1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 #define EIR_SERVICE_DATA_LENGTH 4 48 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 49 50 struct iso_pinfo { 51 struct bt_sock bt; 52 bdaddr_t src; 53 __u8 src_type; 54 bdaddr_t dst; 55 __u8 dst_type; 56 __u8 bc_sid; 57 __u8 bc_num_bis; 58 __u8 bc_bis[ISO_MAX_NUM_BIS]; 59 __u16 sync_handle; 60 __u32 flags; 61 struct bt_iso_qos qos; 62 __u8 base_len; 63 __u8 base[BASE_MAX_LENGTH]; 64 struct iso_conn *conn; 65 }; 66 67 /* ---- ISO timers ---- */ 68 #define ISO_CONN_TIMEOUT (HZ * 40) 69 #define ISO_DISCONN_TIMEOUT (HZ * 2) 70 71 static void iso_sock_timeout(struct work_struct *work) 72 { 73 struct iso_conn *conn = container_of(work, struct iso_conn, 74 timeout_work.work); 75 struct sock *sk; 76 77 iso_conn_lock(conn); 78 sk = conn->sk; 79 if (sk) 80 sock_hold(sk); 81 iso_conn_unlock(conn); 82 83 if (!sk) 84 return; 85 86 BT_DBG("sock %p state %d", sk, sk->sk_state); 87 88 lock_sock(sk); 89 sk->sk_err = ETIMEDOUT; 90 sk->sk_state_change(sk); 91 release_sock(sk); 92 sock_put(sk); 93 } 94 95 static void iso_sock_set_timer(struct sock *sk, long timeout) 96 { 97 if (!iso_pi(sk)->conn) 98 return; 99 100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 103 } 104 105 static void iso_sock_clear_timer(struct sock *sk) 106 { 107 if (!iso_pi(sk)->conn) 108 return; 109 110 BT_DBG("sock %p state %d", sk, sk->sk_state); 111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 112 } 113 114 /* ---- ISO connections ---- */ 115 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 116 { 117 struct iso_conn *conn = hcon->iso_data; 118 119 if (conn) 120 return conn; 121 122 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 123 if (!conn) 124 return NULL; 125 126 spin_lock_init(&conn->lock); 127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 128 129 hcon->iso_data = conn; 130 conn->hcon = hcon; 131 conn->tx_sn = 0; 132 133 BT_DBG("hcon %p conn %p", hcon, conn); 134 135 return conn; 136 } 137 138 /* Delete channel. Must be called on the locked socket. */ 139 static void iso_chan_del(struct sock *sk, int err) 140 { 141 struct iso_conn *conn; 142 struct sock *parent; 143 144 conn = iso_pi(sk)->conn; 145 146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 147 148 if (conn) { 149 iso_conn_lock(conn); 150 conn->sk = NULL; 151 iso_pi(sk)->conn = NULL; 152 iso_conn_unlock(conn); 153 154 if (conn->hcon) 155 hci_conn_drop(conn->hcon); 156 } 157 158 sk->sk_state = BT_CLOSED; 159 sk->sk_err = err; 160 161 parent = bt_sk(sk)->parent; 162 if (parent) { 163 bt_accept_unlink(sk); 164 parent->sk_data_ready(parent); 165 } else { 166 sk->sk_state_change(sk); 167 } 168 169 sock_set_flag(sk, SOCK_ZAPPED); 170 } 171 172 static void iso_conn_del(struct hci_conn *hcon, int err) 173 { 174 struct iso_conn *conn = hcon->iso_data; 175 struct sock *sk; 176 177 if (!conn) 178 return; 179 180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 181 182 /* Kill socket */ 183 iso_conn_lock(conn); 184 sk = conn->sk; 185 if (sk) 186 sock_hold(sk); 187 iso_conn_unlock(conn); 188 189 if (sk) { 190 lock_sock(sk); 191 iso_sock_clear_timer(sk); 192 iso_chan_del(sk, err); 193 release_sock(sk); 194 sock_put(sk); 195 } 196 197 /* Ensure no more work items will run before freeing conn. */ 198 cancel_delayed_work_sync(&conn->timeout_work); 199 200 hcon->iso_data = NULL; 201 kfree(conn); 202 } 203 204 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 205 struct sock *parent) 206 { 207 BT_DBG("conn %p", conn); 208 209 if (iso_pi(sk)->conn == conn && conn->sk == sk) 210 return 0; 211 212 if (conn->sk) { 213 BT_ERR("conn->sk already set"); 214 return -EBUSY; 215 } 216 217 iso_pi(sk)->conn = conn; 218 conn->sk = sk; 219 220 if (parent) 221 bt_accept_enqueue(parent, sk, true); 222 223 return 0; 224 } 225 226 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 227 struct sock *parent) 228 { 229 int err; 230 231 iso_conn_lock(conn); 232 err = __iso_chan_add(conn, sk, parent); 233 iso_conn_unlock(conn); 234 235 return err; 236 } 237 238 static int iso_connect_bis(struct sock *sk) 239 { 240 struct iso_conn *conn; 241 struct hci_conn *hcon; 242 struct hci_dev *hdev; 243 int err; 244 245 BT_DBG("%pMR", &iso_pi(sk)->src); 246 247 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 248 iso_pi(sk)->src_type); 249 if (!hdev) 250 return -EHOSTUNREACH; 251 252 hci_dev_lock(hdev); 253 254 if (!bis_capable(hdev)) { 255 err = -EOPNOTSUPP; 256 goto done; 257 } 258 259 /* Fail if out PHYs are marked as disabled */ 260 if (!iso_pi(sk)->qos.out.phy) { 261 err = -EINVAL; 262 goto done; 263 } 264 265 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 266 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 267 iso_pi(sk)->base); 268 if (IS_ERR(hcon)) { 269 err = PTR_ERR(hcon); 270 goto done; 271 } 272 273 conn = iso_conn_add(hcon); 274 if (!conn) { 275 hci_conn_drop(hcon); 276 err = -ENOMEM; 277 goto done; 278 } 279 280 /* Update source addr of the socket */ 281 bacpy(&iso_pi(sk)->src, &hcon->src); 282 283 err = iso_chan_add(conn, sk, NULL); 284 if (err) 285 goto done; 286 287 if (hcon->state == BT_CONNECTED) { 288 iso_sock_clear_timer(sk); 