1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/sco.h>
34
35 static bool disable_esco;
36
37 static const struct proto_ops sco_sock_ops;
38
39 static struct bt_sock_list sco_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41 };
42
43 /* ---- SCO connections ---- */
44 struct sco_conn {
45 struct hci_conn *hcon;
46
47 spinlock_t lock;
48 struct sock *sk;
49
50 unsigned int mtu;
51 };
52
53 #define sco_conn_lock(c) spin_lock(&c->lock);
54 #define sco_conn_unlock(c) spin_unlock(&c->lock);
55
56 static void sco_sock_close(struct sock *sk);
57 static void sco_sock_kill(struct sock *sk);
58
59 /* ----- SCO socket info ----- */
60 #define sco_pi(sk) ((struct sco_pinfo *) sk)
61
62 struct sco_pinfo {
63 struct bt_sock bt;
64 bdaddr_t src;
65 bdaddr_t dst;
66 __u32 flags;
67 __u16 setting;
68 struct sco_conn *conn;
69 };
70
71 /* ---- SCO timers ---- */
72 #define SCO_CONN_TIMEOUT (HZ * 40)
73 #define SCO_DISCONN_TIMEOUT (HZ * 2)
74
sco_sock_timeout(unsigned long arg)75 static void sco_sock_timeout(unsigned long arg)
76 {
77 struct sock *sk = (struct sock *) arg;
78
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
80
81 bh_lock_sock(sk);
82 sk->sk_err = ETIMEDOUT;
83 sk->sk_state_change(sk);
84 bh_unlock_sock(sk);
85
86 sco_sock_kill(sk);
87 sock_put(sk);
88 }
89
sco_sock_set_timer(struct sock * sk,long timeout)90 static void sco_sock_set_timer(struct sock *sk, long timeout)
91 {
92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
94 }
95
sco_sock_clear_timer(struct sock * sk)96 static void sco_sock_clear_timer(struct sock *sk)
97 {
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99 sk_stop_timer(sk, &sk->sk_timer);
100 }
101
102 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)103 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
104 {
105 struct hci_dev *hdev = hcon->hdev;
106 struct sco_conn *conn = hcon->sco_data;
107
108 if (conn)
109 return conn;
110
111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
112 if (!conn)
113 return NULL;
114
115 spin_lock_init(&conn->lock);
116
117 hcon->sco_data = conn;
118 conn->hcon = hcon;
119
120 if (hdev->sco_mtu > 0)
121 conn->mtu = hdev->sco_mtu;
122 else
123 conn->mtu = 60;
124
125 BT_DBG("hcon %p conn %p", hcon, conn);
126
127 return conn;
128 }
129
130 /* Delete channel.
131 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)132 static void sco_chan_del(struct sock *sk, int err)
133 {
134 struct sco_conn *conn;
135
136 conn = sco_pi(sk)->conn;
137
138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
139
140 if (conn) {
141 sco_conn_lock(conn);
142 conn->sk = NULL;
143 sco_pi(sk)->conn = NULL;
144 sco_conn_unlock(conn);
145
146 if (conn->hcon)
147 hci_conn_drop(conn->hcon);
148 }
149
150 sk->sk_state = BT_CLOSED;
151 sk->sk_err = err;
152 sk->sk_state_change(sk);
153
154 sock_set_flag(sk, SOCK_ZAPPED);
155 }
156
sco_conn_del(struct hci_conn * hcon,int err)157 static int sco_conn_del(struct hci_conn *hcon, int err)
158 {
159 struct sco_conn *conn = hcon->sco_data;
160 struct sock *sk;
161
162 if (!conn)
163 return 0;
164
165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
166
167 /* Kill socket */
168 sco_conn_lock(conn);
169 sk = conn->sk;
170 sco_conn_unlock(conn);
171
172 if (sk) {
173 bh_lock_sock(sk);
174 sco_sock_clear_timer(sk);
175 sco_chan_del(sk, err);
176 bh_unlock_sock(sk);
177 sco_sock_kill(sk);
178 }
179
180 hcon->sco_data = NULL;
181 kfree(conn);
182 return 0;
