1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 struct kref ref; 55 }; 56 57 #define sco_conn_lock(c) spin_lock(&c->lock) 58 #define sco_conn_unlock(c) spin_unlock(&c->lock) 59 60 static void sco_sock_close(struct sock *sk); 61 static void sco_sock_kill(struct sock *sk); 62 63 /* ----- SCO socket info ----- */ 64 #define sco_pi(sk) ((struct sco_pinfo *) sk) 65 66 struct sco_pinfo { 67 struct bt_sock bt; 68 bdaddr_t src; 69 bdaddr_t dst; 70 __u32 flags; 71 __u16 setting; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_conn_free(struct kref *ref) 81 { 82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref); 83 84 BT_DBG("conn %p", conn); 85 86 if (conn->sk) 87 sco_pi(conn->sk)->conn = NULL; 88 89 if (conn->hcon) { 90 conn->hcon->sco_data = NULL; 91 hci_conn_drop(conn->hcon); 92 } 93 94 /* Ensure no more work items will run since hci_conn has been dropped */ 95 disable_delayed_work_sync(&conn->timeout_work); 96 97 kfree(conn); 98 } 99 100 static void sco_conn_put(struct sco_conn *conn) 101 { 102 if (!conn) 103 return; 104 105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref)); 106 107 kref_put(&conn->ref, sco_conn_free); 108 } 109 110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn) 111 { 112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 113 114 kref_get(&conn->ref); 115 return conn; 116 } 117 118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn) 119 { 120 if (!conn) 121 return NULL; 122 123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 124 125 if (!kref_get_unless_zero(&conn->ref)) 126 return NULL; 127 128 return conn; 129 } 130 131 static struct sock *sco_sock_hold(struct sco_conn *conn) 132 { 133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 134 return NULL; 135 136 sock_hold(conn->sk); 137 138 return conn->sk; 139 } 140 141 static void sco_sock_timeout(struct work_struct *work) 142 { 143 struct sco_conn *conn = container_of(work, struct sco_conn, 144 timeout_work.work); 145 struct sock *sk; 146 147 conn = sco_conn_hold_unless_zero(conn); 148 if (!conn) 149 return; 150 151 sco_conn_lock(conn); 152 if (!conn->hcon) { 153 sco_conn_unlock(conn); 154 sco_conn_put(conn); 155 return; 156 } 157 sk = sco_sock_hold(conn); 158 sco_conn_unlock(conn); 159 sco_conn_put(conn); 160 161 if (!sk) 162 return; 163 164 BT_DBG("sock %p state %d", sk, sk->sk_state); 165 166 lock_sock(sk); 167 sk->sk_err = ETIMEDOUT; 168 sk->sk_state_change(sk); 169 release_sock(sk); 170 sock_put(sk); 171 } 172 173 static void sco_sock_set_timer(struct sock *sk, long timeout) 174 { 175 if (!sco_pi(sk)->conn) 176 return; 177 178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 181 } 182 183 static void sco_sock_clear_timer(struct sock *sk) 184 { 185 if (!sco_pi(sk)->conn) 186 return; 187 188 BT_DBG("sock %p state %d", sk, sk->sk_state); 189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 190 } 191 192 /* ---- SCO connections ---- */ 193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 194 { 195 struct sco_conn *conn = hcon->sco_data; 196 197 conn = sco_conn_hold_unless_zero(conn); 198 if (conn) { 199 if (!conn->hcon) { 200 sco_conn_lock(conn); 201 conn->hcon = hcon; 202 sco_conn_unlock(conn); 203 } 204 return conn; 205 } 206 207 conn = kzalloc_obj(struct sco_conn); 208 if (!conn) 209 return NULL; 210 211 kref_init(&conn->ref); 212 spin_lock_init(&conn->lock); 213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 214 215 hcon->sco_data = conn; 216 conn->hcon = hcon; 217 conn->mtu = hcon->mtu; 218 219 if (hcon->mtu > 0) 220 conn->mtu = hcon->mtu; 221 else 222 conn->mtu = 60; 223 224 BT_DBG("hcon %p conn %p", hcon, conn); 225 226 return conn; 227 } 228 229 /* Delete channel. 230 * Must be called on the locked socket. */ 231 static void sco_chan_del(struct sock *sk, int err) 232 { 233 struct sco_conn *conn; 234 235 conn = sco_pi(sk)->conn; 236 sco_pi(sk)->conn = NULL; 237 238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 239 240 if (conn) { 241 sco_conn_lock(conn); 242 conn->sk = NULL; 243 sco_conn_unlock(conn); 244 sco_conn_put(conn); 245 } 246 247 sk->sk_state = BT_CLOSED; 248 sk->sk_err = err; 249 sk->sk_state_change(sk); 250 251 sock_set_flag(sk, SOCK_ZAPPED); 252 } 253 254 static void sco_conn_del(struct hci_conn *hcon, int err) 255 { 256 struct sco_conn *conn = hcon->sco_data; 257 struct sock *sk; 258 259 conn = sco_conn_hold_unless_zero(conn); 260 if (!conn) 261 return; 262 263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 