1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 #define EIR_SERVICE_DATA_LENGTH 4 48 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 49 50 struct iso_pinfo { 51 struct bt_sock bt; 52 bdaddr_t src; 53 __u8 src_type; 54 bdaddr_t dst; 55 __u8 dst_type; 56 __u8 bc_sid; 57 __u8 bc_num_bis; 58 __u8 bc_bis[ISO_MAX_NUM_BIS]; 59 __u16 sync_handle; 60 __u32 flags; 61 struct bt_iso_qos qos; 62 __u8 base_len; 63 __u8 base[BASE_MAX_LENGTH]; 64 struct iso_conn *conn; 65 }; 66 67 /* ---- ISO timers ---- */ 68 #define ISO_CONN_TIMEOUT (HZ * 40) 69 #define ISO_DISCONN_TIMEOUT (HZ * 2) 70 71 static void iso_sock_timeout(struct work_struct *work) 72 { 73 struct iso_conn *conn = container_of(work, struct iso_conn, 74 timeout_work.work); 75 struct sock *sk; 76 77 iso_conn_lock(conn); 78 sk = conn->sk; 79 if (sk) 80 sock_hold(sk); 81 iso_conn_unlock(conn); 82 83 if (!sk) 84 return; 85 86 BT_DBG("sock %p state %d", sk, sk->sk_state); 87 88 lock_sock(sk); 89 sk->sk_err = ETIMEDOUT; 90 sk->sk_state_change(sk); 91 release_sock(sk); 92 sock_put(sk); 93 } 94 95 static void iso_sock_set_timer(struct sock *sk, long timeout) 96 { 97 if (!iso_pi(sk)->conn) 98 return; 99 100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 103 } 104 105 static void iso_sock_clear_timer(struct sock *sk) 106 { 107 if (!iso_pi(sk)->conn) 108 return; 109 110 BT_DBG("sock %p state %d", sk, sk->sk_state); 111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 112 } 113 114 /* ---- ISO connections ---- */ 115 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 116 { 117 struct iso_conn *conn = hcon->iso_data; 118 119 if (conn) 120 return conn; 121 122 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 123 if (!conn) 124 return NULL; 125 126 spin_lock_init(&conn->lock); 127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 128 129 hcon->iso_data = conn; 130 conn->hcon = hcon; 131 conn->tx_sn = 0; 132 133 BT_DBG("hcon %p conn %p", hcon, conn); 134 135 return conn; 136 } 137 138 /* Delete channel. Must be called on the locked socket. */ 139 static void iso_chan_del(struct sock *sk, int err) 140 { 141 struct iso_conn *conn; 142 struct sock *parent; 143 144 conn = iso_pi(sk)->conn; 145 146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 147 148 if (conn) { 149 iso_conn_lock(conn); 150 conn->sk = NULL; 151 iso_pi(sk)->conn = NULL; 152 iso_conn_unlock(conn); 153 154 if (conn->hcon) 155 hci_conn_drop(conn->hcon); 156 } 157 158 sk->sk_state = BT_CLOSED; 159 sk->sk_err = err; 160 161 parent = bt_sk(sk)->parent; 162 if (parent) { 163 bt_accept_unlink(sk); 164 parent->sk_data_ready(parent); 165 } else { 166 sk->sk_state_change(sk); 167 } 168 169 sock_set_flag(sk, SOCK_ZAPPED); 170 } 171 172 static void iso_conn_del(struct hci_conn *hcon, int err) 173 { 174 struct iso_conn *conn = hcon->iso_data; 175 struct sock *sk; 176 177 if (!conn) 178 return; 179 180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 181 182 /* Kill socket */ 183 iso_conn_lock(conn); 184 sk = conn->sk; 185 if (sk) 186 sock_hold(sk); 187 iso_conn_unlock(conn); 188 189 if (sk) { 190 lock_sock(sk); 191 iso_sock_clear_timer(sk); 192 iso_chan_del(sk, err); 193 release_sock(sk); 194 sock_put(sk); 195 } 196 197 /* Ensure no more work items will run before freeing conn. */ 198 cancel_delayed_work_sync(&conn->timeout_work); 199 200 hcon->iso_data = NULL; 201 kfree(conn); 202 } 203 204 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 205 struct sock *parent) 206 { 207 BT_DBG("conn %p", conn); 208 209 if (iso_pi(sk)->conn == conn && conn->sk == sk) 210 return 0; 211 212 if (conn->sk) { 213 BT_ERR("conn->sk already set"); 214 return -EBUSY; 215 } 216 217 iso_pi(sk)->conn = conn; 218 conn->sk = sk; 219 220 if (parent) 221 bt_accept_enqueue(parent, sk, true); 222 223 return 0; 224 } 225 226 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 227 struct sock *parent) 228 { 229 int err; 230 231 iso_conn_lock(conn); 232 err = __iso_chan_add(conn, sk, parent); 233 iso_conn_unlock(conn); 234 235 return err; 236 } 237 238 static inline u8 le_addr_type(u8 bdaddr_type) 239 { 240 if (bdaddr_type == BDADDR_LE_PUBLIC) 241 return ADDR_LE_DEV_PUBLIC; 242 else 243 return ADDR_LE_DEV_RANDOM; 244 } 245 246 static int iso_connect_bis(struct sock *sk) 247 { 248 struct iso_conn *conn; 249 struct hci_conn *hcon; 250 struct hci_dev *hdev; 251 int err; 252 253 BT_DBG("%pMR", &iso_pi(sk)->src); 254 255 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 256 iso_pi(sk)->src_type); 257 if (!hdev) 258 return -EHOSTUNREACH; 259 260 hci_dev_lock(hdev); 261 262 if (!bis_capable(hdev)) { 263 err = -EOPNOTSUPP; 264 goto unlock; 265 } 266 267 /* Fail if out PHYs are marked as disabled */ 268 if (!iso_pi(sk)->qos.out.phy) { 269 err = -EINVAL; 270 goto unlock; 271 } 272 273 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 274 le_addr_type(iso_pi(sk)->dst_type), 275 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 276 iso_pi(sk)->base); 277 if (IS_ERR(hcon)) { 278 err = PTR_ERR(hcon); 279 goto unlock; 280 } 281 282 conn = iso_conn_add(hcon); 283 if (!conn) { 284 hci_conn_drop(hcon); 285 err = -ENOMEM; 286 goto unlock; 287 } 288 289 hci_dev_unlock(hdev); 290 hci_dev_put(hdev); 291 292 lock_sock(sk); 