xref: /openbmc/linux/net/bluetooth/hci_sock.c (revision 4800cd83)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth HCI sockets. */
26 
27 #include <linux/module.h>
28 
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/workqueue.h>
39 #include <linux/interrupt.h>
40 #include <linux/compat.h>
41 #include <linux/socket.h>
42 #include <linux/ioctl.h>
43 #include <net/sock.h>
44 
45 #include <asm/system.h>
46 #include <linux/uaccess.h>
47 #include <asm/unaligned.h>
48 
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 
52 static int enable_mgmt;
53 
54 /* ----- HCI socket interface ----- */
55 
56 static inline int hci_test_bit(int nr, void *addr)
57 {
58 	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
59 }
60 
61 /* Security filter */
62 static struct hci_sec_filter hci_sec_filter = {
63 	/* Packet types */
64 	0x10,
65 	/* Events */
66 	{ 0x1000d9fe, 0x0000b00c },
67 	/* Commands */
68 	{
69 		{ 0x0 },
70 		/* OGF_LINK_CTL */
71 		{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
72 		/* OGF_LINK_POLICY */
73 		{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
74 		/* OGF_HOST_CTL */
75 		{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
76 		/* OGF_INFO_PARAM */
77 		{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
78 		/* OGF_STATUS_PARAM */
79 		{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
80 	}
81 };
82 
83 static struct bt_sock_list hci_sk_list = {
84 	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
85 };
86 
87 /* Send frame to RAW socket */
88 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
89 {
90 	struct sock *sk;
91 	struct hlist_node *node;
92 
93 	BT_DBG("hdev %p len %d", hdev, skb->len);
94 
95 	read_lock(&hci_sk_list.lock);
96 	sk_for_each(sk, node, &hci_sk_list.head) {
97 		struct hci_filter *flt;
98 		struct sk_buff *nskb;
99 
100 		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
101 			continue;
102 
103 		/* Don't send frame to the socket it came from */
104 		if (skb->sk == sk)
105 			continue;
106 
107 		if (bt_cb(skb)->channel != hci_pi(sk)->channel)
108 			continue;
109 
110 		if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
111 			goto clone;
112 
113 		/* Apply filter */
114 		flt = &hci_pi(sk)->filter;
115 
116 		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
117 				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
118 			continue;
119 
120 		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
121 			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
122 
123 			if (!hci_test_bit(evt, &flt->event_mask))
124 				continue;
125 
126 			if (flt->opcode &&
127 			    ((evt == HCI_EV_CMD_COMPLETE &&
128 			      flt->opcode !=
129 			      get_unaligned((__le16 *)(skb->data + 3))) ||
130 			     (evt == HCI_EV_CMD_STATUS &&
131 			      flt->opcode !=
132 			      get_unaligned((__le16 *)(skb->data + 4)))))
133 				continue;
134 		}
135 
136 clone:
137 		nskb = skb_clone(skb, GFP_ATOMIC);
138 		if (!nskb)
139 			continue;
140 
141 		/* Put type byte before the data */
142 		if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
143 			memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
144 
145 		if (sock_queue_rcv_skb(sk, nskb))
146 			kfree_skb(nskb);
147 	}
148 	read_unlock(&hci_sk_list.lock);
149 }
150 
151 static int hci_sock_release(struct socket *sock)
152 {
153 	struct sock *sk = sock->sk;
