Pileus Git - ~andy/linux/blob - net/bluetooth/hci_sock.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License version 2 as
   9    published by the Free Software Foundation;
  10
  11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22    SOFTWARE IS DISCLAIMED.
  23 */
  24
  25 /* Bluetooth HCI sockets. */
  26
  27 #include <linux/module.h>
  28
  29 #include <linux/types.h>
  30 #include <linux/capability.h>
  31 #include <linux/errno.h>
  32 #include <linux/kernel.h>
  33 #include <linux/slab.h>
  34 #include <linux/poll.h>
  35 #include <linux/fcntl.h>
  36 #include <linux/init.h>
  37 #include <linux/skbuff.h>
  38 #include <linux/workqueue.h>
  39 #include <linux/interrupt.h>
  40 #include <linux/compat.h>
  41 #include <linux/socket.h>
  42 #include <linux/ioctl.h>
  43 #include <net/sock.h>
  44
  45 #include <linux/uaccess.h>
  46 #include <asm/unaligned.h>
  47
  48 #include <net/bluetooth/bluetooth.h>
  49 #include <net/bluetooth/hci_core.h>
  50 #include <net/bluetooth/hci_mon.h>
  51
  52 static atomic_t monitor_promisc = ATOMIC_INIT(0);
  53
  54 /* ----- HCI socket interface ----- */
  55
  56 static inline int hci_test_bit(int nr, void *addr)
  57 {
  58         return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
  59 }
  60
  61 /* Security filter */
  62 static struct hci_sec_filter hci_sec_filter = {
  63         /* Packet types */
  64         0x10,
  65         /* Events */
  66         { 0x1000d9fe, 0x0000b00c },
  67         /* Commands */
  68         {
  69                 { 0x0 },
  70                 /* OGF_LINK_CTL */
  71                 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
  72                 /* OGF_LINK_POLICY */
  73                 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
  74                 /* OGF_HOST_CTL */
  75                 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
  76                 /* OGF_INFO_PARAM */
  77                 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
  78                 /* OGF_STATUS_PARAM */
  79                 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
  80         }
  81 };
  82
  83 static struct bt_sock_list hci_sk_list = {
  84         .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
  85 };
  86
  87 /* Send frame to RAW socket */
  88 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
  89 {
  90         struct sock *sk;
  91         struct hlist_node *node;
  92         struct sk_buff *skb_copy = NULL;
  93
  94         BT_DBG("hdev %p len %d", hdev, skb->len);
  95
  96         read_lock(&hci_sk_list.lock);
  97
  98         sk_for_each(sk, node, &hci_sk_list.head) {
  99                 struct hci_filter *flt;
 100                 struct sk_buff *nskb;
 101
 102                 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
 103                         continue;
 104
 105                 /* Don't send frame to the socket it came from */
 106                 if (skb->sk == sk)
 107                         continue;
 108
 109                 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
 110                         continue;
 111
 112                 /* Apply filter */
 113                 flt = &hci_pi(sk)->filter;
 114
 115                 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
 116                               0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS),
 117                               &flt->type_mask))
 118                         continue;
 119
 120                 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
 121                         int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
 122
 123                         if (!hci_test_bit(evt, &flt->event_mask))
 124                                 continue;
 125
 126                         if (flt->opcode &&
 127                             ((evt == HCI_EV_CMD_COMPLETE &&
 128                               flt->opcode !=
 129                               get_unaligned((__le16 *)(skb->data + 3))) ||
 130                              (evt == HCI_EV_CMD_STATUS &&
 131                               flt->opcode !=
 132                               get_unaligned((__le16 *)(skb->data + 4)))))
 133                                 continue;
 134                 }
 135
 136                 if (!skb_copy) {
 137                         /* Create a private copy with headroom */
 138                         skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
 139                         if (!skb_copy)
 140                                 continue;
 141
