Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/sco.h>
34
35static bool disable_esco;
36
37static const struct proto_ops sco_sock_ops;
38
39static struct bt_sock_list sco_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41};
42
43/* ---- SCO connections ---- */
44struct sco_conn {
45 struct hci_conn *hcon;
46
47 spinlock_t lock;
48 struct sock *sk;
49
50 unsigned int mtu;
51};
52
53#define sco_conn_lock(c) spin_lock(&c->lock);
54#define sco_conn_unlock(c) spin_unlock(&c->lock);
55
56static void sco_sock_close(struct sock *sk);
57static void sco_sock_kill(struct sock *sk);
58
59/* ----- SCO socket info ----- */
60#define sco_pi(sk) ((struct sco_pinfo *) sk)
61
62struct sco_pinfo {
63 struct bt_sock bt;
64 bdaddr_t src;
65 bdaddr_t dst;
66 __u32 flags;
67 __u16 setting;
68 struct sco_conn *conn;
69};
70
71/* ---- SCO timers ---- */
72#define SCO_CONN_TIMEOUT (HZ * 40)
73#define SCO_DISCONN_TIMEOUT (HZ * 2)
74
75static void sco_sock_timeout(unsigned long arg)
76{
77 struct sock *sk = (struct sock *)arg;
78
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
80
81 bh_lock_sock(sk);
82 sk->sk_err = ETIMEDOUT;
83 sk->sk_state_change(sk);
84 bh_unlock_sock(sk);
85
86 sco_sock_kill(sk);
87 sock_put(sk);
88}
89
90static void sco_sock_set_timer(struct sock *sk, long timeout)
91{
92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
94}
95
96static void sco_sock_clear_timer(struct sock *sk)
97{
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99 sk_stop_timer(sk, &sk->sk_timer);
100}
101
102/* ---- SCO connections ---- */
103static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
104{
105 struct hci_dev *hdev = hcon->hdev;
106 struct sco_conn *conn = hcon->sco_data;
107
108 if (conn)
109 return conn;
110
111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
112 if (!conn)
113 return NULL;
114
115 spin_lock_init(&conn->lock);
116
117 hcon->sco_data = conn;
118 conn->hcon = hcon;
119
120 if (hdev->sco_mtu > 0)
121 conn->mtu = hdev->sco_mtu;
122 else
123 conn->mtu = 60;
124
125 BT_DBG("hcon %p conn %p", hcon, conn);
126
127 return conn;
128}
129
130/* Delete channel.
131 * Must be called on the locked socket. */
132static void sco_chan_del(struct sock *sk, int err)
133{
134 struct sco_conn *conn;
135
136 conn = sco_pi(sk)->conn;
137
138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
139
140 if (conn) {
141 sco_conn_lock(conn);
142 conn->sk = NULL;
143 sco_pi(sk)->conn = NULL;
144 sco_conn_unlock(conn);
145
146 if (conn->hcon)
147 hci_conn_drop(conn->hcon);
148 }
149
150 sk->sk_state = BT_CLOSED;
151 sk->sk_err = err;
152 sk->sk_state_change(sk);
153
154 sock_set_flag(sk, SOCK_ZAPPED);
155}
156
157static void sco_conn_del(struct hci_conn *hcon, int err)
158{
159 struct sco_conn *conn = hcon->sco_data;
160 struct sock *sk;
161
162 if (!conn)
163 return;
164
165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
166
167 /* Kill socket */
168 sco_conn_lock(conn);
169 sk = conn->sk;
170 sco_conn_unlock(conn);
171
172 if (sk) {
173 sock_hold(sk);
174 bh_lock_sock(sk);
175 sco_sock_clear_timer(sk);
176 sco_chan_del(sk, err);
177 bh_unlock_sock(sk);
178 sco_sock_kill(sk);
179 sock_put(sk);
180 }
181
182 hcon->sco_data = NULL;
183 kfree(conn);
184}
185
186static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
187 struct sock *parent)
188{
189 BT_DBG("conn %p", conn);
190
191 sco_pi(sk)->conn = conn;
192 conn->sk = sk;
193
194 if (parent)
195 bt_accept_enqueue(parent, sk);
196}
197
198static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
199 struct sock *parent)
200{
201 int err = 0;
202
203 sco_conn_lock(conn);
204 if (conn->sk)
205 err = -EBUSY;
206 else
207 __sco_chan_add(conn, sk, parent);
208
209 sco_conn_unlock(conn);
210 return err;
211}
212
213static int sco_connect(struct sock *sk)
214{
215 struct sco_conn *conn;
216 struct hci_conn *hcon;
217 struct hci_dev *hdev;
218 int err, type;
219
220 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
221
222 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
223 if (!hdev)
224 return -EHOSTUNREACH;
225
226 hci_dev_lock(hdev);
227
228 if (lmp_esco_capable(hdev) && !disable_esco)
229 type = ESCO_LINK;
230 else
231 type = SCO_LINK;
232
233 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
234 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
235 err = -EOPNOTSUPP;
236 goto done;
237 }
238
239 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
240 sco_pi(sk)->setting);
241 if (IS_ERR(hcon)) {
242 err = PTR_ERR(hcon);
243 goto done;
244 }
245
246 conn = sco_conn_add(hcon);
247 if (!conn) {
248 hci_conn_drop(hcon);
249 err = -ENOMEM;
250 goto done;
251 }
252
253 /* Update source addr of the socket */
254 bacpy(&sco_pi(sk)->src, &hcon->src);
255
256 err = sco_chan_add(conn, sk, NULL);
257 if (err)
258 goto done;
259
260 if (hcon->state == BT_CONNECTED) {
261 sco_sock_clear_timer(sk);
262 sk->sk_state = BT_CONNECTED;
263 } else {
264 sk->sk_state = BT_CONNECT;
265 sco_sock_set_timer(sk, sk->sk_sndtimeo);
266 }
267
268done:
269 hci_dev_unlock(hdev);
270 hci_dev_put(hdev);
271 return err;
272}
273
274static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
275{
276 struct sco_conn *conn = sco_pi(sk)->conn;
277 struct sk_buff *skb;
278 int err;
279
280 /* Check outgoing MTU */
281 if (len > conn->mtu)
282 return -EINVAL;
283
284 BT_DBG("sk %p len %d", sk, len);
285
286 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
287 if (!skb)
288 return err;
289
290 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
291 kfree_skb(skb);
292 return -EFAULT;
293 }
294
295 hci_send_sco(conn->hcon, skb);
296
297 return len;
298}
299
300static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
301{
302 struct sock *sk;
303
304 sco_conn_lock(conn);
305 sk = conn->sk;
306 sco_conn_unlock(conn);
307
308 if (!sk)
309 goto drop;
310
311 BT_DBG("sk %p len %d", sk, skb->len);
312
313 if (sk->sk_state != BT_CONNECTED)
314 goto drop;
315
316 if (!sock_queue_rcv_skb(sk, skb))
317 return;
318
319drop:
320 kfree_skb(skb);
321}
322
323/* -------- Socket interface ---------- */
324static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
325{
326 struct sock *sk;
327
328 sk_for_each(sk, &sco_sk_list.head) {
329 if (sk->sk_state != BT_LISTEN)
330 continue;
331
332 if (!bacmp(&sco_pi(sk)->src, ba))
333 return sk;
334 }
335
336 return NULL;
337}
338
339/* Find socket listening on source bdaddr.
