1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 struct kref ref;
55 };
56
57 #define sco_conn_lock(c) spin_lock(&c->lock)
58 #define sco_conn_unlock(c) spin_unlock(&c->lock)
59
60 static void sco_sock_close(struct sock *sk);
61 static void sco_sock_kill(struct sock *sk);
62
63 /* ----- SCO socket info ----- */
64 #define sco_pi(sk) ((struct sco_pinfo *) sk)
65
66 struct sco_pinfo {
67 struct bt_sock bt;
68 bdaddr_t src;
69 bdaddr_t dst;
70 __u32 flags;
71 __u16 setting;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74 };
75
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT (HZ * 40)
78 #define SCO_DISCONN_TIMEOUT (HZ * 2)
79
sco_conn_free(struct kref * ref)80 static void sco_conn_free(struct kref *ref)
81 {
82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83
84 BT_DBG("conn %p", conn);
85
86 if (conn->sk)
87 sco_pi(conn->sk)->conn = NULL;
88
89 if (conn->hcon) {
90 conn->hcon->sco_data = NULL;
91 hci_conn_drop(conn->hcon);
92 }
93
94 /* Ensure no more work items will run since hci_conn has been dropped */
95 disable_delayed_work_sync(&conn->timeout_work);
96
97 kfree(conn);
98 }
99
sco_conn_put(struct sco_conn * conn)100 static void sco_conn_put(struct sco_conn *conn)
101 {
102 if (!conn)
103 return;
104
105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106
107 kref_put(&conn->ref, sco_conn_free);
108 }
109
sco_conn_hold(struct sco_conn * conn)110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn)
111 {
112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
113
114 kref_get(&conn->ref);
115 return conn;
116 }
117
sco_conn_hold_unless_zero(struct sco_conn * conn)118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
119 {
120 if (!conn)
121 return NULL;
122
123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
124
125 if (!kref_get_unless_zero(&conn->ref))
126 return NULL;
127
128 return conn;
129 }
130
sco_sock_hold(struct sco_conn * conn)131 static struct sock *sco_sock_hold(struct sco_conn *conn)
132 {
133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
134 return NULL;
135
136 sock_hold(conn->sk);
137
138 return conn->sk;
139 }
140
sco_sock_timeout(struct work_struct * work)141 static void sco_sock_timeout(struct work_struct *work)
142 {
143 struct sco_conn *conn = container_of(work, struct sco_conn,
144 timeout_work.work);
145 struct sock *sk;
146
147 conn = sco_conn_hold_unless_zero(conn);
148 if (!conn)
149 return;
150
151 sco_conn_lock(conn);
152 if (!conn->hcon) {
153 sco_conn_unlock(conn);
154 sco_conn_put(conn);
155 return;
156 }
157 sk = sco_sock_hold(conn);
158 sco_conn_unlock(conn);
159 sco_conn_put(conn);
160
161 if (!sk)
162 return;
163
164 BT_DBG("sock %p state %d", sk, sk->sk_state);
165
166 lock_sock(sk);
167 sk->sk_err = ETIMEDOUT;
168 sk->sk_state_change(sk);
169 release_sock(sk);
170 sock_put(sk);
171 }
172
sco_sock_set_timer(struct sock * sk,long timeout)173 static void sco_sock_set_timer(struct sock *sk, long timeout)
174 {
175 if (!sco_pi(sk)->conn)
176 return;
177
178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
181 }
182
sco_sock_clear_timer(struct sock * sk)183 static void sco_sock_clear_timer(struct sock *sk)
184 {
185 if (!sco_pi(sk)->conn)
186 return;
187
188 BT_DBG("sock %p state %d", sk, sk->sk_state);
189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
190 }
191
192 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
194 {
195 struct sco_conn *conn = hcon->sco_data;
196
197 conn = sco_conn_hold_unless_zero(conn);
198 if (conn) {
199 if (!conn->hcon) {
200 sco_conn_lock(conn);
201 conn->hcon = hcon;
202 sco_conn_unlock(conn);
203 }
204 return conn;
205 }
206
207 conn = kzalloc_obj(struct sco_conn);
208 if (!conn)
209 return NULL;
210
211 kref_init(&conn->ref);
212 spin_lock_init(&conn->lock);
213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
214
215 hcon->sco_data = conn;
216 conn->hcon = hcon;
217 conn->mtu = hcon->mtu;
218
219 if (hcon->mtu > 0)
220 conn->mtu = hcon->mtu;
221 else
222 conn->mtu = 60;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227 }
228
229 /* Delete channel.
