projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move handling of HCI_RUNNING flag into core
[deliverable/linux.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
cd82e61c 32#include <net/bluetooth/hci_mon.h>
fa4335d7
JH		 33#include <net/bluetooth/mgmt.h>
34
35#include "mgmt_util.h"
1da177e4 36
801c1e8d
JH		 37static LIST_HEAD(mgmt_chan_list);
38static DEFINE_MUTEX(mgmt_chan_list_lock);
39
cd82e61c
MH		 40static atomic_t monitor_promisc = ATOMIC_INIT(0);
41
1da177e4
LT		 42/* ----- HCI socket interface ----- */
43
863def58
MH		 44/* Socket info */
45#define hci_pi(sk) ((struct hci_pinfo *) sk)
46
47struct hci_pinfo {
48 struct bt_sock bt;
49 struct hci_dev *hdev;
50 struct hci_filter filter;
51 __u32 cmsg_mask;
52 unsigned short channel;
6befc644 53 unsigned long flags;
863def58
MH		 54};
55
6befc644
MH		 56void hci_sock_set_flag(struct sock *sk, int nr)
57{
58 set_bit(nr, &hci_pi(sk)->flags);
59}
60
61void hci_sock_clear_flag(struct sock *sk, int nr)
62{
63 clear_bit(nr, &hci_pi(sk)->flags);
64}
65
c85be545
MH		 66int hci_sock_test_flag(struct sock *sk, int nr)
67{
68 return test_bit(nr, &hci_pi(sk)->flags);
69}
70
d0f172b1
JH		 71unsigned short hci_sock_get_channel(struct sock *sk)
72{
73 return hci_pi(sk)->channel;
74}
75
9391976a 76static inline int hci_test_bit(int nr, const void *addr)
1da177e4 77{
9391976a 78 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
1da177e4
LT		 79}
80
81/* Security filter */
3ad254f7
MH		 82#define HCI_SFLT_MAX_OGF 5
83
84struct hci_sec_filter {
85 __u32 type_mask;
86 __u32 event_mask[2];
87 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
88};
89
7e67c112 90static const struct hci_sec_filter hci_sec_filter = {
1da177e4
LT		 91 /* Packet types */
92 0x10,
93 /* Events */
dd7f5527 94 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 95 /* Commands */
96 {
97 { 0x0 },
98 /* OGF_LINK_CTL */
7c631a67 99 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 100 /* OGF_LINK_POLICY */
7c631a67 101 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 102 /* OGF_HOST_CTL */
7c631a67 103 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 104 /* OGF_INFO_PARAM */
7c631a67 105 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 106 /* OGF_STATUS_PARAM */
7c631a67 107 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 108 }
109};
110
111static struct bt_sock_list hci_sk_list = {
d5fb2962 112 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 113};
114
f81fe64f
MH		 115static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
116{
117 struct hci_filter *flt;
118 int flt_type, flt_event;
119
120 /* Apply filter */
121 flt = &hci_pi(sk)->filter;
122
123 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
124 flt_type = 0;
125 else
126 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
127
128 if (!test_bit(flt_type, &flt->type_mask))
129 return true;
130
131 /* Extra filter for event packets only */
132 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
133 return false;
134
135 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
136
137 if (!hci_test_bit(flt_event, &flt->event_mask))
138 return true;
139
140 /* Check filter only when opcode is set */
141 if (!flt->opcode)
142 return false;
143
144 if (flt_event == HCI_EV_CMD_COMPLETE &&
145 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
146 return true;
147
148 if (flt_event == HCI_EV_CMD_STATUS &&
149 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
150 return true;
151
152 return false;
153}
154
1da177e4 155/* Send frame to RAW socket */
470fe1b5 156void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 157{
158 struct sock *sk;
e0edf373 159 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 160
161 BT_DBG("hdev %p len %d", hdev, skb->len);
162
163 read_lock(&hci_sk_list.lock);
470fe1b5 164
b67bfe0d 165 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 166 struct sk_buff *nskb;
167
168 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
169 continue;
170
171 /* Don't send frame to the socket it came from */
172 if (skb->sk == sk)
173 continue;
174
23500189
MH		 175 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
176 if (is_filtered_packet(sk, skb))
177 continue;
178 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
179 if (!bt_cb(skb)->incoming)
180 continue;
181 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
182 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
183 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
184 continue;
185 } else {
186 /* Don't send frame to other channel types */
1da177e4 187 continue;
23500189 188 }
1da177e4 189
e0edf373
MH		 190 if (!skb_copy) {
191 /* Create a private copy with headroom */
bad93e9d 192 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
e0edf373
MH		 193 if (!skb_copy)
194 continue;
195
196 /* Put type byte before the data */
197 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
198 }
199
200 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 201 if (!nskb)
