1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/sco.h> 34 35 static bool disable_esco; 36 37 static const struct proto_ops sco_sock_ops; 38 39 static struct bt_sock_list sco_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 41 }; 42 43 /* ---- SCO connections ---- */ 44 struct sco_conn { 45 struct hci_conn *hcon; 46 47 spinlock_t lock; 48 struct sock *sk; 49 50 unsigned int mtu; 51 }; 52 53 #define sco_conn_lock(c) spin_lock(&c->lock); 54 #define sco_conn_unlock(c) spin_unlock(&c->lock); 55 56 static void sco_sock_close(struct sock *sk); 57 static void sco_sock_kill(struct sock *sk); 58 59 /* ----- SCO socket info ----- */ 60 #define sco_pi(sk) ((struct sco_pinfo *) sk) 61 62 struct sco_pinfo { 63 struct bt_sock bt; 64 bdaddr_t src; 65 bdaddr_t dst; 66 __u32 flags; 67 __u16 setting; 68 struct sco_conn *conn; 69 }; 70 71 /* ---- SCO timers ---- */ 72 #define SCO_CONN_TIMEOUT (HZ * 40) 73 #define SCO_DISCONN_TIMEOUT (HZ * 2) 74 75 static void sco_sock_timeout(unsigned long arg) 76 { 77 struct sock *sk = (struct sock *)arg; 78 79 BT_DBG("sock %p state %d", sk, sk->sk_state); 80 81 bh_lock_sock(sk); 82 sk->sk_err = ETIMEDOUT; 83 sk->sk_state_change(sk); 84 bh_unlock_sock(sk); 85 86 sco_sock_kill(sk); 87 sock_put(sk); 88 } 89 90 static void sco_sock_set_timer(struct sock *sk, long timeout) 91 { 92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 94 } 95 96 static void sco_sock_clear_timer(struct sock *sk) 97 { 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 sk_stop_timer(sk, &sk->sk_timer); 100 } 101 102 /* ---- SCO connections ---- */ 103 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 104 { 105 struct hci_dev *hdev = hcon->hdev; 106 struct sco_conn *conn = hcon->sco_data; 107 108 if (conn) 109 return conn; 110 111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 112 if (!conn) 113 return NULL; 114 115 spin_lock_init(&conn->lock); 116 117 hcon->sco_data = conn; 118 conn->hcon = hcon; 119 120 if (hdev->sco_mtu > 0) 121 conn->mtu = hdev->sco_mtu; 122 else 123 conn->mtu = 60; 124 125 BT_DBG("hcon %p conn %p", hcon, conn); 126 127 return conn; 128 } 129 130 /* Delete channel. 131 * Must be called on the locked socket. */ 132 static void sco_chan_del(struct sock *sk, int err) 133 { 134 struct sco_conn *conn; 135 136 conn = sco_pi(sk)->conn; 137 138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 139 140 if (conn) { 141 sco_conn_lock(conn); 142 conn->sk = NULL; 143 sco_pi(sk)->conn = NULL; 144 sco_conn_unlock(conn); 145 146 if (conn->hcon) 147 hci_conn_drop(conn->hcon); 148 } 149 150 sk->sk_state = BT_CLOSED; 151 sk->sk_err = err; 152 sk->sk_state_change(sk); 153 154 sock_set_flag(sk, SOCK_ZAPPED); 155 } 156 157 static void sco_conn_del(struct hci_conn *hcon, int err) 158 { 159 struct sco_conn *conn = hcon->sco_data; 160 struct sock *sk; 161 162 if (!conn) 163 return; 164 165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 166 167 /* Kill socket */ 168 sco_conn_lock(conn); 169 sk = conn->sk; 170 sco_conn_unlock(conn); 171 172 if (sk) { 173 sock_hold(sk); 174 bh_lock_sock(sk); 175 sco_sock_clear_timer(sk); 176 sco_chan_del(sk, err); 177 bh_unlock_sock(sk); 178 sco_sock_kill(sk); 179 sock_put(sk); 180 } 181 182 hcon->sco_data = NULL; 183 kfree(conn); 184 } 185 186 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 187 struct sock *parent) 188 { 189 BT_DBG("conn %p", conn); 190 191 