xref: /openbmc/linux/net/bluetooth/hci_sock.c (revision 37cf4d1a)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth HCI sockets. */
26 
27 #include <linux/module.h>
28 
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/workqueue.h>
39 #include <linux/interrupt.h>
40 #include <linux/compat.h>
41 #include <linux/socket.h>
42 #include <linux/ioctl.h>
43 #include <net/sock.h>
44 
45 #include <asm/system.h>
46 #include <linux/uaccess.h>
47 #include <asm/unaligned.h>
48 
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 
52 static int enable_mgmt;
53 
54 /* ----- HCI socket interface ----- */
55 
56 static inline int hci_test_bit(int nr, void *addr)
57 {
58 	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
59 }
60 
61 /* Security filter */
62 static struct hci_sec_filter hci_sec_filter = {
63 	/* Packet types */
64 	0x10,
65 	/* Events */
66 	{ 0x1000d9fe, 0x0000b00c },
67 	/* Commands */
68 	{
69 		{ 0x0 },
70 		/* OGF_LINK_CTL */
71 		{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
72 		/* OGF_LINK_POLICY */
73 		{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
74 		/* OGF_HOST_CTL */
75 		{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
76 		/* OGF_INFO_PARAM */
77 		{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
78 		/* OGF_STATUS_PARAM */
79 		{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
80 	}
81 };
82 
83 static struct bt_sock_list hci_sk_list = {
84 	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
85 };
86 
87 /* Send frame to RAW socket */
88 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
89 							struct sock *skip_sk)
90 {
91 	struct sock *sk;
92 	struct hlist_node *node;
93 
94 	BT_DBG("hdev %p len %d", hdev, skb->len);
95 
96 	read_lock(&hci_sk_list.lock);
97 	sk_for_each(sk, node, &hci_sk_list.head) {
98 		struct hci_filter *flt;
99 		struct sk_buff *nskb;
100 
101 		if (sk == skip_sk)
102 			continue;
103 
104 		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105 			continue;
106 
107 		/* Don't send frame to the socket it came from */
108 		if (skb->sk == sk)
109 			continue;
110 
111 		if (bt_cb(skb)->channel != hci_pi(sk)->channel)
112 			continue;
113 
114 		if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
115 			goto clone;
116 
117 		/* Apply filter */
118 		flt = &hci_pi(sk)->filter;
119 
120 		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
121 				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
122 			continue;
123 
124 		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
125 			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
126 
127 			if (!hci_test_bit(evt, &flt->event_mask))
128 				continue;
129 
130 			if (flt->opcode &&
131 			    ((evt == HCI_EV_CMD_COMPLETE &&
132 			      flt->opcode !=
133 			      get_unaligned((__le16 *)(skb->data + 3))) ||
134 			     (evt == HCI_EV_CMD_STATUS &&
135 			      flt->opcode !=
136 			      get_unaligned((__le16 *)(skb->data + 4)))))
137 				continue;
138 		}
139 
140 clone:
141 		nskb = skb_clone(skb, GFP_ATOMIC);
142 		if (!nskb)
143 			continue;
144 
145 		/* Put type byte before the data */
146 		if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
147 			memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
148 
149 		if (sock_queue_rcv_skb(sk, nskb))
150 			kfree_skb(nskb);
151 	}
152 	read_unlock(&hci_sk_list.lock);
153 }
154 
155 static int hci_sock_release(struct socket *sock)
156 {
157 	struct sock *sk = sock->sk;
158 	struct hci_dev *hdev;
159 
160 	BT_DBG("sock %p sk %p", sock, sk);
161 
162 	if (!sk)
163 		return 0;
164 
165 	hdev = hci_pi(sk)->hdev;
166 
167 	bt_sock_unlink(&hci_sk_list, sk);
168 
169 	if (hdev) {
170 		atomic_dec(&hdev->promisc);
171 		hci_dev_put(hdev);
172 	}
173 
174 	sock_orphan(sk);
175 
176 	skb_queue_purge(&sk->sk_receive_queue);
