Kernel

Kernel Git Source Tree

Root/net/bluetooth/hci_sock.c

1	/*
2	BlueZ - Bluetooth protocol stack for Linux
3	Copyright (C) 2000-2001 Qualcomm Incorporated
4
5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License version 2 as
9	published by the Free Software Foundation;
10
11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22	SOFTWARE IS DISCLAIMED.
23	*/
24
25	/* Bluetooth HCI sockets. */
26
27	#include <linux/export.h>
28	#include <asm/unaligned.h>
29
30	#include <net/bluetooth/bluetooth.h>
31	#include <net/bluetooth/hci_core.h>
32	#include <net/bluetooth/hci_mon.h>
33
34	static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
36	/* ----- HCI socket interface ----- */
37
38	static inline int hci_test_bit(int nr, void *addr)
39	{
40	return ((__u32 ) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
41	}
42
43	/* Security filter */
44	static struct hci_sec_filter hci_sec_filter = {
45	/* Packet types */
46	0x10,
47	/* Events */
48	{ 0x1000d9fe, 0x0000b00c },
49	/* Commands */
50	{
51	{ 0x0 },
52	/* OGF_LINK_CTL */
53	{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
54	/* OGF_LINK_POLICY */
55	{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
56	/* OGF_HOST_CTL */
57	{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
58	/* OGF_INFO_PARAM */
59	{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
60	/* OGF_STATUS_PARAM */
61	{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
62	}
63	};
64
65	static struct bt_sock_list hci_sk_list = {
66	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
67	};
68
69	static bool is_filtered_packet(struct sock sk, struct sk_buff skb)
70	{
71	struct hci_filter *flt;
72	int flt_type, flt_event;
73
74	/* Apply filter */
75	flt = &hci_pi(sk)->filter;
76
77	if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
78	flt_type = 0;
79	else
80	flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
81
82	if (!test_bit(flt_type, &flt->type_mask))
83	return true;
84
85	/* Extra filter for event packets only */
86	if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
87	return false;
88
89	flt_event = ((__u8 )skb->data & HCI_FLT_EVENT_BITS);
90
91	if (!hci_test_bit(flt_event, &flt->event_mask))
92	return true;
93
94	/* Check filter only when opcode is set */
95	if (!flt->opcode)
96	return false;
97
98	if (flt_event == HCI_EV_CMD_COMPLETE &&
99	flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
100	return true;
101
102	if (flt_event == HCI_EV_CMD_STATUS &&
103	flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
104	return true;
105
106	return false;
107	}
108
109	/* Send frame to RAW socket */
110	void hci_send_to_sock(struct hci_dev hdev, struct sk_buff skb)
111	{
112	struct sock *sk;
113	struct sk_buff *skb_copy = NULL;
114
115	BT_DBG("hdev %p len %d", hdev, skb->len);
116
117	read_lock(&hci_sk_list.lock);
118
119	sk_for_each(sk, &hci_sk_list.head) {
120	struct sk_buff *nskb;
121
122	if (sk->sk_state != BT_BOUND \|\| hci_pi(sk)->hdev != hdev)
123	continue;
124
125	/* Don't send frame to the socket it came from */
126	if (skb->sk == sk)
127	continue;
128
129	if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
130	if (is_filtered_packet(sk, skb))
131	continue;
132	} else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
133	if (!bt_cb(skb)->incoming)
134	continue;
135	if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
136	bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
137	bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
138	continue;
139	} else {
