1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023 NXP 7 */ 8 9 #include <linux/module.h> 10 #include <linux/debugfs.h> 11 #include <linux/seq_file.h> 12 #include <linux/sched/signal.h> 13 14 #include <net/bluetooth/bluetooth.h> 15 #include <net/bluetooth/hci_core.h> 16 #include <net/bluetooth/iso.h> 17 18 static const struct proto_ops iso_sock_ops; 19 20 static struct bt_sock_list iso_sk_list = { 21 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 22 }; 23 24 /* ---- ISO connections ---- */ 25 struct iso_conn { 26 struct hci_conn *hcon; 27 28 /* @lock: spinlock protecting changes to iso_conn fields */ 29 spinlock_t lock; 30 struct sock *sk; 31 32 struct delayed_work timeout_work; 33 34 struct sk_buff *rx_skb; 35 __u32 rx_len; 36 __u16 tx_sn; 37 }; 38 39 #define iso_conn_lock(c) spin_lock(&(c)->lock) 40 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 41 42 static void iso_sock_close(struct sock *sk); 43 static void iso_sock_kill(struct sock *sk); 44 45 /* ----- ISO socket info ----- */ 46 #define iso_pi(sk) ((struct iso_pinfo *)sk) 47 48 #define EIR_SERVICE_DATA_LENGTH 4 49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 50 51 struct iso_pinfo { 52 struct bt_sock bt; 53 bdaddr_t src; 54 __u8 src_type; 55 bdaddr_t dst; 56 __u8 dst_type; 57 __u8 bc_sid; 58 __u8 bc_num_bis; 59 __u8 bc_bis[ISO_MAX_NUM_BIS]; 60 __u16 sync_handle; 61 __u32 flags; 62 struct bt_iso_qos qos; 63 bool qos_user_set; 64 __u8 base_len; 65 __u8 base[BASE_MAX_LENGTH]; 66 struct iso_conn *conn; 67 }; 68 69 static struct bt_iso_qos default_qos; 70 71 static bool check_ucast_qos(struct bt_iso_qos *qos); 72 static bool check_bcast_qos(struct bt_iso_qos *qos); 73 74 /* ---- ISO timers ---- */ 75 #define ISO_CONN_TIMEOUT (HZ * 40) 76 #define ISO_DISCONN_TIMEOUT (HZ * 2) 77 78 static void iso_sock_timeout(struct work_struct *work) 79 { 80 struct iso_conn *conn = container_of(work, struct iso_conn, 81 timeout_work.work); 82 struct sock *sk; 83 84 iso_conn_lock(conn); 85 sk = conn->sk; 86 if (sk) 87 sock_hold(sk); 88 iso_conn_unlock(conn); 89 90 if (!sk) 91 return; 92 93 BT_DBG("sock %p state %d", sk, sk->sk_state); 94 95 lock_sock(sk); 96 sk->sk_err = ETIMEDOUT; 97 sk->sk_state_change(sk); 98 release_sock(sk); 99 sock_put(sk); 100 } 101 102 static void iso_sock_set_timer(struct sock *sk, long timeout) 103 { 104 if (!iso_pi(sk)->conn) 105 return; 106 107 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 108 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 109 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 110 } 111 112 static void iso_sock_clear_timer(struct sock *sk) 113 { 114 if (!iso_pi(sk)->conn) 115 return; 116 117 BT_DBG("sock %p state %d", sk, sk->sk_state); 118 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 119 } 120 121 /* ---- ISO connections ---- */ 122 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 123 { 124 struct iso_conn *conn = hcon->iso_data; 125 126 if (conn) 127 return conn; 128 129 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 130 if (!conn) 131 return NULL; 132 133 spin_lock_init(&conn->lock); 134 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 135 136 hcon->iso_data = conn; 137 conn->hcon = hcon; 138 conn->tx_sn = 0; 139 140 BT_DBG("hcon %p conn %p", hcon, conn); 141 142 return conn; 143 } 144 145 /* Delete channel. Must be called on the locked socket. */ 146 static void iso_chan_del(struct sock *sk, int err) 147 { 148 struct iso_conn *conn; 149 struct sock *parent; 150 151 conn = iso_pi(sk)->conn; 152 153 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 154 155 if (conn) { 156 iso_conn_lock(conn); 157 conn->sk = NULL; 158 iso_pi(sk)->conn = NULL; 159 iso_conn_unlock(conn); 160 161 if (conn->hcon) 162 hci_conn_drop(conn->hcon); 163 } 164 165 sk->sk_state = BT_CLOSED; 166 sk->sk_err = err; 167 168 parent = bt_sk(sk)->parent; 169 if (parent) { 170 bt_accept_unlink(sk); 171 parent->sk_data_ready(parent); 172 } else { 173 sk->sk_state_change(sk); 174 } 175 176 sock_set_flag(sk, SOCK_ZAPPED); 177 } 178 179 static void iso_conn_del(struct hci_conn *hcon, int err) 180 { 181 struct iso_conn *conn = hcon->iso_data; 182 struct sock *sk; 183 184 if (!conn) 185 return; 186 187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 188 189 /* Kill socket */ 190 iso_conn_lock(conn); 191 sk = conn->sk; 192 if (sk) 193 sock_hold(sk); 194 iso_conn_unlock(conn); 195 196 if (sk) { 197 lock_sock(sk); 198 iso_sock_clear_timer(sk); 199 iso_chan_del(sk, err); 200 release_sock(sk); 201 sock_put(sk); 202 } 203 204 /* Ensure no more work items will run before freeing conn. */ 205 cancel_delayed_work_sync(&conn->timeout_work); 206 207 hcon->iso_data = NULL; 208 kfree(conn); 209 } 210 211 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 212 struct sock *parent) 213 { 214 BT_DBG("conn %p", conn); 215 216 if (iso_pi(sk)->conn == conn && conn->sk == sk) 217 return 0; 218 219 if (conn->sk) { 220 BT_ERR("conn->sk already set"); 221 return -EBUSY; 222 } 223 224 iso_pi(sk)->conn = conn; 225 conn->sk = sk; 226 227 if (parent) 228 bt_accept_enqueue(parent, sk, true); 229 230 return 0; 231 } 232 233 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 234 struct sock *parent) 235 { 236 int err; 237 238 iso_conn_lock(conn); 239 err = __iso_chan_add(conn, sk, parent); 240 iso_conn_unlock(conn); 241 242 return err; 243 } 244 245 static inline u8 le_addr_type(u8 bdaddr_type) 246 { 247 if (bdaddr_type == BDADDR_LE_PUBLIC) 248 return ADDR_LE_DEV_PUBLIC; 249 else 250 return ADDR_LE_DEV_RANDOM; 251 } 252 253 static int iso_connect_bis(struct sock *sk) 254 { 