xref: /openbmc/linux/net/bluetooth/hci_sock.c (revision b6dcefde)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth HCI sockets. */
26 
27 #include <linux/module.h>
28 
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/workqueue.h>
39 #include <linux/interrupt.h>
40 #include <linux/compat.h>
41 #include <linux/socket.h>
42 #include <linux/ioctl.h>
43 #include <net/sock.h>
44 
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
48 
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 
52 /* ----- HCI socket interface ----- */
53 
54 static inline int hci_test_bit(int nr, void *addr)
55 {
56 	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
57 }
58 
59 /* Security filter */
60 static struct hci_sec_filter hci_sec_filter = {
61 	/* Packet types */
62 	0x10,
63 	/* Events */
64 	{ 0x1000d9fe, 0x0000b00c },
65 	/* Commands */
66 	{
67 		{ 0x0 },
68 		/* OGF_LINK_CTL */
69 		{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
70 		/* OGF_LINK_POLICY */
71 		{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
72 		/* OGF_HOST_CTL */
73 		{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
74 		/* OGF_INFO_PARAM */
75 		{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
76 		/* OGF_STATUS_PARAM */
77 		{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
78 	}
79 };
80 
81 static struct bt_sock_list hci_sk_list = {
82 	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
83 };
84 
85 /* Send frame to RAW socket */
86 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
87 {
88 	struct sock *sk;
89 	struct hlist_node *node;
90 
91 	BT_DBG("hdev %p len %d", hdev, skb->len);
92 
93 	read_lock(&hci_sk_list.lock);
94 	sk_for_each(sk, node, &hci_sk_list.head) {
95 		struct hci_filter *flt;
96 		struct sk_buff *nskb;
97 
98 		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
99 			continue;
100 
101 		/* Don't send frame to the socket it came from */
102 		if (skb->sk == sk)
103 			continue;
104 
105 		/* Apply filter */
106 		flt = &hci_pi(sk)->filter;
107 
108 		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
109 				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
110 			continue;
111 
112 		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
113 			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
114 
115 			if (!hci_test_bit(evt, &flt->event_mask))
116 				continue;
117 
118 			if (flt->opcode &&
119 			    ((evt == HCI_EV_CMD_COMPLETE &&
120 			      flt->opcode !=
121 			      get_unaligned((__le16 *)(skb->data + 3))) ||
122 			     (evt == HCI_EV_CMD_STATUS &&
123 			      flt->opcode !=
124 			      get_unaligned((__le16 *)(skb->data + 4)))))
125 				continue;
126 		}
127 
128 		if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
129 			continue;
130 
131 		/* Put type byte before the data */
132 		memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
133 
134 		if (sock_queue_rcv_skb(sk, nskb))
135 			kfree_skb(nskb);
136 	}
137 	read_unlock(&hci_sk_list.lock);
138 }
139 
140 static int hci_sock_release(struct socket *sock)
141 {
142 	struct sock *sk = sock->sk;
143 	struct hci_dev *hdev;
144 
145 	BT_DBG("sock %p sk %p", sock, sk);
146 
147 	if (!sk)
148 		return 0;
149 
150 	hdev = hci_pi(sk)->hdev;
151 
152 	bt_sock_unlink(&hci_sk_list, sk);
153 
154 	if (hdev) {
155 		atomic_dec(&hdev->promisc);
156 		hci_dev_put(hdev);
157 	}
158 
159 	sock_orphan(sk);
160 
