• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35 
36 static bool disable_esco;
37 
38 static const struct proto_ops sco_sock_ops;
39 
40 static struct bt_sock_list sco_sk_list = {
41 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43 
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 	struct hci_conn	*hcon;
47 
48 	spinlock_t	lock;
49 	struct sock	*sk;
50 
51 	struct delayed_work	timeout_work;
52 
53 	unsigned int    mtu;
54 };
55 
56 #define sco_conn_lock(c)	spin_lock(&c->lock)
57 #define sco_conn_unlock(c)	spin_unlock(&c->lock)
58 
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61 
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64 
65 struct sco_pinfo {
66 	struct bt_sock	bt;
67 	bdaddr_t	src;
68 	bdaddr_t	dst;
69 	__u32		flags;
70 	__u16		setting;
71 	struct bt_codec codec;
72 	struct sco_conn	*conn;
73 };
74 
75 /* ---- SCO timers ---- */
76 #define SCO_CONN_TIMEOUT	(HZ * 40)
77 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
78 
sco_sock_timeout(struct work_struct * work)79 static void sco_sock_timeout(struct work_struct *work)
80 {
81 	struct sco_conn *conn = container_of(work, struct sco_conn,
82 					     timeout_work.work);
83 	struct sock *sk;
84 
85 	sco_conn_lock(conn);
86 	if (!conn->hcon) {
87 		sco_conn_unlock(conn);
88 		return;
89 	}
90 	sk = conn->sk;
91 	if (sk)
92 		sock_hold(sk);
93 	sco_conn_unlock(conn);
94 
95 	if (!sk)
96 		return;
97 
98 	BT_DBG("sock %p state %d", sk, sk->sk_state);
99 
100 	lock_sock(sk);
101 	sk->sk_err = ETIMEDOUT;
102 	sk->sk_state_change(sk);
103 	release_sock(sk);
104 	sock_put(sk);
105 }
106 
sco_sock_set_timer(struct sock * sk,long timeout)107 static void sco_sock_set_timer(struct sock *sk, long timeout)
108 {
109 	if (!sco_pi(sk)->conn)
110 		return;
111 
112 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
113 	cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
114 	schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
115 }
116 
sco_sock_clear_timer(struct sock * sk)117 static void sco_sock_clear_timer(struct sock *sk)
118 {
119 	if (!sco_pi(sk)->conn)
120 		return;
121 
122 	BT_DBG("sock %p state %d", sk, sk->sk_state);
123 	cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
124 }
125 
126 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)127 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
128 {
129 	struct sco_conn *conn = hcon->sco_data;
130 
131 	if (conn) {
132 		if (!conn->hcon)
133 			conn->hcon = hcon;
134 		return conn;
135 	}
136 
137 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
138 	if (!conn)
139 		return NULL;
140 
141 	spin_lock_init(&conn->lock);
142 	INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
143 
144 	hcon->sco_data = conn;
145 	conn->hcon = hcon;
146 	conn->mtu = hcon->mtu;
147 
148 	if (hcon->mtu > 0)
149 		conn->mtu = hcon->mtu;
150 	else
151 		conn->mtu = 60;
152 
153 	BT_DBG("hcon %p conn %p", hcon, conn);
154 
155 	return conn;
156 }
157 
158 /* Delete channel.
159  * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)160 static void sco_chan_del(struct sock *sk, int err)
161 {
162 	struct sco_conn *conn;
163 
164 	conn = sco_pi(sk)->conn;
165 
166 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
167 
168 	if (conn) {
169 		sco_conn_lock(conn);
170 		conn->sk = NULL;
171 		sco_pi(sk)->conn = NULL;
172 		sco_conn_unlock(conn);
173 
174 		if (conn->hcon)
175 			hci_conn_drop(conn->hcon);
176 	}
177 
178 	sk->sk_state = BT_CLOSED;
179 	sk->sk_err   = err;
180 	sk->sk_state_change(sk);
181 
182 	sock_set_flag(sk, SOCK_ZAPPED);
183 }
184 
sco_conn_del(struct hci_conn * hcon,int err)185 static void sco_conn_del(struct hci_conn *hcon, int err)
186 {
187 	struct sco_conn *conn = hcon->sco_data;
188 	struct sock *sk;
189 
190 	if (!conn)
191 		return;
192 
193 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
194 
195 	/* Kill socket */
196 	sco_conn_lock(conn);
197 	sk = conn->sk;
198 	if (sk)
199 		sock_hold(sk);
200 	sco_conn_unlock(conn);
201 
202 	if (sk) {
203 		lock_sock(sk);
204 		sco_sock_clear_timer(sk);
205 		sco_chan_del(sk, err);
206 		release_sock(sk);
207 		sock_put(sk);
208 	}
209 
210 	/* Ensure no more work items will run before freeing conn. */
211 	cancel_delayed_work_sync(&conn->timeout_work);
212 
213 	hcon->sco_data = NULL;
214 	kfree(conn);
215 }
216 
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)217 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
218 			   struct sock *parent)
219 {
220 	BT_DBG("conn %p", conn);
221 
222 	sco_pi(sk)->conn = conn;
223 	conn->sk = sk;
224 
225 	if (parent)
