1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35
36 static bool disable_esco;
37
38 static const struct proto_ops sco_sock_ops;
39
40 static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54 struct kref ref;
55 };
56
57 #define sco_conn_lock(c) spin_lock(&c->lock)
58 #define sco_conn_unlock(c) spin_unlock(&c->lock)
59
60 static void sco_sock_close(struct sock *sk);
61 static void sco_sock_kill(struct sock *sk);
62
63 /* ----- SCO socket info ----- */
64 #define sco_pi(sk) ((struct sco_pinfo *) sk)
65
66 struct sco_pinfo {
67 struct bt_sock bt;
68 bdaddr_t src;
69 bdaddr_t dst;
70 __u32 flags;
71 __u16 setting;
72 struct bt_codec codec;
73 struct sco_conn *conn;
74 };
75
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT (HZ * 40)
78 #define SCO_DISCONN_TIMEOUT (HZ * 2)
79
sco_conn_free(struct kref * ref)80 static void sco_conn_free(struct kref *ref)
81 {
82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83
84 BT_DBG("conn %p", conn);
85
86 if (conn->sk)
87 sco_pi(conn->sk)->conn = NULL;
88
89 if (conn->hcon) {
90 conn->hcon->sco_data = NULL;
91 hci_conn_drop(conn->hcon);
92 }
93
94 /* Ensure no more work items will run since hci_conn has been dropped */
95 disable_delayed_work_sync(&conn->timeout_work);
96
97 kfree(conn);
98 }
99
sco_conn_put(struct sco_conn * conn)100 static void sco_conn_put(struct sco_conn *conn)
101 {
102 if (!conn)
103 return;
104
105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106
107 kref_put(&conn->ref, sco_conn_free);
108 }
109
sco_conn_hold(struct sco_conn * conn)110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn)
111 {
112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
113
114 kref_get(&conn->ref);
115 return conn;
116 }
117
sco_conn_hold_unless_zero(struct sco_conn * conn)118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
119 {
120 if (!conn)
121 return NULL;
122
123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
124
125 if (!kref_get_unless_zero(&conn->ref))
126 return NULL;
127
128 return conn;
129 }
130
sco_sock_hold(struct sco_conn * conn)131 static struct sock *sco_sock_hold(struct sco_conn *conn)
132 {
133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
134 return NULL;
135
136 sock_hold(conn->sk);
137
138 return conn->sk;
139 }
140
sco_sock_timeout(struct work_struct * work)141 static void sco_sock_timeout(struct work_struct *work)
142 {
143 struct sco_conn *conn = container_of(work, struct sco_conn,
144 timeout_work.work);
145 struct sock *sk;
146
147 conn = sco_conn_hold_unless_zero(conn);
148 if (!conn)
149 return;
150
151 sco_conn_lock(conn);
152 if (!conn->hcon) {
153 sco_conn_unlock(conn);
154 sco_conn_put(conn);
155 return;
156 }
157 sk = sco_sock_hold(conn);
158 sco_conn_unlock(conn);
159 sco_conn_put(conn);
160
161 if (!sk)
162 return;
163
164 BT_DBG("sock %p state %d", sk, sk->sk_state);
165
166 lock_sock(sk);
167 sk->sk_err = ETIMEDOUT;
168 sk->sk_state_change(sk);
169 release_sock(sk);
170 sock_put(sk);
171 }
172
sco_sock_set_timer(struct sock * sk,long timeout)173 static void sco_sock_set_timer(struct sock *sk, long timeout)
174 {
175 if (!sco_pi(sk)->conn)
176 return;
177
178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
181 }
182
sco_sock_clear_timer(struct sock * sk)183 static void sco_sock_clear_timer(struct sock *sk)
184 {
185 if (!sco_pi(sk)->conn)
186 return;
187
188 BT_DBG("sock %p state %d", sk, sk->sk_state);
189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
190 }
191
192 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
194 {
195 struct sco_conn *conn = hcon->sco_data;
196
197 conn = sco_conn_hold_unless_zero(conn);
198 if (conn) {
199 if (!conn->hcon) {
200 sco_conn_lock(conn);
201 conn->hcon = hcon;
202 sco_conn_unlock(conn);
203 }
204 return conn;
205 }
206
207 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
208 if (!conn)
209 return NULL;
210
211 kref_init(&conn->ref);
212 spin_lock_init(&conn->lock);
213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
214
215 hcon->sco_data = conn;
216 conn->hcon = hcon;
217 conn->mtu = hcon->mtu;
218
219 if (hcon->mtu > 0)
220 conn->mtu = hcon->mtu;
221 else
222 conn->mtu = 60;
223
224 BT_DBG("hcon %p conn %p", hcon, conn);
225
226 return conn;
227 }
228
229 /* Delete channel.
