xref: /openbmc/linux/net/bluetooth/sco.c (revision c8dbaa22)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35 
36 static bool disable_esco;
37 
38 static const struct proto_ops sco_sock_ops;
39 
40 static struct bt_sock_list sco_sk_list = {
41 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43 
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 	struct hci_conn	*hcon;
47 
48 	spinlock_t	lock;
49 	struct sock	*sk;
50 
51 	unsigned int    mtu;
52 };
53 
54 #define sco_conn_lock(c)	spin_lock(&c->lock);
55 #define sco_conn_unlock(c)	spin_unlock(&c->lock);
56 
57 static void sco_sock_close(struct sock *sk);
58 static void sco_sock_kill(struct sock *sk);
59 
60 /* ----- SCO socket info ----- */
61 #define sco_pi(sk) ((struct sco_pinfo *) sk)
62 
63 struct sco_pinfo {
64 	struct bt_sock	bt;
65 	bdaddr_t	src;
66 	bdaddr_t	dst;
67 	__u32		flags;
68 	__u16		setting;
69 	struct sco_conn	*conn;
70 };
71 
72 /* ---- SCO timers ---- */
73 #define SCO_CONN_TIMEOUT	(HZ * 40)
74 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
75 
76 static void sco_sock_timeout(unsigned long arg)
77 {
78 	struct sock *sk = (struct sock *)arg;
79 
80 	BT_DBG("sock %p state %d", sk, sk->sk_state);
81 
82 	bh_lock_sock(sk);
83 	sk->sk_err = ETIMEDOUT;
84 	sk->sk_state_change(sk);
85 	bh_unlock_sock(sk);
86 
87 	sco_sock_kill(sk);
88 	sock_put(sk);
89 }
90 
91 static void sco_sock_set_timer(struct sock *sk, long timeout)
92 {
93 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95 }
96 
97 static void sco_sock_clear_timer(struct sock *sk)
98 {
99 	BT_DBG("sock %p state %d", sk, sk->sk_state);
100 	sk_stop_timer(sk, &sk->sk_timer);
101 }
102 
103 /* ---- SCO connections ---- */
104 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105 {
106 	struct hci_dev *hdev = hcon->hdev;
107 	struct sco_conn *conn = hcon->sco_data;
108 
109 	if (conn)
110 		return conn;
111 
112 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 	if (!conn)
114 		return NULL;
115 
116 	spin_lock_init(&conn->lock);
117 
118 	hcon->sco_data = conn;
119 	conn->hcon = hcon;
120 
121 	if (hdev->sco_mtu > 0)
122 		conn->mtu = hdev->sco_mtu;
123 	else
124 		conn->mtu = 60;
125 
126 	BT_DBG("hcon %p conn %p", hcon, conn);
127 
128 	return conn;
129 }
130 
131 /* Delete channel.
132  * Must be called on the locked socket. */
133 static void sco_chan_del(struct sock *sk, int err)
134 {
135 	struct sco_conn *conn;
136 
137 	conn = sco_pi(sk)->conn;
138 
139 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140 
141 	if (conn) {
142 		sco_conn_lock(conn);
143 		conn->sk = NULL;
144 		sco_pi(sk)->conn = NULL;
145 		sco_conn_unlock(conn);
146 
147 		if (conn->hcon)
148 			hci_conn_drop(conn->hcon);
149 	}
150 
151 	sk->sk_state = BT_CLOSED;
152 	sk->sk_err   = err;
153 	sk->sk_state_change(sk);
154 
155 	sock_set_flag(sk, SOCK_ZAPPED);
156 }
157 
158 static void sco_conn_del(struct hci_conn *hcon, int err)
159 {
160 	struct sco_conn *conn = hcon->sco_data;
161 	struct sock *sk;
162 
163 	if (!conn)
164 		return;
165 
166 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167 
168 	/* Kill socket */
169 	sco_conn_lock(conn);
170 	sk = conn->sk;
171 	sco_conn_unlock(conn);
172 
173 	if (sk) {
174 		sock_hold(sk);
175 		bh_lock_sock(sk);
176 		sco_sock_clear_timer(sk);
177 		sco_chan_del(sk, err);
178 		bh_unlock_sock(sk);
179 		sco_sock_kill(sk);
