]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/hci_sock.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: add WCNSS dependency for HCI driver
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
787b306c 28#include <linux/utsname.h>
70ecce91 29#include <linux/sched.h>
1da177e4
LT		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
cd82e61c 34#include <net/bluetooth/hci_mon.h>
fa4335d7
JH		 35#include <net/bluetooth/mgmt.h>
36
37#include "mgmt_util.h"
1da177e4 38
801c1e8d
JH		 39static LIST_HEAD(mgmt_chan_list);
40static DEFINE_MUTEX(mgmt_chan_list_lock);
41
70ecce91
MH		 42static DEFINE_IDA(sock_cookie_ida);
43
cd82e61c
MH		 44static atomic_t monitor_promisc = ATOMIC_INIT(0);
45
1da177e4
LT		 46/* ----- HCI socket interface ----- */
47
863def58
MH		 48/* Socket info */
49#define hci_pi(sk) ((struct hci_pinfo *) sk)
50
51struct hci_pinfo {
52 struct bt_sock bt;
53 struct hci_dev *hdev;
54 struct hci_filter filter;
55 __u32 cmsg_mask;
56 unsigned short channel;
6befc644 57 unsigned long flags;
70ecce91
MH		 58 __u32 cookie;
59 char comm[TASK_COMM_LEN];
863def58
MH		 60};
61
6befc644
MH		 62void hci_sock_set_flag(struct sock *sk, int nr)
63{
64 set_bit(nr, &hci_pi(sk)->flags);
65}
66
67void hci_sock_clear_flag(struct sock *sk, int nr)
68{
69 clear_bit(nr, &hci_pi(sk)->flags);
70}
71
c85be545
MH		 72int hci_sock_test_flag(struct sock *sk, int nr)
73{
74 return test_bit(nr, &hci_pi(sk)->flags);
75}
76
d0f172b1
JH		 77unsigned short hci_sock_get_channel(struct sock *sk)
78{
79 return hci_pi(sk)->channel;
80}
81
70ecce91
MH		 82u32 hci_sock_get_cookie(struct sock *sk)
83{
84 return hci_pi(sk)->cookie;
85}
86
9391976a 87static inline int hci_test_bit(int nr, const void *addr)
1da177e4 88{
9391976a 89 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
1da177e4
LT		 90}
91
92/* Security filter */
3ad254f7
MH		 93#define HCI_SFLT_MAX_OGF 5
94
95struct hci_sec_filter {
96 __u32 type_mask;
97 __u32 event_mask[2];
98 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
99};
100
7e67c112 101static const struct hci_sec_filter hci_sec_filter = {
1da177e4
LT		 102 /* Packet types */
103 0x10,
104 /* Events */
dd7f5527 105 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 106 /* Commands */
107 {
108 { 0x0 },
109 /* OGF_LINK_CTL */
7c631a67 110 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 111 /* OGF_LINK_POLICY */
7c631a67 112 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 113 /* OGF_HOST_CTL */
7c631a67 114 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 115 /* OGF_INFO_PARAM */
7c631a67 116 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 117 /* OGF_STATUS_PARAM */
7c631a67 118 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 119 }
120};
121
122static struct bt_sock_list hci_sk_list = {
d5fb2962 123 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 124};
125
f81fe64f
MH		 126static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
127{
128 struct hci_filter *flt;
129 int flt_type, flt_event;
130
131 /* Apply filter */
132 flt = &hci_pi(sk)->filter;
133
d79f34e3 134 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
f81fe64f
MH		 135
136 if (!test_bit(flt_type, &flt->type_mask))
137 return true;
138
139 /* Extra filter for event packets only */
d79f34e3 140 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
f81fe64f
MH		 141 return false;
142
143 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
144
145 if (!hci_test_bit(flt_event, &flt->event_mask))
146 return true;
147
148 /* Check filter only when opcode is set */
149 if (!flt->opcode)
150 return false;
151
152 if (flt_event == HCI_EV_CMD_COMPLETE &&
153 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
154 return true;
155
156 if (flt_event == HCI_EV_CMD_STATUS &&
157 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
158 return true;
159
160 return false;
161}
162
1da177e4 163/* Send frame to RAW socket */
470fe1b5 164void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 165{
166 struct sock *sk;
e0edf373 167 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 168
169 BT_DBG("hdev %p len %d", hdev, skb->len);
170
171 read_lock(&hci_sk_list.lock);
470fe1b5 172
b67bfe0d 173 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 174 struct sk_buff *nskb;
175
176 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
177 continue;
178
179 /* Don't send frame to the socket it came from */
180 if (skb->sk == sk)
181 continue;
182
23500189 183 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
d79f34e3
MH		 184 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
185 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
186 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
187 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
bb77543e 188 continue;
23500189
MH		 189 if (is_filtered_packet(sk, skb))
190 continue;
191 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
192 if (!bt_cb(skb)->incoming)
193 continue;
d79f34e3
MH		 194 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
195 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
196 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
23500189
MH		 197 continue;
198 } else {
199 /* Don't send frame to other channel types */
1da177e4 200 continue;
23500189 201 }
1da177e4 202
e0edf373
MH		 203 if (!skb_copy) {
204 /* Create a private copy with headroom */
bad93e9d 205 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
e0edf373
MH		 206 if (!skb_copy)
207 continue;
208
209 /* Put type byte before the data */
d79f34e3 210 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
e0edf373
MH		 211 }
212
213 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 214 if (!nskb)
1da177e4
LT		 215 continue;
216
470fe1b5
MH		 217 if (sock_queue_rcv_skb(sk, nskb))
218 kfree_skb(nskb);
219 }
220
221 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 222
223 kfree_skb(skb_copy);
470fe1b5
MH		 224}
225
7129069e
JH		 226/* Send frame to sockets with specific channel */
227void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
c08b1a1d 228 int flag, struct sock *skip_sk)
470fe1b5
MH		 229{
230 struct sock *sk;
470fe1b5 231
7129069e 232 BT_DBG("channel %u len %d", channel, skb->len);
470fe1b5
MH		 233
234 read_lock(&hci_sk_list.lock);
235
b67bfe0d 236 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 237 struct sk_buff *nskb;
238
c08b1a1d 239 /* Ignore socket without the flag set */
c85be545 240 if (!hci_sock_test_flag(sk, flag))
d7f72f61
MH		 241 continue;
242
c08b1a1d
MH		 243 /* Skip the original socket */
244 if (sk == skip_sk)
17711c62
MH		 245 continue;
246
247 if (sk->sk_state != BT_BOUND)
248 continue;
249
250 if (hci_pi(sk)->channel != channel)
251 continue;
252
253 nskb = skb_clone(skb, GFP_ATOMIC);
254 if (!nskb)
255 continue;
256
257 if (sock_queue_rcv_skb(sk, nskb))
258 kfree_skb(nskb);
259 }
260
261 read_unlock(&hci_sk_list.lock);
262}
263
cd82e61c
MH		 264/* Send frame to monitor socket */
265void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
266{
cd82e61c 267 struct sk_buff *skb_copy = NULL;
2b531294 268 struct hci_mon_hdr *hdr;
cd82e61c
MH		 269 __le16 opcode;
270
271 if (!atomic_read(&monitor_promisc))
272 return;
273
274 BT_DBG("hdev %p len %d", hdev, skb->len);
275
d79f34e3 276 switch (hci_skb_pkt_type(skb)) {
