1
/*
2
   BlueZ - Bluetooth protocol stack for Linux
3
   Copyright (C) 2000-2001 Qualcomm Incorporated
4

5
   Written 2000,2001 by Maxim Krasnyansky <[email protected]>
6

7
   This program is free software; you can redistribute it and/or modify
8
   it under the terms of the GNU General Public License version 2 as
9
   published by the Free Software Foundation;
10

11
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19

20
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22
   SOFTWARE IS DISCLAIMED.
23
*/
24

25
/* Bluetooth HCI sockets. */
26

27
#include <linux/module.h>
28

29
#include <linux/types.h>
30
#include <linux/capability.h>
31
#include <linux/errno.h>
32
#include <linux/kernel.h>
33
#include <linux/slab.h>
34
#include <linux/poll.h>
35
#include <linux/fcntl.h>
36
#include <linux/init.h>
37
#include <linux/skbuff.h>
38
#include <linux/workqueue.h>
39
#include <linux/interrupt.h>
40
#include <linux/compat.h>
41
#include <linux/socket.h>
42
#include <linux/ioctl.h>
43
#include <net/sock.h>
44

45
#include <asm/system.h>
46
#include <linux/uaccess.h>
47
#include <asm/unaligned.h>
48

49
#include <net/bluetooth/bluetooth.h>
50
#include <net/bluetooth/hci_core.h>
51

52
static int enable_mgmt;
53

54
/* ----- HCI socket interface ----- */
55

56
static inline int hci_test_bit(int nr, void *addr)
57
{
58
	return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
59
}
60

61
/* Security filter */
62
static struct hci_sec_filter hci_sec_filter = {
63
	/* Packet types */
64
	0x10,
65
	/* Events */
66
	{ 0x1000d9fe, 0x0000b00c },
67
	/* Commands */
68
	{
69
		{ 0x0 },
70
		/* OGF_LINK_CTL */
71
		{ 0xbe000006, 0x00000001, 0x00000000, 0x00 },
72
		/* OGF_LINK_POLICY */
73
		{ 0x00005200, 0x00000000, 0x00000000, 0x00 },
74
		/* OGF_HOST_CTL */
75
		{ 0xaab00200, 0x2b402aaa, 0x05220154, 0x00 },
76
		/* OGF_INFO_PARAM */
77
		{ 0x000002be, 0x00000000, 0x00000000, 0x00 },
78
		/* OGF_STATUS_PARAM */
79
		{ 0x000000ea, 0x00000000, 0x00000000, 0x00 }
80
	}
81
};
82

83
static struct bt_sock_list hci_sk_list = {
84
	.lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
85
};
86

87
/* Send frame to RAW socket */
88
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
89
							struct sock *skip_sk)
90
{
91
	struct sock *sk;
92
	struct hlist_node *node;
93

94
	BT_DBG("hdev %p len %d", hdev, skb->len);
95

96
	read_lock(&hci_sk_list.lock);
97
	sk_for_each(sk, node, &hci_sk_list.head) {
98
		struct hci_filter *flt;
99
		struct sk_buff *nskb;
100

101
		if (sk == skip_sk)
102
			continue;
103

104
		if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105
			continue;
106

107
		/* Don't send frame to the socket it came from */
108
		if (skb->sk == sk)
109
			continue;
110

111
		if (bt_cb(skb)->channel != hci_pi(sk)->channel)
112
			continue;
113

114
		if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
115
			goto clone;
116

117
		/* Apply filter */
118
		flt = &hci_pi(sk)->filter;
119

120
		if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
121
				0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
122
			continue;
123

124
		if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
125
			register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
126

127
			if (!hci_test_bit(evt, &flt->event_mask))
128
				continue;
129

130
			if (flt->opcode &&
131
			    ((evt == HCI_EV_CMD_COMPLETE &&
132
			      flt->opcode !=
133
			      get_unaligned((__le16 *)(skb->data + 3))) ||
134
			     (evt == HCI_EV_CMD_STATUS &&
135
			      flt->opcode !=
136
			      get_unaligned((__le16 *)(skb->data + 4)))))
137
				continue;
138
		}
139

140
clone:
141
		nskb = skb_clone(skb, GFP_ATOMIC);
142
		if (!nskb)
143
			continue;
144

