2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
26 #include <linux/compat.h>
27 #include <linux/export.h>
28 #include <linux/utsname.h>
29 #include <linux/sched.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/hci_mon.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "mgmt_util.h"
39 static LIST_HEAD(mgmt_chan_list);
40 static DEFINE_MUTEX(mgmt_chan_list_lock);
42 static DEFINE_IDA(sock_cookie_ida);
44 static atomic_t monitor_promisc = ATOMIC_INIT(0);
46 /* ----- HCI socket interface ----- */
49 #define hci_pi(sk) ((struct hci_pinfo *) sk)
54 struct hci_filter filter;
56 unsigned short channel;
59 char comm[TASK_COMM_LEN];
62 void hci_sock_set_flag(struct sock *sk, int nr)
64 set_bit(nr, &hci_pi(sk)->flags);
67 void hci_sock_clear_flag(struct sock *sk, int nr)
69 clear_bit(nr, &hci_pi(sk)->flags);
72 int hci_sock_test_flag(struct sock *sk, int nr)
74 return test_bit(nr, &hci_pi(sk)->flags);
77 unsigned short hci_sock_get_channel(struct sock *sk)
79 return hci_pi(sk)->channel;
82 u32 hci_sock_get_cookie(struct sock *sk)
84 return hci_pi(sk)->cookie;
87 static bool hci_sock_gen_cookie(struct sock *sk)
89 int id = hci_pi(sk)->cookie;
92 id = ida_simple_get(&sock_cookie_ida, 1, 0, GFP_KERNEL);
96 hci_pi(sk)->cookie = id;
97 get_task_comm(hci_pi(sk)->comm, current);
104 static void hci_sock_free_cookie(struct sock *sk)
106 int id = hci_pi(sk)->cookie;
109 hci_pi(sk)->cookie = 0xffffffff;
110 ida_simple_remove(&sock_cookie_ida, id);
114 static inline int hci_test_bit(int nr, const void *addr)
116 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
119 /* Security filter */
120 #define HCI_SFLT_MAX_OGF 5
122 struct hci_sec_filter {
125 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
128 static const struct hci_sec_filter hci_sec_filter = {
132 { 0x1000d9fe, 0x0000b00c },
137 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
138 /* OGF_LINK_POLICY */
139 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
141 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
143 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
144 /* OGF_STATUS_PARAM */
145 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
149 static struct bt_sock_list hci_sk_list = {
150 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
153 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
155 struct hci_filter *flt;
156 int flt_type, flt_event;
159 flt = &hci_pi(sk)->filter;
161 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
163 if (!test_bit(flt_type, &flt->type_mask))
166 /* Extra filter for event packets only */
167 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
170 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
172 if (!hci_test_bit(flt_event, &flt->event_mask))
175 /* Check filter only when opcode is set */
179 if (flt_event == HCI_EV_CMD_COMPLETE &&
180 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
183 if (flt_event == HCI_EV_CMD_STATUS &&
184 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
190 /* Send frame to RAW socket */
191 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
194 struct sk_buff *skb_copy = NULL;
196 BT_DBG("hdev %p len %d", hdev, skb->len);
198 read_lock(&hci_sk_list.lock);
200 sk_for_each(sk, &hci_sk_list.head) {
201 struct sk_buff *nskb;
203 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
206 /* Don't send frame to the socket it came from */
210 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
211 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
212 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
213 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
214 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
215 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT)
217 if (is_filtered_packet(sk, skb))
219 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
220 if (!bt_cb(skb)->incoming)
222 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
223 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
224 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
225 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT)
228 /* Don't send frame to other channel types */
233 /* Create a private copy with headroom */
234 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
238 /* Put type byte before the data */
239 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
242 nskb = skb_clone(skb_copy, GFP_ATOMIC);
246 if (sock_queue_rcv_skb(sk, nskb))
250 read_unlock(&hci_sk_list.lock);
255 /* Send frame to sockets with specific channel */
256 static void __hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
257 int flag, struct sock *skip_sk)
261 BT_DBG("channel %u len %d", channel, skb->len);
263 sk_for_each(sk, &hci_sk_list.head) {
264 struct sk_buff *nskb;
266 /* Ignore socket without the flag set */
267 if (!hci_sock_test_flag(sk, flag))
270 /* Skip the original socket */
274 if (sk->sk_state != BT_BOUND)
277 if (hci_pi(sk)->channel != channel)
280 nskb = skb_clone(skb, GFP_ATOMIC);
284 if (sock_queue_rcv_skb(sk, nskb))
290 void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
291 int flag, struct sock *skip_sk)
293 read_lock(&hci_sk_list.lock);
294 __hci_send_to_channel(channel, skb, flag, skip_sk);
295 read_unlock(&hci_sk_list.lock);
298 /* Send frame to monitor socket */
299 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
301 struct sk_buff *skb_copy = NULL;
302 struct hci_mon_hdr *hdr;
305 if (!atomic_read(&monitor_promisc))
308 BT_DBG("hdev %p len %d", hdev, skb->len);
310 switch (hci_skb_pkt_type(skb)) {
311 case HCI_COMMAND_PKT:
312 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
315 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
317 case HCI_ACLDATA_PKT:
318 if (bt_cb(skb)->incoming)
319 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
321 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
