1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 #define EIR_SERVICE_DATA_LENGTH 4 48 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 49 50 struct iso_pinfo { 51 struct bt_sock bt; 52 bdaddr_t src; 53 __u8 src_type; 54 bdaddr_t dst; 55 __u8 dst_type; 56 __u8 bc_sid; 57 __u8 bc_num_bis; 58 __u8 bc_bis[ISO_MAX_NUM_BIS]; 59 __u16 sync_handle; 60 __u32 flags; 61 struct bt_iso_qos qos; 62 __u8 base_len; 63 __u8 base[BASE_MAX_LENGTH]; 64 struct iso_conn *conn; 65 }; 66 67 /* ---- ISO timers ---- */ 68 #define ISO_CONN_TIMEOUT (HZ * 40) 69 #define ISO_DISCONN_TIMEOUT (HZ * 2) 70 71 static void iso_sock_timeout(struct work_struct *work) 72 { 73 struct iso_conn *conn = container_of(work, struct iso_conn, 74 timeout_work.work); 75 struct sock *sk; 76 77 iso_conn_lock(conn); 78 sk = conn->sk; 79 if (sk) 80 sock_hold(sk); 81 iso_conn_unlock(conn); 82 83 if (!sk) 84 return; 85 86 BT_DBG("sock %p state %d", sk, sk->sk_state); 87 88 lock_sock(sk); 89 sk->sk_err = ETIMEDOUT; 90 sk->sk_state_change(sk); 91 release_sock(sk); 92 sock_put(sk); 93 } 94 95 static void iso_sock_set_timer(struct sock *sk, long timeout) 96 { 97 if (!iso_pi(sk)->conn) 98 return; 99 100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 103 } 104 105 static void iso_sock_clear_timer(struct sock *sk) 106 { 107 if (!iso_pi(sk)->conn) 108 return; 109 110 BT_DBG("sock %p state %d", sk, sk->sk_state); 111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 112 } 113 114 /* ---- ISO connections ---- */ 115 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 116 { 117 struct iso_conn *conn = hcon->iso_data; 118 119 if (conn) 120 return conn; 121 122 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 123 if (!conn) 124 return NULL; 125 126 spin_lock_init(&conn->lock); 127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 128 129 hcon->iso_data = conn; 130 conn->hcon = hcon; 131 conn->tx_sn = 0; 132 133 BT_DBG("hcon %p conn %p", hcon, conn); 134 135 return conn; 136 } 137 138 /* Delete channel. Must be called on the locked socket. */ 139 static void iso_chan_del(struct sock *sk, int err) 140 { 141 struct iso_conn *conn; 142 struct sock *parent; 143 144 conn = iso_pi(sk)->conn; 145 146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 147 148 if (conn) { 149 iso_conn_lock(conn); 150 conn->sk = NULL; 151 iso_pi(sk)->conn = NULL; 152 iso_conn_unlock(conn); 153 154 if (conn->hcon) 155 hci_conn_drop(conn->hcon); 156 } 157 158 sk->sk_state = BT_CLOSED; 159 sk->sk_err = err; 160 161 parent = bt_sk(sk)->parent; 162 if (parent) { 163 bt_accept_unlink(sk); 164 parent->sk_data_ready(parent); 165 } else { 166 sk->sk_state_change(sk); 167 } 168 169 sock_set_flag(sk, SOCK_ZAPPED); 170 } 171 172 static void iso_conn_del(struct hci_conn *hcon, int err) 173 { 174 struct iso_conn *conn = hcon->iso_data; 175 struct sock *sk; 176 177 if (!conn) 178 return; 179 180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 181 182 /* Kill socket */ 183 iso_conn_lock(conn); 184 sk = conn->sk; 185 if (sk) 186 sock_hold(sk); 187 iso_conn_unlock(conn); 188 189 if (sk) { 190 lock_sock(sk); 191 iso_sock_clear_timer(sk); 192 iso_chan_del(sk, err); 193 release_sock(sk); 194 sock_put(sk); 195 } 196 197 /* Ensure no more work items will run before freeing conn. */ 198 cancel_delayed_work_sync(&conn->timeout_work); 199 200 hcon->iso_data = NULL; 201 kfree(conn); 202 } 203 204 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 205 struct sock *parent) 206 { 207 BT_DBG("conn %p", conn); 208 209 if (iso_pi(sk)->conn == conn && conn->sk == sk) 210 return 0; 211 212 if (conn->sk) { 213 BT_ERR("conn->sk already set"); 214 return -EBUSY; 215 } 216 217 iso_pi(sk)->conn = conn; 218 conn->sk = sk; 219 220 if (parent) 221 bt_accept_enqueue(parent, sk, true); 222 223 return 0; 224 } 225 226 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 227 struct sock *parent) 228 { 229 int err; 230 231 iso_conn_lock(conn); 232 err = __iso_chan_add(conn, sk, parent); 233 iso_conn_unlock(conn); 234 235 return err; 236 } 237 238 static inline u8 le_addr_type(u8 bdaddr_type) 239 { 240 if (bdaddr_type == BDADDR_LE_PUBLIC) 241 return ADDR_LE_DEV_PUBLIC; 242 else 243 return ADDR_LE_DEV_RANDOM; 244 } 245 246 static int iso_connect_bis(struct sock *sk) 247 { 248 struct iso_conn *conn; 249 struct hci_conn *hcon; 250 struct hci_dev *hdev; 251 int err; 252 253 BT_DBG("%pMR", &iso_pi(sk)->src); 254 255 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 256 iso_pi(sk)->src_type); 257 if (!hdev) 258 return -EHOSTUNREACH; 259 260 hci_dev_lock(hdev); 261 262 if (!bis_capable(hdev)) { 263 err = -EOPNOTSUPP; 264 goto unlock; 265 } 266 267 /* Fail if out PHYs are marked as disabled */ 268 if (!iso_pi(sk)->qos.out.phy) { 269 err = -EINVAL; 270 goto unlock; 271 } 272 273 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 274 le_addr_type(iso_pi(sk)->dst_type), 275 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 276 iso_pi(sk)->base); 277 if (IS_ERR(hcon)) { 278 err = PTR_ERR(hcon); 279 goto unlock; 280 } 281 282 conn = iso_conn_add(hcon); 283 if (!conn) { 284 hci_conn_drop(hcon); 285 err = -ENOMEM; 286 goto unlock; 287 } 288 289 hci_dev_unlock(hdev); 290 hci_dev_put(hdev); 291 