Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52};
53
54#define sco_conn_lock(c) spin_lock(&c->lock);
55#define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57static void sco_sock_close(struct sock *sk);
58static void sco_sock_kill(struct sock *sk);
59
60/* ----- SCO socket info ----- */
61#define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 struct sco_conn *conn;
70};
71
72/* ---- SCO timers ---- */
73#define SCO_CONN_TIMEOUT (HZ * 40)
74#define SCO_DISCONN_TIMEOUT (HZ * 2)
75
76static void sco_sock_timeout(struct timer_list *t)
77{
78 struct sock *sk = from_timer(sk, t, sk_timer);
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89}
90
91static void sco_sock_set_timer(struct sock *sk, long timeout)
92{
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95}
96
97static void sco_sock_clear_timer(struct sock *sk)
98{
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101}
102
103/* ---- SCO connections ---- */
104static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105{
106 struct hci_dev *hdev = hcon->hdev;
107 struct sco_conn *conn = hcon->sco_data;
108
109 if (conn)
110 return conn;
111
112 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 if (!conn)
114 return NULL;
115
116 spin_lock_init(&conn->lock);
117
118 hcon->sco_data = conn;
119 conn->hcon = hcon;
120
121 if (hdev->sco_mtu > 0)
122 conn->mtu = hdev->sco_mtu;
123 else
124 conn->mtu = 60;
125
126 BT_DBG("hcon %p conn %p", hcon, conn);
127
128 return conn;
129}
130
131/* Delete channel.
132 * Must be called on the locked socket. */
133static void sco_chan_del(struct sock *sk, int err)
134{
135 struct sco_conn *conn;
136
137 conn = sco_pi(sk)->conn;
138
139 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140
141 if (conn) {
142 sco_conn_lock(conn);
143 conn->sk = NULL;
144 sco_pi(sk)->conn = NULL;
145 sco_conn_unlock(conn);
146
147 if (conn->hcon)
148 hci_conn_drop(conn->hcon);
149 }
150
151 sk->sk_state = BT_CLOSED;
152 sk->sk_err = err;
153 sk->sk_state_change(sk);
154
155 sock_set_flag(sk, SOCK_ZAPPED);
156}
157
158static void sco_conn_del(struct hci_conn *hcon, int err)
159{
160 struct sco_conn *conn = hcon->sco_data;
161 struct sock *sk;
162
163 if (!conn)
164 return;
165
166 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167
168 /* Kill socket */
169 sco_conn_lock(conn);
170 sk = conn->sk;
171 sco_conn_unlock(conn);
172
173 if (sk) {
174 sock_hold(sk);
175 bh_lock_sock(sk);
176 sco_sock_clear_timer(sk);
177 sco_chan_del(sk, err);
178 bh_unlock_sock(sk);
179 sco_sock_kill(sk);
180 sock_put(sk);
181 }
182
183 hcon->sco_data = NULL;
184 kfree(conn);
185}
186
187static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 struct sock *parent)
189{
190 BT_DBG("conn %p", conn);
191
192 sco_pi(sk)->conn = conn;
193 conn->sk = sk;
194
195 if (parent)
196 bt_accept_enqueue(parent, sk, true);
197}
198
199static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 struct sock *parent)
201{
202 int err = 0;
203
204 sco_conn_lock(conn);
205 if (conn->sk)
206 err = -EBUSY;
207 else
208 __sco_chan_add(conn, sk, parent);
209
210 sco_conn_unlock(conn);
211 return err;
212}
213
214static int sco_connect(struct sock *sk)
215{
216 struct sco_conn *conn;
217 struct hci_conn *hcon;
218 struct hci_dev *hdev;
219 int err, type;
220
221 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222
223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 if (!hdev)
225 return -EHOSTUNREACH;
226
227 hci_dev_lock(hdev);
228
229 if (lmp_esco_capable(hdev) && !disable_esco)
230 type = ESCO_LINK;
231 else
232 type = SCO_LINK;
233
234 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 err = -EOPNOTSUPP;
237 goto done;
238 }
239
240 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 sco_pi(sk)->setting);
242 if (IS_ERR(hcon)) {
243 err = PTR_ERR(hcon);
244 goto done;
245 }
246
247 conn = sco_conn_add(hcon);
248 if (!conn) {
249 hci_conn_drop(hcon);
250 err = -ENOMEM;
251 goto done;
252 }
253
254 /* Update source addr of the socket */
255 bacpy(&sco_pi(sk)->src, &hcon->src);
256
257 err = sco_chan_add(conn, sk, NULL);
258 if (err)
259 goto done;
260
261 if (hcon->state == BT_CONNECTED) {
262 sco_sock_clear_timer(sk);
263 sk->sk_state = BT_CONNECTED;
264 } else {
265 sk->sk_state = BT_CONNECT;
266 sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 }
268
269done:
270 hci_dev_unlock(hdev);
271 hci_dev_put(hdev);
272 return err;
273}
274
275static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276{
277 struct sco_conn *conn = sco_pi(sk)->conn;
278 struct sk_buff *skb;
279 int err;
280
281 /* Check outgoing MTU */
282 if (len > conn->mtu)
283 return -EINVAL;
284
285 BT_DBG("sk %p len %d", sk, len);
286
287 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 if (!skb)
289 return err;
290
291 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 kfree_skb(skb);
293 return -EFAULT;
294 }
295
296 hci_send_sco(conn->hcon, skb);
297
298 return len;
299}
300
301static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302{
303 struct sock *sk;
304
305 sco_conn_lock(conn);
306 sk = conn->sk;
307 sco_conn_unlock(conn);
308
309 if (!sk)
310 goto drop;
311
312 BT_DBG("sk %p len %d", sk, skb->len);
313
314 if (sk->sk_state != BT_CONNECTED)
315 goto drop;
316
317 if (!sock_queue_rcv_skb(sk, skb))
318 return;
319
320drop:
321 kfree_skb(skb);
322}
323
324/* -------- Socket interface ---------- */
325static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326{
327 struct sock *sk;
328
329 sk_for_each(sk, &sco_sk_list.head) {
330 if (sk->sk_state != BT_LISTEN)
331 continue;
332
333 if (!bacmp(&sco_pi(sk)->src, ba))
334 return sk;
335 }
336
337 return NULL;
338}
339
340/* Find socket listening on source bdaddr.
341 * Returns closest match.
342 */
343static struct sock *sco_get_sock_listen(bdaddr_t *src)
344{
345 struct sock *sk = NULL, *sk1 = NULL;
346
347 read_lock(&sco_sk_list.lock);
348
349 sk_for_each(sk, &sco_sk_list.head) {
350 if (sk->sk_state != BT_LISTEN)
351 continue;
352
353 /* Exact match. */
354 if (!bacmp(&sco_pi(sk)->src, src))
355 break;
356
357 /* Closest match */
358 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 sk1 = sk;
360 }
361
362 read_unlock(&sco_sk_list.lock);
363
364 return sk ? sk : sk1;
365}
366
367static void sco_sock_destruct(struct sock *sk)
368{
369 BT_DBG("sk %p", sk);
370
371 skb_queue_purge(&sk->sk_receive_queue);
372 skb_queue_purge(&sk->sk_write_queue);
373}
374
375static void sco_sock_cleanup_listen(struct sock *parent)
376{
377 struct sock *sk;
378
379 BT_DBG("parent %p", parent);
380
381 /* Close not yet accepted channels */
382 while ((sk = bt_accept_dequeue(parent, NULL))) {
383 sco_sock_close(sk);
384 sco_sock_kill(sk);
385 }
386
387 parent->sk_state = BT_CLOSED;
388 sock_set_flag(parent, SOCK_ZAPPED);
389}
390
391/* Kill socket (only if zapped and orphan)
392 * Must be called on unlocked socket.
