projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Simplify packet copy in hci_send_to_monitor function
[deliverable/linux.git] / net / bluetooth / hci_sock.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI sockets. */
26
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_mon.h>
33
34 static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
36 /* ----- HCI socket interface ----- */
37
38 /* Socket info */
39 #define hci_pi(sk) ((struct hci_pinfo *) sk)
40
41 struct hci_pinfo {
42 struct bt_sock bt;
43 struct hci_dev *hdev;
44 struct hci_filter filter;
45 __u32 cmsg_mask;
46 unsigned short channel;
47 };
48
49 static inline int hci_test_bit(int nr, void *addr)
50 {
51 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
52 }
53
54 /* Security filter */
55 #define HCI_SFLT_MAX_OGF 5
56
57 struct hci_sec_filter {
58 __u32 type_mask;
59 __u32 event_mask[2];
60 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
61 };
62
63 static const struct hci_sec_filter hci_sec_filter = {
64 /* Packet types */
65 0x10,
66 /* Events */
67 { 0x1000d9fe, 0x0000b00c },
68 /* Commands */
69 {
70 { 0x0 },
71 /* OGF_LINK_CTL */
72 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
73 /* OGF_LINK_POLICY */
74 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
75 /* OGF_HOST_CTL */
76 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
77 /* OGF_INFO_PARAM */
78 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
79 /* OGF_STATUS_PARAM */
80 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
81 }
82 };
83
84 static struct bt_sock_list hci_sk_list = {
85 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
86 };
87
88 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
89 {
90 struct hci_filter *flt;
91 int flt_type, flt_event;
92
93 /* Apply filter */
94 flt = &hci_pi(sk)->filter;
95
96 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
97 flt_type = 0;
98 else
99 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
100
101 if (!test_bit(flt_type, &flt->type_mask))
102 return true;
103
104 /* Extra filter for event packets only */
105 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
106 return false;
107
108 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
109
110 if (!hci_test_bit(flt_event, &flt->event_mask))
111 return true;
112
113 /* Check filter only when opcode is set */
114 if (!flt->opcode)
115 return false;
116
117 if (flt_event == HCI_EV_CMD_COMPLETE &&
118 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
119 return true;
120
121 if (flt_event == HCI_EV_CMD_STATUS &&
122 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
123 return true;
124
125 return false;
126 }
127
128 /* Send frame to RAW socket */
129 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
130 {
131 struct sock *sk;
132 struct sk_buff *skb_copy = NULL;
133
134 BT_DBG("hdev %p len %d", hdev, skb->len);
135
136 read_lock(&hci_sk_list.lock);
137
138 sk_for_each(sk, &hci_sk_list.head) {
139 struct sk_buff *nskb;
140
141 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
142 continue;
143
144 /* Don't send frame to the socket it came from */
145 if (skb->sk == sk)
146 continue;
147
148 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
149 if (is_filtered_packet(sk, skb))
150 continue;
151 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
152 if (!bt_cb(skb)->incoming)
153 continue;
154 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
155 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
