projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix issue with shared SKB between HCI raw socket and driver
[deliverable/linux.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/slab.h>
34#include <linux/poll.h>
35#include <linux/fcntl.h>
36#include <linux/init.h>
37#include <linux/skbuff.h>
38#include <linux/workqueue.h>
39#include <linux/interrupt.h>
767c5eb5 40#include <linux/compat.h>
1da177e4
LT		 41#include <linux/socket.h>
42#include <linux/ioctl.h>
43#include <net/sock.h>
44
45#include <asm/system.h>
70f23020 46#include <linux/uaccess.h>
1da177e4
LT		 47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51
eb939922 52static bool enable_mgmt;
0381101f 53
1da177e4
LT		 54/* ----- HCI socket interface ----- */
55
56static inline int hci_test_bit(int nr, void *addr)
57{
58 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
59}
60
61/* Security filter */
62static struct hci_sec_filter hci_sec_filter = {
63 /* Packet types */
64 0x10,
65 /* Events */
dd7f5527 66 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 67 /* Commands */
68 {
69 { 0x0 },
70 /* OGF_LINK_CTL */
7c631a67 71 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 72 /* OGF_LINK_POLICY */
7c631a67 73 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 74 /* OGF_HOST_CTL */
7c631a67 75 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 76 /* OGF_INFO_PARAM */
7c631a67 77 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 78 /* OGF_STATUS_PARAM */
7c631a67 79 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 80 }
81};
82
83static struct bt_sock_list hci_sk_list = {
d5fb2962 84 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 85};
86
87/* Send frame to RAW socket */
470fe1b5 88void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 89{
90 struct sock *sk;
91 struct hlist_node *node;
e0edf373 92 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 93
94 BT_DBG("hdev %p len %d", hdev, skb->len);
95
96 read_lock(&hci_sk_list.lock);
470fe1b5 97
1da177e4
LT		 98 sk_for_each(sk, node, &hci_sk_list.head) {
99 struct hci_filter *flt;
100 struct sk_buff *nskb;
101
102 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
103 continue;
104
105 /* Don't send frame to the socket it came from */
106 if (skb->sk == sk)
107 continue;
108
470fe1b5 109 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
a40c406c
JH		 110 continue;
111
1da177e4
LT		 112 /* Apply filter */
113 flt = &hci_pi(sk)->filter;
114
0d48d939
MH		 115 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
116 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
1da177e4
LT		 117 continue;
118
0d48d939 119 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
1da177e4
LT		 120 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
121
122 if (!hci_test_bit(evt, &flt->event_mask))
123 continue;
124
4498c80d
DM		 125 if (flt->opcode &&
126 ((evt == HCI_EV_CMD_COMPLETE &&
127 flt->opcode !=
905f3ed6 128 get_unaligned((__le16 *)(skb->data + 3))) ||
4498c80d
DM		 129 (evt == HCI_EV_CMD_STATUS &&
130 flt->opcode !=
905f3ed6 131 get_unaligned((__le16 *)(skb->data + 4)))))
1da177e4
LT		 132 continue;
133 }
134
e0edf373
MH		 135 if (!skb_copy) {
136 /* Create a private copy with headroom */
137 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
138 if (!skb_copy)
139 continue;
140
141 /* Put type byte before the data */
142 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
143 }
144
145 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 146 if (!nskb)
1da177e4
LT		 147 continue;
148
470fe1b5
MH		 149 if (sock_queue_rcv_skb(sk, nskb))
150 kfree_skb(nskb);
151 }
152
