1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Bluetooth virtual HCI driver
5 *
6 * Copyright (C) 2000-2001 Qualcomm Incorporated
7 * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
8 * Copyright (C) 2004-2006 Marcel Holtmann <marcel@holtmann.org>
9 */
10
11 #include <linux/module.h>
12 #include <asm/unaligned.h>
13
14 #include <linux/kernel.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/types.h>
18 #include <linux/errno.h>
19 #include <linux/sched.h>
20 #include <linux/poll.h>
21
22 #include <linux/skbuff.h>
23 #include <linux/miscdevice.h>
24
25 #include <net/bluetooth/bluetooth.h>
26 #include <net/bluetooth/hci_core.h>
27
28 #define VERSION "1.5"
29
30 static bool amp;
31
32 struct vhci_data {
33 struct hci_dev *hdev;
34
35 wait_queue_head_t read_wait;
36 struct sk_buff_head readq;
37
38 struct mutex open_mutex;
39 struct delayed_work open_timeout;
40 };
41
vhci_open_dev(struct hci_dev *hdev)42 static int vhci_open_dev(struct hci_dev *hdev)
43 {
44 return 0;
45 }
46
vhci_close_dev(struct hci_dev *hdev)47 static int vhci_close_dev(struct hci_dev *hdev)
48 {
49 struct vhci_data *data = hci_get_drvdata(hdev);
50
51 skb_queue_purge(&data->readq);
52
53 return 0;
54 }
55
vhci_flush(struct hci_dev *hdev)56 static int vhci_flush(struct hci_dev *hdev)
57 {
58 struct vhci_data *data = hci_get_drvdata(hdev);
59
60 skb_queue_purge(&data->readq);
61
62 return 0;
63 }
64
vhci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)65 static int vhci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
66 {
67 struct vhci_data *data = hci_get_drvdata(hdev);
68
69 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
70
71 mutex_lock(&data->open_mutex);
72 skb_queue_tail(&data->readq, skb);
73 mutex_unlock(&data->open_mutex);
74
75 wake_up_interruptible(&data->read_wait);
76 return 0;
77 }
78
__vhci_create_device(struct vhci_data *data, __u8 opcode)79 static int __vhci_create_device(struct vhci_data *data, __u8 opcode)
80 {
81 struct hci_dev *hdev;
82 struct sk_buff *skb;
83 __u8 dev_type;
84
85 if (data->hdev)
86 return -EBADFD;
87
88 /* bits 0-1 are dev_type (Primary or AMP) */
89 dev_type = opcode & 0x03;
90
91 if (dev_type != HCI_PRIMARY && dev_type != HCI_AMP)
92 return -EINVAL;
93
94 /* bits 2-5 are reserved (must be zero) */
95 if (opcode & 0x3c)
96 return -EINVAL;
97
98 skb = bt_skb_alloc(4, GFP_KERNEL);
99 if (!skb)
100 return -ENOMEM;
101
102 hdev = hci_alloc_dev();
103 if (!hdev) {
104 kfree_skb(skb);
105 return -ENOMEM;
106 }
107
108 data->hdev = hdev;
109
110 hdev->bus = HCI_VIRTUAL;
111 hdev->dev_type = dev_type;
112 hci_set_drvdata(hdev, data);
113
114 hdev->open = vhci_open_dev;
115 hdev->close = vhci_close_dev;
116 hdev->flush = vhci_flush;
117 hdev->send = vhci_send_frame;
118
119 /* bit 6 is for external configuration */
120 if (opcode & 0x40)
121 set_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks);
122
123 /* bit 7 is for raw device */
124 if (opcode & 0x80)
125 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
126
127 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
128
129 if (hci_register_dev(hdev) < 0) {
