1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023 NXP 7 */ 8 9 #include <linux/module.h> 10 #include <linux/debugfs.h> 11 #include <linux/seq_file.h> 12 #include <linux/sched/signal.h> 13 14 #include <net/bluetooth/bluetooth.h> 15 #include <net/bluetooth/hci_core.h> 16 #include <net/bluetooth/iso.h> 17 18 static const struct proto_ops iso_sock_ops; 19 20 static struct bt_sock_list iso_sk_list = { 21 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 22 }; 23 24 /* ---- ISO connections ---- */ 25 struct iso_conn { 26 struct hci_conn *hcon; 27 28 /* @lock: spinlock protecting changes to iso_conn fields */ 29 spinlock_t lock; 30 struct sock *sk; 31 32 struct delayed_work timeout_work; 33 34 struct sk_buff *rx_skb; 35 __u32 rx_len; 36 __u16 tx_sn; 37 }; 38 39 #define iso_conn_lock(c) spin_lock(&(c)->lock) 40 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 41 42 static void iso_sock_close(struct sock *sk); 43 static void iso_sock_kill(struct sock *sk); 44 45 /* ----- ISO socket info ----- */ 46 #define iso_pi(sk) ((struct iso_pinfo *)sk) 47 48 #define EIR_SERVICE_DATA_LENGTH 4 49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 50 51 struct iso_pinfo { 52 struct bt_sock bt; 53 bdaddr_t src; 54 __u8 src_type; 55 bdaddr_t dst; 56 __u8 dst_type; 57 __u8 bc_sid; 58 __u8 bc_num_bis; 59 __u8 bc_bis[ISO_MAX_NUM_BIS]; 60 __u16 sync_handle; 61 __u32 flags; 62 struct bt_iso_qos qos; 63 bool qos_user_set; 64 __u8 base_len; 65 __u8 base[BASE_MAX_LENGTH]; 66 struct iso_conn *conn; 67 }; 68 69 static struct bt_iso_qos default_qos; 70 71 static bool check_ucast_qos(struct bt_iso_qos *qos); 72 static bool check_bcast_qos(struct bt_iso_qos *qos); 73 74 /* ---- ISO timers ---- */ 75 #define ISO_CONN_TIMEOUT (HZ * 40) 76 #define ISO_DISCONN_TIMEOUT (HZ * 2) 77 78 static void iso_sock_timeout(struct work_struct *work) 79 { 80 struct iso_conn *conn = container_of(work, struct iso_conn, 81 timeout_work.work); 82 struct sock *sk; 83 84 iso_conn_lock(conn); 85 sk = conn->sk; 86 if (sk) 87 sock_hold(sk); 88 iso_conn_unlock(conn); 89 90 if (!sk) 91 return; 92 93 BT_DBG("sock %p state %d", sk, sk->sk_state); 94 95 lock_sock(sk); 96 sk->sk_err = ETIMEDOUT; 97 sk->sk_state_change(sk); 98 release_sock(sk); 99 sock_put(sk); 100 } 101 102 static void iso_sock_set_timer(struct sock *sk, long timeout) 103 { 104 if (!iso_pi(sk)->conn) 105 return; 106 107 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 108 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 109 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 110 } 111 112 static void iso_sock_clear_timer(struct sock *sk) 113 { 114 if (!iso_pi(sk)->conn) 115 return; 116 117 BT_DBG("sock %p state %d", sk, sk->sk_state); 118 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 119 } 120 121 /* ---- ISO connections ---- */ 122 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 123 { 124 struct iso_conn *conn = hcon->iso_data; 125 126 if (conn) { 127 if (!conn->hcon) 128 conn->hcon = hcon; 129 return conn; 130 } 131 132 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 133 if (!conn) 134 return NULL; 135 136 spin_lock_init(&conn->lock); 137 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 138 139 hcon->iso_data = conn; 140 conn->hcon = hcon; 141 conn->tx_sn = 0; 142 143 BT_DBG("hcon %p conn %p", hcon, conn); 144 145 return conn; 146 } 147 148 /* Delete channel. Must be called on the locked socket. */ 149 static void iso_chan_del(struct sock *sk, int err) 150 { 151 struct iso_conn *conn; 152 struct sock *parent; 153 154 conn = iso_pi(sk)->conn; 155 156 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 157 158 if (conn) { 159 iso_conn_lock(conn); 160 conn->sk = NULL; 161 iso_pi(sk)->conn = NULL; 162 iso_conn_unlock(conn); 163 164 if (conn->hcon) 165 hci_conn_drop(conn->hcon); 166 } 167 168 sk->sk_state = BT_CLOSED; 169 sk->sk_err = err; 170 171 parent = bt_sk(sk)->parent; 172 if (parent) { 173 bt_accept_unlink(sk); 174 parent->sk_data_ready(parent); 175 } else { 176 sk->sk_state_change(sk); 177 } 178 179 sock_set_flag(sk, SOCK_ZAPPED); 180 } 181 182 static void iso_conn_del(struct hci_conn *hcon, int err) 183 { 184 struct iso_conn *conn = hcon->iso_data; 185 struct sock *sk; 186 187 if (!conn) 188 return; 189 190 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 191 192 /* Kill socket */ 193 iso_conn_lock(conn); 194 sk = conn->sk; 195 if (sk) 196 sock_hold(sk); 197 iso_conn_unlock(conn); 198 199 if (sk) { 200 lock_sock(sk); 201 iso_sock_clear_timer(sk); 202 iso_chan_del(sk, err); 203 release_sock(sk); 204 sock_put(sk); 205 } 206 207 /* Ensure no more work items will run before freeing conn. */ 208 cancel_delayed_work_sync(&conn->timeout_work); 209 210 hcon->iso_data = NULL; 211 kfree(conn); 212 } 213 214 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 215 struct sock *parent) 216 { 217 BT_DBG("conn %p", conn); 218 219 if (iso_pi(sk)->conn == conn && conn->sk == sk) 220 return 0; 221 222 if (conn->sk) { 223 BT_ERR("conn->sk already set"); 224 return -EBUSY; 225 } 226 227 iso_pi(sk)->conn = conn; 228 conn->sk = sk; 229 230 if (parent) 231 bt_accept_enqueue(parent, sk, true); 232 233 return 0; 234 } 235 236 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 237 struct sock *parent) 238 { 239 int err; 240 241 iso_conn_lock(conn); 242 err = __iso_chan_add(conn, sk, parent); 243 iso_conn_unlock(conn); 244 245 return err; 246 } 247 248 static inline u8 le_addr_type(u8 bdaddr_type) 249 { 250 if (bdaddr_type == BDADDR_LE_PUBLIC) 251 return ADDR_LE_DEV_PUBLIC; 252 else 253 return ADDR_LE_DEV_RANDOM; 254 } 255 256 static int