1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/poll.h> 35 #include <linux/fcntl.h> 36 #include <linux/init.h> 37 #include <linux/interrupt.h> 38 #include <linux/socket.h> 39 #include <linux/skbuff.h> 40 #include <linux/device.h> 41 #include <linux/debugfs.h> 42 #include <linux/seq_file.h> 43 #include <linux/list.h> 44 #include <net/sock.h> 45 46 #include <asm/system.h> 47 #include <linux/uaccess.h> 48 49 #include <net/bluetooth/bluetooth.h> 50 #include <net/bluetooth/hci_core.h> 51 #include <net/bluetooth/sco.h> 52 53 static int disable_esco; 54 55 static const struct proto_ops sco_sock_ops; 56 57 static struct bt_sock_list sco_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 59 }; 60 61 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent); 62 static void sco_chan_del(struct sock *sk, int err); 63 64 static int sco_conn_del(struct hci_conn *conn, int err); 65 66 static void sco_sock_close(struct sock *sk); 67 static void sco_sock_kill(struct sock *sk); 68 69 /* ---- SCO timers ---- */ 70 static void sco_sock_timeout(unsigned long arg) 71 { 72 struct sock *sk = (struct sock *) arg; 73 74 BT_DBG("sock %p state %d", sk, sk->sk_state); 75 76 bh_lock_sock(sk); 77 sk->sk_err = ETIMEDOUT; 78 sk->sk_state_change(sk); 79 bh_unlock_sock(sk); 80 81 sco_sock_kill(sk); 82 sock_put(sk); 83 } 84 85 static void sco_sock_set_timer(struct sock *sk, long timeout) 86 { 87 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 88 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 89 } 90 91 static void sco_sock_clear_timer(struct sock *sk) 92 { 93 BT_DBG("sock %p state %d", sk, sk->sk_state); 94 sk_stop_timer(sk, &sk->sk_timer); 95 } 96 97 /* ---- SCO connections ---- */ 98 static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status) 99 { 100 struct hci_dev *hdev = hcon->hdev; 101 struct sco_conn *conn = hcon->sco_data; 102 103 if (conn || status) 104 return conn; 105 106 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); 107 if (!conn) 108 return NULL; 109 110 spin_lock_init(&conn->lock); 111 112 hcon->sco_data = conn; 113 conn->hcon = hcon; 114 115 conn->src = &hdev->bdaddr; 116 conn->dst = &hcon->dst; 117 118 if (hdev->sco_mtu > 0) 119 conn->mtu = hdev->sco_mtu; 120 else 121 conn->mtu = 60; 122 123 BT_DBG("hcon %p conn %p", hcon, conn); 124 125 return conn; 126 } 127 128 static inline struct sock *sco_chan_get(struct sco_conn *conn) 129 { 130 struct sock *sk = NULL; 131 sco_conn_lock(conn); 132 sk = conn->sk; 133 sco_conn_unlock(conn); 134 return sk; 135 } 136 137 static int sco_conn_del(struct hci_conn *hcon, int err) 138 { 139 struct sco_conn *conn = hcon->sco_data; 140 struct sock *sk; 141 142 if (!conn) 143 return 0; 144 145 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 146 147 /* Kill socket */ 148 sk = sco_chan_get(conn); 149 if (sk) { 150 bh_lock_sock(sk); 151 sco_sock_clear_timer(sk); 152 sco_chan_del(sk, err); 153 bh_unlock_sock(sk); 154 sco_sock_kill(sk); 155 } 156 157 hcon->sco_data = NULL; 158 kfree(conn); 159 return 0; 160 } 161 162 static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 163 { 164 int err = 0; 165 166 sco_conn_lock(conn); 167 if (conn->sk) 168 err = -EBUSY; 169 else 170 __sco_chan_add(conn, sk, parent); 171 172 sco_conn_unlock(conn); 173 return err; 174 } 175 176 static int sco_connect(struct sock *sk) 