177 	skb_queue_purge(&sk->sk_write_queue);
178 
179 	sock_put(sk);
180 	return 0;
181 }
182 
183 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
184 {
185 	bdaddr_t bdaddr;
186 
187 	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
188 		return -EFAULT;
189 
190 	return hci_blacklist_add(hdev, &bdaddr);
191 }
192 
193 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
194 {
195 	bdaddr_t bdaddr;
196 
197 	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
198 		return -EFAULT;
199 
200 	return hci_blacklist_del(hdev, &bdaddr);
201 }
202 
203 /* Ioctls that require bound socket */
204 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
205 {
206 	struct hci_dev *hdev = hci_pi(sk)->hdev;
207 
208 	if (!hdev)
209 		return -EBADFD;
210 
211 	switch (cmd) {
212 	case HCISETRAW:
213 		if (!capable(CAP_NET_ADMIN))
214 			return -EACCES;
215 
216 		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
217 			return -EPERM;
218 
219 		if (arg)
220 			set_bit(HCI_RAW, &hdev->flags);
221 		else
222 			clear_bit(HCI_RAW, &hdev->flags);
223 
224 		return 0;
225 
226 	case HCIGETCONNINFO:
227 		return hci_get_conn_info(hdev, (void __user *) arg);
228 
229 	case HCIGETAUTHINFO:
230 		return hci_get_auth_info(hdev, (void __user *) arg);
231 
232 	case HCIBLOCKADDR:
233 		if (!capable(CAP_NET_ADMIN))
234 			return -EACCES;
235 		return hci_sock_blacklist_add(hdev, (void __user *) arg);
236 
237 	case HCIUNBLOCKADDR:
238 		if (!capable(CAP_NET_ADMIN))
239 			return -EACCES;
240 		return hci_sock_blacklist_del(hdev, (void __user *) arg);
241 
242 	default:
243 		if (hdev->ioctl)
244 			return hdev->ioctl(hdev, cmd, arg);
245 		return -EINVAL;
246 	}
247 }
248 
249 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
250 {
251 	struct sock *sk = sock->sk;
252 	void __user *argp = (void __user *) arg;
253 	int err;
254 
255 	BT_DBG("cmd %x arg %lx", cmd, arg);
256 
257 	switch (cmd) {
258 	case HCIGETDEVLIST:
259 		return hci_get_dev_list(argp);
260 
261 	case HCIGETDEVINFO:
262 		return hci_get_dev_info(argp);
263 
264 	case HCIGETCONNLIST:
265 		return hci_get_conn_list(argp);
266 
267 	case HCIDEVUP:
268 		if (!capable(CAP_NET_ADMIN))
269 			return -EACCES;
270 		return hci_dev_open(arg);
271 
272 	case HCIDEVDOWN:
273 		if (!capable(CAP_NET_ADMIN))
274 			return -EACCES;
275 		return hci_dev_close(arg);
276 
277 	case HCIDEVRESET:
278 		if (!capable(CAP_NET_ADMIN))
279 			return -EACCES;
280 		return hci_dev_reset(arg);
281 
282 	case HCIDEVRESTAT:
283 		if (!capable(CAP_NET_ADMIN))
284 			return -EACCES;
285 		return hci_dev_reset_stat(arg);
286 
287 	case HCISETSCAN:
288 	case HCISETAUTH:
289 	case HCISETENCRYPT:
290 	case HCISETPTYPE:
291 	case HCISETLINKPOL:
292 	case HCISETLINKMODE:
293 	case HCISETACLMTU:
294 	case HCISETSCOMTU:
295 		if (!capable(CAP_NET_ADMIN))
296 			return -EACCES;
297 		return hci_dev_cmd(cmd, argp);
298 
299 	case HCIINQUIRY:
300 		return hci_inquiry(argp);
301 
302 	default:
303 		lock_sock(sk);
304 		err = hci_sock_bound_ioctl(sk, cmd, arg);
305 		release_sock(sk);
306 		return err;
307 	}
308 }
309 
310 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
311 {
312 	struct sockaddr_hci haddr;
313 	struct sock *sk = sock->sk;
314 	struct hci_dev *hdev = NULL;
315 	int len, err = 0;
316 
317 	BT_DBG("sock %p sk %p", sock, sk);
318 
319 	if (!addr)
320 		return -EINVAL;
321 
322 	memset(&haddr, 0, sizeof(haddr));
323 	len = min_t(unsigned int, sizeof(haddr), addr_len);
324 	memcpy(&haddr, addr, len);
325 
326 	if (haddr.hci_family != AF_BLUETOOTH)
327 		return -EINVAL;
328 
329 	if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
330 		return -EINVAL;
331 
332 	if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
333 		return -EINVAL;
334 
335 	lock_sock(sk);
336 
