1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/sco.h>
34
35 static bool disable_esco;
36
37 static const struct proto_ops sco_sock_ops;
38
39 static struct bt_sock_list sco_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41 };
42
43 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
44 static void sco_chan_del(struct sock *sk, int err);
45
46 static void sco_sock_close(struct sock *sk);
47 static void sco_sock_kill(struct sock *sk);
48
49 /* ---- SCO timers ---- */
sco_sock_timeout(unsigned long arg)50 static void sco_sock_timeout(unsigned long arg)
51 {
52 struct sock *sk = (struct sock *) arg;
53
54 BT_DBG("sock %p state %d", sk, sk->sk_state);
55
56 bh_lock_sock(sk);
57 sk->sk_err = ETIMEDOUT;
58 sk->sk_state_change(sk);
59 bh_unlock_sock(sk);
60
61 sco_sock_kill(sk);
62 sock_put(sk);
63 }
64
sco_sock_set_timer(struct sock * sk,long timeout)65 static void sco_sock_set_timer(struct sock *sk, long timeout)
66 {
67 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
68 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
69 }
70
sco_sock_clear_timer(struct sock * sk)71 static void sco_sock_clear_timer(struct sock *sk)
72 {
73 BT_DBG("sock %p state %d", sk, sk->sk_state);
74 sk_stop_timer(sk, &sk->sk_timer);
75 }
76
77 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)78 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
79 {
80 struct hci_dev *hdev = hcon->hdev;
81 struct sco_conn *conn = hcon->sco_data;
82
83 if (conn)
84 return conn;
85
86 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
87 if (!conn)
88 return NULL;
89
90 spin_lock_init(&conn->lock);
91
92 hcon->sco_data = conn;
93 conn->hcon = hcon;
94
95 conn->src = &hdev->bdaddr;
96 conn->dst = &hcon->dst;
97
98 if (hdev->sco_mtu > 0)
99 conn->mtu = hdev->sco_mtu;
100 else
101 conn->mtu = 60;
102
103 BT_DBG("hcon %p conn %p", hcon, conn);
104
105 return conn;
106 }
107
sco_chan_get(struct sco_conn * conn)108 static struct sock *sco_chan_get(struct sco_conn *conn)
109 {
110 struct sock *sk = NULL;
111 sco_conn_lock(conn);
112 sk = conn->sk;
113 sco_conn_unlock(conn);
114 return sk;
115 }
116
sco_conn_del(struct hci_conn * hcon,int err)117 static int sco_conn_del(struct hci_conn *hcon, int err)
118 {
119 struct sco_conn *conn = hcon->sco_data;
120 struct sock *sk;
121
122 if (!conn)
123 return 0;
124
125 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
126
127 /* Kill socket */
128 sk = sco_chan_get(conn);
129 if (sk) {
130 bh_lock_sock(sk);
131 sco_sock_clear_timer(sk);
132 sco_chan_del(sk, err);
133 bh_unlock_sock(sk);
134 sco_sock_kill(sk);
135 }
136
137 hcon->sco_data = NULL;
138 kfree(conn);
139 return 0;
140 }
141
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)142 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
143 struct sock *parent)
144 {
145 int err = 0;
146
147 sco_conn_lock(conn);
148 if (conn->sk)
149 err = -EBUSY;
150 else
151 __sco_chan_add(conn, sk, parent);
152
153 sco_conn_unlock(conn);
154 return err;
155 }
156
sco_connect(struct sock * sk)157 static int sco_connect(struct sock *sk)
158 {
159 bdaddr_t *src = &bt_sk(sk)->src;
160 bdaddr_t *dst = &bt_sk(sk)->dst;
161 __u16 pkt_type = sco_pi(sk)->pkt_type;
162 struct sco_conn *conn;
163 struct hci_conn *hcon;
164 struct hci_dev *hdev;
165 int err, type;
166
167 BT_DBG("%pMR -> %pMR", src, dst);
168
169 hdev = hci_get_route(dst, src);
170 if (!hdev)
171 return -EHOSTUNREACH;
172
173 hci_dev_lock(hdev);
174
175 if (lmp_esco_capable(hdev) && !disable_esco)