177 { 178 bdaddr_t *src = &bt_sk(sk)->src; 179 bdaddr_t *dst = &bt_sk(sk)->dst; 180 struct sco_conn *conn; 181 struct hci_conn *hcon; 182 struct hci_dev *hdev; 183 int err, type; 184 185 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 186 187 hdev = hci_get_route(dst, src); 188 if (!hdev) 189 return -EHOSTUNREACH; 190 191 hci_dev_lock_bh(hdev); 192 193 if (lmp_esco_capable(hdev) && !disable_esco) 194 type = ESCO_LINK; 195 else 196 type = SCO_LINK; 197 198 hcon = hci_connect(hdev, type, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING); 199 if (IS_ERR(hcon)) { 200 err = PTR_ERR(hcon); 201 goto done; 202 } 203 204 conn = sco_conn_add(hcon, 0); 205 if (!conn) { 206 hci_conn_put(hcon); 207 err = -ENOMEM; 208 goto done; 209 } 210 211 /* Update source addr of the socket */ 212 bacpy(src, conn->src); 213 214 err = sco_chan_add(conn, sk, NULL); 215 if (err) 216 goto done; 217 218 if (hcon->state == BT_CONNECTED) { 219 sco_sock_clear_timer(sk); 220 sk->sk_state = BT_CONNECTED; 221 } else { 222 sk->sk_state = BT_CONNECT; 223 sco_sock_set_timer(sk, sk->sk_sndtimeo); 224 } 225 226 done: 227 hci_dev_unlock_bh(hdev); 228 hci_dev_put(hdev); 229 return err; 230 } 231 232 static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 233 { 234 struct sco_conn *conn = sco_pi(sk)->conn; 235 struct sk_buff *skb; 236 int err, count; 237 238 /* Check outgoing MTU */ 239 if (len > conn->mtu) 240 return -EINVAL; 241 242 BT_DBG("sk %p len %d", sk, len); 243 244 count = min_t(unsigned int, conn->mtu, len); 245 skb = bt_skb_send_alloc(sk, count, 246 msg->msg_flags & MSG_DONTWAIT, &err); 247 if (!skb) 248 return err; 249 250 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 251 kfree_skb(skb); 252 return -EFAULT; 253 } 254 255 hci_send_sco(conn->hcon, skb); 256 257 return count; 258 } 259 260 static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 261 { 262 struct sock *sk = sco_chan_get(conn); 263 264 if (!sk) 265 goto drop; 266 267 BT_DBG("sk %p len %d", sk, skb->len); 268 269 if (sk->sk_state != BT_CONNECTED) 270 goto drop; 271 272 if (!sock_queue_rcv_skb(sk, skb)) 273 return; 274 275 drop: 276 kfree_skb(skb); 277 } 278 279 /* -------- Socket interface ---------- */ 280 static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba) 281 { 282 struct sock *sk; 283 struct hlist_node *node; 284 285 sk_for_each(sk, node, &sco_sk_list.head) 286 if (!bacmp(&bt_sk(sk)->src, ba)) 287 goto found; 288 sk = NULL; 289 found: 290 return sk; 291 } 292 293 /* Find socket listening on source bdaddr. 294 * Returns closest match. 295 */ 296 static struct sock *sco_get_sock_listen(bdaddr_t *src) 297 { 298 struct sock *sk = NULL, *sk1 = NULL; 299 struct hlist_node *node; 300 301 read_lock(&sco_sk_list.lock); 302 303 sk_for_each(sk, node, &sco_sk_list.head) { 304 if (sk->sk_state != BT_LISTEN) 305 continue; 306 307 /* Exact match. */ 308 if (!bacmp(&bt_sk(sk)->src, src)) 309 break; 310 311 /* Closest match */ 312 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 313 sk1 = sk; 314 } 315 316 read_unlock(&sco_sk_list.lock); 317 318 return node ? sk : sk1; 319 } 320 321 static void sco_sock_destruct(struct sock *sk) 322 { 323 BT_DBG("sk %p", sk); 324 325 skb_queue_purge(&sk->sk_receive_queue); 326 skb_queue_purge(&sk->sk_write_queue); 327 } 328 329 static void sco_sock_cleanup_listen(struct sock *parent) 330 { 331 struct sock *sk; 332 333 BT_DBG("parent %p", parent); 334 335 /* Close not yet accepted channels */ 336 while ((sk = bt_accept_dequeue(parent, NULL))) { 337 sco_sock_close(sk); 338 sco_sock_kill(sk); 339 } 340 341 parent->sk_state = BT_CLOSED; 342 sock_set_flag(parent, SOCK_ZAPPED); 343 } 344 345 /* Kill socket (only if zapped and orphan) 346 * Must be called on unlocked socket. 