1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI sockets. */ 26 27 #include <linux/export.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_mon.h> 33 #include <net/bluetooth/mgmt.h> 34 35 #include "mgmt_util.h" 36 37 static LIST_HEAD(mgmt_chan_list); 38 static DEFINE_MUTEX(mgmt_chan_list_lock); 39 40 static atomic_t monitor_promisc = ATOMIC_INIT(0); 41 42 /* ----- HCI socket interface ----- */ 43 44 /* Socket info */ 45 #define hci_pi(sk) ((struct hci_pinfo *) sk) 46 47 struct hci_pinfo { 48 struct bt_sock bt; 49 struct hci_dev *hdev; 50 struct hci_filter filter; 51 __u32 cmsg_mask; 52 unsigned short channel; 53 unsigned long flags; 54 }; 55 56 void hci_sock_set_flag(struct sock *sk, int nr) 57 { 58 set_bit(nr, &hci_pi(sk)->flags); 59 } 60 61 void hci_sock_clear_flag(struct sock *sk, int nr) 62 { 63 clear_bit(nr, &hci_pi(sk)->flags); 64 } 65 66 int hci_sock_test_flag(struct sock *sk, int nr) 67 { 68 return test_bit(nr, &hci_pi(sk)->flags); 69 } 70 71 unsigned short hci_sock_get_channel(struct sock *sk) 72 { 73 return hci_pi(sk)->channel; 74 } 75 76 static inline int hci_test_bit(int nr, const void *addr) 77 { 78 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31)); 79 } 80 81 /* Security filter */ 82 #define HCI_SFLT_MAX_OGF 5 83 84 struct hci_sec_filter { 85 __u32 type_mask; 86 __u32 event_mask[2]; 87 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4]; 88 }; 89 90 static const struct hci_sec_filter hci_sec_filter = { 91 /* Packet types */ 92 0x10, 93 /* Events */ 94 { 0x1000d9fe, 0x0000b00c }, 95 /* Commands */ 96 { 97 { 0x0 }, 98 /* OGF_LINK_CTL */ 99 { 0xbe000006, 0x00000001, 0x00000000, 0x00 }, 100 /* OGF_LINK_POLICY */ 101 { 0x00005200, 0x00000000, 0x00000000, 0x00 }, 102 /* OGF_HOST_CTL */ 103 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 }, 104 /* OGF_INFO_PARAM */ 105 { 0x000002be, 0x00000000, 0x00000000, 0x00 }, 106 /* OGF_STATUS_PARAM */ 107 { 0x000000ea, 0x00000000, 0x00000000, 0x00 } 108 } 109 }; 110 111 static struct bt_sock_list hci_sk_list = { 112 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock) 113 }; 114 115 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb) 116 { 117 struct hci_filter *flt; 118 int flt_type, flt_event; 119 120 /* Apply filter */ 121 flt = &hci_pi(sk)->filter; 122 123 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS; 124 125 if (!test_bit(flt_type, &flt->type_mask)) 126 return true; 127 128 /* Extra filter for event packets only */ 129 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT) 130 return false; 131 132 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); 133 134 if (!hci_test_bit(flt_event, &flt->event_mask)) 135 return true; 136 137 /* Check filter only when opcode is set */ 138 if (!flt->opcode) 139 return false; 140 141 if (flt_event == HCI_EV_CMD_COMPLETE && 142 flt->opcode != get_unaligned((__le16 *)(skb->data + 3))) 143 return true; 144 145 if (flt_event == HCI_EV_CMD_STATUS && 146 flt->opcode != get_unaligned((__le16 *)(skb->data + 4))) 147 return true; 148 149 return false; 150 } 151 152 /* Send frame to RAW socket */ 153 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) 154 { 155 struct sock *sk; 156 struct sk_buff *skb_copy = NULL; 157 158 BT_DBG("hdev %p len %d", hdev, skb->len); 159 160 read_lock(&hci_sk_list.lock); 161 162 sk_for_each(sk, &hci_sk_list.head) { 163 struct sk_buff *nskb; 164 165 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev) 166 continue; 167 168 /* Don't send frame to the socket it came from */ 169 if (skb->sk == sk) 170 continue; 171 172 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) { 173 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT && 174 bt_cb(skb)->pkt_type != HCI_EVENT_PKT && 175 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT && 176 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) 177 continue; 178 if (is_filtered_packet(sk, skb)) 179 continue; 180 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { 181 if (!bt_cb(skb)->incoming) 182 continue; 183 if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT && 184 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT && 185 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) 186 continue; 187 } else { 188 /* Don't send frame to other channel types */ 189 continue; 190 } 191 192 if (!skb_copy) { 193 /* Create a private copy with headroom */ 194 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true); 195 if (!skb_copy) 196 continue; 197 198 /* Put type byte before the data */ 199 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1); 200 } 201 202 nskb = skb_clone(skb_copy, GFP_ATOMIC); 203 if (!nskb) 204 continue; 205 206 if (sock_queue_rcv_skb(sk, nskb)) 207 kfree_skb(nskb); 208 } 209 210 read_unlock(&hci_sk_list.lock); 211 212 kfree_skb(skb_copy); 213 } 214 215 /* Send frame to sockets with specific channel */ 216 void hci_send_to_channel(unsigned short channel, struct sk_buff *skb, 217 int flag, struct sock *skip_sk) 218 { 219 struct sock *sk; 220 221 BT_DBG("channel %u len %d", channel, skb->len); 222 223 read_lock(&hci_sk_list.lock); 224 225 sk_for_each(sk, &hci_sk_list.head) { 226 struct sk_buff *nskb; 227 228 /* Ignore socket without the flag set */ 229 if (!hci_sock_test_flag(sk, flag)) 230 continue; 231 232 /* Skip the original socket */ 233 if (sk == skip_sk) 234 continue; 235 236 if (sk->sk_state != BT_BOUND) 237 continue; 238 239 if (hci_pi(sk)->channel != channel) 240 continue; 241 242 nskb = skb_clone(skb, GFP_ATOMIC); 243 if (!nskb) 244 continue; 245 246 if (sock_queue_rcv_skb(sk, nskb)) 247 kfree_skb(nskb); 248 } 249 250 read_unlock(&hci_sk_list.lock); 251 } 252 253 /* Send frame to monitor socket */ 254 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb) 255 { 256 struct sk_buff *skb_copy = NULL; 257 struct hci_mon_hdr *hdr; 258 __le16 opcode; 259 260 if (!atomic_read(&monitor_promisc)) 261 return; 262 263 BT_DBG("hdev %p len %d", hdev, skb->len); 264 265 switch (bt_cb(skb)->pkt_type) { 266 case HCI_COMMAND_PKT: 267 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT); 268 break; 269 case HCI_EVENT_PKT: 270 opcode = cpu_to_le16(HCI_MON_EVENT_PKT); 271 break; 272 case HCI_ACLDATA_PKT: 273 if (bt_cb(skb)->incoming) 274 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT); 275 else 276 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT); 277 break; 278 case HCI_SCODATA_PKT: 279 if (bt_cb(skb)->incoming) 280 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT); 281 else 282 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT); 283 break; 284 case HCI_DIAG_PKT: 285 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG); 286 break; 287 default: 288 return; 289 } 290 291 /* Create a private copy with headroom */ 292 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true); 293 if (!skb_copy) 294 return; 295 296 /* Put header before the data */ 297 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE); 298 hdr->opcode = opcode; 299 hdr->index = cpu_to_le16(hdev->id); 300 hdr->len = cpu_to_le16(skb->len); 301 302 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy, 303 HCI_SOCK_TRUSTED, NULL); 304 kfree_skb(skb_copy); 305 } 306 307 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event) 308 { 309 struct hci_mon_hdr *hdr; 310 struct hci_mon_new_index *ni; 311 struct hci_mon_index_info *ii; 312 struct sk_buff *skb; 313 __le16 opcode; 314 315 switch (event) { 316 case HCI_DEV_REG: 317 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC); 318 if (!skb) 319 return NULL; 320 321 ni = (void *)skb_put(skb, HCI_MON_NEW_INDEX_SIZE); 322 ni->type = hdev->dev_type; 323 ni->bus = hdev->bus; 324 bacpy(&ni->bdaddr, &hdev->bdaddr); 325 memcpy(ni->name, hdev->name, 8); 326 327 opcode = cpu_to_le16(HCI_MON_NEW_INDEX); 328 break; 329 330 case HCI_DEV_UNREG: 331 skb = bt_skb_alloc(0, GFP_ATOMIC); 332 if (!skb) 333 return NULL; 334 335 opcode = cpu_to_le16(HCI_MON_DEL_INDEX); 336 break; 337 338 case HCI_DEV_SETUP: 339 if (hdev->manufacturer == 0xffff) 340 return NULL; 341 342 /* fall through */ 343 344 case HCI_DEV_UP: 345 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC); 346 if (!skb) 347 return NULL; 348 349 ii = (void *)skb_put(skb, HCI_MON_INDEX_INFO_SIZE); 350 bacpy(&ii->bdaddr, &hdev->bdaddr); 351 ii->manufacturer = cpu_to_le16(hdev->manufacturer); 352 353 opcode = cpu_to_le16(HCI_MON_INDEX_INFO); 354 break; 355 356 case HCI_DEV_OPEN: 357 skb = bt_skb_alloc(0, GFP_ATOMIC); 358 if (!skb) 359 return NULL; 360 361 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX); 362 break; 363 364 case HCI_DEV_CLOSE: 365 skb = bt_skb_alloc(0, GFP_ATOMIC); 366 if (!skb) 367 return NULL; 368 369 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX); 370 break; 371 372 default: 373 return NULL; 374 } 375 376 __net_timestamp(skb); 377 378 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE); 379 hdr->opcode = opcode; 380 hdr->index = cpu_to_le16(hdev->id); 381 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE); 382 383 return skb; 384 } 385 386 