 1560 err = -ENOPROTOOPT;
1da177e4
LT		 1561 break;
1562 }
1563
cedc5469
MH		 1564done:
1565 release_sock(sk);
1566 return err;
1da177e4
LT		 1567}
1568
90ddc4f0 1569static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1570 .family = PF_BLUETOOTH,
1571 .owner = THIS_MODULE,
1572 .release = hci_sock_release,
1573 .bind = hci_sock_bind,
1574 .getname = hci_sock_getname,
1575 .sendmsg = hci_sock_sendmsg,
1576 .recvmsg = hci_sock_recvmsg,
1577 .ioctl = hci_sock_ioctl,
1578 .poll = datagram_poll,
1579 .listen = sock_no_listen,
1580 .shutdown = sock_no_shutdown,
1581 .setsockopt = hci_sock_setsockopt,
1582 .getsockopt = hci_sock_getsockopt,
1583 .connect = sock_no_connect,
1584 .socketpair = sock_no_socketpair,
1585 .accept = sock_no_accept,
1586 .mmap = sock_no_mmap
1587};
1588
1589static struct proto hci_sk_proto = {
1590 .name = "HCI",
1591 .owner = THIS_MODULE,
1592 .obj_size = sizeof(struct hci_pinfo)
1593};
1594
3f378b68
EP		 1595static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1596 int kern)
1da177e4
LT		 1597{
1598 struct sock *sk;
1599
1600 BT_DBG("sock %p", sock);
1601
1602 if (sock->type != SOCK_RAW)
1603 return -ESOCKTNOSUPPORT;
1604
1605 sock->ops = &hci_sock_ops;
1606
11aa9c28 1607 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
1da177e4
LT		 1608 if (!sk)
1609 return -ENOMEM;
1610
1611 sock_init_data(sock, sk);
1612
1613 sock_reset_flag(sk, SOCK_ZAPPED);
1614
1615 sk->sk_protocol = protocol;
1616
1617 sock->state = SS_UNCONNECTED;
1618 sk->sk_state = BT_OPEN;
1619
1620 bt_sock_link(&hci_sk_list, sk);
1621 return 0;
1622}
1623
ec1b4cf7 1624static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1625 .family = PF_BLUETOOTH,
1626 .owner = THIS_MODULE,
1627 .create = hci_sock_create,
1628};
1629
1da177e4
LT		 1630int __init hci_sock_init(void)
1631{
1632 int err;
1633
b0a8e282
MH		 1634 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1635
1da177e4
LT		 1636 err = proto_register(&hci_sk_proto, 0);
1637 if (err < 0)
1638 return err;
1639
1640 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1641 if (err < 0) {
1642 BT_ERR("HCI socket registration failed");
1da177e4 1643 goto error;
f7c86637
MY		 1644 }
1645
b0316615 1646 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1647 if (err < 0) {
1648 BT_ERR("Failed to create HCI proc file");
1649 bt_sock_unregister(BTPROTO_HCI);
1650 goto error;
1651 }
1da177e4 1652
1da177e4
LT		 1653 BT_INFO("HCI socket layer initialized");
1654
1655 return 0;
1656
1657error:
1da177e4
LT		 1658 proto_unregister(&hci_sk_proto);
1659 return err;
1660}
1661
b7440a14 1662void hci_sock_cleanup(void)
1da177e4 1663{
f7c86637 1664 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1665 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1666 proto_unregister(&hci_sk_proto);
1da177e4 1667}
Linux kernel - Deliverables
This page took 0.877555 seconds and 5 git commands to generate.