[linux-2.6-block.git] / net / bluetooth / hci_sock.c

/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI sockets. */

#include <linux/module.h>

#include <linux/types.h>
#include <linux/capability.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/workqueue.h>
#include <linux/interrupt.h>
#include <linux/compat.h>
#include <linux/socket.h>
#include <linux/ioctl.h>
#include <net/sock.h>

#include <asm/system.h>
#include <linux/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

/* ----- HCI socket interface ----- */

static inline int hci_test_bit(int nr, void *addr)
{
	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
}

/* Security filter */
static struct hci_sec_filter hci_sec_filter = {
	/* Packet types */
	0x10,
	/* Events */
	{ 0x1000d9fe, 0x0000b00c },
	/* Commands */
	{
		{ 0x0 },
		/* OGF_LINK_CTL */
		{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
		/* OGF_LINK_POLICY */
		{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
		/* OGF_HOST_CTL */
		{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
		/* OGF_INFO_PARAM */
		{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
		/* OGF_STATUS_PARAM */
		{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
	}
};

static struct bt_sock_list hci_sk_list = {
	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
};

/* Send frame to RAW socket */
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
{
	struct sock *sk;
	struct hlist_node *node;

	BT_DBG("hdev %p len %d", hdev, skb->len);

	read_lock(&hci_sk_list.lock);
	sk_for_each(sk, node, &hci_sk_list.head) {
		struct hci_filter *flt;
		struct sk_buff *nskb;

		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
			continue;

		/* Don't send frame to the socket it came from */
		if (skb->sk == sk)
			continue;

		/* Apply filter */
		flt = &hci_pi(sk)->filter;

		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
			continue;

		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);

			if (!hci_test_bit(evt, &flt->event_mask))
				continue;

			if (flt->opcode &&
			    ((evt == HCI_EV_CMD_COMPLETE &&
			      flt->opcode !=
			      get_unaligned((__le16 *)(skb->data + 3))) ||
			     (evt == HCI_EV_CMD_STATUS &&
			      flt->opcode !=
			      get_unaligned((__le16 *)(skb->data + 4)))))
				continue;
		}

		nskb = skb_clone(skb, GFP_ATOMIC);
		if (!nskb)
			continue;

		/* Put type byte before the data */
		memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);

		if (sock_queue_rcv_skb(sk, nskb))
			kfree_skb(nskb);
	}
	read_unlock(&hci_sk_list.lock);
}

static int hci_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!sk)
		return 0;

	hdev = hci_pi(sk)->hdev;

	bt_sock_unlink(&hci_sk_list, sk);

	if (hdev) {
		atomic_dec(&hdev->promisc);
		hci_dev_put(hdev);
	}

	sock_orphan(sk);

	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);

	sock_put(sk);
	return 0;
}

struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
{
	struct list_head *p;

	list_for_each(p, &hdev->blacklist) {
		struct bdaddr_list *b;

		b = list_entry(p, struct bdaddr_list, list);

		if (bacmp(bdaddr, &b->bdaddr) == 0)
			return b;
	}

	return NULL;
}

static int hci_blacklist_add(struct hci_dev *hdev, void __user *arg)
{
	bdaddr_t bdaddr;
	struct bdaddr_list *entry;

	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
		return -EFAULT;

	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
		return -EBADF;

	if (hci_blacklist_lookup(hdev, &bdaddr))
		return -EEXIST;

	entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
	if (!entry)
		return -ENOMEM;

	bacpy(&entry->bdaddr, &bdaddr);

	list_add(&entry->list, &hdev->blacklist);

	return 0;
}

int hci_blacklist_clear(struct hci_dev *hdev)
{
	struct list_head *p, *n;

	list_for_each_safe(p, n, &hdev->blacklist) {
		struct bdaddr_list *b;

		b = list_entry(p, struct bdaddr_list, list);

		list_del(p);
		kfree(b);
	}

	return 0;
}

static int hci_blacklist_del(struct hci_dev *hdev, void __user *arg)
{
	bdaddr_t bdaddr;
	struct bdaddr_list *entry;

	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
		return -EFAULT;

	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
		return hci_blacklist_clear(hdev);

	entry = hci_blacklist_lookup(hdev, &bdaddr);
	if (!entry)
		return -ENOENT;

	list_del(&entry->list);
	kfree(entry);

	return 0;
}

/* Ioctls that require bound socket */
static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
{
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	if (!hdev)
		return -EBADFD;

	switch (cmd) {
	case HCISETRAW:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;

		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
			return -EPERM;

		if (arg)
			set_bit(HCI_RAW, &hdev->flags);
		else
			clear_bit(HCI_RAW, &hdev->flags);

		return 0;

	case HCIGETCONNINFO:
		return hci_get_conn_info(hdev, (void __user *) arg);

	case HCIGETAUTHINFO:
		return hci_get_auth_info(hdev, (void __user *) arg);

	case HCIBLOCKADDR:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_blacklist_add(hdev, (void __user *) arg);

	case HCIUNBLOCKADDR:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_blacklist_del(hdev, (void __user *) arg);

	default:
		if (hdev->ioctl)
			return hdev->ioctl(hdev, cmd, arg);
		return -EINVAL;
	}
}

static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
{
	struct sock *sk = sock->sk;
	void __user *argp = (void __user *) arg;
	int err;

