1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 };
55
56 #define sco_conn_lock(c) spin_lock(&c->lock);
57 #define sco_conn_unlock(c) spin_unlock(&c->lock);
58
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65 struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73 };
74
75 /* ---- SCO timers ---- */
76 #define SCO_CONN_TIMEOUT (HZ * 40)
77 #define SCO_DISCONN_TIMEOUT (HZ * 2)
78
sco_sock_timeout(struct work_struct * work)79 static void sco_sock_timeout(struct work_struct *work)
80 {
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 bh_lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 bh_unlock_sock(sk);
100
101 sock_put(sk);
102 }
103
sco_sock_set_timer(struct sock * sk,long timeout)104 static void sco_sock_set_timer(struct sock *sk, long timeout)
105 {
106 if (!sco_pi(sk)->conn)
107 return;
108
109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112 }
113
sco_sock_clear_timer(struct sock * sk)114 static void sco_sock_clear_timer(struct sock *sk)
115 {
116 if (!sco_pi(sk)->conn)
117 return;
118
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121 }
122
123 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125 {
126 struct hci_dev *hdev = hcon->hdev;
127 struct sco_conn *conn = hcon->sco_data;
128
129 if (conn)
130 return conn;
131
132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 if (!conn)
134 return NULL;
135
136 spin_lock_init(&conn->lock);
137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
138
139 hcon->sco_data = conn;
140 conn->hcon = hcon;
141
142 if (hdev->sco_mtu > 0)
143 conn->mtu = hdev->sco_mtu;
144 else
145 conn->mtu = 60;
146
147 BT_DBG("hcon %p conn %p", hcon, conn);
148
149 return conn;
150 }
151
152 /* Delete channel.
153 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)154 static void sco_chan_del(struct sock *sk, int err)
155 {
156 struct sco_conn *conn;
157
158 conn = sco_pi(sk)->conn;
159
160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
161
162 if (conn) {
163 sco_conn_lock(conn);
164 conn->sk = NULL;
165 sco_pi(sk)->conn = NULL;
166 sco_conn_unlock(conn);
167
168 if (conn->hcon)
169 hci_conn_drop(conn->hcon);
170 }
171
172 sk->sk_state = BT_CLOSED;
173 sk->sk_err = err;
174 sk->sk_state_change(sk);
175
176 sock_set_flag(sk, SOCK_ZAPPED);
177 }
178
sco_conn_del(struct hci_conn * hcon,int err)179 static void sco_conn_del(struct hci_conn *hcon, int err)
180 {
181 struct sco_conn *conn = hcon->sco_data;
182 struct sock *sk;
183
184 if (!conn)
185 return;
186
187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
188
189 /* Kill socket */
190 sco_conn_lock(conn);
191 sk = conn->sk;
192 sco_conn_unlock(conn);
193
194 if (sk) {
195 sock_hold(sk);
196 bh_lock_sock(sk);
197 sco_sock_clear_timer(sk);
198 sco_chan_del(sk, err);
199 bh_unlock_sock(sk);
200 sock_put(sk);
201 }
202
203 /* Ensure no more work items will run before freeing conn. */
204 cancel_delayed_work_sync(&conn->timeout_work);
205
206 hcon->sco_data = NULL;
207 kfree(conn);
208 }
209
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)210 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
211 struct sock *parent)
212 {
213 BT_DBG("conn %p", conn);
214
215 sco_pi(sk)->conn = conn;
216 conn->sk = sk;
217
218 if (parent)
219 bt_accept_enqueue(parent, sk, true);
220 }
221
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)222 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
223 struct sock *parent)
224 {
225 int err = 0;
226
227 sco_conn_lock(conn);
228 if (conn->sk)
229 err = -EBUSY;
230 else
231 __sco_chan_add(conn, sk, parent);
232
233 sco_conn_unlock(conn);
234 return err;
235 }
236
