1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 #define EIR_SERVICE_DATA_LENGTH 4 48 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 49 50 struct iso_pinfo { 51 struct bt_sock bt; 52 bdaddr_t src; 53 __u8 src_type; 54 bdaddr_t dst; 55 __u8 dst_type; 56 __u8 bc_sid; 57 __u8 bc_num_bis; 58 __u8 bc_bis[ISO_MAX_NUM_BIS]; 59 __u16 sync_handle; 60 __u32 flags; 61 struct bt_iso_qos qos; 62 __u8 base_len; 63 __u8 base[BASE_MAX_LENGTH]; 64 struct iso_conn *conn; 65 }; 66 67 /* ---- ISO timers ---- */ 68 #define ISO_CONN_TIMEOUT (HZ * 40) 69 #define ISO_DISCONN_TIMEOUT (HZ * 2) 70 71 static void iso_sock_timeout(struct work_struct *work) 72 { 73 struct iso_conn *conn = container_of(work, struct iso_conn, 74 timeout_work.work); 75 struct sock *sk; 76 77 iso_conn_lock(conn); 78 sk = conn->sk; 79 if (sk) 80 sock_hold(sk); 81 iso_conn_unlock(conn); 82 83 if (!sk) 84 return; 85 86 BT_DBG("sock %p state %d", sk, sk->sk_state); 87 88 lock_sock(sk); 89 sk->sk_err = ETIMEDOUT; 90 sk->sk_state_change(sk); 91 release_sock(sk); 92 sock_put(sk); 93 } 94 95 static void iso_sock_set_timer(struct sock *sk, long timeout) 96 { 97 if (!iso_pi(sk)->conn) 98 return; 99 100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 103 } 104 105 static void iso_sock_clear_timer(struct sock *sk) 106 { 107 if (!iso_pi(sk)->conn) 108 return; 109 110 BT_DBG("sock %p state %d", sk, sk->sk_state); 111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 112 } 113 114 /* ---- ISO connections ---- */ 115 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 116 { 117 struct iso_conn *conn = hcon->iso_data; 118 119 if (conn) 120 return conn; 121 122 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 123 if (!conn) 124 return NULL; 125 126 spin_lock_init(&conn->lock); 127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 128 129 hcon->iso_data = conn; 130 conn->hcon = hcon; 131 conn->tx_sn = 0; 132 133 BT_DBG("hcon %p conn %p", hcon, conn); 134 135 return conn; 136 } 137 138 /* Delete channel. Must be called on the locked socket. */ 139 static void iso_chan_del(struct sock *sk, int err) 140 { 141 struct iso_conn *conn; 142 struct sock *parent; 143 144 conn = iso_pi(sk)->conn; 145 146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 147 148 if (conn) { 149 iso_conn_lock(conn); 150 conn->sk = NULL; 151 iso_pi(sk)->conn = NULL; 152 iso_conn_unlock(conn); 153 154 if (conn->hcon) 155 hci_conn_drop(conn->hcon); 156 } 157 158 sk->sk_state = BT_CLOSED; 159 sk->sk_err = err; 160 161 parent = bt_sk(sk)->parent; 162 if (parent) { 163 bt_accept_unlink(sk); 164 parent->sk_data_ready(parent); 165 } else { 166 sk->sk_state_change(sk); 167 } 168 169 sock_set_flag(sk, SOCK_ZAPPED); 170 } 171 172 static void iso_conn_del(struct hci_conn *hcon, int err) 173 { 174 struct iso_conn *conn = hcon->iso_data; 175 struct sock *sk; 176 177 if (!conn) 178 return; 179 180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 181 182 /* Kill socket */ 183 iso_conn_lock(conn); 184 sk = conn->sk; 185 if (sk) 186 sock_hold(sk); 187 iso_conn_unlock(conn); 188 189 if (sk) { 190 lock_sock(sk); 191 iso_sock_clear_timer(sk); 192 iso_chan_del(sk, err); 193 release_sock(sk); 194 sock_put(sk); 195 } 196 197 /* Ensure no more work items will run before freeing conn. */ 198 cancel_delayed_work_sync(&conn->timeout_work); 199 200 hcon->iso_data = NULL; 201 kfree(conn); 202 } 203 204 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 205 struct sock *parent) 206 { 207 BT_DBG("conn %p", conn); 208 209 if (iso_pi(sk)->conn == conn && conn->sk == sk) 210 return 0; 211 212 if (conn->sk) { 213 BT_ERR("conn->sk already set"); 214 return -EBUSY; 215 } 216 217 iso_pi(sk)->conn = conn; 218 conn->sk = sk; 219 220 if (parent) 221 bt_accept_enqueue(parent, sk, true); 222 223 return 0; 224 } 225 226 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 227 struct sock *parent) 228 { 229 int err; 230 231 iso_conn_lock(conn); 232 err = __iso_chan_add(conn, sk, parent); 233 iso_conn_unlock(conn); 234 235 return err; 236 } 237 238 static inline u8 le_addr_type(u8 bdaddr_type) 239 { 240 if (bdaddr_type == BDADDR_LE_PUBLIC) 241 return ADDR_LE_DEV_PUBLIC; 242 else 243 return ADDR_LE_DEV_RANDOM; 244 } 245 246 static int iso_connect_bis(struct sock *sk) 247 { 248 struct iso_conn *conn; 249 struct hci_conn *hcon; 250 struct hci_dev *hdev; 251 int err; 252 253 BT_DBG("%pMR", &iso_pi(sk)->src); 254 255 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 256 iso_pi(sk)->src_type); 257 if (!hdev) 258 return -EHOSTUNREACH; 259 260 hci_dev_lock(hdev); 261 262 if (!bis_capable(hdev)) { 263 err = -EOPNOTSUPP; 264 goto done; 265 } 266 267 /* Fail if out PHYs are marked as disabled */ 268 if (!iso_pi(sk)->qos.out.phy) { 269 err = -EINVAL; 270 goto done; 271 } 272 273 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 274 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 275 iso_pi(sk)->base); 276 if (IS_ERR(hcon)) { 277 err = PTR_ERR(hcon); 278 goto done; 279 } 280 281 conn = iso_conn_add(hcon); 282 if (!conn) { 283 hci_conn_drop(hcon); 284 err = -ENOMEM; 285 goto done; 286 } 287 288 /* Update source addr of the socket */ 289 bacpy(&iso_pi(sk)->src, &hcon->src); 