1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52 };
53
54 #define sco_conn_lock(c) spin_lock(&c->lock);
55 #define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57 static void sco_sock_close(struct sock *sk);
58 static void sco_sock_kill(struct sock *sk);
59
60 /* ----- SCO socket info ----- */
61 #define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63 struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 struct sco_conn *conn;
70 };
71
72 /* ---- SCO timers ---- */
73 #define SCO_CONN_TIMEOUT (HZ * 40)
74 #define SCO_DISCONN_TIMEOUT (HZ * 2)
75
sco_sock_timeout(struct timer_list * t)76 static void sco_sock_timeout(struct timer_list *t)
77 {
78 struct sock *sk = from_timer(sk, t, sk_timer);
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89 }
90
sco_sock_set_timer(struct sock * sk,long timeout)91 static void sco_sock_set_timer(struct sock *sk, long timeout)
92 {
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95 }
96
sco_sock_clear_timer(struct sock * sk)97 static void sco_sock_clear_timer(struct sock *sk)
98 {
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101 }
102
103 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)104 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105 {
106 struct hci_dev *hdev = hcon->hdev;
107 struct sco_conn *conn = hcon->sco_data;
108
109 if (conn)
110 return conn;
111
112 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 if (!conn)
114 return NULL;
115
116 spin_lock_init(&conn->lock);
117
118 hcon->sco_data = conn;
119 conn->hcon = hcon;
120
121 if (hdev->sco_mtu > 0)
122 conn->mtu = hdev->sco_mtu;
123 else
124 conn->mtu = 60;
125
126 BT_DBG("hcon %p conn %p", hcon, conn);
127
128 return conn;
129 }
130
131 /* Delete channel.
132 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)133 static void sco_chan_del(struct sock *sk, int err)
134 {
135 struct sco_conn *conn;
136
137 conn = sco_pi(sk)->conn;
138
139 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140
141 if (conn) {
142 sco_conn_lock(conn);
143 conn->sk = NULL;
144 sco_pi(sk)->conn = NULL;
145 sco_conn_unlock(conn);
146
147 if (conn->hcon)
148 hci_conn_drop(conn->hcon);
149 }
150
151 sk->sk_state = BT_CLOSED;
152 sk->sk_err = err;
153 sk->sk_state_change(sk);
154
155 sock_set_flag(sk, SOCK_ZAPPED);
156 }
157
sco_conn_del(struct hci_conn * hcon,int err)158 static void sco_conn_del(struct hci_conn *hcon, int err)
159 {
160 struct sco_conn *conn = hcon->sco_data;
161 struct sock *sk;
162
163 if (!conn)
164 return;
165
166 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167
168 /* Kill socket */
169 sco_conn_lock(conn);
170 sk = conn->sk;
171 sco_conn_unlock(conn);
172
173 if (sk) {
174 sock_hold(sk);
175 bh_lock_sock(sk);
176 sco_sock_clear_timer(sk);
177 sco_chan_del(sk, err);
178 bh_unlock_sock(sk);
179 sco_sock_kill(sk);
180 sock_put(sk);
181 }
182
183 hcon->sco_data = NULL;
184 kfree(conn);
185 }
186
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)187 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 struct sock *parent)
189 {
190 BT_DBG("conn %p", conn);
191
192 sco_pi(sk)->conn = conn;
193 conn->sk = sk;
194
195 if (parent)
196 bt_accept_enqueue(parent, sk, true);
197 }
198
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)199 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 struct sock *parent)
201 {
202 int err = 0;
203
204 sco_conn_lock(conn);
205 if (conn->sk)
206 err = -EBUSY;
207 else
208 __sco_chan_add(conn, sk, parent);
209
210 sco_conn_unlock(conn);
211 return err;
212 }
213
sco_connect(struct sock * sk)214 static int sco_connect(struct sock *sk)
215 {
216 struct sco_conn *conn;
217 struct hci_conn *hcon;
218 struct hci_dev *hdev;
219 int err, type;
220
221 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222
