blob: 9c4a093f89607620f7d4c0c633f3bec84f10f751 [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090015 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070018 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090020 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070022 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
Arnd Bergmann7a6038b2019-03-14 14:10:33 +010026#include <linux/compat.h>
Gustavo Padovan8c520a52012-05-23 04:04:22 -030027#include <linux/export.h>
Johannes Berg787b3062016-01-06 14:38:40 +010028#include <linux/utsname.h>
Marcel Holtmann70ecce92016-08-27 20:23:38 +020029#include <linux/sched.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070030#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
Marcel Holtmanncd82e612012-02-20 20:34:38 +010034#include <net/bluetooth/hci_mon.h>
Johan Hedbergfa4335d2015-03-17 13:48:50 +020035#include <net/bluetooth/mgmt.h>
36
37#include "mgmt_util.h"
Linus Torvalds1da177e2005-04-16 15:20:36 -070038
Johan Hedberg801c1e82015-03-06 21:08:50 +020039static LIST_HEAD(mgmt_chan_list);
40static DEFINE_MUTEX(mgmt_chan_list_lock);
41
Marcel Holtmann70ecce92016-08-27 20:23:38 +020042static DEFINE_IDA(sock_cookie_ida);
43
Marcel Holtmanncd82e612012-02-20 20:34:38 +010044static atomic_t monitor_promisc = ATOMIC_INIT(0);
45
Linus Torvalds1da177e2005-04-16 15:20:36 -070046/* ----- HCI socket interface ----- */
47
Marcel Holtmann863def52014-07-11 05:41:00 +020048/* Socket info */
49#define hci_pi(sk) ((struct hci_pinfo *) sk)
50
51struct hci_pinfo {
52 struct bt_sock bt;
53 struct hci_dev *hdev;
54 struct hci_filter filter;
55 __u32 cmsg_mask;
56 unsigned short channel;
Marcel Holtmann6befc642015-03-14 19:27:53 -070057 unsigned long flags;
Marcel Holtmann70ecce92016-08-27 20:23:38 +020058 __u32 cookie;
59 char comm[TASK_COMM_LEN];
Marcel Holtmann863def52014-07-11 05:41:00 +020060};
61
Marcel Holtmann6befc642015-03-14 19:27:53 -070062void hci_sock_set_flag(struct sock *sk, int nr)
63{
64 set_bit(nr, &hci_pi(sk)->flags);
65}
66
67void hci_sock_clear_flag(struct sock *sk, int nr)
68{
69 clear_bit(nr, &hci_pi(sk)->flags);
70}
71
Marcel Holtmannc85be542015-03-14 19:28:00 -070072int hci_sock_test_flag(struct sock *sk, int nr)
73{
74 return test_bit(nr, &hci_pi(sk)->flags);
75}
76
Johan Hedbergd0f172b2015-03-17 13:48:46 +020077unsigned short hci_sock_get_channel(struct sock *sk)
78{
79 return hci_pi(sk)->channel;
80}
81
Marcel Holtmann70ecce92016-08-27 20:23:38 +020082u32 hci_sock_get_cookie(struct sock *sk)
83{
84 return hci_pi(sk)->cookie;
85}
86
Marcel Holtmanndf1cb872016-08-30 05:00:34 +020087static bool hci_sock_gen_cookie(struct sock *sk)
88{
89 int id = hci_pi(sk)->cookie;
90
91 if (!id) {
92 id = ida_simple_get(&sock_cookie_ida, 1, 0, GFP_KERNEL);
93 if (id < 0)
94 id = 0xffffffff;
95
96 hci_pi(sk)->cookie = id;
97 get_task_comm(hci_pi(sk)->comm, current);
98 return true;
99 }
100
101 return false;
102}
103
104static void hci_sock_free_cookie(struct sock *sk)
105{
106 int id = hci_pi(sk)->cookie;
107
108 if (id) {
109 hci_pi(sk)->cookie = 0xffffffff;
110 ida_simple_remove(&sock_cookie_ida, id);
111 }
112}
113
Jiri Slaby93919762015-02-19 15:20:43 +0100114static inline int hci_test_bit(int nr, const void *addr)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700115{
Jiri Slaby93919762015-02-19 15:20:43 +0100116 return *((const __u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700117}
118
119/* Security filter */
Marcel Holtmann3ad254f72014-07-11 05:36:39 +0200120#define HCI_SFLT_MAX_OGF 5
121
122struct hci_sec_filter {
123 __u32 type_mask;
124 __u32 event_mask[2];
125 __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
126};
127
Marcel Holtmann7e67c112014-07-11 05:36:40 +0200128static const struct hci_sec_filter hci_sec_filter = {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700129 /* Packet types */
130 0x10,
131 /* Events */
Marcel Holtmanndd7f5522005-10-28 19:20:53 +0200132 { 0x1000d9fe, 0x0000b00c },
Linus Torvalds1da177e2005-04-16 15:20:36 -0700133 /* Commands */
134 {
135 { 0x0 },
136 /* OGF_LINK_CTL */
Marcel Holtmann7c631a62007-09-09 08:39:43 +0200137 { 0xbe000006, 0x00000001, 0x00000000, 0x00 },
Linus Torvalds1da177e2005-04-16 15:20:36 -0700138 /* OGF_LINK_POLICY */
Marcel Holtmann7c631a62007-09-09 08:39:43 +0200139 { 0x00005200, 0x00000000, 0x00000000, 0x00 },
Linus Torvalds1da177e2005-04-16 15:20:36 -0700140 /* OGF_HOST_CTL */
Marcel Holtmann7c631a62007-09-09 08:39:43 +0200141 { 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
Linus Torvalds1da177e2005-04-16 15:20:36 -0700142 /* OGF_INFO_PARAM */
Marcel Holtmann7c631a62007-09-09 08:39:43 +0200143 { 0x000002be, 0x00000000, 0x00000000, 0x00 },
Linus Torvalds1da177e2005-04-16 15:20:36 -0700144 /* OGF_STATUS_PARAM */
Marcel Holtmann7c631a62007-09-09 08:39:43 +0200145 { 0x000000ea, 0x00000000, 0x00000000, 0x00 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700146 }
147};
148
149static struct bt_sock_list hci_sk_list = {
Robert P. J. Dayd5fb2962008-03-28 16:17:38 -0700150 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700151};
152
Marcel Holtmannf81fe642013-08-25 23:25:15 -0700153static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb)
154{
155 struct hci_filter *flt;
156 int flt_type, flt_event;
157
158 /* Apply filter */
159 flt = &hci_pi(sk)->filter;
160
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100161 flt_type = hci_skb_pkt_type(skb) & HCI_FLT_TYPE_BITS;
Marcel Holtmannf81fe642013-08-25 23:25:15 -0700162
163 if (!test_bit(flt_type, &flt->type_mask))
164 return true;
165
166 /* Extra filter for event packets only */
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100167 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT)
Marcel Holtmannf81fe642013-08-25 23:25:15 -0700168 return false;
169
170 flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
171
172 if (!hci_test_bit(flt_event, &flt->event_mask))
173 return true;
174
175 /* Check filter only when opcode is set */
176 if (!flt->opcode)
177 return false;
178
179 if (flt_event == HCI_EV_CMD_COMPLETE &&
180 flt->opcode != get_unaligned((__le16 *)(skb->data + 3)))
181 return true;
182
183 if (flt_event == HCI_EV_CMD_STATUS &&
184 flt->opcode != get_unaligned((__le16 *)(skb->data + 4)))
185 return true;
186
187 return false;
188}
189
Linus Torvalds1da177e2005-04-16 15:20:36 -0700190/* Send frame to RAW socket */
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100191void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700192{
193 struct sock *sk;
Marcel Holtmanne0edf372012-02-20 14:50:36 +0100194 struct sk_buff *skb_copy = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700195
196 BT_DBG("hdev %p len %d", hdev, skb->len);
197
198 read_lock(&hci_sk_list.lock);
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100199
Sasha Levinb67bfe02013-02-27 17:06:00 -0800200 sk_for_each(sk, &hci_sk_list.head) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700201 struct sk_buff *nskb;
202
203 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
204 continue;
205
206 /* Don't send frame to the socket it came from */
207 if (skb->sk == sk)
208 continue;
209
Marcel Holtmann23500182013-08-26 21:40:52 -0700210 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) {
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100211 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
212 hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
213 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
Marcel Holtmanncc974002020-01-25 09:23:47 +0100214 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
215 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT)
Marcel Holtmannbb775432015-10-09 16:13:50 +0200216 continue;
Marcel Holtmann23500182013-08-26 21:40:52 -0700217 if (is_filtered_packet(sk, skb))
218 continue;
219 } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
220 if (!bt_cb(skb)->incoming)
221 continue;
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100222 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
223 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
Marcel Holtmanncc974002020-01-25 09:23:47 +0100224 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
225 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT)
Marcel Holtmann23500182013-08-26 21:40:52 -0700226 continue;
227 } else {
228 /* Don't send frame to other channel types */
Johan Hedberga40c4062010-12-08 00:21:07 +0200229 continue;
Marcel Holtmann23500182013-08-26 21:40:52 -0700230 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700231
Marcel Holtmanne0edf372012-02-20 14:50:36 +0100232 if (!skb_copy) {
233 /* Create a private copy with headroom */
Octavian Purdilabad93e92014-06-12 01:36:26 +0300234 skb_copy = __pskb_copy_fclone(skb, 1, GFP_ATOMIC, true);
Marcel Holtmanne0edf372012-02-20 14:50:36 +0100235 if (!skb_copy)
236 continue;
237
238 /* Put type byte before the data */
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100239 memcpy(skb_push(skb_copy, 1), &hci_skb_pkt_type(skb), 1);
Marcel Holtmanne0edf372012-02-20 14:50:36 +0100240 }
241
242 nskb = skb_clone(skb_copy, GFP_ATOMIC);
Andrei Emeltchenko70f230202010-12-01 16:58:25 +0200243 if (!nskb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700244 continue;
245
Linus Torvalds1da177e2005-04-16 15:20:36 -0700246 if (sock_queue_rcv_skb(sk, nskb))
247 kfree_skb(nskb);
248 }
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100249
250 read_unlock(&hci_sk_list.lock);
Marcel Holtmanne0edf372012-02-20 14:50:36 +0100251
252 kfree_skb(skb_copy);
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100253}
254
Johan Hedberg71290692015-02-20 13:26:23 +0200255/* Send frame to sockets with specific channel */
Sebastian Andrzej Siewiora9ee77a2017-09-21 15:51:23 +0200256static void __hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
257 int flag, struct sock *skip_sk)
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100258{
259 struct sock *sk;
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100260
Johan Hedberg71290692015-02-20 13:26:23 +0200261 BT_DBG("channel %u len %d", channel, skb->len);
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100262
Sasha Levinb67bfe02013-02-27 17:06:00 -0800263 sk_for_each(sk, &hci_sk_list.head) {
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100264 struct sk_buff *nskb;
265
Marcel Holtmannc08b1a12015-03-14 19:27:59 -0700266 /* Ignore socket without the flag set */
Marcel Holtmannc85be542015-03-14 19:28:00 -0700267 if (!hci_sock_test_flag(sk, flag))
Marcel Holtmannc08b1a12015-03-14 19:27:59 -0700268 continue;
269
Marcel Holtmann470fe1b2012-02-20 14:50:30 +0100270 /* Skip the original socket */
271 if (sk == skip_sk)
272 continue;
273
274 if (sk->sk_state != BT_BOUND)
275 continue;
276
Johan Hedberg71290692015-02-20 13:26:23 +0200277 if (hci_pi(sk)->channel != channel)
Marcel Holtmannd7f72f62015-01-11 19:33:32 -0800278 continue;
279
280 nskb = skb_clone(skb, GFP_ATOMIC);
281 if (!nskb)
282 continue;
283
284 if (sock_queue_rcv_skb(sk, nskb))
285 kfree_skb(nskb);
286 }
287
Sebastian Andrzej Siewiora9ee77a2017-09-21 15:51:23 +0200288}
289
290void hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
291 int flag, struct sock *skip_sk)
292{
293 read_lock(&hci_sk_list.lock);
294 __hci_send_to_channel(channel, skb, flag, skip_sk);
Marcel Holtmannd7f72f62015-01-11 19:33:32 -0800295 read_unlock(&hci_sk_list.lock);
296}
297
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100298/* Send frame to monitor socket */
299void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
300{
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100301 struct sk_buff *skb_copy = NULL;
Marcel Holtmann2b531292015-01-11 19:33:31 -0800302 struct hci_mon_hdr *hdr;
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100303 __le16 opcode;
304
