2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
26 #include <linux/compat.h>
27 #include <linux/export.h>
28 #include <linux/utsname.h>
29 #include <linux/sched.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/hci_mon.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "mgmt_util.h"
39 static LIST_HEAD(mgmt_chan_list
);
40 static DEFINE_MUTEX(mgmt_chan_list_lock
);
42 static DEFINE_IDA(sock_cookie_ida
);
44 static atomic_t monitor_promisc
= ATOMIC_INIT(0);
46 /* ----- HCI socket interface ----- */
49 #define hci_pi(sk) ((struct hci_pinfo *) sk)
54 struct hci_filter filter
;
56 unsigned short channel
;
59 char comm
[TASK_COMM_LEN
];
62 void hci_sock_set_flag(struct sock
*sk
, int nr
)
64 set_bit(nr
, &hci_pi(sk
)->flags
);
67 void hci_sock_clear_flag(struct sock
*sk
, int nr
)
69 clear_bit(nr
, &hci_pi(sk
)->flags
);
72 int hci_sock_test_flag(struct sock
*sk
, int nr
)
74 return test_bit(nr
, &hci_pi(sk
)->flags
);
77 unsigned short hci_sock_get_channel(struct sock
*sk
)
79 return hci_pi(sk
)->channel
;
82 u32
hci_sock_get_cookie(struct sock
*sk
)
84 return hci_pi(sk
)->cookie
;
87 static bool hci_sock_gen_cookie(struct sock
*sk
)
89 int id
= hci_pi(sk
)->cookie
;
92 id
= ida_simple_get(&sock_cookie_ida
, 1, 0, GFP_KERNEL
);
96 hci_pi(sk
)->cookie
= id
;
97 get_task_comm(hci_pi(sk
)->comm
, current
);
104 static void hci_sock_free_cookie(struct sock
*sk
)
106 int id
= hci_pi(sk
)->cookie
;
109 hci_pi(sk
)->cookie
= 0xffffffff;
110 ida_simple_remove(&sock_cookie_ida
, id
);
114 static inline int hci_test_bit(int nr
, const void *addr
)
116 return *((const __u32
*) addr
+ (nr
>> 5)) & ((__u32
) 1 << (nr
& 31));
119 /* Security filter */
120 #define HCI_SFLT_MAX_OGF 5
122 struct hci_sec_filter
{
125 __u32 ocf_mask
[HCI_SFLT_MAX_OGF
+ 1][4];
128 static const struct hci_sec_filter hci_sec_filter
= {
132 { 0x1000d9fe, 0x0000b00c },
137 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
138 /* OGF_LINK_POLICY */
139 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
141 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
143 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
144 /* OGF_STATUS_PARAM */
145 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
149 static struct bt_sock_list hci_sk_list
= {
150 .lock
= __RW_LOCK_UNLOCKED(hci_sk_list
.lock
)
153 static bool is_filtered_packet(struct sock
*sk
, struct sk_buff
*skb
)
155 struct hci_filter
*flt
;
156 int flt_type
, flt_event
;
159 flt
= &hci_pi(sk
)->filter
;
161 flt_type
= hci_skb_pkt_type(skb
) & HCI_FLT_TYPE_BITS
;
163 if (!test_bit(flt_type
, &flt
->type_mask
))
166 /* Extra filter for event packets only */
167 if (hci_skb_pkt_type(skb
) != HCI_EVENT_PKT
)
170 flt_event
= (*(__u8
*)skb
->data
& HCI_FLT_EVENT_BITS
);
172 if (!hci_test_bit(flt_event
, &flt
->event_mask
))
175 /* Check filter only when opcode is set */
179 if (flt_event
== HCI_EV_CMD_COMPLETE
&&
180 flt
->opcode
!= get_unaligned((__le16
*)(skb
->data
+ 3)))
183 if (flt_event
== HCI_EV_CMD_STATUS
&&
184 flt
->opcode
!= get_unaligned((__le16
*)(skb
->data
+ 4)))
190 /* Send frame to RAW socket */
191 void hci_send_to_sock(struct hci_dev
*hdev
, struct sk_buff
*skb
)
194 struct sk_buff
*skb_copy
= NULL
;
196 BT_DBG("hdev %p len %d", hdev
, skb
->len
);
198 read_lock(&hci_sk_list
.lock
);
200 sk_for_each(sk
, &hci_sk_list
.head
) {
201 struct sk_buff
*nskb
;
203 if (sk
->sk_state
!= BT_BOUND
|| hci_pi(sk
)->hdev
!= hdev
)
206 /* Don't send frame to the socket it came from */
210 if (hci_pi(sk
)->channel
== HCI_CHANNEL_RAW
) {
211 if (hci_skb_pkt_type(skb
) != HCI_COMMAND_PKT
&&
212 hci_skb_pkt_type(skb
) != HCI_EVENT_PKT
&&
213 hci_skb_pkt_type(skb
) != HCI_ACLDATA_PKT
&&
214 hci_skb_pkt_type(skb
) != HCI_SCODATA_PKT
&&
215 hci_skb_pkt_type(skb
) != HCI_ISODATA_PKT
)
217 if (is_filtered_packet(sk
, skb
))
219 } else if (hci_pi(sk
)->channel
== HCI_CHANNEL_USER
) {
220 if (!bt_cb(skb
)->incoming
)
222 if (hci_skb_pkt_type(skb
) != HCI_EVENT_PKT
&&
223 hci_skb_pkt_type(skb
) != HCI_ACLDATA_PKT
&&
224 hci_skb_pkt_type(skb
) != HCI_SCODATA_PKT
&&
225 hci_skb_pkt_type(skb
) != HCI_ISODATA_PKT
)
228 /* Don't send frame to other channel types */
233 /* Create a private copy with headroom */
234 skb_copy
= __pskb_copy_fclone(skb
, 1, GFP_ATOMIC
, true);
238 /* Put type byte before the data */
239 memcpy(skb_push(skb_copy
, 1), &hci_skb_pkt_type(skb
), 1);
242 nskb
= skb_clone(skb_copy
, GFP_ATOMIC
);
246 if (sock_queue_rcv_skb(sk
, nskb
))
250 read_unlock(&hci_sk_list
.lock
);
255 /* Send frame to sockets with specific channel */
256 static void __hci_send_to_channel(unsigned short channel
, struct sk_buff
*skb
,
257 int flag
, struct sock
*skip_sk
)
261 BT_DBG("channel %u len %d", channel
, skb
->len
);
263 sk_for_each(sk
, &hci_sk_list
.head
) {
264 struct sk_buff
*nskb
;
266 /* Ignore socket without the flag set */
267 if (!hci_sock_test_flag(sk
, flag
))
270 /* Skip the original socket */
274 if (sk
->sk_state
!= BT_BOUND
)
277 if (hci_pi(sk
)->channel
!= channel
)
280 nskb
= skb_clone(skb
, GFP_ATOMIC
);
284 if (sock_queue_rcv_skb(sk
, nskb
))
290 void hci_send_to_channel(unsigned short channel
, struct sk_buff
*skb
,
291 int flag
