1// SPDX-License-Identifier: GPL-2.0 2/* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023 NXP 7 */ 8 9#include <linux/module.h> 10#include <linux/debugfs.h> 11#include <linux/seq_file.h> 12#include <linux/sched/signal.h> 13 14#include <net/bluetooth/bluetooth.h> 15#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/iso.h> 17 18static const struct proto_ops iso_sock_ops; 19 20static struct bt_sock_list iso_sk_list = { 21 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 22}; 23 24/* ---- ISO connections ---- */ 25struct iso_conn { 26 struct hci_conn *hcon; 27 28 /* @lock: spinlock protecting changes to iso_conn fields */ 29 spinlock_t lock; 30 struct sock *sk; 31 32 struct delayed_work timeout_work; 33 34 struct sk_buff *rx_skb; 35 __u32 rx_len; 36 __u16 tx_sn; 37}; 38 39#define iso_conn_lock(c) spin_lock(&(c)->lock) 40#define iso_conn_unlock(c) spin_unlock(&(c)->lock) 41 42static void iso_sock_close(struct sock *sk); 43static void iso_sock_kill(struct sock *sk); 44 45/* ----- ISO socket info ----- */ 46#define iso_pi(sk) ((struct iso_pinfo *)sk) 47 48#define EIR_SERVICE_DATA_LENGTH 4 49#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 50 51/* iso_pinfo flags values */ 52enum { 53 BT_SK_BIG_SYNC, 54 BT_SK_PA_SYNC, 55 BT_SK_PA_SYNC_TERM, 56}; 57 58struct iso_pinfo { 59 struct bt_sock bt; 60 bdaddr_t src; 61 __u8 src_type; 62 bdaddr_t dst; 63 __u8 dst_type; 64 __u8 bc_sid; 65 __u8 bc_num_bis; 66 __u8 bc_bis[ISO_MAX_NUM_BIS]; 67 __u16 sync_handle; 68 unsigned long flags; 69 struct bt_iso_qos qos; 70 bool qos_user_set; 71 __u8 base_len; 72 __u8 base[BASE_MAX_LENGTH]; 73 struct iso_conn *conn; 74}; 75 76static struct bt_iso_qos default_qos; 77 78static bool check_ucast_qos(struct bt_iso_qos *qos); 79static bool check_bcast_qos(struct bt_iso_qos *qos); 80static bool iso_match_sid(struct sock *sk, void *data); 81static bool iso_match_sync_handle(struct sock *sk, void *data); 82static void iso_sock_disconn(struct sock *sk); 83 84typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 85 86static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 87 iso_sock_match_t match, void *data); 88 89/* ---- ISO timers ---- */ 90#define ISO_CONN_TIMEOUT (HZ * 40) 91#define ISO_DISCONN_TIMEOUT (HZ * 2) 92 93static void iso_sock_timeout(struct work_struct *work) 94{ 95 struct iso_conn *conn = container_of(work, struct iso_conn, 96 timeout_work.work); 97 struct sock *sk; 98 99 iso_conn_lock(conn); 100 sk = conn->sk; 101 if (sk) 102 sock_hold(sk); 103 iso_conn_unlock(conn); 104 105 if (!sk) 106 return; 107 108 BT_DBG("sock %p state %d", sk, sk->sk_state); 109 110 lock_sock(sk); 111 sk->sk_err = ETIMEDOUT; 112 sk->sk_state_change(sk); 113 release_sock(sk); 114 sock_put(sk); 115} 116 117static void iso_sock_set_timer(struct sock *sk, long timeout) 118{ 119 if (!iso_pi(sk)->conn) 120 return; 121 122 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 123 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 124 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 125} 126 127static void iso_sock_clear_timer(struct sock *sk) 128{ 129 if (!iso_pi(sk)->conn) 130 return; 131 132 BT_DBG("sock %p state %d", sk, sk->sk_state); 133 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 134} 135 136/* ---- ISO connections ---- */ 137static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 138{ 139 struct iso_conn *conn = hcon->iso_data; 140 141 if (conn) { 142 if (!conn->hcon) 143 conn->hcon = hcon; 144 return conn; 145 } 146 147 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 148 if (!conn) 149 return NULL; 150 151 spin_lock_init(&conn->lock); 152 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 153 154 hcon->iso_data = conn; 155 conn->hcon = hcon; 156 conn->tx_sn = 0; 157 158 BT_DBG("hcon %p conn %p", hcon, conn); 159 160 return conn; 161} 162 163/* Delete channel. Must be called on the locked socket. */ 164static void iso_chan_del(struct sock *sk, int err) 165{ 166 struct iso_conn *conn; 167 struct sock *parent; 168 169 conn = iso_pi(sk)->conn; 170 171 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 172 173 if (conn) { 174 iso_conn_lock(conn); 175 conn->sk = NULL; 176 iso_pi(sk)->conn = NULL; 177 iso_conn_unlock(conn); 178 179 if (conn->hcon) 180 hci_conn_drop(conn->hcon); 181 } 182 183 sk->sk_state = BT_CLOSED; 184 sk->sk_err = err; 185 186 parent = bt_sk(sk)->parent; 187 if (parent) { 188 bt_accept_unlink(sk); 189 parent->sk_data_ready(parent); 190 } else { 191 sk->sk_state_change(sk); 192 } 193 194 sock_set_flag(sk, SOCK_ZAPPED); 195} 196 197static bool iso_match_conn_sync_handle(struct sock *sk, void *data) 198{ 199 struct hci_conn *hcon = data; 200 201 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) 202 return false; 203 204 return hcon->sync_handle == iso_pi(sk)->sync_handle; 205} 206 207static void iso_conn_del(struct hci_conn *hcon, int err) 208{ 209 struct iso_conn *conn = hcon->iso_data; 210 struct sock *sk; 211 struct sock *parent; 212 213 if (!conn) 214 return; 215 216 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 217 218 /* Kill socket */ 219 iso_conn_lock(conn); 220 sk = conn->sk; 221 if (sk) 222 sock_hold(sk); 223 iso_conn_unlock(conn); 224 225 if (sk) { 226 lock_sock(sk); 227 228 /* While a PA sync hcon is in the process of closing, 229 * mark parent socket with a flag, so that any residual 230 * BIGInfo adv reports that arrive before PA sync is 231 * terminated are not processed anymore. 232 */ 233 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 234 parent = iso_get_sock_listen(&hcon->src, 235 &hcon->dst, 236 iso_match_conn_sync_handle, 237 hcon); 238 239 if (parent) { 240 set_bit(BT_SK_PA_SYNC_TERM, 241 &iso_pi(parent)->flags); 242 sock_put(parent); 243 } 244 } 245 246 iso_sock_clear_timer(sk); 247 iso_chan_del(sk, err); 248 release_sock(sk); 249 sock_put(sk); 250 } 251 252 /* Ensure no more work items will run before freeing conn. */ 253 cancel_delayed_work_sync(&conn->timeout_work); 254 255 hcon->iso_data = NULL; 256 kfree(conn); 257} 258 259static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 260 struct sock *parent) 261{ 262 BT_DBG("conn %p", conn); 263 264 if (iso_pi(sk)->conn == conn && conn->sk == sk) 265 return 0; 266 267 if (conn->sk) { 268 BT_ERR("conn->sk already set"); 269 return -EBUSY; 270 } 271 272 iso_pi(sk)->conn = conn; 273 conn->sk = sk; 274 275 if (parent) 276 bt_accept_enqueue(parent, sk, true); 277 278 return 0; 279} 280 281static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 282 struct sock *parent) 283{ 284 int err; 285 286 iso_conn_lock(conn); 287 err = __iso_chan_add(conn, sk, parent); 288 iso_conn_unlock(conn); 289 290 return err; 291} 292 293static inline u8 le_addr_type(u8 bdaddr_type) 294{ 295 if (bdaddr_type == BDADDR_LE_PUBLIC) 296 return ADDR_LE_DEV_PUBLIC; 297 else 298 return ADDR_LE_DEV_RANDOM; 299} 300 301static int iso_connect_bis(struct sock *sk) 302{ 303 struct iso_conn *conn; 304 struct hci_conn *hcon; 305 struct hci_dev *hdev; 306 int err; 307 308 BT_DBG("%pMR", &iso_pi(sk)->src); 309 310 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 311 iso_pi(sk)->src_type); 312 if (!hdev) 313 return -EHOSTUNREACH; 314 315 hci_dev_lock(hdev); 316 317 if (!bis_capable(hdev)) { 318 err = -EOPNOTSUPP; 319 goto unlock; 320 } 321 322 /* Fail if user set invalid QoS */ 323 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 324 iso_pi(sk)->qos = default_qos; 325 err = -EINVAL; 326 goto unlock; 327 } 328 329 /* Fail if out PHYs are marked as disabled */ 330 if (!iso_pi(sk)->qos.bcast.out.phy) { 331 err = -EINVAL; 332 goto unlock; 333 } 334 335 /* Just bind if DEFER_SETUP has been set */ 336 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 337 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, 338 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 339 iso_pi(sk)->base); 340 if (IS_ERR(hcon)) { 341 err = PTR_ERR(hcon); 342 goto unlock; 343 } 344 } else { 345 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 346 le_addr_type(iso_pi(sk)->dst_type), 347 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 348 iso_pi(sk)->base); 349 if (IS_ERR(hcon)) { 350 err = PTR_ERR(hcon); 351 goto unlock; 352 } 353 } 354 355 conn = iso_conn_add(hcon); 356 if (!conn) { 357 hci_conn_drop(hcon); 358 err = -ENOMEM; 359 goto unlock; 360 } 361 362 lock_sock(sk); 363 364 err = iso_chan_add(conn, sk, NULL); 365 if (err) { 366 release_sock(sk); 367 goto unlock; 368 } 369 370 /* Update source addr of the socket */ 371 bacpy(&iso_pi(sk)->src, &hcon->src); 372 373 if (hcon->state == BT_CONNECTED) { 374 iso_sock_clear_timer(sk); 375 sk->sk_state = BT_CONNECTED; 376 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 377 iso_sock_clear_timer(sk); 378 sk->sk_state = BT_CONNECT; 379 } else { 380 sk->sk_state = BT_CONNECT; 381 iso_sock_set_timer(sk, sk->sk_sndtimeo); 382 } 383 384 release_sock(sk); 385 386unlock: 387 hci_dev_unlock(hdev); 388 hci_dev_put(hdev); 389 return err; 390} 391 392static int iso_connect_cis(struct sock *sk) 393{ 394 struct iso_conn *conn; 395 struct hci_conn *hcon; 396 struct hci_dev *hdev; 397 int err; 398 399 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 400 401 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 402 iso_pi(sk)->src_type); 403 if (!hdev) 404 return -EHOSTUNREACH; 405 406 hci_dev_lock(hdev); 407 408 if (!cis_central_capable(hdev)) { 409 err = -EOPNOTSUPP; 410 goto unlock; 411 } 412 413 /* Fail if user set invalid QoS */ 414 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 415 iso_pi(sk)->qos = default_qos; 416 err = -EINVAL; 417 goto unlock; 418 } 419 420 /* Fail if either PHYs are marked as disabled */ 421 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 422 err = -EINVAL; 423 goto unlock; 424 } 425 426 /* Just bind if DEFER_SETUP has been set */ 427 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 428 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 429 le_addr_type(iso_pi(sk)->dst_type), 430 &iso_pi(sk)->qos); 431 if (IS_ERR(hcon)) { 432 err = PTR_ERR(hcon); 433 goto unlock; 434 } 435 } else { 436 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 437 le_addr_type(iso_pi(sk)->dst_type), 438 &iso_pi(sk)->qos); 439 if (IS_ERR(hcon)) { 440 err = PTR_ERR(hcon); 441 goto unlock; 442 } 443 } 444 445 conn = iso_conn_add(hcon); 446 if (!conn) { 447 hci_conn_drop(hcon); 448 err = -ENOMEM; 449 goto unlock; 450 } 451 452 lock_sock(sk); 453 454 err = iso_chan_add(conn, sk, NULL); 455 if (err) { 456 release_sock(sk); 457 goto unlock; 458 } 459 460 /* Update source addr of the socket */ 461 bacpy(&iso_pi(sk)->src, &hcon->src); 462 463 if (hcon->state == BT_CONNECTED) { 464 iso_sock_clear_timer(sk); 465 sk->sk_state = BT_CONNECTED; 466 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 467 iso_sock_clear_timer(sk); 468 sk->sk_state = BT_CONNECT; 469 } else { 470 sk->sk_state = BT_CONNECT; 471 iso_sock_set_timer(sk, sk->sk_sndtimeo); 472 } 473 474 release_sock(sk); 475 476unlock: 477 hci_dev_unlock(hdev); 478 hci_dev_put(hdev); 479 return err; 480} 481 482static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 483{ 484 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 485 return &iso_pi(sk)->conn->hcon->iso_qos; 486 487 return &iso_pi(sk)->qos; 488} 489 490static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 491{ 492 struct iso_conn *conn = iso_pi(sk)->conn; 493 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 494 struct hci_iso_data_hdr *hdr; 495 int len = 0; 496 497 BT_DBG("sk %p len %d", sk, skb->len); 498 499 if (skb->len > qos->ucast.out.sdu) 500 return -EMSGSIZE; 501 502 len = skb->len; 503 504 /* Push ISO data header */ 505 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 506 hdr->sn = cpu_to_le16(conn->tx_sn++); 507 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 508 HCI_ISO_STATUS_VALID)); 509 510 if (sk->sk_state == BT_CONNECTED) 511 hci_send_iso(conn->hcon, skb); 512 else 513 len = -ENOTCONN; 514 515 return len; 516} 517 518static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 519{ 520 struct sock *sk; 521 522 iso_conn_lock(conn); 523 sk = conn->sk; 524 iso_conn_unlock(conn); 525 526 if (!sk) 527 goto drop; 528 529 BT_DBG("sk %p len %d", sk, skb->len); 530 531 if (sk->sk_state != BT_CONNECTED) 532 goto drop; 533 534 if (!sock_queue_rcv_skb(sk, skb)) 535 return; 536 537drop: 538 kfree_skb(skb); 539} 540 541/* -------- Socket interface ---------- */ 542static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst) 543{ 544 struct sock *sk; 545 546 sk_for_each(sk, &iso_sk_list.head) { 547 if (sk->sk_state != BT_LISTEN) 548 continue; 549 550 if (bacmp(&iso_pi(sk)->dst, dst)) 551 continue; 552 553 if (!bacmp(&iso_pi(sk)->src, src)) 554 return sk; 555 } 556 557 return NULL; 558} 559 560static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 561 __u8 sid) 562{ 563 struct sock *sk; 564 565 sk_for_each(sk, &iso_sk_list.head) { 566 if (sk->sk_state != BT_LISTEN) 567 continue; 568 569 if (bacmp(&iso_pi(sk)->src, ba)) 570 continue; 571 572 if (bacmp(&iso_pi(sk)->dst, bc)) 573 continue; 574 575 if (iso_pi(sk)->bc_sid == sid) 576 return sk; 577 } 578 579 return NULL; 580} 581 582/* Find socket listening: 583 * source bdaddr (Unicast) 584 * destination bdaddr (Broadcast only) 585 * match func - pass NULL to ignore 586 * match func data - pass -1 to ignore 587 * Returns closest match. 588 */ 589static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 590 iso_sock_match_t match, void *data) 591{ 592 struct sock *sk = NULL, *sk1 = NULL; 593 594 read_lock(&iso_sk_list.lock); 595 596 sk_for_each(sk, &iso_sk_list.head) { 597 if (sk->sk_state != BT_LISTEN) 598 continue; 599 600 /* Match Broadcast destination */ 601 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 602 continue; 603 604 /* Use Match function if provided */ 605 if (match && !match(sk, data)) 606 continue; 607 608 /* Exact match. */ 609 if (!bacmp(&iso_pi(sk)->src, src)) 610 break; 611 612 /* Closest match */ 613 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 614 sk1 = sk; 615 } 616 617 read_unlock(&iso_sk_list.lock); 618 619 return sk ? sk : sk1; 620} 621 622static void iso_sock_destruct(struct sock *sk) 623{ 624 BT_DBG("sk %p", sk); 625 626 skb_queue_purge(&sk->sk_receive_queue); 627 skb_queue_purge(&sk->sk_write_queue); 628} 629 630static void iso_sock_cleanup_listen(struct sock *parent) 631{ 632 struct sock *sk; 633 634 BT_DBG("parent %p", parent); 635 636 /* Close not yet accepted channels */ 637 while ((sk = bt_accept_dequeue(parent, NULL))) { 638 iso_sock_close(sk); 639 iso_sock_kill(sk); 640 } 641 642 /* If listening socket stands for a PA sync connection, 643 * properly disconnect the hcon and socket. 644 */ 645 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon && 646 test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) { 647 iso_sock_disconn(parent); 648 return; 649 } 650 651 parent->sk_state = BT_CLOSED; 652 sock_set_flag(parent, SOCK_ZAPPED); 653} 654 655/* Kill socket (only if zapped and orphan) 656 * Must be called on unlocked socket. 657 */ 658static void iso_sock_kill(struct sock *sk) 659{ 660 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 661 sock_flag(sk, SOCK_DEAD)) 662 return; 663 664 BT_DBG("sk %p state %d", sk, sk->sk_state); 665 666 /* Kill poor orphan */ 667 bt_sock_unlink(&iso_sk_list, sk); 668 sock_set_flag(sk, SOCK_DEAD); 669 sock_put(sk); 670} 671 672static void iso_sock_disconn(struct sock *sk) 673{ 674 sk->sk_state = BT_DISCONN; 675 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 676 iso_conn_lock(iso_pi(sk)->conn); 677 hci_conn_drop(iso_pi(sk)->conn->hcon); 678 iso_pi(sk)->conn->hcon = NULL; 679 iso_conn_unlock(iso_pi(sk)->conn); 680} 681 682static void __iso_sock_close(struct sock *sk) 683{ 684 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 685 686 switch (sk->sk_state) { 687 case BT_LISTEN: 688 iso_sock_cleanup_listen(sk); 689 break; 690 691 case BT_CONNECT: 692 case BT_CONNECTED: 693 case BT_CONFIG: 694 if (iso_pi(sk)->conn->hcon) 695 iso_sock_disconn(sk); 696 else 697 iso_chan_del(sk, ECONNRESET); 698 break; 699 700 case BT_CONNECT2: 701 if (iso_pi(sk)->conn->hcon && 702 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) || 703 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags))) 704 iso_sock_disconn(sk); 705 else 706 iso_chan_del(sk, ECONNRESET); 707 break; 708 case BT_DISCONN: 709 iso_chan_del(sk, ECONNRESET); 710 break; 711 712 default: 713 sock_set_flag(sk, SOCK_ZAPPED); 714 break; 715 } 716} 717 718/* Must be called on unlocked socket. */ 719static void iso_sock_close(struct sock *sk) 720{ 721 iso_sock_clear_timer(sk); 722 lock_sock(sk); 723 __iso_sock_close(sk); 724 release_sock(sk); 725 iso_sock_kill(sk); 726} 727 728static void iso_sock_init(struct sock *sk, struct sock *parent) 729{ 730 BT_DBG("sk %p", sk); 731 732 if (parent) { 733 sk->sk_type = parent->sk_type; 734 bt_sk(sk)->flags = bt_sk(parent)->flags; 735 security_sk_clone(parent, sk); 736 } 737} 738 739static struct proto iso_proto = { 740 .name = "ISO", 741 .owner = THIS_MODULE, 742 .obj_size = sizeof(struct iso_pinfo) 743}; 744 745#define DEFAULT_IO_QOS \ 746{ \ 747 .interval = 10000u, \ 748 .latency = 10u, \ 749 .sdu = 40u, \ 750 .phy = BT_ISO_PHY_2M, \ 751 .rtn = 2u, \ 752} 753 754static struct bt_iso_qos default_qos = { 755 .bcast = { 756 .big = BT_ISO_QOS_BIG_UNSET, 757 .bis = BT_ISO_QOS_BIS_UNSET, 758 .sync_factor = 0x01, 759 .packing = 0x00, 760 .framing = 0x00, 761 .in = DEFAULT_IO_QOS, 762 .out = DEFAULT_IO_QOS, 763 .encryption = 0x00, 764 .bcode = {0x00}, 765 .options = 0x00, 766 .skip = 0x0000, 767 .sync_timeout = 0x4000, 768 .sync_cte_type = 0x00, 769 .mse = 0x00, 770 .timeout = 0x4000, 771 }, 772}; 773 774static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 775 int proto, gfp_t prio, int kern) 776{ 777 struct sock *sk; 778 779 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern); 780 if (!sk) 781 return NULL; 782 783 sk->sk_destruct = iso_sock_destruct; 784 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 785 786 /* Set address type as public as default src address is BDADDR_ANY */ 787 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 788 789 iso_pi(sk)->qos = default_qos; 790 791 bt_sock_link(&iso_sk_list, sk); 792 return sk; 793} 794 795static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 796 int kern) 797{ 798 struct sock *sk; 799 800 BT_DBG("sock %p", sock); 801 802 sock->state = SS_UNCONNECTED; 803 804 if (sock->type != SOCK_SEQPACKET) 805 return -ESOCKTNOSUPPORT; 806 807 sock->ops = &iso_sock_ops; 808 809 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 810 if (!sk) 811 return -ENOMEM; 812 813 iso_sock_init(sk, NULL); 814 return 0; 815} 816 817static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 818 int addr_len) 819{ 820 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 821 struct sock *sk = sock->sk; 822 int i; 823 824 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 825 sa->iso_bc->bc_num_bis); 826 827 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 828 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 829 return -EINVAL; 830 831 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 832 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 833 iso_pi(sk)->sync_handle = -1; 834 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 835 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 836 837 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 838 if (sa->iso_bc->bc_bis[i] < 0x01 || 839 sa->iso_bc->bc_bis[i] > 0x1f) 840 return -EINVAL; 841 842 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 843 iso_pi(sk)->bc_num_bis); 844 } 845 846 return 0; 847} 848 849static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 850 int addr_len) 851{ 852 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 853 struct sock *sk = sock->sk; 854 int err = 0; 855 856 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 857 858 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 859 addr->sa_family != AF_BLUETOOTH) 860 return -EINVAL; 861 862 lock_sock(sk); 863 864 if (sk->sk_state != BT_OPEN) { 865 err = -EBADFD; 866 goto done; 867 } 868 869 if (sk->sk_type != SOCK_SEQPACKET) { 870 err = -EINVAL; 871 goto done; 872 } 873 874 /* Check if the address type is of LE type */ 875 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 876 err = -EINVAL; 877 goto done; 878 } 879 880 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 881 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 882 883 /* Check for Broadcast address */ 884 if (addr_len > sizeof(*sa)) { 885 err = iso_sock_bind_bc(sock, addr, addr_len); 886 if (err) 887 goto done; 888 } 889 890 sk->sk_state = BT_BOUND; 891 892done: 893 release_sock(sk); 894 return err; 895} 896 897static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 898 int alen, int flags) 899{ 900 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 901 struct sock *sk = sock->sk; 902 int err; 903 904 BT_DBG("sk %p", sk); 905 906 if (alen < sizeof(struct sockaddr_iso) || 907 addr->sa_family != AF_BLUETOOTH) 908 return -EINVAL; 909 910 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 911 return -EBADFD; 912 913 if (sk->sk_type != SOCK_SEQPACKET) 914 return -EINVAL; 915 916 /* Check if the address type is of LE type */ 917 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 918 return -EINVAL; 919 920 lock_sock(sk); 921 922 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 923 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 924 925 release_sock(sk); 926 927 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 928 err = iso_connect_cis(sk); 929 else 930 err = iso_connect_bis(sk); 931 932 if (err) 933 return err; 934 935 lock_sock(sk); 936 937 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 938 err = bt_sock_wait_state(sk, BT_CONNECTED, 939 sock_sndtimeo(sk, flags & O_NONBLOCK)); 940 } 941 942 release_sock(sk); 943 return err; 944} 945 946static int iso_listen_bis(struct sock *sk) 947{ 948 struct hci_dev *hdev; 949 int err = 0; 950 951 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 952 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 953 954 write_lock(&iso_sk_list.lock); 955 956 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 957 iso_pi(sk)->bc_sid)) 958 err = -EADDRINUSE; 959 960 write_unlock(&iso_sk_list.lock); 961 962 if (err) 963 return err; 964 965 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 966 iso_pi(sk)->src_type); 967 if (!hdev) 968 return -EHOSTUNREACH; 969 970 /* Fail if user set invalid QoS */ 971 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 972 iso_pi(sk)->qos = default_qos; 973 return -EINVAL; 974 } 975 976 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 977 le_addr_type(iso_pi(sk)->dst_type), 978 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 979 980 hci_dev_put(hdev); 981 982 return err; 983} 984 985static int iso_listen_cis(struct sock *sk) 986{ 987 int err = 0; 988 989 BT_DBG("%pMR", &iso_pi(sk)->src); 990 991 write_lock(&iso_sk_list.lock); 992 993 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst)) 994 err = -EADDRINUSE; 995 996 write_unlock(&iso_sk_list.lock); 997 998 return err; 999} 1000 1001static int iso_sock_listen(struct socket *sock, int backlog) 1002{ 1003 struct sock *sk = sock->sk; 1004 int err = 0; 1005 1006 BT_DBG("sk %p backlog %d", sk, backlog); 1007 1008 lock_sock(sk); 1009 1010 if (sk->sk_state != BT_BOUND) { 1011 err = -EBADFD; 1012 goto done; 1013 } 1014 1015 if (sk->sk_type != SOCK_SEQPACKET) { 1016 err = -EINVAL; 1017 goto done; 1018 } 1019 1020 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 1021 err = iso_listen_cis(sk); 1022 else 1023 err = iso_listen_bis(sk); 1024 1025 if (err) 1026 goto done; 1027 1028 sk->sk_max_ack_backlog = backlog; 1029 sk->sk_ack_backlog = 0; 1030 1031 sk->sk_state = BT_LISTEN; 1032 1033done: 1034 release_sock(sk); 1035 return err; 1036} 1037 1038static int iso_sock_accept(struct socket *sock, struct socket *newsock, 1039 int flags, bool kern) 1040{ 1041 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1042 struct sock *sk = sock->sk, *ch; 1043 long timeo; 1044 int err = 0; 1045 1046 lock_sock(sk); 1047 1048 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 1049 1050 BT_DBG("sk %p timeo %ld", sk, timeo); 1051 1052 /* Wait for an incoming connection. (wake-one). */ 1053 add_wait_queue_exclusive(sk_sleep(sk), &wait); 1054 while (1) { 1055 if (sk->sk_state != BT_LISTEN) { 1056 err = -EBADFD; 1057 break; 1058 } 1059 1060 ch = bt_accept_dequeue(sk, newsock); 1061 if (ch) 1062 break; 1063 1064 if (!timeo) { 1065 err = -EAGAIN; 1066 break; 1067 } 1068 1069 if (signal_pending(current)) { 1070 err = sock_intr_errno(timeo); 1071 break; 1072 } 1073 1074 release_sock(sk); 1075 1076 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1077 lock_sock(sk); 1078 } 1079 remove_wait_queue(sk_sleep(sk), &wait); 1080 1081 if (err) 1082 goto done; 1083 1084 newsock->state = SS_CONNECTED; 1085 1086 BT_DBG("new socket %p", ch); 1087 1088done: 1089 release_sock(sk); 1090 return err; 1091} 1092 1093static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1094 int peer) 1095{ 1096 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1097 struct sock *sk = sock->sk; 1098 1099 BT_DBG("sock %p, sk %p", sock, sk); 1100 1101 addr->sa_family = AF_BLUETOOTH; 1102 1103 if (peer) { 1104 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1105 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1106 } else { 1107 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1108 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1109 } 1110 1111 return sizeof(struct sockaddr_iso); 1112} 1113 1114static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1115 size_t len) 1116{ 1117 struct sock *sk = sock->sk; 1118 struct sk_buff *skb, **frag; 1119 size_t mtu; 1120 int err; 1121 1122 BT_DBG("sock %p, sk %p", sock, sk); 1123 1124 err = sock_error(sk); 1125 if (err) 1126 return err; 1127 1128 if (msg->msg_flags & MSG_OOB) 1129 return -EOPNOTSUPP; 1130 1131 lock_sock(sk); 1132 1133 if (sk->sk_state != BT_CONNECTED) { 1134 release_sock(sk); 1135 return -ENOTCONN; 1136 } 1137 1138 mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; 1139 1140 release_sock(sk); 1141 1142 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0); 1143 if (IS_ERR(skb)) 1144 return PTR_ERR(skb); 1145 1146 len -= skb->len; 1147 1148 BT_DBG("skb %p len %d", sk, skb->len); 1149 1150 /* Continuation fragments */ 1151 frag = &skb_shinfo(skb)->frag_list; 1152 while (len) { 1153 struct sk_buff *tmp; 1154 1155 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0); 1156 if (IS_ERR(tmp)) { 1157 kfree_skb(skb); 1158 return PTR_ERR(tmp); 1159 } 1160 1161 *frag = tmp; 1162 1163 len -= tmp->len; 1164 1165 skb->len += tmp->len; 1166 skb->data_len += tmp->len; 1167 1168 BT_DBG("frag %p len %d", *frag, tmp->len); 1169 1170 frag = &(*frag)->next; 1171 } 1172 1173 lock_sock(sk); 1174 1175 if (sk->sk_state == BT_CONNECTED) 1176 err = iso_send_frame(sk, skb); 1177 else 1178 err = -ENOTCONN; 1179 1180 release_sock(sk); 1181 1182 if (err < 0) 1183 kfree_skb(skb); 1184 return err; 1185} 1186 1187static void iso_conn_defer_accept(struct hci_conn *conn) 1188{ 1189 struct hci_cp_le_accept_cis cp; 1190 struct hci_dev *hdev = conn->hdev; 1191 1192 BT_DBG("conn %p", conn); 1193 1194 conn->state = BT_CONFIG; 1195 1196 cp.handle = cpu_to_le16(conn->handle); 1197 1198 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1199} 1200 1201static void iso_conn_big_sync(struct sock *sk) 1202{ 1203 int err; 1204 struct hci_dev *hdev; 1205 1206 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 1207 iso_pi(sk)->src_type); 1208 1209 if (!hdev) 1210 return; 1211 1212 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1213 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon, 1214 &iso_pi(sk)->qos, 1215 iso_pi(sk)->sync_handle, 1216 iso_pi(sk)->bc_num_bis, 1217 iso_pi(sk)->bc_bis); 1218 if (err) 1219 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1220 err); 1221 } 1222} 1223 1224static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1225 size_t len, int flags) 1226{ 1227 struct sock *sk = sock->sk; 1228 struct iso_pinfo *pi = iso_pi(sk); 1229 1230 BT_DBG("sk %p", sk); 1231 1232 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1233 lock_sock(sk); 1234 switch (sk->sk_state) { 1235 case BT_CONNECT2: 1236 if (pi->conn->hcon && 1237 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1238 iso_conn_big_sync(sk); 1239 sk->sk_state = BT_LISTEN; 1240 } else { 1241 iso_conn_defer_accept(pi->conn->hcon); 1242 sk->sk_state = BT_CONFIG; 1243 } 1244 release_sock(sk); 1245 return 0; 1246 case BT_CONNECT: 1247 release_sock(sk); 1248 return iso_connect_cis(sk); 1249 default: 1250 release_sock(sk); 1251 break; 1252 } 1253 } 1254 1255 return bt_sock_recvmsg(sock, msg, len, flags); 1256} 1257 1258static bool check_io_qos(struct bt_iso_io_qos *qos) 1259{ 1260 /* If no PHY is enable SDU must be 0 */ 1261 if (!qos->phy && qos->sdu) 1262 return false; 1263 1264 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1265 return false; 1266 1267 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1268 return false; 1269 1270 if (qos->phy > BT_ISO_PHY_ANY) 1271 return false; 1272 1273 return true; 1274} 1275 1276static bool check_ucast_qos(struct bt_iso_qos *qos) 1277{ 1278 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET) 1279 return false; 1280 1281 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) 1282 return false; 1283 1284 if (qos->ucast.sca > 0x07) 1285 return false; 1286 1287 if (qos->ucast.packing > 0x01) 1288 return false; 1289 1290 if (qos->ucast.framing > 0x01) 1291 return false; 1292 1293 if (!check_io_qos(&qos->ucast.in)) 1294 return false; 1295 1296 if (!check_io_qos(&qos->ucast.out)) 1297 return false; 1298 1299 return true; 1300} 1301 1302static bool check_bcast_qos(struct bt_iso_qos *qos) 1303{ 1304 if (qos->bcast.sync_factor == 0x00) 1305 return false; 1306 1307 if (qos->bcast.packing > 0x01) 1308 return false; 1309 1310 if (qos->bcast.framing > 0x01) 1311 return false; 1312 1313 if (!check_io_qos(&qos->bcast.in)) 1314 return false; 1315 1316 if (!check_io_qos(&qos->bcast.out)) 1317 return false; 1318 1319 if (qos->bcast.encryption > 0x01) 1320 return false; 1321 1322 if (qos->bcast.options > 0x07) 1323 return false; 1324 1325 if (qos->bcast.skip > 0x01f3) 1326 return false; 1327 1328 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1329 return false; 1330 1331 if (qos->bcast.sync_cte_type > 0x1f) 1332 return false; 1333 1334 if (qos->bcast.mse > 0x1f) 1335 return false; 1336 1337 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1338 return false; 1339 1340 return true; 1341} 1342 1343static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1344 sockptr_t optval, unsigned int optlen) 1345{ 1346 struct sock *sk = sock->sk; 1347 int len, err = 0; 1348 struct bt_iso_qos qos = default_qos; 1349 u32 opt; 1350 1351 BT_DBG("sk %p", sk); 1352 1353 lock_sock(sk); 1354 1355 switch (optname) { 1356 case BT_DEFER_SETUP: 1357 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1358 err = -EINVAL; 1359 break; 1360 } 1361 1362 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1363 err = -EFAULT; 1364 break; 1365 } 1366 1367 if (opt) 1368 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1369 else 1370 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1371 break; 1372 1373 case BT_PKT_STATUS: 1374 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1375 err = -EFAULT; 1376 break; 1377 } 1378 1379 if (opt) 1380 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1381 else 1382 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1383 break; 1384 1385 case BT_ISO_QOS: 1386 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1387 sk->sk_state != BT_CONNECT2) { 1388 err = -EINVAL; 1389 break; 1390 } 1391 1392 len = min_t(unsigned int, sizeof(qos), optlen); 1393 1394 if (copy_from_sockptr(&qos, optval, len)) { 1395 err = -EFAULT; 1396 break; 1397 } 1398 1399 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) { 1400 err = -EINVAL; 1401 break; 1402 } 1403 1404 iso_pi(sk)->qos = qos; 1405 iso_pi(sk)->qos_user_set = true; 1406 1407 break; 1408 1409 case BT_ISO_BASE: 1410 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1411 sk->sk_state != BT_CONNECT2) { 1412 err = -EINVAL; 1413 break; 1414 } 1415 1416 if (optlen > sizeof(iso_pi(sk)->base)) { 1417 err = -EOVERFLOW; 1418 break; 1419 } 1420 1421 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1422 1423 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1424 err = -EFAULT; 1425 break; 1426 } 1427 1428 iso_pi(sk)->base_len = len; 1429 1430 break; 1431 1432 default: 1433 err = -ENOPROTOOPT; 1434 break; 1435 } 1436 1437 release_sock(sk); 1438 return err; 1439} 1440 1441static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1442 char __user *optval, int __user *optlen) 1443{ 1444 struct sock *sk = sock->sk; 1445 int len, err = 0; 1446 struct bt_iso_qos *qos; 1447 u8 base_len; 1448 u8 *base; 1449 1450 BT_DBG("sk %p", sk); 1451 1452 if (get_user(len, optlen)) 1453 return -EFAULT; 1454 1455 lock_sock(sk); 1456 1457 switch (optname) { 1458 case BT_DEFER_SETUP: 1459 if (sk->sk_state == BT_CONNECTED) { 1460 err = -EINVAL; 1461 break; 1462 } 1463 1464 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1465 (u32 __user *)optval)) 1466 err = -EFAULT; 1467 1468 break; 1469 1470 case BT_PKT_STATUS: 1471 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1472 (int __user *)optval)) 1473 err = -EFAULT; 1474 break; 1475 1476 case BT_ISO_QOS: 1477 qos = iso_sock_get_qos(sk); 1478 1479 len = min_t(unsigned int, len, sizeof(*qos)); 1480 if (copy_to_user(optval, qos, len)) 1481 err = -EFAULT; 1482 1483 break; 1484 1485 case BT_ISO_BASE: 1486 if (sk->sk_state == BT_CONNECTED && 1487 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) { 1488 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1489 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1490 } else { 1491 base_len = iso_pi(sk)->base_len; 1492 base = iso_pi(sk)->base; 1493 } 1494 1495 len = min_t(unsigned int, len, base_len); 1496 if (copy_to_user(optval, base, len)) 1497 err = -EFAULT; 1498 1499 break; 1500 1501 default: 1502 err = -ENOPROTOOPT; 1503 break; 1504 } 1505 1506 release_sock(sk); 1507 return err; 1508} 1509 1510static int iso_sock_shutdown(struct socket *sock, int how) 1511{ 1512 struct sock *sk = sock->sk; 1513 int err = 0; 1514 1515 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1516 1517 if (!sk) 1518 return 0; 1519 1520 sock_hold(sk); 1521 lock_sock(sk); 1522 1523 switch (how) { 1524 case SHUT_RD: 1525 if (sk->sk_shutdown & RCV_SHUTDOWN) 1526 goto unlock; 1527 sk->sk_shutdown |= RCV_SHUTDOWN; 1528 break; 1529 case SHUT_WR: 1530 if (sk->sk_shutdown & SEND_SHUTDOWN) 1531 goto unlock; 1532 sk->sk_shutdown |= SEND_SHUTDOWN; 1533 break; 1534 case SHUT_RDWR: 1535 if (sk->sk_shutdown & SHUTDOWN_MASK) 1536 goto unlock; 1537 sk->sk_shutdown |= SHUTDOWN_MASK; 1538 break; 1539 } 1540 1541 iso_sock_clear_timer(sk); 1542 __iso_sock_close(sk); 1543 1544 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1545 !(current->flags & PF_EXITING)) 1546 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1547 1548unlock: 1549 release_sock(sk); 1550 sock_put(sk); 1551 1552 return err; 1553} 1554 1555static int iso_sock_release(struct socket *sock) 1556{ 1557 struct sock *sk = sock->sk; 1558 int err = 0; 1559 1560 BT_DBG("sock %p, sk %p", sock, sk); 1561 1562 if (!sk) 1563 return 0; 1564 1565 iso_sock_close(sk); 1566 1567 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1568 !(current->flags & PF_EXITING)) { 1569 lock_sock(sk); 1570 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1571 release_sock(sk); 1572 } 1573 1574 sock_orphan(sk); 1575 iso_sock_kill(sk); 1576 return err; 1577} 1578 1579static void iso_sock_ready(struct sock *sk) 1580{ 1581 BT_DBG("sk %p", sk); 1582 1583 if (!sk) 1584 return; 1585 1586 lock_sock(sk); 1587 iso_sock_clear_timer(sk); 1588 sk->sk_state = BT_CONNECTED; 1589 sk->sk_state_change(sk); 1590 release_sock(sk); 1591} 1592 1593struct iso_list_data { 1594 struct hci_conn *hcon; 1595 int count; 1596}; 1597 1598static bool iso_match_big(struct sock *sk, void *data) 1599{ 1600 struct hci_evt_le_big_sync_estabilished *ev = data; 1601 1602 return ev->handle == iso_pi(sk)->qos.bcast.big; 1603} 1604 1605static bool iso_match_pa_sync_flag(struct sock *sk, void *data) 1606{ 1607 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1608} 1609 1610static void iso_conn_ready(struct iso_conn *conn) 1611{ 1612 struct sock *parent = NULL; 1613 struct sock *sk = conn->sk; 1614 struct hci_ev_le_big_sync_estabilished *ev = NULL; 1615 struct hci_ev_le_pa_sync_established *ev2 = NULL; 1616 struct hci_evt_le_big_info_adv_report *ev3 = NULL; 1617 struct hci_conn *hcon; 1618 1619 BT_DBG("conn %p", conn); 1620 1621 if (sk) { 1622 iso_sock_ready(conn->sk); 1623 } else { 1624 hcon = conn->hcon; 1625 if (!hcon) 1626 return; 1627 1628 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) || 1629 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) { 1630 ev = hci_recv_event_data(hcon->hdev, 1631 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1632 1633 /* Get reference to PA sync parent socket, if it exists */ 1634 parent = iso_get_sock_listen(&hcon->src, 1635 &hcon->dst, 1636 iso_match_pa_sync_flag, NULL); 1637 if (!parent && ev) 1638 parent = iso_get_sock_listen(&hcon->src, 1639 &hcon->dst, 1640 iso_match_big, ev); 1641 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1642 ev2 = hci_recv_event_data(hcon->hdev, 1643 HCI_EV_LE_PA_SYNC_ESTABLISHED); 1644 if (ev2) 1645 parent = iso_get_sock_listen(&hcon->src, 1646 &hcon->dst, 1647 iso_match_sid, ev2); 1648 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) { 1649 ev3 = hci_recv_event_data(hcon->hdev, 1650 HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1651 if (ev3) 1652 parent = iso_get_sock_listen(&hcon->src, 1653 &hcon->dst, 1654 iso_match_sync_handle, ev3); 1655 } 1656 1657 if (!parent) 1658 parent = iso_get_sock_listen(&hcon->src, 1659 BDADDR_ANY, NULL, NULL); 1660 1661 if (!parent) 1662 return; 1663 1664 lock_sock(parent); 1665 1666 sk = iso_sock_alloc(sock_net(parent), NULL, 1667 BTPROTO_ISO, GFP_ATOMIC, 0); 1668 if (!sk) { 1669 release_sock(parent); 1670 return; 1671 } 1672 1673 iso_sock_init(sk, parent); 1674 1675 bacpy(&iso_pi(sk)->src, &hcon->src); 1676 1677 /* Convert from HCI to three-value type */ 1678 if (hcon->src_type == ADDR_LE_DEV_PUBLIC) 1679 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 1680 else 1681 iso_pi(sk)->src_type = BDADDR_LE_RANDOM; 1682 1683 /* If hcon has no destination address (BDADDR_ANY) it means it 1684 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or 1685 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using 1686 * the parent socket destination address. 1687 */ 1688 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1689 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1690 hcon->dst_type = iso_pi(parent)->dst_type; 1691 hcon->sync_handle = iso_pi(parent)->sync_handle; 1692 } 1693 1694 if (ev3) { 1695 iso_pi(sk)->qos = iso_pi(parent)->qos; 1696 iso_pi(sk)->qos.bcast.encryption = ev3->encryption; 1697 hcon->iso_qos = iso_pi(sk)->qos; 1698 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis; 1699 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS); 1700 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1701 } 1702 1703 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1704 iso_pi(sk)->dst_type = hcon->dst_type; 1705 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle; 1706 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len); 1707 iso_pi(sk)->base_len = iso_pi(parent)->base_len; 1708 1709 hci_conn_hold(hcon); 1710 iso_chan_add(conn, sk, parent); 1711 1712 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) || 1713 (ev2 && ev2->status)) { 1714 /* Trigger error signal on child socket */ 1715 sk->sk_err = ECONNREFUSED; 1716 sk->sk_error_report(sk); 1717 } 1718 1719 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1720 sk->sk_state = BT_CONNECT2; 1721 else 1722 sk->sk_state = BT_CONNECTED; 1723 1724 /* Wake up parent */ 1725 parent->sk_data_ready(parent); 1726 1727 release_sock(parent); 1728 } 1729} 1730 1731static bool iso_match_sid(struct sock *sk, void *data) 1732{ 1733 struct hci_ev_le_pa_sync_established *ev = data; 1734 1735 return ev->sid == iso_pi(sk)->bc_sid; 1736} 1737 1738static bool iso_match_sync_handle(struct sock *sk, void *data) 1739{ 1740 struct hci_evt_le_big_info_adv_report *ev = data; 1741 1742 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1743} 1744 1745static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data) 1746{ 1747 struct hci_ev_le_per_adv_report *ev = data; 1748 1749 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1750} 1751 1752/* ----- ISO interface with lower layer (HCI) ----- */ 1753 1754int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1755{ 1756 struct hci_ev_le_pa_sync_established *ev1; 1757 struct hci_evt_le_big_info_adv_report *ev2; 1758 struct hci_ev_le_per_adv_report *ev3; 1759 struct sock *sk; 1760 int lm = 0; 1761 1762 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1763 1764 /* Broadcast receiver requires handling of some events before it can 1765 * proceed to establishing a BIG sync: 1766 * 1767 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1768 * SID to listen to and once sync is estabilished its handle needs to 1769 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1770 * receiving the BIG Info. 1771 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1772 * a BIG Info it attempts to check if there any listening socket with 1773 * the same sync_handle and if it does then attempt to create a sync. 1774 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored 1775 * in iso_pi(sk)->base so it can be passed up to user, in the case of a 1776 * broadcast sink. 1777 */ 1778 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1779 if (ev1) { 1780 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1781 ev1); 1782 if (sk && !ev1->status) 1783 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1784 1785 goto done; 1786 } 1787 1788 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1789 if (ev2) { 1790 /* Try to get PA sync listening socket, if it exists */ 1791 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1792 iso_match_pa_sync_flag, NULL); 1793 1794 if (!sk) { 1795 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1796 iso_match_sync_handle, ev2); 1797 1798 /* If PA Sync is in process of terminating, 1799 * do not handle any more BIGInfo adv reports. 1800 */ 1801 1802 if (sk && test_bit(BT_SK_PA_SYNC_TERM, 1803 &iso_pi(sk)->flags)) 1804 return lm; 1805 } 1806 1807 if (sk) { 1808 int err; 1809 1810 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1811 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1812 1813 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 1814 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1815 err = hci_le_big_create_sync(hdev, NULL, 1816 &iso_pi(sk)->qos, 1817 iso_pi(sk)->sync_handle, 1818 iso_pi(sk)->bc_num_bis, 1819 iso_pi(sk)->bc_bis); 1820 if (err) { 1821 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1822 err); 1823 sk = NULL; 1824 } 1825 } 1826 } 1827 } 1828 1829 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT); 1830 if (ev3) { 1831 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1832 iso_match_sync_handle_pa_report, ev3); 1833 1834 if (sk) { 1835 memcpy(iso_pi(sk)->base, ev3->data, ev3->length); 1836 iso_pi(sk)->base_len = ev3->length; 1837 } 1838 } else { 1839 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1840 } 1841 1842done: 1843 if (!sk) 1844 return lm; 1845 1846 lm |= HCI_LM_ACCEPT; 1847 1848 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1849 *flags |= HCI_PROTO_DEFER; 1850 1851 return lm; 1852} 1853 1854static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1855{ 1856 if (hcon->type != ISO_LINK) { 1857 if (hcon->type != LE_LINK) 1858 return; 1859 1860 /* Check if LE link has failed */ 1861 if (status) { 1862 struct hci_link *link, *t; 1863 1864 list_for_each_entry_safe(link, t, &hcon->link_list, 1865 list) 1866 iso_conn_del(link->conn, bt_to_errno(status)); 1867 1868 return; 1869 } 1870 1871 /* Create CIS if pending */ 1872 hci_le_create_cis_pending(hcon->hdev); 1873 return; 1874 } 1875 1876 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1877 1878 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or 1879 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection 1880 * into the accept queue of the listening socket and wake up 1881 * userspace, to inform the user about the event. 