1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 __u8 cmsg_mask; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_sock_timeout(struct work_struct *work) 81 { 82 struct sco_conn *conn = container_of(work, struct sco_conn, 83 timeout_work.work); 84 struct sock *sk; 85 86 sco_conn_lock(conn); 87 sk = conn->sk; 88 if (sk) 89 sock_hold(sk); 90 sco_conn_unlock(conn); 91 92 if (!sk) 93 return; 94 95 BT_DBG("sock %p state %d", sk, sk->sk_state); 96 97 lock_sock(sk); 98 sk->sk_err = ETIMEDOUT; 99 sk->sk_state_change(sk); 100 release_sock(sk); 101 sock_put(sk); 102 } 103 104 static void sco_sock_set_timer(struct sock *sk, long timeout) 105 { 106 if (!sco_pi(sk)->conn) 107 return; 108 109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 112 } 113 114 static void sco_sock_clear_timer(struct sock *sk) 115 { 116 if (!sco_pi(sk)->conn) 117 return; 118 119 BT_DBG("sock %p state %d", sk, sk->sk_state); 120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 121 } 122 123 /* ---- SCO connections ---- */ 124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 125 { 126 struct hci_dev *hdev = hcon->hdev; 127 struct sco_conn *conn = hcon->sco_data; 128 129 if (conn) { 130 if (!conn->hcon) 131 conn->hcon = hcon; 132 return conn; 133 } 134 135 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 136 if (!conn) 137 return NULL; 138 139 spin_lock_init(&conn->lock); 140 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 141 142 hcon->sco_data = conn; 143 conn->hcon = hcon; 144 145 if (hdev->sco_mtu > 0) 146 conn->mtu = hdev->sco_mtu; 147 else 148 conn->mtu = 60; 149 150 BT_DBG("hcon %p conn %p", hcon, conn); 151 152 return conn; 153 } 154 155 /* Delete channel. 156 * Must be called on the locked socket. */ 157 static void sco_chan_del(struct sock *sk, int err) 158 { 159 struct sco_conn *conn; 160 161 conn = sco_pi(sk)->conn; 162 163 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 164 165 if (conn) { 166 sco_conn_lock(conn); 167 conn->sk = NULL; 168 sco_pi(sk)->conn = NULL; 169 sco_conn_unlock(conn); 170 171 if (conn->hcon) 172 hci_conn_drop(conn->hcon); 173 } 174 175 sk->sk_state = BT_CLOSED; 176 sk->sk_err = err; 177 sk->sk_state_change(sk); 178 179 sock_set_flag(sk, SOCK_ZAPPED); 180 } 181 182 static void sco_conn_del(struct hci_conn *hcon, int err) 183 { 184 struct sco_conn *conn = hcon->sco_data; 185 struct sock *sk; 186 187 if (!conn) 188 return; 189 190 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 191 192 /* Kill socket */ 193 sco_conn_lock(conn); 194 sk = conn->sk; 195 if (sk) 196 sock_hold(sk); 197 sco_conn_unlock(conn); 198 199 if (sk) { 200 lock_sock(sk); 201 sco_sock_clear_timer(sk); 202 sco_chan_del(sk, err); 203 release_sock(sk); 204 sock_put(sk); 205 } 206 207 /* Ensure no more work items will run before freeing conn. */ 208 cancel_delayed_work_sync(&conn->timeout_work); 209 210 hcon->sco_data = NULL; 211 kfree(conn); 212 } 213 214 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 215 struct sock *parent) 216 { 217 BT_DBG("conn %p", conn); 218 219 sco_pi(sk)->conn = conn; 220 conn->sk = sk; 221 222 if (parent) 223 bt_accept_enqueue(parent, sk, true); 224 } 225 226 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 227 struct sock *parent) 228 { 229 int err = 0; 230 231 sco_conn_lock(conn); 232 if (conn->sk) 233 err = -EBUSY; 234 else 235 __sco_chan_add(conn, sk, parent); 236 237 sco_conn_unlock(conn); 238 return err; 239 } 240 241 static int sco_connect(struct sock *sk) 242 { 243 struct sco_conn *conn; 244 struct hci_conn *hcon; 245 struct hci_dev *hdev; 246 int err, type; 247 248 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 249 250 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 251 if (!hdev) 252 return -EHOSTUNREACH; 253 254 hci_dev_lock(hdev); 255 256 if (lmp_esco_capable(hdev) && !disable_esco) 257 type = ESCO_LINK; 258 else 259 type = SCO_LINK; 260 261 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 262 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 263 err = -EOPNOTSUPP; 264 goto unlock; 265 } 266 267 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 268 sco_pi(sk)->setting, &sco_pi(sk)->codec); 269 if (IS_ERR(hcon)) { 270 err = PTR_ERR(hcon); 271 goto unlock; 272 } 273 274 conn = sco_conn_add(hcon); 275 if (!conn) { 276 hci_conn_drop(hcon); 277 err = -ENOMEM; 278 goto unlock; 279 } 280 281 lock_sock(sk); 282 283 err = sco_chan_add(conn, sk, NULL); 284 if (err) { 285 release_sock(sk); 286 goto unlock; 287 } 288 289 /* Update source addr of the socket */ 290 bacpy(&sco_pi(sk)->src, &hcon->src); 291 292 if (hcon->state == BT_CONNECTED) { 293 sco_sock_clear_timer(sk); 294 sk->sk_state = BT_CONNECTED; 295 } else { 296 sk->sk_state = BT_CONNECT; 297 sco_sock_set_timer(sk, sk->sk_sndtimeo); 298 } 299 300 release_sock(sk); 301 302 unlock: 303 hci_dev_unlock(hdev); 304 hci_dev_put(hdev); 305 return err; 306 } 307 308 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 309 { 310 struct sco_conn *conn = sco_pi(sk)->conn; 311 int len = skb->len; 312 313 /* Check outgoing MTU */ 314 if (len > conn->mtu) 315 return -EINVAL; 316 317 BT_DBG("sk %p len %d", sk, len); 318 319 hci_send_sco(conn->hcon, skb); 320 321 return len; 322 } 323 324 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 325 { 326 struct sock *sk; 327 328 sco_conn_lock(conn); 329 sk = conn->sk; 330 sco_conn_unlock(conn); 331 332 if (!sk) 333 goto drop; 334 335 BT_DBG("sk %p len %u", sk, skb->len); 336 337 if (sk->sk_state != BT_CONNECTED) 338 goto drop; 339 340 if (!sock_queue_rcv_skb(sk, skb)) 341 return; 342 343 drop: 344 kfree_skb(skb); 345 } 346 347 /* -------- Socket interface ---------- */ 348 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 349 { 350 struct sock *sk; 351 352 sk_for_each(sk, &sco_sk_list.head) { 353 if (sk->sk_state != BT_LISTEN) 354 continue; 355 356 if (!bacmp(&sco_pi(sk)->src, ba)) 357 return sk; 358 } 359 360 return NULL; 361 } 362 363 /* Find socket listening on source bdaddr. 364 * Returns closest match. 365 */ 366 static struct sock *sco_get_sock_listen(bdaddr_t *src) 367 { 368 struct sock *sk = NULL, *sk1 = NULL; 369 370 read_lock(&sco_sk_list.lock); 371 372 sk_for_each(sk, &sco_sk_list.head) { 373 if (sk->sk_state != BT_LISTEN) 374 continue; 375 376 /* Exact match. */ 377 if (!bacmp(&sco_pi(sk)->src, src)) 378 break; 379 380 /* Closest match */ 381 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 382 sk1 = sk; 383 } 384 385 read_unlock(&sco_sk_list.lock); 386 387 return sk ? sk : sk1; 388 } 389 390 static void sco_sock_destruct(struct sock *sk) 391 { 392 BT_DBG("sk %p", sk); 393 394 skb_queue_purge(&sk->sk_receive_queue); 395 skb_queue_purge(&sk->sk_write_queue); 396 } 397 398 static void sco_sock_cleanup_listen(struct sock *parent) 399 { 400 struct sock *sk; 401 402 BT_DBG("parent %p", parent); 403 404 /* Close not yet accepted channels */ 405 while ((sk = bt_accept_dequeue(parent, NULL))) { 406 sco_sock_close(sk); 407 sco_sock_kill(sk); 408 } 409 410 parent->sk_state = BT_CLOSED; 411 sock_set_flag(parent, SOCK_ZAPPED); 412 } 413 414 /* Kill socket (only if zapped and orphan) 415 * Must be called on unlocked socket. 416 */ 417 static void sco_sock_kill(struct sock *sk) 418 { 419 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 420 return; 421 422 BT_DBG("sk %p state %d", sk, sk->sk_state); 423 424 /* Kill poor orphan */ 425 bt_sock_unlink(&sco_sk_list, sk); 426 sock_set_flag(sk, SOCK_DEAD); 427 sock_put(sk); 428 } 429 430 static void __sco_sock_close(struct sock *sk) 431 { 432 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 433 434 switch (sk->sk_state) { 435 case BT_LISTEN: 436 sco_sock_cleanup_listen(sk); 437 break; 438 439 case BT_CONNECTED: 440 case BT_CONFIG: 441 if (sco_pi(sk)->conn->hcon) { 442 sk->sk_state = BT_DISCONN; 443 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 444 sco_conn_lock(sco_pi(sk)->conn); 445 hci_conn_drop(sco_pi(sk)->conn->hcon); 446 sco_pi(sk)->conn->hcon = NULL; 447 sco_conn_unlock(sco_pi(sk)->conn); 448 } else 449 sco_chan_del(sk, ECONNRESET); 450 break; 451 452 case BT_CONNECT2: 453 case BT_CONNECT: 454 case BT_DISCONN: 455 sco_chan_del(sk, ECONNRESET); 456 break; 457 458 default: 459 sock_set_flag(sk, SOCK_ZAPPED); 460 break; 461 } 462 463 } 464 465 /* Must be called on unlocked socket. */ 466 static void sco_sock_close(struct sock *sk) 467 { 468 lock_sock(sk); 469 sco_sock_clear_timer(sk); 470 __sco_sock_close(sk); 471 release_sock(sk); 472 } 473 474 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, 475 struct sock *sk) 476 { 477 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) 478 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, 479 sizeof(bt_cb(skb)->sco.pkt_status), 480 &bt_cb(skb)->sco.pkt_status); 481 } 482 483 static void sco_sock_init(struct sock *sk, struct sock *parent) 484 { 485 BT_DBG("sk %p", sk); 486 487 if (parent) { 488 sk->sk_type = parent->sk_type; 489 bt_sk(sk)->flags = bt_sk(parent)->flags; 490 security_sk_clone(parent, sk); 491 } else { 492 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 493 } 494 } 495 496 static struct proto sco_proto = { 497 .name = "SCO", 498 .owner = THIS_MODULE, 499 .obj_size = sizeof(struct sco_pinfo) 500 }; 501 502 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 503 int proto, gfp_t prio, int kern) 504 { 505 struct sock *sk; 506 507 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 508 if (!sk) 509 return NULL; 510 511 sock_init_data(sock, sk); 512 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 513 514 sk->sk_destruct = sco_sock_destruct; 515 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 516 517 sock_reset_flag(sk, SOCK_ZAPPED); 518 519 sk->sk_protocol = proto; 520 sk->sk_state = BT_OPEN; 521 522 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 523 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 524 sco_pi(sk)->codec.cid = 0xffff; 525 sco_pi(sk)->codec.vid = 0xffff; 526 sco_pi(sk)->codec.data_path = 0x00; 527 528 bt_sock_link(&sco_sk_list, sk); 529 return sk; 530 } 531 532 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 533 int kern) 534 { 535 struct sock *sk; 536 537 BT_DBG("sock %p", sock); 538 539 sock->state = SS_UNCONNECTED; 540 541 if (sock->type != SOCK_SEQPACKET) 542 return -ESOCKTNOSUPPORT; 543 544 sock->ops = &sco_sock_ops; 545 546 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 547 if (!sk) 548 return -ENOMEM; 549 550 sco_sock_init(sk, NULL); 551 return 0; 552 } 553 554 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 555 int addr_len) 556 { 557 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 558 struct sock *sk = sock->sk; 559 int err = 0; 560 561 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 562 addr->sa_family != AF_BLUETOOTH) 563 return -EINVAL; 564 565 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 566 567 lock_sock(sk); 568 569 if (sk->sk_state != BT_OPEN) { 570 err = -EBADFD; 571 goto done; 572 } 573 574 if (sk->sk_type != SOCK_SEQPACKET) { 575 err = -EINVAL; 576 goto done; 577 } 578 579 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 580 581 sk->sk_state = BT_BOUND; 582 583 done: 584 release_sock(sk); 585 return err; 586 } 587 588 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 589 { 590 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 591 struct sock *sk = sock->sk; 592 int err; 593 594 BT_DBG("sk %p", sk); 595 596 if (alen < sizeof(struct sockaddr_sco) || 597 addr->sa_family != AF_BLUETOOTH) 598 return -EINVAL; 599 600 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 601 return -EBADFD; 602 603 if (sk->sk_type != SOCK_SEQPACKET) 604 err = -EINVAL; 605 606 lock_sock(sk); 607 /* Set destination address and psm */ 608 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 609 release_sock(sk); 610 611 err = sco_connect(sk); 612 if (err) 613 return err; 614 615 lock_sock(sk); 616 617 err = bt_sock_wait_state(sk, BT_CONNECTED, 618 sock_sndtimeo(sk, flags & O_NONBLOCK)); 619 620 release_sock(sk); 621 return err; 622 } 623 624 static int sco_sock_listen(struct socket *sock, int backlog) 625 { 626 struct sock *sk = sock->sk; 627 bdaddr_t *src = &sco_pi(sk)->src; 628 int err = 0; 629 630 BT_DBG("sk %p backlog %d", sk, backlog); 631 632 lock_sock(sk); 633 634 if (sk->sk_state != BT_BOUND) { 635 err = -EBADFD; 636 goto done; 637 } 638 639 if (sk->sk_type != SOCK_SEQPACKET) { 640 err = -EINVAL; 641 goto done; 642 } 643 644 write_lock(&sco_sk_list.lock); 645 646 if (__sco_get_sock_listen_by_addr(src)) { 647 err = -EADDRINUSE; 648 goto unlock; 649 } 650 651 sk->sk_max_ack_backlog = backlog; 652 sk->sk_ack_backlog = 0; 653 654 sk->sk_state = BT_LISTEN; 655 656 unlock: 657 write_unlock(&sco_sk_list.lock); 658 659 done: 660 release_sock(sk); 661 return err; 662 } 663 664 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 665 int flags, bool kern) 666 { 667 DEFINE_WAIT_FUNC(wait, woken_wake_function); 668 struct sock *sk = sock->sk, *ch; 669 long timeo; 670 int err = 0; 671 672 lock_sock(sk); 673 674 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 675 676 BT_DBG("sk %p timeo %ld", sk, timeo); 677 678 /* Wait for an incoming connection. (wake-one). */ 679 add_wait_queue_exclusive(sk_sleep(sk), &wait); 680 while (1) { 681 if (sk->sk_state != BT_LISTEN) { 682 err = -EBADFD; 683 break; 684 } 685 686 ch = bt_accept_dequeue(sk, newsock); 687 if (ch) 688 break; 689 690 if (!timeo) { 691 err = -EAGAIN; 692 break; 693 } 694 695 if (signal_pending(current)) { 696 err = sock_intr_errno(timeo); 697 break; 698 } 699 700 release_sock(sk); 701 702 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 703 lock_sock(sk); 704 } 705 remove_wait_queue(sk_sleep(sk), &wait); 706 707 if (err) 708 goto done; 709 710 newsock->state = SS_CONNECTED; 711 712 BT_DBG("new socket %p", ch); 713 714 done: 715 release_sock(sk); 716 return err; 717 } 718 719 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 720 int peer) 721 { 722 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 723 struct sock *sk = sock->sk; 724 725 BT_DBG("sock %p, sk %p", sock, sk); 726 727 addr->sa_family = AF_BLUETOOTH; 728 729 if (peer) 730 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 731 else 732 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 733 734 return sizeof(struct sockaddr_sco); 735 } 736 737 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 738 size_t len) 739 { 740 struct sock *sk = sock->sk; 741 struct sk_buff *skb; 742 int err; 743 744 BT_DBG("sock %p, sk %p", sock, sk); 745 746 err = sock_error(sk); 747 if (err) 748 return err; 749 750 if (msg->msg_flags & MSG_OOB) 751 return -EOPNOTSUPP; 752 753 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 754 if (IS_ERR(skb)) 755 return PTR_ERR(skb); 756 757 lock_sock(sk); 758 759 if (sk->sk_state == BT_CONNECTED) 760 err = sco_send_frame(sk, skb); 761 else 762 err = -ENOTCONN; 763 764 release_sock(sk); 765 766 if (err < 0) 767 kfree_skb(skb); 768 return err; 769 } 770 771 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 772 { 773 struct hci_dev *hdev = conn->hdev; 774 775 BT_DBG("conn %p", conn); 776 777 conn->state = BT_CONFIG; 778 779 if (!lmp_esco_capable(hdev)) { 780 struct hci_cp_accept_conn_req cp; 781 782 bacpy(&cp.bdaddr, &conn->dst); 783 cp.role = 0x00; /* Ignored */ 784 785 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 786 } else { 787 struct hci_cp_accept_sync_conn_req cp; 788 789 bacpy(&cp.bdaddr, &conn->dst); 790 cp.pkt_type = cpu_to_le16(conn->pkt_type); 791 792 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 793 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 794 cp.content_format = cpu_to_le16(setting); 795 796 switch (setting & SCO_AIRMODE_MASK) { 797 case SCO_AIRMODE_TRANSP: 798 if (conn->pkt_type & ESCO_2EV3) 799 cp.max_latency = cpu_to_le16(0x0008); 800 else 801 cp.max_latency = cpu_to_le16(0x000D); 802 cp.retrans_effort = 0x02; 803 break; 804 case SCO_AIRMODE_CVSD: 805 cp.max_latency = cpu_to_le16(0xffff); 806 cp.retrans_effort = 0xff; 807 break; 808 default: 809 /* use CVSD settings as fallback */ 810 cp.max_latency = cpu_to_le16(0xffff); 811 cp.retrans_effort = 0xff; 812 break; 813 } 814 815 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 816 sizeof(cp), &cp); 817 } 818 } 819 820 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 821 size_t len, int flags) 822 { 823 struct sock *sk = sock->sk; 824 struct sco_pinfo *pi = sco_pi(sk); 825 826 lock_sock(sk); 827 828 if (sk->sk_state == BT_CONNECT2 && 829 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 830 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 831 sk->sk_state = BT_CONFIG; 832 833 release_sock(sk); 834 return 0; 835 } 836 837 release_sock(sk); 838 839 return bt_sock_recvmsg(sock, msg, len, flags); 840 } 841 842 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 843 sockptr_t optval, unsigned int optlen) 844 { 845 struct sock *sk = sock->sk; 846 int len, err = 0; 847 struct bt_voice voice; 848 u32 opt; 849 struct bt_codecs *codecs; 850 struct hci_dev *hdev; 851 __u8 buffer[255]; 852 853 BT_DBG("sk %p", sk); 854 855 lock_sock(sk); 856 857 switch (optname) { 858 859 case BT_DEFER_SETUP: 860 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 861 err = -EINVAL; 862 break; 863 } 864 865 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 866 err = -EFAULT; 867 break; 868 } 869 870 if (opt) 871 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 872 else 873 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 874 break; 875 876 case BT_VOICE: 877 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 878 sk->sk_state != BT_CONNECT2) { 879 err = -EINVAL; 880 break; 881 } 882 883 voice.setting = sco_pi(sk)->setting; 884 885 len = min_t(unsigned int, sizeof(voice), optlen); 886 if (copy_from_sockptr(&voice, optval, len)) { 887 err = -EFAULT; 888 break; 889 } 890 891 /* Explicitly check for these values */ 892 if (voice.setting != BT_VOICE_TRANSPARENT && 893 voice.setting != BT_VOICE_CVSD_16BIT) { 894 err = -EINVAL; 895 break; 896 } 897 898 sco_pi(sk)->setting = voice.setting; 899 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 900 BDADDR_BREDR); 901 if (!hdev) { 902 err = -EBADFD; 903 break; 904 } 905 if (enhanced_sync_conn_capable(hdev) && 906 voice.setting == BT_VOICE_TRANSPARENT) 907 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 908 hci_dev_put(hdev); 909 break; 910 911 case BT_PKT_STATUS: 912 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 913 err = -EFAULT; 914 break; 915 } 916 917 if (opt) 918 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 919 else 920 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 921 break; 922 923 case BT_CODEC: 924 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 925 sk->sk_state != BT_CONNECT2) { 926 err = -EINVAL; 927 break; 928 } 929 930 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 931 BDADDR_BREDR); 932 if (!hdev) { 933 err = -EBADFD; 934 break; 935 } 936 937 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 938 hci_dev_put(hdev); 939 err = -EOPNOTSUPP; 940 break; 941 } 942 943 if (!hdev->get_data_path_id) { 944 hci_dev_put(hdev); 945 err = -EOPNOTSUPP; 946 break; 947 } 948 949 if (optlen < sizeof(struct bt_codecs) || 950 optlen > sizeof(buffer)) { 951 hci_dev_put(hdev); 952 err = -EINVAL; 953 break; 954 } 955 956 if (copy_from_sockptr(buffer, optval, optlen)) { 957 hci_dev_put(hdev); 958 err = -EFAULT; 959 break; 960 } 961 962 codecs = (void *)buffer; 963 964 if (codecs->num_codecs > 1) { 965 hci_dev_put(hdev); 966 err = -EINVAL; 967 break; 968 } 969 970 sco_pi(sk)->codec = codecs->codecs[0]; 971 hci_dev_put(hdev); 972 break; 973 974 default: 975 err = -ENOPROTOOPT; 976 break; 977 } 978 979 release_sock(sk); 980 return err; 981 } 982 983 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 984 char __user *optval, int __user *optlen) 985 { 986 struct sock *sk = sock->sk; 987 struct sco_options opts; 988 struct sco_conninfo cinfo; 989 int len, err = 0; 990 991 BT_DBG("sk %p", sk); 992 993 if (get_user(len, optlen)) 994 return -EFAULT; 995 996 lock_sock(sk); 997 998 switch (optname) { 999 case SCO_OPTIONS: 1000 if (sk->sk_state != BT_CONNECTED && 1001 !(sk->sk_state == BT_CONNECT2 && 1002 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1003 err = -ENOTCONN; 1004 break; 1005 } 1006 1007 opts.mtu = sco_pi(sk)->conn->mtu; 1008 1009 BT_DBG("mtu %u", opts.mtu); 1010 1011 len = min_t(unsigned int, len, sizeof(opts)); 1012 if (copy_to_user(optval, (char *)&opts, len)) 1013 err = -EFAULT; 1014 1015 break; 1016 1017 case SCO_CONNINFO: 1018 if (sk->sk_state != BT_CONNECTED && 1019 !(sk->sk_state == BT_CONNECT2 && 1020 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1021 err = -ENOTCONN; 1022 break; 1023 } 1024 1025 memset(&cinfo, 0, sizeof(cinfo)); 1026 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1027 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1028 1029 len = min_t(unsigned int, len, sizeof(cinfo)); 1030 if (copy_to_user(optval, (char *)&cinfo, len)) 1031 err = -EFAULT; 1032 1033 break; 1034 1035 default: 1036 err = -ENOPROTOOPT; 1037 break; 1038 } 1039 1040 release_sock(sk); 1041 return err; 1042 } 1043 1044 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1045 char __user *optval, int __user *optlen) 1046 { 1047 struct sock *sk = sock->sk; 1048 int len, err = 0; 1049 struct bt_voice voice; 1050 u32 phys; 1051 int pkt_status; 1052 int buf_len; 1053 struct codec_list *c; 1054 u8 num_codecs, i, __user *ptr; 1055 struct hci_dev *hdev; 1056 struct hci_codec_caps *caps; 1057 struct bt_codec codec; 1058 1059 BT_DBG("sk %p", sk); 1060 1061 if (level == SOL_SCO) 1062 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1063 1064 if (get_user(len, optlen)) 1065 return -EFAULT; 1066 1067 lock_sock(sk); 1068 1069 switch (optname) { 1070 1071 case BT_DEFER_SETUP: 1072 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1073 err = -EINVAL; 1074 break; 1075 } 1076 1077 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1078 (u32 __user *)optval)) 1079 err = -EFAULT; 1080 1081 break; 1082 1083 case BT_VOICE: 1084 voice.setting = sco_pi(sk)->setting; 1085 1086 len = min_t(unsigned int, len, sizeof(voice)); 1087 if (copy_to_user(optval, (char *)&voice, len)) 1088 err = -EFAULT; 1089 1090 break; 1091 1092 case BT_PHY: 1093 if (sk->sk_state != BT_CONNECTED) { 1094 err = -ENOTCONN; 1095 break; 1096 } 1097 1098 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1099 1100 if (put_user(phys, (u32 __user *) optval)) 1101 err = -EFAULT; 1102 break; 1103 1104 case BT_PKT_STATUS: 1105 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 1106 1107 if (put_user(pkt_status, (int __user *)optval)) 1108 err = -EFAULT; 1109 break; 1110 1111 case BT_SNDMTU: 1112 case BT_RCVMTU: 1113 if (sk->sk_state != BT_CONNECTED) { 1114 err = -ENOTCONN; 1115 break; 1116 } 1117 1118 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1119 err = -EFAULT; 1120 break; 1121 1122 case BT_CODEC: 1123 num_codecs = 0; 1124 buf_len = 0; 1125 1126 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1127 if (!hdev) { 1128 err = -EBADFD; 1129 break; 1130 } 1131 1132 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1133 hci_dev_put(hdev); 1134 err = -EOPNOTSUPP; 1135 break; 1136 } 1137 1138 if (!hdev->get_data_path_id) { 1139 hci_dev_put(hdev); 1140 err = -EOPNOTSUPP; 1141 break; 1142 } 1143 1144 release_sock(sk); 1145 1146 /* find total buffer size required to copy codec + caps */ 1147 hci_dev_lock(hdev); 1148 list_for_each_entry(c, &hdev->local_codecs, list) { 1149 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1150 continue; 1151 num_codecs++; 1152 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1153 buf_len += 1 + caps->len; 1154 caps = (void *)&caps->data[caps->len]; 1155 } 1156 buf_len += sizeof(struct bt_codec); 1157 } 1158 hci_dev_unlock(hdev); 1159 1160 buf_len += sizeof(struct bt_codecs); 1161 if (buf_len > len) { 1162 hci_dev_put(hdev); 1163 return -ENOBUFS; 1164 } 1165 ptr = optval; 1166 1167 if (put_user(num_codecs, ptr)) { 1168 hci_dev_put(hdev); 1169 return -EFAULT; 1170 } 1171 ptr += sizeof(num_codecs); 1172 1173 /* Iterate all the codecs supported over SCO and populate 1174 * codec data 1175 */ 1176 hci_dev_lock(hdev); 1177 list_for_each_entry(c, &hdev->local_codecs, list) { 1178 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1179 continue; 1180 1181 codec.id = c->id; 1182 codec.cid = c->cid; 1183 codec.vid = c->vid; 1184 err = hdev->get_data_path_id(hdev, &codec.data_path); 1185 if (err < 0) 1186 break; 1187 codec.num_caps = c->num_caps; 1188 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1189 err = -EFAULT; 1190 break; 1191 } 1192 ptr += sizeof(codec); 1193 1194 /* find codec capabilities data length */ 1195 len = 0; 1196 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1197 len += 1 + caps->len; 1198 caps = (void *)&caps->data[caps->len]; 1199 } 1200 1201 /* copy codec capabilities data */ 1202 if (len && copy_to_user(ptr, c->caps, len)) { 1203 err = -EFAULT; 1204 break; 1205 } 1206 ptr += len; 1207 } 1208 1209 hci_dev_unlock(hdev); 1210 hci_dev_put(hdev); 1211 1212 lock_sock(sk); 1213 1214 if (!err && put_user(buf_len, optlen)) 1215 err = -EFAULT; 1216 1217 break; 1218 1219 default: 1220 err = -ENOPROTOOPT; 1221 break; 1222 } 1223 1224 release_sock(sk); 1225 return err; 1226 } 1227 1228 static int sco_sock_shutdown(struct socket *sock, int how) 1229 { 1230 struct sock *sk = sock->sk; 1231 int err = 0; 1232 1233 BT_DBG("sock %p, sk %p", sock, sk); 1234 1235 if (!sk) 1236 return 0; 1237 1238 sock_hold(sk); 1239 lock_sock(sk); 1240 1241 if (!sk->sk_shutdown) { 1242 sk->sk_shutdown = SHUTDOWN_MASK; 1243 sco_sock_clear_timer(sk); 1244 __sco_sock_close(sk); 1245 1246 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1247 !(current->flags & PF_EXITING)) 1248 err = bt_sock_wait_state(sk, BT_CLOSED, 1249 sk->sk_lingertime); 1250 } 1251 1252 release_sock(sk); 1253 sock_put(sk); 1254 1255 return err; 1256 } 1257 1258 static int sco_sock_release(struct socket *sock) 1259 { 1260 struct sock *sk = sock->sk; 1261 int err = 0; 1262 1263 BT_DBG("sock %p, sk %p", sock, sk); 1264 1265 if (!sk) 1266 return 0; 1267 1268 sco_sock_close(sk); 1269 1270 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1271 !(current->flags & PF_EXITING)) { 1272 lock_sock(sk); 1273 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1274 release_sock(sk); 1275 } 1276 1277 sock_orphan(sk); 1278 sco_sock_kill(sk); 1279 return err; 1280 } 1281 1282 static void sco_conn_ready(struct sco_conn *conn) 1283 { 1284 struct sock *parent; 1285 struct sock *sk = conn->sk; 1286 1287 BT_DBG("conn %p", conn); 1288 1289 if (sk) { 1290 lock_sock(sk); 1291 sco_sock_clear_timer(sk); 1292 sk->sk_state = BT_CONNECTED; 1293 sk->sk_state_change(sk); 1294 release_sock(sk); 1295 } else { 1296 sco_conn_lock(conn); 1297 1298 if (!conn->hcon) { 1299 sco_conn_unlock(conn); 1300 return; 1301 } 1302 1303 parent = sco_get_sock_listen(&conn->hcon->src); 1304 if (!parent) { 1305 sco_conn_unlock(conn); 1306 return; 1307 } 1308 1309 lock_sock(parent); 1310 1311 sk = sco_sock_alloc(sock_net(parent), NULL, 1312 BTPROTO_SCO, GFP_ATOMIC, 0); 1313 if (!sk) { 1314 release_sock(parent); 1315 sco_conn_unlock(conn); 1316 return; 1317 } 1318 1319 sco_sock_init(sk, parent); 1320 1321 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1322 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1323 1324 hci_conn_hold(conn->hcon); 1325 __sco_chan_add(conn, sk, parent); 1326 1327 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1328 sk->sk_state = BT_CONNECT2; 1329 else 1330 sk->sk_state = BT_CONNECTED; 1331 1332 /* Wake up parent */ 1333 parent->sk_data_ready(parent); 1334 1335 release_sock(parent); 1336 1337 sco_conn_unlock(conn); 1338 } 1339 } 1340 1341 /* ----- SCO interface with lower layer (HCI) ----- */ 1342 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1343 { 1344 struct sock *sk; 1345 int lm = 0; 1346 1347 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1348 1349 /* Find listening sockets */ 1350 read_lock(&sco_sk_list.lock); 1351 sk_for_each(sk, &sco_sk_list.head) { 1352 if (sk->sk_state != BT_LISTEN) 1353 continue; 1354 1355 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1356 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1357 lm |= HCI_LM_ACCEPT; 1358 1359 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1360 *flags |= HCI_PROTO_DEFER; 1361 break; 1362 } 1363 } 1364 read_unlock(&sco_sk_list.lock); 1365 1366 return lm; 1367 } 1368 1369 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1370 { 1371 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1372 return; 1373 1374 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1375 1376 if (!status) { 1377 struct sco_conn *conn; 1378 1379 conn = sco_conn_add(hcon); 1380 if (conn) 1381 sco_conn_ready(conn); 1382 } else 1383 sco_conn_del(hcon, bt_to_errno(status)); 1384 } 1385 1386 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1387 { 1388 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1389 return; 1390 1391 BT_DBG("hcon %p reason %d", hcon, reason); 1392 1393 sco_conn_del(hcon, bt_to_errno(reason)); 1394 } 1395 1396 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1397 { 1398 struct sco_conn *conn = hcon->sco_data; 1399 1400 if (!conn) 1401 goto drop; 1402 1403 BT_DBG("conn %p len %u", conn, skb->len); 1404 1405 if (skb->len) { 1406 sco_recv_frame(conn, skb); 1407 return; 1408 } 1409 1410 drop: 1411 kfree_skb(skb); 1412 } 1413 1414 static struct hci_cb sco_cb = { 1415 .name = "SCO", 1416 .connect_cfm = sco_connect_cfm, 1417 .disconn_cfm = sco_disconn_cfm, 1418 }; 1419 1420 static int sco_debugfs_show(struct seq_file *f, void *p) 1421 { 1422 struct sock *sk; 1423 1424 read_lock(&sco_sk_list.lock); 1425 1426 sk_for_each(sk, &sco_sk_list.head) { 1427 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1428 &sco_pi(sk)->dst, sk->sk_state); 1429 } 1430 1431 read_unlock(&sco_sk_list.lock); 1432 1433 return 0; 1434 } 1435 1436 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1437 1438 static struct dentry *sco_debugfs; 1439 1440 static const struct proto_ops sco_sock_ops = { 1441 .family = PF_BLUETOOTH, 1442 .owner = THIS_MODULE, 1443 .release = sco_sock_release, 1444 .bind = sco_sock_bind, 1445 .connect = sco_sock_connect, 1446 .listen = sco_sock_listen, 1447 .accept = sco_sock_accept, 1448 .getname = sco_sock_getname, 1449 .sendmsg = sco_sock_sendmsg, 1450 .recvmsg = sco_sock_recvmsg, 1451 .poll = bt_sock_poll, 1452 .ioctl = bt_sock_ioctl, 1453 .gettstamp = sock_gettstamp, 1454 .mmap = sock_no_mmap, 1455 .socketpair = sock_no_socketpair, 1456 .shutdown = sco_sock_shutdown, 1457 .setsockopt = sco_sock_setsockopt, 1458 .getsockopt = sco_sock_getsockopt 1459 }; 1460 1461 static const struct net_proto_family sco_sock_family_ops = { 1462 .family = PF_BLUETOOTH, 1463 .owner = THIS_MODULE, 1464 .create = sco_sock_create, 1465 }; 1466 1467 int __init sco_init(void) 1468 { 1469 int err; 1470 1471 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1472 1473 err = proto_register(&sco_proto, 0); 1474 if (err < 0) 1475 return err; 1476 1477 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1478 if (err < 0) { 1479 BT_ERR("SCO socket registration failed"); 1480 goto error; 1481 } 1482 1483 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1484 if (err < 0) { 1485 BT_ERR("Failed to create SCO proc file"); 1486 bt_sock_unregister(BTPROTO_SCO); 1487 goto error; 1488 } 1489 1490 BT_INFO("SCO socket layer initialized"); 1491 1492 hci_register_cb(&sco_cb); 1493 1494 if (IS_ERR_OR_NULL(bt_debugfs)) 1495 return 0; 1496 1497 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1498 NULL, &sco_debugfs_fops); 1499 1500 return 0; 1501 1502 error: 1503 proto_unregister(&sco_proto); 1504 return err; 1505 } 1506 1507 void sco_exit(void) 1508 { 1509 bt_procfs_cleanup(&init_net, "sco"); 1510 1511 debugfs_remove(sco_debugfs); 1512 1513 hci_unregister_cb(&sco_cb); 1514 1515 bt_sock_unregister(BTPROTO_SCO); 1516 1517 proto_unregister(&sco_proto); 1518 } 1519 1520 module_param(disable_esco, bool, 0644); 1521 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1522