, struct sock
*skip_sk
)
293 read_lock(&hci_sk_list
.lock
);
294 __hci_send_to_channel(channel
, skb
, flag
, skip_sk
);
295 read_unlock(&hci_sk_list
.lock
);
298 /* Send frame to monitor socket */
299 void hci_send_to_monitor(struct hci_dev
*hdev
, struct sk_buff
*skb
)
301 struct sk_buff
*skb_copy
= NULL
;
302 struct hci_mon_hdr
*hdr
;
305 if (!atomic_read(&monitor_promisc
))
308 BT_DBG("hdev %p len %d", hdev
, skb
->len
);
310 switch (hci_skb_pkt_type(skb
)) {
311 case HCI_COMMAND_PKT
:
312 opcode
= cpu_to_le16(HCI_MON_COMMAND_PKT
);
315 opcode
= cpu_to_le16(HCI_MON_EVENT_PKT
);
317 case HCI_ACLDATA_PKT
:
318 if (bt_cb(skb
)->incoming
)
319 opcode
= cpu_to_le16(HCI_MON_ACL_RX_PKT
);
321 opcode
= cpu_to_le16(HCI_MON_ACL_TX_PKT
);
323 case HCI_SCODATA_PKT
:
324 if (bt_cb(skb
)->incoming
)
325 opcode
= cpu_to_le16(HCI_MON_SCO_RX_PKT
);
327 opcode
= cpu_to_le16(HCI_MON_SCO_TX_PKT
);
329 case HCI_ISODATA_PKT
:
330 if (bt_cb(skb
)->incoming
)
331 opcode
= cpu_to_le16(HCI_MON_ISO_RX_PKT
);
333 opcode
= cpu_to_le16(HCI_MON_ISO_TX_PKT
);
336 opcode
= cpu_to_le16(HCI_MON_VENDOR_DIAG
);
342 /* Create a private copy with headroom */
343 skb_copy
= __pskb_copy_fclone(skb
, HCI_MON_HDR_SIZE
, GFP_ATOMIC
, true);
347 /* Put header before the data */
348 hdr
= skb_push(skb_copy
, HCI_MON_HDR_SIZE
);
349 hdr
->opcode
= opcode
;
350 hdr
->index
= cpu_to_le16(hdev
->id
);
351 hdr
->len
= cpu_to_le16(skb
->len
);
353 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb_copy
,
354 HCI_SOCK_TRUSTED
, NULL
);
358 void hci_send_monitor_ctrl_event(struct hci_dev
*hdev
, u16 event
,
359 void *data
, u16 data_len
, ktime_t tstamp
,
360 int flag
, struct sock
*skip_sk
)
366 index
= cpu_to_le16(hdev
->id
);
368 index
= cpu_to_le16(MGMT_INDEX_NONE
);
370 read_lock(&hci_sk_list
.lock
);
372 sk_for_each(sk
, &hci_sk_list
.head
) {
373 struct hci_mon_hdr
*hdr
;
376 if (hci_pi(sk
)->channel
!= HCI_CHANNEL_CONTROL
)
379 /* Ignore socket without the flag set */
380 if (!hci_sock_test_flag(sk
, flag
))
383 /* Skip the original socket */
387 skb
= bt_skb_alloc(6 + data_len
, GFP_ATOMIC
);
391 put_unaligned_le32(hci_pi(sk
)->cookie
, skb_put(skb
, 4));
392 put_unaligned_le16(event
, skb_put(skb
, 2));
395 skb_put_data(skb
, data
, data_len
);
397 skb
->tstamp
= tstamp
;
399 hdr
= skb_push(skb
, HCI_MON_HDR_SIZE
);
400 hdr
->opcode
= cpu_to_le16(HCI_MON_CTRL_EVENT
);
402 hdr
->len
= cpu_to_le16(skb
->len
- HCI_MON_HDR_SIZE
);
404 __hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
405 HCI_SOCK_TRUSTED
, NULL
);
409 read_unlock(&hci_sk_list
.lock
);
412 static struct sk_buff
*create_monitor_event(struct hci_dev
*hdev
, int event
)
414 struct hci_mon_hdr
*hdr
;
415 struct hci_mon_new_index
*ni
;
416 struct hci_mon_index_info
*ii
;
422 skb
= bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE
, GFP_ATOMIC
);
426 ni
= skb_put(skb
, HCI_MON_NEW_INDEX_SIZE
);
427 ni
->type
= hdev
->dev_type
;
429 bacpy(&ni
->bdaddr
, &hdev
->bdaddr
);
430 memcpy(ni
->name
, hdev
->name
, 8);
432 opcode
= cpu_to_le16(HCI_MON_NEW_INDEX
);
436 skb
= bt_skb_alloc(0, GFP_ATOMIC
);
440 opcode
= cpu_to_le16(HCI_MON_DEL_INDEX
);
444 if (hdev
->manufacturer
== 0xffff)
450 skb
= bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE
, GFP_ATOMIC
);
454 ii
= skb_put(skb
, HCI_MON_INDEX_INFO_SIZE
);
455 bacpy(&ii
->bdaddr
, &hdev
->bdaddr
);
456 ii
->manufacturer
= cpu_to_le16(hdev
->manufacturer
);
458 opcode
= cpu_to_le16(HCI_MON_INDEX_INFO
);
462 skb
= bt_skb_alloc(0, GFP_ATOMIC
);
466 opcode
= cpu_to_le16(HCI_MON_OPEN_INDEX
);
470 skb
= bt_skb_alloc(0, GFP_ATOMIC
);
474 opcode
= cpu_to_le16(HCI_MON_CLOSE_INDEX
);
481 __net_timestamp(skb
);
483 hdr
= skb_push(skb
, HCI_MON_HDR_SIZE
);
484 hdr
->opcode
= opcode
;
485 hdr
->index
= cpu_to_le16(hdev
->id
);
486 hdr
->len
= cpu_to_le16(skb
->len
- HCI_MON_HDR_SIZE
);
491 static struct sk_buff
*create_monitor_ctrl_open(struct sock
*sk
)
493 struct hci_mon_hdr
*hdr
;
499 /* No message needed when cookie is not present */
500 if (!hci_pi(sk
)->cookie
)
503 switch (hci_pi(sk
)->channel
) {
504 case HCI_CHANNEL_RAW
:
506 ver
[0] = BT_SUBSYS_VERSION
;
507 put_unaligned_le16(BT_SUBSYS_REVISION
, ver
+ 1);
509 case HCI_CHANNEL_USER
:
511 ver
[0] = BT_SUBSYS_VERSION
;
512 put_unaligned_le16(BT_SUBSYS_REVISION
, ver
+ 1);
514 case HCI_CHANNEL_CONTROL
:
516 mgmt_fill_version_info(ver
);
519 /* No message for unsupported format */
523 skb
= bt_skb_alloc(14 + TASK_COMM_LEN
, GFP_ATOMIC
);
527 flags
= hci_sock_test_flag(sk
, HCI_SOCK_TRUSTED
) ? 0x1 : 0x0;
529 put_unaligned_le32(hci_pi(sk
)->cookie
, skb_put(skb
, 4));
530 put_unaligned_le16(format
, skb_put(skb
, 2));
531 skb_put_data(skb
, ver
, sizeof(ver
));
532 put_unaligned_le32(flags
, skb_put(skb
, 4));
533 skb_put_u8(skb
, TASK_COMM_LEN
);
534 skb_put_data(skb
, hci_pi(sk
)->comm
, TASK_COMM_LEN
);
536 __net_timestamp(skb
);
538 hdr
= skb_push(skb
, HCI_MON_HDR_SIZE
);
539 hdr
->opcode
= cpu_to_le16(HCI_MON_CTRL_OPEN
);
540 if (hci_pi(sk
)->hdev
)
541 hdr
->index
= cpu_to_le16(hci_pi(sk
)->hdev
->id
);
543 hdr
->index
= cpu_to_le16(HCI_DEV_NONE
);
544 hdr
->len
= cpu_to_le16(skb
->len
- HCI_MON_HDR_SIZE
);
549 static struct sk_buff
