1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth SCO sockets. */ 26 27#include <linux/module.h> 28#include <linux/debugfs.h> 29#include <linux/seq_file.h> 30#include <linux/sched/signal.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/sco.h> 35 36static bool disable_esco; 37 38static const struct proto_ops sco_sock_ops; 39 40static struct bt_sock_list sco_sk_list = {.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)}; 41 42/* ---- SCO connections ---- */ 43struct sco_conn { 44 struct hci_conn *hcon; 45 46 spinlock_t lock; 47 struct sock *sk; 48 49 struct delayed_work timeout_work; 50 51 unsigned int mtu; 52}; 53 54#define sco_conn_lock(c) spin_lock(&(c)->lock) 55#define sco_conn_unlock(c) spin_unlock(&(c)->lock) 56 57static void sco_sock_close(struct sock *sk); 58static void sco_sock_kill(struct sock *sk); 59 60/* ----- SCO socket info ----- */ 61#define sco_pi(sk) ((struct sco_pinfo *)(sk)) 62 63struct sco_pinfo { 64 struct bt_sock bt; 65 bdaddr_t src; 66 bdaddr_t dst; 67 __u32 flags; 68 __u16 setting; 69 __u8 cmsg_mask; 70 struct sco_conn *conn; 71}; 72 73/* ---- SCO timers ---- */ 74#define SCO_CONN_TIMEOUT (HZ * 40) 75#define SCO_DISCONN_TIMEOUT (HZ * 2) 76 77static void sco_sock_timeout(struct work_struct *work) 78{ 79 struct sco_conn *conn = container_of(work, struct sco_conn, timeout_work.work); 80 struct sock *sk; 81 82 sco_conn_lock(conn); 83 sk = conn->sk; 84 if (sk) { 85 sock_hold(sk); 86 } 87 sco_conn_unlock(conn); 88 89 if (!sk) { 90 return; 91 } 92 93 BT_DBG("sock %p state %d", sk, sk->sk_state); 94 95 bh_lock_sock(sk); 96 sk->sk_err = ETIMEDOUT; 97 sk->sk_state_change(sk); 98 bh_unlock_sock(sk); 99 100 sock_put(sk); 101} 102 103static void sco_sock_set_timer(struct sock *sk, long timeout) 104{ 105 if (!sco_pi(sk)->conn) { 106 return; 107 } 108 109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 112} 113 114static void sco_sock_clear_timer(struct sock *sk) 115{ 116 if (!sco_pi(sk)->conn) { 117 return; 118 } 119 120 BT_DBG("sock %p state %d", sk, sk->sk_state); 121 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 122} 123 124/* ---- SCO connections ---- */ 125static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 126{ 127 struct hci_dev *hdev = hcon->hdev; 128 struct sco_conn *conn = hcon->sco_data; 129 130 if (conn) { 131 return conn; 132 } 133 134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 135 if (!conn) { 136 return NULL; 137 } 138 139 spin_lock_init(&conn->lock); 140 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 141 142 hcon->sco_data = conn; 143 conn->hcon = hcon; 144 145 if (hdev->sco_mtu > 0) { 146 conn->mtu = hdev->sco_mtu; 147 } else { 148 conn->mtu = 0x3c; 149 } 150 151 BT_DBG("hcon %p conn %p", hcon, conn); 152 153 return conn; 154} 155 156/* Delete channel. 157 * Must be called on the locked socket. */ 158static void sco_chan_del(struct sock *sk, int err) 159{ 160 struct sco_conn *conn; 161 162 conn = sco_pi(sk)->conn; 163 164 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 165 166 if (conn) { 167 sco_conn_lock(conn); 168 conn->sk = NULL; 169 sco_pi(sk)->conn = NULL; 170 sco_conn_unlock(conn); 171 172 if (conn->hcon) { 173 hci_conn_drop(conn->hcon); 174 } 175 } 176 177 sk->sk_state = BT_CLOSED; 178 sk->sk_err = err; 179 sk->sk_state_change(sk); 180 181 sock_set_flag(sk, SOCK_ZAPPED); 182} 183 184static void sco_conn_del(struct hci_conn *hcon, int err) 185{ 186 struct sco_conn *conn = hcon->sco_data; 187 struct sock *sk; 188 189 if (!conn) { 190 return; 191 } 192 193 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 194 195 /* Kill socket */ 196 sco_conn_lock(conn); 