search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/nouveau: validate vbios size
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / hci_sock.c
blobd5ace1eda3ed8c3fd06f422bb7cbf340d3187c6c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI sockets. */
26
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_mon.h>
33
34 static atomic_t monitor_promisc = ATOMIC_INIT(0);
35
36 /* ----- HCI socket interface ----- */
37
38 static inline int hci_test_bit(int nr, void *addr)
39 {
40 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
41 }
42
43 /* Security filter */
44 static struct hci_sec_filter hci_sec_filter = {
45 /* Packet types */
46 0x10,
47 /* Events */
48 { 0x1000d9fe, 0x0000b00c },
49 /* Commands */
50 {
51 { 0x0 },
52 /* OGF_LINK_CTL */
53 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
54 /* OGF_LINK_POLICY */
55 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
56 /* OGF_HOST_CTL */
57 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
58 /* OGF_INFO_PARAM */
59 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
60 /* OGF_STATUS_PARAM */
61 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
62 }
63 };
64
65 static struct bt_sock_list hci_sk_list = {
66 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
67 };
68
69 /* Send frame to RAW socket */
70 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
71 {
72 struct sock *sk;
73 struct hlist_node *node;
74 struct sk_buff *skb_copy = NULL;
75
76 BT_DBG("hdev %p len %d", hdev, skb->len);
77
78 read_lock(&hci_sk_list.lock);
79
80 sk_for_each(sk, node, &hci_sk_list.head) {
81 struct hci_filter *flt;
82 struct sk_buff *nskb;
83
84 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
85 continue;
86
87 /* Don't send frame to the socket it came from */
88 if (skb->sk == sk)
89 continue;
90
91 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
92 continue;
93
94 /* Apply filter */
95 flt = &hci_pi(sk)->filter;
96
97 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
98 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS),
99 &flt->type_mask))
100 continue;
101
102 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
103 int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
104
105 if (!hci_test_bit(evt, &flt->event_mask))
106 continue;
107
108 if (flt->opcode &&
109 ((evt == HCI_EV_CMD_COMPLETE &&
110 flt->opcode !=
111 get_unaligned((__le16 *)(skb->data + 3))) ||
112 (evt == HCI_EV_CMD_STATUS &&
113 flt->opcode !=
114 get_unaligned((__le16 *)(skb->data + 4)))))
115 continue;
116 }
117
118 if (!skb_copy) {
119 /* Create a private copy with headroom */
120 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
121 if (!skb_copy)
122 continue;
123
124 /* Put type byte before the data */
125 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
126 }
127
128 nskb = skb_clone(skb_copy, GFP_ATOMIC);
129 if (!nskb)
130 continue;
131
132 if (sock_queue_rcv_skb(sk, nskb))
133 kfree_skb(nskb);
134 }
135
136 read_unlock(&hci_sk_list.lock);
137
138 kfree_skb(skb_copy);
139 }
140
141 /* Send frame to control socket */
142 void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
143 {
144 struct sock *sk;
145 struct hlist_node *node;
146
147 BT_DBG("len %d", skb->len);
148
149 read_lock(&hci_sk_list.lock);
150
151 sk_for_each(sk, node, &hci_sk_list.head) {
152 struct sk_buff *nskb;
153
154 /* Skip the original socket */
155 if (sk == skip_sk)
156 continue;
157
158 if (sk->sk_state != BT_BOUND)
159 continue;
160
161 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
162 continue;