340 * Returns closest match.
341 */
342static struct sock *sco_get_sock_listen(bdaddr_t *src)
343{
344 struct sock *sk = NULL, *sk1 = NULL;
345
346 read_lock(&sco_sk_list.lock);
347
348 sk_for_each(sk, &sco_sk_list.head) {
349 if (sk->sk_state != BT_LISTEN)
350 continue;
351
352 /* Exact match. */
353 if (!bacmp(&sco_pi(sk)->src, src))
354 break;
355
356 /* Closest match */
357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
358 sk1 = sk;
359 }
360
361 read_unlock(&sco_sk_list.lock);
362
363 return sk ? sk : sk1;
364}
365
366static void sco_sock_destruct(struct sock *sk)
367{
368 BT_DBG("sk %p", sk);
369
370 skb_queue_purge(&sk->sk_receive_queue);
371 skb_queue_purge(&sk->sk_write_queue);
372}
373
374static void sco_sock_cleanup_listen(struct sock *parent)
375{
376 struct sock *sk;
377
378 BT_DBG("parent %p", parent);
379
380 /* Close not yet accepted channels */
381 while ((sk = bt_accept_dequeue(parent, NULL))) {
382 sco_sock_close(sk);
383 sco_sock_kill(sk);
384 }
385
386 parent->sk_state = BT_CLOSED;
387 sock_set_flag(parent, SOCK_ZAPPED);
388}
389
390/* Kill socket (only if zapped and orphan)
391 * Must be called on unlocked socket.
392 */
393static void sco_sock_kill(struct sock *sk)
394{
395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
396 return;
397
398 BT_DBG("sk %p state %d", sk, sk->sk_state);
399
400 /* Kill poor orphan */
401 bt_sock_unlink(&sco_sk_list, sk);
402 sock_set_flag(sk, SOCK_DEAD);
403 sock_put(sk);
404}
405
406static void __sco_sock_close(struct sock *sk)
407{
408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
409
410 switch (sk->sk_state) {
411 case BT_LISTEN:
412 sco_sock_cleanup_listen(sk);
413 break;
414
415 case BT_CONNECTED:
416 case BT_CONFIG:
417 if (sco_pi(sk)->conn->hcon) {
418 sk->sk_state = BT_DISCONN;
419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
420 sco_conn_lock(sco_pi(sk)->conn);
421 hci_conn_drop(sco_pi(sk)->conn->hcon);
422 sco_pi(sk)->conn->hcon = NULL;
423 sco_conn_unlock(sco_pi(sk)->conn);
424 } else
425 sco_chan_del(sk, ECONNRESET);
426 break;
427
428 case BT_CONNECT2:
429 case BT_CONNECT:
430 case BT_DISCONN:
431 sco_chan_del(sk, ECONNRESET);
432 break;
433
434 default:
435 sock_set_flag(sk, SOCK_ZAPPED);
436 break;
437 }
438}
439
440/* Must be called on unlocked socket. */
441static void sco_sock_close(struct sock *sk)
442{
443 sco_sock_clear_timer(sk);
444 lock_sock(sk);
445 __sco_sock_close(sk);
446 release_sock(sk);
447 sco_sock_kill(sk);
448}
449
450static void sco_sock_init(struct sock *sk, struct sock *parent)
451{
452 BT_DBG("sk %p", sk);
453
454 if (parent) {
455 sk->sk_type = parent->sk_type;
456 bt_sk(sk)->flags = bt_sk(parent)->flags;
457 security_sk_clone(parent, sk);
458 }
459}
460
461static struct proto sco_proto = {
462 .name = "SCO",
463 .owner = THIS_MODULE,
464 .obj_size = sizeof(struct sco_pinfo)
465};
466
467static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
468 int proto, gfp_t prio, int kern)
469{
470 struct sock *sk;
471
472 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
473 if (!sk)
474 return NULL;
475
476 sock_init_data(sock, sk);
477 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
478
479 sk->sk_destruct = sco_sock_destruct;
480 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
481
482 sock_reset_flag(sk, SOCK_ZAPPED);
483
484 sk->sk_protocol = proto;
485 sk->sk_state = BT_OPEN;
486
487 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
488
489 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
490
491 bt_sock_link(&sco_sk_list, sk);
492 return sk;
493}
494
495static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
496 int kern)
497{
498 struct sock *sk;
499
500 BT_DBG("sock %p", sock);
501
502 sock->state = SS_UNCONNECTED;
503
504 if (sock->type != SOCK_SEQPACKET)
505 return -ESOCKTNOSUPPORT;
506
507 sock->ops = &sco_sock_ops;
508
509 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
510 if (!sk)
511 return -ENOMEM;
512
513 sco_sock_init(sk, NULL);
514 return 0;
515}
516
517static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
518 int addr_len)
519{
520 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
521 struct sock *sk = sock->sk;
522 int err = 0;
523
524 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
525
526 if (!addr || addr->sa_family != AF_BLUETOOTH)
527 return -EINVAL;
528
529 if (addr_len < sizeof(struct sockaddr_sco))
530 return -EINVAL;
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573 /* Set destination address and psm */
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642 /* Wait for an incoming connection. (wake-one). */
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int *len, int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692 *len = sizeof(struct sockaddr_sco);
693
694 if (peer)
695 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
696 else
697 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
698
699 return 0;
700}
701
702static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
703 size_t len)
704{
705 struct sock *sk = sock->sk;
706 int err;
707
708 BT_DBG("sock %p, sk %p", sock, sk);
709
710 err = sock_error(sk);
711 if (err)
712 return err;
713
714 if (msg->msg_flags & MSG_OOB)
715 return -EOPNOTSUPP;
716
717 lock_sock(sk);
718
719 if (sk->sk_state == BT_CONNECTED)
720 err = sco_send_frame(sk, msg, len);
721 else
722 err = -ENOTCONN;
723
724 release_sock(sk);
725 return err;
726}
727
728static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
729{
730 struct hci_dev *hdev = conn->hdev;
731
732 BT_DBG("conn %p", conn);
733
734 conn->state = BT_CONFIG;
735
736 if (!lmp_esco_capable(hdev)) {
737 struct hci_cp_accept_conn_req cp;
738
739 bacpy(&cp.bdaddr, &conn->dst);
740 cp.role = 0x00; /* Ignored */
741
742 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
743 } else {
744 struct hci_cp_accept_sync_conn_req cp;
745
746 bacpy(&cp.bdaddr, &conn->dst);
747 cp.pkt_type = cpu_to_le16(conn->pkt_type);
748
749 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
751 cp.content_format = cpu_to_le16(setting);
752
753 switch (setting & SCO_AIRMODE_MASK) {
754 case SCO_AIRMODE_TRANSP:
755 if (conn->pkt_type & ESCO_2EV3)
756 cp.max_latency = cpu_to_le16(0x0008);