347 */ 348 static void sco_sock_kill(struct sock *sk) 349 { 350 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 351 return; 352 353 BT_DBG("sk %p state %d", sk, sk->sk_state); 354 355 /* Kill poor orphan */ 356 bt_sock_unlink(&sco_sk_list, sk); 357 sock_set_flag(sk, SOCK_DEAD); 358 sock_put(sk); 359 } 360 361 static void __sco_sock_close(struct sock *sk) 362 { 363 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 364 365 switch (sk->sk_state) { 366 case BT_LISTEN: 367 sco_sock_cleanup_listen(sk); 368 break; 369 370 case BT_CONNECTED: 371 case BT_CONFIG: 372 if (sco_pi(sk)->conn) { 373 sk->sk_state = BT_DISCONN; 374 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 375 hci_conn_put(sco_pi(sk)->conn->hcon); 376 sco_pi(sk)->conn->hcon = NULL; 377 } else 378 sco_chan_del(sk, ECONNRESET); 379 break; 380 381 case BT_CONNECT: 382 case BT_DISCONN: 383 sco_chan_del(sk, ECONNRESET); 384 break; 385 386 default: 387 sock_set_flag(sk, SOCK_ZAPPED); 388 break; 389 } 390 } 391 392 /* Must be called on unlocked socket. */ 393 static void sco_sock_close(struct sock *sk) 394 { 395 sco_sock_clear_timer(sk); 396 lock_sock(sk); 397 __sco_sock_close(sk); 398 release_sock(sk); 399 sco_sock_kill(sk); 400 } 401 402 static void sco_sock_init(struct sock *sk, struct sock *parent) 403 { 404 BT_DBG("sk %p", sk); 405 406 if (parent) 407 sk->sk_type = parent->sk_type; 408 } 409 410 static struct proto sco_proto = { 411 .name = "SCO", 412 .owner = THIS_MODULE, 413 .obj_size = sizeof(struct sco_pinfo) 414 }; 415 416 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 417 { 418 struct sock *sk; 419 420 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto); 421 if (!sk) 422 return NULL; 423 424 sock_init_data(sock, sk); 425 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 426 427 sk->sk_destruct = sco_sock_destruct; 428 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 429 430 sock_reset_flag(sk, SOCK_ZAPPED); 431 432 sk->sk_protocol = proto; 433 sk->sk_state = BT_OPEN; 434 435 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 436 437 bt_sock_link(&sco_sk_list, sk); 438 return sk; 439 } 440 441 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 442 int kern) 443 { 444 struct sock *sk; 445 446 BT_DBG("sock %p", sock); 447 448 sock->state = SS_UNCONNECTED; 449 450 if (sock->type != SOCK_SEQPACKET) 451 return -ESOCKTNOSUPPORT; 452 453 sock->ops = &sco_sock_ops; 454 455 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 456 if (!sk) 457 return -ENOMEM; 458 459 sco_sock_init(sk, NULL); 460 return 0; 461 } 462 463 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 464 { 465 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 466 struct sock *sk = sock->sk; 467 bdaddr_t *src = &sa->sco_bdaddr; 468 int err = 0; 469 470 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr)); 471 472 if (!addr || addr->sa_family != AF_BLUETOOTH) 473 return -EINVAL; 474 475 