Pileus Git - ~andy/linux/blob - net/bluetooth/hci_sock.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License version 2 as
   9    published by the Free Software Foundation;
  10
  11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22    SOFTWARE IS DISCLAIMED.
  23 */
  24
  25 /* Bluetooth HCI sockets. */
  26
  27 #include <linux/module.h>
  28
  29 #include <linux/types.h>
  30 #include <linux/capability.h>
  31 #include <linux/errno.h>
  32 #include <linux/kernel.h>
  33 #include <linux/slab.h>
  34 #include <linux/poll.h>
  35 #include <linux/fcntl.h>
  36 #include <linux/init.h>
  37 #include <linux/skbuff.h>
  38 #include <linux/workqueue.h>
  39 #include <linux/interrupt.h>
  40 #include <linux/compat.h>
  41 #include <linux/socket.h>
  42 #include <linux/ioctl.h>
  43 #include <net/sock.h>
  44
  45 #include <asm/system.h>
  46 #include <linux/uaccess.h>
  47 #include <asm/unaligned.h>
  48
  49 #include <net/bluetooth/bluetooth.h>
  50 #include <net/bluetooth/hci_core.h>
  51 #include <net/bluetooth/hci_mon.h>
  52
  53 static atomic_t monitor_promisc = ATOMIC_INIT(0);
  54
  55 /* ----- HCI socket interface ----- */
  56
  57 static inline int hci_test_bit(int nr, void *addr)
  58 {
  59         return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
  60 }
  61
  62 /* Security filter */
  63 static struct hci_sec_filter hci_sec_filter = {
  64         /* Packet types */
  65         0x10,
  66         /* Events */
  67         { 0x1000d9fe, 0x0000b00c },
  68         /* Commands */
  69         {
  70                 { 0x0 },
  71                 /* OGF_LINK_CTL */
  72                 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
  73                 /* OGF_LINK_POLICY */
  74                 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
  75                 /* OGF_HOST_CTL */
  76                 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
  77                 /* OGF_INFO_PARAM */
  78                 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
  79                 /* OGF_STATUS_PARAM */
  80                 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
  81         }
  82 };
  83
  84 static struct bt_sock_list hci_sk_list = {
  85         .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
  86 };
  87
  88 /* Send frame to RAW socket */
  89 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
  90 {
  91         struct sock *sk;
  92         struct hlist_node *node;
  93         struct sk_buff *skb_copy = NULL;
  94
  95         BT_DBG("hdev %p len %d", hdev, skb->len);
  96
  97         read_lock(&hci_sk_list.lock);
  98
  99         sk_for_each(sk, node, &hci_sk_list.head) {
 100                 struct hci_filter *flt;
 101                 struct sk_buff *nskb;
 102
 103                 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
 104                         continue;
 105
 106                 /* Don't send frame to the socket it came from */
 107                 if (skb->sk == sk)
 108                         continue;
 109
 110                 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
 111                         continue;
 112
 113                 /* Apply filter */
 114                 flt = &hci_pi(sk)->filter;
 115
 116                 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
 117                                 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
 118                         continue;
 119
 120                 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
 121                         register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
 122
 123                         if (!hci_test_bit(evt, &flt->event_mask))
 124                                 continue;
 125
 126                         if (flt->opcode &&
 127                             ((evt == HCI_EV_CMD_COMPLETE &&
 128                               flt->opcode !=
 129                               get_unaligned((__le16 *)(skb->data + 3))) ||
 130                              (evt == HCI_EV_CMD_STATUS &&
 131                               flt->opcode !=
 132                               get_unaligned((__le16 *)(skb->data + 4)))))
 133                                 continue;
 134                 }
 135
 136                 if (!skb_copy) {
 137                         /* Create a private copy with headroom */
 138                         skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
 139                         if (!skb_copy)
 140                                 continue;