393 */
394static void sco_sock_kill(struct sock *sk)
395{
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
397 sock_flag(sk, SOCK_DEAD))
398 return;
399
400 BT_DBG("sk %p state %d", sk, sk->sk_state);
401
402 /* Kill poor orphan */
403 bt_sock_unlink(&sco_sk_list, sk);
404 sock_set_flag(sk, SOCK_DEAD);
405 sock_put(sk);
406}
407
408static void __sco_sock_close(struct sock *sk)
409{
410 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
411
412 switch (sk->sk_state) {
413 case BT_LISTEN:
414 sco_sock_cleanup_listen(sk);
415 break;
416
417 case BT_CONNECTED:
418 case BT_CONFIG:
419 if (sco_pi(sk)->conn->hcon) {
420 sk->sk_state = BT_DISCONN;
421 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
422 sco_conn_lock(sco_pi(sk)->conn);
423 hci_conn_drop(sco_pi(sk)->conn->hcon);
424 sco_pi(sk)->conn->hcon = NULL;
425 sco_conn_unlock(sco_pi(sk)->conn);
426 } else
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 case BT_CONNECT2:
431 case BT_CONNECT:
432 case BT_DISCONN:
433 sco_chan_del(sk, ECONNRESET);
434 break;
435
436 default:
437 sock_set_flag(sk, SOCK_ZAPPED);
438 break;
439 }
440}
441
442/* Must be called on unlocked socket. */
443static void sco_sock_close(struct sock *sk)
444{
445 sco_sock_clear_timer(sk);
446 lock_sock(sk);
447 __sco_sock_close(sk);
448 release_sock(sk);
449 sco_sock_kill(sk);
450}
451
452static void sco_sock_init(struct sock *sk, struct sock *parent)
453{
454 BT_DBG("sk %p", sk);
455
456 if (parent) {
457 sk->sk_type = parent->sk_type;
458 bt_sk(sk)->flags = bt_sk(parent)->flags;
459 security_sk_clone(parent, sk);
460 }
461}
462
463static struct proto sco_proto = {
464 .name = "SCO",
465 .owner = THIS_MODULE,
466 .obj_size = sizeof(struct sco_pinfo)
467};
468
469static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
470 int proto, gfp_t prio, int kern)
471{
472 struct sock *sk;
473
474 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
475 if (!sk)
476 return NULL;
477
478 sock_init_data(sock, sk);
479 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
480
481 sk->sk_destruct = sco_sock_destruct;
482 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
483
484 sock_reset_flag(sk, SOCK_ZAPPED);
485
486 sk->sk_protocol = proto;
487 sk->sk_state = BT_OPEN;
488
489 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
490
491 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
492
493 bt_sock_link(&sco_sk_list, sk);
494 return sk;
495}
496
497static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
498 int kern)
499{
500 struct sock *sk;
501
502 BT_DBG("sock %p", sock);
503
504 sock->state = SS_UNCONNECTED;
505
506 if (sock->type != SOCK_SEQPACKET)
507 return -ESOCKTNOSUPPORT;
508
509 sock->ops = &sco_sock_ops;
510
511 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
512 if (!sk)
513 return -ENOMEM;
514
515 sco_sock_init(sk, NULL);
516 return 0;
517}
518
519static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
520 int addr_len)
521{
522 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
523 struct sock *sk = sock->sk;
524 int err = 0;
525
526 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
527 addr->sa_family != AF_BLUETOOTH)
528 return -EINVAL;
529
530 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573 /* Set destination address and psm */
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags, bool kern)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642 /* Wait for an incoming connection. (wake-one). */
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692
693 if (peer)
694 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
695 else
696 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
697
698 return sizeof(struct sockaddr_sco);
699}
700
701static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
702 size_t len)
703{
704 struct sock *sk = sock->sk;
705 int err;
706
707 BT_DBG("sock %p, sk %p", sock, sk);
708
709 err = sock_error(sk);
710 if (err)
711 return err;
712
713 if (msg->msg_flags & MSG_OOB)
714 return -EOPNOTSUPP;
715
716 lock_sock(sk);
717
718 if (sk->sk_state == BT_CONNECTED)
719 err = sco_send_frame(sk, msg, len);
720 else
721 err = -ENOTCONN;
722
723 release_sock(sk);
724 return err;
725}
726
727static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
728{
729 struct hci_dev *hdev = conn->hdev;
730
731 BT_DBG("conn %p", conn);
732
733 conn->state = BT_CONFIG;
734
735 if (!lmp_esco_capable(hdev)) {
736 struct hci_cp_accept_conn_req cp;
737
738 bacpy(&cp.bdaddr, &conn->dst);
739 cp.role = 0x00; /* Ignored */
740
741 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
742 } else {
743 struct hci_cp_accept_sync_conn_req cp;
744
745 bacpy(&cp.bdaddr, &conn->dst);
746 cp.pkt_type = cpu_to_le16(conn->pkt_type);
747
748 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
749 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.content_format = cpu_to_le16(setting);
751
752 switch (setting & SCO_AIRMODE_MASK) {
753 case SCO_AIRMODE_TRANSP:
754 if (conn->pkt_type & ESCO_2EV3)
755 cp.max_latency = cpu_to_le16(0x0008);
756 else
757 cp.max_latency = cpu_to_le16(0x000D);
758 cp.retrans_effort = 0x02;
759 break;
760 case SCO_AIRMODE_CVSD:
761 cp.max_latency = cpu_to_le16(0xffff);
762 cp.retrans_effort = 0xff;
763 break;
764 }
765
766 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
767 sizeof(cp), &cp);
768 }
769}
770
771static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
772 size_t len, int flags)
773{
774 struct sock *sk = sock->sk;
775 struct sco_pinfo *pi = sco_pi(sk);
776
777 lock_sock(sk);
778
779 if (sk->sk_state == BT_CONNECT2 &&
780 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
781 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
782 sk->sk_state = BT_CONFIG;
783
784 release_sock(sk);
785 return 0;
786 }
787
788 release_sock(sk);
789
790 return bt_sock_recvmsg(sock, msg, len, flags);
791}
792
793static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
794 char __user *optval, unsigned int optlen)
795{
796 struct sock *sk = sock->sk;
797 int len, err = 0;
798 struct bt_voice voice;
799 u32 opt;
800
801 BT_DBG("sk %p", sk);
802
803 lock_sock(sk);
804
805 switch (optname) {
806
807 case BT_DEFER_SETUP:
808 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
809 err = -EINVAL;
810 break;
811 }
812
813 if (get_user(opt, (u32 __user *) optval)) {
814 err = -EFAULT;
815 break;
816 }
817
818 if (opt)
819 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
820 else
821 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 break;
823
824 case BT_VOICE:
825 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
826 sk->sk_state != BT_CONNECT2) {
827 err = -EINVAL;
828 break;
829 }
830
831 voice.setting = sco_pi(sk)->setting;
832
833 len = min_t(unsigned int, sizeof(voice), optlen);
834 if (copy_from_user((char *)&voice, optval, len)) {
835 err = -EFAULT;
836 break;
837 }
838
839 /* Explicitly check for these values */
840 if (voice.setting != BT_VOICE_TRANSPARENT &&
841 voice.setting != BT_VOICE_CVSD_16BIT) {
842 err = -EINVAL;
843 break;
844 }
845
846 sco_pi(sk)->setting = voice.setting;
847 break;
848
849 default:
850 err = -ENOPROTOOPT;
851 break;
852 }
853
