projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for HCI monitor channel
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/slab.h>
34#include <linux/poll.h>
35#include <linux/fcntl.h>
36#include <linux/init.h>
37#include <linux/skbuff.h>
38#include <linux/workqueue.h>
39#include <linux/interrupt.h>
767c5eb5 40#include <linux/compat.h>
1da177e4
LT		 41#include <linux/socket.h>
42#include <linux/ioctl.h>
43#include <net/sock.h>
44
45#include <asm/system.h>
70f23020 46#include <linux/uaccess.h>
1da177e4
LT		 47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
cd82e61c 51#include <net/bluetooth/hci_mon.h>
1da177e4 52
eb939922 53static bool enable_mgmt;
0381101f 54
cd82e61c
MH		 55static atomic_t monitor_promisc = ATOMIC_INIT(0);
56
1da177e4
LT		 57/* ----- HCI socket interface ----- */
58
59static inline int hci_test_bit(int nr, void *addr)
60{
61 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
62}
63
64/* Security filter */
65static struct hci_sec_filter hci_sec_filter = {
66 /* Packet types */
67 0x10,
68 /* Events */
dd7f5527 69 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 70 /* Commands */
71 {
72 { 0x0 },
73 /* OGF_LINK_CTL */
7c631a67 74 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 75 /* OGF_LINK_POLICY */
7c631a67 76 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 77 /* OGF_HOST_CTL */
7c631a67 78 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 79 /* OGF_INFO_PARAM */
7c631a67 80 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 81 /* OGF_STATUS_PARAM */
7c631a67 82 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 83 }
84};
85
86static struct bt_sock_list hci_sk_list = {
d5fb2962 87 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 88};
89
90/* Send frame to RAW socket */
470fe1b5 91void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 92{
93 struct sock *sk;
94 struct hlist_node *node;
e0edf373 95 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 96
97 BT_DBG("hdev %p len %d", hdev, skb->len);
98
99 read_lock(&hci_sk_list.lock);
470fe1b5 100
1da177e4
LT		 101 sk_for_each(sk, node, &hci_sk_list.head) {
102 struct hci_filter *flt;
103 struct sk_buff *nskb;
104
105 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
106 continue;
107
108 /* Don't send frame to the socket it came from */
109 if (skb->sk == sk)
110 continue;
111
470fe1b5 112 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
a40c406c
JH		 113 continue;
114
1da177e4
LT		 115 /* Apply filter */
116 flt = &hci_pi(sk)->filter;
117
0d48d939
MH		 118 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
119 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
1da177e4
LT		 120 continue;
121
0d48d939 122 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
1da177e4
LT		 123 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
124
125 if (!hci_test_bit(evt, &flt->event_mask))
126 continue;
127
4498c80d
DM		 128 if (flt->opcode &&
129 ((evt == HCI_EV_CMD_COMPLETE &&
130 flt->opcode !=
905f3ed6 131 get_unaligned((__le16 *)(skb->data + 3))) ||
4498c80d
DM		 132 (evt == HCI_EV_CMD_STATUS &&
133 flt->opcode !=
905f3ed6 134 get_unaligned((__le16 *)(skb->data + 4)))))
1da177e4
LT		 135 continue;
136 }
137
e0edf373
MH		 138 if (!skb_copy) {
139 /* Create a private copy with headroom */
140 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
141 if (!skb_copy)
142 continue;
143
