1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 };
55
56 #define sco_conn_lock(c) spin_lock(&c->lock);
57 #define sco_conn_unlock(c) spin_unlock(&c->lock);
58
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65 struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73 };
74
75 /* ---- SCO timers ---- */
76 #define SCO_CONN_TIMEOUT (HZ * 40)
77 #define SCO_DISCONN_TIMEOUT (HZ * 2)
78
sco_sock_timeout(struct work_struct * work)79 static void sco_sock_timeout(struct work_struct *work)
80 {
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 if (!conn->hcon) {
87 sco_conn_unlock(conn);
88 return;
89 }
90 sk = conn->sk;
91 if (sk)
92 sock_hold(sk);
93 sco_conn_unlock(conn);
94
95 if (!sk)
96 return;
97
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99
100 lock_sock(sk);
101 sk->sk_err = ETIMEDOUT;
102 sk->sk_state_change(sk);
103 release_sock(sk);
104
105 sock_put(sk);
106 }
107
sco_sock_set_timer(struct sock * sk,long timeout)108 static void sco_sock_set_timer(struct sock *sk, long timeout)
109 {
110 if (!sco_pi(sk)->conn)
111 return;
112
113 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
114 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
115 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
116 }
117
sco_sock_clear_timer(struct sock * sk)118 static void sco_sock_clear_timer(struct sock *sk)
119 {
120 if (!sco_pi(sk)->conn)
121 return;
122
123 BT_DBG("sock %p state %d", sk, sk->sk_state);
124 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
125 }
126
127 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)128 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
129 {
130 struct hci_dev *hdev = hcon->hdev;
131 struct sco_conn *conn = hcon->sco_data;
132
133 if (conn)
134 return conn;
135
136 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
137 if (!conn)
138 return NULL;
139
140 spin_lock_init(&conn->lock);
141 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
142
143 hcon->sco_data = conn;
144 conn->hcon = hcon;
145
146 if (hdev->sco_mtu > 0)
147 conn->mtu = hdev->sco_mtu;
148 else
149 conn->mtu = 60;
150
151 BT_DBG("hcon %p conn %p", hcon, conn);
152
153 return conn;
154 }
155
156 /* Delete channel.
157 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)158 static void sco_chan_del(struct sock *sk, int err)
159 {
160 struct sco_conn *conn;
161
162 conn = sco_pi(sk)->conn;
163
164 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
165
166 if (conn) {
167 sco_conn_lock(conn);
168 conn->sk = NULL;
169 sco_pi(sk)->conn = NULL;
170 sco_conn_unlock(conn);
171
172 if (conn->hcon)
173 hci_conn_drop(conn->hcon);
174 }
175
176 sk->sk_state = BT_CLOSED;
177 sk->sk_err = err;
178 sk->sk_state_change(sk);
179
180 sock_set_flag(sk, SOCK_ZAPPED);
181 }
182
sco_conn_del(struct hci_conn * hcon,int err)183 static void sco_conn_del(struct hci_conn *hcon, int err)
184 {
185 struct sco_conn *conn = hcon->sco_data;
186 struct sock *sk;
187
188 if (!conn)
189 return;
190
191 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
192
193 /* Kill socket */
194 sco_conn_lock(conn);
195 sk = conn->sk;
196 sco_conn_unlock(conn);
197
198 if (sk) {
199 sock_hold(sk);
200 lock_sock(sk);
201 sco_sock_clear_timer(sk);
202 sco_chan_del(sk, err);
203 release_sock(sk);
204 sock_put(sk);
205 }
206
207 /* Ensure no more work items will run before freeing conn. */
208 cancel_delayed_work_sync(&conn->timeout_work);
209
210 hcon->sco_data = NULL;
211 kfree(conn);
212 }
213
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)214 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
215 struct sock *parent)
216 {
217 BT_DBG("conn %p", conn);
218
219 sco_pi(sk)->conn = conn;
220 conn->sk = sk;
221
222 if (parent)
223 bt_accept_enqueue(parent, sk, true);
224 }
225
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)226 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