290 291 err = iso_chan_add(conn, sk, NULL); 292 if (err) 293 goto done; 294 295 if (hcon->state == BT_CONNECTED) { 296 iso_sock_clear_timer(sk); 297 sk->sk_state = BT_CONNECTED; 298 } else { 299 sk->sk_state = BT_CONNECT; 300 iso_sock_set_timer(sk, sk->sk_sndtimeo); 301 } 302 303 done: 304 hci_dev_unlock(hdev); 305 hci_dev_put(hdev); 306 return err; 307 } 308 309 static int iso_connect_cis(struct sock *sk) 310 { 311 struct iso_conn *conn; 312 struct hci_conn *hcon; 313 struct hci_dev *hdev; 314 int err; 315 316 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 317 318 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 319 iso_pi(sk)->src_type); 320 if (!hdev) 321 return -EHOSTUNREACH; 322 323 hci_dev_lock(hdev); 324 325 if (!cis_central_capable(hdev)) { 326 err = -EOPNOTSUPP; 327 goto done; 328 } 329 330 /* Fail if either PHYs are marked as disabled */ 331 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 332 err = -EINVAL; 333 goto done; 334 } 335 336 /* Just bind if DEFER_SETUP has been set */ 337 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 338 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 339 le_addr_type(iso_pi(sk)->dst_type), 340 &iso_pi(sk)->qos); 341 if (IS_ERR(hcon)) { 342 err = PTR_ERR(hcon); 343 goto done; 344 } 345 } else { 346 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 347 le_addr_type(iso_pi(sk)->dst_type), 348 &iso_pi(sk)->qos); 349 if (IS_ERR(hcon)) { 350 err = PTR_ERR(hcon); 351 goto done; 352 } 353 } 354 355 conn = iso_conn_add(hcon); 356 if (!conn) { 357 hci_conn_drop(hcon); 358 err = -ENOMEM; 359 goto done; 360 } 361 362 /* Update source addr of the socket */ 363 bacpy(&iso_pi(sk)->src, &hcon->src); 364 365 err = iso_chan_add(conn, sk, NULL); 366 if (err) 367 goto done; 368 369 if (hcon->state == BT_CONNECTED) { 370 iso_sock_clear_timer(sk); 371 sk->sk_state = BT_CONNECTED; 372 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 373 iso_sock_clear_timer(sk); 374 sk->sk_state = BT_CONNECT; 375 } else { 376 sk->sk_state = BT_CONNECT; 377 iso_sock_set_timer(sk, sk->sk_sndtimeo); 378 } 379 380 done: 381 hci_dev_unlock(hdev); 382 hci_dev_put(hdev); 383 return err; 384 } 385 386 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 387 { 388 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 389 return &iso_pi(sk)->conn->hcon->iso_qos; 390 391 return &iso_pi(sk)->qos; 392 } 393 394 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 395 { 396 struct iso_conn *conn = iso_pi(sk)->conn; 397 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 398 struct hci_iso_data_hdr *hdr; 399 int len = 0; 400 401 BT_DBG("sk %p len %d", sk, skb->len); 402 403 if (skb->len > qos->out.sdu) 404 return -EMSGSIZE; 405 406 len = skb->len; 407 408 /* Push ISO data header */ 409 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 410 hdr->sn = cpu_to_le16(conn->tx_sn++); 411 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 412 HCI_ISO_STATUS_VALID)); 413 414 if (sk->sk_state == BT_CONNECTED) 415 hci_send_iso(conn->hcon, skb); 416 else 417 len = -ENOTCONN; 418 419 return len; 420 } 421 422 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 423 { 424 struct sock *sk; 425 426 iso_conn_lock(conn); 427 sk = conn->sk; 428 iso_conn_unlock(conn); 429 430 if (!sk) 431 goto drop; 432 433 BT_DBG("sk %p len %d", sk, skb->len); 434 435 if (sk->sk_state != BT_CONNECTED) 436 goto drop; 437 438 if (!sock_queue_rcv_skb(sk, skb)) 439 return; 440 441 drop: 442 kfree_skb(skb); 443 } 444 445 /* -------- Socket interface ---------- */ 446 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 447 { 448 struct sock *sk; 449 450 sk_for_each(sk, &iso_sk_list.head) { 451 if (sk->sk_state != BT_LISTEN) 452 continue; 453 454 if (!bacmp(&iso_pi(sk)->src, ba)) 455 return sk; 456 } 457 458 return NULL; 459 } 460 461 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 462 __u8 sid) 463 { 464 struct sock *sk; 465 466 sk_for_each(sk, &iso_sk_list.head) { 467 if (sk->sk_state != BT_LISTEN) 468 continue; 469 470 if (bacmp(&iso_pi(sk)->src, ba)) 471 continue; 472 473 if (bacmp(&iso_pi(sk)->dst, bc)) 474 continue; 475 476 if (iso_pi(sk)->bc_sid == sid) 477 return sk; 478 } 479 480 return NULL; 481 } 482 483 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 484 485 /* Find socket listening: 486 * source bdaddr (Unicast) 487 * destination bdaddr (Broadcast only) 488 * match func - pass NULL to ignore 489 * match func data - pass -1 to ignore 490 * Returns closest match. 