1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023 NXP 7 */ 8 9 #include <linux/module.h> 10 #include <linux/debugfs.h> 11 #include <linux/seq_file.h> 12 #include <linux/sched/signal.h> 13 14 #include <net/bluetooth/bluetooth.h> 15 #include <net/bluetooth/hci_core.h> 16 #include <net/bluetooth/iso.h> 17 18 static const struct proto_ops iso_sock_ops; 19 20 static struct bt_sock_list iso_sk_list = { 21 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 22 }; 23 24 /* ---- ISO connections ---- */ 25 struct iso_conn { 26 struct hci_conn *hcon; 27 28 /* @lock: spinlock protecting changes to iso_conn fields */ 29 spinlock_t lock; 30 struct sock *sk; 31 32 struct delayed_work timeout_work; 33 34 struct sk_buff *rx_skb; 35 __u32 rx_len; 36 __u16 tx_sn; 37 }; 38 39 #define iso_conn_lock(c) spin_lock(&(c)->lock) 40 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 41 42 static void iso_sock_close(struct sock *sk); 43 static void iso_sock_kill(struct sock *sk); 44 45 /* ----- ISO socket info ----- */ 46 #define iso_pi(sk) ((struct iso_pinfo *)sk) 47 48 #define EIR_SERVICE_DATA_LENGTH 4 49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 50 51 /* iso_pinfo flags values */ 52 enum { 53 BT_SK_BIG_SYNC, 54 }; 55 56 struct iso_pinfo { 57 struct bt_sock bt; 58 bdaddr_t src; 59 __u8 src_type; 60 bdaddr_t dst; 61 __u8 dst_type; 62 __u8 bc_sid; 63 __u8 bc_num_bis; 64 __u8 bc_bis[ISO_MAX_NUM_BIS]; 65 __u16 sync_handle; 66 unsigned long flags; 67 struct bt_iso_qos qos; 68 bool qos_user_set; 69 __u8 base_len; 70 __u8 base[BASE_MAX_LENGTH]; 71 struct iso_conn *conn; 72 }; 73 74 static struct bt_iso_qos default_qos; 75 76 static bool check_ucast_qos(struct bt_iso_qos *qos); 77 static bool check_bcast_qos(struct bt_iso_qos *qos); 78 79 /* ---- ISO timers ---- */ 80 #define ISO_CONN_TIMEOUT (HZ * 40) 81 #define ISO_DISCONN_TIMEOUT (HZ * 2) 82 83 static void iso_sock_timeout(struct work_struct *work) 84 { 85 struct iso_conn *conn = container_of(work, struct iso_conn, 86 timeout_work.work); 87 struct sock *sk; 88 89 iso_conn_lock(conn); 90 sk = conn->sk; 91 if (sk) 92 sock_hold(sk); 93 iso_conn_unlock(conn); 94 95 if (!sk) 96 return; 97 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 100 lock_sock(sk); 101 sk->sk_err = ETIMEDOUT; 102 sk->sk_state_change(sk); 103 release_sock(sk); 104 sock_put(sk); 105 } 106 107 static void iso_sock_set_timer(struct sock *sk, long timeout) 108 { 109 if (!iso_pi(sk)->conn) 110 return; 111 112 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 113 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 114 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 115 } 116 117 static void iso_sock_clear_timer(struct sock *sk) 118 { 119 if (!iso_pi(sk)->conn) 120 return; 121 122 BT_DBG("sock %p state %d", sk, sk->sk_state); 123 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 124 } 125 126 /* ---- ISO connections ---- */ 127 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 128 { 129 struct iso_conn *conn = hcon->iso_data; 130 131 if (conn) { 132 if (!conn->hcon) 133 conn->hcon = hcon; 134 return conn; 135 } 136 137 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 138 if (!conn) 139 return NULL; 140 141 spin_lock_init(&conn->lock); 142 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 143 144 hcon->iso_data = conn; 145 conn->hcon = hcon; 146 conn->tx_sn = 0; 147 148 BT_DBG("hcon %p conn %p", hcon, conn); 149 150 return conn; 151 } 152 153 /* Delete channel. Must be called on the locked socket. */ 154 static void iso_chan_del(struct sock *sk, int err) 155 { 156 struct iso_conn *conn; 157 struct sock *parent; 158 159 conn = iso_pi(sk)->conn; 160 161 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 162 163 if (conn) { 164 iso_conn_lock(conn); 165 conn->sk = NULL; 166 iso_pi(sk)->conn = NULL; 167 iso_conn_unlock(conn); 168 169 if (conn->hcon) 170 hci_conn_drop(conn->hcon); 171 } 172 173 sk->sk_state = BT_CLOSED; 174 sk->sk_err = err; 175 176 parent = bt_sk(sk)->parent; 177 if (parent) { 178 bt_accept_unlink(sk); 179 parent->sk_data_ready(parent); 180 } else { 181 sk->sk_state_change(sk); 182 } 183 184 sock_set_flag(sk, SOCK_ZAPPED); 185 } 186 187 static void iso_conn_del(struct hci_conn *hcon, int err) 188 { 189 struct iso_conn *conn = hcon->iso_data; 190 struct sock *sk; 191 192 if (!conn) 193 return; 194 195 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 196 197 /* Kill socket */ 198 iso_conn_lock(conn); 199 sk = conn->sk; 200 if (sk) 201 sock_hold(sk); 202 iso_conn_unlock(conn); 203 204 if (sk) { 205 lock_sock(sk); 206 iso_sock_clear_timer(sk); 207 iso_chan_del(sk, err); 208 release_sock(sk); 209 sock_put(sk); 210 } 211 212 /* Ensure no more work items will run before freeing conn. */ 213 cancel_delayed_work_sync(&conn->timeout_work); 214 215 hcon->iso_data = NULL; 216 kfree(conn); 217 } 218 219 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 220 struct sock *parent) 221 { 222 BT_DBG("conn %p", conn); 223 224 if (iso_pi(sk)->conn == conn && conn->sk == sk) 225 return 0; 226 227 if (conn->sk) { 228 BT_ERR("conn->sk already set"); 229 return -EBUSY; 230 } 231 232 iso_pi(sk)->conn = conn; 233 conn->sk = sk; 234 235 if (parent) 236 bt_accept_enqueue(parent, sk, true); 237 238 return 0; 239 } 240 241 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 242 struct sock *parent) 243 { 244 int err; 245 246 iso_conn_lock(conn); 247 err = __iso_chan_add(conn, sk, parent); 248 iso_conn_unlock(conn); 249 250 return err; 251 } 252 253 static inline u8 le_addr_type(u8 bdaddr_type) 254 { 255 if (bdaddr_type == BDADDR_LE_PUBLIC) 256 return ADDR_LE_DEV_PUBLIC; 257 else 258 return ADDR_LE_DEV_RANDOM; 259 } 260 261 static int iso_connect_bis(struct