1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 };
55
56 #define sco_conn_lock(c) spin_lock(&c->lock);
57 #define sco_conn_unlock(c) spin_unlock(&c->lock);
58
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65 struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 struct sco_conn *conn;
72 };
73
74 /* ---- SCO timers ---- */
75 #define SCO_CONN_TIMEOUT (HZ * 40)
76 #define SCO_DISCONN_TIMEOUT (HZ * 2)
77
sco_sock_timeout(struct work_struct * work)78 static void sco_sock_timeout(struct work_struct *work)
79 {
80 struct sco_conn *conn = container_of(work, struct sco_conn,
81 timeout_work.work);
82 struct sock *sk;
83
84 sco_conn_lock(conn);
85 sk = conn->sk;
86 if (sk)
87 sock_hold(sk);
88 sco_conn_unlock(conn);
89
90 if (!sk)
91 return;
92
93 BT_DBG("sock %p state %d", sk, sk->sk_state);
94
95 lock_sock(sk);
96 sk->sk_err = ETIMEDOUT;
97 sk->sk_state_change(sk);
98 release_sock(sk);
99
100 sco_sock_kill(sk);
101 sock_put(sk);
102 }
103
sco_sock_set_timer(struct sock * sk,long timeout)104 static void sco_sock_set_timer(struct sock *sk, long timeout)
105 {
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112 }
113
sco_sock_clear_timer(struct sock * sk)114 static void sco_sock_clear_timer(struct sock *sk)
115 {
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121 }
122
123 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125 {
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137
138 hcon->sco_data = conn;
139 conn->hcon = hcon;
140
141 if (hdev->sco_mtu > 0)
142 conn->mtu = hdev->sco_mtu;
143 else
144 conn->mtu = 60;
145
146 BT_DBG("hcon %p conn %p", hcon, conn);
147
148 return conn;
149 }
150
151 /* Delete channel.
152 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)153 static void sco_chan_del(struct sock *sk, int err)
154 {
155 struct sco_conn *conn;
156
157 conn = sco_pi(sk)->conn;
158
159 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
160
161 if (conn) {
162 sco_conn_lock(conn);
163 conn->sk = NULL;
164 sco_pi(sk)->conn = NULL;
165 sco_conn_unlock(conn);
166
167 if (conn->hcon)
168 hci_conn_drop(conn->hcon);
169 }
170
171 sk->sk_state = BT_CLOSED;
172 sk->sk_err = err;
173 sk->sk_state_change(sk);
174
175 sock_set_flag(sk, SOCK_ZAPPED);
176 }
177
sco_conn_del(struct hci_conn * hcon,int err)178 static void sco_conn_del(struct hci_conn *hcon, int err)
179 {
180 struct sco_conn *conn = hcon->sco_data;
181 struct sock *sk;
182
183 if (!conn)
184 return;
185
186 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
187
188 /* Kill socket */
189 sco_conn_lock(conn);
190 sk = conn->sk;
191 sco_conn_unlock(conn);
192
193 if (sk) {
194 sock_hold(sk);
195 lock_sock(sk);
196 sco_sock_clear_timer(sk);
197 sco_chan_del(sk, err);
198 release_sock(sk);
199 sco_sock_kill(sk);
200 sock_put(sk);
201
202 /* Ensure no more work items will run before freeing conn. */
203 cancel_delayed_work_sync(&conn->timeout_work);
204 }
205
206 hcon->sco_data = NULL;
207 kfree(conn);
208 }
209
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)210 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
211 struct sock *parent)
212 {
213 BT_DBG("conn %p", conn);
214
215 sco_pi(sk)->conn = conn;
216 conn->sk = sk;
217
218 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
219
220 if (parent)
221 bt_accept_enqueue(parent, sk, true);
222 }
223
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)224 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
225 struct sock *parent)
226 {
227 int err = 0;
228
229 sco_conn_lock(conn);
230 if (conn->sk)
231 err = -EBUSY;
232 else
233 __sco_chan_add(conn, sk, parent);
234
235 sco_conn_unlock(conn);
236 return err;
237 }
238
sco_connect(struct hci_dev * hdev,struct sock * sk)239 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