230 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)231 static void sco_chan_del(struct sock *sk, int err)
232 {
233 struct sco_conn *conn;
234
235 conn = sco_pi(sk)->conn;
236 sco_pi(sk)->conn = NULL;
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
240 if (conn) {
241 sco_conn_lock(conn);
242 conn->sk = NULL;
243 sco_conn_unlock(conn);
244 sco_conn_put(conn);
245 }
246
247 sk->sk_state = BT_CLOSED;
248 sk->sk_err = err;
249 sk->sk_state_change(sk);
250
251 sock_set_flag(sk, SOCK_ZAPPED);
252 }
253
sco_conn_del(struct hci_conn * hcon,int err)254 static void sco_conn_del(struct hci_conn *hcon, int err)
255 {
256 struct sco_conn *conn = hcon->sco_data;
257 struct sock *sk;
258
259 conn = sco_conn_hold_unless_zero(conn);
260 if (!conn)
261 return;
262
263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
264
265 sco_conn_lock(conn);
266 sk = sco_sock_hold(conn);
267 sco_conn_unlock(conn);
268 sco_conn_put(conn);
269
270 if (!sk) {
271 sco_conn_put(conn);
272 return;
273 }
274
275 /* Kill socket */
276 lock_sock(sk);
277 sco_sock_clear_timer(sk);
278 sco_chan_del(sk, err);
279 release_sock(sk);
280 sock_put(sk);
281 }
282
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
284 struct sock *parent)
285 {
286 BT_DBG("conn %p", conn);
287
288 sco_pi(sk)->conn = conn;
289 conn->sk = sk;
290
291 if (parent)
292 bt_accept_enqueue(parent, sk, true);
293 }
294
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
296 struct sock *parent)
297 {
298 int err = 0;
299
300 sco_conn_lock(conn);
301 if (conn->sk)
302 err = -EBUSY;
303 else
304 __sco_chan_add(conn, sk, parent);
305
306 sco_conn_unlock(conn);
307 return err;
308 }
309
sco_connect(struct sock * sk)310 static int sco_connect(struct sock *sk)
311 {
312 struct sco_conn *conn;
313 struct hci_conn *hcon;
314 struct hci_dev *hdev;
315 int err, type;
316
317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
318
319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
320 if (!hdev)
321 return -EHOSTUNREACH;
322
323 hci_dev_lock(hdev);
324
325 if (lmp_esco_capable(hdev) && !disable_esco)
326 type = ESCO_LINK;
327 else
328 type = SCO_LINK;
329
330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
331 case SCO_AIRMODE_TRANSP:
332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) {
333 err = -EOPNOTSUPP;
334 goto unlock;
335 }
336 break;
337 }
338
339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
340 sco_pi(sk)->setting, &sco_pi(sk)->codec,
341 READ_ONCE(sk->sk_sndtimeo));
342 if (IS_ERR(hcon)) {
343 err = PTR_ERR(hcon);
344 goto unlock;
345 }
346
347 conn = sco_conn_add(hcon);
348 if (!conn) {
349 hci_conn_drop(hcon);
350 err = -ENOMEM;
351 goto unlock;
352 }
353
354 lock_sock(sk);
355
356 err = sco_chan_add(conn, sk, NULL);
357 if (err) {
358 release_sock(sk);
359 goto unlock;
360 }
361
362 /* Update source addr of the socket */
363 bacpy(&sco_pi(sk)->src, &hcon->src);
364
365 if (hcon->state == BT_CONNECTED) {
366 sco_sock_clear_timer(sk);
367 sk->sk_state = BT_CONNECTED;
368 } else {
369 sk->sk_state = BT_CONNECT;
370 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
371 }
372
373 release_sock(sk);
374
375 unlock:
376 hci_dev_unlock(hdev);
377 hci_dev_put(hdev);
378 return err;
379 }
380
sco_send_frame(struct sock * sk,struct sk_buff * skb,const struct sockcm_cookie * sockc)381 static int sco_send_frame(struct sock *sk, struct sk_buff *skb,
382 const struct sockcm_cookie *sockc)
383 {
384 struct sco_conn *conn = sco_pi(sk)->conn;
385 int len = skb->len;
386
387 /* Check outgoing MTU */
388 if (len > conn->mtu)
389 return -EINVAL;
390
391 BT_DBG("sk %p len %d", sk, len);
392
393 hci_setup_tx_timestamp(skb, 1, sockc);
394 hci_send_sco(conn->hcon, skb);
395
396 return len;
397 }
398
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)399 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
400 {
401 struct sock *sk;
402
403 sco_conn_lock(conn);
404 sk = conn->sk;
405 sco_conn_unlock(conn);
406
407 if (!sk)
408 goto drop;
409
410 BT_DBG("sk %p len %u", sk, skb->len);
411
412 if (sk->sk_state != BT_CONNECTED)
413 goto drop;
414
415 if (!sock_queue_rcv_skb(sk, skb))
416 return;
417
418 drop:
419 kfree_skb(skb);
420 }
421
422 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)423 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
424 {
425 struct sock *sk;
426
427 sk_for_each(sk, &sco_sk_list.head) {
428 if (sk->sk_state != BT_LISTEN)
429 continue;
430
431 if (!bacmp(&sco_pi(sk)->src, ba))
432 return sk;
433 }
434
435 return NULL;
436 }
437
438 /* Find socket listening on source bdaddr.
439 * Returns closest match.
