xref: /openbmc/linux/net/bluetooth/sco.c (revision f8a11425075ff11b4b5784f077cb84f3d2dfb3f0)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35 
36 static bool disable_esco;
37 
38 static const struct proto_ops sco_sock_ops;
39 
40 static struct bt_sock_list sco_sk_list = {
41 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43 
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 	struct hci_conn	*hcon;
47 
48 	spinlock_t	lock;
49 	struct sock	*sk;
50 
51 	unsigned int    mtu;
52 };
53 
54 #define sco_conn_lock(c)	spin_lock(&c->lock)
55 #define sco_conn_unlock(c)	spin_unlock(&c->lock)
56 
57 static void sco_sock_close(struct sock *sk);
58 static void sco_sock_kill(struct sock *sk);
59 
60 /* ----- SCO socket info ----- */
61 #define sco_pi(sk) ((struct sco_pinfo *) sk)
62 
63 struct sco_pinfo {
64 	struct bt_sock	bt;
65 	bdaddr_t	src;
66 	bdaddr_t	dst;
67 	__u32		flags;
68 	__u16		setting;
69 	__u8		cmsg_mask;
70 	struct sco_conn	*conn;
71 };
72 
73 /* ---- SCO timers ---- */
74 #define SCO_CONN_TIMEOUT	(HZ * 40)
75 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
76 
77 static void sco_sock_timeout(struct timer_list *t)
78 {
79 	struct sock *sk = from_timer(sk, t, sk_timer);
80 
81 	BT_DBG("sock %p state %d", sk, sk->sk_state);
82 
83 	bh_lock_sock(sk);
84 	sk->sk_err = ETIMEDOUT;
85 	sk->sk_state_change(sk);
86 	bh_unlock_sock(sk);
87 
88 	sco_sock_kill(sk);
89 	sock_put(sk);
90 }
91 
92 static void sco_sock_set_timer(struct sock *sk, long timeout)
93 {
94 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
95 	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
96 }
97 
98 static void sco_sock_clear_timer(struct sock *sk)
99 {
100 	BT_DBG("sock %p state %d", sk, sk->sk_state);
101 	sk_stop_timer(sk, &sk->sk_timer);
102 }
103 
104 /* ---- SCO connections ---- */
105 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
106 {
107 	struct hci_dev *hdev = hcon->hdev;
108 	struct sco_conn *conn = hcon->sco_data;
109 
110 	if (conn)
111 		return conn;
112 
113 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
114 	if (!conn)
115 		return NULL;
116 
117 	spin_lock_init(&conn->lock);
118 
119 	hcon->sco_data = conn;
120 	conn->hcon = hcon;
121 
122 	if (hdev->sco_mtu > 0)
123 		conn->mtu = hdev->sco_mtu;
124 	else
125 		conn->mtu = 60;
126 
127 	BT_DBG("hcon %p conn %p", hcon, conn);
128 
129 	return conn;
130 }
131 
132 /* Delete channel.
133  * Must be called on the locked socket. */
134 static void sco_chan_del(struct sock *sk, int err)
135 {
136 	struct sco_conn *conn;
137 
138 	conn = sco_pi(sk)->conn;
139 
140 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
141 
142 	if (conn) {
143 		sco_conn_lock(conn);
144 		conn->sk = NULL;
145 		sco_pi(sk)->conn = NULL;
146 		sco_conn_unlock(conn);
147 
148 		if (conn->hcon)
149 			hci_conn_drop(conn->hcon);
150 	}
151 
152 	sk->sk_state = BT_CLOSED;
153 	sk->sk_err   = err;
154 	sk->sk_state_change(sk);
155 
156 	sock_set_flag(sk, SOCK_ZAPPED);
157 }
158 
159 static void sco_conn_del(struct hci_conn *hcon, int err)
160 {
161 	struct sco_conn *conn = hcon->sco_data;
162 	struct sock *sk;
163 
164 	if (!conn)
165 		return;
166 
167 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
168 
169 	/* Kill socket */
170 	sco_conn_lock(conn);
171 	sk = conn->sk;
172 	sco_conn_unlock(conn);
173 
174 	if (sk) {
175 		sock_hold(sk);
176 		bh_lock_sock(sk);
177 		sco_sock_clear_timer(sk);
178 		sco_chan_del(sk, err);
179 		bh_unlock_sock(sk);
180 		sco_sock_kill(sk);
181 		sock_put(sk);
182 	}
183 
184 	hcon->sco_data = NULL;
185 	kfree(conn);
186 }
187 
188 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
189 			   struct sock *parent)
190 {
191 	BT_DBG("conn %p", conn);
192 
193 	sco_pi(sk)->conn = conn;
194 	conn->sk = sk;
195 
196 	if (parent)
197 		bt_accept_enqueue(parent, sk, true);
198 }
199 
200 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
201 			struct sock *parent)
202 {
203 	int err = 0;
204 
205 	sco_conn_lock(conn);
206 	if (conn->sk)
207 		err = -EBUSY;
208 	else
209 		__sco_chan_add(conn, sk, parent);
210 
211 	sco_conn_unlock(conn);
212 	return err;
213 }
214 
215 static int sco_connect(struct sock *sk)
216 {
217 	struct sco_conn *conn;
218 	struct hci_conn *hcon;
219 	struct hci_dev  *hdev;
220 	int err, type;
221 
222 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
223 
224 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
225 	if (!hdev)
226 		return -EHOSTUNREACH;
227 
228 	hci_dev_lock(hdev);
229 
230 	if (lmp_esco_capable(hdev) && !disable_esco)
231 		type = ESCO_LINK;
232 	else
233 		type = SCO_LINK;
234 
235 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
236 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
237 		err = -EOPNOTSUPP;
238 		goto done;
239 	}
240 
241 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
242 			       sco_pi(sk)->setting);
243 	if (IS_ERR(hcon)) {
244 		err = PTR_ERR(hcon);
245 		goto done;
246 	}
247 
248 	conn = sco_conn_add(hcon);
249 	if (!conn) {
250 		hci_conn_drop(hcon);
251 		err = -ENOMEM;
252 		goto done;
253 	}
254 
255 	/* Update source addr of the socket */
256 	bacpy(&sco_pi(sk)->src, &hcon->src);
257 
258 	err = sco_chan_add(conn, sk, NULL);
259 	if (err)
260 		goto done;
261 
262 	if (hcon->state == BT_CONNECTED) {
263 		sco_sock_clear_timer(sk);
264 		sk->sk_state = BT_CONNECTED;
265 	} else {
266 		sk->sk_state = BT_CONNECT;
267 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
268 	}
269 
270 done:
271 	hci_dev_unlock(hdev);
272 	hci_dev_put(hdev);
273 	return err;
274 }
275 
276 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
277 {
278 	struct sco_conn *conn = sco_pi(sk)->conn;
279 	struct sk_buff *skb;
280 	int err;
281 
282 	/* Check outgoing MTU */
283 	if (len > conn->mtu)
284 		return -EINVAL;
285 
286 	BT_DBG("sk %p len %d", sk, len);
287 
288 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
289 	if (!skb)
290 		return err;
291 
292 	if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
293 		kfree_skb(skb);
294 		return -EFAULT;
295 	}
296 
297 	hci_send_sco(conn->hcon, skb);
298 
299 	return len;
300 }
301 
302 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
303 {
304 	struct sock *sk;
305 
306 	sco_conn_lock(conn);
307 	sk = conn->sk;
308 	sco_conn_unlock(conn);
309 
310 	if (!sk)
311 		goto drop;
312 
313 	BT_DBG("sk %p len %d", sk, skb->len);
314 
315 	if (sk->sk_state != BT_CONNECTED)
316 		goto drop;
317 
318 	if (!sock_queue_rcv_skb(sk, skb))
319 		return;
320 
321 drop:
322 	kfree_skb(skb);
323 }
324 
325 /* -------- Socket interface ---------- */
326 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
327 {
328 	struct sock *sk;
329 
330 	sk_for_each(sk, &sco_sk_list.head) {
331 		if (sk->sk_state != BT_LISTEN)
332 			continue;
333 
334 		if (!bacmp(&sco_pi(sk)->src, ba))
335 			return sk;
336 	}
337 
338 	return NULL;
339 }
340 
341 /* Find socket listening on source bdaddr.
342  * Returns closest match.
343  */
344 static struct sock *sco_get_sock_listen(bdaddr_t *src)
345 {
346 	struct sock *sk = NULL, *sk1 = NULL;
347 
348 	read_lock(&sco_sk_list.lock);
349 
350 	sk_for_each(sk, &sco_sk_list.head) {
351 		if (sk->sk_state != BT_LISTEN)
352 			continue;
353 
354 		/* Exact match. */
355 		if (!bacmp(&sco_pi(sk)->src, src))
356 			break;
357 
358 		/* Closest match */
359 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
360 			sk1 = sk;
361 	}
362 
363 	read_unlock(&sco_sk_list.lock);
364 
365 	return sk ? sk : sk1;
366 }
367 
368 static void sco_sock_destruct(struct sock *sk)
369 {
370 	BT_DBG("sk %p", sk);
371 
372 	skb_queue_purge(&sk->sk_receive_queue);
373 	skb_queue_purge(&sk->sk_write_queue);
374 }
375 
376 static void sco_sock_cleanup_listen(struct sock *parent)
377 {
378 	struct sock *sk;
379 
380 	BT_DBG("parent %p", parent);
381 
382 	/* Close not yet accepted channels */
383 	while ((sk = bt_accept_dequeue(parent, NULL))) {
384 		sco_sock_close(sk);
385 		sco_sock_kill(sk);
386 	}
387 
388 	parent->sk_state  = BT_CLOSED;
389 	sock_set_flag(parent, SOCK_ZAPPED);
390 }
391 
392 /* Kill socket (only if zapped and orphan)
393  * Must be called on unlocked socket.
394  */
395 static void sco_sock_kill(struct sock *sk)
396 {
397 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
398 	    sock_flag(sk, SOCK_DEAD))
399 		return;
400 
401 	BT_DBG("sk %p state %d", sk, sk->sk_state);
402 
403 	/* Kill poor orphan */
404 	bt_sock_unlink(&sco_sk_list, sk);
405 	sock_set_flag(sk, SOCK_DEAD);
406 	sock_put(sk);
407 }
408 
409 static void __sco_sock_close(struct sock *sk)
410 {
411 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
412 
413 	switch (sk->sk_state) {
414 	case BT_LISTEN:
415 		sco_sock_cleanup_listen(sk);
416 		break;
417 
418 	case BT_CONNECTED:
419 	case BT_CONFIG:
420 		if (sco_pi(sk)->conn->hcon) {
421 			sk->sk_state = BT_DISCONN;
422 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
423 			sco_conn_lock(sco_pi(sk)->conn);
424 			hci_conn_drop(sco_pi(sk)->conn->hcon);
425 			sco_pi(sk)->conn->hcon = NULL;
426 			sco_conn_unlock(sco_pi(sk)->conn);
427 		} else
428 			sco_chan_del(sk, ECONNRESET);
429 		break;
430 
431 	case BT_CONNECT2:
432 	case BT_CONNECT:
433 	case BT_DISCONN:
434 		sco_chan_del(sk, ECONNRESET);
435 		break;
436 
437 	default:
438 		sock_set_flag(sk, SOCK_ZAPPED);
439 		break;
440 	}
441 }
442 
443 /* Must be called on unlocked socket. */
444 static void sco_sock_close(struct sock *sk)
445 {
446 	sco_sock_clear_timer(sk);
447 	lock_sock(sk);
448 	__sco_sock_close(sk);
449 	release_sock(sk);
450 	sco_sock_kill(sk);
451 }
452 
453 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
454 			     struct sock *sk)
455 {
456 	if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
457 		put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
458 			 sizeof(bt_cb(skb)->sco.pkt_status),
459 			 &bt_cb(skb)->sco.pkt_status);
460 }
461 
462 static void sco_sock_init(struct sock *sk, struct sock *parent)
463 {
464 	BT_DBG("sk %p", sk);
465 
466 	if (parent) {
467 		sk->sk_type = parent->sk_type;
468 		bt_sk(sk)->flags = bt_sk(parent)->flags;
469 		security_sk_clone(parent, sk);
470 	} else {
471 		bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
472 	}
473 }
474 
475 static struct proto sco_proto = {
476 	.name		= "SCO",
477 	.owner		= THIS_MODULE,
478 	.obj_size	= sizeof(struct sco_pinfo)
479 };
480 
481 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
482 				   int proto, gfp_t prio, int kern)
483 {
484 	struct sock *sk;
485 
486 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
487 	if (!sk)
488 		return NULL;
489 
490 	sock_init_data(sock, sk);
491 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
492 
493 	sk->sk_destruct = sco_sock_destruct;
494 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
495 
496 	sock_reset_flag(sk, SOCK_ZAPPED);
497 
498 	sk->sk_protocol = proto;
499 	sk->sk_state    = BT_OPEN;
500 
501 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
502 
503 	timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
504 
505 	bt_sock_link(&sco_sk_list, sk);
506 	return sk;
507 }
508 
509 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
510 			   int kern)
511 {
512 	struct sock *sk;
513 
514 	BT_DBG("sock %p", sock);
515 
516 	sock->state = SS_UNCONNECTED;
517 
518 	if (sock->type != SOCK_SEQPACKET)
519 		return -ESOCKTNOSUPPORT;
520 
521 	sock->ops = &sco_sock_ops;
522 
523 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
524 	if (!sk)
525 		return -ENOMEM;
526 
527 	sco_sock_init(sk, NULL);
528 	return 0;
529 }
530 
531 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
532 			 int addr_len)
533 {
534 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
535 	struct sock *sk = sock->sk;
536 	int err = 0;
537 
538 	if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
539 	    addr->sa_family != AF_BLUETOOTH)
540 		return -EINVAL;
541 
542 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
543 
544 	lock_sock(sk);
545 
546 	if (sk->sk_state != BT_OPEN) {
547 		err = -EBADFD;
548 		goto done;
549 	}
550 
551 	if (sk->sk_type != SOCK_SEQPACKET) {
552 		err = -EINVAL;
553 		goto done;
554 	}
555 
556 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
557 
558 	sk->sk_state = BT_BOUND;
559 
560 done:
561 	release_sock(sk);
562 	return err;
563 }
564 
565 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
566 {
567 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
568 	struct sock *sk = sock->sk;
569 	int err;
570 
571 	BT_DBG("sk %p", sk);
572 
573 	if (alen < sizeof(struct sockaddr_sco) ||
574 	    addr->sa_family != AF_BLUETOOTH)
575 		return -EINVAL;
576 
577 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
578 		return -EBADFD;
579 
580 	if (sk->sk_type != SOCK_SEQPACKET)
581 		return -EINVAL;
582 
583 	lock_sock(sk);
584 
585 	/* Set destination address and psm */
586 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
587 
588 	err = sco_connect(sk);
589 	if (err)
590 		goto done;
591 
592 	err = bt_sock_wait_state(sk, BT_CONNECTED,
593 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
594 
595 done:
596 	release_sock(sk);
597 	return err;
598 }
599 
600 static int sco_sock_listen(struct socket *sock, int backlog)
601 {
602 	struct sock *sk = sock->sk;
603 	bdaddr_t *src = &sco_pi(sk)->src;
604 	int err = 0;
605 
606 	BT_DBG("sk %p backlog %d", sk, backlog);
607 
608 	lock_sock(sk);
609 
610 	if (sk->sk_state != BT_BOUND) {
611 		err = -EBADFD;
612 		goto done;
613 	}
614 
615 	if (sk->sk_type != SOCK_SEQPACKET) {
616 		err = -EINVAL;
617 		goto done;
618 	}
619 
620 	write_lock(&sco_sk_list.lock);
621 
622 	if (__sco_get_sock_listen_by_addr(src)) {
623 		err = -EADDRINUSE;
624 		goto unlock;
625 	}
626 
627 	sk->sk_max_ack_backlog = backlog;
628 	sk->sk_ack_backlog = 0;
629 
630 	sk->sk_state = BT_LISTEN;
631 
632 unlock:
633 	write_unlock(&sco_sk_list.lock);
634 
635 done:
636 	release_sock(sk);
637 	return err;
638 }
639 
640 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
641 			   int flags, bool kern)
642 {
643 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
644 	struct sock *sk = sock->sk, *ch;
645 	long timeo;
646 	int err = 0;
647 
648 	lock_sock(sk);
649 
650 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
651 
652 	BT_DBG("sk %p timeo %ld", sk, timeo);
653 
654 	/* Wait for an incoming connection. (wake-one). */
655 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
656 	while (1) {
657 		if (sk->sk_state != BT_LISTEN) {
658 			err = -EBADFD;
659 			break;
660 		}
661 
662 		ch = bt_accept_dequeue(sk, newsock);
663 		if (ch)
664 			break;
665 
666 		if (!timeo) {
667 			err = -EAGAIN;
668 			break;
669 		}
670 
671 		if (signal_pending(current)) {
672 			err = sock_intr_errno(timeo);
673 			break;
674 		}
675 
676 		release_sock(sk);
677 
678 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
679 		lock_sock(sk);
680 	}
681 	remove_wait_queue(sk_sleep(sk), &wait);
682 
683 	if (err)
684 		goto done;
685 
686 	newsock->state = SS_CONNECTED;
687 
688 	BT_DBG("new socket %p", ch);
689 
690 done:
691 	release_sock(sk);
692 	return err;
693 }
694 
695 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
696 			    int peer)
697 {
698 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
699 	struct sock *sk = sock->sk;
700 
701 	BT_DBG("sock %p, sk %p", sock, sk);
702 
703 	addr->sa_family = AF_BLUETOOTH;
704 
705 	if (peer)
706 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
707 	else
708 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
709 
710 	return sizeof(struct sockaddr_sco);
711 }
712 
713 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
714 			    size_t len)
715 {
716 	struct sock *sk = sock->sk;
717 	int err;
718 
719 	BT_DBG("sock %p, sk %p", sock, sk);
720 
721 	err = sock_error(sk);
722 	if (err)
723 		return err;
724 
725 	if (msg->msg_flags & MSG_OOB)
726 		return -EOPNOTSUPP;
727 
728 	lock_sock(sk);
729 
730 	if (sk->sk_state == BT_CONNECTED)
731 		err = sco_send_frame(sk, msg, len);
732 	else
733 		err = -ENOTCONN;
734 
735 	release_sock(sk);
736 	return err;
737 }
738 
739 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
740 {
741 	struct hci_dev *hdev = conn->hdev;
742 
743 	BT_DBG("conn %p", conn);
744 
745 	conn->state = BT_CONFIG;
746 
747 	if (!lmp_esco_capable(hdev)) {
748 		struct hci_cp_accept_conn_req cp;
749 
750 		bacpy(&cp.bdaddr, &conn->dst);
751 		cp.role = 0x00; /* Ignored */
752 
753 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
754 	} else {
755 		struct hci_cp_accept_sync_conn_req cp;
756 
757 		bacpy(&cp.bdaddr, &conn->dst);
758 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
759 
760 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
761 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
762 		cp.content_format = cpu_to_le16(setting);
763 
764 		switch (setting & SCO_AIRMODE_MASK) {
765 		case SCO_AIRMODE_TRANSP:
766 			if (conn->pkt_type & ESCO_2EV3)
767 				cp.max_latency = cpu_to_le16(0x0008);
768 			else
769 				cp.max_latency = cpu_to_le16(0x000D);
770 			cp.retrans_effort = 0x02;
771 			break;
772 		case SCO_AIRMODE_CVSD:
773 			cp.max_latency = cpu_to_le16(0xffff);
774 			cp.retrans_effort = 0xff;
775 			break;
776 		}
777 
778 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
779 			     sizeof(cp), &cp);
780 	}
781 }
782 
783 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
784 			    size_t len, int flags)
785 {
786 	struct sock *sk = sock->sk;
787 	struct sco_pinfo *pi = sco_pi(sk);
788 
789 	lock_sock(sk);
790 
791 	if (sk->sk_state == BT_CONNECT2 &&
792 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
793 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
794 		sk->sk_state = BT_CONFIG;
795 
796 		release_sock(sk);
797 		return 0;
798 	}
799 
800 	release_sock(sk);
801 
802 	return bt_sock_recvmsg(sock, msg, len, flags);
803 }
804 
805 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
806 			       sockptr_t optval, unsigned int optlen)
807 {
808 	struct sock *sk = sock->sk;
809 	int len, err = 0;
810 	struct bt_voice voice;
811 	u32 opt;
812 
813 	BT_DBG("sk %p", sk);
814 
815 	lock_sock(sk);
816 
817 	switch (optname) {
818 
819 	case BT_DEFER_SETUP:
820 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
821 			err = -EINVAL;
822 			break;
823 		}
824 
825 		if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
826 			err = -EFAULT;
827 			break;
828 		}
829 
830 		if (opt)
831 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 		else
833 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 		break;
835 
836 	case BT_VOICE:
837 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
838 		    sk->sk_state != BT_CONNECT2) {
839 			err = -EINVAL;
840 			break;
841 		}
842 
843 		voice.setting = sco_pi(sk)->setting;
844 
845 		len = min_t(unsigned int, sizeof(voice), optlen);
846 		if (copy_from_sockptr(&voice, optval, len)) {
847 			err = -EFAULT;
848 			break;
849 		}
850 
851 		/* Explicitly check for these values */
852 		if (voice.setting != BT_VOICE_TRANSPARENT &&
853 		    voice.setting != BT_VOICE_CVSD_16BIT) {
854 			err = -EINVAL;
855 			break;
856 		}
857 
858 		sco_pi(sk)->setting = voice.setting;
859 		break;
860 
861 	case BT_PKT_STATUS:
862 		if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
863 			err = -EFAULT;
864 			break;
865 		}
866 
867 		if (opt)
868 			sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
869 		else
870 			sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
871 		break;
872 
873 	default:
874 		err = -ENOPROTOOPT;
875 		break;
876 	}
877 
878 	release_sock(sk);
879 	return err;
880 }
881 
882 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
883 				   char __user *optval, int __user *optlen)
884 {
885 	struct sock *sk = sock->sk;
886 	struct sco_options opts;
887 	struct sco_conninfo cinfo;
888 	int len, err = 0;
889 
890 	BT_DBG("sk %p", sk);
891 
892 	if (get_user(len, optlen))
893 		return -EFAULT;
894 
895 	lock_sock(sk);
896 
897 	switch (optname) {
898 	case SCO_OPTIONS:
899 		if (sk->sk_state != BT_CONNECTED &&
900 		    !(sk->sk_state == BT_CONNECT2 &&
901 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
902 			err = -ENOTCONN;
903 			break;
904 		}
905 
906 		opts.mtu = sco_pi(sk)->conn->mtu;
907 
908 		BT_DBG("mtu %d", opts.mtu);
909 
910 		len = min_t(unsigned int, len, sizeof(opts));
911 		if (copy_to_user(optval, (char *)&opts, len))
912 			err = -EFAULT;
913 
914 		break;
915 
916 	case SCO_CONNINFO:
917 		if (sk->sk_state != BT_CONNECTED &&
918 		    !(sk->sk_state == BT_CONNECT2 &&
919 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
920 			err = -ENOTCONN;
921 			break;
922 		}
923 
924 		memset(&cinfo, 0, sizeof(cinfo));
925 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
926 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
927 
928 		len = min_t(unsigned int, len, sizeof(cinfo));
929 		if (copy_to_user(optval, (char *)&cinfo, len))
930 			err = -EFAULT;
931 
932 		break;
933 
934 	default:
935 		err = -ENOPROTOOPT;
936 		break;
937 	}
938 
939 	release_sock(sk);
940 	return err;
941 }
942 
943 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
944 			       char __user *optval, int __user *optlen)
945 {
946 	struct sock *sk = sock->sk;
947 	int len, err = 0;
948 	struct bt_voice voice;
949 	u32 phys;
950 	int pkt_status;
951 
952 	BT_DBG("sk %p", sk);
953 
954 	if (level == SOL_SCO)
955 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
956 
957 	if (get_user(len, optlen))
958 		return -EFAULT;
959 
960 	lock_sock(sk);
961 
962 	switch (optname) {
963 
964 	case BT_DEFER_SETUP:
965 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
966 			err = -EINVAL;
967 			break;
968 		}
969 
970 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
971 			     (u32 __user *)optval))
972 			err = -EFAULT;
973 
974 		break;
975 
976 	case BT_VOICE:
977 		voice.setting = sco_pi(sk)->setting;
978 
979 		len = min_t(unsigned int, len, sizeof(voice));
980 		if (copy_to_user(optval, (char *)&voice, len))
981 			err = -EFAULT;
982 
983 		break;
984 
985 	case BT_PHY:
986 		if (sk->sk_state != BT_CONNECTED) {
987 			err = -ENOTCONN;
988 			break;
989 		}
990 
991 		phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
992 
993 		if (put_user(phys, (u32 __user *) optval))
994 			err = -EFAULT;
995 		break;
996 
997 	case BT_PKT_STATUS:
998 		pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
999 
1000 		if (put_user(pkt_status, (int __user *)optval))
1001 			err = -EFAULT;
1002 		break;
1003 
1004 	case BT_SNDMTU:
1005 	case BT_RCVMTU:
1006 		if (sk->sk_state != BT_CONNECTED) {
1007 			err = -ENOTCONN;
1008 			break;
1009 		}
1010 
1011 		if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1012 			err = -EFAULT;
1013 		break;
1014 
1015 	default:
1016 		err = -ENOPROTOOPT;
1017 		break;
1018 	}
1019 
1020 	release_sock(sk);
1021 	return err;
1022 }
1023 
1024 static int sco_sock_shutdown(struct socket *sock, int how)
1025 {
1026 	struct sock *sk = sock->sk;
1027 	int err = 0;
1028 
1029 	BT_DBG("sock %p, sk %p", sock, sk);
1030 
1031 	if (!sk)
1032 		return 0;
1033 
1034 	sock_hold(sk);
1035 	lock_sock(sk);
1036 
1037 	if (!sk->sk_shutdown) {
1038 		sk->sk_shutdown = SHUTDOWN_MASK;
1039 		sco_sock_clear_timer(sk);
1040 		__sco_sock_close(sk);
1041 
1042 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1043 		    !(current->flags & PF_EXITING))
1044 			err = bt_sock_wait_state(sk, BT_CLOSED,
1045 						 sk->sk_lingertime);
1046 	}
1047 
1048 	release_sock(sk);
1049 	sock_put(sk);
1050 
1051 	return err;
1052 }
1053 
1054 static int sco_sock_release(struct socket *sock)
1055 {
1056 	struct sock *sk = sock->sk;
1057 	int err = 0;
1058 
1059 	BT_DBG("sock %p, sk %p", sock, sk);
1060 
1061 	if (!sk)
1062 		return 0;
1063 
1064 	sco_sock_close(sk);
1065 
1066 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1067 	    !(current->flags & PF_EXITING)) {
1068 		lock_sock(sk);
1069 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1070 		release_sock(sk);
1071 	}
1072 
1073 	sock_orphan(sk);
1074 	sco_sock_kill(sk);
1075 	return err;
1076 }
1077 
1078 static void sco_conn_ready(struct sco_conn *conn)
1079 {
1080 	struct sock *parent;
1081 	struct sock *sk = conn->sk;
1082 
1083 	BT_DBG("conn %p", conn);
1084 
1085 	if (sk) {
1086 		sco_sock_clear_timer(sk);
1087 		bh_lock_sock(sk);
1088 		sk->sk_state = BT_CONNECTED;
1089 		sk->sk_state_change(sk);
1090 		bh_unlock_sock(sk);
1091 	} else {
1092 		sco_conn_lock(conn);
1093 
1094 		if (!conn->hcon) {
1095 			sco_conn_unlock(conn);
1096 			return;
1097 		}
1098 
1099 		parent = sco_get_sock_listen(&conn->hcon->src);
1100 		if (!parent) {
1101 			sco_conn_unlock(conn);
1102 			return;
1103 		}
1104 
1105 		bh_lock_sock(parent);
1106 
1107 		sk = sco_sock_alloc(sock_net(parent), NULL,
1108 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1109 		if (!sk) {
1110 			bh_unlock_sock(parent);
1111 			sco_conn_unlock(conn);
1112 			return;
1113 		}
1114 
1115 		sco_sock_init(sk, parent);
1116 
1117 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1118 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1119 
1120 		hci_conn_hold(conn->hcon);
1121 		__sco_chan_add(conn, sk, parent);
1122 
1123 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1124 			sk->sk_state = BT_CONNECT2;
1125 		else
1126 			sk->sk_state = BT_CONNECTED;
1127 
1128 		/* Wake up parent */
1129 		parent->sk_data_ready(parent);
1130 
1131 		bh_unlock_sock(parent);
1132 
1133 		sco_conn_unlock(conn);
1134 	}
1135 }
1136 
1137 /* ----- SCO interface with lower layer (HCI) ----- */
1138 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1139 {
1140 	struct sock *sk;
1141 	int lm = 0;
1142 
1143 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1144 
1145 	/* Find listening sockets */
1146 	read_lock(&sco_sk_list.lock);
1147 	sk_for_each(sk, &sco_sk_list.head) {
1148 		if (sk->sk_state != BT_LISTEN)
1149 			continue;
1150 
1151 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1152 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1153 			lm |= HCI_LM_ACCEPT;
1154 
1155 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1156 				*flags |= HCI_PROTO_DEFER;
1157 			break;
1158 		}
1159 	}
1160 	read_unlock(&sco_sk_list.lock);
1161 
1162 	return lm;
1163 }
1164 
1165 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1166 {
1167 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1168 		return;
1169 
1170 	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1171 
1172 	if (!status) {
1173 		struct sco_conn *conn;
1174 
1175 		conn = sco_conn_add(hcon);
1176 		if (conn)
1177 			sco_conn_ready(conn);
1178 	} else
1179 		sco_conn_del(hcon, bt_to_errno(status));
1180 }
1181 
1182 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1183 {
1184 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1185 		return;
1186 
1187 	BT_DBG("hcon %p reason %d", hcon, reason);
1188 
1189 	sco_conn_del(hcon, bt_to_errno(reason));
1190 }
1191 
1192 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1193 {
1194 	struct sco_conn *conn = hcon->sco_data;
1195 
1196 	if (!conn)
1197 		goto drop;
1198 
1199 	BT_DBG("conn %p len %d", conn, skb->len);
1200 
1201 	if (skb->len) {
1202 		sco_recv_frame(conn, skb);
1203 		return;
1204 	}
1205 
1206 drop:
1207 	kfree_skb(skb);
1208 }
1209 
1210 static struct hci_cb sco_cb = {
1211 	.name		= "SCO",
1212 	.connect_cfm	= sco_connect_cfm,
1213 	.disconn_cfm	= sco_disconn_cfm,
1214 };
1215 
1216 static int sco_debugfs_show(struct seq_file *f, void *p)
1217 {
1218 	struct sock *sk;
1219 
1220 	read_lock(&sco_sk_list.lock);
1221 
1222 	sk_for_each(sk, &sco_sk_list.head) {
1223 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1224 			   &sco_pi(sk)->dst, sk->sk_state);
1225 	}
1226 
1227 	read_unlock(&sco_sk_list.lock);
1228 
1229 	return 0;
1230 }
1231 
1232 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1233 
1234 static struct dentry *sco_debugfs;
1235 
1236 static const struct proto_ops sco_sock_ops = {
1237 	.family		= PF_BLUETOOTH,
1238 	.owner		= THIS_MODULE,
1239 	.release	= sco_sock_release,
1240 	.bind		= sco_sock_bind,
1241 	.connect	= sco_sock_connect,
1242 	.listen		= sco_sock_listen,
1243 	.accept		= sco_sock_accept,
1244 	.getname	= sco_sock_getname,
1245 	.sendmsg	= sco_sock_sendmsg,
1246 	.recvmsg	= sco_sock_recvmsg,
1247 	.poll		= bt_sock_poll,
1248 	.ioctl		= bt_sock_ioctl,
1249 	.gettstamp	= sock_gettstamp,
1250 	.mmap		= sock_no_mmap,
1251 	.socketpair	= sock_no_socketpair,
1252 	.shutdown	= sco_sock_shutdown,
1253 	.setsockopt	= sco_sock_setsockopt,
1254 	.getsockopt	= sco_sock_getsockopt
1255 };
1256 
1257 static const struct net_proto_family sco_sock_family_ops = {
1258 	.family	= PF_BLUETOOTH,
1259 	.owner	= THIS_MODULE,
1260 	.create	= sco_sock_create,
1261 };
1262 
1263 int __init sco_init(void)
1264 {
1265 	int err;
1266 
1267 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1268 
1269 	err = proto_register(&sco_proto, 0);
1270 	if (err < 0)
1271 		return err;
1272 
1273 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1274 	if (err < 0) {
1275 		BT_ERR("SCO socket registration failed");
1276 		goto error;
1277 	}
1278 
1279 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1280 	if (err < 0) {
1281 		BT_ERR("Failed to create SCO proc file");
1282 		bt_sock_unregister(BTPROTO_SCO);
1283 		goto error;
1284 	}
1285 
1286 	BT_INFO("SCO socket layer initialized");
1287 
1288 	hci_register_cb(&sco_cb);
1289 
1290 	if (IS_ERR_OR_NULL(bt_debugfs))
1291 		return 0;
1292 
1293 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1294 					  NULL, &sco_debugfs_fops);
1295 
1296 	return 0;
1297 
1298 error:
1299 	proto_unregister(&sco_proto);
1300 	return err;
1301 }
1302 
1303 void sco_exit(void)
1304 {
1305 	bt_procfs_cleanup(&init_net, "sco");
1306 
1307 	debugfs_remove(sco_debugfs);
1308 
1309 	hci_unregister_cb(&sco_cb);
1310 
1311 	bt_sock_unregister(BTPROTO_SCO);
1312 
1313 	proto_unregister(&sco_proto);
1314 }
1315 
1316 module_param(disable_esco, bool, 0644);
1317 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1318