[net-next-2.6.git] / net / bluetooth / hci_sock.c

/* 
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth HCI sockets. */

#include <linux/config.h>
#include <linux/module.h>

#include <linux/types.h>
#include <linux/capability.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/workqueue.h>
#include <linux/interrupt.h>
#include <linux/socket.h>
#include <linux/ioctl.h>
#include <net/sock.h>

#include <asm/system.h>
#include <asm/uaccess.h>
#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>

#ifndef CONFIG_BT_HCI_SOCK_DEBUG
#undef  BT_DBG
#define BT_DBG(D...)
#endif

/* ----- HCI socket interface ----- */

static inline int hci_test_bit(int nr, void *addr)
{
	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
}

/* Security filter */
static struct hci_sec_filter hci_sec_filter = {
	/* Packet types */
	0x10,
	/* Events */
	{ 0x1000d9fe, 0x0000b00c },
	/* Commands */
	{
		{ 0x0 },
		/* OGF_LINK_CTL */
		{ 0xbe000006, 0x00000001, 0x000000, 0x00 },
		/* OGF_LINK_POLICY */
		{ 0x00005200, 0x00000000, 0x000000, 0x00 },
		/* OGF_HOST_CTL */
		{ 0xaab00200, 0x2b402aaa, 0x020154, 0x00 },
		/* OGF_INFO_PARAM */
		{ 0x000002be, 0x00000000, 0x000000, 0x00 },
		/* OGF_STATUS_PARAM */
		{ 0x000000ea, 0x00000000, 0x000000, 0x00 }
	}
};

static struct bt_sock_list hci_sk_list = {
	.lock = RW_LOCK_UNLOCKED
};

/* Send frame to RAW socket */
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
{
	struct sock *sk;
	struct hlist_node *node;

	BT_DBG("hdev %p len %d", hdev, skb->len);

	read_lock(&hci_sk_list.lock);
	sk_for_each(sk, node, &hci_sk_list.head) {
		struct hci_filter *flt;
		struct sk_buff *nskb;

		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
			continue;

		/* Don't send frame to the socket it came from */
		if (skb->sk == sk)
			continue;

		/* Apply filter */
		flt = &hci_pi(sk)->filter;

		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
			continue;

		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);

			if (!hci_test_bit(evt, &flt->event_mask))
				continue;

			if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE && 
					flt->opcode != *(__u16 *)(skb->data + 3)) ||
					(evt == HCI_EV_CMD_STATUS && 
					flt->opcode != *(__u16 *)(skb->data + 4))))
				continue;
		}

		if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
			continue;

		/* Put type byte before the data */
		memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);

		if (sock_queue_rcv_skb(sk, nskb))
			kfree_skb(nskb);
	}
	read_unlock(&hci_sk_list.lock);
}

static int hci_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!sk)
		return 0;

	bt_sock_unlink(&hci_sk_list, sk);

	if (hdev) {
		atomic_dec(&hdev->promisc);
		hci_dev_put(hdev);
	}

	sock_orphan(sk);

	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);

	sock_put(sk);
	return 0;
}

/* Ioctls that require bound socket */ 
static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
{
	struct hci_dev *hdev = hci_pi(sk)->hdev;

	if (!hdev)
		return -EBADFD;

	switch (cmd) {
	case HCISETRAW:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;

		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
			return -EPERM;

		if (arg)
			set_bit(HCI_RAW, &hdev->flags);
		else
			clear_bit(HCI_RAW, &hdev->flags);

		return 0;

	case HCISETSECMGR:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;

		if (arg)
			set_bit(HCI_SECMGR, &hdev->flags);
		else
			clear_bit(HCI_SECMGR, &hdev->flags);

		return 0;

	case HCIGETCONNINFO:
		return hci_get_conn_info(hdev, (void __user *)arg);

	default:
		if (hdev->ioctl)
			return hdev->ioctl(hdev, cmd, arg);
		return -EINVAL;
	}
}

static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
{
	struct sock *sk = sock->sk;
	void __user *argp = (void __user *)arg;
	int err;