197 sk = conn->sk; 198 sco_conn_unlock(conn); 199 200 if (sk) { 201 sock_hold(sk); 202 bh_lock_sock(sk); 203 sco_sock_clear_timer(sk); 204 sco_chan_del(sk, err); 205 bh_unlock_sock(sk); 206 sock_put(sk); 207 208 /* Ensure no more work items will run before freeing conn. */ 209 cancel_delayed_work_sync(&conn->timeout_work); 210 } 211 212 hcon->sco_data = NULL; 213 kfree(conn); 214} 215 216static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 217{ 218 BT_DBG("conn %p", conn); 219 220 sco_pi(sk)->conn = conn; 221 conn->sk = sk; 222 223 if (parent) { 224 bt_accept_enqueue(parent, sk, true); 225 } 226} 227 228static int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 229{ 230 int err = 0; 231 232 sco_conn_lock(conn); 233 if (conn->sk) { 234 err = -EBUSY; 235 } else { 236 __sco_chan_add(conn, sk, parent); 237 } 238 239 sco_conn_unlock(conn); 240 return err; 241} 242 243static int sco_connect(struct hci_dev *hdev, struct sock *sk) 244{ 245 struct sco_conn *conn; 246 struct hci_conn *hcon; 247 int err, type; 248 249 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 250 251 if (lmp_esco_capable(hdev) && !disable_esco) { 252 type = ESCO_LINK; 253 } else { 254 type = SCO_LINK; 255 } 256 257 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 258 return -EOPNOTSUPP; 259 } 260 261 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, sco_pi(sk)->setting); 262 if (IS_ERR(hcon)) { 263 return PTR_ERR(hcon); 264 } 265 266 conn = sco_conn_add(hcon); 267 if (!conn) { 268 hci_conn_drop(hcon); 269 return -ENOMEM; 270 } 271 272 /* Update source addr of the socket */ 273 bacpy(&sco_pi(sk)->src, &hcon->src); 274 275 err = sco_chan_add(conn, sk, NULL); 276 if (err) { 277 return err; 278 } 279 280 if (hcon->state == BT_CONNECTED) { 281 sco_sock_clear_timer(sk); 282 sk->sk_state = BT_CONNECTED; 283 } else { 284 sk->sk_state = BT_CONNECT; 285 sco_sock_set_timer(sk, sk->sk_sndtimeo); 286 } 287 288 return err; 289} 290 291static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 292{ 293 struct sco_conn *conn = sco_pi(sk)->conn; 294 int len = skb->len; 295 296 /* Check outgoing MTU */ 297 if (len > conn->mtu) { 298 return -EINVAL; 299 } 300 301 BT_DBG("sk %p len %d", sk, len); 302 303 hci_send_sco(conn->hcon, skb); 304 305 return len; 306} 307 308static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 309{ 310 struct sock *sk; 311 312 sco_conn_lock(conn); 313 sk = conn->sk; 314 sco_conn_unlock(conn); 315 316 if (!sk) { 317 goto drop; 318 } 319 320 BT_DBG("sk %p len %d", sk, skb->len); 321 322 if (sk->sk_state != BT_CONNECTED) { 323 goto drop; 324 } 325 326 if (!sock_queue_rcv_skb(sk, skb)) { 327 return; 328 } 329 330drop: 331 kfree_skb(skb); 332} 333 334/* -------- Socket interface ---------- */ 335static struct sock *_sco_get_sock_listen_by_addr(bdaddr_t *ba) 336{ 337 struct sock *sk; 338 339 sk_for_each(sk, &sco_sk_list.head) 340 { 341 if (sk->sk_state != BT_LISTEN) { 342 continue; 343 } 344 345 if (!bacmp(&sco_pi(sk)->src, ba)) { 346 return sk; 347 } 348 } 349 350 return NULL; 351} 352 353/* Find socket listening on source bdaddr. 354 * Returns closest match. 