1da177e4
LT		 202 continue;
203
470fe1b5
MH		 204 if (sock_queue_rcv_skb(sk, nskb))
205 kfree_skb(nskb);
206 }
207
208 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 209
210 kfree_skb(skb_copy);
470fe1b5
MH		 211}
212
7129069e
JH		 213/* Send frame to sockets with specific channel */
214void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
c08b1a1d 215 int flag, struct sock *skip_sk)
470fe1b5
MH		 216{
217 struct sock *sk;
470fe1b5 218
7129069e 219 BT_DBG("channel %u len %d", channel, skb->len);
470fe1b5
MH		 220
221 read_lock(&hci_sk_list.lock);
222
b67bfe0d 223 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 224 struct sk_buff *nskb;
225
c08b1a1d 226 /* Ignore socket without the flag set */
c85be545 227 if (!hci_sock_test_flag(sk, flag))
d7f72f61
MH		 228 continue;
229
c08b1a1d
MH		 230 /* Skip the original socket */
231 if (sk == skip_sk)
17711c62
MH		 232 continue;
233
234 if (sk->sk_state != BT_BOUND)
235 continue;
236
237 if (hci_pi(sk)->channel != channel)
238 continue;
239
240 nskb = skb_clone(skb, GFP_ATOMIC);
241 if (!nskb)
242 continue;
243
244 if (sock_queue_rcv_skb(sk, nskb))
245 kfree_skb(nskb);
246 }
247
248 read_unlock(&hci_sk_list.lock);
249}
250
cd82e61c
MH		 251/* Send frame to monitor socket */
252void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
253{
cd82e61c 254 struct sk_buff *skb_copy = NULL;
2b531294 255 struct hci_mon_hdr *hdr;
cd82e61c
MH		 256 __le16 opcode;
257
258 if (!atomic_read(&monitor_promisc))
259 return;
260
261 BT_DBG("hdev %p len %d", hdev, skb->len);
262
263 switch (bt_cb(skb)->pkt_type) {
264 case HCI_COMMAND_PKT:
dcf4adbf 265 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
cd82e61c
MH		 266 break;
267 case HCI_EVENT_PKT:
dcf4adbf 268 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
cd82e61c
MH		 269 break;
270 case HCI_ACLDATA_PKT:
271 if (bt_cb(skb)->incoming)
dcf4adbf 272 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
cd82e61c 273 else
dcf4adbf 274 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
cd82e61c
MH		 275 break;
276 case HCI_SCODATA_PKT:
277 if (bt_cb(skb)->incoming)
dcf4adbf 278 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
cd82e61c 279 else
dcf4adbf 280 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
cd82e61c
MH		 281 break;
282 default:
283 return;
284 }
285
2b531294
MH		 286 /* Create a private copy with headroom */
287 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
288 if (!skb_copy)
289 return;
290
291 /* Put header before the data */
292 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
293 hdr->opcode = opcode;
294 hdr->index = cpu_to_le16(hdev->id);
295 hdr->len = cpu_to_le16(skb->len);
296
c08b1a1d
MH		 297 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
298 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 299 kfree_skb(skb_copy);
300}
301
cd82e61c
MH		 302static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
303{
304 struct hci_mon_hdr *hdr;
305 struct hci_mon_new_index *ni;
306 struct sk_buff *skb;
307 __le16 opcode;
308
309 switch (event) {
310 case HCI_DEV_REG:
311 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
312 if (!skb)
313 return NULL;
314
315 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
316 ni->type = hdev->dev_type;
317 ni->bus = hdev->bus;
318 bacpy(&ni->bdaddr, &hdev->bdaddr);
319 memcpy(ni->name, hdev->name, 8);
320
dcf4adbf 321 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
cd82e61c
MH		 322 break;
323
324 case HCI_DEV_UNREG:
325 skb = bt_skb_alloc(0, GFP_ATOMIC);
326 if (!skb)
327 return NULL;
328
dcf4adbf 329 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
cd82e61c
MH		 330 break;
331
332 default:
333 return NULL;
334 }
335
336 __net_timestamp(skb);
337
338 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
339 hdr->opcode = opcode;
340 hdr->index = cpu_to_le16(hdev->id);
341 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
342
343 return skb;
344}
345
346static void send_monitor_replay(struct sock *sk)
347{
348 struct hci_dev *hdev;
349
350 read_lock(&hci_dev_list_lock);
351
352 list_for_each_entry(hdev, &hci_dev_list, list) {
353 struct sk_buff *skb;
354
355 skb = create_monitor_event(hdev, HCI_DEV_REG);
356 if (!skb)
357 continue;
358
359 if (sock_queue_rcv_skb(sk, skb))
360 kfree_skb(skb);
361 }
362
363 read_unlock(&hci_dev_list_lock);
364}
365
040030ef
MH		 366/* Generate internal stack event */
367static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
368{
369 struct hci_event_hdr *hdr;
370 struct hci_ev_stack_internal *ev;
371 struct sk_buff *skb;
372
373 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
374 if (!skb)
375 return;
376
377 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
378 hdr->evt = HCI_EV_STACK_INTERNAL;
379 hdr->plen = sizeof(*ev) + dlen;
380
381 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
382 ev->type = type;
383 memcpy(ev->data, data, dlen);
384
385 bt_cb(skb)->incoming = 1;
386 __net_timestamp(skb);
387