154 	struct hci_dev *hdev;
155 
156 	BT_DBG("sock %p sk %p", sock, sk);
157 
158 	if (!sk)
159 		return 0;
160 
161 	hdev = hci_pi(sk)->hdev;
162 
163 	bt_sock_unlink(&hci_sk_list, sk);
164 
165 	if (hdev) {
166 		atomic_dec(&hdev->promisc);
167 		hci_dev_put(hdev);
168 	}
169 
170 	sock_orphan(sk);
171 
172 	skb_queue_purge(&sk->sk_receive_queue);
173 	skb_queue_purge(&sk->sk_write_queue);
174 
175 	sock_put(sk);
176 	return 0;
177 }
178 
179 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
180 {
181 	struct list_head *p;
182 
183 	list_for_each(p, &hdev->blacklist) {
184 		struct bdaddr_list *b;
185 
186 		b = list_entry(p, struct bdaddr_list, list);
187 
188 		if (bacmp(bdaddr, &b->bdaddr) == 0)
189 			return b;
190 	}
191 
192 	return NULL;
193 }
194 
195 static int hci_blacklist_add(struct hci_dev *hdev, void __user *arg)
196 {
197 	bdaddr_t bdaddr;
198 	struct bdaddr_list *entry;
199 
200 	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
201 		return -EFAULT;
202 
203 	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
204 		return -EBADF;
205 
206 	if (hci_blacklist_lookup(hdev, &bdaddr))
207 		return -EEXIST;
208 
209 	entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
210 	if (!entry)
211 		return -ENOMEM;
212 
213 	bacpy(&entry->bdaddr, &bdaddr);
214 
215 	list_add(&entry->list, &hdev->blacklist);
216 
217 	return 0;
218 }
219 
220 int hci_blacklist_clear(struct hci_dev *hdev)
221 {
222 	struct list_head *p, *n;
223 
224 	list_for_each_safe(p, n, &hdev->blacklist) {
225 		struct bdaddr_list *b;
226 
227 		b = list_entry(p, struct bdaddr_list, list);
228 
229 		list_del(p);
230 		kfree(b);
231 	}
232 
233 	return 0;
234 }
235 
236 static int hci_blacklist_del(struct hci_dev *hdev, void __user *arg)
237 {
238 	bdaddr_t bdaddr;
239 	struct bdaddr_list *entry;
240 
241 	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
242 		return -EFAULT;
243 
244 	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
245 		return hci_blacklist_clear(hdev);
246 
247 	entry = hci_blacklist_lookup(hdev, &bdaddr);
248 	if (!entry)
249 		return -ENOENT;
250 
251 	list_del(&entry->list);
252 	kfree(entry);
253 
254 	return 0;
255 }
256 
257 /* Ioctls that require bound socket */
258 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
259 {
260 	struct hci_dev *hdev = hci_pi(sk)->hdev;
261 
262 	if (!hdev)
263 		return -EBADFD;
264 
265 	switch (cmd) {
266 	case HCISETRAW:
267 		if (!capable(CAP_NET_ADMIN))
268 			return -EACCES;
269 
270 		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
271 			return -EPERM;
272 
273 		if (arg)
274 			set_bit(HCI_RAW, &hdev->flags);
275 		else
276 			clear_bit(HCI_RAW, &hdev->flags);
277 
278 		return 0;
279 
280 	case HCIGETCONNINFO:
281 		return hci_get_conn_info(hdev, (void __user *) arg);
282 
283 	case HCIGETAUTHINFO:
284 		return hci_get_auth_info(hdev, (void __user *) arg);
285 
286 	case HCIBLOCKADDR:
287 		if (!capable(CAP_NET_ADMIN))
288 			return -EACCES;
289 		return hci_blacklist_add(hdev, (void __user *) arg);
290 
291 	case HCIUNBLOCKADDR:
292 		if (!capable(CAP_NET_ADMIN))
293 			return -EACCES;
294 		return hci_blacklist_del(hdev, (void __user *) arg);
295 
296 	default:
297 		if (hdev->ioctl)
298 			return hdev->ioctl(hdev, cmd, arg);
299 		return -EINVAL;
300 	}
301 }
302 
303 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
