projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Make hidp_get_raw_report abort if the session is terminating
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
cd82e61c 32#include <net/bluetooth/hci_mon.h>
1da177e4 33
cd82e61c
MH		 34static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
1da177e4
LT		 36/* ----- HCI socket interface ----- */
37
38static inline int hci_test_bit(int nr, void *addr)
39{
40 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
41}
42
43/* Security filter */
44static struct hci_sec_filter hci_sec_filter = {
45 /* Packet types */
46 0x10,
47 /* Events */
dd7f5527 48 { 0x1000d9fe, 0x0000b00c },
1da177e4
LT		 49 /* Commands */
50 {
51 { 0x0 },
52 /* OGF_LINK_CTL */
7c631a67 53 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
1da177e4 54 /* OGF_LINK_POLICY */
7c631a67 55 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
1da177e4 56 /* OGF_HOST_CTL */
7c631a67 57 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
1da177e4 58 /* OGF_INFO_PARAM */
7c631a67 59 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
1da177e4 60 /* OGF_STATUS_PARAM */
7c631a67 61 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
1da177e4
LT		 62 }
63};
64
65static struct bt_sock_list hci_sk_list = {
d5fb2962 66 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
1da177e4
LT		 67};
68
69/* Send frame to RAW socket */
470fe1b5 70void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 71{
72 struct sock *sk;
e0edf373 73 struct sk_buff *skb_copy = NULL;
1da177e4
LT		 74
75 BT_DBG("hdev %p len %d", hdev, skb->len);
76
77 read_lock(&hci_sk_list.lock);
470fe1b5 78
b67bfe0d 79 sk_for_each(sk, &hci_sk_list.head) {
1da177e4
LT		 80 struct hci_filter *flt;
81 struct sk_buff *nskb;
82
83 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
84 continue;
85
86 /* Don't send frame to the socket it came from */
87 if (skb->sk == sk)
88 continue;
89
470fe1b5 90 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
a40c406c
JH		 91 continue;
92
1da177e4
LT		 93 /* Apply filter */
94 flt = &hci_pi(sk)->filter;
95
0d48d939 96 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
3bb3c755
GP		 97 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS),
98 &flt->type_mask))
1da177e4
LT		 99 continue;
100
0d48d939 101 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
fc5fef61 102 int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
1da177e4
LT		 103
104 if (!hci_test_bit(evt, &flt->event_mask))
105 continue;
106
4498c80d
DM		 107 if (flt->opcode &&
108 ((evt == HCI_EV_CMD_COMPLETE &&
109 flt->opcode !=
905f3ed6 110 get_unaligned((__le16 *)(skb->data + 3))) ||
4498c80d
DM		 111 (evt == HCI_EV_CMD_STATUS &&
112 flt->opcode !=
905f3ed6 113 get_unaligned((__le16 *)(skb->data + 4)))))
1da177e4
LT		 114 continue;
115 }
116
e0edf373
MH		 117 if (!skb_copy) {
118 /* Create a private copy with headroom */
119 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
120 if (!skb_copy)
121 continue;
122
123 /* Put type byte before the data */
124 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
125 }
126
127 nskb = skb_clone(skb_copy, GFP_ATOMIC);
70f23020 128 if (!nskb)
1da177e4
LT		 129 continue;
130
470fe1b5
MH		 131 if (sock_queue_rcv_skb(sk, nskb))
132 kfree_skb(nskb);
133 }
134
135 read_unlock(&hci_sk_list.lock);
e0edf373
MH		 136
137 kfree_skb(skb_copy);
470fe1b5
MH		 138}
139
140/* Send frame to control socket */
141void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
142{
143 struct sock *sk;