sock *sk) 262 { 263 struct iso_conn *conn; 264 struct hci_conn *hcon; 265 struct hci_dev *hdev; 266 int err; 267 268 BT_DBG("%pMR", &iso_pi(sk)->src); 269 270 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 271 iso_pi(sk)->src_type); 272 if (!hdev) 273 return -EHOSTUNREACH; 274 275 hci_dev_lock(hdev); 276 277 if (!bis_capable(hdev)) { 278 err = -EOPNOTSUPP; 279 goto unlock; 280 } 281 282 /* Fail if user set invalid QoS */ 283 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 284 iso_pi(sk)->qos = default_qos; 285 err = -EINVAL; 286 goto unlock; 287 } 288 289 /* Fail if out PHYs are marked as disabled */ 290 if (!iso_pi(sk)->qos.bcast.out.phy) { 291 err = -EINVAL; 292 goto unlock; 293 } 294 295 /* Just bind if DEFER_SETUP has been set */ 296 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 297 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, 298 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 299 iso_pi(sk)->base); 300 if (IS_ERR(hcon)) { 301 err = PTR_ERR(hcon); 302 goto unlock; 303 } 304 } else { 305 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 306 le_addr_type(iso_pi(sk)->dst_type), 307 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 308 iso_pi(sk)->base); 309 if (IS_ERR(hcon)) { 310 err = PTR_ERR(hcon); 311 goto unlock; 312 } 313 } 314 315 conn = iso_conn_add(hcon); 316 if (!conn) { 317 hci_conn_drop(hcon); 318 err = -ENOMEM; 319 goto unlock; 320 } 321 322 lock_sock(sk); 323 324 err = iso_chan_add(conn, sk, NULL); 325 if (err) { 326 release_sock(sk); 327 goto unlock; 328 } 329 330 /* Update source addr of the socket */ 331 bacpy(&iso_pi(sk)->src, &hcon->src); 332 333 if (hcon->state == BT_CONNECTED) { 334 iso_sock_clear_timer(sk); 335 sk->sk_state = BT_CONNECTED; 336 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 337 iso_sock_clear_timer(sk); 338 sk->sk_state = BT_CONNECT; 339 } else { 340 sk->sk_state = BT_CONNECT; 341 iso_sock_set_timer(sk, sk->sk_sndtimeo); 342 } 343 344 release_sock(sk); 345 346 unlock: 347 hci_dev_unlock(hdev); 348 hci_dev_put(hdev); 349 return err; 350 } 351 352 static int iso_connect_cis(struct sock *sk) 353 { 354 struct iso_conn *conn; 355 struct hci_conn *hcon; 356 struct hci_dev *hdev; 357 int err; 358 359 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 360 361 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 362 iso_pi(sk)->src_type); 363 if (!hdev) 364 return -EHOSTUNREACH; 365 366 hci_dev_lock(hdev); 367 368 if (!cis_central_capable(hdev)) { 369 err = -EOPNOTSUPP; 370 goto unlock; 371 } 372 373 /* Fail if user set invalid QoS */ 374 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 375 iso_pi(sk)->qos = default_qos; 376 err = -EINVAL; 377 goto unlock; 378 } 379 380 /* Fail if either PHYs are marked as disabled */ 381 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 382 err = -EINVAL; 383 goto unlock; 384 } 385 386 /* Just bind if DEFER_SETUP has been set */ 387 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 388 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 389 le_addr_type(iso_pi(sk)->dst_type), 390 &iso_pi(sk)->qos); 391 if (IS_ERR(hcon)) { 392 err = PTR_ERR(hcon); 393 goto unlock; 394 } 395 } else { 396 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 397 le_addr_type(iso_pi(sk)->dst_type), 398 &iso_pi(sk)->qos); 399 if (IS_ERR(hcon)) { 400 err = PTR_ERR(hcon); 401 goto unlock; 402 } 403 } 404 405 conn = iso_conn_add(hcon); 406 if (!conn) { 407 hci_conn_drop(hcon); 408 err = -ENOMEM; 409 goto unlock; 410 } 411 412 lock_sock(sk); 413 414 err = iso_chan_add(conn, sk, NULL); 415 if (err) { 416 release_sock(sk); 417 goto unlock; 418 } 419 420 /* Update source addr of the socket */ 421 bacpy(&iso_pi(sk)->src, &hcon->src); 422 423 if (hcon->state == BT_CONNECTED) { 424 iso_sock_clear_timer(sk); 425 sk->sk_state = BT_CONNECTED; 426 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 427 iso_sock_clear_timer(sk); 428 sk->sk_state = BT_CONNECT; 429 } else { 430 sk->sk_state = BT_CONNECT; 431 iso_sock_set_timer(sk, sk->sk_sndtimeo); 432 } 433 434 release_sock(sk); 435 436 unlock: 437 hci_dev_unlock(hdev); 438 hci_dev_put(hdev); 439 return err; 440 } 441 442 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 443 { 444 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 445 return &iso_pi(sk)->conn->hcon->iso_qos; 446 447 return &iso_pi(sk)->qos; 448 } 449 450 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 451 { 452 struct iso_conn *conn = iso_pi(sk)->conn; 453 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 454 struct hci_iso_data_hdr *hdr; 455 int len = 0; 456 457 BT_DBG("sk %p len %d", sk, skb->len); 458 459 if (skb->len > qos->ucast.out.sdu) 460 return -EMSGSIZE; 461 462 len = skb->len; 463 464 /* Push ISO data header */ 465 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 466 hdr->sn = cpu_to_le16(conn->tx_sn++); 467 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 468 HCI_ISO_STATUS_VALID)); 469 470 if (sk->sk_state == BT_CONNECTED) 471 hci_send_iso(conn->hcon, skb); 472 else 473 len = -ENOTCONN; 474 475 return len; 476 } 477 478 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 479 { 480 struct sock *sk; 481 482 iso_conn_lock(conn); 483 sk = conn->sk; 484 iso_conn_unlock(conn); 485 486 if (!sk) 487 goto drop; 488 489 BT_DBG("sk %p len %d", sk, skb->len); 490 491 if (sk->sk_state != BT_CONNECTED) 492 goto drop; 493 494 if (!sock_queue_rcv_skb(sk, skb)) 495 return; 496 497 drop: 498 kfree_skb(skb); 499 } 500 501 /* -------- Socket interface ---------- */ 502 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 503 { 504 struct sock *sk; 505 506 sk_for_each(sk, &iso_sk_list.head) { 507 if (sk->sk_state != BT_LISTEN) 508 continue; 509 510 if (!bacmp(&iso_pi(sk)->src, ba)) 511 return sk; 512 } 513 514 return NULL; 515 } 516 517 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 518 __u8 sid) 519 { 520 struct sock *sk; 521 522 sk_for_each(sk, &iso_sk_list.head) { 523 if (sk->sk_state != BT_LISTEN) 524 continue; 525 526 if (bacmp(&iso_pi(sk)->src, ba)) 527 continue; 528 529 if (bacmp(&iso_pi(sk)->dst, bc)) 530 continue; 531 532 if (iso_pi(sk)->bc_sid == sid) 533 return sk; 534 } 535 536 return NULL; 537 } 538 539 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 540 541 /* Find socket listening: 542 * source bdaddr (Unicast) 543 * destination bdaddr (Broadcast only) 544 * match func - pass NULL to ignore 545 * match func data - pass -1 to ignore 546 * Returns closest match. 