289 sk->sk_state = BT_CONNECTED; 290 } else { 291 sk->sk_state = BT_CONNECT; 292 iso_sock_set_timer(sk, sk->sk_sndtimeo); 293 } 294 295 done: 296 hci_dev_unlock(hdev); 297 hci_dev_put(hdev); 298 return err; 299 } 300 301 static int iso_connect_cis(struct sock *sk) 302 { 303 struct iso_conn *conn; 304 struct hci_conn *hcon; 305 struct hci_dev *hdev; 306 int err; 307 308 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 309 310 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 311 iso_pi(sk)->src_type); 312 if (!hdev) 313 return -EHOSTUNREACH; 314 315 hci_dev_lock(hdev); 316 317 if (!cis_central_capable(hdev)) { 318 err = -EOPNOTSUPP; 319 goto done; 320 } 321 322 /* Fail if either PHYs are marked as disabled */ 323 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 324 err = -EINVAL; 325 goto done; 326 } 327 328 /* Just bind if DEFER_SETUP has been set */ 329 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 330 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 331 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 332 if (IS_ERR(hcon)) { 333 err = PTR_ERR(hcon); 334 goto done; 335 } 336 } else { 337 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 338 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 339 if (IS_ERR(hcon)) { 340 err = PTR_ERR(hcon); 341 goto done; 342 } 343 } 344 345 conn = iso_conn_add(hcon); 346 if (!conn) { 347 hci_conn_drop(hcon); 348 err = -ENOMEM; 349 goto done; 350 } 351 352 /* Update source addr of the socket */ 353 bacpy(&iso_pi(sk)->src, &hcon->src); 354 355 err = iso_chan_add(conn, sk, NULL); 356 if (err) 357 goto done; 358 359 if (hcon->state == BT_CONNECTED) { 360 iso_sock_clear_timer(sk); 361 sk->sk_state = BT_CONNECTED; 362 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 363 iso_sock_clear_timer(sk); 364 sk->sk_state = BT_CONNECT; 365 } else { 366 sk->sk_state = BT_CONNECT; 367 iso_sock_set_timer(sk, sk->sk_sndtimeo); 368 } 369 370 done: 371 hci_dev_unlock(hdev); 372 hci_dev_put(hdev); 373 return err; 374 } 375 376 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 377 { 378 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 379 return &iso_pi(sk)->conn->hcon->iso_qos; 380 381 return &iso_pi(sk)->qos; 382 } 383 384 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 385 { 386 struct iso_conn *conn = iso_pi(sk)->conn; 387 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 388 struct hci_iso_data_hdr *hdr; 389 int len = 0; 390 391 BT_DBG("sk %p len %d", sk, skb->len); 392 393 if (skb->len > qos->out.sdu) 394 return -EMSGSIZE; 395 396 len = skb->len; 397 398 /* Push ISO data header */ 399 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 400 hdr->sn = cpu_to_le16(conn->tx_sn++); 401 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 402 HCI_ISO_STATUS_VALID)); 403 404 if (sk->sk_state == BT_CONNECTED) 405 hci_send_iso(conn->hcon, skb); 406 else 407 len = -ENOTCONN; 408 409 return len; 410 } 411 412 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 413 { 414 struct sock *sk; 415 416 iso_conn_lock(conn); 417 sk = conn->sk; 418 iso_conn_unlock(conn); 419 420 if (!sk) 421 goto drop; 422 423 BT_DBG("sk %p len %d", sk, skb->len); 424 425 if (sk->sk_state != BT_CONNECTED) 426 goto drop; 427 428 if (!sock_queue_rcv_skb(sk, skb)) 429 return; 430 431 drop: 432 kfree_skb(skb); 433 } 434 435 /* -------- Socket interface ---------- */ 436 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 437 { 438 struct sock *sk; 439 440 sk_for_each(sk, &iso_sk_list.head) { 441 if (sk->sk_state != BT_LISTEN) 442 continue; 443 444 if (!bacmp(&iso_pi(sk)->src, ba)) 445 return sk; 446 } 447 448 return NULL; 449 } 450 451 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 452 __u8 sid) 453 { 454 struct sock *sk; 455 456 sk_for_each(sk, &iso_sk_list.head) { 457 if (sk->sk_state != BT_LISTEN) 458 continue; 459 460 if (bacmp(&iso_pi(sk)->src, ba)) 461 continue; 462 463 if (bacmp(&iso_pi(sk)->dst, bc)) 464 continue; 465 466 if (iso_pi(sk)->bc_sid == sid) 467 return sk; 468 } 469 470 return NULL; 471 } 472 473 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 474 475 /* Find socket listening: 476 * source bdaddr (Unicast) 477 * destination bdaddr (Broadcast only) 478 * match func - pass NULL to ignore 479 * match func data - pass -1 to ignore 480 * Returns closest match. 481 */ 482 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 483 iso_sock_match_t match, void *data) 484 { 485 struct sock *sk = NULL, *sk1 = NULL; 486 487 read_lock(&iso_sk_list.lock); 488 489 sk_for_each(sk, &iso_sk_list.head) { 490 if (sk->sk_state != BT_LISTEN) 491 continue; 492 493 /* Match Broadcast destination */ 494 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 495 continue; 496 497 /* Use Match function if provided */ 498 if (match && !match(sk, data)) 499 continue; 500 501 /* Exact match. */ 502 if (!bacmp(&iso_pi(sk)->src, src)) 503 break; 504 505 /* Closest match */ 506 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 507 sk1 = sk; 508 } 509 510 read_unlock(&iso_sk_list.lock); 511 512 return sk ? sk : sk1; 513 } 514 515 static void iso_sock_destruct(struct sock *sk) 516 { 517 BT_DBG("sk %p", sk); 518 519 skb_queue_purge(&sk->sk_receive_queue); 520 skb_queue_purge(&sk->sk_write_queue); 521 } 522 523 static void iso_sock_cleanup_listen(struct sock *parent) 524 { 525 struct sock *sk; 526 527 BT_DBG("parent %p", parent); 528 529 /* Close not yet accepted channels */ 530 while ((sk = bt_accept_dequeue(parent, NULL))) { 531 iso_sock_close(sk); 532 iso_sock_kill(sk); 533 } 534 535 parent->sk_state = BT_CLOSED; 536 sock_set_flag(parent, SOCK_ZAPPED); 537 } 538 539 /* Kill socket (only if zapped and orphan) 540 * Must be called on unlocked socket. 