*create_monitor_ctrl_close(struct sock
*sk
)
551 struct hci_mon_hdr
*hdr
;
554 /* No message needed when cookie is not present */
555 if (!hci_pi(sk
)->cookie
)
558 switch (hci_pi(sk
)->channel
) {
559 case HCI_CHANNEL_RAW
:
560 case HCI_CHANNEL_USER
:
561 case HCI_CHANNEL_CONTROL
:
564 /* No message for unsupported format */
568 skb
= bt_skb_alloc(4, GFP_ATOMIC
);
572 put_unaligned_le32(hci_pi(sk
)->cookie
, skb_put(skb
, 4));
574 __net_timestamp(skb
);
576 hdr
= skb_push(skb
, HCI_MON_HDR_SIZE
);
577 hdr
->opcode
= cpu_to_le16(HCI_MON_CTRL_CLOSE
);
578 if (hci_pi(sk
)->hdev
)
579 hdr
->index
= cpu_to_le16(hci_pi(sk
)->hdev
->id
);
581 hdr
->index
= cpu_to_le16(HCI_DEV_NONE
);
582 hdr
->len
= cpu_to_le16(skb
->len
- HCI_MON_HDR_SIZE
);
587 static struct sk_buff
*create_monitor_ctrl_command(struct sock
*sk
, u16 index
,
591 struct hci_mon_hdr
*hdr
;
594 skb
= bt_skb_alloc(6 + len
, GFP_ATOMIC
);
598 put_unaligned_le32(hci_pi(sk
)->cookie
, skb_put(skb
, 4));
599 put_unaligned_le16(opcode
, skb_put(skb
, 2));
602 skb_put_data(skb
, buf
, len
);
604 __net_timestamp(skb
);
606 hdr
= skb_push(skb
, HCI_MON_HDR_SIZE
);
607 hdr
->opcode
= cpu_to_le16(HCI_MON_CTRL_COMMAND
);
608 hdr
->index
= cpu_to_le16(index
);
609 hdr
->len
= cpu_to_le16(skb
->len
- HCI_MON_HDR_SIZE
);
614 static void __printf(2, 3)
615 send_monitor_note(struct sock
*sk
, const char *fmt
, ...)
618 struct hci_mon_hdr
*hdr
;
623 len
= vsnprintf(NULL
, 0, fmt
, args
);
626 skb
= bt_skb_alloc(len
+ 1, GFP_ATOMIC
);
631 vsprintf(skb_put(skb
, len
), fmt
, args
);
632 *(u8
*)skb_put(skb
, 1) = 0;
635 __net_timestamp(skb
);
637 hdr
= (void *)skb_push(skb
, HCI_MON_HDR_SIZE
);
638 hdr
->opcode
= cpu_to_le16(HCI_MON_SYSTEM_NOTE
);
639 hdr
->index
= cpu_to_le16(HCI_DEV_NONE
);
640 hdr
->len
= cpu_to_le16(skb
->len
- HCI_MON_HDR_SIZE
);
642 if (sock_queue_rcv_skb(sk
, skb
))
646 static void send_monitor_replay(struct sock
*sk
)
648 struct hci_dev
*hdev
;
650 read_lock(&hci_dev_list_lock
);
652 list_for_each_entry(hdev
, &hci_dev_list
, list
) {
655 skb
= create_monitor_event(hdev
, HCI_DEV_REG
);
659 if (sock_queue_rcv_skb(sk
, skb
))
662 if (!test_bit(HCI_RUNNING
, &hdev
->flags
))
665 skb
= create_monitor_event(hdev
, HCI_DEV_OPEN
);
669 if (sock_queue_rcv_skb(sk
, skb
))
672 if (test_bit(HCI_UP
, &hdev
->flags
))
673 skb
= create_monitor_event(hdev
, HCI_DEV_UP
);
674 else if (hci_dev_test_flag(hdev
, HCI_SETUP
))
675 skb
= create_monitor_event(hdev
, HCI_DEV_SETUP
);
680 if (sock_queue_rcv_skb(sk
, skb
))
685 read_unlock(&hci_dev_list_lock
);
688 static void send_monitor_control_replay(struct sock
*mon_sk
)
692 read_lock(&hci_sk_list
.lock
);
694 sk_for_each(sk
, &hci_sk_list
.head
) {
697 skb
= create_monitor_ctrl_open(sk
);
701 if (sock_queue_rcv_skb(mon_sk
, skb
))
705 read_unlock(&hci_sk_list
.lock
);
708 /* Generate internal stack event */
709 static void hci_si_event(struct hci_dev
*hdev
, int type
, int dlen
, void *data
)
711 struct hci_event_hdr
*hdr
;
712 struct hci_ev_stack_internal
*ev
;
715 skb
= bt_skb_alloc(HCI_EVENT_HDR_SIZE
+ sizeof(*ev
) + dlen
, GFP_ATOMIC
);
719 hdr
= skb_put(skb
, HCI_EVENT_HDR_SIZE
);
720 hdr
->evt
= HCI_EV_STACK_INTERNAL
;
721 hdr
->plen
= sizeof(*ev
) + dlen
;
723 ev
= skb_put(skb
, sizeof(*ev
) + dlen
);
725 memcpy(ev
->data
, data
, dlen
);
727 bt_cb(skb
)->incoming
= 1;
728 __net_timestamp(skb
);
730 hci_skb_pkt_type(skb
) = HCI_EVENT_PKT
;
731 hci_send_to_sock(hdev
, skb
);
735 void hci_sock_dev_event(struct hci_dev
*hdev
, int event
)
737 BT_DBG("hdev %s event %d", hdev
->name
, event
);
739 if (atomic_read(&monitor_promisc
)) {
742 /* Send event to monitor */
743 skb
= create_monitor_event(hdev
, event
);
745 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
746 HCI_SOCK_TRUSTED
, NULL
);
751 if (event
<= HCI_DEV_DOWN
) {
752 struct hci_ev_si_device ev
;
754 /* Send event to sockets */
756 ev
.dev_id
= hdev
->id
;
757 hci_si_event(NULL
, HCI_EV_SI_DEVICE
, sizeof(ev
), &ev
);
760 if (event
== HCI_DEV_UNREG
) {
763 /* Detach sockets from device */
764 read_lock(&hci_sk_list
.lock
);
765 sk_for_each(sk
, &hci_sk_list
.head
) {
766 bh_lock_sock_nested(sk
);
767 if (hci_pi(sk
)->hdev
== hdev
) {
768 hci_pi(sk
)->hdev
= NULL
;
770 sk
->sk_state
= BT_OPEN
;
771 sk
->sk_state_change(sk
);
777 read_unlock(&hci_sk_list
.lock
);
781 static struct hci_mgmt_chan
*__hci_mgmt_chan_find(unsigned short channel
)
783 struct hci_mgmt_chan
*c
;
785 list_for_each_entry(c
, &mgmt_chan_list
, list
) {
786 if (c
->channel
== channel
)
793 static struct hci_mgmt_chan
*hci_mgmt_chan_find(unsigned short channel
)
795 struct hci_mgmt_chan
*c
;
797 mutex_lock(&mgmt_chan_list_lock
);
798 c
= __hci_mgmt_chan_find(channel
);
799 mutex_unlock(&mgmt_chan_list_lock
);
804 int hci_mgmt_chan_register(struct hci_mgmt_chan
*c
)
806 if (c
->channel
< HCI_CHANNEL_CONTROL
)
809 mutex_lock(&mgmt_chan_list_lock
);
810 if (__hci_mgmt_chan_find(c
->channel
)) {
811 mutex_unlock(&mgmt_chan_list_lock
);
815 list_add_tail(&c
->list
, &mgmt_chan_list
);
817 mutex_unlock(&mgmt_chan_list_lock
);
821 EXPORT_SYMBOL(hci_mgmt_chan_register
);
823 void hci_mgmt_chan_unregister(struct hci_mgmt_chan
*c
)
825 mutex_lock(&mgmt_chan_list_lock
