1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 struct kref ref;
55 };
56
57 #define sco_conn_lock(c) spin_lock(&c->lock)
58 #define sco_conn_unlock(c) spin_unlock(&c->lock)
59
60 static void sco_sock_close(struct sock *sk);
61 static void sco_sock_kill(struct sock *sk);
62
63 /* ----- SCO socket info ----- */
64 #define sco_pi(sk) ((struct sco_pinfo *) sk)
65
66 struct sco_pinfo {
67 struct bt_sock bt;
68 bdaddr_t src;
69 bdaddr_t dst;
70 __u32 flags;
71 __u16 setting;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74 };
75
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT (HZ * 40)
78 #define SCO_DISCONN_TIMEOUT (HZ * 2)
79
sco_conn_free(struct kref * ref)80 static void sco_conn_free(struct kref *ref)
81 {
82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83
84 BT_DBG("conn %p", conn);
85
86 if (conn->sk)
87 sco_pi(conn->sk)->conn = NULL;
88
89 if (conn->hcon) {
90 conn->hcon->sco_data = NULL;
91 hci_conn_drop(conn->hcon);
92 }
93
94 /* Ensure no more work items will run since hci_conn has been dropped */
95 disable_delayed_work_sync(&conn->timeout_work);
96
97 kfree(conn);
98 }
99
sco_conn_put(struct sco_conn * conn)100 static void sco_conn_put(struct sco_conn *conn)
101 {
102 if (!conn)
103 return;
104
105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106
107 kref_put(&conn->ref, sco_conn_free);
108 }
109
sco_conn_hold(struct sco_conn * conn)110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn)
111 {
112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
113
114 kref_get(&conn->ref);
115 return conn;
116 }
117
sco_conn_hold_unless_zero(struct sco_conn * conn)118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
119 {
120 if (!conn)
121 return NULL;
122
123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
124
125 if (!kref_get_unless_zero(&conn->ref))
126 return NULL;
127
128 return conn;
129 }
130
sco_sock_hold(struct sco_conn * conn)131 static struct sock *sco_sock_hold(struct sco_conn *conn)
132 {
133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
134 return NULL;
135
136 sock_hold(conn->sk);
137
138 return conn->sk;
139 }
140
sco_sock_timeout(struct work_struct * work)141 static void sco_sock_timeout(struct work_struct *work)
142 {
143 struct sco_conn *conn = container_of(work, struct sco_conn,
144 timeout_work.work);
145 struct sock *sk;
146
147 conn = sco_conn_hold_unless_zero(conn);
148 if (!conn)
149 return;
150
151 sco_conn_lock(conn);
152 if (!conn->hcon) {
153 sco_conn_unlock(conn);
154 sco_conn_put(conn);
155 return;
156 }
157 sk = sco_sock_hold(conn);
158 sco_conn_unlock(conn);
159 sco_conn_put(conn);
160
161 if (!sk)
162 return;
163
164 BT_DBG("sock %p state %d", sk, sk->sk_state);
165
166 lock_sock(sk);
167 sk->sk_err = ETIMEDOUT;
168 sk->sk_state_change(sk);
169 release_sock(sk);
170 sock_put(sk);
171 }
172
sco_sock_set_timer(struct sock * sk,long timeout)173 static void sco_sock_set_timer(struct sock *sk, long timeout)
174 {
175 if (!sco_pi(sk)->conn)
176 return;
177
178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
181 }
182
sco_sock_clear_timer(struct sock * sk)183 static void sco_sock_clear_timer(struct sock *sk)
184 {
185 if (!sco_pi(sk)->conn)
186 return;
187
188 BT_DBG("sock %p state %d", sk, sk->sk_state);
189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
190 }
191
192 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
194 {
195 struct sco_conn *conn = hcon->sco_data;
196
197 conn = sco_conn_hold_unless_zero(conn);
198 if (conn) {
199 if (!conn->hcon) {
200 sco_conn_lock(conn);
201 conn->hcon = hcon;
202 sco_conn_unlock(conn);
203 }
204 return conn;
205 }
206
207 conn = kzalloc_obj(struct sco_conn);
208 if (!conn)
209 return NULL;
210
211 kref_init(&conn->ref);
212 spin_lock_init(&conn->lock);
213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
214
215 hcon->sco_data = conn;
216 conn->hcon = hcon;
217 conn->mtu = hcon->mtu;
218
219 if (hcon->mtu > 0)
220 conn->mtu = hcon->mtu;
221 else
222 conn->mtu = 60;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227 }
228
229 /* Delete channel.
