2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
26 #include <linux/compat.h>
27 #include <linux/export.h>
28 #include <linux/utsname.h>
29 #include <linux/sched.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/hci_mon.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "mgmt_util.h"
39 static LIST_HEAD(mgmt_chan_list);
40 static DEFINE_MUTEX(mgmt_chan_list_lock);
42 static DEFINE_IDA(sock_cookie_ida);
44 static atomic_t monitor_promisc = ATOMIC_INIT(0);
46 /* ----- HCI socket interface ----- */
49 #define hci_pi(sk) ((struct hci_pinfo *) sk)
54 struct hci_filter filter;
56 unsigned short channel;
59 char comm[TASK_COMM_LEN];
62 static struct hci_dev *hci_hdev_from_sock(struct sock *sk)
64 struct hci_dev *hdev = hci_pi(sk)->hdev;
67 return ERR_PTR(-EBADFD);
68 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
69 return ERR_PTR(-EPIPE);
73 void hci_sock_set_flag(struct sock *sk, int nr)
75 set_bit(nr, &hci_pi(sk)->flags);
78 void hci_sock_clear_flag(struct sock *sk, int nr)
80 clear_bit(nr, &hci_pi(sk)->flags);
83 int hci_sock_test_flag(struct sock *sk, int nr)
85 return test_bit(nr, &hci_pi(sk)->flags);
88 unsigned short hci_sock_get_channel(struct sock *sk)
90 return hci_pi(sk)->channel;
93 u32 hci_sock_get_cookie(struct sock *sk)
95 return hci_pi(sk)->cookie;
98 static bool hci_sock_gen_cookie(struct sock *sk)
100 int id = hci_pi(sk)->cookie;
103 id = ida_simple_get(&sock_cookie_ida, 1, 0, GFP_KERNEL);
107 hci_pi(sk)->cookie = id;
108 get_task_comm(hci_pi(sk)->comm, current);
115 static void hci_sock_free_cookie(struct sock *sk)
117 int id = hci_pi(sk)->cookie;
120 hci_pi(sk)->cookie = 0xffffffff;
121 ida_simple_remove(&sock_cookie_ida, id);
125 static inline int hci_test_bit(int nr, const void *addr)
127 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
130 /* Security filter */
131 #define HCI_SFLT_MAX_OGF 5
133 struct hci_sec_filter {
136 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
139 static const struct hci_sec_filter hci_sec_filter = {
143 { 0x1000d9fe, 0x0000b00c },
148 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
149 /* OGF_LINK_POLICY */
150 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
152 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
154 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
155 /* OGF_STATUS_PARAM */
156 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
160 static struct bt_sock_list hci_sk_list = {
161 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
164 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
166 struct hci_filter *flt;
167 int flt_type, flt_event;
170 flt = &hci_pi(sk)->filter;
172 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
174 if (!test_bit(flt_type, &flt->type_mask))
177 /* Extra filter for event packets only */
178 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
181 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
183 if (!hci_test_bit(flt_event, &flt->event_mask))
186 /* Check filter only when opcode is set */
190 if (flt_event == HCI_EV_CMD_COMPLETE &&
191 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
194 if (flt_event == HCI_EV_CMD_STATUS &&
195 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
201 /* Send frame to RAW socket */
202 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
205 struct sk_buff *skb_copy = NULL;
207 BT_DBG("hdev %p len %d", hdev, skb->len);
209 read_lock(&hci_sk_list.lock);
211 sk_for_each(sk, &hci_sk_list.head) {
212 struct sk_buff *nskb;
214 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
217 /* Don't send frame to the socket it came from */
221 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
222 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
223 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
224 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
225 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
226 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT)
228 if (is_filtered_packet(sk, skb))
230 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
231 if (!bt_cb(skb)->incoming)
233 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
234 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
235 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
236 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT)
239 /* Don't send frame to other channel types */
244 /* Create a private copy with headroom */
245 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
249 /* Put type byte before the data */
250 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
253 nskb = skb_clone(skb_copy, GFP_ATOMIC);
257 if (sock_queue_rcv_skb(sk, nskb))
261 read_unlock(&hci_sk_list.lock);
266 /* Send frame to sockets with specific channel */
267 static void __hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
268 int flag, struct sock *skip_sk)
272 BT_DBG("channel %u len %d", channel, skb->len);
274 sk_for_each(sk, &hci_sk_list.head) {
275 struct sk_buff *nskb;
277 /* Ignore socket without the flag set */
278 if (!hci_sock_test_flag(sk, flag))
281 /* Skip the original socket */
285 if (sk->sk_state != BT_BOUND)
288 if (hci_pi(sk)->channel != channel)
291 nskb = skb_clone(skb, GFP_ATOMIC);
295 if (sock_queue_rcv_skb(sk, nskb))
301 void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
302 int flag, struct sock *skip_sk)
304 read_lock(&hci_sk_list.lock);
305 __hci_send_to_channel(channel, skb, flag, skip_sk);
306 read_unlock(&hci_sk_list.lock);
309 /* Send frame to monitor socket */
310 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
312 struct sk_buff *skb_copy = NULL;
313 struct hci_mon_hdr *hdr;
316 if (!atomic_read(&monitor_promisc))
319 BT_DBG("hdev %p len %d", hdev, skb->len);
321 switch (hci_skb_pkt_type(skb)) {
322 case HCI_COMMAND_PKT:
323 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
326 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
328 case HCI_ACLDATA_PKT:
329 if (bt_cb(skb)->incoming)
