[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_sock.c

/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI sockets. */

#include <linux/module.h>

#include <linux/types.h>
#include <linux/capability.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/workqueue.h>
#include <linux/interrupt.h>
#include <linux/compat.h>
#include <linux/socket.h>
#include <linux/ioctl.h>
#include <net/sock.h>

#include <asm/system.h>
#include <linux/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

static int enable_mgmt;

/* ----- HCI socket interface ----- */

static inline int hci_test_bit(int nr, void *addr)
{
	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
}

/* Security filter */
static struct hci_sec_filter hci_sec_filter = {
	/* Packet types */
	0x10,
	/* Events */
	{ 0x1000d9fe, 0x0000b00c },
	/* Commands */
	{
		{ 0x0 },
		/* OGF_LINK_CTL */
		{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
		/* OGF_LINK_POLICY */
		{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
		/* OGF_HOST_CTL */
		{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
		/* OGF_INFO_PARAM */
		{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
		/* OGF_STATUS_PARAM */
		{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
	}
};

static struct bt_sock_list hci_sk_list = {
	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
};

/* Send frame to RAW socket */
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
							struct sock *skip_sk)
{
	struct sock *sk;
	struct hlist_node *node;

	BT_DBG("hdev %p len %d", hdev, skb->len);

	read_lock(&hci_sk_list.lock);
	sk_for_each(sk, node, &hci_sk_list.head) {
		struct hci_filter *flt;
		struct sk_buff *nskb;

		if (sk == skip_sk)
			continue;

		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
			continue;

		/* Don't send frame to the socket it came from */
		if (skb->sk == sk)
			continue;

		if (bt_cb(skb)->channel != hci_pi(sk)->channel)
			continue;

		if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
			goto clone;

		/* Apply filter */
		flt = &hci_pi(sk)->filter;

		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
			continue;

		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);

			if (!hci_test_bit(evt, &flt->event_mask))
				continue;

			if (flt->opcode &&
			    ((evt == HCI_EV_CMD_COMPLETE &&
			      flt->opcode !=
			      get_unaligned((__le16 *)(skb->data + 3))) ||
			     (evt == HCI_EV_CMD_STATUS &&
			      flt->opcode !=
			      get_unaligned((__le16 *)(skb->data + 4)))))
				continue;
		}

clone:
		nskb = skb_clone(skb, GFP_ATOMIC);
		if (!nskb)
			continue;

		/* Put type byte before the data */
		if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
			memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);

		if (sock_queue_rcv_skb(sk, nskb))
			kfree_skb(nskb);
	}
	read_unlock(&hci_sk_list.lock);
}

static int hci_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!sk)
		return 0;

	hdev = hci_pi(sk)->hdev;

	bt_sock_unlink(&hci_sk_list, sk);

	if (hdev) {
		atomic_dec(&hdev->promisc);
		hci_dev_put(hdev);
	}

	sock_orphan(sk);

	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);

	sock_put(sk);
	return 0;
}

static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
{
	bdaddr_t bdaddr;

	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
		return -EFAULT;

	return hci_blacklist_add(hdev, &bdaddr);
}

static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
{
	bdaddr_t bdaddr;

	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
		return -EFAULT;

	return hci_blacklist_del(hdev, &bdaddr);
}

/* Ioctls that require bound socket */
static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
{
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	if (!hdev)
		return -EBADFD;

	switch (cmd) {
	case HCISETRAW:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;

		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
			return -EPERM;

		if (arg)
			set_bit(HCI_RAW, &hdev->flags);
		else
			clear_bit(HCI_RAW, &hdev->flags);

		return 0;

	case HCIGETCONNINFO:
		return hci_get_conn_info(hdev, (void __user *) arg);

	case HCIGETAUTHINFO:
		return hci_get_auth_info(hdev, (void __user *) arg);

	case HCIBLOCKADDR:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_sock_blacklist_add(hdev, (void __user *) arg);

	case HCIUNBLOCKADDR:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_sock_blacklist_del(hdev, (void __user *) arg);

	default:
		if (hdev->ioctl)
			return hdev->ioctl(hdev, cmd, arg);
		return -EINVAL;
	}
}

static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
{
	struct sock *sk = sock->sk;
	void __user *argp = (void __user *) arg;
	int err;

	BT_DBG("cmd %x arg %lx", cmd, arg);

	switch (cmd) {
	case HCIGETDEVLIST:
		return hci_get_dev_list(argp);

	case HCIGETDEVINFO:
		return hci_get_dev_info(argp);

	case HCIGETCONNLIST:
		return hci_get_conn_list(argp);

	case HCIDEVUP:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_open(arg);

	case HCIDEVDOWN:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_close(arg);

	case HCIDEVRESET:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset(arg);

	case HCIDEVRESTAT:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset_stat(arg);

	case HCISETSCAN:
	case HCISETAUTH:
	case HCISETENCRYPT:
	case HCISETPTYPE:
	case HCISETLINKPOL:
	case HCISETLINKMODE:
	case HCISETACLMTU:
	case HCISETSCOMTU:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_cmd(cmd, argp);

	case HCIINQUIRY:
		return hci_inquiry(argp);

	default:
		lock_sock(sk);
		err = hci_sock_bound_ioctl(sk, cmd, arg);
		release_sock(sk);
		return err;
	}
}