161 	skb_queue_purge(&sk->sk_receive_queue);
162 	skb_queue_purge(&sk->sk_write_queue);
163 
164 	sock_put(sk);
165 	return 0;
166 }
167 
168 /* Ioctls that require bound socket */
169 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
170 {
171 	struct hci_dev *hdev = hci_pi(sk)->hdev;
172 
173 	if (!hdev)
174 		return -EBADFD;
175 
176 	switch (cmd) {
177 	case HCISETRAW:
178 		if (!capable(CAP_NET_ADMIN))
179 			return -EACCES;
180 
181 		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
182 			return -EPERM;
183 
184 		if (arg)
185 			set_bit(HCI_RAW, &hdev->flags);
186 		else
187 			clear_bit(HCI_RAW, &hdev->flags);
188 
189 		return 0;
190 
191 	case HCIGETCONNINFO:
192 		return hci_get_conn_info(hdev, (void __user *) arg);
193 
194 	case HCIGETAUTHINFO:
195 		return hci_get_auth_info(hdev, (void __user *) arg);
196 
197 	default:
198 		if (hdev->ioctl)
199 			return hdev->ioctl(hdev, cmd, arg);
200 		return -EINVAL;
201 	}
202 }
203 
204 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
205 {
206 	struct sock *sk = sock->sk;
207 	void __user *argp = (void __user *) arg;
208 	int err;
209 
210 	BT_DBG("cmd %x arg %lx", cmd, arg);
211 
212 	switch (cmd) {
213 	case HCIGETDEVLIST:
214 		return hci_get_dev_list(argp);
215 
216 	case HCIGETDEVINFO:
217 		return hci_get_dev_info(argp);
218 
219 	case HCIGETCONNLIST:
220 		return hci_get_conn_list(argp);
221 
222 	case HCIDEVUP:
223 		if (!capable(CAP_NET_ADMIN))
224 			return -EACCES;
225 		return hci_dev_open(arg);
226 
227 	case HCIDEVDOWN:
228 		if (!capable(CAP_NET_ADMIN))
229 			return -EACCES;
230 		return hci_dev_close(arg);
231 
232 	case HCIDEVRESET:
233 		if (!capable(CAP_NET_ADMIN))
234 			return -EACCES;
235 		return hci_dev_reset(arg);
236 
237 	case HCIDEVRESTAT:
238 		if (!capable(CAP_NET_ADMIN))
239 			return -EACCES;
240 		return hci_dev_reset_stat(arg);
241 
242 	case HCISETSCAN:
243 	case HCISETAUTH:
244 	case HCISETENCRYPT:
245 	case HCISETPTYPE:
246 	case HCISETLINKPOL:
247 	case HCISETLINKMODE:
248 	case HCISETACLMTU:
249 	case HCISETSCOMTU:
250 		if (!capable(CAP_NET_ADMIN))
251 			return -EACCES;
252 		return hci_dev_cmd(cmd, argp);
253 
254 	case HCIINQUIRY:
255 		return hci_inquiry(argp);
256 
257 	default:
258 		lock_sock(sk);
259 		err = hci_sock_bound_ioctl(sk, cmd, arg);
260 		release_sock(sk);
261 		return err;
262 	}
263 }
264 
265 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
266 {
267 	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
268 	struct sock *sk = sock->sk;
269 	struct hci_dev *hdev = NULL;
270 	int err = 0;
271 
272 	BT_DBG("sock %p sk %p", sock, sk);
273 
274 	if (!haddr || haddr->hci_family != AF_BLUETOOTH)
275 		return -EINVAL;
276 
277 	lock_sock(sk);
278 
279 	if (hci_pi(sk)->hdev) {
280 		err = -EALREADY;
281 		goto done;
282 	}
283 
284 	if (haddr->hci_dev != HCI_DEV_NONE) {
285 		if (!(hdev = hci_dev_get(haddr->hci_dev))) {
286 			err = -ENODEV;
287 			goto done;
288 		}
289 
290 		atomic_inc(&hdev->promisc);
291 	}
292 
293 	hci_pi(sk)->hdev = hdev;
294 	sk->sk_state = BT_BOUND;
295 
296 done:
297 	release_sock(sk);
298 	return err;
299 }
300 
301 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
302 {
303 	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
304 	struct sock *sk = sock->sk;
305 	struct hci_dev *hdev = hci_pi(sk)->hdev;
306 
307 	BT_DBG("sock %p sk %p", sock, sk);
308 
309 	if (!hdev)
310 		return -EBADFD;
311 
