Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 struct kref ref;
55};
56
57#define sco_conn_lock(c) spin_lock(&c->lock)
58#define sco_conn_unlock(c) spin_unlock(&c->lock)
59
60static void sco_sock_close(struct sock *sk);
61static void sco_sock_kill(struct sock *sk);
62
63/* ----- SCO socket info ----- */
64#define sco_pi(sk) ((struct sco_pinfo *) sk)
65
66struct sco_pinfo {
67 struct bt_sock bt;
68 bdaddr_t src;
69 bdaddr_t dst;
70 __u32 flags;
71 __u16 setting;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74};
75
76/* ---- SCO timers ---- */
77#define SCO_CONN_TIMEOUT (HZ * 40)
78#define SCO_DISCONN_TIMEOUT (HZ * 2)
79
80static void sco_conn_free(struct kref *ref)
81{
82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83
84 BT_DBG("conn %p", conn);
85
86 if (conn->sk)
87 sco_pi(conn->sk)->conn = NULL;
88
89 if (conn->hcon) {
90 conn->hcon->sco_data = NULL;
91 hci_conn_drop(conn->hcon);
92 }
93
94 /* Ensure no more work items will run since hci_conn has been dropped */
95 disable_delayed_work_sync(&conn->timeout_work);
96
97 kfree(conn);
98}
99
100static void sco_conn_put(struct sco_conn *conn)
101{
102 if (!conn)
103 return;
104
105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106
107 kref_put(&conn->ref, sco_conn_free);
108}
109
110static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
111{
112 if (!conn)
113 return NULL;
114
115 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
116
117 if (!kref_get_unless_zero(&conn->ref))
118 return NULL;
119
120 return conn;
121}
122
123static struct sock *sco_sock_hold(struct sco_conn *conn)
124{
125 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
126 return NULL;
127
128 sock_hold(conn->sk);
129
130 return conn->sk;
131}
132
133static void sco_sock_timeout(struct work_struct *work)
134{
135 struct sco_conn *conn = container_of(work, struct sco_conn,
136 timeout_work.work);
137 struct sock *sk;
138
139 conn = sco_conn_hold_unless_zero(conn);
140 if (!conn)
141 return;
142
143 sco_conn_lock(conn);
144 if (!conn->hcon) {
145 sco_conn_unlock(conn);
146 sco_conn_put(conn);
147 return;
148 }
149 sk = sco_sock_hold(conn);
150 sco_conn_unlock(conn);
151 sco_conn_put(conn);
152
153 if (!sk)
154 return;
155
156 BT_DBG("sock %p state %d", sk, sk->sk_state);
157
158 lock_sock(sk);
159 sk->sk_err = ETIMEDOUT;
160 sk->sk_state_change(sk);
161 release_sock(sk);
162 sock_put(sk);
163}
164
165static void sco_sock_set_timer(struct sock *sk, long timeout)
166{
167 if (!sco_pi(sk)->conn)
168 return;
169
170 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
171 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
172 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
173}
174
175static void sco_sock_clear_timer(struct sock *sk)
176{
177 if (!sco_pi(sk)->conn)
178 return;
179
180 BT_DBG("sock %p state %d", sk, sk->sk_state);
181 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
182}
183
184/* ---- SCO connections ---- */
185static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
186{
187 struct sco_conn *conn = hcon->sco_data;
188
189 conn = sco_conn_hold_unless_zero(conn);
190 if (conn) {
191 if (!conn->hcon) {
192 sco_conn_lock(conn);
193 conn->hcon = hcon;
194 sco_conn_unlock(conn);
195 }
196 return conn;
197 }
198
199 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
200 if (!conn)
201 return NULL;
202
203 kref_init(&conn->ref);
204 spin_lock_init(&conn->lock);
205 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
206
207 hcon->sco_data = conn;
208 conn->hcon = hcon;
209 conn->mtu = hcon->mtu;
210
211 if (hcon->mtu > 0)
212 conn->mtu = hcon->mtu;
213 else
214 conn->mtu = 60;
215
216 BT_DBG("hcon %p conn %p", hcon, conn);
217
218 return conn;
219}
220
221/* Delete channel.
222 * Must be called on the locked socket. */
223static void sco_chan_del(struct sock *sk, int err)
224{
225 struct sco_conn *conn;
226
227 conn = sco_pi(sk)->conn;
228 sco_pi(sk)->conn = NULL;
229
230 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
231
232 if (conn) {
233 sco_conn_lock(conn);
234 conn->sk = NULL;
235 sco_conn_unlock(conn);
236 sco_conn_put(conn);
237 }
238
239 sk->sk_state = BT_CLOSED;
240 sk->sk_err = err;
241 sk->sk_state_change(sk);
242
243 sock_set_flag(sk, SOCK_ZAPPED);
244}
245
246static void sco_conn_del(struct hci_conn *hcon, int err)
247{
248 struct sco_conn *conn = hcon->sco_data;
249 struct sock *sk;
250
251 conn = sco_conn_hold_unless_zero(conn);
252 if (!conn)
253 return;
254
255 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
256
257 sco_conn_lock(conn);
258 sk = sco_sock_hold(conn);
259 sco_conn_unlock(conn);
260 sco_conn_put(conn);
261
262 if (!sk) {
263 sco_conn_put(conn);
264 return;
265 }
266
267 /* Kill socket */
268 lock_sock(sk);
269 sco_sock_clear_timer(sk);
270 sco_chan_del(sk, err);
271 release_sock(sk);
272 sock_put(sk);
273}
274
275static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
276 struct sock *parent)
277{
278 BT_DBG("conn %p", conn);
279
280 sco_pi(sk)->conn = conn;
281 conn->sk = sk;
282
283 if (parent)
284 bt_accept_enqueue(parent, sk, true);
285}
286
287static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
288 struct sock *parent)
289{
290 int err = 0;
291
292 sco_conn_lock(conn);
293 if (conn->sk)
294 err = -EBUSY;
295 else
296 __sco_chan_add(conn, sk, parent);
297
298 sco_conn_unlock(conn);
299 return err;
300}
301
302static int sco_connect(struct sock *sk)
303{
304 struct sco_conn *conn;
305 struct hci_conn *hcon;
306 struct hci_dev *hdev;
307 int err, type;
308
309 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
310
311 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
312 if (!hdev)
313 return -EHOSTUNREACH;
314
315 hci_dev_lock(hdev);
316
317 if (lmp_esco_capable(hdev) && !disable_esco)
318 type = ESCO_LINK;
319 else
320 type = SCO_LINK;
321
322 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
323 case SCO_AIRMODE_TRANSP:
324 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) {
325 err = -EOPNOTSUPP;
326 goto unlock;
327 }
328 break;
329 }
330
331 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
332 sco_pi(sk)->setting, &sco_pi(sk)->codec,
333 sk->sk_sndtimeo);
334 if (IS_ERR(hcon)) {
335 err = PTR_ERR(hcon);
336 goto unlock;
337 }
338
339 conn = sco_conn_add(hcon);
340 if (!conn) {
341 hci_conn_drop(hcon);
342 err = -ENOMEM;
343 goto unlock;
344 }
345
346 lock_sock(sk);
347
348 err = sco_chan_add(conn, sk, NULL);
349 if (err) {
350 release_sock(sk);
351 goto unlock;
352 }
353
354 /* Update source addr of the socket */
355 bacpy(&sco_pi(sk)->src, &hcon->src);
356
357 if (hcon->state == BT_CONNECTED) {
358 sco_sock_clear_timer(sk);
359 sk->sk_state = BT_CONNECTED;
360 } else {
361 sk->sk_state = BT_CONNECT;
362 sco_sock_set_timer(sk, sk->sk_sndtimeo);
363 }
364
365 release_sock(sk);
366
367unlock:
368 hci_dev_unlock(hdev);
369 hci_dev_put(hdev);
370 return err;
371}
372
373static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
374{
375 struct sco_conn *conn = sco_pi(sk)->conn;
376 int len = skb->len;
377
378 /* Check outgoing MTU */
379 if (len > conn->mtu)
380 return -EINVAL;
381
382 BT_DBG("sk %p len %d", sk, len);
383
384 hci_send_sco(conn->hcon, skb);
385
386 return len;
387}
388
389static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
390{
391 struct sock *sk;
392
393 sco_conn_lock(conn);
394 sk = conn->sk;
395 sco_conn_unlock(conn);
396
397 if (!sk)
398 goto drop;
399
400 BT_DBG("sk %p len %u", sk, skb->len);
401
402 if (sk->sk_state != BT_CONNECTED)
403 goto drop;
404
405 if (!sock_queue_rcv_skb(sk, skb))
406 return;
407
408drop:
409 kfree_skb(skb);
410}
411
412/* -------- Socket interface ---------- */
413static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
414{
415 struct sock *sk;
416
417 sk_for_each(sk, &sco_sk_list.head) {
418 if (sk->sk_state != BT_LISTEN)
419 continue;
420
421 if (!bacmp(&sco_pi(sk)->src, ba))
422 return sk;
423 }
424
425 return NULL;
426}
427
428/* Find socket listening on source bdaddr.