cd82e61c 277 case HCI_COMMAND_PKT:
dcf4adbf 278 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
cd82e61c
MH		 279 break;
280 case HCI_EVENT_PKT:
dcf4adbf 281 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
cd82e61c
MH		 282 break;
283 case HCI_ACLDATA_PKT:
284 if (bt_cb(skb)->incoming)
dcf4adbf 285 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
cd82e61c 286 else
dcf4adbf 287 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
cd82e61c
MH		 288 break;
289 case HCI_SCODATA_PKT:
290 if (bt_cb(skb)->incoming)
dcf4adbf 291 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
cd82e61c 292 else
dcf4adbf 293 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
cd82e61c 294 break;
e875ff84
MH		 295 case HCI_DIAG_PKT:
296 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
297 break;
cd82e61c
MH		 298 default:
299 return;
300 }
301
2b531294
MH		 302 /* Create a private copy with headroom */
303 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
304 if (!skb_copy)
305 return;
306
307 /* Put header before the data */
8528d3f7 308 hdr = (void *)skb_push(skb_copy, HCI_MON_HDR_SIZE);
2b531294
MH		 309 hdr->opcode = opcode;
310 hdr->index = cpu_to_le16(hdev->id);
311 hdr->len = cpu_to_le16(skb->len);
312
c08b1a1d
MH		 313 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
314 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 315 kfree_skb(skb_copy);
316}
317
38ceaa00
MH		 318void hci_send_monitor_ctrl_event(struct hci_dev *hdev, u16 event,
319 void *data, u16 data_len, ktime_t tstamp,
320 int flag, struct sock *skip_sk)
321{
322 struct sock *sk;
323 __le16 index;
324
325 if (hdev)
326 index = cpu_to_le16(hdev->id);
327 else
328 index = cpu_to_le16(MGMT_INDEX_NONE);
329
330 read_lock(&hci_sk_list.lock);
331
332 sk_for_each(sk, &hci_sk_list.head) {
333 struct hci_mon_hdr *hdr;
334 struct sk_buff *skb;
335
336 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
337 continue;
338
339 /* Ignore socket without the flag set */
340 if (!hci_sock_test_flag(sk, flag))
341 continue;
342
343 /* Skip the original socket */
344 if (sk == skip_sk)
345 continue;
346
347 skb = bt_skb_alloc(6 + data_len, GFP_ATOMIC);
348 if (!skb)
349 continue;
350
351 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
352 put_unaligned_le16(event, skb_put(skb, 2));
353
354 if (data)
355 memcpy(skb_put(skb, data_len), data, data_len);
356
357 skb->tstamp = tstamp;
358
359 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
360 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_EVENT);
361 hdr->index = index;
362 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
363
364 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
365 HCI_SOCK_TRUSTED, NULL);
366 kfree_skb(skb);
367 }
368
369 read_unlock(&hci_sk_list.lock);
370}
371
cd82e61c
MH		 372static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
373{
374 struct hci_mon_hdr *hdr;
375 struct hci_mon_new_index *ni;
6c566dd5 376 struct hci_mon_index_info *ii;
cd82e61c
MH		 377 struct sk_buff *skb;
378 __le16 opcode;
379
380 switch (event) {
381 case HCI_DEV_REG:
382 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
383 if (!skb)
384 return NULL;
385
6c566dd5 386 ni = (void *)skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
cd82e61c
MH		 387 ni->type = hdev->dev_type;
388 ni->bus = hdev->bus;
389 bacpy(&ni->bdaddr, &hdev->bdaddr);
390 memcpy(ni->name, hdev->name, 8);
391
dcf4adbf 392 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
cd82e61c
MH		 393 break;
394
395 case HCI_DEV_UNREG:
396 skb = bt_skb_alloc(0, GFP_ATOMIC);
397 if (!skb)
398 return NULL;
399
dcf4adbf 400 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
cd82e61c
MH		 401 break;
402
e131d74a
MH		 403 case HCI_DEV_SETUP:
404 if (hdev->manufacturer == 0xffff)
405 return NULL;
406
407 /* fall through */
408
6c566dd5
MH		 409 case HCI_DEV_UP:
410 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
411 if (!skb)
412 return NULL;
413
414 ii = (void *)skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
415 bacpy(&ii->bdaddr, &hdev->bdaddr);
416 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
417
418 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
419 break;
420
22db3cbc
MH		 421 case HCI_DEV_OPEN:
422 skb = bt_skb_alloc(0, GFP_ATOMIC);
423 if (!skb)
424 return NULL;
425
426 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
427 break;
428
429 case HCI_DEV_CLOSE:
430 skb = bt_skb_alloc(0, GFP_ATOMIC);
431 if (!skb)
432 return NULL;
433
434 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
435 break;
436
cd82e61c
MH		 437 default:
438 return NULL;
439 }
440
441 __net_timestamp(skb);
442
8528d3f7 443 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
cd82e61c
MH		 444 hdr->opcode = opcode;
445 hdr->index = cpu_to_le16(hdev->id);
446 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
447
448 return skb;
449}
450
249fa169
MH		 451static struct sk_buff *create_monitor_ctrl_open(struct sock *sk)
452{
453 struct hci_mon_hdr *hdr;
454 struct sk_buff *skb;
455 u16 format = 0x0002;
456 u8 ver[3];
457 u32 flags;
458
459 skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
460 if (!skb)
461 return NULL;
462
463 mgmt_fill_version_info(ver);
464 flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
465
466 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
467 put_unaligned_le16(format, skb_put(skb, 2));
468 memcpy(skb_put(skb, sizeof(ver)), ver, sizeof(ver));
469 put_unaligned_le32(flags, skb_put(skb, 4));
470 *skb_put(skb, 1) = TASK_COMM_LEN;
471 memcpy(skb_put(skb, TASK_COMM_LEN), hci_pi(sk)->comm, TASK_COMM_LEN);
472
473 __net_timestamp(skb);
474
475 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
476 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_OPEN);
477 hdr->index = cpu_to_le16(HCI_DEV_NONE);
478 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
479
480 return skb;
481}
482
483static struct sk_buff *create_monitor_ctrl_close(struct sock *sk)
484{
485 struct hci_mon_hdr *hdr;
486 struct sk_buff *skb;
487
488 skb = bt_skb_alloc(4, GFP_ATOMIC);
489 if (!skb)
490 return NULL;
491
492 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
493
494 __net_timestamp(skb);
495
496 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
497 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_CLOSE);
498 hdr->index = cpu_to_le16(HCI_DEV_NONE);
499 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
500
501 return skb;
502}
503
38ceaa00
MH		 504static struct sk_buff *create_monitor_ctrl_command(struct sock *sk, u16 index,
505 u16 opcode, u16 len,
506 const void *buf)
507{
508 struct hci_mon_hdr *hdr;
509 struct sk_buff *skb;
510
511 skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
512 if (!skb)
513 return NULL;
514
515 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
516 put_unaligned_le16(opcode, skb_put(skb, 2));
517
518 if (buf)
519 memcpy(skb_put(skb, len), buf, len);
520
521 __net_timestamp(skb);
522
523 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
524 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_COMMAND);
525 hdr->index = cpu_to_le16(index);
526 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
527
528 return skb;
529}
530
787b306c
JB		 531static void __printf(2, 3)
532send_monitor_note(struct sock *sk, const char *fmt, ...)
