search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Btrfs: fix list transaction->pending_ordered corruption
[linux/fpc-iii.git] / net / bluetooth / hci_sock.c
blob115f149362ba84d4b24b0cb217b49de3a5cf03bb
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI sockets. */
26
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_mon.h>
33
34 static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
36 /* ----- HCI socket interface ----- */
37
38 /* Socket info */
39 #define hci_pi(sk) ((struct hci_pinfo *) sk)
40
41 struct hci_pinfo {
42 struct bt_sock bt;
43 struct hci_dev *hdev;
44 struct hci_filter filter;
45 __u32 cmsg_mask;
46 unsigned short channel;
47 };
48
49 static inline int hci_test_bit(int nr, void *addr)
50 {
51 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
52 }
53
54 /* Security filter */
55 #define HCI_SFLT_MAX_OGF 5
56
57 struct hci_sec_filter {
58 __u32 type_mask;
59 __u32 event_mask[2];
60 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
61 };
62
63 static const struct hci_sec_filter hci_sec_filter = {
64 /* Packet types */
65 0x10,
66 /* Events */
67 { 0x1000d9fe, 0x0000b00c },
68 /* Commands */
69 {
70 { 0x0 },
71 /* OGF_LINK_CTL */
72 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
73 /* OGF_LINK_POLICY */
74 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
75 /* OGF_HOST_CTL */
76 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
77 /* OGF_INFO_PARAM */
78 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
79 /* OGF_STATUS_PARAM */
80 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
81 }
82 };
83
84 static struct bt_sock_list hci_sk_list = {
85 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
86 };
87
88 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
89 {
90 struct hci_filter *flt;
91 int flt_type, flt_event;
92
93 /* Apply filter */
94 flt = &hci_pi(sk)->filter;
95
96 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
97 flt_type = 0;
98 else
99 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
100
101 if (!test_bit(flt_type, &flt->type_mask))
102 return true;
103
104 /* Extra filter for event packets only */
105 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
106 return false;
107
108 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
109
110 if (!hci_test_bit(flt_event, &flt->event_mask))
111 return true;
112
113 /* Check filter only when opcode is set */
114 if (!flt->opcode)
115 return false;
116
117 if (flt_event == HCI_EV_CMD_COMPLETE &&
118 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
119 return true;
120
121 if (flt_event == HCI_EV_CMD_STATUS &&
122 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
123 return true;
124
125 return false;
126 }
127
128 /* Send frame to RAW socket */
129 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
130 {
131 struct sock *sk;
132 struct sk_buff *skb_copy = NULL;
133
134 BT_DBG("hdev %p len %d", hdev, skb->len);
135
136 read_lock(&hci_sk_list.lock);
137
138 sk_for_each(sk, &hci_sk_list.head) {
139 struct sk_buff *nskb;
140
141 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
142 continue;
143
144 /* Don't send frame to the socket it came from */
145 if (skb->sk == sk)
146 continue;
147
148 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
149 if (is_filtered_packet(sk, skb))
150 continue;
151 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
152 if (!bt_cb(skb)->incoming)
153 continue;
154 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