230 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)231 static void sco_chan_del(struct sock *sk, int err)
232 {
233 struct sco_conn *conn;
234
235 conn = sco_pi(sk)->conn;
236 sco_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 sco_conn_lock(conn);
242 conn->sk = NULL;
243 sco_conn_unlock(conn);
244 sco_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249 sk->sk_state_change(sk);
250
251 sock_set_flag(sk, SOCK_ZAPPED);
252 }
253
sco_conn_del(struct hci_conn * hcon,int err)254 static void sco_conn_del(struct hci_conn *hcon, int err)
255 {
256 struct sco_conn *conn = hcon->sco_data;
257 struct sock *sk;
258
259 conn = sco_conn_hold_unless_zero(conn);
260 if (!conn)
261 return;
262
263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
264
265 sco_conn_lock(conn);
266 sk = sco_sock_hold(conn);
267 sco_conn_unlock(conn);
268 sco_conn_put(conn);
269
270 if (!sk) {
271 sco_conn_put(conn);
272 return;
273 }
274
275 /* Kill socket */
276 lock_sock(sk);
277 sco_sock_clear_timer(sk);
278 sco_chan_del(sk, err);
279 release_sock(sk);
280 sock_put(sk);
281 }
282
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
284 struct sock *parent)
285 {
286 BT_DBG("conn %p", conn);
287
288 sco_pi(sk)->conn = conn;
289 conn->sk = sk;
290
291 if (parent)
292 bt_accept_enqueue(parent, sk, true);
293 }
294
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
296 struct sock *parent)
297 {
298 int err = 0;
299
300 sco_conn_lock(conn);
301 if (conn->sk || sco_pi(sk)->conn)
302 err = -EBUSY;
303 else
304 __sco_chan_add(conn, sk, parent);
305
306 sco_conn_unlock(conn);
307 return err;
308 }
309
sco_connect(struct sock * sk)310 static int sco_connect(struct sock *sk)
311 {
312 struct sco_conn *conn;
313 struct hci_conn *hcon;
314 struct hci_dev *hdev;
315 int err, type;
316
317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
318
319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
320 if (!hdev)
321 return -EHOSTUNREACH;
322
323 hci_dev_lock(hdev);
324
325 if (lmp_esco_capable(hdev) && !disable_esco)
326 type = ESCO_LINK;
327 else
328 type = SCO_LINK;
329
330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
331 case SCO_AIRMODE_TRANSP:
332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) {
333 err = -EOPNOTSUPP;
334 goto unlock;
335 }
336 break;
337 }
338
339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
340 sco_pi(sk)->setting, &sco_pi(sk)->codec,
341 READ_ONCE(sk->sk_sndtimeo));
342 if (IS_ERR(hcon)) {
343 err = PTR_ERR(hcon);
344 goto unlock;
345 }
346
347 conn = sco_conn_add(hcon);
348 if (!conn) {
349 hci_conn_drop(hcon);
350 err = -ENOMEM;
351 goto unlock;
352 }
353
354 lock_sock(sk);
355
356 /* Recheck state after reacquiring the socket lock, as another
357 * thread may have changed it (e.g., closed the socket).
358 */
359 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
360 release_sock(sk);
361 hci_conn_drop(hcon);
362 err = -EBADFD;
363 goto unlock;
364 }
365
366 err = sco_chan_add(conn, sk, NULL);
367 if (err) {
368 release_sock(sk);
369 hci_conn_drop(hcon);
370 goto unlock;
371 }
372
373 /* Update source addr of the socket */
374 bacpy(&sco_pi(sk)->src, &hcon->src);
375
376 if (hcon->state == BT_CONNECTED) {
377 sco_sock_clear_timer(sk);
378 sk->sk_state = BT_CONNECTED;
379 } else {
380 sk->sk_state = BT_CONNECT;
381 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
382 }
383
384 release_sock(sk);
385
386 unlock:
387 hci_dev_unlock(hdev);
388 hci_dev_put(hdev);
389 return err;
390 }
391
sco_send_frame(struct sock * sk,struct sk_buff * skb,const struct sockcm_cookie * sockc)392 static int sco_send_frame(struct sock *sk, struct sk_buff *skb,
393 const struct sockcm_cookie *sockc)
394 {
395 struct sco_conn *conn = sco_pi(sk)->conn;
396 int len = skb->len;
397
398 /* Check outgoing MTU */
399 if (len > conn->mtu)
400 return -EINVAL;
401
402 BT_DBG("sk %p len %d", sk, len);
403
404 hci_setup_tx_timestamp(skb, 1, sockc);
405 hci_send_sco(conn->hcon, skb);
406
407 return len;
408 }
409
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)410 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
411 {
412 struct sock *sk;
413
414 sco_conn_lock(conn);
415 sk = sco_sock_hold(conn);
416 sco_conn_unlock(conn);
417
418 if (!sk)
419 goto drop;
420
421 BT_DBG("sk %p len %u", sk, skb->len);
422
423 if (sk->sk_state != BT_CONNECTED)
424 goto drop_put;
425
426 if (!sock_queue_rcv_skb(sk, skb)) {
427 sock_put(sk);
428 return;
429 }
430
431 drop_put:
432 sock_put(sk);
433 drop:
434 kfree_skb(skb);
435 }
436
437 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)438 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
439 {
440 struct sock *sk;
441
442 sk_for_each(sk, &sco_sk_list.head) {
443 if (sk->sk_state != BT_LISTEN)
444 continue;
445
446 if (!bacmp(&sco_pi(sk)->src, ba))
447 return sk;
448 }
449
450 return NULL;
451 }
452
453 /* Find socket listening on source bdaddr.
454 * Returns closest match.