156 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
157 continue;
158 } else {
159 /* Don't send frame to other channel types */
160 continue;
161 }
162
163 if (!skb_copy) {
164 /* Create a private copy with headroom */
165 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
166 if (!skb_copy)
167 continue;
168
169 /* Put type byte before the data */
170 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
171 }
172
173 nskb = skb_clone(skb_copy, GFP_ATOMIC);
174 if (!nskb)
175 continue;
176
177 if (sock_queue_rcv_skb(sk, nskb))
178 kfree_skb(nskb);
179 }
180
181 read_unlock(&hci_sk_list.lock);
182
183 kfree_skb(skb_copy);
184 }
185
186 /* Send frame to control socket */
187 void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
188 {
189 struct sock *sk;
190
191 BT_DBG("len %d", skb->len);
192
193 read_lock(&hci_sk_list.lock);
194
195 sk_for_each(sk, &hci_sk_list.head) {
196 struct sk_buff *nskb;
197
198 /* Skip the original socket */
199 if (sk == skip_sk)
200 continue;
201
202 if (sk->sk_state != BT_BOUND)
203 continue;
204
205 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
206 continue;
207
208 nskb = skb_clone(skb, GFP_ATOMIC);
209 if (!nskb)
210 continue;
211
212 if (sock_queue_rcv_skb(sk, nskb))
213 kfree_skb(nskb);
214 }
215
216 read_unlock(&hci_sk_list.lock);
217 }
218
219 /* Send frame to monitor socket */
220 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
221 {
222 struct sock *sk;
223 struct sk_buff *skb_copy = NULL;
224 struct hci_mon_hdr *hdr;
225 __le16 opcode;
226
227 if (!atomic_read(&monitor_promisc))
228 return;
229
230 BT_DBG("hdev %p len %d", hdev, skb->len);
231
232 switch (bt_cb(skb)->pkt_type) {
233 case HCI_COMMAND_PKT:
234 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
235 break;
236 case HCI_EVENT_PKT:
237 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
238 break;
239 case HCI_ACLDATA_PKT:
240 if (bt_cb(skb)->incoming)
241 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
242 else
243 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
244 break;
245 case HCI_SCODATA_PKT:
246 if (bt_cb(skb)->incoming)
247 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
248 else
249 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
250 break;
251 default:
252 return;
253 }
254
255 /* Create a private copy with headroom */
256 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
257 if (!skb_copy)
258 return;
259
260 /* Put header before the data */
261 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
262 hdr->opcode = opcode;
263 hdr->index = cpu_to_le16(hdev->id);
264 hdr->len = cpu_to_le16(skb->len);
265
266 read_lock(&hci_sk_list.lock);
267
268 sk_for_each(sk, &hci_sk_list.head) {
269 struct sk_buff *nskb;
270
271 if (sk->sk_state != BT_BOUND)
272 continue;
273
274 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
275 continue;
276
277 nskb = skb_clone(skb_copy, GFP_ATOMIC);
278 if (!nskb)
279 continue;
280
281 if (sock_queue_rcv_skb(sk, nskb))
282 kfree_skb(nskb);
283 }
284
285 read_unlock(&hci_sk_list.lock);
286
287 kfree_skb(skb_copy);
288 }
289
290 static void send_monitor_event(struct sk_buff *skb)
291 {
292 struct sock *sk;
293
294 BT_DBG("len %d", skb->len);
295
296 read_lock(&hci_sk_list.lock);
297
298 sk_for_each(sk, &hci_sk_list.head) {
299 struct sk_buff *nskb;
300
301 if (sk->sk_state != BT_BOUND)
302 continue;
303
304 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
305 continue;
306
307 nskb = skb_clone(skb, GFP_ATOMIC);