183 }
184
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)185 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
186 {
187 BT_DBG("conn %p", conn);
188
189 sco_pi(sk)->conn = conn;
190 conn->sk = sk;
191
192 if (parent)
193 bt_accept_enqueue(parent, sk);
194 }
195
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)196 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
197 struct sock *parent)
198 {
199 int err = 0;
200
201 sco_conn_lock(conn);
202 if (conn->sk)
203 err = -EBUSY;
204 else
205 __sco_chan_add(conn, sk, parent);
206
207 sco_conn_unlock(conn);
208 return err;
209 }
210
sco_connect(struct sock * sk)211 static int sco_connect(struct sock *sk)
212 {
213 struct sco_conn *conn;
214 struct hci_conn *hcon;
215 struct hci_dev *hdev;
216 int err, type;
217
218 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
219
220 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
221 if (!hdev)
222 return -EHOSTUNREACH;
223
224 hci_dev_lock(hdev);
225
226 if (lmp_esco_capable(hdev) && !disable_esco)
227 type = ESCO_LINK;
228 else
229 type = SCO_LINK;
230
231 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
232 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
233 err = -EOPNOTSUPP;
234 goto done;
235 }
236
237 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
238 sco_pi(sk)->setting);
239 if (IS_ERR(hcon)) {
240 err = PTR_ERR(hcon);
241 goto done;
242 }
243
244 conn = sco_conn_add(hcon);
245 if (!conn) {
246 hci_conn_drop(hcon);
247 err = -ENOMEM;
248 goto done;
249 }
250
251 /* Update source addr of the socket */
252 bacpy(&sco_pi(sk)->src, &hcon->src);
253
254 err = sco_chan_add(conn, sk, NULL);
255 if (err)
256 goto done;
257
258 if (hcon->state == BT_CONNECTED) {
259 sco_sock_clear_timer(sk);
260 sk->sk_state = BT_CONNECTED;
261 } else {
262 sk->sk_state = BT_CONNECT;
263 sco_sock_set_timer(sk, sk->sk_sndtimeo);
264 }
265
266 done:
267 hci_dev_unlock(hdev);
268 hci_dev_put(hdev);
269 return err;
270 }
271
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)272 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
273 {
274 struct sco_conn *conn = sco_pi(sk)->conn;
275 struct sk_buff *skb;
276 int err;
277
278 /* Check outgoing MTU */
279 if (len > conn->mtu)
280 return -EINVAL;
281
282 BT_DBG("sk %p len %d", sk, len);
283
284 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
285 if (!skb)
286 return err;
287
288 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
289 kfree_skb(skb);
290 return -EFAULT;
291 }
292
293 hci_send_sco(conn->hcon, skb);
294
295 return len;
296 }
297
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)298 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
299 {
300 struct sock *sk;
301
302 sco_conn_lock(conn);
303 sk = conn->sk;
304 sco_conn_unlock(conn);
305
306 if (!sk)
307 goto drop;
308
309 BT_DBG("sk %p len %d", sk, skb->len);
310
311 if (sk->sk_state != BT_CONNECTED)
312 goto drop;
313
314 if (!sock_queue_rcv_skb(sk, skb))
315 return;
316
317 drop:
318 kfree_skb(skb);
319 }
320
321 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)322 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
323 {
324 struct sock *sk;
325
326 sk_for_each(sk, &sco_sk_list.head) {
327 if (sk->sk_state != BT_LISTEN)
328 continue;
329
330 if (!bacmp(&sco_pi(sk)->src, ba))
331 return sk;
332 }
333
334 return NULL;
335 }
336
337 /* Find socket listening on source bdaddr.
338 * Returns closest match.
