1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 #define EIR_SERVICE_DATA_LENGTH 4 48 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 49 50 struct iso_pinfo { 51 struct bt_sock bt; 52 bdaddr_t src; 53 __u8 src_type; 54 bdaddr_t dst; 55 __u8 dst_type; 56 __u8 bc_sid; 57 __u8 bc_num_bis; 58 __u8 bc_bis[ISO_MAX_NUM_BIS]; 59 __u16 sync_handle; 60 __u32 flags; 61 struct bt_iso_qos qos; 62 __u8 base_len; 63 __u8 base[BASE_MAX_LENGTH]; 64 struct iso_conn *conn; 65 }; 66 67 /* ---- ISO timers ---- */ 68 #define ISO_CONN_TIMEOUT (HZ * 40) 69 #define ISO_DISCONN_TIMEOUT (HZ * 2) 70 71 static void iso_sock_timeout(struct work_struct *work) 72 { 73 struct iso_conn *conn = container_of(work, struct iso_conn, 74 timeout_work.work); 75 struct sock *sk; 76 77 iso_conn_lock(conn); 78 sk = conn->sk; 79 if (sk) 80 sock_hold(sk); 81 iso_conn_unlock(conn); 82 83 if (!sk) 84 return; 85 86 BT_DBG("sock %p state %d", sk, sk->sk_state); 87 88 lock_sock(sk); 89 sk->sk_err = ETIMEDOUT; 90 sk->sk_state_change(sk); 91 release_sock(sk); 92 sock_put(sk); 93 } 94 95 static void iso_sock_set_timer(struct sock *sk, long timeout) 96 { 97 if (!iso_pi(sk)->conn) 98 return; 99 100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 103 } 104 105 static void iso_sock_clear_timer(struct sock *sk) 106 { 107 if (!iso_pi(sk)->conn) 108 return; 109 110 BT_DBG("sock %p state %d", sk, sk->sk_state); 111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 112 } 113 114 /* ---- ISO connections ---- */ 115 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 116 { 117 struct iso_conn *conn = hcon->iso_data; 118 119 if (conn) 120 return conn; 121 122 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 123 if (!conn) 124 return NULL; 125 126 spin_lock_init(&conn->lock); 127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 128 129 hcon->iso_data = conn; 130 conn->hcon = hcon; 131 conn->tx_sn = 0; 132 133 BT_DBG("hcon %p conn %p", hcon, conn); 134 135 return conn; 136 } 137 138 /* Delete channel. Must be called on the locked socket. */ 139 static void iso_chan_del(struct sock *sk, int err) 140 { 141 struct iso_conn *conn; 142 struct sock *parent; 143 144 conn = iso_pi(sk)->conn; 145 146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 147 148 if (conn) { 149 iso_conn_lock(conn); 150 conn->sk = NULL; 151 iso_pi(sk)->conn = NULL; 152 iso_conn_unlock(conn); 153 154 if (conn->hcon) 155 hci_conn_drop(conn->hcon); 156 } 157 158 sk->sk_state = BT_CLOSED; 159 sk->sk_err = err; 160 161 parent = bt_sk(sk)->parent; 162 if (parent) { 163 bt_accept_unlink(sk); 164 parent->sk_data_ready(parent); 165 } else { 166 sk->sk_state_change(sk); 167 } 168 169 sock_set_flag(sk, SOCK_ZAPPED); 170 } 171 172 static void iso_conn_del(struct hci_conn *hcon, int err) 173 { 174 struct iso_conn *conn = hcon->iso_data; 175 struct sock *sk; 176 177 if (!conn) 178 return; 179 180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 181 182 /* Kill socket */ 183 iso_conn_lock(conn); 184 sk = conn->sk; 185 if (sk) 186 sock_hold(sk); 187 iso_conn_unlock(conn); 188 189 if (sk) { 190 lock_sock(sk); 191 iso_sock_clear_timer(sk); 192 iso_chan_del(sk, err); 193 release_sock(sk); 194 sock_put(sk); 195 } 196 197 /* Ensure no more work items will run before freeing conn. */ 198 cancel_delayed_work_sync(&conn->timeout_work); 199 200 hcon->iso_data = NULL; 201 kfree(conn); 202 } 203 204 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 205 struct sock *parent) 206 { 207 BT_DBG("conn %p", conn); 208 209 if (iso_pi(sk)->conn == conn && conn->sk == sk) 210 return 0; 211 212 if (conn->sk) { 213 BT_ERR("conn->sk already set"); 214 return -EBUSY; 215 } 216 217 iso_pi(sk)->conn = conn; 218 conn->sk = sk; 219 220 if (parent) 221 bt_accept_enqueue(parent, sk, true); 222 223 return 0; 224 } 225 226 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 227 struct sock *parent) 228 { 229 int err; 230 231 iso_conn_lock(conn); 232 err = __iso_chan_add(conn, sk, parent); 233 iso_conn_unlock(conn); 234 235 return err; 236 } 237 238 static int iso_connect_bis(struct sock *sk) 239 { 240 struct iso_conn *conn; 241 struct hci_conn *hcon; 242 struct hci_dev *hdev; 243 int err; 244 245 BT_DBG("%pMR", &iso_pi(sk)->src); 246 247 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 248 iso_pi(sk)->src_type); 249 if (!hdev) 250 return -EHOSTUNREACH; 251 252 hci_dev_lock(hdev); 253 254 if (!bis_capable(hdev)) { 255 err = -EOPNOTSUPP; 256 goto done; 257 } 258 259 /* Fail if out PHYs are marked as disabled */ 260 if (!iso_pi(sk)->qos.out.phy) { 261 err = -EINVAL; 262 goto done; 263 } 264 265 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 266 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 267 iso_pi(sk)->base); 268 if (IS_ERR(hcon)) { 269 err = PTR_ERR(hcon); 270 goto done; 271 } 272 273 conn = iso_conn_add(hcon); 274 if (!conn) { 275 hci_conn_drop(hcon); 276 err = -ENOMEM; 277 goto done; 278 } 279 280 /* Update source addr of the socket */ 281 bacpy(&iso_pi(sk)->src, &hcon->src); 282 283 err = iso_chan_add(conn, sk, NULL); 284 if (err) 285 goto done; 286 287 if (hcon->state == BT_CONNECTED) { 288 iso_sock_clear_timer(sk); 289 sk->sk_state = BT_CONNECTED; 290 } else { 291 sk->sk_state = BT_CONNECT; 292 iso_sock_set_timer(sk, sk->sk_sndtimeo); 293 } 294 295 done: 296 hci_dev_unlock(hdev); 297 hci_dev_put(hdev); 298 return err; 299 } 300 301 static int iso_connect_cis(struct sock *sk) 302 { 303 struct iso_conn *conn; 304 struct hci_conn *hcon; 305 struct hci_dev *hdev; 306 int err; 307 308 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 309 310 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 311 iso_pi(sk)->src_type); 312 if (!hdev) 313 return -EHOSTUNREACH; 314 315 hci_dev_lock(hdev); 316 317 if (!cis_central_capable(hdev)) { 318 err = -EOPNOTSUPP; 319 goto done; 320 } 321 322 /* Fail if either PHYs are marked as disabled */ 323 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 324 err = -EINVAL; 325 goto done; 326 } 327 328 /* Just bind if DEFER_SETUP has been set */ 329 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 330 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 331 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 332 if (IS_ERR(hcon)) { 333 err = PTR_ERR(hcon); 334 goto done; 335 } 336 } else { 337 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 338 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 339 if (IS_ERR(hcon)) { 340 err = PTR_ERR(hcon); 341 goto done; 342 } 343 } 344 345 conn = iso_conn_add(hcon); 346 if (!conn) { 347 hci_conn_drop(hcon); 348 err = -ENOMEM; 349 goto done; 350 } 351 352 /* Update source addr of the socket */ 353 bacpy(&iso_pi(sk)->src, &hcon->src); 354 355 err = iso_chan_add(conn, sk, NULL); 356 if (err) 357 goto done; 358 359 if (hcon->state == BT_CONNECTED) { 360 iso_sock_clear_timer(sk); 361 sk->sk_state = BT_CONNECTED; 362 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 363 iso_sock_clear_timer(sk); 364 sk->sk_state = BT_CONNECT; 365 } else { 366 sk->sk_state = BT_CONNECT; 367 iso_sock_set_timer(sk, sk->sk_sndtimeo); 368 } 369 370 done: 371 hci_dev_unlock(hdev); 372 hci_dev_put(hdev); 373 return err; 374 } 375 376 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 377 { 378 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 379 return &iso_pi(sk)->conn->hcon->iso_qos; 380 381 return &iso_pi(sk)->qos; 382 } 383 384 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 385 { 386 struct iso_conn *conn = iso_pi(sk)->conn; 387 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 388 struct hci_iso_data_hdr *hdr; 389 int len = 0; 390 391 BT_DBG("sk %p len %d", sk, skb->len); 392 393 if (skb->len > qos->out.sdu) 394 return -EMSGSIZE; 395 396 len = skb->len; 397 398 /* Push ISO data header */ 399 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 400 hdr->sn = cpu_to_le16(conn->tx_sn++); 401 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 402 HCI_ISO_STATUS_VALID)); 403 404 if (sk->sk_state == BT_CONNECTED) 405 hci_send_iso(conn->hcon, skb); 406 else 407 len = -ENOTCONN; 408 409 return len; 410 } 411 412 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 413 { 414 struct sock *sk; 415 416 iso_conn_lock(conn); 417 sk = conn->sk; 418 iso_conn_unlock(conn); 419 420 if (!sk) 421 goto drop; 422 423 BT_DBG("sk %p len %d", sk, skb->len); 424 425 if (sk->sk_state != BT_CONNECTED) 426 goto drop; 427 428 if (!sock_queue_rcv_skb(sk, skb)) 429 return; 430 431 drop: 432 kfree_skb(skb); 433 } 434 435 /* -------- Socket interface ---------- */ 436 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 437 { 438 struct sock *sk; 439 440 sk_for_each(sk, &iso_sk_list.head) { 441 if (sk->sk_state != BT_LISTEN) 442 continue; 443 444 if (!bacmp(&iso_pi(sk)->src, ba)) 445 return sk; 446 } 447 448 return NULL; 449 } 450 451 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 452 __u8 sid) 453 { 454 struct sock *sk; 455 456 sk_for_each(sk, &iso_sk_list.head) { 457 if (sk->sk_state != BT_LISTEN) 458 continue; 459 460 if (bacmp(&iso_pi(sk)->src, ba)) 461 continue; 462 463 if (bacmp(&iso_pi(sk)->dst, bc)) 464 continue; 465 466 if (iso_pi(sk)->bc_sid == sid) 467 return sk; 468 } 469 470 return NULL; 471 } 472 473 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 474 475 /* Find socket listening: 476 * source bdaddr (Unicast) 477 * destination bdaddr (Broadcast only) 478 * match func - pass NULL to ignore 479 * match func data - pass -1 to ignore 480 * Returns closest match. 481 */ 482 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 483 iso_sock_match_t match, void *data) 484 { 485 struct sock *sk = NULL, *sk1 = NULL; 486 487 read_lock(&iso_sk_list.lock); 488 489 sk_for_each(sk, &iso_sk_list.head) { 490 if (sk->sk_state != BT_LISTEN) 491 continue; 492 493 /* Match Broadcast destination */ 494 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 495 continue; 496 497 /* Use Match function if provided */ 498 if (match && !match(sk, data)) 499 continue; 500 501 /* Exact match. */ 502 if (!bacmp(&iso_pi(sk)->src, src)) 503 break; 504 505 /* Closest match */ 506 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 507 sk1 = sk; 508 } 509 510 read_unlock(&iso_sk_list.lock); 511 512 return sk ? sk : sk1; 513 } 514 515 static void iso_sock_destruct(struct sock *sk) 516 { 517 BT_DBG("sk %p", sk); 518 519 skb_queue_purge(&sk->sk_receive_queue); 520 skb_queue_purge(&sk->sk_write_queue); 521 } 522 523 static void iso_sock_cleanup_listen(struct sock *parent) 524 { 525 struct sock *sk; 526 527 BT_DBG("parent %p", parent); 528 529 /* Close not yet accepted channels */ 530 while ((sk = bt_accept_dequeue(parent, NULL))) { 531 iso_sock_close(sk); 532 iso_sock_kill(sk); 533 } 534 535 parent->sk_state = BT_CLOSED; 536 sock_set_flag(parent, SOCK_ZAPPED); 537 } 538 539 /* Kill socket (only if zapped and orphan) 540 * Must be called on unlocked socket. 