	BT_DBG("cmd %x arg %lx", cmd, arg);

	switch (cmd) {
	case HCIGETDEVLIST:
		return hci_get_dev_list(argp);

	case HCIGETDEVINFO:
		return hci_get_dev_info(argp);

	case HCIGETCONNLIST:
		return hci_get_conn_list(argp);

	case HCIDEVUP:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_open(arg);

	case HCIDEVDOWN:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_close(arg);

	case HCIDEVRESET:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset(arg);

	case HCIDEVRESTAT:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_reset_stat(arg);

	case HCISETSCAN:
	case HCISETAUTH:
	case HCISETENCRYPT:
	case HCISETPTYPE:
	case HCISETLINKPOL:
	case HCISETLINKMODE:
	case HCISETACLMTU:
	case HCISETSCOMTU:
		if (!capable(CAP_NET_ADMIN))
			return -EACCES;
		return hci_dev_cmd(cmd, argp);

	case HCIINQUIRY:
		return hci_inquiry(argp);

	default:
		lock_sock(sk);
		err = hci_sock_bound_ioctl(sk, cmd, arg);
		release_sock(sk);
		return err;
	}
}

static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;
	struct hci_dev *hdev = NULL;
	int err = 0;

	BT_DBG("sock %p sk %p", sock, sk);

	if (!haddr || haddr->hci_family != AF_BLUETOOTH)
		return -EINVAL;

	lock_sock(sk);

	if (hci_pi(sk)->hdev) {
		err = -EALREADY;
		goto done;
	}

	if (haddr->hci_dev != HCI_DEV_NONE) {
		if (!(hdev = hci_dev_get(haddr->hci_dev))) {
			err = -ENODEV;
			goto done;
		}

		atomic_inc(&hdev->promisc);
	}

	hci_pi(sk)->hdev = hdev;
	sk->sk_state = BT_BOUND;

done:
	release_sock(sk);
	return err;
}

static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
{
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
	struct sock *sk = sock->sk;

	BT_DBG("sock %p sk %p", sock, sk);

	lock_sock(sk);

	*addr_len = sizeof(*haddr);
	haddr->hci_family = AF_BLUETOOTH;
	haddr->hci_dev    = hci_pi(sk)->hdev->id;

	release_sock(sk);
	return 0;
}

static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
{
	__u32 mask = hci_pi(sk)->cmsg_mask;

	if (mask & HCI_CMSG_DIR) {
		int incoming = bt_cb(skb)->incoming;
		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	}

	if (mask & HCI_CMSG_TSTAMP) {
		struct timeval tv;

		skb_get_timestamp(skb, &tv);
		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(tv), &tv);
	}
}
 
static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 
				struct msghdr *msg, size_t len, int flags)
{
	int noblock = flags & MSG_DONTWAIT;
	struct sock *sk = sock->sk;
	struct sk_buff *skb;
	int copied, err;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (flags & (MSG_OOB))
		return -EOPNOTSUPP;

	if (sk->sk_state == BT_CLOSED)
		return 0;

	if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
		return err;

	msg->msg_namelen = 0;

	copied = skb->len;
	if (len < copied) {
		msg->msg_flags |= MSG_TRUNC;
		copied = len;
	}

	skb->h.raw = skb->data;
	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);

	hci_sock_cmsg(sk, msg, skb);

	skb_free_datagram(sk, skb);

	return err ? : copied;
}

static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 
			    struct msghdr *msg, size_t len)
{
	struct sock *sk = sock->sk;
	struct hci_dev *hdev;
	struct sk_buff *skb;
	int err;

	BT_DBG("sock %p sk %p", sock, sk);

	if (msg->msg_flags & MSG_OOB)
		return -EOPNOTSUPP;

	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
		return -EINVAL;

	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
		return -EINVAL;

	lock_sock(sk);

	if (!(hdev = hci_pi(sk)->hdev)) {
		err = -EBADFD;
		goto done;
	}

	if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
		goto done;

	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
		err = -EFAULT;
		goto drop;
	}

	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
	skb_pull(skb, 1);
	skb->dev = (void *) hdev;

	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
		u16 opcode = __le16_to_cpu(get_unaligned((__le16 *) skb->data));
		u16 ogf = hci_opcode_ogf(opcode);
		u16 ocf = hci_opcode_ocf(opcode);

		if (((ogf > HCI_SFLT_MAX_OGF) ||
				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
					!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
			skb_queue_tail(&hdev->raw_q, skb);
			hci_sched_tx(hdev);
		} else {
			skb_queue_tail(&hdev->cmd_q, skb);
			hci_sched_cmd(hdev);
		}
	} else {
		if (!capable(CAP_NET_RAW)) {
			err = -EPERM;
			goto drop;
		}

		skb_queue_tail(&hdev->raw_q, skb);
		hci_sched_tx(hdev);
	}

	err = len;

done:
	release_sock(sk);
	return err;

drop:
	kfree_skb(skb);
	goto done;
}

static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
{
	struct hci_ufilter uf = { .opcode = 0 };
	struct sock *sk = sock->sk;
	int err = 0, opt = 0;

