1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 * Copyright 2023-2024 NXP
7 */
8
9 #include <linux/module.h>
10 #include <linux/debugfs.h>
11 #include <linux/seq_file.h>
12 #include <linux/sched/signal.h>
13
14 #include <net/bluetooth/bluetooth.h>
15 #include <net/bluetooth/hci_core.h>
16 #include <net/bluetooth/iso.h>
17 #include "eir.h"
18
19 static const struct proto_ops iso_sock_ops;
20
21 static struct bt_sock_list iso_sk_list = {
22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23 };
24
25 /* ---- ISO connections ---- */
26 struct iso_conn {
27 struct hci_conn *hcon;
28
29 /* @lock: spinlock protecting changes to iso_conn fields */
30 spinlock_t lock;
31 struct sock *sk;
32
33 struct delayed_work timeout_work;
34
35 struct sk_buff *rx_skb;
36 __u32 rx_len;
37 __u16 tx_sn;
38 struct kref ref;
39 };
40
41 #define iso_conn_lock(c) spin_lock(&(c)->lock)
42 #define iso_conn_unlock(c) spin_unlock(&(c)->lock)
43
44 static void iso_sock_close(struct sock *sk);
45 static void iso_sock_kill(struct sock *sk);
46
47 /* ----- ISO socket info ----- */
48 #define iso_pi(sk) ((struct iso_pinfo *)sk)
49
50 #define EIR_SERVICE_DATA_LENGTH 4
51 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
52 #define EIR_BAA_SERVICE_UUID 0x1851
53
54 /* iso_pinfo flags values */
55 enum {
56 BT_SK_BIG_SYNC,
57 BT_SK_PA_SYNC,
58 };
59
60 struct iso_pinfo {
61 struct bt_sock bt;
62 bdaddr_t src;
63 __u8 src_type;
64 bdaddr_t dst;
65 __u8 dst_type;
66 __u8 bc_sid;
67 __u8 bc_num_bis;
68 __u8 bc_bis[ISO_MAX_NUM_BIS];
69 __u16 sync_handle;
70 unsigned long flags;
71 struct bt_iso_qos qos;
72 bool qos_user_set;
73 __u8 base_len;
74 __u8 base[BASE_MAX_LENGTH];
75 struct iso_conn *conn;
76 };
77
78 static struct bt_iso_qos default_qos;
79
80 static bool check_ucast_qos(struct bt_iso_qos *qos);
81 static bool check_bcast_qos(struct bt_iso_qos *qos);
82 static bool iso_match_sid(struct sock *sk, void *data);
83 static bool iso_match_sid_past(struct sock *sk, void *data);
84 static bool iso_match_sync_handle(struct sock *sk, void *data);
85 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data);
86 static void iso_sock_disconn(struct sock *sk);
87
88 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
89
90 static struct sock *iso_get_sock(struct hci_dev *hdev, bdaddr_t *src,
91 bdaddr_t *dst, enum bt_sock_state state,
92 iso_sock_match_t match, void *data);
93
94 /* ---- ISO timers ---- */
95 #define ISO_CONN_TIMEOUT secs_to_jiffies(20)
96 #define ISO_DISCONN_TIMEOUT secs_to_jiffies(2)
97
iso_conn_free(struct kref * ref)98 static void iso_conn_free(struct kref *ref)
99 {
100 struct iso_conn *conn = container_of(ref, struct iso_conn, ref);
101
102 BT_DBG("conn %p", conn);
103
104 if (conn->sk)
105 iso_pi(conn->sk)->conn = NULL;
106
107 if (conn->hcon) {
108 conn->hcon->iso_data = NULL;
109 hci_conn_drop(conn->hcon);
110 }
111
112 /* Ensure no more work items will run since hci_conn has been dropped */
113 disable_delayed_work_sync(&conn->timeout_work);
114
115 kfree_skb(conn->rx_skb);
116
117 kfree(conn);
118 }
119
iso_conn_put(struct iso_conn * conn)120 static void iso_conn_put(struct iso_conn *conn)
121 {
122 if (!conn)
123 return;
124
125 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
126
127 kref_put(&conn->ref, iso_conn_free);
128 }
129
iso_conn_hold_unless_zero(struct iso_conn * conn)130 static struct iso_conn *iso_conn_hold_unless_zero(struct iso_conn *conn)
131 {
132 if (!conn)
133 return NULL;
134
135 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
136
137 if (!kref_get_unless_zero(&conn->ref))
138 return NULL;
139
140 return conn;
141 }
142
iso_sock_hold(struct iso_conn * conn)143 static struct sock *iso_sock_hold(struct iso_conn *conn)
144 {
145 if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
146 return NULL;
147
148 sock_hold(conn->sk);
149
150 return conn->sk;
151 }
152
iso_sock_timeout(struct work_struct * work)153 static void iso_sock_timeout(struct work_struct *work)
154 {
155 struct iso_conn *conn = container_of(work, struct iso_conn,
156 timeout_work.work);
157 struct sock *sk;
158
159 conn = iso_conn_hold_unless_zero(conn);
160 if (!conn)
161 return;
162
163 iso_conn_lock(conn);
164 sk = iso_sock_hold(conn);
165 iso_conn_unlock(conn);
166 iso_conn_put(conn);
167
168 if (!sk)
169 return;
170
171 BT_DBG("sock %p state %d", sk, sk->sk_state);
172
173 lock_sock(sk);
174 sk->sk_err = ETIMEDOUT;
175 sk->sk_state_change(sk);
176 release_sock(sk);
177 sock_put(sk);
178 }
179
iso_sock_set_timer(struct sock * sk,long timeout)180 static void iso_sock_set_timer(struct sock *sk, long timeout)
181 {
182 if (!iso_pi(sk)->conn)
183 return;
184
185 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
186 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
187 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
188 }
189
iso_sock_clear_timer(struct sock * sk)190 static void iso_sock_clear_timer(struct sock *sk)
191 {
192 if (!iso_pi(sk)->conn)
193 return;
194
195 BT_DBG("sock %p state %d", sk, sk->sk_state);
196 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
197 }
198
199 /* ---- ISO connections ---- */
iso_conn_add(struct hci_conn * hcon)200 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
201 {
202 struct iso_conn *conn = hcon->iso_data;
203
204 conn = iso_conn_hold_unless_zero(conn);
205 if (conn) {
206 if (!conn->hcon) {
207 iso_conn_lock(conn);
208 conn->hcon = hcon;
209 iso_conn_unlock(conn);
210 }
211 iso_conn_put(conn);
212 return conn;
213 }
214
215 conn = kzalloc_obj(*conn);
216 if (!conn)
217 return NULL;
218
219 kref_init(&conn->ref);
220 spin_lock_init(&conn->lock);
221 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
222
223 hcon->iso_data = conn;
224 conn->hcon = hcon;
225 conn->tx_sn = 0;
226
227 BT_DBG("hcon %p conn %p", hcon, conn);
228
229 return conn;
230 }
231
232 /* Delete channel. Must be called on the locked socket. */
iso_chan_del(struct sock * sk,int err)233 static void iso_chan_del(struct sock *sk, int err)
234 {
235 struct iso_conn *conn;
236 struct sock *parent;
237
238 conn = iso_pi(sk)->conn;
239 iso_pi(sk)->conn = NULL;
240
241 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
242
243 if (conn) {
244 iso_conn_lock(conn);
245 conn->sk = NULL;
246 iso_conn_unlock(conn);
247 iso_conn_put(conn);
248 }
249
250 sk->sk_state = BT_CLOSED;
251 sk->sk_err = err;
252
253 parent = bt_sk(sk)->parent;
254 if (parent) {
255 bt_accept_unlink(sk);
256 parent->sk_data_ready(parent);
257 } else {
258 sk->sk_state_change(sk);
259 }
260
261 sock_set_flag(sk, SOCK_ZAPPED);
262 }
263
iso_conn_del(struct hci_conn * hcon,int err)264 static void iso_conn_del(struct hci_conn *hcon, int err)
265 {
266 struct iso_conn *conn = hcon->iso_data;
267 struct sock *sk;
268
269 conn = iso_conn_hold_unless_zero(conn);
270 if (!conn)
271 return;
272
273 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
274
275 /* Kill socket */
276 iso_conn_lock(conn);
277 sk = iso_sock_hold(conn);
278 iso_conn_unlock(conn);
279 iso_conn_put(conn);
280
281 if (!sk) {
282 iso_conn_put(conn);
283 return;
284 }
285
286 lock_sock(sk);
287 iso_sock_clear_timer(sk);
288 iso_chan_del(sk, err);
289 release_sock(sk);
290 sock_put(sk);
291 }
292
__iso_chan_add(struct iso_conn * conn,struct sock * sk,struct sock * parent)293 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
294 struct sock *parent)
295 {
296 BT_DBG("conn %p", conn);
297
298 if (iso_pi(sk)->conn == conn && conn->sk == sk)
299 return 0;
300
301 if (conn->sk) {
302 BT_ERR("conn->sk already set");
303 return -EBUSY;
304 }
305
306 iso_pi(sk)->conn = conn;
307 conn->sk = sk;
308
309 if (parent)
310 bt_accept_enqueue(parent, sk, true);
311
312 return 0;
313 }
314
iso_chan_add(struct iso_conn * conn,struct sock * sk,struct sock * parent)315 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
316 struct sock *parent)
317 {
318 int err;
319
320 iso_conn_lock(conn);
321 err = __iso_chan_add(conn, sk, parent);
322 iso_conn_unlock(conn);
323
324 return err;
325 }
326
le_addr_type(u8 bdaddr_type)327 static inline u8 le_addr_type(u8 bdaddr_type)
328 {
329 if (bdaddr_type == BDADDR_LE_PUBLIC)
330 return ADDR_LE_DEV_PUBLIC;
331 else
332 return ADDR_LE_DEV_RANDOM;
333 }
334
iso_connect_bis(struct sock * sk)335 static int iso_connect_bis(struct sock *sk)
336 {
337 struct iso_conn *conn;
338 struct hci_conn *hcon;
339 struct hci_dev *hdev;
340 bdaddr_t src, dst;
341 u8 src_type, bc_sid;
342 int err;
343
344 lock_sock(sk);
345 bacpy(&src, &iso_pi(sk)->src);