226 		bt_accept_enqueue(parent, sk, true);
227 }
228 
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)229 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
230 			struct sock *parent)
231 {
232 	int err = 0;
233 
234 	sco_conn_lock(conn);
235 	if (conn->sk)
236 		err = -EBUSY;
237 	else
238 		__sco_chan_add(conn, sk, parent);
239 
240 	sco_conn_unlock(conn);
241 	return err;
242 }
243 
sco_connect(struct sock * sk)244 static int sco_connect(struct sock *sk)
245 {
246 	struct sco_conn *conn;
247 	struct hci_conn *hcon;
248 	struct hci_dev  *hdev;
249 	int err, type;
250 
251 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
252 
253 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
254 	if (!hdev)
255 		return -EHOSTUNREACH;
256 
257 	hci_dev_lock(hdev);
258 
259 	if (lmp_esco_capable(hdev) && !disable_esco)
260 		type = ESCO_LINK;
261 	else
262 		type = SCO_LINK;
263 
264 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
265 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
266 		err = -EOPNOTSUPP;
267 		goto unlock;
268 	}
269 
270 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
271 			       sco_pi(sk)->setting, &sco_pi(sk)->codec);
272 	if (IS_ERR(hcon)) {
273 		err = PTR_ERR(hcon);
274 		goto unlock;
275 	}
276 
277 	conn = sco_conn_add(hcon);
278 	if (!conn) {
279 		hci_conn_drop(hcon);
280 		err = -ENOMEM;
281 		goto unlock;
282 	}
283 
284 	lock_sock(sk);
285 
286 	err = sco_chan_add(conn, sk, NULL);
287 	if (err) {
288 		release_sock(sk);
289 		goto unlock;
290 	}
291 
292 	/* Update source addr of the socket */
293 	bacpy(&sco_pi(sk)->src, &hcon->src);
294 
295 	if (hcon->state == BT_CONNECTED) {
296 		sco_sock_clear_timer(sk);
297 		sk->sk_state = BT_CONNECTED;
298 	} else {
299 		sk->sk_state = BT_CONNECT;
300 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
301 	}
302 
303 	release_sock(sk);
304 
305 unlock:
306 	hci_dev_unlock(hdev);
307 	hci_dev_put(hdev);
308 	return err;
309 }
310 
sco_send_frame(struct sock * sk,struct sk_buff * skb)311 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
312 {
313 	struct sco_conn *conn = sco_pi(sk)->conn;
314 	int len = skb->len;
315 
316 	/* Check outgoing MTU */
317 	if (len > conn->mtu)
318 		return -EINVAL;
319 
320 	BT_DBG("sk %p len %d", sk, len);
321 
322 	hci_send_sco(conn->hcon, skb);
323 
324 	return len;
325 }
326 
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)327 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
328 {
329 	struct sock *sk;
330 
331 	sco_conn_lock(conn);
332 	sk = conn->sk;
333 	sco_conn_unlock(conn);
334 
335 	if (!sk)
336 		goto drop;
337 
338 	BT_DBG("sk %p len %u", sk, skb->len);
339 
340 	if (sk->sk_state != BT_CONNECTED)
341 		goto drop;
342 
343 	if (!sock_queue_rcv_skb(sk, skb))
344 		return;
345 
346 drop:
347 	kfree_skb(skb);
348 }
349 
350 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)351 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
352 {
353 	struct sock *sk;
354 
355 	sk_for_each(sk, &sco_sk_list.head) {
356 		if (sk->sk_state != BT_LISTEN)
357 			continue;
358 
359 		if (!bacmp(&sco_pi(sk)->src, ba))
360 			return sk;
361 	}
362 
363 	return NULL;
364 }
365 
366 /* Find socket listening on source bdaddr.
367  * Returns closest match.
368  */
sco_get_sock_listen(bdaddr_t * src)369 static struct sock *sco_get_sock_listen(bdaddr_t *src)
370 {
371 	struct sock *sk = NULL, *sk1 = NULL;
372 
373 	read_lock(&sco_sk_list.lock);
374 
375 	sk_for_each(sk, &sco_sk_list.head) {
376 		if (sk->sk_state != BT_LISTEN)
377 			continue;
378 
379 		/* Exact match. */
380 		if (!bacmp(&sco_pi(sk)->src, src))
381 			break;
382 
383 		/* Closest match */
384 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
385 			sk1 = sk;
386 	}
387 
388 	read_unlock(&sco_sk_list.lock);
389 
390 	return sk ? sk : sk1;
391 }
392 
sco_sock_destruct(struct sock * sk)393 static void sco_sock_destruct(struct sock *sk)
394 {
395 	BT_DBG("sk %p", sk);
396 
397 	skb_queue_purge(&sk->sk_receive_queue);
398 	skb_queue_purge(&sk->sk_write_queue);
399 }
400 
sco_sock_cleanup_listen(struct sock * parent)401 static void sco_sock_cleanup_listen(struct sock *parent)
402 {
403 	struct sock *sk;
404 
405 	BT_DBG("parent %p", parent);
406 
407 	/* Close not yet accepted channels */
408 	while ((sk = bt_accept_dequeue(parent, NULL))) {
409 		sco_sock_close(sk);
410 		sco_sock_kill(sk);
411 	}
412 
413 	parent->sk_state  = BT_CLOSED;
414 	sock_set_flag(parent, SOCK_ZAPPED);
415 }
416 
417 /* Kill socket (only if zapped and orphan)
418  * Must be called on unlocked socket.
