2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/skbuff.h>
38 #include <linux/workqueue.h>
39 #include <linux/interrupt.h>
40 #include <linux/compat.h>
41 #include <linux/socket.h>
42 #include <linux/ioctl.h>
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
52 #ifndef CONFIG_BT_HCI_SOCK_DEBUG
57 /* ----- HCI socket interface ----- */
59 static inline int hci_test_bit(int nr, void *addr)
61 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
65 static struct hci_sec_filter hci_sec_filter = {
69 { 0x1000d9fe, 0x0000b00c },
74 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
76 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
78 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
80 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
81 /* OGF_STATUS_PARAM */
82 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
86 static struct bt_sock_list hci_sk_list = {
87 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
90 /* Send frame to RAW socket */
91 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
94 struct hlist_node *node;
96 BT_DBG("hdev %p len %d", hdev, skb->len);
98 read_lock(&hci_sk_list.lock);
99 sk_for_each(sk, node, &hci_sk_list.head) {
100 struct hci_filter *flt;
101 struct sk_buff *nskb;
103 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
106 /* Don't send frame to the socket it came from */
111 flt = &hci_pi(sk)->filter;
113 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
114 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
117 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
118 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
120 if (!hci_test_bit(evt, &flt->event_mask))
124 ((evt == HCI_EV_CMD_COMPLETE &&
126 get_unaligned((__le16 *)(skb->data + 3))) ||
127 (evt == HCI_EV_CMD_STATUS &&
129 get_unaligned((__le16 *)(skb->data + 4)))))
133 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
136 /* Put type byte before the data */
137 memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
139 if (sock_queue_rcv_skb(sk, nskb))
142 read_unlock(&hci_sk_list.lock);
145 static int hci_sock_release(struct socket *sock)
147 struct sock *sk = sock->sk;
148 struct hci_dev *hdev;
150 BT_DBG("sock %p sk %p", sock, sk);
155 hdev = hci_pi(sk)->hdev;
157 bt_sock_unlink(&hci_sk_list, sk);
160 atomic_dec(&hdev->promisc);
166 skb_queue_purge(&sk->sk_receive_queue);
167 skb_queue_purge(&sk->sk_write_queue);
173 /* Ioctls that require bound socket */
174 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
176 struct hci_dev *hdev = hci_pi(sk)->hdev;
183 if (!capable(CAP_NET_ADMIN))
186 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
190 set_bit(HCI_RAW, &hdev->flags);
192 clear_bit(HCI_RAW, &hdev->flags);
197 return hci_get_conn_info(hdev, (void __user *) arg);
200 return hci_get_auth_info(hdev, (void __user *) arg);
204 return hdev->ioctl(hdev, cmd, arg);
209 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
211 struct sock *sk = sock->sk;
212 void __user *argp = (void __user *) arg;
215 BT_DBG("cmd %x arg %lx", cmd, arg);
219 return hci_get_dev_list(argp);
222 return hci_get_dev_info(argp);
225 return hci_get_conn_list(argp);
228 if (!capable(CAP_NET_ADMIN))
230 return hci_dev_open(arg);
233 if (!capable(CAP_NET_ADMIN))
235 return hci_dev_close(arg);
238 if (!capable(CAP_NET_ADMIN))
240 return hci_dev_reset(arg);
243 if (!capable(CAP_NET_ADMIN))
245 return hci_dev_reset_stat(arg);
255 if (!capable(CAP_NET_ADMIN))
257 return hci_dev_cmd(cmd, argp);
260 return hci_inquiry(argp);
264 err = hci_sock_bound_ioctl(sk, cmd, arg);
270 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
272 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
273 struct sock *sk = sock->sk;
274 struct hci_dev *hdev = NULL;
277 BT_DBG("sock %p sk %p", sock, sk);
279 if (!haddr || haddr->hci_family != AF_BLUETOOTH)
284 if (hci_pi(sk)->hdev) {
289 if (haddr->hci_dev != HCI_DEV_NONE) {
290 if (!(hdev = hci_dev_get(haddr->hci_dev))) {
295 atomic_inc(&hdev->promisc);
298 hci_pi(sk)->hdev = hdev;
299 sk->sk_state = BT_BOUND;
306 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
308 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
309 struct sock *sk = sock->sk;
310 struct hci_dev *hdev = hci_pi(sk)->hdev;
312 BT_DBG("sock %p sk %p", sock, sk);
319 *addr_len = sizeof(*haddr);
320 haddr->hci_family = AF_BLUETOOTH;
321 haddr->hci_dev = hdev->id;
327 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
329 __u32 mask = hci_pi(sk)->cmsg_mask;
331 if (mask & HCI_CMSG_DIR) {
332 int incoming = bt_cb(skb)->incoming;
333 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
336 if (mask & HCI_CMSG_TSTAMP) {
341 skb_get_timestamp(skb, &tv);
346 if (msg->msg_flags & MSG_CMSG_COMPAT) {
347 struct compat_timeval ctv;
348 ctv.tv_sec = tv.tv_sec;
349 ctv.tv_usec = tv.tv_usec;
355 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
359 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
360 struct msghdr *msg, size_t len, int flags)
362 int noblock = flags & MSG_DONTWAIT;
363 struct sock *sk = sock->sk;
367 BT_DBG("sock %p, sk %p", sock, sk);
369 if (flags & (MSG_OOB))
372 if (sk->sk_state == BT_CLOSED)
375 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
378 msg->msg_namelen = 0;
382 msg->msg_flags |= MSG_TRUNC;
386 skb_reset_transport_header(skb);
387 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
389 hci_sock_cmsg(sk, msg, skb);
391 skb_free_datagram(sk, skb);
393 return err ? : copied;
396 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