240 {
241 struct sco_conn *conn;
242 struct hci_conn *hcon;
243 int err, type;
244
245 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
246
247 if (lmp_esco_capable(hdev) && !disable_esco)
248 type = ESCO_LINK;
249 else
250 type = SCO_LINK;
251
252 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
253 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
254 return -EOPNOTSUPP;
255
256 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
257 sco_pi(sk)->setting);
258 if (IS_ERR(hcon))
259 return PTR_ERR(hcon);
260
261 conn = sco_conn_add(hcon);
262 if (!conn) {
263 hci_conn_drop(hcon);
264 return -ENOMEM;
265 }
266
267 /* Update source addr of the socket */
268 bacpy(&sco_pi(sk)->src, &hcon->src);
269
270 err = sco_chan_add(conn, sk, NULL);
271 if (err)
272 return err;
273
274 if (hcon->state == BT_CONNECTED) {
275 sco_sock_clear_timer(sk);
276 sk->sk_state = BT_CONNECTED;
277 } else {
278 sk->sk_state = BT_CONNECT;
279 sco_sock_set_timer(sk, sk->sk_sndtimeo);
280 }
281
282 return err;
283 }
284
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)285 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
286 {
287 struct sco_conn *conn = sco_pi(sk)->conn;
288 struct sk_buff *skb;
289 int err;
290
291 /* Check outgoing MTU */
292 if (len > conn->mtu)
293 return -EINVAL;
294
295 BT_DBG("sk %p len %d", sk, len);
296
297 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
298 if (!skb)
299 return err;
300
301 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
302 kfree_skb(skb);
303 return -EFAULT;
304 }
305
306 hci_send_sco(conn->hcon, skb);
307
308 return len;
309 }
310
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)311 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
312 {
313 struct sock *sk;
314
315 sco_conn_lock(conn);
316 sk = conn->sk;
317 sco_conn_unlock(conn);
318
319 if (!sk)
320 goto drop;
321
322 BT_DBG("sk %p len %d", sk, skb->len);
323
324 if (sk->sk_state != BT_CONNECTED)
325 goto drop;
326
327 if (!sock_queue_rcv_skb(sk, skb))
328 return;
329
330 drop:
331 kfree_skb(skb);
332 }
333
334 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)335 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
336 {
337 struct sock *sk;
338
339 sk_for_each(sk, &sco_sk_list.head) {
340 if (sk->sk_state != BT_LISTEN)
341 continue;
342
343 if (!bacmp(&sco_pi(sk)->src, ba))
344 return sk;
345 }
346
347 return NULL;
348 }
349
350 /* Find socket listening on source bdaddr.
351 * Returns closest match.
352 */
sco_get_sock_listen(bdaddr_t * src)353 static struct sock *sco_get_sock_listen(bdaddr_t *src)
354 {
355 struct sock *sk = NULL, *sk1 = NULL;
356
357 read_lock(&sco_sk_list.lock);
358
359 sk_for_each(sk, &sco_sk_list.head) {
360 if (sk->sk_state != BT_LISTEN)
361 continue;
362
363 /* Exact match. */
364 if (!bacmp(&sco_pi(sk)->src, src))
365 break;
366
367 /* Closest match */
368 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
369 sk1 = sk;
370 }
371
372 read_unlock(&sco_sk_list.lock);
373
374 return sk ? sk : sk1;
375 }
376
sco_sock_destruct(struct sock * sk)377 static void sco_sock_destruct(struct sock *sk)
378 {
379 BT_DBG("sk %p", sk);
380
381 skb_queue_purge(&sk->sk_receive_queue);
382 skb_queue_purge(&sk->sk_write_queue);
383 }
384
sco_sock_cleanup_listen(struct sock * parent)385 static void sco_sock_cleanup_listen(struct sock *parent)
386 {
387 struct sock *sk;
388
389 BT_DBG("parent %p", parent);
390
391 /* Close not yet accepted channels */
392 while ((sk = bt_accept_dequeue(parent, NULL))) {
393 sco_sock_close(sk);
394 sco_sock_kill(sk);
395 }
396
397 parent->sk_state = BT_CLOSED;
398 sock_set_flag(parent, SOCK_ZAPPED);
399 }
400
401 /* Kill socket (only if zapped and orphan)
402 * Must be called on unlocked socket.