);
827 mutex_unlock(&mgmt_chan_list_lock
);
829 EXPORT_SYMBOL(hci_mgmt_chan_unregister
);
831 static int hci_sock_release(struct socket
*sock
)
833 struct sock
*sk
= sock
->sk
;
834 struct hci_dev
*hdev
;
837 BT_DBG("sock %p sk %p", sock
, sk
);
844 switch (hci_pi(sk
)->channel
) {
845 case HCI_CHANNEL_MONITOR
:
846 atomic_dec(&monitor_promisc
);
848 case HCI_CHANNEL_RAW
:
849 case HCI_CHANNEL_USER
:
850 case HCI_CHANNEL_CONTROL
:
851 /* Send event to monitor */
852 skb
= create_monitor_ctrl_close(sk
);
854 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
855 HCI_SOCK_TRUSTED
, NULL
);
859 hci_sock_free_cookie(sk
);
863 bt_sock_unlink(&hci_sk_list
, sk
);
865 hdev
= hci_pi(sk
)->hdev
;
867 if (hci_pi(sk
)->channel
== HCI_CHANNEL_USER
) {
868 /* When releasing a user channel exclusive access,
869 * call hci_dev_do_close directly instead of calling
870 * hci_dev_close to ensure the exclusive access will
871 * be released and the controller brought back down.
873 * The checking of HCI_AUTO_OFF is not needed in this
874 * case since it will have been cleared already when
875 * opening the user channel.
877 hci_dev_do_close(hdev
);
878 hci_dev_clear_flag(hdev
, HCI_USER_CHANNEL
);
879 mgmt_index_added(hdev
);
882 atomic_dec(&hdev
->promisc
);
888 skb_queue_purge(&sk
->sk_receive_queue
);
889 skb_queue_purge(&sk
->sk_write_queue
);
896 static int hci_sock_blacklist_add(struct hci_dev
*hdev
, void __user
*arg
)
901 if (copy_from_user(&bdaddr
, arg
, sizeof(bdaddr
)))
906 err
= hci_bdaddr_list_add(&hdev
->blacklist
, &bdaddr
, BDADDR_BREDR
);
908 hci_dev_unlock(hdev
);
913 static int hci_sock_blacklist_del(struct hci_dev
*hdev
, void __user
*arg
)
918 if (copy_from_user(&bdaddr
, arg
, sizeof(bdaddr
)))
923 err
= hci_bdaddr_list_del(&hdev
->blacklist
, &bdaddr
, BDADDR_BREDR
);
925 hci_dev_unlock(hdev
);
930 /* Ioctls that require bound socket */
931 static int hci_sock_bound_ioctl(struct sock
*sk
, unsigned int cmd
,
934 struct hci_dev
*hdev
= hci_pi(sk
)->hdev
;
939 if (hci_dev_test_flag(hdev
, HCI_USER_CHANNEL
))
942 if (hci_dev_test_flag(hdev
, HCI_UNCONFIGURED
))
945 if (hdev
->dev_type
!= HCI_PRIMARY
)
950 if (!capable(CAP_NET_ADMIN
))
955 return hci_get_conn_info(hdev
, (void __user
*)arg
);
958 return hci_get_auth_info(hdev
, (void __user
*)arg
);
961 if (!capable(CAP_NET_ADMIN
))
963 return hci_sock_blacklist_add(hdev
, (void __user
*)arg
);
966 if (!capable(CAP_NET_ADMIN
))
968 return hci_sock_blacklist_del(hdev
, (void __user
*)arg
);
974 static int hci_sock_ioctl(struct socket
*sock
, unsigned int cmd
,
977 void __user
*argp
= (void __user
*)arg
;
978 struct sock
*sk
= sock
->sk
;
981 BT_DBG("cmd %x arg %lx", cmd
, arg
);
985 if (hci_pi(sk
)->channel
!= HCI_CHANNEL_RAW
) {
990 /* When calling an ioctl on an unbound raw socket, then ensure
991 * that the monitor gets informed. Ensure that the resulting event
992 * is only send once by checking if the cookie exists or not. The
993 * socket cookie will be only ever generated once for the lifetime
996 if (hci_sock_gen_cookie(sk
)) {
999 if (capable(CAP_NET_ADMIN
))
1000 hci_sock_set_flag(sk
, HCI_SOCK_TRUSTED
);
1002 /* Send event to monitor */
1003 skb
= create_monitor_ctrl_open(sk
);
1005 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1006 HCI_SOCK_TRUSTED
, NULL
);
1015 return hci_get_dev_list(argp
);
1018 return hci_get_dev_info(argp
);
1020 case HCIGETCONNLIST
:
1021 return hci_get_conn_list(argp
);
1024 if (!capable(CAP_NET_ADMIN
))
1026 return hci_dev_open(arg
);
1029 if (!capable(CAP_NET_ADMIN
))
1031 return hci_dev_close(arg
);
1034 if (!capable(CAP_NET_ADMIN
))
1036 return hci_dev_reset(arg
);
1039 if (!capable(CAP_NET_ADMIN
))
1041 return hci_dev_reset_stat(arg
);
1048 case HCISETLINKMODE
:
1051 if (!capable(CAP_NET_ADMIN
))
1053 return hci_dev_cmd(cmd
, argp
);
1056 return hci_inquiry(argp
);
1061 err
= hci_sock_bound_ioctl(sk
, cmd
, arg
);
1068 #ifdef CONFIG_COMPAT
1069 static int hci_sock_compat_ioctl(struct socket
*sock
, unsigned int cmd
,
1077 return hci_sock_ioctl(sock
, cmd
, arg
);
1080 return hci_sock_ioctl(sock
, cmd
, (unsigned long)compat_ptr(arg
));
1084 static int hci_sock_bind(struct socket
*sock
, struct sockaddr
*addr
,
1087 struct sockaddr_hci haddr
;
1088 struct sock
*sk
= sock
->sk
;
1089 struct hci_dev
*hdev
= NULL
;
1090 struct sk_buff
*skb
;
1093 BT_DBG("sock %p sk %p", sock
, sk
);
1098 memset(&haddr
, 0, sizeof(haddr
));
1099 len
= min_t(unsigned int, sizeof(haddr
), addr_len
);
1100 memcpy(&haddr
, addr
, len
);
1102 if (haddr
.hci_family
!= AF_BLUETOOTH
)
1107 if (sk
->sk_state
== BT_BOUND
) {
1112 switch (haddr
.hci_channel
) {
1113 case HCI_CHANNEL_RAW
:
1114 if (hci_pi(sk
)->hdev
) {
1119 if (haddr
.hci_dev
!= HCI_DEV_NONE
) {
1120 hdev
= hci_dev_get(haddr
.hci_dev
);
1126 atomic_inc(&hdev
->promisc
);
1129 hci_pi(sk
)->channel
= haddr
.hci_channel
;
1131 if (!hci_sock_gen_cookie(sk
)) {
1132 /* In the case when a cookie has already been assigned,
1133 * then there has been already an ioctl issued against
1134 * an unbound socket and with that triggerd an open
1135 * notification. Send a close notification first to
1136 * allow the state transition to bounded.