541 */ 542 static void iso_sock_kill(struct sock *sk) 543 { 544 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 545 sock_flag(sk, SOCK_DEAD)) 546 return; 547 548 BT_DBG("sk %p state %d", sk, sk->sk_state); 549 550 /* Kill poor orphan */ 551 bt_sock_unlink(&iso_sk_list, sk); 552 sock_set_flag(sk, SOCK_DEAD); 553 sock_put(sk); 554 } 555 556 static void iso_conn_defer_reject(struct hci_conn *conn) 557 { 558 struct hci_cp_le_reject_cis cp; 559 560 BT_DBG("conn %p", conn); 561 562 memset(&cp, 0, sizeof(cp)); 563 cp.handle = cpu_to_le16(conn->handle); 564 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 565 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 566 } 567 568 static void __iso_sock_close(struct sock *sk) 569 { 570 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 571 572 switch (sk->sk_state) { 573 case BT_LISTEN: 574 iso_sock_cleanup_listen(sk); 575 break; 576 577 case BT_CONNECTED: 578 case BT_CONFIG: 579 if (iso_pi(sk)->conn->hcon) { 580 sk->sk_state = BT_DISCONN; 581 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 582 iso_conn_lock(iso_pi(sk)->conn); 583 hci_conn_drop(iso_pi(sk)->conn->hcon); 584 iso_pi(sk)->conn->hcon = NULL; 585 iso_conn_unlock(iso_pi(sk)->conn); 586 } else { 587 iso_chan_del(sk, ECONNRESET); 588 } 589 break; 590 591 case BT_CONNECT2: 592 if (iso_pi(sk)->conn->hcon) 593 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 594 iso_chan_del(sk, ECONNRESET); 595 break; 596 case BT_CONNECT: 597 /* In case of DEFER_SETUP the hcon would be bound to CIG which 598 * needs to be removed so just call hci_conn_del so the cleanup 599 * callback do what is needed. 600 */ 601 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 602 iso_pi(sk)->conn->hcon) { 603 hci_conn_del(iso_pi(sk)->conn->hcon); 604 iso_pi(sk)->conn->hcon = NULL; 605 } 606 607 iso_chan_del(sk, ECONNRESET); 608 break; 609 case BT_DISCONN: 610 iso_chan_del(sk, ECONNRESET); 611 break; 612 613 default: 614 sock_set_flag(sk, SOCK_ZAPPED); 615 break; 616 } 617 } 618 619 /* Must be called on unlocked socket. */ 620 static void iso_sock_close(struct sock *sk) 621 { 622 iso_sock_clear_timer(sk); 623 lock_sock(sk); 624 __iso_sock_close(sk); 625 release_sock(sk); 626 iso_sock_kill(sk); 627 } 628 629 static void iso_sock_init(struct sock *sk, struct sock *parent) 630 { 631 BT_DBG("sk %p", sk); 632 633 if (parent) { 634 sk->sk_type = parent->sk_type; 635 bt_sk(sk)->flags = bt_sk(parent)->flags; 636 security_sk_clone(parent, sk); 637 } 638 } 639 640 static struct proto iso_proto = { 641 .name = "ISO", 642 .owner = THIS_MODULE, 643 .obj_size = sizeof(struct iso_pinfo) 644 }; 645 646 #define DEFAULT_IO_QOS \ 647 { \ 648 .interval = 10000u, \ 649 .latency = 10u, \ 650 .sdu = 40u, \ 651 .phy = BT_ISO_PHY_2M, \ 652 .rtn = 2u, \ 653 } 654 655 static struct bt_iso_qos default_qos = { 656 .cig = BT_ISO_QOS_CIG_UNSET, 657 .cis = BT_ISO_QOS_CIS_UNSET, 658 .sca = 0x00, 659 .packing = 0x00, 660 .framing = 0x00, 661 .in = DEFAULT_IO_QOS, 662 .out = DEFAULT_IO_QOS, 663 }; 664 665 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 666 int proto, gfp_t prio, int kern) 667 { 668 struct sock *sk; 669 670 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 671 if (!sk) 672 return NULL; 673 674 sock_init_data(sock, sk); 675 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 676 677 sk->sk_destruct = iso_sock_destruct; 678 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 679 680 sock_reset_flag(sk, SOCK_ZAPPED); 681 682 sk->sk_protocol = proto; 683 sk->sk_state = BT_OPEN; 684 685 /* Set address type as public as default src address is BDADDR_ANY */ 686 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 687 688 iso_pi(sk)->qos = default_qos; 689 690 bt_sock_link(&iso_sk_list, sk); 691 return sk; 692 } 693 694 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 695 int kern) 696 { 697 struct sock *sk; 698 699 BT_DBG("sock %p", sock); 700 701 sock->state = SS_UNCONNECTED; 702 703 if (sock->type != SOCK_SEQPACKET) 704 return -ESOCKTNOSUPPORT; 705 706 sock->ops = &iso_sock_ops; 707 708 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 709 if (!sk) 710 return -ENOMEM; 711 712 iso_sock_init(sk, NULL); 713 return 0; 714 } 715 716 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 717 int addr_len) 718 { 719 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 720 struct sock *sk = sock->sk; 721 int i; 722 723 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 