130 BT_ERR("Can't register HCI device");
131 hci_free_dev(hdev);
132 data->hdev = NULL;
133 kfree_skb(skb);
134 return -EBUSY;
135 }
136
137 hci_skb_pkt_type(skb) = HCI_VENDOR_PKT;
138
139 skb_put_u8(skb, 0xff);
140 skb_put_u8(skb, opcode);
141 put_unaligned_le16(hdev->id, skb_put(skb, 2));
142 skb_queue_tail(&data->readq, skb);
143
144 wake_up_interruptible(&data->read_wait);
145 return 0;
146 }
147
vhci_create_device(struct vhci_data *data, __u8 opcode)148 static int vhci_create_device(struct vhci_data *data, __u8 opcode)
149 {
150 int err;
151
152 mutex_lock(&data->open_mutex);
153 err = __vhci_create_device(data, opcode);
154 mutex_unlock(&data->open_mutex);
155
156 return err;
157 }
158
vhci_get_user(struct vhci_data *data, struct iov_iter *from)159 static inline ssize_t vhci_get_user(struct vhci_data *data,
160 struct iov_iter *from)
161 {
162 size_t len = iov_iter_count(from);
163 struct sk_buff *skb;
164 __u8 pkt_type, opcode;
165 int ret;
166
167 if (len < 2 || len > HCI_MAX_FRAME_SIZE)
168 return -EINVAL;
169
170 skb = bt_skb_alloc(len, GFP_KERNEL);
171 if (!skb)
172 return -ENOMEM;
173
174 if (!copy_from_iter_full(skb_put(skb, len), len, from)) {
175 kfree_skb(skb);
176 return -EFAULT;
177 }
178
179 pkt_type = *((__u8 *) skb->data);
180 skb_pull(skb, 1);
181
182 switch (pkt_type) {
183 case HCI_EVENT_PKT:
184 case HCI_ACLDATA_PKT:
185 case HCI_SCODATA_PKT:
186 case HCI_ISODATA_PKT:
187 if (!data->hdev) {
188 kfree_skb(skb);
189 return -ENODEV;
190 }
191
192 hci_skb_pkt_type(skb) = pkt_type;
193
194 ret = hci_recv_frame(data->hdev, skb);
195 break;
196
197 case HCI_VENDOR_PKT:
198 cancel_delayed_work_sync(&data->open_timeout);
199
200 opcode = *((__u8 *) skb->data);
201 skb_pull(skb, 1);
202
203 if (skb->len > 0) {
204 kfree_skb(skb);
205 return -EINVAL;
206 }
207
208 kfree_skb(skb);
209
210 ret = vhci_create_device(data, opcode);
211 break;
212
213 default:
214 kfree_skb(skb);
215 return -EINVAL;
216 }
217
218 return (ret < 0) ? ret : len;
219 }
220
vhci_put_user(struct vhci_data *data, struct sk_buff *skb, char __user *buf, int count)221 static inline ssize_t vhci_put_user(struct vhci_data *data,
222 struct sk_buff *skb,
223 char __user *buf, int count)
224 {
225 char __user *ptr = buf;
226 int len;
227
228 len = min_t(unsigned int, skb->len, count);
229
230 if (copy_to_user(ptr, skb->data, len))
231 return -EFAULT;
232
233 if (!data->hdev)
234 return len;
235
236 data->hdev->stat.byte_tx += len;
237
238 switch (hci_skb_pkt_type(skb)) {
239 case HCI_COMMAND_PKT:
240 data->hdev->stat.cmd_tx++;
241 break;
242 case HCI_ACLDATA_PKT:
243 data->hdev->stat.acl_tx++;
244 break;
245 case HCI_SCODATA_PKT:
246 data->hdev->stat.sco_tx++;
247 break;
248 }
249
250 return len;
251 }
252
vhci_read(struct file *file, char __user *buf, size_t count, loff_t *pos)253 static ssize_t vhci_read(struct file *file,
254 char __user *buf, size_t count, loff_t *pos)
255 {
256 struct vhci_data *data = file->private_data;
257 struct sk_buff *skb;
258 ssize_t ret = 0;
259
260 while (count) {
261 skb = skb_dequeue(&data->readq);
262 if (skb) {
