2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
27 #include <linux/export.h>
28 #include <linux/utsname.h>
29 #include <linux/sched.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/hci_mon.h>
35 #include <net/bluetooth/mgmt.h>
37 #include "mgmt_util.h"
39 static LIST_HEAD(mgmt_chan_list);
40 static DEFINE_MUTEX(mgmt_chan_list_lock);
42 static DEFINE_IDA(sock_cookie_ida);
44 static atomic_t monitor_promisc = ATOMIC_INIT(0);
46 /* ----- HCI socket interface ----- */
49 #define hci_pi(sk) ((struct hci_pinfo *) sk)
54 struct hci_filter filter;
56 unsigned short channel;
59 char comm[TASK_COMM_LEN];
62 void hci_sock_set_flag(struct sock *sk, int nr)
64 set_bit(nr, &hci_pi(sk)->flags);
67 void hci_sock_clear_flag(struct sock *sk, int nr)
69 clear_bit(nr, &hci_pi(sk)->flags);
72 int hci_sock_test_flag(struct sock *sk, int nr)
74 return test_bit(nr, &hci_pi(sk)->flags);
77 unsigned short hci_sock_get_channel(struct sock *sk)
79 return hci_pi(sk)->channel;
82 u32 hci_sock_get_cookie(struct sock *sk)
84 return hci_pi(sk)->cookie;
87 static bool hci_sock_gen_cookie(struct sock *sk)
89 int id = hci_pi(sk)->cookie;
92 id = ida_simple_get(&sock_cookie_ida, 1, 0, GFP_KERNEL);
96 hci_pi(sk)->cookie = id;
97 get_task_comm(hci_pi(sk)->comm, current);
104 static void hci_sock_free_cookie(struct sock *sk)
106 int id = hci_pi(sk)->cookie;
109 hci_pi(sk)->cookie = 0xffffffff;
110 ida_simple_remove(&sock_cookie_ida, id);
114 static inline int hci_test_bit(int nr, const void *addr)
116 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
119 /* Security filter */
120 #define HCI_SFLT_MAX_OGF 5
122 struct hci_sec_filter {
125 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
128 static const struct hci_sec_filter hci_sec_filter = {
132 { 0x1000d9fe, 0x0000b00c },
137 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
138 /* OGF_LINK_POLICY */
139 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
141 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
143 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
144 /* OGF_STATUS_PARAM */
145 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
149 static struct bt_sock_list hci_sk_list = {
150 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
153 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
155 struct hci_filter *flt;
156 int flt_type, flt_event;
159 flt = &hci_pi(sk)->filter;
161 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
163 if (!test_bit(flt_type, &flt->type_mask))
166 /* Extra filter for event packets only */
167 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
170 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
172 if (!hci_test_bit(flt_event, &flt->event_mask))
175 /* Check filter only when opcode is set */
179 if (flt_event == HCI_EV_CMD_COMPLETE &&
180 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
183 if (flt_event == HCI_EV_CMD_STATUS &&
184 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
190 /* Send frame to RAW socket */
191 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
194 struct sk_buff *skb_copy = NULL;
196 BT_DBG("hdev %p len %d", hdev, skb->len);
198 read_lock(&hci_sk_list.lock);
200 sk_for_each(sk, &hci_sk_list.head) {
201 struct sk_buff *nskb;
203 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
206 /* Don't send frame to the socket it came from */
210 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
211 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
212 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
213 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
214 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
216 if (is_filtered_packet(sk, skb))
218 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
219 if (!bt_cb(skb)->incoming)
221 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
222 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
223 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT)
226 /* Don't send frame to other channel types */
231 /* Create a private copy with headroom */
232 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
236 /* Put type byte before the data */
237 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
240 nskb = skb_clone(skb_copy, GFP_ATOMIC);
244 if (sock_queue_rcv_skb(sk, nskb))
248 read_unlock(&hci_sk_list.lock);
253 /* Send frame to sockets with specific channel */
254 void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
255 int flag, struct sock *skip_sk)
259 BT_DBG("channel %u len %d", channel, skb->len);
261 read_lock(&hci_sk_list.lock);
263 sk_for_each(sk, &hci_sk_list.head) {
264 struct sk_buff *nskb;
266 /* Ignore socket without the flag set */
267 if (!hci_sock_test_flag(sk, flag))
270 /* Skip the original socket */
274 if (sk->sk_state != BT_BOUND)
277 if (hci_pi(sk)->channel != channel)
280 nskb = skb_clone(skb, GFP_ATOMIC);
284 if (sock_queue_rcv_skb(sk, nskb))
288 read_unlock(&hci_sk_list.lock);
291 /* Send frame to monitor socket */
292 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
294 struct sk_buff *skb_copy = NULL;
295 struct hci_mon_hdr *hdr;
298 if (!atomic_read(&monitor_promisc))
301 BT_DBG("hdev %p len %d", hdev, skb->len);
303 switch (hci_skb_pkt_type(skb)) {
304 case HCI_COMMAND_PKT:
305 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
308 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
310 case HCI_ACLDATA_PKT:
311 if (bt_cb(skb)->incoming)
312 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
314 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
316 case HCI_SCODATA_PKT:
317 if (bt_cb(skb)->incoming)
