1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)};
41
42 /* ---- SCO connections ---- */
43 struct sco_conn {
44 struct hci_conn *hcon;
45
46 spinlock_t lock;
47 struct sock *sk;
48
49 struct delayed_work timeout_work;
50
51 unsigned int mtu;
52 };
53
54 #define sco_conn_lock(c) spin_lock(&(c)->lock)
55 #define sco_conn_unlock(c) spin_unlock(&(c)->lock)
56
57 static void sco_sock_close(struct sock *sk);
58 static void sco_sock_kill(struct sock *sk);
59
60 /* ----- SCO socket info ----- */
61 #define sco_pi(sk) ((struct sco_pinfo *)(sk))
62
63 struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 __u8 cmsg_mask;
70 struct sco_conn *conn;
71 };
72
73 /* ---- SCO timers ---- */
74 #define SCO_CONN_TIMEOUT (HZ * 40)
75 #define SCO_DISCONN_TIMEOUT (HZ * 2)
76
sco_sock_timeout(struct work_struct * work)77 static void sco_sock_timeout(struct work_struct *work)
78 {
79 struct sco_conn *conn = container_of(work, struct sco_conn, timeout_work.work);
80 struct sock *sk;
81
82 sco_conn_lock(conn);
83 sk = conn->sk;
84 if (sk) {
85 sock_hold(sk);
86 }
87 sco_conn_unlock(conn);
88
89 if (!sk) {
90 return;
91 }
92
93 BT_DBG("sock %p state %d", sk, sk->sk_state);
94
95 bh_lock_sock(sk);
96 sk->sk_err = ETIMEDOUT;
97 sk->sk_state_change(sk);
98 bh_unlock_sock(sk);
99
100 sock_put(sk);
101 }
102
sco_sock_set_timer(struct sock * sk,long timeout)103 static void sco_sock_set_timer(struct sock *sk, long timeout)
104 {
105 if (!sco_pi(sk)->conn) {
106 return;
107 }
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112 }
113
sco_sock_clear_timer(struct sock * sk)114 static void sco_sock_clear_timer(struct sock *sk)
115 {
116 if (!sco_pi(sk)->conn) {
117 return;
118 }
119
120 BT_DBG("sock %p state %d", sk, sk->sk_state);
121 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
122 }
123
124 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)125 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
126 {
127 struct hci_dev *hdev = hcon->hdev;
128 struct sco_conn *conn = hcon->sco_data;
129
130 if (conn) {
131 return conn;
132 }
133
134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
135 if (!conn) {
136 return NULL;
137 }
138
139 spin_lock_init(&conn->lock);
140 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
141
142 hcon->sco_data = conn;
143 conn->hcon = hcon;
144
145 if (hdev->sco_mtu > 0) {
146 conn->mtu = hdev->sco_mtu;
147 } else {
148 conn->mtu = 0x3c;
149 }
150
151 BT_DBG("hcon %p conn %p", hcon, conn);
152
153 return conn;
154 }
155
156 /* Delete channel.
157 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)158 static void sco_chan_del(struct sock *sk, int err)
159 {
160 struct sco_conn *conn;
161
162 conn = sco_pi(sk)->conn;
163
164 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
165
166 if (conn) {
167 sco_conn_lock(conn);
168 conn->sk = NULL;
169 sco_pi(sk)->conn = NULL;
170 sco_conn_unlock(conn);
171
172 if (conn->hcon) {
173 hci_conn_drop(conn->hcon);
174 }
175 }
176
177 sk->sk_state = BT_CLOSED;
178 sk->sk_err = err;
179 sk->sk_state_change(sk);
180
181 sock_set_flag(sk, SOCK_ZAPPED);
182 }
183
sco_conn_del(struct hci_conn * hcon,int err)184 static void sco_conn_del(struct hci_conn *hcon, int err)
185 {
186 struct sco_conn *conn = hcon->sco_data;
187 struct sock *sk;
188
189 if (!conn) {
190 return;
191 }
192
193 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
194
195 /* Kill socket */
196 sco_conn_lock(conn);