440 */
sco_get_sock_listen(bdaddr_t * src)441 static struct sock *sco_get_sock_listen(bdaddr_t *src)
442 {
443 struct sock *sk = NULL, *sk1 = NULL;
444
445 read_lock(&sco_sk_list.lock);
446
447 sk_for_each(sk, &sco_sk_list.head) {
448 if (sk->sk_state != BT_LISTEN)
449 continue;
450
451 /* Exact match. */
452 if (!bacmp(&sco_pi(sk)->src, src))
453 break;
454
455 /* Closest match */
456 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
457 sk1 = sk;
458 }
459
460 read_unlock(&sco_sk_list.lock);
461
462 return sk ? sk : sk1;
463 }
464
sco_sock_destruct(struct sock * sk)465 static void sco_sock_destruct(struct sock *sk)
466 {
467 BT_DBG("sk %p", sk);
468
469 sco_conn_put(sco_pi(sk)->conn);
470
471 skb_queue_purge(&sk->sk_receive_queue);
472 skb_queue_purge(&sk->sk_write_queue);
473 }
474
sco_sock_cleanup_listen(struct sock * parent)475 static void sco_sock_cleanup_listen(struct sock *parent)
476 {
477 struct sock *sk;
478
479 BT_DBG("parent %p", parent);
480
481 /* Close not yet accepted channels */
482 while ((sk = bt_accept_dequeue(parent, NULL))) {
483 sco_sock_close(sk);
484 sco_sock_kill(sk);
485 }
486
487 parent->sk_state = BT_CLOSED;
488 sock_set_flag(parent, SOCK_ZAPPED);
489 }
490
491 /* Kill socket (only if zapped and orphan)
492 * Must be called on unlocked socket.
493 */
sco_sock_kill(struct sock * sk)494 static void sco_sock_kill(struct sock *sk)
495 {
496 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
497 return;
498
499 BT_DBG("sk %p state %d", sk, sk->sk_state);
500
501 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
502 if (sco_pi(sk)->conn) {
503 sco_conn_lock(sco_pi(sk)->conn);
504 sco_pi(sk)->conn->sk = NULL;
505 sco_conn_unlock(sco_pi(sk)->conn);
506 }
507
508 /* Kill poor orphan */
509 bt_sock_unlink(&sco_sk_list, sk);
510 sock_set_flag(sk, SOCK_DEAD);
511 sock_put(sk);
512 }
513
__sco_sock_close(struct sock * sk)514 static void __sco_sock_close(struct sock *sk)
515 {
516 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
517
518 switch (sk->sk_state) {
519 case BT_LISTEN:
520 sco_sock_cleanup_listen(sk);
521 break;
522
523 case BT_CONNECTED:
524 case BT_CONFIG:
525 case BT_CONNECT2:
526 case BT_CONNECT:
527 case BT_DISCONN:
528 sco_chan_del(sk, ECONNRESET);
529 break;
530
531 default:
532 sock_set_flag(sk, SOCK_ZAPPED);
533 break;
534 }
535
536 }
537
538 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)539 static void sco_sock_close(struct sock *sk)
540 {
541 lock_sock(sk);
542 sco_sock_clear_timer(sk);
543 __sco_sock_close(sk);
544 release_sock(sk);
545 }
546
sco_sock_init(struct sock * sk,struct sock * parent)547 static void sco_sock_init(struct sock *sk, struct sock *parent)
548 {
549 BT_DBG("sk %p", sk);
550
551 if (parent) {
552 sk->sk_type = parent->sk_type;
553 bt_sk(sk)->flags = bt_sk(parent)->flags;
554 security_sk_clone(parent, sk);
555 }
556 }
557
558 static struct proto sco_proto = {
559 .name = "SCO",
560 .owner = THIS_MODULE,
561 .obj_size = sizeof(struct sco_pinfo)
562 };
563
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)564 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
565 int proto, gfp_t prio, int kern)
566 {
567 struct sock *sk;
568
569 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
570 if (!sk)
571 return NULL;
572
573 sk->sk_destruct = sco_sock_destruct;
574 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
575
576 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
577 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
578 sco_pi(sk)->codec.cid = 0xffff;
579 sco_pi(sk)->codec.vid = 0xffff;
580 sco_pi(sk)->codec.data_path = 0x00;
581
582 bt_sock_link(&sco_sk_list, sk);
583 return sk;
584 }
585
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)586 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
587 int kern)
588 {
589 struct sock *sk;
590
591 BT_DBG("sock %p", sock);
592
593 sock->state = SS_UNCONNECTED;
594
595 if (sock->type != SOCK_SEQPACKET)
596 return -ESOCKTNOSUPPORT;
597
598 sock->ops = &sco_sock_ops;
599
600 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
601 if (!sk)
602 return -ENOMEM;
603
604 sco_sock_init(sk, NULL);
605 return 0;
606 }
607
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)608 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
609 int addr_len)
610 {
611 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
612 struct sock *sk = sock->sk;
613 int err = 0;
614
615 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
616 addr->sa_family != AF_BLUETOOTH)
617 return -EINVAL;
618
619 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
