1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static struct sock *sco_sock_hold(struct sco_conn *conn) 80 { 81 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 82 return NULL; 83 84 sock_hold(conn->sk); 85 86 return conn->sk; 87 } 88 89 static void sco_sock_timeout(struct work_struct *work) 90 { 91 struct sco_conn *conn = container_of(work, struct sco_conn, 92 timeout_work.work); 93 struct sock *sk; 94 95 sco_conn_lock(conn); 96 if (!conn->hcon) { 97 sco_conn_unlock(conn); 98 return; 99 } 100 sk = sco_sock_hold(conn); 101 sco_conn_unlock(conn); 102 103 if (!sk) 104 return; 105 106 BT_DBG("sock %p state %d", sk, sk->sk_state); 107 108 lock_sock(sk); 109 sk->sk_err = ETIMEDOUT; 110 sk->sk_state_change(sk); 111 release_sock(sk); 112 sock_put(sk); 113 } 114 115 static void sco_sock_set_timer(struct sock *sk, long timeout) 116 { 117 if (!sco_pi(sk)->conn) 118 return; 119 120 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 121 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 122 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 123 } 124 125 static void sco_sock_clear_timer(struct sock *sk) 126 { 127 if (!sco_pi(sk)->conn) 128 return; 129 130 BT_DBG("sock %p state %d", sk, sk->sk_state); 131 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 132 } 133 134 /* ---- SCO connections ---- */ 135 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 136 { 137 struct sco_conn *conn = hcon->sco_data; 138 139 if (conn) { 140 if (!conn->hcon) 141 conn->hcon = hcon; 142 return conn; 143 } 144 145 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 146 if (!conn) 147 return NULL; 148 149 spin_lock_init(&conn->lock); 150 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 151 152 hcon->sco_data = conn; 153 conn->hcon = hcon; 154 conn->mtu = hcon->mtu; 155 156 if (hcon->mtu > 0) 157 conn->mtu = hcon->mtu; 158 else 159 conn->mtu = 60; 160 161 BT_DBG("hcon %p conn %p", hcon, conn); 162 163 return conn; 164 } 165 166 /* Delete channel. 167 * Must be called on the locked socket. */ 168 static void sco_chan_del(struct sock *sk, int err) 169 { 170 struct sco_conn *conn; 171 172 conn = sco_pi(sk)->conn; 173 174 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 175 176 if (conn) { 177 sco_conn_lock(conn); 178 conn->sk = NULL; 179 sco_pi(sk)->conn = NULL; 180 sco_conn_unlock(conn); 181 182 if (conn->hcon) 183 hci_conn_drop(conn->hcon); 184 } 185 186 sk->sk_state = BT_CLOSED; 187 sk->sk_err = err; 188 sk->sk_state_change(sk); 189 190 sock_set_flag(sk, SOCK_ZAPPED); 191 } 192 193 static void sco_conn_del(struct hci_conn *hcon, int err) 194 { 195 struct sco_conn *conn = hcon->sco_data; 196 struct sock *sk; 197 198 if (!conn) 199 return; 200 201 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 202 203 /* Kill socket */ 204 sco_conn_lock(conn); 205 sk = sco_sock_hold(conn); 206 sco_conn_unlock(conn); 207 208 if (sk) { 209 lock_sock(sk); 210 sco_sock_clear_timer(sk); 211 sco_chan_del(sk, err); 212 release_sock(sk); 213 sock_put(sk); 214 } 215 216 /* Ensure no more work items will run before freeing conn. */ 217 cancel_delayed_work_sync(&conn->timeout_work); 218 219 hcon->sco_data = NULL; 220 kfree(conn); 221 } 222 223 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 224 struct sock *parent) 225 { 226 BT_DBG("conn %p", conn); 227 228 sco_pi(sk)->conn = conn; 229 conn->sk = sk; 230 231 if (parent) 232 bt_accept_enqueue(parent, sk, true); 233 } 234 235 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 236 struct sock *parent) 237 { 238 int err = 0; 239 240 sco_conn_lock(conn); 241 if (conn->sk) 242 err = -EBUSY; 243 else 244 __sco_chan_add(conn, sk, parent); 245 246 sco_conn_unlock(conn); 247 return err; 248 } 249 250 static int sco_connect(struct sock *sk) 251 { 252 struct sco_conn *conn; 253 struct hci_conn *hcon; 254 struct hci_dev *hdev; 255 int err, type; 256 257 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 258 259 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 