Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52};
53
54#define sco_conn_lock(c) spin_lock(&c->lock);
55#define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57static void sco_sock_close(struct sock *sk);
58static void sco_sock_kill(struct sock *sk);
59
60/* ----- SCO socket info ----- */
61#define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 struct sco_conn *conn;
70};
71
72/* ---- SCO timers ---- */
73#define SCO_CONN_TIMEOUT (HZ * 40)
74#define SCO_DISCONN_TIMEOUT (HZ * 2)
75
76static void sco_sock_timeout(struct timer_list *t)
77{
78 struct sock *sk = from_timer(sk, t, sk_timer);
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89}
90
91static void sco_sock_set_timer(struct sock *sk, long timeout)
92{
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95}
96
97static void sco_sock_clear_timer(struct sock *sk)
98{
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101}
102
103/* ---- SCO connections ---- */
104static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105{
106 struct hci_dev *hdev = hcon->hdev;
107 struct sco_conn *conn = hcon->sco_data;
108
109 if (conn)
110 return conn;
111
112 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 if (!conn)
114 return NULL;
115
116 spin_lock_init(&conn->lock);
117
118 hcon->sco_data = conn;
119 conn->hcon = hcon;
120
121 if (hdev->sco_mtu > 0)
122 conn->mtu = hdev->sco_mtu;
123 else
124 conn->mtu = 60;
125
126 BT_DBG("hcon %p conn %p", hcon, conn);
127
128 return conn;
129}
130
131/* Delete channel.
132 * Must be called on the locked socket. */
133static void sco_chan_del(struct sock *sk, int err)
134{
135 struct sco_conn *conn;
136
137 conn = sco_pi(sk)->conn;
138
139 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140
141 if (conn) {
142 sco_conn_lock(conn);
143 conn->sk = NULL;
144 sco_pi(sk)->conn = NULL;
145 sco_conn_unlock(conn);
146
147 if (conn->hcon)
148 hci_conn_drop(conn->hcon);
149 }
150
151 sk->sk_state = BT_CLOSED;
152 sk->sk_err = err;
153 sk->sk_state_change(sk);
154
155 sock_set_flag(sk, SOCK_ZAPPED);
156}
157
158static void sco_conn_del(struct hci_conn *hcon, int err)
159{
160 struct sco_conn *conn = hcon->sco_data;
161 struct sock *sk;
162
163 if (!conn)
164 return;
165
166 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167
168 /* Kill socket */
169 sco_conn_lock(conn);
170 sk = conn->sk;
171 sco_conn_unlock(conn);
172
173 if (sk) {
174 sock_hold(sk);
175 bh_lock_sock(sk);
176 sco_sock_clear_timer(sk);
177 sco_chan_del(sk, err);
178 bh_unlock_sock(sk);
179 sco_sock_kill(sk);
180 sock_put(sk);
181 }
182
183 hcon->sco_data = NULL;
184 kfree(conn);
185}
186
187static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 struct sock *parent)
189{
190 BT_DBG("conn %p", conn);
191
192 sco_pi(sk)->conn = conn;
193 conn->sk = sk;
194
195 if (parent)
196 bt_accept_enqueue(parent, sk, true);
197}
198
199static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 struct sock *parent)
201{
202 int err = 0;
203
204 sco_conn_lock(conn);
205 if (conn->sk)
206 err = -EBUSY;
207 else
208 __sco_chan_add(conn, sk, parent);
209
210 sco_conn_unlock(conn);
211 return err;
212}
213
214static int sco_connect(struct sock *sk)
215{
216 struct sco_conn *conn;
217 struct hci_conn *hcon;
218 struct hci_dev *hdev;
219 int err, type;
220
221 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222
223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 if (!hdev)
225 return -EHOSTUNREACH;
226
227 hci_dev_lock(hdev);
228
229 if (lmp_esco_capable(hdev) && !disable_esco)
230 type = ESCO_LINK;
231 else
232 type = SCO_LINK;
233
234 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 err = -EOPNOTSUPP;
237 goto done;
238 }
239
240 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 sco_pi(sk)->setting);
242 if (IS_ERR(hcon)) {
243 err = PTR_ERR(hcon);
244 goto done;
245 }
246
247 conn = sco_conn_add(hcon);
248 if (!conn) {
249 hci_conn_drop(hcon);
250 err = -ENOMEM;
251 goto done;
252 }
253
254 /* Update source addr of the socket */
255 bacpy(&sco_pi(sk)->src, &hcon->src);
256
257 err = sco_chan_add(conn, sk, NULL);
258 if (err)
259 goto done;
260
261 if (hcon->state == BT_CONNECTED) {
262 sco_sock_clear_timer(sk);
263 sk->sk_state = BT_CONNECTED;
264 } else {
265 sk->sk_state = BT_CONNECT;
266 sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 }
268
269done:
270 hci_dev_unlock(hdev);
271 hci_dev_put(hdev);
272 return err;
273}
274
275static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276{
277 struct sco_conn *conn = sco_pi(sk)->conn;
278 struct sk_buff *skb;
279 int err;
280
281 /* Check outgoing MTU */
282 if (len > conn->mtu)
283 return -EINVAL;
284
285 BT_DBG("sk %p len %d", sk, len);
286
287 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 if (!skb)
289 return err;
290
291 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 kfree_skb(skb);
293 return -EFAULT;
294 }
295
296 hci_send_sco(conn->hcon, skb);
297
298 return len;
299}
300
301static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302{
303 struct sock *sk;
304
305 sco_conn_lock(conn);
306 sk = conn->sk;
307 sco_conn_unlock(conn);
308
309 if (!sk)
310 goto drop;
311
312 BT_DBG("sk %p len %d", sk, skb->len);
313
314 if (sk->sk_state != BT_CONNECTED)
315 goto drop;
316
317 if (!sock_queue_rcv_skb(sk, skb))
318 return;
319
320drop:
321 kfree_skb(skb);
322}
323
324/* -------- Socket interface ---------- */
325static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326{
327 struct sock *sk;
328
329 sk_for_each(sk, &sco_sk_list.head) {
330 if (sk->sk_state != BT_LISTEN)
331 continue;
332
333 if (!bacmp(&sco_pi(sk)->src, ba))
334 return sk;
335 }
336
337 return NULL;
338}
339
340/* Find socket listening on source bdaddr.
341 * Returns closest match.
