xref: /openbmc/linux/net/bluetooth/sco.c (revision 0760aad038b5a032c31ea124feed63d88627d2f1)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35 
36 static bool disable_esco;
37 
38 static const struct proto_ops sco_sock_ops;
39 
40 static struct bt_sock_list sco_sk_list = {
41 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43 
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 	struct hci_conn	*hcon;
47 
48 	spinlock_t	lock;
49 	struct sock	*sk;
50 
51 	unsigned int    mtu;
52 };
53 
54 #define sco_conn_lock(c)	spin_lock(&c->lock);
55 #define sco_conn_unlock(c)	spin_unlock(&c->lock);
56 
57 static void sco_sock_close(struct sock *sk);
58 static void sco_sock_kill(struct sock *sk);
59 
60 /* ----- SCO socket info ----- */
61 #define sco_pi(sk) ((struct sco_pinfo *) sk)
62 
63 struct sco_pinfo {
64 	struct bt_sock	bt;
65 	bdaddr_t	src;
66 	bdaddr_t	dst;
67 	__u32		flags;
68 	__u16		setting;
69 	__u8		cmsg_mask;
70 	struct sco_conn	*conn;
71 };
72 
73 /* ---- SCO timers ---- */
74 #define SCO_CONN_TIMEOUT	(HZ * 40)
75 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
76 
77 static void sco_sock_timeout(struct timer_list *t)
78 {
79 	struct sock *sk = from_timer(sk, t, sk_timer);
80 
81 	BT_DBG("sock %p state %d", sk, sk->sk_state);
82 
83 	bh_lock_sock(sk);
84 	sk->sk_err = ETIMEDOUT;
85 	sk->sk_state_change(sk);
86 	bh_unlock_sock(sk);
87 
88 	sco_sock_kill(sk);
89 	sock_put(sk);
90 }
91 
92 static void sco_sock_set_timer(struct sock *sk, long timeout)
93 {
94 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
95 	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
96 }
97 
98 static void sco_sock_clear_timer(struct sock *sk)
99 {
100 	BT_DBG("sock %p state %d", sk, sk->sk_state);
101 	sk_stop_timer(sk, &sk->sk_timer);
102 }
103 
104 /* ---- SCO connections ---- */
105 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
106 {
107 	struct hci_dev *hdev = hcon->hdev;
108 	struct sco_conn *conn = hcon->sco_data;
109 
110 	if (conn)
111 		return conn;
112 
113 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
114 	if (!conn)
115 		return NULL;
116 
117 	spin_lock_init(&conn->lock);
118 
119 	hcon->sco_data = conn;
120 	conn->hcon = hcon;
121 
122 	if (hdev->sco_mtu > 0)
123 		conn->mtu = hdev->sco_mtu;
124 	else
125 		conn->mtu = 60;
126 
127 	BT_DBG("hcon %p conn %p", hcon, conn);
128 
129 	return conn;
130 }
131 
132 /* Delete channel.
133  * Must be called on the locked socket. */
134 static void sco_chan_del(struct sock *sk, int err)
135 {
136 	struct sco_conn *conn;
137 
138 	conn = sco_pi(sk)->conn;
139 
140 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
141 
142 	if (conn) {
143 		sco_conn_lock(conn);
144 		conn->sk = NULL;
145 		sco_pi(sk)->conn = NULL;
146 		sco_conn_unlock(conn);
147 
148 		if (conn->hcon)
149 			hci_conn_drop(conn->hcon);
150 	}
151 
152 	sk->sk_state = BT_CLOSED;
153 	sk->sk_err   = err;
154 	sk->sk_state_change(sk);
155 
156 	sock_set_flag(sk, SOCK_ZAPPED);
157 }
158 
159 static void sco_conn_del(struct hci_conn *hcon, int err)
160 {
161 	struct sco_conn *conn = hcon->sco_data;
162 	struct sock *sk;
163 
164 	if (!conn)
165 		return;
166 
167 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
168 
169 	/* Kill socket */
170 	sco_conn_lock(conn);
171 	sk = conn->sk;
172 	sco_conn_unlock(conn);
173 
174 	if (sk) {
175 		sock_hold(sk);
176 		bh_lock_sock(sk);
177 		sco_sock_clear_timer(sk);
178 		sco_chan_del(sk, err);
179 		bh_unlock_sock(sk);
