Loading...
Note: File does not exist in v4.6.
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 */
7
8#include <linux/module.h>
9#include <linux/debugfs.h>
10#include <linux/seq_file.h>
11#include <linux/sched/signal.h>
12
13#include <net/bluetooth/bluetooth.h>
14#include <net/bluetooth/hci_core.h>
15#include <net/bluetooth/iso.h>
16
17static const struct proto_ops iso_sock_ops;
18
19static struct bt_sock_list iso_sk_list = {
20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
21};
22
23/* ---- ISO connections ---- */
24struct iso_conn {
25 struct hci_conn *hcon;
26
27 /* @lock: spinlock protecting changes to iso_conn fields */
28 spinlock_t lock;
29 struct sock *sk;
30
31 struct delayed_work timeout_work;
32
33 struct sk_buff *rx_skb;
34 __u32 rx_len;
35 __u16 tx_sn;
36};
37
38#define iso_conn_lock(c) spin_lock(&(c)->lock)
39#define iso_conn_unlock(c) spin_unlock(&(c)->lock)
40
41static void iso_sock_close(struct sock *sk);
42static void iso_sock_kill(struct sock *sk);
43
44/* ----- ISO socket info ----- */
45#define iso_pi(sk) ((struct iso_pinfo *)sk)
46
47#define EIR_SERVICE_DATA_LENGTH 4
48#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
49
50struct iso_pinfo {
51 struct bt_sock bt;
52 bdaddr_t src;
53 __u8 src_type;
54 bdaddr_t dst;
55 __u8 dst_type;
56 __u8 bc_sid;
57 __u8 bc_num_bis;
58 __u8 bc_bis[ISO_MAX_NUM_BIS];
59 __u16 sync_handle;
60 __u32 flags;
61 struct bt_iso_qos qos;
62 __u8 base_len;
63 __u8 base[BASE_MAX_LENGTH];
64 struct iso_conn *conn;
65};
66
67/* ---- ISO timers ---- */
68#define ISO_CONN_TIMEOUT (HZ * 40)
69#define ISO_DISCONN_TIMEOUT (HZ * 2)
70
71static void iso_sock_timeout(struct work_struct *work)
72{
73 struct iso_conn *conn = container_of(work, struct iso_conn,
74 timeout_work.work);
75 struct sock *sk;
76
77 iso_conn_lock(conn);
78 sk = conn->sk;
79 if (sk)
80 sock_hold(sk);
81 iso_conn_unlock(conn);
82
83 if (!sk)
84 return;
85
86 BT_DBG("sock %p state %d", sk, sk->sk_state);
87
88 lock_sock(sk);
89 sk->sk_err = ETIMEDOUT;
90 sk->sk_state_change(sk);
91 release_sock(sk);
92 sock_put(sk);
93}
94
95static void iso_sock_set_timer(struct sock *sk, long timeout)
96{
97 if (!iso_pi(sk)->conn)
98 return;
99
100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
103}
104
105static void iso_sock_clear_timer(struct sock *sk)
106{
107 if (!iso_pi(sk)->conn)
108 return;
109
110 BT_DBG("sock %p state %d", sk, sk->sk_state);
111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
112}
113
114/* ---- ISO connections ---- */
115static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
116{
117 struct iso_conn *conn = hcon->iso_data;
118
119 if (conn)
120 return conn;
121
122 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
123 if (!conn)
124 return NULL;
125
126 spin_lock_init(&conn->lock);
127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
128
129 hcon->iso_data = conn;
130 conn->hcon = hcon;
131 conn->tx_sn = 0;
132
133 BT_DBG("hcon %p conn %p", hcon, conn);
134
135 return conn;
136}
137
138/* Delete channel. Must be called on the locked socket. */
139static void iso_chan_del(struct sock *sk, int err)
140{
141 struct iso_conn *conn;
142 struct sock *parent;
143
144 conn = iso_pi(sk)->conn;
145
146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
147
148 if (conn) {
149 iso_conn_lock(conn);
150 conn->sk = NULL;
151 iso_pi(sk)->conn = NULL;
152 iso_conn_unlock(conn);
153
154 if (conn->hcon)
155 hci_conn_drop(conn->hcon);
156 }
157
158 sk->sk_state = BT_CLOSED;
159 sk->sk_err = err;
160
161 parent = bt_sk(sk)->parent;
162 if (parent) {
163 bt_accept_unlink(sk);
164 parent->sk_data_ready(parent);
165 } else {
166 sk->sk_state_change(sk);
167 }
168
169 sock_set_flag(sk, SOCK_ZAPPED);
170}
171
172static void iso_conn_del(struct hci_conn *hcon, int err)
173{
174 struct iso_conn *conn = hcon->iso_data;
175 struct sock *sk;
176
177 if (!conn)
178 return;
179
180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
181
182 /* Kill socket */
183 iso_conn_lock(conn);
184 sk = conn->sk;
185 if (sk)
186 sock_hold(sk);
187 iso_conn_unlock(conn);
188
189 if (sk) {
190 lock_sock(sk);
191 iso_sock_clear_timer(sk);
192 iso_chan_del(sk, err);
193 release_sock(sk);
194 sock_put(sk);
195 }
196
197 /* Ensure no more work items will run before freeing conn. */
198 cancel_delayed_work_sync(&conn->timeout_work);
199
200 hcon->iso_data = NULL;
201 kfree(conn);
202}
203
204static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
205 struct sock *parent)
206{
207 BT_DBG("conn %p", conn);
208
209 if (iso_pi(sk)->conn == conn && conn->sk == sk)
210 return 0;
211
212 if (conn->sk) {
213 BT_ERR("conn->sk already set");
214 return -EBUSY;
215 }
216
217 iso_pi(sk)->conn = conn;
218 conn->sk = sk;
219
220 if (parent)
221 bt_accept_enqueue(parent, sk, true);
222
223 return 0;
224}
225
226static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
227 struct sock *parent)
228{
229 int err;
230
231 iso_conn_lock(conn);
232 err = __iso_chan_add(conn, sk, parent);
233 iso_conn_unlock(conn);
234
235 return err;
236}
237
238static inline u8 le_addr_type(u8 bdaddr_type)
239{
240 if (bdaddr_type == BDADDR_LE_PUBLIC)
241 return ADDR_LE_DEV_PUBLIC;
242 else
243 return ADDR_LE_DEV_RANDOM;
244}
245
246static int iso_connect_bis(struct sock *sk)
247{
248 struct iso_conn *conn;
249 struct hci_conn *hcon;
250 struct hci_dev *hdev;
251 int err;
252
253 BT_DBG("%pMR", &iso_pi(sk)->src);
254
255 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
256 iso_pi(sk)->src_type);
257 if (!hdev)
258 return -EHOSTUNREACH;
259
260 hci_dev_lock(hdev);
261
262 if (!bis_capable(hdev)) {
263 err = -EOPNOTSUPP;
264 goto unlock;
265 }
266
267 /* Fail if out PHYs are marked as disabled */
268 if (!iso_pi(sk)->qos.out.phy) {
269 err = -EINVAL;
270 goto unlock;
271 }
272
273 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
274 le_addr_type(iso_pi(sk)->dst_type),
275 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
276 iso_pi(sk)->base);
277 if (IS_ERR(hcon)) {
278 err = PTR_ERR(hcon);
279 goto unlock;
280 }
281
282 conn = iso_conn_add(hcon);
283 if (!conn) {
284 hci_conn_drop(hcon);
285 err = -ENOMEM;
286 goto unlock;
287 }
288
289 hci_dev_unlock(hdev);
290 hci_dev_put(hdev);
291
292 err = iso_chan_add(conn, sk, NULL);
293 if (err)
294 return err;
295
296 lock_sock(sk);
297
298 /* Update source addr of the socket */
299 bacpy(&iso_pi(sk)->src, &hcon->src);
300
301 if (hcon->state == BT_CONNECTED) {
302 iso_sock_clear_timer(sk);
303 sk->sk_state = BT_CONNECTED;
304 } else {
305 sk->sk_state = BT_CONNECT;
306 iso_sock_set_timer(sk, sk->sk_sndtimeo);
307 }
308
309 release_sock(sk);
310 return err;
311
312unlock:
313 hci_dev_unlock(hdev);
314 hci_dev_put(hdev);
315 return err;
316}
317
318static int iso_connect_cis(struct sock *sk)
319{
320 struct iso_conn *conn;
321 struct hci_conn *hcon;
322 struct hci_dev *hdev;
323 int err;
324
325 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
326
327 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
328 iso_pi(sk)->src_type);
329 if (!hdev)
330 return -EHOSTUNREACH;
331
332 hci_dev_lock(hdev);
333
334 if (!cis_central_capable(hdev)) {
335 err = -EOPNOTSUPP;
336 goto unlock;
337 }
338
339 /* Fail if either PHYs are marked as disabled */
340 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) {
341 err = -EINVAL;
342 goto unlock;
343 }
344
345 /* Just bind if DEFER_SETUP has been set */
346 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
347 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
348 le_addr_type(iso_pi(sk)->dst_type),
349 &iso_pi(sk)->qos);
350 if (IS_ERR(hcon)) {
351 err = PTR_ERR(hcon);
352 goto unlock;
353 }
354 } else {
355 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
356 le_addr_type(iso_pi(sk)->dst_type),
357 &iso_pi(sk)->qos);
358 if (IS_ERR(hcon)) {
359 err = PTR_ERR(hcon);
360 goto unlock;
361 }
362 }
363
364 conn = iso_conn_add(hcon);
365 if (!conn) {
366 hci_conn_drop(hcon);
367 err = -ENOMEM;
368 goto unlock;
369 }
370
371 hci_dev_unlock(hdev);
372 hci_dev_put(hdev);
373
374 err = iso_chan_add(conn, sk, NULL);
375 if (err)
376 return err;
377
378 lock_sock(sk);
379
380 /* Update source addr of the socket */
381 bacpy(&iso_pi(sk)->src, &hcon->src);
382
383 if (hcon->state == BT_CONNECTED) {
384 iso_sock_clear_timer(sk);
385 sk->sk_state = BT_CONNECTED;
386 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
387 iso_sock_clear_timer(sk);
388 sk->sk_state = BT_CONNECT;
389 } else {
390 sk->sk_state = BT_CONNECT;
391 iso_sock_set_timer(sk, sk->sk_sndtimeo);
392 }
393
394 release_sock(sk);
395 return err;
396
397unlock:
398 hci_dev_unlock(hdev);
399 hci_dev_put(hdev);
400 return err;
401}
402
403static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
404{
405 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
406 return &iso_pi(sk)->conn->hcon->iso_qos;
407
408 return &iso_pi(sk)->qos;
409}
410
411static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
412{
413 struct iso_conn *conn = iso_pi(sk)->conn;
414 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
415 struct hci_iso_data_hdr *hdr;
416 int len = 0;
417
418 BT_DBG("sk %p len %d", sk, skb->len);
419
420 if (skb->len > qos->out.sdu)
421 return -EMSGSIZE;
422
423 len = skb->len;
424
425 /* Push ISO data header */
426 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
427 hdr->sn = cpu_to_le16(conn->tx_sn++);
428 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
429 HCI_ISO_STATUS_VALID));
430
431 if (sk->sk_state == BT_CONNECTED)
432 hci_send_iso(conn->hcon, skb);
433 else
434 len = -ENOTCONN;
435
436 return len;
437}
438
439static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
440{
441 struct sock *sk;
442
443 iso_conn_lock(conn);
444 sk = conn->sk;
445 iso_conn_unlock(conn);
446
447 if (!sk)
448 goto drop;
449
450 BT_DBG("sk %p len %d", sk, skb->len);
451
452 if (sk->sk_state != BT_CONNECTED)
453 goto drop;
454
455 if (!sock_queue_rcv_skb(sk, skb))
456 return;
457
458drop:
459 kfree_skb(skb);
460}
461
462/* -------- Socket interface ---------- */
463static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba)
464{
465 struct sock *sk;
466
467 sk_for_each(sk, &iso_sk_list.head) {
468 if (sk->sk_state != BT_LISTEN)
469 continue;
470
471 if (!bacmp(&iso_pi(sk)->src, ba))
472 return sk;
473 }
474
475 return NULL;
476}
477
478static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
479 __u8 sid)
480{
481 struct sock *sk;
482
483 sk_for_each(sk, &iso_sk_list.head) {
484 if (sk->sk_state != BT_LISTEN)
485 continue;
486
487 if (bacmp(&iso_pi(sk)->src, ba))
488 continue;
489
490 if (bacmp(&iso_pi(sk)->dst, bc))
491 continue;
492
493 if (iso_pi(sk)->bc_sid == sid)
494 return sk;
495 }
496
497 return NULL;
498}
499
500typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
501
502/* Find socket listening:
503 * source bdaddr (Unicast)
504 * destination bdaddr (Broadcast only)
505 * match func - pass NULL to ignore
506 * match func data - pass -1 to ignore
507 * Returns closest match.
508 */
509static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
510 iso_sock_match_t match, void *data)
511{
512 struct sock *sk = NULL, *sk1 = NULL;
513
514 read_lock(&iso_sk_list.lock);
515
516 sk_for_each(sk, &iso_sk_list.head) {
517 if (sk->sk_state != BT_LISTEN)
518 continue;
519
520 /* Match Broadcast destination */
521 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
522 continue;
523
524 /* Use Match function if provided */
525 if (match && !match(sk, data))
526 continue;
527
528 /* Exact match. */
529 if (!bacmp(&iso_pi(sk)->src, src))
530 break;
531
532 /* Closest match */
533 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY))
534 sk1 = sk;
535 }
536
537 read_unlock(&iso_sk_list.lock);
538
539 return sk ? sk : sk1;
540}
541
542static void iso_sock_destruct(struct sock *sk)
543{
544 BT_DBG("sk %p", sk);
545
546 skb_queue_purge(&sk->sk_receive_queue);
547 skb_queue_purge(&sk->sk_write_queue);
548}
549
550static void iso_sock_cleanup_listen(struct sock *parent)
551{
552 struct sock *sk;
553
554 BT_DBG("parent %p", parent);
555
556 /* Close not yet accepted channels */
557 while ((sk = bt_accept_dequeue(parent, NULL))) {
558 iso_sock_close(sk);
559 iso_sock_kill(sk);
560 }
561
562 parent->sk_state = BT_CLOSED;
563 sock_set_flag(parent, SOCK_ZAPPED);
564}
565
566/* Kill socket (only if zapped and orphan)
567 * Must be called on unlocked socket.
568 */
569static void iso_sock_kill(struct sock *sk)
570{
571 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
572 sock_flag(sk, SOCK_DEAD))
573 return;
574
575 BT_DBG("sk %p state %d", sk, sk->sk_state);
576
577 /* Kill poor orphan */
578 bt_sock_unlink(&iso_sk_list, sk);
579 sock_set_flag(sk, SOCK_DEAD);
580 sock_put(sk);
581}
582
583static void iso_conn_defer_reject(struct hci_conn *conn)
584{
585 struct hci_cp_le_reject_cis cp;
586
587 BT_DBG("conn %p", conn);
588
589 memset(&cp, 0, sizeof(cp));
590 cp.handle = cpu_to_le16(conn->handle);
591 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
592 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp);
593}
594
595static void __iso_sock_close(struct sock *sk)
596{
597 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
598
599 switch (sk->sk_state) {
600 case BT_LISTEN:
601 iso_sock_cleanup_listen(sk);
602 break;
603
604 case BT_CONNECTED:
605 case BT_CONFIG:
606 if (iso_pi(sk)->conn->hcon) {
607 sk->sk_state = BT_DISCONN;
608 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
609 iso_conn_lock(iso_pi(sk)->conn);
610 hci_conn_drop(iso_pi(sk)->conn->hcon);
611 iso_pi(sk)->conn->hcon = NULL;
612 iso_conn_unlock(iso_pi(sk)->conn);
613 } else {
614 iso_chan_del(sk, ECONNRESET);
615 }
616 break;
617
618 case BT_CONNECT2:
619 if (iso_pi(sk)->conn->hcon)
620 iso_conn_defer_reject(iso_pi(sk)->conn->hcon);
621 iso_chan_del(sk, ECONNRESET);
622 break;
623 case BT_CONNECT:
624 /* In case of DEFER_SETUP the hcon would be bound to CIG which
625 * needs to be removed so just call hci_conn_del so the cleanup
626 * callback do what is needed.
627 */
628 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
629 iso_pi(sk)->conn->hcon) {
630 hci_conn_del(iso_pi(sk)->conn->hcon);
631 iso_pi(sk)->conn->hcon = NULL;
632 }
633
634 iso_chan_del(sk, ECONNRESET);
635 break;
636 case BT_DISCONN:
637 iso_chan_del(sk, ECONNRESET);
638 break;
639
640 default:
641 sock_set_flag(sk, SOCK_ZAPPED);
642 break;
643 }
644}
645
646/* Must be called on unlocked socket. */
647static void iso_sock_close(struct sock *sk)
648{
649 iso_sock_clear_timer(sk);
650 lock_sock(sk);
651 __iso_sock_close(sk);
652 release_sock(sk);
653 iso_sock_kill(sk);
654}
655
656static void iso_sock_init(struct sock *sk, struct sock *parent)
657{
658 BT_DBG("sk %p", sk);
659
660 if (parent) {
661 sk->sk_type = parent->sk_type;
662 bt_sk(sk)->flags = bt_sk(parent)->flags;
663 security_sk_clone(parent, sk);
664 }
665}
666
667static struct proto iso_proto = {
668 .name = "ISO",
669 .owner = THIS_MODULE,
670 .obj_size = sizeof(struct iso_pinfo)
671};
672
673#define DEFAULT_IO_QOS \
674{ \
675 .interval = 10000u, \
676 .latency = 10u, \
677 .sdu = 40u, \
678 .phy = BT_ISO_PHY_2M, \
679 .rtn = 2u, \
680}
681
682static struct bt_iso_qos default_qos = {
683 .cig = BT_ISO_QOS_CIG_UNSET,
684 .cis = BT_ISO_QOS_CIS_UNSET,
685 .sca = 0x00,
686 .packing = 0x00,
687 .framing = 0x00,
688 .in = DEFAULT_IO_QOS,
689 .out = DEFAULT_IO_QOS,
690};
691
692static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
693 int proto, gfp_t prio, int kern)
694{
695 struct sock *sk;
696
697 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern);
698 if (!sk)
699 return NULL;
700
701 sock_init_data(sock, sk);
702 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
703
704 sk->sk_destruct = iso_sock_destruct;
705 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
706
707 sock_reset_flag(sk, SOCK_ZAPPED);
708
709 sk->sk_protocol = proto;
710 sk->sk_state = BT_OPEN;
711
712 /* Set address type as public as default src address is BDADDR_ANY */
713 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
714
715 iso_pi(sk)->qos = default_qos;
716
717 bt_sock_link(&iso_sk_list, sk);
718 return sk;
719}
720
721static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
722 int kern)
723{
724 struct sock *sk;
725
726 BT_DBG("sock %p", sock);
727
728 sock->state = SS_UNCONNECTED;
729
730 if (sock->type != SOCK_SEQPACKET)
731 return -ESOCKTNOSUPPORT;
732
733 sock->ops = &iso_sock_ops;
734
735 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
736 if (!sk)
737 return -ENOMEM;
738
739 iso_sock_init(sk, NULL);
740 return 0;
741}
742
743static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
744 int addr_len)
745{
746 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
747 struct sock *sk = sock->sk;
748 int i;
749
750 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
751 sa->iso_bc->bc_num_bis);
752
753 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) ||
754 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f)
755 return -EINVAL;
756
757 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
758 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
759 iso_pi(sk)->sync_handle = -1;
760 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
761 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
762
763 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
764 if (sa->iso_bc->bc_bis[i] < 0x01 ||
765 sa->iso_bc->bc_bis[i] > 0x1f)
766 return -EINVAL;
767
768 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
769 iso_pi(sk)->bc_num_bis);
770 }
771
772 return 0;
773}
774
775static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
776 int addr_len)
777{
778 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
779 struct sock *sk = sock->sk;
780 int err = 0;
781
782 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
783
784 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
785 addr->sa_family != AF_BLUETOOTH)
786 return -EINVAL;
787
788 lock_sock(sk);
789
790 if (sk->sk_state != BT_OPEN) {
791 err = -EBADFD;
792 goto done;
793 }
794
795 if (sk->sk_type != SOCK_SEQPACKET) {
796 err = -EINVAL;
797 goto done;
798 }
799
800 /* Check if the address type is of LE type */
801 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
802 err = -EINVAL;
803 goto done;
804 }
805
806 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
807 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
808
809 /* Check for Broadcast address */
810 if (addr_len > sizeof(*sa)) {
811 err = iso_sock_bind_bc(sock, addr, addr_len);
812 if (err)
813 goto done;
814 }
815
816 sk->sk_state = BT_BOUND;
817
818done:
819 release_sock(sk);
820 return err;
821}
822
823static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
824 int alen, int flags)
825{
826 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
827 struct sock *sk = sock->sk;
828 int err;
829
830 BT_DBG("sk %p", sk);
831
832 if (alen < sizeof(struct sockaddr_iso) ||
833 addr->sa_family != AF_BLUETOOTH)
834 return -EINVAL;
835
836 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
837 return -EBADFD;
838
839 if (sk->sk_type != SOCK_SEQPACKET)
840 return -EINVAL;
841
842 /* Check if the address type is of LE type */
843 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
844 return -EINVAL;
845
846 lock_sock(sk);
847
848 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
849 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
850
851 release_sock(sk);
852
853 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
854 err = iso_connect_cis(sk);
855 else
856 err = iso_connect_bis(sk);
857
858 if (err)
859 return err;
860
861 lock_sock(sk);
862
863 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
864 err = bt_sock_wait_state(sk, BT_CONNECTED,
865 sock_sndtimeo(sk, flags & O_NONBLOCK));
866 }
867
868 release_sock(sk);
869 return err;
870}
871
872static int iso_listen_bis(struct sock *sk)
873{
874 struct hci_dev *hdev;
875 int err = 0;
876
877 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
878 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
879
880 write_lock(&iso_sk_list.lock);
881
882 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
883 iso_pi(sk)->bc_sid))
884 err = -EADDRINUSE;
885
886 write_unlock(&iso_sk_list.lock);
887
888 if (err)
889 return err;
890
891 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
892 iso_pi(sk)->src_type);
893 if (!hdev)
894 return -EHOSTUNREACH;
895
896 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
897 le_addr_type(iso_pi(sk)->dst_type),
898 iso_pi(sk)->bc_sid);
899
900 hci_dev_put(hdev);
901
902 return err;
903}
904
905static int iso_listen_cis(struct sock *sk)
906{
907 int err = 0;
908
909 BT_DBG("%pMR", &iso_pi(sk)->src);
910
911 write_lock(&iso_sk_list.lock);
912
913 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src))
914 err = -EADDRINUSE;
915
916 write_unlock(&iso_sk_list.lock);
917
918 return err;
919}
920
921static int iso_sock_listen(struct socket *sock, int backlog)
922{
923 struct sock *sk = sock->sk;
924 int err = 0;
925
926 BT_DBG("sk %p backlog %d", sk, backlog);
927
928 lock_sock(sk);
929
930 if (sk->sk_state != BT_BOUND) {
931 err = -EBADFD;
932 goto done;
933 }
934
935 if (sk->sk_type != SOCK_SEQPACKET) {
936 err = -EINVAL;
937 goto done;
938 }
939
940 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
941 err = iso_listen_cis(sk);
942 else
943 err = iso_listen_bis(sk);
944
945 if (err)
946 goto done;
947
948 sk->sk_max_ack_backlog = backlog;
949 sk->sk_ack_backlog = 0;
950
951 sk->sk_state = BT_LISTEN;
952
953done:
954 release_sock(sk);
955 return err;
956}
957
958static int iso_sock_accept(struct socket *sock, struct socket *newsock,
959 int flags, bool kern)
960{
961 DEFINE_WAIT_FUNC(wait, woken_wake_function);
962 struct sock *sk = sock->sk, *ch;
963 long timeo;
964 int err = 0;
965
966 lock_sock(sk);
967
968 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
969
970 BT_DBG("sk %p timeo %ld", sk, timeo);
971
972 /* Wait for an incoming connection. (wake-one). */
973 add_wait_queue_exclusive(sk_sleep(sk), &wait);
974 while (1) {
975 if (sk->sk_state != BT_LISTEN) {
976 err = -EBADFD;
977 break;
978 }
979
980 ch = bt_accept_dequeue(sk, newsock);
981 if (ch)
982 break;
983
984 if (!timeo) {
985 err = -EAGAIN;
986 break;
987 }
988
989 if (signal_pending(current)) {
990 err = sock_intr_errno(timeo);
991 break;
992 }
993
994 release_sock(sk);
995
996 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
997 lock_sock(sk);
998 }
999 remove_wait_queue(sk_sleep(sk), &wait);
1000
1001 if (err)
1002 goto done;
1003
1004 newsock->state = SS_CONNECTED;
1005
1006 BT_DBG("new socket %p", ch);
1007
1008done:
1009 release_sock(sk);
1010 return err;
1011}
1012
1013static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1014 int peer)
1015{
1016 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1017 struct sock *sk = sock->sk;
1018
1019 BT_DBG("sock %p, sk %p", sock, sk);
1020
1021 addr->sa_family = AF_BLUETOOTH;
1022
1023 if (peer) {
1024 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1025 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1026 } else {
1027 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1028 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1029 }
1030
1031 return sizeof(struct sockaddr_iso);
1032}
1033
1034static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1035 size_t len)
1036{
1037 struct sock *sk = sock->sk;
1038 struct iso_conn *conn = iso_pi(sk)->conn;
1039 struct sk_buff *skb, **frag;
1040 int err;
1041
1042 BT_DBG("sock %p, sk %p", sock, sk);
1043
1044 err = sock_error(sk);
1045 if (err)
1046 return err;
1047
1048 if (msg->msg_flags & MSG_OOB)
1049 return -EOPNOTSUPP;
1050
1051 if (sk->sk_state != BT_CONNECTED)
1052 return -ENOTCONN;
1053
1054 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu,
1055 HCI_ISO_DATA_HDR_SIZE, 0);
1056 if (IS_ERR(skb))
1057 return PTR_ERR(skb);
1058
1059 len -= skb->len;
1060
1061 BT_DBG("skb %p len %d", sk, skb->len);
1062
1063 /* Continuation fragments */
1064 frag = &skb_shinfo(skb)->frag_list;
1065 while (len) {
1066 struct sk_buff *tmp;
1067
1068 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu,
1069 0, 0);
1070 if (IS_ERR(tmp)) {
1071 kfree_skb(skb);
1072 return PTR_ERR(tmp);
1073 }
1074
1075 *frag = tmp;
1076
1077 len -= tmp->len;
1078
1079 skb->len += tmp->len;
1080 skb->data_len += tmp->len;
1081
1082 BT_DBG("frag %p len %d", *frag, tmp->len);
1083
1084 frag = &(*frag)->next;
1085 }
1086
1087 lock_sock(sk);
1088
1089 if (sk->sk_state == BT_CONNECTED)
1090 err = iso_send_frame(sk, skb);
1091 else
1092 err = -ENOTCONN;
1093
1094 release_sock(sk);
1095
1096 if (err < 0)
1097 kfree_skb(skb);
1098 return err;
1099}
1100
1101static void iso_conn_defer_accept(struct hci_conn *conn)
1102{
1103 struct hci_cp_le_accept_cis cp;
1104 struct hci_dev *hdev = conn->hdev;
1105
1106 BT_DBG("conn %p", conn);
1107
1108 conn->state = BT_CONFIG;
1109
1110 cp.handle = cpu_to_le16(conn->handle);
1111
1112 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1113}
1114
1115static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1116 size_t len, int flags)
1117{
1118 struct sock *sk = sock->sk;
1119 struct iso_pinfo *pi = iso_pi(sk);
1120
1121 BT_DBG("sk %p", sk);
1122
1123 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1124 switch (sk->sk_state) {
1125 case BT_CONNECT2:
1126 lock_sock(sk);
1127 iso_conn_defer_accept(pi->conn->hcon);
1128 sk->sk_state = BT_CONFIG;
1129 release_sock(sk);
1130 return 0;
1131 case BT_CONNECT:
1132 return iso_connect_cis(sk);
1133 }
1134 }
1135
1136 return bt_sock_recvmsg(sock, msg, len, flags);
1137}
1138
1139static bool check_io_qos(struct bt_iso_io_qos *qos)
1140{
1141 /* If no PHY is enable SDU must be 0 */
1142 if (!qos->phy && qos->sdu)
1143 return false;
1144
1145 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1146 return false;
1147
1148 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1149 return false;
1150
1151 if (qos->phy > BT_ISO_PHY_ANY)
1152 return false;
1153
1154 return true;
1155}
1156
1157static bool check_qos(struct bt_iso_qos *qos)
1158{
1159 if (qos->sca > 0x07)
1160 return false;
1161
1162 if (qos->packing > 0x01)
1163 return false;
1164
1165 if (qos->framing > 0x01)
1166 return false;
1167
1168 if (!check_io_qos(&qos->in))
1169 return false;
1170
1171 if (!check_io_qos(&qos->out))
1172 return false;
1173
1174 return true;
1175}
1176
1177static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1178 sockptr_t optval, unsigned int optlen)
1179{
1180 struct sock *sk = sock->sk;
1181 int len, err = 0;
1182 struct bt_iso_qos qos;
1183 u32 opt;
1184
1185 BT_DBG("sk %p", sk);
1186
1187 lock_sock(sk);
1188
1189 switch (optname) {
1190 case BT_DEFER_SETUP:
1191 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1192 err = -EINVAL;
1193 break;
1194 }
1195
1196 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1197 err = -EFAULT;
1198 break;
1199 }
1200
1201 if (opt)
1202 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1203 else
1204 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1205 break;
1206
1207 case BT_ISO_QOS:
1208 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1209 sk->sk_state != BT_CONNECT2) {
1210 err = -EINVAL;
1211 break;
1212 }
1213
1214 len = min_t(unsigned int, sizeof(qos), optlen);
1215 if (len != sizeof(qos)) {
1216 err = -EINVAL;
1217 break;
1218 }
1219
1220 memset(&qos, 0, sizeof(qos));
1221
1222 if (copy_from_sockptr(&qos, optval, len)) {
1223 err = -EFAULT;
1224 break;
1225 }
1226
1227 if (!check_qos(&qos)) {
1228 err = -EINVAL;
1229 break;
1230 }
1231
1232 iso_pi(sk)->qos = qos;
1233
1234 break;
1235
1236 case BT_ISO_BASE:
1237 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1238 sk->sk_state != BT_CONNECT2) {
1239 err = -EINVAL;
1240 break;
1241 }
1242
1243 if (optlen > sizeof(iso_pi(sk)->base)) {
1244 err = -EOVERFLOW;
1245 break;
1246 }
1247
1248 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen);
1249
1250 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) {
1251 err = -EFAULT;
1252 break;
1253 }
1254
1255 iso_pi(sk)->base_len = len;
1256
1257 break;
1258
1259 default:
1260 err = -ENOPROTOOPT;
1261 break;
1262 }
1263
1264 release_sock(sk);
1265 return err;
1266}
1267
1268static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1269 char __user *optval, int __user *optlen)
1270{
1271 struct sock *sk = sock->sk;
1272 int len, err = 0;
1273 struct bt_iso_qos *qos;
1274 u8 base_len;
1275 u8 *base;
1276
1277 BT_DBG("sk %p", sk);
1278
1279 if (get_user(len, optlen))
1280 return -EFAULT;
1281
1282 lock_sock(sk);
1283
1284 switch (optname) {
1285 case BT_DEFER_SETUP:
1286 if (sk->sk_state == BT_CONNECTED) {
1287 err = -EINVAL;
1288 break;
1289 }
1290
1291 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1292 (u32 __user *)optval))
1293 err = -EFAULT;
1294
1295 break;
1296
1297 case BT_ISO_QOS:
1298 qos = iso_sock_get_qos(sk);
1299
1300 len = min_t(unsigned int, len, sizeof(*qos));
1301 if (copy_to_user(optval, qos, len))
1302 err = -EFAULT;
1303
1304 break;
1305
1306 case BT_ISO_BASE:
1307 if (sk->sk_state == BT_CONNECTED) {
1308 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1309 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1310 } else {
1311 base_len = iso_pi(sk)->base_len;
1312 base = iso_pi(sk)->base;
1313 }
1314
1315 len = min_t(unsigned int, len, base_len);
1316 if (copy_to_user(optval, base, len))
1317 err = -EFAULT;
1318
1319 break;
1320
1321 default:
1322 err = -ENOPROTOOPT;
1323 break;
1324 }
1325
1326 release_sock(sk);
1327 return err;
1328}
1329
1330static int iso_sock_shutdown(struct socket *sock, int how)
1331{
1332 struct sock *sk = sock->sk;
1333 int err = 0;
1334
1335 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1336
1337 if (!sk)
1338 return 0;
1339
1340 sock_hold(sk);
1341 lock_sock(sk);
1342
1343 switch (how) {
1344 case SHUT_RD:
1345 if (sk->sk_shutdown & RCV_SHUTDOWN)
1346 goto unlock;
1347 sk->sk_shutdown |= RCV_SHUTDOWN;
1348 break;
1349 case SHUT_WR:
1350 if (sk->sk_shutdown & SEND_SHUTDOWN)
1351 goto unlock;
1352 sk->sk_shutdown |= SEND_SHUTDOWN;
1353 break;
1354 case SHUT_RDWR:
1355 if (sk->sk_shutdown & SHUTDOWN_MASK)
1356 goto unlock;
1357 sk->sk_shutdown |= SHUTDOWN_MASK;
1358 break;
1359 }
1360
1361 iso_sock_clear_timer(sk);
1362 __iso_sock_close(sk);
1363
1364 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1365 !(current->flags & PF_EXITING))
1366 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1367
1368unlock:
1369 release_sock(sk);
1370 sock_put(sk);
1371
1372 return err;
1373}
1374
1375static int iso_sock_release(struct socket *sock)
1376{
1377 struct sock *sk = sock->sk;
1378 int err = 0;
1379
1380 BT_DBG("sock %p, sk %p", sock, sk);
1381
1382 if (!sk)
1383 return 0;
1384
1385 iso_sock_close(sk);
1386
1387 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1388 !(current->flags & PF_EXITING)) {
1389 lock_sock(sk);
1390 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1391 release_sock(sk);
1392 }
1393
1394 sock_orphan(sk);
1395 iso_sock_kill(sk);
1396 return err;
1397}
1398
1399static void iso_sock_ready(struct sock *sk)
1400{
1401 BT_DBG("sk %p", sk);
1402
1403 if (!sk)
1404 return;
1405
1406 lock_sock(sk);
1407 iso_sock_clear_timer(sk);
1408 sk->sk_state = BT_CONNECTED;
1409 sk->sk_state_change(sk);
1410 release_sock(sk);
1411}
1412
1413struct iso_list_data {
1414 struct hci_conn *hcon;
1415 int count;
1416};
1417
1418static bool iso_match_big(struct sock *sk, void *data)
1419{
1420 struct hci_evt_le_big_sync_estabilished *ev = data;
1421
1422 return ev->handle == iso_pi(sk)->qos.big;
1423}
1424
1425static void iso_conn_ready(struct iso_conn *conn)
1426{
1427 struct sock *parent;
1428 struct sock *sk = conn->sk;
1429 struct hci_ev_le_big_sync_estabilished *ev;
1430 struct hci_conn *hcon;
1431
1432 BT_DBG("conn %p", conn);
1433
1434 if (sk) {
1435 iso_sock_ready(conn->sk);
1436 } else {
1437 hcon = conn->hcon;
1438 if (!hcon)
1439 return;
1440
1441 ev = hci_recv_event_data(hcon->hdev,
1442 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1443 if (ev)
1444 parent = iso_get_sock_listen(&hcon->src,
1445 &hcon->dst,
1446 iso_match_big, ev);
1447 else
1448 parent = iso_get_sock_listen(&hcon->src,
1449 BDADDR_ANY, NULL, NULL);
1450
1451 if (!parent)
1452 return;
1453
1454 lock_sock(parent);
1455
1456 sk = iso_sock_alloc(sock_net(parent), NULL,
1457 BTPROTO_ISO, GFP_ATOMIC, 0);
1458 if (!sk) {
1459 release_sock(parent);
1460 return;
1461 }
1462
1463 iso_sock_init(sk, parent);
1464
1465 bacpy(&iso_pi(sk)->src, &hcon->src);
1466 iso_pi(sk)->src_type = hcon->src_type;
1467
1468 /* If hcon has no destination address (BDADDR_ANY) it means it
1469 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to
1470 * initialize using the parent socket destination address.
1471 */
1472 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1473 bacpy(&hcon->dst, &iso_pi(parent)->dst);
1474 hcon->dst_type = iso_pi(parent)->dst_type;
1475 hcon->sync_handle = iso_pi(parent)->sync_handle;
1476 }
1477
1478 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1479 iso_pi(sk)->dst_type = hcon->dst_type;
1480
1481 hci_conn_hold(hcon);
1482 iso_chan_add(conn, sk, parent);
1483
1484 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1485 sk->sk_state = BT_CONNECT2;
1486 else
1487 sk->sk_state = BT_CONNECTED;
1488
1489 /* Wake up parent */
1490 parent->sk_data_ready(parent);
1491
1492 release_sock(parent);
1493 }
1494}
1495
1496static bool iso_match_sid(struct sock *sk, void *data)
1497{
1498 struct hci_ev_le_pa_sync_established *ev = data;
1499
1500 return ev->sid == iso_pi(sk)->bc_sid;
1501}
1502
1503static bool iso_match_sync_handle(struct sock *sk, void *data)
1504{
1505 struct hci_evt_le_big_info_adv_report *ev = data;
1506
1507 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1508}
1509
1510/* ----- ISO interface with lower layer (HCI) ----- */
1511
1512int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1513{
1514 struct hci_ev_le_pa_sync_established *ev1;
1515 struct hci_evt_le_big_info_adv_report *ev2;
1516 struct sock *sk;
1517 int lm = 0;
1518
1519 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1520
1521 /* Broadcast receiver requires handling of some events before it can
1522 * proceed to establishing a BIG sync:
1523 *
1524 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1525 * SID to listen to and once sync is estabilished its handle needs to
1526 * be stored in iso_pi(sk)->sync_handle so it can be matched once
1527 * receiving the BIG Info.
1528 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1529 * a BIG Info it attempts to check if there any listening socket with
1530 * the same sync_handle and if it does then attempt to create a sync.
1531 */
1532 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1533 if (ev1) {
1534 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1535 ev1);
1536 if (sk)
1537 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1538
1539 goto done;
1540 }
1541
1542 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1543 if (ev2) {
1544 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1545 iso_match_sync_handle, ev2);
1546 if (sk) {
1547 int err;
1548
1549 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1550 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1551
1552 err = hci_le_big_create_sync(hdev,
1553 &iso_pi(sk)->qos,
1554 iso_pi(sk)->sync_handle,
1555 iso_pi(sk)->bc_num_bis,
1556 iso_pi(sk)->bc_bis);
1557 if (err) {
1558 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1559 err);
1560 sk = NULL;
1561 }
1562 }
1563 } else {
1564 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1565 }
1566
1567done:
1568 if (!sk)
1569 return lm;
1570
1571 lm |= HCI_LM_ACCEPT;
1572
1573 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1574 *flags |= HCI_PROTO_DEFER;
1575
1576 return lm;
1577}
1578
1579static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1580{
1581 if (hcon->type != ISO_LINK) {
1582 if (hcon->type != LE_LINK)
1583 return;
1584
1585 /* Check if LE link has failed */
1586 if (status) {
1587 if (hcon->link)
1588 iso_conn_del(hcon->link, bt_to_errno(status));
1589 return;
1590 }
1591
1592 /* Create CIS if pending */
1593 hci_le_create_cis(hcon);
1594 return;
1595 }
1596
1597 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1598
1599 if (!status) {
1600 struct iso_conn *conn;
1601
1602 conn = iso_conn_add(hcon);
1603 if (conn)
1604 iso_conn_ready(conn);
1605 } else {
1606 iso_conn_del(hcon, bt_to_errno(status));
1607 }
1608}
1609
1610static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1611{
1612 if (hcon->type != ISO_LINK)
1613 return;
1614
1615 BT_DBG("hcon %p reason %d", hcon, reason);
1616
1617 iso_conn_del(hcon, bt_to_errno(reason));
1618}
1619
1620void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1621{
1622 struct iso_conn *conn = hcon->iso_data;
1623 struct hci_iso_data_hdr *hdr;
1624 __u16 pb, ts, len;
1625
1626 if (!conn)
1627 goto drop;
1628
1629 pb = hci_iso_flags_pb(flags);
1630 ts = hci_iso_flags_ts(flags);
1631
1632 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
1633
1634 switch (pb) {
1635 case ISO_START:
1636 case ISO_SINGLE:
1637 if (conn->rx_len) {
1638 BT_ERR("Unexpected start frame (len %d)", skb->len);
1639 kfree_skb(conn->rx_skb);
1640 conn->rx_skb = NULL;
1641 conn->rx_len = 0;
1642 }
1643
1644 if (ts) {
1645 /* TODO: add timestamp to the packet? */
1646 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
1647 if (!hdr) {
1648 BT_ERR("Frame is too short (len %d)", skb->len);
1649 goto drop;
1650 }
1651
1652 } else {
1653 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
1654 if (!hdr) {
1655 BT_ERR("Frame is too short (len %d)", skb->len);
1656 goto drop;
1657 }
1658 }
1659
1660 len = __le16_to_cpu(hdr->slen);
1661 flags = hci_iso_data_flags(len);
1662 len = hci_iso_data_len(len);
1663
1664 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
1665 skb->len, flags);
1666
1667 if (len == skb->len) {
1668 /* Complete frame received */
1669 iso_recv_frame(conn, skb);
1670 return;
1671 }
1672
1673 if (pb == ISO_SINGLE) {
1674 BT_ERR("Frame malformed (len %d, expected len %d)",
1675 skb->len, len);
1676 goto drop;
1677 }
1678
1679 if (skb->len > len) {
1680 BT_ERR("Frame is too long (len %d, expected len %d)",
1681 skb->len, len);
1682 goto drop;
1683 }
1684
1685 /* Allocate skb for the complete frame (with header) */
1686 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
1687 if (!conn->rx_skb)
1688 goto drop;
1689
1690 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1691 skb->len);
1692 conn->rx_len = len - skb->len;
1693 break;
1694
1695 case ISO_CONT:
1696 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
1697 conn->rx_len);
1698
1699 if (!conn->rx_len) {
1700 BT_ERR("Unexpected continuation frame (len %d)",
1701 skb->len);
1702 goto drop;
1703 }
1704
1705 if (skb->len > conn->rx_len) {
1706 BT_ERR("Fragment is too long (len %d, expected %d)",
1707 skb->len, conn->rx_len);
1708 kfree_skb(conn->rx_skb);
1709 conn->rx_skb = NULL;
1710 conn->rx_len = 0;
1711 goto drop;
1712 }
1713
1714 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1715 skb->len);
1716 conn->rx_len -= skb->len;
1717 return;
1718
1719 case ISO_END:
1720 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1721 skb->len);
1722 conn->rx_len -= skb->len;
1723
1724 if (!conn->rx_len) {
1725 struct sk_buff *rx_skb = conn->rx_skb;
1726
1727 /* Complete frame received. iso_recv_frame
1728 * takes ownership of the skb so set the global
1729 * rx_skb pointer to NULL first.
1730 */
1731 conn->rx_skb = NULL;
1732 iso_recv_frame(conn, rx_skb);
1733 }
1734 break;
1735 }
1736
1737drop:
1738 kfree_skb(skb);
1739}
1740
1741static struct hci_cb iso_cb = {
1742 .name = "ISO",
1743 .connect_cfm = iso_connect_cfm,
1744 .disconn_cfm = iso_disconn_cfm,
1745};
1746
1747static int iso_debugfs_show(struct seq_file *f, void *p)
1748{
1749 struct sock *sk;
1750
1751 read_lock(&iso_sk_list.lock);
1752
1753 sk_for_each(sk, &iso_sk_list.head) {
1754 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
1755 &iso_pi(sk)->dst, sk->sk_state);
1756 }
1757
1758 read_unlock(&iso_sk_list.lock);
1759
1760 return 0;
1761}
1762
1763DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
1764
1765static struct dentry *iso_debugfs;
1766
1767static const struct proto_ops iso_sock_ops = {
1768 .family = PF_BLUETOOTH,
1769 .owner = THIS_MODULE,
1770 .release = iso_sock_release,
1771 .bind = iso_sock_bind,
1772 .connect = iso_sock_connect,
1773 .listen = iso_sock_listen,
1774 .accept = iso_sock_accept,
1775 .getname = iso_sock_getname,
1776 .sendmsg = iso_sock_sendmsg,
1777 .recvmsg = iso_sock_recvmsg,
1778 .poll = bt_sock_poll,
1779 .ioctl = bt_sock_ioctl,
1780 .mmap = sock_no_mmap,
1781 .socketpair = sock_no_socketpair,
1782 .shutdown = iso_sock_shutdown,
1783 .setsockopt = iso_sock_setsockopt,
1784 .getsockopt = iso_sock_getsockopt
1785};
1786
1787static const struct net_proto_family iso_sock_family_ops = {
1788 .family = PF_BLUETOOTH,
1789 .owner = THIS_MODULE,
1790 .create = iso_sock_create,
1791};
1792
1793static bool iso_inited;
1794
1795bool iso_enabled(void)
1796{
1797 return iso_inited;
1798}
1799
1800int iso_init(void)
1801{
1802 int err;
1803
1804 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
1805
1806 if (iso_inited)
1807 return -EALREADY;
1808
1809 err = proto_register(&iso_proto, 0);
1810 if (err < 0)
1811 return err;
1812
1813 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
1814 if (err < 0) {
1815 BT_ERR("ISO socket registration failed");
1816 goto error;
1817 }
1818
1819 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
1820 if (err < 0) {
1821 BT_ERR("Failed to create ISO proc file");
1822 bt_sock_unregister(BTPROTO_ISO);
1823 goto error;
1824 }
1825
1826 BT_INFO("ISO socket layer initialized");
1827
1828 hci_register_cb(&iso_cb);
1829
1830 if (IS_ERR_OR_NULL(bt_debugfs))
1831 return 0;
1832
1833 if (!iso_debugfs) {
1834 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
1835 NULL, &iso_debugfs_fops);
1836 }
1837
1838 iso_inited = true;
1839
1840 return 0;
1841
1842error:
1843 proto_unregister(&iso_proto);
1844 return err;
1845}
1846
1847int iso_exit(void)
1848{
1849 if (!iso_inited)
1850 return -EALREADY;
1851
1852 bt_procfs_cleanup(&init_net, "iso");
1853
1854 debugfs_remove(iso_debugfs);
1855 iso_debugfs = NULL;
1856
1857 hci_unregister_cb(&iso_cb);
1858
1859 bt_sock_unregister(BTPROTO_ISO);
1860
1861 proto_unregister(&iso_proto);
1862
1863 iso_inited = false;
1864
1865 return 0;
1866}