static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
{
	struct sockaddr_hci haddr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = NULL;
	int len, err = 0;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!addr)
		return -EINVAL;

	memset(&haddr, 0, sizeof(haddr));
	len = min_t(unsigned int, sizeof(haddr), addr_len);
	memcpy(&haddr, addr, len);

	if (haddr.hci_family != AF_BLUETOOTH)
		return -EINVAL;

	if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
		return -EINVAL;

	if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
		return -EINVAL;

	lock_sock(sk);

	if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) {
		err = -EALREADY;
		goto done;
	}

	if (haddr.hci_dev != HCI_DEV_NONE) {
		hdev = hci_dev_get(haddr.hci_dev);
		if (!hdev) {
			err = -ENODEV;
			goto done;
		}

		atomic_inc(&hdev->promisc);
	}

	hci_pi(sk)->channel = haddr.hci_channel;
	hci_pi(sk)->hdev = hdev;
	sk->sk_state = BT_BOUND;

done:
	release_sock(sk);
	return err;
}

static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!hdev)
		return -EBADFD;

	lock_sock(sk);

	*addr_len = sizeof(*haddr);
	haddr->hci_family = AF_BLUETOOTH;
	haddr->hci_dev    = hdev->id;

	release_sock(sk);
	return 0;
}

static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
{
	__u32 mask = hci_pi(sk)->cmsg_mask;

	if (mask & HCI_CMSG_DIR) {
		int incoming = bt_cb(skb)->incoming;
		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	}

	if (mask & HCI_CMSG_TSTAMP) {
#ifdef CONFIG_COMPAT
		struct compat_timeval ctv;
#endif
		struct timeval tv;
		void *data;
		int len;

		skb_get_timestamp(skb, &tv);

		data = &tv;
		len = sizeof(tv);
#ifdef CONFIG_COMPAT
		if (msg->msg_flags & MSG_CMSG_COMPAT) {
			ctv.tv_sec = tv.tv_sec;
			ctv.tv_usec = tv.tv_usec;
			data = &ctv;
			len = sizeof(ctv);
		}
#endif

		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
	}
}

static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
				struct msghdr *msg, size_t len, int flags)
{
	int noblock = flags & MSG_DONTWAIT;
	struct sock *sk = sock->sk;
	struct sk_buff *skb;
	int copied, err;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (flags & (MSG_OOB))
		return -EOPNOTSUPP;

	if (sk->sk_state == BT_CLOSED)
		return 0;

	skb = skb_recv_datagram(sk, flags, noblock, &err);
	if (!skb)
		return err;

	msg->msg_namelen = 0;

	copied = skb->len;
	if (len < copied) {
		msg->msg_flags |= MSG_TRUNC;
		copied = len;
	}

	skb_reset_transport_header(skb);
	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);

	hci_sock_cmsg(sk, msg, skb);

	skb_free_datagram(sk, skb);

	return err ? : copied;
}

static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
			    struct msghdr *msg, size_t len)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;
	struct sk_buff *skb;
	int err;

	BT_DBG("sock %p sk %p", sock, sk);

	if (msg->msg_flags & MSG_OOB)
		return -EOPNOTSUPP;

	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
		return -EINVAL;

	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
		return -EINVAL;

	lock_sock(sk);

	switch (hci_pi(sk)->channel) {
	case HCI_CHANNEL_RAW:
		break;
	case HCI_CHANNEL_CONTROL:
		err = mgmt_control(sk, msg, len);
		goto done;
	default:
		err = -EINVAL;
		goto done;
	}

	hdev = hci_pi(sk)->hdev;
	if (!hdev) {
		err = -EBADFD;
		goto done;
	}

	if (!test_bit(HCI_UP, &hdev->flags)) {
		err = -ENETDOWN;
		goto done;
	}

	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
	if (!skb)
		goto done;

	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
		err = -EFAULT;
		goto drop;
	}

	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
	skb_pull(skb, 1);
	skb->dev = (void *) hdev;

	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
		u16 opcode = get_unaligned_le16(skb->data);
		u16 ogf = hci_opcode_ogf(opcode);
		u16 ocf = hci_opcode_ocf(opcode);

		if (((ogf > HCI_SFLT_MAX_OGF) ||
				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
					!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
			skb_queue_tail(&hdev->raw_q, skb);
			tasklet_schedule(&hdev->tx_task);
		} else {
			skb_queue_tail(&hdev->cmd_q, skb);
			tasklet_schedule(&hdev->cmd_task);
		}
	} else {
		if (!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		skb_queue_tail(&hdev->raw_q, skb);
		tasklet_schedule(&hdev->tx_task);
	}

	err = len;

done:
	release_sock(sk);
	return err;

drop:
	kfree_skb(skb);
	goto done;
}

static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
{
	struct hci_ufilter uf = { .opcode = 0 };
	struct sock *sk = sock->sk;
	int err = 0, opt = 0;

	BT_DBG("sk %p, opt %d", sk, optname);

	lock_sock(sk);

	switch (optname) {
	case HCI_DATA_DIR:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
		break;

	case HCI_TIME_STAMP:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
		break;

	case HCI_FILTER:
		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			uf.type_mask = f->type_mask;
			uf.opcode    = f->opcode;
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
		}

		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_from_user(&uf, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (!capable(CAP_NET_RAW)) {
			uf.type_mask &= hci_sec_filter.type_mask;
			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
		}