sco_pi(sk)->conn = conn; 192 conn->sk = sk; 193 194 if (parent) 195 bt_accept_enqueue(parent, sk); 196 } 197 198 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 199 struct sock *parent) 200 { 201 int err = 0; 202 203 sco_conn_lock(conn); 204 if (conn->sk) 205 err = -EBUSY; 206 else 207 __sco_chan_add(conn, sk, parent); 208 209 sco_conn_unlock(conn); 210 return err; 211 } 212 213 static int sco_connect(struct sock *sk) 214 { 215 struct sco_conn *conn; 216 struct hci_conn *hcon; 217 struct hci_dev *hdev; 218 int err, type; 219 220 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 221 222 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src); 223 if (!hdev) 224 return -EHOSTUNREACH; 225 226 hci_dev_lock(hdev); 227 228 if (lmp_esco_capable(hdev) && !disable_esco) 229 type = ESCO_LINK; 230 else 231 type = SCO_LINK; 232 233 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 234 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 235 err = -EOPNOTSUPP; 236 goto done; 237 } 238 239 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 240 sco_pi(sk)->setting); 241 if (IS_ERR(hcon)) { 242 err = PTR_ERR(hcon); 243 goto done; 244 } 245 246 conn = sco_conn_add(hcon); 247 if (!conn) { 248 hci_conn_drop(hcon); 249 err = -ENOMEM; 250 goto done; 251 } 252 253 /* Update source addr of the socket */ 254 bacpy(&sco_pi(sk)->src, &hcon->src); 255 256 err = sco_chan_add(conn, sk, NULL); 257 if (err) 258 goto done; 259 260 if (hcon->state == BT_CONNECTED) { 261 sco_sock_clear_timer(sk); 262 sk->sk_state = BT_CONNECTED; 263 } else { 264 sk->sk_state = BT_CONNECT; 265 sco_sock_set_timer(sk, sk->sk_sndtimeo); 266 } 267 268 done: 269 hci_dev_unlock(hdev); 270 hci_dev_put(hdev); 271 return err; 272 } 273 274 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 275 { 276 struct sco_conn *conn = sco_pi(sk)->conn; 277 struct sk_buff *skb; 278 int err; 279 280 /* Check outgoing MTU */ 281 if (len > conn->mtu) 282 return -EINVAL; 283 284 BT_DBG("sk %p len %d", sk, len); 285 286 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); 287 if (!skb) 288 return err; 289 290 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 291 kfree_skb(skb); 292 return -EFAULT; 293 } 294 295 hci_send_sco(conn->hcon, skb); 296 297 return len; 298 } 299 300 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 301 { 302 struct sock *sk; 303 304 sco_conn_lock(conn); 305 sk = conn->sk; 306 sco_conn_unlock(conn); 307 308 if (!sk) 309 goto drop; 310 311 BT_DBG("sk %p len %d", sk, skb->len); 312 313 if (sk->sk_state != BT_CONNECTED) 314 goto drop; 315 316 if (!sock_queue_rcv_skb(sk, skb)) 317 return; 318 319 drop: 320 kfree_skb(skb); 321 } 322 323 /* -------- Socket interface ---------- */ 324 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 325 { 326 struct sock *sk; 327 328 sk_for_each(sk, &sco_sk_list.head) { 329 if (sk->sk_state != BT_LISTEN) 330 continue; 331 332 if (!bacmp(&sco_pi(sk)->src, ba)) 333 return sk; 334 } 335 336 return NULL; 337 } 338 339 /* Find socket listening on source bdaddr. 340 * Returns closest match. 