155 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
156 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
157 continue;
158 } else {
159 /* Don't send frame to other channel types */
160 continue;
161 }
162
163 if (!skb_copy) {
164 /* Create a private copy with headroom */
165 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
166 if (!skb_copy)
167 continue;
168
169 /* Put type byte before the data */
170 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
171 }
172
173 nskb = skb_clone(skb_copy, GFP_ATOMIC);
174 if (!nskb)
175 continue;
176
177 if (sock_queue_rcv_skb(sk, nskb))
178 kfree_skb(nskb);
179 }
180
181 read_unlock(&hci_sk_list.lock);
182
183 kfree_skb(skb_copy);
184 }
185
186 /* Send frame to control socket */
187 void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
188 {
189 struct sock *sk;
190
191 BT_DBG("len %d", skb->len);
192
193 read_lock(&hci_sk_list.lock);
194
195 sk_for_each(sk, &hci_sk_list.head) {
196 struct sk_buff *nskb;
197
198 /* Skip the original socket */
199 if (sk == skip_sk)
200 continue;
201
202 if (sk->sk_state != BT_BOUND)
203 continue;
204
205 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
206 continue;
207
208 nskb = skb_clone(skb, GFP_ATOMIC);
209 if (!nskb)
210 continue;
211
212 if (sock_queue_rcv_skb(sk, nskb))
213 kfree_skb(nskb);
214 }
215
216 read_unlock(&hci_sk_list.lock);
217 }
218
219 /* Send frame to monitor socket */
220 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
221 {
222 struct sock *sk;
223 struct sk_buff *skb_copy = NULL;
224 __le16 opcode;
225
226 if (!atomic_read(&monitor_promisc))
227 return;
228
229 BT_DBG("hdev %p len %d", hdev, skb->len);
230
231 switch (bt_cb(skb)->pkt_type) {
232 case HCI_COMMAND_PKT:
233 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
234 break;
235 case HCI_EVENT_PKT:
236 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
237 break;
238 case HCI_ACLDATA_PKT:
239 if (bt_cb(skb)->incoming)
240 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
241 else
242 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
243 break;
244 case HCI_SCODATA_PKT:
245 if (bt_cb(skb)->incoming)
246 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
247 else
248 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
249 break;
250 default:
251 return;
252 }
253
254 read_lock(&hci_sk_list.lock);
255
256 sk_for_each(sk, &hci_sk_list.head) {
257 struct sk_buff *nskb;
258
259 if (sk->sk_state != BT_BOUND)
260 continue;
261
262 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
263 continue;
264
265 if (!skb_copy) {
266 struct hci_mon_hdr *hdr;
267
268 /* Create a private copy with headroom */
269 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE,
270 GFP_ATOMIC, true);
271 if (!skb_copy)
272 continue;
273
274 /* Put header before the data */
275 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
276 hdr->opcode = opcode;
277 hdr->index = cpu_to_le16(hdev->id);
278 hdr->len = cpu_to_le16(skb->len);
279 }
280
281 nskb = skb_clone(skb_copy, GFP_ATOMIC);
282 if (!nskb)
283 continue;
284
285 if (sock_queue_rcv_skb(sk, nskb))
286 kfree_skb(nskb);
287 }
288
289 read_unlock(&hci_sk_list.lock);
290
291 kfree_skb(skb_copy);
292 }
293
294 static void send_monitor_event(struct sk_buff *skb)
295 {
296 struct sock *sk;
297
298 BT_DBG("len %d", skb->len);
299
300 read_lock(&hci_sk_list.lock);
301
302 sk_for_each(sk, &hci_sk_list.head) {
303 struct sk_buff *nskb;
304
305 if (sk->sk_state != BT_BOUND)
306 continue;
307
308 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