		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			f->type_mask = uf.type_mask;
			f->opcode    = uf.opcode;
			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
		}
		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
{
	struct hci_ufilter uf;
	struct sock *sk = sock->sk;
	int len, opt;

	if (get_user(len, optlen))
		return -EFAULT;

	switch (optname) {
	case HCI_DATA_DIR:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
			opt = 1;
		else
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_TIME_STAMP:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
			opt = 1;
		else
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_FILTER:
		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			uf.type_mask = f->type_mask;
			uf.opcode    = f->opcode;
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
		}

		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_to_user(optval, &uf, len))
			return -EFAULT;
		break;

	default:
		return -ENOPROTOOPT;
		break;
	}

	return 0;
}

static const struct proto_ops hci_sock_ops = {
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= hci_sock_release,
	.bind		= hci_sock_bind,
	.getname	= hci_sock_getname,
	.sendmsg	= hci_sock_sendmsg,
	.recvmsg	= hci_sock_recvmsg,
	.ioctl		= hci_sock_ioctl,
	.poll		= datagram_poll,
	.listen		= sock_no_listen,
	.shutdown	= sock_no_shutdown,
	.setsockopt	= hci_sock_setsockopt,
	.getsockopt	= hci_sock_getsockopt,
	.connect	= sock_no_connect,
	.socketpair	= sock_no_socketpair,
	.accept		= sock_no_accept,
	.mmap		= sock_no_mmap
};

static struct proto hci_sk_proto = {
	.name		= "HCI",
	.owner		= THIS_MODULE,
	.obj_size	= sizeof(struct hci_pinfo)
};

static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
			   int kern)
{
	struct sock *sk;

	BT_DBG("sock %p", sock);

	if (sock->type != SOCK_RAW)
		return -ESOCKTNOSUPPORT;

	sock->ops = &hci_sock_ops;

	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
	if (!sk)
		return -ENOMEM;

	sock_init_data(sock, sk);

	sock_reset_flag(sk, SOCK_ZAPPED);

	sk->sk_protocol = protocol;

	sock->state = SS_UNCONNECTED;
	sk->sk_state = BT_OPEN;

	bt_sock_link(&hci_sk_list, sk);
	return 0;
}

static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
{
	struct hci_dev *hdev = (struct hci_dev *) ptr;
	struct hci_ev_si_device ev;

	BT_DBG("hdev %s event %ld", hdev->name, event);

	/* Send event to sockets */
	ev.event  = event;
	ev.dev_id = hdev->id;
	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);

	if (event == HCI_DEV_UNREG) {
		struct sock *sk;
		struct hlist_node *node;

		/* Detach sockets from device */
		read_lock(&hci_sk_list.lock);
		sk_for_each(sk, node, &hci_sk_list.head) {
			local_bh_disable();
			bh_lock_sock_nested(sk);
			if (hci_pi(sk)->hdev == hdev) {
				hci_pi(sk)->hdev = NULL;
				sk->sk_err = EPIPE;
				sk->sk_state = BT_OPEN;
				sk->sk_state_change(sk);

				hci_dev_put(hdev);
			}
			bh_unlock_sock(sk);
			local_bh_enable();
		}
		read_unlock(&hci_sk_list.lock);
	}

	return NOTIFY_DONE;
}

static const struct net_proto_family hci_sock_family_ops = {
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= hci_sock_create,
};

static struct notifier_block hci_sock_nblock = {
	.notifier_call = hci_sock_dev_event
};

int __init hci_sock_init(void)
{
	int err;

	err = proto_register(&hci_sk_proto, 0);
	if (err < 0)
		return err;

	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
	if (err < 0)
		goto error;

	hci_register_notifier(&hci_sock_nblock);

	BT_INFO("HCI socket layer initialized");

	return 0;

error:
	BT_ERR("HCI socket registration failed");
	proto_unregister(&hci_sk_proto);
	return err;
}

void hci_sock_cleanup(void)
{
	if (bt_sock_unregister(BTPROTO_HCI) < 0)
		BT_ERR("HCI socket unregistration failed");

	hci_unregister_notifier(&hci_sock_nblock);

