Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/sco.h>
34
35static bool disable_esco;
36
37static const struct proto_ops sco_sock_ops;
38
39static struct bt_sock_list sco_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41};
42
43/* ---- SCO connections ---- */
44struct sco_conn {
45 struct hci_conn *hcon;
46
47 spinlock_t lock;
48 struct sock *sk;
49
50 unsigned int mtu;
51};
52
53#define sco_conn_lock(c) spin_lock(&c->lock);
54#define sco_conn_unlock(c) spin_unlock(&c->lock);
55
56static void sco_sock_close(struct sock *sk);
57static void sco_sock_kill(struct sock *sk);
58
59/* ----- SCO socket info ----- */
60#define sco_pi(sk) ((struct sco_pinfo *) sk)
61
62struct sco_pinfo {
63 struct bt_sock bt;
64 bdaddr_t src;
65 bdaddr_t dst;
66 __u32 flags;
67 __u16 setting;
68 struct sco_conn *conn;
69};
70
71/* ---- SCO timers ---- */
72#define SCO_CONN_TIMEOUT (HZ * 40)
73#define SCO_DISCONN_TIMEOUT (HZ * 2)
74
75static void sco_sock_timeout(unsigned long arg)
76{
77 struct sock *sk = (struct sock *)arg;
78
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
80
81 bh_lock_sock(sk);
82 sk->sk_err = ETIMEDOUT;
83 sk->sk_state_change(sk);
84 bh_unlock_sock(sk);
85
86 sco_sock_kill(sk);
87 sock_put(sk);
88}
89
90static void sco_sock_set_timer(struct sock *sk, long timeout)
91{
92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
94}
95
96static void sco_sock_clear_timer(struct sock *sk)
97{
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99 sk_stop_timer(sk, &sk->sk_timer);
100}
101
102/* ---- SCO connections ---- */
103static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
104{
105 struct hci_dev *hdev = hcon->hdev;
106 struct sco_conn *conn = hcon->sco_data;
107
108 if (conn)
109 return conn;
110
111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
112 if (!conn)
113 return NULL;
114
115 spin_lock_init(&conn->lock);
116
117 hcon->sco_data = conn;
118 conn->hcon = hcon;
119
120 if (hdev->sco_mtu > 0)
121 conn->mtu = hdev->sco_mtu;
122 else
123 conn->mtu = 60;
124
125 BT_DBG("hcon %p conn %p", hcon, conn);
126
127 return conn;
128}
129
130/* Delete channel.
131 * Must be called on the locked socket. */
132static void sco_chan_del(struct sock *sk, int err)
133{
134 struct sco_conn *conn;
135
136 conn = sco_pi(sk)->conn;
137
138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
139
140 if (conn) {
141 sco_conn_lock(conn);
142 conn->sk = NULL;
143 sco_pi(sk)->conn = NULL;
144 sco_conn_unlock(conn);
145
146 if (conn->hcon)
147 hci_conn_drop(conn->hcon);
148 }
149
150 sk->sk_state = BT_CLOSED;
151 sk->sk_err = err;
152 sk->sk_state_change(sk);
153
154 sock_set_flag(sk, SOCK_ZAPPED);
155}
156
157static void sco_conn_del(struct hci_conn *hcon, int err)
158{
159 struct sco_conn *conn = hcon->sco_data;
160 struct sock *sk;
161
162 if (!conn)
163 return;
164
165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
166
167 /* Kill socket */
168 sco_conn_lock(conn);
169 sk = conn->sk;
170 sco_conn_unlock(conn);
171
172 if (sk) {
173 sock_hold(sk);
174 bh_lock_sock(sk);
175 sco_sock_clear_timer(sk);
176 sco_chan_del(sk, err);
177 bh_unlock_sock(sk);
178 sco_sock_kill(sk);
179 sock_put(sk);
180 }
181
182 hcon->sco_data = NULL;
183 kfree(conn);
184}
185
186static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
187 struct sock *parent)
188{
189 BT_DBG("conn %p", conn);
190
191 sco_pi(sk)->conn = conn;
192 conn->sk = sk;
193
194 if (parent)
195 bt_accept_enqueue(parent, sk);
196}
197
198static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
199 struct sock *parent)
200{
201 int err = 0;
202
203 sco_conn_lock(conn);
204 if (conn->sk)
205 err = -EBUSY;
206 else
207 __sco_chan_add(conn, sk, parent);
208
209 sco_conn_unlock(conn);
210 return err;
211}
212
213static int sco_connect(struct sock *sk)
214{
215 struct sco_conn *conn;
216 struct hci_conn *hcon;
217 struct hci_dev *hdev;
218 int err, type;
219
220 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
221
222 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
223 if (!hdev)
224 return -EHOSTUNREACH;
225
226 hci_dev_lock(hdev);
227
228 if (lmp_esco_capable(hdev) && !disable_esco)
229 type = ESCO_LINK;
230 else
231 type = SCO_LINK;
232
233 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
234 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
235 err = -EOPNOTSUPP;
236 goto done;
237 }
238
239 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
240 sco_pi(sk)->setting);
241 if (IS_ERR(hcon)) {
242 err = PTR_ERR(hcon);
243 goto done;
244 }
245
246 conn = sco_conn_add(hcon);
247 if (!conn) {
248 hci_conn_drop(hcon);
249 err = -ENOMEM;
250 goto done;
251 }
252
253 /* Update source addr of the socket */
254 bacpy(&sco_pi(sk)->src, &hcon->src);
255
256 err = sco_chan_add(conn, sk, NULL);
257 if (err)
258 goto done;
259
260 if (hcon->state == BT_CONNECTED) {
261 sco_sock_clear_timer(sk);
262 sk->sk_state = BT_CONNECTED;
263 } else {
264 sk->sk_state = BT_CONNECT;
265 sco_sock_set_timer(sk, sk->sk_sndtimeo);
266 }
267
268done:
269 hci_dev_unlock(hdev);
270 hci_dev_put(hdev);
271 return err;
272}
273
274static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
275{
276 struct sco_conn *conn = sco_pi(sk)->conn;
277 struct sk_buff *skb;
278 int err;
279
280 /* Check outgoing MTU */
281 if (len > conn->mtu)
282 return -EINVAL;
283
284 BT_DBG("sk %p len %d", sk, len);
285
286 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
287 if (!skb)
288 return err;
289
290 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
291 kfree_skb(skb);
292 return -EFAULT;
293 }
294
295 hci_send_sco(conn->hcon, skb);
296
297 return len;
298}
299
300static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
301{
302 struct sock *sk;
303
304 sco_conn_lock(conn);
305 sk = conn->sk;
306 sco_conn_unlock(conn);
307
308 if (!sk)
309 goto drop;
310
311 BT_DBG("sk %p len %d", sk, skb->len);
312
313 if (sk->sk_state != BT_CONNECTED)
314 goto drop;
315
316 if (!sock_queue_rcv_skb(sk, skb))
317 return;
318
319drop:
320 kfree_skb(skb);
321}
322
323/* -------- Socket interface ---------- */
324static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
325{
326 struct sock *sk;
327
328 sk_for_each(sk, &sco_sk_list.head) {
329 if (sk->sk_state != BT_LISTEN)
330 continue;
331
332 if (!bacmp(&sco_pi(sk)->src, ba))
333 return sk;
334 }
335
336 return NULL;
337}
338
339/* Find socket listening on source bdaddr.
340 * Returns closest match.
