1 /* $NetBSD: hci_ioctl.c,v 1.15 2021/09/21 15:03:08 christos Exp $ */
2
3 /*-
4 * Copyright (c) 2005 Iain Hibbert.
5 * Copyright (c) 2006 Itronix Inc.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of Itronix Inc. may not be used to endorse
17 * or promote products derived from this software without specific
18 * prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: hci_ioctl.c,v 1.15 2021/09/21 15:03:08 christos Exp $");
35
36 #include <sys/param.h>
37 #include <sys/domain.h>
38 #include <sys/ioctl.h>
39 #include <sys/kauth.h>
40 #include <sys/kernel.h>
41 #include <sys/mbuf.h>
42 #include <sys/proc.h>
43 #include <sys/systm.h>
44
45 #include <netbt/bluetooth.h>
46 #include <netbt/hci.h>
47 #include <netbt/l2cap.h>
48 #include <netbt/rfcomm.h>
49
50 #ifdef BLUETOOTH_DEBUG
51 #define BDADDR(bd) (bd).b[5], (bd).b[4], (bd).b[3], \
52 (bd).b[2], (bd).b[1], (bd).b[0]
53
54 static void
hci_dump(void)55 hci_dump(void)
56 {
57 struct hci_unit *unit;
58 struct hci_link *link;
59 struct l2cap_channel *chan;
60 struct rfcomm_session *rs;
61 struct rfcomm_dlc *dlc;
62
63 uprintf("HCI:\n");
64 SIMPLEQ_FOREACH(unit, &hci_unit_list, hci_next) {
65 uprintf("UNIT %s: flags 0x%4.4x, "
66 "num_cmd=%d, num_acl=%d, num_sco=%d\n",
67 device_xname(unit->hci_dev), unit->hci_flags,
68 unit->hci_num_cmd_pkts,
69 unit->hci_num_acl_pkts,
70 unit->hci_num_sco_pkts);
71 TAILQ_FOREACH(link, &unit->hci_links, hl_next) {
72 uprintf("+HANDLE #%d: %s "
73 "raddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x, "
74 "state %d, refcnt %d\n",
75 link->hl_handle,
76 (link->hl_type == HCI_LINK_ACL ? "ACL":"SCO"),
77 BDADDR(link->hl_bdaddr),
78 link->hl_state, link->hl_refcnt);
79 }
80 }
81
82 uprintf("L2CAP:\n");
83 LIST_FOREACH(chan, &l2cap_active_list, lc_ncid) {
84 uprintf("CID #%d state %d, psm=0x%4.4x, "
85 "laddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x, "
86 "raddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
87 chan->lc_lcid, chan->lc_state, chan->lc_raddr.bt_psm,
88 BDADDR(chan->lc_laddr.bt_bdaddr),
89 BDADDR(chan->lc_raddr.bt_bdaddr));
90 }
91
92 LIST_FOREACH(chan, &l2cap_listen_list, lc_ncid) {
93 uprintf("LISTEN psm=0x%4.4x, "
94 "laddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
95 chan->lc_laddr.bt_psm,
96 BDADDR(chan->lc_laddr.bt_bdaddr));
97 }
98
99 uprintf("RFCOMM:\n");
100 LIST_FOREACH(rs, &rfcomm_session_active, rs_next) {
101 chan = rs->rs_l2cap;
102 uprintf("SESSION: state=%d, flags=0x%4.4x, psm 0x%4.4x "
103 "laddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x, "
104 "raddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
105 rs->rs_state, rs->rs_flags, chan->lc_raddr.bt_psm,
106 BDADDR(chan->lc_laddr.bt_bdaddr),
107 BDADDR(chan->lc_raddr.bt_bdaddr));
108 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
109 uprintf("+DLC channel=%d, dlci=%d, "
110 "state=%d, flags=0x%4.4x, rxcred=%d, rxsize=%ld, "
111 "txcred=%d, pending=%d, txqlen=%d\n",
