projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor raw socket filter into more readable code
[linux-2.6-block.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
cd82e61c 32#include <net/bluetooth/hci_mon.h>
1da177e4 33
cd82e61c
MH		 34static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
1da177e4
LT		 36/* ----- HCI socket interface ----- */
37
38static inline int hci_test_bit(int nr, void *addr)
39{
40 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
41}
42
43/* Security filter */
44static struct hci_sec_filter hci_sec_filter = {
45 /* Packet types */
46 0x10,
47 /* Events */
dd7f5527 48 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 49 /* Commands */
50 {
51 { 0x0 },
52 /* OGF_LINK_CTL */
7c631a67 53 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 54 /* OGF_LINK_POLICY */
7c631a67 55 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 56 /* OGF_HOST_CTL */
7c631a67 57 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 58 /* OGF_INFO_PARAM */
7c631a67 59 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 60 /* OGF_STATUS_PARAM */
7c631a67 61 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 62 }
63};
64
65static struct bt_sock_list hci_sk_list = {
d5fb2962 66 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 67};
68
f81fe64f
MH		 69static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
70{
71 struct hci_filter *flt;
72 int flt_type, flt_event;
73
74 /* Apply filter */
75 flt = &hci_pi(sk)->filter;
76
77 if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
78 flt_type = 0;
79 else
80 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
81
82 if (!test_bit(flt_type, &flt->type_mask))
83 return true;
84
85 /* Extra filter for event packets only */
86 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
87 return false;
88
89 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
90
91 if (!hci_test_bit(flt_event, &flt->event_mask))
92 return true;
93
94 /* Check filter only when opcode is set */
95 if (!flt->opcode)
96 return false;
97
98 if (flt_event == HCI_EV_CMD_COMPLETE &&
99 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
100 return true;
101
102 if (flt_event == HCI_EV_CMD_STATUS &&
103 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
104 return true;
105
106 return false;
107}
108
1da177e4 109/* Send frame to RAW socket */
470fe1b5 110void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 111{
112 struct sock *sk;
e0edf373 113 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 114
115 BT_DBG("hdev %p len %d", hdev, skb->len);
116
117 read_lock(&hci_sk_list.lock);
470fe1b5 118
b67bfe0d 119 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 120 struct sk_buff *nskb;
121
122 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
123 continue;
124
125 /* Don't send frame to the socket it came from */
126 if (skb->sk == sk)
127 continue;
128
470fe1b5 129 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
a40c406c
JH		 130 continue;
131
f81fe64f 132 if (is_filtered_packet(sk, skb))
1da177e4
LT		 133 continue;
134
e0edf373
MH		 135 if (!skb_copy) {
136 /* Create a private copy with headroom */
137 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
138 if (!skb_copy)
139 continue;
140
141 /* Put type byte before the data */
142 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
143 }
144
145 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 146 if (!nskb)
1da177e4
LT		 147 continue;
148
470fe1b5
MH		 149 if (sock_queue_rcv_skb(sk, nskb))
150 kfree_skb(nskb);
151 }
152