 141
 142                         /* Put type byte before the data */
 143                         memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
 144                 }
 145
 146                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
 147                 if (!nskb)
 148                         continue;
 149
 150                 if (sock_queue_rcv_skb(sk, nskb))
 151                         kfree_skb(nskb);
 152         }
 153
 154         read_unlock(&hci_sk_list.lock);
 155
 156         kfree_skb(skb_copy);
 157 }
 158
 159 /* Send frame to control socket */
 160 void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
 161 {
 162         struct sock *sk;
 163         struct hlist_node *node;
 164
 165         BT_DBG("len %d", skb->len);
 166
 167         read_lock(&hci_sk_list.lock);
 168
 169         sk_for_each(sk, node, &hci_sk_list.head) {
 170                 struct sk_buff *nskb;
 171
 172                 /* Skip the original socket */
 173                 if (sk == skip_sk)
 174                         continue;
 175
 176                 if (sk->sk_state != BT_BOUND)
 177                         continue;
 178
 179                 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
 180                         continue;
 181
 182                 nskb = skb_clone(skb, GFP_ATOMIC);
 183                 if (!nskb)
 184                         continue;
 185
 186                 if (sock_queue_rcv_skb(sk, nskb))
 187                         kfree_skb(nskb);
 188         }
 189
 190         read_unlock(&hci_sk_list.lock);
 191 }
 192
 193 /* Send frame to monitor socket */
 194 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
 195 {
 196         struct sock *sk;
 197         struct hlist_node *node;
 198         struct sk_buff *skb_copy = NULL;
 199         __le16 opcode;
 200
 201         if (!atomic_read(&monitor_promisc))
 202                 return;
 203
 204         BT_DBG("hdev %p len %d", hdev, skb->len);
 205
 206         switch (bt_cb(skb)->pkt_type) {
 207         case HCI_COMMAND_PKT:
 208                 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
 209                 break;
 210         case HCI_EVENT_PKT:
 211                 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
 212                 break;
 213         case HCI_ACLDATA_PKT:
 214                 if (bt_cb(skb)->incoming)
 215                         opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
 216                 else
 217                         opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
 218                 break;
 219         case HCI_SCODATA_PKT:
 220                 if (bt_cb(skb)->incoming)
 221                         opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
 222                 else
 223                         opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
 224                 break;
 225         default:
 226                 return;
 227         }
 228
 229         read_lock(&hci_sk_list.lock);
 230
 231         sk_for_each(sk, node, &hci_sk_list.head) {
 232                 struct sk_buff *nskb;
 233
 234                 if (sk->sk_state != BT_BOUND)
 235                         continue;
 236
 237                 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
 238                         continue;
 239
 240                 if (!skb_copy) {
 241                         struct hci_mon_hdr *hdr;
 242
 243                         /* Create a private copy with headroom */
 244                         skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC);
 245                         if (!skb_copy)
 246                                 continue;
 247
 248                         /* Put header before the data */
 249                         hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
 250                         hdr->opcode = opcode;
 251                         hdr->index = cpu_to_le16(hdev->id);
 252                         hdr->len = cpu_to_le16(skb->len);
 253                 }
 254
 255                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
 256                 if (!nskb)
 257                         continue;
 258
 259                 if (sock_queue_rcv_skb(sk, nskb))
 260                         kfree_skb(nskb);
 261         }
 262
 263         read_unlock(&hci_sk_list.lock);
 264
 265         kfree_skb(skb_copy);
 266 }
 267
 268 static void send_monitor_event(struct sk_buff *skb)
 269 {
 270         struct sock *sk;
 271         struct hlist_node *node;