1138 skb
= create_monitor_ctrl_close(sk
);
1140 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1141 HCI_SOCK_TRUSTED
, NULL
);
1146 if (capable(CAP_NET_ADMIN
))
1147 hci_sock_set_flag(sk
, HCI_SOCK_TRUSTED
);
1149 hci_pi(sk
)->hdev
= hdev
;
1151 /* Send event to monitor */
1152 skb
= create_monitor_ctrl_open(sk
);
1154 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1155 HCI_SOCK_TRUSTED
, NULL
);
1160 case HCI_CHANNEL_USER
:
1161 if (hci_pi(sk
)->hdev
) {
1166 if (haddr
.hci_dev
== HCI_DEV_NONE
) {
1171 if (!capable(CAP_NET_ADMIN
)) {
1176 hdev
= hci_dev_get(haddr
.hci_dev
);
1182 if (test_bit(HCI_INIT
, &hdev
->flags
) ||
1183 hci_dev_test_flag(hdev
, HCI_SETUP
) ||
1184 hci_dev_test_flag(hdev
, HCI_CONFIG
) ||
1185 (!hci_dev_test_flag(hdev
, HCI_AUTO_OFF
) &&
1186 test_bit(HCI_UP
, &hdev
->flags
))) {
1192 if (hci_dev_test_and_set_flag(hdev
, HCI_USER_CHANNEL
)) {
1198 mgmt_index_removed(hdev
);
1200 err
= hci_dev_open(hdev
->id
);
1202 if (err
== -EALREADY
) {
1203 /* In case the transport is already up and
1204 * running, clear the error here.
1206 * This can happen when opening a user
1207 * channel and HCI_AUTO_OFF grace period
1212 hci_dev_clear_flag(hdev
, HCI_USER_CHANNEL
);
1213 mgmt_index_added(hdev
);
1219 hci_pi(sk
)->channel
= haddr
.hci_channel
;
1221 if (!hci_sock_gen_cookie(sk
)) {
1222 /* In the case when a cookie has already been assigned,
1223 * this socket will transition from a raw socket into
1224 * a user channel socket. For a clean transition, send
1225 * the close notification first.
1227 skb
= create_monitor_ctrl_close(sk
);
1229 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1230 HCI_SOCK_TRUSTED
, NULL
);
1235 /* The user channel is restricted to CAP_NET_ADMIN
1236 * capabilities and with that implicitly trusted.
1238 hci_sock_set_flag(sk
, HCI_SOCK_TRUSTED
);
1240 hci_pi(sk
)->hdev
= hdev
;
1242 /* Send event to monitor */
1243 skb
= create_monitor_ctrl_open(sk
);
1245 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1246 HCI_SOCK_TRUSTED
, NULL
);
1250 atomic_inc(&hdev
->promisc
);
1253 case HCI_CHANNEL_MONITOR
:
1254 if (haddr
.hci_dev
!= HCI_DEV_NONE
) {
1259 if (!capable(CAP_NET_RAW
)) {
1264 hci_pi(sk
)->channel
= haddr
.hci_channel
;
1266 /* The monitor interface is restricted to CAP_NET_RAW
1267 * capabilities and with that implicitly trusted.
1269 hci_sock_set_flag(sk
, HCI_SOCK_TRUSTED
);
1271 send_monitor_note(sk
, "Linux version %s (%s)",
1272 init_utsname()->release
,
1273 init_utsname()->machine
);
1274 send_monitor_note(sk
, "Bluetooth subsystem version %u.%u",
1275 BT_SUBSYS_VERSION
, BT_SUBSYS_REVISION
);
1276 send_monitor_replay(sk
);
1277 send_monitor_control_replay(sk
);
1279 atomic_inc(&monitor_promisc
);
1282 case HCI_CHANNEL_LOGGING
:
1283 if (haddr
.hci_dev
!= HCI_DEV_NONE
) {
1288 if (!capable(CAP_NET_ADMIN
)) {
1293 hci_pi(sk
)->channel
= haddr
.hci_channel
;
1297 if (!hci_mgmt_chan_find(haddr
.hci_channel
)) {
1302 if (haddr
.hci_dev
!= HCI_DEV_NONE
) {
1307 /* Users with CAP_NET_ADMIN capabilities are allowed
1308 * access to all management commands and events. For
1309 * untrusted users the interface is restricted and
1310 * also only untrusted events are sent.
1312 if (capable(CAP_NET_ADMIN
))
1313 hci_sock_set_flag(sk
, HCI_SOCK_TRUSTED
);
1315 hci_pi(sk
)->channel
= haddr
.hci_channel
;
1317 /* At the moment the index and unconfigured index events
1318 * are enabled unconditionally. Setting them on each
1319 * socket when binding keeps this functionality. They
1320 * however might be cleared later and then sending of these
1321 * events will be disabled, but that is then intentional.
1323 * This also enables generic events that are safe to be
1324 * received by untrusted users. Example for such events
1325 * are changes to settings, class of device, name etc.
1327 if (hci_pi(sk
)->channel
== HCI_CHANNEL_CONTROL
) {
1328 if (!hci_sock_gen_cookie(sk
)) {
1329 /* In the case when a cookie has already been
1330 * assigned, this socket will transtion from
1331 * a raw socket into a control socket. To
1332 * allow for a clean transtion, send the
1333 * close notification first.