339 */
sco_get_sock_listen(bdaddr_t * src)340 static struct sock *sco_get_sock_listen(bdaddr_t *src)
341 {
342 struct sock *sk = NULL, *sk1 = NULL;
343
344 read_lock(&sco_sk_list.lock);
345
346 sk_for_each(sk, &sco_sk_list.head) {
347 if (sk->sk_state != BT_LISTEN)
348 continue;
349
350 /* Exact match. */
351 if (!bacmp(&sco_pi(sk)->src, src))
352 break;
353
354 /* Closest match */
355 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
356 sk1 = sk;
357 }
358
359 read_unlock(&sco_sk_list.lock);
360
361 return sk ? sk : sk1;
362 }
363
sco_sock_destruct(struct sock * sk)364 static void sco_sock_destruct(struct sock *sk)
365 {
366 BT_DBG("sk %p", sk);
367
368 skb_queue_purge(&sk->sk_receive_queue);
369 skb_queue_purge(&sk->sk_write_queue);
370 }
371
sco_sock_cleanup_listen(struct sock * parent)372 static void sco_sock_cleanup_listen(struct sock *parent)
373 {
374 struct sock *sk;
375
376 BT_DBG("parent %p", parent);
377
378 /* Close not yet accepted channels */
379 while ((sk = bt_accept_dequeue(parent, NULL))) {
380 sco_sock_close(sk);
381 sco_sock_kill(sk);
382 }
383
384 parent->sk_state = BT_CLOSED;
385 sock_set_flag(parent, SOCK_ZAPPED);
386 }
387
388 /* Kill socket (only if zapped and orphan)
389 * Must be called on unlocked socket.
390 */
sco_sock_kill(struct sock * sk)391 static void sco_sock_kill(struct sock *sk)
392 {
393 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
394 return;
395
396 BT_DBG("sk %p state %d", sk, sk->sk_state);
397
398 /* Kill poor orphan */
399 bt_sock_unlink(&sco_sk_list, sk);
400 sock_set_flag(sk, SOCK_DEAD);
401 sock_put(sk);
402 }
403
__sco_sock_close(struct sock * sk)404 static void __sco_sock_close(struct sock *sk)
405 {
406 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
407
408 switch (sk->sk_state) {
409 case BT_LISTEN:
410 sco_sock_cleanup_listen(sk);
411 break;
412
413 case BT_CONNECTED:
414 case BT_CONFIG:
415 if (sco_pi(sk)->conn->hcon) {
416 sk->sk_state = BT_DISCONN;
417 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
418 hci_conn_drop(sco_pi(sk)->conn->hcon);
419 sco_pi(sk)->conn->hcon = NULL;
420 } else
421 sco_chan_del(sk, ECONNRESET);
422 break;
423
424 case BT_CONNECT2:
425 case BT_CONNECT:
426 case BT_DISCONN:
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 default:
431 sock_set_flag(sk, SOCK_ZAPPED);
432 break;
433 }
434 }
435
436 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)437 static void sco_sock_close(struct sock *sk)
438 {
439 sco_sock_clear_timer(sk);
440 lock_sock(sk);
441 __sco_sock_close(sk);
442 release_sock(sk);
443 sco_sock_kill(sk);
444 }
445
sco_sock_init(struct sock * sk,struct sock * parent)446 static void sco_sock_init(struct sock *sk, struct sock *parent)
447 {
448 BT_DBG("sk %p", sk);
449
450 if (parent) {
451 sk->sk_type = parent->sk_type;
452 bt_sk(sk)->flags = bt_sk(parent)->flags;
453 security_sk_clone(parent, sk);
454 }
455 }
456
457 static struct proto sco_proto = {
458 .name = "SCO",
459 .owner = THIS_MODULE,
460 .obj_size = sizeof(struct sco_pinfo)
461 };
462
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio)463 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
464 {
465 struct sock *sk;
466
467 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
468 if (!sk)
469 return NULL;
470
471 sock_init_data(sock, sk);
472 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
473
474 sk->sk_destruct = sco_sock_destruct;
475 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
476
477 sock_reset_flag(sk, SOCK_ZAPPED);
478
479 sk->sk_protocol = proto;
480 sk->sk_state = BT_OPEN;
