1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 };
55
56 #define sco_conn_lock(c) spin_lock(&c->lock);
57 #define sco_conn_unlock(c) spin_unlock(&c->lock);
58
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65 struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73 };
74
75 /* ---- SCO timers ---- */
76 #define SCO_CONN_TIMEOUT (HZ * 40)
77 #define SCO_DISCONN_TIMEOUT (HZ * 2)
78
sco_sock_timeout(struct work_struct * work)79 static void sco_sock_timeout(struct work_struct *work)
80 {
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 release_sock(sk);
100
101 sock_put(sk);
102 }
103
sco_sock_set_timer(struct sock * sk,long timeout)104 static void sco_sock_set_timer(struct sock *sk, long timeout)
105 {
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112 }
113
sco_sock_clear_timer(struct sock * sk)114 static void sco_sock_clear_timer(struct sock *sk)
115 {
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121 }
122
123 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125 {
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
138
139 hcon->sco_data = conn;
140 conn->hcon = hcon;
141
142 if (hdev->sco_mtu > 0)
143 conn->mtu = hdev->sco_mtu;
144 else
145 conn->mtu = 60;
146
147 BT_DBG("hcon %p conn %p", hcon, conn);
148
149 return conn;
150 }
151
152 /* Delete channel.
153 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)154 static void sco_chan_del(struct sock *sk, int err)
155 {
156 struct sco_conn *conn;
157
158 conn = sco_pi(sk)->conn;
159
160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
161
162 if (conn) {
163 sco_conn_lock(conn);
164 conn->sk = NULL;
165 sco_pi(sk)->conn = NULL;
166 sco_conn_unlock(conn);
167
168 if (conn->hcon)
169 hci_conn_drop(conn->hcon);
170 }
171
172 sk->sk_state = BT_CLOSED;
173 sk->sk_err = err;
174 sk->sk_state_change(sk);
175
176 sock_set_flag(sk, SOCK_ZAPPED);
177 }
178
sco_conn_del(struct hci_conn * hcon,int err)179 static void sco_conn_del(struct hci_conn *hcon, int err)
180 {
181 struct sco_conn *conn = hcon->sco_data;
182 struct sock *sk;
183
184 if (!conn)
185 return;
186
187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
188
189 /* Kill socket */
190 sco_conn_lock(conn);
191 sk = conn->sk;
192 sco_conn_unlock(conn);
193
194 if (sk) {
195 sock_hold(sk);
196 lock_sock(sk);
197 sco_sock_clear_timer(sk);
198 sco_chan_del(sk, err);
199 release_sock(sk);
200 sock_put(sk);
201 }
202
203 /* Ensure no more work items will run before freeing conn. */
204 cancel_delayed_work_sync(&conn->timeout_work);
205
206 hcon->sco_data = NULL;
207 kfree(conn);
208 }
209
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)210 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
211 struct sock *parent)
212 {
213 BT_DBG("conn %p", conn);
214
215 sco_pi(sk)->conn = conn;
216 conn->sk = sk;
217
218 if (parent)
219 bt_accept_enqueue(parent, sk, true);
220 }
221
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)222 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
223 struct sock *parent)
224 {
225 int err = 0;
226
227 sco_conn_lock(conn);
228 if (conn->sk)
229 err = -EBUSY;
230 else
231 __sco_chan_add(conn, sk, parent);
232
233 sco_conn_unlock(conn);
234 return err;
235 }
236
sco_connect(struct hci_dev * hdev,struct sock * sk)237 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
238 {
239 struct sco_conn *conn;
240 struct hci_conn *hcon;
241 int err, type;
242
243 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
244
245 if (lmp_esco_capable(hdev) && !disable_esco)
246 type = ESCO_LINK;
