1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 * Copyright 2023 NXP
7 */
8
9 #include <linux/module.h>
10 #include <linux/debugfs.h>
11 #include <linux/seq_file.h>
12 #include <linux/sched/signal.h>
13
14 #include <net/bluetooth/bluetooth.h>
15 #include <net/bluetooth/hci_core.h>
16 #include <net/bluetooth/iso.h>
17
18 static const struct proto_ops iso_sock_ops;
19
20 static struct bt_sock_list iso_sk_list = {
21 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
22 };
23
24 /* ---- ISO connections ---- */
25 struct iso_conn {
26 struct hci_conn *hcon;
27
28 /* @lock: spinlock protecting changes to iso_conn fields */
29 spinlock_t lock;
30 struct sock *sk;
31
32 struct delayed_work timeout_work;
33
34 struct sk_buff *rx_skb;
35 __u32 rx_len;
36 __u16 tx_sn;
37 };
38
39 #define iso_conn_lock(c) spin_lock(&(c)->lock)
40 #define iso_conn_unlock(c) spin_unlock(&(c)->lock)
41
42 static void iso_sock_close(struct sock *sk);
43 static void iso_sock_kill(struct sock *sk);
44
45 /* ----- ISO socket info ----- */
46 #define iso_pi(sk) ((struct iso_pinfo *)sk)
47
48 #define EIR_SERVICE_DATA_LENGTH 4
49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
50
51 /* iso_pinfo flags values */
52 enum {
53 BT_SK_BIG_SYNC,
54 BT_SK_PA_SYNC,
55 BT_SK_PA_SYNC_TERM,
56 };
57
58 struct iso_pinfo {
59 struct bt_sock bt;
60 bdaddr_t src;
61 __u8 src_type;
62 bdaddr_t dst;
63 __u8 dst_type;
64 __u8 bc_sid;
65 __u8 bc_num_bis;
66 __u8 bc_bis[ISO_MAX_NUM_BIS];
67 __u16 sync_handle;
68 unsigned long flags;
69 struct bt_iso_qos qos;
70 bool qos_user_set;
71 __u8 base_len;
72 __u8 base[BASE_MAX_LENGTH];
73 struct iso_conn *conn;
74 };
75
76 static struct bt_iso_qos default_qos;
77
78 static bool check_ucast_qos(struct bt_iso_qos *qos);
79 static bool check_bcast_qos(struct bt_iso_qos *qos);
80 static bool iso_match_sid(struct sock *sk, void *data);
81 static bool iso_match_sync_handle(struct sock *sk, void *data);
82 static void iso_sock_disconn(struct sock *sk);
83
84 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
85
86 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
87 iso_sock_match_t match, void *data);
88
89 /* ---- ISO timers ---- */
90 #define ISO_CONN_TIMEOUT (HZ * 40)
91 #define ISO_DISCONN_TIMEOUT (HZ * 2)
92
iso_sock_hold(struct iso_conn * conn)93 static struct sock *iso_sock_hold(struct iso_conn *conn)
94 {
95 if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
96 return NULL;
97
98 sock_hold(conn->sk);
99
100 return conn->sk;
101 }
102
iso_sock_timeout(struct work_struct * work)103 static void iso_sock_timeout(struct work_struct *work)
104 {
105 struct iso_conn *conn = container_of(work, struct iso_conn,
106 timeout_work.work);
107 struct sock *sk;
108
109 iso_conn_lock(conn);
110 sk = iso_sock_hold(conn);
111 iso_conn_unlock(conn);
112
113 if (!sk)
114 return;
115
116 BT_DBG("sock %p state %d", sk, sk->sk_state);
117
118 lock_sock(sk);
119 sk->sk_err = ETIMEDOUT;
120 sk->sk_state_change(sk);
121 release_sock(sk);
122 sock_put(sk);
123 }
124
iso_sock_set_timer(struct sock * sk,long timeout)125 static void iso_sock_set_timer(struct sock *sk, long timeout)
126 {
127 if (!iso_pi(sk)->conn)
128 return;
129
130 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
131 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
132 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
133 }
134
iso_sock_clear_timer(struct sock * sk)135 static void iso_sock_clear_timer(struct sock *sk)
136 {
137 if (!iso_pi(sk)->conn)
138 return;
139
140 BT_DBG("sock %p state %d", sk, sk->sk_state);
141 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
142 }
143
144 /* ---- ISO connections ---- */
iso_conn_add(struct hci_conn * hcon)145 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
146 {
147 struct iso_conn *conn = hcon->iso_data;
148
149 if (conn) {
150 if (!conn->hcon)
151 conn->hcon = hcon;
152 return conn;
153 }
154
155 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
156 if (!conn)
157 return NULL;
158
159 spin_lock_init(&conn->lock);
160 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
161
162 hcon->iso_data = conn;
163 conn->hcon = hcon;
164 conn->tx_sn = 0;
165
166 BT_DBG("hcon %p conn %p", hcon, conn);
167
168 return conn;
169 }
170
171 /* Delete channel. Must be called on the locked socket. */
iso_chan_del(struct sock * sk,int err)172 static void iso_chan_del(struct sock *sk, int err)
173 {
174 struct iso_conn *conn;
175 struct sock *parent;
176
177 conn = iso_pi(sk)->conn;
178
179 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
180
181 if (conn) {
182 iso_conn_lock(conn);
183 conn->sk = NULL;
184 iso_pi(sk)->conn = NULL;
185 iso_conn_unlock(conn);
186
187 if (conn->hcon)
188 hci_conn_drop(conn->hcon);
189 }
190
191 sk->sk_state = BT_CLOSED;
192 sk->sk_err = err;
193
194 parent = bt_sk(sk)->parent;
195 if (parent) {
196 bt_accept_unlink(sk);
197 parent->sk_data_ready(parent);
198 } else {
199 sk->sk_state_change(sk);
200 }
201
202 sock_set_flag(sk, SOCK_ZAPPED);
203 }
204
iso_match_conn_sync_handle(struct sock * sk,void * data)205 static bool iso_match_conn_sync_handle(struct sock *sk, void *data)
206 {
207 struct hci_conn *hcon = data;
208
209 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
210 return false;
211
212 return hcon->sync_handle == iso_pi(sk)->sync_handle;
213 }
214
iso_conn_del(struct hci_conn * hcon,int err)215 static void iso_conn_del(struct hci_conn *hcon, int err)
216 {
217 struct iso_conn *conn = hcon->iso_data;
218 struct sock *sk;
219 struct sock *parent;
220
221 if (!conn)
222 return;
223
224 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
225
226 /* Kill socket */
227 iso_conn_lock(conn);
228 sk = iso_sock_hold(conn);
229 iso_conn_unlock(conn);
230
231 if (sk) {
232 lock_sock(sk);
233
234 /* While a PA sync hcon is in the process of closing,
235 * mark parent socket with a flag, so that any residual
236 * BIGInfo adv reports that arrive before PA sync is
237 * terminated are not processed anymore.
