xref: /openbmc/linux/net/bluetooth/iso.c (revision 9144f784f852f9a125cabe9927b986d909bfa439)
1  // SPDX-License-Identifier: GPL-2.0
2  /*
3   * BlueZ - Bluetooth protocol stack for Linux
4   *
5   * Copyright (C) 2022 Intel Corporation
6   * Copyright 2023 NXP
7   */
8  
9  #include <linux/module.h>
10  #include <linux/debugfs.h>
11  #include <linux/seq_file.h>
12  #include <linux/sched/signal.h>
13  
14  #include <net/bluetooth/bluetooth.h>
15  #include <net/bluetooth/hci_core.h>
16  #include <net/bluetooth/iso.h>
17  
18  static const struct proto_ops iso_sock_ops;
19  
20  static struct bt_sock_list iso_sk_list = {
21  	.lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
22  };
23  
24  /* ---- ISO connections ---- */
25  struct iso_conn {
26  	struct hci_conn	*hcon;
27  
28  	/* @lock: spinlock protecting changes to iso_conn fields */
29  	spinlock_t	lock;
30  	struct sock	*sk;
31  
32  	struct delayed_work	timeout_work;
33  
34  	struct sk_buff	*rx_skb;
35  	__u32		rx_len;
36  	__u16		tx_sn;
37  };
38  
39  #define iso_conn_lock(c)	spin_lock(&(c)->lock)
40  #define iso_conn_unlock(c)	spin_unlock(&(c)->lock)
41  
42  static void iso_sock_close(struct sock *sk);
43  static void iso_sock_kill(struct sock *sk);
44  
45  /* ----- ISO socket info ----- */
46  #define iso_pi(sk) ((struct iso_pinfo *)sk)
47  
48  #define EIR_SERVICE_DATA_LENGTH 4
49  #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
50  
51  /* iso_pinfo flags values */
52  enum {
53  	BT_SK_BIG_SYNC,
54  	BT_SK_PA_SYNC,
55  	BT_SK_PA_SYNC_TERM,
56  };
57  
58  struct iso_pinfo {
59  	struct bt_sock		bt;
60  	bdaddr_t		src;
61  	__u8			src_type;
62  	bdaddr_t		dst;
63  	__u8			dst_type;
64  	__u8			bc_sid;
65  	__u8			bc_num_bis;
66  	__u8			bc_bis[ISO_MAX_NUM_BIS];
67  	__u16			sync_handle;
68  	unsigned long		flags;
69  	struct bt_iso_qos	qos;
70  	bool			qos_user_set;
71  	__u8			base_len;
72  	__u8			base[BASE_MAX_LENGTH];
73  	struct iso_conn		*conn;
74  };
75  
76  static struct bt_iso_qos default_qos;
77  
78  static bool check_ucast_qos(struct bt_iso_qos *qos);
79  static bool check_bcast_qos(struct bt_iso_qos *qos);
80  static bool iso_match_sid(struct sock *sk, void *data);
81  static bool iso_match_sync_handle(struct sock *sk, void *data);
82  static void iso_sock_disconn(struct sock *sk);
83  
84  typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
85  
86  static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
87  					iso_sock_match_t match, void *data);
88  
89  /* ---- ISO timers ---- */
90  #define ISO_CONN_TIMEOUT	(HZ * 40)
91  #define ISO_DISCONN_TIMEOUT	(HZ * 2)
92  
iso_sock_hold(struct iso_conn * conn)93  static struct sock *iso_sock_hold(struct iso_conn *conn)
94  {
95  	if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
96  		return NULL;
97  
98  	sock_hold(conn->sk);
99  
100  	return conn->sk;
101  }
102  
iso_sock_timeout(struct work_struct * work)103  static void iso_sock_timeout(struct work_struct *work)
104  {
105  	struct iso_conn *conn = container_of(work, struct iso_conn,
106  					     timeout_work.work);
107  	struct sock *sk;
108  
109  	iso_conn_lock(conn);
110  	sk = iso_sock_hold(conn);
111  	iso_conn_unlock(conn);
112  
113  	if (!sk)
114  		return;
115  
116  	BT_DBG("sock %p state %d", sk, sk->sk_state);
117  
118  	lock_sock(sk);
119  	sk->sk_err = ETIMEDOUT;
120  	sk->sk_state_change(sk);
121  	release_sock(sk);
122  	sock_put(sk);
123  }
124  
iso_sock_set_timer(struct sock * sk,long timeout)125  static void iso_sock_set_timer(struct sock *sk, long timeout)
126  {
127  	if (!iso_pi(sk)->conn)
128  		return;
129  
130  	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
131  	cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
132  	schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
133  }
134  
iso_sock_clear_timer(struct sock * sk)135  static void iso_sock_clear_timer(struct sock *sk)
136  {
137  	if (!iso_pi(sk)->conn)
138  		return;
139  
140  	BT_DBG("sock %p state %d", sk, sk->sk_state);
141  	cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
142  }
143  
144  /* ---- ISO connections ---- */
iso_conn_add(struct hci_conn * hcon)145  static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
146  {
147  	struct iso_conn *conn = hcon->iso_data;
148  
149  	if (conn) {
150  		if (!conn->hcon)
151  			conn->hcon = hcon;
152  		return conn;
153  	}
154  
155  	conn = kzalloc(sizeof(*conn), GFP_KERNEL);
156  	if (!conn)
157  		return NULL;
158  
159  	spin_lock_init(&conn->lock);
160  	INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
161  
162  	hcon->iso_data = conn;
163  	conn->hcon = hcon;
164  	conn->tx_sn = 0;
165  
166  	BT_DBG("hcon %p conn %p", hcon, conn);
167  
168  	return conn;
169  }
170  
171  /* Delete channel. Must be called on the locked socket. */
iso_chan_del(struct sock * sk,int err)172  static void iso_chan_del(struct sock *sk, int err)
173  {
174  	struct iso_conn *conn;
175  	struct sock *parent;
176  
177  	conn = iso_pi(sk)->conn;
178  
179  	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
180  
181  	if (conn) {
182  		iso_conn_lock(conn);
183  		conn->sk = NULL;
184  		iso_pi(sk)->conn = NULL;
185  		iso_conn_unlock(conn);
186  
187  		if (conn->hcon)
188  			hci_conn_drop(conn->hcon);
189  	}
190  
191  	sk->sk_state = BT_CLOSED;
192  	sk->sk_err   = err;
193  
194  	parent = bt_sk(sk)->parent;
195  	if (parent) {
196  		bt_accept_unlink(sk);
197  		parent->sk_data_ready(parent);
198  	} else {
199  		sk->sk_state_change(sk);
200  	}
201  
202  	sock_set_flag(sk, SOCK_ZAPPED);
203  }
204  
iso_match_conn_sync_handle(struct sock * sk,void * data)205  static bool iso_match_conn_sync_handle(struct sock *sk, void *data)
206  {
207  	struct hci_conn *hcon = data;
208  
209  	if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
210  		return false;
211  
212  	return hcon->sync_handle == iso_pi(sk)->sync_handle;
213  }
214  
iso_conn_del(struct hci_conn * hcon,int err)215  static void iso_conn_del(struct hci_conn *hcon, int err)
216  {
217  	struct iso_conn *conn = hcon->iso_data;
218  	struct sock *sk;
219  	struct sock *parent;
220  
221  	if (!conn)
222  		return;
223  
224  	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
225  
226  	/* Kill socket */
227  	iso_conn_lock(conn);
228  	sk = iso_sock_hold(conn);
229  	iso_conn_unlock(conn);
230  
231  	if (sk) {
232  		lock_sock(sk);
233  
234  		/* While a PA sync hcon is in the process of closing,
235  		 * mark parent socket with a flag, so that any residual
236  		 * BIGInfo adv reports that arrive before PA sync is
237  		 * terminated are not processed anymore.