854 release_sock(sk);
855 return err;
856}
857
858static int sco_sock_getsockopt_old(struct socket *sock, int optname,
859 char __user *optval, int __user *optlen)
860{
861 struct sock *sk = sock->sk;
862 struct sco_options opts;
863 struct sco_conninfo cinfo;
864 int len, err = 0;
865
866 BT_DBG("sk %p", sk);
867
868 if (get_user(len, optlen))
869 return -EFAULT;
870
871 lock_sock(sk);
872
873 switch (optname) {
874 case SCO_OPTIONS:
875 if (sk->sk_state != BT_CONNECTED &&
876 !(sk->sk_state == BT_CONNECT2 &&
877 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
878 err = -ENOTCONN;
879 break;
880 }
881
882 opts.mtu = sco_pi(sk)->conn->mtu;
883
884 BT_DBG("mtu %d", opts.mtu);
885
886 len = min_t(unsigned int, len, sizeof(opts));
887 if (copy_to_user(optval, (char *)&opts, len))
888 err = -EFAULT;
889
890 break;
891
892 case SCO_CONNINFO:
893 if (sk->sk_state != BT_CONNECTED &&
894 !(sk->sk_state == BT_CONNECT2 &&
895 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
896 err = -ENOTCONN;
897 break;
898 }
899
900 memset(&cinfo, 0, sizeof(cinfo));
901 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
902 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
903
904 len = min_t(unsigned int, len, sizeof(cinfo));
905 if (copy_to_user(optval, (char *)&cinfo, len))
906 err = -EFAULT;
907
908 break;
909
910 default:
911 err = -ENOPROTOOPT;
912 break;
913 }
914
915 release_sock(sk);
916 return err;
917}
918
919static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
920 char __user *optval, int __user *optlen)
921{
922 struct sock *sk = sock->sk;
923 int len, err = 0;
924 struct bt_voice voice;
925
926 BT_DBG("sk %p", sk);
927
928 if (level == SOL_SCO)
929 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
930
931 if (get_user(len, optlen))
932 return -EFAULT;
933
934 lock_sock(sk);
935
936 switch (optname) {
937
938 case BT_DEFER_SETUP:
939 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
940 err = -EINVAL;
941 break;
942 }
943
944 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
945 (u32 __user *)optval))
946 err = -EFAULT;
947
948 break;
949
950 case BT_VOICE:
951 voice.setting = sco_pi(sk)->setting;
952
953 len = min_t(unsigned int, len, sizeof(voice));
954 if (copy_to_user(optval, (char *)&voice, len))
955 err = -EFAULT;
956
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 release_sock(sk);
965 return err;
966}
967
968static int sco_sock_shutdown(struct socket *sock, int how)
969{
970 struct sock *sk = sock->sk;
971 int err = 0;
972
973 BT_DBG("sock %p, sk %p", sock, sk);
974
975 if (!sk)
976 return 0;
977
978 sock_hold(sk);
979 lock_sock(sk);
980
981 if (!sk->sk_shutdown) {
982 sk->sk_shutdown = SHUTDOWN_MASK;
983 sco_sock_clear_timer(sk);
984 __sco_sock_close(sk);
985
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
987 !(current->flags & PF_EXITING))
988 err = bt_sock_wait_state(sk, BT_CLOSED,
989 sk->sk_lingertime);
990 }
991
992 release_sock(sk);
993 sock_put(sk);
994
995 return err;
996}
997
998static int sco_sock_release(struct socket *sock)
999{
1000 struct sock *sk = sock->sk;
1001 int err = 0;
1002
1003 BT_DBG("sock %p, sk %p", sock, sk);
1004
1005 if (!sk)
1006 return 0;
1007
1008 sco_sock_close(sk);
1009
1010 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1011 !(current->flags & PF_EXITING)) {
1012 lock_sock(sk);
1013 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1014 release_sock(sk);
1015 }
1016
1017 sock_orphan(sk);
1018 sco_sock_kill(sk);
1019 return err;
1020}
1021
1022static void sco_conn_ready(struct sco_conn *conn)
1023{
1024 struct sock *parent;
1025 struct sock *sk = conn->sk;
1026
1027 BT_DBG("conn %p", conn);
1028
1029 if (sk) {
1030 sco_sock_clear_timer(sk);
1031 bh_lock_sock(sk);
1032 sk->sk_state = BT_CONNECTED;
1033 sk->sk_state_change(sk);
1034 bh_unlock_sock(sk);
1035 } else {
1036 sco_conn_lock(conn);
1037
1038 if (!conn->hcon) {
1039 sco_conn_unlock(conn);
1040 return;
1041 }
1042
1043 parent = sco_get_sock_listen(&conn->hcon->src);
1044 if (!parent) {
1045 sco_conn_unlock(conn);
1046 return;
1047 }
1048
1049 bh_lock_sock(parent);
1050
1051 sk = sco_sock_alloc(sock_net(parent), NULL,
1052 BTPROTO_SCO, GFP_ATOMIC, 0);
1053 if (!sk) {
1054 bh_unlock_sock(parent);
1055 sco_conn_unlock(conn);
1056 return;
1057 }
1058
1059 sco_sock_init(sk, parent);
1060
1061 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1062 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1063
1064 hci_conn_hold(conn->hcon);
1065 __sco_chan_add(conn, sk, parent);
1066
1067 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1068 sk->sk_state = BT_CONNECT2;
1069 else
1070 sk->sk_state = BT_CONNECTED;
1071
1072 /* Wake up parent */
1073 parent->sk_data_ready(parent);
1074
1075 bh_unlock_sock(parent);
1076
1077 sco_conn_unlock(conn);
1078 }
1079}
1080
1081/* ----- SCO interface with lower layer (HCI) ----- */
1082int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1083{
1084 struct sock *sk;
1085 int lm = 0;
1086
1087 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1088
1089 /* Find listening sockets */
1090 read_lock(&sco_sk_list.lock);
1091 sk_for_each(sk, &sco_sk_list.head) {
1092 if (sk->sk_state != BT_LISTEN)
1093 continue;
1094
1095 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1096 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1097 lm |= HCI_LM_ACCEPT;
1098
1099 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1100 *flags |= HCI_PROTO_DEFER;
1101 break;
1102 }
1103 }
1104 read_unlock(&sco_sk_list.lock);
1105
1106 return lm;
1107}
1108
1109static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1110{
1111 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1112 return;
1113
1114 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1115
1116 if (!status) {
1117 struct sco_conn *conn;
1118
1119 conn = sco_conn_add(hcon);
1120 if (conn)
1121 sco_conn_ready(conn);
1122 } else
1123 sco_conn_del(hcon, bt_to_errno(status));
1124}
1125
1126static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1127{
1128 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1129 return;
1130
1131 BT_DBG("hcon %p reason %d", hcon, reason);
1132
1133 sco_conn_del(hcon, bt_to_errno(reason));
1134}
1135
1136void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1137{
1138 struct sco_conn *conn = hcon->sco_data;
1139
1140 if (!conn)
1141 goto drop;
1142
1143 BT_DBG("conn %p len %d", conn, skb->len);
1144
1145 if (skb->len) {
1146 sco_recv_frame(conn, skb);
1147 return;
1148 }
1149
1150drop:
1151 kfree_skb(skb);
1152}
1153
1154static struct hci_cb sco_cb = {
1155 .name = "SCO",
1156 .connect_cfm = sco_connect_cfm,
1157 .disconn_cfm = sco_disconn_cfm,
1158};
1159
1160static int sco_debugfs_show(struct seq_file *f, void *p)
1161{
1162 struct sock *sk;
1163
1164 read_lock(&sco_sk_list.lock);
1165
1166 sk_for_each(sk, &sco_sk_list.head) {
1167 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1168 &sco_pi(sk)->dst, sk->sk_state);
1169 }
1170
1171 read_unlock(&sco_sk_list.lock);
1172
1173 return 0;
1174}
1175
1176DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1177
1178static struct dentry *sco_debugfs;
1179