144 /* Put type byte before the data */
145 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
146 }
147
148 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 149 if (!nskb)
1da177e4
LT		 150 continue;
151
470fe1b5
MH		 152 if (sock_queue_rcv_skb(sk, nskb))
153 kfree_skb(nskb);
154 }
155
156 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 157
158 kfree_skb(skb_copy);
470fe1b5
MH		 159}
160
161/* Send frame to control socket */
162void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
163{
164 struct sock *sk;
165 struct hlist_node *node;
166
167 BT_DBG("len %d", skb->len);
168
169 read_lock(&hci_sk_list.lock);
170
171 sk_for_each(sk, node, &hci_sk_list.head) {
172 struct sk_buff *nskb;
173
174 /* Skip the original socket */
175 if (sk == skip_sk)
176 continue;
177
178 if (sk->sk_state != BT_BOUND)
179 continue;
180
181 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
182 continue;
183
184 nskb = skb_clone(skb, GFP_ATOMIC);
185 if (!nskb)
186 continue;
1da177e4
LT		 187
188 if (sock_queue_rcv_skb(sk, nskb))
189 kfree_skb(nskb);
190 }
470fe1b5 191
1da177e4
LT		 192 read_unlock(&hci_sk_list.lock);
193}
194
cd82e61c
MH		 195/* Send frame to monitor socket */
196void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
197{
198 struct sock *sk;
199 struct hlist_node *node;
200 struct sk_buff *skb_copy = NULL;
201 __le16 opcode;
202
203 if (!atomic_read(&monitor_promisc))
204 return;
205
206 BT_DBG("hdev %p len %d", hdev, skb->len);
207
208 switch (bt_cb(skb)->pkt_type) {
209 case HCI_COMMAND_PKT:
210 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
211 break;
212 case HCI_EVENT_PKT:
213 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
214 break;
215 case HCI_ACLDATA_PKT:
216 if (bt_cb(skb)->incoming)
217 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
218 else
219 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
220 break;
221 case HCI_SCODATA_PKT:
222 if (bt_cb(skb)->incoming)
223 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
224 else
225 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
226 break;
227 default:
228 return;
229 }
230
231 read_lock(&hci_sk_list.lock);
232
233 sk_for_each(sk, node, &hci_sk_list.head) {
234 struct sk_buff *nskb;
235
236 if (sk->sk_state != BT_BOUND)
237 continue;
238
239 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
240 continue;
241
242 if (!skb_copy) {
243 struct hci_mon_hdr *hdr;
244
245 /* Create a private copy with headroom */
246 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC);
247 if (!skb_copy)
248 continue;
249
250 /* Put header before the data */
251 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
252 hdr->opcode = opcode;
253 hdr->index = cpu_to_le16(hdev->id);
254 hdr->len = cpu_to_le16(skb->len);
255 }
256
257 nskb = skb_clone(skb_copy, GFP_ATOMIC);
258 if (!nskb)
259 continue;
260
261 if (sock_queue_rcv_skb(sk, nskb))
262 kfree_skb(nskb);
263 }
264
265 read_unlock(&hci_sk_list.lock);
266
267 kfree_skb(skb_copy);
268}
269
270static void send_monitor_event(struct sk_buff *skb)
271{
272 struct sock *sk;
273 struct hlist_node *node;
274
275 BT_DBG("len %d", skb->len);
276
277 read_lock(&hci_sk_list.lock);
278
279 sk_for_each(sk, node, &hci_sk_list.head) {
280 struct sk_buff *nskb;
281
282 if (sk->sk_state != BT_BOUND)
283 continue;
284
285 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
286 continue;
287