140	/* Don't send frame to other channel types */
141	continue;
142	}
143
144	if (!skb_copy) {
145	/* Create a private copy with headroom */
146	skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
147	if (!skb_copy)
148	continue;
149
150	/* Put type byte before the data */
151	memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
152	}
153
154	nskb = skb_clone(skb_copy, GFP_ATOMIC);
155	if (!nskb)
156	continue;
157
158	if (sock_queue_rcv_skb(sk, nskb))
159	kfree_skb(nskb);
160	}
161
162	read_unlock(&hci_sk_list.lock);
163
164	kfree_skb(skb_copy);
165	}
166
167	/* Send frame to control socket */
168	void hci_send_to_control(struct sk_buff skb, struct sock skip_sk)
169	{
170	struct sock *sk;
171
172	BT_DBG("len %d", skb->len);
173
174	read_lock(&hci_sk_list.lock);
175
176	sk_for_each(sk, &hci_sk_list.head) {
177	struct sk_buff *nskb;
178
179	/* Skip the original socket */
180	if (sk == skip_sk)
181	continue;
182
183	if (sk->sk_state != BT_BOUND)
184	continue;
185
186	if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
187	continue;
188
189	nskb = skb_clone(skb, GFP_ATOMIC);
190	if (!nskb)
191	continue;
192
193	if (sock_queue_rcv_skb(sk, nskb))
194	kfree_skb(nskb);
195	}
196
197	read_unlock(&hci_sk_list.lock);
198	}
199
200	/* Send frame to monitor socket */
201	void hci_send_to_monitor(struct hci_dev hdev, struct sk_buff skb)
202	{
203	struct sock *sk;
204	struct sk_buff *skb_copy = NULL;
205	__le16 opcode;
206
207	if (!atomic_read(&monitor_promisc))
208	return;
209
210	BT_DBG("hdev %p len %d", hdev, skb->len);
211
212	switch (bt_cb(skb)->pkt_type) {
213	case HCI_COMMAND_PKT:
214	opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
215	break;
216	case HCI_EVENT_PKT:
217	opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
218	break;
219	case HCI_ACLDATA_PKT:
220	if (bt_cb(skb)->incoming)
221	opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
222	else
223	opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
224	break;
225	case HCI_SCODATA_PKT:
226	if (bt_cb(skb)->incoming)
227	opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
228	else
229	opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
230	break;
231	default:
232	return;
233	}
234
235	read_lock(&hci_sk_list.lock);
236
237	sk_for_each(sk, &hci_sk_list.head) {
238	struct sk_buff *nskb;
239
240	if (sk->sk_state != BT_BOUND)
241	continue;
242
243	if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
244	continue;
245
246	if (!skb_copy) {
247	struct hci_mon_hdr *hdr;
248
249	/* Create a private copy with headroom */
250	skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
251	GFP_ATOMIC);
252	if (!skb_copy)
253	continue;
254
255	/* Put header before the data */
256	hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
257	hdr->opcode = opcode;
258	hdr->index = cpu_to_le16(hdev->id);
259	hdr->len = cpu_to_le16(skb->len);
260	}
261
262	nskb = skb_clone(skb_copy, GFP_ATOMIC);
263	if (!nskb)
264	continue;
265
266	if (sock_queue_rcv_skb(sk, nskb))
267	kfree_skb(nskb);
268	}
269
270	read_unlock(&hci_sk_list.lock);
271
272	kfree_skb(skb_copy);
273	}
274
275	static void send_monitor_event(struct sk_buff *skb)
276	{
277	struct sock *sk;
278
279	BT_DBG("len %d", skb->len);
280
281	read_lock(&hci_sk_list.lock);
282
283	sk_for_each(sk, &hci_sk_list.head) {
284	struct sk_buff *nskb;
285
286	if (sk->sk_state != BT_BOUND)
287	continue;
288
289	if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
290	continue;
291
292	nskb = skb_clone(skb, GFP_ATOMIC);
293	if (!nskb)
294	continue;
295
