1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 __u8 cmsg_mask; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_sock_timeout(struct work_struct *work) 81 { 82 struct sco_conn *conn = container_of(work, struct sco_conn, 83 timeout_work.work); 84 struct sock *sk; 85 86 sco_conn_lock(conn); 87 sk = conn->sk; 88 if (sk) 89 sock_hold(sk); 90 sco_conn_unlock(conn); 91 92 if (!sk) 93 return; 94 95 BT_DBG("sock %p state %d", sk, sk->sk_state); 96 97 lock_sock(sk); 98 sk->sk_err = ETIMEDOUT; 99 sk->sk_state_change(sk); 100 release_sock(sk); 101 sock_put(sk); 102 } 103 104 static void sco_sock_set_timer(struct sock *sk, long timeout) 105 { 106 if (!sco_pi(sk)->conn) 107 return; 108 109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 112 } 113 114 static void sco_sock_clear_timer(struct sock *sk) 115 { 116 if (!sco_pi(sk)->conn) 117 return; 118 119 BT_DBG("sock %p state %d", sk, sk->sk_state); 120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 121 } 122 123 /* ---- SCO connections ---- */ 124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 125 { 126 struct hci_dev *hdev = hcon->hdev; 127 struct sco_conn *conn = hcon->sco_data; 128 129 if (conn) 130 return conn; 131 132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 133 if (!conn) 134 return NULL; 135 136 spin_lock_init(&conn->lock); 137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 138 139 hcon->sco_data = conn; 140 conn->hcon = hcon; 141 142 if (hdev->sco_mtu > 0) 143 conn->mtu = hdev->sco_mtu; 144 else 145 conn->mtu = 60; 146 147 BT_DBG("hcon %p conn %p", hcon, conn); 148 149 return conn; 150 } 151 152 /* Delete channel. 153 * Must be called on the locked socket. */ 154 static void sco_chan_del(struct sock *sk, int err) 155 { 156 struct sco_conn *conn; 157 158 conn = sco_pi(sk)->conn; 159 160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 161 162 if (conn) { 163 sco_conn_lock(conn); 164 conn->sk = NULL; 165 sco_pi(sk)->conn = NULL; 166 sco_conn_unlock(conn); 167 168 if (conn->hcon) 169 hci_conn_drop(conn->hcon); 170 } 171 172 sk->sk_state = BT_CLOSED; 173 sk->sk_err = err; 174 sk->sk_state_change(sk); 175 176 sock_set_flag(sk, SOCK_ZAPPED); 177 } 178 179 static void sco_conn_del(struct hci_conn *hcon, int err) 180 { 181 struct sco_conn *conn = hcon->sco_data; 182 struct sock *sk; 183 184 if (!conn) 185 return; 186 187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 188 189 /* Kill socket */ 190 sco_conn_lock(conn); 191 sk = conn->sk; 192 if (sk) 193 sock_hold(sk); 194 sco_conn_unlock(conn); 195 196 if (sk) { 197 lock_sock(sk); 198 sco_sock_clear_timer(sk); 199 sco_chan_del(sk, err); 200 release_sock(sk); 201 sock_put(sk); 202 } 203 204 /* Ensure no more work items will run before freeing conn. */ 205 cancel_delayed_work_sync(&conn->timeout_work); 206 207 hcon->sco_data = NULL; 208 kfree(conn); 209 } 210 211 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 212 struct sock *parent) 213 { 214 BT_DBG("conn %p", conn); 215 216 sco_pi(sk)->conn = conn; 217 conn->sk = sk; 218 219 if (parent) 220 bt_accept_enqueue(parent, sk, true); 221 } 222 223 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 224 struct sock *parent) 225 { 226 int err = 0; 227 228 sco_conn_lock(conn); 229 if (conn->sk) 230 err = -EBUSY; 231 else 232 __sco_chan_add(conn, sk, parent); 233 234 sco_conn_unlock(conn); 235 return err; 236 } 237 238 static int sco_connect(struct sock *sk) 239 { 240 struct sco_conn *conn; 241 struct hci_conn *hcon; 242 struct hci_dev *hdev; 243 int err, type; 244 245 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 246 247 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 248 if (!hdev) 249 return -EHOSTUNREACH; 250 251 hci_dev_lock(hdev); 252 253 if (lmp_esco_capable(hdev) && !disable_esco) 254 type = ESCO_LINK; 255 else 256 type = SCO_LINK; 257 258 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 259 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 260 err = -EOPNOTSUPP; 261 goto unlock; 262 } 263 264 