drivers/bluetooth/hci_vhci.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *
   4  *  Bluetooth virtual HCI driver
   5  *
   6  *  Copyright (C) 2000-2001  Qualcomm Incorporated
   7  *  Copyright (C) 2002-2003  Maxim Krasnyansky <maxk@qualcomm.com>
   8  *  Copyright (C) 2004-2006  Marcel Holtmann <marcel@holtmann.org>
   9  */
  10
  11 #include <linux/module.h>
  12 #include <asm/unaligned.h>
  13
  14 #include <linux/kernel.h>
  15 #include <linux/init.h>
  16 #include <linux/slab.h>
  17 #include <linux/types.h>
  18 #include <linux/errno.h>
  19 #include <linux/sched.h>
  20 #include <linux/poll.h>
  21
  22 #include <linux/skbuff.h>
  23 #include <linux/miscdevice.h>
  24 #include <linux/debugfs.h>
  25
  26 #include <net/bluetooth/bluetooth.h>
  27 #include <net/bluetooth/hci_core.h>
  28
  29 #define VERSION "1.5"
  30
  31 static bool amp;
  32
  33 struct vhci_data {
  34         struct hci_dev *hdev;
  35
  36         wait_queue_head_t read_wait;
  37         struct sk_buff_head readq;
  38
  39         struct mutex open_mutex;
  40         struct delayed_work open_timeout;
  41
  42         bool suspended;
  43         bool wakeup;
  44 };
  45
  46 static int vhci_open_dev(struct hci_dev *hdev)
  47 {
  48         return 0;
  49 }
  50
  51 static int vhci_close_dev(struct hci_dev *hdev)
  52 {
  53         struct vhci_data *data = hci_get_drvdata(hdev);
  54
  55         skb_queue_purge(&data->readq);
  56
  57         return 0;
  58 }
  59
  60 static int vhci_flush(struct hci_dev *hdev)
  61 {
  62         struct vhci_data *data = hci_get_drvdata(hdev);
  63
  64         skb_queue_purge(&data->readq);
  65
  66         return 0;
  67 }
  68
  69 static int vhci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
  70 {
  71         struct vhci_data *data = hci_get_drvdata(hdev);
  72
  73         memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
  74         skb_queue_tail(&data->readq, skb);
  75
  76         wake_up_interruptible(&data->read_wait);
  77         return 0;
  78 }
  79
  80 static int vhci_get_data_path_id(struct hci_dev *hdev, u8 *data_path_id)
  81 {
  82         *data_path_id = 0;
  83         return 0;
  84 }
  85
  86 static int vhci_get_codec_config_data(struct hci_dev *hdev, __u8 type,
  87                                       struct bt_codec *codec, __u8 *vnd_len,
  88                                       __u8 **vnd_data)
  89 {
  90         if (type != ESCO_LINK)
  91                 return -EINVAL;
  92
  93         *vnd_len = 0;
  94         *vnd_data = NULL;
  95         return 0;
  96 }
  97
  98 static bool vhci_wakeup(struct hci_dev *hdev)
  99 {
 100         struct vhci_data *data = hci_get_drvdata(hdev);
 101
 102         return data->wakeup;
 103 }
 104
 105 static ssize_t force_suspend_read(struct file *file, char __user *user_buf,
 106                                   size_t count, loff_t *ppos)
 107 {
 108         struct vhci_data *data = file->private_data;
 109         char buf[3];
 110
 111         buf[0] = data->suspended ? 'Y' : 'N';
 112         buf[1] = '\n';
 113         buf[2] = '\0';
 114         return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
 115 }
 116
 117 static ssize_t force_suspend_write(struct file *file,
 118                                    const char __user *user_buf,
 119                                    size_t count, loff_t *ppos)
 120 {
 121         struct vhci_data *data = file->private_data;
 122         bool enable;
 123         int err;
 124
 125         err = kstrtobool_from_user(user_buf, count, &enable);
 126         if (err)
 127                 return err;
 128
 129         if (data->suspended == enable)
 130                 return -EALREADY;
 131
 132         if (enable)
 133                 err = hci_suspend_dev(data->hdev);
 134         else
 135                 err = hci_resume_dev(data->hdev);
