1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static struct sock *sco_sock_hold(struct sco_conn *conn) 80 { 81 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 82 return NULL; 83 84 sock_hold(conn->sk); 85 86 return conn->sk; 87 } 88 89 static void sco_sock_timeout(struct work_struct *work) 90 { 91 struct sco_conn *conn = container_of(work, struct sco_conn, 92 timeout_work.work); 93 struct sock *sk; 94 95 sco_conn_lock(conn); 96 if (!conn->hcon) { 97 sco_conn_unlock(conn); 98 return; 99 } 100 sk = sco_sock_hold(conn); 101 sco_conn_unlock(conn); 102 103 if (!sk) 104 return; 105 106 BT_DBG("sock %p state %d", sk, sk->sk_state); 107 108 lock_sock(sk); 109 sk->sk_err = ETIMEDOUT; 110 sk->sk_state_change(sk); 111 release_sock(sk); 112 sock_put(sk); 113 } 114 115 static void sco_sock_set_timer(struct sock *sk, long timeout) 116 { 117 if (!sco_pi(sk)->conn) 118 return; 119 120 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 121 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 122 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 123 } 124 125 static void sco_sock_clear_timer(struct sock *sk) 126 { 127 if (!sco_pi(sk)->conn) 128 return; 129 130 BT_DBG("sock %p state %d", sk, sk->sk_state); 131 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 132 } 133 134 /* ---- SCO connections ---- */ 135 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 136 { 137 struct sco_conn *conn = hcon->sco_data; 138 139 if (conn) { 140 if (!conn->hcon) 141 conn->hcon = hcon; 142 return conn; 143 } 144 145 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 146 if (!conn) 147 return NULL; 148 149 spin_lock_init(&conn->lock); 150 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 151 152 hcon->sco_data = conn; 153 conn->hcon = hcon; 154 conn->mtu = hcon->mtu; 155 156 if (hcon->mtu > 0) 157 conn->mtu = hcon->mtu; 158 else 159 conn->mtu = 60; 160 161 BT_DBG("hcon %p conn %p", hcon, conn); 162 163 return conn; 164 } 165 166 /* Delete channel. 167 * Must be called on the locked socket. */ 168 static void sco_chan_del(struct sock *sk, int err) 169 { 170 struct sco_conn *conn; 171 172 conn = sco_pi(sk)->conn; 173 174 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 175 176 if (conn) { 177 sco_conn_lock(conn); 178 conn->sk = NULL; 179 sco_pi(sk)->conn = NULL; 180 sco_conn_unlock(conn); 181 182 if (conn->hcon) 183 hci_conn_drop(conn->hcon); 184 } 185 186 sk->sk_state = BT_CLOSED; 187 sk->sk_err = err; 188 sk->sk_state_change(sk); 189 190 sock_set_flag(sk, SOCK_ZAPPED); 191 } 192 193 static void sco_conn_del(struct hci_conn *hcon, int err) 194 { 195 struct sco_conn *conn = hcon->sco_data; 196 struct sock *sk; 197 198 if (!conn) 199 return; 200 201 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 202 203 /* Kill socket */ 204 sco_conn_lock(conn); 205 sk = sco_sock_hold(conn); 206 sco_conn_unlock(conn); 207 208 if (sk) { 209 lock_sock(sk); 210 sco_sock_clear_timer(sk); 211 sco_chan_del(sk, err); 212 release_sock(sk); 213 sock_put(sk); 214 } 215 216 /* Ensure no more work items will run before freeing conn. */ 217 cancel_delayed_work_sync(&conn->timeout_work); 218 219 hcon->sco_data = NULL; 220 kfree(conn); 221 } 222 223 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 224 struct sock *parent) 225 { 226 BT_DBG("conn %p", conn); 227 228 sco_pi(sk)->conn = conn; 229 conn->sk = sk; 230 231 if (parent) 232 bt_accept_enqueue(parent, sk, true); 233 } 234 235 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 236 struct sock *parent) 237 { 238 int err = 0; 239 240 sco_conn_lock(conn); 241 if (conn->sk) 242 err = -EBUSY; 243 else 244 __sco_chan_add(conn, sk, parent); 245 246 sco_conn_unlock(conn); 247 return err; 248 } 249 250 static int sco_connect(struct sock *sk) 251 { 252 struct sco_conn *conn; 253 struct hci_conn *hcon; 254 struct hci_dev *hdev; 255 int err, type; 256 257 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 258 259 