search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6.git] / net / bluetooth / hci_sock.c
blobbdb6458c6bd53e049a37041ec46dcdd46a08e545
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI sockets. */
26
27 #include <linux/config.h>
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/capability.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/socket.h>
43 #include <linux/ioctl.h>
44 #include <net/sock.h>
45
46 #include <asm/system.h>
47 #include <asm/uaccess.h>
48 #include <asm/unaligned.h>
49
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
52
53 #ifndef CONFIG_BT_HCI_SOCK_DEBUG
54 #undef BT_DBG
55 #define BT_DBG(D...)
56 #endif
57
58 /* ----- HCI socket interface ----- */
59
60 static inline int hci_test_bit(int nr, void *addr)
61 {
62 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
63 }
64
65 /* Security filter */
66 static struct hci_sec_filter hci_sec_filter = {
67 /* Packet types */
68 0x10,
69 /* Events */
70 { 0x1000d9fe, 0x0000b00c },
71 /* Commands */
72 {
73 { 0x0 },
74 /* OGF_LINK_CTL */
75 { 0xbe000006, 0x00000001, 0x000000, 0x00 },
76 /* OGF_LINK_POLICY */
77 { 0x00005200, 0x00000000, 0x000000, 0x00 },
78 /* OGF_HOST_CTL */
79 { 0xaab00200, 0x2b402aaa, 0x020154, 0x00 },
80 /* OGF_INFO_PARAM */
81 { 0x000002be, 0x00000000, 0x000000, 0x00 },
82 /* OGF_STATUS_PARAM */
83 { 0x000000ea, 0x00000000, 0x000000, 0x00 }
84 }
85 };
86
87 static struct bt_sock_list hci_sk_list = {
88 .lock = RW_LOCK_UNLOCKED
89 };
90
91 /* Send frame to RAW socket */
92 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
93 {
94 struct sock *sk;
95 struct hlist_node *node;
96
97 BT_DBG("hdev %p len %d", hdev, skb->len);
98
99 read_lock(&hci_sk_list.lock);
100 sk_for_each(sk, node, &hci_sk_list.head) {
101 struct hci_filter *flt;
102 struct sk_buff *nskb;
103
104 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105 continue;
106
107 /* Don't send frame to the socket it came from */
108 if (skb->sk == sk)
109 continue;
110
111 /* Apply filter */
112 flt = &hci_pi(sk)->filter;
113
114 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
115 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
116 continue;
117
118 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
119 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
120
121 if (!hci_test_bit(evt, &flt->event_mask))
122 continue;
123
124 if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
125 flt->opcode != *(__u16 *)(skb->data + 3)) ||
126 (evt == HCI_EV_CMD_STATUS &&
127 flt->opcode != *(__u16 *)(skb->data + 4))))
128 continue;
129 }
130
131 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
132 continue;
133
134 /* Put type byte before the data */
135 memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
136
137 if (sock_queue_rcv_skb(sk, nskb))
138 kfree_skb(nskb);
139 }
140 read_unlock(&hci_sk_list.lock);
141 }
142
143 static int hci_sock_release(struct socket *sock)
144 {
145 struct sock *sk = sock->sk;
146 struct hci_dev *hdev = hci_pi(sk)->hdev;
147
148 BT_DBG("sock %p sk %p", sock, sk);
149
150 if (!sk)
151 return 0;
152
153 bt_sock_unlink(&hci_sk_list, sk);
154
155 if (hdev) {
156 atomic_dec(&hdev->promisc);
157 hci_dev_put(hdev);
158 }
159
160 sock_orphan(sk);
161
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
164
165 sock_put(sk);
166 return 0;
167 }
168
169 /* Ioctls that require bound socket */
170 static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
171 {
172 struct hci_dev *hdev = hci_pi(sk)->hdev;
173
174 if (!hdev)
175 return -EBADFD;
176
177 switch (cmd) {
178 case HCISETRAW:
179 if (!capable(CAP_NET_ADMIN))
180 return -EACCES;
181
182 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
183 return -EPERM;
184
185 if (arg)
186 set_bit(HCI_RAW, &hdev->flags);
187 else
188 clear_bit(HCI_RAW, &hdev->flags);
189
190 return 0;
191
192 case HCISETSECMGR:
193 if (!capable(CAP_NET_ADMIN))
194 return -EACCES;
195
196 if (arg)
197 set_bit(HCI_SECMGR, &hdev->flags);
198 else
199 clear_bit(HCI_SECMGR, &hdev->flags);
200
201 return 0;
202
203 case HCIGETCONNINFO:
204 return hci_get_conn_info(hdev, (void __user *)arg);
205
206 default:
207 if (hdev->ioctl)
208 return hdev->ioctl(hdev, cmd, arg);
209 return -EINVAL;
210 }
211 }
212
213 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
214 {
215 struct sock *sk = sock->sk;
216 void __user *argp = (void __user *)arg;
217 int err;
218
219 BT_DBG("cmd %x arg %lx", cmd, arg);
220
221 switch (cmd) {
222 case HCIGETDEVLIST:
223 return hci_get_dev_list(argp);
224
225 case HCIGETDEVINFO:
226 return hci_get_dev_info(argp);
227
228 case HCIGETCONNLIST:
229 return hci_get_conn_list(argp);
230
231 case HCIDEVUP:
232 if (!capable(CAP_NET_ADMIN))
233 return -EACCES;
234 return hci_dev_open(arg);
235
236 case HCIDEVDOWN:
237 if (!capable(CAP_NET_ADMIN))
238 return -EACCES;
239 return hci_dev_close(arg);
240
241 case HCIDEVRESET:
242 if (!capable(CAP_NET_ADMIN))
243 return -EACCES;
244 return hci_dev_reset(arg);
245
246 case HCIDEVRESTAT:
247 if (!capable(CAP_NET_ADMIN))
248 return -EACCES;
249 return hci_dev_reset_stat(arg);
250
251 case HCISETSCAN:
252 case HCISETAUTH:
253 case HCISETENCRYPT:
254 case HCISETPTYPE:
255 case HCISETLINKPOL:
256 case HCISETLINKMODE:
257 case HCISETACLMTU:
258 case HCISETSCOMTU:
259 if (!capable(CAP_NET_ADMIN))
260 return -EACCES;
261 return hci_dev_cmd(cmd, argp);
262
263 case HCIINQUIRY:
264 return hci_inquiry(argp);
265
266 default:
267 lock_sock(sk);
268 err = hci_sock_bound_ioctl(sk, cmd, arg);
269 release_sock(sk);
270 return err;
271 }
272 }
273
274 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
275 {
276 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
277 struct sock *sk = sock->sk;
278 struct hci_dev *hdev = NULL;
279 int err = 0;
280
281 BT_DBG("sock %p sk %p", sock, sk);
282
283 if (!haddr || haddr->hci_family != AF_BLUETOOTH)
284 return -EINVAL;
285
286 lock_sock(sk);
287
288 if (hci_pi(sk)->hdev) {
289 err = -EALREADY;
290 goto done;
291 }
292
293 if (haddr->hci_dev != HCI_DEV_NONE) {
294 if (!(hdev = hci_dev_get(haddr->hci_dev))) {
295 err = -ENODEV;
296 goto done;
297 }
298
299 atomic_inc(&hdev->promisc);
300 }
301
302 hci_pi(sk)->hdev = hdev;
303 sk->sk_state = BT_BOUND;
304
305 done:
306 release_sock(sk);
307 return err;
308 }
309
310 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
311 {
312 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
313 struct sock *sk = sock->sk;
314
315 BT_DBG("sock %p sk %p", sock, sk);
316
317 lock_sock(sk);
318
319 *addr_len = sizeof(*haddr);
320 haddr->hci_family = AF_BLUETOOTH;
321 haddr->hci_dev = hci_pi(sk)->hdev->id;
322
323 release_sock(sk);
324 return 0;
325 }
326
327 static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
328 {
329 __u32 mask = hci_pi(sk)->cmsg_mask;
330
331 if (mask & HCI_CMSG_DIR) {
332 int incoming = bt_cb(skb)->incoming;
333 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
334 }
335
336 if (mask & HCI_CMSG_TSTAMP) {
337 struct timeval tv;
338
339 skb_get_timestamp(skb, &tv);
340 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(tv), &tv);
341 }
342 }
343
344 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
345 struct msghdr *msg, size_t len, int flags)
346 {
347 int noblock = flags & MSG_DONTWAIT;
348 struct sock *sk = sock->sk;
349 struct sk_buff *skb;
350 int copied, err;
351
352 BT_DBG("sock %p, sk %p", sock, sk);
353
354 if (flags & (MSG_OOB))
355 return -EOPNOTSUPP;
356
357 if (sk->sk_state == BT_CLOSED)
358 return 0;
359
360 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
361 return err;
362
363 msg->msg_namelen = 0;
364
365 copied = skb->len;
366 if (len < copied) {
367 msg->msg_flags |= MSG_TRUNC;
368 copied = len;
369 }
370