iso_connect_bis(struct sock *sk) 257 { 258 struct iso_conn *conn; 259 struct hci_conn *hcon; 260 struct hci_dev *hdev; 261 int err; 262 263 BT_DBG("%pMR", &iso_pi(sk)->src); 264 265 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 266 iso_pi(sk)->src_type); 267 if (!hdev) 268 return -EHOSTUNREACH; 269 270 hci_dev_lock(hdev); 271 272 if (!bis_capable(hdev)) { 273 err = -EOPNOTSUPP; 274 goto unlock; 275 } 276 277 /* Fail if user set invalid QoS */ 278 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 279 iso_pi(sk)->qos = default_qos; 280 err = -EINVAL; 281 goto unlock; 282 } 283 284 /* Fail if out PHYs are marked as disabled */ 285 if (!iso_pi(sk)->qos.bcast.out.phy) { 286 err = -EINVAL; 287 goto unlock; 288 } 289 290 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 291 le_addr_type(iso_pi(sk)->dst_type), 292 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 293 iso_pi(sk)->base); 294 if (IS_ERR(hcon)) { 295 err = PTR_ERR(hcon); 296 goto unlock; 297 } 298 299 conn = iso_conn_add(hcon); 300 if (!conn) { 301 hci_conn_drop(hcon); 302 err = -ENOMEM; 303 goto unlock; 304 } 305 306 lock_sock(sk); 307 308 err = iso_chan_add(conn, sk, NULL); 309 if (err) { 310 release_sock(sk); 311 goto unlock; 312 } 313 314 /* Update source addr of the socket */ 315 bacpy(&iso_pi(sk)->src, &hcon->src); 316 317 if (hcon->state == BT_CONNECTED) { 318 iso_sock_clear_timer(sk); 319 sk->sk_state = BT_CONNECTED; 320 } else { 321 sk->sk_state = BT_CONNECT; 322 iso_sock_set_timer(sk, sk->sk_sndtimeo); 323 } 324 325 release_sock(sk); 326 327 unlock: 328 hci_dev_unlock(hdev); 329 hci_dev_put(hdev); 330 return err; 331 } 332 333 static int iso_connect_cis(struct sock *sk) 334 { 335 struct iso_conn *conn; 336 struct hci_conn *hcon; 337 struct hci_dev *hdev; 338 int err; 339 340 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 341 342 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 343 iso_pi(sk)->src_type); 344 if (!hdev) 345 return -EHOSTUNREACH; 346 347 hci_dev_lock(hdev); 348 349 if (!cis_central_capable(hdev)) { 350 err = -EOPNOTSUPP; 351 goto unlock; 352 } 353 354 /* Fail if user set invalid QoS */ 355 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 356 iso_pi(sk)->qos = default_qos; 357 err = -EINVAL; 358 goto unlock; 359 } 360 361 /* Fail if either PHYs are marked as disabled */ 362 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 363 err = -EINVAL; 364 goto unlock; 365 } 366 367 /* Just bind if DEFER_SETUP has been set */ 368 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 369 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 370 le_addr_type(iso_pi(sk)->dst_type), 371 &iso_pi(sk)->qos); 372 if (IS_ERR(hcon)) { 373 err = PTR_ERR(hcon); 374 goto unlock; 375 } 376 } else { 377 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 378 le_addr_type(iso_pi(sk)->dst_type), 379 &iso_pi(sk)->qos); 380 if (IS_ERR(hcon)) { 381 err = PTR_ERR(hcon); 382 goto unlock; 383 } 384 } 385 386 conn = iso_conn_add(hcon); 387 if (!conn) { 388 hci_conn_drop(hcon); 389 err = -ENOMEM; 390 goto unlock; 391 } 392 393 lock_sock(sk); 394 395 err = iso_chan_add(conn, sk, NULL); 396 if (err) { 397 release_sock(sk); 398 goto unlock; 399 } 400 401 /* Update source addr of the socket */ 402 bacpy(&iso_pi(sk)->src, &hcon->src); 403 404 if (hcon->state == BT_CONNECTED) { 405 iso_sock_clear_timer(sk); 406 sk->sk_state = BT_CONNECTED; 407 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 408 iso_sock_clear_timer(sk); 409 sk->sk_state = BT_CONNECT; 410 } else { 411 sk->sk_state = BT_CONNECT; 412 iso_sock_set_timer(sk, sk->sk_sndtimeo); 413 } 414 415 release_sock(sk); 416 417 unlock: 418 hci_dev_unlock(hdev); 419 hci_dev_put(hdev); 420 return err; 421 } 422 423 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 424 { 425 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 426 return &iso_pi(sk)->conn->hcon->iso_qos; 427 428 return &iso_pi(sk)->qos; 429 } 430 431 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 432 { 433 struct iso_conn *conn = iso_pi(sk)->conn; 434 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 435 struct hci_iso_data_hdr *hdr; 436 int len = 0; 437 438 BT_DBG("sk %p len %d", sk, skb->len); 439 440 if (skb->len > qos->ucast.out.sdu) 441 return -EMSGSIZE; 442 443 len = skb->len; 444 445 /* Push ISO data header */ 446 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 447 hdr->sn = cpu_to_le16(conn->tx_sn++); 448 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 449 HCI_ISO_STATUS_VALID)); 450 451 if (sk->sk_state == BT_CONNECTED) 452 hci_send_iso(conn->hcon, skb); 453 else 454 len = -ENOTCONN; 455 456 return len; 457 } 458 459 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 460 { 461 struct sock *sk; 462 463 iso_conn_lock(conn); 464 sk = conn->sk; 465 iso_conn_unlock(conn); 466 467 if (!sk) 468 goto drop; 469 470 BT_DBG("sk %p len %d", sk, skb->len); 471 472 if (sk->sk_state != BT_CONNECTED) 473 goto drop; 474 475 if (!sock_queue_rcv_skb(sk, skb)) 476 return; 477 478 drop: 479 kfree_skb(skb); 480 } 481 482 /* -------- Socket interface ---------- */ 483 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 484 { 485 struct sock *sk; 486 487 sk_for_each(sk, &iso_sk_list.head) { 488 if (sk->sk_state != BT_LISTEN) 489 continue; 490 491 if (!bacmp(&iso_pi(sk)->src, ba)) 492 return sk; 493 } 494 495 return NULL; 496 } 497 498 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 499 __u8 sid) 500 { 501 struct sock *sk; 502 503 sk_for_each(sk, &iso_sk_list.head) { 504 if (sk->sk_state != BT_LISTEN) 505 continue; 506 507 if (bacmp(&iso_pi(sk)->src, ba)) 508 continue; 509 510 if (bacmp(&iso_pi(sk)->dst, bc)) 511 continue; 512 513 if (iso_pi(sk)->bc_sid == sid) 514 return sk; 515 } 516 517 return NULL; 518 } 519 520 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 521 522 /* Find socket listening: 523 * source bdaddr (Unicast) 524 * destination bdaddr (Broadcast only) 525 * match func - pass NULL to ignore 526 * match func data - pass -1 to ignore 527 * Returns closest match. 