180 		sco_sock_kill(sk);
181 		sock_put(sk);
182 	}
183 
184 	hcon->sco_data = NULL;
185 	kfree(conn);
186 }
187 
188 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
189 			   struct sock *parent)
190 {
191 	BT_DBG("conn %p", conn);
192 
193 	sco_pi(sk)->conn = conn;
194 	conn->sk = sk;
195 
196 	if (parent)
197 		bt_accept_enqueue(parent, sk, true);
198 }
199 
200 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
201 			struct sock *parent)
202 {
203 	int err = 0;
204 
205 	sco_conn_lock(conn);
206 	if (conn->sk)
207 		err = -EBUSY;
208 	else
209 		__sco_chan_add(conn, sk, parent);
210 
211 	sco_conn_unlock(conn);
212 	return err;
213 }
214 
215 static int sco_connect(struct sock *sk)
216 {
217 	struct sco_conn *conn;
218 	struct hci_conn *hcon;
219 	struct hci_dev  *hdev;
220 	int err, type;
221 
222 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
223 
224 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
225 	if (!hdev)
226 		return -EHOSTUNREACH;
227 
228 	hci_dev_lock(hdev);
229 
230 	if (lmp_esco_capable(hdev) && !disable_esco)
231 		type = ESCO_LINK;
232 	else
233 		type = SCO_LINK;
234 
235 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
236 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
237 		err = -EOPNOTSUPP;
238 		goto done;
239 	}
240 
241 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
242 			       sco_pi(sk)->setting);
243 	if (IS_ERR(hcon)) {
244 		err = PTR_ERR(hcon);
245 		goto done;
246 	}
247 
248 	conn = sco_conn_add(hcon);
249 	if (!conn) {
250 		hci_conn_drop(hcon);
251 		err = -ENOMEM;
252 		goto done;
253 	}
254 
255 	/* Update source addr of the socket */
256 	bacpy(&sco_pi(sk)->src, &hcon->src);
257 
258 	err = sco_chan_add(conn, sk, NULL);
259 	if (err)
260 		goto done;
261 
262 	if (hcon->state == BT_CONNECTED) {
263 		sco_sock_clear_timer(sk);
264 		sk->sk_state = BT_CONNECTED;
265 	} else {
266 		sk->sk_state = BT_CONNECT;
267 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
268 	}
269 
270 done:
271 	hci_dev_unlock(hdev);
272 	hci_dev_put(hdev);
273 	return err;
274 }
275 
276 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
277 {
278 	struct sco_conn *conn = sco_pi(sk)->conn;
279 	struct sk_buff *skb;
280 	int err;
281 
282 	/* Check outgoing MTU */
283 	if (len > conn->mtu)
284 		return -EINVAL;
285 
286 	BT_DBG("sk %p len %d", sk, len);
287 
288 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
289 	if (!skb)
290 		return err;
291 
292 	if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
293 		kfree_skb(skb);
294 		return -EFAULT;
295 	}
296 
297 	hci_send_sco(conn->hcon, skb);
298 
299 	return len;
300 }
301 
302 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
303 {
304 	struct sock *sk;
305 
306 	sco_conn_lock(conn);
307 	sk = conn->sk;
308 	sco_conn_unlock(conn);
309 
310 	if (!sk)
311 		goto drop;
312 
313 	BT_DBG("sk %p len %d", sk, skb->len);
314 
315 	if (sk->sk_state != BT_CONNECTED)
316 		goto drop;
317 
318 	if (!sock_queue_rcv_skb(sk, skb))
319 		return;
320 
321 drop:
322 	kfree_skb(skb);
323 }
324 
325 /* -------- Socket interface ---------- */
326 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
327 {
328 	struct sock *sk;
329 
330 	sk_for_each(sk, &sco_sk_list.head) {
331 		if (sk->sk_state != BT_LISTEN)
332 			continue;
333 
334 		if (!bacmp(&sco_pi(sk)->src, ba))
335 			return sk;
336 	}
337 
338 	return NULL;
339 }
340 
341 /* Find socket listening on source bdaddr.
342  * Returns closest match.