 272
 273         BT_DBG("len %d", skb->len);
 274
 275         read_lock(&hci_sk_list.lock);
 276
 277         sk_for_each(sk, node, &hci_sk_list.head) {
 278                 struct sk_buff *nskb;
 279
 280                 if (sk->sk_state != BT_BOUND)
 281                         continue;
 282
 283                 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
 284                         continue;
 285
 286                 nskb = skb_clone(skb, GFP_ATOMIC);
 287                 if (!nskb)
 288                         continue;
 289
 290                 if (sock_queue_rcv_skb(sk, nskb))
 291                         kfree_skb(nskb);
 292         }
 293
 294         read_unlock(&hci_sk_list.lock);
 295 }
 296
 297 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
 298 {
 299         struct hci_mon_hdr *hdr;
 300         struct hci_mon_new_index *ni;
 301         struct sk_buff *skb;
 302         __le16 opcode;
 303
 304         switch (event) {
 305         case HCI_DEV_REG:
 306                 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
 307                 if (!skb)
 308                         return NULL;
 309
 310                 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
 311                 ni->type = hdev->dev_type;
 312                 ni->bus = hdev->bus;
 313                 bacpy(&ni->bdaddr, &hdev->bdaddr);
 314                 memcpy(ni->name, hdev->name, 8);
 315
 316                 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
 317                 break;
 318
 319         case HCI_DEV_UNREG:
 320                 skb = bt_skb_alloc(0, GFP_ATOMIC);
 321                 if (!skb)
 322                         return NULL;
 323
 324                 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
 325                 break;
 326
 327         default:
 328                 return NULL;
 329         }
 330
 331         __net_timestamp(skb);
 332
 333         hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
 334         hdr->opcode = opcode;
 335         hdr->index = cpu_to_le16(hdev->id);
 336         hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
 337
 338         return skb;
 339 }
 340
 341 static void send_monitor_replay(struct sock *sk)
 342 {
 343         struct hci_dev *hdev;
 344
 345         read_lock(&hci_dev_list_lock);
 346
 347         list_for_each_entry(hdev, &hci_dev_list, list) {
 348                 struct sk_buff *skb;
 349
 350                 skb = create_monitor_event(hdev, HCI_DEV_REG);
 351                 if (!skb)
 352                         continue;
 353
 354                 if (sock_queue_rcv_skb(sk, skb))
 355                         kfree_skb(skb);
 356         }
 357
 358         read_unlock(&hci_dev_list_lock);
 359 }
 360
 361 /* Generate internal stack event */
 362 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
 363 {
 364         struct hci_event_hdr *hdr;
 365         struct hci_ev_stack_internal *ev;
 366         struct sk_buff *skb;
 367
 368         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
 369         if (!skb)
 370                 return;
 371
 372         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
 373         hdr->evt  = HCI_EV_STACK_INTERNAL;
 374         hdr->plen = sizeof(*ev) + dlen;
 375
 376         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
 377         ev->type = type;
 378         memcpy(ev->data, data, dlen);
 379
 380         bt_cb(skb)->incoming = 1;
 381         __net_timestamp(skb);
 382
 383         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
 384         skb->dev = (void *) hdev;
 385         hci_send_to_sock(hdev, skb);
 386         kfree_skb(skb);
 387 }
 388
 389 void hci_sock_dev_event(struct hci_dev *hdev, int event)
 390 {
 391         struct hci_ev_si_device ev;
 392
 393         BT_DBG("hdev %s event %d", hdev->name, event);
 394
 395         /* Send event to monitor */
 396         if (atomic_read(&monitor_promisc)) {
 397                 struct sk_buff *skb;
 398
 399                 skb = create_monitor_event(hdev, event);
 400                 if (skb) {
 401                         send_monitor_event(skb);
 402                         kfree_skb(skb);
 403                 }
 404         }
 405
 406         /* Send event to sockets */
 407         ev.event  = event;
 408         ev.dev_id = hdev->id;
 409         hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
 410
 411         if (event == HCI_DEV_UNREG) {
 412                 struct sock *sk;
