1/*
2 *
3 *  Bluetooth virtual HCI driver
4 *
5 *  Copyright (C) 2000-2001  Qualcomm Incorporated
6 *  Copyright (C) 2002-2003  Maxim Krasnyansky <maxk@qualcomm.com>
7 *  Copyright (C) 2004-2006  Marcel Holtmann <marcel@holtmann.org>
8 *
9 *
10 *  This program is free software; you can redistribute it and/or modify
11 *  it under the terms of the GNU General Public License as published by
12 *  the Free Software Foundation; either version 2 of the License, or
13 *  (at your option) any later version.
14 *
15 *  This program is distributed in the hope that it will be useful,
16 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 *  GNU General Public License for more details.
19 *
20 *  You should have received a copy of the GNU General Public License
21 *  along with this program; if not, write to the Free Software
22 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23 *
24 */
25
26#include <linux/module.h>
27#include <asm/unaligned.h>
28
29#include <linux/kernel.h>
30#include <linux/init.h>
31#include <linux/slab.h>
32#include <linux/types.h>
33#include <linux/errno.h>
34#include <linux/sched.h>
35#include <linux/poll.h>
36
37#include <linux/skbuff.h>
38#include <linux/miscdevice.h>
39
40#include <net/bluetooth/bluetooth.h>
41#include <net/bluetooth/hci_core.h>
42
43#define VERSION "1.5"
44
45static bool amp;
46
47struct vhci_data {
48	struct hci_dev *hdev;
49
50	wait_queue_head_t read_wait;
51	struct sk_buff_head readq;
52
53	struct mutex open_mutex;
54	struct delayed_work open_timeout;
55};
56
57static int vhci_open_dev(struct hci_dev *hdev)
58{
59	set_bit(HCI_RUNNING, &hdev->flags);
60
61	return 0;
62}
63
64static int vhci_close_dev(struct hci_dev *hdev)
65{
66	struct vhci_data *data = hci_get_drvdata(hdev);
67
68	if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
69		return 0;
70
71	skb_queue_purge(&data->readq);
72
73	return 0;
74}
75
76static int vhci_flush(struct hci_dev *hdev)
77{
78	struct vhci_data *data = hci_get_drvdata(hdev);
79
80	skb_queue_purge(&data->readq);
81
82	return 0;
83}
84
85static int vhci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
86{
87	struct vhci_data *data = hci_get_drvdata(hdev);
88
89	if (!test_bit(HCI_RUNNING, &hdev->flags))
90		return -EBUSY;
91
92	memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
93	skb_queue_tail(&data->readq, skb);
94
95	wake_up_interruptible(&data->read_wait);
96	return 0;
97}
98
99static int __vhci_create_device(struct vhci_data *data, __u8 opcode)
100{
101	struct hci_dev *hdev;
102	struct sk_buff *skb;
103	__u8 dev_type;
104
105	if (data->hdev)
106		return -EBADFD;
107
108	/* bits 0-1 are dev_type (BR/EDR or AMP) */
109	dev_type = opcode & 0x03;
110
111	if (dev_type != HCI_BREDR && dev_type != HCI_AMP)
112		return -EINVAL;
113
114	/* bits 2-5 are reserved (must be zero) */
115	if (opcode & 0x3c)
116		return -EINVAL;
117
118	skb = bt_skb_alloc(4, GFP_KERNEL);
119	if (!skb)
120		return -ENOMEM;
121
122	hdev = hci_alloc_dev();
123	if (!hdev) {
124		kfree_skb(skb);
125		return -ENOMEM;
126	}
127
128	data->hdev = hdev;
129
130	hdev->bus = HCI_VIRTUAL;
131	hdev->dev_type = dev_type;
132	hci_set_drvdata(hdev, data);
133
134	hdev->open  = vhci_open_dev;