355 */ 356static struct sock *sco_get_sock_listen(bdaddr_t *src) 357{ 358 struct sock *sk = NULL, *sk1 = NULL; 359 360 read_lock(&sco_sk_list.lock); 361 362 sk_for_each(sk, &sco_sk_list.head) 363 { 364 if (sk->sk_state != BT_LISTEN) { 365 continue; 366 } 367 368 /* Exact match. */ 369 if (!bacmp(&sco_pi(sk)->src, src)) { 370 break; 371 } 372 373 /* Closest match */ 374 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 375 sk1 = sk; 376 } 377 } 378 379 read_unlock(&sco_sk_list.lock); 380 381 return sk ? sk : sk1; 382} 383 384static void sco_sock_destruct(struct sock *sk) 385{ 386 BT_DBG("sk %p", sk); 387 388 skb_queue_purge(&sk->sk_receive_queue); 389 skb_queue_purge(&sk->sk_write_queue); 390} 391 392static void sco_sock_cleanup_listen(struct sock *parent) 393{ 394 struct sock *sk; 395 396 BT_DBG("parent %p", parent); 397 398 /* Close not yet accepted channels */ 399 while ((sk = bt_accept_dequeue(parent, NULL))) { 400 sco_sock_close(sk); 401 sco_sock_kill(sk); 402 } 403 404 parent->sk_state = BT_CLOSED; 405 sock_set_flag(parent, SOCK_ZAPPED); 406} 407 408/* Kill socket (only if zapped and orphan) 409 * Must be called on unlocked socket. 410 */ 411static void sco_sock_kill(struct sock *sk) 412{ 413 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) { 414 return; 415 } 416 417 BT_DBG("sk %p state %d", sk, sk->sk_state); 418 419 /* Kill poor orphan */ 420 bt_sock_unlink(&sco_sk_list, sk); 421 sock_set_flag(sk, SOCK_DEAD); 422 sock_put(sk); 423} 424 425static void _sco_sock_close(struct sock *sk) 426{ 427 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 428 429 switch (sk->sk_state) { 430 case BT_LISTEN: 431 sco_sock_cleanup_listen(sk); 432 break; 433 434 case BT_CONNECTED: 435 case BT_CONFIG: 436 if (sco_pi(sk)->conn->hcon) { 437 sk->sk_state = BT_DISCONN; 438 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 439 sco_conn_lock(sco_pi(sk)->conn); 440 hci_conn_drop(sco_pi(sk)->conn->hcon); 441 sco_pi(sk)->conn->hcon = NULL; 442 sco_conn_unlock(sco_pi(sk)->conn); 443 } else { 444 sco_chan_del(sk, ECONNRESET); 445 } 446 break; 447 448 case BT_CONNECT2: 449 case BT_CONNECT: 450 case BT_DISCONN: 451 sco_chan_del(sk, ECONNRESET); 452 break; 453 454 default: 455 sock_set_flag(sk, SOCK_ZAPPED); 456 break; 457 } 458} 459 460/* Must be called on unlocked socket. */ 461static void sco_sock_close(struct sock *sk) 462{ 463 sco_sock_clear_timer(sk); 464 lock_sock(sk); 465 _sco_sock_close(sk); 466 release_sock(sk); 467} 468 469static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, struct sock *sk) 470{ 471 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) { 472 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, sizeof(bt_cb(skb)->sco.pkt_status), 473 &bt_cb(skb)->sco.pkt_status); 474 } 475} 476 477static void sco_sock_init(struct sock *sk, struct sock *parent) 478{ 479 BT_DBG("sk %p", sk); 480 481 if (parent) { 482 sk->sk_type = parent->sk_type; 483 bt_sk(sk)->flags = bt_sk(parent)->flags; 484 security_sk_clone(parent, sk); 485 } else { 486 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 487 } 488} 489 490static struct proto sco_proto = {.name = "SCO", .owner = THIS_MODULE, .obj_size = sizeof(struct sco_pinfo)}; 491 492static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 493{ 494 struct sock *sk; 495 496 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 497 if (!sk) { 498 return NULL; 499 } 500 501 sock_init_data(sock, sk); 502 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 503 504 sk->sk_destruct = sco_sock_destruct; 505 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 506 507 sock_reset_flag(sk, SOCK_ZAPPED); 508 509 sk->sk_protocol = proto; 510 sk->sk_state = BT_OPEN; 511 512 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 513 514 bt_sock_link(&sco_sk_list, sk); 515 return sk; 516} 517 518static int sco_sock_create(struct net *net, struct socket *sock, int protocol, int kern) 519{ 520 struct sock *sk; 521 522 BT_DBG("sock %p", sock); 523 524 sock->state = SS_UNCONNECTED; 525 526 if (sock->type != SOCK_SEQPACKET) { 527 return -ESOCKTNOSUPPORT; 528 } 529 530 sock->ops = &sco_sock_ops; 531 532 