247 else
248 type = SCO_LINK;
249
250 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
251 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
252 return -EOPNOTSUPP;
253
254 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
255 sco_pi(sk)->setting);
256 if (IS_ERR(hcon))
257 return PTR_ERR(hcon);
258
259 conn = sco_conn_add(hcon);
260 if (!conn) {
261 hci_conn_drop(hcon);
262 return -ENOMEM;
263 }
264
265 /* Update source addr of the socket */
266 bacpy(&sco_pi(sk)->src, &hcon->src);
267
268 err = sco_chan_add(conn, sk, NULL);
269 if (err)
270 return err;
271
272 if (hcon->state == BT_CONNECTED) {
273 sco_sock_clear_timer(sk);
274 sk->sk_state = BT_CONNECTED;
275 } else {
276 sk->sk_state = BT_CONNECT;
277 sco_sock_set_timer(sk, sk->sk_sndtimeo);
278 }
279
280 return err;
281 }
282
sco_send_frame(struct sock * sk,void * buf,int len,unsigned int msg_flags)283 static int sco_send_frame(struct sock *sk, void *buf, int len,
284 unsigned int msg_flags)
285 {
286 struct sco_conn *conn = sco_pi(sk)->conn;
287 struct sk_buff *skb;
288 int err;
289
290 /* Check outgoing MTU */
291 if (len > conn->mtu)
292 return -EINVAL;
293
294 BT_DBG("sk %p len %d", sk, len);
295
296 skb = bt_skb_send_alloc(sk, len, msg_flags & MSG_DONTWAIT, &err);
297 if (!skb)
298 return err;
299
300 memcpy(skb_put(skb, len), buf, len);
301 hci_send_sco(conn->hcon, skb);
302
303 return len;
304 }
305
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)306 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
307 {
308 struct sock *sk;
309
310 sco_conn_lock(conn);
311 sk = conn->sk;
312 sco_conn_unlock(conn);
313
314 if (!sk)
315 goto drop;
316
317 BT_DBG("sk %p len %d", sk, skb->len);
318
319 if (sk->sk_state != BT_CONNECTED)
320 goto drop;
321
322 if (!sock_queue_rcv_skb(sk, skb))
323 return;
324
325 drop:
326 kfree_skb(skb);
327 }
328
329 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)330 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
331 {
332 struct sock *sk;
333
334 sk_for_each(sk, &sco_sk_list.head) {
335 if (sk->sk_state != BT_LISTEN)
336 continue;
337
338 if (!bacmp(&sco_pi(sk)->src, ba))
339 return sk;
340 }
341
342 return NULL;
343 }
344
345 /* Find socket listening on source bdaddr.
346 * Returns closest match.
347 */
sco_get_sock_listen(bdaddr_t * src)348 static struct sock *sco_get_sock_listen(bdaddr_t *src)
349 {
350 struct sock *sk = NULL, *sk1 = NULL;
351
352 read_lock(&sco_sk_list.lock);
353
354 sk_for_each(sk, &sco_sk_list.head) {
355 if (sk->sk_state != BT_LISTEN)
356 continue;
357
358 /* Exact match. */
359 if (!bacmp(&sco_pi(sk)->src, src))
360 break;
361
362 /* Closest match */
363 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
364 sk1 = sk;
365 }
366
367 read_unlock(&sco_sk_list.lock);
368
369 return sk ? sk : sk1;
370 }
371
sco_sock_destruct(struct sock * sk)372 static void sco_sock_destruct(struct sock *sk)
373 {
374 BT_DBG("sk %p", sk);
375
376 skb_queue_purge(&sk->sk_receive_queue);
377 skb_queue_purge(&sk->sk_write_queue);
378 }
379
sco_sock_cleanup_listen(struct sock * parent)380 static void sco_sock_cleanup_listen(struct sock *parent)
381 {
382 struct sock *sk;
383
384 BT_DBG("parent %p", parent);
385
386 /* Close not yet accepted channels */
387 while ((sk = bt_accept_dequeue(parent, NULL))) {
388 sco_sock_close(sk);
389 sco_sock_kill(sk);
390 }
391
392 parent->sk_state = BT_CLOSED;
393 sock_set_flag(parent, SOCK_ZAPPED);
394 }
395
396 /* Kill socket (only if zapped and orphan)
397 * Must be called on unlocked socket.