341 */
342static struct sock *sco_get_sock_listen(bdaddr_t *src)
343{
344 struct sock *sk = NULL, *sk1 = NULL;
345
346 read_lock(&sco_sk_list.lock);
347
348 sk_for_each(sk, &sco_sk_list.head) {
349 if (sk->sk_state != BT_LISTEN)
350 continue;
351
352 /* Exact match. */
353 if (!bacmp(&sco_pi(sk)->src, src))
354 break;
355
356 /* Closest match */
357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
358 sk1 = sk;
359 }
360
361 read_unlock(&sco_sk_list.lock);
362
363 return sk ? sk : sk1;
364}
365
366static void sco_sock_destruct(struct sock *sk)
367{
368 BT_DBG("sk %p", sk);
369
370 skb_queue_purge(&sk->sk_receive_queue);
371 skb_queue_purge(&sk->sk_write_queue);
372}
373
374static void sco_sock_cleanup_listen(struct sock *parent)
375{
376 struct sock *sk;
377
378 BT_DBG("parent %p", parent);
379
380 /* Close not yet accepted channels */
381 while ((sk = bt_accept_dequeue(parent, NULL))) {
382 sco_sock_close(sk);
383 sco_sock_kill(sk);
384 }
385
386 parent->sk_state = BT_CLOSED;
387 sock_set_flag(parent, SOCK_ZAPPED);
388}
389
390/* Kill socket (only if zapped and orphan)
391 * Must be called on unlocked socket.
392 */
393static void sco_sock_kill(struct sock *sk)
394{
395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
396 return;
397
398 BT_DBG("sk %p state %d", sk, sk->sk_state);
399
400 /* Kill poor orphan */
401 bt_sock_unlink(&sco_sk_list, sk);
402 sock_set_flag(sk, SOCK_DEAD);
403 sock_put(sk);
404}
405
406static void __sco_sock_close(struct sock *sk)
407{
408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
409
410 switch (sk->sk_state) {
411 case BT_LISTEN:
412 sco_sock_cleanup_listen(sk);
413 break;
414
415 case BT_CONNECTED:
416 case BT_CONFIG:
417 if (sco_pi(sk)->conn->hcon) {
418 sk->sk_state = BT_DISCONN;
419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
420 sco_conn_lock(sco_pi(sk)->conn);
421 hci_conn_drop(sco_pi(sk)->conn->hcon);
422 sco_pi(sk)->conn->hcon = NULL;
423 sco_conn_unlock(sco_pi(sk)->conn);
424 } else
425 sco_chan_del(sk, ECONNRESET);
426 break;
427
428 case BT_CONNECT2:
429 case BT_CONNECT:
430 case BT_DISCONN:
431 sco_chan_del(sk, ECONNRESET);
432 break;
433
434 default:
435 sock_set_flag(sk, SOCK_ZAPPED);
436 break;
437 }
438}
439
440/* Must be called on unlocked socket. */
441static void sco_sock_close(struct sock *sk)
442{
443 sco_sock_clear_timer(sk);
444 lock_sock(sk);
445 __sco_sock_close(sk);
446 release_sock(sk);
447 sco_sock_kill(sk);
448}
449
450static void sco_sock_init(struct sock *sk, struct sock *parent)
451{
452 BT_DBG("sk %p", sk);
453
454 if (parent) {
455 sk->sk_type = parent->sk_type;
456 bt_sk(sk)->flags = bt_sk(parent)->flags;
457 security_sk_clone(parent, sk);
458 }
459}
460
461static struct proto sco_proto = {
462 .name = "SCO",
463 .owner = THIS_MODULE,
464 .obj_size = sizeof(struct sco_pinfo)
465};
466
467static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
468 int proto, gfp_t prio, int kern)
469{
470 struct sock *sk;
471
472 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
473 if (!sk)
474 return NULL;
475
476 sock_init_data(sock, sk);
477 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
478
479 sk->sk_destruct = sco_sock_destruct;
480 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
481
482 sock_reset_flag(sk, SOCK_ZAPPED);
483
484 sk->sk_protocol = proto;
485 sk->sk_state = BT_OPEN;
486
487 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
488
489 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
490
491 bt_sock_link(&sco_sk_list, sk);
492 return sk;
493}
494
495static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
496 int kern)
497{
498 struct sock *sk;
499
500 BT_DBG("sock %p", sock);
501
502 sock->state = SS_UNCONNECTED;
503
504 if (sock->type != SOCK_SEQPACKET)
505 return -ESOCKTNOSUPPORT;
506
507 sock->ops = &sco_sock_ops;
508
509 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
510 if (!sk)
511 return -ENOMEM;
512
513 sco_sock_init(sk, NULL);
514 return 0;
515}
516
517static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
518 int addr_len)
519{
520 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
521 struct sock *sk = sock->sk;
522 int err = 0;
523
524 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
525
526 if (!addr || addr->sa_family != AF_BLUETOOTH)
527 return -EINVAL;
528
529 if (addr_len < sizeof(struct sockaddr_sco))
530 return -EINVAL;
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573 /* Set destination address and psm */
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642 /* Wait for an incoming connection. (wake-one). */
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int *len, int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692 *len = sizeof(struct sockaddr_sco);
693
694 if (peer)
695 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
696 else
697 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
698
699 return 0;
700}
701
702static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
703 size_t len)
704{
705 struct sock *sk = sock->sk;
706 int err;
707
708 BT_DBG("sock %p, sk %p", sock, sk);
709
710 err = sock_error(sk);
711 if (err)
712 return err;
713
714 if (msg->msg_flags & MSG_OOB)
715 return -EOPNOTSUPP;
716
717 lock_sock(sk);
718
719 if (sk->sk_state == BT_CONNECTED)
720 err = sco_send_frame(sk, msg, len);
721 else
722 err = -ENOTCONN;
723
724 release_sock(sk);
725 return err;
726}
727
728static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
729{
730 struct hci_dev *hdev = conn->hdev;
731
732 BT_DBG("conn %p", conn);
733
734 conn->state = BT_CONFIG;
735
736 if (!lmp_esco_capable(hdev)) {
737 struct hci_cp_accept_conn_req cp;
738
739 bacpy(&cp.bdaddr, &conn->dst);
740 cp.role = 0x00; /* Ignored */
741
742 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
743 } else {
744 struct hci_cp_accept_sync_conn_req cp;
745
746 bacpy(&cp.bdaddr, &conn->dst);
747 cp.pkt_type = cpu_to_le16(conn->pkt_type);
748
749 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
751 cp.content_format = cpu_to_le16(setting);
752
753 switch (setting & SCO_AIRMODE_MASK) {
754 case SCO_AIRMODE_TRANSP:
755 if (conn->pkt_type & ESCO_2EV3)
756 cp.max_latency = cpu_to_le16(0x0008);
757 else
758 cp.max_latency = cpu_to_le16(0x000D);
759 cp.retrans_effort = 0x02;
760 break;
761 case SCO_AIRMODE_CVSD:
762 cp.max_latency = cpu_to_le16(0xffff);
763 cp.retrans_effort = 0xff;
764 break;
765 }
766
767 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
768 sizeof(cp), &cp);
769 }
770}
771
772static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
773 size_t len, int flags)
774{
775 struct sock *sk = sock->sk;
776 struct sco_pinfo *pi = sco_pi(sk);
777
778 lock_sock(sk);
779
780 if (sk->sk_state == BT_CONNECT2 &&
781 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
782 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
783 sk->sk_state = BT_CONFIG;
784
785 release_sock(sk);
786 return 0;
787 }
788
789 release_sock(sk);
790
791 return bt_sock_recvmsg(sock, msg, len, flags);
792}
793
