1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static void sco_sock_timeout(struct work_struct *work) 80 { 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 if (!conn->hcon) { 87 sco_conn_unlock(conn); 88 return; 89 } 90 sk = conn->sk; 91 if (sk) 92 sock_hold(sk); 93 sco_conn_unlock(conn); 94 95 if (!sk) 96 return; 97 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 100 lock_sock(sk); 101 sk->sk_err = ETIMEDOUT; 102 sk->sk_state_change(sk); 103 release_sock(sk); 104 sock_put(sk); 105 } 106 107 static void sco_sock_set_timer(struct sock *sk, long timeout) 108 { 109 if (!sco_pi(sk)->conn) 110 return; 111 112 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 113 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 114 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 115 } 116 117 static void sco_sock_clear_timer(struct sock *sk) 118 { 119 if (!sco_pi(sk)->conn) 120 return; 121 122 BT_DBG("sock %p state %d", sk, sk->sk_state); 123 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 124 } 125 126 /* ---- SCO connections ---- */ 127 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 128 { 129 struct sco_conn *conn = hcon->sco_data; 130 131 if (conn) { 132 if (!conn->hcon) 133 conn->hcon = hcon; 134 return conn; 135 } 136 137 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 138 if (!conn) 139 return NULL; 140 141 spin_lock_init(&conn->lock); 142 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 143 144 hcon->sco_data = conn; 145 conn->hcon = hcon; 146 conn->mtu = hcon->mtu; 147 148 if (hcon->mtu > 0) 149 conn->mtu = hcon->mtu; 150 else 151 conn->mtu = 60; 152 153 BT_DBG("hcon %p conn %p", hcon, conn); 154 155 return conn; 156 } 157 158 /* Delete channel. 159 * Must be called on the locked socket. */ 160 static void sco_chan_del(struct sock *sk, int err) 161 { 162 struct sco_conn *conn; 163 164 conn = sco_pi(sk)->conn; 165 166 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 167 168 if (conn) { 169 sco_conn_lock(conn); 170 conn->sk = NULL; 171 sco_pi(sk)->conn = NULL; 172 sco_conn_unlock(conn); 173 174 if (conn->hcon) 175 hci_conn_drop(conn->hcon); 176 } 177 178 sk->sk_state = BT_CLOSED; 179 sk->sk_err = err; 180 sk->sk_state_change(sk); 181 182 sock_set_flag(sk, SOCK_ZAPPED); 183 } 184 185 static void sco_conn_del(struct hci_conn *hcon, int err) 186 { 187 struct sco_conn *conn = hcon->sco_data; 188 struct sock *sk; 189 190 if (!conn) 191 return; 192 193 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 194 195 /* Kill socket */ 196 sco_conn_lock(conn); 197 sk = conn->sk; 198 if (sk) 199 sock_hold(sk); 200 sco_conn_unlock(conn); 201 202 if (sk) { 203 lock_sock(sk); 204 sco_sock_clear_timer(sk); 205 sco_chan_del(sk, err); 206 release_sock(sk); 207 sock_put(sk); 208 } 209 210 /* Ensure no more work items will run before freeing conn. */ 211 cancel_delayed_work_sync(&conn->timeout_work); 212 213 hcon->sco_data = NULL; 214 kfree(conn); 215 } 216 217 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 218 struct sock *parent) 219 { 220 BT_DBG("conn %p", conn); 221 222 sco_pi(sk)->conn = conn; 223 conn->sk = sk; 224 225 if (parent) 226 bt_accept_enqueue(parent, sk, true); 227 } 228 229 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 230 struct sock *parent) 231 { 232 int err = 0; 233 234 sco_conn_lock(conn); 235 if (conn->sk) 236 err = -EBUSY; 237 else 238 __sco_chan_add(conn, sk, parent); 239 240 sco_conn_unlock(conn); 241 return err; 242 } 243 244 static int sco_connect(struct sock *sk) 245 { 246 struct sco_conn *conn; 247 struct hci_conn *hcon; 248 struct hci_dev *hdev; 249 int err, type; 250 251 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 252 253 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 254 if (!hdev) 255 return -EHOSTUNREACH; 256 257 hci_dev_lock(hdev); 258 259 if (lmp_esco_capable(hdev) && !disable_esco) 260 type = ESCO_LINK; 261 else 262 type = SCO_LINK; 263 264 