blob: c9792ba751221eb643125dcecddbeba1959ce45d [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/major.h>
34#include <linux/sched.h>
35#include <linux/slab.h>
36#include <linux/poll.h>
37#include <linux/fcntl.h>
38#include <linux/init.h>
39#include <linux/skbuff.h>
40#include <linux/workqueue.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/ioctl.h>
44#include <net/sock.h>
45
46#include <asm/system.h>
47#include <asm/uaccess.h>
48#include <asm/unaligned.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52
53#ifndef CONFIG_BT_HCI_SOCK_DEBUG
54#undef BT_DBG
55#define BT_DBG(D...)
56#endif
57
58/* ----- HCI socket interface ----- */
59
60static inline int hci_test_bit(int nr, void *addr)
61{
62 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
63}
64
65/* Security filter */
66static struct hci_sec_filter hci_sec_filter = {
67 /* Packet types */
68 0x10,
69 /* Events */
70 { 0x1000d9fe, 0x0000300c },
71 /* Commands */
72 {
73 { 0x0 },
74 /* OGF_LINK_CTL */
75 { 0xbe000006, 0x00000001, 0x0000, 0x00 },
76 /* OGF_LINK_POLICY */
77 { 0x00005200, 0x00000000, 0x0000, 0x00 },
78 /* OGF_HOST_CTL */
79 { 0xaab00200, 0x2b402aaa, 0x0154, 0x00 },
80 /* OGF_INFO_PARAM */
81 { 0x000002be, 0x00000000, 0x0000, 0x00 },
82 /* OGF_STATUS_PARAM */
83 { 0x000000ea, 0x00000000, 0x0000, 0x00 }
84 }
85};
86
87static struct bt_sock_list hci_sk_list = {
88 .lock = RW_LOCK_UNLOCKED
89};
90
91/* Send frame to RAW socket */
92void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
93{
94 struct sock *sk;
95 struct hlist_node *node;
96
97 BT_DBG("hdev %p len %d", hdev, skb->len);
98
99 read_lock(&hci_sk_list.lock);
100 sk_for_each(sk, node, &hci_sk_list.head) {
101 struct hci_filter *flt;
102 struct sk_buff *nskb;
103
104 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105 continue;
106
107 /* Don't send frame to the socket it came from */
108 if (skb->sk == sk)
109 continue;
110
111 /* Apply filter */
112 flt = &hci_pi(sk)->filter;
113
114 if (!test_bit((skb->pkt_type == HCI_VENDOR_PKT) ?
115 0 : (skb->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
116 continue;
117
118 if (skb->pkt_type == HCI_EVENT_PKT) {
119 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
120
121 if (!hci_test_bit(evt, &flt->event_mask))
122 continue;
123
124 if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
125 flt->opcode != *(__u16 *)(skb->data + 3)) ||
126 (evt == HCI_EV_CMD_STATUS &&
127 flt->opcode != *(__u16 *)(skb->data + 4))))
128 continue;
129 }
130
131 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
132 continue;
133
134 /* Put type byte before the data */
135 memcpy(skb_push(nskb, 1), &nskb->pkt_type, 1);
136
137 if (sock_queue_rcv_skb(sk, nskb))
138 kfree_skb(nskb);
139 }
140 read_unlock(&hci_sk_list.lock);
141}
142
143static int hci_sock_release(struct socket *sock)
144{
145 struct sock *sk = sock->sk;
146 struct hci_dev *hdev = hci_pi(sk)->hdev;
147
148 BT_DBG("sock %p sk %p", sock, sk);
149
150 if (!sk)
151 return 0;
152
153 bt_sock_unlink(&hci_sk_list, sk);
154
155 if (hdev) {
156 atomic_dec(&hdev->promisc);
157 hci_dev_put(hdev);
158 }
159
160 sock_orphan(sk);
161
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
164
165 sock_put(sk);
166 return 0;
167}
168
169/* Ioctls that require bound socket */
170static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
171{
172 struct hci_dev *hdev = hci_pi(sk)->hdev;
173
174 if (!hdev)
175 return -EBADFD;
176
177 switch (cmd) {
178 case HCISETRAW:
179 if (!capable(CAP_NET_ADMIN))
180 return -EACCES;
181
182 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
183 return -EPERM;
184
185 if (arg)
186 set_bit(HCI_RAW, &hdev->flags);
187 else
188 clear_bit(HCI_RAW, &hdev->flags);
189
190 return 0;
191
192 case HCISETSECMGR:
193 if (!capable(CAP_NET_ADMIN))