238 */
239 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
240 parent = iso_get_sock_listen(&hcon->src,
241 &hcon->dst,
242 iso_match_conn_sync_handle,
243 hcon);
244
245 if (parent) {
246 set_bit(BT_SK_PA_SYNC_TERM,
247 &iso_pi(parent)->flags);
248 sock_put(parent);
249 }
250 }
251
252 iso_sock_clear_timer(sk);
253 iso_chan_del(sk, err);
254 release_sock(sk);
255 sock_put(sk);
256 }
257
258 /* Ensure no more work items will run before freeing conn. */
259 cancel_delayed_work_sync(&conn->timeout_work);
260
261 hcon->iso_data = NULL;
262 kfree(conn);
263 }
264
__iso_chan_add(struct iso_conn * conn,struct sock * sk,struct sock * parent)265 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
266 struct sock *parent)
267 {
268 BT_DBG("conn %p", conn);
269
270 if (iso_pi(sk)->conn == conn && conn->sk == sk)
271 return 0;
272
273 if (conn->sk) {
274 BT_ERR("conn->sk already set");
275 return -EBUSY;
276 }
277
278 iso_pi(sk)->conn = conn;
279 conn->sk = sk;
280
281 if (parent)
282 bt_accept_enqueue(parent, sk, true);
283
284 return 0;
285 }
286
iso_chan_add(struct iso_conn * conn,struct sock * sk,struct sock * parent)287 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
288 struct sock *parent)
289 {
290 int err;
291
292 iso_conn_lock(conn);
293 err = __iso_chan_add(conn, sk, parent);
294 iso_conn_unlock(conn);
295
296 return err;
297 }
298
le_addr_type(u8 bdaddr_type)299 static inline u8 le_addr_type(u8 bdaddr_type)
300 {
301 if (bdaddr_type == BDADDR_LE_PUBLIC)
302 return ADDR_LE_DEV_PUBLIC;
303 else
304 return ADDR_LE_DEV_RANDOM;
305 }
306
iso_connect_bis(struct sock * sk)307 static int iso_connect_bis(struct sock *sk)
308 {
309 struct iso_conn *conn;
310 struct hci_conn *hcon;
311 struct hci_dev *hdev;
312 int err;
313
314 BT_DBG("%pMR", &iso_pi(sk)->src);
315
316 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
317 iso_pi(sk)->src_type);
318 if (!hdev)
319 return -EHOSTUNREACH;
320
321 hci_dev_lock(hdev);
322
323 if (!bis_capable(hdev)) {
324 err = -EOPNOTSUPP;
325 goto unlock;
326 }
327
328 /* Fail if user set invalid QoS */
329 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
330 iso_pi(sk)->qos = default_qos;
331 err = -EINVAL;
332 goto unlock;
333 }
334
335 /* Fail if out PHYs are marked as disabled */
336 if (!iso_pi(sk)->qos.bcast.out.phy) {
337 err = -EINVAL;
338 goto unlock;
339 }
340
341 /* Just bind if DEFER_SETUP has been set */
342 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
343 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
344 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
345 iso_pi(sk)->base);
346 if (IS_ERR(hcon)) {
347 err = PTR_ERR(hcon);
348 goto unlock;
349 }
350 } else {
351 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
352 le_addr_type(iso_pi(sk)->dst_type),
353 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
354 iso_pi(sk)->base);
355 if (IS_ERR(hcon)) {
356 err = PTR_ERR(hcon);
357 goto unlock;
358 }
359 }
360
361 conn = iso_conn_add(hcon);
362 if (!conn) {
363 hci_conn_drop(hcon);
364 err = -ENOMEM;
365 goto unlock;
366 }
367
368 lock_sock(sk);
369
370 err = iso_chan_add(conn, sk, NULL);
371 if (err) {
372 release_sock(sk);
373 goto unlock;
374 }
375
376 /* Update source addr of the socket */
377 bacpy(&iso_pi(sk)->src, &hcon->src);
378
379 if (hcon->state == BT_CONNECTED) {
380 iso_sock_clear_timer(sk);
381 sk->sk_state = BT_CONNECTED;
382 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
383 iso_sock_clear_timer(sk);
384 sk->sk_state = BT_CONNECT;
385 } else {
386 sk->sk_state = BT_CONNECT;
387 iso_sock_set_timer(sk, sk->sk_sndtimeo);
388 }
389
390 release_sock(sk);
391
392 unlock:
393 hci_dev_unlock(hdev);
394 hci_dev_put(hdev);
395 return err;
396 }
397
iso_connect_cis(struct sock * sk)398 static int iso_connect_cis(struct sock *sk)
399 {
400 struct iso_conn *conn;
401 struct hci_conn *hcon;
402 struct hci_dev *hdev;
403 int err;
404
405 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
406
407 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
408 iso_pi(sk)->src_type);
409 if (!hdev)
410 return -EHOSTUNREACH;
411
412 hci_dev_lock(hdev);
413
414 if (!cis_central_capable(hdev)) {
415 err = -EOPNOTSUPP;
416 goto unlock;
417 }
418
419 /* Fail if user set invalid QoS */
420 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
421 iso_pi(sk)->qos = default_qos;
422 err = -EINVAL;
423 goto unlock;
424 }
425
426 /* Fail if either PHYs are marked as disabled */
427 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
428 err = -EINVAL;
429 goto unlock;
430 }
431
432 /* Just bind if DEFER_SETUP has been set */
433 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
434 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
435 le_addr_type(iso_pi(sk)->dst_type),
436 &iso_pi(sk)->qos);
437 if (IS_ERR(hcon)) {
438 err = PTR_ERR(hcon);
439 goto unlock;
440 }
441 } else {
442 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
443 le_addr_type(iso_pi(sk)->dst_type),
444 &iso_pi(sk)->qos);
445 if (IS_ERR(hcon)) {
446 err = PTR_ERR(hcon);
447 goto unlock;
448 }
449 }
450
451 conn = iso_conn_add(hcon);
452 if (!conn) {
453 hci_conn_drop(hcon);
454 err = -ENOMEM;
455 goto unlock;
456 }
457
458 lock_sock(sk);
459
460 err = iso_chan_add(conn, sk, NULL);
461 if (err) {
462 release_sock(sk);
463 goto unlock;
464 }
465
466 /* Update source addr of the socket */
467 bacpy(&iso_pi(sk)->src, &hcon->src);
468
469 if (hcon->state == BT_CONNECTED) {
470 iso_sock_clear_timer(sk);
471 sk->sk_state = BT_CONNECTED;
472 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
473 iso_sock_clear_timer(sk);
474 sk->sk_state = BT_CONNECT;
475 } else {
476 sk->sk_state = BT_CONNECT;
477 iso_sock_set_timer(sk, sk->sk_sndtimeo);
478 }
479
480 release_sock(sk);
481
482 unlock:
483 hci_dev_unlock(hdev);
484 hci_dev_put(hdev);
485 return err;
486 }
487
iso_sock_get_qos(struct sock * sk)488 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
489 {
490 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
491 return &iso_pi(sk)->conn->hcon->iso_qos;
492
493 return &iso_pi(sk)->qos;
494 }
495
iso_send_frame(struct sock * sk,struct sk_buff * skb)496 static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
497 {
498 struct iso_conn *conn = iso_pi(sk)->conn;
499 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
500 struct hci_iso_data_hdr *hdr;
501 int len = 0;
502
503 BT_DBG("sk %p len %d", sk, skb->len);
504
505 if (skb->len > qos->ucast.out.sdu)
506 return -EMSGSIZE;
507
508 len = skb->len;
509
510 /* Push ISO data header */
511 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
512 hdr->sn = cpu_to_le16(conn->tx_sn++);
513 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
514 HCI_ISO_STATUS_VALID));
515
516 if (sk->sk_state == BT_CONNECTED)
517 hci_send_iso(conn->hcon, skb);
518 else
519 len = -ENOTCONN;
520
521 return len;
522 }
523
iso_recv_frame(struct iso_conn * conn,struct sk_buff * skb)524 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
525 {
526 struct sock *sk;
527
528 iso_conn_lock(conn);
529 sk = conn->sk;
530 iso_conn_unlock(conn);
531
532 if (!sk)
533 goto drop;
534
535 BT_DBG("sk %p len %d", sk, skb->len);
536
537 if (sk->sk_state != BT_CONNECTED)
538 goto drop;
539
540 if (!sock_queue_rcv_skb(sk, skb))
541 return;
542
543 drop:
544 kfree_skb(skb);
545 }
546
547 /* -------- Socket interface ---------- */
__iso_get_sock_listen_by_addr(bdaddr_t * src,bdaddr_t * dst)548 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
549 {
550 struct sock *sk;
551
552 sk_for_each(sk, &iso_sk_list.head) {
553 if (sk->sk_state != BT_LISTEN)
554 continue;
555
556 if (bacmp(&iso_pi(sk)->dst, dst))
557 continue;
558
559 if (!bacmp(&iso_pi(sk)->src, src))
560 return sk;
561 }
562
563 return NULL;
564 }
565
__iso_get_sock_listen_by_sid(bdaddr_t * ba,bdaddr_t * bc,__u8 sid)566 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
567 __u8 sid)
568 {
569 struct sock *sk;
570
571 sk_for_each(sk, &iso_sk_list.head) {
572 if (sk->sk_state != BT_LISTEN)
573 continue;
574
575 if (bacmp(&iso_pi(sk)->src, ba))
576 continue;
577
578 if (bacmp(&iso_pi(sk)->dst, bc))
579 continue;
580
581 if (iso_pi(sk)->bc_sid == sid)
582 return sk;
583 }
584
585 return NULL;
586 }
587
588 /* Find socket listening:
589 * source bdaddr (Unicast)
590 * destination bdaddr (Broadcast only)
591 * match func - pass NULL to ignore
592 * match func data - pass -1 to ignore
593 * Returns closest match.