145
		/* Put type byte before the data */
146
		if (bt_cb(skb)->channel == HCI_CHANNEL_RAW)
147
			memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
148

149
		if (sock_queue_rcv_skb(sk, nskb))
150
			kfree_skb(nskb);
151
	}
152
	read_unlock(&hci_sk_list.lock);
153
}
154

155
static int hci_sock_release(struct socket *sock)
156
{
157
	struct sock *sk = sock->sk;
158
	struct hci_dev *hdev;
159

160
	BT_DBG("sock %p sk %p", sock, sk);
161

162
	if (!sk)
163
		return 0;
164

165
	hdev = hci_pi(sk)->hdev;
166

167
	bt_sock_unlink(&hci_sk_list, sk);
168

169
	if (hdev) {
170
		atomic_dec(&hdev->promisc);
171
		hci_dev_put(hdev);
172
	}
173

174
	sock_orphan(sk);
175

176
	skb_queue_purge(&sk->sk_receive_queue);
177
	skb_queue_purge(&sk->sk_write_queue);
178

179
	sock_put(sk);
180
	return 0;
181
}
182

183
struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
184
{
185
	struct list_head *p;
186

187
	list_for_each(p, &hdev->blacklist) {
188
		struct bdaddr_list *b;
189

190
		b = list_entry(p, struct bdaddr_list, list);
191

192
		if (bacmp(bdaddr, &b->bdaddr) == 0)
193
			return b;
194
	}
195

196
	return NULL;
197
}
198

199
static int hci_blacklist_add(struct hci_dev *hdev, void __user *arg)
200
{
201
	bdaddr_t bdaddr;
202
	struct bdaddr_list *entry;
203

204
	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
205
		return -EFAULT;
206

207
	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
208
		return -EBADF;
209

210
	if (hci_blacklist_lookup(hdev, &bdaddr))
211
		return -EEXIST;
212

213
	entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
214
	if (!entry)
215
		return -ENOMEM;
216

217
	bacpy(&entry->bdaddr, &bdaddr);
218

219
	list_add(&entry->list, &hdev->blacklist);
220

221
	return 0;
222
}
223

224
int hci_blacklist_clear(struct hci_dev *hdev)
225
{
226
	struct list_head *p, *n;
227

228
	list_for_each_safe(p, n, &hdev->blacklist) {
229
		struct bdaddr_list *b;
230

231
		b = list_entry(p, struct bdaddr_list, list);
232

233
		list_del(p);
234
		kfree(b);
235
	}
236

237
	return 0;
238
}
239

240
static int hci_blacklist_del(struct hci_dev *hdev, void __user *arg)
241
{
242
	bdaddr_t bdaddr;
243
	struct bdaddr_list *entry;
244

245
	if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
246
		return -EFAULT;
247

248
	if (bacmp(&bdaddr, BDADDR_ANY) == 0)
249
		return hci_blacklist_clear(hdev);
250

251
	entry = hci_blacklist_lookup(hdev, &bdaddr);
252
	if (!entry)
253
		return -ENOENT;
254

255
	list_del(&entry->list);
256
	kfree(entry);
257

258
	return 0;
259
}
260

261
/* Ioctls that require bound socket */
262
static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
263
{
264
	struct hci_dev *hdev = hci_pi(sk)->hdev;
265

266
	if (!hdev)
267
		return -EBADFD;
268

269
	switch (cmd) {
270
	case HCISETRAW:
271
		if (!capable(CAP_NET_ADMIN))
272
			return -EACCES;
273

274
		if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
275
			return -EPERM;
276

277
		if (arg)
278
			set_bit(HCI_RAW, &hdev->flags);
279
		else
280
			clear_bit(HCI_RAW, &hdev->flags);
281

282
		return 0;
283

284
	case HCIGETCONNINFO:
285
		return hci_get_conn_info(hdev, (void __user *) arg);
286

287
	case HCIGETAUTHINFO:
288
		return hci_get_auth_info(hdev, (void __user *) arg);
289

290
	case HCIBLOCKADDR:
291
		if (!capable(CAP_NET_ADMIN))
292
			return -EACCES;
293
		return hci_blacklist_add(hdev, (void __user *) arg);
294