528 */ 529 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 530 iso_sock_match_t match, void *data) 531 { 532 struct sock *sk = NULL, *sk1 = NULL; 533 534 read_lock(&iso_sk_list.lock); 535 536 sk_for_each(sk, &iso_sk_list.head) { 537 if (sk->sk_state != BT_LISTEN) 538 continue; 539 540 /* Match Broadcast destination */ 541 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 542 continue; 543 544 /* Use Match function if provided */ 545 if (match && !match(sk, data)) 546 continue; 547 548 /* Exact match. */ 549 if (!bacmp(&iso_pi(sk)->src, src)) 550 break; 551 552 /* Closest match */ 553 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 554 sk1 = sk; 555 } 556 557 read_unlock(&iso_sk_list.lock); 558 559 return sk ? sk : sk1; 560 } 561 562 static void iso_sock_destruct(struct sock *sk) 563 { 564 BT_DBG("sk %p", sk); 565 566 skb_queue_purge(&sk->sk_receive_queue); 567 skb_queue_purge(&sk->sk_write_queue); 568 } 569 570 static void iso_sock_cleanup_listen(struct sock *parent) 571 { 572 struct sock *sk; 573 574 BT_DBG("parent %p", parent); 575 576 /* Close not yet accepted channels */ 577 while ((sk = bt_accept_dequeue(parent, NULL))) { 578 iso_sock_close(sk); 579 iso_sock_kill(sk); 580 } 581 582 parent->sk_state = BT_CLOSED; 583 sock_set_flag(parent, SOCK_ZAPPED); 584 } 585 586 /* Kill socket (only if zapped and orphan) 587 * Must be called on unlocked socket. 588 */ 589 static void iso_sock_kill(struct sock *sk) 590 { 591 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 592 sock_flag(sk, SOCK_DEAD)) 593 return; 594 595 BT_DBG("sk %p state %d", sk, sk->sk_state); 596 597 /* Kill poor orphan */ 598 bt_sock_unlink(&iso_sk_list, sk); 599 sock_set_flag(sk, SOCK_DEAD); 600 sock_put(sk); 601 } 602 603 static void iso_conn_defer_reject(struct hci_conn *conn) 604 { 605 struct hci_cp_le_reject_cis cp; 606 607 BT_DBG("conn %p", conn); 608 609 memset(&cp, 0, sizeof(cp)); 610 cp.handle = cpu_to_le16(conn->handle); 611 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 612 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 613 } 614 615 static void __iso_sock_close(struct sock *sk) 616 { 617 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 618 619 switch (sk->sk_state) { 620 case BT_LISTEN: 621 iso_sock_cleanup_listen(sk); 622 break; 623 624 case BT_CONNECTED: 625 case BT_CONFIG: 626 if (iso_pi(sk)->conn->hcon) { 627 sk->sk_state = BT_DISCONN; 628 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 629 iso_conn_lock(iso_pi(sk)->conn); 630 hci_conn_drop(iso_pi(sk)->conn->hcon); 631 iso_pi(sk)->conn->hcon = NULL; 632 iso_conn_unlock(iso_pi(sk)->conn); 633 } else { 634 iso_chan_del(sk, ECONNRESET); 635 } 636 break; 637 638 case BT_CONNECT2: 639 if (iso_pi(sk)->conn->hcon) 640 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 641 iso_chan_del(sk, ECONNRESET); 642 break; 643 case BT_CONNECT: 644 /* In case of DEFER_SETUP the hcon would be bound to CIG which 645 * needs to be removed so just call hci_conn_del so the cleanup 646 * callback do what is needed. 647 */ 648 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 649 iso_pi(sk)->conn->hcon) { 650 hci_conn_del(iso_pi(sk)->conn->hcon); 651 iso_pi(sk)->conn->hcon = NULL; 652 } 653 654 iso_chan_del(sk, ECONNRESET); 655 break; 656 case BT_DISCONN: 657 iso_chan_del(sk, ECONNRESET); 658 break; 659 660 default: 661 sock_set_flag(sk, SOCK_ZAPPED); 662 break; 663 } 664 } 665 666 /* Must be called on unlocked socket. */ 667 static void iso_sock_close(struct sock *sk) 668 { 669 iso_sock_clear_timer(sk); 670 lock_sock(sk); 671 __iso_sock_close(sk); 672 release_sock(sk); 673 iso_sock_kill(sk); 674 } 675 676 static void iso_sock_init(struct sock *sk, struct sock *parent) 677 { 678 BT_DBG("sk %p", sk); 679 680 if (parent) { 681 sk->sk_type = parent->sk_type; 682 bt_sk(sk)->flags = bt_sk(parent)->flags; 683 security_sk_clone(parent, sk); 684 } 685 } 686 687 static struct proto iso_proto = { 688 .name = "ISO", 689 .owner = THIS_MODULE, 690 .obj_size = sizeof(struct iso_pinfo) 691 }; 692 693 #define DEFAULT_IO_QOS \ 694 { \ 695 .interval = 10000u, \ 696 .latency = 10u, \ 697 .sdu = 40u, \ 698 .phy = BT_ISO_PHY_2M, \ 699 .rtn = 2u, \ 700 } 701 702 static struct bt_iso_qos default_qos = { 703 .bcast = { 704 .big = BT_ISO_QOS_BIG_UNSET, 705 .bis = BT_ISO_QOS_BIS_UNSET, 706 .sync_factor = 0x01, 707 .packing = 0x00, 708 .framing = 0x00, 709 .in = DEFAULT_IO_QOS, 710 .out = DEFAULT_IO_QOS, 711 .encryption = 0x00, 712 .bcode = {0x00}, 713 .options = 0x00, 714 .skip = 0x0000, 715 .sync_timeout = 0x4000, 716 .sync_cte_type = 0x00, 717 .mse = 0x00, 718 .timeout = 0x4000, 719 }, 720 }; 721 722 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 723 int proto, gfp_t prio, int kern) 724 { 725 struct sock *sk; 726 727 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 728 if (!sk) 729 return NULL; 730 731 sock_init_data(sock, sk); 732 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 733 734 sk->sk_destruct = iso_sock_destruct; 735 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 736 737 sock_reset_flag(sk, SOCK_ZAPPED); 738 739 sk->sk_protocol = proto; 740 sk->sk_state = BT_OPEN; 741 742 /* Set address type as public as