323 case HCI_SCODATA_PKT:
324 if (bt_cb(skb)->incoming)
325 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
327 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
329 case HCI_ISODATA_PKT:
330 if (bt_cb(skb)->incoming)
331 opcode = cpu_to_le16(HCI_MON_ISO_RX_PKT);
333 opcode = cpu_to_le16(HCI_MON_ISO_TX_PKT);
336 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
342 /* Create a private copy with headroom */
343 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
347 /* Put header before the data */
348 hdr = skb_push(skb_copy, HCI_MON_HDR_SIZE);
349 hdr->opcode = opcode;
350 hdr->index = cpu_to_le16(hdev->id);
351 hdr->len = cpu_to_le16(skb->len);
353 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
354 HCI_SOCK_TRUSTED, NULL);
358 void hci_send_monitor_ctrl_event(struct hci_dev *hdev, u16 event,
359 void *data, u16 data_len, ktime_t tstamp,
360 int flag, struct sock *skip_sk)
366 index = cpu_to_le16(hdev->id);
368 index = cpu_to_le16(MGMT_INDEX_NONE);
370 read_lock(&hci_sk_list.lock);
372 sk_for_each(sk, &hci_sk_list.head) {
373 struct hci_mon_hdr *hdr;
376 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
379 /* Ignore socket without the flag set */
380 if (!hci_sock_test_flag(sk, flag))
383 /* Skip the original socket */
387 skb = bt_skb_alloc(6 + data_len, GFP_ATOMIC);
391 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
392 put_unaligned_le16(event, skb_put(skb, 2));
395 skb_put_data(skb, data, data_len);
397 skb->tstamp = tstamp;
399 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
400 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_EVENT);
402 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
404 __hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
405 HCI_SOCK_TRUSTED, NULL);
409 read_unlock(&hci_sk_list.lock);
412 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
414 struct hci_mon_hdr *hdr;
415 struct hci_mon_new_index *ni;
416 struct hci_mon_index_info *ii;
422 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
426 ni = skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
427 ni->type = hdev->dev_type;
429 bacpy(&ni->bdaddr, &hdev->bdaddr);
430 memcpy(ni->name, hdev->name, 8);
432 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
436 skb = bt_skb_alloc(0, GFP_ATOMIC);
440 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
444 if (hdev->manufacturer == 0xffff)
449 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
453 ii = skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
454 bacpy(&ii->bdaddr, &hdev->bdaddr);
455 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
457 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
461 skb = bt_skb_alloc(0, GFP_ATOMIC);
465 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
469 skb = bt_skb_alloc(0, GFP_ATOMIC);
473 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
480 __net_timestamp(skb);
482 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
483 hdr->opcode = opcode;
484 hdr->index = cpu_to_le16(hdev->id);
485 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
490 static struct sk_buff *create_monitor_ctrl_open(struct sock *sk)
492 struct hci_mon_hdr *hdr;
498 /* No message needed when cookie is not present */
499 if (!hci_pi(sk)->cookie)
502 switch (hci_pi(sk)->channel) {
503 case HCI_CHANNEL_RAW:
505 ver[0] = BT_SUBSYS_VERSION;
506 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
508 case HCI_CHANNEL_USER:
510 ver[0] = BT_SUBSYS_VERSION;
511 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
513 case HCI_CHANNEL_CONTROL:
515 mgmt_fill_version_info(ver);
518 /* No message for unsupported format */
522 skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
526 flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
528 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
529 put_unaligned_le16(format, skb_put(skb, 2));
530 skb_put_data(skb, ver, sizeof(ver));
531 put_unaligned_le32(flags, skb_put(skb, 4));
532 skb_put_u8(skb, TASK_COMM_LEN);
533 skb_put_data(skb, hci_pi(sk)->comm, TASK_COMM_LEN);
535 __net_timestamp(skb);
537 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
538 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_OPEN);
539 if (hci_pi(sk)->hdev)
540 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
542 hdr->index = cpu_to_le16(HCI_DEV_NONE);
543 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
548 static struct sk_buff *create_monitor_ctrl_close(struct sock *sk)
550 struct hci_mon_hdr *hdr;
553 /* No message needed when cookie is not present */
554 if (!hci_pi(sk)->cookie)
557 switch (hci_pi(sk)->channel) {
558 case HCI_CHANNEL_RAW:
559 case HCI_CHANNEL_USER:
560 case HCI_CHANNEL_CONTROL:
563 /* No message for unsupported format */
567 skb = bt_skb_alloc(4, GFP_ATOMIC);
571 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
573 __net_timestamp(skb);
575 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
576 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_CLOSE);
577 if (hci_pi(sk)->hdev)
578 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
580 hdr->index = cpu_to_le16(HCI_DEV_NONE);
581 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
586 static struct sk_buff *create_monitor_ctrl_command(struct sock *sk, u16 index,
590 struct hci_mon_hdr *hdr;
593 skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
597 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
598 put_unaligned_le16(opcode, skb_put(skb, 2));
601 skb_put_data(skb, buf, len);
603 __net_timestamp(skb);
605 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
606 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_COMMAND);
607 hdr->index = cpu_to_le16(index);
608 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
613 static void __printf(2, 3)
614 send_monitor_note(struct sock *sk, const char *fmt, ...)
