Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 struct bt_codec codec;
72 struct sco_conn *conn;
73};
74
75/* ---- SCO timers ---- */
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 release_sock(sk);
100 sock_put(sk);
101}
102
103static void sco_sock_set_timer(struct sock *sk, long timeout)
104{
105 if (!sco_pi(sk)->conn)
106 return;
107
108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
109 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
110 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
111}
112
113static void sco_sock_clear_timer(struct sock *sk)
114{
115 if (!sco_pi(sk)->conn)
116 return;
117
118 BT_DBG("sock %p state %d", sk, sk->sk_state);
119 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
120}
121
122/* ---- SCO connections ---- */
123static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
124{
125 struct hci_dev *hdev = hcon->hdev;
126 struct sco_conn *conn = hcon->sco_data;
127
128 if (conn) {
129 if (!conn->hcon)
130 conn->hcon = hcon;
131 return conn;
132 }
133
134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
135 if (!conn)
136 return NULL;
137
138 spin_lock_init(&conn->lock);
139 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
140
141 hcon->sco_data = conn;
142 conn->hcon = hcon;
143
144 if (hdev->sco_mtu > 0)
145 conn->mtu = hdev->sco_mtu;
146 else
147 conn->mtu = 60;
148
149 BT_DBG("hcon %p conn %p", hcon, conn);
150
151 return conn;
152}
153
154/* Delete channel.
155 * Must be called on the locked socket. */
156static void sco_chan_del(struct sock *sk, int err)
157{
158 struct sco_conn *conn;
159
160 conn = sco_pi(sk)->conn;
161
162 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
163
164 if (conn) {
165 sco_conn_lock(conn);
166 conn->sk = NULL;
167 sco_pi(sk)->conn = NULL;
168 sco_conn_unlock(conn);
169
170 if (conn->hcon)
171 hci_conn_drop(conn->hcon);
172 }
173
174 sk->sk_state = BT_CLOSED;
175 sk->sk_err = err;
176 sk->sk_state_change(sk);
177
178 sock_set_flag(sk, SOCK_ZAPPED);
179}
180
181static void sco_conn_del(struct hci_conn *hcon, int err)
182{
183 struct sco_conn *conn = hcon->sco_data;
184 struct sock *sk;
185
186 if (!conn)
187 return;
188
189 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
190
191 /* Kill socket */
192 sco_conn_lock(conn);
193 sk = conn->sk;
194 if (sk)
195 sock_hold(sk);
196 sco_conn_unlock(conn);
197
198 if (sk) {
199 lock_sock(sk);
200 sco_sock_clear_timer(sk);
201 sco_chan_del(sk, err);
202 release_sock(sk);
203 sock_put(sk);
204 }
205
206 /* Ensure no more work items will run before freeing conn. */
207 cancel_delayed_work_sync(&conn->timeout_work);
208
209 hcon->sco_data = NULL;
210 kfree(conn);
211}
212
213static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
214 struct sock *parent)
215{
216 BT_DBG("conn %p", conn);
217
218 sco_pi(sk)->conn = conn;
219 conn->sk = sk;
220
221 if (parent)
222 bt_accept_enqueue(parent, sk, true);
223}
224
225static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
226 struct sock *parent)
227{
228 int err = 0;
229
230 sco_conn_lock(conn);
231 if (conn->sk)
232 err = -EBUSY;
233 else
234 __sco_chan_add(conn, sk, parent);
235
236 sco_conn_unlock(conn);
237 return err;
238}
239
240static int sco_connect(struct sock *sk)
241{
242 struct sco_conn *conn;
243 struct hci_conn *hcon;
244 struct hci_dev *hdev;
245 int err, type;
246
247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
248
249 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
250 if (!hdev)
251 return -EHOSTUNREACH;
252
253 hci_dev_lock(hdev);
254
255 if (lmp_esco_capable(hdev) && !disable_esco)
256 type = ESCO_LINK;
257 else
258 type = SCO_LINK;
259
260 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
261 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
262 err = -EOPNOTSUPP;
263 goto unlock;
264 }
265
266 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
267 sco_pi(sk)->setting, &sco_pi(sk)->codec);
268 if (IS_ERR(hcon)) {
269 err = PTR_ERR(hcon);
270 goto unlock;
271 }
272
273 conn = sco_conn_add(hcon);
274 if (!conn) {
275 hci_conn_drop(hcon);
276 err = -ENOMEM;
277 goto unlock;
278 }
279
280 lock_sock(sk);
281
282 err = sco_chan_add(conn, sk, NULL);
283 if (err) {
284 release_sock(sk);
285 goto unlock;
286 }
287
288 /* Update source addr of the socket */
289 bacpy(&sco_pi(sk)->src, &hcon->src);
290
291 if (hcon->state == BT_CONNECTED) {
292 sco_sock_clear_timer(sk);
293 sk->sk_state = BT_CONNECTED;
294 } else {
295 sk->sk_state = BT_CONNECT;
296 sco_sock_set_timer(sk, sk->sk_sndtimeo);
297 }
298
299 release_sock(sk);
300
301unlock:
302 hci_dev_unlock(hdev);
303 hci_dev_put(hdev);
304 return err;
305}
306
307static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
308{
309 struct sco_conn *conn = sco_pi(sk)->conn;
310 int len = skb->len;
311
312 /* Check outgoing MTU */
313 if (len > conn->mtu)
314 return -EINVAL;
315
316 BT_DBG("sk %p len %d", sk, len);
317
318 hci_send_sco(conn->hcon, skb);
319
320 return len;
321}
322
323static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
324{
325 struct sock *sk;
326
327 sco_conn_lock(conn);
328 sk = conn->sk;
329 sco_conn_unlock(conn);
330
331 if (!sk)
332 goto drop;
333
334 BT_DBG("sk %p len %u", sk, skb->len);
335
336 if (sk->sk_state != BT_CONNECTED)
337 goto drop;
338
339 if (!sock_queue_rcv_skb(sk, skb))
340 return;
341
342drop:
343 kfree_skb(skb);
344}
345
346/* -------- Socket interface ---------- */
347static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
348{
349 struct sock *sk;
350
351 sk_for_each(sk, &sco_sk_list.head) {
352 if (sk->sk_state != BT_LISTEN)
353 continue;
354
355 if (!bacmp(&sco_pi(sk)->src, ba))
356 return sk;
357 }
358
359 return NULL;
360}
361
362/* Find socket listening on source bdaddr.
363 * Returns closest match.
364 */
365static struct sock *sco_get_sock_listen(bdaddr_t *src)
366{
367 struct sock *sk = NULL, *sk1 = NULL;
368
369 read_lock(&sco_sk_list.lock);
370
371 sk_for_each(sk, &sco_sk_list.head) {
372 if (sk->sk_state != BT_LISTEN)
373 continue;
374
375 /* Exact match. */
376 if (!bacmp(&sco_pi(sk)->src, src))
377 break;
378
379 /* Closest match */
380 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
381 sk1 = sk;
382 }
383
384 read_unlock(&sco_sk_list.lock);
385
386 return sk ? sk : sk1;
387}
388
389static void sco_sock_destruct(struct sock *sk)
390{
391 BT_DBG("sk %p", sk);
392
393 skb_queue_purge(&sk->sk_receive_queue);
394 skb_queue_purge(&sk->sk_write_queue);
395}
396
397static void sco_sock_cleanup_listen(struct sock *parent)
398{
399 struct sock *sk;
400
401 BT_DBG("parent %p", parent);
402
403 /* Close not yet accepted channels */
404 while ((sk = bt_accept_dequeue(parent, NULL))) {
405 sco_sock_close(sk);
406 sco_sock_kill(sk);
407 }
408
409 parent->sk_state = BT_CLOSED;
410 sock_set_flag(parent, SOCK_ZAPPED);
411}
412
413/* Kill socket (only if zapped and orphan)
414 * Must be called on unlocked socket.
