1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/sco.h> 34 35 static bool disable_esco; 36 37 static const struct proto_ops sco_sock_ops; 38 39 static struct bt_sock_list sco_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 41 }; 42 43 /* ---- SCO connections ---- */ 44 struct sco_conn { 45 struct hci_conn *hcon; 46 47 spinlock_t lock; 48 struct sock *sk; 49 50 unsigned int mtu; 51 }; 52 53 #define sco_conn_lock(c) spin_lock(&c->lock); 54 #define sco_conn_unlock(c) spin_unlock(&c->lock); 55 56 static void sco_sock_close(struct sock *sk); 57 static void sco_sock_kill(struct sock *sk); 58 59 /* ----- SCO socket info ----- */ 60 #define sco_pi(sk) ((struct sco_pinfo *) sk) 61 62 struct sco_pinfo { 63 struct bt_sock bt; 64 bdaddr_t src; 65 bdaddr_t dst; 66 __u32 flags; 67 __u16 setting; 68 struct sco_conn *conn; 69 }; 70 71 /* ---- SCO timers ---- */ 72 #define SCO_CONN_TIMEOUT (HZ * 40) 73 #define SCO_DISCONN_TIMEOUT (HZ * 2) 74 75 static void sco_sock_timeout(unsigned long arg) 76 { 77 struct sock *sk = (struct sock *) arg; 78 79 BT_DBG("sock %p state %d", sk, sk->sk_state); 80 81 bh_lock_sock(sk); 82 sk->sk_err = ETIMEDOUT; 83 sk->sk_state_change(sk); 84 bh_unlock_sock(sk); 85 86 sco_sock_kill(sk); 87 sock_put(sk); 88 } 89 90 static void sco_sock_set_timer(struct sock *sk, long timeout) 91 { 92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 94 } 95 96 static void sco_sock_clear_timer(struct sock *sk) 97 { 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 sk_stop_timer(sk, &sk->sk_timer); 100 } 101 102 /* ---- SCO connections ---- */ 103 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 104 { 105 struct hci_dev *hdev = hcon->hdev; 106 struct sco_conn *conn = hcon->sco_data; 107 108 if (conn) 109 return conn; 110 111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 112 if (!conn) 113 return NULL; 114 115 spin_lock_init(&conn->lock); 116 117 hcon->sco_data = conn; 118 conn->hcon = hcon; 119 120 if (hdev->sco_mtu > 0) 121 conn->mtu = hdev->sco_mtu; 122 else 123 conn->mtu = 60; 124 125 BT_DBG("hcon %p conn %p", hcon, conn); 126 127 return conn; 128 } 129 130 /* Delete channel. 131 * Must be called on the locked socket. */ 132 static void sco_chan_del(struct sock *sk, int err) 133 { 134 struct sco_conn *conn; 135 136 conn = sco_pi(sk)->conn; 137 138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 139 140 if (conn) { 141 sco_conn_lock(conn); 142 conn->sk = NULL; 143 sco_pi(sk)->conn = NULL; 144 sco_conn_unlock(conn); 145 146 if (conn->hcon) 147 hci_conn_drop(conn->hcon); 148 } 149 150 sk->sk_state = BT_CLOSED; 151 sk->sk_err = err; 152 sk->sk_state_change(sk); 153 154 sock_set_flag(sk, SOCK_ZAPPED); 155 } 156 157 static void sco_conn_del(struct hci_conn *hcon, int err) 158 { 159 struct sco_conn *conn = hcon->sco_data; 160 struct sock *sk; 161 162 if (!conn) 163 return; 164 165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 166 167 /* Kill socket */ 168 sco_conn_lock(conn); 169 sk = conn->sk; 170 sco_conn_unlock(conn); 171 172 if (sk) { 173 bh_lock_sock(sk); 174 sco_sock_clear_timer(sk); 175 sco_chan_del(sk, err); 176 bh_unlock_sock(sk); 177 sco_sock_kill(sk); 178 } 179 180 hcon->sco_data = NULL; 181 kfree(conn); 182 } 183 184 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 185 { 186 BT_DBG("conn %p", conn); 187 188 