491 */ 492 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 493 iso_sock_match_t match, void *data) 494 { 495 struct sock *sk = NULL, *sk1 = NULL; 496 497 read_lock(&iso_sk_list.lock); 498 499 sk_for_each(sk, &iso_sk_list.head) { 500 if (sk->sk_state != BT_LISTEN) 501 continue; 502 503 /* Match Broadcast destination */ 504 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 505 continue; 506 507 /* Use Match function if provided */ 508 if (match && !match(sk, data)) 509 continue; 510 511 /* Exact match. */ 512 if (!bacmp(&iso_pi(sk)->src, src)) 513 break; 514 515 /* Closest match */ 516 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 517 sk1 = sk; 518 } 519 520 read_unlock(&iso_sk_list.lock); 521 522 return sk ? sk : sk1; 523 } 524 525 static void iso_sock_destruct(struct sock *sk) 526 { 527 BT_DBG("sk %p", sk); 528 529 skb_queue_purge(&sk->sk_receive_queue); 530 skb_queue_purge(&sk->sk_write_queue); 531 } 532 533 static void iso_sock_cleanup_listen(struct sock *parent) 534 { 535 struct sock *sk; 536 537 BT_DBG("parent %p", parent); 538 539 /* Close not yet accepted channels */ 540 while ((sk = bt_accept_dequeue(parent, NULL))) { 541 iso_sock_close(sk); 542 iso_sock_kill(sk); 543 } 544 545 parent->sk_state = BT_CLOSED; 546 sock_set_flag(parent, SOCK_ZAPPED); 547 } 548 549 /* Kill socket (only if zapped and orphan) 550 * Must be called on unlocked socket. 551 */ 552 static void iso_sock_kill(struct sock *sk) 553 { 554 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 555 sock_flag(sk, SOCK_DEAD)) 556 return; 557 558 BT_DBG("sk %p state %d", sk, sk->sk_state); 559 560 /* Kill poor orphan */ 561 bt_sock_unlink(&iso_sk_list, sk); 562 sock_set_flag(sk, SOCK_DEAD); 563 sock_put(sk); 564 } 565 566 static void iso_conn_defer_reject(struct hci_conn *conn) 567 { 568 struct hci_cp_le_reject_cis cp; 569 570 BT_DBG("conn %p", conn); 571 572 memset(&cp, 0, sizeof(cp)); 573 cp.handle = cpu_to_le16(conn->handle); 574 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 575 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 576 } 577 578 static void __iso_sock_close(struct sock *sk) 579 { 580 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 581 582 switch (sk->sk_state) { 583 case BT_LISTEN: 584 iso_sock_cleanup_listen(sk); 585 break; 586 587 case BT_CONNECTED: 588 case BT_CONFIG: 589 if (iso_pi(sk)->conn->hcon) { 590 sk->sk_state = BT_DISCONN; 591 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 592 iso_conn_lock(iso_pi(sk)->conn); 593 hci_conn_drop(iso_pi(sk)->conn->hcon); 594 iso_pi(sk)->conn->hcon = NULL; 595 iso_conn_unlock(iso_pi(sk)->conn); 596 } else { 597 iso_chan_del(sk, ECONNRESET); 598 } 599 break; 600 601 case BT_CONNECT2: 602 if (iso_pi(sk)->conn->hcon) 603 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 604 iso_chan_del(sk, ECONNRESET); 605 break; 606 case BT_CONNECT: 607 /* In case of DEFER_SETUP the hcon would be bound to CIG which 608 * needs to be removed so just call hci_conn_del so the cleanup 609 * callback do what is needed. 610 */ 611 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 612 iso_pi(sk)->conn->hcon) { 613 hci_conn_del(iso_pi(sk)->conn->hcon); 614 iso_pi(sk)->conn->hcon = NULL; 615 } 616 617 iso_chan_del(sk, ECONNRESET); 618 break; 619 case BT_DISCONN: 620 iso_chan_del(sk, ECONNRESET); 621 break; 622 623 default: 624 sock_set_flag(sk, SOCK_ZAPPED); 625 break; 626 } 627 } 628 629 /* Must be called on unlocked socket. */ 630 static void iso_sock_close(struct sock *sk) 631 { 632 iso_sock_clear_timer(sk); 633 lock_sock(sk); 634 __iso_sock_close(sk); 635 release_sock(sk); 636 iso_sock_kill(sk); 637 } 638 639 static void iso_sock_init(struct sock *sk, struct sock *parent) 640 { 641 BT_DBG("sk %p", sk); 642 643 if (parent) { 644 sk->sk_type = parent->sk_type; 645 bt_sk(sk)->flags = bt_sk(parent)->flags; 646 security_sk_clone(parent, sk); 647 } 648 } 649 650 static struct proto iso_proto = { 651 .name = "ISO", 652 .owner = THIS_MODULE, 653 .obj_size = sizeof(struct iso_pinfo) 654 }; 655 656 #define DEFAULT_IO_QOS \ 657 { \ 658 .interval = 10000u, \ 659 .latency = 10u, \ 660 .sdu = 40u, \ 661 .phy = BT_ISO_PHY_2M, \ 662 .rtn = 2u, \ 663 } 664 665 static struct bt_iso_qos default_qos = { 666 .cig = BT_ISO_QOS_CIG_UNSET, 667 .cis = BT_ISO_QOS_CIS_UNSET, 668 .sca = 0x00, 669 .packing = 0x00, 670 .framing = 0x00, 671 .in = DEFAULT_IO_QOS, 672 .out = DEFAULT_IO_QOS, 673 }; 674 675 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 676 int proto, gfp_t prio, int kern) 677 { 678 struct sock *sk; 679 680 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 681 if (!sk) 682 return NULL; 683 684 sock_init_data(sock, sk); 685 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 686 687 sk->sk_destruct = iso_sock_destruct; 688 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 689 690 sock_reset_flag(sk, SOCK_ZAPPED); 691 692 sk->sk_protocol = proto; 693 sk->sk_state = BT_OPEN; 694 695 /* Set address type as public as default src address is BDADDR_ANY */ 696 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 697 698 iso_pi(sk)->qos = default_qos; 699 700 bt_sock_link(&iso_sk_list, sk); 701 return sk; 702 } 703 704 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 705 int kern) 706 { 707 struct sock *sk; 708 709 BT_DBG("sock %p", sock); 710 711 sock->state = SS_UNCONNECTED; 712 713 if (sock->type != SOCK_SEQPACKET) 714 return -ESOCKTNOSUPPORT; 715 716 sock->ops = &iso_sock_ops; 717 718 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 719 if (!sk) 720 return -ENOMEM; 721 722 iso_sock_init(sk, NULL); 723 return 0; 724 } 725 726 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 727 int addr_len) 728 { 729 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 730 struct sock *sk = sock->sk; 731 int i; 732 733 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 734 