429 * Returns closest match.
430 */
431static struct sock *sco_get_sock_listen(bdaddr_t *src)
432{
433 struct sock *sk = NULL, *sk1 = NULL;
434
435 read_lock(&sco_sk_list.lock);
436
437 sk_for_each(sk, &sco_sk_list.head) {
438 if (sk->sk_state != BT_LISTEN)
439 continue;
440
441 /* Exact match. */
442 if (!bacmp(&sco_pi(sk)->src, src))
443 break;
444
445 /* Closest match */
446 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
447 sk1 = sk;
448 }
449
450 read_unlock(&sco_sk_list.lock);
451
452 return sk ? sk : sk1;
453}
454
455static void sco_sock_destruct(struct sock *sk)
456{
457 BT_DBG("sk %p", sk);
458
459 sco_conn_put(sco_pi(sk)->conn);
460
461 skb_queue_purge(&sk->sk_receive_queue);
462 skb_queue_purge(&sk->sk_write_queue);
463}
464
465static void sco_sock_cleanup_listen(struct sock *parent)
466{
467 struct sock *sk;
468
469 BT_DBG("parent %p", parent);
470
471 /* Close not yet accepted channels */
472 while ((sk = bt_accept_dequeue(parent, NULL))) {
473 sco_sock_close(sk);
474 sco_sock_kill(sk);
475 }
476
477 parent->sk_state = BT_CLOSED;
478 sock_set_flag(parent, SOCK_ZAPPED);
479}
480
481/* Kill socket (only if zapped and orphan)
482 * Must be called on unlocked socket.
483 */
484static void sco_sock_kill(struct sock *sk)
485{
486 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
487 return;
488
489 BT_DBG("sk %p state %d", sk, sk->sk_state);
490
491 /* Kill poor orphan */
492 bt_sock_unlink(&sco_sk_list, sk);
493 sock_set_flag(sk, SOCK_DEAD);
494 sock_put(sk);
495}
496
497static void __sco_sock_close(struct sock *sk)
498{
499 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
500
501 switch (sk->sk_state) {
502 case BT_LISTEN:
503 sco_sock_cleanup_listen(sk);
504 break;
505
506 case BT_CONNECTED:
507 case BT_CONFIG:
508 case BT_CONNECT2:
509 case BT_CONNECT:
510 case BT_DISCONN:
511 sco_chan_del(sk, ECONNRESET);
512 break;
513
514 default:
515 sock_set_flag(sk, SOCK_ZAPPED);
516 break;
517 }
518
519}
520
521/* Must be called on unlocked socket. */
522static void sco_sock_close(struct sock *sk)
523{
524 lock_sock(sk);
525 sco_sock_clear_timer(sk);
526 __sco_sock_close(sk);
527 release_sock(sk);
528}
529
530static void sco_sock_init(struct sock *sk, struct sock *parent)
531{
532 BT_DBG("sk %p", sk);
533
534 if (parent) {
535 sk->sk_type = parent->sk_type;
536 bt_sk(sk)->flags = bt_sk(parent)->flags;
537 security_sk_clone(parent, sk);
538 }
539}
540
541static struct proto sco_proto = {
542 .name = "SCO",
543 .owner = THIS_MODULE,
544 .obj_size = sizeof(struct sco_pinfo)
545};
546
547static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
548 int proto, gfp_t prio, int kern)
549{
550 struct sock *sk;
551
552 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
553 if (!sk)
554 return NULL;
555
556 sk->sk_destruct = sco_sock_destruct;
557 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
558
559 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
560 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
561 sco_pi(sk)->codec.cid = 0xffff;
562 sco_pi(sk)->codec.vid = 0xffff;
563 sco_pi(sk)->codec.data_path = 0x00;
564
565 bt_sock_link(&sco_sk_list, sk);
566 return sk;
567}
568
569static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
570 int kern)
571{
572 struct sock *sk;
573
574 BT_DBG("sock %p", sock);
575
576 sock->state = SS_UNCONNECTED;
577
578 if (sock->type != SOCK_SEQPACKET)
579 return -ESOCKTNOSUPPORT;
580
581 sock->ops = &sco_sock_ops;
582
583 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
584 if (!sk)
585 return -ENOMEM;
586
587 sco_sock_init(sk, NULL);
588 return 0;
589}
590
591static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
592 int addr_len)
593{
594 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
595 struct sock *sk = sock->sk;
596 int err = 0;
597
598 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
599 addr->sa_family != AF_BLUETOOTH)
600 return -EINVAL;
601
602 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
603
604 lock_sock(sk);
605
606 if (sk->sk_state != BT_OPEN) {
607 err = -EBADFD;
608 goto done;
609 }
610
611 if (sk->sk_type != SOCK_SEQPACKET) {
612 err = -EINVAL;
613 goto done;
614 }
615
616 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
617
618 sk->sk_state = BT_BOUND;
619
620done:
621 release_sock(sk);
622 return err;
623}
624
625static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
626{
627 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
628 struct sock *sk = sock->sk;
629 int err;
630
631 BT_DBG("sk %p", sk);
632
633 if (alen < sizeof(struct sockaddr_sco) ||
634 addr->sa_family != AF_BLUETOOTH)
635 return -EINVAL;
636
637 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
638 return -EBADFD;
639
640 if (sk->sk_type != SOCK_SEQPACKET)
641 err = -EINVAL;
642
643 lock_sock(sk);
644 /* Set destination address and psm */
645 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
646 release_sock(sk);
647
648 err = sco_connect(sk);
649 if (err)
650 return err;
651
652 lock_sock(sk);
653
654 err = bt_sock_wait_state(sk, BT_CONNECTED,
655 sock_sndtimeo(sk, flags & O_NONBLOCK));
656
657 release_sock(sk);
658 return err;
659}
660
661static int sco_sock_listen(struct socket *sock, int backlog)
662{
663 struct sock *sk = sock->sk;
664 bdaddr_t *src = &sco_pi(sk)->src;
665 int err = 0;
666
667 BT_DBG("sk %p backlog %d", sk, backlog);
668
669 lock_sock(sk);
670
671 if (sk->sk_state != BT_BOUND) {
672 err = -EBADFD;
673 goto done;
674 }
675
676 if (sk->sk_type != SOCK_SEQPACKET) {
677 err = -EINVAL;
678 goto done;
679 }
680
681 write_lock(&sco_sk_list.lock);
682
683 if (__sco_get_sock_listen_by_addr(src)) {
684 err = -EADDRINUSE;
685 goto unlock;
686 }
687
688 sk->sk_max_ack_backlog = backlog;
689 sk->sk_ack_backlog = 0;
690
691 sk->sk_state = BT_LISTEN;
692
693unlock:
694 write_unlock(&sco_sk_list.lock);
695
696done:
697 release_sock(sk);
698 return err;
699}
700
701static int sco_sock_accept(struct socket *sock, struct socket *newsock,
702 struct proto_accept_arg *arg)
703{
704 DEFINE_WAIT_FUNC(wait, woken_wake_function);
705 struct sock *sk = sock->sk, *ch;
706 long timeo;
707 int err = 0;
708
709 lock_sock(sk);
710
711 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
712
713 BT_DBG("sk %p timeo %ld", sk, timeo);
714
715 /* Wait for an incoming connection. (wake-one). */
716 add_wait_queue_exclusive(sk_sleep(sk), &wait);
717 while (1) {
718 if (sk->sk_state != BT_LISTEN) {
719 err = -EBADFD;
720 break;
721 }
722
723 ch = bt_accept_dequeue(sk, newsock);
724 if (ch)
725 break;
726
727 if (!timeo) {
728 err = -EAGAIN;
729 break;
730 }
731
732 if (signal_pending(current)) {
733 err = sock_intr_errno(timeo);
734 break;
735 }
736
737 release_sock(sk);
738
739 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
740 lock_sock(sk);
741 }
742 remove_wait_queue(sk_sleep(sk), &wait);
743
744 if (err)
745 goto done;
746
747 newsock->state = SS_CONNECTED;
748
749 BT_DBG("new socket %p", ch);
750
751done:
752 release_sock(sk);
753 return err;
754}
755
756static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
757 int peer)
758{
759 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
760 struct sock *sk = sock->sk;
761
762 BT_DBG("sock %p, sk %p", sock, sk);
763
764 addr->sa_family = AF_BLUETOOTH;
765
766 if (peer)
767 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
768 else
769 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
770
771 return sizeof(struct sockaddr_sco);
772}
773
774static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