594 */
iso_get_sock_listen(bdaddr_t * src,bdaddr_t * dst,iso_sock_match_t match,void * data)595 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
596 iso_sock_match_t match, void *data)
597 {
598 struct sock *sk = NULL, *sk1 = NULL;
599
600 read_lock(&iso_sk_list.lock);
601
602 sk_for_each(sk, &iso_sk_list.head) {
603 if (sk->sk_state != BT_LISTEN)
604 continue;
605
606 /* Match Broadcast destination */
607 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
608 continue;
609
610 /* Use Match function if provided */
611 if (match && !match(sk, data))
612 continue;
613
614 /* Exact match. */
615 if (!bacmp(&iso_pi(sk)->src, src)) {
616 sock_hold(sk);
617 break;
618 }
619
620 /* Closest match */
621 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
622 if (sk1)
623 sock_put(sk1);
624
625 sk1 = sk;
626 sock_hold(sk1);
627 }
628 }
629
630 if (sk && sk1)
631 sock_put(sk1);
632
633 read_unlock(&iso_sk_list.lock);
634
635 return sk ? sk : sk1;
636 }
637
iso_get_sock_big(struct sock * match_sk,bdaddr_t * src,bdaddr_t * dst,uint8_t big)638 static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
639 bdaddr_t *dst, uint8_t big)
640 {
641 struct sock *sk = NULL;
642
643 read_lock(&iso_sk_list.lock);
644
645 sk_for_each(sk, &iso_sk_list.head) {
646 if (match_sk == sk)
647 continue;
648
649 /* Look for sockets that have already been
650 * connected to the BIG
651 */
652 if (sk->sk_state != BT_CONNECTED &&
653 sk->sk_state != BT_CONNECT)
654 continue;
655
656 /* Match Broadcast destination */
657 if (bacmp(&iso_pi(sk)->dst, dst))
658 continue;
659
660 /* Match BIG handle */
661 if (iso_pi(sk)->qos.bcast.big != big)
662 continue;
663
664 /* Match source address */
665 if (bacmp(&iso_pi(sk)->src, src))
666 continue;
667
668 sock_hold(sk);
669 break;
670 }
671
672 read_unlock(&iso_sk_list.lock);
673
674 return sk;
675 }
676
iso_sock_destruct(struct sock * sk)677 static void iso_sock_destruct(struct sock *sk)
678 {
679 BT_DBG("sk %p", sk);
680
681 skb_queue_purge(&sk->sk_receive_queue);
682 skb_queue_purge(&sk->sk_write_queue);
683 }
684
iso_sock_cleanup_listen(struct sock * parent)685 static void iso_sock_cleanup_listen(struct sock *parent)
686 {
687 struct sock *sk;
688
689 BT_DBG("parent %p", parent);
690
691 /* Close not yet accepted channels */
692 while ((sk = bt_accept_dequeue(parent, NULL))) {
693 iso_sock_close(sk);
694 iso_sock_kill(sk);
695 }
696
697 /* If listening socket stands for a PA sync connection,
698 * properly disconnect the hcon and socket.
699 */
700 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon &&
701 test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) {
702 iso_sock_disconn(parent);
703 return;
704 }
705
706 parent->sk_state = BT_CLOSED;
707 sock_set_flag(parent, SOCK_ZAPPED);
708 }
709
710 /* Kill socket (only if zapped and orphan)
711 * Must be called on unlocked socket.
712 */
iso_sock_kill(struct sock * sk)713 static void iso_sock_kill(struct sock *sk)
714 {
715 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
716 sock_flag(sk, SOCK_DEAD))
717 return;
718
719 BT_DBG("sk %p state %d", sk, sk->sk_state);
720
721 /* Kill poor orphan */
722 bt_sock_unlink(&iso_sk_list, sk);
723 sock_set_flag(sk, SOCK_DEAD);
724 sock_put(sk);
725 }
726
iso_sock_disconn(struct sock * sk)727 static void iso_sock_disconn(struct sock *sk)
728 {
729 struct sock *bis_sk;
730 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
731
732 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
733 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
734 &iso_pi(sk)->dst,
735 iso_pi(sk)->qos.bcast.big);
736
737 /* If there are any other connected sockets for the
738 * same BIG, just delete the sk and leave the bis
739 * hcon active, in case later rebinding is needed.