305 if (!atomic_read(&monitor_promisc))
306 return;
307
308 BT_DBG("hdev %p len %d", hdev, skb->len);
309
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100310 switch (hci_skb_pkt_type(skb)) {
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100311 case HCI_COMMAND_PKT:
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700312 opcode = cpu_to_le16(HCI_MON_COMMAND_PKT);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100313 break;
314 case HCI_EVENT_PKT:
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700315 opcode = cpu_to_le16(HCI_MON_EVENT_PKT);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100316 break;
317 case HCI_ACLDATA_PKT:
318 if (bt_cb(skb)->incoming)
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700319 opcode = cpu_to_le16(HCI_MON_ACL_RX_PKT);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100320 else
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700321 opcode = cpu_to_le16(HCI_MON_ACL_TX_PKT);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100322 break;
323 case HCI_SCODATA_PKT:
324 if (bt_cb(skb)->incoming)
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700325 opcode = cpu_to_le16(HCI_MON_SCO_RX_PKT);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100326 else
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700327 opcode = cpu_to_le16(HCI_MON_SCO_TX_PKT);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100328 break;
Luiz Augusto von Dentzf9a619d2020-01-15 13:02:17 -0800329 case HCI_ISODATA_PKT:
330 if (bt_cb(skb)->incoming)
331 opcode = cpu_to_le16(HCI_MON_ISO_RX_PKT);
332 else
333 opcode = cpu_to_le16(HCI_MON_ISO_TX_PKT);
334 break;
Marcel Holtmanne875ff82015-10-07 16:38:35 +0200335 case HCI_DIAG_PKT:
336 opcode = cpu_to_le16(HCI_MON_VENDOR_DIAG);
337 break;
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100338 default:
339 return;
340 }
341
Marcel Holtmann2b531292015-01-11 19:33:31 -0800342 /* Create a private copy with headroom */
343 skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
344 if (!skb_copy)
345 return;
346
347 /* Put header before the data */
Johannes Bergd58ff352017-06-16 14:29:23 +0200348 hdr = skb_push(skb_copy, HCI_MON_HDR_SIZE);
Marcel Holtmann2b531292015-01-11 19:33:31 -0800349 hdr->opcode = opcode;
350 hdr->index = cpu_to_le16(hdev->id);
351 hdr->len = cpu_to_le16(skb->len);
352
Marcel Holtmannc08b1a12015-03-14 19:27:59 -0700353 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb_copy,
354 HCI_SOCK_TRUSTED, NULL);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100355 kfree_skb(skb_copy);
356}
357
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200358void hci_send_monitor_ctrl_event(struct hci_dev *hdev, u16 event,
359 void *data, u16 data_len, ktime_t tstamp,
360 int flag, struct sock *skip_sk)
361{
362 struct sock *sk;
363 __le16 index;
364
365 if (hdev)
366 index = cpu_to_le16(hdev->id);
367 else
368 index = cpu_to_le16(MGMT_INDEX_NONE);
369
370 read_lock(&hci_sk_list.lock);
371
372 sk_for_each(sk, &hci_sk_list.head) {
373 struct hci_mon_hdr *hdr;
374 struct sk_buff *skb;
375
376 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
377 continue;
378
379 /* Ignore socket without the flag set */
380 if (!hci_sock_test_flag(sk, flag))
381 continue;
382
383 /* Skip the original socket */
384 if (sk == skip_sk)
385 continue;
386
387 skb = bt_skb_alloc(6 + data_len, GFP_ATOMIC);
388 if (!skb)
389 continue;
390
391 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
392 put_unaligned_le16(event, skb_put(skb, 2));
393
394 if (data)
Johannes Berg59ae1d12017-06-16 14:29:20 +0200395 skb_put_data(skb, data, data_len);
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200396
397 skb->tstamp = tstamp;
398
Johannes Bergd58ff352017-06-16 14:29:23 +0200399 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200400 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_EVENT);
401 hdr->index = index;
402 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
403
Sebastian Andrzej Siewiora9ee77a2017-09-21 15:51:23 +0200404 __hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
405 HCI_SOCK_TRUSTED, NULL);
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200406 kfree_skb(skb);
407 }
408
409 read_unlock(&hci_sk_list.lock);
410}
411
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100412static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
413{
414 struct hci_mon_hdr *hdr;
415 struct hci_mon_new_index *ni;
Marcel Holtmann6c566dd2015-10-07 15:32:13 +0200416 struct hci_mon_index_info *ii;
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100417 struct sk_buff *skb;
418 __le16 opcode;
419
420 switch (event) {
421 case HCI_DEV_REG:
422 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
423 if (!skb)
424 return NULL;
425
Johannes Berg4df864c2017-06-16 14:29:21 +0200426 ni = skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100427 ni->type = hdev->dev_type;
428 ni->bus = hdev->bus;
429 bacpy(&ni->bdaddr, &hdev->bdaddr);
430 memcpy(ni->name, hdev->name, 8);
431
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700432 opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100433 break;
434
435 case HCI_DEV_UNREG:
436 skb = bt_skb_alloc(0, GFP_ATOMIC);
437 if (!skb)
438 return NULL;
439
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700440 opcode = cpu_to_le16(HCI_MON_DEL_INDEX);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100441 break;
442
Marcel Holtmanne131d742015-10-20 02:30:47 +0200443 case HCI_DEV_SETUP:
444 if (hdev->manufacturer == 0xffff)
445 return NULL;
446
447 /* fall through */
448
Marcel Holtmann6c566dd2015-10-07 15:32:13 +0200449 case HCI_DEV_UP:
450 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC);
451 if (!skb)
452 return NULL;
453
Johannes Berg4df864c2017-06-16 14:29:21 +0200454 ii = skb_put(skb, HCI_MON_INDEX_INFO_SIZE);
Marcel Holtmann6c566dd2015-10-07 15:32:13 +0200455 bacpy(&ii->bdaddr, &hdev->bdaddr);
456 ii->manufacturer = cpu_to_le16(hdev->manufacturer);
457
458 opcode = cpu_to_le16(HCI_MON_INDEX_INFO);
459 break;
460
Marcel Holtmann22db3cbc2015-10-04 23:34:03 +0200461 case HCI_DEV_OPEN:
462 skb = bt_skb_alloc(0, GFP_ATOMIC);
463 if (!skb)
464 return NULL;
465
466 opcode = cpu_to_le16(HCI_MON_OPEN_INDEX);
467 break;
468
469 case HCI_DEV_CLOSE:
470 skb = bt_skb_alloc(0, GFP_ATOMIC);
471 if (!skb)
472 return NULL;
473
474 opcode = cpu_to_le16(HCI_MON_CLOSE_INDEX);
475 break;
476
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100477 default:
478 return NULL;
479 }
480
481 __net_timestamp(skb);
482
Johannes Bergd58ff352017-06-16 14:29:23 +0200483 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100484 hdr->opcode = opcode;
485 hdr->index = cpu_to_le16(hdev->id);
486 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
487
488 return skb;
489}
490
Marcel Holtmann249fa162016-08-27 20:23:40 +0200491static struct sk_buff *create_monitor_ctrl_open(struct sock *sk)
492{
493 struct hci_mon_hdr *hdr;
494 struct sk_buff *skb;
Marcel Holtmannd0bef1d2016-08-30 05:00:38 +0200495 u16 format;
Marcel Holtmann249fa162016-08-27 20:23:40 +0200496 u8 ver[3];
497 u32 flags;
498
Marcel Holtmann0ef2c422016-08-30 05:00:36 +0200499 /* No message needed when cookie is not present */
500 if (!hci_pi(sk)->cookie)
501 return NULL;
502
Marcel Holtmannd0bef1d2016-08-30 05:00:38 +0200503 switch (hci_pi(sk)->channel) {
Marcel Holtmannf81f5b22016-08-30 05:00:39 +0200504 case HCI_CHANNEL_RAW:
505 format = 0x0000;
506 ver[0] = BT_SUBSYS_VERSION;
507 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
508 break;
Marcel Holtmannaa1638dd2016-09-01 19:48:28 +0200509 case HCI_CHANNEL_USER:
510 format = 0x0001;
511 ver[0] = BT_SUBSYS_VERSION;
512 put_unaligned_le16(BT_SUBSYS_REVISION, ver + 1);
513 break;
Marcel Holtmannd0bef1d2016-08-30 05:00:38 +0200514 case HCI_CHANNEL_CONTROL:
515 format = 0x0002;
516 mgmt_fill_version_info(ver);
517 break;
518 default:
519 /* No message for unsupported format */
520 return NULL;
521 }
522
Marcel Holtmann249fa162016-08-27 20:23:40 +0200523 skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
524 if (!skb)
525 return NULL;
526
Marcel Holtmann249fa162016-08-27 20:23:40 +0200527 flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
528
529 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
530 put_unaligned_le16(format, skb_put(skb, 2));
Johannes Berg59ae1d12017-06-16 14:29:20 +0200531 skb_put_data(skb, ver, sizeof(ver));
Marcel Holtmann249fa162016-08-27 20:23:40 +0200532 put_unaligned_le32(flags, skb_put(skb, 4));
Johannes Berg634fef62017-06-16 14:29:24 +0200533 skb_put_u8(skb, TASK_COMM_LEN);
Johannes Berg59ae1d12017-06-16 14:29:20 +0200534 skb_put_data(skb, hci_pi(sk)->comm, TASK_COMM_LEN);
Marcel Holtmann249fa162016-08-27 20:23:40 +0200535
536 __net_timestamp(skb);
537
Johannes Bergd58ff352017-06-16 14:29:23 +0200538 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
Marcel Holtmann249fa162016-08-27 20:23:40 +0200539 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_OPEN);
Marcel Holtmann0ef2c422016-08-30 05:00:36 +0200540 if (hci_pi(sk)->hdev)
541 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
542 else
543 hdr->index = cpu_to_le16(HCI_DEV_NONE);
Marcel Holtmann249fa162016-08-27 20:23:40 +0200544 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
545
546 return skb;
547}
548
549static struct sk_buff *create_monitor_ctrl_close(struct sock *sk)
550{
551 struct hci_mon_hdr *hdr;
552 struct sk_buff *skb;
553
Marcel Holtmann0ef2c422016-08-30 05:00:36 +0200554 /* No message needed when cookie is not present */
555 if (!hci_pi(sk)->cookie)
556 return NULL;
557
Marcel Holtmannd0bef1d2016-08-30 05:00:38 +0200558 switch (hci_pi(sk)->channel) {
Marcel Holtmannf81f5b22016-08-30 05:00:39 +0200559 case HCI_CHANNEL_RAW:
Marcel Holtmannaa1638dd2016-09-01 19:48:28 +0200560 case HCI_CHANNEL_USER:
Marcel Holtmannd0bef1d2016-08-30 05:00:38 +0200561 case HCI_CHANNEL_CONTROL:
562 break;
563 default:
564 /* No message for unsupported format */
565 return NULL;
566 }
567
Marcel Holtmann249fa162016-08-27 20:23:40 +0200568 skb = bt_skb_alloc(4, GFP_ATOMIC);
569 if (!skb)
570 return NULL;
571
572 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
573
574 __net_timestamp(skb);
575
Johannes Bergd58ff352017-06-16 14:29:23 +0200576 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
Marcel Holtmann249fa162016-08-27 20:23:40 +0200577 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_CLOSE);
Marcel Holtmann0ef2c422016-08-30 05:00:36 +0200578 if (hci_pi(sk)->hdev)
579 hdr->index = cpu_to_le16(hci_pi(sk)->hdev->id);
580 else
581 hdr->index = cpu_to_le16(HCI_DEV_NONE);
Marcel Holtmann249fa162016-08-27 20:23:40 +0200582 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
583
584 return skb;
585}
586
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200587static struct sk_buff *create_monitor_ctrl_command(struct sock *sk, u16 index,
588 u16 opcode, u16 len,
589 const void *buf)
590{
591 struct hci_mon_hdr *hdr;
592 struct sk_buff *skb;
593
594 skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
595 if (!skb)
596 return NULL;
597
598 put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
599 put_unaligned_le16(opcode, skb_put(skb, 2));
600
601 if (buf)
Johannes Berg59ae1d12017-06-16 14:29:20 +0200602 skb_put_data(skb, buf, len);
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200603
604 __net_timestamp(skb);
605
Johannes Bergd58ff352017-06-16 14:29:23 +0200606 hdr = skb_push(skb, HCI_MON_HDR_SIZE);
Marcel Holtmann38ceaa02016-08-27 20:23:41 +0200607 hdr->opcode = cpu_to_le16(HCI_MON_CTRL_COMMAND);
608 hdr->index = cpu_to_le16(index);
609 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
610
611 return skb;
612}
613
Johannes Berg787b3062016-01-06 14:38:40 +0100614static void __printf(2, 3)
615send_monitor_note(struct sock *sk, const char *fmt, ...)