264 265 sco_conn_lock(conn); 266 sk = sco_sock_hold(conn); 267 sco_conn_unlock(conn); 268 sco_conn_put(conn); 269 270 if (!sk) { 271 sco_conn_put(conn); 272 return; 273 } 274 275 /* Kill socket */ 276 lock_sock(sk); 277 sco_sock_clear_timer(sk); 278 sco_chan_del(sk, err); 279 release_sock(sk); 280 sock_put(sk); 281 } 282 283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 284 struct sock *parent) 285 { 286 BT_DBG("conn %p", conn); 287 288 sco_pi(sk)->conn = conn; 289 conn->sk = sk; 290 291 if (parent) 292 bt_accept_enqueue(parent, sk, true); 293 } 294 295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 296 struct sock *parent) 297 { 298 int err = 0; 299 300 sco_conn_lock(conn); 301 if (conn->sk || sco_pi(sk)->conn) 302 err = -EBUSY; 303 else 304 __sco_chan_add(conn, sk, parent); 305 306 sco_conn_unlock(conn); 307 return err; 308 } 309 310 static int sco_connect(struct sock *sk) 311 { 312 struct sco_conn *conn; 313 struct hci_conn *hcon; 314 struct hci_dev *hdev; 315 bdaddr_t src, dst; 316 struct bt_codec codec; 317 __u16 setting; 318 int err, type; 319 320 lock_sock(sk); 321 bacpy(&src, &sco_pi(sk)->src); 322 bacpy(&dst, &sco_pi(sk)->dst); 323 setting = sco_pi(sk)->setting; 324 codec = sco_pi(sk)->codec; 325 release_sock(sk); 326 327 BT_DBG("%pMR -> %pMR", &src, &dst); 328 329 hdev = hci_get_route(&dst, &src, BDADDR_BREDR); 330 if (!hdev) 331 return -EHOSTUNREACH; 332 333 hci_dev_lock(hdev); 334 335 if (lmp_esco_capable(hdev) && !disable_esco) 336 type = ESCO_LINK; 337 else 338 type = SCO_LINK; 339 340 switch (setting & SCO_AIRMODE_MASK) { 341 case SCO_AIRMODE_TRANSP: 342 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) { 343 err = -EOPNOTSUPP; 344 goto unlock; 345 } 346 break; 347 } 348 349 hcon = hci_connect_sco(hdev, type, &dst, 350 setting, &codec, 351 READ_ONCE(sk->sk_sndtimeo)); 352 if (IS_ERR(hcon)) { 353 err = PTR_ERR(hcon); 354 goto unlock; 355 } 356 357 conn = sco_conn_add(hcon); 358 if (!conn) { 359 hci_conn_drop(hcon); 360 err = -ENOMEM; 361 goto unlock; 362 } 363 364 lock_sock(sk); 365 366 /* Recheck state after reacquiring the socket lock, as another 367 * thread may have changed it (e.g., closed the socket). 368 */ 369 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 370 release_sock(sk); 371 hci_conn_drop(hcon); 372 err = -EBADFD; 373 goto unlock; 374 } 375 376 err = sco_chan_add(conn, sk, NULL); 377 if (err) { 378 release_sock(sk); 379 hci_conn_drop(hcon); 380 goto unlock; 381 } 382 383 /* Update source addr of the socket */ 384 bacpy(&sco_pi(sk)->src, &hcon->src); 385 386 if (hcon->state == BT_CONNECTED) { 387 sco_sock_clear_timer(sk); 388 sk->sk_state = BT_CONNECTED; 389 } else { 390 sk->sk_state = BT_CONNECT; 391 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo)); 392 } 393 394 release_sock(sk); 395 396 unlock: 397 hci_dev_unlock(hdev); 398 hci_dev_put(hdev); 399 return err; 400 } 401 402 static int sco_send_frame(struct sock *sk, struct sk_buff *skb, 403 const struct sockcm_cookie *sockc) 404 { 405 struct sco_conn *conn = sco_pi(sk)->conn; 406 int len = skb->len; 407 408 /* Check outgoing MTU */ 409 if (len > conn->mtu) 410 return -EINVAL; 411 412 BT_DBG("sk %p len %d", sk, len); 413 414 hci_setup_tx_timestamp(skb, 1, sockc); 415 hci_send_sco(conn->hcon, skb); 416 417 return len; 418 } 419 420 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 421 { 422 struct sock *sk; 423 424 sco_conn_lock(conn); 425 sk = sco_sock_hold(conn); 426 sco_conn_unlock(conn); 427 428 if (!sk) 429 goto drop; 430 431 BT_DBG("sk %p len %u", sk, skb->len); 432 433 if (sk->sk_state != BT_CONNECTED) 434 goto drop_put; 435 436 if (!sock_queue_rcv_skb(sk, skb)) { 437 sock_put(sk); 438 return; 439 } 440 441 drop_put: 442 sock_put(sk); 443 drop: 444 kfree_skb(skb); 445 } 446 447 /* -------- Socket interface ---------- */ 448 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 449 { 450 struct sock *sk; 451 452 sk_for_each(sk, &sco_sk_list.head) { 453 if (sk->sk_state != BT_LISTEN) 454 continue; 455 456 if (!bacmp(&sco_pi(sk)->src, ba)) 457 return sk; 458 } 459 460 return NULL; 461 } 462 463 /* Find socket listening on source bdaddr. 464 * Returns closest match. 