 142                         /* Put type byte before the data */
 143                         memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
 144                 }
 145
 146                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
 147                 if (!nskb)
 148                         continue;
 149
 150                 if (sock_queue_rcv_skb(sk, nskb))
 151                         kfree_skb(nskb);
 152         }
 153
 154         read_unlock(&hci_sk_list.lock);
 155
 156         kfree_skb(skb_copy);
 157 }
 158
 159 /* Send frame to control socket */
 160 void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
 161 {
 162         struct sock *sk;
 163         struct hlist_node *node;
 164
 165         BT_DBG("len %d", skb->len);
 166
 167         read_lock(&hci_sk_list.lock);
 168
 169         sk_for_each(sk, node, &hci_sk_list.head) {
 170                 struct sk_buff *nskb;
 171
 172                 /* Skip the original socket */
 173                 if (sk == skip_sk)
 174                         continue;
 175
 176                 if (sk->sk_state != BT_BOUND)
 177                         continue;
 178
 179                 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
 180                         continue;
 181
 182                 nskb = skb_clone(skb, GFP_ATOMIC);
 183                 if (!nskb)
 184                         continue;
 185
 186                 if (sock_queue_rcv_skb(sk, nskb))
 187                         kfree_skb(nskb);
 188         }
 189
 190         read_unlock(&hci_sk_list.lock);
 191 }
 192
 193 /* Send frame to monitor socket */
 194 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
 195 {
 196         struct sock *sk;
 197         struct hlist_node *node;
 198         struct sk_buff *skb_copy = NULL;
 199         __le16 opcode;
 200
 201         if (!atomic_read(&monitor_promisc))
 202                 return;
 203
 204         BT_DBG("hdev %p len %d", hdev, skb->len);
 205
 206         switch (bt_cb(skb)->pkt_type) {
 207         case HCI_COMMAND_PKT:
 208                 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
 209                 break;
 210         case HCI_EVENT_PKT:
 211                 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
 212                 break;
 213         case HCI_ACLDATA_PKT:
 214                 if (bt_cb(skb)->incoming)
 215                         opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
 216                 else
 217                         opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
 218                 break;
 219         case HCI_SCODATA_PKT:
 220                 if (bt_cb(skb)->incoming)
 221                         opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
 222                 else
 223                         opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
 224                 break;
 225         default:
 226                 return;
 227         }
 228
 229         read_lock(&hci_sk_list.lock);
 230
 231         sk_for_each(sk, node, &hci_sk_list.head) {
 232                 struct sk_buff *nskb;
 233
 234                 if (sk->sk_state != BT_BOUND)
 235                         continue;
 236
 237                 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
 238                         continue;
 239
 240                 if (!skb_copy) {
 241                         struct hci_mon_hdr *hdr;
 242
 243                         /* Create a private copy with headroom */
 244                         skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
 245                                                GFP_ATOMIC);
 246                         if (!skb_copy)
 247                                 continue;
 248
 249                         /* Put header before the data */
 250                         hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
 251                         hdr->opcode = opcode;
 252                         hdr->index = cpu_to_le16(hdev->id);
 253                         hdr->len = cpu_to_le16(skb->len);
 254                 }
 255
 256                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
 257                 if (!nskb)
 258                         continue;
 259
 260                 if (sock_queue_rcv_skb(sk, nskb))
 261                         kfree_skb(nskb);
 262         }
 263
 264         read_unlock(&hci_sk_list.lock);
 265
 266         kfree_skb(skb_copy);
 267 }
 268
 269 static void send_monitor_event(struct sk_buff *skb)
 270 {
 271         struct sock *sk;
 272         struct hlist_node *node;
 273
 274         BT_DBG("len %d", skb->len);
 275