112 dlc->rd_raddr.bt_channel, dlc->rd_dlci,
113 dlc->rd_state, dlc->rd_flags,
114 dlc->rd_rxcred, (unsigned long)dlc->rd_rxsize,
115 dlc->rd_txcred, dlc->rd_pending,
116 (dlc->rd_txbuf ? dlc->rd_txbuf->m_pkthdr.len : 0));
117 }
118 }
119
120 LIST_FOREACH(rs, &rfcomm_session_listen, rs_next) {
121 chan = rs->rs_l2cap;
122 uprintf("LISTEN: psm 0x%4.4x, "
123 "laddr=%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
124 chan->lc_laddr.bt_psm,
125 BDADDR(chan->lc_laddr.bt_bdaddr));
126 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next)
127 uprintf("+DLC channel=%d\n", dlc->rd_laddr.bt_channel);
128 }
129 }
130
131 #undef BDADDR
132 #endif
133
134 int
hci_ioctl_pcb(unsigned long cmd,void * data)135 hci_ioctl_pcb(unsigned long cmd, void *data)
136 {
137 struct btreq *btr = data;
138 struct hci_unit *unit;
139 int err = 0;
140
141 DPRINTFN(1, "cmd %#lx\n", cmd);
142
143 switch(cmd) {
144 #ifdef BLUETOOTH_DEBUG
145 case SIOCBTDUMP:
146 hci_dump();
147 return 0;
148 #endif
149 /*
150 * Get unit info based on address rather than name
151 */
152 case SIOCGBTINFOA:
153 unit = hci_unit_lookup(&btr->btr_bdaddr);
154 if (unit == NULL)
155 return ENXIO;
156
157 break;
158
159 /*
160 * The remaining ioctl's all use the same btreq structure and
161 * index on the name of the device, so we look that up first.
162 */
163 case SIOCNBTINFO:
164 /* empty name means give the first unit */
165 if (btr->btr_name[0] == '\0') {
166 unit = NULL;
167 break;
168 }
169
170 /* else fall through and look it up */
171 /* FALLTHROUGH */
172 case SIOCGBTINFO:
173 case SIOCSBTFLAGS:
174 case SIOCSBTPOLICY:
175 case SIOCSBTPTYPE:
176 case SIOCGBTSTATS:
177 case SIOCZBTSTATS:
178 case SIOCSBTSCOMTU:
179 case SIOCGBTFEAT:
180 SIMPLEQ_FOREACH(unit, &hci_unit_list, hci_next) {
181 if (strncmp(device_xname(unit->hci_dev),
182 btr->btr_name, HCI_DEVNAME_SIZE) == 0)
183 break;
184 }
185
186 if (unit == NULL)
187 return ENXIO;
188
189 break;
190
191 default: /* not one of mine */
192 return EPASSTHROUGH;
193 }
194
195 switch(cmd) {
196 case SIOCNBTINFO: /* get next info */
197 if (unit)
198 unit = SIMPLEQ_NEXT(unit, hci_next);
199 else
200 unit = SIMPLEQ_FIRST(&hci_unit_list);
201
202 if (unit == NULL) {
203 err = ENXIO;
204 break;
205 }
206
207 /* FALLTHROUGH */
208 case SIOCGBTINFO: /* get unit info */
209 /* FALLTHROUGH */
210 case SIOCGBTINFOA: /* get info by address */
211 memset(btr, 0, sizeof(struct btreq));
212 strlcpy(btr->btr_name, device_xname(unit->hci_dev), HCI_DEVNAME_SIZE);
213 bdaddr_copy(&btr->btr_bdaddr, &unit->hci_bdaddr);
214
215 btr->btr_flags = unit->hci_flags;
216
217 btr->btr_num_cmd = unit->hci_num_cmd_pkts;
218 btr->btr_num_acl = unit->hci_num_acl_pkts;
219 btr->btr_num_sco = unit->hci_num_sco_pkts;
220 btr->btr_acl_mtu = unit->hci_max_acl_size;
221 btr->btr_sco_mtu = unit->hci_max_sco_size;
222 btr->btr_max_acl = unit->hci_max_acl_pkts;
223 btr->btr_max_sco = unit->hci_max_sco_pkts;
224