255 struct iso_conn *conn; 256 struct hci_conn *hcon; 257 struct hci_dev *hdev; 258 int err; 259 260 BT_DBG("%pMR", &iso_pi(sk)->src); 261 262 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 263 iso_pi(sk)->src_type); 264 if (!hdev) 265 return -EHOSTUNREACH; 266 267 hci_dev_lock(hdev); 268 269 if (!bis_capable(hdev)) { 270 err = -EOPNOTSUPP; 271 goto unlock; 272 } 273 274 /* Fail if user set invalid QoS */ 275 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 276 iso_pi(sk)->qos = default_qos; 277 err = -EINVAL; 278 goto unlock; 279 } 280 281 /* Fail if out PHYs are marked as disabled */ 282 if (!iso_pi(sk)->qos.bcast.out.phy) { 283 err = -EINVAL; 284 goto unlock; 285 } 286 287 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 288 le_addr_type(iso_pi(sk)->dst_type), 289 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 290 iso_pi(sk)->base); 291 if (IS_ERR(hcon)) { 292 err = PTR_ERR(hcon); 293 goto unlock; 294 } 295 296 conn = iso_conn_add(hcon); 297 if (!conn) { 298 hci_conn_drop(hcon); 299 err = -ENOMEM; 300 goto unlock; 301 } 302 303 hci_dev_unlock(hdev); 304 hci_dev_put(hdev); 305 306 err = iso_chan_add(conn, sk, NULL); 307 if (err) 308 return err; 309 310 lock_sock(sk); 311 312 /* Update source addr of the socket */ 313 bacpy(&iso_pi(sk)->src, &hcon->src); 314 315 if (hcon->state == BT_CONNECTED) { 316 iso_sock_clear_timer(sk); 317 sk->sk_state = BT_CONNECTED; 318 } else { 319 sk->sk_state = BT_CONNECT; 320 iso_sock_set_timer(sk, sk->sk_sndtimeo); 321 } 322 323 release_sock(sk); 324 return err; 325 326 unlock: 327 hci_dev_unlock(hdev); 328 hci_dev_put(hdev); 329 return err; 330 } 331 332 static int iso_connect_cis(struct sock *sk) 333 { 334 struct iso_conn *conn; 335 struct hci_conn *hcon; 336 struct hci_dev *hdev; 337 int err; 338 339 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 340 341 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 342 iso_pi(sk)->src_type); 343 if (!hdev) 344 return -EHOSTUNREACH; 345 346 hci_dev_lock(hdev); 347 348 if (!cis_central_capable(hdev)) { 349 err = -EOPNOTSUPP; 350 goto unlock; 351 } 352 353 /* Fail if user set invalid QoS */ 354 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 355 iso_pi(sk)->qos = default_qos; 356 err = -EINVAL; 357 goto unlock; 358 } 359 360 /* Fail if either PHYs are marked as disabled */ 361 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 362 err = -EINVAL; 363 goto unlock; 364 } 365 366 /* Just bind if DEFER_SETUP has been set */ 367 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 368 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 369 le_addr_type(iso_pi(sk)->dst_type), 370 &iso_pi(sk)->qos); 371 if (IS_ERR(hcon)) { 372 err = PTR_ERR(hcon); 373 goto unlock; 374 } 375 } else { 376 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 377 le_addr_type(iso_pi(sk)->dst_type), 378 &iso_pi(sk)->qos); 379 if (IS_ERR(hcon)) { 380 err = PTR_ERR(hcon); 381 goto unlock; 382 } 383 } 384 385 conn = iso_conn_add(hcon); 386 if (!conn) { 387 hci_conn_drop(hcon); 388 err = -ENOMEM; 389 goto unlock; 390 } 391 392 hci_dev_unlock(hdev); 393 hci_dev_put(hdev); 394 395 err = iso_chan_add(conn, sk, NULL); 396 if (err) 397 return err; 398 399 lock_sock(sk); 400 401 /* Update source addr of the socket */ 402 bacpy(&iso_pi(sk)->src, &hcon->src); 403 404 if (hcon->state == BT_CONNECTED) { 405 iso_sock_clear_timer(sk); 406 sk->sk_state = BT_CONNECTED; 407 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 408 iso_sock_clear_timer(sk); 409 sk->sk_state = BT_CONNECT; 410 } else { 411 sk->sk_state = BT_CONNECT; 412 iso_sock_set_timer(sk, sk->sk_sndtimeo); 413 } 414 415 release_sock(sk); 416 return err; 417 418 unlock: 419 hci_dev_unlock(hdev); 420 hci_dev_put(hdev); 421 return err; 422 } 423 424 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 425 { 426 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 427 return &iso_pi(sk)->conn->hcon->iso_qos; 428 429 return &iso_pi(sk)->qos; 430 } 431 432 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 433 { 434 struct iso_conn *conn = iso_pi(sk)->conn; 435 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 436 struct hci_iso_data_hdr *hdr; 437 int len = 0; 438 439 BT_DBG("sk %p len %d", sk, skb->len); 440 441 if (skb->len > qos->ucast.out.sdu) 442 return -EMSGSIZE; 443 444 len = skb->len; 445 446 /* Push ISO data header */ 447 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 448 hdr->sn = cpu_to_le16(conn->tx_sn++); 449 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 450 HCI_ISO_STATUS_VALID)); 451 452 if (sk->sk_state == BT_CONNECTED) 453 hci_send_iso(conn->hcon, skb); 454 else 455 len = -ENOTCONN; 456 457 return len; 458 } 459 460 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 461 { 462 struct sock *sk; 463 464 iso_conn_lock(conn); 465 sk = conn->sk; 466 iso_conn_unlock(conn); 467 468 if (!sk) 469 goto drop; 470 471 BT_DBG("sk %p len %d", sk, skb->len); 472 473 if (sk->sk_state != BT_CONNECTED) 474 goto drop; 475 476 if (!sock_queue_rcv_skb(sk, skb)) 477 return; 478 479 drop: 480 kfree_skb(skb); 481 } 482 483 /* -------- Socket interface ---------- */ 484 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 485 { 486 struct sock *sk; 487 488 sk_for_each(sk, &iso_sk_list.head) { 489 if (sk->sk_state != BT_LISTEN) 490 continue; 491 492 if (!bacmp(&iso_pi(sk)->src, ba)) 493 return sk; 494 } 495 496 return NULL; 497 } 498 499 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 500 __u8 sid) 501 { 502 struct sock *sk; 503 504 sk_for_each(sk, &iso_sk_list.head) { 505 if (sk->sk_state != BT_LISTEN) 506 continue; 507 508 if (bacmp(&iso_pi(sk)->src, ba)) 509 continue; 510 511 if (bacmp(&iso_pi(sk)->dst, bc)) 512 continue; 513 514 if (iso_pi(sk)->bc_sid == sid) 515 return sk; 516 } 517 518 return NULL; 519 } 520 521 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 522 523 /* Find socket listening: 524 * source bdaddr (Unicast) 525 * destination bdaddr (Broadcast only) 526 * match func - pass NULL to ignore 527 * match func data - pass -1 to ignore 528 * Returns closest match. 