296	if (sock_queue_rcv_skb(sk, nskb))
297	kfree_skb(nskb);
298	}
299
300	read_unlock(&hci_sk_list.lock);
301	}
302
303	static struct sk_buff create_monitor_event(struct hci_dev hdev, int event)
304	{
305	struct hci_mon_hdr *hdr;
306	struct hci_mon_new_index *ni;
307	struct sk_buff *skb;
308	__le16 opcode;
309
310	switch (event) {
311	case HCI_DEV_REG:
312	skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
313	if (!skb)
314	return NULL;
315
316	ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
317	ni->type = hdev->dev_type;
318	ni->bus = hdev->bus;
319	bacpy(&ni->bdaddr, &hdev->bdaddr);
320	memcpy(ni->name, hdev->name, 8);
321
322	opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
323	break;
324
325	case HCI_DEV_UNREG:
326	skb = bt_skb_alloc(0, GFP_ATOMIC);
327	if (!skb)
328	return NULL;
329
330	opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
331	break;
332
333	default:
334	return NULL;
335	}
336
337	__net_timestamp(skb);
338
339	hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
340	hdr->opcode = opcode;
341	hdr->index = cpu_to_le16(hdev->id);
342	hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
343
344	return skb;
345	}
346
347	static void send_monitor_replay(struct sock *sk)
348	{
349	struct hci_dev *hdev;
350
351	read_lock(&hci_dev_list_lock);
352
353	list_for_each_entry(hdev, &hci_dev_list, list) {
354	struct sk_buff *skb;
355
356	skb = create_monitor_event(hdev, HCI_DEV_REG);
357	if (!skb)
358	continue;
359
360	if (sock_queue_rcv_skb(sk, skb))
361	kfree_skb(skb);
362	}
363
364	read_unlock(&hci_dev_list_lock);
365	}
366
367	/* Generate internal stack event */
368	static void hci_si_event(struct hci_dev hdev, int type, int dlen, void data)
369	{
370	struct hci_event_hdr *hdr;
371	struct hci_ev_stack_internal *ev;
372	struct sk_buff *skb;
373
374	skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
375	if (!skb)
376	return;
377
378	hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
379	hdr->evt = HCI_EV_STACK_INTERNAL;
380	hdr->plen = sizeof(*ev) + dlen;
381
382	ev = (void ) skb_put(skb, sizeof(ev) + dlen);
383	ev->type = type;
384	memcpy(ev->data, data, dlen);
385
386	bt_cb(skb)->incoming = 1;
387	__net_timestamp(skb);
388
389	bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
390	hci_send_to_sock(hdev, skb);
391	kfree_skb(skb);
392	}
393
394	void hci_sock_dev_event(struct hci_dev *hdev, int event)
395	{
396	struct hci_ev_si_device ev;
397
398	BT_DBG("hdev %s event %d", hdev->name, event);
399
400	/* Send event to monitor */
401	if (atomic_read(&monitor_promisc)) {
402	struct sk_buff *skb;
403
404	skb = create_monitor_event(hdev, event);
405	if (skb) {
406	send_monitor_event(skb);
407	kfree_skb(skb);
408	}
409	}
410
411	/* Send event to sockets */
412	ev.event = event;
413	ev.dev_id = hdev->id;
414	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
415
416	if (event == HCI_DEV_UNREG) {
417	struct sock *sk;
418
419	/* Detach sockets from device */
420	read_lock(&hci_sk_list.lock);
421	sk_for_each(sk, &hci_sk_list.head) {
422	bh_lock_sock_nested(sk);
423	if (hci_pi(sk)->hdev == hdev) {
424	hci_pi(sk)->hdev = NULL;
425	sk->sk_err = EPIPE;
426	sk->sk_state = BT_OPEN;
427	sk->sk_state_change(sk);
428
429	hci_dev_put(hdev);
430	}
431	bh_unlock_sock(sk);
432	}
433	read_unlock(&hci_sk_list.lock);
434	}
435	}
436
437	static int hci_sock_release(struct socket *sock)
438	{
439	struct sock *sk = sock->sk;
440	struct hci_dev *hdev;
441
442	BT_DBG("sock %p sk %p", sock, sk);
443
444	if (!sk)
445	return 0;
446