465 */ 466 static struct sock *sco_get_sock_listen(bdaddr_t *src) 467 { 468 struct sock *sk = NULL, *sk1 = NULL; 469 470 read_lock(&sco_sk_list.lock); 471 472 sk_for_each(sk, &sco_sk_list.head) { 473 if (sk->sk_state != BT_LISTEN) 474 continue; 475 476 /* Exact match. */ 477 if (!bacmp(&sco_pi(sk)->src, src)) 478 break; 479 480 /* Closest match */ 481 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 482 sk1 = sk; 483 } 484 485 sk = sk ? sk : sk1; 486 if (sk) 487 sock_hold(sk); 488 489 read_unlock(&sco_sk_list.lock); 490 491 return sk; 492 } 493 494 static void sco_sock_destruct(struct sock *sk) 495 { 496 BT_DBG("sk %p", sk); 497 498 sco_conn_put(sco_pi(sk)->conn); 499 500 skb_queue_purge(&sk->sk_receive_queue); 501 skb_queue_purge(&sk->sk_write_queue); 502 skb_queue_purge(&sk->sk_error_queue); 503 } 504 505 static void sco_sock_cleanup_listen(struct sock *parent) 506 { 507 struct sock *sk; 508 509 BT_DBG("parent %p", parent); 510 511 /* Close not yet accepted channels */ 512 while ((sk = bt_accept_dequeue(parent, NULL))) { 513 sco_sock_close(sk); 514 sco_sock_kill(sk); 515 /* Drop the reference handed back by bt_accept_dequeue(). */ 516 sock_put(sk); 517 } 518 519 parent->sk_state = BT_CLOSED; 520 sock_set_flag(parent, SOCK_ZAPPED); 521 } 522 523 /* Kill socket (only if zapped and orphan) 524 * Must be called on unlocked socket. 525 */ 526 static void sco_sock_kill(struct sock *sk) 527 { 528 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 529 return; 530 531 BT_DBG("sk %p state %d", sk, sk->sk_state); 532 533 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */ 534 lock_sock(sk); 535 if (sco_pi(sk)->conn) { 536 sco_conn_lock(sco_pi(sk)->conn); 537 sco_pi(sk)->conn->sk = NULL; 538 sco_conn_unlock(sco_pi(sk)->conn); 539 } 540 release_sock(sk); 541 542 /* Kill poor orphan */ 543 bt_sock_unlink(&sco_sk_list, sk); 544 sock_set_flag(sk, SOCK_DEAD); 545 sock_put(sk); 546 } 547 548 static void __sco_sock_close(struct sock *sk) 549 { 550 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 551 552 switch (sk->sk_state) { 553 case BT_LISTEN: 554 sco_sock_cleanup_listen(sk); 555 break; 556 557 case BT_CONNECTED: 558 case BT_CONFIG: 559 case BT_CONNECT2: 560 case BT_CONNECT: 561 case BT_DISCONN: 562 sco_chan_del(sk, ECONNRESET); 563 break; 564 565 default: 566 sock_set_flag(sk, SOCK_ZAPPED); 567 break; 568 } 569 570 } 571 572 /* Must be called on unlocked socket. */ 573 static void sco_sock_close(struct sock *sk) 574 { 575 lock_sock(sk); 576 sco_sock_clear_timer(sk); 577 __sco_sock_close(sk); 578 release_sock(sk); 579 } 580 581 static void sco_sock_init(struct sock *sk, struct sock *parent) 582 { 583 BT_DBG("sk %p", sk); 584 585 if (parent) { 586 sk->sk_type = parent->sk_type; 587 bt_sk(sk)->flags = bt_sk(parent)->flags; 588 security_sk_clone(parent, sk); 589 } 590 } 591 592 static struct proto sco_proto = { 593 .name = "SCO", 594 .owner = THIS_MODULE, 595 .obj_size = sizeof(struct sco_pinfo) 596 }; 597 598 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 599 int proto, gfp_t prio, int kern) 600 { 601 struct sock *sk; 602 603 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 604 if (!sk) 605 return NULL; 606 607 sk->sk_destruct = sco_sock_destruct; 608 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 609 610 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 611 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 612 sco_pi(sk)->codec.cid = 0xffff; 613 sco_pi(sk)->codec.vid = 0xffff; 614 sco_pi(sk)->codec.data_path = 0x00; 615 616 bt_sock_link(&sco_sk_list, sk); 617 return sk; 618 } 619 620 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 621 int kern) 622 { 623 struct sock *sk; 624 625 BT_DBG("sock %p", sock); 626 627 sock->state = SS_UNCONNECTED; 628 629 if (sock->type != SOCK_SEQPACKET) 630 return -ESOCKTNOSUPPORT; 631 632 sock->ops = &sco_sock_ops; 633 634 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 635 if (!sk) 636 return -ENOMEM; 637 638 sco_sock_init(sk, NULL); 639 return 0; 640 } 641 642 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr, 643 int addr_len) 644 { 645 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 646 struct sock *sk = sock->sk; 647 int err = 0; 648 649 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 650 addr->sa_family != AF_BLUETOOTH) 651 return -EINVAL; 652 653 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 654 655 lock_sock(sk); 656 657 if (sk->sk_state != BT_OPEN) { 658 err = -EBADFD; 659 goto done; 660 } 661 662 if (sk->sk_type != SOCK_SEQPACKET) { 663 err = -EINVAL; 664 goto done; 665 } 666 667 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 668 669 sk->sk_state = BT_BOUND; 670 671 done: 672 release_sock(sk); 