757 else
758 cp.max_latency = cpu_to_le16(0x000D);
759 cp.retrans_effort = 0x02;
760 break;
761 case SCO_AIRMODE_CVSD:
762 cp.max_latency = cpu_to_le16(0xffff);
763 cp.retrans_effort = 0xff;
764 break;
765 }
766
767 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
768 sizeof(cp), &cp);
769 }
770}
771
772static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
773 size_t len, int flags)
774{
775 struct sock *sk = sock->sk;
776 struct sco_pinfo *pi = sco_pi(sk);
777
778 lock_sock(sk);
779
780 if (sk->sk_state == BT_CONNECT2 &&
781 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
782 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
783 sk->sk_state = BT_CONFIG;
784
785 release_sock(sk);
786 return 0;
787 }
788
789 release_sock(sk);
790
791 return bt_sock_recvmsg(sock, msg, len, flags);
792}
793
794static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
795 char __user *optval, unsigned int optlen)
796{
797 struct sock *sk = sock->sk;
798 int len, err = 0;
799 struct bt_voice voice;
800 u32 opt;
801
802 BT_DBG("sk %p", sk);
803
804 lock_sock(sk);
805
806 switch (optname) {
807
808 case BT_DEFER_SETUP:
809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
810 err = -EINVAL;
811 break;
812 }
813
814 if (get_user(opt, (u32 __user *) optval)) {
815 err = -EFAULT;
816 break;
817 }
818
819 if (opt)
820 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
821 else
822 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
823 break;
824
825 case BT_VOICE:
826 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
827 sk->sk_state != BT_CONNECT2) {
828 err = -EINVAL;
829 break;
830 }
831
832 voice.setting = sco_pi(sk)->setting;
833
834 len = min_t(unsigned int, sizeof(voice), optlen);
835 if (copy_from_user((char *)&voice, optval, len)) {
836 err = -EFAULT;
837 break;
838 }
839
840 /* Explicitly check for these values */
841 if (voice.setting != BT_VOICE_TRANSPARENT &&
842 voice.setting != BT_VOICE_CVSD_16BIT) {
843 err = -EINVAL;
844 break;
845 }
846
847 sco_pi(sk)->setting = voice.setting;
848 break;
849
850 default:
851 err = -ENOPROTOOPT;
852 break;
853 }
854
855 release_sock(sk);
856 return err;
857}
858
859static int sco_sock_getsockopt_old(struct socket *sock, int optname,
860 char __user *optval, int __user *optlen)
861{
862 struct sock *sk = sock->sk;
863 struct sco_options opts;
864 struct sco_conninfo cinfo;
865 int len, err = 0;
866
867 BT_DBG("sk %p", sk);
868
869 if (get_user(len, optlen))
870 return -EFAULT;
871
872 lock_sock(sk);
873
874 switch (optname) {
875 case SCO_OPTIONS:
876 if (sk->sk_state != BT_CONNECTED &&
877 !(sk->sk_state == BT_CONNECT2 &&
878 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
879 err = -ENOTCONN;
880 break;
881 }
882
883 opts.mtu = sco_pi(sk)->conn->mtu;
884
885 BT_DBG("mtu %d", opts.mtu);
886
887 len = min_t(unsigned int, len, sizeof(opts));
888 if (copy_to_user(optval, (char *)&opts, len))
889 err = -EFAULT;
890
891 break;
892
893 case SCO_CONNINFO:
894 if (sk->sk_state != BT_CONNECTED &&
895 !(sk->sk_state == BT_CONNECT2 &&
896 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
897 err = -ENOTCONN;
898 break;
899 }
900
901 memset(&cinfo, 0, sizeof(cinfo));
902 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
903 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
904
905 len = min_t(unsigned int, len, sizeof(cinfo));
906 if (copy_to_user(optval, (char *)&cinfo, len))
907 err = -EFAULT;
908
909 break;
910
911 default:
912 err = -ENOPROTOOPT;
913 break;
914 }
915
916 release_sock(sk);
917 return err;
918}
919
920static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
921 char __user *optval, int __user *optlen)
922{
923 struct sock *sk = sock->sk;
924 int len, err = 0;
925 struct bt_voice voice;
926
927 BT_DBG("sk %p", sk);
928
929 if (level == SOL_SCO)
930 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
931
932 if (get_user(len, optlen))
933 return -EFAULT;
934
935 lock_sock(sk);
936
937 switch (optname) {
938
939 case BT_DEFER_SETUP:
940 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
941 err = -EINVAL;
942 break;
943 }
944
945 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
946 (u32 __user *)optval))
947 err = -EFAULT;
948
949 break;
950
951 case BT_VOICE:
952 voice.setting = sco_pi(sk)->setting;
953
954 len = min_t(unsigned int, len, sizeof(voice));
955 if (copy_to_user(optval, (char *)&voice, len))
956 err = -EFAULT;
957
958 break;
959
960 default:
961 err = -ENOPROTOOPT;
962 break;
963 }
964
965 release_sock(sk);
966 return err;
967}
968
969static int sco_sock_shutdown(struct socket *sock, int how)
970{
971 struct sock *sk = sock->sk;
972 int err = 0;
973
974 BT_DBG("sock %p, sk %p", sock, sk);
975
976 if (!sk)
977 return 0;
978
979 sock_hold(sk);
980 lock_sock(sk);
981
982 if (!sk->sk_shutdown) {
983 sk->sk_shutdown = SHUTDOWN_MASK;
984 sco_sock_clear_timer(sk);
985 __sco_sock_close(sk);
986
987 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
988 !(current->flags & PF_EXITING))
989 err = bt_sock_wait_state(sk, BT_CLOSED,
990 sk->sk_lingertime);
991 }
992
993 release_sock(sk);
994 sock_put(sk);
995
996 return err;
997}
998
999static int sco_sock_release(struct socket *sock)
1000{
1001 struct sock *sk = sock->sk;
1002 int err = 0;
1003
1004 BT_DBG("sock %p, sk %p", sock, sk);
1005
1006 if (!sk)
1007 return 0;
1008
1009 sco_sock_close(sk);
1010
1011 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1012 !(current->flags & PF_EXITING)) {
1013 lock_sock(sk);
1014 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1015 release_sock(sk);
1016 }
1017
1018 sock_orphan(sk);
1019 sco_sock_kill(sk);
1020 return err;
1021}
1022
1023static void sco_conn_ready(struct sco_conn *conn)
1024{
1025 struct sock *parent;
1026 struct sock *sk = conn->sk;
1027
1028 BT_DBG("conn %p", conn);
1029
1030 if (sk) {
1031 sco_sock_clear_timer(sk);
1032 bh_lock_sock(sk);
1033 sk->sk_state = BT_CONNECTED;
1034 sk->sk_state_change(sk);
1035 bh_unlock_sock(sk);
1036 } else {
1037 sco_conn_lock(conn);
1038
1039 if (!conn->hcon) {
1040 sco_conn_unlock(conn);
1041 return;
1042 }
1043
1044 parent = sco_get_sock_listen(&conn->hcon->src);
1045 if (!parent) {
1046 sco_conn_unlock(conn);
1047 return;
1048 }
