projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support connectable advertising setting
[deliverable/linux.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
cd82e61c 32#include <net/bluetooth/hci_mon.h>
1da177e4 33
801c1e8d
JH		 34static LIST_HEAD(mgmt_chan_list);
35static DEFINE_MUTEX(mgmt_chan_list_lock);
36
cd82e61c
MH		 37static atomic_t monitor_promisc = ATOMIC_INIT(0);
38
1da177e4
LT		 39/* ----- HCI socket interface ----- */
40
863def58
MH		 41/* Socket info */
42#define hci_pi(sk) ((struct hci_pinfo *) sk)
43
44struct hci_pinfo {
45 struct bt_sock bt;
46 struct hci_dev *hdev;
47 struct hci_filter filter;
48 __u32 cmsg_mask;
49 unsigned short channel;
50};
51
9391976a 52static inline int hci_test_bit(int nr, const void *addr)
1da177e4 53{
9391976a 54 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
1da177e4
LT		 55}
56
57/* Security filter */
3ad254f7
MH		 58#define HCI_SFLT_MAX_OGF 5
59
60struct hci_sec_filter {
61 __u32 type_mask;
62 __u32 event_mask[2];
63 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
64};
65
7e67c112 66static const struct hci_sec_filter hci_sec_filter = {
1da177e4
LT		 67 /* Packet types */
68 0x10,
69 /* Events */
dd7f5527 70 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 71 /* Commands */
72 {
73 { 0x0 },
74 /* OGF_LINK_CTL */
7c631a67 75 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 76 /* OGF_LINK_POLICY */
7c631a67 77 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 78 /* OGF_HOST_CTL */
7c631a67 79 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 80 /* OGF_INFO_PARAM */
7c631a67 81 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 82 /* OGF_STATUS_PARAM */
7c631a67 83 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 84 }
85};
86
87static struct bt_sock_list hci_sk_list = {
d5fb2962 88 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 89};
90
f81fe64f
MH		 91static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
92{
93 struct hci_filter *flt;
94 int flt_type, flt_event;
95
96 /* Apply filter */
97 flt = &hci_pi(sk)->filter;
98
99 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
100 flt_type = 0;
101 else
102 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
103
104 if (!test_bit(flt_type, &flt->type_mask))
105 return true;
106
107 /* Extra filter for event packets only */
108 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
109 return false;
110
111 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
112
113 if (!hci_test_bit(flt_event, &flt->event_mask))
114 return true;
115
116 /* Check filter only when opcode is set */
117 if (!flt->opcode)
118 return false;
119
120 if (flt_event == HCI_EV_CMD_COMPLETE &&
121 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
122 return true;
123
124 if (flt_event == HCI_EV_CMD_STATUS &&
125 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
126 return true;
127
128 return false;
129}
130
1da177e4 131/* Send frame to RAW socket */
470fe1b5 132void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 133{
134 struct sock *sk;
e0edf373 135 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 136
137 BT_DBG("hdev %p len %d", hdev, skb->len);
138
139 read_lock(&hci_sk_list.lock);
470fe1b5 140
b67bfe0d 141 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 142 struct sk_buff *nskb;
143
144 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
145 continue;
146
147 /* Don't send frame to the socket it came from */
148 if (skb->sk == sk)
149 continue;
150
23500189
MH		 151 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
152 if (is_filtered_packet(sk, skb))
153 continue;
154 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
155 if (!bt_cb(skb)->incoming)
156 continue;
157 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
158 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
159 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
160 continue;
161 } else {
162 /* Don't send frame to other channel types */
1da177e4 163 continue;
23500189 164 }
1da177e4 165
e0edf373
MH		 166 if (!skb_copy) {
167 /* Create a private copy with headroom */