541 */ 542 static void iso_sock_kill(struct sock *sk) 543 { 544 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 545 sock_flag(sk, SOCK_DEAD)) 546 return; 547 548 BT_DBG("sk %p state %d", sk, sk->sk_state); 549 550 /* Kill poor orphan */ 551 bt_sock_unlink(&iso_sk_list, sk); 552 sock_set_flag(sk, SOCK_DEAD); 553 sock_put(sk); 554 } 555 556 static void iso_conn_defer_reject(struct hci_conn *conn) 557 { 558 struct hci_cp_le_reject_cis cp; 559 560 BT_DBG("conn %p", conn); 561 562 memset(&cp, 0, sizeof(cp)); 563 cp.handle = cpu_to_le16(conn->handle); 564 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 565 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 566 } 567 568 static void __iso_sock_close(struct sock *sk) 569 { 570 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 571 572 switch (sk->sk_state) { 573 case BT_LISTEN: 574 iso_sock_cleanup_listen(sk); 575 break; 576 577 case BT_CONNECTED: 578 case BT_CONFIG: 579 if (iso_pi(sk)->conn->hcon) { 580 sk->sk_state = BT_DISCONN; 581 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 582 iso_conn_lock(iso_pi(sk)->conn); 583 hci_conn_drop(iso_pi(sk)->conn->hcon); 584 iso_pi(sk)->conn->hcon = NULL; 585 iso_conn_unlock(iso_pi(sk)->conn); 586 } else { 587 iso_chan_del(sk, ECONNRESET); 588 } 589 break; 590 591 case BT_CONNECT2: 592 if (iso_pi(sk)->conn->hcon) 593 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 594 iso_chan_del(sk, ECONNRESET); 595 break; 596 case BT_CONNECT: 597 /* In case of DEFER_SETUP the hcon would be bound to CIG which 598 * needs to be removed so just call hci_conn_del so the cleanup 599 * callback do what is needed. 600 */ 601 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 602 iso_pi(sk)->conn->hcon) { 603 hci_conn_del(iso_pi(sk)->conn->hcon); 604 iso_pi(sk)->conn->hcon = NULL; 605 } 606 607 iso_chan_del(sk, ECONNRESET); 608 break; 609 case BT_DISCONN: 610 iso_chan_del(sk, ECONNRESET); 611 break; 612 613 default: 614 sock_set_flag(sk, SOCK_ZAPPED); 615 break; 616 } 617 } 618 619 /* Must be called on unlocked socket. */ 620 static void iso_sock_close(struct sock *sk) 621 { 622 iso_sock_clear_timer(sk); 623 lock_sock(sk); 624 __iso_sock_close(sk); 625 release_sock(sk); 626 iso_sock_kill(sk); 627 } 628 629 static void iso_sock_init(struct sock *sk, struct sock *parent) 630 { 631 BT_DBG("sk %p", sk); 632 633 if (parent) { 634 sk->sk_type = parent->sk_type; 635 bt_sk(sk)->flags = bt_sk(parent)->flags; 636 security_sk_clone(parent, sk); 637 } 638 } 639 640 static struct proto iso_proto = { 641 .name = "ISO", 642 .owner = THIS_MODULE, 643 .obj_size = sizeof(struct iso_pinfo) 644 }; 645 646 #define DEFAULT_IO_QOS \ 647 { \ 648 .interval = 10000u, \ 649 .latency = 10u, \ 650 .sdu = 40u, \ 651 .phy = BT_ISO_PHY_2M, \ 652 .rtn = 2u, \ 653 } 654 655 static struct bt_iso_qos default_qos = { 656 .cig = BT_ISO_QOS_CIG_UNSET, 657 .cis = BT_ISO_QOS_CIS_UNSET, 658 .sca = 0x00, 659 .packing = 0x00, 660 .framing = 0x00, 661 .in = DEFAULT_IO_QOS, 662 .out = DEFAULT_IO_QOS, 663 }; 664 665 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 666 int proto, gfp_t prio, int kern) 667 { 668 struct sock *sk; 669 670 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 671 if (!sk) 672 return NULL; 673 674 sock_init_data(sock, sk); 675 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 676 677 sk->sk_destruct = iso_sock_destruct; 678 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 679 680 sock_reset_flag(sk, SOCK_ZAPPED); 681 682 sk->sk_protocol = proto; 683 sk->sk_state = BT_OPEN; 684 685 /* Set address type as public as default src address is BDADDR_ANY */ 686 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 687 688 iso_pi(sk)->qos = default_qos; 689 690 bt_sock_link(&iso_sk_list, sk); 691 return sk; 692 } 693 694 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 695 int kern) 696 { 697 struct sock *sk; 698 699 BT_DBG("sock %p", sock); 700 701 sock->state = SS_UNCONNECTED; 702 703 if (sock->type != SOCK_SEQPACKET) 704 return -ESOCKTNOSUPPORT; 705 706 sock->ops = &iso_sock_ops; 707 708 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 709 if (!sk) 710 return -ENOMEM; 711 712 iso_sock_init(sk, NULL); 713 return 0; 714 } 715 716 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 717 int addr_len) 718 { 719 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 720 struct sock *sk = sock->sk; 721 int i; 722 723 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 724 sa->iso_bc->bc_num_bis); 725 726 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 727 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 