309 continue;
310
311 nskb = skb_clone(skb, GFP_ATOMIC);
312 if (!nskb)
313 continue;
314
315 if (sock_queue_rcv_skb(sk, nskb))
316 kfree_skb(nskb);
317 }
318
319 read_unlock(&hci_sk_list.lock);
320 }
321
322 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
323 {
324 struct hci_mon_hdr *hdr;
325 struct hci_mon_new_index *ni;
326 struct sk_buff *skb;
327 __le16 opcode;
328
329 switch (event) {
330 case HCI_DEV_REG:
331 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
332 if (!skb)
333 return NULL;
334
335 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
336 ni->type = hdev->dev_type;
337 ni->bus = hdev->bus;
338 bacpy(&ni->bdaddr, &hdev->bdaddr);
339 memcpy(ni->name, hdev->name, 8);
340
341 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
342 break;
343
344 case HCI_DEV_UNREG:
345 skb = bt_skb_alloc(0, GFP_ATOMIC);
346 if (!skb)
347 return NULL;
348
349 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
350 break;
351
352 default:
353 return NULL;
354 }
355
356 __net_timestamp(skb);
357
358 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
359 hdr->opcode = opcode;
360 hdr->index = cpu_to_le16(hdev->id);
361 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
362
363 return skb;
364 }
365
366 static void send_monitor_replay(struct sock *sk)
367 {
368 struct hci_dev *hdev;
369
370 read_lock(&hci_dev_list_lock);
371
372 list_for_each_entry(hdev, &hci_dev_list, list) {
373 struct sk_buff *skb;
374
375 skb = create_monitor_event(hdev, HCI_DEV_REG);
376 if (!skb)
377 continue;
378
379 if (sock_queue_rcv_skb(sk, skb))
380 kfree_skb(skb);
381 }
382
383 read_unlock(&hci_dev_list_lock);
384 }
385
386 /* Generate internal stack event */
387 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
388 {
389 struct hci_event_hdr *hdr;
390 struct hci_ev_stack_internal *ev;
391 struct sk_buff *skb;
392
393 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
394 if (!skb)
395 return;
396
397 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
398 hdr->evt = HCI_EV_STACK_INTERNAL;
399 hdr->plen = sizeof(*ev) + dlen;
400
401 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
402 ev->type = type;
403 memcpy(ev->data, data, dlen);
404
405 bt_cb(skb)->incoming = 1;
406 __net_timestamp(skb);
407
408 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
409 hci_send_to_sock(hdev, skb);
410 kfree_skb(skb);
411 }
412
413 void hci_sock_dev_event(struct hci_dev *hdev, int event)
414 {
415 struct hci_ev_si_device ev;
416
417 BT_DBG("hdev %s event %d", hdev->name, event);
418
419 /* Send event to monitor */
420 if (atomic_read(&monitor_promisc)) {
421 struct sk_buff *skb;
422
423 skb = create_monitor_event(hdev, event);
424 if (skb) {
425 send_monitor_event(skb);
426 kfree_skb(skb);
427 }
428 }
429
430 /* Send event to sockets */
431 ev.event = event;
432 ev.dev_id = hdev->id;
433 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
434
435 if (event == HCI_DEV_UNREG) {
436 struct sock *sk;
437
438 /* Detach sockets from device */
439 read_lock(&hci_sk_list.lock);
440 sk_for_each(sk, &hci_sk_list.head) {
441 bh_lock_sock_nested(sk);
442 if (hci_pi(sk)->hdev == hdev) {
443 hci_pi(sk)->hdev = NULL;
444 sk->sk_err = EPIPE;
445 sk->sk_state = BT_OPEN;
446 sk->sk_state_change(sk);
447
448 hci_dev_put(hdev);
449 }
450 bh_unlock_sock(sk);
451 }
452 read_unlock(&hci_sk_list.lock);
453 }
454 }
455
456 static int hci_sock_release(struct socket *sock)
457 {
458 struct sock *sk = sock->sk;
459 struct hci_dev *hdev;
460