227 struct sock *parent)
228 {
229 int err = 0;
230
231 sco_conn_lock(conn);
232 if (conn->sk)
233 err = -EBUSY;
234 else
235 __sco_chan_add(conn, sk, parent);
236
237 sco_conn_unlock(conn);
238 return err;
239 }
240
sco_connect(struct hci_dev * hdev,struct sock * sk)241 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
242 {
243 struct sco_conn *conn;
244 struct hci_conn *hcon;
245 int err, type;
246
247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
248
249 if (lmp_esco_capable(hdev) && !disable_esco)
250 type = ESCO_LINK;
251 else
252 type = SCO_LINK;
253
254 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
255 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
256 return -EOPNOTSUPP;
257
258 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
259 sco_pi(sk)->setting);
260 if (IS_ERR(hcon))
261 return PTR_ERR(hcon);
262
263 conn = sco_conn_add(hcon);
264 if (!conn) {
265 hci_conn_drop(hcon);
266 return -ENOMEM;
267 }
268
269 /* Update source addr of the socket */
270 bacpy(&sco_pi(sk)->src, &hcon->src);
271
272 err = sco_chan_add(conn, sk, NULL);
273 if (err)
274 return err;
275
276 if (hcon->state == BT_CONNECTED) {
277 sco_sock_clear_timer(sk);
278 sk->sk_state = BT_CONNECTED;
279 } else {
280 sk->sk_state = BT_CONNECT;
281 sco_sock_set_timer(sk, sk->sk_sndtimeo);
282 }
283
284 return err;
285 }
286
sco_send_frame(struct sock * sk,struct sk_buff * skb)287 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
288 {
289 struct sco_conn *conn = sco_pi(sk)->conn;
290 int len = skb->len;
291
292 /* Check outgoing MTU */
293 if (len > conn->mtu)
294 return -EINVAL;
295
296 BT_DBG("sk %p len %d", sk, len);
297
298 hci_send_sco(conn->hcon, skb);
299
300 return len;
301 }
302
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)303 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
304 {
305 struct sock *sk;
306
307 sco_conn_lock(conn);
308 sk = conn->sk;
309 sco_conn_unlock(conn);
310
311 if (!sk)
312 goto drop;
313
314 BT_DBG("sk %p len %d", sk, skb->len);
315
316 if (sk->sk_state != BT_CONNECTED)
317 goto drop;
318
319 if (!sock_queue_rcv_skb(sk, skb))
320 return;
321
322 drop:
323 kfree_skb(skb);
324 }
325
326 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)327 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
328 {
329 struct sock *sk;
330
331 sk_for_each(sk, &sco_sk_list.head) {
332 if (sk->sk_state != BT_LISTEN)
333 continue;
334
335 if (!bacmp(&sco_pi(sk)->src, ba))
336 return sk;
337 }
338
339 return NULL;
340 }
341
342 /* Find socket listening on source bdaddr.
343 * Returns closest match.
344 */
sco_get_sock_listen(bdaddr_t * src)345 static struct sock *sco_get_sock_listen(bdaddr_t *src)
346 {
347 struct sock *sk = NULL, *sk1 = NULL;
348
349 read_lock(&sco_sk_list.lock);
350
351 sk_for_each(sk, &sco_sk_list.head) {
352 if (sk->sk_state != BT_LISTEN)
353 continue;
354
355 /* Exact match. */
356 if (!bacmp(&sco_pi(sk)->src, src))
357 break;
358
359 /* Closest match */
360 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
361 sk1 = sk;
362 }
363
364 read_unlock(&sco_sk_list.lock);
365
366 return sk ? sk : sk1;
367 }
368
sco_sock_destruct(struct sock * sk)369 static void sco_sock_destruct(struct sock *sk)
370 {
371 BT_DBG("sk %p", sk);
372
373 skb_queue_purge(&sk->sk_receive_queue);
374 skb_queue_purge(&sk->sk_write_queue);
375 }
376
sco_sock_cleanup_listen(struct sock * parent)377 static void sco_sock_cleanup_listen(struct sock *parent)
378 {
379 struct sock *sk;
380
381 BT_DBG("parent %p", parent);
382
383 /* Close not yet accepted channels */
384 while ((sk = bt_accept_dequeue(parent, NULL))) {
385 sco_sock_close(sk);
386 sco_sock_kill(sk);
387 }
388
389 parent->sk_state = BT_CLOSED;
390 sock_set_flag(parent, SOCK_ZAPPED);
391 }
392
393 /* Kill socket (only if zapped and orphan)
394 * Must be called on unlocked socket.