775 size_t len)
776{
777 struct sock *sk = sock->sk;
778 struct sk_buff *skb;
779 int err;
780
781 BT_DBG("sock %p, sk %p", sock, sk);
782
783 err = sock_error(sk);
784 if (err)
785 return err;
786
787 if (msg->msg_flags & MSG_OOB)
788 return -EOPNOTSUPP;
789
790 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
791 if (IS_ERR(skb))
792 return PTR_ERR(skb);
793
794 lock_sock(sk);
795
796 if (sk->sk_state == BT_CONNECTED)
797 err = sco_send_frame(sk, skb);
798 else
799 err = -ENOTCONN;
800
801 release_sock(sk);
802
803 if (err < 0)
804 kfree_skb(skb);
805 return err;
806}
807
808static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
809{
810 struct hci_dev *hdev = conn->hdev;
811
812 BT_DBG("conn %p", conn);
813
814 conn->state = BT_CONFIG;
815
816 if (!lmp_esco_capable(hdev)) {
817 struct hci_cp_accept_conn_req cp;
818
819 bacpy(&cp.bdaddr, &conn->dst);
820 cp.role = 0x00; /* Ignored */
821
822 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
823 } else {
824 struct hci_cp_accept_sync_conn_req cp;
825
826 bacpy(&cp.bdaddr, &conn->dst);
827 cp.pkt_type = cpu_to_le16(conn->pkt_type);
828
829 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
830 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
831 cp.content_format = cpu_to_le16(setting);
832
833 switch (setting & SCO_AIRMODE_MASK) {
834 case SCO_AIRMODE_TRANSP:
835 if (conn->pkt_type & ESCO_2EV3)
836 cp.max_latency = cpu_to_le16(0x0008);
837 else
838 cp.max_latency = cpu_to_le16(0x000D);
839 cp.retrans_effort = 0x02;
840 break;
841 case SCO_AIRMODE_CVSD:
842 cp.max_latency = cpu_to_le16(0xffff);
843 cp.retrans_effort = 0xff;
844 break;
845 default:
846 /* use CVSD settings as fallback */
847 cp.max_latency = cpu_to_le16(0xffff);
848 cp.retrans_effort = 0xff;
849 break;
850 }
851
852 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
853 sizeof(cp), &cp);
854 }
855}
856
857static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
858 size_t len, int flags)
859{
860 struct sock *sk = sock->sk;
861 struct sco_pinfo *pi = sco_pi(sk);
862
863 lock_sock(sk);
864
865 if (sk->sk_state == BT_CONNECT2 &&
866 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
867 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
868 sk->sk_state = BT_CONFIG;
869
870 release_sock(sk);
871 return 0;
872 }
873
874 release_sock(sk);
875
876 return bt_sock_recvmsg(sock, msg, len, flags);
877}
878
879static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
880 sockptr_t optval, unsigned int optlen)
881{
882 struct sock *sk = sock->sk;
883 int err = 0;
884 struct bt_voice voice;
885 u32 opt;
886 struct bt_codecs *codecs;
887 struct hci_dev *hdev;
888 __u8 buffer[255];
889
890 BT_DBG("sk %p", sk);
891
892 lock_sock(sk);
893
894 switch (optname) {
895
896 case BT_DEFER_SETUP:
897 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
898 err = -EINVAL;
899 break;
900 }
901
902 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
903 if (err)
904 break;
905
906 if (opt)
907 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
908 else
909 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
910 break;
911
912 case BT_VOICE:
913 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
914 sk->sk_state != BT_CONNECT2) {
915 err = -EINVAL;
916 break;
917 }
918
919 voice.setting = sco_pi(sk)->setting;
920
921 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval,
922 optlen);
923 if (err)
924 break;
925
926 sco_pi(sk)->setting = voice.setting;
927 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
928 BDADDR_BREDR);
929 if (!hdev) {
930 err = -EBADFD;
931 break;
932 }
933
934 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
935 case SCO_AIRMODE_TRANSP:
936 if (enhanced_sync_conn_capable(hdev))
937 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
938 break;
939 }
940
941 hci_dev_put(hdev);
942 break;
943
944 case BT_PKT_STATUS:
945 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
946 if (err)
947 break;
948
949 if (opt)
950 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
951 else
952 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
953 break;
954
955 case BT_CODEC:
956 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
957 sk->sk_state != BT_CONNECT2) {
958 err = -EINVAL;
959 break;
960 }
961
962 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
963 BDADDR_BREDR);
964 if (!hdev) {
965 err = -EBADFD;
966 break;
967 }
968
969 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
970 hci_dev_put(hdev);
971 err = -EOPNOTSUPP;
972 break;
973 }
974
975 if (!hdev->get_data_path_id) {
976 hci_dev_put(hdev);
977 err = -EOPNOTSUPP;
978 break;
979 }
980
981 if (optlen < sizeof(struct bt_codecs) ||
982 optlen > sizeof(buffer)) {
983 hci_dev_put(hdev);
984 err = -EINVAL;
985 break;
986 }
987
988 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval,
989 optlen);
990 if (err) {
991 hci_dev_put(hdev);
992 break;
993 }
994
995 codecs = (void *)buffer;
996
997 if (codecs->num_codecs > 1) {
998 hci_dev_put(hdev);
999 err = -EINVAL;
1000 break;
1001 }
1002
1003 sco_pi(sk)->codec = codecs->codecs[0];
1004 hci_dev_put(hdev);
1005 break;
1006
1007 default:
1008 err = -ENOPROTOOPT;
1009 break;
1010 }
1011
1012 release_sock(sk);
1013 return err;
1014}
1015
1016static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1017 char __user *optval, int __user *optlen)
1018{
1019 struct sock *sk = sock->sk;
1020 struct sco_options opts;
1021 struct sco_conninfo cinfo;
1022 int err = 0;
1023 size_t len;
1024
1025 BT_DBG("sk %p", sk);
1026
1027 if (get_user(len, optlen))
1028 return -EFAULT;
1029
1030 lock_sock(sk);
1031
1032 switch (optname) {
1033 case SCO_OPTIONS:
1034 if (sk->sk_state != BT_CONNECTED &&
1035 !(sk->sk_state == BT_CONNECT2 &&
1036 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1037 err = -ENOTCONN;
1038 break;
1039 }
1040
1041 opts.mtu = sco_pi(sk)->conn->mtu;
1042
1043 BT_DBG("mtu %u", opts.mtu);
1044
1045 len = min(len, sizeof(opts));
1046 if (copy_to_user(optval, (char *)&opts, len))
1047 err = -EFAULT;
1048
1049 break;
1050
1051 case SCO_CONNINFO:
1052 if (sk->sk_state != BT_CONNECTED &&
1053 !(sk->sk_state == BT_CONNECT2 &&
1054 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1055 err = -ENOTCONN;
1056 break;
1057 }
1058
1059 memset(&cinfo, 0, sizeof(cinfo));
1060 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1061 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1062
1063 len = min(len, sizeof(cinfo));
1064 if (copy_to_user(optval, (char *)&cinfo, len))
1065 err = -EFAULT;
1066
1067 break;
1068
1069 default:
1070 err = -ENOPROTOOPT;
1071 break;
1072 }
1073
1074 release_sock(sk);
1075 return err;
1076}
1077
1078static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1079 char __user *optval, int __user *optlen)
1080{
1081 struct sock *sk = sock->sk;
1082 int len, err = 0;
1083 struct bt_voice voice;
1084 u32 phys;
1085 int buf_len;
1086 struct codec_list *c;
1087 u8 num_codecs, i, __user *ptr;
1088 struct hci_dev *hdev;
1089 struct hci_codec_caps *caps;
1090 struct bt_codec codec;
1091
1092 BT_DBG("sk %p", sk);
1093
1094 if (level == SOL_SCO)
1095 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1096
1097 if (get_user(len, optlen))
1098 return -EFAULT;
1099
1100 lock_sock(sk);
1101
1102 switch (optname) {
1103
1104 case BT_DEFER_SETUP:
1105 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1106 err = -EINVAL;
1107 break;
1108 }
1109
1110 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1111 (u32 __user *)optval))
1112 err = -EFAULT;
1113
1114 break;