341 */ 342 static struct sock *sco_get_sock_listen(bdaddr_t *src) 343 { 344 struct sock *sk = NULL, *sk1 = NULL; 345 346 read_lock(&sco_sk_list.lock); 347 348 sk_for_each(sk, &sco_sk_list.head) { 349 if (sk->sk_state != BT_LISTEN) 350 continue; 351 352 /* Exact match. */ 353 if (!bacmp(&sco_pi(sk)->src, src)) 354 break; 355 356 /* Closest match */ 357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 358 sk1 = sk; 359 } 360 361 read_unlock(&sco_sk_list.lock); 362 363 return sk ? sk : sk1; 364 } 365 366 static void sco_sock_destruct(struct sock *sk) 367 { 368 BT_DBG("sk %p", sk); 369 370 skb_queue_purge(&sk->sk_receive_queue); 371 skb_queue_purge(&sk->sk_write_queue); 372 } 373 374 static void sco_sock_cleanup_listen(struct sock *parent) 375 { 376 struct sock *sk; 377 378 BT_DBG("parent %p", parent); 379 380 /* Close not yet accepted channels */ 381 while ((sk = bt_accept_dequeue(parent, NULL))) { 382 sco_sock_close(sk); 383 sco_sock_kill(sk); 384 } 385 386 parent->sk_state = BT_CLOSED; 387 sock_set_flag(parent, SOCK_ZAPPED); 388 } 389 390 /* Kill socket (only if zapped and orphan) 391 * Must be called on unlocked socket. 392 */ 393 static void sco_sock_kill(struct sock *sk) 394 { 395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 396 return; 397 398 BT_DBG("sk %p state %d", sk, sk->sk_state); 399 400 /* Kill poor orphan */ 401 bt_sock_unlink(&sco_sk_list, sk); 402 sock_set_flag(sk, SOCK_DEAD); 403 sock_put(sk); 404 } 405 406 static void __sco_sock_close(struct sock *sk) 407 { 408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 409 410 switch (sk->sk_state) { 411 case BT_LISTEN: 412 sco_sock_cleanup_listen(sk); 413 break; 414 415 case BT_CONNECTED: 416 case BT_CONFIG: 417 if (sco_pi(sk)->conn->hcon) { 418 sk->sk_state = BT_DISCONN; 419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 420 sco_conn_lock(sco_pi(sk)->conn); 421 hci_conn_drop(sco_pi(sk)->conn->hcon); 422 sco_pi(sk)->conn->hcon = NULL; 423 sco_conn_unlock(sco_pi(sk)->conn); 424 } else 425 sco_chan_del(sk, ECONNRESET); 426 break; 427 428 case BT_CONNECT2: 429 case BT_CONNECT: 430 case BT_DISCONN: 431 sco_chan_del(sk, ECONNRESET); 432 break; 433 434 default: 435 sock_set_flag(sk, SOCK_ZAPPED); 436 break; 437 } 438 } 439 440 /* Must be called on unlocked socket. */ 441 static void sco_sock_close(struct sock *sk) 442 { 443 sco_sock_clear_timer(sk); 444 lock_sock(sk); 445 __sco_sock_close(sk); 446 release_sock(sk); 447 sco_sock_kill(sk); 448 } 449 450 static void sco_sock_init(struct sock *sk, struct sock *parent) 451 { 452 BT_DBG("sk %p", sk); 453 454 if (parent) { 455 sk->sk_type = parent->sk_type; 456 bt_sk(sk)->flags = bt_sk(parent)->flags; 457 security_sk_clone(parent, sk); 458 } 459 } 460 461 static struct proto sco_proto = { 462 .name = "SCO", 463 .owner = THIS_MODULE, 464 .obj_size = sizeof(struct sco_pinfo) 465 }; 466 467 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 468 int proto, gfp_t prio, int kern) 469 { 470 struct sock *sk; 471 472 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 473 if (!sk) 474 return NULL; 475 476 sock_init_data(sock, sk); 477 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 478 479 sk->sk_destruct = sco_sock_destruct; 480 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 481 482 sock_reset_flag(sk, SOCK_ZAPPED); 483 484 sk->sk_protocol = proto; 485 sk->sk_state = BT_OPEN; 486 487 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 488 489 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 490 491 bt_sock_link(&sco_sk_list, sk); 492 return sk; 493 } 494 495 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 496 int kern) 497 { 498 struct sock *sk; 499 500 BT_DBG("sock %p", sock); 501 502 sock->state = SS_UNCONNECTED; 503 504 if (sock->type != SOCK_SEQPACKET) 505 return -ESOCKTNOSUPPORT; 506 507 sock->ops = &sco_sock_ops; 508 509 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 510 if (!sk) 511 return -ENOMEM; 512 513 sco_sock_init(sk, NULL); 514 return 0; 515 } 516 517 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 518 int addr_len) 519 { 520 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 521 struct sock *sk = sock->sk; 522 int err = 0; 523 524 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 525 526 if (!addr || addr->sa_family != AF_BLUETOOTH) 527 return -EINVAL; 528 529 lock_sock(sk); 530 531 if (sk->sk_state != BT_OPEN) { 532 err = -EBADFD; 533 goto done; 534 } 535 536 if (sk->sk_type != SOCK_SEQPACKET) { 537 err = -EINVAL; 538 goto done; 539 } 540 541 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 542 543 sk->sk_state = BT_BOUND; 544 545 done: 546 release_sock(sk); 547 return err; 548 } 549 550 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 551 { 552 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 553 struct sock *sk = sock->sk; 554 int err; 555 556 BT_DBG("sk %p", sk); 557 558 if (alen < sizeof(struct sockaddr_sco) || 559 addr->sa_family != AF_BLUETOOTH) 560 return -EINVAL; 561 562 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 563 return -EBADFD; 564 565 if (sk->sk_type != SOCK_SEQPACKET) 566 return -EINVAL; 567 568 lock_sock(sk); 569 570 /* Set destination address and psm */ 571 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 572 573 err = sco_connect(sk); 574 if (err) 575 goto done; 576 577 err = bt_sock_wait_state(sk, BT_CONNECTED, 578 sock_sndtimeo(sk, flags & O_NONBLOCK)); 579 580 done: 581 release_sock(sk); 582 return err; 583 } 584 585 static int sco_sock_listen(struct socket *sock, int backlog) 586 { 587 struct sock *sk = sock->sk; 588 bdaddr_t *src = &sco_pi(sk)->src; 589 int err = 0; 590 591 BT_DBG("sk %p backlog %d", sk, backlog); 592 593 lock_sock(sk); 594 595 if (sk->sk_state != BT_BOUND) { 596 err = -EBADFD; 597 goto done; 598 } 599 600 if (sk->sk_type != SOCK_SEQPACKET) { 601 err = -EINVAL; 602 goto done; 603 } 604 605 write_lock(&sco_sk_list.lock); 606 607 if (__sco_get_sock_listen_by_addr(src)) { 608 err = -EADDRINUSE; 609 goto unlock; 610 } 611 612 sk->sk_max_ack_backlog = backlog; 613 sk->sk_ack_backlog = 0; 614 615 sk->sk_state = BT_LISTEN; 616 617 unlock: 618 write_unlock(&sco_sk_list.lock); 619 620 done: 621 release_sock(sk); 622 return err; 623 } 624 625 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 626 int flags) 627 { 628 DEFINE_WAIT_FUNC(wait, woken_wake_function); 629 struct sock *sk = sock->sk, *ch; 630 long timeo; 631 int err = 0; 632 633 lock_sock(sk); 634 635 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 636 637 BT_DBG("sk %p timeo %ld", sk, timeo); 638 639 /* Wait for an incoming connection. (wake-one). */ 640 add_wait_queue_exclusive(sk_sleep(sk), &wait); 641 while (1) { 642 if (sk->sk_state != BT_LISTEN) { 643 err = -EBADFD; 644 break; 645 } 646 647 ch = bt_accept_dequeue(sk, newsock); 648 if (ch) 649 break; 650 651 if (!timeo) { 652 err = -EAGAIN; 653 break; 654 } 655 656 if (signal_pending(current)) { 657 err = sock_intr_errno(timeo); 658 break; 659 } 660 661 release_sock(sk); 662 663 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 664 lock_sock(sk); 665 } 666 remove_wait_queue(sk_sleep(sk), &wait); 