1049
1050 bh_lock_sock(parent);
1051
1052 sk = sco_sock_alloc(sock_net(parent), NULL,
1053 BTPROTO_SCO, GFP_ATOMIC, 0);
1054 if (!sk) {
1055 bh_unlock_sock(parent);
1056 sco_conn_unlock(conn);
1057 return;
1058 }
1059
1060 sco_sock_init(sk, parent);
1061
1062 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1063 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1064
1065 hci_conn_hold(conn->hcon);
1066 __sco_chan_add(conn, sk, parent);
1067
1068 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1069 sk->sk_state = BT_CONNECT2;
1070 else
1071 sk->sk_state = BT_CONNECTED;
1072
1073 /* Wake up parent */
1074 parent->sk_data_ready(parent);
1075
1076 bh_unlock_sock(parent);
1077
1078 sco_conn_unlock(conn);
1079 }
1080}
1081
1082/* ----- SCO interface with lower layer (HCI) ----- */
1083int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1084{
1085 struct sock *sk;
1086 int lm = 0;
1087
1088 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1089
1090 /* Find listening sockets */
1091 read_lock(&sco_sk_list.lock);
1092 sk_for_each(sk, &sco_sk_list.head) {
1093 if (sk->sk_state != BT_LISTEN)
1094 continue;
1095
1096 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1097 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1098 lm |= HCI_LM_ACCEPT;
1099
1100 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1101 *flags |= HCI_PROTO_DEFER;
1102 break;
1103 }
1104 }
1105 read_unlock(&sco_sk_list.lock);
1106
1107 return lm;
1108}
1109
1110static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1111{
1112 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1113 return;
1114
1115 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1116
1117 if (!status) {
1118 struct sco_conn *conn;
1119
1120 conn = sco_conn_add(hcon);
1121 if (conn)
1122 sco_conn_ready(conn);
1123 } else
1124 sco_conn_del(hcon, bt_to_errno(status));
1125}
1126
1127static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1128{
1129 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1130 return;
1131
1132 BT_DBG("hcon %p reason %d", hcon, reason);
1133
1134 sco_conn_del(hcon, bt_to_errno(reason));
1135}
1136
1137void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1138{
1139 struct sco_conn *conn = hcon->sco_data;
1140
1141 if (!conn)
1142 goto drop;
1143
1144 BT_DBG("conn %p len %d", conn, skb->len);
1145
1146 if (skb->len) {
1147 sco_recv_frame(conn, skb);
1148 return;
1149 }
1150
1151drop:
1152 kfree_skb(skb);
1153}
1154
1155static struct hci_cb sco_cb = {
1156 .name = "SCO",
1157 .connect_cfm = sco_connect_cfm,
1158 .disconn_cfm = sco_disconn_cfm,
1159};
1160
1161static int sco_debugfs_show(struct seq_file *f, void *p)
1162{
1163 struct sock *sk;
1164
1165 read_lock(&sco_sk_list.lock);
1166
1167 sk_for_each(sk, &sco_sk_list.head) {
1168 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1169 &sco_pi(sk)->dst, sk->sk_state);
1170 }
1171
1172 read_unlock(&sco_sk_list.lock);
1173
1174 return 0;
1175}
1176
1177static int sco_debugfs_open(struct inode *inode, struct file *file)
1178{
1179 return single_open(file, sco_debugfs_show, inode->i_private);
1180}
1181
1182static const struct file_operations sco_debugfs_fops = {
1183 .open = sco_debugfs_open,
1184 .read = seq_read,
1185 .llseek = seq_lseek,
1186 .release = single_release,
1187};
1188
1189static struct dentry *sco_debugfs;
1190
1191static const struct proto_ops sco_sock_ops = {
1192 .family = PF_BLUETOOTH,
1193 .owner = THIS_MODULE,
1194 .release = sco_sock_release,
1195 .bind = sco_sock_bind,
1196 .connect = sco_sock_connect,
1197 .listen = sco_sock_listen,
1198 .accept = sco_sock_accept,
1199 .getname = sco_sock_getname,
1200 .sendmsg = sco_sock_sendmsg,
1201 .recvmsg = sco_sock_recvmsg,
1202 .poll = bt_sock_poll,
1203 .ioctl = bt_sock_ioctl,
1204 .mmap = sock_no_mmap,
1205 .socketpair = sock_no_socketpair,
1206 .shutdown = sco_sock_shutdown,
1207 .setsockopt = sco_sock_setsockopt,
1208 .getsockopt = sco_sock_getsockopt
1209};
1210
1211static const struct net_proto_family sco_sock_family_ops = {
1212 .family = PF_BLUETOOTH,
1213 .owner = THIS_MODULE,
1214 .create = sco_sock_create,
1215};
1216
1217int __init sco_init(void)
1218{
1219 int err;
1220
1221 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1222
1223 err = proto_register(&sco_proto, 0);
1224 if (err < 0)
1225 return err;
1226
1227 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1228 if (err < 0) {
1229 BT_ERR("SCO socket registration failed");
1230 goto error;
1231 }
1232
1233 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1234 if (err < 0) {
1235 BT_ERR("Failed to create SCO proc file");
1236 bt_sock_unregister(BTPROTO_SCO);
1237 goto error;
1238 }
1239
1240 BT_INFO("SCO socket layer initialized");
1241
1242 hci_register_cb(&sco_cb);
1243
1244 if (IS_ERR_OR_NULL(bt_debugfs))
1245 return 0;
1246
1247 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1248 NULL, &sco_debugfs_fops);
1249
1250 return 0;
1251
1252error:
1253 proto_unregister(&sco_proto);
1254 return err;
1255}
1256
1257void sco_exit(void)
1258{
1259 bt_procfs_cleanup(&init_net, "sco");
1260
1261 debugfs_remove(sco_debugfs);
1262
1263 hci_unregister_cb(&sco_cb);
1264
1265 bt_sock_unregister(BTPROTO_SCO);
1266
1267 proto_unregister(&sco_proto);
1268}
1269
1270module_param(disable_esco, bool, 0644);
1271MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73};
74
75/* ---- SCO timers ---- */
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 bh_lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 bh_unlock_sock(sk);
100
101 sock_put(sk);
102}
103
104static void sco_sock_set_timer(struct sock *sk, long timeout)
105{
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112}
113
114static void sco_sock_clear_timer(struct sock *sk)
115{
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121}
122
123/* ---- SCO connections ---- */
124static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125{
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137
138 hcon->sco_data = conn;
139 conn->hcon = hcon;
140
141 if (hdev->sco_mtu > 0)
142 conn->mtu = hdev->sco_mtu;
143 else
144 conn->mtu = 60;
145
146 BT_DBG("hcon %p conn %p", hcon, conn);
147
148 return conn;
149}
150
151/* Delete channel.