 276         read_lock(&hci_sk_list.lock);
 277
 278         sk_for_each(sk, node, &hci_sk_list.head) {
 279                 struct sk_buff *nskb;
 280
 281                 if (sk->sk_state != BT_BOUND)
 282                         continue;
 283
 284                 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
 285                         continue;
 286
 287                 nskb = skb_clone(skb, GFP_ATOMIC);
 288                 if (!nskb)
 289                         continue;
 290
 291                 if (sock_queue_rcv_skb(sk, nskb))
 292                         kfree_skb(nskb);
 293         }
 294
 295         read_unlock(&hci_sk_list.lock);
 296 }
 297
 298 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
 299 {
 300         struct hci_mon_hdr *hdr;
 301         struct hci_mon_new_index *ni;
 302         struct sk_buff *skb;
 303         __le16 opcode;
 304
 305         switch (event) {
 306         case HCI_DEV_REG:
 307                 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
 308                 if (!skb)
 309                         return NULL;
 310
 311                 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
 312                 ni->type = hdev->dev_type;
 313                 ni->bus = hdev->bus;
 314                 bacpy(&ni->bdaddr, &hdev->bdaddr);
 315                 memcpy(ni->name, hdev->name, 8);
 316
 317                 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
 318                 break;
 319
 320         case HCI_DEV_UNREG:
 321                 skb = bt_skb_alloc(0, GFP_ATOMIC);
 322                 if (!skb)
 323                         return NULL;
 324
 325                 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
 326                 break;
 327
 328         default:
 329                 return NULL;
 330         }
 331
 332         __net_timestamp(skb);
 333
 334         hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
 335         hdr->opcode = opcode;
 336         hdr->index = cpu_to_le16(hdev->id);
 337         hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
 338
 339         return skb;
 340 }
 341
 342 static void send_monitor_replay(struct sock *sk)
 343 {
 344         struct hci_dev *hdev;
 345
 346         read_lock(&hci_dev_list_lock);
 347
 348         list_for_each_entry(hdev, &hci_dev_list, list) {
 349                 struct sk_buff *skb;
 350
 351                 skb = create_monitor_event(hdev, HCI_DEV_REG);
 352                 if (!skb)
 353                         continue;
 354
 355                 if (sock_queue_rcv_skb(sk, skb))
 356                         kfree_skb(skb);
 357         }
 358
 359         read_unlock(&hci_dev_list_lock);
 360 }
 361
 362 /* Generate internal stack event */
 363 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
 364 {
 365         struct hci_event_hdr *hdr;
 366         struct hci_ev_stack_internal *ev;
 367         struct sk_buff *skb;
 368
 369         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
 370         if (!skb)
 371                 return;
 372
 373         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
 374         hdr->evt  = HCI_EV_STACK_INTERNAL;
 375         hdr->plen = sizeof(*ev) + dlen;
 376
 377         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
 378         ev->type = type;
 379         memcpy(ev->data, data, dlen);
 380
 381         bt_cb(skb)->incoming = 1;
 382         __net_timestamp(skb);
 383
 384         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
 385         skb->dev = (void *) hdev;
 386         hci_send_to_sock(hdev, skb);
 387         kfree_skb(skb);
 388 }
 389
 390 void hci_sock_dev_event(struct hci_dev *hdev, int event)
 391 {
 392         struct hci_ev_si_device ev;
 393
 394         BT_DBG("hdev %s event %d", hdev->name, event);
 395
 396         /* Send event to monitor */
 397         if (atomic_read(&monitor_promisc)) {
 398                 struct sk_buff *skb;
 399
 400                 skb = create_monitor_event(hdev, event);
 401                 if (skb) {
 402                         send_monitor_event(skb);
 403                         kfree_skb(skb);
 404                 }
 405         }
 406
 407         /* Send event to sockets */
 408         ev.event  = event;
 409         ev.dev_id = hdev->id;
 410         hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
 411
 412         if (event == HCI_DEV_UNREG) {
 413                 struct sock *sk;
 414                 struct hlist_node *node;
 415
 416                 /* Detach sockets from device */
 417                 read_lock(&hci_sk_list.lock);