1115
1116 case BT_VOICE:
1117 voice.setting = sco_pi(sk)->setting;
1118
1119 len = min_t(unsigned int, len, sizeof(voice));
1120 if (copy_to_user(optval, (char *)&voice, len))
1121 err = -EFAULT;
1122
1123 break;
1124
1125 case BT_PHY:
1126 if (sk->sk_state != BT_CONNECTED) {
1127 err = -ENOTCONN;
1128 break;
1129 }
1130
1131 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1132
1133 if (put_user(phys, (u32 __user *) optval))
1134 err = -EFAULT;
1135 break;
1136
1137 case BT_PKT_STATUS:
1138 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1139 (int __user *)optval))
1140 err = -EFAULT;
1141 break;
1142
1143 case BT_SNDMTU:
1144 case BT_RCVMTU:
1145 if (sk->sk_state != BT_CONNECTED) {
1146 err = -ENOTCONN;
1147 break;
1148 }
1149
1150 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1151 err = -EFAULT;
1152 break;
1153
1154 case BT_CODEC:
1155 num_codecs = 0;
1156 buf_len = 0;
1157
1158 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1159 if (!hdev) {
1160 err = -EBADFD;
1161 break;
1162 }
1163
1164 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1165 hci_dev_put(hdev);
1166 err = -EOPNOTSUPP;
1167 break;
1168 }
1169
1170 if (!hdev->get_data_path_id) {
1171 hci_dev_put(hdev);
1172 err = -EOPNOTSUPP;
1173 break;
1174 }
1175
1176 release_sock(sk);
1177
1178 /* find total buffer size required to copy codec + caps */
1179 hci_dev_lock(hdev);
1180 list_for_each_entry(c, &hdev->local_codecs, list) {
1181 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1182 continue;
1183 num_codecs++;
1184 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1185 buf_len += 1 + caps->len;
1186 caps = (void *)&caps->data[caps->len];
1187 }
1188 buf_len += sizeof(struct bt_codec);
1189 }
1190 hci_dev_unlock(hdev);
1191
1192 buf_len += sizeof(struct bt_codecs);
1193 if (buf_len > len) {
1194 hci_dev_put(hdev);
1195 return -ENOBUFS;
1196 }
1197 ptr = optval;
1198
1199 if (put_user(num_codecs, ptr)) {
1200 hci_dev_put(hdev);
1201 return -EFAULT;
1202 }
1203 ptr += sizeof(num_codecs);
1204
1205 /* Iterate all the codecs supported over SCO and populate
1206 * codec data
1207 */
1208 hci_dev_lock(hdev);
1209 list_for_each_entry(c, &hdev->local_codecs, list) {
1210 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1211 continue;
1212
1213 codec.id = c->id;
1214 codec.cid = c->cid;
1215 codec.vid = c->vid;
1216 err = hdev->get_data_path_id(hdev, &codec.data_path);
1217 if (err < 0)
1218 break;
1219 codec.num_caps = c->num_caps;
1220 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1221 err = -EFAULT;
1222 break;
1223 }
1224 ptr += sizeof(codec);
1225
1226 /* find codec capabilities data length */
1227 len = 0;
1228 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1229 len += 1 + caps->len;
1230 caps = (void *)&caps->data[caps->len];
1231 }
1232
1233 /* copy codec capabilities data */
1234 if (len && copy_to_user(ptr, c->caps, len)) {
1235 err = -EFAULT;
1236 break;
1237 }
1238 ptr += len;
1239 }
1240
1241 hci_dev_unlock(hdev);
1242 hci_dev_put(hdev);
1243
1244 lock_sock(sk);
1245
1246 if (!err && put_user(buf_len, optlen))
1247 err = -EFAULT;
1248
1249 break;
1250
1251 default:
1252 err = -ENOPROTOOPT;
1253 break;
1254 }
1255
1256 release_sock(sk);
1257 return err;
1258}
1259
1260static int sco_sock_shutdown(struct socket *sock, int how)
1261{
1262 struct sock *sk = sock->sk;
1263 int err = 0;
1264
1265 BT_DBG("sock %p, sk %p", sock, sk);
1266
1267 if (!sk)
1268 return 0;
1269
1270 sock_hold(sk);
1271 lock_sock(sk);
1272
1273 if (!sk->sk_shutdown) {
1274 sk->sk_shutdown = SHUTDOWN_MASK;
1275 sco_sock_clear_timer(sk);
1276 __sco_sock_close(sk);
1277
1278 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1279 !(current->flags & PF_EXITING))
1280 err = bt_sock_wait_state(sk, BT_CLOSED,
1281 sk->sk_lingertime);
1282 }
1283
1284 release_sock(sk);
1285 sock_put(sk);
1286
1287 return err;
1288}
1289
1290static int sco_sock_release(struct socket *sock)
1291{
1292 struct sock *sk = sock->sk;
1293 int err = 0;
1294
1295 BT_DBG("sock %p, sk %p", sock, sk);
1296
1297 if (!sk)
1298 return 0;
1299
1300 sco_sock_close(sk);
1301
1302 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1303 !(current->flags & PF_EXITING)) {
1304 lock_sock(sk);
1305 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1306 release_sock(sk);
1307 }
1308
1309 sock_orphan(sk);
1310 sco_sock_kill(sk);
1311 return err;
1312}
1313
1314static void sco_conn_ready(struct sco_conn *conn)
1315{
1316 struct sock *parent;
1317 struct sock *sk = conn->sk;
1318
1319 BT_DBG("conn %p", conn);
1320
1321 if (sk) {
1322 lock_sock(sk);
1323 sco_sock_clear_timer(sk);
1324 sk->sk_state = BT_CONNECTED;
1325 sk->sk_state_change(sk);
1326 release_sock(sk);
1327 } else {
1328 sco_conn_lock(conn);
1329
1330 if (!conn->hcon) {
1331 sco_conn_unlock(conn);
1332 return;
1333 }
1334
1335 parent = sco_get_sock_listen(&conn->hcon->src);
1336 if (!parent) {
1337 sco_conn_unlock(conn);
1338 return;
1339 }
1340
1341 lock_sock(parent);
1342
1343 sk = sco_sock_alloc(sock_net(parent), NULL,
1344 BTPROTO_SCO, GFP_ATOMIC, 0);
1345 if (!sk) {
1346 release_sock(parent);
1347 sco_conn_unlock(conn);
1348 return;
1349 }
1350
1351 sco_sock_init(sk, parent);
1352
1353 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1354 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1355
1356 hci_conn_hold(conn->hcon);
1357 __sco_chan_add(conn, sk, parent);
1358
1359 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1360 sk->sk_state = BT_CONNECT2;
1361 else
1362 sk->sk_state = BT_CONNECTED;
1363
1364 /* Wake up parent */
1365 parent->sk_data_ready(parent);
1366
1367 release_sock(parent);
1368
1369 sco_conn_unlock(conn);
1370 }
1371}
1372
1373/* ----- SCO interface with lower layer (HCI) ----- */
1374int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1375{
1376 struct sock *sk;
1377 int lm = 0;
1378
1379 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1380
1381 /* Find listening sockets */
1382 read_lock(&sco_sk_list.lock);
1383 sk_for_each(sk, &sco_sk_list.head) {
1384 if (sk->sk_state != BT_LISTEN)
1385 continue;
1386
1387 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1388 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1389 lm |= HCI_LM_ACCEPT;
1390
1391 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1392 *flags |= HCI_PROTO_DEFER;
1393 break;
1394 }
1395 }
1396 read_unlock(&sco_sk_list.lock);
1397
1398 return lm;
1399}
1400
1401static bool sco_match(struct hci_conn *hcon)
1402{
1403 return hcon->type == SCO_LINK || hcon->type == ESCO_LINK;
1404}
1405
1406static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1407{
1408 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1409
1410 if (!status) {
1411 struct sco_conn *conn;
1412
1413 conn = sco_conn_add(hcon);
1414 if (conn)
1415 sco_conn_ready(conn);
1416 } else
1417 sco_conn_del(hcon, bt_to_errno(status));
1418}
1419
1420static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1421{
1422 BT_DBG("hcon %p reason %d", hcon, reason);
1423
1424 sco_conn_del(hcon, bt_to_errno(reason));
1425}
1426
1427void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1428{
1429 struct sco_conn *conn = hcon->sco_data;
1430
1431 if (!conn)
1432 goto drop;
1433
1434 BT_DBG("conn %p len %u", conn, skb->len);
1435
1436 if (skb->len) {
1437 sco_recv_frame(conn, skb);
1438 return;
1439 }
1440
1441drop:
1442 kfree_skb(skb);
1443}
1444
1445static struct hci_cb sco_cb = {
1446 .name = "SCO",
1447 .match = sco_match,
1448 .connect_cfm = sco_connect_cfm,