163
164 nskb = skb_clone(skb, GFP_ATOMIC);
165 if (!nskb)
166 continue;
167
168 if (sock_queue_rcv_skb(sk, nskb))
169 kfree_skb(nskb);
170 }
171
172 read_unlock(&hci_sk_list.lock);
173 }
174
175 /* Send frame to monitor socket */
176 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
177 {
178 struct sock *sk;
179 struct hlist_node *node;
180 struct sk_buff *skb_copy = NULL;
181 __le16 opcode;
182
183 if (!atomic_read(&monitor_promisc))
184 return;
185
186 BT_DBG("hdev %p len %d", hdev, skb->len);
187
188 switch (bt_cb(skb)->pkt_type) {
189 case HCI_COMMAND_PKT:
190 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
191 break;
192 case HCI_EVENT_PKT:
193 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
194 break;
195 case HCI_ACLDATA_PKT:
196 if (bt_cb(skb)->incoming)
197 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
198 else
199 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
200 break;
201 case HCI_SCODATA_PKT:
202 if (bt_cb(skb)->incoming)
203 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
204 else
205 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
206 break;
207 default:
208 return;
209 }
210
211 read_lock(&hci_sk_list.lock);
212
213 sk_for_each(sk, node, &hci_sk_list.head) {
214 struct sk_buff *nskb;
215
216 if (sk->sk_state != BT_BOUND)
217 continue;
218
219 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
220 continue;
221
222 if (!skb_copy) {
223 struct hci_mon_hdr *hdr;
224
225 /* Create a private copy with headroom */
226 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE,
227 GFP_ATOMIC);
228 if (!skb_copy)
229 continue;
230
231 /* Put header before the data */
232 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
233 hdr->opcode = opcode;
234 hdr->index = cpu_to_le16(hdev->id);
235 hdr->len = cpu_to_le16(skb->len);
236 }
237
238 nskb = skb_clone(skb_copy, GFP_ATOMIC);
239 if (!nskb)
240 continue;
241
242 if (sock_queue_rcv_skb(sk, nskb))
243 kfree_skb(nskb);
244 }
245
246 read_unlock(&hci_sk_list.lock);
247
248 kfree_skb(skb_copy);
249 }
250
251 static void send_monitor_event(struct sk_buff *skb)
252 {
253 struct sock *sk;
254 struct hlist_node *node;
255
256 BT_DBG("len %d", skb->len);
257
258 read_lock(&hci_sk_list.lock);
259
260 sk_for_each(sk, node, &hci_sk_list.head) {
261 struct sk_buff *nskb;
262
263 if (sk->sk_state != BT_BOUND)
264 continue;
265
266 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
267 continue;
268
269 nskb = skb_clone(skb, GFP_ATOMIC);
270 if (!nskb)
271 continue;
272
273 if (sock_queue_rcv_skb(sk, nskb))
274 kfree_skb(nskb);
275 }
276
277 read_unlock(&hci_sk_list.lock);
278 }
279
280 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
281 {
282 struct hci_mon_hdr *hdr;
283 struct hci_mon_new_index *ni;
284 struct sk_buff *skb;
285 __le16 opcode;
286
287 switch (event) {
288 case HCI_DEV_REG:
289 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
290 if (!skb)
291 return NULL;
292
293 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
294 ni->type = hdev->dev_type;
295 ni->bus = hdev->bus;
296 bacpy(&ni->bdaddr, &hdev->bdaddr);
297 memcpy(ni->name, hdev->name, 8);
298
299 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
300 break;
301
302 case HCI_DEV_UNREG:
303 skb = bt_skb_alloc(0, GFP_ATOMIC);
304 if (!skb)
305 return NULL;
306
307 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
308 break;
309
310 default:
311 return NULL;
312 }
313
314 __net_timestamp(skb);
315
316 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
317 hdr->opcode = opcode;
