1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 };
55
56 #define sco_conn_lock(c) spin_lock(&c->lock);
57 #define sco_conn_unlock(c) spin_unlock(&c->lock);
58
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65 struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73 };
74
75 /* ---- SCO timers ---- */
76 #define SCO_CONN_TIMEOUT (HZ * 40)
77 #define SCO_DISCONN_TIMEOUT (HZ * 2)
78
sco_sock_timeout(struct work_struct * work)79 static void sco_sock_timeout(struct work_struct *work)
80 {
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 release_sock(sk);
100
101 sock_put(sk);
102 }
103
sco_sock_set_timer(struct sock * sk,long timeout)104 static void sco_sock_set_timer(struct sock *sk, long timeout)
105 {
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112 }
113
sco_sock_clear_timer(struct sock * sk)114 static void sco_sock_clear_timer(struct sock *sk)
115 {
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121 }
122
123 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125 {
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137
138 hcon->sco_data = conn;
139 conn->hcon = hcon;
140
141 if (hdev->sco_mtu > 0)
142 conn->mtu = hdev->sco_mtu;
143 else
144 conn->mtu = 60;
145
146 BT_DBG("hcon %p conn %p", hcon, conn);
147
148 return conn;
149 }
150
151 /* Delete channel.
152 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)153 static void sco_chan_del(struct sock *sk, int err)
154 {
155 struct sco_conn *conn;
156
157 conn = sco_pi(sk)->conn;
158
159 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
160
161 if (conn) {
162 sco_conn_lock(conn);
163 conn->sk = NULL;
164 sco_pi(sk)->conn = NULL;
165 sco_conn_unlock(conn);
166
167 if (conn->hcon)
168 hci_conn_drop(conn->hcon);
169 }
170
171 sk->sk_state = BT_CLOSED;
172 sk->sk_err = err;
173 sk->sk_state_change(sk);
174
175 sock_set_flag(sk, SOCK_ZAPPED);
176 }
177
sco_conn_del(struct hci_conn * hcon,int err)178 static void sco_conn_del(struct hci_conn *hcon, int err)
179 {
180 struct sco_conn *conn = hcon->sco_data;
181 struct sock *sk;
182
183 if (!conn)
184 return;
185
186 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
187
188 /* Kill socket */
189 sco_conn_lock(conn);
190 sk = conn->sk;
191 sco_conn_unlock(conn);
192
193 if (sk) {
194 sock_hold(sk);
195 lock_sock(sk);
196 sco_sock_clear_timer(sk);
197 sco_chan_del(sk, err);
198 release_sock(sk);
199 sock_put(sk);
200
201 /* Ensure no more work items will run before freeing conn. */
202 cancel_delayed_work_sync(&conn->timeout_work);
203 }
204
205 hcon->sco_data = NULL;
206 kfree(conn);
207 }
208
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)209 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
210 struct sock *parent)
211 {
212 BT_DBG("conn %p", conn);
213
214 sco_pi(sk)->conn = conn;
215 conn->sk = sk;
216
217 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
218
219 if (parent)
220 bt_accept_enqueue(parent, sk, true);
221 }
222
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)223 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
224 struct sock *parent)
225 {
226 int err = 0;
227
228 sco_conn_lock(conn);
229 if (conn->sk)
230 err = -EBUSY;
231 else
232 __sco_chan_add(conn, sk, parent);
233
234 sco_conn_unlock(conn);
235 return err;
236 }
237
sco_connect(struct hci_dev * hdev,struct sock * sk)238 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
239 {
240 struct sco_conn *conn;
241 struct hci_conn *hcon;
242 int err, type;
243
244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
245