1449 .disconn_cfm = sco_disconn_cfm,
1450};
1451
1452static int sco_debugfs_show(struct seq_file *f, void *p)
1453{
1454 struct sock *sk;
1455
1456 read_lock(&sco_sk_list.lock);
1457
1458 sk_for_each(sk, &sco_sk_list.head) {
1459 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1460 &sco_pi(sk)->dst, sk->sk_state);
1461 }
1462
1463 read_unlock(&sco_sk_list.lock);
1464
1465 return 0;
1466}
1467
1468DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1469
1470static struct dentry *sco_debugfs;
1471
1472static const struct proto_ops sco_sock_ops = {
1473 .family = PF_BLUETOOTH,
1474 .owner = THIS_MODULE,
1475 .release = sco_sock_release,
1476 .bind = sco_sock_bind,
1477 .connect = sco_sock_connect,
1478 .listen = sco_sock_listen,
1479 .accept = sco_sock_accept,
1480 .getname = sco_sock_getname,
1481 .sendmsg = sco_sock_sendmsg,
1482 .recvmsg = sco_sock_recvmsg,
1483 .poll = bt_sock_poll,
1484 .ioctl = bt_sock_ioctl,
1485 .gettstamp = sock_gettstamp,
1486 .mmap = sock_no_mmap,
1487 .socketpair = sock_no_socketpair,
1488 .shutdown = sco_sock_shutdown,
1489 .setsockopt = sco_sock_setsockopt,
1490 .getsockopt = sco_sock_getsockopt
1491};
1492
1493static const struct net_proto_family sco_sock_family_ops = {
1494 .family = PF_BLUETOOTH,
1495 .owner = THIS_MODULE,
1496 .create = sco_sock_create,
1497};
1498
1499int __init sco_init(void)
1500{
1501 int err;
1502
1503 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1504
1505 err = proto_register(&sco_proto, 0);
1506 if (err < 0)
1507 return err;
1508
1509 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1510 if (err < 0) {
1511 BT_ERR("SCO socket registration failed");
1512 goto error;
1513 }
1514
1515 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1516 if (err < 0) {
1517 BT_ERR("Failed to create SCO proc file");
1518 bt_sock_unregister(BTPROTO_SCO);
1519 goto error;
1520 }
1521
1522 BT_INFO("SCO socket layer initialized");
1523
1524 hci_register_cb(&sco_cb);
1525
1526 if (IS_ERR_OR_NULL(bt_debugfs))
1527 return 0;
1528
1529 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1530 NULL, &sco_debugfs_fops);
1531
1532 return 0;
1533
1534error:
1535 proto_unregister(&sco_proto);
1536 return err;
1537}
1538
1539void sco_exit(void)
1540{
1541 bt_procfs_cleanup(&init_net, "sco");
1542
1543 debugfs_remove(sco_debugfs);
1544
1545 hci_unregister_cb(&sco_cb);
1546
1547 bt_sock_unregister(BTPROTO_SCO);
1548
1549 proto_unregister(&sco_proto);
1550}
1551
1552module_param(disable_esco, bool, 0644);
1553MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73};
74
75/* ---- SCO timers ---- */
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 bh_lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 bh_unlock_sock(sk);
100
101 sock_put(sk);
102}
103
104static void sco_sock_set_timer(struct sock *sk, long timeout)
105{
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112}
113
114static void sco_sock_clear_timer(struct sock *sk)
115{
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121}
122
123/* ---- SCO connections ---- */
124static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125{
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137
138 hcon->sco_data = conn;
139 conn->hcon = hcon;
140
141 if (hdev->sco_mtu > 0)
142 conn->mtu = hdev->sco_mtu;
143 else
144 conn->mtu = 60;
145
146 BT_DBG("hcon %p conn %p", hcon, conn);
147
148 return conn;
149}
150
151/* Delete channel.
152 * Must be called on the locked socket. */
153static void sco_chan_del(struct sock *sk, int err)
154{
155 struct sco_conn *conn;
156
157 conn = sco_pi(sk)->conn;
158
159 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
160
161 if (conn) {
162 sco_conn_lock(conn);
163 conn->sk = NULL;
164 sco_pi(sk)->conn = NULL;
165 sco_conn_unlock(conn);
166
167 if (conn->hcon)
168 hci_conn_drop(conn->hcon);
169 }
170
171 sk->sk_state = BT_CLOSED;
172 sk->sk_err = err;
173 sk->sk_state_change(sk);
174
175 sock_set_flag(sk, SOCK_ZAPPED);
176}
177
178static void sco_conn_del(struct hci_conn *hcon, int err)
179{
180 struct sco_conn *conn = hcon->sco_data;
181 struct sock *sk;
182
183 if (!conn)
184 return;
185
186 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
187
188 /* Kill socket */
189 sco_conn_lock(conn);
190 sk = conn->sk;
191 sco_conn_unlock(conn);
192
193 if (sk) {
194 sock_hold(sk);
195 bh_lock_sock(sk);
196 sco_sock_clear_timer(sk);
197 sco_chan_del(sk, err);
198 bh_unlock_sock(sk);
199 sock_put(sk);
200
201 /* Ensure no more work items will run before freeing conn. */
202 cancel_delayed_work_sync(&conn->timeout_work);
203 }
204
205 hcon->sco_data = NULL;
206 kfree(conn);
207}
208
209static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
210 struct sock *parent)
211{
212 BT_DBG("conn %p", conn);
213
214 sco_pi(sk)->conn = conn;
215 conn->sk = sk;
216
217 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
218
219 if (parent)
220 bt_accept_enqueue(parent, sk, true);
221}
222
223static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
224 struct sock *parent)
225{
226 int err = 0;
227
228 sco_conn_lock(conn);
229 if (conn->sk)
230 err = -EBUSY;
231 else
232 __sco_chan_add(conn, sk, parent);
233
234 sco_conn_unlock(conn);
235 return err;
236}
237
238static int sco_connect(struct hci_dev *hdev, struct sock *sk)
239{
240 struct sco_conn *conn;
241 struct hci_conn *hcon;
242 int err, type;
243
244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
245
246 if (lmp_esco_capable(hdev) && !disable_esco)
247 type = ESCO_LINK;
248 else
249 type = SCO_LINK;
250
251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
253 return -EOPNOTSUPP;
254
255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
256 sco_pi(sk)->setting);
257 if (IS_ERR(hcon))
258 return PTR_ERR(hcon);
259
260 conn = sco_conn_add(hcon);
261 if (!conn) {
262 hci_conn_drop(hcon);
263 return -ENOMEM;
264 }
265
266 /* Update source addr of the socket */
267 bacpy(&sco_pi(sk)->src, &hcon->src);
268
269 err = sco_chan_add(conn, sk, NULL);
270 if (err)
271 return err;
272
273 if (hcon->state == BT_CONNECTED) {
274 sco_sock_clear_timer(sk);
275 sk->sk_state = BT_CONNECTED;
276 } else {
277 sk->sk_state = BT_CONNECT;
278 sco_sock_set_timer(sk, sk->sk_sndtimeo);
279 }
280
281 return err;
282}
283
284static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
285{
286 struct sco_conn *conn = sco_pi(sk)->conn;
287 struct sk_buff *skb;
288 int err;
289
290 /* Check outgoing MTU */
291 if (len > conn->mtu)
292 return -EINVAL;
293
294 BT_DBG("sk %p len %d", sk, len);
295
296 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
297 if (!skb)
298 return err;
299
300 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
301 kfree_skb(skb);
302 return -EFAULT;
303 }
304
305 hci_send_sco(conn->hcon, skb);
306
307 return len;
308}
309
310static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
311{
312 struct sock *sk;
313
314 sco_conn_lock(conn);
315 sk = conn->sk;
316 sco_conn_unlock(conn);
317
318 if (!sk)
319 goto drop;
320
321 BT_DBG("sk %p len %u", sk, skb->len);
322
323 if (sk->sk_state != BT_CONNECTED)
324 goto drop;
325
326 if (!sock_queue_rcv_skb(sk, skb))
327 return;
328
329drop:
330 kfree_skb(skb);
331}
332
333/* -------- Socket interface ---------- */
334static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
335{
336 struct sock *sk;
337
338 sk_for_each(sk, &sco_sk_list.head) {
339 if (sk->sk_state != BT_LISTEN)
340 continue;
341
342 if (!bacmp(&sco_pi(sk)->src, ba))
343 return sk;
344 }
345
346 return NULL;
347}
348
349/* Find socket listening on source bdaddr.
