1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/poll.h> 35 #include <linux/fcntl.h> 36 #include <linux/init.h> 37 #include <linux/interrupt.h> 38 #include <linux/socket.h> 39 #include <linux/skbuff.h> 40 #include <linux/device.h> 41 #include <linux/debugfs.h> 42 #include <linux/seq_file.h> 43 #include <linux/list.h> 44 #include <linux/security.h> 45 #include <net/sock.h> 46 47 #include <linux/uaccess.h> 48 49 #include <net/bluetooth/bluetooth.h> 50 #include <net/bluetooth/hci_core.h> 51 #include <net/bluetooth/sco.h> 52 53 static bool disable_esco; 54 55 static const struct proto_ops sco_sock_ops; 56 57 static struct bt_sock_list sco_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 59 }; 60 61 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent); 62 static void sco_chan_del(struct sock *sk, int err); 63 64 static int sco_conn_del(struct hci_conn *conn, int err); 65 66 static void sco_sock_close(struct sock *sk); 67 static void sco_sock_kill(struct sock *sk); 68 69 /* ---- SCO timers ---- */ 70 static void sco_sock_timeout(unsigned long arg) 71 { 72 struct sock *sk = (struct sock *) arg; 73 74 BT_DBG("sock %p state %d", sk, sk->sk_state); 75 76 bh_lock_sock(sk); 77 sk->sk_err = ETIMEDOUT; 78 sk->sk_state_change(sk); 79 bh_unlock_sock(sk); 80 81 sco_sock_kill(sk); 82 sock_put(sk); 83 } 84 85 static void sco_sock_set_timer(struct sock *sk, long timeout) 86 { 87 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 88 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 89 } 90 91 static void sco_sock_clear_timer(struct sock *sk) 92 { 93 BT_DBG("sock %p state %d", sk, sk->sk_state); 94 sk_stop_timer(sk, &sk->sk_timer); 95 } 96 97 /* ---- SCO connections ---- */ 98 static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status) 99 { 100 struct hci_dev *hdev = hcon->hdev; 101 struct sco_conn *conn = hcon->sco_data; 102 103 if (conn || status) 104 return conn; 105 106 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); 107 if (!conn) 108 return NULL; 109 110 spin_lock_init(&conn->lock); 111 112 hcon->sco_data = conn; 113 conn->hcon = hcon; 114 115 conn->src = &hdev->bdaddr; 116 conn->dst = &hcon->dst; 117 118 if (hdev->sco_mtu > 0) 119 conn->mtu = hdev->sco_mtu; 120 else 121 conn->mtu = 60; 122 123 BT_DBG("hcon %p conn %p", hcon, conn); 124 125 return conn; 126 } 127 128 static inline struct sock *sco_chan_get(struct sco_conn *conn) 129 { 130 struct sock *sk = NULL; 131 sco_conn_lock(conn); 132 sk = conn->sk; 133 sco_conn_unlock(conn); 134 return sk; 135 } 136 137 static int sco_conn_del(struct hci_conn *hcon, int err) 138 { 139 struct sco_conn *conn = hcon->sco_data; 140 struct sock *sk; 141 142 if (!conn) 143 return 0; 144 145 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 146 147 /* Kill socket */ 148 sk = sco_chan_get(conn); 149 if (sk) { 150 bh_lock_sock(sk); 151 sco_sock_clear_timer(sk); 152 sco_chan_del(sk, err); 153 bh_unlock_sock(sk); 154 sco_sock_kill(sk); 155 } 156 157 hcon->sco_data = NULL; 158 kfree(conn); 159 return 0; 160 } 161 162 static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 163 { 164 int err = 0; 165 166 sco_conn_lock(conn); 167 if (conn->sk) 168 err = -EBUSY; 169 else 170 __sco_chan_add(conn, sk, parent); 171 172 sco_conn_unlock(conn); 173 return err; 174 } 175 176 static int sco_connect(struct sock *sk) 177 { 178 bdaddr_t *src = &bt_sk(sk)->src; 179 bdaddr_t *dst = &bt_sk(sk)->dst; 180 struct sco_conn *conn; 181 struct hci_conn *hcon; 182 struct hci_dev *hdev; 183 int err, type; 184 185 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 186 187 hdev = hci_get_route(dst, src); 188 if (!hdev) 189 return -EHOSTUNREACH; 190 191 hci_dev_lock(hdev); 192 193 if (lmp_esco_capable(hdev) && !disable_esco) 194 type = ESCO_LINK; 195 else 196 type = SCO_LINK; 197 198 hcon = hci_connect(hdev, type, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING); 199 if (IS_ERR(hcon)) { 200 err = PTR_ERR(hcon); 201 goto done; 202 } 203 204 conn = sco_conn_add(hcon, 0); 205 if (!conn) { 206 hci_conn_put(hcon); 207 err = -ENOMEM; 208 goto done; 209 } 210 211 /* Update source addr of the socket */ 212 bacpy(src, conn->src); 213 214 err = sco_chan_add(conn, sk, NULL); 215 if (err) 216 goto done; 217 218 if (hcon->state == BT_CONNECTED) { 219 sco_sock_clear_timer(sk); 220 sk->sk_state = BT_CONNECTED; 221 } else { 222 sk->sk_state = BT_CONNECT; 223 sco_sock_set_timer(sk, sk->sk_sndtimeo); 224 } 225 226 done: 227 hci_dev_unlock(hdev); 228 hci_dev_put(hdev); 229 return err; 230 } 231 232 static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 233 { 234 struct sco_conn *conn = sco_pi(sk)->conn; 235 struct sk_buff *skb; 236 int err, count; 237 238 /* Check outgoing MTU */ 239 if (len > conn->mtu) 240 return -EINVAL; 241 242 BT_DBG("sk %p len %d", sk, len); 243 244 count = min_t(unsigned int, conn->mtu, len); 245 skb = bt_skb_send_alloc(sk, count, 246 msg->msg_flags & MSG_DONTWAIT, &err); 247 if (!skb) 248 return err; 249 250 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 251 kfree_skb(skb); 252 return -EFAULT; 253 } 254 255 hci_send_sco(conn->hcon, skb); 256 257 return count; 258 } 259 260 static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 261 { 262 struct sock *sk = sco_chan_get(conn); 263 264 if (!sk) 265 goto drop; 266 267 BT_DBG("sk %p len %d", sk, skb->len); 268 269 if (sk->sk_state != BT_CONNECTED) 270 goto drop; 271 272 if (!sock_queue_rcv_skb(sk, skb)) 273 return; 274 275 drop: 276 kfree_skb(skb); 277 } 278 279 /* -------- Socket interface ---------- */ 280 static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba) 281 { 282 struct sock *sk; 283 struct hlist_node *node; 284 285 sk_for_each(sk, node, &sco_sk_list.head) 286 if (!bacmp(&bt_sk(sk)->src, ba)) 287 goto found; 288 sk = NULL; 289 found: 290 return sk; 291 } 292 293 /* Find socket listening on source bdaddr. 294 * Returns closest match. 295 */ 296 static struct sock *sco_get_sock_listen(bdaddr_t *src) 297 { 298 struct sock *sk = NULL, *sk1 = NULL; 299 struct hlist_node *node; 300 301 read_lock(&sco_sk_list.lock); 302 303 sk_for_each(sk, node, &sco_sk_list.head) { 304 if (sk->sk_state != BT_LISTEN) 305 continue; 306 307 /* Exact match. */ 308 if (!bacmp(&bt_sk(sk)->src, src)) 309 break; 310 311 /* Closest match */ 312 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 313 sk1 = sk; 314 } 315 316 read_unlock(&sco_sk_list.lock); 317 318 return node ? sk : sk1; 319 } 320 321 static void sco_sock_destruct(struct sock *sk) 322 { 323 BT_DBG("sk %p", sk); 324 325 skb_queue_purge(&sk->sk_receive_queue); 326 skb_queue_purge(&sk->sk_write_queue); 327 } 328 329 static void sco_sock_cleanup_listen(struct sock *parent) 330 { 331 struct sock *sk; 332 333 BT_DBG("parent %p", parent); 334 335 /* Close not yet accepted channels */ 336 while ((sk = bt_accept_dequeue(parent, NULL))) { 337 sco_sock_close(sk); 338 sco_sock_kill(sk); 339 } 340 341 parent->sk_state = BT_CLOSED; 342 sock_set_flag(parent, SOCK_ZAPPED); 343 } 344 345 /* Kill socket (only if zapped and orphan) 346 * Must be called on unlocked socket. 