[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hci_sock.c

/* 
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI sockets. */

#include <linux/config.h>
#include <linux/module.h>

#include <linux/types.h>
#include <linux/capability.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/workqueue.h>
#include <linux/interrupt.h>
#include <linux/socket.h>
#include <linux/ioctl.h>
#include <net/sock.h>

#include <asm/system.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

#ifndef CONFIG_BT_HCI_SOCK_DEBUG
#undef  BT_DBG
#define BT_DBG(D...)
#endif

/* ----- HCI socket interface ----- */

static inline int hci_test_bit(int nr, void *addr)
{
	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
}

/* Security filter */
static struct hci_sec_filter hci_sec_filter = {
	/* Packet types */
	0x10,
	/* Events */
	{ 0x1000d9fe, 0x0000b00c },
	/* Commands */
	{
		{ 0x0 },
		/* OGF_LINK_CTL */
		{ 0xbe000006, 0x00000001, 0x000000, 0x00 },
		/* OGF_LINK_POLICY */
		{ 0x00005200, 0x00000000, 0x000000, 0x00 },
		/* OGF_HOST_CTL */
		{ 0xaab00200, 0x2b402aaa, 0x020154, 0x00 },
		/* OGF_INFO_PARAM */
		{ 0x000002be, 0x00000000, 0x000000, 0x00 },
		/* OGF_STATUS_PARAM */
		{ 0x000000ea, 0x00000000, 0x000000, 0x00 }
	}
};

static struct bt_sock_list hci_sk_list = {
	.lock = RW_LOCK_UNLOCKED
};

/* Send frame to RAW socket */
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
{
	struct sock *sk;
	struct hlist_node *node;

	BT_DBG("hdev %p len %d", hdev, skb->len);

	read_lock(&hci_sk_list.lock);
	sk_for_each(sk, node, &hci_sk_list.head) {
		struct hci_filter *flt;
		struct sk_buff *nskb;

		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
			continue;

		/* Don't send frame to the socket it came from */
		if (skb->sk == sk)
			continue;

		/* Apply filter */
		flt = &hci_pi(sk)->filter;

		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
			continue;

		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);

			if (!hci_test_bit(evt, &flt->event_mask))
				continue;

			if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE && 
					flt->opcode != *(__u16 *)(skb->data + 3)) ||
					(evt == HCI_EV_CMD_STATUS && 
					flt->opcode != *(__u16 *)(skb->data + 4))))
				continue;
		}

		if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
			continue;

		/* Put type byte before the data */
		memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);

		if (sock_queue_rcv_skb(sk, nskb))
			kfree_skb(nskb);
	}
	read_unlock(&hci_sk_list.lock);
}

static int hci_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!sk)
		return 0;

	hdev = hci_pi(sk)->hdev;

	bt_sock_unlink(&hci_sk_list, sk);

	if (hdev) {
		atomic_dec(&hdev->promisc);
		hci_dev_put(hdev);
	}

	sock_orphan(sk);

	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);

	sock_put(sk);
	return 0;
}

/* Ioctls that require bound socket */ 
static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
{
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	if (!hdev)
		return -EBADFD;

	switch (cmd) {
	case HCISETRAW:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;

		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
			return -EPERM;

		if (arg)
			set_bit(HCI_RAW, &hdev->flags);
		else
			clear_bit(HCI_RAW, &hdev->flags);

		return 0;

	case HCISETSECMGR:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;

		if (arg)
			set_bit(HCI_SECMGR, &hdev->flags);
		else
			clear_bit(HCI_SECMGR, &hdev->flags);

		return 0;

	case HCIGETCONNINFO:
		return hci_get_conn_info(hdev, (void __user *)arg);

	default:
		if (hdev->ioctl)
			return hdev->ioctl(hdev, cmd, arg);
		return -EINVAL;
	}
}

static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
{
	struct sock *sk = sock->sk;
	void __user *argp = (void __user *)arg;
	int err;