346 bacpy(&dst, &iso_pi(sk)->dst);
347 src_type = iso_pi(sk)->src_type;
348 bc_sid = iso_pi(sk)->bc_sid;
349 release_sock(sk);
350
351 BT_DBG("%pMR (SID 0x%2.2x)", &src, bc_sid);
352
353 hdev = hci_get_route(&dst, &src, src_type);
354 if (!hdev)
355 return -EHOSTUNREACH;
356
357 hci_dev_lock(hdev);
358 lock_sock(sk);
359
360 if (!bis_capable(hdev)) {
361 err = -EOPNOTSUPP;
362 goto unlock;
363 }
364
365 /* Fail if user set invalid QoS */
366 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
367 iso_pi(sk)->qos = default_qos;
368 err = -EINVAL;
369 goto unlock;
370 }
371
372 /* Fail if out PHYs are marked as disabled */
373 if (!iso_pi(sk)->qos.bcast.out.phys) {
374 err = -EINVAL;
375 goto unlock;
376 }
377
378 /* Just bind if DEFER_SETUP has been set */
379 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
380 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->bc_sid,
381 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
382 iso_pi(sk)->base,
383 READ_ONCE(sk->sk_sndtimeo));
384 if (IS_ERR(hcon)) {
385 err = PTR_ERR(hcon);
386 goto unlock;
387 }
388 } else {
389 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
390 le_addr_type(iso_pi(sk)->dst_type),
391 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos,
392 iso_pi(sk)->base_len, iso_pi(sk)->base,
393 READ_ONCE(sk->sk_sndtimeo));
394 if (IS_ERR(hcon)) {
395 err = PTR_ERR(hcon);
396 goto unlock;
397 }
398
399 /* Update SID if it was not set */
400 if (iso_pi(sk)->bc_sid == HCI_SID_INVALID)
401 iso_pi(sk)->bc_sid = hcon->sid;
402 }
403
404 conn = iso_conn_add(hcon);
405 if (!conn) {
406 hci_conn_drop(hcon);
407 err = -ENOMEM;
408 goto unlock;
409 }
410
411 err = iso_chan_add(conn, sk, NULL);
412 if (err)
413 goto unlock;
414
415 /* Update source addr of the socket */
416 bacpy(&iso_pi(sk)->src, &hcon->src);
417
418 if (hcon->state == BT_CONNECTED) {
419 iso_sock_clear_timer(sk);
420 sk->sk_state = BT_CONNECTED;
421 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
422 iso_sock_clear_timer(sk);
423 sk->sk_state = BT_CONNECT;
424 } else {
425 sk->sk_state = BT_CONNECT;
426 iso_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
427 }
428
429 unlock:
430 release_sock(sk);
431 hci_dev_unlock(hdev);
432 hci_dev_put(hdev);
433 return err;
434 }
435
iso_connect_cis(struct sock * sk)436 static int iso_connect_cis(struct sock *sk)
437 {
438 struct iso_conn *conn;
439 struct hci_conn *hcon;
440 struct hci_dev *hdev;
441 bdaddr_t src, dst;
442 u8 src_type;
443 int err;
444
445 lock_sock(sk);
446 bacpy(&src, &iso_pi(sk)->src);
447 bacpy(&dst, &iso_pi(sk)->dst);
448 src_type = iso_pi(sk)->src_type;
449 release_sock(sk);
450
451 BT_DBG("%pMR -> %pMR", &src, &dst);
452
453 hdev = hci_get_route(&dst, &src, src_type);
454 if (!hdev)
455 return -EHOSTUNREACH;
456
457 hci_dev_lock(hdev);
458 lock_sock(sk);
459
460 if (!cis_central_capable(hdev)) {
461 err = -EOPNOTSUPP;
462 goto unlock;
463 }
464
465 /* Fail if user set invalid QoS */
466 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
467 iso_pi(sk)->qos = default_qos;
468 err = -EINVAL;
469 goto unlock;
470 }
471
472 /* Fail if either PHYs are marked as disabled */
473 if (!iso_pi(sk)->qos.ucast.in.phys && !iso_pi(sk)->qos.ucast.out.phys) {
474 err = -EINVAL;
475 goto unlock;
476 }
477
478 /* Check if there are available buffers for output/TX. */
479 if (iso_pi(sk)->qos.ucast.out.sdu && !hci_iso_count(hdev) &&
480 (hdev->iso_pkts && !hdev->iso_cnt)) {
481 err = -ENOBUFS;
482 goto unlock;
483 }
484
485 /* Just bind if DEFER_SETUP has been set */
486 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
487 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
488 le_addr_type(iso_pi(sk)->dst_type),
489 &iso_pi(sk)->qos,
490 READ_ONCE(sk->sk_sndtimeo));
491 if (IS_ERR(hcon)) {
492 err = PTR_ERR(hcon);
493 goto unlock;
494 }
495 } else {
496 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
497 le_addr_type(iso_pi(sk)->dst_type),
498 &iso_pi(sk)->qos,
499 READ_ONCE(sk->sk_sndtimeo));
500 if (IS_ERR(hcon)) {
501 err = PTR_ERR(hcon);
502 goto unlock;
503 }
504 }
505
506 conn = iso_conn_add(hcon);
507 if (!conn) {
508 hci_conn_drop(hcon);
509 err = -ENOMEM;
510 goto unlock;
511 }
512
513 err = iso_chan_add(conn, sk, NULL);
514 if (err)
515 goto unlock;
516
517 /* Update source addr of the socket */
518 bacpy(&iso_pi(sk)->src, &hcon->src);
519
520 if (hcon->state == BT_CONNECTED) {
521 iso_sock_clear_timer(sk);
522 sk->sk_state = BT_CONNECTED;
523 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
524 iso_sock_clear_timer(sk);
525 sk->sk_state = BT_CONNECT;
526 } else {
527 sk->sk_state = BT_CONNECT;
528 iso_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
529 }
530
531 unlock:
532 release_sock(sk);
533 hci_dev_unlock(hdev);
534 hci_dev_put(hdev);
535 return err;
536 }
537
iso_sock_get_qos(struct sock * sk)538 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
539 {
540 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
541 return &iso_pi(sk)->conn->hcon->iso_qos;
542
543 return &iso_pi(sk)->qos;
544 }
545
iso_send_frame(struct sock * sk,struct sk_buff * skb,const struct sockcm_cookie * sockc)546 static int iso_send_frame(struct sock *sk, struct sk_buff *skb,
547 const struct sockcm_cookie *sockc)
548 {
549 struct iso_conn *conn = iso_pi(sk)->conn;
550 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
551 struct hci_iso_data_hdr *hdr;
552 int len = 0;
553
554 BT_DBG("sk %p len %d", sk, skb->len);
555
556 if (skb->len > qos->ucast.out.sdu)
557 return -EMSGSIZE;
558
559 len = skb->len;
560
561 /* Push ISO data header */
562 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
563 hdr->sn = cpu_to_le16(conn->tx_sn++);
564 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
565 HCI_ISO_STATUS_VALID));
566
567 if (sk->sk_state == BT_CONNECTED) {
568 hci_setup_tx_timestamp(skb, 1, sockc);
569 hci_send_iso(conn->hcon, skb);
570 } else {
571 len = -ENOTCONN;
572 }
573
574 return len;
575 }
576
iso_recv_frame(struct iso_conn * conn,struct sk_buff * skb)577 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
578 {
579 struct sock *sk;
580
581 iso_conn_lock(conn);
582 sk = iso_sock_hold(conn);
583 iso_conn_unlock(conn);
584
585 if (!sk)
586 goto drop;
587
588 BT_DBG("sk %p len %d", sk, skb->len);
589
590 if (sk->sk_state != BT_CONNECTED)
591 goto drop_put;
592
593 if (!sock_queue_rcv_skb(sk, skb)) {
594 sock_put(sk);
595 return;
596 }
597
598 drop_put:
599 sock_put(sk);
600 drop:
601 kfree_skb(skb);
602 }
603
604 /* -------- Socket interface ---------- */
__iso_get_sock_listen_by_addr(bdaddr_t * src,bdaddr_t * dst)605 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
606 {
607 struct sock *sk;
608
609 sk_for_each(sk, &iso_sk_list.head) {
610 if (sk->sk_state != BT_LISTEN)
611 continue;
612
613 if (bacmp(&iso_pi(sk)->dst, dst))
614 continue;
615
616 if (!bacmp(&iso_pi(sk)->src, src))
617 return sk;
618 }
619
620 return NULL;
621 }
622
__iso_get_sock_listen_by_sid(bdaddr_t * ba,bdaddr_t * bc,__u8 sid)623 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
624 __u8 sid)
625 {
626 struct sock *sk;
627
628 sk_for_each(sk, &iso_sk_list.head) {
629 if (sk->sk_state != BT_LISTEN)
630 continue;
631
632 if (bacmp(&iso_pi(sk)->src, ba))
633 continue;
634
635 if (bacmp(&iso_pi(sk)->dst, bc))
636 continue;
637
638 if (iso_pi(sk)->bc_sid == sid)
639 return sk;
640 }
641
642 return NULL;
643 }
644
645 /* Find socket in given state:
646 * source bdaddr (Unicast)
647 * destination bdaddr (Broadcast only)
648 * match func - pass NULL to ignore
649 * match func data - pass -1 to ignore
650 * Returns closest match.
651 */
iso_get_sock(struct hci_dev * hdev,bdaddr_t * src,bdaddr_t * dst,enum bt_sock_state state,iso_sock_match_t match,void * data)652 static struct sock *iso_get_sock(struct hci_dev *hdev, bdaddr_t *src,
653 bdaddr_t *dst, enum bt_sock_state state,
654 iso_sock_match_t match, void *data)
655 {
656 struct sock *sk = NULL, *sk1 = NULL;
657
658 read_lock(&iso_sk_list.lock);
659
660 sk_for_each(sk, &iso_sk_list.head) {
661 if (sk->sk_state != state)
662 continue;
663
664 /* Match Broadcast destination */
665 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) {
666 struct smp_irk *irk1, *irk2;
667
668 /* Check if destination is an RPA that we can resolve */
669 irk1 = hci_find_irk_by_rpa(hdev, dst);
670 if (!irk1)
671 continue;
672
673 /* Match with identity address */
674 if (bacmp(&iso_pi(sk)->dst, &irk1->bdaddr)) {
675 /* Check if socket destination address is also
676 * an RPA and if the IRK matches.
