1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* 26 * BlueZ HCI socket layer. 27 * 28 * $Id: hci_sock.c,v 1.1.1.1 2008/10/15 03:27:33 james26_jang Exp $ 29 */ 30 31#include <linux/config.h> 32#include <linux/module.h> 33 34#include <linux/types.h> 35#include <linux/errno.h> 36#include <linux/kernel.h> 37#include <linux/major.h> 38#include <linux/sched.h> 39#include <linux/slab.h> 40#include <linux/poll.h> 41#include <linux/fcntl.h> 42#include <linux/init.h> 43#include <linux/skbuff.h> 44#include <linux/tqueue.h> 45#include <linux/interrupt.h> 46#include <linux/socket.h> 47#include <linux/ioctl.h> 48#include <net/sock.h> 49 50#include <asm/system.h> 51#include <asm/uaccess.h> 52 53#include <net/bluetooth/bluetooth.h> 54#include <net/bluetooth/hci_core.h> 55 56#ifndef HCI_SOCK_DEBUG 57#undef BT_DBG 58#define BT_DBG( A... ) 59#endif 60 61/* ----- HCI socket interface ----- */ 62 63/* Security filter */ 64static struct hci_sec_filter hci_sec_filter = { 65 /* Packet types */ 66 0x10, 67 /* Events */ 68 { 0xd9fe, 0x0 }, 69 /* Commands */ 70 { 71 /* OGF_LINK_CTL */ 72 { 0x2a000002, 0x0, 0x0, 0x0 }, 73 /* OGF_LINK_POLICY */ 74 { 0x1200, 0x0, 0x0, 0x0 }, 75 /* OGF_HOST_CTL */ 76 { 0x80100000, 0xa, 0x0, 0x0 }, 77 /* OGF_INFO_PARAM */ 78 { 0x22a, 0x0, 0x0, 0x0 } 79 } 80}; 81 82static struct bluez_sock_list hci_sk_list = { 83 lock: RW_LOCK_UNLOCKED 84}; 85 86/* Send frame to RAW socket */ 87void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) 88{ 89 struct sock * sk; 90 91 BT_DBG("hdev %p len %d", hdev, skb->len); 92 93 read_lock(&hci_sk_list.lock); 94 for (sk = hci_sk_list.head; sk; sk = sk->next) { 95 struct hci_filter *flt; 96 struct sk_buff *nskb; 97 98 if (sk->state != BT_BOUND || hci_pi(sk)->hdev != hdev) 99 continue; 100 101 /* Don't send frame to the socket it came from */ 102 if (skb->sk == sk) 103 continue; 104 105 /* Apply filter */ 106 flt = &hci_pi(sk)->filter; 107 108 if (!hci_test_bit((skb->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask)) 109 continue; 110 111 if (skb->pkt_type == HCI_EVENT_PKT) { 112 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); 113 114 if (!hci_test_bit(evt, &flt->event_mask)) 115 continue; 116 117 if (flt->opcode && ((evt == EVT_CMD_COMPLETE && 118 flt->opcode != *(__u16 *)(skb->data + 3)) || 119 (evt == EVT_CMD_STATUS && 120 flt->opcode != *(__u16 *)(skb->data + 4)))) 121 continue; 122 } 123 124 if (!(nskb = skb_clone(skb, GFP_ATOMIC))) 125 continue; 126 127 /* Put type byte before the data */ 128 memcpy(skb_push(nskb, 1), &nskb->pkt_type, 1); 129 130 if (sock_queue_rcv_skb(sk, nskb)) 131 kfree_skb(nskb); 132 } 133 read_unlock(&hci_sk_list.lock); 134} 135 136static int hci_sock_release(struct socket *sock) 137{ 138 struct sock *sk = sock->sk; 139 struct hci_dev *hdev = hci_pi(sk)->hdev; 140 141 BT_DBG("sock %p sk %p", sock, sk); 142 143 if (!sk) 144 return 0; 145 146 bluez_sock_unlink(&hci_sk_list, sk); 147 148 if (hdev) { 149 atomic_dec(&hdev->promisc); 150 hci_dev_put(hdev); 151 } 152 153 sock_orphan(sk); 154 155 skb_queue_purge(&sk->receive_queue); 156 skb_queue_purge(&sk->write_queue); 157 158 sock_put(sk); 159 160 MOD_DEC_USE_COUNT; 161 return 0; 162} 163 164/* Ioctls that require bound socket */ 165static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg) 166{ 167 struct hci_dev *hdev = hci_pi(sk)->hdev; 168 169 if (!hdev) 170 return -EBADFD; 171 