1180static const struct proto_ops sco_sock_ops = {
1181 .family = PF_BLUETOOTH,
1182 .owner = THIS_MODULE,
1183 .release = sco_sock_release,
1184 .bind = sco_sock_bind,
1185 .connect = sco_sock_connect,
1186 .listen = sco_sock_listen,
1187 .accept = sco_sock_accept,
1188 .getname = sco_sock_getname,
1189 .sendmsg = sco_sock_sendmsg,
1190 .recvmsg = sco_sock_recvmsg,
1191 .poll = bt_sock_poll,
1192 .ioctl = bt_sock_ioctl,
1193 .gettstamp = sock_gettstamp,
1194 .mmap = sock_no_mmap,
1195 .socketpair = sock_no_socketpair,
1196 .shutdown = sco_sock_shutdown,
1197 .setsockopt = sco_sock_setsockopt,
1198 .getsockopt = sco_sock_getsockopt
1199};
1200
1201static const struct net_proto_family sco_sock_family_ops = {
1202 .family = PF_BLUETOOTH,
1203 .owner = THIS_MODULE,
1204 .create = sco_sock_create,
1205};
1206
1207int __init sco_init(void)
1208{
1209 int err;
1210
1211 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1212
1213 err = proto_register(&sco_proto, 0);
1214 if (err < 0)
1215 return err;
1216
1217 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1218 if (err < 0) {
1219 BT_ERR("SCO socket registration failed");
1220 goto error;
1221 }
1222
1223 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1224 if (err < 0) {
1225 BT_ERR("Failed to create SCO proc file");
1226 bt_sock_unregister(BTPROTO_SCO);
1227 goto error;
1228 }
1229
1230 BT_INFO("SCO socket layer initialized");
1231
1232 hci_register_cb(&sco_cb);
1233
1234 if (IS_ERR_OR_NULL(bt_debugfs))
1235 return 0;
1236
1237 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1238 NULL, &sco_debugfs_fops);
1239
1240 return 0;
1241
1242error:
1243 proto_unregister(&sco_proto);
1244 return err;
1245}
1246
1247void sco_exit(void)
1248{
1249 bt_procfs_cleanup(&init_net, "sco");
1250
1251 debugfs_remove(sco_debugfs);
1252
1253 hci_unregister_cb(&sco_cb);
1254
1255 bt_sock_unregister(BTPROTO_SCO);
1256
1257 proto_unregister(&sco_proto);
1258}
1259
1260module_param(disable_esco, bool, 0644);
1261MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74};
75
76/* ---- SCO timers ---- */
77#define SCO_CONN_TIMEOUT (HZ * 40)
78#define SCO_DISCONN_TIMEOUT (HZ * 2)
79
80static void sco_sock_timeout(struct work_struct *work)
81{
82 struct sco_conn *conn = container_of(work, struct sco_conn,
83 timeout_work.work);
84 struct sock *sk;
85
86 sco_conn_lock(conn);
87 sk = conn->sk;
88 if (sk)
89 sock_hold(sk);
90 sco_conn_unlock(conn);
91
92 if (!sk)
93 return;
94
95 BT_DBG("sock %p state %d", sk, sk->sk_state);
96
97 lock_sock(sk);
98 sk->sk_err = ETIMEDOUT;
99 sk->sk_state_change(sk);
100 release_sock(sk);
101 sock_put(sk);
102}
103
104static void sco_sock_set_timer(struct sock *sk, long timeout)
105{
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112}
113
114static void sco_sock_clear_timer(struct sock *sk)
115{
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121}
122
123/* ---- SCO connections ---- */
124static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125{
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
138
139 hcon->sco_data = conn;
140 conn->hcon = hcon;
141
142 if (hdev->sco_mtu > 0)
143 conn->mtu = hdev->sco_mtu;
144 else
145 conn->mtu = 60;
146
147 BT_DBG("hcon %p conn %p", hcon, conn);
148
149 return conn;
150}
151
152/* Delete channel.
153 * Must be called on the locked socket. */
154static void sco_chan_del(struct sock *sk, int err)
155{
156 struct sco_conn *conn;
157
158 conn = sco_pi(sk)->conn;
159
160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
161
162 if (conn) {
163 sco_conn_lock(conn);
164 conn->sk = NULL;
165 sco_pi(sk)->conn = NULL;
166 sco_conn_unlock(conn);
167
168 if (conn->hcon)
169 hci_conn_drop(conn->hcon);
170 }
171
172 sk->sk_state = BT_CLOSED;
173 sk->sk_err = err;
174 sk->sk_state_change(sk);
175
176 sock_set_flag(sk, SOCK_ZAPPED);
177}
178
179static void sco_conn_del(struct hci_conn *hcon, int err)
180{
181 struct sco_conn *conn = hcon->sco_data;
182 struct sock *sk;
183
184 if (!conn)
185 return;
186
187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
188
189 /* Kill socket */
190 sco_conn_lock(conn);
191 sk = conn->sk;
192 if (sk)
193 sock_hold(sk);
194 sco_conn_unlock(conn);
195
196 if (sk) {
197 lock_sock(sk);
198 sco_sock_clear_timer(sk);
199 sco_chan_del(sk, err);
200 release_sock(sk);
201 sock_put(sk);
202 }
203
204 /* Ensure no more work items will run before freeing conn. */
205 cancel_delayed_work_sync(&conn->timeout_work);
206
207 hcon->sco_data = NULL;
208 kfree(conn);
209}
210
211static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
212 struct sock *parent)
213{
214 BT_DBG("conn %p", conn);
215
216 sco_pi(sk)->conn = conn;
217 conn->sk = sk;
218
219 if (parent)
220 bt_accept_enqueue(parent, sk, true);
221}
222
223static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
224 struct sock *parent)
225{
226 int err = 0;
227
228 sco_conn_lock(conn);
229 if (conn->sk)
230 err = -EBUSY;
231 else
232 __sco_chan_add(conn, sk, parent);
233
234 sco_conn_unlock(conn);
235 return err;
236}
237
238static int sco_connect(struct hci_dev *hdev, struct sock *sk)
239{
240 struct sco_conn *conn;
241 struct hci_conn *hcon;
242 int err, type;
243
244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
245
246 if (lmp_esco_capable(hdev) && !disable_esco)
247 type = ESCO_LINK;
248 else
249 type = SCO_LINK;
250
251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
253 return -EOPNOTSUPP;
254
255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
256 sco_pi(sk)->setting, &sco_pi(sk)->codec);
257 if (IS_ERR(hcon))
258 return PTR_ERR(hcon);
259
260 conn = sco_conn_add(hcon);
261 if (!conn) {
262 hci_conn_drop(hcon);
263 return -ENOMEM;
264 }
265
266 /* Update source addr of the socket */
267 bacpy(&sco_pi(sk)->src, &hcon->src);
268
269 err = sco_chan_add(conn, sk, NULL);
270 if (err)
271 return err;
272
273 if (hcon->state == BT_CONNECTED) {
274 sco_sock_clear_timer(sk);
275 sk->sk_state = BT_CONNECTED;
276 } else {
277 sk->sk_state = BT_CONNECT;
278 sco_sock_set_timer(sk, sk->sk_sndtimeo);
279 }
280
281 return err;
282}
283
284static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
285{
286 struct sco_conn *conn = sco_pi(sk)->conn;
287 int len = skb->len;
288
289 /* Check outgoing MTU */
290 if (len > conn->mtu)
291 return -EINVAL;
292
293 BT_DBG("sk %p len %d", sk, len);
294
295 hci_send_sco(conn->hcon, skb);
296
297 return len;
298}
299
300static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
301{
302 struct sock *sk;
303
304 sco_conn_lock(conn);
305 sk = conn->sk;
306 sco_conn_unlock(conn);
307
308 if (!sk)
309 goto drop;
310
311 BT_DBG("sk %p len %u", sk, skb->len);
312
313 if (sk->sk_state != BT_CONNECTED)
314 goto drop;
315
316 if (!sock_queue_rcv_skb(sk, skb))
317 return;
318
319drop:
320 kfree_skb(skb);
321}
322
323/* -------- Socket interface ---------- */
324static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
325{
326 struct sock *sk;
327
328 sk_for_each(sk, &sco_sk_list.head) {
329 if (sk->sk_state != BT_LISTEN)
330 continue;
331
332 if (!bacmp(&sco_pi(sk)->src, ba))
333 return sk;
334 }
335
336 return NULL;
337}
338
339/* Find socket listening on source bdaddr.