Marcel Holtmanndd315062015-11-08 07:47:12 +0100616{
Johannes Berg787b3062016-01-06 14:38:40 +0100617 size_t len;
Marcel Holtmanndd315062015-11-08 07:47:12 +0100618 struct hci_mon_hdr *hdr;
619 struct sk_buff *skb;
Johannes Berg787b3062016-01-06 14:38:40 +0100620 va_list args;
621
622 va_start(args, fmt);
623 len = vsnprintf(NULL, 0, fmt, args);
624 va_end(args);
Marcel Holtmanndd315062015-11-08 07:47:12 +0100625
626 skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
627 if (!skb)
628 return;
629
Johannes Berg787b3062016-01-06 14:38:40 +0100630 va_start(args, fmt);
631 vsprintf(skb_put(skb, len), fmt, args);
Johannes Berg4df864c2017-06-16 14:29:21 +0200632 *(u8 *)skb_put(skb, 1) = 0;
Johannes Berg787b3062016-01-06 14:38:40 +0100633 va_end(args);
Marcel Holtmanndd315062015-11-08 07:47:12 +0100634
635 __net_timestamp(skb);
636
637 hdr = (void *)skb_push(skb, HCI_MON_HDR_SIZE);
638 hdr->opcode = cpu_to_le16(HCI_MON_SYSTEM_NOTE);
639 hdr->index = cpu_to_le16(HCI_DEV_NONE);
640 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
641
642 if (sock_queue_rcv_skb(sk, skb))
643 kfree_skb(skb);
644}
645
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100646static void send_monitor_replay(struct sock *sk)
647{
648 struct hci_dev *hdev;
649
650 read_lock(&hci_dev_list_lock);
651
652 list_for_each_entry(hdev, &hci_dev_list, list) {
653 struct sk_buff *skb;
654
655 skb = create_monitor_event(hdev, HCI_DEV_REG);
656 if (!skb)
657 continue;
658
659 if (sock_queue_rcv_skb(sk, skb))
660 kfree_skb(skb);
Marcel Holtmann22db3cbc2015-10-04 23:34:03 +0200661
662 if (!test_bit(HCI_RUNNING, &hdev->flags))
663 continue;
664
665 skb = create_monitor_event(hdev, HCI_DEV_OPEN);
666 if (!skb)
667 continue;
668
669 if (sock_queue_rcv_skb(sk, skb))
670 kfree_skb(skb);
Marcel Holtmann6c566dd2015-10-07 15:32:13 +0200671
Marcel Holtmanne131d742015-10-20 02:30:47 +0200672 if (test_bit(HCI_UP, &hdev->flags))
673 skb = create_monitor_event(hdev, HCI_DEV_UP);
674 else if (hci_dev_test_flag(hdev, HCI_SETUP))
675 skb = create_monitor_event(hdev, HCI_DEV_SETUP);
676 else
677 skb = NULL;
Marcel Holtmann6c566dd2015-10-07 15:32:13 +0200678
Marcel Holtmanne131d742015-10-20 02:30:47 +0200679 if (skb) {
680 if (sock_queue_rcv_skb(sk, skb))
681 kfree_skb(skb);
682 }
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100683 }
684
685 read_unlock(&hci_dev_list_lock);
686}
687
Marcel Holtmann249fa162016-08-27 20:23:40 +0200688static void send_monitor_control_replay(struct sock *mon_sk)
689{
690 struct sock *sk;
691
692 read_lock(&hci_sk_list.lock);
693
694 sk_for_each(sk, &hci_sk_list.head) {
695 struct sk_buff *skb;
696
Marcel Holtmann249fa162016-08-27 20:23:40 +0200697 skb = create_monitor_ctrl_open(sk);
698 if (!skb)
699 continue;
700
701 if (sock_queue_rcv_skb(mon_sk, skb))
702 kfree_skb(skb);
703 }
704
705 read_unlock(&hci_sk_list.lock);
706}
707
Marcel Holtmann040030e2012-02-20 14:50:37 +0100708/* Generate internal stack event */
709static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
710{
711 struct hci_event_hdr *hdr;
712 struct hci_ev_stack_internal *ev;
713 struct sk_buff *skb;
714
715 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
716 if (!skb)
717 return;
718
Johannes Berg4df864c2017-06-16 14:29:21 +0200719 hdr = skb_put(skb, HCI_EVENT_HDR_SIZE);
Marcel Holtmann040030e2012-02-20 14:50:37 +0100720 hdr->evt = HCI_EV_STACK_INTERNAL;
721 hdr->plen = sizeof(*ev) + dlen;
722
Johannes Berg4df864c2017-06-16 14:29:21 +0200723 ev = skb_put(skb, sizeof(*ev) + dlen);
Marcel Holtmann040030e2012-02-20 14:50:37 +0100724 ev->type = type;
725 memcpy(ev->data, data, dlen);
726
727 bt_cb(skb)->incoming = 1;
728 __net_timestamp(skb);
729
Marcel Holtmannd79f34e2015-11-05 07:10:00 +0100730 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
Marcel Holtmann040030e2012-02-20 14:50:37 +0100731 hci_send_to_sock(hdev, skb);
732 kfree_skb(skb);
733}
734
735void hci_sock_dev_event(struct hci_dev *hdev, int event)
736{
Marcel Holtmann040030e2012-02-20 14:50:37 +0100737 BT_DBG("hdev %s event %d", hdev->name, event);
738
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100739 if (atomic_read(&monitor_promisc)) {
740 struct sk_buff *skb;
741
Marcel Holtmanned1b28a2015-10-04 23:33:59 +0200742 /* Send event to monitor */
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100743 skb = create_monitor_event(hdev, event);
744 if (skb) {
Marcel Holtmannc08b1a12015-03-14 19:27:59 -0700745 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
746 HCI_SOCK_TRUSTED, NULL);
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100747 kfree_skb(skb);
748 }
749 }
750
Marcel Holtmanned1b28a2015-10-04 23:33:59 +0200751 if (event <= HCI_DEV_DOWN) {
752 struct hci_ev_si_device ev;
753
754 /* Send event to sockets */
755 ev.event = event;
756 ev.dev_id = hdev->id;
757 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
758 }
Marcel Holtmann040030e2012-02-20 14:50:37 +0100759
760 if (event == HCI_DEV_UNREG) {
761 struct sock *sk;
Marcel Holtmann040030e2012-02-20 14:50:37 +0100762
763 /* Detach sockets from device */
764 read_lock(&hci_sk_list.lock);
Sasha Levinb67bfe02013-02-27 17:06:00 -0800765 sk_for_each(sk, &hci_sk_list.head) {
Marcel Holtmann040030e2012-02-20 14:50:37 +0100766 bh_lock_sock_nested(sk);
767 if (hci_pi(sk)->hdev == hdev) {
768 hci_pi(sk)->hdev = NULL;
769 sk->sk_err = EPIPE;
770 sk->sk_state = BT_OPEN;
771 sk->sk_state_change(sk);
772
773 hci_dev_put(hdev);
774 }
775 bh_unlock_sock(sk);
776 }
777 read_unlock(&hci_sk_list.lock);
778 }
779}
780
Johan Hedberg801c1e82015-03-06 21:08:50 +0200781static struct hci_mgmt_chan *__hci_mgmt_chan_find(unsigned short channel)
782{
783 struct hci_mgmt_chan *c;
784
785 list_for_each_entry(c, &mgmt_chan_list, list) {
786 if (c->channel == channel)
787 return c;
788 }
789
790 return NULL;
791}
792
793static struct hci_mgmt_chan *hci_mgmt_chan_find(unsigned short channel)
794{
795 struct hci_mgmt_chan *c;
796
797 mutex_lock(&mgmt_chan_list_lock);
798 c = __hci_mgmt_chan_find(channel);
799 mutex_unlock(&mgmt_chan_list_lock);
800
801 return c;
802}
803
804int hci_mgmt_chan_register(struct hci_mgmt_chan *c)
805{
806 if (c->channel < HCI_CHANNEL_CONTROL)
807 return -EINVAL;
808
809 mutex_lock(&mgmt_chan_list_lock);
810 if (__hci_mgmt_chan_find(c->channel)) {
811 mutex_unlock(&mgmt_chan_list_lock);
812 return -EALREADY;
813 }
814
815 list_add_tail(&c->list, &mgmt_chan_list);
816
817 mutex_unlock(&mgmt_chan_list_lock);
818
819 return 0;
820}
821EXPORT_SYMBOL(hci_mgmt_chan_register);
822
823void hci_mgmt_chan_unregister(struct hci_mgmt_chan *c)
824{
825 mutex_lock(&mgmt_chan_list_lock);
826 list_del(&c->list);
827 mutex_unlock(&mgmt_chan_list_lock);
828}
829EXPORT_SYMBOL(hci_mgmt_chan_unregister);
830
Linus Torvalds1da177e2005-04-16 15:20:36 -0700831static int hci_sock_release(struct socket *sock)
832{
833 struct sock *sk = sock->sk;
Marcel Holtmann7b005bd2006-02-13 11:40:03 +0100834 struct hci_dev *hdev;
Marcel Holtmann249fa162016-08-27 20:23:40 +0200835 struct sk_buff *skb;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700836
837 BT_DBG("sock %p sk %p", sock, sk);
838
839 if (!sk)
840 return 0;
841
Dan Carpenter11eb85e2020-01-15 20:49:04 +0300842 lock_sock(sk);
843
Marcel Holtmann70ecce92016-08-27 20:23:38 +0200844 switch (hci_pi(sk)->channel) {
845 case HCI_CHANNEL_MONITOR:
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100846 atomic_dec(&monitor_promisc);
Marcel Holtmann70ecce92016-08-27 20:23:38 +0200847 break;
Marcel Holtmannf81f5b22016-08-30 05:00:39 +0200848 case HCI_CHANNEL_RAW:
Marcel Holtmannaa1638dd2016-09-01 19:48:28 +0200849 case HCI_CHANNEL_USER:
Marcel Holtmann70ecce92016-08-27 20:23:38 +0200850 case HCI_CHANNEL_CONTROL:
Marcel Holtmann249fa162016-08-27 20:23:40 +0200851 /* Send event to monitor */
852 skb = create_monitor_ctrl_close(sk);
853 if (skb) {
854 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
855 HCI_SOCK_TRUSTED, NULL);
856 kfree_skb(skb);
857 }
858
Marcel Holtmanndf1cb872016-08-30 05:00:34 +0200859 hci_sock_free_cookie(sk);
Marcel Holtmann70ecce92016-08-27 20:23:38 +0200860 break;
861 }
Marcel Holtmanncd82e612012-02-20 20:34:38 +0100862
Linus Torvalds1da177e2005-04-16 15:20:36 -0700863 bt_sock_unlink(&hci_sk_list, sk);
864
Myungho Junge20a2e92019-02-02 16:56:36 -0800865 hdev = hci_pi(sk)->hdev;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700866 if (hdev) {
Marcel Holtmann23500182013-08-26 21:40:52 -0700867 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
Masahiro Yamada9332ef92017-02-27 14:28:47 -0800868 /* When releasing a user channel exclusive access,
Simon Fels6b3cc1d2015-09-02 12:10:12 +0200869 * call hci_dev_do_close directly instead of calling
870 * hci_dev_close to ensure the exclusive access will
871 * be released and the controller brought back down.