617 struct hci_mon_hdr *hdr;
622 len = vsnprintf(NULL, 0, fmt, args);
625 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
630 vsprintf(skb_put(skb, len), fmt, args);
631 *(u8 *)skb_put(skb, 1) = 0;
634 __net_timestamp(skb);
636 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
637 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
638 hdr->index = cpu_to_le16(HCI_DEV_NONE);
639 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
641 if (sock_queue_rcv_skb(sk, skb))
645 static void send_monitor_replay(struct sock *sk)
647 struct hci_dev *hdev;
649 read_lock(&hci_dev_list_lock);
651 list_for_each_entry(hdev, &hci_dev_list, list) {
654 skb = create_monitor_event(hdev, HCI_DEV_REG);
658 if (sock_queue_rcv_skb(sk, skb))
661 if (!test_bit(HCI_RUNNING, &hdev->flags))
664 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
668 if (sock_queue_rcv_skb(sk, skb))
671 if (test_bit(HCI_UP, &hdev->flags))
672 skb = create_monitor_event(hdev, HCI_DEV_UP);
673 else if (hci_dev_test_flag(hdev, HCI_SETUP))
674 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
679 if (sock_queue_rcv_skb(sk, skb))
684 read_unlock(&hci_dev_list_lock);
687 static void send_monitor_control_replay(struct sock *mon_sk)
691 read_lock(&hci_sk_list.lock);
693 sk_for_each(sk, &hci_sk_list.head) {
696 skb = create_monitor_ctrl_open(sk);
700 if (sock_queue_rcv_skb(mon_sk, skb))
704 read_unlock(&hci_sk_list.lock);
707 /* Generate internal stack event */
708 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
710 struct hci_event_hdr *hdr;
711 struct hci_ev_stack_internal *ev;
714 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
718 hdr = skb_put(skb, HCI_EVENT_HDR_SIZE);
719 hdr->evt = HCI_EV_STACK_INTERNAL;
720 hdr->plen = sizeof(*ev) + dlen;
722 ev = skb_put(skb, sizeof(*ev) + dlen);
724 memcpy(ev->data, data, dlen);
726 bt_cb(skb)->incoming = 1;
727 __net_timestamp(skb);
729 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
730 hci_send_to_sock(hdev, skb);
734 void hci_sock_dev_event(struct hci_dev *hdev, int event)
736 BT_DBG("hdev %s event %d", hdev->name, event);
738 if (atomic_read(&monitor_promisc)) {
741 /* Send event to monitor */
742 skb = create_monitor_event(hdev, event);
744 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
745 HCI_SOCK_TRUSTED, NULL);
750 if (event <= HCI_DEV_DOWN) {
751 struct hci_ev_si_device ev;
753 /* Send event to sockets */
755 ev.dev_id = hdev->id;
756 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
759 if (event == HCI_DEV_UNREG) {
762 /* Detach sockets from device */
763 read_lock(&hci_sk_list.lock);
764 sk_for_each(sk, &hci_sk_list.head) {
766 if (hci_pi(sk)->hdev == hdev) {
767 hci_pi(sk)->hdev = NULL;
769 sk->sk_state = BT_OPEN;
770 sk->sk_state_change(sk);
776 read_unlock(&hci_sk_list.lock);
780 static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
782 struct hci_mgmt_chan *c;
784 list_for_each_entry(c, &mgmt_chan_list, list) {
785 if (c->channel == channel)
792 static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
794 struct hci_mgmt_chan *c;
796 mutex_lock(&mgmt_chan_list_lock);
797 c = __hci_mgmt_chan_find(channel);
798 mutex_unlock(&mgmt_chan_list_lock);
803 int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
805 if (c->channel < HCI_CHANNEL_CONTROL)
808 mutex_lock(&mgmt_chan_list_lock);
809 if (__hci_mgmt_chan_find(c->channel)) {
810 mutex_unlock(&mgmt_chan_list_lock);
814 list_add_tail(&c->list, &mgmt_chan_list);
816 mutex_unlock(&mgmt_chan_list_lock);
820 EXPORT_SYMBOL(hci_mgmt_chan_register);
822 void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
824 mutex_lock(&mgmt_chan_list_lock);
826 mutex_unlock(&mgmt_chan_list_lock);
828 EXPORT_SYMBOL(hci_mgmt_chan_unregister);
830 static int hci_sock_release(struct socket *sock)
832 struct sock *sk = sock->sk;
833 struct hci_dev *hdev;
836 BT_DBG("sock %p sk %p", sock, sk);
843 switch (hci_pi(sk)->channel) {
844 case HCI_CHANNEL_MONITOR:
845 atomic_dec(&monitor_promisc);
847 case HCI_CHANNEL_RAW:
848 case HCI_CHANNEL_USER:
849 case HCI_CHANNEL_CONTROL:
850 /* Send event to monitor */
851 skb = create_monitor_ctrl_close(sk);
853 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
854 HCI_SOCK_TRUSTED, NULL);
858 hci_sock_free_cookie(sk);
862 bt_sock_unlink(&hci_sk_list, sk);
864 hdev = hci_pi(sk)->hdev;
866 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
867 /* When releasing a user channel exclusive access,
868 * call hci_dev_do_close directly instead of calling
869 * hci_dev_close to ensure the exclusive access will
870 * be released and the controller brought back down.