	BT_DBG("cmd %x arg %lx", cmd, arg);

	switch (cmd) {
	case HCIGETDEVLIST:
		return hci_get_dev_list(argp);

	case HCIGETDEVINFO:
		return hci_get_dev_info(argp);

	case HCIGETCONNLIST:
		return hci_get_conn_list(argp);

	case HCIDEVUP:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_open(arg);

	case HCIDEVDOWN:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_close(arg);

	case HCIDEVRESET:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset(arg);

	case HCIDEVRESTAT:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset_stat(arg);

	case HCISETSCAN:
	case HCISETAUTH:
	case HCISETENCRYPT:
	case HCISETPTYPE:
	case HCISETLINKPOL:
	case HCISETLINKMODE:
	case HCISETACLMTU:
	case HCISETSCOMTU:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_cmd(cmd, argp);

	case HCIINQUIRY:
		return hci_inquiry(argp);

	default:
		lock_sock(sk);
		err = hci_sock_bound_ioctl(sk, cmd, arg);
		release_sock(sk);
		return err;
	}
}

static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = NULL;
	int err = 0;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!haddr || haddr->hci_family != AF_BLUETOOTH)
		return -EINVAL;

	lock_sock(sk);

	if (hci_pi(sk)->hdev) {
		err = -EALREADY;
		goto done;
	}

	if (haddr->hci_dev != HCI_DEV_NONE) {
		hdev = hci_dev_get(haddr->hci_dev);
		if (!hdev) {
			err = -ENODEV;
			goto done;
		}

		atomic_inc(&hdev->promisc);
	}

	hci_pi(sk)->hdev = hdev;
	sk->sk_state = BT_BOUND;

done:
	release_sock(sk);
	return err;
}

static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!hdev)
		return -EBADFD;

	lock_sock(sk);

	*addr_len = sizeof(*haddr);
	haddr->hci_family = AF_BLUETOOTH;
	haddr->hci_dev    = hdev->id;

	release_sock(sk);
	return 0;
}

static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
{
	__u32 mask = hci_pi(sk)->cmsg_mask;

	if (mask & HCI_CMSG_DIR) {
		int incoming = bt_cb(skb)->incoming;
		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	}

	if (mask & HCI_CMSG_TSTAMP) {
#ifdef CONFIG_COMPAT
		struct compat_timeval ctv;
#endif
		struct timeval tv;
		void *data;
		int len;

		skb_get_timestamp(skb, &tv);

		data = &tv;
		len = sizeof(tv);
#ifdef CONFIG_COMPAT
		if (msg->msg_flags & MSG_CMSG_COMPAT) {
			ctv.tv_sec = tv.tv_sec;
			ctv.tv_usec = tv.tv_usec;
			data = &ctv;
			len = sizeof(ctv);
		}
#endif

		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
	}
}

static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
				struct msghdr *msg, size_t len, int flags)
{
	int noblock = flags & MSG_DONTWAIT;
	struct sock *sk = sock->sk;
	struct sk_buff *skb;
	int copied, err;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (flags & (MSG_OOB))
		return -EOPNOTSUPP;

	if (sk->sk_state == BT_CLOSED)
		return 0;

	skb = skb_recv_datagram(sk, flags, noblock, &err);
	if (!skb)
		return err;

	msg->msg_namelen = 0;

	copied = skb->len;
	if (len < copied) {
		msg->msg_flags |= MSG_TRUNC;
		copied = len;
	}

	skb_reset_transport_header(skb);
	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);

	hci_sock_cmsg(sk, msg, skb);

	skb_free_datagram(sk, skb);

	return err ? : copied;
}

static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
			    struct msghdr *msg, size_t len)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;
	struct sk_buff *skb;
	int err;

	BT_DBG("sock %p sk %p", sock, sk);

	if (msg->msg_flags & MSG_OOB)
		return -EOPNOTSUPP;

	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
		return -EINVAL;

	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
		return -EINVAL;

	lock_sock(sk);

	hdev = hci_pi(sk)->hdev;
	if (!hdev) {
		err = -EBADFD;
		goto done;
	}

	if (!test_bit(HCI_UP, &hdev->flags)) {
		err = -ENETDOWN;
		goto done;
	}

	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
	if (!skb)
		goto done;

	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
		err = -EFAULT;
		goto drop;
	}

	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
	skb_pull(skb, 1);
	skb->dev = (void *) hdev;

	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
		u16 opcode = get_unaligned_le16(skb->data);
		u16 ogf = hci_opcode_ogf(opcode);
		u16 ocf = hci_opcode_ocf(opcode);

		if (((ogf > HCI_SFLT_MAX_OGF) ||
				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
					!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
			skb_queue_tail(&hdev->raw_q, skb);
			tasklet_schedule(&hdev->tx_task);
		} else {
			skb_queue_tail(&hdev->cmd_q, skb);
			tasklet_schedule(&hdev->cmd_task);
		}
	} else {
		if (!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		skb_queue_tail(&hdev->raw_q, skb);
		tasklet_schedule(&hdev->tx_task);
	}

	err = len;

done:
	release_sock(sk);
	return err;

drop:
	kfree_skb(skb);
	goto done;
}

static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
{
	struct hci_ufilter uf = { .opcode = 0 };
	struct sock *sk = sock->sk;
	int err = 0, opt = 0;

