~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/hci_sock.c

Version: ~ [ linux-6.0-rc6 ] ~ [ linux-5.19.10 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.69 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.144 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.214 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.259 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.294 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.329 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4 
  5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  6 
  7    This program is free software; you can redistribute it and/or modify
  8    it under the terms of the GNU General Public License version 2 as
  9    published by the Free Software Foundation;
 10 
 11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 19 
 20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 22    SOFTWARE IS DISCLAIMED.
 23 */
 24 
 25 /* Bluetooth HCI sockets. */
 26 
 27 #include <linux/export.h>
 28 #include <asm/unaligned.h>
 29 
 30 #include <net/bluetooth/bluetooth.h>
 31 #include <net/bluetooth/hci_core.h>
 32 #include <net/bluetooth/hci_mon.h>
 33 #include <net/bluetooth/mgmt.h>
 34 
 35 #include "mgmt_util.h"
 36 
 37 static LIST_HEAD(mgmt_chan_list);
 38 static DEFINE_MUTEX(mgmt_chan_list_lock);
 39 
 40 static atomic_t monitor_promisc = ATOMIC_INIT(0);
 41 
 42 /* ----- HCI socket interface ----- */
 43 
 44 /* Socket info */
 45 #define hci_pi(sk) ((struct hci_pinfo *) sk)
 46 
 47 struct hci_pinfo {
 48         struct bt_sock    bt;
 49         struct hci_dev    *hdev;
 50         struct hci_filter filter;
 51         __u32             cmsg_mask;
 52         unsigned short    channel;
 53         unsigned long     flags;
 54 };
 55 
 56 void hci_sock_set_flag(struct sock *sk, int nr)
 57 {
 58         set_bit(nr, &hci_pi(sk)->flags);
 59 }
 60 
 61 void hci_sock_clear_flag(struct sock *sk, int nr)
 62 {
 63         clear_bit(nr, &hci_pi(sk)->flags);
 64 }
 65 
 66 int hci_sock_test_flag(struct sock *sk, int nr)
 67 {
 68         return test_bit(nr, &hci_pi(sk)->flags);
 69 }
 70 
 71 unsigned short hci_sock_get_channel(struct sock *sk)
 72 {
 73         return hci_pi(sk)->channel;
 74 }
 75 
 76 static inline int hci_test_bit(int nr, const void *addr)
 77 {
 78         return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
 79 }
 80 
 81 /* Security filter */
 82 #define HCI_SFLT_MAX_OGF  5
 83 
 84 struct hci_sec_filter {
 85         __u32 type_mask;
 86         __u32 event_mask[2];
 87         __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
 88 };
 89 
 90 static const struct hci_sec_filter hci_sec_filter = {
 91         /* Packet types */
 92         0x10,
 93         /* Events */
 94         { 0x1000d9fe, 0x0000b00c },
 95         /* Commands */
 96         {
 97                 { 0x0 },
 98                 /* OGF_LINK_CTL */
 99                 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
100                 /* OGF_LINK_POLICY */
101                 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
102                 /* OGF_HOST_CTL */
103                 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
104                 /* OGF_INFO_PARAM */
105                 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
106                 /* OGF_STATUS_PARAM */
107                 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
108         }
109 };
110 
111 static struct bt_sock_list hci_sk_list = {
112         .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
113 };
114 
115 static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
116 {
117         struct hci_filter *flt;
118         int flt_type, flt_event;
119 
120         /* Apply filter */
121         flt = &hci_pi(sk)->filter;
122 
123         if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT)
124                 flt_type = 0;
125         else
126                 flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS;
127 
128         if (!test_bit(flt_type, &flt->type_mask))
129                 return true;
130 
131         /* Extra filter for event packets only */
132         if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT)
133                 return false;
134 
135         flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
136 
137         if (!hci_test_bit(flt_event, &flt->event_mask))
138                 return true;
139 
140         /* Check filter only when opcode is set */
141         if (!flt->opcode)
142                 return false;
143 
144         if (flt_event == HCI_EV_CMD_COMPLETE &&
145             flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
146                 return true;
147 
148         if (flt_event == HCI_EV_CMD_STATUS &&
149             flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
150                 return true;
151 
152         return false;
153 }
154 
155 /* Send frame to RAW socket */
156 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
157 {
158         struct sock *sk;
159         struct sk_buff *skb_copy = NULL;
160 
161         BT_DBG("hdev %p len %d", hdev, skb->len);
162 
163         read_lock(&hci_sk_list.lock);
164 
165         sk_for_each(sk, &hci_sk_list.head) {
166                 struct sk_buff *nskb;
167 
168                 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
169                         continue;
170 
171                 /* Don't send frame to the socket it came from */
172                 if (skb->sk == sk)
173                         continue;
174 
175                 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
176                         if (is_filtered_packet(sk, skb))
177                                 continue;
178                 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
179                         if (!bt_cb(skb)->incoming)
180                                 continue;
181                         if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
182                             bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
183                             bt_cb(skb)->pkt_type != HCI_SCODATA_PKT)
184                                 continue;
185                 } else {