470fe1b5
MH		 144
145 BT_DBG("len %d", skb->len);
146
147 read_lock(&hci_sk_list.lock);
148
b67bfe0d 149 sk_for_each(sk, &hci_sk_list.head) {
470fe1b5
MH		 150 struct sk_buff *nskb;
151
152 /* Skip the original socket */
153 if (sk == skip_sk)
154 continue;
155
156 if (sk->sk_state != BT_BOUND)
157 continue;
158
159 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
160 continue;
161
162 nskb = skb_clone(skb, GFP_ATOMIC);
163 if (!nskb)
164 continue;
1da177e4
LT		 165
166 if (sock_queue_rcv_skb(sk, nskb))
167 kfree_skb(nskb);
168 }
470fe1b5 169
1da177e4
LT		 170 read_unlock(&hci_sk_list.lock);
171}
172
cd82e61c
MH		 173/* Send frame to monitor socket */
174void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
175{
176 struct sock *sk;
cd82e61c
MH		 177 struct sk_buff *skb_copy = NULL;
178 __le16 opcode;
179
180 if (!atomic_read(&monitor_promisc))
181 return;
182
183 BT_DBG("hdev %p len %d", hdev, skb->len);
184
185 switch (bt_cb(skb)->pkt_type) {
186 case HCI_COMMAND_PKT:
187 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
188 break;
189 case HCI_EVENT_PKT:
190 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
191 break;
192 case HCI_ACLDATA_PKT:
193 if (bt_cb(skb)->incoming)
194 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
195 else
196 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
197 break;
198 case HCI_SCODATA_PKT:
199 if (bt_cb(skb)->incoming)
200 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
201 else
202 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
203 break;
204 default:
205 return;
206 }
207
208 read_lock(&hci_sk_list.lock);
209
b67bfe0d 210 sk_for_each(sk, &hci_sk_list.head) {
cd82e61c
MH		 211 struct sk_buff *nskb;
212
213 if (sk->sk_state != BT_BOUND)
214 continue;
215
216 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
217 continue;
218
219 if (!skb_copy) {
220 struct hci_mon_hdr *hdr;
221
222 /* Create a private copy with headroom */
8fc9ced3
GP		 223 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
224 GFP_ATOMIC);
cd82e61c
MH		 225 if (!skb_copy)
226 continue;
227
228 /* Put header before the data */
229 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
230 hdr->opcode = opcode;
231 hdr->index = cpu_to_le16(hdev->id);
232 hdr->len = cpu_to_le16(skb->len);
233 }
234
235 nskb = skb_clone(skb_copy, GFP_ATOMIC);
236 if (!nskb)
237 continue;
238
239 if (sock_queue_rcv_skb(sk, nskb))
240 kfree_skb(nskb);
241 }
242
243 read_unlock(&hci_sk_list.lock);
244
245 kfree_skb(skb_copy);
246}
247
248static void send_monitor_event(struct sk_buff *skb)
249{
250 struct sock *sk;
cd82e61c
MH		 251
252 BT_DBG("len %d", skb->len);
253
254 read_lock(&hci_sk_list.lock);
255
b67bfe0d 256 sk_for_each(sk, &hci_sk_list.head) {
cd82e61c
MH		 257 struct sk_buff *nskb;
258
259 if (sk->sk_state != BT_BOUND)
260 continue;
261
262 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
263 continue;
264
265 nskb = skb_clone(skb, GFP_ATOMIC);
266 if (!nskb)
267 continue;
268
269 if (sock_queue_rcv_skb(sk, nskb))
270 kfree_skb(nskb);
271 }
272
273 read_unlock(&hci_sk_list.lock);
274}
275
276static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
277{
278 struct hci_mon_hdr *hdr;
279 struct hci_mon_new_index *ni;
280 struct sk_buff *skb;
281 __le16 opcode;
282
283 switch (event) {
284 case HCI_DEV_REG:
285 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
286 if (!skb)
287 return NULL;
288
289 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