347 */ 348 static void sco_sock_kill(struct sock *sk) 349 { 350 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 351 return; 352 353 BT_DBG("sk %p state %d", sk, sk->sk_state); 354 355 /* Kill poor orphan */ 356 bt_sock_unlink(&sco_sk_list, sk); 357 sock_set_flag(sk, SOCK_DEAD); 358 sock_put(sk); 359 } 360 361 static void __sco_sock_close(struct sock *sk) 362 { 363 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 364 365 switch (sk->sk_state) { 366 case BT_LISTEN: 367 sco_sock_cleanup_listen(sk); 368 break; 369 370 case BT_CONNECTED: 371 case BT_CONFIG: 372 if (sco_pi(sk)->conn) { 373 sk->sk_state = BT_DISCONN; 374 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 375 hci_conn_put(sco_pi(sk)->conn->hcon); 376 sco_pi(sk)->conn->hcon = NULL; 377 } else 378 sco_chan_del(sk, ECONNRESET); 379 break; 380 381 case BT_CONNECT: 382 case BT_DISCONN: 383 sco_chan_del(sk, ECONNRESET); 384 break; 385 386 default: 387 sock_set_flag(sk, SOCK_ZAPPED); 388 break; 389 } 390 } 391 392 /* Must be called on unlocked socket. */ 393 static void sco_sock_close(struct sock *sk) 394 { 395 sco_sock_clear_timer(sk); 396 lock_sock(sk); 397 __sco_sock_close(sk); 398 release_sock(sk); 399 sco_sock_kill(sk); 400 } 401 402 static void sco_sock_init(struct sock *sk, struct sock *parent) 403 { 404 BT_DBG("sk %p", sk); 405 406 if (parent) { 407 sk->sk_type = parent->sk_type; 408 security_sk_clone(parent, sk); 409 } 410 } 411 412 static struct proto sco_proto = { 413 .name = "SCO", 414 .owner = THIS_MODULE, 415 .obj_size = sizeof(struct sco_pinfo) 416 }; 417 418 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 419 { 420 struct sock *sk; 421 422 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto); 423 if (!sk) 424 return NULL; 425 426 sock_init_data(sock, sk); 427 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 428 429 sk->sk_destruct = sco_sock_destruct; 430 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 431 432 sock_reset_flag(sk, SOCK_ZAPPED); 433 434 sk->sk_protocol = proto; 435 sk->sk_state = BT_OPEN; 436 437 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 438 439 bt_sock_link(&sco_sk_list, sk); 440 return sk; 441 } 442 443 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 444 int kern) 445 { 446 struct sock *sk; 447 448 BT_DBG("sock %p", sock); 449 450 sock->state = SS_UNCONNECTED; 451 452 if (sock->type != SOCK_SEQPACKET) 453 return -ESOCKTNOSUPPORT; 454 455 sock->ops = &sco_sock_ops; 456 457 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 458 if (!sk) 459 return -ENOMEM; 460 461 sco_sock_init(sk, NULL); 462 return 0; 463 } 464 465 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 466 { 467 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 468 struct sock *sk = sock->sk; 469 bdaddr_t *src = &sa->sco_bdaddr; 470 int err = 0; 471 472 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr)); 473 474 if (!addr || addr->sa_family != AF_BLUETOOTH) 475 return -EINVAL; 476 477 lock_sock(sk); 478 479 if (sk->sk_state != BT_OPEN) { 480 err = -EBADFD; 481 goto done; 482 } 483 484 write_lock(&sco_sk_list.lock); 485 486 if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) { 487 err = -EADDRINUSE; 488 } else { 489 /* Save source address */ 490 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr); 491 sk->sk_state = BT_BOUND; 492 } 493 494 write_unlock(&sco_sk_list.lock); 495 496 done: 497 release_sock(sk); 498 return err; 499 } 500 501 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 502 { 503 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 504 struct sock *sk = sock->sk; 505 int err = 0; 506 507 508 BT_DBG("sk %p", sk); 509 510 if (alen < sizeof(struct sockaddr_sco) || 511 addr->sa_family != AF_BLUETOOTH) 512 return -EINVAL; 513 514 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 515 return -EBADFD; 516 517 if (sk->sk_type != SOCK_SEQPACKET) 518 return -EINVAL; 519 520 lock_sock(sk); 521 522 /* Set destination address and psm */ 523 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr); 524 525 err = sco_connect(sk); 526 if (err) 527 goto done; 528 529 err = bt_sock_wait_state(sk, BT_CONNECTED, 530 sock_sndtimeo(sk, flags & O_NONBLOCK)); 531 532 done: 