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 260 if (!hdev) 261 return -EHOSTUNREACH; 262 263 hci_dev_lock(hdev); 264 265 if (lmp_esco_capable(hdev) && !disable_esco) 266 type = ESCO_LINK; 267 else 268 type = SCO_LINK; 269 270 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 271 case SCO_AIRMODE_TRANSP: 272 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) { 273 err = -EOPNOTSUPP; 274 goto unlock; 275 } 276 break; 277 } 278 279 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 280 sco_pi(sk)->setting, &sco_pi(sk)->codec); 281 if (IS_ERR(hcon)) { 282 err = PTR_ERR(hcon); 283 goto unlock; 284 } 285 286 conn = sco_conn_add(hcon); 287 if (!conn) { 288 hci_conn_drop(hcon); 289 err = -ENOMEM; 290 goto unlock; 291 } 292 293 lock_sock(sk); 294 295 err = sco_chan_add(conn, sk, NULL); 296 if (err) { 297 release_sock(sk); 298 goto unlock; 299 } 300 301 /* Update source addr of the socket */ 302 bacpy(&sco_pi(sk)->src, &hcon->src); 303 304 if (hcon->state == BT_CONNECTED) { 305 sco_sock_clear_timer(sk); 306 sk->sk_state = BT_CONNECTED; 307 } else { 308 sk->sk_state = BT_CONNECT; 309 sco_sock_set_timer(sk, sk->sk_sndtimeo); 310 } 311 312 release_sock(sk); 313 314 unlock: 315 hci_dev_unlock(hdev); 316 hci_dev_put(hdev); 317 return err; 318 } 319 320 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 321 { 322 struct sco_conn *conn = sco_pi(sk)->conn; 323 int len = skb->len; 324 325 /* Check outgoing MTU */ 326 if (len > conn->mtu) 327 return -EINVAL; 328 329 BT_DBG("sk %p len %d", sk, len); 330 331 hci_send_sco(conn->hcon, skb); 332 333 return len; 334 } 335 336 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 337 { 338 struct sock *sk; 339 340 sco_conn_lock(conn); 341 sk = conn->sk; 342 sco_conn_unlock(conn); 343 344 if (!sk) 345 goto drop; 346 347 BT_DBG("sk %p len %u", sk, skb->len); 348 349 if (sk->sk_state != BT_CONNECTED) 350 goto drop; 351 352 if (!sock_queue_rcv_skb(sk, skb)) 353 return; 354 355 drop: 356 kfree_skb(skb); 357 } 358 359 /* -------- Socket interface ---------- */ 360 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 361 { 362 struct sock *sk; 363 364 sk_for_each(sk, &sco_sk_list.head) { 365 if (sk->sk_state != BT_LISTEN) 366 continue; 367 368 if (!bacmp(&sco_pi(sk)->src, ba)) 369 return sk; 370 } 371 372 return NULL; 373 } 374 375 /* Find socket listening on source bdaddr. 376 * Returns closest match. 377 */ 378 static struct sock *sco_get_sock_listen(bdaddr_t *src) 379 { 380 struct sock *sk = NULL, *sk1 = NULL; 381 382 read_lock(&sco_sk_list.lock); 383 384 sk_for_each(sk, &sco_sk_list.head) { 385 if (sk->sk_state != BT_LISTEN) 386 continue; 387 388 /* Exact match. */ 389 if (!bacmp(&sco_pi(sk)->src, src)) 390 break; 391 392 /* Closest match */ 393 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 394 sk1 = sk; 395 } 396 397 read_unlock(&sco_sk_list.lock); 398 399 return sk ? sk : sk1; 400 } 401 402 static void sco_sock_destruct(struct sock *sk) 403 { 404 BT_DBG("sk %p", sk); 405 406 skb_queue_purge(&sk->sk_receive_queue); 407 skb_queue_purge(&sk->sk_write_queue); 408 } 409 410 static void sco_sock_cleanup_listen(struct sock *parent) 411 { 412 struct sock *sk; 413 414 BT_DBG("parent %p", parent); 415 416 /* Close not yet accepted channels */ 417 while ((sk = bt_accept_dequeue(parent, NULL))) { 418 sco_sock_close(sk); 419 sco_sock_kill(sk); 420 } 421 422 parent->sk_state = BT_CLOSED; 423 sock_set_flag(parent, SOCK_ZAPPED); 424 } 425 426 /* Kill socket (only if zapped and orphan) 427 * Must be called on unlocked socket. 