293 294 /* Update source addr of the socket */ 295 bacpy(&iso_pi(sk)->src, &hcon->src); 296 297 err = iso_chan_add(conn, sk, NULL); 298 if (err) 299 goto release; 300 301 if (hcon->state == BT_CONNECTED) { 302 iso_sock_clear_timer(sk); 303 sk->sk_state = BT_CONNECTED; 304 } else { 305 sk->sk_state = BT_CONNECT; 306 iso_sock_set_timer(sk, sk->sk_sndtimeo); 307 } 308 309 release: 310 release_sock(sk); 311 return err; 312 313 unlock: 314 hci_dev_unlock(hdev); 315 hci_dev_put(hdev); 316 return err; 317 } 318 319 static int iso_connect_cis(struct sock *sk) 320 { 321 struct iso_conn *conn; 322 struct hci_conn *hcon; 323 struct hci_dev *hdev; 324 int err; 325 326 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 327 328 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 329 iso_pi(sk)->src_type); 330 if (!hdev) 331 return -EHOSTUNREACH; 332 333 hci_dev_lock(hdev); 334 335 if (!cis_central_capable(hdev)) { 336 err = -EOPNOTSUPP; 337 goto unlock; 338 } 339 340 /* Fail if either PHYs are marked as disabled */ 341 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 342 err = -EINVAL; 343 goto unlock; 344 } 345 346 /* Just bind if DEFER_SETUP has been set */ 347 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 348 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 349 le_addr_type(iso_pi(sk)->dst_type), 350 &iso_pi(sk)->qos); 351 if (IS_ERR(hcon)) { 352 err = PTR_ERR(hcon); 353 goto unlock; 354 } 355 } else { 356 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 357 le_addr_type(iso_pi(sk)->dst_type), 358 &iso_pi(sk)->qos); 359 if (IS_ERR(hcon)) { 360 err = PTR_ERR(hcon); 361 goto unlock; 362 } 363 } 364 365 conn = iso_conn_add(hcon); 366 if (!conn) { 367 hci_conn_drop(hcon); 368 err = -ENOMEM; 369 goto unlock; 370 } 371 372 hci_dev_unlock(hdev); 373 hci_dev_put(hdev); 374 375 lock_sock(sk); 376 377 /* Update source addr of the socket */ 378 bacpy(&iso_pi(sk)->src, &hcon->src); 379 380 err = iso_chan_add(conn, sk, NULL); 381 if (err) 382 goto release; 383 384 if (hcon->state == BT_CONNECTED) { 385 iso_sock_clear_timer(sk); 386 sk->sk_state = BT_CONNECTED; 387 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 388 iso_sock_clear_timer(sk); 389 sk->sk_state = BT_CONNECT; 390 } else { 391 sk->sk_state = BT_CONNECT; 392 iso_sock_set_timer(sk, sk->sk_sndtimeo); 393 } 394 395 release: 396 release_sock(sk); 397 return err; 398 399 unlock: 400 hci_dev_unlock(hdev); 401 hci_dev_put(hdev); 402 return err; 403 } 404 405 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 406 { 407 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 408 return &iso_pi(sk)->conn->hcon->iso_qos; 409 410 return &iso_pi(sk)->qos; 411 } 412 413 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 414 { 415 struct iso_conn *conn = iso_pi(sk)->conn; 416 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 417 struct hci_iso_data_hdr *hdr; 418 int len = 0; 419 420 BT_DBG("sk %p len %d", sk, skb->len); 421 422 if (skb->len > qos->out.sdu) 423 return -EMSGSIZE; 424 425 len = skb->len; 426 427 /* Push ISO data header */ 428 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 429 hdr->sn = cpu_to_le16(conn->tx_sn++); 430 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 431 HCI_ISO_STATUS_VALID)); 432 433 if (sk->sk_state == BT_CONNECTED) 434 hci_send_iso(conn->hcon, skb); 435 else 436 len = -ENOTCONN; 437 438 return len; 439 } 440 441 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 442 { 443 struct sock *sk; 444 445 iso_conn_lock(conn); 446 sk = conn->sk; 447 iso_conn_unlock(conn); 448 449 if (!sk) 450 goto drop; 451 452 BT_DBG("sk %p len %d", sk, skb->len); 453 454 if (sk->sk_state != BT_CONNECTED) 455 goto drop; 456 457 if (!sock_queue_rcv_skb(sk, skb)) 458 return; 459 460 drop: 461 kfree_skb(skb); 462 } 463 464 /* -------- Socket interface ---------- */ 465 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 466 { 467 struct sock *sk; 468 469 sk_for_each(sk, &iso_sk_list.head) { 470 if (sk->sk_state != BT_LISTEN) 471 continue; 472 473 if (!bacmp(&iso_pi(sk)->src, ba)) 474 return sk; 475 } 476 477 return NULL; 478 } 479 480 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 481 __u8 sid) 482 { 483 struct sock *sk; 484 485 sk_for_each(sk, &iso_sk_list.head) { 486 if (sk->sk_state != BT_LISTEN) 487 continue; 488 489 if (bacmp(&iso_pi(sk)->src, ba)) 490 continue; 491 492 if (bacmp(&iso_pi(sk)->dst, bc)) 493 continue; 494 495 if (iso_pi(sk)->bc_sid == sid) 496 return sk; 497 } 498 499 return NULL; 500 } 501 502 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 503 504 /* Find socket listening: 505 * source bdaddr (Unicast) 506 * destination bdaddr (Broadcast only) 507 * match func - pass NULL to ignore 508 * match func data - pass -1 to ignore 509 * Returns closest match. 