533 release_sock(sk); 534 return err; 535 } 536 537 static int sco_sock_listen(struct socket *sock, int backlog) 538 { 539 struct sock *sk = sock->sk; 540 int err = 0; 541 542 BT_DBG("sk %p backlog %d", sk, backlog); 543 544 lock_sock(sk); 545 546 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) { 547 err = -EBADFD; 548 goto done; 549 } 550 551 sk->sk_max_ack_backlog = backlog; 552 sk->sk_ack_backlog = 0; 553 sk->sk_state = BT_LISTEN; 554 555 done: 556 release_sock(sk); 557 return err; 558 } 559 560 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 561 { 562 DECLARE_WAITQUEUE(wait, current); 563 struct sock *sk = sock->sk, *ch; 564 long timeo; 565 int err = 0; 566 567 lock_sock(sk); 568 569 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 570 571 BT_DBG("sk %p timeo %ld", sk, timeo); 572 573 /* Wait for an incoming connection. (wake-one). */ 574 add_wait_queue_exclusive(sk_sleep(sk), &wait); 575 while (1) { 576 set_current_state(TASK_INTERRUPTIBLE); 577 578 if (sk->sk_state != BT_LISTEN) { 579 err = -EBADFD; 580 break; 581 } 582 583 ch = bt_accept_dequeue(sk, newsock); 584 if (ch) 585 break; 586 587 if (!timeo) { 588 err = -EAGAIN; 589 break; 590 } 591 592 if (signal_pending(current)) { 593 err = sock_intr_errno(timeo); 594 break; 595 } 596 597 release_sock(sk); 598 timeo = schedule_timeout(timeo); 599 lock_sock(sk); 600 } 601 __set_current_state(TASK_RUNNING); 602 remove_wait_queue(sk_sleep(sk), &wait); 603 604 if (err) 605 goto done; 606 607 newsock->state = SS_CONNECTED; 608 609 BT_DBG("new socket %p", ch); 610 611 done: 612 release_sock(sk); 613 return err; 614 } 615 616 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 617 { 618 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 619 struct sock *sk = sock->sk; 620 621 BT_DBG("sock %p, sk %p", sock, sk); 622 623 addr->sa_family = AF_BLUETOOTH; 624 *len = sizeof(struct sockaddr_sco); 625 626 if (peer) 627 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst); 628 else 629 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src); 630 631 return 0; 632 } 633 634 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 635 struct msghdr *msg, size_t len) 636 { 637 struct sock *sk = sock->sk; 638 int err; 639 640 BT_DBG("sock %p, sk %p", sock, sk); 641 642 err = sock_error(sk); 643 if (err) 644 return err; 645 646 if (msg->msg_flags & MSG_OOB) 647 return -EOPNOTSUPP; 648 649 lock_sock(sk); 650 651 if (sk->sk_state == BT_CONNECTED) 652 err = sco_send_frame(sk, msg, len); 653 else 654 err = -ENOTCONN; 655 656 release_sock(sk); 657 return err; 658 } 659 660 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 661 { 662 struct sock *sk = sock->sk; 663 int err = 0; 664 665 BT_DBG("sk %p", sk); 666 667 lock_sock(sk); 668 669 switch (optname) { 670 default: 671 err = -ENOPROTOOPT; 672 break; 673 } 674 675 release_sock(sk); 676 return err; 677 } 678 679 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 680 { 681 struct sock *sk = sock->sk; 682 struct sco_options opts; 683 struct sco_conninfo cinfo; 684 int len, err = 0; 685 686 BT_DBG("sk %p", sk); 687 688 if (get_user(len, optlen)) 689 return -EFAULT; 690 691 lock_sock(sk); 692 693 switch (optname) { 694 case SCO_OPTIONS: 695 if (sk->sk_state != BT_CONNECTED) { 696 err = -ENOTCONN; 697 break; 698 } 699 700 opts.mtu = sco_pi(sk)->conn->mtu; 701 702 BT_DBG("mtu %d", opts.mtu); 703 704 len = min_t(unsigned int, len, sizeof(opts)); 705 if (copy_to_user(optval, (char *)&opts, len)) 706 err = -EFAULT; 707 708 break; 709 710 case SCO_CONNINFO: 711 if (sk->sk_state != BT_CONNECTED) { 712 err = -ENOTCONN; 713 break; 714 } 715 716 memset(&cinfo, 0, sizeof(cinfo)); 717 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 718 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 