1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth SCO sockets. */ 26 27#include <linux/module.h> 28#include <linux/debugfs.h> 29#include <linux/seq_file.h> 30#include <linux/sched/signal.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/sco.h> 35 36static bool disable_esco; 37 38static const struct proto_ops sco_sock_ops; 39 40static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42}; 43 44/* ---- SCO connections ---- */ 45struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54}; 55 56#define sco_conn_lock(c) spin_lock(&c->lock); 57#define sco_conn_unlock(c) spin_unlock(&c->lock); 58 59static void sco_sock_close(struct sock *sk); 60static void sco_sock_kill(struct sock *sk); 61 62/* ----- SCO socket info ----- */ 63#define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 __u8 cmsg_mask; 72 struct sco_conn *conn; 73}; 74 75/* ---- SCO timers ---- */ 76#define SCO_CONN_TIMEOUT (HZ * 40) 77#define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79static void sco_sock_timeout(struct work_struct *work) 80{ 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 if (!conn->hcon) { 87 sco_conn_unlock(conn); 88 return; 89 } 90 sk = conn->sk; 91 if (sk) 92 sock_hold(sk); 93 sco_conn_unlock(conn); 94 95 if (!sk) 96 return; 97 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 100 lock_sock(sk); 101 sk->sk_err = ETIMEDOUT; 102 sk->sk_state_change(sk); 103 release_sock(sk); 104 105 sock_put(sk); 106} 107 108static void sco_sock_set_timer(struct sock *sk, long timeout) 109{ 110 if (!sco_pi(sk)->conn) 111 return; 112 113 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 114 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 115 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 116} 117 118static void sco_sock_clear_timer(struct sock *sk) 119{ 120 if (!sco_pi(sk)->conn) 121 return; 122 123 BT_DBG("sock %p state %d", sk, sk->sk_state); 124 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 125} 126 127/* ---- SCO connections ---- */ 128static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 129{ 130 struct hci_dev *hdev = hcon->hdev; 131 struct sco_conn *conn = hcon->sco_data; 132 133 if (conn) 134 return conn; 135 136 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 137 if (!conn) 138 return NULL; 139 140 spin_lock_init(&conn->lock); 141 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 142 143 hcon->sco_data = conn; 144 conn->hcon = hcon; 145 146 if (hdev->sco_mtu > 0) 147 conn->mtu = hdev->sco_mtu; 148 else 149 conn->mtu = 60; 150 151 BT_DBG("hcon %p conn %p", hcon, conn); 152 153 return conn; 154} 155 156/* Delete channel. 157 * Must be called on the locked socket. */ 158static void sco_chan_del(struct sock *sk, int err) 159{ 160 struct sco_conn *conn; 161 162 conn = sco_pi(sk)->conn; 163 164 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 165 166 if (conn) { 167 sco_conn_lock(conn); 168 conn->sk = NULL; 169 sco_pi(sk)->conn = NULL; 170 sco_conn_unlock(conn); 171 172 if (conn->hcon) 173 hci_conn_drop(conn->hcon); 174 } 175 176 sk->sk_state = BT_CLOSED; 177 sk->sk_err = err; 178 sk->sk_state_change(sk); 179 180 sock_set_flag(sk, SOCK_ZAPPED); 181} 182 183static void sco_conn_del(struct hci_conn *hcon, int err) 184{ 185 struct sco_conn *conn = hcon->sco_data; 186 struct sock *sk; 187 188 if (!conn) 189 return; 190 191 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 192 193 /* Kill socket */ 194 sco_conn_lock(conn); 195 sk = conn->sk; 196 sco_conn_unlock(conn); 197 198 if (sk) { 199 sock_hold(sk); 200 lock_sock(sk); 201 sco_sock_clear_timer(sk); 202 sco_chan_del(sk, err); 