1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/export.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_mon.h>
33
34static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
36
37
38static inline int hci_test_bit(int nr, void *addr)
39{
40 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
41}
42
43
44static struct hci_sec_filter hci_sec_filter = {
45
46 0x10,
47
48 { 0x1000d9fe, 0x0000b00c },
49
50 {
51 { 0x0 },
52
53 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
54
55 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
56
57 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
58
59 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
60
61 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
62 }
63};
64
65static struct bt_sock_list hci_sk_list = {
66 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
67};
68
69
70void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 struct sock *sk;
73 struct hlist_node *node;
74 struct sk_buff *skb_copy = NULL;
75
76 BT_DBG("hdev %p len %d", hdev, skb->len);
77
78 read_lock(&hci_sk_list.lock);
79
80 sk_for_each(sk, node, &hci_sk_list.head) {
81 struct hci_filter *flt;
82 struct sk_buff *nskb;
83
84 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
85 continue;
86
87
88 if (skb->sk == sk)
89 continue;
90
91 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
92 continue;
93
94
95 flt = &hci_pi(sk)->filter;
96
97 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
98 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS),
99 &flt->type_mask))
100 continue;
101
102 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
103 int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
104
105 if (!hci_test_bit(evt, &flt->event_mask))
106 continue;
107
108 if (flt->opcode &&
109 ((evt == HCI_EV_CMD_COMPLETE &&
110 flt->opcode !=
111 get_unaligned((__le16 *)(skb->data + 3))) ||
112 (evt == HCI_EV_CMD_STATUS &&
113 flt->opcode !=
114 get_unaligned((__le16 *)(skb->data + 4)))))
115 continue;
116 }
117
118 if (!skb_copy) {
119
120 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
121 if (!skb_copy)
122 continue;
123
124
125 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
126 }
127
128 nskb = skb_clone(skb_copy, GFP_ATOMIC);
129 if (!nskb)
130 continue;
131
132 if (sock_queue_rcv_skb(sk, nskb))
133 kfree_skb(nskb);
134 }
135
136 read_unlock(&hci_sk_list.lock);
137
138 kfree_skb(skb_copy);
139}
140
141
142void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
143{
144 struct sock *sk;
145 struct hlist_node *node;
146
147 BT_DBG("len %d", skb->len);
148
149 read_lock(&hci_sk_list.lock);
150
151 sk_for_each(sk, node, &hci_sk_list.head) {
152 struct sk_buff *nskb;
153
154
155 if (sk == skip_sk)
156 continue;
157
158 if (sk->sk_state != BT_BOUND)
159 continue;
160
161 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
162 continue;
163
164 nskb = skb_clone(skb, GFP_ATOMIC);
165 if (!nskb)
166 continue;
167
168 if (sock_queue_rcv_skb(sk, nskb))
169 kfree_skb(nskb);
170 }
171
172 read_unlock(&hci_sk_list.lock);
173}
174
175
176void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
177{
178 struct sock *sk;
179 struct hlist_node *node;
180 struct sk_buff *skb_copy = NULL;
181 __le16 opcode;
182
183 if (!atomic_read(&monitor_promisc))
184 return;
185
186 BT_DBG("hdev %p len %d", hdev, skb->len);
187
188 switch (bt_cb(skb)->pkt_type) {