292 err = iso_chan_add(conn, sk, NULL); 293 if (err) 294 return err; 295 296 lock_sock(sk); 297 298 /* Update source addr of the socket */ 299 bacpy(&iso_pi(sk)->src, &hcon->src); 300 301 if (hcon->state == BT_CONNECTED) { 302 iso_sock_clear_timer(sk); 303 sk->sk_state = BT_CONNECTED; 304 } else { 305 sk->sk_state = BT_CONNECT; 306 iso_sock_set_timer(sk, sk->sk_sndtimeo); 307 } 308 309 release_sock(sk); 310 return err; 311 312 unlock: 313 hci_dev_unlock(hdev); 314 hci_dev_put(hdev); 315 return err; 316 } 317 318 static int iso_connect_cis(struct sock *sk) 319 { 320 struct iso_conn *conn; 321 struct hci_conn *hcon; 322 struct hci_dev *hdev; 323 int err; 324 325 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 326 327 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 328 iso_pi(sk)->src_type); 329 if (!hdev) 330 return -EHOSTUNREACH; 331 332 hci_dev_lock(hdev); 333 334 if (!cis_central_capable(hdev)) { 335 err = -EOPNOTSUPP; 336 goto unlock; 337 } 338 339 /* Fail if either PHYs are marked as disabled */ 340 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 341 err = -EINVAL; 342 goto unlock; 343 } 344 345 /* Just bind if DEFER_SETUP has been set */ 346 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 347 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 348 le_addr_type(iso_pi(sk)->dst_type), 349 &iso_pi(sk)->qos); 350 if (IS_ERR(hcon)) { 351 err = PTR_ERR(hcon); 352 goto unlock; 353 } 354 } else { 355 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 356 le_addr_type(iso_pi(sk)->dst_type), 357 &iso_pi(sk)->qos); 358 if (IS_ERR(hcon)) { 359 err = PTR_ERR(hcon); 360 goto unlock; 361 } 362 } 363 364 conn = iso_conn_add(hcon); 365 if (!conn) { 366 hci_conn_drop(hcon); 367 err = -ENOMEM; 368 goto unlock; 369 } 370 371 hci_dev_unlock(hdev); 372 hci_dev_put(hdev); 373 374 err = iso_chan_add(conn, sk, NULL); 375 if (err) 376 return err; 377 378 lock_sock(sk); 379 380 /* Update source addr of the socket */ 381 bacpy(&iso_pi(sk)->src, &hcon->src); 382 383 if (hcon->state == BT_CONNECTED) { 384 iso_sock_clear_timer(sk); 385 sk->sk_state = BT_CONNECTED; 386 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 387 iso_sock_clear_timer(sk); 388 sk->sk_state = BT_CONNECT; 389 } else { 390 sk->sk_state = BT_CONNECT; 391 iso_sock_set_timer(sk, sk->sk_sndtimeo); 392 } 393 394 release_sock(sk); 395 return err; 396 397 unlock: 398 hci_dev_unlock(hdev); 399 hci_dev_put(hdev); 400 return err; 401 } 402 403 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 404 { 405 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 406 return &iso_pi(sk)->conn->hcon->iso_qos; 407 408 return &iso_pi(sk)->qos; 409 } 410 411 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 412 { 413 struct iso_conn *conn = iso_pi(sk)->conn; 414 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 415 struct hci_iso_data_hdr *hdr; 416 int len = 0; 417 418 BT_DBG("sk %p len %d", sk, skb->len); 419 420 if (skb->len > qos->out.sdu) 421 return -EMSGSIZE; 422 423 len = skb->len; 424 425 /* Push ISO data header */ 426 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 427 hdr->sn = cpu_to_le16(conn->tx_sn++); 428 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 429 HCI_ISO_STATUS_VALID)); 430 431 if (sk->sk_state == BT_CONNECTED) 432 hci_send_iso(conn->hcon, skb); 433 else 434 len = -ENOTCONN; 435 436 return len; 437 } 438 439 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 440 { 441 struct sock *sk; 442 443 iso_conn_lock(conn); 444 sk = conn->sk; 445 iso_conn_unlock(conn); 446 447 if (!sk) 448 goto drop; 449 450 BT_DBG("sk %p len %d", sk, skb->len); 451 452 if (sk->sk_state != BT_CONNECTED) 453 goto drop; 454 455 if (!sock_queue_rcv_skb(sk, skb)) 456 return; 457 458 drop: 459 kfree_skb(skb); 460 } 461 462 /* -------- Socket interface ---------- */ 463 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 464 { 465 struct sock *sk; 466 467 sk_for_each(sk, &iso_sk_list.head) { 468 if (sk->sk_state != BT_LISTEN) 469 continue; 470 471 if (!bacmp(&iso_pi(sk)->src, ba)) 472 return sk; 473 } 474 475 return NULL; 476 } 477 478 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 479 __u8 sid) 480 { 481 struct sock *sk; 482 483 sk_for_each(sk, &iso_sk_list.head) { 484 if (sk->sk_state != BT_LISTEN) 485 continue; 486 487 if (bacmp(&iso_pi(sk)->src, ba)) 488 continue; 489 490 if (bacmp(&iso_pi(sk)->dst, bc)) 491 continue; 492 493 if (iso_pi(sk)->bc_sid == sid) 494 return sk; 495 } 496 497 return NULL; 498 } 499 500 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 501 502 /* Find socket listening: 503 * source bdaddr (Unicast) 504 * destination bdaddr (Broadcast only) 505 * match func - pass NULL to ignore 506 * match func data - pass -1 to ignore 507 * Returns closest match. 