740 */
741 if (bis_sk) {
742 hcon->state = BT_OPEN;
743 iso_pi(sk)->conn->hcon = NULL;
744 iso_sock_clear_timer(sk);
745 iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
746 sock_put(bis_sk);
747 return;
748 }
749 }
750
751 sk->sk_state = BT_DISCONN;
752 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
753 iso_conn_lock(iso_pi(sk)->conn);
754 hci_conn_drop(iso_pi(sk)->conn->hcon);
755 iso_pi(sk)->conn->hcon = NULL;
756 iso_conn_unlock(iso_pi(sk)->conn);
757 }
758
__iso_sock_close(struct sock * sk)759 static void __iso_sock_close(struct sock *sk)
760 {
761 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
762
763 switch (sk->sk_state) {
764 case BT_LISTEN:
765 iso_sock_cleanup_listen(sk);
766 break;
767
768 case BT_CONNECT:
769 case BT_CONNECTED:
770 case BT_CONFIG:
771 if (iso_pi(sk)->conn->hcon)
772 iso_sock_disconn(sk);
773 else
774 iso_chan_del(sk, ECONNRESET);
775 break;
776
777 case BT_CONNECT2:
778 if (iso_pi(sk)->conn->hcon &&
779 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
780 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
781 iso_sock_disconn(sk);
782 else
783 iso_chan_del(sk, ECONNRESET);
784 break;
785 case BT_DISCONN:
786 iso_chan_del(sk, ECONNRESET);
787 break;
788
789 default:
790 sock_set_flag(sk, SOCK_ZAPPED);
791 break;
792 }
793 }
794
795 /* Must be called on unlocked socket. */
iso_sock_close(struct sock * sk)796 static void iso_sock_close(struct sock *sk)
797 {
798 iso_sock_clear_timer(sk);
799 lock_sock(sk);
800 __iso_sock_close(sk);
801 release_sock(sk);
802 iso_sock_kill(sk);
803 }
804
iso_sock_init(struct sock * sk,struct sock * parent)805 static void iso_sock_init(struct sock *sk, struct sock *parent)
806 {
807 BT_DBG("sk %p", sk);
808
809 if (parent) {
810 sk->sk_type = parent->sk_type;
811 bt_sk(sk)->flags = bt_sk(parent)->flags;
812 security_sk_clone(parent, sk);
813 }
814 }
815
816 static struct proto iso_proto = {
817 .name = "ISO",
818 .owner = THIS_MODULE,
819 .obj_size = sizeof(struct iso_pinfo)
820 };
821
822 #define DEFAULT_IO_QOS \
823 { \
824 .interval = 10000u, \
825 .latency = 10u, \
826 .sdu = 40u, \
827 .phy = BT_ISO_PHY_2M, \
828 .rtn = 2u, \
829 }
830
831 static struct bt_iso_qos default_qos = {
832 .bcast = {
833 .big = BT_ISO_QOS_BIG_UNSET,
834 .bis = BT_ISO_QOS_BIS_UNSET,
835 .sync_factor = 0x01,
836 .packing = 0x00,
837 .framing = 0x00,
838 .in = DEFAULT_IO_QOS,
839 .out = DEFAULT_IO_QOS,
840 .encryption = 0x00,
841 .bcode = {0x00},
842 .options = 0x00,
843 .skip = 0x0000,
844 .sync_timeout = BT_ISO_SYNC_TIMEOUT,
845 .sync_cte_type = 0x00,
846 .mse = 0x00,
847 .timeout = BT_ISO_SYNC_TIMEOUT,
848 },
849 };
850
iso_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)851 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
852 int proto, gfp_t prio, int kern)
853 {
854 struct sock *sk;
855
856 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
857 if (!sk)
858 return NULL;
859
860 sk->sk_destruct = iso_sock_destruct;
861 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
862
863 /* Set address type as public as default src address is BDADDR_ANY */
864 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
865
866 iso_pi(sk)->qos = default_qos;
867
868 bt_sock_link(&iso_sk_list, sk);
869 return sk;
870 }
871
iso_sock_create(struct net * net,struct socket * sock,int protocol,int kern)872 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
873 int kern)
874 {
875 struct sock *sk;
876
877 BT_DBG("sock %p", sock);
878
879 sock->state = SS_UNCONNECTED;
880
881 if (sock->type != SOCK_SEQPACKET)
882 return -ESOCKTNOSUPPORT;
883
884 sock->ops = &iso_sock_ops;
885
886 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
887 if (!sk)
888 return -ENOMEM;
889
890 iso_sock_init(sk, NULL);
891 return 0;
892 }
893
iso_sock_bind_bc(struct socket * sock,struct sockaddr * addr,int addr_len)894 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
895 int addr_len)
896 {
897 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
898 struct sock *sk = sock->sk;
899 int i;
900
901 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
902 sa->iso_bc->bc_num_bis);
903
904 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) ||
905 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f)
906 return -EINVAL;
907
908 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
909 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
910 iso_pi(sk)->sync_handle = -1;
911 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
912 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
913
914 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
915 if (sa->iso_bc->bc_bis[i] < 0x01 ||
916 sa->iso_bc->bc_bis[i] > 0x1f)
917 return -EINVAL;
918
919 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
920 iso_pi(sk)->bc_num_bis);
921 }
922
923 return 0;
924 }
925
iso_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)926 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
927 int addr_len)
928 {
929 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
930 struct sock *sk = sock->sk;
931 int err = 0;
932
933 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
934
935 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
936 addr->sa_family != AF_BLUETOOTH)
937 return -EINVAL;
938
939 lock_sock(sk);
940
941 if (sk->sk_state != BT_OPEN) {
942 err = -EBADFD;
943 goto done;
944 }
945
946 if (sk->sk_type != SOCK_SEQPACKET) {
947 err = -EINVAL;
948 goto done;
949 }
950
951 /* Check if the address type is of LE type */
952 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
953 err = -EINVAL;
954 goto done;
955 }
956
957 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
958 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
959
960 /* Check for Broadcast address */
961 if (addr_len > sizeof(*sa)) {
962 err = iso_sock_bind_bc(sock, addr, addr_len);
963 if (err)
964 goto done;
965 }
966
967 sk->sk_state = BT_BOUND;
968
969 done:
970 release_sock(sk);
971 return err;
972 }
973
iso_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)974 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
975 int alen, int flags)
976 {
977 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
978 struct sock *sk = sock->sk;
979 int err;
980
981 BT_DBG("sk %p", sk);
982
983 if (alen < sizeof(struct sockaddr_iso) ||
984 addr->sa_family != AF_BLUETOOTH)
985 return -EINVAL;
986
987 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
988 return -EBADFD;
989
990 if (sk->sk_type != SOCK_SEQPACKET)
991 return -EINVAL;
992
993 /* Check if the address type is of LE type */
994 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
995 return -EINVAL;
996
997 lock_sock(sk);
998
999 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1000 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1001
1002 release_sock(sk);
1003
1004 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1005 err = iso_connect_cis(sk);
1006 else
1007 err = iso_connect_bis(sk);
1008
1009 if (err)
1010 return err;
1011
1012 lock_sock(sk);
1013
1014 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1015 err = bt_sock_wait_state(sk, BT_CONNECTED,
1016 sock_sndtimeo(sk, flags & O_NONBLOCK));
1017 }
1018
1019 release_sock(sk);
1020 return err;
1021 }
1022
iso_listen_bis(struct sock * sk)1023 static int iso_listen_bis(struct sock *sk)
1024 {
1025 struct hci_dev *hdev;
1026 int err = 0;
1027
1028 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1029 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1030
1031 write_lock(&iso_sk_list.lock);
1032
1033 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1034 iso_pi(sk)->bc_sid))
1035 err = -EADDRINUSE;
1036
1037 write_unlock(&iso_sk_list.lock);
1038
1039 if (err)
1040 return err;
1041
1042 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1043 iso_pi(sk)->src_type);
1044 if (!hdev)
1045 return -EHOSTUNREACH;
1046
1047 /* Fail if user set invalid QoS */
1048 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1049 iso_pi(sk)->qos = default_qos;
1050 return -EINVAL;
1051 }
1052
1053 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1054 le_addr_type(iso_pi(sk)->dst_type),
1055 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1056
1057 hci_dev_put(hdev);
1058
1059 return err;
1060 }
1061
iso_listen_cis(struct sock * sk)1062 static int iso_listen_cis(struct sock *sk)
1063 {
1064 int err = 0;
1065
1066 BT_DBG("%pMR", &iso_pi(sk)->src);
1067
1068 write_lock(&iso_sk_list.lock);
1069
1070 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1071 err = -EADDRINUSE;
1072
1073 write_unlock(&iso_sk_list.lock);
1074
1075 return err;
1076 }
1077
iso_sock_listen(struct socket * sock,int backlog)1078 static int iso_sock_listen(struct socket *sock, int backlog)
1079 {
1080 struct sock *sk = sock->sk;
1081 int err = 0;
1082
1083 BT_DBG("sk %p backlog %d", sk, backlog);
1084
1085 lock_sock(sk);
1086
1087 if (sk->sk_state != BT_BOUND) {
1088 err = -EBADFD;
1089 goto done;
1090 }
1091
1092 if (sk->sk_type != SOCK_SEQPACKET) {
1093 err = -EINVAL;
1094 goto done;
1095 }
1096
1097 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1098 err = iso_listen_cis(sk);
1099 else
1100 err = iso_listen_bis(sk);
1101
1102 if (err)
1103 goto done;
1104
1105 sk->sk_max_ack_backlog = backlog;
1106 sk->sk_ack_backlog = 0;
1107
1108 sk->sk_state = BT_LISTEN;
1109
1110 done:
1111 release_sock(sk);
1112 return err;
1113 }
1114
iso_sock_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)1115 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1116 int flags, bool kern)
1117 {
1118 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1119 struct sock *sk = sock->sk, *ch;
1120 long timeo;
1121 int err = 0;
1122
1123 /* Use explicit nested locking to avoid lockdep warnings generated
1124 * because the parent socket and the child socket are locked on the
1125 * same thread.
