2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
27 #include <linux/config.h>
28 #include <linux/module.h>
30 #include <linux/types.h>
31 #include <linux/capability.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/socket.h>
43 #include <linux/ioctl.h>
46 #include <asm/system.h>
47 #include <asm/uaccess.h>
48 #include <asm/unaligned.h>
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
53 #ifndef CONFIG_BT_HCI_SOCK_DEBUG
58 /* ----- HCI socket interface ----- */
60 static inline int hci_test_bit(int nr, void *addr)
62 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
66 static struct hci_sec_filter hci_sec_filter = {
70 { 0x1000d9fe, 0x0000b00c },
75 { 0xbe000006, 0x00000001, 0x000000, 0x00 },
77 { 0x00005200, 0x00000000, 0x000000, 0x00 },
79 { 0xaab00200, 0x2b402aaa, 0x020154, 0x00 },
81 { 0x000002be, 0x00000000, 0x000000, 0x00 },
82 /* OGF_STATUS_PARAM */
83 { 0x000000ea, 0x00000000, 0x000000, 0x00 }
87 static struct bt_sock_list hci_sk_list = {
88 .lock = RW_LOCK_UNLOCKED
91 /* Send frame to RAW socket */
92 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hlist_node *node;
97 BT_DBG("hdev %p len %d", hdev, skb->len);
99 read_lock(&hci_sk_list.lock);
100 sk_for_each(sk, node, &hci_sk_list.head) {
101 struct hci_filter *flt;
102 struct sk_buff *nskb;
104 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
107 /* Don't send frame to the socket it came from */
112 flt = &hci_pi(sk)->filter;
114 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
115 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
118 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
119 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
121 if (!hci_test_bit(evt, &flt->event_mask))
124 if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
125 flt->opcode != *(__u16 *)(skb->data + 3)) ||
126 (evt == HCI_EV_CMD_STATUS &&
127 flt->opcode != *(__u16 *)(skb->data + 4))))
131 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
134 /* Put type byte before the data */
135 memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
137 if (sock_queue_rcv_skb(sk, nskb))
140 read_unlock(&hci_sk_list.lock);
143 static int hci_sock_release(struct socket *sock)
145 struct sock *sk = sock->sk;
146 struct hci_dev *hdev = hci_pi(sk)->hdev;
148 BT_DBG("sock %p sk %p", sock, sk);
153 bt_sock_unlink(&hci_sk_list, sk);
156 atomic_dec(&hdev->promisc);
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
169 /* Ioctls that require bound socket */
170 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
172 struct hci_dev *hdev = hci_pi(sk)->hdev;
179 if (!capable(CAP_NET_ADMIN))
182 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
186 set_bit(HCI_RAW, &hdev->flags);
188 clear_bit(HCI_RAW, &hdev->flags);
193 if (!capable(CAP_NET_ADMIN))
197 set_bit(HCI_SECMGR, &hdev->flags);
199 clear_bit(HCI_SECMGR, &hdev->flags);
204 return hci_get_conn_info(hdev, (void __user *)arg);
208 return hdev->ioctl(hdev, cmd, arg);
213 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
215 struct sock *sk = sock->sk;
216 void __user *argp = (void __user *)arg;
219 BT_DBG("cmd %x arg %lx", cmd, arg);
223 return hci_get_dev_list(argp);
226 return hci_get_dev_info(argp);
229 return hci_get_conn_list(argp);
232 if (!capable(CAP_NET_ADMIN))
234 return hci_dev_open(arg);
237 if (!capable(CAP_NET_ADMIN))
239 return hci_dev_close(arg);
242 if (!capable(CAP_NET_ADMIN))
244 return hci_dev_reset(arg);
247 if (!capable(CAP_NET_ADMIN))
249 return hci_dev_reset_stat(arg);
259 if (!capable(CAP_NET_ADMIN))
261 return hci_dev_cmd(cmd, argp);
264 return hci_inquiry(argp);
268 err = hci_sock_bound_ioctl(sk, cmd, arg);
274 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
276 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
277 struct sock *sk = sock->sk;
278 struct hci_dev *hdev = NULL;
281 BT_DBG("sock %p sk %p", sock, sk);
283 if (!haddr || haddr->hci_family != AF_BLUETOOTH)
288 if (hci_pi(sk)->hdev) {
293 if (haddr->hci_dev != HCI_DEV_NONE) {
294 if (!(hdev = hci_dev_get(haddr->hci_dev))) {
299 atomic_inc(&hdev->promisc);
302 hci_pi(sk)->hdev = hdev;
303 sk->sk_state = BT_BOUND;
310 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
312 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
313 struct sock *sk = sock->sk;
315 BT_DBG("sock %p sk %p", sock, sk);
319 *addr_len = sizeof(*haddr);
320 haddr->hci_family = AF_BLUETOOTH;
321 haddr->hci_dev = hci_pi(sk)->hdev->id;
327 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
329 __u32 mask = hci_pi(sk)->cmsg_mask;
331 if (mask & HCI_CMSG_DIR) {
332 int incoming = bt_cb(skb)->incoming;
333 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
336 if (mask & HCI_CMSG_TSTAMP) {
339 skb_get_timestamp(skb, &tv);
340 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(tv), &tv);
344 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
345 struct msghdr *msg, size_t len, int flags)
347 int noblock = flags & MSG_DONTWAIT;
348 struct sock *sk = sock->sk;
352 BT_DBG("sock %p, sk %p", sock, sk);
354 if (flags & (MSG_OOB))
357 if (sk->sk_state == BT_CLOSED)
360 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
363 msg->msg_namelen = 0;
367 msg->msg_flags |= MSG_TRUNC;
371 skb->h.raw = skb->data;
372 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
374 hci_sock_cmsg(sk, msg, skb);
376 skb_free_datagram(sk, skb);