203 release_sock(sk); 204 sock_put(sk); 205 } 206 207 /* Ensure no more work items will run before freeing conn. */ 208 cancel_delayed_work_sync(&conn->timeout_work); 209 210 hcon->sco_data = NULL; 211 kfree(conn); 212} 213 214static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 215 struct sock *parent) 216{ 217 BT_DBG("conn %p", conn); 218 219 sco_pi(sk)->conn = conn; 220 conn->sk = sk; 221 222 if (parent) 223 bt_accept_enqueue(parent, sk, true); 224} 225 226static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 227 struct sock *parent) 228{ 229 int err = 0; 230 231 sco_conn_lock(conn); 232 if (conn->sk) 233 err = -EBUSY; 234 else 235 __sco_chan_add(conn, sk, parent); 236 237 sco_conn_unlock(conn); 238 return err; 239} 240 241static int sco_connect(struct hci_dev *hdev, struct sock *sk) 242{ 243 struct sco_conn *conn; 244 struct hci_conn *hcon; 245 int err, type; 246 247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 248 249 if (lmp_esco_capable(hdev) && !disable_esco) 250 type = ESCO_LINK; 251 else 252 type = SCO_LINK; 253 254 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 255 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) 256 return -EOPNOTSUPP; 257 258 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 259 sco_pi(sk)->setting); 260 if (IS_ERR(hcon)) 261 return PTR_ERR(hcon); 262 263 conn = sco_conn_add(hcon); 264 if (!conn) { 265 hci_conn_drop(hcon); 266 return -ENOMEM; 267 } 268 269 /* Update source addr of the socket */ 270 bacpy(&sco_pi(sk)->src, &hcon->src); 271 272 err = sco_chan_add(conn, sk, NULL); 273 if (err) 274 return err; 275 276 if (hcon->state == BT_CONNECTED) { 277 sco_sock_clear_timer(sk); 278 sk->sk_state = BT_CONNECTED; 279 } else { 280 sk->sk_state = BT_CONNECT; 281 sco_sock_set_timer(sk, sk->sk_sndtimeo); 282 } 283 284 return err; 285} 286 287static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 288{ 289 struct sco_conn *conn = sco_pi(sk)->conn; 290 int len = skb->len; 291 292 /* Check outgoing MTU */ 293 if (len > conn->mtu) 294 return -EINVAL; 295 296 BT_DBG("sk %p len %d", sk, len); 297 298 hci_send_sco(conn->hcon, skb); 299 300 return len; 301} 302 303static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 304{ 305 struct sock *sk; 306 307 sco_conn_lock(conn); 308 sk = conn->sk; 309 sco_conn_unlock(conn); 310 311 if (!sk) 312 goto drop; 313 314 BT_DBG("sk %p len %d", sk, skb->len); 315 316 if (sk->sk_state != BT_CONNECTED) 317 goto drop; 318 319 if (!sock_queue_rcv_skb(sk, skb)) 320 return; 321 322drop: 323 kfree_skb(skb); 324} 325 326/* -------- Socket interface ---------- */ 327static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 328{ 329 struct sock *sk; 330 331 sk_for_each(sk, &sco_sk_list.head) { 332 if (sk->sk_state != BT_LISTEN) 333 continue; 334 335 if (!bacmp(&sco_pi(sk)->src, ba)) 336 return sk; 337 } 338 339 return NULL; 340} 341 342/* Find socket listening on source bdaddr. 343 * Returns closest match. 344 */ 345static struct sock *sco_get_sock_listen(bdaddr_t *src) 346{ 347 struct sock *sk = NULL, *sk1 = NULL; 348 349 read_lock(&sco_sk_list.lock); 350 351 sk_for_each(sk, &sco_sk_list.head) { 352 if (sk->sk_state != BT_LISTEN) 353 continue; 354 355 /* Exact match. */ 356 if (!bacmp(&sco_pi(sk)->src, src)) 357 break; 358 359 /* Closest match */ 360 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 361 sk1 = sk; 362 } 363 364 read_unlock(&sco_sk_list.lock); 365 366 return sk ? sk : sk1; 367} 368 369static void sco_sock_destruct(struct sock *sk) 370{ 371 BT_DBG("sk %p", sk); 372 373 skb_queue_purge(&sk->sk_receive_queue); 374 skb_queue_purge(&sk->sk_write_queue); 375} 376 377static void sco_sock_cleanup_listen(struct sock *parent) 378{ 379 struct sock *sk; 380 381 BT_DBG("parent %p", parent); 382 383 /* Close not yet accepted channels */ 384 while ((sk = bt_accept_dequeue(parent, NULL))) { 385 sco_sock_close(sk); 386 sco_sock_kill(sk); 387 } 388 389 parent->sk_state = BT_CLOSED; 390 sock_set_flag(parent, SOCK_ZAPPED); 391} 392 393/* Kill socket (only if zapped and orphan) 394 * Must be called on unlocked socket. 