default src address is BDADDR_ANY */ 743 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 744 745 iso_pi(sk)->qos = default_qos; 746 747 bt_sock_link(&iso_sk_list, sk); 748 return sk; 749 } 750 751 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 752 int kern) 753 { 754 struct sock *sk; 755 756 BT_DBG("sock %p", sock); 757 758 sock->state = SS_UNCONNECTED; 759 760 if (sock->type != SOCK_SEQPACKET) 761 return -ESOCKTNOSUPPORT; 762 763 sock->ops = &iso_sock_ops; 764 765 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 766 if (!sk) 767 return -ENOMEM; 768 769 iso_sock_init(sk, NULL); 770 return 0; 771 } 772 773 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 774 int addr_len) 775 { 776 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 777 struct sock *sk = sock->sk; 778 int i; 779 780 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 781 sa->iso_bc->bc_num_bis); 782 783 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 784 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 785 return -EINVAL; 786 787 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 788 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 789 iso_pi(sk)->sync_handle = -1; 790 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 791 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 792 793 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 794 if (sa->iso_bc->bc_bis[i] < 0x01 || 795 sa->iso_bc->bc_bis[i] > 0x1f) 796 return -EINVAL; 797 798 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 799 iso_pi(sk)->bc_num_bis); 800 } 801 802 return 0; 803 } 804 805 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 806 int addr_len) 807 { 808 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 809 struct sock *sk = sock->sk; 810 int err = 0; 811 812 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 813 814 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 815 addr->sa_family != AF_BLUETOOTH) 816 return -EINVAL; 817 818 lock_sock(sk); 819 820 if (sk->sk_state != BT_OPEN) { 821 err = -EBADFD; 822 goto done; 823 } 824 825 if (sk->sk_type != SOCK_SEQPACKET) { 826 err = -EINVAL; 827 goto done; 828 } 829 830 /* Check if the address type is of LE type */ 831 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 832 err = -EINVAL; 833 goto done; 834 } 835 836 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 837 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 838 839 /* Check for Broadcast address */ 840 if (addr_len > sizeof(*sa)) { 841 err = iso_sock_bind_bc(sock, addr, addr_len); 842 if (err) 843 goto done; 844 } 845 846 sk->sk_state = BT_BOUND; 847 848 done: 849 release_sock(sk); 850 return err; 851 } 852 853 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 854 int alen, int flags) 855 { 856 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 857 struct sock *sk = sock->sk; 858 int err; 859 860 BT_DBG("sk %p", sk); 861 862 if (alen < sizeof(struct sockaddr_iso) || 863 addr->sa_family != AF_BLUETOOTH) 864 return -EINVAL; 865 866 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 867 return -EBADFD; 868 869 if (sk->sk_type != SOCK_SEQPACKET) 870 return -EINVAL; 871 872 /* Check if the address type is of LE type */ 873 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 874 return -EINVAL; 875 876 lock_sock(sk); 877 878 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 879 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 880 881 release_sock(sk); 882 883 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 884 err = iso_connect_cis(sk); 885 else 886 err = iso_connect_bis(sk); 887 888 if (err) 889 return err; 890 891 lock_sock(sk); 892 893 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 894 err = bt_sock_wait_state(sk, BT_CONNECTED, 895 sock_sndtimeo(sk, flags & O_NONBLOCK)); 896 } 897 898 release_sock(sk); 899 return err; 900 } 901 902 static int iso_listen_bis(struct sock *sk) 903 { 904 struct hci_dev *hdev; 905 int err = 0; 906 907 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 908 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 909 910 write_lock(&iso_sk_list.lock); 911 912 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 913 iso_pi(sk)->bc_sid)) 914 err = -EADDRINUSE; 915 916 write_unlock(&iso_sk_list.lock); 917 918 if (err) 919 return err; 920 921 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 922 iso_pi(sk)->src_type); 923 if (!hdev) 924 return -EHOSTUNREACH; 925 926 /* Fail if user set invalid QoS */ 927 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 928 iso_pi(sk)->qos = default_qos; 929 return -EINVAL; 930 } 931 932 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 933 le_addr_type(iso_pi(sk)->dst_type), 934 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 935 936 hci_dev_put(hdev); 937 938 return err; 939 } 940 941 static int iso_listen_cis(struct sock *sk) 942 { 943 int err = 0; 944 945 BT_DBG("%pMR", &iso_pi(sk)->src); 946 947 write_lock(&iso_sk_list.lock); 948 949 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 950 err = -EADDRINUSE; 951 952 write_unlock(&iso_sk_list.lock); 953 954 return err; 955 } 956 957 static int iso_sock_listen(struct socket *sock, int backlog) 958 { 959 struct sock *sk = sock->sk; 960 int err = 0; 961 962 BT_DBG("sk %p backlog %d", sk, backlog); 963 964 lock_sock(sk); 965 966 if (sk->sk_state != BT_BOUND) { 967 err = -EBADFD; 968 goto done; 969 } 970 971 if (sk->sk_type != SOCK_SEQPACKET) { 972 err = -EINVAL; 973 goto done; 974 } 975 976 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 977 err = iso_listen_cis(sk); 978 else 979 err = iso_listen_bis(sk); 