223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 if (!hdev)
225 return -EHOSTUNREACH;
226
227 hci_dev_lock(hdev);
228
229 if (lmp_esco_capable(hdev) && !disable_esco)
230 type = ESCO_LINK;
231 else
232 type = SCO_LINK;
233
234 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 err = -EOPNOTSUPP;
237 goto done;
238 }
239
240 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 sco_pi(sk)->setting);
242 if (IS_ERR(hcon)) {
243 err = PTR_ERR(hcon);
244 goto done;
245 }
246
247 conn = sco_conn_add(hcon);
248 if (!conn) {
249 hci_conn_drop(hcon);
250 err = -ENOMEM;
251 goto done;
252 }
253
254 /* Update source addr of the socket */
255 bacpy(&sco_pi(sk)->src, &hcon->src);
256
257 err = sco_chan_add(conn, sk, NULL);
258 if (err)
259 goto done;
260
261 if (hcon->state == BT_CONNECTED) {
262 sco_sock_clear_timer(sk);
263 sk->sk_state = BT_CONNECTED;
264 } else {
265 sk->sk_state = BT_CONNECT;
266 sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 }
268
269 done:
270 hci_dev_unlock(hdev);
271 hci_dev_put(hdev);
272 return err;
273 }
274
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)275 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276 {
277 struct sco_conn *conn = sco_pi(sk)->conn;
278 struct sk_buff *skb;
279 int err;
280
281 /* Check outgoing MTU */
282 if (len > conn->mtu)
283 return -EINVAL;
284
285 BT_DBG("sk %p len %d", sk, len);
286
287 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 if (!skb)
289 return err;
290
291 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 kfree_skb(skb);
293 return -EFAULT;
294 }
295
296 hci_send_sco(conn->hcon, skb);
297
298 return len;
299 }
300
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)301 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302 {
303 struct sock *sk;
304
305 sco_conn_lock(conn);
306 sk = conn->sk;
307 sco_conn_unlock(conn);
308
309 if (!sk)
310 goto drop;
311
312 BT_DBG("sk %p len %d", sk, skb->len);
313
314 if (sk->sk_state != BT_CONNECTED)
315 goto drop;
316
317 if (!sock_queue_rcv_skb(sk, skb))
318 return;
319
320 drop:
321 kfree_skb(skb);
322 }
323
324 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)325 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326 {
327 struct sock *sk;
328
329 sk_for_each(sk, &sco_sk_list.head) {
330 if (sk->sk_state != BT_LISTEN)
331 continue;
332
333 if (!bacmp(&sco_pi(sk)->src, ba))
334 return sk;
335 }
336
337 return NULL;
338 }
339
340 /* Find socket listening on source bdaddr.
341 * Returns closest match.
342 */
sco_get_sock_listen(bdaddr_t * src)343 static struct sock *sco_get_sock_listen(bdaddr_t *src)
344 {
345 struct sock *sk = NULL, *sk1 = NULL;
346
347 read_lock(&sco_sk_list.lock);
348
349 sk_for_each(sk, &sco_sk_list.head) {
350 if (sk->sk_state != BT_LISTEN)
351 continue;
352
353 /* Exact match. */
354 if (!bacmp(&sco_pi(sk)->src, src))
355 break;
356
357 /* Closest match */
358 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 sk1 = sk;
360 }
361
362 read_unlock(&sco_sk_list.lock);
363
364 return sk ? sk : sk1;
365 }
366
sco_sock_destruct(struct sock * sk)367 static void sco_sock_destruct(struct sock *sk)
368 {
369 BT_DBG("sk %p", sk);
370
371 skb_queue_purge(&sk->sk_receive_queue);
372 skb_queue_purge(&sk->sk_write_queue);
373 }
374
sco_sock_cleanup_listen(struct sock * parent)375 static void sco_sock_cleanup_listen(struct sock *parent)
376 {
377 struct sock *sk;
378
379 BT_DBG("parent %p", parent);
380
381 /* Close not yet accepted channels */
382 while ((sk = bt_accept_dequeue(parent, NULL))) {
383 sco_sock_close(sk);
384 sco_sock_kill(sk);
385 }
386
387 parent->sk_state = BT_CLOSED;
388 sock_set_flag(parent, SOCK_ZAPPED);
389 }
390
391 /* Kill socket (only if zapped and orphan)
392 * Must be called on unlocked socket.