620
621 lock_sock(sk);
622
623 if (sk->sk_state != BT_OPEN) {
624 err = -EBADFD;
625 goto done;
626 }
627
628 if (sk->sk_type != SOCK_SEQPACKET) {
629 err = -EINVAL;
630 goto done;
631 }
632
633 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
634
635 sk->sk_state = BT_BOUND;
636
637 done:
638 release_sock(sk);
639 return err;
640 }
641
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)642 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
643 {
644 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
645 struct sock *sk = sock->sk;
646 int err;
647
648 BT_DBG("sk %p", sk);
649
650 if (alen < sizeof(struct sockaddr_sco) ||
651 addr->sa_family != AF_BLUETOOTH)
652 return -EINVAL;
653
654 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
655 return -EBADFD;
656
657 if (sk->sk_type != SOCK_SEQPACKET)
658 err = -EINVAL;
659
660 lock_sock(sk);
661 /* Set destination address and psm */
662 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
663 release_sock(sk);
664
665 err = sco_connect(sk);
666 if (err)
667 return err;
668
669 lock_sock(sk);
670
671 err = bt_sock_wait_state(sk, BT_CONNECTED,
672 sock_sndtimeo(sk, flags & O_NONBLOCK));
673
674 release_sock(sk);
675 return err;
676 }
677
sco_sock_listen(struct socket * sock,int backlog)678 static int sco_sock_listen(struct socket *sock, int backlog)
679 {
680 struct sock *sk = sock->sk;
681 bdaddr_t *src = &sco_pi(sk)->src;
682 int err = 0;
683
684 BT_DBG("sk %p backlog %d", sk, backlog);
685
686 lock_sock(sk);
687
688 if (sk->sk_state != BT_BOUND) {
689 err = -EBADFD;
690 goto done;
691 }
692
693 if (sk->sk_type != SOCK_SEQPACKET) {
694 err = -EINVAL;
695 goto done;
696 }
697
698 write_lock(&sco_sk_list.lock);
699
700 if (__sco_get_sock_listen_by_addr(src)) {
701 err = -EADDRINUSE;
702 goto unlock;
703 }
704
705 sk->sk_max_ack_backlog = backlog;
706 sk->sk_ack_backlog = 0;
707
708 sk->sk_state = BT_LISTEN;
709
710 unlock:
711 write_unlock(&sco_sk_list.lock);
712
713 done:
714 release_sock(sk);
715 return err;
716 }
717
sco_sock_accept(struct socket * sock,struct socket * newsock,struct proto_accept_arg * arg)718 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
719 struct proto_accept_arg *arg)
720 {
721 DEFINE_WAIT_FUNC(wait, woken_wake_function);
722 struct sock *sk = sock->sk, *ch;
723 long timeo;
724 int err = 0;
725
726 lock_sock(sk);
727
728 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
729
730 BT_DBG("sk %p timeo %ld", sk, timeo);
731
732 /* Wait for an incoming connection. (wake-one). */
733 add_wait_queue_exclusive(sk_sleep(sk), &wait);
734 while (1) {
735 if (sk->sk_state != BT_LISTEN) {
736 err = -EBADFD;
737 break;
738 }
739
740 ch = bt_accept_dequeue(sk, newsock);
741 if (ch)
742 break;
743
744 if (!timeo) {
745 err = -EAGAIN;
746 break;
747 }
748
749 if (signal_pending(current)) {
750 err = sock_intr_errno(timeo);
751 break;
752 }
753
754 release_sock(sk);
755
756 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
757 lock_sock(sk);
758 }
759 remove_wait_queue(sk_sleep(sk), &wait);
760
761 if (err)
762 goto done;
763
764 newsock->state = SS_CONNECTED;
765
766 BT_DBG("new socket %p", ch);
767
768 done:
769 release_sock(sk);
770 return err;
771 }
772
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)773 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
774 int peer)
775 {
776 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
777 struct sock *sk = sock->sk;
778
779 BT_DBG("sock %p, sk %p", sock, sk);
780
781 addr->sa_family = AF_BLUETOOTH;
782
783 if (peer)
784 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
785 else
786 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
787
788 return sizeof(struct sockaddr_sco);
789 }
790
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)791 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
792 size_t len)
793 {
794 struct sock *sk = sock->sk;
795 struct sk_buff *skb;
796 struct sockcm_cookie sockc;
797 int err;
798
799 BT_DBG("sock %p, sk %p", sock, sk);
800
801 err = sock_error(sk);
802 if (err)
803 return err;
804
805 if (msg->msg_flags & MSG_OOB)
806 return -EOPNOTSUPP;
807
808 hci_sockcm_init(&sockc, sk);
809
810 if (msg->msg_controllen) {
811 err = sock_cmsg_send(sk, msg, &sockc);
812 if (err)
813 return err;
814 }
815
816 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
817 if (IS_ERR(skb))
818 return PTR_ERR(skb);
819
820 lock_sock(sk);
821
822 if (sk->sk_state == BT_CONNECTED)
823 err = sco_send_frame(sk, skb, &sockc);
824 else
825 err = -ENOTCONN;
826
827 release_sock(sk);
828
829 if (err < 0)