395 */ 396static void sco_sock_kill(struct sock *sk) 397{ 398 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 399 return; 400 401 BT_DBG("sk %p state %d", sk, sk->sk_state); 402 403 /* Kill poor orphan */ 404 bt_sock_unlink(&sco_sk_list, sk); 405 sock_set_flag(sk, SOCK_DEAD); 406 sock_put(sk); 407} 408 409static void __sco_sock_close(struct sock *sk) 410{ 411 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 412 413 switch (sk->sk_state) { 414 case BT_LISTEN: 415 sco_sock_cleanup_listen(sk); 416 break; 417 418 case BT_CONNECTED: 419 case BT_CONFIG: 420 if (sco_pi(sk)->conn->hcon) { 421 sk->sk_state = BT_DISCONN; 422 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 423 sco_conn_lock(sco_pi(sk)->conn); 424 hci_conn_drop(sco_pi(sk)->conn->hcon); 425 sco_pi(sk)->conn->hcon = NULL; 426 sco_conn_unlock(sco_pi(sk)->conn); 427 } else 428 sco_chan_del(sk, ECONNRESET); 429 break; 430 431 case BT_CONNECT2: 432 case BT_CONNECT: 433 case BT_DISCONN: 434 sco_chan_del(sk, ECONNRESET); 435 break; 436 437 default: 438 sock_set_flag(sk, SOCK_ZAPPED); 439 break; 440 } 441} 442 443/* Must be called on unlocked socket. */ 444static void sco_sock_close(struct sock *sk) 445{ 446 sco_sock_clear_timer(sk); 447 lock_sock(sk); 448 __sco_sock_close(sk); 449 release_sock(sk); 450} 451 452static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, 453 struct sock *sk) 454{ 455 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) 456 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, 457 sizeof(bt_cb(skb)->sco.pkt_status), 458 &bt_cb(skb)->sco.pkt_status); 459} 460 461static void sco_sock_init(struct sock *sk, struct sock *parent) 462{ 463 BT_DBG("sk %p", sk); 464 465 if (parent) { 466 sk->sk_type = parent->sk_type; 467 bt_sk(sk)->flags = bt_sk(parent)->flags; 468 security_sk_clone(parent, sk); 469 } else { 470 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 471 } 472} 473 474static struct proto sco_proto = { 475 .name = "SCO", 476 .owner = THIS_MODULE, 477 .obj_size = sizeof(struct sco_pinfo) 478}; 479 480static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 481 int proto, gfp_t prio, int kern) 482{ 483 struct sock *sk; 484 485 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 486 if (!sk) 487 return NULL; 488 489 sock_init_data(sock, sk); 490 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 491 492 sk->sk_destruct = sco_sock_destruct; 493 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 494 495 sock_reset_flag(sk, SOCK_ZAPPED); 496 497 sk->sk_protocol = proto; 498 sk->sk_state = BT_OPEN; 499 500 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 501 502 bt_sock_link(&sco_sk_list, sk); 503 return sk; 504} 505 506static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 507 int kern) 508{ 509 struct sock *sk; 510 511 BT_DBG("sock %p", sock); 512 513 sock->state = SS_UNCONNECTED; 514 515 if (sock->type != SOCK_SEQPACKET) 516 return -ESOCKTNOSUPPORT; 517 518 sock->ops = &sco_sock_ops; 519 520 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 521 if (!sk) 522 return -ENOMEM; 523 524 sco_sock_init(sk, NULL); 525 