1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 __u8 cmsg_mask; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_sock_timeout(struct work_struct *work) 81 { 82 struct sco_conn *conn = container_of(work, struct sco_conn, 83 timeout_work.work); 84 struct sock *sk; 85 86 sco_conn_lock(conn); 87 sk = conn->sk; 88 if (sk) 89 sock_hold(sk); 90 sco_conn_unlock(conn); 91 92 if (!sk) 93 return; 94 95 BT_DBG("sock %p state %d", sk, sk->sk_state); 96 97 lock_sock(sk); 98 sk->sk_err = ETIMEDOUT; 99 sk->sk_state_change(sk); 100 release_sock(sk); 101 sock_put(sk); 102 } 103 104 static void sco_sock_set_timer(struct sock *sk, long timeout) 105 { 106 if (!sco_pi(sk)->conn) 107 return; 108 109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 112 } 113 114 static void sco_sock_clear_timer(struct sock *sk) 115 { 116 if (!sco_pi(sk)->conn) 117 return; 118 119 BT_DBG("sock %p state %d", sk, sk->sk_state); 120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 121 } 122 123 /* ---- SCO connections ---- */ 124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 125 { 126 struct hci_dev *hdev = hcon->hdev; 127 struct sco_conn *conn = hcon->sco_data; 128 129 if (conn) 130 return conn; 131 132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 133 if (!conn) 134 return NULL; 135 136 spin_lock_init(&conn->lock); 137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 138 139 hcon->sco_data = conn; 140 conn->hcon = hcon; 141 142 if (hdev->sco_mtu > 0) 143 conn->mtu = hdev->sco_mtu; 144 else 145 conn->mtu = 60; 146 147 BT_DBG("hcon %p conn %p", hcon, conn); 148 149 return conn; 150 } 151 152 /* Delete channel. 153 * Must be called on the locked socket. */ 154 static void sco_chan_del(struct sock *sk, int err) 155 { 156 struct sco_conn *conn; 157 158 conn = sco_pi(sk)->conn; 159 160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 161 162 if (conn) { 163 sco_conn_lock(conn); 164 conn->sk = NULL; 165 sco_pi(sk)->conn = NULL; 166 sco_conn_unlock(conn); 167 168 if (conn->hcon) 169 hci_conn_drop(conn->hcon); 170 } 171 172 sk->sk_state = BT_CLOSED; 173 sk->sk_err = err; 174 sk->sk_state_change(sk); 175 176 sock_set_flag(sk, SOCK_ZAPPED); 177 } 178 179 static void sco_conn_del(struct hci_conn *hcon, int err) 180 { 181 struct sco_conn *conn = hcon->sco_data; 182 struct sock *sk; 183 184 if (!conn) 185 return; 186 187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 188 189 /* Kill socket */ 190 sco_conn_lock(conn); 191 sk = conn->sk; 192 if (sk) 193 sock_hold(sk); 194 sco_conn_unlock(conn); 195 196 if (sk) { 197 lock_sock(sk); 198 sco_sock_clear_timer(sk); 199 sco_chan_del(sk, err); 200 release_sock(sk); 201 sock_put(sk); 202 } 203 204 /* Ensure no more work items will run before freeing conn. */ 205 cancel_delayed_work_sync(&conn->timeout_work); 206 207 hcon->sco_data = NULL; 208 kfree(conn); 209 } 210 211 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 212 struct sock *parent) 213 { 214 BT_DBG("conn %p", conn); 215 216 sco_pi(sk)->conn = conn; 217 conn->sk = sk; 218 219 if (parent) 220 bt_accept_enqueue(parent, sk, true); 221 } 222 223 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 224 struct sock *parent) 225 { 226 int err = 0; 227 228 sco_conn_lock(conn); 229 if (conn->sk) 230 err = -EBUSY; 231 else 232 __sco_chan_add(conn, sk, parent); 233 234 sco_conn_unlock(conn); 235 return err; 236 } 237 238 static int sco_connect(struct hci_dev *hdev, struct sock *sk) 239 { 240 struct sco_conn *conn; 241 struct hci_conn *hcon; 242 int err, type; 243 244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 245 246 if (lmp_esco_capable(hdev) && !disable_esco) 247 type = ESCO_LINK; 248 else 249 type = SCO_LINK; 250 251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) 253 return -EOPNOTSUPP; 254 255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 256 sco_pi(sk)->setting, &sco_pi(sk)->codec); 257 if (IS_ERR(hcon)) 258 return PTR_ERR(hcon); 259 260 conn = sco_conn_add(hcon); 261 if (!conn) { 262 hci_conn_drop(hcon); 263 return -ENOMEM; 264 } 265 266 /* Update source addr of the socket */ 267 bacpy(&sco_pi(sk)->src, &hcon->src); 268 269 err = sco_chan_add(conn, sk, NULL); 270 if (err) 271 return err; 272 273 if (hcon->state == BT_CONNECTED) { 274 sco_sock_clear_timer(sk); 275 sk->sk_state = BT_CONNECTED; 276 } else { 277 sk->sk_state = BT_CONNECT; 278 sco_sock_set_timer(sk, sk->sk_sndtimeo); 279 } 280 281 return err; 282 } 283 284 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 285 { 286 struct sco_conn *conn = sco_pi(sk)->conn; 287 int len = skb->len; 288 289 /* Check outgoing MTU */ 290 if (len > conn->mtu) 291 return -EINVAL; 292 293 BT_DBG("sk %p len %d", sk, len); 294 295 hci_send_sco(conn->hcon, skb); 296 297 return len; 298 } 299 300 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 301 { 302 struct sock *sk; 303 304 sco_conn_lock(conn); 305 sk = conn->sk; 306 sco_conn_unlock(conn); 307 308 if (!sk) 309 goto drop; 310 311 BT_DBG("sk %p len %u", sk, skb->len); 312 313 if (sk->sk_state != BT_CONNECTED) 314 goto drop; 315 316 if (!sock_queue_rcv_skb(sk, skb)) 317 return; 318 319 drop: 320 kfree_skb(skb); 321 } 322 323 /* -------- Socket interface ---------- */ 324 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 325 { 326 struct sock *sk; 327 328 sk_for_each(sk, &sco_sk_list.head) { 329 if (sk->sk_state != BT_LISTEN) 330 continue; 331 332 if (!bacmp(&sco_pi(sk)->src, ba)) 333 return sk; 334 } 335 336 return NULL; 337 } 338 339 /* Find socket listening on source bdaddr. 340 * Returns closest match. 341 */ 342 static struct sock *sco_get_sock_listen(bdaddr_t *src) 343 { 344 struct sock *sk = NULL, *sk1 = NULL; 345 346 read_lock(&sco_sk_list.lock); 347 348 sk_for_each(sk, &sco_sk_list.head) { 349 if (sk->sk_state != BT_LISTEN) 350 continue; 351 352 /* Exact match. */ 353 if (!bacmp(&sco_pi(sk)->src, src)) 354 break; 355 356 /* Closest match */ 357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 358 sk1 = sk; 359 } 360 361 read_unlock(&sco_sk_list.lock); 362 363 return sk ? sk : sk1; 364 } 365 366 static void sco_sock_destruct(struct sock *sk) 367 { 368 BT_DBG("sk %p", sk); 369 370 skb_queue_purge(&sk->sk_receive_queue); 371 skb_queue_purge(&sk->sk_write_queue); 372 } 373 374 static void sco_sock_cleanup_listen(struct sock *parent) 375 { 376 struct sock *sk; 377 378 BT_DBG("parent %p", parent); 379 380 /* Close not yet accepted channels */ 381 while ((sk = bt_accept_dequeue(parent, NULL))) { 382 sco_sock_close(sk); 383 sco_sock_kill(sk); 384 } 385 386 parent->sk_state = BT_CLOSED; 387 sock_set_flag(parent, SOCK_ZAPPED); 388 } 389 390 /* Kill socket (only if zapped and orphan) 391 * Must be called on unlocked socket. 392 */ 393 static void sco_sock_kill(struct sock *sk) 394 { 395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 396 return; 397 398 BT_DBG("sk %p state %d", sk, sk->sk_state); 399 400 /* Kill poor orphan */ 401 bt_sock_unlink(&sco_sk_list, sk); 402 sock_set_flag(sk, SOCK_DEAD); 403 sock_put(sk); 404 } 405 406 static void __sco_sock_close(struct sock *sk) 407 { 408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 409 410 switch (sk->sk_state) { 411 case BT_LISTEN: 412 sco_sock_cleanup_listen(sk); 413 break; 414 415 case BT_CONNECTED: 416 case BT_CONFIG: 417 if (sco_pi(sk)->conn->hcon) { 418 sk->sk_state = BT_DISCONN; 419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 420 sco_conn_lock(sco_pi(sk)->conn); 421 hci_conn_drop(sco_pi(sk)->conn->hcon); 422 sco_pi(sk)->conn->hcon = NULL; 423 sco_conn_unlock(sco_pi(sk)->conn); 424 } else 425 sco_chan_del(sk, ECONNRESET); 426 break; 427 428 case BT_CONNECT2: 429 case BT_CONNECT: 430 case BT_DISCONN: 431 sco_chan_del(sk, ECONNRESET); 432 break; 433 434 default: 435 sock_set_flag(sk, SOCK_ZAPPED); 436 break; 437 } 438 439 } 440 441 /* Must be called on unlocked socket. */ 442 static void sco_sock_close(struct sock *sk) 443 { 444 lock_sock(sk); 445 sco_sock_clear_timer(sk); 446 __sco_sock_close(sk); 447 release_sock(sk); 448 } 449 450 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, 451 struct sock *sk) 452 { 453 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) 454 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, 455 sizeof(bt_cb(skb)->sco.pkt_status), 456 &bt_cb(skb)->sco.pkt_status); 457 } 458 459 static void sco_sock_init(struct sock *sk, struct sock *parent) 460 { 461 BT_DBG("sk %p", sk); 462 463 if (parent) { 464 sk->sk_type = parent->sk_type; 465 bt_sk(sk)->flags = bt_sk(parent)->flags; 466 security_sk_clone(parent, sk); 467 } else { 468 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 469 } 470 } 471 472 static struct proto sco_proto = { 473 .name = "SCO", 474 .owner = THIS_MODULE, 475 .obj_size = sizeof(struct sco_pinfo) 476 }; 477 478 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 479 int proto, gfp_t prio, int kern) 480 { 481 struct sock *sk; 482 483 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 484 if (!sk) 485 return NULL; 486 487 sock_init_data(sock, sk); 488 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 489 490 sk->sk_destruct = sco_sock_destruct; 491 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 492 493 sock_reset_flag(sk, SOCK_ZAPPED); 494 495 sk->sk_protocol = proto; 496 sk->sk_state = BT_OPEN; 497 498 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 499 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 500 sco_pi(sk)->codec.cid = 0xffff; 501 sco_pi(sk)->codec.vid = 0xffff; 502 sco_pi(sk)->codec.data_path = 0x00; 503 504 bt_sock_link(&sco_sk_list, sk); 505 return sk; 506 } 507 508 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 509 int kern) 510 { 511 struct sock *sk; 512 513 BT_DBG("sock %p", sock); 514 515 sock->state = SS_UNCONNECTED; 516 517 if (sock->type != SOCK_SEQPACKET) 518 return -ESOCKTNOSUPPORT; 519 520 sock->ops = &sco_sock_ops; 521 522 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 523 if (!sk) 524 return -ENOMEM; 525 526 sco_sock_init(sk, NULL); 527 return 0; 528 } 529 530 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 531 int addr_len) 532 { 533 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 534 struct sock *sk = sock->sk; 535 int err = 0; 536 537 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 538 addr->sa_family != AF_BLUETOOTH) 539 return -EINVAL; 540 541 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 542 543 lock_sock(sk); 544 545 if (sk->sk_state != BT_OPEN) { 546 err = -EBADFD; 547 goto done; 548 } 549 550 if (sk->sk_type != SOCK_SEQPACKET) { 551 err = -EINVAL; 552 goto done; 553 } 554 555 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 556 557 sk->sk_state = BT_BOUND; 558 559 done: 560 release_sock(sk); 561 return err; 562 } 563 564 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 565 { 566 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 567 struct sock *sk = sock->sk; 568 struct hci_dev *hdev; 569 int err; 570 571 BT_DBG("sk %p", sk); 572 573 if (alen < sizeof(struct sockaddr_sco) || 574 addr->sa_family != AF_BLUETOOTH) 575 return -EINVAL; 576 577 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 578 return -EBADFD; 579 580 if (sk->sk_type != SOCK_SEQPACKET) 581 return -EINVAL; 582 583 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR); 584 if (!hdev) 585 return -EHOSTUNREACH; 586 hci_dev_lock(hdev); 587 588 lock_sock(sk); 589 590 /* Set destination address and psm */ 591 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 592 593 err = sco_connect(hdev, sk); 594 hci_dev_unlock(hdev); 595 hci_dev_put(hdev); 596 if (err) 597 goto done; 598 599 err = bt_sock_wait_state(sk, BT_CONNECTED, 600 sock_sndtimeo(sk, flags & O_NONBLOCK)); 601 602 done: 603 release_sock(sk); 604 return err; 605 } 606 607 static int sco_sock_listen(struct socket *sock, int backlog) 608 { 609 struct sock *sk = sock->sk; 610 bdaddr_t *src = &sco_pi(sk)->src; 611 int err = 0; 612 613 BT_DBG("sk %p backlog %d", sk, backlog); 614 615 