330 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
332 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
334 case HCI_SCODATA_PKT:
335 if (bt_cb(skb)->incoming)
336 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
338 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
340 case HCI_ISODATA_PKT:
341 if (bt_cb(skb)->incoming)
342 opcode = cpu_to_le16(HCI_MON_ISO_RX_PKT);
344 opcode = cpu_to_le16(HCI_MON_ISO_TX_PKT);
347 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
353 /* Create a private copy with headroom */
354 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
358 /* Put header before the data */
359 hdr = skb_push(skb_copy, HCI_MON_HDR_SIZE);
360 hdr->opcode = opcode;
361 hdr->index = cpu_to_le16(hdev->id);
362 hdr->len = cpu_to_le16(skb->len);
364 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
365 HCI_SOCK_TRUSTED, NULL);
369 void hci_send_monitor_ctrl_event(struct hci_dev *hdev, u16 event,
370 void *data, u16 data_len, ktime_t tstamp,
371 int flag, struct sock *skip_sk)
377 index = cpu_to_le16(hdev->id);
379 index = cpu_to_le16(MGMT_INDEX_NONE);
381 read_lock(&hci_sk_list.lock);
383 sk_for_each(sk, &hci_sk_list.head) {
384 struct hci_mon_hdr *hdr;
387 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
390 /* Ignore socket without the flag set */
391 if (!hci_sock_test_flag(sk, flag))
394 /* Skip the original socket */
398 skb = bt_skb_alloc(6 + data_len, GFP_ATOMIC);
402 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
403 put_unaligned_le16(event, skb_put(skb, 2));
406 skb_put_data(skb, data, data_len);
408 skb->tstamp = tstamp;
410 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
411 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_EVENT);
413 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
415 __hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
416 HCI_SOCK_TRUSTED, NULL);
420 read_unlock(&hci_sk_list.lock);
423 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
425 struct hci_mon_hdr *hdr;
426 struct hci_mon_new_index *ni;
427 struct hci_mon_index_info *ii;
433 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
437 ni = skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
438 ni->type = hdev->dev_type;
440 bacpy(&ni->bdaddr, &hdev->bdaddr);
441 memcpy(ni->name, hdev->name, 8);
443 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
447 skb = bt_skb_alloc(0, GFP_ATOMIC);
451 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
455 if (hdev->manufacturer == 0xffff)
460 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
464 ii = skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
465 bacpy(&ii->bdaddr, &hdev->bdaddr);
466 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
468 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
472 skb = bt_skb_alloc(0, GFP_ATOMIC);
476 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
480 skb = bt_skb_alloc(0, GFP_ATOMIC);
484 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
491 __net_timestamp(skb);
493 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
494 hdr->opcode = opcode;
495 hdr->index = cpu_to_le16(hdev->id);
496 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
501 static struct sk_buff *create_monitor_ctrl_open(struct sock *sk)
503 struct hci_mon_hdr *hdr;
509 /* No message needed when cookie is not present */
510 if (!hci_pi(sk)->cookie)
513 switch (hci_pi(sk)->channel) {
514 case HCI_CHANNEL_RAW:
516 ver[0] = BT_SUBSYS_VERSION;
517 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
519 case HCI_CHANNEL_USER:
521 ver[0] = BT_SUBSYS_VERSION;
522 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
524 case HCI_CHANNEL_CONTROL:
526 mgmt_fill_version_info(ver);
529 /* No message for unsupported format */
533 skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
537 flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
539 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
540 put_unaligned_le16(format, skb_put(skb, 2));
541 skb_put_data(skb, ver, sizeof(ver));
542 put_unaligned_le32(flags, skb_put(skb, 4));
543 skb_put_u8(skb, TASK_COMM_LEN);
544 skb_put_data(skb, hci_pi(sk)->comm, TASK_COMM_LEN);
546 __net_timestamp(skb);
548 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
549 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_OPEN);
550 if (hci_pi(sk)->hdev)
551 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
553 hdr->index = cpu_to_le16(HCI_DEV_NONE);
554 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
559 static struct sk_buff *create_monitor_ctrl_close(struct sock *sk)
561 struct hci_mon_hdr *hdr;
564 /* No message needed when cookie is not present */
565 if (!hci_pi(sk)->cookie)
568 switch (hci_pi(sk)->channel) {
569 case HCI_CHANNEL_RAW:
570 case HCI_CHANNEL_USER:
571 case HCI_CHANNEL_CONTROL:
574 /* No message for unsupported format */
578 skb = bt_skb_alloc(4, GFP_ATOMIC);
582 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
584 __net_timestamp(skb);
586 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
587 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_CLOSE);
588 if (hci_pi(sk)->hdev)
589 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
591 hdr->index = cpu_to_le16(HCI_DEV_NONE);
592 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
597 static struct sk_buff *create_monitor_ctrl_command(struct sock *sk, u16 index,
601 struct hci_mon_hdr *hdr;
604 skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
608 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
609 put_unaligned_le16(opcode, skb_put(skb, 2));
612 skb_put_data(skb, buf, len);
614 __net_timestamp(skb);
616 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
617 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_COMMAND);
618 hdr->index = cpu_to_le16(index);
619 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
624 static void __printf(2, 3)
625 send_monitor_note(struct sock *sk, const char *fmt, ...)