794static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
795 char __user *optval, unsigned int optlen)
796{
797 struct sock *sk = sock->sk;
798 int len, err = 0;
799 struct bt_voice voice;
800 u32 opt;
801
802 BT_DBG("sk %p", sk);
803
804 lock_sock(sk);
805
806 switch (optname) {
807
808 case BT_DEFER_SETUP:
809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
810 err = -EINVAL;
811 break;
812 }
813
814 if (get_user(opt, (u32 __user *) optval)) {
815 err = -EFAULT;
816 break;
817 }
818
819 if (opt)
820 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
821 else
822 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
823 break;
824
825 case BT_VOICE:
826 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
827 sk->sk_state != BT_CONNECT2) {
828 err = -EINVAL;
829 break;
830 }
831
832 voice.setting = sco_pi(sk)->setting;
833
834 len = min_t(unsigned int, sizeof(voice), optlen);
835 if (copy_from_user((char *)&voice, optval, len)) {
836 err = -EFAULT;
837 break;
838 }
839
840 /* Explicitly check for these values */
841 if (voice.setting != BT_VOICE_TRANSPARENT &&
842 voice.setting != BT_VOICE_CVSD_16BIT) {
843 err = -EINVAL;
844 break;
845 }
846
847 sco_pi(sk)->setting = voice.setting;
848 break;
849
850 default:
851 err = -ENOPROTOOPT;
852 break;
853 }
854
855 release_sock(sk);
856 return err;
857}
858
859static int sco_sock_getsockopt_old(struct socket *sock, int optname,
860 char __user *optval, int __user *optlen)
861{
862 struct sock *sk = sock->sk;
863 struct sco_options opts;
864 struct sco_conninfo cinfo;
865 int len, err = 0;
866
867 BT_DBG("sk %p", sk);
868
869 if (get_user(len, optlen))
870 return -EFAULT;
871
872 lock_sock(sk);
873
874 switch (optname) {
875 case SCO_OPTIONS:
876 if (sk->sk_state != BT_CONNECTED &&
877 !(sk->sk_state == BT_CONNECT2 &&
878 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
879 err = -ENOTCONN;
880 break;
881 }
882
883 opts.mtu = sco_pi(sk)->conn->mtu;
884
885 BT_DBG("mtu %d", opts.mtu);
886
887 len = min_t(unsigned int, len, sizeof(opts));
888 if (copy_to_user(optval, (char *)&opts, len))
889 err = -EFAULT;
890
891 break;
892
893 case SCO_CONNINFO:
894 if (sk->sk_state != BT_CONNECTED &&
895 !(sk->sk_state == BT_CONNECT2 &&
896 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
897 err = -ENOTCONN;
898 break;
899 }
900
901 memset(&cinfo, 0, sizeof(cinfo));
902 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
903 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
904
905 len = min_t(unsigned int, len, sizeof(cinfo));
906 if (copy_to_user(optval, (char *)&cinfo, len))
907 err = -EFAULT;
908
909 break;
910
911 default:
912 err = -ENOPROTOOPT;
913 break;
914 }
915
916 release_sock(sk);
917 return err;
918}
919
920static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
921 char __user *optval, int __user *optlen)
922{
923 struct sock *sk = sock->sk;
924 int len, err = 0;
925 struct bt_voice voice;
926
927 BT_DBG("sk %p", sk);
928
929 if (level == SOL_SCO)
930 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
931
932 if (get_user(len, optlen))
933 return -EFAULT;
934
935 lock_sock(sk);
936
937 switch (optname) {
938
939 case BT_DEFER_SETUP:
940 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
941 err = -EINVAL;
942 break;
943 }
944
945 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
946 (u32 __user *)optval))
947 err = -EFAULT;
948
949 break;
950
951 case BT_VOICE:
952 voice.setting = sco_pi(sk)->setting;
953
954 len = min_t(unsigned int, len, sizeof(voice));
955 if (copy_to_user(optval, (char *)&voice, len))
956 err = -EFAULT;
957
958 break;
959
960 default:
961 err = -ENOPROTOOPT;
962 break;
963 }
964
965 release_sock(sk);
966 return err;
967}
968
969static int sco_sock_shutdown(struct socket *sock, int how)
970{
971 struct sock *sk = sock->sk;
972 int err = 0;
973
974 BT_DBG("sock %p, sk %p", sock, sk);
975
976 if (!sk)
977 return 0;
978
979 sock_hold(sk);
980 lock_sock(sk);
981
982 if (!sk->sk_shutdown) {
983 sk->sk_shutdown = SHUTDOWN_MASK;
984 sco_sock_clear_timer(sk);
985 __sco_sock_close(sk);
986
987 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
988 !(current->flags & PF_EXITING))
989 err = bt_sock_wait_state(sk, BT_CLOSED,
990 sk->sk_lingertime);
991 }
992
993 release_sock(sk);
994 sock_put(sk);
995
996 return err;
997}
998
999static int sco_sock_release(struct socket *sock)
1000{
1001 struct sock *sk = sock->sk;
1002 int err = 0;
1003
1004 BT_DBG("sock %p, sk %p", sock, sk);
1005
1006 if (!sk)
1007 return 0;
1008
1009 sco_sock_close(sk);
1010
1011 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1012 !(current->flags & PF_EXITING)) {
1013 lock_sock(sk);
1014 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1015 release_sock(sk);
1016 }
1017
1018 sock_orphan(sk);
1019 sco_sock_kill(sk);
1020 return err;
1021}
1022
1023static void sco_conn_ready(struct sco_conn *conn)
1024{
1025 struct sock *parent;
1026 struct sock *sk = conn->sk;
1027
1028 BT_DBG("conn %p", conn);
1029
1030 if (sk) {
1031 sco_sock_clear_timer(sk);
1032 bh_lock_sock(sk);
1033 sk->sk_state = BT_CONNECTED;
1034 sk->sk_state_change(sk);
1035 bh_unlock_sock(sk);
1036 } else {
1037 sco_conn_lock(conn);
1038
1039 if (!conn->hcon) {
1040 sco_conn_unlock(conn);
1041 return;
1042 }
1043
1044 parent = sco_get_sock_listen(&conn->hcon->src);
1045 if (!parent) {
1046 sco_conn_unlock(conn);
1047 return;
1048 }
1049
1050 bh_lock_sock(parent);
1051
1052 sk = sco_sock_alloc(sock_net(parent), NULL,
1053 BTPROTO_SCO, GFP_ATOMIC, 0);
1054 if (!sk) {
1055 bh_unlock_sock(parent);
1056 sco_conn_unlock(conn);
1057 return;
1058 }
1059
1060 sco_sock_init(sk, parent);
1061
1062 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1063 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1064
1065 hci_conn_hold(conn->hcon);
1066 __sco_chan_add(conn, sk, parent);
1067
1068 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1069 sk->sk_state = BT_CONNECT2;
1070 else
1071 sk->sk_state = BT_CONNECTED;
1072
1073 /* Wake up parent */
1074 parent->sk_data_ready(parent);
1075
1076 bh_unlock_sock(parent);
1077
1078 sco_conn_unlock(conn);
1079 }
1080}
1081
1082/* ----- SCO interface with lower layer (HCI) ----- */
1083int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1084{
1085 struct sock *sk;
1086 int lm = 0;
1087
1088 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1089
1090 /* Find listening sockets */
1091 read_lock(&sco_sk_list.lock);
1092 sk_for_each(sk, &sco_sk_list.head) {
1093 if (sk->sk_state != BT_LISTEN)
1094 continue;
1095
1096 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1097 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1098 lm |= HCI_LM_ACCEPT;
1099
1100 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1101 *flags |= HCI_PROTO_DEFER;
1102 break;
1103 }
1104 }
1105 read_unlock(&sco_sk_list.lock);
1106
1107 return lm;
1108}
1109
1110static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1111{
1112 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1113 return;
1114
1115 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1116