153 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 154
155 kfree_skb(skb_copy);
470fe1b5
MH		 156}
157
158/* Send frame to control socket */
159void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
160{
161 struct sock *sk;
162 struct hlist_node *node;
163
164 BT_DBG("len %d", skb->len);
165
166 read_lock(&hci_sk_list.lock);
167
168 sk_for_each(sk, node, &hci_sk_list.head) {
169 struct sk_buff *nskb;
170
171 /* Skip the original socket */
172 if (sk == skip_sk)
173 continue;
174
175 if (sk->sk_state != BT_BOUND)
176 continue;
177
178 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
179 continue;
180
181 nskb = skb_clone(skb, GFP_ATOMIC);
182 if (!nskb)
183 continue;
1da177e4
LT		 184
185 if (sock_queue_rcv_skb(sk, nskb))
186 kfree_skb(nskb);
187 }
470fe1b5 188
1da177e4
LT		 189 read_unlock(&hci_sk_list.lock);
190}
191
192static int hci_sock_release(struct socket *sock)
193{
194 struct sock *sk = sock->sk;
7b005bd3 195 struct hci_dev *hdev;
1da177e4
LT		 196
197 BT_DBG("sock %p sk %p", sock, sk);
198
199 if (!sk)
200 return 0;
201
7b005bd3
MH		 202 hdev = hci_pi(sk)->hdev;
203
1da177e4
LT		 204 bt_sock_unlink(&hci_sk_list, sk);
205
206 if (hdev) {
207 atomic_dec(&hdev->promisc);
208 hci_dev_put(hdev);
209 }
210
211 sock_orphan(sk);
212
213 skb_queue_purge(&sk->sk_receive_queue);
214 skb_queue_purge(&sk->sk_write_queue);
215
216 sock_put(sk);
217 return 0;
218}
219
b2a66aad 220static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 221{
222 bdaddr_t bdaddr;
5e762444 223 int err;
f0358568
JH		 224
225 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
226 return -EFAULT;
227
09fd0de5 228 hci_dev_lock(hdev);
5e762444 229
88c1fe4b 230 err = hci_blacklist_add(hdev, &bdaddr, 0);
5e762444 231
09fd0de5 232 hci_dev_unlock(hdev);
5e762444
AJ		 233
234 return err;
f0358568
JH		 235}
236
b2a66aad 237static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 238{
239 bdaddr_t bdaddr;
5e762444 240 int err;
f0358568
JH		 241
242 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
243 return -EFAULT;
244
09fd0de5 245 hci_dev_lock(hdev);
5e762444 246
88c1fe4b 247 err = hci_blacklist_del(hdev, &bdaddr, 0);
5e762444 248
09fd0de5 249 hci_dev_unlock(hdev);
5e762444
AJ		 250
251 return err;
f0358568
JH		 252}
253
8e87d142 254/* Ioctls that require bound socket */
1da177e4
LT		 255static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
256{
257 struct hci_dev *hdev = hci_pi(sk)->hdev;
258
259 if (!hdev)
260 return -EBADFD;
261
262 switch (cmd) {
263 case HCISETRAW:
264 if (!capable(CAP_NET_ADMIN))
265 return -EACCES;
266
267 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
268 return -EPERM;
269
270 if (arg)
271 set_bit(HCI_RAW, &hdev->flags);
272 else
273 clear_bit(HCI_RAW, &hdev->flags);
274
275 return 0;
276
1da177e4 277 case HCIGETCONNINFO:
40be492f
MH		 278 return hci_get_conn_info(hdev, (void __user *) arg);
279
280 case HCIGETAUTHINFO:
281 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 282
f0358568
JH		 283 case HCIBLOCKADDR:
284 if (!capable(CAP_NET_ADMIN))
285 return -EACCES;
b2a66aad 286 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 287
288 case HCIUNBLOCKADDR:
289 if (!capable(CAP_NET_ADMIN))
290 return -EACCES;
b2a66aad 291 return hci_sock_blacklist_del(hdev, (void __user *) arg);
f0358568 292
1da177e4
LT		 293 default:
294 if (hdev->ioctl)
295 return hdev->ioctl(hdev, cmd, arg);
296 return -EINVAL;
297 }
298}
299
300static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
301{
302 struct sock *sk = sock->sk;
40be492f 303 void __user *argp = (void __user *) arg;
1da177e4
LT		 304 int err;
305
306 BT_DBG("cmd %x arg %lx", cmd, arg);