172 switch (cmd) { 173 case HCISETRAW: 174 if (!capable(CAP_NET_ADMIN)) 175 return -EACCES; 176 177 if (arg) 178 set_bit(HCI_RAW, &hdev->flags); 179 else 180 clear_bit(HCI_RAW, &hdev->flags); 181 182 return 0; 183 184 case HCIGETCONNINFO: 185 return hci_get_conn_info(hdev, arg); 186 187 default: 188 if (hdev->ioctl) 189 return hdev->ioctl(hdev, cmd, arg); 190 return -EINVAL; 191 } 192} 193 194static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 195{ 196 struct sock *sk = sock->sk; 197 int err; 198 199 BT_DBG("cmd %x arg %lx", cmd, arg); 200 201 switch (cmd) { 202 case HCIGETDEVLIST: 203 return hci_get_dev_list(arg); 204 205 case HCIGETDEVINFO: 206 return hci_get_dev_info(arg); 207 208 case HCIGETCONNLIST: 209 return hci_get_conn_list(arg); 210 211 case HCIDEVUP: 212 if (!capable(CAP_NET_ADMIN)) 213 return -EACCES; 214 return hci_dev_open(arg); 215 216 case HCIDEVDOWN: 217 if (!capable(CAP_NET_ADMIN)) 218 return -EACCES; 219 return hci_dev_close(arg); 220 221 case HCIDEVRESET: 222 if (!capable(CAP_NET_ADMIN)) 223 return -EACCES; 224 return hci_dev_reset(arg); 225 226 case HCIDEVRESTAT: 227 if (!capable(CAP_NET_ADMIN)) 228 return -EACCES; 229 return hci_dev_reset_stat(arg); 230 231 case HCISETSCAN: 232 case HCISETAUTH: 233 case HCISETENCRYPT: 234 case HCISETPTYPE: 235 case HCISETLINKPOL: 236 case HCISETLINKMODE: 237 case HCISETACLMTU: 238 case HCISETSCOMTU: 239 if (!capable(CAP_NET_ADMIN)) 240 return -EACCES; 241 return hci_dev_cmd(cmd, arg); 242 243 case HCIINQUIRY: 244 return hci_inquiry(arg); 245 246 default: 247 lock_sock(sk); 248 err = hci_sock_bound_ioctl(sk, cmd, arg); 249 release_sock(sk); 250 return err; 251 }; 252} 253 254static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 255{ 256 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr; 257 struct sock *sk = sock->sk; 258 struct hci_dev *hdev = NULL; 259 int err = 0; 260 261 BT_DBG("sock %p sk %p", sock, sk); 262 263 if (!haddr || haddr->hci_family != AF_BLUETOOTH) 264 return -EINVAL; 265 266 lock_sock(sk); 267 268 if (hci_pi(sk)->hdev) { 269 err = -EALREADY; 270 goto done; 271 } 272 273 if (haddr->hci_dev != HCI_DEV_NONE) { 274 if (!(hdev = hci_dev_get(haddr->hci_dev))) { 275 err = -ENODEV; 276 goto done; 277 } 278 279 atomic_inc(&hdev->promisc); 280 } 281 282 hci_pi(sk)->hdev = hdev; 283 sk->state = BT_BOUND; 284 285done: 286 release_sock(sk); 287 return err; 288} 289 290static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer) 291{ 292 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr; 293 struct sock *sk = sock->sk; 294 295 BT_DBG("sock %p sk %p", sock, sk); 296 297 lock_sock(sk); 298 299 *addr_len = sizeof(*haddr); 300 haddr->hci_family = AF_BLUETOOTH; 301 haddr->hci_dev = hci_pi(sk)->hdev->id; 302 303 release_sock(sk); 304 return 0; 305} 306 307static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb) 308{ 309 __u32 mask = hci_pi(sk)->cmsg_mask; 310 311 if (mask & HCI_CMSG_DIR) 312 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(int), &bluez_cb(skb)->incomming); 313 314 if (mask & HCI_CMSG_TSTAMP) 315 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(skb->stamp), &skb->stamp); 316} 317 318static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len, int flags, struct scm_cookie *scm) 319{ 320 int noblock = flags & MSG_DONTWAIT; 321 struct sock *sk = sock->sk; 322 struct sk_buff *skb; 323 int copied, err; 324 325 BT_DBG("sock %p, sk %p", sock, sk); 326 327 if (flags & (MSG_OOB)) 328 return -EOPNOTSUPP; 329 330 if (sk->state == BT_CLOSED) 331 return 0; 332 333 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err))) 334 return err; 335 336 msg->msg_namelen = 0; 337 338 copied = skb->len; 339 if (len < copied) { 340 msg->msg_flags |= MSG_TRUNC; 341 copied = len; 342 } 343 344 skb->h.raw = skb->data; 345 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 346 347 hci_sock_cmsg(sk, msg, skb); 348 349 skb_free_datagram(sk, skb); 350 351 return err ? : copied; 352} 353 354static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, 355 struct scm_cookie *scm) 356{ 357 struct sock *sk = sock->sk; 358 struct hci_dev *hdev; 359 struct sk_buff *skb; 360 int err; 361 362 BT_DBG("sock %p sk %p", sock, sk); 363 364 if (msg->msg_flags & MSG_OOB) 365 return -EOPNOTSUPP; 366 367 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE)) 368 return -EINVAL; 369 370 if (len < 4) 371 return -EINVAL; 372 373 lock_sock(sk); 374 375 if (!(hdev = hci_pi(sk)->hdev)) { 376 err = -EBADFD; 377 goto done; 378 } 379 380 if (!(skb = bluez_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err))) 381 goto done; 382 383 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { 384 err = -EFAULT; 385 goto drop; 386 } 387 388 skb->pkt_type = *((unsigned char *) skb->data); 389 skb_pull(skb, 1); 390 391 if (!capable(CAP_NET_RAW)) { 392 err = -EPERM; 393 394 if (skb->pkt_type == HCI_COMMAND_PKT) { 395 __u16 opcode = __le16_to_cpu(*(__u16 *)skb->data); 396 __u16 ogf = cmd_opcode_ogf(opcode) - 1; 397 __u16 ocf = cmd_opcode_ocf(opcode) & HCI_FLT_OCF_BITS; 398 399 if (ogf > HCI_SFLT_MAX_OGF || 400 !hci_test_bit(ocf, &hci_sec_filter.ocf_mask[ogf])) 401 goto drop; 402 } else 403 goto drop; 404 } 405 406 /* Send frame to HCI core */ 407 skb->dev = (void *) hdev; 408 hci_send_raw(skb); 409 err = len; 410 411done: 412 release_sock(sk); 413 return err; 414 415drop: 416 kfree_skb(skb); 417 goto done; 418} 419 420int hci_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int len) 421{ 422 struct sock *sk = sock->sk; 423 struct hci_filter flt = { opcode: 0 }; 424 int err = 0, opt = 0; 425 426 BT_DBG("sk %p, opt %d", sk, optname); 427 428 lock_sock(sk); 429 430 switch (optname) { 431 case HCI_DATA_DIR: 432 if (get_user(opt, (int *)optval)) { 433 err = -EFAULT; 434 break; 435 } 436 437 if (opt) 438 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR; 439 else 440 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR; 441 break; 442 443 case HCI_TIME_STAMP: 444 if (get_user(opt, (int *)optval)) { 445 err = -EFAULT; 446 break; 447 } 448 449 if (opt) 450 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP; 451 else 452 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP; 453 break; 454 455 case HCI_FILTER: 456 len = MIN(len, sizeof(struct hci_filter)); 457 if (copy_from_user(&flt, optval, len)) { 458 err = -EFAULT; 459 break; 460 } 461 462 if (!capable(CAP_NET_RAW)) { 463 flt.type_mask &= hci_sec_filter.type_mask; 464 flt.event_mask[0] &= hci_sec_filter.event_mask[0]; 465 flt.event_mask[1] &= hci_sec_filter.event_mask[1]; 466 } 467 468 memcpy(&hci_pi(sk)->filter, &flt, len); 469 break; 470 471 default: 472 err = -ENOPROTOOPT; 473 break; 474 }; 475 476 release_sock(sk); 477 return err; 478} 479 480int hci_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen) 