return 0; 526} 527 528static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 529 int addr_len) 530{ 531 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 532 struct sock *sk = sock->sk; 533 int err = 0; 534 535 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 536 addr->sa_family != AF_BLUETOOTH) 537 return -EINVAL; 538 539 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 540 541 lock_sock(sk); 542 543 if (sk->sk_state != BT_OPEN) { 544 err = -EBADFD; 545 goto done; 546 } 547 548 if (sk->sk_type != SOCK_SEQPACKET) { 549 err = -EINVAL; 550 goto done; 551 } 552 553 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 554 555 sk->sk_state = BT_BOUND; 556 557done: 558 release_sock(sk); 559 return err; 560} 561 562static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 563{ 564 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 565 struct sock *sk = sock->sk; 566 struct hci_dev *hdev; 567 int err; 568 569 BT_DBG("sk %p", sk); 570 571 if (alen < sizeof(struct sockaddr_sco) || 572 addr->sa_family != AF_BLUETOOTH) 573 return -EINVAL; 574 575 lock_sock(sk); 576 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 577 err = -EBADFD; 578 goto done; 579 } 580 581 if (sk->sk_type != SOCK_SEQPACKET) { 582 err = -EINVAL; 583 goto done; 584 } 585 586 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR); 587 if (!hdev) { 588 err = -EHOSTUNREACH; 589 goto done; 590 } 591 hci_dev_lock(hdev); 592 593 /* Set destination address and psm */ 594 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 595 596 err = sco_connect(hdev, sk); 597 hci_dev_unlock(hdev); 598 hci_dev_put(hdev); 599 if (err) 600 goto done; 601 602 err = bt_sock_wait_state(sk, BT_CONNECTED, 603 sock_sndtimeo(sk, flags & O_NONBLOCK)); 604 605done: 606 release_sock(sk); 607 return err; 608} 609 610static int sco_sock_listen(struct socket *sock, int backlog) 611{ 612 struct sock *sk = sock->sk; 613 bdaddr_t *src = &sco_pi(sk)->src; 614 int err = 0; 615 616 BT_DBG("sk %p backlog %d", sk, backlog); 617 618 lock_sock(sk); 619 620 if (sk->sk_state != BT_BOUND) { 621 err = -EBADFD; 622 goto done; 623 } 624 625 if (sk->sk_type != SOCK_SEQPACKET) { 626 err = -EINVAL; 627 goto done; 628 } 629 630 write_lock(&sco_sk_list.lock); 631 632 if (__sco_get_sock_listen_by_addr(src)) { 633 err = -EADDRINUSE; 634 goto unlock; 635 } 636 637 sk->sk_max_ack_backlog = backlog; 638 sk->sk_ack_backlog = 0; 639 640 sk->sk_state = BT_LISTEN; 641 642unlock: 643 write_unlock(&sco_sk_list.lock); 644 645done: 646 release_sock(sk); 647 return err; 648} 649 650static int sco_sock_accept(struct socket *sock, struct socket *newsock, 651 int flags, bool kern) 652{ 653 DEFINE_WAIT_FUNC(wait, woken_wake_function); 654 struct sock *sk = sock->sk, *ch; 655 long timeo; 656 int err = 0; 657 658 lock_sock(sk); 659 660 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 661 662 BT_DBG("sk %p timeo %ld", sk, timeo); 663 664 /* Wait for an incoming connection. (wake-one). */ 665 add_wait_queue_exclusive(sk_sleep(sk), &wait); 666 while (1) { 667 if (sk->sk_state != BT_LISTEN) { 668 err = -EBADFD; 669 break; 670 } 671 672 ch = bt_accept_dequeue(sk, newsock); 673 if (ch) 674 break; 675 676 if (!timeo) { 677 err = -EAGAIN; 678 break; 679 } 680 681 if (signal_pending(current)) { 682 err = sock_intr_errno(timeo); 683 break; 684 } 685 686 release_sock(sk); 687 688 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 689 lock_sock(sk); 690 } 691 remove_wait_queue(sk_sleep(sk), &wait); 692 693 if (err) 694 goto done; 695 696 newsock->state = SS_CONNECTED; 697 698 BT_DBG("new socket %p", ch); 699 700done: 