529 */ 530 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 531 iso_sock_match_t match, void *data) 532 { 533 struct sock *sk = NULL, *sk1 = NULL; 534 535 read_lock(&iso_sk_list.lock); 536 537 sk_for_each(sk, &iso_sk_list.head) { 538 if (sk->sk_state != BT_LISTEN) 539 continue; 540 541 /* Match Broadcast destination */ 542 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 543 continue; 544 545 /* Use Match function if provided */ 546 if (match && !match(sk, data)) 547 continue; 548 549 /* Exact match. */ 550 if (!bacmp(&iso_pi(sk)->src, src)) 551 break; 552 553 /* Closest match */ 554 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 555 sk1 = sk; 556 } 557 558 read_unlock(&iso_sk_list.lock); 559 560 return sk ? sk : sk1; 561 } 562 563 static void iso_sock_destruct(struct sock *sk) 564 { 565 BT_DBG("sk %p", sk); 566 567 skb_queue_purge(&sk->sk_receive_queue); 568 skb_queue_purge(&sk->sk_write_queue); 569 } 570 571 static void iso_sock_cleanup_listen(struct sock *parent) 572 { 573 struct sock *sk; 574 575 BT_DBG("parent %p", parent); 576 577 /* Close not yet accepted channels */ 578 while ((sk = bt_accept_dequeue(parent, NULL))) { 579 iso_sock_close(sk); 580 iso_sock_kill(sk); 581 } 582 583 parent->sk_state = BT_CLOSED; 584 sock_set_flag(parent, SOCK_ZAPPED); 585 } 586 587 /* Kill socket (only if zapped and orphan) 588 * Must be called on unlocked socket. 589 */ 590 static void iso_sock_kill(struct sock *sk) 591 { 592 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 593 sock_flag(sk, SOCK_DEAD)) 594 return; 595 596 BT_DBG("sk %p state %d", sk, sk->sk_state); 597 598 /* Kill poor orphan */ 599 bt_sock_unlink(&iso_sk_list, sk); 600 sock_set_flag(sk, SOCK_DEAD); 601 sock_put(sk); 602 } 603 604 static void iso_conn_defer_reject(struct hci_conn *conn) 605 { 606 struct hci_cp_le_reject_cis cp; 607 608 BT_DBG("conn %p", conn); 609 610 memset(&cp, 0, sizeof(cp)); 611 cp.handle = cpu_to_le16(conn->handle); 612 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 613 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 614 } 615 616 static void __iso_sock_close(struct sock *sk) 617 { 618 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 619 620 switch (sk->sk_state) { 621 case BT_LISTEN: 622 iso_sock_cleanup_listen(sk); 623 break; 624 625 case BT_CONNECTED: 626 case BT_CONFIG: 627 if (iso_pi(sk)->conn->hcon) { 628 sk->sk_state = BT_DISCONN; 629 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 630 iso_conn_lock(iso_pi(sk)->conn); 631 hci_conn_drop(iso_pi(sk)->conn->hcon); 632 iso_pi(sk)->conn->hcon = NULL; 633 iso_conn_unlock(iso_pi(sk)->conn); 634 } else { 635 iso_chan_del(sk, ECONNRESET); 636 } 637 break; 638 639 case BT_CONNECT2: 640 if (iso_pi(sk)->conn->hcon) 641 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 642 iso_chan_del(sk, ECONNRESET); 643 break; 644 case BT_CONNECT: 645 /* In case of DEFER_SETUP the hcon would be bound to CIG which 646 * needs to be removed so just call hci_conn_del so the cleanup 647 * callback do what is needed. 648 */ 649 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 650 iso_pi(sk)->conn->hcon) { 651 hci_conn_del(iso_pi(sk)->conn->hcon); 652 iso_pi(sk)->conn->hcon = NULL; 653 } 654 655 iso_chan_del(sk, ECONNRESET); 656 break; 657 case BT_DISCONN: 658 iso_chan_del(sk, ECONNRESET); 659 break; 660 661 default: 662 sock_set_flag(sk, SOCK_ZAPPED); 663 break; 664 } 665 } 666 667 /* Must be called on unlocked socket. */ 668 static void iso_sock_close(struct sock *sk) 669 { 670 iso_sock_clear_timer(sk); 671 lock_sock(sk); 672 __iso_sock_close(sk); 673 release_sock(sk); 674 iso_sock_kill(sk); 675 } 676 677 static void iso_sock_init(struct sock *sk, struct sock *parent) 678 { 679 BT_DBG("sk %p", sk); 680 681 if (parent) { 682 sk->sk_type = parent->sk_type; 683 bt_sk(sk)->flags = bt_sk(parent)->flags; 684 security_sk_clone(parent, sk); 685 } 686 } 687 688 static struct proto iso_proto = { 689 .name = "ISO", 690 .owner = THIS_MODULE, 691 .obj_size = sizeof(struct iso_pinfo) 692 }; 693 694 #define DEFAULT_IO_QOS \ 695 { \ 696 .interval = 10000u, \ 697 .latency = 10u, \ 698 .sdu = 40u, \ 699 .phy = BT_ISO_PHY_2M, \ 700 .rtn = 2u, \ 701 } 702 703 static struct bt_iso_qos default_qos = { 704 .bcast = { 705 .big = BT_ISO_QOS_BIG_UNSET, 706 .bis = BT_ISO_QOS_BIS_UNSET, 707 .sync_interval = 0x00, 708 .packing = 0x00, 709 .framing = 0x00, 710 .in = DEFAULT_IO_QOS, 711 .out = DEFAULT_IO_QOS, 712 .encryption = 0x00, 713 .bcode = {0x00}, 714 .options = 0x00, 715 .skip = 0x0000, 716 .sync_timeout = 0x4000, 717 .sync_cte_type = 0x00, 718 .mse = 0x00, 719 .timeout = 0x4000, 720 }, 721 }; 722 723 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 724 int proto, gfp_t prio, int kern) 725 { 726 struct sock *sk; 727 728 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 729 if (!sk) 730 return NULL; 731 732 sock_init_data(sock, sk); 733 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 734 735 sk->sk_destruct = iso_sock_destruct; 736 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 737 738 sock_reset_flag(sk, SOCK_ZAPPED); 739 740 sk->sk_protocol = proto; 741 sk->sk_state = BT_OPEN; 742 743 /* Set address type as public as default src address is BDADDR_ANY */ 744 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 745 746 iso_pi(sk)->qos = default_qos; 747 748 bt_sock_link(&iso_sk_list, sk); 749 return sk; 750 } 751 752 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 753 int kern) 754 { 755 struct sock *sk; 756 757 BT_DBG("sock %p", sock); 758 759 sock->state = SS_UNCONNECTED; 760 761 if (sock->type != SOCK_SEQPACKET) 762 return -ESOCKTNOSUPPORT; 763 764 sock->ops = &iso_sock_ops; 765 766 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 767 if (!sk) 768 return -ENOMEM; 769 770 iso_sock_init(sk, NULL); 771 return 0; 772 } 773 774 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 775 int addr_len) 776 { 777 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 778 struct sock *sk = sock->sk; 779 int i; 780 781 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 782 sa->iso_bc->bc_num_bis); 783 784 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 785 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 786 return -EINVAL; 787 788 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 789 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 790 iso_pi(sk)->sync_handle = -1; 791 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 792 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 793 794 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 795 if (sa->iso_bc->bc_bis[i] < 0x01 || 796 sa->iso_bc->bc_bis[i] > 0x1f) 797 return -EINVAL; 798 799 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 800 iso_pi(sk)->bc_num_bis); 801 } 802 803 return 0; 804 } 805 806 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 807 int addr_len) 808 { 809 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 810 struct sock *sk = sock->sk; 811 int err = 0; 812 813 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 814 815 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 816 addr->sa_family != AF_BLUETOOTH) 817 return -EINVAL; 818 819 lock_sock(sk); 820 821 if (sk->sk_state != BT_OPEN) { 822 err = -EBADFD; 823 goto done; 824 } 825 826 if (sk->sk_type != SOCK_SEQPACKET) { 827 err = -EINVAL; 828 goto done; 829 } 830 831 /* Check if the address type is of LE type */ 832 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 833 err = -EINVAL; 834 goto done; 835 } 836 837 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 838 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 839 840 /* Check for Broadcast address */ 841 if (addr_len > sizeof(*sa)) { 842 err = iso_sock_bind_bc(sock, addr, addr_len); 843 if (err) 844 goto done; 845 } 846 847 sk->sk_state = BT_BOUND; 848 849 done: 850 release_sock(sk); 851 return err; 852 } 853 854 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 855 int alen, int flags) 856 { 857 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 858 struct sock *sk = sock->sk; 859 int err; 860 861 BT_DBG("sk %p", sk); 862 863 if (alen < sizeof(struct sockaddr_iso) || 864 addr->sa_family != AF_BLUETOOTH) 865 return -EINVAL; 866 867 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 868 return -EBADFD; 869 870 if (sk->sk_type != SOCK_SEQPACKET) 871 return -EINVAL; 872 873 /* Check if the address type is of LE type */ 874 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 875 return -EINVAL; 876 877 lock_sock(sk); 878 879 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 880 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 881 882 release_sock(sk); 883 884 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 885 err = iso_connect_cis(sk); 886 else 887 err = iso_connect_bis(sk); 888 889 if (err) 890 return err; 891 892 lock_sock(sk); 893 894 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 895 err = bt_sock_wait_state(sk, BT_CONNECTED, 896 sock_sndtimeo(sk, flags & O_NONBLOCK)); 897 } 898 899 release_sock(sk); 900 return err; 901 } 902 903 static int iso_listen_bis(struct sock *sk) 904 { 905 struct hci_dev *hdev; 906 int err = 0; 907 908 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 909 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 910 911 write_lock(&iso_sk_list.lock); 912 913 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 914 iso_pi(sk)->bc_sid)) 915 err = -EADDRINUSE; 916 917 write_unlock(&iso_sk_list.lock); 918 919 if (err) 920 return err; 921 922 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 923 iso_pi(sk)->src_type); 924 if (!hdev) 925 return -EHOSTUNREACH; 926 927 /* Fail if user set invalid QoS */ 928 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 929 iso_pi(sk)->qos = default_qos; 930 return -EINVAL; 931 } 932 933 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 934 le_addr_type(iso_pi(sk)->dst_type), 935 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 936 937 hci_dev_put(hdev); 938 939 return err; 940 } 941 942 static int iso_listen_cis(struct sock *sk) 943 { 944 int err = 0; 945 946 BT_DBG("%pMR", &iso_pi(sk)->src); 947 948 write_lock(&iso_sk_list.lock); 949 950 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 951 err = -EADDRINUSE; 952 953 write_unlock(&iso_sk_list.lock); 954 955 return err; 956 } 957 958 static int iso_sock_listen(struct socket *sock, int backlog) 959 { 960 struct sock *sk = sock->sk; 961 int err = 0; 962 963 BT_DBG("sk %p backlog %d", sk, backlog); 964 965 lock_sock(sk); 966 967 if (sk->sk_state != BT_BOUND) { 968 err = -EBADFD; 969 goto done; 970 } 971 972 if (sk->sk_type != SOCK_SEQPACKET) { 973 err = -EINVAL; 974 goto done; 975 } 976 977 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 