drivers/bluetooth/hci_vhci.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *
   4  *  Bluetooth virtual HCI driver
   5  *
   6  *  Copyright (C) 2000-2001  Qualcomm Incorporated
   7  *  Copyright (C) 2002-2003  Maxim Krasnyansky <maxk@qualcomm.com>
   8  *  Copyright (C) 2004-2006  Marcel Holtmann <marcel@holtmann.org>
   9  */
  10
  11 #include <linux/module.h>
  12 #include <asm/unaligned.h>
  13
  14 #include <linux/kernel.h>
  15 #include <linux/init.h>
  16 #include <linux/slab.h>
  17 #include <linux/types.h>
  18 #include <linux/errno.h>
  19 #include <linux/sched.h>
  20 #include <linux/poll.h>
  21
  22 #include <linux/skbuff.h>
  23 #include <linux/miscdevice.h>
  24
  25 #include <net/bluetooth/bluetooth.h>
  26 #include <net/bluetooth/hci_core.h>
  27
  28 #define VERSION "1.5"
  29
  30 static bool amp;
  31
  32 struct vhci_data {
  33         struct hci_dev *hdev;
  34
  35         wait_queue_head_t read_wait;
  36         struct sk_buff_head readq;
  37
  38         struct mutex open_mutex;
  39         struct delayed_work open_timeout;
  40 };
  41
  42 static int vhci_open_dev(struct hci_dev *hdev)
  43 {
  44         return 0;
  45 }
  46
  47 static int vhci_close_dev(struct hci_dev *hdev)
  48 {
  49         struct vhci_data *data = hci_get_drvdata(hdev);
  50
  51         skb_queue_purge(&data->readq);
  52
  53         return 0;
  54 }
  55
  56 static int vhci_flush(struct hci_dev *hdev)
  57 {
  58         struct vhci_data *data = hci_get_drvdata(hdev);
  59
  60         skb_queue_purge(&data->readq);
  61
  62         return 0;
  63 }
  64
  65 static int vhci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
  66 {
  67         struct vhci_data *data = hci_get_drvdata(hdev);
  68
  69         memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
  70         skb_queue_tail(&data->readq, skb);
  71
  72         wake_up_interruptible(&data->read_wait);
  73         return 0;
  74 }
  75
  76 static int __vhci_create_device(struct vhci_data *data, __u8 opcode)
  77 {
  78         struct hci_dev *hdev;
  79         struct sk_buff *skb;
  80         __u8 dev_type;
  81
  82         if (data->hdev)
  83                 return -EBADFD;
  84
  85         /* bits 0-1 are dev_type (Primary or AMP) */
  86         dev_type = opcode & 0x03;
  87
  88         if (dev_type != HCI_PRIMARY && dev_type != HCI_AMP)
  89                 return -EINVAL;
  90
  91         /* bits 2-5 are reserved (must be zero) */
  92         if (opcode & 0x3c)
  93                 return -EINVAL;
  94
  95         skb = bt_skb_alloc(4, GFP_KERNEL);
  96         if (!skb)
  97                 return -ENOMEM;
  98
  99         hdev = hci_alloc_dev();
 100         if (!hdev) {
 101                 kfree_skb(skb);
 102                 return -ENOMEM;
 103         }
 104
 105         data->hdev = hdev;
 106
 107         hdev->bus = HCI_VIRTUAL;
 108         hdev->dev_type = dev_type;
 109         hci_set_drvdata(hdev, data);
 110
 111         hdev->open  = vhci_open_dev;
 112         hdev->close = vhci_close_dev;
 113         hdev->flush = vhci_flush;
 114         hdev->send  = vhci_send_frame;
 115
 116         /* bit 6 is for external configuration */
 117         if (opcode & 0x40)
 118                 set_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks);
 119
 120         /* bit 7 is for raw device */
 121         if (opcode & 0x80)
 122                 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
 123
 124         if (hci_register_dev(hdev) < 0) {
 125                 BT_ERR("Can't register HCI device");
 126                 hci_free_dev(hdev);
 127                 data->hdev = NULL;
 128                 kfree_skb(skb);
 129                 return -EBUSY;
 130         }
 131
 132         hci_skb_pkt_type(skb) = HCI_VENDOR_PKT;
 133