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 533 if (!sk) { 534 return -ENOMEM; 535 } 536 537 sco_sock_init(sk, NULL); 538 return 0; 539} 540 541static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 542{ 543 struct sockaddr_sco *sa = (struct sockaddr_sco *)addr; 544 struct sock *sk = sock->sk; 545 int err = 0; 546 547 if (!addr || addr_len < sizeof(struct sockaddr_sco) || addr->sa_family != AF_BLUETOOTH) { 548 return -EINVAL; 549 } 550 551 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 552 553 lock_sock(sk); 554 555 if (sk->sk_state != BT_OPEN) { 556 err = -EBADFD; 557 goto done; 558 } 559 560 if (sk->sk_type != SOCK_SEQPACKET) { 561 err = -EINVAL; 562 goto done; 563 } 564 565 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 566 567 sk->sk_state = BT_BOUND; 568 569done: 570 release_sock(sk); 571 return err; 572} 573 574static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 575{ 576 struct sockaddr_sco *sa = (struct sockaddr_sco *)addr; 577 struct sock *sk = sock->sk; 578 struct hci_dev *hdev; 579 int err; 580 581 BT_DBG("sk %p", sk); 582 583 if (alen < sizeof(struct sockaddr_sco) || addr->sa_family != AF_BLUETOOTH) { 584 return -EINVAL; 585 } 586 lock_sock(sk); 587 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 588 err = -EBADFD; 589 goto done; 590 } 591 592 if (sk->sk_type != SOCK_SEQPACKET) { 593 err = -EINVAL; 594 goto done; 595 } 596 597 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR); 598 if (!hdev) { 599 err = -EHOSTUNREACH; 600 goto done; 601 } 602 hci_dev_lock(hdev); 603 604 /* Set destination address and psm */ 605 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 606 607 err = sco_connect(hdev, sk); 608 hci_dev_unlock(hdev); 609 hci_dev_put(hdev); 610 if (err) { 611 goto done; 612 } 613 614 err = bt_sock_wait_state(sk, BT_CONNECTED, sock_sndtimeo(sk, flags & O_NONBLOCK)); 615 616done: 617 release_sock(sk); 618 return err; 619} 620 621static int sco_sock_listen(struct socket *sock, int backlog) 622{ 623 struct sock *sk = sock->sk; 624 bdaddr_t *src = &sco_pi(sk)->src; 625 int err = 0; 626 627 BT_DBG("sk %p backlog %d", sk, backlog); 628 629 lock_sock(sk); 630 631 if (sk->sk_state != BT_BOUND) { 632 err = -EBADFD; 633 goto done; 634 } 635 636 if (sk->sk_type != SOCK_SEQPACKET) { 637 err = -EINVAL; 638 goto done; 639 } 640 641 write_lock(&sco_sk_list.lock); 642 643 if (_sco_get_sock_listen_by_addr(src)) { 644 err = -EADDRINUSE; 645 goto unlock; 646 } 647 648 sk->sk_max_ack_backlog = backlog; 649 sk->sk_ack_backlog = 0; 650 651 sk->sk_state = BT_LISTEN; 652 653unlock: 654 write_unlock(&sco_sk_list.lock); 655 656done: 657 release_sock(sk); 658 return err; 659} 660 661static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags, bool kern) 662{ 663 DEFINE_WAIT_FUNC(wait, woken_wake_function); 664 struct sock *sk = sock->sk, *ch; 665 long timeo; 666 int err = 0; 667 668 lock_sock(sk); 669 670 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 671 672 BT_DBG("sk %p timeo %ld", sk, timeo); 673 674 /* Wait for an incoming connection. (wake-one). */ 675 add_wait_queue_exclusive(sk_sleep(sk), &wait); 676 while (1) { 677 if (sk->sk_state != BT_LISTEN) { 678 err = -EBADFD; 679 break; 680 } 681 682 ch = bt_accept_dequeue(sk, newsock); 683 if (ch) { 684 break; 685 } 686 687 if (!timeo) { 688 err = -EAGAIN; 689 break; 690 } 691 692 if (signal_pending(current)) { 693 err = sock_intr_errno(timeo); 694 break; 695 } 696 697 release_sock(sk); 698 699 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 700 lock_sock(sk); 701 } 702 remove_wait_queue(sk_sleep(sk), &wait); 703 704 if (err) { 705 goto done; 706 } 707 708 newsock->state = SS_CONNECTED; 709 710 BT_DBG("new socket %p", ch); 711 712done: 713 release_sock(sk); 714 return err; 715} 716 717static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) 718{ 719 struct sockaddr_sco *sa = (struct sockaddr_sco *)addr; 720 struct sock *sk = sock->sk; 721 722 BT_DBG("sock %p, sk %p", sock, sk); 723 724 addr->sa_family = AF_BLUETOOTH; 725 726 if (peer) { 727 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 728 } else { 729 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 730 } 731 732 return sizeof(struct sockaddr_sco); 733} 734 735static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 736{ 737 struct sock *sk = sock->sk; 738 struct sk_buff *skb; 739 int err; 740 741 BT_DBG("sock %p, sk %p", sock, sk); 742 743 err = sock_error(sk); 744 if (err) { 745 return err; 746 } 747 748 if (msg->msg_flags & MSG_OOB) { 749 return -EOPNOTSUPP; 750 } 751 752 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 753 if (IS_ERR(skb)) { 754 return PTR_ERR(skb); 755 } 756 757 lock_sock(sk); 758 759 if (sk->sk_state == BT_CONNECTED) { 760 err = sco_send_frame(sk, skb); 761 } else { 762 err = -ENOTCONN; 763 } 764 765 release_sock(sk); 766 if (err < 0) { 767 kfree_skb(skb); 768 } 769 return err; 770} 771 772static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 773{ 774 struct hci_dev *hdev = conn->hdev; 775 776 BT_DBG("conn %p", conn); 777 778 conn->state = BT_CONFIG; 779 780 if (!lmp_esco_capable(hdev)) { 781 struct hci_cp_accept_conn_req cp; 782 783 bacpy(&cp.bdaddr, &conn->dst); 784 cp.role = 0x00; /* Ignored */ 785 786 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 787 } else { 788 struct hci_cp_accept_sync_conn_req cp; 789 790 bacpy(&cp.bdaddr, &conn->dst); 791 cp.pkt_type = cpu_to_le16(conn->pkt_type); 792 793 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 794 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 795 cp.content_format = cpu_to_le16(setting); 796 797 switch (setting & SCO_AIRMODE_MASK) { 798 case SCO_AIRMODE_TRANSP: 799 if (conn->pkt_type & ESCO_2EV3) { 800 cp.max_latency = cpu_to_le16(0x0008); 801 } else { 802 cp.max_latency = cpu_to_le16(0x000D); 803 } 804 cp.retrans_effort = 0x02; 805 break; 806 case SCO_AIRMODE_CVSD: 807 cp.max_latency = cpu_to_le16(0xffff); 808 cp.retrans_effort = 0xff; 809 break; 810 default: 811 /* use CVSD settings as fallback */ 812 cp.max_latency = cpu_to_le16(0xffff); 813 cp.retrans_effort = 0xff; 814 break; 815 } 816 817 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp), &cp); 818 } 819} 820 821static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, int flags) 822{ 823 struct sock *sk = sock->sk; 824 struct sco_pinfo *pi = sco_pi(sk); 825 826 lock_sock(sk); 827 828 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 829 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 830 sk->sk_state = BT_CONFIG; 831 832 release_sock(sk); 833 return 0; 834 } 835 836 release_sock(sk); 837 838 return bt_sock_recvmsg(sock, msg, len, flags); 839} 840 841static int sco_sock_setsockopt(struct socket *sock, int level, int optname, sockptr_t optval, unsigned int optlen) 842{ 843 struct sock *sk = sock->sk; 844 int len, err = 0; 845 struct bt_voice voice; 846 u32 opt; 847 848 BT_DBG("sk %p", sk); 849 850 lock_sock(sk); 851 852 switch (optname) { 853 case BT_DEFER_SETUP: 854 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 855 err = -EINVAL; 856 break; 857 } 858 859 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 860 err = -EFAULT; 861 break; 862 } 863 864 if (opt) { 865 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 866 } else { 