388 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
040030ef
MH		 389 hci_send_to_sock(hdev, skb);
390 kfree_skb(skb);
391}
392
393void hci_sock_dev_event(struct hci_dev *hdev, int event)
394{
040030ef
MH		 395 BT_DBG("hdev %s event %d", hdev->name, event);
396
cd82e61c
MH		 397 if (atomic_read(&monitor_promisc)) {
398 struct sk_buff *skb;
399
ed1b28a4 400 /* Send event to monitor */
cd82e61c
MH		 401 skb = create_monitor_event(hdev, event);
402 if (skb) {
c08b1a1d
MH		 403 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
404 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 405 kfree_skb(skb);
406 }
407 }
408
ed1b28a4
MH		 409 if (event <= HCI_DEV_DOWN) {
410 struct hci_ev_si_device ev;
411
412 /* Send event to sockets */
413 ev.event = event;
414 ev.dev_id = hdev->id;
415 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
416 }
040030ef
MH		 417
418 if (event == HCI_DEV_UNREG) {
419 struct sock *sk;
040030ef
MH		 420
421 /* Detach sockets from device */
422 read_lock(&hci_sk_list.lock);
b67bfe0d 423 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 424 bh_lock_sock_nested(sk);
425 if (hci_pi(sk)->hdev == hdev) {
426 hci_pi(sk)->hdev = NULL;
427 sk->sk_err = EPIPE;
428 sk->sk_state = BT_OPEN;
429 sk->sk_state_change(sk);
430
431 hci_dev_put(hdev);
432 }
433 bh_unlock_sock(sk);
434 }
435 read_unlock(&hci_sk_list.lock);
436 }
437}
438
801c1e8d
JH		 439static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
440{
441 struct hci_mgmt_chan *c;
442
443 list_for_each_entry(c, &mgmt_chan_list, list) {
444 if (c->channel == channel)
445 return c;
446 }
447
448 return NULL;
449}
450
451static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
452{
453 struct hci_mgmt_chan *c;
454
455 mutex_lock(&mgmt_chan_list_lock);
456 c = __hci_mgmt_chan_find(channel);
457 mutex_unlock(&mgmt_chan_list_lock);
458
459 return c;
460}
461
462int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
463{
464 if (c->channel < HCI_CHANNEL_CONTROL)
465 return -EINVAL;
466
467 mutex_lock(&mgmt_chan_list_lock);
468 if (__hci_mgmt_chan_find(c->channel)) {
469 mutex_unlock(&mgmt_chan_list_lock);
470 return -EALREADY;
471 }
472
473 list_add_tail(&c->list, &mgmt_chan_list);
474
475 mutex_unlock(&mgmt_chan_list_lock);
476
477 return 0;
478}
479EXPORT_SYMBOL(hci_mgmt_chan_register);
480
481void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
482{
483 mutex_lock(&mgmt_chan_list_lock);
484 list_del(&c->list);
485 mutex_unlock(&mgmt_chan_list_lock);
486}
487EXPORT_SYMBOL(hci_mgmt_chan_unregister);
488
1da177e4
LT		 489static int hci_sock_release(struct socket *sock)
490{
491 struct sock *sk = sock->sk;
7b005bd3 492 struct hci_dev *hdev;
1da177e4
LT		 493
494 BT_DBG("sock %p sk %p", sock, sk);
495
496 if (!sk)
497 return 0;
498
7b005bd3
MH		 499 hdev = hci_pi(sk)->hdev;
500
cd82e61c
MH		 501 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
502 atomic_dec(&monitor_promisc);
503
1da177e4
LT		 504 bt_sock_unlink(&hci_sk_list, sk);
505
506 if (hdev) {
23500189 507 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
6b3cc1db
SF		 508 /* When releasing an user channel exclusive access,
509 * call hci_dev_do_close directly instead of calling
510 * hci_dev_close to ensure the exclusive access will
511 * be released and the controller brought back down.
512 *
513 * The checking of HCI_AUTO_OFF is not needed in this
514 * case since it will have been cleared already when
515 * opening the user channel.
516 */
517 hci_dev_do_close(hdev);
9380f9ea
LP		 518 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
519 mgmt_index_added(hdev);
23500189
MH		 520 }
521
1da177e4
LT		 522 atomic_dec(&hdev->promisc);
523 hci_dev_put(hdev);
524 }
525
526 sock_orphan(sk);
527
528 skb_queue_purge(&sk->sk_receive_queue);
529 skb_queue_purge(&sk->sk_write_queue);
530
531 sock_put(sk);
532 return 0;
533}
534
b2a66aad 535static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 536{
537 bdaddr_t bdaddr;
5e762444 538 int err;
f0358568
JH		 539
540 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
541 return -EFAULT;
542
09fd0de5 543 hci_dev_lock(hdev);
5e762444 544
dcc36c16 545 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 546
09fd0de5 547 hci_dev_unlock(hdev);
5e762444
AJ		 548
549 return err;
f0358568
JH		 550}
551
b2a66aad 552static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 553{
554 bdaddr_t bdaddr;
5e762444 555 int err;
f0358568
JH		 556
557 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
558 return -EFAULT;
559
09fd0de5 560 hci_dev_lock(hdev);
5e762444 561
dcc36c16 562 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 563
09fd0de5 564 hci_dev_unlock(hdev);
5e762444
AJ		 565
566 return err;
f0358568
JH		 567}
568
8e87d142 569/* Ioctls that require bound socket */
6039aa73
GP		 570static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
571 unsigned long arg)
1da177e4
LT		 572{
573 struct hci_dev *hdev = hci_pi(sk)->hdev;
574
575 if (!hdev)
576 return -EBADFD;
577
d7a5a11d 578 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
