2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
26 #include <linux/compat.h>
27 #include <linux/export.h>
28 #include <linux/utsname.h>
29 #include <linux/sched.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/hci_mon.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "mgmt_util.h"
39 static LIST_HEAD(mgmt_chan_list);
40 static DEFINE_MUTEX(mgmt_chan_list_lock);
42 static DEFINE_IDA(sock_cookie_ida);
44 static atomic_t monitor_promisc = ATOMIC_INIT(0);
46 /* ----- HCI socket interface ----- */
49 #define hci_pi(sk) ((struct hci_pinfo *) sk)
54 struct hci_filter filter;
56 unsigned short channel;
59 char comm[TASK_COMM_LEN];
62 void hci_sock_set_flag(struct sock *sk, int nr)
64 set_bit(nr, &hci_pi(sk)->flags);
67 void hci_sock_clear_flag(struct sock *sk, int nr)
69 clear_bit(nr, &hci_pi(sk)->flags);
72 int hci_sock_test_flag(struct sock *sk, int nr)
74 return test_bit(nr, &hci_pi(sk)->flags);
77 unsigned short hci_sock_get_channel(struct sock *sk)
79 return hci_pi(sk)->channel;
82 u32 hci_sock_get_cookie(struct sock *sk)
84 return hci_pi(sk)->cookie;
87 static bool hci_sock_gen_cookie(struct sock *sk)
89 int id = hci_pi(sk)->cookie;
92 id = ida_simple_get(&sock_cookie_ida, 1, 0, GFP_KERNEL);
96 hci_pi(sk)->cookie = id;
97 get_task_comm(hci_pi(sk)->comm, current);
104 static void hci_sock_free_cookie(struct sock *sk)
106 int id = hci_pi(sk)->cookie;
109 hci_pi(sk)->cookie = 0xffffffff;
110 ida_simple_remove(&sock_cookie_ida, id);
114 static inline int hci_test_bit(int nr, const void *addr)
116 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
119 /* Security filter */
120 #define HCI_SFLT_MAX_OGF 5
122 struct hci_sec_filter {
125 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
128 static const struct hci_sec_filter hci_sec_filter = {
132 { 0x1000d9fe, 0x0000b00c },
137 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
138 /* OGF_LINK_POLICY */
139 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
141 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
143 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
144 /* OGF_STATUS_PARAM */
145 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
149 static struct bt_sock_list hci_sk_list = {
150 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
153 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
155 struct hci_filter *flt;
156 int flt_type, flt_event;
159 flt = &hci_pi(sk)->filter;
161 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
163 if (!test_bit(flt_type, &flt->type_mask))
166 /* Extra filter for event packets only */
167 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
170 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
172 if (!hci_test_bit(flt_event, &flt->event_mask))
175 /* Check filter only when opcode is set */
179 if (flt_event == HCI_EV_CMD_COMPLETE &&
180 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
183 if (flt_event == HCI_EV_CMD_STATUS &&
184 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
190 /* Send frame to RAW socket */
191 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
194 struct sk_buff *skb_copy = NULL;
196 BT_DBG("hdev %p len %d", hdev, skb->len);
198 read_lock(&hci_sk_list.lock);
200 sk_for_each(sk, &hci_sk_list.head) {
201 struct sk_buff *nskb;
203 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
206 /* Don't send frame to the socket it came from */
210 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
211 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
212 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
213 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
214 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
216 if (is_filtered_packet(sk, skb))
218 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
219 if (!bt_cb(skb)->incoming)
221 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
222 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
223 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
226 /* Don't send frame to other channel types */
231 /* Create a private copy with headroom */
232 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
236 /* Put type byte before the data */
237 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
240 nskb = skb_clone(skb_copy, GFP_ATOMIC);
244 if (sock_queue_rcv_skb(sk, nskb))
248 read_unlock(&hci_sk_list.lock);
253 /* Send frame to sockets with specific channel */
254 static void __hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
255 int flag, struct sock *skip_sk)
259 BT_DBG("channel %u len %d", channel, skb->len);
261 sk_for_each(sk, &hci_sk_list.head) {
262 struct sk_buff *nskb;
264 /* Ignore socket without the flag set */
265 if (!hci_sock_test_flag(sk, flag))
268 /* Skip the original socket */
272 if (sk->sk_state != BT_BOUND)
275 if (hci_pi(sk)->channel != channel)
278 nskb = skb_clone(skb, GFP_ATOMIC);
282 if (sock_queue_rcv_skb(sk, nskb))
288 void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
289 int flag, struct sock *skip_sk)
291 read_lock(&hci_sk_list.lock);
292 __hci_send_to_channel(channel, skb, flag, skip_sk);
293 read_unlock(&hci_sk_list.lock);
296 /* Send frame to monitor socket */
297 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
299 struct sk_buff *skb_copy = NULL;
300 struct hci_mon_hdr *hdr;
303 if (!atomic_read(&monitor_promisc))
306 BT_DBG("hdev %p len %d", hdev, skb->len);
308 switch (hci_skb_pkt_type(skb)) {
309 case HCI_COMMAND_PKT:
310 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
313 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
315 case HCI_ACLDATA_PKT:
316 if (bt_cb(skb)->incoming)
317 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