197 sk = conn->sk;
198 sco_conn_unlock(conn);
199
200 if (sk) {
201 sock_hold(sk);
202 bh_lock_sock(sk);
203 sco_sock_clear_timer(sk);
204 sco_chan_del(sk, err);
205 bh_unlock_sock(sk);
206 sock_put(sk);
207
208 /* Ensure no more work items will run before freeing conn. */
209 cancel_delayed_work_sync(&conn->timeout_work);
210 }
211
212 hcon->sco_data = NULL;
213 kfree(conn);
214 }
215
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)216 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
217 {
218 BT_DBG("conn %p", conn);
219
220 sco_pi(sk)->conn = conn;
221 conn->sk = sk;
222
223 if (parent) {
224 bt_accept_enqueue(parent, sk, true);
225 }
226 }
227
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)228 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
229 {
230 int err = 0;
231
232 sco_conn_lock(conn);
233 if (conn->sk) {
234 err = -EBUSY;
235 } else {
236 __sco_chan_add(conn, sk, parent);
237 }
238
239 sco_conn_unlock(conn);
240 return err;
241 }
242
sco_connect(struct hci_dev * hdev,struct sock * sk)243 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
244 {
245 struct sco_conn *conn;
246 struct hci_conn *hcon;
247 int err, type;
248
249 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
250
251 if (lmp_esco_capable(hdev) && !disable_esco) {
252 type = ESCO_LINK;
253 } else {
254 type = SCO_LINK;
255 }
256
257 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
258 return -EOPNOTSUPP;
259 }
260
261 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, sco_pi(sk)->setting);
262 if (IS_ERR(hcon)) {
263 return PTR_ERR(hcon);
264 }
265
266 conn = sco_conn_add(hcon);
267 if (!conn) {
268 hci_conn_drop(hcon);
269 return -ENOMEM;
270 }
271
272 /* Update source addr of the socket */
273 bacpy(&sco_pi(sk)->src, &hcon->src);
274
275 err = sco_chan_add(conn, sk, NULL);
276 if (err) {
277 return err;
278 }
279
280 if (hcon->state == BT_CONNECTED) {
281 sco_sock_clear_timer(sk);
282 sk->sk_state = BT_CONNECTED;
283 } else {
284 sk->sk_state = BT_CONNECT;
285 sco_sock_set_timer(sk, sk->sk_sndtimeo);
286 }
287
288 return err;
289 }
290
sco_send_frame(struct sock * sk,struct sk_buff * skb)291 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
292 {
293 struct sco_conn *conn = sco_pi(sk)->conn;
294 int len = skb->len;
295
296 /* Check outgoing MTU */
297 if (len > conn->mtu) {
298 return -EINVAL;
299 }
300
301 BT_DBG("sk %p len %d", sk, len);
302
303 hci_send_sco(conn->hcon, skb);
304
305 return len;
306 }
307
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)308 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
309 {
310 struct sock *sk;
311
312 sco_conn_lock(conn);
313 sk = conn->sk;
314 sco_conn_unlock(conn);
315
316 if (!sk) {
317 goto drop;
318 }
319
320 BT_DBG("sk %p len %d", sk, skb->len);
321
322 if (sk->sk_state != BT_CONNECTED) {
323 goto drop;
324 }
325
326 if (!sock_queue_rcv_skb(sk, skb)) {
327 return;
328 }
329
330 drop:
331 kfree_skb(skb);
332 }
333
334 /* -------- Socket interface ---------- */
_sco_get_sock_listen_by_addr(bdaddr_t * ba)335 static struct sock *_sco_get_sock_listen_by_addr(bdaddr_t *ba)
336 {
337 struct sock *sk;
338
339 sk_for_each(sk, &sco_sk_list.head)
340 {
341 if (sk->sk_state != BT_LISTEN) {
342 continue;
343 }
344
345 if (!bacmp(&sco_pi(sk)->src, ba)) {
346 return sk;
347 }
348 }
349
350 return NULL;
351 }
352
353 /* Find socket listening on source bdaddr.
354 * Returns closest match.