508 */ 509 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 510 iso_sock_match_t match, void *data) 511 { 512 struct sock *sk = NULL, *sk1 = NULL; 513 514 read_lock(&iso_sk_list.lock); 515 516 sk_for_each(sk, &iso_sk_list.head) { 517 if (sk->sk_state != BT_LISTEN) 518 continue; 519 520 /* Match Broadcast destination */ 521 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 522 continue; 523 524 /* Use Match function if provided */ 525 if (match && !match(sk, data)) 526 continue; 527 528 /* Exact match. */ 529 if (!bacmp(&iso_pi(sk)->src, src)) 530 break; 531 532 /* Closest match */ 533 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 534 sk1 = sk; 535 } 536 537 read_unlock(&iso_sk_list.lock); 538 539 return sk ? sk : sk1; 540 } 541 542 static void iso_sock_destruct(struct sock *sk) 543 { 544 BT_DBG("sk %p", sk); 545 546 skb_queue_purge(&sk->sk_receive_queue); 547 skb_queue_purge(&sk->sk_write_queue); 548 } 549 550 static void iso_sock_cleanup_listen(struct sock *parent) 551 { 552 struct sock *sk; 553 554 BT_DBG("parent %p", parent); 555 556 /* Close not yet accepted channels */ 557 while ((sk = bt_accept_dequeue(parent, NULL))) { 558 iso_sock_close(sk); 559 iso_sock_kill(sk); 560 } 561 562 parent->sk_state = BT_CLOSED; 563 sock_set_flag(parent, SOCK_ZAPPED); 564 } 565 566 /* Kill socket (only if zapped and orphan) 567 * Must be called on unlocked socket. 568 */ 569 static void iso_sock_kill(struct sock *sk) 570 { 571 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 572 sock_flag(sk, SOCK_DEAD)) 573 return; 574 575 BT_DBG("sk %p state %d", sk, sk->sk_state); 576 577 /* Kill poor orphan */ 578 bt_sock_unlink(&iso_sk_list, sk); 579 sock_set_flag(sk, SOCK_DEAD); 580 sock_put(sk); 581 } 582 583 static void iso_conn_defer_reject(struct hci_conn *conn) 584 { 585 struct hci_cp_le_reject_cis cp; 586 587 BT_DBG("conn %p", conn); 588 589 memset(&cp, 0, sizeof(cp)); 590 cp.handle = cpu_to_le16(conn->handle); 591 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 592 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 593 } 594 595 static void __iso_sock_close(struct sock *sk) 596 { 597 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 598 599 switch (sk->sk_state) { 600 case BT_LISTEN: 601 iso_sock_cleanup_listen(sk); 602 break; 603 604 case BT_CONNECTED: 605 case BT_CONFIG: 606 if (iso_pi(sk)->conn->hcon) { 607 sk->sk_state = BT_DISCONN; 608 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 609 iso_conn_lock(iso_pi(sk)->conn); 610 hci_conn_drop(iso_pi(sk)->conn->hcon); 611 iso_pi(sk)->conn->hcon = NULL; 612 iso_conn_unlock(iso_pi(sk)->conn); 613 } else { 614 iso_chan_del(sk, ECONNRESET); 615 } 616 break; 617 618 case BT_CONNECT2: 619 if (iso_pi(sk)->conn->hcon) 620 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 621 iso_chan_del(sk, ECONNRESET); 622 break; 623 case BT_CONNECT: 624 /* In case of DEFER_SETUP the hcon would be bound to CIG which 625 * needs to be removed so just call hci_conn_del so the cleanup 626 * callback do what is needed. 627 */ 628 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 629 iso_pi(sk)->conn->hcon) { 630 hci_conn_del(iso_pi(sk)->conn->hcon); 631 iso_pi(sk)->conn->hcon = NULL; 632 } 633 634 iso_chan_del(sk, ECONNRESET); 635 break; 636 case BT_DISCONN: 637 iso_chan_del(sk, ECONNRESET); 638 break; 639 640 default: 641 sock_set_flag(sk, SOCK_ZAPPED); 642 break; 643 } 644 } 645 646 /* Must be called on unlocked socket. */ 647 static void iso_sock_close(struct sock *sk) 648 { 649 iso_sock_clear_timer(sk); 650 lock_sock(sk); 651 __iso_sock_close(sk); 652 release_sock(sk); 653 iso_sock_kill(sk); 654 } 655 656 static void iso_sock_init(struct sock *sk, struct sock *parent) 657 { 658 BT_DBG("sk %p", sk); 659 660 if (parent) { 661 sk->sk_type = parent->sk_type; 662 bt_sk(sk)->flags = bt_sk(parent)->flags; 663 security_sk_clone(parent, sk); 664 } 665 } 666 667 static struct proto iso_proto = { 668 .name = "ISO", 669 .owner = THIS_MODULE, 670 .obj_size = sizeof(struct iso_pinfo) 671 }; 672 673 #define DEFAULT_IO_QOS \ 674 { \ 675 .interval = 10000u, \ 676 .latency = 10u, \ 677 .sdu = 40u, \ 678 .phy = BT_ISO_PHY_2M, \ 679 .rtn = 2u, \ 680 } 681 682 static struct bt_iso_qos default_qos = { 683 .cig = BT_ISO_QOS_CIG_UNSET, 684 .cis = BT_ISO_QOS_CIS_UNSET, 685 .sca = 0x00, 686 .packing = 0x00, 687 .framing = 0x00, 688 .in = DEFAULT_IO_QOS, 689 .out = DEFAULT_IO_QOS, 690 }; 691 692 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 693 int proto, gfp_t prio, int kern) 694 { 695 struct sock *sk; 696 697 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 698 if (!sk) 699 return NULL; 700 701 sock_init_data(sock, sk); 702 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 703 704 sk->sk_destruct = iso_sock_destruct; 705 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 706 707 sock_reset_flag(sk, SOCK_ZAPPED); 708 709 sk->sk_protocol = proto; 710 sk->sk_state = BT_OPEN; 711 712 /* Set address type as public as default src address is BDADDR_ANY */ 713 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 714 715 iso_pi(sk)->qos = default_qos; 716 717 bt_sock_link(&iso_sk_list, sk); 718 return sk; 719 } 720 721 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 722 int kern) 723 { 724 struct sock *sk; 725 726 BT_DBG("sock %p", sock); 727 728 sock->state = SS_UNCONNECTED; 729 730 if (sock->type != SOCK_SEQPACKET) 731 return -ESOCKTNOSUPPORT; 732 733 sock->ops = &iso_sock_ops; 734 735 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 736 if (!sk) 737 return -ENOMEM; 738 739 iso_sock_init(sk, NULL); 740 return 0; 741 } 742 743 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 