	proto_unregister(&hci_sk_proto);
}

module_param(enable_mgmt, bool, 0644);
MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
Commit	Line	Data
8e87d142	1	/*
1da177e4 LT	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142 YH	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4 LT	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1da177e4 LT	19
8e87d142 YH	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
8e87d142 YH	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4 LT	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI sockets. */
	26
1da177e4 LT	27	#include <linux/module.h>
	28
	29	#include <linux/types.h>
4fc268d2	30	#include <linux/capability.h>
1da177e4 LT	31	#include <linux/errno.h>
1da177e4 LT	32	#include <linux/kernel.h>
1da177e4 LT	33	#include <linux/slab.h>
	34	#include <linux/poll.h>
	35	#include <linux/fcntl.h>
	36	#include <linux/init.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/workqueue.h>
	39	#include <linux/interrupt.h>
767c5eb5	40	#include <linux/compat.h>
1da177e4 LT	41	#include <linux/socket.h>
	42	#include <linux/ioctl.h>
	43	#include <net/sock.h>
	44
	45	#include <asm/system.h>
70f23020	46	#include <linux/uaccess.h>
1da177e4 LT	47	#include <asm/unaligned.h>
	48
	49	#include <net/bluetooth/bluetooth.h>
	50	#include <net/bluetooth/hci_core.h>
	51
0381101f JH	52	static int enable_mgmt;
0381101f JH	53
1da177e4 LT	54	/* ----- HCI socket interface ----- */
	55
	56	static inline int hci_test_bit(int nr, void *addr)
	57	{
	58	return ((__u32 ) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
	59	}
	60
	61	/* Security filter */
	62	static struct hci_sec_filter hci_sec_filter = {
	63	/* Packet types */
	64	0x10,
	65	/* Events */
dd7f5527	66	{ 0x1000d9fe, 0x0000b00c },
1da177e4 LT	67	/* Commands */
	68	{
	69	{ 0x0 },
	70	/* OGF_LINK_CTL */
7c631a67	71	{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4	72	/* OGF_LINK_POLICY */
7c631a67	73	{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4	74	/* OGF_HOST_CTL */
7c631a67	75	{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4	76	/* OGF_INFO_PARAM */
7c631a67	77	{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4	78	/* OGF_STATUS_PARAM */
7c631a67	79	{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4 LT	80	}
	81	};
	82
	83	static struct bt_sock_list hci_sk_list = {
d5fb2962	84	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4 LT	85	};
	86
	87	/* Send frame to RAW socket */
eec8d2bc JH	88	void hci_send_to_sock(struct hci_dev hdev, struct sk_buff skb,
eec8d2bc JH	89	struct sock *skip_sk)
1da177e4 LT	90	{
	91	struct sock *sk;
	92	struct hlist_node *node;
	93
	94	BT_DBG("hdev %p len %d", hdev, skb->len);
	95
	96	read_lock(&hci_sk_list.lock);
	97	sk_for_each(sk, node, &hci_sk_list.head) {
	98	struct hci_filter *flt;
	99	struct sk_buff *nskb;
	100
eec8d2bc JH	101	if (sk == skip_sk)
	102	continue;
	103
1da177e4 LT	104	if (sk->sk_state != BT_BOUND \|\| hci_pi(sk)->hdev != hdev)
	105	continue;
	106
	107	/* Don't send frame to the socket it came from */
	108	if (skb->sk == sk)
	109	continue;
	110
a40c406c JH	111	if (bt_cb(skb)->channel != hci_pi(sk)->channel)
	112	continue;
	113
	114	if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
	115	goto clone;
	116
1da177e4 LT	117	/* Apply filter */
	118	flt = &hci_pi(sk)->filter;
	119
0d48d939 MH	120	if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
0d48d939 MH	121	0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
1da177e4 LT	122	continue;
1da177e4 LT	123
0d48d939	124	if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
1da177e4 LT	125	register int evt = ((__u8 )skb->data & HCI_FLT_EVENT_BITS);
	126
	127	if (!hci_test_bit(evt, &flt->event_mask))
	128	continue;
	129
4498c80d DM	130	if (flt->opcode &&
	131	((evt == HCI_EV_CMD_COMPLETE &&
	132	flt->opcode !=
905f3ed6	133	get_unaligned((__le16 *)(skb->data + 3))) \|\|
4498c80d DM	134	(evt == HCI_EV_CMD_STATUS &&
4498c80d DM	135	flt->opcode !=
905f3ed6	136	get_unaligned((__le16 *)(skb->data + 4)))))
1da177e4 LT	137	continue;
	138	}
	139
a40c406c	140	clone:
70f23020 AE	141	nskb = skb_clone(skb, GFP_ATOMIC);
70f23020 AE	142	if (!nskb)
1da177e4 LT	143	continue;
	144
	145	/* Put type byte before the data */
a40c406c JH	146	if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