318 hdr->index = cpu_to_le16(hdev->id);
319 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
320
321 return skb;
322 }
323
324 static void send_monitor_replay(struct sock *sk)
325 {
326 struct hci_dev *hdev;
327
328 read_lock(&hci_dev_list_lock);
329
330 list_for_each_entry(hdev, &hci_dev_list, list) {
331 struct sk_buff *skb;
332
333 skb = create_monitor_event(hdev, HCI_DEV_REG);
334 if (!skb)
335 continue;
336
337 if (sock_queue_rcv_skb(sk, skb))
338 kfree_skb(skb);
339 }
340
341 read_unlock(&hci_dev_list_lock);
342 }
343
344 /* Generate internal stack event */
345 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
346 {
347 struct hci_event_hdr *hdr;
348 struct hci_ev_stack_internal *ev;
349 struct sk_buff *skb;
350
351 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
352 if (!skb)
353 return;
354
355 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
356 hdr->evt = HCI_EV_STACK_INTERNAL;
357 hdr->plen = sizeof(*ev) + dlen;
358
359 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
360 ev->type = type;
361 memcpy(ev->data, data, dlen);
362
363 bt_cb(skb)->incoming = 1;
364 __net_timestamp(skb);
365
366 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
367 skb->dev = (void *) hdev;
368 hci_send_to_sock(hdev, skb);
369 kfree_skb(skb);
370 }
371
372 void hci_sock_dev_event(struct hci_dev *hdev, int event)
373 {
374 struct hci_ev_si_device ev;
375
376 BT_DBG("hdev %s event %d", hdev->name, event);
377
378 /* Send event to monitor */
379 if (atomic_read(&monitor_promisc)) {
380 struct sk_buff *skb;
381
382 skb = create_monitor_event(hdev, event);
383 if (skb) {
384 send_monitor_event(skb);
385 kfree_skb(skb);
386 }
387 }
388
389 /* Send event to sockets */
390 ev.event = event;
391 ev.dev_id = hdev->id;
392 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
393
394 if (event == HCI_DEV_UNREG) {
395 struct sock *sk;
396 struct hlist_node *node;
397
398 /* Detach sockets from device */
399 read_lock(&hci_sk_list.lock);
400 sk_for_each(sk, node, &hci_sk_list.head) {
401 bh_lock_sock_nested(sk);
402 if (hci_pi(sk)->hdev == hdev) {
403 hci_pi(sk)->hdev = NULL;
404 sk->sk_err = EPIPE;
405 sk->sk_state = BT_OPEN;
406 sk->sk_state_change(sk);
407
408 hci_dev_put(hdev);
409 }
410 bh_unlock_sock(sk);
411 }
412 read_unlock(&hci_sk_list.lock);
413 }
414 }
415
416 static int hci_sock_release(struct socket *sock)
417 {
418 struct sock *sk = sock->sk;
419 struct hci_dev *hdev;
420
421 BT_DBG("sock %p sk %p", sock, sk);
422
423 if (!sk)
424 return 0;
425
426 hdev = hci_pi(sk)->hdev;
427
428 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
429 atomic_dec(&monitor_promisc);
430
431 bt_sock_unlink(&hci_sk_list, sk);
432
433 if (hdev) {
434 atomic_dec(&hdev->promisc);
435 hci_dev_put(hdev);
436 }
437
438 sock_orphan(sk);
439
440 skb_queue_purge(&sk->sk_receive_queue);
441 skb_queue_purge(&sk->sk_write_queue);
442
443 sock_put(sk);
444 return 0;
445 }
446
447 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
448 {
449 bdaddr_t bdaddr;
450 int err;
451
452 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
453 return -EFAULT;
454
455 hci_dev_lock(hdev);
456
457 err = hci_blacklist_add(hdev, &bdaddr, 0);
458
459 hci_dev_unlock(hdev);
460
461 return err;
462 }
463
464 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
465 {
466 bdaddr_t bdaddr;
467 int err;
468
469 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
470 return -EFAULT;
471
472 hci_dev_lock(hdev);
473
474 err = hci_blacklist_del(hdev, &bdaddr, 0);
475
476 hci_dev_unlock(hdev);