189 case HCI_COMMAND_PKT:
190 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
191 break;
192 case HCI_EVENT_PKT:
193 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
194 break;
195 case HCI_ACLDATA_PKT:
196 if (bt_cb(skb)->incoming)
197 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
198 else
199 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
200 break;
201 case HCI_SCODATA_PKT:
202 if (bt_cb(skb)->incoming)
203 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
204 else
205 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
206 break;
207 default:
208 return;
209 }
210
211 read_lock(&hci_sk_list.lock);
212
213 sk_for_each(sk, node, &hci_sk_list.head) {
214 struct sk_buff *nskb;
215
216 if (sk->sk_state != BT_BOUND)
217 continue;
218
219 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
220 continue;
221
222 if (!skb_copy) {
223 struct hci_mon_hdr *hdr;
224
225
226 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
227 GFP_ATOMIC);
228 if (!skb_copy)
229 continue;
230
231
232 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
233 hdr->opcode = opcode;
234 hdr->index = cpu_to_le16(hdev->id);
235 hdr->len = cpu_to_le16(skb->len);
236 }
237
238 nskb = skb_clone(skb_copy, GFP_ATOMIC);
239 if (!nskb)
240 continue;
241
242 if (sock_queue_rcv_skb(sk, nskb))
243 kfree_skb(nskb);
244 }
245
246 read_unlock(&hci_sk_list.lock);
247
248 kfree_skb(skb_copy);
249}
250
251static void send_monitor_event(struct sk_buff *skb)
252{
253 struct sock *sk;
254 struct hlist_node *node;
255
256 BT_DBG("len %d", skb->len);
257
258 read_lock(&hci_sk_list.lock);
259
260 sk_for_each(sk, node, &hci_sk_list.head) {
261 struct sk_buff *nskb;
262
263 if (sk->sk_state != BT_BOUND)
264 continue;
265
266 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
267 continue;
268
269 nskb = skb_clone(skb, GFP_ATOMIC);
270 if (!nskb)
271 continue;
272
273 if (sock_queue_rcv_skb(sk, nskb))
274 kfree_skb(nskb);
275 }
276
277 read_unlock(&hci_sk_list.lock);
278}
279
280static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
281{
282 struct hci_mon_hdr *hdr;
283 struct hci_mon_new_index *ni;
284 struct sk_buff *skb;
285 __le16 opcode;
286
287 switch (event) {
288 case HCI_DEV_REG:
289 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
290 if (!skb)
291 return NULL;
292
293 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
294 ni->type = hdev->dev_type;
295 ni->bus = hdev->bus;
296 bacpy(&ni->bdaddr, &hdev->bdaddr);
297 memcpy(ni->name, hdev->name, 8);
298
299 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
300 break;
301
302 case HCI_DEV_UNREG:
303 skb = bt_skb_alloc(0, GFP_ATOMIC);
304 if (!skb)
305 return NULL;
306
307 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
308 break;
309
310 default:
311 return NULL;
312 }
313
314 __net_timestamp(skb);
315
316 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
317 hdr->opcode = opcode;
318 hdr->index = cpu_to_le16(hdev->id);
319 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
320
321 return skb;
322}
323
324static void send_monitor_replay(struct sock *sk)
325{
326 struct hci_dev *hdev;
327
328 read_lock(&hci_dev_list_lock);
329
330 list_for_each_entry(hdev, &hci_dev_list, list) {
331 struct sk_buff *skb;
332
333 skb = create_monitor_event(hdev, HCI_DEV_REG);
334 if (!skb)
335 continue;
336
337 if (sock_queue_rcv_skb(sk, skb))
338 kfree_skb(skb);
339 }
340