static void send_monitor_replay(struct sock *sk) 387 { 388 struct hci_dev *hdev; 389 390 read_lock(&hci_dev_list_lock); 391 392 list_for_each_entry(hdev, &hci_dev_list, list) { 393 struct sk_buff *skb; 394 395 skb = create_monitor_event(hdev, HCI_DEV_REG); 396 if (!skb) 397 continue; 398 399 if (sock_queue_rcv_skb(sk, skb)) 400 kfree_skb(skb); 401 402 if (!test_bit(HCI_RUNNING, &hdev->flags)) 403 continue; 404 405 skb = create_monitor_event(hdev, HCI_DEV_OPEN); 406 if (!skb) 407 continue; 408 409 if (sock_queue_rcv_skb(sk, skb)) 410 kfree_skb(skb); 411 412 if (test_bit(HCI_UP, &hdev->flags)) 413 skb = create_monitor_event(hdev, HCI_DEV_UP); 414 else if (hci_dev_test_flag(hdev, HCI_SETUP)) 415 skb = create_monitor_event(hdev, HCI_DEV_SETUP); 416 else 417 skb = NULL; 418 419 if (skb) { 420 if (sock_queue_rcv_skb(sk, skb)) 421 kfree_skb(skb); 422 } 423 } 424 425 read_unlock(&hci_dev_list_lock); 426 } 427 428 /* Generate internal stack event */ 429 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 430 { 431 struct hci_event_hdr *hdr; 432 struct hci_ev_stack_internal *ev; 433 struct sk_buff *skb; 434 435 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 436 if (!skb) 437 return; 438 439 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 440 hdr->evt = HCI_EV_STACK_INTERNAL; 441 hdr->plen = sizeof(*ev) + dlen; 442 443 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 444 ev->type = type; 445 memcpy(ev->data, data, dlen); 446 447 bt_cb(skb)->incoming = 1; 448 __net_timestamp(skb); 449 450 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 451 hci_send_to_sock(hdev, skb); 452 kfree_skb(skb); 453 } 454 455 void hci_sock_dev_event(struct hci_dev *hdev, int event) 456 { 457 BT_DBG("hdev %s event %d", hdev->name, event); 458 459 if (atomic_read(&monitor_promisc)) { 460 struct sk_buff *skb; 461 462 /* Send event to monitor */ 463 skb = create_monitor_event(hdev, event); 464 if (skb) { 465 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, 466 HCI_SOCK_TRUSTED, NULL); 467 kfree_skb(skb); 468 } 469 } 470 471 if (event <= HCI_DEV_DOWN) { 472 struct hci_ev_si_device ev; 473 474 /* Send event to sockets */ 475 ev.event = event; 476 ev.dev_id = hdev->id; 477 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev); 478 } 479 480 if (event == HCI_DEV_UNREG) { 481 struct sock *sk; 482 483 /* Detach sockets from device */ 484 read_lock(&hci_sk_list.lock); 485 sk_for_each(sk, &hci_sk_list.head) { 486 bh_lock_sock_nested(sk); 487 if (hci_pi(sk)->hdev == hdev) { 488 hci_pi(sk)->hdev = NULL; 489 sk->sk_err = EPIPE; 490 sk->sk_state = BT_OPEN; 491 sk->sk_state_change(sk); 492 493 hci_dev_put(hdev); 494 } 495 bh_unlock_sock(sk); 496 } 497 read_unlock(&hci_sk_list.lock); 498 } 499 } 500 501 static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel) 502 { 503 struct hci_mgmt_chan *c; 504 505 list_for_each_entry(c, &mgmt_chan_list, list) { 506 if (c->channel == channel) 507 return c; 508 } 509 510 return NULL; 511 } 512 513 static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel) 514 { 515 struct hci_mgmt_chan *c; 516 517 mutex_lock(&mgmt_chan_list_lock); 518 c = __hci_mgmt_chan_find(channel); 519 mutex_unlock(&mgmt_chan_list_lock); 520 521 return c; 522 } 523 524 int hci_mgmt_chan_register(struct hci_mgmt_chan *c) 525 { 526 if (c->channel < HCI_CHANNEL_CONTROL) 527 return -EINVAL; 528 529 mutex_lock(&mgmt_chan_list_lock); 530 if (__hci_mgmt_chan_find(c->channel)) { 531 mutex_unlock(&mgmt_chan_list_lock); 532 return -EALREADY; 533 } 534 535 list_add_tail(&c->list, &mgmt_chan_list); 536 537 mutex_unlock(&mgmt_chan_list_lock); 538 539 return 0; 540 } 541 EXPORT_SYMBOL(hci_mgmt_chan_register); 542 543 void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c) 544 { 545 mutex_lock(&mgmt_chan_list_lock); 546 list_del(&c->list); 547 mutex_unlock(&mgmt_chan_list_lock); 548 } 549 EXPORT_SYMBOL(hci_mgmt_chan_unregister); 550 551 static int hci_sock_release(struct socket *sock) 552 { 553 struct sock *sk = sock->sk; 554 struct hci_dev *hdev; 555 556 BT_DBG("sock %p sk %p", sock, sk); 557 558 if (!sk) 559 return 0; 560 561 hdev = hci_pi(sk)->hdev; 562 563 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR) 564 atomic_dec(&monitor_promisc); 565 566 bt_sock_unlink(&hci_sk_list, sk); 567 568 if (hdev) { 569 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { 570 /* When releasing an user channel exclusive access, 571 * call hci_dev_do_close directly instead of calling 572 * hci_dev_close to ensure the exclusive access will 573 * be released and the controller brought back down. 574 * 575 * The checking of HCI_AUTO_OFF is not needed in this 576 * case since it will have been cleared already when 577 * opening the user channel. 