153 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 154
155 kfree_skb(skb_copy);
470fe1b5
MH		 156}
157
158/* Send frame to control socket */
159void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
160{
161 struct sock *sk;
470fe1b5
MH		 162
163 BT_DBG("len %d", skb->len);
164
165 read_lock(&hci_sk_list.lock);
166
b67bfe0d 167 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 168 struct sk_buff *nskb;
169
170 /* Skip the original socket */
171 if (sk == skip_sk)
172 continue;
173
174 if (sk->sk_state != BT_BOUND)
175 continue;
176
177 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
178 continue;
179
180 nskb = skb_clone(skb, GFP_ATOMIC);
181 if (!nskb)
182 continue;
1da177e4
LT		 183
184 if (sock_queue_rcv_skb(sk, nskb))
185 kfree_skb(nskb);
186 }
470fe1b5 187
1da177e4
LT		 188 read_unlock(&hci_sk_list.lock);
189}
190
cd82e61c
MH		 191/* Send frame to monitor socket */
192void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
193{
194 struct sock *sk;
cd82e61c
MH		 195 struct sk_buff *skb_copy = NULL;
196 __le16 opcode;
197
198 if (!atomic_read(&monitor_promisc))
199 return;
200
201 BT_DBG("hdev %p len %d", hdev, skb->len);
202
203 switch (bt_cb(skb)->pkt_type) {
204 case HCI_COMMAND_PKT:
205 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
206 break;
207 case HCI_EVENT_PKT:
208 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
209 break;
210 case HCI_ACLDATA_PKT:
211 if (bt_cb(skb)->incoming)
212 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
213 else
214 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
215 break;
216 case HCI_SCODATA_PKT:
217 if (bt_cb(skb)->incoming)
218 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
219 else
220 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
221 break;
222 default:
223 return;
224 }
225
226 read_lock(&hci_sk_list.lock);
227
b67bfe0d 228 sk_for_each(sk, &hci_sk_list.head) {
cd82e61c
MH		 229 struct sk_buff *nskb;
230
231 if (sk->sk_state != BT_BOUND)
232 continue;
233
234 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
235 continue;
236
237 if (!skb_copy) {
238 struct hci_mon_hdr *hdr;
239
240 /* Create a private copy with headroom */
8fc9ced3
GP		 241 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
242 GFP_ATOMIC);
cd82e61c
MH		 243 if (!skb_copy)
244 continue;
245
246 /* Put header before the data */
247 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
248 hdr->opcode = opcode;
249 hdr->index = cpu_to_le16(hdev->id);
250 hdr->len = cpu_to_le16(skb->len);
251 }
252
253 nskb = skb_clone(skb_copy, GFP_ATOMIC);
254 if (!nskb)
255 continue;
256
257 if (sock_queue_rcv_skb(sk, nskb))
258 kfree_skb(nskb);
259 }
260
261 read_unlock(&hci_sk_list.lock);
262
263 kfree_skb(skb_copy);
264}
265
266static void send_monitor_event(struct sk_buff *skb)
267{
268 struct sock *sk;
cd82e61c
MH		 269
270 BT_DBG("len %d", skb->len);
271
272 read_lock(&hci_sk_list.lock);
273
b67bfe0d 274 sk_for_each(sk, &hci_sk_list.head) {
cd82e61c
MH		 275 struct sk_buff *nskb;
276
277 if (sk->sk_state != BT_BOUND)
278 continue;
279
280 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
281 continue;
282
283 nskb = skb_clone(skb, GFP_ATOMIC);
284 if (!nskb)
285 continue;
286
287 if (sock_queue_rcv_skb(sk, nskb))
288 kfree_skb(nskb);
289 }
290
291 read_unlock(&hci_sk_list.lock);
292}
293
294static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
295{
296 struct hci_mon_hdr *hdr;
297 struct hci_mon_new_index *ni;
298 struct sk_buff *skb;
299 __le16 opcode;
300
301 switch (event) {
302 case HCI_DEV_REG:
303 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