415 */
416static void sco_sock_kill(struct sock *sk)
417{
418 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
419 return;
420
421 BT_DBG("sk %p state %d", sk, sk->sk_state);
422
423 /* Kill poor orphan */
424 bt_sock_unlink(&sco_sk_list, sk);
425 sock_set_flag(sk, SOCK_DEAD);
426 sock_put(sk);
427}
428
429static void __sco_sock_close(struct sock *sk)
430{
431 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
432
433 switch (sk->sk_state) {
434 case BT_LISTEN:
435 sco_sock_cleanup_listen(sk);
436 break;
437
438 case BT_CONNECTED:
439 case BT_CONFIG:
440 if (sco_pi(sk)->conn->hcon) {
441 sk->sk_state = BT_DISCONN;
442 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
443 sco_conn_lock(sco_pi(sk)->conn);
444 hci_conn_drop(sco_pi(sk)->conn->hcon);
445 sco_pi(sk)->conn->hcon = NULL;
446 sco_conn_unlock(sco_pi(sk)->conn);
447 } else
448 sco_chan_del(sk, ECONNRESET);
449 break;
450
451 case BT_CONNECT2:
452 case BT_CONNECT:
453 case BT_DISCONN:
454 sco_chan_del(sk, ECONNRESET);
455 break;
456
457 default:
458 sock_set_flag(sk, SOCK_ZAPPED);
459 break;
460 }
461
462}
463
464/* Must be called on unlocked socket. */
465static void sco_sock_close(struct sock *sk)
466{
467 lock_sock(sk);
468 sco_sock_clear_timer(sk);
469 __sco_sock_close(sk);
470 release_sock(sk);
471}
472
473static void sco_sock_init(struct sock *sk, struct sock *parent)
474{
475 BT_DBG("sk %p", sk);
476
477 if (parent) {
478 sk->sk_type = parent->sk_type;
479 bt_sk(sk)->flags = bt_sk(parent)->flags;
480 security_sk_clone(parent, sk);
481 }
482}
483
484static struct proto sco_proto = {
485 .name = "SCO",
486 .owner = THIS_MODULE,
487 .obj_size = sizeof(struct sco_pinfo)
488};
489
490static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
491 int proto, gfp_t prio, int kern)
492{
493 struct sock *sk;
494
495 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
496 if (!sk)
497 return NULL;
498
499 sk->sk_destruct = sco_sock_destruct;
500 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
501
502 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
503 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
504 sco_pi(sk)->codec.cid = 0xffff;
505 sco_pi(sk)->codec.vid = 0xffff;
506 sco_pi(sk)->codec.data_path = 0x00;
507
508 bt_sock_link(&sco_sk_list, sk);
509 return sk;
510}
511
512static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
513 int kern)
514{
515 struct sock *sk;
516
517 BT_DBG("sock %p", sock);
518
519 sock->state = SS_UNCONNECTED;
520
521 if (sock->type != SOCK_SEQPACKET)
522 return -ESOCKTNOSUPPORT;
523
524 sock->ops = &sco_sock_ops;
525
526 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
527 if (!sk)
528 return -ENOMEM;
529
530 sco_sock_init(sk, NULL);
531 return 0;
532}
533
534static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
535 int addr_len)
536{
537 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
538 struct sock *sk = sock->sk;
539 int err = 0;
540
541 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
542 addr->sa_family != AF_BLUETOOTH)
543 return -EINVAL;
544
545 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
546
547 lock_sock(sk);
548
549 if (sk->sk_state != BT_OPEN) {
550 err = -EBADFD;
551 goto done;
552 }
553
554 if (sk->sk_type != SOCK_SEQPACKET) {
555 err = -EINVAL;
556 goto done;
557 }
558
559 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
560
561 sk->sk_state = BT_BOUND;
562
563done:
564 release_sock(sk);
565 return err;
566}
567
568static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
569{
570 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
571 struct sock *sk = sock->sk;
572 int err;
573
574 BT_DBG("sk %p", sk);
575
576 if (alen < sizeof(struct sockaddr_sco) ||
577 addr->sa_family != AF_BLUETOOTH)
578 return -EINVAL;
579
580 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
581 return -EBADFD;
582
583 if (sk->sk_type != SOCK_SEQPACKET)
584 err = -EINVAL;
585
586 lock_sock(sk);
587 /* Set destination address and psm */
588 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
589 release_sock(sk);
590
591 err = sco_connect(sk);
592 if (err)
593 return err;
594
595 lock_sock(sk);
596
597 err = bt_sock_wait_state(sk, BT_CONNECTED,
598 sock_sndtimeo(sk, flags & O_NONBLOCK));
599
600 release_sock(sk);
601 return err;
602}
603
604static int sco_sock_listen(struct socket *sock, int backlog)
605{
606 struct sock *sk = sock->sk;
607 bdaddr_t *src = &sco_pi(sk)->src;
608 int err = 0;
609
610 BT_DBG("sk %p backlog %d", sk, backlog);
611
612 lock_sock(sk);
613
614 if (sk->sk_state != BT_BOUND) {
615 err = -EBADFD;
616 goto done;
617 }
618
619 if (sk->sk_type != SOCK_SEQPACKET) {
620 err = -EINVAL;
621 goto done;
622 }
623
624 write_lock(&sco_sk_list.lock);
625
626 if (__sco_get_sock_listen_by_addr(src)) {
627 err = -EADDRINUSE;
628 goto unlock;
629 }
630
631 sk->sk_max_ack_backlog = backlog;
632 sk->sk_ack_backlog = 0;
633
634 sk->sk_state = BT_LISTEN;
635
636unlock:
637 write_unlock(&sco_sk_list.lock);
638
639done:
640 release_sock(sk);
641 return err;
642}
643
644static int sco_sock_accept(struct socket *sock, struct socket *newsock,
645 int flags, bool kern)
646{
647 DEFINE_WAIT_FUNC(wait, woken_wake_function);
648 struct sock *sk = sock->sk, *ch;
649 long timeo;
650 int err = 0;
651
652 lock_sock(sk);
653
654 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
655
656 BT_DBG("sk %p timeo %ld", sk, timeo);
657
658 /* Wait for an incoming connection. (wake-one). */
659 add_wait_queue_exclusive(sk_sleep(sk), &wait);
660 while (1) {
661 if (sk->sk_state != BT_LISTEN) {
662 err = -EBADFD;
663 break;
664 }
665
666 ch = bt_accept_dequeue(sk, newsock);
667 if (ch)
668 break;
669
670 if (!timeo) {
671 err = -EAGAIN;
672 break;
673 }
674
675 if (signal_pending(current)) {
676 err = sock_intr_errno(timeo);
677 break;
678 }
679
680 release_sock(sk);
681
682 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
683 lock_sock(sk);
684 }
685 remove_wait_queue(sk_sleep(sk), &wait);
686
687 if (err)
688 goto done;
689
690 newsock->state = SS_CONNECTED;
691
692 BT_DBG("new socket %p", ch);
693
694done:
695 release_sock(sk);
696 return err;
697}
698
699static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
700 int peer)
701{
702 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
703 struct sock *sk = sock->sk;
704
705 BT_DBG("sock %p, sk %p", sock, sk);
706
707 addr->sa_family = AF_BLUETOOTH;
708
709 if (peer)
710 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
711 else
712 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
713
714 return sizeof(struct sockaddr_sco);
715}
716
717static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
718 size_t len)
719{
720 struct sock *sk = sock->sk;
721 struct sk_buff *skb;
722 int err;
723
724 BT_DBG("sock %p, sk %p", sock, sk);
725
726 err = sock_error(sk);
727 if (err)
728 return err;
729
730 if (msg->msg_flags & MSG_OOB)
731 return -EOPNOTSUPP;
732
733 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
734 if (IS_ERR(skb))
735 return PTR_ERR(skb);
736
737 lock_sock(sk);
738
739 if (sk->sk_state == BT_CONNECTED)
740 err = sco_send_frame(sk, skb);
741 else
742 err = -ENOTCONN;
743
744 release_sock(sk);
745
746 if (err < 0)
747 kfree_skb(skb);
748 return err;
749}
750
751static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
752{
753 struct hci_dev *hdev = conn->hdev;
754