419  */
sco_sock_kill(struct sock * sk)420 static void sco_sock_kill(struct sock *sk)
421 {
422 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
423 		return;
424 
425 	BT_DBG("sk %p state %d", sk, sk->sk_state);
426 
427 	/* Kill poor orphan */
428 	bt_sock_unlink(&sco_sk_list, sk);
429 	sock_set_flag(sk, SOCK_DEAD);
430 	sock_put(sk);
431 }
432 
__sco_sock_close(struct sock * sk)433 static void __sco_sock_close(struct sock *sk)
434 {
435 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
436 
437 	switch (sk->sk_state) {
438 	case BT_LISTEN:
439 		sco_sock_cleanup_listen(sk);
440 		break;
441 
442 	case BT_CONNECTED:
443 	case BT_CONFIG:
444 		if (sco_pi(sk)->conn->hcon) {
445 			sk->sk_state = BT_DISCONN;
446 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
447 			sco_conn_lock(sco_pi(sk)->conn);
448 			hci_conn_drop(sco_pi(sk)->conn->hcon);
449 			sco_pi(sk)->conn->hcon = NULL;
450 			sco_conn_unlock(sco_pi(sk)->conn);
451 		} else
452 			sco_chan_del(sk, ECONNRESET);
453 		break;
454 
455 	case BT_CONNECT2:
456 	case BT_CONNECT:
457 	case BT_DISCONN:
458 		sco_chan_del(sk, ECONNRESET);
459 		break;
460 
461 	default:
462 		sock_set_flag(sk, SOCK_ZAPPED);
463 		break;
464 	}
465 
466 }
467 
468 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)469 static void sco_sock_close(struct sock *sk)
470 {
471 	lock_sock(sk);
472 	sco_sock_clear_timer(sk);
473 	__sco_sock_close(sk);
474 	release_sock(sk);
475 }
476 
sco_sock_init(struct sock * sk,struct sock * parent)477 static void sco_sock_init(struct sock *sk, struct sock *parent)
478 {
479 	BT_DBG("sk %p", sk);
480 
481 	if (parent) {
482 		sk->sk_type = parent->sk_type;
483 		bt_sk(sk)->flags = bt_sk(parent)->flags;
484 		security_sk_clone(parent, sk);
485 	}
486 }
487 
488 static struct proto sco_proto = {
489 	.name		= "SCO",
490 	.owner		= THIS_MODULE,
491 	.obj_size	= sizeof(struct sco_pinfo)
492 };
493 
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)494 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
495 				   int proto, gfp_t prio, int kern)
496 {
497 	struct sock *sk;
498 
499 	sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
500 	if (!sk)
501 		return NULL;
502 
503 	sk->sk_destruct = sco_sock_destruct;
504 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
505 
506 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
507 	sco_pi(sk)->codec.id = BT_CODEC_CVSD;
508 	sco_pi(sk)->codec.cid = 0xffff;
509 	sco_pi(sk)->codec.vid = 0xffff;
510 	sco_pi(sk)->codec.data_path = 0x00;
511 
512 	bt_sock_link(&sco_sk_list, sk);
513 	return sk;
514 }
515 
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)516 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
517 			   int kern)
518 {
519 	struct sock *sk;
520 
521 	BT_DBG("sock %p", sock);
522 
523 	sock->state = SS_UNCONNECTED;
524 
525 	if (sock->type != SOCK_SEQPACKET)
526 		return -ESOCKTNOSUPPORT;
527 
528 	sock->ops = &sco_sock_ops;
529 
530 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
531 	if (!sk)
532 		return -ENOMEM;
533 
534 	sco_sock_init(sk, NULL);
535 	return 0;
536 }
537 
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)538 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
539 			 int addr_len)
540 {
541 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
542 	struct sock *sk = sock->sk;
543 	int err = 0;
544 
545 	if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
546 	    addr->sa_family != AF_BLUETOOTH)
547 		return -EINVAL;
548 
549 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
550 
551 	lock_sock(sk);
552 
553 	if (sk->sk_state != BT_OPEN) {
554 		err = -EBADFD;
555 		goto done;
556 	}
557 
558 	if (sk->sk_type != SOCK_SEQPACKET) {
559 		err = -EINVAL;
560 		goto done;
561 	}
562 
563 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
564 
565 	sk->sk_state = BT_BOUND;
566 
567 done:
568 	release_sock(sk);
569 	return err;
570 }
571 
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)572 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
573 {
574 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
575 	struct sock *sk = sock->sk;
576 	int err;
577 
578 	BT_DBG("sk %p", sk);
579 
580 	if (alen < sizeof(struct sockaddr_sco) ||
581 	    addr->sa_family != AF_BLUETOOTH)
582 		return -EINVAL;
583 
584 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
585 		return -EBADFD;
586 
587 	if (sk->sk_type != SOCK_SEQPACKET)
588 		err = -EINVAL;
589 
590 	lock_sock(sk);
591 	/* Set destination address and psm */