312 	lock_sock(sk);
313 
314 	*addr_len = sizeof(*haddr);
315 	haddr->hci_family = AF_BLUETOOTH;
316 	haddr->hci_dev    = hdev->id;
317 
318 	release_sock(sk);
319 	return 0;
320 }
321 
322 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
323 {
324 	__u32 mask = hci_pi(sk)->cmsg_mask;
325 
326 	if (mask & HCI_CMSG_DIR) {
327 		int incoming = bt_cb(skb)->incoming;
328 		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
329 	}
330 
331 	if (mask & HCI_CMSG_TSTAMP) {
332 		struct timeval tv;
333 		void *data;
334 		int len;
335 
336 		skb_get_timestamp(skb, &tv);
337 
338 		data = &tv;
339 		len = sizeof(tv);
340 #ifdef CONFIG_COMPAT
341 		if (msg->msg_flags & MSG_CMSG_COMPAT) {
342 			struct compat_timeval ctv;
343 			ctv.tv_sec = tv.tv_sec;
344 			ctv.tv_usec = tv.tv_usec;
345 			data = &ctv;
346 			len = sizeof(ctv);
347 		}
348 #endif
349 
350 		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
351 	}
352 }
353 
354 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
355 				struct msghdr *msg, size_t len, int flags)
356 {
357 	int noblock = flags & MSG_DONTWAIT;
358 	struct sock *sk = sock->sk;
359 	struct sk_buff *skb;
360 	int copied, err;
361 
362 	BT_DBG("sock %p, sk %p", sock, sk);
363 
364 	if (flags & (MSG_OOB))
365 		return -EOPNOTSUPP;
366 
367 	if (sk->sk_state == BT_CLOSED)
368 		return 0;
369 
370 	if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
371 		return err;
372 
373 	msg->msg_namelen = 0;
374 
375 	copied = skb->len;
376 	if (len < copied) {
377 		msg->msg_flags |= MSG_TRUNC;
378 		copied = len;
379 	}
380 
381 	skb_reset_transport_header(skb);
382 	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
383 
384 	hci_sock_cmsg(sk, msg, skb);
385 
386 	skb_free_datagram(sk, skb);
387 
388 	return err ? : copied;
389 }
390 
391 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
392 			    struct msghdr *msg, size_t len)
393 {
394 	struct sock *sk = sock->sk;
395 	struct hci_dev *hdev;
396 	struct sk_buff *skb;
397 	int err;
398 
399 	BT_DBG("sock %p sk %p", sock, sk);
400 
401 	if (msg->msg_flags & MSG_OOB)
402 		return -EOPNOTSUPP;
403 
404 	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
405 		return -EINVAL;
406 
407 	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
408 		return -EINVAL;
409 
410 	lock_sock(sk);
411 
412 	if (!(hdev = hci_pi(sk)->hdev)) {
413 		err = -EBADFD;
414 		goto done;
415 	}
416 
417 	if (!test_bit(HCI_UP, &hdev->flags)) {
418 		err = -ENETDOWN;
419 		goto done;
420 	}
421 
422 	if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
423 		goto done;
424 
425 	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
426 		err = -EFAULT;
427 		goto drop;
428 	}
429 
430 	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
431 	skb_pull(skb, 1);
432 	skb->dev = (void *) hdev;
433 
434 	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
435 		u16 opcode = get_unaligned_le16(skb->data);
436 		u16 ogf = hci_opcode_ogf(opcode);
437 		u16 ocf = hci_opcode_ocf(opcode);
438 
439 		if (((ogf > HCI_SFLT_MAX_OGF) ||
440 				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
441 					!capable(CAP_NET_RAW)) {
442 			err = -EPERM;
443 			goto drop;
444 		}
445 
446 		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
447 			skb_queue_tail(&hdev->raw_q, skb);
448 			tasklet_schedule(&hdev->tx_task);
449 		} else {
450 			skb_queue_tail(&hdev->cmd_q, skb);