547 */ 548 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 549 iso_sock_match_t match, void *data) 550 { 551 struct sock *sk = NULL, *sk1 = NULL; 552 553 read_lock(&iso_sk_list.lock); 554 555 sk_for_each(sk, &iso_sk_list.head) { 556 if (sk->sk_state != BT_LISTEN) 557 continue; 558 559 /* Match Broadcast destination */ 560 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 561 continue; 562 563 /* Use Match function if provided */ 564 if (match && !match(sk, data)) 565 continue; 566 567 /* Exact match. */ 568 if (!bacmp(&iso_pi(sk)->src, src)) 569 break; 570 571 /* Closest match */ 572 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 573 sk1 = sk; 574 } 575 576 read_unlock(&iso_sk_list.lock); 577 578 return sk ? sk : sk1; 579 } 580 581 static void iso_sock_destruct(struct sock *sk) 582 { 583 BT_DBG("sk %p", sk); 584 585 skb_queue_purge(&sk->sk_receive_queue); 586 skb_queue_purge(&sk->sk_write_queue); 587 } 588 589 static void iso_sock_cleanup_listen(struct sock *parent) 590 { 591 struct sock *sk; 592 593 BT_DBG("parent %p", parent); 594 595 /* Close not yet accepted channels */ 596 while ((sk = bt_accept_dequeue(parent, NULL))) { 597 iso_sock_close(sk); 598 iso_sock_kill(sk); 599 } 600 601 parent->sk_state = BT_CLOSED; 602 sock_set_flag(parent, SOCK_ZAPPED); 603 } 604 605 /* Kill socket (only if zapped and orphan) 606 * Must be called on unlocked socket. 607 */ 608 static void iso_sock_kill(struct sock *sk) 609 { 610 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 611 sock_flag(sk, SOCK_DEAD)) 612 return; 613 614 BT_DBG("sk %p state %d", sk, sk->sk_state); 615 616 /* Kill poor orphan */ 617 bt_sock_unlink(&iso_sk_list, sk); 618 sock_set_flag(sk, SOCK_DEAD); 619 sock_put(sk); 620 } 621 622 static void __iso_sock_close(struct sock *sk) 623 { 624 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 625 626 switch (sk->sk_state) { 627 case BT_LISTEN: 628 iso_sock_cleanup_listen(sk); 629 break; 630 631 case BT_CONNECT: 632 case BT_CONNECTED: 633 case BT_CONFIG: 634 if (iso_pi(sk)->conn->hcon) { 635 sk->sk_state = BT_DISCONN; 636 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 637 iso_conn_lock(iso_pi(sk)->conn); 638 hci_conn_drop(iso_pi(sk)->conn->hcon); 639 iso_pi(sk)->conn->hcon = NULL; 640 iso_conn_unlock(iso_pi(sk)->conn); 641 } else { 642 iso_chan_del(sk, ECONNRESET); 643 } 644 break; 645 646 case BT_CONNECT2: 647 iso_chan_del(sk, ECONNRESET); 648 break; 649 case BT_DISCONN: 650 iso_chan_del(sk, ECONNRESET); 651 break; 652 653 default: 654 sock_set_flag(sk, SOCK_ZAPPED); 655 break; 656 } 657 } 658 659 /* Must be called on unlocked socket. */ 660 static void iso_sock_close(struct sock *sk) 661 { 662 iso_sock_clear_timer(sk); 663 lock_sock(sk); 664 __iso_sock_close(sk); 665 release_sock(sk); 666 iso_sock_kill(sk); 667 } 668 669 static void iso_sock_init(struct sock *sk, struct sock *parent) 670 { 671 BT_DBG("sk %p", sk); 672 673 if (parent) { 674 sk->sk_type = parent->sk_type; 675 bt_sk(sk)->flags = bt_sk(parent)->flags; 676 security_sk_clone(parent, sk); 677 } 678 } 679 680 static struct proto iso_proto = { 681 .name = "ISO", 682 .owner = THIS_MODULE, 683 .obj_size = sizeof(struct iso_pinfo) 684 }; 685 686 #define DEFAULT_IO_QOS \ 687 { \ 688 .interval = 10000u, \ 689 .latency = 10u, \ 690 .sdu = 40u, \ 691 .phy = BT_ISO_PHY_2M, \ 692 .rtn = 2u, \ 693 } 694 695 static struct bt_iso_qos default_qos = { 696 .bcast = { 697 .big = BT_ISO_QOS_BIG_UNSET, 698 .bis = BT_ISO_QOS_BIS_UNSET, 699 .sync_factor = 0x01, 700 .packing = 0x00, 701 .framing = 0x00, 702 .in = DEFAULT_IO_QOS, 703 .out = DEFAULT_IO_QOS, 704 .encryption = 0x00, 705 .bcode = {0x00}, 706 .options = 0x00, 707 .skip = 0x0000, 708 .sync_timeout = 0x4000, 709 .sync_cte_type = 0x00, 710 .mse = 0x00, 711 .timeout = 0x4000, 712 }, 713 }; 714 715 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 716 int proto, gfp_t prio, int kern) 717 { 718 struct sock *sk; 719 720 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern); 721 if (!sk) 722 return NULL; 723 724 sk->sk_destruct = iso_sock_destruct; 725 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 726 727 /* Set address type as public as default src address is BDADDR_ANY */ 728 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 729 730 iso_pi(sk)->qos = default_qos; 731 732 bt_sock_link(&iso_sk_list, sk); 733 return sk; 734 } 735 736 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 737 int kern) 738 { 739 struct sock *sk; 740 741 BT_DBG("sock %p", sock); 742 743 sock->state = SS_UNCONNECTED; 744 745 if (sock->type != SOCK_SEQPACKET) 746 return -ESOCKTNOSUPPORT; 747 748 sock->ops = &iso_sock_ops; 749 750 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 751 if (!sk) 752 return -ENOMEM; 753 754 iso_sock_init(sk, NULL); 755 return 0; 756 } 757 758 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 759 int addr_len) 760 { 761 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 