xref: /openbmc/linux/net/bluetooth/sco.c (revision 703e7713)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35 
36 static bool disable_esco;
37 
38 static const struct proto_ops sco_sock_ops;
39 
40 static struct bt_sock_list sco_sk_list = {
41 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43 
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 	struct hci_conn	*hcon;
47 
48 	spinlock_t	lock;
49 	struct sock	*sk;
50 
51 	struct delayed_work	timeout_work;
52 
53 	unsigned int    mtu;
54 };
55 
56 #define sco_conn_lock(c)	spin_lock(&c->lock)
57 #define sco_conn_unlock(c)	spin_unlock(&c->lock)
58 
59 static void sco_sock_close(struct sock *sk);
60 static void sco_sock_kill(struct sock *sk);
61 
62 /* ----- SCO socket info ----- */
63 #define sco_pi(sk) ((struct sco_pinfo *) sk)
64 
65 struct sco_pinfo {
66 	struct bt_sock	bt;
67 	bdaddr_t	src;
68 	bdaddr_t	dst;
69 	__u32		flags;
70 	__u16		setting;
71 	__u8		cmsg_mask;
72 	struct bt_codec codec;
73 	struct sco_conn	*conn;
74 };
75 
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT	(HZ * 40)
78 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
79 
80 static void sco_sock_timeout(struct work_struct *work)
81 {
82 	struct sco_conn *conn = container_of(work, struct sco_conn,
83 					     timeout_work.work);
84 	struct sock *sk;
85 
86 	sco_conn_lock(conn);
87 	sk = conn->sk;
88 	if (sk)
89 		sock_hold(sk);
90 	sco_conn_unlock(conn);
91 
92 	if (!sk)
93 		return;
94 
95 	BT_DBG("sock %p state %d", sk, sk->sk_state);
96 
97 	lock_sock(sk);
98 	sk->sk_err = ETIMEDOUT;
99 	sk->sk_state_change(sk);
100 	release_sock(sk);
101 	sock_put(sk);
102 }
103 
104 static void sco_sock_set_timer(struct sock *sk, long timeout)
105 {
106 	if (!sco_pi(sk)->conn)
107 		return;
108 
109 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
110 	cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
111 	schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
112 }
113 
114 static void sco_sock_clear_timer(struct sock *sk)
115 {
116 	if (!sco_pi(sk)->conn)
117 		return;
118 
119 	BT_DBG("sock %p state %d", sk, sk->sk_state);
120 	cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
121 }
122 
123 /* ---- SCO connections ---- */
124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
125 {
126 	struct hci_dev *hdev = hcon->hdev;
127 	struct sco_conn *conn = hcon->sco_data;
128 
129 	if (conn)
130 		return conn;
131 
132 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
133 	if (!conn)
134 		return NULL;
135 
136 	spin_lock_init(&conn->lock);
137 	INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
138 
139 	hcon->sco_data = conn;
140 	conn->hcon = hcon;
141 
142 	if (hdev->sco_mtu > 0)
143 		conn->mtu = hdev->sco_mtu;
144 	else
145 		conn->mtu = 60;
146 
147 	BT_DBG("hcon %p conn %p", hcon, conn);
148 
149 	return conn;
150 }
151 
152 /* Delete channel.
153  * Must be called on the locked socket. */
154 static void sco_chan_del(struct sock *sk, int err)
155 {
156 	struct sco_conn *conn;
157 
158 	conn = sco_pi(sk)->conn;
159 
160 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
161 
162 	if (conn) {
163 		sco_conn_lock(conn);
164 		conn->sk = NULL;
165 		sco_pi(sk)->conn = NULL;
166 		sco_conn_unlock(conn);
167 
168 		if (conn->hcon)
169 			hci_conn_drop(conn->hcon);
170 	}
171 
172 	sk->sk_state = BT_CLOSED;
173 	sk->sk_err   = err;
174 	sk->sk_state_change(sk);
175 
176 	sock_set_flag(sk, SOCK_ZAPPED);
177 }
178 
179 static void sco_conn_del(struct hci_conn *hcon, int err)
180 {
181 	struct sco_conn *conn = hcon->sco_data;
182 	struct sock *sk;
183 
184 	if (!conn)
185 		return;
186 
187 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
188 
189 	/* Kill socket */
190 	sco_conn_lock(conn);
191 	sk = conn->sk;
192 	if (sk)
193 		sock_hold(sk);
194 	sco_conn_unlock(conn);
195 
196 	if (sk) {
197 		lock_sock(sk);
198 		sco_sock_clear_timer(sk);
199 		sco_chan_del(sk, err);
200 		release_sock(sk);
201 		sock_put(sk);
202 	}
203 
204 	/* Ensure no more work items will run before freeing conn. */
205 	cancel_delayed_work_sync(&conn->timeout_work);
206 
207 	hcon->sco_data = NULL;
208 	kfree(conn);
209 }
210 
211 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
212 			   struct sock *parent)
213 {
214 	BT_DBG("conn %p", conn);
215 
216 	sco_pi(sk)->conn = conn;