355 */
sco_get_sock_listen(bdaddr_t * src)356 static struct sock *sco_get_sock_listen(bdaddr_t *src)
357 {
358 struct sock *sk = NULL, *sk1 = NULL;
359
360 read_lock(&sco_sk_list.lock);
361
362 sk_for_each(sk, &sco_sk_list.head)
363 {
364 if (sk->sk_state != BT_LISTEN) {
365 continue;
366 }
367
368 /* Exact match. */
369 if (!bacmp(&sco_pi(sk)->src, src)) {
370 break;
371 }
372
373 /* Closest match */
374 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
375 sk1 = sk;
376 }
377 }
378
379 read_unlock(&sco_sk_list.lock);
380
381 return sk ? sk : sk1;
382 }
383
sco_sock_destruct(struct sock * sk)384 static void sco_sock_destruct(struct sock *sk)
385 {
386 BT_DBG("sk %p", sk);
387
388 skb_queue_purge(&sk->sk_receive_queue);
389 skb_queue_purge(&sk->sk_write_queue);
390 }
391
sco_sock_cleanup_listen(struct sock * parent)392 static void sco_sock_cleanup_listen(struct sock *parent)
393 {
394 struct sock *sk;
395
396 BT_DBG("parent %p", parent);
397
398 /* Close not yet accepted channels */
399 while ((sk = bt_accept_dequeue(parent, NULL))) {
400 sco_sock_close(sk);
401 sco_sock_kill(sk);
402 }
403
404 parent->sk_state = BT_CLOSED;
405 sock_set_flag(parent, SOCK_ZAPPED);
406 }
407
408 /* Kill socket (only if zapped and orphan)
409 * Must be called on unlocked socket.
410 */
sco_sock_kill(struct sock * sk)411 static void sco_sock_kill(struct sock *sk)
412 {
413 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) {
414 return;
415 }
416
417 BT_DBG("sk %p state %d", sk, sk->sk_state);
418
419 /* Kill poor orphan */
420 bt_sock_unlink(&sco_sk_list, sk);
421 sock_set_flag(sk, SOCK_DEAD);
422 sock_put(sk);
423 }
424
_sco_sock_close(struct sock * sk)425 static void _sco_sock_close(struct sock *sk)
426 {
427 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
428
429 switch (sk->sk_state) {
430 case BT_LISTEN:
431 sco_sock_cleanup_listen(sk);
432 break;
433
434 case BT_CONNECTED:
435 case BT_CONFIG:
436 if (sco_pi(sk)->conn->hcon) {
437 sk->sk_state = BT_DISCONN;
438 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
439 sco_conn_lock(sco_pi(sk)->conn);
440 hci_conn_drop(sco_pi(sk)->conn->hcon);
441 sco_pi(sk)->conn->hcon = NULL;
442 sco_conn_unlock(sco_pi(sk)->conn);
443 } else {
444 sco_chan_del(sk, ECONNRESET);
445 }
446 break;
447
448 case BT_CONNECT2:
449 case BT_CONNECT:
450 case BT_DISCONN:
451 sco_chan_del(sk, ECONNRESET);
452 break;
453
454 default:
455 sock_set_flag(sk, SOCK_ZAPPED);
456 break;
457 }
458 }
459
460 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)461 static void sco_sock_close(struct sock *sk)
462 {
463 sco_sock_clear_timer(sk);
464 lock_sock(sk);
465 _sco_sock_close(sk);
466 release_sock(sk);
467 }
468
sco_skb_put_cmsg(struct sk_buff * skb,struct msghdr * msg,struct sock * sk)469 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, struct sock *sk)
470 {
471 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) {
472 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, sizeof(bt_cb(skb)->sco.pkt_status),
473 &bt_cb(skb)->sco.pkt_status);
474 }
475 }
476
sco_sock_init(struct sock * sk,struct sock * parent)477 static void sco_sock_init(struct sock *sk, struct sock *parent)
478 {
479 BT_DBG("sk %p", sk);
480
481 if (parent) {
482 sk->sk_type = parent->sk_type;
483 bt_sk(sk)->flags = bt_sk(parent)->flags;
484 security_sk_clone(parent, sk);
485 } else {
486 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
487 }
488 }
489
490 static struct proto sco_proto = {.name = "SCO", .owner = THIS_MODULE, .obj_size = sizeof(struct sco_pinfo)};
491
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)492 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
493 {
494 struct sock *sk;
495
496 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
497 if (!sk) {
498 return NULL;
499 }
500
501 sock_init_data(sock, sk);
502 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
503
504 sk->sk_destruct = sco_sock_destruct;