350 * Returns closest match.
351 */
352static struct sock *sco_get_sock_listen(bdaddr_t *src)
353{
354 struct sock *sk = NULL, *sk1 = NULL;
355
356 read_lock(&sco_sk_list.lock);
357
358 sk_for_each(sk, &sco_sk_list.head) {
359 if (sk->sk_state != BT_LISTEN)
360 continue;
361
362 /* Exact match. */
363 if (!bacmp(&sco_pi(sk)->src, src))
364 break;
365
366 /* Closest match */
367 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
368 sk1 = sk;
369 }
370
371 read_unlock(&sco_sk_list.lock);
372
373 return sk ? sk : sk1;
374}
375
376static void sco_sock_destruct(struct sock *sk)
377{
378 BT_DBG("sk %p", sk);
379
380 skb_queue_purge(&sk->sk_receive_queue);
381 skb_queue_purge(&sk->sk_write_queue);
382}
383
384static void sco_sock_cleanup_listen(struct sock *parent)
385{
386 struct sock *sk;
387
388 BT_DBG("parent %p", parent);
389
390 /* Close not yet accepted channels */
391 while ((sk = bt_accept_dequeue(parent, NULL))) {
392 sco_sock_close(sk);
393 sco_sock_kill(sk);
394 }
395
396 parent->sk_state = BT_CLOSED;
397 sock_set_flag(parent, SOCK_ZAPPED);
398}
399
400/* Kill socket (only if zapped and orphan)
401 * Must be called on unlocked socket.
402 */
403static void sco_sock_kill(struct sock *sk)
404{
405 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
406 return;
407
408 BT_DBG("sk %p state %d", sk, sk->sk_state);
409
410 /* Kill poor orphan */
411 bt_sock_unlink(&sco_sk_list, sk);
412 sock_set_flag(sk, SOCK_DEAD);
413 sock_put(sk);
414}
415
416static void __sco_sock_close(struct sock *sk)
417{
418 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
419
420 switch (sk->sk_state) {
421 case BT_LISTEN:
422 sco_sock_cleanup_listen(sk);
423 break;
424
425 case BT_CONNECTED:
426 case BT_CONFIG:
427 if (sco_pi(sk)->conn->hcon) {
428 sk->sk_state = BT_DISCONN;
429 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
430 sco_conn_lock(sco_pi(sk)->conn);
431 hci_conn_drop(sco_pi(sk)->conn->hcon);
432 sco_pi(sk)->conn->hcon = NULL;
433 sco_conn_unlock(sco_pi(sk)->conn);
434 } else
435 sco_chan_del(sk, ECONNRESET);
436 break;
437
438 case BT_CONNECT2:
439 case BT_CONNECT:
440 case BT_DISCONN:
441 sco_chan_del(sk, ECONNRESET);
442 break;
443
444 default:
445 sock_set_flag(sk, SOCK_ZAPPED);
446 break;
447 }
448}
449
450/* Must be called on unlocked socket. */
451static void sco_sock_close(struct sock *sk)
452{
453 sco_sock_clear_timer(sk);
454 lock_sock(sk);
455 __sco_sock_close(sk);
456 release_sock(sk);
457}
458
459static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
460 struct sock *sk)
461{
462 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
463 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
464 sizeof(bt_cb(skb)->sco.pkt_status),
465 &bt_cb(skb)->sco.pkt_status);
466}
467
468static void sco_sock_init(struct sock *sk, struct sock *parent)
469{
470 BT_DBG("sk %p", sk);
471
472 if (parent) {
473 sk->sk_type = parent->sk_type;
474 bt_sk(sk)->flags = bt_sk(parent)->flags;
475 security_sk_clone(parent, sk);
476 } else {
477 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
478 }
479}
480
481static struct proto sco_proto = {
482 .name = "SCO",
483 .owner = THIS_MODULE,
484 .obj_size = sizeof(struct sco_pinfo)
485};
486
487static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
488 int proto, gfp_t prio, int kern)
489{
490 struct sock *sk;
491
492 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
493 if (!sk)
494 return NULL;
495
496 sock_init_data(sock, sk);
497 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
498
499 sk->sk_destruct = sco_sock_destruct;
500 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
501
502 sock_reset_flag(sk, SOCK_ZAPPED);
503
504 sk->sk_protocol = proto;
505 sk->sk_state = BT_OPEN;
506
507 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
508
509 bt_sock_link(&sco_sk_list, sk);
510 return sk;
511}
512
513static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
514 int kern)
515{
516 struct sock *sk;
517
518 BT_DBG("sock %p", sock);
519
520 sock->state = SS_UNCONNECTED;
521
522 if (sock->type != SOCK_SEQPACKET)
523 return -ESOCKTNOSUPPORT;
524
525 sock->ops = &sco_sock_ops;
526
527 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
528 if (!sk)
529 return -ENOMEM;
530
531 sco_sock_init(sk, NULL);
532 return 0;
533}
534
535static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
536 int addr_len)
537{
538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
539 struct sock *sk = sock->sk;
540 int err = 0;
541
542 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
543 addr->sa_family != AF_BLUETOOTH)
544 return -EINVAL;
545
546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
547
548 lock_sock(sk);
549
550 if (sk->sk_state != BT_OPEN) {
551 err = -EBADFD;
552 goto done;
553 }
554
555 if (sk->sk_type != SOCK_SEQPACKET) {
556 err = -EINVAL;
557 goto done;
558 }
559
560 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
561
562 sk->sk_state = BT_BOUND;
563
564done:
565 release_sock(sk);
566 return err;
567}
568
569static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
570{
571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
572 struct sock *sk = sock->sk;
573 struct hci_dev *hdev;
574 int err;
575
576 BT_DBG("sk %p", sk);
577
578 if (alen < sizeof(struct sockaddr_sco) ||
579 addr->sa_family != AF_BLUETOOTH)
580 return -EINVAL;
581
582 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
583 return -EBADFD;
584
585 if (sk->sk_type != SOCK_SEQPACKET)
586 return -EINVAL;
587
588 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
589 if (!hdev)
590 return -EHOSTUNREACH;
591 hci_dev_lock(hdev);
592
593 lock_sock(sk);
594
595 /* Set destination address and psm */
596 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
597
598 err = sco_connect(hdev, sk);
599 hci_dev_unlock(hdev);
600 hci_dev_put(hdev);
601 if (err)
602 goto done;
603
604 err = bt_sock_wait_state(sk, BT_CONNECTED,
605 sock_sndtimeo(sk, flags & O_NONBLOCK));
606
607done:
608 release_sock(sk);
609 return err;
610}
611
612static int sco_sock_listen(struct socket *sock, int backlog)
613{
614 struct sock *sk = sock->sk;
615 bdaddr_t *src = &sco_pi(sk)->src;
616 int err = 0;
617
618 BT_DBG("sk %p backlog %d", sk, backlog);
619
620 lock_sock(sk);
621
622 if (sk->sk_state != BT_BOUND) {
623 err = -EBADFD;
624 goto done;
625 }
626
627 if (sk->sk_type != SOCK_SEQPACKET) {
628 err = -EINVAL;
629 goto done;
630 }
631
632 write_lock(&sco_sk_list.lock);
633
634 if (__sco_get_sock_listen_by_addr(src)) {
635 err = -EADDRINUSE;
636 goto unlock;
637 }
638
639 sk->sk_max_ack_backlog = backlog;
640 sk->sk_ack_backlog = 0;
641
642 sk->sk_state = BT_LISTEN;
643
644unlock:
645 write_unlock(&sco_sk_list.lock);
646
647done:
648 release_sock(sk);
649 return err;
650}
651
652static int sco_sock_accept(struct socket *sock, struct socket *newsock,
653 int flags, bool kern)
654{
655 DEFINE_WAIT_FUNC(wait, woken_wake_function);
656 struct sock *sk = sock->sk, *ch;
657 long timeo;
658 int err = 0;
659
660 lock_sock(sk);
661
662 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
663
664 BT_DBG("sk %p timeo %ld", sk, timeo);
665
666 /* Wait for an incoming connection. (wake-one). */
667 add_wait_queue_exclusive(sk_sleep(sk), &wait);
668 while (1) {
669 if (sk->sk_state != BT_LISTEN) {
670 err = -EBADFD;
671 break;
672 }
673
674 ch = bt_accept_dequeue(sk, newsock);
675 if (ch)
676 break;