395 */
sco_sock_kill(struct sock * sk)396 static void sco_sock_kill(struct sock *sk)
397 {
398 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
399 return;
400
401 BT_DBG("sk %p state %d", sk, sk->sk_state);
402
403 /* Kill poor orphan */
404 bt_sock_unlink(&sco_sk_list, sk);
405 sock_set_flag(sk, SOCK_DEAD);
406 sock_put(sk);
407 }
408
__sco_sock_close(struct sock * sk)409 static void __sco_sock_close(struct sock *sk)
410 {
411 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
412
413 switch (sk->sk_state) {
414 case BT_LISTEN:
415 sco_sock_cleanup_listen(sk);
416 break;
417
418 case BT_CONNECTED:
419 case BT_CONFIG:
420 if (sco_pi(sk)->conn->hcon) {
421 sk->sk_state = BT_DISCONN;
422 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
423 sco_conn_lock(sco_pi(sk)->conn);
424 hci_conn_drop(sco_pi(sk)->conn->hcon);
425 sco_pi(sk)->conn->hcon = NULL;
426 sco_conn_unlock(sco_pi(sk)->conn);
427 } else
428 sco_chan_del(sk, ECONNRESET);
429 break;
430
431 case BT_CONNECT2:
432 case BT_CONNECT:
433 case BT_DISCONN:
434 sco_chan_del(sk, ECONNRESET);
435 break;
436
437 default:
438 sock_set_flag(sk, SOCK_ZAPPED);
439 break;
440 }
441 }
442
443 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)444 static void sco_sock_close(struct sock *sk)
445 {
446 sco_sock_clear_timer(sk);
447 lock_sock(sk);
448 __sco_sock_close(sk);
449 release_sock(sk);
450 }
451
sco_skb_put_cmsg(struct sk_buff * skb,struct msghdr * msg,struct sock * sk)452 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
453 struct sock *sk)
454 {
455 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
456 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
457 sizeof(bt_cb(skb)->sco.pkt_status),
458 &bt_cb(skb)->sco.pkt_status);
459 }
460
sco_sock_init(struct sock * sk,struct sock * parent)461 static void sco_sock_init(struct sock *sk, struct sock *parent)
462 {
463 BT_DBG("sk %p", sk);
464
465 if (parent) {
466 sk->sk_type = parent->sk_type;
467 bt_sk(sk)->flags = bt_sk(parent)->flags;
468 security_sk_clone(parent, sk);
469 } else {
470 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
471 }
472 }
473
474 static struct proto sco_proto = {
475 .name = "SCO",
476 .owner = THIS_MODULE,
477 .obj_size = sizeof(struct sco_pinfo)
478 };
479
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)480 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
481 int proto, gfp_t prio, int kern)
482 {
483 struct sock *sk;
484
485 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
486 if (!sk)
487 return NULL;
488
489 sock_init_data(sock, sk);
490 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
491
492 sk->sk_destruct = sco_sock_destruct;
493 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
494
495 sock_reset_flag(sk, SOCK_ZAPPED);
496
497 sk->sk_protocol = proto;
498 sk->sk_state = BT_OPEN;
499
500 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
501
502 bt_sock_link(&sco_sk_list, sk);
503 return sk;
504 }
505
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)506 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
507 int kern)
508 {
509 struct sock *sk;
510
511 BT_DBG("sock %p", sock);
512
513 sock->state = SS_UNCONNECTED;
514
515 if (sock->type != SOCK_SEQPACKET)
516 return -ESOCKTNOSUPPORT;
517
518 sock->ops = &sco_sock_ops;
519
520 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
521 if (!sk)
522 return -ENOMEM;
523
524 sco_sock_init(sk, NULL);
525 return 0;
526 }
527
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)528 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
529 int addr_len)
530 {
531 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
532 struct sock *sk = sock->sk;
533 int err = 0;
534
535 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