176 type = ESCO_LINK;
177 else {
178 type = SCO_LINK;
179 pkt_type &= SCO_ESCO_MASK;
180 }
181
182 hcon = hci_connect(hdev, type, pkt_type, dst, BDADDR_BREDR,
183 BT_SECURITY_LOW, HCI_AT_NO_BONDING);
184 if (IS_ERR(hcon)) {
185 err = PTR_ERR(hcon);
186 goto done;
187 }
188
189 conn = sco_conn_add(hcon);
190 if (!conn) {
191 hci_conn_drop(hcon);
192 err = -ENOMEM;
193 goto done;
194 }
195
196 /* Update source addr of the socket */
197 bacpy(src, conn->src);
198
199 err = sco_chan_add(conn, sk, NULL);
200 if (err)
201 goto done;
202
203 if (hcon->state == BT_CONNECTED) {
204 sco_sock_clear_timer(sk);
205 sk->sk_state = BT_CONNECTED;
206 } else {
207 sk->sk_state = BT_CONNECT;
208 sco_sock_set_timer(sk, sk->sk_sndtimeo);
209 }
210
211 done:
212 hci_dev_unlock(hdev);
213 hci_dev_put(hdev);
214 return err;
215 }
216
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)217 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
218 {
219 struct sco_conn *conn = sco_pi(sk)->conn;
220 struct sk_buff *skb;
221 int err;
222
223 /* Check outgoing MTU */
224 if (len > conn->mtu)
225 return -EINVAL;
226
227 BT_DBG("sk %p len %d", sk, len);
228
229 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
230 if (!skb)
231 return err;
232
233 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
234 kfree_skb(skb);
235 return -EFAULT;
236 }
237
238 hci_send_sco(conn->hcon, skb);
239
240 return len;
241 }
242
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)243 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
244 {
245 struct sock *sk = sco_chan_get(conn);
246
247 if (!sk)
248 goto drop;
249
250 BT_DBG("sk %p len %d", sk, skb->len);
251
252 if (sk->sk_state != BT_CONNECTED)
253 goto drop;
254
255 if (!sock_queue_rcv_skb(sk, skb))
256 return;
257
258 drop:
259 kfree_skb(skb);
260 }
261
262 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)263 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
264 {
265 struct sock *sk;
266
267 sk_for_each(sk, &sco_sk_list.head) {
268 if (sk->sk_state != BT_LISTEN)
269 continue;
270
271 if (!bacmp(&bt_sk(sk)->src, ba))
272 return sk;
273 }
274
275 return NULL;
276 }
277
278 /* Find socket listening on source bdaddr.
279 * Returns closest match.
280 */
sco_get_sock_listen(bdaddr_t * src)281 static struct sock *sco_get_sock_listen(bdaddr_t *src)
282 {
283 struct sock *sk = NULL, *sk1 = NULL;
284
285 read_lock(&sco_sk_list.lock);
286
287 sk_for_each(sk, &sco_sk_list.head) {
288 if (sk->sk_state != BT_LISTEN)
289 continue;
290
291 /* Exact match. */
292 if (!bacmp(&bt_sk(sk)->src, src))
293 break;
294
295 /* Closest match */
296 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
297 sk1 = sk;
298 }
299
300 read_unlock(&sco_sk_list.lock);
301
302 return sk ? sk : sk1;
303 }
304
sco_sock_destruct(struct sock * sk)305 static void sco_sock_destruct(struct sock *sk)
306 {
307 BT_DBG("sk %p", sk);
308
309 skb_queue_purge(&sk->sk_receive_queue);
310 skb_queue_purge(&sk->sk_write_queue);
311 }
312
sco_sock_cleanup_listen(struct sock * parent)313 static void sco_sock_cleanup_listen(struct sock *parent)
314 {
315 struct sock *sk;
316
317 BT_DBG("parent %p", parent);
318
319 /* Close not yet accepted channels */
320 while ((sk = bt_accept_dequeue(parent, NULL))) {
321 sco_sock_close(sk);
322 sco_sock_kill(sk);
323 }
324
325 parent->sk_state = BT_CLOSED;
326 sock_set_flag(parent, SOCK_ZAPPED);
327 }
328
329 /* Kill socket (only if zapped and orphan)
330 * Must be called on unlocked socket.