762 struct sock *sk = sock->sk; 763 int i; 764 765 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 766 sa->iso_bc->bc_num_bis); 767 768 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 769 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 770 return -EINVAL; 771 772 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 773 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 774 iso_pi(sk)->sync_handle = -1; 775 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 776 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 777 778 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 779 if (sa->iso_bc->bc_bis[i] < 0x01 || 780 sa->iso_bc->bc_bis[i] > 0x1f) 781 return -EINVAL; 782 783 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 784 iso_pi(sk)->bc_num_bis); 785 } 786 787 return 0; 788 } 789 790 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 791 int addr_len) 792 { 793 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 794 struct sock *sk = sock->sk; 795 int err = 0; 796 797 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 798 799 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 800 addr->sa_family != AF_BLUETOOTH) 801 return -EINVAL; 802 803 lock_sock(sk); 804 805 if (sk->sk_state != BT_OPEN) { 806 err = -EBADFD; 807 goto done; 808 } 809 810 if (sk->sk_type != SOCK_SEQPACKET) { 811 err = -EINVAL; 812 goto done; 813 } 814 815 /* Check if the address type is of LE type */ 816 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 817 err = -EINVAL; 818 goto done; 819 } 820 821 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 822 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 823 824 /* Check for Broadcast address */ 825 if (addr_len > sizeof(*sa)) { 826 err = iso_sock_bind_bc(sock, addr, addr_len); 827 if (err) 828 goto done; 829 } 830 831 sk->sk_state = BT_BOUND; 832 833 done: 834 release_sock(sk); 835 return err; 836 } 837 838 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 839 int alen, int flags) 840 { 841 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 842 struct sock *sk = sock->sk; 843 int err; 844 845 BT_DBG("sk %p", sk); 846 847 if (alen < sizeof(struct sockaddr_iso) || 848 addr->sa_family != AF_BLUETOOTH) 849 return -EINVAL; 850 851 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 852 return -EBADFD; 853 854 if (sk->sk_type != SOCK_SEQPACKET) 855 return -EINVAL; 856 857 /* Check if the address type is of LE type */ 858 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 859 return -EINVAL; 860 861 lock_sock(sk); 862 863 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 864 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 865 866 release_sock(sk); 867 868 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 869 err = iso_connect_cis(sk); 870 else 871 err = iso_connect_bis(sk); 872 873 if (err) 874 return err; 875 876 lock_sock(sk); 877 878 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 879 err = bt_sock_wait_state(sk, BT_CONNECTED, 880 sock_sndtimeo(sk, flags & O_NONBLOCK)); 881 } 882 883 release_sock(sk); 884 return err; 885 } 886 887 static int iso_listen_bis(struct sock *sk) 888 { 889 struct hci_dev *hdev; 890 int err = 0; 891 892 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 893 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 894 895 write_lock(&iso_sk_list.lock); 896 897 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 898 iso_pi(sk)->bc_sid)) 899 err = -EADDRINUSE; 900 901 write_unlock(&iso_sk_list.lock); 902 903 if (err) 904 return err; 905 906 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 907 iso_pi(sk)->src_type); 908 if (!hdev) 909 return -EHOSTUNREACH; 910 911 /* Fail if user set invalid QoS */ 912 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 913 iso_pi(sk)->qos = default_qos; 914 return -EINVAL; 915 } 916 917 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 918 le_addr_type(iso_pi(sk)->dst_type), 919 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 920 921 hci_dev_put(hdev); 922 923 return err; 924 } 925 926 static int iso_listen_cis(struct sock *sk) 927 { 928 int err = 0; 929 930 BT_DBG("%pMR", &iso_pi(sk)->src); 931 932 write_lock(&iso_sk_list.lock); 933 934 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 935 err = -EADDRINUSE; 936 937 write_unlock(&iso_sk_list.lock); 938 939 return err; 940 } 941 942 static int iso_sock_listen(struct socket *sock, int backlog) 943 { 944 struct sock *sk = sock->sk; 945 int err = 0; 946 947 BT_DBG("sk %p backlog %d", sk, backlog); 948 949 lock_sock(sk); 950 951 if (sk->sk_state != BT_BOUND) { 952 err = -EBADFD; 953 goto done; 954 } 955 956 if (sk->sk_type != SOCK_SEQPACKET) { 957 err = -EINVAL; 958 goto done; 959 } 960 961 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 962 err = iso_listen_cis(sk); 963 else 964 err = iso_listen_bis(sk); 965 966 if (err) 967 goto done; 968 969 sk->sk_max_ack_backlog = backlog; 970 sk->sk_ack_backlog = 0; 971 972 sk->sk_state = BT_LISTEN; 973 974 done: 975 release_sock(sk); 976 return err; 977 } 978 979 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 980 int flags, bool kern) 981 { 982 DEFINE_WAIT_FUNC(wait, woken_wake_function); 983 struct sock *sk = sock->sk, *ch; 984 long timeo; 985 int err = 0; 986 987 lock_sock(sk); 988 989 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 990 991 BT_DBG("sk %p timeo %ld", sk, timeo); 992 993 /* Wait for an incoming connection. (wake-one). */ 994 add_wait_queue_exclusive(sk_sleep(sk), &wait); 995 while (1) { 996 if (sk->sk_state != BT_LISTEN) { 997 err = -EBADFD; 998 break; 999 } 1000 1001 ch = bt_accept_dequeue(sk, newsock); 1002 if (ch) 1003 break; 1004 1005 if (!timeo) { 1006 err = -EAGAIN; 1007 