304 if (!skb)
305 return NULL;
306
307 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
308 ni->type = hdev->dev_type;
309 ni->bus = hdev->bus;
310 bacpy(&ni->bdaddr, &hdev->bdaddr);
311 memcpy(ni->name, hdev->name, 8);
312
313 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
314 break;
315
316 case HCI_DEV_UNREG:
317 skb = bt_skb_alloc(0, GFP_ATOMIC);
318 if (!skb)
319 return NULL;
320
321 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
322 break;
323
324 default:
325 return NULL;
326 }
327
328 __net_timestamp(skb);
329
330 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
331 hdr->opcode = opcode;
332 hdr->index = cpu_to_le16(hdev->id);
333 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
334
335 return skb;
336}
337
338static void send_monitor_replay(struct sock *sk)
339{
340 struct hci_dev *hdev;
341
342 read_lock(&hci_dev_list_lock);
343
344 list_for_each_entry(hdev, &hci_dev_list, list) {
345 struct sk_buff *skb;
346
347 skb = create_monitor_event(hdev, HCI_DEV_REG);
348 if (!skb)
349 continue;
350
351 if (sock_queue_rcv_skb(sk, skb))
352 kfree_skb(skb);
353 }
354
355 read_unlock(&hci_dev_list_lock);
356}
357
040030ef
MH		 358/* Generate internal stack event */
359static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
360{
361 struct hci_event_hdr *hdr;
362 struct hci_ev_stack_internal *ev;
363 struct sk_buff *skb;
364
365 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
366 if (!skb)
367 return;
368
369 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
370 hdr->evt = HCI_EV_STACK_INTERNAL;
371 hdr->plen = sizeof(*ev) + dlen;
372
373 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
374 ev->type = type;
375 memcpy(ev->data, data, dlen);
376
377 bt_cb(skb)->incoming = 1;
378 __net_timestamp(skb);
379
380 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
381 skb->dev = (void *) hdev;
382 hci_send_to_sock(hdev, skb);
383 kfree_skb(skb);
384}
385
386void hci_sock_dev_event(struct hci_dev *hdev, int event)
387{
388 struct hci_ev_si_device ev;
389
390 BT_DBG("hdev %s event %d", hdev->name, event);
391
cd82e61c
MH		 392 /* Send event to monitor */
393 if (atomic_read(&monitor_promisc)) {
394 struct sk_buff *skb;
395
396 skb = create_monitor_event(hdev, event);
397 if (skb) {
398 send_monitor_event(skb);
399 kfree_skb(skb);
400 }
401 }
402
040030ef
MH		 403 /* Send event to sockets */
404 ev.event = event;
405 ev.dev_id = hdev->id;
406 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
407
408 if (event == HCI_DEV_UNREG) {
409 struct sock *sk;
040030ef
MH		 410
411 /* Detach sockets from device */
412 read_lock(&hci_sk_list.lock);
b67bfe0d 413 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 414 bh_lock_sock_nested(sk);
415 if (hci_pi(sk)->hdev == hdev) {
416 hci_pi(sk)->hdev = NULL;
417 sk->sk_err = EPIPE;
418 sk->sk_state = BT_OPEN;
419 sk->sk_state_change(sk);
420
421 hci_dev_put(hdev);
422 }
423 bh_unlock_sock(sk);
424 }
425 read_unlock(&hci_sk_list.lock);
426 }
427}
428
1da177e4
LT		 429static int hci_sock_release(struct socket *sock)
430{
431 struct sock *sk = sock->sk;
7b005bd3 432 struct hci_dev *hdev;
1da177e4
LT		 433
434 BT_DBG("sock %p sk %p", sock, sk);
435
436 if (!sk)
437 return 0;
438
7b005bd3
MH		 439 hdev = hci_pi(sk)->hdev;
440
cd82e61c
MH		 441 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
442 atomic_dec(&monitor_promisc);
443
1da177e4
LT		 444 bt_sock_unlink(&hci_sk_list, sk);
445
446 if (hdev) {
447 atomic_dec(&hdev->promisc);
448 hci_dev_put(hdev);
449 }
450
451 sock_orphan(sk);