719 720 len = min_t(unsigned int, len, sizeof(cinfo)); 721 if (copy_to_user(optval, (char *)&cinfo, len)) 722 err = -EFAULT; 723 724 break; 725 726 default: 727 err = -ENOPROTOOPT; 728 break; 729 } 730 731 release_sock(sk); 732 return err; 733 } 734 735 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 736 { 737 struct sock *sk = sock->sk; 738 int len, err = 0; 739 740 BT_DBG("sk %p", sk); 741 742 if (level == SOL_SCO) 743 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 744 745 if (get_user(len, optlen)) 746 return -EFAULT; 747 748 lock_sock(sk); 749 750 switch (optname) { 751 default: 752 err = -ENOPROTOOPT; 753 break; 754 } 755 756 release_sock(sk); 757 return err; 758 } 759 760 static int sco_sock_shutdown(struct socket *sock, int how) 761 { 762 struct sock *sk = sock->sk; 763 int err = 0; 764 765 BT_DBG("sock %p, sk %p", sock, sk); 766 767 if (!sk) 768 return 0; 769 770 lock_sock(sk); 771 if (!sk->sk_shutdown) { 772 sk->sk_shutdown = SHUTDOWN_MASK; 773 sco_sock_clear_timer(sk); 774 __sco_sock_close(sk); 775 776 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 777 err = bt_sock_wait_state(sk, BT_CLOSED, 778 sk->sk_lingertime); 779 } 780 release_sock(sk); 781 return err; 782 } 783 784 static int sco_sock_release(struct socket *sock) 785 { 786 struct sock *sk = sock->sk; 787 int err = 0; 788 789 BT_DBG("sock %p, sk %p", sock, sk); 790 791 if (!sk) 792 return 0; 793 794 sco_sock_close(sk); 795 796 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) { 797 lock_sock(sk); 798 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 799 release_sock(sk); 800 } 801 802 sock_orphan(sk); 803 sco_sock_kill(sk); 804 return err; 805 } 806 807 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 808 { 809 BT_DBG("conn %p", conn); 810 811 sco_pi(sk)->conn = conn; 812 conn->sk = sk; 813 814 if (parent) 815 bt_accept_enqueue(parent, sk); 816 } 817 818 /* Delete channel. 819 * Must be called on the locked socket. */ 820 static void sco_chan_del(struct sock *sk, int err) 821 { 822 struct sco_conn *conn; 823 824 conn = sco_pi(sk)->conn; 825 826 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 827 828 if (conn) { 829 sco_conn_lock(conn); 830 conn->sk = NULL; 831 sco_pi(sk)->conn = NULL; 832 sco_conn_unlock(conn); 833 834 if (conn->hcon) 835 hci_conn_put(conn->hcon); 836 } 837 838 sk->sk_state = BT_CLOSED; 839 sk->sk_err = err; 840 sk->sk_state_change(sk); 841 842 sock_set_flag(sk, SOCK_ZAPPED); 843 } 844 845 static void sco_conn_ready(struct sco_conn *conn) 846 { 847 struct sock *parent; 848 struct sock *sk = conn->sk; 849 850 BT_DBG("conn %p", conn); 851 852 sco_conn_lock(conn); 853 854 if (sk) { 855 sco_sock_clear_timer(sk); 856 bh_lock_sock(sk); 857 sk->sk_state = BT_CONNECTED; 858 sk->sk_state_change(sk); 859 bh_unlock_sock(sk); 860 } else { 861 parent = sco_get_sock_listen(conn->src); 862 if (!parent) 863 goto done; 864 865 bh_lock_sock(parent); 866 867 sk = sco_sock_alloc(sock_net(parent), NULL, 868 BTPROTO_SCO, GFP_ATOMIC); 869 if (!sk) { 870 bh_unlock_sock(parent); 871 goto done; 872 } 873 874 sco_sock_init(sk, parent); 875 876 bacpy(&bt_sk(sk)->src, conn->src); 877 bacpy(&bt_sk(sk)->dst, conn->dst); 878 879 hci_conn_hold(conn->hcon); 880 __sco_chan_add(conn, sk, parent); 881 882 sk->sk_state = BT_CONNECTED; 883 884 /* Wake up parent */ 885 parent->sk_data_ready(parent, 1); 886 887 bh_unlock_sock(parent); 888 } 889 890 done: 891 sco_conn_unlock(conn); 892 } 893 894 /* ----- SCO interface with lower layer (HCI) ----- */ 895 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr) 896 { 897 register struct sock *sk; 898 struct hlist_node *node; 899 int lm = 0; 900 901 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 902 903 /* Find listening