872 *
873 * The checking of HCI_AUTO_OFF is not needed in this
874 * case since it will have been cleared already when
875 * opening the user channel.
876 */
877 hci_dev_do_close(hdev);
Loic Poulain9380f9e2015-05-21 16:46:41 +0200878 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
879 mgmt_index_added(hdev);
Marcel Holtmann23500182013-08-26 21:40:52 -0700880 }
881
Linus Torvalds1da177e2005-04-16 15:20:36 -0700882 atomic_dec(&hdev->promisc);
883 hci_dev_put(hdev);
884 }
885
886 sock_orphan(sk);
887
888 skb_queue_purge(&sk->sk_receive_queue);
889 skb_queue_purge(&sk->sk_write_queue);
890
Dan Carpenter11eb85e2020-01-15 20:49:04 +0300891 release_sock(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700892 sock_put(sk);
893 return 0;
894}
895
Antti Julkub2a66aa2011-06-15 12:01:14 +0300896static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
Johan Hedbergf0358562010-05-18 13:20:32 +0200897{
898 bdaddr_t bdaddr;
Antti Julku5e762442011-08-25 16:48:02 +0300899 int err;
Johan Hedbergf0358562010-05-18 13:20:32 +0200900
901 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
902 return -EFAULT;
903
Gustavo F. Padovan09fd0de2011-06-17 13:03:21 -0300904 hci_dev_lock(hdev);
Antti Julku5e762442011-08-25 16:48:02 +0300905
Johan Hedbergdcc36c12014-07-09 12:59:13 +0300906 err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
Antti Julku5e762442011-08-25 16:48:02 +0300907
Gustavo F. Padovan09fd0de2011-06-17 13:03:21 -0300908 hci_dev_unlock(hdev);
Antti Julku5e762442011-08-25 16:48:02 +0300909
910 return err;
Johan Hedbergf0358562010-05-18 13:20:32 +0200911}
912
Antti Julkub2a66aa2011-06-15 12:01:14 +0300913static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
Johan Hedbergf0358562010-05-18 13:20:32 +0200914{
915 bdaddr_t bdaddr;
Antti Julku5e762442011-08-25 16:48:02 +0300916 int err;
Johan Hedbergf0358562010-05-18 13:20:32 +0200917
918 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
919 return -EFAULT;
920
Gustavo F. Padovan09fd0de2011-06-17 13:03:21 -0300921 hci_dev_lock(hdev);
Antti Julku5e762442011-08-25 16:48:02 +0300922
Johan Hedbergdcc36c12014-07-09 12:59:13 +0300923 err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
Antti Julku5e762442011-08-25 16:48:02 +0300924
Gustavo F. Padovan09fd0de2011-06-17 13:03:21 -0300925 hci_dev_unlock(hdev);
Antti Julku5e762442011-08-25 16:48:02 +0300926
927 return err;
Johan Hedbergf0358562010-05-18 13:20:32 +0200928}
929
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900930/* Ioctls that require bound socket */
Gustavo Padovan6039aa72012-05-23 04:04:18 -0300931static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
932 unsigned long arg)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700933{
934 struct hci_dev *hdev = hci_pi(sk)->hdev;
935
936 if (!hdev)
937 return -EBADFD;
938
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700939 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
Marcel Holtmann0736cfa2013-08-26 21:40:51 -0700940 return -EBUSY;
941
Marcel Holtmannd7a5a112015-03-13 02:11:00 -0700942 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
Marcel Holtmannfee746b2014-06-29 12:13:05 +0200943 return -EOPNOTSUPP;
944
Marcel Holtmannca8bee52016-07-05 14:30:14 +0200945 if (hdev->dev_type != HCI_PRIMARY)
Marcel Holtmann5b69bef52013-10-10 10:02:08 -0700946 return -EOPNOTSUPP;
947
Linus Torvalds1da177e2005-04-16 15:20:36 -0700948 switch (cmd) {
949 case HCISETRAW:
950 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +0000951 return -EPERM;
Marcel Holtmanndb596682014-04-16 20:04:38 -0700952 return -EOPNOTSUPP;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700953
Linus Torvalds1da177e2005-04-16 15:20:36 -0700954 case HCIGETCONNINFO:
Marcel Holtmann8528d3f2015-11-08 07:47:11 +0100955 return hci_get_conn_info(hdev, (void __user *)arg);
Marcel Holtmann40be4922008-07-14 20:13:50 +0200956
957 case HCIGETAUTHINFO:
Marcel Holtmann8528d3f2015-11-08 07:47:11 +0100958 return hci_get_auth_info(hdev, (void __user *)arg);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700959
Johan Hedbergf0358562010-05-18 13:20:32 +0200960 case HCIBLOCKADDR:
961 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +0000962 return -EPERM;
Marcel Holtmann8528d3f2015-11-08 07:47:11 +0100963 return hci_sock_blacklist_add(hdev, (void __user *)arg);
Johan Hedbergf0358562010-05-18 13:20:32 +0200964
965 case HCIUNBLOCKADDR:
966 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +0000967 return -EPERM;
Marcel Holtmann8528d3f2015-11-08 07:47:11 +0100968 return hci_sock_blacklist_del(hdev, (void __user *)arg);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700969 }
Marcel Holtmann0736cfa2013-08-26 21:40:51 -0700970
Marcel Holtmann324d36e2013-10-10 10:50:06 -0700971 return -ENOIOCTLCMD;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700972}
973
Gustavo Padovan8fc9ced2012-05-23 04:04:21 -0300974static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
975 unsigned long arg)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700976{
Marcel Holtmann8528d3f2015-11-08 07:47:11 +0100977 void __user *argp = (void __user *)arg;
Marcel Holtmann0736cfa2013-08-26 21:40:51 -0700978 struct sock *sk = sock->sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700979 int err;
980
981 BT_DBG("cmd %x arg %lx", cmd, arg);
982
Marcel Holtmannc1c4f952013-08-26 09:39:55 -0700983 lock_sock(sk);
984
985 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
986 err = -EBADFD;
987 goto done;
988 }
989
Marcel Holtmannf81f5b22016-08-30 05:00:39 +0200990 /* When calling an ioctl on an unbound raw socket, then ensure
991 * that the monitor gets informed. Ensure that the resulting event
992 * is only send once by checking if the cookie exists or not. The
993 * socket cookie will be only ever generated once for the lifetime
994 * of a given socket.