1126 */
1127 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1128
1129 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1130
1131 BT_DBG("sk %p timeo %ld", sk, timeo);
1132
1133 /* Wait for an incoming connection. (wake-one). */
1134 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1135 while (1) {
1136 if (sk->sk_state != BT_LISTEN) {
1137 err = -EBADFD;
1138 break;
1139 }
1140
1141 ch = bt_accept_dequeue(sk, newsock);
1142 if (ch)
1143 break;
1144
1145 if (!timeo) {
1146 err = -EAGAIN;
1147 break;
1148 }
1149
1150 if (signal_pending(current)) {
1151 err = sock_intr_errno(timeo);
1152 break;
1153 }
1154
1155 release_sock(sk);
1156
1157 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1158 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1159 }
1160 remove_wait_queue(sk_sleep(sk), &wait);
1161
1162 if (err)
1163 goto done;
1164
1165 newsock->state = SS_CONNECTED;
1166
1167 BT_DBG("new socket %p", ch);
1168
1169 done:
1170 release_sock(sk);
1171 return err;
1172 }
1173
iso_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)1174 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1175 int peer)
1176 {
1177 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1178 struct sock *sk = sock->sk;
1179
1180 BT_DBG("sock %p, sk %p", sock, sk);
1181
1182 addr->sa_family = AF_BLUETOOTH;
1183
1184 if (peer) {
1185 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1186 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1187 } else {
1188 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1189 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1190 }
1191
1192 return sizeof(struct sockaddr_iso);
1193 }
1194
iso_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1195 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1196 size_t len)
1197 {
1198 struct sock *sk = sock->sk;
1199 struct sk_buff *skb, **frag;
1200 size_t mtu;
1201 int err;
1202
1203 BT_DBG("sock %p, sk %p", sock, sk);
1204
1205 err = sock_error(sk);
1206 if (err)
1207 return err;
1208
1209 if (msg->msg_flags & MSG_OOB)
1210 return -EOPNOTSUPP;
1211
1212 lock_sock(sk);
1213
1214 if (sk->sk_state != BT_CONNECTED) {
1215 release_sock(sk);
1216 return -ENOTCONN;
1217 }
1218
1219 mtu = iso_pi(sk)->conn->hcon->mtu;
1220
1221 release_sock(sk);
1222
1223 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1224 if (IS_ERR(skb))
1225 return PTR_ERR(skb);
1226
1227 len -= skb->len;
1228
1229 BT_DBG("skb %p len %d", sk, skb->len);
1230
1231 /* Continuation fragments */
1232 frag = &skb_shinfo(skb)->frag_list;
1233 while (len) {
1234 struct sk_buff *tmp;
1235
1236 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1237 if (IS_ERR(tmp)) {
1238 kfree_skb(skb);
1239 return PTR_ERR(tmp);
1240 }
1241
1242 *frag = tmp;
1243
1244 len -= tmp->len;
1245
1246 skb->len += tmp->len;
1247 skb->data_len += tmp->len;
1248
1249 BT_DBG("frag %p len %d", *frag, tmp->len);
1250
1251 frag = &(*frag)->next;
1252 }
1253
1254 lock_sock(sk);
1255
1256 if (sk->sk_state == BT_CONNECTED)
1257 err = iso_send_frame(sk, skb);
1258 else
1259 err = -ENOTCONN;
1260
1261 release_sock(sk);
1262
1263 if (err < 0)
1264 kfree_skb(skb);
1265 return err;
1266 }
1267
iso_conn_defer_accept(struct hci_conn * conn)1268 static void iso_conn_defer_accept(struct hci_conn *conn)
1269 {
1270 struct hci_cp_le_accept_cis cp;
1271 struct hci_dev *hdev = conn->hdev;
1272
1273 BT_DBG("conn %p", conn);
1274
1275 conn->state = BT_CONFIG;
1276
1277 cp.handle = cpu_to_le16(conn->handle);
1278
1279 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1280 }
1281
iso_conn_big_sync(struct sock * sk)1282 static void iso_conn_big_sync(struct sock *sk)
1283 {
1284 int err;
1285 struct hci_dev *hdev;
1286
1287 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1288 iso_pi(sk)->src_type);
1289
1290 if (!hdev)
1291 return;
1292
1293 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1294 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1295 &iso_pi(sk)->qos,
1296 iso_pi(sk)->sync_handle,
1297 iso_pi(sk)->bc_num_bis,
1298 iso_pi(sk)->bc_bis);
1299 if (err)
1300 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1301 err);
1302 }
1303 }
1304
iso_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)1305 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1306 size_t len, int flags)
1307 {
1308 struct sock *sk = sock->sk;
1309 struct iso_pinfo *pi = iso_pi(sk);
1310
1311 BT_DBG("sk %p", sk);
1312
1313 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1314 lock_sock(sk);
1315 switch (sk->sk_state) {
1316 case BT_CONNECT2:
1317 if (test_bit(BT_SK_PA_SYNC, &pi->flags)) {
1318 iso_conn_big_sync(sk);
1319 sk->sk_state = BT_LISTEN;
1320 } else {
1321 iso_conn_defer_accept(pi->conn->hcon);
1322 sk->sk_state = BT_CONFIG;
1323 }
1324 release_sock(sk);
1325 return 0;
1326 case BT_CONNECT:
1327 release_sock(sk);
1328 return iso_connect_cis(sk);
1329 default:
1330 release_sock(sk);
1331 break;
1332 }
1333 }
1334
1335 return bt_sock_recvmsg(sock, msg, len, flags);
1336 }
1337
check_io_qos(struct bt_iso_io_qos * qos)1338 static bool check_io_qos(struct bt_iso_io_qos *qos)
1339 {
1340 /* If no PHY is enable SDU must be 0 */
1341 if (!qos->phy && qos->sdu)
1342 return false;
1343
1344 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1345 return false;
1346
1347 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1348 return false;
1349
1350 if (qos->phy > BT_ISO_PHY_ANY)
1351 return false;
1352
1353 return true;
1354 }
1355
check_ucast_qos(struct bt_iso_qos * qos)1356 static bool check_ucast_qos(struct bt_iso_qos *qos)
1357 {
1358 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1359 return false;
1360
1361 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1362 return false;
1363
1364 if (qos->ucast.sca > 0x07)
1365 return false;
1366
1367 if (qos->ucast.packing > 0x01)
1368 return false;
1369
1370 if (qos->ucast.framing > 0x01)
1371 return false;
1372
1373 if (!check_io_qos(&qos->ucast.in))
1374 return false;
1375
1376 if (!check_io_qos(&qos->ucast.out))
1377 return false;
1378
1379 return true;
1380 }
1381
check_bcast_qos(struct bt_iso_qos * qos)1382 static bool check_bcast_qos(struct bt_iso_qos *qos)
1383 {
1384 if (!qos->bcast.sync_factor)
1385 qos->bcast.sync_factor = 0x01;
1386
1387 if (qos->bcast.packing > 0x01)
1388 return false;
1389
1390 if (qos->bcast.framing > 0x01)
1391 return false;
1392
1393 if (!check_io_qos(&qos->bcast.in))
1394 return false;
1395
1396 if (!check_io_qos(&qos->bcast.out))
1397 return false;
1398
1399 if (qos->bcast.encryption > 0x01)
1400 return false;
1401
1402 if (qos->bcast.options > 0x07)
1403 return false;
1404
1405 if (qos->bcast.skip > 0x01f3)
1406 return false;
1407
1408 if (!qos->bcast.sync_timeout)
1409 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1410
1411 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1412 return false;
1413
1414 if (qos->bcast.sync_cte_type > 0x1f)
1415 return false;
1416
1417 if (qos->bcast.mse > 0x1f)
1418 return false;
1419
1420 if (!qos->bcast.timeout)
1421 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1422
1423 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1424 return false;
1425
1426 return true;
1427 }
1428
iso_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)1429 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1430 sockptr_t optval, unsigned int optlen)
1431 {
1432 struct sock *sk = sock->sk;
1433 int err = 0;
1434 struct bt_iso_qos qos = default_qos;
1435 u32 opt;
1436
1437 BT_DBG("sk %p", sk);
1438
1439 lock_sock(sk);
1440
1441 switch (optname) {
1442 case BT_DEFER_SETUP:
1443 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1444 err = -EINVAL;
1445 break;
1446 }
1447
1448 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1449 if (err)
1450 break;
