net/bluetooth/hci_sock.c

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License version 2 as
   9    published by the Free Software Foundation;
  10
  11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22    SOFTWARE IS DISCLAIMED.
  23 */
  24
  25 /* Bluetooth HCI sockets. */
  26
  27 #include <linux/export.h>
  28 #include <asm/unaligned.h>
  29
  30 #include <net/bluetooth/bluetooth.h>
  31 #include <net/bluetooth/hci_core.h>
  32 #include <net/bluetooth/hci_mon.h>
  33
  34 static atomic_t monitor_promisc = ATOMIC_INIT(0);
  35
  36 /* ----- HCI socket interface ----- */
  37
  38 static inline int hci_test_bit(int nr, void *addr)
  39 {
  40         return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
  41 }
  42
  43 /* Security filter */
  44 static struct hci_sec_filter hci_sec_filter = {
  45         /* Packet types */
  46         0x10,
  47         /* Events */
  48         { 0x1000d9fe, 0x0000b00c },
  49         /* Commands */
  50         {
  51                 { 0x0 },
  52                 /* OGF_LINK_CTL */
  53                 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
  54                 /* OGF_LINK_POLICY */
  55                 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
  56                 /* OGF_HOST_CTL */
  57                 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
  58                 /* OGF_INFO_PARAM */
  59                 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
  60                 /* OGF_STATUS_PARAM */
  61                 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
  62         }
  63 };
  64
  65 static struct bt_sock_list hci_sk_list = {
  66         .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
  67 };
  68
  69 /* Send frame to RAW socket */
  70 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
  71 {
  72         struct sock *sk;
  73         struct hlist_node *node;
  74         struct sk_buff *skb_copy = NULL;
  75
  76         BT_DBG("hdev %p len %d", hdev, skb->len);
  77
  78         read_lock(&hci_sk_list.lock);
  79
  80         sk_for_each(sk, node, &hci_sk_list.head) {
  81                 struct hci_filter *flt;
  82                 struct sk_buff *nskb;
  83
  84                 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
  85                         continue;
  86
  87                 /* Don't send frame to the socket it came from */
  88                 if (skb->sk == sk)
  89                         continue;
  90
  91                 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
  92                         continue;
  93
  94                 /* Apply filter */
  95                 flt = &hci_pi(sk)->filter;
  96
  97                 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
  98                               0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS),
  99                               &flt->type_mask))
 100                         continue;
 101
 102                 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
 103                         int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
 104
 105                         if (!hci_test_bit(evt, &flt->event_mask))
 106                                 continue;
 107
 108                         if (flt->opcode &&
 109                             ((evt == HCI_EV_CMD_COMPLETE &&
 110                               flt->opcode !=
 111                               get_unaligned((__le16 *)(skb->data + 3))) ||
 112                              (evt == HCI_EV_CMD_STATUS &&
 113                               flt->opcode !=
 114                               get_unaligned((__le16 *)(skb->data + 4)))))
 115                                 continue;
 116                 }
 117
 118                 if (!skb_copy) {
 119                         /* Create a private copy with headroom */
 120                         skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
 121                         if (!skb_copy)
 122                                 continue;
 123
 124                         /* Put type byte before the data */
 125                         memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
 126                 }
 127
 128                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
 129                 if (!nskb)
 130                         continue;
 131
 132                 if (sock_queue_rcv_skb(sk, nskb))
 133                         kfree_skb(nskb);
 134         }
 135
 136         read_unlock(&hci_sk_list.lock);
 137