	BT_DBG("sk %p, opt %d", sk, optname);

	lock_sock(sk);

	switch (optname) {
	case HCI_DATA_DIR:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
		break;

	case HCI_TIME_STAMP:
		if (get_user(opt, (int __user *)optval)) {
			err = -EFAULT;
			break;
		}

		if (opt)
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
		else
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
		break;

	case HCI_FILTER:
		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_from_user(&uf, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (!capable(CAP_NET_RAW)) {
			uf.type_mask &= hci_sec_filter.type_mask;
			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
		}

		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			f->type_mask = uf.type_mask;
			f->opcode    = uf.opcode;
			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
		}
		break; 

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
{
	struct hci_ufilter uf;
	struct sock *sk = sock->sk;
	int len, opt; 

	if (get_user(len, optlen))
		return -EFAULT;

	switch (optname) {
	case HCI_DATA_DIR:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
			opt = 1;
		else 
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_TIME_STAMP:
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
			opt = 1;
		else 
			opt = 0;

		if (put_user(opt, optval))
			return -EFAULT;
		break;

	case HCI_FILTER:
		{
			struct hci_filter *f = &hci_pi(sk)->filter;

			uf.type_mask = f->type_mask;
			uf.opcode    = f->opcode;
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
		}

		len = min_t(unsigned int, len, sizeof(uf));
		if (copy_to_user(optval, &uf, len))
			return -EFAULT;
		break;

	default:
		return -ENOPROTOOPT;
		break;
	}

	return 0;
}

static const struct proto_ops hci_sock_ops = {
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= hci_sock_release,
	.bind		= hci_sock_bind,
	.getname	= hci_sock_getname,
	.sendmsg	= hci_sock_sendmsg,
	.recvmsg	= hci_sock_recvmsg,
	.ioctl		= hci_sock_ioctl,
	.poll		= datagram_poll,
	.listen		= sock_no_listen,
	.shutdown	= sock_no_shutdown,
	.setsockopt	= hci_sock_setsockopt,
	.getsockopt	= hci_sock_getsockopt,
	.connect	= sock_no_connect,
	.socketpair	= sock_no_socketpair,
	.accept		= sock_no_accept,
	.mmap		= sock_no_mmap
};

static struct proto hci_sk_proto = {
	.name		= "HCI",
	.owner		= THIS_MODULE,
	.obj_size	= sizeof(struct hci_pinfo)
};

static int hci_sock_create(struct socket *sock, int protocol)
{
	struct sock *sk;

	BT_DBG("sock %p", sock);

	if (sock->type != SOCK_RAW)
		return -ESOCKTNOSUPPORT;

	sock->ops = &hci_sock_ops;

	sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
	if (!sk)
		return -ENOMEM;

	sock_init_data(sock, sk);

	sock_reset_flag(sk, SOCK_ZAPPED);

	sk->sk_protocol = protocol;

	sock->state = SS_UNCONNECTED;
	sk->sk_state = BT_OPEN;

	bt_sock_link(&hci_sk_list, sk);
	return 0;
}

static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
{
	struct hci_dev *hdev = (struct hci_dev *) ptr;
	struct hci_ev_si_device ev;

	BT_DBG("hdev %s event %ld", hdev->name, event);

	/* Send event to sockets */
	ev.event  = event;
	ev.dev_id = hdev->id;
	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);

	if (event == HCI_DEV_UNREG) {
		struct sock *sk;
		struct hlist_node *node;

		/* Detach sockets from device */
		read_lock(&hci_sk_list.lock);
		sk_for_each(sk, node, &hci_sk_list.head) {
			bh_lock_sock(sk);
			if (hci_pi(sk)->hdev == hdev) {
				hci_pi(sk)->hdev = NULL;
				sk->sk_err = EPIPE;
				sk->sk_state = BT_OPEN;
				sk->sk_state_change(sk);

				hci_dev_put(hdev);
			}
			bh_unlock_sock(sk);
		}
		read_unlock(&hci_sk_list.lock);
	}

	return NOTIFY_DONE;
}

static struct net_proto_family hci_sock_family_ops = {
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= hci_sock_create,
};

static struct notifier_block hci_sock_nblock = {
	.notifier_call = hci_sock_dev_event
};

int __init hci_sock_init(void)
{
	int err;

	err = proto_register(&hci_sk_proto, 0);
	if (err < 0)
		return err;

	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
	if (err < 0)
		goto error;

	hci_register_notifier(&hci_sock_nblock);