319 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
321 case HCI_SCODATA_PKT:
322 if (bt_cb(skb)->incoming)
323 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
325 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
328 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
334 /* Create a private copy with headroom */
335 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
339 /* Put header before the data */
340 hdr = skb_push(skb_copy, HCI_MON_HDR_SIZE);
341 hdr->opcode = opcode;
342 hdr->index = cpu_to_le16(hdev->id);
343 hdr->len = cpu_to_le16(skb->len);
345 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
346 HCI_SOCK_TRUSTED, NULL);
350 void hci_send_monitor_ctrl_event(struct hci_dev *hdev, u16 event,
351 void *data, u16 data_len, ktime_t tstamp,
352 int flag, struct sock *skip_sk)
358 index = cpu_to_le16(hdev->id);
360 index = cpu_to_le16(MGMT_INDEX_NONE);
362 read_lock(&hci_sk_list.lock);
364 sk_for_each(sk, &hci_sk_list.head) {
365 struct hci_mon_hdr *hdr;
368 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
371 /* Ignore socket without the flag set */
372 if (!hci_sock_test_flag(sk, flag))
375 /* Skip the original socket */
379 skb = bt_skb_alloc(6 + data_len, GFP_ATOMIC);
383 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
384 put_unaligned_le16(event, skb_put(skb, 2));
387 skb_put_data(skb, data, data_len);
389 skb->tstamp = tstamp;
391 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
392 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_EVENT);
394 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
396 __hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
397 HCI_SOCK_TRUSTED, NULL);
401 read_unlock(&hci_sk_list.lock);
404 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
406 struct hci_mon_hdr *hdr;
407 struct hci_mon_new_index *ni;
408 struct hci_mon_index_info *ii;
414 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
418 ni = skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
419 ni->type = hdev->dev_type;
421 bacpy(&ni->bdaddr, &hdev->bdaddr);
422 memcpy(ni->name, hdev->name, 8);
424 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
428 skb = bt_skb_alloc(0, GFP_ATOMIC);
432 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
436 if (hdev->manufacturer == 0xffff)
442 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
446 ii = skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
447 bacpy(&ii->bdaddr, &hdev->bdaddr);
448 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
450 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
454 skb = bt_skb_alloc(0, GFP_ATOMIC);
458 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
462 skb = bt_skb_alloc(0, GFP_ATOMIC);
466 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
473 __net_timestamp(skb);
475 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
476 hdr->opcode = opcode;
477 hdr->index = cpu_to_le16(hdev->id);
478 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
483 static struct sk_buff *create_monitor_ctrl_open(struct sock *sk)
485 struct hci_mon_hdr *hdr;
491 /* No message needed when cookie is not present */
492 if (!hci_pi(sk)->cookie)
495 switch (hci_pi(sk)->channel) {
496 case HCI_CHANNEL_RAW:
498 ver[0] = BT_SUBSYS_VERSION;
499 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
501 case HCI_CHANNEL_USER:
503 ver[0] = BT_SUBSYS_VERSION;
504 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
506 case HCI_CHANNEL_CONTROL:
508 mgmt_fill_version_info(ver);
511 /* No message for unsupported format */
515 skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
519 flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
521 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
522 put_unaligned_le16(format, skb_put(skb, 2));
523 skb_put_data(skb, ver, sizeof(ver));
524 put_unaligned_le32(flags, skb_put(skb, 4));
525 skb_put_u8(skb, TASK_COMM_LEN);
526 skb_put_data(skb, hci_pi(sk)->comm, TASK_COMM_LEN);
528 __net_timestamp(skb);
530 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
531 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_OPEN);
532 if (hci_pi(sk)->hdev)
533 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
535 hdr->index = cpu_to_le16(HCI_DEV_NONE);
536 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
541 static struct sk_buff *create_monitor_ctrl_close(struct sock *sk)
543 struct hci_mon_hdr *hdr;
546 /* No message needed when cookie is not present */
547 if (!hci_pi(sk)->cookie)
550 switch (hci_pi(sk)->channel) {
551 case HCI_CHANNEL_RAW:
552 case HCI_CHANNEL_USER:
553 case HCI_CHANNEL_CONTROL:
556 /* No message for unsupported format */
560 skb = bt_skb_alloc(4, GFP_ATOMIC);
564 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
566 __net_timestamp(skb);
568 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
569 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_CLOSE);
570 if (hci_pi(sk)->hdev)
571 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
573 hdr->index = cpu_to_le16(HCI_DEV_NONE);
574 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
579 static struct sk_buff *create_monitor_ctrl_command(struct sock *sk, u16 index,
583 struct hci_mon_hdr *hdr;
586 skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
590 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
591 put_unaligned_le16(opcode, skb_put(skb, 2));
594 skb_put_data(skb, buf, len);
596 __net_timestamp(skb);
598 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
599 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_COMMAND);
600 hdr->index = cpu_to_le16(index);
601 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
606 static void __printf(2, 3)
607 send_monitor_note(struct sock *sk, const char *fmt, ...)
