1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 struct kref ref;
55 };
56
57 #define sco_conn_lock(c) spin_lock(&c->lock)
58 #define sco_conn_unlock(c) spin_unlock(&c->lock)
59
60 static void sco_sock_close(struct sock *sk);
61 static void sco_sock_kill(struct sock *sk);
62
63 /* ----- SCO socket info ----- */
64 #define sco_pi(sk) ((struct sco_pinfo *) sk)
65
66 struct sco_pinfo {
67 struct bt_sock bt;
68 bdaddr_t src;
69 bdaddr_t dst;
70 __u32 flags;
71 __u16 setting;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74 };
75
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT (HZ * 40)
78 #define SCO_DISCONN_TIMEOUT (HZ * 2)
79
sco_conn_free(struct kref * ref)80 static void sco_conn_free(struct kref *ref)
81 {
82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83
84 BT_DBG("conn %p", conn);
85
86 if (conn->sk)
87 sco_pi(conn->sk)->conn = NULL;
88
89 if (conn->hcon) {
90 conn->hcon->sco_data = NULL;
91 hci_conn_drop(conn->hcon);
92 }
93
94 /* Ensure no more work items will run since hci_conn has been dropped */
95 disable_delayed_work_sync(&conn->timeout_work);
96
97 kfree(conn);
98 }
99
sco_conn_put(struct sco_conn * conn)100 static void sco_conn_put(struct sco_conn *conn)
101 {
102 if (!conn)
103 return;
104
105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106
107 kref_put(&conn->ref, sco_conn_free);
108 }
109
sco_conn_hold(struct sco_conn * conn)110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn)
111 {
112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
113
114 kref_get(&conn->ref);
115 return conn;
116 }
117
sco_conn_hold_unless_zero(struct sco_conn * conn)118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
119 {
120 if (!conn)
121 return NULL;
122
123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
124
125 if (!kref_get_unless_zero(&conn->ref))
126 return NULL;
127
128 return conn;
129 }
130
sco_sock_hold(struct sco_conn * conn)131 static struct sock *sco_sock_hold(struct sco_conn *conn)
132 {
133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
134 return NULL;
135
136 sock_hold(conn->sk);
137
138 return conn->sk;
139 }
140
sco_sock_timeout(struct work_struct * work)141 static void sco_sock_timeout(struct work_struct *work)
142 {
143 struct sco_conn *conn = container_of(work, struct sco_conn,
144 timeout_work.work);
145 struct sock *sk;
146
147 conn = sco_conn_hold_unless_zero(conn);
148 if (!conn)
149 return;
150
151 sco_conn_lock(conn);
152 if (!conn->hcon) {
153 sco_conn_unlock(conn);
154 sco_conn_put(conn);
155 return;
156 }
157 sk = sco_sock_hold(conn);
158 sco_conn_unlock(conn);
159 sco_conn_put(conn);
160
161 if (!sk)
162 return;
163
164 BT_DBG("sock %p state %d", sk, sk->sk_state);
165
166 lock_sock(sk);
167 sk->sk_err = ETIMEDOUT;
168 sk->sk_state_change(sk);
169 release_sock(sk);
170 sock_put(sk);
171 }
172
sco_sock_set_timer(struct sock * sk,long timeout)173 static void sco_sock_set_timer(struct sock *sk, long timeout)
174 {
175 if (!sco_pi(sk)->conn)
176 return;
177
178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
181 }
182
sco_sock_clear_timer(struct sock * sk)183 static void sco_sock_clear_timer(struct sock *sk)
184 {
185 if (!sco_pi(sk)->conn)
186 return;
187
188 BT_DBG("sock %p state %d", sk, sk->sk_state);
189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
190 }
191
192 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
194 {
195 struct sco_conn *conn = hcon->sco_data;
196
197 conn = sco_conn_hold_unless_zero(conn);
198 if (conn) {
199 if (!conn->hcon) {
200 sco_conn_lock(conn);
201 conn->hcon = hcon;
202 sco_conn_unlock(conn);
203 }
204 return conn;
205 }
206
207 conn = kzalloc_obj(struct sco_conn);
208 if (!conn)
209 return NULL;
210
211 kref_init(&conn->ref);
212 spin_lock_init(&conn->lock);
213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
214
215 hcon->sco_data = conn;
216 conn->hcon = hcon;
217 conn->mtu = hcon->mtu;
218
219 if (hcon->mtu > 0)
220 conn->mtu = hcon->mtu;
221 else
222 conn->mtu = 60;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227 }
228
229 /* Delete channel.