290 ni->type = hdev->dev_type;
291 ni->bus = hdev->bus;
292 bacpy(&ni->bdaddr, &hdev->bdaddr);
293 memcpy(ni->name, hdev->name, 8);
294
295 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
296 break;
297
298 case HCI_DEV_UNREG:
299 skb = bt_skb_alloc(0, GFP_ATOMIC);
300 if (!skb)
301 return NULL;
302
303 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
304 break;
305
306 default:
307 return NULL;
308 }
309
310 __net_timestamp(skb);
311
312 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
313 hdr->opcode = opcode;
314 hdr->index = cpu_to_le16(hdev->id);
315 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
316
317 return skb;
318}
319
320static void send_monitor_replay(struct sock *sk)
321{
322 struct hci_dev *hdev;
323
324 read_lock(&hci_dev_list_lock);
325
326 list_for_each_entry(hdev, &hci_dev_list, list) {
327 struct sk_buff *skb;
328
329 skb = create_monitor_event(hdev, HCI_DEV_REG);
330 if (!skb)
331 continue;
332
333 if (sock_queue_rcv_skb(sk, skb))
334 kfree_skb(skb);
335 }
336
337 read_unlock(&hci_dev_list_lock);
338}
339
040030ef
MH		 340/* Generate internal stack event */
341static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
342{
343 struct hci_event_hdr *hdr;
344 struct hci_ev_stack_internal *ev;
345 struct sk_buff *skb;
346
347 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
348 if (!skb)
349 return;
350
351 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
352 hdr->evt = HCI_EV_STACK_INTERNAL;
353 hdr->plen = sizeof(*ev) + dlen;
354
355 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
356 ev->type = type;
357 memcpy(ev->data, data, dlen);
358
359 bt_cb(skb)->incoming = 1;
360 __net_timestamp(skb);
361
362 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
363 skb->dev = (void *) hdev;
364 hci_send_to_sock(hdev, skb);
365 kfree_skb(skb);
366}
367
368void hci_sock_dev_event(struct hci_dev *hdev, int event)
369{
370 struct hci_ev_si_device ev;
371
372 BT_DBG("hdev %s event %d", hdev->name, event);
373
cd82e61c
MH		 374 /* Send event to monitor */
375 if (atomic_read(&monitor_promisc)) {
376 struct sk_buff *skb;
377
378 skb = create_monitor_event(hdev, event);
379 if (skb) {
380 send_monitor_event(skb);
381 kfree_skb(skb);
382 }
383 }
384
040030ef
MH		 385 /* Send event to sockets */
386 ev.event = event;
387 ev.dev_id = hdev->id;
388 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
389
390 if (event == HCI_DEV_UNREG) {
391 struct sock *sk;
040030ef
MH		 392
393 /* Detach sockets from device */
394 read_lock(&hci_sk_list.lock);
b67bfe0d 395 sk_for_each(sk, &hci_sk_list.head) {
040030ef
MH		 396 bh_lock_sock_nested(sk);
397 if (hci_pi(sk)->hdev == hdev) {
398 hci_pi(sk)->hdev = NULL;
399 sk->sk_err = EPIPE;
400 sk->sk_state = BT_OPEN;
401 sk->sk_state_change(sk);
402
403 hci_dev_put(hdev);
404 }
405 bh_unlock_sock(sk);
406 }
407 read_unlock(&hci_sk_list.lock);
408 }
409}
410
1da177e4
LT		 411static int hci_sock_release(struct socket *sock)
412{
413 struct sock *sk = sock->sk;
7b005bd3 414 struct hci_dev *hdev;
1da177e4
LT		 415
416 BT_DBG("sock %p sk %p", sock, sk);
417
418 if (!sk)
419 return 0;
420
7b005bd3
MH		 421 hdev = hci_pi(sk)->hdev;
422
cd82e61c
MH		 423 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
424 atomic_dec(&monitor_promisc);
425
1da177e4
LT		 426 bt_sock_unlink(&hci_sk_list, sk);
427
428 if (hdev) {
429 atomic_dec(&hdev->promisc);
430 hci_dev_put(hdev);
431 }
432
433 sock_orphan(sk);
434
435 skb_queue_purge(&sk->sk_receive_queue);