393 */
sco_sock_kill(struct sock * sk)394 static void sco_sock_kill(struct sock *sk)
395 {
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
397 sock_flag(sk, SOCK_DEAD))
398 return;
399
400 BT_DBG("sk %p state %d", sk, sk->sk_state);
401
402 /* Kill poor orphan */
403 bt_sock_unlink(&sco_sk_list, sk);
404 sock_set_flag(sk, SOCK_DEAD);
405 sock_put(sk);
406 }
407
__sco_sock_close(struct sock * sk)408 static void __sco_sock_close(struct sock *sk)
409 {
410 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
411
412 switch (sk->sk_state) {
413 case BT_LISTEN:
414 sco_sock_cleanup_listen(sk);
415 break;
416
417 case BT_CONNECTED:
418 case BT_CONFIG:
419 if (sco_pi(sk)->conn->hcon) {
420 sk->sk_state = BT_DISCONN;
421 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
422 sco_conn_lock(sco_pi(sk)->conn);
423 hci_conn_drop(sco_pi(sk)->conn->hcon);
424 sco_pi(sk)->conn->hcon = NULL;
425 sco_conn_unlock(sco_pi(sk)->conn);
426 } else
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 case BT_CONNECT2:
431 case BT_CONNECT:
432 case BT_DISCONN:
433 sco_chan_del(sk, ECONNRESET);
434 break;
435
436 default:
437 sock_set_flag(sk, SOCK_ZAPPED);
438 break;
439 }
440 }
441
442 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)443 static void sco_sock_close(struct sock *sk)
444 {
445 sco_sock_clear_timer(sk);
446 lock_sock(sk);
447 __sco_sock_close(sk);
448 release_sock(sk);
449 sco_sock_kill(sk);
450 }
451
sco_sock_init(struct sock * sk,struct sock * parent)452 static void sco_sock_init(struct sock *sk, struct sock *parent)
453 {
454 BT_DBG("sk %p", sk);
455
456 if (parent) {
457 sk->sk_type = parent->sk_type;
458 bt_sk(sk)->flags = bt_sk(parent)->flags;
459 security_sk_clone(parent, sk);
460 }
461 }
462
463 static struct proto sco_proto = {
464 .name = "SCO",
465 .owner = THIS_MODULE,
466 .obj_size = sizeof(struct sco_pinfo)
467 };
468
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)469 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
470 int proto, gfp_t prio, int kern)
471 {
472 struct sock *sk;
473
474 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
475 if (!sk)
476 return NULL;
477
478 sock_init_data(sock, sk);
479 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
480
481 sk->sk_destruct = sco_sock_destruct;
482 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
483
484 sock_reset_flag(sk, SOCK_ZAPPED);
485
486 sk->sk_protocol = proto;
487 sk->sk_state = BT_OPEN;
488
489 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
490
491 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
492
493 bt_sock_link(&sco_sk_list, sk);
494 return sk;
495 }
496
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)497 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
498 int kern)
499 {
500 struct sock *sk;
501
502 BT_DBG("sock %p", sock);
503
504 sock->state = SS_UNCONNECTED;
505
506 if (sock->type != SOCK_SEQPACKET)
507 return -ESOCKTNOSUPPORT;
508
509 sock->ops = &sco_sock_ops;
510
511 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
512 if (!sk)
513 return -ENOMEM;
514
515 sco_sock_init(sk, NULL);
516 return 0;
517 }
518
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)519 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
520 int addr_len)
521 {
522 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
523 struct sock *sk = sock->sk;
524 int err = 0;
525
526 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
527 addr->sa_family != AF_BLUETOOTH)
528 return -EINVAL;
529
530 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548 done:
549 release_sock(sk);
550 return err;
551 }
552