428 */ 429 static void sco_sock_kill(struct sock *sk) 430 { 431 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 432 return; 433 434 BT_DBG("sk %p state %d", sk, sk->sk_state); 435 436 /* Kill poor orphan */ 437 bt_sock_unlink(&sco_sk_list, sk); 438 sock_set_flag(sk, SOCK_DEAD); 439 sock_put(sk); 440 } 441 442 static void __sco_sock_close(struct sock *sk) 443 { 444 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 445 446 switch (sk->sk_state) { 447 case BT_LISTEN: 448 sco_sock_cleanup_listen(sk); 449 break; 450 451 case BT_CONNECTED: 452 case BT_CONFIG: 453 if (sco_pi(sk)->conn->hcon) { 454 sk->sk_state = BT_DISCONN; 455 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 456 sco_conn_lock(sco_pi(sk)->conn); 457 hci_conn_drop(sco_pi(sk)->conn->hcon); 458 sco_pi(sk)->conn->hcon = NULL; 459 sco_conn_unlock(sco_pi(sk)->conn); 460 } else 461 sco_chan_del(sk, ECONNRESET); 462 break; 463 464 case BT_CONNECT2: 465 case BT_CONNECT: 466 case BT_DISCONN: 467 sco_chan_del(sk, ECONNRESET); 468 break; 469 470 default: 471 sock_set_flag(sk, SOCK_ZAPPED); 472 break; 473 } 474 475 } 476 477 /* Must be called on unlocked socket. */ 478 static void sco_sock_close(struct sock *sk) 479 { 480 lock_sock(sk); 481 sco_sock_clear_timer(sk); 482 __sco_sock_close(sk); 483 release_sock(sk); 484 } 485 486 static void sco_sock_init(struct sock *sk, struct sock *parent) 487 { 488 BT_DBG("sk %p", sk); 489 490 if (parent) { 491 sk->sk_type = parent->sk_type; 492 bt_sk(sk)->flags = bt_sk(parent)->flags; 493 security_sk_clone(parent, sk); 494 } 495 } 496 497 static struct proto sco_proto = { 498 .name = "SCO", 499 .owner = THIS_MODULE, 500 .obj_size = sizeof(struct sco_pinfo) 501 }; 502 503 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 504 int proto, gfp_t prio, int kern) 505 { 506 struct sock *sk; 507 508 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 509 if (!sk) 510 return NULL; 511 512 sk->sk_destruct = sco_sock_destruct; 513 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 514 515 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 516 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 517 sco_pi(sk)->codec.cid = 0xffff; 518 sco_pi(sk)->codec.vid = 0xffff; 519 sco_pi(sk)->codec.data_path = 0x00; 520 521 bt_sock_link(&sco_sk_list, sk); 522 return sk; 523 } 524 525 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 526 int kern) 527 { 528 struct sock *sk; 529 530 BT_DBG("sock %p", sock); 531 532 sock->state = SS_UNCONNECTED; 533 534 if (sock->type != SOCK_SEQPACKET) 535 return -ESOCKTNOSUPPORT; 536 537 sock->ops = &sco_sock_ops; 538 539 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 540 if (!sk) 541 return -ENOMEM; 542 543 sco_sock_init(sk, NULL); 544 return 0; 545 } 546 547 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 548 int addr_len) 549 { 550 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 551 struct sock *sk = sock->sk; 552 int err = 0; 553 554 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 555 addr->sa_family != AF_BLUETOOTH) 556 return -EINVAL; 557 558 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 559 560 lock_sock(sk); 561 562 if (sk->sk_state != BT_OPEN) { 563 err = -EBADFD; 564 goto done; 565 } 566 567 if (sk->sk_type != SOCK_SEQPACKET) { 568 err = -EINVAL; 569 goto done; 570 } 571 572 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 573 574 sk->sk_state = BT_BOUND; 575 576 done: 577 release_sock(sk); 578 return err; 579 } 580 581 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 582 { 583 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 584 struct sock *sk = sock->sk; 585 int err; 586 587 BT_DBG("sk %p", sk); 588 589 if (alen < sizeof(struct sockaddr_sco) || 590 addr->sa_family != AF_BLUETOOTH) 591 return -EINVAL; 592 593 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 594 return -EBADFD; 595 596 if (sk->sk_type != SOCK_SEQPACKET) 597 err = -EINVAL; 598 599 lock_sock(sk); 600 /* Set destination address and psm */ 601 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 602 release_sock(sk); 603 604 err = sco_connect(sk); 605 if (err) 606 return err; 607 608 lock_sock(sk); 609 610 err = bt_sock_wait_state(sk, BT_CONNECTED, 611 sock_sndtimeo(sk, flags & O_NONBLOCK)); 612 613 release_sock(sk); 614 return err; 615 } 616 617 static int sco_sock_listen(struct socket *sock, int backlog) 618 { 619 struct sock *sk = sock->sk; 620 