872 * The checking of HCI_AUTO_OFF is not needed in this
873 * case since it will have been cleared already when
874 * opening the user channel.
876 hci_dev_do_close(hdev);
877 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
878 mgmt_index_added(hdev);
881 atomic_dec(&hdev->promisc);
887 skb_queue_purge(&sk->sk_receive_queue);
888 skb_queue_purge(&sk->sk_write_queue);
895 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
900 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
905 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
907 hci_dev_unlock(hdev);
912 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
917 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
922 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
924 hci_dev_unlock(hdev);
929 /* Ioctls that require bound socket */
930 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
933 struct hci_dev *hdev = hci_pi(sk)->hdev;
938 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
941 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
944 if (hdev->dev_type != HCI_PRIMARY)
949 if (!capable(CAP_NET_ADMIN))
954 return hci_get_conn_info(hdev, (void __user *)arg);
957 return hci_get_auth_info(hdev, (void __user *)arg);
960 if (!capable(CAP_NET_ADMIN))
962 return hci_sock_blacklist_add(hdev, (void __user *)arg);
965 if (!capable(CAP_NET_ADMIN))
967 return hci_sock_blacklist_del(hdev, (void __user *)arg);
973 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
976 void __user *argp = (void __user *)arg;
977 struct sock *sk = sock->sk;
980 BT_DBG("cmd %x arg %lx", cmd, arg);
984 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
989 /* When calling an ioctl on an unbound raw socket, then ensure
990 * that the monitor gets informed. Ensure that the resulting event
991 * is only send once by checking if the cookie exists or not. The
992 * socket cookie will be only ever generated once for the lifetime
995 if (hci_sock_gen_cookie(sk)) {
998 if (capable(CAP_NET_ADMIN))
999 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1001 /* Send event to monitor */
1002 skb = create_monitor_ctrl_open(sk);
1004 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1005 HCI_SOCK_TRUSTED, NULL);
1014 return hci_get_dev_list(argp);
1017 return hci_get_dev_info(argp);
1019 case HCIGETCONNLIST:
1020 return hci_get_conn_list(argp);
1023 if (!capable(CAP_NET_ADMIN))
1025 return hci_dev_open(arg);
1028 if (!capable(CAP_NET_ADMIN))
1030 return hci_dev_close(arg);
1033 if (!capable(CAP_NET_ADMIN))
1035 return hci_dev_reset(arg);
1038 if (!capable(CAP_NET_ADMIN))
1040 return hci_dev_reset_stat(arg);
1047 case HCISETLINKMODE:
1050 if (!capable(CAP_NET_ADMIN))
1052 return hci_dev_cmd(cmd, argp);
1055 return hci_inquiry(argp);
1060 err = hci_sock_bound_ioctl(sk, cmd, arg);
1067 #ifdef CONFIG_COMPAT
1068 static int hci_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
1076 return hci_sock_ioctl(sock, cmd, arg);
1079 return hci_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
1083 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
1086 struct sockaddr_hci haddr;
1087 struct sock *sk = sock->sk;
1088 struct hci_dev *hdev = NULL;
1089 struct sk_buff *skb;
1092 BT_DBG("sock %p sk %p", sock, sk);
1097 memset(&haddr, 0, sizeof(haddr));
1098 len = min_t(unsigned int, sizeof(haddr), addr_len);
1099 memcpy(&haddr, addr, len);
1101 if (haddr.hci_family != AF_BLUETOOTH)
1106 if (sk->sk_state == BT_BOUND) {
1111 switch (haddr.hci_channel) {
1112 case HCI_CHANNEL_RAW:
1113 if (hci_pi(sk)->hdev) {
1118 if (haddr.hci_dev != HCI_DEV_NONE) {
1119 hdev = hci_dev_get(haddr.hci_dev);
1125 atomic_inc(&hdev->promisc);
1128 hci_pi(sk)->channel = haddr.hci_channel;
1130 if (!hci_sock_gen_cookie(sk)) {
1131 /* In the case when a cookie has already been assigned,
1132 * then there has been already an ioctl issued against
1133 * an unbound socket and with that triggerd an open
1134 * notification. Send a close notification first to
1135 * allow the state transition to bounded.