610 struct hci_mon_hdr *hdr;
615 len = vsnprintf(NULL, 0, fmt, args);
618 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
623 vsprintf(skb_put(skb, len), fmt, args);
624 *(u8 *)skb_put(skb, 1) = 0;
627 __net_timestamp(skb);
629 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
630 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
631 hdr->index = cpu_to_le16(HCI_DEV_NONE);
632 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
634 if (sock_queue_rcv_skb(sk, skb))
638 static void send_monitor_replay(struct sock *sk)
640 struct hci_dev *hdev;
642 read_lock(&hci_dev_list_lock);
644 list_for_each_entry(hdev, &hci_dev_list, list) {
647 skb = create_monitor_event(hdev, HCI_DEV_REG);
651 if (sock_queue_rcv_skb(sk, skb))
654 if (!test_bit(HCI_RUNNING, &hdev->flags))
657 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
661 if (sock_queue_rcv_skb(sk, skb))
664 if (test_bit(HCI_UP, &hdev->flags))
665 skb = create_monitor_event(hdev, HCI_DEV_UP);
666 else if (hci_dev_test_flag(hdev, HCI_SETUP))
667 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
672 if (sock_queue_rcv_skb(sk, skb))
677 read_unlock(&hci_dev_list_lock);
680 static void send_monitor_control_replay(struct sock *mon_sk)
684 read_lock(&hci_sk_list.lock);
686 sk_for_each(sk, &hci_sk_list.head) {
689 skb = create_monitor_ctrl_open(sk);
693 if (sock_queue_rcv_skb(mon_sk, skb))
697 read_unlock(&hci_sk_list.lock);
700 /* Generate internal stack event */
701 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
703 struct hci_event_hdr *hdr;
704 struct hci_ev_stack_internal *ev;
707 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
711 hdr = skb_put(skb, HCI_EVENT_HDR_SIZE);
712 hdr->evt = HCI_EV_STACK_INTERNAL;
713 hdr->plen = sizeof(*ev) + dlen;
715 ev = skb_put(skb, sizeof(*ev) + dlen);
717 memcpy(ev->data, data, dlen);
719 bt_cb(skb)->incoming = 1;
720 __net_timestamp(skb);
722 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
723 hci_send_to_sock(hdev, skb);
727 void hci_sock_dev_event(struct hci_dev *hdev, int event)
729 BT_DBG("hdev %s event %d", hdev->name, event);
731 if (atomic_read(&monitor_promisc)) {
734 /* Send event to monitor */
735 skb = create_monitor_event(hdev, event);
737 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
738 HCI_SOCK_TRUSTED, NULL);
743 if (event <= HCI_DEV_DOWN) {
744 struct hci_ev_si_device ev;
746 /* Send event to sockets */
748 ev.dev_id = hdev->id;
749 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
752 if (event == HCI_DEV_UNREG) {
755 /* Detach sockets from device */
756 read_lock(&hci_sk_list.lock);
757 sk_for_each(sk, &hci_sk_list.head) {
758 bh_lock_sock_nested(sk);
759 if (hci_pi(sk)->hdev == hdev) {
760 hci_pi(sk)->hdev = NULL;
762 sk->sk_state = BT_OPEN;
763 sk->sk_state_change(sk);
769 read_unlock(&hci_sk_list.lock);
773 static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
775 struct hci_mgmt_chan *c;
777 list_for_each_entry(c, &mgmt_chan_list, list) {
778 if (c->channel == channel)
785 static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
787 struct hci_mgmt_chan *c;
789 mutex_lock(&mgmt_chan_list_lock);
790 c = __hci_mgmt_chan_find(channel);
791 mutex_unlock(&mgmt_chan_list_lock);
796 int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
798 if (c->channel < HCI_CHANNEL_CONTROL)
801 mutex_lock(&mgmt_chan_list_lock);
802 if (__hci_mgmt_chan_find(c->channel)) {
803 mutex_unlock(&mgmt_chan_list_lock);
807 list_add_tail(&c->list, &mgmt_chan_list);
809 mutex_unlock(&mgmt_chan_list_lock);
813 EXPORT_SYMBOL(hci_mgmt_chan_register);
815 void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
817 mutex_lock(&mgmt_chan_list_lock);
819 mutex_unlock(&mgmt_chan_list_lock);
821 EXPORT_SYMBOL(hci_mgmt_chan_unregister);
823 static int hci_sock_release(struct socket *sock)
825 struct sock *sk = sock->sk;
826 struct hci_dev *hdev;
829 BT_DBG("sock %p sk %p", sock, sk);
834 switch (hci_pi(sk)->channel) {
835 case HCI_CHANNEL_MONITOR:
836 atomic_dec(&monitor_promisc);
838 case HCI_CHANNEL_RAW:
839 case HCI_CHANNEL_USER:
840 case HCI_CHANNEL_CONTROL:
841 /* Send event to monitor */
842 skb = create_monitor_ctrl_close(sk);
844 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
845 HCI_SOCK_TRUSTED, NULL);
849 hci_sock_free_cookie(sk);
853 bt_sock_unlink(&hci_sk_list, sk);
855 hdev = hci_pi(sk)->hdev;
857 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
858 /* When releasing a user channel exclusive access,
859 * call hci_dev_do_close directly instead of calling
860 * hci_dev_close to ensure the exclusive access will
861 * be released and the controller brought back down.