536 addr->sa_family != AF_BLUETOOTH)
537 return -EINVAL;
538
539 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
540
541 lock_sock(sk);
542
543 if (sk->sk_state != BT_OPEN) {
544 err = -EBADFD;
545 goto done;
546 }
547
548 if (sk->sk_type != SOCK_SEQPACKET) {
549 err = -EINVAL;
550 goto done;
551 }
552
553 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
554
555 sk->sk_state = BT_BOUND;
556
557 done:
558 release_sock(sk);
559 return err;
560 }
561
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)562 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
563 {
564 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
565 struct sock *sk = sock->sk;
566 struct hci_dev *hdev;
567 int err;
568
569 BT_DBG("sk %p", sk);
570
571 if (alen < sizeof(struct sockaddr_sco) ||
572 addr->sa_family != AF_BLUETOOTH)
573 return -EINVAL;
574
575 lock_sock(sk);
576 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
577 err = -EBADFD;
578 goto done;
579 }
580
581 if (sk->sk_type != SOCK_SEQPACKET) {
582 err = -EINVAL;
583 goto done;
584 }
585
586 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
587 if (!hdev) {
588 err = -EHOSTUNREACH;
589 goto done;
590 }
591 hci_dev_lock(hdev);
592
593 /* Set destination address and psm */
594 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
595
596 err = sco_connect(hdev, sk);
597 hci_dev_unlock(hdev);
598 hci_dev_put(hdev);
599 if (err)
600 goto done;
601
602 err = bt_sock_wait_state(sk, BT_CONNECTED,
603 sock_sndtimeo(sk, flags & O_NONBLOCK));
604
605 done:
606 release_sock(sk);
607 return err;
608 }
609
sco_sock_listen(struct socket * sock,int backlog)610 static int sco_sock_listen(struct socket *sock, int backlog)
611 {
612 struct sock *sk = sock->sk;
613 bdaddr_t *src = &sco_pi(sk)->src;
614 int err = 0;
615
616 BT_DBG("sk %p backlog %d", sk, backlog);
617
618 lock_sock(sk);
619
620 if (sk->sk_state != BT_BOUND) {
621 err = -EBADFD;
622 goto done;
623 }
624
625 if (sk->sk_type != SOCK_SEQPACKET) {
626 err = -EINVAL;
627 goto done;
628 }
629
630 write_lock(&sco_sk_list.lock);
631
632 if (__sco_get_sock_listen_by_addr(src)) {
633 err = -EADDRINUSE;
634 goto unlock;
635 }
636
637 sk->sk_max_ack_backlog = backlog;
638 sk->sk_ack_backlog = 0;
639
640 sk->sk_state = BT_LISTEN;
641
642 unlock:
643 write_unlock(&sco_sk_list.lock);
644
645 done:
646 release_sock(sk);
647 return err;
648 }
649
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)650 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
651 int flags, bool kern)
652 {
653 DEFINE_WAIT_FUNC(wait, woken_wake_function);
654 struct sock *sk = sock->sk, *ch;
655 long timeo;
656 int err = 0;
657
658 lock_sock(sk);
659
660 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
661
662 BT_DBG("sk %p timeo %ld", sk, timeo);
663
664 /* Wait for an incoming connection. (wake-one). */
665 add_wait_queue_exclusive(sk_sleep(sk), &wait);
666 while (1) {
667 if (sk->sk_state != BT_LISTEN) {
668 err = -EBADFD;
669 break;
670 }
671
672 ch = bt_accept_dequeue(sk, newsock);
673 if (ch)
674 break;
675
676 if (!timeo) {
677 err = -EAGAIN;
678 break;
679 }
680
681 if (signal_pending(current)) {
682 err = sock_intr_errno(timeo);
683 break;
684 }
685
686 release_sock(sk);
687
688 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
689 lock_sock(sk);
690 }
691 remove_wait_queue(sk_sleep(sk), &wait);
692
693 if (err)
694 goto done;
695
696 newsock->state = SS_CONNECTED;
697
698 BT_DBG("new socket %p", ch);
699
700 done:
701 release_sock(sk);
702 return err;
703 }
704
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)705 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
706 int peer)
707 {
708 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