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 265 sco_pi(sk)->setting, &sco_pi(sk)->codec); 266 if (IS_ERR(hcon)) { 267 err = PTR_ERR(hcon); 268 goto unlock; 269 } 270 271 hci_dev_unlock(hdev); 272 hci_dev_put(hdev); 273 274 conn = sco_conn_add(hcon); 275 if (!conn) { 276 hci_conn_drop(hcon); 277 return -ENOMEM; 278 } 279 280 err = sco_chan_add(conn, sk, NULL); 281 if (err) 282 return err; 283 284 lock_sock(sk); 285 286 /* Update source addr of the socket */ 287 bacpy(&sco_pi(sk)->src, &hcon->src); 288 289 if (hcon->state == BT_CONNECTED) { 290 sco_sock_clear_timer(sk); 291 sk->sk_state = BT_CONNECTED; 292 } else { 293 sk->sk_state = BT_CONNECT; 294 sco_sock_set_timer(sk, sk->sk_sndtimeo); 295 } 296 297 release_sock(sk); 298 299 return err; 300 301 unlock: 302 hci_dev_unlock(hdev); 303 hci_dev_put(hdev); 304 return err; 305 } 306 307 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 308 { 309 struct sco_conn *conn = sco_pi(sk)->conn; 310 int len = skb->len; 311 312 /* Check outgoing MTU */ 313 if (len > conn->mtu) 314 return -EINVAL; 315 316 BT_DBG("sk %p len %d", sk, len); 317 318 hci_send_sco(conn->hcon, skb); 319 320 return len; 321 } 322 323 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 324 { 325 struct sock *sk; 326 327 sco_conn_lock(conn); 328 sk = conn->sk; 329 sco_conn_unlock(conn); 330 331 if (!sk) 332 goto drop; 333 334 BT_DBG("sk %p len %u", sk, skb->len); 335 336 if (sk->sk_state != BT_CONNECTED) 337 goto drop; 338 339 if (!sock_queue_rcv_skb(sk, skb)) 340 return; 341 342 drop: 343 kfree_skb(skb); 344 } 345 346 /* -------- Socket interface ---------- */ 347 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 348 { 349 struct sock *sk; 350 351 sk_for_each(sk, &sco_sk_list.head) { 352 if (sk->sk_state != BT_LISTEN) 353 continue; 354 355 if (!bacmp(&sco_pi(sk)->src, ba)) 356 return sk; 357 } 358 359 return NULL; 360 } 361 362 /* Find socket listening on source bdaddr. 363 * Returns closest match. 364 */ 365 static struct sock *sco_get_sock_listen(bdaddr_t *src) 366 { 367 struct sock *sk = NULL, *sk1 = NULL; 368 369 read_lock(&sco_sk_list.lock); 370 371 sk_for_each(sk, &sco_sk_list.head) { 372 if (sk->sk_state != BT_LISTEN) 373 continue; 374 375 /* Exact match. */ 376 if (!bacmp(&sco_pi(sk)->src, src)) 377 break; 378 379 /* Closest match */ 380 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 381 sk1 = sk; 382 } 383 384 read_unlock(&sco_sk_list.lock); 385 386 return sk ? sk : sk1; 387 } 388 389 static void sco_sock_destruct(struct sock *sk) 390 { 391 BT_DBG("sk %p", sk); 392 393 skb_queue_purge(&sk->sk_receive_queue); 394 skb_queue_purge(&sk->sk_write_queue); 395 } 396 397 static void sco_sock_cleanup_listen(struct sock *parent) 398 { 399 struct sock *sk; 400 401 BT_DBG("parent %p", parent); 402 403 /* Close not yet accepted channels */ 404 while ((sk = bt_accept_dequeue(parent, NULL))) { 405 sco_sock_close(sk); 406 sco_sock_kill(sk); 407 } 408 409 parent->sk_state = BT_CLOSED; 410 sock_set_flag(parent, SOCK_ZAPPED); 411 } 412 413 /* Kill socket (only if zapped and orphan) 414 * Must be called on unlocked socket. 415 */ 416 static void sco_sock_kill(struct sock *sk) 417 { 418 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 419 return; 420 421 BT_DBG("sk %p state %d", sk, sk->sk_state); 422 423 /* Kill poor orphan */ 424 bt_sock_unlink(&sco_sk_list, sk); 425 sock_set_flag(sk, SOCK_DEAD); 426 sock_put(sk); 427 } 428 429 static void __sco_sock_close(struct sock *sk) 430 { 431 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 432 433 switch (sk->sk_state) { 434 case BT_LISTEN: 435 sco_sock_cleanup_listen(sk); 436 break; 437 438 case BT_CONNECTED: 439 case BT_CONFIG: 440 if (sco_pi(sk)->conn->hcon) { 441 sk->sk_state = BT_DISCONN; 442 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 443 sco_conn_lock(sco_pi(sk)->conn); 444 hci_conn_drop(sco_pi(sk)->conn->hcon); 445 sco_pi(sk)->conn->hcon = NULL; 446 sco_conn_unlock(sco_pi(sk)->conn); 447 } else 448 sco_chan_del(sk, ECONNRESET); 449 break; 450 451 