677
678 if (!timeo) {
679 err = -EAGAIN;
680 break;
681 }
682
683 if (signal_pending(current)) {
684 err = sock_intr_errno(timeo);
685 break;
686 }
687
688 release_sock(sk);
689
690 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
691 lock_sock(sk);
692 }
693 remove_wait_queue(sk_sleep(sk), &wait);
694
695 if (err)
696 goto done;
697
698 newsock->state = SS_CONNECTED;
699
700 BT_DBG("new socket %p", ch);
701
702done:
703 release_sock(sk);
704 return err;
705}
706
707static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
708 int peer)
709{
710 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
711 struct sock *sk = sock->sk;
712
713 BT_DBG("sock %p, sk %p", sock, sk);
714
715 addr->sa_family = AF_BLUETOOTH;
716
717 if (peer)
718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
719 else
720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
721
722 return sizeof(struct sockaddr_sco);
723}
724
725static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
726 size_t len)
727{
728 struct sock *sk = sock->sk;
729 int err;
730
731 BT_DBG("sock %p, sk %p", sock, sk);
732
733 err = sock_error(sk);
734 if (err)
735 return err;
736
737 if (msg->msg_flags & MSG_OOB)
738 return -EOPNOTSUPP;
739
740 lock_sock(sk);
741
742 if (sk->sk_state == BT_CONNECTED)
743 err = sco_send_frame(sk, msg, len);
744 else
745 err = -ENOTCONN;
746
747 release_sock(sk);
748 return err;
749}
750
751static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
752{
753 struct hci_dev *hdev = conn->hdev;
754
755 BT_DBG("conn %p", conn);
756
757 conn->state = BT_CONFIG;
758
759 if (!lmp_esco_capable(hdev)) {
760 struct hci_cp_accept_conn_req cp;
761
762 bacpy(&cp.bdaddr, &conn->dst);
763 cp.role = 0x00; /* Ignored */
764
765 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
766 } else {
767 struct hci_cp_accept_sync_conn_req cp;
768
769 bacpy(&cp.bdaddr, &conn->dst);
770 cp.pkt_type = cpu_to_le16(conn->pkt_type);
771
772 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
773 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
774 cp.content_format = cpu_to_le16(setting);
775
776 switch (setting & SCO_AIRMODE_MASK) {
777 case SCO_AIRMODE_TRANSP:
778 if (conn->pkt_type & ESCO_2EV3)
779 cp.max_latency = cpu_to_le16(0x0008);
780 else
781 cp.max_latency = cpu_to_le16(0x000D);
782 cp.retrans_effort = 0x02;
783 break;
784 case SCO_AIRMODE_CVSD:
785 cp.max_latency = cpu_to_le16(0xffff);
786 cp.retrans_effort = 0xff;
787 break;
788 default:
789 /* use CVSD settings as fallback */
790 cp.max_latency = cpu_to_le16(0xffff);
791 cp.retrans_effort = 0xff;
792 break;
793 }
794
795 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
796 sizeof(cp), &cp);
797 }
798}
799
800static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
801 size_t len, int flags)
802{
803 struct sock *sk = sock->sk;
804 struct sco_pinfo *pi = sco_pi(sk);
805
806 lock_sock(sk);
807
808 if (sk->sk_state == BT_CONNECT2 &&
809 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
810 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
811 sk->sk_state = BT_CONFIG;
812
813 release_sock(sk);
814 return 0;
815 }
816
817 release_sock(sk);
818
819 return bt_sock_recvmsg(sock, msg, len, flags);
820}
821
822static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
823 sockptr_t optval, unsigned int optlen)
824{
825 struct sock *sk = sock->sk;
826 int len, err = 0;
827 struct bt_voice voice;
828 u32 opt;
829
830 BT_DBG("sk %p", sk);
831
832 lock_sock(sk);
833
834 switch (optname) {
835
836 case BT_DEFER_SETUP:
837 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
838 err = -EINVAL;
839 break;
840 }
841
842 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
843 err = -EFAULT;
844 break;
845 }
846
847 if (opt)
848 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
849 else
850 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
851 break;
852
853 case BT_VOICE:
854 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
855 sk->sk_state != BT_CONNECT2) {
856 err = -EINVAL;
857 break;
858 }
859
860 voice.setting = sco_pi(sk)->setting;
861
862 len = min_t(unsigned int, sizeof(voice), optlen);
863 if (copy_from_sockptr(&voice, optval, len)) {
864 err = -EFAULT;
865 break;
866 }
867
868 /* Explicitly check for these values */
869 if (voice.setting != BT_VOICE_TRANSPARENT &&
870 voice.setting != BT_VOICE_CVSD_16BIT) {
871 err = -EINVAL;
872 break;
873 }
874
875 sco_pi(sk)->setting = voice.setting;
876 break;
877
878 case BT_PKT_STATUS:
879 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
880 err = -EFAULT;
881 break;
882 }
883
884 if (opt)
885 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
886 else
887 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
888 break;
889
890 default:
891 err = -ENOPROTOOPT;
892 break;
893 }
894
895 release_sock(sk);
896 return err;
897}
898
899static int sco_sock_getsockopt_old(struct socket *sock, int optname,
900 char __user *optval, int __user *optlen)
901{
902 struct sock *sk = sock->sk;
903 struct sco_options opts;
904 struct sco_conninfo cinfo;
905 int len, err = 0;
906
907 BT_DBG("sk %p", sk);
908
909 if (get_user(len, optlen))
910 return -EFAULT;
911
912 lock_sock(sk);
913
914 switch (optname) {
915 case SCO_OPTIONS:
916 if (sk->sk_state != BT_CONNECTED &&
917 !(sk->sk_state == BT_CONNECT2 &&
918 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
919 err = -ENOTCONN;
920 break;
921 }
922
923 opts.mtu = sco_pi(sk)->conn->mtu;
924
925 BT_DBG("mtu %u", opts.mtu);
926
927 len = min_t(unsigned int, len, sizeof(opts));
928 if (copy_to_user(optval, (char *)&opts, len))
929 err = -EFAULT;
930
931 break;
932
933 case SCO_CONNINFO:
934 if (sk->sk_state != BT_CONNECTED &&
935 !(sk->sk_state == BT_CONNECT2 &&
936 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
937 err = -ENOTCONN;
938 break;
939 }
940
941 memset(&cinfo, 0, sizeof(cinfo));
942 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
943 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
944
945 len = min_t(unsigned int, len, sizeof(cinfo));
946 if (copy_to_user(optval, (char *)&cinfo, len))
947 err = -EFAULT;
948
949 break;
950
951 default:
952 err = -ENOPROTOOPT;
953 break;
954 }
955
956 release_sock(sk);
957 return err;
958}
959
960static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
961 char __user *optval, int __user *optlen)
962{
963 struct sock *sk = sock->sk;
964 int len, err = 0;
965 struct bt_voice voice;
966 u32 phys;
967 int pkt_status;
968
969 BT_DBG("sk %p", sk);
970
971 if (level == SOL_SCO)
972 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
973
974 if (get_user(len, optlen))
975 return -EFAULT;
976
977 lock_sock(sk);
978
979 switch (optname) {
980
981 case BT_DEFER_SETUP:
982 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
983 err = -EINVAL;
984 break;
985 }
986
987 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
988 (u32 __user *)optval))
989 err = -EFAULT;
990
991 break;
992
993 case BT_VOICE:
994 voice.setting = sco_pi(sk)->setting;
995
996 len = min_t(unsigned int, len, sizeof(voice));
997 if (copy_to_user(optval, (char *)&voice, len))
998 err = -EFAULT;
999
1000 break;
1001
1002 case BT_PHY:
1003 if (sk->sk_state != BT_CONNECTED) {
1004 err = -ENOTCONN;
1005 break;
1006 }
1007
1008 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1009
1010 if (put_user(phys, (u32 __user *) optval))