343  */
344 static struct sock *sco_get_sock_listen(bdaddr_t *src)
345 {
346 	struct sock *sk = NULL, *sk1 = NULL;
347 
348 	read_lock(&sco_sk_list.lock);
349 
350 	sk_for_each(sk, &sco_sk_list.head) {
351 		if (sk->sk_state != BT_LISTEN)
352 			continue;
353 
354 		/* Exact match. */
355 		if (!bacmp(&sco_pi(sk)->src, src))
356 			break;
357 
358 		/* Closest match */
359 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
360 			sk1 = sk;
361 	}
362 
363 	read_unlock(&sco_sk_list.lock);
364 
365 	return sk ? sk : sk1;
366 }
367 
368 static void sco_sock_destruct(struct sock *sk)
369 {
370 	BT_DBG("sk %p", sk);
371 
372 	skb_queue_purge(&sk->sk_receive_queue);
373 	skb_queue_purge(&sk->sk_write_queue);
374 }
375 
376 static void sco_sock_cleanup_listen(struct sock *parent)
377 {
378 	struct sock *sk;
379 
380 	BT_DBG("parent %p", parent);
381 
382 	/* Close not yet accepted channels */
383 	while ((sk = bt_accept_dequeue(parent, NULL))) {
384 		sco_sock_close(sk);
385 		sco_sock_kill(sk);
386 	}
387 
388 	parent->sk_state  = BT_CLOSED;
389 	sock_set_flag(parent, SOCK_ZAPPED);
390 }
391 
392 /* Kill socket (only if zapped and orphan)
393  * Must be called on unlocked socket.
394  */
395 static void sco_sock_kill(struct sock *sk)
396 {
397 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
398 	    sock_flag(sk, SOCK_DEAD))
399 		return;
400 
401 	BT_DBG("sk %p state %d", sk, sk->sk_state);
402 
403 	/* Kill poor orphan */
404 	bt_sock_unlink(&sco_sk_list, sk);
405 	sock_set_flag(sk, SOCK_DEAD);
406 	sock_put(sk);
407 }
408 
409 static void __sco_sock_close(struct sock *sk)
410 {
411 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
412 
413 	switch (sk->sk_state) {
414 	case BT_LISTEN:
415 		sco_sock_cleanup_listen(sk);
416 		break;
417 
418 	case BT_CONNECTED:
419 	case BT_CONFIG:
420 		if (sco_pi(sk)->conn->hcon) {
421 			sk->sk_state = BT_DISCONN;
422 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
423 			sco_conn_lock(sco_pi(sk)->conn);
424 			hci_conn_drop(sco_pi(sk)->conn->hcon);
425 			sco_pi(sk)->conn->hcon = NULL;
426 			sco_conn_unlock(sco_pi(sk)->conn);
427 		} else
428 			sco_chan_del(sk, ECONNRESET);
429 		break;
430 
431 	case BT_CONNECT2:
432 	case BT_CONNECT:
433 	case BT_DISCONN:
434 		sco_chan_del(sk, ECONNRESET);
435 		break;
436 
437 	default:
438 		sock_set_flag(sk, SOCK_ZAPPED);
439 		break;
440 	}
441 }
442 
443 /* Must be called on unlocked socket. */
444 static void sco_sock_close(struct sock *sk)
445 {
446 	sco_sock_clear_timer(sk);
447 	lock_sock(sk);
448 	__sco_sock_close(sk);
449 	release_sock(sk);
450 	sco_sock_kill(sk);
451 }
452 
453 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
454 			     struct sock *sk)
455 {
456 	if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
457 		put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
458 			 sizeof(bt_cb(skb)->sco.pkt_status),
459 			 &bt_cb(skb)->sco.pkt_status);
460 }
461 
462 static void sco_sock_init(struct sock *sk, struct sock *parent)
463 {
464 	BT_DBG("sk %p", sk);
465 
466 	if (parent) {
467 		sk->sk_type = parent->sk_type;
468 		bt_sk(sk)->flags = bt_sk(parent)->flags;
469 		security_sk_clone(parent, sk);
470 	} else {
471 		bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
472 	}
473 }
474 
475 static struct proto sco_proto = {
476 	.name		= "SCO",
477 	.owner		= THIS_MODULE,
478 	.obj_size	= sizeof(struct sco_pinfo)
479 };
480 
481 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
482 				   int proto, gfp_t prio, int kern)
483 {
484 	struct sock *sk;
485 
486 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
487 	if (!sk)
488 		return NULL;
489 
490 	sock_init_data(sock, sk);
491 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
492 
493 	sk->sk_destruct = sco_sock_destruct;
494 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