case BT_CONNECT2: 452 case BT_CONNECT: 453 case BT_DISCONN: 454 sco_chan_del(sk, ECONNRESET); 455 break; 456 457 default: 458 sock_set_flag(sk, SOCK_ZAPPED); 459 break; 460 } 461 462 } 463 464 /* Must be called on unlocked socket. */ 465 static void sco_sock_close(struct sock *sk) 466 { 467 lock_sock(sk); 468 sco_sock_clear_timer(sk); 469 __sco_sock_close(sk); 470 release_sock(sk); 471 } 472 473 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, 474 struct sock *sk) 475 { 476 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) 477 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, 478 sizeof(bt_cb(skb)->sco.pkt_status), 479 &bt_cb(skb)->sco.pkt_status); 480 } 481 482 static void sco_sock_init(struct sock *sk, struct sock *parent) 483 { 484 BT_DBG("sk %p", sk); 485 486 if (parent) { 487 sk->sk_type = parent->sk_type; 488 bt_sk(sk)->flags = bt_sk(parent)->flags; 489 security_sk_clone(parent, sk); 490 } else { 491 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 492 } 493 } 494 495 static struct proto sco_proto = { 496 .name = "SCO", 497 .owner = THIS_MODULE, 498 .obj_size = sizeof(struct sco_pinfo) 499 }; 500 501 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 502 int proto, gfp_t prio, int kern) 503 { 504 struct sock *sk; 505 506 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 507 if (!sk) 508 return NULL; 509 510 sock_init_data(sock, sk); 511 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 512 513 sk->sk_destruct = sco_sock_destruct; 514 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 515 516 sock_reset_flag(sk, SOCK_ZAPPED); 517 518 sk->sk_protocol = proto; 519 sk->sk_state = BT_OPEN; 520 521 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 522 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 523 sco_pi(sk)->codec.cid = 0xffff; 524 sco_pi(sk)->codec.vid = 0xffff; 525 sco_pi(sk)->codec.data_path = 0x00; 526 527 bt_sock_link(&sco_sk_list, sk); 528 return sk; 529 } 530 531 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 532 int kern) 533 { 534 struct sock *sk; 535 536 BT_DBG("sock %p", sock); 537 538 sock->state = SS_UNCONNECTED; 539 540 if (sock->type != SOCK_SEQPACKET) 541 return -ESOCKTNOSUPPORT; 542 543 sock->ops = &sco_sock_ops; 544 545 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 546 if (!sk) 547 return -ENOMEM; 548 549 sco_sock_init(sk, NULL); 550 return 0; 551 } 552 553 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 554 int addr_len) 555 { 556 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 557 struct sock *sk = sock->sk; 558 int err = 0; 559 560 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 561 addr->sa_family != AF_BLUETOOTH) 562 return -EINVAL; 563 564 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 565 566 lock_sock(sk); 567 568 if (sk->sk_state != BT_OPEN) { 569 err = -EBADFD; 570 goto done; 571 } 572 573 if (sk->sk_type != SOCK_SEQPACKET) { 574 err = -EINVAL; 575 goto done; 576 } 577 578 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 579 580 sk->sk_state = BT_BOUND; 581 582 done: 583 release_sock(sk); 584 return err; 585 } 586 587 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 588 { 589 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 590 struct sock *sk = sock->sk; 591 int err; 592 593 BT_DBG("sk %p", sk); 594 595 if (alen < sizeof(struct sockaddr_sco) || 596 addr->sa_family != AF_BLUETOOTH) 597 return -EINVAL; 598 599 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 600 return -EBADFD; 601 602 if (sk->sk_type != SOCK_SEQPACKET) 603 err = -EINVAL; 604 605 lock_sock(sk); 606 /* Set destination address and psm */ 607 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 608 release_sock(sk); 609 610 err = sco_connect(sk); 611 if (err) 612 return err; 613 614 lock_sock(sk); 615 616 err = bt_sock_wait_state(sk, BT_CONNECTED, 617 sock_sndtimeo(sk, flags & O_NONBLOCK)); 618 619 release_sock(sk); 620 return err; 621 } 622 623 static int sco_sock_listen(struct socket *sock, int backlog) 624 { 625 struct