1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023 NXP 7 */ 8 9 #include <linux/module.h> 10 #include <linux/debugfs.h> 11 #include <linux/seq_file.h> 12 #include <linux/sched/signal.h> 13 14 #include <net/bluetooth/bluetooth.h> 15 #include <net/bluetooth/hci_core.h> 16 #include <net/bluetooth/iso.h> 17 #include "eir.h" 18 19 static const struct proto_ops iso_sock_ops; 20 21 static struct bt_sock_list iso_sk_list = { 22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 23 }; 24 25 /* ---- ISO connections ---- */ 26 struct iso_conn { 27 struct hci_conn *hcon; 28 29 /* @lock: spinlock protecting changes to iso_conn fields */ 30 spinlock_t lock; 31 struct sock *sk; 32 33 struct delayed_work timeout_work; 34 35 struct sk_buff *rx_skb; 36 __u32 rx_len; 37 __u16 tx_sn; 38 }; 39 40 #define iso_conn_lock(c) spin_lock(&(c)->lock) 41 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 42 43 static void iso_sock_close(struct sock *sk); 44 static void iso_sock_kill(struct sock *sk); 45 46 /* ----- ISO socket info ----- */ 47 #define iso_pi(sk) ((struct iso_pinfo *)sk) 48 49 #define EIR_SERVICE_DATA_LENGTH 4 50 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 51 #define EIR_BAA_SERVICE_UUID 0x1851 52 53 /* iso_pinfo flags values */ 54 enum { 55 BT_SK_BIG_SYNC, 56 BT_SK_PA_SYNC, 57 }; 58 59 struct iso_pinfo { 60 struct bt_sock bt; 61 bdaddr_t src; 62 __u8 src_type; 63 bdaddr_t dst; 64 __u8 dst_type; 65 __u8 bc_sid; 66 __u8 bc_num_bis; 67 __u8 bc_bis[ISO_MAX_NUM_BIS]; 68 __u16 sync_handle; 69 unsigned long flags; 70 struct bt_iso_qos qos; 71 bool qos_user_set; 72 __u8 base_len; 73 __u8 base[BASE_MAX_LENGTH]; 74 struct iso_conn *conn; 75 }; 76 77 static struct bt_iso_qos default_qos; 78 79 static bool check_ucast_qos(struct bt_iso_qos *qos); 80 static bool check_bcast_qos(struct bt_iso_qos *qos); 81 static bool iso_match_sid(struct sock *sk, void *data); 82 static bool iso_match_sync_handle(struct sock *sk, void *data); 83 static void iso_sock_disconn(struct sock *sk); 84 85 /* ---- ISO timers ---- */ 86 #define ISO_CONN_TIMEOUT (HZ * 40) 87 #define ISO_DISCONN_TIMEOUT (HZ * 2) 88 89 static void iso_sock_timeout(struct work_struct *work) 90 { 91 struct iso_conn *conn = container_of(work, struct iso_conn, 92 timeout_work.work); 93 struct sock *sk; 94 95 iso_conn_lock(conn); 96 sk = conn->sk; 97 if (sk) 98 sock_hold(sk); 99 iso_conn_unlock(conn); 100 101 if (!sk) 102 return; 103 104 BT_DBG("sock %p state %d", sk, sk->sk_state); 105 106 lock_sock(sk); 107 sk->sk_err = ETIMEDOUT; 108 sk->sk_state_change(sk); 109 release_sock(sk); 110 sock_put(sk); 111 } 112 113 static void iso_sock_set_timer(struct sock *sk, long timeout) 114 { 115 if (!iso_pi(sk)->conn) 116 return; 117 118 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 119 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 120 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 121 } 122 123 static void iso_sock_clear_timer(struct sock *sk) 124 { 125 if (!iso_pi(sk)->conn) 126 return; 127 128 BT_DBG("sock %p state %d", sk, sk->sk_state); 129 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 130 } 131 132 /* ---- ISO connections ---- */ 133 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 134 { 135 struct iso_conn *conn = hcon->iso_data; 136 137 if (conn) { 138 if (!conn->hcon) 139 conn->hcon = hcon; 140 return conn; 141 } 142 143 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 144 if (!conn) 145 return NULL; 146 147 spin_lock_init(&conn->lock); 148 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 149 150 hcon->iso_data = conn; 151 conn->hcon = hcon; 152 conn->tx_sn = 0; 153 154 BT_DBG("hcon %p conn %p", hcon, conn); 155 156 return conn; 157 } 158 159 /* Delete channel. Must be called on the locked socket. */ 160 static void iso_chan_del(struct sock *sk, int err) 161 { 162 struct iso_conn *conn; 163 struct sock *parent; 164 165 conn = iso_pi(sk)->conn; 166 167 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 168 169 if (conn) { 170 iso_conn_lock(conn); 171 conn->sk = NULL; 172 iso_pi(sk)->conn = NULL; 173 iso_conn_unlock(conn); 174 175 if (conn->hcon) 176 hci_conn_drop(conn->hcon); 177 } 178 179 sk->sk_state = BT_CLOSED; 180 sk->sk_err = err; 181 182 parent = bt_sk(sk)->parent; 183 if (parent) { 184 bt_accept_unlink(sk); 185 parent->sk_data_ready(parent); 186 } else { 187 sk->sk_state_change(sk); 188 } 189 190 sock_set_flag(sk, SOCK_ZAPPED); 191 } 192 193 static void iso_conn_del(struct hci_conn *hcon, int err) 194 { 195 struct iso_conn *conn = hcon->iso_data; 196 struct sock *sk; 197 198 if (!conn) 199 return; 200 201 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 202 203 /* Kill socket */ 204 iso_conn_lock(conn); 205 sk = conn->sk; 206 if (sk) 207 sock_hold(sk); 208 iso_conn_unlock(conn); 209 210 if (sk) { 211 lock_sock(sk); 212 iso_sock_clear_timer(sk); 213 iso_chan_del(sk, err); 214 release_sock(sk); 215 sock_put(sk); 216 } 217 218 /* Ensure no more work items will run before freeing conn. */ 219 cancel_delayed_work_sync(&conn->timeout_work); 220 221 hcon->iso_data = NULL; 222 kfree(conn); 223 } 224 225 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 226 struct sock *parent) 227 { 228 BT_DBG("conn %p", conn); 229 230 if (iso_pi(sk)->conn == conn && conn->sk == sk) 231 return 0; 232 233 if (conn->sk) { 234 BT_ERR("conn->sk already set"); 235 return -EBUSY; 236 } 237 238 iso_pi(sk)->conn = conn; 239 conn->sk = sk; 240 241 if (parent) 242 bt_accept_enqueue(parent, sk, true); 243 244 return 0; 245 } 246 247 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 248 struct sock *parent) 249 { 250 int err; 251 252 iso_conn_lock(conn); 253 err = __iso_chan_add(conn, sk, parent); 254 iso_conn_unlock(conn); 255 256 return err; 257 } 258 259 static inline u8 le_addr_type(u8 bdaddr_type) 260 { 261 if (bdaddr_type == BDADDR_LE_PUBLIC) 262 return ADDR_LE_DEV_PUBLIC; 263 else 264 return ADDR_LE_DEV_RANDOM; 265 } 266 267 static int iso_connect_bis(struct sock *sk) 268 { 269 struct iso_conn *conn; 270 struct hci_conn *hcon; 271 struct hci_dev *hdev; 272 int err; 273 274 BT_DBG("%pMR", &iso_pi(sk)->src); 275 276 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 277 iso_pi(sk)->src_type); 278 if (!hdev) 279 return -EHOSTUNREACH; 280 281 hci_dev_lock(hdev); 282 283 if (!bis_capable(hdev)) { 