495 
496 	sock_reset_flag(sk, SOCK_ZAPPED);
497 
498 	sk->sk_protocol = proto;
499 	sk->sk_state    = BT_OPEN;
500 
501 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
502 
503 	timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
504 
505 	bt_sock_link(&sco_sk_list, sk);
506 	return sk;
507 }
508 
509 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
510 			   int kern)
511 {
512 	struct sock *sk;
513 
514 	BT_DBG("sock %p", sock);
515 
516 	sock->state = SS_UNCONNECTED;
517 
518 	if (sock->type != SOCK_SEQPACKET)
519 		return -ESOCKTNOSUPPORT;
520 
521 	sock->ops = &sco_sock_ops;
522 
523 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
524 	if (!sk)
525 		return -ENOMEM;
526 
527 	sco_sock_init(sk, NULL);
528 	return 0;
529 }
530 
531 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
532 			 int addr_len)
533 {
534 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
535 	struct sock *sk = sock->sk;
536 	int err = 0;
537 
538 	if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
539 	    addr->sa_family != AF_BLUETOOTH)
540 		return -EINVAL;
541 
542 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
543 
544 	lock_sock(sk);
545 
546 	if (sk->sk_state != BT_OPEN) {
547 		err = -EBADFD;
548 		goto done;
549 	}
550 
551 	if (sk->sk_type != SOCK_SEQPACKET) {
552 		err = -EINVAL;
553 		goto done;
554 	}
555 
556 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
557 
558 	sk->sk_state = BT_BOUND;
559 
560 done:
561 	release_sock(sk);
562 	return err;
563 }
564 
565 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
566 {
567 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
568 	struct sock *sk = sock->sk;
569 	int err;
570 
571 	BT_DBG("sk %p", sk);
572 
573 	if (alen < sizeof(struct sockaddr_sco) ||
574 	    addr->sa_family != AF_BLUETOOTH)
575 		return -EINVAL;
576 
577 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
578 		return -EBADFD;
579 
580 	if (sk->sk_type != SOCK_SEQPACKET)
581 		return -EINVAL;
582 
583 	lock_sock(sk);
584 
585 	/* Set destination address and psm */
586 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
587 
588 	err = sco_connect(sk);
589 	if (err)
590 		goto done;
591 
592 	err = bt_sock_wait_state(sk, BT_CONNECTED,
593 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
594 
595 done:
596 	release_sock(sk);
597 	return err;
598 }
599 
600 static int sco_sock_listen(struct socket *sock, int backlog)
601 {
602 	struct sock *sk = sock->sk;
603 	bdaddr_t *src = &sco_pi(sk)->src;
604 	int err = 0;
605 
606 	BT_DBG("sk %p backlog %d", sk, backlog);
607 
608 	lock_sock(sk);
609 
610 	if (sk->sk_state != BT_BOUND) {
611 		err = -EBADFD;
612 		goto done;
613 	}
614 
615 	if (sk->sk_type != SOCK_SEQPACKET) {
616 		err = -EINVAL;
617 		goto done;
618 	}
619 
620 	write_lock(&sco_sk_list.lock);
621 
622 	if (__sco_get_sock_listen_by_addr(src)) {
623 		err = -EADDRINUSE;
624 		goto unlock;
625 	}
626 
627 	sk->sk_max_ack_backlog = backlog;
628 	sk->sk_ack_backlog = 0;
629 
630 	sk->sk_state = BT_LISTEN;
631 
632 unlock:
633 	write_unlock(&sco_sk_list.lock);
634 
635 done:
636 	release_sock(sk);
637 	return err;
638 }
639 
640 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
641 			   int flags, bool kern)
642 {
643 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
644 	struct sock *sk = sock->sk, *ch;
645 	long timeo;
646 	int err = 0;
647 
648 	lock_sock(sk);
649 
650 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
651 
652 	BT_DBG("sk %p timeo %ld", sk, timeo);
653 
654 	/* Wait for an incoming connection. (wake-one). */
655 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
656 	while (1) {
657 		if (sk->sk_state != BT_LISTEN) {
658 			err = -EBADFD;
659 			break;
660 		}
661 
662 		ch = bt_accept_dequeue(sk, newsock);
663 		if (ch)