318 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
320 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
323 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
329 /* Create a private copy with headroom */
330 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
334 /* Put header before the data */
335 hdr = skb_push(skb_copy, HCI_MON_HDR_SIZE);
336 hdr->opcode = opcode;
337 hdr->index = cpu_to_le16(hdev->id);
338 hdr->len = cpu_to_le16(skb->len);
340 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
341 HCI_SOCK_TRUSTED, NULL);
345 void hci_send_monitor_ctrl_event(struct hci_dev *hdev, u16 event,
346 void *data, u16 data_len, ktime_t tstamp,
347 int flag, struct sock *skip_sk)
353 index = cpu_to_le16(hdev->id);
355 index = cpu_to_le16(MGMT_INDEX_NONE);
357 read_lock(&hci_sk_list.lock);
359 sk_for_each(sk, &hci_sk_list.head) {
360 struct hci_mon_hdr *hdr;
363 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
366 /* Ignore socket without the flag set */
367 if (!hci_sock_test_flag(sk, flag))
370 /* Skip the original socket */
374 skb = bt_skb_alloc(6 + data_len, GFP_ATOMIC);
378 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
379 put_unaligned_le16(event, skb_put(skb, 2));
382 skb_put_data(skb, data, data_len);
384 skb->tstamp = tstamp;
386 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
387 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_EVENT);
389 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
391 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
392 HCI_SOCK_TRUSTED, NULL);
396 read_unlock(&hci_sk_list.lock);
399 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
401 struct hci_mon_hdr *hdr;
402 struct hci_mon_new_index *ni;
403 struct hci_mon_index_info *ii;
409 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
413 ni = skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
414 ni->type = hdev->dev_type;
416 bacpy(&ni->bdaddr, &hdev->bdaddr);
417 memcpy(ni->name, hdev->name, 8);
419 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
423 skb = bt_skb_alloc(0, GFP_ATOMIC);
427 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
431 if (hdev->manufacturer == 0xffff)
437 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
441 ii = skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
442 bacpy(&ii->bdaddr, &hdev->bdaddr);
443 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
445 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
449 skb = bt_skb_alloc(0, GFP_ATOMIC);
453 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
457 skb = bt_skb_alloc(0, GFP_ATOMIC);
461 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
468 __net_timestamp(skb);
470 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
471 hdr->opcode = opcode;
472 hdr->index = cpu_to_le16(hdev->id);
473 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
478 static struct sk_buff *create_monitor_ctrl_open(struct sock *sk)
480 struct hci_mon_hdr *hdr;
486 /* No message needed when cookie is not present */
487 if (!hci_pi(sk)->cookie)
490 switch (hci_pi(sk)->channel) {
491 case HCI_CHANNEL_RAW:
493 ver[0] = BT_SUBSYS_VERSION;
494 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
496 case HCI_CHANNEL_USER:
498 ver[0] = BT_SUBSYS_VERSION;
499 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
501 case HCI_CHANNEL_CONTROL:
503 mgmt_fill_version_info(ver);
506 /* No message for unsupported format */
510 skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
514 flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
516 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
517 put_unaligned_le16(format, skb_put(skb, 2));
518 skb_put_data(skb, ver, sizeof(ver));
519 put_unaligned_le32(flags, skb_put(skb, 4));
520 skb_put_u8(skb, TASK_COMM_LEN);
521 skb_put_data(skb, hci_pi(sk)->comm, TASK_COMM_LEN);
523 __net_timestamp(skb);
525 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
526 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_OPEN);
527 if (hci_pi(sk)->hdev)
528 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
530 hdr->index = cpu_to_le16(HCI_DEV_NONE);
531 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
536 static struct sk_buff *create_monitor_ctrl_close(struct sock *sk)
538 struct hci_mon_hdr *hdr;
541 /* No message needed when cookie is not present */
542 if (!hci_pi(sk)->cookie)
545 switch (hci_pi(sk)->channel) {
546 case HCI_CHANNEL_RAW:
547 case HCI_CHANNEL_USER:
548 case HCI_CHANNEL_CONTROL:
551 /* No message for unsupported format */
555 skb = bt_skb_alloc(4, GFP_ATOMIC);
559 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
561 __net_timestamp(skb);
563 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
564 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_CLOSE);
565 if (hci_pi(sk)->hdev)
566 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
568 hdr->index = cpu_to_le16(HCI_DEV_NONE);
569 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
574 static struct sk_buff *create_monitor_ctrl_command(struct sock *sk, u16 index,
578 struct hci_mon_hdr *hdr;
581 skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
585 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
586 put_unaligned_le16(opcode, skb_put(skb, 2));
589 skb_put_data(skb, buf, len);
591 __net_timestamp(skb);
593 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
594 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_COMMAND);
595 hdr->index = cpu_to_le16(index);
596 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
601 static void __printf(2, 3)
602 send_monitor_note(struct sock *sk, const char *fmt, ...)