1117 if (!status) {
1118 struct sco_conn *conn;
1119
1120 conn = sco_conn_add(hcon);
1121 if (conn)
1122 sco_conn_ready(conn);
1123 } else
1124 sco_conn_del(hcon, bt_to_errno(status));
1125}
1126
1127static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1128{
1129 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1130 return;
1131
1132 BT_DBG("hcon %p reason %d", hcon, reason);
1133
1134 sco_conn_del(hcon, bt_to_errno(reason));
1135}
1136
1137void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1138{
1139 struct sco_conn *conn = hcon->sco_data;
1140
1141 if (!conn)
1142 goto drop;
1143
1144 BT_DBG("conn %p len %d", conn, skb->len);
1145
1146 if (skb->len) {
1147 sco_recv_frame(conn, skb);
1148 return;
1149 }
1150
1151drop:
1152 kfree_skb(skb);
1153}
1154
1155static struct hci_cb sco_cb = {
1156 .name = "SCO",
1157 .connect_cfm = sco_connect_cfm,
1158 .disconn_cfm = sco_disconn_cfm,
1159};
1160
1161static int sco_debugfs_show(struct seq_file *f, void *p)
1162{
1163 struct sock *sk;
1164
1165 read_lock(&sco_sk_list.lock);
1166
1167 sk_for_each(sk, &sco_sk_list.head) {
1168 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1169 &sco_pi(sk)->dst, sk->sk_state);
1170 }
1171
1172 read_unlock(&sco_sk_list.lock);
1173
1174 return 0;
1175}
1176
1177static int sco_debugfs_open(struct inode *inode, struct file *file)
1178{
1179 return single_open(file, sco_debugfs_show, inode->i_private);
1180}
1181
1182static const struct file_operations sco_debugfs_fops = {
1183 .open = sco_debugfs_open,
1184 .read = seq_read,
1185 .llseek = seq_lseek,
1186 .release = single_release,
1187};
1188
1189static struct dentry *sco_debugfs;
1190
1191static const struct proto_ops sco_sock_ops = {
1192 .family = PF_BLUETOOTH,
1193 .owner = THIS_MODULE,
1194 .release = sco_sock_release,
1195 .bind = sco_sock_bind,
1196 .connect = sco_sock_connect,
1197 .listen = sco_sock_listen,
1198 .accept = sco_sock_accept,
1199 .getname = sco_sock_getname,
1200 .sendmsg = sco_sock_sendmsg,
1201 .recvmsg = sco_sock_recvmsg,
1202 .poll = bt_sock_poll,
1203 .ioctl = bt_sock_ioctl,
1204 .mmap = sock_no_mmap,
1205 .socketpair = sock_no_socketpair,
1206 .shutdown = sco_sock_shutdown,
1207 .setsockopt = sco_sock_setsockopt,
1208 .getsockopt = sco_sock_getsockopt
1209};
1210
1211static const struct net_proto_family sco_sock_family_ops = {
1212 .family = PF_BLUETOOTH,
1213 .owner = THIS_MODULE,
1214 .create = sco_sock_create,
1215};
1216
1217int __init sco_init(void)
1218{
1219 int err;
1220
1221 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1222
1223 err = proto_register(&sco_proto, 0);
1224 if (err < 0)
1225 return err;
1226
1227 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1228 if (err < 0) {
1229 BT_ERR("SCO socket registration failed");
1230 goto error;
1231 }
1232
1233 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1234 if (err < 0) {
1235 BT_ERR("Failed to create SCO proc file");
1236 bt_sock_unregister(BTPROTO_SCO);
1237 goto error;
1238 }
1239
1240 BT_INFO("SCO socket layer initialized");
1241
1242 hci_register_cb(&sco_cb);
1243
1244 if (IS_ERR_OR_NULL(bt_debugfs))
1245 return 0;
1246
1247 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1248 NULL, &sco_debugfs_fops);
1249
1250 return 0;
1251
1252error:
1253 proto_unregister(&sco_proto);
1254 return err;
1255}
1256
1257void sco_exit(void)
1258{
1259 bt_procfs_cleanup(&init_net, "sco");
1260
1261 debugfs_remove(sco_debugfs);
1262
1263 hci_unregister_cb(&sco_cb);
1264
1265 bt_sock_unregister(BTPROTO_SCO);
1266
1267 proto_unregister(&sco_proto);
1268}
1269
1270module_param(disable_esco, bool, 0644);
1271MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 struct bt_codec codec;
72 struct sco_conn *conn;
73};
74
75/* ---- SCO timers ---- */
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 if (!conn->hcon) {
87 sco_conn_unlock(conn);
88 return;
89 }
90 sk = conn->sk;
91 if (sk)
92 sock_hold(sk);
93 sco_conn_unlock(conn);
94
95 if (!sk)
96 return;
97
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99
100 lock_sock(sk);
101 sk->sk_err = ETIMEDOUT;
102 sk->sk_state_change(sk);
103 release_sock(sk);
104 sock_put(sk);
105}
106
107static void sco_sock_set_timer(struct sock *sk, long timeout)
108{
109 if (!sco_pi(sk)->conn)
110 return;
111
112 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
113 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
114 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
115}
116
117static void sco_sock_clear_timer(struct sock *sk)
118{
119 if (!sco_pi(sk)->conn)
120 return;
121
122 BT_DBG("sock %p state %d", sk, sk->sk_state);
123 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
124}
125
126/* ---- SCO connections ---- */
127static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
128{
129 struct sco_conn *conn = hcon->sco_data;
130
131 if (conn) {
132 if (!conn->hcon)
133 conn->hcon = hcon;
134 return conn;
135 }
136
137 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
138 if (!conn)
139 return NULL;
140
141 spin_lock_init(&conn->lock);
142 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
143
144 hcon->sco_data = conn;
145 conn->hcon = hcon;
146 conn->mtu = hcon->mtu;
147
148 if (hcon->mtu > 0)
149 conn->mtu = hcon->mtu;
150 else
151 conn->mtu = 60;
152
153 BT_DBG("hcon %p conn %p", hcon, conn);
154
155 return conn;
156}
157
158/* Delete channel.
159 * Must be called on the locked socket. */
160static void sco_chan_del(struct sock *sk, int err)
161{
162 struct sco_conn *conn;
163
164 conn = sco_pi(sk)->conn;
165
166 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
167
168 if (conn) {
169 sco_conn_lock(conn);
170 conn->sk = NULL;
171 sco_pi(sk)->conn = NULL;
172 sco_conn_unlock(conn);
173
174 if (conn->hcon)
175 hci_conn_drop(conn->hcon);
176 }
177
178 sk->sk_state = BT_CLOSED;
179 sk->sk_err = err;
180 sk->sk_state_change(sk);
181
182 sock_set_flag(sk, SOCK_ZAPPED);
183}
184
185static void sco_conn_del(struct hci_conn *hcon, int err)
186{
187 struct sco_conn *conn = hcon->sco_data;
188 struct sock *sk;
189
190 if (!conn)
191 return;
192
193 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
194
195 /* Kill socket */
196 sco_conn_lock(conn);
197 sk = conn->sk;
198 if (sk)
199 sock_hold(sk);
200 sco_conn_unlock(conn);
201
202 if (sk) {
203 lock_sock(sk);
204 sco_sock_clear_timer(sk);
205 sco_chan_del(sk, err);
206 release_sock(sk);
207 sock_put(sk);
208 }
209
210 /* Ensure no more work items will run before freeing conn. */
211 cancel_delayed_work_sync(&conn->timeout_work);
212
213 hcon->sco_data = NULL;
214 kfree(conn);
215}
216
217static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
218 struct sock *parent)
219{
220 BT_DBG("conn %p", conn);
221
222 sco_pi(sk)->conn = conn;
223 conn->sk = sk;
224
225 if (parent)
226 bt_accept_enqueue(parent, sk, true);
227}
228
229static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
230 struct sock *parent)
231{
232 int err = 0;
233
234 sco_conn_lock(conn);
235 if (conn->sk)
236 err = -EBUSY;