744 int addr_len) 745 { 746 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 747 struct sock *sk = sock->sk; 748 int i; 749 750 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 751 sa->iso_bc->bc_num_bis); 752 753 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 754 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 755 return -EINVAL; 756 757 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 758 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 759 iso_pi(sk)->sync_handle = -1; 760 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 761 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 762 763 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 764 if (sa->iso_bc->bc_bis[i] < 0x01 || 765 sa->iso_bc->bc_bis[i] > 0x1f) 766 return -EINVAL; 767 768 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 769 iso_pi(sk)->bc_num_bis); 770 } 771 772 return 0; 773 } 774 775 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 776 int addr_len) 777 { 778 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 779 struct sock *sk = sock->sk; 780 int err = 0; 781 782 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 783 784 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 785 addr->sa_family != AF_BLUETOOTH) 786 return -EINVAL; 787 788 lock_sock(sk); 789 790 if (sk->sk_state != BT_OPEN) { 791 err = -EBADFD; 792 goto done; 793 } 794 795 if (sk->sk_type != SOCK_SEQPACKET) { 796 err = -EINVAL; 797 goto done; 798 } 799 800 /* Check if the address type is of LE type */ 801 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 802 err = -EINVAL; 803 goto done; 804 } 805 806 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 807 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 808 809 /* Check for Broadcast address */ 810 if (addr_len > sizeof(*sa)) { 811 err = iso_sock_bind_bc(sock, addr, addr_len); 812 if (err) 813 goto done; 814 } 815 816 sk->sk_state = BT_BOUND; 817 818 done: 819 release_sock(sk); 820 return err; 821 } 822 823 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 824 int alen, int flags) 825 { 826 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 827 struct sock *sk = sock->sk; 828 int err; 829 830 BT_DBG("sk %p", sk); 831 832 if (alen < sizeof(struct sockaddr_iso) || 833 addr->sa_family != AF_BLUETOOTH) 834 return -EINVAL; 835 836 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 837 return -EBADFD; 838 839 if (sk->sk_type != SOCK_SEQPACKET) 840 return -EINVAL; 841 842 /* Check if the address type is of LE type */ 843 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 844 return -EINVAL; 845 846 lock_sock(sk); 847 848 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 849 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 850 851 release_sock(sk); 852 853 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 854 err = iso_connect_cis(sk); 855 else 856 err = iso_connect_bis(sk); 857 858 if (err) 859 return err; 860 861 lock_sock(sk); 862 863 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 864 err = bt_sock_wait_state(sk, BT_CONNECTED, 865 sock_sndtimeo(sk, flags & O_NONBLOCK)); 866 } 867 868 release_sock(sk); 869 return err; 870 } 871 872 static int iso_listen_bis(struct sock *sk) 873 { 874 struct hci_dev *hdev; 875 int err = 0; 876 877 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 878 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 879 880 write_lock(&iso_sk_list.lock); 881 882 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 883 iso_pi(sk)->bc_sid)) 884 err = -EADDRINUSE; 885 886 write_unlock(&iso_sk_list.lock); 887 888 if (err) 889 return err; 890 891 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 892 iso_pi(sk)->src_type); 893 if (!hdev) 894 return -EHOSTUNREACH; 895 896 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 897 le_addr_type(iso_pi(sk)->dst_type), 898 iso_pi(sk)->bc_sid); 899 900 hci_dev_put(hdev); 901 902 return err; 903 } 904 905 static int iso_listen_cis(struct sock *sk) 906 { 907 int err = 0; 908 909 BT_DBG("%pMR", &iso_pi(sk)->src); 910 911 write_lock(&iso_sk_list.lock); 912 913 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 914 err = -EADDRINUSE; 915 916 write_unlock(&iso_sk_list.lock); 917 918 return err; 919 } 920 921 static int iso_sock_listen(struct socket *sock, int backlog) 922 { 923 struct sock *sk = sock->sk; 924 int err = 0; 925 926 BT_DBG("sk %p backlog %d", sk, backlog); 927 928 lock_sock(sk); 929 930 if (sk->sk_state != BT_BOUND) { 931 err = -EBADFD; 932 goto done; 933 } 934 935 if (sk->sk_type != SOCK_SEQPACKET) { 936 err = -EINVAL; 937 goto done; 938 } 939 940 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 941 err = iso_listen_cis(sk); 942 else 943 err = iso_listen_bis(sk); 944 945 if (err) 946 goto done; 947 948 sk->sk_max_ack_backlog = backlog; 949 sk->sk_ack_backlog = 0; 950 951 sk->sk_state = BT_LISTEN; 952 953 done: 954 release_sock(sk); 955 return err; 956 } 957 958 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 959 int flags, bool kern) 960 { 961 DEFINE_WAIT_FUNC(wait, woken_wake_function); 962 struct sock *sk = sock->sk, *ch; 963 long timeo; 964 int err = 0; 965 966 lock_sock(sk); 967 968 