lock_sock(sk); 476 477 if (sk->sk_state != BT_OPEN) { 478 err = -EBADFD; 479 goto done; 480 } 481 482 write_lock_bh(&sco_sk_list.lock); 483 484 if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) { 485 err = -EADDRINUSE; 486 } else { 487 /* Save source address */ 488 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr); 489 sk->sk_state = BT_BOUND; 490 } 491 492 write_unlock_bh(&sco_sk_list.lock); 493 494 done: 495 release_sock(sk); 496 return err; 497 } 498 499 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 500 { 501 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 502 struct sock *sk = sock->sk; 503 int err = 0; 504 505 506 BT_DBG("sk %p", sk); 507 508 if (alen < sizeof(struct sockaddr_sco) || 509 addr->sa_family != AF_BLUETOOTH) 510 return -EINVAL; 511 512 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 513 return -EBADFD; 514 515 if (sk->sk_type != SOCK_SEQPACKET) 516 return -EINVAL; 517 518 lock_sock(sk); 519 520 /* Set destination address and psm */ 521 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr); 522 523 err = sco_connect(sk); 524 if (err) 525 goto done; 526 527 err = bt_sock_wait_state(sk, BT_CONNECTED, 528 sock_sndtimeo(sk, flags & O_NONBLOCK)); 529 530 done: 531 release_sock(sk); 532 return err; 533 } 534 535 static int sco_sock_listen(struct socket *sock, int backlog) 536 { 537 struct sock *sk = sock->sk; 538 int err = 0; 539 540 BT_DBG("sk %p backlog %d", sk, backlog); 541 542 lock_sock(sk); 543 544 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) { 545 err = -EBADFD; 546 goto done; 547 } 548 549 sk->sk_max_ack_backlog = backlog; 550 sk->sk_ack_backlog = 0; 551 sk->sk_state = BT_LISTEN; 552 553 done: 554 release_sock(sk); 555 return err; 556 } 557 558 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 559 { 560 DECLARE_WAITQUEUE(wait, current); 561 struct sock *sk = sock->sk, *ch; 562 long timeo; 563 int err = 0; 564 565 lock_sock(sk); 566 567 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 568 569 BT_DBG("sk %p timeo %ld", sk, timeo); 570 571 /* Wait for an incoming connection. (wake-one). */ 572 add_wait_queue_exclusive(sk_sleep(sk), &wait); 573 while (1) { 574 set_current_state(TASK_INTERRUPTIBLE); 575 576 if (sk->sk_state != BT_LISTEN) { 577 err = -EBADFD; 578 break; 579 } 580 581 ch = bt_accept_dequeue(sk, newsock); 582 if (ch) 583 break; 584 585 if (!timeo) { 586 err = -EAGAIN; 587 break; 588 } 589 590 if (signal_pending(current)) { 591 err = sock_intr_errno(timeo); 592 break; 593 } 594 595 release_sock(sk); 596 timeo = schedule_timeout(timeo); 597 lock_sock(sk); 598 } 599 __set_current_state(TASK_RUNNING); 600 remove_wait_queue(sk_sleep(sk), &wait); 601 602 if (err) 603 goto done; 604 605 newsock->state = SS_CONNECTED; 606 607 BT_DBG("new socket %p", ch); 608 609 done: 610 release_sock(sk); 611 return err; 612 } 613 614 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 615 { 616 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 617 struct sock *sk = sock->sk; 618 619 BT_DBG("sock %p, sk %p", sock, sk); 620 621 addr->sa_family = AF_BLUETOOTH; 622 *len = sizeof(struct sockaddr_sco); 623 624 if (peer) 625 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst); 626 else 627 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src); 628 629 return 0; 630 } 631 632 