436 skb_queue_purge(&sk->sk_write_queue);
437
438 sock_put(sk);
439 return 0;
440}
441
b2a66aad 442static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 443{
444 bdaddr_t bdaddr;
5e762444 445 int err;
f0358568
JH		 446
447 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
448 return -EFAULT;
449
09fd0de5 450 hci_dev_lock(hdev);
5e762444 451
88c1fe4b 452 err = hci_blacklist_add(hdev, &bdaddr, 0);
5e762444 453
09fd0de5 454 hci_dev_unlock(hdev);
5e762444
AJ		 455
456 return err;
f0358568
JH		 457}
458
b2a66aad 459static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
f0358568
JH		 460{
461 bdaddr_t bdaddr;
5e762444 462 int err;
f0358568
JH		 463
464 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
465 return -EFAULT;
466
09fd0de5 467 hci_dev_lock(hdev);
5e762444 468
88c1fe4b 469 err = hci_blacklist_del(hdev, &bdaddr, 0);
5e762444 470
09fd0de5 471 hci_dev_unlock(hdev);
5e762444
AJ		 472
473 return err;
f0358568
JH		 474}
475
8e87d142 476/* Ioctls that require bound socket */
6039aa73
GP		 477static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
478 unsigned long arg)
1da177e4
LT		 479{
480 struct hci_dev *hdev = hci_pi(sk)->hdev;
481
482 if (!hdev)
483 return -EBADFD;
484
485 switch (cmd) {
486 case HCISETRAW:
487 if (!capable(CAP_NET_ADMIN))
bf5b30b8 488 return -EPERM;
1da177e4
LT		 489
490 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
491 return -EPERM;
492
493 if (arg)
494 set_bit(HCI_RAW, &hdev->flags);
495 else
496 clear_bit(HCI_RAW, &hdev->flags);
497
498 return 0;
499
1da177e4 500 case HCIGETCONNINFO:
40be492f
MH		 501 return hci_get_conn_info(hdev, (void __user *) arg);
502
503 case HCIGETAUTHINFO:
504 return hci_get_auth_info(hdev, (void __user *) arg);
1da177e4 505
f0358568
JH		 506 case HCIBLOCKADDR:
507 if (!capable(CAP_NET_ADMIN))
bf5b30b8 508 return -EPERM;
b2a66aad 509 return hci_sock_blacklist_add(hdev, (void __user *) arg);
f0358568
JH		 510
511 case HCIUNBLOCKADDR:
512 if (!capable(CAP_NET_ADMIN))
bf5b30b8 513 return -EPERM;
b2a66aad 514 return hci_sock_blacklist_del(hdev, (void __user *) arg);
f0358568 515
1da177e4
LT		 516 default:
517 if (hdev->ioctl)
518 return hdev->ioctl(hdev, cmd, arg);
519 return -EINVAL;
520 }
521}
522
8fc9ced3
GP		 523static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
524 unsigned long arg)
1da177e4
LT		 525{
526 struct sock *sk = sock->sk;
40be492f 527 void __user *argp = (void __user *) arg;
1da177e4
LT		 528 int err;
529
530 BT_DBG("cmd %x arg %lx", cmd, arg);
531
532 switch (cmd) {
533 case HCIGETDEVLIST:
534 return hci_get_dev_list(argp);
535
536 case HCIGETDEVINFO:
537 return hci_get_dev_info(argp);
538
539 case HCIGETCONNLIST:
540 return hci_get_conn_list(argp);
541
542 case HCIDEVUP:
543 if (!capable(CAP_NET_ADMIN))
bf5b30b8 544 return -EPERM;
1da177e4
LT		 545 return hci_dev_open(arg);
546
547 case HCIDEVDOWN:
548 if (!capable(CAP_NET_ADMIN))
bf5b30b8 549 return -EPERM;
1da177e4
LT		 550 return hci_dev_close(arg);
551
552 case HCIDEVRESET:
553 if (!capable(CAP_NET_ADMIN))
bf5b30b8 554 return -EPERM;
1da177e4
LT		 555 return hci_dev_reset(arg);
556
557 case HCIDEVRESTAT:
558 if (!capable(CAP_NET_ADMIN))
bf5b30b8 559 return -EPERM;
1da177e4
LT		 560 return hci_dev_reset_stat(arg);
561
562 case HCISETSCAN:
563 case HCISETAUTH:
564 case HCISETENCRYPT:
565 case HCISETPTYPE:
566 case HCISETLINKPOL:
567 case HCISETLINKMODE:
568 case HCISETACLMTU:
569 case HCISETSCOMTU:
570 if (!capable(CAP_NET_ADMIN))
bf5b30b8 571 return -EPERM;
1da177e4