451 			tasklet_schedule(&hdev->cmd_task);
452 		}
453 	} else {
454 		if (!capable(CAP_NET_RAW)) {
455 			err = -EPERM;
456 			goto drop;
457 		}
458 
459 		skb_queue_tail(&hdev->raw_q, skb);
460 		tasklet_schedule(&hdev->tx_task);
461 	}
462 
463 	err = len;
464 
465 done:
466 	release_sock(sk);
467 	return err;
468 
469 drop:
470 	kfree_skb(skb);
471 	goto done;
472 }
473 
474 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
475 {
476 	struct hci_ufilter uf = { .opcode = 0 };
477 	struct sock *sk = sock->sk;
478 	int err = 0, opt = 0;
479 
480 	BT_DBG("sk %p, opt %d", sk, optname);
481 
482 	lock_sock(sk);
483 
484 	switch (optname) {
485 	case HCI_DATA_DIR:
486 		if (get_user(opt, (int __user *)optval)) {
487 			err = -EFAULT;
488 			break;
489 		}
490 
491 		if (opt)
492 			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
493 		else
494 			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
495 		break;
496 
497 	case HCI_TIME_STAMP:
498 		if (get_user(opt, (int __user *)optval)) {
499 			err = -EFAULT;
500 			break;
501 		}
502 
503 		if (opt)
504 			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
505 		else
506 			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
507 		break;
508 
509 	case HCI_FILTER:
510 		{
511 			struct hci_filter *f = &hci_pi(sk)->filter;
512 
513 			uf.type_mask = f->type_mask;
514 			uf.opcode    = f->opcode;
515 			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
516 			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
517 		}
518 
519 		len = min_t(unsigned int, len, sizeof(uf));
520 		if (copy_from_user(&uf, optval, len)) {
521 			err = -EFAULT;
522 			break;
523 		}
524 
525 		if (!capable(CAP_NET_RAW)) {
526 			uf.type_mask &= hci_sec_filter.type_mask;
527 			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
528 			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
529 		}
530 
531 		{
532 			struct hci_filter *f = &hci_pi(sk)->filter;
533 
534 			f->type_mask = uf.type_mask;
535 			f->opcode    = uf.opcode;
536 			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
537 			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
538 		}
539 		break;
540 
541 	default:
542 		err = -ENOPROTOOPT;
543 		break;
544 	}
545 
546 	release_sock(sk);
547 	return err;
548 }
549 
550 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
551 {
552 	struct hci_ufilter uf;
553 	struct sock *sk = sock->sk;
554 	int len, opt;
555 
556 	if (get_user(len, optlen))
557 		return -EFAULT;
558 
559 	switch (optname) {
560 	case HCI_DATA_DIR:
561 		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
562 			opt = 1;
563 		else
564 			opt = 0;
565 
566 		if (put_user(opt, optval))
567 			return -EFAULT;
568 		break;
569 
570 	case HCI_TIME_STAMP:
571 		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
572 			opt = 1;
573 		else
574 			opt = 0;
575 
576 		if (put_user(opt, optval))
577 			return -EFAULT;
578 		break;
579 
580 	case HCI_FILTER:
581 		{
582 			struct hci_filter *f = &hci_pi(sk)->filter;
583 
584 			uf.type_mask = f->type_mask;
585 			uf.opcode    = f->opcode;
586 			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
587 			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
588 		}
589 
590 		len = min_t(unsigned int, len, sizeof(uf));
591 		if (copy_to_user(optval, &uf, len))
592 			return -EFAULT;
593 		break;
594 
595 	default:
596 		return -ENOPROTOOPT;
597 		break;
598 	}