455 */
sco_get_sock_listen(bdaddr_t * src)456 static struct sock *sco_get_sock_listen(bdaddr_t *src)
457 {
458 struct sock *sk = NULL, *sk1 = NULL;
459
460 read_lock(&sco_sk_list.lock);
461
462 sk_for_each(sk, &sco_sk_list.head) {
463 if (sk->sk_state != BT_LISTEN)
464 continue;
465
466 /* Exact match. */
467 if (!bacmp(&sco_pi(sk)->src, src))
468 break;
469
470 /* Closest match */
471 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
472 sk1 = sk;
473 }
474
475 read_unlock(&sco_sk_list.lock);
476
477 return sk ? sk : sk1;
478 }
479
sco_sock_destruct(struct sock * sk)480 static void sco_sock_destruct(struct sock *sk)
481 {
482 BT_DBG("sk %p", sk);
483
484 sco_conn_put(sco_pi(sk)->conn);
485
486 skb_queue_purge(&sk->sk_receive_queue);
487 skb_queue_purge(&sk->sk_write_queue);
488 skb_queue_purge(&sk->sk_error_queue);
489 }
490
sco_sock_cleanup_listen(struct sock * parent)491 static void sco_sock_cleanup_listen(struct sock *parent)
492 {
493 struct sock *sk;
494
495 BT_DBG("parent %p", parent);
496
497 /* Close not yet accepted channels */
498 while ((sk = bt_accept_dequeue(parent, NULL))) {
499 sco_sock_close(sk);
500 sco_sock_kill(sk);
501 }
502
503 parent->sk_state = BT_CLOSED;
504 sock_set_flag(parent, SOCK_ZAPPED);
505 }
506
507 /* Kill socket (only if zapped and orphan)
508 * Must be called on unlocked socket.
509 */
sco_sock_kill(struct sock * sk)510 static void sco_sock_kill(struct sock *sk)
511 {
512 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
513 return;
514
515 BT_DBG("sk %p state %d", sk, sk->sk_state);
516
517 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
518 if (sco_pi(sk)->conn) {
519 sco_conn_lock(sco_pi(sk)->conn);
520 sco_pi(sk)->conn->sk = NULL;
521 sco_conn_unlock(sco_pi(sk)->conn);
522 }
523
524 /* Kill poor orphan */
525 bt_sock_unlink(&sco_sk_list, sk);
526 sock_set_flag(sk, SOCK_DEAD);
527 sock_put(sk);
528 }
529
__sco_sock_close(struct sock * sk)530 static void __sco_sock_close(struct sock *sk)
531 {
532 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
533
534 switch (sk->sk_state) {
535 case BT_LISTEN:
536 sco_sock_cleanup_listen(sk);
537 break;
538
539 case BT_CONNECTED:
540 case BT_CONFIG:
541 case BT_CONNECT2:
542 case BT_CONNECT:
543 case BT_DISCONN:
544 sco_chan_del(sk, ECONNRESET);
545 break;
546
547 default:
548 sock_set_flag(sk, SOCK_ZAPPED);
549 break;
550 }
551
552 }
553
554 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)555 static void sco_sock_close(struct sock *sk)
556 {
557 lock_sock(sk);
558 sco_sock_clear_timer(sk);
559 __sco_sock_close(sk);
560 release_sock(sk);
561 }
562
sco_sock_init(struct sock * sk,struct sock * parent)563 static void sco_sock_init(struct sock *sk, struct sock *parent)
564 {
565 BT_DBG("sk %p", sk);
566
567 if (parent) {
568 sk->sk_type = parent->sk_type;
569 bt_sk(sk)->flags = bt_sk(parent)->flags;
570 security_sk_clone(parent, sk);
571 }
572 }
573
574 static struct proto sco_proto = {
575 .name = "SCO",
576 .owner = THIS_MODULE,
577 .obj_size = sizeof(struct sco_pinfo)
578 };
579
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)580 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
581 int proto, gfp_t prio, int kern)
582 {
583 struct sock *sk;
584
585 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
586 if (!sk)
587 return NULL;
588
589 sk->sk_destruct = sco_sock_destruct;
590 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
591
592 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
593 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
594 sco_pi(sk)->codec.cid = 0xffff;
595 sco_pi(sk)->codec.vid = 0xffff;
596 sco_pi(sk)->codec.data_path = 0x00;
597
598 bt_sock_link(&sco_sk_list, sk);
599 return sk;
600 }
601
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)602 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
603 int kern)
604 {
605 struct sock *sk;
606
607 BT_DBG("sock %p", sock);
608
609 sock->state = SS_UNCONNECTED;
610
611 if (sock->type != SOCK_SEQPACKET)
612 return -ESOCKTNOSUPPORT;
613
614 sock->ops = &sco_sock_ops;
615
616 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
617 if (!sk)
618 return -ENOMEM;
619
620 sco_sock_init(sk, NULL);
621 return 0;
622 }
623
sco_sock_bind(struct socket * sock,struct sockaddr_unsized * addr,int addr_len)624 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr,
625 int addr_len)
626 {
627 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
628 struct sock *sk = sock->sk;
629 int err = 0;
630
631 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
632 addr->sa_family != AF_BLUETOOTH)
633 return -EINVAL;
634