724 sa->iso_bc->bc_num_bis); 725 726 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 727 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 728 return -EINVAL; 729 730 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 731 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 732 iso_pi(sk)->sync_handle = -1; 733 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 734 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 735 736 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 737 if (sa->iso_bc->bc_bis[i] < 0x01 || 738 sa->iso_bc->bc_bis[i] > 0x1f) 739 return -EINVAL; 740 741 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 742 iso_pi(sk)->bc_num_bis); 743 } 744 745 return 0; 746 } 747 748 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 749 int addr_len) 750 { 751 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 752 struct sock *sk = sock->sk; 753 int err = 0; 754 755 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 756 757 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 758 addr->sa_family != AF_BLUETOOTH) 759 return -EINVAL; 760 761 lock_sock(sk); 762 763 if (sk->sk_state != BT_OPEN) { 764 err = -EBADFD; 765 goto done; 766 } 767 768 if (sk->sk_type != SOCK_SEQPACKET) { 769 err = -EINVAL; 770 goto done; 771 } 772 773 /* Check if the address type is of LE type */ 774 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 775 err = -EINVAL; 776 goto done; 777 } 778 779 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 780 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 781 782 /* Check for Broadcast address */ 783 if (addr_len > sizeof(*sa)) { 784 err = iso_sock_bind_bc(sock, addr, addr_len); 785 if (err) 786 goto done; 787 } 788 789 sk->sk_state = BT_BOUND; 790 791 done: 792 release_sock(sk); 793 return err; 794 } 795 796 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 797 int alen, int flags) 798 { 799 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 800 struct sock *sk = sock->sk; 801 int err; 802 803 BT_DBG("sk %p", sk); 804 805 if (alen < sizeof(struct sockaddr_iso) || 806 addr->sa_family != AF_BLUETOOTH) 807 return -EINVAL; 808 809 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 810 return -EBADFD; 811 812 if (sk->sk_type != SOCK_SEQPACKET) 813 return -EINVAL; 814 815 /* Check if the address type is of LE type */ 816 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 817 return -EINVAL; 818 819 lock_sock(sk); 820 821 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 822 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 823 824 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 825 err = iso_connect_cis(sk); 826 else 827 err = iso_connect_bis(sk); 828 829 if (err) 830 goto done; 831 832 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 833 err = bt_sock_wait_state(sk, BT_CONNECTED, 834 sock_sndtimeo(sk, flags & O_NONBLOCK)); 835 } 836 837 done: 838 release_sock(sk); 839 return err; 840 } 841 842 static int iso_listen_bis(struct sock *sk) 843 { 844 struct hci_dev *hdev; 845 int err = 0; 846 847 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 848 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 849 850 write_lock(&iso_sk_list.lock); 851 852 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 853 iso_pi(sk)->bc_sid)) 854 err = -EADDRINUSE; 855 856 write_unlock(&iso_sk_list.lock); 857 858 if (err) 859 return err; 860 861 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 862 iso_pi(sk)->src_type); 863 if (!hdev) 864 return -EHOSTUNREACH; 865 866 hci_dev_lock(hdev); 867 868 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 869 iso_pi(sk)->bc_sid); 870 871 hci_dev_unlock(hdev); 872 873 return err; 874 } 875 876 static int iso_listen_cis(struct sock *sk) 877 { 878 int err = 0; 879 880 BT_DBG("%pMR", &iso_pi(sk)->src); 881 882 write_lock(&iso_sk_list.lock); 883 884 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 885 err = -EADDRINUSE; 886 887 write_unlock(&iso_sk_list.lock); 888 889 return err; 890 } 891 892 static int iso_sock_listen(struct socket *sock, int backlog) 893 { 894 struct sock *sk = sock->sk; 895 int err = 0; 896 897 BT_DBG("sk %p backlog %d", sk, backlog); 898 899 lock_sock(sk); 900 901 if (sk->sk_state != BT_BOUND) { 902 err = -EBADFD; 903 goto done; 904 } 905 906 if (sk->sk_type != SOCK_SEQPACKET) { 907 err = -EINVAL; 908 goto done; 909 } 910 911 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 912 err = iso_listen_cis(sk); 913 else 914 err = iso_listen_bis(sk); 915 916 if (err) 917 goto done; 918 919 sk->sk_max_ack_backlog = backlog; 920 sk->sk_ack_backlog = 0; 921 922 sk->sk_state = BT_LISTEN; 923 924 done: 925 release_sock(sk); 926 return err; 927 } 928 929 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 930 int flags, bool kern) 931 { 932 DEFINE_WAIT_FUNC(wait, woken_wake_function); 933 struct sock *sk = sock->sk, *ch; 934 long timeo; 935 int err = 0; 936 937 lock_sock(sk); 938 939 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 940 941 BT_DBG("sk %p timeo %ld", sk, timeo); 942 943 /* Wait for an incoming connection. (wake-one). */ 944 