237 else
238 __sco_chan_add(conn, sk, parent);
239
240 sco_conn_unlock(conn);
241 return err;
242}
243
244static int sco_connect(struct sock *sk)
245{
246 struct sco_conn *conn;
247 struct hci_conn *hcon;
248 struct hci_dev *hdev;
249 int err, type;
250
251 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
252
253 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
254 if (!hdev)
255 return -EHOSTUNREACH;
256
257 hci_dev_lock(hdev);
258
259 if (lmp_esco_capable(hdev) && !disable_esco)
260 type = ESCO_LINK;
261 else
262 type = SCO_LINK;
263
264 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
265 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
266 err = -EOPNOTSUPP;
267 goto unlock;
268 }
269
270 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
271 sco_pi(sk)->setting, &sco_pi(sk)->codec,
272 sk->sk_sndtimeo);
273 if (IS_ERR(hcon)) {
274 err = PTR_ERR(hcon);
275 goto unlock;
276 }
277
278 conn = sco_conn_add(hcon);
279 if (!conn) {
280 hci_conn_drop(hcon);
281 err = -ENOMEM;
282 goto unlock;
283 }
284
285 lock_sock(sk);
286
287 err = sco_chan_add(conn, sk, NULL);
288 if (err) {
289 release_sock(sk);
290 goto unlock;
291 }
292
293 /* Update source addr of the socket */
294 bacpy(&sco_pi(sk)->src, &hcon->src);
295
296 if (hcon->state == BT_CONNECTED) {
297 sco_sock_clear_timer(sk);
298 sk->sk_state = BT_CONNECTED;
299 } else {
300 sk->sk_state = BT_CONNECT;
301 sco_sock_set_timer(sk, sk->sk_sndtimeo);
302 }
303
304 release_sock(sk);
305
306unlock:
307 hci_dev_unlock(hdev);
308 hci_dev_put(hdev);
309 return err;
310}
311
312static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
313{
314 struct sco_conn *conn = sco_pi(sk)->conn;
315 int len = skb->len;
316
317 /* Check outgoing MTU */
318 if (len > conn->mtu)
319 return -EINVAL;
320
321 BT_DBG("sk %p len %d", sk, len);
322
323 hci_send_sco(conn->hcon, skb);
324
325 return len;
326}
327
328static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
329{
330 struct sock *sk;
331
332 sco_conn_lock(conn);
333 sk = conn->sk;
334 sco_conn_unlock(conn);
335
336 if (!sk)
337 goto drop;
338
339 BT_DBG("sk %p len %u", sk, skb->len);
340
341 if (sk->sk_state != BT_CONNECTED)
342 goto drop;
343
344 if (!sock_queue_rcv_skb(sk, skb))
345 return;
346
347drop:
348 kfree_skb(skb);
349}
350
351/* -------- Socket interface ---------- */
352static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
353{
354 struct sock *sk;
355
356 sk_for_each(sk, &sco_sk_list.head) {
357 if (sk->sk_state != BT_LISTEN)
358 continue;
359
360 if (!bacmp(&sco_pi(sk)->src, ba))
361 return sk;
362 }
363
364 return NULL;
365}
366
367/* Find socket listening on source bdaddr.
368 * Returns closest match.
369 */
370static struct sock *sco_get_sock_listen(bdaddr_t *src)
371{
372 struct sock *sk = NULL, *sk1 = NULL;
373
374 read_lock(&sco_sk_list.lock);
375
376 sk_for_each(sk, &sco_sk_list.head) {
377 if (sk->sk_state != BT_LISTEN)
378 continue;
379
380 /* Exact match. */
381 if (!bacmp(&sco_pi(sk)->src, src))
382 break;
383
384 /* Closest match */
385 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
386 sk1 = sk;
387 }
388
389 read_unlock(&sco_sk_list.lock);
390
391 return sk ? sk : sk1;
392}
393
394static void sco_sock_destruct(struct sock *sk)
395{
396 BT_DBG("sk %p", sk);
397
398 skb_queue_purge(&sk->sk_receive_queue);
399 skb_queue_purge(&sk->sk_write_queue);
400}
401
402static void sco_sock_cleanup_listen(struct sock *parent)
403{
404 struct sock *sk;
405
406 BT_DBG("parent %p", parent);
407
408 /* Close not yet accepted channels */
409 while ((sk = bt_accept_dequeue(parent, NULL))) {
410 sco_sock_close(sk);
411 sco_sock_kill(sk);
412 }
413
414 parent->sk_state = BT_CLOSED;
415 sock_set_flag(parent, SOCK_ZAPPED);
416}
417
418/* Kill socket (only if zapped and orphan)
419 * Must be called on unlocked socket.
420 */
421static void sco_sock_kill(struct sock *sk)
422{
423 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
424 return;
425
426 BT_DBG("sk %p state %d", sk, sk->sk_state);
427
428 /* Kill poor orphan */
429 bt_sock_unlink(&sco_sk_list, sk);
430 sock_set_flag(sk, SOCK_DEAD);
431 sock_put(sk);
432}
433
434static void __sco_sock_close(struct sock *sk)
435{
436 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
437
438 switch (sk->sk_state) {
439 case BT_LISTEN:
440 sco_sock_cleanup_listen(sk);
441 break;
442
443 case BT_CONNECTED:
444 case BT_CONFIG:
445 if (sco_pi(sk)->conn->hcon) {
446 sk->sk_state = BT_DISCONN;
447 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
448 sco_conn_lock(sco_pi(sk)->conn);
449 hci_conn_drop(sco_pi(sk)->conn->hcon);
450 sco_pi(sk)->conn->hcon = NULL;
451 sco_conn_unlock(sco_pi(sk)->conn);
452 } else
453 sco_chan_del(sk, ECONNRESET);
454 break;
455
456 case BT_CONNECT2:
457 case BT_CONNECT:
458 case BT_DISCONN:
459 sco_chan_del(sk, ECONNRESET);
460 break;
461
462 default:
463 sock_set_flag(sk, SOCK_ZAPPED);
464 break;
465 }
466
467}
468
469/* Must be called on unlocked socket. */
470static void sco_sock_close(struct sock *sk)
471{
472 lock_sock(sk);
473 sco_sock_clear_timer(sk);
474 __sco_sock_close(sk);
475 release_sock(sk);
476}
477
478static void sco_sock_init(struct sock *sk, struct sock *parent)
479{
480 BT_DBG("sk %p", sk);
481
482 if (parent) {
483 sk->sk_type = parent->sk_type;
484 bt_sk(sk)->flags = bt_sk(parent)->flags;
485 security_sk_clone(parent, sk);
486 }
487}
488
489static struct proto sco_proto = {
490 .name = "SCO",
491 .owner = THIS_MODULE,
492 .obj_size = sizeof(struct sco_pinfo)
493};
494
495static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
496 int proto, gfp_t prio, int kern)
497{
498 struct sock *sk;
499
500 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
501 if (!sk)
502 return NULL;
503
504 sk->sk_destruct = sco_sock_destruct;
505 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
506
507 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
508 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
509 sco_pi(sk)->codec.cid = 0xffff;
510 sco_pi(sk)->codec.vid = 0xffff;
511 sco_pi(sk)->codec.data_path = 0x00;
512
513 bt_sock_link(&sco_sk_list, sk);
514 return sk;
515}
516
517static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
518 int kern)
519{
520 struct sock *sk;
521
522 BT_DBG("sock %p", sock);
523
524 sock->state = SS_UNCONNECTED;
525
526 if (sock->type != SOCK_SEQPACKET)
527 return -ESOCKTNOSUPPORT;
528
529 sock->ops = &sco_sock_ops;
530
531 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
532 if (!sk)
533 return -ENOMEM;
534
535 sco_sock_init(sk, NULL);
536 return 0;
537}
538
539static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
540 int addr_len)
541{
542 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
543 struct sock *sk = sock->sk;
544 int err = 0;
545
546 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
547 addr->sa_family != AF_BLUETOOTH)
548 return -EINVAL;
549
550 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
551
552 lock_sock(sk);
553
554 if (sk->sk_state != BT_OPEN) {
555 err = -EBADFD;
556 goto done;