995 */
996 if (hci_sock_gen_cookie(sk)) {
997 struct sk_buff *skb;
998
999 if (capable(CAP_NET_ADMIN))
1000 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1001
1002 /* Send event to monitor */
1003 skb = create_monitor_ctrl_open(sk);
1004 if (skb) {
1005 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1006 HCI_SOCK_TRUSTED, NULL);
1007 kfree_skb(skb);
1008 }
1009 }
1010
Marcel Holtmannc1c4f952013-08-26 09:39:55 -07001011 release_sock(sk);
1012
Linus Torvalds1da177e2005-04-16 15:20:36 -07001013 switch (cmd) {
1014 case HCIGETDEVLIST:
1015 return hci_get_dev_list(argp);
1016
1017 case HCIGETDEVINFO:
1018 return hci_get_dev_info(argp);
1019
1020 case HCIGETCONNLIST:
1021 return hci_get_conn_list(argp);
1022
1023 case HCIDEVUP:
1024 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +00001025 return -EPERM;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001026 return hci_dev_open(arg);
1027
1028 case HCIDEVDOWN:
1029 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +00001030 return -EPERM;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001031 return hci_dev_close(arg);
1032
1033 case HCIDEVRESET:
1034 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +00001035 return -EPERM;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001036 return hci_dev_reset(arg);
1037
1038 case HCIDEVRESTAT:
1039 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +00001040 return -EPERM;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001041 return hci_dev_reset_stat(arg);
1042
1043 case HCISETSCAN:
1044 case HCISETAUTH:
1045 case HCISETENCRYPT:
1046 case HCISETPTYPE:
1047 case HCISETLINKPOL:
1048 case HCISETLINKMODE:
1049 case HCISETACLMTU:
1050 case HCISETSCOMTU:
1051 if (!capable(CAP_NET_ADMIN))
Zhao Hongjiangbf5b30b2012-09-20 22:37:25 +00001052 return -EPERM;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001053 return hci_dev_cmd(cmd, argp);
1054
1055 case HCIINQUIRY:
1056 return hci_inquiry(argp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001057 }
Marcel Holtmannc1c4f952013-08-26 09:39:55 -07001058
1059 lock_sock(sk);
1060
1061 err = hci_sock_bound_ioctl(sk, cmd, arg);
1062
1063done:
1064 release_sock(sk);
1065 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001066}
1067
Arnd Bergmann7a6038b2019-03-14 14:10:33 +01001068#ifdef CONFIG_COMPAT
1069static int hci_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
1070 unsigned long arg)
1071{
1072 switch (cmd) {
1073 case HCIDEVUP:
1074 case HCIDEVDOWN:
1075 case HCIDEVRESET:
1076 case HCIDEVRESTAT:
1077 return hci_sock_ioctl(sock, cmd, arg);
1078 }
1079
1080 return hci_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
1081}
1082#endif
1083
Gustavo Padovan8fc9ced2012-05-23 04:04:21 -03001084static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
1085 int addr_len)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001086{
Johan Hedberg03811012010-12-08 00:21:06 +02001087 struct sockaddr_hci haddr;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001088 struct sock *sk = sock->sk;
1089 struct hci_dev *hdev = NULL;
Marcel Holtmannf4cdbb32016-08-30 05:00:40 +02001090 struct sk_buff *skb;
Johan Hedberg03811012010-12-08 00:21:06 +02001091 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001092
1093 BT_DBG("sock %p sk %p", sock, sk);
1094
Johan Hedberg03811012010-12-08 00:21:06 +02001095 if (!addr)
1096 return -EINVAL;
1097
1098 memset(&haddr, 0, sizeof(haddr));
1099 len = min_t(unsigned int, sizeof(haddr), addr_len);
1100 memcpy(&haddr, addr, len);
1101
1102 if (haddr.hci_family != AF_BLUETOOTH)
1103 return -EINVAL;
1104
Linus Torvalds1da177e2005-04-16 15:20:36 -07001105 lock_sock(sk);
1106
Marcel Holtmann7cc2ade2012-02-20 14:50:35 +01001107 if (sk->sk_state == BT_BOUND) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001108 err = -EALREADY;
1109 goto done;
1110 }
1111
Marcel Holtmann7cc2ade2012-02-20 14:50:35 +01001112 switch (haddr.hci_channel) {
1113 case HCI_CHANNEL_RAW:
1114 if (hci_pi(sk)->hdev) {
1115 err = -EALREADY;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001116 goto done;
1117 }
1118
Marcel Holtmann7cc2ade2012-02-20 14:50:35 +01001119 if (haddr.hci_dev != HCI_DEV_NONE) {
1120 hdev = hci_dev_get(haddr.hci_dev);
1121 if (!hdev) {
1122 err = -ENODEV;
1123 goto done;
1124 }
1125
1126 atomic_inc(&hdev->promisc);
1127 }
1128
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001129 hci_pi(sk)->channel = haddr.hci_channel;
Marcel Holtmannf81f5b22016-08-30 05:00:39 +02001130
Marcel Holtmannf4cdbb32016-08-30 05:00:40 +02001131 if (!hci_sock_gen_cookie(sk)) {
1132 /* In the case when a cookie has already been assigned,
1133 * then there has been already an ioctl issued against
1134 * an unbound socket and with that triggerd an open
1135 * notification. Send a close notification first to
1136 * allow the state transition to bounded.
1137 */
1138 skb = create_monitor_ctrl_close(sk);
Marcel Holtmannf81f5b22016-08-30 05:00:39 +02001139 if (skb) {
1140 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1141 HCI_SOCK_TRUSTED, NULL);
1142 kfree_skb(skb);
1143 }
1144 }
Marcel Holtmannf4cdbb32016-08-30 05:00:40 +02001145
1146 if (capable(CAP_NET_ADMIN))
1147 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1148
1149 hci_pi(sk)->hdev = hdev;
1150
1151 /* Send event to monitor */
1152 skb = create_monitor_ctrl_open(sk);
1153 if (skb) {
1154 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1155 HCI_SOCK_TRUSTED, NULL);
1156 kfree_skb(skb);
1157 }
Marcel Holtmann7cc2ade2012-02-20 14:50:35 +01001158 break;
1159
Marcel Holtmann23500182013-08-26 21:40:52 -07001160 case HCI_CHANNEL_USER:
1161 if (hci_pi(sk)->hdev) {
1162 err = -EALREADY;
1163 goto done;
1164 }
1165
1166 if (haddr.hci_dev == HCI_DEV_NONE) {
1167 err = -EINVAL;
1168 goto done;
1169 }
1170
Marcel Holtmann10a8b862013-10-01 22:59:24 -07001171 if (!capable(CAP_NET_ADMIN)) {
Marcel Holtmann23500182013-08-26 21:40:52 -07001172 err = -EPERM;
1173 goto done;
1174 }
1175
1176 hdev = hci_dev_get(haddr.hci_dev);
1177 if (!hdev) {
1178 err = -ENODEV;
1179 goto done;
1180 }
1181
Marcel Holtmann781f8992015-06-06 06:06:49 +02001182 if (test_bit(HCI_INIT, &hdev->flags) ||
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07001183 hci_dev_test_flag(hdev, HCI_SETUP) ||
Marcel Holtmann781f8992015-06-06 06:06:49 +02001184 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1185 (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1186 test_bit(HCI_UP, &hdev->flags))) {
Marcel Holtmann23500182013-08-26 21:40:52 -07001187 err = -EBUSY;
1188 hci_dev_put(hdev);
1189 goto done;
1190 }
1191
Marcel Holtmann238be782015-03-13 02:11:06 -07001192 if (hci_dev_test_and_set_flag(hdev, HCI_USER_CHANNEL)) {
Marcel Holtmann23500182013-08-26 21:40:52 -07001193 err = -EUSERS;
1194 hci_dev_put(hdev);
1195 goto done;
1196 }
1197
Marcel Holtmann0602a8a2014-07-02 21:30:54 +02001198 mgmt_index_removed(hdev);
Marcel Holtmann23500182013-08-26 21:40:52 -07001199
1200 err = hci_dev_open(hdev->id);
1201 if (err) {
Marcel Holtmann781f8992015-06-06 06:06:49 +02001202 if (err == -EALREADY) {
1203 /* In case the transport is already up and
1204 * running, clear the error here.
1205 *
Masahiro Yamada9332ef92017-02-27 14:28:47 -08001206 * This can happen when opening a user
Marcel Holtmann781f8992015-06-06 06:06:49 +02001207 * channel and HCI_AUTO_OFF grace period
1208 * is still active.
1209 */
1210 err = 0;
1211 } else {
1212 hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
1213 mgmt_index_added(hdev);
1214 hci_dev_put(hdev);
1215 goto done;
1216 }
Marcel Holtmann23500182013-08-26 21:40:52 -07001217 }
1218
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001219 hci_pi(sk)->channel = haddr.hci_channel;
Marcel Holtmannaa1638dd2016-09-01 19:48:28 +02001220
1221 if (!hci_sock_gen_cookie(sk)) {
1222 /* In the case when a cookie has already been assigned,
1223 * this socket will transition from a raw socket into
Masahiro Yamada9332ef92017-02-27 14:28:47 -08001224 * a user channel socket. For a clean transition, send
Marcel Holtmannaa1638dd2016-09-01 19:48:28 +02001225 * the close notification first.
1226 */
1227 skb = create_monitor_ctrl_close(sk);
1228 if (skb) {
1229 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1230 HCI_SOCK_TRUSTED, NULL);
1231 kfree_skb(skb);
1232 }
1233 }
1234
1235 /* The user channel is restricted to CAP_NET_ADMIN
1236 * capabilities and with that implicitly trusted.
1237 */
1238 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1239
Marcel Holtmann23500182013-08-26 21:40:52 -07001240 hci_pi(sk)->hdev = hdev;
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001241
Marcel Holtmannaa1638dd2016-09-01 19:48:28 +02001242 /* Send event to monitor */
1243 skb = create_monitor_ctrl_open(sk);
1244 if (skb) {
1245 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1246 HCI_SOCK_TRUSTED, NULL);
1247 kfree_skb(skb);
1248 }
1249
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001250 atomic_inc(&hdev->promisc);
Marcel Holtmann23500182013-08-26 21:40:52 -07001251 break;
1252
Marcel Holtmanncd82e612012-02-20 20:34:38 +01001253 case HCI_CHANNEL_MONITOR:
1254 if (haddr.hci_dev != HCI_DEV_NONE) {
1255 err = -EINVAL;
1256 goto done;
1257 }
1258
1259 if (!capable(CAP_NET_RAW)) {
1260 err = -EPERM;
1261 goto done;
1262 }
1263
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001264 hci_pi(sk)->channel = haddr.hci_channel;
1265
Marcel Holtmann50ebc052015-03-14 19:27:58 -07001266 /* The monitor interface is restricted to CAP_NET_RAW
1267 * capabilities and with that implicitly trusted.
1268 */
1269 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
1270
Johannes Berg787b3062016-01-06 14:38:40 +01001271 send_monitor_note(sk, "Linux version %s (%s)",
1272 init_utsname()->release,
1273 init_utsname()->machine);
Marcel Holtmann9e8305b2016-08-30 05:00:35 +02001274 send_monitor_note(sk, "Bluetooth subsystem version %u.%u",
1275 BT_SUBSYS_VERSION, BT_SUBSYS_REVISION);
Marcel Holtmanncd82e612012-02-20 20:34:38 +01001276 send_monitor_replay(sk);
Marcel Holtmann249fa162016-08-27 20:23:40 +02001277 send_monitor_control_replay(sk);
Marcel Holtmanncd82e612012-02-20 20:34:38 +01001278
1279 atomic_inc(&monitor_promisc);
1280 break;
1281
Marcel Holtmannac714942015-11-08 07:47:13 +01001282 case HCI_CHANNEL_LOGGING:
1283 if (haddr.hci_dev != HCI_DEV_NONE) {
1284 err = -EINVAL;
1285 goto done;
1286 }
1287
1288 if (!capable(CAP_NET_ADMIN)) {
1289 err = -EPERM;
1290 goto done;
1291 }
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001292
1293 hci_pi(sk)->channel = haddr.hci_channel;
Marcel Holtmannac714942015-11-08 07:47:13 +01001294 break;
1295
Marcel Holtmann7cc2ade2012-02-20 14:50:35 +01001296 default:
Johan Hedberg801c1e82015-03-06 21:08:50 +02001297 if (!hci_mgmt_chan_find(haddr.hci_channel)) {
1298 err = -EINVAL;
1299 goto done;
1300 }
1301
1302 if (haddr.hci_dev != HCI_DEV_NONE) {
1303 err = -EINVAL;
1304 goto done;
1305 }
1306
Marcel Holtmann1195fbb2015-03-14 19:28:04 -07001307 /* Users with CAP_NET_ADMIN capabilities are allowed
1308 * access to all management commands and events. For
1309 * untrusted users the interface is restricted and
1310 * also only untrusted events are sent.