304 {
305 	struct sock *sk = sock->sk;
306 	void __user *argp = (void __user *) arg;
307 	int err;
308 
309 	BT_DBG("cmd %x arg %lx", cmd, arg);
310 
311 	switch (cmd) {
312 	case HCIGETDEVLIST:
313 		return hci_get_dev_list(argp);
314 
315 	case HCIGETDEVINFO:
316 		return hci_get_dev_info(argp);
317 
318 	case HCIGETCONNLIST:
319 		return hci_get_conn_list(argp);
320 
321 	case HCIDEVUP:
322 		if (!capable(CAP_NET_ADMIN))
323 			return -EACCES;
324 		return hci_dev_open(arg);
325 
326 	case HCIDEVDOWN:
327 		if (!capable(CAP_NET_ADMIN))
328 			return -EACCES;
329 		return hci_dev_close(arg);
330 
331 	case HCIDEVRESET:
332 		if (!capable(CAP_NET_ADMIN))
333 			return -EACCES;
334 		return hci_dev_reset(arg);
335 
336 	case HCIDEVRESTAT:
337 		if (!capable(CAP_NET_ADMIN))
338 			return -EACCES;
339 		return hci_dev_reset_stat(arg);
340 
341 	case HCISETSCAN:
342 	case HCISETAUTH:
343 	case HCISETENCRYPT:
344 	case HCISETPTYPE:
345 	case HCISETLINKPOL:
346 	case HCISETLINKMODE:
347 	case HCISETACLMTU:
348 	case HCISETSCOMTU:
349 		if (!capable(CAP_NET_ADMIN))
350 			return -EACCES;
351 		return hci_dev_cmd(cmd, argp);
352 
353 	case HCIINQUIRY:
354 		return hci_inquiry(argp);
355 
356 	default:
357 		lock_sock(sk);
358 		err = hci_sock_bound_ioctl(sk, cmd, arg);
359 		release_sock(sk);
360 		return err;
361 	}
362 }
363 
364 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
365 {
366 	struct sockaddr_hci haddr;
367 	struct sock *sk = sock->sk;
368 	struct hci_dev *hdev = NULL;
369 	int len, err = 0;
370 
371 	BT_DBG("sock %p sk %p", sock, sk);
372 
373 	if (!addr)
374 		return -EINVAL;
375 
376 	memset(&haddr, 0, sizeof(haddr));
377 	len = min_t(unsigned int, sizeof(haddr), addr_len);
378 	memcpy(&haddr, addr, len);
379 
380 	if (haddr.hci_family != AF_BLUETOOTH)
381 		return -EINVAL;
382 
383 	if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
384 		return -EINVAL;
385 
386 	if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
387 		return -EINVAL;
388 
389 	lock_sock(sk);
390 
391 	if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) {
392 		err = -EALREADY;
393 		goto done;
394 	}
395 
396 	if (haddr.hci_dev != HCI_DEV_NONE) {
397 		hdev = hci_dev_get(haddr.hci_dev);
398 		if (!hdev) {
399 			err = -ENODEV;
400 			goto done;
401 		}
402 
403 		atomic_inc(&hdev->promisc);
404 	}
405 
406 	hci_pi(sk)->channel = haddr.hci_channel;
407 	hci_pi(sk)->hdev = hdev;
408 	sk->sk_state = BT_BOUND;
409 
410 done:
411 	release_sock(sk);
412 	return err;
413 }
414 
415 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
416 {
417 	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
418 	struct sock *sk = sock->sk;
419 	struct hci_dev *hdev = hci_pi(sk)->hdev;
420 
421 	BT_DBG("sock %p sk %p", sock, sk);
422 
423 	if (!hdev)
424 		return -EBADFD;
425 
426 	lock_sock(sk);
427 
428 	*addr_len = sizeof(*haddr);
429 	haddr->hci_family = AF_BLUETOOTH;
430 	haddr->hci_dev    = hdev->id;
431 
432 	release_sock(sk);
433 	return 0;
434 }
435 
436 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
437 {
438 	__u32 mask = hci_pi(sk)->cmsg_mask;
439 
440 	if (mask & HCI_CMSG_DIR) {
441 		int incoming = bt_cb(skb)->incoming;
442 		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
443 	}
444 
445 	if (mask & HCI_CMSG_TSTAMP) {
446 #ifdef CONFIG_COMPAT
447 		struct compat_timeval ctv;