755 BT_DBG("conn %p", conn);
756
757 conn->state = BT_CONFIG;
758
759 if (!lmp_esco_capable(hdev)) {
760 struct hci_cp_accept_conn_req cp;
761
762 bacpy(&cp.bdaddr, &conn->dst);
763 cp.role = 0x00; /* Ignored */
764
765 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
766 } else {
767 struct hci_cp_accept_sync_conn_req cp;
768
769 bacpy(&cp.bdaddr, &conn->dst);
770 cp.pkt_type = cpu_to_le16(conn->pkt_type);
771
772 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
773 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
774 cp.content_format = cpu_to_le16(setting);
775
776 switch (setting & SCO_AIRMODE_MASK) {
777 case SCO_AIRMODE_TRANSP:
778 if (conn->pkt_type & ESCO_2EV3)
779 cp.max_latency = cpu_to_le16(0x0008);
780 else
781 cp.max_latency = cpu_to_le16(0x000D);
782 cp.retrans_effort = 0x02;
783 break;
784 case SCO_AIRMODE_CVSD:
785 cp.max_latency = cpu_to_le16(0xffff);
786 cp.retrans_effort = 0xff;
787 break;
788 default:
789 /* use CVSD settings as fallback */
790 cp.max_latency = cpu_to_le16(0xffff);
791 cp.retrans_effort = 0xff;
792 break;
793 }
794
795 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
796 sizeof(cp), &cp);
797 }
798}
799
800static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
801 size_t len, int flags)
802{
803 struct sock *sk = sock->sk;
804 struct sco_pinfo *pi = sco_pi(sk);
805
806 lock_sock(sk);
807
808 if (sk->sk_state == BT_CONNECT2 &&
809 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
810 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
811 sk->sk_state = BT_CONFIG;
812
813 release_sock(sk);
814 return 0;
815 }
816
817 release_sock(sk);
818
819 return bt_sock_recvmsg(sock, msg, len, flags);
820}
821
822static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
823 sockptr_t optval, unsigned int optlen)
824{
825 struct sock *sk = sock->sk;
826 int len, err = 0;
827 struct bt_voice voice;
828 u32 opt;
829 struct bt_codecs *codecs;
830 struct hci_dev *hdev;
831 __u8 buffer[255];
832
833 BT_DBG("sk %p", sk);
834
835 lock_sock(sk);
836
837 switch (optname) {
838
839 case BT_DEFER_SETUP:
840 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
841 err = -EINVAL;
842 break;
843 }
844
845 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
846 err = -EFAULT;
847 break;
848 }
849
850 if (opt)
851 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
852 else
853 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
854 break;
855
856 case BT_VOICE:
857 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
858 sk->sk_state != BT_CONNECT2) {
859 err = -EINVAL;
860 break;
861 }
862
863 voice.setting = sco_pi(sk)->setting;
864
865 len = min_t(unsigned int, sizeof(voice), optlen);
866 if (copy_from_sockptr(&voice, optval, len)) {
867 err = -EFAULT;
868 break;
869 }
870
871 /* Explicitly check for these values */
872 if (voice.setting != BT_VOICE_TRANSPARENT &&
873 voice.setting != BT_VOICE_CVSD_16BIT) {
874 err = -EINVAL;
875 break;
876 }
877
878 sco_pi(sk)->setting = voice.setting;
879 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
880 BDADDR_BREDR);
881 if (!hdev) {
882 err = -EBADFD;
883 break;
884 }
885 if (enhanced_sync_conn_capable(hdev) &&
886 voice.setting == BT_VOICE_TRANSPARENT)
887 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
888 hci_dev_put(hdev);
889 break;
890
891 case BT_PKT_STATUS:
892 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
893 err = -EFAULT;
894 break;
895 }
896
897 if (opt)
898 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
899 else
900 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
901 break;
902
903 case BT_CODEC:
904 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
905 sk->sk_state != BT_CONNECT2) {
906 err = -EINVAL;
907 break;
908 }
909
910 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
911 BDADDR_BREDR);
912 if (!hdev) {
913 err = -EBADFD;
914 break;
915 }
916
917 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
918 hci_dev_put(hdev);
919 err = -EOPNOTSUPP;
920 break;
921 }
922
923 if (!hdev->get_data_path_id) {
924 hci_dev_put(hdev);
925 err = -EOPNOTSUPP;
926 break;
927 }
928
929 if (optlen < sizeof(struct bt_codecs) ||
930 optlen > sizeof(buffer)) {
931 hci_dev_put(hdev);
932 err = -EINVAL;
933 break;
934 }
935
936 if (copy_from_sockptr(buffer, optval, optlen)) {
937 hci_dev_put(hdev);
938 err = -EFAULT;
939 break;
940 }
941
942 codecs = (void *)buffer;
943
944 if (codecs->num_codecs > 1) {
945 hci_dev_put(hdev);
946 err = -EINVAL;
947 break;
948 }
949
950 sco_pi(sk)->codec = codecs->codecs[0];
951 hci_dev_put(hdev);
952 break;
953
954 default:
955 err = -ENOPROTOOPT;
956 break;
957 }
958
959 release_sock(sk);
960 return err;
961}
962
963static int sco_sock_getsockopt_old(struct socket *sock, int optname,
964 char __user *optval, int __user *optlen)
965{
966 struct sock *sk = sock->sk;
967 struct sco_options opts;
968 struct sco_conninfo cinfo;
969 int len, err = 0;
970
971 BT_DBG("sk %p", sk);
972
973 if (get_user(len, optlen))
974 return -EFAULT;
975
976 lock_sock(sk);
977
978 switch (optname) {
979 case SCO_OPTIONS:
980 if (sk->sk_state != BT_CONNECTED &&
981 !(sk->sk_state == BT_CONNECT2 &&
982 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
983 err = -ENOTCONN;
984 break;
985 }
986
987 opts.mtu = sco_pi(sk)->conn->mtu;
988
989 BT_DBG("mtu %u", opts.mtu);
990
991 len = min_t(unsigned int, len, sizeof(opts));
992 if (copy_to_user(optval, (char *)&opts, len))
993 err = -EFAULT;
994
995 break;
996
997 case SCO_CONNINFO:
998 if (sk->sk_state != BT_CONNECTED &&
999 !(sk->sk_state == BT_CONNECT2 &&
1000 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1001 err = -ENOTCONN;
1002 break;
1003 }
1004
1005 memset(&cinfo, 0, sizeof(cinfo));
1006 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1007 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1008
1009 len = min_t(unsigned int, len, sizeof(cinfo));
1010 if (copy_to_user(optval, (char *)&cinfo, len))
1011 err = -EFAULT;
1012
1013 break;
1014
1015 default:
1016 err = -ENOPROTOOPT;
1017 break;
1018 }
1019
1020 release_sock(sk);
1021 return err;
1022}
1023
1024static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1025 char __user *optval, int __user *optlen)
1026{
1027 struct sock *sk = sock->sk;
1028 int len, err = 0;
1029 struct bt_voice voice;
1030 u32 phys;
1031 int buf_len;
1032 struct codec_list *c;
1033 u8 num_codecs, i, __user *ptr;
1034 struct hci_dev *hdev;
1035 struct hci_codec_caps *caps;
1036 struct bt_codec codec;
1037
1038 BT_DBG("sk %p", sk);
1039
1040 if (level == SOL_SCO)
1041 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1042
1043 if (get_user(len, optlen))
1044 return -EFAULT;
1045
1046 lock_sock(sk);
1047
1048 switch (optname) {
1049
1050 case BT_DEFER_SETUP:
1051 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1052 err = -EINVAL;
1053 break;
1054 }
1055
1056 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1057 (u32 __user *)optval))
1058 err = -EFAULT;
1059
1060 break;
1061
1062 case BT_VOICE:
1063 voice.setting = sco_pi(sk)->setting;
1064
1065 len = min_t(unsigned int, len, sizeof(voice));
1066 if (copy_to_user(optval, (char *)&voice, len))
1067 err = -EFAULT;
1068
1069 break;
1070
1071 case BT_PHY:
1072 if (sk->sk_state != BT_CONNECTED) {
1073 err = -ENOTCONN;
1074 break;
1075 }
1076
1077 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1078