510 */ 511 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 512 iso_sock_match_t match, void *data) 513 { 514 struct sock *sk = NULL, *sk1 = NULL; 515 516 read_lock(&iso_sk_list.lock); 517 518 sk_for_each(sk, &iso_sk_list.head) { 519 if (sk->sk_state != BT_LISTEN) 520 continue; 521 522 /* Match Broadcast destination */ 523 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 524 continue; 525 526 /* Use Match function if provided */ 527 if (match && !match(sk, data)) 528 continue; 529 530 /* Exact match. */ 531 if (!bacmp(&iso_pi(sk)->src, src)) 532 break; 533 534 /* Closest match */ 535 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 536 sk1 = sk; 537 } 538 539 read_unlock(&iso_sk_list.lock); 540 541 return sk ? sk : sk1; 542 } 543 544 static void iso_sock_destruct(struct sock *sk) 545 { 546 BT_DBG("sk %p", sk); 547 548 skb_queue_purge(&sk->sk_receive_queue); 549 skb_queue_purge(&sk->sk_write_queue); 550 } 551 552 static void iso_sock_cleanup_listen(struct sock *parent) 553 { 554 struct sock *sk; 555 556 BT_DBG("parent %p", parent); 557 558 /* Close not yet accepted channels */ 559 while ((sk = bt_accept_dequeue(parent, NULL))) { 560 iso_sock_close(sk); 561 iso_sock_kill(sk); 562 } 563 564 parent->sk_state = BT_CLOSED; 565 sock_set_flag(parent, SOCK_ZAPPED); 566 } 567 568 /* Kill socket (only if zapped and orphan) 569 * Must be called on unlocked socket. 570 */ 571 static void iso_sock_kill(struct sock *sk) 572 { 573 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 574 sock_flag(sk, SOCK_DEAD)) 575 return; 576 577 BT_DBG("sk %p state %d", sk, sk->sk_state); 578 579 /* Kill poor orphan */ 580 bt_sock_unlink(&iso_sk_list, sk); 581 sock_set_flag(sk, SOCK_DEAD); 582 sock_put(sk); 583 } 584 585 static void iso_conn_defer_reject(struct hci_conn *conn) 586 { 587 struct hci_cp_le_reject_cis cp; 588 589 BT_DBG("conn %p", conn); 590 591 memset(&cp, 0, sizeof(cp)); 592 cp.handle = cpu_to_le16(conn->handle); 593 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 594 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 595 } 596 597 static void __iso_sock_close(struct sock *sk) 598 { 599 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 600 601 switch (sk->sk_state) { 602 case BT_LISTEN: 603 iso_sock_cleanup_listen(sk); 604 break; 605 606 case BT_CONNECTED: 607 case BT_CONFIG: 608 if (iso_pi(sk)->conn->hcon) { 609 sk->sk_state = BT_DISCONN; 610 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 611 iso_conn_lock(iso_pi(sk)->conn); 612 hci_conn_drop(iso_pi(sk)->conn->hcon); 613 iso_pi(sk)->conn->hcon = NULL; 614 iso_conn_unlock(iso_pi(sk)->conn); 615 } else { 616 iso_chan_del(sk, ECONNRESET); 617 } 618 break; 619 620 case BT_CONNECT2: 621 if (iso_pi(sk)->conn->hcon) 622 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 623 iso_chan_del(sk, ECONNRESET); 624 break; 625 case BT_CONNECT: 626 /* In case of DEFER_SETUP the hcon would be bound to CIG which 627 * needs to be removed so just call hci_conn_del so the cleanup 628 * callback do what is needed. 629 */ 630 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 631 iso_pi(sk)->conn->hcon) { 632 hci_conn_del(iso_pi(sk)->conn->hcon); 633 iso_pi(sk)->conn->hcon = NULL; 634 } 635 636 iso_chan_del(sk, ECONNRESET); 637 break; 638 case BT_DISCONN: 639 iso_chan_del(sk, ECONNRESET); 640 break; 641 642 default: 643 sock_set_flag(sk, SOCK_ZAPPED); 644 break; 645 } 646 } 647 648 /* Must be called on unlocked socket. */ 649 static void iso_sock_close(struct sock *sk) 650 { 651 iso_sock_clear_timer(sk); 652 lock_sock(sk); 653 __iso_sock_close(sk); 654 release_sock(sk); 655 iso_sock_kill(sk); 656 } 657 658 static void iso_sock_init(struct sock *sk, struct sock *parent) 659 { 660 BT_DBG("sk %p", sk); 661 662 if (parent) { 663 sk->sk_type = parent->sk_type; 664 bt_sk(sk)->flags = bt_sk(parent)->flags; 665 security_sk_clone(parent, sk); 666 } 667 } 668 669 static struct proto iso_proto = { 670 .name = "ISO", 671 .owner = THIS_MODULE, 672 .obj_size = sizeof(struct iso_pinfo) 673 }; 674 675 #define DEFAULT_IO_QOS \ 676 { \ 677 .interval = 10000u, \ 678 .latency = 10u, \ 679 .sdu = 40u, \ 680 .phy = BT_ISO_PHY_2M, \ 681 .rtn = 2u, \ 682 } 683 684 static struct bt_iso_qos default_qos = { 685 .cig = BT_ISO_QOS_CIG_UNSET, 686 .cis = BT_ISO_QOS_CIS_UNSET, 687 .sca = 0x00, 688 .packing = 0x00, 689 .framing = 0x00, 690 .in = DEFAULT_IO_QOS, 691 .out = DEFAULT_IO_QOS, 692 }; 693 694 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 695 int proto, gfp_t prio, int kern) 696 { 697 struct sock *sk; 698 699 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 700 if (!sk) 701 return NULL; 702 703 sock_init_data(sock, sk); 704 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 705 706 sk->sk_destruct = iso_sock_destruct; 707 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 708 709 sock_reset_flag(sk, SOCK_ZAPPED); 710 711 sk->sk_protocol = proto; 712 sk->sk_state = BT_OPEN; 713 714 /* Set address type as public as default src address is BDADDR_ANY */ 715 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 716 717 iso_pi(sk)->qos = default_qos; 718 719 bt_sock_link(&iso_sk_list, sk); 720 return sk; 721 } 722 723 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 724 int kern) 725 { 726 struct sock *sk; 727 728 BT_DBG("sock %p", sock); 729 730 sock->state = SS_UNCONNECTED; 731 732 if (sock->type != SOCK_SEQPACKET) 733 return -ESOCKTNOSUPPORT; 734 735 sock->ops = &iso_sock_ops; 736 737 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 738 if (!sk) 739 return -ENOMEM; 740 741 iso_sock_init(sk, NULL); 742 return 0; 743 } 744 745 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 746 int