135	hdev->close = vhci_close_dev;
136	hdev->flush = vhci_flush;
137	hdev->send  = vhci_send_frame;
138
139	/* bit 6 is for external configuration */
140	if (opcode & 0x40)
141		set_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks);
142
143	/* bit 7 is for raw device */
144	if (opcode & 0x80)
145		set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
146
147	if (hci_register_dev(hdev) < 0) {
148		BT_ERR("Can't register HCI device");
149		hci_free_dev(hdev);
150		data->hdev = NULL;
151		kfree_skb(skb);
152		return -EBUSY;
153	}
154
155	bt_cb(skb)->pkt_type = HCI_VENDOR_PKT;
156
157	*skb_put(skb, 1) = 0xff;
158	*skb_put(skb, 1) = opcode;
159	put_unaligned_le16(hdev->id, skb_put(skb, 2));
160	skb_queue_tail(&data->readq, skb);
161
162	wake_up_interruptible(&data->read_wait);
163	return 0;
164}
165
166static int vhci_create_device(struct vhci_data *data, __u8 opcode)
167{
168	int err;
169
170	mutex_lock(&data->open_mutex);
171	err = __vhci_create_device(data, opcode);
172	mutex_unlock(&data->open_mutex);
173
174	return err;
175}
176
177static inline ssize_t vhci_get_user(struct vhci_data *data,
178				    struct iov_iter *from)
179{
180	size_t len = iov_iter_count(from);
181	struct sk_buff *skb;
182	__u8 pkt_type, opcode;
183	int ret;
184
185	if (len < 2 || len > HCI_MAX_FRAME_SIZE)
186		return -EINVAL;
187
188	skb = bt_skb_alloc(len, GFP_KERNEL);
189	if (!skb)
190		return -ENOMEM;
191
192	if (copy_from_iter(skb_put(skb, len), len, from) != len) {
193		kfree_skb(skb);
194		return -EFAULT;
195	}
196
197	pkt_type = *((__u8 *) skb->data);
198	skb_pull(skb, 1);
199
200	switch (pkt_type) {
201	case HCI_EVENT_PKT:
202	case HCI_ACLDATA_PKT:
203	case HCI_SCODATA_PKT:
204		if (!data->hdev) {
205			kfree_skb(skb);
206			return -ENODEV;
207		}
208
209		bt_cb(skb)->pkt_type = pkt_type;
210
211		ret = hci_recv_frame(data->hdev, skb);
212		break;
213
214	case HCI_VENDOR_PKT:
215		cancel_delayed_work_sync(&data->open_timeout);
216
217		opcode = *((__u8 *) skb->data);
218		skb_pull(skb, 1);
219
220		if (skb->len > 0) {
221			kfree_skb(skb);
222			return -EINVAL;
223		}
224
225		kfree_skb(skb);
226
227		ret = vhci_create_device(data, opcode);
228		break;
229
230	default:
231		kfree_skb(skb);
232		return -EINVAL;
233	}
234
235	return (ret < 0) ? ret : len;
236}
237
238static inline ssize_t vhci_put_user(struct vhci_data *data,
239				    struct sk_buff *skb,
240				    char __user *buf, int count)
241{
242	char __user *ptr = buf;
243	int len;
244
245	len = min_t(unsigned int, skb->len, count);
246
247	if (copy_to_user(ptr, skb->data, len))
248		return -EFAULT;
249
250	if (!data->hdev)
251		return len;
252
253	data->hdev->stat.byte_tx += len;
254
255	switch (bt_cb(skb)->pkt_type) {
256	case HCI_COMMAND_PKT:
257		data->hdev->stat.cmd_tx++;
258		break;
259	case HCI_ACLDATA_PKT:
260		data->hdev->stat.acl_tx++;
261		break;
262	case HCI_SCODATA_PKT:
263		data->hdev->stat.sco_tx++;
264		break;
265	}
266
267	return len;
268}
269
270static ssize_t vhci_read(struct file *file,
271			 char __user *buf, size_t count, loff_t *pos)
272{
273	struct vhci_data *data = file->private_data;
274	struct sk_buff *skb;
275	ssize_t ret = 0;
276
277	while (count) {