dd31506d 533{
787b306c 534 size_t len;
dd31506d
MH		 535 struct hci_mon_hdr *hdr;
536 struct sk_buff *skb;
787b306c
JB		 537 va_list args;
538
539 va_start(args, fmt);
540 len = vsnprintf(NULL, 0, fmt, args);
541 va_end(args);
dd31506d
MH		 542
543 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
544 if (!skb)
545 return;
546
787b306c
JB		 547 va_start(args, fmt);
548 vsprintf(skb_put(skb, len), fmt, args);
549 *skb_put(skb, 1) = 0;
550 va_end(args);
dd31506d
MH		 551
552 __net_timestamp(skb);
553
554 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
555 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
556 hdr->index = cpu_to_le16(HCI_DEV_NONE);
557 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
558
559 if (sock_queue_rcv_skb(sk, skb))
560 kfree_skb(skb);
561}
562
cd82e61c
MH		 563static void send_monitor_replay(struct sock *sk)
564{
565 struct hci_dev *hdev;
566
567 read_lock(&hci_dev_list_lock);
568
569 list_for_each_entry(hdev, &hci_dev_list, list) {
570 struct sk_buff *skb;
571
572 skb = create_monitor_event(hdev, HCI_DEV_REG);
573 if (!skb)
574 continue;
575
576 if (sock_queue_rcv_skb(sk, skb))
577 kfree_skb(skb);
22db3cbc
MH		 578
579 if (!test_bit(HCI_RUNNING, &hdev->flags))
580 continue;
581
582 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
583 if (!skb)
584 continue;
585
586 if (sock_queue_rcv_skb(sk, skb))
587 kfree_skb(skb);
6c566dd5 588
e131d74a
MH		 589 if (test_bit(HCI_UP, &hdev->flags))
590 skb = create_monitor_event(hdev, HCI_DEV_UP);
591 else if (hci_dev_test_flag(hdev, HCI_SETUP))
592 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
593 else
594 skb = NULL;
6c566dd5 595
e131d74a
MH		 596 if (skb) {
597 if (sock_queue_rcv_skb(sk, skb))
598 kfree_skb(skb);
599 }
cd82e61c
MH		 600 }
601
602 read_unlock(&hci_dev_list_lock);
603}
604
249fa169
MH		 605static void send_monitor_control_replay(struct sock *mon_sk)
606{
607 struct sock *sk;
608
609 read_lock(&hci_sk_list.lock);
610
611 sk_for_each(sk, &hci_sk_list.head) {
612 struct sk_buff *skb;
613
614 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
615 continue;
616
617 skb = create_monitor_ctrl_open(sk);
618 if (!skb)
619 continue;
620
621 if (sock_queue_rcv_skb(mon_sk, skb))
622 kfree_skb(skb);
623 }
624
625 read_unlock(&hci_sk_list.lock);
626}
627
040030ef
MH		 628/* Generate internal stack event */
629static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
630{
631 struct hci_event_hdr *hdr;
632 struct hci_ev_stack_internal *ev;
633 struct sk_buff *skb;
634
635 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
636 if (!skb)
637 return;
638
8528d3f7 639 hdr = (void *)skb_put(skb, HCI_EVENT_HDR_SIZE);
040030ef
MH		 640 hdr->evt = HCI_EV_STACK_INTERNAL;
641 hdr->plen = sizeof(*ev) + dlen;
642
8528d3f7 643 ev = (void *)skb_put(skb, sizeof(*ev) + dlen);
040030ef
MH		 644 ev->type = type;
645 memcpy(ev->data, data, dlen);
646
647 bt_cb(skb)->incoming = 1;
648 __net_timestamp(skb);
649
d79f34e3 650 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
040030ef
MH		 651 hci_send_to_sock(hdev, skb);
652 kfree_skb(skb);
653}
654
655void hci_sock_dev_event(struct hci_dev *hdev, int event)
656{
040030ef
MH		 657 BT_DBG("hdev %s event %d", hdev->name, event);
658
cd82e61c
MH		 659 if (atomic_read(&monitor_promisc)) {
660 struct sk_buff *skb;
661
ed1b28a4 662 /* Send event to monitor */
cd82e61c
MH		 663 skb = create_monitor_event(hdev, event);
664 if (skb) {
c08b1a1d
MH		 665 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
666 HCI_SOCK_TRUSTED, NULL);
cd82e61c
MH		 667 kfree_skb(skb);
668 }
669 }
670
ed1b28a4
MH		 671 if (event <= HCI_DEV_DOWN) {
672 struct hci_ev_si_device ev;
673
674 /* Send event to sockets */
675 ev.event = event;
676 ev.dev_id = hdev->id;
677 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
678 }
040030ef
MH		 679
680 if (event == HCI_DEV_UNREG) {
681 struct sock *sk;
040030ef
MH		 682
683 /* Detach sockets from device */
684 read_lock(&hci_sk_list.lock);
b67bfe0d 685 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 686 bh_lock_sock_nested(sk);
687 if (hci_pi(sk)->hdev == hdev) {
688 hci_pi(sk)->hdev = NULL;
689 sk->sk_err = EPIPE;
690 sk->sk_state = BT_OPEN;
691 sk->sk_state_change(sk);
692
693 hci_dev_put(hdev);
694 }
695 bh_unlock_sock(sk);
696 }
697 read_unlock(&hci_sk_list.lock);
698 }
699}
700
801c1e8d
JH		 701static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
702{
703 struct hci_mgmt_chan *c;
704
705 list_for_each_entry(c, &mgmt_chan_list, list) {
706 if (c->channel == channel)
707 return c;
708 }
709
710 return NULL;
711}
712
713static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
714{
715 struct hci_mgmt_chan *c;
716
717 mutex_lock(&mgmt_chan_list_lock);
718 c = __hci_mgmt_chan_find(channel);
719 mutex_unlock(&mgmt_chan_list_lock);
720
721 return c;
722}
723
724int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
725{
726 if (c->channel < HCI_CHANNEL_CONTROL)
727 return -EINVAL;
728
729 mutex_lock(&mgmt_chan_list_lock);
730 if (__hci_mgmt_chan_find(c->channel)) {
731 mutex_unlock(&mgmt_chan_list_lock);
732 return -EALREADY;
733 }
734
735 list_add_tail(&c->list, &mgmt_chan_list);
736
737 mutex_unlock(&mgmt_chan_list_lock);
738
739 return 0;
740}
741EXPORT_SYMBOL(hci_mgmt_chan_register);
742
743void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
744{
745 mutex_lock(&mgmt_chan_list_lock);
746 list_del(&c->list);
747 mutex_unlock(&mgmt_chan_list_lock);
748}
749EXPORT_SYMBOL(hci_mgmt_chan_unregister);
750
1da177e4
LT		 751static int hci_sock_release(struct socket *sock)
752{
753 struct sock *sk = sock->sk;
7b005bd3 754 struct hci_dev *hdev;
249fa169 755 struct sk_buff *skb;
70ecce91 756 int id;
1da177e4
LT		 757
758 BT_DBG("sock %p sk %p", sock, sk);
759
760 if (!sk)
761 return 0;
762
7b005bd3
MH		 763 hdev = hci_pi(sk)->hdev;
764
70ecce91
MH		 765 switch (hci_pi(sk)->channel) {
766 case HCI_CHANNEL_MONITOR:
cd82e61c 767 atomic_dec(&monitor_promisc);
70ecce91
MH		 768 break;
769 case HCI_CHANNEL_CONTROL:
770 id = hci_pi(sk)->cookie;
771
249fa169
MH		 772 /* Send event to monitor */
773 skb = create_monitor_ctrl_close(sk);
774 if (skb) {
775 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
776 HCI_SOCK_TRUSTED, NULL);
777 kfree_skb(skb);
778 }
779
70ecce91
MH		 780 hci_pi(sk)->cookie = 0xffffffff;
781 ida_simple_remove(&sock_cookie_ida, id);
782 break;
783 }
cd82e61c 784
1da177e4
LT		 785 bt_sock_unlink(&hci_sk_list, sk);
786
787 if (hdev) {
23500189 788 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
6b3cc1db
SF		 789 /* When releasing an user channel exclusive access,
790 * call hci_dev_do_close directly instead of calling
791 * hci_dev_close to ensure the exclusive access will
792 * be released and the controller brought back down.