 134         skb_put_u8(skb, 0xff);
 135         skb_put_u8(skb, opcode);
 136         put_unaligned_le16(hdev->id, skb_put(skb, 2));
 137         skb_queue_tail(&data->readq, skb);
 138
 139         wake_up_interruptible(&data->read_wait);
 140         return 0;
 141 }
 142
 143 static int vhci_create_device(struct vhci_data *data, __u8 opcode)
 144 {
 145         int err;
 146
 147         mutex_lock(&data->open_mutex);
 148         err = __vhci_create_device(data, opcode);
 149         mutex_unlock(&data->open_mutex);
 150
 151         return err;
 152 }
 153
 154 static inline ssize_t vhci_get_user(struct vhci_data *data,
 155                                     struct iov_iter *from)
 156 {
 157         size_t len = iov_iter_count(from);
 158         struct sk_buff *skb;
 159         __u8 pkt_type, opcode;
 160         int ret;
 161
 162         if (len < 2 || len > HCI_MAX_FRAME_SIZE)
 163                 return -EINVAL;
 164
 165         skb = bt_skb_alloc(len, GFP_KERNEL);
 166         if (!skb)
 167                 return -ENOMEM;
 168
 169         if (!copy_from_iter_full(skb_put(skb, len), len, from)) {
 170                 kfree_skb(skb);
 171                 return -EFAULT;
 172         }
 173
 174         pkt_type = *((__u8 *) skb->data);
 175         skb_pull(skb, 1);
 176
 177         switch (pkt_type) {
 178         case HCI_EVENT_PKT:
 179         case HCI_ACLDATA_PKT:
 180         case HCI_SCODATA_PKT:
 181         case HCI_ISODATA_PKT:
 182                 if (!data->hdev) {
 183                         kfree_skb(skb);
 184                         return -ENODEV;
 185                 }
 186
 187                 hci_skb_pkt_type(skb) = pkt_type;
 188
 189                 ret = hci_recv_frame(data->hdev, skb);
 190                 break;
 191
 192         case HCI_VENDOR_PKT:
 193                 cancel_delayed_work_sync(&data->open_timeout);
 194
 195                 opcode = *((__u8 *) skb->data);
 196                 skb_pull(skb, 1);
 197
 198                 if (skb->len > 0) {
 199                         kfree_skb(skb);
 200                         return -EINVAL;
 201                 }
 202
 203                 kfree_skb(skb);
 204
 205                 ret = vhci_create_device(data, opcode);
 206                 break;
 207
 208         default:
 209                 kfree_skb(skb);
 210                 return -EINVAL;
 211         }
 212
 213         return (ret < 0) ? ret : len;
 214 }
 215
 216 static inline ssize_t vhci_put_user(struct vhci_data *data,
 217                                     struct sk_buff *skb,
 218                                     char __user *buf, int count)
 219 {
 220         char __user *ptr = buf;
 221         int len;
 222
 223         len = min_t(unsigned int, skb->len, count);
 224
 225         if (copy_to_user(ptr, skb->data, len))
 226                 return -EFAULT;
 227
 228         if (!data->hdev)
 229                 return len;
 230
 231         data->hdev->stat.byte_tx += len;
 232
 233         switch (hci_skb_pkt_type(skb)) {
 234         case HCI_COMMAND_PKT:
 235                 data->hdev->stat.cmd_tx++;
 236                 break;
 237         case HCI_ACLDATA_PKT:
 238                 data->hdev->stat.acl_tx++;
 239                 break;
 240         case HCI_SCODATA_PKT:
 241                 data->hdev->stat.sco_tx++;
 242                 break;
 243         }
 244
 245         return len;
 246 }
 247
 248 static ssize_t vhci_read(struct file *file,
 249                          char __user *buf, size_t count, loff_t *pos)
 250 {
 251         struct vhci_data *data = file->private_data;
 252         struct sk_buff *skb;
 253         ssize_t ret = 0;
 254
 255         while (count) {
 256                 skb = skb_dequeue(&data->readq);
 257                 if (skb) {
