0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011 #include <linux/module.h>
0012 #include <asm/unaligned.h>
0013
0014 #include <linux/kernel.h>
0015 #include <linux/init.h>
0016 #include <linux/slab.h>
0017 #include <linux/types.h>
0018 #include <linux/errno.h>
0019 #include <linux/sched.h>
0020 #include <linux/poll.h>
0021
0022 #include <linux/skbuff.h>
0023 #include <linux/miscdevice.h>
0024 #include <linux/debugfs.h>
0025
0026 #include <net/bluetooth/bluetooth.h>
0027 #include <net/bluetooth/hci_core.h>
0028
0029 #define VERSION "1.5"
0030
0031 static bool amp;
0032
0033 struct vhci_data {
0034 struct hci_dev *hdev;
0035
0036 wait_queue_head_t read_wait;
0037 struct sk_buff_head readq;
0038
0039 struct mutex open_mutex;
0040 struct delayed_work open_timeout;
0041 struct work_struct suspend_work;
0042
0043 bool suspended;
0044 bool wakeup;
0045 __u16 msft_opcode;
0046 bool aosp_capable;
0047 };
0048
0049 static int vhci_open_dev(struct hci_dev *hdev)
0050 {
0051 return 0;
0052 }
0053
0054 static int vhci_close_dev(struct hci_dev *hdev)
0055 {
0056 struct vhci_data *data = hci_get_drvdata(hdev);
0057
0058 skb_queue_purge(&data->readq);
0059
0060 return 0;
0061 }
0062
0063 static int vhci_flush(struct hci_dev *hdev)
0064 {
0065 struct vhci_data *data = hci_get_drvdata(hdev);
0066
0067 skb_queue_purge(&data->readq);
0068
0069 return 0;
0070 }
0071
0072 static int vhci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
0073 {
0074 struct vhci_data *data = hci_get_drvdata(hdev);
0075
0076 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
0077 skb_queue_tail(&data->readq, skb);
0078
0079 wake_up_interruptible(&data->read_wait);
0080 return 0;
0081 }
0082
0083 static int vhci_get_data_path_id(struct hci_dev *hdev, u8 *data_path_id)
0084 {
0085 *data_path_id = 0;
0086 return 0;
0087 }
0088
0089 static int vhci_get_codec_config_data(struct hci_dev *hdev, __u8 type,
0090 struct bt_codec *codec, __u8 *vnd_len,
0091 __u8 **vnd_data)
0092 {
0093 if (type != ESCO_LINK)
0094 return -EINVAL;
0095
0096 *vnd_len = 0;
0097 *vnd_data = NULL;
0098 return 0;
0099 }
0100
0101 static bool vhci_wakeup(struct hci_dev *hdev)
0102 {
0103 struct vhci_data *data = hci_get_drvdata(hdev);
0104
0105 return data->wakeup;
0106 }
0107
0108 static ssize_t force_suspend_read(struct file *file, char __user *user_buf,
0109 size_t count, loff_t *ppos)
0110 {
0111 struct vhci_data *data = file->private_data;
0112 char buf[3];
0113
0114 buf[0] = data->suspended ? 'Y' : 'N';
0115 buf[1] = '\n';
0116 buf[2] = '\0';
0117 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
0118 }
0119
0120 static void vhci_suspend_work(struct work_struct *work)
0121 {
0122 struct vhci_data *data = container_of(work, struct vhci_data,
0123 suspend_work);
0124
0125 if (data->suspended)
0126 hci_suspend_dev(data->hdev);
0127 else
0128 hci_resume_dev(data->hdev);
0129 }
0130
0131 static ssize_t force_suspend_write(struct file *file,
0132 const char __user *user_buf,
0133 size_t count, loff_t *ppos)
0134 {
0135 struct vhci_data *data = file->private_data;
0136 bool enable;
0137 int err;
0138
0139 err = kstrtobool_from_user(user_buf, count, &enable);
0140 if (err)
0141 return err;
0142
0143 if (data->suspended == enable)
0144 return -EALREADY;
0145
0146 data->suspended = enable;
0147
0148 schedule_work(&data->suspend_work);
0149
0150 return count;
0151 }
0152
0153 static const struct file_operations force_suspend_fops = {
0154 .open = simple_open,
0155 .read = force_suspend_read,
0156 .write = force_suspend_write,
0157 .llseek = default_llseek,
0158 };
0159