308 if (!nskb)
309 continue;
310
311 if (sock_queue_rcv_skb(sk, nskb))
312 kfree_skb(nskb);
313 }
314
315 read_unlock(&hci_sk_list.lock);
316 }
317
318 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
319 {
320 struct hci_mon_hdr *hdr;
321 struct hci_mon_new_index *ni;
322 struct sk_buff *skb;
323 __le16 opcode;
324
325 switch (event) {
326 case HCI_DEV_REG:
327 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
328 if (!skb)
329 return NULL;
330
331 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
332 ni->type = hdev->dev_type;
333 ni->bus = hdev->bus;
334 bacpy(&ni->bdaddr, &hdev->bdaddr);
335 memcpy(ni->name, hdev->name, 8);
336
337 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
338 break;
339
340 case HCI_DEV_UNREG:
341 skb = bt_skb_alloc(0, GFP_ATOMIC);
342 if (!skb)
343 return NULL;
344
345 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
346 break;
347
348 default:
349 return NULL;
350 }
351
352 __net_timestamp(skb);
353
354 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
355 hdr->opcode = opcode;
356 hdr->index = cpu_to_le16(hdev->id);
357 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
358
359 return skb;
360 }
361
362 static void send_monitor_replay(struct sock *sk)
363 {
364 struct hci_dev *hdev;
365
366 read_lock(&hci_dev_list_lock);
367
368 list_for_each_entry(hdev, &hci_dev_list, list) {
369 struct sk_buff *skb;
370
371 skb = create_monitor_event(hdev, HCI_DEV_REG);
372 if (!skb)
373 continue;
374
375 if (sock_queue_rcv_skb(sk, skb))
376 kfree_skb(skb);
377 }
378
379 read_unlock(&hci_dev_list_lock);
380 }
381
382 /* Generate internal stack event */
383 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
384 {
385 struct hci_event_hdr *hdr;
386 struct hci_ev_stack_internal *ev;
387 struct sk_buff *skb;
388
389 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
390 if (!skb)
391 return;
392
393 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
394 hdr->evt = HCI_EV_STACK_INTERNAL;
395 hdr->plen = sizeof(*ev) + dlen;
396
397 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
398 ev->type = type;
399 memcpy(ev->data, data, dlen);
400
401 bt_cb(skb)->incoming = 1;
402 __net_timestamp(skb);
403
404 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
405 hci_send_to_sock(hdev, skb);
406 kfree_skb(skb);
407 }
408
409 void hci_sock_dev_event(struct hci_dev *hdev, int event)
410 {
411 struct hci_ev_si_device ev;
412
413 BT_DBG("hdev %s event %d", hdev->name, event);
414
415 /* Send event to monitor */
416 if (atomic_read(&monitor_promisc)) {
417 struct sk_buff *skb;
418
419 skb = create_monitor_event(hdev, event);
420 if (skb) {
421 send_monitor_event(skb);
422 kfree_skb(skb);
423 }
424 }
425
426 /* Send event to sockets */
427 ev.event = event;
428 ev.dev_id = hdev->id;
429 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
430
431 if (event == HCI_DEV_UNREG) {
432 struct sock *sk;
433
434 /* Detach sockets from device */
435 read_lock(&hci_sk_list.lock);
436 sk_for_each(sk, &hci_sk_list.head) {
437 bh_lock_sock_nested(sk);
438 if (hci_pi(sk)->hdev == hdev) {
439 hci_pi(sk)->hdev = NULL;
440 sk->sk_err = EPIPE;
441 sk->sk_state = BT_OPEN;
442 sk->sk_state_change(sk);
443
444 hci_dev_put(hdev);
445 }
446 bh_unlock_sock(sk);
447 }
448 read_unlock(&hci_sk_list.lock);
449 }
450 }
451
452 static int hci_sock_release(struct socket *sock)
453 {
454 struct sock *sk = sock->sk;
455 struct hci_dev *hdev;
456
457 BT_DBG("sock %p sk %p", sock, sk);
458
459 if (!sk)