452
453 skb_queue_purge(&sk->sk_receive_queue);
454 skb_queue_purge(&sk->sk_write_queue);
455
456 sock_put(sk);
457 return 0;
458}
459
b2a66aad 460static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 461{
462 bdaddr_t bdaddr;
5e762444 463 int err;
f0358568
JH		 464
465 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
466 return -EFAULT;
467
09fd0de5 468 hci_dev_lock(hdev);
5e762444 469
88c1fe4b 470 err = hci_blacklist_add(hdev, &bdaddr, 0);
5e762444 471
09fd0de5 472 hci_dev_unlock(hdev);
5e762444
AJ		 473
474 return err;
f0358568
JH		 475}
476
b2a66aad 477static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 478{
479 bdaddr_t bdaddr;
5e762444 480 int err;
f0358568
JH		 481
482 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
483 return -EFAULT;
484
09fd0de5 485 hci_dev_lock(hdev);
5e762444 486
88c1fe4b 487 err = hci_blacklist_del(hdev, &bdaddr, 0);
5e762444 488
09fd0de5 489 hci_dev_unlock(hdev);
5e762444
AJ		 490
491 return err;
f0358568
JH		 492}
493
8e87d142 494/* Ioctls that require bound socket */
6039aa73
GP		 495static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
496 unsigned long arg)
1da177e4
LT		 497{
498 struct hci_dev *hdev = hci_pi(sk)->hdev;
499
500 if (!hdev)
501 return -EBADFD;
502
503 switch (cmd) {
504 case HCISETRAW:
505 if (!capable(CAP_NET_ADMIN))
bf5b30b8 506 return -EPERM;
1da177e4
LT		 507
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
509 return -EPERM;
510
511 if (arg)
512 set_bit(HCI_RAW, &hdev->flags);
513 else
514 clear_bit(HCI_RAW, &hdev->flags);
515
516 return 0;
517
1da177e4 518 case HCIGETCONNINFO:
40be492f
MH		 519 return hci_get_conn_info(hdev, (void __user *) arg);
520
521 case HCIGETAUTHINFO:
522 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 523
f0358568
JH		 524 case HCIBLOCKADDR:
525 if (!capable(CAP_NET_ADMIN))
bf5b30b8 526 return -EPERM;
b2a66aad 527 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 528
529 case HCIUNBLOCKADDR:
530 if (!capable(CAP_NET_ADMIN))
bf5b30b8 531 return -EPERM;
b2a66aad 532 return hci_sock_blacklist_del(hdev, (void __user *) arg);
f0358568 533
1da177e4
LT		 534 default:
535 if (hdev->ioctl)
536 return hdev->ioctl(hdev, cmd, arg);
537 return -EINVAL;
538 }
539}
540
8fc9ced3
GP		 541static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
542 unsigned long arg)
1da177e4
LT		 543{
544 struct sock *sk = sock->sk;
40be492f 545 void __user *argp = (void __user *) arg;
1da177e4
LT		 546 int err;
547
548 BT_DBG("cmd %x arg %lx", cmd, arg);
549
550 switch (cmd) {
551 case HCIGETDEVLIST:
552 return hci_get_dev_list(argp);
553
554 case HCIGETDEVINFO:
555 return hci_get_dev_info(argp);
556
557 case HCIGETCONNLIST:
558 return hci_get_conn_list(argp);
559
560 case HCIDEVUP:
561 if (!capable(CAP_NET_ADMIN))
bf5b30b8 562 return -EPERM;
1da177e4
LT		 563 return hci_dev_open(arg);
564
565 case HCIDEVDOWN:
566 if (!capable(CAP_NET_ADMIN))
bf5b30b8 567 return -EPERM;
1da177e4
LT		 568 return hci_dev_close(arg);
569
570 case HCIDEVRESET:
571 if (!capable(CAP_NET_ADMIN))
bf5b30b8 572 return -EPERM;
1da177e4
LT		 573 return hci_dev_reset(arg);
574
575 case HCIDEVRESTAT:
576 if (!capable(CAP_NET_ADMIN))
bf5b30b8 577 return -EPERM;
1da177e4
LT		 578 return hci_dev_reset_stat(arg);
579
580 case HCISETSCAN:
581 case HCISETAUTH:
582 case HCISETENCRYPT:
583 case HCISETPTYPE:
584 case HCISETLINKPOL:
585 case HCISETLINKMODE:
586 case HCISETACLMTU:
587 case HCISETSCOMTU:
588 if (!capable(CAP_NET_ADMIN))
bf5b30b8 589 return -EPERM;
1da177e4
LT		 590 return hci_dev_cmd(cmd, argp);
591
592 case HCIINQUIRY:
593 return hci_inquiry(argp);
594
595 default:
596 lock_sock(sk);
597 err = hci_sock_bound_ioctl(sk, cmd, arg);
598 release_sock(sk);
599 return err;
600 }
601}
602
8fc9ced3
GP		 603static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
604 int addr_len)
1da177e4 605{
0381101f 606 struct sockaddr_hci haddr;
1da177e4
LT		 607 struct sock *sk = sock->sk;
608 struct hci_dev *hdev = NULL;
0381101f 609 int len, err = 0;
1da177e4
LT		 610
611 BT_DBG("sock %p sk %p", sock, sk);
612
0381101f
JH		 613 if (!addr)
614 return -EINVAL;
615
616 memset(&haddr, 0, sizeof(haddr));
617 len = min_t(unsigned int, sizeof(haddr), addr_len);
618 memcpy(&haddr, addr, len);
619
620 if (haddr.hci_family != AF_BLUETOOTH)
621 return -EINVAL;
622
1da177e4
LT		 623 lock_sock(sk);
624
7cc2ade2 625 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 626 err = -EALREADY;
627 goto done;
628 }
629
7cc2ade2
MH		 630 switch (haddr.hci_channel) {
631 case HCI_CHANNEL_RAW:
632 if (hci_pi(sk)->hdev) {
633 err = -EALREADY;
1da177e4
LT		 634 goto done;
635 }
636
7cc2ade2
MH		 637 if (haddr.hci_dev != HCI_DEV_NONE) {
638 hdev = hci_dev_get(haddr.hci_dev);
639 if (!hdev) {
640 err = -ENODEV;
641 goto done;
642 }
643
644 atomic_inc(&hdev->promisc);
645 }
646
647 hci_pi(sk)->hdev = hdev;
648 break;
649
650 case HCI_CHANNEL_CONTROL:
4b95a24c 651 if (haddr.hci_dev != HCI_DEV_NONE) {
7cc2ade2
MH		 652 err = -EINVAL;
653 goto done;
654 }
655
801f13bd
MH		 656 if (!capable(CAP_NET_ADMIN)) {
657 err = -EPERM;
658 goto done;
659 }
660
7cc2ade2
MH		 661 break;
662
cd82e61c
MH		 663 case HCI_CHANNEL_MONITOR:
664 if (haddr.hci_dev != HCI_DEV_NONE) {
665 err = -EINVAL;
666 goto done;
667 }
668
669 if (!capable(CAP_NET_RAW)) {
670 err = -EPERM;
671 goto done;
672 }
673
674 send_monitor_replay(sk);
675
676 atomic_inc(&monitor_promisc);
677 break;
678
7cc2ade2
MH		 679 default:
680 err = -EINVAL;
681 goto done;
1da177e4
LT		 682 }
683
7cc2ade2 684
0381101f 685 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 686 sk->sk_state = BT_BOUND;
687
688done:
689 release_sock(sk);
690 return err;
691}
692
8fc9ced3
GP		 693static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
694 int *addr_len, int peer)
1da177e4
LT		 695{
696 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
697 struct sock *sk = sock->sk;
7b005bd3 698 struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4
LT		 699
700 BT_DBG("sock %p sk %p", sock, sk);
701
7b005bd3
MH		 702 if (!hdev)
703 return -EBADFD;
704
1da177e4
LT		 705 lock_sock(sk);
706
707 *addr_len = sizeof(*haddr);
708 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 709 haddr->hci_dev = hdev->id;
3f68ba07 710 haddr->hci_channel= 0;
1da177e4
LT		 711
712 release_sock(sk);
713 return 0;
714}
715
6039aa73
GP		 716static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
717 struct sk_buff *skb)
1da177e4
LT		 718{
719 __u32 mask = hci_pi(sk)->cmsg_mask;
720
0d48d939
MH		 721 if (mask & HCI_CMSG_DIR) {
722 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 723 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
724 &incoming);
0d48d939 725 }
1da177e4 726
a61bbcf2 727 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 728#ifdef CONFIG_COMPAT
729 struct compat_timeval ctv;
730#endif
a61bbcf2 731 struct timeval tv;
767c5eb5
MH		 732 void *data;
733 int len;
a61bbcf2
PM		 734
735 skb_get_timestamp(skb, &tv);
767c5eb5 736
1da97f83
DM		 737 data = &tv;
738 len = sizeof(tv);
739#ifdef CONFIG_COMPAT
da88cea1
L		 740 if (!COMPAT_USE_64BIT_TIME &&
741 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 742 ctv.tv_sec = tv.tv_sec;