331 */
sco_sock_kill(struct sock * sk)332 static void sco_sock_kill(struct sock *sk)
333 {
334 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
335 return;
336
337 BT_DBG("sk %p state %d", sk, sk->sk_state);
338
339 /* Kill poor orphan */
340 bt_sock_unlink(&sco_sk_list, sk);
341 sock_set_flag(sk, SOCK_DEAD);
342 sock_put(sk);
343 }
344
__sco_sock_close(struct sock * sk)345 static void __sco_sock_close(struct sock *sk)
346 {
347 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
348
349 switch (sk->sk_state) {
350 case BT_LISTEN:
351 sco_sock_cleanup_listen(sk);
352 break;
353
354 case BT_CONNECTED:
355 case BT_CONFIG:
356 if (sco_pi(sk)->conn->hcon) {
357 sk->sk_state = BT_DISCONN;
358 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
359 hci_conn_drop(sco_pi(sk)->conn->hcon);
360 sco_pi(sk)->conn->hcon = NULL;
361 } else
362 sco_chan_del(sk, ECONNRESET);
363 break;
364
365 case BT_CONNECT2:
366 case BT_CONNECT:
367 case BT_DISCONN:
368 sco_chan_del(sk, ECONNRESET);
369 break;
370
371 default:
372 sock_set_flag(sk, SOCK_ZAPPED);
373 break;
374 }
375 }
376
377 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)378 static void sco_sock_close(struct sock *sk)
379 {
380 sco_sock_clear_timer(sk);
381 lock_sock(sk);
382 __sco_sock_close(sk);
383 release_sock(sk);
384 sco_sock_kill(sk);
385 }
386
sco_sock_init(struct sock * sk,struct sock * parent)387 static void sco_sock_init(struct sock *sk, struct sock *parent)
388 {
389 BT_DBG("sk %p", sk);
390
391 if (parent) {
392 sk->sk_type = parent->sk_type;
393 bt_sk(sk)->flags = bt_sk(parent)->flags;
394 security_sk_clone(parent, sk);
395 }
396 }
397
398 static struct proto sco_proto = {
399 .name = "SCO",
400 .owner = THIS_MODULE,
401 .obj_size = sizeof(struct sco_pinfo)
402 };
403
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio)404 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
405 {
406 struct sock *sk;
407
408 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
409 if (!sk)
410 return NULL;
411
412 sock_init_data(sock, sk);
413 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
414
415 sk->sk_destruct = sco_sock_destruct;
416 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
417
418 sock_reset_flag(sk, SOCK_ZAPPED);
419
420 sk->sk_protocol = proto;
421 sk->sk_state = BT_OPEN;
422
423 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
424
425 bt_sock_link(&sco_sk_list, sk);
426 return sk;
427 }
428
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)429 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
430 int kern)
431 {
432 struct sock *sk;
433
434 BT_DBG("sock %p", sock);
435
436 sock->state = SS_UNCONNECTED;
437
438 if (sock->type != SOCK_SEQPACKET)
439 return -ESOCKTNOSUPPORT;
440
441 sock->ops = &sco_sock_ops;
442
443 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
444 if (!sk)
445 return -ENOMEM;
446
447 sco_sock_init(sk, NULL);
448 return 0;
449 }
450
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int alen)451 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
452 {
453 struct sockaddr_sco sa;
454 struct sock *sk = sock->sk;
455 int len, err = 0;
456
457 BT_DBG("sk %p %pMR", sk, &sa.sco_bdaddr);
458
459 if (!addr || addr->sa_family != AF_BLUETOOTH)
460 return -EINVAL;
461
462 memset(&sa, 0, sizeof(sa));
463 len = min_t(unsigned int, sizeof(sa), alen);
464 memcpy(&sa, addr, len);
465
466 lock_sock(sk);
467