557 }
558
559 if (sk->sk_type != SOCK_SEQPACKET) {
560 err = -EINVAL;
561 goto done;
562 }
563
564 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
565
566 sk->sk_state = BT_BOUND;
567
568done:
569 release_sock(sk);
570 return err;
571}
572
573static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
574{
575 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
576 struct sock *sk = sock->sk;
577 int err;
578
579 BT_DBG("sk %p", sk);
580
581 if (alen < sizeof(struct sockaddr_sco) ||
582 addr->sa_family != AF_BLUETOOTH)
583 return -EINVAL;
584
585 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
586 return -EBADFD;
587
588 if (sk->sk_type != SOCK_SEQPACKET)
589 err = -EINVAL;
590
591 lock_sock(sk);
592 /* Set destination address and psm */
593 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
594 release_sock(sk);
595
596 err = sco_connect(sk);
597 if (err)
598 return err;
599
600 lock_sock(sk);
601
602 err = bt_sock_wait_state(sk, BT_CONNECTED,
603 sock_sndtimeo(sk, flags & O_NONBLOCK));
604
605 release_sock(sk);
606 return err;
607}
608
609static int sco_sock_listen(struct socket *sock, int backlog)
610{
611 struct sock *sk = sock->sk;
612 bdaddr_t *src = &sco_pi(sk)->src;
613 int err = 0;
614
615 BT_DBG("sk %p backlog %d", sk, backlog);
616
617 lock_sock(sk);
618
619 if (sk->sk_state != BT_BOUND) {
620 err = -EBADFD;
621 goto done;
622 }
623
624 if (sk->sk_type != SOCK_SEQPACKET) {
625 err = -EINVAL;
626 goto done;
627 }
628
629 write_lock(&sco_sk_list.lock);
630
631 if (__sco_get_sock_listen_by_addr(src)) {
632 err = -EADDRINUSE;
633 goto unlock;
634 }
635
636 sk->sk_max_ack_backlog = backlog;
637 sk->sk_ack_backlog = 0;
638
639 sk->sk_state = BT_LISTEN;
640
641unlock:
642 write_unlock(&sco_sk_list.lock);
643
644done:
645 release_sock(sk);
646 return err;
647}
648
649static int sco_sock_accept(struct socket *sock, struct socket *newsock,
650 int flags, bool kern)
651{
652 DEFINE_WAIT_FUNC(wait, woken_wake_function);
653 struct sock *sk = sock->sk, *ch;
654 long timeo;
655 int err = 0;
656
657 lock_sock(sk);
658
659 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
660
661 BT_DBG("sk %p timeo %ld", sk, timeo);
662
663 /* Wait for an incoming connection. (wake-one). */
664 add_wait_queue_exclusive(sk_sleep(sk), &wait);
665 while (1) {
666 if (sk->sk_state != BT_LISTEN) {
667 err = -EBADFD;
668 break;
669 }
670
671 ch = bt_accept_dequeue(sk, newsock);
672 if (ch)
673 break;
674
675 if (!timeo) {
676 err = -EAGAIN;
677 break;
678 }
679
680 if (signal_pending(current)) {
681 err = sock_intr_errno(timeo);
682 break;
683 }
684
685 release_sock(sk);
686
687 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
688 lock_sock(sk);
689 }
690 remove_wait_queue(sk_sleep(sk), &wait);
691
692 if (err)
693 goto done;
694
695 newsock->state = SS_CONNECTED;
696
697 BT_DBG("new socket %p", ch);
698
699done:
700 release_sock(sk);
701 return err;
702}
703
704static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
705 int peer)
706{
707 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
708 struct sock *sk = sock->sk;
709
710 BT_DBG("sock %p, sk %p", sock, sk);
711
712 addr->sa_family = AF_BLUETOOTH;
713
714 if (peer)
715 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
716 else
717 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
718
719 return sizeof(struct sockaddr_sco);
720}
721
722static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
723 size_t len)
724{
725 struct sock *sk = sock->sk;
726 struct sk_buff *skb;
727 int err;
728
729 BT_DBG("sock %p, sk %p", sock, sk);
730
731 err = sock_error(sk);
732 if (err)
733 return err;
734
735 if (msg->msg_flags & MSG_OOB)
736 return -EOPNOTSUPP;
737
738 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
739 if (IS_ERR(skb))
740 return PTR_ERR(skb);
741
742 lock_sock(sk);
743
744 if (sk->sk_state == BT_CONNECTED)
745 err = sco_send_frame(sk, skb);
746 else
747 err = -ENOTCONN;
748
749 release_sock(sk);
750
751 if (err < 0)
752 kfree_skb(skb);
753 return err;
754}
755
756static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
757{
758 struct hci_dev *hdev = conn->hdev;
759
760 BT_DBG("conn %p", conn);
761
762 conn->state = BT_CONFIG;
763
764 if (!lmp_esco_capable(hdev)) {
765 struct hci_cp_accept_conn_req cp;
766
767 bacpy(&cp.bdaddr, &conn->dst);
768 cp.role = 0x00; /* Ignored */
769
770 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
771 } else {
772 struct hci_cp_accept_sync_conn_req cp;
773
774 bacpy(&cp.bdaddr, &conn->dst);
775 cp.pkt_type = cpu_to_le16(conn->pkt_type);
776
777 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
778 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
779 cp.content_format = cpu_to_le16(setting);
780
781 switch (setting & SCO_AIRMODE_MASK) {
782 case SCO_AIRMODE_TRANSP:
783 if (conn->pkt_type & ESCO_2EV3)
784 cp.max_latency = cpu_to_le16(0x0008);
785 else
786 cp.max_latency = cpu_to_le16(0x000D);
787 cp.retrans_effort = 0x02;
788 break;
789 case SCO_AIRMODE_CVSD:
790 cp.max_latency = cpu_to_le16(0xffff);
791 cp.retrans_effort = 0xff;
792 break;
793 default:
794 /* use CVSD settings as fallback */
795 cp.max_latency = cpu_to_le16(0xffff);
796 cp.retrans_effort = 0xff;
797 break;
798 }
799
800 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
801 sizeof(cp), &cp);
802 }
803}
804
805static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
806 size_t len, int flags)
807{
808 struct sock *sk = sock->sk;
809 struct sco_pinfo *pi = sco_pi(sk);
810
811 lock_sock(sk);
812
813 if (sk->sk_state == BT_CONNECT2 &&
814 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
815 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
816 sk->sk_state = BT_CONFIG;
817
818 release_sock(sk);
819 return 0;
820 }
821
822 release_sock(sk);
823
824 return bt_sock_recvmsg(sock, msg, len, flags);
825}
826
827static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
828 sockptr_t optval, unsigned int optlen)
829{
830 struct sock *sk = sock->sk;
831 int err = 0;
832 struct bt_voice voice;
833 u32 opt;
834 struct bt_codecs *codecs;
835 struct hci_dev *hdev;
836 __u8 buffer[255];
837
838 BT_DBG("sk %p", sk);
839
840 lock_sock(sk);
841
842 switch (optname) {
843
844 case BT_DEFER_SETUP:
845 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
846 err = -EINVAL;
847 break;
848 }
849
850 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
851 if (err)
852 break;
853
854 if (opt)
855 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
856 else
857 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
858 break;
859
860 case BT_VOICE:
861 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
862 sk->sk_state != BT_CONNECT2) {
863 err = -EINVAL;
864 break;
865 }
866
867 voice.setting = sco_pi(sk)->setting;
868
869 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval,
870 optlen);
871 if (err)
872 break;
873
874 /* Explicitly check for these values */
875 if (voice.setting != BT_VOICE_TRANSPARENT &&
876 voice.setting != BT_VOICE_CVSD_16BIT) {
877 err = -EINVAL;
878 break;