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)553 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554 {
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573 /* Set destination address and psm */
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583 done:
584 release_sock(sk);
585 return err;
586 }
587
sco_sock_listen(struct socket * sock,int backlog)588 static int sco_sock_listen(struct socket *sock, int backlog)
589 {
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620 unlock:
621 write_unlock(&sco_sk_list.lock);
622
623 done:
624 release_sock(sk);
625 return err;
626 }
627
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)628 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags, bool kern)
630 {
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642 /* Wait for an incoming connection. (wake-one). */
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678 done:
679 release_sock(sk);
680 return err;
681 }
682
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)683 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int peer)
685 {
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692
693 if (peer)
694 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
695 else
696 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
697
698 return sizeof(struct sockaddr_sco);
699 }
700
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)701 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
702 size_t len)
703 {
704 struct sock *sk = sock->sk;
705 int err;
706
707 BT_DBG("sock %p, sk %p", sock, sk);
708
709 err = sock_error(sk);
710 if (err)
711 return err;
712
713 if (msg->msg_flags & MSG_OOB)
714 return -EOPNOTSUPP;
715
716 lock_sock(sk);
717
718 if (sk->sk_state == BT_CONNECTED)
719 err = sco_send_frame(sk, msg, len);
720 else
721 err = -ENOTCONN;
722
723 release_sock(sk);
724 return err;
725 }
726
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)727 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
728 {
729 struct hci_dev *hdev = conn->hdev;
730
731 BT_DBG("conn %p", conn);
732
733 conn->state = BT_CONFIG;
734
735 if (!lmp_esco_capable(hdev)) {
736 struct hci_cp_accept_conn_req cp;
737
738 bacpy(&cp.bdaddr, &conn->dst);
739 cp.role = 0x00; /* Ignored */
740
741 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
742 } else {
743 struct hci_cp_accept_sync_conn_req cp;
744
745 bacpy(&cp.bdaddr, &conn->dst);
746 cp.pkt_type = cpu_to_le16(conn->pkt_type);
747
748 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
749 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.content_format = cpu_to_le16(setting);
751
752 switch (setting & SCO_AIRMODE_MASK) {
753 case SCO_AIRMODE_TRANSP:
754 if (conn->pkt_type & ESCO_2EV3)
755 cp.max_latency = cpu_to_le16(0x0008);
756 else
757 cp.max_latency = cpu_to_le16(0x000D);
758 cp.retrans_effort = 0x02;
759 break;
760 case SCO_AIRMODE_CVSD:
761 cp.max_latency = cpu_to_le16(0xffff);
762 cp.retrans_effort = 0xff;
763 break;
764 }
765
766 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
767 sizeof(cp), &cp);
768 }
769 }
770
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)771 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
772 size_t len, int flags)
773 {
774 struct sock *sk = sock->sk;
775 struct sco_pinfo *pi = sco_pi(sk);
776
777 lock_sock(sk);
778
779 if (sk->sk_state == BT_CONNECT2 &&
780 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
781 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
782 sk->sk_state = BT_CONFIG;
783
784 release_sock(sk);
785 return 0;
786 }
787
788 release_sock(sk);
789
790 return bt_sock_recvmsg(sock, msg, len, flags);
791 }
792