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 265 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 266 err = -EOPNOTSUPP; 267 goto unlock; 268 } 269 270 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 271 sco_pi(sk)->setting, &sco_pi(sk)->codec); 272 if (IS_ERR(hcon)) { 273 err = PTR_ERR(hcon); 274 goto unlock; 275 } 276 277 conn = sco_conn_add(hcon); 278 if (!conn) { 279 hci_conn_drop(hcon); 280 err = -ENOMEM; 281 goto unlock; 282 } 283 284 lock_sock(sk); 285 286 err = sco_chan_add(conn, sk, NULL); 287 if (err) { 288 release_sock(sk); 289 goto unlock; 290 } 291 292 /* Update source addr of the socket */ 293 bacpy(&sco_pi(sk)->src, &hcon->src); 294 295 if (hcon->state == BT_CONNECTED) { 296 sco_sock_clear_timer(sk); 297 sk->sk_state = BT_CONNECTED; 298 } else { 299 sk->sk_state = BT_CONNECT; 300 sco_sock_set_timer(sk, sk->sk_sndtimeo); 301 } 302 303 release_sock(sk); 304 305 unlock: 306 hci_dev_unlock(hdev); 307 hci_dev_put(hdev); 308 return err; 309 } 310 311 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 312 { 313 struct sco_conn *conn = sco_pi(sk)->conn; 314 int len = skb->len; 315 316 /* Check outgoing MTU */ 317 if (len > conn->mtu) 318 return -EINVAL; 319 320 BT_DBG("sk %p len %d", sk, len); 321 322 hci_send_sco(conn->hcon, skb); 323 324 return len; 325 } 326 327 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 328 { 329 struct sock *sk; 330 331 sco_conn_lock(conn); 332 sk = conn->sk; 333 sco_conn_unlock(conn); 334 335 if (!sk) 336 goto drop; 337 338 BT_DBG("sk %p len %u", sk, skb->len); 339 340 if (sk->sk_state != BT_CONNECTED) 341 goto drop; 342 343 if (!sock_queue_rcv_skb(sk, skb)) 344 return; 345 346 drop: 347 kfree_skb(skb); 348 } 349 350 /* -------- Socket interface ---------- */ 351 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 352 { 353 struct sock *sk; 354 355 sk_for_each(sk, &sco_sk_list.head) { 356 if (sk->sk_state != BT_LISTEN) 357 continue; 358 359 if (!bacmp(&sco_pi(sk)->src, ba)) 360 return sk; 361 } 362 363 return NULL; 364 } 365 366 /* Find socket listening on source bdaddr. 367 * Returns closest match. 368 */ 369 static struct sock *sco_get_sock_listen(bdaddr_t *src) 370 { 371 struct sock *sk = NULL, *sk1 = NULL; 372 373 read_lock(&sco_sk_list.lock); 374 375 sk_for_each(sk, &sco_sk_list.head) { 376 if (sk->sk_state != BT_LISTEN) 377 continue; 378 379 /* Exact match. */ 380 if (!bacmp(&sco_pi(sk)->src, src)) 381 break; 382 383 /* Closest match */ 384 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 385 sk1 = sk; 386 } 387 388 read_unlock(&sco_sk_list.lock); 389 390 return sk ? sk : sk1; 391 } 392 393 static void sco_sock_destruct(struct sock *sk) 394 { 395 BT_DBG("sk %p", sk); 396 397 skb_queue_purge(&sk->sk_receive_queue); 398 skb_queue_purge(&sk->sk_write_queue); 399 } 400 401 static void sco_sock_cleanup_listen(struct sock *parent) 402 { 403 struct sock *sk; 404 405 BT_DBG("parent %p", parent); 406 407 /* Close not yet accepted channels */ 408 while ((sk = bt_accept_dequeue(parent, NULL))) { 409 sco_sock_close(sk); 410 sco_sock_kill(sk); 411 } 412 413 parent->sk_state = BT_CLOSED; 414 sock_set_flag(parent, SOCK_ZAPPED); 415 } 416 417 /* Kill socket (only if zapped and orphan) 418 * Must be called on unlocked socket. 419 */ 420 static void sco_sock_kill(struct sock *sk) 421 { 422 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 423 return; 424 425 BT_DBG("sk %p state %d", sk, sk->sk_state); 426 427 /* Kill poor orphan */ 428 bt_sock_unlink(&sco_sk_list, sk); 429 sock_set_flag(sk, SOCK_DEAD); 430 sock_put(sk); 431 } 432 433 static void __sco_sock_close(struct sock *sk) 434 { 435 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 436 437 switch (sk->sk_state) { 438 case BT_LISTEN: 439 sco_sock_cleanup_listen(sk); 440 break; 441 442 case BT_CONNECTED: 443 case BT_CONFIG: 444 if (sco_pi(sk)->conn->hcon) { 445 sk->sk_state = BT_DISCONN; 446 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 