186                         /* Don't send frame to other channel types */
187                         continue;
188                 }
189 
190                 if (!skb_copy) {
191                         /* Create a private copy with headroom */
192                         skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
193                         if (!skb_copy)
194                                 continue;
195 
196                         /* Put type byte before the data */
197                         memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
198                 }
199 
200                 nskb = skb_clone(skb_copy, GFP_ATOMIC);
201                 if (!nskb)
202                         continue;
203 
204                 if (sock_queue_rcv_skb(sk, nskb))
205                         kfree_skb(nskb);
206         }
207 
208         read_unlock(&hci_sk_list.lock);
209 
210         kfree_skb(skb_copy);
211 }
212 
213 /* Send frame to sockets with specific channel */
214 void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
215                          int flag, struct sock *skip_sk)
216 {
217         struct sock *sk;
218 
219         BT_DBG("channel %u len %d", channel, skb->len);
220 
221         read_lock(&hci_sk_list.lock);
222 
223         sk_for_each(sk, &hci_sk_list.head) {
224                 struct sk_buff *nskb;
225 
226                 /* Ignore socket without the flag set */
227                 if (!hci_sock_test_flag(sk, flag))
228                         continue;
229 
230                 /* Skip the original socket */
231                 if (sk == skip_sk)
232                         continue;
233 
234                 if (sk->sk_state != BT_BOUND)
235                         continue;
236 
237                 if (hci_pi(sk)->channel != channel)
238                         continue;
239 
240                 nskb = skb_clone(skb, GFP_ATOMIC);
241                 if (!nskb)
242                         continue;
243 
244                 if (sock_queue_rcv_skb(sk, nskb))
245                         kfree_skb(nskb);
246         }
247 
248         read_unlock(&hci_sk_list.lock);
249 }
250 
251 /* Send frame to monitor socket */
252 void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
253 {
254         struct sk_buff *skb_copy = NULL;
255         struct hci_mon_hdr *hdr;
256         __le16 opcode;
257 
258         if (!atomic_read(&monitor_promisc))
259                 return;
260 
261         BT_DBG("hdev %p len %d", hdev, skb->len);
262 
263         switch (bt_cb(skb)->pkt_type) {
264         case HCI_COMMAND_PKT:
265                 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
266                 break;
267         case HCI_EVENT_PKT:
268                 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
269                 break;
270         case HCI_ACLDATA_PKT:
271                 if (bt_cb(skb)->incoming)
272                         opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
273                 else
274                         opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
275                 break;
276         case HCI_SCODATA_PKT:
277                 if (bt_cb(skb)->incoming)
278                         opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
279                 else
280                         opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
281                 break;
282         default:
283                 return;
284         }
285 
286         /* Create a private copy with headroom */
287         skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
288         if (!skb_copy)
289                 return;
290 
291         /* Put header before the data */
292         hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
293         hdr->opcode = opcode;
294         hdr->index = cpu_to_le16(hdev->id);
295         hdr->len = cpu_to_le16(skb->len);
296 
297         hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
298                             HCI_SOCK_TRUSTED, NULL);
299         kfree_skb(skb_copy);
300 }
301 
302 static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
303 {
304         struct hci_mon_hdr *hdr;
305         struct hci_mon_new_index *ni;
306         struct sk_buff *skb;
307         __le16 opcode;
308 
309         switch (event) {
310         case HCI_DEV_REG:
311                 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
312                 if (!skb)
313                         return NULL;
314 
315                 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
316                 ni->type = hdev->dev_type;
317                 ni->bus = hdev->bus;
318                 bacpy(&ni->bdaddr, &hdev->bdaddr);
319                 memcpy(ni->name, hdev->name, 8);
320 
321                 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
322                 break;
323 
324         case HCI_DEV_UNREG:
325                 skb = bt_skb_alloc(0, GFP_ATOMIC);
326                 if (!skb)
327                         return NULL;
328 
329                 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
330                 break;
331 
332         default:
333                 return NULL;
334         }
335 
336         __net_timestamp(skb);
337 
338         hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
339         hdr->opcode = opcode;
340         hdr->index = cpu_to_le16(hdev->id);
341         hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
342 
343         return skb;
344 }
345 
346 static void send_monitor_replay(struct sock *sk)
347 {
348         struct hci_dev *hdev;
349 
350         read_lock(&hci_dev_list_lock);
351 
352         list_for_each_entry(hdev, &hci_dev_list, list) {
353                 struct sk_buff *skb;
354 
355                 skb = create_monitor_event(hdev, HCI_DEV_REG);
356                 if (!skb)
357                         continue;
358 
359                 if (sock_queue_rcv_skb(sk, skb))
360                         kfree_skb(skb);
361         }
362 
363         read_unlock(&hci_dev_list_lock);
364 }
365 
366 /* Generate internal stack event */
367 static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
368 {
369         struct hci_event_hdr *hdr;
370         struct hci_ev_stack_internal *ev;