830 kfree_skb(skb);
831 return err;
832 }
833
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)834 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
835 {
836 struct hci_dev *hdev = conn->hdev;
837
838 BT_DBG("conn %p", conn);
839
840 conn->state = BT_CONFIG;
841
842 if (!lmp_esco_capable(hdev)) {
843 struct hci_cp_accept_conn_req cp;
844
845 bacpy(&cp.bdaddr, &conn->dst);
846 cp.role = 0x00; /* Ignored */
847
848 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
849 } else {
850 struct hci_cp_accept_sync_conn_req cp;
851
852 bacpy(&cp.bdaddr, &conn->dst);
853 cp.pkt_type = cpu_to_le16(conn->pkt_type);
854
855 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
856 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
857 cp.content_format = cpu_to_le16(setting);
858
859 switch (setting & SCO_AIRMODE_MASK) {
860 case SCO_AIRMODE_TRANSP:
861 if (conn->pkt_type & ESCO_2EV3)
862 cp.max_latency = cpu_to_le16(0x0008);
863 else
864 cp.max_latency = cpu_to_le16(0x000D);
865 cp.retrans_effort = 0x02;
866 break;
867 case SCO_AIRMODE_CVSD:
868 cp.max_latency = cpu_to_le16(0xffff);
869 cp.retrans_effort = 0xff;
870 break;
871 default:
872 /* use CVSD settings as fallback */
873 cp.max_latency = cpu_to_le16(0xffff);
874 cp.retrans_effort = 0xff;
875 break;
876 }
877
878 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
879 sizeof(cp), &cp);
880 }
881 }
882
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)883 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
884 size_t len, int flags)
885 {
886 struct sock *sk = sock->sk;
887 struct sco_pinfo *pi = sco_pi(sk);
888
889 if (unlikely(flags & MSG_ERRQUEUE))
890 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
891 BT_SCM_ERROR);
892
893 lock_sock(sk);
894
895 if (sk->sk_state == BT_CONNECT2 &&
896 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
897 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
898 sk->sk_state = BT_CONFIG;
899
900 release_sock(sk);
901 return 0;
902 }
903
904 release_sock(sk);
905
906 return bt_sock_recvmsg(sock, msg, len, flags);
907 }
908
sco_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)909 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
910 sockptr_t optval, unsigned int optlen)
911 {
912 struct sock *sk = sock->sk;
913 int err = 0;
914 struct bt_voice voice;
915 u32 opt;
916 struct bt_codecs *codecs;
917 struct hci_dev *hdev;
918 __u8 buffer[255];
919
920 BT_DBG("sk %p", sk);
921
922 lock_sock(sk);
923
924 switch (optname) {
925
926 case BT_DEFER_SETUP:
927 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
928 err = -EINVAL;
929 break;
930 }
931
932 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
933 if (err)
934 break;
935
936 if (opt)
937 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
938 else
939 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
940 break;
941
942 case BT_VOICE:
943 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
944 sk->sk_state != BT_CONNECT2) {
945 err = -EINVAL;
946 break;
947 }
948
949 voice.setting = sco_pi(sk)->setting;
950
951 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval,
952 optlen);
953 if (err)
954 break;
955
956 sco_pi(sk)->setting = voice.setting;
957 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
958 BDADDR_BREDR);
959 if (!hdev) {
960 err = -EBADFD;
961 break;
962 }
963
964 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) {
965 case SCO_AIRMODE_TRANSP:
966 if (enhanced_sync_conn_capable(hdev))
967 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
968 break;
969 }
970
971 hci_dev_put(hdev);
972 break;
973
974 case BT_PKT_STATUS:
975 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
976 if (err)
977 break;
978
979 if (opt)
980 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
981 else
982 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
983 break;
984
985 case BT_CODEC:
986 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
987 sk->sk_state != BT_CONNECT2) {
988 err = -EINVAL;
989 break;
990 }
991
992 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
993 BDADDR_BREDR);
994 if (!hdev) {
995 err = -EBADFD;
996 break;
997 }
998
999 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1000 hci_dev_put(hdev);
1001 err = -EOPNOTSUPP;
1002 break;
1003 }
1004
1005 if (!hdev->get_data_path_id) {
1006 hci_dev_put(hdev);
1007 err = -EOPNOTSUPP;
1008 break;
1009 }
1010
1011 if (optlen < sizeof(struct bt_codecs) ||
1012 optlen > sizeof(buffer)) {
1013 hci_dev_put(hdev);
1014 err = -EINVAL;
1015 break;
1016 }
1017
1018 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval,