288 nskb = skb_clone(skb, GFP_ATOMIC);
289 if (!nskb)
290 continue;
291
292 if (sock_queue_rcv_skb(sk, nskb))
293 kfree_skb(nskb);
294 }
295
296 read_unlock(&hci_sk_list.lock);
297}
298
299static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
300{
301 struct hci_mon_hdr *hdr;
302 struct hci_mon_new_index *ni;
303 struct sk_buff *skb;
304 __le16 opcode;
305
306 switch (event) {
307 case HCI_DEV_REG:
308 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
309 if (!skb)
310 return NULL;
311
312 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
313 ni->type = hdev->dev_type;
314 ni->bus = hdev->bus;
315 bacpy(&ni->bdaddr, &hdev->bdaddr);
316 memcpy(ni->name, hdev->name, 8);
317
318 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
319 break;
320
321 case HCI_DEV_UNREG:
322 skb = bt_skb_alloc(0, GFP_ATOMIC);
323 if (!skb)
324 return NULL;
325
326 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
327 break;
328
329 default:
330 return NULL;
331 }
332
333 __net_timestamp(skb);
334
335 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
336 hdr->opcode = opcode;
337 hdr->index = cpu_to_le16(hdev->id);
338 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
339
340 return skb;
341}
342
343static void send_monitor_replay(struct sock *sk)
344{
345 struct hci_dev *hdev;
346
347 read_lock(&hci_dev_list_lock);
348
349 list_for_each_entry(hdev, &hci_dev_list, list) {
350 struct sk_buff *skb;
351
352 skb = create_monitor_event(hdev, HCI_DEV_REG);
353 if (!skb)
354 continue;
355
356 if (sock_queue_rcv_skb(sk, skb))
357 kfree_skb(skb);
358 }
359
360 read_unlock(&hci_dev_list_lock);
361}
362
040030ef
MH		 363/* Generate internal stack event */
364static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
365{
366 struct hci_event_hdr *hdr;
367 struct hci_ev_stack_internal *ev;
368 struct sk_buff *skb;
369
370 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
371 if (!skb)
372 return;
373
374 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
375 hdr->evt = HCI_EV_STACK_INTERNAL;
376 hdr->plen = sizeof(*ev) + dlen;
377
378 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
379 ev->type = type;
380 memcpy(ev->data, data, dlen);
381
382 bt_cb(skb)->incoming = 1;
383 __net_timestamp(skb);
384
385 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
386 skb->dev = (void *) hdev;
387 hci_send_to_sock(hdev, skb);
388 kfree_skb(skb);
389}
390
391void hci_sock_dev_event(struct hci_dev *hdev, int event)
392{
393 struct hci_ev_si_device ev;
394
395 BT_DBG("hdev %s event %d", hdev->name, event);
396
cd82e61c
MH		 397 /* Send event to monitor */
398 if (atomic_read(&monitor_promisc)) {
399 struct sk_buff *skb;
400
401 skb = create_monitor_event(hdev, event);
402 if (skb) {
403 send_monitor_event(skb);
404 kfree_skb(skb);
405 }
406 }
407
040030ef
MH		 408 /* Send event to sockets */
409 ev.event = event;
410 ev.dev_id = hdev->id;
411 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
412
413 if (event == HCI_DEV_UNREG) {
414 struct sock *sk;
415 struct hlist_node *node;
416
417 /* Detach sockets from device */
418 read_lock(&hci_sk_list.lock);
419 sk_for_each(sk, node, &hci_sk_list.head) {
420 bh_lock_sock_nested(sk);
421 if (hci_pi(sk)->hdev == hdev) {
422 hci_pi(sk)->hdev = NULL;
423 sk->sk_err = EPIPE;
424 sk->sk_state = BT_OPEN;
425 sk->sk_state_change(sk);
426
427 hci_dev_put(hdev);
428 }
429 bh_unlock_sock(sk);
430 }