295
	case HCIUNBLOCKADDR:
296
		if (!capable(CAP_NET_ADMIN))
297
			return -EACCES;
298
		return hci_blacklist_del(hdev, (void __user *) arg);
299

300
	default:
301
		if (hdev->ioctl)
302
			return hdev->ioctl(hdev, cmd, arg);
303
		return -EINVAL;
304
	}
305
}
306

307
static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
308
{
309
	struct sock *sk = sock->sk;
310
	void __user *argp = (void __user *) arg;
311
	int err;
312

313
	BT_DBG("cmd %x arg %lx", cmd, arg);
314

315
	switch (cmd) {
316
	case HCIGETDEVLIST:
317
		return hci_get_dev_list(argp);
318

319
	case HCIGETDEVINFO:
320
		return hci_get_dev_info(argp);
321

322
	case HCIGETCONNLIST:
323
		return hci_get_conn_list(argp);
324

325
	case HCIDEVUP:
326
		if (!capable(CAP_NET_ADMIN))
327
			return -EACCES;
328
		return hci_dev_open(arg);
329

330
	case HCIDEVDOWN:
331
		if (!capable(CAP_NET_ADMIN))
332
			return -EACCES;
333
		return hci_dev_close(arg);
334

335
	case HCIDEVRESET:
336
		if (!capable(CAP_NET_ADMIN))
337
			return -EACCES;
338
		return hci_dev_reset(arg);
339

340
	case HCIDEVRESTAT:
341
		if (!capable(CAP_NET_ADMIN))
342
			return -EACCES;
343
		return hci_dev_reset_stat(arg);
344

345
	case HCISETSCAN:
346
	case HCISETAUTH:
347
	case HCISETENCRYPT:
348
	case HCISETPTYPE:
349
	case HCISETLINKPOL:
350
	case HCISETLINKMODE:
351
	case HCISETACLMTU:
352
	case HCISETSCOMTU:
353
		if (!capable(CAP_NET_ADMIN))
354
			return -EACCES;
355
		return hci_dev_cmd(cmd, argp);
356

357
	case HCIINQUIRY:
358
		return hci_inquiry(argp);
359

360
	default:
361
		lock_sock(sk);
362
		err = hci_sock_bound_ioctl(sk, cmd, arg);
363
		release_sock(sk);
364
		return err;
365
	}
366
}
367

368
static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
369
{
370
	struct sockaddr_hci haddr;
371
	struct sock *sk = sock->sk;
372
	struct hci_dev *hdev = NULL;
373
	int len, err = 0;
374

375
	BT_DBG("sock %p sk %p", sock, sk);
376

377
	if (!addr)
378
		return -EINVAL;
379

380
	memset(&haddr, 0, sizeof(haddr));
381
	len = min_t(unsigned int, sizeof(haddr), addr_len);
382
	memcpy(&haddr, addr, len);
383

384
	if (haddr.hci_family != AF_BLUETOOTH)
385
		return -EINVAL;
386

387
	if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
388
		return -EINVAL;
389

390
	if (haddr.hci_channel == HCI_CHANNEL_CONTROL && !enable_mgmt)
391
		return -EINVAL;
392

393
	lock_sock(sk);
394

395
	if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) {
396
		err = -EALREADY;
397
		goto done;
398
	}
399

400
	if (haddr.hci_dev != HCI_DEV_NONE) {
401
		hdev = hci_dev_get(haddr.hci_dev);
402
		if (!hdev) {
403
			err = -ENODEV;
404
			goto done;
405
		}
406

407
		atomic_inc(&hdev->promisc);
408
	}
409

410
	hci_pi(sk)->channel = haddr.hci_channel;
411
	hci_pi(sk)->hdev = hdev;
412
	sk->sk_state = BT_BOUND;
413

414
done:
415
	release_sock(sk);
416
	return err;
417
}
418

419
static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
420
{
421
	struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
422
	struct sock *sk = sock->sk;
423
	struct hci_dev *hdev = hci_pi(sk)->hdev;
424