LT		 572 return hci_dev_cmd(cmd, argp);
573
574 case HCIINQUIRY:
575 return hci_inquiry(argp);
576
577 default:
578 lock_sock(sk);
579 err = hci_sock_bound_ioctl(sk, cmd, arg);
580 release_sock(sk);
581 return err;
582 }
583}
584
8fc9ced3
GP		 585static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
586 int addr_len)
1da177e4 587{
0381101f 588 struct sockaddr_hci haddr;
1da177e4
LT		 589 struct sock *sk = sock->sk;
590 struct hci_dev *hdev = NULL;
0381101f 591 int len, err = 0;
1da177e4
LT		 592
593 BT_DBG("sock %p sk %p", sock, sk);
594
0381101f
JH		 595 if (!addr)
596 return -EINVAL;
597
598 memset(&haddr, 0, sizeof(haddr));
599 len = min_t(unsigned int, sizeof(haddr), addr_len);
600 memcpy(&haddr, addr, len);
601
602 if (haddr.hci_family != AF_BLUETOOTH)
603 return -EINVAL;
604
1da177e4
LT		 605 lock_sock(sk);
606
7cc2ade2 607 if (sk->sk_state == BT_BOUND) {
1da177e4
LT		 608 err = -EALREADY;
609 goto done;
610 }
611
7cc2ade2
MH		 612 switch (haddr.hci_channel) {
613 case HCI_CHANNEL_RAW:
614 if (hci_pi(sk)->hdev) {
615 err = -EALREADY;
1da177e4
LT		 616 goto done;
617 }
618
7cc2ade2
MH		 619 if (haddr.hci_dev != HCI_DEV_NONE) {
620 hdev = hci_dev_get(haddr.hci_dev);
621 if (!hdev) {
622 err = -ENODEV;
623 goto done;
624 }
625
626 atomic_inc(&hdev->promisc);
627 }
628
629 hci_pi(sk)->hdev = hdev;
630 break;
631
632 case HCI_CHANNEL_CONTROL:
4b95a24c 633 if (haddr.hci_dev != HCI_DEV_NONE) {
7cc2ade2
MH		 634 err = -EINVAL;
635 goto done;
636 }
637
801f13bd
MH		 638 if (!capable(CAP_NET_ADMIN)) {
639 err = -EPERM;
640 goto done;
641 }
642
7cc2ade2
MH		 643 break;
644
cd82e61c
MH		 645 case HCI_CHANNEL_MONITOR:
646 if (haddr.hci_dev != HCI_DEV_NONE) {
647 err = -EINVAL;
648 goto done;
649 }
650
651 if (!capable(CAP_NET_RAW)) {
652 err = -EPERM;
653 goto done;
654 }
655
656 send_monitor_replay(sk);
657
658 atomic_inc(&monitor_promisc);
659 break;
660
7cc2ade2
MH		 661 default:
662 err = -EINVAL;
663 goto done;
1da177e4
LT		 664 }
665
7cc2ade2 666
0381101f 667 hci_pi(sk)->channel = haddr.hci_channel;
1da177e4
LT		 668 sk->sk_state = BT_BOUND;
669
670done:
671 release_sock(sk);
672 return err;
673}
674
8fc9ced3
GP		 675static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
676 int *addr_len, int peer)
1da177e4
LT		 677{
678 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
679 struct sock *sk = sock->sk;
7b005bd3 680 struct hci_dev *hdev = hci_pi(sk)->hdev;
1da177e4
LT		 681
682 BT_DBG("sock %p sk %p", sock, sk);
683
7b005bd3
MH		 684 if (!hdev)
685 return -EBADFD;
686
1da177e4
LT		 687 lock_sock(sk);
688
689 *addr_len = sizeof(*haddr);
690 haddr->hci_family = AF_BLUETOOTH;
7b005bd3 691 haddr->hci_dev = hdev->id;
3f68ba07 692 haddr->hci_channel= 0;
1da177e4
LT		 693
694 release_sock(sk);
695 return 0;
696}
697
6039aa73
GP		 698static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
699 struct sk_buff *skb)
1da177e4
LT		 700{
701 __u32 mask = hci_pi(sk)->cmsg_mask;
702
0d48d939
MH		 703 if (mask & HCI_CMSG_DIR) {
704 int incoming = bt_cb(skb)->incoming;
8fc9ced3
GP		 705 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
706 &incoming);
0d48d939 707 }
1da177e4 708
a61bbcf2 709 if (mask & HCI_CMSG_TSTAMP) {
f6e623a6
JFS		 710#ifdef CONFIG_COMPAT
711 struct compat_timeval ctv;
712#endif
a61bbcf2 713 struct timeval tv;
767c5eb5
MH		 714 void *data;
715 int len;
a61bbcf2
PM		 716
717 skb_get_timestamp(skb, &tv);
767c5eb5 718
1da97f83
DM		 719 data = &tv;
720 len = sizeof(tv);
721#ifdef CONFIG_COMPAT