980 981 if (err) 982 goto done; 983 984 sk->sk_max_ack_backlog = backlog; 985 sk->sk_ack_backlog = 0; 986 987 sk->sk_state = BT_LISTEN; 988 989 done: 990 release_sock(sk); 991 return err; 992 } 993 994 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 995 int flags, bool kern) 996 { 997 DEFINE_WAIT_FUNC(wait, woken_wake_function); 998 struct sock *sk = sock->sk, *ch; 999 long timeo; 1000 int err = 0; 1001 1002 lock_sock(sk); 1003 1004 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 1005 1006 BT_DBG("sk %p timeo %ld", sk, timeo); 1007 1008 /* Wait for an incoming connection. (wake-one). */ 1009 add_wait_queue_exclusive(sk_sleep(sk), &wait); 1010 while (1) { 1011 if (sk->sk_state != BT_LISTEN) { 1012 err = -EBADFD; 1013 break; 1014 } 1015 1016 ch = bt_accept_dequeue(sk, newsock); 1017 if (ch) 1018 break; 1019 1020 if (!timeo) { 1021 err = -EAGAIN; 1022 break; 1023 } 1024 1025 if (signal_pending(current)) { 1026 err = sock_intr_errno(timeo); 1027 break; 1028 } 1029 1030 release_sock(sk); 1031 1032 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1033 lock_sock(sk); 1034 } 1035 remove_wait_queue(sk_sleep(sk), &wait); 1036 1037 if (err) 1038 goto done; 1039 1040 newsock->state = SS_CONNECTED; 1041 1042 BT_DBG("new socket %p", ch); 1043 1044 done: 1045 release_sock(sk); 1046 return err; 1047 } 1048 1049 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1050 int peer) 1051 { 1052 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1053 struct sock *sk = sock->sk; 1054 1055 BT_DBG("sock %p, sk %p", sock, sk); 1056 1057 addr->sa_family = AF_BLUETOOTH; 1058 1059 if (peer) { 1060 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1061 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1062 } else { 1063 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1064 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1065 } 1066 1067 return sizeof(struct sockaddr_iso); 1068 } 1069 1070 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1071 size_t len) 1072 { 1073 struct sock *sk = sock->sk; 1074 struct sk_buff *skb, **frag; 1075 size_t mtu; 1076 int err; 1077 1078 BT_DBG("sock %p, sk %p", sock, sk); 1079 1080 err = sock_error(sk); 1081 if (err) 1082 return err; 1083 1084 if (msg->msg_flags & MSG_OOB) 1085 return -EOPNOTSUPP; 1086 1087 lock_sock(sk); 1088 1089 if (sk->sk_state != BT_CONNECTED) { 1090 release_sock(sk); 1091 return -ENOTCONN; 1092 } 1093 1094 mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; 1095 1096 release_sock(sk); 1097 1098 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0); 1099 if (IS_ERR(skb)) 1100 return PTR_ERR(skb); 1101 1102 len -= skb->len; 1103 1104 BT_DBG("skb %p len %d", sk, skb->len); 1105 1106 /* Continuation fragments */ 1107 frag = &skb_shinfo(skb)->frag_list; 1108 while (len) { 1109 struct sk_buff *tmp; 1110 1111 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0); 1112 if (IS_ERR(tmp)) { 1113 kfree_skb(skb); 1114 return PTR_ERR(tmp); 1115 } 1116 1117 *frag = tmp; 1118 1119 len -= tmp->len; 1120 1121 skb->len += tmp->len; 1122 skb->data_len += tmp->len; 1123 1124 BT_DBG("frag %p len %d", *frag, tmp->len); 1125 1126 frag = &(*frag)->next; 1127 } 1128 1129 lock_sock(sk); 1130 1131 if (sk->sk_state == BT_CONNECTED) 1132 err = iso_send_frame(sk, skb); 1133 else 1134 err = -ENOTCONN; 1135 1136 release_sock(sk); 1137 1138 if (err < 0) 1139 kfree_skb(skb); 1140 return err; 1141 } 1142 1143 static void iso_conn_defer_accept(struct hci_conn *conn) 1144 { 1145 struct hci_cp_le_accept_cis cp; 1146 struct hci_dev *hdev = conn->hdev; 1147 1148 BT_DBG("conn %p", conn); 1149 1150 conn->state = BT_CONFIG; 1151 1152 cp.handle = cpu_to_le16(conn->handle); 1153 1154 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1155 } 1156 1157 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1158 size_t len, int flags) 1159 { 1160 struct sock *sk = sock->sk; 1161 struct iso_pinfo *pi = iso_pi(sk); 1162 1163 BT_DBG("sk %p", sk); 1164 1165 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1166 lock_sock(sk); 1167 switch (sk->sk_state) { 1168 case BT_CONNECT2: 1169 iso_conn_defer_accept(pi->conn->hcon); 1170 sk->sk_state = BT_CONFIG; 1171 release_sock(sk); 1172 return 0; 1173 case BT_CONNECT: 1174 release_sock(sk); 1175 return iso_connect_cis(sk); 1176 default: 1177 release_sock(sk); 1178 break; 1179 } 1180 } 1181 1182 return bt_sock_recvmsg(sock, msg, len, flags); 1183 } 1184 1185 static bool check_io_qos(struct bt_iso_io_qos *qos) 1186 { 1187 /* If no PHY is enable SDU must be 0 */ 1188 if (!qos->phy && qos->sdu) 1189 return false; 1190 1191 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1192 return false; 1193 1194 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1195 return false; 1196 1197 if (qos->phy > BT_ISO_PHY_ANY) 1198 return false; 1199 1200 return true; 1201 } 1202 1203 static bool check_ucast_qos(struct bt_iso_qos *qos) 1204 { 1205 if (qos->ucast.sca > 0x07) 1206 return false; 1207 1208 if (qos->ucast.packing > 0x01) 1209 return false; 1210 1211 if (qos->ucast.framing > 0x01) 1212 return false; 1213 1214 if (!check_io_qos(&qos->ucast.in)) 1215 return false; 1216 1217 if (!check_io_qos(&qos->ucast.out)) 1218 return false; 1219 1220 return true; 1221 } 1222 1223 static bool check_bcast_qos(struct bt_iso_qos *qos) 1224 { 1225 if (qos->bcast.sync_factor == 0x00) 1226 return false; 1227 1228 if (qos->bcast.packing > 0x01) 1229 return false; 1230 1231 if (qos->bcast.framing > 0x01) 1232 return false; 1233 1234 if (!check_io_qos(&qos->bcast.in)) 1235 return false; 1236 1237 if (!check_io_qos(&qos->bcast.out)) 1238 return false; 