863 * The checking of HCI_AUTO_OFF is not needed in this
864 * case since it will have been cleared already when
865 * opening the user channel.
867 hci_dev_do_close(hdev);
868 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
869 mgmt_index_added(hdev);
872 atomic_dec(&hdev->promisc);
878 skb_queue_purge(&sk->sk_receive_queue);
879 skb_queue_purge(&sk->sk_write_queue);
885 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
890 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
895 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
897 hci_dev_unlock(hdev);
902 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
907 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
912 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
914 hci_dev_unlock(hdev);
919 /* Ioctls that require bound socket */
920 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
923 struct hci_dev *hdev = hci_pi(sk)->hdev;
928 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
931 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
934 if (hdev->dev_type != HCI_PRIMARY)
939 if (!capable(CAP_NET_ADMIN))
944 return hci_get_conn_info(hdev, (void __user *)arg);
947 return hci_get_auth_info(hdev, (void __user *)arg);
950 if (!capable(CAP_NET_ADMIN))
952 return hci_sock_blacklist_add(hdev, (void __user *)arg);
955 if (!capable(CAP_NET_ADMIN))
957 return hci_sock_blacklist_del(hdev, (void __user *)arg);
963 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
966 void __user *argp = (void __user *)arg;
967 struct sock *sk = sock->sk;
970 BT_DBG("cmd %x arg %lx", cmd, arg);
974 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
979 /* When calling an ioctl on an unbound raw socket, then ensure
980 * that the monitor gets informed. Ensure that the resulting event
981 * is only send once by checking if the cookie exists or not. The
982 * socket cookie will be only ever generated once for the lifetime
985 if (hci_sock_gen_cookie(sk)) {
988 if (capable(CAP_NET_ADMIN))
989 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
991 /* Send event to monitor */
992 skb = create_monitor_ctrl_open(sk);
994 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
995 HCI_SOCK_TRUSTED, NULL);
1004 return hci_get_dev_list(argp);
1007 return hci_get_dev_info(argp);
1009 case HCIGETCONNLIST:
1010 return hci_get_conn_list(argp);
1013 if (!capable(CAP_NET_ADMIN))
1015 return hci_dev_open(arg);
1018 if (!capable(CAP_NET_ADMIN))
1020 return hci_dev_close(arg);
1023 if (!capable(CAP_NET_ADMIN))
1025 return hci_dev_reset(arg);
1028 if (!capable(CAP_NET_ADMIN))
1030 return hci_dev_reset_stat(arg);
1037 case HCISETLINKMODE:
1040 if (!capable(CAP_NET_ADMIN))
1042 return hci_dev_cmd(cmd, argp);
1045 return hci_inquiry(argp);
1050 err = hci_sock_bound_ioctl(sk, cmd, arg);
1057 #ifdef CONFIG_COMPAT
1058 static int hci_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
1066 return hci_sock_ioctl(sock, cmd, arg);
1069 return hci_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
1073 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
1076 struct sockaddr_hci haddr;
1077 struct sock *sk = sock->sk;
1078 struct hci_dev *hdev = NULL;
1079 struct sk_buff *skb;
1082 BT_DBG("sock %p sk %p", sock, sk);
1087 memset(&haddr, 0, sizeof(haddr));
1088 len = min_t(unsigned int, sizeof(haddr), addr_len);
1089 memcpy(&haddr, addr, len);
1091 if (haddr.hci_family != AF_BLUETOOTH)
1096 if (sk->sk_state == BT_BOUND) {
1101 switch (haddr.hci_channel) {
1102 case HCI_CHANNEL_RAW:
1103 if (hci_pi(sk)->hdev) {
1108 if (haddr.hci_dev != HCI_DEV_NONE) {
1109 hdev = hci_dev_get(haddr.hci_dev);
1115 atomic_inc(&hdev->promisc);
1118 hci_pi(sk)->channel = haddr.hci_channel;
1120 if (!hci_sock_gen_cookie(sk)) {
1121 /* In the case when a cookie has already been assigned,
1122 * then there has been already an ioctl issued against
1123 * an unbound socket and with that triggerd an open
1124 * notification. Send a close notification first to
1125 * allow the state transition to bounded.