341 read_unlock(&hci_dev_list_lock);
342}
343
344
345static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
346{
347 struct hci_event_hdr *hdr;
348 struct hci_ev_stack_internal *ev;
349 struct sk_buff *skb;
350
351 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
352 if (!skb)
353 return;
354
355 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
356 hdr->evt = HCI_EV_STACK_INTERNAL;
357 hdr->plen = sizeof(*ev) + dlen;
358
359 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
360 ev->type = type;
361 memcpy(ev->data, data, dlen);
362
363 bt_cb(skb)->incoming = 1;
364 __net_timestamp(skb);
365
366 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
367 skb->dev = (void *) hdev;
368 hci_send_to_sock(hdev, skb);
369 kfree_skb(skb);
370}
371
372void hci_sock_dev_event(struct hci_dev *hdev, int event)
373{
374 struct hci_ev_si_device ev;
375
376 BT_DBG("hdev %s event %d", hdev->name, event);
377
378
379 if (atomic_read(&monitor_promisc)) {
380 struct sk_buff *skb;
381
382 skb = create_monitor_event(hdev, event);
383 if (skb) {
384 send_monitor_event(skb);
385 kfree_skb(skb);
386 }
387 }
388
389
390 ev.event = event;
391 ev.dev_id = hdev->id;
392 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
393
394 if (event == HCI_DEV_UNREG) {
395 struct sock *sk;
396 struct hlist_node *node;
397
398
399 read_lock(&hci_sk_list.lock);
400 sk_for_each(sk, node, &hci_sk_list.head) {
401 bh_lock_sock_nested(sk);
402 if (hci_pi(sk)->hdev == hdev) {
403 hci_pi(sk)->hdev = NULL;
404 sk->sk_err = EPIPE;
405 sk->sk_state = BT_OPEN;
406 sk->sk_state_change(sk);
407
408 hci_dev_put(hdev);
409 }
410 bh_unlock_sock(sk);
411 }
412 read_unlock(&hci_sk_list.lock);
413 }
414}
415
416static int hci_sock_release(struct socket *sock)
417{
418 struct sock *sk = sock->sk;
419 struct hci_dev *hdev;
420
421 BT_DBG("sock %p sk %p", sock, sk);
422
423 if (!sk)
424 return 0;
425
426 hdev = hci_pi(sk)->hdev;
427
428 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
429 atomic_dec(&monitor_promisc);
430
431 bt_sock_unlink(&hci_sk_list, sk);
432
433 if (hdev) {
434 atomic_dec(&hdev->promisc);
435 hci_dev_put(hdev);
436 }
437
438 sock_orphan(sk);
439
440 skb_queue_purge(&sk->sk_receive_queue);
441 skb_queue_purge(&sk->sk_write_queue);
442
443 sock_put(sk);
444 return 0;
445}
446
447static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
448{
449 bdaddr_t bdaddr;
450 int err;
451
452 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
453 return -EFAULT;
454
455 hci_dev_lock(hdev);
456
457 err = hci_blacklist_add(hdev, &bdaddr, 0);
458
459 hci_dev_unlock(hdev);
460
461 return err;
462}
463
464static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
465{
466 bdaddr_t bdaddr;
467 int err;
468
469 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
470 return -EFAULT;
471
472 hci_dev_lock(hdev);
473
474 err = hci_blacklist_del(hdev, &bdaddr, 0);
475
476 hci_dev_unlock(hdev);
477
478 return err;
479}
480
481
482static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
483 unsigned long arg)
484{
485 struct hci_dev *hdev = hci_pi(sk)->hdev;
486
487 if (!hdev)
488 return -EBADFD;
489
490 switch (cmd) {
491 case HCISETRAW:
492 if (!capable(CAP_NET_ADMIN))
493 return -EPERM;
494
495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
496 return -EPERM;
497
498 if (arg)
499 set_bit(HCI_RAW, &hdev->flags);
500 else
501 clear_bit(HCI_RAW, &hdev->flags);
