Loading...
Note: File does not exist in v5.4.
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 * Copyright 2023-2024 NXP
7 */
8
9#include <linux/module.h>
10#include <linux/debugfs.h>
11#include <linux/seq_file.h>
12#include <linux/sched/signal.h>
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci_core.h>
16#include <net/bluetooth/iso.h>
17#include "eir.h"
18
19static const struct proto_ops iso_sock_ops;
20
21static struct bt_sock_list iso_sk_list = {
22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23};
24
25/* ---- ISO connections ---- */
26struct iso_conn {
27 struct hci_conn *hcon;
28
29 /* @lock: spinlock protecting changes to iso_conn fields */
30 spinlock_t lock;
31 struct sock *sk;
32
33 struct delayed_work timeout_work;
34
35 struct sk_buff *rx_skb;
36 __u32 rx_len;
37 __u16 tx_sn;
38 struct kref ref;
39};
40
41#define iso_conn_lock(c) spin_lock(&(c)->lock)
42#define iso_conn_unlock(c) spin_unlock(&(c)->lock)
43
44static void iso_sock_close(struct sock *sk);
45static void iso_sock_kill(struct sock *sk);
46
47/* ----- ISO socket info ----- */
48#define iso_pi(sk) ((struct iso_pinfo *)sk)
49
50#define EIR_SERVICE_DATA_LENGTH 4
51#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
52#define EIR_BAA_SERVICE_UUID 0x1851
53
54/* iso_pinfo flags values */
55enum {
56 BT_SK_BIG_SYNC,
57 BT_SK_PA_SYNC,
58};
59
60struct iso_pinfo {
61 struct bt_sock bt;
62 bdaddr_t src;
63 __u8 src_type;
64 bdaddr_t dst;
65 __u8 dst_type;
66 __u8 bc_sid;
67 __u8 bc_num_bis;
68 __u8 bc_bis[ISO_MAX_NUM_BIS];
69 __u16 sync_handle;
70 unsigned long flags;
71 struct bt_iso_qos qos;
72 bool qos_user_set;
73 __u8 base_len;
74 __u8 base[BASE_MAX_LENGTH];
75 struct iso_conn *conn;
76};
77
78static struct bt_iso_qos default_qos;
79
80static bool check_ucast_qos(struct bt_iso_qos *qos);
81static bool check_bcast_qos(struct bt_iso_qos *qos);
82static bool iso_match_sid(struct sock *sk, void *data);
83static bool iso_match_sync_handle(struct sock *sk, void *data);
84static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data);
85static void iso_sock_disconn(struct sock *sk);
86
87typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
88
89static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
90 enum bt_sock_state state,
91 iso_sock_match_t match, void *data);
92
93/* ---- ISO timers ---- */
94#define ISO_CONN_TIMEOUT (HZ * 40)
95#define ISO_DISCONN_TIMEOUT (HZ * 2)
96
97static void iso_conn_free(struct kref *ref)
98{
99 struct iso_conn *conn = container_of(ref, struct iso_conn, ref);
100
101 BT_DBG("conn %p", conn);
102
103 if (conn->sk)
104 iso_pi(conn->sk)->conn = NULL;
105
106 if (conn->hcon) {
107 conn->hcon->iso_data = NULL;
108 hci_conn_drop(conn->hcon);
109 }
110
111 /* Ensure no more work items will run since hci_conn has been dropped */
112 disable_delayed_work_sync(&conn->timeout_work);
113
114 kfree(conn);
115}
116
117static void iso_conn_put(struct iso_conn *conn)
118{
119 if (!conn)
120 return;
121
122 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
123
124 kref_put(&conn->ref, iso_conn_free);
125}
126
127static struct iso_conn *iso_conn_hold_unless_zero(struct iso_conn *conn)
128{
129 if (!conn)
130 return NULL;
131
132 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
133
134 if (!kref_get_unless_zero(&conn->ref))
135 return NULL;
136
137 return conn;
138}
139
140static struct sock *iso_sock_hold(struct iso_conn *conn)
141{
142 if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
143 return NULL;
144
145 sock_hold(conn->sk);
146
147 return conn->sk;
148}
149
150static void iso_sock_timeout(struct work_struct *work)
151{
152 struct iso_conn *conn = container_of(work, struct iso_conn,
153 timeout_work.work);
154 struct sock *sk;
155
156 conn = iso_conn_hold_unless_zero(conn);
157 if (!conn)
158 return;
159
160 iso_conn_lock(conn);
161 sk = iso_sock_hold(conn);
162 iso_conn_unlock(conn);
163 iso_conn_put(conn);
164
165 if (!sk)
166 return;
167
168 BT_DBG("sock %p state %d", sk, sk->sk_state);
169
170 lock_sock(sk);
171 sk->sk_err = ETIMEDOUT;
172 sk->sk_state_change(sk);
173 release_sock(sk);
174 sock_put(sk);
175}
176
177static void iso_sock_set_timer(struct sock *sk, long timeout)
178{
179 if (!iso_pi(sk)->conn)
180 return;
181
182 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
183 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
184 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
185}
186
187static void iso_sock_clear_timer(struct sock *sk)
188{
189 if (!iso_pi(sk)->conn)
190 return;
191
192 BT_DBG("sock %p state %d", sk, sk->sk_state);
193 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
194}
195
196/* ---- ISO connections ---- */
197static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
198{
199 struct iso_conn *conn = hcon->iso_data;
200
201 conn = iso_conn_hold_unless_zero(conn);
202 if (conn) {
203 if (!conn->hcon) {
204 iso_conn_lock(conn);
205 conn->hcon = hcon;
206 iso_conn_unlock(conn);
207 }
208 iso_conn_put(conn);
209 return conn;
210 }
211
212 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
213 if (!conn)
214 return NULL;
215
216 kref_init(&conn->ref);
217 spin_lock_init(&conn->lock);
218 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
219
220 hcon->iso_data = conn;
221 conn->hcon = hcon;
222 conn->tx_sn = 0;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227}
228
229/* Delete channel. Must be called on the locked socket. */
230static void iso_chan_del(struct sock *sk, int err)
231{
232 struct iso_conn *conn;
233 struct sock *parent;
234
235 conn = iso_pi(sk)->conn;
236 iso_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 iso_conn_lock(conn);
242 conn->sk = NULL;
243 iso_conn_unlock(conn);
244 iso_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249
250 parent = bt_sk(sk)->parent;
251 if (parent) {
252 bt_accept_unlink(sk);
253 parent->sk_data_ready(parent);
254 } else {
255 sk->sk_state_change(sk);
256 }
257
258 sock_set_flag(sk, SOCK_ZAPPED);
259}
260
261static void iso_conn_del(struct hci_conn *hcon, int err)
262{
263 struct iso_conn *conn = hcon->iso_data;
264 struct sock *sk;
265
266 conn = iso_conn_hold_unless_zero(conn);
267 if (!conn)
268 return;
269
270 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
271
272 /* Kill socket */
273 iso_conn_lock(conn);
274 sk = iso_sock_hold(conn);
275 iso_conn_unlock(conn);
276 iso_conn_put(conn);
277
278 if (!sk) {
279 iso_conn_put(conn);
280 return;
281 }
282
283 lock_sock(sk);
284 iso_sock_clear_timer(sk);
285 iso_chan_del(sk, err);
286 release_sock(sk);
287 sock_put(sk);
288}
289
290static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
291 struct sock *parent)
292{
293 BT_DBG("conn %p", conn);
294
295 if (iso_pi(sk)->conn == conn && conn->sk == sk)
296 return 0;
297
298 if (conn->sk) {
299 BT_ERR("conn->sk already set");
300 return -EBUSY;
301 }
302
303 iso_pi(sk)->conn = conn;
304 conn->sk = sk;
305
306 if (parent)
307 bt_accept_enqueue(parent, sk, true);