260 if (!hdev) 261 return -EHOSTUNREACH; 262 263 hci_dev_lock(hdev); 264 265 if (lmp_esco_capable(hdev) && !disable_esco) 266 type = ESCO_LINK; 267 else 268 type = SCO_LINK; 269 270 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 271 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 272 err = -EOPNOTSUPP; 273 goto unlock; 274 } 275 276 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 277 sco_pi(sk)->setting, &sco_pi(sk)->codec); 278 if (IS_ERR(hcon)) { 279 err = PTR_ERR(hcon); 280 goto unlock; 281 } 282 283 conn = sco_conn_add(hcon); 284 if (!conn) { 285 hci_conn_drop(hcon); 286 err = -ENOMEM; 287 goto unlock; 288 } 289 290 lock_sock(sk); 291 292 err = sco_chan_add(conn, sk, NULL); 293 if (err) { 294 release_sock(sk); 295 goto unlock; 296 } 297 298 /* Update source addr of the socket */ 299 bacpy(&sco_pi(sk)->src, &hcon->src); 300 301 if (hcon->state == BT_CONNECTED) { 302 sco_sock_clear_timer(sk); 303 sk->sk_state = BT_CONNECTED; 304 } else { 305 sk->sk_state = BT_CONNECT; 306 sco_sock_set_timer(sk, sk->sk_sndtimeo); 307 } 308 309 release_sock(sk); 310 311 unlock: 312 hci_dev_unlock(hdev); 313 hci_dev_put(hdev); 314 return err; 315 } 316 317 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 318 { 319 struct sco_conn *conn = sco_pi(sk)->conn; 320 int len = skb->len; 321 322 /* Check outgoing MTU */ 323 if (len > conn->mtu) 324 return -EINVAL; 325 326 BT_DBG("sk %p len %d", sk, len); 327 328 hci_send_sco(conn->hcon, skb); 329 330 return len; 331 } 332 333 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 334 { 335 struct sock *sk; 336 337 sco_conn_lock(conn); 338 sk = conn->sk; 339 sco_conn_unlock(conn); 340 341 if (!sk) 342 goto drop; 343 344 BT_DBG("sk %p len %u", sk, skb->len); 345 346 if (sk->sk_state != BT_CONNECTED) 347 goto drop; 348 349 if (!sock_queue_rcv_skb(sk, skb)) 350 return; 351 352 drop: 353 kfree_skb(skb); 354 } 355 356 /* -------- Socket interface ---------- */ 357 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 358 { 359 struct sock *sk; 360 361 sk_for_each(sk, &sco_sk_list.head) { 362 if (sk->sk_state != BT_LISTEN) 363 continue; 364 365 if (!bacmp(&sco_pi(sk)->src, ba)) 366 return sk; 367 } 368 369 return NULL; 370 } 371 372 /* Find socket listening on source bdaddr. 373 * Returns closest match. 374 */ 375 static struct sock *sco_get_sock_listen(bdaddr_t *src) 376 { 377 struct sock *sk = NULL, *sk1 = NULL; 378 379 read_lock(&sco_sk_list.lock); 380 381 sk_for_each(sk, &sco_sk_list.head) { 382 if (sk->sk_state != BT_LISTEN) 383 continue; 384 385 /* Exact match. */ 386 if (!bacmp(&sco_pi(sk)->src, src)) 387 break; 388 389 /* Closest match */ 390 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 391 sk1 = sk; 392 } 393 394 read_unlock(&sco_sk_list.lock); 395 396 return sk ? sk : sk1; 397 } 398 399 static void sco_sock_destruct(struct sock *sk) 400 { 401 BT_DBG("sk %p", sk); 402 403 skb_queue_purge(&sk->sk_receive_queue); 404 skb_queue_purge(&sk->sk_write_queue); 405 } 406 407 static void sco_sock_cleanup_listen(struct sock *parent) 408 { 409 struct sock *sk; 410 411 BT_DBG("parent %p", parent); 412 413 /* Close not yet accepted channels */ 414 while ((sk = bt_accept_dequeue(parent, NULL))) { 415 sco_sock_close(sk); 416 sco_sock_kill(sk); 417 } 418 419 parent->sk_state = BT_CLOSED; 420 sock_set_flag(parent, SOCK_ZAPPED); 421 } 422 423 /* Kill socket (only if zapped and orphan) 424 * Must be called on unlocked socket. 