448 #endif
449 		struct timeval tv;
450 		void *data;
451 		int len;
452 
453 		skb_get_timestamp(skb, &tv);
454 
455 		data = &tv;
456 		len = sizeof(tv);
457 #ifdef CONFIG_COMPAT
458 		if (msg->msg_flags & MSG_CMSG_COMPAT) {
459 			ctv.tv_sec = tv.tv_sec;
460 			ctv.tv_usec = tv.tv_usec;
461 			data = &ctv;
462 			len = sizeof(ctv);
463 		}
464 #endif
465 
466 		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
467 	}
468 }
469 
470 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
471 				struct msghdr *msg, size_t len, int flags)
472 {
473 	int noblock = flags & MSG_DONTWAIT;
474 	struct sock *sk = sock->sk;
475 	struct sk_buff *skb;
476 	int copied, err;
477 
478 	BT_DBG("sock %p, sk %p", sock, sk);
479 
480 	if (flags & (MSG_OOB))
481 		return -EOPNOTSUPP;
482 
483 	if (sk->sk_state == BT_CLOSED)
484 		return 0;
485 
486 	skb = skb_recv_datagram(sk, flags, noblock, &err);
487 	if (!skb)
488 		return err;
489 
490 	msg->msg_namelen = 0;
491 
492 	copied = skb->len;
493 	if (len < copied) {
494 		msg->msg_flags |= MSG_TRUNC;
495 		copied = len;
496 	}
497 
498 	skb_reset_transport_header(skb);
499 	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
500 
501 	hci_sock_cmsg(sk, msg, skb);
502 
503 	skb_free_datagram(sk, skb);
504 
505 	return err ? : copied;
506 }
507 
508 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
509 			    struct msghdr *msg, size_t len)
510 {
511 	struct sock *sk = sock->sk;
512 	struct hci_dev *hdev;
513 	struct sk_buff *skb;
514 	int err;
515 
516 	BT_DBG("sock %p sk %p", sock, sk);
517 
518 	if (msg->msg_flags & MSG_OOB)
519 		return -EOPNOTSUPP;
520 
521 	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
522 		return -EINVAL;
523 
524 	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
525 		return -EINVAL;
526 
527 	lock_sock(sk);
528 
529 	switch (hci_pi(sk)->channel) {
530 	case HCI_CHANNEL_RAW:
531 		break;
532 	case HCI_CHANNEL_CONTROL:
533 		err = mgmt_control(sk, msg, len);
534 		goto done;
535 	default:
536 		err = -EINVAL;
537 		goto done;
538 	}
539 
540 	hdev = hci_pi(sk)->hdev;
541 	if (!hdev) {
542 		err = -EBADFD;
543 		goto done;
544 	}
545 
546 	if (!test_bit(HCI_UP, &hdev->flags)) {
547 		err = -ENETDOWN;
548 		goto done;
549 	}
550 
551 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
552 	if (!skb)
553 		goto done;
554 
555 	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
556 		err = -EFAULT;
557 		goto drop;
558 	}
559 
560 	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
561 	skb_pull(skb, 1);
562 	skb->dev = (void *) hdev;
563 
564 	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
565 		u16 opcode = get_unaligned_le16(skb->data);
566 		u16 ogf = hci_opcode_ogf(opcode);
567 		u16 ocf = hci_opcode_ocf(opcode);
568 
569 		if (((ogf > HCI_SFLT_MAX_OGF) ||
570 				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
571 					!capable(CAP_NET_RAW)) {
572 			err = -EPERM;
573 			goto drop;
574 		}
575 
576 		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
577 			skb_queue_tail(&hdev->raw_q, skb);
578 			tasklet_schedule(&hdev->tx_task);
579 		} else {
580 			skb_queue_tail(&hdev->cmd_q, skb);
581 			tasklet_schedule(&hdev->cmd_task);
582 		}
583 	} else {
584 		if (!capable(CAP_NET_RAW)) {
585 			err = -EPERM;
586 			goto drop;
587 		}
588 
589 		skb_queue_tail(&hdev->raw_q, skb);