180 		sock_put(sk);
181 	}
182 
183 	hcon->sco_data = NULL;
184 	kfree(conn);
185 }
186 
187 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 			   struct sock *parent)
189 {
190 	BT_DBG("conn %p", conn);
191 
192 	sco_pi(sk)->conn = conn;
193 	conn->sk = sk;
194 
195 	if (parent)
196 		bt_accept_enqueue(parent, sk);
197 }
198 
199 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 			struct sock *parent)
201 {
202 	int err = 0;
203 
204 	sco_conn_lock(conn);
205 	if (conn->sk)
206 		err = -EBUSY;
207 	else
208 		__sco_chan_add(conn, sk, parent);
209 
210 	sco_conn_unlock(conn);
211 	return err;
212 }
213 
214 static int sco_connect(struct sock *sk)
215 {
216 	struct sco_conn *conn;
217 	struct hci_conn *hcon;
218 	struct hci_dev  *hdev;
219 	int err, type;
220 
221 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222 
223 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 	if (!hdev)
225 		return -EHOSTUNREACH;
226 
227 	hci_dev_lock(hdev);
228 
229 	if (lmp_esco_capable(hdev) && !disable_esco)
230 		type = ESCO_LINK;
231 	else
232 		type = SCO_LINK;
233 
234 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 		err = -EOPNOTSUPP;
237 		goto done;
238 	}
239 
240 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 			       sco_pi(sk)->setting);
242 	if (IS_ERR(hcon)) {
243 		err = PTR_ERR(hcon);
244 		goto done;
245 	}
246 
247 	conn = sco_conn_add(hcon);
248 	if (!conn) {
249 		hci_conn_drop(hcon);
250 		err = -ENOMEM;
251 		goto done;
252 	}
253 
254 	/* Update source addr of the socket */
255 	bacpy(&sco_pi(sk)->src, &hcon->src);
256 
257 	err = sco_chan_add(conn, sk, NULL);
258 	if (err)
259 		goto done;
260 
261 	if (hcon->state == BT_CONNECTED) {
262 		sco_sock_clear_timer(sk);
263 		sk->sk_state = BT_CONNECTED;
264 	} else {
265 		sk->sk_state = BT_CONNECT;
266 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 	}
268 
269 done:
270 	hci_dev_unlock(hdev);
271 	hci_dev_put(hdev);
272 	return err;
273 }
274 
275 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276 {
277 	struct sco_conn *conn = sco_pi(sk)->conn;
278 	struct sk_buff *skb;
279 	int err;
280 
281 	/* Check outgoing MTU */
282 	if (len > conn->mtu)
283 		return -EINVAL;
284 
285 	BT_DBG("sk %p len %d", sk, len);
286 
287 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 	if (!skb)
289 		return err;
290 
291 	if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 		kfree_skb(skb);
293 		return -EFAULT;
294 	}
295 
296 	hci_send_sco(conn->hcon, skb);
297 
298 	return len;
299 }
300 
301 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302 {
303 	struct sock *sk;
304 
305 	sco_conn_lock(conn);
306 	sk = conn->sk;
307 	sco_conn_unlock(conn);
308 
309 	if (!sk)
310 		goto drop;
311 
312 	BT_DBG("sk %p len %d", sk, skb->len);
313 
314 	if (sk->sk_state != BT_CONNECTED)
315 		goto drop;
316 
317 	if (!sock_queue_rcv_skb(sk, skb))
318 		return;
319 
320 drop:
321 	kfree_skb(skb);
322 }
323 
324 /* -------- Socket interface ---------- */
325 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326 {
327 	struct sock *sk;
328 
329 	sk_for_each(sk, &sco_sk_list.head) {
330 		if (sk->sk_state != BT_LISTEN)
331 			continue;
332 
333 		if (!bacmp(&sco_pi(sk)->src, ba))
334 			return sk;
335 	}
336 
337 	return NULL;
338 }
339 
340 /* Find socket listening on source bdaddr.
341  * Returns closest match.