425 */ 426 static void sco_sock_kill(struct sock *sk) 427 { 428 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 429 return; 430 431 BT_DBG("sk %p state %d", sk, sk->sk_state); 432 433 /* Kill poor orphan */ 434 bt_sock_unlink(&sco_sk_list, sk); 435 sock_set_flag(sk, SOCK_DEAD); 436 sock_put(sk); 437 } 438 439 static void __sco_sock_close(struct sock *sk) 440 { 441 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 442 443 switch (sk->sk_state) { 444 case BT_LISTEN: 445 sco_sock_cleanup_listen(sk); 446 break; 447 448 case BT_CONNECTED: 449 case BT_CONFIG: 450 if (sco_pi(sk)->conn->hcon) { 451 sk->sk_state = BT_DISCONN; 452 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 453 sco_conn_lock(sco_pi(sk)->conn); 454 hci_conn_drop(sco_pi(sk)->conn->hcon); 455 sco_pi(sk)->conn->hcon = NULL; 456 sco_conn_unlock(sco_pi(sk)->conn); 457 } else 458 sco_chan_del(sk, ECONNRESET); 459 break; 460 461 case BT_CONNECT2: 462 case BT_CONNECT: 463 case BT_DISCONN: 464 sco_chan_del(sk, ECONNRESET); 465 break; 466 467 default: 468 sock_set_flag(sk, SOCK_ZAPPED); 469 break; 470 } 471 472 } 473 474 /* Must be called on unlocked socket. */ 475 static void sco_sock_close(struct sock *sk) 476 { 477 lock_sock(sk); 478 sco_sock_clear_timer(sk); 479 __sco_sock_close(sk); 480 release_sock(sk); 481 } 482 483 static void sco_sock_init(struct sock *sk, struct sock *parent) 484 { 485 BT_DBG("sk %p", sk); 486 487 if (parent) { 488 sk->sk_type = parent->sk_type; 489 bt_sk(sk)->flags = bt_sk(parent)->flags; 490 security_sk_clone(parent, sk); 491 } 492 } 493 494 static struct proto sco_proto = { 495 .name = "SCO", 496 .owner = THIS_MODULE, 497 .obj_size = sizeof(struct sco_pinfo) 498 }; 499 500 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 501 int proto, gfp_t prio, int kern) 502 { 503 struct sock *sk; 504 505 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 506 if (!sk) 507 return NULL; 508 509 sk->sk_destruct = sco_sock_destruct; 510 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 511 512 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 513 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 514 sco_pi(sk)->codec.cid = 0xffff; 515 sco_pi(sk)->codec.vid = 0xffff; 516 sco_pi(sk)->codec.data_path = 0x00; 517 518 bt_sock_link(&sco_sk_list, sk); 519 return sk; 520 } 521 522 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 523 int kern) 524 { 525 struct sock *sk; 526 527 BT_DBG("sock %p", sock); 528 529 sock->state = SS_UNCONNECTED; 530 531 if (sock->type != SOCK_SEQPACKET) 532 return -ESOCKTNOSUPPORT; 533 534 sock->ops = &sco_sock_ops; 535 536 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 537 if (!sk) 538 return -ENOMEM; 539 540 sco_sock_init(sk, NULL); 541 return 0; 542 } 543 544 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 545 int addr_len) 546 { 547 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 548 struct sock *sk = sock->sk; 549 int err = 0; 550 551 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 552 addr->sa_family != AF_BLUETOOTH) 553 return -EINVAL; 554 555 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 556 557 lock_sock(sk); 558 559 if (sk->sk_state != BT_OPEN) { 560 err = -EBADFD; 561 goto done; 562 } 563 564 if (sk->sk_type != SOCK_SEQPACKET) { 565 err = -EINVAL; 566 goto done; 567 } 568 569 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 570 571 sk->sk_state = BT_BOUND; 572 573 done: 574 release_sock(sk); 575 return err; 576 } 577 578 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 579 { 580 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 581 struct sock *sk = sock->sk; 582 int err; 583 584 BT_DBG("sk %p", sk); 585 586 if (alen < sizeof(struct sockaddr_sco) || 587 addr->sa_family != AF_BLUETOOTH) 588 return -EINVAL; 589 590 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 591 return -EBADFD; 592 593 if (sk->sk_type != SOCK_SEQPACKET) 594 err = -EINVAL; 595 596 lock_sock(sk); 597 /* Set destination address and psm */ 598 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 599 release_sock(sk); 600 601 err = sco_connect(sk); 602 if (err) 603 return err; 604 605 lock_sock(sk); 606 607 err = bt_sock_wait_state(sk, BT_CONNECTED, 608 sock_sndtimeo(sk, flags & O_NONBLOCK)); 609 610 release_sock(sk); 611 return err; 612 } 613 614 static int sco_sock_listen(struct socket *sock, int backlog) 615 { 616 struct sock *sk = sock->sk; 617 bdaddr_t *src = &sco_pi(sk)->src; 618 int err = 0; 619 620 BT_DBG("sk %p