0736cfa8
MH		 579 return -EBUSY;
580
d7a5a11d 581 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
fee746b0
MH		 582 return -EOPNOTSUPP;
583
5b69bef5
MH		 584 if (hdev->dev_type != HCI_BREDR)
585 return -EOPNOTSUPP;
586
1da177e4
LT		 587 switch (cmd) {
588 case HCISETRAW:
589 if (!capable(CAP_NET_ADMIN))
bf5b30b8 590 return -EPERM;
db596681 591 return -EOPNOTSUPP;
1da177e4 592
1da177e4 593 case HCIGETCONNINFO:
40be492f
MH		 594 return hci_get_conn_info(hdev, (void __user *) arg);
595
596 case HCIGETAUTHINFO:
597 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 598
f0358568
JH		 599 case HCIBLOCKADDR:
600 if (!capable(CAP_NET_ADMIN))
bf5b30b8 601 return -EPERM;
b2a66aad 602 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 603
604 case HCIUNBLOCKADDR:
605 if (!capable(CAP_NET_ADMIN))
bf5b30b8 606 return -EPERM;
b2a66aad 607 return hci_sock_blacklist_del(hdev, (void __user *) arg);
1da177e4 608 }
0736cfa8 609
324d36ed 610 return -ENOIOCTLCMD;
1da177e4
LT		 611}
612
8fc9ced3
GP		 613static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
614 unsigned long arg)
1da177e4 615{
40be492f 616 void __user *argp = (void __user *) arg;
0736cfa8 617 struct sock *sk = sock->sk;
1da177e4
LT		 618 int err;
619
620 BT_DBG("cmd %x arg %lx", cmd, arg);
621
c1c4f956
MH		 622 lock_sock(sk);
623
624 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
625 err = -EBADFD;
626 goto done;
627 }
628
629 release_sock(sk);
630
1da177e4
LT		 631 switch (cmd) {
632 case HCIGETDEVLIST:
633 return hci_get_dev_list(argp);
634
635 case HCIGETDEVINFO:
636 return hci_get_dev_info(argp);
637
638 case HCIGETCONNLIST:
639 return hci_get_conn_list(argp);
640
641 case HCIDEVUP:
642 if (!capable(CAP_NET_ADMIN))
bf5b30b8 643 return -EPERM;
1da177e4
LT		 644 return hci_dev_open(arg);
645
646 case HCIDEVDOWN:
647 if (!capable(CAP_NET_ADMIN))
bf5b30b8 648 return -EPERM;
1da177e4
LT		 649 return hci_dev_close(arg);
650
651 case HCIDEVRESET:
652 if (!capable(CAP_NET_ADMIN))
bf5b30b8 653 return -EPERM;
1da177e4
LT		 654 return hci_dev_reset(arg);
655
656 case HCIDEVRESTAT:
657 if (!capable(CAP_NET_ADMIN))
bf5b30b8 658 return -EPERM;
1da177e4
LT		 659 return hci_dev_reset_stat(arg);
660
661 case HCISETSCAN:
662 case HCISETAUTH:
663 case HCISETENCRYPT:
664 case HCISETPTYPE:
665 case HCISETLINKPOL:
666 case HCISETLINKMODE:
667 case HCISETACLMTU:
668 case HCISETSCOMTU:
669 if (!capable(CAP_NET_ADMIN))
bf5b30b8 670 return -EPERM;
1da177e4
LT		 671 return hci_dev_cmd(cmd, argp);
672
673 case HCIINQUIRY:
674 return hci_inquiry(argp);
1da177e4 675 }
c1c4f956
MH		 676
677 lock_sock(sk);
678
679 err = hci_sock_bound_ioctl(sk, cmd, arg);
680
681done:
682 release_sock(sk);
683 return err;
1da177e4
LT		 684}
685
8fc9ced3
GP		 686static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
687 int addr_len)
1da177e4 688{
0381101f 689 struct sockaddr_hci haddr;
1da177e4
LT		 690 struct sock *sk = sock->sk;
691 struct hci_dev *hdev = NULL;
0381101f 692 int len, err = 0;
1da177e4
LT		 693
694 BT_DBG("sock %p sk %p", sock, sk);
695
0381101f
JH		 696 if (!addr)
697 return -EINVAL;
698
699 memset(&haddr, 0, sizeof(haddr));
700 len = min_t(unsigned int, sizeof(haddr), addr_len);
701 memcpy(&haddr, addr, len);
702
703 if (haddr.hci_family != AF_BLUETOOTH)
704 return -EINVAL;
705
1da177e4
LT		 706 lock_sock(sk);
707
7cc2ade2 708 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 709 err = -EALREADY;
710 goto done;
711 }
712
7cc2ade2
MH		 713 switch (haddr.hci_channel) {
714 case HCI_CHANNEL_RAW:
715 if (hci_pi(sk)->hdev) {
716 err = -EALREADY;
1da177e4
LT		 717 goto done;
718 }
719
7cc2ade2
MH		 720 if (haddr.hci_dev != HCI_DEV_NONE) {
721 hdev = hci_dev_get(haddr.hci_dev);
722 if (!hdev) {
723 err = -ENODEV;
724 goto done;
725 }
726
727 atomic_inc(&hdev->promisc);
728 }
729
730 hci_pi(sk)->hdev = hdev;
731 break;
732
23500189
MH		 733 case HCI_CHANNEL_USER:
734 if (hci_pi(sk)->hdev) {
735 err = -EALREADY;
736 goto done;
737 }
738
739 if (haddr.hci_dev == HCI_DEV_NONE) {
740 err = -EINVAL;
741 goto done;
742 }
743
10a8b86f 744 if (!capable(CAP_NET_ADMIN)) {
23500189
MH		 745 err = -EPERM;
746 goto done;
747 }
748
749 hdev = hci_dev_get(haddr.hci_dev);
750 if (!hdev) {
751 err = -ENODEV;
752 goto done;
753 }
754
781f899f 755 if (test_bit(HCI_INIT, &hdev->flags) ||
d7a5a11d 756 hci_dev_test_flag(hdev, HCI_SETUP) ||
781f899f
MH		 757 hci_dev_test_flag(hdev, HCI_CONFIG) ||
758 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
759 test_bit(HCI_UP, &hdev->flags))) {
23500189
MH		 760 err = -EBUSY;
761 hci_dev_put(hdev);
762 goto done;
763 }
764
238be788 765 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
23500189
MH		 766 err = -EUSERS;
767 hci_dev_put(hdev);
768 goto done;
769 }
770
0602a8ad 771 mgmt_index_removed(hdev);
23500189
MH		 772
773 err = hci_dev_open(hdev->id);
774 if (err) {
781f899f
MH		 775 if (err == -EALREADY) {
776 /* In case the transport is already up and
777 * running, clear the error here.