398 */
sco_sock_kill(struct sock * sk)399 static void sco_sock_kill(struct sock *sk)
400 {
401 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
402 return;
403
404 BT_DBG("sk %p state %d", sk, sk->sk_state);
405
406 /* Kill poor orphan */
407 bt_sock_unlink(&sco_sk_list, sk);
408 sock_set_flag(sk, SOCK_DEAD);
409 sock_put(sk);
410 }
411
__sco_sock_close(struct sock * sk)412 static void __sco_sock_close(struct sock *sk)
413 {
414 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
415
416 switch (sk->sk_state) {
417 case BT_LISTEN:
418 sco_sock_cleanup_listen(sk);
419 break;
420
421 case BT_CONNECTED:
422 case BT_CONFIG:
423 if (sco_pi(sk)->conn->hcon) {
424 sk->sk_state = BT_DISCONN;
425 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
426 sco_conn_lock(sco_pi(sk)->conn);
427 hci_conn_drop(sco_pi(sk)->conn->hcon);
428 sco_pi(sk)->conn->hcon = NULL;
429 sco_conn_unlock(sco_pi(sk)->conn);
430 } else
431 sco_chan_del(sk, ECONNRESET);
432 break;
433
434 case BT_CONNECT2:
435 case BT_CONNECT:
436 case BT_DISCONN:
437 sco_chan_del(sk, ECONNRESET);
438 break;
439
440 default:
441 sock_set_flag(sk, SOCK_ZAPPED);
442 break;
443 }
444 }
445
446 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)447 static void sco_sock_close(struct sock *sk)
448 {
449 sco_sock_clear_timer(sk);
450 lock_sock(sk);
451 __sco_sock_close(sk);
452 release_sock(sk);
453 }
454
sco_skb_put_cmsg(struct sk_buff * skb,struct msghdr * msg,struct sock * sk)455 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
456 struct sock *sk)
457 {
458 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
459 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
460 sizeof(bt_cb(skb)->sco.pkt_status),
461 &bt_cb(skb)->sco.pkt_status);
462 }
463
sco_sock_init(struct sock * sk,struct sock * parent)464 static void sco_sock_init(struct sock *sk, struct sock *parent)
465 {
466 BT_DBG("sk %p", sk);
467
468 if (parent) {
469 sk->sk_type = parent->sk_type;
470 bt_sk(sk)->flags = bt_sk(parent)->flags;
471 security_sk_clone(parent, sk);
472 } else {
473 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
474 }
475 }
476
477 static struct proto sco_proto = {
478 .name = "SCO",
479 .owner = THIS_MODULE,
480 .obj_size = sizeof(struct sco_pinfo)
481 };
482
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)483 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
484 int proto, gfp_t prio, int kern)
485 {
486 struct sock *sk;
487
488 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
489 if (!sk)
490 return NULL;
491
492 sock_init_data(sock, sk);
493 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
494
495 sk->sk_destruct = sco_sock_destruct;
496 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
497
498 sock_reset_flag(sk, SOCK_ZAPPED);
499
500 sk->sk_protocol = proto;
501 sk->sk_state = BT_OPEN;
502
503 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
504
505 bt_sock_link(&sco_sk_list, sk);
506 return sk;
507 }
508
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)509 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
510 int kern)
511 {
512 struct sock *sk;
513
514 BT_DBG("sock %p", sock);
515
516 sock->state = SS_UNCONNECTED;
517
518 if (sock->type != SOCK_SEQPACKET)
519 return -ESOCKTNOSUPPORT;
520
521 sock->ops = &sco_sock_ops;
522
523 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
524 if (!sk)
525 return -ENOMEM;
526
527 sco_sock_init(sk, NULL);
528 return 0;
529 }
530
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)531 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
532 int addr_len)
533 {
534 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
535 struct sock *sk = sock->sk;
536 int err = 0;
537
538 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
