1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 struct iso_pinfo { 48 struct bt_sock bt; 49 bdaddr_t src; 50 __u8 src_type; 51 bdaddr_t dst; 52 __u8 dst_type; 53 __u32 flags; 54 struct bt_iso_qos qos; 55 struct iso_conn *conn; 56 }; 57 58 /* ---- ISO timers ---- */ 59 #define ISO_CONN_TIMEOUT (HZ * 40) 60 #define ISO_DISCONN_TIMEOUT (HZ * 2) 61 62 static void iso_sock_timeout(struct work_struct *work) 63 { 64 struct iso_conn *conn = container_of(work, struct iso_conn, 65 timeout_work.work); 66 struct sock *sk; 67 68 iso_conn_lock(conn); 69 sk = conn->sk; 70 if (sk) 71 sock_hold(sk); 72 iso_conn_unlock(conn); 73 74 if (!sk) 75 return; 76 77 BT_DBG("sock %p state %d", sk, sk->sk_state); 78 79 lock_sock(sk); 80 sk->sk_err = ETIMEDOUT; 81 sk->sk_state_change(sk); 82 release_sock(sk); 83 sock_put(sk); 84 } 85 86 static void iso_sock_set_timer(struct sock *sk, long timeout) 87 { 88 if (!iso_pi(sk)->conn) 89 return; 90 91 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 92 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 93 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 94 } 95 96 static void iso_sock_clear_timer(struct sock *sk) 97 { 98 if (!iso_pi(sk)->conn) 99 return; 100 101 BT_DBG("sock %p state %d", sk, sk->sk_state); 102 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 103 } 104 105 /* ---- ISO connections ---- */ 106 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 107 { 108 struct iso_conn *conn = hcon->iso_data; 109 110 if (conn) 111 return conn; 112 113 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 114 if (!conn) 115 return NULL; 116 117 spin_lock_init(&conn->lock); 118 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 119 120 hcon->iso_data = conn; 121 conn->hcon = hcon; 122 conn->tx_sn = 0; 123 124 BT_DBG("hcon %p conn %p", hcon, conn); 125 126 return conn; 127 } 128 129 /* Delete channel. Must be called on the locked socket. */ 130 static void iso_chan_del(struct sock *sk, int err) 131 { 132 struct iso_conn *conn; 133 134 conn = iso_pi(sk)->conn; 135 136 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 137 138 if (conn) { 139 iso_conn_lock(conn); 140 conn->sk = NULL; 141 iso_pi(sk)->conn = NULL; 142 iso_conn_unlock(conn); 143 144 if (conn->hcon) 145 hci_conn_drop(conn->hcon); 146 } 147 148 sk->sk_state = BT_CLOSED; 149 sk->sk_err = err; 150 sk->sk_state_change(sk); 151 152 sock_set_flag(sk, SOCK_ZAPPED); 153 } 154 155 static void iso_conn_del(struct hci_conn *hcon, int err) 156 { 157 struct iso_conn *conn = hcon->iso_data; 158 struct sock *sk; 159 160 if (!conn) 161 return; 162 163 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 164 165 /* Kill socket */ 166 iso_conn_lock(conn); 167 sk = conn->sk; 168 if (sk) 169 sock_hold(sk); 170 iso_conn_unlock(conn); 171 172 if (sk) { 173 lock_sock(sk); 174 iso_sock_clear_timer(sk); 175 iso_chan_del(sk, err); 176 release_sock(sk); 177 sock_put(sk); 178 } 179 180 /* Ensure no more work items will run before freeing conn. */ 181 cancel_delayed_work_sync(&conn->timeout_work); 182 183 hcon->iso_data = NULL; 184 kfree(conn); 185 } 186 187 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 188 struct sock *parent) 189 { 190 BT_DBG("conn %p", conn); 191 192 if (iso_pi(sk)->conn == conn && conn->sk == sk) 193 return 0; 194 195 if (conn->sk) { 196 BT_ERR("conn->sk already set"); 197 return -EBUSY; 198 } 199 200 iso_pi(sk)->conn = conn; 201 conn->sk = sk; 202 203 if (parent) 204 bt_accept_enqueue(parent, sk, true); 205 206 return 0; 207 } 208 209 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 210 struct sock *parent) 211 { 212 int err; 213 214 iso_conn_lock(conn); 215 err = __iso_chan_add(conn, sk, parent); 216 iso_conn_unlock(conn); 217 218 return err; 219 } 220 221 static int iso_connect(struct sock *sk) 222 { 223 struct iso_conn *conn; 224 struct hci_conn *hcon; 225 struct hci_dev *hdev; 226 int err; 227 228 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 229 230 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 231 iso_pi(sk)->src_type); 232 