673 return err; 674 } 675 676 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags) 677 { 678 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 679 struct sock *sk = sock->sk; 680 int err; 681 682 BT_DBG("sk %p", sk); 683 684 if (alen < sizeof(struct sockaddr_sco) || 685 addr->sa_family != AF_BLUETOOTH) 686 return -EINVAL; 687 688 lock_sock(sk); 689 690 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 691 release_sock(sk); 692 return -EBADFD; 693 } 694 695 if (sk->sk_type != SOCK_SEQPACKET) { 696 release_sock(sk); 697 return -EINVAL; 698 } 699 700 /* Set destination address and psm */ 701 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 702 release_sock(sk); 703 704 err = sco_connect(sk); 705 if (err) 706 return err; 707 708 lock_sock(sk); 709 710 err = bt_sock_wait_state(sk, BT_CONNECTED, 711 sock_sndtimeo(sk, flags & O_NONBLOCK)); 712 713 release_sock(sk); 714 return err; 715 } 716 717 static int sco_sock_listen(struct socket *sock, int backlog) 718 { 719 struct sock *sk = sock->sk; 720 bdaddr_t *src = &sco_pi(sk)->src; 721 int err = 0; 722 723 BT_DBG("sk %p backlog %d", sk, backlog); 724 725 lock_sock(sk); 726 727 if (sk->sk_state != BT_BOUND) { 728 err = -EBADFD; 729 goto done; 730 } 731 732 if (sk->sk_type != SOCK_SEQPACKET) { 733 err = -EINVAL; 734 goto done; 735 } 736 737 write_lock(&sco_sk_list.lock); 738 739 if (__sco_get_sock_listen_by_addr(src)) { 740 err = -EADDRINUSE; 741 goto unlock; 742 } 743 744 sk->sk_max_ack_backlog = backlog; 745 sk->sk_ack_backlog = 0; 746 747 sk->sk_state = BT_LISTEN; 748 749 unlock: 750 write_unlock(&sco_sk_list.lock); 751 752 done: 753 release_sock(sk); 754 return err; 755 } 756 757 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 758 struct proto_accept_arg *arg) 759 { 760 DEFINE_WAIT_FUNC(wait, woken_wake_function); 761 struct sock *sk = sock->sk, *ch; 762 long timeo; 763 int err = 0; 764 765 lock_sock(sk); 766 767 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 768 769 BT_DBG("sk %p timeo %ld", sk, timeo); 770 771 /* Wait for an incoming connection. (wake-one). */ 772 add_wait_queue_exclusive(sk_sleep(sk), &wait); 773 while (1) { 774 if (sk->sk_state != BT_LISTEN) { 775 err = -EBADFD; 776 break; 777 } 778 779 ch = bt_accept_dequeue(sk, newsock); 780 if (ch) { 781 /* Drop the bridging ref from bt_accept_dequeue(); 782 * the grafted socket keeps ch alive from here. 783 */ 784 sock_put(ch); 785 break; 786 } 787 788 if (!timeo) { 789 err = -EAGAIN; 790 break; 791 } 792 793 if (signal_pending(current)) { 794 err = sock_intr_errno(timeo); 795 break; 796 } 797 798 release_sock(sk); 799 800 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 801 lock_sock(sk); 802 } 803 remove_wait_queue(sk_sleep(sk), &wait); 804 805 if (err) 806 goto done; 807 808 newsock->state = SS_CONNECTED; 809 810 BT_DBG("new socket %p", ch); 811 812 done: 813 release_sock(sk); 814 return err; 815 } 816 817 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 818 int peer) 819 { 820 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 821 struct sock *sk = sock->sk; 822 823 BT_DBG("sock %p, sk %p", sock, sk); 824 825 addr->sa_family = AF_BLUETOOTH; 826 827 if (peer) 828 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 829 else 830 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 831 832 return sizeof(struct sockaddr_sco); 833 } 834 835 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 836 size_t len) 837 { 838 struct sock *sk = sock->sk; 839 struct sk_buff *skb; 840 struct sockcm_cookie sockc; 841 int err; 842 843 BT_DBG("sock %p, sk %p", sock, sk); 844 845 err = sock_error(sk); 846 if (err) 847 return err; 848 849 if (msg->msg_flags & MSG_OOB) 850 return -EOPNOTSUPP; 851 852 hci_sockcm_init(&sockc, sk); 853 854 if (msg->msg_controllen) { 855 err = sock_cmsg_send(sk, msg, &sockc); 856 if (err) 857 return err; 858 } 859 860 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 861 if (IS_ERR(skb)) 862 return PTR_ERR(skb); 863 864 lock_sock(sk); 865 866 if (sk->sk_state == BT_CONNECTED) 867 err = sco_send_frame(sk, skb, &sockc); 868 else 869 err = -ENOTCONN; 870 871 release_sock(sk); 872 873 if (err < 0) 874 kfree_skb(skb); 875 return err; 876 } 877 878 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 879 { 880 struct hci_dev *hdev = conn->hdev; 881 882 BT_DBG("conn %p", conn); 883 884 conn->state = BT_CONFIG; 885 886 if (!lmp_esco_capable(hdev)) { 887 struct hci_cp_accept_conn_req cp; 888 889 bacpy(&cp.bdaddr, &conn->dst); 890 cp.role = 0x00; /* Ignored */ 891 892 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 893 } else { 894 struct hci_cp_accept_sync_conn_req cp; 895 896 bacpy(&cp.bdaddr, &conn->dst); 897 cp.pkt_type = cpu_to_le16(conn->pkt_type); 898 899 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 900 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 901 cp.content_format = cpu_to_le16(setting); 902 903 switch (setting & SCO_AIRMODE_MASK) { 904 case SCO_AIRMODE_TRANSP: 905 if (conn->pkt_type & ESCO_2EV3) 906 cp.max_latency = cpu_to_le16(0x0008); 907 else 908 cp.max_latency = cpu_to_le16(0x000D); 909 cp.retrans_effort = 0x02; 910 break; 911 case SCO_AIRMODE_CVSD: 912 cp.max_latency = cpu_to_le16(0xffff); 913 cp.retrans_effort = 0xff; 914 break; 915 default: 916 /* use CVSD settings as fallback */ 917 cp.max_latency = cpu_to_le16(0xffff); 918 cp.retrans_effort = 0xff; 919 break; 920 } 921 922 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 923 sizeof(cp), &cp); 924 } 925 } 926 927 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 928 size_t len, int flags) 929 { 930 struct sock *sk = sock->sk; 931 struct sco_pinfo *pi = sco_pi(sk); 932 933 if (unlikely(flags & MSG_ERRQUEUE)) 934 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH, 935 BT_SCM_ERROR); 936 937 lock_sock(sk); 938 939 if (sk->sk_state == BT_CONNECT2 && 940 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 941 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 942 sk->sk_state = BT_CONFIG; 943 944 release_sock(sk); 945 return 0; 946 } 947 948 release_sock(sk); 949 950 return bt_sock_recvmsg(sock, msg, len, flags); 951 } 952 953 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 954 sockptr_t optval, unsigned int optlen) 955 { 956 struct sock *sk = sock->sk; 957 int err = 0; 958 struct bt_voice voice; 959 u32 opt; 960 struct bt_codecs *codecs; 961 struct hci_dev *hdev; 962 __u8 buffer[255]; 963 964 BT_DBG("sk %p", sk); 965 966 lock_sock(sk); 967 968 switch (optname) { 969 970 case BT_DEFER_SETUP: 971 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 972 err = -EINVAL; 973 break; 974 } 975 976 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 977 if (err) 978 break; 979 980 if (opt) 981 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 982 else 983 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 984 break; 985 986 case BT_VOICE: 987 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 988 sk->sk_state != BT_CONNECT2) { 989 err = -EINVAL; 990 break; 991 } 992 993 voice.setting = sco_pi(sk)->setting; 994 995 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval, 996 optlen); 997 if (err) 998 break; 999 1000 sco_pi(sk)->setting = voice.setting; 1001 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 1002 BDADDR_BREDR); 1003 if (!hdev) { 1004 err = -EBADFD; 1005 break; 1006 } 1007 1008 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 1009 case SCO_AIRMODE_TRANSP: 1010 if (enhanced_sync_conn_capable(hdev)) 1011 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 1012 break; 1013 } 1014 1015 hci_dev_put(hdev); 1016 break; 1017 1018 case BT_PKT_STATUS: 1019 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 1020 if (err) 1021 break; 1022 1023 if (opt) 1024 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1025 else 1026 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1027 break; 1028 1029 case BT_CODEC: 1030 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1031 sk->sk_state != BT_CONNECT2) { 1032 err = -EINVAL; 1033 break; 1034 } 1035 1036 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 1037 BDADDR_BREDR); 1038 if (!hdev) { 1039 err = -EBADFD; 1040 break; 1041 } 1042 1043 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1044 hci_dev_put(hdev); 1045 err = -EOPNOTSUPP; 1046 break; 1047 } 1048 1049 if (!hdev->get_data_path_id) { 1050 hci_dev_put(hdev); 1051 err = -EOPNOTSUPP; 1052 break; 1053 } 1054 1055 if (optlen < sizeof(struct bt_codecs) || 1056 optlen > sizeof(buffer)) { 1057 hci_dev_put(hdev); 1058 err = -EINVAL; 1059 break; 1060 } 1061 1062 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval, 1063 optlen); 1064 if (err) { 1065 hci_dev_put(hdev); 1066 break; 1067 } 1068 1069 codecs = (void *)buffer; 1070 1071 if (codecs->num_codecs != 1 || 1072 optlen < struct_size(codecs, codecs, codecs->num_codecs)) { 1073 hci_dev_put(hdev); 1074 err = -EINVAL; 1075 break; 1076 } 1077 1078 sco_pi(sk)->codec = codecs->codecs[0]; 1079 hci_dev_put(hdev); 1080 break; 1081 1082 default: 1083 err = -ENOPROTOOPT; 1084 break; 1085 } 1086 1087 release_sock(sk); 1088 return err; 1089 } 1090 1091 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 1092 char __user *optval, int __user *optlen) 1093 { 1094 struct sock *sk = sock->sk; 1095 struct sco_options opts; 1096 struct sco_conninfo cinfo; 1097 int err = 0; 1098 size_t len; 1099 1100 BT_DBG("sk %p", sk); 1101 1102 if (get_user(len, optlen)) 1103 return -EFAULT; 1104 1105 lock_sock(sk); 1106 1107 switch (optname) { 1108 case SCO_OPTIONS: 1109 if (sk->sk_state != BT_CONNECTED && 1110 !(sk->sk_state == BT_CONNECT2 && 1111 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1112 err = -ENOTCONN; 1113 break; 1114 } 1115 1116 opts.mtu = sco_pi(sk)->conn->mtu; 1117 1118 BT_DBG("mtu %u", opts.mtu); 1119 1120 len = min(len, sizeof(opts)); 1121 if (copy_to_user(optval, (char *)&opts, len)) 1122 err = -EFAULT; 1123 1124 break; 1125 1126 case SCO_CONNINFO: 1127 if (sk->sk_state != BT_CONNECTED && 1128 !(sk->sk_state == BT_CONNECT2 && 1129 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1130 err = -ENOTCONN; 1131 break; 1132 } 1133 1134 memset(&cinfo, 0, sizeof(cinfo)); 1135 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1136 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1137 1138 len = min(len, sizeof(cinfo)); 1139 if (copy_to_user(optval, (char *)&cinfo, len)) 1140 err = -EFAULT; 1141 1142 break; 1143 1144 default: 1145 err = -ENOPROTOOPT; 1146 break; 1147 } 1148 1149 release_sock(sk); 1150 return err; 1151 } 1152 1153 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1154 char __user *optval, int __user *optlen) 1155 { 1156 struct sock *sk = sock->sk; 1157 int len, err = 0; 1158 struct bt_voice voice; 1159 u32 phys; 1160 int buf_len; 1161 struct codec_list *c; 1162 u8 num_codecs, i, __user *ptr; 1163 struct hci_dev *hdev; 1164 struct hci_codec_caps *caps; 1165 struct bt_codec codec; 1166 1167 BT_DBG("sk %p", sk); 1168 1169 if (level == SOL_SCO) 1170 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1171 1172 if (get_user(len, optlen)) 1173 return -EFAULT; 1174 1175 lock_sock(sk); 1176 1177 switch (optname) { 1178 1179 case BT_DEFER_SETUP: 1180 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1181 err = -EINVAL; 1182 break; 1183 } 1184 1185 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1186 (u32 __user *)optval)) 1187 err = -EFAULT; 1188 1189 break; 1190 1191 case BT_VOICE: 1192 voice.setting = sco_pi(sk)->setting; 1193 1194 len = min_t(unsigned int, len, sizeof(voice)); 1195 if (copy_to_user(optval, (char *)&voice, len)) 1196 err = -EFAULT; 1197 1198 break; 1199 1200 case BT_PHY: 1201 if (sk->sk_state != BT_CONNECTED) { 1202 err = -ENOTCONN; 1203 break; 1204 } 1205 1206 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1207 1208 if (put_user(phys, (u32 __user *) optval)) 1209 err = -EFAULT; 1210 break; 1211 1212 case BT_PKT_STATUS: 1213 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1214 (int __user *)optval)) 1215 err = -EFAULT; 1216 break; 1217 1218 case BT_SNDMTU: 1219 case BT_RCVMTU: 1220 if (sk->sk_state != BT_CONNECTED) { 1221 err = -ENOTCONN; 1222 break; 1223 } 1224 1225 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1226 err = -EFAULT; 1227 break; 1228 1229 case BT_CODEC: 1230 num_codecs = 0; 1231 buf_len = 0; 1232 1233 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1234 if (!hdev) { 1235 err = -EBADFD; 1236 break; 1237 } 1238 1239 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1240 hci_dev_put(hdev); 1241 err = -EOPNOTSUPP; 1242 break; 1243 } 1244 1245 if (!hdev->get_data_path_id) { 1246 hci_dev_put(hdev); 1247 err = -EOPNOTSUPP; 1248 break; 1249 } 1250 1251 release_sock(sk); 1252 1253 /* find total buffer size required to copy codec + caps */ 1254 hci_dev_lock(hdev); 1255 list_for_each_entry(c, &hdev->local_codecs, list) { 1256 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1257 continue; 1258 num_codecs++; 1259 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1260 buf_len += 1 + caps->len; 1261 caps = (void *)&caps->data[caps->len]; 1262 } 1263 buf_len += sizeof(struct bt_codec); 1264 } 1265 hci_dev_unlock(hdev); 1266 1267 buf_len += sizeof(struct bt_codecs); 1268 if (buf_len > len) { 1269 hci_dev_put(hdev); 1270 return -ENOBUFS; 1271 } 1272 ptr = optval; 1273 1274 if (put_user(num_codecs, ptr)) { 1275 hci_dev_put(hdev); 1276 return -EFAULT; 1277 } 1278 ptr += sizeof(num_codecs); 1279 1280 /* Iterate all the codecs supported over SCO and populate 1281 * codec data 1282 */ 1283 hci_dev_lock(hdev); 1284 list_for_each_entry(c, &hdev->local_codecs, list) { 1285 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1286 continue; 1287 1288 codec.id = c->id; 1289 codec.cid = c->cid; 1290 codec.vid = c->vid; 1291 err = hdev->get_data_path_id(hdev, &codec.data_path); 1292 if (err < 0) 1293 break; 1294 codec.num_caps = c->num_caps; 1295 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1296 err = -EFAULT; 1297 break; 1298 } 1299 ptr += sizeof(codec); 1300 1301 /* find codec capabilities data length */ 1302 len = 0; 1303 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1304 len += 1 + caps->len; 1305 caps = (void *)&caps->data[caps->len]; 1306 } 1307 1308 /* copy codec capabilities data */ 1309 if (len && copy_to_user(ptr, c->caps, len)) { 1310 err = -EFAULT; 1311 break; 1312 } 1313 ptr += len; 1314 } 1315 1316 hci_dev_unlock(hdev); 1317 hci_dev_put(hdev); 1318 1319 lock_sock(sk); 1320 1321 if (!err && put_user(buf_len, optlen)) 1322 err = -EFAULT; 1323 1324 break; 1325 1326 default: 1327 err = -ENOPROTOOPT; 1328 break; 1329 } 1330 1331 release_sock(sk); 1332 return err; 1333 } 1334 1335 static int sco_sock_shutdown(struct socket *sock, int how) 1336 { 1337 struct sock *sk = sock->sk; 1338 int err = 0; 1339 1340 BT_DBG("sock %p, sk %p", sock, sk); 1341 1342 if (!sk) 1343 return 0; 1344 1345 sock_hold(sk); 1346 lock_sock(sk); 1347 1348 if (!sk->sk_shutdown) { 1349 sk->sk_shutdown = SHUTDOWN_MASK; 1350 sco_sock_clear_timer(sk); 1351 __sco_sock_close(sk); 1352 1353 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1354 !(current->flags & PF_EXITING)) 1355 err = bt_sock_wait_state(sk, BT_CLOSED, 1356 sk->sk_lingertime); 1357 } 1358 1359 release_sock(sk); 1360 sock_put(sk); 1361 1362 return err; 1363 } 1364 1365 static int sco_sock_release(struct socket *sock) 1366 { 1367 struct sock *sk = sock->sk; 1368 int err = 0; 1369 1370 BT_DBG("sock %p, sk %p", sock, sk); 1371 1372 if (!sk) 1373 return 0; 1374 1375 sco_sock_close(sk); 1376 1377 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1378 !(current->flags & PF_EXITING)) { 1379 lock_sock(sk); 1380 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1381 release_sock(sk); 1382 } 1383 1384 sock_orphan(sk); 1385 sco_sock_kill(sk); 1386 return err; 1387 } 1388 1389 static void sco_conn_ready(struct sco_conn *conn) 1390 { 1391 struct sock *parent, *sk; 1392 1393 sco_conn_lock(conn); 1394 sk = sco_sock_hold(conn); 1395 sco_conn_unlock(conn); 1396 1397 BT_DBG("conn %p", conn); 1398 1399 if (sk) { 1400 lock_sock(sk); 1401 1402 /* conn->sk may have become NULL if racing with sk close, but 1403 * due to held hdev->lock, it can't become different sk. 1404 */ 1405 if (conn->sk) { 1406 sco_sock_clear_timer(sk); 1407 sk->sk_state = BT_CONNECTED; 1408 sk->sk_state_change(sk); 1409 } 1410 1411 release_sock(sk); 1412 sock_put(sk); 1413 } else { 1414 if (!conn->hcon) 1415 return; 1416 1417 lockdep_assert_held(&conn->hcon->hdev->lock); 1418 1419 parent = sco_get_sock_listen(&conn->hcon->src); 1420 if (!parent) 1421 return; 1422 1423 lock_sock(parent); 1424 1425 sco_conn_lock(conn); 1426 1427 /* hdev->lock guarantees conn->sk == NULL still here */ 1428 1429 if (parent->sk_state != BT_LISTEN) 1430 goto release; 1431 1432 sk = sco_sock_alloc(sock_net(parent), NULL, 1433 BTPROTO_SCO, GFP_ATOMIC, 0); 1434 if (!sk) 1435 goto release; 1436 1437 sco_sock_init(sk, parent); 1438 1439 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1440 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1441 1442 sco_conn_hold(conn); 1443 hci_conn_hold(conn->hcon); 1444 __sco_chan_add(conn, sk, parent); 1445 1446 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1447 sk->sk_state = BT_CONNECT2; 1448 else 1449 sk->sk_state = BT_CONNECTED; 1450 1451 /* Wake up parent */ 1452 parent->sk_data_ready(parent); 1453 1454 release: 1455 sco_conn_unlock(conn); 1456 release_sock(parent); 1457 sock_put(parent); 1458 } 1459 } 1460 1461 /* ----- SCO interface with lower layer (HCI) ----- */ 1462 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1463 { 1464 struct sock *sk; 1465 int lm = 0; 1466 1467 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1468 1469 /* Find listening sockets */ 1470 read_lock(&sco_sk_list.lock); 1471 sk_for_each(sk, &sco_sk_list.head) { 1472 if (sk->sk_state != BT_LISTEN) 1473 continue; 1474 1475 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1476 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1477 lm |= HCI_LM_ACCEPT; 1478 1479 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1480 *flags |= HCI_PROTO_DEFER; 1481 break; 1482 } 1483 } 1484 read_unlock(&sco_sk_list.lock); 1485 1486 return lm; 1487 } 1488 1489 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1490 { 1491 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1492 return; 1493 1494 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1495 1496 if (!status) { 1497 struct sco_conn *conn; 1498 1499 conn = sco_conn_add(hcon); 1500 if (conn) { 1501 sco_conn_ready(conn); 1502 sco_conn_put(conn); 1503 } 1504 } else 1505 sco_conn_del(hcon, bt_to_errno(status)); 1506 } 1507 1508 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1509 { 1510 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1511 return; 1512 1513 BT_DBG("hcon %p reason %d", hcon, reason); 1514 1515 sco_conn_del(hcon, bt_to_errno(reason)); 1516 } 1517 1518 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb) 1519 { 1520 struct hci_conn *hcon; 1521 struct sco_conn *conn; 1522 1523 hci_dev_lock(hdev); 1524 1525 hcon = hci_conn_hash_lookup_handle(hdev, handle); 1526 if (!hcon) { 1527 hci_dev_unlock(hdev); 1528 kfree_skb(skb); 1529 return -ENOENT; 1530 } 1531 1532 conn = sco_conn_hold_unless_zero(hcon->sco_data); 1533 hcon = NULL; 1534 1535 hci_dev_unlock(hdev); 1536 1537 if (!conn) { 1538 kfree_skb(skb); 1539 return -EINVAL; 1540 } 1541 1542 BT_DBG("conn %p len %u", conn, skb->len); 1543 1544 if (skb->len) 1545 sco_recv_frame(conn, skb); 1546 else 1547 kfree_skb(skb); 1548 1549 sco_conn_put(conn); 1550 return 0; 1551 } 1552 1553 static struct hci_cb sco_cb = { 1554 .name = "SCO", 1555 .connect_cfm = sco_connect_cfm, 1556 .disconn_cfm = sco_disconn_cfm, 1557 }; 1558 1559 static int sco_debugfs_show(struct seq_file *f, void *p) 1560 { 1561 struct sock *sk; 1562 1563 read_lock(&sco_sk_list.lock); 1564 1565 sk_for_each(sk, &sco_sk_list.head) { 1566 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1567 &sco_pi(sk)->dst, sk->sk_state); 1568 } 1569 1570 read_unlock(&sco_sk_list.lock); 1571 1572 return 0; 1573 } 1574 1575 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1576 1577 static struct dentry *sco_debugfs; 1578 1579 static const struct proto_ops sco_sock_ops = { 1580 .family = PF_BLUETOOTH, 1581 .owner = THIS_MODULE, 1582 .release = sco_sock_release, 1583 .bind = sco_sock_bind, 1584 .connect = sco_sock_connect, 1585 .listen = sco_sock_listen, 1586 .accept = sco_sock_accept, 1587 .getname = sco_sock_getname, 1588 .sendmsg = sco_sock_sendmsg, 1589 .recvmsg = sco_sock_recvmsg, 1590 .poll = bt_sock_poll, 1591 .ioctl = bt_sock_ioctl, 1592 .gettstamp = sock_gettstamp, 1593 .mmap = sock_no_mmap, 1594 .socketpair = sock_no_socketpair, 1595 .shutdown = sco_sock_shutdown, 1596 .setsockopt = sco_sock_setsockopt, 1597 .getsockopt = sco_sock_getsockopt 1598 }; 1599 1600 static const struct net_proto_family sco_sock_family_ops = { 1601 .family = PF_BLUETOOTH, 1602 .owner = THIS_MODULE, 1603 .create = sco_sock_create, 1604 }; 1605 1606 int __init sco_init(void) 1607 { 1608 int err; 1609 1610 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1611 1612 err = proto_register(&sco_proto, 0); 1613 if (err < 0) 1614 return err; 1615 1616 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1617 if (err < 0) { 1618 BT_ERR("SCO socket registration failed"); 1619 goto error; 1620 } 1621 1622 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1623 if (err < 0) { 1624 BT_ERR("Failed to create SCO proc file"); 1625 bt_sock_unregister(BTPROTO_SCO); 1626 goto error; 1627 } 1628 1629 BT_INFO("SCO socket layer initialized"); 1630 1631 hci_register_cb(&sco_cb); 1632 1633 if (IS_ERR_OR_NULL(bt_debugfs)) 1634 return 0; 1635 1636 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1637 NULL, &sco_debugfs_fops); 1638 1639 return 0; 1640 1641 error: 1642 proto_unregister(&sco_proto); 1643 return err; 1644 } 1645 1646 void sco_exit(void) 1647 { 1648 bt_procfs_cleanup(&init_net, "sco"); 1649 1650 debugfs_remove(sco_debugfs); 1651 1652 hci_unregister_cb(&sco_cb); 1653 1654 bt_sock_unregister(BTPROTO_SCO); 1655 1656 proto_unregister(&sco_proto); 1657 } 1658 1659 module_param(disable_esco, bool, 0644); 1660 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1661