1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI sockets. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/workqueue.h>
39 #include <linux/interrupt.h>
40 #include <linux/compat.h>
41 #include <linux/socket.h>
42 #include <linux/ioctl.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <linux/uaccess.h>
47 #include <asm/unaligned.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51
52 static int enable_mgmt;
53
54 /* ----- HCI socket interface ----- */
55
hci_test_bit(int nr,void * addr)56 static inline int hci_test_bit(int nr, void *addr)
57 {
58 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
59 }
60
61 /* Security filter */
62 static struct hci_sec_filter hci_sec_filter = {
63 /* Packet types */
64 0x10,
65 /* Events */
66 { 0x1000d9fe, 0x0000b00c },
67 /* Commands */
68 {
69 { 0x0 },
70 /* OGF_LINK_CTL */
71 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
72 /* OGF_LINK_POLICY */
73 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
74 /* OGF_HOST_CTL */
75 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
76 /* OGF_INFO_PARAM */
77 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
78 /* OGF_STATUS_PARAM */
79 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
80 }
81 };
82
83 static struct bt_sock_list hci_sk_list = {
84 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
85 };
86
87 /* Send frame to RAW socket */
hci_send_to_sock(struct hci_dev * hdev,struct sk_buff * skb,struct sock * skip_sk)88 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
89 struct sock *skip_sk)
90 {
91 struct sock *sk;
92 struct hlist_node *node;
93
94 BT_DBG("hdev %p len %d", hdev, skb->len);
95
96 read_lock(&hci_sk_list.lock);
97 sk_for_each(sk, node, &hci_sk_list.head) {
98 struct hci_filter *flt;
99 struct sk_buff *nskb;
100
101 if (sk == skip_sk)
102 continue;
103
104 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105 continue;
106
107 /* Don't send frame to the socket it came from */
108 if (skb->sk == sk)
109 continue;
110
111 if (bt_cb(skb)->channel != hci_pi(sk)->channel)
112 continue;
113
114 if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
115 goto clone;
116
117 /* Apply filter */
118 flt = &hci_pi(sk)->filter;
119
120 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
121 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
122 continue;
123
124 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
125 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
126
127 if (!hci_test_bit(evt, &flt->event_mask))
128 continue;
129
130 if (flt->opcode &&
131 ((evt == HCI_EV_CMD_COMPLETE &&
132 flt->opcode !=
133 get_unaligned((__le16 *)(skb->data + 3))) ||
134 (evt == HCI_EV_CMD_STATUS &&
135 flt->opcode !=
136 get_unaligned((__le16 *)(skb->data + 4)))))
137 continue;
138 }
139
140 clone:
141 nskb = skb_clone(skb, GFP_ATOMIC);
142 if (!nskb)
143 continue;
144
145 /* Put type byte before the data */
146 if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
147 memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
148
149 if (sock_queue_rcv_skb(sk, nskb))
150 kfree_skb(nskb);
151 }
152 read_unlock(&hci_sk_list.lock);
153 }
154
hci_sock_release(struct socket * sock)155 static int hci_sock_release(struct socket *sock)
156 {
157 struct sock *sk = sock->sk;
158 struct hci_dev *hdev;
159
160 BT_DBG("sock %p sk %p", sock, sk);
161
162 if (!sk)
163 return 0;
164
165 hdev = hci_pi(sk)->hdev;
166
167 bt_sock_unlink(&hci_sk_list, sk);
168
169 if (hdev) {
170 atomic_dec(&hdev->promisc);
171 hci_dev_put(hdev);
172 }
173
174 sock_orphan(sk);
175
176 skb_queue_purge(&sk->sk_receive_queue);
177 skb_queue_purge(&sk->sk_write_queue);
178
179 sock_put(sk);
180 return 0;
181 }
182
hci_blacklist_lookup(struct hci_dev * hdev,bdaddr_t * bdaddr)183 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
184 {
185 struct list_head *p;
186
187 list_for_each(p, &hdev->blacklist) {
188 struct bdaddr_list *b;
189
190 b = list_entry(p, struct bdaddr_list, list);
191
192 if (bacmp(bdaddr, &b->bdaddr) == 0)