if (!hdev) 233 return -EHOSTUNREACH; 234 235 hci_dev_lock(hdev); 236 237 if (!cis_central_capable(hdev)) { 238 err = -EOPNOTSUPP; 239 goto done; 240 } 241 242 /* Fail if either PHYs are marked as disabled */ 243 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 244 err = -EINVAL; 245 goto done; 246 } 247 248 /* Just bind if DEFER_SETUP has been set */ 249 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 250 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 251 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 252 if (IS_ERR(hcon)) { 253 err = PTR_ERR(hcon); 254 goto done; 255 } 256 } else { 257 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 258 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 259 if (IS_ERR(hcon)) { 260 err = PTR_ERR(hcon); 261 goto done; 262 } 263 } 264 265 conn = iso_conn_add(hcon); 266 if (!conn) { 267 hci_conn_drop(hcon); 268 err = -ENOMEM; 269 goto done; 270 } 271 272 /* Update source addr of the socket */ 273 bacpy(&iso_pi(sk)->src, &hcon->src); 274 275 err = iso_chan_add(conn, sk, NULL); 276 if (err) 277 goto done; 278 279 if (hcon->state == BT_CONNECTED) { 280 iso_sock_clear_timer(sk); 281 sk->sk_state = BT_CONNECTED; 282 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 283 iso_sock_clear_timer(sk); 284 sk->sk_state = BT_CONNECT; 285 } else { 286 sk->sk_state = BT_CONNECT; 287 iso_sock_set_timer(sk, sk->sk_sndtimeo); 288 } 289 290 done: 291 hci_dev_unlock(hdev); 292 hci_dev_put(hdev); 293 return err; 294 } 295 296 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 297 { 298 struct iso_conn *conn = iso_pi(sk)->conn; 299 struct hci_iso_data_hdr *hdr; 300 int len = 0; 301 302 BT_DBG("sk %p len %d", sk, skb->len); 303 304 if (skb->len > iso_pi(sk)->qos.out.sdu) 305 return -EMSGSIZE; 306 307 len = skb->len; 308 309 /* Push ISO data header */ 310 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 311 hdr->sn = cpu_to_le16(conn->tx_sn++); 312 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 313 HCI_ISO_STATUS_VALID)); 314 315 if (sk->sk_state == BT_CONNECTED) 316 hci_send_iso(conn->hcon, skb); 317 else 318 len = -ENOTCONN; 319 320 return len; 321 } 322 323 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 324 { 325 struct sock *sk; 326 327 iso_conn_lock(conn); 328 sk = conn->sk; 329 iso_conn_unlock(conn); 330 331 if (!sk) 332 goto drop; 333 334 BT_DBG("sk %p len %d", sk, skb->len); 335 336 if (sk->sk_state != BT_CONNECTED) 337 goto drop; 338 339 if (!sock_queue_rcv_skb(sk, skb)) 340 return; 341 342 drop: 343 kfree_skb(skb); 344 } 345 346 /* -------- Socket interface ---------- */ 347 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 348 { 349 struct sock *sk; 350 351 sk_for_each(sk, &iso_sk_list.head) { 352 if (sk->sk_state != BT_LISTEN) 353 continue; 354 355 if (!bacmp(&iso_pi(sk)->src, ba)) 356 return sk; 357 } 358 359 return NULL; 360 } 361 362 /* Find socket listening on source bdaddr. 363 * Returns closest match. 364 */ 365 static struct sock *iso_get_sock_listen(bdaddr_t *src) 366 { 367 struct sock *sk = NULL, *sk1 = NULL; 368 369 read_lock(&iso_sk_list.lock); 370 371 sk_for_each(sk, &iso_sk_list.head) { 372 if (sk->sk_state != BT_LISTEN) 373 continue; 374 375 /* Exact match. */ 376 if (!bacmp(&iso_pi(sk)->src, src)) 377 break; 378 379 /* Closest match */ 380 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 381 sk1 = sk; 382 } 383 384 read_unlock(&iso_sk_list.lock); 385 386 return sk ? sk : sk1; 387 } 388 389 static void iso_sock_destruct(struct sock *sk) 390 { 391 BT_DBG("sk %p", sk); 392 393 skb_queue_purge(&sk->sk_receive_queue); 394 skb_queue_purge(&sk->sk_write_queue); 395 } 396 397 static void iso_sock_cleanup_listen(struct sock *parent) 398 { 399 struct sock *sk; 400 401 BT_DBG("parent %p", parent); 402 403 /* Close not yet accepted channels */ 404 while ((sk = bt_accept_dequeue(parent, NULL))) { 405 iso_sock_close(sk); 406 iso_sock_kill(sk); 407 } 408 409 parent->sk_state = BT_CLOSED; 410 sock_set_flag(parent, SOCK_ZAPPED); 411 } 412 413 /* Kill socket (only if zapped and orphan) 414 * Must be called on unlocked socket. 