308
309 return 0;
310}
311
312static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
313 struct sock *parent)
314{
315 int err;
316
317 iso_conn_lock(conn);
318 err = __iso_chan_add(conn, sk, parent);
319 iso_conn_unlock(conn);
320
321 return err;
322}
323
324static inline u8 le_addr_type(u8 bdaddr_type)
325{
326 if (bdaddr_type == BDADDR_LE_PUBLIC)
327 return ADDR_LE_DEV_PUBLIC;
328 else
329 return ADDR_LE_DEV_RANDOM;
330}
331
332static int iso_connect_bis(struct sock *sk)
333{
334 struct iso_conn *conn;
335 struct hci_conn *hcon;
336 struct hci_dev *hdev;
337 int err;
338
339 BT_DBG("%pMR", &iso_pi(sk)->src);
340
341 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
342 iso_pi(sk)->src_type);
343 if (!hdev)
344 return -EHOSTUNREACH;
345
346 hci_dev_lock(hdev);
347
348 if (!bis_capable(hdev)) {
349 err = -EOPNOTSUPP;
350 goto unlock;
351 }
352
353 /* Fail if user set invalid QoS */
354 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
355 iso_pi(sk)->qos = default_qos;
356 err = -EINVAL;
357 goto unlock;
358 }
359
360 /* Fail if out PHYs are marked as disabled */
361 if (!iso_pi(sk)->qos.bcast.out.phy) {
362 err = -EINVAL;
363 goto unlock;
364 }
365
366 /* Just bind if DEFER_SETUP has been set */
367 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
368 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
369 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
370 iso_pi(sk)->base);
371 if (IS_ERR(hcon)) {
372 err = PTR_ERR(hcon);
373 goto unlock;
374 }
375 } else {
376 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
377 le_addr_type(iso_pi(sk)->dst_type),
378 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
379 iso_pi(sk)->base);
380 if (IS_ERR(hcon)) {
381 err = PTR_ERR(hcon);
382 goto unlock;
383 }
384 }
385
386 conn = iso_conn_add(hcon);
387 if (!conn) {
388 hci_conn_drop(hcon);
389 err = -ENOMEM;
390 goto unlock;
391 }
392
393 lock_sock(sk);
394
395 err = iso_chan_add(conn, sk, NULL);
396 if (err) {
397 release_sock(sk);
398 goto unlock;
399 }
400
401 /* Update source addr of the socket */
402 bacpy(&iso_pi(sk)->src, &hcon->src);
403
404 if (hcon->state == BT_CONNECTED) {
405 iso_sock_clear_timer(sk);
406 sk->sk_state = BT_CONNECTED;
407 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
408 iso_sock_clear_timer(sk);
409 sk->sk_state = BT_CONNECT;
410 } else {
411 sk->sk_state = BT_CONNECT;
412 iso_sock_set_timer(sk, sk->sk_sndtimeo);
413 }
414
415 release_sock(sk);
416
417unlock:
418 hci_dev_unlock(hdev);
419 hci_dev_put(hdev);
420 return err;
421}
422
423static int iso_connect_cis(struct sock *sk)
424{
425 struct iso_conn *conn;
426 struct hci_conn *hcon;
427 struct hci_dev *hdev;
428 int err;
429
430 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
431
432 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
433 iso_pi(sk)->src_type);
434 if (!hdev)
435 return -EHOSTUNREACH;
436
437 hci_dev_lock(hdev);
438
439 if (!cis_central_capable(hdev)) {
440 err = -EOPNOTSUPP;
441 goto unlock;
442 }
443
444 /* Fail if user set invalid QoS */
445 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
446 iso_pi(sk)->qos = default_qos;
447 err = -EINVAL;
448 goto unlock;
449 }
450
451 /* Fail if either PHYs are marked as disabled */
452 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
453 err = -EINVAL;
454 goto unlock;
455 }
456
457 /* Just bind if DEFER_SETUP has been set */
458 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
459 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
460 le_addr_type(iso_pi(sk)->dst_type),
461 &iso_pi(sk)->qos);
462 if (IS_ERR(hcon)) {
463 err = PTR_ERR(hcon);
464 goto unlock;
465 }
466 } else {
467 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
468 le_addr_type(iso_pi(sk)->dst_type),
469 &iso_pi(sk)->qos);
470 if (IS_ERR(hcon)) {
471 err = PTR_ERR(hcon);
472 goto unlock;
473 }
474 }
475
476 conn = iso_conn_add(hcon);
477 if (!conn) {
478 hci_conn_drop(hcon);
479 err = -ENOMEM;
480 goto unlock;
481 }
482
483 lock_sock(sk);
484
485 err = iso_chan_add(conn, sk, NULL);
486 if (err) {
487 release_sock(sk);
488 goto unlock;
489 }
490
491 /* Update source addr of the socket */
492 bacpy(&iso_pi(sk)->src, &hcon->src);
493
494 if (hcon->state == BT_CONNECTED) {
495 iso_sock_clear_timer(sk);
496 sk->sk_state = BT_CONNECTED;
497 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
498 iso_sock_clear_timer(sk);
499 sk->sk_state = BT_CONNECT;
500 } else {
501 sk->sk_state = BT_CONNECT;
502 iso_sock_set_timer(sk, sk->sk_sndtimeo);
503 }
504
505 release_sock(sk);
506
507unlock:
508 hci_dev_unlock(hdev);
509 hci_dev_put(hdev);
510 return err;
511}
512
513static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
514{
515 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
516 return &iso_pi(sk)->conn->hcon->iso_qos;
517
518 return &iso_pi(sk)->qos;
519}
520
521static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
522{
523 struct iso_conn *conn = iso_pi(sk)->conn;
524 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
525 struct hci_iso_data_hdr *hdr;
526 int len = 0;
527
528 BT_DBG("sk %p len %d", sk, skb->len);
529
530 if (skb->len > qos->ucast.out.sdu)
531 return -EMSGSIZE;
532
533 len = skb->len;
534
535 /* Push ISO data header */
536 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
537 hdr->sn = cpu_to_le16(conn->tx_sn++);
538 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
539 HCI_ISO_STATUS_VALID));
540
541 if (sk->sk_state == BT_CONNECTED)
542 hci_send_iso(conn->hcon, skb);
543 else
544 len = -ENOTCONN;
545
546 return len;
547}
548
549static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
550{
551 struct sock *sk;
552
553 iso_conn_lock(conn);
554 sk = conn->sk;
555 iso_conn_unlock(conn);
556
557 if (!sk)
558 goto drop;
559
560 BT_DBG("sk %p len %d", sk, skb->len);
561
562 if (sk->sk_state != BT_CONNECTED)
563 goto drop;
564
565 if (!sock_queue_rcv_skb(sk, skb))
566 return;
567
568drop:
569 kfree_skb(skb);
570}
571
572/* -------- Socket interface ---------- */
573static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
574{
575 struct sock *sk;
576
577 sk_for_each(sk, &iso_sk_list.head) {
578 if (sk->sk_state != BT_LISTEN)
579 continue;
580
581 if (bacmp(&iso_pi(sk)->dst, dst))
582 continue;
583
584 if (!bacmp(&iso_pi(sk)->src, src))
585 return sk;
586 }
587
588 return NULL;
589}
590
591static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
592 __u8 sid)
593{
594 struct sock *sk;
595
596 sk_for_each(sk, &iso_sk_list.head) {
597 if (sk->sk_state != BT_LISTEN)
598 continue;
599
600 if (bacmp(&iso_pi(sk)->src, ba))
601 continue;
602
603 if (bacmp(&iso_pi(sk)->dst, bc))
604 continue;
605
606 if (iso_pi(sk)->bc_sid == sid)
607 return sk;
608 }
609
610 return NULL;
611}
612
613/* Find socket in given state:
614 * source bdaddr (Unicast)
615 * destination bdaddr (Broadcast only)
616 * match func - pass NULL to ignore
617 * match func data - pass -1 to ignore
618 * Returns closest match.