230 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)231 static void sco_chan_del(struct sock *sk, int err)
232 {
233 struct sco_conn *conn;
234
235 conn = sco_pi(sk)->conn;
236 sco_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 sco_conn_lock(conn);
242 conn->sk = NULL;
243 sco_conn_unlock(conn);
244 sco_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249 sk->sk_state_change(sk);
250
251 sock_set_flag(sk, SOCK_ZAPPED);
252 }
253
sco_conn_del(struct hci_conn * hcon,int err)254 static void sco_conn_del(struct hci_conn *hcon, int err)
255 {
256 struct sco_conn *conn = hcon->sco_data;
257 struct sock *sk;
258
259 conn = sco_conn_hold_unless_zero(conn);
260 if (!conn)
261 return;
262
263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
264
265 sco_conn_lock(conn);
266 sk = sco_sock_hold(conn);
267 sco_conn_unlock(conn);
268 sco_conn_put(conn);
269
270 if (!sk) {
271 sco_conn_put(conn);
272 return;
273 }
274
275 /* Kill socket */
276 lock_sock(sk);
277 sco_sock_clear_timer(sk);
278 sco_chan_del(sk, err);
279 release_sock(sk);
280 sock_put(sk);
281 }
282
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
284 struct sock *parent)
285 {
286 BT_DBG("conn %p", conn);
287
288 sco_pi(sk)->conn = conn;
289 conn->sk = sk;
290
291 if (parent)
292 bt_accept_enqueue(parent, sk, true);
293 }
294
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
296 struct sock *parent)
297 {
298 int err = 0;
299
300 sco_conn_lock(conn);
301 if (conn->sk)
302 err = -EBUSY;
303 else
304 __sco_chan_add(conn, sk, parent);
305
306 sco_conn_unlock(conn);
307 return err;
308 }
309
sco_connect(struct sock * sk)310 static int sco_connect(struct sock *sk)
311 {
312 struct sco_conn *conn;
313 struct hci_conn *hcon;
314 struct hci_dev *hdev;
315 int err, type;
316
317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
318
319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
320 if (!hdev)
321 return -EHOSTUNREACH;
322
323 hci_dev_lock(hdev);
324
325 if (lmp_esco_capable(hdev) && !disable_esco)
326 type = ESCO_LINK;
327 else
328 type = SCO_LINK;
329
330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
331 case SCO_AIRMODE_TRANSP:
332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) {
333 err = -EOPNOTSUPP;
334 goto unlock;
335 }
336 break;
337 }
338
339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
340 sco_pi(sk)->setting, &sco_pi(sk)->codec,
341 READ_ONCE(sk->sk_sndtimeo));
342 if (IS_ERR(hcon)) {
343 err = PTR_ERR(hcon);
344 goto unlock;
345 }
346
347 conn = sco_conn_add(hcon);
348 if (!conn) {
349 hci_conn_drop(hcon);
350 err = -ENOMEM;
351 goto unlock;
352 }
353
354 lock_sock(sk);
355
356 err = sco_chan_add(conn, sk, NULL);
357 if (err) {
358 release_sock(sk);
359 goto unlock;
360 }
361
362 /* Update source addr of the socket */
363 bacpy(&sco_pi(sk)->src, &hcon->src);
364
365 if (hcon->state == BT_CONNECTED) {
366 sco_sock_clear_timer(sk);
367 sk->sk_state = BT_CONNECTED;
368 } else {
369 sk->sk_state = BT_CONNECT;
370 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
371 }
372
373 release_sock(sk);
374
375 unlock:
376 hci_dev_unlock(hdev);
377 hci_dev_put(hdev);
378 return err;
379 }
380
sco_send_frame(struct sock * sk,struct sk_buff * skb,const struct sockcm_cookie * sockc)381 static int sco_send_frame(struct sock *sk, struct sk_buff *skb,
382 const struct sockcm_cookie *sockc)
383 {
384 struct sco_conn *conn = sco_pi(sk)->conn;
385 int len = skb->len;
386
387 /* Check outgoing MTU */
388 if (len > conn->mtu)
389 return -EINVAL;
390
391 BT_DBG("sk %p len %d", sk, len);
392
393 hci_setup_tx_timestamp(skb, 1, sockc);
394 hci_send_sco(conn->hcon, skb);
395
396 return len;
397 }
398
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)399 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
400 {
401 struct sock *sk;
402
403 sco_conn_lock(conn);
404 sk = conn->sk;
405 sco_conn_unlock(conn);
406
407 if (!sk)
408 goto drop;
409
410 BT_DBG("sk %p len %u", sk, skb->len);
411
412 if (sk->sk_state != BT_CONNECTED)
413 goto drop;
414
415 if (!sock_queue_rcv_skb(sk, skb))
416 return;
417
418 drop:
419 kfree_skb(skb);
420 }
421
422 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)423 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
424 {
425 struct sock *sk;
426
427 sk_for_each(sk, &sco_sk_list.head) {
428 if (sk->sk_state != BT_LISTEN)
429 continue;
430
431 if (!bacmp(&sco_pi(sk)->src, ba))
432 return sk;
433 }
434
435 return NULL;
436 }
437
438 /* Find socket listening on source bdaddr.
439 * Returns closest match.