867 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 868 } 869 break; 870 871 case BT_VOICE: 872 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECT2) { 873 err = -EINVAL; 874 break; 875 } 876 877 voice.setting = sco_pi(sk)->setting; 878 879 len = min_t(unsigned int, sizeof(voice), optlen); 880 if (copy_from_sockptr(&voice, optval, len)) { 881 err = -EFAULT; 882 break; 883 } 884 885 /* Explicitly check for these values */ 886 if (voice.setting != BT_VOICE_TRANSPARENT && voice.setting != BT_VOICE_CVSD_16BIT) { 887 err = -EINVAL; 888 break; 889 } 890 891 sco_pi(sk)->setting = voice.setting; 892 break; 893 894 case BT_PKT_STATUS: 895 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 896 err = -EFAULT; 897 break; 898 } 899 900 if (opt) { 901 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 902 } else { 903 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 904 } 905 break; 906 907 default: 908 err = -ENOPROTOOPT; 909 break; 910 } 911 912 release_sock(sk); 913 return err; 914} 915 916static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 917{ 918 struct sock *sk = sock->sk; 919 struct sco_options opts; 920 struct sco_conninfo cinfo; 921 int len, err = 0; 922 923 BT_DBG("sk %p", sk); 924 925 if (get_user(len, optlen)) { 926 return -EFAULT; 927 } 928 929 lock_sock(sk); 930 931 switch (optname) { 932 case SCO_OPTIONS: 933 if (sk->sk_state != BT_CONNECTED && 934 !(sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 935 err = -ENOTCONN; 936 break; 937 } 938 939 opts.mtu = sco_pi(sk)->conn->mtu; 940 941 BT_DBG("mtu %d", opts.mtu); 942 943 len = min_t(unsigned int, len, sizeof(opts)); 944 if (copy_to_user(optval, (char *)&opts, len)) { 945 err = -EFAULT; 946 } 947 948 break; 949 950 case SCO_CONNINFO: 951 if (sk->sk_state != BT_CONNECTED && 952 !(sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 953 err = -ENOTCONN; 954 break; 955 } 956 957 memset(&cinfo, 0, sizeof(cinfo)); 958 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 959 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 960 961 len = min_t(unsigned int, len, sizeof(cinfo)); 962 if (copy_to_user(optval, (char *)&cinfo, len)) { 963 err = -EFAULT; 964 } 965 966 break; 967 968 default: 969 err = -ENOPROTOOPT; 970 break; 971 } 972 973 release_sock(sk); 974 return err; 975} 976 977static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 978{ 979 struct sock *sk = sock->sk; 980 int len, err = 0; 981 struct bt_voice voice; 982 u32 phys; 983 int pkt_status; 984 985 BT_DBG("sk %p", sk); 986 987 if (level == SOL_SCO) { 988 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 989 } 990 991 if (get_user(len, optlen)) { 992 return -EFAULT; 993 } 994 995 lock_sock(sk); 996 997 switch (optname) { 998 999 case BT_DEFER_SETUP: 1000 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1001 err = -EINVAL; 1002 break; 1003 } 1004 1005 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), (u32 __user *)optval)) { 1006 err = -EFAULT; 1007 } 1008 1009 break; 1010 1011 case BT_VOICE: 1012 voice.setting = sco_pi(sk)->setting; 1013 1014 len = min_t(unsigned int, len, sizeof(voice)); 1015 if (copy_to_user(optval, (char *)&voice, len)) { 1016 err = -EFAULT; 1017 } 1018 1019 break; 1020 1021 case BT_PHY: 1022 if (sk->sk_state != BT_CONNECTED) { 1023 err = -ENOTCONN; 1024 break; 1025 } 1026 1027 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1028 1029 if (put_user(phys, (u32 __user *)optval)) { 1030 err = -EFAULT; 1031 } 1032 break; 1033 1034 case BT_PKT_STATUS: 1035 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 1036 1037 if (put_user(pkt_status, (int __user *)optval)) { 