addr_len) 747 { 748 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 749 struct sock *sk = sock->sk; 750 int i; 751 752 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 753 sa->iso_bc->bc_num_bis); 754 755 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 756 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 757 return -EINVAL; 758 759 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 760 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 761 iso_pi(sk)->sync_handle = -1; 762 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 763 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 764 765 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 766 if (sa->iso_bc->bc_bis[i] < 0x01 || 767 sa->iso_bc->bc_bis[i] > 0x1f) 768 return -EINVAL; 769 770 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 771 iso_pi(sk)->bc_num_bis); 772 } 773 774 return 0; 775 } 776 777 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 778 int addr_len) 779 { 780 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 781 struct sock *sk = sock->sk; 782 int err = 0; 783 784 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 785 786 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 787 addr->sa_family != AF_BLUETOOTH) 788 return -EINVAL; 789 790 lock_sock(sk); 791 792 if (sk->sk_state != BT_OPEN) { 793 err = -EBADFD; 794 goto done; 795 } 796 797 if (sk->sk_type != SOCK_SEQPACKET) { 798 err = -EINVAL; 799 goto done; 800 } 801 802 /* Check if the address type is of LE type */ 803 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 804 err = -EINVAL; 805 goto done; 806 } 807 808 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 809 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 810 811 /* Check for Broadcast address */ 812 if (addr_len > sizeof(*sa)) { 813 err = iso_sock_bind_bc(sock, addr, addr_len); 814 if (err) 815 goto done; 816 } 817 818 sk->sk_state = BT_BOUND; 819 820 done: 821 release_sock(sk); 822 return err; 823 } 824 825 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 826 int alen, int flags) 827 { 828 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 829 struct sock *sk = sock->sk; 830 int err; 831 832 BT_DBG("sk %p", sk); 833 834 if (alen < sizeof(struct sockaddr_iso) || 835 addr->sa_family != AF_BLUETOOTH) 836 return -EINVAL; 837 838 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 839 return -EBADFD; 840 841 if (sk->sk_type != SOCK_SEQPACKET) 842 return -EINVAL; 843 844 /* Check if the address type is of LE type */ 845 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 846 return -EINVAL; 847 848 lock_sock(sk); 849 850 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 851 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 852 853 release_sock(sk); 854 855 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 856 err = iso_connect_cis(sk); 857 else 858 err = iso_connect_bis(sk); 859 860 if (err) 861 return err; 862 863 lock_sock(sk); 864 865 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 866 err = bt_sock_wait_state(sk, BT_CONNECTED, 867 sock_sndtimeo(sk, flags & O_NONBLOCK)); 868 } 869 870 release_sock(sk); 871 return err; 872 } 873 874 static int iso_listen_bis(struct sock *sk) 875 { 876 struct hci_dev *hdev; 877 int err = 0; 878 879 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 880 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 881 882 write_lock(&iso_sk_list.lock); 883 884 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 885 iso_pi(sk)->bc_sid)) 886 err = -EADDRINUSE; 887 888 write_unlock(&iso_sk_list.lock); 889 890 if (err) 891 return err; 892 893 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 894 iso_pi(sk)->src_type); 895 if (!hdev) 896 return -EHOSTUNREACH; 897 898 hci_dev_lock(hdev); 899 900 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 901 le_addr_type(iso_pi(sk)->dst_type), 902 iso_pi(sk)->bc_sid); 903 904 hci_dev_unlock(hdev); 905 hci_dev_put(hdev); 906 907 return err; 908 } 909 910 static int iso_listen_cis(struct sock *sk) 911 { 912 int err = 0; 913 914 BT_DBG("%pMR", &iso_pi(sk)->src); 915 916 write_lock(&iso_sk_list.lock); 917 918 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 919 err = -EADDRINUSE; 920 921 write_unlock(&iso_sk_list.lock); 922 923 return err; 924 } 925 926 static int iso_sock_listen(struct socket *sock, int backlog) 927 { 928 struct sock *sk = sock->sk; 929 int err = 0; 930 931 BT_DBG("sk %p backlog %d", sk, backlog); 932 933 lock_sock(sk); 934 935 if (sk->sk_state != BT_BOUND) { 936 err = -EBADFD; 937 goto done; 938 } 939 940 if (sk->sk_type != SOCK_SEQPACKET) { 941 err = -EINVAL; 942 goto done; 943 } 944 945 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 946 err = iso_listen_cis(sk); 947 else 948 err = iso_listen_bis(sk); 949 950 if (err) 951 goto done; 952 953 sk->sk_max_ack_backlog = backlog; 954 sk->sk_ack_backlog = 0; 955 956 sk->sk_state = BT_LISTEN; 957 958 done: 959 release_sock(sk); 960 return err; 961 } 962 963 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 964 int flags, bool kern) 965 { 966 DEFINE_WAIT_FUNC(wait, woken_wake_function); 967 struct sock *sk = sock->sk, *ch; 968 long timeo; 969 int err = 0; 970 971 lock_sock(sk); 972 973 