	BT_INFO("HCI socket layer initialized");

	return 0;

error:
	BT_ERR("HCI socket registration failed");
	proto_unregister(&hci_sk_proto);
	return err;
}

int __exit hci_sock_cleanup(void)
{
	if (bt_sock_unregister(BTPROTO_HCI) < 0)
		BT_ERR("HCI socket unregistration failed");

	hci_unregister_notifier(&hci_sock_nblock);

	proto_unregister(&hci_sk_proto);

	return 0;
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4
	5	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	6
	7	This program is free software; you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License version 2 as
	9	published by the Free Software Foundation;
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	12	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	14	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	15	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	16	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	17	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	18	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	19
	20	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	21	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	22	SOFTWARE IS DISCLAIMED.
	23	*/
	24
	25	/* Bluetooth HCI sockets. */
	26
	27	#include <linux/config.h>
	28	#include <linux/module.h>
	29
	30	#include <linux/types.h>
4fc268d2	31	#include <linux/capability.h>
1da177e4 LT	32	#include <linux/errno.h>
1da177e4 LT	33	#include <linux/kernel.h>
1da177e4 LT	34	#include <linux/sched.h>
	35	#include <linux/slab.h>
	36	#include <linux/poll.h>
	37	#include <linux/fcntl.h>
	38	#include <linux/init.h>
	39	#include <linux/skbuff.h>
	40	#include <linux/workqueue.h>
	41	#include <linux/interrupt.h>
	42	#include <linux/socket.h>
	43	#include <linux/ioctl.h>
	44	#include <net/sock.h>
	45
	46	#include <asm/system.h>
	47	#include <asm/uaccess.h>
	48	#include <asm/unaligned.h>
	49
	50	#include <net/bluetooth/bluetooth.h>
	51	#include <net/bluetooth/hci_core.h>
	52
	53	#ifndef CONFIG_BT_HCI_SOCK_DEBUG
	54	#undef BT_DBG
	55	#define BT_DBG(D...)
	56	#endif
	57
	58	/* ----- HCI socket interface ----- */
	59
	60	static inline int hci_test_bit(int nr, void *addr)
	61	{
	62	return ((__u32 ) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
	63	}
	64
	65	/* Security filter */
	66	static struct hci_sec_filter hci_sec_filter = {
	67	/* Packet types */
	68	0x10,
	69	/* Events */
dd7f5527	70	{ 0x1000d9fe, 0x0000b00c },
1da177e4 LT	71	/* Commands */
	72	{
	73	{ 0x0 },
	74	/* OGF_LINK_CTL */
dd7f5527	75	{ 0xbe000006, 0x00000001, 0x000000, 0x00 },
1da177e4	76	/* OGF_LINK_POLICY */
dd7f5527	77	{ 0x00005200, 0x00000000, 0x000000, 0x00 },
1da177e4	78	/* OGF_HOST_CTL */
dd7f5527	79	{ 0xaab00200, 0x2b402aaa, 0x020154, 0x00 },
1da177e4	80	/* OGF_INFO_PARAM */
dd7f5527	81	{ 0x000002be, 0x00000000, 0x000000, 0x00 },
1da177e4	82	/* OGF_STATUS_PARAM */
dd7f5527	83	{ 0x000000ea, 0x00000000, 0x000000, 0x00 }
1da177e4 LT	84	}
	85	};
	86
	87	static struct bt_sock_list hci_sk_list = {
	88	.lock = RW_LOCK_UNLOCKED
	89	};
	90
	91	/* Send frame to RAW socket */
	92	void hci_send_to_sock(struct hci_dev hdev, struct sk_buff skb)
	93	{
	94	struct sock *sk;
	95	struct hlist_node *node;
	96
	97	BT_DBG("hdev %p len %d", hdev, skb->len);
	98
	99	read_lock(&hci_sk_list.lock);
	100	sk_for_each(sk, node, &hci_sk_list.head) {
	101	struct hci_filter *flt;
	102	struct sk_buff *nskb;
	103
	104	if (sk->sk_state != BT_BOUND \|\| hci_pi(sk)->hdev != hdev)
	105	continue;
	106
	107	/* Don't send frame to the socket it came from */
	108	if (skb->sk == sk)
	109	continue;