728 return -EINVAL; 729 730 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 731 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 732 iso_pi(sk)->sync_handle = -1; 733 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 734 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 735 736 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 737 if (sa->iso_bc->bc_bis[i] < 0x01 || 738 sa->iso_bc->bc_bis[i] > 0x1f) 739 return -EINVAL; 740 741 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 742 iso_pi(sk)->bc_num_bis); 743 } 744 745 return 0; 746 } 747 748 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 749 int addr_len) 750 { 751 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 752 struct sock *sk = sock->sk; 753 int err = 0; 754 755 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 756 757 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 758 addr->sa_family != AF_BLUETOOTH) 759 return -EINVAL; 760 761 lock_sock(sk); 762 763 if (sk->sk_state != BT_OPEN) { 764 err = -EBADFD; 765 goto done; 766 } 767 768 if (sk->sk_type != SOCK_SEQPACKET) { 769 err = -EINVAL; 770 goto done; 771 } 772 773 /* Check if the address type is of LE type */ 774 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 775 err = -EINVAL; 776 goto done; 777 } 778 779 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 780 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 781 782 /* Check for Broadcast address */ 783 if (addr_len > sizeof(*sa)) { 784 err = iso_sock_bind_bc(sock, addr, addr_len); 785 if (err) 786 goto done; 787 } 788 789 sk->sk_state = BT_BOUND; 790 791 done: 792 release_sock(sk); 793 return err; 794 } 795 796 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 797 int alen, int flags) 798 { 799 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 800 struct sock *sk = sock->sk; 801 int err; 802 803 BT_DBG("sk %p", sk); 804 805 if (alen < sizeof(struct sockaddr_iso) || 806 addr->sa_family != AF_BLUETOOTH) 807 return -EINVAL; 808 809 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 810 return -EBADFD; 811 812 if (sk->sk_type != SOCK_SEQPACKET) 813 return -EINVAL; 814 815 /* Check if the address type is of LE type */ 816 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 817 return -EINVAL; 818 819 lock_sock(sk); 820 821 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 822 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 823 824 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 825 err = iso_connect_cis(sk); 826 else 827 err = iso_connect_bis(sk); 828 829 if (err) 830 goto done; 831 832 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 833 err = bt_sock_wait_state(sk, BT_CONNECTED, 834 sock_sndtimeo(sk, flags & O_NONBLOCK)); 835 } 836 837 done: 838 release_sock(sk); 839 return err; 840 } 841 842 static int iso_listen_bis(struct sock *sk) 843 { 844 struct hci_dev *hdev; 845 int err = 0; 846 847 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 848 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 849 850 write_lock(&iso_sk_list.lock); 851 852 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 853 iso_pi(sk)->bc_sid)) 854 err = -EADDRINUSE; 855 856 write_unlock(&iso_sk_list.lock); 857 858 if (err) 859 return err; 860 861 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 862 iso_pi(sk)->src_type); 863 if (!hdev) 864 return -EHOSTUNREACH; 865 866 hci_dev_lock(hdev); 867 868 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 869 iso_pi(sk)->bc_sid); 870 871 hci_dev_unlock(hdev); 872 873 return err; 874 } 875 876 static int iso_listen_cis(struct sock *sk) 877 { 878 int err = 0; 879 880 BT_DBG("%pMR", &iso_pi(sk)->src); 881 882 write_lock(&iso_sk_list.lock); 883 884 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 885 err = -EADDRINUSE; 886 887 write_unlock(&iso_sk_list.lock); 888 889 return err; 890 } 891 892 static int iso_sock_listen(struct socket *sock, int backlog) 893 { 894 struct sock *sk = sock->sk; 895 int err = 0; 896 897 BT_DBG("sk %p backlog %d", sk, backlog); 898 899 lock_sock(sk); 900 901 if (sk->sk_state != BT_BOUND) { 902 err = -EBADFD; 903 goto done; 904 } 905 906 if (sk->sk_type != SOCK_SEQPACKET) { 907 err = -EINVAL; 908 goto done; 909 } 910 911 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 912 err = iso_listen_cis(sk); 913 else 914 err = iso_listen_bis(sk); 915 916 if (err) 917 goto done; 918 919 sk->sk_max_ack_backlog = backlog; 920 sk->sk_ack_backlog = 0; 921 922 sk->sk_state = BT_LISTEN; 923 924 done: 925 release_sock(sk); 926 return err; 927 } 928 929 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 930 int flags, bool kern) 931 { 932 DEFINE_WAIT_FUNC(wait, woken_wake_function); 933 struct sock *sk = sock->sk, *ch; 934 long timeo; 935 int err = 0; 936 937 lock_sock(sk); 938 939 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 940 941 BT_DBG("sk %p timeo %ld", sk, timeo); 942 943 /* Wait for an incoming connection. (wake-one). */ 944 add_wait_queue_exclusive(sk_sleep(sk), &wait); 945 while (1) { 946 if (sk->sk_state != BT_LISTEN) { 947 err = -EBADFD; 948 break; 949 } 950 951 ch = bt_accept_dequeue(sk, newsock); 952 