1038 err = -EFAULT; 1039 } 1040 break; 1041 1042 case BT_SNDMTU: 1043 case BT_RCVMTU: 1044 if (sk->sk_state != BT_CONNECTED) { 1045 err = -ENOTCONN; 1046 break; 1047 } 1048 1049 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) { 1050 err = -EFAULT; 1051 } 1052 break; 1053 1054 default: 1055 err = -ENOPROTOOPT; 1056 break; 1057 } 1058 1059 release_sock(sk); 1060 return err; 1061} 1062 1063static int sco_sock_shutdown(struct socket *sock, int how) 1064{ 1065 struct sock *sk = sock->sk; 1066 int err = 0; 1067 1068 BT_DBG("sock %p, sk %p", sock, sk); 1069 1070 if (!sk) { 1071 return 0; 1072 } 1073 1074 sock_hold(sk); 1075 lock_sock(sk); 1076 1077 if (!sk->sk_shutdown) { 1078 sk->sk_shutdown = SHUTDOWN_MASK; 1079 sco_sock_clear_timer(sk); 1080 _sco_sock_close(sk); 1081 1082 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && !(current->flags & PF_EXITING)) { 1083 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1084 } 1085 } 1086 1087 release_sock(sk); 1088 sock_put(sk); 1089 1090 return err; 1091} 1092 1093static int sco_sock_release(struct socket *sock) 1094{ 1095 struct sock *sk = sock->sk; 1096 int err = 0; 1097 1098 BT_DBG("sock %p, sk %p", sock, sk); 1099 1100 if (!sk) { 1101 return 0; 1102 } 1103 1104 sco_sock_close(sk); 1105 1106 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && !(current->flags & PF_EXITING)) { 1107 lock_sock(sk); 1108 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1109 release_sock(sk); 1110 } 1111 1112 sock_orphan(sk); 1113 sco_sock_kill(sk); 1114 return err; 1115} 1116 1117static void sco_conn_ready(struct sco_conn *conn) 1118{ 1119 struct sock *parent; 1120 struct sock *sk = conn->sk; 1121 1122 BT_DBG("conn %p", conn); 1123 1124 if (sk) { 1125 sco_sock_clear_timer(sk); 1126 bh_lock_sock(sk); 1127 sk->sk_state = BT_CONNECTED; 1128 sk->sk_state_change(sk); 1129 bh_unlock_sock(sk); 1130 } else { 1131 sco_conn_lock(conn); 1132 1133 if (!conn->hcon) { 1134 sco_conn_unlock(conn); 1135 return; 1136 } 1137 1138 parent = sco_get_sock_listen(&conn->hcon->src); 1139 if (!parent) { 1140 sco_conn_unlock(conn); 1141 return; 1142 } 1143 1144 bh_lock_sock(parent); 1145 1146 sk = sco_sock_alloc(sock_net(parent), NULL, BTPROTO_SCO, GFP_ATOMIC, 0); 1147 if (!sk) { 1148 bh_unlock_sock(parent); 1149 sco_conn_unlock(conn); 1150 return; 1151 } 1152 1153 sco_sock_init(sk, parent); 1154 1155 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1156 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1157 1158 hci_conn_hold(conn->hcon); 1159 __sco_chan_add(conn, sk, parent); 1160 1161 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) { 1162 sk->sk_state = BT_CONNECT2; 1163 } else { 1164 sk->sk_state = BT_CONNECTED; 1165 } 1166 1167 /* Wake up parent */ 1168 parent->sk_data_ready(parent); 1169 1170 bh_unlock_sock(parent); 1171 1172 sco_conn_unlock(conn); 1173 } 1174} 1175 1176/* ----- SCO interface with lower layer (HCI) ----- */ 1177int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1178{ 1179 struct sock *sk; 1180 int lm = 0; 1181 1182 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1183 1184 /* Find listening sockets */ 1185 read_lock(&sco_sk_list.lock); 1186 sk_for_each(sk, &sco_sk_list.head) 1187 { 1188 if (sk->sk_state != BT_LISTEN) { 1189 continue; 1190 } 1191 1192 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1193 lm |= HCI_LM_ACCEPT; 1194 1195 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1196 *flags |= HCI_PROTO_DEFER; 1197 } 1198 break; 1199 } 1200 } 1201 read_unlock(&sco_sk_list.lock); 1202 1203 return lm; 1204} 1205 1206static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1207{ 