bdaddr_t *src = &sco_pi(sk)->src; 621 int err = 0; 622 623 BT_DBG("sk %p backlog %d", sk, backlog); 624 625 lock_sock(sk); 626 627 if (sk->sk_state != BT_BOUND) { 628 err = -EBADFD; 629 goto done; 630 } 631 632 if (sk->sk_type != SOCK_SEQPACKET) { 633 err = -EINVAL; 634 goto done; 635 } 636 637 write_lock(&sco_sk_list.lock); 638 639 if (__sco_get_sock_listen_by_addr(src)) { 640 err = -EADDRINUSE; 641 goto unlock; 642 } 643 644 sk->sk_max_ack_backlog = backlog; 645 sk->sk_ack_backlog = 0; 646 647 sk->sk_state = BT_LISTEN; 648 649 unlock: 650 write_unlock(&sco_sk_list.lock); 651 652 done: 653 release_sock(sk); 654 return err; 655 } 656 657 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 658 int flags, bool kern) 659 { 660 DEFINE_WAIT_FUNC(wait, woken_wake_function); 661 struct sock *sk = sock->sk, *ch; 662 long timeo; 663 int err = 0; 664 665 lock_sock(sk); 666 667 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 668 669 BT_DBG("sk %p timeo %ld", sk, timeo); 670 671 /* Wait for an incoming connection. (wake-one). */ 672 add_wait_queue_exclusive(sk_sleep(sk), &wait); 673 while (1) { 674 if (sk->sk_state != BT_LISTEN) { 675 err = -EBADFD; 676 break; 677 } 678 679 ch = bt_accept_dequeue(sk, newsock); 680 if (ch) 681 break; 682 683 if (!timeo) { 684 err = -EAGAIN; 685 break; 686 } 687 688 if (signal_pending(current)) { 689 err = sock_intr_errno(timeo); 690 break; 691 } 692 693 release_sock(sk); 694 695 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 696 lock_sock(sk); 697 } 698 remove_wait_queue(sk_sleep(sk), &wait); 699 700 if (err) 701 goto done; 702 703 newsock->state = SS_CONNECTED; 704 705 BT_DBG("new socket %p", ch); 706 707 done: 708 release_sock(sk); 709 return err; 710 } 711 712 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 713 int peer) 714 { 715 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 716 struct sock *sk = sock->sk; 717 718 BT_DBG("sock %p, sk %p", sock, sk); 719 720 addr->sa_family = AF_BLUETOOTH; 721 722 if (peer) 723 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 724 else 725 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 726 727 return sizeof(struct sockaddr_sco); 728 } 729 730 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 731 size_t len) 732 { 733 struct sock *sk = sock->sk; 734 struct sk_buff *skb; 735 int err; 736 737 BT_DBG("sock %p, sk %p", sock, sk); 738 739 err = sock_error(sk); 740 if (err) 741 return err; 742 743 if (msg->msg_flags & MSG_OOB) 744 return -EOPNOTSUPP; 745 746 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 747 if (IS_ERR(skb)) 748 return PTR_ERR(skb); 749 750 lock_sock(sk); 751 752 if (sk->sk_state == BT_CONNECTED) 753 err = sco_send_frame(sk, skb); 754 else 755 err = -ENOTCONN; 756 757 release_sock(sk); 758 759 if (err < 0) 760 kfree_skb(skb); 761 return err; 762 } 763 764 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 765 { 766 struct hci_dev *hdev = conn->hdev; 767 768 BT_DBG("conn %p", conn); 769 770 conn->state = BT_CONFIG; 771 772 if (!lmp_esco_capable(hdev)) { 773 struct hci_cp_accept_conn_req cp; 774 775 bacpy(&cp.bdaddr, &conn->dst); 776 cp.role = 0x00; /* Ignored */ 777 778 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 779 } else { 780 struct hci_cp_accept_sync_conn_req cp; 781 782 bacpy(&cp.bdaddr, &conn->dst); 783 cp.pkt_type = cpu_to_le16(conn->pkt_type); 784 785 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 786 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 787 cp.content_format = cpu_to_le16(setting); 788 789 switch (setting & SCO_AIRMODE_MASK) { 790 case SCO_AIRMODE_TRANSP: 791 if (conn->pkt_type & ESCO_2EV3) 792 cp.max_latency = cpu_to_le16(0x0008); 793 else 794 cp.max_latency = cpu_to_le16(0x000D); 795 cp.retrans_effort = 0x02; 796 break; 797 case SCO_AIRMODE_CVSD: 798 cp.max_latency = cpu_to_le16(0xffff); 799 cp.retrans_effort = 0xff; 800 break; 801 default: 802 /* use CVSD settings as fallback */ 803 cp.max_latency = cpu_to_le16(0xffff); 804 cp.retrans_effort = 0xff; 805 break; 806 } 807 808 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 809 sizeof(cp), &cp); 810 } 811 } 812 813 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 814 size_t len, int flags) 815 { 816 struct sock *sk = sock->sk; 817 struct sco_pinfo *pi = sco_pi(sk); 818 819 lock_sock(sk); 820 821 if (sk->sk_state == BT_CONNECT2 && 822 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 823 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 824 sk->sk_state = BT_CONFIG; 825 826 release_sock(sk); 827 return 0; 828 } 829 830 release_sock(sk); 831 832 return bt_sock_recvmsg(sock, msg, len, flags); 833 } 834 835 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 836 sockptr_t optval, unsigned int optlen) 837 { 838 struct sock *sk = sock->sk; 839 int err = 0; 840 struct bt_voice voice; 841 u32 opt; 842 struct bt_codecs *codecs; 843 struct hci_dev *hdev; 844 __u8 buffer[255]; 845 846 BT_DBG("sk %p", sk); 847 848 lock_sock(sk); 849 850 switch (optname) { 851 852 case BT_DEFER_SETUP: 853 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 854 err = -EINVAL; 855 break; 856 } 857 858 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 859 if (err) 860 break; 861 862 if (opt) 863 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 864 else 865 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 866 break; 867 868 case BT_VOICE: 869 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 870 sk->sk_state != BT_CONNECT2) { 871 err = -EINVAL; 872 break; 873 } 874 875 voice.setting = sco_pi(sk)->setting; 876 877 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 878 optlen); 879 if (err) 880 break; 881 882 sco_pi(sk)->setting = voice.setting; 883 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 884 BDADDR_BREDR); 885 if (!hdev) { 886 err = -EBADFD; 887 break; 888 } 889 890 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 891 case SCO_AIRMODE_TRANSP: 892 if (enhanced_sync_conn_capable(hdev)) 893 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 894 break; 895 } 896 897 hci_dev_put(hdev); 898 break; 899 900 case BT_PKT_STATUS: 901 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 902 if (err) 903 break; 904 905 if (opt) 906 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 907 else 908 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 909 break; 910 911 case BT_CODEC: 912 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 913 sk->sk_state != BT_CONNECT2) { 914 err = -EINVAL; 915 break; 916 } 917 918 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 919 BDADDR_BREDR); 920 if (!hdev) { 921 err = -EBADFD; 922 break; 923 } 924 925 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 926 hci_dev_put(hdev); 927 err = -EOPNOTSUPP; 928 break; 929 } 930 931 if (!hdev->get_data_path_id) { 932 hci_dev_put(hdev); 933 err = -EOPNOTSUPP; 934 break; 935 } 936 937 if (optlen < sizeof(struct bt_codecs) || 938 optlen > sizeof(buffer)) { 939 hci_dev_put(hdev); 940 err = -EINVAL; 941 break; 942 } 943 944 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 945 if (err) { 946 hci_dev_put(hdev); 947 break; 948 } 949 950 codecs = (void *)buffer; 951 952 if (codecs->num_codecs > 1) { 953 hci_dev_put(hdev); 954 err = -EINVAL; 955 break; 956 } 957 958 sco_pi(sk)->codec = codecs->codecs[0]; 959 hci_dev_put(hdev); 960 break; 961 962 default: 963 err = -ENOPROTOOPT; 964 break; 965 } 966 967 release_sock(sk); 968 return err; 969 } 970 971 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 972 char __user *optval, int __user *optlen) 973 { 974 struct sock *sk = sock->sk; 975 struct sco_options opts; 976 struct sco_conninfo cinfo; 977 int err = 0; 978 size_t len; 979 980 BT_DBG("sk %p", sk); 981 982 if (get_user(len, optlen)) 983 return -EFAULT; 984 985 lock_sock(sk); 986 987 switch (optname) { 988 case SCO_OPTIONS: 989 if (sk->sk_state != BT_CONNECTED && 990 !