978 err = iso_listen_cis(sk); 979 else 980 err = iso_listen_bis(sk); 981 982 if (err) 983 goto done; 984 985 sk->sk_max_ack_backlog = backlog; 986 sk->sk_ack_backlog = 0; 987 988 sk->sk_state = BT_LISTEN; 989 990 done: 991 release_sock(sk); 992 return err; 993 } 994 995 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 996 int flags, bool kern) 997 { 998 DEFINE_WAIT_FUNC(wait, woken_wake_function); 999 struct sock *sk = sock->sk, *ch; 1000 long timeo; 1001 int err = 0; 1002 1003 lock_sock(sk); 1004 1005 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 1006 1007 BT_DBG("sk %p timeo %ld", sk, timeo); 1008 1009 /* Wait for an incoming connection. (wake-one). */ 1010 add_wait_queue_exclusive(sk_sleep(sk), &wait); 1011 while (1) { 1012 if (sk->sk_state != BT_LISTEN) { 1013 err = -EBADFD; 1014 break; 1015 } 1016 1017 ch = bt_accept_dequeue(sk, newsock); 1018 if (ch) 1019 break; 1020 1021 if (!timeo) { 1022 err = -EAGAIN; 1023 break; 1024 } 1025 1026 if (signal_pending(current)) { 1027 err = sock_intr_errno(timeo); 1028 break; 1029 } 1030 1031 release_sock(sk); 1032 1033 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1034 lock_sock(sk); 1035 } 1036 remove_wait_queue(sk_sleep(sk), &wait); 1037 1038 if (err) 1039 goto done; 1040 1041 newsock->state = SS_CONNECTED; 1042 1043 BT_DBG("new socket %p", ch); 1044 1045 done: 1046 release_sock(sk); 1047 return err; 1048 } 1049 1050 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1051 int peer) 1052 { 1053 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1054 struct sock *sk = sock->sk; 1055 1056 BT_DBG("sock %p, sk %p", sock, sk); 1057 1058 addr->sa_family = AF_BLUETOOTH; 1059 1060 if (peer) { 1061 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1062 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1063 } else { 1064 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1065 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1066 } 1067 1068 return sizeof(struct sockaddr_iso); 1069 } 1070 1071 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1072 size_t len) 1073 { 1074 struct sock *sk = sock->sk; 1075 struct iso_conn *conn = iso_pi(sk)->conn; 1076 struct sk_buff *skb, **frag; 1077 int err; 1078 1079 BT_DBG("sock %p, sk %p", sock, sk); 1080 1081 err = sock_error(sk); 1082 if (err) 1083 return err; 1084 1085 if (msg->msg_flags & MSG_OOB) 1086 return -EOPNOTSUPP; 1087 1088 if (sk->sk_state != BT_CONNECTED) 1089 return -ENOTCONN; 1090 1091 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1092 HCI_ISO_DATA_HDR_SIZE, 0); 1093 if (IS_ERR(skb)) 1094 return PTR_ERR(skb); 1095 1096 len -= skb->len; 1097 1098 BT_DBG("skb %p len %d", sk, skb->len); 1099 1100 /* Continuation fragments */ 1101 frag = &skb_shinfo(skb)->frag_list; 1102 while (len) { 1103 struct sk_buff *tmp; 1104 1105 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1106 0, 0); 1107 if (IS_ERR(tmp)) { 1108 kfree_skb(skb); 1109 return PTR_ERR(tmp); 1110 } 1111 1112 *frag = tmp; 1113 1114 len -= tmp->len; 1115 1116 skb->len += tmp->len; 1117 skb->data_len += tmp->len; 1118 1119 BT_DBG("frag %p len %d", *frag, tmp->len); 1120 1121 frag = &(*frag)->next; 1122 } 1123 1124 lock_sock(sk); 1125 1126 if (sk->sk_state == BT_CONNECTED) 1127 err = iso_send_frame(sk, skb); 1128 else 1129 err = -ENOTCONN; 1130 1131 release_sock(sk); 1132 1133 if (err < 0) 1134 kfree_skb(skb); 1135 return err; 1136 } 1137 1138 static void iso_conn_defer_accept(struct hci_conn *conn) 1139 { 1140 struct hci_cp_le_accept_cis cp; 1141 struct hci_dev *hdev = conn->hdev; 1142 1143 BT_DBG("conn %p", conn); 1144 1145 conn->state = BT_CONFIG; 1146 1147 cp.handle = cpu_to_le16(conn->handle); 1148 1149 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1150 } 1151 1152 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1153 size_t len, int flags) 1154 { 1155 struct sock *sk = sock->sk; 1156 struct iso_pinfo *pi = iso_pi(sk); 1157 1158 BT_DBG("sk %p", sk); 1159 1160 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1161 switch (sk->sk_state) { 1162 case BT_CONNECT2: 1163 lock_sock(sk); 1164 iso_conn_defer_accept(pi->conn->hcon); 1165 sk->sk_state = BT_CONFIG; 1166 release_sock(sk); 1167 return 0; 1168 case BT_CONNECT: 1169 return iso_connect_cis(sk); 1170 } 1171 } 1172 1173 return bt_sock_recvmsg(sock, msg, len, flags); 1174 } 1175 1176 static bool check_io_qos(struct bt_iso_io_qos *qos) 1177 { 1178 /* If no PHY is enable SDU must be 0 */ 1179 if (!qos->phy && qos->sdu) 1180 return false; 1181 1182 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1183 return false; 1184 1185 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1186 return false; 1187 1188 if (qos->phy > BT_ISO_PHY_ANY) 1189 return false; 1190 1191 return true; 1192 } 1193 1194 static bool check_ucast_qos(struct bt_iso_qos *qos) 1195 { 1196 if (qos->ucast.sca > 0x07) 1197 return false; 1198 1199 if (qos->ucast.packing > 0x01) 1200 return false; 1201 1202 if (qos->ucast.framing > 0x01) 1203 return false; 1204 1205 if (!check_io_qos(&qos->ucast.in)) 1206 return false; 1207 1208 if (!check_io_qos(&qos->ucast.out)) 1209 return false; 1210 1211 return true; 1212 } 1213 1214 static bool check_bcast_qos(struct bt_iso_qos *qos) 1215 { 1216 if (qos->bcast.sync_interval > 0x07) 1217 return false; 1218 1219 if (qos->bcast.packing > 0x01) 1220 return false; 1221 1222 if (qos->bcast.framing > 0x01) 1223 return false; 1224 1225 if (!check_io_qos(&qos->bcast.in)) 1226 return false; 1227 1228 if (!check_io_qos(&qos->bcast.out)) 1229 return false; 1230 1231 if (qos->bcast.encryption > 0x01) 1232 