403 */
sco_sock_kill(struct sock * sk)404 static void sco_sock_kill(struct sock *sk)
405 {
406 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
407 sock_flag(sk, SOCK_DEAD))
408 return;
409
410 BT_DBG("sk %p state %d", sk, sk->sk_state);
411
412 /* Kill poor orphan */
413 bt_sock_unlink(&sco_sk_list, sk);
414 sock_set_flag(sk, SOCK_DEAD);
415 sock_put(sk);
416 }
417
__sco_sock_close(struct sock * sk)418 static void __sco_sock_close(struct sock *sk)
419 {
420 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
421
422 switch (sk->sk_state) {
423 case BT_LISTEN:
424 sco_sock_cleanup_listen(sk);
425 break;
426
427 case BT_CONNECTED:
428 case BT_CONFIG:
429 if (sco_pi(sk)->conn->hcon) {
430 sk->sk_state = BT_DISCONN;
431 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
432 sco_conn_lock(sco_pi(sk)->conn);
433 hci_conn_drop(sco_pi(sk)->conn->hcon);
434 sco_pi(sk)->conn->hcon = NULL;
435 sco_conn_unlock(sco_pi(sk)->conn);
436 } else
437 sco_chan_del(sk, ECONNRESET);
438 break;
439
440 case BT_CONNECT2:
441 case BT_CONNECT:
442 case BT_DISCONN:
443 sco_chan_del(sk, ECONNRESET);
444 break;
445
446 default:
447 sock_set_flag(sk, SOCK_ZAPPED);
448 break;
449 }
450 }
451
452 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)453 static void sco_sock_close(struct sock *sk)
454 {
455 sco_sock_clear_timer(sk);
456 lock_sock(sk);
457 __sco_sock_close(sk);
458 release_sock(sk);
459 sco_sock_kill(sk);
460 }
461
sco_sock_init(struct sock * sk,struct sock * parent)462 static void sco_sock_init(struct sock *sk, struct sock *parent)
463 {
464 BT_DBG("sk %p", sk);
465
466 if (parent) {
467 sk->sk_type = parent->sk_type;
468 bt_sk(sk)->flags = bt_sk(parent)->flags;
469 security_sk_clone(parent, sk);
470 }
471 }
472
473 static struct proto sco_proto = {
474 .name = "SCO",
475 .owner = THIS_MODULE,
476 .obj_size = sizeof(struct sco_pinfo)
477 };
478
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)479 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
480 int proto, gfp_t prio, int kern)
481 {
482 struct sock *sk;
483
484 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
485 if (!sk)
486 return NULL;
487
488 sock_init_data(sock, sk);
489 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
490
491 sk->sk_destruct = sco_sock_destruct;
492 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
493
494 sock_reset_flag(sk, SOCK_ZAPPED);
495
496 sk->sk_protocol = proto;
497 sk->sk_state = BT_OPEN;
498
499 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
500
501 bt_sock_link(&sco_sk_list, sk);
502 return sk;
503 }
504
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)505 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
506 int kern)
507 {
508 struct sock *sk;
509
510 BT_DBG("sock %p", sock);
511
512 sock->state = SS_UNCONNECTED;
513
514 if (sock->type != SOCK_SEQPACKET)
515 return -ESOCKTNOSUPPORT;
516
517 sock->ops = &sco_sock_ops;
518
519 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
520 if (!sk)
521 return -ENOMEM;
522
523 sco_sock_init(sk, NULL);
524 return 0;
525 }
526
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)527 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
528 int addr_len)
529 {
530 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
531 struct sock *sk = sock->sk;
532 int err = 0;
533
534 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
535
536 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
537 addr->sa_family != AF_BLUETOOTH)
538 return -EINVAL;
539
540 lock_sock(sk);