284 err = -EOPNOTSUPP; 285 goto unlock; 286 } 287 288 /* Fail if user set invalid QoS */ 289 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 290 iso_pi(sk)->qos = default_qos; 291 err = -EINVAL; 292 goto unlock; 293 } 294 295 /* Fail if out PHYs are marked as disabled */ 296 if (!iso_pi(sk)->qos.bcast.out.phy) { 297 err = -EINVAL; 298 goto unlock; 299 } 300 301 /* Just bind if DEFER_SETUP has been set */ 302 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 303 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, 304 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 305 iso_pi(sk)->base); 306 if (IS_ERR(hcon)) { 307 err = PTR_ERR(hcon); 308 goto unlock; 309 } 310 } else { 311 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 312 le_addr_type(iso_pi(sk)->dst_type), 313 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 314 iso_pi(sk)->base); 315 if (IS_ERR(hcon)) { 316 err = PTR_ERR(hcon); 317 goto unlock; 318 } 319 } 320 321 conn = iso_conn_add(hcon); 322 if (!conn) { 323 hci_conn_drop(hcon); 324 err = -ENOMEM; 325 goto unlock; 326 } 327 328 lock_sock(sk); 329 330 err = iso_chan_add(conn, sk, NULL); 331 if (err) { 332 release_sock(sk); 333 goto unlock; 334 } 335 336 /* Update source addr of the socket */ 337 bacpy(&iso_pi(sk)->src, &hcon->src); 338 339 if (hcon->state == BT_CONNECTED) { 340 iso_sock_clear_timer(sk); 341 sk->sk_state = BT_CONNECTED; 342 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 343 iso_sock_clear_timer(sk); 344 sk->sk_state = BT_CONNECT; 345 } else { 346 sk->sk_state = BT_CONNECT; 347 iso_sock_set_timer(sk, sk->sk_sndtimeo); 348 } 349 350 release_sock(sk); 351 352 unlock: 353 hci_dev_unlock(hdev); 354 hci_dev_put(hdev); 355 return err; 356 } 357 358 static int iso_connect_cis(struct sock *sk) 359 { 360 struct iso_conn *conn; 361 struct hci_conn *hcon; 362 struct hci_dev *hdev; 363 int err; 364 365 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 366 367 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 368 iso_pi(sk)->src_type); 369 if (!hdev) 370 return -EHOSTUNREACH; 371 372 hci_dev_lock(hdev); 373 374 if (!cis_central_capable(hdev)) { 375 err = -EOPNOTSUPP; 376 goto unlock; 377 } 378 379 /* Fail if user set invalid QoS */ 380 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 381 iso_pi(sk)->qos = default_qos; 382 err = -EINVAL; 383 goto unlock; 384 } 385 386 /* Fail if either PHYs are marked as disabled */ 387 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 388 err = -EINVAL; 389 goto unlock; 390 } 391 392 /* Just bind if DEFER_SETUP has been set */ 393 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 394 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 395 le_addr_type(iso_pi(sk)->dst_type), 396 &iso_pi(sk)->qos); 397 if (IS_ERR(hcon)) { 398 err = PTR_ERR(hcon); 399 goto unlock; 400 } 401 } else { 402 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 403 le_addr_type(iso_pi(sk)->dst_type), 404 &iso_pi(sk)->qos); 405 if (IS_ERR(hcon)) { 406 err = PTR_ERR(hcon); 407 goto unlock; 408 } 409 } 410 411 conn = iso_conn_add(hcon); 412 if (!conn) { 413 hci_conn_drop(hcon); 414 err = -ENOMEM; 415 goto unlock; 416 } 417 418 lock_sock(sk); 419 420 err = iso_chan_add(conn, sk, NULL); 421 if (err) { 422 release_sock(sk); 423 goto unlock; 424 } 425 426 /* Update source addr of the socket */ 427 bacpy(&iso_pi(sk)->src, &hcon->src); 428 429 if (hcon->state == BT_CONNECTED) { 430 iso_sock_clear_timer(sk); 431 sk->sk_state = BT_CONNECTED; 432 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 433 iso_sock_clear_timer(sk); 434 sk->sk_state = BT_CONNECT; 435 } else { 436 sk->sk_state = BT_CONNECT; 437 iso_sock_set_timer(sk, sk->sk_sndtimeo); 438 } 439 440 release_sock(sk); 441 442 unlock: 443 hci_dev_unlock(hdev); 444 hci_dev_put(hdev); 445 return err; 446 } 447 448 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 449 { 450 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 451 return &iso_pi(sk)->conn->hcon->iso_qos; 452 453 return &iso_pi(sk)->qos; 454 } 455 456 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 457 { 458 struct iso_conn *conn = iso_pi(sk)->conn; 459 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 460 struct hci_iso_data_hdr *hdr; 461 int len = 0; 462 463 BT_DBG("sk %p len %d", sk, skb->len); 464 465 if (skb->len > qos->ucast.out.sdu) 466 return -EMSGSIZE; 467 468 len = skb->len; 469 470 /* Push ISO data header */ 471 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 472 hdr->sn = cpu_to_le16(conn->tx_sn++); 473 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 474 HCI_ISO_STATUS_VALID)); 475 476 if (sk->sk_state == BT_CONNECTED) 477 hci_send_iso(conn->hcon, skb); 478 else 479 len = -ENOTCONN; 480 481 return len; 482 } 483 484 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 485 { 486 struct sock *sk; 487 488 iso_conn_lock(conn); 489 sk = conn->sk; 490 iso_conn_unlock(conn); 491 492 if (!sk) 493 goto drop; 494 495 BT_DBG("sk %p len %d", sk, skb->len); 496 497 if (sk->sk_state != BT_CONNECTED) 498 goto drop; 499 500 if (!sock_queue_rcv_skb(sk, skb)) 501 return; 502 503 drop: 504 kfree_skb(skb); 505 } 506 507 /* -------- Socket interface ---------- */ 508 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst) 509 { 510 struct sock *sk; 511 512 sk_for_each(sk, &iso_sk_list.head) { 513 if (sk->sk_state != BT_LISTEN) 514 continue; 515 516 if (bacmp(&iso_pi(sk)->dst, dst)) 517 continue; 518 519 if (!bacmp(&iso_pi(sk)->src, src)) 520 return sk; 521 } 522 523 return NULL; 524 } 525 526 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 527 __u8 sid) 528 { 529 struct sock *sk; 530 531 sk_for_each(sk, &iso_sk_list.head) { 532 if (sk->sk_state != BT_LISTEN) 533 continue; 534 535 if (bacmp(&iso_pi(sk)->src, ba)) 536 continue; 537 538 if (bacmp(&iso_pi(sk)->dst, bc)) 539 continue; 540 541 if (iso_pi(sk)->bc_sid == sid) 542 return sk; 543 } 544 545 return NULL; 546 } 547 548 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 549 550 /* Find socket listening: 551 * source bdaddr (Unicast) 552 * destination bdaddr (Broadcast only) 553 * match func - pass NULL to ignore 554 * match func data - pass -1 to ignore 555 * Returns closest match. 