307
308 switch (cmd) {
309 case HCIGETDEVLIST:
310 return hci_get_dev_list(argp);
311
312 case HCIGETDEVINFO:
313 return hci_get_dev_info(argp);
314
315 case HCIGETCONNLIST:
316 return hci_get_conn_list(argp);
317
318 case HCIDEVUP:
319 if (!capable(CAP_NET_ADMIN))
320 return -EACCES;
321 return hci_dev_open(arg);
322
323 case HCIDEVDOWN:
324 if (!capable(CAP_NET_ADMIN))
325 return -EACCES;
326 return hci_dev_close(arg);
327
328 case HCIDEVRESET:
329 if (!capable(CAP_NET_ADMIN))
330 return -EACCES;
331 return hci_dev_reset(arg);
332
333 case HCIDEVRESTAT:
334 if (!capable(CAP_NET_ADMIN))
335 return -EACCES;
336 return hci_dev_reset_stat(arg);
337
338 case HCISETSCAN:
339 case HCISETAUTH:
340 case HCISETENCRYPT:
341 case HCISETPTYPE:
342 case HCISETLINKPOL:
343 case HCISETLINKMODE:
344 case HCISETACLMTU:
345 case HCISETSCOMTU:
346 if (!capable(CAP_NET_ADMIN))
347 return -EACCES;
348 return hci_dev_cmd(cmd, argp);
349
350 case HCIINQUIRY:
351 return hci_inquiry(argp);
352
353 default:
354 lock_sock(sk);
355 err = hci_sock_bound_ioctl(sk, cmd, arg);
356 release_sock(sk);
357 return err;
358 }
359}
360
361static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
362{
0381101f 363 struct sockaddr_hci haddr;
1da177e4
LT		 364 struct sock *sk = sock->sk;
365 struct hci_dev *hdev = NULL;
0381101f 366 int len, err = 0;
1da177e4
LT		 367
368 BT_DBG("sock %p sk %p", sock, sk);
369
0381101f
JH		 370 if (!addr)
371 return -EINVAL;
372
373 memset(&haddr, 0, sizeof(haddr));
374 len = min_t(unsigned int, sizeof(haddr), addr_len);
375 memcpy(&haddr, addr, len);
376
377 if (haddr.hci_family != AF_BLUETOOTH)
378 return -EINVAL;
379
1da177e4
LT		 380 lock_sock(sk);
381
7cc2ade2 382 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 383 err = -EALREADY;
384 goto done;
385 }
386
7cc2ade2
MH		 387 switch (haddr.hci_channel) {
388 case HCI_CHANNEL_RAW:
389 if (hci_pi(sk)->hdev) {
390 err = -EALREADY;
1da177e4
LT		 391 goto done;
392 }
393
7cc2ade2
MH		 394 if (haddr.hci_dev != HCI_DEV_NONE) {
395 hdev = hci_dev_get(haddr.hci_dev);
396 if (!hdev) {
397 err = -ENODEV;
398 goto done;
399 }
400
401 atomic_inc(&hdev->promisc);
402 }
403
404 hci_pi(sk)->hdev = hdev;
405 break;
406
407 case HCI_CHANNEL_CONTROL:
408 if (haddr.hci_dev != HCI_DEV_NONE || !enable_mgmt) {
409 err = -EINVAL;
410 goto done;
411 }
412
413 set_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags);
414 break;
415
416 default:
417 err = -EINVAL;
418 goto done;
1da177e4
LT		 419 }
420
7cc2ade2 421
0381101f 422 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 423 sk->sk_state = BT_BOUND;
424
425done:
426 release_sock(sk);
427 return err;
428}
429
430static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
431{
432 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
433 struct sock *sk = sock->sk;
7b005bd3 434 struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4
LT		 435
436 BT_DBG("sock %p sk %p", sock, sk);
437
7b005bd3
MH		 438 if (!hdev)
439 return -EBADFD;
440
1da177e4
LT		 441 lock_sock(sk);
442
443 *addr_len = sizeof(*haddr);
444 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 445 haddr->hci_dev = hdev->id;
1da177e4
LT		 446
447 release_sock(sk);
448 return 0;
449}
450
451static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
452{
453 __u32 mask = hci_pi(sk)->cmsg_mask;
454
0d48d939
MH		 455 if (mask & HCI_CMSG_DIR) {
456 int incoming = bt_cb(skb)->incoming;
457 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
458 }
1da177e4 459
a61bbcf2 460 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 461#ifdef CONFIG_COMPAT
462 struct compat_timeval ctv;
463#endif