342 */
343static struct sock *sco_get_sock_listen(bdaddr_t *src)
344{
345 struct sock *sk = NULL, *sk1 = NULL;
346
347 read_lock(&sco_sk_list.lock);
348
349 sk_for_each(sk, &sco_sk_list.head) {
350 if (sk->sk_state != BT_LISTEN)
351 continue;
352
353 /* Exact match. */
354 if (!bacmp(&sco_pi(sk)->src, src))
355 break;
356
357 /* Closest match */
358 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 sk1 = sk;
360 }
361
362 read_unlock(&sco_sk_list.lock);
363
364 return sk ? sk : sk1;
365}
366
367static void sco_sock_destruct(struct sock *sk)
368{
369 BT_DBG("sk %p", sk);
370
371 skb_queue_purge(&sk->sk_receive_queue);
372 skb_queue_purge(&sk->sk_write_queue);
373}
374
375static void sco_sock_cleanup_listen(struct sock *parent)
376{
377 struct sock *sk;
378
379 BT_DBG("parent %p", parent);
380
381 /* Close not yet accepted channels */
382 while ((sk = bt_accept_dequeue(parent, NULL))) {
383 sco_sock_close(sk);
384 sco_sock_kill(sk);
385 }
386
387 parent->sk_state = BT_CLOSED;
388 sock_set_flag(parent, SOCK_ZAPPED);
389}
390
391/* Kill socket (only if zapped and orphan)
392 * Must be called on unlocked socket.
393 */
394static void sco_sock_kill(struct sock *sk)
395{
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
397 sock_flag(sk, SOCK_DEAD))
398 return;
399
400 BT_DBG("sk %p state %d", sk, sk->sk_state);
401
402 /* Kill poor orphan */
403 bt_sock_unlink(&sco_sk_list, sk);
404 sock_set_flag(sk, SOCK_DEAD);
405 sock_put(sk);
406}
407
408static void __sco_sock_close(struct sock *sk)
409{
410 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
411
412 switch (sk->sk_state) {
413 case BT_LISTEN:
414 sco_sock_cleanup_listen(sk);
415 break;
416
417 case BT_CONNECTED:
418 case BT_CONFIG:
419 if (sco_pi(sk)->conn->hcon) {
420 sk->sk_state = BT_DISCONN;
421 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
422 sco_conn_lock(sco_pi(sk)->conn);
423 hci_conn_drop(sco_pi(sk)->conn->hcon);
424 sco_pi(sk)->conn->hcon = NULL;
425 sco_conn_unlock(sco_pi(sk)->conn);
426 } else
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 case BT_CONNECT2:
431 case BT_CONNECT:
432 case BT_DISCONN:
433 sco_chan_del(sk, ECONNRESET);
434 break;
435
436 default:
437 sock_set_flag(sk, SOCK_ZAPPED);
438 break;
439 }
440}
441
442/* Must be called on unlocked socket. */
443static void sco_sock_close(struct sock *sk)
444{
445 sco_sock_clear_timer(sk);
446 lock_sock(sk);
447 __sco_sock_close(sk);
448 release_sock(sk);
449 sco_sock_kill(sk);
450}
451
452static void sco_sock_init(struct sock *sk, struct sock *parent)
453{
454 BT_DBG("sk %p", sk);
455
456 if (parent) {
457 sk->sk_type = parent->sk_type;
458 bt_sk(sk)->flags = bt_sk(parent)->flags;
459 security_sk_clone(parent, sk);
460 }
461}
462
463static struct proto sco_proto = {
464 .name = "SCO",
465 .owner = THIS_MODULE,
466 .obj_size = sizeof(struct sco_pinfo)
467};
468
469static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
470 int proto, gfp_t prio, int kern)
471{
472 struct sock *sk;
473
474 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
475 if (!sk)
476 return NULL;
477
478 sock_init_data(sock, sk);
479 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
480
481 sk->sk_destruct = sco_sock_destruct;
482 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
483
484 sock_reset_flag(sk, SOCK_ZAPPED);
485
486 sk->sk_protocol = proto;
487 sk->sk_state = BT_OPEN;
488
489 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
490
491 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
492
493 bt_sock_link(&sco_sk_list, sk);
494 return sk;
495}
496
497static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
498 int kern)
499{
500 struct sock *sk;
501
502 BT_DBG("sock %p", sock);
503
504 sock->state = SS_UNCONNECTED;
505
506 if (sock->type != SOCK_SEQPACKET)
507 return -ESOCKTNOSUPPORT;
508
509 sock->ops = &sco_sock_ops;
510
511 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
512 if (!sk)
513 return -ENOMEM;
514
515 sco_sock_init(sk, NULL);
516 return 0;
517}
518
519static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
520 int addr_len)
521{
522 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
523 struct sock *sk = sock->sk;
524 int err = 0;
525
526 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
527 addr->sa_family != AF_BLUETOOTH)
528 return -EINVAL;
529
530 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573 /* Set destination address and psm */
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags, bool kern)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642 /* Wait for an incoming connection. (wake-one). */
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692
693 if (peer)
694 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
695 else
696 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
697
698 return sizeof(struct sockaddr_sco);
699}
700
701static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
702 size_t len)
703{
704 struct sock *sk = sock->sk;
705 int err;
706
707 BT_DBG("sock %p, sk %p", sock, sk);
708
709 err = sock_error(sk);
710 if (err)
711 return err;
712
713 if (msg->msg_flags & MSG_OOB)
714 return -EOPNOTSUPP;
715
716 lock_sock(sk);
717
718 if (sk->sk_state == BT_CONNECTED)
719 err = sco_send_frame(sk, msg, len);
720 else
721 err = -ENOTCONN;
722
723 release_sock(sk);
724 return err;
725}
726
727static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
728{
729 struct hci_dev *hdev = conn->hdev;
730
731 BT_DBG("conn %p", conn);
732
733 conn->state = BT_CONFIG;
734
735 if (!lmp_esco_capable(hdev)) {
736 struct hci_cp_accept_conn_req cp;
737
738 bacpy(&cp.bdaddr, &conn->dst);
739 cp.role = 0x00; /* Ignored */
740
741 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
742 } else {
743 struct hci_cp_accept_sync_conn_req cp;
744
745 bacpy(&cp.bdaddr, &conn->dst);