1335 skb
= create_monitor_ctrl_close(sk
);
1337 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1338 HCI_SOCK_TRUSTED
, NULL
);
1343 /* Send event to monitor */
1344 skb
= create_monitor_ctrl_open(sk
);
1346 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1347 HCI_SOCK_TRUSTED
, NULL
);
1351 hci_sock_set_flag(sk
, HCI_MGMT_INDEX_EVENTS
);
1352 hci_sock_set_flag(sk
, HCI_MGMT_UNCONF_INDEX_EVENTS
);
1353 hci_sock_set_flag(sk
, HCI_MGMT_OPTION_EVENTS
);
1354 hci_sock_set_flag(sk
, HCI_MGMT_SETTING_EVENTS
);
1355 hci_sock_set_flag(sk
, HCI_MGMT_DEV_CLASS_EVENTS
);
1356 hci_sock_set_flag(sk
, HCI_MGMT_LOCAL_NAME_EVENTS
);
1361 sk
->sk_state
= BT_BOUND
;
1368 static int hci_sock_getname(struct socket
*sock
, struct sockaddr
*addr
,
1371 struct sockaddr_hci
*haddr
= (struct sockaddr_hci
*)addr
;
1372 struct sock
*sk
= sock
->sk
;
1373 struct hci_dev
*hdev
;
1376 BT_DBG("sock %p sk %p", sock
, sk
);
1383 hdev
= hci_pi(sk
)->hdev
;
1389 haddr
->hci_family
= AF_BLUETOOTH
;
1390 haddr
->hci_dev
= hdev
->id
;
1391 haddr
->hci_channel
= hci_pi(sk
)->channel
;
1392 err
= sizeof(*haddr
);
1399 static void hci_sock_cmsg(struct sock
*sk
, struct msghdr
*msg
,
1400 struct sk_buff
*skb
)
1402 __u32 mask
= hci_pi(sk
)->cmsg_mask
;
1404 if (mask
& HCI_CMSG_DIR
) {
1405 int incoming
= bt_cb(skb
)->incoming
;
1406 put_cmsg(msg
, SOL_HCI
, HCI_CMSG_DIR
, sizeof(incoming
),
1410 if (mask
& HCI_CMSG_TSTAMP
) {
1411 #ifdef CONFIG_COMPAT
1412 struct old_timeval32 ctv
;
1414 struct __kernel_old_timeval tv
;
1418 skb_get_timestamp(skb
, &tv
);
1422 #ifdef CONFIG_COMPAT
1423 if (!COMPAT_USE_64BIT_TIME
&&
1424 (msg
->msg_flags
& MSG_CMSG_COMPAT
)) {
1425 ctv
.tv_sec
= tv
.tv_sec
;
1426 ctv
.tv_usec
= tv
.tv_usec
;
1432 put_cmsg(msg
, SOL_HCI
, HCI_CMSG_TSTAMP
, len
, data
);
1436 static int hci_sock_recvmsg(struct socket
*sock
, struct msghdr
*msg
,
1437 size_t len
, int flags
)
1439 int noblock
= flags
& MSG_DONTWAIT
;
1440 struct sock
*sk
= sock
->sk
;
1441 struct sk_buff
*skb
;
1443 unsigned int skblen
;
1445 BT_DBG("sock %p, sk %p", sock
, sk
);
1447 if (flags
& MSG_OOB
)
1450 if (hci_pi(sk
)->channel
== HCI_CHANNEL_LOGGING
)
1453 if (sk
->sk_state
== BT_CLOSED
)
1456 skb
= skb_recv_datagram(sk
, flags
, noblock
, &err
);
1463 msg
->msg_flags
|= MSG_TRUNC
;
1467 skb_reset_transport_header(skb
);
1468 err
= skb_copy_datagram_msg(skb
, 0, msg
, copied
);
1470 switch (hci_pi(sk
)->channel
) {
1471 case HCI_CHANNEL_RAW
:
1472 hci_sock_cmsg(sk
, msg
, skb
);
1474 case HCI_CHANNEL_USER
:
1475 case HCI_CHANNEL_MONITOR
:
1476 sock_recv_timestamp(msg
, sk
, skb
);
1479 if (hci_mgmt_chan_find(hci_pi(sk
)->channel
))
1480 sock_recv_timestamp(msg
, sk
, skb
);
1484 skb_free_datagram(sk
, skb
);
1486 if (flags
& MSG_TRUNC
)
1489 return err
? : copied
;
1492 static int hci_mgmt_cmd(struct hci_mgmt_chan
*chan
, struct sock
*sk
,
1493 struct msghdr
*msg
, size_t msglen
)
1497 struct mgmt_hdr
*hdr
;
1498 u16 opcode
, index
, len
;
1499 struct hci_dev
*hdev
= NULL
;
1500 const struct hci_mgmt_handler
*handler
;
1501 bool var_len
, no_hdev
;
1504 BT_DBG("got %zu bytes", msglen
);
1506 if (msglen
< sizeof(*hdr
))
1509 buf
= kmalloc(msglen
, GFP_KERNEL
);
1513 if (memcpy_from_msg(buf
, msg
, msglen
)) {
1519 opcode
= __le16_to_cpu(hdr
->opcode
);
1520 index
= __le16_to_cpu(hdr
->index
);
1521 len
= __le16_to_cpu(hdr
->len
);
1523 if (len
!= msglen
- sizeof(*hdr
)) {
1528 if (chan
->channel
== HCI_CHANNEL_CONTROL
) {
1529 struct sk_buff
*skb
;
1531 /* Send event to monitor */
1532 skb
= create_monitor_ctrl_command(sk
, index
, opcode
, len
,
1533 buf
+ sizeof(*hdr
));
1535 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
,
1536 HCI_SOCK_TRUSTED
, NULL
);
1541 if (opcode
>= chan
->handler_count
||
1542 chan
->handlers
[opcode
].func
== NULL
) {
1543 BT_DBG("Unknown op %u", opcode
);
1544 err
= mgmt_cmd_status(sk
, index
, opcode
,
1545 MGMT_STATUS_UNKNOWN_COMMAND
);
1549 handler
= &chan
->handlers
[opcode
];
1551 if (!hci_sock_test_flag(sk
, HCI_SOCK_TRUSTED
) &&
1552 !(handler
->flags
& HCI_MGMT_UNTRUSTED
)) {
1553 err
= mgmt_cmd_status(sk
, index
, opcode
,
1554 MGMT_STATUS_PERMISSION_DENIED
);
1558 if (index
!= MGMT_INDEX_NONE
) {
1559 hdev
= hci_dev_get(index
);
1561 err
= mgmt_cmd_status(sk
, index
, opcode
,
1562 MGMT_STATUS_INVALID_INDEX
);
1566 if (hci_dev_test_flag(hdev
, HCI_SETUP
) ||
1567 hci_dev_test_flag(hdev
, HCI_CONFIG
) ||
1568 hci_dev_test_flag(hdev
, HCI_USER_CHANNEL
)) {
1569 err
= mgmt_cmd_status(sk
, index
, opcode
,
1570 MGMT_STATUS_INVALID_INDEX
);
1574 if (hci_dev_test_flag(hdev
, HCI_UNCONFIGURED
) &&
1575 !(handler
->flags
& HCI_MGMT_UNCONFIGURED
)) {
1576 err
= mgmt_cmd_status(sk
, index
, opcode
,
1577 MGMT_STATUS_INVALID_INDEX
);
1582 no_hdev
= (handler
->flags
& HCI_MGMT_NO_HDEV
);
1583 if (no_hdev
!= !hdev
) {
1584 err
= mgmt_cmd_status(sk
, index
, opcode
,
1585 MGMT_STATUS_INVALID_INDEX
);
1589 var_len
= (handler
->flags
& HCI_MGMT_VAR_LEN
);
1590 if ((var_len
&& len
< handler
->data_len
) ||
1591 (!var_len
&& len
!= handler
->data_len
)) {
1592 err
= mgmt_cmd_status(sk
, index
, opcode
,
1593 MGMT_STATUS_INVALID_PARAMS
);
1597 if (hdev
&& chan
->hdev_init
)
1598 chan
->hdev_init(sk
, hdev
);
1600 cp
= buf
+ sizeof(*hdr
);
1602 err
= handler
->func(sk
, hdev
, cp
, len
);
1616 static int hci_logging_frame(struct sock
*sk
, struct msghdr
*msg
, int len
)
1618 struct hci_mon_hdr
*hdr
;
1619 struct sk_buff
*skb
;
1620 struct hci_dev
*hdev
;
1624 /* The logging frame consists at minimum of the standard header,
1625 * the priority byte, the ident length byte and at least one string
1626 * terminator NUL byte. Anything shorter are invalid packets.