246 if (lmp_esco_capable(hdev) && !disable_esco)
247 type = ESCO_LINK;
248 else
249 type = SCO_LINK;
250
251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
253 return -EOPNOTSUPP;
254
255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
256 sco_pi(sk)->setting);
257 if (IS_ERR(hcon))
258 return PTR_ERR(hcon);
259
260 conn = sco_conn_add(hcon);
261 if (!conn) {
262 hci_conn_drop(hcon);
263 return -ENOMEM;
264 }
265
266 /* Update source addr of the socket */
267 bacpy(&sco_pi(sk)->src, &hcon->src);
268
269 err = sco_chan_add(conn, sk, NULL);
270 if (err)
271 return err;
272
273 if (hcon->state == BT_CONNECTED) {
274 sco_sock_clear_timer(sk);
275 sk->sk_state = BT_CONNECTED;
276 } else {
277 sk->sk_state = BT_CONNECT;
278 sco_sock_set_timer(sk, sk->sk_sndtimeo);
279 }
280
281 return err;
282 }
283
sco_send_frame(struct sock * sk,void * buf,int len,unsigned int msg_flags)284 static int sco_send_frame(struct sock *sk, void *buf, int len,
285 unsigned int msg_flags)
286 {
287 struct sco_conn *conn = sco_pi(sk)->conn;
288 struct sk_buff *skb;
289 int err;
290
291 /* Check outgoing MTU */
292 if (len > conn->mtu)
293 return -EINVAL;
294
295 BT_DBG("sk %p len %d", sk, len);
296
297 skb = bt_skb_send_alloc(sk, len, msg_flags & MSG_DONTWAIT, &err);
298 if (!skb)
299 return err;
300
301 memcpy(skb_put(skb, len), buf, len);
302 hci_send_sco(conn->hcon, skb);
303
304 return len;
305 }
306
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)307 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
308 {
309 struct sock *sk;
310
311 sco_conn_lock(conn);
312 sk = conn->sk;
313 sco_conn_unlock(conn);
314
315 if (!sk)
316 goto drop;
317
318 BT_DBG("sk %p len %d", sk, skb->len);
319
320 if (sk->sk_state != BT_CONNECTED)
321 goto drop;
322
323 if (!sock_queue_rcv_skb(sk, skb))
324 return;
325
326 drop:
327 kfree_skb(skb);
328 }
329
330 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)331 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
332 {
333 struct sock *sk;
334
335 sk_for_each(sk, &sco_sk_list.head) {
336 if (sk->sk_state != BT_LISTEN)
337 continue;
338
339 if (!bacmp(&sco_pi(sk)->src, ba))
340 return sk;
341 }
342
343 return NULL;
344 }
345
346 /* Find socket listening on source bdaddr.
347 * Returns closest match.
348 */
sco_get_sock_listen(bdaddr_t * src)349 static struct sock *sco_get_sock_listen(bdaddr_t *src)
350 {
351 struct sock *sk = NULL, *sk1 = NULL;
352
353 read_lock(&sco_sk_list.lock);
354
355 sk_for_each(sk, &sco_sk_list.head) {
356 if (sk->sk_state != BT_LISTEN)
357 continue;
358
359 /* Exact match. */
360 if (!bacmp(&sco_pi(sk)->src, src))
361 break;
362
363 /* Closest match */
364 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
365 sk1 = sk;
366 }
367
368 read_unlock(&sco_sk_list.lock);
369
370 return sk ? sk : sk1;
371 }
372
sco_sock_destruct(struct sock * sk)373 static void sco_sock_destruct(struct sock *sk)
374 {
375 BT_DBG("sk %p", sk);
376
377 skb_queue_purge(&sk->sk_receive_queue);
378 skb_queue_purge(&sk->sk_write_queue);
379 }
380
sco_sock_cleanup_listen(struct sock * parent)381 static void sco_sock_cleanup_listen(struct sock *parent)
382 {
383 struct sock *sk;
384
385 BT_DBG("parent %p", parent);
386
387 /* Close not yet accepted channels */
388 while ((sk = bt_accept_dequeue(parent, NULL))) {
389 sco_sock_close(sk);
390 sco_sock_kill(sk);
391 }
392
393 parent->sk_state = BT_CLOSED;
394 sock_set_flag(parent, SOCK_ZAPPED);
395 }
396
397 /* Kill socket (only if zapped and orphan)
398 * Must be called on unlocked socket.