217 	conn->sk = sk;
218 
219 	if (parent)
220 		bt_accept_enqueue(parent, sk, true);
221 }
222 
223 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
224 			struct sock *parent)
225 {
226 	int err = 0;
227 
228 	sco_conn_lock(conn);
229 	if (conn->sk)
230 		err = -EBUSY;
231 	else
232 		__sco_chan_add(conn, sk, parent);
233 
234 	sco_conn_unlock(conn);
235 	return err;
236 }
237 
238 static int sco_connect(struct sock *sk)
239 {
240 	struct sco_conn *conn;
241 	struct hci_conn *hcon;
242 	struct hci_dev  *hdev;
243 	int err, type;
244 
245 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
246 
247 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
248 	if (!hdev)
249 		return -EHOSTUNREACH;
250 
251 	hci_dev_lock(hdev);
252 
253 	if (lmp_esco_capable(hdev) && !disable_esco)
254 		type = ESCO_LINK;
255 	else
256 		type = SCO_LINK;
257 
258 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
259 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
260 		err = -EOPNOTSUPP;
261 		goto unlock;
262 	}
263 
264 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
265 			       sco_pi(sk)->setting, &sco_pi(sk)->codec);
266 	if (IS_ERR(hcon)) {
267 		err = PTR_ERR(hcon);
268 		goto unlock;
269 	}
270 
271 	hci_dev_unlock(hdev);
272 	hci_dev_put(hdev);
273 
274 	conn = sco_conn_add(hcon);
275 	if (!conn) {
276 		hci_conn_drop(hcon);
277 		return -ENOMEM;
278 	}
279 
280 	err = sco_chan_add(conn, sk, NULL);
281 	if (err)
282 		return err;
283 
284 	lock_sock(sk);
285 
286 	/* Update source addr of the socket */
287 	bacpy(&sco_pi(sk)->src, &hcon->src);
288 
289 	if (hcon->state == BT_CONNECTED) {
290 		sco_sock_clear_timer(sk);
291 		sk->sk_state = BT_CONNECTED;
292 	} else {
293 		sk->sk_state = BT_CONNECT;
294 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
295 	}
296 
297 	release_sock(sk);
298 
299 	return err;
300 
301 unlock:
302 	hci_dev_unlock(hdev);
303 	hci_dev_put(hdev);
304 	return err;
305 }
306 
307 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
308 {
309 	struct sco_conn *conn = sco_pi(sk)->conn;
310 	int len = skb->len;
311 
312 	/* Check outgoing MTU */
313 	if (len > conn->mtu)
314 		return -EINVAL;
315 
316 	BT_DBG("sk %p len %d", sk, len);
317 
318 	hci_send_sco(conn->hcon, skb);
319 
320 	return len;
321 }
322 
323 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
324 {
325 	struct sock *sk;
326 
327 	sco_conn_lock(conn);
328 	sk = conn->sk;
329 	sco_conn_unlock(conn);
330 
331 	if (!sk)
332 		goto drop;
333 
334 	BT_DBG("sk %p len %u", sk, skb->len);
335 
336 	if (sk->sk_state != BT_CONNECTED)
337 		goto drop;
338 
339 	if (!sock_queue_rcv_skb(sk, skb))
340 		return;
341 
342 drop:
343 	kfree_skb(skb);
344 }
345 
346 /* -------- Socket interface ---------- */
347 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
348 {
349 	struct sock *sk;
350 
351 	sk_for_each(sk, &sco_sk_list.head) {
352 		if (sk->sk_state != BT_LISTEN)
353 			continue;
354 
355 		if (!bacmp(&sco_pi(sk)->src, ba))
356 			return sk;
357 	}
358 
359 	return NULL;
360 }
361 
362 /* Find socket listening on source bdaddr.
363  * Returns closest match.
364  */
365 static struct sock *sco_get_sock_listen(bdaddr_t *src)
366 {
367 	struct sock *sk = NULL, *sk1 = NULL;
368 
369 	read_lock(&sco_sk_list.lock);
370 
371 	sk_for_each(sk, &sco_sk_list.head) {
372 		if (sk->sk_state != BT_LISTEN)
373 			continue;
374 
375 		/* Exact match. */
376 		if (!bacmp(&sco_pi(sk)->src, src))
377 			break;
378 
379 		/* Closest match */
380 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
381 			sk1 = sk;
382 	}
383 
384 	read_unlock(&sco_sk_list.lock);
385 
386 	return sk ? sk : sk1;
387 }
388 
389 static void sco_sock_destruct(struct sock *sk)
390 {
391 	BT_DBG("sk %p", sk);
392 
393 	skb_queue_purge(&sk->sk_receive_queue);
394 	skb_queue_purge(&sk->sk_write_queue);
395 }
396 
397 static void sco_sock_cleanup_listen(struct sock *parent)
398 {
399 	struct sock *sk;
400 
401 	BT_DBG("parent %p", parent);
402 
403 	/* Close not yet accepted channels */
404 	while ((sk = bt_accept_dequeue(parent, NULL))) {
405 		sco_sock_close(sk);
406 		sco_sock_kill(sk);
407 	}
408 
409 	parent->sk_state  = BT_CLOSED;
410 	sock_set_flag(parent, SOCK_ZAPPED);
411 }
412 
413 /* Kill socket (only if zapped and orphan)
414  * Must be called on unlocked socket.