1127 skb = create_monitor_ctrl_close(sk);
1129 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1130 HCI_SOCK_TRUSTED, NULL);
1135 if (capable(CAP_NET_ADMIN))
1136 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1138 hci_pi(sk)->hdev = hdev;
1140 /* Send event to monitor */
1141 skb = create_monitor_ctrl_open(sk);
1143 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1144 HCI_SOCK_TRUSTED, NULL);
1149 case HCI_CHANNEL_USER:
1150 if (hci_pi(sk)->hdev) {
1155 if (haddr.hci_dev == HCI_DEV_NONE) {
1160 if (!capable(CAP_NET_ADMIN)) {
1165 hdev = hci_dev_get(haddr.hci_dev);
1171 if (test_bit(HCI_INIT, &hdev->flags) ||
1172 hci_dev_test_flag(hdev, HCI_SETUP) ||
1173 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1174 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1175 test_bit(HCI_UP, &hdev->flags))) {
1181 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
1187 mgmt_index_removed(hdev);
1189 err = hci_dev_open(hdev->id);
1191 if (err == -EALREADY) {
1192 /* In case the transport is already up and
1193 * running, clear the error here.
1195 * This can happen when opening a user
1196 * channel and HCI_AUTO_OFF grace period
1201 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
1202 mgmt_index_added(hdev);
1208 hci_pi(sk)->channel = haddr.hci_channel;
1210 if (!hci_sock_gen_cookie(sk)) {
1211 /* In the case when a cookie has already been assigned,
1212 * this socket will transition from a raw socket into
1213 * a user channel socket. For a clean transition, send
1214 * the close notification first.
1216 skb = create_monitor_ctrl_close(sk);
1218 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1219 HCI_SOCK_TRUSTED, NULL);
1224 /* The user channel is restricted to CAP_NET_ADMIN
1225 * capabilities and with that implicitly trusted.
1227 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1229 hci_pi(sk)->hdev = hdev;
1231 /* Send event to monitor */
1232 skb = create_monitor_ctrl_open(sk);
1234 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1235 HCI_SOCK_TRUSTED, NULL);
1239 atomic_inc(&hdev->promisc);
1242 case HCI_CHANNEL_MONITOR:
1243 if (haddr.hci_dev != HCI_DEV_NONE) {
1248 if (!capable(CAP_NET_RAW)) {
1253 hci_pi(sk)->channel = haddr.hci_channel;
1255 /* The monitor interface is restricted to CAP_NET_RAW
1256 * capabilities and with that implicitly trusted.
1258 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1260 send_monitor_note(sk, "Linux version %s (%s)",
1261 init_utsname()->release,
1262 init_utsname()->machine);
1263 send_monitor_note(sk, "Bluetooth subsystem version %u.%u",
1264 BT_SUBSYS_VERSION, BT_SUBSYS_REVISION);
1265 send_monitor_replay(sk);
1266 send_monitor_control_replay(sk);
1268 atomic_inc(&monitor_promisc);
1271 case HCI_CHANNEL_LOGGING:
1272 if (haddr.hci_dev != HCI_DEV_NONE) {
1277 if (!capable(CAP_NET_ADMIN)) {
1282 hci_pi(sk)->channel = haddr.hci_channel;
1286 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
1291 if (haddr.hci_dev != HCI_DEV_NONE) {
1296 /* Users with CAP_NET_ADMIN capabilities are allowed
1297 * access to all management commands and events. For
1298 * untrusted users the interface is restricted and
1299 * also only untrusted events are sent.
1301 if (capable(CAP_NET_ADMIN))
1302 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1304 hci_pi(sk)->channel = haddr.hci_channel;
1306 /* At the moment the index and unconfigured index events
1307 * are enabled unconditionally. Setting them on each
1308 * socket when binding keeps this functionality. They
1309 * however might be cleared later and then sending of these
1310 * events will be disabled, but that is then intentional.
1312 * This also enables generic events that are safe to be
1313 * received by untrusted users. Example for such events
1314 * are changes to settings, class of device, name etc.
1316 if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
1317 if (!hci_sock_gen_cookie(sk)) {
1318 /* In the case when a cookie has already been
1319 * assigned, this socket will transtion from
1320 * a raw socket into a control socket. To
1321 * allow for a clean transtion, send the
1322 * close notification first.