152 * Must be called on the locked socket. */
153static void sco_chan_del(struct sock *sk, int err)
154{
155 struct sco_conn *conn;
156
157 conn = sco_pi(sk)->conn;
158
159 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
160
161 if (conn) {
162 sco_conn_lock(conn);
163 conn->sk = NULL;
164 sco_pi(sk)->conn = NULL;
165 sco_conn_unlock(conn);
166
167 if (conn->hcon)
168 hci_conn_drop(conn->hcon);
169 }
170
171 sk->sk_state = BT_CLOSED;
172 sk->sk_err = err;
173 sk->sk_state_change(sk);
174
175 sock_set_flag(sk, SOCK_ZAPPED);
176}
177
178static void sco_conn_del(struct hci_conn *hcon, int err)
179{
180 struct sco_conn *conn = hcon->sco_data;
181 struct sock *sk;
182
183 if (!conn)
184 return;
185
186 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
187
188 /* Kill socket */
189 sco_conn_lock(conn);
190 sk = conn->sk;
191 sco_conn_unlock(conn);
192
193 if (sk) {
194 sock_hold(sk);
195 bh_lock_sock(sk);
196 sco_sock_clear_timer(sk);
197 sco_chan_del(sk, err);
198 bh_unlock_sock(sk);
199 sock_put(sk);
200
201 /* Ensure no more work items will run before freeing conn. */
202 cancel_delayed_work_sync(&conn->timeout_work);
203 }
204
205 hcon->sco_data = NULL;
206 kfree(conn);
207}
208
209static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
210 struct sock *parent)
211{
212 BT_DBG("conn %p", conn);
213
214 sco_pi(sk)->conn = conn;
215 conn->sk = sk;
216
217 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
218
219 if (parent)
220 bt_accept_enqueue(parent, sk, true);
221}
222
223static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
224 struct sock *parent)
225{
226 int err = 0;
227
228 sco_conn_lock(conn);
229 if (conn->sk)
230 err = -EBUSY;
231 else
232 __sco_chan_add(conn, sk, parent);
233
234 sco_conn_unlock(conn);
235 return err;
236}
237
238static int sco_connect(struct hci_dev *hdev, struct sock *sk)
239{
240 struct sco_conn *conn;
241 struct hci_conn *hcon;
242 int err, type;
243
244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
245
246 if (lmp_esco_capable(hdev) && !disable_esco)
247 type = ESCO_LINK;
248 else
249 type = SCO_LINK;
250
251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
253 return -EOPNOTSUPP;
254
255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
256 sco_pi(sk)->setting);
257 if (IS_ERR(hcon))
258 return PTR_ERR(hcon);
259
260 conn = sco_conn_add(hcon);
261 if (!conn) {
262 hci_conn_drop(hcon);
263 return -ENOMEM;
264 }
265
266 /* Update source addr of the socket */
267 bacpy(&sco_pi(sk)->src, &hcon->src);
268
269 err = sco_chan_add(conn, sk, NULL);
270 if (err)
271 return err;
272
273 if (hcon->state == BT_CONNECTED) {
274 sco_sock_clear_timer(sk);
275 sk->sk_state = BT_CONNECTED;
276 } else {
277 sk->sk_state = BT_CONNECT;
278 sco_sock_set_timer(sk, sk->sk_sndtimeo);
279 }
280
281 return err;
282}
283
284static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
285{
286 struct sco_conn *conn = sco_pi(sk)->conn;
287 struct sk_buff *skb;
288 int err;
289
290 /* Check outgoing MTU */
291 if (len > conn->mtu)
292 return -EINVAL;
293
294 BT_DBG("sk %p len %d", sk, len);
295
296 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
297 if (!skb)
298 return err;
299
300 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
301 kfree_skb(skb);
302 return -EFAULT;
303 }
304
305 hci_send_sco(conn->hcon, skb);
306
307 return len;
308}
309
310static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
311{
312 struct sock *sk;
313
314 sco_conn_lock(conn);
315 sk = conn->sk;
316 sco_conn_unlock(conn);
317
318 if (!sk)
319 goto drop;
320
321 BT_DBG("sk %p len %u", sk, skb->len);
322
323 if (sk->sk_state != BT_CONNECTED)
324 goto drop;
325
326 if (!sock_queue_rcv_skb(sk, skb))
327 return;
328
329drop:
330 kfree_skb(skb);
331}
332
333/* -------- Socket interface ---------- */
334static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
335{
336 struct sock *sk;
337
338 sk_for_each(sk, &sco_sk_list.head) {
339 if (sk->sk_state != BT_LISTEN)
340 continue;
341
342 if (!bacmp(&sco_pi(sk)->src, ba))
343 return sk;
344 }
345
346 return NULL;
347}
348
349/* Find socket listening on source bdaddr.
350 * Returns closest match.
351 */
352static struct sock *sco_get_sock_listen(bdaddr_t *src)
353{
354 struct sock *sk = NULL, *sk1 = NULL;
355
356 read_lock(&sco_sk_list.lock);
357
358 sk_for_each(sk, &sco_sk_list.head) {
359 if (sk->sk_state != BT_LISTEN)
360 continue;
361
362 /* Exact match. */
363 if (!bacmp(&sco_pi(sk)->src, src))
364 break;
365
366 /* Closest match */
367 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
368 sk1 = sk;
369 }
370
371 read_unlock(&sco_sk_list.lock);
372
373 return sk ? sk : sk1;
374}
375
376static void sco_sock_destruct(struct sock *sk)
377{
378 BT_DBG("sk %p", sk);
379
380 skb_queue_purge(&sk->sk_receive_queue);
381 skb_queue_purge(&sk->sk_write_queue);
382}
383
384static void sco_sock_cleanup_listen(struct sock *parent)
385{
386 struct sock *sk;
387
388 BT_DBG("parent %p", parent);
389
390 /* Close not yet accepted channels */
391 while ((sk = bt_accept_dequeue(parent, NULL))) {
392 sco_sock_close(sk);
393 sco_sock_kill(sk);
394 }
395
396 parent->sk_state = BT_CLOSED;
397 sock_set_flag(parent, SOCK_ZAPPED);
398}
399
400/* Kill socket (only if zapped and orphan)
401 * Must be called on unlocked socket.