502
503 return 0;
504
505 case HCIGETCONNINFO:
506 return hci_get_conn_info(hdev, (void __user *) arg);
507
508 case HCIGETAUTHINFO:
509 return hci_get_auth_info(hdev, (void __user *) arg);
510
511 case HCIBLOCKADDR:
512 if (!capable(CAP_NET_ADMIN))
513 return -EPERM;
514 return hci_sock_blacklist_add(hdev, (void __user *) arg);
515
516 case HCIUNBLOCKADDR:
517 if (!capable(CAP_NET_ADMIN))
518 return -EPERM;
519 return hci_sock_blacklist_del(hdev, (void __user *) arg);
520
521 default:
522 if (hdev->ioctl)
523 return hdev->ioctl(hdev, cmd, arg);
524 return -EINVAL;
525 }
526}
527
528static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
529 unsigned long arg)
530{
531 struct sock *sk = sock->sk;
532 void __user *argp = (void __user *) arg;
533 int err;
534
535 BT_DBG("cmd %x arg %lx", cmd, arg);
536
537 switch (cmd) {
538 case HCIGETDEVLIST:
539 return hci_get_dev_list(argp);
540
541 case HCIGETDEVINFO:
542 return hci_get_dev_info(argp);
543
544 case HCIGETCONNLIST:
545 return hci_get_conn_list(argp);
546
547 case HCIDEVUP:
548 if (!capable(CAP_NET_ADMIN))
549 return -EPERM;
550 return hci_dev_open(arg);
551
552 case HCIDEVDOWN:
553 if (!capable(CAP_NET_ADMIN))
554 return -EPERM;
555 return hci_dev_close(arg);
556
557 case HCIDEVRESET:
558 if (!capable(CAP_NET_ADMIN))
559 return -EPERM;
560 return hci_dev_reset(arg);
561
562 case HCIDEVRESTAT:
563 if (!capable(CAP_NET_ADMIN))
564 return -EPERM;
565 return hci_dev_reset_stat(arg);
566
567 case HCISETSCAN:
568 case HCISETAUTH:
569 case HCISETENCRYPT:
570 case HCISETPTYPE:
571 case HCISETLINKPOL:
572 case HCISETLINKMODE:
573 case HCISETACLMTU:
574 case HCISETSCOMTU:
575 if (!capable(CAP_NET_ADMIN))
576 return -EPERM;
577 return hci_dev_cmd(cmd, argp);
578
579 case HCIINQUIRY:
580 return hci_inquiry(argp);
581
582 default:
583 lock_sock(sk);
584 err = hci_sock_bound_ioctl(sk, cmd, arg);
585 release_sock(sk);
586 return err;
587 }
588}
589
590static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
591 int addr_len)
592{
593 struct sockaddr_hci haddr;
594 struct sock *sk = sock->sk;
595 struct hci_dev *hdev = NULL;
596 int len, err = 0;
597
598 BT_DBG("sock %p sk %p", sock, sk);
599
600 if (!addr)
601 return -EINVAL;
602
603 memset(&haddr, 0, sizeof(haddr));
604 len = min_t(unsigned int, sizeof(haddr), addr_len);
605 memcpy(&haddr, addr, len);
606
607 if (haddr.hci_family != AF_BLUETOOTH)
608 return -EINVAL;
609
610 lock_sock(sk);
611
612 if (sk->sk_state == BT_BOUND) {
613 err = -EALREADY;
614 goto done;
615 }
616
617 switch (haddr.hci_channel) {
618 case HCI_CHANNEL_RAW:
619 if (hci_pi(sk)->hdev) {
620 err = -EALREADY;
621 goto done;
622 }
623
624 if (haddr.hci_dev != HCI_DEV_NONE) {
625 hdev = hci_dev_get(haddr.hci_dev);
626 if (!hdev) {
627 err = -ENODEV;
628 goto done;
629 }
630
631 atomic_inc(&hdev->promisc);
632 }
633
634 hci_pi(sk)->hdev = hdev;
635 break;
636
637 case HCI_CHANNEL_CONTROL:
638 if (haddr.hci_dev != HCI_DEV_NONE) {
639 err = -EINVAL;
640 goto done;
641 }
642
643 if (!capable(CAP_NET_ADMIN)) {
644 err = -EPERM;
645 goto done;
646 }
647
648 break;
649
650 case HCI_CHANNEL_MONITOR:
651 if (haddr.hci_dev != HCI_DEV_NONE) {
652 err = -EINVAL;
653 goto done;
654 }
655
656 if (!capable(CAP_NET_RAW)) {
657 err = -EPERM;
658 goto done;
659 }
660
661 send_monitor_replay(sk);
662
663 atomic_inc(&monitor_promisc);
664 break;
665
666 default:
667 err = -EINVAL;