backlog %d", sk, backlog); 621 622 lock_sock(sk); 623 624 if (sk->sk_state != BT_BOUND) { 625 err = -EBADFD; 626 goto done; 627 } 628 629 if (sk->sk_type != SOCK_SEQPACKET) { 630 err = -EINVAL; 631 goto done; 632 } 633 634 write_lock(&sco_sk_list.lock); 635 636 if (__sco_get_sock_listen_by_addr(src)) { 637 err = -EADDRINUSE; 638 goto unlock; 639 } 640 641 sk->sk_max_ack_backlog = backlog; 642 sk->sk_ack_backlog = 0; 643 644 sk->sk_state = BT_LISTEN; 645 646 unlock: 647 write_unlock(&sco_sk_list.lock); 648 649 done: 650 release_sock(sk); 651 return err; 652 } 653 654 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 655 int flags, bool kern) 656 { 657 DEFINE_WAIT_FUNC(wait, woken_wake_function); 658 struct sock *sk = sock->sk, *ch; 659 long timeo; 660 int err = 0; 661 662 lock_sock(sk); 663 664 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 665 666 BT_DBG("sk %p timeo %ld", sk, timeo); 667 668 /* Wait for an incoming connection. (wake-one). */ 669 add_wait_queue_exclusive(sk_sleep(sk), &wait); 670 while (1) { 671 if (sk->sk_state != BT_LISTEN) { 672 err = -EBADFD; 673 break; 674 } 675 676 ch = bt_accept_dequeue(sk, newsock); 677 if (ch) 678 break; 679 680 if (!timeo) { 681 err = -EAGAIN; 682 break; 683 } 684 685 if (signal_pending(current)) { 686 err = sock_intr_errno(timeo); 687 break; 688 } 689 690 release_sock(sk); 691 692 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 693 lock_sock(sk); 694 } 695 remove_wait_queue(sk_sleep(sk), &wait); 696 697 if (err) 698 goto done; 699 700 newsock->state = SS_CONNECTED; 701 702 BT_DBG("new socket %p", ch); 703 704 done: 705 release_sock(sk); 706 return err; 707 } 708 709 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 710 int peer) 711 { 712 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 713 struct sock *sk = sock->sk; 714 715 BT_DBG("sock %p, sk %p", sock, sk); 716 717 addr->sa_family = AF_BLUETOOTH; 718 719 if (peer) 720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 721 else 722 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 723 724 return sizeof(struct sockaddr_sco); 725 } 726 727 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 728 size_t len) 729 { 730 struct sock *sk = sock->sk; 731 struct sk_buff *skb; 732 int err; 733 734 BT_DBG("sock %p, sk %p", sock, sk); 735 736 err = sock_error(sk); 737 if (err) 738 return err; 739 740 if (msg->msg_flags & MSG_OOB) 741 return -EOPNOTSUPP; 742 743 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 744 if (IS_ERR(skb)) 745 return PTR_ERR(skb); 746 747 lock_sock(sk); 748 749 if (sk->sk_state == BT_CONNECTED) 750 err = sco_send_frame(sk, skb); 751 else 752 err = -ENOTCONN; 753 754 release_sock(sk); 755 756 if (err < 0) 757 kfree_skb(skb); 758 return err; 759 } 760 761 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 762 { 763 struct hci_dev *hdev = conn->hdev; 764 765 BT_DBG("conn %p", conn); 766 767 conn->state = BT_CONFIG; 768 769 if (!lmp_esco_capable(hdev)) { 770 struct hci_cp_accept_conn_req cp; 771 772 bacpy(&cp.bdaddr, &conn->dst); 773 cp.role = 0x00; /* Ignored */ 774 775 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 776 } else { 777 struct hci_cp_accept_sync_conn_req cp; 778 779 bacpy(&cp.bdaddr, &conn->dst); 780 cp.pkt_type = cpu_to_le16(conn->pkt_type); 781 782 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 783 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 784 cp.content_format = cpu_to_le16(setting); 785 786 switch (setting & SCO_AIRMODE_MASK) { 787 case SCO_AIRMODE_TRANSP: 788 if (conn->pkt_type & ESCO_2EV3) 789 cp.max_latency = cpu_to_le16(0x0008); 790 else 791 cp.max_latency = cpu_to_le16(0x000D); 792 cp.retrans_effort = 0x02; 793 break; 794 case SCO_AIRMODE_CVSD: 795 cp.max_latency = cpu_to_le16(0xffff); 796 cp.retrans_effort = 0xff; 797 break; 798 default: 799 /* use CVSD settings as fallback */ 800 cp.max_latency = cpu_to_le16(0xffff); 801 cp.retrans_effort = 0xff; 802 break; 803 } 804 805 