431 read_unlock(&hci_sk_list.lock);
432 }
433}
434
1da177e4
LT		 435static int hci_sock_release(struct socket *sock)
436{
437 struct sock *sk = sock->sk;
7b005bd3 438 struct hci_dev *hdev;
1da177e4
LT		 439
440 BT_DBG("sock %p sk %p", sock, sk);
441
442 if (!sk)
443 return 0;
444
7b005bd3
MH		 445 hdev = hci_pi(sk)->hdev;
446
cd82e61c
MH		 447 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
448 atomic_dec(&monitor_promisc);
449
1da177e4
LT		 450 bt_sock_unlink(&hci_sk_list, sk);
451
452 if (hdev) {
453 atomic_dec(&hdev->promisc);
454 hci_dev_put(hdev);
455 }
456
457 sock_orphan(sk);
458
459 skb_queue_purge(&sk->sk_receive_queue);
460 skb_queue_purge(&sk->sk_write_queue);
461
462 sock_put(sk);
463 return 0;
464}
465
b2a66aad 466static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 467{
468 bdaddr_t bdaddr;
5e762444 469 int err;
f0358568
JH		 470
471 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
472 return -EFAULT;
473
09fd0de5 474 hci_dev_lock(hdev);
5e762444 475
88c1fe4b 476 err = hci_blacklist_add(hdev, &bdaddr, 0);
5e762444 477
09fd0de5 478 hci_dev_unlock(hdev);
5e762444
AJ		 479
480 return err;
f0358568
JH		 481}
482
b2a66aad 483static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 484{
485 bdaddr_t bdaddr;
5e762444 486 int err;
f0358568
JH		 487
488 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
489 return -EFAULT;
490
09fd0de5 491 hci_dev_lock(hdev);
5e762444 492
88c1fe4b 493 err = hci_blacklist_del(hdev, &bdaddr, 0);
5e762444 494
09fd0de5 495 hci_dev_unlock(hdev);
5e762444
AJ		 496
497 return err;
f0358568
JH		 498}
499
8e87d142 500/* Ioctls that require bound socket */
1da177e4
LT		 501static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
502{
503 struct hci_dev *hdev = hci_pi(sk)->hdev;
504
505 if (!hdev)
506 return -EBADFD;
507
508 switch (cmd) {
509 case HCISETRAW:
510 if (!capable(CAP_NET_ADMIN))
511 return -EACCES;
512
513 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
514 return -EPERM;
515
516 if (arg)
517 set_bit(HCI_RAW, &hdev->flags);
518 else
519 clear_bit(HCI_RAW, &hdev->flags);
520
521 return 0;
522
1da177e4 523 case HCIGETCONNINFO:
40be492f
MH		 524 return hci_get_conn_info(hdev, (void __user *) arg);
525
526 case HCIGETAUTHINFO:
527 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 528
f0358568
JH		 529 case HCIBLOCKADDR:
530 if (!capable(CAP_NET_ADMIN))
531 return -EACCES;
b2a66aad 532 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 533
534 case HCIUNBLOCKADDR:
535 if (!capable(CAP_NET_ADMIN))
536 return -EACCES;
b2a66aad 537 return hci_sock_blacklist_del(hdev, (void __user *) arg);
f0358568 538
1da177e4
LT		 539 default:
540 if (hdev->ioctl)
541 return hdev->ioctl(hdev, cmd, arg);
542 return -EINVAL;
543 }
544}
545
546static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
547{
548 struct sock *sk = sock->sk;
40be492f 549 void __user *argp = (void __user *) arg;
1da177e4
LT		 550 int err;
551
552 BT_DBG("cmd %x arg %lx", cmd, arg);
553
554 switch (cmd) {
555 case HCIGETDEVLIST:
556 return hci_get_dev_list(argp);
557
558 case HCIGETDEVINFO:
559 return hci_get_dev_info(argp);
560
561 case HCIGETCONNLIST:
562 return hci_get_conn_list(argp);
563
564 case HCIDEVUP:
565 if (!capable(CAP_NET_ADMIN))
566 return -EACCES;
567 return hci_dev_open(arg);
568
569 case HCIDEVDOWN:
570 if (!capable(CAP_NET_ADMIN))
571 return -EACCES;
572 return hci_dev_close(arg);