440 */
sco_get_sock_listen(bdaddr_t * src)441 static struct sock *sco_get_sock_listen(bdaddr_t *src)
442 {
443 struct sock *sk = NULL, *sk1 = NULL;
444
445 read_lock(&sco_sk_list.lock);
446
447 sk_for_each(sk, &sco_sk_list.head) {
448 if (sk->sk_state != BT_LISTEN)
449 continue;
450
451 /* Exact match. */
452 if (!bacmp(&sco_pi(sk)->src, src))
453 break;
454
455 /* Closest match */
456 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
457 sk1 = sk;
458 }
459
460 read_unlock(&sco_sk_list.lock);
461
462 return sk ? sk : sk1;
463 }
464
sco_sock_destruct(struct sock * sk)465 static void sco_sock_destruct(struct sock *sk)
466 {
467 BT_DBG("sk %p", sk);
468
469 sco_conn_put(sco_pi(sk)->conn);
470
471 skb_queue_purge(&sk->sk_receive_queue);
472 skb_queue_purge(&sk->sk_write_queue);
473 skb_queue_purge(&sk->sk_error_queue);
474 }
475
sco_sock_cleanup_listen(struct sock * parent)476 static void sco_sock_cleanup_listen(struct sock *parent)
477 {
478 struct sock *sk;
479
480 BT_DBG("parent %p", parent);
481
482 /* Close not yet accepted channels */
483 while ((sk = bt_accept_dequeue(parent, NULL))) {
484 sco_sock_close(sk);
485 sco_sock_kill(sk);
486 }
487
488 parent->sk_state = BT_CLOSED;
489 sock_set_flag(parent, SOCK_ZAPPED);
490 }
491
492 /* Kill socket (only if zapped and orphan)
493 * Must be called on unlocked socket.
494 */
sco_sock_kill(struct sock * sk)495 static void sco_sock_kill(struct sock *sk)
496 {
497 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
498 return;
499
500 BT_DBG("sk %p state %d", sk, sk->sk_state);
501
502 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
503 if (sco_pi(sk)->conn) {
504 sco_conn_lock(sco_pi(sk)->conn);
505 sco_pi(sk)->conn->sk = NULL;
506 sco_conn_unlock(sco_pi(sk)->conn);
507 }
508
509 /* Kill poor orphan */
510 bt_sock_unlink(&sco_sk_list, sk);
511 sock_set_flag(sk, SOCK_DEAD);
512 sock_put(sk);
513 }
514
__sco_sock_close(struct sock * sk)515 static void __sco_sock_close(struct sock *sk)
516 {
517 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
518
519 switch (sk->sk_state) {
520 case BT_LISTEN:
521 sco_sock_cleanup_listen(sk);
522 break;
523
524 case BT_CONNECTED:
525 case BT_CONFIG:
526 case BT_CONNECT2:
527 case BT_CONNECT:
528 case BT_DISCONN:
529 sco_chan_del(sk, ECONNRESET);
530 break;
531
532 default:
533 sock_set_flag(sk, SOCK_ZAPPED);
534 break;
535 }
536
537 }
538
539 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)540 static void sco_sock_close(struct sock *sk)
541 {
542 lock_sock(sk);
543 sco_sock_clear_timer(sk);
544 __sco_sock_close(sk);
545 release_sock(sk);
546 }
547
sco_sock_init(struct sock * sk,struct sock * parent)548 static void sco_sock_init(struct sock *sk, struct sock *parent)
549 {
550 BT_DBG("sk %p", sk);
551
552 if (parent) {
553 sk->sk_type = parent->sk_type;
554 bt_sk(sk)->flags = bt_sk(parent)->flags;
555 security_sk_clone(parent, sk);
556 }
557 }
558
559 static struct proto sco_proto = {
560 .name = "SCO",
561 .owner = THIS_MODULE,
562 .obj_size = sizeof(struct sco_pinfo)
563 };
564
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)565 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
566 int proto, gfp_t prio, int kern)
567 {
568 struct sock *sk;
569
570 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
571 if (!sk)
572 return NULL;
573
574 sk->sk_destruct = sco_sock_destruct;
575 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
576
577 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
578 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
579 sco_pi(sk)->codec.cid = 0xffff;
580 sco_pi(sk)->codec.vid = 0xffff;
581 sco_pi(sk)->codec.data_path = 0x00;
582
583 bt_sock_link(&sco_sk_list, sk);
584 return sk;
585 }
586
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)587 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
588 int kern)
589 {
590 struct sock *sk;
591
592 BT_DBG("sock %p", sock);
593
594 sock->state = SS_UNCONNECTED;
595
596 if (sock->type != SOCK_SEQPACKET)
597 return -ESOCKTNOSUPPORT;
598
599 sock->ops = &sco_sock_ops;
600
601 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
602 if (!sk)
603 return -ENOMEM;
604
605 sco_sock_init(sk, NULL);
606 return 0;
607 }
608
sco_sock_bind(struct socket * sock,struct sockaddr_unsized * addr,int addr_len)609 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr,
610 int addr_len)
611 {
612 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
613 struct sock *sk = sock->sk;
614 int err = 0;
615
616 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
617 addr->sa_family != AF_BLUETOOTH)
618 return -EINVAL;