193 return b;
194 }
195
196 return NULL;
197 }
198
hci_blacklist_add(struct hci_dev * hdev,void __user * arg)199 static int hci_blacklist_add(struct hci_dev *hdev, void __user *arg)
200 {
201 bdaddr_t bdaddr;
202 struct bdaddr_list *entry;
203
204 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
205 return -EFAULT;
206
207 if (bacmp(&bdaddr, BDADDR_ANY) == 0)
208 return -EBADF;
209
210 if (hci_blacklist_lookup(hdev, &bdaddr))
211 return -EEXIST;
212
213 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
214 if (!entry)
215 return -ENOMEM;
216
217 bacpy(&entry->bdaddr, &bdaddr);
218
219 list_add(&entry->list, &hdev->blacklist);
220
221 return 0;
222 }
223
hci_blacklist_clear(struct hci_dev * hdev)224 int hci_blacklist_clear(struct hci_dev *hdev)
225 {
226 struct list_head *p, *n;
227
228 list_for_each_safe(p, n, &hdev->blacklist) {
229 struct bdaddr_list *b;
230
231 b = list_entry(p, struct bdaddr_list, list);
232
233 list_del(p);
234 kfree(b);
235 }
236
237 return 0;
238 }
239
hci_blacklist_del(struct hci_dev * hdev,void __user * arg)240 static int hci_blacklist_del(struct hci_dev *hdev, void __user *arg)
241 {
242 bdaddr_t bdaddr;
243 struct bdaddr_list *entry;
244
245 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
246 return -EFAULT;
247
248 if (bacmp(&bdaddr, BDADDR_ANY) == 0)
249 return hci_blacklist_clear(hdev);
250
251 entry = hci_blacklist_lookup(hdev, &bdaddr);
252 if (!entry)
253 return -ENOENT;
254
255 list_del(&entry->list);
256 kfree(entry);
257
258 return 0;
259 }
260
261 /* Ioctls that require bound socket */
hci_sock_bound_ioctl(struct sock * sk,unsigned int cmd,unsigned long arg)262 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
263 {
264 struct hci_dev *hdev = hci_pi(sk)->hdev;
265
266 if (!hdev)
267 return -EBADFD;
268
269 switch (cmd) {
270 case HCISETRAW:
271 if (!capable(CAP_NET_ADMIN))
272 return -EACCES;
273
274 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
275 return -EPERM;
276
277 if (arg)
278 set_bit(HCI_RAW, &hdev->flags);
279 else
280 clear_bit(HCI_RAW, &hdev->flags);
281
282 return 0;
283
284 case HCIGETCONNINFO:
285 return hci_get_conn_info(hdev, (void __user *) arg);
286
287 case HCIGETAUTHINFO:
288 return hci_get_auth_info(hdev, (void __user *) arg);
289
290 case HCIBLOCKADDR:
291 if (!capable(CAP_NET_ADMIN))
292 return -EACCES;
293 return hci_blacklist_add(hdev, (void __user *) arg);
294
295 case HCIUNBLOCKADDR:
296 if (!capable(CAP_NET_ADMIN))
297 return -EACCES;
298 return hci_blacklist_del(hdev, (void __user *) arg);
299
300 default:
301 if (hdev->ioctl)
302 return hdev->ioctl(hdev, cmd, arg);
303 return -EINVAL;
304 }
305 }
306
hci_sock_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)307 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
308 {
309 struct sock *sk = sock->sk;
310 void __user *argp = (void __user *) arg;
311 int err;
312
313 BT_DBG("cmd %x arg %lx", cmd, arg);
314
315 switch (cmd) {
316 case HCIGETDEVLIST:
317 return hci_get_dev_list(argp);
318
319 case HCIGETDEVINFO:
320 return hci_get_dev_info(argp);
321
322 case HCIGETCONNLIST:
323 return hci_get_conn_list(argp);
324
325 case HCIDEVUP:
326 if (!capable(CAP_NET_ADMIN))
327 return -EACCES;
328 return hci_dev_open(arg);
329
330 case HCIDEVDOWN:
331 if (!capable(CAP_NET_ADMIN))
332 return -EACCES;
333 return hci_dev_close(arg);
334
335 case HCIDEVRESET:
336 if (!capable(CAP_NET_ADMIN))
337 return -EACCES;
338 return hci_dev_reset(arg);
339
340 case HCIDEVRESTAT:
341 if (!capable(CAP_NET_ADMIN))
342 return -EACCES;
343 return hci_dev_reset_stat(arg);
344
345 case HCISETSCAN:
346 case HCISETAUTH:
347 case HCISETENCRYPT:
348 case HCISETPTYPE:
349 case HCISETLINKPOL:
350 case HCISETLINKMODE:
351 case HCISETACLMTU:
352 case HCISETSCOMTU:
353 if (!capable(CAP_NET_ADMIN))
354 return -EACCES;
355 return hci_dev_cmd(cmd, argp);
356
357 case HCIINQUIRY:
358 return hci_inquiry(argp);
359
360 default:
361 lock_sock(sk);
362 err = hci_sock_bound_ioctl(sk, cmd, arg);
363 release_sock(sk);
364 return err;
365 }