sock *sk = sock->sk; 626 bdaddr_t *src = &sco_pi(sk)->src; 627 int err = 0; 628 629 BT_DBG("sk %p backlog %d", sk, backlog); 630 631 lock_sock(sk); 632 633 if (sk->sk_state != BT_BOUND) { 634 err = -EBADFD; 635 goto done; 636 } 637 638 if (sk->sk_type != SOCK_SEQPACKET) { 639 err = -EINVAL; 640 goto done; 641 } 642 643 write_lock(&sco_sk_list.lock); 644 645 if (__sco_get_sock_listen_by_addr(src)) { 646 err = -EADDRINUSE; 647 goto unlock; 648 } 649 650 sk->sk_max_ack_backlog = backlog; 651 sk->sk_ack_backlog = 0; 652 653 sk->sk_state = BT_LISTEN; 654 655 unlock: 656 write_unlock(&sco_sk_list.lock); 657 658 done: 659 release_sock(sk); 660 return err; 661 } 662 663 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 664 int flags, bool kern) 665 { 666 DEFINE_WAIT_FUNC(wait, woken_wake_function); 667 struct sock *sk = sock->sk, *ch; 668 long timeo; 669 int err = 0; 670 671 lock_sock(sk); 672 673 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 674 675 BT_DBG("sk %p timeo %ld", sk, timeo); 676 677 /* Wait for an incoming connection. (wake-one). */ 678 add_wait_queue_exclusive(sk_sleep(sk), &wait); 679 while (1) { 680 if (sk->sk_state != BT_LISTEN) { 681 err = -EBADFD; 682 break; 683 } 684 685 ch = bt_accept_dequeue(sk, newsock); 686 if (ch) 687 break; 688 689 if (!timeo) { 690 err = -EAGAIN; 691 break; 692 } 693 694 if (signal_pending(current)) { 695 err = sock_intr_errno(timeo); 696 break; 697 } 698 699 release_sock(sk); 700 701 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 702 lock_sock(sk); 703 } 704 remove_wait_queue(sk_sleep(sk), &wait); 705 706 if (err) 707 goto done; 708 709 newsock->state = SS_CONNECTED; 710 711 BT_DBG("new socket %p", ch); 712 713 done: 714 release_sock(sk); 715 return err; 716 } 717 718 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 719 int peer) 720 { 721 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 722 struct sock *sk = sock->sk; 723 724 BT_DBG("sock %p, sk %p", sock, sk); 725 726 addr->sa_family = AF_BLUETOOTH; 727 728 if (peer) 729 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 730 else 731 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 732 733 return sizeof(struct sockaddr_sco); 734 } 735 736 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 737 size_t len) 738 { 739 struct sock *sk = sock->sk; 740 struct sk_buff *skb; 741 int err; 742 743 BT_DBG("sock %p, sk %p", sock, sk); 744 745 err = sock_error(sk); 746 if (err) 747 return err; 748 749 if (msg->msg_flags & MSG_OOB) 750 return -EOPNOTSUPP; 751 752 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 753 if (IS_ERR(skb)) 754 return PTR_ERR(skb); 755 756 lock_sock(sk); 757 758 if (sk->sk_state == BT_CONNECTED) 759 err = sco_send_frame(sk, skb); 760 else 761 err = -ENOTCONN; 762 763 release_sock(sk); 764 765 if (err < 0) 766 kfree_skb(skb); 767 return err; 768 } 769 770 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 771 { 772 struct hci_dev *hdev = conn->hdev; 773 774 BT_DBG("conn %p", conn); 775 776 conn->state = BT_CONFIG; 777 778 if (!lmp_esco_capable(hdev)) { 779 struct hci_cp_accept_conn_req cp; 780 781 bacpy(&cp.bdaddr, &conn->dst); 782 cp.role = 0x00; /* Ignored */ 783 784 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 785 } else { 786 struct hci_cp_accept_sync_conn_req cp; 787 788 bacpy(&cp.bdaddr, &conn->dst); 789 cp.pkt_type = cpu_to_le16(conn->pkt_type); 790 791 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 792 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 793 cp.content_format = cpu_to_le16(setting); 794 795 switch (setting & SCO_AIRMODE_MASK) { 796 case SCO_AIRMODE_TRANSP: 797 if (conn->pkt_type & ESCO_2EV3) 798 cp.max_latency = cpu_to_le16(0x0008); 799 else 800 cp.max_latency = cpu_to_le16(0x000D); 801 cp.retrans_effort = 0x02; 802 break; 803 case SCO_AIRMODE_CVSD: 804 cp.max_latency = cpu_to_le16(0xffff); 805 cp.retrans_effort = 0xff; 806 break; 807 default: 808 /* use CVSD settings as fallback */ 809 cp.max_latency = cpu_to_le16(0xffff); 810 cp.retrans_effort = 0xff; 811 break; 812 } 813 814 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 815 sizeof(cp), &cp); 816 } 817 } 818 819 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 820 size_t len, int flags) 821 { 822 struct sock *sk = sock->sk; 823 struct sco_pinfo *pi = sco_pi(sk); 824 825 lock_sock(sk); 826 827 if (sk->sk_state == BT_CONNECT2 && 828 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 829 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 830 sk->sk_state = BT_CONFIG; 831 832 release_sock(sk); 833 return 0; 834 } 835 836 release_sock(sk); 837 838 return bt_sock_recvmsg(sock, msg, len, flags); 839 } 840 841 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 842 sockptr_t optval, unsigned int optlen) 843 { 844 struct sock *sk = sock->sk; 845 int len, err = 0; 846 struct bt_voice voice; 847 u32 opt; 848 struct bt_codecs *codecs; 849 struct hci_dev *hdev; 850 __u8 buffer[255]; 851 852 BT_DBG("sk %p", sk); 853 854 lock_sock(sk); 855 856 switch (optname) { 857 858 case BT_DEFER_SETUP: 859 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 860 err = -EINVAL; 861 break; 862 } 863 864 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 865 err = -EFAULT; 866 break; 867 } 868 869 if (opt) 870 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 871 else 872 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 873 break; 874 875 case BT_VOICE: 876 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 877 sk->sk_state != BT_CONNECT2) { 878 err = -EINVAL; 879 break; 880 } 881 882 voice.setting = sco_pi(sk)->setting; 883 884 len = min_t(unsigned int, sizeof(voice), optlen); 885 if (copy_from_sockptr(&voice, optval, len)) { 886 err = -EFAULT; 887 break; 888 } 889 890 /* Explicitly check for these values */ 891 if (voice.setting != BT_VOICE_TRANSPARENT && 892 voice.setting != BT_VOICE_CVSD_16BIT) { 893 err = -EINVAL; 894 break; 895 } 896 897 sco_pi(sk)->setting = voice.setting; 898 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 899 BDADDR_BREDR); 900 if (!hdev) { 901 err = -EBADFD; 902 break; 903 } 904 if (enhanced_sync_conn_capable(hdev) && 905 voice.setting == BT_VOICE_TRANSPARENT) 906 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 907 hci_dev_put(hdev); 908 break; 909 910 case BT_PKT_STATUS: 911 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 912 err = -EFAULT; 913 break; 914 } 915 916 if (opt) 917 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 918 else 919 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 920 break; 921 922 case BT_CODEC: 923 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 924 sk->sk_state != BT_CONNECT2) { 925 err = -EINVAL; 926 break; 927 } 928 929 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 930 BDADDR_BREDR); 931 if (!hdev) { 932 err = -EBADFD; 933 break; 934 } 935 936 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 937 hci_dev_put(hdev); 938 err = -EOPNOTSUPP; 939 break; 940 } 941 942 if (!hdev->get_data_path_id) { 943 hci_dev_put(hdev); 944 err = -EOPNOTSUPP; 945 break; 946 } 947 948 if (optlen < sizeof(struct bt_codecs) || 949 optlen > sizeof(buffer)) { 950 hci_dev_put(hdev); 951 err = -EINVAL; 952 break; 953 } 954 955 if (copy_from_sockptr(buffer, optval, optlen)) { 956 hci_dev_put(hdev); 957 err = -EFAULT; 958 break; 959 } 960 961 codecs = (void *)buffer; 962 963 if (codecs->num_codecs > 1) { 964 hci_dev_put(hdev); 965 err = -EINVAL; 966 break; 967 } 968 969 sco_pi(sk)->codec = codecs->codecs[0]; 970 hci_dev_put(hdev); 971 break; 972 973 default: 974 err = -ENOPROTOOPT; 975 break; 976 } 977 978 release_sock(sk); 979 return err; 980 } 981 982 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 983 char __user *optval, int __user *optlen) 984 { 985 struct sock *sk = sock->sk; 986 struct sco_options opts; 987 struct sco_conninfo cinfo; 988 int len, err = 0; 989 990 BT_DBG("sk %p", sk); 991 992 if (get_user(len, optlen)) 993 return -EFAULT; 994 995 lock_sock(sk); 996 997 switch (optname) { 998 case SCO_OPTIONS: 999 if (sk->sk_state != BT_CONNECTED && 1000 !