778 *
779 * This can happen when opening an user
780 * channel and HCI_AUTO_OFF grace period
781 * is still active.
782 */
783 err = 0;
784 } else {
785 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
786 mgmt_index_added(hdev);
787 hci_dev_put(hdev);
788 goto done;
789 }
23500189
MH		 790 }
791
792 atomic_inc(&hdev->promisc);
793
794 hci_pi(sk)->hdev = hdev;
795 break;
796
cd82e61c
MH		 797 case HCI_CHANNEL_MONITOR:
798 if (haddr.hci_dev != HCI_DEV_NONE) {
799 err = -EINVAL;
800 goto done;
801 }
802
803 if (!capable(CAP_NET_RAW)) {
804 err = -EPERM;
805 goto done;
806 }
807
50ebc055
MH		 808 /* The monitor interface is restricted to CAP_NET_RAW
809 * capabilities and with that implicitly trusted.
810 */
811 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
812
cd82e61c
MH		 813 send_monitor_replay(sk);
814
815 atomic_inc(&monitor_promisc);
816 break;
817
7cc2ade2 818 default:
801c1e8d
JH		 819 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
820 err = -EINVAL;
821 goto done;
822 }
823
824 if (haddr.hci_dev != HCI_DEV_NONE) {
825 err = -EINVAL;
826 goto done;
827 }
828
1195fbb8
MH		 829 /* Users with CAP_NET_ADMIN capabilities are allowed
830 * access to all management commands and events. For
831 * untrusted users the interface is restricted and
832 * also only untrusted events are sent.
50ebc055 833 */
1195fbb8
MH		 834 if (capable(CAP_NET_ADMIN))
835 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
50ebc055 836
f9207338
MH		 837 /* At the moment the index and unconfigured index events
838 * are enabled unconditionally. Setting them on each
839 * socket when binding keeps this functionality. They
840 * however might be cleared later and then sending of these
841 * events will be disabled, but that is then intentional.
f6b7712e
MH		 842 *
843 * This also enables generic events that are safe to be
844 * received by untrusted users. Example for such events
845 * are changes to settings, class of device, name etc.
f9207338
MH		 846 */
847 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) {
848 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
849 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
f6b7712e 850 hci_sock_set_flag(sk, HCI_MGMT_GENERIC_EVENTS);
f9207338 851 }
801c1e8d 852 break;
1da177e4
LT		 853 }
854
7cc2ade2 855
0381101f 856 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 857 sk->sk_state = BT_BOUND;
858
859done:
860 release_sock(sk);
861 return err;
862}
863
8fc9ced3
GP		 864static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
865 int *addr_len, int peer)
1da177e4
LT		 866{
867 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
868 struct sock *sk = sock->sk;
9d4b68b2
MH		 869 struct hci_dev *hdev;
870 int err = 0;
1da177e4
LT		 871
872 BT_DBG("sock %p sk %p", sock, sk);
873
06f43cbc
MH		 874 if (peer)
875 return -EOPNOTSUPP;
876
1da177e4
LT		 877 lock_sock(sk);
878
9d4b68b2
MH		 879 hdev = hci_pi(sk)->hdev;
880 if (!hdev) {
881 err = -EBADFD;
882 goto done;
883 }
884
1da177e4
LT		 885 *addr_len = sizeof(*haddr);
886 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 887 haddr->hci_dev = hdev->id;
9d4b68b2 888 haddr->hci_channel= hci_pi(sk)->channel;
1da177e4 889
9d4b68b2 890done:
1da177e4 891 release_sock(sk);
9d4b68b2 892 return err;
1da177e4
LT		 893}
894
6039aa73
GP		 895static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
896 struct sk_buff *skb)
1da177e4
LT		 897{
898 __u32 mask = hci_pi(sk)->cmsg_mask;
899
0d48d939
MH		 900 if (mask & HCI_CMSG_DIR) {
901 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 902 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
903 &incoming);
0d48d939 904 }
1da177e4 905
a61bbcf2 906 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 907#ifdef CONFIG_COMPAT
908 struct compat_timeval ctv;
909#endif
a61bbcf2 910 struct timeval tv;
767c5eb5
MH		 911 void *data;
912 int len;
a61bbcf2
PM		 913
914 skb_get_timestamp(skb, &tv);
767c5eb5 915
1da97f83
DM		 916 data = &tv;
917 len = sizeof(tv);
918#ifdef CONFIG_COMPAT
da88cea1
L		 919 if (!COMPAT_USE_64BIT_TIME &&
920 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 921 ctv.tv_sec = tv.tv_sec;
922 ctv.tv_usec = tv.tv_usec;
923 data = &ctv;
924 len = sizeof(ctv);
767c5eb5 925 }
1da97f83 926#endif
767c5eb5
MH		 927
928 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 929 }
1da177e4 930}
8e87d142 931
1b784140
YX		 932static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
933 int flags)
1da177e4
LT		 934{
935 int noblock = flags & MSG_DONTWAIT;
936 struct sock *sk = sock->sk;
937 struct sk_buff *skb;
938 int copied, err;
939
940 BT_DBG("sock %p, sk %p", sock, sk);
941