366 }
367
hci_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)368 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
369 {
370 struct sockaddr_hci haddr;
371 struct sock *sk = sock->sk;
372 struct hci_dev *hdev = NULL;
373 int len, err = 0;
374
375 BT_DBG("sock %p sk %p", sock, sk);
376
377 if (!addr)
378 return -EINVAL;
379
380 memset(&haddr, 0, sizeof(haddr));
381 len = min_t(unsigned int, sizeof(haddr), addr_len);
382 memcpy(&haddr, addr, len);
383
384 if (haddr.hci_family != AF_BLUETOOTH)
385 return -EINVAL;
386
387 if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
388 return -EINVAL;
389
390 if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
391 return -EINVAL;
392
393 lock_sock(sk);
394
395 if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) {
396 err = -EALREADY;
397 goto done;
398 }
399
400 if (haddr.hci_dev != HCI_DEV_NONE) {
401 hdev = hci_dev_get(haddr.hci_dev);
402 if (!hdev) {
403 err = -ENODEV;
404 goto done;
405 }
406
407 atomic_inc(&hdev->promisc);
408 }
409
410 hci_pi(sk)->channel = haddr.hci_channel;
411 hci_pi(sk)->hdev = hdev;
412 sk->sk_state = BT_BOUND;
413
414 done:
415 release_sock(sk);
416 return err;
417 }
418
hci_sock_getname(struct socket * sock,struct sockaddr * addr,int * addr_len,int peer)419 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
420 {
421 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
422 struct sock *sk = sock->sk;
423 struct hci_dev *hdev = hci_pi(sk)->hdev;
424
425 BT_DBG("sock %p sk %p", sock, sk);
426
427 if (!hdev)
428 return -EBADFD;
429
430 lock_sock(sk);
431
432 *addr_len = sizeof(*haddr);
433 haddr->hci_family = AF_BLUETOOTH;
434 haddr->hci_dev = hdev->id;
435
436 release_sock(sk);
437 return 0;
438 }
439
hci_sock_cmsg(struct sock * sk,struct msghdr * msg,struct sk_buff * skb)440 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
441 {
442 __u32 mask = hci_pi(sk)->cmsg_mask;
443
444 if (mask & HCI_CMSG_DIR) {
445 int incoming = bt_cb(skb)->incoming;
446 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
447 }
448
449 if (mask & HCI_CMSG_TSTAMP) {
450 #ifdef CONFIG_COMPAT
451 struct compat_timeval ctv;
452 #endif
453 struct timeval tv;
454 void *data;
455 int len;
456
457 skb_get_timestamp(skb, &tv);
458
459 data = &tv;
460 len = sizeof(tv);
461 #ifdef CONFIG_COMPAT
462 if (msg->msg_flags & MSG_CMSG_COMPAT) {
463 ctv.tv_sec = tv.tv_sec;
464 ctv.tv_usec = tv.tv_usec;
465 data = &ctv;
466 len = sizeof(ctv);
467 }
468 #endif
469
470 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
471 }
472 }
473
hci_sock_recvmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len,int flags)474 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
475 struct msghdr *msg, size_t len, int flags)
476 {
477 int noblock = flags & MSG_DONTWAIT;
478 struct sock *sk = sock->sk;
479 struct sk_buff *skb;
480 int copied, err;
481
482 BT_DBG("sock %p, sk %p", sock, sk);
483
484 if (flags & (MSG_OOB))
485 return -EOPNOTSUPP;
486
487 if (sk->sk_state == BT_CLOSED)
488 return 0;
489
490 skb = skb_recv_datagram(sk, flags, noblock, &err);
491 if (!skb)
492 return err;
493
494 msg->msg_namelen = 0;
495
496 copied = skb->len;
497 if (len < copied) {
498 msg->msg_flags |= MSG_TRUNC;
499 copied = len;
500 }
501
502 skb_reset_transport_header(skb);
503 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
504
505 hci_sock_cmsg(sk, msg, skb);
506
507 skb_free_datagram(sk, skb);
508
509 return err ? : copied;
510 }
511
hci_sock_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len)512 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
513 struct msghdr *msg, size_t len)
514 {
515 struct sock *sk = sock->sk;
516 struct hci_dev *hdev;
517 struct sk_buff *skb;
518 int err;
519
520 BT_DBG("sock %p sk %p", sock, sk);
521
522 if (msg->msg_flags & MSG_OOB)
523 return -EOPNOTSUPP;
524
525 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
526 return -EINVAL;
527
528 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
529 return -EINVAL;
530
531 lock_sock(sk);
532