447 sco_conn_lock(sco_pi(sk)->conn); 448 hci_conn_drop(sco_pi(sk)->conn->hcon); 449 sco_pi(sk)->conn->hcon = NULL; 450 sco_conn_unlock(sco_pi(sk)->conn); 451 } else 452 sco_chan_del(sk, ECONNRESET); 453 break; 454 455 case BT_CONNECT2: 456 case BT_CONNECT: 457 case BT_DISCONN: 458 sco_chan_del(sk, ECONNRESET); 459 break; 460 461 default: 462 sock_set_flag(sk, SOCK_ZAPPED); 463 break; 464 } 465 466 } 467 468 /* Must be called on unlocked socket. */ 469 static void sco_sock_close(struct sock *sk) 470 { 471 lock_sock(sk); 472 sco_sock_clear_timer(sk); 473 __sco_sock_close(sk); 474 release_sock(sk); 475 } 476 477 static void sco_sock_init(struct sock *sk, struct sock *parent) 478 { 479 BT_DBG("sk %p", sk); 480 481 if (parent) { 482 sk->sk_type = parent->sk_type; 483 bt_sk(sk)->flags = bt_sk(parent)->flags; 484 security_sk_clone(parent, sk); 485 } 486 } 487 488 static struct proto sco_proto = { 489 .name = "SCO", 490 .owner = THIS_MODULE, 491 .obj_size = sizeof(struct sco_pinfo) 492 }; 493 494 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 495 int proto, gfp_t prio, int kern) 496 { 497 struct sock *sk; 498 499 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 500 if (!sk) 501 return NULL; 502 503 sk->sk_destruct = sco_sock_destruct; 504 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 505 506 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 507 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 508 sco_pi(sk)->codec.cid = 0xffff; 509 sco_pi(sk)->codec.vid = 0xffff; 510 sco_pi(sk)->codec.data_path = 0x00; 511 512 bt_sock_link(&sco_sk_list, sk); 513 return sk; 514 } 515 516 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 517 int kern) 518 { 519 struct sock *sk; 520 521 BT_DBG("sock %p", sock); 522 523 sock->state = SS_UNCONNECTED; 524 525 if (sock->type != SOCK_SEQPACKET) 526 return -ESOCKTNOSUPPORT; 527 528 sock->ops = &sco_sock_ops; 529 530 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 531 if (!sk) 532 return -ENOMEM; 533 534 sco_sock_init(sk, NULL); 535 return 0; 536 } 537 538 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 539 int addr_len) 540 { 541 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 542 struct sock *sk = sock->sk; 543 int err = 0; 544 545 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 546 addr->sa_family != AF_BLUETOOTH) 547 return -EINVAL; 548 549 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 550 551 lock_sock(sk); 552 553 if (sk->sk_state != BT_OPEN) { 554 err = -EBADFD; 555 goto done; 556 } 557 558 if (sk->sk_type != SOCK_SEQPACKET) { 559 err = -EINVAL; 560 goto done; 561 } 562 563 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 564 565 sk->sk_state = BT_BOUND; 566 567 done: 568 release_sock(sk); 569 return err; 570 } 571 572 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 573 { 574 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 575 struct sock *sk = sock->sk; 576 int err; 577 578 BT_DBG("sk %p", sk); 579 580 if (alen < sizeof(struct sockaddr_sco) || 581 addr->sa_family != AF_BLUETOOTH) 582 return -EINVAL; 583 584 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 585 return -EBADFD; 586 587 if (sk->sk_type != SOCK_SEQPACKET) 588 err = -EINVAL; 589 590 lock_sock(sk); 591 /* Set destination address and psm */ 592 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 593 release_sock(sk); 594 595 err = sco_connect(sk); 596 if (err) 597 return err; 598 599 lock_sock(sk); 600 601 err = bt_sock_wait_state(sk, BT_CONNECTED, 602 sock_sndtimeo(sk, flags & O_NONBLOCK)); 603 604 release_sock(sk); 605 return err; 606 } 607 608 static int sco_sock_listen(struct socket *sock, int backlog) 609 { 610 struct sock *sk = sock->sk; 611 bdaddr_t *src = &sco_pi(sk)->src; 612 int err = 0; 613 614 BT_DBG("sk %p backlog %d", sk, backlog); 615 616 lock_sock(sk); 617 618 if (sk->sk_state != BT_BOUND) { 619 err = -EBADFD; 620 goto done; 621 } 622 623 if (sk->sk_type != SOCK_SEQPACKET) { 624 err = -EINVAL; 625 goto done; 626 } 627 628 write_lock(&sco_sk_list.lock); 629 630 if (__sco_get_sock_listen_by_addr(src)) { 631 err = -EADDRINUSE; 632 goto unlock; 633 } 634 635 sk->sk_max_ack_backlog = backlog; 636 sk->sk_ack_backlog = 0; 637 638 sk->sk_state = BT_LISTEN; 639 640 unlock: 641 write_unlock(&sco_sk_list.lock); 642 643 done: 644 release_sock(sk); 645 return err; 646 } 647 648 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 649 int flags, bool kern) 650 { 651 DEFINE_WAIT_FUNC(wait, woken_wake_function); 652 struct sock *sk = sock->sk, *ch; 653 long timeo; 654 int err = 0; 655 656 lock_sock(sk); 657 658 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 659 660 BT_DBG("sk %p timeo %ld", sk, timeo); 661 662 /* Wait for an incoming connection. (wake-one). */ 663 add_wait_queue_exclusive(sk_sleep(sk), &wait); 664 while (1) { 665 if (sk->sk_state != BT_LISTEN) { 666 err = -EBADFD; 667 break; 668 } 669 670 ch = bt_accept_dequeue(sk, newsock); 671 if (ch) 672 break; 673 674 if (!timeo) { 675 err = -EAGAIN; 676 break; 677 } 678 679 if (signal_pending(current)) { 680 err = sock_intr_errno(timeo); 681 break; 682 } 683 684 release_sock(sk); 685 686 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 687 lock_sock(sk); 688 } 689 remove_wait_queue(sk_sleep(sk), &wait); 690 691 if (err) 692 goto done; 693 694 newsock->state = SS_CONNECTED; 695 696 BT_DBG("new socket %p", ch); 697 698 done: 699 release_sock(sk); 700 return err; 701 } 702 703 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 704 int peer) 705 { 706 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 707 struct sock *sk = sock->sk; 708 709 BT_DBG("sock %p, sk %p", sock, sk); 710 711 addr->sa_family = AF_BLUETOOTH; 712 713 if (peer) 714 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 715 else 716 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 717 718 return sizeof(struct sockaddr_sco); 719 } 720 721 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 722 size_t len) 723 { 724 struct sock *sk = sock->sk; 725 struct sk_buff *skb; 726 int err; 727 728 BT_DBG("sock %p, sk %p", sock, sk); 729 730 err = sock_error(sk); 731 if (err) 732 return err; 733 734 if (msg->msg_flags & MSG_OOB) 735 return -EOPNOTSUPP; 736 737 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 738 if (IS_ERR(skb)) 739 return PTR_ERR(skb); 740 741 lock_sock(sk); 742 743 if (sk->sk_state == BT_CONNECTED) 744 err = sco_send_frame(sk, skb); 745 else 746 err = -ENOTCONN; 747 748 release_sock(sk); 749 750 if (err < 0) 751 kfree_skb(skb); 752 return err; 753 } 754 755 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 756 { 757 struct hci_dev *hdev = conn->hdev; 758 759 BT_DBG("conn %p", conn); 760 761 conn->state = BT_CONFIG; 762 763 if (!lmp_esco_capable(hdev)) { 764 struct hci_cp_accept_conn_req cp; 765 766 bacpy(&cp.bdaddr, &conn->dst); 767 cp.role = 0x00; /* Ignored */ 768 769 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 770 } else { 771 struct hci_cp_accept_sync_conn_req cp; 772 773 bacpy(&cp.bdaddr, &conn->dst); 774 cp.pkt_type = cpu_to_le16(conn->pkt_type); 775 776 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 777 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 778 cp.content_format = cpu_to_le16(setting); 779 780 switch (setting & SCO_AIRMODE_MASK) { 781 case SCO_AIRMODE_TRANSP: 782 if (conn->pkt_type & ESCO_2EV3) 783 cp.max_latency = cpu_to_le16(0x0008); 784 else 785 cp.max_latency = cpu_to_le16(0x000D); 786 cp.retrans_effort = 0x02; 787 break; 788 case SCO_AIRMODE_CVSD: 789 cp.max_latency = cpu_to_le16(0xffff); 790 cp.retrans_effort = 0xff; 791 break; 792 default: 793 /* use CVSD settings as fallback */ 794 cp.max_latency = cpu_to_le16(0xffff); 795 cp.retrans_effort = 0xff; 796 break; 797 } 798 799 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 800 sizeof(cp), &cp); 801 } 802 } 803 804 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 