Marcel Holtmann50ebc052015-03-14 19:27:58 -07001311 */
Marcel Holtmann1195fbb2015-03-14 19:28:04 -07001312 if (capable(CAP_NET_ADMIN))
1313 hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
Marcel Holtmann50ebc052015-03-14 19:27:58 -07001314
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001315 hci_pi(sk)->channel = haddr.hci_channel;
1316
Marcel Holtmannf9207332015-03-14 19:27:55 -07001317 /* At the moment the index and unconfigured index events
1318 * are enabled unconditionally. Setting them on each
1319 * socket when binding keeps this functionality. They
1320 * however might be cleared later and then sending of these
1321 * events will be disabled, but that is then intentional.
Marcel Holtmannf6b77122015-03-14 19:28:05 -07001322 *
1323 * This also enables generic events that are safe to be
1324 * received by untrusted users. Example for such events
1325 * are changes to settings, class of device, name etc.
Marcel Holtmannf9207332015-03-14 19:27:55 -07001326 */
Marcel Holtmann5a6d2cf2016-08-30 05:00:37 +02001327 if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
Marcel Holtmannf4cdbb32016-08-30 05:00:40 +02001328 if (!hci_sock_gen_cookie(sk)) {
1329 /* In the case when a cookie has already been
1330 * assigned, this socket will transtion from
1331 * a raw socket into a control socket. To
1332 * allow for a clean transtion, send the
1333 * close notification first.
1334 */
1335 skb = create_monitor_ctrl_close(sk);
1336 if (skb) {
1337 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1338 HCI_SOCK_TRUSTED, NULL);
1339 kfree_skb(skb);
1340 }
1341 }
Marcel Holtmann70ecce92016-08-27 20:23:38 +02001342
Marcel Holtmann249fa162016-08-27 20:23:40 +02001343 /* Send event to monitor */
1344 skb = create_monitor_ctrl_open(sk);
1345 if (skb) {
1346 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1347 HCI_SOCK_TRUSTED, NULL);
1348 kfree_skb(skb);
1349 }
1350
Marcel Holtmannf9207332015-03-14 19:27:55 -07001351 hci_sock_set_flag(sk, HCI_MGMT_INDEX_EVENTS);
1352 hci_sock_set_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
Marcel Holtmann5504c3a2016-08-29 06:19:46 +02001353 hci_sock_set_flag(sk, HCI_MGMT_OPTION_EVENTS);
1354 hci_sock_set_flag(sk, HCI_MGMT_SETTING_EVENTS);
1355 hci_sock_set_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1356 hci_sock_set_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
Marcel Holtmannf9207332015-03-14 19:27:55 -07001357 }
Johan Hedberg801c1e82015-03-06 21:08:50 +02001358 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001359 }
1360
Linus Torvalds1da177e2005-04-16 15:20:36 -07001361 sk->sk_state = BT_BOUND;
1362
1363done:
1364 release_sock(sk);
1365 return err;
1366}
1367
Gustavo Padovan8fc9ced2012-05-23 04:04:21 -03001368static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
Denys Vlasenko9b2c45d2018-02-12 20:00:20 +01001369 int peer)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001370{
Marcel Holtmann8528d3f2015-11-08 07:47:11 +01001371 struct sockaddr_hci *haddr = (struct sockaddr_hci *)addr;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001372 struct sock *sk = sock->sk;
Marcel Holtmann9d4b68b2013-08-26 00:20:37 -07001373 struct hci_dev *hdev;
1374 int err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001375
1376 BT_DBG("sock %p sk %p", sock, sk);
1377
Marcel Holtmann06f43cb2013-08-26 00:06:30 -07001378 if (peer)
1379 return -EOPNOTSUPP;
1380
Linus Torvalds1da177e2005-04-16 15:20:36 -07001381 lock_sock(sk);
1382
Marcel Holtmann9d4b68b2013-08-26 00:20:37 -07001383 hdev = hci_pi(sk)->hdev;
1384 if (!hdev) {
1385 err = -EBADFD;
1386 goto done;
1387 }
1388
Linus Torvalds1da177e2005-04-16 15:20:36 -07001389 haddr->hci_family = AF_BLUETOOTH;
Marcel Holtmann7b005bd2006-02-13 11:40:03 +01001390 haddr->hci_dev = hdev->id;
Marcel Holtmann9d4b68b2013-08-26 00:20:37 -07001391 haddr->hci_channel= hci_pi(sk)->channel;
Denys Vlasenko9b2c45d2018-02-12 20:00:20 +01001392 err = sizeof(*haddr);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001393
Marcel Holtmann9d4b68b2013-08-26 00:20:37 -07001394done:
Linus Torvalds1da177e2005-04-16 15:20:36 -07001395 release_sock(sk);
Marcel Holtmann9d4b68b2013-08-26 00:20:37 -07001396 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001397}
1398
Gustavo Padovan6039aa72012-05-23 04:04:18 -03001399static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg,
1400 struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001401{
1402 __u32 mask = hci_pi(sk)->cmsg_mask;
1403
Marcel Holtmann0d48d932005-08-09 20:30:28 -07001404 if (mask & HCI_CMSG_DIR) {
1405 int incoming = bt_cb(skb)->incoming;
Gustavo Padovan8fc9ced2012-05-23 04:04:21 -03001406 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming),
1407 &incoming);
Marcel Holtmann0d48d932005-08-09 20:30:28 -07001408 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001409
Patrick McHardya61bbcf2005-08-14 17:24:31 -07001410 if (mask & HCI_CMSG_TSTAMP) {
Johann Felix Sodenf6e623a2010-02-15 22:23:48 +01001411#ifdef CONFIG_COMPAT
Deepa Dinamani13c6ee22019-02-02 07:34:48 -08001412 struct old_timeval32 ctv;
Johann Felix Sodenf6e623a2010-02-15 22:23:48 +01001413#endif
Deepa Dinamani13c6ee22019-02-02 07:34:48 -08001414 struct __kernel_old_timeval tv;
Marcel Holtmann767c5eb2007-09-09 08:39:34 +02001415 void *data;
1416 int len;
Patrick McHardya61bbcf2005-08-14 17:24:31 -07001417
1418 skb_get_timestamp(skb, &tv);
Marcel Holtmann767c5eb2007-09-09 08:39:34 +02001419
David S. Miller1da97f82007-09-12 14:10:58 +02001420 data = &tv;
1421 len = sizeof(tv);
1422#ifdef CONFIG_COMPAT
H. J. Luda88cea2012-02-10 14:12:15 -08001423 if (!COMPAT_USE_64BIT_TIME &&
1424 (msg->msg_flags & MSG_CMSG_COMPAT)) {
Marcel Holtmann767c5eb2007-09-09 08:39:34 +02001425 ctv.tv_sec = tv.tv_sec;
1426 ctv.tv_usec = tv.tv_usec;
1427 data = &ctv;
1428 len = sizeof(ctv);
Marcel Holtmann767c5eb2007-09-09 08:39:34 +02001429 }
David S. Miller1da97f82007-09-12 14:10:58 +02001430#endif
Marcel Holtmann767c5eb2007-09-09 08:39:34 +02001431
1432 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
Patrick McHardya61bbcf2005-08-14 17:24:31 -07001433 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001434}
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001435
Marcel Holtmann8528d3f2015-11-08 07:47:11 +01001436static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1437 size_t len, int flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001438{
1439 int noblock = flags & MSG_DONTWAIT;
1440 struct sock *sk = sock->sk;
1441 struct sk_buff *skb;
1442 int copied, err;
Denis Kenzior83871f82016-06-27 11:01:13 -05001443 unsigned int skblen;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001444
1445 BT_DBG("sock %p, sk %p", sock, sk);
1446
Marcel Holtmannd94a6102015-10-25 22:45:18 +01001447 if (flags & MSG_OOB)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001448 return -EOPNOTSUPP;
1449
Marcel Holtmannac714942015-11-08 07:47:13 +01001450 if (hci_pi(sk)->channel == HCI_CHANNEL_LOGGING)
1451 return -EOPNOTSUPP;
1452
Linus Torvalds1da177e2005-04-16 15:20:36 -07001453 if (sk->sk_state == BT_CLOSED)
1454 return 0;
1455
Andrei Emeltchenko70f230202010-12-01 16:58:25 +02001456 skb = skb_recv_datagram(sk, flags, noblock, &err);
1457 if (!skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001458 return err;
1459
Denis Kenzior83871f82016-06-27 11:01:13 -05001460 skblen = skb->len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001461 copied = skb->len;
1462 if (len < copied) {
1463 msg->msg_flags |= MSG_TRUNC;
1464 copied = len;
1465 }
1466
Arnaldo Carvalho de Melobadff6d2007-03-13 13:06:52 -03001467 skb_reset_transport_header(skb);
David S. Miller51f3d022014-11-05 16:46:40 -05001468 err = skb_copy_datagram_msg(skb, 0, msg, copied);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001469
Marcel Holtmann3a208622012-02-20 14:50:34 +01001470 switch (hci_pi(sk)->channel) {
1471 case HCI_CHANNEL_RAW:
1472 hci_sock_cmsg(sk, msg, skb);
1473 break;
Marcel Holtmann23500182013-08-26 21:40:52 -07001474 case HCI_CHANNEL_USER:
Marcel Holtmanncd82e612012-02-20 20:34:38 +01001475 case HCI_CHANNEL_MONITOR:
1476 sock_recv_timestamp(msg, sk, skb);
1477 break;
Johan Hedberg801c1e82015-03-06 21:08:50 +02001478 default:
1479 if (hci_mgmt_chan_find(hci_pi(sk)->channel))
1480 sock_recv_timestamp(msg, sk, skb);
1481 break;
Marcel Holtmann3a208622012-02-20 14:50:34 +01001482 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001483
1484 skb_free_datagram(sk, skb);
1485
Luiz Augusto von Dentz4f342282016-08-15 16:02:20 +03001486 if (flags & MSG_TRUNC)
Denis Kenzior83871f82016-06-27 11:01:13 -05001487 copied = skblen;
1488
Linus Torvalds1da177e2005-04-16 15:20:36 -07001489 return err ? : copied;
1490}
1491
Johan Hedbergfa4335d2015-03-17 13:48:50 +02001492static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
1493 struct msghdr *msg, size_t msglen)
1494{
1495 void *buf;
1496 u8 *cp;
1497 struct mgmt_hdr *hdr;
1498 u16 opcode, index, len;
1499 struct hci_dev *hdev = NULL;
1500 const struct hci_mgmt_handler *handler;
1501 bool var_len, no_hdev;
1502 int err;
1503
1504 BT_DBG("got %zu bytes", msglen);
1505
1506 if (msglen < sizeof(*hdr))
1507 return -EINVAL;
1508
1509 buf = kmalloc(msglen, GFP_KERNEL);
1510 if (!buf)
1511 return -ENOMEM;
1512
1513 if (memcpy_from_msg(buf, msg, msglen)) {
1514 err = -EFAULT;
1515 goto done;
1516 }
1517
1518 hdr = buf;
1519 opcode = __le16_to_cpu(hdr->opcode);
1520 index = __le16_to_cpu(hdr->index);
1521 len = __le16_to_cpu(hdr->len);
1522
1523 if (len != msglen - sizeof(*hdr)) {
1524 err = -EINVAL;
1525 goto done;
1526 }
1527