sco_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)793 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
794 char __user *optval, unsigned int optlen)
795 {
796 struct sock *sk = sock->sk;
797 int len, err = 0;
798 struct bt_voice voice;
799 u32 opt;
800
801 BT_DBG("sk %p", sk);
802
803 lock_sock(sk);
804
805 switch (optname) {
806
807 case BT_DEFER_SETUP:
808 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
809 err = -EINVAL;
810 break;
811 }
812
813 if (get_user(opt, (u32 __user *) optval)) {
814 err = -EFAULT;
815 break;
816 }
817
818 if (opt)
819 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
820 else
821 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 break;
823
824 case BT_VOICE:
825 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
826 sk->sk_state != BT_CONNECT2) {
827 err = -EINVAL;
828 break;
829 }
830
831 voice.setting = sco_pi(sk)->setting;
832
833 len = min_t(unsigned int, sizeof(voice), optlen);
834 if (copy_from_user((char *)&voice, optval, len)) {
835 err = -EFAULT;
836 break;
837 }
838
839 /* Explicitly check for these values */
840 if (voice.setting != BT_VOICE_TRANSPARENT &&
841 voice.setting != BT_VOICE_CVSD_16BIT) {
842 err = -EINVAL;
843 break;
844 }
845
846 sco_pi(sk)->setting = voice.setting;
847 break;
848
849 default:
850 err = -ENOPROTOOPT;
851 break;
852 }
853
854 release_sock(sk);
855 return err;
856 }
857
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)858 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
859 char __user *optval, int __user *optlen)
860 {
861 struct sock *sk = sock->sk;
862 struct sco_options opts;
863 struct sco_conninfo cinfo;
864 int len, err = 0;
865
866 BT_DBG("sk %p", sk);
867
868 if (get_user(len, optlen))
869 return -EFAULT;
870
871 lock_sock(sk);
872
873 switch (optname) {
874 case SCO_OPTIONS:
875 if (sk->sk_state != BT_CONNECTED &&
876 !(sk->sk_state == BT_CONNECT2 &&
877 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
878 err = -ENOTCONN;
879 break;
880 }
881
882 opts.mtu = sco_pi(sk)->conn->mtu;
883
884 BT_DBG("mtu %d", opts.mtu);
885
886 len = min_t(unsigned int, len, sizeof(opts));
887 if (copy_to_user(optval, (char *)&opts, len))
888 err = -EFAULT;
889
890 break;
891
892 case SCO_CONNINFO:
893 if (sk->sk_state != BT_CONNECTED &&
894 !(sk->sk_state == BT_CONNECT2 &&
895 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
896 err = -ENOTCONN;
897 break;
898 }
899
900 memset(&cinfo, 0, sizeof(cinfo));
901 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
902 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
903
904 len = min_t(unsigned int, len, sizeof(cinfo));
905 if (copy_to_user(optval, (char *)&cinfo, len))
906 err = -EFAULT;
907
908 break;
909
910 default:
911 err = -ENOPROTOOPT;
912 break;
913 }
914
915 release_sock(sk);
916 return err;
917 }
918
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)919 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
920 char __user *optval, int __user *optlen)
921 {
922 struct sock *sk = sock->sk;
923 int len, err = 0;
924 struct bt_voice voice;
925
926 BT_DBG("sk %p", sk);
927
928 if (level == SOL_SCO)
929 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
930
931 if (get_user(len, optlen))
932 return -EFAULT;
933
934 lock_sock(sk);
935
936 switch (optname) {
937
938 case BT_DEFER_SETUP:
939 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
940 err = -EINVAL;
941 break;
942 }
943
944 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
945 (u32 __user *)optval))
946 err = -EFAULT;
947
948 break;
949
950 case BT_VOICE:
951 voice.setting = sco_pi(sk)->setting;
952
953 len = min_t(unsigned int, len, sizeof(voice));
954 if (copy_to_user(optval, (char *)&voice, len))