667 668 if (err) 669 goto done; 670 671 newsock->state = SS_CONNECTED; 672 673 BT_DBG("new socket %p", ch); 674 675 done: 676 release_sock(sk); 677 return err; 678 } 679 680 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 681 int *len, int peer) 682 { 683 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 684 struct sock *sk = sock->sk; 685 686 BT_DBG("sock %p, sk %p", sock, sk); 687 688 addr->sa_family = AF_BLUETOOTH; 689 *len = sizeof(struct sockaddr_sco); 690 691 if (peer) 692 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 693 else 694 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 695 696 return 0; 697 } 698 699 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 700 size_t len) 701 { 702 struct sock *sk = sock->sk; 703 int err; 704 705 BT_DBG("sock %p, sk %p", sock, sk); 706 707 err = sock_error(sk); 708 if (err) 709 return err; 710 711 if (msg->msg_flags & MSG_OOB) 712 return -EOPNOTSUPP; 713 714 lock_sock(sk); 715 716 if (sk->sk_state == BT_CONNECTED) 717 err = sco_send_frame(sk, msg, len); 718 else 719 err = -ENOTCONN; 720 721 release_sock(sk); 722 return err; 723 } 724 725 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 726 { 727 struct hci_dev *hdev = conn->hdev; 728 729 BT_DBG("conn %p", conn); 730 731 conn->state = BT_CONFIG; 732 733 if (!lmp_esco_capable(hdev)) { 734 struct hci_cp_accept_conn_req cp; 735 736 bacpy(&cp.bdaddr, &conn->dst); 737 cp.role = 0x00; /* Ignored */ 738 739 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 740 } else { 741 struct hci_cp_accept_sync_conn_req cp; 742 743 bacpy(&cp.bdaddr, &conn->dst); 744 cp.pkt_type = cpu_to_le16(conn->pkt_type); 745 746 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 747 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 748 cp.content_format = cpu_to_le16(setting); 749 750 switch (setting & SCO_AIRMODE_MASK) { 751 case SCO_AIRMODE_TRANSP: 752 if (conn->pkt_type & ESCO_2EV3) 753 cp.max_latency = cpu_to_le16(0x0008); 754 else 755 cp.max_latency = cpu_to_le16(0x000D); 756 cp.retrans_effort = 0x02; 757 break; 758 case SCO_AIRMODE_CVSD: 759 cp.max_latency = cpu_to_le16(0xffff); 760 cp.retrans_effort = 0xff; 761 break; 762 } 763 764 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 765 sizeof(cp), &cp); 766 } 767 } 768 769 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 770 size_t len, int flags) 771 { 772 struct sock *sk = sock->sk; 773 struct sco_pinfo *pi = sco_pi(sk); 774 775 lock_sock(sk); 776 777 if (sk->sk_state == BT_CONNECT2 && 778 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 779 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 780 sk->sk_state = BT_CONFIG; 781 782 release_sock(sk); 783 return 0; 784 } 785 786 release_sock(sk); 787 788 return bt_sock_recvmsg(sock, msg, len, flags); 789 } 790 791 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 792 char __user *optval, unsigned int optlen) 793 { 794 struct sock *sk = sock->sk; 795 int len, err = 0; 796 struct bt_voice voice; 797 u32 opt; 798 799 BT_DBG("sk %p", sk); 800 801 lock_sock(sk); 802 803 switch (optname) { 804 805 case BT_DEFER_SETUP: 806 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 807 err = -EINVAL; 808 break; 809 } 810 811 if (get_user(opt, (u32 __user *) optval)) { 812 err = -EFAULT; 813 break; 814 } 815 816 if (opt) 817 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 818 else 819 