	BT_DBG("sk %p, opt %d", sk, optname);

	lock_sock(sk);

	switch (optname) {
	case HCI_DATA_DIR:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
		break;

	case HCI_TIME_STAMP:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
		break;

	case HCI_FILTER:
		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			uf.type_mask = f->type_mask;
			uf.opcode    = f->opcode;
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
		}

		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_from_user(&uf, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (!capable(CAP_NET_RAW)) {
			uf.type_mask &= hci_sec_filter.type_mask;
			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
		}

		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			f->type_mask = uf.type_mask;
			f->opcode    = uf.opcode;
			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
		}
		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
{
	struct hci_ufilter uf;
	struct sock *sk = sock->sk;
	int len, opt;

	if (get_user(len, optlen))
		return -EFAULT;

	switch (optname) {
	case HCI_DATA_DIR:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
			opt = 1;
		else
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_TIME_STAMP:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
			opt = 1;
		else
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_FILTER:
		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			uf.type_mask = f->type_mask;
			uf.opcode    = f->opcode;
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
		}

		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_to_user(optval, &uf, len))
			return -EFAULT;
		break;

	default:
		return -ENOPROTOOPT;
		break;
	}

	return 0;
}

static const struct proto_ops hci_sock_ops = {
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= hci_sock_release,
	.bind		= hci_sock_bind,
	.getname	= hci_sock_getname,
	.sendmsg	= hci_sock_sendmsg,
	.recvmsg	= hci_sock_recvmsg,
	.ioctl		= hci_sock_ioctl,
	.poll		= datagram_poll,
	.listen		= sock_no_listen,
	.shutdown	= sock_no_shutdown,
	.setsockopt	= hci_sock_setsockopt,
	.getsockopt	= hci_sock_getsockopt,
	.connect	= sock_no_connect,
	.socketpair	= sock_no_socketpair,
	.accept		= sock_no_accept,
	.mmap		= sock_no_mmap
};

static struct proto hci_sk_proto = {
	.name		= "HCI",
	.owner		= THIS_MODULE,
	.obj_size	= sizeof(struct hci_pinfo)
};

static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
			   int kern)
{
	struct sock *sk;

	BT_DBG("sock %p", sock);

	if (sock->type != SOCK_RAW)
		return -ESOCKTNOSUPPORT;

	sock->ops = &hci_sock_ops;

	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
	if (!sk)
		return -ENOMEM;

	sock_init_data(sock, sk);

	sock_reset_flag(sk, SOCK_ZAPPED);

	sk->sk_protocol = protocol;

	sock->state = SS_UNCONNECTED;
	sk->sk_state = BT_OPEN;

	bt_sock_link(&hci_sk_list, sk);
	return 0;
}

static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
{
	struct hci_dev *hdev = (struct hci_dev *) ptr;
	struct hci_ev_si_device ev;

	BT_DBG("hdev %s event %ld", hdev->name, event);

	/* Send event to sockets */
	ev.event  = event;
	ev.dev_id = hdev->id;
	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);

	if (event == HCI_DEV_UNREG) {
		struct sock *sk;
		struct hlist_node *node;

		/* Detach sockets from device */
		read_lock(&hci_sk_list.lock);
		sk_for_each(sk, node, &hci_sk_list.head) {
			local_bh_disable();
			bh_lock_sock_nested(sk);
			if (hci_pi(sk)->hdev == hdev) {
				hci_pi(sk)->hdev = NULL;
				sk->sk_err = EPIPE;
				sk->sk_state = BT_OPEN;
				sk->sk_state_change(sk);

				hci_dev_put(hdev);
			}
			bh_unlock_sock(sk);
			local_bh_enable();
		}
		read_unlock(&hci_sk_list.lock);
	}

	return NOTIFY_DONE;
}

static const struct net_proto_family hci_sock_family_ops = {
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= hci_sock_create,
};

static struct notifier_block hci_sock_nblock = {
	.notifier_call = hci_sock_dev_event
};

int __init hci_sock_init(void)
{
	int err;

	err = proto_register(&hci_sk_proto, 0);
	if (err < 0)
		return err;

	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
	if (err < 0)
		goto error;

	hci_register_notifier(&hci_sock_nblock);

	BT_INFO("HCI socket layer initialized");

	return 0;

error:
	BT_ERR("HCI socket registration failed");
	proto_unregister(&hci_sk_proto);
	return err;
}

void __exit hci_sock_cleanup(void)
{
	if (bt_sock_unregister(BTPROTO_HCI) < 0)
		BT_ERR("HCI socket unregistration failed");

	hci_unregister_notifier(&hci_sock_nblock);