556 */ 557 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 558 iso_sock_match_t match, void *data) 559 { 560 struct sock *sk = NULL, *sk1 = NULL; 561 562 read_lock(&iso_sk_list.lock); 563 564 sk_for_each(sk, &iso_sk_list.head) { 565 if (sk->sk_state != BT_LISTEN) 566 continue; 567 568 /* Match Broadcast destination */ 569 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 570 continue; 571 572 /* Use Match function if provided */ 573 if (match && !match(sk, data)) 574 continue; 575 576 /* Exact match. */ 577 if (!bacmp(&iso_pi(sk)->src, src)) 578 break; 579 580 /* Closest match */ 581 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 582 sk1 = sk; 583 } 584 585 read_unlock(&iso_sk_list.lock); 586 587 return sk ? sk : sk1; 588 } 589 590 static void iso_sock_destruct(struct sock *sk) 591 { 592 BT_DBG("sk %p", sk); 593 594 skb_queue_purge(&sk->sk_receive_queue); 595 skb_queue_purge(&sk->sk_write_queue); 596 } 597 598 static void iso_sock_cleanup_listen(struct sock *parent) 599 { 600 struct sock *sk; 601 602 BT_DBG("parent %p", parent); 603 604 /* Close not yet accepted channels */ 605 while ((sk = bt_accept_dequeue(parent, NULL))) { 606 iso_sock_close(sk); 607 iso_sock_kill(sk); 608 } 609 610 /* If listening socket stands for a PA sync connection, 611 * properly disconnect the hcon and socket. 612 */ 613 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon && 614 test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) { 615 iso_sock_disconn(parent); 616 return; 617 } 618 619 parent->sk_state = BT_CLOSED; 620 sock_set_flag(parent, SOCK_ZAPPED); 621 } 622 623 /* Kill socket (only if zapped and orphan) 624 * Must be called on unlocked socket. 625 */ 626 static void iso_sock_kill(struct sock *sk) 627 { 628 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 629 sock_flag(sk, SOCK_DEAD)) 630 return; 631 632 BT_DBG("sk %p state %d", sk, sk->sk_state); 633 634 /* Kill poor orphan */ 635 bt_sock_unlink(&iso_sk_list, sk); 636 sock_set_flag(sk, SOCK_DEAD); 637 sock_put(sk); 638 } 639 640 static void iso_sock_disconn(struct sock *sk) 641 { 642 sk->sk_state = BT_DISCONN; 643 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 644 iso_conn_lock(iso_pi(sk)->conn); 645 hci_conn_drop(iso_pi(sk)->conn->hcon); 646 iso_pi(sk)->conn->hcon = NULL; 647 iso_conn_unlock(iso_pi(sk)->conn); 648 } 649 650 static void __iso_sock_close(struct sock *sk) 651 { 652 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 653 654 switch (sk->sk_state) { 655 case BT_LISTEN: 656 iso_sock_cleanup_listen(sk); 657 break; 658 659 case BT_CONNECT: 660 case BT_CONNECTED: 661 case BT_CONFIG: 662 if (iso_pi(sk)->conn->hcon) 663 iso_sock_disconn(sk); 664 else 665 iso_chan_del(sk, ECONNRESET); 666 break; 667 668 case BT_CONNECT2: 669 if (iso_pi(sk)->conn->hcon && 670 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) || 671 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags))) 672 iso_sock_disconn(sk); 673 else 674 iso_chan_del(sk, ECONNRESET); 675 break; 676 case BT_DISCONN: 677 iso_chan_del(sk, ECONNRESET); 678 break; 679 680 default: 681 sock_set_flag(sk, SOCK_ZAPPED); 682 break; 683 } 684 } 685 686 /* Must be called on unlocked socket. */ 687 static void iso_sock_close(struct sock *sk) 688 { 689 iso_sock_clear_timer(sk); 690 lock_sock(sk); 691 __iso_sock_close(sk); 692 release_sock(sk); 693 iso_sock_kill(sk); 694 } 695 696 static void iso_sock_init(struct sock *sk, struct sock *parent) 697 { 698 BT_DBG("sk %p", sk); 699 700 if (parent) { 701 sk->sk_type = parent->sk_type; 702 bt_sk(sk)->flags = bt_sk(parent)->flags; 703 security_sk_clone(parent, sk); 704 } 705 } 706 707 static struct proto iso_proto = { 708 .name = "ISO", 709 .owner = THIS_MODULE, 710 .obj_size = sizeof(struct iso_pinfo) 711 }; 712 713 #define DEFAULT_IO_QOS \ 714 { \ 715 .interval = 10000u, \ 716 .latency = 10u, \ 717 .sdu = 40u, \ 718 .phy = BT_ISO_PHY_2M, \ 719 .rtn = 2u, \ 720 } 721 722 static struct bt_iso_qos default_qos = { 723 .bcast = { 724 .big = BT_ISO_QOS_BIG_UNSET, 725 .bis = BT_ISO_QOS_BIS_UNSET, 726 .sync_factor = 0x01, 727 .packing = 0x00, 728 .framing = 0x00, 729 .in = DEFAULT_IO_QOS, 730 .out = DEFAULT_IO_QOS, 731 .encryption = 0x00, 732 .bcode = {0x00}, 733 .options = 0x00, 734 .skip = 0x0000, 735 .sync_timeout = 0x4000, 736 .sync_cte_type = 0x00, 737 .mse = 0x00, 738 .timeout = 0x4000, 739 }, 740 }; 741 742 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 743 int proto, gfp_t prio, int kern) 744 { 745 struct sock *sk; 746 747 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern); 748 if (!sk) 749 return NULL; 750 751 sk->sk_destruct = iso_sock_destruct; 752 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 753 754 /* Set address type as public as default src address is BDADDR_ANY */ 755 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 756 757 iso_pi(sk)->qos = default_qos; 758 759 bt_sock_link(&iso_sk_list, sk); 760 return sk; 761 } 762 763 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 764 int kern) 765 { 766 struct sock *sk; 767 768 BT_DBG("sock %p", sock); 769 770 sock->state = SS_UNCONNECTED; 771 772 if (sock->type != SOCK_SEQPACKET) 773 return -ESOCKTNOSUPPORT; 774 775 sock->ops = &iso_sock_ops; 776 777 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 778 if (!sk) 779 return -ENOMEM; 780 781 iso_sock_init(sk, NULL); 782 return 0; 783 } 784 785 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 786 int addr_len) 787 { 788 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 789 struct sock *sk = sock->sk; 790 int i; 791 792 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 793 sa->iso_bc->bc_num_bis); 794 795 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc)) 796 return -EINVAL; 797 798 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 799 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 800 iso_pi(sk)->sync_handle = -1; 801 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 802 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 803 804 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 805 if (sa->iso_bc->bc_bis[i] < 0x01 || 806 sa->iso_bc->bc_bis[i] > 0x1f) 807 return -EINVAL; 808 809 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 810 iso_pi(sk)->bc_num_bis); 811 } 812 813 return 0; 814 } 815 816 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 817 int addr_len) 818 { 819 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 820 struct