447	hdev = hci_pi(sk)->hdev;
448
449	if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
450	atomic_dec(&monitor_promisc);
451
452	bt_sock_unlink(&hci_sk_list, sk);
453
454	if (hdev) {
455	if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
456	mgmt_index_added(hdev);
457	clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
458	hci_dev_close(hdev->id);
459	}
460
461	atomic_dec(&hdev->promisc);
462	hci_dev_put(hdev);
463	}
464
465	sock_orphan(sk);
466
467	skb_queue_purge(&sk->sk_receive_queue);
468	skb_queue_purge(&sk->sk_write_queue);
469
470	sock_put(sk);
471	return 0;
472	}
473
474	static int hci_sock_blacklist_add(struct hci_dev hdev, void __user arg)
475	{
476	bdaddr_t bdaddr;
477	int err;
478
479	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
480	return -EFAULT;
481
482	hci_dev_lock(hdev);
483
484	err = hci_blacklist_add(hdev, &bdaddr, BDADDR_BREDR);
485
486	hci_dev_unlock(hdev);
487
488	return err;
489	}
490
491	static int hci_sock_blacklist_del(struct hci_dev hdev, void __user arg)
492	{
493	bdaddr_t bdaddr;
494	int err;
495
496	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
497	return -EFAULT;
498
499	hci_dev_lock(hdev);
500
501	err = hci_blacklist_del(hdev, &bdaddr, BDADDR_BREDR);
502
503	hci_dev_unlock(hdev);
504
505	return err;
506	}
507
508	/* Ioctls that require bound socket */
509	static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
510	unsigned long arg)
511	{
512	struct hci_dev *hdev = hci_pi(sk)->hdev;
513
514	if (!hdev)
515	return -EBADFD;
516
517	if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
518	return -EBUSY;
519
520	if (hdev->dev_type != HCI_BREDR)
521	return -EOPNOTSUPP;
522
523	switch (cmd) {
524	case HCISETRAW:
525	if (!capable(CAP_NET_ADMIN))
526	return -EPERM;
527
528	if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
529	return -EPERM;
530
531	if (arg)
532	set_bit(HCI_RAW, &hdev->flags);
533	else
534	clear_bit(HCI_RAW, &hdev->flags);
535
536	return 0;
537
538	case HCIGETCONNINFO:
539	return hci_get_conn_info(hdev, (void __user *) arg);
540
541	case HCIGETAUTHINFO:
542	return hci_get_auth_info(hdev, (void __user *) arg);
543
544	case HCIBLOCKADDR:
545	if (!capable(CAP_NET_ADMIN))
546	return -EPERM;
547	return hci_sock_blacklist_add(hdev, (void __user *) arg);
548
549	case HCIUNBLOCKADDR:
550	if (!capable(CAP_NET_ADMIN))
551	return -EPERM;
552	return hci_sock_blacklist_del(hdev, (void __user *) arg);
553	}
554
555	return -ENOIOCTLCMD;
556	}
557
558	static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
559	unsigned long arg)
560	{
561	void __user argp = (void __user ) arg;
562	struct sock *sk = sock->sk;
563	int err;
564
565	BT_DBG("cmd %x arg %lx", cmd, arg);
566
567	lock_sock(sk);
568
569	if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
570	err = -EBADFD;
571	goto done;
572	}
573
574	release_sock(sk);
575
576	switch (cmd) {
577	case HCIGETDEVLIST:
578	return hci_get_dev_list(argp);
579
580	case HCIGETDEVINFO:
581	return hci_get_dev_info(argp);
582
583	case HCIGETCONNLIST:
584	return hci_get_conn_list(argp);
585
586	case HCIDEVUP:
587	if (!capable(CAP_NET_ADMIN))
588	return -EPERM;
589	return hci_dev_open(arg);
590
591	case HCIDEVDOWN:
592	if (!capable(CAP_NET_ADMIN))
593	return -EPERM;
594	return hci_dev_close(arg);
595
596	case HCIDEVRESET:
597	if (!capable(CAP_NET_ADMIN))
598	return -EPERM;
599	return hci_dev_reset(arg);
600
601	case HCIDEVRESTAT:
602	if (!capable(CAP_NET_ADMIN))
603	return -EPERM;
604	return hci_dev_reset_stat(arg);
605
606	case HCISETSCAN:
607	case HCISETAUTH:
608	case HCISETENCRYPT:
609	case HCISETPTYPE:
610	case HCISETLINKPOL:
611	case HCISETLINKMODE:
612	case HCISETACLMTU:
613	case HCISETSCOMTU:
614	if (!capable(CAP_NET_ADMIN))
615	return -EPERM;
616	return hci_dev_cmd(cmd, argp);
617
618	case HCIINQUIRY:
619	return hci_inquiry(argp);
620	}
621
622	lock_sock(sk);
623
624	err = hci_sock_bound_ioctl(sk, cmd, arg);
625
626	done:
627	release_sock(sk);
628	return err;
629	}
630
631	static int hci_sock_bind(struct socket sock, struct sockaddr addr,
632	int addr_len)
633	{
634	struct sockaddr_hci haddr;
635	struct sock *sk = sock->sk;
636	struct hci_dev *hdev = NULL;
637	int len, err = 0;
638
639	BT_DBG("sock %p sk %p", sock, sk);
640
641	if (!addr)
642	return -EINVAL;
643
644	memset(&haddr, 0, sizeof(haddr));
645	len = min_t(unsigned int, sizeof(haddr), addr_len);
646	memcpy(&haddr, addr, len);
647
648	if (haddr.hci_family != AF_BLUETOOTH)
649	return -EINVAL;
650
651	lock_sock(sk);
652
653	if (sk->sk_state == BT_BOUND) {
654	err = -EALREADY;
655	goto done;
656	}
657
658	switch (haddr.hci_channel) {
659	case HCI_CHANNEL_RAW:
660	if (hci_pi(sk)->hdev) {
661	err = -EALREADY;
662	goto done;
663	}
664
665	if (haddr.hci_dev != HCI_DEV_NONE) {
666	hdev = hci_dev_get(haddr.hci_dev);
667	if (!hdev) {
668	err = -ENODEV;
669	goto done;
670	}
671
672	atomic_inc(&hdev->promisc);
673	}
674
675	hci_pi(sk)->hdev = hdev;
676	break;
677
678	case HCI_CHANNEL_USER:
679	if (hci_pi(sk)->hdev) {
680	err = -EALREADY;
681	goto done;
682	}
683
684	if (haddr.hci_dev == HCI_DEV_NONE) {
685	err = -EINVAL;
686	goto done;
687	}
688
689	if (!capable(CAP_NET_ADMIN)) {
690	err = -EPERM;
691	goto done;
692	}
693
694	hdev = hci_dev_get(haddr.hci_dev);
695	if (!hdev) {
696	err = -ENODEV;
697	goto done;
698	}
699
700	if (test_bit(HCI_UP, &hdev->flags) \|\|
701	test_bit(HCI_INIT, &hdev->flags) \|\|
702	test_bit(HCI_SETUP, &hdev->dev_flags)) {
703	err = -EBUSY;
704	hci_dev_put(hdev);
705	goto done;
706	}
707
708	if (test_and_set_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
709	err = -EUSERS;
710	hci_dev_put(hdev);
711	goto done;
712	}
713
714	mgmt_index_removed(hdev);
715
716	err = hci_dev_open(hdev->id);
717	if (err) {
718	clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags);
719	hci_dev_put(hdev);
720	goto done;
721	}
722
723	atomic_inc(&hdev->promisc);
724
725	hci_pi(sk)->hdev = hdev;
726	break;
727
728	case HCI_CHANNEL_CONTROL:
729	if (haddr.hci_dev != HCI_DEV_NONE) {
730	err = -EINVAL;
731	goto done;
732	}
733
734	if (!capable(CAP_NET_ADMIN)) {
735	err = -EPERM;
736	goto done;
737	}
738
739	break;
740
741	case HCI_CHANNEL_MONITOR:
742	if (haddr.hci_dev != HCI_DEV_NONE) {
743	err = -EINVAL;
744	goto done;
745	}
746
747	if (!capable(CAP_NET_RAW)) {
748	err = -EPERM;
749	goto done;
750	}
751
752	send_monitor_replay(sk);
753
754	atomic_inc(&monitor_promisc);
755	break;
756
757	default:
758	err = -EINVAL;
759	goto done;
760	}
761
762
763	hci_pi(sk)->channel = haddr.hci_channel;
764	sk->sk_state = BT_BOUND;
765
766	done:
767	release_sock(sk);
768	return err;
769	}
770
771	static int hci_sock_getname(struct socket sock, struct sockaddr addr,
772	int *addr_len, int peer)
773	{
774	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
775	struct sock *sk = sock->sk;
776	struct hci_dev *hdev;
777	int err = 0;
778
779	BT_DBG("sock %p sk %p", sock, sk);
780
781	if (peer)
782	return -EOPNOTSUPP;
783
784	lock_sock(sk);
785
786	hdev = hci_pi(sk)->hdev;
787	if (!hdev) {
788	err = -EBADFD;
789	goto done;
790	}
791
792	addr_len = sizeof(haddr);