505 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
506
507 sock_reset_flag(sk, SOCK_ZAPPED);
508
509 sk->sk_protocol = proto;
510 sk->sk_state = BT_OPEN;
511
512 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
513
514 bt_sock_link(&sco_sk_list, sk);
515 return sk;
516 }
517
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)518 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, int kern)
519 {
520 struct sock *sk;
521
522 BT_DBG("sock %p", sock);
523
524 sock->state = SS_UNCONNECTED;
525
526 if (sock->type != SOCK_SEQPACKET) {
527 return -ESOCKTNOSUPPORT;
528 }
529
530 sock->ops = &sco_sock_ops;
531
532 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
533 if (!sk) {
534 return -ENOMEM;
535 }
536
537 sco_sock_init(sk, NULL);
538 return 0;
539 }
540
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)541 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
542 {
543 struct sockaddr_sco *sa = (struct sockaddr_sco *)addr;
544 struct sock *sk = sock->sk;
545 int err = 0;
546
547 if (!addr || addr_len < sizeof(struct sockaddr_sco) || addr->sa_family != AF_BLUETOOTH) {
548 return -EINVAL;
549 }
550
551 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
552
553 lock_sock(sk);
554
555 if (sk->sk_state != BT_OPEN) {
556 err = -EBADFD;
557 goto done;
558 }
559
560 if (sk->sk_type != SOCK_SEQPACKET) {
561 err = -EINVAL;
562 goto done;
563 }
564
565 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
566
567 sk->sk_state = BT_BOUND;
568
569 done:
570 release_sock(sk);
571 return err;
572 }
573
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)574 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
575 {
576 struct sockaddr_sco *sa = (struct sockaddr_sco *)addr;
577 struct sock *sk = sock->sk;
578 struct hci_dev *hdev;
579 int err;
580
581 BT_DBG("sk %p", sk);
582
583 if (alen < sizeof(struct sockaddr_sco) || addr->sa_family != AF_BLUETOOTH) {
584 return -EINVAL;
585 }
586 lock_sock(sk);
587 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
588 err = -EBADFD;
589 goto done;
590 }
591
592 if (sk->sk_type != SOCK_SEQPACKET) {
593 err = -EINVAL;
594 goto done;
595 }
596
597 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
598 if (!hdev) {
599 err = -EHOSTUNREACH;
600 goto done;
601 }
602 hci_dev_lock(hdev);
603
604 /* Set destination address and psm */
605 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
606
607 err = sco_connect(hdev, sk);
608 hci_dev_unlock(hdev);
609 hci_dev_put(hdev);
610 if (err) {
611 goto done;
612 }
613
614 err = bt_sock_wait_state(sk, BT_CONNECTED, sock_sndtimeo(sk, flags & O_NONBLOCK));
615
616 done:
617 release_sock(sk);
618 return err;
619 }
620
sco_sock_listen(struct socket * sock,int backlog)621 static int sco_sock_listen(struct socket *sock, int backlog)
622 {
623 struct sock *sk = sock->sk;
624 bdaddr_t *src = &sco_pi(sk)->src;
625 int err = 0;
626
627 BT_DBG("sk %p backlog %d", sk, backlog);
628
629 lock_sock(sk);
630
631 if (sk->sk_state != BT_BOUND) {
632 err = -EBADFD;
633 goto done;
634 }
635
636 if (sk->sk_type != SOCK_SEQPACKET) {
637 err = -EINVAL;
638 goto done;
639 }
640
641 write_lock(&sco_sk_list.lock);
642
643 if (_sco_get_sock_listen_by_addr(src)) {
644 err = -EADDRINUSE;
645 goto unlock;
646 }
647
648 sk->sk_max_ack_backlog = backlog;
649 sk->sk_ack_backlog = 0;
650
651 sk->sk_state = BT_LISTEN;
652
653 unlock:
654 write_unlock(&sco_sk_list.lock);
655
656 done:
657 release_sock(sk);
658 return err;
659 }
660
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)661 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags, bool kern)
662 {
663 DEFINE_WAIT_FUNC(wait, woken_wake_function);
664 struct sock *sk = sock->sk, *ch;
665 long timeo;
666 int err = 0;
667
668 lock_sock(sk);
669
670 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
671
672 BT_DBG("sk %p timeo %ld", sk, timeo);
673
674 /* Wait for an incoming connection. (wake-one). */
675 add_wait_queue_exclusive(sk_sleep(sk), &wait);