da88cea1
L		 722 if (!COMPAT_USE_64BIT_TIME &&
723 (msg->msg_flags & MSG_CMSG_COMPAT)) {
767c5eb5
MH		 724 ctv.tv_sec = tv.tv_sec;
725 ctv.tv_usec = tv.tv_usec;
726 data = &ctv;
727 len = sizeof(ctv);
767c5eb5 728 }
1da97f83 729#endif
767c5eb5
MH		 730
731 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
a61bbcf2 732 }
1da177e4 733}
8e87d142
YH		 734
735static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
3bb3c755 736 struct msghdr *msg, size_t len, int flags)
1da177e4
LT		 737{
738 int noblock = flags & MSG_DONTWAIT;
739 struct sock *sk = sock->sk;
740 struct sk_buff *skb;
741 int copied, err;
742
743 BT_DBG("sock %p, sk %p", sock, sk);
744
745 if (flags & (MSG_OOB))
746 return -EOPNOTSUPP;
747
748 if (sk->sk_state == BT_CLOSED)
749 return 0;
750
70f23020
AE		 751 skb = skb_recv_datagram(sk, flags, noblock, &err);
752 if (!skb)
1da177e4
LT		 753 return err;
754
755 msg->msg_namelen = 0;
756
757 copied = skb->len;
758 if (len < copied) {
759 msg->msg_flags |= MSG_TRUNC;
760 copied = len;
761 }
762
badff6d0 763 skb_reset_transport_header(skb);
1da177e4
LT		 764 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
765
3a208627
MH		 766 switch (hci_pi(sk)->channel) {
767 case HCI_CHANNEL_RAW:
768 hci_sock_cmsg(sk, msg, skb);
769 break;
97e0bdeb 770 case HCI_CHANNEL_CONTROL:
cd82e61c
MH		 771 case HCI_CHANNEL_MONITOR:
772 sock_recv_timestamp(msg, sk, skb);
773 break;
3a208627 774 }
1da177e4
LT		 775
776 skb_free_datagram(sk, skb);
777
778 return err ? : copied;
779}
780
8e87d142 781static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1da177e4
LT		 782 struct msghdr *msg, size_t len)
783{
784 struct sock *sk = sock->sk;
785 struct hci_dev *hdev;
786 struct sk_buff *skb;
787 int err;
788
789 BT_DBG("sock %p sk %p", sock, sk);
790
791 if (msg->msg_flags & MSG_OOB)
792 return -EOPNOTSUPP;
793
794 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
795 return -EINVAL;
796
797 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
798 return -EINVAL;
799
800 lock_sock(sk);
801
0381101f
JH		 802 switch (hci_pi(sk)->channel) {
803 case HCI_CHANNEL_RAW:
804 break;
805 case HCI_CHANNEL_CONTROL:
806 err = mgmt_control(sk, msg, len);
807 goto done;
cd82e61c
MH		 808 case HCI_CHANNEL_MONITOR:
809 err = -EOPNOTSUPP;
810 goto done;
0381101f
JH		 811 default:
812 err = -EINVAL;
813 goto done;
814 }
815
70f23020
AE		 816 hdev = hci_pi(sk)->hdev;
817 if (!hdev) {
1da177e4
LT		 818 err = -EBADFD;
819 goto done;
820 }
821
7e21addc
MH		 822 if (!test_bit(HCI_UP, &hdev->flags)) {
823 err = -ENETDOWN;
824 goto done;
825 }
826
70f23020
AE		 827 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
828 if (!skb)
1da177e4
LT		 829 goto done;
830
831 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
832 err = -EFAULT;
833 goto drop;
834 }
835
0d48d939 836 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1da177e4
LT		 837 skb_pull(skb, 1);
838 skb->dev = (void *) hdev;
839
0d48d939 840 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
83985319 841 u16 opcode = get_unaligned_le16(skb->data);
1da177e4
LT		 842 u16 ogf = hci_opcode_ogf(opcode);
843 u16 ocf = hci_opcode_ocf(opcode);
844
845 if (((ogf > HCI_SFLT_MAX_OGF) ||
3bb3c755
GP		 846 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
847 &hci_sec_filter.ocf_mask[ogf])) &&
848 !capable(CAP_NET_RAW)) {
1da177e4
LT		 849 err = -EPERM;
850 goto drop;
851 }
852
a9de9248 853 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