return false; 1233 1234 if (qos->bcast.options > 0x07) 1235 return false; 1236 1237 if (qos->bcast.skip > 0x01f3) 1238 return false; 1239 1240 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1241 return false; 1242 1243 if (qos->bcast.sync_cte_type > 0x1f) 1244 return false; 1245 1246 if (qos->bcast.mse > 0x1f) 1247 return false; 1248 1249 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1250 return false; 1251 1252 return true; 1253 } 1254 1255 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1256 sockptr_t optval, unsigned int optlen) 1257 { 1258 struct sock *sk = sock->sk; 1259 int len, err = 0; 1260 struct bt_iso_qos qos = default_qos; 1261 u32 opt; 1262 1263 BT_DBG("sk %p", sk); 1264 1265 lock_sock(sk); 1266 1267 switch (optname) { 1268 case BT_DEFER_SETUP: 1269 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1270 err = -EINVAL; 1271 break; 1272 } 1273 1274 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1275 err = -EFAULT; 1276 break; 1277 } 1278 1279 if (opt) 1280 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1281 else 1282 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1283 break; 1284 1285 case BT_ISO_QOS: 1286 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1287 sk->sk_state != BT_CONNECT2) { 1288 err = -EINVAL; 1289 break; 1290 } 1291 1292 len = min_t(unsigned int, sizeof(qos), optlen); 1293 1294 if (copy_from_sockptr(&qos, optval, len)) { 1295 err = -EFAULT; 1296 break; 1297 } 1298 1299 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) { 1300 err = -EINVAL; 1301 break; 1302 } 1303 1304 iso_pi(sk)->qos = qos; 1305 iso_pi(sk)->qos_user_set = true; 1306 1307 break; 1308 1309 case BT_ISO_BASE: 1310 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1311 sk->sk_state != BT_CONNECT2) { 1312 err = -EINVAL; 1313 break; 1314 } 1315 1316 if (optlen > sizeof(iso_pi(sk)->base)) { 1317 err = -EOVERFLOW; 1318 break; 1319 } 1320 1321 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1322 1323 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1324 err = -EFAULT; 1325 break; 1326 } 1327 1328 iso_pi(sk)->base_len = len; 1329 1330 break; 1331 1332 default: 1333 err = -ENOPROTOOPT; 1334 break; 1335 } 1336 1337 release_sock(sk); 1338 return err; 1339 } 1340 1341 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1342 char __user *optval, int __user *optlen) 1343 { 1344 struct sock *sk = sock->sk; 1345 int len, err = 0; 1346 struct bt_iso_qos *qos; 1347 u8 base_len; 1348 u8 *base; 1349 1350 BT_DBG("sk %p", sk); 1351 1352 if (get_user(len, optlen)) 1353 return -EFAULT; 1354 1355 lock_sock(sk); 1356 1357 switch (optname) { 1358 case BT_DEFER_SETUP: 1359 if (sk->sk_state == BT_CONNECTED) { 1360 err = -EINVAL; 1361 break; 1362 } 1363 1364 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1365 (u32 __user *)optval)) 1366 err = -EFAULT; 1367 1368 break; 1369 1370 case BT_ISO_QOS: 1371 qos = iso_sock_get_qos(sk); 1372 1373 len = min_t(unsigned int, len, sizeof(*qos)); 1374 if (copy_to_user(optval, qos, len)) 1375 err = -EFAULT; 1376 1377 break; 1378 1379 case BT_ISO_BASE: 1380 if (sk->sk_state == BT_CONNECTED) { 1381 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1382 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1383 } else { 1384 base_len = iso_pi(sk)->base_len; 1385 base = iso_pi(sk)->base; 1386 } 1387 1388 len = min_t(unsigned int, len, base_len); 1389 if (copy_to_user(optval, base, len)) 1390 err = -EFAULT; 1391 1392 break; 1393 1394 default: 1395 err = -ENOPROTOOPT; 1396 break; 1397 } 1398 1399 release_sock(sk); 1400 return err; 1401 } 1402 1403 static int iso_sock_shutdown(struct socket *sock, int how) 1404 { 1405 struct sock *sk = sock->sk; 1406 int err = 0; 1407 1408 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1409 1410 if (!sk) 1411 return 0; 1412 1413 sock_hold(sk); 1414 lock_sock(sk); 1415 1416 switch (how) { 1417 case SHUT_RD: 1418 if (sk->sk_shutdown & RCV_SHUTDOWN) 1419 goto unlock; 1420 sk->sk_shutdown |= RCV_SHUTDOWN; 1421 break; 1422 case SHUT_WR: 1423 if (sk->sk_shutdown & SEND_SHUTDOWN) 1424 goto unlock; 1425 sk->sk_shutdown |= SEND_SHUTDOWN; 1426 break; 1427 case SHUT_RDWR: 1428 if (sk->sk_shutdown & SHUTDOWN_MASK) 1429 goto unlock; 1430 sk->sk_shutdown |= SHUTDOWN_MASK; 1431 break; 1432 } 1433 1434 iso_sock_clear_timer(sk); 1435 __iso_sock_close(sk); 1436 1437 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1438 !(current->flags & PF_EXITING)) 1439 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1440 1441 unlock: 1442 release_sock(sk); 1443 sock_put(sk); 1444 1445 return err; 1446 } 1447 1448 static int iso_sock_release(struct socket *sock) 1449 { 1450 struct sock *sk = sock->sk; 1451 int err = 0; 1452 1453 BT_DBG("sock %p, sk %p", sock, sk); 1454 1455 if (!sk) 1456 return 0; 1457 1458 iso_sock_close(sk); 1459 1460 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1461 !