793 *
794 * The checking of HCI_AUTO_OFF is not needed in this
795 * case since it will have been cleared already when
796 * opening the user channel.
797 */
798 hci_dev_do_close(hdev);
9380f9ea
LP		 799 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
800 mgmt_index_added(hdev);
23500189
MH		 801 }
802
1da177e4
LT		 803 atomic_dec(&hdev->promisc);
804 hci_dev_put(hdev);
805 }
806
807 sock_orphan(sk);
808
809 skb_queue_purge(&sk->sk_receive_queue);
810 skb_queue_purge(&sk->sk_write_queue);
811
812 sock_put(sk);
813 return 0;
814}
815
b2a66aad 816static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 817{
818 bdaddr_t bdaddr;
5e762444 819 int err;
f0358568
JH		 820
821 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
822 return -EFAULT;
823
09fd0de5 824 hci_dev_lock(hdev);
5e762444 825
dcc36c16 826 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 827
09fd0de5 828 hci_dev_unlock(hdev);
5e762444
AJ		 829
830 return err;
f0358568
JH		 831}
832
b2a66aad 833static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 834{
835 bdaddr_t bdaddr;
5e762444 836 int err;
f0358568
JH		 837
838 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
839 return -EFAULT;
840
09fd0de5 841 hci_dev_lock(hdev);
5e762444 842
dcc36c16 843 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
5e762444 844
09fd0de5 845 hci_dev_unlock(hdev);
5e762444
AJ		 846
847 return err;
f0358568
JH		 848}
849
8e87d142 850/* Ioctls that require bound socket */
6039aa73
GP		 851static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
852 unsigned long arg)
1da177e4
LT		 853{
854 struct hci_dev *hdev = hci_pi(sk)->hdev;
855
856 if (!hdev)
857 return -EBADFD;
858
d7a5a11d 859 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
0736cfa8
MH		 860 return -EBUSY;
861
d7a5a11d 862 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
fee746b0
MH		 863 return -EOPNOTSUPP;
864
ca8bee5d 865 if (hdev->dev_type != HCI_PRIMARY)
5b69bef5
MH		 866 return -EOPNOTSUPP;
867
1da177e4
LT		 868 switch (cmd) {
869 case HCISETRAW:
870 if (!capable(CAP_NET_ADMIN))
bf5b30b8 871 return -EPERM;
db596681 872 return -EOPNOTSUPP;
1da177e4 873
1da177e4 874 case HCIGETCONNINFO:
8528d3f7 875 return hci_get_conn_info(hdev, (void __user *)arg);
40be492f
MH		 876
877 case HCIGETAUTHINFO:
8528d3f7 878 return hci_get_auth_info(hdev, (void __user *)arg);
1da177e4 879
f0358568
JH		 880 case HCIBLOCKADDR:
881 if (!capable(CAP_NET_ADMIN))
bf5b30b8 882 return -EPERM;
8528d3f7 883 return hci_sock_blacklist_add(hdev, (void __user *)arg);
f0358568
JH		 884
885 case HCIUNBLOCKADDR:
886 if (!capable(CAP_NET_ADMIN))
bf5b30b8 887 return -EPERM;
8528d3f7 888 return hci_sock_blacklist_del(hdev, (void __user *)arg);
1da177e4 889 }
0736cfa8 890
324d36ed 891 return -ENOIOCTLCMD;
1da177e4
LT		 892}
893
8fc9ced3
GP		 894static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
895 unsigned long arg)
1da177e4 896{
8528d3f7 897 void __user *argp = (void __user *)arg;
0736cfa8 898 struct sock *sk = sock->sk;
1da177e4
LT		 899 int err;
900
901 BT_DBG("cmd %x arg %lx", cmd, arg);
902
c1c4f956
MH		 903 lock_sock(sk);
904
905 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
906 err = -EBADFD;
907 goto done;
908 }
909
910 release_sock(sk);
911
1da177e4
LT		 912 switch (cmd) {
913 case HCIGETDEVLIST:
914 return hci_get_dev_list(argp);
915
916 case HCIGETDEVINFO:
917 return hci_get_dev_info(argp);
918
919 case HCIGETCONNLIST:
920 return hci_get_conn_list(argp);
921
922 case HCIDEVUP:
923 if (!capable(CAP_NET_ADMIN))
bf5b30b8 924 return -EPERM;
1da177e4
LT		 925 return hci_dev_open(arg);
926
927 case HCIDEVDOWN:
928 if (!capable(CAP_NET_ADMIN))
bf5b30b8 929 return -EPERM;
1da177e4
LT		 930 return hci_dev_close(arg);
931
932 case HCIDEVRESET:
933 if (!capable(CAP_NET_ADMIN))
bf5b30b8 934 return -EPERM;
1da177e4
LT		 935 return hci_dev_reset(arg);
936
937 case HCIDEVRESTAT:
938 if (!capable(CAP_NET_ADMIN))
bf5b30b8 939 return -EPERM;
1da177e4
LT		 940 return hci_dev_reset_stat(arg);
941
942 case HCISETSCAN:
943 case HCISETAUTH:
944 case HCISETENCRYPT:
945 case HCISETPTYPE:
946 case HCISETLINKPOL:
947 case HCISETLINKMODE:
948 case HCISETACLMTU:
949 case HCISETSCOMTU:
950 if (!capable(CAP_NET_ADMIN))
bf5b30b8 951 return -EPERM;
1da177e4
LT		 952 return hci_dev_cmd(cmd, argp);
953
954 case HCIINQUIRY:
955 return hci_inquiry(argp);
1da177e4 956 }
c1c4f956
MH		 957
958 lock_sock(sk);
959
960 err = hci_sock_bound_ioctl(sk, cmd, arg);
961
962done:
963 release_sock(sk);
964 return err;
1da177e4
LT		 965}
966
8fc9ced3
GP		 967static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
968 int addr_len)
1da177e4 969{
0381101f 970 struct sockaddr_hci haddr;
1da177e4