539 addr->sa_family != AF_BLUETOOTH)
540 return -EINVAL;
541
542 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
543
544 lock_sock(sk);
545
546 if (sk->sk_state != BT_OPEN) {
547 err = -EBADFD;
548 goto done;
549 }
550
551 if (sk->sk_type != SOCK_SEQPACKET) {
552 err = -EINVAL;
553 goto done;
554 }
555
556 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
557
558 sk->sk_state = BT_BOUND;
559
560 done:
561 release_sock(sk);
562 return err;
563 }
564
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)565 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
566 {
567 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
568 struct sock *sk = sock->sk;
569 struct hci_dev *hdev;
570 int err;
571
572 BT_DBG("sk %p", sk);
573
574 if (alen < sizeof(struct sockaddr_sco) ||
575 addr->sa_family != AF_BLUETOOTH)
576 return -EINVAL;
577
578 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
579 return -EBADFD;
580
581 if (sk->sk_type != SOCK_SEQPACKET)
582 return -EINVAL;
583
584 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
585 if (!hdev)
586 return -EHOSTUNREACH;
587 hci_dev_lock(hdev);
588
589 lock_sock(sk);
590
591 /* Set destination address and psm */
592 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
593
594 err = sco_connect(hdev, sk);
595 hci_dev_unlock(hdev);
596 hci_dev_put(hdev);
597 if (err)
598 goto done;
599
600 err = bt_sock_wait_state(sk, BT_CONNECTED,
601 sock_sndtimeo(sk, flags & O_NONBLOCK));
602
603 done:
604 release_sock(sk);
605 return err;
606 }
607
sco_sock_listen(struct socket * sock,int backlog)608 static int sco_sock_listen(struct socket *sock, int backlog)
609 {
610 struct sock *sk = sock->sk;
611 bdaddr_t *src = &sco_pi(sk)->src;
612 int err = 0;
613
614 BT_DBG("sk %p backlog %d", sk, backlog);
615
616 lock_sock(sk);
617
618 if (sk->sk_state != BT_BOUND) {
619 err = -EBADFD;
620 goto done;
621 }
622
623 if (sk->sk_type != SOCK_SEQPACKET) {
624 err = -EINVAL;
625 goto done;
626 }
627
628 write_lock(&sco_sk_list.lock);
629
630 if (__sco_get_sock_listen_by_addr(src)) {
631 err = -EADDRINUSE;
632 goto unlock;
633 }
634
635 sk->sk_max_ack_backlog = backlog;
636 sk->sk_ack_backlog = 0;
637
638 sk->sk_state = BT_LISTEN;
639
640 unlock:
641 write_unlock(&sco_sk_list.lock);
642
643 done:
644 release_sock(sk);
645 return err;
646 }
647
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)648 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
649 int flags, bool kern)
650 {
651 DEFINE_WAIT_FUNC(wait, woken_wake_function);
652 struct sock *sk = sock->sk, *ch;
653 long timeo;
654 int err = 0;
655
656 lock_sock(sk);
657
658 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
659
660 BT_DBG("sk %p timeo %ld", sk, timeo);
661
662 /* Wait for an incoming connection. (wake-one). */
663 add_wait_queue_exclusive(sk_sleep(sk), &wait);
664 while (1) {
665 if (sk->sk_state != BT_LISTEN) {
666 err = -EBADFD;
667 break;
668 }
669
670 ch = bt_accept_dequeue(sk, newsock);
671 if (ch)
672 break;
673
674 if (!timeo) {
675 err = -EAGAIN;
676 break;
677 }
678
679 if (signal_pending(current)) {
680 err = sock_intr_errno(timeo);
681 break;
682 }
683
684 release_sock(sk);
685
686 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
687 lock_sock(sk);
688 }
689 remove_wait_queue(sk_sleep(sk), &wait);
690
691 if (err)
692 goto done;
693
694 newsock->state = SS_CONNECTED;
695
696 BT_DBG("new socket %p", ch);
697
698 done:
699 release_sock(sk);
700 return err;
701 }
702
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)703 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
704 int peer)
705 {
706 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
707 struct sock *sk = sock->sk;
708
709 BT_DBG("sock %p, sk %p", sock, sk);