676 while (1) {
677 if (sk->sk_state != BT_LISTEN) {
678 err = -EBADFD;
679 break;
680 }
681
682 ch = bt_accept_dequeue(sk, newsock);
683 if (ch) {
684 break;
685 }
686
687 if (!timeo) {
688 err = -EAGAIN;
689 break;
690 }
691
692 if (signal_pending(current)) {
693 err = sock_intr_errno(timeo);
694 break;
695 }
696
697 release_sock(sk);
698
699 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
700 lock_sock(sk);
701 }
702 remove_wait_queue(sk_sleep(sk), &wait);
703
704 if (err) {
705 goto done;
706 }
707
708 newsock->state = SS_CONNECTED;
709
710 BT_DBG("new socket %p", ch);
711
712 done:
713 release_sock(sk);
714 return err;
715 }
716
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)717 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
718 {
719 struct sockaddr_sco *sa = (struct sockaddr_sco *)addr;
720 struct sock *sk = sock->sk;
721
722 BT_DBG("sock %p, sk %p", sock, sk);
723
724 addr->sa_family = AF_BLUETOOTH;
725
726 if (peer) {
727 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
728 } else {
729 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
730 }
731
732 return sizeof(struct sockaddr_sco);
733 }
734
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)735 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
736 {
737 struct sock *sk = sock->sk;
738 struct sk_buff *skb;
739 int err;
740
741 BT_DBG("sock %p, sk %p", sock, sk);
742
743 err = sock_error(sk);
744 if (err) {
745 return err;
746 }
747
748 if (msg->msg_flags & MSG_OOB) {
749 return -EOPNOTSUPP;
750 }
751
752 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
753 if (IS_ERR(skb)) {
754 return PTR_ERR(skb);
755 }
756
757 lock_sock(sk);
758
759 if (sk->sk_state == BT_CONNECTED) {
760 err = sco_send_frame(sk, skb);
761 } else {
762 err = -ENOTCONN;
763 }
764
765 release_sock(sk);
766 if (err < 0) {
767 kfree_skb(skb);
768 }
769 return err;
770 }
771
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)772 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
773 {
774 struct hci_dev *hdev = conn->hdev;
775
776 BT_DBG("conn %p", conn);
777
778 conn->state = BT_CONFIG;
779
780 if (!lmp_esco_capable(hdev)) {
781 struct hci_cp_accept_conn_req cp;
782
783 bacpy(&cp.bdaddr, &conn->dst);
784 cp.role = 0x00; /* Ignored */
785
786 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
787 } else {
788 struct hci_cp_accept_sync_conn_req cp;
789
790 bacpy(&cp.bdaddr, &conn->dst);
791 cp.pkt_type = cpu_to_le16(conn->pkt_type);
792
793 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
794 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
795 cp.content_format = cpu_to_le16(setting);
796
797 switch (setting & SCO_AIRMODE_MASK) {
798 case SCO_AIRMODE_TRANSP:
799 if (conn->pkt_type & ESCO_2EV3) {
800 cp.max_latency = cpu_to_le16(0x0008);
801 } else {
802 cp.max_latency = cpu_to_le16(0x000D);
803 }
804 cp.retrans_effort = 0x02;
805 break;
806 case SCO_AIRMODE_CVSD:
807 cp.max_latency = cpu_to_le16(0xffff);
808 cp.retrans_effort = 0xff;
809 break;
810 default:
811 /* use CVSD settings as fallback */
812 cp.max_latency = cpu_to_le16(0xffff);
813 cp.retrans_effort = 0xff;
814 break;
815 }
816
817 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp), &cp);
818 }
819 }
820
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)821 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, int flags)
822 {
823 struct sock *sk = sock->sk;
824 struct sco_pinfo *pi = sco_pi(sk);
825
826 lock_sock(sk);
827
828 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
829 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
830 sk->sk_state = BT_CONFIG;
831
832 release_sock(sk);
833 return 0;
834 }
835
836 release_sock(sk);
837
838 return bt_sock_recvmsg(sock, msg, len, flags);
839 }
840
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)841 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, sockptr_t optval, unsigned int optlen)
842 {
843 struct sock *sk = sock->sk;