if (ch) 953 break; 954 955 if (!timeo) { 956 err = -EAGAIN; 957 break; 958 } 959 960 if (signal_pending(current)) { 961 err = sock_intr_errno(timeo); 962 break; 963 } 964 965 release_sock(sk); 966 967 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 968 lock_sock(sk); 969 } 970 remove_wait_queue(sk_sleep(sk), &wait); 971 972 if (err) 973 goto done; 974 975 newsock->state = SS_CONNECTED; 976 977 BT_DBG("new socket %p", ch); 978 979 done: 980 release_sock(sk); 981 return err; 982 } 983 984 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 985 int peer) 986 { 987 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 988 struct sock *sk = sock->sk; 989 990 BT_DBG("sock %p, sk %p", sock, sk); 991 992 addr->sa_family = AF_BLUETOOTH; 993 994 if (peer) { 995 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 996 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 997 } else { 998 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 999 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1000 } 1001 1002 return sizeof(struct sockaddr_iso); 1003 } 1004 1005 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1006 size_t len) 1007 { 1008 struct sock *sk = sock->sk; 1009 struct iso_conn *conn = iso_pi(sk)->conn; 1010 struct sk_buff *skb, **frag; 1011 int err; 1012 1013 BT_DBG("sock %p, sk %p", sock, sk); 1014 1015 err = sock_error(sk); 1016 if (err) 1017 return err; 1018 1019 if (msg->msg_flags & MSG_OOB) 1020 return -EOPNOTSUPP; 1021 1022 if (sk->sk_state != BT_CONNECTED) 1023 return -ENOTCONN; 1024 1025 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1026 HCI_ISO_DATA_HDR_SIZE, 0); 1027 if (IS_ERR(skb)) 1028 return PTR_ERR(skb); 1029 1030 len -= skb->len; 1031 1032 BT_DBG("skb %p len %d", sk, skb->len); 1033 1034 /* Continuation fragments */ 1035 frag = &skb_shinfo(skb)->frag_list; 1036 while (len) { 1037 struct sk_buff *tmp; 1038 1039 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1040 0, 0); 1041 if (IS_ERR(tmp)) { 1042 kfree_skb(skb); 1043 return PTR_ERR(tmp); 1044 } 1045 1046 *frag = tmp; 1047 1048 len -= tmp->len; 1049 1050 skb->len += tmp->len; 1051 skb->data_len += tmp->len; 1052 1053 BT_DBG("frag %p len %d", *frag, tmp->len); 1054 1055 frag = &(*frag)->next; 1056 } 1057 1058 lock_sock(sk); 1059 1060 if (sk->sk_state == BT_CONNECTED) 1061 err = iso_send_frame(sk, skb); 1062 else 1063 err = -ENOTCONN; 1064 1065 release_sock(sk); 1066 1067 if (err < 0) 1068 kfree_skb(skb); 1069 return err; 1070 } 1071 1072 static void iso_conn_defer_accept(struct hci_conn *conn) 1073 { 1074 struct hci_cp_le_accept_cis cp; 1075 struct hci_dev *hdev = conn->hdev; 1076 1077 BT_DBG("conn %p", conn); 1078 1079 conn->state = BT_CONFIG; 1080 1081 cp.handle = cpu_to_le16(conn->handle); 1082 1083 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1084 } 1085 1086 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1087 size_t len, int flags) 1088 { 1089 struct sock *sk = sock->sk; 1090 struct iso_pinfo *pi = iso_pi(sk); 1091 int err; 1092 1093 BT_DBG("sk %p", sk); 1094 1095 lock_sock(sk); 1096 1097 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1098 switch (sk->sk_state) { 1099 case BT_CONNECT2: 1100 iso_conn_defer_accept(pi->conn->hcon); 1101 sk->sk_state = BT_CONFIG; 1102 release_sock(sk); 1103 return 0; 1104 case BT_CONNECT: 1105 err = iso_connect_cis(sk); 1106 release_sock(sk); 1107 return err; 1108 } 1109 } 1110 1111 release_sock(sk); 1112 1113 return bt_sock_recvmsg(sock, msg, len, flags); 1114 } 1115 1116 static bool check_io_qos(struct bt_iso_io_qos *qos) 1117 { 1118 /* If no PHY is enable SDU must be 0 */ 1119 if (!qos->phy && qos->sdu) 1120 return false; 1121 1122 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1123 return false; 1124 1125 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1126 return false; 1127 1128 if (qos->phy > BT_ISO_PHY_ANY) 1129 return false; 1130 1131 return true; 1132 } 1133 1134 static bool check_qos(struct bt_iso_qos *qos) 1135 { 1136 if (qos->sca > 0x07) 1137 return false; 1138 1139 if (qos->packing > 0x01) 1140 return false; 1141 1142 if (qos->framing > 0x01) 1143 return false; 1144 1145 if (!check_io_qos(&qos->in)) 1146 return false; 1147 1148 if (!check_io_qos(&qos->out)) 1149 return false; 1150 1151 return true; 1152 } 1153 1154 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1155 sockptr_t optval, unsigned int optlen) 1156 { 1157 struct sock *sk = sock->sk; 1158 int len, err = 0; 1159 struct bt_iso_qos qos; 1160 u32 opt; 1161 1162 BT_DBG("sk %p", sk); 1163 1164 lock_sock(sk); 1165 1166 switch (optname) { 1167 case BT_DEFER_SETUP: 1168 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1169 err = -EINVAL; 1170 break; 1171 } 1172 1173 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1174 err = -EFAULT; 1175 break; 1176 } 1177 1178 if (opt) 1179 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1180 else 1181 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1182 break; 1183 1184 case BT_ISO_QOS: 1185 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1186 sk->sk_state != BT_CONNECT2) { 1187 err = -EINVAL; 1188 break; 1189 } 1190 1191 len = min_t(unsigned