573
574 case HCIDEVRESET:
575 if (!capable(CAP_NET_ADMIN))
576 return -EACCES;
577 return hci_dev_reset(arg);
578
579 case HCIDEVRESTAT:
580 if (!capable(CAP_NET_ADMIN))
581 return -EACCES;
582 return hci_dev_reset_stat(arg);
583
584 case HCISETSCAN:
585 case HCISETAUTH:
586 case HCISETENCRYPT:
587 case HCISETPTYPE:
588 case HCISETLINKPOL:
589 case HCISETLINKMODE:
590 case HCISETACLMTU:
591 case HCISETSCOMTU:
592 if (!capable(CAP_NET_ADMIN))
593 return -EACCES;
594 return hci_dev_cmd(cmd, argp);
595
596 case HCIINQUIRY:
597 return hci_inquiry(argp);
598
599 default:
600 lock_sock(sk);
601 err = hci_sock_bound_ioctl(sk, cmd, arg);
602 release_sock(sk);
603 return err;
604 }
605}
606
607static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
608{
0381101f 609 struct sockaddr_hci haddr;
1da177e4
LT		 610 struct sock *sk = sock->sk;
611 struct hci_dev *hdev = NULL;
0381101f 612 int len, err = 0;
1da177e4
LT		 613
614 BT_DBG("sock %p sk %p", sock, sk);
615
0381101f
JH		 616 if (!addr)
617 return -EINVAL;
618
619 memset(&haddr, 0, sizeof(haddr));
620 len = min_t(unsigned int, sizeof(haddr), addr_len);
621 memcpy(&haddr, addr, len);
622
623 if (haddr.hci_family != AF_BLUETOOTH)
624 return -EINVAL;
625
1da177e4
LT		 626 lock_sock(sk);
627
7cc2ade2 628 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 629 err = -EALREADY;
630 goto done;
631 }
632
7cc2ade2
MH		 633 switch (haddr.hci_channel) {
634 case HCI_CHANNEL_RAW:
635 if (hci_pi(sk)->hdev) {
636 err = -EALREADY;
1da177e4
LT		 637 goto done;
638 }
639
7cc2ade2
MH		 640 if (haddr.hci_dev != HCI_DEV_NONE) {
641 hdev = hci_dev_get(haddr.hci_dev);
642 if (!hdev) {
643 err = -ENODEV;
644 goto done;
645 }
646
647 atomic_inc(&hdev->promisc);
648 }
649
650 hci_pi(sk)->hdev = hdev;
651 break;
652
653 case HCI_CHANNEL_CONTROL:
654 if (haddr.hci_dev != HCI_DEV_NONE || !enable_mgmt) {
655 err = -EINVAL;
656 goto done;
657 }
658
659 set_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags);
660 break;
661
cd82e61c
MH		 662 case HCI_CHANNEL_MONITOR:
663 if (haddr.hci_dev != HCI_DEV_NONE) {
664 err = -EINVAL;
665 goto done;
666 }
667
668 if (!capable(CAP_NET_RAW)) {
669 err = -EPERM;
670 goto done;
671 }
672
673 send_monitor_replay(sk);
674
675 atomic_inc(&monitor_promisc);
676 break;
677
7cc2ade2
MH		 678 default:
679 err = -EINVAL;
680 goto done;
1da177e4
LT		 681 }
682
7cc2ade2 683
0381101f 684 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 685 sk->sk_state = BT_BOUND;
686
687done:
688 release_sock(sk);
689 return err;
690}
691
692static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
693{
694 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
695 struct sock *sk = sock->sk;
7b005bd3 696 struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4
LT		 697
698 BT_DBG("sock %p sk %p", sock, sk);
699
7b005bd3
MH		 700 if (!hdev)
701 return -EBADFD;
702
1da177e4
LT		 703 lock_sock(sk);
704
705 *addr_len = sizeof(*haddr);
706 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 707 haddr->hci_dev = hdev->id;
1da177e4
LT		 708
709 release_sock(sk);
710 return 0;
711}
712
713static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
714{
715 __u32 mask = hci_pi(sk)->cmsg_mask;
716
0d48d939
MH		 717 if (mask & HCI_CMSG_DIR) {
718 int incoming = bt_cb(skb)->incoming;
719 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
720 }
1da177e4 721