592 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
593 	release_sock(sk);
594 
595 	err = sco_connect(sk);
596 	if (err)
597 		return err;
598 
599 	lock_sock(sk);
600 
601 	err = bt_sock_wait_state(sk, BT_CONNECTED,
602 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
603 
604 	release_sock(sk);
605 	return err;
606 }
607 
sco_sock_listen(struct socket * sock,int backlog)608 static int sco_sock_listen(struct socket *sock, int backlog)
609 {
610 	struct sock *sk = sock->sk;
611 	bdaddr_t *src = &sco_pi(sk)->src;
612 	int err = 0;
613 
614 	BT_DBG("sk %p backlog %d", sk, backlog);
615 
616 	lock_sock(sk);
617 
618 	if (sk->sk_state != BT_BOUND) {
619 		err = -EBADFD;
620 		goto done;
621 	}
622 
623 	if (sk->sk_type != SOCK_SEQPACKET) {
624 		err = -EINVAL;
625 		goto done;
626 	}
627 
628 	write_lock(&sco_sk_list.lock);
629 
630 	if (__sco_get_sock_listen_by_addr(src)) {
631 		err = -EADDRINUSE;
632 		goto unlock;
633 	}
634 
635 	sk->sk_max_ack_backlog = backlog;
636 	sk->sk_ack_backlog = 0;
637 
638 	sk->sk_state = BT_LISTEN;
639 
640 unlock:
641 	write_unlock(&sco_sk_list.lock);
642 
643 done:
644 	release_sock(sk);
645 	return err;
646 }
647 
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)648 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
649 			   int flags, bool kern)
650 {
651 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
652 	struct sock *sk = sock->sk, *ch;
653 	long timeo;
654 	int err = 0;
655 
656 	lock_sock(sk);
657 
658 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
659 
660 	BT_DBG("sk %p timeo %ld", sk, timeo);
661 
662 	/* Wait for an incoming connection. (wake-one). */
663 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
664 	while (1) {
665 		if (sk->sk_state != BT_LISTEN) {
666 			err = -EBADFD;
667 			break;
668 		}
669 
670 		ch = bt_accept_dequeue(sk, newsock);
671 		if (ch)
672 			break;
673 
674 		if (!timeo) {
675 			err = -EAGAIN;
676 			break;
677 		}
678 
679 		if (signal_pending(current)) {
680 			err = sock_intr_errno(timeo);
681 			break;
682 		}
683 
684 		release_sock(sk);
685 
686 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
687 		lock_sock(sk);
688 	}
689 	remove_wait_queue(sk_sleep(sk), &wait);
690 
691 	if (err)
692 		goto done;
693 
694 	newsock->state = SS_CONNECTED;
695 
696 	BT_DBG("new socket %p", ch);
697 
698 done:
699 	release_sock(sk);
700 	return err;
701 }
702 
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)703 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
704 			    int peer)
705 {
706 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
707 	struct sock *sk = sock->sk;
708 
709 	BT_DBG("sock %p, sk %p", sock, sk);
710 
711 	addr->sa_family = AF_BLUETOOTH;
712 
713 	if (peer)
714 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
715 	else
716 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
717 
718 	return sizeof(struct sockaddr_sco);
719 }
720 
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)721 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
722 			    size_t len)
723 {
724 	struct sock *sk = sock->sk;
725 	struct sk_buff *skb;
726 	int err;
727 
728 	BT_DBG("sock %p, sk %p", sock, sk);
729 
730 	err = sock_error(sk);
731 	if (err)
732 		return err;
733 
734 	if (msg->msg_flags & MSG_OOB)
735 		return -EOPNOTSUPP;
736 
737 	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
738 	if (IS_ERR(skb))
739 		return PTR_ERR(skb);
740 
741 	lock_sock(sk);
742 
743 	if (sk->sk_state == BT_CONNECTED)
744 		err = sco_send_frame(sk, skb);
745 	else
746 		err = -ENOTCONN;
747 
748 	release_sock(sk);
749 
750 	if (err < 0)
751 		kfree_skb(skb);
752 	return err;
753 }
754 
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)755 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
756 {
757 	struct hci_dev *hdev = conn->hdev;
758 
759 	BT_DBG("conn %p", conn);
760 
761 	conn->state = BT_CONFIG;
762 
763 	if (!lmp_esco_capable(hdev)) {
764 		struct hci_cp_accept_conn_req cp;
765 
766 		bacpy(&cp.bdaddr, &conn->dst);
767 		cp.role = 0x00; /* Ignored */
768 
769 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
770 	} else {
771 		struct hci_cp_accept_sync_conn_req cp;
772 
773 		bacpy(&cp.bdaddr, &conn->dst);
774 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
775 
776 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
777 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
778 		cp.content_format = cpu_to_le16(setting);
779 
780 		switch (setting & SCO_AIRMODE_MASK) {
781 		case SCO_AIRMODE_TRANSP:
782 			if (conn->pkt_type & ESCO_2EV3)
783 				cp.max_latency = cpu_to_le16(0x0008);
784 			else
785 				cp.max_latency = cpu_to_le16(0x000D);
786 			cp.retrans_effort = 0x02;
787 			break;
788 		case SCO_AIRMODE_CVSD:
789 			cp.max_latency = cpu_to_le16(0xffff);
790 			cp.retrans_effort = 0xff;
791 			break;
792 		default:
793 			/* use CVSD settings as fallback */
794 			cp.max_latency = cpu_to_le16(0xffff);
795 			cp.retrans_effort = 0xff;
796 			break;
797 		}
798 
799 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
800 			     sizeof(cp), &cp);
801 	}
802 }
803 
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)804 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
805 			    size_t len, int flags)
806 {
807 	struct sock *sk = sock->sk;
808 	struct sco_pinfo *pi = sco_pi(sk);
809 
810 	lock_sock(sk);
811 
812 	if (sk->sk_state == BT_CONNECT2 &&
813 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
814 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
815 		sk->sk_state = BT_CONFIG;
816 
817 		release_sock(sk);
818 		return 0;
819 	}
820 
821 	release_sock(sk);
822 
823 	return bt_sock_recvmsg(sock, msg, len, flags);
824 }
825 
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)826 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
827 			       sockptr_t optval, unsigned int optlen)
828 {
829 	struct sock *sk = sock->sk;
830 	int err = 0;
831 	struct bt_voice voice;
832 	u32 opt;
833 	struct bt_codecs *codecs;
834 	struct hci_dev *hdev;
835 	__u8 buffer[255];
836 
837 	BT_DBG("sk %p", sk);
838 
839 	lock_sock(sk);
840 
841 	switch (optname) {
842 
843 	case BT_DEFER_SETUP:
844 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
845 			err = -EINVAL;
846 			break;
847 		}
848 
849 		err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
850 		if (err)
851 			break;
852 
853 		if (opt)
854 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
855 		else
856 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
857 		break;
858 
859 	case BT_VOICE:
860 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
861 		    sk->sk_state != BT_CONNECT2) {
862 			err = -EINVAL;
863 			break;
864 		}
865 
866 		voice.setting = sco_pi(sk)->setting;
867 
868 		err = bt_copy_from_sockptr(&voice, sizeof(voice), optval,
869 					   optlen);
870 		if (err)
871 			break;
872 
873 		/* Explicitly check for these values */
874 		if (voice.setting != BT_VOICE_TRANSPARENT &&
875 		    voice.setting != BT_VOICE_CVSD_16BIT) {
876 			err = -EINVAL;
877 			break;
878 		}
879 
880 		sco_pi(sk)->setting = voice.setting;
881 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
882 				     BDADDR_BREDR);
883 		if (!hdev) {
884 			err = -EBADFD;
885 			break;
886 		}
887 		if (enhanced_sync_conn_capable(hdev) &&
888 		    voice.setting == BT_VOICE_TRANSPARENT)
889 			sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
890 		hci_dev_put(hdev);
891 		break;
892 
893 	case BT_PKT_STATUS:
894 		err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
895 		if (err)
896 			break;
897 
898 		if (opt)
899 			set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
900 		else
901 			clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
902 		break;
903 
904 	case BT_CODEC:
905 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
906 		    sk->sk_state != BT_CONNECT2) {
907 			err = -EINVAL;
908 			break;
909 		}
910 
911 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
912 				     BDADDR_BREDR);
913 		if (!hdev) {
914 			err = -EBADFD;
915 			break;
916 		}
917 
918 		if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
919 			hci_dev_put(hdev);
920 			err = -EOPNOTSUPP;
921 			break;
922 		}
923 
924 		if (!hdev->get_data_path_id) {
925 			hci_dev_put(hdev);
926 			err = -EOPNOTSUPP;
927 			break;
928 		}
929 
930 		if (optlen < sizeof(struct bt_codecs) ||
931 		    optlen > sizeof(buffer)) {
932 			hci_dev_put(hdev);
933 			err = -EINVAL;
934 			break;
935 		}
936 
937 		err = bt_copy_from_sockptr(buffer, optlen, optval, optlen);
938 		if (err) {
939 			hci_dev_put(hdev);
940 			break;
941 		}
942 
943 		codecs = (void *)buffer;
944 
945 		if (codecs->num_codecs > 1) {
946 			hci_dev_put(hdev);
947 			err = -EINVAL;
948 			break;
949 		}
950 
951 		sco_pi(sk)->codec = codecs->codecs[0];
952 		hci_dev_put(hdev);
953 		break;
954 
955 	default:
956 		err = -ENOPROTOOPT;
957 		break;
958 	}
959 
960 	release_sock(sk);
961 	return err;
962 }
963 
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)964 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