668 goto done;
669 }
670
671
672 hci_pi(sk)->channel = haddr.hci_channel;
673 sk->sk_state = BT_BOUND;
674
675done:
676 release_sock(sk);
677 return err;
678}
679
680static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
681 int *addr_len, int peer)
682{
683 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
684 struct sock *sk = sock->sk;
685 struct hci_dev *hdev = hci_pi(sk)->hdev;
686
687 BT_DBG("sock %p sk %p", sock, sk);
688
689 if (!hdev)
690 return -EBADFD;
691
692 lock_sock(sk);
693
694 *addr_len = sizeof(*haddr);
695 haddr->hci_family = AF_BLUETOOTH;
696 haddr->hci_dev = hdev->id;
697 haddr->hci_channel= 0;
698
699 release_sock(sk);
700 return 0;
701}
702
703static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
704 struct sk_buff *skb)
705{
706 __u32 mask = hci_pi(sk)->cmsg_mask;
707
708 if (mask & HCI_CMSG_DIR) {
709 int incoming = bt_cb(skb)->incoming;
710 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
711 &incoming);
712 }
713
714 if (mask & HCI_CMSG_TSTAMP) {
715#ifdef CONFIG_COMPAT
716 struct compat_timeval ctv;
717#endif
718 struct timeval tv;
719 void *data;
720 int len;
721
722 skb_get_timestamp(skb, &tv);
723
724 data = &tv;
725 len = sizeof(tv);
726#ifdef CONFIG_COMPAT
727 if (!COMPAT_USE_64BIT_TIME &&
728 (msg->msg_flags & MSG_CMSG_COMPAT)) {
729 ctv.tv_sec = tv.tv_sec;
730 ctv.tv_usec = tv.tv_usec;
731 data = &ctv;
732 len = sizeof(ctv);
733 }
734#endif
735
736 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
737 }
738}
739
740static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
741 struct msghdr *msg, size_t len, int flags)
742{
743 int noblock = flags & MSG_DONTWAIT;
744 struct sock *sk = sock->sk;
745 struct sk_buff *skb;
746 int copied, err;
747
748 BT_DBG("sock %p, sk %p", sock, sk);
749
750 if (flags & (MSG_OOB))
751 return -EOPNOTSUPP;
752
753 if (sk->sk_state == BT_CLOSED)
754 return 0;
755
756 skb = skb_recv_datagram(sk, flags, noblock, &err);
757 if (!skb)
758 return err;
759
760 msg->msg_namelen = 0;
761
762 copied = skb->len;
763 if (len < copied) {
764 msg->msg_flags |= MSG_TRUNC;
765 copied = len;
766 }
767
768 skb_reset_transport_header(skb);
769 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
770
771 switch (hci_pi(sk)->channel) {
772 case HCI_CHANNEL_RAW:
773 hci_sock_cmsg(sk, msg, skb);
774 break;
775 case HCI_CHANNEL_CONTROL:
776 case HCI_CHANNEL_MONITOR:
777 sock_recv_timestamp(msg, sk, skb);
778 break;
779 }
780
781 skb_free_datagram(sk, skb);
782
783 return err ? : copied;
784}
785
786static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
787 struct msghdr *msg, size_t len)
788{
789 struct sock *sk = sock->sk;
790 struct hci_dev *hdev;
791 struct sk_buff *skb;
792 int err;
793
794 BT_DBG("sock %p sk %p", sock, sk);
795
796 if (msg->msg_flags & MSG_OOB)
797 return -EOPNOTSUPP;
798
799 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
800 return -EINVAL;
801
802 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
803 return -EINVAL;
804
805 lock_sock(sk);
806
807 switch (hci_pi(sk)->channel) {
808 case HCI_CHANNEL_RAW:
809 break;
810 case HCI_CHANNEL_CONTROL:
811 err = mgmt_control(sk, msg, len);
812 goto done;
813 case HCI_CHANNEL_MONITOR:
814 err = -EOPNOTSUPP;
815 goto done;
816 default:
817 err = -EINVAL;
818 goto done;
819 }
820
821 hdev = hci_pi(sk)->hdev;
822 if (!hdev) {
823 err = -EBADFD;
824 goto done;
825 }
826