a40c406c JH	147	memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
1da177e4 LT	148
	149	if (sock_queue_rcv_skb(sk, nskb))
	150	kfree_skb(nskb);
	151	}
	152	read_unlock(&hci_sk_list.lock);
	153	}
	154
	155	static int hci_sock_release(struct socket *sock)
	156	{
	157	struct sock *sk = sock->sk;
7b005bd3	158	struct hci_dev *hdev;
1da177e4 LT	159
	160	BT_DBG("sock %p sk %p", sock, sk);
	161
	162	if (!sk)
	163	return 0;
	164
7b005bd3 MH	165	hdev = hci_pi(sk)->hdev;
7b005bd3 MH	166
1da177e4 LT	167	bt_sock_unlink(&hci_sk_list, sk);
	168
	169	if (hdev) {
	170	atomic_dec(&hdev->promisc);
	171	hci_dev_put(hdev);
	172	}
	173
	174	sock_orphan(sk);
	175
	176	skb_queue_purge(&sk->sk_receive_queue);
	177	skb_queue_purge(&sk->sk_write_queue);
	178
	179	sock_put(sk);
	180	return 0;
	181	}
	182
b2a66aad	183	static int hci_sock_blacklist_add(struct hci_dev hdev, void __user arg)
f0358568 JH	184	{
f0358568 JH	185	bdaddr_t bdaddr;
f0358568 JH	186
	187	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
	188	return -EFAULT;
	189
b2a66aad	190	return hci_blacklist_add(hdev, &bdaddr);
f0358568 JH	191	}
f0358568 JH	192
b2a66aad	193	static int hci_sock_blacklist_del(struct hci_dev hdev, void __user arg)
f0358568 JH	194	{
f0358568 JH	195	bdaddr_t bdaddr;
f0358568 JH	196
	197	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
	198	return -EFAULT;
	199
b2a66aad	200	return hci_blacklist_del(hdev, &bdaddr);
f0358568 JH	201	}
f0358568 JH	202
8e87d142	203	/* Ioctls that require bound socket */
1da177e4 LT	204	static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
	205	{
	206	struct hci_dev *hdev = hci_pi(sk)->hdev;
	207
	208	if (!hdev)
	209	return -EBADFD;
	210
	211	switch (cmd) {
	212	case HCISETRAW:
	213	if (!capable(CAP_NET_ADMIN))
	214	return -EACCES;
	215
	216	if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
	217	return -EPERM;
	218
	219	if (arg)
	220	set_bit(HCI_RAW, &hdev->flags);
	221	else
	222	clear_bit(HCI_RAW, &hdev->flags);
	223
	224	return 0;
	225
1da177e4	226	case HCIGETCONNINFO:
40be492f MH	227	return hci_get_conn_info(hdev, (void __user *) arg);
	228
	229	case HCIGETAUTHINFO:
	230	return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4	231
f0358568 JH	232	case HCIBLOCKADDR:
	233	if (!capable(CAP_NET_ADMIN))
	234	return -EACCES;
b2a66aad	235	return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568 JH	236
	237	case HCIUNBLOCKADDR:
	238	if (!capable(CAP_NET_ADMIN))
	239	return -EACCES;
b2a66aad	240	return hci_sock_blacklist_del(hdev, (void __user *) arg);
f0358568	241
1da177e4 LT	242	default:
	243	if (hdev->ioctl)
	244	return hdev->ioctl(hdev, cmd, arg);
	245	return -EINVAL;
	246	}
	247	}
	248
	249	static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
	250	{
	251	struct sock *sk = sock->sk;
40be492f	252	void __user argp = (void __user ) arg;
1da177e4 LT	253	int err;
	254
	255	BT_DBG("cmd %x arg %lx", cmd, arg);
	256
	257	switch (cmd) {
	258	case HCIGETDEVLIST:
	259	return hci_get_dev_list(argp);
	260
	261	case HCIGETDEVINFO:
	262	return hci_get_dev_info(argp);
	263
	264	case HCIGETCONNLIST:
	265	return hci_get_conn_list(argp);
	266
	267	case HCIDEVUP:
	268	if (!capable(CAP_NET_ADMIN))
	269	return -EACCES;
	270	return hci_dev_open(arg);
	271
	272	case HCIDEVDOWN:
	273	if (!capable(CAP_NET_ADMIN))
	274	return -EACCES;
	275	return hci_dev_close(arg);
	276
	277	case HCIDEVRESET:
	278	if (!capable(CAP_NET_ADMIN))
	279	return -EACCES;
	280	return hci_dev_reset(arg);
	281
	282	case HCIDEVRESTAT:
	283	if (!capable(CAP_NET_ADMIN))
	284	return -EACCES;
	285	return hci_dev_reset_stat(arg);
	286
	287	case HCISETSCAN:
	288	case HCISETAUTH:
	289	case HCISETENCRYPT:
	290	case HCISETPTYPE:
	291	case HCISETLINKPOL:
	292	case HCISETLINKMODE:
	293	case HCISETACLMTU:
	294	case HCISETSCOMTU:
	295	if (!capable(CAP_NET_ADMIN))
	296	return -EACCES;
	297	return hci_dev_cmd(cmd, argp);
	298
	299	case HCIINQUIRY:
	300	return hci_inquiry(argp);
	301
	302	default:
	303	lock_sock(sk);
	304	err = hci_sock_bound_ioctl(sk, cmd, arg);
	305	release_sock(sk);
	306	return err;
	307	}
	308	}
	309
	310	static int hci_sock_bind(struct socket sock, struct sockaddr addr, int addr_len)
	311	{
0381101f	312	struct sockaddr_hci haddr;
1da177e4 LT	313	struct sock *sk = sock->sk;
1da177e4 LT	314	struct hci_dev *hdev = NULL;
0381101f	315	int len, err = 0;
1da177e4 LT	316
