Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 * Copyright 2023 NXP
7 */
8
9#include <linux/module.h>
10#include <linux/debugfs.h>
11#include <linux/seq_file.h>
12#include <linux/sched/signal.h>
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci_core.h>
16#include <net/bluetooth/iso.h>
17#include "eir.h"
18
19static const struct proto_ops iso_sock_ops;
20
21static struct bt_sock_list iso_sk_list = {
22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23};
24
25/* ---- ISO connections ---- */
26struct iso_conn {
27 struct hci_conn *hcon;
28
29 /* @lock: spinlock protecting changes to iso_conn fields */
30 spinlock_t lock;
31 struct sock *sk;
32
33 struct delayed_work timeout_work;
34
35 struct sk_buff *rx_skb;
36 __u32 rx_len;
37 __u16 tx_sn;
38};
39
40#define iso_conn_lock(c) spin_lock(&(c)->lock)
41#define iso_conn_unlock(c) spin_unlock(&(c)->lock)
42
43static void iso_sock_close(struct sock *sk);
44static void iso_sock_kill(struct sock *sk);
45
46/* ----- ISO socket info ----- */
47#define iso_pi(sk) ((struct iso_pinfo *)sk)
48
49#define EIR_SERVICE_DATA_LENGTH 4
50#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
51#define EIR_BAA_SERVICE_UUID 0x1851
52
53/* iso_pinfo flags values */
54enum {
55 BT_SK_BIG_SYNC,
56 BT_SK_PA_SYNC,
57 BT_SK_PA_SYNC_TERM,
58};
59
60struct iso_pinfo {
61 struct bt_sock bt;
62 bdaddr_t src;
63 __u8 src_type;
64 bdaddr_t dst;
65 __u8 dst_type;
66 __u8 bc_sid;
67 __u8 bc_num_bis;
68 __u8 bc_bis[ISO_MAX_NUM_BIS];
69 __u16 sync_handle;
70 unsigned long flags;
71 struct bt_iso_qos qos;
72 bool qos_user_set;
73 __u8 base_len;
74 __u8 base[BASE_MAX_LENGTH];
75 struct iso_conn *conn;
76};
77
78static struct bt_iso_qos default_qos;
79
80static bool check_ucast_qos(struct bt_iso_qos *qos);
81static bool check_bcast_qos(struct bt_iso_qos *qos);
82static bool iso_match_sid(struct sock *sk, void *data);
83static bool iso_match_sync_handle(struct sock *sk, void *data);
84static void iso_sock_disconn(struct sock *sk);
85
86typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
87
88static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
89 iso_sock_match_t match, void *data);
90
91/* ---- ISO timers ---- */
92#define ISO_CONN_TIMEOUT (HZ * 40)
93#define ISO_DISCONN_TIMEOUT (HZ * 2)
94
95static void iso_sock_timeout(struct work_struct *work)
96{
97 struct iso_conn *conn = container_of(work, struct iso_conn,
98 timeout_work.work);
99 struct sock *sk;
100
101 iso_conn_lock(conn);
102 sk = conn->sk;
103 if (sk)
104 sock_hold(sk);
105 iso_conn_unlock(conn);
106
107 if (!sk)
108 return;
109
110 BT_DBG("sock %p state %d", sk, sk->sk_state);
111
112 lock_sock(sk);
113 sk->sk_err = ETIMEDOUT;
114 sk->sk_state_change(sk);
115 release_sock(sk);
116 sock_put(sk);
117}
118
119static void iso_sock_set_timer(struct sock *sk, long timeout)
120{
121 if (!iso_pi(sk)->conn)
122 return;
123
124 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
125 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
126 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
127}
128
129static void iso_sock_clear_timer(struct sock *sk)
130{
131 if (!iso_pi(sk)->conn)
132 return;
133
134 BT_DBG("sock %p state %d", sk, sk->sk_state);
135 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
136}
137
138/* ---- ISO connections ---- */
139static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
140{
141 struct iso_conn *conn = hcon->iso_data;
142
143 if (conn) {
144 if (!conn->hcon)
145 conn->hcon = hcon;
146 return conn;
147 }
148
149 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
150 if (!conn)
151 return NULL;
152
153 spin_lock_init(&conn->lock);
154 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
155
156 hcon->iso_data = conn;
157 conn->hcon = hcon;
158 conn->tx_sn = 0;
159
160 BT_DBG("hcon %p conn %p", hcon, conn);
161
162 return conn;
163}
164
165/* Delete channel. Must be called on the locked socket. */
166static void iso_chan_del(struct sock *sk, int err)
167{
168 struct iso_conn *conn;
169 struct sock *parent;
170
171 conn = iso_pi(sk)->conn;
172
173 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
174
175 if (conn) {
176 iso_conn_lock(conn);
177 conn->sk = NULL;
178 iso_pi(sk)->conn = NULL;
179 iso_conn_unlock(conn);
180
181 if (conn->hcon)
182 hci_conn_drop(conn->hcon);
183 }
184
185 sk->sk_state = BT_CLOSED;
186 sk->sk_err = err;
187
188 parent = bt_sk(sk)->parent;
189 if (parent) {
190 bt_accept_unlink(sk);
191 parent->sk_data_ready(parent);
192 } else {
193 sk->sk_state_change(sk);
194 }
195
196 sock_set_flag(sk, SOCK_ZAPPED);
197}
198
199static bool iso_match_conn_sync_handle(struct sock *sk, void *data)
200{
201 struct hci_conn *hcon = data;
202
203 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
204 return false;
205
206 return hcon->sync_handle == iso_pi(sk)->sync_handle;
207}
208
209static void iso_conn_del(struct hci_conn *hcon, int err)
210{
211 struct iso_conn *conn = hcon->iso_data;
212 struct sock *sk;
213 struct sock *parent;
214
215 if (!conn)
216 return;
217
218 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
219
220 /* Kill socket */
221 iso_conn_lock(conn);
222 sk = conn->sk;
223 if (sk)
224 sock_hold(sk);
225 iso_conn_unlock(conn);
226
227 if (sk) {
228 lock_sock(sk);
229
230 /* While a PA sync hcon is in the process of closing,
231 * mark parent socket with a flag, so that any residual
232 * BIGInfo adv reports that arrive before PA sync is
233 * terminated are not processed anymore.
234 */
235 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
236 parent = iso_get_sock_listen(&hcon->src,
237 &hcon->dst,
238 iso_match_conn_sync_handle,
239 hcon);
240
241 if (parent) {
242 set_bit(BT_SK_PA_SYNC_TERM,
243 &iso_pi(parent)->flags);
244 sock_put(parent);
245 }
246 }
247
248 iso_sock_clear_timer(sk);
249 iso_chan_del(sk, err);
250 release_sock(sk);
251 sock_put(sk);
252 }
253
254 /* Ensure no more work items will run before freeing conn. */
255 cancel_delayed_work_sync(&conn->timeout_work);
256
257 hcon->iso_data = NULL;
258 kfree(conn);
259}
260
261static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
262 struct sock *parent)
263{
264 BT_DBG("conn %p", conn);
265
266 if (iso_pi(sk)->conn == conn && conn->sk == sk)
267 return 0;
268
269 if (conn->sk) {
270 BT_ERR("conn->sk already set");
271 return -EBUSY;
272 }
273
274 iso_pi(sk)->conn = conn;
275 conn->sk = sk;
276
277 if (parent)
278 bt_accept_enqueue(parent, sk, true);
279
280 return 0;
281}
282
283static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
284 struct sock *parent)
285{
286 int err;
287
288 iso_conn_lock(conn);
289 err = __iso_chan_add(conn, sk, parent);
290 iso_conn_unlock(conn);
291
292 return err;
293}
294
295static inline u8 le_addr_type(u8 bdaddr_type)
296{
297 if (bdaddr_type == BDADDR_LE_PUBLIC)
298 return ADDR_LE_DEV_PUBLIC;
299 else
300 return ADDR_LE_DEV_RANDOM;
301}
302
303static int iso_connect_bis(struct sock *sk)
304{
305 struct iso_conn *conn;
306 struct hci_conn *hcon;
307 struct hci_dev *hdev;
308 int err;
309
310 BT_DBG("%pMR", &iso_pi(sk)->src);
311
312 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
313 iso_pi(sk)->src_type);
314 if (!hdev)
315 return -EHOSTUNREACH;
316
317 hci_dev_lock(hdev);
318
319 if (!bis_capable(hdev)) {
320 err = -EOPNOTSUPP;
321 goto unlock;
322 }
323
324 /* Fail if user set invalid QoS */
325 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
326 iso_pi(sk)->qos = default_qos;
327 err = -EINVAL;
328 goto unlock;
329 }
330
331 /* Fail if out PHYs are marked as disabled */
332 if (!iso_pi(sk)->qos.bcast.out.phy) {
333 err = -EINVAL;
334 goto unlock;
335 }
336
337 /* Just bind if DEFER_SETUP has been set */
338 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
339 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
340 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
341 iso_pi(sk)->base);
342 if (IS_ERR(hcon)) {
343 err = PTR_ERR(hcon);
344 goto unlock;
345 }
346 } else {
347 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
348 le_addr_type(iso_pi(sk)->dst_type),
349 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
350 iso_pi(sk)->base);
351 if (IS_ERR(hcon)) {
352 err = PTR_ERR(hcon);
353 goto unlock;
354 }
355 }
356
357 conn = iso_conn_add(hcon);
358 if (!conn) {
359 hci_conn_drop(hcon);
360 err = -ENOMEM;
361 goto unlock;
362 }
363
364 lock_sock(sk);
365
366 err = iso_chan_add(conn, sk, NULL);
367 if (err) {
368 release_sock(sk);
369 goto unlock;
370 }
371
372 /* Update source addr of the socket */
373 bacpy(&iso_pi(sk)->src, &hcon->src);
374
375 if (hcon->state == BT_CONNECTED) {
376 iso_sock_clear_timer(sk);
377 sk->sk_state = BT_CONNECTED;
378 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
379 iso_sock_clear_timer(sk);
380 sk->sk_state = BT_CONNECT;
381 } else {
382 sk->sk_state = BT_CONNECT;
383 iso_sock_set_timer(sk, sk->sk_sndtimeo);
384 }
385
386 release_sock(sk);
387
388unlock:
389 hci_dev_unlock(hdev);
390 hci_dev_put(hdev);
391 return err;
392}
393
394static int iso_connect_cis(struct sock *sk)
395{
396 struct iso_conn *conn;
397 struct hci_conn *hcon;
398 struct hci_dev *hdev;
399 int err;
400
401 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
402
403 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
404 iso_pi(sk)->src_type);
405 if (!hdev)
406 return -EHOSTUNREACH;
407
408 hci_dev_lock(hdev);
409
410 if (!cis_central_capable(hdev)) {
411 err = -EOPNOTSUPP;
412 goto unlock;
413 }
414
415 /* Fail if user set invalid QoS */
416 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
417 iso_pi(sk)->qos = default_qos;
418 err = -EINVAL;
419 goto unlock;
420 }
421
422 /* Fail if either PHYs are marked as disabled */
423 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
424 err = -EINVAL;
425 goto unlock;
426 }
427
428 /* Just bind if DEFER_SETUP has been set */
429 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
430 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
431 le_addr_type(iso_pi(sk)->dst_type),
432 &iso_pi(sk)->qos);
433 if (IS_ERR(hcon)) {
434 err = PTR_ERR(hcon);
435 goto unlock;
436 }
437 } else {
438 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
439 le_addr_type(iso_pi(sk)->dst_type),
440 &iso_pi(sk)->qos);
441 if (IS_ERR(hcon)) {
442 err = PTR_ERR(hcon);
443 goto unlock;
444 }
445 }
446
447 conn = iso_conn_add(hcon);
448 if (!conn) {
449 hci_conn_drop(hcon);
450 err = -ENOMEM;
451 goto unlock;
452 }
453
454 lock_sock(sk);
455
456 err = iso_chan_add(conn, sk, NULL);
457 if (err) {
458 release_sock(sk);
459 goto unlock;
460 }
461
462 /* Update source addr of the socket */
463 bacpy(&iso_pi(sk)->src, &hcon->src);
464
465 if (hcon->state == BT_CONNECTED) {
466 iso_sock_clear_timer(sk);
467 sk->sk_state = BT_CONNECTED;
468 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
469 iso_sock_clear_timer(sk);
470 sk->sk_state = BT_CONNECT;
471 } else {
472 sk->sk_state = BT_CONNECT;
473 iso_sock_set_timer(sk, sk->sk_sndtimeo);
474 }
475
476 release_sock(sk);
477
478unlock:
479 hci_dev_unlock(hdev);
480 hci_dev_put(hdev);
481 return err;
482}
483
484static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
485{
486 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
487 return &iso_pi(sk)->conn->hcon->iso_qos;
488
489 return &iso_pi(sk)->qos;
490}
491
492static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
493{
494 struct iso_conn *conn = iso_pi(sk)->conn;
495 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
496 struct hci_iso_data_hdr *hdr;
497 int len = 0;
498
499 BT_DBG("sk %p len %d", sk, skb->len);
500
501 if (skb->len > qos->ucast.out.sdu)
502 return -EMSGSIZE;
503
504 len = skb->len;
505
506 /* Push ISO data header */
507 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
508 hdr->sn = cpu_to_le16(conn->tx_sn++);
509 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
510 HCI_ISO_STATUS_VALID));
511
512 if (sk->sk_state == BT_CONNECTED)
513 hci_send_iso(conn->hcon, skb);
514 else
515 len = -ENOTCONN;
516
517 return len;
518}
519
520static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
521{
522 struct sock *sk;
523
524 iso_conn_lock(conn);
525 sk = conn->sk;
526 iso_conn_unlock(conn);
527
528 if (!sk)
529 goto drop;
530
531 BT_DBG("sk %p len %d", sk, skb->len);
532
533 if (sk->sk_state != BT_CONNECTED)
534 goto drop;
535
536 if (!sock_queue_rcv_skb(sk, skb))
537 return;
538
539drop:
540 kfree_skb(skb);
541}
542
543/* -------- Socket interface ---------- */
544static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
545{
546 struct sock *sk;
547
548 sk_for_each(sk, &iso_sk_list.head) {
549 if (sk->sk_state != BT_LISTEN)
550 continue;
551
552 if (bacmp(&iso_pi(sk)->dst, dst))
553 continue;
554
555 if (!bacmp(&iso_pi(sk)->src, src))
556 return sk;
557 }
558
559 return NULL;
560}
561
562static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
563 __u8 sid)
564{
565 struct sock *sk;
566
567 sk_for_each(sk, &iso_sk_list.head) {
568 if (sk->sk_state != BT_LISTEN)
569 continue;
570
571 if (bacmp(&iso_pi(sk)->src, ba))
572 continue;
573
574 if (bacmp(&iso_pi(sk)->dst, bc))
575 continue;
576
577 if (iso_pi(sk)->bc_sid == sid)
578 return sk;
579 }
580
581 return NULL;
582}
583
584/* Find socket listening:
585 * source bdaddr (Unicast)
586 * destination bdaddr (Broadcast only)
587 * match func - pass NULL to ignore
588 * match func data - pass -1 to ignore
589 * Returns closest match.