827 if (!test_bit(HCI_UP, &hdev->flags)) {
828 err = -ENETDOWN;
829 goto done;
830 }
831
832 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
833 if (!skb)
834 goto done;
835
836 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
837 err = -EFAULT;
838 goto drop;
839 }
840
841 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
842 skb_pull(skb, 1);
843 skb->dev = (void *) hdev;
844
845 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
846 u16 opcode = get_unaligned_le16(skb->data);
847 u16 ogf = hci_opcode_ogf(opcode);
848 u16 ocf = hci_opcode_ocf(opcode);
849
850 if (((ogf > HCI_SFLT_MAX_OGF) ||
851 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
852 &hci_sec_filter.ocf_mask[ogf])) &&
853 !capable(CAP_NET_RAW)) {
854 err = -EPERM;
855 goto drop;
856 }
857
858 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
859 skb_queue_tail(&hdev->raw_q, skb);
860 queue_work(hdev->workqueue, &hdev->tx_work);
861 } else {
862 skb_queue_tail(&hdev->cmd_q, skb);
863 queue_work(hdev->workqueue, &hdev->cmd_work);
864 }
865 } else {
866 if (!capable(CAP_NET_RAW)) {
867 err = -EPERM;
868 goto drop;
869 }
870
871 skb_queue_tail(&hdev->raw_q, skb);
872 queue_work(hdev->workqueue, &hdev->tx_work);
873 }
874
875 err = len;
876
877done:
878 release_sock(sk);
879 return err;
880
881drop:
882 kfree_skb(skb);
883 goto done;
884}
885
886static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
887 char __user *optval, unsigned int len)
888{
889 struct hci_ufilter uf = { .opcode = 0 };
890 struct sock *sk = sock->sk;
891 int err = 0, opt = 0;
892
893 BT_DBG("sk %p, opt %d", sk, optname);
894
895 lock_sock(sk);
896
897 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
898 err = -EINVAL;
899 goto done;
900 }
901
902 switch (optname) {
903 case HCI_DATA_DIR:
904 if (get_user(opt, (int __user *)optval)) {
905 err = -EFAULT;
906 break;
907 }
908
909 if (opt)
910 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
911 else
912 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
913 break;
914
915 case HCI_TIME_STAMP:
916 if (get_user(opt, (int __user *)optval)) {
917 err = -EFAULT;
918 break;
919 }
920
921 if (opt)
922 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
923 else
924 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
925 break;
926
927 case HCI_FILTER:
928 {
929 struct hci_filter *f = &hci_pi(sk)->filter;
930
931 uf.type_mask = f->type_mask;
932 uf.opcode = f->opcode;
933 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
934 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
935 }
936
937 len = min_t(unsigned int, len, sizeof(uf));
938 if (copy_from_user(&uf, optval, len)) {
939 err = -EFAULT;
940 break;
941 }
942
943 if (!capable(CAP_NET_RAW)) {
944 uf.type_mask &= hci_sec_filter.type_mask;
945 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
946 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
947 }
948
949 {
950 struct hci_filter *f = &hci_pi(sk)->filter;
951
952 f->type_mask = uf.type_mask;
953 f->opcode = uf.opcode;
954 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
955 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
956 }
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964done:
965 release_sock(sk);
966 return err;
967}
968
969static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
970 char __user *optval, int __user *optlen)
971{
972 struct hci_ufilter uf;
