1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/export.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_mon.h>
33
34static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
36
37
38static inline int hci_test_bit(int nr, void *addr)
39{
40 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
41}
42
43
44static struct hci_sec_filter hci_sec_filter = {
45
46 0x10,
47
48 { 0x1000d9fe, 0x0000b00c },
49
50 {
51 { 0x0 },
52
53 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
54
55 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
56
57 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
58
59 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
60
61 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
62 }
63};
64
65static struct bt_sock_list hci_sk_list = {
66 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
67};
68
69
70void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 struct sock *sk;
73 struct sk_buff *skb_copy = NULL;
74
75 BT_DBG("hdev %p len %d", hdev, skb->len);
76
77 read_lock(&hci_sk_list.lock);
78
79 sk_for_each(sk, &hci_sk_list.head) {
80 struct hci_filter *flt;
81 struct sk_buff *nskb;
82
83 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
84 continue;
85
86
87 if (skb->sk == sk)
88 continue;
89
90 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
91 continue;
92
93
94 flt = &hci_pi(sk)->filter;
95
96 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
97 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS),
98 &flt->type_mask))
99 continue;
100
101 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
102 int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
103
104 if (!hci_test_bit(evt, &flt->event_mask))
105 continue;
106
107 if (flt->opcode &&
108 ((evt == HCI_EV_CMD_COMPLETE &&
109 flt->opcode !=
110 get_unaligned((__le16 *)(skb->data + 3))) ||
111 (evt == HCI_EV_CMD_STATUS &&
112 flt->opcode !=
113 get_unaligned((__le16 *)(skb->data + 4)))))
114 continue;
115 }
116
117 if (!skb_copy) {
118
119 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
120 if (!skb_copy)
121 continue;
122
123
124 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
125 }
126
127 nskb = skb_clone(skb_copy, GFP_ATOMIC);
128 if (!nskb)
129 continue;
130
131 if (sock_queue_rcv_skb(sk, nskb))
132 kfree_skb(nskb);
133 }
134
135 read_unlock(&hci_sk_list.lock);
136
137 kfree_skb(skb_copy);
138}
139
140
141void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
142{
143 struct sock *sk;
144
145 BT_DBG("len %d", skb->len);
146
147 read_lock(&hci_sk_list.lock);
148
149 sk_for_each(sk, &hci_sk_list.head) {
150 struct sk_buff *nskb;
151
152
153 if (sk == skip_sk)
154 continue;
155
156 if (sk->sk_state != BT_BOUND)
157 continue;
158
159 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
160 continue;
161
162 nskb = skb_clone(skb, GFP_ATOMIC);
163 if (!nskb)
164 continue;
165
166 if (sock_queue_rcv_skb(sk, nskb))
167 kfree_skb(nskb);
168 }
169
170 read_unlock(&hci_sk_list.lock);
171}
172
173
174void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
175{
176 struct sock *sk;
177 struct sk_buff *skb_copy = NULL;
178 __le16 opcode;
179
180 if (!atomic_read(&monitor_promisc))
181 return;
182
183 BT_DBG("hdev %p len %d", hdev, skb->len);
184
185 switch (bt_cb(skb)->pkt_type) {
186 case HCI_COMMAND_PKT:
187 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
188 break;
189 case HCI_EVENT_PKT:
190 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
191 break;
192 case HCI_ACLDATA_PKT:
193 if (bt_cb(skb)->incoming)
194 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
195 else
196 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
197 break;
198 case HCI_SCODATA_PKT:
199 if (bt_cb(skb)->incoming)
200 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
201 else
202 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
203 break;
204 default:
205 return;
206 }
207
208 read_lock(&hci_sk_list.lock);
209
210 sk_for_each(sk, &hci_sk_list.head) {
211 struct sk_buff *nskb;
212
213 if (sk->sk_state != BT_BOUND)
214 continue;
215
216 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
217 continue;
218
219 if (!skb_copy) {
220 struct hci_mon_hdr *hdr;
221
222
223 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
224 GFP_ATOMIC);
225 if (!skb_copy)
226 continue;
227
228
229 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
230 hdr->opcode = opcode;
231 hdr->index = cpu_to_le16(hdev->id);
232 hdr->len = cpu_to_le16(skb->len);
233 }
234
235 nskb = skb_clone(skb_copy, GFP_ATOMIC);
236 if (!nskb)
237 continue;
238
239 if (sock_queue_rcv_skb(sk, nskb))
240 kfree_skb(nskb);
241 }
242
243 read_unlock(&hci_sk_list.lock);
244
245 kfree_skb(skb_copy);
246}
247
248static void send_monitor_event(struct sk_buff *skb)
249{
250 struct sock *sk;
251
252 BT_DBG("len %d", skb->len);
253
254 read_lock(&hci_sk_list.lock);
255
256 sk_for_each(sk, &hci_sk_list.head) {
257 struct sk_buff *nskb;
258
259 if (sk->sk_state != BT_BOUND)
260 continue;
261
262 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
263 continue;
264
265 nskb = skb_clone(skb, GFP_ATOMIC);
266 if (!nskb)
267 continue;
268
269 if (sock_queue_rcv_skb(sk, nskb))
270 kfree_skb(nskb);
271 }
272
273 read_unlock(&hci_sk_list.lock);
274}
275
276static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
277{
278 struct hci_mon_hdr *hdr;
279 struct hci_mon_new_index *ni;
280 struct sk_buff *skb;
281 __le16 opcode;
282
283 switch (event) {
284 case HCI_DEV_REG:
285 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
286 if (!skb)
287 return NULL;
288
289 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
290 ni->type = hdev->dev_type;
291 ni->bus = hdev->bus;
292 bacpy(&ni->bdaddr, &hdev->bdaddr);
293 memcpy(ni->name, hdev->name, 8);
294
295 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
296 break;
297
298 case HCI_DEV_UNREG:
299 skb = bt_skb_alloc(0, GFP_ATOMIC);
300 if (!skb)
301 return NULL;
302
303 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
304 break;
305
306 default:
307 return NULL;
308 }
309
310 __net_timestamp(skb);
311
312 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
313 hdr->opcode = opcode;
314 hdr->index = cpu_to_le16(hdev->id);
315 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
316
317 return skb;
318}
319
320static void send_monitor_replay(struct sock *sk)
321{
322 struct hci_dev *hdev;
323
324 read_lock(&hci_dev_list_lock);
325
326 list_for_each_entry(hdev, &hci_dev_list, list) {
327 struct sk_buff *skb;
328
329 skb = create_monitor_event(hdev, HCI_DEV_REG);
330 if (!skb)
331 continue;
332
333 if (sock_queue_rcv_skb(sk, skb))
334 kfree_skb(skb);
335 }
336
337 read_unlock(&hci_dev_list_lock);
338}
339
340
341static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
342{
343 struct hci_event_hdr *hdr;