605 struct hci_mon_hdr *hdr;
610 len = vsnprintf(NULL, 0, fmt, args);
613 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
618 vsprintf(skb_put(skb, len), fmt, args);
619 *(u8 *)skb_put(skb, 1) = 0;
622 __net_timestamp(skb);
624 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
625 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
626 hdr->index = cpu_to_le16(HCI_DEV_NONE);
627 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
629 if (sock_queue_rcv_skb(sk, skb))
633 static void send_monitor_replay(struct sock *sk)
635 struct hci_dev *hdev;
637 read_lock(&hci_dev_list_lock);
639 list_for_each_entry(hdev, &hci_dev_list, list) {
642 skb = create_monitor_event(hdev, HCI_DEV_REG);
646 if (sock_queue_rcv_skb(sk, skb))
649 if (!test_bit(HCI_RUNNING, &hdev->flags))
652 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
656 if (sock_queue_rcv_skb(sk, skb))
659 if (test_bit(HCI_UP, &hdev->flags))
660 skb = create_monitor_event(hdev, HCI_DEV_UP);
661 else if (hci_dev_test_flag(hdev, HCI_SETUP))
662 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
667 if (sock_queue_rcv_skb(sk, skb))
672 read_unlock(&hci_dev_list_lock);
675 static void send_monitor_control_replay(struct sock *mon_sk)
679 read_lock(&hci_sk_list.lock);
681 sk_for_each(sk, &hci_sk_list.head) {
684 skb = create_monitor_ctrl_open(sk);
688 if (sock_queue_rcv_skb(mon_sk, skb))
692 read_unlock(&hci_sk_list.lock);
695 /* Generate internal stack event */
696 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
698 struct hci_event_hdr *hdr;
699 struct hci_ev_stack_internal *ev;
702 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
706 hdr = skb_put(skb, HCI_EVENT_HDR_SIZE);
707 hdr->evt = HCI_EV_STACK_INTERNAL;
708 hdr->plen = sizeof(*ev) + dlen;
710 ev = skb_put(skb, sizeof(*ev) + dlen);
712 memcpy(ev->data, data, dlen);
714 bt_cb(skb)->incoming = 1;
715 __net_timestamp(skb);
717 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
718 hci_send_to_sock(hdev, skb);
722 void hci_sock_dev_event(struct hci_dev *hdev, int event)
724 BT_DBG("hdev %s event %d", hdev->name, event);
726 if (atomic_read(&monitor_promisc)) {
729 /* Send event to monitor */
730 skb = create_monitor_event(hdev, event);
732 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
733 HCI_SOCK_TRUSTED, NULL);
738 if (event <= HCI_DEV_DOWN) {
739 struct hci_ev_si_device ev;
741 /* Send event to sockets */
743 ev.dev_id = hdev->id;
744 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
747 if (event == HCI_DEV_UNREG) {
750 /* Detach sockets from device */
751 read_lock(&hci_sk_list.lock);
752 sk_for_each(sk, &hci_sk_list.head) {
753 bh_lock_sock_nested(sk);
754 if (hci_pi(sk)->hdev == hdev) {
755 hci_pi(sk)->hdev = NULL;
757 sk->sk_state = BT_OPEN;
758 sk->sk_state_change(sk);
764 read_unlock(&hci_sk_list.lock);
768 static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
770 struct hci_mgmt_chan *c;
772 list_for_each_entry(c, &mgmt_chan_list, list) {
773 if (c->channel == channel)
780 static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
782 struct hci_mgmt_chan *c;
784 mutex_lock(&mgmt_chan_list_lock);
785 c = __hci_mgmt_chan_find(channel);
786 mutex_unlock(&mgmt_chan_list_lock);
791 int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
793 if (c->channel < HCI_CHANNEL_CONTROL)
796 mutex_lock(&mgmt_chan_list_lock);
797 if (__hci_mgmt_chan_find(c->channel)) {
798 mutex_unlock(&mgmt_chan_list_lock);
802 list_add_tail(&c->list, &mgmt_chan_list);
804 mutex_unlock(&mgmt_chan_list_lock);
808 EXPORT_SYMBOL(hci_mgmt_chan_register);
810 void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
812 mutex_lock(&mgmt_chan_list_lock);
814 mutex_unlock(&mgmt_chan_list_lock);
816 EXPORT_SYMBOL(hci_mgmt_chan_unregister);
818 static int hci_sock_release(struct socket *sock)
820 struct sock *sk = sock->sk;
821 struct hci_dev *hdev;
824 BT_DBG("sock %p sk %p", sock, sk);
829 hdev = hci_pi(sk)->hdev;
831 switch (hci_pi(sk)->channel) {
832 case HCI_CHANNEL_MONITOR:
833 atomic_dec(&monitor_promisc);
835 case HCI_CHANNEL_RAW:
836 case HCI_CHANNEL_USER:
837 case HCI_CHANNEL_CONTROL:
838 /* Send event to monitor */
839 skb = create_monitor_ctrl_close(sk);
841 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
842 HCI_SOCK_TRUSTED, NULL);
846 hci_sock_free_cookie(sk);
850 bt_sock_unlink(&hci_sk_list, sk);
853 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
854 /* When releasing a user channel exclusive access,
855 * call hci_dev_do_close directly instead of calling
856 * hci_dev_close to ensure the exclusive access will
857 * be released and the controller brought back down.