1208 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) { 1209 return; 1210 } 1211 1212 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1213 1214 if (!status) { 1215 struct sco_conn *conn; 1216 1217 conn = sco_conn_add(hcon); 1218 if (conn) { 1219 sco_conn_ready(conn); 1220 } 1221 } else { 1222 sco_conn_del(hcon, bt_to_errno(status)); 1223 } 1224} 1225 1226static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1227{ 1228 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) { 1229 return; 1230 } 1231 1232 BT_DBG("hcon %p reason %d", hcon, reason); 1233 1234 sco_conn_del(hcon, bt_to_errno(reason)); 1235} 1236 1237void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1238{ 1239 struct sco_conn *conn = hcon->sco_data; 1240 1241 if (!conn) { 1242 goto drop; 1243 } 1244 1245 BT_DBG("conn %p len %d", conn, skb->len); 1246 1247 if (skb->len) { 1248 sco_recv_frame(conn, skb); 1249 return; 1250 } 1251 1252drop: 1253 kfree_skb(skb); 1254} 1255 1256static struct hci_cb sco_cb = { 1257 .name = "SCO", 1258 .connect_cfm = sco_connect_cfm, 1259 .disconn_cfm = sco_disconn_cfm, 1260}; 1261 1262static int sco_debugfs_show(struct seq_file *f, void *p) 1263{ 1264 struct sock *sk; 1265 1266 read_lock(&sco_sk_list.lock); 1267 1268 sk_for_each(sk, &sco_sk_list.head) 1269 { 1270 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, &sco_pi(sk)->dst, sk->sk_state); 1271 } 1272 1273 read_unlock(&sco_sk_list.lock); 1274 1275 return 0; 1276} 1277 1278DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1279 1280static struct dentry *sco_debugfs; 1281 1282static const struct proto_ops sco_sock_ops = {.family = PF_BLUETOOTH, 1283 .owner = THIS_MODULE, 1284 .release = sco_sock_release, 1285 .bind = sco_sock_bind, 1286 .connect = sco_sock_connect, 1287 .listen = sco_sock_listen, 1288 .accept = sco_sock_accept, 1289 .getname = sco_sock_getname, 1290 .sendmsg = sco_sock_sendmsg, 1291 .recvmsg = sco_sock_recvmsg, 1292 .poll = bt_sock_poll, 1293 .ioctl = bt_sock_ioctl, 1294 .gettstamp = sock_gettstamp, 1295 .mmap = sock_no_mmap, 1296 .socketpair = sock_no_socketpair, 1297 .shutdown = sco_sock_shutdown, 1298 .setsockopt = sco_sock_setsockopt, 1299 .getsockopt = sco_sock_getsockopt}; 1300 1301static const struct net_proto_family sco_sock_family_ops = { 1302 .family = PF_BLUETOOTH, 1303 .owner = THIS_MODULE, 1304 .create = sco_sock_create, 1305}; 1306 1307int __init sco_init(void) 1308{ 1309 int err; 1310 1311 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1312 1313 err = proto_register(&sco_proto, 0); 1314 if (err < 0) { 1315 return err; 1316 } 1317 1318 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1319 if (err < 0) { 1320 BT_ERR("SCO socket registration failed"); 1321 goto error; 1322 } 1323 1324 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1325 if (err < 0) { 1326 BT_ERR("Failed to create SCO proc file"); 1327 bt_sock_unregister(BTPROTO_SCO); 1328 goto error; 1329 } 1330 1331 BT_INFO("SCO socket layer initialized"); 1332 1333 hci_register_cb(&sco_cb); 1334 1335 if (IS_ERR_OR_NULL(bt_debugfs)) { 1336 return 0; 1337 } 1338 1339 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, NULL, &sco_debugfs_fops); 1340 1341 return 0; 1342 1343error: 1344 proto_unregister(&sco_proto); 1345 return err; 1346} 1347 1348void sco_exit(void) 1349{ 1350 bt_procfs_cleanup(&init_net, "sco"); 1351 1352 debugfs_remove(sco_debugfs); 1353 1354 hci_unregister_cb(&sco_cb); 1355 1356 bt_sock_unregister(BTPROTO_SCO); 1357 1358 proto_unregister(&sco_proto); 1359} 1360 1361module_param(disable_esco, bool, 0644); 1362MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1363