425
	BT_DBG("sock %p sk %p", sock, sk);
426

427
	if (!hdev)
428
		return -EBADFD;
429

430
	lock_sock(sk);
431

432
	*addr_len = sizeof(*haddr);
433
	haddr->hci_family = AF_BLUETOOTH;
434
	haddr->hci_dev    = hdev->id;
435

436
	release_sock(sk);
437
	return 0;
438
}
439

440
static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
441
{
442
	__u32 mask = hci_pi(sk)->cmsg_mask;
443

444
	if (mask & HCI_CMSG_DIR) {
445
		int incoming = bt_cb(skb)->incoming;
446
		put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
447
	}
448

449
	if (mask & HCI_CMSG_TSTAMP) {
450
#ifdef CONFIG_COMPAT
451
		struct compat_timeval ctv;
452
#endif
453
		struct timeval tv;
454
		void *data;
455
		int len;
456

457
		skb_get_timestamp(skb, &tv);
458

459
		data = &tv;
460
		len = sizeof(tv);
461
#ifdef CONFIG_COMPAT
462
		if (msg->msg_flags & MSG_CMSG_COMPAT) {
463
			ctv.tv_sec = tv.tv_sec;
464
			ctv.tv_usec = tv.tv_usec;
465
			data = &ctv;
466
			len = sizeof(ctv);
467
		}
468
#endif
469

470
		put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
471
	}
472
}
473

474
static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
475
				struct msghdr *msg, size_t len, int flags)
476
{
477
	int noblock = flags & MSG_DONTWAIT;
478
	struct sock *sk = sock->sk;
479
	struct sk_buff *skb;
480
	int copied, err;
481

482
	BT_DBG("sock %p, sk %p", sock, sk);
483

484
	if (flags & (MSG_OOB))
485
		return -EOPNOTSUPP;
486

487
	if (sk->sk_state == BT_CLOSED)
488
		return 0;
489

490
	skb = skb_recv_datagram(sk, flags, noblock, &err);
491
	if (!skb)
492
		return err;
493

494
	msg->msg_namelen = 0;
495

496
	copied = skb->len;
497
	if (len < copied) {
498
		msg->msg_flags |= MSG_TRUNC;
499
		copied = len;
500
	}
501

502
	skb_reset_transport_header(skb);
503
	err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
504

505
	hci_sock_cmsg(sk, msg, skb);
506

507
	skb_free_datagram(sk, skb);
508

509
	return err ? : copied;
510
}
511

512
static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
513
			    struct msghdr *msg, size_t len)
514
{
515
	struct sock *sk = sock->sk;
516
	struct hci_dev *hdev;
517
	struct sk_buff *skb;
518
	int err;
519

520
	BT_DBG("sock %p sk %p", sock, sk);
521

522
	if (msg->msg_flags & MSG_OOB)
523
		return -EOPNOTSUPP;
524

525
	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
526
		return -EINVAL;
527

528
	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
529
		return -EINVAL;
530

531
	lock_sock(sk);
532

533
	switch (hci_pi(sk)->channel) {
534
	case HCI_CHANNEL_RAW:
535
		break;
536
	case HCI_CHANNEL_CONTROL:
537
		err = mgmt_control(sk, msg, len);
538
		goto done;
539
	default:
540
		err = -EINVAL;
541
		goto done;
542
	}
543

544
	hdev = hci_pi(sk)->hdev;
545
	if (!hdev) {
546
		err = -EBADFD;
547
		goto done;
548
	}
549

550
	if (!test_bit(HCI_UP, &hdev->flags)) {
551
		err = -ENETDOWN;
552
		goto done;
553
	}
554

555
	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
556
	if (!skb)
557
		goto done;
558

559
	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
560
		err = -EFAULT;
561
		goto drop;
562
	}
563

564
	bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
565
	skb_pull(skb, 1);
566
	skb->dev = (void *) hdev;
567

568
	if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
569
		u16 opcode = get_unaligned_le16(skb->data);
570
		u16 ogf = hci_opcode_ogf(opcode);
571
		u16 ocf = hci_opcode_ocf(opcode);
572

573
		if (((ogf > HCI_SFLT_MAX_OGF) ||
574
				!hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
575
					!capable(CAP_NET_RAW)) {
576
			err = -EPERM;
577
			goto drop;
578
		}
579