LT		 971 struct sock *sk = sock->sk;
972 struct hci_dev *hdev = NULL;
0381101f 973 int len, err = 0;
1da177e4
LT		 974
975 BT_DBG("sock %p sk %p", sock, sk);
976
0381101f
JH		 977 if (!addr)
978 return -EINVAL;
979
980 memset(&haddr, 0, sizeof(haddr));
981 len = min_t(unsigned int, sizeof(haddr), addr_len);
982 memcpy(&haddr, addr, len);
983
984 if (haddr.hci_family != AF_BLUETOOTH)
985 return -EINVAL;
986
1da177e4
LT		 987 lock_sock(sk);
988
7cc2ade2 989 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 990 err = -EALREADY;
991 goto done;
992 }
993
7cc2ade2
MH		 994 switch (haddr.hci_channel) {
995 case HCI_CHANNEL_RAW:
996 if (hci_pi(sk)->hdev) {
997 err = -EALREADY;
1da177e4
LT		 998 goto done;
999 }
1000
7cc2ade2
MH		 1001 if (haddr.hci_dev != HCI_DEV_NONE) {
1002 hdev = hci_dev_get(haddr.hci_dev);
1003 if (!hdev) {
1004 err = -ENODEV;
1005 goto done;
1006 }
1007
1008 atomic_inc(&hdev->promisc);
1009 }
1010
1011 hci_pi(sk)->hdev = hdev;
1012 break;
1013
23500189
MH		 1014 case HCI_CHANNEL_USER:
1015 if (hci_pi(sk)->hdev) {
1016 err = -EALREADY;
1017 goto done;
1018 }
1019
1020 if (haddr.hci_dev == HCI_DEV_NONE) {
1021 err = -EINVAL;
1022 goto done;
1023 }
1024
10a8b86f 1025 if (!capable(CAP_NET_ADMIN)) {
23500189
MH		 1026 err = -EPERM;
1027 goto done;
1028 }
1029
1030 hdev = hci_dev_get(haddr.hci_dev);
1031 if (!hdev) {
1032 err = -ENODEV;
1033 goto done;
1034 }
1035
781f899f 1036 if (test_bit(HCI_INIT, &hdev->flags) ||
d7a5a11d 1037 hci_dev_test_flag(hdev, HCI_SETUP) ||
781f899f
MH		 1038 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1039 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1040 test_bit(HCI_UP, &hdev->flags))) {
23500189
MH		 1041 err = -EBUSY;
1042 hci_dev_put(hdev);
1043 goto done;
1044 }
1045
238be788 1046 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
23500189
MH		 1047 err = -EUSERS;
1048 hci_dev_put(hdev);
1049 goto done;
1050 }
1051
0602a8ad 1052 mgmt_index_removed(hdev);
23500189
MH		 1053
1054 err = hci_dev_open(hdev->id);
1055 if (err) {
781f899f
MH		 1056 if (err == -EALREADY) {
1057 /* In case the transport is already up and
1058 * running, clear the error here.
1059 *
1060 * This can happen when opening an user
1061 * channel and HCI_AUTO_OFF grace period
1062 * is still active.
1063 */
1064 err = 0;
1065 } else {
1066 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
1067 mgmt_index_added(hdev);
1068 hci_dev_put(hdev);
1069 goto done;
1070 }
23500189
MH		 1071 }
1072
1073 atomic_inc(&hdev->promisc);
1074
1075 hci_pi(sk)->hdev = hdev;
1076 break;
1077
cd82e61c
MH		 1078 case HCI_CHANNEL_MONITOR:
1079 if (haddr.hci_dev != HCI_DEV_NONE) {
1080 err = -EINVAL;
1081 goto done;
1082 }
1083
1084 if (!capable(CAP_NET_RAW)) {
1085 err = -EPERM;
1086 goto done;
1087 }
1088
50ebc055
MH		 1089 /* The monitor interface is restricted to CAP_NET_RAW
1090 * capabilities and with that implicitly trusted.
1091 */
1092 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1093
787b306c
JB		 1094 send_monitor_note(sk, "Linux version %s (%s)",
1095 init_utsname()->release,
1096 init_utsname()->machine);
1097 send_monitor_note(sk, "Bluetooth subsystem version %s",
1098 BT_SUBSYS_VERSION);
cd82e61c 1099 send_monitor_replay(sk);
249fa169 1100 send_monitor_control_replay(sk);
cd82e61c
MH		 1101
1102 atomic_inc(&monitor_promisc);
1103 break;
1104
ac714949
MH		 1105 case HCI_CHANNEL_LOGGING:
1106 if (haddr.hci_dev != HCI_DEV_NONE) {
1107 err = -EINVAL;
1108 goto done;
1109 }
1110
1111 if (!capable(CAP_NET_ADMIN)) {
1112 err = -EPERM;
1113 goto done;
1114 }
1115 break;
1116
7cc2ade2 1117 default:
801c1e8d
JH		 1118 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
1119 err = -EINVAL;
1120 goto done;
1121 }
1122
1123 if (haddr.hci_dev != HCI_DEV_NONE) {
1124 err = -EINVAL;
1125 goto done;
1126 }
1127
1195fbb8
MH		 1128 /* Users with CAP_NET_ADMIN capabilities are allowed
1129 * access to all management commands and events. For
1130 * untrusted users the interface is restricted and
1131 * also only untrusted events are sent.
50ebc055 1132 */
1195fbb8
MH		 1133 if (capable(CAP_NET_ADMIN))
1134 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
50ebc055 1135
f9207338
MH		 1136 /* At the moment the index and unconfigured index events
1137 * are enabled unconditionally. Setting them on each
1138 * socket when binding keeps this functionality. They
1139 * however might be cleared later and then sending of these
1140 * events will be disabled, but that is then intentional.
f6b7712e
MH		 1141 *
1142 * This also enables generic events that are safe to be
1143 * received by untrusted users. Example for such events
1144 * are changes to settings, class of device, name etc.