	317	BT_DBG("sock %p sk %p", sock, sk);
	318
0381101f JH	319	if (!addr)
	320	return -EINVAL;
	321
	322	memset(&haddr, 0, sizeof(haddr));
	323	len = min_t(unsigned int, sizeof(haddr), addr_len);
	324	memcpy(&haddr, addr, len);
	325
	326	if (haddr.hci_family != AF_BLUETOOTH)
	327	return -EINVAL;
	328
17f9cc31 GP	329	if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
	330	return -EINVAL;
	331
	332	if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
1da177e4 LT	333	return -EINVAL;
	334
	335	lock_sock(sk);
	336
0381101f	337	if (sk->sk_state == BT_BOUND \|\| hci_pi(sk)->hdev) {
1da177e4 LT	338	err = -EALREADY;
	339	goto done;
	340	}
	341
0381101f JH	342	if (haddr.hci_dev != HCI_DEV_NONE) {
0381101f JH	343	hdev = hci_dev_get(haddr.hci_dev);
70f23020	344	if (!hdev) {
1da177e4 LT	345	err = -ENODEV;
	346	goto done;
	347	}
	348
	349	atomic_inc(&hdev->promisc);
	350	}
	351
0381101f	352	hci_pi(sk)->channel = haddr.hci_channel;
1da177e4 LT	353	hci_pi(sk)->hdev = hdev;
	354	sk->sk_state = BT_BOUND;
	355
	356	done:
	357	release_sock(sk);
	358	return err;
	359	}
	360
	361	static int hci_sock_getname(struct socket sock, struct sockaddr addr, int *addr_len, int peer)
	362	{
	363	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
	364	struct sock *sk = sock->sk;
7b005bd3	365	struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4 LT	366
	367	BT_DBG("sock %p sk %p", sock, sk);
	368
7b005bd3 MH	369	if (!hdev)
	370	return -EBADFD;
	371
1da177e4 LT	372	lock_sock(sk);
	373
	374	addr_len = sizeof(haddr);
	375	haddr->hci_family = AF_BLUETOOTH;
7b005bd3	376	haddr->hci_dev = hdev->id;
1da177e4 LT	377
	378	release_sock(sk);
	379	return 0;
	380	}
	381
	382	static inline void hci_sock_cmsg(struct sock sk, struct msghdr msg, struct sk_buff *skb)
	383	{
	384	__u32 mask = hci_pi(sk)->cmsg_mask;
	385
0d48d939 MH	386	if (mask & HCI_CMSG_DIR) {
	387	int incoming = bt_cb(skb)->incoming;
	388	put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	389	}
1da177e4	390
a61bbcf2	391	if (mask & HCI_CMSG_TSTAMP) {
f6e623a6 JFS	392	#ifdef CONFIG_COMPAT
	393	struct compat_timeval ctv;
	394	#endif
a61bbcf2	395	struct timeval tv;
767c5eb5 MH	396	void *data;
767c5eb5 MH	397	int len;
a61bbcf2 PM	398
a61bbcf2 PM	399	skb_get_timestamp(skb, &tv);
767c5eb5	400
1da97f83 DM	401	data = &tv;
	402	len = sizeof(tv);
	403	#ifdef CONFIG_COMPAT
767c5eb5	404	if (msg->msg_flags & MSG_CMSG_COMPAT) {
767c5eb5 MH	405	ctv.tv_sec = tv.tv_sec;
	406	ctv.tv_usec = tv.tv_usec;
	407	data = &ctv;
	408	len = sizeof(ctv);
767c5eb5	409	}
1da97f83	410	#endif
767c5eb5 MH	411
767c5eb5 MH	412	put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2	413	}
1da177e4	414	}
8e87d142 YH	415
8e87d142 YH	416	static int hci_sock_recvmsg(struct kiocb iocb, struct socket sock,
1da177e4 LT	417	struct msghdr *msg, size_t len, int flags)
	418	{
	419	int noblock = flags & MSG_DONTWAIT;
	420	struct sock *sk = sock->sk;
	421	struct sk_buff *skb;
	422	int copied, err;
	423
	424	BT_DBG("sock %p, sk %p", sock, sk);
	425
	426	if (flags & (MSG_OOB))
	427	return -EOPNOTSUPP;
	428
	429	if (sk->sk_state == BT_CLOSED)
	430	return 0;
	431
70f23020 AE	432	skb = skb_recv_datagram(sk, flags, noblock, &err);
70f23020 AE	433	if (!skb)
1da177e4 LT	434	return err;
	435
	436	msg->msg_namelen = 0;
	437
	438	copied = skb->len;
	439	if (len < copied) {
	440	msg->msg_flags \|= MSG_TRUNC;
	441	copied = len;
	442	}
	443
badff6d0	444	skb_reset_transport_header(skb);
1da177e4 LT	445	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
	446
	447	hci_sock_cmsg(sk, msg, skb);
	448
	449	skb_free_datagram(sk, skb);
	450
	451	return err ? : copied;
	452	}
	453
8e87d142	454	static int hci_sock_sendmsg(struct kiocb iocb, struct socket sock,
1da177e4 LT	455	struct msghdr *msg, size_t len)
	456	{
	457	struct sock *sk = sock->sk;
	458	struct hci_dev *hdev;
	459	struct sk_buff *skb;
	460	int err;
	461
	462	BT_DBG("sock %p sk %p", sock, sk);
	463
	464	if (msg->msg_flags & MSG_OOB)
	465	return -EOPNOTSUPP;
	466
	467	if (msg->msg_flags & ~(MSG_DONTWAIT\|MSG_NOSIGNAL\|MSG_ERRQUEUE))
	468	return -EINVAL;
	469
	470	if (len < 4 \|\| len > HCI_MAX_FRAME_SIZE)
	471	return -EINVAL;
	472
	473	lock_sock(sk);
	474
0381101f JH	475	switch (hci_pi(sk)->channel) {
	476	case HCI_CHANNEL_RAW:
	477	break;
	478	case HCI_CHANNEL_CONTROL:
	479	err = mgmt_control(sk, msg, len);