194 return -EACCES;
195
196 if (arg)
197 set_bit(HCI_SECMGR, &hdev->flags);
198 else
199 clear_bit(HCI_SECMGR, &hdev->flags);
200
201 return 0;
202
203 case HCIGETCONNINFO:
204 return hci_get_conn_info(hdev, (void __user *)arg);
205
206 default:
207 if (hdev->ioctl)
208 return hdev->ioctl(hdev, cmd, arg);
209 return -EINVAL;
210 }
211}
212
213static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
214{
215 struct sock *sk = sock->sk;
216 void __user *argp = (void __user *)arg;
217 int err;
218
219 BT_DBG("cmd %x arg %lx", cmd, arg);
220
221 switch (cmd) {
222 case HCIGETDEVLIST:
223 return hci_get_dev_list(argp);
224
225 case HCIGETDEVINFO:
226 return hci_get_dev_info(argp);
227
228 case HCIGETCONNLIST:
229 return hci_get_conn_list(argp);
230
231 case HCIDEVUP:
232 if (!capable(CAP_NET_ADMIN))
233 return -EACCES;
234 return hci_dev_open(arg);
235
236 case HCIDEVDOWN:
237 if (!capable(CAP_NET_ADMIN))
238 return -EACCES;
239 return hci_dev_close(arg);
240
241 case HCIDEVRESET:
242 if (!capable(CAP_NET_ADMIN))
243 return -EACCES;
244 return hci_dev_reset(arg);
245
246 case HCIDEVRESTAT:
247 if (!capable(CAP_NET_ADMIN))
248 return -EACCES;
249 return hci_dev_reset_stat(arg);
250
251 case HCISETSCAN:
252 case HCISETAUTH:
253 case HCISETENCRYPT:
254 case HCISETPTYPE:
255 case HCISETLINKPOL:
256 case HCISETLINKMODE:
257 case HCISETACLMTU:
258 case HCISETSCOMTU:
259 if (!capable(CAP_NET_ADMIN))
260 return -EACCES;
261 return hci_dev_cmd(cmd, argp);
262
263 case HCIINQUIRY:
264 return hci_inquiry(argp);
265
266 default:
267 lock_sock(sk);
268 err = hci_sock_bound_ioctl(sk, cmd, arg);
269 release_sock(sk);
270 return err;
271 }
272}
273
274static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
275{
276 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
277 struct sock *sk = sock->sk;
278 struct hci_dev *hdev = NULL;
279 int err = 0;
280
281 BT_DBG("sock %p sk %p", sock, sk);
282
283 if (!haddr || haddr->hci_family != AF_BLUETOOTH)
284 return -EINVAL;
285
286 lock_sock(sk);
287
288 if (hci_pi(sk)->hdev) {
289 err = -EALREADY;
290 goto done;
291 }
292
293 if (haddr->hci_dev != HCI_DEV_NONE) {
294 if (!(hdev = hci_dev_get(haddr->hci_dev))) {
295 err = -ENODEV;
296 goto done;
297 }
298
299 atomic_inc(&hdev->promisc);
300 }
301
302 hci_pi(sk)->hdev = hdev;
303 sk->sk_state = BT_BOUND;
304
305done:
306 release_sock(sk);
307 return err;
308}
309
310static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
311{
312 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
313 struct sock *sk = sock->sk;
314
315 BT_DBG("sock %p sk %p", sock, sk);
316
317 lock_sock(sk);
318
319 *addr_len = sizeof(*haddr);
320 haddr->hci_family = AF_BLUETOOTH;
321 haddr->hci_dev = hci_pi(sk)->hdev->id;
322
323 release_sock(sk);
324 return 0;
325}
326
327static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
328{
329 __u32 mask = hci_pi(sk)->cmsg_mask;
330
331 if (mask & HCI_CMSG_DIR)
332 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(int), &bt_cb(skb)->incoming);
333
334 if (mask & HCI_CMSG_TSTAMP)
335 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(skb->stamp), &skb->stamp);
336}
337
338static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
339 struct msghdr *msg, size_t len, int flags)
340{
341 int noblock = flags & MSG_DONTWAIT;
342 struct sock *sk = sock->sk;
343 struct sk_buff *skb;
344 int copied, err;
345
346 BT_DBG("sock %p, sk %p", sock, sk);
347
348 if (flags & (MSG_OOB))
349 return -EOPNOTSUPP;
350
351 if (sk->sk_state == BT_CLOSED)
352 return 0;
353
354 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
355 return err;
356
357 msg->msg_namelen = 0;
358
359 copied = skb->len;
360 if (len < copied) {
361 msg->msg_flags |= MSG_TRUNC;
362 copied = len;
363 }
364
365 skb->h.raw = skb->data;