	BT_DBG("cmd %x arg %lx", cmd, arg);

	switch (cmd) {
	case HCIGETDEVLIST:
		return hci_get_dev_list(argp);

	case HCIGETDEVINFO:
		return hci_get_dev_info(argp);

	case HCIGETCONNLIST:
		return hci_get_conn_list(argp);

	case HCIDEVUP:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_open(arg);

	case HCIDEVDOWN:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_close(arg);

	case HCIDEVRESET:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset(arg);

	case HCIDEVRESTAT:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset_stat(arg);

	case HCISETSCAN:
	case HCISETAUTH:
	case HCISETENCRYPT:
	case HCISETPTYPE:
	case HCISETLINKPOL:
	case HCISETLINKMODE:
	case HCISETACLMTU:
	case HCISETSCOMTU:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_cmd(cmd, argp);

	case HCIINQUIRY:
		return hci_inquiry(argp);

	default:
		lock_sock(sk);
		err = hci_sock_bound_ioctl(sk, cmd, arg);
		release_sock(sk);
		return err;
	}
}

static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = NULL;
	int err = 0;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!haddr || haddr->hci_family != AF_BLUETOOTH)
		return -EINVAL;

	lock_sock(sk);

	if (hci_pi(sk)->hdev) {
		err = -EALREADY;
		goto done;
	}

	if (haddr->hci_dev != HCI_DEV_NONE) {
		if (!(hdev = hci_dev_get(haddr->hci_dev))) {
			err = -ENODEV;
			goto done;
		}

		atomic_inc(&hdev->promisc);
	}

	hci_pi(sk)->hdev = hdev;
	sk->sk_state = BT_BOUND;

done:
	release_sock(sk);
	return err;
}

static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!hdev)
		return -EBADFD;

	lock_sock(sk);

	*addr_len = sizeof(*haddr);
	haddr->hci_family = AF_BLUETOOTH;
	haddr->hci_dev    = hdev->id;

	release_sock(sk);
	return 0;
}

static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
{
	__u32 mask = hci_pi(sk)->cmsg_mask;

	if (mask & HCI_CMSG_DIR) {
		int incoming = bt_cb(skb)->incoming;
		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	}

	if (mask & HCI_CMSG_TSTAMP) {
		struct timeval tv;

		skb_get_timestamp(skb, &tv);
		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(tv), &tv);
	}
}
 
static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 
				struct msghdr *msg, size_t len, int flags)
{
	int noblock = flags & MSG_DONTWAIT;
	struct sock *sk = sock->sk;
	struct sk_buff *skb;
	int copied, err;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (flags & (MSG_OOB))
		return -EOPNOTSUPP;

	if (sk->sk_state == BT_CLOSED)
		return 0;

	if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
		return err;

	msg->msg_namelen = 0;

	copied = skb->len;
	if (len < copied) {
		msg->msg_flags |= MSG_TRUNC;
		copied = len;
	}

	skb->h.raw = skb->data;
	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);

	hci_sock_cmsg(sk, msg, skb);

	skb_free_datagram(sk, skb);

	return err ? : copied;
}

static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 
			    struct msghdr *msg, size_t len)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;
	struct sk_buff *skb;
	int err;

	BT_DBG("sock %p sk %p", sock, sk);

	if (msg->msg_flags & MSG_OOB)
		return -EOPNOTSUPP;

	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
		return -EINVAL;

	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
		return -EINVAL;

	lock_sock(sk);

	if (!(hdev = hci_pi(sk)->hdev)) {
		err = -EBADFD;
		goto done;
	}

	if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
		goto done;

	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
		err = -EFAULT;
		goto drop;
	}

	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
	skb_pull(skb, 1);
	skb->dev = (void *) hdev;

	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
		u16 opcode = __le16_to_cpu(get_unaligned((__le16 *) skb->data));
		u16 ogf = hci_opcode_ogf(opcode);
		u16 ocf = hci_opcode_ocf(opcode);

		if (((ogf > HCI_SFLT_MAX_OGF) ||
				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
					!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
			skb_queue_tail(&hdev->raw_q, skb);
			hci_sched_tx(hdev);
		} else {
			skb_queue_tail(&hdev->cmd_q, skb);
			hci_sched_cmd(hdev);
		}
	} else {
		if (!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		skb_queue_tail(&hdev->raw_q, skb);
		hci_sched_tx(hdev);
	}

	err = len;

done:
	release_sock(sk);
	return err;

drop:
	kfree_skb(skb);
	goto done;
}

static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
{
	struct hci_ufilter uf = { .opcode = 0 };
	struct sock *sk = sock->sk;
	int err = 0, opt = 0;

	BT_DBG("sk %p, opt %d", sk, optname);

	lock_sock(sk);

	switch (optname) {
	case HCI_DATA_DIR:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
		break;

	case HCI_TIME_STAMP:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
		break;

	case HCI_FILTER:
		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_from_user(&uf, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (!capable(CAP_NET_RAW)) {
			uf.type_mask &= hci_sec_filter.type_mask;
			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
		}