541
542 if (sk->sk_state != BT_OPEN) {
543 err = -EBADFD;
544 goto done;
545 }
546
547 if (sk->sk_type != SOCK_SEQPACKET) {
548 err = -EINVAL;
549 goto done;
550 }
551
552 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
553
554 sk->sk_state = BT_BOUND;
555
556 done:
557 release_sock(sk);
558 return err;
559 }
560
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)561 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
562 {
563 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
564 struct sock *sk = sock->sk;
565 struct hci_dev *hdev;
566 int err;
567
568 BT_DBG("sk %p", sk);
569
570 if (alen < sizeof(struct sockaddr_sco) ||
571 addr->sa_family != AF_BLUETOOTH)
572 return -EINVAL;
573
574 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
575 return -EBADFD;
576
577 if (sk->sk_type != SOCK_SEQPACKET)
578 return -EINVAL;
579
580 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
581 if (!hdev)
582 return -EHOSTUNREACH;
583 hci_dev_lock(hdev);
584
585 lock_sock(sk);
586
587 /* Set destination address and psm */
588 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
589
590 err = sco_connect(hdev, sk);
591 hci_dev_unlock(hdev);
592 hci_dev_put(hdev);
593 if (err)
594 goto done;
595
596 err = bt_sock_wait_state(sk, BT_CONNECTED,
597 sock_sndtimeo(sk, flags & O_NONBLOCK));
598
599 done:
600 release_sock(sk);
601 return err;
602 }
603
sco_sock_listen(struct socket * sock,int backlog)604 static int sco_sock_listen(struct socket *sock, int backlog)
605 {
606 struct sock *sk = sock->sk;
607 bdaddr_t *src = &sco_pi(sk)->src;
608 int err = 0;
609
610 BT_DBG("sk %p backlog %d", sk, backlog);
611
612 lock_sock(sk);
613
614 if (sk->sk_state != BT_BOUND) {
615 err = -EBADFD;
616 goto done;
617 }
618
619 if (sk->sk_type != SOCK_SEQPACKET) {
620 err = -EINVAL;
621 goto done;
622 }
623
624 write_lock(&sco_sk_list.lock);
625
626 if (__sco_get_sock_listen_by_addr(src)) {
627 err = -EADDRINUSE;
628 goto unlock;
629 }
630
631 sk->sk_max_ack_backlog = backlog;
632 sk->sk_ack_backlog = 0;
633
634 sk->sk_state = BT_LISTEN;
635
636 unlock:
637 write_unlock(&sco_sk_list.lock);
638
639 done:
640 release_sock(sk);
641 return err;
642 }
643
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)644 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
645 int flags, bool kern)
646 {
647 DEFINE_WAIT_FUNC(wait, woken_wake_function);
648 struct sock *sk = sock->sk, *ch;
649 long timeo;
650 int err = 0;
651
652 lock_sock(sk);
653
654 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
655
656 BT_DBG("sk %p timeo %ld", sk, timeo);
657
658 /* Wait for an incoming connection. (wake-one). */
659 add_wait_queue_exclusive(sk_sleep(sk), &wait);
660 while (1) {
661 if (sk->sk_state != BT_LISTEN) {
662 err = -EBADFD;
663 break;
664 }
665
666 ch = bt_accept_dequeue(sk, newsock);
667 if (ch)
668 break;
669
670 if (!timeo) {
671 err = -EAGAIN;
672 break;
673 }
674
675 if (signal_pending(current)) {
676 err = sock_intr_errno(timeo);
677 break;
678 }
679
680 release_sock(sk);
681
682 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
683 lock_sock(sk);
684 }
685 remove_wait_queue(sk_sleep(sk), &wait);
686
687 if (err)
688 goto done;
689
690 newsock->state = SS_CONNECTED;
691
692 BT_DBG("new socket %p", ch);
693
694 done:
695 release_sock(sk);
696 return err;
697 }
698
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)699 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
700 int peer)
701 {
702 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