break; 1008 } 1009 1010 if (signal_pending(current)) { 1011 err = sock_intr_errno(timeo); 1012 break; 1013 } 1014 1015 release_sock(sk); 1016 1017 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1018 lock_sock(sk); 1019 } 1020 remove_wait_queue(sk_sleep(sk), &wait); 1021 1022 if (err) 1023 goto done; 1024 1025 newsock->state = SS_CONNECTED; 1026 1027 BT_DBG("new socket %p", ch); 1028 1029 done: 1030 release_sock(sk); 1031 return err; 1032 } 1033 1034 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1035 int peer) 1036 { 1037 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1038 struct sock *sk = sock->sk; 1039 1040 BT_DBG("sock %p, sk %p", sock, sk); 1041 1042 addr->sa_family = AF_BLUETOOTH; 1043 1044 if (peer) { 1045 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1046 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1047 } else { 1048 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1049 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1050 } 1051 1052 return sizeof(struct sockaddr_iso); 1053 } 1054 1055 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1056 size_t len) 1057 { 1058 struct sock *sk = sock->sk; 1059 struct sk_buff *skb, **frag; 1060 size_t mtu; 1061 int err; 1062 1063 BT_DBG("sock %p, sk %p", sock, sk); 1064 1065 err = sock_error(sk); 1066 if (err) 1067 return err; 1068 1069 if (msg->msg_flags & MSG_OOB) 1070 return -EOPNOTSUPP; 1071 1072 lock_sock(sk); 1073 1074 if (sk->sk_state != BT_CONNECTED) { 1075 release_sock(sk); 1076 return -ENOTCONN; 1077 } 1078 1079 mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; 1080 1081 release_sock(sk); 1082 1083 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0); 1084 if (IS_ERR(skb)) 1085 return PTR_ERR(skb); 1086 1087 len -= skb->len; 1088 1089 BT_DBG("skb %p len %d", sk, skb->len); 1090 1091 /* Continuation fragments */ 1092 frag = &skb_shinfo(skb)->frag_list; 1093 while (len) { 1094 struct sk_buff *tmp; 1095 1096 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0); 1097 if (IS_ERR(tmp)) { 1098 kfree_skb(skb); 1099 return PTR_ERR(tmp); 1100 } 1101 1102 *frag = tmp; 1103 1104 len -= tmp->len; 1105 1106 skb->len += tmp->len; 1107 skb->data_len += tmp->len; 1108 1109 BT_DBG("frag %p len %d", *frag, tmp->len); 1110 1111 frag = &(*frag)->next; 1112 } 1113 1114 lock_sock(sk); 1115 1116 if (sk->sk_state == BT_CONNECTED) 1117 err = iso_send_frame(sk, skb); 1118 else 1119 err = -ENOTCONN; 1120 1121 release_sock(sk); 1122 1123 if (err < 0) 1124 kfree_skb(skb); 1125 return err; 1126 } 1127 1128 static void iso_conn_defer_accept(struct hci_conn *conn) 1129 { 1130 struct hci_cp_le_accept_cis cp; 1131 struct hci_dev *hdev = conn->hdev; 1132 1133 BT_DBG("conn %p", conn); 1134 1135 conn->state = BT_CONFIG; 1136 1137 cp.handle = cpu_to_le16(conn->handle); 1138 1139 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1140 } 1141 1142 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1143 size_t len, int flags) 1144 { 1145 struct sock *sk = sock->sk; 1146 struct iso_pinfo *pi = iso_pi(sk); 1147 1148 BT_DBG("sk %p", sk); 1149 1150 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1151 lock_sock(sk); 1152 switch (sk->sk_state) { 1153 case BT_CONNECT2: 1154 iso_conn_defer_accept(pi->conn->hcon); 1155 sk->sk_state = BT_CONFIG; 1156 release_sock(sk); 1157 return 0; 1158 case BT_CONNECT: 1159 release_sock(sk); 1160 return iso_connect_cis(sk); 1161 default: 1162 release_sock(sk); 1163 break; 1164 } 1165 } 1166 1167 return bt_sock_recvmsg(sock, msg, len, flags); 1168 } 1169 1170 static bool check_io_qos(struct bt_iso_io_qos *qos) 1171 { 1172 /* If no PHY is enable SDU must be 0 */ 1173 if (!qos->phy && qos->sdu) 1174 return false; 1175 1176 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1177 return false; 1178 1179 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1180 return false; 1181 1182 if (qos->phy > BT_ISO_PHY_ANY) 1183 return false; 1184 1185 return true; 1186 } 1187 1188 static bool check_ucast_qos(struct bt_iso_qos *qos) 1189 { 1190 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET) 1191 return false; 1192 1193 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) 1194 return false; 1195 1196 if (qos->ucast.sca > 0x07) 1197 return false; 1198 1199 if (qos->ucast.packing > 0x01) 1200 return false; 1201 1202 if (qos->ucast.framing > 0x01) 1203 return false; 1204 1205 if (!check_io_qos(&qos->ucast.in)) 1206 return false; 1207 1208 if (!check_io_qos(&qos->ucast.out)) 1209 return false; 1210 1211 return true; 1212 } 1213 1214 static bool check_bcast_qos(struct bt_iso_qos *qos) 1215 { 1216 if (qos->bcast.sync_factor == 0x00) 1217 return false; 1218 1219 if (qos->bcast.packing > 0x01) 1220 return false; 1221 1222 if (qos->bcast.framing > 0x01) 1223 return false; 1224 1225 if (!check_io_qos(&qos->bcast.in)) 1226 return false; 1227 1228 if (!check_io_qos(&qos->bcast.out)) 1229 return false; 1230 1231 if (qos->bcast.encryption > 0x01) 1232 return false; 1233 1234 if (qos->bcast.options > 0x07) 1235 return false; 1236 1237 if (qos->bcast.skip > 0x01f3) 1238 return false; 1239 1240 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1241 return false; 1242 1243 if (qos->bcast.sync_cte_type > 0x1f) 1244 return false; 1245 1246 if (qos->bcast.mse > 0x1f) 1247 return false; 1248 1249 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1250 return false; 1251 1252 return true; 1253 } 1254 1255 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1256 sockptr_t optval, unsigned int optlen) 1257 { 1258 struct sock *sk = sock->sk; 1259 int len, err = 0; 1260 struct bt_iso_qos qos = default_qos; 1261 u32 opt; 1262 1263 BT_DBG("sk %p", sk); 1264 1265 lock_sock(sk); 1266 1267 switch (optname) { 