		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			f->type_mask = uf.type_mask;
			f->opcode    = uf.opcode;
			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
		}
		break; 

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
{
	struct hci_ufilter uf;
	struct sock *sk = sock->sk;
	int len, opt; 

	if (get_user(len, optlen))
		return -EFAULT;

	switch (optname) {
	case HCI_DATA_DIR:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
			opt = 1;
		else 
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_TIME_STAMP:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
			opt = 1;
		else 
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_FILTER:
		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			uf.type_mask = f->type_mask;
			uf.opcode    = f->opcode;
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
		}

		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_to_user(optval, &uf, len))
			return -EFAULT;
		break;

	default:
		return -ENOPROTOOPT;
		break;
	}

	return 0;
}

static const struct proto_ops hci_sock_ops = {
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= hci_sock_release,
	.bind		= hci_sock_bind,
	.getname	= hci_sock_getname,
	.sendmsg	= hci_sock_sendmsg,
	.recvmsg	= hci_sock_recvmsg,
	.ioctl		= hci_sock_ioctl,
	.poll		= datagram_poll,
	.listen		= sock_no_listen,
	.shutdown	= sock_no_shutdown,
	.setsockopt	= hci_sock_setsockopt,
	.getsockopt	= hci_sock_getsockopt,
	.connect	= sock_no_connect,
	.socketpair	= sock_no_socketpair,
	.accept		= sock_no_accept,
	.mmap		= sock_no_mmap
};

static struct proto hci_sk_proto = {
	.name		= "HCI",
	.owner		= THIS_MODULE,
	.obj_size	= sizeof(struct hci_pinfo)
};

static int hci_sock_create(struct socket *sock, int protocol)
{
	struct sock *sk;

	BT_DBG("sock %p", sock);

	if (sock->type != SOCK_RAW)
		return -ESOCKTNOSUPPORT;

	sock->ops = &hci_sock_ops;

	sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
	if (!sk)
		return -ENOMEM;

	sock_init_data(sock, sk);

	sock_reset_flag(sk, SOCK_ZAPPED);

	sk->sk_protocol = protocol;

	sock->state = SS_UNCONNECTED;
	sk->sk_state = BT_OPEN;

	bt_sock_link(&hci_sk_list, sk);
	return 0;
}

static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
{
	struct hci_dev *hdev = (struct hci_dev *) ptr;
	struct hci_ev_si_device ev;

	BT_DBG("hdev %s event %ld", hdev->name, event);

	/* Send event to sockets */
	ev.event  = event;
	ev.dev_id = hdev->id;
	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);

	if (event == HCI_DEV_UNREG) {
		struct sock *sk;
		struct hlist_node *node;

		/* Detach sockets from device */
		read_lock(&hci_sk_list.lock);
		sk_for_each(sk, node, &hci_sk_list.head) {
			bh_lock_sock(sk);
			if (hci_pi(sk)->hdev == hdev) {
				hci_pi(sk)->hdev = NULL;
				sk->sk_err = EPIPE;
				sk->sk_state = BT_OPEN;
				sk->sk_state_change(sk);

				hci_dev_put(hdev);
			}
			bh_unlock_sock(sk);
		}
		read_unlock(&hci_sk_list.lock);
	}

	return NOTIFY_DONE;
}

static struct net_proto_family hci_sock_family_ops = {
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= hci_sock_create,
};

static struct notifier_block hci_sock_nblock = {
	.notifier_call = hci_sock_dev_event
};

int __init hci_sock_init(void)
{
	int err;

	err = proto_register(&hci_sk_proto, 0);
	if (err < 0)
		return err;

	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
	if (err < 0)
		goto error;

	hci_register_notifier(&hci_sock_nblock);