int, sizeof(qos), optlen); 1192 if (len != sizeof(qos)) { 1193 err = -EINVAL; 1194 break; 1195 } 1196 1197 memset(&qos, 0, sizeof(qos)); 1198 1199 if (copy_from_sockptr(&qos, optval, len)) { 1200 err = -EFAULT; 1201 break; 1202 } 1203 1204 if (!check_qos(&qos)) { 1205 err = -EINVAL; 1206 break; 1207 } 1208 1209 iso_pi(sk)->qos = qos; 1210 1211 break; 1212 1213 case BT_ISO_BASE: 1214 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1215 sk->sk_state != BT_CONNECT2) { 1216 err = -EINVAL; 1217 break; 1218 } 1219 1220 if (optlen > sizeof(iso_pi(sk)->base)) { 1221 err = -EOVERFLOW; 1222 break; 1223 } 1224 1225 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1226 1227 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1228 err = -EFAULT; 1229 break; 1230 } 1231 1232 iso_pi(sk)->base_len = len; 1233 1234 break; 1235 1236 default: 1237 err = -ENOPROTOOPT; 1238 break; 1239 } 1240 1241 release_sock(sk); 1242 return err; 1243 } 1244 1245 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1246 char __user *optval, int __user *optlen) 1247 { 1248 struct sock *sk = sock->sk; 1249 int len, err = 0; 1250 struct bt_iso_qos *qos; 1251 u8 base_len; 1252 u8 *base; 1253 1254 BT_DBG("sk %p", sk); 1255 1256 if (get_user(len, optlen)) 1257 return -EFAULT; 1258 1259 lock_sock(sk); 1260 1261 switch (optname) { 1262 case BT_DEFER_SETUP: 1263 if (sk->sk_state == BT_CONNECTED) { 1264 err = -EINVAL; 1265 break; 1266 } 1267 1268 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1269 (u32 __user *)optval)) 1270 err = -EFAULT; 1271 1272 break; 1273 1274 case BT_ISO_QOS: 1275 qos = iso_sock_get_qos(sk); 1276 1277 len = min_t(unsigned int, len, sizeof(*qos)); 1278 if (copy_to_user(optval, qos, len)) 1279 err = -EFAULT; 1280 1281 break; 1282 1283 case BT_ISO_BASE: 1284 if (sk->sk_state == BT_CONNECTED) { 1285 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1286 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1287 } else { 1288 base_len = iso_pi(sk)->base_len; 1289 base = iso_pi(sk)->base; 1290 } 1291 1292 len = min_t(unsigned int, len, base_len); 1293 if (copy_to_user(optval, base, len)) 1294 err = -EFAULT; 1295 1296 break; 1297 1298 default: 1299 err = -ENOPROTOOPT; 1300 break; 1301 } 1302 1303 release_sock(sk); 1304 return err; 1305 } 1306 1307 static int iso_sock_shutdown(struct socket *sock, int how) 1308 { 1309 struct sock *sk = sock->sk; 1310 int err = 0; 1311 1312 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1313 1314 if (!sk) 1315 return 0; 1316 1317 sock_hold(sk); 1318 lock_sock(sk); 1319 1320 switch (how) { 1321 case SHUT_RD: 1322 if (sk->sk_shutdown & RCV_SHUTDOWN) 1323 goto unlock; 1324 sk->sk_shutdown |= RCV_SHUTDOWN; 1325 break; 1326 case SHUT_WR: 1327 if (sk->sk_shutdown & SEND_SHUTDOWN) 1328 goto unlock; 1329 sk->sk_shutdown |= SEND_SHUTDOWN; 1330 break; 1331 case SHUT_RDWR: 1332 if (sk->sk_shutdown & SHUTDOWN_MASK) 1333 goto unlock; 1334 sk->sk_shutdown |= SHUTDOWN_MASK; 1335 break; 1336 } 1337 1338 iso_sock_clear_timer(sk); 1339 __iso_sock_close(sk); 1340 1341 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1342 !(current->flags & PF_EXITING)) 1343 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1344 1345 unlock: 1346 release_sock(sk); 1347 sock_put(sk); 1348 1349 return err; 1350 } 1351 1352 static int iso_sock_release(struct socket *sock) 1353 { 1354 struct sock *sk = sock->sk; 1355 int err = 0; 1356 1357 BT_DBG("sock %p, sk %p", sock, sk); 1358 1359 if (!sk) 1360 return 0; 1361 1362 iso_sock_close(sk); 1363 1364 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1365 !(current->flags & PF_EXITING)) { 1366 lock_sock(sk); 1367 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1368 release_sock(sk); 1369 } 1370 1371 sock_orphan(sk); 1372 iso_sock_kill(sk); 1373 return err; 1374 } 1375 1376 static void iso_sock_ready(struct sock *sk) 1377 { 1378 BT_DBG("sk %p", sk); 1379 1380 if (!sk) 1381 return; 1382 1383 lock_sock(sk); 1384 iso_sock_clear_timer(sk); 1385 sk->sk_state = BT_CONNECTED; 1386 sk->sk_state_change(sk); 1387 release_sock(sk); 1388 } 1389 1390 struct iso_list_data { 1391 struct hci_conn *hcon; 1392 int count; 1393 }; 1394 1395 static bool iso_match_big(struct sock *sk, void *data) 1396 { 1397 struct hci_evt_le_big_sync_estabilished *ev = data; 1398 1399 return ev->handle == iso_pi(sk)->qos.big; 1400 } 1401 1402 static void iso_conn_ready(struct iso_conn *conn) 1403 { 1404 struct sock *parent; 1405 struct sock *sk = conn->sk; 1406 struct hci_ev_le_big_sync_estabilished *ev; 1407 1408 BT_DBG("conn %p", conn); 1409 1410 if (sk) { 1411 iso_sock_ready(conn->sk); 1412 } else { 1413 iso_conn_lock(conn); 1414 1415 if (!conn->hcon) { 1416 iso_conn_unlock(conn); 1417 return; 1418 } 1419 1420 ev = hci_recv_event_data(conn->hcon->hdev, 1421 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1422 if (ev) 1423 parent = iso_get_sock_listen(&conn->hcon->src, 1424 &conn->hcon->dst, 1425 iso_match_big, ev); 1426 else 1427 parent = iso_get_sock_listen(&conn->hcon->src, 1428 BDADDR_ANY, NULL, NULL); 1429 1430 if (!parent) { 1431 iso_conn_unlock(conn); 1432 return; 1433 } 1434 1435 lock_sock(parent); 1436 1437 sk = iso_sock_alloc(sock_net(parent), NULL, 1438 BTPROTO_ISO, GFP_ATOMIC, 0); 1439 if (!sk) { 1440 release_sock(parent); 1441 iso_conn_unlock(conn); 1442 return; 1443 } 1444 1445 iso_sock_init(sk, parent); 1446 1447 bacpy(&iso_pi(sk)->src, &conn->hcon->src); 1448 iso_pi(sk)->src_type = conn->hcon->src_type; 1449 1450 /* If hcon has no destination address (BDADDR_ANY) it means it 1451 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1452 * initialize using the parent socket destination address. 