710
711 addr->sa_family = AF_BLUETOOTH;
712
713 if (peer)
714 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
715 else
716 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
717
718 return sizeof(struct sockaddr_sco);
719 }
720
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)721 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
722 size_t len)
723 {
724 struct sock *sk = sock->sk;
725 void *buf;
726 int err;
727
728 BT_DBG("sock %p, sk %p", sock, sk);
729
730 err = sock_error(sk);
731 if (err)
732 return err;
733
734 if (msg->msg_flags & MSG_OOB)
735 return -EOPNOTSUPP;
736
737 buf = kmalloc(len, GFP_KERNEL);
738 if (!buf)
739 return -ENOMEM;
740
741 if (memcpy_from_msg(buf, msg, len)) {
742 kfree(buf);
743 return -EFAULT;
744 }
745
746 lock_sock(sk);
747
748 if (sk->sk_state == BT_CONNECTED)
749 err = sco_send_frame(sk, buf, len, msg->msg_flags);
750 else
751 err = -ENOTCONN;
752
753 release_sock(sk);
754 kfree(buf);
755 return err;
756 }
757
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)758 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
759 {
760 struct hci_dev *hdev = conn->hdev;
761
762 BT_DBG("conn %p", conn);
763
764 conn->state = BT_CONFIG;
765
766 if (!lmp_esco_capable(hdev)) {
767 struct hci_cp_accept_conn_req cp;
768
769 bacpy(&cp.bdaddr, &conn->dst);
770 cp.role = 0x00; /* Ignored */
771
772 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
773 } else {
774 struct hci_cp_accept_sync_conn_req cp;
775
776 bacpy(&cp.bdaddr, &conn->dst);
777 cp.pkt_type = cpu_to_le16(conn->pkt_type);
778
779 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
780 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
781 cp.content_format = cpu_to_le16(setting);
782
783 switch (setting & SCO_AIRMODE_MASK) {
784 case SCO_AIRMODE_TRANSP:
785 if (conn->pkt_type & ESCO_2EV3)
786 cp.max_latency = cpu_to_le16(0x0008);
787 else
788 cp.max_latency = cpu_to_le16(0x000D);
789 cp.retrans_effort = 0x02;
790 break;
791 case SCO_AIRMODE_CVSD:
792 cp.max_latency = cpu_to_le16(0xffff);
793 cp.retrans_effort = 0xff;
794 break;
795 default:
796 /* use CVSD settings as fallback */
797 cp.max_latency = cpu_to_le16(0xffff);
798 cp.retrans_effort = 0xff;
799 break;
800 }
801
802 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
803 sizeof(cp), &cp);
804 }
805 }
806
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)807 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
808 size_t len, int flags)
809 {
810 struct sock *sk = sock->sk;
811 struct sco_pinfo *pi = sco_pi(sk);
812
813 lock_sock(sk);
814
815 if (sk->sk_state == BT_CONNECT2 &&
816 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
817 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
818 sk->sk_state = BT_CONFIG;
819
820 release_sock(sk);
821 return 0;
822 }
823
824 release_sock(sk);
825
826 return bt_sock_recvmsg(sock, msg, len, flags);
827 }
828
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)829 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
830 sockptr_t optval, unsigned int optlen)
831 {
832 struct sock *sk = sock->sk;
833 int len, err = 0;
834 struct bt_voice voice;
835 u32 opt;
836
837 BT_DBG("sk %p", sk);
838
839 lock_sock(sk);
840
841 switch (optname) {
842
843 case BT_DEFER_SETUP:
844 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
845 err = -EINVAL;
846 break;
847 }
848
849 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
850 err = -EFAULT;
851 break;
852 }
853
854 if (opt)
855 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
856 else
857 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
858 break;
859
860 case BT_VOICE:
861 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
862 sk->sk_state != BT_CONNECT2) {