1628 if (len
< sizeof(*hdr
) + 3)
1631 skb
= bt_skb_send_alloc(sk
, len
, msg
->msg_flags
& MSG_DONTWAIT
, &err
);
1635 if (memcpy_from_msg(skb_put(skb
, len
), msg
, len
)) {
1640 hdr
= (void *)skb
->data
;
1642 if (__le16_to_cpu(hdr
->len
) != len
- sizeof(*hdr
)) {
1647 if (__le16_to_cpu(hdr
->opcode
) == 0x0000) {
1648 __u8 priority
= skb
->data
[sizeof(*hdr
)];
1649 __u8 ident_len
= skb
->data
[sizeof(*hdr
) + 1];
1651 /* Only the priorities 0-7 are valid and with that any other
1652 * value results in an invalid packet.
1654 * The priority byte is followed by an ident length byte and
1655 * the NUL terminated ident string. Check that the ident
1656 * length is not overflowing the packet and also that the
1657 * ident string itself is NUL terminated. In case the ident
1658 * length is zero, the length value actually doubles as NUL
1659 * terminator identifier.
1661 * The message follows the ident string (if present) and
1662 * must be NUL terminated. Otherwise it is not a valid packet.
1664 if (priority
> 7 || skb
->data
[len
- 1] != 0x00 ||
1665 ident_len
> len
- sizeof(*hdr
) - 3 ||
1666 skb
->data
[sizeof(*hdr
) + ident_len
+ 1] != 0x00) {
1675 index
= __le16_to_cpu(hdr
->index
);
1677 if (index
!= MGMT_INDEX_NONE
) {
1678 hdev
= hci_dev_get(index
);
1687 hdr
->opcode
= cpu_to_le16(HCI_MON_USER_LOGGING
);
1689 hci_send_to_channel(HCI_CHANNEL_MONITOR
, skb
, HCI_SOCK_TRUSTED
, NULL
);
1700 static int hci_sock_sendmsg(struct socket
*sock
, struct msghdr
*msg
,
1703 struct sock
*sk
= sock
->sk
;
1704 struct hci_mgmt_chan
*chan
;
1705 struct hci_dev
*hdev
;
1706 struct sk_buff
*skb
;
1709 BT_DBG("sock %p sk %p", sock
, sk
);
1711 if (msg
->msg_flags
& MSG_OOB
)
1714 if (msg
->msg_flags
& ~(MSG_DONTWAIT
|MSG_NOSIGNAL
|MSG_ERRQUEUE
|
1718 if (len
< 4 || len
> HCI_MAX_FRAME_SIZE
)
1723 switch (hci_pi(sk
)->channel
) {
1724 case HCI_CHANNEL_RAW
:
1725 case HCI_CHANNEL_USER
:
1727 case HCI_CHANNEL_MONITOR
:
1730 case HCI_CHANNEL_LOGGING
:
1731 err
= hci_logging_frame(sk
, msg
, len
);
1734 mutex_lock(&mgmt_chan_list_lock
);
1735 chan
= __hci_mgmt_chan_find(hci_pi(sk
)->channel
);
1737 err
= hci_mgmt_cmd(chan
, sk
, msg
, len
);
1741 mutex_unlock(&mgmt_chan_list_lock
);
1745 hdev
= hci_pi(sk
)->hdev
;
1751 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1756 skb
= bt_skb_send_alloc(sk
, len
, msg
->msg_flags
& MSG_DONTWAIT
, &err
);
1760 if (memcpy_from_msg(skb_put(skb
, len
), msg
, len
)) {
1765 hci_skb_pkt_type(skb
) = skb
->data
[0];
1768 if (hci_pi(sk
)->channel
== HCI_CHANNEL_USER
) {
1769 /* No permission check is needed for user channel
1770 * since that gets enforced when binding the socket.
1772 * However check that the packet type is valid.
1774 if (hci_skb_pkt_type(skb
) != HCI_COMMAND_PKT
&&
1775 hci_skb_pkt_type(skb
) != HCI_ACLDATA_PKT
&&
1776 hci_skb_pkt_type(skb
) != HCI_SCODATA_PKT
&&
1777 hci_skb_pkt_type(skb
) != HCI_ISODATA_PKT
) {
1782 skb_queue_tail(&hdev
->raw_q
, skb
);
1783 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
1784 } else if (hci_skb_pkt_type(skb
) == HCI_COMMAND_PKT
) {
1785 u16 opcode
= get_unaligned_le16(skb
->data
);
1786 u16 ogf
= hci_opcode_ogf(opcode
);
1787 u16 ocf
= hci_opcode_ocf(opcode
);
1789 if (((ogf
> HCI_SFLT_MAX_OGF
) ||
1790 !hci_test_bit(ocf
& HCI_FLT_OCF_BITS
,
1791 &hci_sec_filter
.ocf_mask
[ogf
])) &&
1792 !capable(CAP_NET_RAW
)) {
1797 /* Since the opcode has already been extracted here, store
1798 * a copy of the value for later use by the drivers.
1800 hci_skb_opcode(skb
) = opcode
;
1803 skb_queue_tail(&hdev
->raw_q
, skb
);
1804 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
1806 /* Stand-alone HCI commands must be flagged as
1807 * single-command requests.