664 			break;
665 
666 		if (!timeo) {
667 			err = -EAGAIN;
668 			break;
669 		}
670 
671 		if (signal_pending(current)) {
672 			err = sock_intr_errno(timeo);
673 			break;
674 		}
675 
676 		release_sock(sk);
677 
678 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
679 		lock_sock(sk);
680 	}
681 	remove_wait_queue(sk_sleep(sk), &wait);
682 
683 	if (err)
684 		goto done;
685 
686 	newsock->state = SS_CONNECTED;
687 
688 	BT_DBG("new socket %p", ch);
689 
690 done:
691 	release_sock(sk);
692 	return err;
693 }
694 
695 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
696 			    int peer)
697 {
698 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
699 	struct sock *sk = sock->sk;
700 
701 	BT_DBG("sock %p, sk %p", sock, sk);
702 
703 	addr->sa_family = AF_BLUETOOTH;
704 
705 	if (peer)
706 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
707 	else
708 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
709 
710 	return sizeof(struct sockaddr_sco);
711 }
712 
713 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
714 			    size_t len)
715 {
716 	struct sock *sk = sock->sk;
717 	int err;
718 
719 	BT_DBG("sock %p, sk %p", sock, sk);
720 
721 	err = sock_error(sk);
722 	if (err)
723 		return err;
724 
725 	if (msg->msg_flags & MSG_OOB)
726 		return -EOPNOTSUPP;
727 
728 	lock_sock(sk);
729 
730 	if (sk->sk_state == BT_CONNECTED)
731 		err = sco_send_frame(sk, msg, len);
732 	else
733 		err = -ENOTCONN;
734 
735 	release_sock(sk);
736 	return err;
737 }
738 
739 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
740 {
741 	struct hci_dev *hdev = conn->hdev;
742 
743 	BT_DBG("conn %p", conn);
744 
745 	conn->state = BT_CONFIG;
746 
747 	if (!lmp_esco_capable(hdev)) {
748 		struct hci_cp_accept_conn_req cp;
749 
750 		bacpy(&cp.bdaddr, &conn->dst);
751 		cp.role = 0x00; /* Ignored */
752 
753 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
754 	} else {
755 		struct hci_cp_accept_sync_conn_req cp;
756 
757 		bacpy(&cp.bdaddr, &conn->dst);
758 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
759 
760 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
761 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
762 		cp.content_format = cpu_to_le16(setting);
763 
764 		switch (setting & SCO_AIRMODE_MASK) {
765 		case SCO_AIRMODE_TRANSP:
766 			if (conn->pkt_type & ESCO_2EV3)
767 				cp.max_latency = cpu_to_le16(0x0008);
768 			else
769 				cp.max_latency = cpu_to_le16(0x000D);
770 			cp.retrans_effort = 0x02;
771 			break;
772 		case SCO_AIRMODE_CVSD:
773 			cp.max_latency = cpu_to_le16(0xffff);
774 			cp.retrans_effort = 0xff;
775 			break;
776 		}
777 
778 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
779 			     sizeof(cp), &cp);
780 	}
781 }
782 
783 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
784 			    size_t len, int flags)
785 {
786 	struct sock *sk = sock->sk;
787 	struct sco_pinfo *pi = sco_pi(sk);
788 
789 	lock_sock(sk);
790 
791 	if (sk->sk_state == BT_CONNECT2 &&
792 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
793 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
794 		sk->sk_state = BT_CONFIG;
795 
796 		release_sock(sk);
797 		return 0;
798 	}
799 
800 	release_sock(sk);
801 
802 	return bt_sock_recvmsg(sock, msg, len, flags);
803 }
804 
805 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
806 			       sockptr_t optval, unsigned int optlen)
807 {
808 	struct sock *sk = sock->sk;
809 	int len, err = 0;
810 	struct bt_voice voice;
811 	u32 opt;
812 
813 	BT_DBG("sk %p", sk);
814 
815 	lock_sock(sk);
816 
817 	switch (optname) {
818 
819 	case BT_DEFER_SETUP:
820 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
821 			err = -EINVAL;
822 			break;
823 		}
824 
825 		if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
826 			err = -EFAULT;
827 			break;