746 cp.pkt_type = cpu_to_le16(conn->pkt_type);
747
748 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
749 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.content_format = cpu_to_le16(setting);
751
752 switch (setting & SCO_AIRMODE_MASK) {
753 case SCO_AIRMODE_TRANSP:
754 if (conn->pkt_type & ESCO_2EV3)
755 cp.max_latency = cpu_to_le16(0x0008);
756 else
757 cp.max_latency = cpu_to_le16(0x000D);
758 cp.retrans_effort = 0x02;
759 break;
760 case SCO_AIRMODE_CVSD:
761 cp.max_latency = cpu_to_le16(0xffff);
762 cp.retrans_effort = 0xff;
763 break;
764 }
765
766 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
767 sizeof(cp), &cp);
768 }
769}
770
771static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
772 size_t len, int flags)
773{
774 struct sock *sk = sock->sk;
775 struct sco_pinfo *pi = sco_pi(sk);
776
777 lock_sock(sk);
778
779 if (sk->sk_state == BT_CONNECT2 &&
780 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
781 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
782 sk->sk_state = BT_CONFIG;
783
784 release_sock(sk);
785 return 0;
786 }
787
788 release_sock(sk);
789
790 return bt_sock_recvmsg(sock, msg, len, flags);
791}
792
793static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
794 char __user *optval, unsigned int optlen)
795{
796 struct sock *sk = sock->sk;
797 int len, err = 0;
798 struct bt_voice voice;
799 u32 opt;
800
801 BT_DBG("sk %p", sk);
802
803 lock_sock(sk);
804
805 switch (optname) {
806
807 case BT_DEFER_SETUP:
808 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
809 err = -EINVAL;
810 break;
811 }
812
813 if (get_user(opt, (u32 __user *) optval)) {
814 err = -EFAULT;
815 break;
816 }
817
818 if (opt)
819 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
820 else
821 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 break;
823
824 case BT_VOICE:
825 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
826 sk->sk_state != BT_CONNECT2) {
827 err = -EINVAL;
828 break;
829 }
830
831 voice.setting = sco_pi(sk)->setting;
832
833 len = min_t(unsigned int, sizeof(voice), optlen);
834 if (copy_from_user((char *)&voice, optval, len)) {
835 err = -EFAULT;
836 break;
837 }
838
839 /* Explicitly check for these values */
840 if (voice.setting != BT_VOICE_TRANSPARENT &&
841 voice.setting != BT_VOICE_CVSD_16BIT) {
842 err = -EINVAL;
843 break;
844 }
845
846 sco_pi(sk)->setting = voice.setting;
847 break;
848
849 default:
850 err = -ENOPROTOOPT;
851 break;
852 }
853
854 release_sock(sk);
855 return err;
856}
857
858static int sco_sock_getsockopt_old(struct socket *sock, int optname,
859 char __user *optval, int __user *optlen)
860{
861 struct sock *sk = sock->sk;
862 struct sco_options opts;
863 struct sco_conninfo cinfo;
864 int len, err = 0;
865
866 BT_DBG("sk %p", sk);
867
868 if (get_user(len, optlen))
869 return -EFAULT;
870
871 lock_sock(sk);
872
873 switch (optname) {
874 case SCO_OPTIONS:
875 if (sk->sk_state != BT_CONNECTED &&
876 !(sk->sk_state == BT_CONNECT2 &&
877 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
878 err = -ENOTCONN;
879 break;
880 }
881
882 opts.mtu = sco_pi(sk)->conn->mtu;
883
884 BT_DBG("mtu %d", opts.mtu);
885
886 len = min_t(unsigned int, len, sizeof(opts));
887 if (copy_to_user(optval, (char *)&opts, len))
888 err = -EFAULT;
889
890 break;
891
892 case SCO_CONNINFO:
893 if (sk->sk_state != BT_CONNECTED &&
894 !(sk->sk_state == BT_CONNECT2 &&
895 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
896 err = -ENOTCONN;
897 break;
898 }
899
900 memset(&cinfo, 0, sizeof(cinfo));
901 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
902 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
903
904 len = min_t(unsigned int, len, sizeof(cinfo));
905 if (copy_to_user(optval, (char *)&cinfo, len))
906 err = -EFAULT;
907
908 break;
909
910 default:
911 err = -ENOPROTOOPT;
912 break;
913 }
914
915 release_sock(sk);
916 return err;
917}
918
919static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
920 char __user *optval, int __user *optlen)
921{
922 struct sock *sk = sock->sk;
923 int len, err = 0;
924 struct bt_voice voice;
925
926 BT_DBG("sk %p", sk);
927
928 if (level == SOL_SCO)
929 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
930
931 if (get_user(len, optlen))
932 return -EFAULT;
933
934 lock_sock(sk);
935
936 switch (optname) {
937
938 case BT_DEFER_SETUP:
939 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
940 err = -EINVAL;
941 break;
942 }
943
944 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
945 (u32 __user *)optval))
946 err = -EFAULT;
947
948 break;
949
950 case BT_VOICE:
951 voice.setting = sco_pi(sk)->setting;
952
953 len = min_t(unsigned int, len, sizeof(voice));
954 if (copy_to_user(optval, (char *)&voice, len))
955 err = -EFAULT;
956
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 release_sock(sk);
965 return err;
966}
967
968static int sco_sock_shutdown(struct socket *sock, int how)
969{
970 struct sock *sk = sock->sk;
971 int err = 0;
972
973 BT_DBG("sock %p, sk %p", sock, sk);
974
975 if (!sk)
976 return 0;
977
978 sock_hold(sk);
979 lock_sock(sk);
980
981 if (!sk->sk_shutdown) {
982 sk->sk_shutdown = SHUTDOWN_MASK;
983 sco_sock_clear_timer(sk);
984 __sco_sock_close(sk);
985
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
987 !(current->flags & PF_EXITING))
988 err = bt_sock_wait_state(sk, BT_CLOSED,
989 sk->sk_lingertime);
990 }
991
992 release_sock(sk);
993 sock_put(sk);
994
995 return err;
996}
997
998static int sco_sock_release(struct socket *sock)
999{
1000 struct sock *sk = sock->sk;
1001 int err = 0;
1002
1003 BT_DBG("sock %p, sk %p", sock, sk);
1004
1005 if (!sk)
1006 return 0;
1007
1008 sco_sock_close(sk);
1009
1010 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1011 !(current->flags & PF_EXITING)) {
1012 lock_sock(sk);