sockets */ 904 read_lock(&sco_sk_list.lock); 905 sk_for_each(sk, node, &sco_sk_list.head) { 906 if (sk->sk_state != BT_LISTEN) 907 continue; 908 909 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || 910 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 911 lm |= HCI_LM_ACCEPT; 912 break; 913 } 914 } 915 read_unlock(&sco_sk_list.lock); 916 917 return lm; 918 } 919 920 int sco_connect_cfm(struct hci_conn *hcon, __u8 status) 921 { 922 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 923 if (!status) { 924 struct sco_conn *conn; 925 926 conn = sco_conn_add(hcon, status); 927 if (conn) 928 sco_conn_ready(conn); 929 } else 930 sco_conn_del(hcon, bt_to_errno(status)); 931 932 return 0; 933 } 934 935 int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 936 { 937 BT_DBG("hcon %p reason %d", hcon, reason); 938 939 sco_conn_del(hcon, bt_to_errno(reason)); 940 return 0; 941 } 942 943 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 944 { 945 struct sco_conn *conn = hcon->sco_data; 946 947 if (!conn) 948 goto drop; 949 950 BT_DBG("conn %p len %d", conn, skb->len); 951 952 if (skb->len) { 953 sco_recv_frame(conn, skb); 954 return 0; 955 } 956 957 drop: 958 kfree_skb(skb); 959 return 0; 960 } 961 962 static int sco_debugfs_show(struct seq_file *f, void *p) 963 { 964 struct sock *sk; 965 struct hlist_node *node; 966 967 read_lock(&sco_sk_list.lock); 968 969 sk_for_each(sk, node, &sco_sk_list.head) { 970 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), 971 batostr(&bt_sk(sk)->dst), sk->sk_state); 972 } 973 974 read_unlock(&sco_sk_list.lock); 975 976 return 0; 977 } 978 979 static int sco_debugfs_open(struct inode *inode, struct file *file) 980 { 981 return single_open(file, sco_debugfs_show, inode->i_private); 982 } 983 984 static const struct file_operations sco_debugfs_fops = { 985 .open = sco_debugfs_open, 986 .read = seq_read, 987 .llseek = seq_lseek, 988 .release = single_release, 989 }; 990 991 static struct dentry *sco_debugfs; 992 993 static const struct proto_ops sco_sock_ops = { 994 .family = PF_BLUETOOTH, 995 .owner = THIS_MODULE, 996 .release = sco_sock_release, 997 .bind = sco_sock_bind, 998 .connect = sco_sock_connect, 999 .listen = sco_sock_listen, 1000 .accept = sco_sock_accept, 1001 .getname = sco_sock_getname, 1002 .sendmsg = sco_sock_sendmsg, 1003 .recvmsg = bt_sock_recvmsg, 1004 .poll = bt_sock_poll, 1005 .ioctl = bt_sock_ioctl, 1006 .mmap = sock_no_mmap, 1007 .socketpair = sock_no_socketpair, 1008 .shutdown = sco_sock_shutdown, 1009 .setsockopt = sco_sock_setsockopt, 1010 .getsockopt = sco_sock_getsockopt 1011 }; 1012 1013 static const struct net_proto_family sco_sock_family_ops = { 1014 .family = PF_BLUETOOTH, 1015 .owner = THIS_MODULE, 1016 .create = sco_sock_create, 1017 }; 1018 1019 int __init sco_init(void) 1020 { 1021 int err; 1022 1023 err = proto_register(&sco_proto, 0); 1024 if (err < 0) 1025 return err; 1026 1027 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1028 if (err < 0) { 1029 BT_ERR("SCO socket registration failed"); 1030 goto error; 1031 } 1032 1033 if (bt_debugfs) { 1034 sco_debugfs = debugfs_create_file("sco", 0444, 1035 bt_debugfs, NULL, &sco_debugfs_fops); 1036 if (!sco_debugfs) 1037 BT_ERR("Failed to create SCO debug file"); 1038 } 1039 1040 BT_INFO("SCO socket layer initialized"); 1041 1042 return 0; 1043 1044 error: 1045 proto_unregister(&sco_proto); 1046 return err; 1047 } 1048 1049 void __exit sco_exit(void) 1050 { 1051 debugfs_remove(sco_debugfs); 1052 1053 if (bt_sock_unregister(BTPROTO_SCO) < 0) 1054 BT_ERR("SCO socket unregistration failed"); 1055 1056 proto_unregister(&sco_proto); 1057 } 1058 1059 module_param(disable_esco, bool, 0644); 1060 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1061