337 	if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) {
338 		err = -EALREADY;
339 		goto done;
340 	}
341 
342 	if (haddr.hci_dev != HCI_DEV_NONE) {
343 		hdev = hci_dev_get(haddr.hci_dev);
344 		if (!hdev) {
345 			err = -ENODEV;
346 			goto done;
347 		}
348 
349 		atomic_inc(&hdev->promisc);
350 	}
351 
352 	hci_pi(sk)->channel = haddr.hci_channel;
353 	hci_pi(sk)->hdev = hdev;
354 	sk->sk_state = BT_BOUND;
355 
356 done:
357 	release_sock(sk);
358 	return err;
359 }
360 
361 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
362 {
363 	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
364 	struct sock *sk = sock->sk;
365 	struct hci_dev *hdev = hci_pi(sk)->hdev;
366 
367 	BT_DBG("sock %p sk %p", sock, sk);
368 
369 	if (!hdev)
370 		return -EBADFD;
371 
372 	lock_sock(sk);
373 
374 	*addr_len = sizeof(*haddr);
375 	haddr->hci_family = AF_BLUETOOTH;
376 	haddr->hci_dev    = hdev->id;
377 
378 	release_sock(sk);
379 	return 0;
380 }
381 
382 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
383 {
384 	__u32 mask = hci_pi(sk)->cmsg_mask;
385 
386 	if (mask & HCI_CMSG_DIR) {
387 		int incoming = bt_cb(skb)->incoming;
388 		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
389 	}
390 
391 	if (mask & HCI_CMSG_TSTAMP) {
392 #ifdef CONFIG_COMPAT
393 		struct compat_timeval ctv;
394 #endif
395 		struct timeval tv;
396 		void *data;
397 		int len;
398 
399 		skb_get_timestamp(skb, &tv);
400 
401 		data = &tv;
402 		len = sizeof(tv);
403 #ifdef CONFIG_COMPAT
404 		if (msg->msg_flags & MSG_CMSG_COMPAT) {
405 			ctv.tv_sec = tv.tv_sec;
406 			ctv.tv_usec = tv.tv_usec;
407 			data = &ctv;
408 			len = sizeof(ctv);
409 		}
410 #endif
411 
412 		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
413 	}
414 }
415 
416 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
417 				struct msghdr *msg, size_t len, int flags)
418 {
419 	int noblock = flags & MSG_DONTWAIT;
420 	struct sock *sk = sock->sk;
421 	struct sk_buff *skb;
422 	int copied, err;
423 
424 	BT_DBG("sock %p, sk %p", sock, sk);
425 
426 	if (flags & (MSG_OOB))
427 		return -EOPNOTSUPP;
428 
429 	if (sk->sk_state == BT_CLOSED)
430 		return 0;
431 
432 	skb = skb_recv_datagram(sk, flags, noblock, &err);
433 	if (!skb)
434 		return err;
435 
436 	msg->msg_namelen = 0;
437 
438 	copied = skb->len;
439 	if (len < copied) {
440 		msg->msg_flags |= MSG_TRUNC;
441 		copied = len;
442 	}
443 
444 	skb_reset_transport_header(skb);
445 	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
446 
447 	hci_sock_cmsg(sk, msg, skb);
448 
449 	skb_free_datagram(sk, skb);
450 
451 	return err ? : copied;
452 }
453 
454 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
455 			    struct msghdr *msg, size_t len)
456 {
457 	struct sock *sk = sock->sk;
458 	struct hci_dev *hdev;
459 	struct sk_buff *skb;
460 	int err;
461 
462 	BT_DBG("sock %p sk %p", sock, sk);
463 
464 	if (msg->msg_flags & MSG_OOB)
465 		return -EOPNOTSUPP;
466 
467 	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
468 		return -EINVAL;
469 
470 	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
471 		return -EINVAL;
472 
473 	lock_sock(sk);
474 
475 	switch (hci_pi(sk)->channel) {
476 	case HCI_CHANNEL_RAW:
477 		break;
478 	case HCI_CHANNEL_CONTROL:
479 		err = mgmt_control(sk, msg, len);
480 		goto done;
481 	default:
482 		err = -EINVAL;
483 		goto done;
484 	}
485 
486 	hdev = hci_pi(sk)->hdev;
487 	if (!hdev) {
488 		err = -EBADFD;
489 		goto done;
490 	}
491 
492 	if (!test_bit(HCI_UP, &hdev->flags)) {
493 		err = -ENETDOWN;
494 		goto done;
495 	}
496 
497 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
498 	if (!skb)
499 		goto done;
500 
501 	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
502 		err = -EFAULT;
503 		goto drop;
504 	}
505 