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 806 sizeof(cp), &cp); 807 } 808 } 809 810 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 811 size_t len, int flags) 812 { 813 struct sock *sk = sock->sk; 814 struct sco_pinfo *pi = sco_pi(sk); 815 816 lock_sock(sk); 817 818 if (sk->sk_state == BT_CONNECT2 && 819 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 820 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 821 sk->sk_state = BT_CONFIG; 822 823 release_sock(sk); 824 return 0; 825 } 826 827 release_sock(sk); 828 829 return bt_sock_recvmsg(sock, msg, len, flags); 830 } 831 832 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 833 sockptr_t optval, unsigned int optlen) 834 { 835 struct sock *sk = sock->sk; 836 int err = 0; 837 struct bt_voice voice; 838 u32 opt; 839 struct bt_codecs *codecs; 840 struct hci_dev *hdev; 841 __u8 buffer[255]; 842 843 BT_DBG("sk %p", sk); 844 845 lock_sock(sk); 846 847 switch (optname) { 848 849 case BT_DEFER_SETUP: 850 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 851 err = -EINVAL; 852 break; 853 } 854 855 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 856 if (err) 857 break; 858 859 if (opt) 860 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 861 else 862 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 863 break; 864 865 case BT_VOICE: 866 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 867 sk->sk_state != BT_CONNECT2) { 868 err = -EINVAL; 869 break; 870 } 871 872 voice.setting = sco_pi(sk)->setting; 873 874 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 875 optlen); 876 if (err) 877 break; 878 879 /* Explicitly check for these values */ 880 if (voice.setting != BT_VOICE_TRANSPARENT && 881 voice.setting != BT_VOICE_CVSD_16BIT) { 882 err = -EINVAL; 883 break; 884 } 885 886 sco_pi(sk)->setting = voice.setting; 887 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 888 BDADDR_BREDR); 889 if (!hdev) { 890 err = -EBADFD; 891 break; 892 } 893 if (enhanced_sync_conn_capable(hdev) && 894 voice.setting == BT_VOICE_TRANSPARENT) 895 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 896 hci_dev_put(hdev); 897 break; 898 899 case BT_PKT_STATUS: 900 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 901 if (err) 902 break; 903 904 if (opt) 905 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 906 else 907 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 908 break; 909 910 case BT_CODEC: 911 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 912 sk->sk_state != BT_CONNECT2) { 913 err = -EINVAL; 914 break; 915 } 916 917 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 918 BDADDR_BREDR); 919 if (!hdev) { 920 err = -EBADFD; 921 break; 922 } 923 924 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 925 hci_dev_put(hdev); 926 err = -EOPNOTSUPP; 927 break; 928 } 929 930 if (!hdev->get_data_path_id) { 931 hci_dev_put(hdev); 932 err = -EOPNOTSUPP; 933 break; 934 } 935 936 if (optlen < sizeof(struct bt_codecs) || 937 optlen > sizeof(buffer)) { 938 hci_dev_put(hdev); 939 err = -EINVAL; 940 break; 941 } 942 943 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 944 if (err) { 945 hci_dev_put(hdev); 946 break; 947 } 948 949 codecs = (void *)buffer; 950 951 if (codecs->num_codecs > 1) { 952 hci_dev_put(hdev); 953 err = -EINVAL; 954 break; 955 } 956 957 sco_pi(sk)->codec = codecs->codecs[0]; 958 hci_dev_put(hdev); 959 break; 960 961 default: 962 err = -ENOPROTOOPT; 963 break; 964 } 965 966 release_sock(sk); 967 return err; 968 } 969 970 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 971 char __user *optval, int __user *optlen) 972 { 973 struct sock *sk = sock->sk; 974 struct sco_options opts; 975 struct sco_conninfo cinfo; 976 int err = 0; 977 size_t len; 978 979 BT_DBG("sk %p", sk); 980 981 if (get_user(len, optlen)) 982 return -EFAULT; 983 984 lock_sock(sk); 985 986 switch (optname) { 987 case SCO_OPTIONS: 988 if (sk->sk_state != BT_CONNECTED && 989 !