344 struct hci_ev_stack_internal *ev;
345 struct sk_buff *skb;
346
347 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
348 if (!skb)
349 return;
350
351 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
352 hdr->evt = HCI_EV_STACK_INTERNAL;
353 hdr->plen = sizeof(*ev) + dlen;
354
355 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
356 ev->type = type;
357 memcpy(ev->data, data, dlen);
358
359 bt_cb(skb)->incoming = 1;
360 __net_timestamp(skb);
361
362 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
363 skb->dev = (void *) hdev;
364 hci_send_to_sock(hdev, skb);
365 kfree_skb(skb);
366}
367
368void hci_sock_dev_event(struct hci_dev *hdev, int event)
369{
370 struct hci_ev_si_device ev;
371
372 BT_DBG("hdev %s event %d", hdev->name, event);
373
374
375 if (atomic_read(&monitor_promisc)) {
376 struct sk_buff *skb;
377
378 skb = create_monitor_event(hdev, event);
379 if (skb) {
380 send_monitor_event(skb);
381 kfree_skb(skb);
382 }
383 }
384
385
386 ev.event = event;
387 ev.dev_id = hdev->id;
388 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
389
390 if (event == HCI_DEV_UNREG) {
391 struct sock *sk;
392
393
394 read_lock(&hci_sk_list.lock);
395 sk_for_each(sk, &hci_sk_list.head) {
396 bh_lock_sock_nested(sk);
397 if (hci_pi(sk)->hdev == hdev) {
398 hci_pi(sk)->hdev = NULL;
399 sk->sk_err = EPIPE;
400 sk->sk_state = BT_OPEN;
401 sk->sk_state_change(sk);
402
403 hci_dev_put(hdev);
404 }
405 bh_unlock_sock(sk);
406 }
407 read_unlock(&hci_sk_list.lock);
408 }
409}
410
411static int hci_sock_release(struct socket *sock)
412{
413 struct sock *sk = sock->sk;
414 struct hci_dev *hdev;
415
416 BT_DBG("sock %p sk %p", sock, sk);
417
418 if (!sk)
419 return 0;
420
421 hdev = hci_pi(sk)->hdev;
422
423 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
424 atomic_dec(&monitor_promisc);
425
426 bt_sock_unlink(&hci_sk_list, sk);
427
428 if (hdev) {
429 atomic_dec(&hdev->promisc);
430 hci_dev_put(hdev);
431 }
432
433 sock_orphan(sk);
434
435 skb_queue_purge(&sk->sk_receive_queue);
436 skb_queue_purge(&sk->sk_write_queue);
437
438 sock_put(sk);
439 return 0;
440}
441
442static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
443{
444 bdaddr_t bdaddr;
445 int err;
446
447 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
448 return -EFAULT;
449
450 hci_dev_lock(hdev);
451
452 err = hci_blacklist_add(hdev, &bdaddr, 0);
453
454 hci_dev_unlock(hdev);
455
456 return err;
457}
458
459static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
460{
461 bdaddr_t bdaddr;
462 int err;
463
464 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
465 return -EFAULT;
466
467 hci_dev_lock(hdev);
468
469 err = hci_blacklist_del(hdev, &bdaddr, 0);
470
471 hci_dev_unlock(hdev);
472
473 return err;
474}
475
476
477static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
478 unsigned long arg)
479{
480 struct hci_dev *hdev = hci_pi(sk)->hdev;
481
482 if (!hdev)
483 return -EBADFD;
484
485 switch (cmd) {
486 case HCISETRAW:
487 if (!capable(CAP_NET_ADMIN))
488 return -EPERM;
489
490 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
491 return -EPERM;
492
493 if (arg)
494 set_bit(HCI_RAW, &hdev->flags);
495 else
496 clear_bit(HCI_RAW, &hdev->flags);
497
498 return 0;
499
500 case HCIGETCONNINFO:
501 return hci_get_conn_info(hdev, (void __user *) arg);
502
503 case HCIGETAUTHINFO:
504 return hci_get_auth_info(hdev, (void __user *) arg);
505