 413                 struct hlist_node *node;
 414
 415                 /* Detach sockets from device */
 416                 read_lock(&hci_sk_list.lock);
 417                 sk_for_each(sk, node, &hci_sk_list.head) {
 418                         bh_lock_sock_nested(sk);
 419                         if (hci_pi(sk)->hdev == hdev) {
 420                                 hci_pi(sk)->hdev = NULL;
 421                                 sk->sk_err = EPIPE;
 422                                 sk->sk_state = BT_OPEN;
 423                                 sk->sk_state_change(sk);
 424
 425                                 hci_dev_put(hdev);
 426                         }
 427                         bh_unlock_sock(sk);
 428                 }
 429                 read_unlock(&hci_sk_list.lock);
 430         }
 431 }
 432
 433 static int hci_sock_release(struct socket *sock)
 434 {
 435         struct sock *sk = sock->sk;
 436         struct hci_dev *hdev;
 437
 438         BT_DBG("sock %p sk %p", sock, sk);
 439
 440         if (!sk)
 441                 return 0;
 442
 443         hdev = hci_pi(sk)->hdev;
 444
 445         if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
 446                 atomic_dec(&monitor_promisc);
 447
 448         bt_sock_unlink(&hci_sk_list, sk);
 449
 450         if (hdev) {
 451                 atomic_dec(&hdev->promisc);
 452                 hci_dev_put(hdev);
 453         }
 454
 455         sock_orphan(sk);
 456
 457         skb_queue_purge(&sk->sk_receive_queue);
 458         skb_queue_purge(&sk->sk_write_queue);
 459
 460         sock_put(sk);
 461         return 0;
 462 }
 463
 464 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
 465 {
 466         bdaddr_t bdaddr;
 467         int err;
 468
 469         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
 470                 return -EFAULT;
 471
 472         hci_dev_lock(hdev);
 473
 474         err = hci_blacklist_add(hdev, &bdaddr, 0);
 475
 476         hci_dev_unlock(hdev);
 477
 478         return err;
 479 }
 480
 481 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
 482 {
 483         bdaddr_t bdaddr;
 484         int err;
 485
 486         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
 487                 return -EFAULT;
 488
 489         hci_dev_lock(hdev);
 490
 491         err = hci_blacklist_del(hdev, &bdaddr, 0);
 492
 493         hci_dev_unlock(hdev);
 494
 495         return err;
 496 }
 497
 498 /* Ioctls that require bound socket */
 499 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
 500 {
 501         struct hci_dev *hdev = hci_pi(sk)->hdev;
 502
 503         if (!hdev)
 504                 return -EBADFD;
 505
 506         switch (cmd) {
 507         case HCISETRAW:
 508                 if (!capable(CAP_NET_ADMIN))
 509                         return -EACCES;
 510
 511                 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
 512                         return -EPERM;
 513
 514                 if (arg)
 515                         set_bit(HCI_RAW, &hdev->flags);
 516                 else
 517                         clear_bit(HCI_RAW, &hdev->flags);
 518
 519                 return 0;
 520
 521         case HCIGETCONNINFO:
 522                 return hci_get_conn_info(hdev, (void __user *) arg);
 523
 524         case HCIGETAUTHINFO:
 525                 return hci_get_auth_info(hdev, (void __user *) arg);
 526
 527         case HCIBLOCKADDR:
 528                 if (!capable(CAP_NET_ADMIN))
 529                         return -EACCES;
 530                 return hci_sock_blacklist_add(hdev, (void __user *) arg);
 531
 532         case HCIUNBLOCKADDR:
 533                 if (!capable(CAP_NET_ADMIN))
 534                         return -EACCES;
 535                 return hci_sock_blacklist_del(hdev, (void __user *) arg);
 536
 537         default:
 538                 if (hdev->ioctl)
 539                         return hdev->ioctl(hdev, cmd, arg);
 540                 return -EINVAL;
 541         }
 542 }
 543
 544 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 545 {
 546         struct sock *sk = sock->sk;
 547         void __user *argp = (void __user *) arg;
 548         int err;
 549
 550         BT_DBG("cmd %x arg %lx", cmd, arg);
 551
 552         switch (cmd) {
 553         case HCIGETDEVLIST:
 554                 return hci_get_dev_list(argp);
 555
 556         case HCIGETDEVINFO:
 557                 return hci_get_dev_info(argp);
 558
 559         case HCIGETCONNLIST:
 560                 return hci_get_conn_list(argp);
 561
 562         case HCIDEVUP:
 563                 if (!capable(CAP_NET_ADMIN))
 564                         return -EACCES;
 565                 return hci_dev_open(arg);
 566
 567         case HCIDEVDOWN:
 568                 if (!capable(CAP_NET_ADMIN))
 569                         return -EACCES;
 570                 return hci_dev_close(arg);
 571
 572         case HCIDEVRESET:
 573                 if (!capable(CAP_NET_ADMIN))
 574                         return -EACCES;
 575                 return hci_dev_reset(arg);
 576
 577         case HCIDEVRESTAT:
 578                 if (!capable(CAP_NET_ADMIN))
 579                         return -EACCES;
 580                 return hci_dev_reset_stat(arg);
 581
 582         case HCISETSCAN:
 583         case HCISETAUTH:
 584         case HCISETENCRYPT:
 585         case HCISETPTYPE:
 586         case HCISETLINKPOL:
 587         case HCISETLINKMODE:
 588         case HCISETACLMTU:
 589         case HCISETSCOMTU:
 590                 if (!capable(CAP_NET_ADMIN))
 591                         return -EACCES;
 592                 return hci_dev_cmd(cmd, argp);
 593
 594         case HCIINQUIRY:
 595                 return hci_inquiry(argp);
 596
 597         default:
 598                 lock_sock(sk);
 599                 err = hci_sock_bound_ioctl(sk, cmd, arg);
 600                 release_sock(sk);
 601                 return err;
 602         }
 603 }
 604
 605 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
 606 {
 607         struct sockaddr_hci haddr;
 608         struct sock *sk = sock->sk;
 609         struct hci_dev *hdev = NULL;
 610         int len, err = 0;
 611
 612         BT_DBG("sock %p sk %p", sock, sk);
 613
 614         if (!addr)
 615                 return -EINVAL;
 616
 617         memset(&haddr, 0, sizeof(haddr));
 618         len = min_t(unsigned int, sizeof(haddr), addr_len);
 619         memcpy(&haddr, addr, len);
 620
 621         if (haddr.hci_family != AF_BLUETOOTH)
 622                 return -EINVAL;
 623
 624         lock_sock(sk);
 625
 626         if (sk->sk_state == BT_BOUND) {
 627                 err = -EALREADY;
 628                 goto done;
 629         }
 630
 631         switch (haddr.hci_channel) {
 632         case HCI_CHANNEL_RAW:
 633                 if (hci_pi(sk)->hdev) {
 634                         err = -EALREADY;
 635                         goto done;
 636                 }
 637
 638                 if (haddr.hci_dev != HCI_DEV_NONE) {
 639                         hdev = hci_dev_get(haddr.hci_dev);
 640                         if (!hdev) {
 641                                 err = -ENODEV;
 642                                 goto done;
 643                         }
 644
 645                         atomic_inc(&hdev->promisc);
 646                 }
 647
 648                 hci_pi(sk)->hdev = hdev;
 649                 break;
 650
 651         case HCI_CHANNEL_CONTROL:
 652                 if (haddr.hci_dev != HCI_DEV_NONE) {
 653                         err = -EINVAL;
 654                         goto done;
 655                 }
 656
 657                 if (!capable(CAP_NET_ADMIN)) {
 658                         err = -EPERM;
 659                         goto done;
 660                 }
 661
 662                 break;
 663
 664         case HCI_CHANNEL_MONITOR:
 665                 if (haddr.hci_dev != HCI_DEV_NONE) {
 666                         err = -EINVAL;
 667                         goto done;
 668                 }
 669
 670                 if (!capable(CAP_NET_RAW)) {
 671                         err = -EPERM;
 672                         goto done;
 673                 }
 674
 675                 send_monitor_replay(sk);
 676
 677                 atomic_inc(&monitor_promisc);
 678                 break;
 679
 680         default:
 681                 err = -EINVAL;
 682                 goto done;
 683         }
 684
 685
 686         hci_pi(sk)->channel = haddr.hci_channel;
 687         sk->sk_state = BT_BOUND;
 688
 689 done:
 690         release_sock(sk);
 691         return err;
 692 }
 693
 694 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
 695 {
 696         struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
 697         struct sock *sk = sock->sk;
 698         struct hci_dev *hdev = hci_pi(sk)->hdev;
 699
 700         BT_DBG("sock %p sk %p", sock, sk);
 701
 702         if (!hdev)
 703                 return -EBADFD;
 704
 705         lock_sock(sk);
 706
 707         *addr_len = sizeof(*haddr);
 708         haddr->hci_family = AF_BLUETOOTH;