477
478 return err;
479 }
480
481 /* Ioctls that require bound socket */
482 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
483 unsigned long arg)
484 {
485 struct hci_dev *hdev = hci_pi(sk)->hdev;
486
487 if (!hdev)
488 return -EBADFD;
489
490 switch (cmd) {
491 case HCISETRAW:
492 if (!capable(CAP_NET_ADMIN))
493 return -EPERM;
494
495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
496 return -EPERM;
497
498 if (arg)
499 set_bit(HCI_RAW, &hdev->flags);
500 else
501 clear_bit(HCI_RAW, &hdev->flags);
502
503 return 0;
504
505 case HCIGETCONNINFO:
506 return hci_get_conn_info(hdev, (void __user *) arg);
507
508 case HCIGETAUTHINFO:
509 return hci_get_auth_info(hdev, (void __user *) arg);
510
511 case HCIBLOCKADDR:
512 if (!capable(CAP_NET_ADMIN))
513 return -EPERM;
514 return hci_sock_blacklist_add(hdev, (void __user *) arg);
515
516 case HCIUNBLOCKADDR:
517 if (!capable(CAP_NET_ADMIN))
518 return -EPERM;
519 return hci_sock_blacklist_del(hdev, (void __user *) arg);
520
521 default:
522 if (hdev->ioctl)
523 return hdev->ioctl(hdev, cmd, arg);
524 return -EINVAL;
525 }
526 }
527
528 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
529 unsigned long arg)
530 {
531 struct sock *sk = sock->sk;
532 void __user *argp = (void __user *) arg;
533 int err;
534
535 BT_DBG("cmd %x arg %lx", cmd, arg);
536
537 switch (cmd) {
538 case HCIGETDEVLIST:
539 return hci_get_dev_list(argp);
540
541 case HCIGETDEVINFO:
542 return hci_get_dev_info(argp);
543
544 case HCIGETCONNLIST:
545 return hci_get_conn_list(argp);
546
547 case HCIDEVUP:
548 if (!capable(CAP_NET_ADMIN))
549 return -EPERM;
550 return hci_dev_open(arg);
551
552 case HCIDEVDOWN:
553 if (!capable(CAP_NET_ADMIN))
554 return -EPERM;
555 return hci_dev_close(arg);
556
557 case HCIDEVRESET:
558 if (!capable(CAP_NET_ADMIN))
559 return -EPERM;
560 return hci_dev_reset(arg);
561
562 case HCIDEVRESTAT:
563 if (!capable(CAP_NET_ADMIN))
564 return -EPERM;
565 return hci_dev_reset_stat(arg);
566
567 case HCISETSCAN:
568 case HCISETAUTH:
569 case HCISETENCRYPT:
570 case HCISETPTYPE:
571 case HCISETLINKPOL:
572 case HCISETLINKMODE:
573 case HCISETACLMTU:
574 case HCISETSCOMTU:
575 if (!capable(CAP_NET_ADMIN))
576 return -EPERM;
577 return hci_dev_cmd(cmd, argp);
578
579 case HCIINQUIRY:
580 return hci_inquiry(argp);
581
582 default:
583 lock_sock(sk);
584 err = hci_sock_bound_ioctl(sk, cmd, arg);
585 release_sock(sk);
586 return err;
587 }
588 }
589
590 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
591 int addr_len)
592 {
593 struct sockaddr_hci haddr;
594 struct sock *sk = sock->sk;
595 struct hci_dev *hdev = NULL;
596 int len, err = 0;
597
598 BT_DBG("sock %p sk %p", sock, sk);
599
600 if (!addr)
601 return -EINVAL;
602
603 memset(&haddr, 0, sizeof(haddr));
604 len = min_t(unsigned int, sizeof(haddr), addr_len);
605 memcpy(&haddr, addr, len);
606
607 if (haddr.hci_family != AF_BLUETOOTH)
608 return -EINVAL;
609
610 lock_sock(sk);
611
612 if (sk->sk_state == BT_BOUND) {
613 err = -EALREADY;
614 goto done;
615 }
616
617 switch (haddr.hci_channel) {
618 case HCI_CHANNEL_RAW:
619 if (hci_pi(sk)->hdev) {
620 err = -EALREADY;
621 goto done;
622 }
623
624 if (haddr.hci_dev != HCI_DEV_NONE) {
625 hdev = hci_dev_get(haddr.hci_dev);
626 if (!hdev) {
627 err = -ENODEV;
628 goto done;
629 }
630
631 atomic_inc(&hdev->promisc);
632 }
633
634 hci_pi(sk)->hdev = hdev;
635 break;
636
637 case HCI_CHANNEL_CONTROL:
638 if (haddr.hci_dev != HCI_DEV_NONE) {
639 err = -EINVAL;
640 goto done;
641 }
642
643 if (!capable(CAP_NET_ADMIN)) {