460 return 0;
461
462 hdev = hci_pi(sk)->hdev;
463
464 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
465 atomic_dec(&monitor_promisc);
466
467 bt_sock_unlink(&hci_sk_list, sk);
468
469 if (hdev) {
470 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
471 mgmt_index_added(hdev);
472 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
473 hci_dev_close(hdev->id);
474 }
475
476 atomic_dec(&hdev->promisc);
477 hci_dev_put(hdev);
478 }
479
480 sock_orphan(sk);
481
482 skb_queue_purge(&sk->sk_receive_queue);
483 skb_queue_purge(&sk->sk_write_queue);
484
485 sock_put(sk);
486 return 0;
487 }
488
489 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
490 {
491 bdaddr_t bdaddr;
492 int err;
493
494 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
495 return -EFAULT;
496
497 hci_dev_lock(hdev);
498
499 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
500
501 hci_dev_unlock(hdev);
502
503 return err;
504 }
505
506 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
507 {
508 bdaddr_t bdaddr;
509 int err;
510
511 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
512 return -EFAULT;
513
514 hci_dev_lock(hdev);
515
516 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
517
518 hci_dev_unlock(hdev);
519
520 return err;
521 }
522
523 /* Ioctls that require bound socket */
524 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
525 unsigned long arg)
526 {
527 struct hci_dev *hdev = hci_pi(sk)->hdev;
528
529 if (!hdev)
530 return -EBADFD;
531
532 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
533 return -EBUSY;
534
535 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
536 return -EOPNOTSUPP;
537
538 if (hdev->dev_type != HCI_BREDR)
539 return -EOPNOTSUPP;
540
541 switch (cmd) {
542 case HCISETRAW:
543 if (!capable(CAP_NET_ADMIN))
544 return -EPERM;
545 return -EOPNOTSUPP;
546
547 case HCIGETCONNINFO:
548 return hci_get_conn_info(hdev, (void __user *) arg);
549
550 case HCIGETAUTHINFO:
551 return hci_get_auth_info(hdev, (void __user *) arg);
552
553 case HCIBLOCKADDR:
554 if (!capable(CAP_NET_ADMIN))
555 return -EPERM;
556 return hci_sock_blacklist_add(hdev, (void __user *) arg);
557
558 case HCIUNBLOCKADDR:
559 if (!capable(CAP_NET_ADMIN))
560 return -EPERM;
561 return hci_sock_blacklist_del(hdev, (void __user *) arg);
562 }
563
564 return -ENOIOCTLCMD;
565 }
566
567 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
568 unsigned long arg)
569 {
570 void __user *argp = (void __user *) arg;
571 struct sock *sk = sock->sk;
572 int err;
573
574 BT_DBG("cmd %x arg %lx", cmd, arg);
575
576 lock_sock(sk);
577
578 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
579 err = -EBADFD;
580 goto done;
581 }
582
583 release_sock(sk);
584
585 switch (cmd) {
586 case HCIGETDEVLIST:
587 return hci_get_dev_list(argp);
588
589 case HCIGETDEVINFO:
590 return hci_get_dev_info(argp);
591
592 case HCIGETCONNLIST:
593 return hci_get_conn_list(argp);
594
595 case HCIDEVUP:
596 if (!capable(CAP_NET_ADMIN))
597 return -EPERM;
598 return hci_dev_open(arg);
599
600 case HCIDEVDOWN:
601 if (!capable(CAP_NET_ADMIN))
602 return -EPERM;
603 return hci_dev_close(arg);
604
605 case HCIDEVRESET:
606 if (!capable(CAP_NET_ADMIN))
607 return -EPERM;
608 return hci_dev_reset(arg);
609
610 case HCIDEVRESTAT:
611 if (!capable(CAP_NET_ADMIN))
612 return -EPERM;
613 return hci_dev_reset_stat(arg);
614
615 case HCISETSCAN:
616 case HCISETAUTH:
617 case HCISETENCRYPT:
618 case HCISETPTYPE:
619 case HCISETLINKPOL:
620 case HCISETLINKMODE:
621 case HCISETACLMTU:
622 case HCISETSCOMTU:
623 if (!capable(CAP_NET_ADMIN))
624 return -EPERM;
625 return hci_dev_cmd(cmd, argp);
626
627 case HCIINQUIRY:
628 return hci_inquiry(argp);
629 }
630
631 lock_sock(sk);
632
633 err = hci_sock_bound_ioctl(sk, cmd, arg);
634
635 done:
636 release_sock(sk);
637 return err;
638 }
639
640 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
641 int addr_len)
642 {
643 struct sockaddr_hci haddr;
644 struct sock *sk = sock->sk;
645 struct hci_dev *hdev = NULL;
646 int len, err = 0;
647
648 BT_DBG("sock %p sk %p", sock, sk);
649
650 if (!addr)
651 return -EINVAL;
652
653 memset(&haddr, 0, sizeof(haddr));
654 len = min_t(unsigned int, sizeof(haddr), addr_len);
655 memcpy(&haddr, addr, len);
656
657 if (haddr.hci_family != AF_BLUETOOTH)
658 return -EINVAL;
659
660 lock_sock(sk);
661
662 if (sk->sk_state == BT_BOUND) {
663 err = -EALREADY;
664 goto done;
665 }
666
667 switch (haddr.hci_channel) {
668 case HCI_CHANNEL_RAW:
669 if (hci_pi(sk)->hdev) {
670 err = -EALREADY;
671 goto done;
672 }
673
674 if (haddr.hci_dev != HCI_DEV_NONE) {
675 hdev = hci_dev_get(haddr.hci_dev);
676 if (!hdev) {
677 err = -ENODEV;
678 goto done;
679 }
680
681 atomic_inc(&hdev->promisc);
682 }
683
684 hci_pi(sk)->hdev = hdev;
685 break;
686
687 case HCI_CHANNEL_USER:
688 if (hci_pi(sk)->hdev) {
689 err = -EALREADY;
690 goto done;
691 }
692
693 if (haddr.hci_dev == HCI_DEV_NONE) {
694 err = -EINVAL;
695 goto done;
696 }
697
698 if (!capable(CAP_NET_ADMIN)) {
699 err = -EPERM;
700 goto done;
701 }
702
703 hdev = hci_dev_get(haddr.hci_dev);
704 if (!hdev) {
705 err = -ENODEV;
706 goto done;
707 }
708
709 if (test_bit(HCI_UP, &hdev->flags) ||
710 test_bit(HCI_INIT, &hdev->flags) ||
711 test_bit(HCI_SETUP, &hdev->dev_flags) ||
712 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
713 err = -EBUSY;
714 hci_dev_put(hdev);
715 goto done;
716 }
717
718 if (test_and_set_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
719 err = -EUSERS;
720 hci_dev_put(hdev);
721 goto done;
722 }
723
724 mgmt_index_removed(hdev);
725
726 err = hci_dev_open(hdev->id);
727 if (err) {
728 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
729 mgmt_index_added(hdev);
730 hci_dev_put(hdev);
731 goto done;
732 }
733
734 atomic_inc(&hdev->promisc);
735
736 hci_pi(sk)->hdev = hdev;
737 break;
738
739 case HCI_CHANNEL_CONTROL:
740 if (haddr.hci_dev != HCI_DEV_NONE) {
741 err = -EINVAL;
742 goto done;
743 }
744
745 if (!capable(CAP_NET_ADMIN)) {
746 err = -EPERM;
747 goto done;
748 }
749
750 break;
751
752 case HCI_CHANNEL_MONITOR:
753 if (haddr.hci_dev != HCI_DEV_NONE) {
754 err = -EINVAL;
755 goto done;
756 }
757
758 if (!capable(CAP_NET_RAW)) {
759 err = -EPERM;
760 goto done;
761 }
762
763 send_monitor_replay(sk);
764
765 atomic_inc(&monitor_promisc);
766 break;
767
768 default:
769 err = -EINVAL;
770 goto done;
771 }
772
773
774 hci_pi(sk)->channel = haddr.hci_channel;
775 sk->sk_state = BT_BOUND;
776
777 done:
778 release_sock(sk);
779 return err;
780 }
781
782 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
783 int *addr_len, int peer)
784 {
785 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
786 struct sock *sk = sock->sk;
787 struct hci_dev *hdev;
788 int err = 0;
789
790 BT_DBG("sock %p sk %p", sock, sk);
791
792 if (peer)
793 return -EOPNOTSUPP;
794
795 lock_sock(sk);
796
797 hdev = hci_pi(sk)->hdev;
798 if (!hdev) {
799 err = -EBADFD;
800 goto done;
801 }
802
803 *addr_len = sizeof(*haddr);