578 */ 579 hci_dev_do_close(hdev); 580 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL); 581 mgmt_index_added(hdev); 582 } 583 584 atomic_dec(&hdev->promisc); 585 hci_dev_put(hdev); 586 } 587 588 sock_orphan(sk); 589 590 skb_queue_purge(&sk->sk_receive_queue); 591 skb_queue_purge(&sk->sk_write_queue); 592 593 sock_put(sk); 594 return 0; 595 } 596 597 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg) 598 { 599 bdaddr_t bdaddr; 600 int err; 601 602 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) 603 return -EFAULT; 604 605 hci_dev_lock(hdev); 606 607 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR); 608 609 hci_dev_unlock(hdev); 610 611 return err; 612 } 613 614 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg) 615 { 616 bdaddr_t bdaddr; 617 int err; 618 619 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) 620 return -EFAULT; 621 622 hci_dev_lock(hdev); 623 624 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR); 625 626 hci_dev_unlock(hdev); 627 628 return err; 629 } 630 631 /* Ioctls that require bound socket */ 632 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, 633 unsigned long arg) 634 { 635 struct hci_dev *hdev = hci_pi(sk)->hdev; 636 637 if (!hdev) 638 return -EBADFD; 639 640 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) 641 return -EBUSY; 642 643 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 644 return -EOPNOTSUPP; 645 646 if (hdev->dev_type != HCI_BREDR) 647 return -EOPNOTSUPP; 648 649 switch (cmd) { 650 case HCISETRAW: 651 if (!capable(CAP_NET_ADMIN)) 652 return -EPERM; 653 return -EOPNOTSUPP; 654 655 case HCIGETCONNINFO: 656 return hci_get_conn_info(hdev, (void __user *) arg); 657 658 case HCIGETAUTHINFO: 659 return hci_get_auth_info(hdev, (void __user *) arg); 660 661 case HCIBLOCKADDR: 662 if (!capable(CAP_NET_ADMIN)) 663 return -EPERM; 664 return hci_sock_blacklist_add(hdev, (void __user *) arg); 665 666 case HCIUNBLOCKADDR: 667 if (!capable(CAP_NET_ADMIN)) 668 return -EPERM; 669 return hci_sock_blacklist_del(hdev, (void __user *) arg); 670 } 671 672 return -ENOIOCTLCMD; 673 } 674 675 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, 676 unsigned long arg) 677 { 678 void __user *argp = (void __user *) arg; 679 struct sock *sk = sock->sk; 680 int err; 681 682 BT_DBG("cmd %x arg %lx", cmd, arg); 683 684 lock_sock(sk); 685 686 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { 687 err = -EBADFD; 688 goto done; 689 } 690 691 release_sock(sk); 692 693 switch (cmd) { 694 case HCIGETDEVLIST: 695 return hci_get_dev_list(argp); 696 697 case HCIGETDEVINFO: 698 return hci_get_dev_info(argp); 699 700 case HCIGETCONNLIST: 701 return hci_get_conn_list(argp); 702 703 case HCIDEVUP: 704 if (!capable(CAP_NET_ADMIN)) 705 return -EPERM; 706 return hci_dev_open(arg); 707 708 case HCIDEVDOWN: 709 if (!capable(CAP_NET_ADMIN)) 710 return -EPERM; 711 return hci_dev_close(arg); 712 713 case HCIDEVRESET: 714 if (!capable(CAP_NET_ADMIN)) 715 return -EPERM; 716 return hci_dev_reset(arg); 717 718 case HCIDEVRESTAT: 719 if (!capable(CAP_NET_ADMIN)) 720 return -EPERM; 721 return hci_dev_reset_stat(arg); 722 723 case HCISETSCAN: 724 case HCISETAUTH: 725 case HCISETENCRYPT: 726 case HCISETPTYPE: 727 case HCISETLINKPOL: 728 case HCISETLINKMODE: 729 case HCISETACLMTU: 730 case HCISETSCOMTU: 731 if (!capable(CAP_NET_ADMIN)) 732 return -EPERM; 733 return hci_dev_cmd(cmd, argp); 734 735 case HCIINQUIRY: 736 return hci_inquiry(argp); 737 } 738 739 lock_sock(sk); 740 741 err = hci_sock_bound_ioctl(sk, cmd, arg); 742 743 done: 744 release_sock(sk); 745 return err; 746 } 747 748 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, 749 int addr_len) 750 { 751 struct sockaddr_hci haddr; 752 struct sock *sk = sock->sk; 753 struct hci_dev *hdev = NULL; 754 int len, err = 0; 755 756 BT_DBG("sock %p sk %p", sock, sk); 757 758 if (!addr) 759 return -EINVAL; 760 761 memset(&haddr, 0, sizeof(haddr)); 762 len = min_t(unsigned int, sizeof(haddr), addr_len); 763 memcpy(&haddr, addr, len); 764 765 if (haddr.hci_family != AF_BLUETOOTH) 766 return -EINVAL; 767 768 lock_sock(sk); 769 770 if (sk->sk_state == BT_BOUND) { 771 err = -EALREADY; 772 goto done; 773 } 774 775 switch (haddr.hci_channel) { 776 case HCI_CHANNEL_RAW: 777 if (hci_pi(sk)->hdev) { 778 err = -EALREADY; 779 goto done; 780 } 781 782 if (haddr.hci_dev != HCI_DEV_NONE) { 783 hdev = hci_dev_get(haddr.hci_dev); 784 if (!hdev) { 785 err = -ENODEV; 786 goto done; 787 } 788 789 atomic_inc(&hdev->promisc); 790 } 791 792 hci_pi(sk)->hdev = hdev; 793 break; 794 795 case HCI_CHANNEL_USER: 796 if (hci_pi(sk)->hdev) { 797 err = -EALREADY; 798 goto done; 799 } 800 801 if (haddr.hci_dev == HCI_DEV_NONE) { 802 err = -EINVAL; 803 goto done; 804 } 805 806 if (!capable(CAP_NET_ADMIN)) { 807 err = -EPERM; 808 goto done; 809 } 810 811 hdev = hci_dev_get(haddr.hci_dev); 812 if (!hdev) { 813 err = -ENODEV; 814 goto done; 815 } 816 817 if (test_bit(HCI_INIT, &hdev->flags) || 818 hci_dev_test_flag(hdev, HCI_SETUP) || 819 hci_dev_test_flag(hdev, HCI_CONFIG) || 820 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) && 821 test_bit(HCI_UP, &hdev->flags))) { 822 err = -EBUSY; 823 hci_dev_put(hdev); 824 goto done; 825 } 826 827 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) { 828 err = -EUSERS; 829 hci_dev_put(hdev); 830 goto done; 831 } 832 833 mgmt_index_removed(hdev); 834 835 err = hci_dev_open(hdev->id); 836 if (err) { 837 if (err == -EALREADY) { 838 /* In case the transport is already up and 839 * running, clear the error here. 840 * 841 * This can happen when opening an user 842 * channel and HCI_AUTO_OFF grace period 843 * is still active. 844 */ 845 err = 0; 846 } else { 847 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL); 848 mgmt_index_added(hdev); 849 hci_dev_put(hdev); 850 goto done; 851 } 852 } 853 854 atomic_inc(&hdev->promisc); 855 856 hci_pi(sk)->hdev = hdev; 857 break; 858 859 case HCI_CHANNEL_MONITOR: 860 if (haddr.hci_dev != HCI_DEV_NONE) { 861 err = -EINVAL; 862 goto done; 863 } 864 865 if (!capable(CAP_NET_RAW)) { 866 err = -EPERM; 867 goto done; 868 } 869 870 /* The monitor interface is restricted to CAP_NET_RAW 871 * capabilities and with that implicitly trusted. 872 */ 873 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); 874 875 send_monitor_replay(sk); 876 877 atomic_inc(&monitor_promisc); 878 break; 879 880 default: 881 if (!hci_mgmt_chan_find(haddr.hci_channel)) { 882 err = -EINVAL; 883 goto done; 884 } 885 886 if (haddr.hci_dev != HCI_DEV_NONE) { 887 err = -EINVAL; 888 goto done; 889 } 890 891 /* Users with CAP_NET_ADMIN capabilities are allowed 892 * access to all management commands and events. For 893 * untrusted users the interface is restricted and 894 * also only untrusted events are sent. 895 */ 896 if (capable(CAP_NET_ADMIN)) 897 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); 898 899 /* At the moment the index and unconfigured index events 900 * are enabled unconditionally. Setting them on each 901 * socket when binding keeps this functionality. They 902 * however might be cleared later and then sending of these 903 * events will be disabled, but that is then intentional. 904 * 905 * This also enables generic events that are safe to be 906 * received by untrusted users. Example for such events 907 * are changes to settings, class of device, name etc. 908 */ 909 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) { 910 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS); 911 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 912 hci_sock_set_flag(sk, HCI_MGMT_GENERIC_EVENTS); 913 } 914 break; 915 } 916 917 918 hci_pi(sk)->channel = haddr.hci_channel; 919 sk->sk_state = BT_BOUND; 920 921 done: 922 release_sock(sk); 923 return err; 924 } 925 926 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, 927 int *addr_len, int peer) 928 { 929 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr; 930 struct sock *sk = sock->sk; 931 struct hci_dev *hdev; 932 int err = 0; 933 934 BT_DBG("sock %p sk %p", sock, sk); 935 936 if (peer) 937 return -EOPNOTSUPP; 938 939 lock_sock(sk); 940 941 hdev = hci_pi(sk)->hdev; 942 if (!hdev) { 943 err = -EBADFD; 944 goto done; 945 } 946 947 *addr_len = sizeof(*haddr); 948 haddr->hci_family = AF_BLUETOOTH; 949 haddr->hci_dev = hdev->id; 950 haddr->hci_channel= hci_pi(sk)->channel; 951 952 done: 953 release_sock(sk); 954 return err; 955 } 956 957 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, 958 struct sk_buff *skb) 959 { 960 __u32 mask = hci_pi(sk)->cmsg_mask; 961 962 if (mask & HCI_CMSG_DIR) { 963 int incoming = bt_cb(skb)->incoming; 964 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), 965 &incoming); 966 } 967 968 if (mask & HCI_CMSG_TSTAMP) { 969 #ifdef CONFIG_COMPAT 970 struct compat_timeval ctv; 971 #endif 972 struct timeval tv; 973 void *data; 974 int len; 975 976 skb_get_timestamp(skb, &tv); 977 978 data = &tv; 979 len = sizeof(tv); 980 #ifdef CONFIG_COMPAT 981 if (!COMPAT_USE_64BIT_TIME && 982 (msg->msg_flags & MSG_CMSG_COMPAT)) { 983 ctv.tv_sec = tv.tv_sec; 984 ctv.tv_usec = tv.tv_usec; 985 data = &ctv; 986 len = sizeof(ctv); 987 } 988 #endif 989 990 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data); 991 } 992 } 993 994 static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 995 int flags) 996 { 997 int noblock = flags & MSG_DONTWAIT; 998 struct sock *sk = sock->sk; 999 struct sk_buff *skb; 1000 int copied, err; 1001 1002 BT_DBG("sock %p, sk %p", sock, sk); 1003 1004 if (flags & MSG_OOB) 1005 return -EOPNOTSUPP; 1006 1007 if (sk->sk_state == BT_CLOSED) 1008 return 0; 1009 1010 skb = skb_recv_datagram(sk, flags, noblock, &err); 1011 if (!skb) 1012 return err; 1013 1014 copied = skb->len; 1015 if (len < copied) { 1016 msg->msg_flags |= MSG_TRUNC; 1017 copied = len; 1018 } 1019 1020 skb_reset_transport_header(skb); 1021 err = skb_copy_datagram_msg(skb, 0, msg, copied); 1022 1023 switch (hci_pi(sk)->channel) { 1024 case HCI_CHANNEL_RAW: 1025 hci_sock_cmsg(sk, msg, skb); 1026 break; 1027 case HCI_CHANNEL_USER: 1028 case HCI_CHANNEL_MONITOR: 1029 sock_recv_timestamp(msg, sk, skb); 1030 break; 1031 default: 1032 if (hci_mgmt_chan_find(hci_pi(sk)->channel)) 1033 sock_recv_timestamp(msg, sk, skb); 1034 break; 1035 } 1036 1037 skb_free_datagram(sk, skb); 1038 1039 return err ? : copied; 1040 } 1041 1042 static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, 1043 struct msghdr *msg, size_t msglen) 1044 { 1045 void *buf; 1046 u8 *cp; 1047 struct mgmt_hdr *hdr; 1048 u16 opcode, index, len; 1049 struct hci_dev *hdev = NULL; 1050 const struct hci_mgmt_handler *handler; 1051 bool var_len, no_hdev; 1052 int err; 1053 1054 BT_DBG("got %zu bytes", msglen); 1055 1056 if (msglen < sizeof(*hdr)) 1057 return -EINVAL; 1058 1059 buf = kmalloc(msglen, GFP_KERNEL); 1060 if (!buf) 1061 return -ENOMEM; 1062 1063 if (memcpy_from_msg(buf, msg, msglen)) { 1064 err = -EFAULT; 1065 goto done; 1066 } 1067 1068 hdr = buf; 1069 opcode = __le16_to_cpu(hdr->opcode); 1070 index = __le16_to_cpu(hdr->index); 1071 len = __le16_to_cpu(hdr->len); 1072 1073 if (len != msglen - sizeof(*hdr)) { 1074 err = -EINVAL; 1075 goto done; 1076 } 1077 1078 if (opcode >= chan->handler_count || 1079 chan->handlers[opcode].func == NULL) { 1080 BT_DBG("Unknown op %u", opcode); 1081 err = mgmt_cmd_status(sk, index, opcode, 1082 MGMT_STATUS_UNKNOWN_COMMAND); 1083 goto done; 1084 } 1085 1086 handler = &chan->handlers[opcode]; 1087 1088 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) && 1089 !(handler->flags & HCI_MGMT_UNTRUSTED)) { 1090 err = mgmt_cmd_status(sk, index, opcode, 1091 MGMT_STATUS_PERMISSION_DENIED); 1092 goto done; 1093 } 1094 1095 if (index != MGMT_INDEX_NONE) { 1096 hdev = hci_dev_get(index); 1097 if (!hdev) { 1098 err = mgmt_cmd_status(sk, index, opcode, 1099 MGMT_STATUS_INVALID_INDEX); 1100 goto done; 1101 } 1102 1103 if (hci_dev_test_flag(hdev, HCI_SETUP) || 1104 hci_dev_test_flag(hdev, HCI_CONFIG) || 1105 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { 1106 err = mgmt_cmd_status(sk, index, opcode, 1107 MGMT_STATUS_INVALID_INDEX); 1108 goto done; 1109 } 1110 1111 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) && 1112 !(handler->flags & HCI_MGMT_UNCONFIGURED)) { 1113 err = mgmt_cmd_status(sk, index, opcode, 1114 MGMT_STATUS_INVALID_INDEX); 1115 goto done; 1116 } 1117 } 1118 1119 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV); 1120 if (no_hdev != !hdev) { 1121 err = mgmt_cmd_status(sk, index, opcode, 1122 MGMT_STATUS_INVALID_INDEX); 1123 goto done; 1124 } 1125 1126 var_len = (handler->flags & HCI_MGMT_VAR_LEN); 1127 if ((var_len && len < handler->data_len) || 1128 (!var_len && len != handler->data_len)) { 1129 err = mgmt_cmd_status(sk, index, opcode, 1130 MGMT_STATUS_INVALID_PARAMS); 1131 goto done; 1132 } 1133 1134 if (hdev && chan->hdev_init) 1135 chan->hdev_init(sk, hdev); 1136 1137 cp = buf + sizeof(*hdr); 1138 1139 err = handler->func(sk, hdev, cp, len); 1140 if (err < 0) 1141 goto done; 1142 1143 err = msglen; 1144 1145 done: 1146 if (hdev) 1147 hci_dev_put(hdev); 1148 1149 kfree(buf); 1150 return err; 1151 } 1152 1153 static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1154 size_t len) 1155 { 1156 struct sock *sk = sock->sk; 1157 struct hci_mgmt_chan *chan; 1158 struct hci_dev *hdev; 