628 struct hci_mon_hdr *hdr;
633 len = vsnprintf(NULL, 0, fmt, args);
636 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
641 vsprintf(skb_put(skb, len), fmt, args);
642 *(u8 *)skb_put(skb, 1) = 0;
645 __net_timestamp(skb);
647 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
648 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
649 hdr->index = cpu_to_le16(HCI_DEV_NONE);
650 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
652 if (sock_queue_rcv_skb(sk, skb))
656 static void send_monitor_replay(struct sock *sk)
658 struct hci_dev *hdev;
660 read_lock(&hci_dev_list_lock);
662 list_for_each_entry(hdev, &hci_dev_list, list) {
665 skb = create_monitor_event(hdev, HCI_DEV_REG);
669 if (sock_queue_rcv_skb(sk, skb))
672 if (!test_bit(HCI_RUNNING, &hdev->flags))
675 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
679 if (sock_queue_rcv_skb(sk, skb))
682 if (test_bit(HCI_UP, &hdev->flags))
683 skb = create_monitor_event(hdev, HCI_DEV_UP);
684 else if (hci_dev_test_flag(hdev, HCI_SETUP))
685 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
690 if (sock_queue_rcv_skb(sk, skb))
695 read_unlock(&hci_dev_list_lock);
698 static void send_monitor_control_replay(struct sock *mon_sk)
702 read_lock(&hci_sk_list.lock);
704 sk_for_each(sk, &hci_sk_list.head) {
707 skb = create_monitor_ctrl_open(sk);
711 if (sock_queue_rcv_skb(mon_sk, skb))
715 read_unlock(&hci_sk_list.lock);
718 /* Generate internal stack event */
719 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
721 struct hci_event_hdr *hdr;
722 struct hci_ev_stack_internal *ev;
725 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
729 hdr = skb_put(skb, HCI_EVENT_HDR_SIZE);
730 hdr->evt = HCI_EV_STACK_INTERNAL;
731 hdr->plen = sizeof(*ev) + dlen;
733 ev = skb_put(skb, sizeof(*ev) + dlen);
735 memcpy(ev->data, data, dlen);
737 bt_cb(skb)->incoming = 1;
738 __net_timestamp(skb);
740 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
741 hci_send_to_sock(hdev, skb);
745 void hci_sock_dev_event(struct hci_dev *hdev, int event)
747 BT_DBG("hdev %s event %d", hdev->name, event);
749 if (atomic_read(&monitor_promisc)) {
752 /* Send event to monitor */
753 skb = create_monitor_event(hdev, event);
755 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
756 HCI_SOCK_TRUSTED, NULL);
761 if (event <= HCI_DEV_DOWN) {
762 struct hci_ev_si_device ev;
764 /* Send event to sockets */
766 ev.dev_id = hdev->id;
767 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
770 if (event == HCI_DEV_UNREG) {
773 /* Wake up sockets using this dead device */
774 read_lock(&hci_sk_list.lock);
775 sk_for_each(sk, &hci_sk_list.head) {
776 if (hci_pi(sk)->hdev == hdev) {
778 sk->sk_state_change(sk);
781 read_unlock(&hci_sk_list.lock);
785 static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
787 struct hci_mgmt_chan *c;
789 list_for_each_entry(c, &mgmt_chan_list, list) {
790 if (c->channel == channel)
797 static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
799 struct hci_mgmt_chan *c;
801 mutex_lock(&mgmt_chan_list_lock);
802 c = __hci_mgmt_chan_find(channel);
803 mutex_unlock(&mgmt_chan_list_lock);
808 int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
810 if (c->channel < HCI_CHANNEL_CONTROL)
813 mutex_lock(&mgmt_chan_list_lock);
814 if (__hci_mgmt_chan_find(c->channel)) {
815 mutex_unlock(&mgmt_chan_list_lock);
819 list_add_tail(&c->list, &mgmt_chan_list);
821 mutex_unlock(&mgmt_chan_list_lock);
825 EXPORT_SYMBOL(hci_mgmt_chan_register);
827 void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
829 mutex_lock(&mgmt_chan_list_lock);
831 mutex_unlock(&mgmt_chan_list_lock);
833 EXPORT_SYMBOL(hci_mgmt_chan_unregister);
835 static int hci_sock_release(struct socket *sock)
837 struct sock *sk = sock->sk;
838 struct hci_dev *hdev;
841 BT_DBG("sock %p sk %p", sock, sk);
848 switch (hci_pi(sk)->channel) {
849 case HCI_CHANNEL_MONITOR:
850 atomic_dec(&monitor_promisc);
852 case HCI_CHANNEL_RAW:
853 case HCI_CHANNEL_USER:
854 case HCI_CHANNEL_CONTROL:
855 /* Send event to monitor */
856 skb = create_monitor_ctrl_close(sk);
858 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
859 HCI_SOCK_TRUSTED, NULL);
863 hci_sock_free_cookie(sk);
867 bt_sock_unlink(&hci_sk_list, sk);
869 hdev = hci_pi(sk)->hdev;
871 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
872 /* When releasing a user channel exclusive access,
873 * call hci_dev_do_close directly instead of calling
874 * hci_dev_close to ensure the exclusive access will
875 * be released and the controller brought back down.