(current->flags & PF_EXITING)) { 1462 lock_sock(sk); 1463 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1464 release_sock(sk); 1465 } 1466 1467 sock_orphan(sk); 1468 iso_sock_kill(sk); 1469 return err; 1470 } 1471 1472 static void iso_sock_ready(struct sock *sk) 1473 { 1474 BT_DBG("sk %p", sk); 1475 1476 if (!sk) 1477 return; 1478 1479 lock_sock(sk); 1480 iso_sock_clear_timer(sk); 1481 sk->sk_state = BT_CONNECTED; 1482 sk->sk_state_change(sk); 1483 release_sock(sk); 1484 } 1485 1486 struct iso_list_data { 1487 struct hci_conn *hcon; 1488 int count; 1489 }; 1490 1491 static bool iso_match_big(struct sock *sk, void *data) 1492 { 1493 struct hci_evt_le_big_sync_estabilished *ev = data; 1494 1495 return ev->handle == iso_pi(sk)->qos.bcast.big; 1496 } 1497 1498 static void iso_conn_ready(struct iso_conn *conn) 1499 { 1500 struct sock *parent; 1501 struct sock *sk = conn->sk; 1502 struct hci_ev_le_big_sync_estabilished *ev; 1503 struct hci_conn *hcon; 1504 1505 BT_DBG("conn %p", conn); 1506 1507 if (sk) { 1508 iso_sock_ready(conn->sk); 1509 } else { 1510 hcon = conn->hcon; 1511 if (!hcon) 1512 return; 1513 1514 ev = hci_recv_event_data(hcon->hdev, 1515 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1516 if (ev) 1517 parent = iso_get_sock_listen(&hcon->src, 1518 &hcon->dst, 1519 iso_match_big, ev); 1520 else 1521 parent = iso_get_sock_listen(&hcon->src, 1522 BDADDR_ANY, NULL, NULL); 1523 1524 if (!parent) 1525 return; 1526 1527 lock_sock(parent); 1528 1529 sk = iso_sock_alloc(sock_net(parent), NULL, 1530 BTPROTO_ISO, GFP_ATOMIC, 0); 1531 if (!sk) { 1532 release_sock(parent); 1533 return; 1534 } 1535 1536 iso_sock_init(sk, parent); 1537 1538 bacpy(&iso_pi(sk)->src, &hcon->src); 1539 iso_pi(sk)->src_type = hcon->src_type; 1540 1541 /* If hcon has no destination address (BDADDR_ANY) it means it 1542 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1543 * initialize using the parent socket destination address. 1544 */ 1545 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1546 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1547 hcon->dst_type = iso_pi(parent)->dst_type; 1548 hcon->sync_handle = iso_pi(parent)->sync_handle; 1549 } 1550 1551 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1552 iso_pi(sk)->dst_type = hcon->dst_type; 1553 1554 hci_conn_hold(hcon); 1555 iso_chan_add(conn, sk, parent); 1556 1557 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1558 sk->sk_state = BT_CONNECT2; 1559 else 1560 sk->sk_state = BT_CONNECTED; 1561 1562 /* Wake up parent */ 1563 parent->sk_data_ready(parent); 1564 1565 release_sock(parent); 1566 } 1567 } 1568 1569 static bool iso_match_sid(struct sock *sk, void *data) 1570 { 1571 struct hci_ev_le_pa_sync_established *ev = data; 1572 1573 return ev->sid == iso_pi(sk)->bc_sid; 1574 } 1575 1576 static bool iso_match_sync_handle(struct sock *sk, void *data) 1577 { 1578 struct hci_evt_le_big_info_adv_report *ev = data; 1579 1580 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1581 } 1582 1583 /* ----- ISO interface with lower layer (HCI) ----- */ 1584 1585 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1586 { 1587 struct hci_ev_le_pa_sync_established *ev1; 1588 struct hci_evt_le_big_info_adv_report *ev2; 1589 struct sock *sk; 1590 int lm = 0; 1591 1592 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1593 1594 /* Broadcast receiver requires handling of some events before it can 1595 * proceed to establishing a BIG sync: 1596 * 1597 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1598 * SID to listen to and once sync is estabilished its handle needs to 1599 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1600 * receiving the BIG Info. 1601 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1602 * a BIG Info it attempts to check if there any listening socket with 1603 * the same sync_handle and if it does then attempt to create a sync. 1604 */ 1605 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1606 if (ev1) { 1607 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1608 ev1); 1609 if (sk) 1610 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1611 1612 goto done; 1613 } 1614 1615 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1616 if (ev2) { 1617 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1618 iso_match_sync_handle, ev2); 1619 if (sk) { 1620 int err; 1621 1622 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1623 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1624 1625 err = hci_le_big_create_sync(hdev, 1626 &iso_pi(sk)->qos, 1627 iso_pi(sk)->sync_handle, 1628 iso_pi(sk)->bc_num_bis, 1629 iso_pi(sk)->bc_bis); 1630 if (err) { 1631 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1632 err); 1633 sk = NULL; 1634 } 1635 } 1636 } else { 1637 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1638 } 1639 1640 done: 1641 if (!sk) 1642 return lm; 1643 1644 lm |= HCI_LM_ACCEPT; 1645 1646 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1647 *flags |= HCI_PROTO_DEFER; 1648 1649 return lm; 1650 } 1651 1652 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1653 { 1654 if (hcon->type != ISO_LINK) { 1655 if (hcon->type != LE_LINK) 1656 return; 1657 1658 /* Check if LE link has failed */ 1659 if (status) { 1660 struct hci_link *link, *t; 1661 1662 list_for_each_entry_safe(link, t, &hcon->link_list, 1663 list) 1664 iso_conn_del(link->conn, bt_to_errno(status)); 1665 1666 return; 1667 } 1668 1669 /* Create CIS if pending */ 1670 hci_le_create_cis(hcon); 1671 return; 1672 } 1673 1674 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1675 1676 if (!status) { 1677 struct iso_conn *conn; 1678 1679 conn = iso_conn_add(hcon); 1680 if (conn) 1681 iso_conn_ready(conn); 1682 } else { 1683 iso_conn_del(hcon, bt_to_errno(status)); 1684 } 1685 } 1686 1687 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1688 { 1689 if (hcon->type != ISO_LINK) 1690 return; 1691 1692 BT_DBG("hcon %p reason %d", hcon, reason); 1693 1694 iso_conn_del(hcon, bt_to_errno(reason)); 1695 } 1696 1697 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1698 { 1699 struct iso_conn *conn = hcon->iso_data; 1700 __u16 pb, ts, len; 1701 1702 if (!conn) 1703 goto drop; 1704 1705 pb = hci_iso_flags_pb(flags); 1706 ts = hci_iso_flags_ts(flags); 1707 1708 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1709 