(sk->sk_state == BT_CONNECT2 && 1001 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1002 err = -ENOTCONN; 1003 break; 1004 } 1005 1006 opts.mtu = sco_pi(sk)->conn->mtu; 1007 1008 BT_DBG("mtu %u", opts.mtu); 1009 1010 len = min_t(unsigned int, len, sizeof(opts)); 1011 if (copy_to_user(optval, (char *)&opts, len)) 1012 err = -EFAULT; 1013 1014 break; 1015 1016 case SCO_CONNINFO: 1017 if (sk->sk_state != BT_CONNECTED && 1018 !(sk->sk_state == BT_CONNECT2 && 1019 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1020 err = -ENOTCONN; 1021 break; 1022 } 1023 1024 memset(&cinfo, 0, sizeof(cinfo)); 1025 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1026 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1027 1028 len = min_t(unsigned int, len, sizeof(cinfo)); 1029 if (copy_to_user(optval, (char *)&cinfo, len)) 1030 err = -EFAULT; 1031 1032 break; 1033 1034 default: 1035 err = -ENOPROTOOPT; 1036 break; 1037 } 1038 1039 release_sock(sk); 1040 return err; 1041 } 1042 1043 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1044 char __user *optval, int __user *optlen) 1045 { 1046 struct sock *sk = sock->sk; 1047 int len, err = 0; 1048 struct bt_voice voice; 1049 u32 phys; 1050 int pkt_status; 1051 int buf_len; 1052 struct codec_list *c; 1053 u8 num_codecs, i, __user *ptr; 1054 struct hci_dev *hdev; 1055 struct hci_codec_caps *caps; 1056 struct bt_codec codec; 1057 1058 BT_DBG("sk %p", sk); 1059 1060 if (level == SOL_SCO) 1061 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1062 1063 if (get_user(len, optlen)) 1064 return -EFAULT; 1065 1066 lock_sock(sk); 1067 1068 switch (optname) { 1069 1070 case BT_DEFER_SETUP: 1071 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1072 err = -EINVAL; 1073 break; 1074 } 1075 1076 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1077 (u32 __user *)optval)) 1078 err = -EFAULT; 1079 1080 break; 1081 1082 case BT_VOICE: 1083 voice.setting = sco_pi(sk)->setting; 1084 1085 len = min_t(unsigned int, len, sizeof(voice)); 1086 if (copy_to_user(optval, (char *)&voice, len)) 1087 err = -EFAULT; 1088 1089 break; 1090 1091 case BT_PHY: 1092 if (sk->sk_state != BT_CONNECTED) { 1093 err = -ENOTCONN; 1094 break; 1095 } 1096 1097 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1098 1099 if (put_user(phys, (u32 __user *) optval)) 1100 err = -EFAULT; 1101 break; 1102 1103 case BT_PKT_STATUS: 1104 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 1105 1106 if (put_user(pkt_status, (int __user *)optval)) 1107 err = -EFAULT; 1108 break; 1109 1110 case BT_SNDMTU: 1111 case BT_RCVMTU: 1112 if (sk->sk_state != BT_CONNECTED) { 1113 err = -ENOTCONN; 1114 break; 1115 } 1116 1117 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1118 err = -EFAULT; 1119 break; 1120 1121 case BT_CODEC: 1122 num_codecs = 0; 1123 buf_len = 0; 1124 1125 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1126 if (!hdev) { 1127 err = -EBADFD; 1128 break; 1129 } 1130 1131 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1132 hci_dev_put(hdev); 1133 err = -EOPNOTSUPP; 1134 break; 1135 } 1136 1137 if (!hdev->get_data_path_id) { 1138 hci_dev_put(hdev); 1139 err = -EOPNOTSUPP; 1140 break; 1141 } 1142 1143 release_sock(sk); 1144 1145 /* find total buffer size required to copy codec + caps */ 1146 hci_dev_lock(hdev); 1147 list_for_each_entry(c, &hdev->local_codecs, list) { 1148 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1149 continue; 1150 num_codecs++; 1151 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1152 buf_len += 1 + caps->len; 1153 caps = (void *)&caps->data[caps->len]; 1154 } 1155 buf_len += sizeof(struct bt_codec); 1156 } 1157 hci_dev_unlock(hdev); 1158 1159 buf_len += sizeof(struct bt_codecs); 1160 if (buf_len > len) { 1161 hci_dev_put(hdev); 1162 return -ENOBUFS; 1163 } 1164 ptr = optval; 1165 1166 if (put_user(num_codecs, ptr)) { 1167 hci_dev_put(hdev); 1168 return -EFAULT; 1169 } 1170 ptr += sizeof(num_codecs); 1171 1172 /* Iterate all the codecs