644 err = -EPERM;
645 goto done;
646 }
647
648 break;
649
650 case HCI_CHANNEL_MONITOR:
651 if (haddr.hci_dev != HCI_DEV_NONE) {
652 err = -EINVAL;
653 goto done;
654 }
655
656 if (!capable(CAP_NET_RAW)) {
657 err = -EPERM;
658 goto done;
659 }
660
661 send_monitor_replay(sk);
662
663 atomic_inc(&monitor_promisc);
664 break;
665
666 default:
667 err = -EINVAL;
668 goto done;
669 }
670
671
672 hci_pi(sk)->channel = haddr.hci_channel;
673 sk->sk_state = BT_BOUND;
674
675 done:
676 release_sock(sk);
677 return err;
678 }
679
680 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
681 int *addr_len, int peer)
682 {
683 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
684 struct sock *sk = sock->sk;
685 struct hci_dev *hdev = hci_pi(sk)->hdev;
686
687 BT_DBG("sock %p sk %p", sock, sk);
688
689 if (!hdev)
690 return -EBADFD;
691
692 lock_sock(sk);
693
694 *addr_len = sizeof(*haddr);
695 haddr->hci_family = AF_BLUETOOTH;
696 haddr->hci_dev = hdev->id;
697 haddr->hci_channel= 0;
698
699 release_sock(sk);
700 return 0;
701 }
702
703 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
704 struct sk_buff *skb)
705 {
706 __u32 mask = hci_pi(sk)->cmsg_mask;
707
708 if (mask & HCI_CMSG_DIR) {
709 int incoming = bt_cb(skb)->incoming;
710 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
711 &incoming);
712 }
713
714 if (mask & HCI_CMSG_TSTAMP) {
715 #ifdef CONFIG_COMPAT
716 struct compat_timeval ctv;
717 #endif
718 struct timeval tv;
719 void *data;
720 int len;
721
722 skb_get_timestamp(skb, &tv);
723
724 data = &tv;
725 len = sizeof(tv);
726 #ifdef CONFIG_COMPAT
727 if (!COMPAT_USE_64BIT_TIME &&
728 (msg->msg_flags & MSG_CMSG_COMPAT)) {
729 ctv.tv_sec = tv.tv_sec;
730 ctv.tv_usec = tv.tv_usec;
731 data = &ctv;
732 len = sizeof(ctv);
733 }
734 #endif
735
736 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
737 }
738 }
739
740 static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
741 struct msghdr *msg, size_t len, int flags)
742 {
743 int noblock = flags & MSG_DONTWAIT;
744 struct sock *sk = sock->sk;
745 struct sk_buff *skb;
746 int copied, err;
747
748 BT_DBG("sock %p, sk %p", sock, sk);
749
750 if (flags & (MSG_OOB))
751 return -EOPNOTSUPP;
752
753 if (sk->sk_state == BT_CLOSED)
754 return 0;
755
756 skb = skb_recv_datagram(sk, flags, noblock, &err);
757 if (!skb)
758 return err;
759
760 msg->msg_namelen = 0;
761
762 copied = skb->len;
763 if (len < copied) {
764 msg->msg_flags |= MSG_TRUNC;
765 copied = len;
766 }
767
768 skb_reset_transport_header(skb);
769 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
770
771 switch (hci_pi(sk)->channel) {
772 case HCI_CHANNEL_RAW:
773 hci_sock_cmsg(sk, msg, skb);
774 break;
775 case HCI_CHANNEL_CONTROL:
776 case HCI_CHANNEL_MONITOR:
777 sock_recv_timestamp(msg, sk, skb);
778 break;
779 }
780
781 skb_free_datagram(sk, skb);
782
783 return err ? : copied;
784 }
785
786 static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
787 struct msghdr *msg, size_t len)
788 {
789 struct sock *sk = sock->sk;
790 struct hci_dev *hdev;
791 struct sk_buff *skb;
792 int err;
793
794 BT_DBG("sock %p sk %p", sock, sk);
795
796 if (msg->msg_flags & MSG_OOB)
797 return -EOPNOTSUPP;
798
799 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
800 return -EINVAL;
801
802 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
803 return -EINVAL;
804
805 lock_sock(sk);
806
807 switch (hci_pi(sk)->channel) {
808 case HCI_CHANNEL_RAW:
809 break;
810 case HCI_CHANNEL_CONTROL:
811 err = mgmt_control(sk, msg, len);
812 goto done;