371         struct sk_buff *skb;
372 
373         skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
374         if (!skb)
375                 return;
376 
377         hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
378         hdr->evt  = HCI_EV_STACK_INTERNAL;
379         hdr->plen = sizeof(*ev) + dlen;
380 
381         ev  = (void *) skb_put(skb, sizeof(*ev) + dlen);
382         ev->type = type;
383         memcpy(ev->data, data, dlen);
384 
385         bt_cb(skb)->incoming = 1;
386         __net_timestamp(skb);
387 
388         bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
389         hci_send_to_sock(hdev, skb);
390         kfree_skb(skb);
391 }
392 
393 void hci_sock_dev_event(struct hci_dev *hdev, int event)
394 {
395         struct hci_ev_si_device ev;
396 
397         BT_DBG("hdev %s event %d", hdev->name, event);
398 
399         /* Send event to monitor */
400         if (atomic_read(&monitor_promisc)) {
401                 struct sk_buff *skb;
402 
403                 skb = create_monitor_event(hdev, event);
404                 if (skb) {
405                         hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
406                                             HCI_SOCK_TRUSTED, NULL);
407                         kfree_skb(skb);
408                 }
409         }
410 
411         /* Send event to sockets */
412         ev.event  = event;
413         ev.dev_id = hdev->id;
414         hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
415 
416         if (event == HCI_DEV_UNREG) {
417                 struct sock *sk;
418 
419                 /* Detach sockets from device */
420                 read_lock(&hci_sk_list.lock);
421                 sk_for_each(sk, &hci_sk_list.head) {
422                         bh_lock_sock_nested(sk);
423                         if (hci_pi(sk)->hdev == hdev) {
424                                 hci_pi(sk)->hdev = NULL;
425                                 sk->sk_err = EPIPE;
426                                 sk->sk_state = BT_OPEN;
427                                 sk->sk_state_change(sk);
428 
429                                 hci_dev_put(hdev);
430                         }
431                         bh_unlock_sock(sk);
432                 }
433                 read_unlock(&hci_sk_list.lock);
434         }
435 }
436 
437 static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
438 {
439         struct hci_mgmt_chan *c;
440 
441         list_for_each_entry(c, &mgmt_chan_list, list) {
442                 if (c->channel == channel)
443                         return c;
444         }
445 
446         return NULL;
447 }
448 
449 static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
450 {
451         struct hci_mgmt_chan *c;
452 
453         mutex_lock(&mgmt_chan_list_lock);
454         c = __hci_mgmt_chan_find(channel);
455         mutex_unlock(&mgmt_chan_list_lock);
456 
457         return c;
458 }
459 
460 int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
461 {
462         if (c->channel < HCI_CHANNEL_CONTROL)
463                 return -EINVAL;
464 
465         mutex_lock(&mgmt_chan_list_lock);
466         if (__hci_mgmt_chan_find(c->channel)) {
467                 mutex_unlock(&mgmt_chan_list_lock);
468                 return -EALREADY;
469         }
470 
471         list_add_tail(&c->list, &mgmt_chan_list);
472 
473         mutex_unlock(&mgmt_chan_list_lock);
474 
475         return 0;
476 }
477 EXPORT_SYMBOL(hci_mgmt_chan_register);
478 
479 void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
480 {
481         mutex_lock(&mgmt_chan_list_lock);
482         list_del(&c->list);
483         mutex_unlock(&mgmt_chan_list_lock);
484 }
485 EXPORT_SYMBOL(hci_mgmt_chan_unregister);
486 
487 static int hci_sock_release(struct socket *sock)
488 {
489         struct sock *sk = sock->sk;
490         struct hci_dev *hdev;
491 
492         BT_DBG("sock %p sk %p", sock, sk);
493 
494         if (!sk)
495                 return 0;
496 
497         hdev = hci_pi(sk)->hdev;
498 
499         if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
500                 atomic_dec(&monitor_promisc);
501 
502         bt_sock_unlink(&hci_sk_list, sk);
503 
504         if (hdev) {
505                 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
506                         hci_dev_close(hdev->id);
507                         hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
508                         mgmt_index_added(hdev);
509                 }
510 
511                 atomic_dec(&hdev->promisc);
512                 hci_dev_put(hdev);
513         }
514 
515         sock_orphan(sk);
516 
517         skb_queue_purge(&sk->sk_receive_queue);
518         skb_queue_purge(&sk->sk_write_queue);
519 
520         sock_put(sk);
521         return 0;
522 }
523 
524 static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
525 {
526         bdaddr_t bdaddr;
527         int err;
528 
529         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
530                 return -EFAULT;
531 
532         hci_dev_lock(hdev);
533 
534         err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
535 
536         hci_dev_unlock(hdev);
537 
538         return err;
539 }
540 
541 static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
542 {
543         bdaddr_t bdaddr;
544         int err;
545 
546         if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
547                 return -EFAULT;
548 
549         hci_dev_lock(hdev);
550 
551         err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
552 
553         hci_dev_unlock(hdev);
554 
555         return err;
556 }
557 
558 /* Ioctls that require bound socket */
559 static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
560                                 unsigned long arg)
561 {
562         struct hci_dev *hdev = hci_pi(sk)->hdev;
563 
564         if (!hdev)
565                 return -EBADFD;
566 
567         if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
568                 return -EBUSY;
569 
570         if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
571                 return -EOPNOTSUPP;
572 
573         if (hdev->dev_type != HCI_BREDR)
574                 return -EOPNOTSUPP;