1324 skb = create_monitor_ctrl_close(sk);
1326 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1327 HCI_SOCK_TRUSTED, NULL);
1332 /* Send event to monitor */
1333 skb = create_monitor_ctrl_open(sk);
1335 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1336 HCI_SOCK_TRUSTED, NULL);
1340 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
1341 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
1342 hci_sock_set_flag(sk, HCI_MGMT_OPTION_EVENTS);
1343 hci_sock_set_flag(sk, HCI_MGMT_SETTING_EVENTS);
1344 hci_sock_set_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1345 hci_sock_set_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1350 sk->sk_state = BT_BOUND;
1357 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
1360 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
1361 struct sock *sk = sock->sk;
1362 struct hci_dev *hdev;
1365 BT_DBG("sock %p sk %p", sock, sk);
1372 hdev = hci_pi(sk)->hdev;
1378 haddr->hci_family = AF_BLUETOOTH;
1379 haddr->hci_dev = hdev->id;
1380 haddr->hci_channel= hci_pi(sk)->channel;
1381 err = sizeof(*haddr);
1388 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
1389 struct sk_buff *skb)
1391 __u32 mask = hci_pi(sk)->cmsg_mask;
1393 if (mask & HCI_CMSG_DIR) {
1394 int incoming = bt_cb(skb)->incoming;
1395 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1399 if (mask & HCI_CMSG_TSTAMP) {
1400 #ifdef CONFIG_COMPAT
1401 struct old_timeval32 ctv;
1403 struct __kernel_old_timeval tv;
1407 skb_get_timestamp(skb, &tv);
1411 #ifdef CONFIG_COMPAT
1412 if (!COMPAT_USE_64BIT_TIME &&
1413 (msg->msg_flags & MSG_CMSG_COMPAT)) {
1414 ctv.tv_sec = tv.tv_sec;
1415 ctv.tv_usec = tv.tv_usec;
1421 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
1425 static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1426 size_t len, int flags)
1428 int noblock = flags & MSG_DONTWAIT;
1429 struct sock *sk = sock->sk;
1430 struct sk_buff *skb;
1432 unsigned int skblen;
1434 BT_DBG("sock %p, sk %p", sock, sk);
1436 if (flags & MSG_OOB)
1439 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1442 if (sk->sk_state == BT_CLOSED)
1445 skb = skb_recv_datagram(sk, flags, noblock, &err);
1452 msg->msg_flags |= MSG_TRUNC;
1456 skb_reset_transport_header(skb);
1457 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1459 switch (hci_pi(sk)->channel) {
1460 case HCI_CHANNEL_RAW:
1461 hci_sock_cmsg(sk, msg, skb);
1463 case HCI_CHANNEL_USER:
1464 case HCI_CHANNEL_MONITOR:
1465 sock_recv_timestamp(msg, sk, skb);
1468 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1469 sock_recv_timestamp(msg, sk, skb);
1473 skb_free_datagram(sk, skb);
1475 if (flags & MSG_TRUNC)
1478 return err ? : copied;
1481 static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1482 struct msghdr *msg, size_t msglen)
1486 struct mgmt_hdr *hdr;
1487 u16 opcode, index, len;
1488 struct hci_dev *hdev = NULL;
1489 const struct hci_mgmt_handler *handler;
1490 bool var_len, no_hdev;
1493 BT_DBG("got %zu bytes", msglen);
1495 if (msglen < sizeof(*hdr))
1498 buf = kmalloc(msglen, GFP_KERNEL);
1502 if (memcpy_from_msg(buf, msg, msglen)) {
1508 opcode = __le16_to_cpu(hdr->opcode);
1509 index = __le16_to_cpu(hdr->index);
1510 len = __le16_to_cpu(hdr->len);
1512 if (len != msglen - sizeof(*hdr)) {
1517 if (chan->channel == HCI_CHANNEL_CONTROL) {
1518 struct sk_buff *skb;
1520 /* Send event to monitor */
1521 skb = create_monitor_ctrl_command(sk, index, opcode, len,
1522 buf + sizeof(*hdr));
1524 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1525 HCI_SOCK_TRUSTED, NULL);
1530 if (opcode >= chan->handler_count ||
1531 chan->handlers[opcode].func == NULL) {
1532 BT_DBG("Unknown op %u", opcode);
1533 err = mgmt_cmd_status(sk, index, opcode,
1534 MGMT_STATUS_UNKNOWN_COMMAND);
1538 handler = &chan->handlers[opcode];
1540 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1541 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1542 err = mgmt_cmd_status(sk, index, opcode,
1543 MGMT_STATUS_PERMISSION_DENIED);
1547 if (index != MGMT_INDEX_NONE) {
1548 hdev = hci_dev_get(index);
1550 err = mgmt_cmd_status(sk, index, opcode,
1551 MGMT_STATUS_INVALID_INDEX);
1555 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1556 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1557 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1558 err = mgmt_cmd_status(sk, index, opcode,
1559 MGMT_STATUS_INVALID_INDEX);
1563 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1564 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1565 err = mgmt_cmd_status(sk, index, opcode,
1566 MGMT_STATUS_INVALID_INDEX);
1571 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1572 if (no_hdev != !hdev) {
1573 err = mgmt_cmd_status(sk, index, opcode,
1574 MGMT_STATUS_INVALID_INDEX);
1578 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1579 if ((var_len && len < handler->data_len) ||
1580 (!var_len && len != handler->data_len)) {
1581 err = mgmt_cmd_status(sk, index, opcode,
1582 MGMT_STATUS_INVALID_PARAMS);
1586 if (hdev && chan->hdev_init)
1587 chan->hdev_init(sk, hdev);
1589 cp = buf + sizeof(*hdr);
1591 err = handler->func(sk, hdev, cp, len);
1605 static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1607 struct hci_mon_hdr *hdr;
1608 struct sk_buff *skb;
1609 struct hci_dev *hdev;
1613 /* The logging frame consists at minimum of the standard header,
1614 * the priority byte, the ident length byte and at least one string
1615 * terminator NUL byte. Anything shorter are invalid packets.