bad93e9d 168 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
e0edf373
MH		 169 if (!skb_copy)
170 continue;
171
172 /* Put type byte before the data */
173 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
174 }
175
176 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 177 if (!nskb)
1da177e4
LT		 178 continue;
179
470fe1b5
MH		 180 if (sock_queue_rcv_skb(sk, nskb))
181 kfree_skb(nskb);
182 }
183
184 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 185
186 kfree_skb(skb_copy);
470fe1b5
MH		 187}
188
7129069e
JH		 189/* Send frame to sockets with specific channel */
190void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
191 struct sock *skip_sk)
470fe1b5
MH		 192{
193 struct sock *sk;
470fe1b5 194
7129069e 195 BT_DBG("channel %u len %d", channel, skb->len);
470fe1b5
MH		 196
197 read_lock(&hci_sk_list.lock);
198
b67bfe0d 199 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 200 struct sk_buff *nskb;
201
202 /* Skip the original socket */
203 if (sk == skip_sk)
204 continue;
205
206 if (sk->sk_state != BT_BOUND)
207 continue;
208
7129069e 209 if (hci_pi(sk)->channel != channel)
d7f72f61
MH		 210 continue;
211
212 nskb = skb_clone(skb, GFP_ATOMIC);
213 if (!nskb)
214 continue;
215
216 if (sock_queue_rcv_skb(sk, nskb))
217 kfree_skb(nskb);
218 }
219
220 read_unlock(&hci_sk_list.lock);
221}
222
cd82e61c
MH		 223/* Send frame to monitor socket */
224void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
225{
cd82e61c 226 struct sk_buff *skb_copy = NULL;
2b531294 227 struct hci_mon_hdr *hdr;
cd82e61c
MH		 228 __le16 opcode;
229
230 if (!atomic_read(&monitor_promisc))
231 return;
232
233 BT_DBG("hdev %p len %d", hdev, skb->len);
234
235 switch (bt_cb(skb)->pkt_type) {
236 case HCI_COMMAND_PKT:
dcf4adbf 237 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
cd82e61c
MH		 238 break;
239 case HCI_EVENT_PKT:
dcf4adbf 240 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
cd82e61c
MH		 241 break;
242 case HCI_ACLDATA_PKT:
243 if (bt_cb(skb)->incoming)
dcf4adbf 244 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
cd82e61c 245 else
dcf4adbf 246 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
cd82e61c
MH		 247 break;
248 case HCI_SCODATA_PKT:
249 if (bt_cb(skb)->incoming)
dcf4adbf 250 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
cd82e61c 251 else
dcf4adbf 252 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
cd82e61c
MH		 253 break;
254 default:
255 return;
256 }
257
2b531294
MH		 258 /* Create a private copy with headroom */
259 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
260 if (!skb_copy)
261 return;
262
263 /* Put header before the data */
264 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
265 hdr->opcode = opcode;
266 hdr->index = cpu_to_le16(hdev->id);
267 hdr->len = cpu_to_le16(skb->len);
268
03f310ef 269 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy, NULL);
cd82e61c
MH		 270 kfree_skb(skb_copy);
271}
272
cd82e61c
MH		 273static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
274{
275 struct hci_mon_hdr *hdr;
276 struct hci_mon_new_index *ni;
277 struct sk_buff *skb;
278 __le16 opcode;
279
280 switch (event) {
281 case HCI_DEV_REG:
282 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
283 if (!skb)
284 return NULL;
285
286 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
287 ni->type = hdev->dev_type;
288 ni->bus = hdev->bus;
289 bacpy(&ni->bdaddr, &hdev->bdaddr);
290 memcpy(ni->name, hdev->name, 8);
291
dcf4adbf 292 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
cd82e61c
MH		 293 break;
294
295 case HCI_DEV_UNREG:
296 skb = bt_skb_alloc(0, GFP_ATOMIC);
297 if (!skb)
298 return NULL;
299
dcf4adbf 300 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
cd82e61c
MH		 301 break;
302
303 default:
304 return NULL;
305 }
306
307 __net_timestamp(skb);
308
309 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
310 hdr->opcode = opcode;
311 hdr->index = cpu_to_le16(hdev->id);
312 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
313
314 return skb;
315}
316