1da177e4 854 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 855 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 856 } else {
857 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 858 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 859 }
860 } else {
861 if (!capable(CAP_NET_RAW)) {
862 err = -EPERM;
863 goto drop;
864 }
865
866 skb_queue_tail(&hdev->raw_q, skb);
3eff45ea 867 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 868 }
869
870 err = len;
871
872done:
873 release_sock(sk);
874 return err;
875
876drop:
877 kfree_skb(skb);
878 goto done;
879}
880
8fc9ced3
GP		 881static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
882 char __user *optval, unsigned int len)
1da177e4
LT		 883{
884 struct hci_ufilter uf = { .opcode = 0 };
885 struct sock *sk = sock->sk;
886 int err = 0, opt = 0;
887
888 BT_DBG("sk %p, opt %d", sk, optname);
889
890 lock_sock(sk);
891
2f39cdb7
MH		 892 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
893 err = -EINVAL;
894 goto done;
895 }
896
1da177e4
LT		 897 switch (optname) {
898 case HCI_DATA_DIR:
899 if (get_user(opt, (int __user *)optval)) {
900 err = -EFAULT;
901 break;
902 }
903
904 if (opt)
905 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
906 else
907 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
908 break;
909
910 case HCI_TIME_STAMP:
911 if (get_user(opt, (int __user *)optval)) {
912 err = -EFAULT;
913 break;
914 }
915
916 if (opt)
917 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
918 else
919 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
920 break;
921
922 case HCI_FILTER:
0878b666
MH		 923 {
924 struct hci_filter *f = &hci_pi(sk)->filter;
925
926 uf.type_mask = f->type_mask;
927 uf.opcode = f->opcode;
928 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
929 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
930 }
931
1da177e4
LT		 932 len = min_t(unsigned int, len, sizeof(uf));
933 if (copy_from_user(&uf, optval, len)) {
934 err = -EFAULT;
935 break;
936 }
937
938 if (!capable(CAP_NET_RAW)) {
939 uf.type_mask &= hci_sec_filter.type_mask;
940 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
941 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
942 }
943
944 {
945 struct hci_filter *f = &hci_pi(sk)->filter;
946
947 f->type_mask = uf.type_mask;
948 f->opcode = uf.opcode;
949 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
950 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
951 }
8e87d142 952 break;
1da177e4
LT		 953
954 default:
955 err = -ENOPROTOOPT;
956 break;
957 }
958
2f39cdb7 959done:
1da177e4
LT		 960 release_sock(sk);
961 return err;
962}
963
8fc9ced3
GP		 964static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
965 char __user *optval, int __user *optlen)
1da177e4
LT		 966{
967 struct hci_ufilter uf;
968 struct sock *sk = sock->sk;
cedc5469
MH		 969 int len, opt, err = 0;
970
971 BT_DBG("sk %p, opt %d", sk, optname);
1da177e4
LT		 972
973 if (get_user(len, optlen))
974 return -EFAULT;
975
cedc5469
MH		 976 lock_sock(sk);
977
978 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
979 err = -EINVAL;
980 goto done;
981 }
982
1da177e4
LT		 983 switch (optname) {
984 case HCI_DATA_DIR:
985 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
986 opt = 1;
8e87d142 987 else
1da177e4
LT		 988 opt = 0;
989
990 if (put_user(opt, optval))
cedc5469 991 err = -EFAULT;
1da177e4
LT		 992 break;
993
994 case HCI_TIME_STAMP:
995 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
996 opt = 1;
8e87d142 997 else