 709         haddr->hci_dev    = hdev->id;
 710
 711         release_sock(sk);
 712         return 0;
 713 }
 714
 715 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
 716 {
 717         __u32 mask = hci_pi(sk)->cmsg_mask;
 718
 719         if (mask & HCI_CMSG_DIR) {
 720                 int incoming = bt_cb(skb)->incoming;
 721                 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
 722         }
 723
 724         if (mask & HCI_CMSG_TSTAMP) {
 725 #ifdef CONFIG_COMPAT
 726                 struct compat_timeval ctv;
 727 #endif
 728                 struct timeval tv;
 729                 void *data;
 730                 int len;
 731
 732                 skb_get_timestamp(skb, &tv);
 733
 734                 data = &tv;
 735                 len = sizeof(tv);
 736 #ifdef CONFIG_COMPAT
 737                 if (msg->msg_flags & MSG_CMSG_COMPAT) {
 738                         ctv.tv_sec = tv.tv_sec;
 739                         ctv.tv_usec = tv.tv_usec;
 740                         data = &ctv;
 741                         len = sizeof(ctv);
 742                 }
 743 #endif
 744
 745                 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
 746         }
 747 }
 748
 749 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 750                                 struct msghdr *msg, size_t len, int flags)
 751 {
 752         int noblock = flags & MSG_DONTWAIT;
 753         struct sock *sk = sock->sk;
 754         struct sk_buff *skb;
 755         int copied, err;
 756
 757         BT_DBG("sock %p, sk %p", sock, sk);
 758
 759         if (flags & (MSG_OOB))
 760                 return -EOPNOTSUPP;
 761
 762         if (sk->sk_state == BT_CLOSED)
 763                 return 0;
 764
 765         skb = skb_recv_datagram(sk, flags, noblock, &err);
 766         if (!skb)
 767                 return err;
 768
 769         msg->msg_namelen = 0;
 770
 771         copied = skb->len;
 772         if (len < copied) {
 773                 msg->msg_flags |= MSG_TRUNC;
 774                 copied = len;
 775         }
 776
 777         skb_reset_transport_header(skb);
 778         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
 779
 780         switch (hci_pi(sk)->channel) {
 781         case HCI_CHANNEL_RAW:
 782                 hci_sock_cmsg(sk, msg, skb);
 783                 break;
 784         case HCI_CHANNEL_CONTROL:
 785         case HCI_CHANNEL_MONITOR:
 786                 sock_recv_timestamp(msg, sk, skb);
 787                 break;
 788         }
 789
 790         skb_free_datagram(sk, skb);
 791
 792         return err ? : copied;
 793 }
 794
 795 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
 796                             struct msghdr *msg, size_t len)
 797 {
 798         struct sock *sk = sock->sk;
 799         struct hci_dev *hdev;
 800         struct sk_buff *skb;
 801         int err;
 802
 803         BT_DBG("sock %p sk %p", sock, sk);
 804
 805         if (msg->msg_flags & MSG_OOB)
 806                 return -EOPNOTSUPP;
 807
 808         if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
 809                 return -EINVAL;
 810
 811         if (len < 4 || len > HCI_MAX_FRAME_SIZE)
 812                 return -EINVAL;
 813
 814         lock_sock(sk);
 815
 816         switch (hci_pi(sk)->channel) {
 817         case HCI_CHANNEL_RAW:
 818                 break;
 819         case HCI_CHANNEL_CONTROL:
 820                 err = mgmt_control(sk, msg, len);
 821                 goto done;
 822         case HCI_CHANNEL_MONITOR:
 823                 err = -EOPNOTSUPP;
 824                 goto done;
 825         default:
 826                 err = -EINVAL;
 827                 goto done;
 828         }
 829
 830         hdev = hci_pi(sk)->hdev;
 831         if (!hdev) {
 832                 err = -EBADFD;
 833                 goto done;
 834         }
 835
 836         if (!test_bit(HCI_UP, &hdev->flags)) {
 837                 err = -ENETDOWN;
 838                 goto done;
 839         }
 840
 841         skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
 842         if (!skb)
 843                 goto done;
 844
 845         if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
 846                 err = -EFAULT;
 847                 goto drop;
 848         }
 849
 850         bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
 851         skb_pull(skb, 1);
 852         skb->dev = (void *) hdev;
 853
 854         if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
 855                 u16 opcode = get_unaligned_le16(skb->data);