317static void send_monitor_replay(struct sock *sk)
318{
319 struct hci_dev *hdev;
320
321 read_lock(&hci_dev_list_lock);
322
323 list_for_each_entry(hdev, &hci_dev_list, list) {
324 struct sk_buff *skb;
325
326 skb = create_monitor_event(hdev, HCI_DEV_REG);
327 if (!skb)
328 continue;
329
330 if (sock_queue_rcv_skb(sk, skb))
331 kfree_skb(skb);
332 }
333
334 read_unlock(&hci_dev_list_lock);
335}
336
040030ef
MH		 337/* Generate internal stack event */
338static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
339{
340 struct hci_event_hdr *hdr;
341 struct hci_ev_stack_internal *ev;
342 struct sk_buff *skb;
343
344 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
345 if (!skb)
346 return;
347
348 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
349 hdr->evt = HCI_EV_STACK_INTERNAL;
350 hdr->plen = sizeof(*ev) + dlen;
351
352 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
353 ev->type = type;
354 memcpy(ev->data, data, dlen);
355
356 bt_cb(skb)->incoming = 1;
357 __net_timestamp(skb);
358
359 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
040030ef
MH		 360 hci_send_to_sock(hdev, skb);
361 kfree_skb(skb);
362}
363
364void hci_sock_dev_event(struct hci_dev *hdev, int event)
365{
366 struct hci_ev_si_device ev;
367
368 BT_DBG("hdev %s event %d", hdev->name, event);
369
cd82e61c
MH		 370 /* Send event to monitor */
371 if (atomic_read(&monitor_promisc)) {
372 struct sk_buff *skb;
373
374 skb = create_monitor_event(hdev, event);
375 if (skb) {
03f310ef 376 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, NULL);
cd82e61c
MH		 377 kfree_skb(skb);
378 }
379 }
380
040030ef
MH		 381 /* Send event to sockets */
382 ev.event = event;
383 ev.dev_id = hdev->id;
384 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
385
386 if (event == HCI_DEV_UNREG) {
387 struct sock *sk;
040030ef
MH		 388
389 /* Detach sockets from device */
390 read_lock(&hci_sk_list.lock);
b67bfe0d 391 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 392 bh_lock_sock_nested(sk);
393 if (hci_pi(sk)->hdev == hdev) {
394 hci_pi(sk)->hdev = NULL;
395 sk->sk_err = EPIPE;
396 sk->sk_state = BT_OPEN;
397 sk->sk_state_change(sk);
398
399 hci_dev_put(hdev);
400 }
401 bh_unlock_sock(sk);
402 }
403 read_unlock(&hci_sk_list.lock);
404 }
405}
406
801c1e8d
JH		 407static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
408{
409 struct hci_mgmt_chan *c;
410
411 list_for_each_entry(c, &mgmt_chan_list, list) {
412 if (c->channel == channel)
413 return c;
414 }
415
416 return NULL;
417}
418
419static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
420{
421 struct hci_mgmt_chan *c;
422
423 mutex_lock(&mgmt_chan_list_lock);
424 c = __hci_mgmt_chan_find(channel);
425 mutex_unlock(&mgmt_chan_list_lock);
426
427 return c;
428}
429
430int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
431{
432 if (c->channel < HCI_CHANNEL_CONTROL)
433 return -EINVAL;
434
435 mutex_lock(&mgmt_chan_list_lock);
436 if (__hci_mgmt_chan_find(c->channel)) {
437 mutex_unlock(&mgmt_chan_list_lock);
438 return -EALREADY;
439 }
440
441 list_add_tail(&c->list, &mgmt_chan_list);
442
443 mutex_unlock(&mgmt_chan_list_lock);
444
445 return 0;
446}
447EXPORT_SYMBOL(hci_mgmt_chan_register);
448
449void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
450{
451 mutex_lock(&mgmt_chan_list_lock);
452 list_del(&c->list);
453 mutex_unlock(&mgmt_chan_list_lock);
454}
455EXPORT_SYMBOL(hci_mgmt_chan_unregister);
456
1da177e4
LT		 457static int hci_sock_release(struct socket *sock)
458{
459 struct sock *sk = sock->sk;
7b005bd3 460 struct hci_dev *hdev;
1da177e4
LT		 461
462 BT_DBG("sock %p sk %p", sock, sk);
463
464 if (!sk)
465 return 0;
466
7b005bd3
MH		 467 hdev = hci_pi(sk)->hdev;
468
cd82e61c
MH		 469 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
470 atomic_dec(&monitor_promisc);
471
1da177e4
LT		 472 bt_sock_unlink(&hci_sk_list, sk);
473
474 if (hdev) {
23500189 475 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
0602a8ad 476 mgmt_index_added(hdev);
23500189
MH		 477 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
478 hci_dev_close(hdev->id);