506 case HCIBLOCKADDR:
507 if (!capable(CAP_NET_ADMIN))
508 return -EPERM;
509 return hci_sock_blacklist_add(hdev, (void __user *) arg);
510
511 case HCIUNBLOCKADDR:
512 if (!capable(CAP_NET_ADMIN))
513 return -EPERM;
514 return hci_sock_blacklist_del(hdev, (void __user *) arg);
515
516 default:
517 if (hdev->ioctl)
518 return hdev->ioctl(hdev, cmd, arg);
519 return -EINVAL;
520 }
521}
522
523static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
524 unsigned long arg)
525{
526 struct sock *sk = sock->sk;
527 void __user *argp = (void __user *) arg;
528 int err;
529
530 BT_DBG("cmd %x arg %lx", cmd, arg);
531
532 switch (cmd) {
533 case HCIGETDEVLIST:
534 return hci_get_dev_list(argp);
535
536 case HCIGETDEVINFO:
537 return hci_get_dev_info(argp);
538
539 case HCIGETCONNLIST:
540 return hci_get_conn_list(argp);
541
542 case HCIDEVUP:
543 if (!capable(CAP_NET_ADMIN))
544 return -EPERM;
545 return hci_dev_open(arg);
546
547 case HCIDEVDOWN:
548 if (!capable(CAP_NET_ADMIN))
549 return -EPERM;
550 return hci_dev_close(arg);
551
552 case HCIDEVRESET:
553 if (!capable(CAP_NET_ADMIN))
554 return -EPERM;
555 return hci_dev_reset(arg);
556
557 case HCIDEVRESTAT:
558 if (!capable(CAP_NET_ADMIN))
559 return -EPERM;
560 return hci_dev_reset_stat(arg);
561
562 case HCISETSCAN:
563 case HCISETAUTH:
564 case HCISETENCRYPT:
565 case HCISETPTYPE:
566 case HCISETLINKPOL:
567 case HCISETLINKMODE:
568 case HCISETACLMTU:
569 case HCISETSCOMTU:
570 if (!capable(CAP_NET_ADMIN))
571 return -EPERM;
572 return hci_dev_cmd(cmd, argp);
573
574 case HCIINQUIRY:
575 return hci_inquiry(argp);
576
577 default:
578 lock_sock(sk);
579 err = hci_sock_bound_ioctl(sk, cmd, arg);
580 release_sock(sk);
581 return err;
582 }
583}
584
585static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
586 int addr_len)
587{
588 struct sockaddr_hci haddr;
589 struct sock *sk = sock->sk;
590 struct hci_dev *hdev = NULL;
591 int len, err = 0;
592
593 BT_DBG("sock %p sk %p", sock, sk);
594
595 if (!addr)
596 return -EINVAL;
597
598 memset(&haddr, 0, sizeof(haddr));
599 len = min_t(unsigned int, sizeof(haddr), addr_len);
600 memcpy(&haddr, addr, len);
601
602 if (haddr.hci_family != AF_BLUETOOTH)
603 return -EINVAL;
604
605 lock_sock(sk);
606
607 if (sk->sk_state == BT_BOUND) {
608 err = -EALREADY;
609 goto done;
610 }
611
612 switch (haddr.hci_channel) {
613 case HCI_CHANNEL_RAW:
614 if (hci_pi(sk)->hdev) {
615 err = -EALREADY;
616 goto done;
617 }
618
619 if (haddr.hci_dev != HCI_DEV_NONE) {
620 hdev = hci_dev_get(haddr.hci_dev);
621 if (!hdev) {
622 err = -ENODEV;
623 goto done;
624 }
625
626 atomic_inc(&hdev->promisc);
627 }
628
629 hci_pi(sk)->hdev = hdev;
630 break;
631
632 case HCI_CHANNEL_CONTROL:
633 if (haddr.hci_dev != HCI_DEV_NONE) {
634 err = -EINVAL;
635 goto done;
636 }
637
638 if (!capable(CAP_NET_ADMIN)) {
639 err = -EPERM;
640 goto done;
641 }
642
643 break;
644
645 case HCI_CHANNEL_MONITOR:
646 if (haddr.hci_dev != HCI_DEV_NONE) {
647 err = -EINVAL;
648 goto done;
649 }
650
651 if (!capable(CAP_NET_RAW)) {
652 err = -EPERM;
653 goto done;
654 }
655
656 send_monitor_replay(sk);
657
658 atomic_inc(&monitor_promisc);
659 break;
660
661 default:
662 err = -EINVAL;
663 goto done;
664 }
665
666
667 hci_pi(sk)->channel = haddr.hci_channel;
668 sk->sk_state = BT_BOUND;
669
670done:
671 release_sock(sk);
672 return err;
673}
674
675static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