a61bbcf2 464 struct timeval tv;
767c5eb5
MH		 465 void *data;
466 int len;
a61bbcf2
PM		 467
468 skb_get_timestamp(skb, &tv);
767c5eb5 469
1da97f83
DM		 470 data = &tv;
471 len = sizeof(tv);
472#ifdef CONFIG_COMPAT
767c5eb5 473 if (msg->msg_flags & MSG_CMSG_COMPAT) {
767c5eb5
MH		 474 ctv.tv_sec = tv.tv_sec;
475 ctv.tv_usec = tv.tv_usec;
476 data = &ctv;
477 len = sizeof(ctv);
767c5eb5 478 }
1da97f83 479#endif
767c5eb5
MH		 480
481 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 482 }
1da177e4 483}
8e87d142
YH		 484
485static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 486 struct msghdr *msg, size_t len, int flags)
487{
488 int noblock = flags & MSG_DONTWAIT;
489 struct sock *sk = sock->sk;
490 struct sk_buff *skb;
491 int copied, err;
492
493 BT_DBG("sock %p, sk %p", sock, sk);
494
495 if (flags & (MSG_OOB))
496 return -EOPNOTSUPP;
497
498 if (sk->sk_state == BT_CLOSED)
499 return 0;
500
70f23020
AE		 501 skb = skb_recv_datagram(sk, flags, noblock, &err);
502 if (!skb)
1da177e4
LT		 503 return err;
504
505 msg->msg_namelen = 0;
506
507 copied = skb->len;
508 if (len < copied) {
509 msg->msg_flags |= MSG_TRUNC;
510 copied = len;
511 }
512
badff6d0 513 skb_reset_transport_header(skb);
1da177e4
LT		 514 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
515
3a208627
MH		 516 switch (hci_pi(sk)->channel) {
517 case HCI_CHANNEL_RAW:
518 hci_sock_cmsg(sk, msg, skb);
519 break;
520 }
1da177e4
LT		 521
522 skb_free_datagram(sk, skb);
523
524 return err ? : copied;
525}
526
8e87d142 527static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 528 struct msghdr *msg, size_t len)
529{
530 struct sock *sk = sock->sk;
531 struct hci_dev *hdev;
532 struct sk_buff *skb;
533 int err;
534
535 BT_DBG("sock %p sk %p", sock, sk);
536
537 if (msg->msg_flags & MSG_OOB)
538 return -EOPNOTSUPP;
539
540 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
541 return -EINVAL;
542
543 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
544 return -EINVAL;
545
546 lock_sock(sk);
547
0381101f
JH		 548 switch (hci_pi(sk)->channel) {
549 case HCI_CHANNEL_RAW:
550 break;
551 case HCI_CHANNEL_CONTROL:
552 err = mgmt_control(sk, msg, len);
553 goto done;
554 default:
555 err = -EINVAL;
556 goto done;
557 }
558
70f23020
AE		 559 hdev = hci_pi(sk)->hdev;
560 if (!hdev) {
1da177e4
LT		 561 err = -EBADFD;
562 goto done;
563 }
564
7e21addc
MH		 565 if (!test_bit(HCI_UP, &hdev->flags)) {
566 err = -ENETDOWN;
567 goto done;
568 }
569
70f23020
AE		 570 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
571 if (!skb)
1da177e4
LT		 572 goto done;
573
574 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
575 err = -EFAULT;
576 goto drop;
577 }
578
0d48d939 579 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4
LT		 580 skb_pull(skb, 1);
581 skb->dev = (void *) hdev;
582
0d48d939 583 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 584 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 585 u16 ogf = hci_opcode_ogf(opcode);
586 u16 ocf = hci_opcode_ocf(opcode);
587
588 if (((ogf > HCI_SFLT_MAX_OGF) ||
589 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
590 !capable(CAP_NET_RAW)) {
591 err = -EPERM;
592 goto drop;
593 }
594
a9de9248 595 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
1da177e4 596 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 597 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 598 } else {
599 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 600 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 601 }
602 } else {
603 if (!capable(CAP_NET_RAW)) {
604 err = -EPERM;
605 goto drop;
606 }
607