1019 optlen);
1020 if (err) {
1021 hci_dev_put(hdev);
1022 break;
1023 }
1024
1025 codecs = (void *)buffer;
1026
1027 if (codecs->num_codecs > 1) {
1028 hci_dev_put(hdev);
1029 err = -EINVAL;
1030 break;
1031 }
1032
1033 sco_pi(sk)->codec = codecs->codecs[0];
1034 hci_dev_put(hdev);
1035 break;
1036
1037 default:
1038 err = -ENOPROTOOPT;
1039 break;
1040 }
1041
1042 release_sock(sk);
1043 return err;
1044 }
1045
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)1046 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1047 char __user *optval, int __user *optlen)
1048 {
1049 struct sock *sk = sock->sk;
1050 struct sco_options opts;
1051 struct sco_conninfo cinfo;
1052 int err = 0;
1053 size_t len;
1054
1055 BT_DBG("sk %p", sk);
1056
1057 if (get_user(len, optlen))
1058 return -EFAULT;
1059
1060 lock_sock(sk);
1061
1062 switch (optname) {
1063 case SCO_OPTIONS:
1064 if (sk->sk_state != BT_CONNECTED &&
1065 !(sk->sk_state == BT_CONNECT2 &&
1066 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1067 err = -ENOTCONN;
1068 break;
1069 }
1070
1071 opts.mtu = sco_pi(sk)->conn->mtu;
1072
1073 BT_DBG("mtu %u", opts.mtu);
1074
1075 len = min(len, sizeof(opts));
1076 if (copy_to_user(optval, (char *)&opts, len))
1077 err = -EFAULT;
1078
1079 break;
1080
1081 case SCO_CONNINFO:
1082 if (sk->sk_state != BT_CONNECTED &&
1083 !(sk->sk_state == BT_CONNECT2 &&
1084 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1085 err = -ENOTCONN;
1086 break;
1087 }
1088
1089 memset(&cinfo, 0, sizeof(cinfo));
1090 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1091 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1092
1093 len = min(len, sizeof(cinfo));
1094 if (copy_to_user(optval, (char *)&cinfo, len))
1095 err = -EFAULT;
1096
1097 break;
1098
1099 default:
1100 err = -ENOPROTOOPT;
1101 break;
1102 }
1103
1104 release_sock(sk);
1105 return err;
1106 }
1107
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1108 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1109 char __user *optval, int __user *optlen)
1110 {
1111 struct sock *sk = sock->sk;
1112 int len, err = 0;
1113 struct bt_voice voice;
1114 u32 phys;
1115 int buf_len;
1116 struct codec_list *c;
1117 u8 num_codecs, i, __user *ptr;
1118 struct hci_dev *hdev;
1119 struct hci_codec_caps *caps;
1120 struct bt_codec codec;
1121
1122 BT_DBG("sk %p", sk);
1123
1124 if (level == SOL_SCO)
1125 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1126
1127 if (get_user(len, optlen))
1128 return -EFAULT;
1129
1130 lock_sock(sk);
1131
1132 switch (optname) {
1133
1134 case BT_DEFER_SETUP:
1135 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1136 err = -EINVAL;
1137 break;
1138 }
1139
1140 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1141 (u32 __user *)optval))
1142 err = -EFAULT;
1143
1144 break;
1145
1146 case BT_VOICE:
1147 voice.setting = sco_pi(sk)->setting;
1148
1149 len = min_t(unsigned int, len, sizeof(voice));
1150 if (copy_to_user(optval, (char *)&voice, len))
1151 err = -EFAULT;
1152
1153 break;
1154
1155 case BT_PHY:
1156 if (sk->sk_state != BT_CONNECTED) {
1157 err = -ENOTCONN;
1158 break;
1159 }
1160
1161 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1162
1163 if (put_user(phys, (u32 __user *) optval))
1164 err = -EFAULT;
1165 break;
1166
1167 case BT_PKT_STATUS:
1168 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1169 (int __user *)optval))
1170 err = -EFAULT;
1171 break;
1172
1173 case BT_SNDMTU:
1174 case BT_RCVMTU:
1175 if (sk->sk_state != BT_CONNECTED) {
1176 err = -ENOTCONN;
1177 break;
1178 }
1179
1180 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1181 err = -EFAULT;
1182 break;
1183
1184 case BT_CODEC:
1185 num_codecs = 0;
1186 buf_len = 0;
1187
1188 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1189 if (!hdev) {
1190 err = -EBADFD;
1191 break;
1192 }
1193
1194 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1195 hci_dev_put(hdev);
1196 err = -EOPNOTSUPP;
1197 break;
1198 }
1199
1200 if (!hdev->get_data_path_id) {
1201 hci_dev_put(hdev);
1202 err = -EOPNOTSUPP;
1203 break;
1204 }
1205
1206 release_sock(sk);
1207
1208 /* find total buffer size required to copy codec + caps */
1209 hci_dev_lock(hdev);
1210 list_for_each_entry(c, &hdev->local_codecs, list) {
1211 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1212 continue;
1213 num_codecs++;
1214 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1215 buf_len += 1 + caps->len;
1216 caps = (void *)&caps->data[caps->len];
1217 }
1218 buf_len += sizeof(struct bt_codec);
1219 }
1220 hci_dev_unlock(hdev);