1159 struct sk_buff *skb; 1160 int err; 1161 1162 BT_DBG("sock %p sk %p", sock, sk); 1163 1164 if (msg->msg_flags & MSG_OOB) 1165 return -EOPNOTSUPP; 1166 1167 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE)) 1168 return -EINVAL; 1169 1170 if (len < 4 || len > HCI_MAX_FRAME_SIZE) 1171 return -EINVAL; 1172 1173 lock_sock(sk); 1174 1175 switch (hci_pi(sk)->channel) { 1176 case HCI_CHANNEL_RAW: 1177 case HCI_CHANNEL_USER: 1178 break; 1179 case HCI_CHANNEL_MONITOR: 1180 err = -EOPNOTSUPP; 1181 goto done; 1182 default: 1183 mutex_lock(&mgmt_chan_list_lock); 1184 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel); 1185 if (chan) 1186 err = hci_mgmt_cmd(chan, sk, msg, len); 1187 else 1188 err = -EINVAL; 1189 1190 mutex_unlock(&mgmt_chan_list_lock); 1191 goto done; 1192 } 1193 1194 hdev = hci_pi(sk)->hdev; 1195 if (!hdev) { 1196 err = -EBADFD; 1197 goto done; 1198 } 1199 1200 if (!test_bit(HCI_UP, &hdev->flags)) { 1201 err = -ENETDOWN; 1202 goto done; 1203 } 1204 1205 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); 1206 if (!skb) 1207 goto done; 1208 1209 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 1210 err = -EFAULT; 1211 goto drop; 1212 } 1213 1214 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data); 1215 skb_pull(skb, 1); 1216 1217 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { 1218 /* No permission check is needed for user channel 1219 * since that gets enforced when binding the socket. 1220 * 1221 * However check that the packet type is valid. 1222 */ 1223 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT && 1224 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT && 1225 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) { 1226 err = -EINVAL; 1227 goto drop; 1228 } 1229 1230 skb_queue_tail(&hdev->raw_q, skb); 1231 queue_work(hdev->workqueue, &hdev->tx_work); 1232 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) { 1233 u16 opcode = get_unaligned_le16(skb->data); 1234 u16 ogf = hci_opcode_ogf(opcode); 1235 u16 ocf = hci_opcode_ocf(opcode); 1236 1237 if (((ogf > HCI_SFLT_MAX_OGF) || 1238 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, 1239 &hci_sec_filter.ocf_mask[ogf])) && 1240 !capable(CAP_NET_RAW)) { 1241 err = -EPERM; 1242 goto drop; 1243 } 1244 1245 if (ogf == 0x3f) { 1246 skb_queue_tail(&hdev->raw_q, skb); 1247 queue_work(hdev->workqueue, &hdev->tx_work); 1248 } else { 1249 /* Stand-alone HCI commands must be flagged as 1250 * single-command requests. 1251 */ 1252 bt_cb(skb)->hci.req_start = true; 1253 1254 skb_queue_tail(&hdev->cmd_q, skb); 1255 queue_work(hdev->workqueue, &hdev->cmd_work); 1256 } 1257 } else { 1258 if (!capable(CAP_NET_RAW)) { 1259 err = -EPERM; 1260 goto drop; 1261 } 1262 1263 if (bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT && 1264 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) { 1265 err = -EINVAL; 1266 goto drop; 1267 } 1268 1269 skb_queue_tail(&hdev->raw_q, skb); 1270 queue_work(hdev->workqueue, &hdev->tx_work); 1271 } 1272 1273 err = len; 1274 1275 done: 1276 release_sock(sk); 1277 return err; 1278 1279 drop: 1280 kfree_skb(skb); 1281 goto done; 1282 } 1283 1284 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, 1285 char __user *optval, unsigned int len) 1286 { 1287 struct hci_ufilter uf = { .opcode = 0 }; 1288 struct sock *sk = sock->sk; 1289 int err = 0, opt = 0; 1290 1291 BT_DBG("sk %p, opt %d", sk, optname); 1292 1293 lock_sock(sk); 1294 1295 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { 1296 err = -EBADFD; 1297 goto done; 1298 } 1299 1300 switch (optname) { 1301 case HCI_DATA_DIR: 1302 if (get_user(opt, (int __user *)optval)) { 1303 err = -EFAULT; 1304 break; 1305 } 1306 1307 if (opt) 1308 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR; 1309 else 1310 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR; 1311 break; 1312 1313 case HCI_TIME_STAMP: 1314 if (get_user(opt, (int __user *)optval)) { 1315 err = -EFAULT; 1316 break; 1317 } 1318 1319 if (opt) 1320 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP; 1321 else 1322 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP; 1323 break; 1324 1325 case HCI_FILTER: 1326 { 1327 struct hci_filter *f = &hci_pi(sk)->filter; 1328 1329 uf.type_mask = f->type_mask; 1330 uf.opcode = f->opcode; 1331 uf.event_mask[0] = *((u32 *) f->event_mask + 0); 1332 uf.event_mask[1] = *((u32 *) f->event_mask + 1); 1333 } 1334 1335 len = min_t(unsigned int, len, sizeof(uf)); 1336 if (copy_from_user(&uf, optval, len)) { 1337 err = -EFAULT; 