619 */
620static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
621 enum bt_sock_state state,
622 iso_sock_match_t match, void *data)
623{
624 struct sock *sk = NULL, *sk1 = NULL;
625
626 read_lock(&iso_sk_list.lock);
627
628 sk_for_each(sk, &iso_sk_list.head) {
629 if (sk->sk_state != state)
630 continue;
631
632 /* Match Broadcast destination */
633 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
634 continue;
635
636 /* Use Match function if provided */
637 if (match && !match(sk, data))
638 continue;
639
640 /* Exact match. */
641 if (!bacmp(&iso_pi(sk)->src, src)) {
642 sock_hold(sk);
643 break;
644 }
645
646 /* Closest match */
647 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
648 if (sk1)
649 sock_put(sk1);
650
651 sk1 = sk;
652 sock_hold(sk1);
653 }
654 }
655
656 if (sk && sk1)
657 sock_put(sk1);
658
659 read_unlock(&iso_sk_list.lock);
660
661 return sk ? sk : sk1;
662}
663
664static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
665 bdaddr_t *dst, uint8_t big)
666{
667 struct sock *sk = NULL;
668
669 read_lock(&iso_sk_list.lock);
670
671 sk_for_each(sk, &iso_sk_list.head) {
672 if (match_sk == sk)
673 continue;
674
675 /* Look for sockets that have already been
676 * connected to the BIG
677 */
678 if (sk->sk_state != BT_CONNECTED &&
679 sk->sk_state != BT_CONNECT)
680 continue;
681
682 /* Match Broadcast destination */
683 if (bacmp(&iso_pi(sk)->dst, dst))
684 continue;
685
686 /* Match BIG handle */
687 if (iso_pi(sk)->qos.bcast.big != big)
688 continue;
689
690 /* Match source address */
691 if (bacmp(&iso_pi(sk)->src, src))
692 continue;
693
694 sock_hold(sk);
695 break;
696 }
697
698 read_unlock(&iso_sk_list.lock);
699
700 return sk;
701}
702
703static void iso_sock_destruct(struct sock *sk)
704{
705 BT_DBG("sk %p", sk);
706
707 iso_conn_put(iso_pi(sk)->conn);
708
709 skb_queue_purge(&sk->sk_receive_queue);
710 skb_queue_purge(&sk->sk_write_queue);
711}
712
713static void iso_sock_cleanup_listen(struct sock *parent)
714{
715 struct sock *sk;
716
717 BT_DBG("parent %p", parent);
718
719 /* Close not yet accepted channels */
720 while ((sk = bt_accept_dequeue(parent, NULL))) {
721 iso_sock_close(sk);
722 iso_sock_kill(sk);
723 }
724
725 /* If listening socket has a hcon, properly disconnect it */
726 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) {
727 iso_sock_disconn(parent);
728 return;
729 }
730
731 parent->sk_state = BT_CLOSED;
732 sock_set_flag(parent, SOCK_ZAPPED);
733}
734
735/* Kill socket (only if zapped and orphan)
736 * Must be called on unlocked socket.
737 */
738static void iso_sock_kill(struct sock *sk)
739{
740 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
741 sock_flag(sk, SOCK_DEAD))
742 return;
743
744 BT_DBG("sk %p state %d", sk, sk->sk_state);
745
746 /* Kill poor orphan */
747 bt_sock_unlink(&iso_sk_list, sk);
748 sock_set_flag(sk, SOCK_DEAD);
749 sock_put(sk);
750}
751
752static void iso_sock_disconn(struct sock *sk)
753{
754 struct sock *bis_sk;
755 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
756
757 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
758 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
759 &iso_pi(sk)->dst,
760 iso_pi(sk)->qos.bcast.big);
761
762 /* If there are any other connected sockets for the
763 * same BIG, just delete the sk and leave the bis
764 * hcon active, in case later rebinding is needed.
765 */
766 if (bis_sk) {
767 hcon->state = BT_OPEN;
768 hcon->iso_data = NULL;
769 iso_pi(sk)->conn->hcon = NULL;
770 iso_sock_clear_timer(sk);
771 iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
772 sock_put(bis_sk);
773 return;
774 }
775 }
776
777 sk->sk_state = BT_DISCONN;
778 iso_conn_lock(iso_pi(sk)->conn);
779 hci_conn_drop(iso_pi(sk)->conn->hcon);
780 iso_pi(sk)->conn->hcon = NULL;
781 iso_conn_unlock(iso_pi(sk)->conn);
782}
783
784static void __iso_sock_close(struct sock *sk)
785{
786 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
787
788 switch (sk->sk_state) {
789 case BT_LISTEN:
790 iso_sock_cleanup_listen(sk);
791 break;
792
793 case BT_CONNECT:
794 case BT_CONNECTED:
795 case BT_CONFIG:
796 if (iso_pi(sk)->conn->hcon)
797 iso_sock_disconn(sk);
798 else
799 iso_chan_del(sk, ECONNRESET);
800 break;
801
802 case BT_CONNECT2:
803 if (iso_pi(sk)->conn->hcon &&
804 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
805 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
806 iso_sock_disconn(sk);
807 else
808 iso_chan_del(sk, ECONNRESET);
809 break;
810 case BT_DISCONN:
811 iso_chan_del(sk, ECONNRESET);
812 break;
813
814 default:
815 sock_set_flag(sk, SOCK_ZAPPED);
816 break;
817 }
818}
819
820/* Must be called on unlocked socket. */
821static void iso_sock_close(struct sock *sk)
822{
823 iso_sock_clear_timer(sk);
824 lock_sock(sk);
825 __iso_sock_close(sk);
826 release_sock(sk);
827 iso_sock_kill(sk);
828}
829
830static void iso_sock_init(struct sock *sk, struct sock *parent)
831{
832 BT_DBG("sk %p", sk);
833
834 if (parent) {
835 sk->sk_type = parent->sk_type;
836 bt_sk(sk)->flags = bt_sk(parent)->flags;
837 security_sk_clone(parent, sk);
838 }
839}
840
841static struct proto iso_proto = {
842 .name = "ISO",
843 .owner = THIS_MODULE,
844 .obj_size = sizeof(struct iso_pinfo)
845};
846
847#define DEFAULT_IO_QOS \
848{ \
849 .interval = 10000u, \
850 .latency = 10u, \
851 .sdu = 40u, \
852 .phy = BT_ISO_PHY_2M, \
853 .rtn = 2u, \
854}
855
856static struct bt_iso_qos default_qos = {
857 .bcast = {
858 .big = BT_ISO_QOS_BIG_UNSET,
859 .bis = BT_ISO_QOS_BIS_UNSET,
860 .sync_factor = 0x01,
861 .packing = 0x00,
862 .framing = 0x00,
863 .in = DEFAULT_IO_QOS,
864 .out = DEFAULT_IO_QOS,
865 .encryption = 0x00,
866 .bcode = {0x00},
867 .options = 0x00,
868 .skip = 0x0000,
869 .sync_timeout = BT_ISO_SYNC_TIMEOUT,
870 .sync_cte_type = 0x00,
871 .mse = 0x00,
872 .timeout = BT_ISO_SYNC_TIMEOUT,
873 },
874};
875
876static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
877 int proto, gfp_t prio, int kern)
878{
879 struct sock *sk;
880
881 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
882 if (!sk)
883 return NULL;
884
885 sk->sk_destruct = iso_sock_destruct;
886 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
887
888 /* Set address type as public as default src address is BDADDR_ANY */
889 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
890
891 iso_pi(sk)->qos = default_qos;
892 iso_pi(sk)->sync_handle = -1;
893
894 bt_sock_link(&iso_sk_list, sk);
895 return sk;
896}
897
898static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
899 int kern)
900{
901 struct sock *sk;
902
903 BT_DBG("sock %p", sock);
904
905 sock->state = SS_UNCONNECTED;
906
907 if (sock->type != SOCK_SEQPACKET)
908 return -ESOCKTNOSUPPORT;
909
910 sock->ops = &iso_sock_ops;
911
912 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
913 if (!sk)
914 return -ENOMEM;
915
916 iso_sock_init(sk, NULL);
917 return 0;
918}
919
920static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
921 int addr_len)
922{
923 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
924 struct sock *sk = sock->sk;
925 int i;
926
927 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
928 sa->iso_bc->bc_num_bis);
929
930 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
931 return -EINVAL;
932
933 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
934
935 /* Check if the address type is of LE type */
936 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
937 return -EINVAL;
938
939 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
940
941 if (sa->iso_bc->bc_sid > 0x0f)
942 return -EINVAL;
943
944 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
945
946 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
947 return -EINVAL;
948
949 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
950
951 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
952 if (sa->iso_bc->bc_bis[i] < 0x01 ||
953 sa->iso_bc->bc_bis[i] > 0x1f)
954 return -EINVAL;
955
956 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
957 iso_pi(sk)->bc_num_bis);
958
959 return 0;
960}
961
962static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa,
963 int addr_len)
964{
965 int err = 0;
966
967 if (sk->sk_type != SOCK_SEQPACKET) {
968 err = -EINVAL;
969 goto done;
970 }
971
972 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) {
973 err = -EINVAL;
974 goto done;
975 }
976
977 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
978 err = -EINVAL;
979 goto done;
980 }
981
982 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
983
984 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
985 if (sa->iso_bc->bc_bis[i] < 0x01 ||
986 sa->iso_bc->bc_bis[i] > 0x1f) {
987 err = -EINVAL;
988 goto done;
989 }
990
991 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
992 iso_pi(sk)->bc_num_bis);
993
994done:
995 return err;
996}
997
998static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
999 int addr_len)
1000{
1001 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1002 struct sock *sk = sock->sk;
1003 int err = 0;
1004
1005 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
1006
1007 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
1008 addr->sa_family != AF_BLUETOOTH)
1009 return -EINVAL;
1010
1011 lock_sock(sk);
1012
1013 /* Allow the user to bind a PA sync socket to a number
1014 * of BISes to sync to.