sock *sk = sock->sk; 821 int err = 0; 822 823 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 824 825 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 826 addr->sa_family != AF_BLUETOOTH) 827 return -EINVAL; 828 829 lock_sock(sk); 830 831 if (sk->sk_state != BT_OPEN) { 832 err = -EBADFD; 833 goto done; 834 } 835 836 if (sk->sk_type != SOCK_SEQPACKET) { 837 err = -EINVAL; 838 goto done; 839 } 840 841 /* Check if the address type is of LE type */ 842 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 843 err = -EINVAL; 844 goto done; 845 } 846 847 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 848 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 849 850 /* Check for Broadcast address */ 851 if (addr_len > sizeof(*sa)) { 852 err = iso_sock_bind_bc(sock, addr, addr_len); 853 if (err) 854 goto done; 855 } 856 857 sk->sk_state = BT_BOUND; 858 859 done: 860 release_sock(sk); 861 return err; 862 } 863 864 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 865 int alen, int flags) 866 { 867 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 868 struct sock *sk = sock->sk; 869 int err; 870 871 BT_DBG("sk %p", sk); 872 873 if (alen < sizeof(struct sockaddr_iso) || 874 addr->sa_family != AF_BLUETOOTH) 875 return -EINVAL; 876 877 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 878 return -EBADFD; 879 880 if (sk->sk_type != SOCK_SEQPACKET) 881 return -EINVAL; 882 883 /* Check if the address type is of LE type */ 884 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 885 return -EINVAL; 886 887 lock_sock(sk); 888 889 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 890 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 891 892 release_sock(sk); 893 894 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 895 err = iso_connect_cis(sk); 896 else 897 err = iso_connect_bis(sk); 898 899 if (err) 900 return err; 901 902 lock_sock(sk); 903 904 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 905 err = bt_sock_wait_state(sk, BT_CONNECTED, 906 sock_sndtimeo(sk, flags & O_NONBLOCK)); 907 } 908 909 release_sock(sk); 910 return err; 911 } 912 913 static int iso_listen_bis(struct sock *sk) 914 { 915 struct hci_dev *hdev; 916 int err = 0; 917 918 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 919 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 920 921 write_lock(&iso_sk_list.lock); 922 923 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 924 iso_pi(sk)->bc_sid)) 925 err = -EADDRINUSE; 926 927 write_unlock(&iso_sk_list.lock); 928 929 if (err) 930 return err; 931 932 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 933 iso_pi(sk)->src_type); 934 if (!hdev) 935 return -EHOSTUNREACH; 936 937 /* Fail if user set invalid QoS */ 938 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 939 iso_pi(sk)->qos = default_qos; 940 return -EINVAL; 941 } 942 943 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 944 le_addr_type(iso_pi(sk)->dst_type), 945 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 946 947 hci_dev_put(hdev); 948 949 return err; 950 } 951 952 static int iso_listen_cis(struct sock *sk) 953 { 954 int err = 0; 955 956 BT_DBG("%pMR", &iso_pi(sk)->src); 957 958 write_lock(&iso_sk_list.lock); 959 960 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst)) 961 err = -EADDRINUSE; 962 963 write_unlock(&iso_sk_list.lock); 964 965 return err; 966 } 967 968 static int iso_sock_listen(struct socket *sock, int backlog) 969 { 970 struct sock *sk = sock->sk; 971 int err = 0; 972 973 BT_DBG("sk %p backlog %d", sk, backlog); 974 975 lock_sock(sk); 976 977 if (sk->sk_state != BT_BOUND) { 978 err = -EBADFD; 979 goto done; 980 } 981 982 if (sk->sk_type != SOCK_SEQPACKET) { 983 err = -EINVAL; 984 goto done; 985 } 986 987 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 988 err = iso_listen_cis(sk); 989 else 990 err = iso_listen_bis(sk); 991 992 if (err) 993 goto done; 994 995 sk->sk_max_ack_backlog = backlog; 996 sk->sk_ack_backlog = 0; 997 998 sk->sk_state = BT_LISTEN; 999 1000 done: 1001 release_sock(sk); 1002 return err; 1003 } 1004 1005 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 1006 int flags, bool kern) 1007 { 1008 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1009 struct sock *sk = sock->sk, *ch; 1010 long timeo; 1011 int err = 0; 1012 1013 lock_sock(sk); 1014 1015 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 1016 1017 BT_DBG("sk %p timeo %ld", sk, timeo); 1018 1019 /* Wait for an incoming connection. (wake-one). */ 1020 add_wait_queue_exclusive(sk_sleep(sk), &wait); 1021 while (1) { 1022 if (sk->sk_state != BT_LISTEN) { 1023 err = -EBADFD; 1024 break; 1025 } 1026 1027 ch = bt_accept_dequeue(sk, newsock); 1028 if (ch) 1029 break; 1030 1031 if (!timeo) { 1032 err = -EAGAIN; 1033 break; 1034 } 1035 1036 if (signal_pending(current)) { 1037 err = sock_intr_errno(timeo); 1038 break; 1039 } 1040 1041 release_sock(sk); 1042 1043 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1044 lock_sock(sk); 1045 } 1046 remove_wait_queue(sk_sleep(sk), &wait); 1047 1048 if (err) 1049 goto done; 1050 1051 newsock->state = SS_CONNECTED; 1052 1053 BT_DBG("new socket %p", ch); 1054 1055 done: 1056 release_sock(sk); 1057 return err; 1058 } 1059 1060 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1061 int peer) 1062 { 1063 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1064 struct sock *sk = sock->sk; 1065 1066 BT_DBG("sock %p, sk %p", sock, sk); 1067 1068 addr->sa_family = AF_BLUETOOTH; 1069 1070 if (peer) { 1071 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1072 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1073 } else { 1074 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1075 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1076 } 1077 1078 return sizeof(struct sockaddr_iso); 1079 } 1080 1081 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1082 size_t len) 1083 { 1084 struct sock *sk = sock->sk; 1085 struct sk_buff *skb, **frag; 1086 size_t mtu; 1087 int err; 1088 1089 BT_DBG("sock %p, sk %p", sock, sk); 1090 1091 err = sock_error(sk); 1092 if (err) 1093 return err; 1094 1095 if (msg->msg_flags & MSG_OOB) 1096 return -EOPNOTSUPP; 1097 1098 lock_sock(sk); 1099 1100 if (sk->sk_state != BT_CONNECTED) { 1101 release_sock(sk); 1102 return -ENOTCONN; 1103 } 1104 1105 mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; 1106 1107 release_sock(sk); 1108 1109 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0); 1110 if (IS_ERR(skb)) 1111 return PTR_ERR(skb); 1112 1113 len -= skb->len; 1114 1115 BT_DBG("skb %p len %d", sk, skb->len); 1116 1117 /* Continuation fragments */ 1118 frag = &skb_shinfo(skb)->frag_list; 1119 while (len) { 1120 struct sk_buff *tmp; 1121 1122 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0); 1123 if (IS_ERR(tmp)) { 1124 kfree_skb(skb); 1125 return PTR_ERR(tmp); 1126 } 1127 1128 *frag = tmp; 1129 1130 len -= tmp->len; 1131 1132 skb->len += tmp->len; 1133 skb->data_len += tmp->len; 1134 1135 BT_DBG("frag %p len %d", *frag, tmp->len); 1136 1137 frag = &(*frag)->next; 1138 } 1139 1140 lock_sock(sk); 1141 1142 if (sk->sk_state == BT_CONNECTED) 1143 err = iso_send_frame(sk, skb); 1144 else 1145 err = -ENOTCONN; 1146 1147 release_sock(sk); 1148 1149 if (err < 0) 1150 kfree_skb(skb); 1151 return err; 1152 } 1153 1154 static void iso_conn_defer_accept(struct hci_conn *conn) 1155 { 1156 struct hci_cp_le_accept_cis cp; 1157 struct hci_dev *hdev = conn->hdev; 1158 1159 BT_DBG("conn %p", conn); 1160 1161 conn->state = BT_CONFIG; 1162 1163 cp.handle = cpu_to_le16(conn->handle); 1164 1165 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1166 } 1167 1168 static void iso_conn_big_sync(struct sock *sk) 1169 { 1170 int err; 1171 struct hci_dev *hdev; 1172 1173 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 1174 iso_pi(sk)->src_type); 1175 1176 if (!hdev) 1177 return; 1178 1179 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1180 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon, 1181 &iso_pi(sk)->qos, 1182 iso_pi(sk)->sync_handle, 1183 iso_pi(sk)->bc_num_bis, 1184 iso_pi(sk)->bc_bis); 1185 if (err) 1186 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1187 err); 1188 } 1189 } 1190 1191 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1192 size_t len, int flags) 1193 { 1194 struct sock *sk = sock->sk; 1195 struct iso_pinfo *pi = iso_pi(sk); 1196 1197 BT_DBG("sk %p", sk); 1198 1199 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1200 lock_sock(sk); 1201 switch (sk->sk_state) { 1202 case BT_CONNECT2: 1203 if (pi->conn->hcon && 1204 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1205 iso_conn_big_sync(sk); 1206 sk->sk_state = BT_LISTEN; 1207 } else { 1208 iso_conn_defer_accept(pi->conn->hcon); 1209 sk->sk_state = BT_CONFIG; 1210 } 1211 release_sock(sk); 1212 return 0; 1213 case BT_CONNECT: 1214 release_sock(sk); 1215 return iso_connect_cis(sk); 1216 default: 1217 release_sock(sk); 1218 break; 1219 } 1220 } 1221 1222 return bt_sock_recvmsg(sock, msg, len, flags); 1223 } 1224 1225 static bool check_io_qos(struct bt_iso_io_qos *qos) 1226 { 1227 /* If no PHY is enable SDU must be 0 */ 1228 if (!qos->phy && qos->sdu) 1229 return false; 1230 1231 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1232 return false; 1233 1234 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1235 return false; 1236 1237 if (qos->phy > BT_ISO_PHY_ANY) 1238 return false; 1239 1240 return true; 1241 } 1242 1243 static bool check_ucast_qos(struct bt_iso_qos *qos) 1244 { 1245 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET) 1246 return false; 1247 1248 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) 1249 return false; 1250 1251 if (qos->ucast.sca > 0x07) 1252 return false; 1253 1254 if (qos->ucast.packing > 0x01) 1255 return false; 1256 1257 if (qos->ucast.framing > 0x01) 1258 return false; 1259 1260 if (!check_io_qos(&qos->ucast.in)) 1261 return false; 1262 1263 if (!check_io_qos(&qos->ucast.out)) 1264 return false; 1265 1266 return true; 1267 } 1268 1269 static bool check_bcast_qos(struct bt_iso_qos *qos) 1270 { 1271 if (qos->bcast.sync_factor == 0x00) 1272 return false; 1273 1274 if (qos->bcast.packing > 0x01) 1275 return false; 1276 1277 if (qos->bcast.framing > 0x01) 1278 return false; 1279 1280 if (!check_io_qos(&qos->bcast.in)) 1281 return false; 1282 1283 if (!check_io_qos(&qos->bcast.out)) 1284 return false; 1285 1286 if (qos->bcast.encryption > 0x01) 1287 return false; 1288 1289 if (qos->bcast.options > 0x07) 1290 return false; 1291 1292 if (qos->bcast.skip > 0x01f3) 1293 return false; 1294 1295 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1296 return false; 1297 1298 if (qos->bcast.sync_cte_type > 0x1f) 1299 return false; 1300 1301 if (qos->bcast.mse > 0x1f) 1302 return false; 1303 1304 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1305 return false; 1306 1307 return true; 1308 } 1309 1310 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1311 sockptr_t optval, unsigned int optlen) 1312 { 1313 struct sock *sk = sock->sk; 1314 int len, err = 0; 1315 struct bt_iso_qos qos = default_qos; 1316 u32 opt; 1317 1318 BT_DBG("sk %p", sk); 1319 1320 lock_sock(sk); 1321 1322 switch (optname) { 1323 case BT_DEFER_SETUP: 1324 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1325 err = -EINVAL; 1326 break; 1327 } 1328 1329 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1330 err = -EFAULT; 1331 break; 1332 } 1333 1334 if (opt) 1335 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1336 else 1337 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1338 break; 1339 1340 case BT_PKT_STATUS: 1341 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1342 err = -EFAULT; 1343 break; 1344 } 1345 1346 if (opt) 1347 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1348 else 1349 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1350 break; 1351 1352 case BT_ISO_QOS: 1353 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1354 sk->sk_state != BT_CONNECT2) { 1355 err = -EINVAL; 1356 break; 1357 } 1358 1359 len = min_t(unsigned int, sizeof(qos), optlen); 1360 1361 if (copy_from_sockptr(&qos, optval, len)) { 1362 err = -EFAULT; 1363 break; 1364 } 1365 1366 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) { 1367 err = -EINVAL; 1368 break; 1369 } 1370 1371 iso_pi(sk)->qos = qos; 1372 iso_pi(sk)->qos_user_set = true; 1373 1374 break; 1375 1376 case BT_ISO_BASE: 1377 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1378 sk->sk_state != BT_CONNECT2) { 1379 err = -EINVAL; 1380 break; 1381 } 1382 1383 if (optlen > sizeof(iso_pi(sk)->base)) { 1384 err = -EOVERFLOW; 1385 