479 }
480
1da177e4
LT		 481 atomic_dec(&hdev->promisc);
482 hci_dev_put(hdev);
483 }
484
485 sock_orphan(sk);
486
487 skb_queue_purge(&sk->sk_receive_queue);
488 skb_queue_purge(&sk->sk_write_queue);
489
490 sock_put(sk);
491 return 0;
492}
493
b2a66aad 494static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 495{
496 bdaddr_t bdaddr;
5e762444 497 int err;
f0358568
JH		 498
499 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
500 return -EFAULT;
501
09fd0de5 502 hci_dev_lock(hdev);
5e762444 503
dcc36c16 504 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 505
09fd0de5 506 hci_dev_unlock(hdev);
5e762444
AJ		 507
508 return err;
f0358568
JH		 509}
510
b2a66aad 511static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 512{
513 bdaddr_t bdaddr;
5e762444 514 int err;
f0358568
JH		 515
516 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
517 return -EFAULT;
518
09fd0de5 519 hci_dev_lock(hdev);
5e762444 520
dcc36c16 521 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 522
09fd0de5 523 hci_dev_unlock(hdev);
5e762444
AJ		 524
525 return err;
f0358568
JH		 526}
527
8e87d142 528/* Ioctls that require bound socket */
6039aa73
GP		 529static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
530 unsigned long arg)
1da177e4
LT		 531{
532 struct hci_dev *hdev = hci_pi(sk)->hdev;
533
534 if (!hdev)
535 return -EBADFD;
536
0736cfa8
MH		 537 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
538 return -EBUSY;
539
4a964404 540 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
fee746b0
MH		 541 return -EOPNOTSUPP;
542
5b69bef5
MH		 543 if (hdev->dev_type != HCI_BREDR)
544 return -EOPNOTSUPP;
545
1da177e4
LT		 546 switch (cmd) {
547 case HCISETRAW:
548 if (!capable(CAP_NET_ADMIN))
bf5b30b8 549 return -EPERM;
db596681 550 return -EOPNOTSUPP;
1da177e4 551
1da177e4 552 case HCIGETCONNINFO:
40be492f
MH		 553 return hci_get_conn_info(hdev, (void __user *) arg);
554
555 case HCIGETAUTHINFO:
556 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 557
f0358568
JH		 558 case HCIBLOCKADDR:
559 if (!capable(CAP_NET_ADMIN))
bf5b30b8 560 return -EPERM;
b2a66aad 561 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 562
563 case HCIUNBLOCKADDR:
564 if (!capable(CAP_NET_ADMIN))
bf5b30b8 565 return -EPERM;
b2a66aad 566 return hci_sock_blacklist_del(hdev, (void __user *) arg);
1da177e4 567 }
0736cfa8 568
324d36ed 569 return -ENOIOCTLCMD;
1da177e4
LT		 570}
571
8fc9ced3
GP		 572static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
573 unsigned long arg)
1da177e4 574{
40be492f 575 void __user *argp = (void __user *) arg;
0736cfa8 576 struct sock *sk = sock->sk;
1da177e4
LT		 577 int err;
578
579 BT_DBG("cmd %x arg %lx", cmd, arg);
580
c1c4f956
MH		 581 lock_sock(sk);
582
583 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
584 err = -EBADFD;
585 goto done;
586 }
587
588 release_sock(sk);
589
1da177e4
LT		 590 switch (cmd) {
591 case HCIGETDEVLIST:
592 return hci_get_dev_list(argp);
593
594 case HCIGETDEVINFO:
595 return hci_get_dev_info(argp);
596
597 case HCIGETCONNLIST:
598 return hci_get_conn_list(argp);
599
600 case HCIDEVUP:
601 if (!capable(CAP_NET_ADMIN))
bf5b30b8 602 return -EPERM;
1da177e4
LT		 603 return hci_dev_open(arg);
604
605 case HCIDEVDOWN:
606 if (!capable(CAP_NET_ADMIN))
bf5b30b8 607 return -EPERM;
1da177e4
LT		 608 return hci_dev_close(arg);
609
610 case HCIDEVRESET:
611 if (!capable(CAP_NET_ADMIN))
bf5b30b8 612 return -EPERM;
1da177e4
LT		 613 return hci_dev_reset(arg);
614
615 case HCIDEVRESTAT:
616 if (!capable(CAP_NET_ADMIN))
bf5b30b8 617 return -EPERM;
1da177e4
LT		 618 return hci_dev_reset_stat(arg);
619
620 case HCISETSCAN:
621 case HCISETAUTH:
622 case HCISETENCRYPT:
623 case HCISETPTYPE:
624 case HCISETLINKPOL:
625 case HCISETLINKMODE:
626 case HCISETACLMTU:
627 case HCISETSCOMTU:
628 if (!capable(CAP_NET_ADMIN))
bf5b30b8 629 return -EPERM;
1da177e4
LT		 630 return hci_dev_cmd(cmd, argp);
631
632 case HCIINQUIRY:
633 return hci_inquiry(argp);
1da177e4 634 }
c1c4f956
MH		 635
636 lock_sock(sk);
637
638 err = hci_sock_bound_ioctl(sk, cmd, arg);