805 size_t len, int flags) 806 { 807 struct sock *sk = sock->sk; 808 struct sco_pinfo *pi = sco_pi(sk); 809 810 lock_sock(sk); 811 812 if (sk->sk_state == BT_CONNECT2 && 813 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 814 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 815 sk->sk_state = BT_CONFIG; 816 817 release_sock(sk); 818 return 0; 819 } 820 821 release_sock(sk); 822 823 return bt_sock_recvmsg(sock, msg, len, flags); 824 } 825 826 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 827 sockptr_t optval, unsigned int optlen) 828 { 829 struct sock *sk = sock->sk; 830 int err = 0; 831 struct bt_voice voice; 832 u32 opt; 833 struct bt_codecs *codecs; 834 struct hci_dev *hdev; 835 __u8 buffer[255]; 836 837 BT_DBG("sk %p", sk); 838 839 lock_sock(sk); 840 841 switch (optname) { 842 843 case BT_DEFER_SETUP: 844 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 845 err = -EINVAL; 846 break; 847 } 848 849 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 850 if (err) 851 break; 852 853 if (opt) 854 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 855 else 856 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 857 break; 858 859 case BT_VOICE: 860 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 861 sk->sk_state != BT_CONNECT2) { 862 err = -EINVAL; 863 break; 864 } 865 866 voice.setting = sco_pi(sk)->setting; 867 868 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 869 optlen); 870 if (err) 871 break; 872 873 /* Explicitly check for these values */ 874 if (voice.setting != BT_VOICE_TRANSPARENT && 875 voice.setting != BT_VOICE_CVSD_16BIT) { 876 err = -EINVAL; 877 break; 878 } 879 880 sco_pi(sk)->setting = voice.setting; 881 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 882 BDADDR_BREDR); 883 if (!hdev) { 884 err = -EBADFD; 885 break; 886 } 887 if (enhanced_sync_conn_capable(hdev) && 888 voice.setting == BT_VOICE_TRANSPARENT) 889 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 890 hci_dev_put(hdev); 891 break; 892 893 case BT_PKT_STATUS: 894 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 895 if (err) 896 break; 897 898 if (opt) 899 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 900 else 901 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 902 break; 903 904 case BT_CODEC: 905 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 906 sk->sk_state != BT_CONNECT2) { 907 err = -EINVAL; 908 break; 909 } 910 911 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 912 BDADDR_BREDR); 913 if (!hdev) { 914 err = -EBADFD; 915 break; 916 } 917 918 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 919 hci_dev_put(hdev); 920 err = -EOPNOTSUPP; 921 break; 922 } 923 924 if (!hdev->get_data_path_id) { 925 hci_dev_put(hdev); 926 err = -EOPNOTSUPP; 927 break; 928 } 929 930 if (optlen < sizeof(struct bt_codecs) || 931 optlen > sizeof(buffer)) { 932 hci_dev_put(hdev); 933 err = -EINVAL; 934 break; 935 } 936 937 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 938 if (err) { 939 hci_dev_put(hdev); 940 break; 941 } 942 943 codecs = (void *)buffer; 944 945 if (codecs->num_codecs > 1) { 946 hci_dev_put(hdev); 947 err = -EINVAL; 948 break; 949 } 950 951 sco_pi(sk)->codec = codecs->codecs[0]; 952 hci_dev_put(hdev); 953 break; 954 955 default: 956 err = -ENOPROTOOPT; 957 break; 958 } 959 960 release_sock(sk); 961 return err; 962 } 963 964 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 965 char __user *optval, int __user *optlen) 966 { 967 struct sock *sk = sock->sk; 968 struct sco_options opts; 969 struct sco_conninfo cinfo; 970 int err = 0; 971 size_t len; 972 973 BT_DBG("sk %p", sk); 974 975 if (get_user(len, optlen)) 976 return -EFAULT; 977 978 lock_sock(sk); 979 980 switch (optname) { 981 case SCO_OPTIONS: 982 if (sk->sk_state != BT_CONNECTED && 983 !