1013 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1014 release_sock(sk);
1015 }
1016
1017 sock_orphan(sk);
1018 sco_sock_kill(sk);
1019 return err;
1020}
1021
1022static void sco_conn_ready(struct sco_conn *conn)
1023{
1024 struct sock *parent;
1025 struct sock *sk = conn->sk;
1026
1027 BT_DBG("conn %p", conn);
1028
1029 if (sk) {
1030 sco_sock_clear_timer(sk);
1031 bh_lock_sock(sk);
1032 sk->sk_state = BT_CONNECTED;
1033 sk->sk_state_change(sk);
1034 bh_unlock_sock(sk);
1035 } else {
1036 sco_conn_lock(conn);
1037
1038 if (!conn->hcon) {
1039 sco_conn_unlock(conn);
1040 return;
1041 }
1042
1043 parent = sco_get_sock_listen(&conn->hcon->src);
1044 if (!parent) {
1045 sco_conn_unlock(conn);
1046 return;
1047 }
1048
1049 bh_lock_sock(parent);
1050
1051 sk = sco_sock_alloc(sock_net(parent), NULL,
1052 BTPROTO_SCO, GFP_ATOMIC, 0);
1053 if (!sk) {
1054 bh_unlock_sock(parent);
1055 sco_conn_unlock(conn);
1056 return;
1057 }
1058
1059 sco_sock_init(sk, parent);
1060
1061 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1062 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1063
1064 hci_conn_hold(conn->hcon);
1065 __sco_chan_add(conn, sk, parent);
1066
1067 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1068 sk->sk_state = BT_CONNECT2;
1069 else
1070 sk->sk_state = BT_CONNECTED;
1071
1072 /* Wake up parent */
1073 parent->sk_data_ready(parent);
1074
1075 bh_unlock_sock(parent);
1076
1077 sco_conn_unlock(conn);
1078 }
1079}
1080
1081/* ----- SCO interface with lower layer (HCI) ----- */
1082int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1083{
1084 struct sock *sk;
1085 int lm = 0;
1086
1087 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1088
1089 /* Find listening sockets */
1090 read_lock(&sco_sk_list.lock);
1091 sk_for_each(sk, &sco_sk_list.head) {
1092 if (sk->sk_state != BT_LISTEN)
1093 continue;
1094
1095 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1096 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1097 lm |= HCI_LM_ACCEPT;
1098
1099 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1100 *flags |= HCI_PROTO_DEFER;
1101 break;
1102 }
1103 }
1104 read_unlock(&sco_sk_list.lock);
1105
1106 return lm;
1107}
1108
1109static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1110{
1111 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1112 return;
1113
1114 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1115
1116 if (!status) {
1117 struct sco_conn *conn;
1118
1119 conn = sco_conn_add(hcon);
1120 if (conn)
1121 sco_conn_ready(conn);
1122 } else
1123 sco_conn_del(hcon, bt_to_errno(status));
1124}
1125
1126static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1127{
1128 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1129 return;
1130
1131 BT_DBG("hcon %p reason %d", hcon, reason);
1132
1133 sco_conn_del(hcon, bt_to_errno(reason));
1134}
1135
1136void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1137{
1138 struct sco_conn *conn = hcon->sco_data;
1139
1140 if (!conn)
1141 goto drop;
1142
1143 BT_DBG("conn %p len %d", conn, skb->len);
1144
1145 if (skb->len) {
1146 sco_recv_frame(conn, skb);
1147 return;
1148 }
1149
1150drop:
1151 kfree_skb(skb);
1152}
1153
1154static struct hci_cb sco_cb = {
1155 .name = "SCO",
1156 .connect_cfm = sco_connect_cfm,
1157 .disconn_cfm = sco_disconn_cfm,
1158};
1159
1160static int sco_debugfs_show(struct seq_file *f, void *p)
1161{
1162 struct sock *sk;
1163
1164 read_lock(&sco_sk_list.lock);
1165
1166 sk_for_each(sk, &sco_sk_list.head) {
1167 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1168 &sco_pi(sk)->dst, sk->sk_state);
1169 }
1170
1171 read_unlock(&sco_sk_list.lock);
1172
1173 return 0;
1174}
1175
1176DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1177
1178static struct dentry *sco_debugfs;
1179
1180static const struct proto_ops sco_sock_ops = {
1181 .family = PF_BLUETOOTH,
1182 .owner = THIS_MODULE,
1183 .release = sco_sock_release,
1184 .bind = sco_sock_bind,
1185 .connect = sco_sock_connect,
1186 .listen = sco_sock_listen,
1187 .accept = sco_sock_accept,
1188 .getname = sco_sock_getname,
1189 .sendmsg = sco_sock_sendmsg,
1190 .recvmsg = sco_sock_recvmsg,
1191 .poll = bt_sock_poll,
1192 .ioctl = bt_sock_ioctl,
1193 .gettstamp = sock_gettstamp,
1194 .mmap = sock_no_mmap,
1195 .socketpair = sock_no_socketpair,
1196 .shutdown = sco_sock_shutdown,
1197 .setsockopt = sco_sock_setsockopt,
1198 .getsockopt = sco_sock_getsockopt
1199};
1200
1201static const struct net_proto_family sco_sock_family_ops = {
1202 .family = PF_BLUETOOTH,
1203 .owner = THIS_MODULE,
1204 .create = sco_sock_create,
1205};
1206
1207int __init sco_init(void)
1208{
1209 int err;
1210
1211 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1212
1213 err = proto_register(&sco_proto, 0);
1214 if (err < 0)
1215 return err;
1216
1217 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1218 if (err < 0) {
1219 BT_ERR("SCO socket registration failed");
1220 goto error;
1221 }
1222
1223 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1224 if (err < 0) {
1225 BT_ERR("Failed to create SCO proc file");
1226 bt_sock_unregister(BTPROTO_SCO);
1227 goto error;
1228 }
1229
1230 BT_INFO("SCO socket layer initialized");
1231
1232 hci_register_cb(&sco_cb);
1233
1234 if (IS_ERR_OR_NULL(bt_debugfs))
1235 return 0;
1236
1237 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1238 NULL, &sco_debugfs_fops);
1239
1240 return 0;
1241
1242error:
1243 proto_unregister(&sco_proto);
1244 return err;
1245}
1246
1247void sco_exit(void)
1248{
1249 bt_procfs_cleanup(&init_net, "sco");
1250
1251 debugfs_remove(sco_debugfs);
1252
1253 hci_unregister_cb(&sco_cb);
1254
1255 bt_sock_unregister(BTPROTO_SCO);
1256
1257 proto_unregister(&sco_proto);
1258}
1259
1260module_param(disable_esco, bool, 0644);
1261MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