 138         kfree_skb(skb_copy);
 139 }
 140
 141 /* Send frame to control socket */
 142 void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
 143 {
 144         struct sock *sk;
 145         struct hlist_node *node;
 146
 147         BT_DBG("len %d", skb->len);
 148
 149         read_lock(&hci_sk_list.lock);
 150
 151         sk_for_each(sk, node, &hci_sk_list.head) {
 152                 struct sk_buff *nskb;
 153
 154                 /* Skip the original socket */
 155                 if (sk == skip_sk)
 156                         continue;
 157
 158                 if (sk->sk_state != BT_BOUND)
 159                         continue;
 160
 161                 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
 162                         continue;
 163
 164                 nskb = skb_clone(skb, GFP_ATOMIC);
 165                 if (!nskb)
 166                         continue;
 167
 168                 if (sock_queue_rcv_skb(sk, nskb))
 169                         kfree_skb(nskb);
 170         }
 171
 172         read_unlock(&hci_sk_list.lock);
 173 }
 174
 175 /* Send frame to monitor socket */
 176 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
 177 {
 178         struct sock *sk;
 179         struct hlist_node *node;
 180         struct sk_buff *skb_copy = NULL;
 181         __le16 opcode;
 182
 183         if (!atomic_read(&monitor_promisc))
 184                 return;
 185
 186         BT_DBG("hdev %p len %d", hdev, skb->len);
 187
 188         switch (bt_cb(skb)->pkt_type) {
 189         case HCI_COMMAND_PKT:
 190                 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
 191                 break;
 192         case HCI_EVENT_PKT:
 193                 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
 194                 break;
 195         case HCI_ACLDATA_PKT:
 196                 if (bt_cb(skb)->incoming)
 197                         opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
 198                 else
 199                         opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
 200                 break;
 201         case HCI_SCODATA_PKT:
 202                 if (bt_cb(skb)->incoming)
 203                         opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
 204                 else
 205                         opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
 206                 break;
 207         default:
 208                 return;
 209         }
 210
 211         read_lock(&hci_sk_list.lock);
 212
 213         sk_for_each(sk, node, &hci_sk_list.head) {
 214                 struct sk_buff *nskb;
 215
 216                 if (sk->sk_state != BT_BOUND)
 217                         continue;
 218
 219                 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
 220                         continue;
 221
 222                 if (!skb_copy) {
 223                         struct hci_mon_hdr *hdr;
 224
 225                         /* Create a private copy with headroom */
 226                         skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
 227                                                GFP_ATOMIC);
 228                         if (!skb_copy)
 229                                 continue;
 230
 231                         /* Put header before the data */
 232                         hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
 233                         hdr->opcode = opcode;
 234                         hdr->index = cpu_to_le16(hdev->id);
 235                         hdr->len = cpu_to_le16(skb->len);
 236                 }
 237
 238                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
 239                 if (!nskb)
 240                         continue;
 241
 242                 if (sock_queue_rcv_skb(sk, nskb))
 243                         kfree_skb(nskb);
 244         }
 245
 246         read_unlock(&hci_sk_list.lock);
 247
 248         kfree_skb(skb_copy);
 249 }
 250
 251 static void send_monitor_event(struct sk_buff *skb)
 252 {
 253         struct sock *sk;
 254         struct hlist_node *node;
 255
 256         BT_DBG("len %d", skb->len);
 257
 258         read_lock(&hci_sk_list.lock);
 259
 260         sk_for_each(sk, node, &hci_sk_list.head) {
 261                 struct sk_buff *nskb;
 262
 263                 if (sk->sk_state != BT_BOUND)
 264                         continue;
 265
 266                 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
 267                         continue;
 268
 269                 nskb = skb_clone(skb, GFP_ATOMIC);