639
640done:
641 release_sock(sk);
642 return err;
1da177e4
LT		 643}
644
8fc9ced3
GP		 645static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
646 int addr_len)
1da177e4 647{
0381101f 648 struct sockaddr_hci haddr;
1da177e4
LT		 649 struct sock *sk = sock->sk;
650 struct hci_dev *hdev = NULL;
0381101f 651 int len, err = 0;
1da177e4
LT		 652
653 BT_DBG("sock %p sk %p", sock, sk);
654
0381101f
JH		 655 if (!addr)
656 return -EINVAL;
657
658 memset(&haddr, 0, sizeof(haddr));
659 len = min_t(unsigned int, sizeof(haddr), addr_len);
660 memcpy(&haddr, addr, len);
661
662 if (haddr.hci_family != AF_BLUETOOTH)
663 return -EINVAL;
664
1da177e4
LT		 665 lock_sock(sk);
666
7cc2ade2 667 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 668 err = -EALREADY;
669 goto done;
670 }
671
7cc2ade2
MH		 672 switch (haddr.hci_channel) {
673 case HCI_CHANNEL_RAW:
674 if (hci_pi(sk)->hdev) {
675 err = -EALREADY;
1da177e4
LT		 676 goto done;
677 }
678
7cc2ade2
MH		 679 if (haddr.hci_dev != HCI_DEV_NONE) {
680 hdev = hci_dev_get(haddr.hci_dev);
681 if (!hdev) {
682 err = -ENODEV;
683 goto done;
684 }
685
686 atomic_inc(&hdev->promisc);
687 }
688
689 hci_pi(sk)->hdev = hdev;
690 break;
691
23500189
MH		 692 case HCI_CHANNEL_USER:
693 if (hci_pi(sk)->hdev) {
694 err = -EALREADY;
695 goto done;
696 }
697
698 if (haddr.hci_dev == HCI_DEV_NONE) {
699 err = -EINVAL;
700 goto done;
701 }
702
10a8b86f 703 if (!capable(CAP_NET_ADMIN)) {
23500189
MH		 704 err = -EPERM;
705 goto done;
706 }
707
708 hdev = hci_dev_get(haddr.hci_dev);
709 if (!hdev) {
710 err = -ENODEV;
711 goto done;
712 }
713
714 if (test_bit(HCI_UP, &hdev->flags) ||
715 test_bit(HCI_INIT, &hdev->flags) ||
d603b76b
MH		 716 test_bit(HCI_SETUP, &hdev->dev_flags) ||
717 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
23500189
MH		 718 err = -EBUSY;
719 hci_dev_put(hdev);
720 goto done;
721 }
722
723 if (test_and_set_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
724 err = -EUSERS;
725 hci_dev_put(hdev);
726 goto done;
727 }
728
0602a8ad 729 mgmt_index_removed(hdev);
23500189
MH		 730
731 err = hci_dev_open(hdev->id);
732 if (err) {
733 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
0602a8ad 734 mgmt_index_added(hdev);
23500189
MH		 735 hci_dev_put(hdev);
736 goto done;
737 }
738
739 atomic_inc(&hdev->promisc);
740
741 hci_pi(sk)->hdev = hdev;
742 break;
743
cd82e61c
MH		 744 case HCI_CHANNEL_MONITOR:
745 if (haddr.hci_dev != HCI_DEV_NONE) {
746 err = -EINVAL;
747 goto done;
748 }
749
750 if (!capable(CAP_NET_RAW)) {
751 err = -EPERM;
752 goto done;
753 }
754
755 send_monitor_replay(sk);
756
757 atomic_inc(&monitor_promisc);
758 break;
759
7cc2ade2 760 default:
801c1e8d
JH		 761 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
762 err = -EINVAL;
763 goto done;
764 }
765
766 if (haddr.hci_dev != HCI_DEV_NONE) {
767 err = -EINVAL;
768 goto done;
769 }
770
771 if (!capable(CAP_NET_ADMIN)) {
772 err = -EPERM;
773 goto done;
774 }
775
776 break;
1da177e4
LT		 777 }
778
7cc2ade2 779
0381101f 780 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 781 sk->sk_state = BT_BOUND;
782
783done:
784 release_sock(sk);
785 return err;
786}
787
8fc9ced3
GP		 788static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
789 int *addr_len, int peer)
1da177e4
LT		 790{
791 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
792 struct sock *sk = sock->sk;
9d4b68b2
MH		 793 struct hci_dev *hdev;
794 int err = 0;
1da177e4
LT		 795
796 BT_DBG("sock %p sk %p", sock, sk);
797
06f43cbc
MH		 798 if (peer)
799 return -EOPNOTSUPP;
800
1da177e4
LT		 801 lock_sock(sk);
802
9d4b68b2
MH		 803 hdev = hci_pi(sk)->hdev;
804 if (!hdev) {
805 err = -EBADFD;
806 goto done;
807 }
808
1da177e4
LT		 809 *addr_len = sizeof(*haddr);
810 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 811 haddr->hci_dev = hdev->id;
9d4b68b2 812 haddr->hci_channel= hci_pi(sk)->channel;
1da177e4 813
9d4b68b2 814done:
1da177e4 815 release_sock(sk);
9d4b68b2 816 return err;
1da177e4
LT		 817}
818
6039aa73
GP		 819static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