635 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
636
637 lock_sock(sk);
638
639 if (sk->sk_state != BT_OPEN) {
640 err = -EBADFD;
641 goto done;
642 }
643
644 if (sk->sk_type != SOCK_SEQPACKET) {
645 err = -EINVAL;
646 goto done;
647 }
648
649 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
650
651 sk->sk_state = BT_BOUND;
652
653 done:
654 release_sock(sk);
655 return err;
656 }
657
sco_sock_connect(struct socket * sock,struct sockaddr_unsized * addr,int alen,int flags)658 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags)
659 {
660 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
661 struct sock *sk = sock->sk;
662 int err;
663
664 BT_DBG("sk %p", sk);
665
666 if (alen < sizeof(struct sockaddr_sco) ||
667 addr->sa_family != AF_BLUETOOTH)
668 return -EINVAL;
669
670 lock_sock(sk);
671
672 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
673 release_sock(sk);
674 return -EBADFD;
675 }
676
677 if (sk->sk_type != SOCK_SEQPACKET) {
678 release_sock(sk);
679 return -EINVAL;
680 }
681
682 /* Set destination address and psm */
683 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
684 release_sock(sk);
685
686 err = sco_connect(sk);
687 if (err)
688 return err;
689
690 lock_sock(sk);
691
692 err = bt_sock_wait_state(sk, BT_CONNECTED,
693 sock_sndtimeo(sk, flags & O_NONBLOCK));
694
695 release_sock(sk);
696 return err;
697 }
698
sco_sock_listen(struct socket * sock,int backlog)699 static int sco_sock_listen(struct socket *sock, int backlog)
700 {
701 struct sock *sk = sock->sk;
702 bdaddr_t *src = &sco_pi(sk)->src;
703 int err = 0;
704
705 BT_DBG("sk %p backlog %d", sk, backlog);
706
707 lock_sock(sk);
708
709 if (sk->sk_state != BT_BOUND) {
710 err = -EBADFD;
711 goto done;
712 }
713
714 if (sk->sk_type != SOCK_SEQPACKET) {
715 err = -EINVAL;
716 goto done;
717 }
718
719 write_lock(&sco_sk_list.lock);
720
721 if (__sco_get_sock_listen_by_addr(src)) {
722 err = -EADDRINUSE;
723 goto unlock;
724 }
725
726 sk->sk_max_ack_backlog = backlog;
727 sk->sk_ack_backlog = 0;
728
729 sk->sk_state = BT_LISTEN;
730
731 unlock:
732 write_unlock(&sco_sk_list.lock);
733
734 done:
735 release_sock(sk);
736 return err;
737 }
738
sco_sock_accept(struct socket * sock,struct socket * newsock,struct proto_accept_arg * arg)739 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
740 struct proto_accept_arg *arg)
741 {
742 DEFINE_WAIT_FUNC(wait, woken_wake_function);
743 struct sock *sk = sock->sk, *ch;
744 long timeo;
745 int err = 0;
746
747 lock_sock(sk);
748
749 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
750
751 BT_DBG("sk %p timeo %ld", sk, timeo);
752
753 /* Wait for an incoming connection. (wake-one). */
754 add_wait_queue_exclusive(sk_sleep(sk), &wait);
755 while (1) {
756 if (sk->sk_state != BT_LISTEN) {
757 err = -EBADFD;
758 break;
759 }
760
761 ch = bt_accept_dequeue(sk, newsock);
762 if (ch)
763 break;
764
765 if (!timeo) {
766 err = -EAGAIN;
767 break;
768 }
769
770 if (signal_pending(current)) {
771 err = sock_intr_errno(timeo);
772 break;
773 }
774
775 release_sock(sk);
776
777 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
778 lock_sock(sk);
779 }
780 remove_wait_queue(sk_sleep(sk), &wait);
781
782 if (err)
783 goto done;
784
785 newsock->state = SS_CONNECTED;
786
787 BT_DBG("new socket %p", ch);
788
789 done:
790 release_sock(sk);
791 return err;
792 }
793
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)794 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
795 int peer)
796 {
797 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
798 struct sock *sk = sock->sk;
799
800 BT_DBG("sock %p, sk %p", sock, sk);
801
802 addr->sa_family = AF_BLUETOOTH;
803
804 if (peer)
805 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
806 else
807 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
808
809 return sizeof(struct sockaddr_sco);
810 }
811
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)812 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
813 size_t len)
814 {
815 struct sock *sk = sock->sk;
816 struct sk_buff *skb;
817 struct sockcm_cookie sockc;
818 int err;
819
820 BT_DBG("sock %p, sk %p", sock, sk);
821
822 err = sock_error(sk);
823 if (err)
824 return err;
825
826 if (msg->msg_flags & MSG_OOB)
827 return -EOPNOTSUPP;
828
829 hci_sockcm_init(&sockc, sk);
830
831 if (msg->msg_controllen) {
832 err = sock_cmsg_send(sk, msg, &sockc);
833 if (err)
834 return err;
835 }
836
837 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
838 if (IS_ERR(skb))
839 return PTR_ERR(skb);
840
841 lock_sock(sk);
842
843 if (sk->sk_state == BT_CONNECTED)