lock_sock(sk); 616 617 if (sk->sk_state != BT_BOUND) { 618 err = -EBADFD; 619 goto done; 620 } 621 622 if (sk->sk_type != SOCK_SEQPACKET) { 623 err = -EINVAL; 624 goto done; 625 } 626 627 write_lock(&sco_sk_list.lock); 628 629 if (__sco_get_sock_listen_by_addr(src)) { 630 err = -EADDRINUSE; 631 goto unlock; 632 } 633 634 sk->sk_max_ack_backlog = backlog; 635 sk->sk_ack_backlog = 0; 636 637 sk->sk_state = BT_LISTEN; 638 639 unlock: 640 write_unlock(&sco_sk_list.lock); 641 642 done: 643 release_sock(sk); 644 return err; 645 } 646 647 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 648 int flags, bool kern) 649 { 650 DEFINE_WAIT_FUNC(wait, woken_wake_function); 651 struct sock *sk = sock->sk, *ch; 652 long timeo; 653 int err = 0; 654 655 lock_sock(sk); 656 657 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 658 659 BT_DBG("sk %p timeo %ld", sk, timeo); 660 661 /* Wait for an incoming connection. (wake-one). */ 662 add_wait_queue_exclusive(sk_sleep(sk), &wait); 663 while (1) { 664 if (sk->sk_state != BT_LISTEN) { 665 err = -EBADFD; 666 break; 667 } 668 669 ch = bt_accept_dequeue(sk, newsock); 670 if (ch) 671 break; 672 673 if (!timeo) { 674 err = -EAGAIN; 675 break; 676 } 677 678 if (signal_pending(current)) { 679 err = sock_intr_errno(timeo); 680 break; 681 } 682 683 release_sock(sk); 684 685 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 686 lock_sock(sk); 687 } 688 remove_wait_queue(sk_sleep(sk), &wait); 689 690 if (err) 691 goto done; 692 693 newsock->state = SS_CONNECTED; 694 695 BT_DBG("new socket %p", ch); 696 697 done: 698 release_sock(sk); 699 return err; 700 } 701 702 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 703 int peer) 704 { 705 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 706 struct sock *sk = sock->sk; 707 708 BT_DBG("sock %p, sk %p", sock, sk); 709 710 addr->sa_family = AF_BLUETOOTH; 711 712 if (peer) 713 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 714 else 715 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 716 717 return sizeof(struct sockaddr_sco); 718 } 719 720 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 721 size_t len) 722 { 723 struct sock *sk = sock->sk; 724 struct sk_buff *skb; 725 int err; 726 727 BT_DBG("sock %p, sk %p", sock, sk); 728 729 err = sock_error(sk); 730 if (err) 731 return err; 732 733 if (msg->msg_flags & MSG_OOB) 734 return -EOPNOTSUPP; 735 736 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 737 if (IS_ERR(skb)) 738 return PTR_ERR(skb); 739 740 lock_sock(sk); 741 742 if (sk->sk_state == BT_CONNECTED) 743 err = sco_send_frame(sk, skb); 744 else 745 err = -ENOTCONN; 746 747 release_sock(sk); 748 749 if (err < 0) 750 kfree_skb(skb); 751 return err; 752 } 753 754 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 755 { 756 struct hci_dev *hdev = conn->hdev; 757 758 BT_DBG("conn %p", conn); 759 760 conn->state = BT_CONFIG; 761 762 if (!lmp_esco_capable(hdev)) { 763 struct hci_cp_accept_conn_req cp; 764 765 bacpy(&cp.bdaddr, &conn->dst); 766 cp.role = 0x00; /* Ignored */ 767 768 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 769 } else { 770 struct hci_cp_accept_sync_conn_req cp; 771 772 bacpy(&cp.bdaddr, &conn->dst); 773 cp.pkt_type = cpu_to_le16(conn->pkt_type); 774 775 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 776 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 777 cp.content_format = cpu_to_le16(setting); 778 779 switch (setting & SCO_AIRMODE_MASK) { 780 case SCO_AIRMODE_TRANSP: 781 if (conn->pkt_type & ESCO_2EV3) 782 cp.max_latency = cpu_to_le16(0x0008); 783 else 784 cp.max_latency = cpu_to_le16(0x000D); 785 cp.retrans_effort = 0x02; 786 break; 787 case SCO_AIRMODE_CVSD: 788 cp.max_latency = cpu_to_le16(0xffff); 789 cp.retrans_effort = 0xff; 790 break; 791 default: 792 /* use CVSD settings as fallback */ 793 cp.max_latency = cpu_to_le16(0xffff); 794 cp.retrans_effort = 0xff; 795 break; 796 } 797 798 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 799 