1451
1452 if (opt)
1453 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1454 else
1455 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1456 break;
1457
1458 case BT_PKT_STATUS:
1459 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1460 if (err)
1461 break;
1462
1463 if (opt)
1464 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1465 else
1466 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1467 break;
1468
1469 case BT_ISO_QOS:
1470 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1471 sk->sk_state != BT_CONNECT2) {
1472 err = -EINVAL;
1473 break;
1474 }
1475
1476 err = bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen);
1477 if (err)
1478 break;
1479
1480 iso_pi(sk)->qos = qos;
1481 iso_pi(sk)->qos_user_set = true;
1482
1483 break;
1484
1485 case BT_ISO_BASE:
1486 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1487 sk->sk_state != BT_CONNECT2) {
1488 err = -EINVAL;
1489 break;
1490 }
1491
1492 if (optlen > sizeof(iso_pi(sk)->base)) {
1493 err = -EINVAL;
1494 break;
1495 }
1496
1497 err = bt_copy_from_sockptr(iso_pi(sk)->base, optlen, optval,
1498 optlen);
1499 if (err)
1500 break;
1501
1502 iso_pi(sk)->base_len = optlen;
1503
1504 break;
1505
1506 default:
1507 err = -ENOPROTOOPT;
1508 break;
1509 }
1510
1511 release_sock(sk);
1512 return err;
1513 }
1514
iso_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1515 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1516 char __user *optval, int __user *optlen)
1517 {
1518 struct sock *sk = sock->sk;
1519 int len, err = 0;
1520 struct bt_iso_qos *qos;
1521 u8 base_len;
1522 u8 *base;
1523
1524 BT_DBG("sk %p", sk);
1525
1526 if (get_user(len, optlen))
1527 return -EFAULT;
1528
1529 lock_sock(sk);
1530
1531 switch (optname) {
1532 case BT_DEFER_SETUP:
1533 if (sk->sk_state == BT_CONNECTED) {
1534 err = -EINVAL;
1535 break;
1536 }
1537
1538 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1539 (u32 __user *)optval))
1540 err = -EFAULT;
1541
1542 break;
1543
1544 case BT_PKT_STATUS:
1545 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1546 (int __user *)optval))
1547 err = -EFAULT;
1548 break;
1549
1550 case BT_ISO_QOS:
1551 qos = iso_sock_get_qos(sk);
1552
1553 len = min_t(unsigned int, len, sizeof(*qos));
1554 if (copy_to_user(optval, qos, len))
1555 err = -EFAULT;
1556
1557 break;
1558
1559 case BT_ISO_BASE:
1560 if (sk->sk_state == BT_CONNECTED &&
1561 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1562 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1563 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1564 } else {
1565 base_len = iso_pi(sk)->base_len;
1566 base = iso_pi(sk)->base;
1567 }
1568
1569 len = min_t(unsigned int, len, base_len);
1570 if (copy_to_user(optval, base, len))
1571 err = -EFAULT;
1572
1573 break;
1574
1575 default:
1576 err = -ENOPROTOOPT;
1577 break;
1578 }
1579
1580 release_sock(sk);
1581 return err;
1582 }
1583
iso_sock_shutdown(struct socket * sock,int how)1584 static int iso_sock_shutdown(struct socket *sock, int how)
1585 {
1586 struct sock *sk = sock->sk;
1587 int err = 0;
1588
1589 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1590
1591 if (!sk)
1592 return 0;
1593
1594 sock_hold(sk);
1595 lock_sock(sk);
1596
1597 switch (how) {
1598 case SHUT_RD:
1599 if (sk->sk_shutdown & RCV_SHUTDOWN)
1600 goto unlock;
1601 sk->sk_shutdown |= RCV_SHUTDOWN;
1602 break;
1603 case SHUT_WR:
1604 if (sk->sk_shutdown & SEND_SHUTDOWN)
1605 goto unlock;
1606 sk->sk_shutdown |= SEND_SHUTDOWN;
1607 break;
1608 case SHUT_RDWR:
1609 if (sk->sk_shutdown & SHUTDOWN_MASK)
1610 goto unlock;
1611 sk->sk_shutdown |= SHUTDOWN_MASK;
1612 break;
1613 }
1614
1615 iso_sock_clear_timer(sk);
1616 __iso_sock_close(sk);
1617
1618 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1619 !(current->flags & PF_EXITING))
1620 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1621
1622 unlock:
1623 release_sock(sk);
1624 sock_put(sk);
1625
1626 return err;
1627 }
1628
iso_sock_release(struct socket * sock)1629 static int iso_sock_release(struct socket *sock)
1630 {
1631 struct sock *sk = sock->sk;
1632 int err = 0;
1633
1634 BT_DBG("sock %p, sk %p", sock, sk);
1635
1636 if (!sk)
1637 return 0;
1638
1639 iso_sock_close(sk);
1640
1641 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1642 !(current->flags & PF_EXITING)) {
1643 lock_sock(sk);
1644 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1645 release_sock(sk);
1646 }
1647
1648 sock_orphan(sk);
1649 iso_sock_kill(sk);
1650 return err;
1651 }
1652
iso_sock_ready(struct sock * sk)1653 static void iso_sock_ready(struct sock *sk)
1654 {
1655 BT_DBG("sk %p", sk);
1656
1657 if (!sk)
1658 return;
1659
1660 lock_sock(sk);
1661 iso_sock_clear_timer(sk);
1662 sk->sk_state = BT_CONNECTED;
1663 sk->sk_state_change(sk);
1664 release_sock(sk);
1665 }
1666
1667 struct iso_list_data {
1668 struct hci_conn *hcon;
1669 int count;
1670 };
1671
iso_match_big(struct sock * sk,void * data)1672 static bool iso_match_big(struct sock *sk, void *data)
1673 {
1674 struct hci_evt_le_big_sync_estabilished *ev = data;
1675
1676 return ev->handle == iso_pi(sk)->qos.bcast.big;
1677 }
1678
iso_match_pa_sync_flag(struct sock * sk,void * data)1679 static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1680 {
1681 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1682 }
1683
iso_conn_ready(struct iso_conn * conn)1684 static void iso_conn_ready(struct iso_conn *conn)
1685 {
1686 struct sock *parent = NULL;
1687 struct sock *sk = conn->sk;
1688 struct hci_ev_le_big_sync_estabilished *ev = NULL;
1689 struct hci_ev_le_pa_sync_established *ev2 = NULL;
1690 struct hci_evt_le_big_info_adv_report *ev3 = NULL;
1691 struct hci_conn *hcon;
1692
1693 BT_DBG("conn %p", conn);
1694
1695 if (sk) {
1696 iso_sock_ready(conn->sk);
1697 } else {
1698 hcon = conn->hcon;
1699 if (!hcon)
1700 return;
1701
1702 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1703 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1704 ev = hci_recv_event_data(hcon->hdev,
1705 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1706
1707 /* Get reference to PA sync parent socket, if it exists */
1708 parent = iso_get_sock_listen(&hcon->src,
1709 &hcon->dst,
1710 iso_match_pa_sync_flag, NULL);
1711 if (!parent && ev)
1712 parent = iso_get_sock_listen(&hcon->src,
1713 &hcon->dst,
1714 iso_match_big, ev);
1715 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1716 ev2 = hci_recv_event_data(hcon->hdev,
1717 HCI_EV_LE_PA_SYNC_ESTABLISHED);
1718 if (ev2)
1719 parent = iso_get_sock_listen(&hcon->src,
1720 &hcon->dst,
1721 iso_match_sid, ev2);
1722 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1723 ev3 = hci_recv_event_data(hcon->hdev,
1724 HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1725 if (ev3)
1726 parent = iso_get_sock_listen(&hcon->src,
1727 &hcon->dst,
1728 iso_match_sync_handle, ev3);
1729 }
1730
1731 if (!parent)
1732 parent = iso_get_sock_listen(&hcon->src,
1733 BDADDR_ANY, NULL, NULL);
1734
1735 if (!parent)
1736 return;
1737
1738 lock_sock(parent);
1739
1740 sk = iso_sock_alloc(sock_net(parent), NULL,
1741 BTPROTO_ISO, GFP_ATOMIC, 0);
1742 if (!sk) {
1743 release_sock(parent);
1744 return;
1745 }
1746
1747 iso_sock_init(sk, parent);
1748
1749 bacpy(&iso_pi(sk)->src, &hcon->src);
1750
1751 /* Convert from HCI to three-value type */
1752 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1753 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1754 else
1755 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1756
1757 /* If hcon has no destination address (BDADDR_ANY) it means it
1758 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1759 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1760 * the parent socket destination address.