397 struct msghdr *msg, size_t len)
399 struct sock *sk = sock->sk;
400 struct hci_dev *hdev;
404 BT_DBG("sock %p sk %p", sock, sk);
406 if (msg->msg_flags & MSG_OOB)
409 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
412 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
417 if (!(hdev = hci_pi(sk)->hdev)) {
422 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
425 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
430 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
432 skb->dev = (void *) hdev;
434 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
435 u16 opcode = get_unaligned_le16(skb->data);
436 u16 ogf = hci_opcode_ogf(opcode);
437 u16 ocf = hci_opcode_ocf(opcode);
439 if (((ogf > HCI_SFLT_MAX_OGF) ||
440 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
441 !capable(CAP_NET_RAW)) {
446 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
447 skb_queue_tail(&hdev->raw_q, skb);
450 skb_queue_tail(&hdev->cmd_q, skb);
454 if (!capable(CAP_NET_RAW)) {
459 skb_queue_tail(&hdev->raw_q, skb);
474 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
476 struct hci_ufilter uf = { .opcode = 0 };
477 struct sock *sk = sock->sk;
478 int err = 0, opt = 0;
480 BT_DBG("sk %p, opt %d", sk, optname);
486 if (get_user(opt, (int __user *)optval)) {
492 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
494 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
498 if (get_user(opt, (int __user *)optval)) {
504 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
506 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
511 struct hci_filter *f = &hci_pi(sk)->filter;
513 uf.type_mask = f->type_mask;
514 uf.opcode = f->opcode;
515 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
516 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
519 len = min_t(unsigned int, len, sizeof(uf));
520 if (copy_from_user(&uf, optval, len)) {
525 if (!capable(CAP_NET_RAW)) {
526 uf.type_mask &= hci_sec_filter.type_mask;
527 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
528 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
532 struct hci_filter *f = &hci_pi(sk)->filter;
534 f->type_mask = uf.type_mask;
535 f->opcode = uf.opcode;
536 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
537 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
550 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
552 struct hci_ufilter uf;
553 struct sock *sk = sock->sk;
556 if (get_user(len, optlen))
561 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
566 if (put_user(opt, optval))
571 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
576 if (put_user(opt, optval))
582 struct hci_filter *f = &hci_pi(sk)->filter;
584 uf.type_mask = f->type_mask;
585 uf.opcode = f->opcode;
586 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
587 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
590 len = min_t(unsigned int, len, sizeof(uf));
591 if (copy_to_user(optval, &uf, len))
603 static const struct proto_ops hci_sock_ops = {
604 .family = PF_BLUETOOTH,
605 .owner = THIS_MODULE,
606 .release = hci_sock_release,
607 .bind = hci_sock_bind,
608 .getname = hci_sock_getname,
609 .sendmsg = hci_sock_sendmsg,
610 .recvmsg = hci_sock_recvmsg,
611 .ioctl = hci_sock_ioctl,
612 .poll = datagram_poll,
613 .listen = sock_no_listen,
614 .shutdown = sock_no_shutdown,
615 .setsockopt = hci_sock_setsockopt,
616 .getsockopt = hci_sock_getsockopt,
617 .connect = sock_no_connect,
618 .socketpair = sock_no_socketpair,
619 .accept = sock_no_accept,
623 static struct proto hci_sk_proto = {
625 .owner = THIS_MODULE,
626 .obj_size = sizeof(struct hci_pinfo)
629 static int hci_sock_create(struct net *net, struct socket *sock, int protocol)
633 BT_DBG("sock %p", sock);
635 if (sock->type != SOCK_RAW)
636 return -ESOCKTNOSUPPORT;
638 sock->ops = &hci_sock_ops;
640 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
644 sock_init_data(sock, sk);
646 sock_reset_flag(sk, SOCK_ZAPPED);
648 sk->sk_protocol = protocol;
650 sock->state = SS_UNCONNECTED;
651 sk->sk_state = BT_OPEN;
653 bt_sock_link(&hci_sk_list, sk);
657 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
659 struct hci_dev *hdev = (struct hci_dev *) ptr;
660 struct hci_ev_si_device ev;
662 BT_DBG("hdev %s event %ld", hdev->name, event);
664 /* Send event to sockets */
666 ev.dev_id = hdev->id;
667 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
669 if (event == HCI_DEV_UNREG) {
671 struct hlist_node *node;
673 /* Detach sockets from device */
674 read_lock(&hci_sk_list.lock);
675 sk_for_each(sk, node, &hci_sk_list.head) {
677 bh_lock_sock_nested(sk);
678 if (hci_pi(sk)->hdev == hdev) {
679 hci_pi(sk)->hdev = NULL;
681 sk->sk_state = BT_OPEN;
682 sk->sk_state_change(sk);
689 read_unlock(&hci_sk_list.lock);
695 static struct net_proto_family hci_sock_family_ops = {
696 .family = PF_BLUETOOTH,
697 .owner = THIS_MODULE,
698 .create = hci_sock_create,
701 static struct notifier_block hci_sock_nblock = {
702 .notifier_call = hci_sock_dev_event
705 int __init hci_sock_init(void)
709 err = proto_register(&hci_sk_proto, 0);
713 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
717 hci_register_notifier(&hci_sock_nblock);
719 BT_INFO("HCI socket layer initialized");
724 BT_ERR("HCI socket registration failed");
725 proto_unregister(&hci_sk_proto);
729 void __exit hci_sock_cleanup(void)
731 if (bt_sock_unregister(BTPROTO_HCI) < 0)
732 BT_ERR("HCI socket unregistration failed");
734 hci_unregister_notifier(&hci_sock_nblock);
736 proto_unregister(&hci_sk_proto);