942 if (flags & (MSG_OOB))
943 return -EOPNOTSUPP;
944
945 if (sk->sk_state == BT_CLOSED)
946 return 0;
947
70f23020
AE		 948 skb = skb_recv_datagram(sk, flags, noblock, &err);
949 if (!skb)
1da177e4
LT		 950 return err;
951
1da177e4
LT		 952 copied = skb->len;
953 if (len < copied) {
954 msg->msg_flags |= MSG_TRUNC;
955 copied = len;
956 }
957
badff6d0 958 skb_reset_transport_header(skb);
51f3d02b 959 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1da177e4 960
3a208627
MH		 961 switch (hci_pi(sk)->channel) {
962 case HCI_CHANNEL_RAW:
963 hci_sock_cmsg(sk, msg, skb);
964 break;
23500189 965 case HCI_CHANNEL_USER:
cd82e61c
MH		 966 case HCI_CHANNEL_MONITOR:
967 sock_recv_timestamp(msg, sk, skb);
968 break;
801c1e8d
JH		 969 default:
970 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
971 sock_recv_timestamp(msg, sk, skb);
972 break;
3a208627 973 }
1da177e4
LT		 974
975 skb_free_datagram(sk, skb);
976
977 return err ? : copied;
978}
979
fa4335d7
JH		 980static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
981 struct msghdr *msg, size_t msglen)
982{
983 void *buf;
984 u8 *cp;
985 struct mgmt_hdr *hdr;
986 u16 opcode, index, len;
987 struct hci_dev *hdev = NULL;
988 const struct hci_mgmt_handler *handler;
989 bool var_len, no_hdev;
990 int err;
991
992 BT_DBG("got %zu bytes", msglen);
993
994 if (msglen < sizeof(*hdr))
995 return -EINVAL;
996
997 buf = kmalloc(msglen, GFP_KERNEL);
998 if (!buf)
999 return -ENOMEM;
1000
1001 if (memcpy_from_msg(buf, msg, msglen)) {
1002 err = -EFAULT;
1003 goto done;
1004 }
1005
1006 hdr = buf;
1007 opcode = __le16_to_cpu(hdr->opcode);
1008 index = __le16_to_cpu(hdr->index);
1009 len = __le16_to_cpu(hdr->len);
1010
1011 if (len != msglen - sizeof(*hdr)) {
1012 err = -EINVAL;
1013 goto done;
1014 }
1015
1016 if (opcode >= chan->handler_count ||
1017 chan->handlers[opcode].func == NULL) {
1018 BT_DBG("Unknown op %u", opcode);
1019 err = mgmt_cmd_status(sk, index, opcode,
1020 MGMT_STATUS_UNKNOWN_COMMAND);
1021 goto done;
1022 }
1023
1024 handler = &chan->handlers[opcode];
1025
1026 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1027 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1028 err = mgmt_cmd_status(sk, index, opcode,
1029 MGMT_STATUS_PERMISSION_DENIED);
1030 goto done;
1031 }
1032
1033 if (index != MGMT_INDEX_NONE) {
1034 hdev = hci_dev_get(index);
1035 if (!hdev) {
1036 err = mgmt_cmd_status(sk, index, opcode,
1037 MGMT_STATUS_INVALID_INDEX);
1038 goto done;
1039 }
1040
1041 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1042 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1043 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1044 err = mgmt_cmd_status(sk, index, opcode,
1045 MGMT_STATUS_INVALID_INDEX);
1046 goto done;
1047 }
1048
1049 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1050 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1051 err = mgmt_cmd_status(sk, index, opcode,
1052 MGMT_STATUS_INVALID_INDEX);
1053 goto done;
1054 }
1055 }
1056
1057 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1058 if (no_hdev != !hdev) {
1059 err = mgmt_cmd_status(sk, index, opcode,
1060 MGMT_STATUS_INVALID_INDEX);
1061 goto done;
1062 }
1063
1064 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1065 if ((var_len && len < handler->data_len) ||
1066 (!var_len && len != handler->data_len)) {
1067 err = mgmt_cmd_status(sk, index, opcode,
1068 MGMT_STATUS_INVALID_PARAMS);
1069 goto done;
1070 }
1071
1072 if (hdev && chan->hdev_init)
1073 chan->hdev_init(sk, hdev);
1074
1075 cp = buf + sizeof(*hdr);
1076
1077 err = handler->func(sk, hdev, cp, len);
1078 if (err < 0)
1079 goto done;
1080
1081 err = msglen;
1082
1083done:
1084 if (hdev)
1085 hci_dev_put(hdev);
1086
1087 kfree(buf);
1088 return err;
1089}
1090
1b784140
YX		 1091static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1092 size_t len)
1da177e4
LT		 1093{
1094 struct sock *sk = sock->sk;
801c1e8d 1095 struct hci_mgmt_chan *chan;
1da177e4
LT		 1096 struct hci_dev *hdev;
1097 struct sk_buff *skb;
1098 int err;
1099
1100 BT_DBG("sock %p sk %p", sock, sk);
1101
1102 if (msg->msg_flags & MSG_OOB)
1103 return -EOPNOTSUPP;
1104
1105 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
1106 return -EINVAL;
1107
1108 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1109 return -EINVAL;
1110
1111 lock_sock(sk);
1112
0381101f
JH		 1113 switch (hci_pi(sk)->channel) {
1114 case HCI_CHANNEL_RAW:
23500189 1115 case HCI_CHANNEL_USER:
0381101f 1116 break;
cd82e61c
MH		 1117 case HCI_CHANNEL_MONITOR:
1118 err = -EOPNOTSUPP;
1119 goto done;
0381101f 1120 default:
801c1e8d
JH		 1121 mutex_lock(&mgmt_chan_list_lock);