a61bbcf2 722 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 723#ifdef CONFIG_COMPAT
724 struct compat_timeval ctv;
725#endif
a61bbcf2 726 struct timeval tv;
767c5eb5
MH		 727 void *data;
728 int len;
a61bbcf2
PM		 729
730 skb_get_timestamp(skb, &tv);
767c5eb5 731
1da97f83
DM		 732 data = &tv;
733 len = sizeof(tv);
734#ifdef CONFIG_COMPAT
767c5eb5 735 if (msg->msg_flags & MSG_CMSG_COMPAT) {
767c5eb5
MH		 736 ctv.tv_sec = tv.tv_sec;
737 ctv.tv_usec = tv.tv_usec;
738 data = &ctv;
739 len = sizeof(ctv);
767c5eb5 740 }
1da97f83 741#endif
767c5eb5
MH		 742
743 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 744 }
1da177e4 745}
8e87d142
YH		 746
747static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 748 struct msghdr *msg, size_t len, int flags)
749{
750 int noblock = flags & MSG_DONTWAIT;
751 struct sock *sk = sock->sk;
752 struct sk_buff *skb;
753 int copied, err;
754
755 BT_DBG("sock %p, sk %p", sock, sk);
756
757 if (flags & (MSG_OOB))
758 return -EOPNOTSUPP;
759
760 if (sk->sk_state == BT_CLOSED)
761 return 0;
762
70f23020
AE		 763 skb = skb_recv_datagram(sk, flags, noblock, &err);
764 if (!skb)
1da177e4
LT		 765 return err;
766
767 msg->msg_namelen = 0;
768
769 copied = skb->len;
770 if (len < copied) {
771 msg->msg_flags |= MSG_TRUNC;
772 copied = len;
773 }
774
badff6d0 775 skb_reset_transport_header(skb);
1da177e4
LT		 776 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
777
3a208627
MH		 778 switch (hci_pi(sk)->channel) {
779 case HCI_CHANNEL_RAW:
780 hci_sock_cmsg(sk, msg, skb);
781 break;
cd82e61c
MH		 782 case HCI_CHANNEL_MONITOR:
783 sock_recv_timestamp(msg, sk, skb);
784 break;
3a208627 785 }
1da177e4
LT		 786
787 skb_free_datagram(sk, skb);
788
789 return err ? : copied;
790}
791
8e87d142 792static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 793 struct msghdr *msg, size_t len)
794{
795 struct sock *sk = sock->sk;
796 struct hci_dev *hdev;
797 struct sk_buff *skb;
798 int err;
799
800 BT_DBG("sock %p sk %p", sock, sk);
801
802 if (msg->msg_flags & MSG_OOB)
803 return -EOPNOTSUPP;
804
805 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
806 return -EINVAL;
807
808 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
809 return -EINVAL;
810
811 lock_sock(sk);
812
0381101f
JH		 813 switch (hci_pi(sk)->channel) {
814 case HCI_CHANNEL_RAW:
815 break;
816 case HCI_CHANNEL_CONTROL:
817 err = mgmt_control(sk, msg, len);
818 goto done;
cd82e61c
MH		 819 case HCI_CHANNEL_MONITOR:
820 err = -EOPNOTSUPP;
821 goto done;
0381101f
JH		 822 default:
823 err = -EINVAL;
824 goto done;
825 }
826
70f23020
AE		 827 hdev = hci_pi(sk)->hdev;
828 if (!hdev) {
1da177e4
LT		 829 err = -EBADFD;
830 goto done;
831 }
832
7e21addc
MH		 833 if (!test_bit(HCI_UP, &hdev->flags)) {
834 err = -ENETDOWN;
835 goto done;
836 }
837
70f23020
AE		 838 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
839 if (!skb)
1da177e4
LT		 840 goto done;
841
842 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
843 err = -EFAULT;
844 goto drop;
845 }
846
0d48d939 847 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4
LT		 848 skb_pull(skb, 1);
849 skb->dev = (void *) hdev;
850
0d48d939 851 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 852 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 853 u16 ogf = hci_opcode_ogf(opcode);
854 u16 ocf = hci_opcode_ocf(opcode);
855
856 if (((ogf > HCI_SFLT_MAX_OGF) ||