955 err = -EFAULT;
956
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 release_sock(sk);
965 return err;
966 }
967
sco_sock_shutdown(struct socket * sock,int how)968 static int sco_sock_shutdown(struct socket *sock, int how)
969 {
970 struct sock *sk = sock->sk;
971 int err = 0;
972
973 BT_DBG("sock %p, sk %p", sock, sk);
974
975 if (!sk)
976 return 0;
977
978 sock_hold(sk);
979 lock_sock(sk);
980
981 if (!sk->sk_shutdown) {
982 sk->sk_shutdown = SHUTDOWN_MASK;
983 sco_sock_clear_timer(sk);
984 __sco_sock_close(sk);
985
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
987 !(current->flags & PF_EXITING))
988 err = bt_sock_wait_state(sk, BT_CLOSED,
989 sk->sk_lingertime);
990 }
991
992 release_sock(sk);
993 sock_put(sk);
994
995 return err;
996 }
997
sco_sock_release(struct socket * sock)998 static int sco_sock_release(struct socket *sock)
999 {
1000 struct sock *sk = sock->sk;
1001 int err = 0;
1002
1003 BT_DBG("sock %p, sk %p", sock, sk);
1004
1005 if (!sk)
1006 return 0;
1007
1008 sco_sock_close(sk);
1009
1010 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1011 !(current->flags & PF_EXITING)) {
1012 lock_sock(sk);
1013 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1014 release_sock(sk);
1015 }
1016
1017 sock_orphan(sk);
1018 sco_sock_kill(sk);
1019 return err;
1020 }
1021
sco_conn_ready(struct sco_conn * conn)1022 static void sco_conn_ready(struct sco_conn *conn)
1023 {
1024 struct sock *parent;
1025 struct sock *sk = conn->sk;
1026
1027 BT_DBG("conn %p", conn);
1028
1029 if (sk) {
1030 sco_sock_clear_timer(sk);
1031 bh_lock_sock(sk);
1032 sk->sk_state = BT_CONNECTED;
1033 sk->sk_state_change(sk);
1034 bh_unlock_sock(sk);
1035 } else {
1036 sco_conn_lock(conn);
1037
1038 if (!conn->hcon) {
1039 sco_conn_unlock(conn);
1040 return;
1041 }
1042
1043 parent = sco_get_sock_listen(&conn->hcon->src);
1044 if (!parent) {
1045 sco_conn_unlock(conn);
1046 return;
1047 }
1048
1049 bh_lock_sock(parent);
1050
1051 sk = sco_sock_alloc(sock_net(parent), NULL,
1052 BTPROTO_SCO, GFP_ATOMIC, 0);
1053 if (!sk) {
1054 bh_unlock_sock(parent);
1055 sco_conn_unlock(conn);
1056 return;
1057 }
1058
1059 sco_sock_init(sk, parent);
1060
1061 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1062 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1063
1064 hci_conn_hold(conn->hcon);
1065 __sco_chan_add(conn, sk, parent);
1066
1067 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1068 sk->sk_state = BT_CONNECT2;
1069 else
1070 sk->sk_state = BT_CONNECTED;
1071
1072 /* Wake up parent */
1073 parent->sk_data_ready(parent);
1074
1075 bh_unlock_sock(parent);
1076
1077 sco_conn_unlock(conn);
1078 }
1079 }
1080
1081 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1082 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1083 {
1084 struct sock *sk;
1085 int lm = 0;
1086
1087 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1088
1089 /* Find listening sockets */
1090 read_lock(&sco_sk_list.lock);
1091 sk_for_each(sk, &sco_sk_list.head) {
1092 if (sk->sk_state != BT_LISTEN)
1093 continue;
1094
1095 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1096 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1097 lm |= HCI_LM_ACCEPT;
1098
1099 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1100 *flags |= HCI_PROTO_DEFER;
1101 break;
1102 }
1103 }
1104 read_unlock(&sco_sk_list.lock);
1105
1106 return lm;
1107 }
1108
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1109 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1110 {
1111 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1112 return;
1113
1114 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1115