580
		if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
581
			skb_queue_tail(&hdev->raw_q, skb);
582
			tasklet_schedule(&hdev->tx_task);
583
		} else {
584
			skb_queue_tail(&hdev->cmd_q, skb);
585
			tasklet_schedule(&hdev->cmd_task);
586
		}
587
	} else {
588
		if (!capable(CAP_NET_RAW)) {
589
			err = -EPERM;
590
			goto drop;
591
		}
592

593
		skb_queue_tail(&hdev->raw_q, skb);
594
		tasklet_schedule(&hdev->tx_task);
595
	}
596

597
	err = len;
598

599
done:
600
	release_sock(sk);
601
	return err;
602

603
drop:
604
	kfree_skb(skb);
605
	goto done;
606
}
607

608
static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int len)
609
{
610
	struct hci_ufilter uf = { .opcode = 0 };
611
	struct sock *sk = sock->sk;
612
	int err = 0, opt = 0;
613

614
	BT_DBG("sk %p, opt %d", sk, optname);
615

616
	lock_sock(sk);
617

618
	switch (optname) {
619
	case HCI_DATA_DIR:
620
		if (get_user(opt, (int __user *)optval)) {
621
			err = -EFAULT;
622
			break;
623
		}
624

625
		if (opt)
626
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
627
		else
628
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
629
		break;
630

631
	case HCI_TIME_STAMP:
632
		if (get_user(opt, (int __user *)optval)) {
633
			err = -EFAULT;
634
			break;
635
		}
636

637
		if (opt)
638
			hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
639
		else
640
			hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
641
		break;
642

643
	case HCI_FILTER:
644
		{
645
			struct hci_filter *f = &hci_pi(sk)->filter;
646

647
			uf.type_mask = f->type_mask;
648
			uf.opcode    = f->opcode;
649
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
650
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
651
		}
652

653
		len = min_t(unsigned int, len, sizeof(uf));
654
		if (copy_from_user(&uf, optval, len)) {
655
			err = -EFAULT;
656
			break;
657
		}
658

659
		if (!capable(CAP_NET_RAW)) {
660
			uf.type_mask &= hci_sec_filter.type_mask;
661
			uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
662
			uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
663
		}
664

665
		{
666
			struct hci_filter *f = &hci_pi(sk)->filter;
667

668
			f->type_mask = uf.type_mask;
669
			f->opcode    = uf.opcode;
670
			*((u32 *) f->event_mask + 0) = uf.event_mask[0];
671
			*((u32 *) f->event_mask + 1) = uf.event_mask[1];
672
		}
673
		break;
674

675
	default:
676
		err = -ENOPROTOOPT;
677
		break;
678
	}
679

680
	release_sock(sk);
681
	return err;
682
}
683

684
static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
685
{
686
	struct hci_ufilter uf;
687
	struct sock *sk = sock->sk;
688
	int len, opt;
689

690
	if (get_user(len, optlen))
691
		return -EFAULT;
692

693
	switch (optname) {
694
	case HCI_DATA_DIR:
695
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
696
			opt = 1;
697
		else
698
			opt = 0;
699

700
		if (put_user(opt, optval))
701
			return -EFAULT;
702
		break;
703

704
	case HCI_TIME_STAMP:
705
		if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
706
			opt = 1;
707
		else
708
			opt = 0;
709

710
		if (put_user(opt, optval))
711
			return -EFAULT;
712
		break;
713

714
	case HCI_FILTER:
715
		{
716
			struct hci_filter *f = &hci_pi(sk)->filter;
717

718
			uf.type_mask = f->type_mask;
719
			uf.opcode    = f->opcode;
720
			uf.event_mask[0] = *((u32 *) f->event_mask + 0);
721
			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
722
		}
723

724
		len = min_t(unsigned int, len, sizeof(uf));
725
		if (copy_to_user(optval, &uf, len))
726
			return -EFAULT;
727
		break;
728