342  */
343 static struct sock *sco_get_sock_listen(bdaddr_t *src)
344 {
345 	struct sock *sk = NULL, *sk1 = NULL;
346 
347 	read_lock(&sco_sk_list.lock);
348 
349 	sk_for_each(sk, &sco_sk_list.head) {
350 		if (sk->sk_state != BT_LISTEN)
351 			continue;
352 
353 		/* Exact match. */
354 		if (!bacmp(&sco_pi(sk)->src, src))
355 			break;
356 
357 		/* Closest match */
358 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 			sk1 = sk;
360 	}
361 
362 	read_unlock(&sco_sk_list.lock);
363 
364 	return sk ? sk : sk1;
365 }
366 
367 static void sco_sock_destruct(struct sock *sk)
368 {
369 	BT_DBG("sk %p", sk);
370 
371 	skb_queue_purge(&sk->sk_receive_queue);
372 	skb_queue_purge(&sk->sk_write_queue);
373 }
374 
375 static void sco_sock_cleanup_listen(struct sock *parent)
376 {
377 	struct sock *sk;
378 
379 	BT_DBG("parent %p", parent);
380 
381 	/* Close not yet accepted channels */
382 	while ((sk = bt_accept_dequeue(parent, NULL))) {
383 		sco_sock_close(sk);
384 		sco_sock_kill(sk);
385 	}
386 
387 	parent->sk_state  = BT_CLOSED;
388 	sock_set_flag(parent, SOCK_ZAPPED);
389 }
390 
391 /* Kill socket (only if zapped and orphan)
392  * Must be called on unlocked socket.
393  */
394 static void sco_sock_kill(struct sock *sk)
395 {
396 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
397 		return;
398 
399 	BT_DBG("sk %p state %d", sk, sk->sk_state);
400 
401 	/* Kill poor orphan */
402 	bt_sock_unlink(&sco_sk_list, sk);
403 	sock_set_flag(sk, SOCK_DEAD);
404 	sock_put(sk);
405 }
406 
407 static void __sco_sock_close(struct sock *sk)
408 {
409 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
410 
411 	switch (sk->sk_state) {
412 	case BT_LISTEN:
413 		sco_sock_cleanup_listen(sk);
414 		break;
415 
416 	case BT_CONNECTED:
417 	case BT_CONFIG:
418 		if (sco_pi(sk)->conn->hcon) {
419 			sk->sk_state = BT_DISCONN;
420 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
421 			sco_conn_lock(sco_pi(sk)->conn);
422 			hci_conn_drop(sco_pi(sk)->conn->hcon);
423 			sco_pi(sk)->conn->hcon = NULL;
424 			sco_conn_unlock(sco_pi(sk)->conn);
425 		} else
426 			sco_chan_del(sk, ECONNRESET);
427 		break;
428 
429 	case BT_CONNECT2:
430 	case BT_CONNECT:
431 	case BT_DISCONN:
432 		sco_chan_del(sk, ECONNRESET);
433 		break;
434 
435 	default:
436 		sock_set_flag(sk, SOCK_ZAPPED);
437 		break;
438 	}
439 }
440 
441 /* Must be called on unlocked socket. */
442 static void sco_sock_close(struct sock *sk)
443 {
444 	sco_sock_clear_timer(sk);
445 	lock_sock(sk);
446 	__sco_sock_close(sk);
447 	release_sock(sk);
448 	sco_sock_kill(sk);
449 }
450 
451 static void sco_sock_init(struct sock *sk, struct sock *parent)
452 {
453 	BT_DBG("sk %p", sk);
454 
455 	if (parent) {
456 		sk->sk_type = parent->sk_type;
457 		bt_sk(sk)->flags = bt_sk(parent)->flags;
458 		security_sk_clone(parent, sk);
459 	}
460 }
461 
462 static struct proto sco_proto = {
463 	.name		= "SCO",
464 	.owner		= THIS_MODULE,
465 	.obj_size	= sizeof(struct sco_pinfo)
466 };
467 
468 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
469 				   int proto, gfp_t prio, int kern)
470 {
471 	struct sock *sk;
472 
473 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
474 	if (!sk)
475 		return NULL;
476 
477 	sock_init_data(sock, sk);
478 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
479 
480 	sk->sk_destruct = sco_sock_destruct;
481 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
482 
483 	sock_reset_flag(sk, SOCK_ZAPPED);
484 
485 	sk->sk_protocol = proto;
486 	sk->sk_state    = BT_OPEN;
487 
488 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
489 
490 	setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