703 struct sock *sk = sock->sk;
704
705 BT_DBG("sock %p, sk %p", sock, sk);
706
707 addr->sa_family = AF_BLUETOOTH;
708
709 if (peer)
710 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
711 else
712 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
713
714 return sizeof(struct sockaddr_sco);
715 }
716
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)717 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
718 size_t len)
719 {
720 struct sock *sk = sock->sk;
721 int err;
722
723 BT_DBG("sock %p, sk %p", sock, sk);
724
725 err = sock_error(sk);
726 if (err)
727 return err;
728
729 if (msg->msg_flags & MSG_OOB)
730 return -EOPNOTSUPP;
731
732 lock_sock(sk);
733
734 if (sk->sk_state == BT_CONNECTED)
735 err = sco_send_frame(sk, msg, len);
736 else
737 err = -ENOTCONN;
738
739 release_sock(sk);
740 return err;
741 }
742
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)743 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
744 {
745 struct hci_dev *hdev = conn->hdev;
746
747 BT_DBG("conn %p", conn);
748
749 conn->state = BT_CONFIG;
750
751 if (!lmp_esco_capable(hdev)) {
752 struct hci_cp_accept_conn_req cp;
753
754 bacpy(&cp.bdaddr, &conn->dst);
755 cp.role = 0x00; /* Ignored */
756
757 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
758 } else {
759 struct hci_cp_accept_sync_conn_req cp;
760
761 bacpy(&cp.bdaddr, &conn->dst);
762 cp.pkt_type = cpu_to_le16(conn->pkt_type);
763
764 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
765 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
766 cp.content_format = cpu_to_le16(setting);
767
768 switch (setting & SCO_AIRMODE_MASK) {
769 case SCO_AIRMODE_TRANSP:
770 if (conn->pkt_type & ESCO_2EV3)
771 cp.max_latency = cpu_to_le16(0x0008);
772 else
773 cp.max_latency = cpu_to_le16(0x000D);
774 cp.retrans_effort = 0x02;
775 break;
776 case SCO_AIRMODE_CVSD:
777 cp.max_latency = cpu_to_le16(0xffff);
778 cp.retrans_effort = 0xff;
779 break;
780 }
781
782 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
783 sizeof(cp), &cp);
784 }
785 }
786
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)787 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
788 size_t len, int flags)
789 {
790 struct sock *sk = sock->sk;
791 struct sco_pinfo *pi = sco_pi(sk);
792
793 lock_sock(sk);
794
795 if (sk->sk_state == BT_CONNECT2 &&
796 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
797 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
798 sk->sk_state = BT_CONFIG;
799
800 release_sock(sk);
801 return 0;
802 }
803
804 release_sock(sk);
805
806 return bt_sock_recvmsg(sock, msg, len, flags);
807 }
808
sco_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)809 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
810 char __user *optval, unsigned int optlen)
811 {
812 struct sock *sk = sock->sk;
813 int len, err = 0;
814 struct bt_voice voice;
815 u32 opt;
816
817 BT_DBG("sk %p", sk);
818
819 lock_sock(sk);
820
821 switch (optname) {
822
823 case BT_DEFER_SETUP:
824 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
825 err = -EINVAL;
826 break;
827 }
828
829 if (get_user(opt, (u32 __user *) optval)) {
830 err = -EFAULT;
831 break;
832 }
833
834 if (opt)
835 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
836 else
837 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
838 break;
839
840 case BT_VOICE:
841 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
842 sk->sk_state != BT_CONNECT2) {
843 err = -EINVAL;
844 break;