709 struct sock *sk = sock->sk;
710
711 BT_DBG("sock %p, sk %p", sock, sk);
712
713 addr->sa_family = AF_BLUETOOTH;
714
715 if (peer)
716 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
717 else
718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
719
720 return sizeof(struct sockaddr_sco);
721 }
722
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)723 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
724 size_t len)
725 {
726 struct sock *sk = sock->sk;
727 struct sk_buff *skb;
728 int err;
729
730 BT_DBG("sock %p, sk %p", sock, sk);
731
732 err = sock_error(sk);
733 if (err)
734 return err;
735
736 if (msg->msg_flags & MSG_OOB)
737 return -EOPNOTSUPP;
738
739 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
740 if (IS_ERR(skb))
741 return PTR_ERR(skb);
742
743 lock_sock(sk);
744
745 if (sk->sk_state == BT_CONNECTED)
746 err = sco_send_frame(sk, skb);
747 else
748 err = -ENOTCONN;
749
750 release_sock(sk);
751
752 if (err < 0)
753 kfree_skb(skb);
754 return err;
755 }
756
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)757 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
758 {
759 struct hci_dev *hdev = conn->hdev;
760
761 BT_DBG("conn %p", conn);
762
763 conn->state = BT_CONFIG;
764
765 if (!lmp_esco_capable(hdev)) {
766 struct hci_cp_accept_conn_req cp;
767
768 bacpy(&cp.bdaddr, &conn->dst);
769 cp.role = 0x00; /* Ignored */
770
771 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
772 } else {
773 struct hci_cp_accept_sync_conn_req cp;
774
775 bacpy(&cp.bdaddr, &conn->dst);
776 cp.pkt_type = cpu_to_le16(conn->pkt_type);
777
778 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
779 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
780 cp.content_format = cpu_to_le16(setting);
781
782 switch (setting & SCO_AIRMODE_MASK) {
783 case SCO_AIRMODE_TRANSP:
784 if (conn->pkt_type & ESCO_2EV3)
785 cp.max_latency = cpu_to_le16(0x0008);
786 else
787 cp.max_latency = cpu_to_le16(0x000D);
788 cp.retrans_effort = 0x02;
789 break;
790 case SCO_AIRMODE_CVSD:
791 cp.max_latency = cpu_to_le16(0xffff);
792 cp.retrans_effort = 0xff;
793 break;
794 default:
795 /* use CVSD settings as fallback */
796 cp.max_latency = cpu_to_le16(0xffff);
797 cp.retrans_effort = 0xff;
798 break;
799 }
800
801 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
802 sizeof(cp), &cp);
803 }
804 }
805
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)806 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
807 size_t len, int flags)
808 {
809 struct sock *sk = sock->sk;
810 struct sco_pinfo *pi = sco_pi(sk);
811
812 lock_sock(sk);
813
814 if (sk->sk_state == BT_CONNECT2 &&
815 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
816 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
817 sk->sk_state = BT_CONFIG;
818
819 release_sock(sk);
820 return 0;
821 }
822
823 release_sock(sk);
824
825 return bt_sock_recvmsg(sock, msg, len, flags);
826 }
827
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)828 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
829 sockptr_t optval, unsigned int optlen)
830 {
831 struct sock *sk = sock->sk;
832 int err = 0;
833 struct bt_voice voice;
834 u32 opt;
835
836 BT_DBG("sk %p", sk);
837
838 lock_sock(sk);
839
840 switch (optname) {
841
842 case BT_DEFER_SETUP:
843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
844 err = -EINVAL;
845 break;
846 }
847
848 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
849 if (err)
850 break;
851
852 if (opt)
853 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
854 else
855 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
856 break;
857
858 case BT_VOICE:
859 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