1116 if (!status) {
1117 struct sco_conn *conn;
1118
1119 conn = sco_conn_add(hcon);
1120 if (conn)
1121 sco_conn_ready(conn);
1122 } else
1123 sco_conn_del(hcon, bt_to_errno(status));
1124 }
1125
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1126 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1127 {
1128 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1129 return;
1130
1131 BT_DBG("hcon %p reason %d", hcon, reason);
1132
1133 sco_conn_del(hcon, bt_to_errno(reason));
1134 }
1135
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1136 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1137 {
1138 struct sco_conn *conn = hcon->sco_data;
1139
1140 if (!conn)
1141 goto drop;
1142
1143 BT_DBG("conn %p len %d", conn, skb->len);
1144
1145 if (skb->len) {
1146 sco_recv_frame(conn, skb);
1147 return;
1148 }
1149
1150 drop:
1151 kfree_skb(skb);
1152 }
1153
1154 static struct hci_cb sco_cb = {
1155 .name = "SCO",
1156 .connect_cfm = sco_connect_cfm,
1157 .disconn_cfm = sco_disconn_cfm,
1158 };
1159
sco_debugfs_show(struct seq_file * f,void * p)1160 static int sco_debugfs_show(struct seq_file *f, void *p)
1161 {
1162 struct sock *sk;
1163
1164 read_lock(&sco_sk_list.lock);
1165
1166 sk_for_each(sk, &sco_sk_list.head) {
1167 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1168 &sco_pi(sk)->dst, sk->sk_state);
1169 }
1170
1171 read_unlock(&sco_sk_list.lock);
1172
1173 return 0;
1174 }
1175
1176 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1177
1178 static struct dentry *sco_debugfs;
1179
1180 static const struct proto_ops sco_sock_ops = {
1181 .family = PF_BLUETOOTH,
1182 .owner = THIS_MODULE,
1183 .release = sco_sock_release,
1184 .bind = sco_sock_bind,
1185 .connect = sco_sock_connect,
1186 .listen = sco_sock_listen,
1187 .accept = sco_sock_accept,
1188 .getname = sco_sock_getname,
1189 .sendmsg = sco_sock_sendmsg,
1190 .recvmsg = sco_sock_recvmsg,
1191 .poll = bt_sock_poll,
1192 .ioctl = bt_sock_ioctl,
1193 .gettstamp = sock_gettstamp,
1194 .mmap = sock_no_mmap,
1195 .socketpair = sock_no_socketpair,
1196 .shutdown = sco_sock_shutdown,
1197 .setsockopt = sco_sock_setsockopt,
1198 .getsockopt = sco_sock_getsockopt
1199 };
1200
1201 static const struct net_proto_family sco_sock_family_ops = {
1202 .family = PF_BLUETOOTH,
1203 .owner = THIS_MODULE,
1204 .create = sco_sock_create,
1205 };
1206
sco_init(void)1207 int __init sco_init(void)
1208 {
1209 int err;
1210
1211 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1212
1213 err = proto_register(&sco_proto, 0);
1214 if (err < 0)
1215 return err;
1216
1217 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1218 if (err < 0) {
1219 BT_ERR("SCO socket registration failed");
1220 goto error;
1221 }
1222
1223 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1224 if (err < 0) {
1225 BT_ERR("Failed to create SCO proc file");
1226 bt_sock_unregister(BTPROTO_SCO);
1227 goto error;
1228 }
1229
1230 BT_INFO("SCO socket layer initialized");
1231
1232 hci_register_cb(&sco_cb);
1233
1234 if (IS_ERR_OR_NULL(bt_debugfs))
1235 return 0;
1236
1237 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1238 NULL, &sco_debugfs_fops);
1239
1240 return 0;
1241
1242 error:
1243 proto_unregister(&sco_proto);
1244 return err;
1245 }
1246
sco_exit(void)1247 void sco_exit(void)
1248 {
1249 bt_procfs_cleanup(&init_net, "sco");
1250
1251 debugfs_remove(sco_debugfs);
1252
1253 hci_unregister_cb(&sco_cb);
1254
1255 bt_sock_unregister(BTPROTO_SCO);
1256
1257 proto_unregister(&sco_proto);
1258 }
1259
1260 module_param(disable_esco, bool, 0644);
1261 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1262