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 974 975 BT_DBG("sk %p timeo %ld", sk, timeo); 976 977 /* Wait for an incoming connection. (wake-one). */ 978 add_wait_queue_exclusive(sk_sleep(sk), &wait); 979 while (1) { 980 if (sk->sk_state != BT_LISTEN) { 981 err = -EBADFD; 982 break; 983 } 984 985 ch = bt_accept_dequeue(sk, newsock); 986 if (ch) 987 break; 988 989 if (!timeo) { 990 err = -EAGAIN; 991 break; 992 } 993 994 if (signal_pending(current)) { 995 err = sock_intr_errno(timeo); 996 break; 997 } 998 999 release_sock(sk); 1000 1001 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1002 lock_sock(sk); 1003 } 1004 remove_wait_queue(sk_sleep(sk), &wait); 1005 1006 if (err) 1007 goto done; 1008 1009 newsock->state = SS_CONNECTED; 1010 1011 BT_DBG("new socket %p", ch); 1012 1013 done: 1014 release_sock(sk); 1015 return err; 1016 } 1017 1018 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1019 int peer) 1020 { 1021 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1022 struct sock *sk = sock->sk; 1023 1024 BT_DBG("sock %p, sk %p", sock, sk); 1025 1026 addr->sa_family = AF_BLUETOOTH; 1027 1028 if (peer) { 1029 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1030 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1031 } else { 1032 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1033 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1034 } 1035 1036 return sizeof(struct sockaddr_iso); 1037 } 1038 1039 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1040 size_t len) 1041 { 1042 struct sock *sk = sock->sk; 1043 struct iso_conn *conn = iso_pi(sk)->conn; 1044 struct sk_buff *skb, **frag; 1045 int err; 1046 1047 BT_DBG("sock %p, sk %p", sock, sk); 1048 1049 err = sock_error(sk); 1050 if (err) 1051 return err; 1052 1053 if (msg->msg_flags & MSG_OOB) 1054 return -EOPNOTSUPP; 1055 1056 if (sk->sk_state != BT_CONNECTED) 1057 return -ENOTCONN; 1058 1059 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1060 HCI_ISO_DATA_HDR_SIZE, 0); 1061 if (IS_ERR(skb)) 1062 return PTR_ERR(skb); 1063 1064 len -= skb->len; 1065 1066 BT_DBG("skb %p len %d", sk, skb->len); 1067 1068 /* Continuation fragments */ 1069 frag = &skb_shinfo(skb)->frag_list; 1070 while (len) { 1071 struct sk_buff *tmp; 1072 1073 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1074 0, 0); 1075 if (IS_ERR(tmp)) { 1076 kfree_skb(skb); 1077 return PTR_ERR(tmp); 1078 } 1079 1080 *frag = tmp; 1081 1082 len -= tmp->len; 1083 1084 skb->len += tmp->len; 1085 skb->data_len += tmp->len; 1086 1087 BT_DBG("frag %p len %d", *frag, tmp->len); 1088 1089 frag = &(*frag)->next; 1090 } 1091 1092 lock_sock(sk); 1093 1094 if (sk->sk_state == BT_CONNECTED) 1095 err = iso_send_frame(sk, skb); 1096 else 1097 err = -ENOTCONN; 1098 1099 release_sock(sk); 1100 1101 if (err < 0) 1102 kfree_skb(skb); 1103 return err; 1104 } 1105 1106 static void iso_conn_defer_accept(struct hci_conn *conn) 1107 { 1108 struct hci_cp_le_accept_cis cp; 1109 struct hci_dev *hdev = conn->hdev; 1110 1111 BT_DBG("conn %p", conn); 1112 1113 conn->state = BT_CONFIG; 1114 1115 cp.handle = cpu_to_le16(conn->handle); 1116 1117 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1118 } 1119 1120 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1121 size_t len, int flags) 1122 { 1123 struct sock *sk = sock->sk; 1124 struct iso_pinfo *pi = iso_pi(sk); 1125 1126 BT_DBG("sk %p", sk); 1127 1128 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1129 switch (sk->sk_state) { 1130 case BT_CONNECT2: 1131 lock_sock(sk); 1132 iso_conn_defer_accept(pi->conn->hcon); 1133 sk->sk_state = BT_CONFIG; 1134 release_sock(sk); 1135 return 0; 1136 case BT_CONNECT: 1137 return iso_connect_cis(sk); 1138 } 1139 } 1140 1141 return bt_sock_recvmsg(sock, msg, len, flags); 1142 } 1143 1144 static bool check_io_qos(struct bt_iso_io_qos *qos) 1145 { 1146 /* If no PHY is enable SDU must be 0 */ 1147 if (!qos->phy && qos->sdu) 1148 return false; 1149 1150 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1151 return false; 1152 1153 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1154 return false; 1155 1156 if (qos->phy > BT_ISO_PHY_ANY) 1157 return false; 1158 1159 return true; 1160 } 1161 1162 static bool check_qos(struct bt_iso_qos *qos) 1163 { 1164 if (qos->sca > 0x07) 1165 return false; 1166 1167 if (qos->packing > 0x01) 1168 return false; 1169 1170 if (qos->framing > 0x01) 1171 return false; 1172 1173 if (!check_io_qos(&qos->in)) 1174 return false; 1175 1176 if (!check_io_qos(&qos->out)) 1177 return false; 1178 1179 return true; 1180 } 1181 1182 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1183 sockptr_t optval, unsigned int optlen) 1184 { 1185 struct sock *sk = sock->sk; 1186 int len, err = 0; 1187 struct bt_iso_qos qos; 1188 u32 opt; 1189 1190 BT_DBG("sk %p", sk); 1191 1192 lock_sock(sk); 1193 1194 switch (optname) { 1195 case BT_DEFER_SETUP: 1196 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1197 err = -EINVAL; 1198 break; 1199 } 1200 1201 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1202 err = -EFAULT; 1203 break; 1204 } 1205 1206 if (opt) 1207 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1208 else 1209 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1210 