238  		 */
239  		if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
240  			parent = iso_get_sock_listen(&hcon->src,
241  						     &hcon->dst,
242  						     iso_match_conn_sync_handle,
243  						     hcon);
244  
245  			if (parent) {
246  				set_bit(BT_SK_PA_SYNC_TERM,
247  					&iso_pi(parent)->flags);
248  				sock_put(parent);
249  			}
250  		}
251  
252  		iso_sock_clear_timer(sk);
253  		iso_chan_del(sk, err);
254  		release_sock(sk);
255  		sock_put(sk);
256  	}
257  
258  	/* Ensure no more work items will run before freeing conn. */
259  	cancel_delayed_work_sync(&conn->timeout_work);
260  
261  	hcon->iso_data = NULL;
262  	kfree(conn);
263  }
264  
__iso_chan_add(struct iso_conn * conn,struct sock * sk,struct sock * parent)265  static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
266  			  struct sock *parent)
267  {
268  	BT_DBG("conn %p", conn);
269  
270  	if (iso_pi(sk)->conn == conn && conn->sk == sk)
271  		return 0;
272  
273  	if (conn->sk) {
274  		BT_ERR("conn->sk already set");
275  		return -EBUSY;
276  	}
277  
278  	iso_pi(sk)->conn = conn;
279  	conn->sk = sk;
280  
281  	if (parent)
282  		bt_accept_enqueue(parent, sk, true);
283  
284  	return 0;
285  }
286  
iso_chan_add(struct iso_conn * conn,struct sock * sk,struct sock * parent)287  static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
288  			struct sock *parent)
289  {
290  	int err;
291  
292  	iso_conn_lock(conn);
293  	err = __iso_chan_add(conn, sk, parent);
294  	iso_conn_unlock(conn);
295  
296  	return err;
297  }
298  
le_addr_type(u8 bdaddr_type)299  static inline u8 le_addr_type(u8 bdaddr_type)
300  {
301  	if (bdaddr_type == BDADDR_LE_PUBLIC)
302  		return ADDR_LE_DEV_PUBLIC;
303  	else
304  		return ADDR_LE_DEV_RANDOM;
305  }
306  
iso_connect_bis(struct sock * sk)307  static int iso_connect_bis(struct sock *sk)
308  {
309  	struct iso_conn *conn;
310  	struct hci_conn *hcon;
311  	struct hci_dev  *hdev;
312  	int err;
313  
314  	BT_DBG("%pMR", &iso_pi(sk)->src);
315  
316  	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
317  			     iso_pi(sk)->src_type);
318  	if (!hdev)
319  		return -EHOSTUNREACH;
320  
321  	hci_dev_lock(hdev);
322  
323  	if (!bis_capable(hdev)) {
324  		err = -EOPNOTSUPP;
325  		goto unlock;
326  	}
327  
328  	/* Fail if user set invalid QoS */
329  	if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
330  		iso_pi(sk)->qos = default_qos;
331  		err = -EINVAL;
332  		goto unlock;
333  	}
334  
335  	/* Fail if out PHYs are marked as disabled */
336  	if (!iso_pi(sk)->qos.bcast.out.phy) {
337  		err = -EINVAL;
338  		goto unlock;
339  	}
340  
341  	/* Just bind if DEFER_SETUP has been set */
342  	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
343  		hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
344  				    &iso_pi(sk)->qos, iso_pi(sk)->base_len,
345  				    iso_pi(sk)->base);
346  		if (IS_ERR(hcon)) {
347  			err = PTR_ERR(hcon);
348  			goto unlock;
349  		}
350  	} else {
351  		hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
352  				       le_addr_type(iso_pi(sk)->dst_type),
353  				       &iso_pi(sk)->qos, iso_pi(sk)->base_len,
354  				       iso_pi(sk)->base);
355  		if (IS_ERR(hcon)) {
356  			err = PTR_ERR(hcon);
357  			goto unlock;
358  		}
359  	}
360  
361  	conn = iso_conn_add(hcon);
362  	if (!conn) {
363  		hci_conn_drop(hcon);
364  		err = -ENOMEM;
365  		goto unlock;
366  	}
367  
368  	lock_sock(sk);
369  
370  	err = iso_chan_add(conn, sk, NULL);
371  	if (err) {
372  		release_sock(sk);
373  		goto unlock;
374  	}
375  
376  	/* Update source addr of the socket */
377  	bacpy(&iso_pi(sk)->src, &hcon->src);
378  
379  	if (hcon->state == BT_CONNECTED) {
380  		iso_sock_clear_timer(sk);
381  		sk->sk_state = BT_CONNECTED;
382  	} else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
383  		iso_sock_clear_timer(sk);
384  		sk->sk_state = BT_CONNECT;
385  	} else {
386  		sk->sk_state = BT_CONNECT;
387  		iso_sock_set_timer(sk, sk->sk_sndtimeo);
388  	}
389  
390  	release_sock(sk);
391  
392  unlock:
393  	hci_dev_unlock(hdev);
394  	hci_dev_put(hdev);
395  	return err;
396  }
397  
iso_connect_cis(struct sock * sk)398  static int iso_connect_cis(struct sock *sk)
399  {
400  	struct iso_conn *conn;
401  	struct hci_conn *hcon;
402  	struct hci_dev  *hdev;
403  	int err;
404  
405  	BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
406  
407  	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
408  			     iso_pi(sk)->src_type);
409  	if (!hdev)
410  		return -EHOSTUNREACH;
411  
412  	hci_dev_lock(hdev);
413  
414  	if (!cis_central_capable(hdev)) {
415  		err = -EOPNOTSUPP;
416  		goto unlock;
417  	}
418  
419  	/* Fail if user set invalid QoS */
420  	if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
421  		iso_pi(sk)->qos = default_qos;
422  		err = -EINVAL;
423  		goto unlock;
424  	}
425  
426  	/* Fail if either PHYs are marked as disabled */
427  	if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
428  		err = -EINVAL;
429  		goto unlock;
430  	}
431  
432  	/* Just bind if DEFER_SETUP has been set */
433  	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
434  		hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
435  				    le_addr_type(iso_pi(sk)->dst_type),
436  				    &iso_pi(sk)->qos);
437  		if (IS_ERR(hcon)) {
438  			err = PTR_ERR(hcon);
439  			goto unlock;
440  		}
441  	} else {
442  		hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
443  				       le_addr_type(iso_pi(sk)->dst_type),
444  				       &iso_pi(sk)->qos);
445  		if (IS_ERR(hcon)) {
446  			err = PTR_ERR(hcon);
447  			goto unlock;
448  		}
449  	}
450  
451  	conn = iso_conn_add(hcon);
452  	if (!conn) {
453  		hci_conn_drop(hcon);
454  		err = -ENOMEM;
455  		goto unlock;
456  	}
457  
458  	lock_sock(sk);
459  
460  	err = iso_chan_add(conn, sk, NULL);
461  	if (err) {
462  		release_sock(sk);
463  		goto unlock;
464  	}
465  
466  	/* Update source addr of the socket */
467  	bacpy(&iso_pi(sk)->src, &hcon->src);
468  
469  	if (hcon->state == BT_CONNECTED) {
470  		iso_sock_clear_timer(sk);
471  		sk->sk_state = BT_CONNECTED;
472  	} else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
473  		iso_sock_clear_timer(sk);
474  		sk->sk_state = BT_CONNECT;
475  	} else {
476  		sk->sk_state = BT_CONNECT;
477  		iso_sock_set_timer(sk, sk->sk_sndtimeo);
478  	}
479  
480  	release_sock(sk);
481  
482  unlock:
483  	hci_dev_unlock(hdev);
484  	hci_dev_put(hdev);
485  	return err;
486  }
487  
iso_sock_get_qos(struct sock * sk)488  static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
489  {
490  	if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
491  		return &iso_pi(sk)->conn->hcon->iso_qos;
492  
493  	return &iso_pi(sk)->qos;
494  }
495  
iso_send_frame(struct sock * sk,struct sk_buff * skb)496  static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
497  {
498  	struct iso_conn *conn = iso_pi(sk)->conn;
499  	struct bt_iso_qos *qos = iso_sock_get_qos(sk);
500  	struct hci_iso_data_hdr *hdr;
501  	int len = 0;
502  
503  	BT_DBG("sk %p len %d", sk, skb->len);
504  
505  	if (skb->len > qos->ucast.out.sdu)
506  		return -EMSGSIZE;
507  
508  	len = skb->len;
509  
510  	/* Push ISO data header */
511  	hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
512  	hdr->sn = cpu_to_le16(conn->tx_sn++);
513  	hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
514  						      HCI_ISO_STATUS_VALID));
515  
516  	if (sk->sk_state == BT_CONNECTED)
517  		hci_send_iso(conn->hcon, skb);
518  	else
519  		len = -ENOTCONN;
520  
521  	return len;
522  }
523  
iso_recv_frame(struct iso_conn * conn,struct sk_buff * skb)524  static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
525  {
526  	struct sock *sk;
527  
528  	iso_conn_lock(conn);
529  	sk = conn->sk;
530  	iso_conn_unlock(conn);
531  
532  	if (!sk)
533  		goto drop;
534  
535  	BT_DBG("sk %p len %d", sk, skb->len);
536  
537  	if (sk->sk_state != BT_CONNECTED)
538  		goto drop;
539  
540  	if (!sock_queue_rcv_skb(sk, skb))
541  		return;
542  
543  drop:
544  	kfree_skb(skb);
545  }
546  
547  /* -------- Socket interface ---------- */
__iso_get_sock_listen_by_addr(bdaddr_t * src,bdaddr_t * dst)548  static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
549  {
550  	struct sock *sk;
551  
552  	sk_for_each(sk, &iso_sk_list.head) {
553  		if (sk->sk_state != BT_LISTEN)
554  			continue;
555  
556  		if (bacmp(&iso_pi(sk)->dst, dst))
557  			continue;
558  
559  		if (!bacmp(&iso_pi(sk)->src, src))
560  			return sk;
561  	}
562  
563  	return NULL;
564  }
565  
__iso_get_sock_listen_by_sid(bdaddr_t * ba,bdaddr_t * bc,__u8 sid)566  static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
567  						 __u8 sid)
568  {
569  	struct sock *sk;
570  
571  	sk_for_each(sk, &iso_sk_list.head) {
572  		if (sk->sk_state != BT_LISTEN)
573  			continue;
574  
575  		if (bacmp(&iso_pi(sk)->src, ba))
576  			continue;
577  
578  		if (bacmp(&iso_pi(sk)->dst, bc))
579  			continue;
580  
581  		if (iso_pi(sk)->bc_sid == sid)
582  			return sk;
583  	}
584  
585  	return NULL;
586  }
587  
588  /* Find socket listening:
589   * source bdaddr (Unicast)
590   * destination bdaddr (Broadcast only)
591   * match func - pass NULL to ignore
592   * match func data - pass -1 to ignore
593   * Returns closest match.