590 */
591static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
592 iso_sock_match_t match, void *data)
593{
594 struct sock *sk = NULL, *sk1 = NULL;
595
596 read_lock(&iso_sk_list.lock);
597
598 sk_for_each(sk, &iso_sk_list.head) {
599 if (sk->sk_state != BT_LISTEN)
600 continue;
601
602 /* Match Broadcast destination */
603 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
604 continue;
605
606 /* Use Match function if provided */
607 if (match && !match(sk, data))
608 continue;
609
610 /* Exact match. */
611 if (!bacmp(&iso_pi(sk)->src, src)) {
612 sock_hold(sk);
613 break;
614 }
615
616 /* Closest match */
617 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
618 if (sk1)
619 sock_put(sk1);
620
621 sk1 = sk;
622 sock_hold(sk1);
623 }
624 }
625
626 if (sk && sk1)
627 sock_put(sk1);
628
629 read_unlock(&iso_sk_list.lock);
630
631 return sk ? sk : sk1;
632}
633
634static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
635 bdaddr_t *dst, uint8_t big)
636{
637 struct sock *sk = NULL;
638
639 read_lock(&iso_sk_list.lock);
640
641 sk_for_each(sk, &iso_sk_list.head) {
642 if (match_sk == sk)
643 continue;
644
645 /* Look for sockets that have already been
646 * connected to the BIG
647 */
648 if (sk->sk_state != BT_CONNECTED &&
649 sk->sk_state != BT_CONNECT)
650 continue;
651
652 /* Match Broadcast destination */
653 if (bacmp(&iso_pi(sk)->dst, dst))
654 continue;
655
656 /* Match BIG handle */
657 if (iso_pi(sk)->qos.bcast.big != big)
658 continue;
659
660 /* Match source address */
661 if (bacmp(&iso_pi(sk)->src, src))
662 continue;
663
664 sock_hold(sk);
665 break;
666 }
667
668 read_unlock(&iso_sk_list.lock);
669
670 return sk;
671}
672
673static void iso_sock_destruct(struct sock *sk)
674{
675 BT_DBG("sk %p", sk);
676
677 skb_queue_purge(&sk->sk_receive_queue);
678 skb_queue_purge(&sk->sk_write_queue);
679}
680
681static void iso_sock_cleanup_listen(struct sock *parent)
682{
683 struct sock *sk;
684
685 BT_DBG("parent %p", parent);
686
687 /* Close not yet accepted channels */
688 while ((sk = bt_accept_dequeue(parent, NULL))) {
689 iso_sock_close(sk);
690 iso_sock_kill(sk);
691 }
692
693 /* If listening socket stands for a PA sync connection,
694 * properly disconnect the hcon and socket.
695 */
696 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon &&
697 test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) {
698 iso_sock_disconn(parent);
699 return;
700 }
701
702 parent->sk_state = BT_CLOSED;
703 sock_set_flag(parent, SOCK_ZAPPED);
704}
705
706/* Kill socket (only if zapped and orphan)
707 * Must be called on unlocked socket.
708 */
709static void iso_sock_kill(struct sock *sk)
710{
711 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
712 sock_flag(sk, SOCK_DEAD))
713 return;
714
715 BT_DBG("sk %p state %d", sk, sk->sk_state);
716
717 /* Kill poor orphan */
718 bt_sock_unlink(&iso_sk_list, sk);
719 sock_set_flag(sk, SOCK_DEAD);
720 sock_put(sk);
721}
722
723static void iso_sock_disconn(struct sock *sk)
724{
725 struct sock *bis_sk;
726 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
727
728 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
729 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
730 &iso_pi(sk)->dst,
731 iso_pi(sk)->qos.bcast.big);
732
733 /* If there are any other connected sockets for the
734 * same BIG, just delete the sk and leave the bis
735 * hcon active, in case later rebinding is needed.
736 */
737 if (bis_sk) {
738 hcon->state = BT_OPEN;
739 iso_pi(sk)->conn->hcon = NULL;
740 iso_sock_clear_timer(sk);
741 iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
742 sock_put(bis_sk);
743 return;
744 }
745 }
746
747 sk->sk_state = BT_DISCONN;
748 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
749 iso_conn_lock(iso_pi(sk)->conn);
750 hci_conn_drop(iso_pi(sk)->conn->hcon);
751 iso_pi(sk)->conn->hcon = NULL;
752 iso_conn_unlock(iso_pi(sk)->conn);
753}
754
755static void __iso_sock_close(struct sock *sk)
756{
757 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
758
759 switch (sk->sk_state) {
760 case BT_LISTEN:
761 iso_sock_cleanup_listen(sk);
762 break;
763
764 case BT_CONNECT:
765 case BT_CONNECTED:
766 case BT_CONFIG:
767 if (iso_pi(sk)->conn->hcon)
768 iso_sock_disconn(sk);
769 else
770 iso_chan_del(sk, ECONNRESET);
771 break;
772
773 case BT_CONNECT2:
774 if (iso_pi(sk)->conn->hcon &&
775 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
776 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
777 iso_sock_disconn(sk);
778 else
779 iso_chan_del(sk, ECONNRESET);
780 break;
781 case BT_DISCONN:
782 iso_chan_del(sk, ECONNRESET);
783 break;
784
785 default:
786 sock_set_flag(sk, SOCK_ZAPPED);
787 break;
788 }
789}
790
791/* Must be called on unlocked socket. */
792static void iso_sock_close(struct sock *sk)
793{
794 iso_sock_clear_timer(sk);
795 lock_sock(sk);
796 __iso_sock_close(sk);
797 release_sock(sk);
798 iso_sock_kill(sk);
799}
800
801static void iso_sock_init(struct sock *sk, struct sock *parent)
802{
803 BT_DBG("sk %p", sk);
804
805 if (parent) {
806 sk->sk_type = parent->sk_type;
807 bt_sk(sk)->flags = bt_sk(parent)->flags;
808 security_sk_clone(parent, sk);
809 }
810}
811
812static struct proto iso_proto = {
813 .name = "ISO",
814 .owner = THIS_MODULE,
815 .obj_size = sizeof(struct iso_pinfo)
816};
817
818#define DEFAULT_IO_QOS \
819{ \
820 .interval = 10000u, \
821 .latency = 10u, \
822 .sdu = 40u, \
823 .phy = BT_ISO_PHY_2M, \
824 .rtn = 2u, \
825}
826
827static struct bt_iso_qos default_qos = {
828 .bcast = {
829 .big = BT_ISO_QOS_BIG_UNSET,
830 .bis = BT_ISO_QOS_BIS_UNSET,
831 .sync_factor = 0x01,
832 .packing = 0x00,
833 .framing = 0x00,
834 .in = DEFAULT_IO_QOS,
835 .out = DEFAULT_IO_QOS,
836 .encryption = 0x00,
837 .bcode = {0x00},
838 .options = 0x00,
839 .skip = 0x0000,
840 .sync_timeout = 0x4000,
841 .sync_cte_type = 0x00,
842 .mse = 0x00,
843 .timeout = 0x4000,
844 },
845};
846
847static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
848 int proto, gfp_t prio, int kern)
849{
850 struct sock *sk;
851
852 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
853 if (!sk)
854 return NULL;
855
856 sk->sk_destruct = iso_sock_destruct;
857 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
858
859 /* Set address type as public as default src address is BDADDR_ANY */
860 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
861
862 iso_pi(sk)->qos = default_qos;
863
864 bt_sock_link(&iso_sk_list, sk);
865 return sk;
866}
867
868static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
869 int kern)
870{
871 struct sock *sk;
872
873 BT_DBG("sock %p", sock);
874
875 sock->state = SS_UNCONNECTED;
876
877 if (sock->type != SOCK_SEQPACKET)
878 return -ESOCKTNOSUPPORT;
879
880 sock->ops = &iso_sock_ops;
881
882 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
883 if (!sk)
884 return -ENOMEM;
885
886 iso_sock_init(sk, NULL);
887 return 0;
888}
889
890static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
891 int addr_len)
892{
893 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
894 struct sock *sk = sock->sk;
895 int i;
896
897 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
898 sa->iso_bc->bc_num_bis);
899
900 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
901 return -EINVAL;
902
903 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
904
905 /* Check if the address type is of LE type */
906 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
907 return -EINVAL;
908
909 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
910 iso_pi(sk)->sync_handle = -1;
911
912 if (sa->iso_bc->bc_sid > 0x0f)
913 return -EINVAL;
914
915 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
916
917 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
918 return -EINVAL;
919
920 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
921
922 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
923 if (sa->iso_bc->bc_bis[i] < 0x01 ||
924 sa->iso_bc->bc_bis[i] > 0x1f)
925 return -EINVAL;
926
927 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
928 iso_pi(sk)->bc_num_bis);
929
930 return 0;
931}
932
933static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa,
934 int addr_len)
935{
936 int err = 0;
937
938 if (sk->sk_type != SOCK_SEQPACKET) {
939 err = -EINVAL;
940 goto done;
941 }
942
943 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) {
944 err = -EINVAL;
945 goto done;
946 }
947
948 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
949 err = -EINVAL;
950 goto done;
951 }
952
953 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
954
955 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
956 if (sa->iso_bc->bc_bis[i] < 0x01 ||
957 sa->iso_bc->bc_bis[i] > 0x1f) {
958 err = -EINVAL;
959 goto done;
960 }
961
962 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
963 iso_pi(sk)->bc_num_bis);
964
965done:
966 return err;
967}
968
969static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
970 int addr_len)
971{
972 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
973 struct sock *sk = sock->sk;
974 int err = 0;
975
976 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
977
978 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
979 addr->sa_family != AF_BLUETOOTH)
980 return -EINVAL;
981
982 lock_sock(sk);
983
984 /* Allow the user to bind a PA sync socket to a number
985 * of BISes to sync to.
986 */
987 if (sk->sk_state == BT_CONNECT2 &&
988 test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
989 err = iso_sock_bind_pa_sk(sk, sa, addr_len);
990 goto done;
991 }
992
993 if (sk->sk_state != BT_OPEN) {
994 err = -EBADFD;
995 goto done;
996 }
997
998 if (sk->sk_type != SOCK_SEQPACKET) {
999 err = -EINVAL;
1000 goto done;
1001 }
1002
1003 /* Check if the address type is of LE type */
1004 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
1005 err = -EINVAL;
1006 goto done;
1007 }
1008
1009 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
1010 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
1011
1012 /* Check for Broadcast address */
1013 if (addr_len > sizeof(*sa)) {
1014 err = iso_sock_bind_bc(sock, addr, addr_len);
1015 if (err)
1016 goto done;
1017 }
1018
1019 sk->sk_state = BT_BOUND;
1020
1021done:
1022 release_sock(sk);
1023 return err;
1024}
1025
1026static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
1027 int alen, int flags)
1028{
1029 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1030 struct sock *sk = sock->sk;
1031 int err;
1032
1033 BT_DBG("sk %p", sk);
1034
1035 if (alen < sizeof(struct sockaddr_iso) ||
1036 addr->sa_family != AF_BLUETOOTH)
1037 return -EINVAL;
1038
1039 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1040 return -EBADFD;
1041
1042 if (sk->sk_type != SOCK_SEQPACKET)
1043 return -EINVAL;
1044
1045 /* Check if the address type is of LE type */
1046 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1047 return -EINVAL;
1048
1049 lock_sock(sk);
1050
1051 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1052 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1053
1054 release_sock(sk);
1055
1056 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1057 err = iso_connect_cis(sk);
1058 else
1059 err = iso_connect_bis(sk);
1060
1061 if (err)
1062 return err;
1063
1064 lock_sock(sk);
1065
1066 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1067 err = bt_sock_wait_state(sk, BT_CONNECTED,
1068 sock_sndtimeo(sk, flags & O_NONBLOCK));
1069 }
1070
1071 release_sock(sk);
1072 return err;
1073}
1074
1075static int iso_listen_bis(struct sock *sk)
1076{
1077 struct hci_dev *hdev;
1078 int err = 0;
1079
1080 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1081 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1082
1083 write_lock(&iso_sk_list.lock);
1084
1085 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1086 iso_pi(sk)->bc_sid))
1087 err = -EADDRINUSE;
1088
1089 write_unlock(&iso_sk_list.lock);
1090
1091 if (err)
1092 return err;
1093
1094 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1095 iso_pi(sk)->src_type);
1096 if (!hdev)
1097 return -EHOSTUNREACH;
1098
1099 /* Fail if user set invalid QoS */
1100 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1101 iso_pi(sk)->qos = default_qos;
1102 return -EINVAL;
1103 }
1104
1105 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1106 le_addr_type(iso_pi(sk)->dst_type),
1107 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1108
1109 hci_dev_put(hdev);
1110
1111 return err;
1112}
1113
1114static int iso_listen_cis(struct sock *sk)
1115{
1116 int err = 0;
1117
1118 BT_DBG("%pMR", &iso_pi(sk)->src);
1119
1120 write_lock(&iso_sk_list.lock);
1121
1122 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1123 err = -EADDRINUSE;
1124
1125 write_unlock(&iso_sk_list.lock);
1126
1127 return err;
1128}
1129
1130static int iso_sock_listen(struct socket *sock, int backlog)
1131{
1132 struct sock *sk = sock->sk;
1133 int err = 0;
1134
1135 BT_DBG("sk %p backlog %d", sk, backlog);
1136
1137 lock_sock(sk);
1138
1139 if (sk->sk_state != BT_BOUND) {
1140 err = -EBADFD;
1141 goto done;
1142 }
1143
1144 if (sk->sk_type != SOCK_SEQPACKET) {
1145 err = -EINVAL;
1146 goto done;
1147 }
1148
1149 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1150 err = iso_listen_cis(sk);
1151 else
1152 err = iso_listen_bis(sk);
1153
1154 if (err)
1155 goto done;
1156
1157 sk->sk_max_ack_backlog = backlog;
1158 sk->sk_ack_backlog = 0;
1159
1160 sk->sk_state = BT_LISTEN;
1161
1162done:
1163 release_sock(sk);
1164 return err;
1165}
1166
1167static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1168 int flags, bool kern)
1169{
1170 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1171 struct sock *sk = sock->sk, *ch;
1172 long timeo;
1173 int err = 0;
1174
1175 lock_sock(sk);
1176
1177 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1178
1179 BT_DBG("sk %p timeo %ld", sk, timeo);
1180
1181 /* Wait for an incoming connection. (wake-one). */
1182 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1183 while (1) {
1184 if (sk->sk_state != BT_LISTEN) {
1185 err = -EBADFD;
1186 break;
1187 }
1188
1189 ch = bt_accept_dequeue(sk, newsock);
1190 if (ch)
1191 break;
1192
1193 if (!timeo) {
1194 err = -EAGAIN;
1195 break;
1196 }
1197
1198 if (signal_pending(current)) {
1199 err = sock_intr_errno(timeo);