415 */ 416 static void iso_sock_kill(struct sock *sk) 417 { 418 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 419 sock_flag(sk, SOCK_DEAD)) 420 return; 421 422 BT_DBG("sk %p state %d", sk, sk->sk_state); 423 424 /* Kill poor orphan */ 425 bt_sock_unlink(&iso_sk_list, sk); 426 sock_set_flag(sk, SOCK_DEAD); 427 sock_put(sk); 428 } 429 430 static void iso_conn_defer_reject(struct hci_conn *conn) 431 { 432 struct hci_cp_le_reject_cis cp; 433 434 BT_DBG("conn %p", conn); 435 436 memset(&cp, 0, sizeof(cp)); 437 cp.handle = cpu_to_le16(conn->handle); 438 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 439 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 440 } 441 442 static void __iso_sock_close(struct sock *sk) 443 { 444 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 445 446 switch (sk->sk_state) { 447 case BT_LISTEN: 448 iso_sock_cleanup_listen(sk); 449 break; 450 451 case BT_CONNECTED: 452 case BT_CONFIG: 453 if (iso_pi(sk)->conn->hcon) { 454 sk->sk_state = BT_DISCONN; 455 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 456 iso_conn_lock(iso_pi(sk)->conn); 457 hci_conn_drop(iso_pi(sk)->conn->hcon); 458 iso_pi(sk)->conn->hcon = NULL; 459 iso_conn_unlock(iso_pi(sk)->conn); 460 } else { 461 iso_chan_del(sk, ECONNRESET); 462 } 463 break; 464 465 case BT_CONNECT2: 466 if (iso_pi(sk)->conn->hcon) 467 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 468 iso_chan_del(sk, ECONNRESET); 469 break; 470 case BT_CONNECT: 471 /* In case of DEFER_SETUP the hcon would be bound to CIG which 472 * needs to be removed so just call hci_conn_del so the cleanup 473 * callback do what is needed. 474 */ 475 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 476 iso_pi(sk)->conn->hcon) { 477 hci_conn_del(iso_pi(sk)->conn->hcon); 478 iso_pi(sk)->conn->hcon = NULL; 479 } 480 481 iso_chan_del(sk, ECONNRESET); 482 break; 483 case BT_DISCONN: 484 iso_chan_del(sk, ECONNRESET); 485 break; 486 487 default: 488 sock_set_flag(sk, SOCK_ZAPPED); 489 break; 490 } 491 } 492 493 /* Must be called on unlocked socket. */ 494 static void iso_sock_close(struct sock *sk) 495 { 496 iso_sock_clear_timer(sk); 497 lock_sock(sk); 498 __iso_sock_close(sk); 499 release_sock(sk); 500 iso_sock_kill(sk); 501 } 502 503 static void iso_sock_init(struct sock *sk, struct sock *parent) 504 { 505 BT_DBG("sk %p", sk); 506 507 if (parent) { 508 sk->sk_type = parent->sk_type; 509 bt_sk(sk)->flags = bt_sk(parent)->flags; 510 security_sk_clone(parent, sk); 511 } 512 } 513 514 static struct proto iso_proto = { 515 .name = "ISO", 516 .owner = THIS_MODULE, 517 .obj_size = sizeof(struct iso_pinfo) 518 }; 519 520 #define DEFAULT_IO_QOS \ 521 { \ 522 .interval = 10000u, \ 523 .latency = 10u, \ 524 .sdu = 40u, \ 525 .phy = BT_ISO_PHY_2M, \ 526 .rtn = 2u, \ 527 } 528 529 static struct bt_iso_qos default_qos = { 530 .cig = BT_ISO_QOS_CIG_UNSET, 531 .cis = BT_ISO_QOS_CIS_UNSET, 532 .sca = 0x00, 533 .packing = 0x00, 534 .framing = 0x00, 535 .in = DEFAULT_IO_QOS, 536 .out = DEFAULT_IO_QOS, 537 }; 538 539 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 540 int proto, gfp_t prio, int kern) 541 { 542 struct sock *sk; 543 544 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 545 if (!sk) 546 return NULL; 547 548 sock_init_data(sock, sk); 549 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 550 551 sk->sk_destruct = iso_sock_destruct; 552 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 553 554 sock_reset_flag(sk, SOCK_ZAPPED); 555 556 sk->sk_protocol = proto; 557 sk->sk_state = BT_OPEN; 558 559 /* Set address type as public as default src address is BDADDR_ANY */ 560 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 561 562 iso_pi(sk)->qos = default_qos; 563 564 bt_sock_link(&iso_sk_list, sk); 565 return sk; 566 } 567 568 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 569 int kern) 570 { 571 struct sock *sk; 572 573 BT_DBG("sock %p", sock); 574 575 sock->state = SS_UNCONNECTED; 576 577 if (sock->type != SOCK_SEQPACKET) 578 