701 release_sock(sk); 702 return err; 703} 704 705static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 706 int peer) 707{ 708 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 709 struct sock *sk = sock->sk; 710 711 BT_DBG("sock %p, sk %p", sock, sk); 712 713 addr->sa_family = AF_BLUETOOTH; 714 715 if (peer) 716 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 717 else 718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 719 720 return sizeof(struct sockaddr_sco); 721} 722 723static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 724 size_t len) 725{ 726 struct sock *sk = sock->sk; 727 struct sk_buff *skb; 728 int err; 729 730 BT_DBG("sock %p, sk %p", sock, sk); 731 732 err = sock_error(sk); 733 if (err) 734 return err; 735 736 if (msg->msg_flags & MSG_OOB) 737 return -EOPNOTSUPP; 738 739 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 740 if (IS_ERR(skb)) 741 return PTR_ERR(skb); 742 743 lock_sock(sk); 744 745 if (sk->sk_state == BT_CONNECTED) 746 err = sco_send_frame(sk, skb); 747 else 748 err = -ENOTCONN; 749 750 release_sock(sk); 751 752 if (err < 0) 753 kfree_skb(skb); 754 return err; 755} 756 757static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 758{ 759 struct hci_dev *hdev = conn->hdev; 760 761 BT_DBG("conn %p", conn); 762 763 conn->state = BT_CONFIG; 764 765 if (!lmp_esco_capable(hdev)) { 766 struct hci_cp_accept_conn_req cp; 767 768 bacpy(&cp.bdaddr, &conn->dst); 769 cp.role = 0x00; /* Ignored */ 770 771 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 772 } else { 773 struct hci_cp_accept_sync_conn_req cp; 774 775 bacpy(&cp.bdaddr, &conn->dst); 776 cp.pkt_type = cpu_to_le16(conn->pkt_type); 777 778 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 779 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 780 cp.content_format = cpu_to_le16(setting); 781 782 switch (setting & SCO_AIRMODE_MASK) { 783 case SCO_AIRMODE_TRANSP: 784 if (conn->pkt_type & ESCO_2EV3) 785 cp.max_latency = cpu_to_le16(0x0008); 786 else 787 cp.max_latency = cpu_to_le16(0x000D); 788 cp.retrans_effort = 0x02; 789 break; 790 case SCO_AIRMODE_CVSD: 791 cp.max_latency = cpu_to_le16(0xffff); 792 cp.retrans_effort = 0xff; 793 break; 794 default: 795 /* use CVSD settings as fallback */ 796 cp.max_latency = cpu_to_le16(0xffff); 797 cp.retrans_effort = 0xff; 798 break; 799 } 800 801 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 802 sizeof(cp), &cp); 803 } 804} 805 806static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 807 size_t len, int flags) 808{ 809 struct sock *sk = sock->sk; 810 struct sco_pinfo *pi = sco_pi(sk); 811 812 lock_sock(sk); 813 814 if (sk->sk_state == BT_CONNECT2 && 815 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 816 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 817 sk->sk_state = BT_CONFIG; 818 819 release_sock(sk); 820 return 0; 821 } 822 823 release_sock(sk); 824 825 return bt_sock_recvmsg(sock, msg, len, flags); 826} 827 828static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 829 sockptr_t optval, unsigned int optlen) 830{ 831 struct sock *sk = sock->sk; 832 int err = 0; 833 struct bt_voice voice; 834 u32 opt; 835 836 BT_DBG("sk %p", sk); 837 838 lock_sock(sk); 839 840 switch (optname) { 841 842 case BT_DEFER_SETUP: 843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 844 err = -EINVAL; 845 break; 846 } 847 848 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 849 if (err) 850 break; 851 852 if (opt) 853 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 854 else 855 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 856 