break; 1386 } 1387 1388 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1389 1390 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1391 err = -EFAULT; 1392 break; 1393 } 1394 1395 iso_pi(sk)->base_len = len; 1396 1397 break; 1398 1399 default: 1400 err = -ENOPROTOOPT; 1401 break; 1402 } 1403 1404 release_sock(sk); 1405 return err; 1406 } 1407 1408 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1409 char __user *optval, int __user *optlen) 1410 { 1411 struct sock *sk = sock->sk; 1412 int len, err = 0; 1413 struct bt_iso_qos *qos; 1414 u8 base_len; 1415 u8 *base; 1416 1417 BT_DBG("sk %p", sk); 1418 1419 if (get_user(len, optlen)) 1420 return -EFAULT; 1421 1422 lock_sock(sk); 1423 1424 switch (optname) { 1425 case BT_DEFER_SETUP: 1426 if (sk->sk_state == BT_CONNECTED) { 1427 err = -EINVAL; 1428 break; 1429 } 1430 1431 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1432 (u32 __user *)optval)) 1433 err = -EFAULT; 1434 1435 break; 1436 1437 case BT_PKT_STATUS: 1438 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1439 (int __user *)optval)) 1440 err = -EFAULT; 1441 break; 1442 1443 case BT_ISO_QOS: 1444 qos = iso_sock_get_qos(sk); 1445 1446 len = min_t(unsigned int, len, sizeof(*qos)); 1447 if (copy_to_user(optval, qos, len)) 1448 err = -EFAULT; 1449 1450 break; 1451 1452 case BT_ISO_BASE: 1453 if (sk->sk_state == BT_CONNECTED && 1454 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) { 1455 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1456 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1457 } else { 1458 base_len = iso_pi(sk)->base_len; 1459 base = iso_pi(sk)->base; 1460 } 1461 1462 len = min_t(unsigned int, len, base_len); 1463 if (copy_to_user(optval, base, len)) 1464 err = -EFAULT; 1465 if (put_user(len, optlen)) 1466 err = -EFAULT; 1467 1468 break; 1469 1470 default: 1471 err = -ENOPROTOOPT; 1472 break; 1473 } 1474 1475 release_sock(sk); 1476 return err; 1477 } 1478 1479 static int iso_sock_shutdown(struct socket *sock, int how) 1480 { 1481 struct sock *sk = sock->sk; 1482 int err = 0; 1483 1484 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1485 1486 if (!sk) 1487 return 0; 1488 1489 sock_hold(sk); 1490 lock_sock(sk); 1491 1492 switch (how) { 1493 case SHUT_RD: 1494 if (sk->sk_shutdown & RCV_SHUTDOWN) 1495 goto unlock; 1496 sk->sk_shutdown |= RCV_SHUTDOWN; 1497 break; 1498 case SHUT_WR: 1499 if (sk->sk_shutdown & SEND_SHUTDOWN) 1500 goto unlock; 1501 sk->sk_shutdown |= SEND_SHUTDOWN; 1502 break; 1503 case SHUT_RDWR: 1504 if (sk->sk_shutdown & SHUTDOWN_MASK) 1505 goto unlock; 1506 sk->sk_shutdown |= SHUTDOWN_MASK; 1507 break; 1508 } 1509 1510 iso_sock_clear_timer(sk); 1511 __iso_sock_close(sk); 1512 1513 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1514 !(current->flags & PF_EXITING)) 1515 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1516 1517 unlock: 1518 release_sock(sk); 1519 sock_put(sk); 1520 1521 return err; 1522 } 1523 1524 static int iso_sock_release(struct socket *sock) 1525 { 1526 struct sock *sk = sock->sk; 1527 int err = 0; 1528 1529 BT_DBG("sock %p, sk %p", sock, sk); 1530 1531 if (!sk) 1532 return 0; 1533 1534 iso_sock_close(sk); 1535 1536 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1537 !(current->flags & PF_EXITING)) { 1538 lock_sock(sk); 1539 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1540 release_sock(sk); 1541 } 1542 1543 sock_orphan(sk); 1544 iso_sock_kill(sk); 1545 return err; 1546 } 1547 1548 static void iso_sock_ready(struct sock *sk) 1549 { 1550 BT_DBG("sk %p", sk); 1551 1552 if (!sk) 1553 return; 1554 1555 lock_sock(sk); 1556 iso_sock_clear_timer(sk); 1557 sk->sk_state = BT_CONNECTED; 1558 sk->sk_state_change(sk); 1559 release_sock(sk); 1560 } 1561 1562 struct iso_list_data { 1563 struct hci_conn *hcon; 1564 int count; 1565 }; 1566 1567 static bool iso_match_big(struct sock *sk, void *data) 1568 { 1569 struct hci_evt_le_big_sync_estabilished *ev = data; 1570 1571 return ev->handle == iso_pi(sk)->qos.bcast.big; 1572 } 1573 1574 static bool iso_match_pa_sync_flag(struct sock *sk, void *data) 1575 { 1576 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1577 } 1578 1579 static void iso_conn_ready(struct iso_conn *conn) 1580 { 1581 struct sock *parent = NULL; 1582 struct sock *sk = conn->sk; 1583 struct hci_ev_le_big_sync_estabilished *ev = NULL; 1584 struct hci_ev_le_pa_sync_established *ev2 = NULL; 1585 struct hci_evt_le_big_info_adv_report *ev3 = NULL; 1586 struct hci_conn *hcon; 1587 1588 BT_DBG("conn %p", conn); 1589 1590 if (sk) { 1591 iso_sock_ready(conn->sk); 1592 } else { 1593 hcon = conn->hcon; 1594 if (!hcon) 1595 return; 1596 1597 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) || 1598 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) { 1599 ev = hci_recv_event_data(hcon->hdev, 1600 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1601 1602 /* Get reference to PA sync parent socket, if it exists */ 1603 parent = iso_get_sock_listen(&hcon->src, 1604 &hcon->dst, 1605 iso_match_pa_sync_flag, NULL); 1606 if (!parent && ev) 1607 parent = iso_get_sock_listen(&hcon->src, 1608 &hcon->dst, 1609 iso_match_big, ev); 1610 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1611 ev2 = hci_recv_event_data(hcon->hdev, 1612 HCI_EV_LE_PA_SYNC_ESTABLISHED); 1613 if (ev2) 1614 parent = iso_get_sock_listen(&hcon->src, 1615 &hcon->dst, 1616 iso_match_sid, ev2); 1617 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) { 1618 ev3 = hci_recv_event_data(hcon->hdev, 1619 HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1620 if (ev3) 1621 parent = iso_get_sock_listen(&hcon->src, 1622 &hcon->dst, 1623 iso_match_sync_handle, ev3); 1624 } 1625 1626 if (!parent) 1627 parent = iso_get_sock_listen(&hcon->src, 1628 BDADDR_ANY, NULL, NULL); 1629 1630 if (!parent) 1631 return; 1632 1633 lock_sock(parent); 1634 1635 sk = iso_sock_alloc(sock_net(parent), NULL, 1636 BTPROTO_ISO, GFP_ATOMIC, 0); 1637 if (!sk) { 1638 release_sock(parent); 1639 return; 1640 } 1641 1642 iso_sock_init(sk, parent); 1643 1644 bacpy(&iso_pi(sk)->src, &hcon->src); 1645 1646 /* Convert from HCI to three-value type */ 1647 if (hcon->src_type == ADDR_LE_DEV_PUBLIC) 1648 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 1649 else 1650 iso_pi(sk)->src_type = BDADDR_LE_RANDOM; 1651 1652 /* If hcon has no destination address (BDADDR_ANY) it means it 1653 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or 1654 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using 1655 * the parent socket destination address. 