844 int len, err = 0;
845 struct bt_voice voice;
846 u32 opt;
847
848 BT_DBG("sk %p", sk);
849
850 lock_sock(sk);
851
852 switch (optname) {
853 case BT_DEFER_SETUP:
854 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
855 err = -EINVAL;
856 break;
857 }
858
859 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
860 err = -EFAULT;
861 break;
862 }
863
864 if (opt) {
865 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
866 } else {
867 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
868 }
869 break;
870
871 case BT_VOICE:
872 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECT2) {
873 err = -EINVAL;
874 break;
875 }
876
877 voice.setting = sco_pi(sk)->setting;
878
879 len = min_t(unsigned int, sizeof(voice), optlen);
880 if (copy_from_sockptr(&voice, optval, len)) {
881 err = -EFAULT;
882 break;
883 }
884
885 /* Explicitly check for these values */
886 if (voice.setting != BT_VOICE_TRANSPARENT && voice.setting != BT_VOICE_CVSD_16BIT) {
887 err = -EINVAL;
888 break;
889 }
890
891 sco_pi(sk)->setting = voice.setting;
892 break;
893
894 case BT_PKT_STATUS:
895 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
896 err = -EFAULT;
897 break;
898 }
899
900 if (opt) {
901 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
902 } else {
903 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
904 }
905 break;
906
907 default:
908 err = -ENOPROTOOPT;
909 break;
910 }
911
912 release_sock(sk);
913 return err;
914 }
915
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)916 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
917 {
918 struct sock *sk = sock->sk;
919 struct sco_options opts;
920 struct sco_conninfo cinfo;
921 int len, err = 0;
922
923 BT_DBG("sk %p", sk);
924
925 if (get_user(len, optlen)) {
926 return -EFAULT;
927 }
928
929 lock_sock(sk);
930
931 switch (optname) {
932 case SCO_OPTIONS:
933 if (sk->sk_state != BT_CONNECTED &&
934 !(sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
935 err = -ENOTCONN;
936 break;
937 }
938
939 opts.mtu = sco_pi(sk)->conn->mtu;
940
941 BT_DBG("mtu %d", opts.mtu);
942
943 len = min_t(unsigned int, len, sizeof(opts));
944 if (copy_to_user(optval, (char *)&opts, len)) {
945 err = -EFAULT;
946 }
947
948 break;
949
950 case SCO_CONNINFO:
951 if (sk->sk_state != BT_CONNECTED &&
952 !(sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
953 err = -ENOTCONN;
954 break;
955 }
956
957 memset(&cinfo, 0, sizeof(cinfo));
958 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
959 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
960
961 len = min_t(unsigned int, len, sizeof(cinfo));
962 if (copy_to_user(optval, (char *)&cinfo, len)) {
963 err = -EFAULT;
964 }
965
966 break;
967
968 default:
969 err = -ENOPROTOOPT;
970 break;
971 }
972
973 release_sock(sk);
974 return err;
975 }
976
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)977 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
978 {
979 struct sock *sk = sock->sk;
980 int len, err = 0;
981 struct bt_voice voice;
982 u32 phys;
983 int pkt_status;
984
985 BT_DBG("sk %p", sk);
986
987 if (level == SOL_SCO) {
988 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
989 }
990
991 if (get_user(len, optlen)) {
992 return -EFAULT;
993 }
994
995 lock_sock(sk);
996
997 switch (optname) {
998
999 case BT_DEFER_SETUP:
1000 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1001 err = -EINVAL;
1002 break;
1003 }
1004
1005 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), (u32 __user *)optval)) {
1006 err = -EFAULT;
1007 }
1008
1009 break;
1010
1011 case BT_VOICE:
1012 voice.setting = sco_pi(sk)->setting;
1013
1014 len = min_t(unsigned int, len, sizeof(voice));
1015 if (copy_to_user(optval, (char *)&voice, len)) {
1016 err = -EFAULT;
1017 }
1018
1019 break;
1020
1021 case BT_PHY:
1022 if (sk->sk_state != BT_CONNECTED) {
1023 err = -ENOTCONN;
1024 break;
1025 }
1026
1027 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1028