461 BT_DBG("sock %p sk %p", sock, sk);
462
463 if (!sk)
464 return 0;
465
466 hdev = hci_pi(sk)->hdev;
467
468 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
469 atomic_dec(&monitor_promisc);
470
471 bt_sock_unlink(&hci_sk_list, sk);
472
473 if (hdev) {
474 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
475 mgmt_index_added(hdev);
476 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
477 hci_dev_close(hdev->id);
478 }
479
480 atomic_dec(&hdev->promisc);
481 hci_dev_put(hdev);
482 }
483
484 sock_orphan(sk);
485
486 skb_queue_purge(&sk->sk_receive_queue);
487 skb_queue_purge(&sk->sk_write_queue);
488
489 sock_put(sk);
490 return 0;
491 }
492
493 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
494 {
495 bdaddr_t bdaddr;
496 int err;
497
498 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
499 return -EFAULT;
500
501 hci_dev_lock(hdev);
502
503 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
504
505 hci_dev_unlock(hdev);
506
507 return err;
508 }
509
510 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
511 {
512 bdaddr_t bdaddr;
513 int err;
514
515 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
516 return -EFAULT;
517
518 hci_dev_lock(hdev);
519
520 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
521
522 hci_dev_unlock(hdev);
523
524 return err;
525 }
526
527 /* Ioctls that require bound socket */
528 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
529 unsigned long arg)
530 {
531 struct hci_dev *hdev = hci_pi(sk)->hdev;
532
533 if (!hdev)
534 return -EBADFD;
535
536 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
537 return -EBUSY;
538
539 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
540 return -EOPNOTSUPP;
541
542 if (hdev->dev_type != HCI_BREDR)
543 return -EOPNOTSUPP;
544
545 switch (cmd) {
546 case HCISETRAW:
547 if (!capable(CAP_NET_ADMIN))
548 return -EPERM;
549 return -EOPNOTSUPP;
550
551 case HCIGETCONNINFO:
552 return hci_get_conn_info(hdev, (void __user *) arg);
553
554 case HCIGETAUTHINFO:
555 return hci_get_auth_info(hdev, (void __user *) arg);
556
557 case HCIBLOCKADDR:
558 if (!capable(CAP_NET_ADMIN))
559 return -EPERM;
560 return hci_sock_blacklist_add(hdev, (void __user *) arg);
561
562 case HCIUNBLOCKADDR:
563 if (!capable(CAP_NET_ADMIN))
564 return -EPERM;
565 return hci_sock_blacklist_del(hdev, (void __user *) arg);
566 }
567
568 return -ENOIOCTLCMD;
569 }
570
571 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
572 unsigned long arg)
573 {
574 void __user *argp = (void __user *) arg;
575 struct sock *sk = sock->sk;
576 int err;
577
578 BT_DBG("cmd %x arg %lx", cmd, arg);
579
580 lock_sock(sk);
581
582 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
583 err = -EBADFD;
584 goto done;
585 }
586
587 release_sock(sk);
588
589 switch (cmd) {
590 case HCIGETDEVLIST:
591 return hci_get_dev_list(argp);
592
593 case HCIGETDEVINFO:
594 return hci_get_dev_info(argp);
595
596 case HCIGETCONNLIST:
597 return hci_get_conn_list(argp);
598
599 case HCIDEVUP:
600 if (!capable(CAP_NET_ADMIN))
601 return -EPERM;
602 return hci_dev_open(arg);
603
604 case HCIDEVDOWN:
605 if (!capable(CAP_NET_ADMIN))
606 return -EPERM;
607 return hci_dev_close(arg);
608
609 case HCIDEVRESET:
610 if (!capable(CAP_NET_ADMIN))
611 return -EPERM;
612 return hci_dev_reset(arg);
613
614 case HCIDEVRESTAT:
615 if (!capable(CAP_NET_ADMIN))
616 return -EPERM;
617 return hci_dev_reset_stat(arg);
618
619 case HCISETSCAN:
620 case HCISETAUTH:
621 case HCISETENCRYPT:
622 case HCISETPTYPE:
623 case HCISETLINKPOL:
624 case HCISETLINKMODE:
625 case HCISETACLMTU:
626 case HCISETSCOMTU:
627 if (!capable(CAP_NET_ADMIN))
628 return -EPERM;
629 return hci_dev_cmd(cmd, argp);
630
631 case HCIINQUIRY:
632 return hci_inquiry(argp);
633 }
634
635 lock_sock(sk);
636
637 err = hci_sock_bound_ioctl(sk, cmd, arg);
638
639 done:
640 release_sock(sk);
641 return err;
642 }
643
644 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
645 int addr_len)
646 {
647 struct sockaddr_hci haddr;
648 struct sock *sk = sock->sk;
649 struct hci_dev *hdev = NULL;
650 int len, err = 0;
651
652 BT_DBG("sock %p sk %p", sock, sk);
653
654 if (!addr)
655 return -EINVAL;
656
657 memset(&haddr, 0, sizeof(haddr));
658 len = min_t(unsigned int, sizeof(haddr), addr_len);
659 memcpy(&haddr, addr, len);
660
661 if (haddr.hci_family != AF_BLUETOOTH)
662 return -EINVAL;
663
664 lock_sock(sk);
665
666 if (sk->sk_state == BT_BOUND) {
667 err = -EALREADY;
668 goto done;
669 }
670
671 switch (haddr.hci_channel) {
672 case HCI_CHANNEL_RAW:
673 if (hci_pi(sk)->hdev) {
674 err = -EALREADY;
675 goto done;
676 }
677
678 if (haddr.hci_dev != HCI_DEV_NONE) {
679 hdev = hci_dev_get(haddr.hci_dev);
680 if (!hdev) {
681 err = -ENODEV;
682 goto done;
683 }
684
685 atomic_inc(&hdev->promisc);
686 }
687
688 hci_pi(sk)->hdev = hdev;
689 break;
690
691 case HCI_CHANNEL_USER:
692 if (hci_pi(sk)->hdev) {
693 err = -EALREADY;
694 goto done;
695 }
696
697 if (haddr.hci_dev == HCI_DEV_NONE) {
698 err = -EINVAL;
699 goto done;
700 }
701
702 if (!capable(CAP_NET_ADMIN)) {
703 err = -EPERM;
704 goto done;
705 }
706
707 hdev = hci_dev_get(haddr.hci_dev);
708 if (!hdev) {
709 err = -ENODEV;
710 goto done;
711 }
712
713 if (test_bit(HCI_UP, &hdev->flags) ||
714 test_bit(HCI_INIT, &hdev->flags) ||
715 test_bit(HCI_SETUP, &hdev->dev_flags) ||
716 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
717 err = -EBUSY;
718 hci_dev_put(hdev);
719 goto done;
720 }
721
722 if (test_and_set_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
723 err = -EUSERS;
724 hci_dev_put(hdev);
725 goto done;
726 }
727
728 mgmt_index_removed(hdev);
729
730 err = hci_dev_open(hdev->id);
731 if (err) {
732 clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
733 mgmt_index_added(hdev);
734 hci_dev_put(hdev);
735 goto done;
736 }
737
738 atomic_inc(&hdev->promisc);
739
740 hci_pi(sk)->hdev = hdev;
741 break;
742
743 case HCI_CHANNEL_CONTROL:
744 if (haddr.hci_dev != HCI_DEV_NONE) {
745 err = -EINVAL;
746 goto done;
747 }
748
749 if (!capable(CAP_NET_ADMIN)) {
750 err = -EPERM;
751 goto done;
752 }
753
754 break;
755
756 case HCI_CHANNEL_MONITOR:
757 if (haddr.hci_dev != HCI_DEV_NONE) {
758 err = -EINVAL;
759 goto done;
760 }
761
762 if (!capable(CAP_NET_RAW)) {
763 err = -EPERM;
764 goto done;
765 }
766
767 send_monitor_replay(sk);
768
769 atomic_inc(&monitor_promisc);
770 break;
771
772 default:
773 err = -EINVAL;
774 goto done;
775 }
776
777
778 hci_pi(sk)->channel = haddr.hci_channel;
779 sk->sk_state = BT_BOUND;
780
781 done:
782 release_sock(sk);
783 return err;
784 }
785
786 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
787 int *addr_len, int peer)
788 {
789 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
790 struct sock *sk = sock->sk;
791 struct hci_dev *hdev;
792 int err = 0;
793
794 BT_DBG("sock %p sk %p", sock, sk);
795
796 if (peer)
797 return -EOPNOTSUPP;
798
799 lock_sock(sk);
800
801 hdev = hci_pi(sk)->hdev;
802 if (!hdev) {
803 err = -EBADFD;
804 goto done;
805 }
806