 856                 u16 ogf = hci_opcode_ogf(opcode);
 857                 u16 ocf = hci_opcode_ocf(opcode);
 858
 859                 if (((ogf > HCI_SFLT_MAX_OGF) ||
 860                                 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
 861                                         !capable(CAP_NET_RAW)) {
 862                         err = -EPERM;
 863                         goto drop;
 864                 }
 865
 866                 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
 867                         skb_queue_tail(&hdev->raw_q, skb);
 868                         queue_work(hdev->workqueue, &hdev->tx_work);
 869                 } else {
 870                         skb_queue_tail(&hdev->cmd_q, skb);
 871                         queue_work(hdev->workqueue, &hdev->cmd_work);
 872                 }
 873         } else {
 874                 if (!capable(CAP_NET_RAW)) {
 875                         err = -EPERM;
 876                         goto drop;
 877                 }
 878
 879                 skb_queue_tail(&hdev->raw_q, skb);
 880                 queue_work(hdev->workqueue, &hdev->tx_work);
 881         }
 882
 883         err = len;
 884
 885 done:
 886         release_sock(sk);
 887         return err;
 888
 889 drop:
 890         kfree_skb(skb);
 891         goto done;
 892 }
 893
 894 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
 895 {
 896         struct hci_ufilter uf = { .opcode = 0 };
 897         struct sock *sk = sock->sk;
 898         int err = 0, opt = 0;
 899
 900         BT_DBG("sk %p, opt %d", sk, optname);
 901
 902         lock_sock(sk);
 903
 904         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
 905                 err = -EINVAL;
 906                 goto done;
 907         }
 908
 909         switch (optname) {
 910         case HCI_DATA_DIR:
 911                 if (get_user(opt, (int __user *)optval)) {
 912                         err = -EFAULT;
 913                         break;
 914                 }
 915
 916                 if (opt)
 917                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
 918                 else
 919                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
 920                 break;
 921
 922         case HCI_TIME_STAMP:
 923                 if (get_user(opt, (int __user *)optval)) {
 924                         err = -EFAULT;
 925                         break;
 926                 }
 927
 928                 if (opt)
 929                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
 930                 else
 931                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
 932                 break;
 933
 934         case HCI_FILTER:
 935                 {
 936                         struct hci_filter *f = &hci_pi(sk)->filter;
 937
 938                         uf.type_mask = f->type_mask;
 939                         uf.opcode    = f->opcode;
 940                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
 941                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
 942                 }
 943
 944                 len = min_t(unsigned int, len, sizeof(uf));
 945                 if (copy_from_user(&uf, optval, len)) {
 946                         err = -EFAULT;
 947                         break;
 948                 }
 949
 950                 if (!capable(CAP_NET_RAW)) {
 951                         uf.type_mask &= hci_sec_filter.type_mask;
 952                         uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
 953                         uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
 954                 }
 955
 956                 {
 957                         struct hci_filter *f = &hci_pi(sk)->filter;
 958
 959                         f->type_mask = uf.type_mask;
 960                         f->opcode    = uf.opcode;
 961                         *((u32 *) f->event_mask + 0) = uf.event_mask[0];
 962                         *((u32 *) f->event_mask + 1) = uf.event_mask[1];
 963                 }
 964                 break;
 965
 966         default:
 967                 err = -ENOPROTOOPT;
 968                 break;
 969         }
 970
 971 done:
 972         release_sock(sk);
 973         return err;
 974 }
 975
 976 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
 977 {
 978         struct hci_ufilter uf;
 979         struct sock *sk = sock->sk;
 980         int len, opt, err = 0;
 981
 982         BT_DBG("sk %p, opt %d", sk, optname);
 983