1656 */ 1657 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1658 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1659 hcon->dst_type = iso_pi(parent)->dst_type; 1660 hcon->sync_handle = iso_pi(parent)->sync_handle; 1661 } 1662 1663 if (ev3) { 1664 iso_pi(sk)->qos = iso_pi(parent)->qos; 1665 iso_pi(sk)->qos.bcast.encryption = ev3->encryption; 1666 hcon->iso_qos = iso_pi(sk)->qos; 1667 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis; 1668 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS); 1669 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1670 } 1671 1672 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1673 iso_pi(sk)->dst_type = hcon->dst_type; 1674 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle; 1675 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len); 1676 iso_pi(sk)->base_len = iso_pi(parent)->base_len; 1677 1678 hci_conn_hold(hcon); 1679 iso_chan_add(conn, sk, parent); 1680 1681 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) || 1682 (ev2 && ev2->status)) { 1683 /* Trigger error signal on child socket */ 1684 sk->sk_err = ECONNREFUSED; 1685 sk->sk_error_report(sk); 1686 } 1687 1688 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1689 sk->sk_state = BT_CONNECT2; 1690 else 1691 sk->sk_state = BT_CONNECTED; 1692 1693 /* Wake up parent */ 1694 parent->sk_data_ready(parent); 1695 1696 release_sock(parent); 1697 } 1698 } 1699 1700 static bool iso_match_sid(struct sock *sk, void *data) 1701 { 1702 struct hci_ev_le_pa_sync_established *ev = data; 1703 1704 return ev->sid == iso_pi(sk)->bc_sid; 1705 } 1706 1707 static bool iso_match_sync_handle(struct sock *sk, void *data) 1708 { 1709 struct hci_evt_le_big_info_adv_report *ev = data; 1710 1711 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1712 } 1713 1714 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data) 1715 { 1716 struct hci_ev_le_per_adv_report *ev = data; 1717 1718 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1719 } 1720 1721 /* ----- ISO interface with lower layer (HCI) ----- */ 1722 1723 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1724 { 1725 struct hci_ev_le_pa_sync_established *ev1; 1726 struct hci_evt_le_big_info_adv_report *ev2; 1727 struct hci_ev_le_per_adv_report *ev3; 1728 struct sock *sk; 1729 int lm = 0; 1730 1731 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1732 1733 /* Broadcast receiver requires handling of some events before it can 1734 * proceed to establishing a BIG sync: 1735 * 1736 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1737 * SID to listen to and once sync is estabilished its handle needs to 1738 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1739 * receiving the BIG Info. 1740 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1741 * a BIG Info it attempts to check if there any listening socket with 1742 * the same sync_handle and if it does then attempt to create a sync. 1743 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored 1744 * in iso_pi(sk)->base so it can be passed up to user, in the case of a 1745 * broadcast sink. 1746 */ 1747 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1748 if (ev1) { 1749 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1750 ev1); 1751 if (sk && !ev1->status) 1752 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1753 1754 goto done; 1755 } 1756 1757 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1758 if (ev2) { 1759 /* Try to get PA sync listening socket, if it exists */ 1760 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1761 iso_match_pa_sync_flag, NULL); 1762 if (!sk) 1763 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1764 iso_match_sync_handle, ev2); 1765 if (sk) { 1766 int err; 1767 1768 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1769 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1770 1771 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 1772 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1773 err = hci_le_big_create_sync(hdev, NULL, 1774 &iso_pi(sk)->qos, 1775 iso_pi(sk)->sync_handle, 1776 iso_pi(sk)->bc_num_bis, 1777 iso_pi(sk)->bc_bis); 1778 if (err) { 1779 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1780 err); 1781 sk = NULL; 1782 } 1783 } 1784 } 1785 } 1786 1787 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT); 1788 if (ev3) { 1789 size_t base_len = ev3->length; 1790 u8 *base; 1791 1792 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1793 iso_match_sync_handle_pa_report, ev3); 1794 base = eir_get_service_data(ev3->data, ev3->length, 1795 EIR_BAA_SERVICE_UUID, &base_len); 1796 if (base && sk && base_len <= sizeof(iso_pi(sk)->base)) { 1797 memcpy(iso_pi(sk)->base, base, base_len); 1798 iso_pi(sk)->base_len = base_len; 1799 } 1800 } else { 1801 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1802 } 1803 1804 done: 1805 if (!sk) 1806 return lm; 1807 1808 lm |= HCI_LM_ACCEPT; 1809 1810 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1811 *flags |= HCI_PROTO_DEFER; 1812 1813 return lm; 1814 } 1815 1816 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1817 { 1818 if (hcon->type != ISO_LINK) { 1819 if (hcon->type != LE_LINK) 1820 return; 1821 1822 /* Check if LE link has failed */ 1823 if (status) { 1824 struct hci_link *link, *t; 1825 1826 list_for_each_entry_safe(link, t, &hcon->link_list, 1827 list) 1828 iso_conn_del(link->conn, bt_to_errno(status)); 1829 1830 return; 1831 } 1832 1833 /* Create CIS if pending */ 1834 hci_le_create_cis_pending(hcon->hdev); 1835 return; 1836 } 1837 1838 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1839 1840 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or 1841 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection 1842 * into the accept queue of the listening socket and wake up 1843 * userspace, to inform the user about the event. 