 418                 sk_for_each(sk, node, &hci_sk_list.head) {
 419                         bh_lock_sock_nested(sk);
 420                         if (hci_pi(sk)->hdev == hdev) {
 421                                 hci_pi(sk)->hdev = NULL;
 422                                 sk->sk_err = EPIPE;
 423                                 sk->sk_state = BT_OPEN;
 424                                 sk->sk_state_change(sk);
 425
 426                                 hci_dev_put(hdev);
 427                         }
 428                         bh_unlock_sock(sk);
 429                 }
 430                 read_unlock(&hci_sk_list.lock);
 431         }
 432 }
 433
 434 static int hci_sock_release(struct socket *sock)
 435 {
 436         struct sock *sk = sock->sk;
 437         struct hci_dev *hdev;
 438
 439         BT_DBG("sock %p sk %p", sock, sk);
 440
 441         if (!sk)
 442                 return 0;
 443
 444         hdev = hci_pi(sk)->hdev;
 445
 446         if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
 447                 atomic_dec(&monitor_promisc);
 448
 449         bt_sock_unlink(&hci_sk_list, sk);
 450
 451         if (hdev) {
 452                 atomic_dec(&hdev->promisc);
 453                 hci_dev_put(hdev);
 454         }
 455
 456         sock_orphan(sk);
 457
 458         skb_queue_purge(&sk->sk_receive_queue);
 459         skb_queue_purge(&sk->sk_write_queue);
 460
 461         sock_put(sk);
 462         return 0;
 463 }
 464
 465 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
 466 {
 467         bdaddr_t bdaddr;
 468         int err;
 469
 470         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
 471                 return -EFAULT;
 472
 473         hci_dev_lock(hdev);
 474
 475         err = hci_blacklist_add(hdev, &bdaddr, 0);
 476
 477         hci_dev_unlock(hdev);
 478
 479         return err;
 480 }
 481
 482 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
 483 {
 484         bdaddr_t bdaddr;
 485         int err;
 486
 487         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
 488                 return -EFAULT;
 489
 490         hci_dev_lock(hdev);
 491
 492         err = hci_blacklist_del(hdev, &bdaddr, 0);
 493
 494         hci_dev_unlock(hdev);
 495
 496         return err;
 497 }
 498
 499 /* Ioctls that require bound socket */
 500 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
 501                                 unsigned long arg)
 502 {
 503         struct hci_dev *hdev = hci_pi(sk)->hdev;
 504
 505         if (!hdev)
 506                 return -EBADFD;
 507
 508         switch (cmd) {
 509         case HCISETRAW:
 510                 if (!capable(CAP_NET_ADMIN))
 511                         return -EACCES;
 512
 513                 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
 514                         return -EPERM;
 515
 516                 if (arg)
 517                         set_bit(HCI_RAW, &hdev->flags);
 518                 else
 519                         clear_bit(HCI_RAW, &hdev->flags);
 520
 521                 return 0;
 522
 523         case HCIGETCONNINFO:
 524                 return hci_get_conn_info(hdev, (void __user *) arg);
 525
 526         case HCIGETAUTHINFO:
 527                 return hci_get_auth_info(hdev, (void __user *) arg);
 528
 529         case HCIBLOCKADDR:
 530                 if (!capable(CAP_NET_ADMIN))
 531                         return -EACCES;
 532                 return hci_sock_blacklist_add(hdev, (void __user *) arg);
 533
 534         case HCIUNBLOCKADDR:
 535                 if (!capable(CAP_NET_ADMIN))
 536                         return -EACCES;
 537                 return hci_sock_blacklist_del(hdev, (void __user *) arg);
 538
 539         default:
 540                 if (hdev->ioctl)
 541                         return hdev->ioctl(hdev, cmd, arg);
 542                 return -EINVAL;
 543         }
 544 }
 545
 546 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
 547                           unsigned long arg)
 548 {
 549         struct sock *sk = sock->sk;
 550         void __user *argp = (void __user *) arg;
 551         int err;
 552
 553         BT_DBG("cmd %x arg %lx", cmd, arg);
 554
 555         switch (cmd) {
 556         case HCIGETDEVLIST:
 557                 return hci_get_dev_list(argp);
 558
 559         case HCIGETDEVINFO:
 560                 return hci_get_dev_info(argp);
 561
 562         case HCIGETCONNLIST:
 563                 return hci_get_conn_list(argp);
 564
 565         case HCIDEVUP:
 566                 if (!capable(CAP_NET_ADMIN))
 567                         return -EACCES;