(sk->sk_state == BT_CONNECT2 && 990 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 991 err = -ENOTCONN; 992 break; 993 } 994 995 opts.mtu = sco_pi(sk)->conn->mtu; 996 997 BT_DBG("mtu %u", opts.mtu); 998 999 len = min(len, sizeof(opts)); 1000 if (copy_to_user(optval, (char *)&opts, len)) 1001 err = -EFAULT; 1002 1003 break; 1004 1005 case SCO_CONNINFO: 1006 if (sk->sk_state != BT_CONNECTED && 1007 !(sk->sk_state == BT_CONNECT2 && 1008 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1009 err = -ENOTCONN; 1010 break; 1011 } 1012 1013 memset(&cinfo, 0, sizeof(cinfo)); 1014 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1015 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1016 1017 len = min(len, sizeof(cinfo)); 1018 if (copy_to_user(optval, (char *)&cinfo, len)) 1019 err = -EFAULT; 1020 1021 break; 1022 1023 default: 1024 err = -ENOPROTOOPT; 1025 break; 1026 } 1027 1028 release_sock(sk); 1029 return err; 1030 } 1031 1032 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1033 char __user *optval, int __user *optlen) 1034 { 1035 struct sock *sk = sock->sk; 1036 int len, err = 0; 1037 struct bt_voice voice; 1038 u32 phys; 1039 int buf_len; 1040 struct codec_list *c; 1041 u8 num_codecs, i, __user *ptr; 1042 struct hci_dev *hdev; 1043 struct hci_codec_caps *caps; 1044 struct bt_codec codec; 1045 1046 BT_DBG("sk %p", sk); 1047 1048 if (level == SOL_SCO) 1049 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1050 1051 if (get_user(len, optlen)) 1052 return -EFAULT; 1053 1054 lock_sock(sk); 1055 1056 switch (optname) { 1057 1058 case BT_DEFER_SETUP: 1059 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1060 err = -EINVAL; 1061 break; 1062 } 1063 1064 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1065 (u32 __user *)optval)) 1066 err = -EFAULT; 1067 1068 break; 1069 1070 case BT_VOICE: 1071 voice.setting = sco_pi(sk)->setting; 1072 1073 len = min_t(unsigned int, len, sizeof(voice)); 1074 if (copy_to_user(optval, (char *)&voice, len)) 1075 err = -EFAULT; 1076 1077 break; 1078 1079 case BT_PHY: 1080 if (sk->sk_state != BT_CONNECTED) { 1081 err = -ENOTCONN; 1082 break; 1083 } 1084 1085 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1086 1087 if (put_user(phys, (u32 __user *) optval)) 1088 err = -EFAULT; 1089 break; 1090 1091 case BT_PKT_STATUS: 1092 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1093 (int __user *)optval)) 1094 err = -EFAULT; 1095 break; 1096 1097 case BT_SNDMTU: 1098 case BT_RCVMTU: 1099 if (sk->sk_state != BT_CONNECTED) { 1100 err = -ENOTCONN; 1101 break; 1102 } 1103 1104 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1105 err = -EFAULT; 1106 break; 1107 1108 case BT_CODEC: 1109 num_codecs = 0; 1110 buf_len = 0; 1111 1112 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1113 if (!hdev) { 1114 err = -EBADFD; 1115 break; 1116 } 1117 1118 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1119 hci_dev_put(hdev); 1120 err = -EOPNOTSUPP; 1121 break; 1122 } 1123 1124 if (!hdev->get_data_path_id) { 1125 hci_dev_put(hdev); 1126 err = -EOPNOTSUPP; 1127 break; 1128 } 1129 1130 release_sock(sk); 1131 1132 /* find total buffer size required to copy codec + caps */ 1133 hci_dev_lock(hdev); 1134 list_for_each_entry(c, &hdev->local_codecs, list) { 1135 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1136 continue; 1137 num_codecs++; 1138 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1139 buf_len += 1 + caps->len; 1140 caps = (void *)&caps->data[caps->len]; 1141 } 1142 buf_len += sizeof(struct bt_codec); 1143 } 1144 hci_dev_unlock(hdev); 1145 1146 buf_len += sizeof(struct bt_codecs); 1147 if (buf_len > len) { 1148 hci_dev_put(hdev); 1149 return -ENOBUFS; 1150 } 1151 ptr = optval; 1152 1153 if (put_user(num_codecs, ptr)) { 1154 hci_dev_put(hdev); 1155 return -EFAULT; 1156 } 1157 ptr += sizeof(num_codecs); 1158 1159 /* Iterate all the codecs supported over SCO and populate 1160 * codec data 1161 */ 1162 hci_dev_lock(hdev); 1163 