399 */
sco_sock_kill(struct sock * sk)400 static void sco_sock_kill(struct sock *sk)
401 {
402 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
403 return;
404
405 BT_DBG("sk %p state %d", sk, sk->sk_state);
406
407 /* Kill poor orphan */
408 bt_sock_unlink(&sco_sk_list, sk);
409 sock_set_flag(sk, SOCK_DEAD);
410 sock_put(sk);
411 }
412
__sco_sock_close(struct sock * sk)413 static void __sco_sock_close(struct sock *sk)
414 {
415 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
416
417 switch (sk->sk_state) {
418 case BT_LISTEN:
419 sco_sock_cleanup_listen(sk);
420 break;
421
422 case BT_CONNECTED:
423 case BT_CONFIG:
424 if (sco_pi(sk)->conn->hcon) {
425 sk->sk_state = BT_DISCONN;
426 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
427 sco_conn_lock(sco_pi(sk)->conn);
428 hci_conn_drop(sco_pi(sk)->conn->hcon);
429 sco_pi(sk)->conn->hcon = NULL;
430 sco_conn_unlock(sco_pi(sk)->conn);
431 } else
432 sco_chan_del(sk, ECONNRESET);
433 break;
434
435 case BT_CONNECT2:
436 case BT_CONNECT:
437 case BT_DISCONN:
438 sco_chan_del(sk, ECONNRESET);
439 break;
440
441 default:
442 sock_set_flag(sk, SOCK_ZAPPED);
443 break;
444 }
445 }
446
447 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)448 static void sco_sock_close(struct sock *sk)
449 {
450 sco_sock_clear_timer(sk);
451 lock_sock(sk);
452 __sco_sock_close(sk);
453 release_sock(sk);
454 }
455
sco_skb_put_cmsg(struct sk_buff * skb,struct msghdr * msg,struct sock * sk)456 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
457 struct sock *sk)
458 {
459 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
460 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
461 sizeof(bt_cb(skb)->sco.pkt_status),
462 &bt_cb(skb)->sco.pkt_status);
463 }
464
sco_sock_init(struct sock * sk,struct sock * parent)465 static void sco_sock_init(struct sock *sk, struct sock *parent)
466 {
467 BT_DBG("sk %p", sk);
468
469 if (parent) {
470 sk->sk_type = parent->sk_type;
471 bt_sk(sk)->flags = bt_sk(parent)->flags;
472 security_sk_clone(parent, sk);
473 } else {
474 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
475 }
476 }
477
478 static struct proto sco_proto = {
479 .name = "SCO",
480 .owner = THIS_MODULE,
481 .obj_size = sizeof(struct sco_pinfo)
482 };
483
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)484 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
485 int proto, gfp_t prio, int kern)
486 {
487 struct sock *sk;
488
489 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
490 if (!sk)
491 return NULL;
492
493 sock_init_data(sock, sk);
494 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
495
496 sk->sk_destruct = sco_sock_destruct;
497 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
498
499 sock_reset_flag(sk, SOCK_ZAPPED);
500
501 sk->sk_protocol = proto;
502 sk->sk_state = BT_OPEN;
503
504 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
505
506 bt_sock_link(&sco_sk_list, sk);
507 return sk;
508 }
509
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)510 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
511 int kern)
512 {
513 struct sock *sk;
514
515 BT_DBG("sock %p", sock);
516
517 sock->state = SS_UNCONNECTED;
518
519 if (sock->type != SOCK_SEQPACKET)
520 return -ESOCKTNOSUPPORT;
521
522 sock->ops = &sco_sock_ops;
523
524 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
525 if (!sk)
526 return -ENOMEM;
527
528 sco_sock_init(sk, NULL);
529 return 0;
530 }
531
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)532 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
533 int addr_len)
534 {
535 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
536 struct sock *sk = sock->sk;
537 int err = 0;
538
539 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