0160 static ssize_t force_wakeup_read(struct file *file, char __user *user_buf,
0161 size_t count, loff_t *ppos)
0162 {
0163 struct vhci_data *data = file->private_data;
0164 char buf[3];
0165
0166 buf[0] = data->wakeup ? 'Y' : 'N';
0167 buf[1] = '\n';
0168 buf[2] = '\0';
0169 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
0170 }
0171
0172 static ssize_t force_wakeup_write(struct file *file,
0173 const char __user *user_buf, size_t count,
0174 loff_t *ppos)
0175 {
0176 struct vhci_data *data = file->private_data;
0177 bool enable;
0178 int err;
0179
0180 err = kstrtobool_from_user(user_buf, count, &enable);
0181 if (err)
0182 return err;
0183
0184 if (data->wakeup == enable)
0185 return -EALREADY;
0186
0187 data->wakeup = enable;
0188
0189 return count;
0190 }
0191
0192 static const struct file_operations force_wakeup_fops = {
0193 .open = simple_open,
0194 .read = force_wakeup_read,
0195 .write = force_wakeup_write,
0196 .llseek = default_llseek,
0197 };
0198
0199 static int msft_opcode_set(void *data, u64 val)
0200 {
0201 struct vhci_data *vhci = data;
0202
0203 if (val > 0xffff || hci_opcode_ogf(val) != 0x3f)
0204 return -EINVAL;
0205
0206 if (vhci->msft_opcode)
0207 return -EALREADY;
0208
0209 vhci->msft_opcode = val;
0210
0211 return 0;
0212 }
0213
0214 static int msft_opcode_get(void *data, u64 *val)
0215 {
0216 struct vhci_data *vhci = data;
0217
0218 *val = vhci->msft_opcode;
0219
0220 return 0;
0221 }
0222
0223 DEFINE_DEBUGFS_ATTRIBUTE(msft_opcode_fops, msft_opcode_get, msft_opcode_set,
0224 "%llu\n");
0225
0226 static ssize_t aosp_capable_read(struct file *file, char __user *user_buf,
0227 size_t count, loff_t *ppos)
0228 {
0229 struct vhci_data *vhci = file->private_data;
0230 char buf[3];
0231
0232 buf[0] = vhci->aosp_capable ? 'Y' : 'N';
0233 buf[1] = '\n';
0234 buf[2] = '\0';
0235 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
0236 }
0237
0238 static ssize_t aosp_capable_write(struct file *file,
0239 const char __user *user_buf, size_t count,
0240 loff_t *ppos)
0241 {
0242 struct vhci_data *vhci = file->private_data;
0243 bool enable;
0244 int err;
0245
0246 err = kstrtobool_from_user(user_buf, count, &enable);
0247 if (err)
0248 return err;
0249
0250 if (!enable)
0251 return -EINVAL;
0252
0253 if (vhci->aosp_capable)
0254 return -EALREADY;
0255
0256 vhci->aosp_capable = enable;
0257
0258 return count;
0259 }
0260
0261 static const struct file_operations aosp_capable_fops = {
0262 .open = simple_open,
0263 .read = aosp_capable_read,
0264 .write = aosp_capable_write,
0265 .llseek = default_llseek,
0266 };
0267
0268 static int vhci_setup(struct hci_dev *hdev)
0269 {
0270 struct vhci_data *vhci = hci_get_drvdata(hdev);
0271
0272 if (vhci->msft_opcode)
0273 hci_set_msft_opcode(hdev, vhci->msft_opcode);
0274
0275 if (vhci->aosp_capable)
0276 hci_set_aosp_capable(hdev);
0277
0278 return 0;
0279 }
0280
0281 static int __vhci_create_device(struct vhci_data *data, __u8 opcode)
0282 {
0283 struct hci_dev *hdev;
0284 struct sk_buff *skb;
0285 __u8 dev_type;
0286
0287 if (data->hdev)
0288 return -EBADFD;
0289
0290
0291 dev_type = opcode & 0x03;
0292
0293 if (dev_type != HCI_PRIMARY && dev_type != HCI_AMP)
0294 return -EINVAL;
0295
0296
0297 if (opcode & 0x3c)
0298 return -EINVAL;
0299
0300 skb = bt_skb_alloc(4, GFP_KERNEL);
0301 if (!skb)
0302 return -ENOMEM;
0303
0304 hdev = hci_alloc_dev();
0305 if (!hdev) {
0306 kfree_skb(skb);
0307 return -ENOMEM;
0308 }
0309
0310 data->hdev = hdev;
0311
0312 hdev->bus = HCI_VIRTUAL;
0313 hdev->dev_type = dev_type;
0314 hci_set_drvdata(hdev, data);
0315