32#include <linux/sched.h>
33#include <linux/slab.h>
34#include <linux/poll.h>
35#include <linux/fcntl.h>
36#include <linux/init.h>
37#include <linux/interrupt.h>
38#include <linux/socket.h>
39#include <linux/skbuff.h>
40#include <linux/device.h>
41#include <linux/debugfs.h>
42#include <linux/seq_file.h>
43#include <linux/list.h>
44#include <linux/security.h>
45#include <net/sock.h>
46
47#include <asm/system.h>
48#include <linux/uaccess.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/sco.h>
53
54static int disable_esco;
55
56static const struct proto_ops sco_sock_ops;
57
58static struct bt_sock_list sco_sk_list = {
59 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
60};
61
62static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
63static void sco_chan_del(struct sock *sk, int err);
64
65static int sco_conn_del(struct hci_conn *conn, int err);
66
67static void sco_sock_close(struct sock *sk);
68static void sco_sock_kill(struct sock *sk);
69
70/* ---- SCO timers ---- */
71static void sco_sock_timeout(unsigned long arg)
72{
73 struct sock *sk = (struct sock *) arg;
74
75 BT_DBG("sock %p state %d", sk, sk->sk_state);
76
77 bh_lock_sock(sk);
78 sk->sk_err = ETIMEDOUT;
79 sk->sk_state_change(sk);
80 bh_unlock_sock(sk);
81
82 sco_sock_kill(sk);
83 sock_put(sk);
84}
85
86static void sco_sock_set_timer(struct sock *sk, long timeout)
87{
88 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
89 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
90}
91
92static void sco_sock_clear_timer(struct sock *sk)
93{
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95 sk_stop_timer(sk, &sk->sk_timer);
96}
97
98/* ---- SCO connections ---- */
99static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status)
100{
101 struct hci_dev *hdev = hcon->hdev;
102 struct sco_conn *conn = hcon->sco_data;
103
104 if (conn || status)
105 return conn;
106
107 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC);
108 if (!conn)
109 return NULL;
110
111 spin_lock_init(&conn->lock);
112
113 hcon->sco_data = conn;
114 conn->hcon = hcon;
115
116 conn->src = &hdev->bdaddr;
117 conn->dst = &hcon->dst;
118
119 if (hdev->sco_mtu > 0)
120 conn->mtu = hdev->sco_mtu;
121 else
122 conn->mtu = 60;
123
124 BT_DBG("hcon %p conn %p", hcon, conn);
125
126 return conn;
127}
128
129static inline struct sock *sco_chan_get(struct sco_conn *conn)
130{
131 struct sock *sk = NULL;
132 sco_conn_lock(conn);
133 sk = conn->sk;
134 sco_conn_unlock(conn);
135 return sk;
136}
137
138static int sco_conn_del(struct hci_conn *hcon, int err)
139{
140 struct sco_conn *conn = hcon->sco_data;
141 struct sock *sk;
142
143 if (!conn)
144 return 0;
145
146 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
147
148 /* Kill socket */
149 sk = sco_chan_get(conn);
150 if (sk) {
151 bh_lock_sock(sk);
152 sco_sock_clear_timer(sk);
153 sco_chan_del(sk, err);
154 bh_unlock_sock(sk);
155 sco_sock_kill(sk);
156 }
157
158 hcon->sco_data = NULL;
159 kfree(conn);
160 return 0;
161}
162
163static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
164{
165 int err = 0;
166
167 sco_conn_lock(conn);
168 if (conn->sk)
169 err = -EBUSY;
170 else
171 __sco_chan_add(conn, sk, parent);
172
173 sco_conn_unlock(conn);
174 return err;
175}
176
177static int sco_connect(struct sock *sk)
178{
179 bdaddr_t *src = &bt_sk(sk)->src;
180 bdaddr_t *dst = &bt_sk(sk)->dst;
181 struct sco_conn *conn;
182 struct hci_conn *hcon;
183 struct hci_dev *hdev;
184 int err, type;
185
186 BT_DBG("%s -> %s", batostr(src), batostr(dst));
187
188 hdev = hci_get_route(dst, src);
189 if (!hdev)
190 return -EHOSTUNREACH;
191
192 hci_dev_lock_bh(hdev);
193
194 if (lmp_esco_capable(hdev) && !disable_esco)
195 type = ESCO_LINK;
196 else
197 type = SCO_LINK;
198
199 hcon = hci_connect(hdev, type, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
200 if (IS_ERR(hcon)) {
201 err = PTR_ERR(hcon);
202 goto done;
203 }
204
205 conn = sco_conn_add(hcon, 0);
206 if (!conn) {
207 hci_conn_put(hcon);
208 err = -ENOMEM;
209 goto done;
210 }
211
212 /* Update source addr of the socket */
213 bacpy(src, conn->src);
214
215 err = sco_chan_add(conn, sk, NULL);
216 if (err)
217 goto done;
218
219 if (hcon->state == BT_CONNECTED) {
220 sco_sock_clear_timer(sk);
221 sk->sk_state = BT_CONNECTED;
222 } else {
223 sk->sk_state = BT_CONNECT;
224 sco_sock_set_timer(sk, sk->sk_sndtimeo);
225 }
226
227done:
228 hci_dev_unlock_bh(hdev);
229 hci_dev_put(hdev);
230 return err;
231}
232
233static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
234{
235 struct sco_conn *conn = sco_pi(sk)->conn;
236 struct sk_buff *skb;
237 int err, count;
238
239 /* Check outgoing MTU */
240 if (len > conn->mtu)
241 return -EINVAL;
242
243 BT_DBG("sk %p len %d", sk, len);
244
245 count = min_t(unsigned int, conn->mtu, len);
246 skb = bt_skb_send_alloc(sk, count,
247 msg->msg_flags & MSG_DONTWAIT, &err);
248 if (!skb)
249 return err;
250
251 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
252 kfree_skb(skb);
253 return -EFAULT;
254 }
255
256 hci_send_sco(conn->hcon, skb);
257
258 return count;
259}
260
261static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
262{
263 struct sock *sk = sco_chan_get(conn);
264
265 if (!sk)
266 goto drop;
267
268 BT_DBG("sk %p len %d", sk, skb->len);
269
270 if (sk->sk_state != BT_CONNECTED)
271 goto drop;
272
273 if (!sock_queue_rcv_skb(sk, skb))
274 return;
275
276drop:
277 kfree_skb(skb);
278}
279
280/* -------- Socket interface ---------- */
281static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba)
282{
283 struct sock *sk;
284 struct hlist_node *node;
285
286 sk_for_each(sk, node, &sco_sk_list.head)
287 if (!bacmp(&bt_sk(sk)->src, ba))
288 goto found;
289 sk = NULL;
290found:
291 return sk;
292}
293
294/* Find socket listening on source bdaddr.
295 * Returns closest match.