1029 if (put_user(phys, (u32 __user *)optval)) {
1030 err = -EFAULT;
1031 }
1032 break;
1033
1034 case BT_PKT_STATUS:
1035 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1036
1037 if (put_user(pkt_status, (int __user *)optval)) {
1038 err = -EFAULT;
1039 }
1040 break;
1041
1042 case BT_SNDMTU:
1043 case BT_RCVMTU:
1044 if (sk->sk_state != BT_CONNECTED) {
1045 err = -ENOTCONN;
1046 break;
1047 }
1048
1049 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) {
1050 err = -EFAULT;
1051 }
1052 break;
1053
1054 default:
1055 err = -ENOPROTOOPT;
1056 break;
1057 }
1058
1059 release_sock(sk);
1060 return err;
1061 }
1062
sco_sock_shutdown(struct socket * sock,int how)1063 static int sco_sock_shutdown(struct socket *sock, int how)
1064 {
1065 struct sock *sk = sock->sk;
1066 int err = 0;
1067
1068 BT_DBG("sock %p, sk %p", sock, sk);
1069
1070 if (!sk) {
1071 return 0;
1072 }
1073
1074 sock_hold(sk);
1075 lock_sock(sk);
1076
1077 if (!sk->sk_shutdown) {
1078 sk->sk_shutdown = SHUTDOWN_MASK;
1079 sco_sock_clear_timer(sk);
1080 _sco_sock_close(sk);
1081
1082 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && !(current->flags & PF_EXITING)) {
1083 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1084 }
1085 }
1086
1087 release_sock(sk);
1088 sock_put(sk);
1089
1090 return err;
1091 }
1092
sco_sock_release(struct socket * sock)1093 static int sco_sock_release(struct socket *sock)
1094 {
1095 struct sock *sk = sock->sk;
1096 int err = 0;
1097
1098 BT_DBG("sock %p, sk %p", sock, sk);
1099
1100 if (!sk) {
1101 return 0;
1102 }
1103
1104 sco_sock_close(sk);
1105
1106 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && !(current->flags & PF_EXITING)) {
1107 lock_sock(sk);
1108 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1109 release_sock(sk);
1110 }
1111
1112 sock_orphan(sk);
1113 sco_sock_kill(sk);
1114 return err;
1115 }
1116
sco_conn_ready(struct sco_conn * conn)1117 static void sco_conn_ready(struct sco_conn *conn)
1118 {
1119 struct sock *parent;
1120 struct sock *sk = conn->sk;
1121
1122 BT_DBG("conn %p", conn);
1123
1124 if (sk) {
1125 sco_sock_clear_timer(sk);
1126 bh_lock_sock(sk);
1127 sk->sk_state = BT_CONNECTED;
1128 sk->sk_state_change(sk);
1129 bh_unlock_sock(sk);
1130 } else {
1131 sco_conn_lock(conn);
1132
1133 if (!conn->hcon) {
1134 sco_conn_unlock(conn);
1135 return;
1136 }
1137
1138 parent = sco_get_sock_listen(&conn->hcon->src);
1139 if (!parent) {
1140 sco_conn_unlock(conn);
1141 return;
1142 }
1143
1144 bh_lock_sock(parent);
1145
1146 sk = sco_sock_alloc(sock_net(parent), NULL, BTPROTO_SCO, GFP_ATOMIC, 0);
1147 if (!sk) {
1148 bh_unlock_sock(parent);
1149 sco_conn_unlock(conn);
1150 return;
1151 }
1152
1153 sco_sock_init(sk, parent);
1154
1155 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1156 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1157
1158 hci_conn_hold(conn->hcon);
1159 __sco_chan_add(conn, sk, parent);
1160
1161 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) {
1162 sk->sk_state = BT_CONNECT2;
1163 } else {
1164 sk->sk_state = BT_CONNECTED;
1165 }
1166
1167 /* Wake up parent */
1168 parent->sk_data_ready(parent);
1169
1170 bh_unlock_sock(parent);
1171
1172 sco_conn_unlock(conn);
1173 }
1174 }
1175
1176 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1177 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1178 {
1179 struct sock *sk;
1180 int lm = 0;
1181
1182 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1183
1184 /* Find listening sockets */
1185 read_lock(&sco_sk_list.lock);
1186 sk_for_each(sk, &sco_sk_list.head)
1187 {
1188 if (sk->sk_state != BT_LISTEN) {
1189 continue;
1190 }
1191
1192 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1193 lm |= HCI_LM_ACCEPT;
1194
1195 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1196 *flags |= HCI_PROTO_DEFER;
1197 }
1198 break;
1199 }
1200 }
1201 read_unlock(&sco_sk_list.lock);
1202
1203 return lm;
1204 }
1205