	BT_INFO("HCI socket layer initialized");

	return 0;

error:
	BT_ERR("HCI socket registration failed");
	proto_unregister(&hci_sk_proto);
	return err;
}

int __exit hci_sock_cleanup(void)
{
	if (bt_sock_unregister(BTPROTO_HCI) < 0)
		BT_ERR("HCI socket unregistration failed");

	hci_unregister_notifier(&hci_sock_nblock);

	proto_unregister(&hci_sk_proto);

	return 0;
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	19
	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI sockets. */
	26
	27	#include <linux/config.h>
	28	#include <linux/module.h>
	29
	30	#include <linux/types.h>
4fc268d2	31	#include <linux/capability.h>
1da177e4 LT	32	#include <linux/errno.h>
1da177e4 LT	33	#include <linux/kernel.h>
1da177e4 LT	34	#include <linux/sched.h>
	35	#include <linux/slab.h>
	36	#include <linux/poll.h>
	37	#include <linux/fcntl.h>
	38	#include <linux/init.h>
	39	#include <linux/skbuff.h>
	40	#include <linux/workqueue.h>
	41	#include <linux/interrupt.h>
	42	#include <linux/socket.h>
	43	#include <linux/ioctl.h>
	44	#include <net/sock.h>
	45
	46	#include <asm/system.h>
	47	#include <asm/uaccess.h>
	48	#include <asm/unaligned.h>
	49
	50	#include <net/bluetooth/bluetooth.h>
	51	#include <net/bluetooth/hci_core.h>
	52
	53	#ifndef CONFIG_BT_HCI_SOCK_DEBUG
	54	#undef BT_DBG
	55	#define BT_DBG(D...)
	56	#endif
	57
	58	/* ----- HCI socket interface ----- */
	59
	60	static inline int hci_test_bit(int nr, void *addr)
	61	{
	62	return ((__u32 ) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
	63	}
	64
	65	/* Security filter */
	66	static struct hci_sec_filter hci_sec_filter = {
	67	/* Packet types */
	68	0x10,
	69	/* Events */
dd7f5527	70	{ 0x1000d9fe, 0x0000b00c },
1da177e4 LT	71	/* Commands */
	72	{
	73	{ 0x0 },
	74	/* OGF_LINK_CTL */
dd7f5527	75	{ 0xbe000006, 0x00000001, 0x000000, 0x00 },
1da177e4	76	/* OGF_LINK_POLICY */
dd7f5527	77	{ 0x00005200, 0x00000000, 0x000000, 0x00 },
1da177e4	78	/* OGF_HOST_CTL */
dd7f5527	79	{ 0xaab00200, 0x2b402aaa, 0x020154, 0x00 },
1da177e4	80	/* OGF_INFO_PARAM */
dd7f5527	81	{ 0x000002be, 0x00000000, 0x000000, 0x00 },
1da177e4	82	/* OGF_STATUS_PARAM */
dd7f5527	83	{ 0x000000ea, 0x00000000, 0x000000, 0x00 }
1da177e4 LT	84	}
	85	};
	86
	87	static struct bt_sock_list hci_sk_list = {
	88	.lock = RW_LOCK_UNLOCKED
	89	};
	90
	91	/* Send frame to RAW socket */
	92	void hci_send_to_sock(struct hci_dev hdev, struct sk_buff skb)
	93	{
	94	struct sock *sk;
	95	struct hlist_node *node;
	96
	97	BT_DBG("hdev %p len %d", hdev, skb->len);
	98
	99	read_lock(&hci_sk_list.lock);
	100	sk_for_each(sk, node, &hci_sk_list.head) {
	101	struct hci_filter *flt;
	102	struct sk_buff *nskb;
	103
	104	if (sk->sk_state != BT_BOUND \|\| hci_pi(sk)->hdev != hdev)
	105	continue;
	106
	107	/* Don't send frame to the socket it came from */
	108	if (skb->sk == sk)
	109	continue;
	110
	111	/* Apply filter */
	112	flt = &hci_pi(sk)->filter;
	113
0d48d939 MH	114	if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
0d48d939 MH	115	0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
1da177e4 LT	116	continue;
1da177e4 LT	117
0d48d939	118	if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
1da177e4 LT	119	register int evt = ((__u8 )skb->data & HCI_FLT_EVENT_BITS);
	120
	121	if (!hci_test_bit(evt, &flt->event_mask))
	122	continue;
	123
	124	if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
	125	flt->opcode != (__u16 )(skb->data + 3)) \|\|
	126	(evt == HCI_EV_CMD_STATUS &&