828 		}
829 
830 		if (opt)
831 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 		else
833 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 		break;
835 
836 	case BT_VOICE:
837 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
838 		    sk->sk_state != BT_CONNECT2) {
839 			err = -EINVAL;
840 			break;
841 		}
842 
843 		voice.setting = sco_pi(sk)->setting;
844 
845 		len = min_t(unsigned int, sizeof(voice), optlen);
846 		if (copy_from_sockptr(&voice, optval, len)) {
847 			err = -EFAULT;
848 			break;
849 		}
850 
851 		/* Explicitly check for these values */
852 		if (voice.setting != BT_VOICE_TRANSPARENT &&
853 		    voice.setting != BT_VOICE_CVSD_16BIT) {
854 			err = -EINVAL;
855 			break;
856 		}
857 
858 		sco_pi(sk)->setting = voice.setting;
859 		break;
860 
861 	case BT_PKT_STATUS:
862 		if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
863 			err = -EFAULT;
864 			break;
865 		}
866 
867 		if (opt)
868 			sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
869 		else
870 			sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
871 		break;
872 
873 	default:
874 		err = -ENOPROTOOPT;
875 		break;
876 	}
877 
878 	release_sock(sk);
879 	return err;
880 }
881 
882 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
883 				   char __user *optval, int __user *optlen)
884 {
885 	struct sock *sk = sock->sk;
886 	struct sco_options opts;
887 	struct sco_conninfo cinfo;
888 	int len, err = 0;
889 
890 	BT_DBG("sk %p", sk);
891 
892 	if (get_user(len, optlen))
893 		return -EFAULT;
894 
895 	lock_sock(sk);
896 
897 	switch (optname) {
898 	case SCO_OPTIONS:
899 		if (sk->sk_state != BT_CONNECTED &&
900 		    !(sk->sk_state == BT_CONNECT2 &&
901 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
902 			err = -ENOTCONN;
903 			break;
904 		}
905 
906 		opts.mtu = sco_pi(sk)->conn->mtu;
907 
908 		BT_DBG("mtu %d", opts.mtu);
909 
910 		len = min_t(unsigned int, len, sizeof(opts));
911 		if (copy_to_user(optval, (char *)&opts, len))
912 			err = -EFAULT;
913 
914 		break;
915 
916 	case SCO_CONNINFO:
917 		if (sk->sk_state != BT_CONNECTED &&
918 		    !(sk->sk_state == BT_CONNECT2 &&
919 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
920 			err = -ENOTCONN;
921 			break;
922 		}
923 
924 		memset(&cinfo, 0, sizeof(cinfo));
925 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
926 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
927 
928 		len = min_t(unsigned int, len, sizeof(cinfo));
929 		if (copy_to_user(optval, (char *)&cinfo, len))
930 			err = -EFAULT;
931 
932 		break;
933 
934 	default:
935 		err = -ENOPROTOOPT;
936 		break;
937 	}
938 
939 	release_sock(sk);
940 	return err;
941 }
942 
943 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
944 			       char __user *optval, int __user *optlen)
945 {
946 	struct sock *sk = sock->sk;
947 	int len, err = 0;
948 	struct bt_voice voice;
949 	u32 phys;
950 	int pkt_status;
951 
952 	BT_DBG("sk %p", sk);
953 
954 	if (level == SOL_SCO)
955 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
956 
957 	if (get_user(len, optlen))
958 		return -EFAULT;
959 
960 	lock_sock(sk);
961 
962 	switch (optname) {
963 
964 	case BT_DEFER_SETUP:
965 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
966 			err = -EINVAL;
967 			break;
968 		}
969 
970 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
971 			     (u32 __user *)optval))
972 			err = -EFAULT;
973 
974 		break;
975 
976 	case BT_VOICE:
977 		voice.setting = sco_pi(sk)->setting;
978 
979 		len = min_t(unsigned int, len, sizeof(voice));
980 		if (copy_to_user(optval, (char *)&voice, len))
981 			err = -EFAULT;
982 
983 		break;
984 
985 	case BT_PHY:
986 		if (sk->sk_state != BT_CONNECTED) {
987 			err = -ENOTCONN;
988 			break;
989 		}
990 
991 		phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