sa->iso_bc->bc_num_bis); 735 736 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 737 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 738 return -EINVAL; 739 740 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 741 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 742 iso_pi(sk)->sync_handle = -1; 743 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 744 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 745 746 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 747 if (sa->iso_bc->bc_bis[i] < 0x01 || 748 sa->iso_bc->bc_bis[i] > 0x1f) 749 return -EINVAL; 750 751 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 752 iso_pi(sk)->bc_num_bis); 753 } 754 755 return 0; 756 } 757 758 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 759 int addr_len) 760 { 761 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 762 struct sock *sk = sock->sk; 763 int err = 0; 764 765 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 766 767 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 768 addr->sa_family != AF_BLUETOOTH) 769 return -EINVAL; 770 771 lock_sock(sk); 772 773 if (sk->sk_state != BT_OPEN) { 774 err = -EBADFD; 775 goto done; 776 } 777 778 if (sk->sk_type != SOCK_SEQPACKET) { 779 err = -EINVAL; 780 goto done; 781 } 782 783 /* Check if the address type is of LE type */ 784 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 785 err = -EINVAL; 786 goto done; 787 } 788 789 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 790 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 791 792 /* Check for Broadcast address */ 793 if (addr_len > sizeof(*sa)) { 794 err = iso_sock_bind_bc(sock, addr, addr_len); 795 if (err) 796 goto done; 797 } 798 799 sk->sk_state = BT_BOUND; 800 801 done: 802 release_sock(sk); 803 return err; 804 } 805 806 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 807 int alen, int flags) 808 { 809 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 810 struct sock *sk = sock->sk; 811 int err; 812 813 BT_DBG("sk %p", sk); 814 815 if (alen < sizeof(struct sockaddr_iso) || 816 addr->sa_family != AF_BLUETOOTH) 817 return -EINVAL; 818 819 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 820 return -EBADFD; 821 822 if (sk->sk_type != SOCK_SEQPACKET) 823 return -EINVAL; 824 825 /* Check if the address type is of LE type */ 826 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 827 return -EINVAL; 828 829 lock_sock(sk); 830 831 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 832 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 833 834 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 835 err = iso_connect_cis(sk); 836 else 837 err = iso_connect_bis(sk); 838 839 if (err) 840 goto done; 841 842 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 843 err = bt_sock_wait_state(sk, BT_CONNECTED, 844 sock_sndtimeo(sk, flags & O_NONBLOCK)); 845 } 846 847 done: 848 release_sock(sk); 849 return err; 850 } 851 852 static int iso_listen_bis(struct sock *sk) 853 { 854 struct hci_dev *hdev; 855 int err = 0; 856 857 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 858 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 859 860 write_lock(&iso_sk_list.lock); 861 862 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 863 iso_pi(sk)->bc_sid)) 864 err = -EADDRINUSE; 865 866 write_unlock(&iso_sk_list.lock); 867 868 if (err) 869 return err; 870 871 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 872 iso_pi(sk)->src_type); 873 if (!hdev) 874 return -EHOSTUNREACH; 875 876 hci_dev_lock(hdev); 877 878 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 879 iso_pi(sk)->bc_sid); 880 881 hci_dev_unlock(hdev); 882 883 return err; 884 } 885 886 static int iso_listen_cis(struct sock *sk) 887 { 888 int err = 0; 889 890 BT_DBG("%pMR", &iso_pi(sk)->src); 891 892 write_lock(&iso_sk_list.lock); 893 894 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 895 err = -EADDRINUSE; 896 897 write_unlock(&iso_sk_list.lock); 898 899 return err; 900 } 901 902 static int iso_sock_listen(struct socket *sock, int backlog) 903 { 904 struct sock *sk = sock->sk; 905 int err = 0; 906 907 BT_DBG("sk %p backlog %d", sk, backlog); 908 909 lock_sock(sk); 910 911 if (sk->sk_state != BT_BOUND) { 912 err = -EBADFD; 913 goto done; 914 } 915 916 if (sk->sk_type != SOCK_SEQPACKET) { 917 err = -EINVAL; 918 goto done; 919 } 920 921 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 922 err = iso_listen_cis(sk); 923 else 924 err = iso_listen_bis(sk); 925 926 if (err) 927 goto done; 928 929 sk->sk_max_ack_backlog = backlog; 930 sk->sk_ack_backlog = 0; 931 932 sk->sk_state = BT_LISTEN; 933 934 done: 935 release_sock(sk); 936 return err; 937 } 938 939 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 940 int flags, bool kern) 941 { 942 DEFINE_WAIT_FUNC(wait, woken_wake_function); 943 struct sock *sk = sock->sk, *ch; 944 long timeo; 945 int err = 0; 946 947 lock_sock(sk); 948 949 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 950 951 BT_DBG("sk %p timeo %ld", sk, timeo); 952 953 /* Wait for an incoming connection. (wake-one). */ 954 add_wait_queue_exclusive(sk_sleep(sk), &wait); 955 while (1) { 956 if (sk->sk_state != BT_LISTEN) { 