2
BlueZ - Bluetooth protocol stack for Linux
3
Copyright (C) 2000-2001 Qualcomm Incorporated
5
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
This program is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License version 2 as
9
published by the Free Software Foundation;
11
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22
SOFTWARE IS DISCLAIMED.
25
/* Bluetooth HCI sockets. */
27
#include <linux/module.h>
29
#include <linux/types.h>
30
#include <linux/capability.h>
31
#include <linux/errno.h>
32
#include <linux/kernel.h>
33
#include <linux/slab.h>
34
#include <linux/poll.h>
35
#include <linux/fcntl.h>
36
#include <linux/init.h>
37
#include <linux/skbuff.h>
38
#include <linux/workqueue.h>
39
#include <linux/interrupt.h>
40
#include <linux/compat.h>
41
#include <linux/socket.h>
42
#include <linux/ioctl.h>
45
#include <asm/system.h>
46
#include <linux/uaccess.h>
47
#include <asm/unaligned.h>
49
#include <net/bluetooth/bluetooth.h>
50
#include <net/bluetooth/hci_core.h>
52
static int enable_mgmt;
54
/* ----- HCI socket interface ----- */
56
static inline int hci_test_bit(int nr, void *addr)
58
return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
62
static struct hci_sec_filter hci_sec_filter = {
66
{ 0x1000d9fe, 0x0000b00c },
71
{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
73
{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
75
{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
77
{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
78
/* OGF_STATUS_PARAM */
79
{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
83
static struct bt_sock_list hci_sk_list = {
84
.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
87
/* Send frame to RAW socket */
88
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
92
struct hlist_node *node;
94
BT_DBG("hdev %p len %d", hdev, skb->len);
96
read_lock(&hci_sk_list.lock);
97
sk_for_each(sk, node, &hci_sk_list.head) {
98
struct hci_filter *flt;
104
if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
107
/* Don't send frame to the socket it came from */
111
if (bt_cb(skb)->channel != hci_pi(sk)->channel)
114
if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
118
flt = &hci_pi(sk)->filter;
120
if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
121
0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
124
if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
125
register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
127
if (!hci_test_bit(evt, &flt->event_mask))
131
((evt == HCI_EV_CMD_COMPLETE &&
133
get_unaligned((__le16 *)(skb->data + 3))) ||
134
(evt == HCI_EV_CMD_STATUS &&
136
get_unaligned((__le16 *)(skb->data + 4)))))
141
nskb = skb_clone(skb, GFP_ATOMIC);
145
/* Put type byte before the data */
146
if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
147
memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
149
if (sock_queue_rcv_skb(sk, nskb))
152
read_unlock(&hci_sk_list.lock);
155
static int hci_sock_release(struct socket *sock)
157
struct sock *sk = sock->sk;
158
struct hci_dev *hdev;
160
BT_DBG("sock %p sk %p", sock, sk);
165
hdev = hci_pi(sk)->hdev;
167
bt_sock_unlink(&hci_sk_list, sk);
170
atomic_dec(&hdev->promisc);
176
skb_queue_purge(&sk->sk_receive_queue);
177
skb_queue_purge(&sk->sk_write_queue);
183
static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
188
if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
191
hci_dev_lock_bh(hdev);
193
err = hci_blacklist_add(hdev, &bdaddr);
195
hci_dev_unlock_bh(hdev);
200
static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
205
if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
208
hci_dev_lock_bh(hdev);
210
err = hci_blacklist_del(hdev, &bdaddr);
212
hci_dev_unlock_bh(hdev);
217
/* Ioctls that require bound socket */
218
static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
220
struct hci_dev *hdev = hci_pi(sk)->hdev;
227
if (!capable(CAP_NET_ADMIN))
230
if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
234
set_bit(HCI_RAW, &hdev->flags);
236
clear_bit(HCI_RAW, &hdev->flags);
241
return hci_get_conn_info(hdev, (void __user *) arg);
244
return hci_get_auth_info(hdev, (void __user *) arg);
247
if (!capable(CAP_NET_ADMIN))
249
return hci_sock_blacklist_add(hdev, (void __user *) arg);
252
if (!capable(CAP_NET_ADMIN))
254
return hci_sock_blacklist_del(hdev, (void __user *) arg);
258
return hdev->ioctl(hdev, cmd, arg);
263