402 */
403static void sco_sock_kill(struct sock *sk)
404{
405 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
406 return;
407
408 BT_DBG("sk %p state %d", sk, sk->sk_state);
409
410 /* Kill poor orphan */
411 bt_sock_unlink(&sco_sk_list, sk);
412 sock_set_flag(sk, SOCK_DEAD);
413 sock_put(sk);
414}
415
416static void __sco_sock_close(struct sock *sk)
417{
418 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
419
420 switch (sk->sk_state) {
421 case BT_LISTEN:
422 sco_sock_cleanup_listen(sk);
423 break;
424
425 case BT_CONNECTED:
426 case BT_CONFIG:
427 if (sco_pi(sk)->conn->hcon) {
428 sk->sk_state = BT_DISCONN;
429 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
430 sco_conn_lock(sco_pi(sk)->conn);
431 hci_conn_drop(sco_pi(sk)->conn->hcon);
432 sco_pi(sk)->conn->hcon = NULL;
433 sco_conn_unlock(sco_pi(sk)->conn);
434 } else
435 sco_chan_del(sk, ECONNRESET);
436 break;
437
438 case BT_CONNECT2:
439 case BT_CONNECT:
440 case BT_DISCONN:
441 sco_chan_del(sk, ECONNRESET);
442 break;
443
444 default:
445 sock_set_flag(sk, SOCK_ZAPPED);
446 break;
447 }
448}
449
450/* Must be called on unlocked socket. */
451static void sco_sock_close(struct sock *sk)
452{
453 sco_sock_clear_timer(sk);
454 lock_sock(sk);
455 __sco_sock_close(sk);
456 release_sock(sk);
457}
458
459static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
460 struct sock *sk)
461{
462 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
463 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
464 sizeof(bt_cb(skb)->sco.pkt_status),
465 &bt_cb(skb)->sco.pkt_status);
466}
467
468static void sco_sock_init(struct sock *sk, struct sock *parent)
469{
470 BT_DBG("sk %p", sk);
471
472 if (parent) {
473 sk->sk_type = parent->sk_type;
474 bt_sk(sk)->flags = bt_sk(parent)->flags;
475 security_sk_clone(parent, sk);
476 } else {
477 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
478 }
479}
480
481static struct proto sco_proto = {
482 .name = "SCO",
483 .owner = THIS_MODULE,
484 .obj_size = sizeof(struct sco_pinfo)
485};
486
487static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
488 int proto, gfp_t prio, int kern)
489{
490 struct sock *sk;
491
492 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
493 if (!sk)
494 return NULL;
495
496 sock_init_data(sock, sk);
497 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
498
499 sk->sk_destruct = sco_sock_destruct;
500 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
501
502 sock_reset_flag(sk, SOCK_ZAPPED);
503
504 sk->sk_protocol = proto;
505 sk->sk_state = BT_OPEN;
506
507 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
508
509 bt_sock_link(&sco_sk_list, sk);
510 return sk;
511}
512
513static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
514 int kern)
515{
516 struct sock *sk;
517
518 BT_DBG("sock %p", sock);
519
520 sock->state = SS_UNCONNECTED;
521
522 if (sock->type != SOCK_SEQPACKET)
523 return -ESOCKTNOSUPPORT;
524
525 sock->ops = &sco_sock_ops;
526
527 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
528 if (!sk)
529 return -ENOMEM;
530
531 sco_sock_init(sk, NULL);
532 return 0;
533}
534
535static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
536 int addr_len)
537{
538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
539 struct sock *sk = sock->sk;
540 int err = 0;
541
542 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
543 addr->sa_family != AF_BLUETOOTH)
544 return -EINVAL;
545
546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
547
548 lock_sock(sk);
549
550 if (sk->sk_state != BT_OPEN) {
551 err = -EBADFD;
552 goto done;
553 }
554
555 if (sk->sk_type != SOCK_SEQPACKET) {
556 err = -EINVAL;
557 goto done;
558 }
559
560 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
561
562 sk->sk_state = BT_BOUND;
563
564done:
565 release_sock(sk);
566 return err;
567}
568
569static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
570{
571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
572 struct sock *sk = sock->sk;
573 struct hci_dev *hdev;
574 int err;
575
576 BT_DBG("sk %p", sk);
577
578 if (alen < sizeof(struct sockaddr_sco) ||
579 addr->sa_family != AF_BLUETOOTH)
580 return -EINVAL;
581
582 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
583 return -EBADFD;
584
585 if (sk->sk_type != SOCK_SEQPACKET)
586 return -EINVAL;
587
588 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
589 if (!hdev)
590 return -EHOSTUNREACH;
591 hci_dev_lock(hdev);
592
593 lock_sock(sk);
594
595 /* Set destination address and psm */
596 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
597
598 err = sco_connect(hdev, sk);
599 hci_dev_unlock(hdev);
600 hci_dev_put(hdev);
601 if (err)
602 goto done;
603
604 err = bt_sock_wait_state(sk, BT_CONNECTED,
605 sock_sndtimeo(sk, flags & O_NONBLOCK));
606
607done:
608 release_sock(sk);
609 return err;
610}
611
612static int sco_sock_listen(struct socket *sock, int backlog)
613{
614 struct sock *sk = sock->sk;
615 bdaddr_t *src = &sco_pi(sk)->src;
616 int err = 0;
617
618 BT_DBG("sk %p backlog %d", sk, backlog);
619
620 lock_sock(sk);
621
622 if (sk->sk_state != BT_BOUND) {
623 err = -EBADFD;
624 goto done;
625 }
626
627 if (sk->sk_type != SOCK_SEQPACKET) {
628 err = -EINVAL;
629 goto done;
630 }
631
632 write_lock(&sco_sk_list.lock);
633
634 if (__sco_get_sock_listen_by_addr(src)) {
635 err = -EADDRINUSE;
636 goto unlock;
637 }
638
639 sk->sk_max_ack_backlog = backlog;
640 sk->sk_ack_backlog = 0;
641
642 sk->sk_state = BT_LISTEN;
643
644unlock:
645 write_unlock(&sco_sk_list.lock);
646
647done:
648 release_sock(sk);
649 return err;
650}
651
652static int sco_sock_accept(struct socket *sock, struct socket *newsock,
653 int flags, bool kern)
654{
655 DEFINE_WAIT_FUNC(wait, woken_wake_function);
656 struct sock *sk = sock->sk, *ch;
657 long timeo;
658 int err = 0;
659
660 lock_sock(sk);
661
662 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
663
664 BT_DBG("sk %p timeo %ld", sk, timeo);
665
666 /* Wait for an incoming connection. (wake-one). */
667 add_wait_queue_exclusive(sk_sleep(sk), &wait);
668 while (1) {
669 if (sk->sk_state != BT_LISTEN) {
670 err = -EBADFD;
671 break;
672 }
673
674 ch = bt_accept_dequeue(sk, newsock);
675 if (ch)
676 break;
677
678 if (!timeo) {
679 err = -EAGAIN;
680 break;
681 }
682
683 if (signal_pending(current)) {
684 err = sock_intr_errno(timeo);
685 break;
686 }
687
688 release_sock(sk);
689
690 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
691 lock_sock(sk);
692 }
693 remove_wait_queue(sk_sleep(sk), &wait);
694
695 if (err)
696 goto done;
697
698 newsock->state = SS_CONNECTED;
699
700 BT_DBG("new socket %p", ch);
701
702done:
703 release_sock(sk);
704 return err;
705}
706
707static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
708 int peer)
709{
710 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
711 struct sock *sk = sock->sk;
712
713 BT_DBG("sock %p, sk %p", sock, sk);
714
715 addr->sa_family = AF_BLUETOOTH;
716
717 if (peer)