965 				   char __user *optval, int __user *optlen)
966 {
967 	struct sock *sk = sock->sk;
968 	struct sco_options opts;
969 	struct sco_conninfo cinfo;
970 	int err = 0;
971 	size_t len;
972 
973 	BT_DBG("sk %p", sk);
974 
975 	if (get_user(len, optlen))
976 		return -EFAULT;
977 
978 	lock_sock(sk);
979 
980 	switch (optname) {
981 	case SCO_OPTIONS:
982 		if (sk->sk_state != BT_CONNECTED &&
983 		    !(sk->sk_state == BT_CONNECT2 &&
984 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
985 			err = -ENOTCONN;
986 			break;
987 		}
988 
989 		opts.mtu = sco_pi(sk)->conn->mtu;
990 
991 		BT_DBG("mtu %u", opts.mtu);
992 
993 		len = min(len, sizeof(opts));
994 		if (copy_to_user(optval, (char *)&opts, len))
995 			err = -EFAULT;
996 
997 		break;
998 
999 	case SCO_CONNINFO:
1000 		if (sk->sk_state != BT_CONNECTED &&
1001 		    !(sk->sk_state == BT_CONNECT2 &&
1002 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1003 			err = -ENOTCONN;
1004 			break;
1005 		}
1006 
1007 		memset(&cinfo, 0, sizeof(cinfo));
1008 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1009 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1010 
1011 		len = min(len, sizeof(cinfo));
1012 		if (copy_to_user(optval, (char *)&cinfo, len))
1013 			err = -EFAULT;
1014 
1015 		break;
1016 
1017 	default:
1018 		err = -ENOPROTOOPT;
1019 		break;
1020 	}
1021 
1022 	release_sock(sk);
1023 	return err;
1024 }
1025 
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1026 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1027 			       char __user *optval, int __user *optlen)
1028 {
1029 	struct sock *sk = sock->sk;
1030 	int len, err = 0;
1031 	struct bt_voice voice;
1032 	u32 phys;
1033 	int buf_len;
1034 	struct codec_list *c;
1035 	u8 num_codecs, i, __user *ptr;
1036 	struct hci_dev *hdev;
1037 	struct hci_codec_caps *caps;
1038 	struct bt_codec codec;
1039 
1040 	BT_DBG("sk %p", sk);
1041 
1042 	if (level == SOL_SCO)
1043 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1044 
1045 	if (get_user(len, optlen))
1046 		return -EFAULT;
1047 
1048 	lock_sock(sk);
1049 
1050 	switch (optname) {
1051 
1052 	case BT_DEFER_SETUP:
1053 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1054 			err = -EINVAL;
1055 			break;
1056 		}
1057 
1058 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1059 			     (u32 __user *)optval))
1060 			err = -EFAULT;
1061 
1062 		break;
1063 
1064 	case BT_VOICE:
1065 		voice.setting = sco_pi(sk)->setting;
1066 
1067 		len = min_t(unsigned int, len, sizeof(voice));
1068 		if (copy_to_user(optval, (char *)&voice, len))
1069 			err = -EFAULT;
1070 
1071 		break;
1072 
1073 	case BT_PHY:
1074 		if (sk->sk_state != BT_CONNECTED) {
1075 			err = -ENOTCONN;
1076 			break;
1077 		}
1078 
1079 		phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1080 
1081 		if (put_user(phys, (u32 __user *) optval))
1082 			err = -EFAULT;
1083 		break;
1084 
1085 	case BT_PKT_STATUS:
1086 		if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1087 			     (int __user *)optval))
1088 			err = -EFAULT;
1089 		break;
1090 
1091 	case BT_SNDMTU:
1092 	case BT_RCVMTU:
1093 		if (sk->sk_state != BT_CONNECTED) {
1094 			err = -ENOTCONN;
1095 			break;
1096 		}
1097 
1098 		if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1099 			err = -EFAULT;
1100 		break;
1101 
1102 	case BT_CODEC:
1103 		num_codecs = 0;
1104 		buf_len = 0;
1105 
1106 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1107 		if (!hdev) {
1108 			err = -EBADFD;
1109 			break;
1110 		}
1111 
1112 		if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1113 			hci_dev_put(hdev);
1114 			err = -EOPNOTSUPP;
1115 			break;
1116 		}
1117 
1118 		if (!hdev->get_data_path_id) {
1119 			hci_dev_put(hdev);
1120 			err = -EOPNOTSUPP;
1121 			break;
1122 		}
1123 
1124 		release_sock(sk);
1125 
1126 		/* find total buffer size required to copy codec + caps */
1127 		hci_dev_lock(hdev);
1128 		list_for_each_entry(c, &hdev->local_codecs, list) {
1129 			if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1130 				continue;
1131 			num_codecs++;
1132 			for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1133 				buf_len += 1 + caps->len;
1134 				caps = (void *)&caps->data[caps->len];
1135 			}
1136 			buf_len += sizeof(struct bt_codec);
1137 		}
1138 		hci_dev_unlock(hdev);
1139 
1140 		buf_len += sizeof(struct bt_codecs);
1141 		if (buf_len > len) {
1142 			hci_dev_put(hdev);
1143 			return -ENOBUFS;
1144 		}
1145 		ptr = optval;
1146 