230 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)231 static void sco_chan_del(struct sock *sk, int err)
232 {
233 struct sco_conn *conn;
234
235 conn = sco_pi(sk)->conn;
236 sco_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 sco_conn_lock(conn);
242 conn->sk = NULL;
243 sco_conn_unlock(conn);
244 sco_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249 sk->sk_state_change(sk);
250
251 sock_set_flag(sk, SOCK_ZAPPED);
252 }
253
sco_conn_del(struct hci_conn * hcon,int err)254 static void sco_conn_del(struct hci_conn *hcon, int err)
255 {
256 struct sco_conn *conn = hcon->sco_data;
257 struct sock *sk;
258
259 conn = sco_conn_hold_unless_zero(conn);
260 if (!conn)
261 return;
262
263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
264
265 sco_conn_lock(conn);
266 sk = sco_sock_hold(conn);
267 sco_conn_unlock(conn);
268 sco_conn_put(conn);
269
270 if (!sk) {
271 sco_conn_put(conn);
272 return;
273 }
274
275 /* Kill socket */
276 lock_sock(sk);
277 sco_sock_clear_timer(sk);
278 sco_chan_del(sk, err);
279 release_sock(sk);
280 sock_put(sk);
281 }
282
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
284 struct sock *parent)
285 {
286 BT_DBG("conn %p", conn);
287
288 sco_pi(sk)->conn = conn;
289 conn->sk = sk;
290
291 if (parent)
292 bt_accept_enqueue(parent, sk, true);
293 }
294
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
296 struct sock *parent)
297 {
298 int err = 0;
299
300 sco_conn_lock(conn);
301 if (conn->sk || sco_pi(sk)->conn)
302 err = -EBUSY;
303 else
304 __sco_chan_add(conn, sk, parent);
305
306 sco_conn_unlock(conn);
307 return err;
308 }
309
sco_connect(struct sock * sk)310 static int sco_connect(struct sock *sk)
311 {
312 struct sco_conn *conn;
313 struct hci_conn *hcon;
314 struct hci_dev *hdev;
315 int err, type;
316
317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
318
319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
320 if (!hdev)
321 return -EHOSTUNREACH;
322
323 hci_dev_lock(hdev);
324
325 if (lmp_esco_capable(hdev) && !disable_esco)
326 type = ESCO_LINK;
327 else
328 type = SCO_LINK;
329
330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
331 case SCO_AIRMODE_TRANSP:
332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) {
333 err = -EOPNOTSUPP;
334 goto unlock;
335 }
336 break;
337 }
338
339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
340 sco_pi(sk)->setting, &sco_pi(sk)->codec,
341 READ_ONCE(sk->sk_sndtimeo));
342 if (IS_ERR(hcon)) {
343 err = PTR_ERR(hcon);
344 goto unlock;
345 }
346
347 conn = sco_conn_add(hcon);
348 if (!conn) {
349 hci_conn_drop(hcon);
350 err = -ENOMEM;
351 goto unlock;
352 }
353
354 lock_sock(sk);
355
356 /* Recheck state after reacquiring the socket lock, as another
357 * thread may have changed it (e.g., closed the socket).
358 */
359 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
360 release_sock(sk);
361 hci_conn_drop(hcon);
362 err = -EBADFD;
363 goto unlock;
364 }
365
366 err = sco_chan_add(conn, sk, NULL);
367 if (err) {
368 release_sock(sk);
369 hci_conn_drop(hcon);
370 goto unlock;
371 }
372
373 /* Update source addr of the socket */
374 bacpy(&sco_pi(sk)->src, &hcon->src);
375
376 if (hcon->state == BT_CONNECTED) {
377 sco_sock_clear_timer(sk);
378 sk->sk_state = BT_CONNECTED;
379 } else {
380 sk->sk_state = BT_CONNECT;
381 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
382 }
383
384 release_sock(sk);
385
386 unlock:
387 hci_dev_unlock(hdev);
388 hci_dev_put(hdev);
389 return err;
390 }
391
sco_send_frame(struct sock * sk,struct sk_buff * skb,const struct sockcm_cookie * sockc)392 static int sco_send_frame(struct sock *sk, struct sk_buff *skb,
393 const struct sockcm_cookie *sockc)
394 {
395 struct sco_conn *conn = sco_pi(sk)->conn;
396 int len = skb->len;
397
398 /* Check outgoing MTU */
399 if (len > conn->mtu)
400 return -EINVAL;
401
402 BT_DBG("sk %p len %d", sk, len);
403
404 hci_setup_tx_timestamp(skb, 1, sockc);
405 hci_send_sco(conn->hcon, skb);
406
407 return len;
408 }
409
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)410 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
411 {
412 struct sock *sk;
413
414 sco_conn_lock(conn);
415 sk = sco_sock_hold(conn);
416 sco_conn_unlock(conn);
417
418 if (!sk)
419 goto drop;
420
421 BT_DBG("sk %p len %u", sk, skb->len);
422
423 if (sk->sk_state != BT_CONNECTED)
424 goto drop_put;
425
426 if (!sock_queue_rcv_skb(sk, skb)) {
427 sock_put(sk);
428 return;
429 }
430
431 drop_put:
432 sock_put(sk);
433 drop:
434 kfree_skb(skb);
435 }
436
437 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)438 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
439 {
440 struct sock *sk;
441
442 sk_for_each(sk, &sco_sk_list.head) {
443 if (sk->sk_state != BT_LISTEN)
444 continue;
445
446 if (!bacmp(&sco_pi(sk)->src, ba))
447 return sk;
448 }
449
450 return NULL;
451 }
452
453 /* Find socket listening on source bdaddr.
454 * Returns closest match.