860 sk->sk_state != BT_CONNECT2) {
861 err = -EINVAL;
862 break;
863 }
864
865 voice.setting = sco_pi(sk)->setting;
866
867 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval,
868 optlen);
869 if (err)
870 break;
871
872 /* Explicitly check for these values */
873 if (voice.setting != BT_VOICE_TRANSPARENT &&
874 voice.setting != BT_VOICE_CVSD_16BIT) {
875 err = -EINVAL;
876 break;
877 }
878
879 sco_pi(sk)->setting = voice.setting;
880 break;
881
882 case BT_PKT_STATUS:
883 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
884 if (err)
885 break;
886
887 if (opt)
888 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
889 else
890 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
891 break;
892
893 default:
894 err = -ENOPROTOOPT;
895 break;
896 }
897
898 release_sock(sk);
899 return err;
900 }
901
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)902 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
903 char __user *optval, int __user *optlen)
904 {
905 struct sock *sk = sock->sk;
906 struct sco_options opts;
907 struct sco_conninfo cinfo;
908 int len, err = 0;
909
910 BT_DBG("sk %p", sk);
911
912 if (get_user(len, optlen))
913 return -EFAULT;
914
915 lock_sock(sk);
916
917 switch (optname) {
918 case SCO_OPTIONS:
919 if (sk->sk_state != BT_CONNECTED &&
920 !(sk->sk_state == BT_CONNECT2 &&
921 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
922 err = -ENOTCONN;
923 break;
924 }
925
926 opts.mtu = sco_pi(sk)->conn->mtu;
927
928 BT_DBG("mtu %d", opts.mtu);
929
930 len = min_t(unsigned int, len, sizeof(opts));
931 if (copy_to_user(optval, (char *)&opts, len))
932 err = -EFAULT;
933
934 break;
935
936 case SCO_CONNINFO:
937 if (sk->sk_state != BT_CONNECTED &&
938 !(sk->sk_state == BT_CONNECT2 &&
939 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
940 err = -ENOTCONN;
941 break;
942 }
943
944 memset(&cinfo, 0, sizeof(cinfo));
945 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
946 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
947
948 len = min_t(unsigned int, len, sizeof(cinfo));
949 if (copy_to_user(optval, (char *)&cinfo, len))
950 err = -EFAULT;
951
952 break;
953
954 default:
955 err = -ENOPROTOOPT;
956 break;
957 }
958
959 release_sock(sk);
960 return err;
961 }
962
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)963 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
964 char __user *optval, int __user *optlen)
965 {
966 struct sock *sk = sock->sk;
967 int len, err = 0;
968 struct bt_voice voice;
969 u32 phys;
970 int pkt_status;
971
972 BT_DBG("sk %p", sk);
973
974 if (level == SOL_SCO)
975 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
976
977 if (get_user(len, optlen))
978 return -EFAULT;
979
980 lock_sock(sk);
981
982 switch (optname) {
983
984 case BT_DEFER_SETUP:
985 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
986 err = -EINVAL;
987 break;
988 }
989
990 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
991 (u32 __user *)optval))
992 err = -EFAULT;
993
994 break;
995
996 case BT_VOICE:
997 voice.setting = sco_pi(sk)->setting;
998
999 len = min_t(unsigned int, len, sizeof(voice));
1000 if (copy_to_user(optval, (char *)&voice, len))
1001 err = -EFAULT;
1002
1003 break;
1004
1005 case BT_PHY:
1006 if (sk->sk_state != BT_CONNECTED) {
1007 err = -ENOTCONN;
1008 break;
1009 }
1010
1011 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1012
1013 if (put_user(phys, (u32 __user *) optval))
1014 err = -EFAULT;
1015 break;
1016
1017 case BT_PKT_STATUS:
1018 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1019
1020 if (put_user(pkt_status, (int __user *)optval))
1021 err = -EFAULT;
1022 break;
1023
1024 case BT_SNDMTU:
1025 case BT_RCVMTU:
1026 if (sk->sk_state != BT_CONNECTED) {