1079 if (put_user(phys, (u32 __user *) optval))
1080 err = -EFAULT;
1081 break;
1082
1083 case BT_PKT_STATUS:
1084 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1085 (int __user *)optval))
1086 err = -EFAULT;
1087 break;
1088
1089 case BT_SNDMTU:
1090 case BT_RCVMTU:
1091 if (sk->sk_state != BT_CONNECTED) {
1092 err = -ENOTCONN;
1093 break;
1094 }
1095
1096 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1097 err = -EFAULT;
1098 break;
1099
1100 case BT_CODEC:
1101 num_codecs = 0;
1102 buf_len = 0;
1103
1104 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1105 if (!hdev) {
1106 err = -EBADFD;
1107 break;
1108 }
1109
1110 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1111 hci_dev_put(hdev);
1112 err = -EOPNOTSUPP;
1113 break;
1114 }
1115
1116 if (!hdev->get_data_path_id) {
1117 hci_dev_put(hdev);
1118 err = -EOPNOTSUPP;
1119 break;
1120 }
1121
1122 release_sock(sk);
1123
1124 /* find total buffer size required to copy codec + caps */
1125 hci_dev_lock(hdev);
1126 list_for_each_entry(c, &hdev->local_codecs, list) {
1127 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1128 continue;
1129 num_codecs++;
1130 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1131 buf_len += 1 + caps->len;
1132 caps = (void *)&caps->data[caps->len];
1133 }
1134 buf_len += sizeof(struct bt_codec);
1135 }
1136 hci_dev_unlock(hdev);
1137
1138 buf_len += sizeof(struct bt_codecs);
1139 if (buf_len > len) {
1140 hci_dev_put(hdev);
1141 return -ENOBUFS;
1142 }
1143 ptr = optval;
1144
1145 if (put_user(num_codecs, ptr)) {
1146 hci_dev_put(hdev);
1147 return -EFAULT;
1148 }
1149 ptr += sizeof(num_codecs);
1150
1151 /* Iterate all the codecs supported over SCO and populate
1152 * codec data
1153 */
1154 hci_dev_lock(hdev);
1155 list_for_each_entry(c, &hdev->local_codecs, list) {
1156 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1157 continue;
1158
1159 codec.id = c->id;
1160 codec.cid = c->cid;
1161 codec.vid = c->vid;
1162 err = hdev->get_data_path_id(hdev, &codec.data_path);
1163 if (err < 0)
1164 break;
1165 codec.num_caps = c->num_caps;
1166 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1167 err = -EFAULT;
1168 break;
1169 }
1170 ptr += sizeof(codec);
1171
1172 /* find codec capabilities data length */
1173 len = 0;
1174 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1175 len += 1 + caps->len;
1176 caps = (void *)&caps->data[caps->len];
1177 }
1178
1179 /* copy codec capabilities data */
1180 if (len && copy_to_user(ptr, c->caps, len)) {
1181 err = -EFAULT;
1182 break;
1183 }
1184 ptr += len;
1185 }
1186
1187 hci_dev_unlock(hdev);
1188 hci_dev_put(hdev);
1189
1190 lock_sock(sk);
1191
1192 if (!err && put_user(buf_len, optlen))
1193 err = -EFAULT;
1194
1195 break;
1196
1197 default:
1198 err = -ENOPROTOOPT;
1199 break;
1200 }
1201
1202 release_sock(sk);
1203 return err;
1204}
1205
1206static int sco_sock_shutdown(struct socket *sock, int how)
1207{
1208 struct sock *sk = sock->sk;
1209 int err = 0;
1210
1211 BT_DBG("sock %p, sk %p", sock, sk);
1212
1213 if (!sk)
1214 return 0;
1215
1216 sock_hold(sk);
1217 lock_sock(sk);
1218
1219 if (!sk->sk_shutdown) {
1220 sk->sk_shutdown = SHUTDOWN_MASK;
1221 sco_sock_clear_timer(sk);
1222 __sco_sock_close(sk);
1223
1224 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1225 !(current->flags & PF_EXITING))
1226 err = bt_sock_wait_state(sk, BT_CLOSED,
1227 sk->sk_lingertime);
1228 }
1229
1230 release_sock(sk);
1231 sock_put(sk);
1232
1233 return err;
1234}
1235
1236static int sco_sock_release(struct socket *sock)
1237{
1238 struct sock *sk = sock->sk;
1239 int err = 0;
1240
1241 BT_DBG("sock %p, sk %p", sock, sk);
1242
1243 if (!sk)
1244 return 0;
1245
1246 sco_sock_close(sk);
1247
1248 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1249 !(current->flags & PF_EXITING)) {
1250 lock_sock(sk);
1251 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1252 release_sock(sk);
1253 }
1254
1255 sock_orphan(sk);
1256 sco_sock_kill(sk);
1257 return err;
1258}
1259
1260static void sco_conn_ready(struct sco_conn *conn)
1261{
1262 struct sock *parent;
1263 struct sock *sk = conn->sk;
1264
1265 BT_DBG("conn %p", conn);
1266
1267 if (sk) {
1268 lock_sock(sk);
1269 sco_sock_clear_timer(sk);
1270 sk->sk_state = BT_CONNECTED;
1271 sk->sk_state_change(sk);
1272 release_sock(sk);
1273 } else {
1274 sco_conn_lock(conn);
1275
1276 if (!conn->hcon) {
1277 sco_conn_unlock(conn);
1278 return;
1279 }
1280
1281 parent = sco_get_sock_listen(&conn->hcon->src);
1282 if (!parent) {
1283 sco_conn_unlock(conn);
1284 return;
1285 }
1286
1287 lock_sock(parent);
1288
1289 sk = sco_sock_alloc(sock_net(parent), NULL,
1290 BTPROTO_SCO, GFP_ATOMIC, 0);
1291 if (!sk) {
1292 release_sock(parent);
1293 sco_conn_unlock(conn);
1294 return;
1295 }
1296
1297 sco_sock_init(sk, parent);
1298
1299 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1300 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1301
1302 hci_conn_hold(conn->hcon);
1303 __sco_chan_add(conn, sk, parent);
1304
1305 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1306 sk->sk_state = BT_CONNECT2;
1307 else
1308 sk->sk_state = BT_CONNECTED;
1309
1310 /* Wake up parent */
1311 parent->sk_data_ready(parent);
1312
1313 release_sock(parent);
1314
1315 sco_conn_unlock(conn);
1316 }
1317}
1318
1319/* ----- SCO interface with lower layer (HCI) ----- */
1320int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1321{
1322 struct sock *sk;
1323 int lm = 0;
1324
1325 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1326
1327 /* Find listening sockets */
1328 read_lock(&sco_sk_list.lock);
1329 sk_for_each(sk, &sco_sk_list.head) {
1330 if (sk->sk_state != BT_LISTEN)
1331 continue;
1332
1333 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1334 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1335 lm |= HCI_LM_ACCEPT;
1336
1337 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1338 *flags |= HCI_PROTO_DEFER;
1339 break;
1340 }
1341 }
1342 read_unlock(&sco_sk_list.lock);
1343
1344 return lm;
1345}
1346
1347static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1348{
1349 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1350 return;
1351
1352 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1353
1354 if (!status) {
1355 struct sco_conn *conn;
1356
1357 conn = sco_conn_add(hcon);
1358 if (conn)
1359 sco_conn_ready(conn);
1360 } else
1361 sco_conn_del(hcon, bt_to_errno(status));
1362}
1363
1364static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1365{
1366 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1367 return;
1368
1369 BT_DBG("hcon %p reason %d", hcon, reason);
1370
1371 sco_conn_del(hcon, bt_to_errno(reason));
1372}
1373
1374void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1375{
1376 struct sco_conn *conn = hcon->sco_data;
1377
1378 if (!conn)
1379 goto drop;
1380
1381 BT_DBG("conn %p len %u", conn, skb->len);
1382
1383 if (skb->len) {
1384 sco_recv_frame(conn, skb);
1385 return;
1386 }
1387
1388drop:
1389 kfree_skb(skb);
1390}
1391
1392static struct hci_cb sco_cb = {
1393 .name = "SCO",
1394 .connect_cfm = sco_connect_cfm,
1395 .disconn_cfm = sco_disconn_cfm,
1396};
1397
1398static int sco_debugfs_show(struct seq_file *f, void *p)
1399{
1400 struct sock *sk;
1401
1402 read_lock(&sco_sk_list.lock);
1403
1404 sk_for_each(sk, &sco_sk_list.head) {