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 969 970 BT_DBG("sk %p timeo %ld", sk, timeo); 971 972 /* Wait for an incoming connection. (wake-one). */ 973 add_wait_queue_exclusive(sk_sleep(sk), &wait); 974 while (1) { 975 if (sk->sk_state != BT_LISTEN) { 976 err = -EBADFD; 977 break; 978 } 979 980 ch = bt_accept_dequeue(sk, newsock); 981 if (ch) 982 break; 983 984 if (!timeo) { 985 err = -EAGAIN; 986 break; 987 } 988 989 if (signal_pending(current)) { 990 err = sock_intr_errno(timeo); 991 break; 992 } 993 994 release_sock(sk); 995 996 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 997 lock_sock(sk); 998 } 999 remove_wait_queue(sk_sleep(sk), &wait); 1000 1001 if (err) 1002 goto done; 1003 1004 newsock->state = SS_CONNECTED; 1005 1006 BT_DBG("new socket %p", ch); 1007 1008 done: 1009 release_sock(sk); 1010 return err; 1011 } 1012 1013 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1014 int peer) 1015 { 1016 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1017 struct sock *sk = sock->sk; 1018 1019 BT_DBG("sock %p, sk %p", sock, sk); 1020 1021 addr->sa_family = AF_BLUETOOTH; 1022 1023 if (peer) { 1024 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1025 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1026 } else { 1027 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1028 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1029 } 1030 1031 return sizeof(struct sockaddr_iso); 1032 } 1033 1034 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1035 size_t len) 1036 { 1037 struct sock *sk = sock->sk; 1038 struct iso_conn *conn = iso_pi(sk)->conn; 1039 struct sk_buff *skb, **frag; 1040 int err; 1041 1042 BT_DBG("sock %p, sk %p", sock, sk); 1043 1044 err = sock_error(sk); 1045 if (err) 1046 return err; 1047 1048 if (msg->msg_flags & MSG_OOB) 1049 return -EOPNOTSUPP; 1050 1051 if (sk->sk_state != BT_CONNECTED) 1052 return -ENOTCONN; 1053 1054 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1055 HCI_ISO_DATA_HDR_SIZE, 0); 1056 if (IS_ERR(skb)) 1057 return PTR_ERR(skb); 1058 1059 len -= skb->len; 1060 1061 BT_DBG("skb %p len %d", sk, skb->len); 1062 1063 /* Continuation fragments */ 1064 frag = &skb_shinfo(skb)->frag_list; 1065 while (len) { 1066 struct sk_buff *tmp; 1067 1068 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1069 0, 0); 1070 if (IS_ERR(tmp)) { 1071 kfree_skb(skb); 1072 return PTR_ERR(tmp); 1073 } 1074 1075 *frag = tmp; 1076 1077 len -= tmp->len; 1078 1079 skb->len += tmp->len; 1080 skb->data_len += tmp->len; 1081 1082 BT_DBG("frag %p len %d", *frag, tmp->len); 1083 1084 frag = &(*frag)->next; 1085 } 1086 1087 lock_sock(sk); 1088 1089 if (sk->sk_state == BT_CONNECTED) 1090 err = iso_send_frame(sk, skb); 1091 else 1092 err = -ENOTCONN; 1093 1094 release_sock(sk); 1095 1096 if (err < 0) 1097 kfree_skb(skb); 1098 return err; 1099 } 1100 1101 static void iso_conn_defer_accept(struct hci_conn *conn) 1102 { 1103 struct hci_cp_le_accept_cis cp; 1104 struct hci_dev *hdev = conn->hdev; 1105 1106 BT_DBG("conn %p", conn); 1107 1108 conn->state = BT_CONFIG; 1109 1110 cp.handle = cpu_to_le16(conn->handle); 1111 1112 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1113 } 1114 1115 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1116 size_t len, int flags) 1117 { 1118 struct sock *sk = sock->sk; 1119 struct iso_pinfo *pi = iso_pi(sk); 1120 1121 BT_DBG("sk %p", sk); 1122 1123 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1124 switch (sk->sk_state) { 1125 case BT_CONNECT2: 1126 lock_sock(sk); 1127 iso_conn_defer_accept(pi->conn->hcon); 1128 sk->sk_state = BT_CONFIG; 1129 release_sock(sk); 1130 return 0; 1131 case BT_CONNECT: 1132 return iso_connect_cis(sk); 1133 } 1134 } 1135 1136 return bt_sock_recvmsg(sock, msg, len, flags); 1137 } 1138 1139 static bool check_io_qos(struct bt_iso_io_qos *qos) 1140 { 1141 /* If no PHY is enable SDU must be 0 */ 1142 if (!qos->phy && qos->sdu) 1143 return false; 1144 1145 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1146 return false; 1147 1148 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1149 return false; 1150 1151 if (qos->phy > BT_ISO_PHY_ANY) 1152 return false; 1153 1154 return true; 1155 } 1156 1157 static bool check_qos(struct bt_iso_qos *qos) 1158 { 1159 if (qos->sca > 0x07) 1160 return false; 1161 1162 if (qos->packing > 0x01) 1163 return false; 1164 1165 if (qos->framing > 0x01) 1166 return false; 1167 1168 if (!check_io_qos(&qos->in)) 1169 return false; 1170 1171 if (!check_io_qos(&qos->out)) 1172 return false; 1173 1174 return true; 1175 } 1176 1177 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1178 sockptr_t optval, unsigned int optlen) 1179 { 1180 struct sock *sk = sock->sk; 1181 int len, err = 0; 1182 struct bt_iso_qos qos; 1183 u32 opt; 1184 1185 BT_DBG("sk %p", sk); 1186 1187 lock_sock(sk); 1188 1189 switch (optname) { 1190 case BT_DEFER_SETUP: 1191 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1192 err = -EINVAL; 1193 break; 1194 } 1195 1196 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1197 err = -EFAULT; 1198 break; 1199 } 1200 1201 if (opt) 1202 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1203 else 1204 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1205 