992 
993 		if (put_user(phys, (u32 __user *) optval))
994 			err = -EFAULT;
995 		break;
996 
997 	case BT_PKT_STATUS:
998 		pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
999 
1000 		if (put_user(pkt_status, (int __user *)optval))
1001 			err = -EFAULT;
1002 		break;
1003 
1004 	default:
1005 		err = -ENOPROTOOPT;
1006 		break;
1007 	}
1008 
1009 	release_sock(sk);
1010 	return err;
1011 }
1012 
1013 static int sco_sock_shutdown(struct socket *sock, int how)
1014 {
1015 	struct sock *sk = sock->sk;
1016 	int err = 0;
1017 
1018 	BT_DBG("sock %p, sk %p", sock, sk);
1019 
1020 	if (!sk)
1021 		return 0;
1022 
1023 	sock_hold(sk);
1024 	lock_sock(sk);
1025 
1026 	if (!sk->sk_shutdown) {
1027 		sk->sk_shutdown = SHUTDOWN_MASK;
1028 		sco_sock_clear_timer(sk);
1029 		__sco_sock_close(sk);
1030 
1031 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1032 		    !(current->flags & PF_EXITING))
1033 			err = bt_sock_wait_state(sk, BT_CLOSED,
1034 						 sk->sk_lingertime);
1035 	}
1036 
1037 	release_sock(sk);
1038 	sock_put(sk);
1039 
1040 	return err;
1041 }
1042 
1043 static int sco_sock_release(struct socket *sock)
1044 {
1045 	struct sock *sk = sock->sk;
1046 	int err = 0;
1047 
1048 	BT_DBG("sock %p, sk %p", sock, sk);
1049 
1050 	if (!sk)
1051 		return 0;
1052 
1053 	sco_sock_close(sk);
1054 
1055 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1056 	    !(current->flags & PF_EXITING)) {
1057 		lock_sock(sk);
1058 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1059 		release_sock(sk);
1060 	}
1061 
1062 	sock_orphan(sk);
1063 	sco_sock_kill(sk);
1064 	return err;
1065 }
1066 
1067 static void sco_conn_ready(struct sco_conn *conn)
1068 {
1069 	struct sock *parent;
1070 	struct sock *sk = conn->sk;
1071 
1072 	BT_DBG("conn %p", conn);
1073 
1074 	if (sk) {
1075 		sco_sock_clear_timer(sk);
1076 		bh_lock_sock(sk);
1077 		sk->sk_state = BT_CONNECTED;
1078 		sk->sk_state_change(sk);
1079 		bh_unlock_sock(sk);
1080 	} else {
1081 		sco_conn_lock(conn);
1082 
1083 		if (!conn->hcon) {
1084 			sco_conn_unlock(conn);
1085 			return;
1086 		}
1087 
1088 		parent = sco_get_sock_listen(&conn->hcon->src);
1089 		if (!parent) {
1090 			sco_conn_unlock(conn);
1091 			return;
1092 		}
1093 
1094 		bh_lock_sock(parent);
1095 
1096 		sk = sco_sock_alloc(sock_net(parent), NULL,
1097 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1098 		if (!sk) {
1099 			bh_unlock_sock(parent);
1100 			sco_conn_unlock(conn);
1101 			return;
1102 		}
1103 
1104 		sco_sock_init(sk, parent);
1105 
1106 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1107 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1108 
1109 		hci_conn_hold(conn->hcon);
1110 		__sco_chan_add(conn, sk, parent);
1111 
1112 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1113 			sk->sk_state = BT_CONNECT2;
1114 		else
1115 			sk->sk_state = BT_CONNECTED;
1116 
1117 		/* Wake up parent */
1118 		parent->sk_data_ready(parent);
1119 
1120 		bh_unlock_sock(parent);
1121 
1122 		sco_conn_unlock(conn);
1123 	}
1124 }
1125 
1126 /* ----- SCO interface with lower layer (HCI) ----- */
1127 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1128 {
1129 	struct sock *sk;
1130 	int lm = 0;
1131 
1132 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1133 
1134 	/* Find listening sockets */
1135 	read_lock(&sco_sk_list.lock);
1136 	sk_for_each(sk, &sco_sk_list.head) {
1137 		if (sk->sk_state != BT_LISTEN)
1138 			continue;
1139 
1140 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1141 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1142 			lm |= HCI_LM_ACCEPT;
1143 
1144 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1145 				*flags |= HCI_PROTO_DEFER;
1146 			break;
1147 		}
1148 	}
1149 	read_unlock(&sco_sk_list.lock);
1150 
1151 	return lm;