533 switch (hci_pi(sk)->channel) {
534 case HCI_CHANNEL_RAW:
535 break;
536 case HCI_CHANNEL_CONTROL:
537 err = mgmt_control(sk, msg, len);
538 goto done;
539 default:
540 err = -EINVAL;
541 goto done;
542 }
543
544 hdev = hci_pi(sk)->hdev;
545 if (!hdev) {
546 err = -EBADFD;
547 goto done;
548 }
549
550 if (!test_bit(HCI_UP, &hdev->flags)) {
551 err = -ENETDOWN;
552 goto done;
553 }
554
555 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
556 if (!skb)
557 goto done;
558
559 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
560 err = -EFAULT;
561 goto drop;
562 }
563
564 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
565 skb_pull(skb, 1);
566 skb->dev = (void *) hdev;
567
568 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
569 u16 opcode = get_unaligned_le16(skb->data);
570 u16 ogf = hci_opcode_ogf(opcode);
571 u16 ocf = hci_opcode_ocf(opcode);
572
573 if (((ogf > HCI_SFLT_MAX_OGF) ||
574 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
575 !capable(CAP_NET_RAW)) {
576 err = -EPERM;
577 goto drop;
578 }
579
580 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
581 skb_queue_tail(&hdev->raw_q, skb);
582 tasklet_schedule(&hdev->tx_task);
583 } else {
584 skb_queue_tail(&hdev->cmd_q, skb);
585 tasklet_schedule(&hdev->cmd_task);
586 }
587 } else {
588 if (!capable(CAP_NET_RAW)) {
589 err = -EPERM;
590 goto drop;
591 }
592
593 skb_queue_tail(&hdev->raw_q, skb);
594 tasklet_schedule(&hdev->tx_task);
595 }
596
597 err = len;
598
599 done:
600 release_sock(sk);
601 return err;
602
603 drop:
604 kfree_skb(skb);
605 goto done;
606 }
607
hci_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int len)608 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
609 {
610 struct hci_ufilter uf = { .opcode = 0 };
611 struct sock *sk = sock->sk;
612 int err = 0, opt = 0;
613
614 BT_DBG("sk %p, opt %d", sk, optname);
615
616 lock_sock(sk);
617
618 switch (optname) {
619 case HCI_DATA_DIR:
620 if (get_user(opt, (int __user *)optval)) {
621 err = -EFAULT;
622 break;
623 }
624
625 if (opt)
626 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
627 else
628 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
629 break;
630
631 case HCI_TIME_STAMP:
632 if (get_user(opt, (int __user *)optval)) {
633 err = -EFAULT;
634 break;
635 }
636
637 if (opt)
638 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
639 else
640 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
641 break;
642
643 case HCI_FILTER:
644 {
645 struct hci_filter *f = &hci_pi(sk)->filter;
646
647 uf.type_mask = f->type_mask;
648 uf.opcode = f->opcode;
649 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
650 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
651 }
652
653 len = min_t(unsigned int, len, sizeof(uf));
654 if (copy_from_user(&uf, optval, len)) {
655 err = -EFAULT;
656 break;
657 }
658
659 if (!capable(CAP_NET_RAW)) {
660 uf.type_mask &= hci_sec_filter.type_mask;
661 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
662 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
663 }
664
665 {
666 struct hci_filter *f = &hci_pi(sk)->filter;
667
668 f->type_mask = uf.type_mask;
669 f->opcode = uf.opcode;
670 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
671 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
672 }
673 break;
674
675 default:
676 err = -ENOPROTOOPT;
677 break;
678 }
679
680 release_sock(sk);
681 return err;
682 }
683
hci_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)684 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
685 {
686 struct hci_ufilter uf;
687 struct sock *sk = sock->sk;
688 int len, opt;
689
690 if (get_user(len, optlen))
691 return -EFAULT;
692
693 switch (optname) {
694 case HCI_DATA_DIR:
695 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
696 opt = 1;
697 else
698 opt = 0;
699
700 if (put_user(opt, optval))
701 return -EFAULT;
702 break;
703
704 case HCI_TIME_STAMP:
705 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
706 opt = 1;
707 else
708 opt = 0;
709
710 if (put_user(opt, optval))