return -ESOCKTNOSUPPORT; 579 580 sock->ops = &iso_sock_ops; 581 582 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 583 if (!sk) 584 return -ENOMEM; 585 586 iso_sock_init(sk, NULL); 587 return 0; 588 } 589 590 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 591 int addr_len) 592 { 593 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 594 struct sock *sk = sock->sk; 595 int err = 0; 596 597 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 598 599 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 600 addr->sa_family != AF_BLUETOOTH) 601 return -EINVAL; 602 603 lock_sock(sk); 604 605 if (sk->sk_state != BT_OPEN) { 606 err = -EBADFD; 607 goto done; 608 } 609 610 if (sk->sk_type != SOCK_SEQPACKET) { 611 err = -EINVAL; 612 goto done; 613 } 614 615 /* Check if the address type is of LE type */ 616 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 617 err = -EINVAL; 618 goto done; 619 } 620 621 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 622 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 623 624 sk->sk_state = BT_BOUND; 625 626 done: 627 release_sock(sk); 628 return err; 629 } 630 631 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 632 int alen, int flags) 633 { 634 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 635 struct sock *sk = sock->sk; 636 int err; 637 638 BT_DBG("sk %p", sk); 639 640 if (alen < sizeof(struct sockaddr_iso) || 641 addr->sa_family != AF_BLUETOOTH) 642 return -EINVAL; 643 644 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 645 return -EBADFD; 646 647 if (sk->sk_type != SOCK_SEQPACKET) 648 return -EINVAL; 649 650 /* Check if the address type is of LE type */ 651 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 652 return -EINVAL; 653 654 lock_sock(sk); 655 656 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 657 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 658 659 err = iso_connect(sk); 660 if (err) 661 goto done; 662 663 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 664 err = bt_sock_wait_state(sk, BT_CONNECTED, 665 sock_sndtimeo(sk, flags & O_NONBLOCK)); 666 } 667 668 done: 669 release_sock(sk); 670 return err; 671 } 672 673 static int iso_sock_listen(struct socket *sock, int backlog) 674 { 675 struct sock *sk = sock->sk; 676 bdaddr_t *src = &iso_pi(sk)->src; 677 int err = 0; 678 679 BT_DBG("sk %p backlog %d", sk, backlog); 680 681 lock_sock(sk); 682 683 if (sk->sk_state != BT_BOUND) { 684 err = -EBADFD; 685 goto done; 686 } 687 688 if (sk->sk_type != SOCK_SEQPACKET) { 689 err = -EINVAL; 690 goto done; 691 } 692 693 write_lock(&iso_sk_list.lock); 694 695 if (__iso_get_sock_listen_by_addr(src)) { 696 err = -EADDRINUSE; 697 goto unlock; 698 } 699 700 sk->sk_max_ack_backlog = backlog; 701 sk->sk_ack_backlog = 0; 702 703 sk->sk_state = BT_LISTEN; 704 705 unlock: 706 write_unlock(&iso_sk_list.lock); 707 708 done: 709 release_sock(sk); 710 return err; 711 } 712 713 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 714 int flags, bool kern) 715 { 716 DEFINE_WAIT_FUNC(wait, woken_wake_function); 717 struct sock *sk = sock->sk, *ch; 718 long timeo; 719 int err = 0; 720 721 lock_sock(sk); 722 723 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 724 725 BT_DBG("sk %p timeo %ld", sk, timeo); 726 727 /* Wait for an incoming connection. (wake-one). */ 728 add_wait_queue_exclusive(sk_sleep(sk), &wait); 729 while (1) { 730 if (sk->sk_state != BT_LISTEN) { 731 err = -EBADFD; 732 break; 733 } 734 735 ch = bt_accept_dequeue(sk, newsock); 736 if (ch) 737 break; 738 739 if (!timeo) { 740 err = -EAGAIN; 741 break; 742 } 743 744 if (signal_pending(current)) { 745 err = sock_intr_errno(timeo); 746 break; 747 } 748 749 release_sock(sk); 750 751 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 752 lock_sock(sk); 753 } 754 remove_wait_queue(sk_sleep(sk), &wait); 755 756 if (err) 757 goto done; 758 759 newsock->state = SS_CONNECTED; 760 761 BT_DBG("new socket %p", ch); 762 763 done: 764 release_sock(sk); 765 return err; 766 } 767 768 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 