1405 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1406 &sco_pi(sk)->dst, sk->sk_state);
1407 }
1408
1409 read_unlock(&sco_sk_list.lock);
1410
1411 return 0;
1412}
1413
1414DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1415
1416static struct dentry *sco_debugfs;
1417
1418static const struct proto_ops sco_sock_ops = {
1419 .family = PF_BLUETOOTH,
1420 .owner = THIS_MODULE,
1421 .release = sco_sock_release,
1422 .bind = sco_sock_bind,
1423 .connect = sco_sock_connect,
1424 .listen = sco_sock_listen,
1425 .accept = sco_sock_accept,
1426 .getname = sco_sock_getname,
1427 .sendmsg = sco_sock_sendmsg,
1428 .recvmsg = sco_sock_recvmsg,
1429 .poll = bt_sock_poll,
1430 .ioctl = bt_sock_ioctl,
1431 .gettstamp = sock_gettstamp,
1432 .mmap = sock_no_mmap,
1433 .socketpair = sock_no_socketpair,
1434 .shutdown = sco_sock_shutdown,
1435 .setsockopt = sco_sock_setsockopt,
1436 .getsockopt = sco_sock_getsockopt
1437};
1438
1439static const struct net_proto_family sco_sock_family_ops = {
1440 .family = PF_BLUETOOTH,
1441 .owner = THIS_MODULE,
1442 .create = sco_sock_create,
1443};
1444
1445int __init sco_init(void)
1446{
1447 int err;
1448
1449 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1450
1451 err = proto_register(&sco_proto, 0);
1452 if (err < 0)
1453 return err;
1454
1455 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1456 if (err < 0) {
1457 BT_ERR("SCO socket registration failed");
1458 goto error;
1459 }
1460
1461 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1462 if (err < 0) {
1463 BT_ERR("Failed to create SCO proc file");
1464 bt_sock_unregister(BTPROTO_SCO);
1465 goto error;
1466 }
1467
1468 BT_INFO("SCO socket layer initialized");
1469
1470 hci_register_cb(&sco_cb);
1471
1472 if (IS_ERR_OR_NULL(bt_debugfs))
1473 return 0;
1474
1475 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1476 NULL, &sco_debugfs_fops);
1477
1478 return 0;
1479
1480error:
1481 proto_unregister(&sco_proto);
1482 return err;
1483}
1484
1485void sco_exit(void)
1486{
1487 bt_procfs_cleanup(&init_net, "sco");
1488
1489 debugfs_remove(sco_debugfs);
1490
1491 hci_unregister_cb(&sco_cb);
1492
1493 bt_sock_unregister(BTPROTO_SCO);
1494
1495 proto_unregister(&sco_proto);
1496}
1497
1498module_param(disable_esco, bool, 0644);
1499MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73};
74
75/* ---- SCO timers ---- */
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 bh_lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 bh_unlock_sock(sk);
100
101 sock_put(sk);
102}
103
104static void sco_sock_set_timer(struct sock *sk, long timeout)
105{
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112}
113
114static void sco_sock_clear_timer(struct sock *sk)
115{
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121}
122
123/* ---- SCO connections ---- */
124static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125{
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137
138 hcon->sco_data = conn;
139 conn->hcon = hcon;
140
141 if (hdev->sco_mtu > 0)
142 conn->mtu = hdev->sco_mtu;
143 else
144 conn->mtu = 60;
145
146 BT_DBG("hcon %p conn %p", hcon, conn);
147
148 return conn;
149}
150
151/* Delete channel.
152 * Must be called on the locked socket. */
153static void sco_chan_del(struct sock *sk, int err)
154{
155 struct sco_conn *conn;
156
157 conn = sco_pi(sk)->conn;
158
159 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
160
161 if (conn) {
162 sco_conn_lock(conn);
163 conn->sk = NULL;
164 sco_pi(sk)->conn = NULL;
165 sco_conn_unlock(conn);
166
167 if (conn->hcon)
168 hci_conn_drop(conn->hcon);
169 }
170
171 sk->sk_state = BT_CLOSED;
172 sk->sk_err = err;
173 sk->sk_state_change(sk);
174
175 sock_set_flag(sk, SOCK_ZAPPED);
176}
177
178static void sco_conn_del(struct hci_conn *hcon, int err)
179{
180 struct sco_conn *conn = hcon->sco_data;
181 struct sock *sk;
182
183 if (!conn)
184 return;
185
186 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
187
188 /* Kill socket */
189 sco_conn_lock(conn);
190 sk = conn->sk;
191 sco_conn_unlock(conn);
192
193 if (sk) {
194 sock_hold(sk);
195 bh_lock_sock(sk);
196 sco_sock_clear_timer(sk);
197 sco_chan_del(sk, err);
198 bh_unlock_sock(sk);
199 sock_put(sk);
200
201 /* Ensure no more work items will run before freeing conn. */
202 cancel_delayed_work_sync(&conn->timeout_work);
203 }
204
205 hcon->sco_data = NULL;
206 kfree(conn);
207}
208
209static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
210 struct sock *parent)
211{
212 BT_DBG("conn %p", conn);
213
214 sco_pi(sk)->conn = conn;
215 conn->sk = sk;
216
217 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
218
219 if (parent)
220 bt_accept_enqueue(parent, sk, true);
221}
222
223static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
224 struct sock *parent)
225{
226 int err = 0;
227
228 sco_conn_lock(conn);
229 if (conn->sk)
230 err = -EBUSY;
231 else
232 __sco_chan_add(conn, sk, parent);
233
234 sco_conn_unlock(conn);
235 return err;
236}
237
238static int sco_connect(struct hci_dev *hdev, struct sock *sk)
239{
240 struct sco_conn *conn;
241 struct hci_conn *hcon;
242 int err, type;
243
244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
245
246 if (lmp_esco_capable(hdev) && !disable_esco)
247 type = ESCO_LINK;
248 else
249 type = SCO_LINK;
250
251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
253 return -EOPNOTSUPP;
254
255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
256 sco_pi(sk)->setting);
257 if (IS_ERR(hcon))
258 return PTR_ERR(hcon);
259
260 conn = sco_conn_add(hcon);
261 if (!conn) {
262 hci_conn_drop(hcon);
263 return -ENOMEM;
264 }
265
266 /* Update source addr of the socket */
267 bacpy(&sco_pi(sk)->src, &hcon->src);
268
269 err = sco_chan_add(conn, sk, NULL);
270 if (err)
271 return err;
272
273 if (hcon->state == BT_CONNECTED) {
274 sco_sock_clear_timer(sk);
275 sk->sk_state = BT_CONNECTED;
276 } else {
277 sk->sk_state = BT_CONNECT;
278 sco_sock_set_timer(sk, sk->sk_sndtimeo);
279 }
280
281 return err;
282}
283
284static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
285{
286 struct sco_conn *conn = sco_pi(sk)->conn;
287 struct sk_buff *skb;
288 int err;
289
290 /* Check outgoing MTU */
291 if (len > conn->mtu)
292 return -EINVAL;
293
294 BT_DBG("sk %p len %d", sk, len);
295
296 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
297 if (!skb)
298 return err;
299
300 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
301 kfree_skb(skb);
302 return -EFAULT;
303 }
304
305 hci_send_sco(conn->hcon, skb);
306
307 return len;
308}
309
310static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
311{
312 struct sock *sk;
313
314 sco_conn_lock(conn);
315 sk = conn->sk;
316 sco_conn_unlock(conn);
317
318 if (!sk)
319 goto drop;
320
321 BT_DBG("sk %p len %u", sk, skb->len);
322
323 if (sk->sk_state != BT_CONNECTED)
324 goto drop;
325
326 if (!sock_queue_rcv_skb(sk, skb))
327 return;
328
329drop:
330 kfree_skb(skb);
331}
332
333/* -------- Socket interface ---------- */
334static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
335{
336 struct sock *sk;
337
338 sk_for_each(sk, &sco_sk_list.head) {
339 if (sk->sk_state != BT_LISTEN)
340 continue;
341
342 if (!bacmp(&sco_pi(sk)->src, ba))
343 return sk;
344 }
345
346 return NULL;
347}
348
349/* Find socket listening on source bdaddr.
350 * Returns closest match.