575 
576         switch (cmd) {
577         case HCISETRAW:
578                 if (!capable(CAP_NET_ADMIN))
579                         return -EPERM;
580                 return -EOPNOTSUPP;
581 
582         case HCIGETCONNINFO:
583                 return hci_get_conn_info(hdev, (void __user *) arg);
584 
585         case HCIGETAUTHINFO:
586                 return hci_get_auth_info(hdev, (void __user *) arg);
587 
588         case HCIBLOCKADDR:
589                 if (!capable(CAP_NET_ADMIN))
590                         return -EPERM;
591                 return hci_sock_blacklist_add(hdev, (void __user *) arg);
592 
593         case HCIUNBLOCKADDR:
594                 if (!capable(CAP_NET_ADMIN))
595                         return -EPERM;
596                 return hci_sock_blacklist_del(hdev, (void __user *) arg);
597         }
598 
599         return -ENOIOCTLCMD;
600 }
601 
602 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
603                           unsigned long arg)
604 {
605         void __user *argp = (void __user *) arg;
606         struct sock *sk = sock->sk;
607         int err;
608 
609         BT_DBG("cmd %x arg %lx", cmd, arg);
610 
611         lock_sock(sk);
612 
613         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
614                 err = -EBADFD;
615                 goto done;
616         }
617 
618         release_sock(sk);
619 
620         switch (cmd) {
621         case HCIGETDEVLIST:
622                 return hci_get_dev_list(argp);
623 
624         case HCIGETDEVINFO:
625                 return hci_get_dev_info(argp);
626 
627         case HCIGETCONNLIST:
628                 return hci_get_conn_list(argp);
629 
630         case HCIDEVUP:
631                 if (!capable(CAP_NET_ADMIN))
632                         return -EPERM;
633                 return hci_dev_open(arg);
634 
635         case HCIDEVDOWN:
636                 if (!capable(CAP_NET_ADMIN))
637                         return -EPERM;
638                 return hci_dev_close(arg);
639 
640         case HCIDEVRESET:
641                 if (!capable(CAP_NET_ADMIN))
642                         return -EPERM;
643                 return hci_dev_reset(arg);
644 
645         case HCIDEVRESTAT:
646                 if (!capable(CAP_NET_ADMIN))
647                         return -EPERM;
648                 return hci_dev_reset_stat(arg);
649 
650         case HCISETSCAN:
651         case HCISETAUTH:
652         case HCISETENCRYPT:
653         case HCISETPTYPE:
654         case HCISETLINKPOL:
655         case HCISETLINKMODE:
656         case HCISETACLMTU:
657         case HCISETSCOMTU:
658                 if (!capable(CAP_NET_ADMIN))
659                         return -EPERM;
660                 return hci_dev_cmd(cmd, argp);
661 
662         case HCIINQUIRY:
663                 return hci_inquiry(argp);
664         }
665 
666         lock_sock(sk);
667 
668         err = hci_sock_bound_ioctl(sk, cmd, arg);
669 
670 done:
671         release_sock(sk);
672         return err;
673 }
674 
675 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
676                          int addr_len)
677 {
678         struct sockaddr_hci haddr;
679         struct sock *sk = sock->sk;
680         struct hci_dev *hdev = NULL;
681         int len, err = 0;
682 
683         BT_DBG("sock %p sk %p", sock, sk);
684 
685         if (!addr)
686                 return -EINVAL;
687 
688         memset(&haddr, 0, sizeof(haddr));
689         len = min_t(unsigned int, sizeof(haddr), addr_len);
690         memcpy(&haddr, addr, len);
691 
692         if (haddr.hci_family != AF_BLUETOOTH)
693                 return -EINVAL;
694 
695         lock_sock(sk);
696 
697         if (sk->sk_state == BT_BOUND) {
698                 err = -EALREADY;
699                 goto done;
700         }
701 
702         switch (haddr.hci_channel) {
703         case HCI_CHANNEL_RAW:
704                 if (hci_pi(sk)->hdev) {
705                         err = -EALREADY;
706                         goto done;
707                 }
708 
709                 if (haddr.hci_dev != HCI_DEV_NONE) {
710                         hdev = hci_dev_get(haddr.hci_dev);
711                         if (!hdev) {
712                                 err = -ENODEV;
713                                 goto done;
714                         }
715 
716                         atomic_inc(&hdev->promisc);
717                 }
718 
719                 hci_pi(sk)->hdev = hdev;
720                 break;
721 
722         case HCI_CHANNEL_USER:
723                 if (hci_pi(sk)->hdev) {
724                         err = -EALREADY;
725                         goto done;
726                 }
727 
728                 if (haddr.hci_dev == HCI_DEV_NONE) {
729                         err = -EINVAL;
730                         goto done;
731                 }
732 
733                 if (!capable(CAP_NET_ADMIN)) {
734                         err = -EPERM;
735                         goto done;
736                 }
737 
738                 hdev = hci_dev_get(haddr.hci_dev);
739                 if (!hdev) {
740                         err = -ENODEV;
741                         goto done;
742                 }
743 
744                 if (test_bit(HCI_INIT, &hdev->flags) ||
745                     hci_dev_test_flag(hdev, HCI_SETUP) ||
746                     hci_dev_test_flag(hdev, HCI_CONFIG) ||
747                     (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
748                      test_bit(HCI_UP, &hdev->flags))) {
749                         err = -EBUSY;
750                         hci_dev_put(hdev);
751                         goto done;
752                 }
753 
754                 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
755                         err = -EUSERS;
756                         hci_dev_put(hdev);
757                         goto done;
758                 }
759 
760                 mgmt_index_removed(hdev);
761 
762                 err = hci_dev_open(hdev->id);
763                 if (err) {
764                         if (err == -EALREADY) {
765                                 /* In case the transport is already up and
766                                  * running, clear the error here.