1239 1240 if (qos->bcast.encryption > 0x01) 1241 return false; 1242 1243 if (qos->bcast.options > 0x07) 1244 return false; 1245 1246 if (qos->bcast.skip > 0x01f3) 1247 return false; 1248 1249 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1250 return false; 1251 1252 if (qos->bcast.sync_cte_type > 0x1f) 1253 return false; 1254 1255 if (qos->bcast.mse > 0x1f) 1256 return false; 1257 1258 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1259 return false; 1260 1261 return true; 1262 } 1263 1264 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1265 sockptr_t optval, unsigned int optlen) 1266 { 1267 struct sock *sk = sock->sk; 1268 int len, err = 0; 1269 struct bt_iso_qos qos = default_qos; 1270 u32 opt; 1271 1272 BT_DBG("sk %p", sk); 1273 1274 lock_sock(sk); 1275 1276 switch (optname) { 1277 case BT_DEFER_SETUP: 1278 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1279 err = -EINVAL; 1280 break; 1281 } 1282 1283 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1284 err = -EFAULT; 1285 break; 1286 } 1287 1288 if (opt) 1289 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1290 else 1291 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1292 break; 1293 1294 case BT_ISO_QOS: 1295 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1296 sk->sk_state != BT_CONNECT2) { 1297 err = -EINVAL; 1298 break; 1299 } 1300 1301 len = min_t(unsigned int, sizeof(qos), optlen); 1302 1303 if (copy_from_sockptr(&qos, optval, len)) { 1304 err = -EFAULT; 1305 break; 1306 } 1307 1308 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) { 1309 err = -EINVAL; 1310 break; 1311 } 1312 1313 iso_pi(sk)->qos = qos; 1314 iso_pi(sk)->qos_user_set = true; 1315 1316 break; 1317 1318 case BT_ISO_BASE: 1319 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1320 sk->sk_state != BT_CONNECT2) { 1321 err = -EINVAL; 1322 break; 1323 } 1324 1325 if (optlen > sizeof(iso_pi(sk)->base)) { 1326 err = -EOVERFLOW; 1327 break; 1328 } 1329 1330 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1331 1332 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1333 err = -EFAULT; 1334 break; 1335 } 1336 1337 iso_pi(sk)->base_len = len; 1338 1339 break; 1340 1341 default: 1342 err = -ENOPROTOOPT; 1343 break; 1344 } 1345 1346 release_sock(sk); 1347 return err; 1348 } 1349 1350 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1351 char __user *optval, int __user *optlen) 1352 { 1353 struct sock *sk = sock->sk; 1354 int len, err = 0; 1355 struct bt_iso_qos *qos; 1356 u8 base_len; 1357 u8 *base; 1358 1359 BT_DBG("sk %p", sk); 1360 1361 if (get_user(len, optlen)) 1362 return -EFAULT; 1363 1364 lock_sock(sk); 1365 1366 switch (optname) { 1367 case BT_DEFER_SETUP: 1368 if (sk->sk_state == BT_CONNECTED) { 1369 err = -EINVAL; 1370 break; 1371 } 1372 1373 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1374 (u32 __user *)optval)) 1375 err = -EFAULT; 1376 1377 break; 1378 1379 case BT_ISO_QOS: 1380 qos = iso_sock_get_qos(sk); 1381 1382 len = min_t(unsigned int, len, sizeof(*qos)); 1383 if (copy_to_user(optval, qos, len)) 1384 err = -EFAULT; 1385 1386 break; 1387 1388 case BT_ISO_BASE: 1389 if (sk->sk_state == BT_CONNECTED) { 1390 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1391 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1392 } else { 1393 base_len = iso_pi(sk)->base_len; 1394 base = iso_pi(sk)->base; 1395 } 1396 1397 len = min_t(unsigned int, len, base_len); 1398 if (copy_to_user(optval, base, len)) 1399 err = -EFAULT; 1400 1401 break; 1402 1403 default: 1404 err = -ENOPROTOOPT; 1405 break; 1406 } 1407 1408 release_sock(sk); 1409 return err; 1410 } 1411 1412 static int iso_sock_shutdown(struct socket *sock, int how) 1413 { 1414 struct sock *sk = sock->sk; 1415 int err = 0; 1416 1417 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1418 1419 if (!sk) 1420 return 0; 1421 1422 sock_hold(sk); 1423 lock_sock(sk); 1424 1425 switch (how) { 1426 case SHUT_RD: 1427 if (sk->sk_shutdown & RCV_SHUTDOWN) 1428 goto unlock; 1429 sk->sk_shutdown |= RCV_SHUTDOWN; 1430 break; 1431 case SHUT_WR: 1432 if (sk->sk_shutdown & SEND_SHUTDOWN) 1433 goto unlock; 1434 sk->sk_shutdown |= SEND_SHUTDOWN; 1435 break; 1436 case SHUT_RDWR: 1437 if (sk->sk_shutdown & SHUTDOWN_MASK) 1438 goto unlock; 1439 sk->sk_shutdown |= SHUTDOWN_MASK; 1440 break; 1441 } 1442 1443 iso_sock_clear_timer(sk); 1444 __iso_sock_close(sk); 1445 1446 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1447 !(current->flags & PF_EXITING)) 1448 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1449 1450 unlock: 1451 release_sock(sk); 1452 sock_put(sk); 1453 1454 return err; 1455 } 1456 1457 static int iso_sock_release(struct socket *sock) 1458 { 1459 struct sock *sk = sock->sk; 1460 int err = 0; 1461 1462 BT_DBG("sock %p, sk %p", sock, sk); 1463 1464 if (!sk) 1465 return 0; 1466 1467 iso_sock_close(sk); 1468 1469 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1470 !