	proto_unregister(&hci_sk_proto);
}
Commit	Line	Data
8e87d142	1	/*
1da177e4 LT	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142 YH	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4 LT	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1da177e4 LT	19
8e87d142 YH	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
8e87d142 YH	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4 LT	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI sockets. */
	26
1da177e4 LT	27	#include <linux/module.h>
	28
	29	#include <linux/types.h>
4fc268d2	30	#include <linux/capability.h>
1da177e4 LT	31	#include <linux/errno.h>
1da177e4 LT	32	#include <linux/kernel.h>
1da177e4 LT	33	#include <linux/slab.h>
	34	#include <linux/poll.h>
	35	#include <linux/fcntl.h>
	36	#include <linux/init.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/workqueue.h>
	39	#include <linux/interrupt.h>
767c5eb5	40	#include <linux/compat.h>
1da177e4 LT	41	#include <linux/socket.h>
	42	#include <linux/ioctl.h>
	43	#include <net/sock.h>
	44
	45	#include <asm/system.h>
70f23020	46	#include <linux/uaccess.h>
1da177e4 LT	47	#include <asm/unaligned.h>
	48
	49	#include <net/bluetooth/bluetooth.h>
	50	#include <net/bluetooth/hci_core.h>
	51
1da177e4 LT	52	/* ----- HCI socket interface ----- */
	53
	54	static inline int hci_test_bit(int nr, void *addr)
	55	{
	56	return ((__u32 ) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
	57	}
	58
	59	/* Security filter */
	60	static struct hci_sec_filter hci_sec_filter = {
	61	/* Packet types */
	62	0x10,
	63	/* Events */
dd7f5527	64	{ 0x1000d9fe, 0x0000b00c },
1da177e4 LT	65	/* Commands */
	66	{
	67	{ 0x0 },
	68	/* OGF_LINK_CTL */
7c631a67	69	{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4	70	/* OGF_LINK_POLICY */
7c631a67	71	{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4	72	/* OGF_HOST_CTL */
7c631a67	73	{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4	74	/* OGF_INFO_PARAM */
7c631a67	75	{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4	76	/* OGF_STATUS_PARAM */
7c631a67	77	{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4 LT	78	}
	79	};
	80
	81	static struct bt_sock_list hci_sk_list = {
d5fb2962	82	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4 LT	83	};
	84
	85	/* Send frame to RAW socket */
	86	void hci_send_to_sock(struct hci_dev hdev, struct sk_buff skb)
	87	{
	88	struct sock *sk;
	89	struct hlist_node *node;
	90
	91	BT_DBG("hdev %p len %d", hdev, skb->len);
	92
	93	read_lock(&hci_sk_list.lock);
	94	sk_for_each(sk, node, &hci_sk_list.head) {
	95	struct hci_filter *flt;
	96	struct sk_buff *nskb;
	97
	98	if (sk->sk_state != BT_BOUND \|\| hci_pi(sk)->hdev != hdev)
	99	continue;
	100
	101	/* Don't send frame to the socket it came from */
	102	if (skb->sk == sk)
	103	continue;
	104
	105	/* Apply filter */
	106	flt = &hci_pi(sk)->filter;
	107
0d48d939 MH	108	if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
0d48d939 MH	109	0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
1da177e4 LT	110	continue;
1da177e4 LT	111
0d48d939	112	if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
1da177e4 LT	113	register int evt = ((__u8 )skb->data & HCI_FLT_EVENT_BITS);
	114
	115	if (!hci_test_bit(evt, &flt->event_mask))
	116	continue;
	117
4498c80d DM	118	if (flt->opcode &&
	119	((evt == HCI_EV_CMD_COMPLETE &&
	120	flt->opcode !=
905f3ed6	121	get_unaligned((__le16 *)(skb->data + 3))) \|\|
4498c80d DM	122	(evt == HCI_EV_CMD_STATUS &&
4498c80d DM	123	flt->opcode !=
905f3ed6	124	get_unaligned((__le16 *)(skb->data + 4)))))
1da177e4 LT	125	continue;
	126	}
	127
70f23020 AE	128	nskb = skb_clone(skb, GFP_ATOMIC);
70f23020 AE	129	if (!nskb)
1da177e4 LT	130	continue;
	131
	132	/* Put type byte before the data */
0d48d939	133	memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
1da177e4 LT	134
	135	if (sock_queue_rcv_skb(sk, nskb))
	136	kfree_skb(nskb);
	137	}
	138	read_unlock(&hci_sk_list.lock);
	139	}
	140
	141	static int hci_sock_release(struct socket *sock)
	142	{
	143	struct sock *sk = sock->sk;
7b005bd3	144	struct hci_dev *hdev;
1da177e4 LT	145
	146	BT_DBG("sock %p sk %p", sock, sk);
	147
	148	if (!sk)
	149	return 0;
	150
7b005bd3 MH	151	hdev = hci_pi(sk)->hdev;
7b005bd3 MH	152
1da177e4 LT	153	bt_sock_unlink(&hci_sk_list, sk);