590 		tasklet_schedule(&hdev->tx_task);
591 	}
592 
593 	err = len;
594 
595 done:
596 	release_sock(sk);
597 	return err;
598 
599 drop:
600 	kfree_skb(skb);
601 	goto done;
602 }
603 
604 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
605 {
606 	struct hci_ufilter uf = { .opcode = 0 };
607 	struct sock *sk = sock->sk;
608 	int err = 0, opt = 0;
609 
610 	BT_DBG("sk %p, opt %d", sk, optname);
611 
612 	lock_sock(sk);
613 
614 	switch (optname) {
615 	case HCI_DATA_DIR:
616 		if (get_user(opt, (int __user *)optval)) {
617 			err = -EFAULT;
618 			break;
619 		}
620 
621 		if (opt)
622 			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
623 		else
624 			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
625 		break;
626 
627 	case HCI_TIME_STAMP:
628 		if (get_user(opt, (int __user *)optval)) {
629 			err = -EFAULT;
630 			break;
631 		}
632 
633 		if (opt)
634 			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
635 		else
636 			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
637 		break;
638 
639 	case HCI_FILTER:
640 		{
641 			struct hci_filter *f = &hci_pi(sk)->filter;
642 
643 			uf.type_mask = f->type_mask;
644 			uf.opcode    = f->opcode;
645 			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
646 			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
647 		}
648 
649 		len = min_t(unsigned int, len, sizeof(uf));
650 		if (copy_from_user(&uf, optval, len)) {
651 			err = -EFAULT;
652 			break;
653 		}
654 
655 		if (!capable(CAP_NET_RAW)) {
656 			uf.type_mask &= hci_sec_filter.type_mask;
657 			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
658 			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
659 		}
660 
661 		{
662 			struct hci_filter *f = &hci_pi(sk)->filter;
663 
664 			f->type_mask = uf.type_mask;
665 			f->opcode    = uf.opcode;
666 			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
667 			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
668 		}
669 		break;
670 
671 	default:
672 		err = -ENOPROTOOPT;
673 		break;
674 	}
675 
676 	release_sock(sk);
677 	return err;
678 }
679 
680 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
681 {
682 	struct hci_ufilter uf;
683 	struct sock *sk = sock->sk;
684 	int len, opt;
685 
686 	if (get_user(len, optlen))
687 		return -EFAULT;
688 
689 	switch (optname) {
690 	case HCI_DATA_DIR:
691 		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
692 			opt = 1;
693 		else
694 			opt = 0;
695 
696 		if (put_user(opt, optval))
697 			return -EFAULT;
698 		break;
699 
700 	case HCI_TIME_STAMP:
701 		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
702 			opt = 1;
703 		else
704 			opt = 0;
705 
706 		if (put_user(opt, optval))
707 			return -EFAULT;
708 		break;
709 
710 	case HCI_FILTER:
711 		{
712 			struct hci_filter *f = &hci_pi(sk)->filter;
713 
714 			uf.type_mask = f->type_mask;
715 			uf.opcode    = f->opcode;
716 			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
717 			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
718 		}
719 
720 		len = min_t(unsigned int, len, sizeof(uf));
721 		if (copy_to_user(optval, &uf, len))
722 			return -EFAULT;
723 		break;
724 
725 	default:
726 		return -ENOPROTOOPT;
727 		break;
728 	}
729 
730 	return 0;
731 }
732 
733 static const struct proto_ops hci_sock_ops = {
734 	.family		= PF_BLUETOOTH,
735 	.owner		= THIS_MODULE,