sco_connect(struct hci_dev * hdev,struct sock * sk)237 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
238 {
239 struct sco_conn *conn;
240 struct hci_conn *hcon;
241 int err, type;
242
243 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
244
245 if (lmp_esco_capable(hdev) && !disable_esco)
246 type = ESCO_LINK;
247 else
248 type = SCO_LINK;
249
250 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
251 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
252 return -EOPNOTSUPP;
253
254 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
255 sco_pi(sk)->setting);
256 if (IS_ERR(hcon))
257 return PTR_ERR(hcon);
258
259 conn = sco_conn_add(hcon);
260 if (!conn) {
261 hci_conn_drop(hcon);
262 return -ENOMEM;
263 }
264
265 /* Update source addr of the socket */
266 bacpy(&sco_pi(sk)->src, &hcon->src);
267
268 err = sco_chan_add(conn, sk, NULL);
269 if (err)
270 return err;
271
272 if (hcon->state == BT_CONNECTED) {
273 sco_sock_clear_timer(sk);
274 sk->sk_state = BT_CONNECTED;
275 } else {
276 sk->sk_state = BT_CONNECT;
277 sco_sock_set_timer(sk, sk->sk_sndtimeo);
278 }
279
280 return err;
281 }
282
sco_send_frame(struct sock * sk,struct sk_buff * skb)283 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
284 {
285 struct sco_conn *conn = sco_pi(sk)->conn;
286 int len = skb->len;
287
288 /* Check outgoing MTU */
289 if (len > conn->mtu)
290 return -EINVAL;
291
292 BT_DBG("sk %p len %d", sk, len);
293
294 hci_send_sco(conn->hcon, skb);
295
296 return len;
297 }
298
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)299 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
300 {
301 struct sock *sk;
302
303 sco_conn_lock(conn);
304 sk = conn->sk;
305 sco_conn_unlock(conn);
306
307 if (!sk)
308 goto drop;
309
310 BT_DBG("sk %p len %d", sk, skb->len);
311
312 if (sk->sk_state != BT_CONNECTED)
313 goto drop;
314
315 if (!sock_queue_rcv_skb(sk, skb))
316 return;
317
318 drop:
319 kfree_skb(skb);
320 }
321
322 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)323 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
324 {
325 struct sock *sk;
326
327 sk_for_each(sk, &sco_sk_list.head) {
328 if (sk->sk_state != BT_LISTEN)
329 continue;
330
331 if (!bacmp(&sco_pi(sk)->src, ba))
332 return sk;
333 }
334
335 return NULL;
336 }
337
338 /* Find socket listening on source bdaddr.
339 * Returns closest match.
340 */
sco_get_sock_listen(bdaddr_t * src)341 static struct sock *sco_get_sock_listen(bdaddr_t *src)
342 {
343 struct sock *sk = NULL, *sk1 = NULL;
344
345 read_lock(&sco_sk_list.lock);
346
347 sk_for_each(sk, &sco_sk_list.head) {
348 if (sk->sk_state != BT_LISTEN)
349 continue;
350
351 /* Exact match. */
352 if (!bacmp(&sco_pi(sk)->src, src))
353 break;
354
355 /* Closest match */
356 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
357 sk1 = sk;
358 }
359
360 read_unlock(&sco_sk_list.lock);
361
362 return sk ? sk : sk1;
363 }
364
sco_sock_destruct(struct sock * sk)365 static void sco_sock_destruct(struct sock *sk)
366 {
367 BT_DBG("sk %p", sk);
368
369 skb_queue_purge(&sk->sk_receive_queue);
370 skb_queue_purge(&sk->sk_write_queue);
371 }
372
sco_sock_cleanup_listen(struct sock * parent)373 static void sco_sock_cleanup_listen(struct sock *parent)
374 {
375 struct sock *sk;
376
377 BT_DBG("parent %p", parent);
378
379 /* Close not yet accepted channels */
380 while ((sk = bt_accept_dequeue(parent, NULL))) {
381 sco_sock_close(sk);
382 sco_sock_kill(sk);
383 }
384
385 parent->sk_state = BT_CLOSED;
386 sock_set_flag(parent, SOCK_ZAPPED);
387 }
388
389 /* Kill socket (only if zapped and orphan)
390 * Must be called on unlocked socket.