(current->flags & PF_EXITING)) { 1471 lock_sock(sk); 1472 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1473 release_sock(sk); 1474 } 1475 1476 sock_orphan(sk); 1477 iso_sock_kill(sk); 1478 return err; 1479 } 1480 1481 static void iso_sock_ready(struct sock *sk) 1482 { 1483 BT_DBG("sk %p", sk); 1484 1485 if (!sk) 1486 return; 1487 1488 lock_sock(sk); 1489 iso_sock_clear_timer(sk); 1490 sk->sk_state = BT_CONNECTED; 1491 sk->sk_state_change(sk); 1492 release_sock(sk); 1493 } 1494 1495 struct iso_list_data { 1496 struct hci_conn *hcon; 1497 int count; 1498 }; 1499 1500 static bool iso_match_big(struct sock *sk, void *data) 1501 { 1502 struct hci_evt_le_big_sync_estabilished *ev = data; 1503 1504 return ev->handle == iso_pi(sk)->qos.bcast.big; 1505 } 1506 1507 static void iso_conn_ready(struct iso_conn *conn) 1508 { 1509 struct sock *parent; 1510 struct sock *sk = conn->sk; 1511 struct hci_ev_le_big_sync_estabilished *ev; 1512 struct hci_conn *hcon; 1513 1514 BT_DBG("conn %p", conn); 1515 1516 if (sk) { 1517 iso_sock_ready(conn->sk); 1518 } else { 1519 hcon = conn->hcon; 1520 if (!hcon) 1521 return; 1522 1523 ev = hci_recv_event_data(hcon->hdev, 1524 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1525 if (ev) 1526 parent = iso_get_sock_listen(&hcon->src, 1527 &hcon->dst, 1528 iso_match_big, ev); 1529 else 1530 parent = iso_get_sock_listen(&hcon->src, 1531 BDADDR_ANY, NULL, NULL); 1532 1533 if (!parent) 1534 return; 1535 1536 lock_sock(parent); 1537 1538 sk = iso_sock_alloc(sock_net(parent), NULL, 1539 BTPROTO_ISO, GFP_ATOMIC, 0); 1540 if (!sk) { 1541 release_sock(parent); 1542 return; 1543 } 1544 1545 iso_sock_init(sk, parent); 1546 1547 bacpy(&iso_pi(sk)->src, &hcon->src); 1548 iso_pi(sk)->src_type = hcon->src_type; 1549 1550 /* If hcon has no destination address (BDADDR_ANY) it means it 1551 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1552 * initialize using the parent socket destination address. 1553 */ 1554 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1555 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1556 hcon->dst_type = iso_pi(parent)->dst_type; 1557 hcon->sync_handle = iso_pi(parent)->sync_handle; 1558 } 1559 1560 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1561 iso_pi(sk)->dst_type = hcon->dst_type; 1562 1563 hci_conn_hold(hcon); 1564 iso_chan_add(conn, sk, parent); 1565 1566 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1567 sk->sk_state = BT_CONNECT2; 1568 else 1569 sk->sk_state = BT_CONNECTED; 1570 1571 /* Wake up parent */ 1572 parent->sk_data_ready(parent); 1573 1574 release_sock(parent); 1575 } 1576 } 1577 1578 static bool iso_match_sid(struct sock *sk, void *data) 1579 { 1580 struct hci_ev_le_pa_sync_established *ev = data; 1581 1582 return ev->sid == iso_pi(sk)->bc_sid; 1583 } 1584 1585 static bool iso_match_sync_handle(struct sock *sk, void *data) 1586 { 1587 struct hci_evt_le_big_info_adv_report *ev = data; 1588 1589 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1590 } 1591 1592 /* ----- ISO interface with lower layer (HCI) ----- */ 1593 1594 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1595 { 1596 struct hci_ev_le_pa_sync_established *ev1; 1597 struct hci_evt_le_big_info_adv_report *ev2; 1598 struct sock *sk; 1599 int lm = 0; 1600 1601 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1602 1603 /* Broadcast receiver requires handling of some events before it can 1604 * proceed to establishing a BIG sync: 1605 * 1606 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1607 * SID to listen to and once sync is estabilished its handle needs to 1608 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1609 * receiving the BIG Info. 1610 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1611 * a BIG Info it attempts to check if there any listening socket with 1612 * the same sync_handle and if it does then attempt to create a sync. 1613 */ 1614 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1615 if (ev1) { 1616 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1617 ev1); 1618 if (sk) 1619 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1620 1621 goto done; 1622 } 1623 1624 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1625 if (ev2) { 1626 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1627 iso_match_sync_handle, ev2); 1628 if (sk) { 1629 int err; 1630 1631 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1632 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1633 1634 err = hci_le_big_create_sync(hdev, 1635 &iso_pi(sk)->qos, 1636 iso_pi(sk)->sync_handle, 1637 iso_pi(sk)->bc_num_bis, 1638 iso_pi(sk)->bc_bis); 1639 if (err) { 1640 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1641 err); 1642 sk = NULL; 1643 } 1644 } 1645 } else { 1646 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1647 } 1648 1649 done: 1650 if (!sk) 1651 return lm; 1652 1653 lm |= HCI_LM_ACCEPT; 1654 1655 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1656 *flags |= HCI_PROTO_DEFER; 1657 1658 return lm; 1659 } 1660 1661 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1662 { 1663 if (hcon->type != ISO_LINK) { 1664 if (hcon->type != LE_LINK) 1665 return; 1666 1667 /* Check if LE link has failed */ 1668 if (status) { 1669 struct hci_link *link, *t; 1670 1671 list_for_each_entry_safe(link, t, &hcon->link_list, 1672 list) 1673 iso_conn_del(link->conn, bt_to_errno(status)); 1674 1675 return; 1676 } 1677 1678 /* Create CIS if pending */ 1679 hci_le_create_cis(hcon); 1680 return; 1681 } 1682 1683 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1684 1685 if (!status) { 1686 struct iso_conn *conn; 1687 1688 conn = iso_conn_add(hcon); 1689 if (conn) 1690 iso_conn_ready(conn); 1691 } else { 1692 iso_conn_del(hcon, bt_to_errno(status)); 1693 } 1694 } 1695 1696 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1697 { 1698 if (hcon->type != ISO_LINK) 1699 return; 1700 1701 BT_DBG("hcon %p reason %d", hcon, reason); 1702 1703 iso_conn_del(hcon, bt_to_errno(reason)); 1704 } 1705 1706 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1707 { 1708 struct iso_conn *conn = hcon->iso_data; 1709 __u16 pb, ts, len; 1710 1711 if (!conn) 1712 goto drop; 1713 1714 pb = hci_iso_flags_pb(flags); 1715 ts = hci_iso_flags_ts(flags); 1716 1717 