468 if (sk->sk_state != BT_OPEN) {
469 err = -EBADFD;
470 goto done;
471 }
472
473 if (sk->sk_type != SOCK_SEQPACKET) {
474 err = -EINVAL;
475 goto done;
476 }
477
478 bacpy(&bt_sk(sk)->src, &sa.sco_bdaddr);
479 sco_pi(sk)->pkt_type = sa.sco_pkt_type;
480
481 sk->sk_state = BT_BOUND;
482
483 done:
484 release_sock(sk);
485 return err;
486 }
487
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)488 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
489 {
490 struct sock *sk = sock->sk;
491 struct sockaddr_sco sa;
492 int len, err;
493
494 BT_DBG("sk %p", sk);
495
496 if (!addr || addr->sa_family != AF_BLUETOOTH)
497 return -EINVAL;
498
499 memset(&sa, 0, sizeof(sa));
500 len = min_t(unsigned int, sizeof(sa), alen);
501 memcpy(&sa, addr, len);
502
503 lock_sock(sk);
504
505 if (sk->sk_type != SOCK_SEQPACKET) {
506 err = -EINVAL;
507 goto done;
508 }
509
510 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
511 err = -EBADFD;
512 goto done;
513 }
514
515 /* Set destination address and psm */
516 bacpy(&bt_sk(sk)->dst, &sa.sco_bdaddr);
517 sco_pi(sk)->pkt_type = sa.sco_pkt_type;
518
519 err = sco_connect(sk);
520 if (err)
521 goto done;
522
523 err = bt_sock_wait_state(sk, BT_CONNECTED,
524 sock_sndtimeo(sk, flags & O_NONBLOCK));
525
526 done:
527 release_sock(sk);
528 return err;
529 }
530
sco_sock_listen(struct socket * sock,int backlog)531 static int sco_sock_listen(struct socket *sock, int backlog)
532 {
533 struct sock *sk = sock->sk;
534 bdaddr_t *src = &bt_sk(sk)->src;
535 int err = 0;
536
537 BT_DBG("sk %p backlog %d", sk, backlog);
538
539 lock_sock(sk);
540
541 if (sk->sk_state != BT_BOUND) {
542 err = -EBADFD;
543 goto done;
544 }
545
546 if (sk->sk_type != SOCK_SEQPACKET) {
547 err = -EINVAL;
548 goto done;
549 }
550
551 write_lock(&sco_sk_list.lock);
552
553 if (__sco_get_sock_listen_by_addr(src)) {
554 err = -EADDRINUSE;
555 goto unlock;
556 }
557
558 sk->sk_max_ack_backlog = backlog;
559 sk->sk_ack_backlog = 0;
560
561 sk->sk_state = BT_LISTEN;
562
563 unlock:
564 write_unlock(&sco_sk_list.lock);
565
566 done:
567 release_sock(sk);
568 return err;
569 }
570
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags)571 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
572 {
573 DECLARE_WAITQUEUE(wait, current);
574 struct sock *sk = sock->sk, *ch;
575 long timeo;
576 int err = 0;
577
578 lock_sock(sk);
579
580 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
581
582 BT_DBG("sk %p timeo %ld", sk, timeo);
583
584 /* Wait for an incoming connection. (wake-one). */
585 add_wait_queue_exclusive(sk_sleep(sk), &wait);
586 while (1) {
587 set_current_state(TASK_INTERRUPTIBLE);
588
589 if (sk->sk_state != BT_LISTEN) {
590 err = -EBADFD;
591 break;
592 }
593
594 ch = bt_accept_dequeue(sk, newsock);
595 if (ch)
596 break;
597
598 if (!timeo) {
599 err = -EAGAIN;
600 break;
601 }
602
603 if (signal_pending(current)) {
604 err = sock_intr_errno(timeo);
605 break;
606 }
607
608 release_sock(sk);
609 timeo = schedule_timeout(timeo);
610 lock_sock(sk);
611 }
612 __set_current_state(TASK_RUNNING);
613 remove_wait_queue(sk_sleep(sk), &wait);
614
615 if (err)
616 goto done;
617
618 newsock->state = SS_CONNECTED;
619
620 BT_DBG("new socket %p", ch);
621
622 done:
623 release_sock(sk);
624 return err;
625 }
626
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int * len,int peer)627 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