594   */
iso_get_sock_listen(bdaddr_t * src,bdaddr_t * dst,iso_sock_match_t match,void * data)595  static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
596  					iso_sock_match_t match, void *data)
597  {
598  	struct sock *sk = NULL, *sk1 = NULL;
599  
600  	read_lock(&iso_sk_list.lock);
601  
602  	sk_for_each(sk, &iso_sk_list.head) {
603  		if (sk->sk_state != BT_LISTEN)
604  			continue;
605  
606  		/* Match Broadcast destination */
607  		if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
608  			continue;
609  
610  		/* Use Match function if provided */
611  		if (match && !match(sk, data))
612  			continue;
613  
614  		/* Exact match. */
615  		if (!bacmp(&iso_pi(sk)->src, src)) {
616  			sock_hold(sk);
617  			break;
618  		}
619  
620  		/* Closest match */
621  		if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
622  			if (sk1)
623  				sock_put(sk1);
624  
625  			sk1 = sk;
626  			sock_hold(sk1);
627  		}
628  	}
629  
630  	if (sk && sk1)
631  		sock_put(sk1);
632  
633  	read_unlock(&iso_sk_list.lock);
634  
635  	return sk ? sk : sk1;
636  }
637  
iso_get_sock_big(struct sock * match_sk,bdaddr_t * src,bdaddr_t * dst,uint8_t big)638  static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
639  				     bdaddr_t *dst, uint8_t big)
640  {
641  	struct sock *sk = NULL;
642  
643  	read_lock(&iso_sk_list.lock);
644  
645  	sk_for_each(sk, &iso_sk_list.head) {
646  		if (match_sk == sk)
647  			continue;
648  
649  		/* Look for sockets that have already been
650  		 * connected to the BIG
651  		 */
652  		if (sk->sk_state != BT_CONNECTED &&
653  		    sk->sk_state != BT_CONNECT)
654  			continue;
655  
656  		/* Match Broadcast destination */
657  		if (bacmp(&iso_pi(sk)->dst, dst))
658  			continue;
659  
660  		/* Match BIG handle */
661  		if (iso_pi(sk)->qos.bcast.big != big)
662  			continue;
663  
664  		/* Match source address */
665  		if (bacmp(&iso_pi(sk)->src, src))
666  			continue;
667  
668  		sock_hold(sk);
669  		break;
670  	}
671  
672  	read_unlock(&iso_sk_list.lock);
673  
674  	return sk;
675  }
676  
iso_sock_destruct(struct sock * sk)677  static void iso_sock_destruct(struct sock *sk)
678  {
679  	BT_DBG("sk %p", sk);
680  
681  	skb_queue_purge(&sk->sk_receive_queue);
682  	skb_queue_purge(&sk->sk_write_queue);
683  }
684  
iso_sock_cleanup_listen(struct sock * parent)685  static void iso_sock_cleanup_listen(struct sock *parent)
686  {
687  	struct sock *sk;
688  
689  	BT_DBG("parent %p", parent);
690  
691  	/* Close not yet accepted channels */
692  	while ((sk = bt_accept_dequeue(parent, NULL))) {
693  		iso_sock_close(sk);
694  		iso_sock_kill(sk);
695  	}
696  
697  	/* If listening socket stands for a PA sync connection,
698  	 * properly disconnect the hcon and socket.
699  	 */
700  	if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon &&
701  	    test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) {
702  		iso_sock_disconn(parent);
703  		return;
704  	}
705  
706  	parent->sk_state  = BT_CLOSED;
707  	sock_set_flag(parent, SOCK_ZAPPED);
708  }
709  
710  /* Kill socket (only if zapped and orphan)
711   * Must be called on unlocked socket.
712   */
iso_sock_kill(struct sock * sk)713  static void iso_sock_kill(struct sock *sk)
714  {
715  	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
716  	    sock_flag(sk, SOCK_DEAD))
717  		return;
718  
719  	BT_DBG("sk %p state %d", sk, sk->sk_state);
720  
721  	/* Kill poor orphan */
722  	bt_sock_unlink(&iso_sk_list, sk);
723  	sock_set_flag(sk, SOCK_DEAD);
724  	sock_put(sk);
725  }
726  
iso_sock_disconn(struct sock * sk)727  static void iso_sock_disconn(struct sock *sk)
728  {
729  	struct sock *bis_sk;
730  	struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
731  
732  	if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
733  		bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
734  					  &iso_pi(sk)->dst,
735  					  iso_pi(sk)->qos.bcast.big);
736  
737  		/* If there are any other connected sockets for the
738  		 * same BIG, just delete the sk and leave the bis
739  		 * hcon active, in case later rebinding is needed.