 270                 if (!nskb)
 271                         continue;
 272
 273                 if (sock_queue_rcv_skb(sk, nskb))
 274                         kfree_skb(nskb);
 275         }
 276
 277         read_unlock(&hci_sk_list.lock);
 278 }
 279
 280 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
 281 {
 282         struct hci_mon_hdr *hdr;
 283         struct hci_mon_new_index *ni;
 284         struct sk_buff *skb;
 285         __le16 opcode;
 286
 287         switch (event) {
 288         case HCI_DEV_REG:
 289                 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
 290                 if (!skb)
 291                         return NULL;
 292
 293                 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
 294                 ni->type = hdev->dev_type;
 295                 ni->bus = hdev->bus;
 296                 bacpy(&ni->bdaddr, &hdev->bdaddr);
 297                 memcpy(ni->name, hdev->name, 8);
 298
 299                 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
 300                 break;
 301
 302         case HCI_DEV_UNREG:
 303                 skb = bt_skb_alloc(0, GFP_ATOMIC);
 304                 if (!skb)
 305                         return NULL;
 306
 307                 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
 308                 break;
 309
 310         default:
 311                 return NULL;
 312         }
 313
 314         __net_timestamp(skb);
 315
 316         hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
 317         hdr->opcode = opcode;
 318         hdr->index = cpu_to_le16(hdev->id);
 319         hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
 320
 321         return skb;
 322 }
 323
 324 static void send_monitor_replay(struct sock *sk)
 325 {
 326         struct hci_dev *hdev;
 327
 328         read_lock(&hci_dev_list_lock);
 329
 330         list_for_each_entry(hdev, &hci_dev_list, list) {
 331                 struct sk_buff *skb;
 332
 333                 skb = create_monitor_event(hdev, HCI_DEV_REG);
 334                 if (!skb)
 335                         continue;
 336
 337                 if (sock_queue_rcv_skb(sk, skb))
 338                         kfree_skb(skb);
 339         }
 340
 341         read_unlock(&hci_dev_list_lock);
 342 }
 343
 344 /* Generate internal stack event */
 345 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
 346 {
 347         struct hci_event_hdr *hdr;
 348         struct hci_ev_stack_internal *ev;
 349         struct sk_buff *skb;
 350
 351         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
 352         if (!skb)
 353                 return;
 354
 355         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
 356         hdr->evt  = HCI_EV_STACK_INTERNAL;
 357         hdr->plen = sizeof(*ev) + dlen;
 358
 359         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
 360         ev->type = type;
 361         memcpy(ev->data, data, dlen);
 362
 363         bt_cb(skb)->incoming = 1;
 364         __net_timestamp(skb);
 365
 366         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
 367         skb->dev = (void *) hdev;
 368         hci_send_to_sock(hdev, skb);
 369         kfree_skb(skb);
 370 }
 371
 372 void hci_sock_dev_event(struct hci_dev *hdev, int event)
 373 {
 374         struct hci_ev_si_device ev;
 375
 376         BT_DBG("hdev %s event %d", hdev->name, event);
 377
 378         /* Send event to monitor */
 379         if (atomic_read(&monitor_promisc)) {
 380                 struct sk_buff *skb;
 381
 382                 skb = create_monitor_event(hdev, event);
 383                 if (skb) {
 384                         send_monitor_event(skb);
 385                         kfree_skb(skb);
 386                 }
 387         }
 388
 389         /* Send event to sockets */
 390         ev.event  = event;
 391         ev.dev_id = hdev->id;
 392         hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
 393
 394         if (event == HCI_DEV_UNREG) {
 395                 struct sock *sk;
 396                 struct hlist_node *node;
 397
 398                 /* Detach sockets from device */
 399                 read_lock(&hci_sk_list.lock);
 400                 sk_for_each(sk, node, &hci_sk_list.head) {
 401                         bh_lock_sock_nested(sk);
 402                         if (hci_pi(sk)->hdev == hdev) {
 403                                 hci_pi(sk)->hdev = NULL;
 404                                 sk->sk_err = EPIPE;
 405                                 sk->sk_state = BT_OPEN;