add_wait_queue_exclusive(sk_sleep(sk), &wait); 945 while (1) { 946 if (sk->sk_state != BT_LISTEN) { 947 err = -EBADFD; 948 break; 949 } 950 951 ch = bt_accept_dequeue(sk, newsock); 952 if (ch) 953 break; 954 955 if (!timeo) { 956 err = -EAGAIN; 957 break; 958 } 959 960 if (signal_pending(current)) { 961 err = sock_intr_errno(timeo); 962 break; 963 } 964 965 release_sock(sk); 966 967 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 968 lock_sock(sk); 969 } 970 remove_wait_queue(sk_sleep(sk), &wait); 971 972 if (err) 973 goto done; 974 975 newsock->state = SS_CONNECTED; 976 977 BT_DBG("new socket %p", ch); 978 979 done: 980 release_sock(sk); 981 return err; 982 } 983 984 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 985 int peer) 986 { 987 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 988 struct sock *sk = sock->sk; 989 990 BT_DBG("sock %p, sk %p", sock, sk); 991 992 addr->sa_family = AF_BLUETOOTH; 993 994 if (peer) { 995 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 996 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 997 } else { 998 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 999 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1000 } 1001 1002 return sizeof(struct sockaddr_iso); 1003 } 1004 1005 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1006 size_t len) 1007 { 1008 struct sock *sk = sock->sk; 1009 struct iso_conn *conn = iso_pi(sk)->conn; 1010 struct sk_buff *skb, **frag; 1011 int err; 1012 1013 BT_DBG("sock %p, sk %p", sock, sk); 1014 1015 err = sock_error(sk); 1016 if (err) 1017 return err; 1018 1019 if (msg->msg_flags & MSG_OOB) 1020 return -EOPNOTSUPP; 1021 1022 if (sk->sk_state != BT_CONNECTED) 1023 return -ENOTCONN; 1024 1025 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1026 HCI_ISO_DATA_HDR_SIZE, 0); 1027 if (IS_ERR(skb)) 1028 return PTR_ERR(skb); 1029 1030 len -= skb->len; 1031 1032 BT_DBG("skb %p len %d", sk, skb->len); 1033 1034 /* Continuation fragments */ 1035 frag = &skb_shinfo(skb)->frag_list; 1036 while (len) { 1037 struct sk_buff *tmp; 1038 1039 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1040 0, 0); 1041 if (IS_ERR(tmp)) { 1042 kfree_skb(skb); 1043 return PTR_ERR(tmp); 1044 } 1045 1046 *frag = tmp; 1047 1048 len -= tmp->len; 1049 1050 skb->len += tmp->len; 1051 skb->data_len += tmp->len; 1052 1053 BT_DBG("frag %p len %d", *frag, tmp->len); 1054 1055 frag = &(*frag)->next; 1056 } 1057 1058 lock_sock(sk); 1059 1060 if (sk->sk_state == BT_CONNECTED) 1061 err = iso_send_frame(sk, skb); 1062 else 1063 err = -ENOTCONN; 1064 1065 release_sock(sk); 1066 1067 if (err < 0) 1068 kfree_skb(skb); 1069 return err; 1070 } 1071 1072 static void iso_conn_defer_accept(struct hci_conn *conn) 1073 { 1074 struct hci_cp_le_accept_cis cp; 1075 struct hci_dev *hdev = conn->hdev; 1076 1077 BT_DBG("conn %p", conn); 1078 1079 conn->state = BT_CONFIG; 1080 1081 cp.handle = cpu_to_le16(conn->handle); 1082 1083 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1084 } 1085 1086 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1087 size_t len, int flags) 1088 { 1089 struct sock *sk = sock->sk; 1090 struct iso_pinfo *pi = iso_pi(sk); 1091 int err; 1092 1093 BT_DBG("sk %p", sk); 1094 1095 lock_sock(sk); 1096 1097 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1098 switch (sk->sk_state) { 1099 case BT_CONNECT2: 1100 iso_conn_defer_accept(pi->conn->hcon); 1101 sk->sk_state = BT_CONFIG; 1102 release_sock(sk); 1103 return 0; 1104 case BT_CONNECT: 1105 err = iso_connect_cis(sk); 1106 release_sock(sk); 1107 return err; 1108 } 1109 } 1110 1111 release_sock(sk); 1112 1113 return bt_sock_recvmsg(sock, msg, len, flags); 1114 } 1115 1116 static bool check_io_qos(struct bt_iso_io_qos *qos) 1117 { 1118 /* If no PHY is enable SDU must be 0 */ 1119 if (!qos->phy && qos->sdu) 1120 return false; 1121 1122 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1123 return false; 1124 1125 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1126 return false; 1127 1128 if (qos->phy > BT_ISO_PHY_ANY) 1129 return false; 1130 1131 return true; 1132 } 1133 1134 static bool check_qos(struct bt_iso_qos *qos) 1135 { 1136 if (qos->sca > 0x07) 1137 return false; 1138 1139 if (qos->packing > 0x01) 1140 return false; 1141 1142 if (qos->framing > 0x01) 1143 return false; 1144 1145 if (!check_io_qos(&qos->in)) 1146 return false; 1147 1148 if (!check_io_qos(&qos->out)) 1149 return false; 1150 1151 return true; 1152 } 1153 1154 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1155 sockptr_t optval, unsigned int optlen) 1156 { 1157 struct sock *sk = sock->sk; 1158 int len, err = 0; 1159 struct bt_iso_qos qos; 1160 u32 opt; 1161 1162 BT_DBG("sk %p", sk); 1163 1164 lock_sock(sk); 1165 1166 switch (optname) { 1167 case BT_DEFER_SETUP: 1168 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1169 err = -EINVAL; 1170 break; 1171 } 1172 1173 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1174 err = -EFAULT; 1175 break; 1176 } 1177 1178 if (opt) 1179 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1180 else 1181 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1182 