break; 857 858 case BT_VOICE: 859 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 860 sk->sk_state != BT_CONNECT2) { 861 err = -EINVAL; 862 break; 863 } 864 865 voice.setting = sco_pi(sk)->setting; 866 867 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 868 optlen); 869 if (err) 870 break; 871 872 /* Explicitly check for these values */ 873 if (voice.setting != BT_VOICE_TRANSPARENT && 874 voice.setting != BT_VOICE_CVSD_16BIT) { 875 err = -EINVAL; 876 break; 877 } 878 879 sco_pi(sk)->setting = voice.setting; 880 break; 881 882 case BT_PKT_STATUS: 883 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 884 if (err) 885 break; 886 887 if (opt) 888 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 889 else 890 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 891 break; 892 893 default: 894 err = -ENOPROTOOPT; 895 break; 896 } 897 898 release_sock(sk); 899 return err; 900} 901 902static int sco_sock_getsockopt_old(struct socket *sock, int optname, 903 char __user *optval, int __user *optlen) 904{ 905 struct sock *sk = sock->sk; 906 struct sco_options opts; 907 struct sco_conninfo cinfo; 908 int len, err = 0; 909 910 BT_DBG("sk %p", sk); 911 912 if (get_user(len, optlen)) 913 return -EFAULT; 914 915 lock_sock(sk); 916 917 switch (optname) { 918 case SCO_OPTIONS: 919 if (sk->sk_state != BT_CONNECTED && 920 !(sk->sk_state == BT_CONNECT2 && 921 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 922 err = -ENOTCONN; 923 break; 924 } 925 926 opts.mtu = sco_pi(sk)->conn->mtu; 927 928 BT_DBG("mtu %d", opts.mtu); 929 930 len = min_t(unsigned int, len, sizeof(opts)); 931 if (copy_to_user(optval, (char *)&opts, len)) 932 err = -EFAULT; 933 934 break; 935 936 case SCO_CONNINFO: 937 if (sk->sk_state != BT_CONNECTED && 938 !(sk->sk_state == BT_CONNECT2 && 939 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 940 err = -ENOTCONN; 941 break; 942 } 943 944 memset(&cinfo, 0, sizeof(cinfo)); 945 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 946 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 947 948 len = min_t(unsigned int, len, sizeof(cinfo)); 949 if (copy_to_user(optval, (char *)&cinfo, len)) 950 err = -EFAULT; 951 952 break; 953 954 default: 955 err = -ENOPROTOOPT; 956 break; 957 } 958 959 release_sock(sk); 960 return err; 961} 962 963static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 964 char __user *optval, int __user *optlen) 965{ 966 struct sock *sk = sock->sk; 967 int len, err = 0; 968 struct bt_voice voice; 969 u32 phys; 970 int pkt_status; 971 972 BT_DBG("sk %p", sk); 973 974 if (level == SOL_SCO) 975 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 976 977 if (get_user(len, optlen)) 978 return -EFAULT; 979 980 lock_sock(sk); 981 982 switch (optname) { 983 984 case BT_DEFER_SETUP: 985 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 986 err = -EINVAL; 987 break; 988 } 989 990 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 991 (u32 __user *)optval)) 992 err = -EFAULT; 993 994 break; 995 996 case BT_VOICE: 997 voice.setting = sco_pi(sk)->setting; 998 999 len = min_t(unsigned int, len, sizeof(voice)); 1000 if (copy_to_user(optval, (char *)&voice, len)) 1001 err = -EFAULT; 1002 1003 break; 1004 1005 case BT_PHY: 1006 if (sk->sk_state != BT_CONNECTED) { 1007 err = -ENOTCONN; 1008 break; 1009 } 1010 1011 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1012 1013 if (put_user(phys, (u32 __user *) optval)) 1014 err = -EFAULT; 1015 break; 1016 1017 case BT_PKT_STATUS: 1018 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 1019 1020 if (put_user(pkt_status, (int __user *)optval)) 1021 err = -EFAULT; 1022 break; 1023 1024 case BT_SNDMTU: 1025 case BT_RCVMTU: 1026 if (sk->sk_state != BT_CONNECTED) { 1027 err = -ENOTCONN; 1028 break; 1029 } 1030 1031 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1032 err = -EFAULT; 1033 break; 1034 1035 default: 1036 err = -ENOPROTOOPT; 1037 break; 1038 } 1039 1040 release_sock(sk); 1041 return err; 1042} 1043 1044static int sco_sock_shutdown(struct socket *sock, int how) 1045{ 1046 struct sock *sk = sock->sk; 1047 int err = 0; 1048 1049 BT_DBG("sock %p, sk %p", sock, sk); 1050 1051 if (!sk) 1052 return 0; 1053 1054 sock_hold(sk); 1055 lock_sock(sk); 1056 1057 if (!sk->sk_shutdown) { 1058 sk->sk_shutdown = SHUTDOWN_MASK; 1059 sco_sock_clear_timer(sk); 1060 __sco_sock_close(sk); 1061 1062 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1063 !(current->flags & PF_EXITING)) 1064 err = bt_sock_wait_state(sk, BT_CLOSED, 1065 sk->sk_lingertime); 1066 } 1067 1068 release_sock(sk); 1069 sock_put(sk); 1070 1071 return err; 1072} 1073 1074static int sco_sock_release(struct socket *sock) 1075{ 1076 struct sock *sk = sock->sk; 1077 int err = 0; 1078 1079 BT_DBG("sock %p, sk %p", sock, sk); 1080 1081 if (!sk) 1082 return 0; 1083 1084 sco_sock_close(sk); 1085 1086 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1087 !(current->flags & PF_EXITING)) { 1088 lock_sock(sk); 1089 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1090 release_sock(sk); 1091 } 1092 1093 sock_orphan(sk); 1094 sco_sock_kill(sk); 1095 return err; 1096} 1097 1098static void sco_conn_ready(struct sco_conn *conn) 1099{ 1100 struct sock *parent; 1101 struct sock *sk = conn->sk; 1102 1103 BT_DBG("conn %p", conn); 1104 1105 if (sk) { 1106 sco_sock_clear_timer(sk); 1107 lock_sock(sk); 1108 sk->sk_state = BT_CONNECTED; 1109 sk->sk_state_change(sk); 1110 release_sock(sk); 1111 } else { 1112 sco_conn_lock(conn); 1113 1114 if (!conn->hcon) { 1115 sco_conn_unlock(conn); 1116 return; 1117 } 1118 1119 parent = sco_get_sock_listen(&conn->hcon->src); 1120 if (!parent) { 1121 sco_conn_unlock(conn); 1122 return; 1123 } 1124 1125 lock_sock(parent); 1126 1127 sk = sco_sock_alloc(sock_net(parent), NULL, 1128 BTPROTO_SCO, GFP_ATOMIC, 0); 1129 if (!sk) { 1130 release_sock(parent); 1131 sco_conn_unlock(conn); 1132 return; 1133 } 1134 1135 sco_sock_init(sk, parent); 1136 1137 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1138 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1139 1140 hci_conn_hold(conn->hcon); 1141 __sco_chan_add(conn, sk, parent); 1142 1143 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1144 sk->sk_state = BT_CONNECT2; 1145 else 1146 sk->sk_state = BT_CONNECTED; 1147 1148 /* Wake up parent */ 1149 parent->sk_data_ready(parent); 1150 1151 release_sock(parent); 1152 1153 sco_conn_unlock(conn); 1154 } 1155} 1156 1157/* ----- SCO interface with lower layer (HCI) ----- */ 1158int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1159{ 1160 struct sock *sk; 1161 int lm = 0; 1162 1163 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1164 1165 /* Find listening sockets */ 1166 read_lock(&sco_sk_list.lock); 1167 sk_for_each(sk, &sco_sk_list.head) { 1168 if (sk->sk_state != BT_LISTEN) 1169 continue; 1170 1171 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1172 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1173 lm |= HCI_LM_ACCEPT; 1174 1175 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1176 *flags |= HCI_PROTO_DEFER; 1177 break; 1178 } 1179 } 1180 read_unlock(&sco_sk_list.lock); 1181 1182 return lm; 1183} 1184 1185static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1186{ 