973 struct sock *sk = sock->sk;
974 int len, opt, err = 0;
975
976 BT_DBG("sk %p, opt %d", sk, optname);
977
978 if (get_user(len, optlen))
979 return -EFAULT;
980
981 lock_sock(sk);
982
983 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
984 err = -EINVAL;
985 goto done;
986 }
987
988 switch (optname) {
989 case HCI_DATA_DIR:
990 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
991 opt = 1;
992 else
993 opt = 0;
994
995 if (put_user(opt, optval))
996 err = -EFAULT;
997 break;
998
999 case HCI_TIME_STAMP:
1000 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1001 opt = 1;
1002 else
1003 opt = 0;
1004
1005 if (put_user(opt, optval))
1006 err = -EFAULT;
1007 break;
1008
1009 case HCI_FILTER:
1010 {
1011 struct hci_filter *f = &hci_pi(sk)->filter;
1012
1013 memset(&uf, 0, sizeof(uf));
1014 uf.type_mask = f->type_mask;
1015 uf.opcode = f->opcode;
1016 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1017 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1018 }
1019
1020 len = min_t(unsigned int, len, sizeof(uf));
1021 if (copy_to_user(optval, &uf, len))
1022 err = -EFAULT;
1023 break;
1024
1025 default:
1026 err = -ENOPROTOOPT;
1027 break;
1028 }
1029
1030done:
1031 release_sock(sk);
1032 return err;
1033}
1034
1035static const struct proto_ops hci_sock_ops = {
1036 .family = PF_BLUETOOTH,
1037 .owner = THIS_MODULE,
1038 .release = hci_sock_release,
1039 .bind = hci_sock_bind,
1040 .getname = hci_sock_getname,
1041 .sendmsg = hci_sock_sendmsg,
1042 .recvmsg = hci_sock_recvmsg,
1043 .ioctl = hci_sock_ioctl,
1044 .poll = datagram_poll,
1045 .listen = sock_no_listen,
1046 .shutdown = sock_no_shutdown,
1047 .setsockopt = hci_sock_setsockopt,
1048 .getsockopt = hci_sock_getsockopt,
1049 .connect = sock_no_connect,
1050 .socketpair = sock_no_socketpair,
1051 .accept = sock_no_accept,
1052 .mmap = sock_no_mmap
1053};
1054
1055static struct proto hci_sk_proto = {
1056 .name = "HCI",
1057 .owner = THIS_MODULE,
1058 .obj_size = sizeof(struct hci_pinfo)
1059};
1060
1061static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1062 int kern)
1063{
1064 struct sock *sk;
1065
1066 BT_DBG("sock %p", sock);
1067
1068 if (sock->type != SOCK_RAW)
1069 return -ESOCKTNOSUPPORT;
1070
1071 sock->ops = &hci_sock_ops;
1072
1073 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1074 if (!sk)
1075 return -ENOMEM;
1076
1077 sock_init_data(sock, sk);
1078
1079 sock_reset_flag(sk, SOCK_ZAPPED);
1080
1081 sk->sk_protocol = protocol;
1082
1083 sock->state = SS_UNCONNECTED;
1084 sk->sk_state = BT_OPEN;
1085
1086 bt_sock_link(&hci_sk_list, sk);
1087 return 0;
1088}
1089
1090static const struct net_proto_family hci_sock_family_ops = {
1091 .family = PF_BLUETOOTH,
1092 .owner = THIS_MODULE,
1093 .create = hci_sock_create,
1094};
1095
1096int __init hci_sock_init(void)
1097{
1098 int err;
1099
1100 err = proto_register(&hci_sk_proto, 0);
1101 if (err < 0)
1102 return err;
1103
1104 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1105 if (err < 0)
1106 goto error;
1107
1108 BT_INFO("HCI socket layer initialized");
1109
1110 return 0;
1111
1112error:
1113 BT_ERR("HCI socket registration failed");
1114 proto_unregister(&hci_sk_proto);
1115 return err;
1116}
1117
1118void hci_sock_cleanup(void)
1119{
1120 if (bt_sock_unregister(BTPROTO_HCI) < 0)
1121 BT_ERR("HCI socket unregistration failed");
1122
1123 proto_unregister(&hci_sk_proto);
1124}
1125