	127	flt->opcode != (__u16 )(skb->data + 4))))
	128	continue;
	129	}
	130
	131	if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
	132	continue;
	133
	134	/* Put type byte before the data */
0d48d939	135	memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
1da177e4 LT	136
	137	if (sock_queue_rcv_skb(sk, nskb))
	138	kfree_skb(nskb);
	139	}
	140	read_unlock(&hci_sk_list.lock);
	141	}
	142
	143	static int hci_sock_release(struct socket *sock)
	144	{
	145	struct sock *sk = sock->sk;
7b005bd3	146	struct hci_dev *hdev;
1da177e4 LT	147
	148	BT_DBG("sock %p sk %p", sock, sk);
	149
	150	if (!sk)
	151	return 0;
	152
7b005bd3 MH	153	hdev = hci_pi(sk)->hdev;
7b005bd3 MH	154
1da177e4 LT	155	bt_sock_unlink(&hci_sk_list, sk);
	156
	157	if (hdev) {
	158	atomic_dec(&hdev->promisc);
	159	hci_dev_put(hdev);
	160	}
	161
	162	sock_orphan(sk);
	163
	164	skb_queue_purge(&sk->sk_receive_queue);
	165	skb_queue_purge(&sk->sk_write_queue);
	166
	167	sock_put(sk);
	168	return 0;
	169	}
	170
	171	/* Ioctls that require bound socket */
	172	static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
	173	{
	174	struct hci_dev *hdev = hci_pi(sk)->hdev;
	175
	176	if (!hdev)
	177	return -EBADFD;
	178
	179	switch (cmd) {
	180	case HCISETRAW:
	181	if (!capable(CAP_NET_ADMIN))
	182	return -EACCES;
	183
	184	if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
	185	return -EPERM;
	186
	187	if (arg)
	188	set_bit(HCI_RAW, &hdev->flags);
	189	else
	190	clear_bit(HCI_RAW, &hdev->flags);
	191
	192	return 0;
	193
	194	case HCISETSECMGR:
	195	if (!capable(CAP_NET_ADMIN))
	196	return -EACCES;
	197
	198	if (arg)
	199	set_bit(HCI_SECMGR, &hdev->flags);
	200	else
	201	clear_bit(HCI_SECMGR, &hdev->flags);
	202
	203	return 0;
	204
	205	case HCIGETCONNINFO:
	206	return hci_get_conn_info(hdev, (void __user *)arg);
	207
	208	default:
	209	if (hdev->ioctl)
	210	return hdev->ioctl(hdev, cmd, arg);
	211	return -EINVAL;
	212	}
	213	}
	214
	215	static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
	216	{
	217	struct sock *sk = sock->sk;
	218	void __user argp = (void __user )arg;
219	int err;
220
221	BT_DBG("cmd %x arg %lx", cmd, arg);
222
223	switch (cmd) {
224	case HCIGETDEVLIST:
225	return hci_get_dev_list(argp);
226
227	case HCIGETDEVINFO:
228	return hci_get_dev_info(argp);
229
230	case HCIGETCONNLIST:
231	return hci_get_conn_list(argp);
232
233	case HCIDEVUP:
234	if (!capable(CAP_NET_ADMIN))
235	return -EACCES;
236	return hci_dev_open(arg);
237
238	case HCIDEVDOWN:
239	if (!capable(CAP_NET_ADMIN))
240	return -EACCES;
241	return hci_dev_close(arg);
242
243	case HCIDEVRESET:
244	if (!capable(CAP_NET_ADMIN))
245	return -EACCES;
246	return hci_dev_reset(arg);
247
248	case HCIDEVRESTAT:
249	if (!capable(CAP_NET_ADMIN))
250	return -EACCES;
251	return hci_dev_reset_stat(arg);
252
253	case HCISETSCAN:
254	case HCISETAUTH:
255	case HCISETENCRYPT:
256	case HCISETPTYPE:
257	case HCISETLINKPOL:
258	case HCISETLINKMODE:
259	case HCISETACLMTU:
260	case HCISETSCOMTU:
261	if (!capable(CAP_NET_ADMIN))
262	return -EACCES;
263	return hci_dev_cmd(cmd, argp);
264
265	case HCIINQUIRY:
266	return hci_inquiry(argp);
267
268	default:
269	lock_sock(sk);
270	err = hci_sock_bound_ioctl(sk, cmd, arg);
271	release_sock(sk);
272	return err;
273	}
274	}
275
276	static int hci_sock_bind(struct socket sock, struct sockaddr addr, int addr_len)
277	{
278	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
279	struct sock *sk = sock->sk;
280	struct hci_dev *hdev = NULL;
281	int err = 0;