 136
 137         if (err)
 138                 return err;
 139
 140         data->suspended = enable;
 141
 142         return count;
 143 }
 144
 145 static const struct file_operations force_suspend_fops = {
 146         .open           = simple_open,
 147         .read           = force_suspend_read,
 148         .write          = force_suspend_write,
 149         .llseek         = default_llseek,
 150 };
 151
 152 static ssize_t force_wakeup_read(struct file *file, char __user *user_buf,
 153                                  size_t count, loff_t *ppos)
 154 {
 155         struct vhci_data *data = file->private_data;
 156         char buf[3];
 157
 158         buf[0] = data->wakeup ? 'Y' : 'N';
 159         buf[1] = '\n';
 160         buf[2] = '\0';
 161         return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
 162 }
 163
 164 static ssize_t force_wakeup_write(struct file *file,
 165                                   const char __user *user_buf, size_t count,
 166                                   loff_t *ppos)
 167 {
 168         struct vhci_data *data = file->private_data;
 169         bool enable;
 170         int err;
 171
 172         err = kstrtobool_from_user(user_buf, count, &enable);
 173         if (err)
 174                 return err;
 175
 176         if (data->wakeup == enable)
 177                 return -EALREADY;
 178
 179         return count;
 180 }
 181
 182 static const struct file_operations force_wakeup_fops = {
 183         .open           = simple_open,
 184         .read           = force_wakeup_read,
 185         .write          = force_wakeup_write,
 186         .llseek         = default_llseek,
 187 };
 188
 189 static int __vhci_create_device(struct vhci_data *data, __u8 opcode)
 190 {
 191         struct hci_dev *hdev;
 192         struct sk_buff *skb;
 193         __u8 dev_type;
 194
 195         if (data->hdev)
 196                 return -EBADFD;
 197
 198         /* bits 0-1 are dev_type (Primary or AMP) */
 199         dev_type = opcode & 0x03;
 200
 201         if (dev_type != HCI_PRIMARY && dev_type != HCI_AMP)
 202                 return -EINVAL;
 203
 204         /* bits 2-5 are reserved (must be zero) */
 205         if (opcode & 0x3c)
 206                 return -EINVAL;
 207
 208         skb = bt_skb_alloc(4, GFP_KERNEL);
 209         if (!skb)
 210                 return -ENOMEM;
 211
 212         hdev = hci_alloc_dev();
 213         if (!hdev) {
 214                 kfree_skb(skb);
 215                 return -ENOMEM;
 216         }
 217
 218         data->hdev = hdev;
 219
 220         hdev->bus = HCI_VIRTUAL;
 221         hdev->dev_type = dev_type;
 222         hci_set_drvdata(hdev, data);
 223
 224         hdev->open  = vhci_open_dev;
 225         hdev->close = vhci_close_dev;
 226         hdev->flush = vhci_flush;
 227         hdev->send  = vhci_send_frame;
 228         hdev->get_data_path_id = vhci_get_data_path_id;
 229         hdev->get_codec_config_data = vhci_get_codec_config_data;
 230         hdev->wakeup = vhci_wakeup;
 231
 232         /* bit 6 is for external configuration */
 233         if (opcode & 0x40)
 234                 set_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks);
 235
 236         /* bit 7 is for raw device */
 237         if (opcode & 0x80)
 238                 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
 239
 240         if (hci_register_dev(hdev) < 0) {
 241                 BT_ERR("Can't register HCI device");
 242                 hci_free_dev(hdev);
 243                 data->hdev = NULL;
 244                 kfree_skb(skb);
 245                 return -EBUSY;
 246         }
 247
 248         debugfs_create_file("force_suspend", 0644, hdev->debugfs, data,
 249                             &force_suspend_fops);
 250
 251         debugfs_create_file("force_wakeup", 0644, hdev->debugfs, data,