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 820 break; 821 822 case BT_VOICE: 823 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 824 sk->sk_state != BT_CONNECT2) { 825 err = -EINVAL; 826 break; 827 } 828 829 voice.setting = sco_pi(sk)->setting; 830 831 len = min_t(unsigned int, sizeof(voice), optlen); 832 if (copy_from_user((char *)&voice, optval, len)) { 833 err = -EFAULT; 834 break; 835 } 836 837 /* Explicitly check for these values */ 838 if (voice.setting != BT_VOICE_TRANSPARENT && 839 voice.setting != BT_VOICE_CVSD_16BIT) { 840 err = -EINVAL; 841 break; 842 } 843 844 sco_pi(sk)->setting = voice.setting; 845 break; 846 847 default: 848 err = -ENOPROTOOPT; 849 break; 850 } 851 852 release_sock(sk); 853 return err; 854 } 855 856 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 857 char __user *optval, int __user *optlen) 858 { 859 struct sock *sk = sock->sk; 860 struct sco_options opts; 861 struct sco_conninfo cinfo; 862 int len, err = 0; 863 864 BT_DBG("sk %p", sk); 865 866 if (get_user(len, optlen)) 867 return -EFAULT; 868 869 lock_sock(sk); 870 871 switch (optname) { 872 case SCO_OPTIONS: 873 if (sk->sk_state != BT_CONNECTED && 874 !(sk->sk_state == BT_CONNECT2 && 875 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 876 err = -ENOTCONN; 877 break; 878 } 879 880 opts.mtu = sco_pi(sk)->conn->mtu; 881 882 BT_DBG("mtu %d", opts.mtu); 883 884 len = min_t(unsigned int, len, sizeof(opts)); 885 if (copy_to_user(optval, (char *)&opts, len)) 886 err = -EFAULT; 887 888 break; 889 890 case SCO_CONNINFO: 891 if (sk->sk_state != BT_CONNECTED && 892 !(sk->sk_state == BT_CONNECT2 && 893 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 894 err = -ENOTCONN; 895 break; 896 } 897 898 memset(&cinfo, 0, sizeof(cinfo)); 899 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 900 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 901 902 len = min_t(unsigned int, len, sizeof(cinfo)); 903 if (copy_to_user(optval, (char *)&cinfo, len)) 904 err = -EFAULT; 905 906 break; 907 908 default: 909 err = -ENOPROTOOPT; 910 break; 911 } 912 913 release_sock(sk); 914 return err; 915 } 916 917 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 918 char __user *optval, int __user *optlen) 919 { 920 struct sock *sk = sock->sk; 921 int len, err = 0; 922 struct bt_voice voice; 923 924 BT_DBG("sk %p", sk); 925 926 if (level == SOL_SCO) 927 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 928 929 if (get_user(len, optlen)) 930 return -EFAULT; 931 932 lock_sock(sk); 933 934 switch (optname) { 935 936 case BT_DEFER_SETUP: 937 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 938 err = -EINVAL; 939 break; 940 } 941 942 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 943 (u32 __user *)optval)) 944 err = -EFAULT; 945 946 break; 947 948 case BT_VOICE: 949 voice.setting = sco_pi(sk)->setting; 950 951 len = min_t(unsigned int, len, sizeof(voice)); 952 if (copy_to_user(optval, (char *)&voice, len)) 953 err = -EFAULT; 954 955 break; 956 957 default: 958 err = -ENOPROTOOPT; 959 break; 960 } 961 962 release_sock(sk); 963 return err; 964 } 965 966 static int sco_sock_shutdown(struct socket *sock, int how) 967 { 968 struct sock *sk = sock->sk; 969 int err = 0; 970 971 BT_DBG("sock %p, sk %p", sock, sk); 972 973 if (!sk) 974 return 0; 975 976 sock_hold(sk); 977 lock_sock(sk); 978 979 if (!sk->sk_shutdown) { 980 sk->sk_shutdown = SHUTDOWN_MASK; 981 sco_sock_clear_timer(sk); 982 __sco_sock_close(sk); 983 984 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 985 !