857 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
858 !capable(CAP_NET_RAW)) {
859 err = -EPERM;
860 goto drop;
861 }
862
a9de9248 863 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
1da177e4 864 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 865 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 866 } else {
867 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 868 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 869 }
870 } else {
871 if (!capable(CAP_NET_RAW)) {
872 err = -EPERM;
873 goto drop;
874 }
875
876 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 877 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 878 }
879
880 err = len;
881
882done:
883 release_sock(sk);
884 return err;
885
886drop:
887 kfree_skb(skb);
888 goto done;
889}
890
b7058842 891static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
1da177e4
LT		 892{
893 struct hci_ufilter uf = { .opcode = 0 };
894 struct sock *sk = sock->sk;
895 int err = 0, opt = 0;
896
897 BT_DBG("sk %p, opt %d", sk, optname);
898
899 lock_sock(sk);
900
2f39cdb7
MH		 901 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
902 err = -EINVAL;
903 goto done;
904 }
905
1da177e4
LT		 906 switch (optname) {
907 case HCI_DATA_DIR:
908 if (get_user(opt, (int __user *)optval)) {
909 err = -EFAULT;
910 break;
911 }
912
913 if (opt)
914 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
915 else
916 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
917 break;
918
919 case HCI_TIME_STAMP:
920 if (get_user(opt, (int __user *)optval)) {
921 err = -EFAULT;
922 break;
923 }
924
925 if (opt)
926 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
927 else
928 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
929 break;
930
931 case HCI_FILTER:
0878b666
MH		 932 {
933 struct hci_filter *f = &hci_pi(sk)->filter;
934
935 uf.type_mask = f->type_mask;
936 uf.opcode = f->opcode;
937 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
938 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
939 }
940
1da177e4
LT		 941 len = min_t(unsigned int, len, sizeof(uf));
942 if (copy_from_user(&uf, optval, len)) {
943 err = -EFAULT;
944 break;
945 }
946
947 if (!capable(CAP_NET_RAW)) {
948 uf.type_mask &= hci_sec_filter.type_mask;
949 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
950 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
951 }
952
953 {
954 struct hci_filter *f = &hci_pi(sk)->filter;
955
956 f->type_mask = uf.type_mask;
957 f->opcode = uf.opcode;
958 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
959 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
960 }
8e87d142 961 break;
1da177e4
LT		 962
963 default:
964 err = -ENOPROTOOPT;
965 break;
966 }
967
2f39cdb7 968done:
1da177e4
LT		 969 release_sock(sk);
970 return err;
971}
972
973static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
974{
975 struct hci_ufilter uf;
976 struct sock *sk = sock->sk;
cedc5469
MH		 977 int len, opt, err = 0;
978
979 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 980
981 if (get_user(len, optlen))
982 return -EFAULT;
983
cedc5469
MH		 984 lock_sock(sk);
985
986 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
987 err = -EINVAL;
988 goto done;
989 }
990
1da177e4
LT		 991 switch (optname) {
992 case HCI_DATA_DIR:
993 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
994 opt = 1;
8e87d142 995 else
1da177e4
LT		 996 opt = 0;
997