break; 1211 1212 case BT_ISO_QOS: 1213 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1214 sk->sk_state != BT_CONNECT2) { 1215 err = -EINVAL; 1216 break; 1217 } 1218 1219 len = min_t(unsigned int, sizeof(qos), optlen); 1220 if (len != sizeof(qos)) { 1221 err = -EINVAL; 1222 break; 1223 } 1224 1225 memset(&qos, 0, sizeof(qos)); 1226 1227 if (copy_from_sockptr(&qos, optval, len)) { 1228 err = -EFAULT; 1229 break; 1230 } 1231 1232 if (!check_qos(&qos)) { 1233 err = -EINVAL; 1234 break; 1235 } 1236 1237 iso_pi(sk)->qos = qos; 1238 1239 break; 1240 1241 case BT_ISO_BASE: 1242 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1243 sk->sk_state != BT_CONNECT2) { 1244 err = -EINVAL; 1245 break; 1246 } 1247 1248 if (optlen > sizeof(iso_pi(sk)->base)) { 1249 err = -EOVERFLOW; 1250 break; 1251 } 1252 1253 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1254 1255 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1256 err = -EFAULT; 1257 break; 1258 } 1259 1260 iso_pi(sk)->base_len = len; 1261 1262 break; 1263 1264 default: 1265 err = -ENOPROTOOPT; 1266 break; 1267 } 1268 1269 release_sock(sk); 1270 return err; 1271 } 1272 1273 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1274 char __user *optval, int __user *optlen) 1275 { 1276 struct sock *sk = sock->sk; 1277 int len, err = 0; 1278 struct bt_iso_qos *qos; 1279 u8 base_len; 1280 u8 *base; 1281 1282 BT_DBG("sk %p", sk); 1283 1284 if (get_user(len, optlen)) 1285 return -EFAULT; 1286 1287 lock_sock(sk); 1288 1289 switch (optname) { 1290 case BT_DEFER_SETUP: 1291 if (sk->sk_state == BT_CONNECTED) { 1292 err = -EINVAL; 1293 break; 1294 } 1295 1296 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1297 (u32 __user *)optval)) 1298 err = -EFAULT; 1299 1300 break; 1301 1302 case BT_ISO_QOS: 1303 qos = iso_sock_get_qos(sk); 1304 1305 len = min_t(unsigned int, len, sizeof(*qos)); 1306 if (copy_to_user(optval, qos, len)) 1307 err = -EFAULT; 1308 1309 break; 1310 1311 case BT_ISO_BASE: 1312 if (sk->sk_state == BT_CONNECTED) { 1313 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1314 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1315 } else { 1316 base_len = iso_pi(sk)->base_len; 1317 base = iso_pi(sk)->base; 1318 } 1319 1320 len = min_t(unsigned int, len, base_len); 1321 if (copy_to_user(optval, base, len)) 1322 err = -EFAULT; 1323 1324 break; 1325 1326 default: 1327 err = -ENOPROTOOPT; 1328 break; 1329 } 1330 1331 release_sock(sk); 1332 return err; 1333 } 1334 1335 static int iso_sock_shutdown(struct socket *sock, int how) 1336 { 1337 struct sock *sk = sock->sk; 1338 int err = 0; 1339 1340 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1341 1342 if (!sk) 1343 return 0; 1344 1345 sock_hold(sk); 1346 lock_sock(sk); 1347 1348 switch (how) { 1349 case SHUT_RD: 1350 if (sk->sk_shutdown & RCV_SHUTDOWN) 1351 goto unlock; 1352 sk->sk_shutdown |= RCV_SHUTDOWN; 1353 break; 1354 case SHUT_WR: 1355 if (sk->sk_shutdown & SEND_SHUTDOWN) 1356 goto unlock; 1357 sk->sk_shutdown |= SEND_SHUTDOWN; 1358 break; 1359 case SHUT_RDWR: 1360 if (sk->sk_shutdown & SHUTDOWN_MASK) 1361 goto unlock; 1362 sk->sk_shutdown |= SHUTDOWN_MASK; 1363 break; 1364 } 1365 1366 iso_sock_clear_timer(sk); 1367 __iso_sock_close(sk); 1368 1369 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1370 !(current->flags & PF_EXITING)) 1371 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1372 1373 unlock: 1374 release_sock(sk); 1375 sock_put(sk); 1376 1377 return err; 1378 } 1379 1380 static int iso_sock_release(struct socket *sock) 1381 { 1382 struct sock *sk = sock->sk; 1383 int err = 0; 1384 1385 BT_DBG("sock %p, sk %p", sock, sk); 1386 1387 if (!sk) 1388 return 0; 1389 1390 iso_sock_close(sk); 1391 1392 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1393 !(current->flags & PF_EXITING)) { 1394 lock_sock(sk); 1395 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1396 release_sock(sk); 1397 } 1398 1399 sock_orphan(sk); 1400 iso_sock_kill(sk); 1401 return err; 1402 } 1403 1404 static void iso_sock_ready(struct sock *sk) 1405 { 1406 BT_DBG("sk %p", sk); 1407 1408 if (!sk) 1409 return; 1410 1411 lock_sock(sk); 1412 iso_sock_clear_timer(sk); 1413 sk->sk_state = BT_CONNECTED; 1414 sk->sk_state_change(sk); 1415 release_sock(sk); 1416 } 1417 1418 struct iso_list_data { 1419 struct hci_conn *hcon; 1420 int count; 1421 }; 1422 1423 static bool iso_match_big(struct sock *sk, void *data) 1424 { 1425 struct hci_evt_le_big_sync_estabilished *ev = data; 1426 1427 return ev->handle == iso_pi(sk)->qos.big; 1428 } 1429 1430 static void iso_conn_ready(struct iso_conn *conn) 1431 { 1432 struct sock *parent; 1433 struct sock *sk = conn->sk; 1434 struct hci_ev_le_big_sync_estabilished *ev; 1435 1436 BT_DBG("conn %p", conn); 1437 1438 if (sk) { 1439 iso_sock_ready(conn->sk); 1440 } else { 1441 iso_conn_lock(conn); 1442 1443 if (!conn->hcon) { 1444 iso_conn_unlock(conn); 1445 return; 1446 } 1447 1448 ev = hci_recv_event_data(conn->hcon->hdev, 1449 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1450 if (ev) 1451 parent = iso_get_sock_listen(&conn->hcon->src, 1452 &conn->hcon->dst, 1453 iso_match_big, ev); 1454 else 1455 parent = iso_get_sock_listen(&conn->hcon->src, 1456 BDADDR_ANY, NULL, NULL); 1457 1458 if (!parent) { 1459 iso_conn_unlock(conn); 1460 return; 1461 } 1462 1463 lock_sock(parent); 1464 1465 sk = iso_sock_alloc(sock_net(parent), NULL, 1466 BTPROTO_ISO, GFP_ATOMIC, 0); 1467 if (!sk) { 1468 release_sock(parent); 1469 iso_conn_unlock(conn); 1470 return; 1471 } 1472 1473 iso_sock_init(sk, parent); 1474 1475 bacpy(&iso_pi(sk)->src, &conn->hcon->src); 1476 iso_pi(sk)->src_type = conn->hcon->src_type; 1477 1478 /* If hcon has no destination address (BDADDR_ANY) it means it 1479 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1480 * initialize using the parent socket destination address. 