sizeof(cp), &cp); 800 } 801 } 802 803 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 804 size_t len, int flags) 805 { 806 struct sock *sk = sock->sk; 807 struct sco_pinfo *pi = sco_pi(sk); 808 809 lock_sock(sk); 810 811 if (sk->sk_state == BT_CONNECT2 && 812 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 813 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 814 sk->sk_state = BT_CONFIG; 815 816 release_sock(sk); 817 return 0; 818 } 819 820 release_sock(sk); 821 822 return bt_sock_recvmsg(sock, msg, len, flags); 823 } 824 825 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 826 sockptr_t optval, unsigned int optlen) 827 { 828 struct sock *sk = sock->sk; 829 int len, err = 0; 830 struct bt_voice voice; 831 u32 opt; 832 struct bt_codecs *codecs; 833 struct hci_dev *hdev; 834 __u8 buffer[255]; 835 836 BT_DBG("sk %p", sk); 837 838 lock_sock(sk); 839 840 switch (optname) { 841 842 case BT_DEFER_SETUP: 843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 844 err = -EINVAL; 845 break; 846 } 847 848 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 849 err = -EFAULT; 850 break; 851 } 852 853 if (opt) 854 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 855 else 856 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 857 break; 858 859 case BT_VOICE: 860 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 861 sk->sk_state != BT_CONNECT2) { 862 err = -EINVAL; 863 break; 864 } 865 866 voice.setting = sco_pi(sk)->setting; 867 868 len = min_t(unsigned int, sizeof(voice), optlen); 869 if (copy_from_sockptr(&voice, optval, len)) { 870 err = -EFAULT; 871 break; 872 } 873 874 /* Explicitly check for these values */ 875 if (voice.setting != BT_VOICE_TRANSPARENT && 876 voice.setting != BT_VOICE_CVSD_16BIT) { 877 err = -EINVAL; 878 break; 879 } 880 881 sco_pi(sk)->setting = voice.setting; 882 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 883 BDADDR_BREDR); 884 if (!hdev) { 885 err = -EBADFD; 886 break; 887 } 888 if (enhanced_sco_capable(hdev) && 889 voice.setting == BT_VOICE_TRANSPARENT) 890 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 891 hci_dev_put(hdev); 892 break; 893 894 case BT_PKT_STATUS: 895 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 896 err = -EFAULT; 897 break; 898 } 899 900 if (opt) 901 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 902 else 903 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 904 break; 905 906 case BT_CODEC: 907 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 908 sk->sk_state != BT_CONNECT2) { 909 err = -EINVAL; 910 break; 911 } 912 913 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 914 BDADDR_BREDR); 915 if (!hdev) { 916 err = -EBADFD; 917 break; 918 } 919 920 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 921 hci_dev_put(hdev); 922 err = -EOPNOTSUPP; 923 break; 924 } 925 926 if (!hdev->get_data_path_id) { 927 hci_dev_put(hdev); 928 err = -EOPNOTSUPP; 929 break; 930 } 931 932 if (optlen < sizeof(struct bt_codecs) || 933 optlen > sizeof(buffer)) { 934 hci_dev_put(hdev); 935 err = -EINVAL; 936 break; 937 } 938 939 if (copy_from_sockptr(buffer, optval, optlen)) { 940 hci_dev_put(hdev); 941 err = -EFAULT; 942 break; 943 } 944 945 codecs = (void *)buffer; 946 947 if (codecs->num_codecs > 1) { 948 hci_dev_put(hdev); 949 err = -EINVAL; 950 break; 951 } 952 953 sco_pi(sk)->codec = codecs->codecs[0]; 954 hci_dev_put(hdev); 955 break; 956 957 default: 958 err = -ENOPROTOOPT; 959 break; 960 } 961 962 release_sock(sk); 963 return err; 964 } 965 966 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 967 char __user *optval, int __user *optlen) 968 { 969 struct sock *sk = sock->sk; 970 struct sco_options opts; 971 struct sco_conninfo cinfo; 972 int len, err = 0; 973 974 BT_DBG("sk %p", sk); 975 976 if (get_user(len, optlen)) 977 return -EFAULT; 978 979 lock_sock(sk); 980 981 switch (optname) { 982 case SCO_OPTIONS: 983 if (sk->sk_state != BT_CONNECTED && 984 !(sk->sk_state == BT_CONNECT2 && 985 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 986 err = -ENOTCONN; 987 break; 988 } 989 990 opts.mtu = sco_pi(sk)->conn->mtu; 991 992 BT_DBG("mtu %u", opts.mtu); 993 994 len = min_t(unsigned int, len, sizeof(opts)); 995 if (copy_to_user(optval, (char *)&opts, len)) 996 err = -EFAULT; 997 998 break; 999 1000 case SCO_CONNINFO: 1001 if (sk->sk_state != BT_CONNECTED && 1002 !(sk->sk_state == BT_CONNECT2 && 1003 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1004 err = -ENOTCONN; 1005 break; 1006 } 1007 1008 memset(&cinfo, 0, sizeof(cinfo)); 1009 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1010 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1011 1012 len = min_t(unsigned int, len, sizeof(cinfo)); 1013 if (copy_to_user(optval, (char *)&cinfo, len)) 1014 err = -EFAULT; 1015 1016 break; 1017 1018 default: 1019 err = -ENOPROTOOPT; 1020 break; 1021 } 1022 1023 release_sock(sk); 1024 return err; 1025 } 1026 1027 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1028 char __user *optval, int __user *optlen) 1029 { 1030 struct sock *sk = sock->sk; 1031 int len, err = 0; 1032 struct bt_voice voice; 1033 u32 phys; 1034 int pkt_status; 1035 int buf_len; 1036 struct codec_list *c; 1037 u8 num_codecs, i, __user *ptr; 1038 struct hci_dev *hdev; 1039 struct hci_codec_caps *caps; 1040 struct bt_codec codec; 1041 1042 BT_DBG("sk %p", sk); 1043 1044 if (level == SOL_SCO) 1045 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1046 1047 if (get_user(len, optlen)) 1048 return -EFAULT; 1049 1050 lock_sock(sk); 1051 1052 switch (optname) { 1053 1054 case BT_DEFER_SETUP: 1055 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1056 err = -EINVAL; 1057 break; 1058 } 1059 1060 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1061 (u32 __user *)optval)) 1062 err = -EFAULT; 1063 1064 break; 1065 1066 case BT_VOICE: 1067 voice.setting = sco_pi(sk)->setting; 1068 1069 len = min_t(unsigned int, len, sizeof(voice)); 1070 if (copy_to_user(optval, (char *)&voice, len)) 1071 err = -EFAULT; 1072 1073 break; 1074 1075 case BT_PHY: 1076 if (sk->sk_state != BT_CONNECTED) { 1077 err = -ENOTCONN; 1078 break; 1079 } 1080 1081 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1082 1083 if (put_user(phys, (u32 __user *) optval)) 1084 err = -EFAULT; 1085 break; 1086 1087 case BT_PKT_STATUS: 1088 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 1089 1090 if (put_user(pkt_status, (int __user *)optval)) 1091 err = -EFAULT; 1092 break; 1093 1094 case BT_SNDMTU: 1095 case BT_RCVMTU: 1096 if (sk->sk_state != BT_CONNECTED) { 1097 err = -ENOTCONN; 1098 break; 1099 } 1100 1101 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1102 err = -EFAULT; 1103 break; 1104 1105 case BT_CODEC: 1106 num_codecs = 0; 1107 buf_len = 0; 1108 1109 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1110 if (!hdev) { 1111 err = -EBADFD; 1112 break; 1113 } 1114 1115 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1116 hci_dev_put(hdev); 1117 err = -EOPNOTSUPP; 1118 break; 1119 } 1120 1121 if (!hdev->get_data_path_id) { 1122 hci_dev_put(hdev); 1123 err = -EOPNOTSUPP; 1124 break; 1125 } 1126 1127 /* find total buffer size required to copy codec + caps */ 1128 hci_dev_lock(hdev); 1129 list_for_each_entry(c, &hdev->local_codecs, list) { 1130 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1131 continue; 1132 num_codecs++; 1133 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1134 buf_len += 1 + caps->len; 1135 caps = (void *)&caps->data[caps->len]; 1136 } 1137 buf_len += sizeof(struct bt_codec); 1138 } 1139 hci_dev_unlock(hdev); 1140 1141 buf_len += sizeof(struct bt_codecs); 1142 if (buf_len > len) { 1143 hci_dev_put(hdev); 1144 err = -ENOBUFS; 1145 break; 1146 } 1147 ptr = optval; 1148 1149 if (put_user(num_codecs, ptr)) { 1150 hci_dev_put(hdev); 1151 err = -EFAULT; 1152 break; 1153 } 1154 ptr += sizeof(num_codecs); 1155 1156 /* Iterate all the codecs supported over SCO and populate 1157 * codec data 1158 */ 1159 hci_dev_lock(hdev); 1160 list_for_each_entry(c, &hdev->local_codecs, list) { 1161 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1162 continue; 1163 1164 codec.id = c->id; 1165 codec.cid = c->cid; 1166 codec.vid = c->vid; 1167 err = hdev->get_data_path_id(hdev, &codec.data_path); 1168 if (err < 0) 1169 break; 1170 codec.num_caps = c->num_caps; 1171 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1172 err = -EFAULT; 1173 break; 1174 } 1175 ptr += sizeof(codec); 1176 1177 /* find codec capabilities data length */ 1178 len = 0; 1179 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1180 len += 1 + caps->len; 1181 caps = (void *)&caps->data[caps->len]; 1182 } 1183 1184 /* copy codec capabilities data */ 1185 if (len && copy_to_user(ptr, c->caps, len)) { 1186 err = -EFAULT; 1187 break; 1188 } 1189 ptr += len; 1190 } 1191 1192 if (!err && put_user(buf_len, optlen)) 1193 err = -EFAULT; 1194 1195 hci_dev_unlock(hdev); 1196 hci_dev_put(hdev); 1197 1198 break; 1199 1200 default: 1201 err = -ENOPROTOOPT; 1202 break; 1203 } 1204 1205 release_sock(sk); 1206 return err; 1207 } 1208 1209 static int sco_sock_shutdown(struct socket *sock, int how) 1210 { 1211 struct sock *sk = sock->sk; 1212 int err = 0; 1213 1214 BT_DBG("sock %p, sk %p", sock, sk); 1215 1216 if (!sk) 1217 return 0; 1218 1219 sock_hold(sk); 1220 lock_sock(sk); 1221 1222 if (!sk->sk_shutdown) { 1223 sk->sk_shutdown = SHUTDOWN_MASK; 1224 sco_sock_clear_timer(sk); 1225 __sco_sock_close(sk); 1226 1227 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1228 !(current->flags & PF_EXITING)) 1229 err = bt_sock_wait_state(sk, BT_CLOSED, 1230 sk->sk_lingertime); 1231 } 1232 1233 release_sock(sk); 1234 sock_put(sk); 1235 1236 return err; 1237 } 1238 1239 static int sco_sock_release(struct socket *sock) 1240 { 1241 struct sock *sk = sock->sk; 1242 int err = 0; 1243 1244 BT_DBG("sock %p, sk %p", sock, sk); 1245 1246 if (!sk) 1247 return 0; 1248 1249 sco_sock_close(sk); 1250 1251 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1252 !(current->flags & PF_EXITING)) { 1253 lock_sock(sk); 1254 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1255 release_sock(sk); 1256 } 1257 1258 sock_orphan(sk); 1259 sco_sock_kill(sk); 1260 return err; 1261 } 1262 1263 static void sco_conn_ready(struct sco_conn *conn) 1264 { 1265 struct sock *parent; 1266 struct sock *sk = conn->sk; 1267 1268 BT_DBG("conn %p", conn); 1269 1270 if (sk) { 1271 lock_sock(sk); 1272 sco_sock_clear_timer(sk); 1273 sk->sk_state = BT_CONNECTED; 1274 sk->sk_state_change(sk); 1275 release_sock(sk); 1276 } else { 1277 sco_conn_lock(conn); 1278 1279 if (!conn->hcon) { 1280 sco_conn_unlock(conn); 1281 return; 1282 } 1283 1284 parent = sco_get_sock_listen(&conn->hcon->src); 1285 if (!parent) { 1286 sco_conn_unlock(conn); 1287 return; 1288 } 1289 1290 lock_sock(parent); 1291 1292 sk = sco_sock_alloc(sock_net(parent), NULL, 1293 BTPROTO_SCO, GFP_ATOMIC, 0); 1294 if (!sk) { 1295 release_sock(parent); 1296 sco_conn_unlock(conn); 1297 return; 1298 } 1299 1300 sco_sock_init(sk, parent); 1301 1302 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1303 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1304 1305 hci_conn_hold(conn->hcon); 1306 __sco_chan_add(conn, sk, parent); 1307 1308 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1309 sk->sk_state = BT_CONNECT2; 1310 else 1311 sk->sk_state = BT_CONNECTED; 1312 1313 /* Wake up parent */ 1314 parent->sk_data_ready(parent); 1315 1316 release_sock(parent); 1317 1318 sco_conn_unlock(conn); 1319 } 1320 } 1321 1322 /* ----- SCO interface with lower layer (HCI) ----- */ 1323 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1324 { 1325 struct sock *sk; 1326 int lm = 0; 1327 1328 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1329 1330 /* Find listening sockets */ 1331 read_lock(&sco_sk_list.lock); 1332 sk_for_each(sk, &sco_sk_list.head) { 1333 if (sk->sk_state != BT_LISTEN) 1334 continue; 1335 1336 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1337 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1338 lm |= HCI_LM_ACCEPT; 1339 1340 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1341 *flags |= HCI_PROTO_DEFER; 1342 break; 1343 } 1344 } 1345 read_unlock(&sco_sk_list.lock); 1346 1347 return lm; 1348 } 1349 1350 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1351 { 1352 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1353 return; 1354 1355 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1356 1357 if (!status) { 1358 struct sco_conn *conn; 1359 1360 conn = sco_conn_add(hcon); 1361 if (conn) 1362 sco_conn_ready(conn); 1363 } else 1364 sco_conn_del(hcon, bt_to_errno(status)); 1365 } 1366 1367 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1368 { 1369 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1370 return; 1371 1372 BT_DBG("hcon %p reason %d", hcon, reason); 1373 1374 sco_conn_del(hcon, bt_to_errno(reason)); 1375 } 1376 1377 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1378 { 1379 struct sco_conn *conn = hcon->sco_data; 1380 1381 if (!conn) 1382 goto drop; 1383 1384 BT_DBG("conn %p len %u", conn, skb->len); 1385 1386 if (skb->len) { 1387 sco_recv_frame(conn, skb); 1388 return; 1389 } 1390 1391 drop: 1392 kfree_skb(skb); 1393 } 1394 1395 static struct hci_cb sco_cb = { 1396 .name = "SCO", 1397 .connect_cfm = sco_connect_cfm, 1398 .disconn_cfm = sco_disconn_cfm, 1399 }; 1400 1401 static int sco_debugfs_show(struct seq_file *f, void *p) 1402 { 1403 struct sock *sk; 1404 1405 read_lock(&sco_sk_list.lock); 1406 1407 sk_for_each(sk, &sco_sk_list.head) { 1408 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1409 &sco_pi(sk)->dst, sk->sk_state); 1410 } 1411 1412 read_unlock(&sco_sk_list.lock); 1413 1414 return 0; 1415 } 1416 1417 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1418 1419 static struct dentry *sco_debugfs; 1420 1421 static const struct proto_ops sco_sock_ops = { 1422 .family = PF_BLUETOOTH, 1423 .owner = THIS_MODULE, 1424 .release = sco_sock_release, 1425 .bind = sco_sock_bind, 1426 .connect = sco_sock_connect, 1427 .listen = sco_sock_listen, 1428 .accept = sco_sock_accept, 1429 .getname = sco_sock_getname, 1430 .sendmsg = sco_sock_sendmsg, 1431 .recvmsg = sco_sock_recvmsg, 1432 .poll = bt_sock_poll, 1433 .ioctl = bt_sock_ioctl, 1434 .gettstamp = sock_gettstamp, 1435 .mmap = sock_no_mmap, 1436 .socketpair = sock_no_socketpair, 1437 .shutdown = sco_sock_shutdown, 1438 .setsockopt = sco_sock_setsockopt, 1439 .getsockopt = sco_sock_getsockopt 1440 }; 1441 1442 static const struct net_proto_family sco_sock_family_ops = { 1443 .family = PF_BLUETOOTH, 1444 .owner = THIS_MODULE, 1445 .create = sco_sock_create, 1446 }; 1447 1448 int __init sco_init(void) 1449 { 1450 int err; 1451 1452 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1453 1454 err = proto_register(&sco_proto, 0); 1455 if (err < 0) 1456 return err; 1457 1458 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1459 if (err < 0) { 1460 BT_ERR("SCO socket registration failed"); 1461 goto error; 1462 } 1463 1464 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1465 if (err < 0) { 1466 BT_ERR("Failed to create SCO proc file"); 1467 bt_sock_unregister(BTPROTO_SCO); 1468 goto error; 1469 } 1470 1471 BT_INFO("SCO socket layer initialized"); 1472 1473 hci_register_cb(&sco_cb); 1474 1475 if (IS_ERR_OR_NULL(bt_debugfs)) 1476 return 0; 1477 1478 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1479 NULL, &sco_debugfs_fops); 1480 1481 return 0; 1482 1483 error: 1484 proto_unregister(&sco_proto); 1485 return err; 1486 } 1487 1488 void sco_exit(void) 1489 { 1490 bt_procfs_cleanup(&init_net, "sco"); 1491 1492 debugfs_remove(sco_debugfs); 1493 1494 hci_unregister_cb(&sco_cb); 1495 1496 bt_sock_unregister(BTPROTO_SCO); 1497 1498 proto_unregister(&sco_proto); 1499 } 1500 1501 module_param(disable_esco, bool, 0644); 1502 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1503