 984         if (get_user(len, optlen))
 985                 return -EFAULT;
 986
 987         lock_sock(sk);
 988
 989         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
 990                 err = -EINVAL;
 991                 goto done;
 992         }
 993
 994         switch (optname) {
 995         case HCI_DATA_DIR:
 996                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
 997                         opt = 1;
 998                 else
 999                         opt = 0;
1000
1001                 if (put_user(opt, optval))
1002                         err = -EFAULT;
1003                 break;
1004
1005         case HCI_TIME_STAMP:
1006                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1007                         opt = 1;
1008                 else
1009                         opt = 0;
1010
1011                 if (put_user(opt, optval))
1012                         err = -EFAULT;
1013                 break;
1014
1015         case HCI_FILTER:
1016                 {
1017                         struct hci_filter *f = &hci_pi(sk)->filter;
1018
1019                         uf.type_mask = f->type_mask;
1020                         uf.opcode    = f->opcode;
1021                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1022                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1023                 }
1024
1025                 len = min_t(unsigned int, len, sizeof(uf));
1026                 if (copy_to_user(optval, &uf, len))
1027                         err = -EFAULT;
1028                 break;
1029
1030         default:
1031                 err = -ENOPROTOOPT;
1032                 break;
1033         }
1034
1035 done:
1036         release_sock(sk);
1037         return err;
1038 }
1039
1040 static const struct proto_ops hci_sock_ops = {
1041         .family         = PF_BLUETOOTH,
1042         .owner          = THIS_MODULE,
1043         .release        = hci_sock_release,
1044         .bind           = hci_sock_bind,
1045         .getname        = hci_sock_getname,
1046         .sendmsg        = hci_sock_sendmsg,
1047         .recvmsg        = hci_sock_recvmsg,
1048         .ioctl          = hci_sock_ioctl,
1049         .poll           = datagram_poll,
1050         .listen         = sock_no_listen,
1051         .shutdown       = sock_no_shutdown,
1052         .setsockopt     = hci_sock_setsockopt,
1053         .getsockopt     = hci_sock_getsockopt,
1054         .connect        = sock_no_connect,
1055         .socketpair     = sock_no_socketpair,
1056         .accept         = sock_no_accept,
1057         .mmap           = sock_no_mmap
1058 };
1059
1060 static struct proto hci_sk_proto = {
1061         .name           = "HCI",
1062         .owner          = THIS_MODULE,
1063         .obj_size       = sizeof(struct hci_pinfo)
1064 };
1065
1066 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1067                            int kern)
1068 {
1069         struct sock *sk;
1070
1071         BT_DBG("sock %p", sock);
1072
1073         if (sock->type != SOCK_RAW)
1074                 return -ESOCKTNOSUPPORT;
1075
1076         sock->ops = &hci_sock_ops;
1077
1078         sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1079         if (!sk)
1080                 return -ENOMEM;
1081
1082         sock_init_data(sock, sk);
1083
1084         sock_reset_flag(sk, SOCK_ZAPPED);
1085
1086         sk->sk_protocol = protocol;
1087
1088         sock->state = SS_UNCONNECTED;
1089         sk->sk_state = BT_OPEN;
1090
1091         bt_sock_link(&hci_sk_list, sk);
1092         return 0;
1093 }
1094
1095 static const struct net_proto_family hci_sock_family_ops = {
1096         .family = PF_BLUETOOTH,
1097         .owner  = THIS_MODULE,
1098         .create = hci_sock_create,
1099 };
1100
1101 int __init hci_sock_init(void)
1102 {
1103         int err;
1104
1105         err = proto_register(&hci_sk_proto, 0);
1106         if (err < 0)
1107                 return err;
1108
1109         err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1110         if (err < 0)
1111                 goto error;
1112
1113         BT_INFO("HCI socket layer initialized");
1114
1115         return 0;
1116
1117 error:
1118         BT_ERR("HCI socket registration failed");
1119         proto_unregister(&hci_sk_proto);
1120         return err;
1121 }
1122
1123 void hci_sock_cleanup(void)
1124 {
1125         if (bt_sock_unregister(BTPROTO_HCI) < 0)
1126                 BT_ERR("HCI socket unregistration failed");
1127
1128         proto_unregister(&hci_sk_proto);
1129 }