1122 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1123 if (chan)
fa4335d7 1124 err = hci_mgmt_cmd(chan, sk, msg, len);
801c1e8d
JH		 1125 else
1126 err = -EINVAL;
1127
1128 mutex_unlock(&mgmt_chan_list_lock);
0381101f
JH		 1129 goto done;
1130 }
1131
70f23020
AE		 1132 hdev = hci_pi(sk)->hdev;
1133 if (!hdev) {
1da177e4
LT		 1134 err = -EBADFD;
1135 goto done;
1136 }
1137
7e21addc
MH		 1138 if (!test_bit(HCI_UP, &hdev->flags)) {
1139 err = -ENETDOWN;
1140 goto done;
1141 }
1142
70f23020
AE		 1143 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1144 if (!skb)
1da177e4
LT		 1145 goto done;
1146
6ce8e9ce 1147 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1da177e4
LT		 1148 err = -EFAULT;
1149 goto drop;
1150 }
1151
0d48d939 1152 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4 1153 skb_pull(skb, 1);
1da177e4 1154
1bc5ad16
MH		 1155 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1156 /* No permission check is needed for user channel
1157 * since that gets enforced when binding the socket.
1158 *
1159 * However check that the packet type is valid.
1160 */
1161 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
1162 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
1163 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
1164 err = -EINVAL;
1165 goto drop;
1166 }
1167
1168 skb_queue_tail(&hdev->raw_q, skb);
1169 queue_work(hdev->workqueue, &hdev->tx_work);
1170 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 1171 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 1172 u16 ogf = hci_opcode_ogf(opcode);
1173 u16 ocf = hci_opcode_ocf(opcode);
1174
1175 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 1176 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1177 &hci_sec_filter.ocf_mask[ogf])) &&
1178 !capable(CAP_NET_RAW)) {
1da177e4
LT		 1179 err = -EPERM;
1180 goto drop;
1181 }
1182
fee746b0 1183 if (ogf == 0x3f) {
1da177e4 1184 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1185 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 1186 } else {
49c922bb 1187 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 1188 * single-command requests.
1189 */
db6e3e8d 1190 bt_cb(skb)->req.start = true;
11714b3d 1191
1da177e4 1192 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 1193 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 1194 }
1195 } else {
1196 if (!capable(CAP_NET_RAW)) {
1197 err = -EPERM;
1198 goto drop;
1199 }
1200
1201 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1202 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 1203 }
1204
1205 err = len;
1206
1207done:
1208 release_sock(sk);
1209 return err;
1210
1211drop:
1212 kfree_skb(skb);
1213 goto done;
1214}
1215
8fc9ced3
GP		 1216static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1217 char __user *optval, unsigned int len)
1da177e4
LT		 1218{
1219 struct hci_ufilter uf = { .opcode = 0 };
1220 struct sock *sk = sock->sk;
1221 int err = 0, opt = 0;
1222
1223 BT_DBG("sk %p, opt %d", sk, optname);
1224
1225 lock_sock(sk);
1226
2f39cdb7 1227 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1228 err = -EBADFD;
2f39cdb7
MH		 1229 goto done;
1230 }
1231
1da177e4
LT		 1232 switch (optname) {
1233 case HCI_DATA_DIR:
1234 if (get_user(opt, (int __user *)optval)) {
1235 err = -EFAULT;
1236 break;
1237 }
1238
1239 if (opt)
1240 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1241 else
1242 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1243 break;
1244
1245 case HCI_TIME_STAMP:
1246 if (get_user(opt, (int __user *)optval)) {
1247 err = -EFAULT;
1248 break;
1249 }
1250
1251 if (opt)
1252 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1253 else
1254 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1255 break;
1256
1257 case HCI_FILTER:
0878b666
MH		 1258 {
1259 struct hci_filter *f = &hci_pi(sk)->filter;
1260
1261 uf.type_mask = f->type_mask;
1262 uf.opcode = f->opcode;
1263 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1264 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1265 }
1266
1da177e4
LT		 1267 len = min_t(unsigned int, len, sizeof(uf));
1268 if (copy_from_user(&uf, optval, len)) {
1269 err = -EFAULT;
1270 break;
1271 }
1272
1273 if (!capable(CAP_NET_RAW)) {
1274 uf.type_mask &= hci_sec_filter.type_mask;
1275 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1276 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1277 }
1278
1279 {
1280 struct hci_filter *f = &hci_pi(sk)->filter;
1281
1282 f->type_mask = uf.type_mask;
1283 f->opcode = uf.opcode;
1284 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1285 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1286 }
8e87d142 1287 break;