1027 err = -ENOTCONN;
1028 break;
1029 }
1030
1031 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1032 err = -EFAULT;
1033 break;
1034
1035 default:
1036 err = -ENOPROTOOPT;
1037 break;
1038 }
1039
1040 release_sock(sk);
1041 return err;
1042 }
1043
sco_sock_shutdown(struct socket * sock,int how)1044 static int sco_sock_shutdown(struct socket *sock, int how)
1045 {
1046 struct sock *sk = sock->sk;
1047 int err = 0;
1048
1049 BT_DBG("sock %p, sk %p", sock, sk);
1050
1051 if (!sk)
1052 return 0;
1053
1054 sock_hold(sk);
1055 lock_sock(sk);
1056
1057 if (!sk->sk_shutdown) {
1058 sk->sk_shutdown = SHUTDOWN_MASK;
1059 sco_sock_clear_timer(sk);
1060 __sco_sock_close(sk);
1061
1062 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1063 !(current->flags & PF_EXITING))
1064 err = bt_sock_wait_state(sk, BT_CLOSED,
1065 sk->sk_lingertime);
1066 }
1067
1068 release_sock(sk);
1069 sock_put(sk);
1070
1071 return err;
1072 }
1073
sco_sock_release(struct socket * sock)1074 static int sco_sock_release(struct socket *sock)
1075 {
1076 struct sock *sk = sock->sk;
1077 int err = 0;
1078
1079 BT_DBG("sock %p, sk %p", sock, sk);
1080
1081 if (!sk)
1082 return 0;
1083
1084 sco_sock_close(sk);
1085
1086 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1087 !(current->flags & PF_EXITING)) {
1088 lock_sock(sk);
1089 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1090 release_sock(sk);
1091 }
1092
1093 sock_orphan(sk);
1094 sco_sock_kill(sk);
1095 return err;
1096 }
1097
sco_conn_ready(struct sco_conn * conn)1098 static void sco_conn_ready(struct sco_conn *conn)
1099 {
1100 struct sock *parent;
1101 struct sock *sk = conn->sk;
1102
1103 BT_DBG("conn %p", conn);
1104
1105 if (sk) {
1106 sco_sock_clear_timer(sk);
1107 lock_sock(sk);
1108 sk->sk_state = BT_CONNECTED;
1109 sk->sk_state_change(sk);
1110 release_sock(sk);
1111 } else {
1112 sco_conn_lock(conn);
1113
1114 if (!conn->hcon) {
1115 sco_conn_unlock(conn);
1116 return;
1117 }
1118
1119 parent = sco_get_sock_listen(&conn->hcon->src);
1120 if (!parent) {
1121 sco_conn_unlock(conn);
1122 return;
1123 }
1124
1125 lock_sock(parent);
1126
1127 sk = sco_sock_alloc(sock_net(parent), NULL,
1128 BTPROTO_SCO, GFP_ATOMIC, 0);
1129 if (!sk) {
1130 release_sock(parent);
1131 sco_conn_unlock(conn);
1132 return;
1133 }
1134
1135 sco_sock_init(sk, parent);
1136
1137 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1138 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1139
1140 hci_conn_hold(conn->hcon);
1141 __sco_chan_add(conn, sk, parent);
1142
1143 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1144 sk->sk_state = BT_CONNECT2;
1145 else
1146 sk->sk_state = BT_CONNECTED;
1147
1148 /* Wake up parent */
1149 parent->sk_data_ready(parent);
1150
1151 release_sock(parent);
1152
1153 sco_conn_unlock(conn);
1154 }
1155 }
1156
1157 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1158 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1159 {
1160 struct sock *sk;
1161 int lm = 0;
1162
1163 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1164
1165 /* Find listening sockets */
1166 read_lock(&sco_sk_list.lock);
1167 sk_for_each(sk, &sco_sk_list.head) {
1168 if (sk->sk_state != BT_LISTEN)
1169 continue;
1170
1171 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1172 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1173 lm |= HCI_LM_ACCEPT;
1174
1175 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1176 *flags |= HCI_PROTO_DEFER;
1177 break;
1178 }
1179 }
1180 read_unlock(&sco_sk_list.lock);
1181
1182 return lm;
1183 }
1184
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1185 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1186 {
1187 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1188 return;