1221
1222 buf_len += sizeof(struct bt_codecs);
1223 if (buf_len > len) {
1224 hci_dev_put(hdev);
1225 return -ENOBUFS;
1226 }
1227 ptr = optval;
1228
1229 if (put_user(num_codecs, ptr)) {
1230 hci_dev_put(hdev);
1231 return -EFAULT;
1232 }
1233 ptr += sizeof(num_codecs);
1234
1235 /* Iterate all the codecs supported over SCO and populate
1236 * codec data
1237 */
1238 hci_dev_lock(hdev);
1239 list_for_each_entry(c, &hdev->local_codecs, list) {
1240 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1241 continue;
1242
1243 codec.id = c->id;
1244 codec.cid = c->cid;
1245 codec.vid = c->vid;
1246 err = hdev->get_data_path_id(hdev, &codec.data_path);
1247 if (err < 0)
1248 break;
1249 codec.num_caps = c->num_caps;
1250 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1251 err = -EFAULT;
1252 break;
1253 }
1254 ptr += sizeof(codec);
1255
1256 /* find codec capabilities data length */
1257 len = 0;
1258 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1259 len += 1 + caps->len;
1260 caps = (void *)&caps->data[caps->len];
1261 }
1262
1263 /* copy codec capabilities data */
1264 if (len && copy_to_user(ptr, c->caps, len)) {
1265 err = -EFAULT;
1266 break;
1267 }
1268 ptr += len;
1269 }
1270
1271 hci_dev_unlock(hdev);
1272 hci_dev_put(hdev);
1273
1274 lock_sock(sk);
1275
1276 if (!err && put_user(buf_len, optlen))
1277 err = -EFAULT;
1278
1279 break;
1280
1281 default:
1282 err = -ENOPROTOOPT;
1283 break;
1284 }
1285
1286 release_sock(sk);
1287 return err;
1288 }
1289
sco_sock_shutdown(struct socket * sock,int how)1290 static int sco_sock_shutdown(struct socket *sock, int how)
1291 {
1292 struct sock *sk = sock->sk;
1293 int err = 0;
1294
1295 BT_DBG("sock %p, sk %p", sock, sk);
1296
1297 if (!sk)
1298 return 0;
1299
1300 sock_hold(sk);
1301 lock_sock(sk);
1302
1303 if (!sk->sk_shutdown) {
1304 sk->sk_shutdown = SHUTDOWN_MASK;
1305 sco_sock_clear_timer(sk);
1306 __sco_sock_close(sk);
1307
1308 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1309 !(current->flags & PF_EXITING))
1310 err = bt_sock_wait_state(sk, BT_CLOSED,
1311 sk->sk_lingertime);
1312 }
1313
1314 release_sock(sk);
1315 sock_put(sk);
1316
1317 return err;
1318 }
1319
sco_sock_release(struct socket * sock)1320 static int sco_sock_release(struct socket *sock)
1321 {
1322 struct sock *sk = sock->sk;
1323 int err = 0;
1324
1325 BT_DBG("sock %p, sk %p", sock, sk);
1326
1327 if (!sk)
1328 return 0;
1329
1330 sco_sock_close(sk);
1331
1332 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1333 !(current->flags & PF_EXITING)) {
1334 lock_sock(sk);
1335 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1336 release_sock(sk);
1337 }
1338
1339 sock_orphan(sk);
1340 sco_sock_kill(sk);
1341 return err;
1342 }
1343
sco_conn_ready(struct sco_conn * conn)1344 static void sco_conn_ready(struct sco_conn *conn)
1345 {
1346 struct sock *parent;
1347 struct sock *sk = conn->sk;
1348
1349 BT_DBG("conn %p", conn);
1350
1351 if (sk) {
1352 lock_sock(sk);
1353 sco_sock_clear_timer(sk);
1354 sk->sk_state = BT_CONNECTED;
1355 sk->sk_state_change(sk);
1356 release_sock(sk);
1357 } else {
1358 sco_conn_lock(conn);
1359
1360 if (!conn->hcon) {
1361 sco_conn_unlock(conn);
1362 return;
1363 }
1364
1365 parent = sco_get_sock_listen(&conn->hcon->src);
1366 if (!parent) {
1367 sco_conn_unlock(conn);
1368 return;
1369 }
1370
1371 lock_sock(parent);
1372
1373 sk = sco_sock_alloc(sock_net(parent), NULL,
1374 BTPROTO_SCO, GFP_ATOMIC, 0);
1375 if (!sk) {
1376 release_sock(parent);
1377 sco_conn_unlock(conn);
1378 return;
1379 }
1380
1381 sco_sock_init(sk, parent);
1382
1383 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1384 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1385
1386 sco_conn_hold(conn);
1387 hci_conn_hold(conn->hcon);
1388 __sco_chan_add(conn, sk, parent);
1389
1390 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1391 sk->sk_state = BT_CONNECT2;
1392 else
1393 sk->sk_state = BT_CONNECTED;
1394
1395 /* Wake up parent */
1396 parent->sk_data_ready(parent);
1397
1398 release_sock(parent);
1399
1400 sco_conn_unlock(conn);
1401 }
1402 }
1403
1404 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1405 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1406 {
1407 struct sock *sk;
1408 int lm = 0;
1409
1410 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1411
1412 /* Find listening sockets */
1413 read_lock(&sco_sk_list.lock);
1414 sk_for_each(sk, &sco_sk_list.head) {
1415 if (sk->sk_state != BT_LISTEN)
1416 continue;
1417