677 */
678 irk2 = hci_find_irk_by_rpa(hdev,
679 &iso_pi(sk)->dst);
680 if (!irk2 || irk1 != irk2)
681 continue;
682 }
683 }
684
685 /* Use Match function if provided */
686 if (match && !match(sk, data))
687 continue;
688
689 /* Exact match. */
690 if (!bacmp(&iso_pi(sk)->src, src)) {
691 sock_hold(sk);
692 break;
693 }
694
695 /* Closest match */
696 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
697 if (sk1)
698 sock_put(sk1);
699
700 sk1 = sk;
701 sock_hold(sk1);
702 }
703 }
704
705 if (sk && sk1)
706 sock_put(sk1);
707
708 read_unlock(&iso_sk_list.lock);
709
710 return sk ? sk : sk1;
711 }
712
iso_get_sock_big(struct sock * match_sk,bdaddr_t * src,bdaddr_t * dst,uint8_t big)713 static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
714 bdaddr_t *dst, uint8_t big)
715 {
716 struct sock *sk = NULL;
717
718 read_lock(&iso_sk_list.lock);
719
720 sk_for_each(sk, &iso_sk_list.head) {
721 if (match_sk == sk)
722 continue;
723
724 /* Look for sockets that have already been
725 * connected to the BIG
726 */
727 if (sk->sk_state != BT_CONNECTED &&
728 sk->sk_state != BT_CONNECT)
729 continue;
730
731 /* Match Broadcast destination */
732 if (bacmp(&iso_pi(sk)->dst, dst))
733 continue;
734
735 /* Match BIG handle */
736 if (iso_pi(sk)->qos.bcast.big != big)
737 continue;
738
739 /* Match source address */
740 if (bacmp(&iso_pi(sk)->src, src))
741 continue;
742
743 sock_hold(sk);
744 break;
745 }
746
747 read_unlock(&iso_sk_list.lock);
748
749 return sk;
750 }
751
iso_sock_destruct(struct sock * sk)752 static void iso_sock_destruct(struct sock *sk)
753 {
754 BT_DBG("sk %p", sk);
755
756 iso_conn_put(iso_pi(sk)->conn);
757
758 skb_queue_purge(&sk->sk_receive_queue);
759 skb_queue_purge(&sk->sk_write_queue);
760 skb_queue_purge(&sk->sk_error_queue);
761 }
762
iso_sock_cleanup_listen(struct sock * parent)763 static void iso_sock_cleanup_listen(struct sock *parent)
764 {
765 struct sock *sk;
766
767 BT_DBG("parent %p", parent);
768
769 /* Close not yet accepted channels */
770 while ((sk = bt_accept_dequeue(parent, NULL))) {
771 iso_sock_close(sk);
772 iso_sock_kill(sk);
773 /* Drop the reference handed back by bt_accept_dequeue(). */
774 sock_put(sk);
775 }
776
777 /* If listening socket has a hcon, properly disconnect it */
778 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) {
779 iso_sock_disconn(parent);
780 return;
781 }
782
783 parent->sk_state = BT_CLOSED;
784 sock_set_flag(parent, SOCK_ZAPPED);
785 }
786
787 /* Kill socket (only if zapped and orphan)
788 * Must be called on unlocked socket.
789 */
iso_sock_kill(struct sock * sk)790 static void iso_sock_kill(struct sock *sk)
791 {
792 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
793 sock_flag(sk, SOCK_DEAD))
794 return;
795
796 BT_DBG("sk %p state %d", sk, sk->sk_state);
797
798 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
799 if (iso_pi(sk)->conn) {
800 iso_conn_lock(iso_pi(sk)->conn);
801 iso_pi(sk)->conn->sk = NULL;
802 iso_conn_unlock(iso_pi(sk)->conn);
803 }
804
805 /* Kill poor orphan */
806 bt_sock_unlink(&iso_sk_list, sk);
807 sock_set_flag(sk, SOCK_DEAD);
808 sock_put(sk);
809 }
810
iso_sock_disconn(struct sock * sk)811 static void iso_sock_disconn(struct sock *sk)
812 {
813 struct sock *bis_sk;
814 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
815
816 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
817 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
818 &iso_pi(sk)->dst,
819 iso_pi(sk)->qos.bcast.big);
820
821 /* If there are any other connected sockets for the
822 * same BIG, just delete the sk and leave the bis
823 * hcon active, in case later rebinding is needed.
824 */
825 if (bis_sk) {
826 hcon->state = BT_OPEN;
827 hcon->iso_data = NULL;
828 iso_pi(sk)->conn->hcon = NULL;
829 iso_sock_clear_timer(sk);
830 iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
831 sock_put(bis_sk);
832 return;
833 }
834 }
835
836 sk->sk_state = BT_DISCONN;
837 iso_conn_lock(iso_pi(sk)->conn);
838 hci_conn_drop(iso_pi(sk)->conn->hcon);
839 iso_pi(sk)->conn->hcon = NULL;
840 iso_conn_unlock(iso_pi(sk)->conn);
841 }
842
__iso_sock_close(struct sock * sk)843 static void __iso_sock_close(struct sock *sk)
844 {
845 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
846
847 switch (sk->sk_state) {
848 case BT_LISTEN:
849 iso_sock_cleanup_listen(sk);
850 break;
851
852 case BT_CONNECT:
853 case BT_CONNECTED:
854 case BT_CONFIG:
855 if (iso_pi(sk)->conn->hcon)
856 iso_sock_disconn(sk);
857 else
858 iso_chan_del(sk, ECONNRESET);
859 break;
860
861 case BT_CONNECT2:
862 if (iso_pi(sk)->conn->hcon &&
863 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
864 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
865 iso_sock_disconn(sk);
866 else
867 iso_chan_del(sk, ECONNRESET);
868 break;
869 case BT_DISCONN:
870 iso_chan_del(sk, ECONNRESET);
871 break;
872
873 default:
874 sock_set_flag(sk, SOCK_ZAPPED);
875 break;
876 }
877 }
878
879 /* Must be called on unlocked socket. */
iso_sock_close(struct sock * sk)880 static void iso_sock_close(struct sock *sk)
881 {
882 lock_sock(sk);
883 iso_sock_clear_timer(sk);
884 __iso_sock_close(sk);
885 release_sock(sk);
886 iso_sock_kill(sk);
887 }
888
iso_sock_init(struct sock * sk,struct sock * parent)889 static void iso_sock_init(struct sock *sk, struct sock *parent)
890 {
891 BT_DBG("sk %p", sk);
892
893 if (parent) {
894 sk->sk_type = parent->sk_type;
895 bt_sk(sk)->flags = bt_sk(parent)->flags;
896 security_sk_clone(parent, sk);
897 }
898 }
899
900 static struct proto iso_proto = {
901 .name = "ISO",
902 .owner = THIS_MODULE,
903 .obj_size = sizeof(struct iso_pinfo)
904 };
905
906 #define DEFAULT_IO_QOS \
907 { \
908 .interval = 10000u, \
909 .latency = 10u, \
910 .sdu = 40u, \
911 .phys = BT_ISO_PHY_2M, \
912 .rtn = 2u, \
913 }
914
915 static struct bt_iso_qos default_qos = {
916 .bcast = {
917 .big = BT_ISO_QOS_BIG_UNSET,
918 .bis = BT_ISO_QOS_BIS_UNSET,
919 .sync_factor = 0x01,
920 .packing = 0x00,
921 .framing = 0x00,
922 .in = DEFAULT_IO_QOS,
923 .out = DEFAULT_IO_QOS,
924 .encryption = 0x00,
925 .bcode = {0x00},
926 .options = 0x00,
927 .skip = 0x0000,
928 .sync_timeout = BT_ISO_SYNC_TIMEOUT,
929 .sync_cte_type = 0x00,
930 .mse = 0x00,
931 .timeout = BT_ISO_SYNC_TIMEOUT,
932 },
933 };
934
iso_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio,int kern)935 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
936 int proto, gfp_t prio, int kern)
937 {
938 struct sock *sk;
939
940 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
941 if (!sk)
942 return NULL;
943
944 sk->sk_destruct = iso_sock_destruct;
945 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
946
947 /* Set address type as public as default src address is BDADDR_ANY */
948 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
949
950 iso_pi(sk)->qos = default_qos;
951 iso_pi(sk)->sync_handle = -1;
952
953 bt_sock_link(&iso_sk_list, sk);
954 return sk;
955 }
956
iso_sock_create(struct net * net,struct socket * sock,int protocol,int kern)957 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
958 int kern)
959 {
960 struct sock *sk;
961
962 BT_DBG("sock %p", sock);
963
964 sock->state = SS_UNCONNECTED;
965
966 if (sock->type != SOCK_SEQPACKET)
967 return -ESOCKTNOSUPPORT;
968
969 sock->ops = &iso_sock_ops;
970
971 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
972 if (!sk)
973 return -ENOMEM;
974
975 iso_sock_init(sk, NULL);
976 return 0;
977 }
978
iso_sock_bind_bc(struct socket * sock,struct sockaddr_unsized * addr,int addr_len)979 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr_unsized *addr,
980 int addr_len)
981 {
982 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
983 struct sock *sk = sock->sk;
984 int i;
985
986 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
987 sa->iso_bc->bc_num_bis);
988
989 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
990 return -EINVAL;
991
992 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
993
994 /* Check if the address type is of LE type */
995 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
996 return -EINVAL;
997
998 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
999
1000 if (sa->iso_bc->bc_sid > 0x0f && sa->iso_bc->bc_sid != HCI_SID_INVALID)
1001 return -EINVAL;
1002
1003 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
1004
1005 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
1006 return -EINVAL;
1007
1008 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
1009
1010 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
1011 if (sa->iso_bc->bc_bis[i] < 0x01 ||
1012 sa->iso_bc->bc_bis[i] > 0x1f)
1013 return -EINVAL;
1014
1015 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
1016 iso_pi(sk)->bc_num_bis);
1017
1018 return 0;
1019 }
1020
1021 /* Must be called on the locked socket. */
iso_sock_rebind_bis(struct sock * sk,struct sockaddr_iso * sa,int addr_len)1022 static int iso_sock_rebind_bis(struct sock *sk, struct sockaddr_iso *sa,
1023 int addr_len)
1024 {
1025 int err = 0;
1026
1027 if (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
1028 return -EBADFD;
1029
1030 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
1031 err = -EINVAL;
1032 goto done;
1033 }
1034
1035 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
1036
1037 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
1038 if (sa->iso_bc->bc_bis[i] < 0x01 ||
1039 sa->iso_bc->bc_bis[i] > 0x1f) {
1040 err = -EINVAL;
1041 goto done;
1042 }
1043
1044 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
1045 iso_pi(sk)->bc_num_bis);
1046
1047 done:
1048 return err;
1049 }
1050
iso_conn_get_hdev(struct iso_conn * conn)1051 static struct hci_dev *iso_conn_get_hdev(struct iso_conn *conn)
1052 {
1053 struct hci_dev *hdev = NULL;
1054
1055 iso_conn_lock(conn);
1056 if (conn->hcon)
1057 hdev = hci_dev_hold(conn->hcon->hdev);
1058 iso_conn_unlock(conn);
1059
1060 return hdev;
1061 }
1062
1063 /* Must be called on the locked socket. */
iso_sock_rebind_bc(struct sock * sk,struct sockaddr_iso * sa,int addr_len)1064 static int iso_sock_rebind_bc(struct sock *sk, struct sockaddr_iso *sa,
1065 int addr_len)
1066 {
1067 struct hci_dev *hdev;
1068 struct hci_conn *bis;
1069 int err;
1070
1071 if (sk->sk_type != SOCK_SEQPACKET || !iso_pi(sk)->conn)
1072 return -EINVAL;
1073
1074 /* Check if it is really a Broadcast address being requested */
1075 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
1076 return -EINVAL;
1077
1078 /* Check if the address hasn't changed then perhaps only the number of
1079 * bis has changed.