481
482 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
483
484 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
485
486 bt_sock_link(&sco_sk_list, sk);
487 return sk;
488 }
489
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)490 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
491 int kern)
492 {
493 struct sock *sk;
494
495 BT_DBG("sock %p", sock);
496
497 sock->state = SS_UNCONNECTED;
498
499 if (sock->type != SOCK_SEQPACKET)
500 return -ESOCKTNOSUPPORT;
501
502 sock->ops = &sco_sock_ops;
503
504 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
505 if (!sk)
506 return -ENOMEM;
507
508 sco_sock_init(sk, NULL);
509 return 0;
510 }
511
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)512 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
513 {
514 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
515 struct sock *sk = sock->sk;
516 int err = 0;
517
518 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
519
520 if (!addr || addr->sa_family != AF_BLUETOOTH)
521 return -EINVAL;
522
523 if (addr_len < sizeof(struct sockaddr_sco))
524 return -EINVAL;
525
526 lock_sock(sk);
527
528 if (sk->sk_state != BT_OPEN) {
529 err = -EBADFD;
530 goto done;
531 }
532
533 if (sk->sk_type != SOCK_SEQPACKET) {
534 err = -EINVAL;
535 goto done;
536 }
537
538 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
539
540 sk->sk_state = BT_BOUND;
541
542 done:
543 release_sock(sk);
544 return err;
545 }
546
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)547 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
548 {
549 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
550 struct sock *sk = sock->sk;
551 int err;
552
553 BT_DBG("sk %p", sk);
554
555 if (alen < sizeof(struct sockaddr_sco) ||
556 addr->sa_family != AF_BLUETOOTH)
557 return -EINVAL;
558
559 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
560 return -EBADFD;
561
562 if (sk->sk_type != SOCK_SEQPACKET)
563 return -EINVAL;
564
565 lock_sock(sk);
566
567 /* Set destination address and psm */
568 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
569
570 err = sco_connect(sk);
571 if (err)
572 goto done;
573
574 err = bt_sock_wait_state(sk, BT_CONNECTED,
575 sock_sndtimeo(sk, flags & O_NONBLOCK));
576
577 done:
578 release_sock(sk);
579 return err;
580 }
581
sco_sock_listen(struct socket * sock,int backlog)582 static int sco_sock_listen(struct socket *sock, int backlog)
583 {
584 struct sock *sk = sock->sk;
585 bdaddr_t *src = &sco_pi(sk)->src;
586 int err = 0;
587
588 BT_DBG("sk %p backlog %d", sk, backlog);
589
590 lock_sock(sk);
591
592 if (sk->sk_state != BT_BOUND) {
593 err = -EBADFD;
594 goto done;
595 }
596
597 if (sk->sk_type != SOCK_SEQPACKET) {
598 err = -EINVAL;
599 goto done;
600 }
601
602 write_lock(&sco_sk_list.lock);
603
604 if (__sco_get_sock_listen_by_addr(src)) {
605 err = -EADDRINUSE;
606 goto unlock;
607 }
608
609 sk->sk_max_ack_backlog = backlog;
610 sk->sk_ack_backlog = 0;
611
612 sk->sk_state = BT_LISTEN;
613
614 unlock:
615 write_unlock(&sco_sk_list.lock);
616
617 done:
618 release_sock(sk);
619 return err;
620 }
621
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags)622 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
623 {
624 DECLARE_WAITQUEUE(wait, current);
625 struct sock *sk = sock->sk, *ch;
626 long timeo;
627 int err = 0;
628
629 lock_sock(sk);
630
631 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
632
633 BT_DBG("sk %p timeo %ld", sk, timeo);
634
635 /* Wait for an incoming connection. (wake-one). */
636 add_wait_queue_exclusive(sk_sleep(sk), &wait);