 568                 return hci_dev_open(arg);
 569
 570         case HCIDEVDOWN:
 571                 if (!capable(CAP_NET_ADMIN))
 572                         return -EACCES;
 573                 return hci_dev_close(arg);
 574
 575         case HCIDEVRESET:
 576                 if (!capable(CAP_NET_ADMIN))
 577                         return -EACCES;
 578                 return hci_dev_reset(arg);
 579
 580         case HCIDEVRESTAT:
 581                 if (!capable(CAP_NET_ADMIN))
 582                         return -EACCES;
 583                 return hci_dev_reset_stat(arg);
 584
 585         case HCISETSCAN:
 586         case HCISETAUTH:
 587         case HCISETENCRYPT:
 588         case HCISETPTYPE:
 589         case HCISETLINKPOL:
 590         case HCISETLINKMODE:
 591         case HCISETACLMTU:
 592         case HCISETSCOMTU:
 593                 if (!capable(CAP_NET_ADMIN))
 594                         return -EACCES;
 595                 return hci_dev_cmd(cmd, argp);
 596
 597         case HCIINQUIRY:
 598                 return hci_inquiry(argp);
 599
 600         default:
 601                 lock_sock(sk);
 602                 err = hci_sock_bound_ioctl(sk, cmd, arg);
 603                 release_sock(sk);
 604                 return err;
 605         }
 606 }
 607
 608 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
 609                          int addr_len)
 610 {
 611         struct sockaddr_hci haddr;
 612         struct sock *sk = sock->sk;
 613         struct hci_dev *hdev = NULL;
 614         int len, err = 0;
 615
 616         BT_DBG("sock %p sk %p", sock, sk);
 617
 618         if (!addr)
 619                 return -EINVAL;
 620
 621         memset(&haddr, 0, sizeof(haddr));
 622         len = min_t(unsigned int, sizeof(haddr), addr_len);
 623         memcpy(&haddr, addr, len);
 624
 625         if (haddr.hci_family != AF_BLUETOOTH)
 626                 return -EINVAL;
 627
 628         lock_sock(sk);
 629
 630         if (sk->sk_state == BT_BOUND) {
 631                 err = -EALREADY;
 632                 goto done;
 633         }
 634
 635         switch (haddr.hci_channel) {
 636         case HCI_CHANNEL_RAW:
 637                 if (hci_pi(sk)->hdev) {
 638                         err = -EALREADY;
 639                         goto done;
 640                 }
 641
 642                 if (haddr.hci_dev != HCI_DEV_NONE) {
 643                         hdev = hci_dev_get(haddr.hci_dev);
 644                         if (!hdev) {
 645                                 err = -ENODEV;
 646                                 goto done;
 647                         }
 648
 649                         atomic_inc(&hdev->promisc);
 650                 }
 651
 652                 hci_pi(sk)->hdev = hdev;
 653                 break;
 654
 655         case HCI_CHANNEL_CONTROL:
 656                 if (haddr.hci_dev != HCI_DEV_NONE) {
 657                         err = -EINVAL;
 658                         goto done;
 659                 }
 660
 661                 if (!capable(CAP_NET_ADMIN)) {
 662                         err = -EPERM;
 663                         goto done;
 664                 }
 665
 666                 break;
 667
 668         case HCI_CHANNEL_MONITOR:
 669                 if (haddr.hci_dev != HCI_DEV_NONE) {
 670                         err = -EINVAL;
 671                         goto done;
 672                 }
 673
 674                 if (!capable(CAP_NET_RAW)) {
 675                         err = -EPERM;
 676                         goto done;
 677                 }
 678
 679                 send_monitor_replay(sk);
 680
 681                 atomic_inc(&monitor_promisc);
 682                 break;
 683
 684         default:
 685                 err = -EINVAL;
 686                 goto done;
 687         }
 688
 689
 690         hci_pi(sk)->channel = haddr.hci_channel;
 691         sk->sk_state = BT_BOUND;
 692
 693 done:
 694         release_sock(sk);
 695         return err;
 696 }
 697
 698 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
 699                             int *addr_len, int peer)
 700 {
 701         struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
 702         struct sock *sk = sock->sk;
 703         struct hci_dev *hdev = hci_pi(sk)->hdev;
 704
 705         BT_DBG("sock %p sk %p", sock, sk);
 706
 707         if (!hdev)
 708                 return -EBADFD;
 709
 710         lock_sock(sk);
 711
 712         *addr_len = sizeof(*haddr);
 713         haddr->hci_family = AF_BLUETOOTH;
 714         haddr->hci_dev    = hdev->id;
 715
 716         release_sock(sk);
 717         return 0;
 718 }
 719