sco_pi(sk)->conn = conn; 189 conn->sk = sk; 190 191 if (parent) 192 bt_accept_enqueue(parent, sk); 193 } 194 195 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 196 struct sock *parent) 197 { 198 int err = 0; 199 200 sco_conn_lock(conn); 201 if (conn->sk) 202 err = -EBUSY; 203 else 204 __sco_chan_add(conn, sk, parent); 205 206 sco_conn_unlock(conn); 207 return err; 208 } 209 210 static int sco_connect(struct sock *sk) 211 { 212 struct sco_conn *conn; 213 struct hci_conn *hcon; 214 struct hci_dev *hdev; 215 int err, type; 216 217 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 218 219 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src); 220 if (!hdev) 221 return -EHOSTUNREACH; 222 223 hci_dev_lock(hdev); 224 225 if (lmp_esco_capable(hdev) && !disable_esco) 226 type = ESCO_LINK; 227 else 228 type = SCO_LINK; 229 230 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 231 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 232 err = -EOPNOTSUPP; 233 goto done; 234 } 235 236 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 237 sco_pi(sk)->setting); 238 if (IS_ERR(hcon)) { 239 err = PTR_ERR(hcon); 240 goto done; 241 } 242 243 conn = sco_conn_add(hcon); 244 if (!conn) { 245 hci_conn_drop(hcon); 246 err = -ENOMEM; 247 goto done; 248 } 249 250 /* Update source addr of the socket */ 251 bacpy(&sco_pi(sk)->src, &hcon->src); 252 253 err = sco_chan_add(conn, sk, NULL); 254 if (err) 255 goto done; 256 257 if (hcon->state == BT_CONNECTED) { 258 sco_sock_clear_timer(sk); 259 sk->sk_state = BT_CONNECTED; 260 } else { 261 sk->sk_state = BT_CONNECT; 262 sco_sock_set_timer(sk, sk->sk_sndtimeo); 263 } 264 265 done: 266 hci_dev_unlock(hdev); 267 hci_dev_put(hdev); 268 return err; 269 } 270 271 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 272 { 273 struct sco_conn *conn = sco_pi(sk)->conn; 274 struct sk_buff *skb; 275 int err; 276 277 /* Check outgoing MTU */ 278 if (len > conn->mtu) 279 return -EINVAL; 280 281 BT_DBG("sk %p len %d", sk, len); 282 283 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); 284 if (!skb) 285 return err; 286 287 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 288 kfree_skb(skb); 289 return -EFAULT; 290 } 291 292 hci_send_sco(conn->hcon, skb); 293 294 return len; 295 } 296 297 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 298 { 299 struct sock *sk; 300 301 sco_conn_lock(conn); 302 sk = conn->sk; 303 sco_conn_unlock(conn); 304 305 if (!sk) 306 goto drop; 307 308 BT_DBG("sk %p len %d", sk, skb->len); 309 310 if (sk->sk_state != BT_CONNECTED) 311 goto drop; 312 313 if (!sock_queue_rcv_skb(sk, skb)) 314 return; 315 316 drop: 317 kfree_skb(skb); 318 } 319 320 /* -------- Socket interface ---------- */ 321 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 322 { 323 struct sock *sk; 324 325 sk_for_each(sk, &sco_sk_list.head) { 326 if (sk->sk_state != BT_LISTEN) 327 continue; 328 329 if (!bacmp(&sco_pi(sk)->src, ba)) 330 return sk; 331 } 332 333 return NULL; 334 } 335 336 /* Find socket listening on source bdaddr. 337 * Returns closest match. 338 */ 339 static struct sock *sco_get_sock_listen(bdaddr_t *src) 340 { 341 struct sock *sk = NULL, *sk1 = NULL; 342 343 read_lock(&sco_sk_list.lock); 344 345 sk_for_each(sk, &sco_sk_list.head) { 346 if (sk->sk_state != BT_LISTEN) 347 continue; 348 349 /* Exact match. */ 350 if (!bacmp(&sco_pi(sk)->src, src)) 351 break; 352 353 /* Closest match */ 354 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 355 sk1 = sk; 356 } 357 358 read_unlock(&sco_sk_list.lock); 359 360 return sk ? sk : sk1; 361 } 362 363 static void sco_sock_destruct(struct sock *sk) 364 { 365 BT_DBG("sk %p", sk); 366 367 skb_queue_purge(&sk->sk_receive_queue); 368 skb_queue_purge(&sk->sk_write_queue); 369 } 370 371 static void sco_sock_cleanup_listen(struct sock *parent) 372 { 373 struct sock *sk; 374 375 BT_DBG("parent %p", parent); 376 377 /* Close not yet accepted channels */ 378 while ((sk = bt_accept_dequeue(parent, NULL))) { 379 sco_sock_close(sk); 380 sco_sock_kill(sk); 381 } 382 383 parent->sk_state = BT_CLOSED; 384 sock_set_flag(parent, SOCK_ZAPPED); 385 } 386 387 /* Kill socket (only if zapped and orphan) 388 * Must be called on unlocked socket. 389 */ 390 static void sco_sock_kill(struct sock *sk) 391 { 392 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 393 return; 394 395 BT_DBG("sk %p state %d", sk, sk->sk_state); 396 397 /* Kill poor orphan */ 398 bt_sock_unlink(&sco_sk_list, sk); 399 sock_set_flag(sk, SOCK_DEAD); 400 sock_put(sk); 401 } 402 403 static void __sco_sock_close(struct sock *sk) 404 { 405 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 406 407 switch (sk->sk_state) { 408 case BT_LISTEN: 409 sco_sock_cleanup_listen(sk); 410 break; 411 412 case BT_CONNECTED: 413 case BT_CONFIG: 414 if (sco_pi(sk)->conn->hcon) { 415 sk->sk_state = BT_DISCONN; 416 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 417 hci_conn_drop(sco_pi(sk)->conn->hcon); 418 sco_pi(sk)->conn->hcon = NULL; 419 } else 420 sco_chan_del(sk, ECONNRESET); 421 break; 422 423 case BT_CONNECT2: 424 case BT_CONNECT: 425 case BT_DISCONN: 426 sco_chan_del(sk, ECONNRESET); 427 break; 428 429 default: 430 sock_set_flag(sk, SOCK_ZAPPED); 431 break; 432 } 433 } 434 435 /* Must be called on unlocked socket. */ 436 static void sco_sock_close(struct sock *sk) 437 { 438 sco_sock_clear_timer(sk); 439 lock_sock(sk); 440 __sco_sock_close(sk); 441 release_sock(sk); 442 sco_sock_kill(sk); 443 } 444 445 static void sco_sock_init(struct sock *sk, struct sock *parent) 446 { 447 BT_DBG("sk %p", sk); 448 449 if (parent) { 450 sk->sk_type = parent->sk_type; 451 bt_sk(sk)->flags = bt_sk(parent)->flags; 452 security_sk_clone(parent, sk); 453 } 454 } 455 456 static struct proto sco_proto = { 457 .name = "SCO", 458 .owner = THIS_MODULE, 459 .obj_size = sizeof(struct sco_pinfo) 460 }; 461 462 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 463 { 464 struct sock *sk; 465 466 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 467 if (!sk) 468 return NULL; 469 470 sock_init_data(sock, sk); 471 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 472 473 sk->sk_destruct = sco_sock_destruct; 474 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 475 476 sock_reset_flag(sk, SOCK_ZAPPED); 477 478 sk->sk_protocol = proto; 479 sk->sk_state = BT_OPEN; 480 481 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 482 483 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 484 485 bt_sock_link(&sco_sk_list, sk); 486 return sk; 487 } 488 489 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 490 int kern) 491 { 492 struct sock *sk; 493 494 BT_DBG("sock %p", sock); 495 496 sock->state = SS_UNCONNECTED; 497 498 if (sock->type != SOCK_SEQPACKET) 499 return -ESOCKTNOSUPPORT; 500 501 sock->ops = &sco_sock_ops; 502 503 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 504 if (!sk) 505 return -ENOMEM; 506 507 sco_sock_init(sk, NULL); 508 return 0; 509 } 510 511 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 512 { 513 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 514 struct sock *sk = sock->sk; 515 int err = 0; 516 517 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 518 519 if (!addr || addr->sa_family != AF_BLUETOOTH) 520 return -EINVAL; 521 522 lock_sock(sk); 523 524 if (sk->sk_state != BT_OPEN) { 525 err = -EBADFD; 526 goto done; 527 } 528 529 if (sk->sk_type != SOCK_SEQPACKET) { 530 err = -EINVAL; 531 goto done; 532 } 533 534 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 535 536 sk->sk_state = BT_BOUND; 537 538 done: 539 release_sock(sk); 540 return err; 541 } 542 543 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 544 { 545 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 546 struct sock *sk = sock->sk; 547 int err; 548 549 BT_DBG("sk %p", sk); 550 551 if (alen < sizeof(struct sockaddr_sco) || 552 addr->sa_family != AF_BLUETOOTH) 553 return -EINVAL; 554 555 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 556 return -EBADFD; 557 558 if (sk->sk_type != SOCK_SEQPACKET) 559 return -EINVAL; 560 561 lock_sock(sk); 562 563 /* Set destination address and psm */ 564 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 565 566 err = sco_connect(sk); 567 if (err) 568 goto done; 569 570 err = bt_sock_wait_state(sk, BT_CONNECTED, 571 sock_sndtimeo(sk, flags & O_NONBLOCK)); 572 573 done: 574 release_sock(sk); 575 return err; 576 } 577 578 static int sco_sock_listen(struct socket *sock, int backlog) 579 { 580 struct sock *sk = sock->sk; 581 bdaddr_t *src = &sco_pi(sk)->src; 582 int err = 0; 583 584 BT_DBG("sk %p backlog %d", sk, backlog); 585 586 lock_sock(sk); 587 588 if (sk->sk_state != BT_BOUND) { 589 err = -EBADFD; 590 goto done; 591 } 592 593 if (sk->sk_type != SOCK_SEQPACKET) { 594 err = -EINVAL; 595 goto done; 596 } 597 598 write_lock(&sco_sk_list.lock); 599 600 if (__sco_get_sock_listen_by_addr(src)) { 601 err = -EADDRINUSE; 602 goto unlock; 603 } 604 605 sk->sk_max_ack_backlog = backlog; 606 sk->sk_ack_backlog = 0; 607 608 sk->sk_state = BT_LISTEN; 609 610 unlock: 611 write_unlock(&sco_sk_list.lock); 612 613 done: 614 release_sock(sk); 615 return err; 616 } 617 618 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 619 { 620 DEFINE_WAIT_FUNC(wait, woken_wake_function); 621 struct sock *sk = sock->sk, *ch; 622 long timeo; 623 int err = 0; 624 625 lock_sock(sk); 626 627 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 628 629 BT_DBG("sk %p timeo %ld", sk, timeo); 630 631 /* Wait for an incoming connection. (wake-one). */ 632 add_wait_queue_exclusive(sk_sleep(sk), &wait); 633 while (1) { 634 if (sk->sk_state != BT_LISTEN) { 635 err = -EBADFD; 636 break; 637 } 638 639 ch = bt_accept_dequeue(sk, newsock); 640 if (ch) 641 break; 642 643 if (!timeo) { 644 err = -EAGAIN; 645 break; 646 } 647 648 if (signal_pending(current)) { 649 err = sock_intr_errno(timeo); 650 break; 651 } 652 653 release_sock(sk); 654 655 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 656 lock_sock(sk); 657 } 658 remove_wait_queue(sk_sleep(sk), &wait); 659 660 if (err) 661 goto done; 662 663 newsock->state = SS_CONNECTED; 664 665 BT_DBG("new socket %p", ch); 666 667 done: 668 release_sock(sk); 669 return err; 670 } 671 672 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 673 { 674 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 675 struct sock *sk = sock->sk; 676 677 BT_DBG("sock %p, sk %p", sock, sk); 678 679 addr->sa_family = AF_BLUETOOTH; 680 *len = sizeof(struct sockaddr_sco); 681 682 if (peer) 683 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 684 else 685 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 686 687 return 0; 688 } 689 690 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 691 size_t len) 692 { 693 struct sock *sk = sock->sk; 694 int err; 695 696 BT_DBG("sock %p, sk %p", sock, sk); 697 698 err = sock_error(sk); 699 if (err) 700 return err; 701 702 if (msg->msg_flags & MSG_OOB) 703 return -EOPNOTSUPP; 704 705 lock_sock(sk); 706 707 if (sk->sk_state == BT_CONNECTED) 708 err = sco_send_frame(sk, msg, len); 709 else 710 err = -ENOTCONN; 711 712 release_sock(sk); 713 return err; 714 } 715 716 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 717 { 718 struct hci_dev *hdev = conn->hdev; 719 720 BT_DBG("conn %p", conn); 721 722 conn->state = BT_CONFIG; 723 724 if (!lmp_esco_capable(hdev)) { 725 struct hci_cp_accept_conn_req cp; 726 727 bacpy(&cp.bdaddr, &conn->dst); 728 cp.role = 0x00; /* Ignored */ 729 730 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 731 } else { 732 struct hci_cp_accept_sync_conn_req cp; 733 734 bacpy(&cp.bdaddr, &conn->dst); 735 cp.pkt_type = cpu_to_le16(conn->pkt_type); 736 737 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 738 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 739 cp.content_format = cpu_to_le16(setting); 740 741 switch (setting & SCO_AIRMODE_MASK) { 742 case SCO_AIRMODE_TRANSP: 743 if (conn->pkt_type & ESCO_2EV3) 744 cp.max_latency = cpu_to_le16(0x0008); 745 else 746 cp.max_latency = cpu_to_le16(0x000D); 747 cp.retrans_effort = 0x02; 748 break; 749 case SCO_AIRMODE_CVSD: 750 cp.max_latency = cpu_to_le16(0xffff); 751 cp.retrans_effort = 0xff; 752 break; 753 } 754 755 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 756 sizeof(cp), &cp); 757 } 758 } 759 760 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 761 size_t len, int flags) 762 { 763 struct sock *sk = sock->sk; 764 struct sco_pinfo *pi = sco_pi(sk); 765 766 lock_sock(sk); 767 768 if (sk->sk_state == BT_CONNECT2 && 769 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 770 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 771 sk->sk_state = BT_CONFIG; 772 773 release_sock(sk); 774 return 0; 775 } 776 777 release_sock(sk); 778 779 return bt_sock_recvmsg(sock, msg, len, flags); 780 } 781 782 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 783 { 784 struct sock *sk = sock->sk; 785 int len, err = 0; 786 struct bt_voice voice; 787 u32 opt; 788 789 BT_DBG("sk %p", sk); 790 791 lock_sock(sk); 792 793 switch (optname) { 794 795 case BT_DEFER_SETUP: 796 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 797 err = -EINVAL; 798 break; 799 } 800 801 if (get_user(opt, (u32 __user *) optval)) { 802 err = -EFAULT; 803 break; 804 } 805 806 if (opt) 807 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 808 else 809 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 810 break; 811 812 case BT_VOICE: 813 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 814 sk->sk_state != BT_CONNECT2) { 815 err = -EINVAL; 816 break; 817 } 818 819 voice.setting = sco_pi(sk)->setting; 820 821 len = min_t(unsigned int, sizeof(voice), optlen); 822 if (copy_from_user((char *) &voice, optval, len)) { 823 err = -EFAULT; 824 break; 825 } 826 827 /* Explicitly check for these values */ 828 if (voice.setting != BT_VOICE_TRANSPARENT && 829 voice.setting != BT_VOICE_CVSD_16BIT) { 830 err = -EINVAL; 831 break; 832 } 833 834 sco_pi(sk)->setting = voice.setting; 835 break; 836 837 default: 838 err = -ENOPROTOOPT; 839 break; 840 } 841 842 release_sock(sk); 843 return err; 844 } 845 846 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 847 { 848 struct sock *sk = sock->sk; 849 struct sco_options opts; 850 struct sco_conninfo cinfo; 851 int len, err = 0; 852 853 BT_DBG("sk %p", sk); 854 855 if (get_user(len, optlen)) 856 return -EFAULT; 857 858 lock_sock(sk); 859 860 switch (optname) { 861 case SCO_OPTIONS: 862 if (sk->sk_state != BT_CONNECTED && 863 !(sk->sk_state == BT_CONNECT2 && 864 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 865 err = -ENOTCONN; 866 break; 867 } 868 869 opts.mtu = sco_pi(sk)->conn->mtu; 870 871 BT_DBG("mtu %d", opts.mtu); 872 873 len = min_t(unsigned int, len, sizeof(opts)); 874 if (copy_to_user(optval, (char *)&opts, len)) 875 err = -EFAULT; 876 877 break; 878 879 case SCO_CONNINFO: 880 if (sk->sk_state != BT_CONNECTED && 881 !(sk->sk_state == BT_CONNECT2 && 882 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 883 err = -ENOTCONN; 884 break; 885 } 886 887 memset(&cinfo, 0, sizeof(cinfo)); 888 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 889 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 890 891 len = min_t(unsigned int, len, sizeof(cinfo)); 892 if (copy_to_user(optval, (char *)&cinfo, len)) 893 err = -EFAULT; 894 895 break; 896 897 default: 898 err = -ENOPROTOOPT; 899 break; 900 } 901 902 release_sock(sk); 903 return err; 904 } 905 906 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 907 { 908 struct sock *sk = sock->sk; 909 int len, err = 0; 910 struct bt_voice voice; 911 912 BT_DBG("sk %p", sk); 913 914 if (level == SOL_SCO) 915 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 916 917 if (get_user(len, optlen)) 918 return -EFAULT; 919 920 lock_sock(sk); 921 922 switch (optname) { 923 924 case BT_DEFER_SETUP: 925 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 926 err = -EINVAL; 927 break; 928 } 929 930 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 931 (u32 __user *) optval)) 932 err = -EFAULT; 933 934 break; 935 936 case BT_VOICE: 937 voice.setting = sco_pi(sk)->setting; 938 939 len = min_t(unsigned int, len, sizeof(voice)); 940 if (copy_to_user(optval, (char *)&voice, len)) 941 err = -EFAULT; 942 943 break; 944 945 default: 946 err = -ENOPROTOOPT; 947 break; 948 } 949 950 release_sock(sk); 951 return err; 952 } 953 954 static int sco_sock_shutdown(struct socket *sock, int how) 955 { 956 struct sock *sk = sock->sk; 957 int err = 0; 958 959 BT_DBG("sock %p, sk %p", sock, sk); 960 961 if (!sk) 962 return 0; 963 964 lock_sock(sk); 965 if (!sk->sk_shutdown) { 966 sk->sk_shutdown = SHUTDOWN_MASK; 967 sco_sock_clear_timer(sk); 968 __sco_sock_close(sk); 969 970 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 971 !(current->flags & PF_EXITING)) 972 err = bt_sock_wait_state(sk, BT_CLOSED, 973 sk->sk_lingertime); 974 } 975 release_sock(sk); 976 return err; 977 } 978 979 static int sco_sock_release(struct socket *sock) 980 { 981 struct sock *sk = sock->sk; 982 int err = 0; 983 984 BT_DBG("sock %p, sk %p", sock, sk); 985 986 if (!sk) 987 return 0; 988 989 sco_sock_close(sk); 990 991 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 992 !(current->flags & PF_EXITING)) { 993 lock_sock(sk); 994 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 995 release_sock(sk); 996 } 997 998 sock_orphan(sk); 999 sco_sock_kill(sk); 1000 return err; 1001 } 1002 1003 static void sco_conn_ready(struct sco_conn *conn) 1004 { 1005 struct sock *parent; 1006 struct sock *sk = conn->sk; 1007 1008 BT_DBG("conn %p", conn); 1009 1010 if (sk) { 1011 sco_sock_clear_timer(sk); 1012 bh_lock_sock(sk); 1013 sk->sk_state = BT_CONNECTED; 1014 sk->sk_state_change(sk); 1015 bh_unlock_sock(sk); 1016 } else { 1017 sco_conn_lock(conn); 1018 1019 parent = sco_get_sock_listen(&conn->hcon->src); 1020 if (!parent) { 1021 sco_conn_unlock(conn); 1022 return; 1023 } 1024 1025 bh_lock_sock(parent); 1026 1027 sk = sco_sock_alloc(sock_net(parent), NULL, 1028 BTPROTO_SCO, GFP_ATOMIC, 0); 1029 if (!sk) { 1030 bh_unlock_sock(parent); 1031 sco_conn_unlock(conn); 1032 return; 1033 } 1034 1035 sco_sock_init(sk, parent); 1036 1037 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1038 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1039 1040 hci_conn_hold(conn->hcon); 1041 __sco_chan_add(conn, sk, parent); 1042 1043 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1044 sk->sk_state = BT_CONNECT2; 1045 else 1046 sk->sk_state = BT_CONNECTED; 1047 1048 /* Wake up parent */ 1049 parent->sk_data_ready(parent); 1050 1051 bh_unlock_sock(parent); 1052 1053 sco_conn_unlock(conn); 1054 } 1055 } 1056 1057 /* ----- SCO interface with lower layer (HCI) ----- */ 1058 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1059 { 1060 struct sock *sk; 1061 int lm = 0; 1062 1063 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1064 1065 /* Find listening sockets */ 1066 read_lock(&sco_sk_list.lock); 1067 sk_for_each(sk, &sco_sk_list.head) { 1068 if (sk->sk_state != BT_LISTEN) 1069 continue; 1070 1071 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1072 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1073 lm |= HCI_LM_ACCEPT; 1074 1075 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1076 *flags |= HCI_PROTO_DEFER; 1077 break; 1078 } 1079 } 1080 read_unlock(&sco_sk_list.lock); 1081 1082 return lm; 1083 } 1084 1085 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1086 { 1087 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1088 return; 1089 1090 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1091 1092 if (!status) { 1093 struct sco_conn *conn; 1094 1095 conn = sco_conn_add(hcon); 1096 if (conn) 1097 sco_conn_ready(conn); 1098 } else 1099 sco_conn_del(hcon, bt_to_errno(status)); 1100 } 1101 1102 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1103 { 1104 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1105 return; 1106 1107 BT_DBG("hcon %p reason %d", hcon, reason); 1108 1109 sco_conn_del(hcon, bt_to_errno(reason)); 1110 } 1111 1112 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1113 { 1114 struct sco_conn *conn = hcon->sco_data; 1115 1116 if (!conn) 1117 goto drop; 1118 1119 BT_DBG("conn %p len %d", conn, skb->len); 1120 1121 if (skb->len) { 1122 sco_recv_frame(conn, skb); 1123 return; 1124 } 1125 1126 drop: 1127 kfree_skb(skb); 1128 } 1129 1130 static struct hci_cb sco_cb = { 1131 .name = "SCO", 1132 .connect_cfm = sco_connect_cfm, 1133 .disconn_cfm = sco_disconn_cfm, 1134 }; 1135 1136 static int sco_debugfs_show(struct seq_file *f, void *p) 1137 { 1138 struct sock *sk; 1139 1140 read_lock(&sco_sk_list.lock); 1141 1142 sk_for_each(sk, &sco_sk_list.head) { 1143 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1144 &sco_pi(sk)->dst, sk->sk_state); 1145 } 1146 1147 read_unlock(&sco_sk_list.lock); 1148 1149 return 0; 1150 } 1151 1152 static int sco_debugfs_open(struct inode *inode, struct file *file) 1153 { 1154 return single_open(file, sco_debugfs_show, inode->i_private); 1155 } 1156 1157 static const struct file_operations sco_debugfs_fops = { 1158 .open = sco_debugfs_open, 1159 .read = seq_read, 1160 .llseek = seq_lseek, 1161 .release = single_release, 1162 }; 1163 1164 static struct dentry *sco_debugfs; 1165 1166 static const struct proto_ops sco_sock_ops = { 1167 .family = PF_BLUETOOTH, 1168 .owner = THIS_MODULE, 1169 .release = sco_sock_release, 1170 .bind = sco_sock_bind, 1171 .connect = sco_sock_connect, 1172 .listen = sco_sock_listen, 1173 .accept = sco_sock_accept, 1174 .getname = sco_sock_getname, 1175 .sendmsg = sco_sock_sendmsg, 1176 .recvmsg = sco_sock_recvmsg, 1177 .poll = bt_sock_poll, 1178 .ioctl = bt_sock_ioctl, 1179 .mmap = sock_no_mmap, 1180 .socketpair = sock_no_socketpair, 1181 .shutdown = sco_sock_shutdown, 1182 .setsockopt = sco_sock_setsockopt, 1183 .getsockopt = sco_sock_getsockopt 1184 }; 1185 1186 static const struct net_proto_family sco_sock_family_ops = { 1187 .family = PF_BLUETOOTH, 1188 .owner = THIS_MODULE, 1189 .create = sco_sock_create, 1190 }; 1191 1192 int __init sco_init(void) 1193 { 1194 int err; 1195 1196 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1197 1198 err = proto_register(&sco_proto, 0); 1199 if (err < 0) 1200 return err; 1201 1202 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1203 if (err < 0) { 1204 BT_ERR("SCO socket registration failed"); 1205 goto error; 1206 } 1207 1208 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1209 if (err < 0) { 1210 BT_ERR("Failed to create SCO proc file"); 1211 bt_sock_unregister(BTPROTO_SCO); 1212 goto error; 1213 } 1214 1215 BT_INFO("SCO socket layer initialized"); 1216 1217 hci_register_cb(&sco_cb); 1218 1219 if (IS_ERR_OR_NULL(bt_debugfs)) 1220 return 0; 1221 1222 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1223 NULL, &sco_debugfs_fops); 1224 1225 return 0; 1226 1227 error: 1228 proto_unregister(&sco_proto); 1229 return err; 1230 } 1231 1232 void sco_exit(void) 1233 { 1234 bt_procfs_cleanup(&init_net, "sco"); 1235 1236 debugfs_remove(sco_debugfs); 1237 1238 hci_unregister_cb(&sco_cb); 1239 1240 bt_sock_unregister(BTPROTO_SCO); 1241 1242 proto_unregister(&sco_proto); 1243 } 1244 1245 module_param(disable_esco, bool, 0644); 1246 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1247