637 while (1) {
638 set_current_state(TASK_INTERRUPTIBLE);
639
640 if (sk->sk_state != BT_LISTEN) {
641 err = -EBADFD;
642 break;
643 }
644
645 ch = bt_accept_dequeue(sk, newsock);
646 if (ch)
647 break;
648
649 if (!timeo) {
650 err = -EAGAIN;
651 break;
652 }
653
654 if (signal_pending(current)) {
655 err = sock_intr_errno(timeo);
656 break;
657 }
658
659 release_sock(sk);
660 timeo = schedule_timeout(timeo);
661 lock_sock(sk);
662 }
663 __set_current_state(TASK_RUNNING);
664 remove_wait_queue(sk_sleep(sk), &wait);
665
666 if (err)
667 goto done;
668
669 newsock->state = SS_CONNECTED;
670
671 BT_DBG("new socket %p", ch);
672
673 done:
674 release_sock(sk);
675 return err;
676 }
677
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int * len,int peer)678 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
679 {
680 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
681 struct sock *sk = sock->sk;
682
683 BT_DBG("sock %p, sk %p", sock, sk);
684
685 addr->sa_family = AF_BLUETOOTH;
686 *len = sizeof(struct sockaddr_sco);
687
688 if (peer)
689 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
690 else
691 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
692
693 return 0;
694 }
695
sco_sock_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len)696 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
697 struct msghdr *msg, size_t len)
698 {
699 struct sock *sk = sock->sk;
700 int err;
701
702 BT_DBG("sock %p, sk %p", sock, sk);
703
704 err = sock_error(sk);
705 if (err)
706 return err;
707
708 if (msg->msg_flags & MSG_OOB)
709 return -EOPNOTSUPP;
710
711 lock_sock(sk);
712
713 if (sk->sk_state == BT_CONNECTED)
714 err = sco_send_frame(sk, msg, len);
715 else
716 err = -ENOTCONN;
717
718 release_sock(sk);
719 return err;
720 }
721
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)722 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
723 {
724 struct hci_dev *hdev = conn->hdev;
725
726 BT_DBG("conn %p", conn);
727
728 conn->state = BT_CONFIG;
729
730 if (!lmp_esco_capable(hdev)) {
731 struct hci_cp_accept_conn_req cp;
732
733 bacpy(&cp.bdaddr, &conn->dst);
734 cp.role = 0x00; /* Ignored */
735
736 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
737 } else {
738 struct hci_cp_accept_sync_conn_req cp;
739
740 bacpy(&cp.bdaddr, &conn->dst);
741 cp.pkt_type = cpu_to_le16(conn->pkt_type);
742
743 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
744 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
745 cp.content_format = cpu_to_le16(setting);
746
747 switch (setting & SCO_AIRMODE_MASK) {
748 case SCO_AIRMODE_TRANSP:
749 if (conn->pkt_type & ESCO_2EV3)
750 cp.max_latency = cpu_to_le16(0x0008);
751 else
752 cp.max_latency = cpu_to_le16(0x000D);
753 cp.retrans_effort = 0x02;
754 break;
755 case SCO_AIRMODE_CVSD:
756 cp.max_latency = cpu_to_le16(0xffff);
757 cp.retrans_effort = 0xff;
758 break;
759 }
760
761 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
762 sizeof(cp), &cp);
763 }
764 }
765
sco_sock_recvmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len,int flags)766 static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
767 struct msghdr *msg, size_t len, int flags)
768 {
769 struct sock *sk = sock->sk;
770 struct sco_pinfo *pi = sco_pi(sk);
771
772 lock_sock(sk);
773
774 if (sk->sk_state == BT_CONNECT2 &&
775 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
776 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
777 sk->sk_state = BT_CONFIG;
778
779 release_sock(sk);
780 return 0;
781 }
782
783 release_sock(sk);
784