break; 1206 1207 case BT_ISO_QOS: 1208 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1209 sk->sk_state != BT_CONNECT2) { 1210 err = -EINVAL; 1211 break; 1212 } 1213 1214 len = min_t(unsigned int, sizeof(qos), optlen); 1215 if (len != sizeof(qos)) { 1216 err = -EINVAL; 1217 break; 1218 } 1219 1220 memset(&qos, 0, sizeof(qos)); 1221 1222 if (copy_from_sockptr(&qos, optval, len)) { 1223 err = -EFAULT; 1224 break; 1225 } 1226 1227 if (!check_qos(&qos)) { 1228 err = -EINVAL; 1229 break; 1230 } 1231 1232 iso_pi(sk)->qos = qos; 1233 1234 break; 1235 1236 case BT_ISO_BASE: 1237 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1238 sk->sk_state != BT_CONNECT2) { 1239 err = -EINVAL; 1240 break; 1241 } 1242 1243 if (optlen > sizeof(iso_pi(sk)->base)) { 1244 err = -EOVERFLOW; 1245 break; 1246 } 1247 1248 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1249 1250 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1251 err = -EFAULT; 1252 break; 1253 } 1254 1255 iso_pi(sk)->base_len = len; 1256 1257 break; 1258 1259 default: 1260 err = -ENOPROTOOPT; 1261 break; 1262 } 1263 1264 release_sock(sk); 1265 return err; 1266 } 1267 1268 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1269 char __user *optval, int __user *optlen) 1270 { 1271 struct sock *sk = sock->sk; 1272 int len, err = 0; 1273 struct bt_iso_qos *qos; 1274 u8 base_len; 1275 u8 *base; 1276 1277 BT_DBG("sk %p", sk); 1278 1279 if (get_user(len, optlen)) 1280 return -EFAULT; 1281 1282 lock_sock(sk); 1283 1284 switch (optname) { 1285 case BT_DEFER_SETUP: 1286 if (sk->sk_state == BT_CONNECTED) { 1287 err = -EINVAL; 1288 break; 1289 } 1290 1291 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1292 (u32 __user *)optval)) 1293 err = -EFAULT; 1294 1295 break; 1296 1297 case BT_ISO_QOS: 1298 qos = iso_sock_get_qos(sk); 1299 1300 len = min_t(unsigned int, len, sizeof(*qos)); 1301 if (copy_to_user(optval, qos, len)) 1302 err = -EFAULT; 1303 1304 break; 1305 1306 case BT_ISO_BASE: 1307 if (sk->sk_state == BT_CONNECTED) { 1308 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1309 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1310 } else { 1311 base_len = iso_pi(sk)->base_len; 1312 base = iso_pi(sk)->base; 1313 } 1314 1315 len = min_t(unsigned int, len, base_len); 1316 if (copy_to_user(optval, base, len)) 1317 err = -EFAULT; 1318 1319 break; 1320 1321 default: 1322 err = -ENOPROTOOPT; 1323 break; 1324 } 1325 1326 release_sock(sk); 1327 return err; 1328 } 1329 1330 static int iso_sock_shutdown(struct socket *sock, int how) 1331 { 1332 struct sock *sk = sock->sk; 1333 int err = 0; 1334 1335 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1336 1337 if (!sk) 1338 return 0; 1339 1340 sock_hold(sk); 1341 lock_sock(sk); 1342 1343 switch (how) { 1344 case SHUT_RD: 1345 if (sk->sk_shutdown & RCV_SHUTDOWN) 1346 goto unlock; 1347 sk->sk_shutdown |= RCV_SHUTDOWN; 1348 break; 1349 case SHUT_WR: 1350 if (sk->sk_shutdown & SEND_SHUTDOWN) 1351 goto unlock; 1352 sk->sk_shutdown |= SEND_SHUTDOWN; 1353 break; 1354 case SHUT_RDWR: 1355 if (sk->sk_shutdown & SHUTDOWN_MASK) 1356 goto unlock; 1357 sk->sk_shutdown |= SHUTDOWN_MASK; 1358 break; 1359 } 1360 1361 iso_sock_clear_timer(sk); 1362 __iso_sock_close(sk); 1363 1364 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1365 !(current->flags & PF_EXITING)) 1366 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1367 1368 unlock: 1369 release_sock(sk); 1370 sock_put(sk); 1371 1372 return err; 1373 } 1374 1375 static int iso_sock_release(struct socket *sock) 1376 { 1377 struct sock *sk = sock->sk; 1378 int err = 0; 1379 1380 BT_DBG("sock %p, sk %p", sock, sk); 1381 1382 if (!sk) 1383 return 0; 1384 1385 iso_sock_close(sk); 1386 1387 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1388 !(current->flags & PF_EXITING)) { 1389 lock_sock(sk); 1390 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1391 release_sock(sk); 1392 } 1393 1394 sock_orphan(sk); 1395 iso_sock_kill(sk); 1396 return err; 1397 } 1398 1399 static void iso_sock_ready(struct sock *sk) 1400 { 1401 BT_DBG("sk %p", sk); 1402 1403 if (!sk) 1404 return; 1405 1406 lock_sock(sk); 1407 iso_sock_clear_timer(sk); 1408 sk->sk_state = BT_CONNECTED; 1409 sk->sk_state_change(sk); 1410 release_sock(sk); 1411 } 1412 1413 struct iso_list_data { 1414 struct hci_conn *hcon; 1415 int count; 1416 }; 1417 1418 static bool iso_match_big(struct sock *sk, void *data) 1419 { 1420 struct hci_evt_le_big_sync_estabilished *ev = data; 1421 1422 return ev->handle == iso_pi(sk)->qos.big; 1423 } 1424 1425 static void iso_conn_ready(struct iso_conn *conn) 1426 { 1427 struct sock *parent; 1428 struct sock *sk = conn->sk; 1429 struct hci_ev_le_big_sync_estabilished *ev; 1430 struct hci_conn *hcon; 1431 1432 BT_DBG("conn %p", conn); 1433 1434 if (sk) { 1435 iso_sock_ready(conn->sk); 1436 } else { 1437 hcon = conn->hcon; 1438 if (!hcon) 1439 return; 1440 1441 ev = hci_recv_event_data(hcon->hdev, 1442 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1443 if (ev) 1444 parent = iso_get_sock_listen(&hcon->src, 1445 &hcon->dst, 1446 iso_match_big, ev); 1447 else 1448 parent = iso_get_sock_listen(&hcon->src, 1449 BDADDR_ANY, NULL, NULL); 1450 1451 if (!parent) 1452 return; 1453 1454 lock_sock(parent); 1455 1456 sk = iso_sock_alloc(sock_net(parent), NULL, 1457 BTPROTO_ISO, GFP_ATOMIC, 0); 1458 if (!sk) { 1459 release_sock(parent); 1460 return; 1461 } 1462 1463 iso_sock_init(sk, parent); 1464 1465 bacpy(&iso_pi(sk)->src, &hcon->src); 1466 iso_pi(sk)->src_type = hcon->src_type; 1467 1468 /* If hcon has no destination address (BDADDR_ANY) it means it 1469 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1470 * initialize using the parent socket destination address. 