740  		 */
741  		if (bis_sk) {
742  			hcon->state = BT_OPEN;
743  			iso_pi(sk)->conn->hcon = NULL;
744  			iso_sock_clear_timer(sk);
745  			iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
746  			sock_put(bis_sk);
747  			return;
748  		}
749  	}
750  
751  	sk->sk_state = BT_DISCONN;
752  	iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
753  	iso_conn_lock(iso_pi(sk)->conn);
754  	hci_conn_drop(iso_pi(sk)->conn->hcon);
755  	iso_pi(sk)->conn->hcon = NULL;
756  	iso_conn_unlock(iso_pi(sk)->conn);
757  }
758  
__iso_sock_close(struct sock * sk)759  static void __iso_sock_close(struct sock *sk)
760  {
761  	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
762  
763  	switch (sk->sk_state) {
764  	case BT_LISTEN:
765  		iso_sock_cleanup_listen(sk);
766  		break;
767  
768  	case BT_CONNECT:
769  	case BT_CONNECTED:
770  	case BT_CONFIG:
771  		if (iso_pi(sk)->conn->hcon)
772  			iso_sock_disconn(sk);
773  		else
774  			iso_chan_del(sk, ECONNRESET);
775  		break;
776  
777  	case BT_CONNECT2:
778  		if (iso_pi(sk)->conn->hcon &&
779  		    (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
780  		    test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
781  			iso_sock_disconn(sk);
782  		else
783  			iso_chan_del(sk, ECONNRESET);
784  		break;
785  	case BT_DISCONN:
786  		iso_chan_del(sk, ECONNRESET);
787  		break;
788  
789  	default:
790  		sock_set_flag(sk, SOCK_ZAPPED);
791  		break;
792  	}
793  }
794  
795  /* Must be called on unlocked socket. */
iso_sock_close(struct sock * sk)796  static void iso_sock_close(struct sock *sk)
797  {
798  	iso_sock_clear_timer(sk);
799  	lock_sock(sk);
800  	__iso_sock_close(sk);
801  	release_sock(sk);
802  	iso_sock_kill(sk);
803  }
804  
iso_sock_init(struct sock * sk,struct sock * parent)805  static void iso_sock_init(struct sock *sk, struct sock *parent)
806  {
807  	BT_DBG("sk %p", sk);
808  
809  	if (parent) {
810  		sk->sk_type = parent->sk_type;
811  		bt_sk(sk)->flags = bt_sk(parent)->flags;
812  		security_sk_clone(parent, sk);
813  	}
814  }
815  
816  static struct proto iso_proto = {
817  	.name		= "ISO",
818  	.owner		= THIS_MODULE,
819  	.obj_size	= sizeof(struct iso_pinfo)
820  };
821  
822  #define DEFAULT_IO_QOS \
823  { \
824  	.interval	= 10000u, \
825  	.latency	= 10u, \
826  	.sdu		= 40u, \
827  	.phy		= BT_ISO_PHY_2M, \
828  	.rtn		= 2u, \
829  }
830  
831  static struct bt_iso_qos default_qos = {
832  	.bcast = {
833  		.big			= BT_ISO_QOS_BIG_UNSET,
834  		.bis			= BT_ISO_QOS_BIS_UNSET,
835  		.sync_factor		= 0x01,
836  		.packing		= 0x00,
837  		.framing		= 0x00,
838  		.in			= DEFAULT_IO_QOS,
839  		.out			= DEFAULT_IO_QOS,
840  		.encryption		= 0x00,
841  		.bcode			= {0x00},
842  		.options		= 0x00,
843  		.skip			= 0x0000,
844  		.sync_timeout		= BT_ISO_SYNC_TIMEOUT,
845  		.sync_cte_type		= 0x00,
846  		.mse			= 0x00,
847  		.timeout		= BT_ISO_SYNC_TIMEOUT,
848  	},
849  };
850  
iso_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)851  static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
852  				   int proto, gfp_t prio, int kern)
853  {
854  	struct sock *sk;
855  
856  	sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
857  	if (!sk)
858  		return NULL;
859  
860  	sk->sk_destruct = iso_sock_destruct;
861  	sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
862  
863  	/* Set address type as public as default src address is BDADDR_ANY */
864  	iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
865  
866  	iso_pi(sk)->qos = default_qos;
867  
868  	bt_sock_link(&iso_sk_list, sk);
869  	return sk;
870  }
871  
iso_sock_create(struct net * net,struct socket * sock,int protocol,int kern)872  static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
873  			   int kern)
874  {
875  	struct sock *sk;
876  
877  	BT_DBG("sock %p", sock);
878  
879  	sock->state = SS_UNCONNECTED;
880  
881  	if (sock->type != SOCK_SEQPACKET)
882  		return -ESOCKTNOSUPPORT;
883  
884  	sock->ops = &iso_sock_ops;
885  
886  	sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
887  	if (!sk)
888  		return -ENOMEM;
889  
890  	iso_sock_init(sk, NULL);
891  	return 0;
892  }
893  
iso_sock_bind_bc(struct socket * sock,struct sockaddr * addr,int addr_len)894  static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
895  			    int addr_len)
896  {
897  	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
898  	struct sock *sk = sock->sk;
899  	int i;
900  
901  	BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
902  	       sa->iso_bc->bc_num_bis);
903  
904  	if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) ||
905  	    sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f)
906  		return -EINVAL;
907  
908  	bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
909  	iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
910  	iso_pi(sk)->sync_handle = -1;
911  	iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
912  	iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
913  
914  	for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
915  		if (sa->iso_bc->bc_bis[i] < 0x01 ||
916  		    sa->iso_bc->bc_bis[i] > 0x1f)
917  			return -EINVAL;
918  
919  		memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
920  		       iso_pi(sk)->bc_num_bis);
921  	}
922  
923  	return 0;
924  }
925  
iso_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)926  static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
927  			 int addr_len)
928  {
929  	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
930  	struct sock *sk = sock->sk;
931  	int err = 0;
932  
933  	BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
934  
935  	if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
936  	    addr->sa_family != AF_BLUETOOTH)
937  		return -EINVAL;
938  
939  	lock_sock(sk);
940  
941  	if (sk->sk_state != BT_OPEN) {
942  		err = -EBADFD;
943  		goto done;
944  	}
945  
946  	if (sk->sk_type != SOCK_SEQPACKET) {
947  		err = -EINVAL;
948  		goto done;
949  	}
950  
951  	/* Check if the address type is of LE type */
952  	if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
953  		err = -EINVAL;
954  		goto done;
955  	}
956  
957  	bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
958  	iso_pi(sk)->src_type = sa->iso_bdaddr_type;
959  
960  	/* Check for Broadcast address */
961  	if (addr_len > sizeof(*sa)) {
962  		err = iso_sock_bind_bc(sock, addr, addr_len);
963  		if (err)
964  			goto done;
965  	}
966  
967  	sk->sk_state = BT_BOUND;
968  
969  done:
970  	release_sock(sk);
971  	return err;
972  }
973  
iso_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)974  static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
975  			    int alen, int flags)
976  {
977  	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
978  	struct sock *sk = sock->sk;
979  	int err;
980  
981  	BT_DBG("sk %p", sk);
982  
983  	if (alen < sizeof(struct sockaddr_iso) ||
984  	    addr->sa_family != AF_BLUETOOTH)
985  		return -EINVAL;
986  
987  	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
988  		return -EBADFD;
989  
990  	if (sk->sk_type != SOCK_SEQPACKET)
991  		return -EINVAL;
992  
993  	/* Check if the address type is of LE type */
994  	if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
995  		return -EINVAL;
996  
997  	lock_sock(sk);
998  
999  	bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1000  	iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1001  
1002  	release_sock(sk);
1003  
1004  	if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1005  		err = iso_connect_cis(sk);
1006  	else
1007  		err = iso_connect_bis(sk);
1008  
1009  	if (err)
1010  		return err;
1011  
1012  	lock_sock(sk);
1013  
1014  	if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1015  		err = bt_sock_wait_state(sk, BT_CONNECTED,
1016  					 sock_sndtimeo(sk, flags & O_NONBLOCK));
1017  	}
1018  
1019  	release_sock(sk);
1020  	return err;
1021  }
1022  
iso_listen_bis(struct sock * sk)1023  static int iso_listen_bis(struct sock *sk)
1024  {
1025  	struct hci_dev *hdev;
1026  	int err = 0;
1027  
1028  	BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1029  	       &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1030  
1031  	write_lock(&iso_sk_list.lock);
1032  
1033  	if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1034  					 iso_pi(sk)->bc_sid))
1035  		err = -EADDRINUSE;
1036  
1037  	write_unlock(&iso_sk_list.lock);
1038  
1039  	if (err)
1040  		return err;
1041  
1042  	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1043  			     iso_pi(sk)->src_type);
1044  	if (!hdev)
1045  		return -EHOSTUNREACH;
1046  
1047  	/* Fail if user set invalid QoS */
1048  	if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1049  		iso_pi(sk)->qos = default_qos;
1050  		return -EINVAL;
1051  	}
1052  
1053  	err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1054  				 le_addr_type(iso_pi(sk)->dst_type),
1055  				 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1056  
1057  	hci_dev_put(hdev);
1058  
1059  	return err;
1060  }
1061  
iso_listen_cis(struct sock * sk)1062  static int iso_listen_cis(struct sock *sk)
1063  {
1064  	int err = 0;
1065  
1066  	BT_DBG("%pMR", &iso_pi(sk)->src);
1067  
1068  	write_lock(&iso_sk_list.lock);
1069  
1070  	if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1071  		err = -EADDRINUSE;
1072  
1073  	write_unlock(&iso_sk_list.lock);
1074  
1075  	return err;
1076  }
1077  
iso_sock_listen(struct socket * sock,int backlog)1078  static int iso_sock_listen(struct socket *sock, int backlog)
1079  {
1080  	struct sock *sk = sock->sk;
1081  	int err = 0;
1082  
1083  	BT_DBG("sk %p backlog %d", sk, backlog);
1084  
1085  	lock_sock(sk);
1086  
1087  	if (sk->sk_state != BT_BOUND) {
1088  		err = -EBADFD;
1089  		goto done;
1090  	}
1091  
1092  	if (sk->sk_type != SOCK_SEQPACKET) {
1093  		err = -EINVAL;
1094  		goto done;
1095  	}
1096  
1097  	if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1098  		err = iso_listen_cis(sk);
1099  	else
1100  		err = iso_listen_bis(sk);
1101  
1102  	if (err)
1103  		goto done;
1104  
1105  	sk->sk_max_ack_backlog = backlog;
1106  	sk->sk_ack_backlog = 0;
1107  
1108  	sk->sk_state = BT_LISTEN;
1109  
1110  done:
1111  	release_sock(sk);
1112  	return err;
1113  }
1114  
iso_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)1115  static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1116  			   int flags, bool kern)
1117  {
1118  	DEFINE_WAIT_FUNC(wait, woken_wake_function);
1119  	struct sock *sk = sock->sk, *ch;
1120  	long timeo;
1121  	int err = 0;
1122  
1123  	/* Use explicit nested locking to avoid lockdep warnings generated
1124  	 * because the parent socket and the child socket are locked on the
1125  	 * same thread.