225 btr->btr_packet_type = unit->hci_packet_type;
226 btr->btr_link_policy = unit->hci_link_policy;
227 break;
228
229 case SIOCSBTFLAGS: /* set unit flags (privileged) */
230 err = kauth_authorize_device(kauth_cred_get(),
231 KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
232 btr, NULL);
233 if (err)
234 break;
235
236 if ((unit->hci_flags & BTF_UP)
237 && (btr->btr_flags & BTF_UP) == 0) {
238 hci_disable(unit);
239 unit->hci_flags &= ~BTF_UP;
240 }
241
242 unit->hci_flags &= ~BTF_MASTER;
243 unit->hci_flags |= (btr->btr_flags & (BTF_INIT | BTF_MASTER));
244
245 if ((unit->hci_flags & BTF_UP) == 0
246 && (btr->btr_flags & BTF_UP)) {
247 err = hci_enable(unit);
248 if (err)
249 break;
250
251 unit->hci_flags |= BTF_UP;
252 }
253
254 btr->btr_flags = unit->hci_flags;
255 break;
256
257 case SIOCSBTPOLICY: /* set unit link policy (privileged) */
258 err = kauth_authorize_device(kauth_cred_get(),
259 KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
260 btr, NULL);
261 if (err)
262 break;
263
264 unit->hci_link_policy = btr->btr_link_policy;
265 unit->hci_link_policy &= unit->hci_lmp_mask;
266 btr->btr_link_policy = unit->hci_link_policy;
267 break;
268
269 case SIOCSBTPTYPE: /* set unit packet types (privileged) */
270 err = kauth_authorize_device(kauth_cred_get(),
271 KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
272 btr, NULL);
273 if (err)
274 break;
275
276 unit->hci_packet_type = btr->btr_packet_type;
277 unit->hci_packet_type &= unit->hci_acl_mask;
278 btr->btr_packet_type = unit->hci_packet_type;
279 break;
280
281 case SIOCGBTSTATS: /* get unit statistics */
282 (*unit->hci_if->get_stats)(unit->hci_dev, &btr->btr_stats, 0);
283 break;
284
285 case SIOCZBTSTATS: /* get & reset unit statistics */
286 err = kauth_authorize_device(kauth_cred_get(),
287 KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
288 btr, NULL);
289 if (err)
290 break;
291
292 (*unit->hci_if->get_stats)(unit->hci_dev, &btr->btr_stats, 1);
293 break;
294
295 case SIOCSBTSCOMTU: /* set sco_mtu value for unit */
296 /*
297 * This is a temporary ioctl and may not be supported
298 * in the future. The need is that if SCO packets are
299 * sent to USB bluetooth controllers that are not an
300 * integer number of frame sizes, the USB bus locks up.
301 */
302 err = kauth_authorize_device(kauth_cred_get(),
303 KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
304 btr, NULL);
305 if (err)
306 break;
307
308 unit->hci_max_sco_size = btr->btr_sco_mtu;
309 break;
310
311 case SIOCGBTFEAT: /* get unit features */
312 memset(btr, 0, sizeof(struct btreq));
313 strlcpy(btr->btr_name, device_xname(unit->hci_dev), HCI_DEVNAME_SIZE);
314 memcpy(btr->btr_features0, unit->hci_feat0, HCI_FEATURES_SIZE);
315 memcpy(btr->btr_features1, unit->hci_feat1, HCI_FEATURES_SIZE);
316 memcpy(btr->btr_features2, unit->hci_feat2, HCI_FEATURES_SIZE);
317 break;
318
319 default:
320 err = EFAULT;
321 break;
322 }
323
324 return err;
325 }
326