break; 1183 1184 case BT_ISO_QOS: 1185 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1186 sk->sk_state != BT_CONNECT2) { 1187 err = -EINVAL; 1188 break; 1189 } 1190 1191 len = min_t(unsigned int, sizeof(qos), optlen); 1192 if (len != sizeof(qos)) { 1193 err = -EINVAL; 1194 break; 1195 } 1196 1197 memset(&qos, 0, sizeof(qos)); 1198 1199 if (copy_from_sockptr(&qos, optval, len)) { 1200 err = -EFAULT; 1201 break; 1202 } 1203 1204 if (!check_qos(&qos)) { 1205 err = -EINVAL; 1206 break; 1207 } 1208 1209 iso_pi(sk)->qos = qos; 1210 1211 break; 1212 1213 case BT_ISO_BASE: 1214 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1215 sk->sk_state != BT_CONNECT2) { 1216 err = -EINVAL; 1217 break; 1218 } 1219 1220 if (optlen > sizeof(iso_pi(sk)->base)) { 1221 err = -EOVERFLOW; 1222 break; 1223 } 1224 1225 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1226 1227 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1228 err = -EFAULT; 1229 break; 1230 } 1231 1232 iso_pi(sk)->base_len = len; 1233 1234 break; 1235 1236 default: 1237 err = -ENOPROTOOPT; 1238 break; 1239 } 1240 1241 release_sock(sk); 1242 return err; 1243 } 1244 1245 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1246 char __user *optval, int __user *optlen) 1247 { 1248 struct sock *sk = sock->sk; 1249 int len, err = 0; 1250 struct bt_iso_qos *qos; 1251 u8 base_len; 1252 u8 *base; 1253 1254 BT_DBG("sk %p", sk); 1255 1256 if (get_user(len, optlen)) 1257 return -EFAULT; 1258 1259 lock_sock(sk); 1260 1261 switch (optname) { 1262 case BT_DEFER_SETUP: 1263 if (sk->sk_state == BT_CONNECTED) { 1264 err = -EINVAL; 1265 break; 1266 } 1267 1268 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1269 (u32 __user *)optval)) 1270 err = -EFAULT; 1271 1272 break; 1273 1274 case BT_ISO_QOS: 1275 qos = iso_sock_get_qos(sk); 1276 1277 len = min_t(unsigned int, len, sizeof(*qos)); 1278 if (copy_to_user(optval, qos, len)) 1279 err = -EFAULT; 1280 1281 break; 1282 1283 case BT_ISO_BASE: 1284 if (sk->sk_state == BT_CONNECTED) { 1285 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1286 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1287 } else { 1288 base_len = iso_pi(sk)->base_len; 1289 base = iso_pi(sk)->base; 1290 } 1291 1292 len = min_t(unsigned int, len, base_len); 1293 if (copy_to_user(optval, base, len)) 1294 err = -EFAULT; 1295 1296 break; 1297 1298 default: 1299 err = -ENOPROTOOPT; 1300 break; 1301 } 1302 1303 release_sock(sk); 1304 return err; 1305 } 1306 1307 static int iso_sock_shutdown(struct socket *sock, int how) 1308 { 1309 struct sock *sk = sock->sk; 1310 int err = 0; 1311 1312 BT_DBG("sock %p, sk %p", sock, sk); 1313 1314 if (!sk) 1315 return 0; 1316 1317 sock_hold(sk); 1318 lock_sock(sk); 1319 1320 if (!sk->sk_shutdown) { 1321 sk->sk_shutdown = SHUTDOWN_MASK; 1322 iso_sock_clear_timer(sk); 1323 __iso_sock_close(sk); 1324 1325 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1326 !(current->flags & PF_EXITING)) 1327 err = bt_sock_wait_state(sk, BT_CLOSED, 1328 sk->sk_lingertime); 1329 } 1330 1331 release_sock(sk); 1332 sock_put(sk); 1333 1334 return err; 1335 } 1336 1337 static int iso_sock_release(struct socket *sock) 1338 { 1339 struct sock *sk = sock->sk; 1340 int err = 0; 1341 1342 BT_DBG("sock %p, sk %p", sock, sk); 1343 1344 if (!sk) 1345 return 0; 1346 1347 iso_sock_close(sk); 1348 1349 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1350 !(current->flags & PF_EXITING)) { 1351 lock_sock(sk); 1352 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1353 release_sock(sk); 1354 } 1355 1356 sock_orphan(sk); 1357 iso_sock_kill(sk); 1358 return err; 1359 } 1360 1361 static void iso_sock_ready(struct sock *sk) 1362 { 1363 BT_DBG("sk %p", sk); 1364 1365 if (!sk) 1366 return; 1367 1368 lock_sock(sk); 1369 iso_sock_clear_timer(sk); 1370 sk->sk_state = BT_CONNECTED; 1371 sk->sk_state_change(sk); 1372 release_sock(sk); 1373 } 1374 1375 struct iso_list_data { 1376 struct hci_conn *hcon; 1377 int count; 1378 }; 1379 1380 static bool iso_match_big(struct sock *sk, void *data) 1381 { 1382 struct hci_evt_le_big_sync_estabilished *ev = data; 1383 1384 return ev->handle == iso_pi(sk)->qos.big; 1385 } 1386 1387 static void iso_conn_ready(struct iso_conn *conn) 1388 { 1389 struct sock *parent; 1390 struct sock *sk = conn->sk; 1391 struct hci_ev_le_big_sync_estabilished *ev; 1392 1393 BT_DBG("conn %p", conn); 1394 1395 if (sk) { 1396 iso_sock_ready(conn->sk); 1397 } else { 1398 iso_conn_lock(conn); 1399 1400 if (!conn->hcon) { 1401 iso_conn_unlock(conn); 1402 return; 1403 } 1404 1405 ev = hci_recv_event_data(conn->hcon->hdev, 1406 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1407 if (ev) 1408 parent = iso_get_sock_listen(&conn->hcon->src, 1409 &conn->hcon->dst, 1410 iso_match_big, ev); 1411 else 1412 parent = iso_get_sock_listen(&conn->hcon->src, 1413 BDADDR_ANY, NULL, NULL); 1414 1415 if (!parent) { 1416 iso_conn_unlock(conn); 1417 return; 1418 } 1419 1420 lock_sock(parent); 1421 1422 sk = iso_sock_alloc(sock_net(parent), NULL, 1423 BTPROTO_ISO, GFP_ATOMIC, 0); 1424 if (!sk) { 1425 release_sock(parent); 1426 iso_conn_unlock(conn); 1427 return; 1428 } 1429 1430 iso_sock_init(sk, parent); 1431 1432 bacpy(&iso_pi(sk)->src, &conn->hcon->src); 1433 iso_pi(sk)->src_type = conn->hcon->src_type; 1434 1435 /* If hcon has no destination address (BDADDR_ANY) it means it 1436 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1437 * initialize using the parent socket destination address. 