628 {
629 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
630 struct sock *sk = sock->sk;
631
632 BT_DBG("sock %p, sk %p", sock, sk);
633
634 addr->sa_family = AF_BLUETOOTH;
635 *len = sizeof(struct sockaddr_sco);
636
637 if (peer)
638 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst);
639 else
640 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src);
641 sa->sco_pkt_type = sco_pi(sk)->pkt_type;
642
643 return 0;
644 }
645
sco_sock_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len)646 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
647 struct msghdr *msg, size_t len)
648 {
649 struct sock *sk = sock->sk;
650 int err;
651
652 BT_DBG("sock %p, sk %p", sock, sk);
653
654 err = sock_error(sk);
655 if (err)
656 return err;
657
658 if (msg->msg_flags & MSG_OOB)
659 return -EOPNOTSUPP;
660
661 lock_sock(sk);
662
663 if (sk->sk_state == BT_CONNECTED)
664 err = sco_send_frame(sk, msg, len);
665 else
666 err = -ENOTCONN;
667
668 release_sock(sk);
669 return err;
670 }
671
sco_conn_defer_accept(struct hci_conn * conn,int mask)672 static void sco_conn_defer_accept(struct hci_conn *conn, int mask)
673 {
674 struct hci_dev *hdev = conn->hdev;
675
676 BT_DBG("conn %p", conn);
677
678 conn->state = BT_CONFIG;
679
680 if (!lmp_esco_capable(hdev)) {
681 struct hci_cp_accept_conn_req cp;
682
683 bacpy(&cp.bdaddr, &conn->dst);
684
685 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
686 cp.role = 0x00; /* Become master */
687 else
688 cp.role = 0x01; /* Remain slave */
689
690 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
691 } else {
692 struct hci_cp_accept_sync_conn_req cp;
693
694 bacpy(&cp.bdaddr, &conn->dst);
695 cp.pkt_type = cpu_to_le16(conn->pkt_type);
696
697 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
698 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
699 cp.max_latency = __constant_cpu_to_le16(0xffff);
700 cp.content_format = cpu_to_le16(hdev->voice_setting);
701 cp.retrans_effort = 0xff;
702
703 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
704 sizeof(cp), &cp);
705 }
706 }
707
sco_sock_recvmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len,int flags)708 static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
709 struct msghdr *msg, size_t len, int flags)
710 {
711 struct sock *sk = sock->sk;
712 struct sco_pinfo *pi = sco_pi(sk);
713
714 lock_sock(sk);
715
716 if (sk->sk_state == BT_CONNECT2 &&
717 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
718 sco_conn_defer_accept(pi->conn->hcon, 0);
719 sk->sk_state = BT_CONFIG;
720 msg->msg_namelen = 0;
721
722 release_sock(sk);
723 return 0;
724 }
725
726 release_sock(sk);
727
728 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
729 }
730
sco_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)731 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
732 {
733 struct sock *sk = sock->sk;
734 int err = 0;
735 u32 opt;
736
737 BT_DBG("sk %p", sk);
738
739 lock_sock(sk);
740
741 switch (optname) {
742
743 case BT_DEFER_SETUP:
744 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
745 err = -EINVAL;
746 break;
747 }
748
749 if (get_user(opt, (u32 __user *) optval)) {
750 err = -EFAULT;
751 break;
752 }
753
754 if (opt)
755 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
756 else
757 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
758 break;
759
760 default:
761 err = -ENOPROTOOPT;
762 break;
763 }
764
765 release_sock(sk);
766 return err;
767 }
768
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)769 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
770 {
771 struct sock *sk = sock->sk;
772 struct sco_options opts;
773 struct sco_conninfo cinfo;
774 int len, err = 0;
775
776 BT_DBG("sk %p", sk);
777
778 if (get_user(len, optlen))
779 return -EFAULT;
780
781 lock_sock(sk);
782
783 switch (optname) {
784 case SCO_OPTIONS:
785 if (sk->sk_state != BT_CONNECTED) {
786 err = -ENOTCONN;
787 break;
788 }
789
790 opts.mtu = sco_pi(sk)->conn->mtu;
791
792 BT_DBG("mtu %d", opts.mtu);
793
794 len = min_t(unsigned int, len, sizeof(opts));
795 if (copy_to_user(optval, (char *)&opts, len))
796 err = -EFAULT;
797
798 break;
799
800 case SCO_CONNINFO:
801 if (sk->sk_state != BT_CONNECTED) {
802 err = -ENOTCONN;
803 break;
804 }
805
806 memset(&cinfo, 0, sizeof(cinfo));
807 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
808 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
809
810 len = min_t(unsigned int, len, sizeof(cinfo));
811 if (copy_to_user(optval, (char *)&cinfo, len))
812 err = -EFAULT;
813
814 break;
815
816 default:
817 err = -ENOPROTOOPT;
818 break;
819 }
820
821 release_sock(sk);
822 return err;
823 }
824
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)825 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
826 {
827 struct sock *sk = sock->sk;
828 int len, err = 0;
829
830 BT_DBG("sk %p", sk);
831
832 if (level == SOL_SCO)
833 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
834
835 if (get_user(len, optlen))
836 return -EFAULT;
837
838 lock_sock(sk);
839
840 switch (optname) {
841
842 case BT_DEFER_SETUP:
843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
844 err = -EINVAL;
845 break;
846 }
847
848 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
849 (u32 __user *) optval))
850 err = -EFAULT;
851
852 break;
853
854 default:
855 err = -ENOPROTOOPT;
856 break;
857 }
858
859 release_sock(sk);
860 return err;
861 }
862
sco_sock_shutdown(struct socket * sock,int how)863 static int sco_sock_shutdown(struct socket *sock, int how)
864 {
865 struct sock *sk = sock->sk;
866 int err = 0;
867
868 BT_DBG("sock %p, sk %p", sock, sk);
869
870 if (!sk)
871 return 0;
872
873 lock_sock(sk);
874 if (!sk->sk_shutdown) {
875 sk->sk_shutdown = SHUTDOWN_MASK;
876 sco_sock_clear_timer(sk);
877 __sco_sock_close(sk);
878
879 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
880 err = bt_sock_wait_state(sk, BT_CLOSED,
881 sk->sk_lingertime);
882 }
883 release_sock(sk);
884 return err;
885 }
886
sco_sock_release(struct socket * sock)887 static int sco_sock_release(struct socket *sock)
888 {
889 struct sock *sk = sock->sk;
890 int err = 0;
891
892 BT_DBG("sock %p, sk %p", sock, sk);
893
894 if (!sk)
895 return 0;
896
897 sco_sock_close(sk);
898
899 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
900 lock_sock(sk);
901 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
902 release_sock(sk);
903 }
904
905 sock_orphan(sk);
906 sco_sock_kill(sk);
907 return err;
908 }
909
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)910 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
911 {
912 BT_DBG("conn %p", conn);
913
914 sco_pi(sk)->conn = conn;
915 conn->sk = sk;
916
917 if (parent)
918 bt_accept_enqueue(parent, sk);
919 }
920
921 /* Delete channel.