491 
492 	bt_sock_link(&sco_sk_list, sk);
493 	return sk;
494 }
495 
496 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
497 			   int kern)
498 {
499 	struct sock *sk;
500 
501 	BT_DBG("sock %p", sock);
502 
503 	sock->state = SS_UNCONNECTED;
504 
505 	if (sock->type != SOCK_SEQPACKET)
506 		return -ESOCKTNOSUPPORT;
507 
508 	sock->ops = &sco_sock_ops;
509 
510 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
511 	if (!sk)
512 		return -ENOMEM;
513 
514 	sco_sock_init(sk, NULL);
515 	return 0;
516 }
517 
518 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
519 			 int addr_len)
520 {
521 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
522 	struct sock *sk = sock->sk;
523 	int err = 0;
524 
525 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
526 
527 	if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
528 	    addr->sa_family != AF_BLUETOOTH)
529 		return -EINVAL;
530 
531 	lock_sock(sk);
532 
533 	if (sk->sk_state != BT_OPEN) {
534 		err = -EBADFD;
535 		goto done;
536 	}
537 
538 	if (sk->sk_type != SOCK_SEQPACKET) {
539 		err = -EINVAL;
540 		goto done;
541 	}
542 
543 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
544 
545 	sk->sk_state = BT_BOUND;
546 
547 done:
548 	release_sock(sk);
549 	return err;
550 }
551 
552 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
553 {
554 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
555 	struct sock *sk = sock->sk;
556 	int err;
557 
558 	BT_DBG("sk %p", sk);
559 
560 	if (alen < sizeof(struct sockaddr_sco) ||
561 	    addr->sa_family != AF_BLUETOOTH)
562 		return -EINVAL;
563 
564 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
565 		return -EBADFD;
566 
567 	if (sk->sk_type != SOCK_SEQPACKET)
568 		return -EINVAL;
569 
570 	lock_sock(sk);
571 
572 	/* Set destination address and psm */
573 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
574 
575 	err = sco_connect(sk);
576 	if (err)
577 		goto done;
578 
579 	err = bt_sock_wait_state(sk, BT_CONNECTED,
580 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
581 
582 done:
583 	release_sock(sk);
584 	return err;
585 }
586 
587 static int sco_sock_listen(struct socket *sock, int backlog)
588 {
589 	struct sock *sk = sock->sk;
590 	bdaddr_t *src = &sco_pi(sk)->src;
591 	int err = 0;
592 
593 	BT_DBG("sk %p backlog %d", sk, backlog);
594 
595 	lock_sock(sk);
596 
597 	if (sk->sk_state != BT_BOUND) {
598 		err = -EBADFD;
599 		goto done;
600 	}
601 
602 	if (sk->sk_type != SOCK_SEQPACKET) {
603 		err = -EINVAL;
604 		goto done;
605 	}
606 
607 	write_lock(&sco_sk_list.lock);
608 
609 	if (__sco_get_sock_listen_by_addr(src)) {
610 		err = -EADDRINUSE;
611 		goto unlock;
612 	}
613 
614 	sk->sk_max_ack_backlog = backlog;
615 	sk->sk_ack_backlog = 0;
616 
617 	sk->sk_state = BT_LISTEN;
618 
619 unlock:
620 	write_unlock(&sco_sk_list.lock);
621 
622 done:
623 	release_sock(sk);
624 	return err;
625 }
626 
627 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
628 			   int flags, bool kern)
629 {
630 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
631 	struct sock *sk = sock->sk, *ch;
632 	long timeo;
633 	int err = 0;
634 
635 	lock_sock(sk);
636 
637 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
638 
639 	BT_DBG("sk %p timeo %ld", sk, timeo);
640 
641 	/* Wait for an incoming connection. (wake-one). */
642 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
643 	while (1) {
644 		if (sk->sk_state != BT_LISTEN) {
645 			err = -EBADFD;
646 			break;
647 		}
648 
649 		ch = bt_accept_dequeue(sk, newsock);
650 		if (ch)
651 			break;
652 
653 		if (!timeo) {
654 			err = -EAGAIN;
655 			break;
656 		}
657 
658 		if (signal_pending(current)) {
659 			err = sock_intr_errno(timeo);
660 			break;
661 		}
662 
663 		release_sock(sk);
664 
665 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
666 		lock_sock(sk);
667 	}
668 	remove_wait_queue(sk_sleep(sk), &wait);
669 
670 	if (err)
671 		goto done;
672 
673 	newsock->state = SS_CONNECTED;
674 
675 	BT_DBG("new socket %p", ch);
676 
677 done:
678 	release_sock(sk);
679 	return err;
680 }
681 
682 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
683 			    int *len, int peer)
684 {
685 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
686 	struct sock *sk = sock->sk;
687 
688 	BT_DBG("sock %p, sk %p", sock, sk);
689 
690 	addr->sa_family = AF_BLUETOOTH;
691 	*len = sizeof(struct sockaddr_sco);
692 
693 	if (peer)
694 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
695 	else
696 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
697 
698 	return 0;
699 }
700 
701 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
702 			    size_t len)
703 {
704 	struct sock *sk = sock->sk;
705 	int err;
706 
707 	BT_DBG("sock %p, sk %p", sock, sk);
708 
709 	err = sock_error(sk);
710 	if (err)
711 		return err;
712 
713 	if (msg->msg_flags & MSG_OOB)
714 		return -EOPNOTSUPP;
715 
716 	lock_sock(sk);
717 
718 	if (sk->sk_state == BT_CONNECTED)
719 		err = sco_send_frame(sk, msg, len);
720 	else
721 		err = -ENOTCONN;
722 
723 	release_sock(sk);
724 	return err;
725 }
726 
727 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
728 {
729 	struct hci_dev *hdev = conn->hdev;
730 
731 	BT_DBG("conn %p", conn);
732 
733 	conn->state = BT_CONFIG;
734 
735 	if (!lmp_esco_capable(hdev)) {
736 		struct hci_cp_accept_conn_req cp;
737 
738 		bacpy(&cp.bdaddr, &conn->dst);
739 		cp.role = 0x00; /* Ignored */
740 
741 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
742 	} else {
743 		struct hci_cp_accept_sync_conn_req cp;
744 
745 		bacpy(&cp.bdaddr, &conn->dst);
746 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
747 
748 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
749 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
750 		cp.content_format = cpu_to_le16(setting);
751 
752 		switch (setting & SCO_AIRMODE_MASK) {
753 		case SCO_AIRMODE_TRANSP:
754 			if (conn->pkt_type & ESCO_2EV3)
755 				cp.max_latency = cpu_to_le16(0x0008);
756 			else
757 				cp.max_latency = cpu_to_le16(0x000D);
758 			cp.retrans_effort = 0x02;
759 			break;
760 		case SCO_AIRMODE_CVSD:
761 			cp.max_latency = cpu_to_le16(0xffff);
762 			cp.retrans_effort = 0xff;
763 			break;
764 		}
765 
766 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
767 			     sizeof(cp), &cp);
768 	}
769 }
770 
771 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
772 			    size_t len, int flags)
773 {
774 	struct sock *sk = sock->sk;
775 	struct sco_pinfo *pi = sco_pi(sk);
776 
777 	lock_sock(sk);
778 
779 	if (sk->sk_state == BT_CONNECT2 &&
780 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
781 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
782 		sk->sk_state = BT_CONFIG;
783 
784 		release_sock(sk);
785 		return 0;
786 	}
787 
788 	release_sock(sk);
789 
790 	return bt_sock_recvmsg(sock, msg, len, flags);
791 }
792 
793 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
794 			       char __user *optval, unsigned int optlen)
795 {
796 	struct sock *sk = sock->sk;
797 	int len, err = 0;
798 	struct bt_voice voice;
799 	u32 opt;
800 
801 	BT_DBG("sk %p", sk);
802 
803 	lock_sock(sk);
804 
805 	switch (optname) {
806 
807 	case BT_DEFER_SETUP:
808 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
809 			err = -EINVAL;
810 			break;
811 		}
812 
813 		if (get_user(opt, (u32 __user *) optval)) {
814 			err = -EFAULT;
815 			break;
816 		}
817 
818 		if (opt)
819 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
820 		else
821 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 		break;
823 
824 	case BT_VOICE:
825 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
826 		    sk->sk_state != BT_CONNECT2) {
827 			err = -EINVAL;
828 			break;
829 		}
830 
831 		voice.setting = sco_pi(sk)->setting;
832 
833 		len = min_t(unsigned int, sizeof(voice), optlen);
834 		if (copy_from_user((char *)&voice, optval, len)) {
835 			err = -EFAULT;
836 			break;
837 		}
838 
839 		/* Explicitly check for these values */
840 		if (voice.setting != BT_VOICE_TRANSPARENT &&
841 		    voice.setting != BT_VOICE_CVSD_16BIT) {
842 			err = -EINVAL;
843 			break;
844 		}
845 
846 		sco_pi(sk)->setting = voice.setting;
847 		break;
848 
849 	default:
850 		err = -ENOPROTOOPT;
851 		break;
852 	}
853 
854 	release_sock(sk);
855 	return err;
856 }
857 
858 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
859 				   char __user *optval, int __user *optlen)
860 {
861 	struct sock *sk = sock->sk;
862 	struct sco_options opts;
863 	struct sco_conninfo cinfo;
864 	int len, err = 0;
865 
866 	BT_DBG("sk %p", sk);
867 
868 	if (get_user(len, optlen))
869 		return -EFAULT;
870 
871 	lock_sock(sk);
872 
873 	switch (optname) {
874 	case SCO_OPTIONS:
875 		if (sk->sk_state != BT_CONNECTED &&
876 		    !(sk->sk_state == BT_CONNECT2 &&
877 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
878 			err = -ENOTCONN;
879 			break;
880 		}
881 
882 		opts.mtu = sco_pi(sk)->conn->mtu;
883 
884 		BT_DBG("mtu %d", opts.mtu);
885 
886 		len = min_t(unsigned int, len, sizeof(opts));
887 		if (copy_to_user(optval, (char *)&opts, len))
888 			err = -EFAULT;
889 
890 		break;
891 
892 	case SCO_CONNINFO:
893 		if (sk->sk_state != BT_CONNECTED &&
894 		    !(sk->sk_state == BT_CONNECT2 &&
895 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
896 			err = -ENOTCONN;
897 			break;
898 		}
899 
900 		memset(&cinfo, 0, sizeof(cinfo));
901 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
902 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
903 
904 		len = min_t(unsigned int, len, sizeof(cinfo));
905 		if (copy_to_user(optval, (char *)&cinfo, len))
906 			err = -EFAULT;
907 
908 		break;
909 
910 	default:
911 		err = -ENOPROTOOPT;
912 		break;
913 	}
914 
915 	release_sock(sk);
916 	return err;
917 }
918 
919 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
920 			       char __user *optval, int __user *optlen)
921 {
922 	struct sock *sk = sock->sk;
923 	int len, err = 0;
924 	struct bt_voice voice;
925 
926 	BT_DBG("sk %p", sk);
927 
928 	if (level == SOL_SCO)
929 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
930 
931 	if (get_user(len, optlen))
932 		return -EFAULT;
933 
934 	lock_sock(sk);
935 
936 	switch (optname) {
937 
938 	case BT_DEFER_SETUP:
939 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
940 			err = -EINVAL;
941 			break;
942 		}
943 
944 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
945 			     (u32 __user *)optval))
946 			err = -EFAULT;
947 
948 		break;
949 
950 	case BT_VOICE:
951 		voice.setting = sco_pi(sk)->setting;
952 
953 		len = min_t(unsigned int, len, sizeof(voice));
954 		if (copy_to_user(optval, (char *)&voice, len))
955 			err = -EFAULT;
956 
957 		break;
958 
959 	default:
960 		err = -ENOPROTOOPT;
961 		break;
962 	}
963 
964 	release_sock(sk);
965 	return err;
966 }
967 
968 static int sco_sock_shutdown(struct socket *sock, int how)
969 {
970 	struct sock *sk = sock->sk;
971 	int err = 0;
972 
973 	BT_DBG("sock %p, sk %p", sock, sk);
974 
975 	if (!sk)
976 		return 0;
977 
978 	sock_hold(sk);
979 	lock_sock(sk);
980 
981 	if (!sk->sk_shutdown) {
982 		sk->sk_shutdown = SHUTDOWN_MASK;
983 		sco_sock_clear_timer(sk);
984 		__sco_sock_close(sk);
985 
986 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
987 		    !(current->flags & PF_EXITING))
988 			err = bt_sock_wait_state(sk, BT_CLOSED,
989 						 sk->sk_lingertime);
990 	}
991 
992 	release_sock(sk);
993 	sock_put(sk);
994 
995 	return err;
996 }
997 
998 static int sco_sock_release(struct socket *sock)
999 {
1000 	struct sock *sk = sock->sk;
1001 	int err = 0;
1002 
1003 	BT_DBG("sock %p, sk %p", sock, sk);
1004 
1005 	if (!sk)
1006 		return 0;
1007 
1008 	sco_sock_close(sk);
1009 
1010 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1011 	    !(current->flags & PF_EXITING)) {
1012 		lock_sock(sk);
1013 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1014 		release_sock(sk);
1015 	}
1016 
1017 	sock_orphan(sk);
1018 	sco_sock_kill(sk);
1019 	return err;
1020 }
1021 
1022 static void sco_conn_ready(struct sco_conn *conn)
1023 {
1024 	struct sock *parent;
1025 	struct sock *sk = conn->sk;
1026 
1027 	BT_DBG("conn %p", conn);
1028 
1029 	if (sk) {
1030 		sco_sock_clear_timer(sk);
1031 		bh_lock_sock(sk);
1032 		sk->sk_state = BT_CONNECTED;
1033 		sk->sk_state_change(sk);
1034 		bh_unlock_sock(sk);
1035 	} else {
1036 		sco_conn_lock(conn);
1037 
1038 		if (!conn->hcon) {
1039 			sco_conn_unlock(conn);
1040 			return;
1041 		}
1042 
1043 		parent = sco_get_sock_listen(&conn->hcon->src);
1044 		if (!parent) {
1045 			sco_conn_unlock(conn);
1046 			return;
1047 		}
1048 
1049 		bh_lock_sock(parent);
1050 
1051 		sk = sco_sock_alloc(sock_net(parent), NULL,
1052 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1053 		if (!sk) {
1054 			bh_unlock_sock(parent);
1055 			sco_conn_unlock(conn);
1056 			return;
1057 		}
1058 
1059 		sco_sock_init(sk, parent);
1060 
1061 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1062 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1063 
1064 		hci_conn_hold(conn->hcon);
1065 		__sco_chan_add(conn, sk, parent);
1066 
1067 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1068 			sk->sk_state = BT_CONNECT2;
1069 		else
1070 			sk->sk_state = BT_CONNECTED;
1071 
1072 		/* Wake up parent */
1073 		parent->sk_data_ready(parent);
1074 
1075 		bh_unlock_sock(parent);
1076 
1077 		sco_conn_unlock(conn);
1078 	}
1079 }
1080 
1081 /* ----- SCO interface with lower layer (HCI) ----- */
1082 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1083 {
1084 	struct sock *sk;
1085 	int lm = 0;
1086 
1087 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1088 
1089 	/* Find listening sockets */
1090 	read_lock(&sco_sk_list.lock);
1091 	sk_for_each(sk, &sco_sk_list.head) {
1092 		if (sk->sk_state != BT_LISTEN)
1093 			continue;
1094 
1095 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1096 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1097 			lm |= HCI_LM_ACCEPT;
1098 
1099 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1100 				*flags |= HCI_PROTO_DEFER;
1101 			break;
1102 		}
1103 	}
1104 	read_unlock(&sco_sk_list.lock);
1105 
1106 	return lm;
1107 }
1108 
1109 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1110 {
1111 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1112 		return;
1113 
1114 	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1115 
1116 	if (!status) {
1117 		struct sco_conn *conn;
1118 
1119 		conn = sco_conn_add(hcon);
1120 		if (conn)
1121 			sco_conn_ready(conn);
1122 	} else
1123 		sco_conn_del(hcon, bt_to_errno(status));
1124 }
1125 
1126 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1127 {
1128 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1129 		return;
1130 
1131 	BT_DBG("hcon %p reason %d", hcon, reason);
1132 
1133 	sco_conn_del(hcon, bt_to_errno(reason));
1134 }
1135 
1136 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1137 {
1138 	struct sco_conn *conn = hcon->sco_data;
1139 
1140 	if (!conn)
1141 		goto drop;
1142 
1143 	BT_DBG("conn %p len %d", conn, skb->len);
1144 
1145 	if (skb->len) {
1146 		sco_recv_frame(conn, skb);
1147 		return;
1148 	}
1149 
1150 drop:
1151 	kfree_skb(skb);
1152 }
1153 
1154 static struct hci_cb sco_cb = {
1155 	.name		= "SCO",
1156 	.connect_cfm	= sco_connect_cfm,
1157 	.disconn_cfm	= sco_disconn_cfm,
1158 };
1159 
1160 static int sco_debugfs_show(struct seq_file *f, void *p)
1161 {
1162 	struct sock *sk;
1163 
1164 	read_lock(&sco_sk_list.lock);
1165 
1166 	sk_for_each(sk, &sco_sk_list.head) {
1167 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1168 			   &sco_pi(sk)->dst, sk->sk_state);
1169 	}
1170 
1171 	read_unlock(&sco_sk_list.lock);
1172 
1173 	return 0;
1174 }
1175 
1176 static int sco_debugfs_open(struct inode *inode, struct file *file)
1177 {
1178 	return single_open(file, sco_debugfs_show, inode->i_private);
1179 }
1180 
1181 static const struct file_operations sco_debugfs_fops = {
1182 	.open		= sco_debugfs_open,
1183 	.read		= seq_read,
1184 	.llseek		= seq_lseek,
1185 	.release	= single_release,
1186 };
1187 
1188 static struct dentry *sco_debugfs;
1189 
1190 static const struct proto_ops sco_sock_ops = {
1191 	.family		= PF_BLUETOOTH,
1192 	.owner		= THIS_MODULE,
1193 	.release	= sco_sock_release,
1194 	.bind		= sco_sock_bind,
1195 	.connect	= sco_sock_connect,
1196 	.listen		= sco_sock_listen,
1197 	.accept		= sco_sock_accept,
1198 	.getname	= sco_sock_getname,
1199 	.sendmsg	= sco_sock_sendmsg,
1200 	.recvmsg	= sco_sock_recvmsg,
1201 	.poll		= bt_sock_poll,
1202 	.ioctl		= bt_sock_ioctl,
1203 	.mmap		= sock_no_mmap,
1204 	.socketpair	= sock_no_socketpair,
1205 	.shutdown	= sco_sock_shutdown,
1206 	.setsockopt	= sco_sock_setsockopt,
1207 	.getsockopt	= sco_sock_getsockopt
1208 };
1209 
1210 static const struct net_proto_family sco_sock_family_ops = {
1211 	.family	= PF_BLUETOOTH,
1212 	.owner	= THIS_MODULE,
1213 	.create	= sco_sock_create,
1214 };
1215 
1216 int __init sco_init(void)
1217 {
1218 	int err;
1219 
1220 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1221 
1222 	err = proto_register(&sco_proto, 0);
1223 	if (err < 0)
1224 		return err;
1225 
1226 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1227 	if (err < 0) {
1228 		BT_ERR("SCO socket registration failed");
1229 		goto error;
1230 	}
1231 
1232 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1233 	if (err < 0) {
1234 		BT_ERR("Failed to create SCO proc file");
1235 		bt_sock_unregister(BTPROTO_SCO);
1236 		goto error;
1237 	}
1238 
1239 	BT_INFO("SCO socket layer initialized");
1240 
1241 	hci_register_cb(&sco_cb);
1242 
1243 	if (IS_ERR_OR_NULL(bt_debugfs))
1244 		return 0;
1245 
1246 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1247 					  NULL, &sco_debugfs_fops);
1248 
1249 	return 0;
1250 
1251 error:
1252 	proto_unregister(&sco_proto);
1253 	return err;
1254 }
1255 
1256 void sco_exit(void)
1257 {
1258 	bt_procfs_cleanup(&init_net, "sco");
1259 
1260 	debugfs_remove(sco_debugfs);
1261 
1262 	hci_unregister_cb(&sco_cb);
1263 
1264 	bt_sock_unregister(BTPROTO_SCO);
1265 
1266 	proto_unregister(&sco_proto);
1267 }
1268 
1269 module_param(disable_esco, bool, 0644);
1270 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1271