391 */
sco_sock_kill(struct sock * sk)392 static void sco_sock_kill(struct sock *sk)
393 {
394 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
395 return;
396
397 BT_DBG("sk %p state %d", sk, sk->sk_state);
398
399 /* Kill poor orphan */
400 bt_sock_unlink(&sco_sk_list, sk);
401 sock_set_flag(sk, SOCK_DEAD);
402 sock_put(sk);
403 }
404
__sco_sock_close(struct sock * sk)405 static void __sco_sock_close(struct sock *sk)
406 {
407 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
408
409 switch (sk->sk_state) {
410 case BT_LISTEN:
411 sco_sock_cleanup_listen(sk);
412 break;
413
414 case BT_CONNECTED:
415 case BT_CONFIG:
416 if (sco_pi(sk)->conn->hcon) {
417 sk->sk_state = BT_DISCONN;
418 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
419 sco_conn_lock(sco_pi(sk)->conn);
420 hci_conn_drop(sco_pi(sk)->conn->hcon);
421 sco_pi(sk)->conn->hcon = NULL;
422 sco_conn_unlock(sco_pi(sk)->conn);
423 } else
424 sco_chan_del(sk, ECONNRESET);
425 break;
426
427 case BT_CONNECT2:
428 case BT_CONNECT:
429 case BT_DISCONN:
430 sco_chan_del(sk, ECONNRESET);
431 break;
432
433 default:
434 sock_set_flag(sk, SOCK_ZAPPED);
435 break;
436 }
437 }
438
439 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)440 static void sco_sock_close(struct sock *sk)
441 {
442 sco_sock_clear_timer(sk);
443 lock_sock(sk);
444 __sco_sock_close(sk);
445 release_sock(sk);
446 }
447
sco_skb_put_cmsg(struct sk_buff * skb,struct msghdr * msg,struct sock * sk)448 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
449 struct sock *sk)
450 {
451 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
452 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
453 sizeof(bt_cb(skb)->sco.pkt_status),
454 &bt_cb(skb)->sco.pkt_status);
455 }
456
sco_sock_init(struct sock * sk,struct sock * parent)457 static void sco_sock_init(struct sock *sk, struct sock *parent)
458 {
459 BT_DBG("sk %p", sk);
460
461 if (parent) {
462 sk->sk_type = parent->sk_type;
463 bt_sk(sk)->flags = bt_sk(parent)->flags;
464 security_sk_clone(parent, sk);
465 } else {
466 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
467 }
468 }
469
470 static struct proto sco_proto = {
471 .name = "SCO",
472 .owner = THIS_MODULE,
473 .obj_size = sizeof(struct sco_pinfo)
474 };
475
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)476 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
477 int proto, gfp_t prio, int kern)
478 {
479 struct sock *sk;
480
481 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
482 if (!sk)
483 return NULL;
484
485 sock_init_data(sock, sk);
486 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
487
488 sk->sk_destruct = sco_sock_destruct;
489 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
490
491 sock_reset_flag(sk, SOCK_ZAPPED);
492
493 sk->sk_protocol = proto;
494 sk->sk_state = BT_OPEN;
495
496 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
497
498 bt_sock_link(&sco_sk_list, sk);
499 return sk;
500 }
501
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)502 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
503 int kern)
504 {
505 struct sock *sk;
506
507 BT_DBG("sock %p", sock);
508
509 sock->state = SS_UNCONNECTED;
510
511 if (sock->type != SOCK_SEQPACKET)
512 return -ESOCKTNOSUPPORT;
513
514 sock->ops = &sco_sock_ops;
515
516 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
517 if (!sk)
518 return -ENOMEM;
519
520 sco_sock_init(sk, NULL);
521 return 0;
522 }
523
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)524 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
525 int addr_len)
526 {
527 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
528 struct sock *sk = sock->sk;
529 int err = 0;
530
531 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