844 err = sco_send_frame(sk, skb, &sockc);
845 else
846 err = -ENOTCONN;
847
848 release_sock(sk);
849
850 if (err < 0)
851 kfree_skb(skb);
852 return err;
853 }
854
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)855 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
856 {
857 struct hci_dev *hdev = conn->hdev;
858
859 BT_DBG("conn %p", conn);
860
861 conn->state = BT_CONFIG;
862
863 if (!lmp_esco_capable(hdev)) {
864 struct hci_cp_accept_conn_req cp;
865
866 bacpy(&cp.bdaddr, &conn->dst);
867 cp.role = 0x00; /* Ignored */
868
869 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
870 } else {
871 struct hci_cp_accept_sync_conn_req cp;
872
873 bacpy(&cp.bdaddr, &conn->dst);
874 cp.pkt_type = cpu_to_le16(conn->pkt_type);
875
876 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
877 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
878 cp.content_format = cpu_to_le16(setting);
879
880 switch (setting & SCO_AIRMODE_MASK) {
881 case SCO_AIRMODE_TRANSP:
882 if (conn->pkt_type & ESCO_2EV3)
883 cp.max_latency = cpu_to_le16(0x0008);
884 else
885 cp.max_latency = cpu_to_le16(0x000D);
886 cp.retrans_effort = 0x02;
887 break;
888 case SCO_AIRMODE_CVSD:
889 cp.max_latency = cpu_to_le16(0xffff);
890 cp.retrans_effort = 0xff;
891 break;
892 default:
893 /* use CVSD settings as fallback */
894 cp.max_latency = cpu_to_le16(0xffff);
895 cp.retrans_effort = 0xff;
896 break;
897 }
898
899 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
900 sizeof(cp), &cp);
901 }
902 }
903
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)904 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
905 size_t len, int flags)
906 {
907 struct sock *sk = sock->sk;
908 struct sco_pinfo *pi = sco_pi(sk);
909
910 if (unlikely(flags & MSG_ERRQUEUE))
911 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
912 BT_SCM_ERROR);
913
914 lock_sock(sk);
915
916 if (sk->sk_state == BT_CONNECT2 &&
917 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
918 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
919 sk->sk_state = BT_CONFIG;
920
921 release_sock(sk);
922 return 0;
923 }
924
925 release_sock(sk);
926
927 return bt_sock_recvmsg(sock, msg, len, flags);
928 }
929
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)930 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
931 sockptr_t optval, unsigned int optlen)
932 {
933 struct sock *sk = sock->sk;
934 int err = 0;
935 struct bt_voice voice;
936 u32 opt;
937 struct bt_codecs *codecs;
938 struct hci_dev *hdev;
939 __u8 buffer[255];
940
941 BT_DBG("sk %p", sk);
942
943 lock_sock(sk);
944
945 switch (optname) {
946
947 case BT_DEFER_SETUP:
948 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
949 err = -EINVAL;
950 break;
951 }
952
953 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
954 if (err)
955 break;
956
957 if (opt)
958 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
959 else
960 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
961 break;
962
963 case BT_VOICE:
964 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
965 sk->sk_state != BT_CONNECT2) {
966 err = -EINVAL;
967 break;
968 }
969
970 voice.setting = sco_pi(sk)->setting;
971
972 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval,
973 optlen);
974 if (err)
975 break;
976
977 sco_pi(sk)->setting = voice.setting;
978 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
979 BDADDR_BREDR);
980 if (!hdev) {
981 err = -EBADFD;
982 break;
983 }
984
985 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
986 case SCO_AIRMODE_TRANSP:
987 if (enhanced_sync_conn_capable(hdev))
988 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
989 break;
990 }
991
992 hci_dev_put(hdev);
993 break;
994
995 case BT_PKT_STATUS:
996 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
997 if (err)
998 break;
999
1000 if (opt)
1001 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1002 else
1003 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1004 break;
1005
1006 case BT_CODEC:
1007 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1008 sk->sk_state != BT_CONNECT2) {
1009 err = -EINVAL;
1010 break;
1011 }
1012
1013 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
1014 BDADDR_BREDR);
1015 if (!hdev) {
1016 err = -EBADFD;
1017 break;
1018 }
1019
1020 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1021 hci_dev_put(hdev);
1022 err = -EOPNOTSUPP;
1023 break;
1024 }
1025
1026 if (!hdev->get_data_path_id) {
1027 hci_dev_put(hdev);
1028 err = -EOPNOTSUPP;
1029 break;
1030 }
1031
1032 if (optlen < sizeof(struct bt_codecs) ||
1033 optlen > sizeof(buffer)) {
1034 hci_dev_put(hdev);