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1718 1719 switch (pb) { 1720 case ISO_START: 1721 case ISO_SINGLE: 1722 if (conn->rx_len) { 1723 BT_ERR("Unexpected start frame (len %d)", skb->len); 1724 kfree_skb(conn->rx_skb); 1725 conn->rx_skb = NULL; 1726 conn->rx_len = 0; 1727 } 1728 1729 if (ts) { 1730 struct hci_iso_ts_data_hdr *hdr; 1731 1732 /* TODO: add timestamp to the packet? */ 1733 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1734 if (!hdr) { 1735 BT_ERR("Frame is too short (len %d)", skb->len); 1736 goto drop; 1737 } 1738 1739 len = __le16_to_cpu(hdr->slen); 1740 } else { 1741 struct hci_iso_data_hdr *hdr; 1742 1743 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1744 if (!hdr) { 1745 BT_ERR("Frame is too short (len %d)", skb->len); 1746 goto drop; 1747 } 1748 1749 len = __le16_to_cpu(hdr->slen); 1750 } 1751 1752 flags = hci_iso_data_flags(len); 1753 len = hci_iso_data_len(len); 1754 1755 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1756 skb->len, flags); 1757 1758 if (len == skb->len) { 1759 /* Complete frame received */ 1760 iso_recv_frame(conn, skb); 1761 return; 1762 } 1763 1764 if (pb == ISO_SINGLE) { 1765 BT_ERR("Frame malformed (len %d, expected len %d)", 1766 skb->len, len); 1767 goto drop; 1768 } 1769 1770 if (skb->len > len) { 1771 BT_ERR("Frame is too long (len %d, expected len %d)", 1772 skb->len, len); 1773 goto drop; 1774 } 1775 1776 /* Allocate skb for the complete frame (with header) */ 1777 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1778 if (!conn->rx_skb) 1779 goto drop; 1780 1781 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1782 skb->len); 1783 conn->rx_len = len - skb->len; 1784 break; 1785 1786 case ISO_CONT: 1787 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1788 conn->rx_len); 1789 1790 if (!conn->rx_len) { 1791 BT_ERR("Unexpected continuation frame (len %d)", 1792 skb->len); 1793 goto drop; 1794 } 1795 1796 if (skb->len > conn->rx_len) { 1797 BT_ERR("Fragment is too long (len %d, expected %d)", 1798 skb->len, conn->rx_len); 1799 kfree_skb(conn->rx_skb); 1800 conn->rx_skb = NULL; 1801 conn->rx_len = 0; 1802 goto drop; 1803 } 1804 1805 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1806 skb->len); 1807 conn->rx_len -= skb->len; 1808 return; 1809 1810 case ISO_END: 1811 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1812 skb->len); 1813 conn->rx_len -= skb->len; 1814 1815 if (!conn->rx_len) { 1816 struct sk_buff *rx_skb = conn->rx_skb; 1817 1818 /* Complete frame received. iso_recv_frame 1819 * takes ownership of the skb so set the global 1820 * rx_skb pointer to NULL first. 1821 */ 1822 conn->rx_skb = NULL; 1823 iso_recv_frame(conn, rx_skb); 1824 } 1825 break; 1826 } 1827 1828 drop: 1829 kfree_skb(skb); 1830 } 1831 1832 static struct hci_cb iso_cb = { 1833 .name = "ISO", 1834 .connect_cfm = iso_connect_cfm, 1835 .disconn_cfm = iso_disconn_cfm, 1836 }; 1837 1838 static int iso_debugfs_show(struct seq_file *f, void *p) 1839 { 1840 struct sock *sk; 1841 1842 read_lock(&iso_sk_list.lock); 1843 1844 sk_for_each(sk, &iso_sk_list.head) { 1845 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1846 &iso_pi(sk)->dst, sk->sk_state); 1847 } 1848 1849 read_unlock(&iso_sk_list.lock); 1850 1851 return 0; 1852 } 1853 1854 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1855 1856 static struct dentry *iso_debugfs; 1857 1858 static const struct proto_ops iso_sock_ops = { 1859 .family = PF_BLUETOOTH, 1860 .owner = THIS_MODULE, 1861 .release = iso_sock_release, 1862 .bind = iso_sock_bind, 1863 .connect = iso_sock_connect, 1864 .listen = iso_sock_listen, 1865 .accept = iso_sock_accept, 1866 .getname = iso_sock_getname, 1867 .sendmsg = iso_sock_sendmsg, 1868 .recvmsg = iso_sock_recvmsg, 1869 .poll = bt_sock_poll, 1870 .ioctl = bt_sock_ioctl, 1871 .mmap = sock_no_mmap, 1872 .socketpair = sock_no_socketpair, 1873 .shutdown = iso_sock_shutdown, 1874 .setsockopt = iso_sock_setsockopt, 1875 .getsockopt = iso_sock_getsockopt 1876 }; 1877 1878 static const struct net_proto_family iso_sock_family_ops = { 1879 .family = PF_BLUETOOTH, 1880 .owner = THIS_MODULE, 1881 .create = iso_sock_create, 1882 }; 1883 1884 static bool iso_inited; 1885 1886 bool iso_enabled(void) 1887 { 1888 return iso_inited; 1889 } 1890 1891 int iso_init(void) 1892 { 1893 int err; 1894 1895 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1896 1897 if (iso_inited) 1898 return -EALREADY; 1899 1900 err = proto_register(&iso_proto, 0); 1901 if (err < 0) 1902 return err; 1903 1904 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1905 if (err < 0) { 1906 BT_ERR("ISO socket registration failed"); 1907 goto error; 1908 } 1909 1910 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1911 if (err < 0) { 1912 BT_ERR("Failed to create ISO proc file"); 1913 bt_sock_unregister(BTPROTO_ISO); 1914 goto error; 1915 } 1916 1917 BT_INFO("ISO socket layer initialized"); 1918 1919 hci_register_cb(&iso_cb); 1920 1921 if (IS_ERR_OR_NULL(bt_debugfs)) 1922 return 0; 1923 1924 if (!iso_debugfs) { 1925 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1926 NULL, &iso_debugfs_fops); 1927 } 1928 1929 iso_inited = true; 1930 1931 return 0; 1932 1933 error: 1934 proto_unregister(&iso_proto); 1935 return err; 1936 } 1937 1938 int iso_exit(void) 1939 { 1940 if (!iso_inited) 1941 return -EALREADY; 1942 1943 bt_procfs_cleanup(&init_net, "iso"); 1944 1945 debugfs_remove(iso_debugfs); 1946 iso_debugfs = NULL; 1947 1948 hci_unregister_cb(&iso_cb); 1949 1950 bt_sock_unregister(BTPROTO_ISO); 1951 1952 proto_unregister(&iso_proto); 1953 1954 iso_inited = false; 1955 1956 return 0; 1957 } 1958