599 
600 	return 0;
601 }
602 
603 static const struct proto_ops hci_sock_ops = {
604 	.family		= PF_BLUETOOTH,
605 	.owner		= THIS_MODULE,
606 	.release	= hci_sock_release,
607 	.bind		= hci_sock_bind,
608 	.getname	= hci_sock_getname,
609 	.sendmsg	= hci_sock_sendmsg,
610 	.recvmsg	= hci_sock_recvmsg,
611 	.ioctl		= hci_sock_ioctl,
612 	.poll		= datagram_poll,
613 	.listen		= sock_no_listen,
614 	.shutdown	= sock_no_shutdown,
615 	.setsockopt	= hci_sock_setsockopt,
616 	.getsockopt	= hci_sock_getsockopt,
617 	.connect	= sock_no_connect,
618 	.socketpair	= sock_no_socketpair,
619 	.accept		= sock_no_accept,
620 	.mmap		= sock_no_mmap
621 };
622 
623 static struct proto hci_sk_proto = {
624 	.name		= "HCI",
625 	.owner		= THIS_MODULE,
626 	.obj_size	= sizeof(struct hci_pinfo)
627 };
628 
629 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
630 			   int kern)
631 {
632 	struct sock *sk;
633 
634 	BT_DBG("sock %p", sock);
635 
636 	if (sock->type != SOCK_RAW)
637 		return -ESOCKTNOSUPPORT;
638 
639 	sock->ops = &hci_sock_ops;
640 
641 	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
642 	if (!sk)
643 		return -ENOMEM;
644 
645 	sock_init_data(sock, sk);
646 
647 	sock_reset_flag(sk, SOCK_ZAPPED);
648 
649 	sk->sk_protocol = protocol;
650 
651 	sock->state = SS_UNCONNECTED;
652 	sk->sk_state = BT_OPEN;
653 
654 	bt_sock_link(&hci_sk_list, sk);
655 	return 0;
656 }
657 
658 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
659 {
660 	struct hci_dev *hdev = (struct hci_dev *) ptr;
661 	struct hci_ev_si_device ev;
662 
663 	BT_DBG("hdev %s event %ld", hdev->name, event);
664 
665 	/* Send event to sockets */
666 	ev.event  = event;
667 	ev.dev_id = hdev->id;
668 	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
669 
670 	if (event == HCI_DEV_UNREG) {
671 		struct sock *sk;
672 		struct hlist_node *node;
673 
674 		/* Detach sockets from device */
675 		read_lock(&hci_sk_list.lock);
676 		sk_for_each(sk, node, &hci_sk_list.head) {
677 			local_bh_disable();
678 			bh_lock_sock_nested(sk);
679 			if (hci_pi(sk)->hdev == hdev) {
680 				hci_pi(sk)->hdev = NULL;
681 				sk->sk_err = EPIPE;
682 				sk->sk_state = BT_OPEN;
683 				sk->sk_state_change(sk);
684 
685 				hci_dev_put(hdev);
686 			}
687 			bh_unlock_sock(sk);
688 			local_bh_enable();
689 		}
690 		read_unlock(&hci_sk_list.lock);
691 	}
692 
693 	return NOTIFY_DONE;
694 }
695 
696 static const struct net_proto_family hci_sock_family_ops = {
697 	.family	= PF_BLUETOOTH,
698 	.owner	= THIS_MODULE,
699 	.create	= hci_sock_create,
700 };
701 
702 static struct notifier_block hci_sock_nblock = {
703 	.notifier_call = hci_sock_dev_event
704 };
705 
706 int __init hci_sock_init(void)
707 {
708 	int err;
709 
710 	err = proto_register(&hci_sk_proto, 0);
711 	if (err < 0)
712 		return err;
713 
714 	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
715 	if (err < 0)
716 		goto error;
717 
718 	hci_register_notifier(&hci_sock_nblock);
719 
720 	BT_INFO("HCI socket layer initialized");
721 
722 	return 0;
723 
724 error:
725 	BT_ERR("HCI socket registration failed");
726 	proto_unregister(&hci_sk_proto);
727 	return err;
728 }
729 
730 void __exit hci_sock_cleanup(void)
731 {
732 	if (bt_sock_unregister(BTPROTO_HCI) < 0)
733 		BT_ERR("HCI socket unregistration failed");
734 
735 	hci_unregister_notifier(&hci_sock_nblock);
736 
737 	proto_unregister(&hci_sk_proto);
738 }
739