540 addr->sa_family != AF_BLUETOOTH)
541 return -EINVAL;
542
543 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
544
545 lock_sock(sk);
546
547 if (sk->sk_state != BT_OPEN) {
548 err = -EBADFD;
549 goto done;
550 }
551
552 if (sk->sk_type != SOCK_SEQPACKET) {
553 err = -EINVAL;
554 goto done;
555 }
556
557 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
558
559 sk->sk_state = BT_BOUND;
560
561 done:
562 release_sock(sk);
563 return err;
564 }
565
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)566 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
567 {
568 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
569 struct sock *sk = sock->sk;
570 struct hci_dev *hdev;
571 int err;
572
573 BT_DBG("sk %p", sk);
574
575 if (alen < sizeof(struct sockaddr_sco) ||
576 addr->sa_family != AF_BLUETOOTH)
577 return -EINVAL;
578
579 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
580 return -EBADFD;
581
582 if (sk->sk_type != SOCK_SEQPACKET)
583 return -EINVAL;
584
585 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
586 if (!hdev)
587 return -EHOSTUNREACH;
588 hci_dev_lock(hdev);
589
590 lock_sock(sk);
591
592 /* Set destination address and psm */
593 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
594
595 err = sco_connect(hdev, sk);
596 hci_dev_unlock(hdev);
597 hci_dev_put(hdev);
598 if (err)
599 goto done;
600
601 err = bt_sock_wait_state(sk, BT_CONNECTED,
602 sock_sndtimeo(sk, flags & O_NONBLOCK));
603
604 done:
605 release_sock(sk);
606 return err;
607 }
608
sco_sock_listen(struct socket * sock,int backlog)609 static int sco_sock_listen(struct socket *sock, int backlog)
610 {
611 struct sock *sk = sock->sk;
612 bdaddr_t *src = &sco_pi(sk)->src;
613 int err = 0;
614
615 BT_DBG("sk %p backlog %d", sk, backlog);
616
617 lock_sock(sk);
618
619 if (sk->sk_state != BT_BOUND) {
620 err = -EBADFD;
621 goto done;
622 }
623
624 if (sk->sk_type != SOCK_SEQPACKET) {
625 err = -EINVAL;
626 goto done;
627 }
628
629 write_lock(&sco_sk_list.lock);
630
631 if (__sco_get_sock_listen_by_addr(src)) {
632 err = -EADDRINUSE;
633 goto unlock;
634 }
635
636 sk->sk_max_ack_backlog = backlog;
637 sk->sk_ack_backlog = 0;
638
639 sk->sk_state = BT_LISTEN;
640
641 unlock:
642 write_unlock(&sco_sk_list.lock);
643
644 done:
645 release_sock(sk);
646 return err;
647 }
648
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)649 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
650 int flags, bool kern)
651 {
652 DEFINE_WAIT_FUNC(wait, woken_wake_function);
653 struct sock *sk = sock->sk, *ch;
654 long timeo;
655 int err = 0;
656
657 lock_sock(sk);
658
659 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
660
661 BT_DBG("sk %p timeo %ld", sk, timeo);
662
663 /* Wait for an incoming connection. (wake-one). */
664 add_wait_queue_exclusive(sk_sleep(sk), &wait);
665 while (1) {
666 if (sk->sk_state != BT_LISTEN) {
667 err = -EBADFD;
668 break;
669 }
670
671 ch = bt_accept_dequeue(sk, newsock);
672 if (ch)
673 break;
674
675 if (!timeo) {
676 err = -EAGAIN;
677 break;
678 }
679
680 if (signal_pending(current)) {
681 err = sock_intr_errno(timeo);
682 break;
683 }
684
685 release_sock(sk);
686
687 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
688 lock_sock(sk);
689 }
690 remove_wait_queue(sk_sleep(sk), &wait);
691
692 if (err)
693 goto done;
694
695 newsock->state = SS_CONNECTED;
696
697 BT_DBG("new socket %p", ch);
698
699 done:
700 release_sock(sk);
701 return err;
702 }
703
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)704 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
705 int peer)
706 {
707 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
708 struct sock *sk = sock->sk;
709
710 BT_DBG("sock %p, sk %p", sock, sk);