785 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
786 }
787
sco_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)788 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
789 {
790 struct sock *sk = sock->sk;
791 int len, err = 0;
792 struct bt_voice voice;
793 u32 opt;
794
795 BT_DBG("sk %p", sk);
796
797 lock_sock(sk);
798
799 switch (optname) {
800
801 case BT_DEFER_SETUP:
802 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
803 err = -EINVAL;
804 break;
805 }
806
807 if (get_user(opt, (u32 __user *) optval)) {
808 err = -EFAULT;
809 break;
810 }
811
812 if (opt)
813 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
814 else
815 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
816 break;
817
818 case BT_VOICE:
819 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
820 sk->sk_state != BT_CONNECT2) {
821 err = -EINVAL;
822 break;
823 }
824
825 voice.setting = sco_pi(sk)->setting;
826
827 len = min_t(unsigned int, sizeof(voice), optlen);
828 if (copy_from_user((char *) &voice, optval, len)) {
829 err = -EFAULT;
830 break;
831 }
832
833 /* Explicitly check for these values */
834 if (voice.setting != BT_VOICE_TRANSPARENT &&
835 voice.setting != BT_VOICE_CVSD_16BIT) {
836 err = -EINVAL;
837 break;
838 }
839
840 sco_pi(sk)->setting = voice.setting;
841 break;
842
843 default:
844 err = -ENOPROTOOPT;
845 break;
846 }
847
848 release_sock(sk);
849 return err;
850 }
851
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)852 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
853 {
854 struct sock *sk = sock->sk;
855 struct sco_options opts;
856 struct sco_conninfo cinfo;
857 int len, err = 0;
858
859 BT_DBG("sk %p", sk);
860
861 if (get_user(len, optlen))
862 return -EFAULT;
863
864 lock_sock(sk);
865
866 switch (optname) {
867 case SCO_OPTIONS:
868 if (sk->sk_state != BT_CONNECTED &&
869 !(sk->sk_state == BT_CONNECT2 &&
870 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
871 err = -ENOTCONN;
872 break;
873 }
874
875 opts.mtu = sco_pi(sk)->conn->mtu;
876
877 BT_DBG("mtu %d", opts.mtu);
878
879 len = min_t(unsigned int, len, sizeof(opts));
880 if (copy_to_user(optval, (char *)&opts, len))
881 err = -EFAULT;
882
883 break;
884
885 case SCO_CONNINFO:
886 if (sk->sk_state != BT_CONNECTED &&
887 !(sk->sk_state == BT_CONNECT2 &&
888 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
889 err = -ENOTCONN;
890 break;
891 }
892
893 memset(&cinfo, 0, sizeof(cinfo));
894 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
895 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
896
897 len = min_t(unsigned int, len, sizeof(cinfo));
898 if (copy_to_user(optval, (char *)&cinfo, len))
899 err = -EFAULT;
900
901 break;
902
903 default:
904 err = -ENOPROTOOPT;
905 break;
906 }
907
908 release_sock(sk);
909 return err;
910 }
911
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)912 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
913 {
914 struct sock *sk = sock->sk;
915 int len, err = 0;
916 struct bt_voice voice;
917
918 BT_DBG("sk %p", sk);
919
920 if (level == SOL_SCO)
921 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
922
923 if (get_user(len, optlen))
924 return -EFAULT;
925
926 lock_sock(sk);
927
928 switch (optname) {
929
930 case BT_DEFER_SETUP:
931 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
932 err = -EINVAL;
933 break;
934 }
935
936 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
937 (u32 __user *) optval))
938 err = -EFAULT;
939
940 break;
941
942 case BT_VOICE:
943 voice.setting = sco_pi(sk)->setting;
944
945 len = min_t(unsigned int, len, sizeof(voice));