	110
	111	/* Apply filter */
	112	flt = &hci_pi(sk)->filter;
	113
0d48d939 MH	114	if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
0d48d939 MH	115	0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
1da177e4 LT	116	continue;
1da177e4 LT	117
0d48d939	118	if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
1da177e4 LT	119	register int evt = ((__u8 )skb->data & HCI_FLT_EVENT_BITS);
	120
	121	if (!hci_test_bit(evt, &flt->event_mask))
	122	continue;
	123
	124	if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
	125	flt->opcode != (__u16 )(skb->data + 3)) \|\|
	126	(evt == HCI_EV_CMD_STATUS &&
	127	flt->opcode != (__u16 )(skb->data + 4))))
	128	continue;
	129	}
	130
	131	if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
	132	continue;
	133
	134	/* Put type byte before the data */
0d48d939	135	memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
1da177e4 LT	136
	137	if (sock_queue_rcv_skb(sk, nskb))
	138	kfree_skb(nskb);
	139	}
	140	read_unlock(&hci_sk_list.lock);
	141	}
	142
	143	static int hci_sock_release(struct socket *sock)
	144	{
	145	struct sock *sk = sock->sk;
	146	struct hci_dev *hdev = hci_pi(sk)->hdev;
	147
	148	BT_DBG("sock %p sk %p", sock, sk);
	149
	150	if (!sk)
	151	return 0;
	152
	153	bt_sock_unlink(&hci_sk_list, sk);
	154
	155	if (hdev) {
	156	atomic_dec(&hdev->promisc);
	157	hci_dev_put(hdev);
	158	}
	159
	160	sock_orphan(sk);
	161
	162	skb_queue_purge(&sk->sk_receive_queue);
	163	skb_queue_purge(&sk->sk_write_queue);
	164
	165	sock_put(sk);
	166	return 0;
	167	}
	168
	169	/* Ioctls that require bound socket */
	170	static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
	171	{
	172	struct hci_dev *hdev = hci_pi(sk)->hdev;
	173
	174	if (!hdev)
	175	return -EBADFD;
	176
	177	switch (cmd) {
	178	case HCISETRAW:
	179	if (!capable(CAP_NET_ADMIN))
	180	return -EACCES;
	181
	182	if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
	183	return -EPERM;
	184
	185	if (arg)
	186	set_bit(HCI_RAW, &hdev->flags);
	187	else
	188	clear_bit(HCI_RAW, &hdev->flags);
	189
	190	return 0;
	191
	192	case HCISETSECMGR:
	193	if (!capable(CAP_NET_ADMIN))
	194	return -EACCES;
	195
	196	if (arg)
	197	set_bit(HCI_SECMGR, &hdev->flags);
	198	else
	199	clear_bit(HCI_SECMGR, &hdev->flags);
200
201	return 0;
202
203	case HCIGETCONNINFO:
204	return hci_get_conn_info(hdev, (void __user *)arg);
205
206	default:
207	if (hdev->ioctl)
208	return hdev->ioctl(hdev, cmd, arg);
209	return -EINVAL;
210	}
211	}
212
213	static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
214	{
215	struct sock *sk = sock->sk;
216	void __user argp = (void __user )arg;
217	int err;
218
219	BT_DBG("cmd %x arg %lx", cmd, arg);
220
221	switch (cmd) {
222	case HCIGETDEVLIST:
223	return hci_get_dev_list(argp);
224
225	case HCIGETDEVINFO:
226	return hci_get_dev_info(argp);
227
228	case HCIGETCONNLIST:
229	return hci_get_conn_list(argp);
230
231	case HCIDEVUP:
232	if (!capable(CAP_NET_ADMIN))
233	return -EACCES;
234	return hci_dev_open(arg);
235
236	case HCIDEVDOWN:
237	if (!capable(CAP_NET_ADMIN))
238	return -EACCES;
239	return hci_dev_close(arg);
240
241	case HCIDEVRESET:
242	if (!capable(CAP_NET_ADMIN))
243	return -EACCES;
244	return hci_dev_reset(arg);
245
246	case HCIDEVRESTAT:
247	if (!capable(CAP_NET_ADMIN))
248	return -EACCES;
249	return hci_dev_reset_stat(arg);
250
251	case HCISETSCAN:
252	case HCISETAUTH:
253	case HCISETENCRYPT:
254	case HCISETPTYPE:
255	case HCISETLINKPOL:
256	case HCISETLINKMODE:
257	case HCISETACLMTU:
258	case HCISETSCOMTU:
259	if (!capable(CAP_NET_ADMIN))