736 	.release	= hci_sock_release,
737 	.bind		= hci_sock_bind,
738 	.getname	= hci_sock_getname,
739 	.sendmsg	= hci_sock_sendmsg,
740 	.recvmsg	= hci_sock_recvmsg,
741 	.ioctl		= hci_sock_ioctl,
742 	.poll		= datagram_poll,
743 	.listen		= sock_no_listen,
744 	.shutdown	= sock_no_shutdown,
745 	.setsockopt	= hci_sock_setsockopt,
746 	.getsockopt	= hci_sock_getsockopt,
747 	.connect	= sock_no_connect,
748 	.socketpair	= sock_no_socketpair,
749 	.accept		= sock_no_accept,
750 	.mmap		= sock_no_mmap
751 };
752 
753 static struct proto hci_sk_proto = {
754 	.name		= "HCI",
755 	.owner		= THIS_MODULE,
756 	.obj_size	= sizeof(struct hci_pinfo)
757 };
758 
759 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
760 			   int kern)
761 {
762 	struct sock *sk;
763 
764 	BT_DBG("sock %p", sock);
765 
766 	if (sock->type != SOCK_RAW)
767 		return -ESOCKTNOSUPPORT;
768 
769 	sock->ops = &hci_sock_ops;
770 
771 	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
772 	if (!sk)
773 		return -ENOMEM;
774 
775 	sock_init_data(sock, sk);
776 
777 	sock_reset_flag(sk, SOCK_ZAPPED);
778 
779 	sk->sk_protocol = protocol;
780 
781 	sock->state = SS_UNCONNECTED;
782 	sk->sk_state = BT_OPEN;
783 
784 	bt_sock_link(&hci_sk_list, sk);
785 	return 0;
786 }
787 
788 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
789 {
790 	struct hci_dev *hdev = (struct hci_dev *) ptr;
791 	struct hci_ev_si_device ev;
792 
793 	BT_DBG("hdev %s event %ld", hdev->name, event);
794 
795 	/* Send event to sockets */
796 	ev.event  = event;
797 	ev.dev_id = hdev->id;
798 	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
799 
800 	if (event == HCI_DEV_UNREG) {
801 		struct sock *sk;
802 		struct hlist_node *node;
803 
804 		/* Detach sockets from device */
805 		read_lock(&hci_sk_list.lock);
806 		sk_for_each(sk, node, &hci_sk_list.head) {
807 			local_bh_disable();
808 			bh_lock_sock_nested(sk);
809 			if (hci_pi(sk)->hdev == hdev) {
810 				hci_pi(sk)->hdev = NULL;
811 				sk->sk_err = EPIPE;
812 				sk->sk_state = BT_OPEN;
813 				sk->sk_state_change(sk);
814 
815 				hci_dev_put(hdev);
816 			}
817 			bh_unlock_sock(sk);
818 			local_bh_enable();
819 		}
820 		read_unlock(&hci_sk_list.lock);
821 	}
822 
823 	return NOTIFY_DONE;
824 }
825 
826 static const struct net_proto_family hci_sock_family_ops = {
827 	.family	= PF_BLUETOOTH,
828 	.owner	= THIS_MODULE,
829 	.create	= hci_sock_create,
830 };
831 
832 static struct notifier_block hci_sock_nblock = {
833 	.notifier_call = hci_sock_dev_event
834 };
835 
836 int __init hci_sock_init(void)
837 {
838 	int err;
839 
840 	err = proto_register(&hci_sk_proto, 0);
841 	if (err < 0)
842 		return err;
843 
844 	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
845 	if (err < 0)
846 		goto error;
847 
848 	hci_register_notifier(&hci_sock_nblock);
849 
850 	BT_INFO("HCI socket layer initialized");
851 
852 	return 0;
853 
854 error:
855 	BT_ERR("HCI socket registration failed");
856 	proto_unregister(&hci_sk_proto);
857 	return err;
858 }
859 
860 void __exit hci_sock_cleanup(void)
861 {
862 	if (bt_sock_unregister(BTPROTO_HCI) < 0)
863 		BT_ERR("HCI socket unregistration failed");
864 
865 	hci_unregister_notifier(&hci_sock_nblock);
866 
867 	proto_unregister(&hci_sk_proto);
868 }
869 
870 module_param(enable_mgmt, bool, 0644);
871 MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
872