813 case HCI_CHANNEL_MONITOR:
814 err = -EOPNOTSUPP;
815 goto done;
816 default:
817 err = -EINVAL;
818 goto done;
819 }
820
821 hdev = hci_pi(sk)->hdev;
822 if (!hdev) {
823 err = -EBADFD;
824 goto done;
825 }
826
827 if (!test_bit(HCI_UP, &hdev->flags)) {
828 err = -ENETDOWN;
829 goto done;
830 }
831
832 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
833 if (!skb)
834 goto done;
835
836 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
837 err = -EFAULT;
838 goto drop;
839 }
840
841 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
842 skb_pull(skb, 1);
843 skb->dev = (void *) hdev;
844
845 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
846 u16 opcode = get_unaligned_le16(skb->data);
847 u16 ogf = hci_opcode_ogf(opcode);
848 u16 ocf = hci_opcode_ocf(opcode);
849
850 if (((ogf > HCI_SFLT_MAX_OGF) ||
851 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
852 &hci_sec_filter.ocf_mask[ogf])) &&
853 !capable(CAP_NET_RAW)) {
854 err = -EPERM;
855 goto drop;
856 }
857
858 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
859 skb_queue_tail(&hdev->raw_q, skb);
860 queue_work(hdev->workqueue, &hdev->tx_work);
861 } else {
862 skb_queue_tail(&hdev->cmd_q, skb);
863 queue_work(hdev->workqueue, &hdev->cmd_work);
864 }
865 } else {
866 if (!capable(CAP_NET_RAW)) {
867 err = -EPERM;
868 goto drop;
869 }
870
871 skb_queue_tail(&hdev->raw_q, skb);
872 queue_work(hdev->workqueue, &hdev->tx_work);
873 }
874
875 err = len;
876
877 done:
878 release_sock(sk);
879 return err;
880
881 drop:
882 kfree_skb(skb);
883 goto done;
884 }
885
886 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
887 char __user *optval, unsigned int len)
888 {
889 struct hci_ufilter uf = { .opcode = 0 };
890 struct sock *sk = sock->sk;
891 int err = 0, opt = 0;
892
893 BT_DBG("sk %p, opt %d", sk, optname);
894
895 lock_sock(sk);
896
897 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
898 err = -EINVAL;
899 goto done;
900 }
901
902 switch (optname) {
903 case HCI_DATA_DIR:
904 if (get_user(opt, (int __user *)optval)) {
905 err = -EFAULT;
906 break;
907 }
908
909 if (opt)
910 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
911 else
912 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
913 break;
914
915 case HCI_TIME_STAMP:
916 if (get_user(opt, (int __user *)optval)) {
917 err = -EFAULT;
918 break;
919 }
920
921 if (opt)
922 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
923 else
924 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
925 break;
926
927 case HCI_FILTER:
928 {
929 struct hci_filter *f = &hci_pi(sk)->filter;
930
931 uf.type_mask = f->type_mask;
932 uf.opcode = f->opcode;
933 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
934 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
935 }
936
937 len = min_t(unsigned int, len, sizeof(uf));
938 if (copy_from_user(&uf, optval, len)) {
939 err = -EFAULT;
940 break;
941 }
942
943 if (!capable(CAP_NET_RAW)) {
944 uf.type_mask &= hci_sec_filter.type_mask;
945 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
946 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
947 }
948
949 {
950 struct hci_filter *f = &hci_pi(sk)->filter;
951
952 f->type_mask = uf.type_mask;
953 f->opcode = uf.opcode;
954 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
955 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
956 }
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 done:
965 release_sock(sk);
966 return err;
967 }
968
969 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