859 * The checking of HCI_AUTO_OFF is not needed in this
860 * case since it will have been cleared already when
861 * opening the user channel.
863 hci_dev_do_close(hdev);
864 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
865 mgmt_index_added(hdev);
868 atomic_dec(&hdev->promisc);
874 skb_queue_purge(&sk->sk_receive_queue);
875 skb_queue_purge(&sk->sk_write_queue);
881 #ifdef CONFIG_BT_LEGACY_IOCTL
882 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
887 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
892 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
894 hci_dev_unlock(hdev);
899 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
904 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
909 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
911 hci_dev_unlock(hdev);
916 /* Ioctls that require bound socket */
917 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
920 struct hci_dev *hdev = hci_pi(sk)->hdev;
925 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
928 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
931 if (hdev->dev_type != HCI_PRIMARY)
936 if (!capable(CAP_NET_ADMIN))
941 return hci_get_conn_info(hdev, (void __user *)arg);
944 return hci_get_auth_info(hdev, (void __user *)arg);
947 if (!capable(CAP_NET_ADMIN))
949 return hci_sock_blacklist_add(hdev, (void __user *)arg);
952 if (!capable(CAP_NET_ADMIN))
954 return hci_sock_blacklist_del(hdev, (void __user *)arg);
960 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
963 void __user *argp = (void __user *)arg;
964 struct sock *sk = sock->sk;
967 BT_DBG("cmd %x arg %lx", cmd, arg);
971 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
976 /* When calling an ioctl on an unbound raw socket, then ensure
977 * that the monitor gets informed. Ensure that the resulting event
978 * is only send once by checking if the cookie exists or not. The
979 * socket cookie will be only ever generated once for the lifetime
982 if (hci_sock_gen_cookie(sk)) {
985 if (capable(CAP_NET_ADMIN))
986 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
988 /* Send event to monitor */
989 skb = create_monitor_ctrl_open(sk);
991 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
992 HCI_SOCK_TRUSTED, NULL);
1001 return hci_get_dev_list(argp);
1004 return hci_get_dev_info(argp);
1006 case HCIGETCONNLIST:
1007 return hci_get_conn_list(argp);
1010 if (!capable(CAP_NET_ADMIN))
1012 return hci_dev_open(arg);
1015 if (!capable(CAP_NET_ADMIN))
1017 return hci_dev_close(arg);
1020 if (!capable(CAP_NET_ADMIN))
1022 return hci_dev_reset(arg);
1025 if (!capable(CAP_NET_ADMIN))
1027 return hci_dev_reset_stat(arg);
1034 case HCISETLINKMODE:
1037 if (!capable(CAP_NET_ADMIN))
1039 return hci_dev_cmd(cmd, argp);
1042 return hci_inquiry(argp);
1047 err = hci_sock_bound_ioctl(sk, cmd, arg);
1055 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
1058 struct sockaddr_hci haddr;
1059 struct sock *sk = sock->sk;
1060 struct hci_dev *hdev = NULL;
1061 struct sk_buff *skb;
1064 BT_DBG("sock %p sk %p", sock, sk);
1069 memset(&haddr, 0, sizeof(haddr));
1070 len = min_t(unsigned int, sizeof(haddr), addr_len);
1071 memcpy(&haddr, addr, len);
1073 if (haddr.hci_family != AF_BLUETOOTH)
1078 if (sk->sk_state == BT_BOUND) {
1083 switch (haddr.hci_channel) {
1084 case HCI_CHANNEL_RAW:
1085 if (hci_pi(sk)->hdev) {
1090 if (haddr.hci_dev != HCI_DEV_NONE) {
1091 hdev = hci_dev_get(haddr.hci_dev);
1097 atomic_inc(&hdev->promisc);
1100 hci_pi(sk)->channel = haddr.hci_channel;
1102 if (!hci_sock_gen_cookie(sk)) {
1103 /* In the case when a cookie has already been assigned,
1104 * then there has been already an ioctl issued against
1105 * an unbound socket and with that triggerd an open
1106 * notification. Send a close notification first to
1107 * allow the state transition to bounded.