1126  	 */
1127  	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1128  
1129  	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1130  
1131  	BT_DBG("sk %p timeo %ld", sk, timeo);
1132  
1133  	/* Wait for an incoming connection. (wake-one). */
1134  	add_wait_queue_exclusive(sk_sleep(sk), &wait);
1135  	while (1) {
1136  		if (sk->sk_state != BT_LISTEN) {
1137  			err = -EBADFD;
1138  			break;
1139  		}
1140  
1141  		ch = bt_accept_dequeue(sk, newsock);
1142  		if (ch)
1143  			break;
1144  
1145  		if (!timeo) {
1146  			err = -EAGAIN;
1147  			break;
1148  		}
1149  
1150  		if (signal_pending(current)) {
1151  			err = sock_intr_errno(timeo);
1152  			break;
1153  		}
1154  
1155  		release_sock(sk);
1156  
1157  		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1158  		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1159  	}
1160  	remove_wait_queue(sk_sleep(sk), &wait);
1161  
1162  	if (err)
1163  		goto done;
1164  
1165  	newsock->state = SS_CONNECTED;
1166  
1167  	BT_DBG("new socket %p", ch);
1168  
1169  done:
1170  	release_sock(sk);
1171  	return err;
1172  }
1173  
iso_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)1174  static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1175  			    int peer)
1176  {
1177  	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1178  	struct sock *sk = sock->sk;
1179  
1180  	BT_DBG("sock %p, sk %p", sock, sk);
1181  
1182  	addr->sa_family = AF_BLUETOOTH;
1183  
1184  	if (peer) {
1185  		bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1186  		sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1187  	} else {
1188  		bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1189  		sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1190  	}
1191  
1192  	return sizeof(struct sockaddr_iso);
1193  }
1194  
iso_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1195  static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1196  			    size_t len)
1197  {
1198  	struct sock *sk = sock->sk;
1199  	struct sk_buff *skb, **frag;
1200  	size_t mtu;
1201  	int err;
1202  
1203  	BT_DBG("sock %p, sk %p", sock, sk);
1204  
1205  	err = sock_error(sk);
1206  	if (err)
1207  		return err;
1208  
1209  	if (msg->msg_flags & MSG_OOB)
1210  		return -EOPNOTSUPP;
1211  
1212  	lock_sock(sk);
1213  
1214  	if (sk->sk_state != BT_CONNECTED) {
1215  		release_sock(sk);
1216  		return -ENOTCONN;
1217  	}
1218  
1219  	mtu = iso_pi(sk)->conn->hcon->mtu;
1220  
1221  	release_sock(sk);
1222  
1223  	skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1224  	if (IS_ERR(skb))
1225  		return PTR_ERR(skb);
1226  
1227  	len -= skb->len;
1228  
1229  	BT_DBG("skb %p len %d", sk, skb->len);
1230  
1231  	/* Continuation fragments */
1232  	frag = &skb_shinfo(skb)->frag_list;
1233  	while (len) {
1234  		struct sk_buff *tmp;
1235  
1236  		tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1237  		if (IS_ERR(tmp)) {
1238  			kfree_skb(skb);
1239  			return PTR_ERR(tmp);
1240  		}
1241  
1242  		*frag = tmp;
1243  
1244  		len  -= tmp->len;
1245  
1246  		skb->len += tmp->len;
1247  		skb->data_len += tmp->len;
1248  
1249  		BT_DBG("frag %p len %d", *frag, tmp->len);
1250  
1251  		frag = &(*frag)->next;
1252  	}
1253  
1254  	lock_sock(sk);
1255  
1256  	if (sk->sk_state == BT_CONNECTED)
1257  		err = iso_send_frame(sk, skb);
1258  	else
1259  		err = -ENOTCONN;
1260  
1261  	release_sock(sk);
1262  
1263  	if (err < 0)
1264  		kfree_skb(skb);
1265  	return err;
1266  }
1267  
iso_conn_defer_accept(struct hci_conn * conn)1268  static void iso_conn_defer_accept(struct hci_conn *conn)
1269  {
1270  	struct hci_cp_le_accept_cis cp;
1271  	struct hci_dev *hdev = conn->hdev;
1272  
1273  	BT_DBG("conn %p", conn);
1274  
1275  	conn->state = BT_CONFIG;
1276  
1277  	cp.handle = cpu_to_le16(conn->handle);
1278  
1279  	hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1280  }
1281  
iso_conn_big_sync(struct sock * sk)1282  static void iso_conn_big_sync(struct sock *sk)
1283  {
1284  	int err;
1285  	struct hci_dev *hdev;
1286  
1287  	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1288  			     iso_pi(sk)->src_type);
1289  
1290  	if (!hdev)
1291  		return;
1292  
1293  	if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1294  		err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1295  					     &iso_pi(sk)->qos,
1296  					     iso_pi(sk)->sync_handle,
1297  					     iso_pi(sk)->bc_num_bis,
1298  					     iso_pi(sk)->bc_bis);
1299  		if (err)
1300  			bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1301  				   err);
1302  	}
1303  }
1304  
iso_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)1305  static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1306  			    size_t len, int flags)
1307  {
1308  	struct sock *sk = sock->sk;
1309  	struct iso_pinfo *pi = iso_pi(sk);
1310  
1311  	BT_DBG("sk %p", sk);
1312  
1313  	if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1314  		lock_sock(sk);
1315  		switch (sk->sk_state) {
1316  		case BT_CONNECT2:
1317  			if (test_bit(BT_SK_PA_SYNC, &pi->flags)) {
1318  				iso_conn_big_sync(sk);
1319  				sk->sk_state = BT_LISTEN;
1320  			} else {
1321  				iso_conn_defer_accept(pi->conn->hcon);
1322  				sk->sk_state = BT_CONFIG;
1323  			}
1324  			release_sock(sk);
1325  			return 0;
1326  		case BT_CONNECT:
1327  			release_sock(sk);
1328  			return iso_connect_cis(sk);
1329  		default:
1330  			release_sock(sk);
1331  			break;
1332  		}
1333  	}
1334  
1335  	return bt_sock_recvmsg(sock, msg, len, flags);
1336  }
1337  
check_io_qos(struct bt_iso_io_qos * qos)1338  static bool check_io_qos(struct bt_iso_io_qos *qos)
1339  {
1340  	/* If no PHY is enable SDU must be 0 */
1341  	if (!qos->phy && qos->sdu)
1342  		return false;
1343  
1344  	if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1345  		return false;
1346  
1347  	if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1348  		return false;
1349  
1350  	if (qos->phy > BT_ISO_PHY_ANY)
1351  		return false;
1352  
1353  	return true;
1354  }
1355  
check_ucast_qos(struct bt_iso_qos * qos)1356  static bool check_ucast_qos(struct bt_iso_qos *qos)
1357  {
1358  	if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1359  		return false;
1360  
1361  	if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1362  		return false;
1363  
1364  	if (qos->ucast.sca > 0x07)
1365  		return false;
1366  
1367  	if (qos->ucast.packing > 0x01)
1368  		return false;
1369  
1370  	if (qos->ucast.framing > 0x01)
1371  		return false;
1372  
1373  	if (!check_io_qos(&qos->ucast.in))
1374  		return false;
1375  
1376  	if (!check_io_qos(&qos->ucast.out))
1377  		return false;
1378  
1379  	return true;
1380  }
1381  
check_bcast_qos(struct bt_iso_qos * qos)1382  static bool check_bcast_qos(struct bt_iso_qos *qos)
1383  {
1384  	if (!qos->bcast.sync_factor)
1385  		qos->bcast.sync_factor = 0x01;
1386  
1387  	if (qos->bcast.packing > 0x01)
1388  		return false;
1389  
1390  	if (qos->bcast.framing > 0x01)
1391  		return false;
1392  
1393  	if (!check_io_qos(&qos->bcast.in))
1394  		return false;
1395  
1396  	if (!check_io_qos(&qos->bcast.out))
1397  		return false;
1398  
1399  	if (qos->bcast.encryption > 0x01)
1400  		return false;
1401  
1402  	if (qos->bcast.options > 0x07)
1403  		return false;
1404  
1405  	if (qos->bcast.skip > 0x01f3)
1406  		return false;
1407  
1408  	if (!qos->bcast.sync_timeout)
1409  		qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1410  
1411  	if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1412  		return false;
1413  
1414  	if (qos->bcast.sync_cte_type > 0x1f)
1415  		return false;
1416  
1417  	if (qos->bcast.mse > 0x1f)
1418  		return false;
1419  
1420  	if (!qos->bcast.timeout)
1421  		qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1422  
1423  	if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1424  		return false;
1425  
1426  	return true;
1427  }
1428  
iso_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)1429  static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1430  			       sockptr_t optval, unsigned int optlen)
1431  {
1432  	struct sock *sk = sock->sk;
1433  	int err = 0;
1434  	struct bt_iso_qos qos = default_qos;
1435  	u32 opt;
1436  
1437  	BT_DBG("sk %p", sk);
1438  
1439  	lock_sock(sk);
1440  
1441  	switch (optname) {
1442  	case BT_DEFER_SETUP:
1443  		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1444  			err = -EINVAL;
1445  			break;
1446  		}
1447  
1448  		err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1449  		if (err)
1450  			break;
1451  
1452  		if (opt)