879 }
880
881 sco_pi(sk)->setting = voice.setting;
882 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
883 BDADDR_BREDR);
884 if (!hdev) {
885 err = -EBADFD;
886 break;
887 }
888 if (enhanced_sync_conn_capable(hdev) &&
889 voice.setting == BT_VOICE_TRANSPARENT)
890 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
891 hci_dev_put(hdev);
892 break;
893
894 case BT_PKT_STATUS:
895 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
896 if (err)
897 break;
898
899 if (opt)
900 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
901 else
902 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
903 break;
904
905 case BT_CODEC:
906 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
907 sk->sk_state != BT_CONNECT2) {
908 err = -EINVAL;
909 break;
910 }
911
912 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
913 BDADDR_BREDR);
914 if (!hdev) {
915 err = -EBADFD;
916 break;
917 }
918
919 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
920 hci_dev_put(hdev);
921 err = -EOPNOTSUPP;
922 break;
923 }
924
925 if (!hdev->get_data_path_id) {
926 hci_dev_put(hdev);
927 err = -EOPNOTSUPP;
928 break;
929 }
930
931 if (optlen < sizeof(struct bt_codecs) ||
932 optlen > sizeof(buffer)) {
933 hci_dev_put(hdev);
934 err = -EINVAL;
935 break;
936 }
937
938 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen);
939 if (err) {
940 hci_dev_put(hdev);
941 break;
942 }
943
944 codecs = (void *)buffer;
945
946 if (codecs->num_codecs > 1) {
947 hci_dev_put(hdev);
948 err = -EINVAL;
949 break;
950 }
951
952 sco_pi(sk)->codec = codecs->codecs[0];
953 hci_dev_put(hdev);
954 break;
955
956 default:
957 err = -ENOPROTOOPT;
958 break;
959 }
960
961 release_sock(sk);
962 return err;
963}
964
965static int sco_sock_getsockopt_old(struct socket *sock, int optname,
966 char __user *optval, int __user *optlen)
967{
968 struct sock *sk = sock->sk;
969 struct sco_options opts;
970 struct sco_conninfo cinfo;
971 int err = 0;
972 size_t len;
973
974 BT_DBG("sk %p", sk);
975
976 if (get_user(len, optlen))
977 return -EFAULT;
978
979 lock_sock(sk);
980
981 switch (optname) {
982 case SCO_OPTIONS:
983 if (sk->sk_state != BT_CONNECTED &&
984 !(sk->sk_state == BT_CONNECT2 &&
985 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
986 err = -ENOTCONN;
987 break;
988 }
989
990 opts.mtu = sco_pi(sk)->conn->mtu;
991
992 BT_DBG("mtu %u", opts.mtu);
993
994 len = min(len, sizeof(opts));
995 if (copy_to_user(optval, (char *)&opts, len))
996 err = -EFAULT;
997
998 break;
999
1000 case SCO_CONNINFO:
1001 if (sk->sk_state != BT_CONNECTED &&
1002 !(sk->sk_state == BT_CONNECT2 &&
1003 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1004 err = -ENOTCONN;
1005 break;
1006 }
1007
1008 memset(&cinfo, 0, sizeof(cinfo));
1009 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1010 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1011
1012 len = min(len, sizeof(cinfo));
1013 if (copy_to_user(optval, (char *)&cinfo, len))
1014 err = -EFAULT;
1015
1016 break;
1017
1018 default:
1019 err = -ENOPROTOOPT;
1020 break;
1021 }
1022
1023 release_sock(sk);
1024 return err;
1025}
1026
1027static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1028 char __user *optval, int __user *optlen)
1029{
1030 struct sock *sk = sock->sk;
1031 int len, err = 0;
1032 struct bt_voice voice;
1033 u32 phys;
1034 int buf_len;
1035 struct codec_list *c;
1036 u8 num_codecs, i, __user *ptr;
1037 struct hci_dev *hdev;
1038 struct hci_codec_caps *caps;
1039 struct bt_codec codec;
1040
1041 BT_DBG("sk %p", sk);
1042
1043 if (level == SOL_SCO)
1044 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1045
1046 if (get_user(len, optlen))
1047 return -EFAULT;
1048
1049 lock_sock(sk);
1050
1051 switch (optname) {
1052
1053 case BT_DEFER_SETUP:
1054 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1055 err = -EINVAL;
1056 break;
1057 }
1058
1059 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1060 (u32 __user *)optval))
1061 err = -EFAULT;
1062
1063 break;
1064
1065 case BT_VOICE:
1066 voice.setting = sco_pi(sk)->setting;
1067
1068 len = min_t(unsigned int, len, sizeof(voice));
1069 if (copy_to_user(optval, (char *)&voice, len))
1070 err = -EFAULT;
1071
1072 break;
1073
1074 case BT_PHY:
1075 if (sk->sk_state != BT_CONNECTED) {
1076 err = -ENOTCONN;
1077 break;
1078 }
1079
1080 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1081
1082 if (put_user(phys, (u32 __user *) optval))
1083 err = -EFAULT;
1084 break;
1085
1086 case BT_PKT_STATUS:
1087 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1088 (int __user *)optval))
1089 err = -EFAULT;
1090 break;
1091
1092 case BT_SNDMTU:
1093 case BT_RCVMTU:
1094 if (sk->sk_state != BT_CONNECTED) {
1095 err = -ENOTCONN;
1096 break;
1097 }
1098
1099 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1100 err = -EFAULT;
1101 break;
1102
1103 case BT_CODEC:
1104 num_codecs = 0;
1105 buf_len = 0;
1106
1107 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1108 if (!hdev) {
1109 err = -EBADFD;
1110 break;
1111 }
1112
1113 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1114 hci_dev_put(hdev);
1115 err = -EOPNOTSUPP;
1116 break;
1117 }
1118
1119 if (!hdev->get_data_path_id) {
1120 hci_dev_put(hdev);
1121 err = -EOPNOTSUPP;
1122 break;
1123 }
1124
1125 release_sock(sk);
1126
1127 /* find total buffer size required to copy codec + caps */
1128 hci_dev_lock(hdev);
1129 list_for_each_entry(c, &hdev->local_codecs, list) {
1130 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1131 continue;
1132 num_codecs++;
1133 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1134 buf_len += 1 + caps->len;
1135 caps = (void *)&caps->data[caps->len];
1136 }
1137 buf_len += sizeof(struct bt_codec);
1138 }
1139 hci_dev_unlock(hdev);
1140
1141 buf_len += sizeof(struct bt_codecs);
1142 if (buf_len > len) {
1143 hci_dev_put(hdev);
1144 return -ENOBUFS;
1145 }
1146 ptr = optval;
1147
1148 if (put_user(num_codecs, ptr)) {
1149 hci_dev_put(hdev);
1150 return -EFAULT;
1151 }
1152 ptr += sizeof(num_codecs);
1153
1154 /* Iterate all the codecs supported over SCO and populate
1155 * codec data
1156 */
1157 hci_dev_lock(hdev);
1158 list_for_each_entry(c, &hdev->local_codecs, list) {
1159 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1160 continue;
1161
1162 codec.id = c->id;
1163 codec.cid = c->cid;
1164 codec.vid = c->vid;
1165 err = hdev->get_data_path_id(hdev, &codec.data_path);
1166 if (err < 0)
1167 break;
1168 codec.num_caps = c->num_caps;
1169 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1170 err = -EFAULT;
1171 break;
1172 }
1173 ptr += sizeof(codec);
1174
1175 /* find codec capabilities data length */
1176 len = 0;
1177 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1178 len += 1 + caps->len;
1179 caps = (void *)&caps->data[caps->len];
1180 }
1181
1182 /* copy codec capabilities data */
1183 if (len && copy_to_user(ptr, c->caps, len)) {
1184 err = -EFAULT;
1185 break;
1186 }
1187 ptr += len;
1188 }
1189
1190 hci_dev_unlock(hdev);
1191 hci_dev_put(hdev);
1192