 252                             &force_wakeup_fops);
 253
 254         hci_skb_pkt_type(skb) = HCI_VENDOR_PKT;
 255
 256         skb_put_u8(skb, 0xff);
 257         skb_put_u8(skb, opcode);
 258         put_unaligned_le16(hdev->id, skb_put(skb, 2));
 259         skb_queue_tail(&data->readq, skb);
 260
 261         wake_up_interruptible(&data->read_wait);
 262         return 0;
 263 }
 264
 265 static int vhci_create_device(struct vhci_data *data, __u8 opcode)
 266 {
 267         int err;
 268
 269         mutex_lock(&data->open_mutex);
 270         err = __vhci_create_device(data, opcode);
 271         mutex_unlock(&data->open_mutex);
 272
 273         return err;
 274 }
 275
 276 static inline ssize_t vhci_get_user(struct vhci_data *data,
 277                                     struct iov_iter *from)
 278 {
 279         size_t len = iov_iter_count(from);
 280         struct sk_buff *skb;
 281         __u8 pkt_type, opcode;
 282         int ret;
 283
 284         if (len < 2 || len > HCI_MAX_FRAME_SIZE)
 285                 return -EINVAL;
 286
 287         skb = bt_skb_alloc(len, GFP_KERNEL);
 288         if (!skb)
 289                 return -ENOMEM;
 290
 291         if (!copy_from_iter_full(skb_put(skb, len), len, from)) {
 292                 kfree_skb(skb);
 293                 return -EFAULT;
 294         }
 295
 296         pkt_type = *((__u8 *) skb->data);
 297         skb_pull(skb, 1);
 298
 299         switch (pkt_type) {
 300         case HCI_EVENT_PKT:
 301         case HCI_ACLDATA_PKT:
 302         case HCI_SCODATA_PKT:
 303         case HCI_ISODATA_PKT:
 304                 if (!data->hdev) {
 305                         kfree_skb(skb);
 306                         return -ENODEV;
 307                 }
 308
 309                 hci_skb_pkt_type(skb) = pkt_type;
 310
 311                 ret = hci_recv_frame(data->hdev, skb);
 312                 break;
 313
 314         case HCI_VENDOR_PKT:
 315                 cancel_delayed_work_sync(&data->open_timeout);
 316
 317                 opcode = *((__u8 *) skb->data);
 318                 skb_pull(skb, 1);
 319
 320                 if (skb->len > 0) {
 321                         kfree_skb(skb);
 322                         return -EINVAL;
 323                 }
 324
 325                 kfree_skb(skb);
 326
 327                 ret = vhci_create_device(data, opcode);
 328                 break;
 329
 330         default:
 331                 kfree_skb(skb);
 332                 return -EINVAL;
 333         }
 334
 335         return (ret < 0) ? ret : len;
 336 }
 337
 338 static inline ssize_t vhci_put_user(struct vhci_data *data,
 339                                     struct sk_buff *skb,
 340                                     char __user *buf, int count)
 341 {
 342         char __user *ptr = buf;
 343         int len;
 344
 345         len = min_t(unsigned int, skb->len, count);
 346
 347         if (copy_to_user(ptr, skb->data, len))
 348                 return -EFAULT;
 349
 350         if (!data->hdev)
 351                 return len;
 352
 353         data->hdev->stat.byte_tx += len;
 354
 355         switch (hci_skb_pkt_type(skb)) {
 356         case HCI_COMMAND_PKT:
 357                 data->hdev->stat.cmd_tx++;
 358                 break;
 359         case HCI_ACLDATA_PKT:
 360                 data->hdev->stat.acl_tx++;
 361                 break;
 362         case HCI_SCODATA_PKT:
 363                 data->hdev->stat.sco_tx++;
 364                 break;
 365         }
 366
 367         return len;
 368 }
 369
 370 static ssize_t vhci_read(struct file *file,
 371                          char __user *buf, size_t count, loff_t *pos)
 372 {
 373         struct vhci_data *data = file->private_data;
 374         struct sk_buff *skb;
 375         ssize_t ret = 0;
 376
 377         while (count) {
 378                 skb = skb_dequeue(&data->readq);