1147 		if (put_user(num_codecs, ptr)) {
1148 			hci_dev_put(hdev);
1149 			return -EFAULT;
1150 		}
1151 		ptr += sizeof(num_codecs);
1152 
1153 		/* Iterate all the codecs supported over SCO and populate
1154 		 * codec data
1155 		 */
1156 		hci_dev_lock(hdev);
1157 		list_for_each_entry(c, &hdev->local_codecs, list) {
1158 			if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1159 				continue;
1160 
1161 			codec.id = c->id;
1162 			codec.cid = c->cid;
1163 			codec.vid = c->vid;
1164 			err = hdev->get_data_path_id(hdev, &codec.data_path);
1165 			if (err < 0)
1166 				break;
1167 			codec.num_caps = c->num_caps;
1168 			if (copy_to_user(ptr, &codec, sizeof(codec))) {
1169 				err = -EFAULT;
1170 				break;
1171 			}
1172 			ptr += sizeof(codec);
1173 
1174 			/* find codec capabilities data length */
1175 			len = 0;
1176 			for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1177 				len += 1 + caps->len;
1178 				caps = (void *)&caps->data[caps->len];
1179 			}
1180 
1181 			/* copy codec capabilities data */
1182 			if (len && copy_to_user(ptr, c->caps, len)) {
1183 				err = -EFAULT;
1184 				break;
1185 			}
1186 			ptr += len;
1187 		}
1188 
1189 		hci_dev_unlock(hdev);
1190 		hci_dev_put(hdev);
1191 
1192 		lock_sock(sk);
1193 
1194 		if (!err && put_user(buf_len, optlen))
1195 			err = -EFAULT;
1196 
1197 		break;
1198 
1199 	default:
1200 		err = -ENOPROTOOPT;
1201 		break;
1202 	}
1203 
1204 	release_sock(sk);
1205 	return err;
1206 }
1207 
sco_sock_shutdown(struct socket * sock,int how)1208 static int sco_sock_shutdown(struct socket *sock, int how)
1209 {
1210 	struct sock *sk = sock->sk;
1211 	int err = 0;
1212 
1213 	BT_DBG("sock %p, sk %p", sock, sk);
1214 
1215 	if (!sk)
1216 		return 0;
1217 
1218 	sock_hold(sk);
1219 	lock_sock(sk);
1220 
1221 	if (!sk->sk_shutdown) {
1222 		sk->sk_shutdown = SHUTDOWN_MASK;
1223 		sco_sock_clear_timer(sk);
1224 		__sco_sock_close(sk);
1225 
1226 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1227 		    !(current->flags & PF_EXITING))
1228 			err = bt_sock_wait_state(sk, BT_CLOSED,
1229 						 sk->sk_lingertime);
1230 	}
1231 
1232 	release_sock(sk);
1233 	sock_put(sk);
1234 
1235 	return err;
1236 }
1237 
sco_sock_release(struct socket * sock)1238 static int sco_sock_release(struct socket *sock)
1239 {
1240 	struct sock *sk = sock->sk;
1241 	int err = 0;
1242 
1243 	BT_DBG("sock %p, sk %p", sock, sk);
1244 
1245 	if (!sk)
1246 		return 0;
1247 
1248 	sco_sock_close(sk);
1249 
1250 	if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1251 	    !(current->flags & PF_EXITING)) {
1252 		lock_sock(sk);
1253 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1254 		release_sock(sk);
1255 	}
1256 
1257 	sock_orphan(sk);
1258 	sco_sock_kill(sk);
1259 	return err;
1260 }
1261 
sco_conn_ready(struct sco_conn * conn)1262 static void sco_conn_ready(struct sco_conn *conn)
1263 {
1264 	struct sock *parent;
1265 	struct sock *sk = conn->sk;
1266 
1267 	BT_DBG("conn %p", conn);
1268 
1269 	if (sk) {
1270 		lock_sock(sk);
1271 		sco_sock_clear_timer(sk);
1272 		sk->sk_state = BT_CONNECTED;
1273 		sk->sk_state_change(sk);
1274 		release_sock(sk);
1275 	} else {
1276 		sco_conn_lock(conn);
1277 
1278 		if (!conn->hcon) {
1279 			sco_conn_unlock(conn);
1280 			return;
1281 		}
1282 
1283 		parent = sco_get_sock_listen(&conn->hcon->src);
1284 		if (!parent) {
1285 			sco_conn_unlock(conn);
1286 			return;
1287 		}
1288 
1289 		lock_sock(parent);
1290 
1291 		sk = sco_sock_alloc(sock_net(parent), NULL,
1292 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1293 		if (!sk) {
1294 			release_sock(parent);
1295 			sco_conn_unlock(conn);
1296 			return;
1297 		}
1298 
1299 		sco_sock_init(sk, parent);
1300 
1301 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1302 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1303 
1304 		hci_conn_hold(conn->hcon);
1305 		__sco_chan_add(conn, sk, parent);
1306 
1307 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1308 			sk->sk_state = BT_CONNECT2;
1309 		else
1310 			sk->sk_state = BT_CONNECTED;
1311 
1312 		/* Wake up parent */
1313 		parent->sk_data_ready(parent);
1314 
1315 		release_sock(parent);
1316 
1317 		sco_conn_unlock(conn);
1318 	}
1319 }
1320 
1321 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1322 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1323 {
1324 	struct sock *sk;
1325 	int lm = 0;
1326 
1327 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1328 
1329 	/* Find listening sockets */