1200 break;
1201 }
1202
1203 release_sock(sk);
1204
1205 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1206 lock_sock(sk);
1207 }
1208 remove_wait_queue(sk_sleep(sk), &wait);
1209
1210 if (err)
1211 goto done;
1212
1213 newsock->state = SS_CONNECTED;
1214
1215 BT_DBG("new socket %p", ch);
1216
1217done:
1218 release_sock(sk);
1219 return err;
1220}
1221
1222static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1223 int peer)
1224{
1225 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1226 struct sock *sk = sock->sk;
1227
1228 BT_DBG("sock %p, sk %p", sock, sk);
1229
1230 addr->sa_family = AF_BLUETOOTH;
1231
1232 if (peer) {
1233 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1234 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1235 } else {
1236 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1237 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1238 }
1239
1240 return sizeof(struct sockaddr_iso);
1241}
1242
1243static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1244 size_t len)
1245{
1246 struct sock *sk = sock->sk;
1247 struct sk_buff *skb, **frag;
1248 size_t mtu;
1249 int err;
1250
1251 BT_DBG("sock %p, sk %p", sock, sk);
1252
1253 err = sock_error(sk);
1254 if (err)
1255 return err;
1256
1257 if (msg->msg_flags & MSG_OOB)
1258 return -EOPNOTSUPP;
1259
1260 lock_sock(sk);
1261
1262 if (sk->sk_state != BT_CONNECTED) {
1263 release_sock(sk);
1264 return -ENOTCONN;
1265 }
1266
1267 mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu;
1268
1269 release_sock(sk);
1270
1271 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1272 if (IS_ERR(skb))
1273 return PTR_ERR(skb);
1274
1275 len -= skb->len;
1276
1277 BT_DBG("skb %p len %d", sk, skb->len);
1278
1279 /* Continuation fragments */
1280 frag = &skb_shinfo(skb)->frag_list;
1281 while (len) {
1282 struct sk_buff *tmp;
1283
1284 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1285 if (IS_ERR(tmp)) {
1286 kfree_skb(skb);
1287 return PTR_ERR(tmp);
1288 }
1289
1290 *frag = tmp;
1291
1292 len -= tmp->len;
1293
1294 skb->len += tmp->len;
1295 skb->data_len += tmp->len;
1296
1297 BT_DBG("frag %p len %d", *frag, tmp->len);
1298
1299 frag = &(*frag)->next;
1300 }
1301
1302 lock_sock(sk);
1303
1304 if (sk->sk_state == BT_CONNECTED)
1305 err = iso_send_frame(sk, skb);
1306 else
1307 err = -ENOTCONN;
1308
1309 release_sock(sk);
1310
1311 if (err < 0)
1312 kfree_skb(skb);
1313 return err;
1314}
1315
1316static void iso_conn_defer_accept(struct hci_conn *conn)
1317{
1318 struct hci_cp_le_accept_cis cp;
1319 struct hci_dev *hdev = conn->hdev;
1320
1321 BT_DBG("conn %p", conn);
1322
1323 conn->state = BT_CONFIG;
1324
1325 cp.handle = cpu_to_le16(conn->handle);
1326
1327 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1328}
1329
1330static void iso_conn_big_sync(struct sock *sk)
1331{
1332 int err;
1333 struct hci_dev *hdev;
1334
1335 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1336 iso_pi(sk)->src_type);
1337
1338 if (!hdev)
1339 return;
1340
1341 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1342 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1343 &iso_pi(sk)->qos,
1344 iso_pi(sk)->sync_handle,
1345 iso_pi(sk)->bc_num_bis,
1346 iso_pi(sk)->bc_bis);
1347 if (err)
1348 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1349 err);
1350 }
1351}
1352
1353static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1354 size_t len, int flags)
1355{
1356 struct sock *sk = sock->sk;
1357 struct iso_pinfo *pi = iso_pi(sk);
1358
1359 BT_DBG("sk %p", sk);
1360
1361 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1362 lock_sock(sk);
1363 switch (sk->sk_state) {
1364 case BT_CONNECT2:
1365 if (pi->conn->hcon &&
1366 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) {
1367 iso_conn_big_sync(sk);
1368 sk->sk_state = BT_LISTEN;
1369 } else {
1370 iso_conn_defer_accept(pi->conn->hcon);
1371 sk->sk_state = BT_CONFIG;
1372 }
1373 release_sock(sk);
1374 return 0;
1375 case BT_CONNECT:
1376 release_sock(sk);
1377 return iso_connect_cis(sk);
1378 default:
1379 release_sock(sk);
1380 break;
1381 }
1382 }
1383
1384 return bt_sock_recvmsg(sock, msg, len, flags);
1385}
1386
1387static bool check_io_qos(struct bt_iso_io_qos *qos)
1388{
1389 /* If no PHY is enable SDU must be 0 */
1390 if (!qos->phy && qos->sdu)
1391 return false;
1392
1393 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1394 return false;
1395
1396 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1397 return false;
1398
1399 if (qos->phy > BT_ISO_PHY_ANY)
1400 return false;
1401
1402 return true;
1403}
1404
1405static bool check_ucast_qos(struct bt_iso_qos *qos)
1406{
1407 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1408 return false;
1409
1410 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1411 return false;
1412
1413 if (qos->ucast.sca > 0x07)
1414 return false;
1415
1416 if (qos->ucast.packing > 0x01)
1417 return false;
1418
1419 if (qos->ucast.framing > 0x01)
1420 return false;
1421
1422 if (!check_io_qos(&qos->ucast.in))
1423 return false;
1424
1425 if (!check_io_qos(&qos->ucast.out))
1426 return false;
1427
1428 return true;
1429}
1430
1431static bool check_bcast_qos(struct bt_iso_qos *qos)
1432{
1433 if (qos->bcast.sync_factor == 0x00)
1434 return false;
1435
1436 if (qos->bcast.packing > 0x01)
1437 return false;
1438
1439 if (qos->bcast.framing > 0x01)
1440 return false;
1441
1442 if (!check_io_qos(&qos->bcast.in))
1443 return false;
1444
1445 if (!check_io_qos(&qos->bcast.out))
1446 return false;
1447
1448 if (qos->bcast.encryption > 0x01)
1449 return false;
1450
1451 if (qos->bcast.options > 0x07)
1452 return false;
1453
1454 if (qos->bcast.skip > 0x01f3)
1455 return false;
1456
1457 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1458 return false;
1459
1460 if (qos->bcast.sync_cte_type > 0x1f)
1461 return false;
1462
1463 if (qos->bcast.mse > 0x1f)
1464 return false;
1465
1466 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1467 return false;
1468
1469 return true;
1470}
1471
1472static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1473 sockptr_t optval, unsigned int optlen)
1474{
1475 struct sock *sk = sock->sk;
1476 int len, err = 0;
1477 struct bt_iso_qos qos = default_qos;
1478 u32 opt;
1479
1480 BT_DBG("sk %p", sk);
1481
1482 lock_sock(sk);
1483
1484 switch (optname) {
1485 case BT_DEFER_SETUP:
1486 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1487 err = -EINVAL;
1488 break;
1489 }
1490
1491 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1492 err = -EFAULT;
1493 break;
1494 }
1495
1496 if (opt)
1497 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1498 else
1499 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1500 break;
1501
1502 case BT_PKT_STATUS:
1503 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1504 err = -EFAULT;
1505 break;
1506 }
1507
1508 if (opt)
1509 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1510 else
1511 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1512 break;
1513
1514 case BT_ISO_QOS:
1515 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1516 sk->sk_state != BT_CONNECT2) {
1517 err = -EINVAL;
1518 break;
1519 }
1520
1521 len = min_t(unsigned int, sizeof(qos), optlen);
1522
1523 if (copy_from_sockptr(&qos, optval, len)) {
1524 err = -EFAULT;
1525 break;
1526 }
1527
1528 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) {
1529 err = -EINVAL;
1530 break;
1531 }
1532
1533 iso_pi(sk)->qos = qos;
1534 iso_pi(sk)->qos_user_set = true;
1535
1536 break;
1537
1538 case BT_ISO_BASE:
1539 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1540 sk->sk_state != BT_CONNECT2) {
1541 err = -EINVAL;
1542 break;
1543 }
1544
1545 if (optlen > sizeof(iso_pi(sk)->base)) {
1546 err = -EOVERFLOW;
1547 break;
1548 }
1549
1550 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen);
1551
1552 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) {
1553 err = -EFAULT;
1554 break;
1555 }
1556
1557 iso_pi(sk)->base_len = len;
1558
1559 break;
1560
1561 default:
1562 err = -ENOPROTOOPT;
1563 break;
1564 }
1565
1566 release_sock(sk);
1567 return err;
1568}
1569
1570static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1571 char __user *optval, int __user *optlen)
1572{
1573 struct sock *sk = sock->sk;
1574 int len, err = 0;
1575 struct bt_iso_qos *qos;
1576 u8 base_len;
1577 u8 *base;
1578
1579 BT_DBG("sk %p", sk);
1580
1581 if (get_user(len, optlen))
1582 return -EFAULT;
1583
1584 lock_sock(sk);
1585
1586 switch (optname) {
1587 case BT_DEFER_SETUP:
1588 if (sk->sk_state == BT_CONNECTED) {
1589 err = -EINVAL;
1590 break;
1591 }
1592
1593 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1594 (u32 __user *)optval))
1595 err = -EFAULT;
1596
1597 break;
1598
1599 case BT_PKT_STATUS:
1600 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1601 (int __user *)optval))
1602 err = -EFAULT;
1603 break;
1604
1605 case BT_ISO_QOS:
1606 qos = iso_sock_get_qos(sk);
1607
1608 len = min_t(unsigned int, len, sizeof(*qos));
1609 if (copy_to_user(optval, qos, len))
1610 err = -EFAULT;
1611
1612 break;
1613
1614 case BT_ISO_BASE:
1615 if (sk->sk_state == BT_CONNECTED &&
1616 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1617 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1618 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1619 } else {
1620 base_len = iso_pi(sk)->base_len;
1621 base = iso_pi(sk)->base;
1622 }
1623
1624 len = min_t(unsigned int, len, base_len);
1625 if (copy_to_user(optval, base, len))
1626 err = -EFAULT;
1627 if (put_user(len, optlen))
1628 err = -EFAULT;
1629
1630 break;
1631
1632 default:
1633 err = -ENOPROTOOPT;
1634 break;
1635 }
1636
1637 release_sock(sk);
1638 return err;
1639}
1640
1641static int iso_sock_shutdown(struct socket *sock, int how)
1642{
1643 struct sock *sk = sock->sk;
1644 int err = 0;
1645
1646 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1647
1648 if (!sk)
1649 return 0;
1650
1651 sock_hold(sk);
1652 lock_sock(sk);
1653
1654 switch (how) {
1655 case SHUT_RD:
1656 if (sk->sk_shutdown & RCV_SHUTDOWN)
1657 goto unlock;
1658 sk->sk_shutdown |= RCV_SHUTDOWN;
1659 break;
1660 case SHUT_WR:
1661 if (sk->sk_shutdown & SEND_SHUTDOWN)
1662 goto unlock;
1663 sk->sk_shutdown |= SEND_SHUTDOWN;
1664 break;
1665 case SHUT_RDWR:
1666 if (sk->sk_shutdown & SHUTDOWN_MASK)
1667 goto unlock;
1668 sk->sk_shutdown |= SHUTDOWN_MASK;
1669 break;
1670 }
1671
1672 iso_sock_clear_timer(sk);
1673 __iso_sock_close(sk);
1674
1675 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1676 !(current->flags & PF_EXITING))
1677 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1678
1679unlock:
1680 release_sock(sk);
1681 sock_put(sk);
1682
1683 return err;
1684}
1685
1686static int iso_sock_release(struct socket *sock)
1687{
1688 struct sock *sk = sock->sk;
1689 int err = 0;
1690
1691 BT_DBG("sock %p, sk %p", sock, sk);
1692
1693 if (!sk)
1694 return 0;
1695
1696 iso_sock_close(sk);
1697
1698 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1699 !(current->flags & PF_EXITING)) {
1700 lock_sock(sk);
1701 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1702 release_sock(sk);
1703 }
1704
1705 sock_orphan(sk);
1706 iso_sock_kill(sk);
1707 return err;
1708}
1709
1710static void iso_sock_ready(struct sock *sk)
1711{
1712 BT_DBG("sk %p", sk);
1713
1714 if (!sk)
1715 return;
1716
1717 lock_sock(sk);
1718 iso_sock_clear_timer(sk);
1719 sk->sk_state = BT_CONNECTED;
1720 sk->sk_state_change(sk);
1721 release_sock(sk);
1722}
1723
1724struct iso_list_data {
1725 struct hci_conn *hcon;
1726 int count;
1727};
1728
1729static bool iso_match_big(struct sock *sk, void *data)
1730{
1731 struct hci_evt_le_big_sync_estabilished *ev = data;
1732
1733 return ev->handle == iso_pi(sk)->qos.bcast.big;
1734}
1735
1736static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1737{
1738 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1739}
1740
1741static void iso_conn_ready(struct iso_conn *conn)
1742{
1743 struct sock *parent = NULL;
1744 struct sock *sk = conn->sk;
1745 struct hci_ev_le_big_sync_estabilished *ev = NULL;
1746 struct hci_ev_le_pa_sync_established *ev2 = NULL;
1747 struct hci_evt_le_big_info_adv_report *ev3 = NULL;
1748 struct hci_conn *hcon;
1749
1750 BT_DBG("conn %p", conn);
1751
1752 if (sk) {
1753 iso_sock_ready(conn->sk);
1754 } else {
1755 hcon = conn->hcon;
1756 if (!hcon)
1757 return;
1758
1759 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1760 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1761 ev = hci_recv_event_data(hcon->hdev,
1762 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1763
1764 /* Get reference to PA sync parent socket, if it exists */
1765 parent = iso_get_sock_listen(&hcon->src,
1766 &hcon->dst,
1767 iso_match_pa_sync_flag, NULL);
1768 if (!parent && ev)
1769 parent = iso_get_sock_listen(&hcon->src,
1770 &hcon->dst,
1771 iso_match_big, ev);
1772 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1773 ev2 = hci_recv_event_data(hcon->hdev,
1774 HCI_EV_LE_PA_SYNC_ESTABLISHED);
1775 if (ev2)
1776 parent = iso_get_sock_listen(&hcon->src,
1777 &hcon->dst,
1778 iso_match_sid, ev2);
1779 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1780 ev3 = hci_recv_event_data(hcon->hdev,
1781 HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1782 if (ev3)
1783 parent = iso_get_sock_listen(&hcon->src,
1784 &hcon->dst,
1785 iso_match_sync_handle, ev3);
1786 }
1787
1788 if (!parent)
1789 parent = iso_get_sock_listen(&hcon->src,
1790 BDADDR_ANY, NULL, NULL);
1791
1792 if (!parent)
1793 return;
1794
1795 lock_sock(parent);
1796
1797 sk = iso_sock_alloc(sock_net(parent), NULL,
1798 BTPROTO_ISO, GFP_ATOMIC, 0);
1799 if (!sk) {
1800 release_sock(parent);
1801 return;
1802 }
1803
1804 iso_sock_init(sk, parent);
1805
1806 bacpy(&iso_pi(sk)->src, &hcon->src);
1807
1808 /* Convert from HCI to three-value type */
1809 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1810 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1811 else
1812 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1813
1814 /* If hcon has no destination address (BDADDR_ANY) it means it
1815 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1816 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1817 * the parent socket destination address.