877 * The checking of HCI_AUTO_OFF is not needed in this
878 * case since it will have been cleared already when
879 * opening the user channel.
881 hci_dev_do_close(hdev);
882 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
883 mgmt_index_added(hdev);
886 atomic_dec(&hdev->promisc);
892 skb_queue_purge(&sk->sk_receive_queue);
893 skb_queue_purge(&sk->sk_write_queue);
900 static int hci_sock_reject_list_add(struct hci_dev *hdev, void __user *arg)
905 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
910 err = hci_bdaddr_list_add(&hdev->reject_list, &bdaddr, BDADDR_BREDR);
912 hci_dev_unlock(hdev);
917 static int hci_sock_reject_list_del(struct hci_dev *hdev, void __user *arg)
922 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
927 err = hci_bdaddr_list_del(&hdev->reject_list, &bdaddr, BDADDR_BREDR);
929 hci_dev_unlock(hdev);
934 /* Ioctls that require bound socket */
935 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
938 struct hci_dev *hdev = hci_hdev_from_sock(sk);
941 return PTR_ERR(hdev);
943 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
946 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
949 if (hdev->dev_type != HCI_PRIMARY)
954 if (!capable(CAP_NET_ADMIN))
959 return hci_get_conn_info(hdev, (void __user *)arg);
962 return hci_get_auth_info(hdev, (void __user *)arg);
965 if (!capable(CAP_NET_ADMIN))
967 return hci_sock_reject_list_add(hdev, (void __user *)arg);
970 if (!capable(CAP_NET_ADMIN))
972 return hci_sock_reject_list_del(hdev, (void __user *)arg);
978 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
981 void __user *argp = (void __user *)arg;
982 struct sock *sk = sock->sk;
985 BT_DBG("cmd %x arg %lx", cmd, arg);
989 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
994 /* When calling an ioctl on an unbound raw socket, then ensure
995 * that the monitor gets informed. Ensure that the resulting event
996 * is only send once by checking if the cookie exists or not. The
997 * socket cookie will be only ever generated once for the lifetime
1000 if (hci_sock_gen_cookie(sk)) {
1001 struct sk_buff *skb;
1003 if (capable(CAP_NET_ADMIN))
1004 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1006 /* Send event to monitor */
1007 skb = create_monitor_ctrl_open(sk);
1009 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1010 HCI_SOCK_TRUSTED, NULL);
1019 return hci_get_dev_list(argp);
1022 return hci_get_dev_info(argp);
1024 case HCIGETCONNLIST:
1025 return hci_get_conn_list(argp);
1028 if (!capable(CAP_NET_ADMIN))
1030 return hci_dev_open(arg);
1033 if (!capable(CAP_NET_ADMIN))
1035 return hci_dev_close(arg);
1038 if (!capable(CAP_NET_ADMIN))
1040 return hci_dev_reset(arg);
1043 if (!capable(CAP_NET_ADMIN))
1045 return hci_dev_reset_stat(arg);
1052 case HCISETLINKMODE:
1055 if (!capable(CAP_NET_ADMIN))
1057 return hci_dev_cmd(cmd, argp);
1060 return hci_inquiry(argp);
1065 err = hci_sock_bound_ioctl(sk, cmd, arg);
1072 #ifdef CONFIG_COMPAT
1073 static int hci_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
1081 return hci_sock_ioctl(sock, cmd, arg);
1084 return hci_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
1088 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
1091 struct sockaddr_hci haddr;
1092 struct sock *sk = sock->sk;
1093 struct hci_dev *hdev = NULL;
1094 struct sk_buff *skb;
1097 BT_DBG("sock %p sk %p", sock, sk);
1102 memset(&haddr, 0, sizeof(haddr));
1103 len = min_t(unsigned int, sizeof(haddr), addr_len);
1104 memcpy(&haddr, addr, len);
1106 if (haddr.hci_family != AF_BLUETOOTH)
1111 /* Allow detaching from dead device and attaching to alive device, if
1112 * the caller wants to re-bind (instead of close) this socket in
1113 * response to hci_sock_dev_event(HCI_DEV_UNREG) notification.