718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
719 else
720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
721
722 return sizeof(struct sockaddr_sco);
723}
724
725static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
726 size_t len)
727{
728 struct sock *sk = sock->sk;
729 int err;
730
731 BT_DBG("sock %p, sk %p", sock, sk);
732
733 err = sock_error(sk);
734 if (err)
735 return err;
736
737 if (msg->msg_flags & MSG_OOB)
738 return -EOPNOTSUPP;
739
740 lock_sock(sk);
741
742 if (sk->sk_state == BT_CONNECTED)
743 err = sco_send_frame(sk, msg, len);
744 else
745 err = -ENOTCONN;
746
747 release_sock(sk);
748 return err;
749}
750
751static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
752{
753 struct hci_dev *hdev = conn->hdev;
754
755 BT_DBG("conn %p", conn);
756
757 conn->state = BT_CONFIG;
758
759 if (!lmp_esco_capable(hdev)) {
760 struct hci_cp_accept_conn_req cp;
761
762 bacpy(&cp.bdaddr, &conn->dst);
763 cp.role = 0x00; /* Ignored */
764
765 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
766 } else {
767 struct hci_cp_accept_sync_conn_req cp;
768
769 bacpy(&cp.bdaddr, &conn->dst);
770 cp.pkt_type = cpu_to_le16(conn->pkt_type);
771
772 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
773 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
774 cp.content_format = cpu_to_le16(setting);
775
776 switch (setting & SCO_AIRMODE_MASK) {
777 case SCO_AIRMODE_TRANSP:
778 if (conn->pkt_type & ESCO_2EV3)
779 cp.max_latency = cpu_to_le16(0x0008);
780 else
781 cp.max_latency = cpu_to_le16(0x000D);
782 cp.retrans_effort = 0x02;
783 break;
784 case SCO_AIRMODE_CVSD:
785 cp.max_latency = cpu_to_le16(0xffff);
786 cp.retrans_effort = 0xff;
787 break;
788 default:
789 /* use CVSD settings as fallback */
790 cp.max_latency = cpu_to_le16(0xffff);
791 cp.retrans_effort = 0xff;
792 break;
793 }
794
795 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
796 sizeof(cp), &cp);
797 }
798}
799
800static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
801 size_t len, int flags)
802{
803 struct sock *sk = sock->sk;
804 struct sco_pinfo *pi = sco_pi(sk);
805
806 lock_sock(sk);
807
808 if (sk->sk_state == BT_CONNECT2 &&
809 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
810 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
811 sk->sk_state = BT_CONFIG;
812
813 release_sock(sk);
814 return 0;
815 }
816
817 release_sock(sk);
818
819 return bt_sock_recvmsg(sock, msg, len, flags);
820}
821
822static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
823 sockptr_t optval, unsigned int optlen)
824{
825 struct sock *sk = sock->sk;
826 int len, err = 0;
827 struct bt_voice voice;
828 u32 opt;
829
830 BT_DBG("sk %p", sk);
831
832 lock_sock(sk);
833
834 switch (optname) {
835
836 case BT_DEFER_SETUP:
837 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
838 err = -EINVAL;
839 break;
840 }
841
842 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
843 err = -EFAULT;
844 break;
845 }
846
847 if (opt)
848 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
849 else
850 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
851 break;
852
853 case BT_VOICE:
854 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
855 sk->sk_state != BT_CONNECT2) {
856 err = -EINVAL;
857 break;
858 }
859
860 voice.setting = sco_pi(sk)->setting;
861
862 len = min_t(unsigned int, sizeof(voice), optlen);
863 if (copy_from_sockptr(&voice, optval, len)) {
864 err = -EFAULT;
865 break;
866 }
867
868 /* Explicitly check for these values */
869 if (voice.setting != BT_VOICE_TRANSPARENT &&
870 voice.setting != BT_VOICE_CVSD_16BIT) {
871 err = -EINVAL;
872 break;
873 }
874
875 sco_pi(sk)->setting = voice.setting;
876 break;
877
878 case BT_PKT_STATUS:
879 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
880 err = -EFAULT;
881 break;
882 }
883
884 if (opt)
885 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
886 else
887 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
888 break;
889
890 default:
891 err = -ENOPROTOOPT;
892 break;
893 }
894
895 release_sock(sk);
896 return err;
897}
898
899static int sco_sock_getsockopt_old(struct socket *sock, int optname,
900 char __user *optval, int __user *optlen)
901{
902 struct sock *sk = sock->sk;
903 struct sco_options opts;
904 struct sco_conninfo cinfo;
905 int len, err = 0;
906
907 BT_DBG("sk %p", sk);
908
909 if (get_user(len, optlen))
910 return -EFAULT;
911
912 lock_sock(sk);
913
914 switch (optname) {
915 case SCO_OPTIONS:
916 if (sk->sk_state != BT_CONNECTED &&
917 !(sk->sk_state == BT_CONNECT2 &&
918 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
919 err = -ENOTCONN;
920 break;
921 }
922
923 opts.mtu = sco_pi(sk)->conn->mtu;
924
925 BT_DBG("mtu %u", opts.mtu);
926
927 len = min_t(unsigned int, len, sizeof(opts));
928 if (copy_to_user(optval, (char *)&opts, len))
929 err = -EFAULT;
930
931 break;
932
933 case SCO_CONNINFO:
934 if (sk->sk_state != BT_CONNECTED &&
935 !(sk->sk_state == BT_CONNECT2 &&
936 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
937 err = -ENOTCONN;
938 break;
939 }
940
941 memset(&cinfo, 0, sizeof(cinfo));
942 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
943 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
944
945 len = min_t(unsigned int, len, sizeof(cinfo));
946 if (copy_to_user(optval, (char *)&cinfo, len))
947 err = -EFAULT;
948
949 break;
950
951 default:
952 err = -ENOPROTOOPT;
953 break;
954 }
955
956 release_sock(sk);
957 return err;
958}
959
960static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
961 char __user *optval, int __user *optlen)
962{
963 struct sock *sk = sock->sk;
964 int len, err = 0;
965 struct bt_voice voice;
966 u32 phys;
967 int pkt_status;
968
969 BT_DBG("sk %p", sk);
970
971 if (level == SOL_SCO)
972 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
973
974 if (get_user(len, optlen))
975 return -EFAULT;
976
977 lock_sock(sk);
978
979 switch (optname) {
980
981 case BT_DEFER_SETUP:
982 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
983 err = -EINVAL;
984 break;
985 }
986
987 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
988 (u32 __user *)optval))
989 err = -EFAULT;
990
991 break;
992
993 case BT_VOICE:
994 voice.setting = sco_pi(sk)->setting;
995
996 len = min_t(unsigned int, len, sizeof(voice));
997 if (copy_to_user(optval, (char *)&voice, len))
998 err = -EFAULT;
999
1000 break;
1001
1002 case BT_PHY:
1003 if (sk->sk_state != BT_CONNECTED) {
1004 err = -ENOTCONN;
1005 break;
1006 }
1007
1008 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1009
1010 if (put_user(phys, (u32 __user *) optval))
1011 err = -EFAULT;
1012 break;
1013
1014 case BT_PKT_STATUS:
1015 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1016
1017 if (put_user(pkt_status, (int __user *)optval))
1018 err = -EFAULT;
1019 break;
1020
1021 case BT_SNDMTU:
1022 case BT_RCVMTU:
1023 if (sk->sk_state != BT_CONNECTED) {
1024 err = -ENOTCONN;
1025 break;
1026 }
1027
1028 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1029 err = -EFAULT;
1030 break;
1031
1032 default:
1033 err = -ENOPROTOOPT;
1034 break;
1035 }
1036
1037 release_sock(sk);
1038 return err;
1039}
1040
1041static int sco_sock_shutdown(struct socket *sock, int how)
1042{
1043 struct sock *sk = sock->sk;
1044 int err = 0;
1045
1046 BT_DBG("sock %p, sk %p", sock, sk);
1047
1048 if (!sk)
1049 return 0;
1050
1051 sock_hold(sk);
1052 lock_sock(sk);
1053
1054 if (!sk->sk_shutdown) {
1055 sk->sk_shutdown = SHUTDOWN_MASK;
1056 sco_sock_clear_timer(sk);
1057 __sco_sock_close(sk);
1058
1059 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1060 !(current->flags & PF_EXITING))
1061 err = bt_sock_wait_state(sk, BT_CLOSED,
1062 sk->sk_lingertime);
1063 }
1064
1065 release_sock(sk);
1066 sock_put(sk);
1067
1068 return err;
1069}
1070
1071static int sco_sock_release(struct socket *sock)
1072{
1073 struct sock *sk = sock->sk;
1074 int err = 0;
1075
1076 BT_DBG("sock %p, sk %p", sock, sk);
1077
1078 if (!sk)
1079 return 0;
1080
1081 sco_sock_close(sk);
1082
1083 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1084 !(current->flags & PF_EXITING)) {
1085 lock_sock(sk);
1086 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1087 release_sock(sk);
1088 }
1089
1090 sock_orphan(sk);
1091 sco_sock_kill(sk);
1092 return err;
1093}
1094
1095static void sco_conn_ready(struct sco_conn *conn)
1096{
1097 struct sock *parent;
1098 struct sock *sk = conn->sk;
1099
1100 BT_DBG("conn %p", conn);
1101
1102 if (sk) {
1103 sco_sock_clear_timer(sk);
1104 bh_lock_sock(sk);
1105 sk->sk_state = BT_CONNECTED;
1106 sk->sk_state_change(sk);
1107 bh_unlock_sock(sk);
1108 } else {
1109 sco_conn_lock(conn);
1110
1111 if (!conn->hcon) {
1112 sco_conn_unlock(conn);
1113 return;
1114 }
1115
1116 parent = sco_get_sock_listen(&conn->hcon->src);
1117 if (!parent) {
1118 sco_conn_unlock(conn);
1119 return;
1120 }
1121
1122 bh_lock_sock(parent);
1123
1124 sk = sco_sock_alloc(sock_net(parent), NULL,
1125 BTPROTO_SCO, GFP_ATOMIC, 0);
1126 if (!sk) {
1127 bh_unlock_sock(parent);
1128 sco_conn_unlock(conn);
1129 return;
1130 }
1131
1132 sco_sock_init(sk, parent);
1133
1134 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1135 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1136
1137 hci_conn_hold(conn->hcon);
1138 __sco_chan_add(conn, sk, parent);
1139
1140 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1141 sk->sk_state = BT_CONNECT2;
1142 else
1143 sk->sk_state = BT_CONNECTED;
1144
1145 /* Wake up parent */
1146 parent->sk_data_ready(parent);
1147
1148 bh_unlock_sock(parent);
1149
1150 sco_conn_unlock(conn);
1151 }
1152}
1153
1154/* ----- SCO interface with lower layer (HCI) ----- */
1155int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1156{
1157 struct sock *sk;
1158 int lm = 0;
1159
1160 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1161
1162 /* Find listening sockets */
1163 read_lock(&sco_sk_list.lock);
1164 sk_for_each(sk, &sco_sk_list.head) {
1165 if (sk->sk_state != BT_LISTEN)
1166 continue;
1167
1168 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1169 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1170 lm |= HCI_LM_ACCEPT;
1171
1172 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1173 *flags |= HCI_PROTO_DEFER;
1174 break;
1175 }
1176 }
1177 read_unlock(&sco_sk_list.lock);
1178
1179 return lm;
1180}
1181
1182static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1183{
1184 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1185 return;
1186
1187 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1188
1189 if (!status) {
1190 struct sco_conn *conn;
1191
1192 conn = sco_conn_add(hcon);
1193 if (conn)
1194 sco_conn_ready(conn);
1195 } else
1196 sco_conn_del(hcon, bt_to_errno(status));
1197}
1198
1199static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1200{
1201 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1202 return;
1203
1204 BT_DBG("hcon %p reason %d", hcon, reason);
1205
1206 sco_conn_del(hcon, bt_to_errno(reason));
1207}
1208
1209void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1210{
1211 struct sco_conn *conn = hcon->sco_data;
1212
1213 if (!conn)
1214 goto drop;
1215
1216 BT_DBG("conn %p len %u", conn, skb->len);
1217
1218 if (skb->len) {
1219 sco_recv_frame(conn, skb);
1220 return;
1221 }
1222
1223drop:
1224 kfree_skb(skb);
1225}
1226
1227static struct hci_cb sco_cb = {
1228 .name = "SCO",
1229 .connect_cfm = sco_connect_cfm,
1230 .disconn_cfm = sco_disconn_cfm,
1231};
1232
1233static int sco_debugfs_show(struct seq_file *f, void *p)
1234{
1235 struct sock *sk;
1236
1237 read_lock(&sco_sk_list.lock);
1238
1239 sk_for_each(sk, &sco_sk_list.head) {
1240 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1241 &sco_pi(sk)->dst, sk->sk_state);
1242 }
1243
1244 read_unlock(&sco_sk_list.lock);
1245
1246 return 0;
1247}
1248
1249DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1250
1251static struct dentry *sco_debugfs;
1252
1253static const struct proto_ops sco_sock_ops = {
1254 .family = PF_BLUETOOTH,
1255 .owner = THIS_MODULE,
1256 .release = sco_sock_release,
1257 .bind = sco_sock_bind,
1258 .connect = sco_sock_connect,
1259 .listen = sco_sock_listen,
1260 .accept = sco_sock_accept,
1261 .getname = sco_sock_getname,
1262 .sendmsg = sco_sock_sendmsg,
1263 .recvmsg = sco_sock_recvmsg,
1264 .poll = bt_sock_poll,
1265 .ioctl = bt_sock_ioctl,
1266 .gettstamp = sock_gettstamp,
1267 .mmap = sock_no_mmap,
1268 .socketpair = sock_no_socketpair,
1269 .shutdown = sco_sock_shutdown,
1270 .setsockopt = sco_sock_setsockopt,
1271 .getsockopt = sco_sock_getsockopt
1272};
1273
1274static const struct net_proto_family sco_sock_family_ops = {
1275 .family = PF_BLUETOOTH,
1276 .owner = THIS_MODULE,
1277 .create = sco_sock_create,
1278};
1279
1280int __init sco_init(void)
1281{
1282 int err;
1283
1284 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1285
1286 err = proto_register(&sco_proto, 0);
1287 if (err < 0)
1288 return err;
1289
1290 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1291 if (err < 0) {
1292 BT_ERR("SCO socket registration failed");
1293 goto error;
1294 }
1295
1296 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1297 if (err < 0) {
1298 BT_ERR("Failed to create SCO proc file");
1299 bt_sock_unregister(BTPROTO_SCO);
1300 goto error;
1301 }
1302
1303 BT_INFO("SCO socket layer initialized");
1304
1305 hci_register_cb(&sco_cb);
1306
1307 if (IS_ERR_OR_NULL(bt_debugfs))
1308 return 0;
1309
1310 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1311 NULL, &sco_debugfs_fops);
1312
1313 return 0;
1314
1315error:
1316 proto_unregister(&sco_proto);
1317 return err;
1318}
1319
1320void sco_exit(void)
1321{
1322 bt_procfs_cleanup(&init_net, "sco");
1323
1324 debugfs_remove(sco_debugfs);
1325
1326 hci_unregister_cb(&sco_cb);
1327
1328 bt_sock_unregister(BTPROTO_SCO);
1329
1330 proto_unregister(&sco_proto);
1331}
1332
1333module_param(disable_esco, bool, 0644);
1334MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");