804 haddr->hci_family = AF_BLUETOOTH;
805 haddr->hci_dev = hdev->id;
806 haddr->hci_channel= hci_pi(sk)->channel;
807
808 done:
809 release_sock(sk);
810 return err;
811 }
812
813 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
814 struct sk_buff *skb)
815 {
816 __u32 mask = hci_pi(sk)->cmsg_mask;
817
818 if (mask & HCI_CMSG_DIR) {
819 int incoming = bt_cb(skb)->incoming;
820 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
821 &incoming);
822 }
823
824 if (mask & HCI_CMSG_TSTAMP) {
825 #ifdef CONFIG_COMPAT
826 struct compat_timeval ctv;
827 #endif
828 struct timeval tv;
829 void *data;
830 int len;
831
832 skb_get_timestamp(skb, &tv);
833
834 data = &tv;
835 len = sizeof(tv);
836 #ifdef CONFIG_COMPAT
837 if (!COMPAT_USE_64BIT_TIME &&
838 (msg->msg_flags & MSG_CMSG_COMPAT)) {
839 ctv.tv_sec = tv.tv_sec;
840 ctv.tv_usec = tv.tv_usec;
841 data = &ctv;
842 len = sizeof(ctv);
843 }
844 #endif
845
846 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
847 }
848 }
849
850 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
851 struct msghdr *msg, size_t len, int flags)
852 {
853 int noblock = flags & MSG_DONTWAIT;
854 struct sock *sk = sock->sk;
855 struct sk_buff *skb;
856 int copied, err;
857
858 BT_DBG("sock %p, sk %p", sock, sk);
859
860 if (flags & (MSG_OOB))
861 return -EOPNOTSUPP;
862
863 if (sk->sk_state == BT_CLOSED)
864 return 0;
865
866 skb = skb_recv_datagram(sk, flags, noblock, &err);
867 if (!skb)
868 return err;
869
870 copied = skb->len;
871 if (len < copied) {
872 msg->msg_flags |= MSG_TRUNC;
873 copied = len;
874 }
875
876 skb_reset_transport_header(skb);
877 err = skb_copy_datagram_msg(skb, 0, msg, copied);
878
879 switch (hci_pi(sk)->channel) {
880 case HCI_CHANNEL_RAW:
881 hci_sock_cmsg(sk, msg, skb);
882 break;
883 case HCI_CHANNEL_USER:
884 case HCI_CHANNEL_CONTROL:
885 case HCI_CHANNEL_MONITOR:
886 sock_recv_timestamp(msg, sk, skb);
887 break;
888 }
889
890 skb_free_datagram(sk, skb);
891
892 return err ? : copied;
893 }
894
895 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
896 struct msghdr *msg, size_t len)
897 {
898 struct sock *sk = sock->sk;
899 struct hci_dev *hdev;
900 struct sk_buff *skb;
901 int err;
902
903 BT_DBG("sock %p sk %p", sock, sk);
904
905 if (msg->msg_flags & MSG_OOB)
906 return -EOPNOTSUPP;
907
908 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
909 return -EINVAL;
910
911 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
912 return -EINVAL;
913
914 lock_sock(sk);
915
916 switch (hci_pi(sk)->channel) {
917 case HCI_CHANNEL_RAW:
918 case HCI_CHANNEL_USER:
919 break;
920 case HCI_CHANNEL_CONTROL:
921 err = mgmt_control(sk, msg, len);
922 goto done;
923 case HCI_CHANNEL_MONITOR:
924 err = -EOPNOTSUPP;
925 goto done;
926 default:
927 err = -EINVAL;
928 goto done;
929 }
930
931 hdev = hci_pi(sk)->hdev;
932 if (!hdev) {
933 err = -EBADFD;
934 goto done;
935 }
936
937 if (!test_bit(HCI_UP, &hdev->flags)) {
938 err = -ENETDOWN;
939 goto done;
940 }
941
942 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
943 if (!skb)
944 goto done;
945
946 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
947 err = -EFAULT;
948 goto drop;
949 }
950
951 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
952 skb_pull(skb, 1);
953
954 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
955 /* No permission check is needed for user channel
956 * since that gets enforced when binding the socket.
957 *
958 * However check that the packet type is valid.