1080 */
1081 if (!bacmp(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr) ||
1082 !bacmp(&sa->iso_bc->bc_bdaddr, BDADDR_ANY))
1083 return iso_sock_rebind_bis(sk, sa, addr_len);
1084
1085 /* Check if the address type is of LE type */
1086 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
1087 return -EINVAL;
1088
1089 hdev = iso_conn_get_hdev(iso_pi(sk)->conn);
1090 if (!hdev)
1091 return -EINVAL;
1092
1093 bis = iso_pi(sk)->conn->hcon;
1094
1095 /* Release the socket before lookups since that requires hci_dev_lock
1096 * which shall not be acquired while holding sock_lock for proper
1097 * ordering.
1098 */
1099 release_sock(sk);
1100 hci_dev_lock(hdev);
1101 lock_sock(sk);
1102
1103 if (!iso_pi(sk)->conn || iso_pi(sk)->conn->hcon != bis) {
1104 /* raced with iso_conn_del() or iso_disconn_sock() */
1105 err = -ENOTCONN;
1106 goto unlock;
1107 }
1108
1109 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bc->bc_bdaddr,
1110 sa->iso_bc->bc_bdaddr_type);
1111
1112 err = hci_past_bis(bis, &sa->iso_bc->bc_bdaddr,
1113 le_addr_type(sa->iso_bc->bc_bdaddr_type));
1114
1115 unlock:
1116 hci_dev_unlock(hdev);
1117 hci_dev_put(hdev);
1118
1119 return err;
1120 }
1121
iso_sock_bind(struct socket * sock,struct sockaddr_unsized * addr,int addr_len)1122 static int iso_sock_bind(struct socket *sock, struct sockaddr_unsized *addr,
1123 int addr_len)
1124 {
1125 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1126 struct sock *sk = sock->sk;
1127 int err = 0;
1128
1129 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
1130
1131 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
1132 addr->sa_family != AF_BLUETOOTH)
1133 return -EINVAL;
1134
1135 lock_sock(sk);
1136
1137 if ((sk->sk_state == BT_CONNECT2 || sk->sk_state == BT_CONNECTED) &&
1138 addr_len > sizeof(*sa)) {
1139 /* Allow the user to rebind to a different address using
1140 * PAST procedures.
1141 */
1142 err = iso_sock_rebind_bc(sk, sa, addr_len);
1143 goto done;
1144 }
1145
1146 if (sk->sk_state != BT_OPEN) {
1147 err = -EBADFD;
1148 goto done;
1149 }
1150
1151 if (sk->sk_type != SOCK_SEQPACKET) {
1152 err = -EINVAL;
1153 goto done;
1154 }
1155
1156 /* Check if the address type is of LE type */
1157 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
1158 err = -EINVAL;
1159 goto done;
1160 }
1161
1162 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
1163 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
1164
1165 /* Check for Broadcast address */
1166 if (addr_len > sizeof(*sa)) {
1167 err = iso_sock_bind_bc(sock, addr, addr_len);
1168 if (err)
1169 goto done;
1170 }
1171
1172 sk->sk_state = BT_BOUND;
1173
1174 done:
1175 release_sock(sk);
1176 return err;
1177 }
1178
iso_sock_connect(struct socket * sock,struct sockaddr_unsized * addr,int alen,int flags)1179 static int iso_sock_connect(struct socket *sock, struct sockaddr_unsized *addr,
1180 int alen, int flags)
1181 {
1182 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1183 struct sock *sk = sock->sk;
1184 int err;
1185
1186 BT_DBG("sk %p", sk);
1187
1188 if (alen < sizeof(struct sockaddr_iso) ||
1189 addr->sa_family != AF_BLUETOOTH)
1190 return -EINVAL;
1191
1192 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1193 return -EBADFD;
1194
1195 if (sk->sk_type != SOCK_SEQPACKET)
1196 return -EINVAL;
1197
1198 /* Check if the address type is of LE type */
1199 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1200 return -EINVAL;
1201
1202 lock_sock(sk);
1203
1204 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1205 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1206
1207 release_sock(sk);
1208
1209 if (bacmp(&sa->iso_bdaddr, BDADDR_ANY))
1210 err = iso_connect_cis(sk);
1211 else
1212 err = iso_connect_bis(sk);
1213
1214 if (err)
1215 return err;
1216
1217 lock_sock(sk);
1218
1219 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1220 err = bt_sock_wait_state(sk, BT_CONNECTED,
1221 sock_sndtimeo(sk, flags & O_NONBLOCK));
1222 }
1223
1224 release_sock(sk);
1225 return err;
1226 }
1227
iso_listen_bis(struct sock * sk)1228 static int iso_listen_bis(struct sock *sk)
1229 {
1230 struct iso_conn *conn;
1231 struct hci_conn *hcon;
1232 struct hci_dev *hdev;
1233 bdaddr_t src, dst;
1234 u8 src_type, bc_sid;
1235 int err = 0;
1236
1237 lock_sock(sk);
1238 bacpy(&src, &iso_pi(sk)->src);
1239 bacpy(&dst, &iso_pi(sk)->dst);
1240 src_type = iso_pi(sk)->src_type;
1241 bc_sid = iso_pi(sk)->bc_sid;
1242 release_sock(sk);
1243
1244 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &src, &dst, bc_sid);
1245
1246 write_lock(&iso_sk_list.lock);
1247
1248 if (__iso_get_sock_listen_by_sid(&src, &dst, bc_sid))
1249 err = -EADDRINUSE;
1250
1251 write_unlock(&iso_sk_list.lock);
1252
1253 if (err)
1254 return err;
1255
1256 hdev = hci_get_route(&dst, &src, src_type);
1257 if (!hdev)
1258 return -EHOSTUNREACH;
1259
1260 hci_dev_lock(hdev);
1261 lock_sock(sk);
1262
1263 /* Fail if user set invalid QoS */
1264 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1265 iso_pi(sk)->qos = default_qos;
1266 err = -EINVAL;
1267 goto unlock;
1268 }
1269
1270 hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1271 le_addr_type(iso_pi(sk)->dst_type),
1272 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1273 if (IS_ERR(hcon)) {
1274 err = PTR_ERR(hcon);
1275 goto unlock;
1276 }
1277
1278 conn = iso_conn_add(hcon);
1279 if (!conn) {
1280 hci_conn_drop(hcon);
1281 err = -ENOMEM;
1282 goto unlock;
1283 }
1284
1285 err = iso_chan_add(conn, sk, NULL);
1286 if (err) {
1287 hci_conn_drop(hcon);
1288 goto unlock;
1289 }
1290
1291 unlock:
1292 release_sock(sk);
1293 hci_dev_unlock(hdev);
1294 hci_dev_put(hdev);
1295 return err;
1296 }
1297
iso_listen_cis(struct sock * sk)1298 static int iso_listen_cis(struct sock *sk)
1299 {
1300 int err = 0;
1301
1302 BT_DBG("%pMR", &iso_pi(sk)->src);
1303
1304 write_lock(&iso_sk_list.lock);
1305
1306 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1307 err = -EADDRINUSE;
1308
1309 write_unlock(&iso_sk_list.lock);
1310
1311 return err;
1312 }
1313
iso_sock_listen(struct socket * sock,int backlog)1314 static int iso_sock_listen(struct socket *sock, int backlog)
1315 {
1316 struct sock *sk = sock->sk;
1317 int err = 0;
1318
1319 BT_DBG("sk %p backlog %d", sk, backlog);
1320
1321 sock_hold(sk);
1322 lock_sock(sk);
1323
1324 if (sk->sk_state != BT_BOUND) {
1325 err = -EBADFD;
1326 goto done;
1327 }
1328
1329 if (sk->sk_type != SOCK_SEQPACKET) {
1330 err = -EINVAL;
1331 goto done;
1332 }
1333
1334 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1335 err = iso_listen_cis(sk);
1336 } else {
1337 /* Drop sock lock to avoid potential
1338 * deadlock with the hdev lock.
1339 */
1340 release_sock(sk);
1341 err = iso_listen_bis(sk);
1342 lock_sock(sk);
1343 }
1344
1345 if (err)
1346 goto done;
1347
1348 sk->sk_max_ack_backlog = backlog;
1349 sk->sk_ack_backlog = 0;
1350
1351 sk->sk_state = BT_LISTEN;
1352
1353 done:
1354 release_sock(sk);
1355 sock_put(sk);
1356 return err;
1357 }
1358
iso_sock_accept(struct socket * sock,struct socket * newsock,struct proto_accept_arg * arg)1359 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1360 struct proto_accept_arg *arg)
1361 {
1362 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1363 struct sock *sk = sock->sk, *ch;
1364 long timeo;
1365 int err = 0;
1366
1367 /* Use explicit nested locking to avoid lockdep warnings generated
1368 * because the parent socket and the child socket are locked on the
1369 * same thread.
1370 */
1371 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1372
1373 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
1374
1375 BT_DBG("sk %p timeo %ld", sk, timeo);
1376
1377 /* Wait for an incoming connection. (wake-one). */
1378 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1379 while (1) {
1380 if (sk->sk_state != BT_LISTEN) {
1381 err = -EBADFD;
1382 break;
1383 }
1384
1385 ch = bt_accept_dequeue(sk, newsock);
1386 if (ch) {
1387 /* Drop the bridging ref from bt_accept_dequeue();
1388 * the grafted socket keeps ch alive from here.