1109 skb = create_monitor_ctrl_close(sk);
1111 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1112 HCI_SOCK_TRUSTED, NULL);
1117 if (capable(CAP_NET_ADMIN))
1118 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1120 hci_pi(sk)->hdev = hdev;
1122 /* Send event to monitor */
1123 skb = create_monitor_ctrl_open(sk);
1125 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1126 HCI_SOCK_TRUSTED, NULL);
1131 case HCI_CHANNEL_USER:
1132 if (hci_pi(sk)->hdev) {
1137 if (haddr.hci_dev == HCI_DEV_NONE) {
1142 if (!capable(CAP_NET_ADMIN)) {
1147 hdev = hci_dev_get(haddr.hci_dev);
1153 if (test_bit(HCI_INIT, &hdev->flags) ||
1154 hci_dev_test_flag(hdev, HCI_SETUP) ||
1155 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1156 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1157 test_bit(HCI_UP, &hdev->flags))) {
1163 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
1169 mgmt_index_removed(hdev);
1171 err = hci_dev_open(hdev->id);
1173 if (err == -EALREADY) {
1174 /* In case the transport is already up and
1175 * running, clear the error here.
1177 * This can happen when opening a user
1178 * channel and HCI_AUTO_OFF grace period
1183 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
1184 mgmt_index_added(hdev);
1190 hci_pi(sk)->channel = haddr.hci_channel;
1192 if (!hci_sock_gen_cookie(sk)) {
1193 /* In the case when a cookie has already been assigned,
1194 * this socket will transition from a raw socket into
1195 * a user channel socket. For a clean transition, send
1196 * the close notification first.
1198 skb = create_monitor_ctrl_close(sk);
1200 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1201 HCI_SOCK_TRUSTED, NULL);
1206 /* The user channel is restricted to CAP_NET_ADMIN
1207 * capabilities and with that implicitly trusted.
1209 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1211 hci_pi(sk)->hdev = hdev;
1213 /* Send event to monitor */
1214 skb = create_monitor_ctrl_open(sk);
1216 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1217 HCI_SOCK_TRUSTED, NULL);
1221 atomic_inc(&hdev->promisc);
1224 case HCI_CHANNEL_MONITOR:
1225 if (haddr.hci_dev != HCI_DEV_NONE) {
1230 if (!capable(CAP_NET_RAW)) {
1235 hci_pi(sk)->channel = haddr.hci_channel;
1237 /* The monitor interface is restricted to CAP_NET_RAW
1238 * capabilities and with that implicitly trusted.
1240 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1242 send_monitor_note(sk, "Linux version %s (%s)",
1243 init_utsname()->release,
1244 init_utsname()->machine);
1245 send_monitor_note(sk, "Bluetooth subsystem version %u.%u",
1246 BT_SUBSYS_VERSION, BT_SUBSYS_REVISION);
1247 send_monitor_replay(sk);
1248 send_monitor_control_replay(sk);
1250 atomic_inc(&monitor_promisc);
1253 case HCI_CHANNEL_LOGGING:
1254 if (haddr.hci_dev != HCI_DEV_NONE) {
1259 if (!capable(CAP_NET_ADMIN)) {
1264 hci_pi(sk)->channel = haddr.hci_channel;
1268 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
1273 if (haddr.hci_dev != HCI_DEV_NONE) {
1278 /* Users with CAP_NET_ADMIN capabilities are allowed
1279 * access to all management commands and events. For
1280 * untrusted users the interface is restricted and
1281 * also only untrusted events are sent.
1283 if (capable(CAP_NET_ADMIN))
1284 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1286 hci_pi(sk)->channel = haddr.hci_channel;
1288 /* At the moment the index and unconfigured index events
1289 * are enabled unconditionally. Setting them on each
1290 * socket when binding keeps this functionality. They
1291 * however might be cleared later and then sending of these
1292 * events will be disabled, but that is then intentional.
1294 * This also enables generic events that are safe to be
1295 * received by untrusted users. Example for such events
1296 * are changes to settings, class of device, name etc.
1298 if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
1299 if (!hci_sock_gen_cookie(sk)) {
1300 /* In the case when a cookie has already been
1301 * assigned, this socket will transtion from
1302 * a raw socket into a control socket. To
1303 * allow for a clean transtion, send the
1304 * close notification first.