351 */
352static struct sock *sco_get_sock_listen(bdaddr_t *src)
353{
354 struct sock *sk = NULL, *sk1 = NULL;
355
356 read_lock(&sco_sk_list.lock);
357
358 sk_for_each(sk, &sco_sk_list.head) {
359 if (sk->sk_state != BT_LISTEN)
360 continue;
361
362 /* Exact match. */
363 if (!bacmp(&sco_pi(sk)->src, src))
364 break;
365
366 /* Closest match */
367 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
368 sk1 = sk;
369 }
370
371 read_unlock(&sco_sk_list.lock);
372
373 return sk ? sk : sk1;
374}
375
376static void sco_sock_destruct(struct sock *sk)
377{
378 BT_DBG("sk %p", sk);
379
380 skb_queue_purge(&sk->sk_receive_queue);
381 skb_queue_purge(&sk->sk_write_queue);
382}
383
384static void sco_sock_cleanup_listen(struct sock *parent)
385{
386 struct sock *sk;
387
388 BT_DBG("parent %p", parent);
389
390 /* Close not yet accepted channels */
391 while ((sk = bt_accept_dequeue(parent, NULL))) {
392 sco_sock_close(sk);
393 sco_sock_kill(sk);
394 }
395
396 parent->sk_state = BT_CLOSED;
397 sock_set_flag(parent, SOCK_ZAPPED);
398}
399
400/* Kill socket (only if zapped and orphan)
401 * Must be called on unlocked socket.
402 */
403static void sco_sock_kill(struct sock *sk)
404{
405 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
406 return;
407
408 BT_DBG("sk %p state %d", sk, sk->sk_state);
409
410 /* Kill poor orphan */
411 bt_sock_unlink(&sco_sk_list, sk);
412 sock_set_flag(sk, SOCK_DEAD);
413 sock_put(sk);
414}
415
416static void __sco_sock_close(struct sock *sk)
417{
418 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
419
420 switch (sk->sk_state) {
421 case BT_LISTEN:
422 sco_sock_cleanup_listen(sk);
423 break;
424
425 case BT_CONNECTED:
426 case BT_CONFIG:
427 if (sco_pi(sk)->conn->hcon) {
428 sk->sk_state = BT_DISCONN;
429 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
430 sco_conn_lock(sco_pi(sk)->conn);
431 hci_conn_drop(sco_pi(sk)->conn->hcon);
432 sco_pi(sk)->conn->hcon = NULL;
433 sco_conn_unlock(sco_pi(sk)->conn);
434 } else
435 sco_chan_del(sk, ECONNRESET);
436 break;
437
438 case BT_CONNECT2:
439 case BT_CONNECT:
440 case BT_DISCONN:
441 sco_chan_del(sk, ECONNRESET);
442 break;
443
444 default:
445 sock_set_flag(sk, SOCK_ZAPPED);
446 break;
447 }
448}
449
450/* Must be called on unlocked socket. */
451static void sco_sock_close(struct sock *sk)
452{
453 sco_sock_clear_timer(sk);
454 lock_sock(sk);
455 __sco_sock_close(sk);
456 release_sock(sk);
457}
458
459static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
460 struct sock *sk)
461{
462 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
463 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
464 sizeof(bt_cb(skb)->sco.pkt_status),
465 &bt_cb(skb)->sco.pkt_status);
466}
467
468static void sco_sock_init(struct sock *sk, struct sock *parent)
469{
470 BT_DBG("sk %p", sk);
471
472 if (parent) {
473 sk->sk_type = parent->sk_type;
474 bt_sk(sk)->flags = bt_sk(parent)->flags;
475 security_sk_clone(parent, sk);
476 } else {
477 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
478 }
479}
480
481static struct proto sco_proto = {
482 .name = "SCO",
483 .owner = THIS_MODULE,
484 .obj_size = sizeof(struct sco_pinfo)
485};
486
487static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
488 int proto, gfp_t prio, int kern)
489{
490 struct sock *sk;
491
492 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
493 if (!sk)
494 return NULL;
495
496 sock_init_data(sock, sk);
497 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
498
499 sk->sk_destruct = sco_sock_destruct;
500 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
501
502 sock_reset_flag(sk, SOCK_ZAPPED);
503
504 sk->sk_protocol = proto;
505 sk->sk_state = BT_OPEN;
506
507 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
508
509 bt_sock_link(&sco_sk_list, sk);
510 return sk;
511}
512
513static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
514 int kern)
515{
516 struct sock *sk;
517
518 BT_DBG("sock %p", sock);
519
520 sock->state = SS_UNCONNECTED;
521
522 if (sock->type != SOCK_SEQPACKET)
523 return -ESOCKTNOSUPPORT;
524
525 sock->ops = &sco_sock_ops;
526
527 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
528 if (!sk)
529 return -ENOMEM;
530
531 sco_sock_init(sk, NULL);
532 return 0;
533}
534
535static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
536 int addr_len)
537{
538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
539 struct sock *sk = sock->sk;
540 int err = 0;
541
542 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
543 addr->sa_family != AF_BLUETOOTH)
544 return -EINVAL;
545
546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
547
548 lock_sock(sk);
549
550 if (sk->sk_state != BT_OPEN) {
551 err = -EBADFD;
552 goto done;
553 }
554
555 if (sk->sk_type != SOCK_SEQPACKET) {
556 err = -EINVAL;
557 goto done;
558 }
559
560 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
561
562 sk->sk_state = BT_BOUND;
563
564done:
565 release_sock(sk);
566 return err;
567}
568
569static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
570{
571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
572 struct sock *sk = sock->sk;
573 struct hci_dev *hdev;
574 int err;
575
576 BT_DBG("sk %p", sk);
577
578 if (alen < sizeof(struct sockaddr_sco) ||
579 addr->sa_family != AF_BLUETOOTH)
580 return -EINVAL;
581
582 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
583 return -EBADFD;
584
585 if (sk->sk_type != SOCK_SEQPACKET)
586 return -EINVAL;
587
588 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
589 if (!hdev)
590 return -EHOSTUNREACH;
591 hci_dev_lock(hdev);
592
593 lock_sock(sk);
594
595 /* Set destination address and psm */
596 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
597
598 err = sco_connect(hdev, sk);
599 hci_dev_unlock(hdev);
600 hci_dev_put(hdev);
601 if (err)
602 goto done;
603
604 err = bt_sock_wait_state(sk, BT_CONNECTED,
605 sock_sndtimeo(sk, flags & O_NONBLOCK));
606
607done:
608 release_sock(sk);
609 return err;
610}
611
612static int sco_sock_listen(struct socket *sock, int backlog)
613{
614 struct sock *sk = sock->sk;
615 bdaddr_t *src = &sco_pi(sk)->src;
616 int err = 0;
617
618 BT_DBG("sk %p backlog %d", sk, backlog);
619
620 lock_sock(sk);
621
622 if (sk->sk_state != BT_BOUND) {
623 err = -EBADFD;
624 goto done;
625 }
626
627 if (sk->sk_type != SOCK_SEQPACKET) {
628 err = -EINVAL;
629 goto done;
630 }
631
632 write_lock(&sco_sk_list.lock);
633
634 if (__sco_get_sock_listen_by_addr(src)) {
635 err = -EADDRINUSE;
636 goto unlock;
637 }
638
639 sk->sk_max_ack_backlog = backlog;
640 sk->sk_ack_backlog = 0;
641
642 sk->sk_state = BT_LISTEN;
643
644unlock:
645 write_unlock(&sco_sk_list.lock);
646
647done:
648 release_sock(sk);
649 return err;
650}
651
652static int sco_sock_accept(struct socket *sock, struct socket *newsock,
653 int flags, bool kern)
654{
655 DEFINE_WAIT_FUNC(wait, woken_wake_function);
656 struct sock *sk = sock->sk, *ch;
657 long timeo;
658 int err = 0;
659
660 lock_sock(sk);
661
662 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
663
664 BT_DBG("sk %p timeo %ld", sk, timeo);
665
666 /* Wait for an incoming connection. (wake-one). */
667 add_wait_queue_exclusive(sk_sleep(sk), &wait);
668 while (1) {
669 if (sk->sk_state != BT_LISTEN) {
670 err = -EBADFD;
671 break;
672 }
673
674 ch = bt_accept_dequeue(sk, newsock);
675 if (ch)
676 break;
677
678 if (!timeo) {