1453  			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1454  		else
1455  			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1456  		break;
1457  
1458  	case BT_PKT_STATUS:
1459  		err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1460  		if (err)
1461  			break;
1462  
1463  		if (opt)
1464  			set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1465  		else
1466  			clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1467  		break;
1468  
1469  	case BT_ISO_QOS:
1470  		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1471  		    sk->sk_state != BT_CONNECT2) {
1472  			err = -EINVAL;
1473  			break;
1474  		}
1475  
1476  		err = bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen);
1477  		if (err)
1478  			break;
1479  
1480  		iso_pi(sk)->qos = qos;
1481  		iso_pi(sk)->qos_user_set = true;
1482  
1483  		break;
1484  
1485  	case BT_ISO_BASE:
1486  		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1487  		    sk->sk_state != BT_CONNECT2) {
1488  			err = -EINVAL;
1489  			break;
1490  		}
1491  
1492  		if (optlen > sizeof(iso_pi(sk)->base)) {
1493  			err = -EINVAL;
1494  			break;
1495  		}
1496  
1497  		err = bt_copy_from_sockptr(iso_pi(sk)->base, optlen, optval,
1498  					   optlen);
1499  		if (err)
1500  			break;
1501  
1502  		iso_pi(sk)->base_len = optlen;
1503  
1504  		break;
1505  
1506  	default:
1507  		err = -ENOPROTOOPT;
1508  		break;
1509  	}
1510  
1511  	release_sock(sk);
1512  	return err;
1513  }
1514  
iso_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1515  static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1516  			       char __user *optval, int __user *optlen)
1517  {
1518  	struct sock *sk = sock->sk;
1519  	int len, err = 0;
1520  	struct bt_iso_qos *qos;
1521  	u8 base_len;
1522  	u8 *base;
1523  
1524  	BT_DBG("sk %p", sk);
1525  
1526  	if (get_user(len, optlen))
1527  		return -EFAULT;
1528  
1529  	lock_sock(sk);
1530  
1531  	switch (optname) {
1532  	case BT_DEFER_SETUP:
1533  		if (sk->sk_state == BT_CONNECTED) {
1534  			err = -EINVAL;
1535  			break;
1536  		}
1537  
1538  		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1539  			     (u32 __user *)optval))
1540  			err = -EFAULT;
1541  
1542  		break;
1543  
1544  	case BT_PKT_STATUS:
1545  		if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1546  			     (int __user *)optval))
1547  			err = -EFAULT;
1548  		break;
1549  
1550  	case BT_ISO_QOS:
1551  		qos = iso_sock_get_qos(sk);
1552  
1553  		len = min_t(unsigned int, len, sizeof(*qos));
1554  		if (copy_to_user(optval, qos, len))
1555  			err = -EFAULT;
1556  
1557  		break;
1558  
1559  	case BT_ISO_BASE:
1560  		if (sk->sk_state == BT_CONNECTED &&
1561  		    !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1562  			base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1563  			base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1564  		} else {
1565  			base_len = iso_pi(sk)->base_len;
1566  			base = iso_pi(sk)->base;
1567  		}
1568  
1569  		len = min_t(unsigned int, len, base_len);
1570  		if (copy_to_user(optval, base, len))
1571  			err = -EFAULT;
1572  
1573  		break;
1574  
1575  	default:
1576  		err = -ENOPROTOOPT;
1577  		break;
1578  	}
1579  
1580  	release_sock(sk);
1581  	return err;
1582  }
1583  
iso_sock_shutdown(struct socket * sock,int how)1584  static int iso_sock_shutdown(struct socket *sock, int how)
1585  {
1586  	struct sock *sk = sock->sk;
1587  	int err = 0;
1588  
1589  	BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1590  
1591  	if (!sk)
1592  		return 0;
1593  
1594  	sock_hold(sk);
1595  	lock_sock(sk);
1596  
1597  	switch (how) {
1598  	case SHUT_RD:
1599  		if (sk->sk_shutdown & RCV_SHUTDOWN)
1600  			goto unlock;
1601  		sk->sk_shutdown |= RCV_SHUTDOWN;
1602  		break;
1603  	case SHUT_WR:
1604  		if (sk->sk_shutdown & SEND_SHUTDOWN)
1605  			goto unlock;
1606  		sk->sk_shutdown |= SEND_SHUTDOWN;
1607  		break;
1608  	case SHUT_RDWR:
1609  		if (sk->sk_shutdown & SHUTDOWN_MASK)
1610  			goto unlock;
1611  		sk->sk_shutdown |= SHUTDOWN_MASK;
1612  		break;
1613  	}
1614  
1615  	iso_sock_clear_timer(sk);
1616  	__iso_sock_close(sk);
1617  
1618  	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1619  	    !(current->flags & PF_EXITING))
1620  		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1621  
1622  unlock:
1623  	release_sock(sk);
1624  	sock_put(sk);
1625  
1626  	return err;
1627  }
1628  
iso_sock_release(struct socket * sock)1629  static int iso_sock_release(struct socket *sock)
1630  {
1631  	struct sock *sk = sock->sk;
1632  	int err = 0;
1633  
1634  	BT_DBG("sock %p, sk %p", sock, sk);
1635  
1636  	if (!sk)
1637  		return 0;
1638  
1639  	iso_sock_close(sk);
1640  
1641  	if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1642  	    !(current->flags & PF_EXITING)) {
1643  		lock_sock(sk);
1644  		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1645  		release_sock(sk);
1646  	}
1647  
1648  	sock_orphan(sk);
1649  	iso_sock_kill(sk);
1650  	return err;
1651  }
1652  
iso_sock_ready(struct sock * sk)1653  static void iso_sock_ready(struct sock *sk)
1654  {
1655  	BT_DBG("sk %p", sk);
1656  
1657  	if (!sk)
1658  		return;
1659  
1660  	lock_sock(sk);
1661  	iso_sock_clear_timer(sk);
1662  	sk->sk_state = BT_CONNECTED;
1663  	sk->sk_state_change(sk);
1664  	release_sock(sk);
1665  }
1666  
1667  struct iso_list_data {
1668  	struct hci_conn *hcon;
1669  	int count;
1670  };
1671  
iso_match_big(struct sock * sk,void * data)1672  static bool iso_match_big(struct sock *sk, void *data)
1673  {
1674  	struct hci_evt_le_big_sync_estabilished *ev = data;
1675  
1676  	return ev->handle == iso_pi(sk)->qos.bcast.big;
1677  }
1678  
iso_match_pa_sync_flag(struct sock * sk,void * data)1679  static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1680  {
1681  	return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1682  }
1683  
iso_conn_ready(struct iso_conn * conn)1684  static void iso_conn_ready(struct iso_conn *conn)
1685  {
1686  	struct sock *parent = NULL;
1687  	struct sock *sk = conn->sk;
1688  	struct hci_ev_le_big_sync_estabilished *ev = NULL;
1689  	struct hci_ev_le_pa_sync_established *ev2 = NULL;
1690  	struct hci_evt_le_big_info_adv_report *ev3 = NULL;
1691  	struct hci_conn *hcon;
1692  
1693  	BT_DBG("conn %p", conn);
1694  
1695  	if (sk) {
1696  		iso_sock_ready(conn->sk);
1697  	} else {
1698  		hcon = conn->hcon;
1699  		if (!hcon)
1700  			return;
1701  
1702  		if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1703  		    test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1704  			ev = hci_recv_event_data(hcon->hdev,
1705  						 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1706  
1707  			/* Get reference to PA sync parent socket, if it exists */
1708  			parent = iso_get_sock_listen(&hcon->src,
1709  						     &hcon->dst,
1710  						     iso_match_pa_sync_flag, NULL);
1711  			if (!parent && ev)
1712  				parent = iso_get_sock_listen(&hcon->src,
1713  							     &hcon->dst,
1714  							     iso_match_big, ev);
1715  		} else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1716  			ev2 = hci_recv_event_data(hcon->hdev,
1717  						  HCI_EV_LE_PA_SYNC_ESTABLISHED);
1718  			if (ev2)
1719  				parent = iso_get_sock_listen(&hcon->src,
1720  							     &hcon->dst,
1721  							     iso_match_sid, ev2);
1722  		} else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1723  			ev3 = hci_recv_event_data(hcon->hdev,
1724  						  HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1725  			if (ev3)
1726  				parent = iso_get_sock_listen(&hcon->src,
1727  							     &hcon->dst,
1728  							     iso_match_sync_handle, ev3);
1729  		}
1730  
1731  		if (!parent)
1732  			parent = iso_get_sock_listen(&hcon->src,
1733  							BDADDR_ANY, NULL, NULL);
1734  
1735  		if (!parent)
1736  			return;
1737  
1738  		lock_sock(parent);
1739  
1740  		sk = iso_sock_alloc(sock_net(parent), NULL,
1741  				    BTPROTO_ISO, GFP_ATOMIC, 0);
1742  		if (!sk) {
1743  			release_sock(parent);
1744  			return;
1745  		}
1746  
1747  		iso_sock_init(sk, parent);
1748  
1749  		bacpy(&iso_pi(sk)->src, &hcon->src);
1750  
1751  		/* Convert from HCI to three-value type */
1752  		if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1753  			iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1754  		else
1755  			iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1756  
1757  		/* If hcon has no destination address (BDADDR_ANY) it means it
1758  		 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1759  		 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1760  		 * the parent socket destination address.