608 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 609 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 610 }
611
612 err = len;
613
614done:
615 release_sock(sk);
616 return err;
617
618drop:
619 kfree_skb(skb);
620 goto done;
621}
622
b7058842 623static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
1da177e4
LT		 624{
625 struct hci_ufilter uf = { .opcode = 0 };
626 struct sock *sk = sock->sk;
627 int err = 0, opt = 0;
628
629 BT_DBG("sk %p, opt %d", sk, optname);
630
631 lock_sock(sk);
632
2f39cdb7
MH		 633 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
634 err = -EINVAL;
635 goto done;
636 }
637
1da177e4
LT		 638 switch (optname) {
639 case HCI_DATA_DIR:
640 if (get_user(opt, (int __user *)optval)) {
641 err = -EFAULT;
642 break;
643 }
644
645 if (opt)
646 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
647 else
648 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
649 break;
650
651 case HCI_TIME_STAMP:
652 if (get_user(opt, (int __user *)optval)) {
653 err = -EFAULT;
654 break;
655 }
656
657 if (opt)
658 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
659 else
660 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
661 break;
662
663 case HCI_FILTER:
0878b666
MH		 664 {
665 struct hci_filter *f = &hci_pi(sk)->filter;
666
667 uf.type_mask = f->type_mask;
668 uf.opcode = f->opcode;
669 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
670 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
671 }
672
1da177e4
LT		 673 len = min_t(unsigned int, len, sizeof(uf));
674 if (copy_from_user(&uf, optval, len)) {
675 err = -EFAULT;
676 break;
677 }
678
679 if (!capable(CAP_NET_RAW)) {
680 uf.type_mask &= hci_sec_filter.type_mask;
681 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
682 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
683 }
684
685 {
686 struct hci_filter *f = &hci_pi(sk)->filter;
687
688 f->type_mask = uf.type_mask;
689 f->opcode = uf.opcode;
690 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
691 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
692 }
8e87d142 693 break;
1da177e4
LT		 694
695 default:
696 err = -ENOPROTOOPT;
697 break;
698 }
699
2f39cdb7 700done:
1da177e4
LT		 701 release_sock(sk);
702 return err;
703}
704
705static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
706{
707 struct hci_ufilter uf;
708 struct sock *sk = sock->sk;
cedc5469
MH		 709 int len, opt, err = 0;
710
711 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 712
713 if (get_user(len, optlen))
714 return -EFAULT;
715
cedc5469
MH		 716 lock_sock(sk);
717
718 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
719 err = -EINVAL;
720 goto done;
721 }
722
1da177e4
LT		 723 switch (optname) {
724 case HCI_DATA_DIR:
725 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
726 opt = 1;
8e87d142 727 else
1da177e4
LT		 728 opt = 0;
729
730 if (put_user(opt, optval))
cedc5469 731 err = -EFAULT;
1da177e4
LT		 732 break;
733
734 case HCI_TIME_STAMP:
735 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
736 opt = 1;
8e87d142 737 else
1da177e4
LT		 738 opt = 0;
739
740 if (put_user(opt, optval))
cedc5469 741 err = -EFAULT;
1da177e4
LT		 742 break;
743
744 case HCI_FILTER:
745 {
746 struct hci_filter *f = &hci_pi(sk)->filter;
747
748 uf.type_mask = f->type_mask;
749 uf.opcode = f->opcode;
750 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
751 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
752 }
753
754 len = min_t(unsigned int, len, sizeof(uf));
755 if (copy_to_user(optval, &uf, len))
cedc5469 756 err = -EFAULT;
1da177e4
LT		 757 break;
758
759 default:
cedc5469 760 err = -ENOPROTOOPT;