807 *addr_len = sizeof(*haddr);
808 haddr->hci_family = AF_BLUETOOTH;
809 haddr->hci_dev = hdev->id;
810 haddr->hci_channel= hci_pi(sk)->channel;
811
812 done:
813 release_sock(sk);
814 return err;
815 }
816
817 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
818 struct sk_buff *skb)
819 {
820 __u32 mask = hci_pi(sk)->cmsg_mask;
821
822 if (mask & HCI_CMSG_DIR) {
823 int incoming = bt_cb(skb)->incoming;
824 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
825 &incoming);
826 }
827
828 if (mask & HCI_CMSG_TSTAMP) {
829 #ifdef CONFIG_COMPAT
830 struct compat_timeval ctv;
831 #endif
832 struct timeval tv;
833 void *data;
834 int len;
835
836 skb_get_timestamp(skb, &tv);
837
838 data = &tv;
839 len = sizeof(tv);
840 #ifdef CONFIG_COMPAT
841 if (!COMPAT_USE_64BIT_TIME &&
842 (msg->msg_flags & MSG_CMSG_COMPAT)) {
843 ctv.tv_sec = tv.tv_sec;
844 ctv.tv_usec = tv.tv_usec;
845 data = &ctv;
846 len = sizeof(ctv);
847 }
848 #endif
849
850 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
851 }
852 }
853
854 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
855 struct msghdr *msg, size_t len, int flags)
856 {
857 int noblock = flags & MSG_DONTWAIT;
858 struct sock *sk = sock->sk;
859 struct sk_buff *skb;
860 int copied, err;
861
862 BT_DBG("sock %p, sk %p", sock, sk);
863
864 if (flags & (MSG_OOB))
865 return -EOPNOTSUPP;
866
867 if (sk->sk_state == BT_CLOSED)
868 return 0;
869
870 skb = skb_recv_datagram(sk, flags, noblock, &err);
871 if (!skb)
872 return err;
873
874 copied = skb->len;
875 if (len < copied) {
876 msg->msg_flags |= MSG_TRUNC;
877 copied = len;
878 }
879
880 skb_reset_transport_header(skb);
881 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
882
883 switch (hci_pi(sk)->channel) {
884 case HCI_CHANNEL_RAW:
885 hci_sock_cmsg(sk, msg, skb);
886 break;
887 case HCI_CHANNEL_USER:
888 case HCI_CHANNEL_CONTROL:
889 case HCI_CHANNEL_MONITOR:
890 sock_recv_timestamp(msg, sk, skb);
891 break;
892 }
893
894 skb_free_datagram(sk, skb);
895
896 return err ? : copied;
897 }
898
899 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
900 struct msghdr *msg, size_t len)
901 {
902 struct sock *sk = sock->sk;
903 struct hci_dev *hdev;
904 struct sk_buff *skb;
905 int err;
906
907 BT_DBG("sock %p sk %p", sock, sk);
908
909 if (msg->msg_flags & MSG_OOB)
910 return -EOPNOTSUPP;
911
912 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
913 return -EINVAL;
914
915 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
916 return -EINVAL;
917
918 lock_sock(sk);
919
920 switch (hci_pi(sk)->channel) {
921 case HCI_CHANNEL_RAW:
922 case HCI_CHANNEL_USER:
923 break;
924 case HCI_CHANNEL_CONTROL:
925 err = mgmt_control(sk, msg, len);
926 goto done;
927 case HCI_CHANNEL_MONITOR:
928 err = -EOPNOTSUPP;
929 goto done;
930 default:
931 err = -EINVAL;
932 goto done;
933 }
934
935 hdev = hci_pi(sk)->hdev;
936 if (!hdev) {
937 err = -EBADFD;
938 goto done;
939 }
940
941 if (!test_bit(HCI_UP, &hdev->flags)) {
942 err = -ENETDOWN;
943 goto done;
944 }
945
946 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
947 if (!skb)
948 goto done;
949
950 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
951 err = -EFAULT;
952 goto drop;
953 }
954
955 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
956 skb_pull(skb, 1);
957
958 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
959 /* No permission check is needed for user channel
960 * since that gets enforced when binding the socket.
961 *
962 * However check that the packet type is valid.