1818 */
1819 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1820 bacpy(&hcon->dst, &iso_pi(parent)->dst);
1821 hcon->dst_type = iso_pi(parent)->dst_type;
1822 hcon->sync_handle = iso_pi(parent)->sync_handle;
1823 }
1824
1825 if (ev3) {
1826 iso_pi(sk)->qos = iso_pi(parent)->qos;
1827 iso_pi(sk)->qos.bcast.encryption = ev3->encryption;
1828 hcon->iso_qos = iso_pi(sk)->qos;
1829 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1830 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1831 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1832 }
1833
1834 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1835 iso_pi(sk)->dst_type = hcon->dst_type;
1836 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1837 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1838 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1839
1840 hci_conn_hold(hcon);
1841 iso_chan_add(conn, sk, parent);
1842
1843 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1844 (ev2 && ev2->status)) {
1845 /* Trigger error signal on child socket */
1846 sk->sk_err = ECONNREFUSED;
1847 sk->sk_error_report(sk);
1848 }
1849
1850 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1851 sk->sk_state = BT_CONNECT2;
1852 else
1853 sk->sk_state = BT_CONNECTED;
1854
1855 /* Wake up parent */
1856 parent->sk_data_ready(parent);
1857
1858 release_sock(parent);
1859 sock_put(parent);
1860 }
1861}
1862
1863static bool iso_match_sid(struct sock *sk, void *data)
1864{
1865 struct hci_ev_le_pa_sync_established *ev = data;
1866
1867 return ev->sid == iso_pi(sk)->bc_sid;
1868}
1869
1870static bool iso_match_sync_handle(struct sock *sk, void *data)
1871{
1872 struct hci_evt_le_big_info_adv_report *ev = data;
1873
1874 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1875}
1876
1877static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1878{
1879 struct hci_ev_le_per_adv_report *ev = data;
1880
1881 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1882}
1883
1884/* ----- ISO interface with lower layer (HCI) ----- */
1885
1886int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1887{
1888 struct hci_ev_le_pa_sync_established *ev1;
1889 struct hci_evt_le_big_info_adv_report *ev2;
1890 struct hci_ev_le_per_adv_report *ev3;
1891 struct sock *sk;
1892 int lm = 0;
1893
1894 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1895
1896 /* Broadcast receiver requires handling of some events before it can
1897 * proceed to establishing a BIG sync:
1898 *
1899 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1900 * SID to listen to and once sync is estabilished its handle needs to
1901 * be stored in iso_pi(sk)->sync_handle so it can be matched once
1902 * receiving the BIG Info.
1903 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1904 * a BIG Info it attempts to check if there any listening socket with
1905 * the same sync_handle and if it does then attempt to create a sync.
1906 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1907 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1908 * broadcast sink.
1909 */
1910 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1911 if (ev1) {
1912 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1913 ev1);
1914 if (sk && !ev1->status)
1915 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1916
1917 goto done;
1918 }
1919
1920 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1921 if (ev2) {
1922 /* Try to get PA sync listening socket, if it exists */
1923 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1924 iso_match_pa_sync_flag, NULL);
1925
1926 if (!sk) {
1927 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1928 iso_match_sync_handle, ev2);
1929
1930 /* If PA Sync is in process of terminating,
1931 * do not handle any more BIGInfo adv reports.
1932 */
1933
1934 if (sk && test_bit(BT_SK_PA_SYNC_TERM,
1935 &iso_pi(sk)->flags))
1936 return lm;
1937 }
1938
1939 if (sk) {
1940 int err;
1941
1942 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1943 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1944
1945 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1946 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1947 err = hci_le_big_create_sync(hdev, NULL,
1948 &iso_pi(sk)->qos,
1949 iso_pi(sk)->sync_handle,
1950 iso_pi(sk)->bc_num_bis,
1951 iso_pi(sk)->bc_bis);
1952 if (err) {
1953 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1954 err);
1955 sock_put(sk);
1956 sk = NULL;
1957 }
1958 }
1959 }
1960 }
1961
1962 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1963 if (ev3) {
1964 size_t base_len = ev3->length;
1965 u8 *base;
1966
1967 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1968 iso_match_sync_handle_pa_report, ev3);
1969 base = eir_get_service_data(ev3->data, ev3->length,
1970 EIR_BAA_SERVICE_UUID, &base_len);
1971 if (base && sk && base_len <= sizeof(iso_pi(sk)->base)) {
1972 memcpy(iso_pi(sk)->base, base, base_len);
1973 iso_pi(sk)->base_len = base_len;
1974 }
1975 } else {
1976 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1977 }
1978
1979done:
1980 if (!sk)
1981 return lm;
1982
1983 lm |= HCI_LM_ACCEPT;
1984
1985 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1986 *flags |= HCI_PROTO_DEFER;
1987
1988 sock_put(sk);
1989
1990 return lm;
1991}
1992
1993static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1994{
1995 if (hcon->type != ISO_LINK) {
1996 if (hcon->type != LE_LINK)
1997 return;
1998
1999 /* Check if LE link has failed */
2000 if (status) {
2001 struct hci_link *link, *t;
2002
2003 list_for_each_entry_safe(link, t, &hcon->link_list,
2004 list)
2005 iso_conn_del(link->conn, bt_to_errno(status));
2006
2007 return;
2008 }
2009
2010 /* Create CIS if pending */
2011 hci_le_create_cis_pending(hcon->hdev);
2012 return;
2013 }
2014
2015 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2016
2017 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2018 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2019 * into the accept queue of the listening socket and wake up
2020 * userspace, to inform the user about the event.
2021 */
2022 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2023 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2024 struct iso_conn *conn;
2025
2026 conn = iso_conn_add(hcon);
2027 if (conn)
2028 iso_conn_ready(conn);
2029 } else {
2030 iso_conn_del(hcon, bt_to_errno(status));
2031 }
2032}
2033
2034static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2035{
2036 if (hcon->type != ISO_LINK)
2037 return;
2038
2039 BT_DBG("hcon %p reason %d", hcon, reason);
2040
2041 iso_conn_del(hcon, bt_to_errno(reason));
2042}
2043
2044void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2045{
2046 struct iso_conn *conn = hcon->iso_data;
2047 __u16 pb, ts, len;
2048
2049 if (!conn)
2050 goto drop;
2051
2052 pb = hci_iso_flags_pb(flags);
2053 ts = hci_iso_flags_ts(flags);
2054
2055 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2056
2057 switch (pb) {
2058 case ISO_START:
2059 case ISO_SINGLE:
2060 if (conn->rx_len) {
2061 BT_ERR("Unexpected start frame (len %d)", skb->len);
2062 kfree_skb(conn->rx_skb);
2063 conn->rx_skb = NULL;
2064 conn->rx_len = 0;
2065 }
2066
2067 if (ts) {
2068 struct hci_iso_ts_data_hdr *hdr;
2069
2070 /* TODO: add timestamp to the packet? */
2071 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2072 if (!hdr) {
2073 BT_ERR("Frame is too short (len %d)", skb->len);
2074 goto drop;
2075 }
2076
2077 len = __le16_to_cpu(hdr->slen);
2078 } else {
2079 struct hci_iso_data_hdr *hdr;
2080
2081 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2082 if (!hdr) {
2083 BT_ERR("Frame is too short (len %d)", skb->len);
2084 goto drop;
2085 }
2086
2087 len = __le16_to_cpu(hdr->slen);
2088 }
2089
2090 flags = hci_iso_data_flags(len);
2091 len = hci_iso_data_len(len);
2092
2093 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2094 skb->len, flags);
2095
2096 if (len == skb->len) {
2097 /* Complete frame received */
2098 hci_skb_pkt_status(skb) = flags & 0x03;
2099 iso_recv_frame(conn, skb);
2100 return;
2101 }
2102
2103 if (pb == ISO_SINGLE) {
2104 BT_ERR("Frame malformed (len %d, expected len %d)",
2105 skb->len, len);
2106 goto drop;
2107 }
2108
2109 if (skb->len > len) {
2110 BT_ERR("Frame is too long (len %d, expected len %d)",
2111 skb->len, len);
2112 goto drop;
2113 }
2114
2115 /* Allocate skb for the complete frame (with header) */
2116 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2117 if (!conn->rx_skb)
2118 goto drop;
2119
2120 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2121 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2122 skb->len);
2123 conn->rx_len = len - skb->len;
2124 break;
2125
2126 case ISO_CONT:
2127 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2128 conn->rx_len);
2129
2130 if (!conn->rx_len) {
2131 BT_ERR("Unexpected continuation frame (len %d)",
2132 skb->len);
2133 goto drop;
2134 }
2135
2136 if (skb->len > conn->rx_len) {
2137 BT_ERR("Fragment is too long (len %d, expected %d)",
2138 skb->len, conn->rx_len);
2139 kfree_skb(conn->rx_skb);
2140 conn->rx_skb = NULL;
2141 conn->rx_len = 0;
2142 goto drop;
2143 }
2144
2145 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2146 skb->len);
2147 conn->rx_len -= skb->len;
2148 return;
2149
2150 case ISO_END:
2151 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2152 skb->len);
2153 conn->rx_len -= skb->len;
2154
2155 if (!conn->rx_len) {
2156 struct sk_buff *rx_skb = conn->rx_skb;
2157
2158 /* Complete frame received. iso_recv_frame
2159 * takes ownership of the skb so set the global
2160 * rx_skb pointer to NULL first.
2161 */
2162 conn->rx_skb = NULL;
2163 iso_recv_frame(conn, rx_skb);
2164 }
2165 break;
2166 }
2167
2168drop:
2169 kfree_skb(skb);
2170}
2171
2172static struct hci_cb iso_cb = {
2173 .name = "ISO",
2174 .connect_cfm = iso_connect_cfm,
2175 .disconn_cfm = iso_disconn_cfm,
2176};
2177
2178static int iso_debugfs_show(struct seq_file *f, void *p)
2179{
2180 struct sock *sk;
2181
2182 read_lock(&iso_sk_list.lock);
2183
2184 sk_for_each(sk, &iso_sk_list.head) {
2185 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2186 &iso_pi(sk)->dst, sk->sk_state);
2187 }
2188
2189 read_unlock(&iso_sk_list.lock);
2190
2191 return 0;
2192}
2193
2194DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2195
2196static struct dentry *iso_debugfs;
2197
2198static const struct proto_ops iso_sock_ops = {
2199 .family = PF_BLUETOOTH,
2200 .owner = THIS_MODULE,
2201 .release = iso_sock_release,
2202 .bind = iso_sock_bind,
2203 .connect = iso_sock_connect,
2204 .listen = iso_sock_listen,
2205 .accept = iso_sock_accept,
2206 .getname = iso_sock_getname,
2207 .sendmsg = iso_sock_sendmsg,
2208 .recvmsg = iso_sock_recvmsg,
2209 .poll = bt_sock_poll,
2210 .ioctl = bt_sock_ioctl,
2211 .mmap = sock_no_mmap,
2212 .socketpair = sock_no_socketpair,
2213 .shutdown = iso_sock_shutdown,
2214 .setsockopt = iso_sock_setsockopt,
2215 .getsockopt = iso_sock_getsockopt
2216};
2217
2218static const struct net_proto_family iso_sock_family_ops = {
2219 .family = PF_BLUETOOTH,
2220 .owner = THIS_MODULE,
2221 .create = iso_sock_create,
2222};
2223
2224static bool iso_inited;
2225
2226bool iso_enabled(void)
2227{
2228 return iso_inited;
2229}
2230
2231int iso_init(void)
2232{
2233 int err;
2234
2235 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2236
2237 if (iso_inited)
2238 return -EALREADY;
2239
2240 err = proto_register(&iso_proto, 0);
2241 if (err < 0)
2242 return err;
2243
2244 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2245 if (err < 0) {
2246 BT_ERR("ISO socket registration failed");
2247 goto error;
2248 }
2249
2250 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2251 if (err < 0) {
2252 BT_ERR("Failed to create ISO proc file");
2253 bt_sock_unregister(BTPROTO_ISO);
2254 goto error;
2255 }
2256
2257 BT_INFO("ISO socket layer initialized");
2258
2259 hci_register_cb(&iso_cb);
2260
2261 if (IS_ERR_OR_NULL(bt_debugfs))
2262 return 0;
2263
2264 if (!iso_debugfs) {
2265 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2266 NULL, &iso_debugfs_fops);
2267 }
2268
2269 iso_inited = true;
2270
2271 return 0;
2272
2273error:
2274 proto_unregister(&iso_proto);
2275 return err;
2276}
2277
2278int iso_exit(void)
2279{
2280 if (!iso_inited)
2281 return -EALREADY;
2282
2283 bt_procfs_cleanup(&init_net, "iso");
2284
2285 debugfs_remove(iso_debugfs);
2286 iso_debugfs = NULL;
2287
2288 hci_unregister_cb(&iso_cb);
2289
2290 bt_sock_unregister(BTPROTO_ISO);
2291
2292 proto_unregister(&iso_proto);
2293
2294 iso_inited = false;
2295
2296 return 0;
2297}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 * Copyright 2023-2024 NXP
7 */
8
9#include <linux/module.h>
10#include <linux/debugfs.h>
11#include <linux/seq_file.h>
12#include <linux/sched/signal.h>
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci_core.h>
16#include <net/bluetooth/iso.h>
17#include "eir.h"
18
19static const struct proto_ops iso_sock_ops;
20
21static struct bt_sock_list iso_sk_list = {
22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23};
24
25/* ---- ISO connections ---- */
26struct iso_conn {
27 struct hci_conn *hcon;
28
29 /* @lock: spinlock protecting changes to iso_conn fields */
30 spinlock_t lock;
31 struct sock *sk;
32
33 struct delayed_work timeout_work;
34
35 struct sk_buff *rx_skb;
36 __u32 rx_len;
37 __u16 tx_sn;
38 struct kref ref;
39};
40
41#define iso_conn_lock(c) spin_lock(&(c)->lock)
42#define iso_conn_unlock(c) spin_unlock(&(c)->lock)
43
44static void iso_sock_close(struct sock *sk);
45static void iso_sock_kill(struct sock *sk);
46
47/* ----- ISO socket info ----- */
48#define iso_pi(sk) ((struct iso_pinfo *)sk)
49
50#define EIR_SERVICE_DATA_LENGTH 4
51#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
52#define EIR_BAA_SERVICE_UUID 0x1851
53
54/* iso_pinfo flags values */
55enum {
56 BT_SK_BIG_SYNC,
57 BT_SK_PA_SYNC,
58};
59
60struct iso_pinfo {
61 struct bt_sock bt;
62 bdaddr_t src;
63 __u8 src_type;
64 bdaddr_t dst;
65 __u8 dst_type;
66 __u8 bc_sid;
67 __u8 bc_num_bis;
68 __u8 bc_bis[ISO_MAX_NUM_BIS];
69 __u16 sync_handle;
70 unsigned long flags;
71 struct bt_iso_qos qos;
72 bool qos_user_set;
73 __u8 base_len;
74 __u8 base[BASE_MAX_LENGTH];
75 struct iso_conn *conn;
76};
77
78static struct bt_iso_qos default_qos;
79
80static bool check_ucast_qos(struct bt_iso_qos *qos);
81static bool check_bcast_qos(struct bt_iso_qos *qos);
82static bool iso_match_sid(struct sock *sk, void *data);
83static bool iso_match_sync_handle(struct sock *sk, void *data);