340 * Returns closest match.
341 */
342static struct sock *sco_get_sock_listen(bdaddr_t *src)
343{
344 struct sock *sk = NULL, *sk1 = NULL;
345
346 read_lock(&sco_sk_list.lock);
347
348 sk_for_each(sk, &sco_sk_list.head) {
349 if (sk->sk_state != BT_LISTEN)
350 continue;
351
352 /* Exact match. */
353 if (!bacmp(&sco_pi(sk)->src, src))
354 break;
355
356 /* Closest match */
357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
358 sk1 = sk;
359 }
360
361 read_unlock(&sco_sk_list.lock);
362
363 return sk ? sk : sk1;
364}
365
366static void sco_sock_destruct(struct sock *sk)
367{
368 BT_DBG("sk %p", sk);
369
370 skb_queue_purge(&sk->sk_receive_queue);
371 skb_queue_purge(&sk->sk_write_queue);
372}
373
374static void sco_sock_cleanup_listen(struct sock *parent)
375{
376 struct sock *sk;
377
378 BT_DBG("parent %p", parent);
379
380 /* Close not yet accepted channels */
381 while ((sk = bt_accept_dequeue(parent, NULL))) {
382 sco_sock_close(sk);
383 sco_sock_kill(sk);
384 }
385
386 parent->sk_state = BT_CLOSED;
387 sock_set_flag(parent, SOCK_ZAPPED);
388}
389
390/* Kill socket (only if zapped and orphan)
391 * Must be called on unlocked socket.
392 */
393static void sco_sock_kill(struct sock *sk)
394{
395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
396 return;
397
398 BT_DBG("sk %p state %d", sk, sk->sk_state);
399
400 /* Kill poor orphan */
401 bt_sock_unlink(&sco_sk_list, sk);
402 sock_set_flag(sk, SOCK_DEAD);
403 sock_put(sk);
404}
405
406static void __sco_sock_close(struct sock *sk)
407{
408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
409
410 switch (sk->sk_state) {
411 case BT_LISTEN:
412 sco_sock_cleanup_listen(sk);
413 break;
414
415 case BT_CONNECTED:
416 case BT_CONFIG:
417 if (sco_pi(sk)->conn->hcon) {
418 sk->sk_state = BT_DISCONN;
419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
420 sco_conn_lock(sco_pi(sk)->conn);
421 hci_conn_drop(sco_pi(sk)->conn->hcon);
422 sco_pi(sk)->conn->hcon = NULL;
423 sco_conn_unlock(sco_pi(sk)->conn);
424 } else
425 sco_chan_del(sk, ECONNRESET);
426 break;
427
428 case BT_CONNECT2:
429 case BT_CONNECT:
430 case BT_DISCONN:
431 sco_chan_del(sk, ECONNRESET);
432 break;
433
434 default:
435 sock_set_flag(sk, SOCK_ZAPPED);
436 break;
437 }
438
439}
440
441/* Must be called on unlocked socket. */
442static void sco_sock_close(struct sock *sk)
443{
444 lock_sock(sk);
445 sco_sock_clear_timer(sk);
446 __sco_sock_close(sk);
447 release_sock(sk);
448}
449
450static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
451 struct sock *sk)
452{
453 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
454 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
455 sizeof(bt_cb(skb)->sco.pkt_status),
456 &bt_cb(skb)->sco.pkt_status);
457}
458
459static void sco_sock_init(struct sock *sk, struct sock *parent)
460{
461 BT_DBG("sk %p", sk);
462
463 if (parent) {
464 sk->sk_type = parent->sk_type;
465 bt_sk(sk)->flags = bt_sk(parent)->flags;
466 security_sk_clone(parent, sk);
467 } else {
468 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
469 }
470}
471
472static struct proto sco_proto = {
473 .name = "SCO",
474 .owner = THIS_MODULE,
475 .obj_size = sizeof(struct sco_pinfo)
476};
477
478static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
479 int proto, gfp_t prio, int kern)
480{
481 struct sock *sk;
482
483 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
484 if (!sk)
485 return NULL;
486
487 sock_init_data(sock, sk);
488 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
489
490 sk->sk_destruct = sco_sock_destruct;
491 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
492
493 sock_reset_flag(sk, SOCK_ZAPPED);
494
495 sk->sk_protocol = proto;
496 sk->sk_state = BT_OPEN;
497
498 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
499 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
500 sco_pi(sk)->codec.cid = 0xffff;
501 sco_pi(sk)->codec.vid = 0xffff;
502 sco_pi(sk)->codec.data_path = 0x00;
503
504 bt_sock_link(&sco_sk_list, sk);
505 return sk;
506}
507
508static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
509 int kern)
510{
511 struct sock *sk;
512
513 BT_DBG("sock %p", sock);
514
515 sock->state = SS_UNCONNECTED;
516
517 if (sock->type != SOCK_SEQPACKET)
518 return -ESOCKTNOSUPPORT;
519
520 sock->ops = &sco_sock_ops;
521
522 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
523 if (!sk)
524 return -ENOMEM;
525
526 sco_sock_init(sk, NULL);
527 return 0;
528}
529
530static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
531 int addr_len)
532{
533 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
534 struct sock *sk = sock->sk;
535 int err = 0;
536
537 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
538 addr->sa_family != AF_BLUETOOTH)
539 return -EINVAL;
540
541 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
542
543 lock_sock(sk);
544
545 if (sk->sk_state != BT_OPEN) {
546 err = -EBADFD;
547 goto done;
548 }
549
550 if (sk->sk_type != SOCK_SEQPACKET) {
551 err = -EINVAL;
552 goto done;
553 }
554
555 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
556
557 sk->sk_state = BT_BOUND;
558
559done:
560 release_sock(sk);
561 return err;
562}
563
564static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
565{
566 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
567 struct sock *sk = sock->sk;
568 struct hci_dev *hdev;
569 int err;
570
571 BT_DBG("sk %p", sk);
572
573 if (alen < sizeof(struct sockaddr_sco) ||
574 addr->sa_family != AF_BLUETOOTH)
575 return -EINVAL;
576
577 lock_sock(sk);
578 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
579 err = -EBADFD;
580 goto done;
581 }
582
583 if (sk->sk_type != SOCK_SEQPACKET) {
584 err = -EINVAL;
585 goto done;
586 }
587
588 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
589 if (!hdev) {
590 err = -EHOSTUNREACH;
591 goto done;
592 }
593 hci_dev_lock(hdev);
594
595 /* Set destination address and psm */
596 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
597
598 err = sco_connect(hdev, sk);
599 hci_dev_unlock(hdev);
600 hci_dev_put(hdev);
601 if (err)
602 goto done;
603
604 err = bt_sock_wait_state(sk, BT_CONNECTED,
605 sock_sndtimeo(sk, flags & O_NONBLOCK));
606
607done:
608 release_sock(sk);
609 return err;
610}
611
612static int sco_sock_listen(struct socket *sock, int backlog)
613{
614 struct sock *sk = sock->sk;
615 bdaddr_t *src = &sco_pi(sk)->src;
616 int err = 0;
617
618 BT_DBG("sk %p backlog %d", sk, backlog);
619
620 lock_sock(sk);
621
622 if (sk->sk_state != BT_BOUND) {
623 err = -EBADFD;
624 goto done;
625 }
626
627 if (sk->sk_type != SOCK_SEQPACKET) {