366 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
367
368 hci_sock_cmsg(sk, msg, skb);
369
370 skb_free_datagram(sk, skb);
371
372 return err ? : copied;
373}
374
375static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
376 struct msghdr *msg, size_t len)
377{
378 struct sock *sk = sock->sk;
379 struct hci_dev *hdev;
380 struct sk_buff *skb;
381 int err;
382
383 BT_DBG("sock %p sk %p", sock, sk);
384
385 if (msg->msg_flags & MSG_OOB)
386 return -EOPNOTSUPP;
387
388 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
389 return -EINVAL;
390
391 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
392 return -EINVAL;
393
394 lock_sock(sk);
395
396 if (!(hdev = hci_pi(sk)->hdev)) {
397 err = -EBADFD;
398 goto done;
399 }
400
401 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
402 goto done;
403
404 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
405 err = -EFAULT;
406 goto drop;
407 }
408
409 skb->pkt_type = *((unsigned char *) skb->data);
410 skb_pull(skb, 1);
411 skb->dev = (void *) hdev;
412
413 if (skb->pkt_type == HCI_COMMAND_PKT) {
414 u16 opcode = __le16_to_cpu(get_unaligned((u16 *)skb->data));
415 u16 ogf = hci_opcode_ogf(opcode);
416 u16 ocf = hci_opcode_ocf(opcode);
417
418 if (((ogf > HCI_SFLT_MAX_OGF) ||
419 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
420 !capable(CAP_NET_RAW)) {
421 err = -EPERM;
422 goto drop;
423 }
424
425 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
426 skb_queue_tail(&hdev->raw_q, skb);
427 hci_sched_tx(hdev);
428 } else {
429 skb_queue_tail(&hdev->cmd_q, skb);
430 hci_sched_cmd(hdev);
431 }
432 } else {
433 if (!capable(CAP_NET_RAW)) {
434 err = -EPERM;
435 goto drop;
436 }
437
438 skb_queue_tail(&hdev->raw_q, skb);
439 hci_sched_tx(hdev);
440 }
441
442 err = len;
443
444done:
445 release_sock(sk);
446 return err;
447
448drop:
449 kfree_skb(skb);
450 goto done;
451}
452
453static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
454{
455 struct hci_ufilter uf = { .opcode = 0 };
456 struct sock *sk = sock->sk;
457 int err = 0, opt = 0;
458
459 BT_DBG("sk %p, opt %d", sk, optname);
460
461 lock_sock(sk);
462
463 switch (optname) {
464 case HCI_DATA_DIR:
465 if (get_user(opt, (int __user *)optval)) {
466 err = -EFAULT;
467 break;
468 }
469
470 if (opt)
471 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
472 else
473 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
474 break;
475
476 case HCI_TIME_STAMP:
477 if (get_user(opt, (int __user *)optval)) {
478 err = -EFAULT;
479 break;
480 }
481
482 if (opt)
483 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
484 else
485 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
486 break;
487
488 case HCI_FILTER:
489 len = min_t(unsigned int, len, sizeof(uf));
490 if (copy_from_user(&uf, optval, len)) {
491 err = -EFAULT;
492 break;
493 }
494
495 if (!capable(CAP_NET_RAW)) {
496 uf.type_mask &= hci_sec_filter.type_mask;
497 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
498 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
499 }
500
501 {
502 struct hci_filter *f = &hci_pi(sk)->filter;
503
504 f->type_mask = uf.type_mask;
505 f->opcode = uf.opcode;
506 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
507 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
508 }
509 break;
510
511 default:
512 err = -ENOPROTOOPT;
513 break;
514 }
515
516 release_sock(sk);
517 return err;
518}
519
520static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
521{
522 struct hci_ufilter uf;
523 struct sock *sk = sock->sk;
524 int len, opt;
525
526 if (get_user(len, optlen))
527 return -EFAULT;
528
529 switch (optname) {
530 case HCI_DATA_DIR:
531 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
532 opt = 1;
533 else
534 opt = 0;
535
536 if (put_user(opt, optval))
537 return -EFAULT;
538 break;
539