506 	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
507 	skb_pull(skb, 1);
508 	skb->dev = (void *) hdev;
509 
510 	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
511 		u16 opcode = get_unaligned_le16(skb->data);
512 		u16 ogf = hci_opcode_ogf(opcode);
513 		u16 ocf = hci_opcode_ocf(opcode);
514 
515 		if (((ogf > HCI_SFLT_MAX_OGF) ||
516 				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
517 					!capable(CAP_NET_RAW)) {
518 			err = -EPERM;
519 			goto drop;
520 		}
521 
522 		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
523 			skb_queue_tail(&hdev->raw_q, skb);
524 			tasklet_schedule(&hdev->tx_task);
525 		} else {
526 			skb_queue_tail(&hdev->cmd_q, skb);
527 			tasklet_schedule(&hdev->cmd_task);
528 		}
529 	} else {
530 		if (!capable(CAP_NET_RAW)) {
531 			err = -EPERM;
532 			goto drop;
533 		}
534 
535 		skb_queue_tail(&hdev->raw_q, skb);
536 		tasklet_schedule(&hdev->tx_task);
537 	}
538 
539 	err = len;
540 
541 done:
542 	release_sock(sk);
543 	return err;
544 
545 drop:
546 	kfree_skb(skb);
547 	goto done;
548 }
549 
550 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
551 {
552 	struct hci_ufilter uf = { .opcode = 0 };
553 	struct sock *sk = sock->sk;
554 	int err = 0, opt = 0;
555 
556 	BT_DBG("sk %p, opt %d", sk, optname);
557 
558 	lock_sock(sk);
559 
560 	switch (optname) {
561 	case HCI_DATA_DIR:
562 		if (get_user(opt, (int __user *)optval)) {
563 			err = -EFAULT;
564 			break;
565 		}
566 
567 		if (opt)
568 			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
569 		else
570 			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
571 		break;
572 
573 	case HCI_TIME_STAMP:
574 		if (get_user(opt, (int __user *)optval)) {
575 			err = -EFAULT;
576 			break;
577 		}
578 
579 		if (opt)
580 			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
581 		else
582 			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
583 		break;
584 
585 	case HCI_FILTER:
586 		{
587 			struct hci_filter *f = &hci_pi(sk)->filter;
588 
589 			uf.type_mask = f->type_mask;
590 			uf.opcode    = f->opcode;
591 			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
592 			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
593 		}
594 
595 		len = min_t(unsigned int, len, sizeof(uf));
596 		if (copy_from_user(&uf, optval, len)) {
597 			err = -EFAULT;
598 			break;
599 		}
600 
601 		if (!capable(CAP_NET_RAW)) {
602 			uf.type_mask &= hci_sec_filter.type_mask;
603 			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
604 			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
605 		}
606 
607 		{
608 			struct hci_filter *f = &hci_pi(sk)->filter;
609 
610 			f->type_mask = uf.type_mask;
611 			f->opcode    = uf.opcode;
612 			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
613 			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
614 		}
615 		break;
616 
617 	default:
618 		err = -ENOPROTOOPT;
619 		break;
620 	}
621 
622 	release_sock(sk);
623 	return err;
624 }
625 
626 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
627 {
628 	struct hci_ufilter uf;
629 	struct sock *sk = sock->sk;
630 	int len, opt;
631 
632 	if (get_user(len, optlen))
633 		return -EFAULT;
634 
635 	switch (optname) {
636 	case HCI_DATA_DIR:
637 		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
638 			opt = 1;
639 		else
640 			opt = 0;
641 
642 		if (put_user(opt, optval))
643 			return -EFAULT;
644 		break;
645 
646 	case HCI_TIME_STAMP:
647 		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
648 			opt = 1;
649 		else
650 			opt = 0;
651 
652 		if (put_user(opt, optval))
653 			return -EFAULT;
654 		break;
655 
656 	case HCI_FILTER:
657 		{
658 			struct hci_filter *f = &hci_pi(sk)->filter;
659 
660 			uf.type_mask = f->type_mask;
661 			uf.opcode    = f->opcode;
662 			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