(sk->sk_state == BT_CONNECT2 && 984 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 985 err = -ENOTCONN; 986 break; 987 } 988 989 opts.mtu = sco_pi(sk)->conn->mtu; 990 991 BT_DBG("mtu %u", opts.mtu); 992 993 len = min(len, sizeof(opts)); 994 if (copy_to_user(optval, (char *)&opts, len)) 995 err = -EFAULT; 996 997 break; 998 999 case SCO_CONNINFO: 1000 if (sk->sk_state != BT_CONNECTED && 1001 !(sk->sk_state == BT_CONNECT2 && 1002 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1003 err = -ENOTCONN; 1004 break; 1005 } 1006 1007 memset(&cinfo, 0, sizeof(cinfo)); 1008 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1009 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1010 1011 len = min(len, sizeof(cinfo)); 1012 if (copy_to_user(optval, (char *)&cinfo, len)) 1013 err = -EFAULT; 1014 1015 break; 1016 1017 default: 1018 err = -ENOPROTOOPT; 1019 break; 1020 } 1021 1022 release_sock(sk); 1023 return err; 1024 } 1025 1026 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1027 char __user *optval, int __user *optlen) 1028 { 1029 struct sock *sk = sock->sk; 1030 int len, err = 0; 1031 struct bt_voice voice; 1032 u32 phys; 1033 int buf_len; 1034 struct codec_list *c; 1035 u8 num_codecs, i, __user *ptr; 1036 struct hci_dev *hdev; 1037 struct hci_codec_caps *caps; 1038 struct bt_codec codec; 1039 1040 BT_DBG("sk %p", sk); 1041 1042 if (level == SOL_SCO) 1043 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1044 1045 if (get_user(len, optlen)) 1046 return -EFAULT; 1047 1048 lock_sock(sk); 1049 1050 switch (optname) { 1051 1052 case BT_DEFER_SETUP: 1053 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1054 err = -EINVAL; 1055 break; 1056 } 1057 1058 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1059 (u32 __user *)optval)) 1060 err = -EFAULT; 1061 1062 break; 1063 1064 case BT_VOICE: 1065 voice.setting = sco_pi(sk)->setting; 1066 1067 len = min_t(unsigned int, len, sizeof(voice)); 1068 if (copy_to_user(optval, (char *)&voice, len)) 1069 err = -EFAULT; 1070 1071 break; 1072 1073 case BT_PHY: 1074 if (sk->sk_state != BT_CONNECTED) { 1075 err = -ENOTCONN; 1076 break; 1077 } 1078 1079 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1080 1081 if (put_user(phys, (u32 __user *) optval)) 1082 err = -EFAULT; 1083 break; 1084 1085 case BT_PKT_STATUS: 1086 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1087 (int __user *)optval)) 1088 err = -EFAULT; 1089 break; 1090 1091 case BT_SNDMTU: 1092 case BT_RCVMTU: 1093 if (sk->sk_state != BT_CONNECTED) { 1094 err = -ENOTCONN; 1095 break; 1096 } 1097 1098 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1099 err = -EFAULT; 1100 break; 1101 1102 case BT_CODEC: 1103 num_codecs = 0; 1104 buf_len = 0; 1105 1106 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1107 if (!hdev) { 1108 err = -EBADFD; 1109 break; 1110 } 1111 1112 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1113 hci_dev_put(hdev); 1114 err = -EOPNOTSUPP; 1115 break; 1116 } 1117 1118 if (!hdev->get_data_path_id) { 1119 hci_dev_put(hdev); 1120 err = -EOPNOTSUPP; 1121 break; 1122 } 1123 1124 release_sock(sk); 1125 1126 /* find total buffer size required to copy codec + caps */ 1127 hci_dev_lock(hdev); 1128 list_for_each_entry(c, &hdev->local_codecs, list) { 1129 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1130 continue; 1131 num_codecs++; 1132 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1133 buf_len += 1 + caps->len; 1134 caps = (void *)&caps->data[caps->len]; 1135 } 1136 buf_len += sizeof(struct bt_codec); 1137 } 1138 hci_dev_unlock(hdev); 1139 1140 buf_len += sizeof(struct bt_codecs); 1141 if (buf_len > len) { 1142 hci_dev_put(hdev); 1143 return -ENOBUFS; 1144 } 1145 ptr = optval; 1146 1147 if (put_user(num_codecs, ptr)) { 1148 hci_dev_put(hdev); 1149 return -EFAULT; 1150 } 1151 ptr += sizeof(num_codecs); 1152 1153 /* Iterate all the codecs supported over SCO and populate 1154 * codec data 1155 */ 1156 hci_dev_lock(hdev); 1157 list_for_each_entry(c, &hdev->local_codecs, list) { 1158 