371 skb->h.raw = skb->data;
372 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
373
374 hci_sock_cmsg(sk, msg, skb);
375
376 skb_free_datagram(sk, skb);
377
378 return err ? : copied;
379 }
380
381 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
382 struct msghdr *msg, size_t len)
383 {
384 struct sock *sk = sock->sk;
385 struct hci_dev *hdev;
386 struct sk_buff *skb;
387 int err;
388
389 BT_DBG("sock %p sk %p", sock, sk);
390
391 if (msg->msg_flags & MSG_OOB)
392 return -EOPNOTSUPP;
393
394 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
395 return -EINVAL;
396
397 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
398 return -EINVAL;
399
400 lock_sock(sk);
401
402 if (!(hdev = hci_pi(sk)->hdev)) {
403 err = -EBADFD;
404 goto done;
405 }
406
407 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
408 goto done;
409
410 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
411 err = -EFAULT;
412 goto drop;
413 }
414
415 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
416 skb_pull(skb, 1);
417 skb->dev = (void *) hdev;
418
419 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
420 u16 opcode = __le16_to_cpu(get_unaligned((__le16 *) skb->data));
421 u16 ogf = hci_opcode_ogf(opcode);
422 u16 ocf = hci_opcode_ocf(opcode);
423
424 if (((ogf > HCI_SFLT_MAX_OGF) ||
425 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
426 !capable(CAP_NET_RAW)) {
427 err = -EPERM;
428 goto drop;
429 }
430
431 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
432 skb_queue_tail(&hdev->raw_q, skb);
433 hci_sched_tx(hdev);
434 } else {
435 skb_queue_tail(&hdev->cmd_q, skb);
436 hci_sched_cmd(hdev);
437 }
438 } else {
439 if (!capable(CAP_NET_RAW)) {
440 err = -EPERM;
441 goto drop;
442 }
443
444 skb_queue_tail(&hdev->raw_q, skb);
445 hci_sched_tx(hdev);
446 }
447
448 err = len;
449
450 done:
451 release_sock(sk);
452 return err;
453
454 drop:
455 kfree_skb(skb);
456 goto done;
457 }
458
459 static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
460 {
461 struct hci_ufilter uf = { .opcode = 0 };
462 struct sock *sk = sock->sk;
463 int err = 0, opt = 0;
464
465 BT_DBG("sk %p, opt %d", sk, optname);
466
467 lock_sock(sk);
468
469 switch (optname) {
470 case HCI_DATA_DIR:
471 if (get_user(opt, (int __user *)optval)) {
472 err = -EFAULT;
473 break;
474 }
475
476 if (opt)
477 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
478 else
479 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
480 break;
481
482 case HCI_TIME_STAMP:
483 if (get_user(opt, (int __user *)optval)) {
484 err = -EFAULT;
485 break;
486 }
487
488 if (opt)
489 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
490 else
491 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
492 break;
493
494 case HCI_FILTER:
495 len = min_t(unsigned int, len, sizeof(uf));
496 if (copy_from_user(&uf, optval, len)) {
497 err = -EFAULT;
498 break;
499 }
500
501 if (!capable(CAP_NET_RAW)) {
502 uf.type_mask &= hci_sec_filter.type_mask;
503 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
504 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
505 }
506
507 {
508 struct hci_filter *f = &hci_pi(sk)->filter;
509
510 f->type_mask = uf.type_mask;
511 f->opcode = uf.opcode;
512 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
513 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
514 }
515 break;
516
517 default:
518 err = -ENOPROTOOPT;
519 break;
520 }
521
522 release_sock(sk);
523 return err;
524 }
525
526 static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
527 {
528 struct hci_ufilter uf;
529 struct sock *sk = sock->sk;
530 int len, opt;
531
532 if (get_user(len, optlen))
533 return -EFAULT;
534
535 switch (optname) {
536 case HCI_DATA_DIR:
537 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
538 opt = 1;
539 else
540 opt = 0;
541
542 if (put_user(opt, optval))
543 return -EFAULT;