845 }
846
847 voice.setting = sco_pi(sk)->setting;
848
849 len = min_t(unsigned int, sizeof(voice), optlen);
850 if (copy_from_user((char *)&voice, optval, len)) {
851 err = -EFAULT;
852 break;
853 }
854
855 /* Explicitly check for these values */
856 if (voice.setting != BT_VOICE_TRANSPARENT &&
857 voice.setting != BT_VOICE_CVSD_16BIT) {
858 err = -EINVAL;
859 break;
860 }
861
862 sco_pi(sk)->setting = voice.setting;
863 break;
864
865 default:
866 err = -ENOPROTOOPT;
867 break;
868 }
869
870 release_sock(sk);
871 return err;
872 }
873
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)874 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
875 char __user *optval, int __user *optlen)
876 {
877 struct sock *sk = sock->sk;
878 struct sco_options opts;
879 struct sco_conninfo cinfo;
880 int len, err = 0;
881
882 BT_DBG("sk %p", sk);
883
884 if (get_user(len, optlen))
885 return -EFAULT;
886
887 lock_sock(sk);
888
889 switch (optname) {
890 case SCO_OPTIONS:
891 if (sk->sk_state != BT_CONNECTED &&
892 !(sk->sk_state == BT_CONNECT2 &&
893 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
894 err = -ENOTCONN;
895 break;
896 }
897
898 opts.mtu = sco_pi(sk)->conn->mtu;
899
900 BT_DBG("mtu %d", opts.mtu);
901
902 len = min_t(unsigned int, len, sizeof(opts));
903 if (copy_to_user(optval, (char *)&opts, len))
904 err = -EFAULT;
905
906 break;
907
908 case SCO_CONNINFO:
909 if (sk->sk_state != BT_CONNECTED &&
910 !(sk->sk_state == BT_CONNECT2 &&
911 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
912 err = -ENOTCONN;
913 break;
914 }
915
916 memset(&cinfo, 0, sizeof(cinfo));
917 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
918 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
919
920 len = min_t(unsigned int, len, sizeof(cinfo));
921 if (copy_to_user(optval, (char *)&cinfo, len))
922 err = -EFAULT;
923
924 break;
925
926 default:
927 err = -ENOPROTOOPT;
928 break;
929 }
930
931 release_sock(sk);
932 return err;
933 }
934
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)935 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
936 char __user *optval, int __user *optlen)
937 {
938 struct sock *sk = sock->sk;
939 int len, err = 0;
940 struct bt_voice voice;
941
942 BT_DBG("sk %p", sk);
943
944 if (level == SOL_SCO)
945 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
946
947 if (get_user(len, optlen))
948 return -EFAULT;
949
950 lock_sock(sk);
951
952 switch (optname) {
953
954 case BT_DEFER_SETUP:
955 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
956 err = -EINVAL;
957 break;
958 }
959
960 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
961 (u32 __user *)optval))
962 err = -EFAULT;
963
964 break;
965
966 case BT_VOICE:
967 voice.setting = sco_pi(sk)->setting;
968
969 len = min_t(unsigned int, len, sizeof(voice));
970 if (copy_to_user(optval, (char *)&voice, len))
971 err = -EFAULT;
972
973 break;
974
975 default:
976 err = -ENOPROTOOPT;
977 break;
978 }
979
980 release_sock(sk);
981 return err;
982 }
983
sco_sock_shutdown(struct socket * sock,int how)984 static int sco_sock_shutdown(struct socket *sock, int how)
985 {
986 struct sock *sk = sock->sk;
987 int err = 0;
988
989 BT_DBG("sock %p, sk %p", sock, sk);
990
991 if (!sk)
992 return 0;
993
994 sock_hold(sk);
995 lock_sock(sk);
996
997 if (!sk->sk_shutdown) {
998 sk->sk_shutdown = SHUTDOWN_MASK;
999 sco_sock_clear_timer(sk);
1000 __sco_sock_close(sk);
1001
1002 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1003 !(current->flags & PF_EXITING))