1115 hdev = hci_pi(sk)->hdev;
1116 if (hdev && hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1117 hci_pi(sk)->hdev = NULL;
1118 sk->sk_state = BT_OPEN;
1123 if (sk->sk_state == BT_BOUND) {
1128 switch (haddr.hci_channel) {
1129 case HCI_CHANNEL_RAW:
1130 if (hci_pi(sk)->hdev) {
1135 if (haddr.hci_dev != HCI_DEV_NONE) {
1136 hdev = hci_dev_get(haddr.hci_dev);
1142 atomic_inc(&hdev->promisc);
1145 hci_pi(sk)->channel = haddr.hci_channel;
1147 if (!hci_sock_gen_cookie(sk)) {
1148 /* In the case when a cookie has already been assigned,
1149 * then there has been already an ioctl issued against
1150 * an unbound socket and with that triggered an open
1151 * notification. Send a close notification first to
1152 * allow the state transition to bounded.
1154 skb = create_monitor_ctrl_close(sk);
1156 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1157 HCI_SOCK_TRUSTED, NULL);
1162 if (capable(CAP_NET_ADMIN))
1163 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1165 hci_pi(sk)->hdev = hdev;
1167 /* Send event to monitor */
1168 skb = create_monitor_ctrl_open(sk);
1170 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1171 HCI_SOCK_TRUSTED, NULL);
1176 case HCI_CHANNEL_USER:
1177 if (hci_pi(sk)->hdev) {
1182 if (haddr.hci_dev == HCI_DEV_NONE) {
1187 if (!capable(CAP_NET_ADMIN)) {
1192 hdev = hci_dev_get(haddr.hci_dev);
1198 if (test_bit(HCI_INIT, &hdev->flags) ||
1199 hci_dev_test_flag(hdev, HCI_SETUP) ||
1200 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1201 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1202 test_bit(HCI_UP, &hdev->flags))) {
1208 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
1214 mgmt_index_removed(hdev);
1216 err = hci_dev_open(hdev->id);
1218 if (err == -EALREADY) {
1219 /* In case the transport is already up and
1220 * running, clear the error here.
1222 * This can happen when opening a user
1223 * channel and HCI_AUTO_OFF grace period
1228 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
1229 mgmt_index_added(hdev);
1235 hci_pi(sk)->channel = haddr.hci_channel;
1237 if (!hci_sock_gen_cookie(sk)) {
1238 /* In the case when a cookie has already been assigned,
1239 * this socket will transition from a raw socket into
1240 * a user channel socket. For a clean transition, send
1241 * the close notification first.
1243 skb = create_monitor_ctrl_close(sk);
1245 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1246 HCI_SOCK_TRUSTED, NULL);
1251 /* The user channel is restricted to CAP_NET_ADMIN
1252 * capabilities and with that implicitly trusted.
1254 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1256 hci_pi(sk)->hdev = hdev;
1258 /* Send event to monitor */
1259 skb = create_monitor_ctrl_open(sk);
1261 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1262 HCI_SOCK_TRUSTED, NULL);
1266 atomic_inc(&hdev->promisc);
1269 case HCI_CHANNEL_MONITOR:
1270 if (haddr.hci_dev != HCI_DEV_NONE) {
1275 if (!capable(CAP_NET_RAW)) {
1280 hci_pi(sk)->channel = haddr.hci_channel;
1282 /* The monitor interface is restricted to CAP_NET_RAW
1283 * capabilities and with that implicitly trusted.
1285 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1287 send_monitor_note(sk, "Linux version %s (%s)",
1288 init_utsname()->release,
1289 init_utsname()->machine);
1290 send_monitor_note(sk, "Bluetooth subsystem version %u.%u",
1291 BT_SUBSYS_VERSION, BT_SUBSYS_REVISION);
1292 send_monitor_replay(sk);
1293 send_monitor_control_replay(sk);
1295 atomic_inc(&monitor_promisc);
1298 case HCI_CHANNEL_LOGGING:
1299 if (haddr.hci_dev != HCI_DEV_NONE) {
1304 if (!capable(CAP_NET_ADMIN)) {
1309 hci_pi(sk)->channel = haddr.hci_channel;
1313 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
1318 if (haddr.hci_dev != HCI_DEV_NONE) {
1323 /* Users with CAP_NET_ADMIN capabilities are allowed
1324 * access to all management commands and events. For
1325 * untrusted users the interface is restricted and
1326 * also only untrusted events are sent.
1328 if (capable(CAP_NET_ADMIN))
1329 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1331 hci_pi(sk)->channel = haddr.hci_channel;
1333 /* At the moment the index and unconfigured index events
1334 * are enabled unconditionally. Setting them on each
1335 * socket when binding keeps this functionality. They
1336 * however might be cleared later and then sending of these
1337 * events will be disabled, but that is then intentional.