820 struct sk_buff *skb)
1da177e4
LT		 821{
822 __u32 mask = hci_pi(sk)->cmsg_mask;
823
0d48d939
MH		 824 if (mask & HCI_CMSG_DIR) {
825 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 826 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
827 &incoming);
0d48d939 828 }
1da177e4 829
a61bbcf2 830 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 831#ifdef CONFIG_COMPAT
832 struct compat_timeval ctv;
833#endif
a61bbcf2 834 struct timeval tv;
767c5eb5
MH		 835 void *data;
836 int len;
a61bbcf2
PM		 837
838 skb_get_timestamp(skb, &tv);
767c5eb5 839
1da97f83
DM		 840 data = &tv;
841 len = sizeof(tv);
842#ifdef CONFIG_COMPAT
da88cea1
L		 843 if (!COMPAT_USE_64BIT_TIME &&
844 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 845 ctv.tv_sec = tv.tv_sec;
846 ctv.tv_usec = tv.tv_usec;
847 data = &ctv;
848 len = sizeof(ctv);
767c5eb5 849 }
1da97f83 850#endif
767c5eb5
MH		 851
852 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 853 }
1da177e4 854}
8e87d142 855
1b784140
YX		 856static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
857 int flags)
1da177e4
LT		 858{
859 int noblock = flags & MSG_DONTWAIT;
860 struct sock *sk = sock->sk;
861 struct sk_buff *skb;
862 int copied, err;
863
864 BT_DBG("sock %p, sk %p", sock, sk);
865
866 if (flags & (MSG_OOB))
867 return -EOPNOTSUPP;
868
869 if (sk->sk_state == BT_CLOSED)
870 return 0;
871
70f23020
AE		 872 skb = skb_recv_datagram(sk, flags, noblock, &err);
873 if (!skb)
1da177e4
LT		 874 return err;
875
1da177e4
LT		 876 copied = skb->len;
877 if (len < copied) {
878 msg->msg_flags |= MSG_TRUNC;
879 copied = len;
880 }
881
badff6d0 882 skb_reset_transport_header(skb);
51f3d02b 883 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1da177e4 884
3a208627
MH		 885 switch (hci_pi(sk)->channel) {
886 case HCI_CHANNEL_RAW:
887 hci_sock_cmsg(sk, msg, skb);
888 break;
23500189 889 case HCI_CHANNEL_USER:
cd82e61c
MH		 890 case HCI_CHANNEL_MONITOR:
891 sock_recv_timestamp(msg, sk, skb);
892 break;
801c1e8d
JH		 893 default:
894 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
895 sock_recv_timestamp(msg, sk, skb);
896 break;
3a208627 897 }
1da177e4
LT		 898
899 skb_free_datagram(sk, skb);
900
901 return err ? : copied;
902}
903
1b784140
YX		 904static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
905 size_t len)
1da177e4
LT		 906{
907 struct sock *sk = sock->sk;
801c1e8d 908 struct hci_mgmt_chan *chan;
1da177e4
LT		 909 struct hci_dev *hdev;
910 struct sk_buff *skb;
911 int err;
912
913 BT_DBG("sock %p sk %p", sock, sk);
914
915 if (msg->msg_flags & MSG_OOB)
916 return -EOPNOTSUPP;
917
918 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
919 return -EINVAL;
920
921 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
922 return -EINVAL;
923
924 lock_sock(sk);
925
0381101f
JH		 926 switch (hci_pi(sk)->channel) {
927 case HCI_CHANNEL_RAW:
23500189 928 case HCI_CHANNEL_USER:
0381101f 929 break;
cd82e61c
MH		 930 case HCI_CHANNEL_MONITOR:
931 err = -EOPNOTSUPP;
932 goto done;
0381101f 933 default:
801c1e8d
JH		 934 mutex_lock(&mgmt_chan_list_lock);
935 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
936 if (chan)
6d785aa3 937 err = mgmt_control(chan, sk, msg, len);
801c1e8d
JH		 938 else
939 err = -EINVAL;
940
941 mutex_unlock(&mgmt_chan_list_lock);
0381101f
JH		 942 goto done;
943 }
944
70f23020
AE		 945 hdev = hci_pi(sk)->hdev;
946 if (!hdev) {
1da177e4
LT		 947 err = -EBADFD;
948 goto done;
949 }
950
7e21addc
MH		 951 if (!test_bit(HCI_UP, &hdev->flags)) {
952 err = -ENETDOWN;
953 goto done;
954 }
955
70f23020
AE		 956 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
957 if (!skb)
1da177e4
LT		 958 goto done;
959
6ce8e9ce 960 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1da177e4
LT		 961 err = -EFAULT;
962 goto drop;
963 }
964
0d48d939 965 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4 966 skb_pull(skb, 1);
1da177e4 967
1bc5ad16
MH		 968 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
969 /* No permission check is needed for user channel
970 * since that gets enforced when binding the socket.