1035 err = -EINVAL;
1036 break;
1037 }
1038
1039 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval,
1040 optlen);
1041 if (err) {
1042 hci_dev_put(hdev);
1043 break;
1044 }
1045
1046 codecs = (void *)buffer;
1047
1048 if (codecs->num_codecs > 1) {
1049 hci_dev_put(hdev);
1050 err = -EINVAL;
1051 break;
1052 }
1053
1054 sco_pi(sk)->codec = codecs->codecs[0];
1055 hci_dev_put(hdev);
1056 break;
1057
1058 default:
1059 err = -ENOPROTOOPT;
1060 break;
1061 }
1062
1063 release_sock(sk);
1064 return err;
1065 }
1066
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)1067 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1068 char __user *optval, int __user *optlen)
1069 {
1070 struct sock *sk = sock->sk;
1071 struct sco_options opts;
1072 struct sco_conninfo cinfo;
1073 int err = 0;
1074 size_t len;
1075
1076 BT_DBG("sk %p", sk);
1077
1078 if (get_user(len, optlen))
1079 return -EFAULT;
1080
1081 lock_sock(sk);
1082
1083 switch (optname) {
1084 case SCO_OPTIONS:
1085 if (sk->sk_state != BT_CONNECTED &&
1086 !(sk->sk_state == BT_CONNECT2 &&
1087 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1088 err = -ENOTCONN;
1089 break;
1090 }
1091
1092 opts.mtu = sco_pi(sk)->conn->mtu;
1093
1094 BT_DBG("mtu %u", opts.mtu);
1095
1096 len = min(len, sizeof(opts));
1097 if (copy_to_user(optval, (char *)&opts, len))
1098 err = -EFAULT;
1099
1100 break;
1101
1102 case SCO_CONNINFO:
1103 if (sk->sk_state != BT_CONNECTED &&
1104 !(sk->sk_state == BT_CONNECT2 &&
1105 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1106 err = -ENOTCONN;
1107 break;
1108 }
1109
1110 memset(&cinfo, 0, sizeof(cinfo));
1111 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1112 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1113
1114 len = min(len, sizeof(cinfo));
1115 if (copy_to_user(optval, (char *)&cinfo, len))
1116 err = -EFAULT;
1117
1118 break;
1119
1120 default:
1121 err = -ENOPROTOOPT;
1122 break;
1123 }
1124
1125 release_sock(sk);
1126 return err;
1127 }
1128
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1129 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1130 char __user *optval, int __user *optlen)
1131 {
1132 struct sock *sk = sock->sk;
1133 int len, err = 0;
1134 struct bt_voice voice;
1135 u32 phys;
1136 int buf_len;
1137 struct codec_list *c;
1138 u8 num_codecs, i, __user *ptr;
1139 struct hci_dev *hdev;
1140 struct hci_codec_caps *caps;
1141 struct bt_codec codec;
1142
1143 BT_DBG("sk %p", sk);
1144
1145 if (level == SOL_SCO)
1146 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1147
1148 if (get_user(len, optlen))
1149 return -EFAULT;
1150
1151 lock_sock(sk);
1152
1153 switch (optname) {
1154
1155 case BT_DEFER_SETUP:
1156 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1157 err = -EINVAL;
1158 break;
1159 }
1160
1161 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1162 (u32 __user *)optval))
1163 err = -EFAULT;
1164
1165 break;
1166
1167 case BT_VOICE:
1168 voice.setting = sco_pi(sk)->setting;
1169
1170 len = min_t(unsigned int, len, sizeof(voice));
1171 if (copy_to_user(optval, (char *)&voice, len))
1172 err = -EFAULT;
1173
1174 break;
1175
1176 case BT_PHY:
1177 if (sk->sk_state != BT_CONNECTED) {
1178 err = -ENOTCONN;
1179 break;
1180 }
1181
1182 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1183
1184 if (put_user(phys, (u32 __user *) optval))
1185 err = -EFAULT;
1186 break;
1187
1188 case BT_PKT_STATUS:
1189 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1190 (int __user *)optval))
1191 err = -EFAULT;
1192 break;
1193
1194 case BT_SNDMTU:
1195 case BT_RCVMTU:
1196 if (sk->sk_state != BT_CONNECTED) {
1197 err = -ENOTCONN;
1198 break;
1199 }
1200
1201 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1202 err = -EFAULT;
1203 break;
1204
1205 case BT_CODEC:
1206 num_codecs = 0;
1207 buf_len = 0;
1208
1209 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1210 if (!hdev) {
1211 err = -EBADFD;
1212 break;
1213 }
1214
1215 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1216 hci_dev_put(hdev);
1217 err = -EOPNOTSUPP;
1218 break;
1219 }
1220
1221 if (!hdev->get_data_path_id) {
1222 hci_dev_put(hdev);
1223 err = -EOPNOTSUPP;
1224 break;
1225 }
1226
1227 release_sock(sk);
1228
1229 /* find total buffer size required to copy codec + caps */
1230 hci_dev_lock(hdev);
1231 list_for_each_entry(c, &hdev->local_codecs, list) {
1232 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1233 continue;
1234 num_codecs++;
1235 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1236 buf_len += 1 + caps->len;
1237 caps = (void *)&caps->data[caps->len];
1238 }