863 err = -EINVAL;
864 break;
865 }
866
867 voice.setting = sco_pi(sk)->setting;
868
869 len = min_t(unsigned int, sizeof(voice), optlen);
870 if (copy_from_sockptr(&voice, optval, len)) {
871 err = -EFAULT;
872 break;
873 }
874
875 /* Explicitly check for these values */
876 if (voice.setting != BT_VOICE_TRANSPARENT &&
877 voice.setting != BT_VOICE_CVSD_16BIT) {
878 err = -EINVAL;
879 break;
880 }
881
882 sco_pi(sk)->setting = voice.setting;
883 break;
884
885 case BT_PKT_STATUS:
886 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
887 err = -EFAULT;
888 break;
889 }
890
891 if (opt)
892 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
893 else
894 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
895 break;
896
897 default:
898 err = -ENOPROTOOPT;
899 break;
900 }
901
902 release_sock(sk);
903 return err;
904 }
905
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)906 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
907 char __user *optval, int __user *optlen)
908 {
909 struct sock *sk = sock->sk;
910 struct sco_options opts;
911 struct sco_conninfo cinfo;
912 int len, err = 0;
913
914 BT_DBG("sk %p", sk);
915
916 if (get_user(len, optlen))
917 return -EFAULT;
918
919 lock_sock(sk);
920
921 switch (optname) {
922 case SCO_OPTIONS:
923 if (sk->sk_state != BT_CONNECTED &&
924 !(sk->sk_state == BT_CONNECT2 &&
925 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
926 err = -ENOTCONN;
927 break;
928 }
929
930 opts.mtu = sco_pi(sk)->conn->mtu;
931
932 BT_DBG("mtu %d", opts.mtu);
933
934 len = min_t(unsigned int, len, sizeof(opts));
935 if (copy_to_user(optval, (char *)&opts, len))
936 err = -EFAULT;
937
938 break;
939
940 case SCO_CONNINFO:
941 if (sk->sk_state != BT_CONNECTED &&
942 !(sk->sk_state == BT_CONNECT2 &&
943 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
944 err = -ENOTCONN;
945 break;
946 }
947
948 memset(&cinfo, 0, sizeof(cinfo));
949 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
950 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
951
952 len = min_t(unsigned int, len, sizeof(cinfo));
953 if (copy_to_user(optval, (char *)&cinfo, len))
954 err = -EFAULT;
955
956 break;
957
958 default:
959 err = -ENOPROTOOPT;
960 break;
961 }
962
963 release_sock(sk);
964 return err;
965 }
966
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)967 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
968 char __user *optval, int __user *optlen)
969 {
970 struct sock *sk = sock->sk;
971 int len, err = 0;
972 struct bt_voice voice;
973 u32 phys;
974 int pkt_status;
975
976 BT_DBG("sk %p", sk);
977
978 if (level == SOL_SCO)
979 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
980
981 if (get_user(len, optlen))
982 return -EFAULT;
983
984 lock_sock(sk);
985
986 switch (optname) {
987
988 case BT_DEFER_SETUP:
989 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
990 err = -EINVAL;
991 break;
992 }
993
994 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
995 (u32 __user *)optval))
996 err = -EFAULT;
997
998 break;
999
1000 case BT_VOICE:
1001 voice.setting = sco_pi(sk)->setting;
1002
1003 len = min_t(unsigned int, len, sizeof(voice));
1004 if (copy_to_user(optval, (char *)&voice, len))
1005 err = -EFAULT;
1006
1007 break;
1008
1009 case BT_PHY:
1010 if (sk->sk_state != BT_CONNECTED) {
1011 err = -ENOTCONN;
1012 break;
1013 }
1014
1015 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1016
1017 if (put_user(phys, (u32 __user *) optval))
1018 err = -EFAULT;
1019 break;
1020
1021 case BT_PKT_STATUS:
1022 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1023
1024 if (put_user(pkt_status, (int __user *)optval))
1025 err = -EFAULT;
1026 break;
1027
1028 case BT_SNDMTU:
1029 case BT_RCVMTU:
1030 if (sk->sk_state != BT_CONNECTED) {