282
283	BT_DBG("sock %p sk %p", sock, sk);
284
285	if (!haddr \|\| haddr->hci_family != AF_BLUETOOTH)
286	return -EINVAL;
287
288	lock_sock(sk);
289
290	if (hci_pi(sk)->hdev) {
291	err = -EALREADY;
292	goto done;
293	}
294
295	if (haddr->hci_dev != HCI_DEV_NONE) {
296	if (!(hdev = hci_dev_get(haddr->hci_dev))) {
297	err = -ENODEV;
298	goto done;
299	}
300
301	atomic_inc(&hdev->promisc);
302	}
303
304	hci_pi(sk)->hdev = hdev;
305	sk->sk_state = BT_BOUND;
306
307	done:
308	release_sock(sk);
309	return err;
310	}
311
312	static int hci_sock_getname(struct socket sock, struct sockaddr addr, int *addr_len, int peer)
313	{
314	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
315	struct sock *sk = sock->sk;
7b005bd3	316	struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4 LT	317
	318	BT_DBG("sock %p sk %p", sock, sk);
	319
7b005bd3 MH	320	if (!hdev)
	321	return -EBADFD;
	322
1da177e4 LT	323	lock_sock(sk);
	324
	325	addr_len = sizeof(haddr);
	326	haddr->hci_family = AF_BLUETOOTH;
7b005bd3	327	haddr->hci_dev = hdev->id;
1da177e4 LT	328
	329	release_sock(sk);
	330	return 0;
	331	}
	332
	333	static inline void hci_sock_cmsg(struct sock sk, struct msghdr msg, struct sk_buff *skb)
	334	{
	335	__u32 mask = hci_pi(sk)->cmsg_mask;
	336
0d48d939 MH	337	if (mask & HCI_CMSG_DIR) {
	338	int incoming = bt_cb(skb)->incoming;
	339	put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	340	}
1da177e4	341
a61bbcf2 PM	342	if (mask & HCI_CMSG_TSTAMP) {
	343	struct timeval tv;
	344
	345	skb_get_timestamp(skb, &tv);
	346	put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(tv), &tv);
	347	}
1da177e4 LT	348	}
	349
	350	static int hci_sock_recvmsg(struct kiocb iocb, struct socket sock,
	351	struct msghdr *msg, size_t len, int flags)
	352	{
	353	int noblock = flags & MSG_DONTWAIT;
	354	struct sock *sk = sock->sk;
	355	struct sk_buff *skb;
	356	int copied, err;
	357
	358	BT_DBG("sock %p, sk %p", sock, sk);
	359
	360	if (flags & (MSG_OOB))
	361	return -EOPNOTSUPP;
	362
	363	if (sk->sk_state == BT_CLOSED)
	364	return 0;
	365
	366	if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
	367	return err;
	368
	369	msg->msg_namelen = 0;
	370
	371	copied = skb->len;
	372	if (len < copied) {
	373	msg->msg_flags \|= MSG_TRUNC;
	374	copied = len;
	375	}
	376
	377	skb->h.raw = skb->data;
	378	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
	379
	380	hci_sock_cmsg(sk, msg, skb);
	381
	382	skb_free_datagram(sk, skb);
	383
	384	return err ? : copied;
	385	}
	386
	387	static int hci_sock_sendmsg(struct kiocb iocb, struct socket sock,
	388	struct msghdr *msg, size_t len)
	389	{
	390	struct sock *sk = sock->sk;
	391	struct hci_dev *hdev;
	392	struct sk_buff *skb;
	393	int err;
	394
	395	BT_DBG("sock %p sk %p", sock, sk);
	396
	397	if (msg->msg_flags & MSG_OOB)
	398	return -EOPNOTSUPP;
	399
	400	if (msg->msg_flags & ~(MSG_DONTWAIT\|MSG_NOSIGNAL\|MSG_ERRQUEUE))
	401	return -EINVAL;
	402
	403	if (len < 4 \|\| len > HCI_MAX_FRAME_SIZE)
	404	return -EINVAL;
	405
	406	lock_sock(sk);
	407
	408	if (!(hdev = hci_pi(sk)->hdev)) {
	409	err = -EBADFD;
	410	goto done;
	411	}
412
413	if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
414	goto done;
415
416	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
417	err = -EFAULT;
418	goto drop;
419	}
420
0d48d939	421	bt_cb(skb)->pkt_type = ((unsigned char ) skb->data);
1da177e4 LT	422	skb_pull(skb, 1);
	423	skb->dev = (void *) hdev;
	424
0d48d939	425	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