1306 skb = create_monitor_ctrl_close(sk);
1308 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1309 HCI_SOCK_TRUSTED, NULL);
1314 /* Send event to monitor */
1315 skb = create_monitor_ctrl_open(sk);
1317 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1318 HCI_SOCK_TRUSTED, NULL);
1322 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
1323 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
1324 hci_sock_set_flag(sk, HCI_MGMT_OPTION_EVENTS);
1325 hci_sock_set_flag(sk, HCI_MGMT_SETTING_EVENTS);
1326 hci_sock_set_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1327 hci_sock_set_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1332 sk->sk_state = BT_BOUND;
1339 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
1340 int *addr_len, int peer)
1342 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
1343 struct sock *sk = sock->sk;
1344 struct hci_dev *hdev;
1347 BT_DBG("sock %p sk %p", sock, sk);
1354 hdev = hci_pi(sk)->hdev;
1360 *addr_len = sizeof(*haddr);
1361 haddr->hci_family = AF_BLUETOOTH;
1362 haddr->hci_dev = hdev->id;
1363 haddr->hci_channel= hci_pi(sk)->channel;
1370 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
1371 struct sk_buff *skb)
1373 __u32 mask = hci_pi(sk)->cmsg_mask;
1375 if (mask & HCI_CMSG_DIR) {
1376 int incoming = bt_cb(skb)->incoming;
1377 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1381 if (mask & HCI_CMSG_TSTAMP) {
1382 #ifdef CONFIG_COMPAT
1383 struct compat_timeval ctv;
1389 skb_get_timestamp(skb, &tv);
1393 #ifdef CONFIG_COMPAT
1394 if (!COMPAT_USE_64BIT_TIME &&
1395 (msg->msg_flags & MSG_CMSG_COMPAT)) {
1396 ctv.tv_sec = tv.tv_sec;
1397 ctv.tv_usec = tv.tv_usec;
1403 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
1407 static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1408 size_t len, int flags)
1410 int noblock = flags & MSG_DONTWAIT;
1411 struct sock *sk = sock->sk;
1412 struct sk_buff *skb;
1414 unsigned int skblen;
1416 BT_DBG("sock %p, sk %p", sock, sk);
1418 if (flags & MSG_OOB)
1421 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1424 if (sk->sk_state == BT_CLOSED)
1427 skb = skb_recv_datagram(sk, flags, noblock, &err);
1434 msg->msg_flags |= MSG_TRUNC;
1438 skb_reset_transport_header(skb);
1439 err = skb_copy_datagram_msg(skb, 0, msg, copied);
1441 switch (hci_pi(sk)->channel) {
1442 case HCI_CHANNEL_RAW:
1443 hci_sock_cmsg(sk, msg, skb);
1445 case HCI_CHANNEL_USER:
1446 case HCI_CHANNEL_MONITOR:
1447 sock_recv_timestamp(msg, sk, skb);
1450 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1451 sock_recv_timestamp(msg, sk, skb);
1455 skb_free_datagram(sk, skb);
1457 if (flags & MSG_TRUNC)
1460 return err ? : copied;
1463 static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1464 struct msghdr *msg, size_t msglen)
1468 struct mgmt_hdr *hdr;
1469 u16 opcode, index, len;
1470 struct hci_dev *hdev = NULL;
1471 const struct hci_mgmt_handler *handler;
1472 bool var_len, no_hdev;
1475 BT_DBG("got %zu bytes", msglen);
1477 if (msglen < sizeof(*hdr))
1480 buf = kmalloc(msglen, GFP_KERNEL);
1484 if (memcpy_from_msg(buf, msg, msglen)) {
1490 opcode = __le16_to_cpu(hdr->opcode);
1491 index = __le16_to_cpu(hdr->index);
1492 len = __le16_to_cpu(hdr->len);
1494 if (len != msglen - sizeof(*hdr)) {
1499 if (chan->channel == HCI_CHANNEL_CONTROL) {
1500 struct sk_buff *skb;
1502 /* Send event to monitor */
1503 skb = create_monitor_ctrl_command(sk, index, opcode, len,
1504 buf + sizeof(*hdr));
1506 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1507 HCI_SOCK_TRUSTED, NULL);
1512 if (opcode >= chan->handler_count ||
1513 chan->handlers[opcode].func == NULL) {
1514 BT_DBG("Unknown op %u", opcode);
1515 err = mgmt_cmd_status(sk, index, opcode,
1516 MGMT_STATUS_UNKNOWN_COMMAND);
1520 handler = &chan->handlers[opcode];
1522 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1523 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1524 err = mgmt_cmd_status(sk, index, opcode,
1525 MGMT_STATUS_PERMISSION_DENIED);
1529 if (index != MGMT_INDEX_NONE) {
1530 hdev = hci_dev_get(index);
1532 err = mgmt_cmd_status(sk, index, opcode,
1533 MGMT_STATUS_INVALID_INDEX);
1537 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1538 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1539 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1540 err = mgmt_cmd_status(sk, index, opcode,
1541 MGMT_STATUS_INVALID_INDEX);
1545 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1546 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1547 err = mgmt_cmd_status(sk, index, opcode,
1548 MGMT_STATUS_INVALID_INDEX);
1553 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1554 if (no_hdev != !hdev) {
1555 err = mgmt_cmd_status(sk, index, opcode,
1556 MGMT_STATUS_INVALID_INDEX);
1560 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1561 if ((var_len && len < handler->data_len) ||
1562 (!var_len && len != handler->data_len)) {
1563 err = mgmt_cmd_status(sk, index, opcode,
1564 MGMT_STATUS_INVALID_PARAMS);
1568 if (hdev && chan->hdev_init)
1569 chan->hdev_init(sk, hdev);
1571 cp = buf + sizeof(*hdr);
1573 err = handler->func(sk, hdev, cp, len);
1587 static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1589 struct hci_mon_hdr *hdr;
1590 struct sk_buff *skb;
1591 struct hci_dev *hdev;
1595 /* The logging frame consists at minimum of the standard header,
1596 * the priority byte, the ident length byte and at least one string
1597 * terminator NUL byte. Anything shorter are invalid packets.