1152 }
1153 
1154 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1155 {
1156 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1157 		return;
1158 
1159 	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1160 
1161 	if (!status) {
1162 		struct sco_conn *conn;
1163 
1164 		conn = sco_conn_add(hcon);
1165 		if (conn)
1166 			sco_conn_ready(conn);
1167 	} else
1168 		sco_conn_del(hcon, bt_to_errno(status));
1169 }
1170 
1171 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1172 {
1173 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1174 		return;
1175 
1176 	BT_DBG("hcon %p reason %d", hcon, reason);
1177 
1178 	sco_conn_del(hcon, bt_to_errno(reason));
1179 }
1180 
1181 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1182 {
1183 	struct sco_conn *conn = hcon->sco_data;
1184 
1185 	if (!conn)
1186 		goto drop;
1187 
1188 	BT_DBG("conn %p len %d", conn, skb->len);
1189 
1190 	if (skb->len) {
1191 		sco_recv_frame(conn, skb);
1192 		return;
1193 	}
1194 
1195 drop:
1196 	kfree_skb(skb);
1197 }
1198 
1199 static struct hci_cb sco_cb = {
1200 	.name		= "SCO",
1201 	.connect_cfm	= sco_connect_cfm,
1202 	.disconn_cfm	= sco_disconn_cfm,
1203 };
1204 
1205 static int sco_debugfs_show(struct seq_file *f, void *p)
1206 {
1207 	struct sock *sk;
1208 
1209 	read_lock(&sco_sk_list.lock);
1210 
1211 	sk_for_each(sk, &sco_sk_list.head) {
1212 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1213 			   &sco_pi(sk)->dst, sk->sk_state);
1214 	}
1215 
1216 	read_unlock(&sco_sk_list.lock);
1217 
1218 	return 0;
1219 }
1220 
1221 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1222 
1223 static struct dentry *sco_debugfs;
1224 
1225 static const struct proto_ops sco_sock_ops = {
1226 	.family		= PF_BLUETOOTH,
1227 	.owner		= THIS_MODULE,
1228 	.release	= sco_sock_release,
1229 	.bind		= sco_sock_bind,
1230 	.connect	= sco_sock_connect,
1231 	.listen		= sco_sock_listen,
1232 	.accept		= sco_sock_accept,
1233 	.getname	= sco_sock_getname,
1234 	.sendmsg	= sco_sock_sendmsg,
1235 	.recvmsg	= sco_sock_recvmsg,
1236 	.poll		= bt_sock_poll,
1237 	.ioctl		= bt_sock_ioctl,
1238 	.gettstamp	= sock_gettstamp,
1239 	.mmap		= sock_no_mmap,
1240 	.socketpair	= sock_no_socketpair,
1241 	.shutdown	= sco_sock_shutdown,
1242 	.setsockopt	= sco_sock_setsockopt,
1243 	.getsockopt	= sco_sock_getsockopt
1244 };
1245 
1246 static const struct net_proto_family sco_sock_family_ops = {
1247 	.family	= PF_BLUETOOTH,
1248 	.owner	= THIS_MODULE,
1249 	.create	= sco_sock_create,
1250 };
1251 
1252 int __init sco_init(void)
1253 {
1254 	int err;
1255 
1256 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1257 
1258 	err = proto_register(&sco_proto, 0);
1259 	if (err < 0)
1260 		return err;
1261 
1262 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1263 	if (err < 0) {
1264 		BT_ERR("SCO socket registration failed");
1265 		goto error;
1266 	}
1267 
1268 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1269 	if (err < 0) {
1270 		BT_ERR("Failed to create SCO proc file");
1271 		bt_sock_unregister(BTPROTO_SCO);
1272 		goto error;
1273 	}
1274 
1275 	BT_INFO("SCO socket layer initialized");
1276 
1277 	hci_register_cb(&sco_cb);
1278 
1279 	if (IS_ERR_OR_NULL(bt_debugfs))
1280 		return 0;
1281 
1282 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1283 					  NULL, &sco_debugfs_fops);
1284 
1285 	return 0;
1286 
1287 error:
1288 	proto_unregister(&sco_proto);
1289 	return err;
1290 }
1291 
1292 void sco_exit(void)
1293 {
1294 	bt_procfs_cleanup(&init_net, "sco");
1295 
1296 	debugfs_remove(sco_debugfs);
1297 
1298 	hci_unregister_cb(&sco_cb);
1299 
1300 	bt_sock_unregister(BTPROTO_SCO);
1301 
1302 	proto_unregister(&sco_proto);
1303 }
1304 
1305 module_param(disable_esco, bool, 0644);
1306 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1307