f9207338
MH		 1145 */
1146 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) {
249fa169 1147 struct sk_buff *skb;
70ecce91
MH		 1148 int id;
1149
1150 id = ida_simple_get(&sock_cookie_ida, 1, 0, GFP_KERNEL);
1151 if (id < 0)
1152 id = 0xffffffff;
1153
1154 hci_pi(sk)->cookie = id;
1155 get_task_comm(hci_pi(sk)->comm, current);
1156
249fa169
MH		 1157 /* Send event to monitor */
1158 skb = create_monitor_ctrl_open(sk);
1159 if (skb) {
1160 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1161 HCI_SOCK_TRUSTED, NULL);
1162 kfree_skb(skb);
1163 }
1164
f9207338
MH		 1165 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
1166 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
5504c3a3
MH		 1167 hci_sock_set_flag(sk, HCI_MGMT_OPTION_EVENTS);
1168 hci_sock_set_flag(sk, HCI_MGMT_SETTING_EVENTS);
1169 hci_sock_set_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1170 hci_sock_set_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
f9207338 1171 }
801c1e8d 1172 break;
1da177e4
LT		 1173 }
1174
7cc2ade2 1175
0381101f 1176 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 1177 sk->sk_state = BT_BOUND;
1178
1179done:
1180 release_sock(sk);
1181 return err;
1182}
1183
8fc9ced3
GP		 1184static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
1185 int *addr_len, int peer)
1da177e4 1186{
8528d3f7 1187 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
1da177e4 1188 struct sock *sk = sock->sk;
9d4b68b2
MH		 1189 struct hci_dev *hdev;
1190 int err = 0;
1da177e4
LT		 1191
1192 BT_DBG("sock %p sk %p", sock, sk);
1193
06f43cbc
MH		 1194 if (peer)
1195 return -EOPNOTSUPP;
1196
1da177e4
LT		 1197 lock_sock(sk);
1198
9d4b68b2
MH		 1199 hdev = hci_pi(sk)->hdev;
1200 if (!hdev) {
1201 err = -EBADFD;
1202 goto done;
1203 }
1204
1da177e4
LT		 1205 *addr_len = sizeof(*haddr);
1206 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 1207 haddr->hci_dev = hdev->id;
9d4b68b2 1208 haddr->hci_channel= hci_pi(sk)->channel;
1da177e4 1209
9d4b68b2 1210done:
1da177e4 1211 release_sock(sk);
9d4b68b2 1212 return err;
1da177e4
LT		 1213}
1214
6039aa73
GP		 1215static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
1216 struct sk_buff *skb)
1da177e4
LT		 1217{
1218 __u32 mask = hci_pi(sk)->cmsg_mask;
1219
0d48d939
MH		 1220 if (mask & HCI_CMSG_DIR) {
1221 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 1222 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1223 &incoming);
0d48d939 1224 }
1da177e4 1225
a61bbcf2 1226 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 1227#ifdef CONFIG_COMPAT
1228 struct compat_timeval ctv;
1229#endif
a61bbcf2 1230 struct timeval tv;
767c5eb5
MH		 1231 void *data;
1232 int len;
a61bbcf2
PM		 1233
1234 skb_get_timestamp(skb, &tv);
767c5eb5 1235
1da97f83
DM		 1236 data = &tv;
1237 len = sizeof(tv);
1238#ifdef CONFIG_COMPAT
da88cea1
L		 1239 if (!COMPAT_USE_64BIT_TIME &&
1240 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 1241 ctv.tv_sec = tv.tv_sec;
1242 ctv.tv_usec = tv.tv_usec;
1243 data = &ctv;
1244 len = sizeof(ctv);
767c5eb5 1245 }
1da97f83 1246#endif
767c5eb5
MH		 1247
1248 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 1249 }
1da177e4 1250}
8e87d142 1251
8528d3f7
MH		 1252static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1253 size_t len, int flags)
1da177e4
LT		 1254{
1255 int noblock = flags & MSG_DONTWAIT;
1256 struct sock *sk = sock->sk;
1257 struct sk_buff *skb;
1258 int copied, err;
83871f8c 1259 unsigned int skblen;
1da177e4
LT		 1260
1261 BT_DBG("sock %p, sk %p", sock, sk);
1262
d94a6104 1263 if (flags & MSG_OOB)
1da177e4
LT		 1264 return -EOPNOTSUPP;
1265
ac714949
MH		 1266 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1267 return -EOPNOTSUPP;
1268
1da177e4
LT		 1269 if (sk->sk_state == BT_CLOSED)
1270 return 0;
1271
70f23020
AE		 1272 skb = skb_recv_datagram(sk, flags, noblock, &err);
1273 if (!skb)
1da177e4
LT		 1274 return err;
1275
83871f8c 1276 skblen = skb->len;
1da177e4
LT		 1277 copied = skb->len;
1278 if (len < copied) {
1279 msg->msg_flags |= MSG_TRUNC;
1280 copied = len;
1281 }
1282
badff6d0 1283 skb_reset_transport_header(skb);
51f3d02b 1284 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1da177e4 1285
3a208627
MH		 1286 switch (hci_pi(sk)->channel) {
1287 case HCI_CHANNEL_RAW:
1288 hci_sock_cmsg(sk, msg, skb);
1289 break;
23500189 1290 case HCI_CHANNEL_USER:
cd82e61c
MH		 1291 case HCI_CHANNEL_MONITOR:
1292 sock_recv_timestamp(msg, sk, skb);
1293 break;
801c1e8d
JH		 1294 default:
1295 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1296 sock_recv_timestamp(msg, sk, skb);
1297 break;
3a208627 1298 }
1da177e4
LT		 1299
1300 skb_free_datagram(sk, skb);
1301
4f34228b 1302 if (flags & MSG_TRUNC)
83871f8c
DK		 1303 copied = skblen;
1304
1da177e4
LT		 1305 return err ? : copied;
1306}
1307
fa4335d7
JH		 1308static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1309 struct msghdr *msg, size_t msglen)
1310{
1311 void *buf;
1312 u8 *cp;
1313 struct mgmt_hdr *hdr;
1314 u16 opcode, index, len;
1315 struct hci_dev *hdev = NULL;
1316 const struct hci_mgmt_handler *handler;
1317 bool var_len, no_hdev;
1318 int err;
1319
1320 BT_DBG("got %zu bytes", msglen);
1321
1322 if (msglen < sizeof(*hdr))
1323 return -EINVAL;
1324
1325 buf = kmalloc(msglen, GFP_KERNEL);
1326 if (!buf)
1327 return -ENOMEM;
1328
1329 if (memcpy_from_msg(buf, msg, msglen)) {
1330 err = -EFAULT;
1331 goto done;
1332 }
1333
1334 hdr = buf;
1335 opcode = __le16_to_cpu(hdr->opcode);
1336 index = __le16_to_cpu(hdr->index);
1337 len = __le16_to_cpu(hdr->len);
1338
1339 if (len != msglen - sizeof(*hdr)) {
1340 err = -EINVAL;
1341 goto done;
1342 }
1343
38ceaa00
MH		 1344 if (chan->channel == HCI_CHANNEL_CONTROL) {
1345 struct sk_buff *skb;
1346
1347 /* Send event to monitor */
1348 skb = create_monitor_ctrl_command(sk, index, opcode, len,
1349 buf + sizeof(*hdr));
1350 if (skb) {
1351 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1352 HCI_SOCK_TRUSTED, NULL);
1353 kfree_skb(skb);
1354 }
1355 }
1356
fa4335d7
JH		 1357 if (opcode >= chan->handler_count ||
1358 chan->handlers[opcode].func == NULL) {
1359 BT_DBG("Unknown op %u", opcode);
1360 err = mgmt_cmd_status(sk, index, opcode,
1361 MGMT_STATUS_UNKNOWN_COMMAND);
1362 goto done;
1363 }
1364
1365 handler = &chan->handlers[opcode];
1366
1367 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1368 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1369 err = mgmt_cmd_status(sk, index, opcode,
1370 MGMT_STATUS_PERMISSION_DENIED);
1371 goto done;
1372 }
1373
1374 if (index != MGMT_INDEX_NONE) {
1375 hdev = hci_dev_get(index);
1376 if (!hdev) {
1377 err = mgmt_cmd_status(sk, index, opcode,
1378 MGMT_STATUS_INVALID_INDEX);
1379 goto done;
1380 }
1381
1382 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1383 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1384 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1385 err = mgmt_cmd_status(sk, index, opcode,
1386 MGMT_STATUS_INVALID_INDEX);
1387 goto done;
1388 }
1389
1390 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1391 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1392 err = mgmt_cmd_status(sk, index, opcode,
1393 MGMT_STATUS_INVALID_INDEX);
1394 goto done;
1395 }
1396 }
1397
1398 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1399 if (no_hdev != !hdev) {
1400 err = mgmt_cmd_status(sk, index, opcode,
1401 MGMT_STATUS_INVALID_INDEX);
1402 goto done;
1403 }
1404
1405 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1406 if ((var_len && len < handler->data_len) ||
1407 (!var_len && len != handler->data_len)) {
1408 err = mgmt_cmd_status(sk, index, opcode,
1409 MGMT_STATUS_INVALID_PARAMS);
1410 goto done;
1411 }
1412
1413 if (hdev && chan->hdev_init)
1414 chan->hdev_init(sk, hdev);
1415
1416 cp = buf + sizeof(*hdr);
1417
1418 err = handler->func(sk, hdev, cp, len);
1419 if (err < 0)
1420 goto done;
1421
1422 err = msglen;
1423
1424done:
1425 if (hdev)
1426 hci_dev_put(hdev);
1427
1428 kfree(buf);
1429 return err;
1430}
1431
ac714949
MH		 1432static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1433{
1434 struct hci_mon_hdr *hdr;
1435 struct sk_buff *skb;
1436 struct hci_dev *hdev;
1437 u16 index;
1438 int err;
1439
1440 /* The logging frame consists at minimum of the standard header,
1441 * the priority byte, the ident length byte and at least one string
1442 * terminator NUL byte. Anything shorter are invalid packets.