455 */
sco_get_sock_listen(bdaddr_t * src)456 static struct sock *sco_get_sock_listen(bdaddr_t *src)
457 {
458 struct sock *sk = NULL, *sk1 = NULL;
459
460 read_lock(&sco_sk_list.lock);
461
462 sk_for_each(sk, &sco_sk_list.head) {
463 if (sk->sk_state != BT_LISTEN)
464 continue;
465
466 /* Exact match. */
467 if (!bacmp(&sco_pi(sk)->src, src))
468 break;
469
470 /* Closest match */
471 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
472 sk1 = sk;
473 }
474
475 sk = sk ? sk : sk1;
476 if (sk)
477 sock_hold(sk);
478
479 read_unlock(&sco_sk_list.lock);
480
481 return sk;
482 }
483
sco_sock_destruct(struct sock * sk)484 static void sco_sock_destruct(struct sock *sk)
485 {
486 BT_DBG("sk %p", sk);
487
488 sco_conn_put(sco_pi(sk)->conn);
489
490 skb_queue_purge(&sk->sk_receive_queue);
491 skb_queue_purge(&sk->sk_write_queue);
492 skb_queue_purge(&sk->sk_error_queue);
493 }
494
sco_sock_cleanup_listen(struct sock * parent)495 static void sco_sock_cleanup_listen(struct sock *parent)
496 {
497 struct sock *sk;
498
499 BT_DBG("parent %p", parent);
500
501 /* Close not yet accepted channels */
502 while ((sk = bt_accept_dequeue(parent, NULL))) {
503 sco_sock_close(sk);
504 sco_sock_kill(sk);
505 /* Drop the reference handed back by bt_accept_dequeue(). */
506 sock_put(sk);
507 }
508
509 parent->sk_state = BT_CLOSED;
510 sock_set_flag(parent, SOCK_ZAPPED);
511 }
512
513 /* Kill socket (only if zapped and orphan)
514 * Must be called on unlocked socket.
515 */
sco_sock_kill(struct sock * sk)516 static void sco_sock_kill(struct sock *sk)
517 {
518 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
519 return;
520
521 BT_DBG("sk %p state %d", sk, sk->sk_state);
522
523 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
524 lock_sock(sk);
525 if (sco_pi(sk)->conn) {
526 sco_conn_lock(sco_pi(sk)->conn);
527 sco_pi(sk)->conn->sk = NULL;
528 sco_conn_unlock(sco_pi(sk)->conn);
529 }
530 release_sock(sk);
531
532 /* Kill poor orphan */
533 bt_sock_unlink(&sco_sk_list, sk);
534 sock_set_flag(sk, SOCK_DEAD);
535 sock_put(sk);
536 }
537
__sco_sock_close(struct sock * sk)538 static void __sco_sock_close(struct sock *sk)
539 {
540 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
541
542 switch (sk->sk_state) {
543 case BT_LISTEN:
544 sco_sock_cleanup_listen(sk);
545 break;
546
547 case BT_CONNECTED:
548 case BT_CONFIG:
549 case BT_CONNECT2:
550 case BT_CONNECT:
551 case BT_DISCONN:
552 sco_chan_del(sk, ECONNRESET);
553 break;
554
555 default:
556 sock_set_flag(sk, SOCK_ZAPPED);
557 break;
558 }
559
560 }
561
562 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)563 static void sco_sock_close(struct sock *sk)
564 {
565 lock_sock(sk);
566 sco_sock_clear_timer(sk);
567 __sco_sock_close(sk);
568 release_sock(sk);
569 }
570
sco_sock_init(struct sock * sk,struct sock * parent)571 static void sco_sock_init(struct sock *sk, struct sock *parent)
572 {
573 BT_DBG("sk %p", sk);
574
575 if (parent) {
576 sk->sk_type = parent->sk_type;
577 bt_sk(sk)->flags = bt_sk(parent)->flags;
578 security_sk_clone(parent, sk);
579 }
580 }
581
582 static struct proto sco_proto = {
583 .name = "SCO",
584 .owner = THIS_MODULE,
585 .obj_size = sizeof(struct sco_pinfo)
586 };
587
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)588 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
589 int proto, gfp_t prio, int kern)
590 {
591 struct sock *sk;
592
593 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
594 if (!sk)
595 return NULL;
596
597 sk->sk_destruct = sco_sock_destruct;
598 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
599
600 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
601 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
602 sco_pi(sk)->codec.cid = 0xffff;
603 sco_pi(sk)->codec.vid = 0xffff;
604 sco_pi(sk)->codec.data_path = 0x00;
605
606 bt_sock_link(&sco_sk_list, sk);
607 return sk;
608 }
609
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)610 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
611 int kern)
612 {
613 struct sock *sk;
614
615 BT_DBG("sock %p", sock);
616
617 sock->state = SS_UNCONNECTED;
618
619 if (sock->type != SOCK_SEQPACKET)
620 return -ESOCKTNOSUPPORT;
621
622 sock->ops = &sco_sock_ops;
623
624 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
625 if (!sk)
626 return -ENOMEM;
627
628 sco_sock_init(sk, NULL);
629 return 0;
630 }
631
sco_sock_bind(struct socket * sock,struct sockaddr_unsized * addr,int addr_len)632 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr,
633 int addr_len)
634 {
635 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
636 struct sock *sk = sock->sk;
637 int err = 0;
638
639 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
640 addr->sa_family != AF_BLUETOOTH)
641 return -EINVAL;
642
643 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
644
645 lock_sock(sk);
646
647 if (sk->sk_state != BT_OPEN) {
648 err = -EBADFD;
649 goto done;
650 }
651
652 if (sk->sk_type != SOCK_SEQPACKET) {
653 err = -EINVAL;
654 goto done;
655 }
656
657 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
658
659 sk->sk_state = BT_BOUND;
660
661 done:
662 release_sock(sk);
663 return err;
664 }
665
sco_sock_connect(struct socket * sock,struct sockaddr_unsized * addr,int alen,int flags)666 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags)
667 {
668 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
669 struct sock *sk = sock->sk;
670 int err;
671
672 BT_DBG("sk %p", sk);
673
674 if (alen < sizeof(struct sockaddr_sco) ||
675 addr->sa_family != AF_BLUETOOTH)
676 return -EINVAL;
677
678 lock_sock(sk);
679
680 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
681 release_sock(sk);
682 return -EBADFD;
683 }
684
685 if (sk->sk_type != SOCK_SEQPACKET) {
686 release_sock(sk);
687 return -EINVAL;
688 }
689
690 /* Set destination address and psm */
691 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
692 release_sock(sk);
693
694 err = sco_connect(sk);
695 if (err)
696 return err;
697
698 lock_sock(sk);
699
700 err = bt_sock_wait_state(sk, BT_CONNECTED,
701 sock_sndtimeo(sk, flags & O_NONBLOCK));
702
703 release_sock(sk);
704 return err;
705 }
706
sco_sock_listen(struct socket * sock,int backlog)707 static int sco_sock_listen(struct socket *sock, int backlog)
708 {
709 struct sock *sk = sock->sk;
710 bdaddr_t *src = &sco_pi(sk)->src;
711 int err = 0;
712
713 BT_DBG("sk %p backlog %d", sk, backlog);
714
715 lock_sock(sk);
716
717 if (sk->sk_state != BT_BOUND) {
718 err = -EBADFD;
719 goto done;
720 }
721
722 if (sk->sk_type != SOCK_SEQPACKET) {
723 err = -EINVAL;
724 goto done;
725 }
726
727 write_lock(&sco_sk_list.lock);
728
729 if (__sco_get_sock_listen_by_addr(src)) {
730 err = -EADDRINUSE;
731 goto unlock;
732 }
733
734 sk->sk_max_ack_backlog = backlog;
735 sk->sk_ack_backlog = 0;
736
737 sk->sk_state = BT_LISTEN;
738
739 unlock:
740 write_unlock(&sco_sk_list.lock);
741
742 done:
743 release_sock(sk);
744 return err;
745 }
746
sco_sock_accept(struct socket * sock,struct socket * newsock,struct proto_accept_arg * arg)747 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
748 struct proto_accept_arg *arg)
749 {
750 DEFINE_WAIT_FUNC(wait, woken_wake_function);
751 struct sock *sk = sock->sk, *ch;
752 long timeo;
753 int err = 0;
754
755 lock_sock(sk);
756
757 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
758
759 BT_DBG("sk %p timeo %ld", sk, timeo);
760
761 /* Wait for an incoming connection. (wake-one). */
762 add_wait_queue_exclusive(sk_sleep(sk), &wait);
763 while (1) {
764 if (sk->sk_state != BT_LISTEN) {
765 err = -EBADFD;
766 break;
767 }
768
769 ch = bt_accept_dequeue(sk, newsock);
770 if (ch) {
771 /* Drop the bridging ref from bt_accept_dequeue();
772 * the grafted socket keeps ch alive from here.
773 */
774 sock_put(ch);
775 break;
776 }
777
778 if (!timeo) {
779 err = -EAGAIN;
780 break;
781 }
782
783 if (signal_pending(current)) {
784 err = sock_intr_errno(timeo);
785 break;
786 }
787
788 release_sock(sk);
789
790 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
791 lock_sock(sk);
792 }
793 remove_wait_queue(sk_sleep(sk), &wait);
794
795 if (err)
796 goto done;
797
798 newsock->state = SS_CONNECTED;
799
800 BT_DBG("new socket %p", ch);
801
802 done:
803 release_sock(sk);
804 return err;
805 }
806
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)807 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
808 int peer)
809 {
810 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
811 struct sock *sk = sock->sk;
812
813 BT_DBG("sock %p, sk %p", sock, sk);
814
815 addr->sa_family = AF_BLUETOOTH;
816
817 if (peer)
818 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
819 else
820 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
821
822 return sizeof(struct sockaddr_sco);
823 }
824
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)825 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
826 size_t len)
827 {
828 struct sock *sk = sock->sk;
829 struct sk_buff *skb;
830 struct sockcm_cookie sockc;
831 int err;
832
833 BT_DBG("sock %p, sk %p", sock, sk);
834
835 err = sock_error(sk);
836 if (err)
837 return err;
838
839 if (msg->msg_flags & MSG_OOB)
840 return -EOPNOTSUPP;
841
842 hci_sockcm_init(&sockc, sk);
843
844 if (msg->msg_controllen) {
845 err = sock_cmsg_send(sk, msg, &sockc);
846 if (err)
847 return err;
848 }
849
850 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
851 if (IS_ERR(skb))
852 return PTR_ERR(skb);
853
854 lock_sock(sk);
855
856 if (sk->sk_state == BT_CONNECTED)
857 err = sco_send_frame(sk, skb, &sockc);
858 else
859 err = -ENOTCONN;
860
861 release_sock(sk);
862
863 if (err < 0)
864 kfree_skb(skb);
865 return err;
866 }
867
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)868 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
869 {
870 struct hci_dev *hdev = conn->hdev;
871
872 BT_DBG("conn %p", conn);
873
874 conn->state = BT_CONFIG;
875
876 if (!lmp_esco_capable(hdev)) {
877 struct hci_cp_accept_conn_req cp;
878
879 bacpy(&cp.bdaddr, &conn->dst);
880 cp.role = 0x00; /* Ignored */
881
882 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
883 } else {
884 struct hci_cp_accept_sync_conn_req cp;
885
886 bacpy(&cp.bdaddr, &conn->dst);
887 cp.pkt_type = cpu_to_le16(conn->pkt_type);
888
889 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
890 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
891 cp.content_format = cpu_to_le16(setting);
892
893 switch (setting & SCO_AIRMODE_MASK) {
894 case SCO_AIRMODE_TRANSP:
895 if (conn->pkt_type & ESCO_2EV3)
896 cp.max_latency = cpu_to_le16(0x0008);
897 else
898 cp.max_latency = cpu_to_le16(0x000D);
899 cp.retrans_effort = 0x02;
900 break;
901 case SCO_AIRMODE_CVSD:
902 cp.max_latency = cpu_to_le16(0xffff);
903 cp.retrans_effort = 0xff;
904 break;
905 default:
906 /* use CVSD settings as fallback */
907 cp.max_latency = cpu_to_le16(0xffff);
908 cp.retrans_effort = 0xff;
909 break;
910 }
911
912 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
913 sizeof(cp), &cp);
914 }
915 }
916
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)917 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
918 size_t len, int flags)
919 {
920 struct sock *sk = sock->sk;
921 struct sco_pinfo *pi = sco_pi(sk);
922
923 if (unlikely(flags & MSG_ERRQUEUE))
924 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
925 BT_SCM_ERROR);
926
927 lock_sock(sk);
928
929 if (sk->sk_state == BT_CONNECT2 &&
930 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
931 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
932 sk->sk_state = BT_CONFIG;
933
934 release_sock(sk);
935 return 0;
936 }
937
938 release_sock(sk);
939
940 return bt_sock_recvmsg(sock, msg, len, flags);
941 }
942
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)943 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
944 sockptr_t optval, unsigned int optlen)
945 {
946 struct sock *sk = sock->sk;
947 int err = 0;
948 struct bt_voice voice;
949 u32 opt;
950 struct bt_codecs *codecs;
951 struct hci_dev *hdev;
952 __u8 buffer[255];
953
954 BT_DBG("sk %p", sk);
955
956 lock_sock(sk);
957
958 switch (optname) {
959
960 case BT_DEFER_SETUP:
961 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
962 err = -EINVAL;
963 break;
964 }
965
966 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
967 if (err)
968 break;
969
970 if (opt)
971 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
972 else
973 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
974 break;
975
976 case BT_VOICE:
977 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
978 sk->sk_state != BT_CONNECT2) {
979 err = -EINVAL;
980 break;
981 }
982
983 voice.setting = sco_pi(sk)->setting;
984
985 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval,
986 optlen);
987 if (err)
988 break;
989
990 sco_pi(sk)->setting = voice.setting;
991 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
992 BDADDR_BREDR);
993 if (!hdev) {
994 err = -EBADFD;
995 break;
996 }
997
998 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
999 case SCO_AIRMODE_TRANSP:
1000 if (enhanced_sync_conn_capable(hdev))
1001 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
1002 break;
1003 }
1004
1005 hci_dev_put(hdev);
1006 break;
1007
1008 case BT_PKT_STATUS:
1009 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1010 if (err)
1011 break;
1012
1013 if (opt)
1014 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1015 else
1016 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1017 break;
1018
1019 case BT_CODEC:
1020 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1021 sk->sk_state != BT_CONNECT2) {
1022 err = -EINVAL;
1023 break;
1024 }
1025
1026 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
1027 BDADDR_BREDR);
1028 if (!hdev) {
1029 err = -EBADFD;
1030 break;
1031 }
1032
1033 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1034 hci_dev_put(hdev);
1035 err = -EOPNOTSUPP;
1036 break;
1037 }
1038
1039 if (!hdev->get_data_path_id) {
1040 hci_dev_put(hdev);
1041 err = -EOPNOTSUPP;
1042 break;
1043 }
1044
1045 if (optlen < sizeof(struct bt_codecs) ||
1046 optlen > sizeof(buffer)) {
1047 hci_dev_put(hdev);
1048 err = -EINVAL;
1049 break;
1050 }
1051
1052 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval,
1053 optlen);
1054 if (err) {
1055 hci_dev_put(hdev);
1056 break;
1057 }
1058
1059 codecs = (void *)buffer;
1060
1061 if (codecs->num_codecs != 1 ||
1062 optlen < struct_size(codecs, codecs, codecs->num_codecs)) {
1063 hci_dev_put(hdev);
1064 err = -EINVAL;
1065 break;
1066 }
1067
1068 sco_pi(sk)->codec = codecs->codecs[0];
1069 hci_dev_put(hdev);
1070 break;
1071
1072 default:
1073 err = -ENOPROTOOPT;
1074 break;
1075 }
1076
1077 release_sock(sk);
1078 return err;
1079 }
1080
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)1081 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1082 char __user *optval, int __user *optlen)
1083 {
1084 struct sock *sk = sock->sk;
1085 struct sco_options opts;
1086 struct sco_conninfo cinfo;
1087 int err = 0;
1088 size_t len;
1089
1090 BT_DBG("sk %p", sk);
1091
1092 if (get_user(len, optlen))
1093 return -EFAULT;
1094
1095 lock_sock(sk);
1096
1097 switch (optname) {
1098 case SCO_OPTIONS:
1099 if (sk->sk_state != BT_CONNECTED &&
1100 !(sk->sk_state == BT_CONNECT2 &&
1101 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1102 err = -ENOTCONN;
1103 break;
1104 }
1105
1106 opts.mtu = sco_pi(sk)->conn->mtu;
1107
1108 BT_DBG("mtu %u", opts.mtu);
1109
1110 len = min(len, sizeof(opts));
1111 if (copy_to_user(optval, (char *)&opts, len))
1112 err = -EFAULT;
1113
1114 break;
1115
1116 case SCO_CONNINFO:
1117 if (sk->sk_state != BT_CONNECTED &&
1118 !(sk->sk_state == BT_CONNECT2 &&
1119 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1120 err = -ENOTCONN;
1121 break;
1122 }
1123
1124 memset(&cinfo, 0, sizeof(cinfo));
1125 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1126 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1127
1128 len = min(len, sizeof(cinfo));
1129 if (copy_to_user(optval, (char *)&cinfo, len))
1130 err = -EFAULT;
1131
1132 break;
1133
1134 default:
1135 err = -ENOPROTOOPT;
1136 break;
1137 }
1138
1139 release_sock(sk);
1140 return err;
1141 }
1142
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1143 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1144 char __user *optval, int __user *optlen)
1145 {
1146 struct sock *sk = sock->sk;
1147 int len, err = 0;
1148 struct bt_voice voice;
1149 u32 phys;
1150 int buf_len;
1151 struct codec_list *c;
1152 u8 num_codecs, i, __user *ptr;
1153 struct hci_dev *hdev;
1154 struct hci_codec_caps *caps;
1155 struct bt_codec codec;
1156
1157 BT_DBG("sk %p", sk);
1158
1159 if (level == SOL_SCO)
1160 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1161
1162 if (get_user(len, optlen))
1163 return -EFAULT;
1164
1165 lock_sock(sk);
1166
1167 switch (optname) {
1168
1169 case BT_DEFER_SETUP:
1170 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1171 err = -EINVAL;
1172 break;
1173 }
1174
1175 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1176 (u32 __user *)optval))
1177 err = -EFAULT;
1178
1179 break;
1180
1181 case BT_VOICE:
1182 voice.setting = sco_pi(sk)->setting;
1183
1184 len = min_t(unsigned int, len, sizeof(voice));
1185 if (copy_to_user(optval, (char *)&voice, len))
1186 err = -EFAULT;
1187
1188 break;
1189
1190 case BT_PHY:
1191 if (sk->sk_state != BT_CONNECTED) {
1192 err = -ENOTCONN;
1193 break;
1194 }
1195
1196 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1197
1198 if (put_user(phys, (u32 __user *) optval))
1199 err = -EFAULT;
1200 break;
1201
1202 case BT_PKT_STATUS:
1203 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1204 (int __user *)optval))
1205 err = -EFAULT;
1206 break;
1207
1208 case BT_SNDMTU:
1209 case BT_RCVMTU:
1210 if (sk->sk_state != BT_CONNECTED) {
1211 err = -ENOTCONN;
1212 break;
1213 }
1214
1215 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1216 err = -EFAULT;
1217 break;
1218
1219 case BT_CODEC:
1220 num_codecs = 0;
1221 buf_len = 0;
1222
1223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1224 if (!hdev) {
1225 err = -EBADFD;
1226 break;
1227 }
1228
1229 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1230 hci_dev_put(hdev);
1231 err = -EOPNOTSUPP;
1232 break;
1233 }
1234
1235 if (!hdev->get_data_path_id) {
1236 hci_dev_put(hdev);
1237 err = -EOPNOTSUPP;
1238 break;
1239 }
1240
1241 release_sock(sk);
1242
1243 /* find total buffer size required to copy codec + caps */
1244 hci_dev_lock(hdev);
1245 list_for_each_entry(c, &hdev->local_codecs, list) {
1246 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1247 continue;
1248 num_codecs++;
1249 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1250 buf_len += 1 + caps->len;
1251 caps = (void *)&caps->data[caps->len];
1252 }
1253 buf_len += sizeof(struct bt_codec);
1254 }
1255 hci_dev_unlock(hdev);
1256
1257 buf_len += sizeof(struct bt_codecs);
1258 if (buf_len > len) {
1259 hci_dev_put(hdev);
1260 return -ENOBUFS;
1261 }
1262 ptr = optval;
1263
1264 if (put_user(num_codecs, ptr)) {
1265 hci_dev_put(hdev);
1266 return -EFAULT;
1267 }
1268 ptr += sizeof(num_codecs);
1269
1270 /* Iterate all the codecs supported over SCO and populate
1271 * codec data
1272 */
1273 hci_dev_lock(hdev);
1274 list_for_each_entry(c, &hdev->local_codecs, list) {
1275 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1276 continue;
1277
1278 codec.id = c->id;
1279 codec.cid = c->cid;
1280 codec.vid = c->vid;
1281 err = hdev->get_data_path_id(hdev, &codec.data_path);
1282 if (err < 0)
1283 break;
1284 codec.num_caps = c->num_caps;
1285 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1286 err = -EFAULT;
1287 break;
1288 }
1289 ptr += sizeof(codec);
1290
1291 /* find codec capabilities data length */
1292 len = 0;
1293 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1294 len += 1 + caps->len;
1295 caps = (void *)&caps->data[caps->len];
1296 }
1297
1298 /* copy codec capabilities data */
1299 if (len && copy_to_user(ptr, c->caps, len)) {
1300 err = -EFAULT;
1301 break;
1302 }
1303 ptr += len;
1304 }
1305
1306 hci_dev_unlock(hdev);
1307 hci_dev_put(hdev);
1308
1309 lock_sock(sk);
1310
1311 if (!err && put_user(buf_len, optlen))
1312 err = -EFAULT;
1313
1314 break;
1315
1316 default:
1317 err = -ENOPROTOOPT;
1318 break;
1319 }
1320
1321 release_sock(sk);
1322 return err;
1323 }
1324
sco_sock_shutdown(struct socket * sock,int how)1325 static int sco_sock_shutdown(struct socket *sock, int how)
1326 {
1327 struct sock *sk = sock->sk;
1328 int err = 0;
1329
1330 BT_DBG("sock %p, sk %p", sock, sk);
1331
1332 if (!sk)
1333 return 0;
1334
1335 sock_hold(sk);
1336 lock_sock(sk);
1337
1338 if (!sk->sk_shutdown) {
1339 sk->sk_shutdown = SHUTDOWN_MASK;
1340 sco_sock_clear_timer(sk);
1341 __sco_sock_close(sk);
1342
1343 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1344 !(current->flags & PF_EXITING))
1345 err = bt_sock_wait_state(sk, BT_CLOSED,
1346 sk->sk_lingertime);
1347 }
1348
1349 release_sock(sk);
1350 sock_put(sk);
1351
1352 return err;
1353 }
1354
sco_sock_release(struct socket * sock)1355 static int sco_sock_release(struct socket *sock)
1356 {
1357 struct sock *sk = sock->sk;
1358 int err = 0;
1359
1360 BT_DBG("sock %p, sk %p", sock, sk);
1361
1362 if (!sk)
1363 return 0;
1364
1365 sco_sock_close(sk);
1366
1367 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1368 !(current->flags & PF_EXITING)) {
1369 lock_sock(sk);
1370 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1371 release_sock(sk);
1372 }
1373
1374 sock_orphan(sk);
1375 sco_sock_kill(sk);
1376 return err;
1377 }
1378
sco_conn_ready(struct sco_conn * conn)1379 static void sco_conn_ready(struct sco_conn *conn)
1380 {
1381 struct sock *parent, *sk;
1382
1383 sco_conn_lock(conn);
1384 sk = sco_sock_hold(conn);
1385 sco_conn_unlock(conn);
1386
1387 BT_DBG("conn %p", conn);
1388
1389 if (sk) {
1390 lock_sock(sk);
1391
1392 /* conn->sk may have become NULL if racing with sk close, but
1393 * due to held hdev->lock, it can't become different sk.
1394 */
1395 if (conn->sk) {
1396 sco_sock_clear_timer(sk);
1397 sk->sk_state = BT_CONNECTED;
1398 sk->sk_state_change(sk);
1399 }
1400
1401 release_sock(sk);
1402 sock_put(sk);
1403 } else {
1404 if (!conn->hcon)
1405 return;
1406
1407 lockdep_assert_held(&conn->hcon->hdev->lock);
1408
1409 parent = sco_get_sock_listen(&conn->hcon->src);
1410 if (!parent)
1411 return;
1412
1413 lock_sock(parent);
1414
1415 sco_conn_lock(conn);
1416
1417 /* hdev->lock guarantees conn->sk == NULL still here */
1418
1419 if (parent->sk_state != BT_LISTEN)
1420 goto release;
1421
1422 sk = sco_sock_alloc(sock_net(parent), NULL,
1423 BTPROTO_SCO, GFP_ATOMIC, 0);
1424 if (!sk)
1425 goto release;
1426
1427 sco_sock_init(sk, parent);
1428
1429 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1430 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1431
1432 sco_conn_hold(conn);
1433 hci_conn_hold(conn->hcon);
1434 __sco_chan_add(conn, sk, parent);
1435
1436 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1437 sk->sk_state = BT_CONNECT2;
1438 else
1439 sk->sk_state = BT_CONNECTED;
1440
1441 /* Wake up parent */
1442 parent->sk_data_ready(parent);
1443
1444 release:
1445 sco_conn_unlock(conn);
1446 release_sock(parent);
1447 sock_put(parent);
1448 }
1449 }
1450
1451 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1452 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1453 {
1454 struct sock *sk;
1455 int lm = 0;
1456
1457 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1458
1459 /* Find listening sockets */
1460 read_lock(&sco_sk_list.lock);
1461 sk_for_each(sk, &sco_sk_list.head) {
1462 if (sk->sk_state != BT_LISTEN)
1463 continue;
1464
1465 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1466 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1467 lm |= HCI_LM_ACCEPT;
1468
1469 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1470 *flags |= HCI_PROTO_DEFER;
1471 break;
1472 }
1473 }
1474 read_unlock(&sco_sk_list.lock);
1475
1476 return lm;
1477 }
1478
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1479 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1480 {
1481 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1482 return;
1483
1484 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1485
1486 if (!status) {
1487 struct sco_conn *conn;
1488
1489 conn = sco_conn_add(hcon);
1490 if (conn) {
1491 sco_conn_ready(conn);
1492 sco_conn_put(conn);
1493 }
1494 } else
1495 sco_conn_del(hcon, bt_to_errno(status));
1496 }
1497
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1498 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1499 {
1500 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1501 return;
1502
1503 BT_DBG("hcon %p reason %d", hcon, reason);
1504
1505 sco_conn_del(hcon, bt_to_errno(reason));
1506 }
1507
sco_recv_scodata(struct hci_dev * hdev,u16 handle,struct sk_buff * skb)1508 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb)
1509 {
1510 struct hci_conn *hcon;
1511 struct sco_conn *conn;
1512
1513 hci_dev_lock(hdev);
1514
1515 hcon = hci_conn_hash_lookup_handle(hdev, handle);
1516 if (!hcon) {
1517 hci_dev_unlock(hdev);
1518 kfree_skb(skb);
1519 return -ENOENT;
1520 }
1521
1522 conn = sco_conn_hold_unless_zero(hcon->sco_data);
1523 hcon = NULL;
1524
1525 hci_dev_unlock(hdev);
1526
1527 if (!conn) {
1528 kfree_skb(skb);
1529 return -EINVAL;
1530 }
1531
1532 BT_DBG("conn %p len %u", conn, skb->len);
1533
1534 if (skb->len)
1535 sco_recv_frame(conn, skb);
1536 else
1537 kfree_skb(skb);
1538
1539 sco_conn_put(conn);
1540 return 0;
1541 }
1542
1543 static struct hci_cb sco_cb = {
1544 .name = "SCO",
1545 .connect_cfm = sco_connect_cfm,
1546 .disconn_cfm = sco_disconn_cfm,
1547 };
1548
sco_debugfs_show(struct seq_file * f,void * p)1549 static int sco_debugfs_show(struct seq_file *f, void *p)
1550 {
1551 struct sock *sk;
1552
1553 read_lock(&sco_sk_list.lock);
1554
1555 sk_for_each(sk, &sco_sk_list.head) {
1556 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1557 &sco_pi(sk)->dst, sk->sk_state);
1558 }
1559
1560 read_unlock(&sco_sk_list.lock);
1561
1562 return 0;
1563 }
1564
1565 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1566
1567 static struct dentry *sco_debugfs;
1568
1569 static const struct proto_ops sco_sock_ops = {
1570 .family = PF_BLUETOOTH,
1571 .owner = THIS_MODULE,
1572 .release = sco_sock_release,
1573 .bind = sco_sock_bind,
1574 .connect = sco_sock_connect,
1575 .listen = sco_sock_listen,
1576 .accept = sco_sock_accept,
1577 .getname = sco_sock_getname,
1578 .sendmsg = sco_sock_sendmsg,
1579 .recvmsg = sco_sock_recvmsg,
1580 .poll = bt_sock_poll,
1581 .ioctl = bt_sock_ioctl,
1582 .gettstamp = sock_gettstamp,
1583 .mmap = sock_no_mmap,
1584 .socketpair = sock_no_socketpair,
1585 .shutdown = sco_sock_shutdown,
1586 .setsockopt = sco_sock_setsockopt,
1587 .getsockopt = sco_sock_getsockopt
1588 };
1589
1590 static const struct net_proto_family sco_sock_family_ops = {
1591 .family = PF_BLUETOOTH,
1592 .owner = THIS_MODULE,
1593 .create = sco_sock_create,
1594 };
1595
sco_init(void)1596 int __init sco_init(void)
1597 {
1598 int err;
1599
1600 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1601
1602 err = proto_register(&sco_proto, 0);
1603 if (err < 0)
1604 return err;
1605
1606 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1607 if (err < 0) {
1608 BT_ERR("SCO socket registration failed");
1609 goto error;
1610 }
1611
1612 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1613 if (err < 0) {
1614 BT_ERR("Failed to create SCO proc file");
1615 bt_sock_unregister(BTPROTO_SCO);
1616 goto error;
1617 }
1618
1619 BT_INFO("SCO socket layer initialized");
1620
1621 hci_register_cb(&sco_cb);
1622
1623 if (IS_ERR_OR_NULL(bt_debugfs))
1624 return 0;
1625
1626 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1627 NULL, &sco_debugfs_fops);
1628
1629 return 0;
1630
1631 error:
1632 proto_unregister(&sco_proto);
1633 return err;
1634 }
1635
sco_exit(void)1636 void sco_exit(void)
1637 {
1638 bt_procfs_cleanup(&init_net, "sco");
1639
1640 debugfs_remove(sco_debugfs);
1641
1642 hci_unregister_cb(&sco_cb);
1643
1644 bt_sock_unregister(BTPROTO_SCO);
1645
1646 proto_unregister(&sco_proto);
1647 }
1648
1649 module_param(disable_esco, bool, 0644);
1650 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1651