711
712 addr->sa_family = AF_BLUETOOTH;
713
714 if (peer)
715 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
716 else
717 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
718
719 return sizeof(struct sockaddr_sco);
720 }
721
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)722 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
723 size_t len)
724 {
725 struct sock *sk = sock->sk;
726 void *buf;
727 int err;
728
729 BT_DBG("sock %p, sk %p", sock, sk);
730
731 err = sock_error(sk);
732 if (err)
733 return err;
734
735 if (msg->msg_flags & MSG_OOB)
736 return -EOPNOTSUPP;
737
738 buf = kmalloc(len, GFP_KERNEL);
739 if (!buf)
740 return -ENOMEM;
741
742 if (memcpy_from_msg(buf, msg, len)) {
743 kfree(buf);
744 return -EFAULT;
745 }
746
747 lock_sock(sk);
748
749 if (sk->sk_state == BT_CONNECTED)
750 err = sco_send_frame(sk, buf, len, msg->msg_flags);
751 else
752 err = -ENOTCONN;
753
754 release_sock(sk);
755 kfree(buf);
756 return err;
757 }
758
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)759 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
760 {
761 struct hci_dev *hdev = conn->hdev;
762
763 BT_DBG("conn %p", conn);
764
765 conn->state = BT_CONFIG;
766
767 if (!lmp_esco_capable(hdev)) {
768 struct hci_cp_accept_conn_req cp;
769
770 bacpy(&cp.bdaddr, &conn->dst);
771 cp.role = 0x00; /* Ignored */
772
773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
774 } else {
775 struct hci_cp_accept_sync_conn_req cp;
776
777 bacpy(&cp.bdaddr, &conn->dst);
778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
779
780 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
781 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
782 cp.content_format = cpu_to_le16(setting);
783
784 switch (setting & SCO_AIRMODE_MASK) {
785 case SCO_AIRMODE_TRANSP:
786 if (conn->pkt_type & ESCO_2EV3)
787 cp.max_latency = cpu_to_le16(0x0008);
788 else
789 cp.max_latency = cpu_to_le16(0x000D);
790 cp.retrans_effort = 0x02;
791 break;
792 case SCO_AIRMODE_CVSD:
793 cp.max_latency = cpu_to_le16(0xffff);
794 cp.retrans_effort = 0xff;
795 break;
796 default:
797 /* use CVSD settings as fallback */
798 cp.max_latency = cpu_to_le16(0xffff);
799 cp.retrans_effort = 0xff;
800 break;
801 }
802
803 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
804 sizeof(cp), &cp);
805 }
806 }
807
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)808 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
809 size_t len, int flags)
810 {
811 struct sock *sk = sock->sk;
812 struct sco_pinfo *pi = sco_pi(sk);
813
814 lock_sock(sk);
815
816 if (sk->sk_state == BT_CONNECT2 &&
817 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
818 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
819 sk->sk_state = BT_CONFIG;
820
821 release_sock(sk);
822 return 0;
823 }
824
825 release_sock(sk);
826
827 return bt_sock_recvmsg(sock, msg, len, flags);
828 }
829
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)830 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
831 sockptr_t optval, unsigned int optlen)
832 {
833 struct sock *sk = sock->sk;
834 int len, err = 0;
835 struct bt_voice voice;
836 u32 opt;
837
838 BT_DBG("sk %p", sk);
839
840 lock_sock(sk);
841
842 switch (optname) {
843
844 case BT_DEFER_SETUP:
845 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
846 err = -EINVAL;
847 break;
848 }
849
850 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
851 err = -EFAULT;
852 break;
853 }
854
855 if (opt)
856 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
857 else
858 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
859 break;
860
861 case BT_VOICE:
862 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
863 sk->sk_state != BT_CONNECT2) {