676 int *addr_len, int peer)
677{
678 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
679 struct sock *sk = sock->sk;
680 struct hci_dev *hdev = hci_pi(sk)->hdev;
681
682 BT_DBG("sock %p sk %p", sock, sk);
683
684 if (!hdev)
685 return -EBADFD;
686
687 lock_sock(sk);
688
689 *addr_len = sizeof(*haddr);
690 haddr->hci_family = AF_BLUETOOTH;
691 haddr->hci_dev = hdev->id;
692 haddr->hci_channel= 0;
693
694 release_sock(sk);
695 return 0;
696}
697
698static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
699 struct sk_buff *skb)
700{
701 __u32 mask = hci_pi(sk)->cmsg_mask;
702
703 if (mask & HCI_CMSG_DIR) {
704 int incoming = bt_cb(skb)->incoming;
705 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
706 &incoming);
707 }
708
709 if (mask & HCI_CMSG_TSTAMP) {
710#ifdef CONFIG_COMPAT
711 struct compat_timeval ctv;
712#endif
713 struct timeval tv;
714 void *data;
715 int len;
716
717 skb_get_timestamp(skb, &tv);
718
719 data = &tv;
720 len = sizeof(tv);
721#ifdef CONFIG_COMPAT
722 if (!COMPAT_USE_64BIT_TIME &&
723 (msg->msg_flags & MSG_CMSG_COMPAT)) {
724 ctv.tv_sec = tv.tv_sec;
725 ctv.tv_usec = tv.tv_usec;
726 data = &ctv;
727 len = sizeof(ctv);
728 }
729#endif
730
731 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
732 }
733}
734
735static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
736 struct msghdr *msg, size_t len, int flags)
737{
738 int noblock = flags & MSG_DONTWAIT;
739 struct sock *sk = sock->sk;
740 struct sk_buff *skb;
741 int copied, err;
742
743 BT_DBG("sock %p, sk %p", sock, sk);
744
745 if (flags & (MSG_OOB))
746 return -EOPNOTSUPP;
747
748 if (sk->sk_state == BT_CLOSED)
749 return 0;
750
751 skb = skb_recv_datagram(sk, flags, noblock, &err);
752 if (!skb)
753 return err;
754
755 msg->msg_namelen = 0;
756
757 copied = skb->len;
758 if (len < copied) {
759 msg->msg_flags |= MSG_TRUNC;
760 copied = len;
761 }
762
763 skb_reset_transport_header(skb);
764 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
765
766 switch (hci_pi(sk)->channel) {
767 case HCI_CHANNEL_RAW:
768 hci_sock_cmsg(sk, msg, skb);
769 break;
770 case HCI_CHANNEL_CONTROL:
771 case HCI_CHANNEL_MONITOR:
772 sock_recv_timestamp(msg, sk, skb);
773 break;
774 }
775
776 skb_free_datagram(sk, skb);
777
778 return err ? : copied;
779}
780
781static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
782 struct msghdr *msg, size_t len)
783{
784 struct sock *sk = sock->sk;
785 struct hci_dev *hdev;
786 struct sk_buff *skb;
787 int err;
788
789 BT_DBG("sock %p sk %p", sock, sk);
790
791 if (msg->msg_flags & MSG_OOB)
792 return -EOPNOTSUPP;
793
794 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
795 return -EINVAL;
796
797 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
798 return -EINVAL;
799
800 lock_sock(sk);
801
802 switch (hci_pi(sk)->channel) {
803 case HCI_CHANNEL_RAW:
804 break;
805 case HCI_CHANNEL_CONTROL:
806 err = mgmt_control(sk, msg, len);
807 goto done;
808 case HCI_CHANNEL_MONITOR:
809 err = -EOPNOTSUPP;
810 goto done;
811 default:
812 err = -EINVAL;
813 goto done;
814 }
815
816 hdev = hci_pi(sk)->hdev;
817 if (!hdev) {
818 err = -EBADFD;
819 goto done;
820 }
821
822 if (!test_bit(HCI_UP, &hdev->flags)) {
823 err = -ENETDOWN;
824 goto done;
825 }
826
827 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
828 if (!skb)
829 goto done;
830
831 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