1617 if (len < sizeof(*hdr) + 3)
1620 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1624 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1629 hdr = (void *)skb->data;
1631 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1636 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1637 __u8 priority = skb->data[sizeof(*hdr)];
1638 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1640 /* Only the priorities 0-7 are valid and with that any other
1641 * value results in an invalid packet.
1643 * The priority byte is followed by an ident length byte and
1644 * the NUL terminated ident string. Check that the ident
1645 * length is not overflowing the packet and also that the
1646 * ident string itself is NUL terminated. In case the ident
1647 * length is zero, the length value actually doubles as NUL
1648 * terminator identifier.
1650 * The message follows the ident string (if present) and
1651 * must be NUL terminated. Otherwise it is not a valid packet.
1653 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1654 ident_len > len - sizeof(*hdr) - 3 ||
1655 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1664 index = __le16_to_cpu(hdr->index);
1666 if (index != MGMT_INDEX_NONE) {
1667 hdev = hci_dev_get(index);
1676 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1678 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1689 static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1692 struct sock *sk = sock->sk;
1693 struct hci_mgmt_chan *chan;
1694 struct hci_dev *hdev;
1695 struct sk_buff *skb;
1698 BT_DBG("sock %p sk %p", sock, sk);
1700 if (msg->msg_flags & MSG_OOB)
1703 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE|
1707 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1712 switch (hci_pi(sk)->channel) {
1713 case HCI_CHANNEL_RAW:
1714 case HCI_CHANNEL_USER:
1716 case HCI_CHANNEL_MONITOR:
1719 case HCI_CHANNEL_LOGGING:
1720 err = hci_logging_frame(sk, msg, len);
1723 mutex_lock(&mgmt_chan_list_lock);
1724 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1726 err = hci_mgmt_cmd(chan, sk, msg, len);
1730 mutex_unlock(&mgmt_chan_list_lock);
1734 hdev = hci_pi(sk)->hdev;
1740 if (!test_bit(HCI_UP, &hdev->flags)) {
1745 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1749 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1754 hci_skb_pkt_type(skb) = skb->data[0];
1757 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1758 /* No permission check is needed for user channel
1759 * since that gets enforced when binding the socket.
1761 * However check that the packet type is valid.
1763 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1764 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1765 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
1770 skb_queue_tail(&hdev->raw_q, skb);
1771 queue_work(hdev->workqueue, &hdev->tx_work);
1772 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
1773 u16 opcode = get_unaligned_le16(skb->data);
1774 u16 ogf = hci_opcode_ogf(opcode);
1775 u16 ocf = hci_opcode_ocf(opcode);
1777 if (((ogf > HCI_SFLT_MAX_OGF) ||
1778 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1779 &hci_sec_filter.ocf_mask[ogf])) &&
1780 !capable(CAP_NET_RAW)) {
1785 /* Since the opcode has already been extracted here, store
1786 * a copy of the value for later use by the drivers.
1788 hci_skb_opcode(skb) = opcode;
1791 skb_queue_tail(&hdev->raw_q, skb);
1792 queue_work(hdev->workqueue, &hdev->tx_work);
1794 /* Stand-alone HCI commands must be flagged as
1795 * single-command requests.