 406                                 sk->sk_state_change(sk);
 407
 408                                 hci_dev_put(hdev);
 409                         }
 410                         bh_unlock_sock(sk);
 411                 }
 412                 read_unlock(&hci_sk_list.lock);
 413         }
 414 }
 415
 416 static int hci_sock_release(struct socket *sock)
 417 {
 418         struct sock *sk = sock->sk;
 419         struct hci_dev *hdev;
 420
 421         BT_DBG("sock %p sk %p", sock, sk);
 422
 423         if (!sk)
 424                 return 0;
 425
 426         hdev = hci_pi(sk)->hdev;
 427
 428         if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
 429                 atomic_dec(&monitor_promisc);
 430
 431         bt_sock_unlink(&hci_sk_list, sk);
 432
 433         if (hdev) {
 434                 atomic_dec(&hdev->promisc);
 435                 hci_dev_put(hdev);
 436         }
 437
 438         sock_orphan(sk);
 439
 440         skb_queue_purge(&sk->sk_receive_queue);
 441         skb_queue_purge(&sk->sk_write_queue);
 442
 443         sock_put(sk);
 444         return 0;
 445 }
 446
 447 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
 448 {
 449         bdaddr_t bdaddr;
 450         int err;
 451
 452         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
 453                 return -EFAULT;
 454
 455         hci_dev_lock(hdev);
 456
 457         err = hci_blacklist_add(hdev, &bdaddr, 0);
 458
 459         hci_dev_unlock(hdev);
 460
 461         return err;
 462 }
 463
 464 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
 465 {
 466         bdaddr_t bdaddr;
 467         int err;
 468
 469         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
 470                 return -EFAULT;
 471
 472         hci_dev_lock(hdev);
 473
 474         err = hci_blacklist_del(hdev, &bdaddr, 0);
 475
 476         hci_dev_unlock(hdev);
 477
 478         return err;
 479 }
 480
 481 /* Ioctls that require bound socket */
 482 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
 483                                 unsigned long arg)
 484 {
 485         struct hci_dev *hdev = hci_pi(sk)->hdev;
 486
 487         if (!hdev)
 488                 return -EBADFD;
 489
 490         switch (cmd) {
 491         case HCISETRAW:
 492                 if (!capable(CAP_NET_ADMIN))
 493                         return -EACCES;
 494
 495                 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
 496                         return -EPERM;
 497
 498                 if (arg)
 499                         set_bit(HCI_RAW, &hdev->flags);
 500                 else
 501                         clear_bit(HCI_RAW, &hdev->flags);
 502
 503                 return 0;
 504
 505         case HCIGETCONNINFO:
 506                 return hci_get_conn_info(hdev, (void __user *) arg);
 507
 508         case HCIGETAUTHINFO:
 509                 return hci_get_auth_info(hdev, (void __user *) arg);
 510
 511         case HCIBLOCKADDR:
 512                 if (!capable(CAP_NET_ADMIN))
 513                         return -EACCES;
 514                 return hci_sock_blacklist_add(hdev, (void __user *) arg);
 515
 516         case HCIUNBLOCKADDR:
 517                 if (!capable(CAP_NET_ADMIN))
 518                         return -EACCES;
 519                 return hci_sock_blacklist_del(hdev, (void __user *) arg);
 520
 521         default:
 522                 if (hdev->ioctl)
 523                         return hdev->ioctl(hdev, cmd, arg);
 524                 return -EINVAL;
 525         }
 526 }
 527
 528 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
 529                           unsigned long arg)
 530 {
 531         struct sock *sk = sock->sk;
 532         void __user *argp = (void __user *) arg;
 533         int err;
 534
 535         BT_DBG("cmd %x arg %lx", cmd, arg);
 536
 537         switch (cmd) {
 538         case HCIGETDEVLIST:
 539                 return hci_get_dev_list(argp);
 540
 541         case HCIGETDEVINFO:
 542                 return hci_get_dev_info(argp);
 543
 544         case HCIGETCONNLIST:
 545                 return hci_get_conn_list(argp);
 546
 547         case HCIDEVUP:
 548                 if (!capable(CAP_NET_ADMIN))
 549                         return -EACCES;
 550                 return hci_dev_open(arg);
 551
 552         case HCIDEVDOWN:
 553                 if (!capable(CAP_NET_ADMIN))
 554                         return -EACCES;
 555                 return hci_dev_close(arg);
 556
 557         case HCIDEVRESET:
 558                 if (!capable(CAP_NET_ADMIN))
 559                         return -EACCES;
 560                 return hci_dev_reset(arg);
 561
 562         case HCIDEVRESTAT:
 563                 if (!capable(CAP_NET_ADMIN))
 564                         return -EACCES;
 565                 return hci_dev_reset_stat(arg);
 566
 567         case HCISETSCAN:
 568         case HCISETAUTH:
 569         case HCISETENCRYPT:
 570         case HCISETPTYPE:
 571         case HCISETLINKPOL:
 572         case HCISETLINKMODE:
 573         case HCISETACLMTU:
 574         case HCISETSCOMTU:
 575                 if (!capable(CAP_NET_ADMIN))
 576                         return -EACCES;
 577                 return hci_dev_cmd(cmd, argp);
 578
 579         case HCIINQUIRY:
 580                 return hci_inquiry(argp);
 581
 582         default:
 583                 lock_sock(sk);
 584                 err = hci_sock_bound_ioctl(sk, cmd, arg);
 585                 release_sock(sk);
 586                 return err;
 587         }
 588 }
 589
 590 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
 591                          int addr_len)
 592 {
 593         struct sockaddr_hci haddr;
 594         struct sock *sk = sock->sk;
 595         struct hci_dev *hdev = NULL;
 596         int len, err = 0;
 597
 598         BT_DBG("sock %p sk %p", sock, sk);
 599
 600         if (!addr)
 601                 return -EINVAL;
 602
 603         memset(&haddr, 0, sizeof(haddr));
 604         len = min_t(unsigned int, sizeof(haddr), addr_len);
 605         memcpy(&haddr, addr, len);
 606
 607         if (haddr.hci_family != AF_BLUETOOTH)
 608                 return -EINVAL;
 609
 610         lock_sock(sk);
 611
 612         if (sk->sk_state == BT_BOUND) {
 613                 err = -EALREADY;
 614                 goto done;
 615         }
 616
 617         switch (haddr.hci_channel) {
 618         case HCI_CHANNEL_RAW:
 619                 if (hci_pi(sk)->hdev) {
 620                         err = -EALREADY;
 621                         goto done;
 622                 }
 623
 624                 if (haddr.hci_dev != HCI_DEV_NONE) {
 625                         hdev = hci_dev_get(haddr.hci_dev);
 626                         if (!hdev) {
 627                                 err = -ENODEV;
 628                                 goto done;
 629                         }
 630
 631                         atomic_inc(&hdev->promisc);
 632                 }
 633
 634                 hci_pi(sk)->hdev = hdev;
 635                 break;
 636
 637         case HCI_CHANNEL_CONTROL:
 638                 if (haddr.hci_dev != HCI_DEV_NONE) {
 639                         err = -EINVAL;
 640                         goto done;
 641                 }
 642
 643                 if (!capable(CAP_NET_ADMIN)) {
 644                         err = -EPERM;
 645                         goto done;
 646                 }
 647
 648                 break;
 649
 650         case HCI_CHANNEL_MONITOR:
 651                 if (haddr.hci_dev != HCI_DEV_NONE) {
 652                         err = -EINVAL;
 653                         goto done;
 654                 }
 655
 656                 if (!capable(CAP_NET_RAW)) {
 657                         err = -EPERM;
 658                         goto done;
 659                 }
 660
 661                 send_monitor_replay(sk);
 662
 663                 atomic_inc(&monitor_promisc);
 664                 break;
 665
 666         default:
 667                 err = -EINVAL;
 668                 goto done;
 669         }
 670
 671
 672         hci_pi(sk)->channel = haddr.hci_channel;
 673         sk->sk_state = BT_BOUND;
 674
 675 done:
 676         release_sock(sk);
 677         return err;
 678 }
 679
 680 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
 681                             int *addr_len, int peer)
 682 {
 683         struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
 684         struct sock *sk = sock->sk;
 685         struct hci_dev *hdev = hci_pi(sk)->hdev;
 686
 687         BT_DBG("sock %p sk %p", sock, sk);
 688
 689         if (!hdev)
 690                 return -EBADFD;
 691
 692         lock_sock(sk);
 693
 694         *addr_len = sizeof(*haddr);
 695         haddr->hci_family = AF_BLUETOOTH;
 696         haddr->hci_dev    = hdev->id;
 697
 698         release_sock(sk);
 699         return 0;
 700 }
 701
 702 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
 703                           struct sk_buff *skb)
 704 {
 705         __u32 mask = hci_pi(sk)->cmsg_mask;
 706
 707         if (mask & HCI_CMSG_DIR) {