1268 case BT_DEFER_SETUP: 1269 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1270 err = -EINVAL; 1271 break; 1272 } 1273 1274 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1275 err = -EFAULT; 1276 break; 1277 } 1278 1279 if (opt) 1280 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1281 else 1282 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1283 break; 1284 1285 case BT_PKT_STATUS: 1286 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1287 err = -EFAULT; 1288 break; 1289 } 1290 1291 if (opt) 1292 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1293 else 1294 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1295 break; 1296 1297 case BT_ISO_QOS: 1298 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1299 sk->sk_state != BT_CONNECT2) { 1300 err = -EINVAL; 1301 break; 1302 } 1303 1304 len = min_t(unsigned int, sizeof(qos), optlen); 1305 1306 if (copy_from_sockptr(&qos, optval, len)) { 1307 err = -EFAULT; 1308 break; 1309 } 1310 1311 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) { 1312 err = -EINVAL; 1313 break; 1314 } 1315 1316 iso_pi(sk)->qos = qos; 1317 iso_pi(sk)->qos_user_set = true; 1318 1319 break; 1320 1321 case BT_ISO_BASE: 1322 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1323 sk->sk_state != BT_CONNECT2) { 1324 err = -EINVAL; 1325 break; 1326 } 1327 1328 if (optlen > sizeof(iso_pi(sk)->base)) { 1329 err = -EOVERFLOW; 1330 break; 1331 } 1332 1333 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1334 1335 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1336 err = -EFAULT; 1337 break; 1338 } 1339 1340 iso_pi(sk)->base_len = len; 1341 1342 break; 1343 1344 default: 1345 err = -ENOPROTOOPT; 1346 break; 1347 } 1348 1349 release_sock(sk); 1350 return err; 1351 } 1352 1353 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1354 char __user *optval, int __user *optlen) 1355 { 1356 struct sock *sk = sock->sk; 1357 int len, err = 0; 1358 struct bt_iso_qos *qos; 1359 u8 base_len; 1360 u8 *base; 1361 1362 BT_DBG("sk %p", sk); 1363 1364 if (get_user(len, optlen)) 1365 return -EFAULT; 1366 1367 lock_sock(sk); 1368 1369 switch (optname) { 1370 case BT_DEFER_SETUP: 1371 if (sk->sk_state == BT_CONNECTED) { 1372 err = -EINVAL; 1373 break; 1374 } 1375 1376 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1377 (u32 __user *)optval)) 1378 err = -EFAULT; 1379 1380 break; 1381 1382 case BT_PKT_STATUS: 1383 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1384 (int __user *)optval)) 1385 err = -EFAULT; 1386 break; 1387 1388 case BT_ISO_QOS: 1389 qos = iso_sock_get_qos(sk); 1390 1391 len = min_t(unsigned int, len, sizeof(*qos)); 1392 if (copy_to_user(optval, qos, len)) 1393 err = -EFAULT; 1394 1395 break; 1396 1397 case BT_ISO_BASE: 1398 if (sk->sk_state == BT_CONNECTED) { 1399 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1400 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1401 } else { 1402 base_len = iso_pi(sk)->base_len; 1403 base = iso_pi(sk)->base; 1404 } 1405 1406 len = min_t(unsigned int, len, base_len); 1407 if (copy_to_user(optval, base, len)) 1408 err = -EFAULT; 1409 1410 break; 1411 1412 default: 1413 err = -ENOPROTOOPT; 1414 break; 1415 } 1416 1417 release_sock(sk); 1418 return err; 1419 } 1420 1421 static int iso_sock_shutdown(struct socket *sock, int how) 1422 { 1423 struct sock *sk = sock->sk; 1424 int err = 0; 1425 1426 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1427 1428 if (!sk) 1429 return 0; 1430 1431 sock_hold(sk); 1432 lock_sock(sk); 1433 1434 switch (how) { 1435 case SHUT_RD: 1436 if (sk->sk_shutdown & RCV_SHUTDOWN) 1437 goto unlock; 1438 sk->sk_shutdown |= RCV_SHUTDOWN; 1439 break; 1440 case SHUT_WR: 1441 if (sk->sk_shutdown & SEND_SHUTDOWN) 1442 goto unlock; 1443 sk->sk_shutdown |= SEND_SHUTDOWN; 1444 break; 1445 case SHUT_RDWR: 1446 if (sk->sk_shutdown & SHUTDOWN_MASK) 1447 goto unlock; 1448 sk->sk_shutdown |= SHUTDOWN_MASK; 1449 break; 1450 } 1451 1452 iso_sock_clear_timer(sk); 1453 __iso_sock_close(sk); 1454 1455 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1456 !(current->flags & PF_EXITING)) 1457 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1458 1459 unlock: 1460 release_sock(sk); 1461 sock_put(sk); 1462 1463 return err; 1464 } 1465 1466 static int iso_sock_release(struct socket *sock) 1467 { 1468 struct sock *sk = sock->sk; 1469 int err = 0; 1470 1471 BT_DBG("sock %p, sk %p", sock, sk); 1472 1473 if (!sk) 1474 return 0; 1475 1476 iso_sock_close(sk); 1477 1478 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1479 !(current->flags & PF_EXITING)) { 1480 lock_sock(sk); 1481 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1482 release_sock(sk); 1483 } 1484 1485 sock_orphan(sk); 1486 iso_sock_kill(sk); 1487 return err; 1488 } 1489 1490 static void iso_sock_ready(struct sock *sk) 1491 { 1492 BT_DBG("sk %p", sk); 1493 1494 if (!sk) 1495 return; 1496 1497 lock_sock(sk); 1498 iso_sock_clear_timer(sk); 1499 sk->sk_state = BT_CONNECTED; 1500 sk->sk_state_change(sk); 1501 release_sock(sk); 1502 } 1503 1504 struct iso_list_data { 1505 struct hci_conn *hcon; 1506 int count; 1507 }; 1508 1509 static bool iso_match_big(struct sock *sk, void *data) 1510 { 1511 struct hci_evt_le_big_sync_estabilished *ev = data; 1512 1513 return ev->handle == iso_pi(sk)->qos.bcast.big; 1514 } 1515 1516 static void iso_conn_ready(struct iso_conn *conn) 1517 { 1518 struct sock *parent; 1519 struct sock *sk = conn->sk; 1520 struct hci_ev_le_big_sync_estabilished *ev; 1521 struct hci_conn *hcon; 1522 1523 BT_DBG("conn %p", conn); 1524 1525 if (sk) { 1526 iso_sock_ready(conn->sk); 1527 } else { 1528 hcon = conn->hcon; 1529 if (!hcon) 1530 return; 1531 1532 ev = hci_recv_event_data(hcon->hdev, 1533 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1534 if (ev) 1535 parent = iso_get_sock_listen(&hcon->src, 1536 &hcon->dst, 1537 iso_match_big, ev); 1538 else 1539 parent = iso_get_sock_listen(&hcon->src, 1540 BDADDR_ANY, NULL, NULL); 1541 1542 if (!parent) 1543 return; 1544 1545 lock_sock(parent); 1546 1547 sk = iso_sock_alloc(sock_net(parent), NULL, 1548 BTPROTO_ISO, GFP_ATOMIC, 0); 1549 if (!sk) { 1550 release_sock(parent); 1551 return; 1552 } 1553 1554 iso_sock_init(sk, parent); 1555 1556 bacpy(&iso_pi(sk)->src, &hcon->src); 1557 iso_pi(sk)->src_type = hcon->src_type; 1558 1559 /* If hcon has no destination address (BDADDR_ANY) it means it 1560 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1561 * initialize using the parent socket destination address. 