	154
	155	if (hdev) {
	156	atomic_dec(&hdev->promisc);
	157	hci_dev_put(hdev);
	158	}
	159
	160	sock_orphan(sk);
	161
	162	skb_queue_purge(&sk->sk_receive_queue);
	163	skb_queue_purge(&sk->sk_write_queue);
	164
	165	sock_put(sk);
	166	return 0;
	167	}
	168
f0358568 JH	169	struct bdaddr_list hci_blacklist_lookup(struct hci_dev hdev, bdaddr_t *bdaddr)
	170	{
	171	struct list_head *p;
f0358568	172
ea4bd8ba	173	list_for_each(p, &hdev->blacklist) {
f0358568 JH	174	struct bdaddr_list *b;
	175
	176	b = list_entry(p, struct bdaddr_list, list);
	177
	178	if (bacmp(bdaddr, &b->bdaddr) == 0)
	179	return b;
	180	}
	181
	182	return NULL;
	183	}
	184
	185	static int hci_blacklist_add(struct hci_dev hdev, void __user arg)
	186	{
	187	bdaddr_t bdaddr;
	188	struct bdaddr_list *entry;
	189
	190	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
	191	return -EFAULT;
	192
	193	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
	194	return -EBADF;
	195
	196	if (hci_blacklist_lookup(hdev, &bdaddr))
	197	return -EEXIST;
	198
	199	entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
	200	if (!entry)
	201	return -ENOMEM;
	202
	203	bacpy(&entry->bdaddr, &bdaddr);
	204
ea4bd8ba	205	list_add(&entry->list, &hdev->blacklist);
f0358568 JH	206
	207	return 0;
	208	}
	209
	210	int hci_blacklist_clear(struct hci_dev *hdev)
	211	{
	212	struct list_head p, n;
f0358568	213
ea4bd8ba	214	list_for_each_safe(p, n, &hdev->blacklist) {
f0358568 JH	215	struct bdaddr_list *b;
	216
	217	b = list_entry(p, struct bdaddr_list, list);
	218
	219	list_del(p);
	220	kfree(b);
	221	}
	222
	223	return 0;
	224	}
	225
	226	static int hci_blacklist_del(struct hci_dev hdev, void __user arg)
	227	{
	228	bdaddr_t bdaddr;
	229	struct bdaddr_list *entry;
	230
	231	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
	232	return -EFAULT;
	233
	234	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
	235	return hci_blacklist_clear(hdev);
	236
	237	entry = hci_blacklist_lookup(hdev, &bdaddr);
	238	if (!entry)
	239	return -ENOENT;
	240
	241	list_del(&entry->list);
	242	kfree(entry);
	243
	244	return 0;
	245	}
	246
8e87d142	247	/* Ioctls that require bound socket */
1da177e4 LT	248	static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
	249	{
	250	struct hci_dev *hdev = hci_pi(sk)->hdev;
	251
	252	if (!hdev)
	253	return -EBADFD;
	254
	255	switch (cmd) {
	256	case HCISETRAW:
	257	if (!capable(CAP_NET_ADMIN))
	258	return -EACCES;
	259
	260	if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
	261	return -EPERM;
	262
	263	if (arg)
	264	set_bit(HCI_RAW, &hdev->flags);
	265	else
	266	clear_bit(HCI_RAW, &hdev->flags);
	267
	268	return 0;
	269
1da177e4	270	case HCIGETCONNINFO:
40be492f MH	271	return hci_get_conn_info(hdev, (void __user *) arg);
	272
	273	case HCIGETAUTHINFO:
	274	return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4	275
f0358568 JH	276	case HCIBLOCKADDR:
	277	if (!capable(CAP_NET_ADMIN))
	278	return -EACCES;
	279	return hci_blacklist_add(hdev, (void __user *) arg);
	280
	281	case HCIUNBLOCKADDR:
	282	if (!capable(CAP_NET_ADMIN))
	283	return -EACCES;
	284	return hci_blacklist_del(hdev, (void __user *) arg);
	285
1da177e4 LT	286	default:
	287	if (hdev->ioctl)
	288	return hdev->ioctl(hdev, cmd, arg);
	289	return -EINVAL;
	290	}
	291	}
	292
	293	static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
	294	{
	295	struct sock *sk = sock->sk;
40be492f	296	void __user argp = (void __user ) arg;
1da177e4 LT	297	int err;
	298
	299	BT_DBG("cmd %x arg %lx", cmd, arg);
	300
	301	switch (cmd) {
	302	case HCIGETDEVLIST:
	303	return hci_get_dev_list(argp);
	304
	305	case HCIGETDEVINFO:
	306	return hci_get_dev_info(argp);
	307
	308	case HCIGETCONNLIST:
	309	return hci_get_conn_list(argp);
	310
	311	case HCIDEVUP:
	312	if (!capable(CAP_NET_ADMIN))
	313	return -EACCES;
	314	return hci_dev_open(arg);
	315
	316	case HCIDEVDOWN:
	317	if (!capable(CAP_NET_ADMIN))
	318	return -EACCES;
	319	return hci_dev_close(arg);
	320
	321	case HCIDEVRESET:
	322	if (!capable(CAP_NET_ADMIN))
	323	return -EACCES;
	324	return hci_dev_reset(arg);
	325
	326	case HCIDEVRESTAT:
	327	if (!capable(CAP_NET_ADMIN))
	328	return -EACCES;
	329	return hci_dev_reset_stat(arg);
	330
	331	case HCISETSCAN:
	332	case HCISETAUTH:
	333	case HCISETENCRYPT:
	334	case HCISETPTYPE:
	335	case HCISETLINKPOL:
	336	case HCISETLINKMODE:
	337	case HCISETACLMTU:
	338	case HCISETSCOMTU:
	339	if (!capable(CAP_NET_ADMIN))
	340	return -EACCES;
	341	return hci_dev_cmd(cmd, argp);
	342
	343	case HCIINQUIRY:
	344	return hci_inquiry(argp);
	345
	346	default:
	347	lock_sock(sk);
	348	err = hci_sock_bound_ioctl(sk, cmd, arg);
	349	release_sock(sk);
	350	return err;
	351	}
	352	}
	353
	354	static int hci_sock_bind(struct socket sock, struct sockaddr addr, int addr_len)
	355	{
	356	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
	357	struct sock *sk = sock->sk;
	358	struct hci_dev *hdev = NULL;
	359	int err = 0;
	360
361	BT_DBG("sock %p sk %p", sock, sk);
362
363	if (!haddr \|\| haddr->hci_family != AF_BLUETOOTH)
364	return -EINVAL;
365
366	lock_sock(sk);
367
368	if (hci_pi(sk)->hdev) {
369	err = -EALREADY;
370	goto done;
371	}
372
373	if (haddr->hci_dev != HCI_DEV_NONE) {
70f23020 AE	374	hdev = hci_dev_get(haddr->hci_dev);
70f23020 AE	375	if (!hdev) {
1da177e4 LT	376	err = -ENODEV;
	377	goto done;
	378	}
	379
	380	atomic_inc(&hdev->promisc);
	381	}
	382
	383	hci_pi(sk)->hdev = hdev;
	384	sk->sk_state = BT_BOUND;
	385
	386	done:
	387	release_sock(sk);
	388	return err;
	389	}
	390
	391	static int hci_sock_getname(struct socket sock, struct sockaddr addr, int *addr_len, int peer)
	392	{
	393	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
	394	struct sock *sk = sock->sk;
7b005bd3	395	struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4 LT	396
	397	BT_DBG("sock %p sk %p", sock, sk);
	398
7b005bd3 MH	399	if (!hdev)
	400	return -EBADFD;
	401
1da177e4 LT	402	lock_sock(sk);
	403
	404	addr_len = sizeof(haddr);
	405	haddr->hci_family = AF_BLUETOOTH;
7b005bd3	406	haddr->hci_dev = hdev->id;
1da177e4 LT	407
	408	release_sock(sk);
	409	return 0;
	410	}
	411
	412	static inline void hci_sock_cmsg(struct sock sk, struct msghdr msg, struct sk_buff *skb)
	413	{
	414	__u32 mask = hci_pi(sk)->cmsg_mask;
	415
0d48d939 MH	416	if (mask & HCI_CMSG_DIR) {
	417	int incoming = bt_cb(skb)->incoming;
	418	put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	419	}
1da177e4	420
a61bbcf2	421	if (mask & HCI_CMSG_TSTAMP) {
f6e623a6 JFS	422	#ifdef CONFIG_COMPAT
	423	struct compat_timeval ctv;
	424	#endif
a61bbcf2	425	struct timeval tv;
767c5eb5 MH	426	void *data;
767c5eb5 MH	427	int len;
a61bbcf2 PM	428
a61bbcf2 PM	429	skb_get_timestamp(skb, &tv);
767c5eb5	430
1da97f83 DM	431	data = &tv;
	432	len = sizeof(tv);
	433	#ifdef CONFIG_COMPAT
767c5eb5	434	if (msg->msg_flags & MSG_CMSG_COMPAT) {
767c5eb5 MH	435	ctv.tv_sec = tv.tv_sec;
	436	ctv.tv_usec = tv.tv_usec;
	437	data = &ctv;
	438	len = sizeof(ctv);
767c5eb5	439	}
1da97f83	440	#endif
767c5eb5 MH	441
767c5eb5 MH	442	put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2	443	}
1da177e4	444	}
8e87d142 YH	445
8e87d142 YH	446	static int hci_sock_recvmsg(struct kiocb iocb, struct socket sock,
1da177e4 LT	447	struct msghdr *msg, size_t len, int flags)
	448	{
	449	int noblock = flags & MSG_DONTWAIT;
	450	struct sock *sk = sock->sk;
	451	struct sk_buff *skb;
	452	int copied, err;
	453
	454	BT_DBG("sock %p, sk %p", sock, sk);
	455
	456	if (flags & (MSG_OOB))
	457	return -EOPNOTSUPP;
	458
	459	if (sk->sk_state == BT_CLOSED)
	460	return 0;
	461
70f23020 AE	462	skb = skb_recv_datagram(sk, flags, noblock, &err);
70f23020 AE	463	if (!skb)
1da177e4 LT	464	return err;
	465
	466	msg->msg_namelen = 0;
	467
	468	copied = skb->len;
	469	if (len < copied) {
	470	msg->msg_flags \|= MSG_TRUNC;
	471	copied = len;
	472	}
	473
badff6d0	474	skb_reset_transport_header(skb);
1da177e4 LT	475	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
	476
	477	hci_sock_cmsg(sk, msg, skb);
	478
	479	skb_free_datagram(sk, skb);
	480
	481	return err ? : copied;
	482	}
	483
8e87d142	484	static int hci_sock_sendmsg(struct kiocb iocb, struct socket sock,
1da177e4 LT	485	struct msghdr *msg, size_t len)
	486	{
	487	struct sock *sk = sock->sk;
	488	struct hci_dev *hdev;
	489	struct sk_buff *skb;
	490	int err;
	491
	492	BT_DBG("sock %p sk %p", sock, sk);
	493
	494	if (msg->msg_flags & MSG_OOB)
	495	return -EOPNOTSUPP;
	496
	497	if (msg->msg_flags & ~(MSG_DONTWAIT\|MSG_NOSIGNAL\|MSG_ERRQUEUE))
	498	return -EINVAL;
	499