532 addr->sa_family != AF_BLUETOOTH)
533 return -EINVAL;
534
535 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
536
537 lock_sock(sk);
538
539 if (sk->sk_state != BT_OPEN) {
540 err = -EBADFD;
541 goto done;
542 }
543
544 if (sk->sk_type != SOCK_SEQPACKET) {
545 err = -EINVAL;
546 goto done;
547 }
548
549 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
550
551 sk->sk_state = BT_BOUND;
552
553 done:
554 release_sock(sk);
555 return err;
556 }
557
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)558 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
559 {
560 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
561 struct sock *sk = sock->sk;
562 struct hci_dev *hdev;
563 int err;
564
565 BT_DBG("sk %p", sk);
566
567 if (alen < sizeof(struct sockaddr_sco) ||
568 addr->sa_family != AF_BLUETOOTH)
569 return -EINVAL;
570
571 lock_sock(sk);
572 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
573 err = -EBADFD;
574 goto done;
575 }
576
577 if (sk->sk_type != SOCK_SEQPACKET) {
578 err = -EINVAL;
579 goto done;
580 }
581
582 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
583 if (!hdev) {
584 err = -EHOSTUNREACH;
585 goto done;
586 }
587 hci_dev_lock(hdev);
588
589 /* Set destination address and psm */
590 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
591
592 err = sco_connect(hdev, sk);
593 hci_dev_unlock(hdev);
594 hci_dev_put(hdev);
595 if (err)
596 goto done;
597
598 err = bt_sock_wait_state(sk, BT_CONNECTED,
599 sock_sndtimeo(sk, flags & O_NONBLOCK));
600
601 done:
602 release_sock(sk);
603 return err;
604 }
605
sco_sock_listen(struct socket * sock,int backlog)606 static int sco_sock_listen(struct socket *sock, int backlog)
607 {
608 struct sock *sk = sock->sk;
609 bdaddr_t *src = &sco_pi(sk)->src;
610 int err = 0;
611
612 BT_DBG("sk %p backlog %d", sk, backlog);
613
614 lock_sock(sk);
615
616 if (sk->sk_state != BT_BOUND) {
617 err = -EBADFD;
618 goto done;
619 }
620
621 if (sk->sk_type != SOCK_SEQPACKET) {
622 err = -EINVAL;
623 goto done;
624 }
625
626 write_lock(&sco_sk_list.lock);
627
628 if (__sco_get_sock_listen_by_addr(src)) {
629 err = -EADDRINUSE;
630 goto unlock;
631 }
632
633 sk->sk_max_ack_backlog = backlog;
634 sk->sk_ack_backlog = 0;
635
636 sk->sk_state = BT_LISTEN;
637
638 unlock:
639 write_unlock(&sco_sk_list.lock);
640
641 done:
642 release_sock(sk);
643 return err;
644 }
645
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)646 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
647 int flags, bool kern)
648 {
649 DEFINE_WAIT_FUNC(wait, woken_wake_function);
650 struct sock *sk = sock->sk, *ch;
651 long timeo;
652 int err = 0;
653
654 lock_sock(sk);
655
656 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
657
658 BT_DBG("sk %p timeo %ld", sk, timeo);
659
660 /* Wait for an incoming connection. (wake-one). */
661 add_wait_queue_exclusive(sk_sleep(sk), &wait);
662 while (1) {
663 if (sk->sk_state != BT_LISTEN) {
664 err = -EBADFD;
665 break;
666 }
667
668 ch = bt_accept_dequeue(sk, newsock);
669 if (ch)
670 break;
671
672 if (!timeo) {
673 err = -EAGAIN;
674 break;
675 }
676
677 if (signal_pending(current)) {
678 err = sock_intr_errno(timeo);
679 break;
680 }
681
682 release_sock(sk);
683
684 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
685 lock_sock(sk);
686 }
687 remove_wait_queue(sk_sleep(sk), &wait);
688
689 if (err)
690 goto done;
691
692 newsock->state = SS_CONNECTED;
693
694 BT_DBG("new socket %p", ch);
695
696 done:
697 release_sock(sk);
698 return err;
699 }
700
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)701 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
702 int peer)
703 {
704 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
705 struct sock *sk = sock->sk;