793	haddr->hci_family = AF_BLUETOOTH;
794	haddr->hci_dev = hdev->id;
795	haddr->hci_channel= hci_pi(sk)->channel;
796
797	done:
798	release_sock(sk);
799	return err;
800	}
801
802	static void hci_sock_cmsg(struct sock sk, struct msghdr msg,
803	struct sk_buff *skb)
804	{
805	__u32 mask = hci_pi(sk)->cmsg_mask;
806
807	if (mask & HCI_CMSG_DIR) {
808	int incoming = bt_cb(skb)->incoming;
809	put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
810	&incoming);
811	}
812
813	if (mask & HCI_CMSG_TSTAMP) {
814	#ifdef CONFIG_COMPAT
815	struct compat_timeval ctv;
816	#endif
817	struct timeval tv;
818	void *data;
819	int len;
820
821	skb_get_timestamp(skb, &tv);
822
823	data = &tv;
824	len = sizeof(tv);
825	#ifdef CONFIG_COMPAT
826	if (!COMPAT_USE_64BIT_TIME &&
827	(msg->msg_flags & MSG_CMSG_COMPAT)) {
828	ctv.tv_sec = tv.tv_sec;
829	ctv.tv_usec = tv.tv_usec;
830	data = &ctv;
831	len = sizeof(ctv);
832	}
833	#endif
834
835	put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
836	}
837	}
838
839	static int hci_sock_recvmsg(struct kiocb iocb, struct socket sock,
840	struct msghdr *msg, size_t len, int flags)
841	{
842	int noblock = flags & MSG_DONTWAIT;
843	struct sock *sk = sock->sk;
844	struct sk_buff *skb;
845	int copied, err;
846
847	BT_DBG("sock %p, sk %p", sock, sk);
848
849	if (flags & (MSG_OOB))
850	return -EOPNOTSUPP;
851
852	if (sk->sk_state == BT_CLOSED)
853	return 0;
854
855	skb = skb_recv_datagram(sk, flags, noblock, &err);
856	if (!skb)
857	return err;
858
859	copied = skb->len;
860	if (len < copied) {
861	msg->msg_flags \|= MSG_TRUNC;
862	copied = len;
863	}
864
865	skb_reset_transport_header(skb);
866	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
867
868	switch (hci_pi(sk)->channel) {
869	case HCI_CHANNEL_RAW:
870	hci_sock_cmsg(sk, msg, skb);
871	break;
872	case HCI_CHANNEL_USER:
873	case HCI_CHANNEL_CONTROL:
874	case HCI_CHANNEL_MONITOR:
875	sock_recv_timestamp(msg, sk, skb);
876	break;
877	}
878
879	skb_free_datagram(sk, skb);
880
881	return err ? : copied;
882	}
883
884	static int hci_sock_sendmsg(struct kiocb iocb, struct socket sock,
885	struct msghdr *msg, size_t len)
886	{
887	struct sock *sk = sock->sk;
888	struct hci_dev *hdev;
889	struct sk_buff *skb;
890	int err;
891
892	BT_DBG("sock %p sk %p", sock, sk);
893
894	if (msg->msg_flags & MSG_OOB)
895	return -EOPNOTSUPP;
896
897	if (msg->msg_flags & ~(MSG_DONTWAIT\|MSG_NOSIGNAL\|MSG_ERRQUEUE))
898	return -EINVAL;
899
900	if (len < 4 \|\| len > HCI_MAX_FRAME_SIZE)
901	return -EINVAL;
902
903	lock_sock(sk);
904
905	switch (hci_pi(sk)->channel) {
906	case HCI_CHANNEL_RAW:
907	case HCI_CHANNEL_USER:
908	break;
909	case HCI_CHANNEL_CONTROL:
910	err = mgmt_control(sk, msg, len);
911	goto done;
912	case HCI_CHANNEL_MONITOR:
913	err = -EOPNOTSUPP;
914	goto done;
915	default:
916	err = -EINVAL;
917	goto done;
918	}
919
920	hdev = hci_pi(sk)->hdev;
921	if (!hdev) {
922	err = -EBADFD;
923	goto done;
924	}
925
926	if (!test_bit(HCI_UP, &hdev->flags)) {
927	err = -ENETDOWN;
928	goto done;
929	}
930
931	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
932	if (!skb)
933	goto done;
934
935	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
936	err = -EFAULT;
937	goto drop;
938	}
939
940	bt_cb(skb)->pkt_type = ((unsigned char ) skb->data);
941	skb_pull(skb, 1);
942
943	if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
944	/* No permission check is needed for user channel
945	* since that gets enforced when binding the socket.
946	*
947	* However check that the packet type is valid.