628 err = -EINVAL;
629 goto done;
630 }
631
632 write_lock(&sco_sk_list.lock);
633
634 if (__sco_get_sock_listen_by_addr(src)) {
635 err = -EADDRINUSE;
636 goto unlock;
637 }
638
639 sk->sk_max_ack_backlog = backlog;
640 sk->sk_ack_backlog = 0;
641
642 sk->sk_state = BT_LISTEN;
643
644unlock:
645 write_unlock(&sco_sk_list.lock);
646
647done:
648 release_sock(sk);
649 return err;
650}
651
652static int sco_sock_accept(struct socket *sock, struct socket *newsock,
653 int flags, bool kern)
654{
655 DEFINE_WAIT_FUNC(wait, woken_wake_function);
656 struct sock *sk = sock->sk, *ch;
657 long timeo;
658 int err = 0;
659
660 lock_sock(sk);
661
662 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
663
664 BT_DBG("sk %p timeo %ld", sk, timeo);
665
666 /* Wait for an incoming connection. (wake-one). */
667 add_wait_queue_exclusive(sk_sleep(sk), &wait);
668 while (1) {
669 if (sk->sk_state != BT_LISTEN) {
670 err = -EBADFD;
671 break;
672 }
673
674 ch = bt_accept_dequeue(sk, newsock);
675 if (ch)
676 break;
677
678 if (!timeo) {
679 err = -EAGAIN;
680 break;
681 }
682
683 if (signal_pending(current)) {
684 err = sock_intr_errno(timeo);
685 break;
686 }
687
688 release_sock(sk);
689
690 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
691 lock_sock(sk);
692 }
693 remove_wait_queue(sk_sleep(sk), &wait);
694
695 if (err)
696 goto done;
697
698 newsock->state = SS_CONNECTED;
699
700 BT_DBG("new socket %p", ch);
701
702done:
703 release_sock(sk);
704 return err;
705}
706
707static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
708 int peer)
709{
710 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
711 struct sock *sk = sock->sk;
712
713 BT_DBG("sock %p, sk %p", sock, sk);
714
715 addr->sa_family = AF_BLUETOOTH;
716
717 if (peer)
718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
719 else
720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
721
722 return sizeof(struct sockaddr_sco);
723}
724
725static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
726 size_t len)
727{
728 struct sock *sk = sock->sk;
729 struct sk_buff *skb;
730 int err;
731
732 BT_DBG("sock %p, sk %p", sock, sk);
733
734 err = sock_error(sk);
735 if (err)
736 return err;
737
738 if (msg->msg_flags & MSG_OOB)
739 return -EOPNOTSUPP;
740
741 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
742 if (IS_ERR(skb))
743 return PTR_ERR(skb);
744
745 lock_sock(sk);
746
747 if (sk->sk_state == BT_CONNECTED)
748 err = sco_send_frame(sk, skb);
749 else
750 err = -ENOTCONN;
751
752 release_sock(sk);
753
754 if (err < 0)
755 kfree_skb(skb);
756 return err;
757}
758
759static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
760{
761 struct hci_dev *hdev = conn->hdev;
762
763 BT_DBG("conn %p", conn);
764
765 conn->state = BT_CONFIG;
766
767 if (!lmp_esco_capable(hdev)) {
768 struct hci_cp_accept_conn_req cp;
769
770 bacpy(&cp.bdaddr, &conn->dst);
771 cp.role = 0x00; /* Ignored */
772
773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
774 } else {
775 struct hci_cp_accept_sync_conn_req cp;
776
777 bacpy(&cp.bdaddr, &conn->dst);
778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
779
780 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
781 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
782 cp.content_format = cpu_to_le16(setting);
783
784 switch (setting & SCO_AIRMODE_MASK) {
785 case SCO_AIRMODE_TRANSP:
786 if (conn->pkt_type & ESCO_2EV3)
787 cp.max_latency = cpu_to_le16(0x0008);
788 else
789 cp.max_latency = cpu_to_le16(0x000D);
790 cp.retrans_effort = 0x02;
791 break;
792 case SCO_AIRMODE_CVSD:
793 cp.max_latency = cpu_to_le16(0xffff);
794 cp.retrans_effort = 0xff;
795 break;
796 default:
797 /* use CVSD settings as fallback */
798 cp.max_latency = cpu_to_le16(0xffff);
799 cp.retrans_effort = 0xff;
800 break;
801 }
802
803 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
804 sizeof(cp), &cp);
805 }
806}
807
808static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
809 size_t len, int flags)
810{
811 struct sock *sk = sock->sk;
812 struct sco_pinfo *pi = sco_pi(sk);
813
814 lock_sock(sk);
815
816 if (sk->sk_state == BT_CONNECT2 &&
817 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
818 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
819 sk->sk_state = BT_CONFIG;
820
821 release_sock(sk);
822 return 0;
823 }
824
825 release_sock(sk);
826
827 return bt_sock_recvmsg(sock, msg, len, flags);
828}
829
830static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
831 sockptr_t optval, unsigned int optlen)
832{
833 struct sock *sk = sock->sk;
834 int len, err = 0;
835 struct bt_voice voice;
836 u32 opt;
837 struct bt_codecs *codecs;
838 struct hci_dev *hdev;
839 __u8 buffer[255];
840
841 BT_DBG("sk %p", sk);
842
843 lock_sock(sk);
844
845 switch (optname) {
846
847 case BT_DEFER_SETUP:
848 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
849 err = -EINVAL;
850 break;
851 }
852
853 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
854 err = -EFAULT;
855 break;
856 }
857
858 if (opt)
859 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
860 else
861 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
862 break;
863
864 case BT_VOICE:
865 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
866 sk->sk_state != BT_CONNECT2) {
867 err = -EINVAL;
868 break;
869 }
870
871 voice.setting = sco_pi(sk)->setting;
872
873 len = min_t(unsigned int, sizeof(voice), optlen);
874 if (copy_from_sockptr(&voice, optval, len)) {
875 err = -EFAULT;
876 break;
877 }
878
879 /* Explicitly check for these values */
880 if (voice.setting != BT_VOICE_TRANSPARENT &&
881 voice.setting != BT_VOICE_CVSD_16BIT) {
882 err = -EINVAL;
883 break;
884 }
885
886 sco_pi(sk)->setting = voice.setting;
887 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
888 BDADDR_BREDR);
889 if (!hdev) {
890 err = -EBADFD;
891 break;
892 }
893 if (enhanced_sync_conn_capable(hdev) &&
894 voice.setting == BT_VOICE_TRANSPARENT)
895 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
896 hci_dev_put(hdev);
897 break;
898
899 case BT_PKT_STATUS:
900 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
901 err = -EFAULT;
902 break;
903 }
904
905 if (opt)
906 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
907 else
908 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
909 break;
910
911 case BT_CODEC:
912 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
913 sk->sk_state != BT_CONNECT2) {
914 err = -EINVAL;
915 break;
916 }
917
918 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
919 BDADDR_BREDR);
920 if (!hdev) {
921 err = -EBADFD;
922 break;
923 }
924