1562 */ 1563 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1564 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1565 hcon->dst_type = iso_pi(parent)->dst_type; 1566 hcon->sync_handle = iso_pi(parent)->sync_handle; 1567 } 1568 1569 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1570 iso_pi(sk)->dst_type = hcon->dst_type; 1571 1572 hci_conn_hold(hcon); 1573 iso_chan_add(conn, sk, parent); 1574 1575 if (ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) { 1576 /* Trigger error signal on child socket */ 1577 sk->sk_err = ECONNREFUSED; 1578 sk->sk_error_report(sk); 1579 } 1580 1581 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1582 sk->sk_state = BT_CONNECT2; 1583 else 1584 sk->sk_state = BT_CONNECTED; 1585 1586 /* Wake up parent */ 1587 parent->sk_data_ready(parent); 1588 1589 release_sock(parent); 1590 } 1591 } 1592 1593 static bool iso_match_sid(struct sock *sk, void *data) 1594 { 1595 struct hci_ev_le_pa_sync_established *ev = data; 1596 1597 return ev->sid == iso_pi(sk)->bc_sid; 1598 } 1599 1600 static bool iso_match_sync_handle(struct sock *sk, void *data) 1601 { 1602 struct hci_evt_le_big_info_adv_report *ev = data; 1603 1604 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1605 } 1606 1607 /* ----- ISO interface with lower layer (HCI) ----- */ 1608 1609 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1610 { 1611 struct hci_ev_le_pa_sync_established *ev1; 1612 struct hci_evt_le_big_info_adv_report *ev2; 1613 struct sock *sk; 1614 int lm = 0; 1615 1616 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1617 1618 /* Broadcast receiver requires handling of some events before it can 1619 * proceed to establishing a BIG sync: 1620 * 1621 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1622 * SID to listen to and once sync is estabilished its handle needs to 1623 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1624 * receiving the BIG Info. 1625 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1626 * a BIG Info it attempts to check if there any listening socket with 1627 * the same sync_handle and if it does then attempt to create a sync. 1628 */ 1629 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1630 if (ev1) { 1631 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1632 ev1); 1633 if (sk) 1634 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1635 1636 goto done; 1637 } 1638 1639 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1640 if (ev2) { 1641 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1642 iso_match_sync_handle, ev2); 1643 if (sk) { 1644 int err; 1645 1646 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1647 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1648 1649 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1650 err = hci_le_big_create_sync(hdev, 1651 &iso_pi(sk)->qos, 1652 iso_pi(sk)->sync_handle, 1653 iso_pi(sk)->bc_num_bis, 1654 iso_pi(sk)->bc_bis); 1655 if (err) { 1656 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1657 err); 1658 sk = NULL; 1659 } 1660 } 1661 } 1662 } else { 1663 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1664 } 1665 1666 done: 1667 if (!sk) 1668 return lm; 1669 1670 lm |= HCI_LM_ACCEPT; 1671 1672 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1673 *flags |= HCI_PROTO_DEFER; 1674 1675 return lm; 1676 } 1677 1678 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1679 { 1680 if (hcon->type != ISO_LINK) { 1681 if (hcon->type != LE_LINK) 1682 return; 1683 1684 /* Check if LE link has failed */ 1685 if (status) { 1686 struct hci_link *link, *t; 1687 1688 list_for_each_entry_safe(link, t, &hcon->link_list, 1689 list) 1690 iso_conn_del(link->conn, bt_to_errno(status)); 1691 1692 return; 1693 } 1694 1695 /* Create CIS if pending */ 1696 hci_le_create_cis_pending(hcon->hdev); 1697 return; 1698 } 1699 1700 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1701 1702 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED is set, 1703 * queue the failed bis connection into the accept queue of the 1704 * listening socket and wake up userspace, to inform the user about 1705 * the BIG sync failed event. 