1004 err = bt_sock_wait_state(sk, BT_CLOSED,
1005 sk->sk_lingertime);
1006 }
1007
1008 release_sock(sk);
1009 sock_put(sk);
1010
1011 return err;
1012 }
1013
sco_sock_release(struct socket * sock)1014 static int sco_sock_release(struct socket *sock)
1015 {
1016 struct sock *sk = sock->sk;
1017 int err = 0;
1018
1019 BT_DBG("sock %p, sk %p", sock, sk);
1020
1021 if (!sk)
1022 return 0;
1023
1024 sco_sock_close(sk);
1025
1026 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1027 !(current->flags & PF_EXITING)) {
1028 lock_sock(sk);
1029 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1030 release_sock(sk);
1031 }
1032
1033 sock_orphan(sk);
1034 sco_sock_kill(sk);
1035 return err;
1036 }
1037
sco_conn_ready(struct sco_conn * conn)1038 static void sco_conn_ready(struct sco_conn *conn)
1039 {
1040 struct sock *parent;
1041 struct sock *sk = conn->sk;
1042
1043 BT_DBG("conn %p", conn);
1044
1045 if (sk) {
1046 sco_sock_clear_timer(sk);
1047 lock_sock(sk);
1048 sk->sk_state = BT_CONNECTED;
1049 sk->sk_state_change(sk);
1050 release_sock(sk);
1051 } else {
1052 sco_conn_lock(conn);
1053
1054 if (!conn->hcon) {
1055 sco_conn_unlock(conn);
1056 return;
1057 }
1058
1059 parent = sco_get_sock_listen(&conn->hcon->src);
1060 if (!parent) {
1061 sco_conn_unlock(conn);
1062 return;
1063 }
1064
1065 lock_sock(parent);
1066
1067 sk = sco_sock_alloc(sock_net(parent), NULL,
1068 BTPROTO_SCO, GFP_ATOMIC, 0);
1069 if (!sk) {
1070 release_sock(parent);
1071 sco_conn_unlock(conn);
1072 return;
1073 }
1074
1075 sco_sock_init(sk, parent);
1076
1077 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1078 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1079
1080 hci_conn_hold(conn->hcon);
1081 __sco_chan_add(conn, sk, parent);
1082
1083 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1084 sk->sk_state = BT_CONNECT2;
1085 else
1086 sk->sk_state = BT_CONNECTED;
1087
1088 /* Wake up parent */
1089 parent->sk_data_ready(parent);
1090
1091 release_sock(parent);
1092
1093 sco_conn_unlock(conn);
1094 }
1095 }
1096
1097 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1098 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1099 {
1100 struct sock *sk;
1101 int lm = 0;
1102
1103 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1104
1105 /* Find listening sockets */
1106 read_lock(&sco_sk_list.lock);
1107 sk_for_each(sk, &sco_sk_list.head) {
1108 if (sk->sk_state != BT_LISTEN)
1109 continue;
1110
1111 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1112 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1113 lm |= HCI_LM_ACCEPT;
1114
1115 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1116 *flags |= HCI_PROTO_DEFER;
1117 break;
1118 }
1119 }
1120 read_unlock(&sco_sk_list.lock);
1121
1122 return lm;
1123 }
1124
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1125 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1126 {
1127 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1128 return;
1129
1130 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1131
1132 if (!status) {
1133 struct sco_conn *conn;
1134
1135 conn = sco_conn_add(hcon);
1136 if (conn)
1137 sco_conn_ready(conn);
1138 } else
1139 sco_conn_del(hcon, bt_to_errno(status));
1140 }
1141
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1142 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1143 {
1144 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1145 return;
1146
1147 BT_DBG("hcon %p reason %d", hcon, reason);