767                                  *
768                                  * This can happen when opening an user
769                                  * channel and HCI_AUTO_OFF grace period
770                                  * is still active.
771                                  */
772                                 err = 0;
773                         } else {
774                                 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
775                                 mgmt_index_added(hdev);
776                                 hci_dev_put(hdev);
777                                 goto done;
778                         }
779                 }
780 
781                 atomic_inc(&hdev->promisc);
782 
783                 hci_pi(sk)->hdev = hdev;
784                 break;
785 
786         case HCI_CHANNEL_MONITOR:
787                 if (haddr.hci_dev != HCI_DEV_NONE) {
788                         err = -EINVAL;
789                         goto done;
790                 }
791 
792                 if (!capable(CAP_NET_RAW)) {
793                         err = -EPERM;
794                         goto done;
795                 }
796 
797                 /* The monitor interface is restricted to CAP_NET_RAW
798                  * capabilities and with that implicitly trusted.
799                  */
800                 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
801 
802                 send_monitor_replay(sk);
803 
804                 atomic_inc(&monitor_promisc);
805                 break;
806 
807         default:
808                 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
809                         err = -EINVAL;
810                         goto done;
811                 }
812 
813                 if (haddr.hci_dev != HCI_DEV_NONE) {
814                         err = -EINVAL;
815                         goto done;
816                 }
817 
818                 /* Users with CAP_NET_ADMIN capabilities are allowed
819                  * access to all management commands and events. For
820                  * untrusted users the interface is restricted and
821                  * also only untrusted events are sent.
822                  */
823                 if (capable(CAP_NET_ADMIN))
824                         hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
825 
826                 /* At the moment the index and unconfigured index events
827                  * are enabled unconditionally. Setting them on each
828                  * socket when binding keeps this functionality. They
829                  * however might be cleared later and then sending of these
830                  * events will be disabled, but that is then intentional.
831                  *
832                  * This also enables generic events that are safe to be
833                  * received by untrusted users. Example for such events
834                  * are changes to settings, class of device, name etc.
835                  */
836                 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) {
837                         hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
838                         hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
839                         hci_sock_set_flag(sk, HCI_MGMT_GENERIC_EVENTS);
840                 }
841                 break;
842         }
843 
844 
845         hci_pi(sk)->channel = haddr.hci_channel;
846         sk->sk_state = BT_BOUND;
847 
848 done:
849         release_sock(sk);
850         return err;
851 }
852 
853 static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
854                             int *addr_len, int peer)
855 {
856         struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
857         struct sock *sk = sock->sk;
858         struct hci_dev *hdev;
859         int err = 0;
860 
861         BT_DBG("sock %p sk %p", sock, sk);
862 
863         if (peer)
864                 return -EOPNOTSUPP;
865 
866         lock_sock(sk);
867 
868         hdev = hci_pi(sk)->hdev;
869         if (!hdev) {
870                 err = -EBADFD;
871                 goto done;
872         }
873 
874         *addr_len = sizeof(*haddr);
875         haddr->hci_family = AF_BLUETOOTH;
876         haddr->hci_dev    = hdev->id;
877         haddr->hci_channel= hci_pi(sk)->channel;
878 
879 done:
880         release_sock(sk);
881         return err;
882 }
883 
884 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
885                           struct sk_buff *skb)
886 {
887         __u32 mask = hci_pi(sk)->cmsg_mask;
888 
889         if (mask & HCI_CMSG_DIR) {
890                 int incoming = bt_cb(skb)->incoming;
891                 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
892                          &incoming);
893         }
894 
895         if (mask & HCI_CMSG_TSTAMP) {
896 #ifdef CONFIG_COMPAT
897                 struct compat_timeval ctv;
898 #endif
899                 struct timeval tv;
900                 void *data;
901                 int len;
902 
903                 skb_get_timestamp(skb, &tv);
904 
905                 data = &tv;
906                 len = sizeof(tv);
907 #ifdef CONFIG_COMPAT
908                 if (!COMPAT_USE_64BIT_TIME &&
909                     (msg->msg_flags & MSG_CMSG_COMPAT)) {
910                         ctv.tv_sec = tv.tv_sec;
911                         ctv.tv_usec = tv.tv_usec;
912                         data = &ctv;
913                         len = sizeof(ctv);
914                 }
915 #endif
916 
917                 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
918         }
919 }
920 
921 static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
922                             int flags)
923 {
924         int noblock = flags & MSG_DONTWAIT;
925         struct sock *sk = sock->sk;
926         struct sk_buff *skb;
927         int copied, err;
928 
929         BT_DBG("sock %p, sk %p", sock, sk);
930 
931         if (flags & (MSG_OOB))
932                 return -EOPNOTSUPP;
933 
934         if (sk->sk_state == BT_CLOSED)
935                 return 0;
936 
937         skb = skb_recv_datagram(sk, flags, noblock, &err);
938         if (!skb)
939                 return err;
940 
941         copied = skb->len;
942         if (len < copied) {
943                 msg->msg_flags |= MSG_TRUNC;
944                 copied = len;
945         }
946 
947         skb_reset_transport_header(skb);
948         err = skb_copy_datagram_msg(skb, 0, msg, copied);
949 
950         switch (hci_pi(sk)->channel) {
951         case HCI_CHANNEL_RAW:
952                 hci_sock_cmsg(sk, msg, skb);
953                 break;
954         case HCI_CHANNEL_USER:
955         case HCI_CHANNEL_MONITOR:
956                 sock_recv_timestamp(msg, sk, skb);
957                 break;
958         default:
959                 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
960                         sock_recv_timestamp(msg, sk, skb);
961                 break;
962         }
963 
964         skb_free_datagram(sk, skb);
965 
966         return err ? : copied;
967 }
968 
969 static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
970                         struct msghdr *msg, size_t msglen)
971 {
972         void *buf;
973         u8 *cp;
974         struct mgmt_hdr *hdr;
975         u16 opcode, index, len;
976         struct hci_dev *hdev = NULL;
977         const struct hci_mgmt_handler *handler;
978         bool var_len, no_hdev;
979         int err;
980 
981         BT_DBG("got %zu bytes", msglen);
982 
983         if (msglen < sizeof(*hdr))
984                 return -EINVAL;
985 
986         buf = kmalloc(msglen, GFP_KERNEL);
987         if (!buf)
988                 return -ENOMEM;
989 
990         if (memcpy_from_msg(buf, msg, msglen)) {
991                 err = -EFAULT;
992                 goto done;
993         }
994 
995         hdr = buf;
996         opcode = __le16_to_cpu(hdr->opcode);
997         index = __le16_to_cpu(hdr->index);
998         len = __le16_to_cpu(hdr->len);
999 
1000         if (len != msglen - sizeof(*hdr)) {
1001                 err = -EINVAL;
1002                 goto done;
1003         }
1004 
1005         if (opcode >= chan->handler_count ||
1006             chan->handlers[opcode].func == NULL) {
1007                 BT_DBG("Unknown op %u", opcode);
1008                 err = mgmt_cmd_status(sk, index, opcode,
1009                                       MGMT_STATUS_UNKNOWN_COMMAND);
1010                 goto done;
1011         }
1012 
1013         handler = &chan->handlers[opcode];
1014 
1015         if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1016             !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1017                 err = mgmt_cmd_status(sk, index, opcode,
1018                                       MGMT_STATUS_PERMISSION_DENIED);
1019                 goto done;
1020         }
1021 
1022         if (index != MGMT_INDEX_NONE) {
1023                 hdev = hci_dev_get(index);
1024                 if (!hdev) {
1025                         err = mgmt_cmd_status(sk, index, opcode,
1026                                               MGMT_STATUS_INVALID_INDEX);
1027                         goto done;
1028                 }
1029 
1030                 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1031                     hci_dev_test_flag(hdev, HCI_CONFIG) ||
1032                     hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1033                         err = mgmt_cmd_status(sk, index, opcode,
1034                                               MGMT_STATUS_INVALID_INDEX);
1035                         goto done;
1036                 }
1037 
1038                 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1039                     !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1040                         err = mgmt_cmd_status(sk, index, opcode,
1041                                               MGMT_STATUS_INVALID_INDEX);
1042                         goto done;
1043                 }
1044         }
1045 
1046         no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1047         if (no_hdev != !hdev) {
1048                 err = mgmt_cmd_status(sk, index, opcode,
1049                                       MGMT_STATUS_INVALID_INDEX);
1050                 goto done;
1051         }
1052 
1053         var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1054         if ((var_len && len < handler->data_len) ||
1055             (!var_len && len != handler->data_len)) {
1056                 err = mgmt_cmd_status(sk, index, opcode,
1057                                       MGMT_STATUS_INVALID_PARAMS);
1058                 goto done;
1059         }
1060 
1061         if (hdev && chan->hdev_init)
1062                 chan->hdev_init(sk, hdev);
1063 
1064         cp = buf + sizeof(*hdr);
1065 
1066         err = handler->func(sk, hdev, cp, len);
1067         if (err < 0)
1068                 goto done;
1069 
1070         err = msglen;
1071 
1072 done:
1073         if (hdev)
1074                 hci_dev_put(hdev);
1075 
1076         kfree(buf);
1077         return err;
1078 }
1079 
1080 static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1081                             size_t len)
1082 {
1083         struct sock *sk = sock->sk;
1084         struct hci_mgmt_chan *chan;
1085         struct hci_dev *hdev;
1086         struct sk_buff *skb;
1087         int err;
1088 
1089         BT_DBG("sock %p sk %p", sock, sk);
1090 
1091         if (msg->msg_flags & MSG_OOB)
1092                 return -EOPNOTSUPP;
1093 
1094         if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
1095                 return -EINVAL;
1096 
1097         if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1098                 return -EINVAL;
1099 
1100         lock_sock(sk);
1101 
1102         switch (hci_pi(sk)->channel) {
1103         case HCI_CHANNEL_RAW:
1104         case HCI_CHANNEL_USER:
1105                 break;
1106         case HCI_CHANNEL_MONITOR:
1107                 err = -EOPNOTSUPP;
1108                 goto done;
1109         default:
1110                 mutex_lock(&mgmt_chan_list_lock);
1111                 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1112                 if (chan)
1113                         err = hci_mgmt_cmd(chan, sk, msg, len);
1114                 else
1115                         err = -EINVAL;
1116 
1117                 mutex_unlock(&mgmt_chan_list_lock);
1118                 goto done;
1119         }
1120 
1121         hdev = hci_pi(sk)->hdev;
1122         if (!hdev) {
1123                 err = -EBADFD;
1124                 goto done;
1125         }
1126 
1127         if (!test_bit(HCI_UP, &hdev->flags)) {
1128                 err = -ENETDOWN;
1129                 goto done;
1130         }
1131 
1132         skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1133         if (!skb)
1134                 goto done;
1135 
1136         if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1137                 err = -EFAULT;
1138                 goto drop;
1139         }
1140 
1141         bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
1142         skb_pull(skb, 1);
1143 
1144         if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1145                 /* No permission check is needed for user channel
1146                  * since that gets enforced when binding the socket.