743 ctv.tv_usec = tv.tv_usec;
744 data = &ctv;
745 len = sizeof(ctv);
767c5eb5 746 }
1da97f83 747#endif
767c5eb5
MH		 748
749 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 750 }
1da177e4 751}
8e87d142
YH		 752
753static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
3bb3c755 754 struct msghdr *msg, size_t len, int flags)
1da177e4
LT		 755{
756 int noblock = flags & MSG_DONTWAIT;
757 struct sock *sk = sock->sk;
758 struct sk_buff *skb;
759 int copied, err;
760
761 BT_DBG("sock %p, sk %p", sock, sk);
762
763 if (flags & (MSG_OOB))
764 return -EOPNOTSUPP;
765
766 if (sk->sk_state == BT_CLOSED)
767 return 0;
768
70f23020
AE		 769 skb = skb_recv_datagram(sk, flags, noblock, &err);
770 if (!skb)
1da177e4
LT		 771 return err;
772
773 msg->msg_namelen = 0;
774
775 copied = skb->len;
776 if (len < copied) {
777 msg->msg_flags |= MSG_TRUNC;
778 copied = len;
779 }
780
badff6d0 781 skb_reset_transport_header(skb);
1da177e4
LT		 782 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
783
3a208627
MH		 784 switch (hci_pi(sk)->channel) {
785 case HCI_CHANNEL_RAW:
786 hci_sock_cmsg(sk, msg, skb);
787 break;
97e0bdeb 788 case HCI_CHANNEL_CONTROL:
cd82e61c
MH		 789 case HCI_CHANNEL_MONITOR:
790 sock_recv_timestamp(msg, sk, skb);
791 break;
3a208627 792 }
1da177e4
LT		 793
794 skb_free_datagram(sk, skb);
795
796 return err ? : copied;
797}
798
8e87d142 799static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 800 struct msghdr *msg, size_t len)
801{
802 struct sock *sk = sock->sk;
803 struct hci_dev *hdev;
804 struct sk_buff *skb;
805 int err;
806
807 BT_DBG("sock %p sk %p", sock, sk);
808
809 if (msg->msg_flags & MSG_OOB)
810 return -EOPNOTSUPP;
811
812 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
813 return -EINVAL;
814
815 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
816 return -EINVAL;
817
818 lock_sock(sk);
819
0381101f
JH		 820 switch (hci_pi(sk)->channel) {
821 case HCI_CHANNEL_RAW:
822 break;
823 case HCI_CHANNEL_CONTROL:
824 err = mgmt_control(sk, msg, len);
825 goto done;
cd82e61c
MH		 826 case HCI_CHANNEL_MONITOR:
827 err = -EOPNOTSUPP;
828 goto done;
0381101f
JH		 829 default:
830 err = -EINVAL;
831 goto done;
832 }
833
70f23020
AE		 834 hdev = hci_pi(sk)->hdev;
835 if (!hdev) {
1da177e4
LT		 836 err = -EBADFD;
837 goto done;
838 }
839
7e21addc
MH		 840 if (!test_bit(HCI_UP, &hdev->flags)) {
841 err = -ENETDOWN;
842 goto done;
843 }
844
70f23020
AE		 845 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
846 if (!skb)
1da177e4
LT		 847 goto done;
848
849 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
850 err = -EFAULT;
851 goto drop;
852 }
853
0d48d939 854 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4
LT		 855 skb_pull(skb, 1);
856 skb->dev = (void *) hdev;
857
0d48d939 858 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 859 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 860 u16 ogf = hci_opcode_ogf(opcode);
861 u16 ocf = hci_opcode_ocf(opcode);
862
863 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 864 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
865 &hci_sec_filter.ocf_mask[ogf])) &&
866 !capable(CAP_NET_RAW)) {
1da177e4
LT		 867 err = -EPERM;
868 goto drop;
869 }
870
a9de9248 871 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
1da177e4 872 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 873 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 874 } else {
11714b3d
JH		 875 /* Stand-alone HCI commands must be flaged as
876 * single-command requests.