957 err = -EBADFD; 958 break; 959 } 960 961 ch = bt_accept_dequeue(sk, newsock); 962 if (ch) 963 break; 964 965 if (!timeo) { 966 err = -EAGAIN; 967 break; 968 } 969 970 if (signal_pending(current)) { 971 err = sock_intr_errno(timeo); 972 break; 973 } 974 975 release_sock(sk); 976 977 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 978 lock_sock(sk); 979 } 980 remove_wait_queue(sk_sleep(sk), &wait); 981 982 if (err) 983 goto done; 984 985 newsock->state = SS_CONNECTED; 986 987 BT_DBG("new socket %p", ch); 988 989 done: 990 release_sock(sk); 991 return err; 992 } 993 994 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 995 int peer) 996 { 997 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 998 struct sock *sk = sock->sk; 999 1000 BT_DBG("sock %p, sk %p", sock, sk); 1001 1002 addr->sa_family = AF_BLUETOOTH; 1003 1004 if (peer) { 1005 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1006 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1007 } else { 1008 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1009 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1010 } 1011 1012 return sizeof(struct sockaddr_iso); 1013 } 1014 1015 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1016 size_t len) 1017 { 1018 struct sock *sk = sock->sk; 1019 struct iso_conn *conn = iso_pi(sk)->conn; 1020 struct sk_buff *skb, **frag; 1021 int err; 1022 1023 BT_DBG("sock %p, sk %p", sock, sk); 1024 1025 err = sock_error(sk); 1026 if (err) 1027 return err; 1028 1029 if (msg->msg_flags & MSG_OOB) 1030 return -EOPNOTSUPP; 1031 1032 if (sk->sk_state != BT_CONNECTED) 1033 return -ENOTCONN; 1034 1035 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1036 HCI_ISO_DATA_HDR_SIZE, 0); 1037 if (IS_ERR(skb)) 1038 return PTR_ERR(skb); 1039 1040 len -= skb->len; 1041 1042 BT_DBG("skb %p len %d", sk, skb->len); 1043 1044 /* Continuation fragments */ 1045 frag = &skb_shinfo(skb)->frag_list; 1046 while (len) { 1047 struct sk_buff *tmp; 1048 1049 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1050 0, 0); 1051 if (IS_ERR(tmp)) { 1052 kfree_skb(skb); 1053 return PTR_ERR(tmp); 1054 } 1055 1056 *frag = tmp; 1057 1058 len -= tmp->len; 1059 1060 skb->len += tmp->len; 1061 skb->data_len += tmp->len; 1062 1063 BT_DBG("frag %p len %d", *frag, tmp->len); 1064 1065 frag = &(*frag)->next; 1066 } 1067 1068 lock_sock(sk); 1069 1070 if (sk->sk_state == BT_CONNECTED) 1071 err = iso_send_frame(sk, skb); 1072 else 1073 err = -ENOTCONN; 1074 1075 release_sock(sk); 1076 1077 if (err < 0) 1078 kfree_skb(skb); 1079 return err; 1080 } 1081 1082 static void iso_conn_defer_accept(struct hci_conn *conn) 1083 { 1084 struct hci_cp_le_accept_cis cp; 1085 struct hci_dev *hdev = conn->hdev; 1086 1087 BT_DBG("conn %p", conn); 1088 1089 conn->state = BT_CONFIG; 1090 1091 cp.handle = cpu_to_le16(conn->handle); 1092 1093 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1094 } 1095 1096 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1097 size_t len, int flags) 1098 { 1099 struct sock *sk = sock->sk; 1100 struct iso_pinfo *pi = iso_pi(sk); 1101 int err; 1102 1103 BT_DBG("sk %p", sk); 1104 1105 lock_sock(sk); 1106 1107 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1108 switch (sk->sk_state) { 1109 case BT_CONNECT2: 1110 iso_conn_defer_accept(pi->conn->hcon); 1111 sk->sk_state = BT_CONFIG; 1112 release_sock(sk); 1113 return 0; 1114 case BT_CONNECT: 1115 err = iso_connect_cis(sk); 1116 release_sock(sk); 1117 return err; 1118 } 1119 } 1120 1121 release_sock(sk); 1122 1123 return bt_sock_recvmsg(sock, msg, len, flags); 1124 } 1125 1126 static bool check_io_qos(struct bt_iso_io_qos *qos) 1127 { 1128 /* If no PHY is enable SDU must be 0 */ 1129 if (!qos->phy && qos->sdu) 1130 return false; 1131 1132 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1133 return false; 1134 1135 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1136 return false; 1137 1138 if (qos->phy > BT_ISO_PHY_ANY) 1139 return false; 1140 1141 return true; 1142 } 1143 1144 static bool check_qos(struct bt_iso_qos *qos) 1145 { 1146 if (qos->sca > 0x07) 1147 return false; 1148 1149 if (qos->packing > 0x01) 1150 return false; 1151 1152 if (qos->framing > 0x01) 1153 return false; 1154 1155 if (!check_io_qos(&qos->in)) 1156 return false; 1157 1158 if (!check_io_qos(&qos->out)) 1159 return false; 1160 1161 return true; 1162 } 1163 1164 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1165 sockptr_t optval, unsigned int optlen) 1166 { 1167 struct sock *sk = sock->sk; 1168 int len, err = 0; 1169 struct bt_iso_qos qos; 1170 u32 opt; 1171 1172 BT_DBG("sk %p", sk); 1173 1174 lock_sock(sk); 1175 1176 switch (optname) { 1177 case BT_DEFER_SETUP: 1178 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1179 err = -EINVAL; 1180 break; 1181 } 1182 1183 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1184 err = -EFAULT; 1185 break; 1186 } 1187 1188 if (opt) 1189 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1190 else 1191 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1192 break; 1193 1194 case BT_ISO_QOS: 1195 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1196 sk->sk_state != BT_CONNECT2) { 1197 