1da177e4
LT		 998 opt = 0;
999
1000 if (put_user(opt, optval))
cedc5469 1001 err = -EFAULT;
1da177e4
LT		 1002 break;
1003
1004 case HCI_FILTER:
1005 {
1006 struct hci_filter *f = &hci_pi(sk)->filter;
1007
e15ca9a0 1008 memset(&uf, 0, sizeof(uf));
1da177e4
LT		 1009 uf.type_mask = f->type_mask;
1010 uf.opcode = f->opcode;
1011 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1012 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1013 }
1014
1015 len = min_t(unsigned int, len, sizeof(uf));
1016 if (copy_to_user(optval, &uf, len))
cedc5469 1017 err = -EFAULT;
1da177e4
LT		 1018 break;
1019
1020 default:
cedc5469 1021 err = -ENOPROTOOPT;
1da177e4
LT		 1022 break;
1023 }
1024
cedc5469
MH		 1025done:
1026 release_sock(sk);
1027 return err;
1da177e4
LT		 1028}
1029
90ddc4f0 1030static const struct proto_ops hci_sock_ops = {
1da177e4
LT		 1031 .family = PF_BLUETOOTH,
1032 .owner = THIS_MODULE,
1033 .release = hci_sock_release,
1034 .bind = hci_sock_bind,
1035 .getname = hci_sock_getname,
1036 .sendmsg = hci_sock_sendmsg,
1037 .recvmsg = hci_sock_recvmsg,
1038 .ioctl = hci_sock_ioctl,
1039 .poll = datagram_poll,
1040 .listen = sock_no_listen,
1041 .shutdown = sock_no_shutdown,
1042 .setsockopt = hci_sock_setsockopt,
1043 .getsockopt = hci_sock_getsockopt,
1044 .connect = sock_no_connect,
1045 .socketpair = sock_no_socketpair,
1046 .accept = sock_no_accept,
1047 .mmap = sock_no_mmap
1048};
1049
1050static struct proto hci_sk_proto = {
1051 .name = "HCI",
1052 .owner = THIS_MODULE,
1053 .obj_size = sizeof(struct hci_pinfo)
1054};
1055
3f378b68
EP		 1056static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1057 int kern)
1da177e4
LT		 1058{
1059 struct sock *sk;
1060
1061 BT_DBG("sock %p", sock);
1062
1063 if (sock->type != SOCK_RAW)
1064 return -ESOCKTNOSUPPORT;
1065
1066 sock->ops = &hci_sock_ops;
1067
6257ff21 1068 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1da177e4
LT		 1069 if (!sk)
1070 return -ENOMEM;
1071
1072 sock_init_data(sock, sk);
1073
1074 sock_reset_flag(sk, SOCK_ZAPPED);
1075
1076 sk->sk_protocol = protocol;
1077
1078 sock->state = SS_UNCONNECTED;
1079 sk->sk_state = BT_OPEN;
1080
1081 bt_sock_link(&hci_sk_list, sk);
1082 return 0;
1083}
1084
ec1b4cf7 1085static const struct net_proto_family hci_sock_family_ops = {
1da177e4
LT		 1086 .family = PF_BLUETOOTH,
1087 .owner = THIS_MODULE,
1088 .create = hci_sock_create,
1089};
1090
1da177e4
LT		 1091int __init hci_sock_init(void)
1092{
1093 int err;
1094
1095 err = proto_register(&hci_sk_proto, 0);
1096 if (err < 0)
1097 return err;
1098
1099 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
f7c86637
MY		 1100 if (err < 0) {
1101 BT_ERR("HCI socket registration failed");
1da177e4 1102 goto error;
f7c86637
MY		 1103 }
1104
1105 err = bt_procfs_init(THIS_MODULE, &init_net, "hci", &hci_sk_list, NULL);
1106 if (err < 0) {
1107 BT_ERR("Failed to create HCI proc file");
1108 bt_sock_unregister(BTPROTO_HCI);
1109 goto error;
1110 }
1da177e4 1111
1da177e4
LT		 1112 BT_INFO("HCI socket layer initialized");
1113
1114 return 0;
1115
1116error:
1da177e4
LT		 1117 proto_unregister(&hci_sk_proto);
1118 return err;
1119}
1120
b7440a14 1121void hci_sock_cleanup(void)
1da177e4 1122{
f7c86637 1123 bt_procfs_cleanup(&init_net, "hci");
1da177e4
LT		 1124 if (bt_sock_unregister(BTPROTO_HCI) < 0)
1125 BT_ERR("HCI socket unregistration failed");
1126
1da177e4 1127 proto_unregister(&hci_sk_proto);
1da177e4 1128}
kernel source for telekom puls (alcatel/mediatek)