877 */
878 bt_cb(skb)->req.start = true;
879
1da177e4 880 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 881 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 882 }
883 } else {
884 if (!capable(CAP_NET_RAW)) {
885 err = -EPERM;
886 goto drop;
887 }
888
889 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 890 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 891 }
892
893 err = len;
894
895done:
896 release_sock(sk);
897 return err;
898
899drop:
900 kfree_skb(skb);
901 goto done;
902}
903
8fc9ced3
GP		 904static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
905 char __user *optval, unsigned int len)
1da177e4
LT		 906{
907 struct hci_ufilter uf = { .opcode = 0 };
908 struct sock *sk = sock->sk;
909 int err = 0, opt = 0;
910
911 BT_DBG("sk %p, opt %d", sk, optname);
912
913 lock_sock(sk);
914
2f39cdb7
MH		 915 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
916 err = -EINVAL;
917 goto done;
918 }
919
1da177e4
LT		 920 switch (optname) {
921 case HCI_DATA_DIR:
922 if (get_user(opt, (int __user *)optval)) {
923 err = -EFAULT;
924 break;
925 }
926
927 if (opt)
928 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
929 else
930 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
931 break;
932
933 case HCI_TIME_STAMP:
934 if (get_user(opt, (int __user *)optval)) {
935 err = -EFAULT;
936 break;
937 }
938
939 if (opt)
940 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
941 else
942 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
943 break;
944
945 case HCI_FILTER:
0878b666
MH		 946 {
947 struct hci_filter *f = &hci_pi(sk)->filter;
948
949 uf.type_mask = f->type_mask;
950 uf.opcode = f->opcode;
951 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
952 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
953 }
954
1da177e4
LT		 955 len = min_t(unsigned int, len, sizeof(uf));
956 if (copy_from_user(&uf, optval, len)) {
957 err = -EFAULT;
958 break;
959 }
960
961 if (!capable(CAP_NET_RAW)) {
962 uf.type_mask &= hci_sec_filter.type_mask;
963 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
964 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
965 }
966
967 {
968 struct hci_filter *f = &hci_pi(sk)->filter;
969
970 f->type_mask = uf.type_mask;
971 f->opcode = uf.opcode;
972 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
973 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
974 }
8e87d142 975 break;
1da177e4
LT		 976
977 default:
978 err = -ENOPROTOOPT;
979 break;
980 }
981
2f39cdb7 982done:
1da177e4
LT		 983 release_sock(sk);
984 return err;
985}
986
8fc9ced3
GP		 987static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
988 char __user *optval, int __user *optlen)
1da177e4
LT		 989{
990 struct hci_ufilter uf;
991 struct sock *sk = sock->sk;
cedc5469
MH		 992 int len, opt, err = 0;
993
994 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 995
996 if (get_user(len, optlen))
997 return -EFAULT;
998
cedc5469
MH		 999 lock_sock(sk);
1000
1001 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1002 err = -EINVAL;
1003 goto done;
1004 }
1005
1da177e4
LT		 1006 switch (optname) {
1007 case HCI_DATA_DIR:
1008 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1009 opt = 1;
8e87d142 1010 else
1da177e4
LT		 1011 opt = 0;
1012
1013 if (put_user(opt, optval))
cedc5469 1014 err = -EFAULT;
1da177e4
LT		 1015 break;
1016
1017 case HCI_TIME_STAMP:
1018 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1019 opt = 1;