84static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data);
85static void iso_sock_disconn(struct sock *sk);
86
87typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
88
89static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
90 enum bt_sock_state state,
91 iso_sock_match_t match, void *data);
92
93/* ---- ISO timers ---- */
94#define ISO_CONN_TIMEOUT (HZ * 40)
95#define ISO_DISCONN_TIMEOUT (HZ * 2)
96
97static void iso_conn_free(struct kref *ref)
98{
99 struct iso_conn *conn = container_of(ref, struct iso_conn, ref);
100
101 BT_DBG("conn %p", conn);
102
103 if (conn->sk)
104 iso_pi(conn->sk)->conn = NULL;
105
106 if (conn->hcon) {
107 conn->hcon->iso_data = NULL;
108 hci_conn_drop(conn->hcon);
109 }
110
111 /* Ensure no more work items will run since hci_conn has been dropped */
112 disable_delayed_work_sync(&conn->timeout_work);
113
114 kfree(conn);
115}
116
117static void iso_conn_put(struct iso_conn *conn)
118{
119 if (!conn)
120 return;
121
122 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
123
124 kref_put(&conn->ref, iso_conn_free);
125}
126
127static struct iso_conn *iso_conn_hold_unless_zero(struct iso_conn *conn)
128{
129 if (!conn)
130 return NULL;
131
132 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
133
134 if (!kref_get_unless_zero(&conn->ref))
135 return NULL;
136
137 return conn;
138}
139
140static struct sock *iso_sock_hold(struct iso_conn *conn)
141{
142 if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
143 return NULL;
144
145 sock_hold(conn->sk);
146
147 return conn->sk;
148}
149
150static void iso_sock_timeout(struct work_struct *work)
151{
152 struct iso_conn *conn = container_of(work, struct iso_conn,
153 timeout_work.work);
154 struct sock *sk;
155
156 conn = iso_conn_hold_unless_zero(conn);
157 if (!conn)
158 return;
159
160 iso_conn_lock(conn);
161 sk = iso_sock_hold(conn);
162 iso_conn_unlock(conn);
163 iso_conn_put(conn);
164
165 if (!sk)
166 return;
167
168 BT_DBG("sock %p state %d", sk, sk->sk_state);
169
170 lock_sock(sk);
171 sk->sk_err = ETIMEDOUT;
172 sk->sk_state_change(sk);
173 release_sock(sk);
174 sock_put(sk);
175}
176
177static void iso_sock_set_timer(struct sock *sk, long timeout)
178{
179 if (!iso_pi(sk)->conn)
180 return;
181
182 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
183 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
184 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
185}
186
187static void iso_sock_clear_timer(struct sock *sk)
188{
189 if (!iso_pi(sk)->conn)
190 return;
191
192 BT_DBG("sock %p state %d", sk, sk->sk_state);
193 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
194}
195
196/* ---- ISO connections ---- */
197static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
198{
199 struct iso_conn *conn = hcon->iso_data;
200
201 conn = iso_conn_hold_unless_zero(conn);
202 if (conn) {
203 if (!conn->hcon) {
204 iso_conn_lock(conn);
205 conn->hcon = hcon;
206 iso_conn_unlock(conn);
207 }
208 iso_conn_put(conn);
209 return conn;
210 }
211
212 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
213 if (!conn)
214 return NULL;
215
216 kref_init(&conn->ref);
217 spin_lock_init(&conn->lock);
218 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
219
220 hcon->iso_data = conn;
221 conn->hcon = hcon;
222 conn->tx_sn = 0;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227}
228
229/* Delete channel. Must be called on the locked socket. */
230static void iso_chan_del(struct sock *sk, int err)
231{
232 struct iso_conn *conn;
233 struct sock *parent;
234
235 conn = iso_pi(sk)->conn;
236 iso_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 iso_conn_lock(conn);
242 conn->sk = NULL;
243 iso_conn_unlock(conn);
244 iso_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249
250 parent = bt_sk(sk)->parent;
251 if (parent) {
252 bt_accept_unlink(sk);
253 parent->sk_data_ready(parent);
254 } else {
255 sk->sk_state_change(sk);
256 }
257
258 sock_set_flag(sk, SOCK_ZAPPED);
259}
260
261static void iso_conn_del(struct hci_conn *hcon, int err)
262{
263 struct iso_conn *conn = hcon->iso_data;
264 struct sock *sk;
265
266 conn = iso_conn_hold_unless_zero(conn);
267 if (!conn)
268 return;
269
270 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
271
272 /* Kill socket */
273 iso_conn_lock(conn);
274 sk = iso_sock_hold(conn);
275 iso_conn_unlock(conn);
276 iso_conn_put(conn);
277
278 if (!sk) {
279 iso_conn_put(conn);
280 return;
281 }
282
283 lock_sock(sk);
284 iso_sock_clear_timer(sk);
285 iso_chan_del(sk, err);
286 release_sock(sk);
287 sock_put(sk);
288}
289
290static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
291 struct sock *parent)
292{
293 BT_DBG("conn %p", conn);
294
295 if (iso_pi(sk)->conn == conn && conn->sk == sk)
296 return 0;
297
298 if (conn->sk) {
299 BT_ERR("conn->sk already set");
300 return -EBUSY;
301 }
302
303 iso_pi(sk)->conn = conn;
304 conn->sk = sk;
305
306 if (parent)
307 bt_accept_enqueue(parent, sk, true);
308
309 return 0;
310}
311
312static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
313 struct sock *parent)
314{
315 int err;
316
317 iso_conn_lock(conn);
318 err = __iso_chan_add(conn, sk, parent);
319 iso_conn_unlock(conn);
320
321 return err;
322}
323
324static inline u8 le_addr_type(u8 bdaddr_type)
325{
326 if (bdaddr_type == BDADDR_LE_PUBLIC)
327 return ADDR_LE_DEV_PUBLIC;
328 else
329 return ADDR_LE_DEV_RANDOM;
330}
331
332static int iso_connect_bis(struct sock *sk)
333{
334 struct iso_conn *conn;
335 struct hci_conn *hcon;
336 struct hci_dev *hdev;
337 int err;
338
339 BT_DBG("%pMR", &iso_pi(sk)->src);
340
341 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
342 iso_pi(sk)->src_type);
343 if (!hdev)
344 return -EHOSTUNREACH;
345
346 hci_dev_lock(hdev);
347
348 if (!bis_capable(hdev)) {
349 err = -EOPNOTSUPP;
350 goto unlock;
351 }
352
353 /* Fail if user set invalid QoS */
354 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
355 iso_pi(sk)->qos = default_qos;
356 err = -EINVAL;
357 goto unlock;
358 }
359
360 /* Fail if out PHYs are marked as disabled */
361 if (!iso_pi(sk)->qos.bcast.out.phy) {
362 err = -EINVAL;
363 goto unlock;
364 }
365
366 /* Just bind if DEFER_SETUP has been set */
367 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
368 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
369 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
370 iso_pi(sk)->base);
371 if (IS_ERR(hcon)) {
372 err = PTR_ERR(hcon);
373 goto unlock;
374 }
375 } else {
376 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
377 le_addr_type(iso_pi(sk)->dst_type),
378 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
379 iso_pi(sk)->base);
380 if (IS_ERR(hcon)) {
381 err = PTR_ERR(hcon);
382 goto unlock;
383 }
384 }
385
386 conn = iso_conn_add(hcon);
387 if (!conn) {
388 hci_conn_drop(hcon);
389 err = -ENOMEM;
390 goto unlock;
391 }
392
393 lock_sock(sk);
394
395 err = iso_chan_add(conn, sk, NULL);
396 if (err) {
397 release_sock(sk);
398 goto unlock;
399 }
400
401 /* Update source addr of the socket */
402 bacpy(&iso_pi(sk)->src, &hcon->src);
403
404 if (hcon->state == BT_CONNECTED) {
405 iso_sock_clear_timer(sk);
406 sk->sk_state = BT_CONNECTED;
407 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
408 iso_sock_clear_timer(sk);
409 sk->sk_state = BT_CONNECT;
410 } else {
411 sk->sk_state = BT_CONNECT;
412 iso_sock_set_timer(sk, sk->sk_sndtimeo);
413 }
414
415 release_sock(sk);
416
417unlock:
418 hci_dev_unlock(hdev);
419 hci_dev_put(hdev);
420 return err;
421}
422
423static int iso_connect_cis(struct sock *sk)
424{
425 struct iso_conn *conn;
426 struct hci_conn *hcon;
427 struct hci_dev *hdev;
428 int err;
429
430 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
431
432 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
433 iso_pi(sk)->src_type);
434 if (!hdev)
435 return -EHOSTUNREACH;
436
437 hci_dev_lock(hdev);
438
439 if (!cis_central_capable(hdev)) {
440 err = -EOPNOTSUPP;
441 goto unlock;
442 }
443
444 /* Fail if user set invalid QoS */
445 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
446 iso_pi(sk)->qos = default_qos;
447 err = -EINVAL;
448 goto unlock;
449 }
450
451 /* Fail if either PHYs are marked as disabled */
452 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
453 err = -EINVAL;
454 goto unlock;
455 }
456
457 /* Just bind if DEFER_SETUP has been set */
458 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
459 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
460 le_addr_type(iso_pi(sk)->dst_type),
461 &iso_pi(sk)->qos);
462 if (IS_ERR(hcon)) {
463 err = PTR_ERR(hcon);
464 goto unlock;
465 }
466 } else {
467 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
468 le_addr_type(iso_pi(sk)->dst_type),
469 &iso_pi(sk)->qos);
470 if (IS_ERR(hcon)) {
471 err = PTR_ERR(hcon);
472 goto unlock;
473 }
474 }
475
476 conn = iso_conn_add(hcon);
477 if (!conn) {
478 hci_conn_drop(hcon);
479 err = -ENOMEM;
480 goto unlock;
481 }
482
483 lock_sock(sk);
484
485 err = iso_chan_add(conn, sk, NULL);
486 if (err) {
487 release_sock(sk);
488 goto unlock;
489 }
490
491 /* Update source addr of the socket */
492 bacpy(&iso_pi(sk)->src, &hcon->src);
493
494 if (hcon->state == BT_CONNECTED) {
495 iso_sock_clear_timer(sk);
496 sk->sk_state = BT_CONNECTED;
497 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
498 iso_sock_clear_timer(sk);
499 sk->sk_state = BT_CONNECT;
500 } else {
501 sk->sk_state = BT_CONNECT;
502 iso_sock_set_timer(sk, sk->sk_sndtimeo);
503 }
504
505 release_sock(sk);
506
507unlock:
508 hci_dev_unlock(hdev);
509 hci_dev_put(hdev);
510 return err;
511}
512
513static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
514{
515 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
516 return &iso_pi(sk)->conn->hcon->iso_qos;
517
518 return &iso_pi(sk)->qos;
519}
520
521static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
522{
523 struct iso_conn *conn = iso_pi(sk)->conn;
524 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
525 struct hci_iso_data_hdr *hdr;
526 int len = 0;
527
528 BT_DBG("sk %p len %d", sk, skb->len);
529
530 if (skb->len > qos->ucast.out.sdu)
531 return -EMSGSIZE;
532
533 len = skb->len;
534
535 /* Push ISO data header */
536 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
537 hdr->sn = cpu_to_le16(conn->tx_sn++);
538 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
539 HCI_ISO_STATUS_VALID));
540
541 if (sk->sk_state == BT_CONNECTED)
542 hci_send_iso(conn->hcon, skb);
543 else
544 len = -ENOTCONN;
545
546 return len;
547}
548
549static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
550{
551 struct sock *sk;
552
553 iso_conn_lock(conn);
554 sk = conn->sk;
555 iso_conn_unlock(conn);
556
557 if (!sk)
558 goto drop;
559
560 BT_DBG("sk %p len %d", sk, skb->len);
561
562 if (sk->sk_state != BT_CONNECTED)
563 goto drop;
564
565 if (!sock_queue_rcv_skb(sk, skb))
566 return;
567
568drop:
569 kfree_skb(skb);
570}
571
572/* -------- Socket interface ---------- */
573static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
574{
575 struct sock *sk;
576
577 sk_for_each(sk, &iso_sk_list.head) {
578 if (sk->sk_state != BT_LISTEN)
579 continue;
580
581 if (bacmp(&iso_pi(sk)->dst, dst))
582 continue;
583
584 if (!bacmp(&iso_pi(sk)->src, src))
585 return sk;
586 }
587
588 return NULL;
589}
590
591static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
592 __u8 sid)
593{
594 struct sock *sk;
595
596 sk_for_each(sk, &iso_sk_list.head) {
597 if (sk->sk_state != BT_LISTEN)
598 continue;
599
600 if (bacmp(&iso_pi(sk)->src, ba))
601 continue;
602
603 if (bacmp(&iso_pi(sk)->dst, bc))
604 continue;
605
606 if (iso_pi(sk)->bc_sid == sid)
607 return sk;
608 }
609
610 return NULL;
611}
612
613/* Find socket in given state:
614 * source bdaddr (Unicast)
615 * destination bdaddr (Broadcast only)
616 * match func - pass NULL to ignore
617 * match func data - pass -1 to ignore
618 * Returns closest match.
619 */
620static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
621 enum bt_sock_state state,
622 iso_sock_match_t match, void *data)
623{
624 struct sock *sk = NULL, *sk1 = NULL;
625
626 read_lock(&iso_sk_list.lock);
627
628 sk_for_each(sk, &iso_sk_list.head) {
629 if (sk->sk_state != state)
630 continue;
631
632 /* Match Broadcast destination */
633 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
634 continue;
635
636 /* Use Match function if provided */
637 if (match && !match(sk, data))
638 continue;
639
640 /* Exact match. */
641 if (!bacmp(&iso_pi(sk)->src, src)) {
642 sock_hold(sk);
643 break;
644 }
645
646 /* Closest match */
647 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
648 if (sk1)
649 sock_put(sk1);
650
651 sk1 = sk;
652 sock_hold(sk1);
653 }
654 }
655
656 if (sk && sk1)
657 sock_put(sk1);
658
659 read_unlock(&iso_sk_list.lock);
660
661 return sk ? sk : sk1;
662}
663
664static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
665 bdaddr_t *dst, uint8_t big)
666{
667 struct sock *sk = NULL;
668
669 read_lock(&iso_sk_list.lock);
670
671 sk_for_each(sk, &iso_sk_list.head) {
672 if (match_sk == sk)
673 continue;
674
675 /* Look for sockets that have already been
676 * connected to the BIG
677 */
678 if (sk->sk_state != BT_CONNECTED &&
679 sk->sk_state != BT_CONNECT)
680 continue;
681
682 /* Match Broadcast destination */
683 if (bacmp(&iso_pi(sk)->dst, dst))
684 continue;
685
686 /* Match BIG handle */
687 if (iso_pi(sk)->qos.bcast.big != big)
688 continue;
689
690 /* Match source address */
691 if (bacmp(&iso_pi(sk)->src, src))
692 continue;
693
694 sock_hold(sk);
695 break;
696 }
697
698 read_unlock(&iso_sk_list.lock);
699
700 return sk;
701}
702
703static void iso_sock_destruct(struct sock *sk)
704{
705 BT_DBG("sk %p", sk);
706
707 iso_conn_put(iso_pi(sk)->conn);
708
709 skb_queue_purge(&sk->sk_receive_queue);
710 skb_queue_purge(&sk->sk_write_queue);
711}
712
713static void iso_sock_cleanup_listen(struct sock *parent)
714{
715 struct sock *sk;
716
717 BT_DBG("parent %p", parent);
718
719 /* Close not yet accepted channels */
720 while ((sk = bt_accept_dequeue(parent, NULL))) {
721 iso_sock_close(sk);
722 iso_sock_kill(sk);
723 }
724
725 /* If listening socket has a hcon, properly disconnect it */
726 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) {
727 iso_sock_disconn(parent);
728 return;
729 }
730
731 parent->sk_state = BT_CLOSED;
732 sock_set_flag(parent, SOCK_ZAPPED);
733}
734
735/* Kill socket (only if zapped and orphan)
736 * Must be called on unlocked socket.