1338 break; 1339 } 1340 1341 if (!capable(CAP_NET_RAW)) { 1342 uf.type_mask &= hci_sec_filter.type_mask; 1343 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0); 1344 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1); 1345 } 1346 1347 { 1348 struct hci_filter *f = &hci_pi(sk)->filter; 1349 1350 f->type_mask = uf.type_mask; 1351 f->opcode = uf.opcode; 1352 *((u32 *) f->event_mask + 0) = uf.event_mask[0]; 1353 *((u32 *) f->event_mask + 1) = uf.event_mask[1]; 1354 } 1355 break; 1356 1357 default: 1358 err = -ENOPROTOOPT; 1359 break; 1360 } 1361 1362 done: 1363 release_sock(sk); 1364 return err; 1365 } 1366 1367 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, 1368 char __user *optval, int __user *optlen) 1369 { 1370 struct hci_ufilter uf; 1371 struct sock *sk = sock->sk; 1372 int len, opt, err = 0; 1373 1374 BT_DBG("sk %p, opt %d", sk, optname); 1375 1376 if (get_user(len, optlen)) 1377 return -EFAULT; 1378 1379 lock_sock(sk); 1380 1381 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { 1382 err = -EBADFD; 1383 goto done; 1384 } 1385 1386 switch (optname) { 1387 case HCI_DATA_DIR: 1388 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR) 1389 opt = 1; 1390 else 1391 opt = 0; 1392 1393 if (put_user(opt, optval)) 1394 err = -EFAULT; 1395 break; 1396 1397 case HCI_TIME_STAMP: 1398 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP) 1399 opt = 1; 1400 else 1401 opt = 0; 1402 1403 if (put_user(opt, optval)) 1404 err = -EFAULT; 1405 break; 1406 1407 case HCI_FILTER: 1408 { 1409 struct hci_filter *f = &hci_pi(sk)->filter; 1410 1411 memset(&uf, 0, sizeof(uf)); 1412 uf.type_mask = f->type_mask; 1413 uf.opcode = f->opcode; 1414 uf.event_mask[0] = *((u32 *) f->event_mask + 0); 1415 uf.event_mask[1] = *((u32 *) f->event_mask + 1); 1416 } 1417 1418 len = min_t(unsigned int, len, sizeof(uf)); 1419 if (copy_to_user(optval, &uf, len)) 1420 err = -EFAULT; 1421 break; 1422 1423 default: 1424 err = -ENOPROTOOPT; 1425 break; 1426 } 1427 1428 done: 1429 release_sock(sk); 1430 return err; 1431 } 1432 1433 static const struct proto_ops hci_sock_ops = { 1434 .family = PF_BLUETOOTH, 1435 .owner = THIS_MODULE, 1436 .release = hci_sock_release, 1437 .bind = hci_sock_bind, 1438 .getname = hci_sock_getname, 1439 .sendmsg = hci_sock_sendmsg, 1440 .recvmsg = hci_sock_recvmsg, 1441 .ioctl = hci_sock_ioctl, 1442 .poll = datagram_poll, 1443 .listen = sock_no_listen, 1444 .shutdown = sock_no_shutdown, 1445 .setsockopt = hci_sock_setsockopt, 1446 .getsockopt = hci_sock_getsockopt, 1447 .connect = sock_no_connect, 1448 .socketpair = sock_no_socketpair, 1449 .accept = sock_no_accept, 1450 .mmap = sock_no_mmap 1451 }; 1452 1453 static struct proto hci_sk_proto = { 1454 .name = "HCI", 1455 .owner = THIS_MODULE, 1456 .obj_size = sizeof(struct hci_pinfo) 1457 }; 1458 1459 static int hci_sock_create(struct net *net, struct socket *sock, int protocol, 1460 int kern) 1461 { 1462 struct sock *sk; 1463 1464 BT_DBG("sock %p", sock); 1465 1466 if (sock->type != SOCK_RAW) 1467 return -ESOCKTNOSUPPORT; 1468 1469 sock->ops = &hci_sock_ops; 1470 1471 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern); 1472 if (!sk) 1473 return -ENOMEM; 1474 1475 sock_init_data(sock, sk); 1476 1477 sock_reset_flag(sk, SOCK_ZAPPED); 1478 1479 sk->sk_protocol = protocol; 1480 1481 sock->state = SS_UNCONNECTED; 1482 sk->sk_state = BT_OPEN; 1483 1484 bt_sock_link(&hci_sk_list, sk); 1485 return 0; 1486 } 1487 1488 static const struct net_proto_family hci_sock_family_ops = { 1489 .family = PF_BLUETOOTH, 1490 .owner = THIS_MODULE, 1491 .create = hci_sock_create, 1492 }; 1493 1494 int __init hci_sock_init(void) 1495 { 1496 int err; 1497 1498 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr)); 1499 1500 err = proto_register(&hci_sk_proto, 0); 1501 if (err < 0) 1502 return err; 1503 1504 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops); 1505 if (err < 0) { 1506 BT_ERR("HCI socket registration failed"); 1507 goto error; 1508 } 1509 1510 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL); 1511 if (err < 0) { 1512 BT_ERR("Failed to create HCI proc file"); 1513 bt_sock_unregister(BTPROTO_HCI); 1514 goto error; 1515 } 1516 1517 BT_INFO("HCI socket layer initialized"); 1518 1519 return 0; 1520 1521 error: 1522 proto_unregister(&hci_sk_proto); 1523 return err; 1524 } 1525 1526 void hci_sock_cleanup(void) 1527 { 1528 bt_procfs_cleanup(&init_net, "hci"); 1529 bt_sock_unregister(BTPROTO_HCI); 1530 proto_unregister(&hci_sk_proto); 1531 } 1532