1389 */
1390 sock_put(ch);
1391 break;
1392 }
1393
1394 if (!timeo) {
1395 err = -EAGAIN;
1396 break;
1397 }
1398
1399 if (signal_pending(current)) {
1400 err = sock_intr_errno(timeo);
1401 break;
1402 }
1403
1404 release_sock(sk);
1405
1406 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1407 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1408 }
1409 remove_wait_queue(sk_sleep(sk), &wait);
1410
1411 if (err)
1412 goto done;
1413
1414 newsock->state = SS_CONNECTED;
1415
1416 BT_DBG("new socket %p", ch);
1417
1418 /* A Broadcast Sink might require BIG sync to be terminated
1419 * and re-established multiple times, while keeping the same
1420 * PA sync handle active. To allow this, once all BIS
1421 * connections have been accepted on a PA sync parent socket,
1422 * "reset" socket state, to allow future BIG re-sync procedures.
1423 */
1424 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1425 /* Iterate through the list of bound BIS indices
1426 * and clear each BIS as they are accepted by the
1427 * user space, one by one.
1428 */
1429 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
1430 if (iso_pi(sk)->bc_bis[i] > 0) {
1431 iso_pi(sk)->bc_bis[i] = 0;
1432 iso_pi(sk)->bc_num_bis--;
1433 break;
1434 }
1435 }
1436
1437 if (iso_pi(sk)->bc_num_bis == 0) {
1438 /* Once the last BIS was accepted, reset parent
1439 * socket parameters to mark that the listening
1440 * process for BIS connections has been completed:
1441 *
1442 * 1. Reset the DEFER setup flag on the parent sk.
1443 * 2. Clear the flag marking that the BIG create
1444 * sync command is pending.
1445 * 3. Transition socket state from BT_LISTEN to
1446 * BT_CONNECTED.
1447 */
1448 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1449 clear_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags);
1450 sk->sk_state = BT_CONNECTED;
1451 }
1452 }
1453
1454 done:
1455 release_sock(sk);
1456 return err;
1457 }
1458
iso_sock_getname(struct socket * sock,struct sockaddr * addr,int peer)1459 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1460 int peer)
1461 {
1462 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1463 struct sock *sk = sock->sk;
1464 int len = sizeof(struct sockaddr_iso);
1465
1466 BT_DBG("sock %p, sk %p", sock, sk);
1467
1468 addr->sa_family = AF_BLUETOOTH;
1469
1470 if (peer) {
1471 struct hci_conn *hcon = iso_pi(sk)->conn ?
1472 iso_pi(sk)->conn->hcon : NULL;
1473
1474 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1475 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1476
1477 if (hcon && (hcon->type == BIS_LINK || hcon->type == PA_LINK)) {
1478 sa->iso_bc->bc_sid = iso_pi(sk)->bc_sid;
1479 sa->iso_bc->bc_num_bis = iso_pi(sk)->bc_num_bis;
1480 memcpy(sa->iso_bc->bc_bis, iso_pi(sk)->bc_bis,
1481 ISO_MAX_NUM_BIS);
1482 len += sizeof(struct sockaddr_iso_bc);
1483 }
1484 } else {
1485 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1486 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1487 }
1488
1489 return len;
1490 }
1491
iso_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1492 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1493 size_t len)
1494 {
1495 struct sock *sk = sock->sk;
1496 struct sk_buff *skb, **frag;
1497 struct sockcm_cookie sockc;
1498 size_t mtu;
1499 int err;
1500
1501 BT_DBG("sock %p, sk %p", sock, sk);
1502
1503 err = sock_error(sk);
1504 if (err)
1505 return err;
1506
1507 if (msg->msg_flags & MSG_OOB)
1508 return -EOPNOTSUPP;
1509
1510 hci_sockcm_init(&sockc, sk);
1511
1512 if (msg->msg_controllen) {
1513 err = sock_cmsg_send(sk, msg, &sockc);
1514 if (err)
1515 return err;
1516 }
1517
1518 lock_sock(sk);
1519
1520 if (sk->sk_state != BT_CONNECTED) {
1521 release_sock(sk);
1522 return -ENOTCONN;
1523 }
1524
1525 mtu = iso_pi(sk)->conn->hcon->mtu;
1526
1527 release_sock(sk);
1528
1529 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1530 if (IS_ERR(skb))
1531 return PTR_ERR(skb);
1532
1533 len -= skb->len;
1534
1535 BT_DBG("skb %p len %d", sk, skb->len);
1536
1537 /* Continuation fragments */
1538 frag = &skb_shinfo(skb)->frag_list;
1539 while (len) {
1540 struct sk_buff *tmp;
1541
1542 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1543 if (IS_ERR(tmp)) {
1544 kfree_skb(skb);
1545 return PTR_ERR(tmp);
1546 }
1547
1548 *frag = tmp;
1549
1550 len -= tmp->len;
1551
1552 skb->len += tmp->len;
1553 skb->data_len += tmp->len;
1554
1555 BT_DBG("frag %p len %d", *frag, tmp->len);
1556
1557 frag = &(*frag)->next;
1558 }
1559
1560 lock_sock(sk);
1561
1562 if (sk->sk_state == BT_CONNECTED)
1563 err = iso_send_frame(sk, skb, &sockc);
1564 else
1565 err = -ENOTCONN;
1566
1567 release_sock(sk);
1568
1569 if (err < 0)
1570 kfree_skb(skb);
1571 return err;
1572 }
1573
iso_conn_defer_accept(struct hci_conn * conn)1574 static void iso_conn_defer_accept(struct hci_conn *conn)
1575 {
1576 struct hci_cp_le_accept_cis cp;
1577 struct hci_dev *hdev = conn->hdev;
1578
1579 BT_DBG("conn %p", conn);
1580
1581 conn->state = BT_CONFIG;
1582
1583 cp.handle = cpu_to_le16(conn->handle);
1584
1585 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1586 }
1587
iso_conn_big_sync(struct sock * sk)1588 static void iso_conn_big_sync(struct sock *sk)
1589 {
1590 int err;
1591 struct hci_dev *hdev;
1592 bdaddr_t src, dst;
1593 u8 src_type;
1594
1595 lock_sock(sk);
1596 bacpy(&src, &iso_pi(sk)->src);
1597 bacpy(&dst, &iso_pi(sk)->dst);
1598 src_type = iso_pi(sk)->src_type;
1599 release_sock(sk);
1600
1601 hdev = hci_get_route(&dst, &src, src_type);
1602
1603 if (!hdev)
1604 return;
1605
1606 /* hci_le_big_create_sync requires hdev lock to be held, since
1607 * it enqueues the HCI LE BIG Create Sync command via
1608 * hci_cmd_sync_queue_once, which checks hdev flags that might
1609 * change.
1610 */
1611 hci_dev_lock(hdev);
1612 lock_sock(sk);
1613
1614 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1615 err = hci_conn_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1616 &iso_pi(sk)->qos,
1617 iso_pi(sk)->sync_handle,
1618 iso_pi(sk)->bc_num_bis,
1619 iso_pi(sk)->bc_bis);
1620 if (err)
1621 bt_dev_err(hdev, "hci_big_create_sync: %d", err);
1622 }
1623
1624 release_sock(sk);
1625 hci_dev_unlock(hdev);
1626 hci_dev_put(hdev);
1627 }
1628
iso_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)1629 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1630 size_t len, int flags)
1631 {
1632 struct sock *sk = sock->sk;
1633 struct iso_pinfo *pi = iso_pi(sk);
1634 bool early_ret = false;
1635 int err = 0;
1636
1637 BT_DBG("sk %p", sk);
1638
1639 if (unlikely(flags & MSG_ERRQUEUE))
1640 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
1641 BT_SCM_ERROR);
1642
1643 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1644 sock_hold(sk);
1645 lock_sock(sk);
1646
1647 switch (sk->sk_state) {
1648 case BT_CONNECT2:
1649 if (test_bit(BT_SK_PA_SYNC, &pi->flags)) {
1650 release_sock(sk);
1651 iso_conn_big_sync(sk);
1652 lock_sock(sk);
1653
1654 sk->sk_state = BT_LISTEN;
1655 } else {
1656 iso_conn_defer_accept(pi->conn->hcon);
1657 sk->sk_state = BT_CONFIG;
1658 }
1659
1660 early_ret = true;
1661 break;
1662 case BT_CONNECTED:
1663 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1664 release_sock(sk);
1665 iso_conn_big_sync(sk);
1666 lock_sock(sk);
1667
1668 sk->sk_state = BT_LISTEN;
1669 early_ret = true;
1670 }
1671
1672 break;
1673 case BT_CONNECT:
1674 release_sock(sk);
1675 err = iso_connect_cis(sk);
1676 lock_sock(sk);
1677
1678 early_ret = true;
1679 break;
1680 default:
1681 break;
1682 }
1683
1684 release_sock(sk);
1685 sock_put(sk);
1686
1687 if (early_ret)
1688 return err;
1689 }
1690
1691 return bt_sock_recvmsg(sock, msg, len, flags);
1692 }
1693
check_io_qos(struct bt_iso_io_qos * qos)1694 static bool check_io_qos(struct bt_iso_io_qos *qos)
1695 {
1696 /* If no PHY is enable SDU must be 0 */
1697 if (!qos->phys && qos->sdu)
1698 return false;
1699
1700 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1701 return false;
1702
1703 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1704 return false;
1705
1706 if (qos->phys > BT_ISO_PHY_ANY)
1707 return false;
1708
1709 return true;
1710 }
1711
check_ucast_qos(struct bt_iso_qos * qos)1712 static bool check_ucast_qos(struct bt_iso_qos *qos)
1713 {
1714 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1715 return false;
1716
1717 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1718 return false;
1719
1720 if (qos->ucast.sca > 0x07)
1721 return false;
1722
1723 if (qos->ucast.packing > 0x01)
1724 return false;
1725
1726 if (qos->ucast.framing > 0x01)
1727 return false;
1728
1729 if (!check_io_qos(&qos->ucast.in))
1730 return false;
1731
1732 if (!check_io_qos(&qos->ucast.out))
1733 return false;
1734
1735 return true;
1736 }
1737
check_bcast_qos(struct bt_iso_qos * qos)1738 static bool check_bcast_qos(struct bt_iso_qos *qos)
1739 {
1740 if (!qos->bcast.sync_factor)
1741 qos->bcast.sync_factor = 0x01;
1742
1743 if (qos->bcast.packing > 0x01)
1744 return false;
1745
1746 if (qos->bcast.framing > 0x01)