1471 */ 1472 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1473 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1474 hcon->dst_type = iso_pi(parent)->dst_type; 1475 hcon->sync_handle = iso_pi(parent)->sync_handle; 1476 } 1477 1478 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1479 iso_pi(sk)->dst_type = hcon->dst_type; 1480 1481 hci_conn_hold(hcon); 1482 iso_chan_add(conn, sk, parent); 1483 1484 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1485 sk->sk_state = BT_CONNECT2; 1486 else 1487 sk->sk_state = BT_CONNECTED; 1488 1489 /* Wake up parent */ 1490 parent->sk_data_ready(parent); 1491 1492 release_sock(parent); 1493 } 1494 } 1495 1496 static bool iso_match_sid(struct sock *sk, void *data) 1497 { 1498 struct hci_ev_le_pa_sync_established *ev = data; 1499 1500 return ev->sid == iso_pi(sk)->bc_sid; 1501 } 1502 1503 static bool iso_match_sync_handle(struct sock *sk, void *data) 1504 { 1505 struct hci_evt_le_big_info_adv_report *ev = data; 1506 1507 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1508 } 1509 1510 /* ----- ISO interface with lower layer (HCI) ----- */ 1511 1512 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1513 { 1514 struct hci_ev_le_pa_sync_established *ev1; 1515 struct hci_evt_le_big_info_adv_report *ev2; 1516 struct sock *sk; 1517 int lm = 0; 1518 1519 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1520 1521 /* Broadcast receiver requires handling of some events before it can 1522 * proceed to establishing a BIG sync: 1523 * 1524 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1525 * SID to listen to and once sync is estabilished its handle needs to 1526 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1527 * receiving the BIG Info. 1528 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1529 * a BIG Info it attempts to check if there any listening socket with 1530 * the same sync_handle and if it does then attempt to create a sync. 1531 */ 1532 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1533 if (ev1) { 1534 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1535 ev1); 1536 if (sk) 1537 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1538 1539 goto done; 1540 } 1541 1542 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1543 if (ev2) { 1544 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1545 iso_match_sync_handle, ev2); 1546 if (sk) { 1547 int err; 1548 1549 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1550 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1551 1552 err = hci_le_big_create_sync(hdev, 1553 &iso_pi(sk)->qos, 1554 iso_pi(sk)->sync_handle, 1555 iso_pi(sk)->bc_num_bis, 1556 iso_pi(sk)->bc_bis); 1557 if (err) { 1558 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1559 err); 1560 sk = NULL; 1561 } 1562 } 1563 } else { 1564 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1565 } 1566 1567 done: 1568 if (!sk) 1569 return lm; 1570 1571 lm |= HCI_LM_ACCEPT; 1572 1573 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1574 *flags |= HCI_PROTO_DEFER; 1575 1576 return lm; 1577 } 1578 1579 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1580 { 1581 if (hcon->type != ISO_LINK) { 1582 if (hcon->type != LE_LINK) 1583 return; 1584 1585 /* Check if LE link has failed */ 1586 if (status) { 1587 if (hcon->link) 1588 iso_conn_del(hcon->link, bt_to_errno(status)); 1589 return; 1590 } 1591 1592 /* Create CIS if pending */ 1593 hci_le_create_cis(hcon); 1594 return; 1595 } 1596 1597 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1598 1599 if (!status) { 1600 struct iso_conn *conn; 1601 1602 conn = iso_conn_add(hcon); 1603 if (conn) 1604 iso_conn_ready(conn); 1605 } else { 1606 iso_conn_del(hcon, bt_to_errno(status)); 1607 } 1608 } 1609 1610 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1611 { 1612 if (hcon->type != ISO_LINK) 1613 return; 1614 1615 BT_DBG("hcon %p reason %d", hcon, reason); 1616 1617 iso_conn_del(hcon, bt_to_errno(reason)); 1618 } 1619 1620 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1621 { 1622 struct iso_conn *conn = hcon->iso_data; 1623 __u16 pb, ts, len; 1624 1625 if (!conn) 1626 goto drop; 1627 1628 pb = hci_iso_flags_pb(flags); 1629 ts = hci_iso_flags_ts(flags); 1630 1631 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1632 1633 switch (pb) { 1634 case ISO_START: 1635 case ISO_SINGLE: 1636 if (conn->rx_len) { 1637 BT_ERR("Unexpected start frame (len %d)", skb->len); 1638 kfree_skb(conn->rx_skb); 1639 conn->rx_skb = NULL; 1640 conn->rx_len = 0; 1641 } 1642 1643 if (ts) { 1644 struct hci_iso_ts_data_hdr *hdr; 1645 1646 /* TODO: add timestamp to the packet? */ 1647 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1648 