1599 if (len < sizeof(*hdr) + 3)
1602 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1606 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1611 hdr = (void *)skb->data;
1613 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1618 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1619 __u8 priority = skb->data[sizeof(*hdr)];
1620 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1622 /* Only the priorities 0-7 are valid and with that any other
1623 * value results in an invalid packet.
1625 * The priority byte is followed by an ident length byte and
1626 * the NUL terminated ident string. Check that the ident
1627 * length is not overflowing the packet and also that the
1628 * ident string itself is NUL terminated. In case the ident
1629 * length is zero, the length value actually doubles as NUL
1630 * terminator identifier.
1632 * The message follows the ident string (if present) and
1633 * must be NUL terminated. Otherwise it is not a valid packet.
1635 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1636 ident_len > len - sizeof(*hdr) - 3 ||
1637 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1646 index = __le16_to_cpu(hdr->index);
1648 if (index != MGMT_INDEX_NONE) {
1649 hdev = hci_dev_get(index);
1658 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1660 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1671 static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1674 struct sock *sk = sock->sk;
1675 struct hci_mgmt_chan *chan;
1676 struct hci_dev *hdev;
1677 struct sk_buff *skb;
1680 BT_DBG("sock %p sk %p", sock, sk);
1682 if (msg->msg_flags & MSG_OOB)
1685 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE|
1689 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1694 switch (hci_pi(sk)->channel) {
1695 case HCI_CHANNEL_RAW:
1696 case HCI_CHANNEL_USER:
1698 case HCI_CHANNEL_MONITOR:
1701 case HCI_CHANNEL_LOGGING:
1702 err = hci_logging_frame(sk, msg, len);
1705 mutex_lock(&mgmt_chan_list_lock);
1706 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1708 err = hci_mgmt_cmd(chan, sk, msg, len);
1712 mutex_unlock(&mgmt_chan_list_lock);
1716 hdev = hci_pi(sk)->hdev;
1722 if (!test_bit(HCI_UP, &hdev->flags)) {
1727 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1731 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1736 hci_skb_pkt_type(skb) = skb->data[0];
1739 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1740 /* No permission check is needed for user channel
1741 * since that gets enforced when binding the socket.
1743 * However check that the packet type is valid.
1745 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1746 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1747 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
1752 skb_queue_tail(&hdev->raw_q, skb);
1753 queue_work(hdev->workqueue, &hdev->tx_work);
1754 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
1755 u16 opcode = get_unaligned_le16(skb->data);
1756 u16 ogf = hci_opcode_ogf(opcode);
1757 u16 ocf = hci_opcode_ocf(opcode);
1759 if (((ogf > HCI_SFLT_MAX_OGF) ||
1760 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1761 &hci_sec_filter.ocf_mask[ogf])) &&
1762 !capable(CAP_NET_RAW)) {
1767 /* Since the opcode has already been extracted here, store
1768 * a copy of the value for later use by the drivers.
1770 hci_skb_opcode(skb) = opcode;
1773 skb_queue_tail(&hdev->raw_q, skb);
1774 queue_work(hdev->workqueue, &hdev->tx_work);
1776 /* Stand-alone HCI commands must be flagged as
1777 * single-command requests.