1339 * This also enables generic events that are safe to be
1340 * received by untrusted users. Example for such events
1341 * are changes to settings, class of device, name etc.
1343 if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
1344 if (!hci_sock_gen_cookie(sk)) {
1345 /* In the case when a cookie has already been
1346 * assigned, this socket will transition from
1347 * a raw socket into a control socket. To
1348 * allow for a clean transition, send the
1349 * close notification first.
1351 skb = create_monitor_ctrl_close(sk);
1353 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1354 HCI_SOCK_TRUSTED, NULL);
1359 /* Send event to monitor */
1360 skb = create_monitor_ctrl_open(sk);
1362 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1363 HCI_SOCK_TRUSTED, NULL);
1367 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
1368 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
1369 hci_sock_set_flag(sk, HCI_MGMT_OPTION_EVENTS);
1370 hci_sock_set_flag(sk, HCI_MGMT_SETTING_EVENTS);
1371 hci_sock_set_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1372 hci_sock_set_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1377 sk->sk_state = BT_BOUND;
1384 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
1387 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
1388 struct sock *sk = sock->sk;
1389 struct hci_dev *hdev;
1392 BT_DBG("sock %p sk %p", sock, sk);
1399 hdev = hci_hdev_from_sock(sk);
1401 err = PTR_ERR(hdev);
1405 haddr->hci_family = AF_BLUETOOTH;
1406 haddr->hci_dev = hdev->id;
1407 haddr->hci_channel= hci_pi(sk)->channel;
1408 err = sizeof(*haddr);
1415 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
1416 struct sk_buff *skb)
1418 __u8 mask = hci_pi(sk)->cmsg_mask;
1420 if (mask & HCI_CMSG_DIR) {
1421 int incoming = bt_cb(skb)->incoming;
1422 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1426 if (mask & HCI_CMSG_TSTAMP) {
1427 #ifdef CONFIG_COMPAT
1428 struct old_timeval32 ctv;
1430 struct __kernel_old_timeval tv;
1434 skb_get_timestamp(skb, &tv);
1438 #ifdef CONFIG_COMPAT
1439 if (!COMPAT_USE_64BIT_TIME &&
1440 (msg->msg_flags & MSG_CMSG_COMPAT)) {
1441 ctv.tv_sec = tv.tv_sec;
1442 ctv.tv_usec = tv.tv_usec;
1448 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
1452 static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1453 size_t len, int flags)
1455 int noblock = flags & MSG_DONTWAIT;
1456 struct sock *sk = sock->sk;
1457 struct sk_buff *skb;
1459 unsigned int skblen;
1461 BT_DBG("sock %p, sk %p", sock, sk);
1463 if (flags & MSG_OOB)
1466 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1469 if (sk->sk_state == BT_CLOSED)
1472 skb = skb_recv_datagram(sk, flags, noblock, &err);
1479 msg->msg_flags |= MSG_TRUNC;
1483 skb_reset_transport_header(skb);
1484 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1486 switch (hci_pi(sk)->channel) {
1487 case HCI_CHANNEL_RAW:
1488 hci_sock_cmsg(sk, msg, skb);
1490 case HCI_CHANNEL_USER:
1491 case HCI_CHANNEL_MONITOR:
1492 sock_recv_timestamp(msg, sk, skb);
1495 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1496 sock_recv_timestamp(msg, sk, skb);
1500 skb_free_datagram(sk, skb);
1502 if (flags & MSG_TRUNC)
1505 return err ? : copied;
1508 static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1509 struct msghdr *msg, size_t msglen)
1513 struct mgmt_hdr *hdr;
1514 u16 opcode, index, len;
1515 struct hci_dev *hdev = NULL;
1516 const struct hci_mgmt_handler *handler;
1517 bool var_len, no_hdev;
1520 BT_DBG("got %zu bytes", msglen);
1522 if (msglen < sizeof(*hdr))
1525 buf = kmalloc(msglen, GFP_KERNEL);
1529 if (memcpy_from_msg(buf, msg, msglen)) {
1535 opcode = __le16_to_cpu(hdr->opcode);
1536 index = __le16_to_cpu(hdr->index);
1537 len = __le16_to_cpu(hdr->len);
1539 if (len != msglen - sizeof(*hdr)) {
1544 if (chan->channel == HCI_CHANNEL_CONTROL) {
1545 struct sk_buff *skb;
1547 /* Send event to monitor */
1548 skb = create_monitor_ctrl_command(sk, index, opcode, len,
1549 buf + sizeof(*hdr));
1551 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1552 HCI_SOCK_TRUSTED, NULL);
1557 if (opcode >= chan->handler_count ||
1558 chan->handlers[opcode].func == NULL) {
1559 BT_DBG("Unknown op %u", opcode);
1560 err = mgmt_cmd_status(sk, index, opcode,
1561 MGMT_STATUS_UNKNOWN_COMMAND);
1565 handler = &chan->handlers[opcode];
1567 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1568 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1569 err = mgmt_cmd_status(sk, index, opcode,
1570 MGMT_STATUS_PERMISSION_DENIED);
1574 if (index != MGMT_INDEX_NONE) {
1575 hdev = hci_dev_get(index);
1577 err = mgmt_cmd_status(sk, index, opcode,
1578 MGMT_STATUS_INVALID_INDEX);
1582 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1583 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1584 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1585 err = mgmt_cmd_status(sk, index, opcode,