1747 return false;
1748
1749 if (!check_io_qos(&qos->bcast.in))
1750 return false;
1751
1752 if (!check_io_qos(&qos->bcast.out))
1753 return false;
1754
1755 if (qos->bcast.encryption > 0x01)
1756 return false;
1757
1758 if (qos->bcast.options > 0x07)
1759 return false;
1760
1761 if (qos->bcast.skip > 0x01f3)
1762 return false;
1763
1764 if (!qos->bcast.sync_timeout)
1765 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1766
1767 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1768 return false;
1769
1770 if (qos->bcast.sync_cte_type > 0x1f)
1771 return false;
1772
1773 if (qos->bcast.mse > 0x1f)
1774 return false;
1775
1776 if (!qos->bcast.timeout)
1777 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1778
1779 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1780 return false;
1781
1782 return true;
1783 }
1784
iso_sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)1785 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1786 sockptr_t optval, unsigned int optlen)
1787 {
1788 struct sock *sk = sock->sk;
1789 int err = 0;
1790 struct bt_iso_qos qos = default_qos;
1791 u32 opt;
1792
1793 BT_DBG("sk %p", sk);
1794
1795 lock_sock(sk);
1796
1797 switch (optname) {
1798 case BT_DEFER_SETUP:
1799 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1800 err = -EINVAL;
1801 break;
1802 }
1803
1804 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1805 if (err)
1806 break;
1807
1808 if (opt)
1809 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1810 else
1811 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1812 break;
1813
1814 case BT_PKT_STATUS:
1815 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1816 if (err)
1817 break;
1818
1819 if (opt)
1820 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1821 else
1822 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1823 break;
1824
1825 case BT_PKT_SEQNUM:
1826 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1827 if (err)
1828 break;
1829
1830 if (opt)
1831 set_bit(BT_SK_PKT_SEQNUM, &bt_sk(sk)->flags);
1832 else
1833 clear_bit(BT_SK_PKT_SEQNUM, &bt_sk(sk)->flags);
1834 break;
1835
1836 case BT_ISO_QOS:
1837 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1838 sk->sk_state != BT_CONNECT2 &&
1839 (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags) ||
1840 sk->sk_state != BT_CONNECTED)) {
1841 err = -EINVAL;
1842 break;
1843 }
1844
1845 err = copy_safe_from_sockptr(&qos, sizeof(qos), optval, optlen);
1846 if (err)
1847 break;
1848
1849 iso_pi(sk)->qos = qos;
1850 iso_pi(sk)->qos_user_set = true;
1851
1852 break;
1853
1854 case BT_ISO_BASE:
1855 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1856 sk->sk_state != BT_CONNECT2) {
1857 err = -EINVAL;
1858 break;
1859 }
1860
1861 if (optlen > sizeof(iso_pi(sk)->base)) {
1862 err = -EINVAL;
1863 break;
1864 }
1865
1866 err = copy_safe_from_sockptr(iso_pi(sk)->base, optlen, optval,
1867 optlen);
1868 if (err)
1869 break;
1870
1871 iso_pi(sk)->base_len = optlen;
1872
1873 break;
1874
1875 default:
1876 err = -ENOPROTOOPT;
1877 break;
1878 }
1879
1880 release_sock(sk);
1881 return err;
1882 }
1883
iso_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)1884 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1885 char __user *optval, int __user *optlen)
1886 {
1887 struct sock *sk = sock->sk;
1888 int len, err = 0;
1889 struct bt_iso_qos *qos;
1890 u8 base_len;
1891 u8 *base;
1892
1893 BT_DBG("sk %p", sk);
1894
1895 if (get_user(len, optlen))
1896 return -EFAULT;
1897
1898 lock_sock(sk);
1899
1900 switch (optname) {
1901 case BT_DEFER_SETUP:
1902 if (sk->sk_state == BT_CONNECTED) {
1903 err = -EINVAL;
1904 break;
1905 }
1906
1907 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1908 (u32 __user *)optval))
1909 err = -EFAULT;
1910
1911 break;
1912
1913 case BT_PKT_STATUS:
1914 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1915 (int __user *)optval))
1916 err = -EFAULT;
1917 break;
1918
1919 case BT_ISO_QOS:
1920 qos = iso_sock_get_qos(sk);
1921
1922 len = min_t(unsigned int, len, sizeof(*qos));
1923 if (copy_to_user(optval, qos, len))
1924 err = -EFAULT;
1925
1926 break;
1927
1928 case BT_ISO_BASE:
1929 if (sk->sk_state == BT_CONNECTED &&
1930 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1931 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1932 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1933 } else {
1934 base_len = iso_pi(sk)->base_len;
1935 base = iso_pi(sk)->base;
1936 }
1937
1938 len = min_t(unsigned int, len, base_len);
1939 if (copy_to_user(optval, base, len))
1940 err = -EFAULT;
1941 if (put_user(len, optlen))
1942 err = -EFAULT;
1943
1944 break;
1945
1946 default:
1947 err = -ENOPROTOOPT;
1948 break;
1949 }
1950
1951 release_sock(sk);
1952 return err;
1953 }
1954
iso_sock_shutdown(struct socket * sock,int how)1955 static int iso_sock_shutdown(struct socket *sock, int how)
1956 {
1957 struct sock *sk = sock->sk;
1958 int err = 0;
1959
1960 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1961
1962 if (!sk)
1963 return 0;
1964
1965 sock_hold(sk);
1966 lock_sock(sk);
1967
1968 switch (how) {
1969 case SHUT_RD:
1970 if (sk->sk_shutdown & RCV_SHUTDOWN)
1971 goto unlock;
1972 sk->sk_shutdown |= RCV_SHUTDOWN;
1973 break;
1974 case SHUT_WR:
1975 if (sk->sk_shutdown & SEND_SHUTDOWN)
1976 goto unlock;
1977 sk->sk_shutdown |= SEND_SHUTDOWN;
1978 break;
1979 case SHUT_RDWR:
1980 if (sk->sk_shutdown & SHUTDOWN_MASK)
1981 goto unlock;
1982 sk->sk_shutdown |= SHUTDOWN_MASK;
1983 break;
1984 }
1985
1986 iso_sock_clear_timer(sk);
1987 __iso_sock_close(sk);
1988
1989 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1990 !(current->flags & PF_EXITING))
1991 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1992
1993 unlock:
1994 release_sock(sk);
1995 sock_put(sk);
1996
1997 return err;
1998 }
1999
iso_sock_release(struct socket * sock)2000 static int iso_sock_release(struct socket *sock)
2001 {
2002 struct sock *sk = sock->sk;
2003 int err = 0;
2004
2005 BT_DBG("sock %p, sk %p", sock, sk);
2006
2007 if (!sk)
2008 return 0;
2009
2010 iso_sock_close(sk);
2011
2012 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
2013 !(current->flags & PF_EXITING)) {
2014 lock_sock(sk);
2015 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
2016 release_sock(sk);
2017 }
2018
2019 sock_orphan(sk);
2020 iso_sock_kill(sk);
2021 return err;
2022 }
2023
iso_sock_ready(struct sock * sk)2024 static void iso_sock_ready(struct sock *sk)
2025 {
2026 BT_DBG("sk %p", sk);
2027
2028 if (!sk)
2029 return;
2030
2031 lock_sock(sk);
2032 iso_sock_clear_timer(sk);
2033 sk->sk_state = BT_CONNECTED;
2034 sk->sk_state_change(sk);
2035 release_sock(sk);
2036 }
2037
iso_match_big(struct sock * sk,void * data)2038 static bool iso_match_big(struct sock *sk, void *data)
2039 {
2040 struct hci_evt_le_big_sync_established *ev = data;
2041
2042 return ev->handle == iso_pi(sk)->qos.bcast.big;
2043 }
2044
iso_match_big_hcon(struct sock * sk,void * data)2045 static bool iso_match_big_hcon(struct sock *sk, void *data)
2046 {
2047 struct hci_conn *hcon = data;
2048
2049 return hcon->iso_qos.bcast.big == iso_pi(sk)->qos.bcast.big;
2050 }
2051
iso_match_pa_sync_flag(struct sock * sk,void * data)2052 static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
2053 {
2054 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
2055 }
2056
iso_match_dst(struct sock * sk,void * data)2057 static bool iso_match_dst(struct sock *sk, void *data)
2058 {
2059 return !bacmp(&iso_pi(sk)->dst, (bdaddr_t *)data);
2060 }
2061
iso_conn_ready(struct iso_conn * conn)2062 static void iso_conn_ready(struct iso_conn *conn)
2063 {
2064 struct sock *parent = NULL;
2065 struct sock *sk = conn->sk;
2066 struct hci_ev_le_big_sync_established *ev = NULL;
2067 struct hci_ev_le_pa_sync_established *ev2 = NULL;
2068 struct hci_ev_le_per_adv_report *ev3 = NULL;
2069 struct hci_conn *hcon;
2070 struct hci_dev *hdev;
2071
2072 BT_DBG("conn %p", conn);
2073
2074 if (sk) {
2075 /* Attempt to update source address in case of BIS Sender if
2076 * the advertisement is using a random address.
2077 */
2078 if (conn->hcon->type == BIS_LINK &&
2079 conn->hcon->role == HCI_ROLE_MASTER &&
2080 !bacmp(&conn->hcon->dst, BDADDR_ANY)) {
2081 struct hci_conn *bis = conn->hcon;
2082 struct adv_info *adv;
2083
2084 adv = hci_find_adv_instance(bis->hdev,
2085 bis->iso_qos.bcast.bis);
2086 if (adv && bacmp(&adv->random_addr, BDADDR_ANY)) {
2087 lock_sock(sk);
2088 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
2089 bacpy(&iso_pi(sk)->src, &adv->random_addr);
2090 release_sock(sk);
2091 }
2092 }
2093
2094 iso_sock_ready(conn->sk);
2095 } else {
2096 hcon = conn->hcon;
2097 if (!hcon)
2098 return;
2099
2100 hdev = hcon->hdev;
2101
2102 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags)) {
2103 /* A BIS slave hcon is notified to the ISO layer
2104 * after the Command Complete for the LE Setup
2105 * ISO Data Path command is received. Get the
2106 * parent socket that matches the hcon BIG handle.