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1159 continue; 1160 1161 codec.id = c->id; 1162 codec.cid = c->cid; 1163 codec.vid = c->vid; 1164 err = hdev->get_data_path_id(hdev, &codec.data_path); 1165 if (err < 0) 1166 break; 1167 codec.num_caps = c->num_caps; 1168 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1169 err = -EFAULT; 1170 break; 1171 } 1172 ptr += sizeof(codec); 1173 1174 /* find codec capabilities data length */ 1175 len = 0; 1176 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1177 len += 1 + caps->len; 1178 caps = (void *)&caps->data[caps->len]; 1179 } 1180 1181 /* copy codec capabilities data */ 1182 if (len && copy_to_user(ptr, c->caps, len)) { 1183 err = -EFAULT; 1184 break; 1185 } 1186 ptr += len; 1187 } 1188 1189 hci_dev_unlock(hdev); 1190 hci_dev_put(hdev); 1191 1192 lock_sock(sk); 1193 1194 if (!err && put_user(buf_len, optlen)) 1195 err = -EFAULT; 1196 1197 break; 1198 1199 default: 1200 err = -ENOPROTOOPT; 1201 break; 1202 } 1203 1204 release_sock(sk); 1205 return err; 1206 } 1207 1208 static int sco_sock_shutdown(struct socket *sock, int how) 1209 { 1210 struct sock *sk = sock->sk; 1211 int err = 0; 1212 1213 BT_DBG("sock %p, sk %p", sock, sk); 1214 1215 if (!sk) 1216 return 0; 1217 1218 sock_hold(sk); 1219 lock_sock(sk); 1220 1221 if (!sk->sk_shutdown) { 1222 sk->sk_shutdown = SHUTDOWN_MASK; 1223 sco_sock_clear_timer(sk); 1224 __sco_sock_close(sk); 1225 1226 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1227 !(current->flags & PF_EXITING)) 1228 err = bt_sock_wait_state(sk, BT_CLOSED, 1229 sk->sk_lingertime); 1230 } 1231 1232 release_sock(sk); 1233 sock_put(sk); 1234 1235 return err; 1236 } 1237 1238 static int sco_sock_release(struct socket *sock) 1239 { 1240 struct sock *sk = sock->sk; 1241 int err = 0; 1242 1243 BT_DBG("sock %p, sk %p", sock, sk); 1244 1245 if (!sk) 1246 return 0; 1247 1248 sco_sock_close(sk); 1249 1250 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1251 !(current->flags & PF_EXITING)) { 1252 lock_sock(sk); 1253 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1254 release_sock(sk); 1255 } 1256 1257 sock_orphan(sk); 1258 sco_sock_kill(sk); 1259 return err; 1260 } 1261 1262 static void sco_conn_ready(struct sco_conn *conn) 1263 { 1264 struct sock *parent; 1265 struct sock *sk = conn->sk; 1266 1267 BT_DBG("conn %p", conn); 1268 1269 if (sk) { 1270 lock_sock(sk); 1271 sco_sock_clear_timer(sk); 1272 sk->sk_state = BT_CONNECTED; 1273 sk->sk_state_change(sk); 1274 release_sock(sk); 1275 } else { 1276 sco_conn_lock(conn); 1277 1278 if (!conn->hcon) { 1279 sco_conn_unlock(conn); 1280 return; 1281 } 1282 1283 parent = sco_get_sock_listen(&conn->hcon->src); 1284 if (!parent) { 1285 sco_conn_unlock(conn); 1286 return; 1287 } 1288 1289 lock_sock(parent); 1290 1291 sk = sco_sock_alloc(sock_net(parent), NULL, 1292 BTPROTO_SCO, GFP_ATOMIC, 0); 1293 if (!sk) { 1294 release_sock(parent); 1295 sco_conn_unlock(conn); 1296 return; 1297 } 1298 1299 sco_sock_init(sk, parent); 1300 1301 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1302 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1303 1304 hci_conn_hold(conn->hcon); 1305 __sco_chan_add(conn, sk, parent); 1306 1307 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1308 sk->sk_state = BT_CONNECT2; 1309 else 1310 sk->sk_state = BT_CONNECTED; 1311 1312 /* Wake up parent */ 1313 parent->sk_data_ready(parent); 1314 1315 release_sock(parent); 1316 1317 sco_conn_unlock(conn); 1318 } 1319 } 1320 1321 /* ----- SCO interface with lower layer (HCI) ----- */ 1322 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1323 { 1324 struct sock *sk; 1325 int lm = 0; 1326 1327 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1328 1329 /* Find listening sockets */ 1330 read_lock(&sco_sk_list.lock); 1331 sk_for_each(sk, &sco_sk_list.head) { 1332 if (sk->sk_state != BT_LISTEN) 1333 continue; 1334 1335 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1336 