 379                 if (skb) {
 380                         ret = vhci_put_user(data, skb, buf, count);
 381                         if (ret < 0)
 382                                 skb_queue_head(&data->readq, skb);
 383                         else
 384                                 kfree_skb(skb);
 385                         break;
 386                 }
 387
 388                 if (file->f_flags & O_NONBLOCK) {
 389                         ret = -EAGAIN;
 390                         break;
 391                 }
 392
 393                 ret = wait_event_interruptible(data->read_wait,
 394                                                !skb_queue_empty(&data->readq));
 395                 if (ret < 0)
 396                         break;
 397         }
 398
 399         return ret;
 400 }
 401
 402 static ssize_t vhci_write(struct kiocb *iocb, struct iov_iter *from)
 403 {
 404         struct file *file = iocb->ki_filp;
 405         struct vhci_data *data = file->private_data;
 406
 407         return vhci_get_user(data, from);
 408 }
 409
 410 static __poll_t vhci_poll(struct file *file, poll_table *wait)
 411 {
 412         struct vhci_data *data = file->private_data;
 413
 414         poll_wait(file, &data->read_wait, wait);
 415
 416         if (!skb_queue_empty(&data->readq))
 417                 return EPOLLIN | EPOLLRDNORM;
 418
 419         return EPOLLOUT | EPOLLWRNORM;
 420 }
 421
 422 static void vhci_open_timeout(struct work_struct *work)
 423 {
 424         struct vhci_data *data = container_of(work, struct vhci_data,
 425                                               open_timeout.work);
 426
 427         vhci_create_device(data, amp ? HCI_AMP : HCI_PRIMARY);
 428 }
 429
 430 static int vhci_open(struct inode *inode, struct file *file)
 431 {
 432         struct vhci_data *data;
 433
 434         data = kzalloc(sizeof(struct vhci_data), GFP_KERNEL);
 435         if (!data)
 436                 return -ENOMEM;
 437
 438         skb_queue_head_init(&data->readq);
 439         init_waitqueue_head(&data->read_wait);
 440
 441         mutex_init(&data->open_mutex);
 442         INIT_DELAYED_WORK(&data->open_timeout, vhci_open_timeout);
 443
 444         file->private_data = data;
 445         nonseekable_open(inode, file);
 446
 447         schedule_delayed_work(&data->open_timeout, msecs_to_jiffies(1000));
 448
 449         return 0;
 450 }
 451
 452 static int vhci_release(struct inode *inode, struct file *file)
 453 {
 454         struct vhci_data *data = file->private_data;
 455         struct hci_dev *hdev;
 456
 457         cancel_delayed_work_sync(&data->open_timeout);
 458
 459         hdev = data->hdev;
 460
 461         if (hdev) {
 462                 hci_unregister_dev(hdev);
 463                 hci_free_dev(hdev);
 464         }
 465
 466         skb_queue_purge(&data->readq);
 467         file->private_data = NULL;
 468         kfree(data);
 469
 470         return 0;
 471 }
 472
 473 static const struct file_operations vhci_fops = {
 474         .owner          = THIS_MODULE,
 475         .read           = vhci_read,
 476         .write_iter     = vhci_write,
 477         .poll           = vhci_poll,
 478         .open           = vhci_open,
 479         .release        = vhci_release,
 480         .llseek         = no_llseek,
 481 };
 482
 483 static struct miscdevice vhci_miscdev = {
 484         .name   = "vhci",
 485         .fops   = &vhci_fops,
 486         .minor  = VHCI_MINOR,
 487 };
 488 module_misc_device(vhci_miscdev);
 489
 490 module_param(amp, bool, 0644);
 491 MODULE_PARM_DESC(amp, "Create AMP controller device");
 492
 493 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
 494 MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION);
 495 MODULE_VERSION(VERSION);
 496 MODULE_LICENSE("GPL");
 497 MODULE_ALIAS("devname:vhci");
 498 MODULE_ALIAS_MISCDEV(VHCI_MINOR);