706
707 BT_DBG("sock %p, sk %p", sock, sk);
708
709 addr->sa_family = AF_BLUETOOTH;
710
711 if (peer)
712 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
713 else
714 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
715
716 return sizeof(struct sockaddr_sco);
717 }
718
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)719 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
720 size_t len)
721 {
722 struct sock *sk = sock->sk;
723 struct sk_buff *skb;
724 int err;
725
726 BT_DBG("sock %p, sk %p", sock, sk);
727
728 err = sock_error(sk);
729 if (err)
730 return err;
731
732 if (msg->msg_flags & MSG_OOB)
733 return -EOPNOTSUPP;
734
735 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
736 if (IS_ERR(skb))
737 return PTR_ERR(skb);
738
739 lock_sock(sk);
740
741 if (sk->sk_state == BT_CONNECTED)
742 err = sco_send_frame(sk, skb);
743 else
744 err = -ENOTCONN;
745
746 release_sock(sk);
747
748 if (err < 0)
749 kfree_skb(skb);
750 return err;
751 }
752
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)753 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
754 {
755 struct hci_dev *hdev = conn->hdev;
756
757 BT_DBG("conn %p", conn);
758
759 conn->state = BT_CONFIG;
760
761 if (!lmp_esco_capable(hdev)) {
762 struct hci_cp_accept_conn_req cp;
763
764 bacpy(&cp.bdaddr, &conn->dst);
765 cp.role = 0x00; /* Ignored */
766
767 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
768 } else {
769 struct hci_cp_accept_sync_conn_req cp;
770
771 bacpy(&cp.bdaddr, &conn->dst);
772 cp.pkt_type = cpu_to_le16(conn->pkt_type);
773
774 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
775 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
776 cp.content_format = cpu_to_le16(setting);
777
778 switch (setting & SCO_AIRMODE_MASK) {
779 case SCO_AIRMODE_TRANSP:
780 if (conn->pkt_type & ESCO_2EV3)
781 cp.max_latency = cpu_to_le16(0x0008);
782 else
783 cp.max_latency = cpu_to_le16(0x000D);
784 cp.retrans_effort = 0x02;
785 break;
786 case SCO_AIRMODE_CVSD:
787 cp.max_latency = cpu_to_le16(0xffff);
788 cp.retrans_effort = 0xff;
789 break;
790 default:
791 /* use CVSD settings as fallback */
792 cp.max_latency = cpu_to_le16(0xffff);
793 cp.retrans_effort = 0xff;
794 break;
795 }
796
797 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
798 sizeof(cp), &cp);
799 }
800 }
801
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)802 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
803 size_t len, int flags)
804 {
805 struct sock *sk = sock->sk;
806 struct sco_pinfo *pi = sco_pi(sk);
807
808 lock_sock(sk);
809
810 if (sk->sk_state == BT_CONNECT2 &&
811 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
812 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
813 sk->sk_state = BT_CONFIG;
814
815 release_sock(sk);
816 return 0;
817 }
818
819 release_sock(sk);
820
821 return bt_sock_recvmsg(sock, msg, len, flags);
822 }
823
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)824 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
825 sockptr_t optval, unsigned int optlen)
826 {
827 struct sock *sk = sock->sk;
828 int len, err = 0;
829 struct bt_voice voice;
830 u32 opt;
831
832 BT_DBG("sk %p", sk);
833
834 lock_sock(sk);
835
836 switch (optname) {
837
838 case BT_DEFER_SETUP:
839 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
840 err = -EINVAL;
841 break;
842 }
843
844 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
845 err = -EFAULT;
846 break;
847 }
848
849 if (opt)
850 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
851 else
852 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
853 break;
854
855 case BT_VOICE:
856 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
857 sk->sk_state != BT_CONNECT2) {