1710 switch (pb) { 1711 case ISO_START: 1712 case ISO_SINGLE: 1713 if (conn->rx_len) { 1714 BT_ERR("Unexpected start frame (len %d)", skb->len); 1715 kfree_skb(conn->rx_skb); 1716 conn->rx_skb = NULL; 1717 conn->rx_len = 0; 1718 } 1719 1720 if (ts) { 1721 struct hci_iso_ts_data_hdr *hdr; 1722 1723 /* TODO: add timestamp to the packet? */ 1724 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1725 if (!hdr) { 1726 BT_ERR("Frame is too short (len %d)", skb->len); 1727 goto drop; 1728 } 1729 1730 len = __le16_to_cpu(hdr->slen); 1731 } else { 1732 struct hci_iso_data_hdr *hdr; 1733 1734 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1735 if (!hdr) { 1736 BT_ERR("Frame is too short (len %d)", skb->len); 1737 goto drop; 1738 } 1739 1740 len = __le16_to_cpu(hdr->slen); 1741 } 1742 1743 flags = hci_iso_data_flags(len); 1744 len = hci_iso_data_len(len); 1745 1746 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1747 skb->len, flags); 1748 1749 if (len == skb->len) { 1750 /* Complete frame received */ 1751 iso_recv_frame(conn, skb); 1752 return; 1753 } 1754 1755 if (pb == ISO_SINGLE) { 1756 BT_ERR("Frame malformed (len %d, expected len %d)", 1757 skb->len, len); 1758 goto drop; 1759 } 1760 1761 if (skb->len > len) { 1762 BT_ERR("Frame is too long (len %d, expected len %d)", 1763 skb->len, len); 1764 goto drop; 1765 } 1766 1767 /* Allocate skb for the complete frame (with header) */ 1768 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1769 if (!conn->rx_skb) 1770 goto drop; 1771 1772 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1773 skb->len); 1774 conn->rx_len = len - skb->len; 1775 break; 1776 1777 case ISO_CONT: 1778 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1779 conn->rx_len); 1780 1781 if (!conn->rx_len) { 1782 BT_ERR("Unexpected continuation frame (len %d)", 1783 skb->len); 1784 goto drop; 1785 } 1786 1787 if (skb->len > conn->rx_len) { 1788 BT_ERR("Fragment is too long (len %d, expected %d)", 1789 skb->len, conn->rx_len); 1790 kfree_skb(conn->rx_skb); 1791 conn->rx_skb = NULL; 1792 conn->rx_len = 0; 1793 goto drop; 1794 } 1795 1796 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1797 skb->len); 1798 conn->rx_len -= skb->len; 1799 return; 1800 1801 case ISO_END: 1802 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1803 skb->len); 1804 conn->rx_len -= skb->len; 1805 1806 if (!conn->rx_len) { 1807 struct sk_buff *rx_skb = conn->rx_skb; 1808 1809 /* Complete frame received. iso_recv_frame 1810 * takes ownership of the skb so set the global 1811 * rx_skb pointer to NULL first. 1812 */ 1813 conn->rx_skb = NULL; 1814 iso_recv_frame(conn, rx_skb); 1815 } 1816 break; 1817 } 1818 1819 drop: 1820 kfree_skb(skb); 1821 } 1822 1823 static struct hci_cb iso_cb = { 1824 .name = "ISO", 1825 .connect_cfm = iso_connect_cfm, 1826 .disconn_cfm = iso_disconn_cfm, 1827 }; 1828 1829 static int iso_debugfs_show(struct seq_file *f, void *p) 1830 { 1831 struct sock *sk; 1832 1833 read_lock(&iso_sk_list.lock); 1834 1835 sk_for_each(sk, &iso_sk_list.head) { 1836 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1837 &iso_pi(sk)->dst, sk->sk_state); 1838 } 1839 1840 read_unlock(&iso_sk_list.lock); 1841 1842 return 0; 1843 } 1844 1845 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1846 1847 static struct dentry *iso_debugfs; 1848 1849 static const struct proto_ops iso_sock_ops = { 1850 .family = PF_BLUETOOTH, 1851 .owner = THIS_MODULE, 1852 .release = iso_sock_release, 1853 .bind = iso_sock_bind, 1854 .connect = iso_sock_connect, 1855 .listen = iso_sock_listen, 1856 .accept = iso_sock_accept, 1857 .getname = iso_sock_getname, 1858 .sendmsg = iso_sock_sendmsg, 1859 .recvmsg = iso_sock_recvmsg, 1860 .poll = bt_sock_poll, 1861 .ioctl = bt_sock_ioctl, 1862 .mmap = sock_no_mmap, 1863 .socketpair = sock_no_socketpair, 1864 .shutdown = iso_sock_shutdown, 1865 .setsockopt = iso_sock_setsockopt, 1866 .getsockopt = iso_sock_getsockopt 1867 }; 1868 1869 static const struct net_proto_family iso_sock_family_ops = { 1870 .family = PF_BLUETOOTH, 1871 .owner = THIS_MODULE, 1872 .create = iso_sock_create, 1873 }; 1874 1875 static bool iso_inited; 1876 1877 bool iso_enabled(void) 1878 { 1879 return iso_inited; 1880 } 1881 1882 int iso_init(void) 1883 { 1884 int err; 1885 1886 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1887 1888 if (iso_inited) 1889 return -EALREADY; 1890 1891 err = proto_register(&iso_proto, 0); 1892 if (err < 0) 1893 return err; 1894 1895 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1896 if (err < 0) { 1897 BT_ERR("ISO socket registration failed"); 1898 goto error; 1899 } 1900 1901 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1902 if (err < 0) { 1903 BT_ERR("Failed to create ISO proc file"); 1904 bt_sock_unregister(BTPROTO_ISO); 1905 goto error; 1906 } 1907 1908 BT_INFO("ISO socket layer initialized"); 1909 1910 hci_register_cb(&iso_cb); 1911 1912 if (IS_ERR_OR_NULL(bt_debugfs)) 1913 return 0; 1914 1915 if (!iso_debugfs) { 1916 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1917 NULL, &iso_debugfs_fops); 1918 } 1919 1920 iso_inited = true; 1921 1922 return 0; 1923 1924 error: 1925 proto_unregister(&iso_proto); 1926 return err; 1927 } 1928 1929 int iso_exit(void) 1930 { 1931 if (!iso_inited) 1932 return -EALREADY; 1933 1934 bt_procfs_cleanup(&init_net, "iso"); 1935 1936 debugfs_remove(iso_debugfs); 1937 iso_debugfs = NULL; 1938 1939 hci_unregister_cb(&iso_cb); 1940 1941 bt_sock_unregister(BTPROTO_ISO); 1942 1943 proto_unregister(&iso_proto); 1944 1945 iso_inited = false; 1946 1947 return 0; 1948 } 1949