1453 */ 1454 if (!bacmp(&conn->hcon->dst, BDADDR_ANY)) { 1455 bacpy(&conn->hcon->dst, &iso_pi(parent)->dst); 1456 conn->hcon->dst_type = iso_pi(parent)->dst_type; 1457 conn->hcon->sync_handle = iso_pi(parent)->sync_handle; 1458 } 1459 1460 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst); 1461 iso_pi(sk)->dst_type = conn->hcon->dst_type; 1462 1463 hci_conn_hold(conn->hcon); 1464 __iso_chan_add(conn, sk, parent); 1465 1466 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1467 sk->sk_state = BT_CONNECT2; 1468 else 1469 sk->sk_state = BT_CONNECTED; 1470 1471 /* Wake up parent */ 1472 parent->sk_data_ready(parent); 1473 1474 release_sock(parent); 1475 1476 iso_conn_unlock(conn); 1477 } 1478 } 1479 1480 static bool iso_match_sid(struct sock *sk, void *data) 1481 { 1482 struct hci_ev_le_pa_sync_established *ev = data; 1483 1484 return ev->sid == iso_pi(sk)->bc_sid; 1485 } 1486 1487 static bool iso_match_sync_handle(struct sock *sk, void *data) 1488 { 1489 struct hci_evt_le_big_info_adv_report *ev = data; 1490 1491 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1492 } 1493 1494 /* ----- ISO interface with lower layer (HCI) ----- */ 1495 1496 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1497 { 1498 struct hci_ev_le_pa_sync_established *ev1; 1499 struct hci_evt_le_big_info_adv_report *ev2; 1500 struct sock *sk; 1501 int lm = 0; 1502 1503 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1504 1505 /* Broadcast receiver requires handling of some events before it can 1506 * proceed to establishing a BIG sync: 1507 * 1508 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1509 * SID to listen to and once sync is estabilished its handle needs to 1510 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1511 * receiving the BIG Info. 1512 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1513 * a BIG Info it attempts to check if there any listening socket with 1514 * the same sync_handle and if it does then attempt to create a sync. 1515 */ 1516 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1517 if (ev1) { 1518 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1519 ev1); 1520 if (sk) 1521 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1522 1523 goto done; 1524 } 1525 1526 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1527 if (ev2) { 1528 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1529 iso_match_sync_handle, ev2); 1530 if (sk) { 1531 int err; 1532 1533 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1534 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1535 1536 err = hci_le_big_create_sync(hdev, 1537 &iso_pi(sk)->qos, 1538 iso_pi(sk)->sync_handle, 1539 iso_pi(sk)->bc_num_bis, 1540 iso_pi(sk)->bc_bis); 1541 if (err) { 1542 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1543 err); 1544 sk = NULL; 1545 } 1546 } 1547 } else { 1548 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1549 } 1550 1551 done: 1552 if (!sk) 1553 return lm; 1554 1555 lm |= HCI_LM_ACCEPT; 1556 1557 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1558 *flags |= HCI_PROTO_DEFER; 1559 1560 return lm; 1561 } 1562 1563 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1564 { 1565 if (hcon->type != ISO_LINK) { 1566 if (hcon->type != LE_LINK) 1567 return; 1568 1569 /* Check if LE link has failed */ 1570 if (status) { 1571 if (hcon->link) 1572 iso_conn_del(hcon->link, bt_to_errno(status)); 1573 return; 1574 } 1575 1576 /* Create CIS if pending */ 1577 hci_le_create_cis(hcon); 1578 return; 1579 } 1580 1581 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1582 1583 if (!status) { 1584 struct iso_conn *conn; 1585 1586 conn = iso_conn_add(hcon); 1587 if (conn) 1588 iso_conn_ready(conn); 1589 } else { 1590 iso_conn_del(hcon, bt_to_errno(status)); 1591 } 1592 } 1593 1594 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1595 { 1596 if (hcon->type != ISO_LINK) 1597 return; 1598 1599 BT_DBG("hcon %p reason %d", hcon, reason); 1600 1601 iso_conn_del(hcon, bt_to_errno(reason)); 1602 } 1603 1604 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1605 { 1606 struct iso_conn *conn = hcon->iso_data; 1607 struct hci_iso_data_hdr *hdr; 1608 __u16 pb, ts, len; 1609 1610 if (!conn) 1611 goto drop; 1612 1613 pb = hci_iso_flags_pb(flags); 1614 ts = hci_iso_flags_ts(flags); 1615 1616 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1617 1618 switch (pb) { 1619 case ISO_START: 1620 case ISO_SINGLE: 1621 if (conn->rx_len) { 1622 BT_ERR("Unexpected start frame (len %d)", skb->len); 1623 kfree_skb(conn->rx_skb); 1624 conn->rx_skb = NULL; 1625 conn->rx_len = 0; 1626 } 1627 1628 if (ts) { 1629 /* TODO: add timestamp to the packet? */ 