998 if (put_user(opt, optval))
cedc5469 999 err = -EFAULT;
1da177e4
LT		 1000 break;
1001
1002 case HCI_TIME_STAMP:
1003 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1004 opt = 1;
8e87d142 1005 else
1da177e4
LT		 1006 opt = 0;
1007
1008 if (put_user(opt, optval))
cedc5469 1009 err = -EFAULT;
1da177e4
LT		 1010 break;
1011
1012 case HCI_FILTER:
1013 {
1014 struct hci_filter *f = &hci_pi(sk)->filter;
1015
1016 uf.type_mask = f->type_mask;
1017 uf.opcode = f->opcode;
1018 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1019 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1020 }
1021
1022 len = min_t(unsigned int, len, sizeof(uf));
1023 if (copy_to_user(optval, &uf, len))
cedc5469 1024 err = -EFAULT;
1da177e4
LT		 1025 break;
1026
1027 default:
cedc5469 1028 err = -ENOPROTOOPT;
1da177e4
LT		 1029 break;
1030 }
1031
cedc5469
MH		 1032done:
1033 release_sock(sk);
1034 return err;
1da177e4
LT		 1035}
1036
90ddc4f0 1037static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1038 .family = PF_BLUETOOTH,
1039 .owner = THIS_MODULE,
1040 .release = hci_sock_release,
1041 .bind = hci_sock_bind,
1042 .getname = hci_sock_getname,
1043 .sendmsg = hci_sock_sendmsg,
1044 .recvmsg = hci_sock_recvmsg,
1045 .ioctl = hci_sock_ioctl,
1046 .poll = datagram_poll,
1047 .listen = sock_no_listen,
1048 .shutdown = sock_no_shutdown,
1049 .setsockopt = hci_sock_setsockopt,
1050 .getsockopt = hci_sock_getsockopt,
1051 .connect = sock_no_connect,
1052 .socketpair = sock_no_socketpair,
1053 .accept = sock_no_accept,
1054 .mmap = sock_no_mmap
1055};
1056
1057static struct proto hci_sk_proto = {
1058 .name = "HCI",
1059 .owner = THIS_MODULE,
1060 .obj_size = sizeof(struct hci_pinfo)
1061};
1062
3f378b68
EP		 1063static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1064 int kern)
1da177e4
LT		 1065{
1066 struct sock *sk;
1067
1068 BT_DBG("sock %p", sock);
1069
1070 if (sock->type != SOCK_RAW)
1071 return -ESOCKTNOSUPPORT;
1072
1073 sock->ops = &hci_sock_ops;
1074
6257ff21 1075 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4
LT		 1076 if (!sk)
1077 return -ENOMEM;
1078
1079 sock_init_data(sock, sk);
1080
1081 sock_reset_flag(sk, SOCK_ZAPPED);
1082
1083 sk->sk_protocol = protocol;
1084
1085 sock->state = SS_UNCONNECTED;
1086 sk->sk_state = BT_OPEN;
1087
1088 bt_sock_link(&hci_sk_list, sk);
1089 return 0;
1090}
1091
ec1b4cf7 1092static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1093 .family = PF_BLUETOOTH,
1094 .owner = THIS_MODULE,
1095 .create = hci_sock_create,
1096};
1097
1da177e4
LT		 1098int __init hci_sock_init(void)
1099{
1100 int err;
1101
1102 err = proto_register(&hci_sk_proto, 0);
1103 if (err < 0)
1104 return err;
1105
1106 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1107 if (err < 0)
1108 goto error;
1109
1da177e4
LT		 1110 BT_INFO("HCI socket layer initialized");
1111
1112 return 0;
1113
1114error:
1115 BT_ERR("HCI socket registration failed");
1116 proto_unregister(&hci_sk_proto);
1117 return err;
1118}
1119
b7440a14 1120void hci_sock_cleanup(void)
1da177e4
LT		 1121{
1122 if (bt_sock_unregister(BTPROTO_HCI) < 0)
1123 BT_ERR("HCI socket unregistration failed");
1124
1da177e4 1125 proto_unregister(&hci_sk_proto);
1da177e4 1126}
0381101f
JH		 1127
1128module_param(enable_mgmt, bool, 0644);
1129MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
kernel source for telekom puls (alcatel/mediatek)