832 err = -EFAULT;
833 goto drop;
834 }
835
836 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
837 skb_pull(skb, 1);
838 skb->dev = (void *) hdev;
839
840 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
841 u16 opcode = get_unaligned_le16(skb->data);
842 u16 ogf = hci_opcode_ogf(opcode);
843 u16 ocf = hci_opcode_ocf(opcode);
844
845 if (((ogf > HCI_SFLT_MAX_OGF) ||
846 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
847 &hci_sec_filter.ocf_mask[ogf])) &&
848 !capable(CAP_NET_RAW)) {
849 err = -EPERM;
850 goto drop;
851 }
852
853 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
854 skb_queue_tail(&hdev->raw_q, skb);
855 queue_work(hdev->workqueue, &hdev->tx_work);
856 } else {
857
858
859
860 bt_cb(skb)->req.start = true;
861
862 skb_queue_tail(&hdev->cmd_q, skb);
863 queue_work(hdev->workqueue, &hdev->cmd_work);
864 }
865 } else {
866 if (!capable(CAP_NET_RAW)) {
867 err = -EPERM;
868 goto drop;
869 }
870
871 skb_queue_tail(&hdev->raw_q, skb);
872 queue_work(hdev->workqueue, &hdev->tx_work);
873 }
874
875 err = len;
876
877done:
878 release_sock(sk);
879 return err;
880
881drop:
882 kfree_skb(skb);
883 goto done;
884}
885
886static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
887 char __user *optval, unsigned int len)
888{
889 struct hci_ufilter uf = { .opcode = 0 };
890 struct sock *sk = sock->sk;
891 int err = 0, opt = 0;
892
893 BT_DBG("sk %p, opt %d", sk, optname);
894
895 lock_sock(sk);
896
897 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
898 err = -EINVAL;
899 goto done;
900 }
901
902 switch (optname) {
903 case HCI_DATA_DIR:
904 if (get_user(opt, (int __user *)optval)) {
905 err = -EFAULT;
906 break;
907 }
908
909 if (opt)
910 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
911 else
912 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
913 break;
914
915 case HCI_TIME_STAMP:
916 if (get_user(opt, (int __user *)optval)) {
917 err = -EFAULT;
918 break;
919 }
920
921 if (opt)
922 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
923 else
924 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
925 break;
926
927 case HCI_FILTER:
928 {
929 struct hci_filter *f = &hci_pi(sk)->filter;
930
931 uf.type_mask = f->type_mask;
932 uf.opcode = f->opcode;
933 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
934 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
935 }
936
937 len = min_t(unsigned int, len, sizeof(uf));
938 if (copy_from_user(&uf, optval, len)) {
939 err = -EFAULT;
940 break;
941 }
942
943 if (!capable(CAP_NET_RAW)) {
944 uf.type_mask &= hci_sec_filter.type_mask;
945 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
946 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
947 }
948
949 {
950 struct hci_filter *f = &hci_pi(sk)->filter;
951
952 f->type_mask = uf.type_mask;
953 f->opcode = uf.opcode;
954 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
955 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
956 }
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964done:
965 release_sock(sk);
966 return err;
967}
968
969static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
970 char __user *optval, int __user *optlen)
971{
972 struct hci_ufilter uf;
973 struct sock *sk = sock->sk;
974 int len, opt, err = 0;
975
976 BT_DBG("sk %p, opt %d", sk, optname);
977
978 if (get_user(len, optlen))
979 return -EFAULT;
980
981 lock_sock(sk);