922 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)923 static void sco_chan_del(struct sock *sk, int err)
924 {
925 struct sco_conn *conn;
926
927 conn = sco_pi(sk)->conn;
928
929 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
930
931 if (conn) {
932 sco_conn_lock(conn);
933 conn->sk = NULL;
934 sco_pi(sk)->conn = NULL;
935 sco_conn_unlock(conn);
936
937 if (conn->hcon)
938 hci_conn_drop(conn->hcon);
939 }
940
941 sk->sk_state = BT_CLOSED;
942 sk->sk_err = err;
943 sk->sk_state_change(sk);
944
945 sock_set_flag(sk, SOCK_ZAPPED);
946 }
947
sco_conn_ready(struct sco_conn * conn)948 static void sco_conn_ready(struct sco_conn *conn)
949 {
950 struct sock *parent;
951 struct sock *sk = conn->sk;
952
953 BT_DBG("conn %p", conn);
954
955 if (sk) {
956 sco_sock_clear_timer(sk);
957 bh_lock_sock(sk);
958 sk->sk_state = BT_CONNECTED;
959 sk->sk_state_change(sk);
960 bh_unlock_sock(sk);
961 } else {
962 sco_conn_lock(conn);
963
964 parent = sco_get_sock_listen(conn->src);
965 if (!parent) {
966 sco_conn_unlock(conn);
967 return;
968 }
969
970 bh_lock_sock(parent);
971
972 sk = sco_sock_alloc(sock_net(parent), NULL,
973 BTPROTO_SCO, GFP_ATOMIC);
974 if (!sk) {
975 bh_unlock_sock(parent);
976 sco_conn_unlock(conn);
977 return;
978 }
979
980 sco_sock_init(sk, parent);
981
982 bacpy(&bt_sk(sk)->src, conn->src);
983 bacpy(&bt_sk(sk)->dst, conn->dst);
984
985 hci_conn_hold(conn->hcon);
986 __sco_chan_add(conn, sk, parent);
987
988 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
989 sk->sk_state = BT_CONNECT2;
990 else
991 sk->sk_state = BT_CONNECTED;
992
993 /* Wake up parent */
994 parent->sk_data_ready(parent, 1);
995
996 bh_unlock_sock(parent);
997
998 sco_conn_unlock(conn);
999 }
1000 }
1001
1002 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1003 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1004 {
1005 struct sock *sk;
1006 int lm = 0;
1007
1008 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1009
1010 /* Find listening sockets */
1011 read_lock(&sco_sk_list.lock);
1012 sk_for_each(sk, &sco_sk_list.head) {
1013 if (sk->sk_state != BT_LISTEN)
1014 continue;
1015
1016 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) ||
1017 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
1018 lm |= HCI_LM_ACCEPT;
1019
1020 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1021 *flags |= HCI_PROTO_DEFER;
1022 break;
1023 }
1024 }
1025 read_unlock(&sco_sk_list.lock);
1026
1027 return lm;
1028 }
1029
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1030 void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1031 {
1032 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1033 if (!status) {
1034 struct sco_conn *conn;
1035
1036 conn = sco_conn_add(hcon);
1037 if (conn)
1038 sco_conn_ready(conn);
1039 } else
1040 sco_conn_del(hcon, bt_to_errno(status));
1041 }
1042
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1043 void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1044 {
1045 BT_DBG("hcon %p reason %d", hcon, reason);
1046
1047 sco_conn_del(hcon, bt_to_errno(reason));
1048 }
1049
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1050 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1051 {