1031 err = -ENOTCONN;
1032 break;
1033 }
1034
1035 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1036 err = -EFAULT;
1037 break;
1038
1039 default:
1040 err = -ENOPROTOOPT;
1041 break;
1042 }
1043
1044 release_sock(sk);
1045 return err;
1046 }
1047
sco_sock_shutdown(struct socket * sock,int how)1048 static int sco_sock_shutdown(struct socket *sock, int how)
1049 {
1050 struct sock *sk = sock->sk;
1051 int err = 0;
1052
1053 BT_DBG("sock %p, sk %p", sock, sk);
1054
1055 if (!sk)
1056 return 0;
1057
1058 sock_hold(sk);
1059 lock_sock(sk);
1060
1061 if (!sk->sk_shutdown) {
1062 sk->sk_shutdown = SHUTDOWN_MASK;
1063 sco_sock_clear_timer(sk);
1064 __sco_sock_close(sk);
1065
1066 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1067 !(current->flags & PF_EXITING))
1068 err = bt_sock_wait_state(sk, BT_CLOSED,
1069 sk->sk_lingertime);
1070 }
1071
1072 release_sock(sk);
1073 sock_put(sk);
1074
1075 return err;
1076 }
1077
sco_sock_release(struct socket * sock)1078 static int sco_sock_release(struct socket *sock)
1079 {
1080 struct sock *sk = sock->sk;
1081 int err = 0;
1082
1083 BT_DBG("sock %p, sk %p", sock, sk);
1084
1085 if (!sk)
1086 return 0;
1087
1088 sco_sock_close(sk);
1089
1090 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1091 !(current->flags & PF_EXITING)) {
1092 lock_sock(sk);
1093 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1094 release_sock(sk);
1095 }
1096
1097 sock_orphan(sk);
1098 sco_sock_kill(sk);
1099 return err;
1100 }
1101
sco_conn_ready(struct sco_conn * conn)1102 static void sco_conn_ready(struct sco_conn *conn)
1103 {
1104 struct sock *parent;
1105 struct sock *sk = conn->sk;
1106
1107 BT_DBG("conn %p", conn);
1108
1109 if (sk) {
1110 sco_sock_clear_timer(sk);
1111 lock_sock(sk);
1112 sk->sk_state = BT_CONNECTED;
1113 sk->sk_state_change(sk);
1114 release_sock(sk);
1115 } else {
1116 sco_conn_lock(conn);
1117
1118 if (!conn->hcon) {
1119 sco_conn_unlock(conn);
1120 return;
1121 }
1122
1123 parent = sco_get_sock_listen(&conn->hcon->src);
1124 if (!parent) {
1125 sco_conn_unlock(conn);
1126 return;
1127 }
1128
1129 lock_sock(parent);
1130
1131 sk = sco_sock_alloc(sock_net(parent), NULL,
1132 BTPROTO_SCO, GFP_ATOMIC, 0);
1133 if (!sk) {
1134 release_sock(parent);
1135 sco_conn_unlock(conn);
1136 return;
1137 }
1138
1139 sco_sock_init(sk, parent);
1140
1141 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1142 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1143
1144 hci_conn_hold(conn->hcon);
1145 __sco_chan_add(conn, sk, parent);
1146
1147 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1148 sk->sk_state = BT_CONNECT2;
1149 else
1150 sk->sk_state = BT_CONNECTED;
1151
1152 /* Wake up parent */
1153 parent->sk_data_ready(parent);
1154
1155 release_sock(parent);
1156
1157 sco_conn_unlock(conn);
1158 }
1159 }
1160
1161 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1162 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1163 {
1164 struct sock *sk;
1165 int lm = 0;
1166
1167 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1168
1169 /* Find listening sockets */
1170 read_lock(&sco_sk_list.lock);
1171 sk_for_each(sk, &sco_sk_list.head) {
1172 if (sk->sk_state != BT_LISTEN)
1173 continue;
1174
1175 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1176 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1177 lm |= HCI_LM_ACCEPT;
1178
1179 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1180 *flags |= HCI_PROTO_DEFER;
1181 break;
1182 }
1183 }
1184 read_unlock(&sco_sk_list.lock);
1185
1186 return lm;
1187 }
1188
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1189 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1190 {
1191 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1192 return;