1137 skb = create_monitor_ctrl_close(sk);
1139 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1140 HCI_SOCK_TRUSTED, NULL);
1145 if (capable(CAP_NET_ADMIN))
1146 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1148 hci_pi(sk)->hdev = hdev;
1150 /* Send event to monitor */
1151 skb = create_monitor_ctrl_open(sk);
1153 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1154 HCI_SOCK_TRUSTED, NULL);
1159 case HCI_CHANNEL_USER:
1160 if (hci_pi(sk)->hdev) {
1165 if (haddr.hci_dev == HCI_DEV_NONE) {
1170 if (!capable(CAP_NET_ADMIN)) {
1175 hdev = hci_dev_get(haddr.hci_dev);
1181 if (test_bit(HCI_INIT, &hdev->flags) ||
1182 hci_dev_test_flag(hdev, HCI_SETUP) ||
1183 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1184 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1185 test_bit(HCI_UP, &hdev->flags))) {
1191 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
1197 mgmt_index_removed(hdev);
1199 err = hci_dev_open(hdev->id);
1201 if (err == -EALREADY) {
1202 /* In case the transport is already up and
1203 * running, clear the error here.
1205 * This can happen when opening a user
1206 * channel and HCI_AUTO_OFF grace period
1211 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
1212 mgmt_index_added(hdev);
1218 hci_pi(sk)->channel = haddr.hci_channel;
1220 if (!hci_sock_gen_cookie(sk)) {
1221 /* In the case when a cookie has already been assigned,
1222 * this socket will transition from a raw socket into
1223 * a user channel socket. For a clean transition, send
1224 * the close notification first.
1226 skb = create_monitor_ctrl_close(sk);
1228 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1229 HCI_SOCK_TRUSTED, NULL);
1234 /* The user channel is restricted to CAP_NET_ADMIN
1235 * capabilities and with that implicitly trusted.
1237 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1239 hci_pi(sk)->hdev = hdev;
1241 /* Send event to monitor */
1242 skb = create_monitor_ctrl_open(sk);
1244 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1245 HCI_SOCK_TRUSTED, NULL);
1249 atomic_inc(&hdev->promisc);
1252 case HCI_CHANNEL_MONITOR:
1253 if (haddr.hci_dev != HCI_DEV_NONE) {
1258 if (!capable(CAP_NET_RAW)) {
1263 hci_pi(sk)->channel = haddr.hci_channel;
1265 /* The monitor interface is restricted to CAP_NET_RAW
1266 * capabilities and with that implicitly trusted.
1268 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1270 send_monitor_note(sk, "Linux version %s (%s)",
1271 init_utsname()->release,
1272 init_utsname()->machine);
1273 send_monitor_note(sk, "Bluetooth subsystem version %u.%u",
1274 BT_SUBSYS_VERSION, BT_SUBSYS_REVISION);
1275 send_monitor_replay(sk);
1276 send_monitor_control_replay(sk);
1278 atomic_inc(&monitor_promisc);
1281 case HCI_CHANNEL_LOGGING:
1282 if (haddr.hci_dev != HCI_DEV_NONE) {
1287 if (!capable(CAP_NET_ADMIN)) {
1292 hci_pi(sk)->channel = haddr.hci_channel;
1296 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
1301 if (haddr.hci_dev != HCI_DEV_NONE) {
1306 /* Users with CAP_NET_ADMIN capabilities are allowed
1307 * access to all management commands and events. For
1308 * untrusted users the interface is restricted and
1309 * also only untrusted events are sent.
1311 if (capable(CAP_NET_ADMIN))
1312 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1314 hci_pi(sk)->channel = haddr.hci_channel;
1316 /* At the moment the index and unconfigured index events
1317 * are enabled unconditionally. Setting them on each
1318 * socket when binding keeps this functionality. They
1319 * however might be cleared later and then sending of these
1320 * events will be disabled, but that is then intentional.
1322 * This also enables generic events that are safe to be
1323 * received by untrusted users. Example for such events
1324 * are changes to settings, class of device, name etc.
1326 if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
1327 if (!hci_sock_gen_cookie(sk)) {
1328 /* In the case when a cookie has already been
1329 * assigned, this socket will transtion from
1330 * a raw socket into a control socket. To
1331 * allow for a clean transtion, send the
1332 * close notification first.