415  */
416 static void sco_sock_kill(struct sock *sk)
417 {
418 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
419 		return;
420 
421 	BT_DBG("sk %p state %d", sk, sk->sk_state);
422 
423 	/* Kill poor orphan */
424 	bt_sock_unlink(&sco_sk_list, sk);
425 	sock_set_flag(sk, SOCK_DEAD);
426 	sock_put(sk);
427 }
428 
429 static void __sco_sock_close(struct sock *sk)
430 {
431 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
432 
433 	switch (sk->sk_state) {
434 	case BT_LISTEN:
435 		sco_sock_cleanup_listen(sk);
436 		break;
437 
438 	case BT_CONNECTED:
439 	case BT_CONFIG:
440 		if (sco_pi(sk)->conn->hcon) {
441 			sk->sk_state = BT_DISCONN;
442 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
443 			sco_conn_lock(sco_pi(sk)->conn);
444 			hci_conn_drop(sco_pi(sk)->conn->hcon);
445 			sco_pi(sk)->conn->hcon = NULL;
446 			sco_conn_unlock(sco_pi(sk)->conn);
447 		} else
448 			sco_chan_del(sk, ECONNRESET);
449 		break;
450 
451 	case BT_CONNECT2:
452 	case BT_CONNECT:
453 	case BT_DISCONN:
454 		sco_chan_del(sk, ECONNRESET);
455 		break;
456 
457 	default:
458 		sock_set_flag(sk, SOCK_ZAPPED);
459 		break;
460 	}
461 
462 }
463 
464 /* Must be called on unlocked socket. */
465 static void sco_sock_close(struct sock *sk)
466 {
467 	lock_sock(sk);
468 	sco_sock_clear_timer(sk);
469 	__sco_sock_close(sk);
470 	release_sock(sk);
471 }
472 
473 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
474 			     struct sock *sk)
475 {
476 	if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
477 		put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
478 			 sizeof(bt_cb(skb)->sco.pkt_status),
479 			 &bt_cb(skb)->sco.pkt_status);
480 }
481 
482 static void sco_sock_init(struct sock *sk, struct sock *parent)
483 {
484 	BT_DBG("sk %p", sk);
485 
486 	if (parent) {
487 		sk->sk_type = parent->sk_type;
488 		bt_sk(sk)->flags = bt_sk(parent)->flags;
489 		security_sk_clone(parent, sk);
490 	} else {
491 		bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
492 	}
493 }
494 
495 static struct proto sco_proto = {
496 	.name		= "SCO",
497 	.owner		= THIS_MODULE,
498 	.obj_size	= sizeof(struct sco_pinfo)
499 };
500 
501 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
502 				   int proto, gfp_t prio, int kern)
503 {
504 	struct sock *sk;
505 
506 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
507 	if (!sk)
508 		return NULL;
509 
510 	sock_init_data(sock, sk);
511 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
512 
513 	sk->sk_destruct = sco_sock_destruct;
514 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
515 
516 	sock_reset_flag(sk, SOCK_ZAPPED);
517 
518 	sk->sk_protocol = proto;
519 	sk->sk_state    = BT_OPEN;
520 
521 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
522 	sco_pi(sk)->codec.id = BT_CODEC_CVSD;
523 	sco_pi(sk)->codec.cid = 0xffff;
524 	sco_pi(sk)->codec.vid = 0xffff;
525 	sco_pi(sk)->codec.data_path = 0x00;
526 
527 	bt_sock_link(&sco_sk_list, sk);
528 	return sk;
529 }
530 
531 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
532 			   int kern)
533 {
534 	struct sock *sk;
535 
536 	BT_DBG("sock %p", sock);
537 
538 	sock->state = SS_UNCONNECTED;
539 
540 	if (sock->type != SOCK_SEQPACKET)
541 		return -ESOCKTNOSUPPORT;
542 
543 	sock->ops = &sco_sock_ops;
544 
545 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
546 	if (!sk)
547 		return -ENOMEM;
548 
549 	sco_sock_init(sk, NULL);
550 	return 0;
551 }
552 
553 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
554 			 int addr_len)
555 {
556 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
557 	struct sock *sk = sock->sk;
558 	int err = 0;
559 
560 	if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
561 	    addr->sa_family != AF_BLUETOOTH)
562 		return -EINVAL;
563 
564 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
565 
566 	lock_sock(sk);
567 
568 	if (sk->sk_state != BT_OPEN) {
569 		err = -EBADFD;
570 		goto done;
571 	}
572 
573 	if (sk->sk_type != SOCK_SEQPACKET) {
574 		err = -EINVAL;
575 		goto done;
576 	}
577 
578 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
579 
580 	sk->sk_state = BT_BOUND;
581 
582 done:
583 	release_sock(sk);
584 	return err;
585 }
586 
587 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
588 {
589 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
590 	struct sock *sk = sock->sk;
591 	int err;
592 
593 	BT_DBG("sk %p", sk);
594 
595 	if (alen < sizeof(struct sockaddr_sco) ||