1da177e4
LT		 1288
1289 default:
1290 err = -ENOPROTOOPT;
1291 break;
1292 }
1293
2f39cdb7 1294done:
1da177e4
LT		 1295 release_sock(sk);
1296 return err;
1297}
1298
8fc9ced3
GP		 1299static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1300 char __user *optval, int __user *optlen)
1da177e4
LT		 1301{
1302 struct hci_ufilter uf;
1303 struct sock *sk = sock->sk;
cedc5469
MH		 1304 int len, opt, err = 0;
1305
1306 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 1307
1308 if (get_user(len, optlen))
1309 return -EFAULT;
1310
cedc5469
MH		 1311 lock_sock(sk);
1312
1313 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1314 err = -EBADFD;
cedc5469
MH		 1315 goto done;
1316 }
1317
1da177e4
LT		 1318 switch (optname) {
1319 case HCI_DATA_DIR:
1320 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1321 opt = 1;
8e87d142 1322 else
1da177e4
LT		 1323 opt = 0;
1324
1325 if (put_user(opt, optval))
cedc5469 1326 err = -EFAULT;
1da177e4
LT		 1327 break;
1328
1329 case HCI_TIME_STAMP:
1330 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1331 opt = 1;
8e87d142 1332 else
1da177e4
LT		 1333 opt = 0;
1334
1335 if (put_user(opt, optval))
cedc5469 1336 err = -EFAULT;
1da177e4
LT		 1337 break;
1338
1339 case HCI_FILTER:
1340 {
1341 struct hci_filter *f = &hci_pi(sk)->filter;
1342
e15ca9a0 1343 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1344 uf.type_mask = f->type_mask;
1345 uf.opcode = f->opcode;
1346 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1347 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1348 }
1349
1350 len = min_t(unsigned int, len, sizeof(uf));
1351 if (copy_to_user(optval, &uf, len))
cedc5469 1352 err = -EFAULT;
1da177e4
LT		 1353 break;
1354
1355 default:
cedc5469 1356 err = -ENOPROTOOPT;
1da177e4
LT		 1357 break;
1358 }
1359
cedc5469
MH		 1360done:
1361 release_sock(sk);
1362 return err;
1da177e4
LT		 1363}
1364
90ddc4f0 1365static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1366 .family = PF_BLUETOOTH,
1367 .owner = THIS_MODULE,
1368 .release = hci_sock_release,
1369 .bind = hci_sock_bind,
1370 .getname = hci_sock_getname,
1371 .sendmsg = hci_sock_sendmsg,
1372 .recvmsg = hci_sock_recvmsg,
1373 .ioctl = hci_sock_ioctl,
1374 .poll = datagram_poll,
1375 .listen = sock_no_listen,
1376 .shutdown = sock_no_shutdown,
1377 .setsockopt = hci_sock_setsockopt,
1378 .getsockopt = hci_sock_getsockopt,
1379 .connect = sock_no_connect,
1380 .socketpair = sock_no_socketpair,
1381 .accept = sock_no_accept,
1382 .mmap = sock_no_mmap
1383};
1384
1385static struct proto hci_sk_proto = {
1386 .name = "HCI",
1387 .owner = THIS_MODULE,
1388 .obj_size = sizeof(struct hci_pinfo)
1389};
1390
3f378b68
EP		 1391static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1392 int kern)
1da177e4
LT		 1393{
1394 struct sock *sk;
1395
1396 BT_DBG("sock %p", sock);
1397
1398 if (sock->type != SOCK_RAW)
1399 return -ESOCKTNOSUPPORT;
1400
1401 sock->ops = &hci_sock_ops;
1402
11aa9c28 1403 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
1da177e4
LT		 1404 if (!sk)
1405 return -ENOMEM;
1406
1407 sock_init_data(sock, sk);
1408
1409 sock_reset_flag(sk, SOCK_ZAPPED);
1410
1411 sk->sk_protocol = protocol;
1412
1413 sock->state = SS_UNCONNECTED;
1414 sk->sk_state = BT_OPEN;
1415
1416 bt_sock_link(&hci_sk_list, sk);
1417 return 0;
1418}
1419
ec1b4cf7 1420static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1421 .family = PF_BLUETOOTH,
1422 .owner = THIS_MODULE,
1423 .create = hci_sock_create,
1424};
1425
1da177e4
LT		 1426int __init hci_sock_init(void)
1427{
1428 int err;
1429
b0a8e282
MH		 1430 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1431
1da177e4
LT		 1432 err = proto_register(&hci_sk_proto, 0);
1433 if (err < 0)
1434 return err;
1435
1436 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1437 if (err < 0) {
1438 BT_ERR("HCI socket registration failed");
1da177e4 1439 goto error;
f7c86637
MY		 1440 }
1441
b0316615 1442 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1443 if (err < 0) {
1444 BT_ERR("Failed to create HCI proc file");
1445 bt_sock_unregister(BTPROTO_HCI);
1446 goto error;
1447 }
1da177e4 1448
1da177e4
LT		 1449 BT_INFO("HCI socket layer initialized");
1450
1451 return 0;
1452
1453error:
1da177e4
LT		 1454 proto_unregister(&hci_sk_proto);
1455 return err;
1456}
1457
b7440a14 1458void hci_sock_cleanup(void)
1da177e4 1459{
f7c86637 1460 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1461 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1462 proto_unregister(&hci_sk_proto);
1da177e4 1463}
Linux kernel - Deliverables
This page took 0.861022 seconds and 5 git commands to generate.