864 err = -EINVAL;
865 break;
866 }
867
868 voice.setting = sco_pi(sk)->setting;
869
870 len = min_t(unsigned int, sizeof(voice), optlen);
871 if (copy_from_sockptr(&voice, optval, len)) {
872 err = -EFAULT;
873 break;
874 }
875
876 /* Explicitly check for these values */
877 if (voice.setting != BT_VOICE_TRANSPARENT &&
878 voice.setting != BT_VOICE_CVSD_16BIT) {
879 err = -EINVAL;
880 break;
881 }
882
883 sco_pi(sk)->setting = voice.setting;
884 break;
885
886 case BT_PKT_STATUS:
887 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
888 err = -EFAULT;
889 break;
890 }
891
892 if (opt)
893 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
894 else
895 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
896 break;
897
898 default:
899 err = -ENOPROTOOPT;
900 break;
901 }
902
903 release_sock(sk);
904 return err;
905 }
906
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)907 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
908 char __user *optval, int __user *optlen)
909 {
910 struct sock *sk = sock->sk;
911 struct sco_options opts;
912 struct sco_conninfo cinfo;
913 int len, err = 0;
914
915 BT_DBG("sk %p", sk);
916
917 if (get_user(len, optlen))
918 return -EFAULT;
919
920 lock_sock(sk);
921
922 switch (optname) {
923 case SCO_OPTIONS:
924 if (sk->sk_state != BT_CONNECTED &&
925 !(sk->sk_state == BT_CONNECT2 &&
926 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
927 err = -ENOTCONN;
928 break;
929 }
930
931 opts.mtu = sco_pi(sk)->conn->mtu;
932
933 BT_DBG("mtu %d", opts.mtu);
934
935 len = min_t(unsigned int, len, sizeof(opts));
936 if (copy_to_user(optval, (char *)&opts, len))
937 err = -EFAULT;
938
939 break;
940
941 case SCO_CONNINFO:
942 if (sk->sk_state != BT_CONNECTED &&
943 !(sk->sk_state == BT_CONNECT2 &&
944 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
945 err = -ENOTCONN;
946 break;
947 }
948
949 memset(&cinfo, 0, sizeof(cinfo));
950 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
951 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
952
953 len = min_t(unsigned int, len, sizeof(cinfo));
954 if (copy_to_user(optval, (char *)&cinfo, len))
955 err = -EFAULT;
956
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 release_sock(sk);
965 return err;
966 }
967
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)968 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
969 char __user *optval, int __user *optlen)
970 {
971 struct sock *sk = sock->sk;
972 int len, err = 0;
973 struct bt_voice voice;
974 u32 phys;
975 int pkt_status;
976
977 BT_DBG("sk %p", sk);
978
979 if (level == SOL_SCO)
980 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
981
982 if (get_user(len, optlen))
983 return -EFAULT;
984
985 lock_sock(sk);
986
987 switch (optname) {
988
989 case BT_DEFER_SETUP:
990 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
991 err = -EINVAL;
992 break;
993 }
994
995 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
996 (u32 __user *)optval))
997 err = -EFAULT;
998
999 break;
1000
1001 case BT_VOICE:
1002 voice.setting = sco_pi(sk)->setting;
1003
1004 len = min_t(unsigned int, len, sizeof(voice));
1005 if (copy_to_user(optval, (char *)&voice, len))
1006 err = -EFAULT;
1007
1008 break;
1009
1010 case BT_PHY:
1011 if (sk->sk_state != BT_CONNECTED) {
1012 err = -ENOTCONN;
1013 break;
1014 }
1015
1016 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1017
1018 if (put_user(phys, (u32 __user *) optval))
1019 err = -EFAULT;
1020 break;
1021
1022 case BT_PKT_STATUS:
1023 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1024
1025 if (put_user(pkt_status, (int __user *)optval))
1026 err = -EFAULT;
1027 break;
1028
1029 case BT_SNDMTU:
1030 case BT_RCVMTU:
1031 if (sk->sk_state != BT_CONNECTED) {