 258                         ret = vhci_put_user(data, skb, buf, count);
 259                         if (ret < 0)
 260                                 skb_queue_head(&data->readq, skb);
 261                         else
 262                                 kfree_skb(skb);
 263                         break;
 264                 }
 265
 266                 if (file->f_flags & O_NONBLOCK) {
 267                         ret = -EAGAIN;
 268                         break;
 269                 }
 270
 271                 ret = wait_event_interruptible(data->read_wait,
 272                                                !skb_queue_empty(&data->readq));
 273                 if (ret < 0)
 274                         break;
 275         }
 276
 277         return ret;
 278 }
 279
 280 static ssize_t vhci_write(struct kiocb *iocb, struct iov_iter *from)
 281 {
 282         struct file *file = iocb->ki_filp;
 283         struct vhci_data *data = file->private_data;
 284
 285         return vhci_get_user(data, from);
 286 }
 287
 288 static __poll_t vhci_poll(struct file *file, poll_table *wait)
 289 {
 290         struct vhci_data *data = file->private_data;
 291
 292         poll_wait(file, &data->read_wait, wait);
 293
 294         if (!skb_queue_empty(&data->readq))
 295                 return EPOLLIN | EPOLLRDNORM;
 296
 297         return EPOLLOUT | EPOLLWRNORM;
 298 }
 299
 300 static void vhci_open_timeout(struct work_struct *work)
 301 {
 302         struct vhci_data *data = container_of(work, struct vhci_data,
 303                                               open_timeout.work);
 304
 305         vhci_create_device(data, amp ? HCI_AMP : HCI_PRIMARY);
 306 }
 307
 308 static int vhci_open(struct inode *inode, struct file *file)
 309 {
 310         struct vhci_data *data;
 311
 312         data = kzalloc(sizeof(struct vhci_data), GFP_KERNEL);
 313         if (!data)
 314                 return -ENOMEM;
 315
 316         skb_queue_head_init(&data->readq);
 317         init_waitqueue_head(&data->read_wait);
 318
 319         mutex_init(&data->open_mutex);
 320         INIT_DELAYED_WORK(&data->open_timeout, vhci_open_timeout);
 321
 322         file->private_data = data;
 323         nonseekable_open(inode, file);
 324
 325         schedule_delayed_work(&data->open_timeout, msecs_to_jiffies(1000));
 326
 327         return 0;
 328 }
 329
 330 static int vhci_release(struct inode *inode, struct file *file)
 331 {
 332         struct vhci_data *data = file->private_data;
 333         struct hci_dev *hdev;
 334
 335         cancel_delayed_work_sync(&data->open_timeout);
 336
 337         hdev = data->hdev;
 338
 339         if (hdev) {
 340                 hci_unregister_dev(hdev);
 341                 hci_free_dev(hdev);
 342         }
 343
 344         skb_queue_purge(&data->readq);
 345         file->private_data = NULL;
 346         kfree(data);
 347
 348         return 0;
 349 }
 350
 351 static const struct file_operations vhci_fops = {
 352         .owner          = THIS_MODULE,
 353         .read           = vhci_read,
 354         .write_iter     = vhci_write,
 355         .poll           = vhci_poll,
 356         .open           = vhci_open,
 357         .release        = vhci_release,
 358         .llseek         = no_llseek,
 359 };
 360
 361 static struct miscdevice vhci_miscdev = {
 362         .name   = "vhci",
 363         .fops   = &vhci_fops,
 364         .minor  = VHCI_MINOR,
 365 };
 366 module_misc_device(vhci_miscdev);
 367
 368 module_param(amp, bool, 0644);
 369 MODULE_PARM_DESC(amp, "Create AMP controller device");
 370
 371 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
 372 MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION);
 373 MODULE_VERSION(VERSION);
 374 MODULE_LICENSE("GPL");
 375 MODULE_ALIAS("devname:vhci");
 376 MODULE_ALIAS_MISCDEV(VHCI_MINOR);