971 *
972 * However check that the packet type is valid.
973 */
974 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
975 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
976 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
977 err = -EINVAL;
978 goto drop;
979 }
980
981 skb_queue_tail(&hdev->raw_q, skb);
982 queue_work(hdev->workqueue, &hdev->tx_work);
983 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 984 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 985 u16 ogf = hci_opcode_ogf(opcode);
986 u16 ocf = hci_opcode_ocf(opcode);
987
988 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 989 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
990 &hci_sec_filter.ocf_mask[ogf])) &&
991 !capable(CAP_NET_RAW)) {
1da177e4
LT		 992 err = -EPERM;
993 goto drop;
994 }
995
fee746b0 996 if (ogf == 0x3f) {
1da177e4 997 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 998 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 999 } else {
49c922bb 1000 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 1001 * single-command requests.
1002 */
6368c235 1003 bt_cb(skb)->req_start = 1;
11714b3d 1004
1da177e4 1005 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 1006 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 1007 }
1008 } else {
1009 if (!capable(CAP_NET_RAW)) {
1010 err = -EPERM;
1011 goto drop;
1012 }
1013
1014 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1015 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 1016 }
1017
1018 err = len;
1019
1020done:
1021 release_sock(sk);
1022 return err;
1023
1024drop:
1025 kfree_skb(skb);
1026 goto done;
1027}
1028
8fc9ced3
GP		 1029static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1030 char __user *optval, unsigned int len)
1da177e4
LT		 1031{
1032 struct hci_ufilter uf = { .opcode = 0 };
1033 struct sock *sk = sock->sk;
1034 int err = 0, opt = 0;
1035
1036 BT_DBG("sk %p, opt %d", sk, optname);
1037
1038 lock_sock(sk);
1039
2f39cdb7 1040 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1041 err = -EBADFD;
2f39cdb7
MH		 1042 goto done;
1043 }
1044
1da177e4
LT		 1045 switch (optname) {
1046 case HCI_DATA_DIR:
1047 if (get_user(opt, (int __user *)optval)) {
1048 err = -EFAULT;
1049 break;
1050 }
1051
1052 if (opt)
1053 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1054 else
1055 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1056 break;
1057
1058 case HCI_TIME_STAMP:
1059 if (get_user(opt, (int __user *)optval)) {
1060 err = -EFAULT;
1061 break;
1062 }
1063
1064 if (opt)
1065 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1066 else
1067 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1068 break;
1069
1070 case HCI_FILTER:
0878b666
MH		 1071 {
1072 struct hci_filter *f = &hci_pi(sk)->filter;
1073
1074 uf.type_mask = f->type_mask;
1075 uf.opcode = f->opcode;
1076 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1077 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1078 }
1079
1da177e4
LT		 1080 len = min_t(unsigned int, len, sizeof(uf));
1081 if (copy_from_user(&uf, optval, len)) {
1082 err = -EFAULT;
1083 break;
1084 }
1085
1086 if (!capable(CAP_NET_RAW)) {
1087 uf.type_mask &= hci_sec_filter.type_mask;
1088 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1089 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1090 }
1091
1092 {
1093 struct hci_filter *f = &hci_pi(sk)->filter;
1094
1095 f->type_mask = uf.type_mask;
1096 f->opcode = uf.opcode;
1097 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1098 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1099 }
8e87d142 1100 break;
1da177e4
LT		 1101
1102 default:
1103 err = -ENOPROTOOPT;
1104 break;
1105 }
1106
2f39cdb7 1107done:
1da177e4
LT		 1108 release_sock(sk);
1109 return err;
1110}
1111
8fc9ced3
GP		 1112static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1113 char __user *optval, int __user *optlen)
1da177e4
LT		 1114{
1115 struct hci_ufilter uf;
1116 struct sock *sk = sock->sk;
cedc5469
MH		 1117 int len, opt, err = 0;
1118
1119 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 1120
1121 if (get_user(len, optlen))