1011 err = -EFAULT;
1012 break;
1013
1014 case BT_PKT_STATUS:
1015 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1016
1017 if (put_user(pkt_status, (int __user *)optval))
1018 err = -EFAULT;
1019 break;
1020
1021 case BT_SNDMTU:
1022 case BT_RCVMTU:
1023 if (sk->sk_state != BT_CONNECTED) {
1024 err = -ENOTCONN;
1025 break;
1026 }
1027
1028 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1029 err = -EFAULT;
1030 break;
1031
1032 default:
1033 err = -ENOPROTOOPT;
1034 break;
1035 }
1036
1037 release_sock(sk);
1038 return err;
1039}
1040
1041static int sco_sock_shutdown(struct socket *sock, int how)
1042{
1043 struct sock *sk = sock->sk;
1044 int err = 0;
1045
1046 BT_DBG("sock %p, sk %p", sock, sk);
1047
1048 if (!sk)
1049 return 0;
1050
1051 sock_hold(sk);
1052 lock_sock(sk);
1053
1054 if (!sk->sk_shutdown) {
1055 sk->sk_shutdown = SHUTDOWN_MASK;
1056 sco_sock_clear_timer(sk);
1057 __sco_sock_close(sk);
1058
1059 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1060 !(current->flags & PF_EXITING))
1061 err = bt_sock_wait_state(sk, BT_CLOSED,
1062 sk->sk_lingertime);
1063 }
1064
1065 release_sock(sk);
1066 sock_put(sk);
1067
1068 return err;
1069}
1070
1071static int sco_sock_release(struct socket *sock)
1072{
1073 struct sock *sk = sock->sk;
1074 int err = 0;
1075
1076 BT_DBG("sock %p, sk %p", sock, sk);
1077
1078 if (!sk)
1079 return 0;
1080
1081 sco_sock_close(sk);
1082
1083 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1084 !(current->flags & PF_EXITING)) {
1085 lock_sock(sk);
1086 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1087 release_sock(sk);
1088 }
1089
1090 sock_orphan(sk);
1091 sco_sock_kill(sk);
1092 return err;
1093}
1094
1095static void sco_conn_ready(struct sco_conn *conn)
1096{
1097 struct sock *parent;
1098 struct sock *sk = conn->sk;
1099
1100 BT_DBG("conn %p", conn);
1101
1102 if (sk) {
1103 sco_sock_clear_timer(sk);
1104 bh_lock_sock(sk);
1105 sk->sk_state = BT_CONNECTED;
1106 sk->sk_state_change(sk);
1107 bh_unlock_sock(sk);
1108 } else {
1109 sco_conn_lock(conn);
1110
1111 if (!conn->hcon) {
1112 sco_conn_unlock(conn);
1113 return;
1114 }
1115
1116 parent = sco_get_sock_listen(&conn->hcon->src);
1117 if (!parent) {
1118 sco_conn_unlock(conn);
1119 return;
1120 }
1121
1122 bh_lock_sock(parent);
1123
1124 sk = sco_sock_alloc(sock_net(parent), NULL,
1125 BTPROTO_SCO, GFP_ATOMIC, 0);
1126 if (!sk) {
1127 bh_unlock_sock(parent);
1128 sco_conn_unlock(conn);
1129 return;
1130 }
1131
1132 sco_sock_init(sk, parent);
1133
1134 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1135 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1136
1137 hci_conn_hold(conn->hcon);
1138 __sco_chan_add(conn, sk, parent);
1139
1140 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1141 sk->sk_state = BT_CONNECT2;
1142 else
1143 sk->sk_state = BT_CONNECTED;
1144
1145 /* Wake up parent */
1146 parent->sk_data_ready(parent);
1147
1148 bh_unlock_sock(parent);
1149
1150 sco_conn_unlock(conn);
1151 }
1152}
1153
1154/* ----- SCO interface with lower layer (HCI) ----- */
1155int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1156{
1157 struct sock *sk;
1158 int lm = 0;
1159
1160 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1161
1162 /* Find listening sockets */
1163 read_lock(&sco_sk_list.lock);
1164 sk_for_each(sk, &sco_sk_list.head) {
1165 if (sk->sk_state != BT_LISTEN)
1166 continue;
1167
1168 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1169 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1170 lm |= HCI_LM_ACCEPT;
1171
1172 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1173 *flags |= HCI_PROTO_DEFER;
1174 break;
1175 }
1176 }
1177 read_unlock(&sco_sk_list.lock);
1178
1179 return lm;
1180}
1181
1182static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1183{
1184 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1185 return;
1186
1187 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1188
1189 if (!status) {
1190 struct sco_conn *conn;
1191
1192 conn = sco_conn_add(hcon);
1193 if (conn)
1194 sco_conn_ready(conn);
1195 } else
1196 sco_conn_del(hcon, bt_to_errno(status));
1197}
1198
1199static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1200{
1201 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1202 return;
1203
1204 BT_DBG("hcon %p reason %d", hcon, reason);
1205
1206 sco_conn_del(hcon, bt_to_errno(reason));
1207}
1208
1209void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1210{
1211 struct sco_conn *conn = hcon->sco_data;
1212
1213 if (!conn)
1214 goto drop;
1215
1216 BT_DBG("conn %p len %u", conn, skb->len);
1217
1218 if (skb->len) {
1219 sco_recv_frame(conn, skb);
1220 return;
1221 }
1222
1223drop:
1224 kfree_skb(skb);
1225}
1226
1227static struct hci_cb sco_cb = {
1228 .name = "SCO",
1229 .connect_cfm = sco_connect_cfm,
1230 .disconn_cfm = sco_disconn_cfm,
1231};
1232
1233static int sco_debugfs_show(struct seq_file *f, void *p)
1234{
1235 struct sock *sk;
1236
1237 read_lock(&sco_sk_list.lock);
1238
1239 sk_for_each(sk, &sco_sk_list.head) {
1240 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1241 &sco_pi(sk)->dst, sk->sk_state);
1242 }
1243
1244 read_unlock(&sco_sk_list.lock);
1245
1246 return 0;
1247}
1248
1249DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1250
1251static struct dentry *sco_debugfs;
1252
1253static const struct proto_ops sco_sock_ops = {
1254 .family = PF_BLUETOOTH,
1255 .owner = THIS_MODULE,
1256 .release = sco_sock_release,
1257 .bind = sco_sock_bind,
1258 .connect = sco_sock_connect,
1259 .listen = sco_sock_listen,
1260 .accept = sco_sock_accept,
1261 .getname = sco_sock_getname,
1262 .sendmsg = sco_sock_sendmsg,
1263 .recvmsg = sco_sock_recvmsg,
1264 .poll = bt_sock_poll,
1265 .ioctl = bt_sock_ioctl,
1266 .gettstamp = sock_gettstamp,
1267 .mmap = sock_no_mmap,
1268 .socketpair = sock_no_socketpair,
1269 .shutdown = sco_sock_shutdown,
1270 .setsockopt = sco_sock_setsockopt,
1271 .getsockopt = sco_sock_getsockopt
1272};
1273
1274static const struct net_proto_family sco_sock_family_ops = {
1275 .family = PF_BLUETOOTH,
1276 .owner = THIS_MODULE,
1277 .create = sco_sock_create,
1278};
1279
1280int __init sco_init(void)
1281{
1282 int err;
1283
1284 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1285
1286 err = proto_register(&sco_proto, 0);
1287 if (err < 0)
1288 return err;
1289
1290 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1291 if (err < 0) {
1292 BT_ERR("SCO socket registration failed");
1293 goto error;
1294 }
1295
1296 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1297 if (err < 0) {
1298 BT_ERR("Failed to create SCO proc file");
1299 bt_sock_unregister(BTPROTO_SCO);
1300 goto error;
1301 }
1302
1303 BT_INFO("SCO socket layer initialized");
1304
1305 hci_register_cb(&sco_cb);
1306
1307 if (IS_ERR_OR_NULL(bt_debugfs))
1308 return 0;
1309
1310 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1311 NULL, &sco_debugfs_fops);
1312
1313 return 0;
1314
1315error:
1316 proto_unregister(&sco_proto);
1317 return err;
1318}
1319
1320void sco_exit(void)
1321{
1322 bt_procfs_cleanup(&init_net, "sco");
1323
1324 debugfs_remove(sco_debugfs);
1325
1326 hci_unregister_cb(&sco_cb);
1327
1328 bt_sock_unregister(BTPROTO_SCO);
1329
1330 proto_unregister(&sco_proto);
1331}
1332
1333module_param(disable_esco, bool, 0644);
1334MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");