 720 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
 721                           struct sk_buff *skb)
 722 {
 723         __u32 mask = hci_pi(sk)->cmsg_mask;
 724
 725         if (mask & HCI_CMSG_DIR) {
 726                 int incoming = bt_cb(skb)->incoming;
 727                 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
 728                          &incoming);
 729         }
 730
 731         if (mask & HCI_CMSG_TSTAMP) {
 732 #ifdef CONFIG_COMPAT
 733                 struct compat_timeval ctv;
 734 #endif
 735                 struct timeval tv;
 736                 void *data;
 737                 int len;
 738
 739                 skb_get_timestamp(skb, &tv);
 740
 741                 data = &tv;
 742                 len = sizeof(tv);
 743 #ifdef CONFIG_COMPAT
 744                 if (!COMPAT_USE_64BIT_TIME &&
 745                     (msg->msg_flags & MSG_CMSG_COMPAT)) {
 746                         ctv.tv_sec = tv.tv_sec;
 747                         ctv.tv_usec = tv.tv_usec;
 748                         data = &ctv;
 749                         len = sizeof(ctv);
 750                 }
 751 #endif
 752
 753                 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
 754         }
 755 }
 756
 757 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 758                             struct msghdr *msg, size_t len, int flags)
 759 {
 760         int noblock = flags & MSG_DONTWAIT;
 761         struct sock *sk = sock->sk;
 762         struct sk_buff *skb;
 763         int copied, err;
 764
 765         BT_DBG("sock %p, sk %p", sock, sk);
 766
 767         if (flags & (MSG_OOB))
 768                 return -EOPNOTSUPP;
 769
 770         if (sk->sk_state == BT_CLOSED)
 771                 return 0;
 772
 773         skb = skb_recv_datagram(sk, flags, noblock, &err);
 774         if (!skb)
 775                 return err;
 776
 777         msg->msg_namelen = 0;
 778
 779         copied = skb->len;
 780         if (len < copied) {
 781                 msg->msg_flags |= MSG_TRUNC;
 782                 copied = len;
 783         }
 784
 785         skb_reset_transport_header(skb);
 786         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
 787
 788         switch (hci_pi(sk)->channel) {
 789         case HCI_CHANNEL_RAW:
 790                 hci_sock_cmsg(sk, msg, skb);
 791                 break;
 792         case HCI_CHANNEL_CONTROL:
 793         case HCI_CHANNEL_MONITOR:
 794                 sock_recv_timestamp(msg, sk, skb);
 795                 break;
 796         }
 797
 798         skb_free_datagram(sk, skb);
 799
 800         return err ? : copied;
 801 }
 802
 803 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
 804                             struct msghdr *msg, size_t len)
 805 {
 806         struct sock *sk = sock->sk;
 807         struct hci_dev *hdev;
 808         struct sk_buff *skb;
 809         int err;
 810
 811         BT_DBG("sock %p sk %p", sock, sk);
 812
 813         if (msg->msg_flags & MSG_OOB)
 814                 return -EOPNOTSUPP;
 815
 816         if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
 817                 return -EINVAL;
 818
 819         if (len < 4 || len > HCI_MAX_FRAME_SIZE)
 820                 return -EINVAL;
 821
 822         lock_sock(sk);
 823
 824         switch (hci_pi(sk)->channel) {
 825         case HCI_CHANNEL_RAW:
 826                 break;
 827         case HCI_CHANNEL_CONTROL:
 828                 err = mgmt_control(sk, msg, len);
 829                 goto done;
 830         case HCI_CHANNEL_MONITOR:
 831                 err = -EOPNOTSUPP;
 832                 goto done;
 833         default:
 834                 err = -EINVAL;
 835                 goto done;
 836         }
 837
 838         hdev = hci_pi(sk)->hdev;
 839         if (!hdev) {
 840                 err = -EBADFD;
 841                 goto done;
 842         }
 843
 844         if (!test_bit(HCI_UP, &hdev->flags)) {
 845                 err = -ENETDOWN;
 846                 goto done;
 847         }
 848
 849         skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
 850         if (!skb)
 851                 goto done;
 852
 853         if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
 854                 err = -EFAULT;
 855                 goto drop;
 856         }
 857
 858         bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
 859         skb_pull(skb, 1);
 860         skb->dev = (void *) hdev;
 861
 862         if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
 863                 u16 opcode = get_unaligned_le16(skb->data);
 864                 u16 ogf = hci_opcode_ogf(opcode);