946 if (copy_to_user(optval, (char *)&voice, len))
947 err = -EFAULT;
948
949 break;
950
951 default:
952 err = -ENOPROTOOPT;
953 break;
954 }
955
956 release_sock(sk);
957 return err;
958 }
959
sco_sock_shutdown(struct socket * sock,int how)960 static int sco_sock_shutdown(struct socket *sock, int how)
961 {
962 struct sock *sk = sock->sk;
963 int err = 0;
964
965 BT_DBG("sock %p, sk %p", sock, sk);
966
967 if (!sk)
968 return 0;
969
970 lock_sock(sk);
971 if (!sk->sk_shutdown) {
972 sk->sk_shutdown = SHUTDOWN_MASK;
973 sco_sock_clear_timer(sk);
974 __sco_sock_close(sk);
975
976 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
977 !(current->flags & PF_EXITING))
978 err = bt_sock_wait_state(sk, BT_CLOSED,
979 sk->sk_lingertime);
980 }
981 release_sock(sk);
982 return err;
983 }
984
sco_sock_release(struct socket * sock)985 static int sco_sock_release(struct socket *sock)
986 {
987 struct sock *sk = sock->sk;
988 int err = 0;
989
990 BT_DBG("sock %p, sk %p", sock, sk);
991
992 if (!sk)
993 return 0;
994
995 sco_sock_close(sk);
996
997 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
998 !(current->flags & PF_EXITING)) {
999 lock_sock(sk);
1000 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1001 release_sock(sk);
1002 }
1003
1004 sock_orphan(sk);
1005 sco_sock_kill(sk);
1006 return err;
1007 }
1008
sco_conn_ready(struct sco_conn * conn)1009 static void sco_conn_ready(struct sco_conn *conn)
1010 {
1011 struct sock *parent;
1012 struct sock *sk = conn->sk;
1013
1014 BT_DBG("conn %p", conn);
1015
1016 if (sk) {
1017 sco_sock_clear_timer(sk);
1018 bh_lock_sock(sk);
1019 sk->sk_state = BT_CONNECTED;
1020 sk->sk_state_change(sk);
1021 bh_unlock_sock(sk);
1022 } else {
1023 sco_conn_lock(conn);
1024
1025 parent = sco_get_sock_listen(&conn->hcon->src);
1026 if (!parent) {
1027 sco_conn_unlock(conn);
1028 return;
1029 }
1030
1031 bh_lock_sock(parent);
1032
1033 sk = sco_sock_alloc(sock_net(parent), NULL,
1034 BTPROTO_SCO, GFP_ATOMIC);
1035 if (!sk) {
1036 bh_unlock_sock(parent);
1037 sco_conn_unlock(conn);
1038 return;
1039 }
1040
1041 sco_sock_init(sk, parent);
1042
1043 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1044 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1045
1046 hci_conn_hold(conn->hcon);
1047 __sco_chan_add(conn, sk, parent);
1048
1049 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1050 sk->sk_state = BT_CONNECT2;
1051 else
1052 sk->sk_state = BT_CONNECTED;
1053
1054 /* Wake up parent */
1055 parent->sk_data_ready(parent);
1056
1057 bh_unlock_sock(parent);
1058
1059 sco_conn_unlock(conn);
1060 }
1061 }
1062
1063 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1064 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1065 {
1066 struct sock *sk;
1067 int lm = 0;
1068
1069 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1070
1071 /* Find listening sockets */
1072 read_lock(&sco_sk_list.lock);
1073 sk_for_each(sk, &sco_sk_list.head) {
1074 if (sk->sk_state != BT_LISTEN)
1075 continue;
1076
1077 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1078 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1079 lm |= HCI_LM_ACCEPT;
1080
1081 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1082 *flags |= HCI_PROTO_DEFER;
1083 break;
1084 }
1085 }
1086 read_unlock(&sco_sk_list.lock);
1087
1088 return lm;
1089 }
1090
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1091 void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1092 {
1093 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1094 if (!status) {
1095 struct sco_conn *conn;