663 			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
664 		}
665 
666 		len = min_t(unsigned int, len, sizeof(uf));
667 		if (copy_to_user(optval, &uf, len))
668 			return -EFAULT;
669 		break;
670 
671 	default:
672 		return -ENOPROTOOPT;
673 		break;
674 	}
675 
676 	return 0;
677 }
678 
679 static const struct proto_ops hci_sock_ops = {
680 	.family		= PF_BLUETOOTH,
681 	.owner		= THIS_MODULE,
682 	.release	= hci_sock_release,
683 	.bind		= hci_sock_bind,
684 	.getname	= hci_sock_getname,
685 	.sendmsg	= hci_sock_sendmsg,
686 	.recvmsg	= hci_sock_recvmsg,
687 	.ioctl		= hci_sock_ioctl,
688 	.poll		= datagram_poll,
689 	.listen		= sock_no_listen,
690 	.shutdown	= sock_no_shutdown,
691 	.setsockopt	= hci_sock_setsockopt,
692 	.getsockopt	= hci_sock_getsockopt,
693 	.connect	= sock_no_connect,
694 	.socketpair	= sock_no_socketpair,
695 	.accept		= sock_no_accept,
696 	.mmap		= sock_no_mmap
697 };
698 
699 static struct proto hci_sk_proto = {
700 	.name		= "HCI",
701 	.owner		= THIS_MODULE,
702 	.obj_size	= sizeof(struct hci_pinfo)
703 };
704 
705 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
706 			   int kern)
707 {
708 	struct sock *sk;
709 
710 	BT_DBG("sock %p", sock);
711 
712 	if (sock->type != SOCK_RAW)
713 		return -ESOCKTNOSUPPORT;
714 
715 	sock->ops = &hci_sock_ops;
716 
717 	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
718 	if (!sk)
719 		return -ENOMEM;
720 
721 	sock_init_data(sock, sk);
722 
723 	sock_reset_flag(sk, SOCK_ZAPPED);
724 
725 	sk->sk_protocol = protocol;
726 
727 	sock->state = SS_UNCONNECTED;
728 	sk->sk_state = BT_OPEN;
729 
730 	bt_sock_link(&hci_sk_list, sk);
731 	return 0;
732 }
733 
734 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
735 {
736 	struct hci_dev *hdev = (struct hci_dev *) ptr;
737 	struct hci_ev_si_device ev;
738 
739 	BT_DBG("hdev %s event %ld", hdev->name, event);
740 
741 	/* Send event to sockets */
742 	ev.event  = event;
743 	ev.dev_id = hdev->id;
744 	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
745 
746 	if (event == HCI_DEV_UNREG) {
747 		struct sock *sk;
748 		struct hlist_node *node;
749 
750 		/* Detach sockets from device */
751 		read_lock(&hci_sk_list.lock);
752 		sk_for_each(sk, node, &hci_sk_list.head) {
753 			local_bh_disable();
754 			bh_lock_sock_nested(sk);
755 			if (hci_pi(sk)->hdev == hdev) {
756 				hci_pi(sk)->hdev = NULL;
757 				sk->sk_err = EPIPE;
758 				sk->sk_state = BT_OPEN;
759 				sk->sk_state_change(sk);
760 
761 				hci_dev_put(hdev);
762 			}
763 			bh_unlock_sock(sk);
764 			local_bh_enable();
765 		}
766 		read_unlock(&hci_sk_list.lock);
767 	}
768 
769 	return NOTIFY_DONE;
770 }
771 
772 static const struct net_proto_family hci_sock_family_ops = {
773 	.family	= PF_BLUETOOTH,
774 	.owner	= THIS_MODULE,
775 	.create	= hci_sock_create,
776 };
777 
778 static struct notifier_block hci_sock_nblock = {
779 	.notifier_call = hci_sock_dev_event
780 };
781 
782 int __init hci_sock_init(void)
783 {
784 	int err;
785 
786 	err = proto_register(&hci_sk_proto, 0);
787 	if (err < 0)
788 		return err;
789 
790 	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
791 	if (err < 0)
792 		goto error;
793 
794 	hci_register_notifier(&hci_sock_nblock);
795 
796 	BT_INFO("HCI socket layer initialized");
797 
798 	return 0;
799 
800 error:
801 	BT_ERR("HCI socket registration failed");
802 	proto_unregister(&hci_sk_proto);
803 	return err;
804 }
805 
806 void hci_sock_cleanup(void)
807 {
808 	if (bt_sock_unregister(BTPROTO_HCI) < 0)
809 		BT_ERR("HCI socket unregistration failed");
810 
811 	hci_unregister_notifier(&hci_sock_nblock);
812 
813 	proto_unregister(&hci_sk_proto);
814 }
815 
816 module_param(enable_mgmt, bool, 0644);
817 MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
818