Marcel Holtmann38ceaa02016-08-27 20:23:41 +02001528 if (chan->channel == HCI_CHANNEL_CONTROL) {
1529 struct sk_buff *skb;
1530
1531 /* Send event to monitor */
1532 skb = create_monitor_ctrl_command(sk, index, opcode, len,
1533 buf + sizeof(*hdr));
1534 if (skb) {
1535 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
1536 HCI_SOCK_TRUSTED, NULL);
1537 kfree_skb(skb);
1538 }
1539 }
1540
Johan Hedbergfa4335d2015-03-17 13:48:50 +02001541 if (opcode >= chan->handler_count ||
1542 chan->handlers[opcode].func == NULL) {
1543 BT_DBG("Unknown op %u", opcode);
1544 err = mgmt_cmd_status(sk, index, opcode,
1545 MGMT_STATUS_UNKNOWN_COMMAND);
1546 goto done;
1547 }
1548
1549 handler = &chan->handlers[opcode];
1550
1551 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
1552 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
1553 err = mgmt_cmd_status(sk, index, opcode,
1554 MGMT_STATUS_PERMISSION_DENIED);
1555 goto done;
1556 }
1557
1558 if (index != MGMT_INDEX_NONE) {
1559 hdev = hci_dev_get(index);
1560 if (!hdev) {
1561 err = mgmt_cmd_status(sk, index, opcode,
1562 MGMT_STATUS_INVALID_INDEX);
1563 goto done;
1564 }
1565
1566 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1567 hci_dev_test_flag(hdev, HCI_CONFIG) ||
1568 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1569 err = mgmt_cmd_status(sk, index, opcode,
1570 MGMT_STATUS_INVALID_INDEX);
1571 goto done;
1572 }
1573
1574 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1575 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
1576 err = mgmt_cmd_status(sk, index, opcode,
1577 MGMT_STATUS_INVALID_INDEX);
1578 goto done;
1579 }
1580 }
1581
1582 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
1583 if (no_hdev != !hdev) {
1584 err = mgmt_cmd_status(sk, index, opcode,
1585 MGMT_STATUS_INVALID_INDEX);
1586 goto done;
1587 }
1588
1589 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
1590 if ((var_len && len < handler->data_len) ||
1591 (!var_len && len != handler->data_len)) {
1592 err = mgmt_cmd_status(sk, index, opcode,
1593 MGMT_STATUS_INVALID_PARAMS);
1594 goto done;
1595 }
1596
1597 if (hdev && chan->hdev_init)
1598 chan->hdev_init(sk, hdev);
1599
1600 cp = buf + sizeof(*hdr);
1601
1602 err = handler->func(sk, hdev, cp, len);
1603 if (err < 0)
1604 goto done;
1605
1606 err = msglen;
1607
1608done:
1609 if (hdev)
1610 hci_dev_put(hdev);
1611
1612 kfree(buf);
1613 return err;
1614}
1615
Marcel Holtmannac714942015-11-08 07:47:13 +01001616static int hci_logging_frame(struct sock *sk, struct msghdr *msg, int len)
1617{
1618 struct hci_mon_hdr *hdr;
1619 struct sk_buff *skb;
1620 struct hci_dev *hdev;
1621 u16 index;
1622 int err;
1623
1624 /* The logging frame consists at minimum of the standard header,
1625 * the priority byte, the ident length byte and at least one string
1626 * terminator NUL byte. Anything shorter are invalid packets.
1627 */
1628 if (len < sizeof(*hdr) + 3)
1629 return -EINVAL;
1630
1631 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1632 if (!skb)
1633 return err;
1634
1635 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1636 err = -EFAULT;
1637 goto drop;
1638 }
1639
1640 hdr = (void *)skb->data;
1641
1642 if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
1643 err = -EINVAL;
1644 goto drop;
1645 }
1646
1647 if (__le16_to_cpu(hdr->opcode) == 0x0000) {
1648 __u8 priority = skb->data[sizeof(*hdr)];
1649 __u8 ident_len = skb->data[sizeof(*hdr) + 1];
1650
1651 /* Only the priorities 0-7 are valid and with that any other
1652 * value results in an invalid packet.
1653 *
1654 * The priority byte is followed by an ident length byte and
1655 * the NUL terminated ident string. Check that the ident
1656 * length is not overflowing the packet and also that the
1657 * ident string itself is NUL terminated. In case the ident
1658 * length is zero, the length value actually doubles as NUL
1659 * terminator identifier.
1660 *
1661 * The message follows the ident string (if present) and
1662 * must be NUL terminated. Otherwise it is not a valid packet.
1663 */
1664 if (priority > 7 || skb->data[len - 1] != 0x00 ||
1665 ident_len > len - sizeof(*hdr) - 3 ||
1666 skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
1667 err = -EINVAL;
1668 goto drop;
1669 }
1670 } else {
1671 err = -EINVAL;
1672 goto drop;
1673 }
1674
1675 index = __le16_to_cpu(hdr->index);
1676
1677 if (index != MGMT_INDEX_NONE) {
1678 hdev = hci_dev_get(index);
1679 if (!hdev) {
1680 err = -ENODEV;
1681 goto drop;
1682 }
1683 } else {
1684 hdev = NULL;
1685 }
1686
1687 hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
1688
1689 hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
1690 err = len;
1691
1692 if (hdev)
1693 hci_dev_put(hdev);
1694
1695drop:
1696 kfree_skb(skb);
1697 return err;
1698}
1699
Ying Xue1b784142015-03-02 15:37:48 +08001700static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1701 size_t len)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001702{
1703 struct sock *sk = sock->sk;
Johan Hedberg801c1e82015-03-06 21:08:50 +02001704 struct hci_mgmt_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001705 struct hci_dev *hdev;
1706 struct sk_buff *skb;
1707 int err;
1708
1709 BT_DBG("sock %p sk %p", sock, sk);
1710
1711 if (msg->msg_flags & MSG_OOB)
1712 return -EOPNOTSUPP;
1713
Szymon Jancab89f0b2017-04-24 18:25:04 -07001714 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE|
1715 MSG_CMSG_COMPAT))
Linus Torvalds1da177e2005-04-16 15:20:36 -07001716 return -EINVAL;
1717
1718 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
1719 return -EINVAL;
1720
1721 lock_sock(sk);
1722
Johan Hedberg03811012010-12-08 00:21:06 +02001723 switch (hci_pi(sk)->channel) {
1724 case HCI_CHANNEL_RAW:
Marcel Holtmann23500182013-08-26 21:40:52 -07001725 case HCI_CHANNEL_USER:
Johan Hedberg03811012010-12-08 00:21:06 +02001726 break;
Marcel Holtmanncd82e612012-02-20 20:34:38 +01001727 case HCI_CHANNEL_MONITOR:
1728 err = -EOPNOTSUPP;
1729 goto done;
Marcel Holtmannac714942015-11-08 07:47:13 +01001730 case HCI_CHANNEL_LOGGING:
1731 err = hci_logging_frame(sk, msg, len);
1732 goto done;
Johan Hedberg03811012010-12-08 00:21:06 +02001733 default:
Johan Hedberg801c1e82015-03-06 21:08:50 +02001734 mutex_lock(&mgmt_chan_list_lock);
1735 chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
1736 if (chan)
Johan Hedbergfa4335d2015-03-17 13:48:50 +02001737 err = hci_mgmt_cmd(chan, sk, msg, len);
Johan Hedberg801c1e82015-03-06 21:08:50 +02001738 else
1739 err = -EINVAL;
1740
1741 mutex_unlock(&mgmt_chan_list_lock);
Johan Hedberg03811012010-12-08 00:21:06 +02001742 goto done;
1743 }
1744
Andrei Emeltchenko70f230202010-12-01 16:58:25 +02001745 hdev = hci_pi(sk)->hdev;
1746 if (!hdev) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001747 err = -EBADFD;
1748 goto done;
1749 }
1750
Marcel Holtmann7e21add2009-11-18 01:05:00 +01001751 if (!test_bit(HCI_UP, &hdev->flags)) {
1752 err = -ENETDOWN;
1753 goto done;
1754 }
1755
Andrei Emeltchenko70f230202010-12-01 16:58:25 +02001756 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
1757 if (!skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001758 goto done;
1759
Al Viro6ce8e9c2014-04-06 21:25:44 -04001760 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001761 err = -EFAULT;
1762 goto drop;
1763 }
1764
Marcel Holtmann8528d3f2015-11-08 07:47:11 +01001765 hci_skb_pkt_type(skb) = skb->data[0];
Linus Torvalds1da177e2005-04-16 15:20:36 -07001766 skb_pull(skb, 1);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001767
Marcel Holtmann1bc5ad12013-12-17 03:21:25 -08001768 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
1769 /* No permission check is needed for user channel
1770 * since that gets enforced when binding the socket.
1771 *
1772 * However check that the packet type is valid.
1773 */
Marcel Holtmannd79f34e2015-11-05 07:10:00 +01001774 if (hci_skb_pkt_type(skb) != HCI_COMMAND_PKT &&
1775 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
Marcel Holtmanncc974002020-01-25 09:23:47 +01001776 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
1777 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
Marcel Holtmann1bc5ad12013-12-17 03:21:25 -08001778 err = -EINVAL;
1779 goto drop;
1780 }
1781
1782 skb_queue_tail(&hdev->raw_q, skb);
1783 queue_work(hdev->workqueue, &hdev->tx_work);
Marcel Holtmannd79f34e2015-11-05 07:10:00 +01001784 } else if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
Harvey Harrison83985312008-05-02 16:25:46 -07001785 u16 opcode = get_unaligned_le16(skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001786 u16 ogf = hci_opcode_ogf(opcode);
1787 u16 ocf = hci_opcode_ocf(opcode);
1788
1789 if (((ogf > HCI_SFLT_MAX_OGF) ||
Gustavo Padovan3bb3c752012-05-17 00:36:22 -03001790 !hci_test_bit(ocf & HCI_FLT_OCF_BITS,
1791 &hci_sec_filter.ocf_mask[ogf])) &&
1792 !capable(CAP_NET_RAW)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001793 err = -EPERM;
1794 goto drop;
1795 }
1796
Marcel Holtmann19821622015-11-06 07:42:20 +01001797 /* Since the opcode has already been extracted here, store
1798 * a copy of the value for later use by the drivers.
1799 */
1800 hci_skb_opcode(skb) = opcode;
1801
Marcel Holtmannfee746b2014-06-29 12:13:05 +02001802 if (ogf == 0x3f) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001803 skb_queue_tail(&hdev->raw_q, skb);
Gustavo F. Padovan3eff45e2011-12-15 00:50:02 -02001804 queue_work(hdev->workqueue, &hdev->tx_work);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001805 } else {
Stephen Hemminger49c922b2014-10-27 21:12:20 -07001806 /* Stand-alone HCI commands must be flagged as
Johan Hedberg11714b32013-03-05 20:37:47 +02001807 * single-command requests.