963 */
964 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
965 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
966 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
967 err = -EINVAL;
968 goto drop;
969 }
970
971 skb_queue_tail(&hdev->raw_q, skb);
972 queue_work(hdev->workqueue, &hdev->tx_work);
973 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
974 u16 opcode = get_unaligned_le16(skb->data);
975 u16 ogf = hci_opcode_ogf(opcode);
976 u16 ocf = hci_opcode_ocf(opcode);
977
978 if (((ogf > HCI_SFLT_MAX_OGF) ||
979 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
980 &hci_sec_filter.ocf_mask[ogf])) &&
981 !capable(CAP_NET_RAW)) {
982 err = -EPERM;
983 goto drop;
984 }
985
986 if (ogf == 0x3f) {
987 skb_queue_tail(&hdev->raw_q, skb);
988 queue_work(hdev->workqueue, &hdev->tx_work);
989 } else {
990 /* Stand-alone HCI commands must be flaged as
991 * single-command requests.
992 */
993 bt_cb(skb)->req.start = true;
994
995 skb_queue_tail(&hdev->cmd_q, skb);
996 queue_work(hdev->workqueue, &hdev->cmd_work);
997 }
998 } else {
999 if (!capable(CAP_NET_RAW)) {
1000 err = -EPERM;
1001 goto drop;
1002 }
1003
1004 skb_queue_tail(&hdev->raw_q, skb);
1005 queue_work(hdev->workqueue, &hdev->tx_work);
1006 }
1007
1008 err = len;
1009
1010 done:
1011 release_sock(sk);
1012 return err;
1013
1014 drop:
1015 kfree_skb(skb);
1016 goto done;
1017 }
1018
1019 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1020 char __user *optval, unsigned int len)
1021 {
1022 struct hci_ufilter uf = { .opcode = 0 };
1023 struct sock *sk = sock->sk;
1024 int err = 0, opt = 0;
1025
1026 BT_DBG("sk %p, opt %d", sk, optname);
1027
1028 lock_sock(sk);
1029
1030 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1031 err = -EBADFD;
1032 goto done;
1033 }
1034
1035 switch (optname) {
1036 case HCI_DATA_DIR:
1037 if (get_user(opt, (int __user *)optval)) {
1038 err = -EFAULT;
1039 break;
1040 }
1041
1042 if (opt)
1043 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1044 else
1045 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1046 break;
1047
1048 case HCI_TIME_STAMP:
1049 if (get_user(opt, (int __user *)optval)) {
1050 err = -EFAULT;
1051 break;
1052 }
1053
1054 if (opt)
1055 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1056 else
1057 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1058 break;
1059
1060 case HCI_FILTER:
1061 {
1062 struct hci_filter *f = &hci_pi(sk)->filter;
1063
1064 uf.type_mask = f->type_mask;
1065 uf.opcode = f->opcode;
1066 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1067 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1068 }
1069
1070 len = min_t(unsigned int, len, sizeof(uf));
1071 if (copy_from_user(&uf, optval, len)) {
1072 err = -EFAULT;
1073 break;
1074 }
1075
1076 if (!capable(CAP_NET_RAW)) {
1077 uf.type_mask &= hci_sec_filter.type_mask;
1078 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1079 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1080 }
1081
1082 {
1083 struct hci_filter *f = &hci_pi(sk)->filter;
1084
1085 f->type_mask = uf.type_mask;
1086 f->opcode = uf.opcode;
1087 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1088 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1089 }
1090 break;
1091
1092 default:
1093 err = -ENOPROTOOPT;
1094 break;
1095 }
1096
1097 done:
1098 release_sock(sk);
1099 return err;
1100 }
1101
1102 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1103 char __user *optval, int __user *optlen)
1104 {
1105 struct hci_ufilter uf;
1106 struct sock *sk = sock->sk;
1107 int len, opt, err = 0;
1108