	480	goto done;
	481	default:
	482	err = -EINVAL;
	483	goto done;
	484	}
	485
70f23020 AE	486	hdev = hci_pi(sk)->hdev;
70f23020 AE	487	if (!hdev) {
1da177e4 LT	488	err = -EBADFD;
	489	goto done;
	490	}
	491
7e21addc MH	492	if (!test_bit(HCI_UP, &hdev->flags)) {
	493	err = -ENETDOWN;
	494	goto done;
	495	}
	496
70f23020 AE	497	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
70f23020 AE	498	if (!skb)
1da177e4 LT	499	goto done;
	500
	501	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
	502	err = -EFAULT;
	503	goto drop;
	504	}
	505
0d48d939	506	bt_cb(skb)->pkt_type = ((unsigned char ) skb->data);
1da177e4 LT	507	skb_pull(skb, 1);
	508	skb->dev = (void *) hdev;
	509
0d48d939	510	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319	511	u16 opcode = get_unaligned_le16(skb->data);
1da177e4 LT	512	u16 ogf = hci_opcode_ogf(opcode);
	513	u16 ocf = hci_opcode_ocf(opcode);
	514
	515	if (((ogf > HCI_SFLT_MAX_OGF) \|\|
	516	!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
	517	!capable(CAP_NET_RAW)) {
	518	err = -EPERM;
	519	goto drop;
	520	}
	521
a9de9248	522	if (test_bit(HCI_RAW, &hdev->flags) \|\| (ogf == 0x3f)) {
1da177e4	523	skb_queue_tail(&hdev->raw_q, skb);
c78ae283	524	tasklet_schedule(&hdev->tx_task);
1da177e4 LT	525	} else {
1da177e4 LT	526	skb_queue_tail(&hdev->cmd_q, skb);
c78ae283	527	tasklet_schedule(&hdev->cmd_task);
1da177e4 LT	528	}
	529	} else {
	530	if (!capable(CAP_NET_RAW)) {
	531	err = -EPERM;
	532	goto drop;
	533	}
	534
	535	skb_queue_tail(&hdev->raw_q, skb);
c78ae283	536	tasklet_schedule(&hdev->tx_task);
1da177e4 LT	537	}
	538
	539	err = len;
	540
	541	done:
	542	release_sock(sk);
	543	return err;
	544
	545	drop:
	546	kfree_skb(skb);
	547	goto done;
	548	}
	549
b7058842	550	static int hci_sock_setsockopt(struct socket sock, int level, int optname, char __user optval, unsigned int len)
1da177e4 LT	551	{
	552	struct hci_ufilter uf = { .opcode = 0 };
	553	struct sock *sk = sock->sk;
	554	int err = 0, opt = 0;
	555
	556	BT_DBG("sk %p, opt %d", sk, optname);
	557
	558	lock_sock(sk);
	559
	560	switch (optname) {
	561	case HCI_DATA_DIR:
	562	if (get_user(opt, (int __user *)optval)) {
	563	err = -EFAULT;
	564	break;
	565	}
	566
	567	if (opt)
	568	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_DIR;
	569	else
	570	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
	571	break;
	572
	573	case HCI_TIME_STAMP:
	574	if (get_user(opt, (int __user *)optval)) {
	575	err = -EFAULT;
	576	break;
	577	}
	578
	579	if (opt)
	580	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_TSTAMP;
	581	else
	582	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
	583	break;
	584
	585	case HCI_FILTER:
0878b666 MH	586	{
	587	struct hci_filter *f = &hci_pi(sk)->filter;
	588
	589	uf.type_mask = f->type_mask;
	590	uf.opcode = f->opcode;
	591	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
	592	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
	593	}
	594
1da177e4 LT	595	len = min_t(unsigned int, len, sizeof(uf));
	596	if (copy_from_user(&uf, optval, len)) {
	597	err = -EFAULT;
	598	break;
	599	}
	600
	601	if (!capable(CAP_NET_RAW)) {
	602	uf.type_mask &= hci_sec_filter.type_mask;
	603	uf.event_mask[0] &= ((u32 ) hci_sec_filter.event_mask + 0);
	604	uf.event_mask[1] &= ((u32 ) hci_sec_filter.event_mask + 1);
	605	}
	606
	607	{
	608	struct hci_filter *f = &hci_pi(sk)->filter;
	609
	610	f->type_mask = uf.type_mask;
	611	f->opcode = uf.opcode;
	612	((u32 ) f->event_mask + 0) = uf.event_mask[0];
	613	((u32 ) f->event_mask + 1) = uf.event_mask[1];
	614	}
8e87d142	615	break;
1da177e4 LT	616
	617	default:
	618	err = -ENOPROTOOPT;
	619	break;
	620	}
	621
	622	release_sock(sk);
	623	return err;
	624	}
	625
	626	static int hci_sock_getsockopt(struct socket sock, int level, int optname, char __user optval, int __user *optlen)
	627	{
	628	struct hci_ufilter uf;
	629	struct sock *sk = sock->sk;
8e87d142	630	int len, opt;
1da177e4 LT	631
	632	if (get_user(len, optlen))
	633	return -EFAULT;
	634
	635	switch (optname) {
	636	case HCI_DATA_DIR:
	637	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
	638	opt = 1;
8e87d142	639	else
1da177e4 LT	640	opt = 0;
	641
	642	if (put_user(opt, optval))
	643	return -EFAULT;
	644	break;
	645
	646	case HCI_TIME_STAMP:
	647	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