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1337 lm |= HCI_LM_ACCEPT; 1338 1339 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1340 *flags |= HCI_PROTO_DEFER; 1341 break; 1342 } 1343 } 1344 read_unlock(&sco_sk_list.lock); 1345 1346 return lm; 1347 } 1348 1349 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1350 { 1351 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1352 return; 1353 1354 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1355 1356 if (!status) { 1357 struct sco_conn *conn; 1358 1359 conn = sco_conn_add(hcon); 1360 if (conn) 1361 sco_conn_ready(conn); 1362 } else 1363 sco_conn_del(hcon, bt_to_errno(status)); 1364 } 1365 1366 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1367 { 1368 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1369 return; 1370 1371 BT_DBG("hcon %p reason %d", hcon, reason); 1372 1373 sco_conn_del(hcon, bt_to_errno(reason)); 1374 } 1375 1376 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1377 { 1378 struct sco_conn *conn = hcon->sco_data; 1379 1380 if (!conn) 1381 goto drop; 1382 1383 BT_DBG("conn %p len %u", conn, skb->len); 1384 1385 if (skb->len) { 1386 sco_recv_frame(conn, skb); 1387 return; 1388 } 1389 1390 drop: 1391 kfree_skb(skb); 1392 } 1393 1394 static struct hci_cb sco_cb = { 1395 .name = "SCO", 1396 .connect_cfm = sco_connect_cfm, 1397 .disconn_cfm = sco_disconn_cfm, 1398 }; 1399 1400 static int sco_debugfs_show(struct seq_file *f, void *p) 1401 { 1402 struct sock *sk; 1403 1404 read_lock(&sco_sk_list.lock); 1405 1406 sk_for_each(sk, &sco_sk_list.head) { 1407 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1408 &sco_pi(sk)->dst, sk->sk_state); 1409 } 1410 1411 read_unlock(&sco_sk_list.lock); 1412 1413 return 0; 1414 } 1415 1416 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1417 1418 static struct dentry *sco_debugfs; 1419 1420 static const struct proto_ops sco_sock_ops = { 1421 .family = PF_BLUETOOTH, 1422 .owner = THIS_MODULE, 1423 .release = sco_sock_release, 1424 .bind = sco_sock_bind, 1425 .connect = sco_sock_connect, 1426 .listen = sco_sock_listen, 1427 .accept = sco_sock_accept, 1428 .getname = sco_sock_getname, 1429 .sendmsg = sco_sock_sendmsg, 1430 .recvmsg = sco_sock_recvmsg, 1431 .poll = bt_sock_poll, 1432 .ioctl = bt_sock_ioctl, 1433 .gettstamp = sock_gettstamp, 1434 .mmap = sock_no_mmap, 1435 .socketpair = sock_no_socketpair, 1436 .shutdown = sco_sock_shutdown, 1437 .setsockopt = sco_sock_setsockopt, 1438 .getsockopt = sco_sock_getsockopt 1439 }; 1440 1441 static const struct net_proto_family sco_sock_family_ops = { 1442 .family = PF_BLUETOOTH, 1443 .owner = THIS_MODULE, 1444 .create = sco_sock_create, 1445 }; 1446 1447 int __init sco_init(void) 1448 { 1449 int err; 1450 1451 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1452 1453 err = proto_register(&sco_proto, 0); 1454 if (err < 0) 1455 return err; 1456 1457 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1458 if (err < 0) { 1459 BT_ERR("SCO socket registration failed"); 1460 goto error; 1461 } 1462 1463 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1464 if (err < 0) { 1465 BT_ERR("Failed to create SCO proc file"); 1466 bt_sock_unregister(BTPROTO_SCO); 1467 goto error; 1468 } 1469 1470 BT_INFO("SCO socket layer initialized"); 1471 1472 hci_register_cb(&sco_cb); 1473 1474 if (IS_ERR_OR_NULL(bt_debugfs)) 1475 return 0; 1476 1477 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1478 NULL, &sco_debugfs_fops); 1479 1480 return 0; 1481 1482 error: 1483 proto_unregister(&sco_proto); 1484 return err; 1485 } 1486 1487 void sco_exit(void) 1488 { 1489 bt_procfs_cleanup(&init_net, "sco"); 1490 1491 debugfs_remove(sco_debugfs); 1492 1493 hci_unregister_cb(&sco_cb); 1494 1495 bt_sock_unregister(BTPROTO_SCO); 1496 1497 proto_unregister(&sco_proto); 1498 } 1499 1500 module_param(disable_esco, bool, 0644); 1501 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1502