858 err = -EINVAL;
859 break;
860 }
861
862 voice.setting = sco_pi(sk)->setting;
863
864 len = min_t(unsigned int, sizeof(voice), optlen);
865 if (copy_from_sockptr(&voice, optval, len)) {
866 err = -EFAULT;
867 break;
868 }
869
870 /* Explicitly check for these values */
871 if (voice.setting != BT_VOICE_TRANSPARENT &&
872 voice.setting != BT_VOICE_CVSD_16BIT) {
873 err = -EINVAL;
874 break;
875 }
876
877 sco_pi(sk)->setting = voice.setting;
878 break;
879
880 case BT_PKT_STATUS:
881 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
882 err = -EFAULT;
883 break;
884 }
885
886 if (opt)
887 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
888 else
889 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
890 break;
891
892 default:
893 err = -ENOPROTOOPT;
894 break;
895 }
896
897 release_sock(sk);
898 return err;
899 }
900
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)901 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
902 char __user *optval, int __user *optlen)
903 {
904 struct sock *sk = sock->sk;
905 struct sco_options opts;
906 struct sco_conninfo cinfo;
907 int len, err = 0;
908
909 BT_DBG("sk %p", sk);
910
911 if (get_user(len, optlen))
912 return -EFAULT;
913
914 lock_sock(sk);
915
916 switch (optname) {
917 case SCO_OPTIONS:
918 if (sk->sk_state != BT_CONNECTED &&
919 !(sk->sk_state == BT_CONNECT2 &&
920 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
921 err = -ENOTCONN;
922 break;
923 }
924
925 opts.mtu = sco_pi(sk)->conn->mtu;
926
927 BT_DBG("mtu %d", opts.mtu);
928
929 len = min_t(unsigned int, len, sizeof(opts));
930 if (copy_to_user(optval, (char *)&opts, len))
931 err = -EFAULT;
932
933 break;
934
935 case SCO_CONNINFO:
936 if (sk->sk_state != BT_CONNECTED &&
937 !(sk->sk_state == BT_CONNECT2 &&
938 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
939 err = -ENOTCONN;
940 break;
941 }
942
943 memset(&cinfo, 0, sizeof(cinfo));
944 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
945 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
946
947 len = min_t(unsigned int, len, sizeof(cinfo));
948 if (copy_to_user(optval, (char *)&cinfo, len))
949 err = -EFAULT;
950
951 break;
952
953 default:
954 err = -ENOPROTOOPT;
955 break;
956 }
957
958 release_sock(sk);
959 return err;
960 }
961
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)962 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
963 char __user *optval, int __user *optlen)
964 {
965 struct sock *sk = sock->sk;
966 int len, err = 0;
967 struct bt_voice voice;
968 u32 phys;
969 int pkt_status;
970
971 BT_DBG("sk %p", sk);
972
973 if (level == SOL_SCO)
974 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
975
976 if (get_user(len, optlen))
977 return -EFAULT;
978
979 lock_sock(sk);
980
981 switch (optname) {
982
983 case BT_DEFER_SETUP:
984 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
985 err = -EINVAL;
986 break;
987 }
988
989 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
990 (u32 __user *)optval))
991 err = -EFAULT;
992
993 break;
994
995 case BT_VOICE:
996 voice.setting = sco_pi(sk)->setting;
997
998 len = min_t(unsigned int, len, sizeof(voice));
999 if (copy_to_user(optval, (char *)&voice, len))
1000 err = -EFAULT;
1001
1002 break;
1003
1004 case BT_PHY:
1005 if (sk->sk_state != BT_CONNECTED) {
1006 err = -ENOTCONN;
1007 break;
1008 }
1009
1010 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1011
1012 if (put_user(phys, (u32 __user *) optval))
1013 err = -EFAULT;
1014 break;
1015
1016 case BT_PKT_STATUS:
1017 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1018
1019 if (put_user(pkt_status, (int __user *)optval))
1020 err = -EFAULT;
1021 break;
1022
1023 case BT_SNDMTU:
1024 case BT_RCVMTU:
1025 if (sk->sk_state != BT_CONNECTED) {