0316 hdev->open = vhci_open_dev;
0317 hdev->close = vhci_close_dev;
0318 hdev->flush = vhci_flush;
0319 hdev->send = vhci_send_frame;
0320 hdev->get_data_path_id = vhci_get_data_path_id;
0321 hdev->get_codec_config_data = vhci_get_codec_config_data;
0322 hdev->wakeup = vhci_wakeup;
0323 hdev->setup = vhci_setup;
0324 set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
0325
0326
0327 if (opcode & 0x40)
0328 set_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks);
0329
0330
0331 if (opcode & 0x80)
0332 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
0333
0334 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
0335
0336 if (hci_register_dev(hdev) < 0) {
0337 BT_ERR("Can't register HCI device");
0338 hci_free_dev(hdev);
0339 data->hdev = NULL;
0340 kfree_skb(skb);
0341 return -EBUSY;
0342 }
0343
0344 debugfs_create_file("force_suspend", 0644, hdev->debugfs, data,
0345 &force_suspend_fops);
0346
0347 debugfs_create_file("force_wakeup", 0644, hdev->debugfs, data,
0348 &force_wakeup_fops);
0349
0350 if (IS_ENABLED(CONFIG_BT_MSFTEXT))
0351 debugfs_create_file("msft_opcode", 0644, hdev->debugfs, data,
0352 &msft_opcode_fops);
0353
0354 if (IS_ENABLED(CONFIG_BT_AOSPEXT))
0355 debugfs_create_file("aosp_capable", 0644, hdev->debugfs, data,
0356 &aosp_capable_fops);
0357
0358 hci_skb_pkt_type(skb) = HCI_VENDOR_PKT;
0359
0360 skb_put_u8(skb, 0xff);
0361 skb_put_u8(skb, opcode);
0362 put_unaligned_le16(hdev->id, skb_put(skb, 2));
0363 skb_queue_tail(&data->readq, skb);
0364
0365 wake_up_interruptible(&data->read_wait);
0366 return 0;
0367 }
0368
0369 static int vhci_create_device(struct vhci_data *data, __u8 opcode)
0370 {
0371 int err;
0372
0373 mutex_lock(&data->open_mutex);
0374 err = __vhci_create_device(data, opcode);
0375 mutex_unlock(&data->open_mutex);
0376
0377 return err;
0378 }
0379
0380 static inline ssize_t vhci_get_user(struct vhci_data *data,
0381 struct iov_iter *from)
0382 {
0383 size_t len = iov_iter_count(from);
0384 struct sk_buff *skb;
0385 __u8 pkt_type, opcode;
0386 int ret;
0387
0388 if (len < 2 || len > HCI_MAX_FRAME_SIZE)
0389 return -EINVAL;
0390
0391 skb = bt_skb_alloc(len, GFP_KERNEL);
0392 if (!skb)
0393 return -ENOMEM;
0394
0395 if (!copy_from_iter_full(skb_put(skb, len), len, from)) {
0396 kfree_skb(skb);
0397 return -EFAULT;
0398 }
0399
0400 pkt_type = *((__u8 *) skb->data);
0401 skb_pull(skb, 1);
0402
0403 switch (pkt_type) {
0404 case HCI_EVENT_PKT:
0405 case HCI_ACLDATA_PKT:
0406 case HCI_SCODATA_PKT:
0407 case HCI_ISODATA_PKT:
0408 if (!data->hdev) {
0409 kfree_skb(skb);
0410 return -ENODEV;
0411 }
0412
0413 hci_skb_pkt_type(skb) = pkt_type;
0414
0415 ret = hci_recv_frame(data->hdev, skb);
0416 break;
0417
0418 case HCI_VENDOR_PKT:
0419 cancel_delayed_work_sync(&data->open_timeout);
0420
0421 opcode = *((__u8 *) skb->data);
0422 skb_pull(skb, 1);
0423
0424 if (skb->len > 0) {
0425 kfree_skb(skb);
0426 return -EINVAL;
0427 }
0428
0429 kfree_skb(skb);
0430
0431 ret = vhci_create_device(data, opcode);
0432 break;
0433
0434 default:
0435 kfree_skb(skb);
0436 return -EINVAL;
0437 }
0438
0439 return (ret < 0) ? ret : len;
0440 }
0441
0442 static inline ssize_t vhci_put_user(struct vhci_data *data,
0443 struct sk_buff *skb,
0444 char __user *buf, int count)
0445 {
0446 char __user *ptr = buf;
0447 int len;
0448
0449 len = min_t(unsigned int, skb->len, count);
0450
0451 if (copy_to_user(ptr, skb->data, len))
0452 return -EFAULT;
0453
0454 if (!data->hdev)
0455 return len;
0456
0457 data->hdev->stat.byte_tx += len;
0458
0459 switch (hci_skb_pkt_type(skb)) {
0460 case HCI_COMMAND_PKT:
0461 data->hdev->stat.cmd_tx++;
0462 break;
0463 case HCI_ACLDATA_PKT:
0464 data->hdev->stat.acl_tx++;
0465 break;
0466 case HCI_SCODATA_PKT:
0467 data->hdev->stat.sco_tx++;
0468 break;
0469 }
0470
0471 return len;
0472 }
0473
0474 static ssize_t vhci_read(struct file *file,
0475 char __user *buf, size_t count, loff_t *pos)
0476 {
0477 struct vhci_data *data = file->private_data;
0478 struct sk_buff *skb;
0479 ssize_t ret = 0;
0480
0481 while (count) {
0482 skb = skb_dequeue(&data->readq);
0483 if (skb) {
0484 ret = vhci_put_user(data, skb, buf, count);
0485 if (ret < 0)
0486 skb_queue_head(&data->readq, skb);
0487 else
0488 kfree_skb(skb);
0489 break;
0490 }
0491
0492 if (file->f_flags & O_NONBLOCK) {
0493 ret = -EAGAIN;
0494 break;
0495 }
0496
0497 ret = wait_event_interruptible(data->read_wait,
0498 !skb_queue_empty(&data->readq));
0499 if (ret < 0)
0500 break;
0501 }
0502
0503 return ret;
0504 }
0505
0506 static ssize_t vhci_write(struct kiocb *iocb, struct iov_iter *from)
0507 {
0508 struct file *file = iocb->ki_filp;
0509 struct vhci_data *data = file->private_data;
0510
0511 return vhci_get_user(data, from);
0512 }
0513
0514 static __poll_t vhci_poll(struct file *file, poll_table *wait)
0515 {
0516 struct vhci_data *data = file->private_data;
0517
0518 poll_wait(file, &data->read_wait, wait);
0519
0520 if (!skb_queue_empty(&data->readq))
0521 return EPOLLIN | EPOLLRDNORM;
0522
0523 return EPOLLOUT | EPOLLWRNORM;
0524 }
0525
0526 static void vhci_open_timeout(struct work_struct *work)
0527 {
0528 struct vhci_data *data = container_of(work, struct vhci_data,
0529 open_timeout.work);
0530
0531 vhci_create_device(data, amp ? HCI_AMP : HCI_PRIMARY);
0532 }
0533
0534 static int vhci_open(struct inode *inode, struct file *file)
0535 {
0536 struct vhci_data *data;
0537
0538 data = kzalloc(sizeof(struct vhci_data), GFP_KERNEL);
0539 if (!data)
0540 return -ENOMEM;
0541
0542 skb_queue_head_init(&data->readq);
0543 init_waitqueue_head(&data->read_wait);
0544
0545 mutex_init(&data->open_mutex);
0546 INIT_DELAYED_WORK(&data->open_timeout, vhci_open_timeout);
0547 INIT_WORK(&data->suspend_work, vhci_suspend_work);
0548
0549 file->private_data = data;
0550 nonseekable_open(inode, file);
0551
0552 schedule_delayed_work(&data->open_timeout, msecs_to_jiffies(1000));
0553
0554 return 0;
0555 }
0556
0557 static int vhci_release(struct inode *inode, struct file *file)
0558 {
0559 struct vhci_data *data = file->private_data;
0560 struct hci_dev *hdev;
0561
0562 cancel_delayed_work_sync(&data->open_timeout);
0563 flush_work(&data->suspend_work);
0564
0565 hdev = data->hdev;
0566
0567 if (hdev) {
0568 hci_unregister_dev(hdev);
0569 hci_free_dev(hdev);
0570 }
0571
0572 skb_queue_purge(&data->readq);
0573 file->private_data = NULL;
0574 kfree(data);
0575
0576 return 0;
0577 }
0578
0579 static const struct file_operations vhci_fops = {
0580 .owner = THIS_MODULE,
0581 .read = vhci_read,
0582 .write_iter = vhci_write,
0583 .poll = vhci_poll,
0584 .open = vhci_open,
0585 .release = vhci_release,
0586 .llseek = no_llseek,
0587 };
0588
0589 static struct miscdevice vhci_miscdev = {
0590 .name = "vhci",
0591 .fops = &vhci_fops,
0592 .minor = VHCI_MINOR,
0593 };
0594 module_misc_device(vhci_miscdev);
0595
0596 module_param(amp, bool, 0644);
0597 MODULE_PARM_DESC(amp, "Create AMP controller device");
0598
0599 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
0600 MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION);
0601 MODULE_VERSION(VERSION);
0602 MODULE_LICENSE("GPL");
0603 MODULE_ALIAS("devname:vhci");
0604 MODULE_ALIAS_MISCDEV(VHCI_MINOR);