948	*/
949	if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
950	bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
951	bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
952	err = -EINVAL;
953	goto drop;
954	}
955
956	skb_queue_tail(&hdev->raw_q, skb);
957	queue_work(hdev->workqueue, &hdev->tx_work);
958	} else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
959	u16 opcode = get_unaligned_le16(skb->data);
960	u16 ogf = hci_opcode_ogf(opcode);
961	u16 ocf = hci_opcode_ocf(opcode);
962
963	if (((ogf > HCI_SFLT_MAX_OGF) \|\|
964	!hci_test_bit(ocf & HCI_FLT_OCF_BITS,
965	&hci_sec_filter.ocf_mask[ogf])) &&
966	!capable(CAP_NET_RAW)) {
967	err = -EPERM;
968	goto drop;
969	}
970
971	if (test_bit(HCI_RAW, &hdev->flags) \|\| (ogf == 0x3f)) {
972	skb_queue_tail(&hdev->raw_q, skb);
973	queue_work(hdev->workqueue, &hdev->tx_work);
974	} else {
975	/* Stand-alone HCI commands must be flaged as
976	* single-command requests.
977	*/
978	bt_cb(skb)->req.start = true;
979
980	skb_queue_tail(&hdev->cmd_q, skb);
981	queue_work(hdev->workqueue, &hdev->cmd_work);
982	}
983	} else {
984	if (!capable(CAP_NET_RAW)) {
985	err = -EPERM;
986	goto drop;
987	}
988
989	skb_queue_tail(&hdev->raw_q, skb);
990	queue_work(hdev->workqueue, &hdev->tx_work);
991	}
992
993	err = len;
994
995	done:
996	release_sock(sk);
997	return err;
998
999	drop:
1000	kfree_skb(skb);
1001	goto done;
1002	}
1003
1004	static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1005	char __user *optval, unsigned int len)
1006	{
1007	struct hci_ufilter uf = { .opcode = 0 };
1008	struct sock *sk = sock->sk;
1009	int err = 0, opt = 0;
1010
1011	BT_DBG("sk %p, opt %d", sk, optname);
1012
1013	lock_sock(sk);
1014
1015	if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1016	err = -EBADFD;
1017	goto done;
1018	}
1019
1020	switch (optname) {
1021	case HCI_DATA_DIR:
1022	if (get_user(opt, (int __user *)optval)) {
1023	err = -EFAULT;
1024	break;
1025	}
1026
1027	if (opt)
1028	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_DIR;
1029	else
1030	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1031	break;
1032
1033	case HCI_TIME_STAMP:
1034	if (get_user(opt, (int __user *)optval)) {
1035	err = -EFAULT;
1036	break;
1037	}
1038
1039	if (opt)
1040	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_TSTAMP;
1041	else
1042	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1043	break;
1044
1045	case HCI_FILTER:
1046	{
1047	struct hci_filter *f = &hci_pi(sk)->filter;
1048
1049	uf.type_mask = f->type_mask;
1050	uf.opcode = f->opcode;
1051	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
1052	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
1053	}
1054
1055	len = min_t(unsigned int, len, sizeof(uf));
1056	if (copy_from_user(&uf, optval, len)) {
1057	err = -EFAULT;
1058	break;
1059	}
1060
1061	if (!capable(CAP_NET_RAW)) {
1062	uf.type_mask &= hci_sec_filter.type_mask;
1063	uf.event_mask[0] &= ((u32 ) hci_sec_filter.event_mask + 0);
1064	uf.event_mask[1] &= ((u32 ) hci_sec_filter.event_mask + 1);
1065	}
1066
1067	{
1068	struct hci_filter *f = &hci_pi(sk)->filter;
1069
1070	f->type_mask = uf.type_mask;
1071	f->opcode = uf.opcode;
1072	((u32 ) f->event_mask + 0) = uf.event_mask[0];
1073	((u32 ) f->event_mask + 1) = uf.event_mask[1];
1074	}
1075	break;
1076
1077	default:
1078	err = -ENOPROTOOPT;
1079	break;
1080	}
1081
1082	done:
1083	release_sock(sk);
1084	return err;
1085	}
1086
1087	static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1088	char __user optval, int __user optlen)
1089	{
1090	struct hci_ufilter uf;
1091	struct sock *sk = sock->sk;
1092	int len, opt, err = 0;
1093
1094	BT_DBG("sk %p, opt %d", sk, optname);
1095
1096	if (get_user(len, optlen))