err = -EINVAL; 1198 break; 1199 } 1200 1201 len = min_t(unsigned int, sizeof(qos), optlen); 1202 if (len != sizeof(qos)) { 1203 err = -EINVAL; 1204 break; 1205 } 1206 1207 memset(&qos, 0, sizeof(qos)); 1208 1209 if (copy_from_sockptr(&qos, optval, len)) { 1210 err = -EFAULT; 1211 break; 1212 } 1213 1214 if (!check_qos(&qos)) { 1215 err = -EINVAL; 1216 break; 1217 } 1218 1219 iso_pi(sk)->qos = qos; 1220 1221 break; 1222 1223 case BT_ISO_BASE: 1224 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1225 sk->sk_state != BT_CONNECT2) { 1226 err = -EINVAL; 1227 break; 1228 } 1229 1230 if (optlen > sizeof(iso_pi(sk)->base)) { 1231 err = -EOVERFLOW; 1232 break; 1233 } 1234 1235 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1236 1237 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1238 err = -EFAULT; 1239 break; 1240 } 1241 1242 iso_pi(sk)->base_len = len; 1243 1244 break; 1245 1246 default: 1247 err = -ENOPROTOOPT; 1248 break; 1249 } 1250 1251 release_sock(sk); 1252 return err; 1253 } 1254 1255 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1256 char __user *optval, int __user *optlen) 1257 { 1258 struct sock *sk = sock->sk; 1259 int len, err = 0; 1260 struct bt_iso_qos *qos; 1261 u8 base_len; 1262 u8 *base; 1263 1264 BT_DBG("sk %p", sk); 1265 1266 if (get_user(len, optlen)) 1267 return -EFAULT; 1268 1269 lock_sock(sk); 1270 1271 switch (optname) { 1272 case BT_DEFER_SETUP: 1273 if (sk->sk_state == BT_CONNECTED) { 1274 err = -EINVAL; 1275 break; 1276 } 1277 1278 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1279 (u32 __user *)optval)) 1280 err = -EFAULT; 1281 1282 break; 1283 1284 case BT_ISO_QOS: 1285 qos = iso_sock_get_qos(sk); 1286 1287 len = min_t(unsigned int, len, sizeof(*qos)); 1288 if (copy_to_user(optval, qos, len)) 1289 err = -EFAULT; 1290 1291 break; 1292 1293 case BT_ISO_BASE: 1294 if (sk->sk_state == BT_CONNECTED) { 1295 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1296 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1297 } else { 1298 base_len = iso_pi(sk)->base_len; 1299 base = iso_pi(sk)->base; 1300 } 1301 1302 len = min_t(unsigned int, len, base_len); 1303 if (copy_to_user(optval, base, len)) 1304 err = -EFAULT; 1305 1306 break; 1307 1308 default: 1309 err = -ENOPROTOOPT; 1310 break; 1311 } 1312 1313 release_sock(sk); 1314 return err; 1315 } 1316 1317 static int iso_sock_shutdown(struct socket *sock, int how) 1318 { 1319 struct sock *sk = sock->sk; 1320 int err = 0; 1321 1322 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1323 1324 if (!sk) 1325 return 0; 1326 1327 sock_hold(sk); 1328 lock_sock(sk); 1329 1330 switch (how) { 1331 case SHUT_RD: 1332 if (sk->sk_shutdown & RCV_SHUTDOWN) 1333 goto unlock; 1334 sk->sk_shutdown |= RCV_SHUTDOWN; 1335 break; 1336 case SHUT_WR: 1337 if (sk->sk_shutdown & SEND_SHUTDOWN) 1338 goto unlock; 1339 sk->sk_shutdown |= SEND_SHUTDOWN; 1340 break; 1341 case SHUT_RDWR: 1342 if (sk->sk_shutdown & SHUTDOWN_MASK) 1343 goto unlock; 1344 sk->sk_shutdown |= SHUTDOWN_MASK; 1345 break; 1346 } 1347 1348 iso_sock_clear_timer(sk); 1349 __iso_sock_close(sk); 1350 1351 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1352 !(current->flags & PF_EXITING)) 1353 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1354 1355 unlock: 1356 release_sock(sk); 1357 sock_put(sk); 1358 1359 return err; 1360 } 1361 1362 static int iso_sock_release(struct socket *sock) 1363 { 1364 struct sock *sk = sock->sk; 1365 int err = 0; 1366 1367 BT_DBG("sock %p, sk %p", sock, sk); 1368 1369 if (!sk) 1370 return 0; 1371 1372 iso_sock_close(sk); 1373 1374 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1375 !(current->flags & PF_EXITING)) { 1376 lock_sock(sk); 1377 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1378 release_sock(sk); 1379 } 1380 1381 sock_orphan(sk); 1382 iso_sock_kill(sk); 1383 return err; 1384 } 1385 1386 static void iso_sock_ready(struct sock *sk) 1387 { 1388 BT_DBG("sk %p", sk); 1389 1390 if (!sk) 1391 return; 1392 1393 lock_sock(sk); 1394 iso_sock_clear_timer(sk); 1395 sk->sk_state = BT_CONNECTED; 1396 sk->sk_state_change(sk); 1397 release_sock(sk); 1398 } 1399 1400 struct iso_list_data { 1401 struct hci_conn *hcon; 1402 int count; 1403 }; 1404 1405 static bool iso_match_big(struct sock *sk, void *data) 1406 { 1407 struct hci_evt_le_big_sync_estabilished *ev = data; 1408 1409 return ev->handle == iso_pi(sk)->qos.big; 1410 } 1411 1412 static void iso_conn_ready(struct iso_conn *conn) 1413 { 1414 struct sock *parent; 1415 struct sock *sk = conn->sk; 1416 struct hci_ev_le_big_sync_estabilished *ev; 1417 1418 BT_DBG("conn %p", conn); 1419 1420 if (sk) { 1421 iso_sock_ready(conn->sk); 1422 } else { 1423 iso_conn_lock(conn); 1424 1425 if (!conn->hcon) { 1426 iso_conn_unlock(conn); 1427 return; 1428 } 1429 1430 ev = hci_recv_event_data(conn->hcon->hdev, 1431 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1432 if (ev) 1433 parent = iso_get_sock_listen(&conn->hcon->src, 1434 &conn->hcon->dst, 1435 iso_match_big, ev); 1436 else 1437 parent = iso_get_sock_listen(&conn->hcon->src, 1438 BDADDR_ANY, NULL, NULL); 1439 1440 if (!parent) { 1441 iso_conn_unlock(conn); 1442 return; 1443 } 1444 1445 lock_sock(parent); 1446 1447 sk = iso_sock_alloc(sock_net(parent), NULL, 1448 BTPROTO_ISO, GFP_ATOMIC, 0); 1449 if (!sk) { 1450 release_sock(parent); 1451 iso_conn_unlock(conn); 1452 return; 1453 } 1454 1455 iso_sock_init(sk, parent); 1456 1457 bacpy(&iso_pi(sk)->src, &conn->hcon->src); 1458 iso_pi(sk)->src_type = conn->hcon->src_type; 1459 1460 /* If hcon has no destination address (BDADDR_ANY) it means it 1461 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1462 * initialize using the parent socket destination address. 