1187 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1188 return; 1189 1190 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1191 1192 if (!status) { 1193 struct sco_conn *conn; 1194 1195 conn = sco_conn_add(hcon); 1196 if (conn) 1197 sco_conn_ready(conn); 1198 } else 1199 sco_conn_del(hcon, bt_to_errno(status)); 1200} 1201 1202static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1203{ 1204 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1205 return; 1206 1207 BT_DBG("hcon %p reason %d", hcon, reason); 1208 1209 sco_conn_del(hcon, bt_to_errno(reason)); 1210} 1211 1212void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1213{ 1214 struct sco_conn *conn = hcon->sco_data; 1215 1216 if (!conn) 1217 goto drop; 1218 1219 BT_DBG("conn %p len %d", conn, skb->len); 1220 1221 if (skb->len) { 1222 sco_recv_frame(conn, skb); 1223 return; 1224 } 1225 1226drop: 1227 kfree_skb(skb); 1228} 1229 1230static struct hci_cb sco_cb = { 1231 .name = "SCO", 1232 .connect_cfm = sco_connect_cfm, 1233 .disconn_cfm = sco_disconn_cfm, 1234}; 1235 1236static int sco_debugfs_show(struct seq_file *f, void *p) 1237{ 1238 struct sock *sk; 1239 1240 read_lock(&sco_sk_list.lock); 1241 1242 sk_for_each(sk, &sco_sk_list.head) { 1243 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1244 &sco_pi(sk)->dst, sk->sk_state); 1245 } 1246 1247 read_unlock(&sco_sk_list.lock); 1248 1249 return 0; 1250} 1251 1252DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1253 1254static struct dentry *sco_debugfs; 1255 1256static const struct proto_ops sco_sock_ops = { 1257 .family = PF_BLUETOOTH, 1258 .owner = THIS_MODULE, 1259 .release = sco_sock_release, 1260 .bind = sco_sock_bind, 1261 .connect = sco_sock_connect, 1262 .listen = sco_sock_listen, 1263 .accept = sco_sock_accept, 1264 .getname = sco_sock_getname, 1265 .sendmsg = sco_sock_sendmsg, 1266 .recvmsg = sco_sock_recvmsg, 1267 .poll = bt_sock_poll, 1268 .ioctl = bt_sock_ioctl, 1269 .gettstamp = sock_gettstamp, 1270 .mmap = sock_no_mmap, 1271 .socketpair = sock_no_socketpair, 1272 .shutdown = sco_sock_shutdown, 1273 .setsockopt = sco_sock_setsockopt, 1274 .getsockopt = sco_sock_getsockopt 1275}; 1276 1277static const struct net_proto_family sco_sock_family_ops = { 1278 .family = PF_BLUETOOTH, 1279 .owner = THIS_MODULE, 1280 .create = sco_sock_create, 1281}; 1282 1283int __init sco_init(void) 1284{ 1285 int err; 1286 1287 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1288 1289 err = proto_register(&sco_proto, 0); 1290 if (err < 0) 1291 return err; 1292 1293 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1294 if (err < 0) { 1295 BT_ERR("SCO socket registration failed"); 1296 goto error; 1297 } 1298 1299 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1300 if (err < 0) { 1301 BT_ERR("Failed to create SCO proc file"); 1302 bt_sock_unregister(BTPROTO_SCO); 1303 goto error; 1304 } 1305 1306 BT_INFO("SCO socket layer initialized"); 1307 1308 hci_register_cb(&sco_cb); 1309 1310 if (IS_ERR_OR_NULL(bt_debugfs)) 1311 return 0; 1312 1313 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1314 NULL, &sco_debugfs_fops); 1315 1316 return 0; 1317 1318error: 1319 proto_unregister(&sco_proto); 1320 return err; 1321} 1322 1323void sco_exit(void) 1324{ 1325 bt_procfs_cleanup(&init_net, "sco"); 1326 1327 debugfs_remove(sco_debugfs); 1328 1329 hci_unregister_cb(&sco_cb); 1330 1331 bt_sock_unregister(BTPROTO_SCO); 1332 1333 proto_unregister(&sco_proto); 1334} 1335 1336module_param(disable_esco, bool, 0644); 1337MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1338