1052 struct sco_conn *conn = hcon->sco_data;
1053
1054 if (!conn)
1055 goto drop;
1056
1057 BT_DBG("conn %p len %d", conn, skb->len);
1058
1059 if (skb->len) {
1060 sco_recv_frame(conn, skb);
1061 return 0;
1062 }
1063
1064 drop:
1065 kfree_skb(skb);
1066 return 0;
1067 }
1068
sco_debugfs_show(struct seq_file * f,void * p)1069 static int sco_debugfs_show(struct seq_file *f, void *p)
1070 {
1071 struct sock *sk;
1072
1073 read_lock(&sco_sk_list.lock);
1074
1075 sk_for_each(sk, &sco_sk_list.head) {
1076 seq_printf(f, "%pMR %pMR %d\n", &bt_sk(sk)->src,
1077 &bt_sk(sk)->dst, sk->sk_state);
1078 }
1079
1080 read_unlock(&sco_sk_list.lock);
1081
1082 return 0;
1083 }
1084
sco_debugfs_open(struct inode * inode,struct file * file)1085 static int sco_debugfs_open(struct inode *inode, struct file *file)
1086 {
1087 return single_open(file, sco_debugfs_show, inode->i_private);
1088 }
1089
1090 static const struct file_operations sco_debugfs_fops = {
1091 .open = sco_debugfs_open,
1092 .read = seq_read,
1093 .llseek = seq_lseek,
1094 .release = single_release,
1095 };
1096
1097 static struct dentry *sco_debugfs;
1098
1099 static const struct proto_ops sco_sock_ops = {
1100 .family = PF_BLUETOOTH,
1101 .owner = THIS_MODULE,
1102 .release = sco_sock_release,
1103 .bind = sco_sock_bind,
1104 .connect = sco_sock_connect,
1105 .listen = sco_sock_listen,
1106 .accept = sco_sock_accept,
1107 .getname = sco_sock_getname,
1108 .sendmsg = sco_sock_sendmsg,
1109 .recvmsg = sco_sock_recvmsg,
1110 .poll = bt_sock_poll,
1111 .ioctl = bt_sock_ioctl,
1112 .mmap = sock_no_mmap,
1113 .socketpair = sock_no_socketpair,
1114 .shutdown = sco_sock_shutdown,
1115 .setsockopt = sco_sock_setsockopt,
1116 .getsockopt = sco_sock_getsockopt
1117 };
1118
1119 static const struct net_proto_family sco_sock_family_ops = {
1120 .family = PF_BLUETOOTH,
1121 .owner = THIS_MODULE,
1122 .create = sco_sock_create,
1123 };
1124
sco_init(void)1125 int __init sco_init(void)
1126 {
1127 int err;
1128
1129 err = proto_register(&sco_proto, 0);
1130 if (err < 0)
1131 return err;
1132
1133 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1134 if (err < 0) {
1135 BT_ERR("SCO socket registration failed");
1136 goto error;
1137 }
1138
1139 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1140 if (err < 0) {
1141 BT_ERR("Failed to create SCO proc file");
1142 bt_sock_unregister(BTPROTO_SCO);
1143 goto error;
1144 }
1145
1146 if (bt_debugfs) {
1147 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1148 NULL, &sco_debugfs_fops);
1149 if (!sco_debugfs)
1150 BT_ERR("Failed to create SCO debug file");
1151 }
1152
1153 BT_INFO("SCO socket layer initialized");
1154
1155 return 0;
1156
1157 error:
1158 proto_unregister(&sco_proto);
1159 return err;
1160 }
1161
sco_exit(void)1162 void __exit sco_exit(void)
1163 {
1164 bt_procfs_cleanup(&init_net, "sco");
1165
1166 debugfs_remove(sco_debugfs);
1167
1168 bt_sock_unregister(BTPROTO_SCO);
1169
1170 proto_unregister(&sco_proto);
1171 }
1172
1173 module_param(disable_esco, bool, 0644);
1174 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1175