1844 */ 1845 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) || 1846 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1847 struct iso_conn *conn; 1848 1849 conn = iso_conn_add(hcon); 1850 if (conn) 1851 iso_conn_ready(conn); 1852 } else { 1853 iso_conn_del(hcon, bt_to_errno(status)); 1854 } 1855 } 1856 1857 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1858 { 1859 if (hcon->type != ISO_LINK) 1860 return; 1861 1862 BT_DBG("hcon %p reason %d", hcon, reason); 1863 1864 iso_conn_del(hcon, bt_to_errno(reason)); 1865 } 1866 1867 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1868 { 1869 struct iso_conn *conn = hcon->iso_data; 1870 __u16 pb, ts, len; 1871 1872 if (!conn) 1873 goto drop; 1874 1875 pb = hci_iso_flags_pb(flags); 1876 ts = hci_iso_flags_ts(flags); 1877 1878 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1879 1880 switch (pb) { 1881 case ISO_START: 1882 case ISO_SINGLE: 1883 if (conn->rx_len) { 1884 BT_ERR("Unexpected start frame (len %d)", skb->len); 1885 kfree_skb(conn->rx_skb); 1886 conn->rx_skb = NULL; 1887 conn->rx_len = 0; 1888 } 1889 1890 if (ts) { 1891 struct hci_iso_ts_data_hdr *hdr; 1892 1893 /* TODO: add timestamp to the packet? */ 1894 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1895 if (!hdr) { 1896 BT_ERR("Frame is too short (len %d)", skb->len); 1897 goto drop; 1898 } 1899 1900 len = __le16_to_cpu(hdr->slen); 1901 } else { 1902 struct hci_iso_data_hdr *hdr; 1903 1904 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1905 if (!hdr) { 1906 BT_ERR("Frame is too short (len %d)", skb->len); 1907 goto drop; 1908 } 1909 1910 len = __le16_to_cpu(hdr->slen); 1911 } 1912 1913 flags = hci_iso_data_flags(len); 1914 len = hci_iso_data_len(len); 1915 1916 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1917 skb->len, flags); 1918 1919 if (len == skb->len) { 1920 /* Complete frame received */ 1921 hci_skb_pkt_status(skb) = flags & 0x03; 1922 iso_recv_frame(conn, skb); 1923 return; 1924 } 1925 1926 if (pb == ISO_SINGLE) { 1927 BT_ERR("Frame malformed (len %d, expected len %d)", 1928 skb->len, len); 1929 goto drop; 1930 } 1931 1932 if (skb->len > len) { 1933 BT_ERR("Frame is too long (len %d, expected len %d)", 1934 skb->len, len); 1935 goto drop; 1936 } 1937 1938 /* Allocate skb for the complete frame (with header) */ 1939 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1940 if (!conn->rx_skb) 1941 goto drop; 1942 1943 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03; 1944 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1945 skb->len); 1946 conn->rx_len = len - skb->len; 1947 break; 1948 1949 case ISO_CONT: 1950 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1951 conn->rx_len); 1952 1953 if (!conn->rx_len) { 1954 BT_ERR("Unexpected continuation frame (len %d)", 1955 skb->len); 1956 goto drop; 1957 } 1958 1959 if (skb->len > conn->rx_len) { 1960 BT_ERR("Fragment is too long (len %d, expected %d)", 1961 skb->len, conn->rx_len); 1962 kfree_skb(conn->rx_skb); 1963 conn->rx_skb = NULL; 1964 conn->rx_len = 0; 1965 goto drop; 1966 } 1967 1968 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1969 skb->len); 1970 conn->rx_len -= skb->len; 1971 return; 1972 1973 case ISO_END: 1974 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1975 skb->len); 1976 conn->rx_len -= skb->len; 1977 1978 if (!conn->rx_len) { 1979 struct sk_buff *rx_skb = conn->rx_skb; 1980 1981 /* Complete frame received. iso_recv_frame 1982 * takes ownership of the skb so set the global 1983 * rx_skb pointer to NULL first. 1984 */ 1985 conn->rx_skb = NULL; 1986 iso_recv_frame(conn, rx_skb); 1987 } 1988 break; 1989 } 1990 1991 drop: 1992 kfree_skb(skb); 1993 } 1994 1995 static struct hci_cb iso_cb = { 1996 .name = "ISO", 1997 .connect_cfm = iso_connect_cfm, 1998 .disconn_cfm = iso_disconn_cfm, 1999 }; 2000 2001 static int iso_debugfs_show(struct seq_file *f, void *p) 2002 { 2003 struct sock *sk; 2004 2005 read_lock(&iso_sk_list.lock); 2006 2007 sk_for_each(sk, &iso_sk_list.head) { 2008 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 2009 &iso_pi(sk)->dst, sk->sk_state); 2010 } 2011 2012 read_unlock(&iso_sk_list.lock); 2013 2014 return 0; 2015 } 2016 2017 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 2018 2019 static struct dentry *iso_debugfs; 2020 2021 static const struct proto_ops iso_sock_ops = { 2022 .family = PF_BLUETOOTH, 2023 .owner = THIS_MODULE, 2024 .release = iso_sock_release, 2025 .bind = iso_sock_bind, 2026 .connect = iso_sock_connect, 2027 .listen = iso_sock_listen, 2028 .accept = iso_sock_accept, 2029 .getname = iso_sock_getname, 2030 .sendmsg = iso_sock_sendmsg, 2031 .recvmsg = iso_sock_recvmsg, 2032 .poll = bt_sock_poll, 2033 .ioctl = bt_sock_ioctl, 2034 .mmap = sock_no_mmap, 2035 .socketpair = sock_no_socketpair, 2036 .shutdown = iso_sock_shutdown, 2037 .setsockopt = iso_sock_setsockopt, 2038 .getsockopt = iso_sock_getsockopt 2039 }; 2040 2041 static const struct net_proto_family iso_sock_family_ops = { 2042 .family = PF_BLUETOOTH, 2043 .owner = THIS_MODULE, 2044 .create = iso_sock_create, 2045 }; 2046 2047 static bool iso_inited; 2048 2049 bool iso_enabled(void) 2050 { 2051 return iso_inited; 2052 } 2053 2054 int iso_init(void) 2055 { 2056 int err; 2057 2058 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 2059 2060 if (iso_inited) 2061 return -EALREADY; 2062 2063 err = proto_register(&iso_proto, 0); 2064 if (err < 0) 2065 return err; 2066 2067 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 2068 if (err < 0) { 2069 BT_ERR("ISO socket registration failed"); 2070 goto error; 2071 } 2072 2073 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 2074 if (err < 0) { 2075 BT_ERR("Failed to create ISO proc file"); 2076 bt_sock_unregister(BTPROTO_ISO); 2077 goto error; 2078 } 2079 2080 BT_INFO("ISO socket layer initialized"); 2081 2082 hci_register_cb(&iso_cb); 2083 2084 if (IS_ERR_OR_NULL(bt_debugfs)) 2085 return 0; 2086 2087 if (!iso_debugfs) { 2088 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 2089 NULL, &iso_debugfs_fops); 2090 } 2091 2092 iso_inited = true; 2093 2094 return 0; 2095 2096 error: 2097 proto_unregister(&iso_proto); 2098 return err; 2099 } 2100 2101 int iso_exit(void) 2102 { 2103 if (!iso_inited) 2104 return -EALREADY; 2105 2106 bt_procfs_cleanup(&init_net, "iso"); 2107 2108 debugfs_remove(iso_debugfs); 2109 iso_debugfs = NULL; 2110 2111 hci_unregister_cb(&iso_cb); 2112 2113 bt_sock_unregister(BTPROTO_ISO); 2114 2115 proto_unregister(&iso_proto); 2116 2117 iso_inited = false; 2118 2119 return 0; 2120 } 2121