769 int peer) 770 { 771 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 772 struct sock *sk = sock->sk; 773 774 BT_DBG("sock %p, sk %p", sock, sk); 775 776 addr->sa_family = AF_BLUETOOTH; 777 778 if (peer) { 779 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 780 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 781 } else { 782 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 783 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 784 } 785 786 return sizeof(struct sockaddr_iso); 787 } 788 789 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 790 size_t len) 791 { 792 struct sock *sk = sock->sk; 793 struct iso_conn *conn = iso_pi(sk)->conn; 794 struct sk_buff *skb, **frag; 795 int err; 796 797 BT_DBG("sock %p, sk %p", sock, sk); 798 799 err = sock_error(sk); 800 if (err) 801 return err; 802 803 if (msg->msg_flags & MSG_OOB) 804 return -EOPNOTSUPP; 805 806 if (sk->sk_state != BT_CONNECTED) 807 return -ENOTCONN; 808 809 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 810 HCI_ISO_DATA_HDR_SIZE, 0); 811 if (IS_ERR(skb)) 812 return PTR_ERR(skb); 813 814 len -= skb->len; 815 816 BT_DBG("skb %p len %d", sk, skb->len); 817 818 /* Continuation fragments */ 819 frag = &skb_shinfo(skb)->frag_list; 820 while (len) { 821 struct sk_buff *tmp; 822 823 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 824 0, 0); 825 if (IS_ERR(tmp)) { 826 kfree_skb(skb); 827 return PTR_ERR(tmp); 828 } 829 830 *frag = tmp; 831 832 len -= tmp->len; 833 834 skb->len += tmp->len; 835 skb->data_len += tmp->len; 836 837 BT_DBG("frag %p len %d", *frag, tmp->len); 838 839 frag = &(*frag)->next; 840 } 841 842 lock_sock(sk); 843 844 if (sk->sk_state == BT_CONNECTED) 845 err = iso_send_frame(sk, skb); 846 else 847 err = -ENOTCONN; 848 849 release_sock(sk); 850 851 if (err < 0) 852 kfree_skb(skb); 853 return err; 854 } 855 856 static void iso_conn_defer_accept(struct hci_conn *conn) 857 { 858 struct hci_cp_le_accept_cis cp; 859 struct hci_dev *hdev = conn->hdev; 860 861 BT_DBG("conn %p", conn); 862 863 conn->state = BT_CONFIG; 864 865 cp.handle = cpu_to_le16(conn->handle); 866 867 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 868 } 869 870 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 871 size_t len, int flags) 872 { 873 struct sock *sk = sock->sk; 874 struct iso_pinfo *pi = iso_pi(sk); 875 int err; 876 877 BT_DBG("sk %p", sk); 878 879 lock_sock(sk); 880 881 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 882 switch (sk->sk_state) { 883 case BT_CONNECT2: 884 iso_conn_defer_accept(pi->conn->hcon); 885 sk->sk_state = BT_CONFIG; 886 release_sock(sk); 887 return 0; 888 case BT_CONNECT: 889 err = iso_connect(sk); 890 release_sock(sk); 891 return err; 892 } 893 } 894 895 release_sock(sk); 896 897 return bt_sock_recvmsg(sock, msg, len, flags); 898 } 899 900 static bool check_io_qos(struct bt_iso_io_qos *qos) 901 { 902 /* If no PHY is enable SDU must be 0 */ 903 if (!qos->phy && qos->sdu) 904 return false; 905 906 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 907 return false; 908 909 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 910 return false; 911 912 if (qos->phy > BT_ISO_PHY_ANY) 913 return false; 914 915 return true; 916 } 917 918 static bool check_qos(struct bt_iso_qos *qos) 919 { 920 /* CIS shall not be set */ 921 if (qos->cis != BT_ISO_QOS_CIS_UNSET) 922 return false; 923 924 if (qos->sca > 0x07) 925 return false; 926 927 if (qos->packing > 0x01) 928 return false; 929 930 if (qos->framing > 0x01) 931 return false; 932 933 if (!check_io_qos(&qos->in)) 934 return false; 935 936 if (!check_io_qos(&qos->out)) 937 return false; 938 939 return true; 940 } 941 942 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 943 sockptr_t optval, unsigned int optlen) 944 { 945 struct sock *sk = sock->sk; 946 int len, err = 0; 947 struct bt_iso_qos qos; 948 u32 opt; 949 950 BT_DBG("sk %p", sk); 951 952 lock_sock(sk); 953 954 switch (optname) { 955 case BT_DEFER_SETUP: 956 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 