1779 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
1781 skb_queue_tail(&hdev->cmd_q, skb);
1782 queue_work(hdev->workqueue, &hdev->cmd_work);
1785 if (!capable(CAP_NET_RAW)) {
1790 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
1791 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
1796 skb_queue_tail(&hdev->raw_q, skb);
1797 queue_work(hdev->workqueue, &hdev->tx_work);
1811 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1812 char __user *optval, unsigned int len)
1814 struct hci_ufilter uf = { .opcode = 0 };
1815 struct sock *sk = sock->sk;
1816 int err = 0, opt = 0;
1818 BT_DBG("sk %p, opt %d", sk, optname);
1820 if (level != SOL_HCI)
1821 return -ENOPROTOOPT;
1825 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1832 if (get_user(opt, (int __user *)optval)) {
1838 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1840 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1843 case HCI_TIME_STAMP:
1844 if (get_user(opt, (int __user *)optval)) {
1850 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1852 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1857 struct hci_filter *f = &hci_pi(sk)->filter;
1859 uf.type_mask = f->type_mask;
1860 uf.opcode = f->opcode;
1861 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1862 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1865 len = min_t(unsigned int, len, sizeof(uf));
1866 if (copy_from_user(&uf, optval, len)) {
1871 if (!capable(CAP_NET_RAW)) {
1872 uf.type_mask &= hci_sec_filter.type_mask;
1873 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1874 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1878 struct hci_filter *f = &hci_pi(sk)->filter;
1880 f->type_mask = uf.type_mask;
1881 f->opcode = uf.opcode;
1882 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1883 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1897 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1898 char __user *optval, int __user *optlen)
1900 struct hci_ufilter uf;
1901 struct sock *sk = sock->sk;
1902 int len, opt, err = 0;
1904 BT_DBG("sk %p, opt %d", sk, optname);
1906 if (level != SOL_HCI)
1907 return -ENOPROTOOPT;
1909 if (get_user(len, optlen))
1914 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1921 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1926 if (put_user(opt, optval))
1930 case HCI_TIME_STAMP:
1931 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1936 if (put_user(opt, optval))
1942 struct hci_filter *f = &hci_pi(sk)->filter;
1944 memset(&uf, 0, sizeof(uf));
1945 uf.type_mask = f->type_mask;
1946 uf.opcode = f->opcode;
1947 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1948 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1951 len = min_t(unsigned int, len, sizeof(uf));
1952 if (copy_to_user(optval, &uf, len))
1966 static const struct proto_ops hci_sock_ops = {
1967 .family = PF_BLUETOOTH,
1968 .owner = THIS_MODULE,
1969 .release = hci_sock_release,
1970 .bind = hci_sock_bind,
1971 .getname = hci_sock_getname,
1972 .sendmsg = hci_sock_sendmsg,
1973 .recvmsg = hci_sock_recvmsg,
1974 #ifdef CONFIG_BT_LEGACY_IOCTL
1975 .ioctl = hci_sock_ioctl,
1977 .ioctl = sock_no_ioctl,
1979 .poll = datagram_poll,
1980 .listen = sock_no_listen,
1981 .shutdown = sock_no_shutdown,
1982 .setsockopt = hci_sock_setsockopt,
1983 .getsockopt = hci_sock_getsockopt,
1984 .connect = sock_no_connect,
1985 .socketpair = sock_no_socketpair,
1986 .accept = sock_no_accept,
1987 .mmap = sock_no_mmap
1990 static struct proto hci_sk_proto = {
1992 .owner = THIS_MODULE,
1993 .obj_size = sizeof(struct hci_pinfo)
1996 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
2001 BT_DBG("sock %p", sock);
2003 if (sock->type != SOCK_RAW)
2004 return -ESOCKTNOSUPPORT;
2006 sock->ops = &hci_sock_ops;
2008 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
2012 sock_init_data(sock, sk);
2014 sock_reset_flag(sk, SOCK_ZAPPED);
2016 sk->sk_protocol = protocol;
2018 sock->state = SS_UNCONNECTED;
2019 sk->sk_state = BT_OPEN;
2021 bt_sock_link(&hci_sk_list, sk);
2025 static const struct net_proto_family hci_sock_family_ops = {
2026 .family = PF_BLUETOOTH,
2027 .owner = THIS_MODULE,
2028 .create = hci_sock_create,
2031 int __init hci_sock_init(void)
2035 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
2037 err = proto_register(&hci_sk_proto, 0);
2041 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
2043 BT_ERR("HCI socket registration failed");
2047 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
2049 BT_ERR("Failed to create HCI proc file");
2050 bt_sock_unregister(BTPROTO_HCI);
2054 BT_INFO("HCI socket layer initialized");
2059 proto_unregister(&hci_sk_proto);
2063 void hci_sock_cleanup(void)
2065 bt_procfs_cleanup(&init_net, "hci");
2066 bt_sock_unregister(BTPROTO_HCI);
2067 proto_unregister(&hci_sk_proto);