1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static void sco_sock_timeout(struct work_struct *work) 80 { 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 sk = conn->sk; 87 if (sk) 88 sock_hold(sk); 89 sco_conn_unlock(conn); 90 91 if (!sk) 92 return; 93 94 BT_DBG("sock %p state %d", sk, sk->sk_state); 95 96 lock_sock(sk); 97 sk->sk_err = ETIMEDOUT; 98 sk->sk_state_change(sk); 99 release_sock(sk); 100 sock_put(sk); 101 } 102 103 static void sco_sock_set_timer(struct sock *sk, long timeout) 104 { 105 if (!sco_pi(sk)->conn) 106 return; 107 108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 109 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 110 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 111 } 112 113 static void sco_sock_clear_timer(struct sock *sk) 114 { 115 if (!sco_pi(sk)->conn) 116 return; 117 118 BT_DBG("sock %p state %d", sk, sk->sk_state); 119 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 120 } 121 122 /* ---- SCO connections ---- */ 123 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 124 { 125 struct hci_dev *hdev = hcon->hdev; 126 struct sco_conn *conn = hcon->sco_data; 127 128 if (conn) { 129 if (!conn->hcon) 130 conn->hcon = hcon; 131 return conn; 132 } 133 134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 135 if (!conn) 136 return NULL; 137 138 spin_lock_init(&conn->lock); 139 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 140 141 hcon->sco_data = conn; 142 conn->hcon = hcon; 143 144 if (hdev->sco_mtu > 0) 145 conn->mtu = hdev->sco_mtu; 146 else 147 conn->mtu = 60; 148 149 BT_DBG("hcon %p conn %p", hcon, conn); 150 151 return conn; 152 } 153 154 /* Delete channel. 155 * Must be called on the locked socket. */ 156 static void sco_chan_del(struct sock *sk, int err) 157 { 158 struct sco_conn *conn; 159 160 conn = sco_pi(sk)->conn; 161 162 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 163 164 if (conn) { 165 sco_conn_lock(conn); 166 conn->sk = NULL; 167 sco_pi(sk)->conn = NULL; 168 sco_conn_unlock(conn); 169 170 if (conn->hcon) 171 hci_conn_drop(conn->hcon); 172 } 173 174 sk->sk_state = BT_CLOSED; 175 sk->sk_err = err; 176 sk->sk_state_change(sk); 177 178 sock_set_flag(sk, SOCK_ZAPPED); 179 } 180 181 static void sco_conn_del(struct hci_conn *hcon, int err) 182 { 183 struct sco_conn *conn = hcon->sco_data; 184 struct sock *sk; 185 186 if (!conn) 187 return; 188 189 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 190 191 /* Kill socket */ 192 sco_conn_lock(conn); 193 sk = conn->sk; 194 if (sk) 195 sock_hold(sk); 196 sco_conn_unlock(conn); 197 198 if (sk) { 199 lock_sock(sk); 200 sco_sock_clear_timer(sk); 201 sco_chan_del(sk, err); 202 release_sock(sk); 203 sock_put(sk); 204 } 205 206 /* Ensure no more work items will run before freeing conn. */ 207 cancel_delayed_work_sync(&conn->timeout_work); 208 209 hcon->sco_data = NULL; 210 kfree(conn); 211 } 212 213 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 214 struct sock *parent) 215 { 216 BT_DBG("conn %p", conn); 217 218 sco_pi(sk)->conn = conn; 219 conn->sk = sk; 220 221 if (parent) 222 bt_accept_enqueue(parent, sk, true); 223 } 224 225 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 226 struct sock *parent) 227 { 228 int err = 0; 229 230 sco_conn_lock(conn); 231 if (conn->sk) 232 err = -EBUSY; 233 else 234 __sco_chan_add(conn, sk, parent); 235 236 sco_conn_unlock(conn); 237 return err; 238 } 239 240 static int sco_connect(struct sock *sk) 241 { 242 struct sco_conn *conn; 243 struct hci_conn *hcon; 244 struct hci_dev *hdev; 245 int err, type; 246 247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 248 249 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 250 if (!hdev) 251 return -EHOSTUNREACH; 252 253 hci_dev_lock(hdev); 254 255 if (lmp_esco_capable(hdev) && !disable_esco) 256 type = ESCO_LINK; 257 else 258 type = SCO_LINK; 259 260 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 261 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 262 err = -EOPNOTSUPP; 263 goto unlock; 264 } 265 266 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 267 sco_pi(sk)->setting, &sco_pi(sk)->codec); 268 if (IS_ERR(hcon)) { 269 err = PTR_ERR(hcon); 270 goto unlock; 271 } 272 273 conn = sco_conn_add(hcon); 274 if (!conn) { 275 hci_conn_drop(hcon); 276 err = -ENOMEM; 277 goto unlock; 278 } 279 280 lock_sock(sk); 281 282 err = sco_chan_add(conn, sk, NULL); 283 if (err) { 284 release_sock(sk); 285 goto unlock; 286 } 287 288 /* Update source addr of the socket */ 289 bacpy(&sco_pi(sk)->src, &hcon->src); 290 291 if (hcon->state == BT_CONNECTED) { 292 sco_sock_clear_timer(sk); 293 sk->sk_state = BT_CONNECTED; 294 } else { 295 sk->sk_state = BT_CONNECT; 296 sco_sock_set_timer(sk, sk->sk_sndtimeo); 297 } 298 299 release_sock(sk); 300 301 unlock: 302 hci_dev_unlock(hdev); 303 hci_dev_put(hdev); 304 return err; 305 } 306 307 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 308 { 309 struct sco_conn *conn = sco_pi(sk)->conn; 310 int len = skb->len; 311 312 /* Check outgoing MTU */ 313 if (len > conn->mtu) 314 return -EINVAL; 315 316 BT_DBG("sk %p len %d", sk, len); 317 318 hci_send_sco(conn->hcon, skb); 319 320 return len; 321 } 322 323 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 324 { 325 struct sock *sk; 326 327 sco_conn_lock(conn); 328 sk = conn->sk; 329 sco_conn_unlock(conn); 330 331 if (!sk) 332 goto drop; 333 334 BT_DBG("sk %p len %u", sk, skb->len); 335 336 if (sk->sk_state != BT_CONNECTED) 337 goto drop; 338 339 if (!sock_queue_rcv_skb(sk, skb)) 340 return; 341 342 drop: 343 kfree_skb(skb); 344 } 345 346 /* -------- Socket interface ---------- */ 347 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 348 { 349 struct sock *sk; 350 351 sk_for_each(sk, &sco_sk_list.head) { 352 if (sk->sk_state != BT_LISTEN) 353 continue; 354 355 if (!bacmp(&sco_pi(sk)->src, ba)) 356 return sk; 357 } 358 359 return NULL; 360 } 361 362 /* Find socket listening on source bdaddr. 363 * Returns closest match. 364 */ 365 static struct sock *sco_get_sock_listen(bdaddr_t *src) 366 { 367 struct sock *sk = NULL, *sk1 = NULL; 368 369 read_lock(&sco_sk_list.lock); 370 371 sk_for_each(sk, &sco_sk_list.head) { 372 if (sk->sk_state != BT_LISTEN) 373 continue; 374 375 /* Exact match. */ 376 if (!bacmp(&sco_pi(sk)->src, src)) 377 break; 378 379 /* Closest match */ 380 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 381 sk1 = sk; 382 } 383 384 read_unlock(&sco_sk_list.lock); 385 386 return sk ? sk : sk1; 387 } 388 389 static void sco_sock_destruct(struct sock *sk) 390 { 391 BT_DBG("sk %p", sk); 392 393 skb_queue_purge(&sk->sk_receive_queue); 394 skb_queue_purge(&sk->sk_write_queue); 395 } 396 397 static void sco_sock_cleanup_listen(struct sock *parent) 398 { 399 struct sock *sk; 400 401 BT_DBG("parent %p", parent); 402 403 /* Close not yet accepted channels */ 404 while ((sk = bt_accept_dequeue(parent, NULL))) { 405 sco_sock_close(sk); 406 sco_sock_kill(sk); 407 } 408 409 parent->sk_state = BT_CLOSED; 410 sock_set_flag(parent, SOCK_ZAPPED); 411 } 412 413 /* Kill socket (only if zapped and orphan) 414 * Must be called on unlocked socket. 415 */ 416 static void sco_sock_kill(struct sock *sk) 417 { 418 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 419 return; 420 421 BT_DBG("sk %p state %d", sk, sk->sk_state); 422 423 /* Kill poor orphan */ 424 bt_sock_unlink(&sco_sk_list, sk); 425 sock_set_flag(sk, SOCK_DEAD); 426 sock_put(sk); 427 } 428 429 static void __sco_sock_close(struct sock *sk) 430 { 431 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 432 433 switch (sk->sk_state) { 434 case BT_LISTEN: 435 sco_sock_cleanup_listen(sk); 436 break; 437 438 case BT_CONNECTED: 439 case BT_CONFIG: 440 if (sco_pi(sk)->conn->hcon) { 441 sk->sk_state = BT_DISCONN; 442 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 443 sco_conn_lock(sco_pi(sk)->conn); 444 hci_conn_drop(sco_pi(sk)->conn->hcon); 445 sco_pi(sk)->conn->hcon = NULL; 446 sco_conn_unlock(sco_pi(sk)->conn); 447 } else 448 sco_chan_del(sk, ECONNRESET); 449 break; 450 451 case BT_CONNECT2: 452 case BT_CONNECT: 453 case BT_DISCONN: 454 sco_chan_del(sk, ECONNRESET); 455 break; 456 457 default: 458 sock_set_flag(sk, SOCK_ZAPPED); 459 break; 460 } 461 462 } 463 464 /* Must be called on unlocked socket. */ 465 static void sco_sock_close(struct sock *sk) 466 { 467 lock_sock(sk); 468 sco_sock_clear_timer(sk); 469 __sco_sock_close(sk); 470 release_sock(sk); 471 } 472 473 static void sco_sock_init(struct sock *sk, struct sock *parent) 474 { 475 BT_DBG("sk %p", sk); 476 477 if (parent) { 478 sk->sk_type = parent->sk_type; 479 bt_sk(sk)->flags = bt_sk(parent)->flags; 480 security_sk_clone(parent, sk); 481 } 482 } 483 484 static struct proto sco_proto = { 485 .name = "SCO", 486 .owner = THIS_MODULE, 487 .obj_size = sizeof(struct sco_pinfo) 488 }; 489 490 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 491 int proto, gfp_t prio, int kern) 492 { 493 struct sock *sk; 494 495 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 496 if (!sk) 497 return NULL; 498 499 sk->sk_destruct = sco_sock_destruct; 500 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 501 502 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 503 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 504 sco_pi(sk)->codec.cid = 0xffff; 505 sco_pi(sk)->codec.vid = 0xffff; 506 sco_pi(sk)->codec.data_path = 0x00; 507 508 bt_sock_link(&sco_sk_list, sk); 509 return sk; 510 } 511 512 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 513 int kern) 514 { 515 struct sock *sk; 516 517 BT_DBG("sock %p", sock); 518 519 sock->state = SS_UNCONNECTED; 520 521 if (sock->type != SOCK_SEQPACKET) 522 return -ESOCKTNOSUPPORT; 523 524 sock->ops = &sco_sock_ops; 525 526 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 527 if (!sk) 528 return -ENOMEM; 529 530 sco_sock_init(sk, NULL); 531 return 0; 532 } 533 534 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 535 int addr_len) 536 { 537 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 538 struct sock *sk = sock->sk; 539 int err = 0; 540 541 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 542 addr->sa_family != AF_BLUETOOTH) 543 return -EINVAL; 544 545 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 546 547 lock_sock(sk); 548 549 if (sk->sk_state != BT_OPEN) { 550 err = -EBADFD; 551 goto done; 552 } 553 554 if (sk->sk_type != SOCK_SEQPACKET) { 555 err = -EINVAL; 556 goto done; 557 } 558 559 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 560 561 sk->sk_state = BT_BOUND; 562 563 done: 564 release_sock(sk); 565 return err; 566 } 567 568 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 569 { 570 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 571 struct sock *sk = sock->sk; 572 int err; 573 574 BT_DBG("sk %p", sk); 575 576 if (alen < sizeof(struct sockaddr_sco) || 577 addr->sa_family != AF_BLUETOOTH) 578 return -EINVAL; 579 580 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 581 return -EBADFD; 582 583 if (sk->sk_type != SOCK_SEQPACKET) 584 err = -EINVAL; 585 586 lock_sock(sk); 587 /* Set destination address and psm */ 588 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 589 release_sock(sk); 590 591 err = sco_connect(sk); 592 if (err) 593 return err; 594 595 lock_sock(sk); 596 597 err = bt_sock_wait_state(sk, BT_CONNECTED, 598 sock_sndtimeo(sk, flags & O_NONBLOCK)); 599 600 release_sock(sk); 601 return err; 602 } 603 604 static int sco_sock_listen(struct socket *sock, int backlog) 605 { 606 struct sock *sk = sock->sk; 607 bdaddr_t *src = &sco_pi(sk)->src; 608 int err = 0; 609 610 BT_DBG("sk %p backlog %d", sk, backlog); 611 612 lock_sock(sk); 613 614 if (sk->sk_state != BT_BOUND) { 615 err = -EBADFD; 616 goto done; 617 } 618 619 if (sk->sk_type != SOCK_SEQPACKET) { 620 err = -EINVAL; 621 goto done; 622 } 623 624 write_lock(&sco_sk_list.lock); 625 626 if (__sco_get_sock_listen_by_addr(src)) { 627 err = -EADDRINUSE; 628 goto unlock; 629 } 630 631 sk->sk_max_ack_backlog = backlog; 632 sk->sk_ack_backlog = 0; 633 634 sk->sk_state = BT_LISTEN; 635 636 unlock: 637 write_unlock(&sco_sk_list.lock); 638 639 done: 640 release_sock(sk); 641 return err; 642 } 643 644 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 645 int flags, bool kern) 646 { 647 DEFINE_WAIT_FUNC(wait, woken_wake_function); 648 struct sock *sk = sock->sk, *ch; 649 long timeo; 650 int err = 0; 651 652 lock_sock(sk); 653 654 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 655 656 BT_DBG("sk %p timeo %ld", sk, timeo); 657 658 /* Wait for an incoming connection. (wake-one). */ 659 add_wait_queue_exclusive(sk_sleep(sk), &wait); 660 while (1) { 661 if (sk->sk_state != BT_LISTEN) { 662 err = -EBADFD; 663 break; 664 } 665 666 ch = bt_accept_dequeue(sk, newsock); 667 if (ch) 668 break; 669 670 if (!timeo) { 671 err = -EAGAIN; 672 break; 673 } 674 675 if (signal_pending(current)) { 676 err = sock_intr_errno(timeo); 677 break; 678 } 679 680 release_sock(sk); 681 682 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 683 lock_sock(sk); 684 } 685 remove_wait_queue(sk_sleep(sk), &wait); 686 687 if (err) 688 goto done; 689 690 newsock->state = SS_CONNECTED; 691 692 BT_DBG("new socket %p", ch); 693 694 done: 695 release_sock(sk); 696 return err; 697 } 698 699 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 700 int peer) 701 { 702 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 703 struct sock *sk = sock->sk; 704 705 BT_DBG("sock %p, sk %p", sock, sk); 706 707 addr->sa_family = AF_BLUETOOTH; 708 709 if (peer) 710 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 711 else 712 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 713 714 return sizeof(struct sockaddr_sco); 715 } 716 717 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 718 size_t len) 719 { 720 struct sock *sk = sock->sk; 721 struct sk_buff *skb; 722 int err; 723 724 BT_DBG("sock %p, sk %p", sock, sk); 725 726 err = sock_error(sk); 727 if (err) 728 return err; 729 730 if (msg->msg_flags & MSG_OOB) 731 return -EOPNOTSUPP; 732 733 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 734 if (IS_ERR(skb)) 735 return PTR_ERR(skb); 736 737 lock_sock(sk); 738 739 if (sk->sk_state == BT_CONNECTED) 740 err = sco_send_frame(sk, skb); 741 else 742 err = -ENOTCONN; 743 744 release_sock(sk); 745 746 if (err < 0) 747 kfree_skb(skb); 748 return err; 749 } 750 751 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 752 { 753 struct hci_dev *hdev = conn->hdev; 754 755 BT_DBG("conn %p", conn); 756 757 conn->state = BT_CONFIG; 758 759 if (!lmp_esco_capable(hdev)) { 760 struct hci_cp_accept_conn_req cp; 761 762 bacpy(&cp.bdaddr, &conn->dst); 763 cp.role = 0x00; /* Ignored */ 764 765 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 766 } else { 767 struct hci_cp_accept_sync_conn_req cp; 768 769 bacpy(&cp.bdaddr, &conn->dst); 770 cp.pkt_type = cpu_to_le16(conn->pkt_type); 771 772 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 773 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 774 cp.content_format = cpu_to_le16(setting); 775 776 switch (setting & SCO_AIRMODE_MASK) { 777 case SCO_AIRMODE_TRANSP: 778 if (conn->pkt_type & ESCO_2EV3) 779 cp.max_latency = cpu_to_le16(0x0008); 780 else 781 cp.max_latency = cpu_to_le16(0x000D); 782 cp.retrans_effort = 0x02; 783 break; 784 case SCO_AIRMODE_CVSD: 785 cp.max_latency = cpu_to_le16(0xffff); 786 cp.retrans_effort = 0xff; 787 break; 788 default: 789 /* use CVSD settings as fallback */ 790 cp.max_latency = cpu_to_le16(0xffff); 791 cp.retrans_effort = 0xff; 792 break; 793 } 794 795 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 796 sizeof(cp), &cp); 797 } 798 } 799 800 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 801 size_t len, int flags) 802 { 803 struct sock *sk = sock->sk; 804 struct sco_pinfo *pi = sco_pi(sk); 805 806 lock_sock(sk); 807 808 if (sk->sk_state == BT_CONNECT2 && 809 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 810 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 811 sk->sk_state = BT_CONFIG; 812 813 release_sock(sk); 814 return 0; 815 } 816 817 release_sock(sk); 818 819 return bt_sock_recvmsg(sock, msg, len, flags); 820 } 821 822 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 823 sockptr_t optval, unsigned int optlen) 824 { 825 struct sock *sk = sock->sk; 826 int len, err = 0; 827 struct bt_voice voice; 828 u32 opt; 829 struct bt_codecs *codecs; 830 struct hci_dev *hdev; 831 __u8 buffer[255]; 832 833 BT_DBG("sk %p", sk); 834 835 lock_sock(sk); 836 837 switch (optname) { 838 839 case BT_DEFER_SETUP: 840 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 841 err = -EINVAL; 842 break; 843 } 844 845 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 846 err = -EFAULT; 847 break; 848 } 849 850 if (opt) 851 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 852 else 853 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 854 break; 855 856 case BT_VOICE: 857 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 858 sk->sk_state != BT_CONNECT2) { 859 err = -EINVAL; 860 break; 861 } 862 863 voice.setting = sco_pi(sk)->setting; 864 865 len = min_t(unsigned int, sizeof(voice), optlen); 866 if (copy_from_sockptr(&voice, optval, len)) { 867 err = -EFAULT; 868 break; 869 } 870 871 /* Explicitly check for these values */ 872 if (voice.setting != BT_VOICE_TRANSPARENT && 873 voice.setting != BT_VOICE_CVSD_16BIT) { 874 err = -EINVAL; 875 break; 876 } 877 878 sco_pi(sk)->setting = voice.setting; 879 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 880 BDADDR_BREDR); 881 if (!hdev) { 882 err = -EBADFD; 883 break; 884 } 885 if (enhanced_sync_conn_capable(hdev) && 886 voice.setting == BT_VOICE_TRANSPARENT) 887 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 888 hci_dev_put(hdev); 889 break; 890 891 case BT_PKT_STATUS: 892 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 893 err = -EFAULT; 894 break; 895 } 896 897 if (opt) 898 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 899 else 900 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 901 break; 902 903 case BT_CODEC: 904 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 905 sk->sk_state != BT_CONNECT2) { 906 err = -EINVAL; 907 break; 908 } 909 910 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 911 BDADDR_BREDR); 912 if (!hdev) { 913 err = -EBADFD; 914 break; 915 } 916 917 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 918 hci_dev_put(hdev); 919 err = -EOPNOTSUPP; 920 break; 921 } 922 923 if (!hdev->get_data_path_id) { 924 hci_dev_put(hdev); 925 err = -EOPNOTSUPP; 926 break; 927 } 928 929 if (optlen < sizeof(struct bt_codecs) || 930 optlen > sizeof(buffer)) { 931 hci_dev_put(hdev); 932 err = -EINVAL; 933 break; 934 } 935 936 if (copy_from_sockptr(buffer, optval, optlen)) { 937 hci_dev_put(hdev); 938 err = -EFAULT; 939 break; 940 } 941 942 codecs = (void *)buffer; 943 944 if (codecs->num_codecs > 1) { 945 hci_dev_put(hdev); 946 err = -EINVAL; 947 break; 948 } 949 950 sco_pi(sk)->codec = codecs->codecs[0]; 951 hci_dev_put(hdev); 952 break; 953 954 default: 955 err = -ENOPROTOOPT; 956 break; 957 } 958 959 release_sock(sk); 960 return err; 961 } 962 963 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 964 char __user *optval, int __user *optlen) 965 { 966 struct sock *sk = sock->sk; 967 struct sco_options opts; 968 struct sco_conninfo cinfo; 969 int len, err = 0; 970 971 BT_DBG("sk %p", sk); 972 973 if (get_user(len, optlen)) 974 return -EFAULT; 975 976 lock_sock(sk); 977 978 switch (optname) { 979 case SCO_OPTIONS: 980 if (sk->sk_state != BT_CONNECTED && 981 !(sk->sk_state == BT_CONNECT2 && 982 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 983 err = -ENOTCONN; 984 break; 985 } 986 987 opts.mtu = sco_pi(sk)->conn->mtu; 988 989 BT_DBG("mtu %u", opts.mtu); 990 991 len = min_t(unsigned int, len, sizeof(opts)); 992 if (copy_to_user(optval, (char *)&opts, len)) 993 err = -EFAULT; 994 995 break; 996 997 case SCO_CONNINFO: 998 if (sk->sk_state != BT_CONNECTED && 999 !(sk->sk_state == BT_CONNECT2 && 1000 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1001 err = -ENOTCONN; 1002 break; 1003 } 1004 1005 memset(&cinfo, 0, sizeof(cinfo)); 1006 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1007 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1008 1009 len = min_t(unsigned int, len, sizeof(cinfo)); 1010 if (copy_to_user(optval, (char *)&cinfo, len)) 1011 err = -EFAULT; 1012 1013 break; 1014 1015 default: 1016 err = -ENOPROTOOPT; 1017 break; 1018 } 1019 1020 release_sock(sk); 1021 return err; 1022 } 1023 1024 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1025 char __user *optval, int __user *optlen) 1026 { 1027 struct sock *sk = sock->sk; 1028 int len, err = 0; 1029 struct bt_voice voice; 1030 u32 phys; 1031 int buf_len; 1032 struct codec_list *c; 1033 u8 num_codecs, i, __user *ptr; 1034 struct hci_dev *hdev; 1035 struct hci_codec_caps *caps; 1036 struct bt_codec codec; 1037 1038 BT_DBG("sk %p", sk); 1039 1040 if (level == SOL_SCO) 1041 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1042 1043 if (get_user(len, optlen)) 1044 return -EFAULT; 1045 1046 lock_sock(sk); 1047 1048 switch (optname) { 1049 1050 case BT_DEFER_SETUP: 1051 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1052 err = -EINVAL; 1053 break; 1054 } 1055 1056 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1057 (u32 __user *)optval)) 1058 err = -EFAULT; 1059 1060 break; 1061 1062 case BT_VOICE: 1063 voice.setting = sco_pi(sk)->setting; 1064 1065 len = min_t(unsigned int, len, sizeof(voice)); 1066 if (copy_to_user(optval, (char *)&voice, len)) 1067 err = -EFAULT; 1068 1069 break; 1070 1071 case BT_PHY: 1072 if (sk->sk_state != BT_CONNECTED) { 1073 err = -ENOTCONN; 1074 break; 1075 } 1076 1077 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1078 1079 if (put_user(phys, (u32 __user *) optval)) 1080 err = -EFAULT; 1081 break; 1082 1083 case BT_PKT_STATUS: 1084 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1085 (int __user *)optval)) 1086 err = -EFAULT; 1087 break; 1088 1089 case BT_SNDMTU: 1090 case BT_RCVMTU: 1091 if (sk->sk_state != BT_CONNECTED) { 1092 err = -ENOTCONN; 1093 break; 1094 } 1095 1096 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1097 err = -EFAULT; 1098 break; 1099 1100 case BT_CODEC: 1101 num_codecs = 0; 1102 buf_len = 0; 1103 1104 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1105 if (!hdev) { 1106 err = -EBADFD; 1107 break; 1108 } 1109 1110 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1111 hci_dev_put(hdev); 1112 err = -EOPNOTSUPP; 1113 break; 1114 } 1115 1116 if (!hdev->get_data_path_id) { 1117 hci_dev_put(hdev); 1118 err = -EOPNOTSUPP; 1119 break; 1120 } 1121 1122 release_sock(sk); 1123 1124 /* find total buffer size required to copy codec + caps */ 1125 hci_dev_lock(hdev); 1126 list_for_each_entry(c, &hdev->local_codecs, list) { 1127 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1128 continue; 1129 num_codecs++; 1130 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1131 buf_len += 1 + caps->len; 1132 caps = (void *)&caps->data[caps->len]; 1133 } 1134 buf_len += sizeof(struct bt_codec); 1135 } 1136 hci_dev_unlock(hdev); 1137 1138 buf_len += sizeof(struct bt_codecs); 1139 if (buf_len > len) { 1140 hci_dev_put(hdev); 1141 return -ENOBUFS; 1142 } 1143 ptr = optval; 1144 1145 if (put_user(num_codecs, ptr)) { 1146 hci_dev_put(hdev); 1147 return -EFAULT; 1148 } 1149 ptr += sizeof(num_codecs); 1150 1151 /* Iterate all the codecs supported over SCO and populate 1152 * codec data 1153 */ 1154 hci_dev_lock(hdev); 1155 list_for_each_entry(c, &hdev->local_codecs, list) { 1156 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1157 continue; 1158 1159 codec.id = c->id; 1160 codec.cid = c->cid; 1161 codec.vid = c->vid; 1162 err = hdev->get_data_path_id(hdev, &codec.data_path); 1163 if (err < 0) 1164 break; 1165 codec.num_caps = c->num_caps; 1166 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1167 err = -EFAULT; 1168 break; 1169 } 1170 ptr += sizeof(codec); 1171 1172 /* find codec capabilities data length */ 1173 len = 0; 1174 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1175 len += 1 + caps->len; 1176 caps = (void *)&caps->data[caps->len]; 1177 } 1178 1179 /* copy codec capabilities data */ 1180 if (len && copy_to_user(ptr, c->caps, len)) { 1181 err = -EFAULT; 1182 break; 1183 } 1184 ptr += len; 1185 } 1186 1187 hci_dev_unlock(hdev); 1188 hci_dev_put(hdev); 1189 1190 lock_sock(sk); 1191 1192 if (!err && put_user(buf_len, optlen)) 1193 err = -EFAULT; 1194 1195 break; 1196 1197 default: 1198 err = -ENOPROTOOPT; 1199 break; 1200 } 1201 1202 release_sock(sk); 1203 return err; 1204 } 1205 1206 static int sco_sock_shutdown(struct socket *sock, int how) 1207 { 1208 struct sock *sk = sock->sk; 1209 int err = 0; 1210 1211 BT_DBG("sock %p, sk %p", sock, sk); 1212 1213 if (!sk) 1214 return 0; 1215 1216 sock_hold(sk); 1217 lock_sock(sk); 1218 1219 if (!sk->sk_shutdown) { 1220 sk->sk_shutdown = SHUTDOWN_MASK; 1221 sco_sock_clear_timer(sk); 1222 __sco_sock_close(sk); 1223 1224 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1225 !(current->flags & PF_EXITING)) 1226 err = bt_sock_wait_state(sk, BT_CLOSED, 1227 sk->sk_lingertime); 1228 } 1229 1230 release_sock(sk); 1231 sock_put(sk); 1232 1233 return err; 1234 } 1235 1236 static int sco_sock_release(struct socket *sock) 1237 { 1238 struct sock *sk = sock->sk; 1239 int err = 0; 1240 1241 BT_DBG("sock %p, sk %p", sock, sk); 1242 1243 if (!sk) 1244 return 0; 1245 1246 sco_sock_close(sk); 1247 1248 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1249 !(current->flags & PF_EXITING)) { 1250 lock_sock(sk); 1251 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1252 release_sock(sk); 1253 } 1254 1255 sock_orphan(sk); 1256 sco_sock_kill(sk); 1257 return err; 1258 } 1259 1260 static void sco_conn_ready(struct sco_conn *conn) 1261 { 1262 struct sock *parent; 1263 struct sock *sk = conn->sk; 1264 1265 BT_DBG("conn %p", conn); 1266 1267 if (sk) { 1268 lock_sock(sk); 1269 sco_sock_clear_timer(sk); 1270 sk->sk_state = BT_CONNECTED; 1271 sk->sk_state_change(sk); 1272 release_sock(sk); 1273 } else { 1274 sco_conn_lock(conn); 1275 1276 if (!conn->hcon) { 1277 sco_conn_unlock(conn); 1278 return; 1279 } 1280 1281 parent = sco_get_sock_listen(&conn->hcon->src); 1282 if (!parent) { 1283 sco_conn_unlock(conn); 1284 return; 1285 } 1286 1287 lock_sock(parent); 1288 1289 sk = sco_sock_alloc(sock_net(parent), NULL, 1290 BTPROTO_SCO, GFP_ATOMIC, 0); 1291 if (!sk) { 1292 release_sock(parent); 1293 sco_conn_unlock(conn); 1294 return; 1295 } 1296 1297 sco_sock_init(sk, parent); 1298 1299 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1300 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1301 1302 hci_conn_hold(conn->hcon); 1303 __sco_chan_add(conn, sk, parent); 1304 1305 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1306 sk->sk_state = BT_CONNECT2; 1307 else 1308 sk->sk_state = BT_CONNECTED; 1309 1310 /* Wake up parent */ 1311 parent->sk_data_ready(parent); 1312 1313 release_sock(parent); 1314 1315 sco_conn_unlock(conn); 1316 } 1317 } 1318 1319 /* ----- SCO interface with lower layer (HCI) ----- */ 1320 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1321 { 1322 struct sock *sk; 1323 int lm = 0; 1324 1325 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1326 1327 /* Find listening sockets */ 1328 read_lock(&sco_sk_list.lock); 1329 sk_for_each(sk, &sco_sk_list.head) { 1330 if (sk->sk_state != BT_LISTEN) 1331 continue; 1332 1333 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1334 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1335 lm |= HCI_LM_ACCEPT; 1336 1337 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1338 *flags |= HCI_PROTO_DEFER; 1339 break; 1340 } 1341 } 1342 read_unlock(&sco_sk_list.lock); 1343 1344 return lm; 1345 } 1346 1347 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1348 { 1349 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1350 return; 1351 1352 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1353 1354 if (!status) { 1355 struct sco_conn *conn; 1356 1357 conn = sco_conn_add(hcon); 1358 if (conn) 1359 sco_conn_ready(conn); 1360 } else 1361 sco_conn_del(hcon, bt_to_errno(status)); 1362 } 1363 1364 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1365 { 1366 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1367 return; 1368 1369 BT_DBG("hcon %p reason %d", hcon, reason); 1370 1371 sco_conn_del(hcon, bt_to_errno(reason)); 1372 } 1373 1374 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1375 { 1376 struct sco_conn *conn = hcon->sco_data; 1377 1378 if (!conn) 1379 goto drop; 1380 1381 BT_DBG("conn %p len %u", conn, skb->len); 1382 1383 if (skb->len) { 1384 sco_recv_frame(conn, skb); 1385 return; 1386 } 1387 1388 drop: 1389 kfree_skb(skb); 1390 } 1391 1392 static struct hci_cb sco_cb = { 1393 .name = "SCO", 1394 .connect_cfm = sco_connect_cfm, 1395 .disconn_cfm = sco_disconn_cfm, 1396 }; 1397 1398 static int sco_debugfs_show(struct seq_file *f, void *p) 1399 { 1400 struct sock *sk; 1401 1402 read_lock(&sco_sk_list.lock); 1403 1404 sk_for_each(sk, &sco_sk_list.head) { 1405 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1406 &sco_pi(sk)->dst, sk->sk_state); 1407 } 1408 1409 read_unlock(&sco_sk_list.lock); 1410 1411 return 0; 1412 } 1413 1414 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1415 1416 static struct dentry *sco_debugfs; 1417 1418 static const struct proto_ops sco_sock_ops = { 1419 .family = PF_BLUETOOTH, 1420 .owner = THIS_MODULE, 1421 .release = sco_sock_release, 1422 .bind = sco_sock_bind, 1423 .connect = sco_sock_connect, 1424 .listen = sco_sock_listen, 1425 .accept = sco_sock_accept, 1426 .getname = sco_sock_getname, 1427 .sendmsg = sco_sock_sendmsg, 1428 .recvmsg = sco_sock_recvmsg, 1429 .poll = bt_sock_poll, 1430 .ioctl = bt_sock_ioctl, 1431 .gettstamp = sock_gettstamp, 1432 .mmap = sock_no_mmap, 1433 .socketpair = sock_no_socketpair, 1434 .shutdown = sco_sock_shutdown, 1435 .setsockopt = sco_sock_setsockopt, 1436 .getsockopt = sco_sock_getsockopt 1437 }; 1438 1439 static const struct net_proto_family sco_sock_family_ops = { 1440 .family = PF_BLUETOOTH, 1441 .owner = THIS_MODULE, 1442 .create = sco_sock_create, 1443 }; 1444 1445 int __init sco_init(void) 1446 { 1447 int err; 1448 1449 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1450 1451 err = proto_register(&sco_proto, 0); 1452 if (err < 0) 1453 return err; 1454 1455 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1456 if (err < 0) { 1457 BT_ERR("SCO socket registration failed"); 1458 goto error; 1459 } 1460 1461 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1462 if (err < 0) { 1463 BT_ERR("Failed to create SCO proc file"); 1464 bt_sock_unregister(BTPROTO_SCO); 1465 goto error; 1466 } 1467 1468 BT_INFO("SCO socket layer initialized"); 1469 1470 hci_register_cb(&sco_cb); 1471 1472 if (IS_ERR_OR_NULL(bt_debugfs)) 1473 return 0; 1474 1475 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1476 NULL, &sco_debugfs_fops); 1477 1478 return 0; 1479 1480 error: 1481 proto_unregister(&sco_proto); 1482 return err; 1483 } 1484 1485 void sco_exit(void) 1486 { 1487 bt_procfs_cleanup(&init_net, "sco"); 1488 1489 debugfs_remove(sco_debugfs); 1490 1491 hci_unregister_cb(&sco_cb); 1492 1493 bt_sock_unregister(BTPROTO_SCO); 1494 1495 proto_unregister(&sco_proto); 1496 } 1497 1498 module_param(disable_esco, bool, 0644); 1499 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1500