1808 */
Johan Hedberg44d27132015-11-05 09:31:40 +02001809 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
Johan Hedberg11714b32013-03-05 20:37:47 +02001810
Linus Torvalds1da177e2005-04-16 15:20:36 -07001811 skb_queue_tail(&hdev->cmd_q, skb);
Gustavo F. Padovanc347b762011-12-14 23:53:47 -02001812 queue_work(hdev->workqueue, &hdev->cmd_work);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001813 }
1814 } else {
1815 if (!capable(CAP_NET_RAW)) {
1816 err = -EPERM;
1817 goto drop;
1818 }
1819
Marcel Holtmannd79f34e2015-11-05 07:10:00 +01001820 if (hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
Marcel Holtmanncc974002020-01-25 09:23:47 +01001821 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
1822 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
Marcel Holtmannbb775432015-10-09 16:13:50 +02001823 err = -EINVAL;
1824 goto drop;
1825 }
1826
Linus Torvalds1da177e2005-04-16 15:20:36 -07001827 skb_queue_tail(&hdev->raw_q, skb);
Gustavo F. Padovan3eff45e2011-12-15 00:50:02 -02001828 queue_work(hdev->workqueue, &hdev->tx_work);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001829 }
1830
1831 err = len;
1832
1833done:
1834 release_sock(sk);
1835 return err;
1836
1837drop:
1838 kfree_skb(skb);
1839 goto done;
1840}
1841
Gustavo Padovan8fc9ced2012-05-23 04:04:21 -03001842static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
1843 char __user *optval, unsigned int len)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001844{
1845 struct hci_ufilter uf = { .opcode = 0 };
1846 struct sock *sk = sock->sk;
1847 int err = 0, opt = 0;
1848
1849 BT_DBG("sk %p, opt %d", sk, optname);
1850
Marcel Holtmann47b0f5732016-08-27 20:23:37 +02001851 if (level != SOL_HCI)
1852 return -ENOPROTOOPT;
1853
Linus Torvalds1da177e2005-04-16 15:20:36 -07001854 lock_sock(sk);
1855
Marcel Holtmann2f39cdb2012-02-20 14:50:32 +01001856 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
Marcel Holtmannc2371e82013-08-26 09:29:39 -07001857 err = -EBADFD;
Marcel Holtmann2f39cdb2012-02-20 14:50:32 +01001858 goto done;
1859 }
1860
Linus Torvalds1da177e2005-04-16 15:20:36 -07001861 switch (optname) {
1862 case HCI_DATA_DIR:
1863 if (get_user(opt, (int __user *)optval)) {
1864 err = -EFAULT;
1865 break;
1866 }
1867
1868 if (opt)
1869 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
1870 else
1871 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
1872 break;
1873
1874 case HCI_TIME_STAMP:
1875 if (get_user(opt, (int __user *)optval)) {
1876 err = -EFAULT;
1877 break;
1878 }
1879
1880 if (opt)
1881 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
1882 else
1883 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
1884 break;
1885
1886 case HCI_FILTER:
Marcel Holtmann0878b662007-05-05 00:35:59 +02001887 {
1888 struct hci_filter *f = &hci_pi(sk)->filter;
1889
1890 uf.type_mask = f->type_mask;
1891 uf.opcode = f->opcode;
1892 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1893 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1894 }
1895
Linus Torvalds1da177e2005-04-16 15:20:36 -07001896 len = min_t(unsigned int, len, sizeof(uf));
1897 if (copy_from_user(&uf, optval, len)) {
1898 err = -EFAULT;
1899 break;
1900 }
1901
1902 if (!capable(CAP_NET_RAW)) {
1903 uf.type_mask &= hci_sec_filter.type_mask;
1904 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
1905 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
1906 }
1907
1908 {
1909 struct hci_filter *f = &hci_pi(sk)->filter;
1910
1911 f->type_mask = uf.type_mask;
1912 f->opcode = uf.opcode;
1913 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
1914 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
1915 }
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001916 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001917
1918 default:
1919 err = -ENOPROTOOPT;
1920 break;
1921 }
1922
Marcel Holtmann2f39cdb2012-02-20 14:50:32 +01001923done:
Linus Torvalds1da177e2005-04-16 15:20:36 -07001924 release_sock(sk);
1925 return err;
1926}
1927
Gustavo Padovan8fc9ced2012-05-23 04:04:21 -03001928static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
1929 char __user *optval, int __user *optlen)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001930{
1931 struct hci_ufilter uf;
1932 struct sock *sk = sock->sk;
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001933 int len, opt, err = 0;
1934
1935 BT_DBG("sk %p, opt %d", sk, optname);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001936
Marcel Holtmann47b0f5732016-08-27 20:23:37 +02001937 if (level != SOL_HCI)
1938 return -ENOPROTOOPT;
1939
Linus Torvalds1da177e2005-04-16 15:20:36 -07001940 if (get_user(len, optlen))
1941 return -EFAULT;
1942
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001943 lock_sock(sk);
1944
1945 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
Marcel Holtmannc2371e82013-08-26 09:29:39 -07001946 err = -EBADFD;
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001947 goto done;
1948 }
1949
Linus Torvalds1da177e2005-04-16 15:20:36 -07001950 switch (optname) {
1951 case HCI_DATA_DIR:
1952 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
1953 opt = 1;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001954 else
Linus Torvalds1da177e2005-04-16 15:20:36 -07001955 opt = 0;
1956
1957 if (put_user(opt, optval))
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001958 err = -EFAULT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001959 break;
1960
1961 case HCI_TIME_STAMP:
1962 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
1963 opt = 1;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001964 else
Linus Torvalds1da177e2005-04-16 15:20:36 -07001965 opt = 0;
1966
1967 if (put_user(opt, optval))
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001968 err = -EFAULT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001969 break;
1970
1971 case HCI_FILTER:
1972 {
1973 struct hci_filter *f = &hci_pi(sk)->filter;
1974
Mathias Krausee15ca9a2012-08-15 11:31:46 +00001975 memset(&uf, 0, sizeof(uf));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001976 uf.type_mask = f->type_mask;
1977 uf.opcode = f->opcode;
1978 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1979 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
1980 }
1981
1982 len = min_t(unsigned int, len, sizeof(uf));
1983 if (copy_to_user(optval, &uf, len))
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001984 err = -EFAULT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001985 break;
1986
1987 default:
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001988 err = -ENOPROTOOPT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001989 break;
1990 }
1991
Marcel Holtmanncedc5462012-02-20 14:50:33 +01001992done:
1993 release_sock(sk);
1994 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001995}
1996
Eric Dumazet90ddc4f2005-12-22 12:49:22 -08001997static const struct proto_ops hci_sock_ops = {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001998 .family = PF_BLUETOOTH,
1999 .owner = THIS_MODULE,
2000 .release = hci_sock_release,
2001 .bind = hci_sock_bind,
2002 .getname = hci_sock_getname,
2003 .sendmsg = hci_sock_sendmsg,
2004 .recvmsg = hci_sock_recvmsg,
2005 .ioctl = hci_sock_ioctl,
Arnd Bergmann7a6038b2019-03-14 14:10:33 +01002006#ifdef CONFIG_COMPAT
2007 .compat_ioctl = hci_sock_compat_ioctl,
2008#endif
Linus Torvaldsa11e1d42018-06-28 09:43:44 -07002009 .poll = datagram_poll,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002010 .listen = sock_no_listen,
2011 .shutdown = sock_no_shutdown,
2012 .setsockopt = hci_sock_setsockopt,
2013 .getsockopt = hci_sock_getsockopt,
2014 .connect = sock_no_connect,
2015 .socketpair = sock_no_socketpair,
2016 .accept = sock_no_accept,
2017 .mmap = sock_no_mmap
2018};
2019
2020static struct proto hci_sk_proto = {
2021 .name = "HCI",
2022 .owner = THIS_MODULE,
2023 .obj_size = sizeof(struct hci_pinfo)
2024};
2025
Eric Paris3f378b682009-11-05 22:18:14 -08002026static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
2027 int kern)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002028{
2029 struct sock *sk;
2030
2031 BT_DBG("sock %p", sock);
2032
2033 if (sock->type != SOCK_RAW)
2034 return -ESOCKTNOSUPPORT;
2035
2036 sock->ops = &hci_sock_ops;
2037
Eric W. Biederman11aa9c22015-05-08 21:09:13 -05002038 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002039 if (!sk)
2040 return -ENOMEM;
2041
2042 sock_init_data(sock, sk);
2043
2044 sock_reset_flag(sk, SOCK_ZAPPED);
2045
2046 sk->sk_protocol = protocol;
2047
2048 sock->state = SS_UNCONNECTED;
2049 sk->sk_state = BT_OPEN;
2050
2051 bt_sock_link(&hci_sk_list, sk);
2052 return 0;
2053}
2054
Stephen Hemmingerec1b4cf2009-10-05 05:58:39 +00002055static const struct net_proto_family hci_sock_family_ops = {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002056 .family = PF_BLUETOOTH,
2057 .owner = THIS_MODULE,
2058 .create = hci_sock_create,
2059};
2060
Linus Torvalds1da177e2005-04-16 15:20:36 -07002061int __init hci_sock_init(void)
2062{
2063 int err;
2064
Marcel Holtmannb0a8e282015-01-11 15:18:17 -08002065 BUILD_BUG_ON(sizeof(struct sockaddr_hci) > sizeof(struct sockaddr));
2066
Linus Torvalds1da177e2005-04-16 15:20:36 -07002067 err = proto_register(&hci_sk_proto, 0);
2068 if (err < 0)
2069 return err;
2070
2071 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
Masatake YAMATOf7c86632012-07-26 01:28:36 +09002072 if (err < 0) {
2073 BT_ERR("HCI socket registration failed");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002074 goto error;
Masatake YAMATOf7c86632012-07-26 01:28:36 +09002075 }
2076
Al Virob0316612013-04-04 19:14:33 -04002077 err = bt_procfs_init(&init_net, "hci", &hci_sk_list, NULL);
Masatake YAMATOf7c86632012-07-26 01:28:36 +09002078 if (err < 0) {
2079 BT_ERR("Failed to create HCI proc file");
2080 bt_sock_unregister(BTPROTO_HCI);
2081 goto error;
2082 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002083
Linus Torvalds1da177e2005-04-16 15:20:36 -07002084 BT_INFO("HCI socket layer initialized");
2085
2086 return 0;
2087
2088error:
Linus Torvalds1da177e2005-04-16 15:20:36 -07002089 proto_unregister(&hci_sk_proto);
2090 return err;
2091}
2092
Anand Gadiyarb7440a142011-02-22 12:43:09 +05302093void hci_sock_cleanup(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002094{
Masatake YAMATOf7c86632012-07-26 01:28:36 +09002095 bt_procfs_cleanup(&init_net, "hci");
David Herrmann5e9d7f82013-02-24 19:36:51 +01002096 bt_sock_unregister(BTPROTO_HCI);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002097 proto_unregister(&hci_sk_proto);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002098}