619
620 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
621
622 lock_sock(sk);
623
624 if (sk->sk_state != BT_OPEN) {
625 err = -EBADFD;
626 goto done;
627 }
628
629 if (sk->sk_type != SOCK_SEQPACKET) {
630 err = -EINVAL;
631 goto done;
632 }
633
634 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
635
636 sk->sk_state = BT_BOUND;
637
638 done:
639 release_sock(sk);
640 return err;
641 }
642
sco_sock_connect(struct socket * sock,struct sockaddr_unsized * addr,int alen,int flags)643 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags)
644 {
645 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
646 struct sock *sk = sock->sk;
647 int err;
648
649 BT_DBG("sk %p", sk);
650
651 if (alen < sizeof(struct sockaddr_sco) ||
652 addr->sa_family != AF_BLUETOOTH)
653 return -EINVAL;
654
655 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
656 return -EBADFD;
657
658 if (sk->sk_type != SOCK_SEQPACKET)
659 err = -EINVAL;
660
661 lock_sock(sk);
662 /* Set destination address and psm */
663 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
664 release_sock(sk);
665
666 err = sco_connect(sk);
667 if (err)
668 return err;
669
670 lock_sock(sk);
671
672 err = bt_sock_wait_state(sk, BT_CONNECTED,
673 sock_sndtimeo(sk, flags & O_NONBLOCK));
674
675 release_sock(sk);
676 return err;
677 }
678
sco_sock_listen(struct socket * sock,int backlog)679 static int sco_sock_listen(struct socket *sock, int backlog)
680 {
681 struct sock *sk = sock->sk;
682 bdaddr_t *src = &sco_pi(sk)->src;
683 int err = 0;
684
685 BT_DBG("sk %p backlog %d", sk, backlog);
686
687 lock_sock(sk);
688
689 if (sk->sk_state != BT_BOUND) {
690 err = -EBADFD;
691 goto done;
692 }
693
694 if (sk->sk_type != SOCK_SEQPACKET) {
695 err = -EINVAL;
696 goto done;
697 }
698
699 write_lock(&sco_sk_list.lock);
700
701 if (__sco_get_sock_listen_by_addr(src)) {
702 err = -EADDRINUSE;
703 goto unlock;
704 }
705
706 sk->sk_max_ack_backlog = backlog;
707 sk->sk_ack_backlog = 0;
708
709 sk->sk_state = BT_LISTEN;
710
711 unlock:
712 write_unlock(&sco_sk_list.lock);
713
714 done:
715 release_sock(sk);
716 return err;
717 }
718
sco_sock_accept(struct socket * sock,struct socket * newsock,struct proto_accept_arg * arg)719 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
720 struct proto_accept_arg *arg)
721 {
722 DEFINE_WAIT_FUNC(wait, woken_wake_function);
723 struct sock *sk = sock->sk, *ch;
724 long timeo;
725 int err = 0;
726
727 lock_sock(sk);
728
729 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
730
731 BT_DBG("sk %p timeo %ld", sk, timeo);
732
733 /* Wait for an incoming connection. (wake-one). */
734 add_wait_queue_exclusive(sk_sleep(sk), &wait);
735 while (1) {
736 if (sk->sk_state != BT_LISTEN) {
737 err = -EBADFD;
738 break;
739 }
740
741 ch = bt_accept_dequeue(sk, newsock);
742 if (ch)
743 break;
744
745 if (!timeo) {
746 err = -EAGAIN;
747 break;
748 }
749
750 if (signal_pending(current)) {
751 err = sock_intr_errno(timeo);
752 break;
753 }
754
755 release_sock(sk);
756
757 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
758 lock_sock(sk);
759 }
760 remove_wait_queue(sk_sleep(sk), &wait);
761
762 if (err)
763 goto done;
764
765 newsock->state = SS_CONNECTED;
766
767 BT_DBG("new socket %p", ch);
768
769 done:
770 release_sock(sk);
771 return err;
772 }
773
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)774 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
775 int peer)
776 {
777 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
778 struct sock *sk = sock->sk;
779
780 BT_DBG("sock %p, sk %p", sock, sk);
781
782 addr->sa_family = AF_BLUETOOTH;
783
784 if (peer)
785 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
786 else
787 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
788
789 return sizeof(struct sockaddr_sco);
790 }
791
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)792 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
793 size_t len)
794 {
795 struct sock *sk = sock->sk;
796 struct sk_buff *skb;
797 struct sockcm_cookie sockc;
798 int err;
799
800 BT_DBG("sock %p, sk %p", sock, sk);
801
802 err = sock_error(sk);
803 if (err)
804 return err;
805
806 if (msg->msg_flags & MSG_OOB)
807 return -EOPNOTSUPP;
808
809 hci_sockcm_init(&sockc, sk);
810
811 if (msg->msg_controllen) {
812 err = sock_cmsg_send(sk, msg, &sockc);
813 if (err)
814 return err;
815 }
816
817 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
818 if (IS_ERR(skb))
819 return PTR_ERR(skb);
820
821 lock_sock(sk);
822
823 if (sk->sk_state == BT_CONNECTED)
824 err = sco_send_frame(sk, skb, &sockc);