 708                 int incoming = bt_cb(skb)->incoming;
 709                 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
 710                          &incoming);
 711         }
 712
 713         if (mask & HCI_CMSG_TSTAMP) {
 714 #ifdef CONFIG_COMPAT
 715                 struct compat_timeval ctv;
 716 #endif
 717                 struct timeval tv;
 718                 void *data;
 719                 int len;
 720
 721                 skb_get_timestamp(skb, &tv);
 722
 723                 data = &tv;
 724                 len = sizeof(tv);
 725 #ifdef CONFIG_COMPAT
 726                 if (!COMPAT_USE_64BIT_TIME &&
 727                     (msg->msg_flags & MSG_CMSG_COMPAT)) {
 728                         ctv.tv_sec = tv.tv_sec;
 729                         ctv.tv_usec = tv.tv_usec;
 730                         data = &ctv;
 731                         len = sizeof(ctv);
 732                 }
 733 #endif
 734
 735                 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
 736         }
 737 }
 738
 739 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 740                             struct msghdr *msg, size_t len, int flags)
 741 {
 742         int noblock = flags & MSG_DONTWAIT;
 743         struct sock *sk = sock->sk;
 744         struct sk_buff *skb;
 745         int copied, err;
 746
 747         BT_DBG("sock %p, sk %p", sock, sk);
 748
 749         if (flags & (MSG_OOB))
 750                 return -EOPNOTSUPP;
 751
 752         if (sk->sk_state == BT_CLOSED)
 753                 return 0;
 754
 755         skb = skb_recv_datagram(sk, flags, noblock, &err);
 756         if (!skb)
 757                 return err;
 758
 759         msg->msg_namelen = 0;
 760
 761         copied = skb->len;
 762         if (len < copied) {
 763                 msg->msg_flags |= MSG_TRUNC;
 764                 copied = len;
 765         }
 766
 767         skb_reset_transport_header(skb);
 768         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
 769
 770         switch (hci_pi(sk)->channel) {
 771         case HCI_CHANNEL_RAW:
 772                 hci_sock_cmsg(sk, msg, skb);
 773                 break;
 774         case HCI_CHANNEL_CONTROL:
 775         case HCI_CHANNEL_MONITOR:
 776                 sock_recv_timestamp(msg, sk, skb);
 777                 break;
 778         }
 779
 780         skb_free_datagram(sk, skb);
 781
 782         return err ? : copied;
 783 }
 784
 785 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
 786                             struct msghdr *msg, size_t len)
 787 {
 788         struct sock *sk = sock->sk;
 789         struct hci_dev *hdev;
 790         struct sk_buff *skb;
 791         int err;
 792
 793         BT_DBG("sock %p sk %p", sock, sk);
 794
 795         if (msg->msg_flags & MSG_OOB)
 796                 return -EOPNOTSUPP;
 797
 798         if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
 799                 return -EINVAL;
 800
 801         if (len < 4 || len > HCI_MAX_FRAME_SIZE)
 802                 return -EINVAL;
 803
 804         lock_sock(sk);
 805
 806         switch (hci_pi(sk)->channel) {
 807         case HCI_CHANNEL_RAW:
 808                 break;
 809         case HCI_CHANNEL_CONTROL:
 810                 err = mgmt_control(sk, msg, len);
 811                 goto done;
 812         case HCI_CHANNEL_MONITOR:
 813                 err = -EOPNOTSUPP;
 814                 goto done;
 815         default:
 816                 err = -EINVAL;
 817                 goto done;
 818         }
 819
 820         hdev = hci_pi(sk)->hdev;
 821         if (!hdev) {
 822                 err = -EBADFD;
 823                 goto done;
 824         }
 825
 826         if (!test_bit(HCI_UP, &hdev->flags)) {
 827                 err = -ENETDOWN;
 828                 goto done;
 829         }
 830
 831         skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
 832         if (!skb)
 833                 goto done;
 834
 835         if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
 836                 err = -EFAULT;
 837                 goto drop;
 838         }
 839
 840         bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
 841         skb_pull(skb, 1);
 842         skb->dev = (void *) hdev;
 843
 844         if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
 845                 u16 opcode = get_unaligned_le16(skb->data);
 846                 u16 ogf = hci_opcode_ogf(opcode);
 847                 u16 ocf = hci_opcode_ocf(opcode);
 848
 849                 if (((ogf > HCI_SFLT_MAX_OGF) ||