1334 skb = create_monitor_ctrl_close(sk);
1336 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1337 HCI_SOCK_TRUSTED, NULL);
1342 /* Send event to monitor */
1343 skb = create_monitor_ctrl_open(sk);
1345 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1346 HCI_SOCK_TRUSTED, NULL);
1350 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
1351 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
1352 hci_sock_set_flag(sk, HCI_MGMT_OPTION_EVENTS);
1353 hci_sock_set_flag(sk, HCI_MGMT_SETTING_EVENTS);
1354 hci_sock_set_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1355 hci_sock_set_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1360 sk->sk_state = BT_BOUND;
1367 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
1370 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
1371 struct sock *sk = sock->sk;
1372 struct hci_dev *hdev;
1375 BT_DBG("sock %p sk %p", sock, sk);
1382 hdev = hci_pi(sk)->hdev;
1388 haddr->hci_family = AF_BLUETOOTH;
1389 haddr->hci_dev = hdev->id;
1390 haddr->hci_channel= hci_pi(sk)->channel;
1391 err = sizeof(*haddr);
1398 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
1399 struct sk_buff *skb)
1401 __u8 mask = hci_pi(sk)->cmsg_mask;
1403 if (mask & HCI_CMSG_DIR) {
1404 int incoming = bt_cb(skb)->incoming;
1405 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1409 if (mask & HCI_CMSG_TSTAMP) {
1410 #ifdef CONFIG_COMPAT
1411 struct old_timeval32 ctv;
1413 struct __kernel_old_timeval tv;
1417 skb_get_timestamp(skb, &tv);
1421 #ifdef CONFIG_COMPAT
1422 if (!COMPAT_USE_64BIT_TIME &&
1423 (msg->msg_flags & MSG_CMSG_COMPAT)) {
1424 ctv.tv_sec = tv.tv_sec;
1425 ctv.tv_usec = tv.tv_usec;
1431 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
1435 static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1436 size_t len, int flags)
1438 int noblock = flags & MSG_DONTWAIT;
1439 struct sock *sk = sock->sk;
1440 struct sk_buff *skb;
1442 unsigned int skblen;
1444 BT_DBG("sock %p, sk %p", sock, sk);
1446 if (flags & MSG_OOB)
1449 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1452 if (sk->sk_state == BT_CLOSED)
1455 skb = skb_recv_datagram(sk, flags, noblock, &err);
1462 msg->msg_flags |= MSG_TRUNC;
1466 skb_reset_transport_header(skb);
1467 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1469 switch (hci_pi(sk)->channel) {
1470 case HCI_CHANNEL_RAW:
1471 hci_sock_cmsg(sk, msg, skb);
1473 case HCI_CHANNEL_USER:
1474 case HCI_CHANNEL_MONITOR:
1475 sock_recv_timestamp(msg, sk, skb);
1478 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1479 sock_recv_timestamp(msg, sk, skb);
1483 skb_free_datagram(sk, skb);
1485 if (flags & MSG_TRUNC)
1488 return err ? : copied;
1491 static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1492 struct msghdr *msg, size_t msglen)
1496 struct mgmt_hdr *hdr;
1497 u16 opcode, index, len;
1498 struct hci_dev *hdev = NULL;
1499 const struct hci_mgmt_handler *handler;
1500 bool var_len, no_hdev;
1503 BT_DBG("got %zu bytes", msglen);
1505 if (msglen < sizeof(*hdr))
1508 buf = kmalloc(msglen, GFP_KERNEL);
1512 if (memcpy_from_msg(buf, msg, msglen)) {
1518 opcode = __le16_to_cpu(hdr->opcode);
1519 index = __le16_to_cpu(hdr->index);
1520 len = __le16_to_cpu(hdr->len);
1522 if (len != msglen - sizeof(*hdr)) {
1527 if (chan->channel == HCI_CHANNEL_CONTROL) {
1528 struct sk_buff *skb;
1530 /* Send event to monitor */
1531 skb = create_monitor_ctrl_command(sk, index, opcode, len,
1532 buf + sizeof(*hdr));
1534 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1535 HCI_SOCK_TRUSTED, NULL);
1540 if (opcode >= chan->handler_count ||
1541 chan->handlers[opcode].func == NULL) {
1542 BT_DBG("Unknown op %u", opcode);
1543 err = mgmt_cmd_status(sk, index, opcode,
1544 MGMT_STATUS_UNKNOWN_COMMAND);
1548 handler = &chan->handlers[opcode];
1550 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1551 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1552 err = mgmt_cmd_status(sk, index, opcode,
1553 MGMT_STATUS_PERMISSION_DENIED);
1557 if (index != MGMT_INDEX_NONE) {
1558 hdev = hci_dev_get(index);
1560 err = mgmt_cmd_status(sk, index, opcode,
1561 MGMT_STATUS_INVALID_INDEX);
1565 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1566 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1567 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1568 err = mgmt_cmd_status(sk, index, opcode,
1569 MGMT_STATUS_INVALID_INDEX);
1573 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1574 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1575 err = mgmt_cmd_status(sk, index, opcode,
1576 MGMT_STATUS_INVALID_INDEX);
1581 if (!(handler->flags & HCI_MGMT_HDEV_OPTIONAL)) {
1582 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1583 if (no_hdev != !hdev) {
1584 err = mgmt_cmd_status(sk, index, opcode,
1585 MGMT_STATUS_INVALID_INDEX);
1590 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1591 if ((var_len && len < handler->data_len) ||
1592 (!var_len && len != handler->data_len)) {
1593 err = mgmt_cmd_status(sk, index, opcode,
1594 MGMT_STATUS_INVALID_PARAMS);
1598 if (hdev && chan->hdev_init)
1599 chan->hdev_init(sk, hdev);
1601 cp = buf + sizeof(*hdr);
1603 err = handler->func(sk, hdev, cp, len);
1617 static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1619 struct hci_mon_hdr *hdr;
1620 struct sk_buff *skb;
1621 struct hci_dev *hdev;
1625 /* The logging frame consists at minimum of the standard header,
1626 * the priority byte, the ident length byte and at least one string
1627 * terminator NUL byte. Anything shorter are invalid packets.