737 */
738static void iso_sock_kill(struct sock *sk)
739{
740 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
741 sock_flag(sk, SOCK_DEAD))
742 return;
743
744 BT_DBG("sk %p state %d", sk, sk->sk_state);
745
746 /* Kill poor orphan */
747 bt_sock_unlink(&iso_sk_list, sk);
748 sock_set_flag(sk, SOCK_DEAD);
749 sock_put(sk);
750}
751
752static void iso_sock_disconn(struct sock *sk)
753{
754 struct sock *bis_sk;
755 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
756
757 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
758 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
759 &iso_pi(sk)->dst,
760 iso_pi(sk)->qos.bcast.big);
761
762 /* If there are any other connected sockets for the
763 * same BIG, just delete the sk and leave the bis
764 * hcon active, in case later rebinding is needed.
765 */
766 if (bis_sk) {
767 hcon->state = BT_OPEN;
768 hcon->iso_data = NULL;
769 iso_pi(sk)->conn->hcon = NULL;
770 iso_sock_clear_timer(sk);
771 iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
772 sock_put(bis_sk);
773 return;
774 }
775 }
776
777 sk->sk_state = BT_DISCONN;
778 iso_conn_lock(iso_pi(sk)->conn);
779 hci_conn_drop(iso_pi(sk)->conn->hcon);
780 iso_pi(sk)->conn->hcon = NULL;
781 iso_conn_unlock(iso_pi(sk)->conn);
782}
783
784static void __iso_sock_close(struct sock *sk)
785{
786 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
787
788 switch (sk->sk_state) {
789 case BT_LISTEN:
790 iso_sock_cleanup_listen(sk);
791 break;
792
793 case BT_CONNECT:
794 case BT_CONNECTED:
795 case BT_CONFIG:
796 if (iso_pi(sk)->conn->hcon)
797 iso_sock_disconn(sk);
798 else
799 iso_chan_del(sk, ECONNRESET);
800 break;
801
802 case BT_CONNECT2:
803 if (iso_pi(sk)->conn->hcon &&
804 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
805 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
806 iso_sock_disconn(sk);
807 else
808 iso_chan_del(sk, ECONNRESET);
809 break;
810 case BT_DISCONN:
811 iso_chan_del(sk, ECONNRESET);
812 break;
813
814 default:
815 sock_set_flag(sk, SOCK_ZAPPED);
816 break;
817 }
818}
819
820/* Must be called on unlocked socket. */
821static void iso_sock_close(struct sock *sk)
822{
823 iso_sock_clear_timer(sk);
824 lock_sock(sk);
825 __iso_sock_close(sk);
826 release_sock(sk);
827 iso_sock_kill(sk);
828}
829
830static void iso_sock_init(struct sock *sk, struct sock *parent)
831{
832 BT_DBG("sk %p", sk);
833
834 if (parent) {
835 sk->sk_type = parent->sk_type;
836 bt_sk(sk)->flags = bt_sk(parent)->flags;
837 security_sk_clone(parent, sk);
838 }
839}
840
841static struct proto iso_proto = {
842 .name = "ISO",
843 .owner = THIS_MODULE,
844 .obj_size = sizeof(struct iso_pinfo)
845};
846
847#define DEFAULT_IO_QOS \
848{ \
849 .interval = 10000u, \
850 .latency = 10u, \
851 .sdu = 40u, \
852 .phy = BT_ISO_PHY_2M, \
853 .rtn = 2u, \
854}
855
856static struct bt_iso_qos default_qos = {
857 .bcast = {
858 .big = BT_ISO_QOS_BIG_UNSET,
859 .bis = BT_ISO_QOS_BIS_UNSET,
860 .sync_factor = 0x01,
861 .packing = 0x00,
862 .framing = 0x00,
863 .in = DEFAULT_IO_QOS,
864 .out = DEFAULT_IO_QOS,
865 .encryption = 0x00,
866 .bcode = {0x00},
867 .options = 0x00,
868 .skip = 0x0000,
869 .sync_timeout = BT_ISO_SYNC_TIMEOUT,
870 .sync_cte_type = 0x00,
871 .mse = 0x00,
872 .timeout = BT_ISO_SYNC_TIMEOUT,
873 },
874};
875
876static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
877 int proto, gfp_t prio, int kern)
878{
879 struct sock *sk;
880
881 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
882 if (!sk)
883 return NULL;
884
885 sk->sk_destruct = iso_sock_destruct;
886 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
887
888 /* Set address type as public as default src address is BDADDR_ANY */
889 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
890
891 iso_pi(sk)->qos = default_qos;
892 iso_pi(sk)->sync_handle = -1;
893
894 bt_sock_link(&iso_sk_list, sk);
895 return sk;
896}
897
898static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
899 int kern)
900{
901 struct sock *sk;
902
903 BT_DBG("sock %p", sock);
904
905 sock->state = SS_UNCONNECTED;
906
907 if (sock->type != SOCK_SEQPACKET)
908 return -ESOCKTNOSUPPORT;
909
910 sock->ops = &iso_sock_ops;
911
912 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
913 if (!sk)
914 return -ENOMEM;
915
916 iso_sock_init(sk, NULL);
917 return 0;
918}
919
920static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
921 int addr_len)
922{
923 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
924 struct sock *sk = sock->sk;
925 int i;
926
927 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
928 sa->iso_bc->bc_num_bis);
929
930 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
931 return -EINVAL;
932
933 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
934
935 /* Check if the address type is of LE type */
936 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
937 return -EINVAL;
938
939 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
940
941 if (sa->iso_bc->bc_sid > 0x0f)
942 return -EINVAL;
943
944 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
945
946 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
947 return -EINVAL;
948
949 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
950
951 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
952 if (sa->iso_bc->bc_bis[i] < 0x01 ||
953 sa->iso_bc->bc_bis[i] > 0x1f)
954 return -EINVAL;
955
956 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
957 iso_pi(sk)->bc_num_bis);
958
959 return 0;
960}
961
962static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa,
963 int addr_len)
964{
965 int err = 0;
966
967 if (sk->sk_type != SOCK_SEQPACKET) {
968 err = -EINVAL;
969 goto done;
970 }
971
972 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) {
973 err = -EINVAL;
974 goto done;
975 }
976
977 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
978 err = -EINVAL;
979 goto done;
980 }
981
982 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
983
984 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
985 if (sa->iso_bc->bc_bis[i] < 0x01 ||
986 sa->iso_bc->bc_bis[i] > 0x1f) {
987 err = -EINVAL;
988 goto done;
989 }
990
991 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
992 iso_pi(sk)->bc_num_bis);
993
994done:
995 return err;
996}
997
998static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
999 int addr_len)
1000{
1001 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1002 struct sock *sk = sock->sk;
1003 int err = 0;
1004
1005 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
1006
1007 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
1008 addr->sa_family != AF_BLUETOOTH)
1009 return -EINVAL;
1010
1011 lock_sock(sk);
1012
1013 /* Allow the user to bind a PA sync socket to a number
1014 * of BISes to sync to.
1015 */
1016 if ((sk->sk_state == BT_CONNECT2 ||
1017 sk->sk_state == BT_CONNECTED) &&
1018 test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1019 err = iso_sock_bind_pa_sk(sk, sa, addr_len);
1020 goto done;
1021 }
1022
1023 if (sk->sk_state != BT_OPEN) {
1024 err = -EBADFD;
1025 goto done;
1026 }
1027
1028 if (sk->sk_type != SOCK_SEQPACKET) {
1029 err = -EINVAL;
1030 goto done;
1031 }
1032
1033 /* Check if the address type is of LE type */
1034 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
1035 err = -EINVAL;
1036 goto done;
1037 }
1038
1039 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
1040 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
1041
1042 /* Check for Broadcast address */
1043 if (addr_len > sizeof(*sa)) {
1044 err = iso_sock_bind_bc(sock, addr, addr_len);
1045 if (err)
1046 goto done;
1047 }
1048
1049 sk->sk_state = BT_BOUND;
1050
1051done:
1052 release_sock(sk);
1053 return err;
1054}
1055
1056static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
1057 int alen, int flags)
1058{
1059 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1060 struct sock *sk = sock->sk;
1061 int err;
1062
1063 BT_DBG("sk %p", sk);
1064
1065 if (alen < sizeof(struct sockaddr_iso) ||
1066 addr->sa_family != AF_BLUETOOTH)
1067 return -EINVAL;
1068
1069 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1070 return -EBADFD;
1071
1072 if (sk->sk_type != SOCK_SEQPACKET)
1073 return -EINVAL;
1074
1075 /* Check if the address type is of LE type */
1076 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1077 return -EINVAL;
1078
1079 lock_sock(sk);
1080
1081 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1082 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1083
1084 release_sock(sk);
1085
1086 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1087 err = iso_connect_cis(sk);
1088 else
1089 err = iso_connect_bis(sk);
1090
1091 if (err)
1092 return err;
1093
1094 lock_sock(sk);
1095
1096 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1097 err = bt_sock_wait_state(sk, BT_CONNECTED,
1098 sock_sndtimeo(sk, flags & O_NONBLOCK));
1099 }
1100
1101 release_sock(sk);
1102 return err;
1103}
1104
1105static int iso_listen_bis(struct sock *sk)
1106{
1107 struct hci_dev *hdev;
1108 int err = 0;
1109 struct iso_conn *conn;
1110 struct hci_conn *hcon;
1111
1112 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1113 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1114
1115 write_lock(&iso_sk_list.lock);
1116
1117 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1118 iso_pi(sk)->bc_sid))
1119 err = -EADDRINUSE;
1120
1121 write_unlock(&iso_sk_list.lock);
1122
1123 if (err)
1124 return err;
1125
1126 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1127 iso_pi(sk)->src_type);
1128 if (!hdev)
1129 return -EHOSTUNREACH;
1130
1131 hci_dev_lock(hdev);
1132 lock_sock(sk);
1133
1134 /* Fail if user set invalid QoS */
1135 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1136 iso_pi(sk)->qos = default_qos;
1137 err = -EINVAL;
1138 goto unlock;
1139 }
1140
1141 hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1142 le_addr_type(iso_pi(sk)->dst_type),
1143 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1144 if (IS_ERR(hcon)) {
1145 err = PTR_ERR(hcon);
1146 goto unlock;
1147 }
1148
1149 conn = iso_conn_add(hcon);
1150 if (!conn) {
1151 hci_conn_drop(hcon);
1152 err = -ENOMEM;
1153 goto unlock;
1154 }
1155
1156 err = iso_chan_add(conn, sk, NULL);
1157 if (err) {
1158 hci_conn_drop(hcon);
1159 goto unlock;
1160 }
1161
1162unlock:
1163 release_sock(sk);
1164 hci_dev_unlock(hdev);
1165 hci_dev_put(hdev);
1166 return err;
1167}
1168
1169static int iso_listen_cis(struct sock *sk)
1170{
1171 int err = 0;
1172
1173 BT_DBG("%pMR", &iso_pi(sk)->src);
1174
1175 write_lock(&iso_sk_list.lock);
1176
1177 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1178 err = -EADDRINUSE;
1179
1180 write_unlock(&iso_sk_list.lock);
1181
1182 return err;
1183}
1184
1185static int iso_sock_listen(struct socket *sock, int backlog)
1186{
1187 struct sock *sk = sock->sk;
1188 int err = 0;
1189
1190 BT_DBG("sk %p backlog %d", sk, backlog);
1191
1192 sock_hold(sk);
1193 lock_sock(sk);
1194
1195 if (sk->sk_state != BT_BOUND) {
1196 err = -EBADFD;
1197 goto done;
1198 }
1199
1200 if (sk->sk_type != SOCK_SEQPACKET) {
1201 err = -EINVAL;
1202 goto done;
1203 }
1204
1205 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1206 err = iso_listen_cis(sk);
1207 } else {
1208 /* Drop sock lock to avoid potential
1209 * deadlock with the hdev lock.
1210 */
1211 release_sock(sk);
1212 err = iso_listen_bis(sk);
1213 lock_sock(sk);
1214 }
1215
1216 if (err)
1217 goto done;
1218
1219 sk->sk_max_ack_backlog = backlog;
1220 sk->sk_ack_backlog = 0;
1221
1222 sk->sk_state = BT_LISTEN;
1223
1224done:
1225 release_sock(sk);
1226 sock_put(sk);
1227 return err;
1228}
1229
1230static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1231 struct proto_accept_arg *arg)
1232{
1233 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1234 struct sock *sk = sock->sk, *ch;
1235 long timeo;
1236 int err = 0;
1237
1238 /* Use explicit nested locking to avoid lockdep warnings generated
1239 * because the parent socket and the child socket are locked on the
1240 * same thread.
1241 */
1242 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1243
1244 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
1245
1246 BT_DBG("sk %p timeo %ld", sk, timeo);
1247
1248 /* Wait for an incoming connection. (wake-one). */
1249 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1250 while (1) {
1251 if (sk->sk_state != BT_LISTEN) {
1252 err = -EBADFD;
1253 break;
1254 }
1255
1256 ch = bt_accept_dequeue(sk, newsock);
1257 if (ch)
1258 break;
1259
1260 if (!timeo) {
1261 err = -EAGAIN;
1262 break;
1263 }
1264
1265 if (signal_pending(current)) {
1266 err = sock_intr_errno(timeo);
1267 break;
1268 }
1269
1270 release_sock(sk);
1271
1272 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1273 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1274 }
1275 remove_wait_queue(sk_sleep(sk), &wait);
1276
1277 if (err)
1278 goto done;
1279
1280 newsock->state = SS_CONNECTED;
1281
1282 BT_DBG("new socket %p", ch);
1283
1284done:
1285 release_sock(sk);
1286 return err;
1287}
1288
1289static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1290 int peer)
1291{
1292 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1293 struct sock *sk = sock->sk;
1294
1295 BT_DBG("sock %p, sk %p", sock, sk);
1296
1297 addr->sa_family = AF_BLUETOOTH;
1298
1299 if (peer) {
1300 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1301 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1302 } else {
1303 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1304 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1305 }
1306
1307 return sizeof(struct sockaddr_iso);
1308}
1309
1310static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1311 size_t len)
1312{
1313 struct sock *sk = sock->sk;
1314 struct sk_buff *skb, **frag;
1315 size_t mtu;
1316 int err;
1317
1318 BT_DBG("sock %p, sk %p", sock, sk);
1319
1320 err = sock_error(sk);
1321 if (err)
1322 return err;
1323
1324 if (msg->msg_flags & MSG_OOB)
1325 return -EOPNOTSUPP;
1326
1327 lock_sock(sk);
1328
1329 if (sk->sk_state != BT_CONNECTED) {
1330 release_sock(sk);
1331 return -ENOTCONN;
1332 }
1333
1334 mtu = iso_pi(sk)->conn->hcon->mtu;
1335
1336 release_sock(sk);
1337
1338 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1339 if (IS_ERR(skb))
1340 return PTR_ERR(skb);
1341
1342 len -= skb->len;
1343
1344 BT_DBG("skb %p len %d", sk, skb->len);
1345
1346 /* Continuation fragments */
1347 frag = &skb_shinfo(skb)->frag_list;
1348 while (len) {
1349 struct sk_buff *tmp;
1350
1351 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1352 if (IS_ERR(tmp)) {
1353 kfree_skb(skb);
1354 return PTR_ERR(tmp);
1355 }
1356
1357 *frag = tmp;
1358
1359 len -= tmp->len;
1360
1361 skb->len += tmp->len;
1362 skb->data_len += tmp->len;
1363
1364 BT_DBG("frag %p len %d", *frag, tmp->len);
1365
1366 frag = &(*frag)->next;
1367 }
1368
1369 lock_sock(sk);
1370
1371 if (sk->sk_state == BT_CONNECTED)
1372 err = iso_send_frame(sk, skb);
1373 else
1374 err = -ENOTCONN;
1375
1376 release_sock(sk);
1377
1378 if (err < 0)
1379 kfree_skb(skb);
1380 return err;
1381}
1382
1383static void iso_conn_defer_accept(struct hci_conn *conn)
1384{
1385 struct hci_cp_le_accept_cis cp;
1386 struct hci_dev *hdev = conn->hdev;
1387
1388 BT_DBG("conn %p", conn);
1389
1390 conn->state = BT_CONFIG;
1391
1392 cp.handle = cpu_to_le16(conn->handle);
1393
1394 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1395}
1396
1397static void iso_conn_big_sync(struct sock *sk)
1398{
1399 int err;
1400 struct hci_dev *hdev;
1401
1402 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1403 iso_pi(sk)->src_type);
1404
1405 if (!hdev)
1406 return;
1407
1408 /* hci_le_big_create_sync requires hdev lock to be held, since
1409 * it enqueues the HCI LE BIG Create Sync command via
1410 * hci_cmd_sync_queue_once, which checks hdev flags that might
1411 * change.