263 ret = vhci_put_user(data, skb, buf, count);
264 if (ret < 0)
265 skb_queue_head(&data->readq, skb);
266 else
267 kfree_skb(skb);
268 break;
269 }
270
271 if (file->f_flags & O_NONBLOCK) {
272 ret = -EAGAIN;
273 break;
274 }
275
276 ret = wait_event_interruptible(data->read_wait,
277 !skb_queue_empty(&data->readq));
278 if (ret < 0)
279 break;
280 }
281
282 return ret;
283 }
284
vhci_write(struct kiocb *iocb, struct iov_iter *from)285 static ssize_t vhci_write(struct kiocb *iocb, struct iov_iter *from)
286 {
287 struct file *file = iocb->ki_filp;
288 struct vhci_data *data = file->private_data;
289
290 return vhci_get_user(data, from);
291 }
292
vhci_poll(struct file *file, poll_table *wait)293 static __poll_t vhci_poll(struct file *file, poll_table *wait)
294 {
295 struct vhci_data *data = file->private_data;
296
297 poll_wait(file, &data->read_wait, wait);
298
299 if (!skb_queue_empty(&data->readq))
300 return EPOLLIN | EPOLLRDNORM;
301
302 return EPOLLOUT | EPOLLWRNORM;
303 }
304
vhci_open_timeout(struct work_struct *work)305 static void vhci_open_timeout(struct work_struct *work)
306 {
307 struct vhci_data *data = container_of(work, struct vhci_data,
308 open_timeout.work);
309
310 vhci_create_device(data, amp ? HCI_AMP : HCI_PRIMARY);
311 }
312
vhci_open(struct inode *inode, struct file *file)313 static int vhci_open(struct inode *inode, struct file *file)
314 {
315 struct vhci_data *data;
316
317 data = kzalloc(sizeof(struct vhci_data), GFP_KERNEL);
318 if (!data)
319 return -ENOMEM;
320
321 skb_queue_head_init(&data->readq);
322 init_waitqueue_head(&data->read_wait);
323
324 mutex_init(&data->open_mutex);
325 INIT_DELAYED_WORK(&data->open_timeout, vhci_open_timeout);
326
327 file->private_data = data;
328 nonseekable_open(inode, file);
329
330 schedule_delayed_work(&data->open_timeout, msecs_to_jiffies(1000));
331
332 return 0;
333 }
334
vhci_release(struct inode *inode, struct file *file)335 static int vhci_release(struct inode *inode, struct file *file)
336 {
337 struct vhci_data *data = file->private_data;
338 struct hci_dev *hdev;
339
340 cancel_delayed_work_sync(&data->open_timeout);
341
342 hdev = data->hdev;
343
344 if (hdev) {
345 hci_unregister_dev(hdev);
346 hci_free_dev(hdev);
347 }
348
349 skb_queue_purge(&data->readq);
350 file->private_data = NULL;
351 kfree(data);
352
353 return 0;
354 }
355
356 static const struct file_operations vhci_fops = {
357 .owner = THIS_MODULE,
358 .read = vhci_read,
359 .write_iter = vhci_write,
360 .poll = vhci_poll,
361 .open = vhci_open,
362 .release = vhci_release,
363 .llseek = no_llseek,
364 };
365
366 static struct miscdevice vhci_miscdev = {
367 .name = "vhci",
368 .fops = &vhci_fops,
369 .minor = VHCI_MINOR,
370 };
371 module_misc_device(vhci_miscdev);
372
373 module_param(amp, bool, 0644);
374 MODULE_PARM_DESC(amp, "Create AMP controller device");
375
376 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
377 MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION);
378 MODULE_VERSION(VERSION);
379 MODULE_LICENSE("GPL");
380 MODULE_ALIAS("devname:vhci");
381 MODULE_ALIAS_MISCDEV(VHCI_MINOR);
382