596 	    addr->sa_family != AF_BLUETOOTH)
597 		return -EINVAL;
598 
599 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
600 		return -EBADFD;
601 
602 	if (sk->sk_type != SOCK_SEQPACKET)
603 		err = -EINVAL;
604 
605 	lock_sock(sk);
606 	/* Set destination address and psm */
607 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
608 	release_sock(sk);
609 
610 	err = sco_connect(sk);
611 	if (err)
612 		return err;
613 
614 	lock_sock(sk);
615 
616 	err = bt_sock_wait_state(sk, BT_CONNECTED,
617 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
618 
619 	release_sock(sk);
620 	return err;
621 }
622 
623 static int sco_sock_listen(struct socket *sock, int backlog)
624 {
625 	struct sock *sk = sock->sk;
626 	bdaddr_t *src = &sco_pi(sk)->src;
627 	int err = 0;
628 
629 	BT_DBG("sk %p backlog %d", sk, backlog);
630 
631 	lock_sock(sk);
632 
633 	if (sk->sk_state != BT_BOUND) {
634 		err = -EBADFD;
635 		goto done;
636 	}
637 
638 	if (sk->sk_type != SOCK_SEQPACKET) {
639 		err = -EINVAL;
640 		goto done;
641 	}
642 
643 	write_lock(&sco_sk_list.lock);
644 
645 	if (__sco_get_sock_listen_by_addr(src)) {
646 		err = -EADDRINUSE;
647 		goto unlock;
648 	}
649 
650 	sk->sk_max_ack_backlog = backlog;
651 	sk->sk_ack_backlog = 0;
652 
653 	sk->sk_state = BT_LISTEN;
654 
655 unlock:
656 	write_unlock(&sco_sk_list.lock);
657 
658 done:
659 	release_sock(sk);
660 	return err;
661 }
662 
663 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
664 			   int flags, bool kern)
665 {
666 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
667 	struct sock *sk = sock->sk, *ch;
668 	long timeo;
669 	int err = 0;
670 
671 	lock_sock(sk);
672 
673 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
674 
675 	BT_DBG("sk %p timeo %ld", sk, timeo);
676 
677 	/* Wait for an incoming connection. (wake-one). */
678 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
679 	while (1) {
680 		if (sk->sk_state != BT_LISTEN) {
681 			err = -EBADFD;
682 			break;
683 		}
684 
685 		ch = bt_accept_dequeue(sk, newsock);
686 		if (ch)
687 			break;
688 
689 		if (!timeo) {
690 			err = -EAGAIN;
691 			break;
692 		}
693 
694 		if (signal_pending(current)) {
695 			err = sock_intr_errno(timeo);
696 			break;
697 		}
698 
699 		release_sock(sk);
700 
701 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
702 		lock_sock(sk);
703 	}
704 	remove_wait_queue(sk_sleep(sk), &wait);
705 
706 	if (err)
707 		goto done;
708 
709 	newsock->state = SS_CONNECTED;
710 
711 	BT_DBG("new socket %p", ch);
712 
713 done:
714 	release_sock(sk);
715 	return err;
716 }
717 
718 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
719 			    int peer)
720 {
721 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
722 	struct sock *sk = sock->sk;
723 
724 	BT_DBG("sock %p, sk %p", sock, sk);
725 
726 	addr->sa_family = AF_BLUETOOTH;
727 
728 	if (peer)
729 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
730 	else
731 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
732 
733 	return sizeof(struct sockaddr_sco);
734 }
735 
736 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
737 			    size_t len)
738 {
739 	struct sock *sk = sock->sk;
740 	struct sk_buff *skb;
741 	int err;
742 
743 	BT_DBG("sock %p, sk %p", sock, sk);
744 
745 	err = sock_error(sk);
746 	if (err)
747 		return err;
748 
749 	if (msg->msg_flags & MSG_OOB)
750 		return -EOPNOTSUPP;
751 
752 	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
753 	if (IS_ERR(skb))
754 		return PTR_ERR(skb);
755 
756 	lock_sock(sk);
757 
758 	if (sk->sk_state == BT_CONNECTED)
759 		err = sco_send_frame(sk, skb);
760 	else
761 		err = -ENOTCONN;
762 
763 	release_sock(sk);
764 
765 	if (err < 0)
766 		kfree_skb(skb);
767 	return err;
768 }
769 
770 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
771 {
772 	struct hci_dev *hdev = conn->hdev;
773 
774 	BT_DBG("conn %p", conn);
775 
776 	conn->state = BT_CONFIG;
777 
778 	if (!lmp_esco_capable(hdev)) {
779 		struct hci_cp_accept_conn_req cp;
780 
781 		bacpy(&cp.bdaddr, &conn->dst);
782 		cp.role = 0x00; /* Ignored */
783 
784 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
785 	} else {
786 		struct hci_cp_accept_sync_conn_req cp;
787 
788 		bacpy(&cp.bdaddr, &conn->dst);
789 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
790 
791 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
792 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
793 		cp.content_format = cpu_to_le16(setting);
794 
795 		switch (setting & SCO_AIRMODE_MASK) {
796 		case SCO_AIRMODE_TRANSP:
797 			if (conn->pkt_type & ESCO_2EV3)
798 				cp.max_latency = cpu_to_le16(0x0008);
799 			else
800 				cp.max_latency = cpu_to_le16(0x000D);
801 			cp.retrans_effort = 0x02;
802 			break;
803 		case SCO_AIRMODE_CVSD:
804 			cp.max_latency = cpu_to_le16(0xffff);
805 			cp.retrans_effort = 0xff;
806 			break;
807 		default:
808 			/* use CVSD settings as fallback */
809 			cp.max_latency = cpu_to_le16(0xffff);
810 			cp.retrans_effort = 0xff;
811 			break;
812 		}
813 
814 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
815 			     sizeof(cp), &cp);
816 	}
817 }
818 
819 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
820 			    size_t len, int flags)
821 {
822 	struct sock *sk = sock->sk;
823 	struct sco_pinfo *pi = sco_pi(sk);
824 
825 	lock_sock(sk);
826 
827 	if (sk->sk_state == BT_CONNECT2 &&
828 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
829 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
830 		sk->sk_state = BT_CONFIG;
831 
832 		release_sock(sk);
833 		return 0;
834 	}
835 
836 	release_sock(sk);
837 
838 	return bt_sock_recvmsg(sock, msg, len, flags);
839 }
840 
841 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
842 			       sockptr_t optval, unsigned int optlen)
843 {
844 	struct sock *sk = sock->sk;
845 	int len, err = 0;
846 	struct bt_voice voice;
847 	u32 opt;
848 	struct bt_codecs *codecs;
849 	struct hci_dev *hdev;
850 	__u8 buffer[255];
851 
852 	BT_DBG("sk %p", sk);
853 
854 	lock_sock(sk);
855 
856 	switch (optname) {
857 
858 	case BT_DEFER_SETUP:
859 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
860 			err = -EINVAL;
861 			break;
862 		}
863 
864 		if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
865 			err = -EFAULT;
866 			break;
867 		}
868 
869 		if (opt)
870 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
871 		else
872 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
873 		break;
874 
875 	case BT_VOICE:
876 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
877 		    sk->sk_state != BT_CONNECT2) {
878 			err = -EINVAL;
879 			break;
880 		}
881 
882 		voice.setting = sco_pi(sk)->setting;
883 
884 		len = min_t(unsigned int, sizeof(voice), optlen);
885 		if (copy_from_sockptr(&voice, optval, len)) {
886 			err = -EFAULT;
887 			break;
888 		}
889 
890 		/* Explicitly check for these values */
891 		if (voice.setting != BT_VOICE_TRANSPARENT &&
892 		    voice.setting != BT_VOICE_CVSD_16BIT) {
893 			err = -EINVAL;
894 			break;
895 		}
896 
897 		sco_pi(sk)->setting = voice.setting;
898 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
899 				     BDADDR_BREDR);
900 		if (!hdev) {
901 			err = -EBADFD;
902 			break;
903 		}
904 		if (enhanced_sync_conn_capable(hdev) &&
905 		    voice.setting == BT_VOICE_TRANSPARENT)
906 			sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
907 		hci_dev_put(hdev);
908 		break;
909 
910 	case BT_PKT_STATUS:
911 		if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
912 			err = -EFAULT;
913 			break;
914 		}
915 
916 		if (opt)
917 			sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
918 		else
919 			sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
920 		break;
921 
922 	case BT_CODEC:
923 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
924 		    sk->sk_state != BT_CONNECT2) {
925 			err = -EINVAL;
926 			break;
927 		}
928 
929 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
930 				     BDADDR_BREDR);
931 		if (!hdev) {
932 			err = -EBADFD;
933 			break;
934 		}
935 
936 		if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
937 			hci_dev_put(hdev);
938 			err = -EOPNOTSUPP;
939 			break;
940 		}
941 
942 		if (!hdev->get_data_path_id) {
943 			hci_dev_put(hdev);
944 			err = -EOPNOTSUPP;
945 			break;
946 		}
947 
948 		if (optlen < sizeof(struct bt_codecs) ||
949 		    optlen > sizeof(buffer)) {
950 			hci_dev_put(hdev);
951 			err = -EINVAL;
952 			break;
953 		}
954 
955 		if (copy_from_sockptr(buffer, optval, optlen)) {
956 			hci_dev_put(hdev);
957 			err = -EFAULT;
958 			break;
959 		}
960 
961 		codecs = (void *)buffer;
962 
963 		if (codecs->num_codecs > 1) {
964 			hci_dev_put(hdev);
965 			err = -EINVAL;
966 			break;
967 		}
968 
969 		sco_pi(sk)->codec = codecs->codecs[0];
970 		hci_dev_put(hdev);
971 		break;
972 
973 	default:
974 		err = -ENOPROTOOPT;
975 		break;
976 	}
977 
978 	release_sock(sk);
979 	return err;
980 }
981 
982 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
983 				   char __user *optval, int __user *optlen)
984 {
985 	struct sock *sk = sock->sk;
986 	struct sco_options opts;
987 	struct sco_conninfo cinfo;
988 	int len, err = 0;
989 
990 	BT_DBG("sk %p", sk);
991 
992 	if (get_user(len, optlen))
993 		return -EFAULT;
994 
995 	lock_sock(sk);
996 
997 	switch (optname) {
998 	case SCO_OPTIONS:
999 		if (sk->sk_state != BT_CONNECTED &&
1000 		    !(sk->sk_state == BT_CONNECT2 &&
1001 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1002 			err = -ENOTCONN;
1003 			break;
1004 		}
1005 
1006 		opts.mtu = sco_pi(sk)->conn->mtu;
1007 
1008 		BT_DBG("mtu %u", opts.mtu);
1009 
1010 		len = min_t(unsigned int, len, sizeof(opts));
1011 		if (copy_to_user(optval, (char *)&opts, len))
1012 			err = -EFAULT;
1013 
1014 		break;
1015 
1016 	case SCO_CONNINFO:
1017 		if (sk->sk_state != BT_CONNECTED &&
1018 		    !(sk->sk_state == BT_CONNECT2 &&
1019 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1020 			err = -ENOTCONN;
1021 			break;
1022 		}
1023 
1024 		memset(&cinfo, 0, sizeof(cinfo));
1025 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1026 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1027 
1028 		len = min_t(unsigned int, len, sizeof(cinfo));
1029 		if (copy_to_user(optval, (char *)&cinfo, len))
1030 			err = -EFAULT;
1031 
1032 		break;
1033 
1034 	default:
1035 		err = -ENOPROTOOPT;
1036 		break;
1037 	}
1038 
1039 	release_sock(sk);
1040 	return err;
1041 }
1042 
1043 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1044 			       char __user *optval, int __user *optlen)
1045 {
1046 	struct sock *sk = sock->sk;
1047 	int len, err = 0;
1048 	struct bt_voice voice;
1049 	u32 phys;
1050 	int pkt_status;
1051 	int buf_len;
1052 	struct codec_list *c;
1053 	u8 num_codecs, i, __user *ptr;
1054 	struct hci_dev *hdev;
1055 	struct hci_codec_caps *caps;
1056 	struct bt_codec codec;
1057 
1058 	BT_DBG("sk %p", sk);
1059 
1060 	if (level == SOL_SCO)
1061 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1062 
1063 	if (get_user(len, optlen))
1064 		return -EFAULT;
1065 
1066 	lock_sock(sk);
1067 
1068 	switch (optname) {
1069 
1070 	case BT_DEFER_SETUP:
1071 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1072 			err = -EINVAL;
1073 			break;
1074 		}
1075 
1076 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1077 			     (u32 __user *)optval))
1078 			err = -EFAULT;
1079 
1080 		break;
1081 
1082 	case BT_VOICE:
1083 		voice.setting = sco_pi(sk)->setting;
1084 
1085 		len = min_t(unsigned int, len, sizeof(voice));
1086 		if (copy_to_user(optval, (char *)&voice, len))
1087 			err = -EFAULT;
1088 
1089 		break;
1090 
1091 	case BT_PHY:
1092 		if (sk->sk_state != BT_CONNECTED) {
1093 			err = -ENOTCONN;
1094 			break;
1095 		}
1096 
1097 		phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1098 
1099 		if (put_user(phys, (u32 __user *) optval))
1100 			err = -EFAULT;
1101 		break;
1102 
1103 	case BT_PKT_STATUS:
1104 		pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1105 
1106 		if (put_user(pkt_status, (int __user *)optval))
1107 			err = -EFAULT;
1108 		break;
1109 
1110 	case BT_SNDMTU:
1111 	case BT_RCVMTU:
1112 		if (sk->sk_state != BT_CONNECTED) {
1113 			err = -ENOTCONN;
1114 			break;
1115 		}
1116 
1117 		if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1118 			err = -EFAULT;
1119 		break;
1120 
1121 	case BT_CODEC:
1122 		num_codecs = 0;
1123 		buf_len = 0;
1124 
1125 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1126 		if (!hdev) {
1127 			err = -EBADFD;
1128 			break;
1129 		}
1130 
1131 		if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1132 			hci_dev_put(hdev);
1133 			err = -EOPNOTSUPP;
1134 			break;
1135 		}
1136 
1137 		if (!hdev->get_data_path_id) {
1138 			hci_dev_put(hdev);
1139 			err = -EOPNOTSUPP;
1140 			break;
1141 		}
1142 
1143 		release_sock(sk);
1144 
1145 		/* find total buffer size required to copy codec + caps */
1146 		hci_dev_lock(hdev);
1147 		list_for_each_entry(c, &hdev->local_codecs, list) {
1148 			if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1149 				continue;
1150 			num_codecs++;
1151 			for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1152 				buf_len += 1 + caps->len;
1153 				caps = (void *)&caps->data[caps->len];
1154 			}
1155 			buf_len += sizeof(struct bt_codec);
1156 		}
1157 		hci_dev_unlock(hdev);
1158 
1159 		buf_len += sizeof(struct bt_codecs);
1160 		if (buf_len > len) {
1161 			hci_dev_put(hdev);
1162 			return -ENOBUFS;
1163 		}
1164 		ptr = optval;
1165 
1166 		if (put_user(num_codecs, ptr)) {
1167 			hci_dev_put(hdev);
1168 			return -EFAULT;
1169 		}
1170 		ptr += sizeof(num_codecs);
1171 
1172 		/* Iterate all the codecs supported over SCO and populate
1173 		 * codec data
1174 		 */
1175 		hci_dev_lock(hdev);
1176 		list_for_each_entry(c, &hdev->local_codecs, list) {
1177 			if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1178 				continue;
1179 
1180 			codec.id = c->id;
1181 			codec.cid = c->cid;
1182 			codec.vid = c->vid;
1183 			err = hdev->get_data_path_id(hdev, &codec.data_path);
1184 			if (err < 0)
1185 				break;
1186 			codec.num_caps = c->num_caps;
1187 			if (copy_to_user(ptr, &codec, sizeof(codec))) {
1188 				err = -EFAULT;
1189 				break;
1190 			}
1191 			ptr += sizeof(codec);
1192 
1193 			/* find codec capabilities data length */
1194 			len = 0;
1195 			for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1196 				len += 1 + caps->len;
1197 				caps = (void *)&caps->data[caps->len];
1198 			}
1199 
1200 			/* copy codec capabilities data */
1201 			if (len && copy_to_user(ptr, c->caps, len)) {
1202 				err = -EFAULT;
1203 				break;
1204 			}
1205 			ptr += len;
1206 		}
1207 
1208 		hci_dev_unlock(hdev);
1209 		hci_dev_put(hdev);
1210 
1211 		lock_sock(sk);
1212 
1213 		if (!err && put_user(buf_len, optlen))
1214 			err = -EFAULT;
1215 
1216 		break;
1217 
1218 	default:
1219 		err = -ENOPROTOOPT;
1220 		break;
1221 	}
1222 
1223 	release_sock(sk);
1224 	return err;
1225 }
1226 
1227 static int sco_sock_shutdown(struct socket *sock, int how)
1228 {
1229 	struct sock *sk = sock->sk;
1230 	int err = 0;
1231 
1232 	BT_DBG("sock %p, sk %p", sock, sk);
1233 
1234 	if (!sk)
1235 		return 0;
1236 
1237 	sock_hold(sk);
1238 	lock_sock(sk);
1239 
1240 	if (!sk->sk_shutdown) {
1241 		sk->sk_shutdown = SHUTDOWN_MASK;
1242 		sco_sock_clear_timer(sk);
1243 		__sco_sock_close(sk);
1244 
1245 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1246 		    !(current->flags & PF_EXITING))
1247 			err = bt_sock_wait_state(sk, BT_CLOSED,
1248 						 sk->sk_lingertime);
1249 	}
1250 
1251 	release_sock(sk);
1252 	sock_put(sk);
1253 
1254 	return err;
1255 }
1256 
1257 static int sco_sock_release(struct socket *sock)
1258 {
1259 	struct sock *sk = sock->sk;
1260 	int err = 0;
1261 
1262 	BT_DBG("sock %p, sk %p", sock, sk);
1263 
1264 	if (!sk)
1265 		return 0;
1266 
1267 	sco_sock_close(sk);
1268 
1269 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1270 	    !(current->flags & PF_EXITING)) {
1271 		lock_sock(sk);
1272 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1273 		release_sock(sk);
1274 	}
1275 
1276 	sock_orphan(sk);
1277 	sco_sock_kill(sk);
1278 	return err;
1279 }
1280 
1281 static void sco_conn_ready(struct sco_conn *conn)
1282 {
1283 	struct sock *parent;
1284 	struct sock *sk = conn->sk;
1285 
1286 	BT_DBG("conn %p", conn);
1287 
1288 	if (sk) {
1289 		lock_sock(sk);
1290 		sco_sock_clear_timer(sk);
1291 		sk->sk_state = BT_CONNECTED;
1292 		sk->sk_state_change(sk);
1293 		release_sock(sk);
1294 	} else {
1295 		sco_conn_lock(conn);
1296 
1297 		if (!conn->hcon) {
1298 			sco_conn_unlock(conn);
1299 			return;
1300 		}
1301 
1302 		parent = sco_get_sock_listen(&conn->hcon->src);
1303 		if (!parent) {
1304 			sco_conn_unlock(conn);
1305 			return;
1306 		}
1307 
1308 		lock_sock(parent);
1309 
1310 		sk = sco_sock_alloc(sock_net(parent), NULL,
1311 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1312 		if (!sk) {
1313 			release_sock(parent);
1314 			sco_conn_unlock(conn);
1315 			return;
1316 		}
1317 
1318 		sco_sock_init(sk, parent);
1319 
1320 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1321 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1322 
1323 		hci_conn_hold(conn->hcon);
1324 		__sco_chan_add(conn, sk, parent);
1325 
1326 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1327 			sk->sk_state = BT_CONNECT2;
1328 		else
1329 			sk->sk_state = BT_CONNECTED;
1330 
1331 		/* Wake up parent */
1332 		parent->sk_data_ready(parent);
1333 
1334 		release_sock(parent);
1335 
1336 		sco_conn_unlock(conn);
1337 	}
1338 }
1339 
1340 /* ----- SCO interface with lower layer (HCI) ----- */
1341 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1342 {
1343 	struct sock *sk;
1344 	int lm = 0;
1345 
1346 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1347 
1348 	/* Find listening sockets */
1349 	read_lock(&sco_sk_list.lock);
1350 	sk_for_each(sk, &sco_sk_list.head) {
1351 		if (sk->sk_state != BT_LISTEN)
1352 			continue;
1353 
1354 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1355 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1356 			lm |= HCI_LM_ACCEPT;
1357 
1358 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1359 				*flags |= HCI_PROTO_DEFER;
1360 			break;
1361 		}
1362 	}
1363 	read_unlock(&sco_sk_list.lock);
1364 
1365 	return lm;
1366 }
1367 
1368 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1369 {
1370 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1371 		return;
1372 
1373 	BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1374 
1375 	if (!status) {
1376 		struct sco_conn *conn;
1377 
1378 		conn = sco_conn_add(hcon);
1379 		if (conn)
1380 			sco_conn_ready(conn);
1381 	} else
1382 		sco_conn_del(hcon, bt_to_errno(status));
1383 }
1384 
1385 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1386 {
1387 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1388 		return;
1389 
1390 	BT_DBG("hcon %p reason %d", hcon, reason);
1391 
1392 	sco_conn_del(hcon, bt_to_errno(reason));
1393 }
1394 
1395 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1396 {
1397 	struct sco_conn *conn = hcon->sco_data;
1398 
1399 	if (!conn)
1400 		goto drop;
1401 
1402 	BT_DBG("conn %p len %u", conn, skb->len);
1403 
1404 	if (skb->len) {
1405 		sco_recv_frame(conn, skb);
1406 		return;
1407 	}
1408 
1409 drop:
1410 	kfree_skb(skb);
1411 }
1412 
1413 static struct hci_cb sco_cb = {
1414 	.name		= "SCO",
1415 	.connect_cfm	= sco_connect_cfm,
1416 	.disconn_cfm	= sco_disconn_cfm,
1417 };
1418 
1419 static int sco_debugfs_show(struct seq_file *f, void *p)
1420 {
1421 	struct sock *sk;
1422 
1423 	read_lock(&sco_sk_list.lock);
1424 
1425 	sk_for_each(sk, &sco_sk_list.head) {
1426 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1427 			   &sco_pi(sk)->dst, sk->sk_state);
1428 	}
1429 
1430 	read_unlock(&sco_sk_list.lock);
1431 
1432 	return 0;
1433 }
1434 
1435 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1436 
1437 static struct dentry *sco_debugfs;
1438 
1439 static const struct proto_ops sco_sock_ops = {
1440 	.family		= PF_BLUETOOTH,
1441 	.owner		= THIS_MODULE,
1442 	.release	= sco_sock_release,
1443 	.bind		= sco_sock_bind,
1444 	.connect	= sco_sock_connect,
1445 	.listen		= sco_sock_listen,
1446 	.accept		= sco_sock_accept,
1447 	.getname	= sco_sock_getname,
1448 	.sendmsg	= sco_sock_sendmsg,
1449 	.recvmsg	= sco_sock_recvmsg,
1450 	.poll		= bt_sock_poll,
1451 	.ioctl		= bt_sock_ioctl,
1452 	.gettstamp	= sock_gettstamp,
1453 	.mmap		= sock_no_mmap,
1454 	.socketpair	= sock_no_socketpair,
1455 	.shutdown	= sco_sock_shutdown,
1456 	.setsockopt	= sco_sock_setsockopt,
1457 	.getsockopt	= sco_sock_getsockopt
1458 };
1459 
1460 static const struct net_proto_family sco_sock_family_ops = {
1461 	.family	= PF_BLUETOOTH,
1462 	.owner	= THIS_MODULE,
1463 	.create	= sco_sock_create,
1464 };
1465 
1466 int __init sco_init(void)
1467 {
1468 	int err;
1469 
1470 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1471 
1472 	err = proto_register(&sco_proto, 0);
1473 	if (err < 0)
1474 		return err;
1475 
1476 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1477 	if (err < 0) {
1478 		BT_ERR("SCO socket registration failed");
1479 		goto error;
1480 	}
1481 
1482 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1483 	if (err < 0) {
1484 		BT_ERR("Failed to create SCO proc file");
1485 		bt_sock_unregister(BTPROTO_SCO);
1486 		goto error;
1487 	}
1488 
1489 	BT_INFO("SCO socket layer initialized");
1490 
1491 	hci_register_cb(&sco_cb);
1492 
1493 	if (IS_ERR_OR_NULL(bt_debugfs))
1494 		return 0;
1495 
1496 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1497 					  NULL, &sco_debugfs_fops);
1498 
1499 	return 0;
1500 
1501 error:
1502 	proto_unregister(&sco_proto);
1503 	return err;
1504 }
1505 
1506 void sco_exit(void)
1507 {
1508 	bt_procfs_cleanup(&init_net, "sco");
1509 
1510 	debugfs_remove(sco_debugfs);
1511 
1512 	hci_unregister_cb(&sco_cb);
1513 
1514 	bt_sock_unregister(BTPROTO_SCO);
1515 
1516 	proto_unregister(&sco_proto);
1517 }
1518 
1519 module_param(disable_esco, bool, 0644);
1520 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1521