1ebb9252	426	u16 opcode = __le16_to_cpu(get_unaligned((__le16 *) skb->data));
1da177e4 LT	427	u16 ogf = hci_opcode_ogf(opcode);
	428	u16 ocf = hci_opcode_ocf(opcode);
	429
	430	if (((ogf > HCI_SFLT_MAX_OGF) \|\|
	431	!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
	432	!capable(CAP_NET_RAW)) {
	433	err = -EPERM;
	434	goto drop;
	435	}
	436
	437	if (test_bit(HCI_RAW, &hdev->flags) \|\| (ogf == OGF_VENDOR_CMD)) {
	438	skb_queue_tail(&hdev->raw_q, skb);
	439	hci_sched_tx(hdev);
	440	} else {
	441	skb_queue_tail(&hdev->cmd_q, skb);
	442	hci_sched_cmd(hdev);
	443	}
	444	} else {
	445	if (!capable(CAP_NET_RAW)) {
	446	err = -EPERM;
	447	goto drop;
	448	}
	449
	450	skb_queue_tail(&hdev->raw_q, skb);
	451	hci_sched_tx(hdev);
	452	}
	453
	454	err = len;
	455
	456	done:
	457	release_sock(sk);
	458	return err;
	459
	460	drop:
	461	kfree_skb(skb);
	462	goto done;
	463	}
	464
	465	static int hci_sock_setsockopt(struct socket sock, int level, int optname, char __user optval, int len)
	466	{
	467	struct hci_ufilter uf = { .opcode = 0 };
	468	struct sock *sk = sock->sk;
	469	int err = 0, opt = 0;
	470
	471	BT_DBG("sk %p, opt %d", sk, optname);
	472
	473	lock_sock(sk);
	474
	475	switch (optname) {
	476	case HCI_DATA_DIR:
	477	if (get_user(opt, (int __user *)optval)) {
	478	err = -EFAULT;
	479	break;
	480	}
	481
	482	if (opt)
	483	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_DIR;
	484	else
	485	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
	486	break;
	487
	488	case HCI_TIME_STAMP:
	489	if (get_user(opt, (int __user *)optval)) {
	490	err = -EFAULT;
491	break;
492	}
493
494	if (opt)
495	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_TSTAMP;
496	else
497	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
498	break;
499
500	case HCI_FILTER:
501	len = min_t(unsigned int, len, sizeof(uf));
502	if (copy_from_user(&uf, optval, len)) {
503	err = -EFAULT;
504	break;
505	}
506
507	if (!capable(CAP_NET_RAW)) {
508	uf.type_mask &= hci_sec_filter.type_mask;
509	uf.event_mask[0] &= ((u32 ) hci_sec_filter.event_mask + 0);
510	uf.event_mask[1] &= ((u32 ) hci_sec_filter.event_mask + 1);
511	}
512
513	{
514	struct hci_filter *f = &hci_pi(sk)->filter;
515
516	f->type_mask = uf.type_mask;
517	f->opcode = uf.opcode;
518	((u32 ) f->event_mask + 0) = uf.event_mask[0];
519	((u32 ) f->event_mask + 1) = uf.event_mask[1];
520	}
521	break;
522
523	default:
524	err = -ENOPROTOOPT;
525	break;
526	}
527
528	release_sock(sk);
529	return err;
530	}
531
532	static int hci_sock_getsockopt(struct socket sock, int level, int optname, char __user optval, int __user *optlen)
533	{
534	struct hci_ufilter uf;
535	struct sock *sk = sock->sk;
536	int len, opt;
537
538	if (get_user(len, optlen))
539	return -EFAULT;
540
541	switch (optname) {
542	case HCI_DATA_DIR:
543	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
544	opt = 1;
545	else
546	opt = 0;
547
548	if (put_user(opt, optval))
549	return -EFAULT;
550	break;
551
552	case HCI_TIME_STAMP:
553	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
554	opt = 1;
555	else
556	opt = 0;
557
558	if (put_user(opt, optval))
559	return -EFAULT;
560	break;
561
562	case HCI_FILTER:
563	{
564	struct hci_filter *f = &hci_pi(sk)->filter;
565
566	uf.type_mask = f->type_mask;
567	uf.opcode = f->opcode;
568	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
569	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
570	}
571