1761 */
1762 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1763 bacpy(&hcon->dst, &iso_pi(parent)->dst);
1764 hcon->dst_type = iso_pi(parent)->dst_type;
1765 hcon->sync_handle = iso_pi(parent)->sync_handle;
1766 }
1767
1768 if (ev3) {
1769 iso_pi(sk)->qos = iso_pi(parent)->qos;
1770 iso_pi(sk)->qos.bcast.encryption = ev3->encryption;
1771 hcon->iso_qos = iso_pi(sk)->qos;
1772 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1773 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1774 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1775 }
1776
1777 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1778 iso_pi(sk)->dst_type = hcon->dst_type;
1779 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1780 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1781 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1782
1783 hci_conn_hold(hcon);
1784 iso_chan_add(conn, sk, parent);
1785
1786 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1787 (ev2 && ev2->status)) {
1788 /* Trigger error signal on child socket */
1789 sk->sk_err = ECONNREFUSED;
1790 sk->sk_error_report(sk);
1791 }
1792
1793 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1794 sk->sk_state = BT_CONNECT2;
1795 else
1796 sk->sk_state = BT_CONNECTED;
1797
1798 /* Wake up parent */
1799 parent->sk_data_ready(parent);
1800
1801 release_sock(parent);
1802 sock_put(parent);
1803 }
1804 }
1805
iso_match_sid(struct sock * sk,void * data)1806 static bool iso_match_sid(struct sock *sk, void *data)
1807 {
1808 struct hci_ev_le_pa_sync_established *ev = data;
1809
1810 return ev->sid == iso_pi(sk)->bc_sid;
1811 }
1812
iso_match_sync_handle(struct sock * sk,void * data)1813 static bool iso_match_sync_handle(struct sock *sk, void *data)
1814 {
1815 struct hci_evt_le_big_info_adv_report *ev = data;
1816
1817 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1818 }
1819
iso_match_sync_handle_pa_report(struct sock * sk,void * data)1820 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1821 {
1822 struct hci_ev_le_per_adv_report *ev = data;
1823
1824 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1825 }
1826
1827 /* ----- ISO interface with lower layer (HCI) ----- */
1828
iso_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1829 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1830 {
1831 struct hci_ev_le_pa_sync_established *ev1;
1832 struct hci_evt_le_big_info_adv_report *ev2;
1833 struct hci_ev_le_per_adv_report *ev3;
1834 struct sock *sk;
1835 int lm = 0;
1836
1837 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1838
1839 /* Broadcast receiver requires handling of some events before it can
1840 * proceed to establishing a BIG sync:
1841 *
1842 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1843 * SID to listen to and once sync is estabilished its handle needs to
1844 * be stored in iso_pi(sk)->sync_handle so it can be matched once
1845 * receiving the BIG Info.
1846 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1847 * a BIG Info it attempts to check if there any listening socket with
1848 * the same sync_handle and if it does then attempt to create a sync.
1849 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1850 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1851 * broadcast sink.
1852 */
1853 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1854 if (ev1) {
1855 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1856 ev1);
1857 if (sk && !ev1->status)
1858 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1859
1860 goto done;
1861 }
1862
1863 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1864 if (ev2) {
1865 /* Try to get PA sync listening socket, if it exists */
1866 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1867 iso_match_pa_sync_flag, NULL);
1868
1869 if (!sk) {
1870 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1871 iso_match_sync_handle, ev2);
1872
1873 /* If PA Sync is in process of terminating,
1874 * do not handle any more BIGInfo adv reports.
1875 */
1876
1877 if (sk && test_bit(BT_SK_PA_SYNC_TERM,
1878 &iso_pi(sk)->flags))
1879 return lm;
1880 }
1881
1882 if (sk) {
1883 int err;
1884
1885 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1886 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1887
1888 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1889 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1890 err = hci_le_big_create_sync(hdev, NULL,
1891 &iso_pi(sk)->qos,
1892 iso_pi(sk)->sync_handle,
1893 iso_pi(sk)->bc_num_bis,
1894 iso_pi(sk)->bc_bis);
1895 if (err) {
1896 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1897 err);
1898 sock_put(sk);
1899 sk = NULL;
1900 }
1901 }
1902 }
1903 }
1904
1905 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1906 if (ev3) {
1907 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1908 iso_match_sync_handle_pa_report, ev3);
1909
1910 if (sk) {
1911 memcpy(iso_pi(sk)->base, ev3->data, ev3->length);
1912 iso_pi(sk)->base_len = ev3->length;
1913 }
1914 } else {
1915 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1916 }
1917
1918 done:
1919 if (!sk)
1920 return lm;
1921
1922 lm |= HCI_LM_ACCEPT;
1923
1924 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1925 *flags |= HCI_PROTO_DEFER;
1926
1927 sock_put(sk);
1928
1929 return lm;
1930 }
1931
iso_connect_cfm(struct hci_conn * hcon,__u8 status)1932 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1933 {
1934 if (hcon->type != ISO_LINK) {
1935 if (hcon->type != LE_LINK)
1936 return;
1937
1938 /* Check if LE link has failed */
1939 if (status) {
1940 struct hci_link *link, *t;
1941
1942 list_for_each_entry_safe(link, t, &hcon->link_list,
1943 list)
1944 iso_conn_del(link->conn, bt_to_errno(status));
1945
1946 return;
1947 }
1948
1949 /* Create CIS if pending */
1950 hci_le_create_cis_pending(hcon->hdev);
1951 return;
1952 }
1953
1954 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1955
1956 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
1957 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
1958 * into the accept queue of the listening socket and wake up
1959 * userspace, to inform the user about the event.