2107 */
2108 parent = iso_get_sock(hdev, &hcon->src, &hcon->dst,
2109 BT_LISTEN, iso_match_big_hcon,
2110 hcon);
2111 } else if (test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
2112 ev = hci_recv_event_data(hcon->hdev,
2113 HCI_EVT_LE_BIG_SYNC_ESTABLISHED);
2114
2115 /* Get reference to PA sync parent socket, if it exists */
2116 parent = iso_get_sock(hdev, &hcon->src, &hcon->dst,
2117 BT_LISTEN,
2118 iso_match_pa_sync_flag,
2119 NULL);
2120 if (!parent && ev)
2121 parent = iso_get_sock(hdev, &hcon->src,
2122 &hcon->dst,
2123 BT_LISTEN,
2124 iso_match_big, ev);
2125 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2126 ev2 = hci_recv_event_data(hcon->hdev,
2127 HCI_EV_LE_PA_SYNC_ESTABLISHED);
2128 if (ev2)
2129 parent = iso_get_sock(hdev, &hcon->src,
2130 &hcon->dst,
2131 BT_LISTEN,
2132 iso_match_sid, ev2);
2133 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
2134 ev3 = hci_recv_event_data(hcon->hdev,
2135 HCI_EV_LE_PER_ADV_REPORT);
2136 if (ev3)
2137 parent = iso_get_sock(hdev, &hcon->src,
2138 &hcon->dst,
2139 BT_LISTEN,
2140 iso_match_sync_handle_pa_report,
2141 ev3);
2142 }
2143
2144 if (!parent)
2145 parent = iso_get_sock(hdev, &hcon->src, BDADDR_ANY,
2146 BT_LISTEN, iso_match_dst, BDADDR_ANY);
2147
2148 if (!parent)
2149 return;
2150
2151 lock_sock(parent);
2152
2153 sk = iso_sock_alloc(sock_net(parent), NULL,
2154 BTPROTO_ISO, GFP_ATOMIC, 0);
2155 if (!sk) {
2156 release_sock(parent);
2157 return;
2158 }
2159
2160 iso_sock_init(sk, parent);
2161
2162 bacpy(&iso_pi(sk)->src, &hcon->src);
2163
2164 /* Convert from HCI to three-value type */
2165 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
2166 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
2167 else
2168 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
2169
2170 /* If hcon has no destination address (BDADDR_ANY) it means it
2171 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
2172 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
2173 * the parent socket destination address.
2174 */
2175 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
2176 bacpy(&hcon->dst, &iso_pi(parent)->dst);
2177 hcon->dst_type = le_addr_type(iso_pi(parent)->dst_type);
2178 }
2179
2180 if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
2181 iso_pi(sk)->qos = iso_pi(parent)->qos;
2182 hcon->iso_qos = iso_pi(sk)->qos;
2183 iso_pi(sk)->bc_sid = iso_pi(parent)->bc_sid;
2184 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
2185 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis,
2186 ISO_MAX_NUM_BIS);
2187 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
2188 }
2189
2190 bacpy(&iso_pi(sk)->dst, &hcon->dst);
2191
2192 /* Convert from HCI to three-value type */
2193 if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
2194 iso_pi(sk)->dst_type = BDADDR_LE_PUBLIC;
2195 else
2196 iso_pi(sk)->dst_type = BDADDR_LE_RANDOM;
2197
2198 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
2199 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
2200 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
2201
2202 hci_conn_hold(hcon);
2203 iso_chan_add(conn, sk, parent);
2204
2205 if ((ev && ((struct hci_evt_le_big_sync_established *)ev)->status) ||
2206 (ev2 && ev2->status)) {
2207 /* Trigger error signal on child socket */
2208 sk->sk_err = ECONNREFUSED;
2209 sk->sk_error_report(sk);
2210 }
2211
2212 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
2213 sk->sk_state = BT_CONNECT2;
2214 else
2215 sk->sk_state = BT_CONNECTED;
2216
2217 /* Wake up parent */
2218 parent->sk_data_ready(parent);
2219
2220 release_sock(parent);
2221 sock_put(parent);
2222 }
2223 }
2224
iso_match_sid(struct sock * sk,void * data)2225 static bool iso_match_sid(struct sock *sk, void *data)
2226 {
2227 struct hci_ev_le_pa_sync_established *ev = data;
2228
2229 if (iso_pi(sk)->bc_sid == HCI_SID_INVALID)
2230 return true;
2231
2232 return ev->sid == iso_pi(sk)->bc_sid;
2233 }
2234
iso_match_sid_past(struct sock * sk,void * data)2235 static bool iso_match_sid_past(struct sock *sk, void *data)
2236 {
2237 struct hci_ev_le_past_received *ev = data;
2238
2239 if (iso_pi(sk)->bc_sid == HCI_SID_INVALID)
2240 return true;
2241
2242 return ev->sid == iso_pi(sk)->bc_sid;
2243 }
2244
iso_match_sync_handle(struct sock * sk,void * data)2245 static bool iso_match_sync_handle(struct sock *sk, void *data)
2246 {
2247 struct hci_evt_le_big_info_adv_report *ev = data;
2248
2249 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
2250 }
2251
iso_match_sync_handle_pa_report(struct sock * sk,void * data)2252 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
2253 {
2254 struct hci_ev_le_per_adv_report *ev = data;
2255
2256 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
2257 }
2258
2259 /* ----- ISO interface with lower layer (HCI) ----- */
2260
iso_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)2261 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
2262 {
2263 struct hci_ev_le_pa_sync_established *ev1;
2264 struct hci_ev_le_past_received *ev1a;
2265 struct hci_evt_le_big_info_adv_report *ev2;
2266 struct hci_ev_le_per_adv_report *ev3;
2267 struct sock *sk;
2268
2269 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
2270
2271 /* Broadcast receiver requires handling of some events before it can
2272 * proceed to establishing a BIG sync:
2273 *
2274 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
2275 * SID to listen to and once sync is established its handle needs to
2276 * be stored in iso_pi(sk)->sync_handle so it can be matched once
2277 * receiving the BIG Info.
2278 * 1a. HCI_EV_LE_PAST_RECEIVED: alternative to 1.
2279 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
2280 * a BIG Info it attempts to check if there any listening socket with
2281 * the same sync_handle and if it does then attempt to create a sync.
2282 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
2283 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
2284 * broadcast sink.
2285 */
2286 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
2287 if (ev1) {
2288 sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN,
2289 iso_match_sid, ev1);
2290 if (sk && !ev1->status) {
2291 lock_sock(sk);
2292 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
2293 iso_pi(sk)->bc_sid = ev1->sid;
2294 release_sock(sk);
2295 }
2296
2297 goto done;
2298 }
2299
2300 ev1a = hci_recv_event_data(hdev, HCI_EV_LE_PAST_RECEIVED);
2301 if (ev1a) {
2302 sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN,
2303 iso_match_sid_past, ev1a);
2304 if (sk && !ev1a->status) {
2305 lock_sock(sk);
2306 iso_pi(sk)->sync_handle = le16_to_cpu(ev1a->sync_handle);
2307 iso_pi(sk)->bc_sid = ev1a->sid;
2308 release_sock(sk);
2309 }
2310
2311 goto done;
2312 }
2313
2314 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
2315 if (ev2) {
2316 /* Check if BIGInfo report has already been handled */
2317 sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_CONNECTED,
2318 iso_match_sync_handle, ev2);
2319 if (sk) {
2320 sock_put(sk);
2321 sk = NULL;
2322 goto done;
2323 }
2324
2325 /* Try to get PA sync socket, if it exists */
2326 sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_CONNECT2,
2327 iso_match_sync_handle, ev2);
2328 if (!sk)
2329 sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr,
2330 BT_LISTEN,
2331 iso_match_sync_handle,
2332 ev2);
2333
2334 if (sk) {
2335 int err = 0;
2336 bool big_sync;
2337 struct hci_conn *hcon;
2338
2339 lock_sock(sk);
2340
2341 hcon = iso_pi(sk)->conn->hcon;
2342 iso_pi(sk)->qos.bcast.encryption = ev2->encryption;
2343
2344 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
2345 iso_pi(sk)->bc_num_bis = ev2->num_bis;
2346
2347 big_sync = !test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
2348 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags);
2349
2350 if (big_sync)
2351 err = hci_conn_big_create_sync(hdev, hcon,
2352 &iso_pi(sk)->qos,
2353 iso_pi(sk)->sync_handle,
2354 iso_pi(sk)->bc_num_bis,
2355 iso_pi(sk)->bc_bis);
2356
2357 release_sock(sk);
2358
2359 if (big_sync && err) {
2360 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
2361 err);
2362 sock_put(sk);
2363 sk = NULL;
2364 }
2365 }
2366
2367 goto done;
2368 }
2369
2370 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
2371 if (ev3) {
2372 size_t base_len = 0;
2373 u8 *base;
2374 struct hci_conn *hcon;
2375
2376 sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN,
2377 iso_match_sync_handle_pa_report, ev3);
2378 if (!sk)
2379 goto done;
2380
2381 hcon = iso_pi(sk)->conn->hcon;
2382 if (!hcon)
2383 goto done;
2384
2385 if (ev3->data_status == LE_PA_DATA_TRUNCATED) {
2386 /* The controller was unable to retrieve PA data. */
2387 memset(hcon->le_per_adv_data, 0,
2388 HCI_MAX_PER_AD_TOT_LEN);
2389 hcon->le_per_adv_data_len = 0;
2390 hcon->le_per_adv_data_offset = 0;
2391 goto done;
2392 }
2393
2394 if (hcon->le_per_adv_data_offset + ev3->length >
2395 HCI_MAX_PER_AD_TOT_LEN)
2396 goto done;
2397
2398 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset,
2399 ev3->data, ev3->length);
2400 hcon->le_per_adv_data_offset += ev3->length;
2401
2402 if (ev3->data_status == LE_PA_DATA_COMPLETE) {
2403 /* All PA data has been received. */
2404 hcon->le_per_adv_data_len =
2405 hcon->le_per_adv_data_offset;
2406 hcon->le_per_adv_data_offset = 0;
2407
2408 /* Extract BASE */
2409 base = eir_get_service_data(hcon->le_per_adv_data,
2410 hcon->le_per_adv_data_len,
2411 EIR_BAA_SERVICE_UUID,
2412 &base_len);
2413
2414 if (!base || base_len > BASE_MAX_LENGTH)
2415 goto done;
2416
2417 lock_sock(sk);
2418 memcpy(iso_pi(sk)->base, base, base_len);
2419 iso_pi(sk)->base_len = base_len;
2420 release_sock(sk);
2421 } else {
2422 /* This is a PA data fragment. Keep pa_data_len set to 0
2423 * until all data has been reassembled.