1148
1149 sco_conn_del(hcon, bt_to_errno(reason));
1150 }
1151
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1152 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1153 {
1154 struct sco_conn *conn = hcon->sco_data;
1155
1156 if (!conn)
1157 goto drop;
1158
1159 BT_DBG("conn %p len %d", conn, skb->len);
1160
1161 if (skb->len) {
1162 sco_recv_frame(conn, skb);
1163 return;
1164 }
1165
1166 drop:
1167 kfree_skb(skb);
1168 }
1169
1170 static struct hci_cb sco_cb = {
1171 .name = "SCO",
1172 .connect_cfm = sco_connect_cfm,
1173 .disconn_cfm = sco_disconn_cfm,
1174 };
1175
sco_debugfs_show(struct seq_file * f,void * p)1176 static int sco_debugfs_show(struct seq_file *f, void *p)
1177 {
1178 struct sock *sk;
1179
1180 read_lock(&sco_sk_list.lock);
1181
1182 sk_for_each(sk, &sco_sk_list.head) {
1183 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1184 &sco_pi(sk)->dst, sk->sk_state);
1185 }
1186
1187 read_unlock(&sco_sk_list.lock);
1188
1189 return 0;
1190 }
1191
sco_debugfs_open(struct inode * inode,struct file * file)1192 static int sco_debugfs_open(struct inode *inode, struct file *file)
1193 {
1194 return single_open(file, sco_debugfs_show, inode->i_private);
1195 }
1196
1197 static const struct file_operations sco_debugfs_fops = {
1198 .open = sco_debugfs_open,
1199 .read = seq_read,
1200 .llseek = seq_lseek,
1201 .release = single_release,
1202 };
1203
1204 static struct dentry *sco_debugfs;
1205
1206 static const struct proto_ops sco_sock_ops = {
1207 .family = PF_BLUETOOTH,
1208 .owner = THIS_MODULE,
1209 .release = sco_sock_release,
1210 .bind = sco_sock_bind,
1211 .connect = sco_sock_connect,
1212 .listen = sco_sock_listen,
1213 .accept = sco_sock_accept,
1214 .getname = sco_sock_getname,
1215 .sendmsg = sco_sock_sendmsg,
1216 .recvmsg = sco_sock_recvmsg,
1217 .poll = bt_sock_poll,
1218 .ioctl = bt_sock_ioctl,
1219 .mmap = sock_no_mmap,
1220 .socketpair = sock_no_socketpair,
1221 .shutdown = sco_sock_shutdown,
1222 .setsockopt = sco_sock_setsockopt,
1223 .getsockopt = sco_sock_getsockopt
1224 };
1225
1226 static const struct net_proto_family sco_sock_family_ops = {
1227 .family = PF_BLUETOOTH,
1228 .owner = THIS_MODULE,
1229 .create = sco_sock_create,
1230 };
1231
sco_init(void)1232 int __init sco_init(void)
1233 {
1234 int err;
1235
1236 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1237
1238 err = proto_register(&sco_proto, 0);
1239 if (err < 0)
1240 return err;
1241
1242 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1243 if (err < 0) {
1244 BT_ERR("SCO socket registration failed");
1245 goto error;
1246 }
1247
1248 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1249 if (err < 0) {
1250 BT_ERR("Failed to create SCO proc file");
1251 bt_sock_unregister(BTPROTO_SCO);
1252 goto error;
1253 }
1254
1255 BT_INFO("SCO socket layer initialized");
1256
1257 hci_register_cb(&sco_cb);
1258
1259 if (IS_ERR_OR_NULL(bt_debugfs))
1260 return 0;
1261
1262 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1263 NULL, &sco_debugfs_fops);
1264
1265 return 0;
1266
1267 error:
1268 proto_unregister(&sco_proto);
1269 return err;
1270 }
1271
sco_exit(void)1272 void sco_exit(void)
1273 {
1274 bt_procfs_cleanup(&init_net, "sco");
1275
1276 debugfs_remove(sco_debugfs);
1277
1278 hci_unregister_cb(&sco_cb);
1279
1280 bt_sock_unregister(BTPROTO_SCO);
1281
1282 proto_unregister(&sco_proto);
1283 }
1284
1285 module_param(disable_esco, bool, 0644);
1286 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1287