(sk->sk_state == BT_CONNECT2 && 991 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 992 err = -ENOTCONN; 993 break; 994 } 995 996 opts.mtu = sco_pi(sk)->conn->mtu; 997 998 BT_DBG("mtu %u", opts.mtu); 999 1000 len = min(len, sizeof(opts)); 1001 if (copy_to_user(optval, (char *)&opts, len)) 1002 err = -EFAULT; 1003 1004 break; 1005 1006 case SCO_CONNINFO: 1007 if (sk->sk_state != BT_CONNECTED && 1008 !(sk->sk_state == BT_CONNECT2 && 1009 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1010 err = -ENOTCONN; 1011 break; 1012 } 1013 1014 memset(&cinfo, 0, sizeof(cinfo)); 1015 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1016 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1017 1018 len = min(len, sizeof(cinfo)); 1019 if (copy_to_user(optval, (char *)&cinfo, len)) 1020 err = -EFAULT; 1021 1022 break; 1023 1024 default: 1025 err = -ENOPROTOOPT; 1026 break; 1027 } 1028 1029 release_sock(sk); 1030 return err; 1031 } 1032 1033 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1034 char __user *optval, int __user *optlen) 1035 { 1036 struct sock *sk = sock->sk; 1037 int len, err = 0; 1038 struct bt_voice voice; 1039 u32 phys; 1040 int buf_len; 1041 struct codec_list *c; 1042 u8 num_codecs, i, __user *ptr; 1043 struct hci_dev *hdev; 1044 struct hci_codec_caps *caps; 1045 struct bt_codec codec; 1046 1047 BT_DBG("sk %p", sk); 1048 1049 if (level == SOL_SCO) 1050 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1051 1052 if (get_user(len, optlen)) 1053 return -EFAULT; 1054 1055 lock_sock(sk); 1056 1057 switch (optname) { 1058 1059 case BT_DEFER_SETUP: 1060 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1061 err = -EINVAL; 1062 break; 1063 } 1064 1065 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1066 (u32 __user *)optval)) 1067 err = -EFAULT; 1068 1069 break; 1070 1071 case BT_VOICE: 1072 voice.setting = sco_pi(sk)->setting; 1073 1074 len = min_t(unsigned int, len, sizeof(voice)); 1075 if (copy_to_user(optval, (char *)&voice, len)) 1076 err = -EFAULT; 1077 1078 break; 1079 1080 case BT_PHY: 1081 if (sk->sk_state != BT_CONNECTED) { 1082 err = -ENOTCONN; 1083 break; 1084 } 1085 1086 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1087 1088 if (put_user(phys, (u32 __user *) optval)) 1089 err = -EFAULT; 1090 break; 1091 1092 case BT_PKT_STATUS: 1093 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1094 (int __user *)optval)) 1095 err = -EFAULT; 1096 break; 1097 1098 case BT_SNDMTU: 1099 case BT_RCVMTU: 1100 if (sk->sk_state != BT_CONNECTED) { 1101 err = -ENOTCONN; 1102 break; 1103 } 1104 1105 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1106 err = -EFAULT; 1107 break; 1108 1109 case BT_CODEC: 1110 num_codecs = 0; 1111 buf_len = 0; 1112 1113 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1114 if (!hdev) { 1115 err = -EBADFD; 1116 break; 1117 } 1118 1119 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1120 hci_dev_put(hdev); 1121 err = -EOPNOTSUPP; 1122 break; 1123 } 1124 1125 if (!hdev->get_data_path_id) { 1126 hci_dev_put(hdev); 1127 err = -EOPNOTSUPP; 1128 break; 1129 } 1130 1131 release_sock(sk); 1132 1133 /* find total buffer size required to copy codec + caps */ 1134 hci_dev_lock(hdev); 1135 list_for_each_entry(c, &hdev->local_codecs, list) { 1136 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1137 continue; 1138 num_codecs++; 1139 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1140 buf_len += 1 + caps->len; 1141 caps = (void *)&caps->data[caps->len]; 1142 } 1143 buf_len += sizeof(struct bt_codec); 1144 } 1145 hci_dev_unlock(hdev); 1146 1147 buf_len += sizeof(struct bt_codecs); 1148 if (buf_len > len) { 1149 hci_dev_put(hdev); 1150 return -ENOBUFS; 1151 } 1152 ptr = optval; 1153 1154 if (put_user(num_codecs, ptr)) { 1155 hci_dev_put(hdev); 1156 return -EFAULT; 1157 } 1158 ptr += sizeof(num_codecs); 1159 1160 /* Iterate all the codecs supported over SCO and populate 1161 * codec data 1162 */ 1163 hci_dev_lock(hdev); 1164 list_for_each_entry(c, &hdev->local_codecs, list) { 