1109 BT_DBG("sk %p, opt %d", sk, optname);
1110
1111 if (get_user(len, optlen))
1112 return -EFAULT;
1113
1114 lock_sock(sk);
1115
1116 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1117 err = -EBADFD;
1118 goto done;
1119 }
1120
1121 switch (optname) {
1122 case HCI_DATA_DIR:
1123 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1124 opt = 1;
1125 else
1126 opt = 0;
1127
1128 if (put_user(opt, optval))
1129 err = -EFAULT;
1130 break;
1131
1132 case HCI_TIME_STAMP:
1133 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1134 opt = 1;
1135 else
1136 opt = 0;
1137
1138 if (put_user(opt, optval))
1139 err = -EFAULT;
1140 break;
1141
1142 case HCI_FILTER:
1143 {
1144 struct hci_filter *f = &hci_pi(sk)->filter;
1145
1146 memset(&uf, 0, sizeof(uf));
1147 uf.type_mask = f->type_mask;
1148 uf.opcode = f->opcode;
1149 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1150 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1151 }
1152
1153 len = min_t(unsigned int, len, sizeof(uf));
1154 if (copy_to_user(optval, &uf, len))
1155 err = -EFAULT;
1156 break;
1157
1158 default:
1159 err = -ENOPROTOOPT;
1160 break;
1161 }
1162
1163 done:
1164 release_sock(sk);
1165 return err;
1166 }
1167
1168 static const struct proto_ops hci_sock_ops = {
1169 .family = PF_BLUETOOTH,
1170 .owner = THIS_MODULE,
1171 .release = hci_sock_release,
1172 .bind = hci_sock_bind,
1173 .getname = hci_sock_getname,
1174 .sendmsg = hci_sock_sendmsg,
1175 .recvmsg = hci_sock_recvmsg,
1176 .ioctl = hci_sock_ioctl,
1177 .poll = datagram_poll,
1178 .listen = sock_no_listen,
1179 .shutdown = sock_no_shutdown,
1180 .setsockopt = hci_sock_setsockopt,
1181 .getsockopt = hci_sock_getsockopt,
1182 .connect = sock_no_connect,
1183 .socketpair = sock_no_socketpair,
1184 .accept = sock_no_accept,
1185 .mmap = sock_no_mmap
1186 };
1187
1188 static struct proto hci_sk_proto = {
1189 .name = "HCI",
1190 .owner = THIS_MODULE,
1191 .obj_size = sizeof(struct hci_pinfo)
1192 };
1193
1194 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1195 int kern)
1196 {
1197 struct sock *sk;
1198
1199 BT_DBG("sock %p", sock);
1200
1201 if (sock->type != SOCK_RAW)
1202 return -ESOCKTNOSUPPORT;
1203
1204 sock->ops = &hci_sock_ops;
1205
1206 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1207 if (!sk)
1208 return -ENOMEM;
1209
1210 sock_init_data(sock, sk);
1211
1212 sock_reset_flag(sk, SOCK_ZAPPED);
1213
1214 sk->sk_protocol = protocol;
1215
1216 sock->state = SS_UNCONNECTED;
1217 sk->sk_state = BT_OPEN;
1218
1219 bt_sock_link(&hci_sk_list, sk);
1220 return 0;
1221 }
1222
1223 static const struct net_proto_family hci_sock_family_ops = {
1224 .family = PF_BLUETOOTH,
1225 .owner = THIS_MODULE,
1226 .create = hci_sock_create,
1227 };
1228
1229 int __init hci_sock_init(void)
1230 {
1231 int err;
1232
1233 err = proto_register(&hci_sk_proto, 0);
1234 if (err < 0)
1235 return err;
1236
1237 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1238 if (err < 0) {
1239 BT_ERR("HCI socket registration failed");
1240 goto error;
1241 }
1242
1243 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
1244 if (err < 0) {
1245 BT_ERR("Failed to create HCI proc file");
1246 bt_sock_unregister(BTPROTO_HCI);
1247 goto error;
1248 }
1249
1250 BT_INFO("HCI socket layer initialized");
1251
1252 return 0;
1253
1254 error:
1255 proto_unregister(&hci_sk_proto);
1256 return err;
1257 }
1258
1259 void hci_sock_cleanup(void)
1260 {
1261 bt_procfs_cleanup(&init_net, "hci");
1262 bt_sock_unregister(BTPROTO_HCI);
1263 proto_unregister(&hci_sk_proto);
1264 }
Linux with added FPC-III support