1193
1194 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1195
1196 if (!status) {
1197 struct sco_conn *conn;
1198
1199 conn = sco_conn_add(hcon);
1200 if (conn)
1201 sco_conn_ready(conn);
1202 } else
1203 sco_conn_del(hcon, bt_to_errno(status));
1204 }
1205
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1206 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1207 {
1208 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1209 return;
1210
1211 BT_DBG("hcon %p reason %d", hcon, reason);
1212
1213 sco_conn_del(hcon, bt_to_errno(reason));
1214 }
1215
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1216 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1217 {
1218 struct sco_conn *conn = hcon->sco_data;
1219
1220 if (!conn)
1221 goto drop;
1222
1223 BT_DBG("conn %p len %d", conn, skb->len);
1224
1225 if (skb->len) {
1226 sco_recv_frame(conn, skb);
1227 return;
1228 }
1229
1230 drop:
1231 kfree_skb(skb);
1232 }
1233
1234 static struct hci_cb sco_cb = {
1235 .name = "SCO",
1236 .connect_cfm = sco_connect_cfm,
1237 .disconn_cfm = sco_disconn_cfm,
1238 };
1239
sco_debugfs_show(struct seq_file * f,void * p)1240 static int sco_debugfs_show(struct seq_file *f, void *p)
1241 {
1242 struct sock *sk;
1243
1244 read_lock(&sco_sk_list.lock);
1245
1246 sk_for_each(sk, &sco_sk_list.head) {
1247 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1248 &sco_pi(sk)->dst, sk->sk_state);
1249 }
1250
1251 read_unlock(&sco_sk_list.lock);
1252
1253 return 0;
1254 }
1255
1256 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1257
1258 static struct dentry *sco_debugfs;
1259
1260 static const struct proto_ops sco_sock_ops = {
1261 .family = PF_BLUETOOTH,
1262 .owner = THIS_MODULE,
1263 .release = sco_sock_release,
1264 .bind = sco_sock_bind,
1265 .connect = sco_sock_connect,
1266 .listen = sco_sock_listen,
1267 .accept = sco_sock_accept,
1268 .getname = sco_sock_getname,
1269 .sendmsg = sco_sock_sendmsg,
1270 .recvmsg = sco_sock_recvmsg,
1271 .poll = bt_sock_poll,
1272 .ioctl = bt_sock_ioctl,
1273 .gettstamp = sock_gettstamp,
1274 .mmap = sock_no_mmap,
1275 .socketpair = sock_no_socketpair,
1276 .shutdown = sco_sock_shutdown,
1277 .setsockopt = sco_sock_setsockopt,
1278 .getsockopt = sco_sock_getsockopt
1279 };
1280
1281 static const struct net_proto_family sco_sock_family_ops = {
1282 .family = PF_BLUETOOTH,
1283 .owner = THIS_MODULE,
1284 .create = sco_sock_create,
1285 };
1286
sco_init(void)1287 int __init sco_init(void)
1288 {
1289 int err;
1290
1291 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1292
1293 err = proto_register(&sco_proto, 0);
1294 if (err < 0)
1295 return err;
1296
1297 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1298 if (err < 0) {
1299 BT_ERR("SCO socket registration failed");
1300 goto error;
1301 }
1302
1303 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1304 if (err < 0) {
1305 BT_ERR("Failed to create SCO proc file");
1306 bt_sock_unregister(BTPROTO_SCO);
1307 goto error;
1308 }
1309
1310 BT_INFO("SCO socket layer initialized");
1311
1312 hci_register_cb(&sco_cb);
1313
1314 if (IS_ERR_OR_NULL(bt_debugfs))
1315 return 0;
1316
1317 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1318 NULL, &sco_debugfs_fops);
1319
1320 return 0;
1321
1322 error:
1323 proto_unregister(&sco_proto);
1324 return err;
1325 }
1326
sco_exit(void)1327 void sco_exit(void)
1328 {
1329 bt_procfs_cleanup(&init_net, "sco");
1330
1331 debugfs_remove(sco_debugfs);
1332
1333 hci_unregister_cb(&sco_cb);
1334
1335 bt_sock_unregister(BTPROTO_SCO);
1336
1337 proto_unregister(&sco_proto);
1338 }
1339
1340 module_param(disable_esco, bool, 0644);
1341 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1342