260	return -EACCES;
261	return hci_dev_cmd(cmd, argp);
262
263	case HCIINQUIRY:
264	return hci_inquiry(argp);
265
266	default:
267	lock_sock(sk);
268	err = hci_sock_bound_ioctl(sk, cmd, arg);
269	release_sock(sk);
270	return err;
271	}
272	}
273
274	static int hci_sock_bind(struct socket sock, struct sockaddr addr, int addr_len)
275	{
276	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
277	struct sock *sk = sock->sk;
278	struct hci_dev *hdev = NULL;
279	int err = 0;
280
281	BT_DBG("sock %p sk %p", sock, sk);
282
283	if (!haddr \|\| haddr->hci_family != AF_BLUETOOTH)
284	return -EINVAL;
285
286	lock_sock(sk);
287
288	if (hci_pi(sk)->hdev) {
289	err = -EALREADY;
290	goto done;
291	}
292
293	if (haddr->hci_dev != HCI_DEV_NONE) {
294	if (!(hdev = hci_dev_get(haddr->hci_dev))) {
295	err = -ENODEV;
296	goto done;
297	}
298
299	atomic_inc(&hdev->promisc);
300	}
301
302	hci_pi(sk)->hdev = hdev;
303	sk->sk_state = BT_BOUND;
304
305	done:
306	release_sock(sk);
307	return err;
308	}
309
310	static int hci_sock_getname(struct socket sock, struct sockaddr addr, int *addr_len, int peer)
311	{
312	struct sockaddr_hci haddr = (struct sockaddr_hci ) addr;
313	struct sock *sk = sock->sk;
314
315	BT_DBG("sock %p sk %p", sock, sk);
316
317	lock_sock(sk);
318
319	addr_len = sizeof(haddr);
320	haddr->hci_family = AF_BLUETOOTH;
321	haddr->hci_dev = hci_pi(sk)->hdev->id;
322
323	release_sock(sk);
324	return 0;
325	}
326
327	static inline void hci_sock_cmsg(struct sock sk, struct msghdr msg, struct sk_buff *skb)
328	{
329	__u32 mask = hci_pi(sk)->cmsg_mask;
330
0d48d939 MH	331	if (mask & HCI_CMSG_DIR) {
	332	int incoming = bt_cb(skb)->incoming;
	333	put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
	334	}
1da177e4	335
a61bbcf2 PM	336	if (mask & HCI_CMSG_TSTAMP) {
	337	struct timeval tv;
	338
	339	skb_get_timestamp(skb, &tv);
	340	put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(tv), &tv);
	341	}
1da177e4 LT	342	}
	343
	344	static int hci_sock_recvmsg(struct kiocb iocb, struct socket sock,
	345	struct msghdr *msg, size_t len, int flags)
	346	{
	347	int noblock = flags & MSG_DONTWAIT;
	348	struct sock *sk = sock->sk;
	349	struct sk_buff *skb;
	350	int copied, err;
	351
	352	BT_DBG("sock %p, sk %p", sock, sk);
	353
	354	if (flags & (MSG_OOB))
	355	return -EOPNOTSUPP;
	356
	357	if (sk->sk_state == BT_CLOSED)
	358	return 0;
	359
	360	if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
	361	return err;
	362
	363	msg->msg_namelen = 0;
	364
	365	copied = skb->len;
	366	if (len < copied) {
	367	msg->msg_flags \|= MSG_TRUNC;
	368	copied = len;
	369	}
	370
	371	skb->h.raw = skb->data;
	372	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
	373
	374	hci_sock_cmsg(sk, msg, skb);
	375
	376	skb_free_datagram(sk, skb);
	377
	378	return err ? : copied;
	379	}
	380
	381	static int hci_sock_sendmsg(struct kiocb iocb, struct socket sock,
	382	struct msghdr *msg, size_t len)
	383	{
	384	struct sock *sk = sock->sk;
	385	struct hci_dev *hdev;
	386	struct sk_buff *skb;
	387	int err;
	388
	389	BT_DBG("sock %p sk %p", sock, sk);
	390
	391	if (msg->msg_flags & MSG_OOB)
	392	return -EOPNOTSUPP;
	393
	394	if (msg->msg_flags & ~(MSG_DONTWAIT\|MSG_NOSIGNAL\|MSG_ERRQUEUE))
	395	return -EINVAL;
	396
	397	if (len < 4 \|\| len > HCI_MAX_FRAME_SIZE)
	398	return -EINVAL;
	399
	400	lock_sock(sk);
	401
	402	if (!(hdev = hci_pi(sk)->hdev)) {
	403	err = -EBADFD;
	404	goto done;
	405	}
406
407	if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
408	goto done;
409
410	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