1189
1190 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1191
1192 if (!status) {
1193 struct sco_conn *conn;
1194
1195 conn = sco_conn_add(hcon);
1196 if (conn)
1197 sco_conn_ready(conn);
1198 } else
1199 sco_conn_del(hcon, bt_to_errno(status));
1200 }
1201
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1202 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1203 {
1204 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1205 return;
1206
1207 BT_DBG("hcon %p reason %d", hcon, reason);
1208
1209 sco_conn_del(hcon, bt_to_errno(reason));
1210 }
1211
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1212 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1213 {
1214 struct sco_conn *conn = hcon->sco_data;
1215
1216 if (!conn)
1217 goto drop;
1218
1219 BT_DBG("conn %p len %d", conn, skb->len);
1220
1221 if (skb->len) {
1222 sco_recv_frame(conn, skb);
1223 return;
1224 }
1225
1226 drop:
1227 kfree_skb(skb);
1228 }
1229
1230 static struct hci_cb sco_cb = {
1231 .name = "SCO",
1232 .connect_cfm = sco_connect_cfm,
1233 .disconn_cfm = sco_disconn_cfm,
1234 };
1235
sco_debugfs_show(struct seq_file * f,void * p)1236 static int sco_debugfs_show(struct seq_file *f, void *p)
1237 {
1238 struct sock *sk;
1239
1240 read_lock(&sco_sk_list.lock);
1241
1242 sk_for_each(sk, &sco_sk_list.head) {
1243 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1244 &sco_pi(sk)->dst, sk->sk_state);
1245 }
1246
1247 read_unlock(&sco_sk_list.lock);
1248
1249 return 0;
1250 }
1251
1252 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1253
1254 static struct dentry *sco_debugfs;
1255
1256 static const struct proto_ops sco_sock_ops = {
1257 .family = PF_BLUETOOTH,
1258 .owner = THIS_MODULE,
1259 .release = sco_sock_release,
1260 .bind = sco_sock_bind,
1261 .connect = sco_sock_connect,
1262 .listen = sco_sock_listen,
1263 .accept = sco_sock_accept,
1264 .getname = sco_sock_getname,
1265 .sendmsg = sco_sock_sendmsg,
1266 .recvmsg = sco_sock_recvmsg,
1267 .poll = bt_sock_poll,
1268 .ioctl = bt_sock_ioctl,
1269 .gettstamp = sock_gettstamp,
1270 .mmap = sock_no_mmap,
1271 .socketpair = sock_no_socketpair,
1272 .shutdown = sco_sock_shutdown,
1273 .setsockopt = sco_sock_setsockopt,
1274 .getsockopt = sco_sock_getsockopt
1275 };
1276
1277 static const struct net_proto_family sco_sock_family_ops = {
1278 .family = PF_BLUETOOTH,
1279 .owner = THIS_MODULE,
1280 .create = sco_sock_create,
1281 };
1282
sco_init(void)1283 int __init sco_init(void)
1284 {
1285 int err;
1286
1287 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1288
1289 err = proto_register(&sco_proto, 0);
1290 if (err < 0)
1291 return err;
1292
1293 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1294 if (err < 0) {
1295 BT_ERR("SCO socket registration failed");
1296 goto error;
1297 }
1298
1299 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1300 if (err < 0) {
1301 BT_ERR("Failed to create SCO proc file");
1302 bt_sock_unregister(BTPROTO_SCO);
1303 goto error;
1304 }
1305
1306 BT_INFO("SCO socket layer initialized");
1307
1308 hci_register_cb(&sco_cb);
1309
1310 if (IS_ERR_OR_NULL(bt_debugfs))
1311 return 0;
1312
1313 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1314 NULL, &sco_debugfs_fops);
1315
1316 return 0;
1317
1318 error:
1319 proto_unregister(&sco_proto);
1320 return err;
1321 }
1322
sco_exit(void)1323 void sco_exit(void)
1324 {
1325 bt_procfs_cleanup(&init_net, "sco");
1326
1327 debugfs_remove(sco_debugfs);
1328
1329 hci_unregister_cb(&sco_cb);
1330
1331 bt_sock_unregister(BTPROTO_SCO);
1332
1333 proto_unregister(&sco_proto);
1334 }
1335
1336 module_param(disable_esco, bool, 0644);
1337 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1338