 865                 u16 ocf = hci_opcode_ocf(opcode);
 866
 867                 if (((ogf > HCI_SFLT_MAX_OGF) ||
 868                      !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
 869                                    &hci_sec_filter.ocf_mask[ogf])) &&
 870                     !capable(CAP_NET_RAW)) {
 871                         err = -EPERM;
 872                         goto drop;
 873                 }
 874
 875                 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
 876                         skb_queue_tail(&hdev->raw_q, skb);
 877                         queue_work(hdev->workqueue, &hdev->tx_work);
 878                 } else {
 879                         skb_queue_tail(&hdev->cmd_q, skb);
 880                         queue_work(hdev->workqueue, &hdev->cmd_work);
 881                 }
 882         } else {
 883                 if (!capable(CAP_NET_RAW)) {
 884                         err = -EPERM;
 885                         goto drop;
 886                 }
 887
 888                 skb_queue_tail(&hdev->raw_q, skb);
 889                 queue_work(hdev->workqueue, &hdev->tx_work);
 890         }
 891
 892         err = len;
 893
 894 done:
 895         release_sock(sk);
 896         return err;
 897
 898 drop:
 899         kfree_skb(skb);
 900         goto done;
 901 }
 902
 903 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
 904                                char __user *optval, unsigned int len)
 905 {
 906         struct hci_ufilter uf = { .opcode = 0 };
 907         struct sock *sk = sock->sk;
 908         int err = 0, opt = 0;
 909
 910         BT_DBG("sk %p, opt %d", sk, optname);
 911
 912         lock_sock(sk);
 913
 914         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
 915                 err = -EINVAL;
 916                 goto done;
 917         }
 918
 919         switch (optname) {
 920         case HCI_DATA_DIR:
 921                 if (get_user(opt, (int __user *)optval)) {
 922                         err = -EFAULT;
 923                         break;
 924                 }
 925
 926                 if (opt)
 927                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
 928                 else
 929                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
 930                 break;
 931
 932         case HCI_TIME_STAMP:
 933                 if (get_user(opt, (int __user *)optval)) {
 934                         err = -EFAULT;
 935                         break;
 936                 }
 937
 938                 if (opt)
 939                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
 940                 else
 941                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
 942                 break;
 943
 944         case HCI_FILTER:
 945                 {
 946                         struct hci_filter *f = &hci_pi(sk)->filter;
 947
 948                         uf.type_mask = f->type_mask;
 949                         uf.opcode    = f->opcode;
 950                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
 951                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
 952                 }
 953
 954                 len = min_t(unsigned int, len, sizeof(uf));
 955                 if (copy_from_user(&uf, optval, len)) {
 956                         err = -EFAULT;
 957                         break;
 958                 }
 959
 960                 if (!capable(CAP_NET_RAW)) {
 961                         uf.type_mask &= hci_sec_filter.type_mask;
 962                         uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
 963                         uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
 964                 }
 965
 966                 {
 967                         struct hci_filter *f = &hci_pi(sk)->filter;
 968
 969                         f->type_mask = uf.type_mask;
 970                         f->opcode    = uf.opcode;
 971                         *((u32 *) f->event_mask + 0) = uf.event_mask[0];
 972                         *((u32 *) f->event_mask + 1) = uf.event_mask[1];
 973                 }
 974                 break;
 975
 976         default:
 977                 err = -ENOPROTOOPT;
 978                 break;
 979         }
 980
 981 done:
 982         release_sock(sk);
 983         return err;
 984 }
 985
 986 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
 987                                char __user *optval, int __user *optlen)
 988 {
 989         struct hci_ufilter uf;
 990         struct sock *sk = sock->sk;
 991         int len, opt, err = 0;