2424 */
2425 hcon->le_per_adv_data_len = 0;
2426 }
2427 } else {
2428 sk = iso_get_sock(hdev, &hdev->bdaddr, BDADDR_ANY,
2429 BT_LISTEN, iso_match_dst, BDADDR_ANY);
2430 }
2431
2432 done:
2433 if (!sk)
2434 return 0;
2435
2436 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
2437 *flags |= HCI_PROTO_DEFER;
2438
2439 sock_put(sk);
2440
2441 return HCI_LM_ACCEPT;
2442 }
2443
iso_connect_cfm(struct hci_conn * hcon,__u8 status)2444 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
2445 {
2446 if (hcon->type != CIS_LINK && hcon->type != BIS_LINK &&
2447 hcon->type != PA_LINK) {
2448 if (hcon->type != LE_LINK)
2449 return;
2450
2451 /* Check if LE link has failed */
2452 if (status) {
2453 struct hci_link *link, *t;
2454
2455 list_for_each_entry_safe(link, t, &hcon->link_list,
2456 list)
2457 iso_conn_del(link->conn, bt_to_errno(status));
2458
2459 return;
2460 }
2461
2462 /* Create CIS if pending */
2463 hci_le_create_cis_pending(hcon->hdev);
2464 return;
2465 }
2466
2467 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2468
2469 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2470 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2471 * into the accept queue of the listening socket and wake up
2472 * userspace, to inform the user about the event.
2473 */
2474 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2475 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2476 struct iso_conn *conn;
2477
2478 conn = iso_conn_add(hcon);
2479 if (conn)
2480 iso_conn_ready(conn);
2481 } else {
2482 iso_conn_del(hcon, bt_to_errno(status));
2483 }
2484 }
2485
iso_disconn_cfm(struct hci_conn * hcon,__u8 reason)2486 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2487 {
2488 if (hcon->type != CIS_LINK && hcon->type != BIS_LINK &&
2489 hcon->type != PA_LINK)
2490 return;
2491
2492 BT_DBG("hcon %p reason %d", hcon, reason);
2493
2494 iso_conn_del(hcon, bt_to_errno(reason));
2495 }
2496
iso_recv(struct hci_dev * hdev,u16 handle,struct sk_buff * skb,u16 flags)2497 int iso_recv(struct hci_dev *hdev, u16 handle, struct sk_buff *skb, u16 flags)
2498 {
2499 struct hci_conn *hcon;
2500 struct iso_conn *conn;
2501 struct skb_shared_hwtstamps *hwts;
2502 __u16 pb, ts, len, sn;
2503
2504 hci_dev_lock(hdev);
2505
2506 hcon = hci_conn_hash_lookup_handle(hdev, handle);
2507 if (!hcon) {
2508 hci_dev_unlock(hdev);
2509 kfree_skb(skb);
2510 return -ENOENT;
2511 }
2512
2513 conn = iso_conn_hold_unless_zero(hcon->iso_data);
2514 hcon = NULL;
2515
2516 hci_dev_unlock(hdev);
2517
2518 if (!conn) {
2519 kfree_skb(skb);
2520 return -EINVAL;
2521 }
2522
2523 pb = hci_iso_flags_pb(flags);
2524 ts = hci_iso_flags_ts(flags);
2525
2526 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2527
2528 switch (pb) {
2529 case ISO_START:
2530 case ISO_SINGLE:
2531 if (conn->rx_len) {
2532 BT_ERR("Unexpected start frame (len %d)", skb->len);
2533 kfree_skb(conn->rx_skb);
2534 conn->rx_skb = NULL;
2535 conn->rx_len = 0;
2536 }
2537
2538 if (ts) {
2539 struct hci_iso_ts_data_hdr *hdr;
2540
2541 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2542 if (!hdr) {
2543 BT_ERR("Frame is too short (len %d)", skb->len);
2544 goto drop;
2545 }
2546
2547 /* Record the timestamp to skb */
2548 hwts = skb_hwtstamps(skb);
2549 hwts->hwtstamp = us_to_ktime(le32_to_cpu(hdr->ts));
2550
2551 sn = __le16_to_cpu(hdr->sn);
2552 len = __le16_to_cpu(hdr->slen);
2553 } else {
2554 struct hci_iso_data_hdr *hdr;
2555
2556 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2557 if (!hdr) {
2558 BT_ERR("Frame is too short (len %d)", skb->len);
2559 goto drop;
2560 }
2561
2562 sn = __le16_to_cpu(hdr->sn);
2563 len = __le16_to_cpu(hdr->slen);
2564 }
2565
2566 flags = hci_iso_data_flags(len);
2567 len = hci_iso_data_len(len);
2568
2569 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x sn %d",
2570 len, skb->len, flags, sn);
2571
2572 if (len == skb->len) {
2573 /* Complete frame received */
2574 hci_skb_pkt_status(skb) = flags & 0x03;
2575 hci_skb_pkt_seqnum(skb) = sn;
2576 iso_recv_frame(conn, skb);
2577 goto done;
2578 }
2579
2580 if (pb == ISO_SINGLE) {
2581 BT_ERR("Frame malformed (len %d, expected len %d)",
2582 skb->len, len);
2583 goto drop;
2584 }
2585
2586 if (skb->len > len) {
2587 BT_ERR("Frame is too long (len %d, expected len %d)",
2588 skb->len, len);
2589 goto drop;
2590 }
2591
2592 /* Allocate skb for the complete frame (with header) */
2593 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2594 if (!conn->rx_skb)
2595 goto drop;
2596
2597 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2598 hci_skb_pkt_seqnum(conn->rx_skb) = sn;
2599 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2600 skb->len);
2601 conn->rx_len = len - skb->len;
2602
2603 /* Copy hw timestamp from skb to rx_skb if present */
2604 if (ts) {
2605 hwts = skb_hwtstamps(conn->rx_skb);
2606 hwts->hwtstamp = skb_hwtstamps(skb)->hwtstamp;
2607 }
2608
2609 break;
2610
2611 case ISO_CONT:
2612 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2613 conn->rx_len);
2614
2615 if (!conn->rx_len) {
2616 BT_ERR("Unexpected continuation frame (len %d)",
2617 skb->len);
2618 goto drop;
2619 }
2620
2621 if (skb->len > conn->rx_len) {
2622 BT_ERR("Fragment is too long (len %d, expected %d)",
2623 skb->len, conn->rx_len);
2624 kfree_skb(conn->rx_skb);
2625 conn->rx_skb = NULL;
2626 conn->rx_len = 0;
2627 goto drop;
2628 }
2629
2630 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2631 skb->len);
2632 conn->rx_len -= skb->len;
2633 break;
2634
2635 case ISO_END:
2636 if (!conn->rx_len) {
2637 BT_ERR("Unexpected end frame (len %d)", skb->len);
2638 goto drop;
2639 }
2640
2641 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2642 skb->len);
2643 conn->rx_len -= skb->len;
2644
2645 if (!conn->rx_len) {
2646 struct sk_buff *rx_skb = conn->rx_skb;
2647
2648 /* Complete frame received. iso_recv_frame
2649 * takes ownership of the skb so set the global
2650 * rx_skb pointer to NULL first.
2651 */
2652 conn->rx_skb = NULL;
2653 iso_recv_frame(conn, rx_skb);
2654 }
2655 break;
2656 }
2657
2658 drop:
2659 kfree_skb(skb);
2660 done:
2661 iso_conn_put(conn);
2662 return 0;
2663 }
2664
2665 static struct hci_cb iso_cb = {
2666 .name = "ISO",
2667 .connect_cfm = iso_connect_cfm,
2668 .disconn_cfm = iso_disconn_cfm,
2669 };
2670
iso_debugfs_show(struct seq_file * f,void * p)2671 static int iso_debugfs_show(struct seq_file *f, void *p)
2672 {
2673 struct sock *sk;
2674
2675 read_lock(&iso_sk_list.lock);
2676
2677 sk_for_each(sk, &iso_sk_list.head) {
2678 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2679 &iso_pi(sk)->dst, sk->sk_state);
2680 }
2681
2682 read_unlock(&iso_sk_list.lock);
2683
2684 return 0;
2685 }
2686
2687 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2688
2689 static struct dentry *iso_debugfs;
2690
2691 static const struct proto_ops iso_sock_ops = {
2692 .family = PF_BLUETOOTH,
2693 .owner = THIS_MODULE,
2694 .release = iso_sock_release,
2695 .bind = iso_sock_bind,
2696 .connect = iso_sock_connect,
2697 .listen = iso_sock_listen,
2698 .accept = iso_sock_accept,
2699 .getname = iso_sock_getname,
2700 .sendmsg = iso_sock_sendmsg,
2701 .recvmsg = iso_sock_recvmsg,
2702 .poll = bt_sock_poll,
2703 .ioctl = bt_sock_ioctl,
2704 .mmap = sock_no_mmap,
2705 .socketpair = sock_no_socketpair,
2706 .shutdown = iso_sock_shutdown,
2707 .setsockopt = iso_sock_setsockopt,
2708 .getsockopt = iso_sock_getsockopt
2709 };
2710
2711 static const struct net_proto_family iso_sock_family_ops = {
2712 .family = PF_BLUETOOTH,
2713 .owner = THIS_MODULE,
2714 .create = iso_sock_create,
2715 };
2716
2717 static bool inited;
2718
iso_inited(void)2719 bool iso_inited(void)
2720 {
2721 return inited;
2722 }
2723
iso_init(void)2724 int iso_init(void)
2725 {
2726 int err;
2727
2728 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2729
2730 if (inited)
2731 return -EALREADY;
2732
2733 err = proto_register(&iso_proto, 0);
2734 if (err < 0)
2735 return err;
2736
2737 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2738 if (err < 0) {
2739 BT_ERR("ISO socket registration failed");
2740 goto error;
2741 }
2742
2743 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2744 if (err < 0) {
2745 BT_ERR("Failed to create ISO proc file");
2746 bt_sock_unregister(BTPROTO_ISO);
2747 goto error;
2748 }
2749
2750 BT_INFO("ISO socket layer initialized");
2751
2752 hci_register_cb(&iso_cb);
2753
2754 if (!IS_ERR_OR_NULL(bt_debugfs))
2755 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2756 NULL, &iso_debugfs_fops);
2757
2758 inited = true;
2759
2760 return 0;
2761
2762 error:
2763 proto_unregister(&iso_proto);
2764 return err;
2765 }
2766
iso_exit(void)2767 int iso_exit(void)
2768 {
2769 if (!inited)
2770 return -EALREADY;
2771
2772 bt_procfs_cleanup(&init_net, "iso");
2773
2774 debugfs_remove(iso_debugfs);
2775 iso_debugfs = NULL;
2776
2777 hci_unregister_cb(&iso_cb);
2778
2779 bt_sock_unregister(BTPROTO_ISO);
2780
2781 proto_unregister(&iso_proto);
2782
2783 inited = false;
2784
2785 return 0;
2786 }
2787