(current->flags & PF_EXITING)) 986 err = bt_sock_wait_state(sk, BT_CLOSED, 987 sk->sk_lingertime); 988 } 989 990 release_sock(sk); 991 sock_put(sk); 992 993 return err; 994 } 995 996 static int sco_sock_release(struct socket *sock) 997 { 998 struct sock *sk = sock->sk; 999 int err = 0; 1000 1001 BT_DBG("sock %p, sk %p", sock, sk); 1002 1003 if (!sk) 1004 return 0; 1005 1006 sco_sock_close(sk); 1007 1008 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1009 !(current->flags & PF_EXITING)) { 1010 lock_sock(sk); 1011 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1012 release_sock(sk); 1013 } 1014 1015 sock_orphan(sk); 1016 sco_sock_kill(sk); 1017 return err; 1018 } 1019 1020 static void sco_conn_ready(struct sco_conn *conn) 1021 { 1022 struct sock *parent; 1023 struct sock *sk = conn->sk; 1024 1025 BT_DBG("conn %p", conn); 1026 1027 if (sk) { 1028 sco_sock_clear_timer(sk); 1029 bh_lock_sock(sk); 1030 sk->sk_state = BT_CONNECTED; 1031 sk->sk_state_change(sk); 1032 bh_unlock_sock(sk); 1033 } else { 1034 sco_conn_lock(conn); 1035 1036 if (!conn->hcon) { 1037 sco_conn_unlock(conn); 1038 return; 1039 } 1040 1041 parent = sco_get_sock_listen(&conn->hcon->src); 1042 if (!parent) { 1043 sco_conn_unlock(conn); 1044 return; 1045 } 1046 1047 bh_lock_sock(parent); 1048 1049 sk = sco_sock_alloc(sock_net(parent), NULL, 1050 BTPROTO_SCO, GFP_ATOMIC, 0); 1051 if (!sk) { 1052 bh_unlock_sock(parent); 1053 sco_conn_unlock(conn); 1054 return; 1055 } 1056 1057 sco_sock_init(sk, parent); 1058 1059 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1060 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1061 1062 hci_conn_hold(conn->hcon); 1063 __sco_chan_add(conn, sk, parent); 1064 1065 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1066 sk->sk_state = BT_CONNECT2; 1067 else 1068 sk->sk_state = BT_CONNECTED; 1069 1070 /* Wake up parent */ 1071 parent->sk_data_ready(parent); 1072 1073 bh_unlock_sock(parent); 1074 1075 sco_conn_unlock(conn); 1076 } 1077 } 1078 1079 /* ----- SCO interface with lower layer (HCI) ----- */ 1080 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1081 { 1082 struct sock *sk; 1083 int lm = 0; 1084 1085 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1086 1087 /* Find listening sockets */ 1088 read_lock(&sco_sk_list.lock); 1089 sk_for_each(sk, &sco_sk_list.head) { 1090 if (sk->sk_state != BT_LISTEN) 1091 continue; 1092 1093 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1094 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1095 lm |= HCI_LM_ACCEPT; 1096 1097 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1098 *flags |= HCI_PROTO_DEFER; 1099 break; 1100 } 1101 } 1102 read_unlock(&sco_sk_list.lock); 1103 1104 return lm; 1105 } 1106 1107 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1108 { 1109 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1110 return; 1111 1112 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1113 1114 if (!status) { 1115 struct sco_conn *conn; 1116 1117 conn = sco_conn_add(hcon); 1118 if (conn) 1119 sco_conn_ready(conn); 1120 } else 1121 sco_conn_del(hcon, bt_to_errno(status)); 1122 } 1123 1124 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1125 { 1126 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1127 return; 1128 1129 BT_DBG("hcon %p reason %d", hcon, reason); 1130 1131 sco_conn_del(hcon, bt_to_errno(reason)); 1132 } 1133 1134 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1135 { 1136 struct sco_conn *conn = hcon->sco_data; 1137 1138 if (!conn) 1139 goto drop; 1140 1141 BT_DBG("conn %p len %d", conn, skb->len); 1142 1143 if (skb->len) { 1144 sco_recv_frame(conn, skb); 1145 return; 1146 } 1147 1148 drop: 1149 kfree_skb(skb); 1150 } 1151 1152 static struct hci_cb sco_cb = { 1153 .name = "SCO", 1154 .connect_cfm = sco_connect_cfm, 1155 .disconn_cfm = sco_disconn_cfm, 1156 }; 1157 1158 static int sco_debugfs_show(struct seq_file *f, void *p) 1159 { 1160 struct sock *sk; 1161 1162 read_lock(&sco_sk_list.lock); 1163 1164 sk_for_each(sk, &sco_sk_list.head) { 1165 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1166 &sco_pi(sk)->dst, sk->sk_state); 1167 } 1168 1169 read_unlock(&sco_sk_list.lock); 1170 1171 return 0; 1172 } 1173 1174 static int sco_debugfs_open(struct inode *inode, struct file *file) 1175 { 1176 return single_open(file, sco_debugfs_show, inode->i_private); 1177 } 1178 1179 static const struct file_operations sco_debugfs_fops = { 1180 .open = sco_debugfs_open, 1181 .read = seq_read, 1182 .llseek = seq_lseek, 1183 .release = single_release, 1184 }; 1185 1186 static struct dentry *sco_debugfs; 1187 1188 static const struct proto_ops sco_sock_ops = { 1189 .family = PF_BLUETOOTH, 1190 .owner = THIS_MODULE, 1191 .release = sco_sock_release, 1192 .bind = sco_sock_bind, 1193 .connect = sco_sock_connect, 1194 .listen = sco_sock_listen, 1195 .accept = sco_sock_accept, 1196 .getname = sco_sock_getname, 1197 .sendmsg = sco_sock_sendmsg, 1198 .recvmsg = sco_sock_recvmsg, 1199 .poll = bt_sock_poll, 1200 .ioctl = bt_sock_ioctl, 1201 .mmap = sock_no_mmap, 1202 .socketpair = sock_no_socketpair, 1203 .shutdown = sco_sock_shutdown, 1204 .setsockopt = sco_sock_setsockopt, 1205 .getsockopt = sco_sock_getsockopt 1206 }; 1207 1208 static const struct net_proto_family sco_sock_family_ops = { 1209 .family = PF_BLUETOOTH, 1210 .owner = THIS_MODULE, 1211 .create = sco_sock_create, 1212 }; 1213 1214 int __init sco_init(void) 1215 { 1216 int err; 1217 1218 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1219 1220 err = proto_register(&sco_proto, 0); 1221 if (err < 0) 1222 return err; 1223 1224 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1225 if (err < 0) { 1226 BT_ERR("SCO socket registration failed"); 1227 goto error; 1228 } 1229 1230 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1231 if (err < 0) { 1232 BT_ERR("Failed to create SCO proc file"); 1233 bt_sock_unregister(BTPROTO_SCO); 1234 goto error; 1235 } 1236 1237 BT_INFO("SCO socket layer initialized"); 1238 1239 hci_register_cb(&sco_cb); 1240 1241 if (IS_ERR_OR_NULL(bt_debugfs)) 1242 return 0; 1243 1244 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1245 NULL, &sco_debugfs_fops); 1246 1247 return 0; 1248 1249 error: 1250 proto_unregister(&sco_proto); 1251 return err; 1252 } 1253 1254 void sco_exit(void) 1255 { 1256 bt_procfs_cleanup(&init_net, "sco"); 1257 1258 debugfs_remove(sco_debugfs); 1259 1260 hci_unregister_cb(&sco_cb); 1261 1262 bt_sock_unregister(BTPROTO_SCO); 1263 1264 proto_unregister(&sco_proto); 1265 } 1266 1267 module_param(disable_esco, bool, 0644); 1268 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1269