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1206 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1207 {
1208 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) {
1209 return;
1210 }
1211
1212 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1213
1214 if (!status) {
1215 struct sco_conn *conn;
1216
1217 conn = sco_conn_add(hcon);
1218 if (conn) {
1219 sco_conn_ready(conn);
1220 }
1221 } else {
1222 sco_conn_del(hcon, bt_to_errno(status));
1223 }
1224 }
1225
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1226 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1227 {
1228 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) {
1229 return;
1230 }
1231
1232 BT_DBG("hcon %p reason %d", hcon, reason);
1233
1234 sco_conn_del(hcon, bt_to_errno(reason));
1235 }
1236
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1237 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1238 {
1239 struct sco_conn *conn = hcon->sco_data;
1240
1241 if (!conn) {
1242 goto drop;
1243 }
1244
1245 BT_DBG("conn %p len %d", conn, skb->len);
1246
1247 if (skb->len) {
1248 sco_recv_frame(conn, skb);
1249 return;
1250 }
1251
1252 drop:
1253 kfree_skb(skb);
1254 }
1255
1256 static struct hci_cb sco_cb = {
1257 .name = "SCO",
1258 .connect_cfm = sco_connect_cfm,
1259 .disconn_cfm = sco_disconn_cfm,
1260 };
1261
sco_debugfs_show(struct seq_file * f,void * p)1262 static int sco_debugfs_show(struct seq_file *f, void *p)
1263 {
1264 struct sock *sk;
1265
1266 read_lock(&sco_sk_list.lock);
1267
1268 sk_for_each(sk, &sco_sk_list.head)
1269 {
1270 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, &sco_pi(sk)->dst, sk->sk_state);
1271 }
1272
1273 read_unlock(&sco_sk_list.lock);
1274
1275 return 0;
1276 }
1277
1278 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1279
1280 static struct dentry *sco_debugfs;
1281
1282 static const struct proto_ops sco_sock_ops = {.family = PF_BLUETOOTH,
1283 .owner = THIS_MODULE,
1284 .release = sco_sock_release,
1285 .bind = sco_sock_bind,
1286 .connect = sco_sock_connect,
1287 .listen = sco_sock_listen,
1288 .accept = sco_sock_accept,
1289 .getname = sco_sock_getname,
1290 .sendmsg = sco_sock_sendmsg,
1291 .recvmsg = sco_sock_recvmsg,
1292 .poll = bt_sock_poll,
1293 .ioctl = bt_sock_ioctl,
1294 .gettstamp = sock_gettstamp,
1295 .mmap = sock_no_mmap,
1296 .socketpair = sock_no_socketpair,
1297 .shutdown = sco_sock_shutdown,
1298 .setsockopt = sco_sock_setsockopt,
1299 .getsockopt = sco_sock_getsockopt};
1300
1301 static const struct net_proto_family sco_sock_family_ops = {
1302 .family = PF_BLUETOOTH,
1303 .owner = THIS_MODULE,
1304 .create = sco_sock_create,
1305 };
1306
sco_init(void)1307 int __init sco_init(void)
1308 {
1309 int err;
1310
1311 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1312
1313 err = proto_register(&sco_proto, 0);
1314 if (err < 0) {
1315 return err;
1316 }
1317
1318 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1319 if (err < 0) {
1320 BT_ERR("SCO socket registration failed");
1321 goto error;
1322 }
1323
1324 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1325 if (err < 0) {
1326 BT_ERR("Failed to create SCO proc file");
1327 bt_sock_unregister(BTPROTO_SCO);
1328 goto error;
1329 }
1330
1331 BT_INFO("SCO socket layer initialized");
1332
1333 hci_register_cb(&sco_cb);
1334
1335 if (IS_ERR_OR_NULL(bt_debugfs)) {
1336 return 0;
1337 }
1338
1339 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, NULL, &sco_debugfs_fops);
1340
1341 return 0;
1342
1343 error:
1344 proto_unregister(&sco_proto);
1345 return err;
1346 }
1347
sco_exit(void)1348 void sco_exit(void)
1349 {
1350 bt_procfs_cleanup(&init_net, "sco");
1351
1352 debugfs_remove(sco_debugfs);
1353
1354 hci_unregister_cb(&sco_cb);
1355
1356 bt_sock_unregister(BTPROTO_SCO);
1357
1358 proto_unregister(&sco_proto);
1359 }
1360
1361 module_param(disable_esco, bool, 0644);
1362 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1363