1015 */
1016 if ((sk->sk_state == BT_CONNECT2 ||
1017 sk->sk_state == BT_CONNECTED) &&
1018 test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1019 err = iso_sock_bind_pa_sk(sk, sa, addr_len);
1020 goto done;
1021 }
1022
1023 if (sk->sk_state != BT_OPEN) {
1024 err = -EBADFD;
1025 goto done;
1026 }
1027
1028 if (sk->sk_type != SOCK_SEQPACKET) {
1029 err = -EINVAL;
1030 goto done;
1031 }
1032
1033 /* Check if the address type is of LE type */
1034 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
1035 err = -EINVAL;
1036 goto done;
1037 }
1038
1039 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
1040 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
1041
1042 /* Check for Broadcast address */
1043 if (addr_len > sizeof(*sa)) {
1044 err = iso_sock_bind_bc(sock, addr, addr_len);
1045 if (err)
1046 goto done;
1047 }
1048
1049 sk->sk_state = BT_BOUND;
1050
1051done:
1052 release_sock(sk);
1053 return err;
1054}
1055
1056static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
1057 int alen, int flags)
1058{
1059 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1060 struct sock *sk = sock->sk;
1061 int err;
1062
1063 BT_DBG("sk %p", sk);
1064
1065 if (alen < sizeof(struct sockaddr_iso) ||
1066 addr->sa_family != AF_BLUETOOTH)
1067 return -EINVAL;
1068
1069 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1070 return -EBADFD;
1071
1072 if (sk->sk_type != SOCK_SEQPACKET)
1073 return -EINVAL;
1074
1075 /* Check if the address type is of LE type */
1076 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1077 return -EINVAL;
1078
1079 lock_sock(sk);
1080
1081 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1082 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1083
1084 release_sock(sk);
1085
1086 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1087 err = iso_connect_cis(sk);
1088 else
1089 err = iso_connect_bis(sk);
1090
1091 if (err)
1092 return err;
1093
1094 lock_sock(sk);
1095
1096 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1097 err = bt_sock_wait_state(sk, BT_CONNECTED,
1098 sock_sndtimeo(sk, flags & O_NONBLOCK));
1099 }
1100
1101 release_sock(sk);
1102 return err;
1103}
1104
1105static int iso_listen_bis(struct sock *sk)
1106{
1107 struct hci_dev *hdev;
1108 int err = 0;
1109 struct iso_conn *conn;
1110 struct hci_conn *hcon;
1111
1112 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1113 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1114
1115 write_lock(&iso_sk_list.lock);
1116
1117 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1118 iso_pi(sk)->bc_sid))
1119 err = -EADDRINUSE;
1120
1121 write_unlock(&iso_sk_list.lock);
1122
1123 if (err)
1124 return err;
1125
1126 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1127 iso_pi(sk)->src_type);
1128 if (!hdev)
1129 return -EHOSTUNREACH;
1130
1131 hci_dev_lock(hdev);
1132 lock_sock(sk);
1133
1134 /* Fail if user set invalid QoS */
1135 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1136 iso_pi(sk)->qos = default_qos;
1137 err = -EINVAL;
1138 goto unlock;
1139 }
1140
1141 hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1142 le_addr_type(iso_pi(sk)->dst_type),
1143 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1144 if (IS_ERR(hcon)) {
1145 err = PTR_ERR(hcon);
1146 goto unlock;
1147 }
1148
1149 conn = iso_conn_add(hcon);
1150 if (!conn) {
1151 hci_conn_drop(hcon);
1152 err = -ENOMEM;
1153 goto unlock;
1154 }
1155
1156 err = iso_chan_add(conn, sk, NULL);
1157 if (err) {
1158 hci_conn_drop(hcon);
1159 goto unlock;
1160 }
1161
1162unlock:
1163 release_sock(sk);
1164 hci_dev_unlock(hdev);
1165 hci_dev_put(hdev);
1166 return err;
1167}
1168
1169static int iso_listen_cis(struct sock *sk)
1170{
1171 int err = 0;
1172
1173 BT_DBG("%pMR", &iso_pi(sk)->src);
1174
1175 write_lock(&iso_sk_list.lock);
1176
1177 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1178 err = -EADDRINUSE;
1179
1180 write_unlock(&iso_sk_list.lock);
1181
1182 return err;
1183}
1184
1185static int iso_sock_listen(struct socket *sock, int backlog)
1186{
1187 struct sock *sk = sock->sk;
1188 int err = 0;
1189
1190 BT_DBG("sk %p backlog %d", sk, backlog);
1191
1192 sock_hold(sk);
1193 lock_sock(sk);
1194
1195 if (sk->sk_state != BT_BOUND) {
1196 err = -EBADFD;
1197 goto done;
1198 }
1199
1200 if (sk->sk_type != SOCK_SEQPACKET) {
1201 err = -EINVAL;
1202 goto done;
1203 }
1204
1205 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1206 err = iso_listen_cis(sk);
1207 } else {
1208 /* Drop sock lock to avoid potential
1209 * deadlock with the hdev lock.
1210 */
1211 release_sock(sk);
1212 err = iso_listen_bis(sk);
1213 lock_sock(sk);
1214 }
1215
1216 if (err)
1217 goto done;
1218
1219 sk->sk_max_ack_backlog = backlog;
1220 sk->sk_ack_backlog = 0;
1221
1222 sk->sk_state = BT_LISTEN;
1223
1224done:
1225 release_sock(sk);
1226 sock_put(sk);
1227 return err;
1228}
1229
1230static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1231 struct proto_accept_arg *arg)
1232{
1233 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1234 struct sock *sk = sock->sk, *ch;
1235 long timeo;
1236 int err = 0;
1237
1238 /* Use explicit nested locking to avoid lockdep warnings generated
1239 * because the parent socket and the child socket are locked on the
1240 * same thread.