1330 	read_lock(&sco_sk_list.lock);
1331 	sk_for_each(sk, &sco_sk_list.head) {
1332 		if (sk->sk_state != BT_LISTEN)
1333 			continue;
1334 
1335 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1336 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1337 			lm |= HCI_LM_ACCEPT;
1338 
1339 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1340 				*flags |= HCI_PROTO_DEFER;
1341 			break;
1342 		}
1343 	}
1344 	read_unlock(&sco_sk_list.lock);
1345 
1346 	return lm;
1347 }
1348 
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1349 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1350 {
1351 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1352 		return;
1353 
1354 	BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1355 
1356 	if (!status) {
1357 		struct sco_conn *conn;
1358 
1359 		conn = sco_conn_add(hcon);
1360 		if (conn)
1361 			sco_conn_ready(conn);
1362 	} else
1363 		sco_conn_del(hcon, bt_to_errno(status));
1364 }
1365 
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1366 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1367 {
1368 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1369 		return;
1370 
1371 	BT_DBG("hcon %p reason %d", hcon, reason);
1372 
1373 	sco_conn_del(hcon, bt_to_errno(reason));
1374 }
1375 
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1376 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1377 {
1378 	struct sco_conn *conn = hcon->sco_data;
1379 
1380 	if (!conn)
1381 		goto drop;
1382 
1383 	BT_DBG("conn %p len %u", conn, skb->len);
1384 
1385 	if (skb->len) {
1386 		sco_recv_frame(conn, skb);
1387 		return;
1388 	}
1389 
1390 drop:
1391 	kfree_skb(skb);
1392 }
1393 
1394 static struct hci_cb sco_cb = {
1395 	.name		= "SCO",
1396 	.connect_cfm	= sco_connect_cfm,
1397 	.disconn_cfm	= sco_disconn_cfm,
1398 };
1399 
sco_debugfs_show(struct seq_file * f,void * p)1400 static int sco_debugfs_show(struct seq_file *f, void *p)
1401 {
1402 	struct sock *sk;
1403 
1404 	read_lock(&sco_sk_list.lock);
1405 
1406 	sk_for_each(sk, &sco_sk_list.head) {
1407 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1408 			   &sco_pi(sk)->dst, sk->sk_state);
1409 	}
1410 
1411 	read_unlock(&sco_sk_list.lock);
1412 
1413 	return 0;
1414 }
1415 
1416 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1417 
1418 static struct dentry *sco_debugfs;
1419 
1420 static const struct proto_ops sco_sock_ops = {
1421 	.family		= PF_BLUETOOTH,
1422 	.owner		= THIS_MODULE,
1423 	.release	= sco_sock_release,
1424 	.bind		= sco_sock_bind,
1425 	.connect	= sco_sock_connect,
1426 	.listen		= sco_sock_listen,
1427 	.accept		= sco_sock_accept,
1428 	.getname	= sco_sock_getname,
1429 	.sendmsg	= sco_sock_sendmsg,
1430 	.recvmsg	= sco_sock_recvmsg,
1431 	.poll		= bt_sock_poll,
1432 	.ioctl		= bt_sock_ioctl,
1433 	.gettstamp	= sock_gettstamp,
1434 	.mmap		= sock_no_mmap,
1435 	.socketpair	= sock_no_socketpair,
1436 	.shutdown	= sco_sock_shutdown,
1437 	.setsockopt	= sco_sock_setsockopt,
1438 	.getsockopt	= sco_sock_getsockopt
1439 };
1440 
1441 static const struct net_proto_family sco_sock_family_ops = {
1442 	.family	= PF_BLUETOOTH,
1443 	.owner	= THIS_MODULE,
1444 	.create	= sco_sock_create,
1445 };
1446 
sco_init(void)1447 int __init sco_init(void)
1448 {
1449 	int err;
1450 
1451 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1452 
1453 	err = proto_register(&sco_proto, 0);
1454 	if (err < 0)
1455 		return err;
1456 
1457 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1458 	if (err < 0) {
1459 		BT_ERR("SCO socket registration failed");
1460 		goto error;
1461 	}
1462 
1463 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1464 	if (err < 0) {
1465 		BT_ERR("Failed to create SCO proc file");
1466 		bt_sock_unregister(BTPROTO_SCO);
1467 		goto error;
1468 	}
1469 
1470 	BT_INFO("SCO socket layer initialized");
1471 
1472 	hci_register_cb(&sco_cb);
1473 
1474 	if (IS_ERR_OR_NULL(bt_debugfs))
1475 		return 0;
1476 
1477 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1478 					  NULL, &sco_debugfs_fops);
1479 
1480 	return 0;
1481 
1482 error:
1483 	proto_unregister(&sco_proto);
1484 	return err;
1485 }
1486 
sco_exit(void)1487 void sco_exit(void)
1488 {
1489 	bt_procfs_cleanup(&init_net, "sco");
1490 
1491 	debugfs_remove(sco_debugfs);
1492 
1493 	hci_unregister_cb(&sco_cb);
1494 
1495 	bt_sock_unregister(BTPROTO_SCO);
1496 
1497 	proto_unregister(&sco_proto);
1498 }
1499 
1500 module_param(disable_esco, bool, 0644);
1501 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1502