1412 */
1413 hci_dev_lock(hdev);
1414 lock_sock(sk);
1415
1416 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1417 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1418 &iso_pi(sk)->qos,
1419 iso_pi(sk)->sync_handle,
1420 iso_pi(sk)->bc_num_bis,
1421 iso_pi(sk)->bc_bis);
1422 if (err)
1423 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1424 err);
1425 }
1426
1427 release_sock(sk);
1428 hci_dev_unlock(hdev);
1429}
1430
1431static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1432 size_t len, int flags)
1433{
1434 struct sock *sk = sock->sk;
1435 struct iso_pinfo *pi = iso_pi(sk);
1436 bool early_ret = false;
1437 int err = 0;
1438
1439 BT_DBG("sk %p", sk);
1440
1441 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1442 sock_hold(sk);
1443 lock_sock(sk);
1444
1445 switch (sk->sk_state) {
1446 case BT_CONNECT2:
1447 if (test_bit(BT_SK_PA_SYNC, &pi->flags)) {
1448 release_sock(sk);
1449 iso_conn_big_sync(sk);
1450 lock_sock(sk);
1451
1452 sk->sk_state = BT_LISTEN;
1453 } else {
1454 iso_conn_defer_accept(pi->conn->hcon);
1455 sk->sk_state = BT_CONFIG;
1456 }
1457
1458 early_ret = true;
1459 break;
1460 case BT_CONNECTED:
1461 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1462 release_sock(sk);
1463 iso_conn_big_sync(sk);
1464 lock_sock(sk);
1465
1466 sk->sk_state = BT_LISTEN;
1467 early_ret = true;
1468 }
1469
1470 break;
1471 case BT_CONNECT:
1472 release_sock(sk);
1473 err = iso_connect_cis(sk);
1474 lock_sock(sk);
1475
1476 early_ret = true;
1477 break;
1478 default:
1479 break;
1480 }
1481
1482 release_sock(sk);
1483 sock_put(sk);
1484
1485 if (early_ret)
1486 return err;
1487 }
1488
1489 return bt_sock_recvmsg(sock, msg, len, flags);
1490}
1491
1492static bool check_io_qos(struct bt_iso_io_qos *qos)
1493{
1494 /* If no PHY is enable SDU must be 0 */
1495 if (!qos->phy && qos->sdu)
1496 return false;
1497
1498 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1499 return false;
1500
1501 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1502 return false;
1503
1504 if (qos->phy > BT_ISO_PHY_ANY)
1505 return false;
1506
1507 return true;
1508}
1509
1510static bool check_ucast_qos(struct bt_iso_qos *qos)
1511{
1512 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1513 return false;
1514
1515 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1516 return false;
1517
1518 if (qos->ucast.sca > 0x07)
1519 return false;
1520
1521 if (qos->ucast.packing > 0x01)
1522 return false;
1523
1524 if (qos->ucast.framing > 0x01)
1525 return false;
1526
1527 if (!check_io_qos(&qos->ucast.in))
1528 return false;
1529
1530 if (!check_io_qos(&qos->ucast.out))
1531 return false;
1532
1533 return true;
1534}
1535
1536static bool check_bcast_qos(struct bt_iso_qos *qos)
1537{
1538 if (!qos->bcast.sync_factor)
1539 qos->bcast.sync_factor = 0x01;
1540
1541 if (qos->bcast.packing > 0x01)
1542 return false;
1543
1544 if (qos->bcast.framing > 0x01)
1545 return false;
1546
1547 if (!check_io_qos(&qos->bcast.in))
1548 return false;
1549
1550 if (!check_io_qos(&qos->bcast.out))
1551 return false;
1552
1553 if (qos->bcast.encryption > 0x01)
1554 return false;
1555
1556 if (qos->bcast.options > 0x07)
1557 return false;
1558
1559 if (qos->bcast.skip > 0x01f3)
1560 return false;
1561
1562 if (!qos->bcast.sync_timeout)
1563 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1564
1565 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1566 return false;
1567
1568 if (qos->bcast.sync_cte_type > 0x1f)
1569 return false;
1570
1571 if (qos->bcast.mse > 0x1f)
1572 return false;
1573
1574 if (!qos->bcast.timeout)
1575 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1576
1577 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1578 return false;
1579
1580 return true;
1581}
1582
1583static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1584 sockptr_t optval, unsigned int optlen)
1585{
1586 struct sock *sk = sock->sk;
1587 int err = 0;
1588 struct bt_iso_qos qos = default_qos;
1589 u32 opt;
1590
1591 BT_DBG("sk %p", sk);
1592
1593 lock_sock(sk);
1594
1595 switch (optname) {
1596 case BT_DEFER_SETUP:
1597 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1598 err = -EINVAL;
1599 break;
1600 }
1601
1602 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1603 if (err)
1604 break;
1605
1606 if (opt)
1607 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1608 else
1609 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1610 break;
1611
1612 case BT_PKT_STATUS:
1613 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1614 if (err)
1615 break;
1616
1617 if (opt)
1618 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1619 else
1620 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1621 break;
1622
1623 case BT_ISO_QOS:
1624 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1625 sk->sk_state != BT_CONNECT2 &&
1626 (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags) ||
1627 sk->sk_state != BT_CONNECTED)) {
1628 err = -EINVAL;
1629 break;
1630 }
1631
1632 err = copy_safe_from_sockptr(&qos, sizeof(qos), optval, optlen);
1633 if (err)
1634 break;
1635
1636 iso_pi(sk)->qos = qos;
1637 iso_pi(sk)->qos_user_set = true;
1638
1639 break;
1640
1641 case BT_ISO_BASE:
1642 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1643 sk->sk_state != BT_CONNECT2) {
1644 err = -EINVAL;
1645 break;
1646 }
1647
1648 if (optlen > sizeof(iso_pi(sk)->base)) {
1649 err = -EINVAL;
1650 break;
1651 }
1652
1653 err = copy_safe_from_sockptr(iso_pi(sk)->base, optlen, optval,
1654 optlen);
1655 if (err)
1656 break;
1657
1658 iso_pi(sk)->base_len = optlen;
1659
1660 break;
1661
1662 default:
1663 err = -ENOPROTOOPT;
1664 break;
1665 }
1666
1667 release_sock(sk);
1668 return err;
1669}
1670
1671static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1672 char __user *optval, int __user *optlen)
1673{
1674 struct sock *sk = sock->sk;
1675 int len, err = 0;
1676 struct bt_iso_qos *qos;
1677 u8 base_len;
1678 u8 *base;
1679
1680 BT_DBG("sk %p", sk);
1681
1682 if (get_user(len, optlen))
1683 return -EFAULT;
1684
1685 lock_sock(sk);
1686
1687 switch (optname) {
1688 case BT_DEFER_SETUP:
1689 if (sk->sk_state == BT_CONNECTED) {
1690 err = -EINVAL;
1691 break;
1692 }
1693
1694 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1695 (u32 __user *)optval))
1696 err = -EFAULT;
1697
1698 break;
1699
1700 case BT_PKT_STATUS:
1701 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1702 (int __user *)optval))
1703 err = -EFAULT;
1704 break;
1705
1706 case BT_ISO_QOS:
1707 qos = iso_sock_get_qos(sk);
1708
1709 len = min_t(unsigned int, len, sizeof(*qos));
1710 if (copy_to_user(optval, qos, len))
1711 err = -EFAULT;
1712
1713 break;
1714
1715 case BT_ISO_BASE:
1716 if (sk->sk_state == BT_CONNECTED &&
1717 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1718 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1719 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1720 } else {
1721 base_len = iso_pi(sk)->base_len;
1722 base = iso_pi(sk)->base;
1723 }
1724
1725 len = min_t(unsigned int, len, base_len);
1726 if (copy_to_user(optval, base, len))
1727 err = -EFAULT;
1728 if (put_user(len, optlen))
1729 err = -EFAULT;
1730
1731 break;
1732
1733 default:
1734 err = -ENOPROTOOPT;
1735 break;
1736 }
1737
1738 release_sock(sk);
1739 return err;
1740}
1741
1742static int iso_sock_shutdown(struct socket *sock, int how)
1743{
1744 struct sock *sk = sock->sk;
1745 int err = 0;
1746
1747 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1748
1749 if (!sk)
1750 return 0;
1751
1752 sock_hold(sk);
1753 lock_sock(sk);
1754
1755 switch (how) {
1756 case SHUT_RD:
1757 if (sk->sk_shutdown & RCV_SHUTDOWN)
1758 goto unlock;
1759 sk->sk_shutdown |= RCV_SHUTDOWN;
1760 break;
1761 case SHUT_WR:
1762 if (sk->sk_shutdown & SEND_SHUTDOWN)
1763 goto unlock;
1764 sk->sk_shutdown |= SEND_SHUTDOWN;
1765 break;
1766 case SHUT_RDWR:
1767 if (sk->sk_shutdown & SHUTDOWN_MASK)
1768 goto unlock;
1769 sk->sk_shutdown |= SHUTDOWN_MASK;
1770 break;
1771 }
1772
1773 iso_sock_clear_timer(sk);
1774 __iso_sock_close(sk);
1775
1776 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1777 !(current->flags & PF_EXITING))
1778 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1779
1780unlock:
1781 release_sock(sk);
1782 sock_put(sk);
1783
1784 return err;
1785}
1786
1787static int iso_sock_release(struct socket *sock)
1788{
1789 struct sock *sk = sock->sk;
1790 int err = 0;
1791
1792 BT_DBG("sock %p, sk %p", sock, sk);
1793
1794 if (!sk)
1795 return 0;
1796
1797 iso_sock_close(sk);
1798
1799 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1800 !(current->flags & PF_EXITING)) {
1801 lock_sock(sk);
1802 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1803 release_sock(sk);
1804 }
1805
1806 sock_orphan(sk);
1807 iso_sock_kill(sk);
1808 return err;
1809}
1810
1811static void iso_sock_ready(struct sock *sk)
1812{
1813 BT_DBG("sk %p", sk);
1814
1815 if (!sk)
1816 return;
1817
1818 lock_sock(sk);
1819 iso_sock_clear_timer(sk);
1820 sk->sk_state = BT_CONNECTED;
1821 sk->sk_state_change(sk);
1822 release_sock(sk);
1823}
1824
1825static bool iso_match_big(struct sock *sk, void *data)
1826{
1827 struct hci_evt_le_big_sync_estabilished *ev = data;
1828
1829 return ev->handle == iso_pi(sk)->qos.bcast.big;
1830}
1831
1832static bool iso_match_big_hcon(struct sock *sk, void *data)
1833{
1834 struct hci_conn *hcon = data;
1835
1836 return hcon->iso_qos.bcast.big == iso_pi(sk)->qos.bcast.big;
1837}
1838
1839static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1840{
1841 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1842}
1843
1844static void iso_conn_ready(struct iso_conn *conn)
1845{
1846 struct sock *parent = NULL;
1847 struct sock *sk = conn->sk;
1848 struct hci_ev_le_big_sync_estabilished *ev = NULL;
1849 struct hci_ev_le_pa_sync_established *ev2 = NULL;
1850 struct hci_ev_le_per_adv_report *ev3 = NULL;
1851 struct hci_conn *hcon;
1852
1853 BT_DBG("conn %p", conn);
1854
1855 if (sk) {
1856 iso_sock_ready(conn->sk);
1857 } else {
1858 hcon = conn->hcon;
1859 if (!hcon)
1860 return;
1861
1862 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags)) {
1863 /* A BIS slave hcon is notified to the ISO layer
1864 * after the Command Complete for the LE Setup
1865 * ISO Data Path command is received. Get the
1866 * parent socket that matches the hcon BIG handle.
1867 */
1868 parent = iso_get_sock(&hcon->src, &hcon->dst,
1869 BT_LISTEN, iso_match_big_hcon,
1870 hcon);
1871 } else if (test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1872 ev = hci_recv_event_data(hcon->hdev,
1873 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1874
1875 /* Get reference to PA sync parent socket, if it exists */
1876 parent = iso_get_sock(&hcon->src, &hcon->dst,
1877 BT_LISTEN,
1878 iso_match_pa_sync_flag,
1879 NULL);
1880 if (!parent && ev)
1881 parent = iso_get_sock(&hcon->src,
1882 &hcon->dst,
1883 BT_LISTEN,
1884 iso_match_big, ev);
1885 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1886 ev2 = hci_recv_event_data(hcon->hdev,
1887 HCI_EV_LE_PA_SYNC_ESTABLISHED);
1888 if (ev2)
1889 parent = iso_get_sock(&hcon->src,
1890 &hcon->dst,
1891 BT_LISTEN,
1892 iso_match_sid, ev2);
1893 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1894 ev3 = hci_recv_event_data(hcon->hdev,
1895 HCI_EV_LE_PER_ADV_REPORT);
1896 if (ev3)
1897 parent = iso_get_sock(&hcon->src,
1898 &hcon->dst,
1899 BT_LISTEN,
1900 iso_match_sync_handle_pa_report,
1901 ev3);
1902 }
1903
1904 if (!parent)
1905 parent = iso_get_sock(&hcon->src, BDADDR_ANY,
1906 BT_LISTEN, NULL, NULL);
1907
1908 if (!parent)
1909 return;
1910
1911 lock_sock(parent);
1912
1913 sk = iso_sock_alloc(sock_net(parent), NULL,
1914 BTPROTO_ISO, GFP_ATOMIC, 0);
1915 if (!sk) {
1916 release_sock(parent);
1917 return;
1918 }
1919
1920 iso_sock_init(sk, parent);
1921
1922 bacpy(&iso_pi(sk)->src, &hcon->src);
1923
1924 /* Convert from HCI to three-value type */
1925 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1926 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1927 else
1928 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1929
1930 /* If hcon has no destination address (BDADDR_ANY) it means it
1931 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1932 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1933 * the parent socket destination address.