959 */
960 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
961 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
962 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
963 err = -EINVAL;
964 goto drop;
965 }
966
967 skb_queue_tail(&hdev->raw_q, skb);
968 queue_work(hdev->workqueue, &hdev->tx_work);
969 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
970 u16 opcode = get_unaligned_le16(skb->data);
971 u16 ogf = hci_opcode_ogf(opcode);
972 u16 ocf = hci_opcode_ocf(opcode);
973
974 if (((ogf > HCI_SFLT_MAX_OGF) ||
975 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
976 &hci_sec_filter.ocf_mask[ogf])) &&
977 !capable(CAP_NET_RAW)) {
978 err = -EPERM;
979 goto drop;
980 }
981
982 if (ogf == 0x3f) {
983 skb_queue_tail(&hdev->raw_q, skb);
984 queue_work(hdev->workqueue, &hdev->tx_work);
985 } else {
986 /* Stand-alone HCI commands must be flagged as
987 * single-command requests.
988 */
989 bt_cb(skb)->req.start = true;
990
991 skb_queue_tail(&hdev->cmd_q, skb);
992 queue_work(hdev->workqueue, &hdev->cmd_work);
993 }
994 } else {
995 if (!capable(CAP_NET_RAW)) {
996 err = -EPERM;
997 goto drop;
998 }
999
1000 skb_queue_tail(&hdev->raw_q, skb);
1001 queue_work(hdev->workqueue, &hdev->tx_work);
1002 }
1003
1004 err = len;
1005
1006 done:
1007 release_sock(sk);
1008 return err;
1009
1010 drop:
1011 kfree_skb(skb);
1012 goto done;
1013 }
1014
1015 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1016 char __user *optval, unsigned int len)
1017 {
1018 struct hci_ufilter uf = { .opcode = 0 };
1019 struct sock *sk = sock->sk;
1020 int err = 0, opt = 0;
1021
1022 BT_DBG("sk %p, opt %d", sk, optname);
1023
1024 lock_sock(sk);
1025
1026 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1027 err = -EBADFD;
1028 goto done;
1029 }
1030
1031 switch (optname) {
1032 case HCI_DATA_DIR:
1033 if (get_user(opt, (int __user *)optval)) {
1034 err = -EFAULT;
1035 break;
1036 }
1037
1038 if (opt)
1039 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1040 else
1041 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1042 break;
1043
1044 case HCI_TIME_STAMP:
1045 if (get_user(opt, (int __user *)optval)) {
1046 err = -EFAULT;
1047 break;
1048 }
1049
1050 if (opt)
1051 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1052 else
1053 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1054 break;
1055
1056 case HCI_FILTER:
1057 {
1058 struct hci_filter *f = &hci_pi(sk)->filter;
1059
1060 uf.type_mask = f->type_mask;
1061 uf.opcode = f->opcode;
1062 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1063 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1064 }
1065
1066 len = min_t(unsigned int, len, sizeof(uf));
1067 if (copy_from_user(&uf, optval, len)) {
1068 err = -EFAULT;
1069 break;
1070 }
1071
1072 if (!capable(CAP_NET_RAW)) {
1073 uf.type_mask &= hci_sec_filter.type_mask;
1074 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1075 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1076 }
1077
1078 {
1079 struct hci_filter *f = &hci_pi(sk)->filter;
1080
1081 f->type_mask = uf.type_mask;
1082 f->opcode = uf.opcode;
1083 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1084 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1085 }
1086 break;
1087
1088 default:
1089 err = -ENOPROTOOPT;
1090 break;
1091 }
1092
1093 done:
1094 release_sock(sk);
1095 return err;
1096 }
1097
1098 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1099 char __user *optval, int __user *optlen)
1100 {
1101 struct hci_ufilter uf;
1102 struct sock *sk = sock->sk;
1103 int len, opt, err = 0;
1104
1105 BT_DBG("sk %p, opt %d", sk, optname);
1106
1107 if (get_user(len, optlen))