1761  		 */
1762  		if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1763  			bacpy(&hcon->dst, &iso_pi(parent)->dst);
1764  			hcon->dst_type = iso_pi(parent)->dst_type;
1765  			hcon->sync_handle = iso_pi(parent)->sync_handle;
1766  		}
1767  
1768  		if (ev3) {
1769  			iso_pi(sk)->qos = iso_pi(parent)->qos;
1770  			iso_pi(sk)->qos.bcast.encryption = ev3->encryption;
1771  			hcon->iso_qos = iso_pi(sk)->qos;
1772  			iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1773  			memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1774  			set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1775  		}
1776  
1777  		bacpy(&iso_pi(sk)->dst, &hcon->dst);
1778  		iso_pi(sk)->dst_type = hcon->dst_type;
1779  		iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1780  		memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1781  		iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1782  
1783  		hci_conn_hold(hcon);
1784  		iso_chan_add(conn, sk, parent);
1785  
1786  		if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1787  		    (ev2 && ev2->status)) {
1788  			/* Trigger error signal on child socket */
1789  			sk->sk_err = ECONNREFUSED;
1790  			sk->sk_error_report(sk);
1791  		}
1792  
1793  		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1794  			sk->sk_state = BT_CONNECT2;
1795  		else
1796  			sk->sk_state = BT_CONNECTED;
1797  
1798  		/* Wake up parent */
1799  		parent->sk_data_ready(parent);
1800  
1801  		release_sock(parent);
1802  		sock_put(parent);
1803  	}
1804  }
1805  
iso_match_sid(struct sock * sk,void * data)1806  static bool iso_match_sid(struct sock *sk, void *data)
1807  {
1808  	struct hci_ev_le_pa_sync_established *ev = data;
1809  
1810  	return ev->sid == iso_pi(sk)->bc_sid;
1811  }
1812  
iso_match_sync_handle(struct sock * sk,void * data)1813  static bool iso_match_sync_handle(struct sock *sk, void *data)
1814  {
1815  	struct hci_evt_le_big_info_adv_report *ev = data;
1816  
1817  	return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1818  }
1819  
iso_match_sync_handle_pa_report(struct sock * sk,void * data)1820  static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1821  {
1822  	struct hci_ev_le_per_adv_report *ev = data;
1823  
1824  	return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1825  }
1826  
1827  /* ----- ISO interface with lower layer (HCI) ----- */
1828  
iso_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1829  int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1830  {
1831  	struct hci_ev_le_pa_sync_established *ev1;
1832  	struct hci_evt_le_big_info_adv_report *ev2;
1833  	struct hci_ev_le_per_adv_report *ev3;
1834  	struct sock *sk;
1835  	int lm = 0;
1836  
1837  	bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1838  
1839  	/* Broadcast receiver requires handling of some events before it can
1840  	 * proceed to establishing a BIG sync:
1841  	 *
1842  	 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1843  	 * SID to listen to and once sync is estabilished its handle needs to
1844  	 * be stored in iso_pi(sk)->sync_handle so it can be matched once
1845  	 * receiving the BIG Info.
1846  	 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1847  	 * a BIG Info it attempts to check if there any listening socket with
1848  	 * the same sync_handle and if it does then attempt to create a sync.
1849  	 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1850  	 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1851  	 * broadcast sink.
1852  	 */
1853  	ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1854  	if (ev1) {
1855  		sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1856  					 ev1);
1857  		if (sk && !ev1->status)
1858  			iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1859  
1860  		goto done;
1861  	}
1862  
1863  	ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1864  	if (ev2) {
1865  		/* Try to get PA sync listening socket, if it exists */
1866  		sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1867  						iso_match_pa_sync_flag, NULL);
1868  
1869  		if (!sk) {
1870  			sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1871  						 iso_match_sync_handle, ev2);
1872  
1873  			/* If PA Sync is in process of terminating,
1874  			 * do not handle any more BIGInfo adv reports.
1875  			 */
1876  
1877  			if (sk && test_bit(BT_SK_PA_SYNC_TERM,
1878  					   &iso_pi(sk)->flags))
1879  				return lm;
1880  		}
1881  
1882  		if (sk) {
1883  			int err;
1884  
1885  			if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1886  				iso_pi(sk)->bc_num_bis = ev2->num_bis;
1887  
1888  			if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1889  			    !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1890  				err = hci_le_big_create_sync(hdev, NULL,
1891  							     &iso_pi(sk)->qos,
1892  							     iso_pi(sk)->sync_handle,
1893  							     iso_pi(sk)->bc_num_bis,
1894  							     iso_pi(sk)->bc_bis);
1895  				if (err) {
1896  					bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1897  						   err);
1898  					sock_put(sk);
1899  					sk = NULL;
1900  				}
1901  			}
1902  		}
1903  	}
1904  
1905  	ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1906  	if (ev3) {
1907  		sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1908  					 iso_match_sync_handle_pa_report, ev3);
1909  
1910  		if (sk) {
1911  			memcpy(iso_pi(sk)->base, ev3->data, ev3->length);
1912  			iso_pi(sk)->base_len = ev3->length;
1913  		}
1914  	} else {
1915  		sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1916  	}
1917  
1918  done:
1919  	if (!sk)
1920  		return lm;
1921  
1922  	lm |= HCI_LM_ACCEPT;
1923  
1924  	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1925  		*flags |= HCI_PROTO_DEFER;
1926  
1927  	sock_put(sk);
1928  
1929  	return lm;
1930  }
1931  
iso_match(struct hci_conn * hcon)1932  static bool iso_match(struct hci_conn *hcon)
1933  {
1934  	return hcon->type == ISO_LINK || hcon->type == LE_LINK;
1935  }
1936  
iso_connect_cfm(struct hci_conn * hcon,__u8 status)1937  static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1938  {
1939  	if (hcon->type != ISO_LINK) {
1940  		if (hcon->type != LE_LINK)
1941  			return;
1942  
1943  		/* Check if LE link has failed */
1944  		if (status) {
1945  			struct hci_link *link, *t;
1946  
1947  			list_for_each_entry_safe(link, t, &hcon->link_list,
1948  						 list)
1949  				iso_conn_del(link->conn, bt_to_errno(status));
1950  
1951  			return;
1952  		}
1953  
1954  		/* Create CIS if pending */
1955  		hci_le_create_cis_pending(hcon->hdev);
1956  		return;
1957  	}
1958  
1959  	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1960  
1961  	/* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
1962  	 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
1963  	 * into the accept queue of the listening socket and wake up
1964  	 * userspace, to inform the user about the event.