1165 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1166 continue; 1167 1168 codec.id = c->id; 1169 codec.cid = c->cid; 1170 codec.vid = c->vid; 1171 err = hdev->get_data_path_id(hdev, &codec.data_path); 1172 if (err < 0) 1173 break; 1174 codec.num_caps = c->num_caps; 1175 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1176 err = -EFAULT; 1177 break; 1178 } 1179 ptr += sizeof(codec); 1180 1181 /* find codec capabilities data length */ 1182 len = 0; 1183 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1184 len += 1 + caps->len; 1185 caps = (void *)&caps->data[caps->len]; 1186 } 1187 1188 /* copy codec capabilities data */ 1189 if (len && copy_to_user(ptr, c->caps, len)) { 1190 err = -EFAULT; 1191 break; 1192 } 1193 ptr += len; 1194 } 1195 1196 hci_dev_unlock(hdev); 1197 hci_dev_put(hdev); 1198 1199 lock_sock(sk); 1200 1201 if (!err && put_user(buf_len, optlen)) 1202 err = -EFAULT; 1203 1204 break; 1205 1206 default: 1207 err = -ENOPROTOOPT; 1208 break; 1209 } 1210 1211 release_sock(sk); 1212 return err; 1213 } 1214 1215 static int sco_sock_shutdown(struct socket *sock, int how) 1216 { 1217 struct sock *sk = sock->sk; 1218 int err = 0; 1219 1220 BT_DBG("sock %p, sk %p", sock, sk); 1221 1222 if (!sk) 1223 return 0; 1224 1225 sock_hold(sk); 1226 lock_sock(sk); 1227 1228 if (!sk->sk_shutdown) { 1229 sk->sk_shutdown = SHUTDOWN_MASK; 1230 sco_sock_clear_timer(sk); 1231 __sco_sock_close(sk); 1232 1233 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1234 !(current->flags & PF_EXITING)) 1235 err = bt_sock_wait_state(sk, BT_CLOSED, 1236 sk->sk_lingertime); 1237 } 1238 1239 release_sock(sk); 1240 sock_put(sk); 1241 1242 return err; 1243 } 1244 1245 static int sco_sock_release(struct socket *sock) 1246 { 1247 struct sock *sk = sock->sk; 1248 int err = 0; 1249 1250 BT_DBG("sock %p, sk %p", sock, sk); 1251 1252 if (!sk) 1253 return 0; 1254 1255 sco_sock_close(sk); 1256 1257 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1258 !(current->flags & PF_EXITING)) { 1259 lock_sock(sk); 1260 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1261 release_sock(sk); 1262 } 1263 1264 sock_orphan(sk); 1265 sco_sock_kill(sk); 1266 return err; 1267 } 1268 1269 static void sco_conn_ready(struct sco_conn *conn) 1270 { 1271 struct sock *parent; 1272 struct sock *sk = conn->sk; 1273 1274 BT_DBG("conn %p", conn); 1275 1276 if (sk) { 1277 lock_sock(sk); 1278 sco_sock_clear_timer(sk); 1279 sk->sk_state = BT_CONNECTED; 1280 sk->sk_state_change(sk); 1281 release_sock(sk); 1282 } else { 1283 sco_conn_lock(conn); 1284 1285 if (!conn->hcon) { 1286 sco_conn_unlock(conn); 1287 return; 1288 } 1289 1290 parent = sco_get_sock_listen(&conn->hcon->src); 1291 if (!parent) { 1292 sco_conn_unlock(conn); 1293 return; 1294 } 1295 1296 lock_sock(parent); 1297 1298 sk = sco_sock_alloc(sock_net(parent), NULL, 1299 BTPROTO_SCO, GFP_ATOMIC, 0); 1300 if (!sk) { 1301 release_sock(parent); 1302 sco_conn_unlock(conn); 1303 return; 1304 } 1305 1306 sco_sock_init(sk, parent); 1307 1308 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1309 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1310 1311 hci_conn_hold(conn->hcon); 1312 __sco_chan_add(conn, sk, parent); 1313 1314 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1315 sk->sk_state = BT_CONNECT2; 1316 else 1317 sk->sk_state = BT_CONNECTED; 1318 1319 /* Wake up parent */ 1320 parent->sk_data_ready(parent); 1321 1322 release_sock(parent); 1323 1324 sco_conn_unlock(conn); 1325 } 1326 } 1327 1328 /* ----- SCO interface with lower layer (HCI) ----- */ 1329 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1330 { 1331 struct sock *sk; 1332 int lm = 0; 1333 1334 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1335 1336 /* Find listening sockets */ 1337 read_lock(&sco_sk_list.lock); 1338 sk_for_each(sk, &sco_sk_list.head) { 1339 if (sk->sk_state != BT_LISTEN) 1340 continue; 1341 1342 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1343 