1934 */
1935 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1936 bacpy(&hcon->dst, &iso_pi(parent)->dst);
1937 hcon->dst_type = iso_pi(parent)->dst_type;
1938 }
1939
1940 if (ev3) {
1941 iso_pi(sk)->qos = iso_pi(parent)->qos;
1942 hcon->iso_qos = iso_pi(sk)->qos;
1943 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1944 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1945 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1946 }
1947
1948 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1949 iso_pi(sk)->dst_type = hcon->dst_type;
1950 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1951 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1952 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1953
1954 hci_conn_hold(hcon);
1955 iso_chan_add(conn, sk, parent);
1956
1957 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1958 (ev2 && ev2->status)) {
1959 /* Trigger error signal on child socket */
1960 sk->sk_err = ECONNREFUSED;
1961 sk->sk_error_report(sk);
1962 }
1963
1964 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1965 sk->sk_state = BT_CONNECT2;
1966 else
1967 sk->sk_state = BT_CONNECTED;
1968
1969 /* Wake up parent */
1970 parent->sk_data_ready(parent);
1971
1972 release_sock(parent);
1973 sock_put(parent);
1974 }
1975}
1976
1977static bool iso_match_sid(struct sock *sk, void *data)
1978{
1979 struct hci_ev_le_pa_sync_established *ev = data;
1980
1981 return ev->sid == iso_pi(sk)->bc_sid;
1982}
1983
1984static bool iso_match_sync_handle(struct sock *sk, void *data)
1985{
1986 struct hci_evt_le_big_info_adv_report *ev = data;
1987
1988 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1989}
1990
1991static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1992{
1993 struct hci_ev_le_per_adv_report *ev = data;
1994
1995 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1996}
1997
1998/* ----- ISO interface with lower layer (HCI) ----- */
1999
2000int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
2001{
2002 struct hci_ev_le_pa_sync_established *ev1;
2003 struct hci_evt_le_big_info_adv_report *ev2;
2004 struct hci_ev_le_per_adv_report *ev3;
2005 struct sock *sk;
2006
2007 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
2008
2009 /* Broadcast receiver requires handling of some events before it can
2010 * proceed to establishing a BIG sync:
2011 *
2012 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
2013 * SID to listen to and once sync is estabilished its handle needs to
2014 * be stored in iso_pi(sk)->sync_handle so it can be matched once
2015 * receiving the BIG Info.
2016 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
2017 * a BIG Info it attempts to check if there any listening socket with
2018 * the same sync_handle and if it does then attempt to create a sync.
2019 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
2020 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
2021 * broadcast sink.
2022 */
2023 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
2024 if (ev1) {
2025 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN,
2026 iso_match_sid, ev1);
2027 if (sk && !ev1->status)
2028 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
2029
2030 goto done;
2031 }
2032
2033 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
2034 if (ev2) {
2035 /* Check if BIGInfo report has already been handled */
2036 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECTED,
2037 iso_match_sync_handle, ev2);
2038 if (sk) {
2039 sock_put(sk);
2040 sk = NULL;
2041 goto done;
2042 }
2043
2044 /* Try to get PA sync socket, if it exists */
2045 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECT2,
2046 iso_match_sync_handle, ev2);
2047 if (!sk)
2048 sk = iso_get_sock(&hdev->bdaddr, bdaddr,
2049 BT_LISTEN,
2050 iso_match_sync_handle,
2051 ev2);
2052
2053 if (sk) {
2054 int err;
2055 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
2056
2057 iso_pi(sk)->qos.bcast.encryption = ev2->encryption;
2058
2059 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
2060 iso_pi(sk)->bc_num_bis = ev2->num_bis;
2061
2062 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
2063 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
2064 err = hci_le_big_create_sync(hdev,
2065 hcon,
2066 &iso_pi(sk)->qos,
2067 iso_pi(sk)->sync_handle,
2068 iso_pi(sk)->bc_num_bis,
2069 iso_pi(sk)->bc_bis);
2070 if (err) {
2071 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
2072 err);
2073 sock_put(sk);
2074 sk = NULL;
2075 }
2076 }
2077 }
2078
2079 goto done;
2080 }
2081
2082 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
2083 if (ev3) {
2084 size_t base_len = 0;
2085 u8 *base;
2086 struct hci_conn *hcon;
2087
2088 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN,
2089 iso_match_sync_handle_pa_report, ev3);
2090 if (!sk)
2091 goto done;
2092
2093 hcon = iso_pi(sk)->conn->hcon;
2094 if (!hcon)
2095 goto done;
2096
2097 if (ev3->data_status == LE_PA_DATA_TRUNCATED) {
2098 /* The controller was unable to retrieve PA data. */
2099 memset(hcon->le_per_adv_data, 0,
2100 HCI_MAX_PER_AD_TOT_LEN);
2101 hcon->le_per_adv_data_len = 0;
2102 hcon->le_per_adv_data_offset = 0;
2103 goto done;
2104 }
2105
2106 if (hcon->le_per_adv_data_offset + ev3->length >
2107 HCI_MAX_PER_AD_TOT_LEN)
2108 goto done;
2109
2110 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset,
2111 ev3->data, ev3->length);
2112 hcon->le_per_adv_data_offset += ev3->length;
2113
2114 if (ev3->data_status == LE_PA_DATA_COMPLETE) {
2115 /* All PA data has been received. */
2116 hcon->le_per_adv_data_len =
2117 hcon->le_per_adv_data_offset;
2118 hcon->le_per_adv_data_offset = 0;
2119
2120 /* Extract BASE */
2121 base = eir_get_service_data(hcon->le_per_adv_data,
2122 hcon->le_per_adv_data_len,
2123 EIR_BAA_SERVICE_UUID,
2124 &base_len);
2125
2126 if (!base || base_len > BASE_MAX_LENGTH)
2127 goto done;
2128
2129 memcpy(iso_pi(sk)->base, base, base_len);
2130 iso_pi(sk)->base_len = base_len;
2131 } else {
2132 /* This is a PA data fragment. Keep pa_data_len set to 0
2133 * until all data has been reassembled.
2134 */
2135 hcon->le_per_adv_data_len = 0;
2136 }
2137 } else {
2138 sk = iso_get_sock(&hdev->bdaddr, BDADDR_ANY,
2139 BT_LISTEN, NULL, NULL);
2140 }
2141
2142done:
2143 if (!sk)
2144 return 0;
2145
2146 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
2147 *flags |= HCI_PROTO_DEFER;
2148
2149 sock_put(sk);
2150
2151 return HCI_LM_ACCEPT;
2152}
2153
2154static bool iso_match(struct hci_conn *hcon)
2155{
2156 return hcon->type == ISO_LINK || hcon->type == LE_LINK;
2157}
2158
2159static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
2160{
2161 if (hcon->type != ISO_LINK) {
2162 if (hcon->type != LE_LINK)
2163 return;
2164
2165 /* Check if LE link has failed */
2166 if (status) {
2167 struct hci_link *link, *t;
2168
2169 list_for_each_entry_safe(link, t, &hcon->link_list,
2170 list)
2171 iso_conn_del(link->conn, bt_to_errno(status));
2172
2173 return;
2174 }
2175
2176 /* Create CIS if pending */
2177 hci_le_create_cis_pending(hcon->hdev);
2178 return;
2179 }
2180
2181 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2182
2183 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2184 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2185 * into the accept queue of the listening socket and wake up
2186 * userspace, to inform the user about the event.
2187 */
2188 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2189 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2190 struct iso_conn *conn;
2191
2192 conn = iso_conn_add(hcon);
2193 if (conn)
2194 iso_conn_ready(conn);
2195 } else {
2196 iso_conn_del(hcon, bt_to_errno(status));
2197 }
2198}
2199
2200static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2201{
2202 if (hcon->type != ISO_LINK)
2203 return;
2204
2205 BT_DBG("hcon %p reason %d", hcon, reason);
2206
2207 iso_conn_del(hcon, bt_to_errno(reason));
2208}
2209
2210void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2211{
2212 struct iso_conn *conn = hcon->iso_data;
2213 __u16 pb, ts, len;
2214
2215 if (!conn)
2216 goto drop;
2217
2218 pb = hci_iso_flags_pb(flags);
2219 ts = hci_iso_flags_ts(flags);
2220
2221 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2222
2223 switch (pb) {
2224 case ISO_START:
2225 case ISO_SINGLE:
2226 if (conn->rx_len) {
2227 BT_ERR("Unexpected start frame (len %d)", skb->len);
2228 kfree_skb(conn->rx_skb);
2229 conn->rx_skb = NULL;
2230 conn->rx_len = 0;
2231 }
2232
2233 if (ts) {
2234 struct hci_iso_ts_data_hdr *hdr;
2235
2236 /* TODO: add timestamp to the packet? */
2237 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2238 if (!hdr) {
2239 BT_ERR("Frame is too short (len %d)", skb->len);
2240 goto drop;
2241 }
2242
2243 len = __le16_to_cpu(hdr->slen);
2244 } else {
2245 struct hci_iso_data_hdr *hdr;
2246
2247 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2248 if (!hdr) {
2249 BT_ERR("Frame is too short (len %d)", skb->len);
2250 goto drop;
2251 }
2252
2253 len = __le16_to_cpu(hdr->slen);
2254 }
2255
2256 flags = hci_iso_data_flags(len);
2257 len = hci_iso_data_len(len);
2258
2259 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2260 skb->len, flags);
2261
2262 if (len == skb->len) {
2263 /* Complete frame received */
2264 hci_skb_pkt_status(skb) = flags & 0x03;
2265 iso_recv_frame(conn, skb);
2266 return;
2267 }
2268
2269 if (pb == ISO_SINGLE) {
2270 BT_ERR("Frame malformed (len %d, expected len %d)",
2271 skb->len, len);
2272 goto drop;
2273 }
2274
2275 if (skb->len > len) {
2276 BT_ERR("Frame is too long (len %d, expected len %d)",
2277 skb->len, len);
2278 goto drop;
2279 }
2280
2281 /* Allocate skb for the complete frame (with header) */
2282 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2283 if (!conn->rx_skb)
2284 goto drop;
2285
2286 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2287 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2288 skb->len);
2289 conn->rx_len = len - skb->len;
2290 break;
2291
2292 case ISO_CONT:
2293 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2294 conn->rx_len);
2295
2296 if (!conn->rx_len) {
2297 BT_ERR("Unexpected continuation frame (len %d)",
2298 skb->len);
2299 goto drop;
2300 }
2301
2302 if (skb->len > conn->rx_len) {
2303 BT_ERR("Fragment is too long (len %d, expected %d)",
2304 skb->len, conn->rx_len);
2305 kfree_skb(conn->rx_skb);
2306 conn->rx_skb = NULL;
2307 conn->rx_len = 0;
2308 goto drop;
2309 }
2310
2311 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2312 skb->len);
2313 conn->rx_len -= skb->len;
2314 return;
2315
2316 case ISO_END:
2317 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2318 skb->len);
2319 conn->rx_len -= skb->len;
2320
2321 if (!conn->rx_len) {
2322 struct sk_buff *rx_skb = conn->rx_skb;
2323
2324 /* Complete frame received. iso_recv_frame
2325 * takes ownership of the skb so set the global
2326 * rx_skb pointer to NULL first.
2327 */
2328 conn->rx_skb = NULL;
2329 iso_recv_frame(conn, rx_skb);
2330 }
2331 break;
2332 }
2333
2334drop:
2335 kfree_skb(skb);
2336}
2337
2338static struct hci_cb iso_cb = {
2339 .name = "ISO",
2340 .match = iso_match,
2341 .connect_cfm = iso_connect_cfm,
2342 .disconn_cfm = iso_disconn_cfm,
2343};
2344
2345static int iso_debugfs_show(struct seq_file *f, void *p)
2346{
2347 struct sock *sk;
2348
2349 read_lock(&iso_sk_list.lock);
2350
2351 sk_for_each(sk, &iso_sk_list.head) {
2352 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2353 &iso_pi(sk)->dst, sk->sk_state);
2354 }
2355
2356 read_unlock(&iso_sk_list.lock);
2357
2358 return 0;
2359}
2360
2361DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2362
2363static struct dentry *iso_debugfs;
2364
2365static const struct proto_ops iso_sock_ops = {
2366 .family = PF_BLUETOOTH,
2367 .owner = THIS_MODULE,
2368 .release = iso_sock_release,
2369 .bind = iso_sock_bind,
2370 .connect = iso_sock_connect,
2371 .listen = iso_sock_listen,
2372 .accept = iso_sock_accept,
2373 .getname = iso_sock_getname,
2374 .sendmsg = iso_sock_sendmsg,
2375 .recvmsg = iso_sock_recvmsg,
2376 .poll = bt_sock_poll,
2377 .ioctl = bt_sock_ioctl,
2378 .mmap = sock_no_mmap,
2379 .socketpair = sock_no_socketpair,
2380 .shutdown = iso_sock_shutdown,
2381 .setsockopt = iso_sock_setsockopt,
2382 .getsockopt = iso_sock_getsockopt
2383};
2384
2385static const struct net_proto_family iso_sock_family_ops = {
2386 .family = PF_BLUETOOTH,
2387 .owner = THIS_MODULE,
2388 .create = iso_sock_create,
2389};
2390
2391static bool iso_inited;
2392
2393bool iso_enabled(void)
2394{
2395 return iso_inited;
2396}
2397
2398int iso_init(void)
2399{
2400 int err;
2401
2402 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2403
2404 if (iso_inited)
2405 return -EALREADY;
2406
2407 err = proto_register(&iso_proto, 0);
2408 if (err < 0)
2409 return err;
2410
2411 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2412 if (err < 0) {
2413 BT_ERR("ISO socket registration failed");
2414 goto error;
2415 }
2416
2417 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2418 if (err < 0) {
2419 BT_ERR("Failed to create ISO proc file");
2420 bt_sock_unregister(BTPROTO_ISO);
2421 goto error;
2422 }
2423
2424 BT_INFO("ISO socket layer initialized");
2425
2426 hci_register_cb(&iso_cb);
2427
2428 if (!IS_ERR_OR_NULL(bt_debugfs))
2429 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2430 NULL, &iso_debugfs_fops);
2431
2432 iso_inited = true;
2433
2434 return 0;
2435
2436error:
2437 proto_unregister(&iso_proto);
2438 return err;
2439}
2440
2441int iso_exit(void)
2442{
2443 if (!iso_inited)
2444 return -EALREADY;
2445
2446 bt_procfs_cleanup(&init_net, "iso");
2447
2448 debugfs_remove(iso_debugfs);
2449 iso_debugfs = NULL;
2450
2451 hci_unregister_cb(&iso_cb);
2452
2453 bt_sock_unregister(BTPROTO_ISO);
2454
2455 proto_unregister(&iso_proto);
2456
2457 iso_inited = false;
2458
2459 return 0;
2460}