957 err = -EINVAL; 958 break; 959 } 960 961 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 962 err = -EFAULT; 963 break; 964 } 965 966 if (opt) 967 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 968 else 969 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 970 break; 971 972 case BT_ISO_QOS: 973 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 974 sk->sk_state != BT_CONNECT2) { 975 err = -EINVAL; 976 break; 977 } 978 979 len = min_t(unsigned int, sizeof(qos), optlen); 980 if (len != sizeof(qos)) 981 return -EINVAL; 982 983 memset(&qos, 0, sizeof(qos)); 984 985 if (copy_from_sockptr(&qos, optval, len)) { 986 err = -EFAULT; 987 break; 988 } 989 990 if (!check_qos(&qos)) { 991 err = -EINVAL; 992 break; 993 } 994 995 iso_pi(sk)->qos = qos; 996 997 break; 998 999 default: 1000 err = -ENOPROTOOPT; 1001 break; 1002 } 1003 1004 release_sock(sk); 1005 return err; 1006 } 1007 1008 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1009 char __user *optval, int __user *optlen) 1010 { 1011 struct sock *sk = sock->sk; 1012 int len, err = 0; 1013 struct bt_iso_qos qos; 1014 1015 BT_DBG("sk %p", sk); 1016 1017 if (get_user(len, optlen)) 1018 return -EFAULT; 1019 1020 lock_sock(sk); 1021 1022 switch (optname) { 1023 case BT_DEFER_SETUP: 1024 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1025 err = -EINVAL; 1026 break; 1027 } 1028 1029 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1030 (u32 __user *)optval)) 1031 err = -EFAULT; 1032 1033 break; 1034 1035 case BT_ISO_QOS: 1036 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 1037 qos = iso_pi(sk)->conn->hcon->iso_qos; 1038 else 1039 qos = iso_pi(sk)->qos; 1040 1041 len = min_t(unsigned int, len, sizeof(qos)); 1042 if (copy_to_user(optval, (char *)&qos, len)) 1043 err = -EFAULT; 1044 1045 break; 1046 1047 default: 1048 err = -ENOPROTOOPT; 1049 break; 1050 } 1051 1052 release_sock(sk); 1053 return err; 1054 } 1055 1056 static int iso_sock_shutdown(struct socket *sock, int how) 1057 { 1058 struct sock *sk = sock->sk; 1059 int err = 0; 1060 1061 BT_DBG("sock %p, sk %p", sock, sk); 1062 1063 if (!sk) 1064 return 0; 1065 1066 sock_hold(sk); 1067 lock_sock(sk); 1068 1069 if (!sk->sk_shutdown) { 1070 sk->sk_shutdown = SHUTDOWN_MASK; 1071 iso_sock_clear_timer(sk); 1072 __iso_sock_close(sk); 1073 1074 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1075 !(current->flags & PF_EXITING)) 1076 err = bt_sock_wait_state(sk, BT_CLOSED, 1077 sk->sk_lingertime); 1078 } 1079 1080 release_sock(sk); 1081 sock_put(sk); 1082 1083 return err; 1084 } 1085 1086 static int iso_sock_release(struct socket *sock) 1087 { 1088 struct sock *sk = sock->sk; 1089 int err = 0; 1090 1091 BT_DBG("sock %p, sk %p", sock, sk); 1092 1093 if (!sk) 1094 return 0; 1095 1096 iso_sock_close(sk); 1097 1098 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1099 !(current->flags & PF_EXITING)) { 1100 lock_sock(sk); 1101 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1102 release_sock(sk); 1103 } 1104 1105 sock_orphan(sk); 1106 iso_sock_kill(sk); 1107 return err; 1108 } 1109 1110 static void iso_sock_ready(struct sock *sk) 1111 { 1112 BT_DBG("sk %p", sk); 1113 1114 if (!sk) 1115 return; 1116 1117 lock_sock(sk); 1118 iso_sock_clear_timer(sk); 1119 sk->sk_state = BT_CONNECTED; 1120 sk->sk_state_change(sk); 1121 release_sock(sk); 1122 } 1123 1124 struct iso_list_data { 1125 struct hci_conn *hcon; 1126 int count; 1127 }; 1128 1129 static void iso_conn_ready(struct iso_conn *conn) 1130 { 1131 struct sock *parent; 1132 struct sock *sk = conn->sk; 1133 1134 BT_DBG("conn %p", conn); 1135 1136 if (sk) { 1137 iso_sock_ready(conn->sk); 1138 } else { 1139 iso_conn_lock(conn); 1140 1141 if (!conn->hcon) { 1142 iso_conn_unlock(conn); 1143 return; 1144 } 1145 1146 parent = iso_get_sock_listen(&conn->hcon->src); 1147 if (!parent) { 1148 iso_conn_unlock(conn); 1149 return; 1150 } 1151 1152 lock_sock(parent); 1153 1154 sk = iso_sock_alloc(sock_net(parent), NULL, 1155 BTPROTO_ISO, GFP_ATOMIC, 0); 1156 if (!sk) { 1157 release_sock(parent); 