1239 buf_len += sizeof(struct bt_codec);
1240 }
1241 hci_dev_unlock(hdev);
1242
1243 buf_len += sizeof(struct bt_codecs);
1244 if (buf_len > len) {
1245 hci_dev_put(hdev);
1246 return -ENOBUFS;
1247 }
1248 ptr = optval;
1249
1250 if (put_user(num_codecs, ptr)) {
1251 hci_dev_put(hdev);
1252 return -EFAULT;
1253 }
1254 ptr += sizeof(num_codecs);
1255
1256 /* Iterate all the codecs supported over SCO and populate
1257 * codec data
1258 */
1259 hci_dev_lock(hdev);
1260 list_for_each_entry(c, &hdev->local_codecs, list) {
1261 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1262 continue;
1263
1264 codec.id = c->id;
1265 codec.cid = c->cid;
1266 codec.vid = c->vid;
1267 err = hdev->get_data_path_id(hdev, &codec.data_path);
1268 if (err < 0)
1269 break;
1270 codec.num_caps = c->num_caps;
1271 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1272 err = -EFAULT;
1273 break;
1274 }
1275 ptr += sizeof(codec);
1276
1277 /* find codec capabilities data length */
1278 len = 0;
1279 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1280 len += 1 + caps->len;
1281 caps = (void *)&caps->data[caps->len];
1282 }
1283
1284 /* copy codec capabilities data */
1285 if (len && copy_to_user(ptr, c->caps, len)) {
1286 err = -EFAULT;
1287 break;
1288 }
1289 ptr += len;
1290 }
1291
1292 hci_dev_unlock(hdev);
1293 hci_dev_put(hdev);
1294
1295 lock_sock(sk);
1296
1297 if (!err && put_user(buf_len, optlen))
1298 err = -EFAULT;
1299
1300 break;
1301
1302 default:
1303 err = -ENOPROTOOPT;
1304 break;
1305 }
1306
1307 release_sock(sk);
1308 return err;
1309 }
1310
sco_sock_shutdown(struct socket * sock,int how)1311 static int sco_sock_shutdown(struct socket *sock, int how)
1312 {
1313 struct sock *sk = sock->sk;
1314 int err = 0;
1315
1316 BT_DBG("sock %p, sk %p", sock, sk);
1317
1318 if (!sk)
1319 return 0;
1320
1321 sock_hold(sk);
1322 lock_sock(sk);
1323
1324 if (!sk->sk_shutdown) {
1325 sk->sk_shutdown = SHUTDOWN_MASK;
1326 sco_sock_clear_timer(sk);
1327 __sco_sock_close(sk);
1328
1329 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1330 !(current->flags & PF_EXITING))
1331 err = bt_sock_wait_state(sk, BT_CLOSED,
1332 sk->sk_lingertime);
1333 }
1334
1335 release_sock(sk);
1336 sock_put(sk);
1337
1338 return err;
1339 }
1340
sco_sock_release(struct socket * sock)1341 static int sco_sock_release(struct socket *sock)
1342 {
1343 struct sock *sk = sock->sk;
1344 int err = 0;
1345
1346 BT_DBG("sock %p, sk %p", sock, sk);
1347
1348 if (!sk)
1349 return 0;
1350
1351 sco_sock_close(sk);
1352
1353 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1354 !(current->flags & PF_EXITING)) {
1355 lock_sock(sk);
1356 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1357 release_sock(sk);
1358 }
1359
1360 sock_orphan(sk);
1361 sco_sock_kill(sk);
1362 return err;
1363 }
1364
sco_conn_ready(struct sco_conn * conn)1365 static void sco_conn_ready(struct sco_conn *conn)
1366 {
1367 struct sock *parent;
1368 struct sock *sk = conn->sk;
1369
1370 BT_DBG("conn %p", conn);
1371
1372 if (sk) {
1373 lock_sock(sk);
1374 sco_sock_clear_timer(sk);
1375 sk->sk_state = BT_CONNECTED;
1376 sk->sk_state_change(sk);
1377 release_sock(sk);
1378 } else {
1379 sco_conn_lock(conn);
1380
1381 if (!conn->hcon) {
1382 sco_conn_unlock(conn);
1383 return;
1384 }
1385
1386 parent = sco_get_sock_listen(&conn->hcon->src);
1387 if (!parent) {
1388 sco_conn_unlock(conn);
1389 return;
1390 }
1391
1392 lock_sock(parent);
1393
1394 sk = sco_sock_alloc(sock_net(parent), NULL,
1395 BTPROTO_SCO, GFP_ATOMIC, 0);
1396 if (!sk) {
1397 release_sock(parent);
1398 sco_conn_unlock(conn);
1399 return;
1400 }
1401
1402 sco_sock_init(sk, parent);
1403
1404 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1405 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1406
1407 sco_conn_hold(conn);
1408 hci_conn_hold(conn->hcon);
1409 __sco_chan_add(conn, sk, parent);
1410
1411 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1412 sk->sk_state = BT_CONNECT2;
1413 else
1414 sk->sk_state = BT_CONNECTED;
1415
1416 /* Wake up parent */
1417 parent->sk_data_ready(parent);
1418
1419 release_sock(parent);
1420
1421 sco_conn_unlock(conn);
1422 }
1423 }
1424
1425 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1426 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1427 {
1428 struct sock *sk;
1429 int lm = 0;
1430
1431 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1432
1433 /* Find listening sockets */
1434 read_lock(&sco_sk_list.lock);
1435 sk_for_each(sk, &sco_sk_list.head) {
1436 if (sk->sk_state != BT_LISTEN)
1437 continue;
1438