1630 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1631 if (!hdr) { 1632 BT_ERR("Frame is too short (len %d)", skb->len); 1633 goto drop; 1634 } 1635 1636 } else { 1637 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1638 if (!hdr) { 1639 BT_ERR("Frame is too short (len %d)", skb->len); 1640 goto drop; 1641 } 1642 } 1643 1644 len = __le16_to_cpu(hdr->slen); 1645 flags = hci_iso_data_flags(len); 1646 len = hci_iso_data_len(len); 1647 1648 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1649 skb->len, flags); 1650 1651 if (len == skb->len) { 1652 /* Complete frame received */ 1653 iso_recv_frame(conn, skb); 1654 return; 1655 } 1656 1657 if (pb == ISO_SINGLE) { 1658 BT_ERR("Frame malformed (len %d, expected len %d)", 1659 skb->len, len); 1660 goto drop; 1661 } 1662 1663 if (skb->len > len) { 1664 BT_ERR("Frame is too long (len %d, expected len %d)", 1665 skb->len, len); 1666 goto drop; 1667 } 1668 1669 /* Allocate skb for the complete frame (with header) */ 1670 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1671 if (!conn->rx_skb) 1672 goto drop; 1673 1674 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1675 skb->len); 1676 conn->rx_len = len - skb->len; 1677 break; 1678 1679 case ISO_CONT: 1680 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1681 conn->rx_len); 1682 1683 if (!conn->rx_len) { 1684 BT_ERR("Unexpected continuation frame (len %d)", 1685 skb->len); 1686 goto drop; 1687 } 1688 1689 if (skb->len > conn->rx_len) { 1690 BT_ERR("Fragment is too long (len %d, expected %d)", 1691 skb->len, conn->rx_len); 1692 kfree_skb(conn->rx_skb); 1693 conn->rx_skb = NULL; 1694 conn->rx_len = 0; 1695 goto drop; 1696 } 1697 1698 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1699 skb->len); 1700 conn->rx_len -= skb->len; 1701 return; 1702 1703 case ISO_END: 1704 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1705 skb->len); 1706 conn->rx_len -= skb->len; 1707 1708 if (!conn->rx_len) { 1709 struct sk_buff *rx_skb = conn->rx_skb; 1710 1711 /* Complete frame received. iso_recv_frame 1712 * takes ownership of the skb so set the global 1713 * rx_skb pointer to NULL first. 1714 */ 1715 conn->rx_skb = NULL; 1716 iso_recv_frame(conn, rx_skb); 1717 } 1718 break; 1719 } 1720 1721 drop: 1722 kfree_skb(skb); 1723 } 1724 1725 static struct hci_cb iso_cb = { 1726 .name = "ISO", 1727 .connect_cfm = iso_connect_cfm, 1728 .disconn_cfm = iso_disconn_cfm, 1729 }; 1730 1731 static int iso_debugfs_show(struct seq_file *f, void *p) 1732 { 1733 struct sock *sk; 1734 1735 read_lock(&iso_sk_list.lock); 1736 1737 sk_for_each(sk, &iso_sk_list.head) { 1738 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1739 &iso_pi(sk)->dst, sk->sk_state); 1740 } 1741 1742 read_unlock(&iso_sk_list.lock); 1743 1744 return 0; 1745 } 1746 1747 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1748 1749 static struct dentry *iso_debugfs; 1750 1751 static const struct proto_ops iso_sock_ops = { 1752 .family = PF_BLUETOOTH, 1753 .owner = THIS_MODULE, 1754 .release = iso_sock_release, 1755 .bind = iso_sock_bind, 1756 .connect = iso_sock_connect, 1757 .listen = iso_sock_listen, 1758 .accept = iso_sock_accept, 1759 .getname = iso_sock_getname, 1760 .sendmsg = iso_sock_sendmsg, 1761 .recvmsg = iso_sock_recvmsg, 1762 .poll = bt_sock_poll, 1763 .ioctl = bt_sock_ioctl, 1764 .mmap = sock_no_mmap, 1765 .socketpair = sock_no_socketpair, 1766 .shutdown = iso_sock_shutdown, 1767 .setsockopt = iso_sock_setsockopt, 1768 .getsockopt = iso_sock_getsockopt 1769 }; 1770 1771 static const struct net_proto_family iso_sock_family_ops = { 1772 .family = PF_BLUETOOTH, 1773 .owner = THIS_MODULE, 1774 .create = iso_sock_create, 1775 }; 1776 1777 static bool iso_inited; 1778 1779 bool iso_enabled(void) 1780 { 1781 return iso_inited; 1782 } 1783 1784 int iso_init(void) 1785 { 1786 int err; 1787 1788 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1789 1790 if (iso_inited) 1791 return -EALREADY; 1792 1793 err = proto_register(&iso_proto, 0); 1794 if (err < 0) 1795 return err; 1796 1797 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1798 if (err < 0) { 1799 BT_ERR("ISO socket registration failed"); 1800 goto error; 1801 } 1802 1803 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1804 if (err < 0) { 1805 BT_ERR("Failed to create ISO proc file"); 1806 bt_sock_unregister(BTPROTO_ISO); 1807 goto error; 1808 } 1809 1810 BT_INFO("ISO socket layer initialized"); 1811 1812 hci_register_cb(&iso_cb); 1813 1814 if (IS_ERR_OR_NULL(bt_debugfs)) 1815 return 0; 1816 1817 if (!iso_debugfs) { 1818 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1819 NULL, &iso_debugfs_fops); 1820 } 1821 1822 iso_inited = true; 1823 1824 return 0; 1825 1826 error: 1827 proto_unregister(&iso_proto); 1828 return err; 1829 } 1830 1831 int iso_exit(void) 1832 { 1833 if (!iso_inited) 1834 return -EALREADY; 1835 1836 bt_procfs_cleanup(&init_net, "iso"); 1837 1838 debugfs_remove(iso_debugfs); 1839 iso_debugfs = NULL; 1840 1841 hci_unregister_cb(&iso_cb); 1842 1843 bt_sock_unregister(BTPROTO_ISO); 1844 1845 proto_unregister(&iso_proto); 1846 1847 iso_inited = false; 1848 1849 return 0; 1850 } 1851