1960 */
1961 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
1962 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1963 struct iso_conn *conn;
1964
1965 conn = iso_conn_add(hcon);
1966 if (conn)
1967 iso_conn_ready(conn);
1968 } else {
1969 iso_conn_del(hcon, bt_to_errno(status));
1970 }
1971 }
1972
iso_disconn_cfm(struct hci_conn * hcon,__u8 reason)1973 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1974 {
1975 if (hcon->type != ISO_LINK)
1976 return;
1977
1978 BT_DBG("hcon %p reason %d", hcon, reason);
1979
1980 iso_conn_del(hcon, bt_to_errno(reason));
1981 }
1982
iso_recv(struct hci_conn * hcon,struct sk_buff * skb,u16 flags)1983 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1984 {
1985 struct iso_conn *conn = hcon->iso_data;
1986 __u16 pb, ts, len;
1987
1988 if (!conn)
1989 goto drop;
1990
1991 pb = hci_iso_flags_pb(flags);
1992 ts = hci_iso_flags_ts(flags);
1993
1994 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
1995
1996 switch (pb) {
1997 case ISO_START:
1998 case ISO_SINGLE:
1999 if (conn->rx_len) {
2000 BT_ERR("Unexpected start frame (len %d)", skb->len);
2001 kfree_skb(conn->rx_skb);
2002 conn->rx_skb = NULL;
2003 conn->rx_len = 0;
2004 }
2005
2006 if (ts) {
2007 struct hci_iso_ts_data_hdr *hdr;
2008
2009 /* TODO: add timestamp to the packet? */
2010 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2011 if (!hdr) {
2012 BT_ERR("Frame is too short (len %d)", skb->len);
2013 goto drop;
2014 }
2015
2016 len = __le16_to_cpu(hdr->slen);
2017 } else {
2018 struct hci_iso_data_hdr *hdr;
2019
2020 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2021 if (!hdr) {
2022 BT_ERR("Frame is too short (len %d)", skb->len);
2023 goto drop;
2024 }
2025
2026 len = __le16_to_cpu(hdr->slen);
2027 }
2028
2029 flags = hci_iso_data_flags(len);
2030 len = hci_iso_data_len(len);
2031
2032 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2033 skb->len, flags);
2034
2035 if (len == skb->len) {
2036 /* Complete frame received */
2037 hci_skb_pkt_status(skb) = flags & 0x03;
2038 iso_recv_frame(conn, skb);
2039 return;
2040 }
2041
2042 if (pb == ISO_SINGLE) {
2043 BT_ERR("Frame malformed (len %d, expected len %d)",
2044 skb->len, len);
2045 goto drop;
2046 }
2047
2048 if (skb->len > len) {
2049 BT_ERR("Frame is too long (len %d, expected len %d)",
2050 skb->len, len);
2051 goto drop;
2052 }
2053
2054 /* Allocate skb for the complete frame (with header) */
2055 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2056 if (!conn->rx_skb)
2057 goto drop;
2058
2059 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2060 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2061 skb->len);
2062 conn->rx_len = len - skb->len;
2063 break;
2064
2065 case ISO_CONT:
2066 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2067 conn->rx_len);
2068
2069 if (!conn->rx_len) {
2070 BT_ERR("Unexpected continuation frame (len %d)",
2071 skb->len);
2072 goto drop;
2073 }
2074
2075 if (skb->len > conn->rx_len) {
2076 BT_ERR("Fragment is too long (len %d, expected %d)",
2077 skb->len, conn->rx_len);
2078 kfree_skb(conn->rx_skb);
2079 conn->rx_skb = NULL;
2080 conn->rx_len = 0;
2081 goto drop;
2082 }
2083
2084 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2085 skb->len);
2086 conn->rx_len -= skb->len;
2087 return;
2088
2089 case ISO_END:
2090 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2091 skb->len);
2092 conn->rx_len -= skb->len;
2093
2094 if (!conn->rx_len) {
2095 struct sk_buff *rx_skb = conn->rx_skb;
2096
2097 /* Complete frame received. iso_recv_frame
2098 * takes ownership of the skb so set the global
2099 * rx_skb pointer to NULL first.
2100 */
2101 conn->rx_skb = NULL;
2102 iso_recv_frame(conn, rx_skb);
2103 }
2104 break;
2105 }
2106
2107 drop:
2108 kfree_skb(skb);
2109 }
2110
2111 static struct hci_cb iso_cb = {
2112 .name = "ISO",
2113 .connect_cfm = iso_connect_cfm,
2114 .disconn_cfm = iso_disconn_cfm,
2115 };
2116
iso_debugfs_show(struct seq_file * f,void * p)2117 static int iso_debugfs_show(struct seq_file *f, void *p)
2118 {
2119 struct sock *sk;
2120
2121 read_lock(&iso_sk_list.lock);
2122
2123 sk_for_each(sk, &iso_sk_list.head) {
2124 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2125 &iso_pi(sk)->dst, sk->sk_state);
2126 }
2127
2128 read_unlock(&iso_sk_list.lock);
2129
2130 return 0;
2131 }
2132
2133 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2134
2135 static struct dentry *iso_debugfs;
2136
2137 static const struct proto_ops iso_sock_ops = {
2138 .family = PF_BLUETOOTH,
2139 .owner = THIS_MODULE,
2140 .release = iso_sock_release,
2141 .bind = iso_sock_bind,
2142 .connect = iso_sock_connect,
2143 .listen = iso_sock_listen,
2144 .accept = iso_sock_accept,
2145 .getname = iso_sock_getname,
2146 .sendmsg = iso_sock_sendmsg,
2147 .recvmsg = iso_sock_recvmsg,
2148 .poll = bt_sock_poll,
2149 .ioctl = bt_sock_ioctl,
2150 .mmap = sock_no_mmap,
2151 .socketpair = sock_no_socketpair,
2152 .shutdown = iso_sock_shutdown,
2153 .setsockopt = iso_sock_setsockopt,
2154 .getsockopt = iso_sock_getsockopt
2155 };
2156
2157 static const struct net_proto_family iso_sock_family_ops = {
2158 .family = PF_BLUETOOTH,
2159 .owner = THIS_MODULE,
2160 .create = iso_sock_create,
2161 };
2162
2163 static bool iso_inited;
2164
iso_enabled(void)2165 bool iso_enabled(void)
2166 {
2167 return iso_inited;
2168 }
2169
iso_init(void)2170 int iso_init(void)
2171 {
2172 int err;
2173
2174 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2175
2176 if (iso_inited)
2177 return -EALREADY;
2178
2179 err = proto_register(&iso_proto, 0);
2180 if (err < 0)
2181 return err;
2182
2183 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2184 if (err < 0) {
2185 BT_ERR("ISO socket registration failed");
2186 goto error;
2187 }
2188
2189 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2190 if (err < 0) {
2191 BT_ERR("Failed to create ISO proc file");
2192 bt_sock_unregister(BTPROTO_ISO);
2193 goto error;
2194 }
2195
2196 BT_INFO("ISO socket layer initialized");
2197
2198 hci_register_cb(&iso_cb);
2199
2200 if (!IS_ERR_OR_NULL(bt_debugfs))
2201 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2202 NULL, &iso_debugfs_fops);
2203
2204 iso_inited = true;
2205
2206 return 0;
2207
2208 error:
2209 proto_unregister(&iso_proto);
2210 return err;
2211 }
2212
iso_exit(void)2213 int iso_exit(void)
2214 {
2215 if (!iso_inited)
2216 return -EALREADY;
2217
2218 bt_procfs_cleanup(&init_net, "iso");
2219
2220 debugfs_remove(iso_debugfs);
2221 iso_debugfs = NULL;
2222
2223 hci_unregister_cb(&iso_cb);
2224
2225 bt_sock_unregister(BTPROTO_ISO);
2226
2227 proto_unregister(&iso_proto);
2228
2229 iso_inited = false;
2230
2231 return 0;
2232 }
2233