481{ 482 struct sock *sk = sock->sk; 483 int len, opt; 484 485 if (get_user(len, optlen)) 486 return -EFAULT; 487 488 switch (optname) { 489 case HCI_DATA_DIR: 490 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR) 491 opt = 1; 492 else 493 opt = 0; 494 495 if (put_user(opt, optval)) 496 return -EFAULT; 497 break; 498 499 case HCI_TIME_STAMP: 500 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP) 501 opt = 1; 502 else 503 opt = 0; 504 505 if (put_user(opt, optval)) 506 return -EFAULT; 507 break; 508 509 case HCI_FILTER: 510 len = MIN(len, sizeof(struct hci_filter)); 511 if (copy_to_user(optval, &hci_pi(sk)->filter, len)) 512 return -EFAULT; 513 break; 514 515 default: 516 return -ENOPROTOOPT; 517 break; 518 }; 519 520 return 0; 521} 522 523struct proto_ops hci_sock_ops = { 524 family: PF_BLUETOOTH, 525 release: hci_sock_release, 526 bind: hci_sock_bind, 527 getname: hci_sock_getname, 528 sendmsg: hci_sock_sendmsg, 529 recvmsg: hci_sock_recvmsg, 530 ioctl: hci_sock_ioctl, 531 poll: datagram_poll, 532 listen: sock_no_listen, 533 shutdown: sock_no_shutdown, 534 setsockopt: hci_sock_setsockopt, 535 getsockopt: hci_sock_getsockopt, 536 connect: sock_no_connect, 537 socketpair: sock_no_socketpair, 538 accept: sock_no_accept, 539 mmap: sock_no_mmap 540}; 541 542static int hci_sock_create(struct socket *sock, int protocol) 543{ 544 struct sock *sk; 545 546 BT_DBG("sock %p", sock); 547 548 if (sock->type != SOCK_RAW) 549 return -ESOCKTNOSUPPORT; 550 551 sock->ops = &hci_sock_ops; 552 553 if (!(sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, 1))) 554 return -ENOMEM; 555 556 sock->state = SS_UNCONNECTED; 557 sock_init_data(sock, sk); 558 559 memset(&sk->protinfo, 0, sizeof(struct hci_pinfo)); 560 sk->destruct = NULL; 561 sk->protocol = protocol; 562 sk->state = BT_OPEN; 563 564 bluez_sock_link(&hci_sk_list, sk); 565 566 MOD_INC_USE_COUNT; 567 return 0; 568} 569 570static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr) 571{ 572 struct hci_dev *hdev = (struct hci_dev *) ptr; 573 evt_si_device sd; 574 575 BT_DBG("hdev %s event %ld", hdev->name, event); 576 577 /* Send event to sockets */ 578 sd.event = event; 579 sd.dev_id = hdev->id; 580 hci_si_event(NULL, EVT_SI_DEVICE, EVT_SI_DEVICE_SIZE, &sd); 581 582 if (event == HCI_DEV_UNREG) { 583 struct sock *sk; 584 585 /* Detach sockets from device */ 586 read_lock(&hci_sk_list.lock); 587 for (sk = hci_sk_list.head; sk; sk = sk->next) { 588 bh_lock_sock(sk); 589 if (hci_pi(sk)->hdev == hdev) { 590 hci_pi(sk)->hdev = NULL; 591 sk->err = EPIPE; 592 sk->state = BT_OPEN; 593 sk->state_change(sk); 594 595 hci_dev_put(hdev); 596 } 597 bh_unlock_sock(sk); 598 } 599 read_unlock(&hci_sk_list.lock); 600 } 601 602 return NOTIFY_DONE; 603} 604 605struct net_proto_family hci_sock_family_ops = { 606 family: PF_BLUETOOTH, 607 create: hci_sock_create 608}; 609 610struct notifier_block hci_sock_nblock = { 611 notifier_call: hci_sock_dev_event 612}; 613 614int hci_sock_init(void) 615{ 616 if (bluez_sock_register(BTPROTO_HCI, &hci_sock_family_ops)) { 617 BT_ERR("Can't register HCI socket"); 618 return -EPROTO; 619 } 620 621 hci_register_notifier(&hci_sock_nblock); 622 return 0; 623} 624 625int hci_sock_cleanup(void) 626{ 627 if (bluez_sock_unregister(BTPROTO_HCI)) 628 BT_ERR("Can't unregister HCI socket"); 629 630 hci_unregister_notifier(&hci_sock_nblock); 631 return 0; 632} 633