static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
265
struct sock *sk = sock->sk;
266
void __user *argp = (void __user *) arg;
269
BT_DBG("cmd %x arg %lx", cmd, arg);
273
return hci_get_dev_list(argp);
276
return hci_get_dev_info(argp);
279
return hci_get_conn_list(argp);
282
if (!capable(CAP_NET_ADMIN))
284
return hci_dev_open(arg);
287
if (!capable(CAP_NET_ADMIN))
289
return hci_dev_close(arg);
292
if (!capable(CAP_NET_ADMIN))
294
return hci_dev_reset(arg);
297
if (!capable(CAP_NET_ADMIN))
299
return hci_dev_reset_stat(arg);
309
if (!capable(CAP_NET_ADMIN))
311
return hci_dev_cmd(cmd, argp);
314
return hci_inquiry(argp);
318
err = hci_sock_bound_ioctl(sk, cmd, arg);
324
static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
326
struct sockaddr_hci haddr;
327
struct sock *sk = sock->sk;
328
struct hci_dev *hdev = NULL;
331
BT_DBG("sock %p sk %p", sock, sk);
336
memset(&haddr, 0, sizeof(haddr));
337
len = min_t(unsigned int, sizeof(haddr), addr_len);
338
memcpy(&haddr, addr, len);
340
if (haddr.hci_family != AF_BLUETOOTH)
343
if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
346
if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
351
if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) {
356
if (haddr.hci_dev != HCI_DEV_NONE) {
357
hdev = hci_dev_get(haddr.hci_dev);
363
atomic_inc(&hdev->promisc);
366
hci_pi(sk)->channel = haddr.hci_channel;
367
hci_pi(sk)->hdev = hdev;
368
sk->sk_state = BT_BOUND;
375
static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
377
struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
378
struct sock *sk = sock->sk;
379
struct hci_dev *hdev = hci_pi(sk)->hdev;
381
BT_DBG("sock %p sk %p", sock, sk);
388
*addr_len = sizeof(*haddr);
389
haddr->hci_family = AF_BLUETOOTH;
390
haddr->hci_dev = hdev->id;
396
static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
398
__u32 mask = hci_pi(sk)->cmsg_mask;
400
if (mask & HCI_CMSG_DIR) {
401
int incoming = bt_cb(skb)->incoming;
402
put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
405
if (mask & HCI_CMSG_TSTAMP) {
407
struct compat_timeval ctv;
413
skb_get_timestamp(skb, &tv);
418
if (msg->msg_flags & MSG_CMSG_COMPAT) {
419
ctv.tv_sec = tv.tv_sec;
420
ctv.tv_usec = tv.tv_usec;
426
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
430
static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
431
struct msghdr *msg, size_t len, int flags)
433
int noblock = flags & MSG_DONTWAIT;
434
struct sock *sk = sock->sk;
438
BT_DBG("sock %p, sk %p", sock, sk);
440
if (flags & (MSG_OOB))
443
if (sk->sk_state == BT_CLOSED)
446
skb = skb_recv_datagram(sk, flags, noblock, &err);
450
msg->msg_namelen = 0;
454
msg->msg_flags |= MSG_TRUNC;
458
skb_reset_transport_header(skb);
459
err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
461
hci_sock_cmsg(sk, msg, skb);
463
skb_free_datagram(sk, skb);
465
return err ? : copied;
468
static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
469
struct msghdr *msg, size_t len)
471
struct sock *sk = sock->sk;
472
struct hci_dev *hdev;
476
BT_DBG("sock %p sk %p", sock, sk);
478
if (msg->msg_flags & MSG_OOB)
481
if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
484
if (len < 4 || len > HCI_MAX_FRAME_SIZE)
489
switch (hci_pi(sk)->channel) {
490
case HCI_CHANNEL_RAW:
492
case HCI_CHANNEL_CONTROL:
493
err = mgmt_control(sk, msg, len);
500
hdev = hci_pi(sk)->hdev;
506
if (!test_bit(HCI_UP, &hdev->flags)) {
511
skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
515
if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
520
bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
522
skb->dev = (void *) hdev;
524
if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
525
u16 opcode = get_unaligned_le16(skb->data);
526
u16 ogf = hci_opcode_ogf(opcode);
527
u16 ocf = hci_opcode_ocf(opcode);
529
if (((ogf > HCI_SFLT_MAX_OGF) ||
530
!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
531
!capable(CAP_NET_RAW)) {
536
if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
537
skb_queue_tail(&hdev->raw_q, skb);
538
tasklet_schedule(&hdev->tx_task);
540
skb_queue_tail(&hdev->cmd_q, skb);
541
tasklet_schedule(&hdev->cmd_task);
544
if (!capable(CAP_NET_RAW)) {
549
skb_queue_tail(&hdev->raw_q, skb);
550
tasklet_schedule(&hdev->tx_task);
564
static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
566
struct hci_ufilter uf = { .opcode = 0 };
567
struct sock *sk = sock->sk;
568