1032 err = -ENOTCONN;
1033 break;
1034 }
1035
1036 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1037 err = -EFAULT;
1038 break;
1039
1040 default:
1041 err = -ENOPROTOOPT;
1042 break;
1043 }
1044
1045 release_sock(sk);
1046 return err;
1047 }
1048
sco_sock_shutdown(struct socket * sock,int how)1049 static int sco_sock_shutdown(struct socket *sock, int how)
1050 {
1051 struct sock *sk = sock->sk;
1052 int err = 0;
1053
1054 BT_DBG("sock %p, sk %p", sock, sk);
1055
1056 if (!sk)
1057 return 0;
1058
1059 sock_hold(sk);
1060 lock_sock(sk);
1061
1062 if (!sk->sk_shutdown) {
1063 sk->sk_shutdown = SHUTDOWN_MASK;
1064 sco_sock_clear_timer(sk);
1065 __sco_sock_close(sk);
1066
1067 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1068 !(current->flags & PF_EXITING))
1069 err = bt_sock_wait_state(sk, BT_CLOSED,
1070 sk->sk_lingertime);
1071 }
1072
1073 release_sock(sk);
1074 sock_put(sk);
1075
1076 return err;
1077 }
1078
sco_sock_release(struct socket * sock)1079 static int sco_sock_release(struct socket *sock)
1080 {
1081 struct sock *sk = sock->sk;
1082 int err = 0;
1083
1084 BT_DBG("sock %p, sk %p", sock, sk);
1085
1086 if (!sk)
1087 return 0;
1088
1089 sco_sock_close(sk);
1090
1091 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1092 !(current->flags & PF_EXITING)) {
1093 lock_sock(sk);
1094 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1095 release_sock(sk);
1096 }
1097
1098 sock_orphan(sk);
1099 sco_sock_kill(sk);
1100 return err;
1101 }
1102
sco_conn_ready(struct sco_conn * conn)1103 static void sco_conn_ready(struct sco_conn *conn)
1104 {
1105 struct sock *parent;
1106 struct sock *sk = conn->sk;
1107
1108 BT_DBG("conn %p", conn);
1109
1110 if (sk) {
1111 sco_sock_clear_timer(sk);
1112 lock_sock(sk);
1113 sk->sk_state = BT_CONNECTED;
1114 sk->sk_state_change(sk);
1115 release_sock(sk);
1116 } else {
1117 sco_conn_lock(conn);
1118
1119 if (!conn->hcon) {
1120 sco_conn_unlock(conn);
1121 return;
1122 }
1123
1124 parent = sco_get_sock_listen(&conn->hcon->src);
1125 if (!parent) {
1126 sco_conn_unlock(conn);
1127 return;
1128 }
1129
1130 lock_sock(parent);
1131
1132 sk = sco_sock_alloc(sock_net(parent), NULL,
1133 BTPROTO_SCO, GFP_ATOMIC, 0);
1134 if (!sk) {
1135 release_sock(parent);
1136 sco_conn_unlock(conn);
1137 return;
1138 }
1139
1140 sco_sock_init(sk, parent);
1141
1142 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1143 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1144
1145 hci_conn_hold(conn->hcon);
1146 __sco_chan_add(conn, sk, parent);
1147
1148 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1149 sk->sk_state = BT_CONNECT2;
1150 else
1151 sk->sk_state = BT_CONNECTED;
1152
1153 /* Wake up parent */
1154 parent->sk_data_ready(parent);
1155
1156 release_sock(parent);
1157
1158 sco_conn_unlock(conn);
1159 }
1160 }
1161
1162 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1163 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1164 {
1165 struct sock *sk;
1166 int lm = 0;
1167
1168 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1169
1170 /* Find listening sockets */
1171 read_lock(&sco_sk_list.lock);
1172 sk_for_each(sk, &sco_sk_list.head) {
1173 if (sk->sk_state != BT_LISTEN)
1174 continue;
1175
1176 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1177 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1178 lm |= HCI_LM_ACCEPT;
1179
1180 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1181 *flags |= HCI_PROTO_DEFER;
1182 break;
1183 }
1184 }
1185 read_unlock(&sco_sk_list.lock);
1186
1187 return lm;
1188 }
1189
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1190 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1191 {
1192 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1193 return;