679 err = -EAGAIN;
680 break;
681 }
682
683 if (signal_pending(current)) {
684 err = sock_intr_errno(timeo);
685 break;
686 }
687
688 release_sock(sk);
689
690 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
691 lock_sock(sk);
692 }
693 remove_wait_queue(sk_sleep(sk), &wait);
694
695 if (err)
696 goto done;
697
698 newsock->state = SS_CONNECTED;
699
700 BT_DBG("new socket %p", ch);
701
702done:
703 release_sock(sk);
704 return err;
705}
706
707static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
708 int peer)
709{
710 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
711 struct sock *sk = sock->sk;
712
713 BT_DBG("sock %p, sk %p", sock, sk);
714
715 addr->sa_family = AF_BLUETOOTH;
716
717 if (peer)
718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
719 else
720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
721
722 return sizeof(struct sockaddr_sco);
723}
724
725static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
726 size_t len)
727{
728 struct sock *sk = sock->sk;
729 int err;
730
731 BT_DBG("sock %p, sk %p", sock, sk);
732
733 err = sock_error(sk);
734 if (err)
735 return err;
736
737 if (msg->msg_flags & MSG_OOB)
738 return -EOPNOTSUPP;
739
740 lock_sock(sk);
741
742 if (sk->sk_state == BT_CONNECTED)
743 err = sco_send_frame(sk, msg, len);
744 else
745 err = -ENOTCONN;
746
747 release_sock(sk);
748 return err;
749}
750
751static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
752{
753 struct hci_dev *hdev = conn->hdev;
754
755 BT_DBG("conn %p", conn);
756
757 conn->state = BT_CONFIG;
758
759 if (!lmp_esco_capable(hdev)) {
760 struct hci_cp_accept_conn_req cp;
761
762 bacpy(&cp.bdaddr, &conn->dst);
763 cp.role = 0x00; /* Ignored */
764
765 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
766 } else {
767 struct hci_cp_accept_sync_conn_req cp;
768
769 bacpy(&cp.bdaddr, &conn->dst);
770 cp.pkt_type = cpu_to_le16(conn->pkt_type);
771
772 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
773 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
774 cp.content_format = cpu_to_le16(setting);
775
776 switch (setting & SCO_AIRMODE_MASK) {
777 case SCO_AIRMODE_TRANSP:
778 if (conn->pkt_type & ESCO_2EV3)
779 cp.max_latency = cpu_to_le16(0x0008);
780 else
781 cp.max_latency = cpu_to_le16(0x000D);
782 cp.retrans_effort = 0x02;
783 break;
784 case SCO_AIRMODE_CVSD:
785 cp.max_latency = cpu_to_le16(0xffff);
786 cp.retrans_effort = 0xff;
787 break;
788 default:
789 /* use CVSD settings as fallback */
790 cp.max_latency = cpu_to_le16(0xffff);
791 cp.retrans_effort = 0xff;
792 break;
793 }
794
795 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
796 sizeof(cp), &cp);
797 }
798}
799
800static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
801 size_t len, int flags)
802{
803 struct sock *sk = sock->sk;
804 struct sco_pinfo *pi = sco_pi(sk);
805
806 lock_sock(sk);
807
808 if (sk->sk_state == BT_CONNECT2 &&
809 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
810 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
811 sk->sk_state = BT_CONFIG;
812
813 release_sock(sk);
814 return 0;
815 }
816
817 release_sock(sk);
818
819 return bt_sock_recvmsg(sock, msg, len, flags);
820}
821
822static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
823 sockptr_t optval, unsigned int optlen)
824{
825 struct sock *sk = sock->sk;
826 int len, err = 0;
827 struct bt_voice voice;
828 u32 opt;
829
830 BT_DBG("sk %p", sk);
831
832 lock_sock(sk);
833
834 switch (optname) {
835
836 case BT_DEFER_SETUP:
837 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
838 err = -EINVAL;
839 break;
840 }
841
842 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
843 err = -EFAULT;
844 break;
845 }
846
847 if (opt)
848 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
849 else
850 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
851 break;
852
853 case BT_VOICE:
854 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
855 sk->sk_state != BT_CONNECT2) {
856 err = -EINVAL;
857 break;
858 }
859
860 voice.setting = sco_pi(sk)->setting;
861
862 len = min_t(unsigned int, sizeof(voice), optlen);
863 if (copy_from_sockptr(&voice, optval, len)) {
864 err = -EFAULT;
865 break;
866 }
867
868 /* Explicitly check for these values */
869 if (voice.setting != BT_VOICE_TRANSPARENT &&
870 voice.setting != BT_VOICE_CVSD_16BIT) {
871 err = -EINVAL;
872 break;
873 }
874
875 sco_pi(sk)->setting = voice.setting;
876 break;
877
878 case BT_PKT_STATUS:
879 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
880 err = -EFAULT;
881 break;
882 }
883
884 if (opt)
885 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
886 else
887 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
888 break;
889
890 default:
891 err = -ENOPROTOOPT;
892 break;
893 }
894
895 release_sock(sk);
896 return err;
897}
898
899static int sco_sock_getsockopt_old(struct socket *sock, int optname,
900 char __user *optval, int __user *optlen)
901{
902 struct sock *sk = sock->sk;
903 struct sco_options opts;
904 struct sco_conninfo cinfo;
905 int len, err = 0;
906
907 BT_DBG("sk %p", sk);
908
909 if (get_user(len, optlen))
910 return -EFAULT;
911
912 lock_sock(sk);
913
914 switch (optname) {
915 case SCO_OPTIONS:
916 if (sk->sk_state != BT_CONNECTED &&
917 !(sk->sk_state == BT_CONNECT2 &&
918 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
919 err = -ENOTCONN;
920 break;
921 }
922
923 opts.mtu = sco_pi(sk)->conn->mtu;
924
925 BT_DBG("mtu %u", opts.mtu);
926
927 len = min_t(unsigned int, len, sizeof(opts));
928 if (copy_to_user(optval, (char *)&opts, len))
929 err = -EFAULT;
930
931 break;
932
933 case SCO_CONNINFO:
934 if (sk->sk_state != BT_CONNECTED &&
935 !(sk->sk_state == BT_CONNECT2 &&
936 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
937 err = -ENOTCONN;
938 break;
939 }
940
941 memset(&cinfo, 0, sizeof(cinfo));
942 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
943 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
944
945 len = min_t(unsigned int, len, sizeof(cinfo));
946 if (copy_to_user(optval, (char *)&cinfo, len))
947 err = -EFAULT;
948
949 break;
950
951 default:
952 err = -ENOPROTOOPT;
953 break;
954 }
955
956 release_sock(sk);
957 return err;
958}
959
960static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
961 char __user *optval, int __user *optlen)
962{
963 struct sock *sk = sock->sk;
964 int len, err = 0;
965 struct bt_voice voice;
966 u32 phys;
967 int pkt_status;
968
969 BT_DBG("sk %p", sk);
970
971 if (level == SOL_SCO)
972 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
973
974 if (get_user(len, optlen))
975 return -EFAULT;
976
977 lock_sock(sk);
978
979 switch (optname) {
980
981 case BT_DEFER_SETUP:
982 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
983 err = -EINVAL;
984 break;
985 }
986
987 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
988 (u32 __user *)optval))
989 err = -EFAULT;
990
991 break;
992
993 case BT_VOICE:
994 voice.setting = sco_pi(sk)->setting;
995
996 len = min_t(unsigned int, len, sizeof(voice));
997 if (copy_to_user(optval, (char *)&voice, len))
998 err = -EFAULT;
999
1000 break;
1001
1002 case BT_PHY:
1003 if (sk->sk_state != BT_CONNECTED) {
1004 err = -ENOTCONN;
1005 break;
1006 }
1007
1008 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1009
1010 if (put_user(phys, (u32 __user *) optval))
1011 err = -EFAULT;