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1344 lm |= HCI_LM_ACCEPT; 1345 1346 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1347 *flags |= HCI_PROTO_DEFER; 1348 break; 1349 } 1350 } 1351 read_unlock(&sco_sk_list.lock); 1352 1353 return lm; 1354 } 1355 1356 static bool sco_match(struct hci_conn *hcon) 1357 { 1358 return hcon->type == SCO_LINK || hcon->type == ESCO_LINK; 1359 } 1360 1361 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1362 { 1363 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1364 1365 if (!status) { 1366 struct sco_conn *conn; 1367 1368 conn = sco_conn_add(hcon); 1369 if (conn) 1370 sco_conn_ready(conn); 1371 } else 1372 sco_conn_del(hcon, bt_to_errno(status)); 1373 } 1374 1375 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1376 { 1377 BT_DBG("hcon %p reason %d", hcon, reason); 1378 1379 sco_conn_del(hcon, bt_to_errno(reason)); 1380 } 1381 1382 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1383 { 1384 struct sco_conn *conn = hcon->sco_data; 1385 1386 if (!conn) 1387 goto drop; 1388 1389 BT_DBG("conn %p len %u", conn, skb->len); 1390 1391 if (skb->len) { 1392 sco_recv_frame(conn, skb); 1393 return; 1394 } 1395 1396 drop: 1397 kfree_skb(skb); 1398 } 1399 1400 static struct hci_cb sco_cb = { 1401 .name = "SCO", 1402 .match = sco_match, 1403 .connect_cfm = sco_connect_cfm, 1404 .disconn_cfm = sco_disconn_cfm, 1405 }; 1406 1407 static int sco_debugfs_show(struct seq_file *f, void *p) 1408 { 1409 struct sock *sk; 1410 1411 read_lock(&sco_sk_list.lock); 1412 1413 sk_for_each(sk, &sco_sk_list.head) { 1414 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1415 &sco_pi(sk)->dst, sk->sk_state); 1416 } 1417 1418 read_unlock(&sco_sk_list.lock); 1419 1420 return 0; 1421 } 1422 1423 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1424 1425 static struct dentry *sco_debugfs; 1426 1427 static const struct proto_ops sco_sock_ops = { 1428 .family = PF_BLUETOOTH, 1429 .owner = THIS_MODULE, 1430 .release = sco_sock_release, 1431 .bind = sco_sock_bind, 1432 .connect = sco_sock_connect, 1433 .listen = sco_sock_listen, 1434 .accept = sco_sock_accept, 1435 .getname = sco_sock_getname, 1436 .sendmsg = sco_sock_sendmsg, 1437 .recvmsg = sco_sock_recvmsg, 1438 .poll = bt_sock_poll, 1439 .ioctl = bt_sock_ioctl, 1440 .gettstamp = sock_gettstamp, 1441 .mmap = sock_no_mmap, 1442 .socketpair = sock_no_socketpair, 1443 .shutdown = sco_sock_shutdown, 1444 .setsockopt = sco_sock_setsockopt, 1445 .getsockopt = sco_sock_getsockopt 1446 }; 1447 1448 static const struct net_proto_family sco_sock_family_ops = { 1449 .family = PF_BLUETOOTH, 1450 .owner = THIS_MODULE, 1451 .create = sco_sock_create, 1452 }; 1453 1454 int __init sco_init(void) 1455 { 1456 int err; 1457 1458 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1459 1460 err = proto_register(&sco_proto, 0); 1461 if (err < 0) 1462 return err; 1463 1464 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1465 if (err < 0) { 1466 BT_ERR("SCO socket registration failed"); 1467 goto error; 1468 } 1469 1470 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1471 if (err < 0) { 1472 BT_ERR("Failed to create SCO proc file"); 1473 bt_sock_unregister(BTPROTO_SCO); 1474 goto error; 1475 } 1476 1477 BT_INFO("SCO socket layer initialized"); 1478 1479 hci_register_cb(&sco_cb); 1480 1481 if (IS_ERR_OR_NULL(bt_debugfs)) 1482 return 0; 1483 1484 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1485 NULL, &sco_debugfs_fops); 1486 1487 return 0; 1488 1489 error: 1490 proto_unregister(&sco_proto); 1491 return err; 1492 } 1493 1494 void sco_exit(void) 1495 { 1496 bt_procfs_cleanup(&init_net, "sco"); 1497 1498 debugfs_remove(sco_debugfs); 1499 1500 hci_unregister_cb(&sco_cb); 1501 1502 bt_sock_unregister(BTPROTO_SCO); 1503 1504 proto_unregister(&sco_proto); 1505 } 1506 1507 module_param(disable_esco, bool, 0644); 1508 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1509