1241 */
1242 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1243
1244 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
1245
1246 BT_DBG("sk %p timeo %ld", sk, timeo);
1247
1248 /* Wait for an incoming connection. (wake-one). */
1249 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1250 while (1) {
1251 if (sk->sk_state != BT_LISTEN) {
1252 err = -EBADFD;
1253 break;
1254 }
1255
1256 ch = bt_accept_dequeue(sk, newsock);
1257 if (ch)
1258 break;
1259
1260 if (!timeo) {
1261 err = -EAGAIN;
1262 break;
1263 }
1264
1265 if (signal_pending(current)) {
1266 err = sock_intr_errno(timeo);
1267 break;
1268 }
1269
1270 release_sock(sk);
1271
1272 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1273 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1274 }
1275 remove_wait_queue(sk_sleep(sk), &wait);
1276
1277 if (err)
1278 goto done;
1279
1280 newsock->state = SS_CONNECTED;
1281
1282 BT_DBG("new socket %p", ch);
1283
1284done:
1285 release_sock(sk);
1286 return err;
1287}
1288
1289static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1290 int peer)
1291{
1292 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1293 struct sock *sk = sock->sk;
1294
1295 BT_DBG("sock %p, sk %p", sock, sk);
1296
1297 addr->sa_family = AF_BLUETOOTH;
1298
1299 if (peer) {
1300 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1301 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1302 } else {
1303 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1304 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1305 }
1306
1307 return sizeof(struct sockaddr_iso);
1308}
1309
1310static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1311 size_t len)
1312{
1313 struct sock *sk = sock->sk;
1314 struct sk_buff *skb, **frag;
1315 size_t mtu;
1316 int err;
1317
1318 BT_DBG("sock %p, sk %p", sock, sk);
1319
1320 err = sock_error(sk);
1321 if (err)
1322 return err;
1323
1324 if (msg->msg_flags & MSG_OOB)
1325 return -EOPNOTSUPP;
1326
1327 lock_sock(sk);
1328
1329 if (sk->sk_state != BT_CONNECTED) {
1330 release_sock(sk);
1331 return -ENOTCONN;
1332 }
1333
1334 mtu = iso_pi(sk)->conn->hcon->mtu;
1335
1336 release_sock(sk);
1337
1338 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1339 if (IS_ERR(skb))
1340 return PTR_ERR(skb);
1341
1342 len -= skb->len;
1343
1344 BT_DBG("skb %p len %d", sk, skb->len);
1345
1346 /* Continuation fragments */
1347 frag = &skb_shinfo(skb)->frag_list;
1348 while (len) {
1349 struct sk_buff *tmp;
1350
1351 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1352 if (IS_ERR(tmp)) {
1353 kfree_skb(skb);
1354 return PTR_ERR(tmp);
1355 }
1356
1357 *frag = tmp;
1358
1359 len -= tmp->len;
1360
1361 skb->len += tmp->len;
1362 skb->data_len += tmp->len;
1363
1364 BT_DBG("frag %p len %d", *frag, tmp->len);
1365
1366 frag = &(*frag)->next;
1367 }
1368
1369 lock_sock(sk);
1370
1371 if (sk->sk_state == BT_CONNECTED)
1372 err = iso_send_frame(sk, skb);
1373 else
1374 err = -ENOTCONN;
1375
1376 release_sock(sk);
1377
1378 if (err < 0)
1379 kfree_skb(skb);
1380 return err;
1381}
1382
1383static void iso_conn_defer_accept(struct hci_conn *conn)
1384{
1385 struct hci_cp_le_accept_cis cp;
1386 struct hci_dev *hdev = conn->hdev;
1387
1388 BT_DBG("conn %p", conn);
1389
1390 conn->state = BT_CONFIG;
1391
1392 cp.handle = cpu_to_le16(conn->handle);
1393
1394 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1395}
1396
1397static void iso_conn_big_sync(struct sock *sk)
1398{
1399 int err;
1400 struct hci_dev *hdev;
1401
1402 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1403 iso_pi(sk)->src_type);
1404
1405 if (!hdev)
1406 return;
1407
1408 /* hci_le_big_create_sync requires hdev lock to be held, since
1409 * it enqueues the HCI LE BIG Create Sync command via
1410 * hci_cmd_sync_queue_once, which checks hdev flags that might
1411 * change.
1412 */
1413 hci_dev_lock(hdev);
1414 lock_sock(sk);
1415
1416 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1417 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1418 &iso_pi(sk)->qos,
1419 iso_pi(sk)->sync_handle,
1420 iso_pi(sk)->bc_num_bis,
1421 iso_pi(sk)->bc_bis);
1422 if (err)
1423 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1424 err);
1425 }
1426
1427 release_sock(sk);
1428 hci_dev_unlock(hdev);
1429}
1430
1431static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1432 size_t len, int flags)
1433{
1434 struct sock *sk = sock->sk;
1435 struct iso_pinfo *pi = iso_pi(sk);
1436 bool early_ret = false;
1437 int err = 0;
1438
1439 BT_DBG("sk %p", sk);
1440
1441 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1442 sock_hold(sk);
1443 lock_sock(sk);
1444
1445 switch (sk->sk_state) {
1446 case BT_CONNECT2:
1447 if (test_bit(BT_SK_PA_SYNC, &pi->flags)) {
1448 release_sock(sk);
1449 iso_conn_big_sync(sk);
1450 lock_sock(sk);
1451
1452 sk->sk_state = BT_LISTEN;
1453 } else {
1454 iso_conn_defer_accept(pi->conn->hcon);
1455 sk->sk_state = BT_CONFIG;
1456 }
1457
1458 early_ret = true;
1459 break;
1460 case BT_CONNECTED:
1461 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1462 release_sock(sk);
1463 iso_conn_big_sync(sk);
1464 lock_sock(sk);
1465
1466 sk->sk_state = BT_LISTEN;
1467 early_ret = true;
1468 }
1469
1470 break;
1471 case BT_CONNECT:
1472 release_sock(sk);
1473 err = iso_connect_cis(sk);
1474 lock_sock(sk);
1475
1476 early_ret = true;
1477 break;
1478 default:
1479 break;
1480 }
1481
1482 release_sock(sk);
1483 sock_put(sk);
1484
1485 if (early_ret)
1486 return err;
1487 }
1488
1489 return bt_sock_recvmsg(sock, msg, len, flags);
1490}
1491
1492static bool check_io_qos(struct bt_iso_io_qos *qos)
1493{
1494 /* If no PHY is enable SDU must be 0 */
1495 if (!qos->phy && qos->sdu)
1496 return false;
1497
1498 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1499 return false;
1500
1501 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1502 return false;
1503
1504 if (qos->phy > BT_ISO_PHY_ANY)
1505 return false;
1506
1507 return true;
1508}
1509
1510static bool check_ucast_qos(struct bt_iso_qos *qos)
1511{
1512 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1513 return false;
1514
1515 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1516 return false;
1517
1518 if (qos->ucast.sca > 0x07)
1519 return false;
1520
1521 if (qos->ucast.packing > 0x01)
1522 return false;
1523
1524 if (qos->ucast.framing > 0x01)
1525 return false;
1526
1527 if (!check_io_qos(&qos->ucast.in))
1528 return false;
1529
1530 if (!check_io_qos(&qos->ucast.out))
1531 return false;
1532
1533 return true;
1534}
1535
1536static bool check_bcast_qos(struct bt_iso_qos *qos)
1537{
1538 if (!qos->bcast.sync_factor)
1539 qos->bcast.sync_factor = 0x01;
1540
1541 if (qos->bcast.packing > 0x01)
1542 return false;
1543
1544 if (qos->bcast.framing > 0x01)
1545 return false;
1546
1547 if (!check_io_qos(&qos->bcast.in))
1548 return false;
1549
1550 if (!check_io_qos(&qos->bcast.out))
1551 return false;
1552
1553 if (qos->bcast.encryption > 0x01)
1554 return false;
1555
1556 if (qos->bcast.options > 0x07)
1557 return false;
1558
1559 if (qos->bcast.skip > 0x01f3)
1560 return false;