1443 */
1444 if (len < sizeof(*hdr) + 3)
1445 return -EINVAL;
1446
1447 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1448 if (!skb)
1449 return err;
1450
1451 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1452 err = -EFAULT;
1453 goto drop;
1454 }
1455
1456 hdr = (void *)skb->data;
1457
1458 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1459 err = -EINVAL;
1460 goto drop;
1461 }
1462
1463 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1464 __u8 priority = skb->data[sizeof(*hdr)];
1465 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1466
1467 /* Only the priorities 0-7 are valid and with that any other
1468 * value results in an invalid packet.
1469 *
1470 * The priority byte is followed by an ident length byte and
1471 * the NUL terminated ident string. Check that the ident
1472 * length is not overflowing the packet and also that the
1473 * ident string itself is NUL terminated. In case the ident
1474 * length is zero, the length value actually doubles as NUL
1475 * terminator identifier.
1476 *
1477 * The message follows the ident string (if present) and
1478 * must be NUL terminated. Otherwise it is not a valid packet.
1479 */
1480 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1481 ident_len > len - sizeof(*hdr) - 3 ||
1482 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1483 err = -EINVAL;
1484 goto drop;
1485 }
1486 } else {
1487 err = -EINVAL;
1488 goto drop;
1489 }
1490
1491 index = __le16_to_cpu(hdr->index);
1492
1493 if (index != MGMT_INDEX_NONE) {
1494 hdev = hci_dev_get(index);
1495 if (!hdev) {
1496 err = -ENODEV;
1497 goto drop;
1498 }
1499 } else {
1500 hdev = NULL;
1501 }
1502
1503 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1504
1505 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1506 err = len;
1507
1508 if (hdev)
1509 hci_dev_put(hdev);
1510
1511drop:
1512 kfree_skb(skb);
1513 return err;
1514}
1515
1b784140
YX		 1516static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1517 size_t len)
1da177e4
LT		 1518{
1519 struct sock *sk = sock->sk;
801c1e8d 1520 struct hci_mgmt_chan *chan;
1da177e4
LT		 1521 struct hci_dev *hdev;
1522 struct sk_buff *skb;
1523 int err;
1524
1525 BT_DBG("sock %p sk %p", sock, sk);
1526
1527 if (msg->msg_flags & MSG_OOB)
1528 return -EOPNOTSUPP;
1529
1530 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
1531 return -EINVAL;
1532
1533 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1534 return -EINVAL;
1535
1536 lock_sock(sk);
1537
0381101f
JH		 1538 switch (hci_pi(sk)->channel) {
1539 case HCI_CHANNEL_RAW:
23500189 1540 case HCI_CHANNEL_USER:
0381101f 1541 break;
cd82e61c
MH		 1542 case HCI_CHANNEL_MONITOR:
1543 err = -EOPNOTSUPP;
1544 goto done;
ac714949
MH		 1545 case HCI_CHANNEL_LOGGING:
1546 err = hci_logging_frame(sk, msg, len);
1547 goto done;
0381101f 1548 default:
801c1e8d
JH		 1549 mutex_lock(&mgmt_chan_list_lock);
1550 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1551 if (chan)
fa4335d7 1552 err = hci_mgmt_cmd(chan, sk, msg, len);
801c1e8d
JH		 1553 else
1554 err = -EINVAL;
1555
1556 mutex_unlock(&mgmt_chan_list_lock);
0381101f
JH		 1557 goto done;
1558 }
1559
70f23020
AE		 1560 hdev = hci_pi(sk)->hdev;
1561 if (!hdev) {
1da177e4
LT		 1562 err = -EBADFD;
1563 goto done;
1564 }
1565
7e21addc
MH		 1566 if (!test_bit(HCI_UP, &hdev->flags)) {
1567 err = -ENETDOWN;
1568 goto done;
1569 }
1570
70f23020
AE		 1571 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1572 if (!skb)
1da177e4
LT		 1573 goto done;
1574
6ce8e9ce 1575 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1da177e4
LT		 1576 err = -EFAULT;
1577 goto drop;
1578 }
1579
8528d3f7 1580 hci_skb_pkt_type(skb) = skb->data[0];
1da177e4 1581 skb_pull(skb, 1);
1da177e4 1582
1bc5ad16
MH		 1583 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1584 /* No permission check is needed for user channel
1585 * since that gets enforced when binding the socket.
1586 *
1587 * However check that the packet type is valid.
1588 */
d79f34e3
MH		 1589 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1590 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1591 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
1bc5ad16
MH		 1592 err = -EINVAL;
1593 goto drop;
1594 }
1595
1596 skb_queue_tail(&hdev->raw_q, skb);
1597 queue_work(hdev->workqueue, &hdev->tx_work);
d79f34e3 1598 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
83985319 1599 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 1600 u16 ogf = hci_opcode_ogf(opcode);
1601 u16 ocf = hci_opcode_ocf(opcode);
1602
1603 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 1604 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1605 &hci_sec_filter.ocf_mask[ogf])) &&
1606 !capable(CAP_NET_RAW)) {
1da177e4
LT		 1607 err = -EPERM;
1608 goto drop;
1609 }
1610
1982162b
MH		 1611 /* Since the opcode has already been extracted here, store
1612 * a copy of the value for later use by the drivers.
1613 */
1614 hci_skb_opcode(skb) = opcode;
1615
fee746b0 1616 if (ogf == 0x3f) {
1da177e4 1617 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1618 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 1619 } else {
49c922bb 1620 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 1621 * single-command requests.