 992
 993         BT_DBG("sk %p, opt %d", sk, optname);
 994
 995         if (get_user(len, optlen))
 996                 return -EFAULT;
 997
 998         lock_sock(sk);
 999
1000         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1001                 err = -EINVAL;
1002                 goto done;
1003         }
1004
1005         switch (optname) {
1006         case HCI_DATA_DIR:
1007                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1008                         opt = 1;
1009                 else
1010                         opt = 0;
1011
1012                 if (put_user(opt, optval))
1013                         err = -EFAULT;
1014                 break;
1015
1016         case HCI_TIME_STAMP:
1017                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1018                         opt = 1;
1019                 else
1020                         opt = 0;
1021
1022                 if (put_user(opt, optval))
1023                         err = -EFAULT;
1024                 break;
1025
1026         case HCI_FILTER:
1027                 {
1028                         struct hci_filter *f = &hci_pi(sk)->filter;
1029
1030                         uf.type_mask = f->type_mask;
1031                         uf.opcode    = f->opcode;
1032                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1033                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1034                 }
1035
1036                 len = min_t(unsigned int, len, sizeof(uf));
1037                 if (copy_to_user(optval, &uf, len))
1038                         err = -EFAULT;
1039                 break;
1040
1041         default:
1042                 err = -ENOPROTOOPT;
1043                 break;
1044         }
1045
1046 done:
1047         release_sock(sk);
1048         return err;
1049 }
1050
1051 static const struct proto_ops hci_sock_ops = {
1052         .family         = PF_BLUETOOTH,
1053         .owner          = THIS_MODULE,
1054         .release        = hci_sock_release,
1055         .bind           = hci_sock_bind,
1056         .getname        = hci_sock_getname,
1057         .sendmsg        = hci_sock_sendmsg,
1058         .recvmsg        = hci_sock_recvmsg,
1059         .ioctl          = hci_sock_ioctl,
1060         .poll           = datagram_poll,
1061         .listen         = sock_no_listen,
1062         .shutdown       = sock_no_shutdown,
1063         .setsockopt     = hci_sock_setsockopt,
1064         .getsockopt     = hci_sock_getsockopt,
1065         .connect        = sock_no_connect,
1066         .socketpair     = sock_no_socketpair,
1067         .accept         = sock_no_accept,
1068         .mmap           = sock_no_mmap
1069 };
1070
1071 static struct proto hci_sk_proto = {
1072         .name           = "HCI",
1073         .owner          = THIS_MODULE,
1074         .obj_size       = sizeof(struct hci_pinfo)
1075 };
1076
1077 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1078                            int kern)
1079 {
1080         struct sock *sk;
1081
1082         BT_DBG("sock %p", sock);
1083
1084         if (sock->type != SOCK_RAW)
1085                 return -ESOCKTNOSUPPORT;
1086
1087         sock->ops = &hci_sock_ops;
1088
1089         sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1090         if (!sk)
1091                 return -ENOMEM;
1092
1093         sock_init_data(sock, sk);
1094
1095         sock_reset_flag(sk, SOCK_ZAPPED);
1096
1097         sk->sk_protocol = protocol;
1098
1099         sock->state = SS_UNCONNECTED;
1100         sk->sk_state = BT_OPEN;
1101
1102         bt_sock_link(&hci_sk_list, sk);
1103         return 0;
1104 }
1105
1106 static const struct net_proto_family hci_sock_family_ops = {
1107         .family = PF_BLUETOOTH,
1108         .owner  = THIS_MODULE,
1109         .create = hci_sock_create,
1110 };
1111
1112 int __init hci_sock_init(void)
1113 {
1114         int err;
1115
1116         err = proto_register(&hci_sk_proto, 0);
1117         if (err < 0)
1118                 return err;
1119
1120         err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1121         if (err < 0)
1122                 goto error;
1123
1124         BT_INFO("HCI socket layer initialized");
1125
1126         return 0;
1127
1128 error:
1129         BT_ERR("HCI socket registration failed");
1130         proto_unregister(&hci_sk_proto);
1131         return err;
1132 }
1133
1134 void hci_sock_cleanup(void)
1135 {
1136         if (bt_sock_unregister(BTPROTO_HCI) < 0)
1137                 BT_ERR("HCI socket unregistration failed");
1138
1139         proto_unregister(&hci_sk_proto);
1140 }