1438 */ 1439 if (!bacmp(&conn->hcon->dst, BDADDR_ANY)) { 1440 bacpy(&conn->hcon->dst, &iso_pi(parent)->dst); 1441 conn->hcon->dst_type = iso_pi(parent)->dst_type; 1442 conn->hcon->sync_handle = iso_pi(parent)->sync_handle; 1443 } 1444 1445 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst); 1446 iso_pi(sk)->dst_type = conn->hcon->dst_type; 1447 1448 hci_conn_hold(conn->hcon); 1449 __iso_chan_add(conn, sk, parent); 1450 1451 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1452 sk->sk_state = BT_CONNECT2; 1453 else 1454 sk->sk_state = BT_CONNECTED; 1455 1456 /* Wake up parent */ 1457 parent->sk_data_ready(parent); 1458 1459 release_sock(parent); 1460 1461 iso_conn_unlock(conn); 1462 } 1463 } 1464 1465 static bool iso_match_sid(struct sock *sk, void *data) 1466 { 1467 struct hci_ev_le_pa_sync_established *ev = data; 1468 1469 return ev->sid == iso_pi(sk)->bc_sid; 1470 } 1471 1472 static bool iso_match_sync_handle(struct sock *sk, void *data) 1473 { 1474 struct hci_evt_le_big_info_adv_report *ev = data; 1475 1476 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1477 } 1478 1479 /* ----- ISO interface with lower layer (HCI) ----- */ 1480 1481 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1482 { 1483 struct hci_ev_le_pa_sync_established *ev1; 1484 struct hci_evt_le_big_info_adv_report *ev2; 1485 struct sock *sk; 1486 int lm = 0; 1487 1488 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1489 1490 /* Broadcast receiver requires handling of some events before it can 1491 * proceed to establishing a BIG sync: 1492 * 1493 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1494 * SID to listen to and once sync is estabilished its handle needs to 1495 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1496 * receiving the BIG Info. 1497 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1498 * a BIG Info it attempts to check if there any listening socket with 1499 * the same sync_handle and if it does then attempt to create a sync. 1500 */ 1501 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1502 if (ev1) { 1503 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1504 ev1); 1505 if (sk) 1506 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1507 1508 goto done; 1509 } 1510 1511 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1512 if (ev2) { 1513 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1514 iso_match_sync_handle, ev2); 1515 if (sk) { 1516 int err; 1517 1518 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1519 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1520 1521 err = hci_le_big_create_sync(hdev, 1522 &iso_pi(sk)->qos, 1523 iso_pi(sk)->sync_handle, 1524 iso_pi(sk)->bc_num_bis, 1525 iso_pi(sk)->bc_bis); 1526 if (err) { 1527 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1528 err); 1529 sk = NULL; 1530 } 1531 } 1532 } else { 1533 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1534 } 1535 1536 done: 1537 if (!sk) 1538 return lm; 1539 1540 lm |= HCI_LM_ACCEPT; 1541 1542 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1543 *flags |= HCI_PROTO_DEFER; 1544 1545 return lm; 1546 } 1547 1548 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1549 { 1550 if (hcon->type != ISO_LINK) { 1551 if (hcon->type != LE_LINK) 1552 return; 1553 1554 /* Check if LE link has failed */ 1555 if (status) { 1556 if (hcon->link) 1557 iso_conn_del(hcon->link, bt_to_errno(status)); 1558 return; 1559 } 1560 1561 /* Create CIS if pending */ 1562 hci_le_create_cis(hcon); 1563 return; 1564 } 1565 1566 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1567 1568 if (!status) { 1569 struct iso_conn *conn; 1570 1571 conn = iso_conn_add(hcon); 1572 if (conn) 1573 iso_conn_ready(conn); 1574 } else { 1575 iso_conn_del(hcon, bt_to_errno(status)); 1576 } 1577 } 1578 1579 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1580 { 1581 if (hcon->type != ISO_LINK) 1582 return; 1583 1584 BT_DBG("hcon %p reason %d", hcon, reason); 1585 1586 iso_conn_del(hcon, bt_to_errno(reason)); 1587 } 1588 1589 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1590 { 1591 struct iso_conn *conn = hcon->iso_data; 1592 struct hci_iso_data_hdr *hdr; 1593 __u16 pb, ts, len; 1594 1595 if (!conn) 1596 goto drop; 1597 1598 pb = hci_iso_flags_pb(flags); 1599 ts = hci_iso_flags_ts(flags); 1600 1601 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1602 1603 switch (pb) { 1604 case ISO_START: 1605 case ISO_SINGLE: 1606 if (conn->rx_len) { 1607 BT_ERR("Unexpected start frame (len %d)", skb->len); 1608 kfree_skb(conn->rx_skb); 1609 conn->rx_skb = NULL; 1610 conn->rx_len = 0; 1611 } 1612 1613 if (ts) { 1614 /* TODO: add timestamp to the packet? */ 1615 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1616 