1193 lock_sock(sk);
1194
1195 if (!err && put_user(buf_len, optlen))
1196 err = -EFAULT;
1197
1198 break;
1199
1200 default:
1201 err = -ENOPROTOOPT;
1202 break;
1203 }
1204
1205 release_sock(sk);
1206 return err;
1207}
1208
1209static int sco_sock_shutdown(struct socket *sock, int how)
1210{
1211 struct sock *sk = sock->sk;
1212 int err = 0;
1213
1214 BT_DBG("sock %p, sk %p", sock, sk);
1215
1216 if (!sk)
1217 return 0;
1218
1219 sock_hold(sk);
1220 lock_sock(sk);
1221
1222 if (!sk->sk_shutdown) {
1223 sk->sk_shutdown = SHUTDOWN_MASK;
1224 sco_sock_clear_timer(sk);
1225 __sco_sock_close(sk);
1226
1227 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1228 !(current->flags & PF_EXITING))
1229 err = bt_sock_wait_state(sk, BT_CLOSED,
1230 sk->sk_lingertime);
1231 }
1232
1233 release_sock(sk);
1234 sock_put(sk);
1235
1236 return err;
1237}
1238
1239static int sco_sock_release(struct socket *sock)
1240{
1241 struct sock *sk = sock->sk;
1242 int err = 0;
1243
1244 BT_DBG("sock %p, sk %p", sock, sk);
1245
1246 if (!sk)
1247 return 0;
1248
1249 sco_sock_close(sk);
1250
1251 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1252 !(current->flags & PF_EXITING)) {
1253 lock_sock(sk);
1254 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1255 release_sock(sk);
1256 }
1257
1258 sock_orphan(sk);
1259 sco_sock_kill(sk);
1260 return err;
1261}
1262
1263static void sco_conn_ready(struct sco_conn *conn)
1264{
1265 struct sock *parent;
1266 struct sock *sk = conn->sk;
1267
1268 BT_DBG("conn %p", conn);
1269
1270 if (sk) {
1271 lock_sock(sk);
1272 sco_sock_clear_timer(sk);
1273 sk->sk_state = BT_CONNECTED;
1274 sk->sk_state_change(sk);
1275 release_sock(sk);
1276 } else {
1277 sco_conn_lock(conn);
1278
1279 if (!conn->hcon) {
1280 sco_conn_unlock(conn);
1281 return;
1282 }
1283
1284 parent = sco_get_sock_listen(&conn->hcon->src);
1285 if (!parent) {
1286 sco_conn_unlock(conn);
1287 return;
1288 }
1289
1290 lock_sock(parent);
1291
1292 sk = sco_sock_alloc(sock_net(parent), NULL,
1293 BTPROTO_SCO, GFP_ATOMIC, 0);
1294 if (!sk) {
1295 release_sock(parent);
1296 sco_conn_unlock(conn);
1297 return;
1298 }
1299
1300 sco_sock_init(sk, parent);
1301
1302 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1303 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1304
1305 hci_conn_hold(conn->hcon);
1306 __sco_chan_add(conn, sk, parent);
1307
1308 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1309 sk->sk_state = BT_CONNECT2;
1310 else
1311 sk->sk_state = BT_CONNECTED;
1312
1313 /* Wake up parent */
1314 parent->sk_data_ready(parent);
1315
1316 release_sock(parent);
1317
1318 sco_conn_unlock(conn);
1319 }
1320}
1321
1322/* ----- SCO interface with lower layer (HCI) ----- */
1323int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1324{
1325 struct sock *sk;
1326 int lm = 0;
1327
1328 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1329
1330 /* Find listening sockets */
1331 read_lock(&sco_sk_list.lock);
1332 sk_for_each(sk, &sco_sk_list.head) {
1333 if (sk->sk_state != BT_LISTEN)
1334 continue;
1335
1336 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1337 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1338 lm |= HCI_LM_ACCEPT;
1339
1340 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1341 *flags |= HCI_PROTO_DEFER;
1342 break;
1343 }
1344 }
1345 read_unlock(&sco_sk_list.lock);
1346
1347 return lm;
1348}
1349
1350static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1351{
1352 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1353 return;
1354
1355 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1356
1357 if (!status) {
1358 struct sco_conn *conn;
1359
1360 conn = sco_conn_add(hcon);
1361 if (conn)
1362 sco_conn_ready(conn);
1363 } else
1364 sco_conn_del(hcon, bt_to_errno(status));
1365}
1366
1367static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1368{
1369 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1370 return;
1371
1372 BT_DBG("hcon %p reason %d", hcon, reason);
1373
1374 sco_conn_del(hcon, bt_to_errno(reason));
1375}
1376
1377void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1378{
1379 struct sco_conn *conn = hcon->sco_data;
1380
1381 if (!conn)
1382 goto drop;
1383
1384 BT_DBG("conn %p len %u", conn, skb->len);
1385
1386 if (skb->len) {
1387 sco_recv_frame(conn, skb);
1388 return;
1389 }
1390
1391drop:
1392 kfree_skb(skb);
1393}
1394
1395static struct hci_cb sco_cb = {
1396 .name = "SCO",
1397 .connect_cfm = sco_connect_cfm,
1398 .disconn_cfm = sco_disconn_cfm,
1399};
1400
1401static int sco_debugfs_show(struct seq_file *f, void *p)
1402{
1403 struct sock *sk;
1404
1405 read_lock(&sco_sk_list.lock);
1406
1407 sk_for_each(sk, &sco_sk_list.head) {
1408 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1409 &sco_pi(sk)->dst, sk->sk_state);
1410 }
1411
1412 read_unlock(&sco_sk_list.lock);
1413
1414 return 0;
1415}
1416
1417DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1418
1419static struct dentry *sco_debugfs;
1420
1421static const struct proto_ops sco_sock_ops = {
1422 .family = PF_BLUETOOTH,
1423 .owner = THIS_MODULE,
1424 .release = sco_sock_release,
1425 .bind = sco_sock_bind,
1426 .connect = sco_sock_connect,
1427 .listen = sco_sock_listen,
1428 .accept = sco_sock_accept,
1429 .getname = sco_sock_getname,
1430 .sendmsg = sco_sock_sendmsg,
1431 .recvmsg = sco_sock_recvmsg,
1432 .poll = bt_sock_poll,
1433 .ioctl = bt_sock_ioctl,
1434 .gettstamp = sock_gettstamp,
1435 .mmap = sock_no_mmap,
1436 .socketpair = sock_no_socketpair,
1437 .shutdown = sco_sock_shutdown,
1438 .setsockopt = sco_sock_setsockopt,
1439 .getsockopt = sco_sock_getsockopt
1440};
1441
1442static const struct net_proto_family sco_sock_family_ops = {
1443 .family = PF_BLUETOOTH,
1444 .owner = THIS_MODULE,
1445 .create = sco_sock_create,
1446};
1447
1448int __init sco_init(void)
1449{
1450 int err;
1451
1452 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1453
1454 err = proto_register(&sco_proto, 0);
1455 if (err < 0)
1456 return err;
1457
1458 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1459 if (err < 0) {
1460 BT_ERR("SCO socket registration failed");
1461 goto error;
1462 }
1463
1464 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1465 if (err < 0) {
1466 BT_ERR("Failed to create SCO proc file");
1467 bt_sock_unregister(BTPROTO_SCO);
1468 goto error;
1469 }
1470
1471 BT_INFO("SCO socket layer initialized");
1472
1473 hci_register_cb(&sco_cb);
1474
1475 if (IS_ERR_OR_NULL(bt_debugfs))
1476 return 0;
1477
1478 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1479 NULL, &sco_debugfs_fops);
1480
1481 return 0;
1482
1483error:
1484 proto_unregister(&sco_proto);
1485 return err;
1486}
1487
1488void sco_exit(void)
1489{
1490 bt_procfs_cleanup(&init_net, "sco");
1491
1492 debugfs_remove(sco_debugfs);
1493
1494 hci_unregister_cb(&sco_cb);
1495
1496 bt_sock_unregister(BTPROTO_SCO);
1497
1498 proto_unregister(&sco_proto);
1499}
1500
1501module_param(disable_esco, bool, 0644);
1502MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");