544 break;
545
546 case HCI_TIME_STAMP:
547 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
548 opt = 1;
549 else
550 opt = 0;
551
552 if (put_user(opt, optval))
553 return -EFAULT;
554 break;
555
556 case HCI_FILTER:
557 {
558 struct hci_filter *f = &hci_pi(sk)->filter;
559
560 uf.type_mask = f->type_mask;
561 uf.opcode = f->opcode;
562 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
563 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
564 }
565
566 len = min_t(unsigned int, len, sizeof(uf));
567 if (copy_to_user(optval, &uf, len))
568 return -EFAULT;
569 break;
570
571 default:
572 return -ENOPROTOOPT;
573 break;
574 }
575
576 return 0;
577 }
578
579 static const struct proto_ops hci_sock_ops = {
580 .family = PF_BLUETOOTH,
581 .owner = THIS_MODULE,
582 .release = hci_sock_release,
583 .bind = hci_sock_bind,
584 .getname = hci_sock_getname,
585 .sendmsg = hci_sock_sendmsg,
586 .recvmsg = hci_sock_recvmsg,
587 .ioctl = hci_sock_ioctl,
588 .poll = datagram_poll,
589 .listen = sock_no_listen,
590 .shutdown = sock_no_shutdown,
591 .setsockopt = hci_sock_setsockopt,
592 .getsockopt = hci_sock_getsockopt,
593 .connect = sock_no_connect,
594 .socketpair = sock_no_socketpair,
595 .accept = sock_no_accept,
596 .mmap = sock_no_mmap
597 };
598
599 static struct proto hci_sk_proto = {
600 .name = "HCI",
601 .owner = THIS_MODULE,
602 .obj_size = sizeof(struct hci_pinfo)
603 };
604
605 static int hci_sock_create(struct socket *sock, int protocol)
606 {
607 struct sock *sk;
608
609 BT_DBG("sock %p", sock);
610
611 if (sock->type != SOCK_RAW)
612 return -ESOCKTNOSUPPORT;
613
614 sock->ops = &hci_sock_ops;
615
616 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
617 if (!sk)
618 return -ENOMEM;
619
620 sock_init_data(sock, sk);
621
622 sock_reset_flag(sk, SOCK_ZAPPED);
623
624 sk->sk_protocol = protocol;
625
626 sock->state = SS_UNCONNECTED;
627 sk->sk_state = BT_OPEN;
628
629 bt_sock_link(&hci_sk_list, sk);
630 return 0;
631 }
632
633 static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
634 {
635 struct hci_dev *hdev = (struct hci_dev *) ptr;
636 struct hci_ev_si_device ev;
637
638 BT_DBG("hdev %s event %ld", hdev->name, event);
639
640 /* Send event to sockets */
641 ev.event = event;
642 ev.dev_id = hdev->id;
643 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
644
645 if (event == HCI_DEV_UNREG) {
646 struct sock *sk;
647 struct hlist_node *node;
648
649 /* Detach sockets from device */
650 read_lock(&hci_sk_list.lock);
651 sk_for_each(sk, node, &hci_sk_list.head) {
652 bh_lock_sock(sk);
653 if (hci_pi(sk)->hdev == hdev) {
654 hci_pi(sk)->hdev = NULL;
655 sk->sk_err = EPIPE;
656 sk->sk_state = BT_OPEN;
657 sk->sk_state_change(sk);
658
659 hci_dev_put(hdev);
660 }
661 bh_unlock_sock(sk);
662 }
663 read_unlock(&hci_sk_list.lock);
664 }
665
666 return NOTIFY_DONE;
667 }
668
669 static struct net_proto_family hci_sock_family_ops = {
670 .family = PF_BLUETOOTH,
671 .owner = THIS_MODULE,
672 .create = hci_sock_create,
673 };
674
675 static struct notifier_block hci_sock_nblock = {
676 .notifier_call = hci_sock_dev_event
677 };
678
679 int __init hci_sock_init(void)
680 {
681 int err;
682
683 err = proto_register(&hci_sk_proto, 0);
684 if (err < 0)
685 return err;
686
687 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
688 if (err < 0)
689 goto error;
690
691 hci_register_notifier(&hci_sock_nblock);
692
693 BT_INFO("HCI socket layer initialized");
694
695 return 0;
696
697 error:
698 BT_ERR("HCI socket registration failed");
699 proto_unregister(&hci_sk_proto);
700 return err;
701 }
702
703 int __exit hci_sock_cleanup(void)
704 {
705 if (bt_sock_unregister(BTPROTO_HCI) < 0)
706 BT_ERR("HCI socket unregistration failed");
707
708 hci_unregister_notifier(&hci_sock_nblock);
709
710 proto_unregister(&hci_sk_proto);
711
712 return 0;
713 }
Linus' kernel tree