1147                  *
1148                  * However check that the packet type is valid.
1149                  */
1150                 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
1151                     bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
1152                     bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
1153                         err = -EINVAL;
1154                         goto drop;
1155                 }
1156 
1157                 skb_queue_tail(&hdev->raw_q, skb);
1158                 queue_work(hdev->workqueue, &hdev->tx_work);
1159         } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
1160                 u16 opcode = get_unaligned_le16(skb->data);
1161                 u16 ogf = hci_opcode_ogf(opcode);
1162                 u16 ocf = hci_opcode_ocf(opcode);
1163 
1164                 if (((ogf > HCI_SFLT_MAX_OGF) ||
1165                      !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1166                                    &hci_sec_filter.ocf_mask[ogf])) &&
1167                     !capable(CAP_NET_RAW)) {
1168                         err = -EPERM;
1169                         goto drop;
1170                 }
1171 
1172                 if (ogf == 0x3f) {
1173                         skb_queue_tail(&hdev->raw_q, skb);
1174                         queue_work(hdev->workqueue, &hdev->tx_work);
1175                 } else {
1176                         /* Stand-alone HCI commands must be flagged as
1177                          * single-command requests.
1178                          */
1179                         bt_cb(skb)->req.start = true;
1180 
1181                         skb_queue_tail(&hdev->cmd_q, skb);
1182                         queue_work(hdev->workqueue, &hdev->cmd_work);
1183                 }
1184         } else {
1185                 if (!capable(CAP_NET_RAW)) {
1186                         err = -EPERM;
1187                         goto drop;
1188                 }
1189 
1190                 skb_queue_tail(&hdev->raw_q, skb);
1191                 queue_work(hdev->workqueue, &hdev->tx_work);
1192         }
1193 
1194         err = len;
1195 
1196 done:
1197         release_sock(sk);
1198         return err;
1199 
1200 drop:
1201         kfree_skb(skb);
1202         goto done;
1203 }
1204 
1205 static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1206                                char __user *optval, unsigned int len)
1207 {
1208         struct hci_ufilter uf = { .opcode = 0 };
1209         struct sock *sk = sock->sk;
1210         int err = 0, opt = 0;
1211 
1212         BT_DBG("sk %p, opt %d", sk, optname);
1213 
1214         lock_sock(sk);
1215 
1216         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1217                 err = -EBADFD;
1218                 goto done;
1219         }
1220 
1221         switch (optname) {
1222         case HCI_DATA_DIR:
1223                 if (get_user(opt, (int __user *)optval)) {
1224                         err = -EFAULT;
1225                         break;
1226                 }
1227 
1228                 if (opt)
1229                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1230                 else
1231                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1232                 break;
1233 
1234         case HCI_TIME_STAMP:
1235                 if (get_user(opt, (int __user *)optval)) {
1236                         err = -EFAULT;
1237                         break;
1238                 }
1239 
1240                 if (opt)
1241                         hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1242                 else
1243                         hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1244                 break;
1245 
1246         case HCI_FILTER:
1247                 {
1248                         struct hci_filter *f = &hci_pi(sk)->filter;
1249 
1250                         uf.type_mask = f->type_mask;
1251                         uf.opcode    = f->opcode;
1252                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1253                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1254                 }
1255 
1256                 len = min_t(unsigned int, len, sizeof(uf));
1257                 if (copy_from_user(&uf, optval, len)) {
1258                         err = -EFAULT;
1259                         break;
1260                 }
1261 
1262                 if (!capable(CAP_NET_RAW)) {
1263                         uf.type_mask &= hci_sec_filter.type_mask;
1264                         uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1265                         uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1266                 }
1267 
1268                 {
1269                         struct hci_filter *f = &hci_pi(sk)->filter;
1270 
1271                         f->type_mask = uf.type_mask;
1272                         f->opcode    = uf.opcode;
1273                         *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1274                         *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1275                 }
1276                 break;
1277 
1278         default:
1279                 err = -ENOPROTOOPT;
1280                 break;
1281         }
1282 
1283 done:
1284         release_sock(sk);
1285         return err;
1286 }
1287 