1463 */ 1464 if (!bacmp(&conn->hcon->dst, BDADDR_ANY)) { 1465 bacpy(&conn->hcon->dst, &iso_pi(parent)->dst); 1466 conn->hcon->dst_type = iso_pi(parent)->dst_type; 1467 conn->hcon->sync_handle = iso_pi(parent)->sync_handle; 1468 } 1469 1470 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst); 1471 iso_pi(sk)->dst_type = conn->hcon->dst_type; 1472 1473 hci_conn_hold(conn->hcon); 1474 __iso_chan_add(conn, sk, parent); 1475 1476 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1477 sk->sk_state = BT_CONNECT2; 1478 else 1479 sk->sk_state = BT_CONNECTED; 1480 1481 /* Wake up parent */ 1482 parent->sk_data_ready(parent); 1483 1484 release_sock(parent); 1485 1486 iso_conn_unlock(conn); 1487 } 1488 } 1489 1490 static bool iso_match_sid(struct sock *sk, void *data) 1491 { 1492 struct hci_ev_le_pa_sync_established *ev = data; 1493 1494 return ev->sid == iso_pi(sk)->bc_sid; 1495 } 1496 1497 static bool iso_match_sync_handle(struct sock *sk, void *data) 1498 { 1499 struct hci_evt_le_big_info_adv_report *ev = data; 1500 1501 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1502 } 1503 1504 /* ----- ISO interface with lower layer (HCI) ----- */ 1505 1506 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1507 { 1508 struct hci_ev_le_pa_sync_established *ev1; 1509 struct hci_evt_le_big_info_adv_report *ev2; 1510 struct sock *sk; 1511 int lm = 0; 1512 1513 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1514 1515 /* Broadcast receiver requires handling of some events before it can 1516 * proceed to establishing a BIG sync: 1517 * 1518 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1519 * SID to listen to and once sync is estabilished its handle needs to 1520 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1521 * receiving the BIG Info. 1522 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1523 * a BIG Info it attempts to check if there any listening socket with 1524 * the same sync_handle and if it does then attempt to create a sync. 1525 */ 1526 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1527 if (ev1) { 1528 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1529 ev1); 1530 if (sk) 1531 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1532 1533 goto done; 1534 } 1535 1536 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1537 if (ev2) { 1538 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1539 iso_match_sync_handle, ev2); 1540 if (sk) { 1541 int err; 1542 1543 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1544 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1545 1546 err = hci_le_big_create_sync(hdev, 1547 &iso_pi(sk)->qos, 1548 iso_pi(sk)->sync_handle, 1549 iso_pi(sk)->bc_num_bis, 1550 iso_pi(sk)->bc_bis); 1551 if (err) { 1552 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1553 err); 1554 sk = NULL; 1555 } 1556 } 1557 } else { 1558 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1559 } 1560 1561 done: 1562 if (!sk) 1563 return lm; 1564 1565 lm |= HCI_LM_ACCEPT; 1566 1567 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1568 *flags |= HCI_PROTO_DEFER; 1569 1570 return lm; 1571 } 1572 1573 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1574 { 1575 if (hcon->type != ISO_LINK) { 1576 if (hcon->type != LE_LINK) 1577 return; 1578 1579 /* Check if LE link has failed */ 1580 if (status) { 1581 if (hcon->link) 1582 iso_conn_del(hcon->link, bt_to_errno(status)); 1583 return; 1584 } 1585 1586 /* Create CIS if pending */ 1587 hci_le_create_cis(hcon); 1588 return; 1589 } 1590 1591 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1592 1593 if (!status) { 1594 struct iso_conn *conn; 1595 1596 conn = iso_conn_add(hcon); 1597 if (conn) 1598 iso_conn_ready(conn); 1599 } else { 1600 iso_conn_del(hcon, bt_to_errno(status)); 1601 } 1602 } 1603 1604 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1605 { 1606 if (hcon->type != ISO_LINK) 1607 return; 1608 1609 BT_DBG("hcon %p reason %d", hcon, reason); 1610 1611 iso_conn_del(hcon, bt_to_errno(reason)); 1612 } 1613 1614 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1615 { 1616 struct iso_conn *conn = hcon->iso_data; 1617 struct hci_iso_data_hdr *hdr; 1618 __u16 pb, ts, len; 1619 1620 if (!conn) 1621 goto drop; 1622 1623 pb = hci_iso_flags_pb(flags); 1624 ts = hci_iso_flags_ts(flags); 1625 1626 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1627 1628 switch (pb) { 1629 case ISO_START: 1630 case ISO_SINGLE: 1631 if (conn->rx_len) { 1632 BT_ERR("Unexpected start frame (len %d)", skb->len); 1633 kfree_skb(conn->rx_skb); 1634 conn->rx_skb = NULL; 1635 conn->rx_len = 0; 1636 } 1637 1638 if (ts) { 1639 /* TODO: add