1561
1562 if (!qos->bcast.sync_timeout)
1563 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1564
1565 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1566 return false;
1567
1568 if (qos->bcast.sync_cte_type > 0x1f)
1569 return false;
1570
1571 if (qos->bcast.mse > 0x1f)
1572 return false;
1573
1574 if (!qos->bcast.timeout)
1575 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1576
1577 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1578 return false;
1579
1580 return true;
1581}
1582
1583static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1584 sockptr_t optval, unsigned int optlen)
1585{
1586 struct sock *sk = sock->sk;
1587 int err = 0;
1588 struct bt_iso_qos qos = default_qos;
1589 u32 opt;
1590
1591 BT_DBG("sk %p", sk);
1592
1593 lock_sock(sk);
1594
1595 switch (optname) {
1596 case BT_DEFER_SETUP:
1597 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1598 err = -EINVAL;
1599 break;
1600 }
1601
1602 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1603 if (err)
1604 break;
1605
1606 if (opt)
1607 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1608 else
1609 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1610 break;
1611
1612 case BT_PKT_STATUS:
1613 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1614 if (err)
1615 break;
1616
1617 if (opt)
1618 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1619 else
1620 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1621 break;
1622
1623 case BT_ISO_QOS:
1624 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1625 sk->sk_state != BT_CONNECT2 &&
1626 (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags) ||
1627 sk->sk_state != BT_CONNECTED)) {
1628 err = -EINVAL;
1629 break;
1630 }
1631
1632 err = copy_safe_from_sockptr(&qos, sizeof(qos), optval, optlen);
1633 if (err)
1634 break;
1635
1636 iso_pi(sk)->qos = qos;
1637 iso_pi(sk)->qos_user_set = true;
1638
1639 break;
1640
1641 case BT_ISO_BASE:
1642 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1643 sk->sk_state != BT_CONNECT2) {
1644 err = -EINVAL;
1645 break;
1646 }
1647
1648 if (optlen > sizeof(iso_pi(sk)->base)) {
1649 err = -EINVAL;
1650 break;
1651 }
1652
1653 err = copy_safe_from_sockptr(iso_pi(sk)->base, optlen, optval,
1654 optlen);
1655 if (err)
1656 break;
1657
1658 iso_pi(sk)->base_len = optlen;
1659
1660 break;
1661
1662 default:
1663 err = -ENOPROTOOPT;
1664 break;
1665 }
1666
1667 release_sock(sk);
1668 return err;
1669}
1670
1671static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1672 char __user *optval, int __user *optlen)
1673{
1674 struct sock *sk = sock->sk;
1675 int len, err = 0;
1676 struct bt_iso_qos *qos;
1677 u8 base_len;
1678 u8 *base;
1679
1680 BT_DBG("sk %p", sk);
1681
1682 if (get_user(len, optlen))
1683 return -EFAULT;
1684
1685 lock_sock(sk);
1686
1687 switch (optname) {
1688 case BT_DEFER_SETUP:
1689 if (sk->sk_state == BT_CONNECTED) {
1690 err = -EINVAL;
1691 break;
1692 }
1693
1694 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1695 (u32 __user *)optval))
1696 err = -EFAULT;
1697
1698 break;
1699
1700 case BT_PKT_STATUS:
1701 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1702 (int __user *)optval))
1703 err = -EFAULT;
1704 break;
1705
1706 case BT_ISO_QOS:
1707 qos = iso_sock_get_qos(sk);
1708
1709 len = min_t(unsigned int, len, sizeof(*qos));
1710 if (copy_to_user(optval, qos, len))
1711 err = -EFAULT;
1712
1713 break;
1714
1715 case BT_ISO_BASE:
1716 if (sk->sk_state == BT_CONNECTED &&
1717 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1718 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1719 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1720 } else {
1721 base_len = iso_pi(sk)->base_len;
1722 base = iso_pi(sk)->base;
1723 }
1724
1725 len = min_t(unsigned int, len, base_len);
1726 if (copy_to_user(optval, base, len))
1727 err = -EFAULT;
1728 if (put_user(len, optlen))
1729 err = -EFAULT;
1730
1731 break;
1732
1733 default:
1734 err = -ENOPROTOOPT;
1735 break;
1736 }
1737
1738 release_sock(sk);
1739 return err;
1740}
1741
1742static int iso_sock_shutdown(struct socket *sock, int how)
1743{
1744 struct sock *sk = sock->sk;
1745 int err = 0;
1746
1747 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1748
1749 if (!sk)
1750 return 0;
1751
1752 sock_hold(sk);
1753 lock_sock(sk);
1754
1755 switch (how) {
1756 case SHUT_RD:
1757 if (sk->sk_shutdown & RCV_SHUTDOWN)
1758 goto unlock;
1759 sk->sk_shutdown |= RCV_SHUTDOWN;
1760 break;
1761 case SHUT_WR:
1762 if (sk->sk_shutdown & SEND_SHUTDOWN)
1763 goto unlock;
1764 sk->sk_shutdown |= SEND_SHUTDOWN;
1765 break;
1766 case SHUT_RDWR:
1767 if (sk->sk_shutdown & SHUTDOWN_MASK)
1768 goto unlock;
1769 sk->sk_shutdown |= SHUTDOWN_MASK;
1770 break;
1771 }
1772
1773 iso_sock_clear_timer(sk);
1774 __iso_sock_close(sk);
1775
1776 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1777 !(current->flags & PF_EXITING))
1778 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1779
1780unlock:
1781 release_sock(sk);
1782 sock_put(sk);
1783
1784 return err;
1785}
1786
1787static int iso_sock_release(struct socket *sock)
1788{
1789 struct sock *sk = sock->sk;
1790 int err = 0;
1791
1792 BT_DBG("sock %p, sk %p", sock, sk);
1793
1794 if (!sk)
1795 return 0;
1796
1797 iso_sock_close(sk);
1798
1799 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1800 !(current->flags & PF_EXITING)) {
1801 lock_sock(sk);
1802 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1803 release_sock(sk);
1804 }
1805
1806 sock_orphan(sk);
1807 iso_sock_kill(sk);
1808 return err;
1809}
1810
1811static void iso_sock_ready(struct sock *sk)
1812{
1813 BT_DBG("sk %p", sk);
1814
1815 if (!sk)
1816 return;
1817
1818 lock_sock(sk);
1819 iso_sock_clear_timer(sk);
1820 sk->sk_state = BT_CONNECTED;
1821 sk->sk_state_change(sk);
1822 release_sock(sk);
1823}
1824
1825static bool iso_match_big(struct sock *sk, void *data)
1826{
1827 struct hci_evt_le_big_sync_estabilished *ev = data;
1828
1829 return ev->handle == iso_pi(sk)->qos.bcast.big;
1830}
1831
1832static bool iso_match_big_hcon(struct sock *sk, void *data)
1833{
1834 struct hci_conn *hcon = data;
1835
1836 return hcon->iso_qos.bcast.big == iso_pi(sk)->qos.bcast.big;
1837}
1838
1839static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1840{
1841 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1842}
1843
1844static void iso_conn_ready(struct iso_conn *conn)
1845{
1846 struct sock *parent = NULL;
1847 struct sock *sk = conn->sk;
1848 struct hci_ev_le_big_sync_estabilished *ev = NULL;
1849 struct hci_ev_le_pa_sync_established *ev2 = NULL;
1850 struct hci_ev_le_per_adv_report *ev3 = NULL;
1851 struct hci_conn *hcon;
1852
1853 BT_DBG("conn %p", conn);
1854
1855 if (sk) {
1856 iso_sock_ready(conn->sk);
1857 } else {
1858 hcon = conn->hcon;
1859 if (!hcon)
1860 return;
1861
1862 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags)) {
1863 /* A BIS slave hcon is notified to the ISO layer
1864 * after the Command Complete for the LE Setup
1865 * ISO Data Path command is received. Get the
1866 * parent socket that matches the hcon BIG handle.