970 char __user *optval, int __user *optlen)
971 {
972 struct hci_ufilter uf;
973 struct sock *sk = sock->sk;
974 int len, opt, err = 0;
975
976 BT_DBG("sk %p, opt %d", sk, optname);
977
978 if (get_user(len, optlen))
979 return -EFAULT;
980
981 lock_sock(sk);
982
983 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
984 err = -EINVAL;
985 goto done;
986 }
987
988 switch (optname) {
989 case HCI_DATA_DIR:
990 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
991 opt = 1;
992 else
993 opt = 0;
994
995 if (put_user(opt, optval))
996 err = -EFAULT;
997 break;
998
999 case HCI_TIME_STAMP:
1000 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1001 opt = 1;
1002 else
1003 opt = 0;
1004
1005 if (put_user(opt, optval))
1006 err = -EFAULT;
1007 break;
1008
1009 case HCI_FILTER:
1010 {
1011 struct hci_filter *f = &hci_pi(sk)->filter;
1012
1013 memset(&uf, 0, sizeof(uf));
1014 uf.type_mask = f->type_mask;
1015 uf.opcode = f->opcode;
1016 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1017 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1018 }
1019
1020 len = min_t(unsigned int, len, sizeof(uf));
1021 if (copy_to_user(optval, &uf, len))
1022 err = -EFAULT;
1023 break;
1024
1025 default:
1026 err = -ENOPROTOOPT;
1027 break;
1028 }
1029
1030 done:
1031 release_sock(sk);
1032 return err;
1033 }
1034
1035 static const struct proto_ops hci_sock_ops = {
1036 .family = PF_BLUETOOTH,
1037 .owner = THIS_MODULE,
1038 .release = hci_sock_release,
1039 .bind = hci_sock_bind,
1040 .getname = hci_sock_getname,
1041 .sendmsg = hci_sock_sendmsg,
1042 .recvmsg = hci_sock_recvmsg,
1043 .ioctl = hci_sock_ioctl,
1044 .poll = datagram_poll,
1045 .listen = sock_no_listen,
1046 .shutdown = sock_no_shutdown,
1047 .setsockopt = hci_sock_setsockopt,
1048 .getsockopt = hci_sock_getsockopt,
1049 .connect = sock_no_connect,
1050 .socketpair = sock_no_socketpair,
1051 .accept = sock_no_accept,
1052 .mmap = sock_no_mmap
1053 };
1054
1055 static struct proto hci_sk_proto = {
1056 .name = "HCI",
1057 .owner = THIS_MODULE,
1058 .obj_size = sizeof(struct hci_pinfo)
1059 };
1060
1061 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1062 int kern)
1063 {
1064 struct sock *sk;
1065
1066 BT_DBG("sock %p", sock);
1067
1068 if (sock->type != SOCK_RAW)
1069 return -ESOCKTNOSUPPORT;
1070
1071 sock->ops = &hci_sock_ops;
1072
1073 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
1074 if (!sk)
1075 return -ENOMEM;
1076
1077 sock_init_data(sock, sk);
1078
1079 sock_reset_flag(sk, SOCK_ZAPPED);
1080
1081 sk->sk_protocol = protocol;
1082
1083 sock->state = SS_UNCONNECTED;
1084 sk->sk_state = BT_OPEN;
1085
1086 bt_sock_link(&hci_sk_list, sk);
1087 return 0;
1088 }
1089
1090 static const struct net_proto_family hci_sock_family_ops = {
1091 .family = PF_BLUETOOTH,
1092 .owner = THIS_MODULE,
1093 .create = hci_sock_create,
1094 };
1095
1096 int __init hci_sock_init(void)
1097 {
1098 int err;
1099
1100 err = proto_register(&hci_sk_proto, 0);
1101 if (err < 0)
1102 return err;
1103
1104 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1105 if (err < 0)
1106 goto error;
1107
1108 BT_INFO("HCI socket layer initialized");
1109
1110 return 0;
1111
1112 error:
1113 BT_ERR("HCI socket registration failed");
1114 proto_unregister(&hci_sk_proto);
1115 return err;
1116 }
1117
1118 void hci_sock_cleanup(void)
1119 {
1120 if (bt_sock_unregister(BTPROTO_HCI) < 0)
1121 BT_ERR("HCI socket unregistration failed");
1122
1123 proto_unregister(&hci_sk_proto);
1124 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree