1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52 };
53
54 #define sco_conn_lock(c) spin_lock(&c->lock);
55 #define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57 static void sco_sock_close(struct sock *sk);
58 static void sco_sock_kill(struct sock *sk);
59
60 /* ----- SCO socket info ----- */
61 #define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63 struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 __u8 cmsg_mask;
70 struct sco_conn *conn;
71 };
72
73 /* ---- SCO timers ---- */
74 #define SCO_CONN_TIMEOUT (HZ * 40)
75 #define SCO_DISCONN_TIMEOUT (HZ * 2)
76
sco_sock_timeout(struct timer_list * t)77 static void sco_sock_timeout(struct timer_list *t)
78 {
79 struct sock *sk = from_timer(sk, t, sk_timer);
80
81 BT_DBG("sock %p state %d", sk, sk->sk_state);
82
83 bh_lock_sock(sk);
84 sk->sk_err = ETIMEDOUT;
85 sk->sk_state_change(sk);
86 bh_unlock_sock(sk);
87
88 sco_sock_kill(sk);
89 sock_put(sk);
90 }
91
sco_sock_set_timer(struct sock * sk,long timeout)92 static void sco_sock_set_timer(struct sock *sk, long timeout)
93 {
94 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
95 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
96 }
97
sco_sock_clear_timer(struct sock * sk)98 static void sco_sock_clear_timer(struct sock *sk)
99 {
100 BT_DBG("sock %p state %d", sk, sk->sk_state);
101 sk_stop_timer(sk, &sk->sk_timer);
102 }
103
104 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)105 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
106 {
107 struct hci_dev *hdev = hcon->hdev;
108 struct sco_conn *conn = hcon->sco_data;
109
110 if (conn)
111 return conn;
112
113 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
114 if (!conn)
115 return NULL;
116
117 spin_lock_init(&conn->lock);
118
119 hcon->sco_data = conn;
120 conn->hcon = hcon;
121
122 if (hdev->sco_mtu > 0)
123 conn->mtu = hdev->sco_mtu;
124 else
125 conn->mtu = 60;
126
127 BT_DBG("hcon %p conn %p", hcon, conn);
128
129 return conn;
130 }
131
132 /* Delete channel.
133 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)134 static void sco_chan_del(struct sock *sk, int err)
135 {
136 struct sco_conn *conn;
137
138 conn = sco_pi(sk)->conn;
139
140 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
141
142 if (conn) {
143 sco_conn_lock(conn);
144 conn->sk = NULL;
145 sco_pi(sk)->conn = NULL;
146 sco_conn_unlock(conn);
147
148 if (conn->hcon)
149 hci_conn_drop(conn->hcon);
150 }
151
152 sk->sk_state = BT_CLOSED;
153 sk->sk_err = err;
154 sk->sk_state_change(sk);
155
156 sock_set_flag(sk, SOCK_ZAPPED);
157 }
158
sco_conn_del(struct hci_conn * hcon,int err)159 static void sco_conn_del(struct hci_conn *hcon, int err)
160 {
161 struct sco_conn *conn = hcon->sco_data;
162 struct sock *sk;
163
164 if (!conn)
165 return;
166
167 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
168
169 /* Kill socket */
170 sco_conn_lock(conn);
171 sk = conn->sk;
172 sco_conn_unlock(conn);
173
174 if (sk) {
175 sock_hold(sk);
176 bh_lock_sock(sk);
177 sco_sock_clear_timer(sk);
178 sco_chan_del(sk, err);
179 bh_unlock_sock(sk);
180 sco_sock_kill(sk);
181 sock_put(sk);
182 }
183
184 hcon->sco_data = NULL;
185 kfree(conn);
186 }
187
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)188 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
189 struct sock *parent)
190 {
191 BT_DBG("conn %p", conn);
192
193 sco_pi(sk)->conn = conn;
194 conn->sk = sk;
195
196 if (parent)
197 bt_accept_enqueue(parent, sk, true);
198 }
199
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)200 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
201 struct sock *parent)
202 {
203 int err = 0;
204
205 sco_conn_lock(conn);
206 if (conn->sk)
207 err = -EBUSY;
208 else
209 __sco_chan_add(conn, sk, parent);
210
211 sco_conn_unlock(conn);
212 return err;
213 }
214
sco_connect(struct sock * sk)215 static int sco_connect(struct sock *sk)
216 {
217 struct sco_conn *conn;
218 struct hci_conn *hcon;
219 struct hci_dev *hdev;
220 int err, type;
221
222 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
223
224 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
225 if (!hdev)
226 return -EHOSTUNREACH;
227
228 hci_dev_lock(hdev);
229
230 if (lmp_esco_capable(hdev) && !disable_esco)
231 type = ESCO_LINK;
232 else
233 type = SCO_LINK;
234
235 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
236 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
237 err = -EOPNOTSUPP;
238 goto done;
239 }
240
241 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
242 sco_pi(sk)->setting);
243 if (IS_ERR(hcon)) {
244 err = PTR_ERR(hcon);
245 goto done;
246 }
247
248 conn = sco_conn_add(hcon);
249 if (!conn) {
250 hci_conn_drop(hcon);
251 err = -ENOMEM;
252 goto done;
253 }
254
255 /* Update source addr of the socket */
256 bacpy(&sco_pi(sk)->src, &hcon->src);
257
258 err = sco_chan_add(conn, sk, NULL);
259 if (err)
260 goto done;
261
262 if (hcon->state == BT_CONNECTED) {
263 sco_sock_clear_timer(sk);
264 sk->sk_state = BT_CONNECTED;
265 } else {
266 sk->sk_state = BT_CONNECT;
267 sco_sock_set_timer(sk, sk->sk_sndtimeo);
268 }
269
270 done:
271 hci_dev_unlock(hdev);
272 hci_dev_put(hdev);
273 return err;
274 }
275
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)276 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
277 {
278 struct sco_conn *conn = sco_pi(sk)->conn;
279 struct sk_buff *skb;
280 int err;
281
282 /* Check outgoing MTU */
283 if (len > conn->mtu)
284 return -EINVAL;
285
286 BT_DBG("sk %p len %d", sk, len);
287
288 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
289 if (!skb)
290 return err;
291
292 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
293 kfree_skb(skb);
294 return -EFAULT;
295 }
296
297 hci_send_sco(conn->hcon, skb);
298
299 return len;
300 }
301
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)302 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
303 {
304 struct sock *sk;
305
306 sco_conn_lock(conn);
307 sk = conn->sk;
308 sco_conn_unlock(conn);
309
310 if (!sk)
311 goto drop;
312
313 BT_DBG("sk %p len %d", sk, skb->len);
314
315 if (sk->sk_state != BT_CONNECTED)
316 goto drop;
317
318 if (!sock_queue_rcv_skb(sk, skb))
319 return;
320
321 drop:
322 kfree_skb(skb);
323 }
324
325 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)326 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
327 {
328 struct sock *sk;
329
330 sk_for_each(sk, &sco_sk_list.head) {
331 if (sk->sk_state != BT_LISTEN)
332 continue;
333
334 if (!bacmp(&sco_pi(sk)->src, ba))
335 return sk;
336 }
337
338 return NULL;
339 }
340
341 /* Find socket listening on source bdaddr.
342 * Returns closest match.
343 */
sco_get_sock_listen(bdaddr_t * src)344 static struct sock *sco_get_sock_listen(bdaddr_t *src)
345 {
346 struct sock *sk = NULL, *sk1 = NULL;
347
348 read_lock(&sco_sk_list.lock);
349
350 sk_for_each(sk, &sco_sk_list.head) {
351 if (sk->sk_state != BT_LISTEN)
352 continue;
353
354 /* Exact match. */
355 if (!bacmp(&sco_pi(sk)->src, src))
356 break;
357
358 /* Closest match */
359 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
360 sk1 = sk;
361 }
362
363 read_unlock(&sco_sk_list.lock);
364
365 return sk ? sk : sk1;
366 }
367
sco_sock_destruct(struct sock * sk)368 static void sco_sock_destruct(struct sock *sk)
369 {
370 BT_DBG("sk %p", sk);
371
372 skb_queue_purge(&sk->sk_receive_queue);
373 skb_queue_purge(&sk->sk_write_queue);
374 }
375
sco_sock_cleanup_listen(struct sock * parent)376 static void sco_sock_cleanup_listen(struct sock *parent)
377 {
378 struct sock *sk;
379
380 BT_DBG("parent %p", parent);
381
382 /* Close not yet accepted channels */
383 while ((sk = bt_accept_dequeue(parent, NULL))) {
384 sco_sock_close(sk);
385 sco_sock_kill(sk);
386 }
387
388 parent->sk_state = BT_CLOSED;
389 sock_set_flag(parent, SOCK_ZAPPED);
390 }
391
392 /* Kill socket (only if zapped and orphan)
393 * Must be called on unlocked socket.
394 */
sco_sock_kill(struct sock * sk)395 static void sco_sock_kill(struct sock *sk)
396 {
397 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
398 sock_flag(sk, SOCK_DEAD))
399 return;
400
401 BT_DBG("sk %p state %d", sk, sk->sk_state);
402
403 /* Kill poor orphan */
404 bt_sock_unlink(&sco_sk_list, sk);
405 sock_set_flag(sk, SOCK_DEAD);
406 sock_put(sk);
407 }
408
__sco_sock_close(struct sock * sk)409 static void __sco_sock_close(struct sock *sk)
410 {
411 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
412
413 switch (sk->sk_state) {
414 case BT_LISTEN:
415 sco_sock_cleanup_listen(sk);
416 break;
417
418 case BT_CONNECTED:
419 case BT_CONFIG:
420 if (sco_pi(sk)->conn->hcon) {
421 sk->sk_state = BT_DISCONN;
422 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
423 sco_conn_lock(sco_pi(sk)->conn);
424 hci_conn_drop(sco_pi(sk)->conn->hcon);
425 sco_pi(sk)->conn->hcon = NULL;
426 sco_conn_unlock(sco_pi(sk)->conn);
427 } else
428 sco_chan_del(sk, ECONNRESET);
429 break;
430
431 case BT_CONNECT2:
432 case BT_CONNECT:
433 case BT_DISCONN:
434 sco_chan_del(sk, ECONNRESET);
435 break;
436
437 default:
438 sock_set_flag(sk, SOCK_ZAPPED);
439 break;
440 }
441 }
442
443 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)444 static void sco_sock_close(struct sock *sk)
445 {
446 sco_sock_clear_timer(sk);
447 lock_sock(sk);
448 __sco_sock_close(sk);
449 release_sock(sk);
450 sco_sock_kill(sk);
451 }
452
sco_skb_put_cmsg(struct sk_buff * skb,struct msghdr * msg,struct sock * sk)453 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
454 struct sock *sk)
455 {
456 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
457 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
458 sizeof(bt_cb(skb)->sco.pkt_status),
459 &bt_cb(skb)->sco.pkt_status);
460 }
461
sco_sock_init(struct sock * sk,struct sock * parent)462 static void sco_sock_init(struct sock *sk, struct sock *parent)
463 {
464 BT_DBG("sk %p", sk);
465
466 if (parent) {
467 sk->sk_type = parent->sk_type;
468 bt_sk(sk)->flags = bt_sk(parent)->flags;
469 security_sk_clone(parent, sk);
470 } else {
471 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
472 }
473 }
474
475 static struct proto sco_proto = {
476 .name = "SCO",
477 .owner = THIS_MODULE,
478 .obj_size = sizeof(struct sco_pinfo)
479 };
480
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)481 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
482 int proto, gfp_t prio, int kern)
483 {
484 struct sock *sk;
485
486 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
487 if (!sk)
488 return NULL;
489
490 sock_init_data(sock, sk);
491 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
492
493 sk->sk_destruct = sco_sock_destruct;
494 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
495
496 sock_reset_flag(sk, SOCK_ZAPPED);
497
498 sk->sk_protocol = proto;
499 sk->sk_state = BT_OPEN;
500
501 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
502
503 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
504
505 bt_sock_link(&sco_sk_list, sk);
506 return sk;
507 }
508
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)509 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
510 int kern)
511 {
512 struct sock *sk;
513
514 BT_DBG("sock %p", sock);
515
516 sock->state = SS_UNCONNECTED;
517
518 if (sock->type != SOCK_SEQPACKET)
519 return -ESOCKTNOSUPPORT;
520
521 sock->ops = &sco_sock_ops;
522
523 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
524 if (!sk)
525 return -ENOMEM;
526
527 sco_sock_init(sk, NULL);
528 return 0;
529 }
530
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)531 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
532 int addr_len)
533 {
534 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
535 struct sock *sk = sock->sk;
536 int err = 0;
537
538 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
539 addr->sa_family != AF_BLUETOOTH)
540 return -EINVAL;
541
542 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
543
544 lock_sock(sk);
545
546 if (sk->sk_state != BT_OPEN) {
547 err = -EBADFD;
548 goto done;
549 }
550
551 if (sk->sk_type != SOCK_SEQPACKET) {
552 err = -EINVAL;
553 goto done;
554 }
555
556 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
557
558 sk->sk_state = BT_BOUND;
559
560 done:
561 release_sock(sk);
562 return err;
563 }
564
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)565 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
566 {
567 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
568 struct sock *sk = sock->sk;
569 int err;
570
571 BT_DBG("sk %p", sk);
572
573 if (alen < sizeof(struct sockaddr_sco) ||
574 addr->sa_family != AF_BLUETOOTH)
575 return -EINVAL;
576
577 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
578 return -EBADFD;
579
580 if (sk->sk_type != SOCK_SEQPACKET)
581 return -EINVAL;
582
583 lock_sock(sk);
584
585 /* Set destination address and psm */
586 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
587
588 err = sco_connect(sk);
589 if (err)
590 goto done;
591
592 err = bt_sock_wait_state(sk, BT_CONNECTED,
593 sock_sndtimeo(sk, flags & O_NONBLOCK));
594
595 done:
596 release_sock(sk);
597 return err;
598 }
599
sco_sock_listen(struct socket * sock,int backlog)600 static int sco_sock_listen(struct socket *sock, int backlog)
601 {
602 struct sock *sk = sock->sk;
603 bdaddr_t *src = &sco_pi(sk)->src;
604 int err = 0;
605
606 BT_DBG("sk %p backlog %d", sk, backlog);
607
608 lock_sock(sk);
609
610 if (sk->sk_state != BT_BOUND) {
611 err = -EBADFD;
612 goto done;
613 }
614
615 if (sk->sk_type != SOCK_SEQPACKET) {
616 err = -EINVAL;
617 goto done;
618 }
619
620 write_lock(&sco_sk_list.lock);
621
622 if (__sco_get_sock_listen_by_addr(src)) {
623 err = -EADDRINUSE;
624 goto unlock;
625 }
626
627 sk->sk_max_ack_backlog = backlog;
628 sk->sk_ack_backlog = 0;
629
630 sk->sk_state = BT_LISTEN;
631
632 unlock:
633 write_unlock(&sco_sk_list.lock);
634
635 done:
636 release_sock(sk);
637 return err;
638 }
639
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)640 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
641 int flags, bool kern)
642 {
643 DEFINE_WAIT_FUNC(wait, woken_wake_function);
644 struct sock *sk = sock->sk, *ch;
645 long timeo;
646 int err = 0;
647
648 lock_sock(sk);
649
650 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
651
652 BT_DBG("sk %p timeo %ld", sk, timeo);
653
654 /* Wait for an incoming connection. (wake-one). */
655 add_wait_queue_exclusive(sk_sleep(sk), &wait);
656 while (1) {
657 if (sk->sk_state != BT_LISTEN) {
658 err = -EBADFD;
659 break;
660 }
661
662 ch = bt_accept_dequeue(sk, newsock);
663 if (ch)
664 break;
665
666 if (!timeo) {
667 err = -EAGAIN;
668 break;
669 }
670
671 if (signal_pending(current)) {
672 err = sock_intr_errno(timeo);
673 break;
674 }
675
676 release_sock(sk);
677
678 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
679 lock_sock(sk);
680 }
681 remove_wait_queue(sk_sleep(sk), &wait);
682
683 if (err)
684 goto done;
685
686 newsock->state = SS_CONNECTED;
687
688 BT_DBG("new socket %p", ch);
689
690 done:
691 release_sock(sk);
692 return err;
693 }
694
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)695 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
696 int peer)
697 {
698 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
699 struct sock *sk = sock->sk;
700
701 BT_DBG("sock %p, sk %p", sock, sk);
702
703 addr->sa_family = AF_BLUETOOTH;
704
705 if (peer)
706 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
707 else
708 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
709
710 return sizeof(struct sockaddr_sco);
711 }
712
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)713 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
714 size_t len)
715 {
716 struct sock *sk = sock->sk;
717 int err;
718
719 BT_DBG("sock %p, sk %p", sock, sk);
720
721 err = sock_error(sk);
722 if (err)
723 return err;
724
725 if (msg->msg_flags & MSG_OOB)
726 return -EOPNOTSUPP;
727
728 lock_sock(sk);
729
730 if (sk->sk_state == BT_CONNECTED)
731 err = sco_send_frame(sk, msg, len);
732 else
733 err = -ENOTCONN;
734
735 release_sock(sk);
736 return err;
737 }
738
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)739 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
740 {
741 struct hci_dev *hdev = conn->hdev;
742
743 BT_DBG("conn %p", conn);
744
745 conn->state = BT_CONFIG;
746
747 if (!lmp_esco_capable(hdev)) {
748 struct hci_cp_accept_conn_req cp;
749
750 bacpy(&cp.bdaddr, &conn->dst);
751 cp.role = 0x00; /* Ignored */
752
753 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
754 } else {
755 struct hci_cp_accept_sync_conn_req cp;
756
757 bacpy(&cp.bdaddr, &conn->dst);
758 cp.pkt_type = cpu_to_le16(conn->pkt_type);
759
760 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
761 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
762 cp.content_format = cpu_to_le16(setting);
763
764 switch (setting & SCO_AIRMODE_MASK) {
765 case SCO_AIRMODE_TRANSP:
766 if (conn->pkt_type & ESCO_2EV3)
767 cp.max_latency = cpu_to_le16(0x0008);
768 else
769 cp.max_latency = cpu_to_le16(0x000D);
770 cp.retrans_effort = 0x02;
771 break;
772 case SCO_AIRMODE_CVSD:
773 cp.max_latency = cpu_to_le16(0xffff);
774 cp.retrans_effort = 0xff;
775 break;
776 }
777
778 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
779 sizeof(cp), &cp);
780 }
781 }
782
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)783 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
784 size_t len, int flags)
785 {
786 struct sock *sk = sock->sk;
787 struct sco_pinfo *pi = sco_pi(sk);
788
789 lock_sock(sk);
790
791 if (sk->sk_state == BT_CONNECT2 &&
792 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
793 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
794 sk->sk_state = BT_CONFIG;
795
796 release_sock(sk);
797 return 0;
798 }
799
800 release_sock(sk);
801
802 return bt_sock_recvmsg(sock, msg, len, flags);
803 }
804
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)805 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
806 sockptr_t optval, unsigned int optlen)
807 {
808 struct sock *sk = sock->sk;
809 int len, err = 0;
810 struct bt_voice voice;
811 u32 opt;
812
813 BT_DBG("sk %p", sk);
814
815 lock_sock(sk);
816
817 switch (optname) {
818
819 case BT_DEFER_SETUP:
820 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
821 err = -EINVAL;
822 break;
823 }
824
825 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
826 err = -EFAULT;
827 break;
828 }
829
830 if (opt)
831 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 else
833 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 break;
835
836 case BT_VOICE:
837 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
838 sk->sk_state != BT_CONNECT2) {
839 err = -EINVAL;
840 break;
841 }
842
843 voice.setting = sco_pi(sk)->setting;
844
845 len = min_t(unsigned int, sizeof(voice), optlen);
846 if (copy_from_sockptr(&voice, optval, len)) {
847 err = -EFAULT;
848 break;
849 }
850
851 /* Explicitly check for these values */
852 if (voice.setting != BT_VOICE_TRANSPARENT &&
853 voice.setting != BT_VOICE_CVSD_16BIT) {
854 err = -EINVAL;
855 break;
856 }
857
858 sco_pi(sk)->setting = voice.setting;
859 break;
860
861 case BT_PKT_STATUS:
862 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
863 err = -EFAULT;
864 break;
865 }
866
867 if (opt)
868 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
869 else
870 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
871 break;
872
873 default:
874 err = -ENOPROTOOPT;
875 break;
876 }
877
878 release_sock(sk);
879 return err;
880 }
881
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)882 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
883 char __user *optval, int __user *optlen)
884 {
885 struct sock *sk = sock->sk;
886 struct sco_options opts;
887 struct sco_conninfo cinfo;
888 int len, err = 0;
889
890 BT_DBG("sk %p", sk);
891
892 if (get_user(len, optlen))
893 return -EFAULT;
894
895 lock_sock(sk);
896
897 switch (optname) {
898 case SCO_OPTIONS:
899 if (sk->sk_state != BT_CONNECTED &&
900 !(sk->sk_state == BT_CONNECT2 &&
901 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
902 err = -ENOTCONN;
903 break;
904 }
905
906 opts.mtu = sco_pi(sk)->conn->mtu;
907
908 BT_DBG("mtu %d", opts.mtu);
909
910 len = min_t(unsigned int, len, sizeof(opts));
911 if (copy_to_user(optval, (char *)&opts, len))
912 err = -EFAULT;
913
914 break;
915
916 case SCO_CONNINFO:
917 if (sk->sk_state != BT_CONNECTED &&
918 !(sk->sk_state == BT_CONNECT2 &&
919 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
920 err = -ENOTCONN;
921 break;
922 }
923
924 memset(&cinfo, 0, sizeof(cinfo));
925 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
926 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
927
928 len = min_t(unsigned int, len, sizeof(cinfo));
929 if (copy_to_user(optval, (char *)&cinfo, len))
930 err = -EFAULT;
931
932 break;
933
934 default:
935 err = -ENOPROTOOPT;
936 break;
937 }
938
939 release_sock(sk);
940 return err;
941 }
942
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)943 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
944 char __user *optval, int __user *optlen)
945 {
946 struct sock *sk = sock->sk;
947 int len, err = 0;
948 struct bt_voice voice;
949 u32 phys;
950 int pkt_status;
951
952 BT_DBG("sk %p", sk);
953
954 if (level == SOL_SCO)
955 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
956
957 if (get_user(len, optlen))
958 return -EFAULT;
959
960 lock_sock(sk);
961
962 switch (optname) {
963
964 case BT_DEFER_SETUP:
965 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
966 err = -EINVAL;
967 break;
968 }
969
970 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
971 (u32 __user *)optval))
972 err = -EFAULT;
973
974 break;
975
976 case BT_VOICE:
977 voice.setting = sco_pi(sk)->setting;
978
979 len = min_t(unsigned int, len, sizeof(voice));
980 if (copy_to_user(optval, (char *)&voice, len))
981 err = -EFAULT;
982
983 break;
984
985 case BT_PHY:
986 if (sk->sk_state != BT_CONNECTED) {
987 err = -ENOTCONN;
988 break;
989 }
990
991 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
992
993 if (put_user(phys, (u32 __user *) optval))
994 err = -EFAULT;
995 break;
996
997 case BT_PKT_STATUS:
998 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
999
1000 if (put_user(pkt_status, (int __user *)optval))
1001 err = -EFAULT;
1002 break;
1003
1004 case BT_SNDMTU:
1005 case BT_RCVMTU:
1006 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1007 err = -EFAULT;
1008 break;
1009
1010 default:
1011 err = -ENOPROTOOPT;
1012 break;
1013 }
1014
1015 release_sock(sk);
1016 return err;
1017 }
1018
sco_sock_shutdown(struct socket * sock,int how)1019 static int sco_sock_shutdown(struct socket *sock, int how)
1020 {
1021 struct sock *sk = sock->sk;
1022 int err = 0;
1023
1024 BT_DBG("sock %p, sk %p", sock, sk);
1025
1026 if (!sk)
1027 return 0;
1028
1029 sock_hold(sk);
1030 lock_sock(sk);
1031
1032 if (!sk->sk_shutdown) {
1033 sk->sk_shutdown = SHUTDOWN_MASK;
1034 sco_sock_clear_timer(sk);
1035 __sco_sock_close(sk);
1036
1037 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1038 !(current->flags & PF_EXITING))
1039 err = bt_sock_wait_state(sk, BT_CLOSED,
1040 sk->sk_lingertime);
1041 }
1042
1043 release_sock(sk);
1044 sock_put(sk);
1045
1046 return err;
1047 }
1048
sco_sock_release(struct socket * sock)1049 static int sco_sock_release(struct socket *sock)
1050 {
1051 struct sock *sk = sock->sk;
1052 int err = 0;
1053
1054 BT_DBG("sock %p, sk %p", sock, sk);
1055
1056 if (!sk)
1057 return 0;
1058
1059 sco_sock_close(sk);
1060
1061 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1062 !(current->flags & PF_EXITING)) {
1063 lock_sock(sk);
1064 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1065 release_sock(sk);
1066 }
1067
1068 sock_orphan(sk);
1069 sco_sock_kill(sk);
1070 return err;
1071 }
1072
sco_conn_ready(struct sco_conn * conn)1073 static void sco_conn_ready(struct sco_conn *conn)
1074 {
1075 struct sock *parent;
1076 struct sock *sk = conn->sk;
1077
1078 BT_DBG("conn %p", conn);
1079
1080 if (sk) {
1081 sco_sock_clear_timer(sk);
1082 bh_lock_sock(sk);
1083 sk->sk_state = BT_CONNECTED;
1084 sk->sk_state_change(sk);
1085 bh_unlock_sock(sk);
1086 } else {
1087 sco_conn_lock(conn);
1088
1089 if (!conn->hcon) {
1090 sco_conn_unlock(conn);
1091 return;
1092 }
1093
1094 parent = sco_get_sock_listen(&conn->hcon->src);
1095 if (!parent) {
1096 sco_conn_unlock(conn);
1097 return;
1098 }
1099
1100 bh_lock_sock(parent);
1101
1102 sk = sco_sock_alloc(sock_net(parent), NULL,
1103 BTPROTO_SCO, GFP_ATOMIC, 0);
1104 if (!sk) {
1105 bh_unlock_sock(parent);
1106 sco_conn_unlock(conn);
1107 return;
1108 }
1109
1110 sco_sock_init(sk, parent);
1111
1112 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1113 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1114
1115 hci_conn_hold(conn->hcon);
1116 __sco_chan_add(conn, sk, parent);
1117
1118 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1119 sk->sk_state = BT_CONNECT2;
1120 else
1121 sk->sk_state = BT_CONNECTED;
1122
1123 /* Wake up parent */
1124 parent->sk_data_ready(parent);
1125
1126 bh_unlock_sock(parent);
1127
1128 sco_conn_unlock(conn);
1129 }
1130 }
1131
1132 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1133 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1134 {
1135 struct sock *sk;
1136 int lm = 0;
1137
1138 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1139
1140 /* Find listening sockets */
1141 read_lock(&sco_sk_list.lock);
1142 sk_for_each(sk, &sco_sk_list.head) {
1143 if (sk->sk_state != BT_LISTEN)
1144 continue;
1145
1146 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1147 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1148 lm |= HCI_LM_ACCEPT;
1149
1150 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1151 *flags |= HCI_PROTO_DEFER;
1152 break;
1153 }
1154 }
1155 read_unlock(&sco_sk_list.lock);
1156
1157 return lm;
1158 }
1159
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1160 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1161 {
1162 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1163 return;
1164
1165 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1166
1167 if (!status) {
1168 struct sco_conn *conn;
1169
1170 conn = sco_conn_add(hcon);
1171 if (conn)
1172 sco_conn_ready(conn);
1173 } else
1174 sco_conn_del(hcon, bt_to_errno(status));
1175 }
1176
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1177 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1178 {
1179 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1180 return;
1181
1182 BT_DBG("hcon %p reason %d", hcon, reason);
1183
1184 sco_conn_del(hcon, bt_to_errno(reason));
1185 }
1186
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1187 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1188 {
1189 struct sco_conn *conn = hcon->sco_data;
1190
1191 if (!conn)
1192 goto drop;
1193
1194 BT_DBG("conn %p len %d", conn, skb->len);
1195
1196 if (skb->len) {
1197 sco_recv_frame(conn, skb);
1198 return;
1199 }
1200
1201 drop:
1202 kfree_skb(skb);
1203 }
1204
1205 static struct hci_cb sco_cb = {
1206 .name = "SCO",
1207 .connect_cfm = sco_connect_cfm,
1208 .disconn_cfm = sco_disconn_cfm,
1209 };
1210
sco_debugfs_show(struct seq_file * f,void * p)1211 static int sco_debugfs_show(struct seq_file *f, void *p)
1212 {
1213 struct sock *sk;
1214
1215 read_lock(&sco_sk_list.lock);
1216
1217 sk_for_each(sk, &sco_sk_list.head) {
1218 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1219 &sco_pi(sk)->dst, sk->sk_state);
1220 }
1221
1222 read_unlock(&sco_sk_list.lock);
1223
1224 return 0;
1225 }
1226
1227 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1228
1229 static struct dentry *sco_debugfs;
1230
1231 static const struct proto_ops sco_sock_ops = {
1232 .family = PF_BLUETOOTH,
1233 .owner = THIS_MODULE,
1234 .release = sco_sock_release,
1235 .bind = sco_sock_bind,
1236 .connect = sco_sock_connect,
1237 .listen = sco_sock_listen,
1238 .accept = sco_sock_accept,
1239 .getname = sco_sock_getname,
1240 .sendmsg = sco_sock_sendmsg,
1241 .recvmsg = sco_sock_recvmsg,
1242 .poll = bt_sock_poll,
1243 .ioctl = bt_sock_ioctl,
1244 .gettstamp = sock_gettstamp,
1245 .mmap = sock_no_mmap,
1246 .socketpair = sock_no_socketpair,
1247 .shutdown = sco_sock_shutdown,
1248 .setsockopt = sco_sock_setsockopt,
1249 .getsockopt = sco_sock_getsockopt
1250 };
1251
1252 static const struct net_proto_family sco_sock_family_ops = {
1253 .family = PF_BLUETOOTH,
1254 .owner = THIS_MODULE,
1255 .create = sco_sock_create,
1256 };
1257
sco_init(void)1258 int __init sco_init(void)
1259 {
1260 int err;
1261
1262 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1263
1264 err = proto_register(&sco_proto, 0);
1265 if (err < 0)
1266 return err;
1267
1268 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1269 if (err < 0) {
1270 BT_ERR("SCO socket registration failed");
1271 goto error;
1272 }
1273
1274 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1275 if (err < 0) {
1276 BT_ERR("Failed to create SCO proc file");
1277 bt_sock_unregister(BTPROTO_SCO);
1278 goto error;
1279 }
1280
1281 BT_INFO("SCO socket layer initialized");
1282
1283 hci_register_cb(&sco_cb);
1284
1285 if (IS_ERR_OR_NULL(bt_debugfs))
1286 return 0;
1287
1288 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1289 NULL, &sco_debugfs_fops);
1290
1291 return 0;
1292
1293 error:
1294 proto_unregister(&sco_proto);
1295 return err;
1296 }
1297
sco_exit(void)1298 void sco_exit(void)
1299 {
1300 bt_procfs_cleanup(&init_net, "sco");
1301
1302 debugfs_remove(sco_debugfs);
1303
1304 hci_unregister_cb(&sco_cb);
1305
1306 bt_sock_unregister(BTPROTO_SCO);
1307
1308 proto_unregister(&sco_proto);
1309 }
1310
1311 module_param(disable_esco, bool, 0644);
1312 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1313