925 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
926 hci_dev_put(hdev);
927 err = -EOPNOTSUPP;
928 break;
929 }
930
931 if (!hdev->get_data_path_id) {
932 hci_dev_put(hdev);
933 err = -EOPNOTSUPP;
934 break;
935 }
936
937 if (optlen < sizeof(struct bt_codecs) ||
938 optlen > sizeof(buffer)) {
939 hci_dev_put(hdev);
940 err = -EINVAL;
941 break;
942 }
943
944 if (copy_from_sockptr(buffer, optval, optlen)) {
945 hci_dev_put(hdev);
946 err = -EFAULT;
947 break;
948 }
949
950 codecs = (void *)buffer;
951
952 if (codecs->num_codecs > 1) {
953 hci_dev_put(hdev);
954 err = -EINVAL;
955 break;
956 }
957
958 sco_pi(sk)->codec = codecs->codecs[0];
959 hci_dev_put(hdev);
960 break;
961
962 default:
963 err = -ENOPROTOOPT;
964 break;
965 }
966
967 release_sock(sk);
968 return err;
969}
970
971static int sco_sock_getsockopt_old(struct socket *sock, int optname,
972 char __user *optval, int __user *optlen)
973{
974 struct sock *sk = sock->sk;
975 struct sco_options opts;
976 struct sco_conninfo cinfo;
977 int len, err = 0;
978
979 BT_DBG("sk %p", sk);
980
981 if (get_user(len, optlen))
982 return -EFAULT;
983
984 lock_sock(sk);
985
986 switch (optname) {
987 case SCO_OPTIONS:
988 if (sk->sk_state != BT_CONNECTED &&
989 !(sk->sk_state == BT_CONNECT2 &&
990 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
991 err = -ENOTCONN;
992 break;
993 }
994
995 opts.mtu = sco_pi(sk)->conn->mtu;
996
997 BT_DBG("mtu %u", opts.mtu);
998
999 len = min_t(unsigned int, len, sizeof(opts));
1000 if (copy_to_user(optval, (char *)&opts, len))
1001 err = -EFAULT;
1002
1003 break;
1004
1005 case SCO_CONNINFO:
1006 if (sk->sk_state != BT_CONNECTED &&
1007 !(sk->sk_state == BT_CONNECT2 &&
1008 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1009 err = -ENOTCONN;
1010 break;
1011 }
1012
1013 memset(&cinfo, 0, sizeof(cinfo));
1014 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1015 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1016
1017 len = min_t(unsigned int, len, sizeof(cinfo));
1018 if (copy_to_user(optval, (char *)&cinfo, len))
1019 err = -EFAULT;
1020
1021 break;
1022
1023 default:
1024 err = -ENOPROTOOPT;
1025 break;
1026 }
1027
1028 release_sock(sk);
1029 return err;
1030}
1031
1032static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1033 char __user *optval, int __user *optlen)
1034{
1035 struct sock *sk = sock->sk;
1036 int len, err = 0;
1037 struct bt_voice voice;
1038 u32 phys;
1039 int pkt_status;
1040 int buf_len;
1041 struct codec_list *c;
1042 u8 num_codecs, i, __user *ptr;
1043 struct hci_dev *hdev;
1044 struct hci_codec_caps *caps;
1045 struct bt_codec codec;
1046
1047 BT_DBG("sk %p", sk);
1048
1049 if (level == SOL_SCO)
1050 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1051
1052 if (get_user(len, optlen))
1053 return -EFAULT;
1054
1055 lock_sock(sk);
1056
1057 switch (optname) {
1058
1059 case BT_DEFER_SETUP:
1060 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1061 err = -EINVAL;
1062 break;
1063 }
1064
1065 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1066 (u32 __user *)optval))
1067 err = -EFAULT;
1068
1069 break;
1070
1071 case BT_VOICE:
1072 voice.setting = sco_pi(sk)->setting;
1073
1074 len = min_t(unsigned int, len, sizeof(voice));
1075 if (copy_to_user(optval, (char *)&voice, len))
1076 err = -EFAULT;
1077
1078 break;
1079
1080 case BT_PHY:
1081 if (sk->sk_state != BT_CONNECTED) {
1082 err = -ENOTCONN;
1083 break;
1084 }
1085
1086 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1087
1088 if (put_user(phys, (u32 __user *) optval))
1089 err = -EFAULT;
1090 break;
1091
1092 case BT_PKT_STATUS:
1093 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1094
1095 if (put_user(pkt_status, (int __user *)optval))
1096 err = -EFAULT;
1097 break;
1098
1099 case BT_SNDMTU:
1100 case BT_RCVMTU:
1101 if (sk->sk_state != BT_CONNECTED) {
1102 err = -ENOTCONN;
1103 break;
1104 }
1105
1106 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1107 err = -EFAULT;
1108 break;
1109
1110 case BT_CODEC:
1111 num_codecs = 0;
1112 buf_len = 0;
1113
1114 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1115 if (!hdev) {
1116 err = -EBADFD;
1117 break;
1118 }
1119
1120 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1121 hci_dev_put(hdev);
1122 err = -EOPNOTSUPP;
1123 break;
1124 }
1125
1126 if (!hdev->get_data_path_id) {
1127 hci_dev_put(hdev);
1128 err = -EOPNOTSUPP;
1129 break;
1130 }
1131
1132 /* find total buffer size required to copy codec + caps */
1133 hci_dev_lock(hdev);
1134 list_for_each_entry(c, &hdev->local_codecs, list) {
1135 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1136 continue;
1137 num_codecs++;
1138 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1139 buf_len += 1 + caps->len;
1140 caps = (void *)&caps->data[caps->len];
1141 }
1142 buf_len += sizeof(struct bt_codec);
1143 }
1144 hci_dev_unlock(hdev);
1145
1146 buf_len += sizeof(struct bt_codecs);
1147 if (buf_len > len) {
1148 hci_dev_put(hdev);
1149 err = -ENOBUFS;
1150 break;
1151 }
1152 ptr = optval;
1153
1154 if (put_user(num_codecs, ptr)) {
1155 hci_dev_put(hdev);
1156 err = -EFAULT;
1157 break;
1158 }
1159 ptr += sizeof(num_codecs);
1160
1161 /* Iterate all the codecs supported over SCO and populate
1162 * codec data
1163 */
1164 hci_dev_lock(hdev);
1165 list_for_each_entry(c, &hdev->local_codecs, list) {
1166 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1167 continue;
1168
1169 codec.id = c->id;
1170 codec.cid = c->cid;
1171 codec.vid = c->vid;
1172 err = hdev->get_data_path_id(hdev, &codec.data_path);
1173 if (err < 0)
1174 break;
1175 codec.num_caps = c->num_caps;
1176 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1177 err = -EFAULT;
1178 break;
1179 }
1180 ptr += sizeof(codec);
1181
1182 /* find codec capabilities data length */
1183 len = 0;
1184 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1185 len += 1 + caps->len;
1186 caps = (void *)&caps->data[caps->len];
1187 }
1188
1189 /* copy codec capabilities data */
1190 if (len && copy_to_user(ptr, c->caps, len)) {
1191 err = -EFAULT;
1192 break;
1193 }
1194 ptr += len;
1195 }
1196
1197 if (!err && put_user(buf_len, optlen))
1198 err = -EFAULT;
1199
1200 hci_dev_unlock(hdev);
1201 hci_dev_put(hdev);
1202
1203 break;
1204
1205 default:
1206 err = -ENOPROTOOPT;
1207 break;
1208 }
1209
1210 release_sock(sk);
1211 return err;
1212}
1213
1214static int sco_sock_shutdown(struct socket *sock, int how)
1215{
1216 struct sock *sk = sock->sk;
1217 int err = 0;
1218
1219 BT_DBG("sock %p, sk %p", sock, sk);
1220
1221 if (!sk)
1222 return 0;
1223
1224 sock_hold(sk);