540 case HCI_TIME_STAMP:
541 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
542 opt = 1;
543 else
544 opt = 0;
545
546 if (put_user(opt, optval))
547 return -EFAULT;
548 break;
549
550 case HCI_FILTER:
551 {
552 struct hci_filter *f = &hci_pi(sk)->filter;
553
554 uf.type_mask = f->type_mask;
555 uf.opcode = f->opcode;
556 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
557 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
558 }
559
560 len = min_t(unsigned int, len, sizeof(uf));
561 if (copy_to_user(optval, &uf, len))
562 return -EFAULT;
563 break;
564
565 default:
566 return -ENOPROTOOPT;
567 break;
568 }
569
570 return 0;
571}
572
573static struct proto_ops hci_sock_ops = {
574 .family = PF_BLUETOOTH,
575 .owner = THIS_MODULE,
576 .release = hci_sock_release,
577 .bind = hci_sock_bind,
578 .getname = hci_sock_getname,
579 .sendmsg = hci_sock_sendmsg,
580 .recvmsg = hci_sock_recvmsg,
581 .ioctl = hci_sock_ioctl,
582 .poll = datagram_poll,
583 .listen = sock_no_listen,
584 .shutdown = sock_no_shutdown,
585 .setsockopt = hci_sock_setsockopt,
586 .getsockopt = hci_sock_getsockopt,
587 .connect = sock_no_connect,
588 .socketpair = sock_no_socketpair,
589 .accept = sock_no_accept,
590 .mmap = sock_no_mmap
591};
592
593static struct proto hci_sk_proto = {
594 .name = "HCI",
595 .owner = THIS_MODULE,
596 .obj_size = sizeof(struct hci_pinfo)
597};
598
599static int hci_sock_create(struct socket *sock, int protocol)
600{
601 struct sock *sk;
602
603 BT_DBG("sock %p", sock);
604
605 if (sock->type != SOCK_RAW)
606 return -ESOCKTNOSUPPORT;
607
608 sock->ops = &hci_sock_ops;
609
610 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
611 if (!sk)
612 return -ENOMEM;
613
614 sock_init_data(sock, sk);
615
616 sock_reset_flag(sk, SOCK_ZAPPED);
617
618 sk->sk_protocol = protocol;
619
620 sock->state = SS_UNCONNECTED;
621 sk->sk_state = BT_OPEN;
622
623 bt_sock_link(&hci_sk_list, sk);
624 return 0;
625}
626
627static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
628{
629 struct hci_dev *hdev = (struct hci_dev *) ptr;
630 struct hci_ev_si_device ev;
631
632 BT_DBG("hdev %s event %ld", hdev->name, event);
633
634 /* Send event to sockets */
635 ev.event = event;
636 ev.dev_id = hdev->id;
637 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
638
639 if (event == HCI_DEV_UNREG) {
640 struct sock *sk;
641 struct hlist_node *node;
642
643 /* Detach sockets from device */
644 read_lock(&hci_sk_list.lock);
645 sk_for_each(sk, node, &hci_sk_list.head) {
646 bh_lock_sock(sk);
647 if (hci_pi(sk)->hdev == hdev) {
648 hci_pi(sk)->hdev = NULL;
649 sk->sk_err = EPIPE;
650 sk->sk_state = BT_OPEN;
651 sk->sk_state_change(sk);
652
653 hci_dev_put(hdev);
654 }
655 bh_unlock_sock(sk);
656 }
657 read_unlock(&hci_sk_list.lock);
658 }
659
660 return NOTIFY_DONE;
661}
662
663static struct net_proto_family hci_sock_family_ops = {
664 .family = PF_BLUETOOTH,
665 .owner = THIS_MODULE,
666 .create = hci_sock_create,
667};
668
669static struct notifier_block hci_sock_nblock = {
670 .notifier_call = hci_sock_dev_event
671};
672
673int __init hci_sock_init(void)
674{
675 int err;
676
677 err = proto_register(&hci_sk_proto, 0);
678 if (err < 0)
679 return err;
680
681 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
682 if (err < 0)
683 goto error;
684
685 hci_register_notifier(&hci_sock_nblock);
686
687 BT_INFO("HCI socket layer initialized");
688
689 return 0;
690
691error:
692 BT_ERR("HCI socket registration failed");
693 proto_unregister(&hci_sk_proto);
694 return err;
695}
696
697int __exit hci_sock_cleanup(void)
698{
699 if (bt_sock_unregister(BTPROTO_HCI) < 0)
700 BT_ERR("HCI socket unregistration failed");
701
702 hci_unregister_notifier(&hci_sock_nblock);
703
704 proto_unregister(&hci_sk_proto);
705
706 return 0;
707}