1194
1195 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1196
1197 if (!status) {
1198 struct sco_conn *conn;
1199
1200 conn = sco_conn_add(hcon);
1201 if (conn)
1202 sco_conn_ready(conn);
1203 } else
1204 sco_conn_del(hcon, bt_to_errno(status));
1205 }
1206
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1207 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1208 {
1209 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1210 return;
1211
1212 BT_DBG("hcon %p reason %d", hcon, reason);
1213
1214 sco_conn_del(hcon, bt_to_errno(reason));
1215 }
1216
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1217 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1218 {
1219 struct sco_conn *conn = hcon->sco_data;
1220
1221 if (!conn)
1222 goto drop;
1223
1224 BT_DBG("conn %p len %d", conn, skb->len);
1225
1226 if (skb->len) {
1227 sco_recv_frame(conn, skb);
1228 return;
1229 }
1230
1231 drop:
1232 kfree_skb(skb);
1233 }
1234
1235 static struct hci_cb sco_cb = {
1236 .name = "SCO",
1237 .connect_cfm = sco_connect_cfm,
1238 .disconn_cfm = sco_disconn_cfm,
1239 };
1240
sco_debugfs_show(struct seq_file * f,void * p)1241 static int sco_debugfs_show(struct seq_file *f, void *p)
1242 {
1243 struct sock *sk;
1244
1245 read_lock(&sco_sk_list.lock);
1246
1247 sk_for_each(sk, &sco_sk_list.head) {
1248 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1249 &sco_pi(sk)->dst, sk->sk_state);
1250 }
1251
1252 read_unlock(&sco_sk_list.lock);
1253
1254 return 0;
1255 }
1256
1257 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1258
1259 static struct dentry *sco_debugfs;
1260
1261 static const struct proto_ops sco_sock_ops = {
1262 .family = PF_BLUETOOTH,
1263 .owner = THIS_MODULE,
1264 .release = sco_sock_release,
1265 .bind = sco_sock_bind,
1266 .connect = sco_sock_connect,
1267 .listen = sco_sock_listen,
1268 .accept = sco_sock_accept,
1269 .getname = sco_sock_getname,
1270 .sendmsg = sco_sock_sendmsg,
1271 .recvmsg = sco_sock_recvmsg,
1272 .poll = bt_sock_poll,
1273 .ioctl = bt_sock_ioctl,
1274 .gettstamp = sock_gettstamp,
1275 .mmap = sock_no_mmap,
1276 .socketpair = sock_no_socketpair,
1277 .shutdown = sco_sock_shutdown,
1278 .setsockopt = sco_sock_setsockopt,
1279 .getsockopt = sco_sock_getsockopt
1280 };
1281
1282 static const struct net_proto_family sco_sock_family_ops = {
1283 .family = PF_BLUETOOTH,
1284 .owner = THIS_MODULE,
1285 .create = sco_sock_create,
1286 };
1287
sco_init(void)1288 int __init sco_init(void)
1289 {
1290 int err;
1291
1292 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1293
1294 err = proto_register(&sco_proto, 0);
1295 if (err < 0)
1296 return err;
1297
1298 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1299 if (err < 0) {
1300 BT_ERR("SCO socket registration failed");
1301 goto error;
1302 }
1303
1304 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1305 if (err < 0) {
1306 BT_ERR("Failed to create SCO proc file");
1307 bt_sock_unregister(BTPROTO_SCO);
1308 goto error;
1309 }
1310
1311 BT_INFO("SCO socket layer initialized");
1312
1313 hci_register_cb(&sco_cb);
1314
1315 if (IS_ERR_OR_NULL(bt_debugfs))
1316 return 0;
1317
1318 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1319 NULL, &sco_debugfs_fops);
1320
1321 return 0;
1322
1323 error:
1324 proto_unregister(&sco_proto);
1325 return err;
1326 }
1327
sco_exit(void)1328 void sco_exit(void)
1329 {
1330 bt_procfs_cleanup(&init_net, "sco");
1331
1332 debugfs_remove(sco_debugfs);
1333
1334 hci_unregister_cb(&sco_cb);
1335
1336 bt_sock_unregister(BTPROTO_SCO);
1337
1338 proto_unregister(&sco_proto);
1339 }
1340
1341 module_param(disable_esco, bool, 0644);
1342 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1343