1096
1097 conn = sco_conn_add(hcon);
1098 if (conn)
1099 sco_conn_ready(conn);
1100 } else
1101 sco_conn_del(hcon, bt_to_errno(status));
1102 }
1103
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1104 void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1105 {
1106 BT_DBG("hcon %p reason %d", hcon, reason);
1107
1108 sco_conn_del(hcon, bt_to_errno(reason));
1109 }
1110
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1111 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1112 {
1113 struct sco_conn *conn = hcon->sco_data;
1114
1115 if (!conn)
1116 goto drop;
1117
1118 BT_DBG("conn %p len %d", conn, skb->len);
1119
1120 if (skb->len) {
1121 sco_recv_frame(conn, skb);
1122 return 0;
1123 }
1124
1125 drop:
1126 kfree_skb(skb);
1127 return 0;
1128 }
1129
sco_debugfs_show(struct seq_file * f,void * p)1130 static int sco_debugfs_show(struct seq_file *f, void *p)
1131 {
1132 struct sock *sk;
1133
1134 read_lock(&sco_sk_list.lock);
1135
1136 sk_for_each(sk, &sco_sk_list.head) {
1137 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1138 &sco_pi(sk)->dst, sk->sk_state);
1139 }
1140
1141 read_unlock(&sco_sk_list.lock);
1142
1143 return 0;
1144 }
1145
sco_debugfs_open(struct inode * inode,struct file * file)1146 static int sco_debugfs_open(struct inode *inode, struct file *file)
1147 {
1148 return single_open(file, sco_debugfs_show, inode->i_private);
1149 }
1150
1151 static const struct file_operations sco_debugfs_fops = {
1152 .open = sco_debugfs_open,
1153 .read = seq_read,
1154 .llseek = seq_lseek,
1155 .release = single_release,
1156 };
1157
1158 static struct dentry *sco_debugfs;
1159
1160 static const struct proto_ops sco_sock_ops = {
1161 .family = PF_BLUETOOTH,
1162 .owner = THIS_MODULE,
1163 .release = sco_sock_release,
1164 .bind = sco_sock_bind,
1165 .connect = sco_sock_connect,
1166 .listen = sco_sock_listen,
1167 .accept = sco_sock_accept,
1168 .getname = sco_sock_getname,
1169 .sendmsg = sco_sock_sendmsg,
1170 .recvmsg = sco_sock_recvmsg,
1171 .poll = bt_sock_poll,
1172 .ioctl = bt_sock_ioctl,
1173 .mmap = sock_no_mmap,
1174 .socketpair = sock_no_socketpair,
1175 .shutdown = sco_sock_shutdown,
1176 .setsockopt = sco_sock_setsockopt,
1177 .getsockopt = sco_sock_getsockopt
1178 };
1179
1180 static const struct net_proto_family sco_sock_family_ops = {
1181 .family = PF_BLUETOOTH,
1182 .owner = THIS_MODULE,
1183 .create = sco_sock_create,
1184 };
1185
sco_init(void)1186 int __init sco_init(void)
1187 {
1188 int err;
1189
1190 err = proto_register(&sco_proto, 0);
1191 if (err < 0)
1192 return err;
1193
1194 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1195 if (err < 0) {
1196 BT_ERR("SCO socket registration failed");
1197 goto error;
1198 }
1199
1200 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1201 if (err < 0) {
1202 BT_ERR("Failed to create SCO proc file");
1203 bt_sock_unregister(BTPROTO_SCO);
1204 goto error;
1205 }
1206
1207 BT_INFO("SCO socket layer initialized");
1208
1209 if (IS_ERR_OR_NULL(bt_debugfs))
1210 return 0;
1211
1212 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1213 NULL, &sco_debugfs_fops);
1214
1215 return 0;
1216
1217 error:
1218 proto_unregister(&sco_proto);
1219 return err;
1220 }
1221
sco_exit(void)1222 void __exit sco_exit(void)
1223 {
1224 bt_procfs_cleanup(&init_net, "sco");
1225
1226 debugfs_remove(sco_debugfs);
1227
1228 bt_sock_unregister(BTPROTO_SCO);
1229
1230 proto_unregister(&sco_proto);
1231 }
1232
1233 module_param(disable_esco, bool, 0644);
1234 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1235