1882 */ 1883 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) || 1884 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1885 struct iso_conn *conn; 1886 1887 conn = iso_conn_add(hcon); 1888 if (conn) 1889 iso_conn_ready(conn); 1890 } else { 1891 iso_conn_del(hcon, bt_to_errno(status)); 1892 } 1893} 1894 1895static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1896{ 1897 if (hcon->type != ISO_LINK) 1898 return; 1899 1900 BT_DBG("hcon %p reason %d", hcon, reason); 1901 1902 iso_conn_del(hcon, bt_to_errno(reason)); 1903} 1904 1905void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1906{ 1907 struct iso_conn *conn = hcon->iso_data; 1908 __u16 pb, ts, len; 1909 1910 if (!conn) 1911 goto drop; 1912 1913 pb = hci_iso_flags_pb(flags); 1914 ts = hci_iso_flags_ts(flags); 1915 1916 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1917 1918 switch (pb) { 1919 case ISO_START: 1920 case ISO_SINGLE: 1921 if (conn->rx_len) { 1922 BT_ERR("Unexpected start frame (len %d)", skb->len); 1923 kfree_skb(conn->rx_skb); 1924 conn->rx_skb = NULL; 1925 conn->rx_len = 0; 1926 } 1927 1928 if (ts) { 1929 struct hci_iso_ts_data_hdr *hdr; 1930 1931 /* TODO: add timestamp to the packet? */ 1932 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1933 if (!hdr) { 1934 BT_ERR("Frame is too short (len %d)", skb->len); 1935 goto drop; 1936 } 1937 1938 len = __le16_to_cpu(hdr->slen); 1939 } else { 1940 struct hci_iso_data_hdr *hdr; 1941 1942 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1943 if (!hdr) { 1944 BT_ERR("Frame is too short (len %d)", skb->len); 1945 goto drop; 1946 } 1947 1948 len = __le16_to_cpu(hdr->slen); 1949 } 1950 1951 flags = hci_iso_data_flags(len); 1952 len = hci_iso_data_len(len); 1953 1954 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1955 skb->len, flags); 1956 1957 if (len == skb->len) { 1958 /* Complete frame received */ 1959 hci_skb_pkt_status(skb) = flags & 0x03; 1960 iso_recv_frame(conn, skb); 1961 return; 1962 } 1963 1964 if (pb == ISO_SINGLE) { 1965 BT_ERR("Frame malformed (len %d, expected len %d)", 1966 skb->len, len); 1967 goto drop; 1968 } 1969 1970 if (skb->len > len) { 1971 BT_ERR("Frame is too long (len %d, expected len %d)", 1972 skb->len, len); 1973 goto drop; 1974 } 1975 1976 /* Allocate skb for the complete frame (with header) */ 1977 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1978 if (!conn->rx_skb) 1979 goto drop; 1980 1981 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03; 1982 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1983 skb->len); 1984 conn->rx_len = len - skb->len; 1985 break; 1986 1987 case ISO_CONT: 1988 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1989 conn->rx_len); 1990 1991 if (!conn->rx_len) { 1992 BT_ERR("Unexpected continuation frame (len %d)", 1993 skb->len); 1994 goto drop; 1995 } 1996 1997 if (skb->len > conn->rx_len) { 1998 BT_ERR("Fragment is too long (len %d, expected %d)", 1999 skb->len, conn->rx_len); 2000 kfree_skb(conn->rx_skb); 2001 conn->rx_skb = NULL; 2002 conn->rx_len = 0; 2003 goto drop; 2004 } 2005 2006 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2007 skb->len); 2008 conn->rx_len -= skb->len; 2009 return; 2010 2011 case ISO_END: 2012 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2013 skb->len); 2014 conn->rx_len -= skb->len; 2015 2016 if (!conn->rx_len) { 2017 struct sk_buff *rx_skb = conn->rx_skb; 2018 2019 /* Complete frame received. iso_recv_frame 2020 * takes ownership of the skb so set the global 2021 * rx_skb pointer to NULL first. 2022 */ 2023 conn->rx_skb = NULL; 2024 iso_recv_frame(conn, rx_skb); 2025 } 2026 break; 2027 } 2028 2029drop: 2030 kfree_skb(skb); 2031} 2032 2033static struct hci_cb iso_cb = { 2034 .name = "ISO", 2035 .connect_cfm = iso_connect_cfm, 2036 .disconn_cfm = iso_disconn_cfm, 2037}; 2038 2039static int iso_debugfs_show(struct seq_file *f, void *p) 2040{ 2041 struct sock *sk; 2042 2043 read_lock(&iso_sk_list.lock); 2044 2045 sk_for_each(sk, &iso_sk_list.head) { 2046 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 2047 &iso_pi(sk)->dst, sk->sk_state); 2048 } 2049 2050 read_unlock(&iso_sk_list.lock); 2051 2052 return 0; 2053} 2054 2055DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 2056 2057static struct dentry *iso_debugfs; 2058 2059static const struct proto_ops iso_sock_ops = { 2060 .family = PF_BLUETOOTH, 2061 .owner = THIS_MODULE, 2062 .release = iso_sock_release, 2063 .bind = iso_sock_bind, 2064 .connect = iso_sock_connect, 2065 .listen = iso_sock_listen, 2066 .accept = iso_sock_accept, 2067 .getname = iso_sock_getname, 2068 .sendmsg = iso_sock_sendmsg, 2069 .recvmsg = iso_sock_recvmsg, 2070 .poll = bt_sock_poll, 2071 .ioctl = bt_sock_ioctl, 2072 .mmap = sock_no_mmap, 2073 .socketpair = sock_no_socketpair, 2074 .shutdown = iso_sock_shutdown, 2075 .setsockopt = iso_sock_setsockopt, 2076 .getsockopt = iso_sock_getsockopt 2077}; 2078 2079static const struct net_proto_family iso_sock_family_ops = { 2080 .family = PF_BLUETOOTH, 2081 .owner = THIS_MODULE, 2082 .create = iso_sock_create, 2083}; 2084 2085static bool iso_inited; 2086 2087bool iso_enabled(void) 2088{ 2089 return iso_inited; 2090} 2091 2092int iso_init(void) 2093{ 2094 int err; 2095 2096 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 2097 2098 if (iso_inited) 2099 return -EALREADY; 2100 2101 err = proto_register(&iso_proto, 0); 2102 if (err < 0) 2103 return err; 2104 2105 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 2106 if (err < 0) { 2107 BT_ERR("ISO socket registration failed"); 2108 goto error; 2109 } 2110 2111 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 2112 if (err < 0) { 2113 BT_ERR("Failed to create ISO proc file"); 2114 bt_sock_unregister(BTPROTO_ISO); 2115 goto error; 2116 } 2117 2118 BT_INFO("ISO socket layer initialized"); 2119 2120 hci_register_cb(&iso_cb); 2121 2122 if (IS_ERR_OR_NULL(bt_debugfs)) 2123 return 0; 2124 2125 if (!iso_debugfs) { 2126 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 2127 NULL, &iso_debugfs_fops); 2128 } 2129 2130 iso_inited = true; 2131 2132 return 0; 2133 2134error: 2135 proto_unregister(&iso_proto); 2136 return err; 2137} 2138 2139int iso_exit(void) 2140{ 2141 if (!iso_inited) 2142 return -EALREADY; 2143 2144 bt_procfs_cleanup(&init_net, "iso"); 2145 2146 debugfs_remove(iso_debugfs); 2147 iso_debugfs = NULL; 2148 2149 hci_unregister_cb(&iso_cb); 2150 2151 bt_sock_unregister(BTPROTO_ISO); 2152 2153 proto_unregister(&iso_proto); 2154 2155 iso_inited = false; 2156 2157 return 0; 2158} 2159