timestamp to the packet? */ 1640 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1641 if (!hdr) { 1642 BT_ERR("Frame is too short (len %d)", skb->len); 1643 goto drop; 1644 } 1645 1646 } else { 1647 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1648 if (!hdr) { 1649 BT_ERR("Frame is too short (len %d)", skb->len); 1650 goto drop; 1651 } 1652 } 1653 1654 len = __le16_to_cpu(hdr->slen); 1655 flags = hci_iso_data_flags(len); 1656 len = hci_iso_data_len(len); 1657 1658 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1659 skb->len, flags); 1660 1661 if (len == skb->len) { 1662 /* Complete frame received */ 1663 iso_recv_frame(conn, skb); 1664 return; 1665 } 1666 1667 if (pb == ISO_SINGLE) { 1668 BT_ERR("Frame malformed (len %d, expected len %d)", 1669 skb->len, len); 1670 goto drop; 1671 } 1672 1673 if (skb->len > len) { 1674 BT_ERR("Frame is too long (len %d, expected len %d)", 1675 skb->len, len); 1676 goto drop; 1677 } 1678 1679 /* Allocate skb for the complete frame (with header) */ 1680 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1681 if (!conn->rx_skb) 1682 goto drop; 1683 1684 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1685 skb->len); 1686 conn->rx_len = len - skb->len; 1687 break; 1688 1689 case ISO_CONT: 1690 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1691 conn->rx_len); 1692 1693 if (!conn->rx_len) { 1694 BT_ERR("Unexpected continuation frame (len %d)", 1695 skb->len); 1696 goto drop; 1697 } 1698 1699 if (skb->len > conn->rx_len) { 1700 BT_ERR("Fragment is too long (len %d, expected %d)", 1701 skb->len, conn->rx_len); 1702 kfree_skb(conn->rx_skb); 1703 conn->rx_skb = NULL; 1704 conn->rx_len = 0; 1705 goto drop; 1706 } 1707 1708 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1709 skb->len); 1710 conn->rx_len -= skb->len; 1711 return; 1712 1713 case ISO_END: 1714 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1715 skb->len); 1716 conn->rx_len -= skb->len; 1717 1718 if (!conn->rx_len) { 1719 struct sk_buff *rx_skb = conn->rx_skb; 1720 1721 /* Complete frame received. iso_recv_frame 1722 * takes ownership of the skb so set the global 1723 * rx_skb pointer to NULL first. 1724 */ 1725 conn->rx_skb = NULL; 1726 iso_recv_frame(conn, rx_skb); 1727 } 1728 break; 1729 } 1730 1731 drop: 1732 kfree_skb(skb); 1733 } 1734 1735 static struct hci_cb iso_cb = { 1736 .name = "ISO", 1737 .connect_cfm = iso_connect_cfm, 1738 .disconn_cfm = iso_disconn_cfm, 1739 }; 1740 1741 static int iso_debugfs_show(struct seq_file *f, void *p) 1742 { 1743 struct sock *sk; 1744 1745 read_lock(&iso_sk_list.lock); 1746 1747 sk_for_each(sk, &iso_sk_list.head) { 1748 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1749 &iso_pi(sk)->dst, sk->sk_state); 1750 } 1751 1752 read_unlock(&iso_sk_list.lock); 1753 1754 return 0; 1755 } 1756 1757 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1758 1759 static struct dentry *iso_debugfs; 1760 1761 static const struct proto_ops iso_sock_ops = { 1762 .family = PF_BLUETOOTH, 1763 .owner = THIS_MODULE, 1764 .release = iso_sock_release, 1765 .bind = iso_sock_bind, 1766 .connect = iso_sock_connect, 1767 .listen = iso_sock_listen, 1768 .accept = iso_sock_accept, 1769 .getname = iso_sock_getname, 1770 .sendmsg = iso_sock_sendmsg, 1771 .recvmsg = iso_sock_recvmsg, 1772 .poll = bt_sock_poll, 1773 .ioctl = bt_sock_ioctl, 1774 .mmap = sock_no_mmap, 1775 .socketpair = sock_no_socketpair, 1776 .shutdown = iso_sock_shutdown, 1777 .setsockopt = iso_sock_setsockopt, 1778 .getsockopt = iso_sock_getsockopt 1779 }; 1780 1781 static const struct net_proto_family iso_sock_family_ops = { 1782 .family = PF_BLUETOOTH, 1783 .owner = THIS_MODULE, 1784 .create = iso_sock_create, 1785 }; 1786 1787 static bool iso_inited; 1788 1789 bool iso_enabled(void) 1790 { 1791 return iso_inited; 1792 } 1793 1794 int iso_init(void) 1795 { 1796 int err; 1797 1798 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1799 1800 if (iso_inited) 1801 return -EALREADY; 1802 1803 err = proto_register(&iso_proto, 0); 1804 if (err < 0) 1805 return err; 1806 1807 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1808 if (err < 0) { 1809 BT_ERR("ISO socket registration failed"); 1810 goto error; 1811 } 1812 1813 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1814 if (err < 0) { 1815 BT_ERR("Failed to create ISO proc file"); 1816 bt_sock_unregister(BTPROTO_ISO); 1817 goto error; 1818 } 1819 1820 BT_INFO("ISO socket layer initialized"); 1821 1822 hci_register_cb(&iso_cb); 1823 1824 if (IS_ERR_OR_NULL(bt_debugfs)) 1825 return 0; 1826 1827 if (!iso_debugfs) { 1828 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1829 NULL, &iso_debugfs_fops); 1830 } 1831 1832 iso_inited = true; 1833 1834 return 0; 1835 1836 error: 1837 proto_unregister(&iso_proto); 1838 return err; 1839 } 1840 1841 int iso_exit(void) 1842 { 1843 if (!iso_inited) 1844 return -EALREADY; 1845 1846 bt_procfs_cleanup(&init_net, "iso"); 1847 1848 debugfs_remove(iso_debugfs); 1849 iso_debugfs = NULL; 1850 1851 hci_unregister_cb(&iso_cb); 1852 1853 bt_sock_unregister(BTPROTO_ISO); 1854 1855 proto_unregister(&iso_proto); 1856 1857 iso_inited = false; 1858 1859 return 0; 1860 } 1861