1586 MGMT_STATUS_INVALID_INDEX);
1590 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1591 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1592 err = mgmt_cmd_status(sk, index, opcode,
1593 MGMT_STATUS_INVALID_INDEX);
1598 if (!(handler->flags & HCI_MGMT_HDEV_OPTIONAL)) {
1599 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1600 if (no_hdev != !hdev) {
1601 err = mgmt_cmd_status(sk, index, opcode,
1602 MGMT_STATUS_INVALID_INDEX);
1607 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1608 if ((var_len && len < handler->data_len) ||
1609 (!var_len && len != handler->data_len)) {
1610 err = mgmt_cmd_status(sk, index, opcode,
1611 MGMT_STATUS_INVALID_PARAMS);
1615 if (hdev && chan->hdev_init)
1616 chan->hdev_init(sk, hdev);
1618 cp = buf + sizeof(*hdr);
1620 err = handler->func(sk, hdev, cp, len);
1634 static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1636 struct hci_mon_hdr *hdr;
1637 struct sk_buff *skb;
1638 struct hci_dev *hdev;
1642 /* The logging frame consists at minimum of the standard header,
1643 * the priority byte, the ident length byte and at least one string
1644 * terminator NUL byte. Anything shorter are invalid packets.
1646 if (len < sizeof(*hdr) + 3)
1649 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1653 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1658 hdr = (void *)skb->data;
1660 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1665 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1666 __u8 priority = skb->data[sizeof(*hdr)];
1667 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1669 /* Only the priorities 0-7 are valid and with that any other
1670 * value results in an invalid packet.
1672 * The priority byte is followed by an ident length byte and
1673 * the NUL terminated ident string. Check that the ident
1674 * length is not overflowing the packet and also that the
1675 * ident string itself is NUL terminated. In case the ident
1676 * length is zero, the length value actually doubles as NUL
1677 * terminator identifier.
1679 * The message follows the ident string (if present) and
1680 * must be NUL terminated. Otherwise it is not a valid packet.
1682 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1683 ident_len > len - sizeof(*hdr) - 3 ||
1684 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1693 index = __le16_to_cpu(hdr->index);
1695 if (index != MGMT_INDEX_NONE) {
1696 hdev = hci_dev_get(index);
1705 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1707 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1718 static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1721 struct sock *sk = sock->sk;
1722 struct hci_mgmt_chan *chan;
1723 struct hci_dev *hdev;
1724 struct sk_buff *skb;
1727 BT_DBG("sock %p sk %p", sock, sk);
1729 if (msg->msg_flags & MSG_OOB)
1732 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE|
1736 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1741 switch (hci_pi(sk)->channel) {
1742 case HCI_CHANNEL_RAW:
1743 case HCI_CHANNEL_USER:
1745 case HCI_CHANNEL_MONITOR:
1748 case HCI_CHANNEL_LOGGING:
1749 err = hci_logging_frame(sk, msg, len);
1752 mutex_lock(&mgmt_chan_list_lock);
1753 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1755 err = hci_mgmt_cmd(chan, sk, msg, len);
1759 mutex_unlock(&mgmt_chan_list_lock);
1763 hdev = hci_hdev_from_sock(sk);
1765 err = PTR_ERR(hdev);
1769 if (!test_bit(HCI_UP, &hdev->flags)) {
1774 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1778 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1783 hci_skb_pkt_type(skb) = skb->data[0];
1786 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1787 /* No permission check is needed for user channel
1788 * since that gets enforced when binding the socket.
1790 * However check that the packet type is valid.
1792 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1793 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1794 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
1795 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
1800 skb_queue_tail(&hdev->raw_q, skb);
1801 queue_work(hdev->workqueue, &hdev->tx_work);
1802 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
1803 u16 opcode = get_unaligned_le16(skb->data);
1804 u16 ogf = hci_opcode_ogf(opcode);
1805 u16 ocf = hci_opcode_ocf(opcode);
1807 if (((ogf > HCI_SFLT_MAX_OGF) ||
1808 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1809 &hci_sec_filter.ocf_mask[ogf])) &&
1810 !capable(CAP_NET_RAW)) {
1815 /* Since the opcode has already been extracted here, store
1816 * a copy of the value for later use by the drivers.
1818 hci_skb_opcode(skb) = opcode;
1821 skb_queue_tail(&hdev->raw_q, skb);
1822 queue_work(hdev->workqueue, &hdev->tx_work);
1824 /* Stand-alone HCI commands must be flagged as
1825 * single-command requests.