1097	return -EFAULT;
1098
1099	lock_sock(sk);
1100
1101	if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1102	err = -EBADFD;
1103	goto done;
1104	}
1105
1106	switch (optname) {
1107	case HCI_DATA_DIR:
1108	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1109	opt = 1;
1110	else
1111	opt = 0;
1112
1113	if (put_user(opt, optval))
1114	err = -EFAULT;
1115	break;
1116
1117	case HCI_TIME_STAMP:
1118	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1119	opt = 1;
1120	else
1121	opt = 0;
1122
1123	if (put_user(opt, optval))
1124	err = -EFAULT;
1125	break;
1126
1127	case HCI_FILTER:
1128	{
1129	struct hci_filter *f = &hci_pi(sk)->filter;
1130
1131	memset(&uf, 0, sizeof(uf));
1132	uf.type_mask = f->type_mask;
1133	uf.opcode = f->opcode;
1134	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
1135	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
1136	}
1137
1138	len = min_t(unsigned int, len, sizeof(uf));
1139	if (copy_to_user(optval, &uf, len))
1140	err = -EFAULT;
1141	break;
1142
1143	default:
1144	err = -ENOPROTOOPT;
1145	break;
1146	}
1147
1148	done:
1149	release_sock(sk);
1150	return err;
1151	}
1152
1153	static const struct proto_ops hci_sock_ops = {
1154	.family = PF_BLUETOOTH,
1155	.owner = THIS_MODULE,
1156	.release = hci_sock_release,
1157	.bind = hci_sock_bind,
1158	.getname = hci_sock_getname,
1159	.sendmsg = hci_sock_sendmsg,
1160	.recvmsg = hci_sock_recvmsg,
1161	.ioctl = hci_sock_ioctl,
1162	.poll = datagram_poll,
1163	.listen = sock_no_listen,
1164	.shutdown = sock_no_shutdown,
1165	.setsockopt = hci_sock_setsockopt,
1166	.getsockopt = hci_sock_getsockopt,
1167	.connect = sock_no_connect,
1168	.socketpair = sock_no_socketpair,
1169	.accept = sock_no_accept,
1170	.mmap = sock_no_mmap
1171	};
1172
1173	static struct proto hci_sk_proto = {
1174	.name = "HCI",
1175	.owner = THIS_MODULE,
1176	.obj_size = sizeof(struct hci_pinfo)
1177	};
1178
1179	static int hci_sock_create(struct net net, struct socket sock, int protocol,
1180	int kern)
1181	{
1182	struct sock *sk;
1183
1184	BT_DBG("sock %p", sock);
1185
1186	if (sock->type != SOCK_RAW)
1187	return -ESOCKTNOSUPPORT;
1188
1189	sock->ops = &hci_sock_ops;
1190
1191	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1192	if (!sk)
1193	return -ENOMEM;
1194
1195	sock_init_data(sock, sk);
1196
1197	sock_reset_flag(sk, SOCK_ZAPPED);
1198
1199	sk->sk_protocol = protocol;
1200
1201	sock->state = SS_UNCONNECTED;
1202	sk->sk_state = BT_OPEN;
1203
1204	bt_sock_link(&hci_sk_list, sk);
1205	return 0;
1206	}
1207
1208	static const struct net_proto_family hci_sock_family_ops = {
1209	.family = PF_BLUETOOTH,
1210	.owner = THIS_MODULE,
1211	.create = hci_sock_create,
1212	};
1213
1214	int __init hci_sock_init(void)
1215	{
1216	int err;
1217
1218	err = proto_register(&hci_sk_proto, 0);
1219	if (err < 0)
1220	return err;
1221
1222	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1223	if (err < 0) {
1224	BT_ERR("HCI socket registration failed");
1225	goto error;
1226	}
1227
1228	err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
1229	if (err < 0) {
1230	BT_ERR("Failed to create HCI proc file");
1231	bt_sock_unregister(BTPROTO_HCI);
1232	goto error;
1233	}
1234
1235	BT_INFO("HCI socket layer initialized");
1236
1237	return 0;
1238
1239	error:
1240	proto_unregister(&hci_sk_proto);
1241	return err;
1242	}
1243
1244	void hci_sock_cleanup(void)
1245	{
1246	bt_procfs_cleanup(&init_net, "hci");
1247	bt_sock_unregister(BTPROTO_HCI);
1248	proto_unregister(&hci_sk_proto);
1249	}
1250

Download this file

Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master

Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9

Kernel

Kernel Git Source Tree

Root/net/bluetooth/hci_sock.c

interactive