1026 err = -ENOTCONN;
1027 break;
1028 }
1029
1030 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1031 err = -EFAULT;
1032 break;
1033
1034 default:
1035 err = -ENOPROTOOPT;
1036 break;
1037 }
1038
1039 release_sock(sk);
1040 return err;
1041 }
1042
sco_sock_shutdown(struct socket * sock,int how)1043 static int sco_sock_shutdown(struct socket *sock, int how)
1044 {
1045 struct sock *sk = sock->sk;
1046 int err = 0;
1047
1048 BT_DBG("sock %p, sk %p", sock, sk);
1049
1050 if (!sk)
1051 return 0;
1052
1053 sock_hold(sk);
1054 lock_sock(sk);
1055
1056 if (!sk->sk_shutdown) {
1057 sk->sk_shutdown = SHUTDOWN_MASK;
1058 sco_sock_clear_timer(sk);
1059 __sco_sock_close(sk);
1060
1061 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1062 !(current->flags & PF_EXITING))
1063 err = bt_sock_wait_state(sk, BT_CLOSED,
1064 sk->sk_lingertime);
1065 }
1066
1067 release_sock(sk);
1068 sock_put(sk);
1069
1070 return err;
1071 }
1072
sco_sock_release(struct socket * sock)1073 static int sco_sock_release(struct socket *sock)
1074 {
1075 struct sock *sk = sock->sk;
1076 int err = 0;
1077
1078 BT_DBG("sock %p, sk %p", sock, sk);
1079
1080 if (!sk)
1081 return 0;
1082
1083 sco_sock_close(sk);
1084
1085 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1086 !(current->flags & PF_EXITING)) {
1087 lock_sock(sk);
1088 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1089 release_sock(sk);
1090 }
1091
1092 sock_orphan(sk);
1093 sco_sock_kill(sk);
1094 return err;
1095 }
1096
sco_conn_ready(struct sco_conn * conn)1097 static void sco_conn_ready(struct sco_conn *conn)
1098 {
1099 struct sock *parent;
1100 struct sock *sk = conn->sk;
1101
1102 BT_DBG("conn %p", conn);
1103
1104 if (sk) {
1105 sco_sock_clear_timer(sk);
1106 bh_lock_sock(sk);
1107 sk->sk_state = BT_CONNECTED;
1108 sk->sk_state_change(sk);
1109 bh_unlock_sock(sk);
1110 } else {
1111 sco_conn_lock(conn);
1112
1113 if (!conn->hcon) {
1114 sco_conn_unlock(conn);
1115 return;
1116 }
1117
1118 parent = sco_get_sock_listen(&conn->hcon->src);
1119 if (!parent) {
1120 sco_conn_unlock(conn);
1121 return;
1122 }
1123
1124 bh_lock_sock(parent);
1125
1126 sk = sco_sock_alloc(sock_net(parent), NULL,
1127 BTPROTO_SCO, GFP_ATOMIC, 0);
1128 if (!sk) {
1129 bh_unlock_sock(parent);
1130 sco_conn_unlock(conn);
1131 return;
1132 }
1133
1134 sco_sock_init(sk, parent);
1135
1136 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1137 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1138
1139 hci_conn_hold(conn->hcon);
1140 __sco_chan_add(conn, sk, parent);
1141
1142 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1143 sk->sk_state = BT_CONNECT2;
1144 else
1145 sk->sk_state = BT_CONNECTED;
1146
1147 /* Wake up parent */
1148 parent->sk_data_ready(parent);
1149
1150 bh_unlock_sock(parent);
1151
1152 sco_conn_unlock(conn);
1153 }
1154 }
1155
1156 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1157 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1158 {
1159 struct sock *sk;
1160 int lm = 0;
1161
1162 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1163
1164 /* Find listening sockets */
1165 read_lock(&sco_sk_list.lock);
1166 sk_for_each(sk, &sco_sk_list.head) {
1167 if (sk->sk_state != BT_LISTEN)
1168 continue;
1169
1170 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1171 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1172 lm |= HCI_LM_ACCEPT;
1173
1174 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1175 *flags |= HCI_PROTO_DEFER;
1176 break;
1177 }
1178 }
1179 read_unlock(&sco_sk_list.lock);
1180
1181 return lm;
1182 }
1183
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1184 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1185 {