1da177e4
LT		 761 break;
762 }
763
cedc5469
MH		 764done:
765 release_sock(sk);
766 return err;
1da177e4
LT		 767}
768
90ddc4f0 769static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 770 .family = PF_BLUETOOTH,
771 .owner = THIS_MODULE,
772 .release = hci_sock_release,
773 .bind = hci_sock_bind,
774 .getname = hci_sock_getname,
775 .sendmsg = hci_sock_sendmsg,
776 .recvmsg = hci_sock_recvmsg,
777 .ioctl = hci_sock_ioctl,
778 .poll = datagram_poll,
779 .listen = sock_no_listen,
780 .shutdown = sock_no_shutdown,
781 .setsockopt = hci_sock_setsockopt,
782 .getsockopt = hci_sock_getsockopt,
783 .connect = sock_no_connect,
784 .socketpair = sock_no_socketpair,
785 .accept = sock_no_accept,
786 .mmap = sock_no_mmap
787};
788
789static struct proto hci_sk_proto = {
790 .name = "HCI",
791 .owner = THIS_MODULE,
792 .obj_size = sizeof(struct hci_pinfo)
793};
794
3f378b68
EP		 795static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
796 int kern)
1da177e4
LT		 797{
798 struct sock *sk;
799
800 BT_DBG("sock %p", sock);
801
802 if (sock->type != SOCK_RAW)
803 return -ESOCKTNOSUPPORT;
804
805 sock->ops = &hci_sock_ops;
806
6257ff21 807 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4
LT		 808 if (!sk)
809 return -ENOMEM;
810
811 sock_init_data(sock, sk);
812
813 sock_reset_flag(sk, SOCK_ZAPPED);
814
815 sk->sk_protocol = protocol;
816
817 sock->state = SS_UNCONNECTED;
818 sk->sk_state = BT_OPEN;
819
820 bt_sock_link(&hci_sk_list, sk);
821 return 0;
822}
823
824static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
825{
826 struct hci_dev *hdev = (struct hci_dev *) ptr;
827 struct hci_ev_si_device ev;
828
829 BT_DBG("hdev %s event %ld", hdev->name, event);
830
831 /* Send event to sockets */
832 ev.event = event;
833 ev.dev_id = hdev->id;
834 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
835
836 if (event == HCI_DEV_UNREG) {
837 struct sock *sk;
838 struct hlist_node *node;
839
840 /* Detach sockets from device */
841 read_lock(&hci_sk_list.lock);
842 sk_for_each(sk, node, &hci_sk_list.head) {
4ce61d1c 843 bh_lock_sock_nested(sk);
1da177e4
LT		 844 if (hci_pi(sk)->hdev == hdev) {
845 hci_pi(sk)->hdev = NULL;
846 sk->sk_err = EPIPE;
847 sk->sk_state = BT_OPEN;
848 sk->sk_state_change(sk);
849
850 hci_dev_put(hdev);
851 }
4ce61d1c 852 bh_unlock_sock(sk);
1da177e4
LT		 853 }
854 read_unlock(&hci_sk_list.lock);
855 }
856
857 return NOTIFY_DONE;
858}
859
ec1b4cf7 860static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 861 .family = PF_BLUETOOTH,
862 .owner = THIS_MODULE,
863 .create = hci_sock_create,
864};
865
866static struct notifier_block hci_sock_nblock = {
867 .notifier_call = hci_sock_dev_event
868};
869
870int __init hci_sock_init(void)
871{
872 int err;
873
874 err = proto_register(&hci_sk_proto, 0);
875 if (err < 0)
876 return err;
877
878 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
879 if (err < 0)
880 goto error;
881
882 hci_register_notifier(&hci_sock_nblock);
883
884 BT_INFO("HCI socket layer initialized");
885
886 return 0;
887
888error:
889 BT_ERR("HCI socket registration failed");
890 proto_unregister(&hci_sk_proto);
891 return err;
892}
893
b7440a14 894void hci_sock_cleanup(void)
1da177e4
LT		 895{
896 if (bt_sock_unregister(BTPROTO_HCI) < 0)
897 BT_ERR("HCI socket unregistration failed");
898
899 hci_unregister_notifier(&hci_sock_nblock);
900
901 proto_unregister(&hci_sk_proto);
1da177e4 902}
0381101f
JH		 903
904module_param(enable_mgmt, bool, 0644);
905MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
Linux kernel - Deliverables
This page took 0.618534 seconds and 5 git commands to generate.