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 633 struct msghdr *msg, size_t len) 634 { 635 struct sock *sk = sock->sk; 636 int err; 637 638 BT_DBG("sock %p, sk %p", sock, sk); 639 640 err = sock_error(sk); 641 if (err) 642 return err; 643 644 if (msg->msg_flags & MSG_OOB) 645 return -EOPNOTSUPP; 646 647 lock_sock(sk); 648 649 if (sk->sk_state == BT_CONNECTED) 650 err = sco_send_frame(sk, msg, len); 651 else 652 err = -ENOTCONN; 653 654 release_sock(sk); 655 return err; 656 } 657 658 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 659 { 660 struct sock *sk = sock->sk; 661 int err = 0; 662 663 BT_DBG("sk %p", sk); 664 665 lock_sock(sk); 666 667 switch (optname) { 668 default: 669 err = -ENOPROTOOPT; 670 break; 671 } 672 673 release_sock(sk); 674 return err; 675 } 676 677 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 678 { 679 struct sock *sk = sock->sk; 680 struct sco_options opts; 681 struct sco_conninfo cinfo; 682 int len, err = 0; 683 684 BT_DBG("sk %p", sk); 685 686 if (get_user(len, optlen)) 687 return -EFAULT; 688 689 lock_sock(sk); 690 691 switch (optname) { 692 case SCO_OPTIONS: 693 if (sk->sk_state != BT_CONNECTED) { 694 err = -ENOTCONN; 695 break; 696 } 697 698 opts.mtu = sco_pi(sk)->conn->mtu; 699 700 BT_DBG("mtu %d", opts.mtu); 701 702 len = min_t(unsigned int, len, sizeof(opts)); 703 if (copy_to_user(optval, (char *)&opts, len)) 704 err = -EFAULT; 705 706 break; 707 708 case SCO_CONNINFO: 709 if (sk->sk_state != BT_CONNECTED) { 710 err = -ENOTCONN; 711 break; 712 } 713 714 memset(&cinfo, 0, sizeof(cinfo)); 715 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 716 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 717 718 len = min_t(unsigned int, len, sizeof(cinfo)); 719 if (copy_to_user(optval, (char *)&cinfo, len)) 720 err = -EFAULT; 721 722 break; 723 724 default: 725 err = -ENOPROTOOPT; 726 break; 727 } 728 729 release_sock(sk); 730 return err; 731 } 732 733 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 734 { 735 struct sock *sk = sock->sk; 736 int len, err = 0; 737 738 BT_DBG("sk %p", sk); 739 740 if (level == SOL_SCO) 741 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 742 743 if (get_user(len, optlen)) 744 return -EFAULT; 745 746 lock_sock(sk); 747 748 switch (optname) { 749 default: 750 err = -ENOPROTOOPT; 751 break; 752 } 753 754 release_sock(sk); 755 return err; 756 } 757 758 static int sco_sock_shutdown(struct socket *sock, int how) 759 { 760 struct sock *sk = sock->sk; 761 int err = 0; 762 763 BT_DBG("sock %p, sk %p", sock, sk); 764 765 if (!sk) 766 return 0; 767 768 lock_sock(sk); 769 if (!sk->sk_shutdown) { 770 sk->sk_shutdown = SHUTDOWN_MASK; 771 sco_sock_clear_timer(sk); 772 __sco_sock_close(sk); 773 774 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 775 err = bt_sock_wait_state(sk, BT_CLOSED, 776 sk->sk_lingertime); 777 } 778 release_sock(sk); 779 return err; 780 } 781 782 static int sco_sock_release(struct socket *sock) 783 { 784 struct sock *sk = sock->sk; 785 int err = 0; 786 787 BT_DBG("sock %p, sk %p", sock, sk); 788 789 if (!sk) 790 return 0; 791 792 sco_sock_close(sk); 793 794 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) { 795 lock_sock(sk); 796 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 797 release_sock(sk); 798 } 799 800 sock_orphan(sk); 801 sco_sock_kill(sk); 802 return err; 803 } 804 805 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 806 { 807 BT_DBG("conn %p", conn); 808 809 sco_pi(sk)->conn = conn; 810 conn->sk = sk; 811 812 if (parent) 813 bt_accept_enqueue(parent, sk); 814 } 815 816 /* Delete channel. 