296 */
297static struct sock *sco_get_sock_listen(bdaddr_t *src)
298{
299 struct sock *sk = NULL, *sk1 = NULL;
300 struct hlist_node *node;
301
302 read_lock(&sco_sk_list.lock);
303
304 sk_for_each(sk, node, &sco_sk_list.head) {
305 if (sk->sk_state != BT_LISTEN)
306 continue;
307
308 /* Exact match. */
309 if (!bacmp(&bt_sk(sk)->src, src))
310 break;
311
312 /* Closest match */
313 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
314 sk1 = sk;
315 }
316
317 read_unlock(&sco_sk_list.lock);
318
319 return node ? sk : sk1;
320}
321
322static void sco_sock_destruct(struct sock *sk)
323{
324 BT_DBG("sk %p", sk);
325
326 skb_queue_purge(&sk->sk_receive_queue);
327 skb_queue_purge(&sk->sk_write_queue);
328}
329
330static void sco_sock_cleanup_listen(struct sock *parent)
331{
332 struct sock *sk;
333
334 BT_DBG("parent %p", parent);
335
336 /* Close not yet accepted channels */
337 while ((sk = bt_accept_dequeue(parent, NULL))) {
338 sco_sock_close(sk);
339 sco_sock_kill(sk);
340 }
341
342 parent->sk_state = BT_CLOSED;
343 sock_set_flag(parent, SOCK_ZAPPED);
344}
345
346/* Kill socket (only if zapped and orphan)
347 * Must be called on unlocked socket.
348 */
349static void sco_sock_kill(struct sock *sk)
350{
351 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
352 return;
353
354 BT_DBG("sk %p state %d", sk, sk->sk_state);
355
356 /* Kill poor orphan */
357 bt_sock_unlink(&sco_sk_list, sk);
358 sock_set_flag(sk, SOCK_DEAD);
359 sock_put(sk);
360}
361
362static void __sco_sock_close(struct sock *sk)
363{
364 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
365
366 switch (sk->sk_state) {
367 case BT_LISTEN:
368 sco_sock_cleanup_listen(sk);
369 break;
370
371 case BT_CONNECTED:
372 case BT_CONFIG:
373 if (sco_pi(sk)->conn) {
374 sk->sk_state = BT_DISCONN;
375 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
376 hci_conn_put(sco_pi(sk)->conn->hcon);
377 sco_pi(sk)->conn->hcon = NULL;
378 } else
379 sco_chan_del(sk, ECONNRESET);
380 break;
381
382 case BT_CONNECT:
383 case BT_DISCONN:
384 sco_chan_del(sk, ECONNRESET);
385 break;
386
387 default:
388 sock_set_flag(sk, SOCK_ZAPPED);
389 break;
390 }
391}
392
393/* Must be called on unlocked socket. */
394static void sco_sock_close(struct sock *sk)
395{
396 sco_sock_clear_timer(sk);
397 lock_sock(sk);
398 __sco_sock_close(sk);
399 release_sock(sk);
400 sco_sock_kill(sk);
401}
402
403static void sco_sock_init(struct sock *sk, struct sock *parent)
404{
405 BT_DBG("sk %p", sk);
406
407 if (parent) {
408 sk->sk_type = parent->sk_type;
409 security_sk_clone(parent, sk);
410 }
411}
412
413static struct proto sco_proto = {
414 .name = "SCO",
415 .owner = THIS_MODULE,
416 .obj_size = sizeof(struct sco_pinfo)
417};
418
419static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
420{
421 struct sock *sk;
422
423 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
424 if (!sk)
425 return NULL;
426
427 sock_init_data(sock, sk);
428 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
429
430 sk->sk_destruct = sco_sock_destruct;
431 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
432
433 sock_reset_flag(sk, SOCK_ZAPPED);
434
435 sk->sk_protocol = proto;
436 sk->sk_state = BT_OPEN;
437
438 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
439
440 bt_sock_link(&sco_sk_list, sk);
441 return sk;
442}
443
444static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
445 int kern)
446{
447 struct sock *sk;
448
449 BT_DBG("sock %p", sock);
450
451 sock->state = SS_UNCONNECTED;
452
453 if (sock->type != SOCK_SEQPACKET)
454 return -ESOCKTNOSUPPORT;
455
456 sock->ops = &sco_sock_ops;
457
458 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
459 if (!sk)
460 return -ENOMEM;
461
462 sco_sock_init(sk, NULL);
463 return 0;
464}
465
466static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
467{
468 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
469 struct sock *sk = sock->sk;
470 bdaddr_t *src = &sa->sco_bdaddr;
471 int err = 0;
472
473 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr));
474
475 if (!addr || addr->sa_family != AF_BLUETOOTH)
476 return -EINVAL;
477
478 lock_sock(sk);
479
480 if (sk->sk_state != BT_OPEN) {
481 err = -EBADFD;
482 goto done;
483 }
484
485 write_lock_bh(&sco_sk_list.lock);
486
487 if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) {
488 err = -EADDRINUSE;
489 } else {
490 /* Save source address */
491 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr);
492 sk->sk_state = BT_BOUND;
493 }
494
495 write_unlock_bh(&sco_sk_list.lock);
496
497done:
498 release_sock(sk);
499 return err;
500}
501
502static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
503{
504 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
505 struct sock *sk = sock->sk;
506 int err = 0;
507
508
509 BT_DBG("sk %p", sk);
510
511 if (alen < sizeof(struct sockaddr_sco) ||
512 addr->sa_family != AF_BLUETOOTH)
513 return -EINVAL;
514
515 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
516 return -EBADFD;
517
518 if (sk->sk_type != SOCK_SEQPACKET)
519 return -EINVAL;
520
521 lock_sock(sk);
522
523 /* Set destination address and psm */
524 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr);
525
526 err = sco_connect(sk);
527 if (err)
528 goto done;
529
530 err = bt_sock_wait_state(sk, BT_CONNECTED,
531 sock_sndtimeo(sk, flags & O_NONBLOCK));
532
533done:
534 release_sock(sk);
535 return err;
536}
537
538static int sco_sock_listen(struct socket *sock, int backlog)
539{
540 struct sock *sk = sock->sk;
541 int err = 0;