572	len = min_t(unsigned int, len, sizeof(uf));
573	if (copy_to_user(optval, &uf, len))
574	return -EFAULT;
575	break;
576
577	default:
578	return -ENOPROTOOPT;
579	break;
580	}
581
582	return 0;
583	}
584
90ddc4f0	585	static const struct proto_ops hci_sock_ops = {
1da177e4 LT	586	.family = PF_BLUETOOTH,
	587	.owner = THIS_MODULE,
	588	.release = hci_sock_release,
	589	.bind = hci_sock_bind,
	590	.getname = hci_sock_getname,
	591	.sendmsg = hci_sock_sendmsg,
	592	.recvmsg = hci_sock_recvmsg,
	593	.ioctl = hci_sock_ioctl,
	594	.poll = datagram_poll,
	595	.listen = sock_no_listen,
	596	.shutdown = sock_no_shutdown,
	597	.setsockopt = hci_sock_setsockopt,
	598	.getsockopt = hci_sock_getsockopt,
	599	.connect = sock_no_connect,
	600	.socketpair = sock_no_socketpair,
	601	.accept = sock_no_accept,
	602	.mmap = sock_no_mmap
	603	};
	604
	605	static struct proto hci_sk_proto = {
	606	.name = "HCI",
	607	.owner = THIS_MODULE,
	608	.obj_size = sizeof(struct hci_pinfo)
	609	};
	610
	611	static int hci_sock_create(struct socket *sock, int protocol)
	612	{
	613	struct sock *sk;
	614
	615	BT_DBG("sock %p", sock);
	616
	617	if (sock->type != SOCK_RAW)
	618	return -ESOCKTNOSUPPORT;
	619
	620	sock->ops = &hci_sock_ops;
	621
	622	sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
	623	if (!sk)
	624	return -ENOMEM;
	625
	626	sock_init_data(sock, sk);
	627
	628	sock_reset_flag(sk, SOCK_ZAPPED);
	629
	630	sk->sk_protocol = protocol;
	631
	632	sock->state = SS_UNCONNECTED;
	633	sk->sk_state = BT_OPEN;
	634
	635	bt_sock_link(&hci_sk_list, sk);
	636	return 0;
	637	}
	638
	639	static int hci_sock_dev_event(struct notifier_block this, unsigned long event, void ptr)
	640	{
	641	struct hci_dev hdev = (struct hci_dev ) ptr;
	642	struct hci_ev_si_device ev;
	643
	644	BT_DBG("hdev %s event %ld", hdev->name, event);
	645
	646	/* Send event to sockets */
	647	ev.event = event;
	648	ev.dev_id = hdev->id;
	649	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
650
651	if (event == HCI_DEV_UNREG) {
652	struct sock *sk;
653	struct hlist_node *node;
654
655	/* Detach sockets from device */
656	read_lock(&hci_sk_list.lock);
657	sk_for_each(sk, node, &hci_sk_list.head) {
658	bh_lock_sock(sk);
659	if (hci_pi(sk)->hdev == hdev) {
660	hci_pi(sk)->hdev = NULL;
661	sk->sk_err = EPIPE;
662	sk->sk_state = BT_OPEN;
663	sk->sk_state_change(sk);
664
665	hci_dev_put(hdev);
666	}
667	bh_unlock_sock(sk);
668	}
669	read_unlock(&hci_sk_list.lock);
670	}
671
672	return NOTIFY_DONE;
673	}
674
675	static struct net_proto_family hci_sock_family_ops = {
676	.family = PF_BLUETOOTH,
677	.owner = THIS_MODULE,
678	.create = hci_sock_create,
679	};
680
681	static struct notifier_block hci_sock_nblock = {
682	.notifier_call = hci_sock_dev_event
683	};
684
685	int __init hci_sock_init(void)
686	{
687	int err;
688
689	err = proto_register(&hci_sk_proto, 0);
690	if (err < 0)
691	return err;
692
693	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
694	if (err < 0)
695	goto error;
696
697	hci_register_notifier(&hci_sock_nblock);
698
699	BT_INFO("HCI socket layer initialized");
700
701	return 0;
702
703	error:
704	BT_ERR("HCI socket registration failed");
705	proto_unregister(&hci_sk_proto);
706	return err;
707	}
708
709	int __exit hci_sock_cleanup(void)
710	{
711	if (bt_sock_unregister(BTPROTO_HCI) < 0)
712	BT_ERR("HCI socket unregistration failed");
713
714	hci_unregister_notifier(&hci_sock_nblock);
715
716	proto_unregister(&hci_sk_proto);
717
718	return 0;
719	}