1797 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
1799 skb_queue_tail(&hdev->cmd_q, skb);
1800 queue_work(hdev->workqueue, &hdev->cmd_work);
1803 if (!capable(CAP_NET_RAW)) {
1808 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1809 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
1814 skb_queue_tail(&hdev->raw_q, skb);
1815 queue_work(hdev->workqueue, &hdev->tx_work);
1829 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1830 char __user *optval, unsigned int len)
1832 struct hci_ufilter uf = { .opcode = 0 };
1833 struct sock *sk = sock->sk;
1834 int err = 0, opt = 0;
1836 BT_DBG("sk %p, opt %d", sk, optname);
1838 if (level != SOL_HCI)
1839 return -ENOPROTOOPT;
1843 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1850 if (get_user(opt, (int __user *)optval)) {
1856 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1858 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1861 case HCI_TIME_STAMP:
1862 if (get_user(opt, (int __user *)optval)) {
1868 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1870 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1875 struct hci_filter *f = &hci_pi(sk)->filter;
1877 uf.type_mask = f->type_mask;
1878 uf.opcode = f->opcode;
1879 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1880 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1883 len = min_t(unsigned int, len, sizeof(uf));
1884 if (copy_from_user(&uf, optval, len)) {
1889 if (!capable(CAP_NET_RAW)) {
1890 uf.type_mask &= hci_sec_filter.type_mask;
1891 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1892 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1896 struct hci_filter *f = &hci_pi(sk)->filter;
1898 f->type_mask = uf.type_mask;
1899 f->opcode = uf.opcode;
1900 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1901 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1915 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1916 char __user *optval, int __user *optlen)
1918 struct hci_ufilter uf;
1919 struct sock *sk = sock->sk;
1920 int len, opt, err = 0;
1922 BT_DBG("sk %p, opt %d", sk, optname);
1924 if (level != SOL_HCI)
1925 return -ENOPROTOOPT;
1927 if (get_user(len, optlen))
1932 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1939 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1944 if (put_user(opt, optval))
1948 case HCI_TIME_STAMP:
1949 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1954 if (put_user(opt, optval))
1960 struct hci_filter *f = &hci_pi(sk)->filter;
1962 memset(&uf, 0, sizeof(uf));
1963 uf.type_mask = f->type_mask;
1964 uf.opcode = f->opcode;
1965 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1966 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1969 len = min_t(unsigned int, len, sizeof(uf));
1970 if (copy_to_user(optval, &uf, len))
1984 static const struct proto_ops hci_sock_ops = {
1985 .family = PF_BLUETOOTH,
1986 .owner = THIS_MODULE,
1987 .release = hci_sock_release,
1988 .bind = hci_sock_bind,
1989 .getname = hci_sock_getname,
1990 .sendmsg = hci_sock_sendmsg,
1991 .recvmsg = hci_sock_recvmsg,
1992 .ioctl = hci_sock_ioctl,
1993 #ifdef CONFIG_COMPAT
1994 .compat_ioctl = hci_sock_compat_ioctl,
1996 .poll = datagram_poll,
1997 .listen = sock_no_listen,
1998 .shutdown = sock_no_shutdown,
1999 .setsockopt = hci_sock_setsockopt,
2000 .getsockopt = hci_sock_getsockopt,
2001 .connect = sock_no_connect,
2002 .socketpair = sock_no_socketpair,
2003 .accept = sock_no_accept,
2004 .mmap = sock_no_mmap
2007 static struct proto hci_sk_proto = {
2009 .owner = THIS_MODULE,
2010 .obj_size = sizeof(struct hci_pinfo)
2013 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
2018 BT_DBG("sock %p", sock);
2020 if (sock->type != SOCK_RAW)
2021 return -ESOCKTNOSUPPORT;
2023 sock->ops = &hci_sock_ops;
2025 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
2029 sock_init_data(sock, sk);
2031 sock_reset_flag(sk, SOCK_ZAPPED);
2033 sk->sk_protocol = protocol;
2035 sock->state = SS_UNCONNECTED;
2036 sk->sk_state = BT_OPEN;
2038 bt_sock_link(&hci_sk_list, sk);
2042 static const struct net_proto_family hci_sock_family_ops = {
2043 .family = PF_BLUETOOTH,
2044 .owner = THIS_MODULE,
2045 .create = hci_sock_create,
2048 int __init hci_sock_init(void)
2052 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
2054 err = proto_register(&hci_sk_proto, 0);
2058 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
2060 BT_ERR("HCI socket registration failed");
2064 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
2066 BT_ERR("Failed to create HCI proc file");
2067 bt_sock_unregister(BTPROTO_HCI);
2071 BT_INFO("HCI socket layer initialized");
2076 proto_unregister(&hci_sk_proto);
2080 void hci_sock_cleanup(void)
2082 bt_procfs_cleanup(&init_net, "hci");
2083 bt_sock_unregister(BTPROTO_HCI);
2084 proto_unregister(&hci_sk_proto);
projects / linux-2.6-microblaze.git / blob