if (!hdr) { 1617 BT_ERR("Frame is too short (len %d)", skb->len); 1618 goto drop; 1619 } 1620 1621 } else { 1622 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1623 if (!hdr) { 1624 BT_ERR("Frame is too short (len %d)", skb->len); 1625 goto drop; 1626 } 1627 } 1628 1629 len = __le16_to_cpu(hdr->slen); 1630 flags = hci_iso_data_flags(len); 1631 len = hci_iso_data_len(len); 1632 1633 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1634 skb->len, flags); 1635 1636 if (len == skb->len) { 1637 /* Complete frame received */ 1638 iso_recv_frame(conn, skb); 1639 return; 1640 } 1641 1642 if (pb == ISO_SINGLE) { 1643 BT_ERR("Frame malformed (len %d, expected len %d)", 1644 skb->len, len); 1645 goto drop; 1646 } 1647 1648 if (skb->len > len) { 1649 BT_ERR("Frame is too long (len %d, expected len %d)", 1650 skb->len, len); 1651 goto drop; 1652 } 1653 1654 /* Allocate skb for the complete frame (with header) */ 1655 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1656 if (!conn->rx_skb) 1657 goto drop; 1658 1659 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1660 skb->len); 1661 conn->rx_len = len - skb->len; 1662 break; 1663 1664 case ISO_CONT: 1665 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1666 conn->rx_len); 1667 1668 if (!conn->rx_len) { 1669 BT_ERR("Unexpected continuation frame (len %d)", 1670 skb->len); 1671 goto drop; 1672 } 1673 1674 if (skb->len > conn->rx_len) { 1675 BT_ERR("Fragment is too long (len %d, expected %d)", 1676 skb->len, conn->rx_len); 1677 kfree_skb(conn->rx_skb); 1678 conn->rx_skb = NULL; 1679 conn->rx_len = 0; 1680 goto drop; 1681 } 1682 1683 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1684 skb->len); 1685 conn->rx_len -= skb->len; 1686 return; 1687 1688 case ISO_END: 1689 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1690 skb->len); 1691 conn->rx_len -= skb->len; 1692 1693 if (!conn->rx_len) { 1694 struct sk_buff *rx_skb = conn->rx_skb; 1695 1696 /* Complete frame received. iso_recv_frame 1697 * takes ownership of the skb so set the global 1698 * rx_skb pointer to NULL first. 1699 */ 1700 conn->rx_skb = NULL; 1701 iso_recv_frame(conn, rx_skb); 1702 } 1703 break; 1704 } 1705 1706 drop: 1707 kfree_skb(skb); 1708 } 1709 1710 static struct hci_cb iso_cb = { 1711 .name = "ISO", 1712 .connect_cfm = iso_connect_cfm, 1713 .disconn_cfm = iso_disconn_cfm, 1714 }; 1715 1716 static int iso_debugfs_show(struct seq_file *f, void *p) 1717 { 1718 struct sock *sk; 1719 1720 read_lock(&iso_sk_list.lock); 1721 1722 sk_for_each(sk, &iso_sk_list.head) { 1723 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1724 &iso_pi(sk)->dst, sk->sk_state); 1725 } 1726 1727 read_unlock(&iso_sk_list.lock); 1728 1729 return 0; 1730 } 1731 1732 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1733 1734 static struct dentry *iso_debugfs; 1735 1736 static const struct proto_ops iso_sock_ops = { 1737 .family = PF_BLUETOOTH, 1738 .owner = THIS_MODULE, 1739 .release = iso_sock_release, 1740 .bind = iso_sock_bind, 1741 .connect = iso_sock_connect, 1742 .listen = iso_sock_listen, 1743 .accept = iso_sock_accept, 1744 .getname = iso_sock_getname, 1745 .sendmsg = iso_sock_sendmsg, 1746 .recvmsg = iso_sock_recvmsg, 1747 .poll = bt_sock_poll, 1748 .ioctl = bt_sock_ioctl, 1749 .mmap = sock_no_mmap, 1750 .socketpair = sock_no_socketpair, 1751 .shutdown = iso_sock_shutdown, 1752 .setsockopt = iso_sock_setsockopt, 1753 .getsockopt = iso_sock_getsockopt 1754 }; 1755 1756 static const struct net_proto_family iso_sock_family_ops = { 1757 .family = PF_BLUETOOTH, 1758 .owner = THIS_MODULE, 1759 .create = iso_sock_create, 1760 }; 1761 1762 static bool iso_inited; 1763 1764 bool iso_enabled(void) 1765 { 1766 return iso_inited; 1767 } 1768 1769 int iso_init(void) 1770 { 1771 int err; 1772 1773 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1774 1775 if (iso_inited) 1776 return -EALREADY; 1777 1778 err = proto_register(&iso_proto, 0); 1779 if (err < 0) 1780 return err; 1781 1782 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1783 if (err < 0) { 1784 BT_ERR("ISO socket registration failed"); 1785 goto error; 1786 } 1787 1788 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1789 if (err < 0) { 1790 BT_ERR("Failed to create ISO proc file"); 1791 bt_sock_unregister(BTPROTO_ISO); 1792 goto error; 1793 } 1794 1795 BT_INFO("ISO socket layer initialized"); 1796 1797 hci_register_cb(&iso_cb); 1798 1799 if (IS_ERR_OR_NULL(bt_debugfs)) 1800 return 0; 1801 1802 if (!iso_debugfs) { 1803 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1804 NULL, &iso_debugfs_fops); 1805 } 1806 1807 iso_inited = true; 1808 1809 return 0; 1810 1811 error: 1812 proto_unregister(&iso_proto); 1813 return err; 1814 } 1815 1816 int iso_exit(void) 1817 { 1818 if (!iso_inited) 1819 return -EALREADY; 1820 1821 bt_procfs_cleanup(&init_net, "iso"); 1822 1823 debugfs_remove(iso_debugfs); 1824 iso_debugfs = NULL; 1825 1826 hci_unregister_cb(&iso_cb); 1827 1828 bt_sock_unregister(BTPROTO_ISO); 1829 1830 proto_unregister(&iso_proto); 1831 1832 iso_inited = false; 1833 1834 return 0; 1835 } 1836