1439 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1440 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1441 lm |= HCI_LM_ACCEPT;
1442
1443 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1444 *flags |= HCI_PROTO_DEFER;
1445 break;
1446 }
1447 }
1448 read_unlock(&sco_sk_list.lock);
1449
1450 return lm;
1451 }
1452
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1453 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1454 {
1455 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1456 return;
1457
1458 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1459
1460 if (!status) {
1461 struct sco_conn *conn;
1462
1463 conn = sco_conn_add(hcon);
1464 if (conn) {
1465 sco_conn_ready(conn);
1466 sco_conn_put(conn);
1467 }
1468 } else
1469 sco_conn_del(hcon, bt_to_errno(status));
1470 }
1471
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1472 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1473 {
1474 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1475 return;
1476
1477 BT_DBG("hcon %p reason %d", hcon, reason);
1478
1479 sco_conn_del(hcon, bt_to_errno(reason));
1480 }
1481
sco_recv_scodata(struct hci_dev * hdev,u16 handle,struct sk_buff * skb)1482 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb)
1483 {
1484 struct hci_conn *hcon;
1485 struct sco_conn *conn;
1486
1487 hci_dev_lock(hdev);
1488
1489 hcon = hci_conn_hash_lookup_handle(hdev, handle);
1490 if (!hcon) {
1491 hci_dev_unlock(hdev);
1492 kfree_skb(skb);
1493 return -ENOENT;
1494 }
1495
1496 conn = sco_conn_hold_unless_zero(hcon->sco_data);
1497 hcon = NULL;
1498
1499 hci_dev_unlock(hdev);
1500
1501 if (!conn) {
1502 kfree_skb(skb);
1503 return -EINVAL;
1504 }
1505
1506 BT_DBG("conn %p len %u", conn, skb->len);
1507
1508 if (skb->len)
1509 sco_recv_frame(conn, skb);
1510 else
1511 kfree_skb(skb);
1512
1513 sco_conn_put(conn);
1514 return 0;
1515 }
1516
1517 static struct hci_cb sco_cb = {
1518 .name = "SCO",
1519 .connect_cfm = sco_connect_cfm,
1520 .disconn_cfm = sco_disconn_cfm,
1521 };
1522
sco_debugfs_show(struct seq_file * f,void * p)1523 static int sco_debugfs_show(struct seq_file *f, void *p)
1524 {
1525 struct sock *sk;
1526
1527 read_lock(&sco_sk_list.lock);
1528
1529 sk_for_each(sk, &sco_sk_list.head) {
1530 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1531 &sco_pi(sk)->dst, sk->sk_state);
1532 }
1533
1534 read_unlock(&sco_sk_list.lock);
1535
1536 return 0;
1537 }
1538
1539 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1540
1541 static struct dentry *sco_debugfs;
1542
1543 static const struct proto_ops sco_sock_ops = {
1544 .family = PF_BLUETOOTH,
1545 .owner = THIS_MODULE,
1546 .release = sco_sock_release,
1547 .bind = sco_sock_bind,
1548 .connect = sco_sock_connect,
1549 .listen = sco_sock_listen,
1550 .accept = sco_sock_accept,
1551 .getname = sco_sock_getname,
1552 .sendmsg = sco_sock_sendmsg,
1553 .recvmsg = sco_sock_recvmsg,
1554 .poll = bt_sock_poll,
1555 .ioctl = bt_sock_ioctl,
1556 .gettstamp = sock_gettstamp,
1557 .mmap = sock_no_mmap,
1558 .socketpair = sock_no_socketpair,
1559 .shutdown = sco_sock_shutdown,
1560 .setsockopt = sco_sock_setsockopt,
1561 .getsockopt = sco_sock_getsockopt
1562 };
1563
1564 static const struct net_proto_family sco_sock_family_ops = {
1565 .family = PF_BLUETOOTH,
1566 .owner = THIS_MODULE,
1567 .create = sco_sock_create,
1568 };
1569
sco_init(void)1570 int __init sco_init(void)
1571 {
1572 int err;
1573
1574 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1575
1576 err = proto_register(&sco_proto, 0);
1577 if (err < 0)
1578 return err;
1579
1580 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1581 if (err < 0) {
1582 BT_ERR("SCO socket registration failed");
1583 goto error;
1584 }
1585
1586 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1587 if (err < 0) {
1588 BT_ERR("Failed to create SCO proc file");
1589 bt_sock_unregister(BTPROTO_SCO);
1590 goto error;
1591 }
1592
1593 BT_INFO("SCO socket layer initialized");
1594
1595 hci_register_cb(&sco_cb);
1596
1597 if (IS_ERR_OR_NULL(bt_debugfs))
1598 return 0;
1599
1600 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1601 NULL, &sco_debugfs_fops);
1602
1603 return 0;
1604
1605 error:
1606 proto_unregister(&sco_proto);
1607 return err;
1608 }
1609
sco_exit(void)1610 void sco_exit(void)
1611 {
1612 bt_procfs_cleanup(&init_net, "sco");
1613
1614 debugfs_remove(sco_debugfs);
1615
1616 hci_unregister_cb(&sco_cb);
1617
1618 bt_sock_unregister(BTPROTO_SCO);
1619
1620 proto_unregister(&sco_proto);
1621 }
1622
1623 module_param(disable_esco, bool, 0644);
1624 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1625