378 return err ? : copied;
381 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
382 struct msghdr *msg, size_t len)
384 struct sock *sk = sock->sk;
385 struct hci_dev *hdev;
389 BT_DBG("sock %p sk %p", sock, sk);
391 if (msg->msg_flags & MSG_OOB)
394 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
397 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
402 if (!(hdev = hci_pi(sk)->hdev)) {
407 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
410 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
415 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
417 skb->dev = (void *) hdev;
419 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
420 u16 opcode = __le16_to_cpu(get_unaligned((__le16 *) skb->data));
421 u16 ogf = hci_opcode_ogf(opcode);
422 u16 ocf = hci_opcode_ocf(opcode);
424 if (((ogf > HCI_SFLT_MAX_OGF) ||
425 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
426 !capable(CAP_NET_RAW)) {
431 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
432 skb_queue_tail(&hdev->raw_q, skb);
435 skb_queue_tail(&hdev->cmd_q, skb);
439 if (!capable(CAP_NET_RAW)) {
444 skb_queue_tail(&hdev->raw_q, skb);
459 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
461 struct hci_ufilter uf = { .opcode = 0 };
462 struct sock *sk = sock->sk;
463 int err = 0, opt = 0;
465 BT_DBG("sk %p, opt %d", sk, optname);
471 if (get_user(opt, (int __user *)optval)) {
477 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
479 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
483 if (get_user(opt, (int __user *)optval)) {
489 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
491 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
495 len = min_t(unsigned int, len, sizeof(uf));
496 if (copy_from_user(&uf, optval, len)) {
501 if (!capable(CAP_NET_RAW)) {
502 uf.type_mask &= hci_sec_filter.type_mask;
503 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
504 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
508 struct hci_filter *f = &hci_pi(sk)->filter;
510 f->type_mask = uf.type_mask;
511 f->opcode = uf.opcode;
512 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
513 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
526 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
528 struct hci_ufilter uf;
529 struct sock *sk = sock->sk;
532 if (get_user(len, optlen))
537 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
542 if (put_user(opt, optval))
547 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
552 if (put_user(opt, optval))
558 struct hci_filter *f = &hci_pi(sk)->filter;
560 uf.type_mask = f->type_mask;
561 uf.opcode = f->opcode;
562 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
563 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
566 len = min_t(unsigned int, len, sizeof(uf));
567 if (copy_to_user(optval, &uf, len))
579 static const struct proto_ops hci_sock_ops = {
580 .family = PF_BLUETOOTH,
581 .owner = THIS_MODULE,
582 .release = hci_sock_release,
583 .bind = hci_sock_bind,
584 .getname = hci_sock_getname,
585 .sendmsg = hci_sock_sendmsg,
586 .recvmsg = hci_sock_recvmsg,
587 .ioctl = hci_sock_ioctl,
588 .poll = datagram_poll,
589 .listen = sock_no_listen,
590 .shutdown = sock_no_shutdown,
591 .setsockopt = hci_sock_setsockopt,
592 .getsockopt = hci_sock_getsockopt,
593 .connect = sock_no_connect,
594 .socketpair = sock_no_socketpair,
595 .accept = sock_no_accept,
599 static struct proto hci_sk_proto = {
601 .owner = THIS_MODULE,
602 .obj_size = sizeof(struct hci_pinfo)
605 static int hci_sock_create(struct socket *sock, int protocol)
609 BT_DBG("sock %p", sock);
611 if (sock->type != SOCK_RAW)
612 return -ESOCKTNOSUPPORT;
614 sock->ops = &hci_sock_ops;
616 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
620 sock_init_data(sock, sk);
622 sock_reset_flag(sk, SOCK_ZAPPED);
624 sk->sk_protocol = protocol;
626 sock->state = SS_UNCONNECTED;
627 sk->sk_state = BT_OPEN;
629 bt_sock_link(&hci_sk_list, sk);
633 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
635 struct hci_dev *hdev = (struct hci_dev *) ptr;
636 struct hci_ev_si_device ev;
638 BT_DBG("hdev %s event %ld", hdev->name, event);
640 /* Send event to sockets */
642 ev.dev_id = hdev->id;
643 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
645 if (event == HCI_DEV_UNREG) {
647 struct hlist_node *node;
649 /* Detach sockets from device */
650 read_lock(&hci_sk_list.lock);
651 sk_for_each(sk, node, &hci_sk_list.head) {
653 if (hci_pi(sk)->hdev == hdev) {
654 hci_pi(sk)->hdev = NULL;
656 sk->sk_state = BT_OPEN;
657 sk->sk_state_change(sk);
663 read_unlock(&hci_sk_list.lock);
669 static struct net_proto_family hci_sock_family_ops = {
670 .family = PF_BLUETOOTH,
671 .owner = THIS_MODULE,
672 .create = hci_sock_create,
675 static struct notifier_block hci_sock_nblock = {
676 .notifier_call = hci_sock_dev_event
679 int __init hci_sock_init(void)
683 err = proto_register(&hci_sk_proto, 0);
687 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
691 hci_register_notifier(&hci_sock_nblock);
693 BT_INFO("HCI socket layer initialized");
698 BT_ERR("HCI socket registration failed");
699 proto_unregister(&hci_sk_proto);
703 int __exit hci_sock_cleanup(void)
705 if (bt_sock_unregister(BTPROTO_HCI) < 0)
706 BT_ERR("HCI socket unregistration failed");
708 hci_unregister_notifier(&hci_sock_nblock);
710 proto_unregister(&hci_sk_proto);