1481 */ 1482 if (!bacmp(&conn->hcon->dst, BDADDR_ANY)) { 1483 bacpy(&conn->hcon->dst, &iso_pi(parent)->dst); 1484 conn->hcon->dst_type = iso_pi(parent)->dst_type; 1485 conn->hcon->sync_handle = iso_pi(parent)->sync_handle; 1486 } 1487 1488 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst); 1489 iso_pi(sk)->dst_type = conn->hcon->dst_type; 1490 1491 hci_conn_hold(conn->hcon); 1492 __iso_chan_add(conn, sk, parent); 1493 1494 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1495 sk->sk_state = BT_CONNECT2; 1496 else 1497 sk->sk_state = BT_CONNECTED; 1498 1499 /* Wake up parent */ 1500 parent->sk_data_ready(parent); 1501 1502 release_sock(parent); 1503 1504 iso_conn_unlock(conn); 1505 } 1506 } 1507 1508 static bool iso_match_sid(struct sock *sk, void *data) 1509 { 1510 struct hci_ev_le_pa_sync_established *ev = data; 1511 1512 return ev->sid == iso_pi(sk)->bc_sid; 1513 } 1514 1515 static bool iso_match_sync_handle(struct sock *sk, void *data) 1516 { 1517 struct hci_evt_le_big_info_adv_report *ev = data; 1518 1519 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1520 } 1521 1522 /* ----- ISO interface with lower layer (HCI) ----- */ 1523 1524 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1525 { 1526 struct hci_ev_le_pa_sync_established *ev1; 1527 struct hci_evt_le_big_info_adv_report *ev2; 1528 struct sock *sk; 1529 int lm = 0; 1530 1531 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1532 1533 /* Broadcast receiver requires handling of some events before it can 1534 * proceed to establishing a BIG sync: 1535 * 1536 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1537 * SID to listen to and once sync is estabilished its handle needs to 1538 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1539 * receiving the BIG Info. 1540 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1541 * a BIG Info it attempts to check if there any listening socket with 1542 * the same sync_handle and if it does then attempt to create a sync. 1543 */ 1544 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1545 if (ev1) { 1546 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1547 ev1); 1548 if (sk) 1549 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1550 1551 goto done; 1552 } 1553 1554 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1555 if (ev2) { 1556 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1557 iso_match_sync_handle, ev2); 1558 if (sk) { 1559 int err; 1560 1561 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1562 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1563 1564 err = hci_le_big_create_sync(hdev, 1565 &iso_pi(sk)->qos, 1566 iso_pi(sk)->sync_handle, 1567 iso_pi(sk)->bc_num_bis, 1568 iso_pi(sk)->bc_bis); 1569 if (err) { 1570 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1571 err); 1572 sk = NULL; 1573 } 1574 } 1575 } else { 1576 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1577 } 1578 1579 done: 1580 if (!sk) 1581 return lm; 1582 1583 lm |= HCI_LM_ACCEPT; 1584 1585 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1586 *flags |= HCI_PROTO_DEFER; 1587 1588 return lm; 1589 } 1590 1591 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1592 { 1593 if (hcon->type != ISO_LINK) { 1594 if (hcon->type != LE_LINK) 1595 return; 1596 1597 /* Check if LE link has failed */ 1598 if (status) { 1599 if (hcon->link) 1600 iso_conn_del(hcon->link, bt_to_errno(status)); 1601 return; 1602 } 1603 1604 /* Create CIS if pending */ 1605 hci_le_create_cis(hcon); 1606 return; 1607 } 1608 1609 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1610 1611 if (!status) { 1612 struct iso_conn *conn; 1613 1614 conn = iso_conn_add(hcon); 1615 if (conn) 1616 iso_conn_ready(conn); 1617 } else { 1618 iso_conn_del(hcon, bt_to_errno(status)); 1619 } 1620 } 1621 1622 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1623 { 1624 if (hcon->type != ISO_LINK) 1625 return; 1626 1627 BT_DBG("hcon %p reason %d", hcon, reason); 1628 1629 iso_conn_del(hcon, bt_to_errno(reason)); 1630 } 1631 1632 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1633 { 1634 struct iso_conn *conn = hcon->iso_data; 1635 struct hci_iso_data_hdr *hdr; 1636 __u16 pb, ts, len; 1637 1638 if (!conn) 1639 goto drop; 1640 1641 pb = hci_iso_flags_pb(flags); 1642 ts = hci_iso_flags_ts(flags); 1643 1644 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1645 1646 switch (pb) { 1647 case ISO_START: 1648 case ISO_SINGLE: 1649 if (conn->rx_len) { 1650 BT_ERR("Unexpected start frame (len %d)", skb->len); 1651 kfree_skb(conn->rx_skb); 1652 conn->rx_skb = NULL; 1653 conn->rx_len = 0; 1654 } 1655 1656 if (ts) { 1657 /* TODO: add timestamp to the packet? */ 1658 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1659 if (!hdr) { 1660 BT_ERR("Frame is too short (len %d)", skb->len); 1661 goto drop; 1662 } 1663 1664 } else { 1665 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1666 if (!hdr) { 1667 BT_ERR("Frame is too short (len %d)", skb->len); 1668 goto drop; 1669 } 1670 } 1671 1672 len = __le16_to_cpu(hdr->slen); 1673 flags = hci_iso_data_flags(len); 1674 len = hci_iso_data_len(len); 1675 1676 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1677 skb->len, flags); 1678 1679 if (len == skb->len) { 1680 /* Complete frame received */ 1681 iso_recv_frame(conn, skb); 1682 return; 1683 } 1684 1685 if (pb == ISO_SINGLE) { 1686 BT_ERR("Frame malformed (len %d, expected len %d)", 1687 skb->len, len); 1688 goto drop; 1689 } 1690 1691 if (skb->len > len) { 1692 BT_ERR("Frame is too long (len %d, expected len %d)", 1693 skb->len, len); 1694 goto drop; 1695 } 1696 1697 /* Allocate skb for the complete frame (with header) */ 1698 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1699 if (!conn->rx_skb) 1700 goto drop; 1701 1702 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1703 skb->len); 1704 conn->rx_len = len - skb->len; 1705 break; 1706 1707 case ISO_CONT: 1708 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1709 conn->rx_len); 1710 1711 if (!conn->rx_len) { 1712 BT_ERR("Unexpected continuation frame (len %d)", 1713 skb->len); 1714 goto drop; 1715 } 1716 1717 if (skb->len > conn->rx_len) { 1718 BT_ERR("Fragment is too long (len %d, expected %d)", 1719 skb->len, conn->rx_len); 1720 kfree_skb(conn->rx_skb); 1721 conn->rx_skb = NULL; 1722 conn->rx_len = 0; 1723 goto drop; 1724 } 1725 1726 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1727 skb->len); 1728 conn->rx_len -= skb->len; 1729 return; 1730 1731 case ISO_END: 1732 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1733 skb->len); 1734 conn->rx_len -= skb->len; 1735 1736 if (!conn->rx_len) { 1737 struct sk_buff *rx_skb = conn->rx_skb; 1738 1739 /* Complete frame received. iso_recv_frame 1740 * takes ownership of the skb so set the global 1741 * rx_skb pointer to NULL first. 1742 */ 1743 conn->rx_skb = NULL; 1744 iso_recv_frame(conn, rx_skb); 1745 } 1746 break; 1747 } 1748 1749 drop: 1750 kfree_skb(skb); 1751 } 1752 1753 static struct hci_cb iso_cb = { 1754 .name = "ISO", 1755 .connect_cfm = iso_connect_cfm, 1756 .disconn_cfm = iso_disconn_cfm, 1757 }; 1758 1759 static int iso_debugfs_show(struct seq_file *f, void *p) 1760 { 1761 struct sock *sk; 1762 1763 read_lock(&iso_sk_list.lock); 1764 1765 sk_for_each(sk, &iso_sk_list.head) { 1766 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1767 &iso_pi(sk)->dst, sk->sk_state); 1768 } 1769 1770 read_unlock(&iso_sk_list.lock); 1771 1772 return 0; 1773 } 1774 1775 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1776 1777 static struct dentry *iso_debugfs; 1778 1779 static const struct proto_ops iso_sock_ops = { 1780 .family = PF_BLUETOOTH, 1781 .owner = THIS_MODULE, 1782 .release = iso_sock_release, 1783 .bind = iso_sock_bind, 1784 .connect = iso_sock_connect, 1785 .listen = iso_sock_listen, 1786 .accept = iso_sock_accept, 1787 .getname = iso_sock_getname, 1788 .sendmsg = iso_sock_sendmsg, 1789 .recvmsg = iso_sock_recvmsg, 1790 .poll = bt_sock_poll, 1791 .ioctl = bt_sock_ioctl, 1792 .mmap = sock_no_mmap, 1793 .socketpair = sock_no_socketpair, 1794 .shutdown = iso_sock_shutdown, 1795 .setsockopt = iso_sock_setsockopt, 1796 .getsockopt = iso_sock_getsockopt 1797 }; 1798 1799 static const struct net_proto_family iso_sock_family_ops = { 1800 .family = PF_BLUETOOTH, 1801 .owner = THIS_MODULE, 1802 .create = iso_sock_create, 1803 }; 1804 1805 static bool iso_inited; 1806 1807 bool iso_enabled(void) 1808 { 1809 return iso_inited; 1810 } 1811 1812 int iso_init(void) 1813 { 1814 int err; 1815 1816 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1817 1818 if (iso_inited) 1819 return -EALREADY; 1820 1821 err = proto_register(&iso_proto, 0); 1822 if (err < 0) 1823 return err; 1824 1825 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1826 if (err < 0) { 1827 BT_ERR("ISO socket registration failed"); 1828 goto error; 1829 } 1830 1831 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1832 if (err < 0) { 1833 BT_ERR("Failed to create ISO proc file"); 1834 bt_sock_unregister(BTPROTO_ISO); 1835 goto error; 1836 } 1837 1838 BT_INFO("ISO socket layer initialized"); 1839 1840 hci_register_cb(&iso_cb); 1841 1842 if (IS_ERR_OR_NULL(bt_debugfs)) 1843 return 0; 1844 1845 if (!iso_debugfs) { 1846 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1847 NULL, &iso_debugfs_fops); 1848 } 1849 1850 iso_inited = true; 1851 1852 return 0; 1853 1854 error: 1855 proto_unregister(&iso_proto); 1856 return err; 1857 } 1858 1859 int iso_exit(void) 1860 { 1861 if (!iso_inited) 1862 return -EALREADY; 1863 1864 bt_procfs_cleanup(&init_net, "iso"); 1865 1866 debugfs_remove(iso_debugfs); 1867 iso_debugfs = NULL; 1868 1869 hci_unregister_cb(&iso_cb); 1870 1871 bt_sock_unregister(BTPROTO_ISO); 1872 1873 proto_unregister(&iso_proto); 1874 1875 iso_inited = false; 1876 1877 return 0; 1878 } 1879