711 return -EFAULT;
712 break;
713
714 case HCI_FILTER:
715 {
716 struct hci_filter *f = &hci_pi(sk)->filter;
717
718 uf.type_mask = f->type_mask;
719 uf.opcode = f->opcode;
720 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
721 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
722 }
723
724 len = min_t(unsigned int, len, sizeof(uf));
725 if (copy_to_user(optval, &uf, len))
726 return -EFAULT;
727 break;
728
729 default:
730 return -ENOPROTOOPT;
731 break;
732 }
733
734 return 0;
735 }
736
737 static const struct proto_ops hci_sock_ops = {
738 .family = PF_BLUETOOTH,
739 .owner = THIS_MODULE,
740 .release = hci_sock_release,
741 .bind = hci_sock_bind,
742 .getname = hci_sock_getname,
743 .sendmsg = hci_sock_sendmsg,
744 .recvmsg = hci_sock_recvmsg,
745 .ioctl = hci_sock_ioctl,
746 .poll = datagram_poll,
747 .listen = sock_no_listen,
748 .shutdown = sock_no_shutdown,
749 .setsockopt = hci_sock_setsockopt,
750 .getsockopt = hci_sock_getsockopt,
751 .connect = sock_no_connect,
752 .socketpair = sock_no_socketpair,
753 .accept = sock_no_accept,
754 .mmap = sock_no_mmap
755 };
756
757 static struct proto hci_sk_proto = {
758 .name = "HCI",
759 .owner = THIS_MODULE,
760 .obj_size = sizeof(struct hci_pinfo)
761 };
762
hci_sock_create(struct net * net,struct socket * sock,int protocol,int kern)763 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
764 int kern)
765 {
766 struct sock *sk;
767
768 BT_DBG("sock %p", sock);
769
770 if (sock->type != SOCK_RAW)
771 return -ESOCKTNOSUPPORT;
772
773 sock->ops = &hci_sock_ops;
774
775 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
776 if (!sk)
777 return -ENOMEM;
778
779 sock_init_data(sock, sk);
780
781 sock_reset_flag(sk, SOCK_ZAPPED);
782
783 sk->sk_protocol = protocol;
784
785 sock->state = SS_UNCONNECTED;
786 sk->sk_state = BT_OPEN;
787
788 bt_sock_link(&hci_sk_list, sk);
789 return 0;
790 }
791
hci_sock_dev_event(struct notifier_block * this,unsigned long event,void * ptr)792 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
793 {
794 struct hci_dev *hdev = (struct hci_dev *) ptr;
795 struct hci_ev_si_device ev;
796
797 BT_DBG("hdev %s event %ld", hdev->name, event);
798
799 /* Send event to sockets */
800 ev.event = event;
801 ev.dev_id = hdev->id;
802 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
803
804 if (event == HCI_DEV_UNREG) {
805 struct sock *sk;
806 struct hlist_node *node;
807
808 /* Detach sockets from device */
809 read_lock(&hci_sk_list.lock);
810 sk_for_each(sk, node, &hci_sk_list.head) {
811 local_bh_disable();
812 bh_lock_sock_nested(sk);
813 if (hci_pi(sk)->hdev == hdev) {
814 hci_pi(sk)->hdev = NULL;
815 sk->sk_err = EPIPE;
816 sk->sk_state = BT_OPEN;
817 sk->sk_state_change(sk);
818
819 hci_dev_put(hdev);
820 }
821 bh_unlock_sock(sk);
822 local_bh_enable();
823 }
824 read_unlock(&hci_sk_list.lock);
825 }
826
827 return NOTIFY_DONE;
828 }
829
830 static const struct net_proto_family hci_sock_family_ops = {
831 .family = PF_BLUETOOTH,
832 .owner = THIS_MODULE,
833 .create = hci_sock_create,
834 };
835
836 static struct notifier_block hci_sock_nblock = {
837 .notifier_call = hci_sock_dev_event
838 };
839
hci_sock_init(void)840 int __init hci_sock_init(void)
841 {
842 int err;
843
844 err = proto_register(&hci_sk_proto, 0);
845 if (err < 0)
846 return err;
847
848 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
849 if (err < 0)
850 goto error;
851
852 hci_register_notifier(&hci_sock_nblock);
853
854 BT_INFO("HCI socket layer initialized");
855
856 return 0;
857
858 error:
859 BT_ERR("HCI socket registration failed");
860 proto_unregister(&hci_sk_proto);
861 return err;
862 }
863
hci_sock_cleanup(void)864 void hci_sock_cleanup(void)
865 {
866 if (bt_sock_unregister(BTPROTO_HCI) < 0)
867 BT_ERR("HCI socket unregistration failed");
868
869 hci_unregister_notifier(&hci_sock_nblock);
870
871 proto_unregister(&hci_sk_proto);
872 }
873
874 module_param(enable_mgmt, bool, 0644);
875 MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
876