825 else
826 err = -ENOTCONN;
827
828 release_sock(sk);
829
830 if (err < 0)
831 kfree_skb(skb);
832 return err;
833 }
834
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)835 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
836 {
837 struct hci_dev *hdev = conn->hdev;
838
839 BT_DBG("conn %p", conn);
840
841 conn->state = BT_CONFIG;
842
843 if (!lmp_esco_capable(hdev)) {
844 struct hci_cp_accept_conn_req cp;
845
846 bacpy(&cp.bdaddr, &conn->dst);
847 cp.role = 0x00; /* Ignored */
848
849 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
850 } else {
851 struct hci_cp_accept_sync_conn_req cp;
852
853 bacpy(&cp.bdaddr, &conn->dst);
854 cp.pkt_type = cpu_to_le16(conn->pkt_type);
855
856 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
857 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
858 cp.content_format = cpu_to_le16(setting);
859
860 switch (setting & SCO_AIRMODE_MASK) {
861 case SCO_AIRMODE_TRANSP:
862 if (conn->pkt_type & ESCO_2EV3)
863 cp.max_latency = cpu_to_le16(0x0008);
864 else
865 cp.max_latency = cpu_to_le16(0x000D);
866 cp.retrans_effort = 0x02;
867 break;
868 case SCO_AIRMODE_CVSD:
869 cp.max_latency = cpu_to_le16(0xffff);
870 cp.retrans_effort = 0xff;
871 break;
872 default:
873 /* use CVSD settings as fallback */
874 cp.max_latency = cpu_to_le16(0xffff);
875 cp.retrans_effort = 0xff;
876 break;
877 }
878
879 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
880 sizeof(cp), &cp);
881 }
882 }
883
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)884 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
885 size_t len, int flags)
886 {
887 struct sock *sk = sock->sk;
888 struct sco_pinfo *pi = sco_pi(sk);
889
890 if (unlikely(flags & MSG_ERRQUEUE))
891 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
892 BT_SCM_ERROR);
893
894 lock_sock(sk);
895
896 if (sk->sk_state == BT_CONNECT2 &&
897 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
898 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
899 sk->sk_state = BT_CONFIG;
900
901 release_sock(sk);
902 return 0;
903 }
904
905 release_sock(sk);
906
907 return bt_sock_recvmsg(sock, msg, len, flags);
908 }
909
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)910 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
911 sockptr_t optval, unsigned int optlen)
912 {
913 struct sock *sk = sock->sk;
914 int err = 0;
915 struct bt_voice voice;
916 u32 opt;
917 struct bt_codecs *codecs;
918 struct hci_dev *hdev;
919 __u8 buffer[255];
920
921 BT_DBG("sk %p", sk);
922
923 lock_sock(sk);
924
925 switch (optname) {
926
927 case BT_DEFER_SETUP:
928 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
929 err = -EINVAL;
930 break;
931 }
932
933 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
934 if (err)
935 break;
936
937 if (opt)
938 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
939 else
940 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
941 break;
942
943 case BT_VOICE:
944 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
945 sk->sk_state != BT_CONNECT2) {
946 err = -EINVAL;
947 break;
948 }
949
950 voice.setting = sco_pi(sk)->setting;
951
952 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval,
953 optlen);
954 if (err)
955 break;
956
957 sco_pi(sk)->setting = voice.setting;
958 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
959 BDADDR_BREDR);
960 if (!hdev) {
961 err = -EBADFD;
962 break;
963 }
964
965 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
966 case SCO_AIRMODE_TRANSP:
967 if (enhanced_sync_conn_capable(hdev))
968 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
969 break;
970 }
971
972 hci_dev_put(hdev);
973 break;
974
975 case BT_PKT_STATUS:
976 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
977 if (err)
978 break;
979
980 if (opt)
981 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
982 else
983 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
984 break;
985
986 case BT_CODEC:
987 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
988 sk->sk_state != BT_CONNECT2) {
989 err = -EINVAL;
990 break;
991 }
992
993 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
994 BDADDR_BREDR);
995 if (!hdev) {
996 err = -EBADFD;
997 break;
998 }
999
1000 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1001 hci_dev_put(hdev);
1002 err = -EOPNOTSUPP;
1003 break;
1004 }
1005
1006 if (!hdev->get_data_path_id) {
1007 hci_dev_put(hdev);
1008 err = -EOPNOTSUPP;
1009 break;
1010 }
1011
1012 if (optlen < sizeof(struct bt_codecs) ||
1013 optlen > sizeof(buffer)) {
1014 hci_dev_put(hdev);
1015 err = -EINVAL;
1016 break;
1017 }
1018