411	err = -EFAULT;
412	goto drop;
413	}
414
0d48d939	415	bt_cb(skb)->pkt_type = ((unsigned char ) skb->data);
1da177e4 LT	416	skb_pull(skb, 1);
	417	skb->dev = (void *) hdev;
	418
0d48d939	419	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
1ebb9252	420	u16 opcode = __le16_to_cpu(get_unaligned((__le16 *) skb->data));
1da177e4 LT	421	u16 ogf = hci_opcode_ogf(opcode);
	422	u16 ocf = hci_opcode_ocf(opcode);
	423
	424	if (((ogf > HCI_SFLT_MAX_OGF) \|\|
	425	!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
	426	!capable(CAP_NET_RAW)) {
	427	err = -EPERM;
	428	goto drop;
	429	}
	430
	431	if (test_bit(HCI_RAW, &hdev->flags) \|\| (ogf == OGF_VENDOR_CMD)) {
	432	skb_queue_tail(&hdev->raw_q, skb);
	433	hci_sched_tx(hdev);
	434	} else {
	435	skb_queue_tail(&hdev->cmd_q, skb);
	436	hci_sched_cmd(hdev);
	437	}
	438	} else {
	439	if (!capable(CAP_NET_RAW)) {
	440	err = -EPERM;
	441	goto drop;
	442	}
	443
	444	skb_queue_tail(&hdev->raw_q, skb);
	445	hci_sched_tx(hdev);
	446	}
	447
	448	err = len;
	449
	450	done:
	451	release_sock(sk);
	452	return err;
	453
	454	drop:
	455	kfree_skb(skb);
	456	goto done;
	457	}
	458
	459	static int hci_sock_setsockopt(struct socket sock, int level, int optname, char __user optval, int len)
	460	{
	461	struct hci_ufilter uf = { .opcode = 0 };
	462	struct sock *sk = sock->sk;
	463	int err = 0, opt = 0;
	464
	465	BT_DBG("sk %p, opt %d", sk, optname);
	466
	467	lock_sock(sk);
	468
	469	switch (optname) {
	470	case HCI_DATA_DIR:
	471	if (get_user(opt, (int __user *)optval)) {
	472	err = -EFAULT;
	473	break;
	474	}
	475
	476	if (opt)
	477	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_DIR;
	478	else
	479	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
	480	break;
	481
	482	case HCI_TIME_STAMP:
	483	if (get_user(opt, (int __user *)optval)) {
	484	err = -EFAULT;
485	break;
486	}
487
488	if (opt)
489	hci_pi(sk)->cmsg_mask \|= HCI_CMSG_TSTAMP;
490	else
491	hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
492	break;
493
494	case HCI_FILTER:
495	len = min_t(unsigned int, len, sizeof(uf));
496	if (copy_from_user(&uf, optval, len)) {
497	err = -EFAULT;
498	break;
499	}
500
501	if (!capable(CAP_NET_RAW)) {
502	uf.type_mask &= hci_sec_filter.type_mask;
503	uf.event_mask[0] &= ((u32 ) hci_sec_filter.event_mask + 0);
504	uf.event_mask[1] &= ((u32 ) hci_sec_filter.event_mask + 1);
505	}
506
507	{
508	struct hci_filter *f = &hci_pi(sk)->filter;
509
510	f->type_mask = uf.type_mask;
511	f->opcode = uf.opcode;
512	((u32 ) f->event_mask + 0) = uf.event_mask[0];
513	((u32 ) f->event_mask + 1) = uf.event_mask[1];
514	}
515	break;
516
517	default:
518	err = -ENOPROTOOPT;
519	break;
520	}
521
522	release_sock(sk);
523	return err;
524	}
525
526	static int hci_sock_getsockopt(struct socket sock, int level, int optname, char __user optval, int __user *optlen)
527	{
528	struct hci_ufilter uf;
529	struct sock *sk = sock->sk;
530	int len, opt;
531
532	if (get_user(len, optlen))
533	return -EFAULT;
534
535	switch (optname) {
536	case HCI_DATA_DIR:
537	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
538	opt = 1;
539	else
540	opt = 0;
541
542	if (put_user(opt, optval))
543	return -EFAULT;
544	break;
545
546	case HCI_TIME_STAMP:
547	if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
548	opt = 1;
549	else
550	opt = 0;
551
552	if (put_user(opt, optval))
553	return -EFAULT;
554	break;
555
556	case HCI_FILTER:
557	{
558	struct hci_filter *f = &hci_pi(sk)->filter;
559
560	uf.type_mask = f->type_mask;
561	uf.opcode = f->opcode;
562	uf.event_mask[0] = ((u32 ) f->event_mask + 0);