542
543 BT_DBG("sk %p backlog %d", sk, backlog);
544
545 lock_sock(sk);
546
547 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
548 err = -EBADFD;
549 goto done;
550 }
551
552 sk->sk_max_ack_backlog = backlog;
553 sk->sk_ack_backlog = 0;
554 sk->sk_state = BT_LISTEN;
555
556done:
557 release_sock(sk);
558 return err;
559}
560
561static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
562{
563 DECLARE_WAITQUEUE(wait, current);
564 struct sock *sk = sock->sk, *ch;
565 long timeo;
566 int err = 0;
567
568 lock_sock(sk);
569
570 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
571
572 BT_DBG("sk %p timeo %ld", sk, timeo);
573
574 /* Wait for an incoming connection. (wake-one). */
575 add_wait_queue_exclusive(sk_sleep(sk), &wait);
576 while (1) {
577 set_current_state(TASK_INTERRUPTIBLE);
578
579 if (sk->sk_state != BT_LISTEN) {
580 err = -EBADFD;
581 break;
582 }
583
584 ch = bt_accept_dequeue(sk, newsock);
585 if (ch)
586 break;
587
588 if (!timeo) {
589 err = -EAGAIN;
590 break;
591 }
592
593 if (signal_pending(current)) {
594 err = sock_intr_errno(timeo);
595 break;
596 }
597
598 release_sock(sk);
599 timeo = schedule_timeout(timeo);
600 lock_sock(sk);
601 }
602 __set_current_state(TASK_RUNNING);
603 remove_wait_queue(sk_sleep(sk), &wait);
604
605 if (err)
606 goto done;
607
608 newsock->state = SS_CONNECTED;
609
610 BT_DBG("new socket %p", ch);
611
612done:
613 release_sock(sk);
614 return err;
615}
616
617static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
618{
619 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
620 struct sock *sk = sock->sk;
621
622 BT_DBG("sock %p, sk %p", sock, sk);
623
624 addr->sa_family = AF_BLUETOOTH;
625 *len = sizeof(struct sockaddr_sco);
626
627 if (peer)
628 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst);
629 else
630 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src);
631
632 return 0;
633}
634
635static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
636 struct msghdr *msg, size_t len)
637{
638 struct sock *sk = sock->sk;
639 int err;
640
641 BT_DBG("sock %p, sk %p", sock, sk);
642
643 err = sock_error(sk);
644 if (err)
645 return err;
646
647 if (msg->msg_flags & MSG_OOB)
648 return -EOPNOTSUPP;
649
650 lock_sock(sk);
651
652 if (sk->sk_state == BT_CONNECTED)
653 err = sco_send_frame(sk, msg, len);
654 else
655 err = -ENOTCONN;
656
657 release_sock(sk);
658 return err;
659}
660
661static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
662{
663 struct sock *sk = sock->sk;
664 int err = 0;
665
666 BT_DBG("sk %p", sk);
667
668 lock_sock(sk);
669
670 switch (optname) {
671 default:
672 err = -ENOPROTOOPT;
673 break;
674 }
675
676 release_sock(sk);
677 return err;
678}
679
680static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
681{
682 struct sock *sk = sock->sk;
683 struct sco_options opts;
684 struct sco_conninfo cinfo;
685 int len, err = 0;
686
687 BT_DBG("sk %p", sk);
688
689 if (get_user(len, optlen))
690 return -EFAULT;
691
692 lock_sock(sk);
693
694 switch (optname) {
695 case SCO_OPTIONS:
696 if (sk->sk_state != BT_CONNECTED) {
697 err = -ENOTCONN;
698 break;
699 }
700
701 opts.mtu = sco_pi(sk)->conn->mtu;
702
703 BT_DBG("mtu %d", opts.mtu);
704
705 len = min_t(unsigned int, len, sizeof(opts));
706 if (copy_to_user(optval, (char *)&opts, len))
707 err = -EFAULT;
708
709 break;
710
711 case SCO_CONNINFO:
712 if (sk->sk_state != BT_CONNECTED) {
713 err = -ENOTCONN;
714 break;
715 }
716
717 memset(&cinfo, 0, sizeof(cinfo));
718 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
719 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
720
721 len = min_t(unsigned int, len, sizeof(cinfo));
722 if (copy_to_user(optval, (char *)&cinfo, len))
723 err = -EFAULT;
724
725 break;
726
727 default:
728 err = -ENOPROTOOPT;
729 break;
730 }
731
732 release_sock(sk);
733 return err;
734}
735
736static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
737{
738 struct sock *sk = sock->sk;
739 int len, err = 0;
740
741 BT_DBG("sk %p", sk);
742
743 if (level == SOL_SCO)
744 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
745
746 if (get_user(len, optlen))
747 return -EFAULT;
748
749 lock_sock(sk);
750
751 switch (optname) {
752 default:
753 err = -ENOPROTOOPT;
754 break;
755 }
756
757 release_sock(sk);
758 return err;
759}
760
761static int sco_sock_shutdown(struct socket *sock, int how)
762{
763 struct sock *sk = sock->sk;
764 int err = 0;
765
766 BT_DBG("sock %p, sk %p", sock, sk);
767
768 if (!sk)
769 return 0;
770
771 lock_sock(sk);
772 if (!sk->sk_shutdown) {
773 sk->sk_shutdown = SHUTDOWN_MASK;
774 sco_sock_clear_timer(sk);
775 __sco_sock_close(sk);
776
777 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
778 err = bt_sock_wait_state(sk, BT_CLOSED,
779 sk->sk_lingertime);
780 }
781 release_sock(sk);
782 return err;
783}
784
785static int sco_sock_release(struct socket *sock)
786{
787 struct sock *sk = sock->sk;
788 int err = 0;
789
790 BT_DBG("sock %p, sk %p", sock, sk);
791
792 if (!sk)
793 return 0;
794
795 sco_sock_close(sk);
796
797 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
798 lock_sock(sk);
799 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
800 release_sock(sk);
801 }
802
803 sock_orphan(sk);
804 sco_sock_kill(sk);
805 return err;
806}
807
808static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
809{
810 BT_DBG("conn %p", conn);
811
812 sco_pi(sk)->conn = conn;
813 conn->sk = sk;
814
815 if (parent)
816 bt_accept_enqueue(parent, sk);
817}
818
819/* Delete channel.