supported over SCO and populate 1173 * codec data 1174 */ 1175 hci_dev_lock(hdev); 1176 list_for_each_entry(c, &hdev->local_codecs, list) { 1177 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1178 continue; 1179 1180 codec.id = c->id; 1181 codec.cid = c->cid; 1182 codec.vid = c->vid; 1183 err = hdev->get_data_path_id(hdev, &codec.data_path); 1184 if (err < 0) 1185 break; 1186 codec.num_caps = c->num_caps; 1187 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1188 err = -EFAULT; 1189 break; 1190 } 1191 ptr += sizeof(codec); 1192 1193 /* find codec capabilities data length */ 1194 len = 0; 1195 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1196 len += 1 + caps->len; 1197 caps = (void *)&caps->data[caps->len]; 1198 } 1199 1200 /* copy codec capabilities data */ 1201 if (len && copy_to_user(ptr, c->caps, len)) { 1202 err = -EFAULT; 1203 break; 1204 } 1205 ptr += len; 1206 } 1207 1208 hci_dev_unlock(hdev); 1209 hci_dev_put(hdev); 1210 1211 lock_sock(sk); 1212 1213 if (!err && put_user(buf_len, optlen)) 1214 err = -EFAULT; 1215 1216 break; 1217 1218 default: 1219 err = -ENOPROTOOPT; 1220 break; 1221 } 1222 1223 release_sock(sk); 1224 return err; 1225 } 1226 1227 static int sco_sock_shutdown(struct socket *sock, int how) 1228 { 1229 struct sock *sk = sock->sk; 1230 int err = 0; 1231 1232 BT_DBG("sock %p, sk %p", sock, sk); 1233 1234 if (!sk) 1235 return 0; 1236 1237 sock_hold(sk); 1238 lock_sock(sk); 1239 1240 if (!sk->sk_shutdown) { 1241 sk->sk_shutdown = SHUTDOWN_MASK; 1242 sco_sock_clear_timer(sk); 1243 __sco_sock_close(sk); 1244 1245 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1246 !(current->flags & PF_EXITING)) 1247 err = bt_sock_wait_state(sk, BT_CLOSED, 1248 sk->sk_lingertime); 1249 } 1250 1251 release_sock(sk); 1252 sock_put(sk); 1253 1254 return err; 1255 } 1256 1257 static int sco_sock_release(struct socket *sock) 1258 { 1259 struct sock *sk = sock->sk; 1260 int err = 0; 1261 1262 BT_DBG("sock %p, sk %p", sock, sk); 1263 1264 if (!sk) 1265 return 0; 1266 1267 sco_sock_close(sk); 1268 1269 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1270 !(current->flags & PF_EXITING)) { 1271 lock_sock(sk); 1272 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1273 release_sock(sk); 1274 } 1275 1276 sock_orphan(sk); 1277 sco_sock_kill(sk); 1278 return err; 1279 } 1280 1281 static void sco_conn_ready(struct sco_conn *conn) 1282 { 1283 struct sock *parent; 1284 struct sock *sk = conn->sk; 1285 1286 BT_DBG("conn %p", conn); 1287 1288 if (sk) { 1289 lock_sock(sk); 1290 sco_sock_clear_timer(sk); 1291 sk->sk_state = BT_CONNECTED; 1292 sk->sk_state_change(sk); 1293 release_sock(sk); 1294 } else { 1295 sco_conn_lock(conn); 1296 1297 if (!conn->hcon) { 1298 sco_conn_unlock(conn); 1299 return; 1300 } 1301 1302 parent = sco_get_sock_listen(&conn->hcon->src); 1303 if (!parent) { 1304 sco_conn_unlock(conn); 1305 return; 1306 } 1307 1308 lock_sock(parent); 1309 1310 sk = sco_sock_alloc(sock_net(parent), NULL, 1311 BTPROTO_SCO, GFP_ATOMIC, 0); 1312 if (!sk) { 1313 release_sock(parent); 1314 sco_conn_unlock(conn); 1315 return; 1316 } 1317 1318 sco_sock_init(sk, parent); 1319 1320 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1321 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1322 1323 hci_conn_hold(conn->hcon); 1324 __sco_chan_add(conn, sk, parent); 1325 1326 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1327 sk->sk_state = BT_CONNECT2; 1328 else 1329 sk->sk_state = BT_CONNECTED; 1330 1331 /* Wake up parent */ 1332 parent->sk_data_ready(parent); 1333 1334 release_sock(parent); 1335 1336 sco_conn_unlock(conn); 1337 } 1338 } 1339 1340 /* ----- SCO interface with lower layer (HCI) ----- */ 1341 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1342 { 1343 struct sock *sk; 1344 int lm = 0; 1345 1346 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1347 1348 /* Find listening sockets */ 1349 read_lock(&sco_sk_list.lock); 1350 sk_for_each(sk, &sco_sk_list.head) { 1351 if (sk->sk_state != BT_LISTEN) 