1158 iso_conn_unlock(conn); 1159 return; 1160 } 1161 1162 iso_sock_init(sk, parent); 1163 1164 bacpy(&iso_pi(sk)->src, &conn->hcon->src); 1165 iso_pi(sk)->src_type = conn->hcon->src_type; 1166 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst); 1167 iso_pi(sk)->dst_type = conn->hcon->dst_type; 1168 1169 hci_conn_hold(conn->hcon); 1170 __iso_chan_add(conn, sk, parent); 1171 1172 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1173 sk->sk_state = BT_CONNECT2; 1174 else 1175 sk->sk_state = BT_CONNECTED; 1176 1177 /* Wake up parent */ 1178 parent->sk_data_ready(parent); 1179 1180 release_sock(parent); 1181 1182 iso_conn_unlock(conn); 1183 } 1184 } 1185 1186 /* ----- ISO interface with lower layer (HCI) ----- */ 1187 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1188 { 1189 struct sock *sk; 1190 int lm = 0; 1191 1192 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1193 1194 /* Find listening sockets */ 1195 read_lock(&iso_sk_list.lock); 1196 sk_for_each(sk, &iso_sk_list.head) { 1197 if (sk->sk_state != BT_LISTEN) 1198 continue; 1199 1200 if (!bacmp(&iso_pi(sk)->src, &hdev->bdaddr) || 1201 !bacmp(&iso_pi(sk)->src, BDADDR_ANY)) { 1202 lm |= HCI_LM_ACCEPT; 1203 1204 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1205 *flags |= HCI_PROTO_DEFER; 1206 break; 1207 } 1208 } 1209 read_unlock(&iso_sk_list.lock); 1210 1211 return lm; 1212 } 1213 1214 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1215 { 1216 if (hcon->type != ISO_LINK) { 1217 if (hcon->type != LE_LINK) 1218 return; 1219 1220 /* Check if LE link has failed */ 1221 if (status) { 1222 if (hcon->link) 1223 iso_conn_del(hcon->link, bt_to_errno(status)); 1224 return; 1225 } 1226 1227 /* Create CIS if pending */ 1228 hci_le_create_cis(hcon); 1229 return; 1230 } 1231 1232 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1233 1234 if (!status) { 1235 struct iso_conn *conn; 1236 1237 conn = iso_conn_add(hcon); 1238 if (conn) 1239 iso_conn_ready(conn); 1240 } else { 1241 iso_conn_del(hcon, bt_to_errno(status)); 1242 } 1243 } 1244 1245 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1246 { 1247 if (hcon->type != ISO_LINK) 1248 return; 1249 1250 BT_DBG("hcon %p reason %d", hcon, reason); 1251 1252 iso_conn_del(hcon, bt_to_errno(reason)); 1253 } 1254 1255 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1256 { 1257 struct iso_conn *conn = hcon->iso_data; 1258 struct hci_iso_data_hdr *hdr; 1259 __u16 pb, ts, len; 1260 1261 if (!conn) 1262 goto drop; 1263 1264 pb = hci_iso_flags_pb(flags); 1265 ts = hci_iso_flags_ts(flags); 1266 1267 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1268 1269 switch (pb) { 1270 case ISO_START: 1271 case ISO_SINGLE: 1272 if (conn->rx_len) { 1273 BT_ERR("Unexpected start frame (len %d)", skb->len); 1274 kfree_skb(conn->rx_skb); 1275 conn->rx_skb = NULL; 1276 conn->rx_len = 0; 1277 } 1278 1279 if (ts) { 1280 /* TODO: add timestamp to the packet? */ 1281 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1282 if (!hdr) { 1283 BT_ERR("Frame is too short (len %d)", skb->len); 1284 goto drop; 1285 } 1286 1287 } else { 1288 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1289 if (!hdr) { 1290 BT_ERR("Frame is too short (len %d)", skb->len); 1291 goto drop; 1292 } 1293 } 1294 1295 len = __le16_to_cpu(hdr->slen); 1296 flags = hci_iso_data_flags(len); 1297 len = hci_iso_data_len(len); 1298 1299 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1300 skb->len, flags); 1301 1302 if (len == skb->len) { 1303 /* Complete frame received */ 1304 iso_recv_frame(conn, skb); 1305 return; 1306 } 1307 1308 if (pb == ISO_SINGLE) { 1309 BT_ERR("Frame malformed (len %d, expected len %d)", 1310 skb->len, len); 1311 goto drop; 1312 } 1313 1314 if (skb->len > len) { 1315 BT_ERR("Frame is too long (len %d, expected len %d)", 1316 skb->len, len); 1317 goto drop; 1318 } 1319 1320 /* Allocate skb for the complete frame (with header) */ 1321 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1322 if (!conn->rx_skb) 1323 goto drop; 1324 1325 