817 * Must be called on the locked socket. */ 818 static void sco_chan_del(struct sock *sk, int err) 819 { 820 struct sco_conn *conn; 821 822 conn = sco_pi(sk)->conn; 823 824 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 825 826 if (conn) { 827 sco_conn_lock(conn); 828 conn->sk = NULL; 829 sco_pi(sk)->conn = NULL; 830 sco_conn_unlock(conn); 831 832 if (conn->hcon) 833 hci_conn_put(conn->hcon); 834 } 835 836 sk->sk_state = BT_CLOSED; 837 sk->sk_err = err; 838 sk->sk_state_change(sk); 839 840 sock_set_flag(sk, SOCK_ZAPPED); 841 } 842 843 static void sco_conn_ready(struct sco_conn *conn) 844 { 845 struct sock *parent; 846 struct sock *sk = conn->sk; 847 848 BT_DBG("conn %p", conn); 849 850 sco_conn_lock(conn); 851 852 if (sk) { 853 sco_sock_clear_timer(sk); 854 bh_lock_sock(sk); 855 sk->sk_state = BT_CONNECTED; 856 sk->sk_state_change(sk); 857 bh_unlock_sock(sk); 858 } else { 859 parent = sco_get_sock_listen(conn->src); 860 if (!parent) 861 goto done; 862 863 bh_lock_sock(parent); 864 865 sk = sco_sock_alloc(sock_net(parent), NULL, 866 BTPROTO_SCO, GFP_ATOMIC); 867 if (!sk) { 868 bh_unlock_sock(parent); 869 goto done; 870 } 871 872 sco_sock_init(sk, parent); 873 874 bacpy(&bt_sk(sk)->src, conn->src); 875 bacpy(&bt_sk(sk)->dst, conn->dst); 876 877 hci_conn_hold(conn->hcon); 878 __sco_chan_add(conn, sk, parent); 879 880 sk->sk_state = BT_CONNECTED; 881 882 /* Wake up parent */ 883 parent->sk_data_ready(parent, 1); 884 885 bh_unlock_sock(parent); 886 } 887 888 done: 889 sco_conn_unlock(conn); 890 } 891 892 /* ----- SCO interface with lower layer (HCI) ----- */ 893 static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) 894 { 895 register struct sock *sk; 896 struct hlist_node *node; 897 int lm = 0; 898 899 if (type != SCO_LINK && type != ESCO_LINK) 900 return -EINVAL; 901 902 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 903 904 /* Find listening sockets */ 905 read_lock(&sco_sk_list.lock); 906 sk_for_each(sk, node, &sco_sk_list.head) { 907 if (sk->sk_state != BT_LISTEN) 908 continue; 909 910 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || 911 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 912 lm |= HCI_LM_ACCEPT; 913 break; 914 } 915 } 916 read_unlock(&sco_sk_list.lock); 917 918 return lm; 919 } 920 921 static int sco_connect_cfm(struct hci_conn *hcon, __u8 status) 922 { 923 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 924 925 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 926 return -EINVAL; 927 928 if (!status) { 929 struct sco_conn *conn; 930 931 conn = sco_conn_add(hcon, status); 932 if (conn) 933 sco_conn_ready(conn); 934 } else 935 sco_conn_del(hcon, bt_to_errno(status)); 936 937 return 0; 938 } 939 940 static int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 941 { 942 BT_DBG("hcon %p reason %d", hcon, reason); 943 944 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 945 return -EINVAL; 946 947 sco_conn_del(hcon, bt_to_errno(reason)); 948 949 return 0; 950 } 951 952 static int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 953 { 954 struct sco_conn *conn = hcon->sco_data; 955 956 if (!conn) 957 goto drop; 958 959 BT_DBG("conn %p len %d", conn, skb->len); 960 961 if (skb->len) { 962 sco_recv_frame(conn, skb); 963 return 0; 964 } 965 966 drop: 967 kfree_skb(skb); 968 return 0; 969 } 970 971 static int sco_debugfs_show(struct seq_file *f, void *p) 972 { 973 struct sock *sk; 974 struct hlist_node *node; 975 976 read_lock_bh(&sco_sk_list.lock); 977 978 sk_for_each(sk, node, &sco_sk_list.head) { 979 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), 980 batostr(&bt_sk(sk)->dst), sk->sk_state); 981 } 982 983 read_unlock_bh(&sco_sk_list.lock); 984 985 return 0; 986 } 987 988 static int sco_debugfs_open(struct inode *inode, struct file *file) 989 { 990 return single_open(file, sco_debugfs_show, inode->i_private); 991 } 992 993 static const struct file_operations sco_debugfs_fops = { 994 .open = sco_debugfs_open, 995 .read = seq_read, 996 .llseek = seq_lseek, 997 .release = single_release, 998 }; 999 1000 static struct dentry *sco_debugfs; 1001 1002 static const struct proto_ops sco_sock_ops = { 1003 .family = PF_BLUETOOTH, 1004 .owner = THIS_MODULE, 1005 .release = sco_sock_release, 1006 .bind = sco_sock_bind, 1007 .connect = sco_sock_connect, 1008 .listen = sco_sock_listen, 1009 .accept = sco_sock_accept, 1010 .getname = sco_sock_getname, 1011 .sendmsg = sco_sock_sendmsg, 1012 .recvmsg = bt_sock_recvmsg, 1013 .poll = bt_sock_poll, 1014 .ioctl = bt_sock_ioctl, 1015 .mmap = sock_no_mmap, 1016 .socketpair = sock_no_socketpair, 1017 .shutdown = sco_sock_shutdown, 1018 .setsockopt = sco_sock_setsockopt, 1019 .getsockopt = sco_sock_getsockopt 1020 }; 1021 1022 static const struct net_proto_family sco_sock_family_ops = { 1023 .family = PF_BLUETOOTH, 1024 .owner = THIS_MODULE, 1025 .create = sco_sock_create, 1026 }; 1027 1028 static struct hci_proto sco_hci_proto = { 1029 .name = "SCO", 1030 .id = HCI_PROTO_SCO, 1031 .connect_ind = sco_connect_ind, 1032 .connect_cfm = sco_connect_cfm, 1033 .disconn_cfm = sco_disconn_cfm, 1034 .recv_scodata = sco_recv_scodata 1035 }; 1036 1037 int __init sco_init(void) 1038 { 1039 int err; 1040 1041 err = proto_register(&sco_proto, 0); 1042 if (err < 0) 1043 return err; 1044 1045 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1046 if (err < 0) { 1047 BT_ERR("SCO socket registration failed"); 1048 goto error; 1049 } 1050 1051 err = hci_register_proto(&sco_hci_proto); 1052 if (err < 0) { 1053 BT_ERR("SCO protocol registration failed"); 1054 bt_sock_unregister(BTPROTO_SCO); 1055 goto error; 1056 } 1057 1058 if (bt_debugfs) { 1059 sco_debugfs = debugfs_create_file("sco", 0444, 1060 bt_debugfs, NULL, &sco_debugfs_fops); 1061 if (!sco_debugfs) 1062 BT_ERR("Failed to create SCO debug file"); 1063 } 1064 1065 BT_INFO("SCO socket layer initialized"); 1066 1067 return 0; 1068 1069 error: 1070 proto_unregister(&sco_proto); 1071 return err; 1072 } 1073 1074 void __exit sco_exit(void) 1075 { 1076 debugfs_remove(sco_debugfs); 1077 1078 if (bt_sock_unregister(BTPROTO_SCO) < 0) 1079 BT_ERR("SCO socket unregistration failed"); 1080 1081 if (hci_unregister_proto(&sco_hci_proto) < 0) 1082 BT_ERR("SCO protocol unregistration failed"); 1083 1084 proto_unregister(&sco_proto); 1085 } 1086 1087 module_param(disable_esco, bool, 0644); 1088 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1089