1019 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval,
1020 optlen);
1021 if (err) {
1022 hci_dev_put(hdev);
1023 break;
1024 }
1025
1026 codecs = (void *)buffer;
1027
1028 if (codecs->num_codecs > 1) {
1029 hci_dev_put(hdev);
1030 err = -EINVAL;
1031 break;
1032 }
1033
1034 sco_pi(sk)->codec = codecs->codecs[0];
1035 hci_dev_put(hdev);
1036 break;
1037
1038 default:
1039 err = -ENOPROTOOPT;
1040 break;
1041 }
1042
1043 release_sock(sk);
1044 return err;
1045 }
1046
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)1047 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1048 char __user *optval, int __user *optlen)
1049 {
1050 struct sock *sk = sock->sk;
1051 struct sco_options opts;
1052 struct sco_conninfo cinfo;
1053 int err = 0;
1054 size_t len;
1055
1056 BT_DBG("sk %p", sk);
1057
1058 if (get_user(len, optlen))
1059 return -EFAULT;
1060
1061 lock_sock(sk);
1062
1063 switch (optname) {
1064 case SCO_OPTIONS:
1065 if (sk->sk_state != BT_CONNECTED &&
1066 !(sk->sk_state == BT_CONNECT2 &&
1067 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1068 err = -ENOTCONN;
1069 break;
1070 }
1071
1072 opts.mtu = sco_pi(sk)->conn->mtu;
1073
1074 BT_DBG("mtu %u", opts.mtu);
1075
1076 len = min(len, sizeof(opts));
1077 if (copy_to_user(optval, (char *)&opts, len))
1078 err = -EFAULT;
1079
1080 break;
1081
1082 case SCO_CONNINFO:
1083 if (sk->sk_state != BT_CONNECTED &&
1084 !(sk->sk_state == BT_CONNECT2 &&
1085 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1086 err = -ENOTCONN;
1087 break;
1088 }
1089
1090 memset(&cinfo, 0, sizeof(cinfo));
1091 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1092 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1093
1094 len = min(len, sizeof(cinfo));
1095 if (copy_to_user(optval, (char *)&cinfo, len))
1096 err = -EFAULT;
1097
1098 break;
1099
1100 default:
1101 err = -ENOPROTOOPT;
1102 break;
1103 }
1104
1105 release_sock(sk);
1106 return err;
1107 }
1108
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1109 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1110 char __user *optval, int __user *optlen)
1111 {
1112 struct sock *sk = sock->sk;
1113 int len, err = 0;
1114 struct bt_voice voice;
1115 u32 phys;
1116 int buf_len;
1117 struct codec_list *c;
1118 u8 num_codecs, i, __user *ptr;
1119 struct hci_dev *hdev;
1120 struct hci_codec_caps *caps;
1121 struct bt_codec codec;
1122
1123 BT_DBG("sk %p", sk);
1124
1125 if (level == SOL_SCO)
1126 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1127
1128 if (get_user(len, optlen))
1129 return -EFAULT;
1130
1131 lock_sock(sk);
1132
1133 switch (optname) {
1134
1135 case BT_DEFER_SETUP:
1136 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1137 err = -EINVAL;
1138 break;
1139 }
1140
1141 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1142 (u32 __user *)optval))
1143 err = -EFAULT;
1144
1145 break;
1146
1147 case BT_VOICE:
1148 voice.setting = sco_pi(sk)->setting;
1149
1150 len = min_t(unsigned int, len, sizeof(voice));
1151 if (copy_to_user(optval, (char *)&voice, len))
1152 err = -EFAULT;
1153
1154 break;
1155
1156 case BT_PHY:
1157 if (sk->sk_state != BT_CONNECTED) {
1158 err = -ENOTCONN;
1159 break;
1160 }
1161
1162 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1163
1164 if (put_user(phys, (u32 __user *) optval))
1165 err = -EFAULT;
1166 break;
1167
1168 case BT_PKT_STATUS:
1169 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1170 (int __user *)optval))
1171 err = -EFAULT;
1172 break;
1173
1174 case BT_SNDMTU:
1175 case BT_RCVMTU:
1176 if (sk->sk_state != BT_CONNECTED) {
1177 err = -ENOTCONN;
1178 break;
1179 }
1180
1181 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1182 err = -EFAULT;
1183 break;
1184
1185 case BT_CODEC:
1186 num_codecs = 0;
1187 buf_len = 0;
1188
1189 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1190 if (!hdev) {
1191 err = -EBADFD;
1192 break;
1193 }
1194
1195 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1196 hci_dev_put(hdev);
1197 err = -EOPNOTSUPP;
1198 break;
1199 }
1200
1201 if (!hdev->get_data_path_id) {
1202 hci_dev_put(hdev);
1203 err = -EOPNOTSUPP;
1204 break;
1205 }
1206
1207 release_sock(sk);
1208
1209 /* find total buffer size required to copy codec + caps */
1210 hci_dev_lock(hdev);
1211 list_for_each_entry(c, &hdev->local_codecs, list) {
1212 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1213 continue;
1214 num_codecs++;
1215 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1216 buf_len += 1 + caps->len;
1217 caps = (void *)&caps->data[caps->len];
1218 }
1219 buf_len += sizeof(struct bt_codec);