1225 lock_sock(sk);
1226
1227 if (!sk->sk_shutdown) {
1228 sk->sk_shutdown = SHUTDOWN_MASK;
1229 sco_sock_clear_timer(sk);
1230 __sco_sock_close(sk);
1231
1232 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1233 !(current->flags & PF_EXITING))
1234 err = bt_sock_wait_state(sk, BT_CLOSED,
1235 sk->sk_lingertime);
1236 }
1237
1238 release_sock(sk);
1239 sock_put(sk);
1240
1241 return err;
1242}
1243
1244static int sco_sock_release(struct socket *sock)
1245{
1246 struct sock *sk = sock->sk;
1247 int err = 0;
1248
1249 BT_DBG("sock %p, sk %p", sock, sk);
1250
1251 if (!sk)
1252 return 0;
1253
1254 sco_sock_close(sk);
1255
1256 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1257 !(current->flags & PF_EXITING)) {
1258 lock_sock(sk);
1259 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1260 release_sock(sk);
1261 }
1262
1263 sock_orphan(sk);
1264 sco_sock_kill(sk);
1265 return err;
1266}
1267
1268static void sco_conn_ready(struct sco_conn *conn)
1269{
1270 struct sock *parent;
1271 struct sock *sk = conn->sk;
1272
1273 BT_DBG("conn %p", conn);
1274
1275 if (sk) {
1276 lock_sock(sk);
1277 sco_sock_clear_timer(sk);
1278 sk->sk_state = BT_CONNECTED;
1279 sk->sk_state_change(sk);
1280 release_sock(sk);
1281 } else {
1282 sco_conn_lock(conn);
1283
1284 if (!conn->hcon) {
1285 sco_conn_unlock(conn);
1286 return;
1287 }
1288
1289 parent = sco_get_sock_listen(&conn->hcon->src);
1290 if (!parent) {
1291 sco_conn_unlock(conn);
1292 return;
1293 }
1294
1295 lock_sock(parent);
1296
1297 sk = sco_sock_alloc(sock_net(parent), NULL,
1298 BTPROTO_SCO, GFP_ATOMIC, 0);
1299 if (!sk) {
1300 release_sock(parent);
1301 sco_conn_unlock(conn);
1302 return;
1303 }
1304
1305 sco_sock_init(sk, parent);
1306
1307 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1308 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1309
1310 hci_conn_hold(conn->hcon);
1311 __sco_chan_add(conn, sk, parent);
1312
1313 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1314 sk->sk_state = BT_CONNECT2;
1315 else
1316 sk->sk_state = BT_CONNECTED;
1317
1318 /* Wake up parent */
1319 parent->sk_data_ready(parent);
1320
1321 release_sock(parent);
1322
1323 sco_conn_unlock(conn);
1324 }
1325}
1326
1327/* ----- SCO interface with lower layer (HCI) ----- */
1328int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1329{
1330 struct sock *sk;
1331 int lm = 0;
1332
1333 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1334
1335 /* Find listening sockets */
1336 read_lock(&sco_sk_list.lock);
1337 sk_for_each(sk, &sco_sk_list.head) {
1338 if (sk->sk_state != BT_LISTEN)
1339 continue;
1340
1341 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1342 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1343 lm |= HCI_LM_ACCEPT;
1344
1345 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1346 *flags |= HCI_PROTO_DEFER;
1347 break;
1348 }
1349 }
1350 read_unlock(&sco_sk_list.lock);
1351
1352 return lm;
1353}
1354
1355static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1356{
1357 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1358 return;
1359
1360 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1361
1362 if (!status) {
1363 struct sco_conn *conn;
1364
1365 conn = sco_conn_add(hcon);
1366 if (conn)
1367 sco_conn_ready(conn);
1368 } else
1369 sco_conn_del(hcon, bt_to_errno(status));
1370}
1371
1372static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1373{
1374 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1375 return;
1376
1377 BT_DBG("hcon %p reason %d", hcon, reason);
1378
1379 sco_conn_del(hcon, bt_to_errno(reason));
1380}
1381
1382void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1383{
1384 struct sco_conn *conn = hcon->sco_data;
1385
1386 if (!conn)
1387 goto drop;
1388
1389 BT_DBG("conn %p len %u", conn, skb->len);
1390
1391 if (skb->len) {
1392 sco_recv_frame(conn, skb);
1393 return;
1394 }
1395
1396drop:
1397 kfree_skb(skb);
1398}
1399
1400static struct hci_cb sco_cb = {
1401 .name = "SCO",
1402 .connect_cfm = sco_connect_cfm,
1403 .disconn_cfm = sco_disconn_cfm,
1404};
1405
1406static int sco_debugfs_show(struct seq_file *f, void *p)
1407{
1408 struct sock *sk;
1409
1410 read_lock(&sco_sk_list.lock);
1411
1412 sk_for_each(sk, &sco_sk_list.head) {
1413 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1414 &sco_pi(sk)->dst, sk->sk_state);
1415 }
1416
1417 read_unlock(&sco_sk_list.lock);
1418
1419 return 0;
1420}
1421
1422DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1423
1424static struct dentry *sco_debugfs;
1425
1426static const struct proto_ops sco_sock_ops = {
1427 .family = PF_BLUETOOTH,
1428 .owner = THIS_MODULE,
1429 .release = sco_sock_release,
1430 .bind = sco_sock_bind,
1431 .connect = sco_sock_connect,
1432 .listen = sco_sock_listen,
1433 .accept = sco_sock_accept,
1434 .getname = sco_sock_getname,
1435 .sendmsg = sco_sock_sendmsg,
1436 .recvmsg = sco_sock_recvmsg,
1437 .poll = bt_sock_poll,
1438 .ioctl = bt_sock_ioctl,
1439 .gettstamp = sock_gettstamp,
1440 .mmap = sock_no_mmap,
1441 .socketpair = sock_no_socketpair,
1442 .shutdown = sco_sock_shutdown,
1443 .setsockopt = sco_sock_setsockopt,
1444 .getsockopt = sco_sock_getsockopt
1445};
1446
1447static const struct net_proto_family sco_sock_family_ops = {
1448 .family = PF_BLUETOOTH,
1449 .owner = THIS_MODULE,
1450 .create = sco_sock_create,
1451};
1452
1453int __init sco_init(void)
1454{
1455 int err;
1456
1457 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1458
1459 err = proto_register(&sco_proto, 0);
1460 if (err < 0)
1461 return err;
1462
1463 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1464 if (err < 0) {
1465 BT_ERR("SCO socket registration failed");
1466 goto error;
1467 }
1468
1469 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1470 if (err < 0) {
1471 BT_ERR("Failed to create SCO proc file");
1472 bt_sock_unregister(BTPROTO_SCO);
1473 goto error;
1474 }
1475
1476 BT_INFO("SCO socket layer initialized");
1477
1478 hci_register_cb(&sco_cb);
1479
1480 if (IS_ERR_OR_NULL(bt_debugfs))
1481 return 0;
1482
1483 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1484 NULL, &sco_debugfs_fops);
1485
1486 return 0;
1487
1488error:
1489 proto_unregister(&sco_proto);
1490 return err;
1491}
1492
1493void sco_exit(void)
1494{
1495 bt_procfs_cleanup(&init_net, "sco");
1496
1497 debugfs_remove(sco_debugfs);
1498
1499 hci_unregister_cb(&sco_cb);
1500
1501 bt_sock_unregister(BTPROTO_SCO);
1502
1503 proto_unregister(&sco_proto);
1504}
1505
1506module_param(disable_esco, bool, 0644);
1507MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");