1965  	 */
1966  	if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
1967  	    test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1968  		struct iso_conn *conn;
1969  
1970  		conn = iso_conn_add(hcon);
1971  		if (conn)
1972  			iso_conn_ready(conn);
1973  	} else {
1974  		iso_conn_del(hcon, bt_to_errno(status));
1975  	}
1976  }
1977  
iso_disconn_cfm(struct hci_conn * hcon,__u8 reason)1978  static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1979  {
1980  	if (hcon->type != ISO_LINK)
1981  		return;
1982  
1983  	BT_DBG("hcon %p reason %d", hcon, reason);
1984  
1985  	iso_conn_del(hcon, bt_to_errno(reason));
1986  }
1987  
iso_recv(struct hci_conn * hcon,struct sk_buff * skb,u16 flags)1988  void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1989  {
1990  	struct iso_conn *conn = hcon->iso_data;
1991  	__u16 pb, ts, len;
1992  
1993  	if (!conn)
1994  		goto drop;
1995  
1996  	pb     = hci_iso_flags_pb(flags);
1997  	ts     = hci_iso_flags_ts(flags);
1998  
1999  	BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2000  
2001  	switch (pb) {
2002  	case ISO_START:
2003  	case ISO_SINGLE:
2004  		if (conn->rx_len) {
2005  			BT_ERR("Unexpected start frame (len %d)", skb->len);
2006  			kfree_skb(conn->rx_skb);
2007  			conn->rx_skb = NULL;
2008  			conn->rx_len = 0;
2009  		}
2010  
2011  		if (ts) {
2012  			struct hci_iso_ts_data_hdr *hdr;
2013  
2014  			/* TODO: add timestamp to the packet? */
2015  			hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2016  			if (!hdr) {
2017  				BT_ERR("Frame is too short (len %d)", skb->len);
2018  				goto drop;
2019  			}
2020  
2021  			len = __le16_to_cpu(hdr->slen);
2022  		} else {
2023  			struct hci_iso_data_hdr *hdr;
2024  
2025  			hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2026  			if (!hdr) {
2027  				BT_ERR("Frame is too short (len %d)", skb->len);
2028  				goto drop;
2029  			}
2030  
2031  			len = __le16_to_cpu(hdr->slen);
2032  		}
2033  
2034  		flags  = hci_iso_data_flags(len);
2035  		len    = hci_iso_data_len(len);
2036  
2037  		BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2038  		       skb->len, flags);
2039  
2040  		if (len == skb->len) {
2041  			/* Complete frame received */
2042  			hci_skb_pkt_status(skb) = flags & 0x03;
2043  			iso_recv_frame(conn, skb);
2044  			return;
2045  		}
2046  
2047  		if (pb == ISO_SINGLE) {
2048  			BT_ERR("Frame malformed (len %d, expected len %d)",
2049  			       skb->len, len);
2050  			goto drop;
2051  		}
2052  
2053  		if (skb->len > len) {
2054  			BT_ERR("Frame is too long (len %d, expected len %d)",
2055  			       skb->len, len);
2056  			goto drop;
2057  		}
2058  
2059  		/* Allocate skb for the complete frame (with header) */
2060  		conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2061  		if (!conn->rx_skb)
2062  			goto drop;
2063  
2064  		hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2065  		skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2066  					  skb->len);
2067  		conn->rx_len = len - skb->len;
2068  		break;
2069  
2070  	case ISO_CONT:
2071  		BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2072  		       conn->rx_len);
2073  
2074  		if (!conn->rx_len) {
2075  			BT_ERR("Unexpected continuation frame (len %d)",
2076  			       skb->len);
2077  			goto drop;
2078  		}
2079  
2080  		if (skb->len > conn->rx_len) {
2081  			BT_ERR("Fragment is too long (len %d, expected %d)",
2082  			       skb->len, conn->rx_len);
2083  			kfree_skb(conn->rx_skb);
2084  			conn->rx_skb = NULL;
2085  			conn->rx_len = 0;
2086  			goto drop;
2087  		}
2088  
2089  		skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2090  					  skb->len);
2091  		conn->rx_len -= skb->len;
2092  		return;
2093  
2094  	case ISO_END:
2095  		skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2096  					  skb->len);
2097  		conn->rx_len -= skb->len;
2098  
2099  		if (!conn->rx_len) {
2100  			struct sk_buff *rx_skb = conn->rx_skb;
2101  
2102  			/* Complete frame received. iso_recv_frame
2103  			 * takes ownership of the skb so set the global
2104  			 * rx_skb pointer to NULL first.
2105  			 */
2106  			conn->rx_skb = NULL;
2107  			iso_recv_frame(conn, rx_skb);
2108  		}
2109  		break;
2110  	}
2111  
2112  drop:
2113  	kfree_skb(skb);
2114  }
2115  
2116  static struct hci_cb iso_cb = {
2117  	.name		= "ISO",
2118  	.match		= iso_match,
2119  	.connect_cfm	= iso_connect_cfm,
2120  	.disconn_cfm	= iso_disconn_cfm,
2121  };
2122  
iso_debugfs_show(struct seq_file * f,void * p)2123  static int iso_debugfs_show(struct seq_file *f, void *p)
2124  {
2125  	struct sock *sk;
2126  
2127  	read_lock(&iso_sk_list.lock);
2128  
2129  	sk_for_each(sk, &iso_sk_list.head) {
2130  		seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2131  			   &iso_pi(sk)->dst, sk->sk_state);
2132  	}
2133  
2134  	read_unlock(&iso_sk_list.lock);
2135  
2136  	return 0;
2137  }
2138  
2139  DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2140  
2141  static struct dentry *iso_debugfs;
2142  
2143  static const struct proto_ops iso_sock_ops = {
2144  	.family		= PF_BLUETOOTH,
2145  	.owner		= THIS_MODULE,
2146  	.release	= iso_sock_release,
2147  	.bind		= iso_sock_bind,
2148  	.connect	= iso_sock_connect,
2149  	.listen		= iso_sock_listen,
2150  	.accept		= iso_sock_accept,
2151  	.getname	= iso_sock_getname,
2152  	.sendmsg	= iso_sock_sendmsg,
2153  	.recvmsg	= iso_sock_recvmsg,
2154  	.poll		= bt_sock_poll,
2155  	.ioctl		= bt_sock_ioctl,
2156  	.mmap		= sock_no_mmap,
2157  	.socketpair	= sock_no_socketpair,
2158  	.shutdown	= iso_sock_shutdown,
2159  	.setsockopt	= iso_sock_setsockopt,
2160  	.getsockopt	= iso_sock_getsockopt
2161  };
2162  
2163  static const struct net_proto_family iso_sock_family_ops = {
2164  	.family	= PF_BLUETOOTH,
2165  	.owner	= THIS_MODULE,
2166  	.create	= iso_sock_create,
2167  };
2168  
2169  static bool iso_inited;
2170  
iso_enabled(void)2171  bool iso_enabled(void)
2172  {
2173  	return iso_inited;
2174  }
2175  
iso_init(void)2176  int iso_init(void)
2177  {
2178  	int err;
2179  
2180  	BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2181  
2182  	if (iso_inited)
2183  		return -EALREADY;
2184  
2185  	err = proto_register(&iso_proto, 0);
2186  	if (err < 0)
2187  		return err;
2188  
2189  	err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2190  	if (err < 0) {
2191  		BT_ERR("ISO socket registration failed");
2192  		goto error;
2193  	}
2194  
2195  	err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2196  	if (err < 0) {
2197  		BT_ERR("Failed to create ISO proc file");
2198  		bt_sock_unregister(BTPROTO_ISO);
2199  		goto error;
2200  	}
2201  
2202  	BT_INFO("ISO socket layer initialized");
2203  
2204  	hci_register_cb(&iso_cb);
2205  
2206  	if (!IS_ERR_OR_NULL(bt_debugfs))
2207  		iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2208  						  NULL, &iso_debugfs_fops);
2209  
2210  	iso_inited = true;
2211  
2212  	return 0;
2213  
2214  error:
2215  	proto_unregister(&iso_proto);
2216  	return err;
2217  }
2218  
iso_exit(void)2219  int iso_exit(void)
2220  {
2221  	if (!iso_inited)
2222  		return -EALREADY;
2223  
2224  	bt_procfs_cleanup(&init_net, "iso");
2225  
2226  	debugfs_remove(iso_debugfs);
2227  	iso_debugfs = NULL;
2228  
2229  	hci_unregister_cb(&iso_cb);
2230  
2231  	bt_sock_unregister(BTPROTO_ISO);
2232  
2233  	proto_unregister(&iso_proto);
2234  
2235  	iso_inited = false;
2236  
2237  	return 0;
2238  }
2239