	500	if (len < 4 \|\| len > HCI_MAX_FRAME_SIZE)
	501	return -EINVAL;
	502
	503	lock_sock(sk);
	504
70f23020 AE	505	hdev = hci_pi(sk)->hdev;
70f23020 AE	506	if (!hdev) {
1da177e4 LT	507	err = -EBADFD;
	508	goto done;
	509	}
	510
7e21addc MH	511	if (!test_bit(HCI_UP, &hdev->flags)) {
	512	err = -ENETDOWN;
	513	goto done;
	514	}
	515
70f23020 AE	516	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
70f23020 AE	517	if (!skb)
1da177e4 LT	518	goto done;
	519
	520	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
	521	err = -EFAULT;
	522	goto drop;
	523	}
	524
0d48d939	525	bt_cb(skb)->pkt_type = ((unsigned char ) skb->data);
1da177e4 LT	526	skb_pull(skb, 1);
	527	skb->dev = (void *) hdev;
	528
0d48d939	529	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319	530	u16 opcode = get_unaligned_le16(skb->data);
1da177e4 LT	531	u16 ogf = hci_opcode_ogf(opcode);
	532	u16 ocf = hci_opcode_ocf(opcode);
	533
	534	if (((ogf > HCI_SFLT_MAX_OGF) \|\|
	535	!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
	536	!capable(CAP_NET_RAW)) {
	537	err = -EPERM;
	538	goto drop;
	539	}
	540
a9de9248	541	if (test_bit(HCI_RAW, &hdev->flags) \|\| (ogf == 0x3f)) {
1da177e4	542	skb_queue_tail(&hdev->raw_q, skb);
c78ae283	543	tasklet_schedule(&hdev->tx_task);
1da177e4 LT	544	} else {
1da177e4 LT	545	skb_queue_tail(&hdev->cmd_q, skb);
c78ae283	546	tasklet_schedule(&hdev->cmd_task);
1da177e4 LT	547	}
	548	} else {
	549	if (!capable(CAP_NET_RAW)) {
	550	err = -EPERM;
	551	goto drop;
	552	}
	553
	554	skb_queue_tail(&hdev->raw_q, skb);
c78ae283	555	tasklet_schedule(&hdev->tx_task);
1da177e4 LT	556	}
	557
	558	err = len;
	559
	560	done:
	561	release_sock(sk);
	562	return err;
	563
	564	drop:
	565	kfree_skb(skb);
	566	goto done;
	567	}
	568
b7058842	569	static int hci_sock_setsockopt(struct socket sock, int level, int optname, char __user optval, unsigned int len)
1da177e4 LT	570	{
	571	struct hci_ufilter uf = { .opcode = 0 };
	572	struct sock *sk = sock->sk;
	573	int err = 0, opt = 0;
	574
	575	BT_DBG("sk %p, opt %d", sk, optname);
	576
	577	lock_sock(sk);
	578
	579	switch (optname) {
	580	case HCI_DATA_DIR:
	581	if (get_user(opt, (int __user *)optval)) {
	582	err = -EFAULT;
	583	break;
	584	}
	585
	586	if (opt)
	587	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_DIR;
	588	else
	589	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
	590	break;
	591
	592	case HCI_TIME_STAMP:
	593	if (get_user(opt, (int __user *)optval)) {
	594	err = -EFAULT;
	595	break;
	596	}
	597
	598	if (opt)
	599	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_TSTAMP;
	600	else
	601	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
	602	break;
	603
	604	case HCI_FILTER:
0878b666 MH	605	{
	606	struct hci_filter *f = &hci_pi(sk)->filter;
	607
	608	uf.type_mask = f->type_mask;
	609	uf.opcode = f->opcode;
	610	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
	611	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
	612	}
	613
1da177e4 LT	614	len = min_t(unsigned int, len, sizeof(uf));
	615	if (copy_from_user(&uf, optval, len)) {
	616	err = -EFAULT;
	617	break;
	618	}
	619
	620	if (!capable(CAP_NET_RAW)) {
	621	uf.type_mask &= hci_sec_filter.type_mask;
	622	uf.event_mask[0] &= ((u32 ) hci_sec_filter.event_mask + 0);
	623	uf.event_mask[1] &= ((u32 ) hci_sec_filter.event_mask + 1);
	624	}
	625
	626	{
	627	struct hci_filter *f = &hci_pi(sk)->filter;
	628
	629	f->type_mask = uf.type_mask;
	630	f->opcode = uf.opcode;
	631	((u32 ) f->event_mask + 0) = uf.event_mask[0];
	632	((u32 ) f->event_mask + 1) = uf.event_mask[1];
	633	}
8e87d142	634	break;
1da177e4 LT	635
	636	default:
	637	err = -ENOPROTOOPT;
	638	break;
	639	}
	640
	641	release_sock(sk);
	642	return err;
	643	}
	644
	645	static int hci_sock_getsockopt(struct socket sock, int level, int optname, char __user optval, int __user *optlen)
	646	{
	647	struct hci_ufilter uf;
	648	struct sock *sk = sock->sk;
8e87d142	649	int len, opt;
1da177e4 LT	650
	651	if (get_user(len, optlen))
	652	return -EFAULT;
	653
	654	switch (optname) {
	655	case HCI_DATA_DIR:
	656	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
	657	opt = 1;
8e87d142	658	else
1da177e4 LT	659	opt = 0;
	660
	661	if (put_user(opt, optval))
	662	return -EFAULT;
	663	break;
	664
	665	case HCI_TIME_STAMP:
	666	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
	667	opt = 1;
8e87d142	668	else
1da177e4 LT	669	opt = 0;
	670
	671	if (put_user(opt, optval))
	672	return -EFAULT;
	673	break;
	674
	675	case HCI_FILTER:
	676	{
	677	struct hci_filter *f = &hci_pi(sk)->filter;
	678
	679	uf.type_mask = f->type_mask;
	680	uf.opcode = f->opcode;
	681	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
	682	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
	683	}
	684
	685	len = min_t(unsigned int, len, sizeof(uf));
	686	if (copy_to_user(optval, &uf, len))
	687	return -EFAULT;
	688	break;
	689
	690	default:
	691	return -ENOPROTOOPT;
	692	break;
	693	}
	694
	695	return 0;
	696	}
	697
90ddc4f0	698	static const struct proto_ops hci_sock_ops = {
1da177e4 LT	699	.family = PF_BLUETOOTH,
	700	.owner = THIS_MODULE,
	701	.release = hci_sock_release,
	702	.bind = hci_sock_bind,
	703	.getname = hci_sock_getname,
	704	.sendmsg = hci_sock_sendmsg,
	705	.recvmsg = hci_sock_recvmsg,
	706	.ioctl = hci_sock_ioctl,
	707	.poll = datagram_poll,
	708	.listen = sock_no_listen,
	709	.shutdown = sock_no_shutdown,
	710	.setsockopt = hci_sock_setsockopt,
	711	.getsockopt = hci_sock_getsockopt,
	712	.connect = sock_no_connect,
	713	.socketpair = sock_no_socketpair,
	714	.accept = sock_no_accept,
	715	.mmap = sock_no_mmap
	716	};
	717
	718	static struct proto hci_sk_proto = {
	719	.name = "HCI",
	720	.owner = THIS_MODULE,
	721	.obj_size = sizeof(struct hci_pinfo)
	722	};
	723
3f378b68 EP	724	static int hci_sock_create(struct net net, struct socket sock, int protocol,
3f378b68 EP	725	int kern)
1da177e4 LT	726	{
	727	struct sock *sk;
	728
	729	BT_DBG("sock %p", sock);
	730
	731	if (sock->type != SOCK_RAW)
	732	return -ESOCKTNOSUPPORT;
	733
	734	sock->ops = &hci_sock_ops;
	735
6257ff21	736	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4 LT	737	if (!sk)
	738	return -ENOMEM;
	739
	740	sock_init_data(sock, sk);
	741
	742	sock_reset_flag(sk, SOCK_ZAPPED);
	743
	744	sk->sk_protocol = protocol;
	745
	746	sock->state = SS_UNCONNECTED;
	747	sk->sk_state = BT_OPEN;
	748
	749	bt_sock_link(&hci_sk_list, sk);
	750	return 0;
	751	}
	752
	753	static int hci_sock_dev_event(struct notifier_block this, unsigned long event, void ptr)
	754	{
	755	struct hci_dev hdev = (struct hci_dev ) ptr;
	756	struct hci_ev_si_device ev;
	757
	758	BT_DBG("hdev %s event %ld", hdev->name, event);
	759
	760	/* Send event to sockets */
	761	ev.event = event;
	762	ev.dev_id = hdev->id;
	763	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
	764
	765	if (event == HCI_DEV_UNREG) {
	766	struct sock *sk;
	767	struct hlist_node *node;
	768
	769	/* Detach sockets from device */
	770	read_lock(&hci_sk_list.lock);
	771	sk_for_each(sk, node, &hci_sk_list.head) {
4ce61d1c SS	772	local_bh_disable();
4ce61d1c SS	773	bh_lock_sock_nested(sk);
1da177e4 LT	774	if (hci_pi(sk)->hdev == hdev) {
	775	hci_pi(sk)->hdev = NULL;
	776	sk->sk_err = EPIPE;
	777	sk->sk_state = BT_OPEN;
	778	sk->sk_state_change(sk);
	779
	780	hci_dev_put(hdev);
	781	}
4ce61d1c SS	782	bh_unlock_sock(sk);
4ce61d1c SS	783	local_bh_enable();
1da177e4 LT	784	}
	785	read_unlock(&hci_sk_list.lock);
	786	}
	787
	788	return NOTIFY_DONE;
	789	}
	790
ec1b4cf7	791	static const struct net_proto_family hci_sock_family_ops = {
1da177e4 LT	792	.family = PF_BLUETOOTH,
	793	.owner = THIS_MODULE,
	794	.create = hci_sock_create,
	795	};
	796
	797	static struct notifier_block hci_sock_nblock = {
	798	.notifier_call = hci_sock_dev_event
	799	};
	800
	801	int __init hci_sock_init(void)
	802	{
	803	int err;
	804
	805	err = proto_register(&hci_sk_proto, 0);
	806	if (err < 0)
	807	return err;
	808
	809	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
	810	if (err < 0)
	811	goto error;
	812
	813	hci_register_notifier(&hci_sock_nblock);
	814
	815	BT_INFO("HCI socket layer initialized");
	816
	817	return 0;
	818
	819	error:
	820	BT_ERR("HCI socket registration failed");
	821	proto_unregister(&hci_sk_proto);
	822	return err;
	823	}
	824
04005dd9	825	void __exit hci_sock_cleanup(void)
1da177e4 LT	826	{
	827	if (bt_sock_unregister(BTPROTO_HCI) < 0)
	828	BT_ERR("HCI socket unregistration failed");
	829
	830	hci_unregister_notifier(&hci_sock_nblock);
	831
	832	proto_unregister(&hci_sk_proto);
1da177e4	833	}