	648	opt = 1;
8e87d142	649	else
1da177e4 LT	650	opt = 0;
	651
	652	if (put_user(opt, optval))
	653	return -EFAULT;
	654	break;
	655
	656	case HCI_FILTER:
	657	{
	658	struct hci_filter *f = &hci_pi(sk)->filter;
	659
	660	uf.type_mask = f->type_mask;
	661	uf.opcode = f->opcode;
	662	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
	663	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
	664	}
	665
	666	len = min_t(unsigned int, len, sizeof(uf));
	667	if (copy_to_user(optval, &uf, len))
	668	return -EFAULT;
	669	break;
	670
	671	default:
	672	return -ENOPROTOOPT;
	673	break;
	674	}
	675
	676	return 0;
	677	}
	678
90ddc4f0	679	static const struct proto_ops hci_sock_ops = {
1da177e4 LT	680	.family = PF_BLUETOOTH,
	681	.owner = THIS_MODULE,
	682	.release = hci_sock_release,
	683	.bind = hci_sock_bind,
	684	.getname = hci_sock_getname,
	685	.sendmsg = hci_sock_sendmsg,
	686	.recvmsg = hci_sock_recvmsg,
	687	.ioctl = hci_sock_ioctl,
	688	.poll = datagram_poll,
	689	.listen = sock_no_listen,
	690	.shutdown = sock_no_shutdown,
	691	.setsockopt = hci_sock_setsockopt,
	692	.getsockopt = hci_sock_getsockopt,
	693	.connect = sock_no_connect,
	694	.socketpair = sock_no_socketpair,
	695	.accept = sock_no_accept,
	696	.mmap = sock_no_mmap
	697	};
	698
	699	static struct proto hci_sk_proto = {
	700	.name = "HCI",
	701	.owner = THIS_MODULE,
	702	.obj_size = sizeof(struct hci_pinfo)
	703	};
	704
3f378b68 EP	705	static int hci_sock_create(struct net net, struct socket sock, int protocol,
3f378b68 EP	706	int kern)
1da177e4 LT	707	{
	708	struct sock *sk;
	709
	710	BT_DBG("sock %p", sock);
	711
	712	if (sock->type != SOCK_RAW)
	713	return -ESOCKTNOSUPPORT;
	714
	715	sock->ops = &hci_sock_ops;
	716
6257ff21	717	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4 LT	718	if (!sk)
	719	return -ENOMEM;
	720
	721	sock_init_data(sock, sk);
	722
	723	sock_reset_flag(sk, SOCK_ZAPPED);
	724
	725	sk->sk_protocol = protocol;
	726
	727	sock->state = SS_UNCONNECTED;
	728	sk->sk_state = BT_OPEN;
	729
	730	bt_sock_link(&hci_sk_list, sk);
	731	return 0;
	732	}
	733
	734	static int hci_sock_dev_event(struct notifier_block this, unsigned long event, void ptr)
	735	{
	736	struct hci_dev hdev = (struct hci_dev ) ptr;
	737	struct hci_ev_si_device ev;
	738
	739	BT_DBG("hdev %s event %ld", hdev->name, event);
	740
	741	/* Send event to sockets */
	742	ev.event = event;
	743	ev.dev_id = hdev->id;
	744	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
	745
	746	if (event == HCI_DEV_UNREG) {
	747	struct sock *sk;
	748	struct hlist_node *node;
	749
	750	/* Detach sockets from device */
	751	read_lock(&hci_sk_list.lock);
	752	sk_for_each(sk, node, &hci_sk_list.head) {
4ce61d1c SS	753	local_bh_disable();
4ce61d1c SS	754	bh_lock_sock_nested(sk);
1da177e4 LT	755	if (hci_pi(sk)->hdev == hdev) {
	756	hci_pi(sk)->hdev = NULL;
	757	sk->sk_err = EPIPE;
	758	sk->sk_state = BT_OPEN;
	759	sk->sk_state_change(sk);
	760
	761	hci_dev_put(hdev);
	762	}
4ce61d1c SS	763	bh_unlock_sock(sk);
4ce61d1c SS	764	local_bh_enable();
1da177e4 LT	765	}
	766	read_unlock(&hci_sk_list.lock);
	767	}
	768
	769	return NOTIFY_DONE;
	770	}
	771
ec1b4cf7	772	static const struct net_proto_family hci_sock_family_ops = {
1da177e4 LT	773	.family = PF_BLUETOOTH,
	774	.owner = THIS_MODULE,
	775	.create = hci_sock_create,
	776	};
	777
	778	static struct notifier_block hci_sock_nblock = {
	779	.notifier_call = hci_sock_dev_event
	780	};
	781
	782	int __init hci_sock_init(void)
	783	{
	784	int err;
	785
	786	err = proto_register(&hci_sk_proto, 0);
	787	if (err < 0)
	788	return err;
	789
	790	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
	791	if (err < 0)
	792	goto error;
	793
	794	hci_register_notifier(&hci_sock_nblock);
	795
	796	BT_INFO("HCI socket layer initialized");
	797
	798	return 0;
	799
	800	error:
	801	BT_ERR("HCI socket registration failed");
	802	proto_unregister(&hci_sk_proto);
	803	return err;
	804	}
	805
b7440a14	806	void hci_sock_cleanup(void)
1da177e4 LT	807	{
	808	if (bt_sock_unregister(BTPROTO_HCI) < 0)
	809	BT_ERR("HCI socket unregistration failed");
	810
	811	hci_unregister_notifier(&hci_sock_nblock);
	812
	813	proto_unregister(&hci_sk_proto);
1da177e4	814	}
0381101f JH	815
	816	module_param(enable_mgmt, bool, 0644);
	817	MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");