list_for_each_entry(c, &hdev->local_codecs, list) { 1164 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1165 continue; 1166 1167 codec.id = c->id; 1168 codec.cid = c->cid; 1169 codec.vid = c->vid; 1170 err = hdev->get_data_path_id(hdev, &codec.data_path); 1171 if (err < 0) 1172 break; 1173 codec.num_caps = c->num_caps; 1174 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1175 err = -EFAULT; 1176 break; 1177 } 1178 ptr += sizeof(codec); 1179 1180 /* find codec capabilities data length */ 1181 len = 0; 1182 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1183 len += 1 + caps->len; 1184 caps = (void *)&caps->data[caps->len]; 1185 } 1186 1187 /* copy codec capabilities data */ 1188 if (len && copy_to_user(ptr, c->caps, len)) { 1189 err = -EFAULT; 1190 break; 1191 } 1192 ptr += len; 1193 } 1194 1195 hci_dev_unlock(hdev); 1196 hci_dev_put(hdev); 1197 1198 lock_sock(sk); 1199 1200 if (!err && put_user(buf_len, optlen)) 1201 err = -EFAULT; 1202 1203 break; 1204 1205 default: 1206 err = -ENOPROTOOPT; 1207 break; 1208 } 1209 1210 release_sock(sk); 1211 return err; 1212 } 1213 1214 static int sco_sock_shutdown(struct socket *sock, int how) 1215 { 1216 struct sock *sk = sock->sk; 1217 int err = 0; 1218 1219 BT_DBG("sock %p, sk %p", sock, sk); 1220 1221 if (!sk) 1222 return 0; 1223 1224 sock_hold(sk); 1225 lock_sock(sk); 1226 1227 if (!sk->sk_shutdown) { 1228 sk->sk_shutdown = SHUTDOWN_MASK; 1229 sco_sock_clear_timer(sk); 1230 __sco_sock_close(sk); 1231 1232 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1233 !(current->flags & PF_EXITING)) 1234 err = bt_sock_wait_state(sk, BT_CLOSED, 1235 sk->sk_lingertime); 1236 } 1237 1238 release_sock(sk); 1239 sock_put(sk); 1240 1241 return err; 1242 } 1243 1244 static int sco_sock_release(struct socket *sock) 1245 { 1246 struct sock *sk = sock->sk; 1247 int err = 0; 1248 1249 BT_DBG("sock %p, sk %p", sock, sk); 1250 1251 if (!sk) 1252 return 0; 1253 1254 sco_sock_close(sk); 1255 1256 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1257 !(current->flags & PF_EXITING)) { 1258 lock_sock(sk); 1259 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1260 release_sock(sk); 1261 } 1262 1263 sock_orphan(sk); 1264 sco_sock_kill(sk); 1265 return err; 1266 } 1267 1268 static void sco_conn_ready(struct sco_conn *conn) 1269 { 1270 struct sock *parent; 1271 struct sock *sk = conn->sk; 1272 1273 BT_DBG("conn %p", conn); 1274 1275 if (sk) { 1276 lock_sock(sk); 1277 sco_sock_clear_timer(sk); 1278 sk->sk_state = BT_CONNECTED; 1279 sk->sk_state_change(sk); 1280 release_sock(sk); 1281 } else { 1282 sco_conn_lock(conn); 1283 1284 if (!conn->hcon) { 1285 sco_conn_unlock(conn); 1286 return; 1287 } 1288 1289 parent = sco_get_sock_listen(&conn->hcon->src); 1290 if (!parent) { 1291 sco_conn_unlock(conn); 1292 return; 1293 } 1294 1295 lock_sock(parent); 1296 1297 sk = sco_sock_alloc(sock_net(parent), NULL, 1298 BTPROTO_SCO, GFP_ATOMIC, 0); 1299 if (!sk) { 1300 release_sock(parent); 1301 sco_conn_unlock(conn); 1302 return; 1303 } 1304 1305 sco_sock_init(sk, parent); 1306 1307 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1308 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1309 1310 hci_conn_hold(conn->hcon); 1311 __sco_chan_add(conn, sk, parent); 1312 1313 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1314 sk->sk_state = BT_CONNECT2; 1315 else 1316 sk->sk_state = BT_CONNECTED; 1317 1318 /* Wake up parent */ 1319 parent->sk_data_ready(parent); 1320 1321 release_sock(parent); 1322 1323 sco_conn_unlock(conn); 1324 } 1325 } 1326 1327 /* ----- SCO interface with lower layer (HCI) ----- */ 1328 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1329 { 1330 struct sock *sk; 1331 int lm = 0; 1332 1333 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1334 1335 /* Find listening sockets */ 1336 read_lock(&sco_sk_list.lock); 1337 sk_for_each(sk, &sco_sk_list.head) { 1338 if (sk->sk_state != BT_LISTEN) 1339 continue; 1340 1341 