1706 */ 1707 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) { 1708 struct iso_conn *conn; 1709 1710 conn = iso_conn_add(hcon); 1711 if (conn) 1712 iso_conn_ready(conn); 1713 } else { 1714 iso_conn_del(hcon, bt_to_errno(status)); 1715 } 1716 } 1717 1718 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1719 { 1720 if (hcon->type != ISO_LINK) 1721 return; 1722 1723 BT_DBG("hcon %p reason %d", hcon, reason); 1724 1725 iso_conn_del(hcon, bt_to_errno(reason)); 1726 } 1727 1728 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1729 { 1730 struct iso_conn *conn = hcon->iso_data; 1731 __u16 pb, ts, len; 1732 1733 if (!conn) 1734 goto drop; 1735 1736 pb = hci_iso_flags_pb(flags); 1737 ts = hci_iso_flags_ts(flags); 1738 1739 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1740 1741 switch (pb) { 1742 case ISO_START: 1743 case ISO_SINGLE: 1744 if (conn->rx_len) { 1745 BT_ERR("Unexpected start frame (len %d)", skb->len); 1746 kfree_skb(conn->rx_skb); 1747 conn->rx_skb = NULL; 1748 conn->rx_len = 0; 1749 } 1750 1751 if (ts) { 1752 struct hci_iso_ts_data_hdr *hdr; 1753 1754 /* TODO: add timestamp to the packet? */ 1755 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1756 if (!hdr) { 1757 BT_ERR("Frame is too short (len %d)", skb->len); 1758 goto drop; 1759 } 1760 1761 len = __le16_to_cpu(hdr->slen); 1762 } else { 1763 struct hci_iso_data_hdr *hdr; 1764 1765 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1766 if (!hdr) { 1767 BT_ERR("Frame is too short (len %d)", skb->len); 1768 goto drop; 1769 } 1770 1771 len = __le16_to_cpu(hdr->slen); 1772 } 1773 1774 flags = hci_iso_data_flags(len); 1775 len = hci_iso_data_len(len); 1776 1777 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1778 skb->len, flags); 1779 1780 if (len == skb->len) { 1781 /* Complete frame received */ 1782 hci_skb_pkt_status(skb) = flags & 0x03; 1783 iso_recv_frame(conn, skb); 1784 return; 1785 } 1786 1787 if (pb == ISO_SINGLE) { 1788 BT_ERR("Frame malformed (len %d, expected len %d)", 1789 skb->len, len); 1790 goto drop; 1791 } 1792 1793 if (skb->len > len) { 1794 BT_ERR("Frame is too long (len %d, expected len %d)", 1795 skb->len, len); 1796 goto drop; 1797 } 1798 1799 /* Allocate skb for the complete frame (with header) */ 1800 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1801 if (!conn->rx_skb) 1802 goto drop; 1803 1804 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03; 1805 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1806 skb->len); 1807 conn->rx_len = len - skb->len; 1808 break; 1809 1810 case ISO_CONT: 1811 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1812 conn->rx_len); 1813 1814 if (!conn->rx_len) { 1815 BT_ERR("Unexpected continuation frame (len %d)", 1816 skb->len); 1817 goto drop; 1818 } 1819 1820 if (skb->len > conn->rx_len) { 1821 BT_ERR("Fragment is too long (len %d, expected %d)", 1822 skb->len, conn->rx_len); 1823 kfree_skb(conn->rx_skb); 1824 conn->rx_skb = NULL; 1825 conn->rx_len = 0; 1826 goto drop; 1827 } 1828 1829 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1830 skb->len); 1831 conn->rx_len -= skb->len; 1832 return; 1833 1834 case ISO_END: 1835 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1836 skb->len); 1837 conn->rx_len -= skb->len; 1838 1839 if (!conn->rx_len) { 1840 struct sk_buff *rx_skb = conn->rx_skb; 1841 1842 /* Complete frame received. iso_recv_frame 1843 * takes ownership of the skb so set the global 1844 * rx_skb pointer to NULL first. 1845 */ 1846 conn->rx_skb = NULL; 1847 iso_recv_frame(conn, rx_skb); 1848 } 1849 break; 1850 } 1851 1852 drop: 1853 kfree_skb(skb); 1854 } 1855 1856 static struct hci_cb iso_cb = { 1857 .name = "ISO", 1858 .connect_cfm = iso_connect_cfm, 1859 .disconn_cfm = iso_disconn_cfm, 1860 }; 1861 1862 static int iso_debugfs_show(struct seq_file *f, void *p) 1863 { 1864 struct sock *sk; 1865 1866 read_lock(&iso_sk_list.lock); 1867 1868 sk_for_each(sk, &iso_sk_list.head) { 1869 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1870 &iso_pi(sk)->dst, sk->sk_state); 1871 } 1872 1873 read_unlock(&iso_sk_list.lock); 1874 1875 return 0; 1876 } 1877 1878 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1879 1880 static struct dentry *iso_debugfs; 1881 1882 static const struct proto_ops iso_sock_ops = { 1883 .family = PF_BLUETOOTH, 1884 .owner = THIS_MODULE, 1885 .release = iso_sock_release, 1886 .bind = iso_sock_bind, 1887 .connect = iso_sock_connect, 1888 .listen = iso_sock_listen, 1889 .accept = iso_sock_accept, 1890 .getname = iso_sock_getname, 1891 .sendmsg = iso_sock_sendmsg, 1892 .recvmsg = iso_sock_recvmsg, 1893 .poll = bt_sock_poll, 1894 .ioctl = bt_sock_ioctl, 1895 .mmap = sock_no_mmap, 1896 .socketpair = sock_no_socketpair, 1897 .shutdown = iso_sock_shutdown, 1898 .setsockopt = iso_sock_setsockopt, 1899 .getsockopt = iso_sock_getsockopt 1900 }; 1901 1902 static const struct net_proto_family iso_sock_family_ops = { 1903 .family = PF_BLUETOOTH, 1904 .owner = THIS_MODULE, 1905 .create = iso_sock_create, 1906 }; 1907 1908 static bool iso_inited; 1909 1910 bool iso_enabled(void) 1911 { 1912 return iso_inited; 1913 } 1914 1915 int iso_init(void) 1916 { 1917 int err; 1918 1919 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1920 1921 if (iso_inited) 1922 return -EALREADY; 1923 1924 err = proto_register(&iso_proto, 0); 1925 if (err < 0) 1926 return err; 1927 1928 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1929 if (err < 0) { 1930 BT_ERR("ISO socket registration failed"); 1931 goto error; 1932 } 1933 1934 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1935 if (err < 0) { 1936 BT_ERR("Failed to create ISO proc file"); 1937 bt_sock_unregister(BTPROTO_ISO); 1938 goto error; 1939 } 1940 1941 BT_INFO("ISO socket layer initialized"); 1942 1943 hci_register_cb(&iso_cb); 1944 1945 if (IS_ERR_OR_NULL(bt_debugfs)) 1946 return 0; 1947 1948 if (!iso_debugfs) { 1949 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1950 NULL, &iso_debugfs_fops); 1951 } 1952 1953 iso_inited = true; 1954 1955 return 0; 1956 1957 error: 1958 proto_unregister(&iso_proto); 1959 return err; 1960 } 1961 1962 int iso_exit(void) 1963 { 1964 if (!iso_inited) 1965 return -EALREADY; 1966 1967 bt_procfs_cleanup(&init_net, "iso"); 1968 1969 debugfs_remove(iso_debugfs); 1970 iso_debugfs = NULL; 1971 1972 hci_unregister_cb(&iso_cb); 1973 1974 bt_sock_unregister(BTPROTO_ISO); 1975 1976 proto_unregister(&iso_proto); 1977 1978 iso_inited = false; 1979 1980 return 0; 1981 } 1982