1220 }
1221 hci_dev_unlock(hdev);
1222
1223 buf_len += sizeof(struct bt_codecs);
1224 if (buf_len > len) {
1225 hci_dev_put(hdev);
1226 return -ENOBUFS;
1227 }
1228 ptr = optval;
1229
1230 if (put_user(num_codecs, ptr)) {
1231 hci_dev_put(hdev);
1232 return -EFAULT;
1233 }
1234 ptr += sizeof(num_codecs);
1235
1236 /* Iterate all the codecs supported over SCO and populate
1237 * codec data
1238 */
1239 hci_dev_lock(hdev);
1240 list_for_each_entry(c, &hdev->local_codecs, list) {
1241 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1242 continue;
1243
1244 codec.id = c->id;
1245 codec.cid = c->cid;
1246 codec.vid = c->vid;
1247 err = hdev->get_data_path_id(hdev, &codec.data_path);
1248 if (err < 0)
1249 break;
1250 codec.num_caps = c->num_caps;
1251 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1252 err = -EFAULT;
1253 break;
1254 }
1255 ptr += sizeof(codec);
1256
1257 /* find codec capabilities data length */
1258 len = 0;
1259 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1260 len += 1 + caps->len;
1261 caps = (void *)&caps->data[caps->len];
1262 }
1263
1264 /* copy codec capabilities data */
1265 if (len && copy_to_user(ptr, c->caps, len)) {
1266 err = -EFAULT;
1267 break;
1268 }
1269 ptr += len;
1270 }
1271
1272 hci_dev_unlock(hdev);
1273 hci_dev_put(hdev);
1274
1275 lock_sock(sk);
1276
1277 if (!err && put_user(buf_len, optlen))
1278 err = -EFAULT;
1279
1280 break;
1281
1282 default:
1283 err = -ENOPROTOOPT;
1284 break;
1285 }
1286
1287 release_sock(sk);
1288 return err;
1289 }
1290
sco_sock_shutdown(struct socket * sock,int how)1291 static int sco_sock_shutdown(struct socket *sock, int how)
1292 {
1293 struct sock *sk = sock->sk;
1294 int err = 0;
1295
1296 BT_DBG("sock %p, sk %p", sock, sk);
1297
1298 if (!sk)
1299 return 0;
1300
1301 sock_hold(sk);
1302 lock_sock(sk);
1303
1304 if (!sk->sk_shutdown) {
1305 sk->sk_shutdown = SHUTDOWN_MASK;
1306 sco_sock_clear_timer(sk);
1307 __sco_sock_close(sk);
1308
1309 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1310 !(current->flags & PF_EXITING))
1311 err = bt_sock_wait_state(sk, BT_CLOSED,
1312 sk->sk_lingertime);
1313 }
1314
1315 release_sock(sk);
1316 sock_put(sk);
1317
1318 return err;
1319 }
1320
sco_sock_release(struct socket * sock)1321 static int sco_sock_release(struct socket *sock)
1322 {
1323 struct sock *sk = sock->sk;
1324 int err = 0;
1325
1326 BT_DBG("sock %p, sk %p", sock, sk);
1327
1328 if (!sk)
1329 return 0;
1330
1331 sco_sock_close(sk);
1332
1333 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1334 !(current->flags & PF_EXITING)) {
1335 lock_sock(sk);
1336 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1337 release_sock(sk);
1338 }
1339
1340 sock_orphan(sk);
1341 sco_sock_kill(sk);
1342 return err;
1343 }
1344
sco_conn_ready(struct sco_conn * conn)1345 static void sco_conn_ready(struct sco_conn *conn)
1346 {
1347 struct sock *parent;
1348 struct sock *sk = conn->sk;
1349
1350 BT_DBG("conn %p", conn);
1351
1352 if (sk) {
1353 lock_sock(sk);
1354 sco_sock_clear_timer(sk);
1355 sk->sk_state = BT_CONNECTED;
1356 sk->sk_state_change(sk);
1357 release_sock(sk);
1358 } else {
1359 sco_conn_lock(conn);
1360
1361 if (!conn->hcon) {
1362 sco_conn_unlock(conn);
1363 return;
1364 }
1365
1366 parent = sco_get_sock_listen(&conn->hcon->src);
1367 if (!parent) {
1368 sco_conn_unlock(conn);
1369 return;
1370 }
1371
1372 lock_sock(parent);
1373
1374 sk = sco_sock_alloc(sock_net(parent), NULL,
1375 BTPROTO_SCO, GFP_ATOMIC, 0);
1376 if (!sk) {
1377 release_sock(parent);
1378 sco_conn_unlock(conn);
1379 return;
1380 }
1381
1382 sco_sock_init(sk, parent);
1383
1384 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1385 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1386
1387 sco_conn_hold(conn);
1388 hci_conn_hold(conn->hcon);
1389 __sco_chan_add(conn, sk, parent);
1390
1391 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1392 sk->sk_state = BT_CONNECT2;
1393 else
1394 sk->sk_state = BT_CONNECTED;
1395
1396 /* Wake up parent */
1397 parent->sk_data_ready(parent);
1398
1399 release_sock(parent);
1400
1401 sco_conn_unlock(conn);
1402 }
1403 }
1404
1405 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1406 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1407 {
1408 struct sock *sk;
1409 int lm = 0;
1410
1411 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1412
1413 /* Find listening sockets */
1414 read_lock(&sco_sk_list.lock);
1415 sk_for_each(sk, &sco_sk_list.head) {
1416 if (sk->sk_state != BT_LISTEN)
1417 continue;
1418