1622 */
44d27137 1623 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
11714b3d 1624
1da177e4 1625 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 1626 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 1627 }
1628 } else {
1629 if (!capable(CAP_NET_RAW)) {
1630 err = -EPERM;
1631 goto drop;
1632 }
1633
d79f34e3
MH		 1634 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1635 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
bb77543e
MH		 1636 err = -EINVAL;
1637 goto drop;
1638 }
1639
1da177e4 1640 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 1641 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 1642 }
1643
1644 err = len;
1645
1646done:
1647 release_sock(sk);
1648 return err;
1649
1650drop:
1651 kfree_skb(skb);
1652 goto done;
1653}
1654
8fc9ced3
GP		 1655static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1656 char __user *optval, unsigned int len)
1da177e4
LT		 1657{
1658 struct hci_ufilter uf = { .opcode = 0 };
1659 struct sock *sk = sock->sk;
1660 int err = 0, opt = 0;
1661
1662 BT_DBG("sk %p, opt %d", sk, optname);
1663
47b0f573
MH		 1664 if (level != SOL_HCI)
1665 return -ENOPROTOOPT;
1666
1da177e4
LT		 1667 lock_sock(sk);
1668
2f39cdb7 1669 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1670 err = -EBADFD;
2f39cdb7
MH		 1671 goto done;
1672 }
1673
1da177e4
LT		 1674 switch (optname) {
1675 case HCI_DATA_DIR:
1676 if (get_user(opt, (int __user *)optval)) {
1677 err = -EFAULT;
1678 break;
1679 }
1680
1681 if (opt)
1682 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1683 else
1684 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1685 break;
1686
1687 case HCI_TIME_STAMP:
1688 if (get_user(opt, (int __user *)optval)) {
1689 err = -EFAULT;
1690 break;
1691 }
1692
1693 if (opt)
1694 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1695 else
1696 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1697 break;
1698
1699 case HCI_FILTER:
0878b666
MH		 1700 {
1701 struct hci_filter *f = &hci_pi(sk)->filter;
1702
1703 uf.type_mask = f->type_mask;
1704 uf.opcode = f->opcode;
1705 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1706 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1707 }
1708
1da177e4
LT		 1709 len = min_t(unsigned int, len, sizeof(uf));
1710 if (copy_from_user(&uf, optval, len)) {
1711 err = -EFAULT;
1712 break;
1713 }
1714
1715 if (!capable(CAP_NET_RAW)) {
1716 uf.type_mask &= hci_sec_filter.type_mask;
1717 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1718 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1719 }
1720
1721 {
1722 struct hci_filter *f = &hci_pi(sk)->filter;
1723
1724 f->type_mask = uf.type_mask;
1725 f->opcode = uf.opcode;
1726 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1727 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1728 }
8e87d142 1729 break;
1da177e4
LT		 1730
1731 default:
1732 err = -ENOPROTOOPT;
1733 break;
1734 }
1735
2f39cdb7 1736done:
1da177e4
LT		 1737 release_sock(sk);
1738 return err;
1739}
1740
8fc9ced3
GP		 1741static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1742 char __user *optval, int __user *optlen)
1da177e4
LT		 1743{
1744 struct hci_ufilter uf;
1745 struct sock *sk = sock->sk;
cedc5469
MH		 1746 int len, opt, err = 0;
1747
1748 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4 1749
47b0f573
MH		 1750 if (level != SOL_HCI)
1751 return -ENOPROTOOPT;
1752
1da177e4
LT		 1753 if (get_user(len, optlen))
1754 return -EFAULT;
1755
cedc5469
MH		 1756 lock_sock(sk);
1757
1758 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
c2371e80 1759 err = -EBADFD;
cedc5469
MH		 1760 goto done;
1761 }
1762
1da177e4
LT		 1763 switch (optname) {
1764 case HCI_DATA_DIR:
1765 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1766 opt = 1;
8e87d142 1767 else
1da177e4
LT		 1768 opt = 0;
1769
1770 if (put_user(opt, optval))
cedc5469 1771 err = -EFAULT;
1da177e4
LT		 1772 break;
1773
1774 case HCI_TIME_STAMP:
1775 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1776 opt = 1;
8e87d142 1777 else
1da177e4
LT		 1778 opt = 0;
1779
1780 if (put_user(opt, optval))
cedc5469 1781 err = -EFAULT;
1da177e4
LT		 1782 break;
1783
1784 case HCI_FILTER:
1785 {
1786 struct hci_filter *f = &hci_pi(sk)->filter;
1787
e15ca9a0 1788 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1789 uf.type_mask = f->type_mask;
1790 uf.opcode = f->opcode;
1791 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1792 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1793 }
1794
1795 len = min_t(unsigned int, len, sizeof(uf));
1796 if (copy_to_user(optval, &uf, len))
cedc5469 1797 err = -EFAULT;
1da177e4
LT		 1798 break;
1799
1800 default:
cedc5469 1801 err = -ENOPROTOOPT;
1da177e4
LT		 1802 break;
1803 }
1804
cedc5469
MH		 1805done:
1806 release_sock(sk);
1807 return err;
1da177e4
LT		 1808}
1809
90ddc4f0 1810static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1811 .family = PF_BLUETOOTH,
1812 .owner = THIS_MODULE,
1813 .release = hci_sock_release,
1814 .bind = hci_sock_bind,
1815 .getname = hci_sock_getname,
1816 .sendmsg = hci_sock_sendmsg,
1817 .recvmsg = hci_sock_recvmsg,
1818 .ioctl = hci_sock_ioctl,
1819 .poll = datagram_poll,
1820 .listen = sock_no_listen,
1821 .shutdown = sock_no_shutdown,
1822 .setsockopt = hci_sock_setsockopt,
1823 .getsockopt = hci_sock_getsockopt,
1824 .connect = sock_no_connect,
1825 .socketpair = sock_no_socketpair,
1826 .accept = sock_no_accept,
1827 .mmap = sock_no_mmap
1828};
1829
1830static struct proto hci_sk_proto = {
1831 .name = "HCI",
1832 .owner = THIS_MODULE,
1833 .obj_size = sizeof(struct hci_pinfo)
1834};
1835
3f378b68
EP		 1836static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1837 int kern)
1da177e4
LT		 1838{
1839 struct sock *sk;
1840
1841 BT_DBG("sock %p", sock);
1842
1843 if (sock->type != SOCK_RAW)
1844 return -ESOCKTNOSUPPORT;
1845
1846 sock->ops = &hci_sock_ops;
1847
11aa9c28 1848 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
1da177e4
LT		 1849 if (!sk)
1850 return -ENOMEM;
1851
1852 sock_init_data(sock, sk);
1853
1854 sock_reset_flag(sk, SOCK_ZAPPED);
1855
1856 sk->sk_protocol = protocol;
1857
1858 sock->state = SS_UNCONNECTED;
1859 sk->sk_state = BT_OPEN;
1860
1861 bt_sock_link(&hci_sk_list, sk);
1862 return 0;
1863}
1864
ec1b4cf7 1865static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1866 .family = PF_BLUETOOTH,
1867 .owner = THIS_MODULE,
1868 .create = hci_sock_create,
1869};
1870
1da177e4
LT		 1871int __init hci_sock_init(void)
1872{
1873 int err;
1874
b0a8e282
MH		 1875 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1876
1da177e4
LT		 1877 err = proto_register(&hci_sk_proto, 0);
1878 if (err < 0)
1879 return err;
1880
1881 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1882 if (err < 0) {
1883 BT_ERR("HCI socket registration failed");
1da177e4 1884 goto error;
f7c86637
MY		 1885 }
1886
b0316615 1887 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1888 if (err < 0) {
1889 BT_ERR("Failed to create HCI proc file");
1890 bt_sock_unregister(BTPROTO_HCI);
1891 goto error;
1892 }
1da177e4 1893
1da177e4
LT		 1894 BT_INFO("HCI socket layer initialized");
1895
1896 return 0;
1897
1898error:
1da177e4
LT		 1899 proto_unregister(&hci_sk_proto);
1900 return err;
1901}
1902
b7440a14 1903void hci_sock_cleanup(void)
1da177e4 1904{
f7c86637 1905 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1906 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1907 proto_unregister(&hci_sk_proto);
1da177e4 1908}
Ubuntu Jammy Linux kernel mirror