int err = 0, opt = 0;
570
BT_DBG("sk %p, opt %d", sk, optname);
576
if (get_user(opt, (int __user *)optval)) {
582
hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
584
hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
588
if (get_user(opt, (int __user *)optval)) {
594
hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
596
hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
601
struct hci_filter *f = &hci_pi(sk)->filter;
603
uf.type_mask = f->type_mask;
604
uf.opcode = f->opcode;
605
uf.event_mask[0] = *((u32 *) f->event_mask + 0);
606
uf.event_mask[1] = *((u32 *) f->event_mask + 1);
609
len = min_t(unsigned int, len, sizeof(uf));
610
if (copy_from_user(&uf, optval, len)) {
615
if (!capable(CAP_NET_RAW)) {
616
uf.type_mask &= hci_sec_filter.type_mask;
617
uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
618
uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
622
struct hci_filter *f = &hci_pi(sk)->filter;
624
f->type_mask = uf.type_mask;
625
f->opcode = uf.opcode;
626
*((u32 *) f->event_mask + 0) = uf.event_mask[0];
627
*((u32 *) f->event_mask + 1) = uf.event_mask[1];
640
static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
642
struct hci_ufilter uf;
643
struct sock *sk = sock->sk;
646
if (get_user(len, optlen))
651
if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
656
if (put_user(opt, optval))
661
if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
666
if (put_user(opt, optval))
672
struct hci_filter *f = &hci_pi(sk)->filter;
674
uf.type_mask = f->type_mask;
675
uf.opcode = f->opcode;
676
uf.event_mask[0] = *((u32 *) f->event_mask + 0);
677
uf.event_mask[1] = *((u32 *) f->event_mask + 1);
680
len = min_t(unsigned int, len, sizeof(uf));
681
if (copy_to_user(optval, &uf, len))
693
static const struct proto_ops hci_sock_ops = {
694
.family = PF_BLUETOOTH,
695
.owner = THIS_MODULE,
696
.release = hci_sock_release,
697
.bind = hci_sock_bind,
698
.getname = hci_sock_getname,
699
.sendmsg = hci_sock_sendmsg,
700
.recvmsg = hci_sock_recvmsg,
701
.ioctl = hci_sock_ioctl,
702
.poll = datagram_poll,
703
.listen = sock_no_listen,
704
.shutdown = sock_no_shutdown,
705
.setsockopt = hci_sock_setsockopt,
706
.getsockopt = hci_sock_getsockopt,
707
.connect = sock_no_connect,
708
.socketpair = sock_no_socketpair,
709
.accept = sock_no_accept,
713
static struct proto hci_sk_proto = {
715
.owner = THIS_MODULE,
716
.obj_size = sizeof(struct hci_pinfo)
719
static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
724
BT_DBG("sock %p", sock);
726
if (sock->type != SOCK_RAW)
727
return -ESOCKTNOSUPPORT;
729
sock->ops = &hci_sock_ops;
731
sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
735
sock_init_data(sock, sk);
737
sock_reset_flag(sk, SOCK_ZAPPED);
739
sk->sk_protocol = protocol;
741
sock->state = SS_UNCONNECTED;
742
sk->sk_state = BT_OPEN;
744
bt_sock_link(&hci_sk_list, sk);
748
static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
750
struct hci_dev *hdev = (struct hci_dev *) ptr;
751
struct hci_ev_si_device ev;
753
BT_DBG("hdev %s event %ld", hdev->name, event);
755
/* Send event to sockets */
757
ev.dev_id = hdev->id;
758
hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
760
if (event == HCI_DEV_UNREG) {
762
struct hlist_node *node;
764
/* Detach sockets from device */
765
read_lock(&hci_sk_list.lock);
766
sk_for_each(sk, node, &hci_sk_list.head) {
768
bh_lock_sock_nested(sk);
769
if (hci_pi(sk)->hdev == hdev) {
770
hci_pi(sk)->hdev = NULL;
772
sk->sk_state = BT_OPEN;
773
sk->sk_state_change(sk);
780
read_unlock(&hci_sk_list.lock);
786
static const struct net_proto_family hci_sock_family_ops = {
787
.family = PF_BLUETOOTH,
788
.owner = THIS_MODULE,
789
.create = hci_sock_create,
792
static struct notifier_block hci_sock_nblock = {
793
.notifier_call = hci_sock_dev_event
796
int __init hci_sock_init(void)
800
err = proto_register(&hci_sk_proto, 0);
804
err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
808
hci_register_notifier(&hci_sock_nblock);
810
BT_INFO("HCI socket layer initialized");
815
BT_ERR("HCI socket registration failed");
816
proto_unregister(&hci_sk_proto);
820
void hci_sock_cleanup(void)
822
if (bt_sock_unregister(BTPROTO_HCI) < 0)
823
BT_ERR("HCI socket unregistration failed");
825
hci_unregister_notifier(&hci_sock_nblock);
827
proto_unregister(&hci_sk_proto);
830
module_param(enable_mgmt, bool, 0644);
831
MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");