1418 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1419 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1420 lm |= HCI_LM_ACCEPT;
1421
1422 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1423 *flags |= HCI_PROTO_DEFER;
1424 break;
1425 }
1426 }
1427 read_unlock(&sco_sk_list.lock);
1428
1429 return lm;
1430 }
1431
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1432 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1433 {
1434 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1435 return;
1436
1437 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1438
1439 if (!status) {
1440 struct sco_conn *conn;
1441
1442 conn = sco_conn_add(hcon);
1443 if (conn) {
1444 sco_conn_ready(conn);
1445 sco_conn_put(conn);
1446 }
1447 } else
1448 sco_conn_del(hcon, bt_to_errno(status));
1449 }
1450
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1451 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1452 {
1453 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1454 return;
1455
1456 BT_DBG("hcon %p reason %d", hcon, reason);
1457
1458 sco_conn_del(hcon, bt_to_errno(reason));
1459 }
1460
sco_recv_scodata(struct hci_dev * hdev,u16 handle,struct sk_buff * skb)1461 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb)
1462 {
1463 struct hci_conn *hcon;
1464 struct sco_conn *conn;
1465
1466 hci_dev_lock(hdev);
1467
1468 hcon = hci_conn_hash_lookup_handle(hdev, handle);
1469 if (!hcon) {
1470 hci_dev_unlock(hdev);
1471 kfree_skb(skb);
1472 return -ENOENT;
1473 }
1474
1475 conn = sco_conn_hold_unless_zero(hcon->sco_data);
1476 hcon = NULL;
1477
1478 hci_dev_unlock(hdev);
1479
1480 if (!conn) {
1481 kfree_skb(skb);
1482 return -EINVAL;
1483 }
1484
1485 BT_DBG("conn %p len %u", conn, skb->len);
1486
1487 if (skb->len)
1488 sco_recv_frame(conn, skb);
1489 else
1490 kfree_skb(skb);
1491
1492 sco_conn_put(conn);
1493 return 0;
1494 }
1495
1496 static struct hci_cb sco_cb = {
1497 .name = "SCO",
1498 .connect_cfm = sco_connect_cfm,
1499 .disconn_cfm = sco_disconn_cfm,
1500 };
1501
sco_debugfs_show(struct seq_file * f,void * p)1502 static int sco_debugfs_show(struct seq_file *f, void *p)
1503 {
1504 struct sock *sk;
1505
1506 read_lock(&sco_sk_list.lock);
1507
1508 sk_for_each(sk, &sco_sk_list.head) {
1509 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1510 &sco_pi(sk)->dst, sk->sk_state);
1511 }
1512
1513 read_unlock(&sco_sk_list.lock);
1514
1515 return 0;
1516 }
1517
1518 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1519
1520 static struct dentry *sco_debugfs;
1521
1522 static const struct proto_ops sco_sock_ops = {
1523 .family = PF_BLUETOOTH,
1524 .owner = THIS_MODULE,
1525 .release = sco_sock_release,
1526 .bind = sco_sock_bind,
1527 .connect = sco_sock_connect,
1528 .listen = sco_sock_listen,
1529 .accept = sco_sock_accept,
1530 .getname = sco_sock_getname,
1531 .sendmsg = sco_sock_sendmsg,
1532 .recvmsg = sco_sock_recvmsg,
1533 .poll = bt_sock_poll,
1534 .ioctl = bt_sock_ioctl,
1535 .gettstamp = sock_gettstamp,
1536 .mmap = sock_no_mmap,
1537 .socketpair = sock_no_socketpair,
1538 .shutdown = sco_sock_shutdown,
1539 .setsockopt = sco_sock_setsockopt,
1540 .getsockopt = sco_sock_getsockopt
1541 };
1542
1543 static const struct net_proto_family sco_sock_family_ops = {
1544 .family = PF_BLUETOOTH,
1545 .owner = THIS_MODULE,
1546 .create = sco_sock_create,
1547 };
1548
sco_init(void)1549 int __init sco_init(void)
1550 {
1551 int err;
1552
1553 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1554
1555 err = proto_register(&sco_proto, 0);
1556 if (err < 0)
1557 return err;
1558
1559 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1560 if (err < 0) {
1561 BT_ERR("SCO socket registration failed");
1562 goto error;
1563 }
1564
1565 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1566 if (err < 0) {
1567 BT_ERR("Failed to create SCO proc file");
1568 bt_sock_unregister(BTPROTO_SCO);
1569 goto error;
1570 }
1571
1572 BT_INFO("SCO socket layer initialized");
1573
1574 hci_register_cb(&sco_cb);
1575
1576 if (IS_ERR_OR_NULL(bt_debugfs))
1577 return 0;
1578
1579 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1580 NULL, &sco_debugfs_fops);
1581
1582 return 0;
1583
1584 error:
1585 proto_unregister(&sco_proto);
1586 return err;
1587 }
1588
sco_exit(void)1589 void sco_exit(void)
1590 {
1591 bt_procfs_cleanup(&init_net, "sco");
1592
1593 debugfs_remove(sco_debugfs);
1594
1595 hci_unregister_cb(&sco_cb);
1596
1597 bt_sock_unregister(BTPROTO_SCO);
1598
1599 proto_unregister(&sco_proto);
1600 }
1601
1602 module_param(disable_esco, bool, 0644);
1603 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1604