1288 static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1289                                char __user *optval, int __user *optlen)
1290 {
1291         struct hci_ufilter uf;
1292         struct sock *sk = sock->sk;
1293         int len, opt, err = 0;
1294 
1295         BT_DBG("sk %p, opt %d", sk, optname);
1296 
1297         if (get_user(len, optlen))
1298                 return -EFAULT;
1299 
1300         lock_sock(sk);
1301 
1302         if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
1303                 err = -EBADFD;
1304                 goto done;
1305         }
1306 
1307         switch (optname) {
1308         case HCI_DATA_DIR:
1309                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1310                         opt = 1;
1311                 else
1312                         opt = 0;
1313 
1314                 if (put_user(opt, optval))
1315                         err = -EFAULT;
1316                 break;
1317 
1318         case HCI_TIME_STAMP:
1319                 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1320                         opt = 1;
1321                 else
1322                         opt = 0;
1323 
1324                 if (put_user(opt, optval))
1325                         err = -EFAULT;
1326                 break;
1327 
1328         case HCI_FILTER:
1329                 {
1330                         struct hci_filter *f = &hci_pi(sk)->filter;
1331 
1332                         memset(&uf, 0, sizeof(uf));
1333                         uf.type_mask = f->type_mask;
1334                         uf.opcode    = f->opcode;
1335                         uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1336                         uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1337                 }
1338 
1339                 len = min_t(unsigned int, len, sizeof(uf));
1340                 if (copy_to_user(optval, &uf, len))
1341                         err = -EFAULT;
1342                 break;
1343 
1344         default:
1345                 err = -ENOPROTOOPT;
1346                 break;
1347         }
1348 
1349 done:
1350         release_sock(sk);
1351         return err;
1352 }
1353 
1354 static const struct proto_ops hci_sock_ops = {
1355         .family         = PF_BLUETOOTH,
1356         .owner          = THIS_MODULE,
1357         .release        = hci_sock_release,
1358         .bind           = hci_sock_bind,
1359         .getname        = hci_sock_getname,
1360         .sendmsg        = hci_sock_sendmsg,
1361         .recvmsg        = hci_sock_recvmsg,
1362         .ioctl          = hci_sock_ioctl,
1363         .poll           = datagram_poll,
1364         .listen         = sock_no_listen,
1365         .shutdown       = sock_no_shutdown,
1366         .setsockopt     = hci_sock_setsockopt,
1367         .getsockopt     = hci_sock_getsockopt,
1368         .connect        = sock_no_connect,
1369         .socketpair     = sock_no_socketpair,
1370         .accept         = sock_no_accept,
1371         .mmap           = sock_no_mmap
1372 };
1373 
1374 static struct proto hci_sk_proto = {
1375         .name           = "HCI",
1376         .owner          = THIS_MODULE,
1377         .obj_size       = sizeof(struct hci_pinfo)
1378 };
1379 
1380 static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
1381                            int kern)
1382 {
1383         struct sock *sk;
1384 
1385         BT_DBG("sock %p", sock);
1386 
1387         if (sock->type != SOCK_RAW)
1388                 return -ESOCKTNOSUPPORT;
1389 
1390         sock->ops = &hci_sock_ops;
1391 
1392         sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
1393         if (!sk)
1394                 return -ENOMEM;
1395 
1396         sock_init_data(sock, sk);
1397 
1398         sock_reset_flag(sk, SOCK_ZAPPED);
1399 
1400         sk->sk_protocol = protocol;
1401 
1402         sock->state = SS_UNCONNECTED;
1403         sk->sk_state = BT_OPEN;
1404 
1405         bt_sock_link(&hci_sk_list, sk);
1406         return 0;
1407 }
1408 
1409 static const struct net_proto_family hci_sock_family_ops = {
1410         .family = PF_BLUETOOTH,
1411         .owner  = THIS_MODULE,
1412         .create = hci_sock_create,
1413 };
1414 
1415 int __init hci_sock_init(void)
1416 {
1417         int err;
1418 
1419         BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
1420 
1421         err = proto_register(&hci_sk_proto, 0);
1422         if (err < 0)
1423                 return err;
1424 
1425         err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
1426         if (err < 0) {
1427                 BT_ERR("HCI socket registration failed");
1428                 goto error;
1429         }
1430 
1431         err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
1432         if (err < 0) {
1433                 BT_ERR("Failed to create HCI proc file");
1434                 bt_sock_unregister(BTPROTO_HCI);
1435                 goto error;
1436         }
1437 
1438         BT_INFO("HCI socket layer initialized");
1439 
1440         return 0;
1441 
1442 error:
1443         proto_unregister(&hci_sk_proto);
1444         return err;
1445 }
1446 
1447 void hci_sock_cleanup(void)
1448 {
1449         bt_procfs_cleanup(&init_net, "hci");
1450         bt_sock_unregister(BTPROTO_HCI);
1451         proto_unregister(&hci_sk_proto);
1452 }
1453 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp