1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 struct kref ref;
55 };
56
57 #define sco_conn_lock(c) spin_lock(&c->lock)
58 #define sco_conn_unlock(c) spin_unlock(&c->lock)
59
60 static void sco_sock_close(struct sock *sk);
61 static void sco_sock_kill(struct sock *sk);
62
63 /* ----- SCO socket info ----- */
64 #define sco_pi(sk) ((struct sco_pinfo *) sk)
65
66 struct sco_pinfo {
67 struct bt_sock bt;
68 bdaddr_t src;
69 bdaddr_t dst;
70 __u32 flags;
71 __u16 setting;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74 };
75
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT (HZ * 40)
78 #define SCO_DISCONN_TIMEOUT (HZ * 2)
79
sco_conn_free(struct kref * ref)80 static void sco_conn_free(struct kref *ref)
81 {
82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83
84 BT_DBG("conn %p", conn);
85
86 if (conn->sk)
87 sco_pi(conn->sk)->conn = NULL;
88
89 if (conn->hcon) {
90 conn->hcon->sco_data = NULL;
91 hci_conn_drop(conn->hcon);
92 }
93
94 /* Ensure no more work items will run since hci_conn has been dropped */
95 disable_delayed_work_sync(&conn->timeout_work);
96
97 kfree(conn);
98 }
99
sco_conn_put(struct sco_conn * conn)100 static void sco_conn_put(struct sco_conn *conn)
101 {
102 if (!conn)
103 return;
104
105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106
107 kref_put(&conn->ref, sco_conn_free);
108 }
109
sco_conn_hold(struct sco_conn * conn)110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn)
111 {
112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
113
114 kref_get(&conn->ref);
115 return conn;
116 }
117
sco_conn_hold_unless_zero(struct sco_conn * conn)118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
119 {
120 if (!conn)
121 return NULL;
122
123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
124
125 if (!kref_get_unless_zero(&conn->ref))
126 return NULL;
127
128 return conn;
129 }
130
sco_sock_hold(struct sco_conn * conn)131 static struct sock *sco_sock_hold(struct sco_conn *conn)
132 {
133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
134 return NULL;
135
136 sock_hold(conn->sk);
137
138 return conn->sk;
139 }
140
sco_sock_timeout(struct work_struct * work)141 static void sco_sock_timeout(struct work_struct *work)
142 {
143 struct sco_conn *conn = container_of(work, struct sco_conn,
144 timeout_work.work);
145 struct sock *sk;
146
147 conn = sco_conn_hold_unless_zero(conn);
148 if (!conn)
149 return;
150
151 sco_conn_lock(conn);
152 if (!conn->hcon) {
153 sco_conn_unlock(conn);
154 sco_conn_put(conn);
155 return;
156 }
157 sk = sco_sock_hold(conn);
158 sco_conn_unlock(conn);
159 sco_conn_put(conn);
160
161 if (!sk)
162 return;
163
164 BT_DBG("sock %p state %d", sk, sk->sk_state);
165
166 lock_sock(sk);
167 sk->sk_err = ETIMEDOUT;
168 sk->sk_state_change(sk);
169 release_sock(sk);
170 sock_put(sk);
171 }
172
sco_sock_set_timer(struct sock * sk,long timeout)173 static void sco_sock_set_timer(struct sock *sk, long timeout)
174 {
175 if (!sco_pi(sk)->conn)
176 return;
177
178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
181 }
182
sco_sock_clear_timer(struct sock * sk)183 static void sco_sock_clear_timer(struct sock *sk)
184 {
185 if (!sco_pi(sk)->conn)
186 return;
187
188 BT_DBG("sock %p state %d", sk, sk->sk_state);
189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
190 }
191
192 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
194 {
195 struct sco_conn *conn = hcon->sco_data;
196
197 conn = sco_conn_hold_unless_zero(conn);
198 if (conn) {
199 if (!conn->hcon) {
200 sco_conn_lock(conn);
201 conn->hcon = hcon;
202 sco_conn_unlock(conn);
203 }
204 return conn;
205 }
206
207 conn = kzalloc_obj(struct sco_conn);
208 if (!conn)
209 return NULL;
210
211 kref_init(&conn->ref);
212 spin_lock_init(&conn->lock);
213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
214
215 hcon->sco_data = conn;
216 conn->hcon = hcon;
217 conn->mtu = hcon->mtu;
218
219 if (hcon->mtu > 0)
220 conn->mtu = hcon->mtu;
221 else
222 conn->mtu = 60;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227 }
228
229 /* Delete channel.
230 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)231 static void sco_chan_del(struct sock *sk, int err)
232 {
233 struct sco_conn *conn;
234
235 conn = sco_pi(sk)->conn;
236 sco_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 sco_conn_lock(conn);
242 conn->sk = NULL;
243 sco_conn_unlock(conn);
244 sco_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249 sk->sk_state_change(sk);
250
251 sock_set_flag(sk, SOCK_ZAPPED);
252 }
253
sco_conn_del(struct hci_conn * hcon,int err)254 static void sco_conn_del(struct hci_conn *hcon, int err)
255 {
256 struct sco_conn *conn = hcon->sco_data;
257 struct sock *sk;
258
259 conn = sco_conn_hold_unless_zero(conn);
260 if (!conn)
261 return;
262
263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
264
265 sco_conn_lock(conn);
266 sk = sco_sock_hold(conn);
267 sco_conn_unlock(conn);
268 sco_conn_put(conn);
269
270 if (!sk) {
271 sco_conn_put(conn);
272 return;
273 }
274
275 /* Kill socket */
276 lock_sock(sk);
277 sco_sock_clear_timer(sk);
278 sco_chan_del(sk, err);
279 release_sock(sk);
280 sock_put(sk);
281 }
282
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
284 struct sock *parent)
285 {
286 BT_DBG("conn %p", conn);
287
288 sco_pi(sk)->conn = conn;
289 conn->sk = sk;
290
291 if (parent)
292 bt_accept_enqueue(parent, sk, true);
293 }
294
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
296 struct sock *parent)
297 {
298 int err = 0;
299
300 sco_conn_lock(conn);
301 if (conn->sk || sco_pi(sk)->conn)
302 err = -EBUSY;
303 else
304 __sco_chan_add(conn, sk, parent);
305
306 sco_conn_unlock(conn);
307 return err;
308 }
309
sco_connect(struct sock * sk)310 static int sco_connect(struct sock *sk)
311 {
312 struct sco_conn *conn;
313 struct hci_conn *hcon;
314 struct hci_dev *hdev;
315 int err, type;
316
317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
318
319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
320 if (!hdev)
321 return -EHOSTUNREACH;
322
323 hci_dev_lock(hdev);
324
325 if (lmp_esco_capable(hdev) && !disable_esco)
326 type = ESCO_LINK;
327 else
328 type = SCO_LINK;
329
330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
331 case SCO_AIRMODE_TRANSP:
332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) {
333 err = -EOPNOTSUPP;
334 goto unlock;
335 }
336 break;
337 }
338
339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
340 sco_pi(sk)->setting, &sco_pi(sk)->codec,
341 READ_ONCE(sk->sk_sndtimeo));
342 if (IS_ERR(hcon)) {
343 err = PTR_ERR(hcon);
344 goto unlock;
345 }
346
347 conn = sco_conn_add(hcon);
348 if (!conn) {
349 hci_conn_drop(hcon);
350 err = -ENOMEM;
351 goto unlock;
352 }
353
354 lock_sock(sk);
355
356 /* Recheck state after reacquiring the socket lock, as another
357 * thread may have changed it (e.g., closed the socket).
358 */
359 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
360 release_sock(sk);
361 hci_conn_drop(hcon);
362 err = -EBADFD;
363 goto unlock;
364 }
365
366 err = sco_chan_add(conn, sk, NULL);
367 if (err) {
368 release_sock(sk);
369 hci_conn_drop(hcon);
370 goto unlock;
371 }
372
373 /* Update source addr of the socket */
374 bacpy(&sco_pi(sk)->src, &hcon->src);
375
376 if (hcon->state == BT_CONNECTED) {
377 sco_sock_clear_timer(sk);
378 sk->sk_state = BT_CONNECTED;
379 } else {
380 sk->sk_state = BT_CONNECT;
381 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
382 }
383
384 release_sock(sk);
385
386 unlock:
387 hci_dev_unlock(hdev);
388 hci_dev_put(hdev);
389 return err;
390 }
391
sco_send_frame(struct sock * sk,struct sk_buff * skb,const struct sockcm_cookie * sockc)392 static int sco_send_frame(struct sock *sk, struct sk_buff *skb,
393 const struct sockcm_cookie *sockc)
394 {
395 struct sco_conn *conn = sco_pi(sk)->conn;
396 int len = skb->len;
397
398 /* Check outgoing MTU */
399 if (len > conn->mtu)
400 return -EINVAL;
401
402 BT_DBG("sk %p len %d", sk, len);
403
404 hci_setup_tx_timestamp(skb, 1, sockc);
405 hci_send_sco(conn->hcon, skb);
406
407 return len;
408 }
409
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)410 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
411 {
412 struct sock *sk;
413
414 sco_conn_lock(conn);
415 sk = sco_sock_hold(conn);
416 sco_conn_unlock(conn);
417
418 if (!sk)
419 goto drop;
420
421 BT_DBG("sk %p len %u", sk, skb->len);
422
423 if (sk->sk_state != BT_CONNECTED)
424 goto drop_put;
425
426 if (!sock_queue_rcv_skb(sk, skb)) {
427 sock_put(sk);
428 return;
429 }
430
431 drop_put:
432 sock_put(sk);
433 drop:
434 kfree_skb(skb);
435 }
436
437 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)438 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
439 {
440 struct sock *sk;
441
442 sk_for_each(sk, &sco_sk_list.head) {
443 if (sk->sk_state != BT_LISTEN)
444 continue;
445
446 if (!bacmp(&sco_pi(sk)->src, ba))
447 return sk;
448 }
449
450 return NULL;
451 }
452
453 /* Find socket listening on source bdaddr.
454 * Returns closest match.
455 */
sco_get_sock_listen(bdaddr_t * src)456 static struct sock *sco_get_sock_listen(bdaddr_t *src)
457 {
458 struct sock *sk = NULL, *sk1 = NULL;
459
460 read_lock(&sco_sk_list.lock);
461
462 sk_for_each(sk, &sco_sk_list.head) {
463 if (sk->sk_state != BT_LISTEN)
464 continue;
465
466 /* Exact match. */
467 if (!bacmp(&sco_pi(sk)->src, src))
468 break;
469
470 /* Closest match */
471 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
472 sk1 = sk;
473 }
474
475 read_unlock(&sco_sk_list.lock);
476
477 return sk ? sk : sk1;
478 }
479
sco_sock_destruct(struct sock * sk)480 static void sco_sock_destruct(struct sock *sk)
481 {
482 BT_DBG("sk %p", sk);
483
484 sco_conn_put(sco_pi(sk)->conn);
485
486 skb_queue_purge(&sk->sk_receive_queue);
487 skb_queue_purge(&sk->sk_write_queue);
488 skb_queue_purge(&sk->sk_error_queue);
489 }
490
sco_sock_cleanup_listen(struct sock * parent)491 static void sco_sock_cleanup_listen(struct sock *parent)
492 {
493 struct sock *sk;
494
495 BT_DBG("parent %p", parent);
496
497 /* Close not yet accepted channels */
498 while ((sk = bt_accept_dequeue(parent, NULL))) {
499 sco_sock_close(sk);
500 sco_sock_kill(sk);
501 }
502
503 parent->sk_state = BT_CLOSED;
504 sock_set_flag(parent, SOCK_ZAPPED);
505 }
506
507 /* Kill socket (only if zapped and orphan)
508 * Must be called on unlocked socket.
509 */
sco_sock_kill(struct sock * sk)510 static void sco_sock_kill(struct sock *sk)
511 {
512 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
513 return;
514
515 BT_DBG("sk %p state %d", sk, sk->sk_state);
516
517 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
518 if (sco_pi(sk)->conn) {
519 sco_conn_lock(sco_pi(sk)->conn);
520 sco_pi(sk)->conn->sk = NULL;
521 sco_conn_unlock(sco_pi(sk)->conn);
522 }
523
524 /* Kill poor orphan */
525 bt_sock_unlink(&sco_sk_list, sk);
526 sock_set_flag(sk, SOCK_DEAD);
527 sock_put(sk);
528 }
529
__sco_sock_close(struct sock * sk)530 static void __sco_sock_close(struct sock *sk)
531 {
532 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
533
534 switch (sk->sk_state) {
535 case BT_LISTEN:
536 sco_sock_cleanup_listen(sk);
537 break;
538
539 case BT_CONNECTED:
540 case BT_CONFIG:
541 case BT_CONNECT2:
542 case BT_CONNECT:
543 case BT_DISCONN:
544 sco_chan_del(sk, ECONNRESET);
545 break;
546
547 default:
548 sock_set_flag(sk, SOCK_ZAPPED);
549 break;
550 }
551
552 }
553
554 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)555 static void sco_sock_close(struct sock *sk)
556 {
557 lock_sock(sk);
558 sco_sock_clear_timer(sk);
559 __sco_sock_close(sk);
560 release_sock(sk);
561 }
562
sco_sock_init(struct sock * sk,struct sock * parent)563 static void sco_sock_init(struct sock *sk, struct sock *parent)
564 {
565 BT_DBG("sk %p", sk);
566
567 if (parent) {
568 sk->sk_type = parent->sk_type;
569 bt_sk(sk)->flags = bt_sk(parent)->flags;
570 security_sk_clone(parent, sk);
571 }
572 }
573
574 static struct proto sco_proto = {
575 .name = "SCO",
576 .owner = THIS_MODULE,
577 .obj_size = sizeof(struct sco_pinfo)
578 };
579
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)580 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
581 int proto, gfp_t prio, int kern)
582 {
583 struct sock *sk;
584
585 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
586 if (!sk)
587 return NULL;
588
589 sk->sk_destruct = sco_sock_destruct;
590 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
591
592 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
593 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
594 sco_pi(sk)->codec.cid = 0xffff;
595 sco_pi(sk)->codec.vid = 0xffff;
596 sco_pi(sk)->codec.data_path = 0x00;
597
598 bt_sock_link(&sco_sk_list, sk);
599 return sk;
600 }
601
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)602 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
603 int kern)
604 {
605 struct sock *sk;
606
607 BT_DBG("sock %p", sock);
608
609 sock->state = SS_UNCONNECTED;
610
611 if (sock->type != SOCK_SEQPACKET)
612 return -ESOCKTNOSUPPORT;
613
614 sock->ops = &sco_sock_ops;
615
616 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
617 if (!sk)
618 return -ENOMEM;
619
620 sco_sock_init(sk, NULL);
621 return 0;
622 }
623
sco_sock_bind(struct socket * sock,struct sockaddr_unsized * addr,int addr_len)624 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr,
625 int addr_len)
626 {
627 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
628 struct sock *sk = sock->sk;
629 int err = 0;
630
631 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
632 addr->sa_family != AF_BLUETOOTH)
633 return -EINVAL;
634
635 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
636
637 lock_sock(sk);
638
639 if (sk->sk_state != BT_OPEN) {
640 err = -EBADFD;
641 goto done;
642 }
643
644 if (sk->sk_type != SOCK_SEQPACKET) {
645 err = -EINVAL;
646 goto done;
647 }
648
649 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
650
651 sk->sk_state = BT_BOUND;
652
653 done:
654 release_sock(sk);
655 return err;
656 }
657
sco_sock_connect(struct socket * sock,struct sockaddr_unsized * addr,int alen,int flags)658 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags)
659 {
660 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
661 struct sock *sk = sock->sk;
662 int err;
663
664 BT_DBG("sk %p", sk);
665
666 if (alen < sizeof(struct sockaddr_sco) ||
667 addr->sa_family != AF_BLUETOOTH)
668 return -EINVAL;
669
670 lock_sock(sk);
671
672 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
673 release_sock(sk);
674 return -EBADFD;
675 }
676
677 if (sk->sk_type != SOCK_SEQPACKET) {
678 release_sock(sk);
679 return -EINVAL;
680 }
681
682 /* Set destination address and psm */
683 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
684 release_sock(sk);
685
686 err = sco_connect(sk);
687 if (err)
688 return err;
689
690 lock_sock(sk);
691
692 err = bt_sock_wait_state(sk, BT_CONNECTED,
693 sock_sndtimeo(sk, flags & O_NONBLOCK));
694
695 release_sock(sk);
696 return err;
697 }
698
sco_sock_listen(struct socket * sock,int backlog)699 static int sco_sock_listen(struct socket *sock, int backlog)
700 {
701 struct sock *sk = sock->sk;
702 bdaddr_t *src = &sco_pi(sk)->src;
703 int err = 0;
704
705 BT_DBG("sk %p backlog %d", sk, backlog);
706
707 lock_sock(sk);
708
709 if (sk->sk_state != BT_BOUND) {
710 err = -EBADFD;
711 goto done;
712 }
713
714 if (sk->sk_type != SOCK_SEQPACKET) {
715 err = -EINVAL;
716 goto done;
717 }
718
719 write_lock(&sco_sk_list.lock);
720
721 if (__sco_get_sock_listen_by_addr(src)) {
722 err = -EADDRINUSE;
723 goto unlock;
724 }
725
726 sk->sk_max_ack_backlog = backlog;
727 sk->sk_ack_backlog = 0;
728
729 sk->sk_state = BT_LISTEN;
730
731 unlock:
732 write_unlock(&sco_sk_list.lock);
733
734 done:
735 release_sock(sk);
736 return err;
737 }
738
sco_sock_accept(struct socket * sock,struct socket * newsock,struct proto_accept_arg * arg)739 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
740 struct proto_accept_arg *arg)
741 {
742 DEFINE_WAIT_FUNC(wait, woken_wake_function);
743 struct sock *sk = sock->sk, *ch;
744 long timeo;
745 int err = 0;
746
747 lock_sock(sk);
748
749 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
750
751 BT_DBG("sk %p timeo %ld", sk, timeo);
752
753 /* Wait for an incoming connection. (wake-one). */
754 add_wait_queue_exclusive(sk_sleep(sk), &wait);
755 while (1) {
756 if (sk->sk_state != BT_LISTEN) {
757 err = -EBADFD;
758 break;
759 }
760
761 ch = bt_accept_dequeue(sk, newsock);
762 if (ch)
763 break;
764
765 if (!timeo) {
766 err = -EAGAIN;
767 break;
768 }
769
770 if (signal_pending(current)) {
771 err = sock_intr_errno(timeo);
772 break;
773 }
774
775 release_sock(sk);
776
777 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
778 lock_sock(sk);
779 }
780 remove_wait_queue(sk_sleep(sk), &wait);
781
782 if (err)
783 goto done;
784
785 newsock->state = SS_CONNECTED;
786
787 BT_DBG("new socket %p", ch);
788
789 done:
790 release_sock(sk);
791 return err;
792 }
793
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)794 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
795 int peer)
796 {
797 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
798 struct sock *sk = sock->sk;
799
800 BT_DBG("sock %p, sk %p", sock, sk);
801
802 addr->sa_family = AF_BLUETOOTH;
803
804 if (peer)
805 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
806 else
807 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
808
809 return sizeof(struct sockaddr_sco);
810 }
811
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)812 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
813 size_t len)
814 {
815 struct sock *sk = sock->sk;
816 struct sk_buff *skb;
817 struct sockcm_cookie sockc;
818 int err;
819
820 BT_DBG("sock %p, sk %p", sock, sk);
821
822 err = sock_error(sk);
823 if (err)
824 return err;
825
826 if (msg->msg_flags & MSG_OOB)
827 return -EOPNOTSUPP;
828
829 hci_sockcm_init(&sockc, sk);
830
831 if (msg->msg_controllen) {
832 err = sock_cmsg_send(sk, msg, &sockc);
833 if (err)
834 return err;
835 }
836
837 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
838 if (IS_ERR(skb))
839 return PTR_ERR(skb);
840
841 lock_sock(sk);
842
843 if (sk->sk_state == BT_CONNECTED)
844 err = sco_send_frame(sk, skb, &sockc);
845 else
846 err = -ENOTCONN;
847
848 release_sock(sk);
849
850 if (err < 0)
851 kfree_skb(skb);
852 return err;
853 }
854
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)855 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
856 {
857 struct hci_dev *hdev = conn->hdev;
858
859 BT_DBG("conn %p", conn);
860
861 conn->state = BT_CONFIG;
862
863 if (!lmp_esco_capable(hdev)) {
864 struct hci_cp_accept_conn_req cp;
865
866 bacpy(&cp.bdaddr, &conn->dst);
867 cp.role = 0x00; /* Ignored */
868
869 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
870 } else {
871 struct hci_cp_accept_sync_conn_req cp;
872
873 bacpy(&cp.bdaddr, &conn->dst);
874 cp.pkt_type = cpu_to_le16(conn->pkt_type);
875
876 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
877 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
878 cp.content_format = cpu_to_le16(setting);
879
880 switch (setting & SCO_AIRMODE_MASK) {
881 case SCO_AIRMODE_TRANSP:
882 if (conn->pkt_type & ESCO_2EV3)
883 cp.max_latency = cpu_to_le16(0x0008);
884 else
885 cp.max_latency = cpu_to_le16(0x000D);
886 cp.retrans_effort = 0x02;
887 break;
888 case SCO_AIRMODE_CVSD:
889 cp.max_latency = cpu_to_le16(0xffff);
890 cp.retrans_effort = 0xff;
891 break;
892 default:
893 /* use CVSD settings as fallback */
894 cp.max_latency = cpu_to_le16(0xffff);
895 cp.retrans_effort = 0xff;
896 break;
897 }
898
899 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
900 sizeof(cp), &cp);
901 }
902 }
903
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)904 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
905 size_t len, int flags)
906 {
907 struct sock *sk = sock->sk;
908 struct sco_pinfo *pi = sco_pi(sk);
909
910 if (unlikely(flags & MSG_ERRQUEUE))
911 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
912 BT_SCM_ERROR);
913
914 lock_sock(sk);
915
916 if (sk->sk_state == BT_CONNECT2 &&
917 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
918 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
919 sk->sk_state = BT_CONFIG;
920
921 release_sock(sk);
922 return 0;
923 }
924
925 release_sock(sk);
926
927 return bt_sock_recvmsg(sock, msg, len, flags);
928 }
929
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)930 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
931 sockptr_t optval, unsigned int optlen)
932 {
933 struct sock *sk = sock->sk;
934 int err = 0;
935 struct bt_voice voice;
936 u32 opt;
937 struct bt_codecs *codecs;
938 struct hci_dev *hdev;
939 __u8 buffer[255];
940
941 BT_DBG("sk %p", sk);
942
943 lock_sock(sk);
944
945 switch (optname) {
946
947 case BT_DEFER_SETUP:
948 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
949 err = -EINVAL;
950 break;
951 }
952
953 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
954 if (err)
955 break;
956
957 if (opt)
958 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
959 else
960 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
961 break;
962
963 case BT_VOICE:
964 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
965 sk->sk_state != BT_CONNECT2) {
966 err = -EINVAL;
967 break;
968 }
969
970 voice.setting = sco_pi(sk)->setting;
971
972 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval,
973 optlen);
974 if (err)
975 break;
976
977 sco_pi(sk)->setting = voice.setting;
978 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
979 BDADDR_BREDR);
980 if (!hdev) {
981 err = -EBADFD;
982 break;
983 }
984
985 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
986 case SCO_AIRMODE_TRANSP:
987 if (enhanced_sync_conn_capable(hdev))
988 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
989 break;
990 }
991
992 hci_dev_put(hdev);
993 break;
994
995 case BT_PKT_STATUS:
996 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
997 if (err)
998 break;
999
1000 if (opt)
1001 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1002 else
1003 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1004 break;
1005
1006 case BT_CODEC:
1007 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1008 sk->sk_state != BT_CONNECT2) {
1009 err = -EINVAL;
1010 break;
1011 }
1012
1013 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
1014 BDADDR_BREDR);
1015 if (!hdev) {
1016 err = -EBADFD;
1017 break;
1018 }
1019
1020 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1021 hci_dev_put(hdev);
1022 err = -EOPNOTSUPP;
1023 break;
1024 }
1025
1026 if (!hdev->get_data_path_id) {
1027 hci_dev_put(hdev);
1028 err = -EOPNOTSUPP;
1029 break;
1030 }
1031
1032 if (optlen < sizeof(struct bt_codecs) ||
1033 optlen > sizeof(buffer)) {
1034 hci_dev_put(hdev);
1035 err = -EINVAL;
1036 break;
1037 }
1038
1039 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval,
1040 optlen);
1041 if (err) {
1042 hci_dev_put(hdev);
1043 break;
1044 }
1045
1046 codecs = (void *)buffer;
1047
1048 if (codecs->num_codecs != 1 ||
1049 optlen < struct_size(codecs, codecs, codecs->num_codecs)) {
1050 hci_dev_put(hdev);
1051 err = -EINVAL;
1052 break;
1053 }
1054
1055 sco_pi(sk)->codec = codecs->codecs[0];
1056 hci_dev_put(hdev);
1057 break;
1058
1059 default:
1060 err = -ENOPROTOOPT;
1061 break;
1062 }
1063
1064 release_sock(sk);
1065 return err;
1066 }
1067
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)1068 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1069 char __user *optval, int __user *optlen)
1070 {
1071 struct sock *sk = sock->sk;
1072 struct sco_options opts;
1073 struct sco_conninfo cinfo;
1074 int err = 0;
1075 size_t len;
1076
1077 BT_DBG("sk %p", sk);
1078
1079 if (get_user(len, optlen))
1080 return -EFAULT;
1081
1082 lock_sock(sk);
1083
1084 switch (optname) {
1085 case SCO_OPTIONS:
1086 if (sk->sk_state != BT_CONNECTED &&
1087 !(sk->sk_state == BT_CONNECT2 &&
1088 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1089 err = -ENOTCONN;
1090 break;
1091 }
1092
1093 opts.mtu = sco_pi(sk)->conn->mtu;
1094
1095 BT_DBG("mtu %u", opts.mtu);
1096
1097 len = min(len, sizeof(opts));
1098 if (copy_to_user(optval, (char *)&opts, len))
1099 err = -EFAULT;
1100
1101 break;
1102
1103 case SCO_CONNINFO:
1104 if (sk->sk_state != BT_CONNECTED &&
1105 !(sk->sk_state == BT_CONNECT2 &&
1106 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1107 err = -ENOTCONN;
1108 break;
1109 }
1110
1111 memset(&cinfo, 0, sizeof(cinfo));
1112 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1113 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1114
1115 len = min(len, sizeof(cinfo));
1116 if (copy_to_user(optval, (char *)&cinfo, len))
1117 err = -EFAULT;
1118
1119 break;
1120
1121 default:
1122 err = -ENOPROTOOPT;
1123 break;
1124 }
1125
1126 release_sock(sk);
1127 return err;
1128 }
1129
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1130 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1131 char __user *optval, int __user *optlen)
1132 {
1133 struct sock *sk = sock->sk;
1134 int len, err = 0;
1135 struct bt_voice voice;
1136 u32 phys;
1137 int buf_len;
1138 struct codec_list *c;
1139 u8 num_codecs, i, __user *ptr;
1140 struct hci_dev *hdev;
1141 struct hci_codec_caps *caps;
1142 struct bt_codec codec;
1143
1144 BT_DBG("sk %p", sk);
1145
1146 if (level == SOL_SCO)
1147 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1148
1149 if (get_user(len, optlen))
1150 return -EFAULT;
1151
1152 lock_sock(sk);
1153
1154 switch (optname) {
1155
1156 case BT_DEFER_SETUP:
1157 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1158 err = -EINVAL;
1159 break;
1160 }
1161
1162 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1163 (u32 __user *)optval))
1164 err = -EFAULT;
1165
1166 break;
1167
1168 case BT_VOICE:
1169 voice.setting = sco_pi(sk)->setting;
1170
1171 len = min_t(unsigned int, len, sizeof(voice));
1172 if (copy_to_user(optval, (char *)&voice, len))
1173 err = -EFAULT;
1174
1175 break;
1176
1177 case BT_PHY:
1178 if (sk->sk_state != BT_CONNECTED) {
1179 err = -ENOTCONN;
1180 break;
1181 }
1182
1183 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1184
1185 if (put_user(phys, (u32 __user *) optval))
1186 err = -EFAULT;
1187 break;
1188
1189 case BT_PKT_STATUS:
1190 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1191 (int __user *)optval))
1192 err = -EFAULT;
1193 break;
1194
1195 case BT_SNDMTU:
1196 case BT_RCVMTU:
1197 if (sk->sk_state != BT_CONNECTED) {
1198 err = -ENOTCONN;
1199 break;
1200 }
1201
1202 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1203 err = -EFAULT;
1204 break;
1205
1206 case BT_CODEC:
1207 num_codecs = 0;
1208 buf_len = 0;
1209
1210 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1211 if (!hdev) {
1212 err = -EBADFD;
1213 break;
1214 }
1215
1216 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1217 hci_dev_put(hdev);
1218 err = -EOPNOTSUPP;
1219 break;
1220 }
1221
1222 if (!hdev->get_data_path_id) {
1223 hci_dev_put(hdev);
1224 err = -EOPNOTSUPP;
1225 break;
1226 }
1227
1228 release_sock(sk);
1229
1230 /* find total buffer size required to copy codec + caps */
1231 hci_dev_lock(hdev);
1232 list_for_each_entry(c, &hdev->local_codecs, list) {
1233 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1234 continue;
1235 num_codecs++;
1236 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1237 buf_len += 1 + caps->len;
1238 caps = (void *)&caps->data[caps->len];
1239 }
1240 buf_len += sizeof(struct bt_codec);
1241 }
1242 hci_dev_unlock(hdev);
1243
1244 buf_len += sizeof(struct bt_codecs);
1245 if (buf_len > len) {
1246 hci_dev_put(hdev);
1247 return -ENOBUFS;
1248 }
1249 ptr = optval;
1250
1251 if (put_user(num_codecs, ptr)) {
1252 hci_dev_put(hdev);
1253 return -EFAULT;
1254 }
1255 ptr += sizeof(num_codecs);
1256
1257 /* Iterate all the codecs supported over SCO and populate
1258 * codec data
1259 */
1260 hci_dev_lock(hdev);
1261 list_for_each_entry(c, &hdev->local_codecs, list) {
1262 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1263 continue;
1264
1265 codec.id = c->id;
1266 codec.cid = c->cid;
1267 codec.vid = c->vid;
1268 err = hdev->get_data_path_id(hdev, &codec.data_path);
1269 if (err < 0)
1270 break;
1271 codec.num_caps = c->num_caps;
1272 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1273 err = -EFAULT;
1274 break;
1275 }
1276 ptr += sizeof(codec);
1277
1278 /* find codec capabilities data length */
1279 len = 0;
1280 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1281 len += 1 + caps->len;
1282 caps = (void *)&caps->data[caps->len];
1283 }
1284
1285 /* copy codec capabilities data */
1286 if (len && copy_to_user(ptr, c->caps, len)) {
1287 err = -EFAULT;
1288 break;
1289 }
1290 ptr += len;
1291 }
1292
1293 hci_dev_unlock(hdev);
1294 hci_dev_put(hdev);
1295
1296 lock_sock(sk);
1297
1298 if (!err && put_user(buf_len, optlen))
1299 err = -EFAULT;
1300
1301 break;
1302
1303 default:
1304 err = -ENOPROTOOPT;
1305 break;
1306 }
1307
1308 release_sock(sk);
1309 return err;
1310 }
1311
sco_sock_shutdown(struct socket * sock,int how)1312 static int sco_sock_shutdown(struct socket *sock, int how)
1313 {
1314 struct sock *sk = sock->sk;
1315 int err = 0;
1316
1317 BT_DBG("sock %p, sk %p", sock, sk);
1318
1319 if (!sk)
1320 return 0;
1321
1322 sock_hold(sk);
1323 lock_sock(sk);
1324
1325 if (!sk->sk_shutdown) {
1326 sk->sk_shutdown = SHUTDOWN_MASK;
1327 sco_sock_clear_timer(sk);
1328 __sco_sock_close(sk);
1329
1330 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1331 !(current->flags & PF_EXITING))
1332 err = bt_sock_wait_state(sk, BT_CLOSED,
1333 sk->sk_lingertime);
1334 }
1335
1336 release_sock(sk);
1337 sock_put(sk);
1338
1339 return err;
1340 }
1341
sco_sock_release(struct socket * sock)1342 static int sco_sock_release(struct socket *sock)
1343 {
1344 struct sock *sk = sock->sk;
1345 int err = 0;
1346
1347 BT_DBG("sock %p, sk %p", sock, sk);
1348
1349 if (!sk)
1350 return 0;
1351
1352 sco_sock_close(sk);
1353
1354 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1355 !(current->flags & PF_EXITING)) {
1356 lock_sock(sk);
1357 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1358 release_sock(sk);
1359 }
1360
1361 sock_orphan(sk);
1362 sco_sock_kill(sk);
1363 return err;
1364 }
1365
sco_conn_ready(struct sco_conn * conn)1366 static void sco_conn_ready(struct sco_conn *conn)
1367 {
1368 struct sock *parent;
1369 struct sock *sk = conn->sk;
1370
1371 BT_DBG("conn %p", conn);
1372
1373 if (sk) {
1374 lock_sock(sk);
1375 sco_sock_clear_timer(sk);
1376 sk->sk_state = BT_CONNECTED;
1377 sk->sk_state_change(sk);
1378 release_sock(sk);
1379 } else {
1380 sco_conn_lock(conn);
1381
1382 if (!conn->hcon) {
1383 sco_conn_unlock(conn);
1384 return;
1385 }
1386
1387 parent = sco_get_sock_listen(&conn->hcon->src);
1388 if (!parent) {
1389 sco_conn_unlock(conn);
1390 return;
1391 }
1392
1393 lock_sock(parent);
1394
1395 sk = sco_sock_alloc(sock_net(parent), NULL,
1396 BTPROTO_SCO, GFP_ATOMIC, 0);
1397 if (!sk) {
1398 release_sock(parent);
1399 sco_conn_unlock(conn);
1400 return;
1401 }
1402
1403 sco_sock_init(sk, parent);
1404
1405 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1406 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1407
1408 sco_conn_hold(conn);
1409 hci_conn_hold(conn->hcon);
1410 __sco_chan_add(conn, sk, parent);
1411
1412 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1413 sk->sk_state = BT_CONNECT2;
1414 else
1415 sk->sk_state = BT_CONNECTED;
1416
1417 /* Wake up parent */
1418 parent->sk_data_ready(parent);
1419
1420 release_sock(parent);
1421
1422 sco_conn_unlock(conn);
1423 }
1424 }
1425
1426 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1427 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1428 {
1429 struct sock *sk;
1430 int lm = 0;
1431
1432 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1433
1434 /* Find listening sockets */
1435 read_lock(&sco_sk_list.lock);
1436 sk_for_each(sk, &sco_sk_list.head) {
1437 if (sk->sk_state != BT_LISTEN)
1438 continue;
1439
1440 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1441 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1442 lm |= HCI_LM_ACCEPT;
1443
1444 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1445 *flags |= HCI_PROTO_DEFER;
1446 break;
1447 }
1448 }
1449 read_unlock(&sco_sk_list.lock);
1450
1451 return lm;
1452 }
1453
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1454 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1455 {
1456 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1457 return;
1458
1459 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1460
1461 if (!status) {
1462 struct sco_conn *conn;
1463
1464 conn = sco_conn_add(hcon);
1465 if (conn) {
1466 sco_conn_ready(conn);
1467 sco_conn_put(conn);
1468 }
1469 } else
1470 sco_conn_del(hcon, bt_to_errno(status));
1471 }
1472
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1473 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1474 {
1475 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1476 return;
1477
1478 BT_DBG("hcon %p reason %d", hcon, reason);
1479
1480 sco_conn_del(hcon, bt_to_errno(reason));
1481 }
1482
sco_recv_scodata(struct hci_dev * hdev,u16 handle,struct sk_buff * skb)1483 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb)
1484 {
1485 struct hci_conn *hcon;
1486 struct sco_conn *conn;
1487
1488 hci_dev_lock(hdev);
1489
1490 hcon = hci_conn_hash_lookup_handle(hdev, handle);
1491 if (!hcon) {
1492 hci_dev_unlock(hdev);
1493 kfree_skb(skb);
1494 return -ENOENT;
1495 }
1496
1497 conn = sco_conn_hold_unless_zero(hcon->sco_data);
1498 hcon = NULL;
1499
1500 hci_dev_unlock(hdev);
1501
1502 if (!conn) {
1503 kfree_skb(skb);
1504 return -EINVAL;
1505 }
1506
1507 BT_DBG("conn %p len %u", conn, skb->len);
1508
1509 if (skb->len)
1510 sco_recv_frame(conn, skb);
1511 else
1512 kfree_skb(skb);
1513
1514 sco_conn_put(conn);
1515 return 0;
1516 }
1517
1518 static struct hci_cb sco_cb = {
1519 .name = "SCO",
1520 .connect_cfm = sco_connect_cfm,
1521 .disconn_cfm = sco_disconn_cfm,
1522 };
1523
sco_debugfs_show(struct seq_file * f,void * p)1524 static int sco_debugfs_show(struct seq_file *f, void *p)
1525 {
1526 struct sock *sk;
1527
1528 read_lock(&sco_sk_list.lock);
1529
1530 sk_for_each(sk, &sco_sk_list.head) {
1531 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1532 &sco_pi(sk)->dst, sk->sk_state);
1533 }
1534
1535 read_unlock(&sco_sk_list.lock);
1536
1537 return 0;
1538 }
1539
1540 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1541
1542 static struct dentry *sco_debugfs;
1543
1544 static const struct proto_ops sco_sock_ops = {
1545 .family = PF_BLUETOOTH,
1546 .owner = THIS_MODULE,
1547 .release = sco_sock_release,
1548 .bind = sco_sock_bind,
1549 .connect = sco_sock_connect,
1550 .listen = sco_sock_listen,
1551 .accept = sco_sock_accept,
1552 .getname = sco_sock_getname,
1553 .sendmsg = sco_sock_sendmsg,
1554 .recvmsg = sco_sock_recvmsg,
1555 .poll = bt_sock_poll,
1556 .ioctl = bt_sock_ioctl,
1557 .gettstamp = sock_gettstamp,
1558 .mmap = sock_no_mmap,
1559 .socketpair = sock_no_socketpair,
1560 .shutdown = sco_sock_shutdown,
1561 .setsockopt = sco_sock_setsockopt,
1562 .getsockopt = sco_sock_getsockopt
1563 };
1564
1565 static const struct net_proto_family sco_sock_family_ops = {
1566 .family = PF_BLUETOOTH,
1567 .owner = THIS_MODULE,
1568 .create = sco_sock_create,
1569 };
1570
sco_init(void)1571 int __init sco_init(void)
1572 {
1573 int err;
1574
1575 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1576
1577 err = proto_register(&sco_proto, 0);
1578 if (err < 0)
1579 return err;
1580
1581 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1582 if (err < 0) {
1583 BT_ERR("SCO socket registration failed");
1584 goto error;
1585 }
1586
1587 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1588 if (err < 0) {
1589 BT_ERR("Failed to create SCO proc file");
1590 bt_sock_unregister(BTPROTO_SCO);
1591 goto error;
1592 }
1593
1594 BT_INFO("SCO socket layer initialized");
1595
1596 hci_register_cb(&sco_cb);
1597
1598 if (IS_ERR_OR_NULL(bt_debugfs))
1599 return 0;
1600
1601 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1602 NULL, &sco_debugfs_fops);
1603
1604 return 0;
1605
1606 error:
1607 proto_unregister(&sco_proto);
1608 return err;
1609 }
1610
sco_exit(void)1611 void sco_exit(void)
1612 {
1613 bt_procfs_cleanup(&init_net, "sco");
1614
1615 debugfs_remove(sco_debugfs);
1616
1617 hci_unregister_cb(&sco_cb);
1618
1619 bt_sock_unregister(BTPROTO_SCO);
1620
1621 proto_unregister(&sco_proto);
1622 }
1623
1624 module_param(disable_esco, bool, 0644);
1625 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1626