1809 bt_cb(skb
)->hci
.req_flags
|= HCI_REQ_START
;
1811 skb_queue_tail(&hdev
->cmd_q
, skb
);
1812 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
1815 if (!capable(CAP_NET_RAW
)) {
1820 if (hci_skb_pkt_type(skb
) != HCI_ACLDATA_PKT
&&
1821 hci_skb_pkt_type(skb
) != HCI_SCODATA_PKT
&&
1822 hci_skb_pkt_type(skb
) != HCI_ISODATA_PKT
) {
1827 skb_queue_tail(&hdev
->raw_q
, skb
);
1828 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
1842 static int hci_sock_setsockopt(struct socket
*sock
, int level
, int optname
,
1843 char __user
*optval
, unsigned int len
)
1845 struct hci_ufilter uf
= { .opcode
= 0 };
1846 struct sock
*sk
= sock
->sk
;
1847 int err
= 0, opt
= 0;
1849 BT_DBG("sk %p, opt %d", sk
, optname
);
1851 if (level
!= SOL_HCI
)
1852 return -ENOPROTOOPT
;
1856 if (hci_pi(sk
)->channel
!= HCI_CHANNEL_RAW
) {
1863 if (get_user(opt
, (int __user
*)optval
)) {
1869 hci_pi(sk
)->cmsg_mask
|= HCI_CMSG_DIR
;
1871 hci_pi(sk
)->cmsg_mask
&= ~HCI_CMSG_DIR
;
1874 case HCI_TIME_STAMP
:
1875 if (get_user(opt
, (int __user
*)optval
)) {
1881 hci_pi(sk
)->cmsg_mask
|= HCI_CMSG_TSTAMP
;
1883 hci_pi(sk
)->cmsg_mask
&= ~HCI_CMSG_TSTAMP
;
1888 struct hci_filter
*f
= &hci_pi(sk
)->filter
;
1890 uf
.type_mask
= f
->type_mask
;
1891 uf
.opcode
= f
->opcode
;
1892 uf
.event_mask
[0] = *((u32
*) f
->event_mask
+ 0);
1893 uf
.event_mask
[1] = *((u32
*) f
->event_mask
+ 1);
1896 len
= min_t(unsigned int, len
, sizeof(uf
));
1897 if (copy_from_user(&uf
, optval
, len
)) {
1902 if (!capable(CAP_NET_RAW
)) {
1903 uf
.type_mask
&= hci_sec_filter
.type_mask
;
1904 uf
.event_mask
[0] &= *((u32
*) hci_sec_filter
.event_mask
+ 0);
1905 uf
.event_mask
[1] &= *((u32
*) hci_sec_filter
.event_mask
+ 1);
1909 struct hci_filter
*f
= &hci_pi(sk
)->filter
;
1911 f
->type_mask
= uf
.type_mask
;
1912 f
->opcode
= uf
.opcode
;
1913 *((u32
*) f
->event_mask
+ 0) = uf
.event_mask
[0];
1914 *((u32
*) f
->event_mask
+ 1) = uf
.event_mask
[1];
1928 static int hci_sock_getsockopt(struct socket
*sock
, int level
, int optname
,
1929 char __user
*optval
, int __user
*optlen
)
1931 struct hci_ufilter uf
;
1932 struct sock
*sk
= sock
->sk
;
1933 int len
, opt
, err
= 0;
1935 BT_DBG("sk %p, opt %d", sk
, optname
);
1937 if (level
!= SOL_HCI
)
1938 return -ENOPROTOOPT
;
1940 if (get_user(len
, optlen
))
1945 if (hci_pi(sk
)->channel
!= HCI_CHANNEL_RAW
) {
1952 if (hci_pi(sk
)->cmsg_mask
& HCI_CMSG_DIR
)
1957 if (put_user(opt
, optval
))
1961 case HCI_TIME_STAMP
:
1962 if (hci_pi(sk
)->cmsg_mask
& HCI_CMSG_TSTAMP
)
1967 if (put_user(opt
, optval
))
1973 struct hci_filter
*f
= &hci_pi(sk
)->filter
;
1975 memset(&uf
, 0, sizeof(uf
));
1976 uf
.type_mask
= f
->type_mask
;
1977 uf
.opcode
= f
->opcode
;
1978 uf
.event_mask
[0] = *((u32
*) f
->event_mask
+ 0);
1979 uf
.event_mask
[1] = *((u32
*) f
->event_mask
+ 1);
1982 len
= min_t(unsigned int, len
, sizeof(uf
));
1983 if (copy_to_user(optval
, &uf
, len
))
1997 static const struct proto_ops hci_sock_ops
= {
1998 .family
= PF_BLUETOOTH
,
1999 .owner
= THIS_MODULE
,
2000 .release
= hci_sock_release
,
2001 .bind
= hci_sock_bind
,
2002 .getname
= hci_sock_getname
,
2003 .sendmsg
= hci_sock_sendmsg
,
2004 .recvmsg
= hci_sock_recvmsg
,
2005 .ioctl
= hci_sock_ioctl
,
2006 #ifdef CONFIG_COMPAT
2007 .compat_ioctl
= hci_sock_compat_ioctl
,
2009 .poll
= datagram_poll
,
2010 .listen
= sock_no_listen
,
2011 .shutdown
= sock_no_shutdown
,
2012 .setsockopt
= hci_sock_setsockopt
,
2013 .getsockopt
= hci_sock_getsockopt
,
2014 .connect
= sock_no_connect
,
2015 .socketpair
= sock_no_socketpair
,
2016 .accept
= sock_no_accept
,
2017 .mmap
= sock_no_mmap
2020 static struct proto hci_sk_proto
= {
2022 .owner
= THIS_MODULE
,
2023 .obj_size
= sizeof(struct hci_pinfo
)
2026 static int hci_sock_create(struct net
*net
, struct socket
*sock
, int protocol
,
2031 BT_DBG("sock %p", sock
);
2033 if (sock
->type
!= SOCK_RAW
)
2034 return -ESOCKTNOSUPPORT
;
2036 sock
->ops
= &hci_sock_ops
;
2038 sk
= sk_alloc(net
, PF_BLUETOOTH
, GFP_ATOMIC
, &hci_sk_proto
, kern
);
2042 sock_init_data(sock
, sk
);
2044 sock_reset_flag(sk
, SOCK_ZAPPED
);
2046 sk
->sk_protocol
= protocol
;
2048 sock
->state
= SS_UNCONNECTED
;
2049 sk
->sk_state
= BT_OPEN
;
2051 bt_sock_link(&hci_sk_list
, sk
);
2055 static const struct net_proto_family hci_sock_family_ops
= {
2056 .family
= PF_BLUETOOTH
,
2057 .owner
= THIS_MODULE
,
2058 .create
= hci_sock_create
,
2061 int __init
hci_sock_init(void)
2065 BUILD_BUG_ON(sizeof(struct sockaddr_hci
) > sizeof(struct sockaddr
));
2067 err
= proto_register(&hci_sk_proto
, 0);
2071 err
= bt_sock_register(BTPROTO_HCI
, &hci_sock_family_ops
);
2073 BT_ERR("HCI socket registration failed");
2077 err
= bt_procfs_init(&init_net
, "hci", &hci_sk_list
, NULL
);
2079 BT_ERR("Failed to create HCI proc file");
2080 bt_sock_unregister(BTPROTO_HCI
);
2084 BT_INFO("HCI socket layer initialized");
2089 proto_unregister(&hci_sk_proto
);
2093 void hci_sock_cleanup(void)
2095 bt_procfs_cleanup(&init_net
, "hci");
2096 bt_sock_unregister(BTPROTO_HCI
);
2097 proto_unregister(&hci_sk_proto
);