729
	default:
730
		return -ENOPROTOOPT;
731
		break;
732
	}
733

734
	return 0;
735
}
736

737
static const struct proto_ops hci_sock_ops = {
738
	.family		= PF_BLUETOOTH,
739
	.owner		= THIS_MODULE,
740
	.release	= hci_sock_release,
741
	.bind		= hci_sock_bind,
742
	.getname	= hci_sock_getname,
743
	.sendmsg	= hci_sock_sendmsg,
744
	.recvmsg	= hci_sock_recvmsg,
745
	.ioctl		= hci_sock_ioctl,
746
	.poll		= datagram_poll,
747
	.listen		= sock_no_listen,
748
	.shutdown	= sock_no_shutdown,
749
	.setsockopt	= hci_sock_setsockopt,
750
	.getsockopt	= hci_sock_getsockopt,
751
	.connect	= sock_no_connect,
752
	.socketpair	= sock_no_socketpair,
753
	.accept		= sock_no_accept,
754
	.mmap		= sock_no_mmap
755
};
756

757
static struct proto hci_sk_proto = {
758
	.name		= "HCI",
759
	.owner		= THIS_MODULE,
760
	.obj_size	= sizeof(struct hci_pinfo)
761
};
762

763
static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
764
			   int kern)
765
{
766
	struct sock *sk;
767

768
	BT_DBG("sock %p", sock);
769

770
	if (sock->type != SOCK_RAW)
771
		return -ESOCKTNOSUPPORT;
772

773
	sock->ops = &hci_sock_ops;
774

775
	sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto);
776
	if (!sk)
777
		return -ENOMEM;
778

779
	sock_init_data(sock, sk);
780

781
	sock_reset_flag(sk, SOCK_ZAPPED);
782

783
	sk->sk_protocol = protocol;
784

785
	sock->state = SS_UNCONNECTED;
786
	sk->sk_state = BT_OPEN;
787

788
	bt_sock_link(&hci_sk_list, sk);
789
	return 0;
790
}
791

792
static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
793
{
794
	struct hci_dev *hdev = (struct hci_dev *) ptr;
795
	struct hci_ev_si_device ev;
796

797
	BT_DBG("hdev %s event %ld", hdev->name, event);
798

799
	/* Send event to sockets */
800
	ev.event  = event;
801
	ev.dev_id = hdev->id;
802
	hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
803

804
	if (event == HCI_DEV_UNREG) {
805
		struct sock *sk;
806
		struct hlist_node *node;
807

808
		/* Detach sockets from device */
809
		read_lock(&hci_sk_list.lock);
810
		sk_for_each(sk, node, &hci_sk_list.head) {
811
			local_bh_disable();
812
			bh_lock_sock_nested(sk);
813
			if (hci_pi(sk)->hdev == hdev) {
814
				hci_pi(sk)->hdev = NULL;
815
				sk->sk_err = EPIPE;
816
				sk->sk_state = BT_OPEN;
817
				sk->sk_state_change(sk);
818

819
				hci_dev_put(hdev);
820
			}
821
			bh_unlock_sock(sk);
822
			local_bh_enable();
823
		}
824
		read_unlock(&hci_sk_list.lock);
825
	}
826

827
	return NOTIFY_DONE;
828
}
829

830
static const struct net_proto_family hci_sock_family_ops = {
831
	.family	= PF_BLUETOOTH,
832
	.owner	= THIS_MODULE,
833
	.create	= hci_sock_create,
834
};
835

836
static struct notifier_block hci_sock_nblock = {
837
	.notifier_call = hci_sock_dev_event
838
};
839

840
int __init hci_sock_init(void)
841
{
842
	int err;
843

844
	err = proto_register(&hci_sk_proto, 0);
845
	if (err < 0)
846
		return err;
847

848
	err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
849
	if (err < 0)
850
		goto error;
851

852
	hci_register_notifier(&hci_sock_nblock);
853

854
	BT_INFO("HCI socket layer initialized");
855

856
	return 0;
857

858
error:
859
	BT_ERR("HCI socket registration failed");
860
	proto_unregister(&hci_sk_proto);
861
	return err;
862
}
863

864
void hci_sock_cleanup(void)
865
{
866
	if (bt_sock_unregister(BTPROTO_HCI) < 0)
867
		BT_ERR("HCI socket unregistration failed");
868

869
	hci_unregister_notifier(&hci_sock_nblock);
870

871
	proto_unregister(&hci_sk_proto);
872
}
873

874
module_param(enable_mgmt, bool, 0644);
875
MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
876

877