820 * Must be called on the locked socket. */
821static void sco_chan_del(struct sock *sk, int err)
822{
823 struct sco_conn *conn;
824
825 conn = sco_pi(sk)->conn;
826
827 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
828
829 if (conn) {
830 sco_conn_lock(conn);
831 conn->sk = NULL;
832 sco_pi(sk)->conn = NULL;
833 sco_conn_unlock(conn);
834
835 if (conn->hcon)
836 hci_conn_put(conn->hcon);
837 }
838
839 sk->sk_state = BT_CLOSED;
840 sk->sk_err = err;
841 sk->sk_state_change(sk);
842
843 sock_set_flag(sk, SOCK_ZAPPED);
844}
845
846static void sco_conn_ready(struct sco_conn *conn)
847{
848 struct sock *parent;
849 struct sock *sk = conn->sk;
850
851 BT_DBG("conn %p", conn);
852
853 sco_conn_lock(conn);
854
855 if (sk) {
856 sco_sock_clear_timer(sk);
857 bh_lock_sock(sk);
858 sk->sk_state = BT_CONNECTED;
859 sk->sk_state_change(sk);
860 bh_unlock_sock(sk);
861 } else {
862 parent = sco_get_sock_listen(conn->src);
863 if (!parent)
864 goto done;
865
866 bh_lock_sock(parent);
867
868 sk = sco_sock_alloc(sock_net(parent), NULL,
869 BTPROTO_SCO, GFP_ATOMIC);
870 if (!sk) {
871 bh_unlock_sock(parent);
872 goto done;
873 }
874
875 sco_sock_init(sk, parent);
876
877 bacpy(&bt_sk(sk)->src, conn->src);
878 bacpy(&bt_sk(sk)->dst, conn->dst);
879
880 hci_conn_hold(conn->hcon);
881 __sco_chan_add(conn, sk, parent);
882
883 sk->sk_state = BT_CONNECTED;
884
885 /* Wake up parent */
886 parent->sk_data_ready(parent, 1);
887
888 bh_unlock_sock(parent);
889 }
890
891done:
892 sco_conn_unlock(conn);
893}
894
895/* ----- SCO interface with lower layer (HCI) ----- */
896static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
897{
898 register struct sock *sk;
899 struct hlist_node *node;
900 int lm = 0;
901
902 if (type != SCO_LINK && type != ESCO_LINK)
903 return -EINVAL;
904
905 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
906
907 /* Find listening sockets */
908 read_lock(&sco_sk_list.lock);
909 sk_for_each(sk, node, &sco_sk_list.head) {
910 if (sk->sk_state != BT_LISTEN)
911 continue;
912
913 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) ||
914 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
915 lm |= HCI_LM_ACCEPT;
916 break;
917 }
918 }
919 read_unlock(&sco_sk_list.lock);
920
921 return lm;
922}
923
924static int sco_connect_cfm(struct hci_conn *hcon, __u8 status)
925{
926 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
927
928 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
929 return -EINVAL;
930
931 if (!status) {
932 struct sco_conn *conn;
933
934 conn = sco_conn_add(hcon, status);
935 if (conn)
936 sco_conn_ready(conn);
937 } else
938 sco_conn_del(hcon, bt_to_errno(status));
939
940 return 0;
941}
942
943static int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
944{
945 BT_DBG("hcon %p reason %d", hcon, reason);
946
947 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
948 return -EINVAL;
949
950 sco_conn_del(hcon, bt_to_errno(reason));
951
952 return 0;
953}
954
955static int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
956{
957 struct sco_conn *conn = hcon->sco_data;
958
959 if (!conn)
960 goto drop;
961
962 BT_DBG("conn %p len %d", conn, skb->len);
963
964 if (skb->len) {
965 sco_recv_frame(conn, skb);
966 return 0;
967 }
968
969drop:
970 kfree_skb(skb);
971 return 0;
972}
973
974static int sco_debugfs_show(struct seq_file *f, void *p)
975{
976 struct sock *sk;
977 struct hlist_node *node;
978
979 read_lock_bh(&sco_sk_list.lock);
980
981 sk_for_each(sk, node, &sco_sk_list.head) {
982 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src),
983 batostr(&bt_sk(sk)->dst), sk->sk_state);
984 }
985
986 read_unlock_bh(&sco_sk_list.lock);
987
988 return 0;
989}
990
991static int sco_debugfs_open(struct inode *inode, struct file *file)
992{
993 return single_open(file, sco_debugfs_show, inode->i_private);
994}
995
996static const struct file_operations sco_debugfs_fops = {
997 .open = sco_debugfs_open,
998 .read = seq_read,
999 .llseek = seq_lseek,
1000 .release = single_release,
1001};
1002
1003static struct dentry *sco_debugfs;
1004
1005static const struct proto_ops sco_sock_ops = {
1006 .family = PF_BLUETOOTH,
1007 .owner = THIS_MODULE,
1008 .release = sco_sock_release,
1009 .bind = sco_sock_bind,
1010 .connect = sco_sock_connect,
1011 .listen = sco_sock_listen,
1012 .accept = sco_sock_accept,
1013 .getname = sco_sock_getname,
1014 .sendmsg = sco_sock_sendmsg,
1015 .recvmsg = bt_sock_recvmsg,
1016 .poll = bt_sock_poll,
1017 .ioctl = bt_sock_ioctl,
1018 .mmap = sock_no_mmap,
1019 .socketpair = sock_no_socketpair,
1020 .shutdown = sco_sock_shutdown,
1021 .setsockopt = sco_sock_setsockopt,
1022 .getsockopt = sco_sock_getsockopt
1023};
1024
1025static const struct net_proto_family sco_sock_family_ops = {
1026 .family = PF_BLUETOOTH,
1027 .owner = THIS_MODULE,
1028 .create = sco_sock_create,
1029};
1030
1031static struct hci_proto sco_hci_proto = {
1032 .name = "SCO",
1033 .id = HCI_PROTO_SCO,
1034 .connect_ind = sco_connect_ind,
1035 .connect_cfm = sco_connect_cfm,
1036 .disconn_cfm = sco_disconn_cfm,
1037 .recv_scodata = sco_recv_scodata
1038};
1039
1040int __init sco_init(void)
1041{
1042 int err;
1043
1044 err = proto_register(&sco_proto, 0);
1045 if (err < 0)
1046 return err;
1047
1048 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1049 if (err < 0) {
1050 BT_ERR("SCO socket registration failed");
1051 goto error;
1052 }
1053
1054 err = hci_register_proto(&sco_hci_proto);
1055 if (err < 0) {
1056 BT_ERR("SCO protocol registration failed");
1057 bt_sock_unregister(BTPROTO_SCO);
1058 goto error;
1059 }
1060
1061 if (bt_debugfs) {
1062 sco_debugfs = debugfs_create_file("sco", 0444,
1063 bt_debugfs, NULL, &sco_debugfs_fops);
1064 if (!sco_debugfs)
1065 BT_ERR("Failed to create SCO debug file");
1066 }
1067
1068 BT_INFO("SCO socket layer initialized");
1069
1070 return 0;
1071
1072error:
1073 proto_unregister(&sco_proto);
1074 return err;
1075}
1076
1077void __exit sco_exit(void)
1078{
1079 debugfs_remove(sco_debugfs);
1080
1081 if (bt_sock_unregister(BTPROTO_SCO) < 0)
1082 BT_ERR("SCO socket unregistration failed");
1083
1084 if (hci_unregister_proto(&sco_hci_proto) < 0)
1085 BT_ERR("SCO protocol unregistration failed");
1086
1087 proto_unregister(&sco_proto);
1088}
1089
1090module_param(disable_esco, bool, 0644);
1091MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");