1867 */
1868 parent = iso_get_sock(&hcon->src, &hcon->dst,
1869 BT_LISTEN, iso_match_big_hcon,
1870 hcon);
1871 } else if (test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1872 ev = hci_recv_event_data(hcon->hdev,
1873 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1874
1875 /* Get reference to PA sync parent socket, if it exists */
1876 parent = iso_get_sock(&hcon->src, &hcon->dst,
1877 BT_LISTEN,
1878 iso_match_pa_sync_flag,
1879 NULL);
1880 if (!parent && ev)
1881 parent = iso_get_sock(&hcon->src,
1882 &hcon->dst,
1883 BT_LISTEN,
1884 iso_match_big, ev);
1885 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1886 ev2 = hci_recv_event_data(hcon->hdev,
1887 HCI_EV_LE_PA_SYNC_ESTABLISHED);
1888 if (ev2)
1889 parent = iso_get_sock(&hcon->src,
1890 &hcon->dst,
1891 BT_LISTEN,
1892 iso_match_sid, ev2);
1893 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1894 ev3 = hci_recv_event_data(hcon->hdev,
1895 HCI_EV_LE_PER_ADV_REPORT);
1896 if (ev3)
1897 parent = iso_get_sock(&hcon->src,
1898 &hcon->dst,
1899 BT_LISTEN,
1900 iso_match_sync_handle_pa_report,
1901 ev3);
1902 }
1903
1904 if (!parent)
1905 parent = iso_get_sock(&hcon->src, BDADDR_ANY,
1906 BT_LISTEN, NULL, NULL);
1907
1908 if (!parent)
1909 return;
1910
1911 lock_sock(parent);
1912
1913 sk = iso_sock_alloc(sock_net(parent), NULL,
1914 BTPROTO_ISO, GFP_ATOMIC, 0);
1915 if (!sk) {
1916 release_sock(parent);
1917 return;
1918 }
1919
1920 iso_sock_init(sk, parent);
1921
1922 bacpy(&iso_pi(sk)->src, &hcon->src);
1923
1924 /* Convert from HCI to three-value type */
1925 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1926 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1927 else
1928 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1929
1930 /* If hcon has no destination address (BDADDR_ANY) it means it
1931 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1932 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1933 * the parent socket destination address.
1934 */
1935 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1936 bacpy(&hcon->dst, &iso_pi(parent)->dst);
1937 hcon->dst_type = iso_pi(parent)->dst_type;
1938 }
1939
1940 if (ev3) {
1941 iso_pi(sk)->qos = iso_pi(parent)->qos;
1942 hcon->iso_qos = iso_pi(sk)->qos;
1943 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1944 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1945 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1946 }
1947
1948 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1949 iso_pi(sk)->dst_type = hcon->dst_type;
1950 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1951 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1952 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1953
1954 hci_conn_hold(hcon);
1955 iso_chan_add(conn, sk, parent);
1956
1957 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1958 (ev2 && ev2->status)) {
1959 /* Trigger error signal on child socket */
1960 sk->sk_err = ECONNREFUSED;
1961 sk->sk_error_report(sk);
1962 }
1963
1964 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1965 sk->sk_state = BT_CONNECT2;
1966 else
1967 sk->sk_state = BT_CONNECTED;
1968
1969 /* Wake up parent */
1970 parent->sk_data_ready(parent);
1971
1972 release_sock(parent);
1973 sock_put(parent);
1974 }
1975}
1976
1977static bool iso_match_sid(struct sock *sk, void *data)
1978{
1979 struct hci_ev_le_pa_sync_established *ev = data;
1980
1981 return ev->sid == iso_pi(sk)->bc_sid;
1982}
1983
1984static bool iso_match_sync_handle(struct sock *sk, void *data)
1985{
1986 struct hci_evt_le_big_info_adv_report *ev = data;
1987
1988 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1989}
1990
1991static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1992{
1993 struct hci_ev_le_per_adv_report *ev = data;
1994
1995 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1996}
1997
1998/* ----- ISO interface with lower layer (HCI) ----- */
1999
2000int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
2001{
2002 struct hci_ev_le_pa_sync_established *ev1;
2003 struct hci_evt_le_big_info_adv_report *ev2;
2004 struct hci_ev_le_per_adv_report *ev3;
2005 struct sock *sk;
2006
2007 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
2008
2009 /* Broadcast receiver requires handling of some events before it can
2010 * proceed to establishing a BIG sync:
2011 *
2012 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
2013 * SID to listen to and once sync is estabilished its handle needs to
2014 * be stored in iso_pi(sk)->sync_handle so it can be matched once
2015 * receiving the BIG Info.
2016 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
2017 * a BIG Info it attempts to check if there any listening socket with
2018 * the same sync_handle and if it does then attempt to create a sync.
2019 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
2020 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
2021 * broadcast sink.
2022 */
2023 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
2024 if (ev1) {
2025 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN,
2026 iso_match_sid, ev1);
2027 if (sk && !ev1->status)
2028 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
2029
2030 goto done;
2031 }
2032
2033 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
2034 if (ev2) {
2035 /* Check if BIGInfo report has already been handled */
2036 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECTED,
2037 iso_match_sync_handle, ev2);
2038 if (sk) {
2039 sock_put(sk);
2040 sk = NULL;
2041 goto done;
2042 }
2043
2044 /* Try to get PA sync socket, if it exists */
2045 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECT2,
2046 iso_match_sync_handle, ev2);
2047 if (!sk)
2048 sk = iso_get_sock(&hdev->bdaddr, bdaddr,
2049 BT_LISTEN,
2050 iso_match_sync_handle,
2051 ev2);
2052
2053 if (sk) {
2054 int err;
2055 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
2056
2057 iso_pi(sk)->qos.bcast.encryption = ev2->encryption;
2058
2059 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
2060 iso_pi(sk)->bc_num_bis = ev2->num_bis;
2061
2062 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
2063 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
2064 err = hci_le_big_create_sync(hdev,
2065 hcon,
2066 &iso_pi(sk)->qos,
2067 iso_pi(sk)->sync_handle,
2068 iso_pi(sk)->bc_num_bis,
2069 iso_pi(sk)->bc_bis);
2070 if (err) {
2071 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
2072 err);
2073 sock_put(sk);
2074 sk = NULL;
2075 }
2076 }
2077 }
2078
2079 goto done;
2080 }
2081
2082 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
2083 if (ev3) {
2084 size_t base_len = 0;
2085 u8 *base;
2086 struct hci_conn *hcon;
2087
2088 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN,
2089 iso_match_sync_handle_pa_report, ev3);
2090 if (!sk)
2091 goto done;
2092
2093 hcon = iso_pi(sk)->conn->hcon;
2094 if (!hcon)
2095 goto done;
2096
2097 if (ev3->data_status == LE_PA_DATA_TRUNCATED) {
2098 /* The controller was unable to retrieve PA data. */
2099 memset(hcon->le_per_adv_data, 0,
2100 HCI_MAX_PER_AD_TOT_LEN);
2101 hcon->le_per_adv_data_len = 0;
2102 hcon->le_per_adv_data_offset = 0;
2103 goto done;
2104 }
2105
2106 if (hcon->le_per_adv_data_offset + ev3->length >
2107 HCI_MAX_PER_AD_TOT_LEN)
2108 goto done;
2109
2110 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset,
2111 ev3->data, ev3->length);
2112 hcon->le_per_adv_data_offset += ev3->length;
2113
2114 if (ev3->data_status == LE_PA_DATA_COMPLETE) {
2115 /* All PA data has been received. */
2116 hcon->le_per_adv_data_len =
2117 hcon->le_per_adv_data_offset;
2118 hcon->le_per_adv_data_offset = 0;
2119
2120 /* Extract BASE */
2121 base = eir_get_service_data(hcon->le_per_adv_data,
2122 hcon->le_per_adv_data_len,
2123 EIR_BAA_SERVICE_UUID,
2124 &base_len);
2125
2126 if (!base || base_len > BASE_MAX_LENGTH)
2127 goto done;
2128
2129 memcpy(iso_pi(sk)->base, base, base_len);
2130 iso_pi(sk)->base_len = base_len;
2131 } else {
2132 /* This is a PA data fragment. Keep pa_data_len set to 0
2133 * until all data has been reassembled.
2134 */
2135 hcon->le_per_adv_data_len = 0;
2136 }
2137 } else {
2138 sk = iso_get_sock(&hdev->bdaddr, BDADDR_ANY,
2139 BT_LISTEN, NULL, NULL);
2140 }
2141
2142done:
2143 if (!sk)
2144 return 0;
2145
2146 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
2147 *flags |= HCI_PROTO_DEFER;
2148
2149 sock_put(sk);
2150
2151 return HCI_LM_ACCEPT;
2152}
2153
2154static bool iso_match(struct hci_conn *hcon)
2155{
2156 return hcon->type == ISO_LINK || hcon->type == LE_LINK;
2157}
2158
2159static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
2160{
2161 if (hcon->type != ISO_LINK) {
2162 if (hcon->type != LE_LINK)
2163 return;
2164
2165 /* Check if LE link has failed */
2166 if (status) {
2167 struct hci_link *link, *t;
2168
2169 list_for_each_entry_safe(link, t, &hcon->link_list,
2170 list)
2171 iso_conn_del(link->conn, bt_to_errno(status));
2172
2173 return;
2174 }
2175
2176 /* Create CIS if pending */
2177 hci_le_create_cis_pending(hcon->hdev);
2178 return;
2179 }
2180
2181 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2182
2183 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2184 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2185 * into the accept queue of the listening socket and wake up
2186 * userspace, to inform the user about the event.