278		skb = skb_dequeue(&data->readq);
279		if (skb) {
280			ret = vhci_put_user(data, skb, buf, count);
281			if (ret < 0)
282				skb_queue_head(&data->readq, skb);
283			else
284				kfree_skb(skb);
285			break;
286		}
287
288		if (file->f_flags & O_NONBLOCK) {
289			ret = -EAGAIN;
290			break;
291		}
292
293		ret = wait_event_interruptible(data->read_wait,
294					       !skb_queue_empty(&data->readq));
295		if (ret < 0)
296			break;
297	}
298
299	return ret;
300}
301
302static ssize_t vhci_write(struct kiocb *iocb, struct iov_iter *from)
303{
304	struct file *file = iocb->ki_filp;
305	struct vhci_data *data = file->private_data;
306
307	return vhci_get_user(data, from);
308}
309
310static unsigned int vhci_poll(struct file *file, poll_table *wait)
311{
312	struct vhci_data *data = file->private_data;
313
314	poll_wait(file, &data->read_wait, wait);
315
316	if (!skb_queue_empty(&data->readq))
317		return POLLIN | POLLRDNORM;
318
319	return POLLOUT | POLLWRNORM;
320}
321
322static void vhci_open_timeout(struct work_struct *work)
323{
324	struct vhci_data *data = container_of(work, struct vhci_data,
325					      open_timeout.work);
326
327	vhci_create_device(data, amp ? HCI_AMP : HCI_BREDR);
328}
329
330static int vhci_open(struct inode *inode, struct file *file)
331{
332	struct vhci_data *data;
333
334	data = kzalloc(sizeof(struct vhci_data), GFP_KERNEL);
335	if (!data)
336		return -ENOMEM;
337
338	skb_queue_head_init(&data->readq);
339	init_waitqueue_head(&data->read_wait);
340
341	mutex_init(&data->open_mutex);
342	INIT_DELAYED_WORK(&data->open_timeout, vhci_open_timeout);
343
344	file->private_data = data;
345	nonseekable_open(inode, file);
346
347	schedule_delayed_work(&data->open_timeout, msecs_to_jiffies(1000));
348
349	return 0;
350}
351
352static int vhci_release(struct inode *inode, struct file *file)
353{
354	struct vhci_data *data = file->private_data;
355	struct hci_dev *hdev;
356
357	cancel_delayed_work_sync(&data->open_timeout);
358
359	hdev = data->hdev;
360
361	if (hdev) {
362		hci_unregister_dev(hdev);
363		hci_free_dev(hdev);
364	}
365
366	skb_queue_purge(&data->readq);
367	file->private_data = NULL;
368	kfree(data);
369
370	return 0;
371}
372
373static const struct file_operations vhci_fops = {
374	.owner		= THIS_MODULE,
375	.read		= vhci_read,
376	.write_iter	= vhci_write,
377	.poll		= vhci_poll,
378	.open		= vhci_open,
379	.release	= vhci_release,
380	.llseek		= no_llseek,
381};
382
383static struct miscdevice vhci_miscdev= {
384	.name	= "vhci",
385	.fops	= &vhci_fops,
386	.minor	= VHCI_MINOR,
387};
388
389static int __init vhci_init(void)
390{
391	BT_INFO("Virtual HCI driver ver %s", VERSION);
392
393	return misc_register(&vhci_miscdev);
394}
395
396static void __exit vhci_exit(void)
397{
398	misc_deregister(&vhci_miscdev);
399}
400
401module_init(vhci_init);
402module_exit(vhci_exit);
403
404module_param(amp, bool, 0644);
405MODULE_PARM_DESC(amp, "Create AMP controller device");
406
407MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
408MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION);
409MODULE_VERSION(VERSION);
410MODULE_LICENSE("GPL");
411MODULE_ALIAS("devname:vhci");
412MODULE_ALIAS_MISCDEV(VHCI_MINOR);
413