if (!hdr) { 1649 BT_ERR("Frame is too short (len %d)", skb->len); 1650 goto drop; 1651 } 1652 1653 len = __le16_to_cpu(hdr->slen); 1654 } else { 1655 struct hci_iso_data_hdr *hdr; 1656 1657 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1658 if (!hdr) { 1659 BT_ERR("Frame is too short (len %d)", skb->len); 1660 goto drop; 1661 } 1662 1663 len = __le16_to_cpu(hdr->slen); 1664 } 1665 1666 flags = hci_iso_data_flags(len); 1667 len = hci_iso_data_len(len); 1668 1669 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1670 skb->len, flags); 1671 1672 if (len == skb->len) { 1673 /* Complete frame received */ 1674 iso_recv_frame(conn, skb); 1675 return; 1676 } 1677 1678 if (pb == ISO_SINGLE) { 1679 BT_ERR("Frame malformed (len %d, expected len %d)", 1680 skb->len, len); 1681 goto drop; 1682 } 1683 1684 if (skb->len > len) { 1685 BT_ERR("Frame is too long (len %d, expected len %d)", 1686 skb->len, len); 1687 goto drop; 1688 } 1689 1690 /* Allocate skb for the complete frame (with header) */ 1691 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1692 if (!conn->rx_skb) 1693 goto drop; 1694 1695 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1696 skb->len); 1697 conn->rx_len = len - skb->len; 1698 break; 1699 1700 case ISO_CONT: 1701 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1702 conn->rx_len); 1703 1704 if (!conn->rx_len) { 1705 BT_ERR("Unexpected continuation frame (len %d)", 1706 skb->len); 1707 goto drop; 1708 } 1709 1710 if (skb->len > conn->rx_len) { 1711 BT_ERR("Fragment is too long (len %d, expected %d)", 1712 skb->len, conn->rx_len); 1713 kfree_skb(conn->rx_skb); 1714 conn->rx_skb = NULL; 1715 conn->rx_len = 0; 1716 goto drop; 1717 } 1718 1719 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1720 skb->len); 1721 conn->rx_len -= skb->len; 1722 return; 1723 1724 case ISO_END: 1725 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1726 skb->len); 1727 conn->rx_len -= skb->len; 1728 1729 if (!conn->rx_len) { 1730 struct sk_buff *rx_skb = conn->rx_skb; 1731 1732 /* Complete frame received. iso_recv_frame 1733 * takes ownership of the skb so set the global 1734 * rx_skb pointer to NULL first. 1735 */ 1736 conn->rx_skb = NULL; 1737 iso_recv_frame(conn, rx_skb); 1738 } 1739 break; 1740 } 1741 1742 drop: 1743 kfree_skb(skb); 1744 } 1745 1746 static struct hci_cb iso_cb = { 1747 .name = "ISO", 1748 .connect_cfm = iso_connect_cfm, 1749 .disconn_cfm = iso_disconn_cfm, 1750 }; 1751 1752 static int iso_debugfs_show(struct seq_file *f, void *p) 1753 { 1754 struct sock *sk; 1755 1756 read_lock(&iso_sk_list.lock); 1757 1758 sk_for_each(sk, &iso_sk_list.head) { 1759 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1760 &iso_pi(sk)->dst, sk->sk_state); 1761 } 1762 1763 read_unlock(&iso_sk_list.lock); 1764 1765 return 0; 1766 } 1767 1768 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1769 1770 static struct dentry *iso_debugfs; 1771 1772 static const struct proto_ops iso_sock_ops = { 1773 .family = PF_BLUETOOTH, 1774 .owner = THIS_MODULE, 1775 .release = iso_sock_release, 1776 .bind = iso_sock_bind, 1777 .connect = iso_sock_connect, 1778 .listen = iso_sock_listen, 1779 .accept = iso_sock_accept, 1780 .getname = iso_sock_getname, 1781 .sendmsg = iso_sock_sendmsg, 1782 .recvmsg = iso_sock_recvmsg, 1783 .poll = bt_sock_poll, 1784 .ioctl = bt_sock_ioctl, 1785 .mmap = sock_no_mmap, 1786 .socketpair = sock_no_socketpair, 1787 .shutdown = iso_sock_shutdown, 1788 .setsockopt = iso_sock_setsockopt, 1789 .getsockopt = iso_sock_getsockopt 1790 }; 1791 1792 static const struct net_proto_family iso_sock_family_ops = { 1793 .family = PF_BLUETOOTH, 1794 .owner = THIS_MODULE, 1795 .create = iso_sock_create, 1796 }; 1797 1798 static bool iso_inited; 1799 1800 bool iso_enabled(void) 1801 { 1802 return iso_inited; 1803 } 1804 1805 int iso_init(void) 1806 { 1807 int err; 1808 1809 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1810 1811 if (iso_inited) 1812 return -EALREADY; 1813 1814 err = proto_register(&iso_proto, 0); 1815 if (err < 0) 1816 return err; 1817 1818 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1819 if (err < 0) { 1820 BT_ERR("ISO socket registration failed"); 1821 goto error; 1822 } 1823 1824 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1825 if (err < 0) { 1826 BT_ERR("Failed to create ISO proc file"); 1827 bt_sock_unregister(BTPROTO_ISO); 1828 goto error; 1829 } 1830 1831 BT_INFO("ISO socket layer initialized"); 1832 1833 hci_register_cb(&iso_cb); 1834 1835 if (IS_ERR_OR_NULL(bt_debugfs)) 1836 return 0; 1837 1838 if (!iso_debugfs) { 1839 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1840 NULL, &iso_debugfs_fops); 1841 } 1842 1843 iso_inited = true; 1844 1845 return 0; 1846 1847 error: 1848 proto_unregister(&iso_proto); 1849 return err; 1850 } 1851 1852 int iso_exit(void) 1853 { 1854 if (!iso_inited) 1855 return -EALREADY; 1856 1857 bt_procfs_cleanup(&init_net, "iso"); 1858 1859 debugfs_remove(iso_debugfs); 1860 iso_debugfs = NULL; 1861 1862 hci_unregister_cb(&iso_cb); 1863 1864 bt_sock_unregister(BTPROTO_ISO); 1865 1866 proto_unregister(&iso_proto); 1867 1868 iso_inited = false; 1869 1870 return 0; 1871 } 1872