1012 break;
1013
1014 case BT_PKT_STATUS:
1015 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1016
1017 if (put_user(pkt_status, (int __user *)optval))
1018 err = -EFAULT;
1019 break;
1020
1021 case BT_SNDMTU:
1022 case BT_RCVMTU:
1023 if (sk->sk_state != BT_CONNECTED) {
1024 err = -ENOTCONN;
1025 break;
1026 }
1027
1028 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1029 err = -EFAULT;
1030 break;
1031
1032 default:
1033 err = -ENOPROTOOPT;
1034 break;
1035 }
1036
1037 release_sock(sk);
1038 return err;
1039}
1040
1041static int sco_sock_shutdown(struct socket *sock, int how)
1042{
1043 struct sock *sk = sock->sk;
1044 int err = 0;
1045
1046 BT_DBG("sock %p, sk %p", sock, sk);
1047
1048 if (!sk)
1049 return 0;
1050
1051 sock_hold(sk);
1052 lock_sock(sk);
1053
1054 if (!sk->sk_shutdown) {
1055 sk->sk_shutdown = SHUTDOWN_MASK;
1056 sco_sock_clear_timer(sk);
1057 __sco_sock_close(sk);
1058
1059 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1060 !(current->flags & PF_EXITING))
1061 err = bt_sock_wait_state(sk, BT_CLOSED,
1062 sk->sk_lingertime);
1063 }
1064
1065 release_sock(sk);
1066 sock_put(sk);
1067
1068 return err;
1069}
1070
1071static int sco_sock_release(struct socket *sock)
1072{
1073 struct sock *sk = sock->sk;
1074 int err = 0;
1075
1076 BT_DBG("sock %p, sk %p", sock, sk);
1077
1078 if (!sk)
1079 return 0;
1080
1081 sco_sock_close(sk);
1082
1083 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1084 !(current->flags & PF_EXITING)) {
1085 lock_sock(sk);
1086 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1087 release_sock(sk);
1088 }
1089
1090 sock_orphan(sk);
1091 sco_sock_kill(sk);
1092 return err;
1093}
1094
1095static void sco_conn_ready(struct sco_conn *conn)
1096{
1097 struct sock *parent;
1098 struct sock *sk = conn->sk;
1099
1100 BT_DBG("conn %p", conn);
1101
1102 if (sk) {
1103 sco_sock_clear_timer(sk);
1104 bh_lock_sock(sk);
1105 sk->sk_state = BT_CONNECTED;
1106 sk->sk_state_change(sk);
1107 bh_unlock_sock(sk);
1108 } else {
1109 sco_conn_lock(conn);
1110
1111 if (!conn->hcon) {
1112 sco_conn_unlock(conn);
1113 return;
1114 }
1115
1116 parent = sco_get_sock_listen(&conn->hcon->src);
1117 if (!parent) {
1118 sco_conn_unlock(conn);
1119 return;
1120 }
1121
1122 bh_lock_sock(parent);
1123
1124 sk = sco_sock_alloc(sock_net(parent), NULL,
1125 BTPROTO_SCO, GFP_ATOMIC, 0);
1126 if (!sk) {
1127 bh_unlock_sock(parent);
1128 sco_conn_unlock(conn);
1129 return;
1130 }
1131
1132 sco_sock_init(sk, parent);
1133
1134 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1135 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1136
1137 hci_conn_hold(conn->hcon);
1138 __sco_chan_add(conn, sk, parent);
1139
1140 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1141 sk->sk_state = BT_CONNECT2;
1142 else
1143 sk->sk_state = BT_CONNECTED;
1144
1145 /* Wake up parent */
1146 parent->sk_data_ready(parent);
1147
1148 bh_unlock_sock(parent);
1149
1150 sco_conn_unlock(conn);
1151 }
1152}
1153
1154/* ----- SCO interface with lower layer (HCI) ----- */
1155int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1156{
1157 struct sock *sk;
1158 int lm = 0;
1159
1160 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1161
1162 /* Find listening sockets */
1163 read_lock(&sco_sk_list.lock);
1164 sk_for_each(sk, &sco_sk_list.head) {
1165 if (sk->sk_state != BT_LISTEN)
1166 continue;
1167
1168 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1169 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1170 lm |= HCI_LM_ACCEPT;
1171
1172 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1173 *flags |= HCI_PROTO_DEFER;
1174 break;
1175 }
1176 }
1177 read_unlock(&sco_sk_list.lock);
1178
1179 return lm;
1180}
1181
1182static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1183{
1184 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1185 return;
1186
1187 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1188
1189 if (!status) {
1190 struct sco_conn *conn;
1191
1192 conn = sco_conn_add(hcon);
1193 if (conn)
1194 sco_conn_ready(conn);
1195 } else
1196 sco_conn_del(hcon, bt_to_errno(status));
1197}
1198
1199static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1200{
1201 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1202 return;
1203
1204 BT_DBG("hcon %p reason %d", hcon, reason);
1205
1206 sco_conn_del(hcon, bt_to_errno(reason));
1207}
1208
1209void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1210{
1211 struct sco_conn *conn = hcon->sco_data;
1212
1213 if (!conn)
1214 goto drop;
1215
1216 BT_DBG("conn %p len %u", conn, skb->len);
1217
1218 if (skb->len) {
1219 sco_recv_frame(conn, skb);
1220 return;
1221 }
1222
1223drop:
1224 kfree_skb(skb);
1225}
1226
1227static struct hci_cb sco_cb = {
1228 .name = "SCO",
1229 .connect_cfm = sco_connect_cfm,
1230 .disconn_cfm = sco_disconn_cfm,
1231};
1232
1233static int sco_debugfs_show(struct seq_file *f, void *p)
1234{
1235 struct sock *sk;
1236
1237 read_lock(&sco_sk_list.lock);
1238
1239 sk_for_each(sk, &sco_sk_list.head) {
1240 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1241 &sco_pi(sk)->dst, sk->sk_state);
1242 }
1243
1244 read_unlock(&sco_sk_list.lock);
1245
1246 return 0;
1247}
1248
1249DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1250
1251static struct dentry *sco_debugfs;
1252
1253static const struct proto_ops sco_sock_ops = {
1254 .family = PF_BLUETOOTH,
1255 .owner = THIS_MODULE,
1256 .release = sco_sock_release,
1257 .bind = sco_sock_bind,
1258 .connect = sco_sock_connect,
1259 .listen = sco_sock_listen,
1260 .accept = sco_sock_accept,
1261 .getname = sco_sock_getname,
1262 .sendmsg = sco_sock_sendmsg,
1263 .recvmsg = sco_sock_recvmsg,
1264 .poll = bt_sock_poll,
1265 .ioctl = bt_sock_ioctl,
1266 .gettstamp = sock_gettstamp,
1267 .mmap = sock_no_mmap,
1268 .socketpair = sock_no_socketpair,
1269 .shutdown = sco_sock_shutdown,
1270 .setsockopt = sco_sock_setsockopt,
1271 .getsockopt = sco_sock_getsockopt
1272};
1273
1274static const struct net_proto_family sco_sock_family_ops = {
1275 .family = PF_BLUETOOTH,
1276 .owner = THIS_MODULE,
1277 .create = sco_sock_create,
1278};
1279
1280int __init sco_init(void)
1281{
1282 int err;
1283
1284 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1285
1286 err = proto_register(&sco_proto, 0);
1287 if (err < 0)
1288 return err;
1289
1290 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1291 if (err < 0) {
1292 BT_ERR("SCO socket registration failed");
1293 goto error;
1294 }
1295
1296 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1297 if (err < 0) {
1298 BT_ERR("Failed to create SCO proc file");
1299 bt_sock_unregister(BTPROTO_SCO);
1300 goto error;
1301 }
1302
1303 BT_INFO("SCO socket layer initialized");
1304
1305 hci_register_cb(&sco_cb);
1306
1307 if (IS_ERR_OR_NULL(bt_debugfs))
1308 return 0;
1309
1310 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1311 NULL, &sco_debugfs_fops);
1312
1313 return 0;
1314
1315error:
1316 proto_unregister(&sco_proto);
1317 return err;
1318}
1319
1320void sco_exit(void)
1321{
1322 bt_procfs_cleanup(&init_net, "sco");
1323
1324 debugfs_remove(sco_debugfs);
1325
1326 hci_unregister_cb(&sco_cb);
1327
1328 bt_sock_unregister(BTPROTO_SCO);
1329
1330 proto_unregister(&sco_proto);
1331}
1332
1333module_param(disable_esco, bool, 0644);
1334MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");