1108 return -EFAULT;
1109
1110 lock_sock(sk);
1111
1112 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1113 err = -EBADFD;
1114 goto done;
1115 }
1116
1117 switch (optname) {
1118 case HCI_DATA_DIR:
1119 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1120 opt = 1;
1121 else
1122 opt = 0;
1123
1124 if (put_user(opt, optval))
1125 err = -EFAULT;
1126 break;
1127
1128 case HCI_TIME_STAMP:
1129 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1130 opt = 1;
1131 else
1132 opt = 0;
1133
1134 if (put_user(opt, optval))
1135 err = -EFAULT;
1136 break;
1137
1138 case HCI_FILTER:
1139 {
1140 struct hci_filter *f = &hci_pi(sk)->filter;
1141
1142 memset(&uf, 0, sizeof(uf));
1143 uf.type_mask = f->type_mask;
1144 uf.opcode = f->opcode;
1145 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1146 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1147 }
1148
1149 len = min_t(unsigned int, len, sizeof(uf));
1150 if (copy_to_user(optval, &uf, len))
1151 err = -EFAULT;
1152 break;
1153
1154 default:
1155 err = -ENOPROTOOPT;
1156 break;
1157 }
1158
1159 done:
1160 release_sock(sk);
1161 return err;
1162 }
1163
1164 static const struct proto_ops hci_sock_ops = {
1165 .family = PF_BLUETOOTH,
1166 .owner = THIS_MODULE,
1167 .release = hci_sock_release,
1168 .bind = hci_sock_bind,
1169 .getname = hci_sock_getname,
1170 .sendmsg = hci_sock_sendmsg,
1171 .recvmsg = hci_sock_recvmsg,
1172 .ioctl = hci_sock_ioctl,
1173 .poll = datagram_poll,
1174 .listen = sock_no_listen,
1175 .shutdown = sock_no_shutdown,
1176 .setsockopt = hci_sock_setsockopt,
1177 .getsockopt = hci_sock_getsockopt,
1178 .connect = sock_no_connect,
1179 .socketpair = sock_no_socketpair,
1180 .accept = sock_no_accept,
1181 .mmap = sock_no_mmap
1182 };
1183
1184 static struct proto hci_sk_proto = {
1185 .name = "HCI",
1186 .owner = THIS_MODULE,
1187 .obj_size = sizeof(struct hci_pinfo)
1188 };
1189
1190 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1191 int kern)
1192 {
1193 struct sock *sk;
1194
1195 BT_DBG("sock %p", sock);
1196
1197 if (sock->type != SOCK_RAW)
1198 return -ESOCKTNOSUPPORT;
1199
1200 sock->ops = &hci_sock_ops;
1201
1202 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1203 if (!sk)
1204 return -ENOMEM;
1205
1206 sock_init_data(sock, sk);
1207
1208 sock_reset_flag(sk, SOCK_ZAPPED);
1209
1210 sk->sk_protocol = protocol;
1211
1212 sock->state = SS_UNCONNECTED;
1213 sk->sk_state = BT_OPEN;
1214
1215 bt_sock_link(&hci_sk_list, sk);
1216 return 0;
1217 }
1218
1219 static const struct net_proto_family hci_sock_family_ops = {
1220 .family = PF_BLUETOOTH,
1221 .owner = THIS_MODULE,
1222 .create = hci_sock_create,
1223 };
1224
1225 int __init hci_sock_init(void)
1226 {
1227 int err;
1228
1229 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1230
1231 err = proto_register(&hci_sk_proto, 0);
1232 if (err < 0)
1233 return err;
1234
1235 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1236 if (err < 0) {
1237 BT_ERR("HCI socket registration failed");
1238 goto error;
1239 }
1240
1241 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
1242 if (err < 0) {
1243 BT_ERR("Failed to create HCI proc file");
1244 bt_sock_unregister(BTPROTO_HCI);
1245 goto error;
1246 }
1247
1248 BT_INFO("HCI socket layer initialized");
1249
1250 return 0;
1251
1252 error:
1253 proto_unregister(&hci_sk_proto);
1254 return err;
1255 }
1256
1257 void hci_sock_cleanup(void)
1258 {
1259 bt_procfs_cleanup(&init_net, "hci");
1260 bt_sock_unregister(BTPROTO_HCI);
1261 proto_unregister(&hci_sk_proto);
1262 }
Linux kernel - Deliverables
This page took 0.063208 seconds and 5 git commands to generate.