1827 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
1829 skb_queue_tail(&hdev->cmd_q, skb);
1830 queue_work(hdev->workqueue, &hdev->cmd_work);
1833 if (!capable(CAP_NET_RAW)) {
1838 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1839 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
1840 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
1845 skb_queue_tail(&hdev->raw_q, skb);
1846 queue_work(hdev->workqueue, &hdev->tx_work);
1860 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1861 sockptr_t optval, unsigned int len)
1863 struct hci_ufilter uf = { .opcode = 0 };
1864 struct sock *sk = sock->sk;
1865 int err = 0, opt = 0;
1867 BT_DBG("sk %p, opt %d", sk, optname);
1869 if (level != SOL_HCI)
1870 return -ENOPROTOOPT;
1874 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1881 if (copy_from_sockptr(&opt, optval, sizeof(opt))) {
1887 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1889 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1892 case HCI_TIME_STAMP:
1893 if (copy_from_sockptr(&opt, optval, sizeof(opt))) {
1899 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1901 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1906 struct hci_filter *f = &hci_pi(sk)->filter;
1908 uf.type_mask = f->type_mask;
1909 uf.opcode = f->opcode;
1910 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1911 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1914 len = min_t(unsigned int, len, sizeof(uf));
1915 if (copy_from_sockptr(&uf, optval, len)) {
1920 if (!capable(CAP_NET_RAW)) {
1921 uf.type_mask &= hci_sec_filter.type_mask;
1922 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1923 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1927 struct hci_filter *f = &hci_pi(sk)->filter;
1929 f->type_mask = uf.type_mask;
1930 f->opcode = uf.opcode;
1931 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1932 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1946 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1947 char __user *optval, int __user *optlen)
1949 struct hci_ufilter uf;
1950 struct sock *sk = sock->sk;
1951 int len, opt, err = 0;
1953 BT_DBG("sk %p, opt %d", sk, optname);
1955 if (level != SOL_HCI)
1956 return -ENOPROTOOPT;
1958 if (get_user(len, optlen))
1963 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1970 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1975 if (put_user(opt, optval))
1979 case HCI_TIME_STAMP:
1980 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1985 if (put_user(opt, optval))
1991 struct hci_filter *f = &hci_pi(sk)->filter;
1993 memset(&uf, 0, sizeof(uf));
1994 uf.type_mask = f->type_mask;
1995 uf.opcode = f->opcode;
1996 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1997 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
2000 len = min_t(unsigned int, len, sizeof(uf));
2001 if (copy_to_user(optval, &uf, len))
2015 static const struct proto_ops hci_sock_ops = {
2016 .family = PF_BLUETOOTH,
2017 .owner = THIS_MODULE,
2018 .release = hci_sock_release,
2019 .bind = hci_sock_bind,
2020 .getname = hci_sock_getname,
2021 .sendmsg = hci_sock_sendmsg,
2022 .recvmsg = hci_sock_recvmsg,
2023 .ioctl = hci_sock_ioctl,
2024 #ifdef CONFIG_COMPAT
2025 .compat_ioctl = hci_sock_compat_ioctl,
2027 .poll = datagram_poll,
2028 .listen = sock_no_listen,
2029 .shutdown = sock_no_shutdown,
2030 .setsockopt = hci_sock_setsockopt,
2031 .getsockopt = hci_sock_getsockopt,
2032 .connect = sock_no_connect,
2033 .socketpair = sock_no_socketpair,
2034 .accept = sock_no_accept,
2035 .mmap = sock_no_mmap
2038 static struct proto hci_sk_proto = {
2040 .owner = THIS_MODULE,
2041 .obj_size = sizeof(struct hci_pinfo)
2044 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
2049 BT_DBG("sock %p", sock);
2051 if (sock->type != SOCK_RAW)
2052 return -ESOCKTNOSUPPORT;
2054 sock->ops = &hci_sock_ops;
2056 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
2060 sock_init_data(sock, sk);
2062 sock_reset_flag(sk, SOCK_ZAPPED);
2064 sk->sk_protocol = protocol;
2066 sock->state = SS_UNCONNECTED;
2067 sk->sk_state = BT_OPEN;
2069 bt_sock_link(&hci_sk_list, sk);
2073 static const struct net_proto_family hci_sock_family_ops = {
2074 .family = PF_BLUETOOTH,
2075 .owner = THIS_MODULE,
2076 .create = hci_sock_create,
2079 int __init hci_sock_init(void)
2083 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
2085 err = proto_register(&hci_sk_proto, 0);
2089 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
2091 BT_ERR("HCI socket registration failed");
2095 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
2097 BT_ERR("Failed to create HCI proc file");
2098 bt_sock_unregister(BTPROTO_HCI);
2102 BT_INFO("HCI socket layer initialized");
2107 proto_unregister(&hci_sk_proto);
2111 void hci_sock_cleanup(void)
2113 bt_procfs_cleanup(&init_net, "hci");
2114 bt_sock_unregister(BTPROTO_HCI);
2115 proto_unregister(&hci_sk_proto);
projects / linux-2.6-microblaze.git / blob