1186 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1187 return;
1188
1189 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1190
1191 if (!status) {
1192 struct sco_conn *conn;
1193
1194 conn = sco_conn_add(hcon);
1195 if (conn)
1196 sco_conn_ready(conn);
1197 } else
1198 sco_conn_del(hcon, bt_to_errno(status));
1199 }
1200
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1201 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1202 {
1203 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1204 return;
1205
1206 BT_DBG("hcon %p reason %d", hcon, reason);
1207
1208 sco_conn_del(hcon, bt_to_errno(reason));
1209 }
1210
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1211 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1212 {
1213 struct sco_conn *conn = hcon->sco_data;
1214
1215 if (!conn)
1216 goto drop;
1217
1218 BT_DBG("conn %p len %d", conn, skb->len);
1219
1220 if (skb->len) {
1221 sco_recv_frame(conn, skb);
1222 return;
1223 }
1224
1225 drop:
1226 kfree_skb(skb);
1227 }
1228
1229 static struct hci_cb sco_cb = {
1230 .name = "SCO",
1231 .connect_cfm = sco_connect_cfm,
1232 .disconn_cfm = sco_disconn_cfm,
1233 };
1234
sco_debugfs_show(struct seq_file * f,void * p)1235 static int sco_debugfs_show(struct seq_file *f, void *p)
1236 {
1237 struct sock *sk;
1238
1239 read_lock(&sco_sk_list.lock);
1240
1241 sk_for_each(sk, &sco_sk_list.head) {
1242 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1243 &sco_pi(sk)->dst, sk->sk_state);
1244 }
1245
1246 read_unlock(&sco_sk_list.lock);
1247
1248 return 0;
1249 }
1250
1251 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1252
1253 static struct dentry *sco_debugfs;
1254
1255 static const struct proto_ops sco_sock_ops = {
1256 .family = PF_BLUETOOTH,
1257 .owner = THIS_MODULE,
1258 .release = sco_sock_release,
1259 .bind = sco_sock_bind,
1260 .connect = sco_sock_connect,
1261 .listen = sco_sock_listen,
1262 .accept = sco_sock_accept,
1263 .getname = sco_sock_getname,
1264 .sendmsg = sco_sock_sendmsg,
1265 .recvmsg = sco_sock_recvmsg,
1266 .poll = bt_sock_poll,
1267 .ioctl = bt_sock_ioctl,
1268 .gettstamp = sock_gettstamp,
1269 .mmap = sock_no_mmap,
1270 .socketpair = sock_no_socketpair,
1271 .shutdown = sco_sock_shutdown,
1272 .setsockopt = sco_sock_setsockopt,
1273 .getsockopt = sco_sock_getsockopt
1274 };
1275
1276 static const struct net_proto_family sco_sock_family_ops = {
1277 .family = PF_BLUETOOTH,
1278 .owner = THIS_MODULE,
1279 .create = sco_sock_create,
1280 };
1281
sco_init(void)1282 int __init sco_init(void)
1283 {
1284 int err;
1285
1286 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1287
1288 err = proto_register(&sco_proto, 0);
1289 if (err < 0)
1290 return err;
1291
1292 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1293 if (err < 0) {
1294 BT_ERR("SCO socket registration failed");
1295 goto error;
1296 }
1297
1298 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1299 if (err < 0) {
1300 BT_ERR("Failed to create SCO proc file");
1301 bt_sock_unregister(BTPROTO_SCO);
1302 goto error;
1303 }
1304
1305 BT_INFO("SCO socket layer initialized");
1306
1307 hci_register_cb(&sco_cb);
1308
1309 if (IS_ERR_OR_NULL(bt_debugfs))
1310 return 0;
1311
1312 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1313 NULL, &sco_debugfs_fops);
1314
1315 return 0;
1316
1317 error:
1318 proto_unregister(&sco_proto);
1319 return err;
1320 }
1321
sco_exit(void)1322 void sco_exit(void)
1323 {
1324 bt_procfs_cleanup(&init_net, "sco");
1325
1326 debugfs_remove(sco_debugfs);
1327
1328 hci_unregister_cb(&sco_cb);
1329
1330 bt_sock_unregister(BTPROTO_SCO);
1331
1332 proto_unregister(&sco_proto);
1333 }
1334
1335 module_param(disable_esco, bool, 0644);
1336 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1337