982
983 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
984 err = -EINVAL;
985 goto done;
986 }
987
988 switch (optname) {
989 case HCI_DATA_DIR:
990 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
991 opt = 1;
992 else
993 opt = 0;
994
995 if (put_user(opt, optval))
996 err = -EFAULT;
997 break;
998
999 case HCI_TIME_STAMP:
1000 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1001 opt = 1;
1002 else
1003 opt = 0;
1004
1005 if (put_user(opt, optval))
1006 err = -EFAULT;
1007 break;
1008
1009 case HCI_FILTER:
1010 {
1011 struct hci_filter *f = &hci_pi(sk)->filter;
1012
1013 memset(&uf, 0, sizeof(uf));
1014 uf.type_mask = f->type_mask;
1015 uf.opcode = f->opcode;
1016 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1017 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1018 }
1019
1020 len = min_t(unsigned int, len, sizeof(uf));
1021 if (copy_to_user(optval, &uf, len))
1022 err = -EFAULT;
1023 break;
1024
1025 default:
1026 err = -ENOPROTOOPT;
1027 break;
1028 }
1029
1030done:
1031 release_sock(sk);
1032 return err;
1033}
1034
1035static const struct proto_ops hci_sock_ops = {
1036 .family = PF_BLUETOOTH,
1037 .owner = THIS_MODULE,
1038 .release = hci_sock_release,
1039 .bind = hci_sock_bind,
1040 .getname = hci_sock_getname,
1041 .sendmsg = hci_sock_sendmsg,
1042 .recvmsg = hci_sock_recvmsg,
1043 .ioctl = hci_sock_ioctl,
1044 .poll = datagram_poll,
1045 .listen = sock_no_listen,
1046 .shutdown = sock_no_shutdown,
1047 .setsockopt = hci_sock_setsockopt,
1048 .getsockopt = hci_sock_getsockopt,
1049 .connect = sock_no_connect,
1050 .socketpair = sock_no_socketpair,
1051 .accept = sock_no_accept,
1052 .mmap = sock_no_mmap
1053};
1054
1055static struct proto hci_sk_proto = {
1056 .name = "HCI",
1057 .owner = THIS_MODULE,
1058 .obj_size = sizeof(struct hci_pinfo)
1059};
1060
1061static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1062 int kern)
1063{
1064 struct sock *sk;
1065
1066 BT_DBG("sock %p", sock);
1067
1068 if (sock->type != SOCK_RAW)
1069 return -ESOCKTNOSUPPORT;
1070
1071 sock->ops = &hci_sock_ops;
1072
1073 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1074 if (!sk)
1075 return -ENOMEM;
1076
1077 sock_init_data(sock, sk);
1078
1079 sock_reset_flag(sk, SOCK_ZAPPED);
1080
1081 sk->sk_protocol = protocol;
1082
1083 sock->state = SS_UNCONNECTED;
1084 sk->sk_state = BT_OPEN;
1085
1086 bt_sock_link(&hci_sk_list, sk);
1087 return 0;
1088}
1089
1090static const struct net_proto_family hci_sock_family_ops = {
1091 .family = PF_BLUETOOTH,
1092 .owner = THIS_MODULE,
1093 .create = hci_sock_create,
1094};
1095
1096int __init hci_sock_init(void)
1097{
1098 int err;
1099
1100 err = proto_register(&hci_sk_proto, 0);
1101 if (err < 0)
1102 return err;
1103
1104 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1105 if (err < 0) {
1106 BT_ERR("HCI socket registration failed");
1107 goto error;
1108 }
1109
1110 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
1111 if (err < 0) {
1112 BT_ERR("Failed to create HCI proc file");
1113 bt_sock_unregister(BTPROTO_HCI);
1114 goto error;
1115 }
1116
1117 BT_INFO("HCI socket layer initialized");
1118
1119 return 0;
1120
1121error:
1122 proto_unregister(&hci_sk_proto);
1123 return err;
1124}
1125
1126void hci_sock_cleanup(void)
1127{
1128 bt_procfs_cleanup(&init_net, "hci");
1129 bt_sock_unregister(BTPROTO_HCI);
1130 proto_unregister(&hci_sk_proto);
1131}
1132