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1342 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1343 lm |= HCI_LM_ACCEPT; 1344 1345 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1346 *flags |= HCI_PROTO_DEFER; 1347 break; 1348 } 1349 } 1350 read_unlock(&sco_sk_list.lock); 1351 1352 return lm; 1353 } 1354 1355 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1356 { 1357 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1358 return; 1359 1360 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1361 1362 if (!status) { 1363 struct sco_conn *conn; 1364 1365 conn = sco_conn_add(hcon); 1366 if (conn) 1367 sco_conn_ready(conn); 1368 } else 1369 sco_conn_del(hcon, bt_to_errno(status)); 1370 } 1371 1372 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1373 { 1374 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1375 return; 1376 1377 BT_DBG("hcon %p reason %d", hcon, reason); 1378 1379 sco_conn_del(hcon, bt_to_errno(reason)); 1380 } 1381 1382 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1383 { 1384 struct sco_conn *conn = hcon->sco_data; 1385 1386 if (!conn) 1387 goto drop; 1388 1389 BT_DBG("conn %p len %u", conn, skb->len); 1390 1391 if (skb->len) { 1392 sco_recv_frame(conn, skb); 1393 return; 1394 } 1395 1396 drop: 1397 kfree_skb(skb); 1398 } 1399 1400 static struct hci_cb sco_cb = { 1401 .name = "SCO", 1402 .connect_cfm = sco_connect_cfm, 1403 .disconn_cfm = sco_disconn_cfm, 1404 }; 1405 1406 static int sco_debugfs_show(struct seq_file *f, void *p) 1407 { 1408 struct sock *sk; 1409 1410 read_lock(&sco_sk_list.lock); 1411 1412 sk_for_each(sk, &sco_sk_list.head) { 1413 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1414 &sco_pi(sk)->dst, sk->sk_state); 1415 } 1416 1417 read_unlock(&sco_sk_list.lock); 1418 1419 return 0; 1420 } 1421 1422 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1423 1424 static struct dentry *sco_debugfs; 1425 1426 static const struct proto_ops sco_sock_ops = { 1427 .family = PF_BLUETOOTH, 1428 .owner = THIS_MODULE, 1429 .release = sco_sock_release, 1430 .bind = sco_sock_bind, 1431 .connect = sco_sock_connect, 1432 .listen = sco_sock_listen, 1433 .accept = sco_sock_accept, 1434 .getname = sco_sock_getname, 1435 .sendmsg = sco_sock_sendmsg, 1436 .recvmsg = sco_sock_recvmsg, 1437 .poll = bt_sock_poll, 1438 .ioctl = bt_sock_ioctl, 1439 .gettstamp = sock_gettstamp, 1440 .mmap = sock_no_mmap, 1441 .socketpair = sock_no_socketpair, 1442 .shutdown = sco_sock_shutdown, 1443 .setsockopt = sco_sock_setsockopt, 1444 .getsockopt = sco_sock_getsockopt 1445 }; 1446 1447 static const struct net_proto_family sco_sock_family_ops = { 1448 .family = PF_BLUETOOTH, 1449 .owner = THIS_MODULE, 1450 .create = sco_sock_create, 1451 }; 1452 1453 int __init sco_init(void) 1454 { 1455 int err; 1456 1457 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1458 1459 err = proto_register(&sco_proto, 0); 1460 if (err < 0) 1461 return err; 1462 1463 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1464 if (err < 0) { 1465 BT_ERR("SCO socket registration failed"); 1466 goto error; 1467 } 1468 1469 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1470 if (err < 0) { 1471 BT_ERR("Failed to create SCO proc file"); 1472 bt_sock_unregister(BTPROTO_SCO); 1473 goto error; 1474 } 1475 1476 BT_INFO("SCO socket layer initialized"); 1477 1478 hci_register_cb(&sco_cb); 1479 1480 if (IS_ERR_OR_NULL(bt_debugfs)) 1481 return 0; 1482 1483 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1484 NULL, &sco_debugfs_fops); 1485 1486 return 0; 1487 1488 error: 1489 proto_unregister(&sco_proto); 1490 return err; 1491 } 1492 1493 void sco_exit(void) 1494 { 1495 bt_procfs_cleanup(&init_net, "sco"); 1496 1497 debugfs_remove(sco_debugfs); 1498 1499 hci_unregister_cb(&sco_cb); 1500 1501 bt_sock_unregister(BTPROTO_SCO); 1502 1503 proto_unregister(&sco_proto); 1504 } 1505 1506 module_param(disable_esco, bool, 0644); 1507 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1508