1629 if (len < sizeof(*hdr) + 3)
1632 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1636 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1641 hdr = (void *)skb->data;
1643 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1648 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1649 __u8 priority = skb->data[sizeof(*hdr)];
1650 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1652 /* Only the priorities 0-7 are valid and with that any other
1653 * value results in an invalid packet.
1655 * The priority byte is followed by an ident length byte and
1656 * the NUL terminated ident string. Check that the ident
1657 * length is not overflowing the packet and also that the
1658 * ident string itself is NUL terminated. In case the ident
1659 * length is zero, the length value actually doubles as NUL
1660 * terminator identifier.
1662 * The message follows the ident string (if present) and
1663 * must be NUL terminated. Otherwise it is not a valid packet.
1665 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1666 ident_len > len - sizeof(*hdr) - 3 ||
1667 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1676 index = __le16_to_cpu(hdr->index);
1678 if (index != MGMT_INDEX_NONE) {
1679 hdev = hci_dev_get(index);
1688 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1690 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1701 static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1704 struct sock *sk = sock->sk;
1705 struct hci_mgmt_chan *chan;
1706 struct hci_dev *hdev;
1707 struct sk_buff *skb;
1710 BT_DBG("sock %p sk %p", sock, sk);
1712 if (msg->msg_flags & MSG_OOB)
1715 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE|
1719 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1724 switch (hci_pi(sk)->channel) {
1725 case HCI_CHANNEL_RAW:
1726 case HCI_CHANNEL_USER:
1728 case HCI_CHANNEL_MONITOR:
1731 case HCI_CHANNEL_LOGGING:
1732 err = hci_logging_frame(sk, msg, len);
1735 mutex_lock(&mgmt_chan_list_lock);
1736 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1738 err = hci_mgmt_cmd(chan, sk, msg, len);
1742 mutex_unlock(&mgmt_chan_list_lock);
1746 hdev = hci_pi(sk)->hdev;
1752 if (!test_bit(HCI_UP, &hdev->flags)) {
1757 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1761 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1766 hci_skb_pkt_type(skb) = skb->data[0];
1769 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1770 /* No permission check is needed for user channel
1771 * since that gets enforced when binding the socket.
1773 * However check that the packet type is valid.
1775 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1776 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1777 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
1778 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
1783 skb_queue_tail(&hdev->raw_q, skb);
1784 queue_work(hdev->workqueue, &hdev->tx_work);
1785 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
1786 u16 opcode = get_unaligned_le16(skb->data);
1787 u16 ogf = hci_opcode_ogf(opcode);
1788 u16 ocf = hci_opcode_ocf(opcode);
1790 if (((ogf > HCI_SFLT_MAX_OGF) ||
1791 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1792 &hci_sec_filter.ocf_mask[ogf])) &&
1793 !capable(CAP_NET_RAW)) {
1798 /* Since the opcode has already been extracted here, store
1799 * a copy of the value for later use by the drivers.
1801 hci_skb_opcode(skb) = opcode;
1804 skb_queue_tail(&hdev->raw_q, skb);
1805 queue_work(hdev->workqueue, &hdev->tx_work);
1807 /* Stand-alone HCI commands must be flagged as
1808 * single-command requests.