2187 */
2188 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2189 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2190 struct iso_conn *conn;
2191
2192 conn = iso_conn_add(hcon);
2193 if (conn)
2194 iso_conn_ready(conn);
2195 } else {
2196 iso_conn_del(hcon, bt_to_errno(status));
2197 }
2198}
2199
2200static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2201{
2202 if (hcon->type != ISO_LINK)
2203 return;
2204
2205 BT_DBG("hcon %p reason %d", hcon, reason);
2206
2207 iso_conn_del(hcon, bt_to_errno(reason));
2208}
2209
2210void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2211{
2212 struct iso_conn *conn = hcon->iso_data;
2213 __u16 pb, ts, len;
2214
2215 if (!conn)
2216 goto drop;
2217
2218 pb = hci_iso_flags_pb(flags);
2219 ts = hci_iso_flags_ts(flags);
2220
2221 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2222
2223 switch (pb) {
2224 case ISO_START:
2225 case ISO_SINGLE:
2226 if (conn->rx_len) {
2227 BT_ERR("Unexpected start frame (len %d)", skb->len);
2228 kfree_skb(conn->rx_skb);
2229 conn->rx_skb = NULL;
2230 conn->rx_len = 0;
2231 }
2232
2233 if (ts) {
2234 struct hci_iso_ts_data_hdr *hdr;
2235
2236 /* TODO: add timestamp to the packet? */
2237 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2238 if (!hdr) {
2239 BT_ERR("Frame is too short (len %d)", skb->len);
2240 goto drop;
2241 }
2242
2243 len = __le16_to_cpu(hdr->slen);
2244 } else {
2245 struct hci_iso_data_hdr *hdr;
2246
2247 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2248 if (!hdr) {
2249 BT_ERR("Frame is too short (len %d)", skb->len);
2250 goto drop;
2251 }
2252
2253 len = __le16_to_cpu(hdr->slen);
2254 }
2255
2256 flags = hci_iso_data_flags(len);
2257 len = hci_iso_data_len(len);
2258
2259 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2260 skb->len, flags);
2261
2262 if (len == skb->len) {
2263 /* Complete frame received */
2264 hci_skb_pkt_status(skb) = flags & 0x03;
2265 iso_recv_frame(conn, skb);
2266 return;
2267 }
2268
2269 if (pb == ISO_SINGLE) {
2270 BT_ERR("Frame malformed (len %d, expected len %d)",
2271 skb->len, len);
2272 goto drop;
2273 }
2274
2275 if (skb->len > len) {
2276 BT_ERR("Frame is too long (len %d, expected len %d)",
2277 skb->len, len);
2278 goto drop;
2279 }
2280
2281 /* Allocate skb for the complete frame (with header) */
2282 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2283 if (!conn->rx_skb)
2284 goto drop;
2285
2286 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2287 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2288 skb->len);
2289 conn->rx_len = len - skb->len;
2290 break;
2291
2292 case ISO_CONT:
2293 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2294 conn->rx_len);
2295
2296 if (!conn->rx_len) {
2297 BT_ERR("Unexpected continuation frame (len %d)",
2298 skb->len);
2299 goto drop;
2300 }
2301
2302 if (skb->len > conn->rx_len) {
2303 BT_ERR("Fragment is too long (len %d, expected %d)",
2304 skb->len, conn->rx_len);
2305 kfree_skb(conn->rx_skb);
2306 conn->rx_skb = NULL;
2307 conn->rx_len = 0;
2308 goto drop;
2309 }
2310
2311 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2312 skb->len);
2313 conn->rx_len -= skb->len;
2314 return;
2315
2316 case ISO_END:
2317 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2318 skb->len);
2319 conn->rx_len -= skb->len;
2320
2321 if (!conn->rx_len) {
2322 struct sk_buff *rx_skb = conn->rx_skb;
2323
2324 /* Complete frame received. iso_recv_frame
2325 * takes ownership of the skb so set the global
2326 * rx_skb pointer to NULL first.
2327 */
2328 conn->rx_skb = NULL;
2329 iso_recv_frame(conn, rx_skb);
2330 }
2331 break;
2332 }
2333
2334drop:
2335 kfree_skb(skb);
2336}
2337
2338static struct hci_cb iso_cb = {
2339 .name = "ISO",
2340 .match = iso_match,
2341 .connect_cfm = iso_connect_cfm,
2342 .disconn_cfm = iso_disconn_cfm,
2343};
2344
2345static int iso_debugfs_show(struct seq_file *f, void *p)
2346{
2347 struct sock *sk;
2348
2349 read_lock(&iso_sk_list.lock);
2350
2351 sk_for_each(sk, &iso_sk_list.head) {
2352 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2353 &iso_pi(sk)->dst, sk->sk_state);
2354 }
2355
2356 read_unlock(&iso_sk_list.lock);
2357
2358 return 0;
2359}
2360
2361DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2362
2363static struct dentry *iso_debugfs;
2364
2365static const struct proto_ops iso_sock_ops = {
2366 .family = PF_BLUETOOTH,
2367 .owner = THIS_MODULE,
2368 .release = iso_sock_release,
2369 .bind = iso_sock_bind,
2370 .connect = iso_sock_connect,
2371 .listen = iso_sock_listen,
2372 .accept = iso_sock_accept,
2373 .getname = iso_sock_getname,
2374 .sendmsg = iso_sock_sendmsg,
2375 .recvmsg = iso_sock_recvmsg,
2376 .poll = bt_sock_poll,
2377 .ioctl = bt_sock_ioctl,
2378 .mmap = sock_no_mmap,
2379 .socketpair = sock_no_socketpair,
2380 .shutdown = iso_sock_shutdown,
2381 .setsockopt = iso_sock_setsockopt,
2382 .getsockopt = iso_sock_getsockopt
2383};
2384
2385static const struct net_proto_family iso_sock_family_ops = {
2386 .family = PF_BLUETOOTH,
2387 .owner = THIS_MODULE,
2388 .create = iso_sock_create,
2389};
2390
2391static bool iso_inited;
2392
2393bool iso_enabled(void)
2394{
2395 return iso_inited;
2396}
2397
2398int iso_init(void)
2399{
2400 int err;
2401
2402 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2403
2404 if (iso_inited)
2405 return -EALREADY;
2406
2407 err = proto_register(&iso_proto, 0);
2408 if (err < 0)
2409 return err;
2410
2411 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2412 if (err < 0) {
2413 BT_ERR("ISO socket registration failed");
2414 goto error;
2415 }
2416
2417 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2418 if (err < 0) {
2419 BT_ERR("Failed to create ISO proc file");
2420 bt_sock_unregister(BTPROTO_ISO);
2421 goto error;
2422 }
2423
2424 BT_INFO("ISO socket layer initialized");
2425
2426 hci_register_cb(&iso_cb);
2427
2428 if (!IS_ERR_OR_NULL(bt_debugfs))
2429 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2430 NULL, &iso_debugfs_fops);
2431
2432 iso_inited = true;
2433
2434 return 0;
2435
2436error:
2437 proto_unregister(&iso_proto);
2438 return err;
2439}
2440
2441int iso_exit(void)
2442{
2443 if (!iso_inited)
2444 return -EALREADY;
2445
2446 bt_procfs_cleanup(&init_net, "iso");
2447
2448 debugfs_remove(iso_debugfs);
2449 iso_debugfs = NULL;
2450
2451 hci_unregister_cb(&iso_cb);
2452
2453 bt_sock_unregister(BTPROTO_ISO);
2454
2455 proto_unregister(&iso_proto);
2456
2457 iso_inited = false;
2458
2459 return 0;
2460}