 850                      !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
 851                                    &hci_sec_filter.ocf_mask[ogf])) &&
 852                     !capable(CAP_NET_RAW)) {
 853                         err = -EPERM;
 854                         goto drop;
 855                 }
 856
 857                 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
 858                         skb_queue_tail(&hdev->raw_q, skb);
 859                         queue_work(hdev->workqueue, &hdev->tx_work);
 860                 } else {
 861                         skb_queue_tail(&hdev->cmd_q, skb);
 862                         queue_work(hdev->workqueue, &hdev->cmd_work);
 863                 }
 864         } else {
 865                 if (!capable(CAP_NET_RAW)) {
 866                         err = -EPERM;
 867                         goto drop;
 868                 }
 869
 870                 skb_queue_tail(&hdev->raw_q, skb);
 871                 queue_work(hdev->workqueue, &hdev->tx_work);
 872         }
 873
 874         err = len;
 875
 876 done:
 877         release_sock(sk);
 878         return err;
 879
 880 drop:
 881         kfree_skb(skb);
 882         goto done;
 883 }
 884
 885 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
 886                                char __user *optval, unsigned int len)
 887 {
 888         struct hci_ufilter uf = { .opcode = 0 };
 889         struct sock *sk = sock->sk;
 890         int err = 0, opt = 0;
 891
 892         BT_DBG("sk %p, opt %d", sk, optname);
 893
 894         lock_sock(sk);
 895
 896         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
 897                 err = -EINVAL;
 898                 goto done;
 899         }
 900
 901         switch (optname) {
 902         case HCI_DATA_DIR:
 903                 if (get_user(opt, (int __user *)optval)) {
 904                         err = -EFAULT;
 905                         break;
 906                 }
 907
 908                 if (opt)
 909                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
 910                 else
 911                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
 912                 break;
 913
 914         case HCI_TIME_STAMP:
 915                 if (get_user(opt, (int __user *)optval)) {
 916                         err = -EFAULT;
 917                         break;
 918                 }
 919
 920                 if (opt)
 921                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
 922                 else
 923                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
 924                 break;
 925
 926         case HCI_FILTER:
 927                 {
 928                         struct hci_filter *f = &hci_pi(sk)->filter;
 929
 930                         uf.type_mask = f->type_mask;
 931                         uf.opcode    = f->opcode;
 932                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
 933                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
 934                 }
 935
 936                 len = min_t(unsigned int, len, sizeof(uf));
 937                 if (copy_from_user(&uf, optval, len)) {
 938                         err = -EFAULT;
 939                         break;
 940                 }
 941
 942                 if (!capable(CAP_NET_RAW)) {
 943                         uf.type_mask &= hci_sec_filter.type_mask;
 944                         uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
 945                         uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
 946                 }
 947
 948                 {
 949                         struct hci_filter *f = &hci_pi(sk)->filter;
 950
 951                         f->type_mask = uf.type_mask;
 952                         f->opcode    = uf.opcode;
 953                         *((u32 *) f->event_mask + 0) = uf.event_mask[0];
 954                         *((u32 *) f->event_mask + 1) = uf.event_mask[1];
 955                 }
 956                 break;
 957
 958         default:
 959                 err = -ENOPROTOOPT;
 960                 break;
 961         }
 962
 963 done:
 964         release_sock(sk);
 965         return err;
 966 }
 967
 968 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
 969                                char __user *optval, int __user *optlen)
 970 {
 971         struct hci_ufilter uf;
 972         struct sock *sk = sock->sk;
 973         int len, opt, err = 0;
 974
 975         BT_DBG("sk %p, opt %d", sk, optname);
 976