1810 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
1812 skb_queue_tail(&hdev->cmd_q, skb);
1813 queue_work(hdev->workqueue, &hdev->cmd_work);
1816 if (!capable(CAP_NET_RAW)) {
1821 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1822 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
1823 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
1828 skb_queue_tail(&hdev->raw_q, skb);
1829 queue_work(hdev->workqueue, &hdev->tx_work);
1843 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1844 sockptr_t optval, unsigned int len)
1846 struct hci_ufilter uf = { .opcode = 0 };
1847 struct sock *sk = sock->sk;
1848 int err = 0, opt = 0;
1850 BT_DBG("sk %p, opt %d", sk, optname);
1852 if (level != SOL_HCI)
1853 return -ENOPROTOOPT;
1857 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1864 if (copy_from_sockptr(&opt, optval, sizeof(opt))) {
1870 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1872 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1875 case HCI_TIME_STAMP:
1876 if (copy_from_sockptr(&opt, optval, sizeof(opt))) {
1882 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1884 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1889 struct hci_filter *f = &hci_pi(sk)->filter;
1891 uf.type_mask = f->type_mask;
1892 uf.opcode = f->opcode;
1893 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1894 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1897 len = min_t(unsigned int, len, sizeof(uf));
1898 if (copy_from_sockptr(&uf, optval, len)) {
1903 if (!capable(CAP_NET_RAW)) {
1904 uf.type_mask &= hci_sec_filter.type_mask;
1905 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1906 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1910 struct hci_filter *f = &hci_pi(sk)->filter;
1912 f->type_mask = uf.type_mask;
1913 f->opcode = uf.opcode;
1914 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1915 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1929 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1930 char __user *optval, int __user *optlen)
1932 struct hci_ufilter uf;
1933 struct sock *sk = sock->sk;
1934 int len, opt, err = 0;
1936 BT_DBG("sk %p, opt %d", sk, optname);
1938 if (level != SOL_HCI)
1939 return -ENOPROTOOPT;
1941 if (get_user(len, optlen))
1946 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1953 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1958 if (put_user(opt, optval))
1962 case HCI_TIME_STAMP:
1963 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1968 if (put_user(opt, optval))
1974 struct hci_filter *f = &hci_pi(sk)->filter;
1976 memset(&uf, 0, sizeof(uf));
1977 uf.type_mask = f->type_mask;
1978 uf.opcode = f->opcode;
1979 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1980 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1983 len = min_t(unsigned int, len, sizeof(uf));
1984 if (copy_to_user(optval, &uf, len))
1998 static const struct proto_ops hci_sock_ops = {
1999 .family = PF_BLUETOOTH,
2000 .owner = THIS_MODULE,
2001 .release = hci_sock_release,
2002 .bind = hci_sock_bind,
2003 .getname = hci_sock_getname,
2004 .sendmsg = hci_sock_sendmsg,
2005 .recvmsg = hci_sock_recvmsg,
2006 .ioctl = hci_sock_ioctl,
2007 #ifdef CONFIG_COMPAT
2008 .compat_ioctl = hci_sock_compat_ioctl,
2010 .poll = datagram_poll,
2011 .listen = sock_no_listen,
2012 .shutdown = sock_no_shutdown,
2013 .setsockopt = hci_sock_setsockopt,
2014 .getsockopt = hci_sock_getsockopt,
2015 .connect = sock_no_connect,
2016 .socketpair = sock_no_socketpair,
2017 .accept = sock_no_accept,
2018 .mmap = sock_no_mmap
2021 static struct proto hci_sk_proto = {
2023 .owner = THIS_MODULE,
2024 .obj_size = sizeof(struct hci_pinfo)
2027 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
2032 BT_DBG("sock %p", sock);
2034 if (sock->type != SOCK_RAW)
2035 return -ESOCKTNOSUPPORT;
2037 sock->ops = &hci_sock_ops;
2039 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
2043 sock_init_data(sock, sk);
2045 sock_reset_flag(sk, SOCK_ZAPPED);
2047 sk->sk_protocol = protocol;
2049 sock->state = SS_UNCONNECTED;
2050 sk->sk_state = BT_OPEN;
2052 bt_sock_link(&hci_sk_list, sk);
2056 static const struct net_proto_family hci_sock_family_ops = {
2057 .family = PF_BLUETOOTH,
2058 .owner = THIS_MODULE,
2059 .create = hci_sock_create,
2062 int __init hci_sock_init(void)
2066 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
2068 err = proto_register(&hci_sk_proto, 0);
2072 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
2074 BT_ERR("HCI socket registration failed");
2078 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
2080 BT_ERR("Failed to create HCI proc file");
2081 bt_sock_unregister(BTPROTO_HCI);
2085 BT_INFO("HCI socket layer initialized");
2090 proto_unregister(&hci_sk_proto);
2094 void hci_sock_cleanup(void)
2096 bt_procfs_cleanup(&init_net, "hci");
2097 bt_sock_unregister(BTPROTO_HCI);
2098 proto_unregister(&hci_sk_proto);
projects / linux-2.6-microblaze.git / blob