1122 return -EFAULT;
1123
cedc5469
MH		 1124 lock_sock(sk);
1125
1126 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1127 err = -EBADFD;
cedc5469
MH		 1128 goto done;
1129 }
1130
1da177e4
LT		 1131 switch (optname) {
1132 case HCI_DATA_DIR:
1133 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1134 opt = 1;
8e87d142 1135 else
1da177e4
LT		 1136 opt = 0;
1137
1138 if (put_user(opt, optval))
cedc5469 1139 err = -EFAULT;
1da177e4
LT		 1140 break;
1141
1142 case HCI_TIME_STAMP:
1143 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1144 opt = 1;
8e87d142 1145 else
1da177e4
LT		 1146 opt = 0;
1147
1148 if (put_user(opt, optval))
cedc5469 1149 err = -EFAULT;
1da177e4
LT		 1150 break;
1151
1152 case HCI_FILTER:
1153 {
1154 struct hci_filter *f = &hci_pi(sk)->filter;
1155
e15ca9a0 1156 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1157 uf.type_mask = f->type_mask;
1158 uf.opcode = f->opcode;
1159 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1160 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1161 }
1162
1163 len = min_t(unsigned int, len, sizeof(uf));
1164 if (copy_to_user(optval, &uf, len))
cedc5469 1165 err = -EFAULT;
1da177e4
LT		 1166 break;
1167
1168 default:
cedc5469 1169 err = -ENOPROTOOPT;
1da177e4
LT		 1170 break;
1171 }
1172
cedc5469
MH		 1173done:
1174 release_sock(sk);
1175 return err;
1da177e4
LT		 1176}
1177
90ddc4f0 1178static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1179 .family = PF_BLUETOOTH,
1180 .owner = THIS_MODULE,
1181 .release = hci_sock_release,
1182 .bind = hci_sock_bind,
1183 .getname = hci_sock_getname,
1184 .sendmsg = hci_sock_sendmsg,
1185 .recvmsg = hci_sock_recvmsg,
1186 .ioctl = hci_sock_ioctl,
1187 .poll = datagram_poll,
1188 .listen = sock_no_listen,
1189 .shutdown = sock_no_shutdown,
1190 .setsockopt = hci_sock_setsockopt,
1191 .getsockopt = hci_sock_getsockopt,
1192 .connect = sock_no_connect,
1193 .socketpair = sock_no_socketpair,
1194 .accept = sock_no_accept,
1195 .mmap = sock_no_mmap
1196};
1197
1198static struct proto hci_sk_proto = {
1199 .name = "HCI",
1200 .owner = THIS_MODULE,
1201 .obj_size = sizeof(struct hci_pinfo)
1202};
1203
3f378b68
EP		 1204static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1205 int kern)
1da177e4
LT		 1206{
1207 struct sock *sk;
1208
1209 BT_DBG("sock %p", sock);
1210
1211 if (sock->type != SOCK_RAW)
1212 return -ESOCKTNOSUPPORT;
1213
1214 sock->ops = &hci_sock_ops;
1215
6257ff21 1216 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4
LT		 1217 if (!sk)
1218 return -ENOMEM;
1219
1220 sock_init_data(sock, sk);
1221
1222 sock_reset_flag(sk, SOCK_ZAPPED);
1223
1224 sk->sk_protocol = protocol;
1225
1226 sock->state = SS_UNCONNECTED;
1227 sk->sk_state = BT_OPEN;
1228
1229 bt_sock_link(&hci_sk_list, sk);
1230 return 0;
1231}
1232
ec1b4cf7 1233static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1234 .family = PF_BLUETOOTH,
1235 .owner = THIS_MODULE,
1236 .create = hci_sock_create,
1237};
1238
1da177e4
LT		 1239int __init hci_sock_init(void)
1240{
1241 int err;
1242
b0a8e282
MH		 1243 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1244
1da177e4
LT		 1245 err = proto_register(&hci_sk_proto, 0);
1246 if (err < 0)
1247 return err;
1248
1249 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1250 if (err < 0) {
1251 BT_ERR("HCI socket registration failed");
1da177e4 1252 goto error;
f7c86637
MY		 1253 }
1254
b0316615 1255 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1256 if (err < 0) {
1257 BT_ERR("Failed to create HCI proc file");
1258 bt_sock_unregister(BTPROTO_HCI);
1259 goto error;
1260 }
1da177e4 1261
1da177e4
LT		 1262 BT_INFO("HCI socket layer initialized");
1263
1264 return 0;
1265
1266error:
1da177e4
LT		 1267 proto_unregister(&hci_sk_proto);
1268 return err;
1269}
1270
b7440a14 1271void hci_sock_cleanup(void)
1da177e4 1272{
f7c86637 1273 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1274 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1275 proto_unregister(&hci_sk_proto);
1da177e4 1276}
Linux kernel - Deliverables
This page took 0.883165 seconds and 5 git commands to generate.