563	uf.event_mask[1] = ((u32 ) f->event_mask + 1);
564	}
565
566	len = min_t(unsigned int, len, sizeof(uf));
567	if (copy_to_user(optval, &uf, len))
568	return -EFAULT;
569	break;
570
571	default:
572	return -ENOPROTOOPT;
573	break;
574	}
575
576	return 0;
577	}
578
90ddc4f0	579	static const struct proto_ops hci_sock_ops = {
1da177e4 LT	580	.family = PF_BLUETOOTH,
	581	.owner = THIS_MODULE,
	582	.release = hci_sock_release,
	583	.bind = hci_sock_bind,
	584	.getname = hci_sock_getname,
	585	.sendmsg = hci_sock_sendmsg,
	586	.recvmsg = hci_sock_recvmsg,
	587	.ioctl = hci_sock_ioctl,
	588	.poll = datagram_poll,
	589	.listen = sock_no_listen,
	590	.shutdown = sock_no_shutdown,
	591	.setsockopt = hci_sock_setsockopt,
	592	.getsockopt = hci_sock_getsockopt,
	593	.connect = sock_no_connect,
	594	.socketpair = sock_no_socketpair,
	595	.accept = sock_no_accept,
	596	.mmap = sock_no_mmap
	597	};
	598
	599	static struct proto hci_sk_proto = {
	600	.name = "HCI",
	601	.owner = THIS_MODULE,
	602	.obj_size = sizeof(struct hci_pinfo)
	603	};
	604
	605	static int hci_sock_create(struct socket *sock, int protocol)
	606	{
	607	struct sock *sk;
	608
	609	BT_DBG("sock %p", sock);
	610
	611	if (sock->type != SOCK_RAW)
	612	return -ESOCKTNOSUPPORT;
	613
	614	sock->ops = &hci_sock_ops;
	615
	616	sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
	617	if (!sk)
	618	return -ENOMEM;
	619
	620	sock_init_data(sock, sk);
	621
	622	sock_reset_flag(sk, SOCK_ZAPPED);
	623
	624	sk->sk_protocol = protocol;
	625
	626	sock->state = SS_UNCONNECTED;
	627	sk->sk_state = BT_OPEN;
	628
	629	bt_sock_link(&hci_sk_list, sk);
	630	return 0;
	631	}
	632
	633	static int hci_sock_dev_event(struct notifier_block this, unsigned long event, void ptr)
	634	{
	635	struct hci_dev hdev = (struct hci_dev ) ptr;
	636	struct hci_ev_si_device ev;
	637
	638	BT_DBG("hdev %s event %ld", hdev->name, event);
	639
	640	/* Send event to sockets */
	641	ev.event = event;
	642	ev.dev_id = hdev->id;
	643	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
644
645	if (event == HCI_DEV_UNREG) {
646	struct sock *sk;
647	struct hlist_node *node;
648
649	/* Detach sockets from device */
650	read_lock(&hci_sk_list.lock);
651	sk_for_each(sk, node, &hci_sk_list.head) {
652	bh_lock_sock(sk);
653	if (hci_pi(sk)->hdev == hdev) {
654	hci_pi(sk)->hdev = NULL;
655	sk->sk_err = EPIPE;
656	sk->sk_state = BT_OPEN;
657	sk->sk_state_change(sk);
658
659	hci_dev_put(hdev);
660	}
661	bh_unlock_sock(sk);
662	}
663	read_unlock(&hci_sk_list.lock);
664	}
665
666	return NOTIFY_DONE;
667	}
668
669	static struct net_proto_family hci_sock_family_ops = {
670	.family = PF_BLUETOOTH,
671	.owner = THIS_MODULE,
672	.create = hci_sock_create,
673	};
674
675	static struct notifier_block hci_sock_nblock = {
676	.notifier_call = hci_sock_dev_event
677	};
678
679	int __init hci_sock_init(void)
680	{
681	int err;
682
683	err = proto_register(&hci_sk_proto, 0);
684	if (err < 0)
685	return err;
686
687	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
688	if (err < 0)
689	goto error;
690
691	hci_register_notifier(&hci_sock_nblock);
692
693	BT_INFO("HCI socket layer initialized");
694
695	return 0;
696
697	error:
698	BT_ERR("HCI socket registration failed");
699	proto_unregister(&hci_sk_proto);
700	return err;
701	}
702
703	int __exit hci_sock_cleanup(void)
704	{
705	if (bt_sock_unregister(BTPROTO_HCI) < 0)
706	BT_ERR("HCI socket unregistration failed");
707
708	hci_unregister_notifier(&hci_sock_nblock);
709
710	proto_unregister(&hci_sk_proto);
711
712	return 0;
713	}