1352 continue; 1353 1354 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1355 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1356 lm |= HCI_LM_ACCEPT; 1357 1358 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1359 *flags |= HCI_PROTO_DEFER; 1360 break; 1361 } 1362 } 1363 read_unlock(&sco_sk_list.lock); 1364 1365 return lm; 1366 } 1367 1368 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1369 { 1370 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1371 return; 1372 1373 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1374 1375 if (!status) { 1376 struct sco_conn *conn; 1377 1378 conn = sco_conn_add(hcon); 1379 if (conn) 1380 sco_conn_ready(conn); 1381 } else 1382 sco_conn_del(hcon, bt_to_errno(status)); 1383 } 1384 1385 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1386 { 1387 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1388 return; 1389 1390 BT_DBG("hcon %p reason %d", hcon, reason); 1391 1392 sco_conn_del(hcon, bt_to_errno(reason)); 1393 } 1394 1395 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1396 { 1397 struct sco_conn *conn = hcon->sco_data; 1398 1399 if (!conn) 1400 goto drop; 1401 1402 BT_DBG("conn %p len %u", conn, skb->len); 1403 1404 if (skb->len) { 1405 sco_recv_frame(conn, skb); 1406 return; 1407 } 1408 1409 drop: 1410 kfree_skb(skb); 1411 } 1412 1413 static struct hci_cb sco_cb = { 1414 .name = "SCO", 1415 .connect_cfm = sco_connect_cfm, 1416 .disconn_cfm = sco_disconn_cfm, 1417 }; 1418 1419 static int sco_debugfs_show(struct seq_file *f, void *p) 1420 { 1421 struct sock *sk; 1422 1423 read_lock(&sco_sk_list.lock); 1424 1425 sk_for_each(sk, &sco_sk_list.head) { 1426 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1427 &sco_pi(sk)->dst, sk->sk_state); 1428 } 1429 1430 read_unlock(&sco_sk_list.lock); 1431 1432 return 0; 1433 } 1434 1435 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1436 1437 static struct dentry *sco_debugfs; 1438 1439 static const struct proto_ops sco_sock_ops = { 1440 .family = PF_BLUETOOTH, 1441 .owner = THIS_MODULE, 1442 .release = sco_sock_release, 1443 .bind = sco_sock_bind, 1444 .connect = sco_sock_connect, 1445 .listen = sco_sock_listen, 1446 .accept = sco_sock_accept, 1447 .getname = sco_sock_getname, 1448 .sendmsg = sco_sock_sendmsg, 1449 .recvmsg = sco_sock_recvmsg, 1450 .poll = bt_sock_poll, 1451 .ioctl = bt_sock_ioctl, 1452 .gettstamp = sock_gettstamp, 1453 .mmap = sock_no_mmap, 1454 .socketpair = sock_no_socketpair, 1455 .shutdown = sco_sock_shutdown, 1456 .setsockopt = sco_sock_setsockopt, 1457 .getsockopt = sco_sock_getsockopt 1458 }; 1459 1460 static const struct net_proto_family sco_sock_family_ops = { 1461 .family = PF_BLUETOOTH, 1462 .owner = THIS_MODULE, 1463 .create = sco_sock_create, 1464 }; 1465 1466 int __init sco_init(void) 1467 { 1468 int err; 1469 1470 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1471 1472 err = proto_register(&sco_proto, 0); 1473 if (err < 0) 1474 return err; 1475 1476 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1477 if (err < 0) { 1478 BT_ERR("SCO socket registration failed"); 1479 goto error; 1480 } 1481 1482 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1483 if (err < 0) { 1484 BT_ERR("Failed to create SCO proc file"); 1485 bt_sock_unregister(BTPROTO_SCO); 1486 goto error; 1487 } 1488 1489 BT_INFO("SCO socket layer initialized"); 1490 1491 hci_register_cb(&sco_cb); 1492 1493 if (IS_ERR_OR_NULL(bt_debugfs)) 1494 return 0; 1495 1496 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1497 NULL, &sco_debugfs_fops); 1498 1499 return 0; 1500 1501 error: 1502 proto_unregister(&sco_proto); 1503 return err; 1504 } 1505 1506 void sco_exit(void) 1507 { 1508 bt_procfs_cleanup(&init_net, "sco"); 1509 1510 debugfs_remove(sco_debugfs); 1511 1512 hci_unregister_cb(&sco_cb); 1513 1514 bt_sock_unregister(BTPROTO_SCO); 1515 1516 proto_unregister(&sco_proto); 1517 } 1518 1519 module_param(disable_esco, bool, 0644); 1520 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1521