1419 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1420 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1421 lm |= HCI_LM_ACCEPT;
1422
1423 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1424 *flags |= HCI_PROTO_DEFER;
1425 break;
1426 }
1427 }
1428 read_unlock(&sco_sk_list.lock);
1429
1430 return lm;
1431 }
1432
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1433 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1434 {
1435 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1436 return;
1437
1438 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1439
1440 if (!status) {
1441 struct sco_conn *conn;
1442
1443 conn = sco_conn_add(hcon);
1444 if (conn) {
1445 sco_conn_ready(conn);
1446 sco_conn_put(conn);
1447 }
1448 } else
1449 sco_conn_del(hcon, bt_to_errno(status));
1450 }
1451
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1452 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1453 {
1454 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1455 return;
1456
1457 BT_DBG("hcon %p reason %d", hcon, reason);
1458
1459 sco_conn_del(hcon, bt_to_errno(reason));
1460 }
1461
sco_recv_scodata(struct hci_dev * hdev,u16 handle,struct sk_buff * skb)1462 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb)
1463 {
1464 struct hci_conn *hcon;
1465 struct sco_conn *conn;
1466
1467 hci_dev_lock(hdev);
1468
1469 hcon = hci_conn_hash_lookup_handle(hdev, handle);
1470 if (!hcon) {
1471 hci_dev_unlock(hdev);
1472 kfree_skb(skb);
1473 return -ENOENT;
1474 }
1475
1476 conn = sco_conn_hold_unless_zero(hcon->sco_data);
1477 hcon = NULL;
1478
1479 hci_dev_unlock(hdev);
1480
1481 if (!conn) {
1482 kfree_skb(skb);
1483 return -EINVAL;
1484 }
1485
1486 BT_DBG("conn %p len %u", conn, skb->len);
1487
1488 if (skb->len)
1489 sco_recv_frame(conn, skb);
1490 else
1491 kfree_skb(skb);
1492
1493 sco_conn_put(conn);
1494 return 0;
1495 }
1496
1497 static struct hci_cb sco_cb = {
1498 .name = "SCO",
1499 .connect_cfm = sco_connect_cfm,
1500 .disconn_cfm = sco_disconn_cfm,
1501 };
1502
sco_debugfs_show(struct seq_file * f,void * p)1503 static int sco_debugfs_show(struct seq_file *f, void *p)
1504 {
1505 struct sock *sk;
1506
1507 read_lock(&sco_sk_list.lock);
1508
1509 sk_for_each(sk, &sco_sk_list.head) {
1510 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1511 &sco_pi(sk)->dst, sk->sk_state);
1512 }
1513
1514 read_unlock(&sco_sk_list.lock);
1515
1516 return 0;
1517 }
1518
1519 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1520
1521 static struct dentry *sco_debugfs;
1522
1523 static const struct proto_ops sco_sock_ops = {
1524 .family = PF_BLUETOOTH,
1525 .owner = THIS_MODULE,
1526 .release = sco_sock_release,
1527 .bind = sco_sock_bind,
1528 .connect = sco_sock_connect,
1529 .listen = sco_sock_listen,
1530 .accept = sco_sock_accept,
1531 .getname = sco_sock_getname,
1532 .sendmsg = sco_sock_sendmsg,
1533 .recvmsg = sco_sock_recvmsg,
1534 .poll = bt_sock_poll,
1535 .ioctl = bt_sock_ioctl,
1536 .gettstamp = sock_gettstamp,
1537 .mmap = sock_no_mmap,
1538 .socketpair = sock_no_socketpair,
1539 .shutdown = sco_sock_shutdown,
1540 .setsockopt = sco_sock_setsockopt,
1541 .getsockopt = sco_sock_getsockopt
1542 };
1543
1544 static const struct net_proto_family sco_sock_family_ops = {
1545 .family = PF_BLUETOOTH,
1546 .owner = THIS_MODULE,
1547 .create = sco_sock_create,
1548 };
1549
sco_init(void)1550 int __init sco_init(void)
1551 {
1552 int err;
1553
1554 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1555
1556 err = proto_register(&sco_proto, 0);
1557 if (err < 0)
1558 return err;
1559
1560 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1561 if (err < 0) {
1562 BT_ERR("SCO socket registration failed");
1563 goto error;
1564 }
1565
1566 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1567 if (err < 0) {
1568 BT_ERR("Failed to create SCO proc file");
1569 bt_sock_unregister(BTPROTO_SCO);
1570 goto error;
1571 }
1572
1573 BT_INFO("SCO socket layer initialized");
1574
1575 hci_register_cb(&sco_cb);
1576
1577 if (IS_ERR_OR_NULL(bt_debugfs))
1578 return 0;
1579
1580 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1581 NULL, &sco_debugfs_fops);
1582
1583 return 0;
1584
1585 error:
1586 proto_unregister(&sco_proto);
1587 return err;
1588 }
1589
sco_exit(void)1590 void sco_exit(void)
1591 {
1592 bt_procfs_cleanup(&init_net, "sco");
1593
1594 debugfs_remove(sco_debugfs);
1595
1596 hci_unregister_cb(&sco_cb);
1597
1598 bt_sock_unregister(BTPROTO_SCO);
1599
1600 proto_unregister(&sco_proto);
1601 }
1602
1603 module_param(disable_esco, bool, 0644);
1604 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1605