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1326 skb->len); 1327 conn->rx_len = len - skb->len; 1328 break; 1329 1330 case ISO_CONT: 1331 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1332 conn->rx_len); 1333 1334 if (!conn->rx_len) { 1335 BT_ERR("Unexpected continuation frame (len %d)", 1336 skb->len); 1337 goto drop; 1338 } 1339 1340 if (skb->len > conn->rx_len) { 1341 BT_ERR("Fragment is too long (len %d, expected %d)", 1342 skb->len, conn->rx_len); 1343 kfree_skb(conn->rx_skb); 1344 conn->rx_skb = NULL; 1345 conn->rx_len = 0; 1346 goto drop; 1347 } 1348 1349 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1350 skb->len); 1351 conn->rx_len -= skb->len; 1352 return; 1353 1354 case ISO_END: 1355 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1356 skb->len); 1357 conn->rx_len -= skb->len; 1358 1359 if (!conn->rx_len) { 1360 struct sk_buff *rx_skb = conn->rx_skb; 1361 1362 /* Complete frame received. iso_recv_frame 1363 * takes ownership of the skb so set the global 1364 * rx_skb pointer to NULL first. 1365 */ 1366 conn->rx_skb = NULL; 1367 iso_recv_frame(conn, rx_skb); 1368 } 1369 break; 1370 } 1371 1372 drop: 1373 kfree_skb(skb); 1374 } 1375 1376 static struct hci_cb iso_cb = { 1377 .name = "ISO", 1378 .connect_cfm = iso_connect_cfm, 1379 .disconn_cfm = iso_disconn_cfm, 1380 }; 1381 1382 static int iso_debugfs_show(struct seq_file *f, void *p) 1383 { 1384 struct sock *sk; 1385 1386 read_lock(&iso_sk_list.lock); 1387 1388 sk_for_each(sk, &iso_sk_list.head) { 1389 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1390 &iso_pi(sk)->dst, sk->sk_state); 1391 } 1392 1393 read_unlock(&iso_sk_list.lock); 1394 1395 return 0; 1396 } 1397 1398 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1399 1400 static struct dentry *iso_debugfs; 1401 1402 static const struct proto_ops iso_sock_ops = { 1403 .family = PF_BLUETOOTH, 1404 .owner = THIS_MODULE, 1405 .release = iso_sock_release, 1406 .bind = iso_sock_bind, 1407 .connect = iso_sock_connect, 1408 .listen = iso_sock_listen, 1409 .accept = iso_sock_accept, 1410 .getname = iso_sock_getname, 1411 .sendmsg = iso_sock_sendmsg, 1412 .recvmsg = iso_sock_recvmsg, 1413 .poll = bt_sock_poll, 1414 .ioctl = bt_sock_ioctl, 1415 .mmap = sock_no_mmap, 1416 .socketpair = sock_no_socketpair, 1417 .shutdown = iso_sock_shutdown, 1418 .setsockopt = iso_sock_setsockopt, 1419 .getsockopt = iso_sock_getsockopt 1420 }; 1421 1422 static const struct net_proto_family iso_sock_family_ops = { 1423 .family = PF_BLUETOOTH, 1424 .owner = THIS_MODULE, 1425 .create = iso_sock_create, 1426 }; 1427 1428 static bool iso_inited; 1429 1430 bool iso_enabled(void) 1431 { 1432 return iso_inited; 1433 } 1434 1435 int iso_init(void) 1436 { 1437 int err; 1438 1439 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1440 1441 if (iso_inited) 1442 return -EALREADY; 1443 1444 err = proto_register(&iso_proto, 0); 1445 if (err < 0) 1446 return err; 1447 1448 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1449 if (err < 0) { 1450 BT_ERR("ISO socket registration failed"); 1451 goto error; 1452 } 1453 1454 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1455 if (err < 0) { 1456 BT_ERR("Failed to create ISO proc file"); 1457 bt_sock_unregister(BTPROTO_ISO); 1458 goto error; 1459 } 1460 1461 BT_INFO("ISO socket layer initialized"); 1462 1463 hci_register_cb(&iso_cb); 1464 1465 if (IS_ERR_OR_NULL(bt_debugfs)) 1466 return 0; 1467 1468 if (!iso_debugfs) { 1469 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1470 NULL, &iso_debugfs_fops); 1471 } 1472 1473 iso_inited = true; 1474 1475 return 0; 1476 1477 error: 1478 proto_unregister(&iso_proto); 1479 return err; 1480 } 1481 1482 int iso_exit(void) 1483 { 1484 if (!iso_inited) 1485 return -EALREADY; 1486 1487 bt_procfs_cleanup(&init_net, "iso"); 1488 1489 debugfs_remove(iso_debugfs); 1490 iso_debugfs = NULL; 1491 1492 hci_unregister_cb(&iso_cb); 1493 1494 bt_sock_unregister(BTPROTO_ISO); 1495 1496 proto_unregister(&iso_proto); 1497 1498 iso_inited = false; 1499 1500 return 0; 1501 } 1502