8e87d142 1020 else
1da177e4
LT		 1021 opt = 0;
1022
1023 if (put_user(opt, optval))
cedc5469 1024 err = -EFAULT;
1da177e4
LT		 1025 break;
1026
1027 case HCI_FILTER:
1028 {
1029 struct hci_filter *f = &hci_pi(sk)->filter;
1030
e15ca9a0 1031 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1032 uf.type_mask = f->type_mask;
1033 uf.opcode = f->opcode;
1034 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1035 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1036 }
1037
1038 len = min_t(unsigned int, len, sizeof(uf));
1039 if (copy_to_user(optval, &uf, len))
cedc5469 1040 err = -EFAULT;
1da177e4
LT		 1041 break;
1042
1043 default:
cedc5469 1044 err = -ENOPROTOOPT;
1da177e4
LT		 1045 break;
1046 }
1047
cedc5469
MH		 1048done:
1049 release_sock(sk);
1050 return err;
1da177e4
LT		 1051}
1052
90ddc4f0 1053static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1054 .family = PF_BLUETOOTH,
1055 .owner = THIS_MODULE,
1056 .release = hci_sock_release,
1057 .bind = hci_sock_bind,
1058 .getname = hci_sock_getname,
1059 .sendmsg = hci_sock_sendmsg,
1060 .recvmsg = hci_sock_recvmsg,
1061 .ioctl = hci_sock_ioctl,
1062 .poll = datagram_poll,
1063 .listen = sock_no_listen,
1064 .shutdown = sock_no_shutdown,
1065 .setsockopt = hci_sock_setsockopt,
1066 .getsockopt = hci_sock_getsockopt,
1067 .connect = sock_no_connect,
1068 .socketpair = sock_no_socketpair,
1069 .accept = sock_no_accept,
1070 .mmap = sock_no_mmap
1071};
1072
1073static struct proto hci_sk_proto = {
1074 .name = "HCI",
1075 .owner = THIS_MODULE,
1076 .obj_size = sizeof(struct hci_pinfo)
1077};
1078
3f378b68
EP		 1079static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1080 int kern)
1da177e4
LT		 1081{
1082 struct sock *sk;
1083
1084 BT_DBG("sock %p", sock);
1085
1086 if (sock->type != SOCK_RAW)
1087 return -ESOCKTNOSUPPORT;
1088
1089 sock->ops = &hci_sock_ops;
1090
6257ff21 1091 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4
LT		 1092 if (!sk)
1093 return -ENOMEM;
1094
1095 sock_init_data(sock, sk);
1096
1097 sock_reset_flag(sk, SOCK_ZAPPED);
1098
1099 sk->sk_protocol = protocol;
1100
1101 sock->state = SS_UNCONNECTED;
1102 sk->sk_state = BT_OPEN;
1103
1104 bt_sock_link(&hci_sk_list, sk);
1105 return 0;
1106}
1107
ec1b4cf7 1108static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1109 .family = PF_BLUETOOTH,
1110 .owner = THIS_MODULE,
1111 .create = hci_sock_create,
1112};
1113
1da177e4
LT		 1114int __init hci_sock_init(void)
1115{
1116 int err;
1117
1118 err = proto_register(&hci_sk_proto, 0);
1119 if (err < 0)
1120 return err;
1121
1122 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1123 if (err < 0) {
1124 BT_ERR("HCI socket registration failed");
1da177e4 1125 goto error;
f7c86637
MY		 1126 }
1127
b0316615 1128 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
f7c86637
MY		 1129 if (err < 0) {
1130 BT_ERR("Failed to create HCI proc file");
1131 bt_sock_unregister(BTPROTO_HCI);
1132 goto error;
1133 }
1da177e4 1134
1da177e4
LT		 1135 BT_INFO("HCI socket layer initialized");
1136
1137 return 0;
1138
1139error:
1da177e4
LT		 1140 proto_unregister(&hci_sk_proto);
1141 return err;
1142}
1143
b7440a14 1144void hci_sock_cleanup(void)
1da177e4 1145{
f7c86637 1146 bt_procfs_cleanup(&init_net, "hci");
5e9d7f86 1147 bt_sock_unregister(BTPROTO_HCI);
1da177e4 1148 proto_unregister(&hci_sk_proto);
1da177e4 1149}
Linux 6.x block layer and io_uring tree(s)