 977         if (get_user(len, optlen))
 978                 return -EFAULT;
 979
 980         lock_sock(sk);
 981
 982         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
 983                 err = -EINVAL;
 984                 goto done;
 985         }
 986
 987         switch (optname) {
 988         case HCI_DATA_DIR:
 989                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
 990                         opt = 1;
 991                 else
 992                         opt = 0;
 993
 994                 if (put_user(opt, optval))
 995                         err = -EFAULT;
 996                 break;
 997
 998         case HCI_TIME_STAMP:
 999                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1000                         opt = 1;
1001                 else
1002                         opt = 0;
1003
1004                 if (put_user(opt, optval))
1005                         err = -EFAULT;
1006                 break;
1007
1008         case HCI_FILTER:
1009                 {
1010                         struct hci_filter *f = &hci_pi(sk)->filter;
1011
1012                         uf.type_mask = f->type_mask;
1013                         uf.opcode    = f->opcode;
1014                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1015                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1016                 }
1017
1018                 len = min_t(unsigned int, len, sizeof(uf));
1019                 if (copy_to_user(optval, &uf, len))
1020                         err = -EFAULT;
1021                 break;
1022
1023         default:
1024                 err = -ENOPROTOOPT;
1025                 break;
1026         }
1027
1028 done:
1029         release_sock(sk);
1030         return err;
1031 }
1032
1033 static const struct proto_ops hci_sock_ops = {
1034         .family         = PF_BLUETOOTH,
1035         .owner          = THIS_MODULE,
1036         .release        = hci_sock_release,
1037         .bind           = hci_sock_bind,
1038         .getname        = hci_sock_getname,
1039         .sendmsg        = hci_sock_sendmsg,
1040         .recvmsg        = hci_sock_recvmsg,
1041         .ioctl          = hci_sock_ioctl,
1042         .poll           = datagram_poll,
1043         .listen         = sock_no_listen,
1044         .shutdown       = sock_no_shutdown,
1045         .setsockopt     = hci_sock_setsockopt,
1046         .getsockopt     = hci_sock_getsockopt,
1047         .connect        = sock_no_connect,
1048         .socketpair     = sock_no_socketpair,
1049         .accept         = sock_no_accept,
1050         .mmap           = sock_no_mmap
1051 };
1052
1053 static struct proto hci_sk_proto = {
1054         .name           = "HCI",
1055         .owner          = THIS_MODULE,
1056         .obj_size       = sizeof(struct hci_pinfo)
1057 };
1058
1059 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1060                            int kern)
1061 {
1062         struct sock *sk;
1063
1064         BT_DBG("sock %p", sock);
1065
1066         if (sock->type != SOCK_RAW)
1067                 return -ESOCKTNOSUPPORT;
1068
1069         sock->ops = &hci_sock_ops;
1070
1071         sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1072         if (!sk)
1073                 return -ENOMEM;
1074
1075         sock_init_data(sock, sk);
1076
1077         sock_reset_flag(sk, SOCK_ZAPPED);
1078
1079         sk->sk_protocol = protocol;
1080
1081         sock->state = SS_UNCONNECTED;
1082         sk->sk_state = BT_OPEN;
1083
1084         bt_sock_link(&hci_sk_list, sk);
1085         return 0;
1086 }
1087
1088 static const struct net_proto_family hci_sock_family_ops = {
1089         .family = PF_BLUETOOTH,
1090         .owner  = THIS_MODULE,
1091         .create = hci_sock_create,
1092 };
1093
1094 int __init hci_sock_init(void)
1095 {
1096         int err;
1097
1098         err = proto_register(&hci_sk_proto, 0);
1099         if (err < 0)
1100                 return err;
1101
1102         err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1103         if (err < 0)
1104                 goto error;
1105
1106         BT_INFO("HCI socket layer initialized");
1107
1108         return 0;
1109
1110 error:
1111         BT_ERR("HCI socket registration failed");
1112         proto_unregister(&hci_sk_proto);
1113         return err;
1114 }
1115
1116 void hci_sock_cleanup(void)
1117 {
1118         if (bt_sock_unregister(BTPROTO_HCI) < 0)
1119                 BT_ERR("HCI socket unregistration failed");
1120
1121         proto_unregister(&hci_sk_proto);
1122 }